Bitcoin Forum
December 09, 2016, 03:57:21 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 [187] 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 »
  Print  
Author Topic: Armory - Discussion Thread  (Read 482251 times)
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
May 27, 2014, 04:00:38 PM
 #3721

But nothing would be enabled by default, and it would be very isolated.

I get it, but that is why you need to create a build without a plugin system. Bitcoin is attracting more and more black hats and things like this just give them a playground, the money and motivation is there.

Also please don't say you going to isolate things, that is how a project fails. Sandboxing apps are not secure, chrome's sandboxing has been hacked a couple times and lets not talk about java applets...

By "isolated" I mean that the new channels enabled by the "plugin" system would be isolated.  Any extensions would requiring signing, and virtually no code within Armory would be any different with or without the extension (there would simply be one extra loop that checks the directory for python files and signatures, and then adds a new tab for each one).  Everything to do with it could be disabled by simply deleting the extensions directory or giving it root permissions that prevent reading or writing (then that loop would skipped and Armory would run identically to a version that doesn't have this).

I understand your hesitation, but do keep in mind that I have spent the past 3 years being really careful with Armory's security profile, and I'm not going to recklessly "destroy" it.  I am certainly open to suggestions for improving things like this, but we are very comfortable that this will be airtight as-is (i.e. the overall security profile of the app is the same before and after the change).


@ Ente: 

If you haven't modified anything that you want to keep the changes, just do "git reset --hard", then do a "git fetch", then "git checkout testing" , "git pull origin testing".   Probably have to do a "make" (though that may not actually be necessary if you're already running 0.91.2.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
1481299041
Hero Member
*
Offline Offline

Posts: 1481299041

View Profile Personal Message (Offline)

Ignore
1481299041
Reply with quote  #2

1481299041
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481299041
Hero Member
*
Offline Offline

Posts: 1481299041

View Profile Personal Message (Offline)

Ignore
1481299041
Reply with quote  #2

1481299041
Report to moderator
1481299041
Hero Member
*
Offline Offline

Posts: 1481299041

View Profile Personal Message (Offline)

Ignore
1481299041
Reply with quote  #2

1481299041
Report to moderator
Corelianer
Full Member
***
Offline Offline

Activity: 147



View Profile
May 27, 2014, 04:06:48 PM
 #3722

But nothing would be enabled by default, and it would be very isolated.

I get it, but that is why you need to create a build without a plugin system. Bitcoin is attracting more and more black hats and things like this just give them a playground, the money and motivation is there.

Also please don't say you going to isolate things, that is how a project fails. Sandboxing apps are not secure, chrome's sandboxing has been hacked a couple times and lets not talk about java applets...

By creating two builds you add extra work to the developpers and slow deveopment down. The only rocksolid solution is keeping your coins offline.
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
May 27, 2014, 04:25:33 PM
 #3723

But nothing would be enabled by default, and it would be very isolated.

I get it, but that is why you need to create a build without a plugin system. Bitcoin is attracting more and more black hats and things like this just give them a playground, the money and motivation is there.

Also please don't say you going to isolate things, that is how a project fails. Sandboxing apps are not secure, chrome's sandboxing has been hacked a couple times and lets not talk about java applets...

By "isolated" I mean that the new channels enabled by the "plugin" system would be isolated.  Any extensions would requiring signing, and virtually no code within Armory would be any different with or without the extension (there would simply be one extra loop that checks the directory for python files and signatures, and then adds a new tab for each one).  Everything to do with it could be disabled by simply deleting the extensions directory or giving it root permissions that prevent reading or writing (then that loop would skipped and Armory would run identically to a version that doesn't have this).

I understand your hesitation, but do keep in mind that I have spent the past 3 years being really careful with Armory's security profile, and I'm not going to recklessly "destroy" it.  I am certainly open to suggestions for improving things like this, but we are very comfortable that this will be airtight as-is (i.e. the overall security profile of the app is the same before and after the change).

Apple does the same thing with code signing pretty sure that has been broken since day one.


But nothing would be enabled by default, and it would be very isolated.

I get it, but that is why you need to create a build without a plugin system. Bitcoin is attracting more and more black hats and things like this just give them a playground, the money and motivation is there.

Also please don't say you going to isolate things, that is how a project fails. Sandboxing apps are not secure, chrome's sandboxing has been hacked a couple times and lets not talk about java applets...

By creating two builds you add extra work to the developpers and slow deveopment down. The only rocksolid solution is keeping your coins offline.

How does that slow down development down? They could just have a switch in the make files, that build it without that code. This would also help them keep it separated from the actually armory code.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
Corelianer
Full Member
***
Offline Offline

Activity: 147



View Profile
May 27, 2014, 05:57:32 PM
 #3724

@gweedo

Ok maybe it's not much work to create two builds but an online system has hundrets of vaunerabilities.
You can't deny that only an offline system is secure.

If you have a virus on your computer, a keylogger, or screen-capture software Armory can't do nothing about it.
So there is no point making something extra secure that only a offline computer can provide.

In my oppinion the offline computer (or cold storage, paper backup) should be the "fort knox".
The online computer should add some convinience to manage my funds.

You can not expect a fort knox of your online computer because it has a broadband connection.
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
May 27, 2014, 06:17:35 PM
 #3725

@gweedo

Ok maybe it's not much work to create two builds but an online system has hundrets of vaunerabilities.
You can't deny that only an offline system is secure.

If you have a virus on your computer, a keylogger, or screen-capture software Armory can't do nothing about it.
So there is no point making something extra secure that only a offline computer can provide.

You are completely missing the point, it would open up even more holes, on an already sensitive platform. Everyone to certain degree keeps some money in a hot wallet, but yes most of my funds are offline. Just cause I keep $100 in hot wallet doesn't mean I want it to be stolen, or don't care, it is just worth less to me than my entire holdings. Doesn't mean I don't want it protected. Sandboxed plugins are the not the answer, the answer is if you want that to be insecure then you fork it and add prices and anything else. Not the other way around, security should be first.

Investors always === bottom line, glad to see nothing has changed.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
May 27, 2014, 07:17:21 PM
 #3726

Investors always === bottom line, glad to see nothing has changed.

This has nothing to do with investors.  This is about making Armory usable for a wider array of power users and businesses that would like to use it.  If there's no way to hook their local systems/resources into it, it has limited use to them.  If we felt that there was a compromise of security involved, we'd be looking at other options.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Corelianer
Full Member
***
Offline Offline

Activity: 147



View Profile
May 27, 2014, 08:15:53 PM
 #3727

Investors always === bottom line, glad to see nothing has changed.

This has nothing to do with investors.  This is about making Armory usable for a wider array of power users and businesses that would like to use it.  If there's no way to hook their local systems/resources into it, it has limited use to them.  If we felt that there was a compromise of security involved, we'd be looking at other options.

I agree, it needs some openness to compete with the current systems and other wallet softwares.
Multibit has already an Exchange Rate system but misses the watch only feature. (as far as I know)

@gweedo Ok, lets agree that we have a different opinion about where the jurney goes
SebastianJu
Legendary
*
Offline Offline

Activity: 1624


Free Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
May 27, 2014, 08:51:16 PM
 #3728

I found this line
Code:
#parser.add_option("--bitcoind-path",   dest="bitcoindPath",default='DEFAULT', type="str",          help="Path to the location of bitcoind on your system")
at https://raw.githubusercontent.com/etotheipi/BitcoinArmory/rrld_planB/armoryengine.py is commented out. The same goes for the lines that use that flag
Code:
# Change the settings file to use
#BITCOIND_PATH = None
#if not CLI_OPTIONS.bitcoindPath.lower()=='default':
   #BITCOIND_PATH = CLI_OPTIONS.bitcoindPath
It looks like its meant to change the bitcoind/qt exe path. Im not sure though if it works for bitcoinqt and not only bitcoind but i guess yes.

Can this be made valid again since it looks like the only way to make armory automatically find and start a portable bitcoin-qt-version.

But when i think about it... it doesnt make sense if armory simply starts the bitcoin-qt.exe in the directory one could specify when bitcoinqt is portable. It would mean it would download the blockchain again and create a new directory in roaming-dir.

So either bitcoinqt can be started and is using the directory by some conf-file that specifies where the blockchain is stored or armory needs to use the shortcut to start bitcoinqt with the flag included that specifies the blockchain-dir for bitcoin-qt.

Someone knows a solution?

 

██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
 
Get Free Bitcoin Now!
  ¦¯¦¦¯¦    ¦¯¦¦¯¦    ¦¯¦¦¯¦    ¦¯¦¦¯¦   
0.8%-1% House Edge
[/
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
May 27, 2014, 10:15:03 PM
 #3729

Investors always === bottom line, glad to see nothing has changed.

This has nothing to do with investors.  This is about making Armory usable for a wider array of power users and businesses that would like to use it.  If there's no way to hook their local systems/resources into it, it has limited use to them.  If we felt that there was a compromise of security involved, we'd be looking at other options.

See that is where you are wrong, you say businesses want to tap into armory, but instead you should be saying business want to tap into bitcoin, if armory allows them to access that network the easiest and best way possible then so be it. That is where armoryd should be coming into play for them, not a function client and believe me you will be turning off power users like myself.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
jeffreylin_
Full Member
***
Offline Offline

Activity: 162


★Bitin.io★ - Instant Exchange


View Profile
May 29, 2014, 10:12:46 PM
 #3730

As of this moment, Armory still needs a copy of its own database, right?

Not to be annoying about it -- just checking in.

Tips - No amount too small! 1AuMAQjrRFVhfiSZiGJ96jiTjBN6jEMbLC
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
May 29, 2014, 11:09:33 PM
 #3731

As of this moment, Armory still needs a copy of its own database, right?

Not to be annoying about it -- just checking in.

It does have it's own database. It uses the bitcoind as a router to the bitcoin network.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
doug_armory
Sr. Member
****
Offline Offline

Activity: 255

Senior Developer - Armory


View Profile WWW
May 30, 2014, 01:11:50 AM
 #3732

Is the mac version any more stabler?
Does any one have a link to the latest change logs for the mac version?
I couldn't bear with the hours and hours of rebuilding databases just to get my wallet to work so I moved back to the original Bitcoin client
Hopefully armory has improved since then so I can protect my coins again

When was the last time you used it? v0.91 introduced many stability fixes. There are still some Qt-related issues that need to be resolved but Armory is usable.

Senior Developer -  Armory Technologies, Inc.
bitpop
Legendary
*
Offline Offline

Activity: 1932


https://keybase.io/bitpop


View Profile WWW
May 30, 2014, 01:36:19 AM
 #3733

A nice plugin would be to automatically rebuy from Coinbase

Reputation  |  PGP  |  DigitalOcean  |  OpenVPN 2GB Free  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1722

Let's talk governance, lipstick, and pigs.


View Profile
May 30, 2014, 11:20:11 PM
 #3734

A nice plugin would be to automatically rebuy from Coinbase
There are coinbase trading apps on the site.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
teste
Sr. Member
****
Offline Offline

Activity: 316


View Profile
June 01, 2014, 06:17:50 PM
 #3735

Hi etotheipi,

I think you should implement something like this to fund Armory development: https://multibit.org/blog/2014/04/11/multibit-hd-brit.html

gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
June 01, 2014, 07:51:28 PM
 #3736

Hi etotheipi,

I think you should implement something like this to fund Armory development: https://multibit.org/blog/2014/04/11/multibit-hd-brit.html



No, he has investment money over $600k. No reason and I have donated a lot as well as other people.

Also multibit isn't as high quality so they have force users to do this. Basically a GUI on top of Bitcoinj.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
June 01, 2014, 08:03:02 PM
 #3737

Hi etotheipi,

I think you should implement something like this to fund Armory development: https://multibit.org/blog/2014/04/11/multibit-hd-brit.html



No, he has investment money over $600k. No reason and I have donated a lot as well as other people.

Also multibit isn't as high quality so they have force users to do this. Basically a GUI on top of Bitcoinj.

Kind of.  We got $600k a while age, and we have since hired developers and pay salaries (myself included).  I have always hated asking for free money, though I think we could do well in a crowdfunding campaign.  But even if we raised $250k, it would not be enabling to us as a business (in the long-term).  We will have to focus on other monetization strategies, but not until the core features are finished (new wallets, multi-sig, supernode, etc).  But don't worry, we are planning to keep these core features part of the free, open-source project.  There are ways to monetize a popular open-source project Smiley

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
jeffreylin_
Full Member
***
Offline Offline

Activity: 162


★Bitin.io★ - Instant Exchange


View Profile
June 01, 2014, 10:01:05 PM
 #3738

As of this moment, Armory still needs a copy of its own database, right?

Not to be annoying about it -- just checking in.

It does have it's own database. It uses the bitcoind as a router to the bitcoin network.

No, I mean how bitcoind has a copy of its own databases and Armory then duplicates it.

Tips - No amount too small! 1AuMAQjrRFVhfiSZiGJ96jiTjBN6jEMbLC
teste
Sr. Member
****
Offline Offline

Activity: 316


View Profile
June 01, 2014, 10:11:41 PM
 #3739

Hi,

I imported 2 addresses (did not sweep private keys) on Armory, but I dont see any warning message asking me to create a new backup.

I think armory should advice me to create a new backup.
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
June 01, 2014, 10:15:10 PM
 #3740

Hi,

I imported 2 addresses (did not sweep private keys) on Armory, but I dont see any warning message asking me to create a new backup.

I think armory should advice me to create a new backup.

You've probably done this before and clicked "Do not show this warning again".  Because there is a warning:



In case the image doesn't show up for you, it says:

Quote
           Armory supports importing of external private keys into your
            wallet but imported addresses are not automatically
            protected by your backups.  If you do not plan to use the
            address again, it is recommended that you "Sweep" the private
            key instead of importing it.

            Individual private keys, including imported ones, can be
            backed up using the "Export Key Lists" option in the wallet
            backup window.

EDIT: As I reread this, I realize it's outdated -- we moved the "Export Key Lists" option into the "Backup Your Wallet" dialog sequence.  Will update that text appropriately.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Pages: « 1 ... 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 [187] 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!