|
niko
|
 |
February 20, 2013, 08:55:33 PM |
|
Bitcoin 0.8 is signed by the Foundation.
If you run a node via Tor then nobody can connect to it, so no, it doesn't help. We need nodes on the regular internet for this, sorry.
then they ought to put their PGP signature on the bitcoin.org download site. It is not signed via PGP. The signature is CA based. so how does that work? Like any signed code - but I can only speak about Windows. When you try executing the code, the UAC prompt will provide the information about the signature, and offer details where you can check the certificate and certification path. Alternatively, right-click on downloaded file and check signature/certificate from the Properties dialogue. |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
jim618
Legendary
 Offline
Activity: 1708
Merit: 1066
|
|
February 20, 2013, 09:45:38 PM
Last edit: February 20, 2013, 10:34:05 PM by jim618 |
|
Is there a node that you control or make use of to find 0.8 clients quicker which we can add via "addnode" so you also see our nodes? Or do you just hope that your client will after some days just randomly stumble upon a 0.8 full node because there are so many?
Bitcoinj uses DNS discovery - it initially makes connections to 4 nodes at random. It will then look at the Satoshi version running, the block height the peer says it is at and the peer's ping time to decide which is the best to download from. (The other peers are then used to verify things but it wants the 'best' for downloading). Once V0.8.0 gets to about 15% of nodes then with 4 connections the chance of getting at least one V0.8.0 at random is: 1 - (1 - 0.15)^4 = 48% I think we are planning to wait for 10% of nodes at V0.8.0 before releasing. (If there are two few V0.8.0 nodes they might become too popular and get overloaded by SPV clients wanting to connect to them). |
|
|
|
alexeft
Legendary
Offline
Activity: 854
Merit: 1000
|
|
February 20, 2013, 10:16:44 PM |
|
I got two nodes running on 0.8!
Let's help this thing grow bigger!!!
|
|
|
|
|
|
|
Mike Hearn (OP)
Legendary
Offline
Activity: 1526
Merit: 1129
|
|
February 20, 2013, 11:15:01 PM |
|
I just ran the PeerMonitor app and found a bunch of 0.8 nodes that were in the middle of syncing the chain. That's great! Let's keep it up.
|
|
|
|
|
DannyHamilton
Legendary
 Online
Activity: 3430
Merit: 4660
|
|
February 20, 2013, 11:38:45 PM
Last edit: February 21, 2013, 12:07:30 AM by DannyHamilton |
|
As a benchmark for those who are interested, I installed 0.8.0 on a 5 year old 2.4 GHz Intel Core 2 Duo MacBook Pro with 4 GB 667 MHz DDR2 SDRAM and a NVIDIA GeForce 8600M GT 256 MB graphics processor running Mac OS X Lion 10.7.5. The total synchronization time starting on 2013-02-19 was 22 hours, and the total disk space used is 6.4 GBDisk usage: $ pwd; du -h
~/Library/Application Support/Bitcoin
31M ./blocks/index
6.2G ./blocks
193M ./chainstate
10.0M ./database
6.4G .
|
|
|
|
|
|
camolist
|
|
February 21, 2013, 01:45:56 PM |
|
just brought up a node on a server in the datacenter.
50mbit/sec dedicated that is very very underused
addnode=69.162.139.23
|
|
|
|
HorseRider
Donator
Legendary
Offline
Activity: 1120
Merit: 1001
|
|
February 21, 2013, 01:52:09 PM |
|
And please make a Ubuntu PPA please......
|
16SvwJtQET7mkHZFFbJpgPaDA1Pxtmbm5P
|
|
|
runeks
Legendary
Offline
Activity: 980
Merit: 1008
|
|
February 21, 2013, 07:43:47 PM |
|
Is there an armhf Debian package available for Bitcoin 0.8 (bitcoind)? I wouldn't mind running it on my Raspberry Pi around the clock.
|
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
February 21, 2013, 08:08:24 PM |
|
And please make a Ubuntu PPA please......
+1 |
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
February 21, 2013, 08:16:00 PM |
|
i still don't see the BF's pgp key. |
|
|
|
|
|
niko
|
|
February 21, 2013, 08:35:56 PM |
|
i still don't see the BF's pgp key. Were you able to check the CA signature chain? It's only a few clicks away. |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
February 21, 2013, 09:02:30 PM |
|
i still don't see the BF's pgp key. Were you able to check the CA signature chain? It's only a few clicks away. i did check the CA certificate in properties like you said. it's just i'm more comfortable checking signature files BEFORE i install the client. |
|
|
|
|
|
niko
|
|
February 21, 2013, 10:47:02 PM |
|
i still don't see the BF's pgp key. Were you able to check the CA signature chain? It's only a few clicks away. i did check the CA certificate in properties like you said. it's just i'm more comfortable checking signature files BEFORE i install the client. You should check before you run the installer, of course. An example at hand:  |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
February 21, 2013, 11:06:40 PM |
|
i still don't see the BF's pgp key. Were you able to check the CA signature chain? It's only a few clicks away. i did check the CA certificate in properties like you said. it's just i'm more comfortable checking signature files BEFORE i install the client. You should check before you run the installer, of course. An example at hand: so that's good enough? never checked this way before. thanks. |
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1431
|
|
February 22, 2013, 12:49:42 AM |
|
so that's good enough? never checked this way before.
thanks.
you only need to check if the signature is OK (by clicking "details"). the rest is not needed. |
|
|
|
|
Vernon715
|
|
February 22, 2013, 01:07:33 AM |
|
Is there an armhf Debian package available for Bitcoin 0.8 (bitcoind)? I wouldn't mind running it on my Raspberry Pi around the clock.
+1 |
|
|
|
|
niko
|
|
February 22, 2013, 01:25:05 AM |
|
so that's good enough? never checked this way before.
thanks.
you only need to check if the signature is OK (by clicking "details"). the rest is not needed. Yes. I wanted to illustrate the depth of information available. Anyone handling significant amounts of coins or sensitive data should in fact check the certification path, and look for suspicious changes in signing authorities. Case in point: http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/ |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
February 22, 2013, 03:33:04 AM |
|
so that's good enough? never checked this way before.
thanks.
you only need to check if the signature is OK (by clicking "details"). the rest is not needed. Yes. I wanted to illustrate the depth of information available. Anyone handling significant amounts of coins or sensitive data should in fact check the certification path, and look for suspicious changes in signing authorities. Case in point: http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/i'm a little skeptical about signing certifs after that incident last year where Diginotar got compromised. i mean no one around here has told us how to verify that the CA you pointed out is genuine. i see a few words that say Bitcoin Foundation in the detail and COMODO and someone's email address but how am i supposed to know that this detail is genuine? |
|
|
|
|
|
niko
|
|
February 22, 2013, 06:32:36 AM |
|
so that's good enough? never checked this way before.
thanks.
you only need to check if the signature is OK (by clicking "details"). the rest is not needed. Yes. I wanted to illustrate the depth of information available. Anyone handling significant amounts of coins or sensitive data should in fact check the certification path, and look for suspicious changes in signing authorities. Case in point: http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/i'm a little skeptical about signing certifs after that incident last year where Diginotar got compromised. i mean no one around here has told us how to verify that the CA you pointed out is genuine. i see a few words that say Bitcoin Foundation in the detail and COMODO and someone's email address but how am i supposed to know that this detail is genuine? My unqualified guess is that if you are concerned you should contact the site owner and request (via phone, PGP-authenticated communication channel, or in person) to verify the serial numbers and/or thumbprints for all the certificates in the certification chain. A pain in the ass that I never inflicted upon myself. For the record, windows installer 0.8.0 for me shows certification path USERTrust>Comodo Code Signing CA 2>The Bitcoin Foundation, Inc. (serial no. 00 95 58 31 df b0 68 e1 11 ee 55 2a b6 2c f7 33 62, sha1 digest 8c 94 64 e3 b5 b0 41 89 5b 89 b0 57 cc 74 b9 44 e5 b2 92 66) |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
|
