Bitcoin Core 0.18.0 Released

[MysteryMiner]

As you note, the windows signatures mean essentially nothing-- anyone can get one and there is no real way to verify them.  You could very likely get one called "Bitcoin Foundation", at most you'd just have to incorporate an entity with that name.  The recommended procedure is to check the GPG signatures and keys, which have been consistently the same since 2013 or so.

So does PGP signatures. In that matter both PGP and Digital signatures in Windows are same. You must verify the signature and make sure it is signed by known trusted key. Windows is more complicated in this matter because it have trusted root CAs but the final certificate in chain of "trust" still have the hash that can be compared, it is only hidden few clicks deep. TrueCrypt managed this very good back in its days. I think Bitcoin must do the same and stick with one root CA and one signing entity that is well established and known.

Windows signed executables only stops Windows shouting "UNSAFE!" at you.

The only reason is to make inexperienced people feel comfortable, the Windows system is broken, as you already know.

Wrong. Signatures are mandatory only for kernel-mode drivers. The warning when launching executables coming from internet is dependent on NTFS alternate streams feature to indicate it come from network and all it does is check presence, absence or validity of digital signature and display warning screen that is ignored by most users anyway.

And no, Windows is not nearly as broken as majority of computer users are.

I verify any software by all means possible before proceeding. The Digital signatures tab is not very important, but the change of signers raised some alarm to me.

[1713918848]

1713918848

[1713918848]

1713918848

[1713918848]

1713918848

[Carlton Banks]

As you note, the windows signatures mean essentially nothing-- anyone can get one and there is no real way to verify them.  You could very likely get one called "Bitcoin Foundation", at most you'd just have to incorporate an entity with that name.  The recommended procedure is to check the GPG signatures and keys, which have been consistently the same since 2013 or so.

So does PGP signatures. In that matter both PGP and Digital signatures in Windows are same. You must verify the signature and make sure it is signed by known trusted key.

kind of agree, trusting the Bitcoin Foundation people was a bad move in retrospect. But the Bitcoin developers are doing it themselves now anyway, it's not obvious what you're asking for that would actually improve anything. Unless you want to actually time-travel back to 2014 to undo the decision to let Bitcoin Foundation handle the signing keys?

Windows signed executables only stops Windows shouting "UNSAFE!" at you.

The only reason is to make inexperienced people feel comfortable, the Windows system is broken, as you already know.

Wrong. Signatures are mandatory only for kernel-mode drivers. The warning when launching executables coming from internet is dependent on NTFS alternate streams feature to indicate it come from network and all it does is check presence, absence or validity of digital signature and display warning screen that is ignored by most users anyway.

1. I didn't mention whether signatures are mandatory for installing, just that Windows warns about unsigned packages
2. Then you said the same thing, that Windows warns about unsigned packages

the change of signers raised some alarm to me.

You're a bit confused about this problem. In fact, very confused.

Everything you're saying suggests you undertand exactly what's happened, and what matters, and why. But you're still saying that the parts that don't matter are a problem? If you want two things that are mutually irreconcilable, it's impossible to be satisfied. You're going to be frustrated, and it will never end. Good luck.

[MysteryMiner]

I am not that involved in bitcoin community anymore since bitcointalk is teaming full of noobs, libturds, speculative traders and incomprehensible millenials from India. I did not notice that Bitcoin Foundation had some trouble. I stopped dealing attention since Mt.Gox goatsed their users, and I lost my 2 US cents, 10 eurocents and 0.01 BTC

Maybe publish somewhere info not only about PGP signatures but Digital sigantures as well, including certifikate fingerprint and root and intermediate authorities? TrueCrypt did that and it worked well, Bitcoin devs also should do the same. This could have saved me some time when upgrading Bitcoin, since everything checked out on my imaginary "Legit" checklist, except for windows siganture.

[hayteehem]

Can someone please explain this to me

[Last of the V8s]

Can someone please explain this to me

Start here https://twitter.com/lopp/status/932350908461133825
Any questions? Ask here https://bitcointalk.org/index.php?board=39.0

[Artemis3]

The thing with systemd is not simply "learning" things, but the fact that its so buggy and bloated and the main developer doesn't really care.

most Ubuntu or Mint users aren't going to notice the kinds of bugs it has, and they're equally unlikely to appreciate the poor design philosophy behind systemd

In fact I'm avoiding all his projects (don't need any of them), he tends to keep that same mindset in all his works.

sure, but convincing people to ditch systemd for OpenRC is one thing, getting them to configure jack audio and eudev is just more on top, it may be all too much for some people. Building up the ecosystem around well designed alternatives to invasive Red Hat products is important to keep Linux going in the direction of good quality software engineering.

Corporate software is basically attacking Linux with these bad quality system components (and in other ways too, arguably), so sure, start with yourself. But we really have to make the most convincing case to ditch this crappy stuff to those who otherwise wouldn't care.

Oh, everyone is free to choose, i'm all in for defending this freedom of choice.

To me dumping pulseaudio was very simple: Just make a decent asoundrc (either user or systemwide). Alsa can do its own software mixing for output AND input, it can even do fancier stuff such as a global equalizer or you can make virtual devices with your favorite LADSPA plugins.

Code:

pcm.!default {
    type asym
    playback.pcm "plug:dmix"
    capture.pcm "plug:dsnoop"
    hint {
        show on
        description "Default ALSA"
    }
}

Pulseaudio like systemd does have some interesting features, but they are rarely needed for most users (such as a network audio device). Indeed most audio professionals stick with jackd, but honestly alsa itself will do for most needs. One glaring exception is bluetooth compression codecs, luckily i don't even use bluetooth.

Avahi i have never used in my life, and the systemd talk has been already made. I think he is now involved in a fourth project but i forgot about it.

I'm on Artix and eudev is in use, the distro maintainers (all two of them) did all the work for me . There are various DAW oriented distros that include jackd, and iirc they even ditch pulseaudio in the debian/ubuntu based ones. Artix does come with pulseaudio but i quickly got rid of it. There is apulse for the rare program demanding it (Skype?).

But we really have to make the most convincing case to ditch this crappy stuff to those who otherwise wouldn't care.

I guess the simplest way is:


Bad:

• Fedora
• Centos
• Ubuntu
• Mint

Good:

• Devuan
• um, Gentoo

trouble is there aren't many non-systemd Linux distros, and Devuan is probably gonna be the most user friendly of them all (Gentoo isn't really user friendly). There must be some more I didn't mention

Actually, its much simpler, just visit Distrowatch and do this custom search. 81 results and counting...

[pooya87]

Use SHA-2 and PGP to check the authenticity of Bitcoin releases, that method comes with at least some guarantees (using the fingerprint to id the PGP key is possibly not reliable any more though, there should be a t-shirt with the Wladimir van der Laan PGP public key + expiry date printed all over it IMO, or at least till PGP updates their standard for fingerprinting public keys)

there is no need for an upgrade to PGP standard as long as SHA-1 hashes that are used for PGP fingerprints is strong (2^160) against second preimage attacks (not to be confused with collision which SHA-1 is no longer strong against). so as long as the long form of the hashes (the whole 20 bytes) is used, everything is safe.

[gmaxwell]

Please do not quote the entire gigantic OP just to write "When LN?"

[jnano]

As far as I can see there are no write caching improvements in this version. Is there anything being worked on or planned?

The last change was #11658, which was only a minor upgrade.

[Lauda]

As far as I can see there are no write caching improvements in this version. Is there anything being worked on or planned?

The last change was #11658, which was only a minor upgrade.

What exactly makes you think that there is room for easy improvement in that area? More important things are underway anyway.

[jnano]

More important that's related to this?

I don't know if the details are easy, but the high-level concept is simple: allow to cache whole chainstate in memory, flush lazily.

[Lauda]

More important that's related to this?
I don't know if the details are easy, but the high-level concept is simple: allow to cache whole chainstate in memory, flush lazily.

We already have better caching than anything you will think of. Increase dbcache to whatever you can afford.

[jnano]

dbcache doesn't help, possibly because pruned mode adds flushing (maybe also other things in play). A previous discussion here.

This may not be so much of an issue on SSDs, but on HDDs, the current roundabout solution for long IBD syncs is to use a RAM drive, effectively doing the caching externally.

[Lauda]

dbcache doesn't help, possibly because pruned mode adds flushing (maybe also other things in play). A previous discussion here.

This may not be so much of an issue on SSDs, but on HDDs, the current roundabout solution for long IBD syncs is to use a RAM drive, effectively doing the caching externally.

Stop using HDDs, problem solved and no dev-time gets wasted.

[jnano]

If you want to continue, I've replied here, to keep it concentrated under a dedicated thread.

[stevrev]

what is the purpose of Bitcoin Core?

[Carlton Banks]

what is the purpose of Bitcoin Core?

it's software.

• Bitcoin is a network
• BTC currency is sent between nodes on the Bitcoin network
• Bitcoin Core is the software that lets your computer get onto the Bitcoin network (to send and receive Bitcoin/BTC)

[bL4nkcode]

what is the purpose of Bitcoin Core?

Except that you're running the most secured BTC wallet, the main purpose is to support the whole bitcoin network when running them and keeping them updated (blocks) on someone's device.

[Lauda]

what is the purpose of Bitcoin Core?

Except that you're running the most secured BTC wallet, the main purpose is to support the whole bitcoin network when running them and keeping them updated (blocks) on someone's device.

It's the reference implementation even though many try to avoid that label.

[Amph]

something wrong, i can't connect anymore, after i closed bitcoin core, it remain at 13 days behind...