cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
October 04, 2014, 08:15:04 PM |
|
---
ok, got it. but i have to say, this whole section on your website needs to be re-written and clarified if you want to stop getting these questions: ... Yes, that should still work for the regular non-offline-bundle installers. And it was supposed to work with the debs inside the bundle, but it seems that I make the bundles before I sign the .debs (so the bundle ends up with the non-signed version). But the whole tar.gz list gets signed anyway, so the dpkg-sig signature is redundant, and the fact that I screwed up the redundant sig is what threw you off. It's better to use the hash list anyway, since it covers all the files in the .tar.gz, not just the Armory installer itself. I'd like to make this simpler, but there's just so many OSes, so many signature layers, and a complex web of operations performed to make sure everything is consistent (such as making sure that the installers are signed before making the hashes file, which needs to be signed, before creating the announce digest, that needs to be signed, so the secure downloader gets the right file with a valid signature. I wish we could just use the secure downloader for everything, but the fact is that people have to somehow verify the first version of Armory that they get, which requires the GPG stuff. no worries. it's just that devs use a different language sometimes for instance, i think adding these words to what you said would make it clearer: "But the signed hashes list is better, since the hash list covers every file in the .tar.gz, not just the .deb."
|
|
|
|
redphlegm
Sr. Member
Offline
Activity: 246
Merit: 250
My spoon is too big!
|
|
October 06, 2014, 02:48:12 PM |
|
Not sure if I found a bug or not but it sure seems like something that shouldn't work the way it does. Here's my scenario:
I use an old, offline machine running linux just for the purposes of offline signing for a couple Armory wallets. All was fine and dandy until I forgot the encryption passphrase for one of them. Not to worry though, right? Because I have the paper backup. So with that encrypted wallet for which I couldn't remember the encryption passphrase still in the list, I "recovered" the same wallet using the root key paper backup. It then gave me 3 options: to cancel, merge, or overwrite (with the text for "merge" saying that it would create a new passphrase). I chose the merge option. It then proceeded to "calculate new addresses" which was pretty processor intensive and ran for about 5-7 minutes. I didn't figure this was an issue and that it was a one-time thing so I didn't think much of it. Then I tried to spend from the wallet. I generated the transaction on an online computer, saved the tx file, loaded the tx file for signing on the offline computer, and then it did the same long processing activity (probably about 5 minutes) and it was finally signed. Saved the signed tx file, went to online computer, broadcast, and it went on without a hitch.
I haven't tried again as I don't have any reason to spend / send again but I'm wondering if I will have to deal with the 5-minute processing every time because I have a "merged" wallet with the passphrase changed.
And now that I think about it, what is the difference, on an offline machine, between a "merged" wallet and an "overwritten" wallet with a new encryption? Seems a bit redundant since the addresses, amounts, and transaction history aren't tracked.
|
Whiskey Fund: (BTC) 1whiSKeYMRevsJMAQwU8NY1YhvPPMjTbM | (Ψ) ALcoHoLsKUfdmGfHVXEShtqrEkasihVyqW
|
|
|
etotheipi (OP)
Legendary
Offline
Activity: 1428
Merit: 1093
Core Armory Developer
|
|
October 06, 2014, 02:59:02 PM |
|
Not sure if I found a bug or not but it sure seems like something that shouldn't work the way it does. Here's my scenario:
I use an old, offline machine running linux just for the purposes of offline signing for a couple Armory wallets. All was fine and dandy until I forgot the encryption passphrase for one of them. Not to worry though, right? Because I have the paper backup. So with that encrypted wallet for which I couldn't remember the encryption passphrase still in the list, I "recovered" the same wallet using the root key paper backup. It then gave me 3 options: to cancel, merge, or overwrite (with the text for "merge" saying that it would create a new passphrase). I chose the merge option. It then proceeded to "calculate new addresses" which was pretty processor intensive and ran for about 5-7 minutes. I didn't figure this was an issue and that it was a one-time thing so I didn't think much of it. Then I tried to spend from the wallet. I generated the transaction on an online computer, saved the tx file, loaded the tx file for signing on the offline computer, and then it did the same long processing activity (probably about 5 minutes) and it was finally signed. Saved the signed tx file, went to online computer, broadcast, and it went on without a hitch.
I haven't tried again as I don't have any reason to spend / send again but I'm wondering if I will have to deal with the 5-minute processing every time because I have a "merged" wallet with the passphrase changed.
And now that I think about it, what is the difference, on an offline machine, between a "merged" wallet and an "overwritten" wallet with a new encryption? Seems a bit redundant since the addresses, amounts, and transaction history aren't tracked.
In wallets that are encrypted (should be most of them) it sometimes generates all the addresses from the public keys when it doesn't have your password to generate the private keys with it. In that case, it marks all the private keys to be calculated next time you unlock the wallet, which could be a lot of keys. But once it is done, or won't need to do it again so each subsequent unlock should be much faster
|
|
|
|
Moria843
Sr. Member
Offline
Activity: 442
Merit: 250
Found Lost beach - quiet now
|
|
October 06, 2014, 05:22:18 PM |
|
With the news on USB firmware hacks I was wondering if I should add a 3.5" floppy to my online computer to transfer from my cold storage old XP computer that already has a floppy. Would it be safer?
|
Hot time, summer in the city, back of my mine getting hot & gritty!!!
|
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
October 06, 2014, 08:05:31 PM |
|
With the news on USB firmware hacks I was wondering if I should add a 3.5" floppy to my online computer to transfer from my cold storage old XP computer that already has a floppy. Would it be safer?
Those have firmware too
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
October 06, 2014, 09:06:23 PM |
|
Those have firmware too
Floppy firmware The problem is paucity of computers that still have the floppy drive interfaces. Physical drives and disks are quite easy to get on the secondary market. Obviously, using an USB-attached floppy drive will put you back in square one.
|
|
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
October 06, 2014, 09:09:37 PM |
|
Those have firmware too
Floppy firmware The problem is paucity of computers that still have the floppy drive interfaces. Physical drives and disks are quite easy to get on the secondary market. Obviously, using an USB-attached floppy drive will put you back in square one. Oh internal floppy, do you even have a floppy header?
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
October 06, 2014, 09:27:59 PM |
|
Oh internal floppy, do you even have a floppy header?
Internal or external. It doesn't matter, lots of laptops had it as an option for "universal drive bay" or "expansion docking bay". On desktop motherboards it is nowadays available through the http://en.wikipedia.org/wiki/Low_Pin_Count bus instead of the historical "IBM PC-compatible" cable.
|
|
|
|
Moria843
Sr. Member
Offline
Activity: 442
Merit: 250
Found Lost beach - quiet now
|
|
October 06, 2014, 09:40:50 PM |
|
Those have firmware too
Floppy firmware The problem is paucity of computers that still have the floppy drive interfaces. Physical drives and disks are quite easy to get on the secondary market. Obviously, using an USB-attached floppy drive will put you back in square one. Oh internal floppy, do you even have a floppy header? Would be using old IDE/ATA interface, not USB. Sure floppy has firmware, but I doubt the BadUSB problem attacks IDE/ATA firmware or if the old firmware was even writeable. My cold storage XP computer already has a floppy and I have a PCI to IDE controller card that will allow me to interface an old floppy (I have several sitting around) to my on-line computer. Floppies would be used to transfer signature files. Just wondering if the old technology might be less susceptible to hacks like BadUSB.
|
Hot time, summer in the city, back of my mine getting hot & gritty!!!
|
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
October 06, 2014, 09:45:57 PM |
|
Man that shit is old. Maybe sata to sd is a better option.
|
|
|
|
Moria843
Sr. Member
Offline
Activity: 442
Merit: 250
Found Lost beach - quiet now
|
|
October 06, 2014, 09:55:43 PM |
|
It is old. But it's spare parts I have laying around. Saw a 60 Minutes where they're still using 8" floppies in ICBM launch bunkers. Why - because they're controllers cannot be be hacked. That's what made me wonder about this option.
|
Hot time, summer in the city, back of my mine getting hot & gritty!!!
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
October 06, 2014, 10:35:31 PM |
|
Would be using old IDE/ATA interface, not USB. Sure floppy has firmware, but I doubt the BadUSB problem attacks IDE/ATA firmware or if the old firmware was even writeable.
My cold storage XP computer already has a floppy and I have a PCI to IDE controller card that will allow me to interface an old floppy (I have several sitting around) to my on-line computer. Floppies would be used to transfer signature files. Just wondering if the old technology might be less susceptible to hacks like BadUSB.
You seem to be confused. Floppies have no firmware neither in the drive nor in the controller. It is all hard-wired logic sequencers. Moreover normal floppies never used IDE/ATA interface or anything similar, those were for hard drives. Fortunately the connectors won't fit, so there's no possibility of damage. Lots of even fairly modern motherboards will support floppy connected via the LPC as a last-resort recovery from a locked-out administrator access to the IPMI, AMT or similar pre-boot low-level interfaces. It is frequently not even described in the regular documentation. There are some extremely rare IDE-attached floppy-like drives like: http://en.wikipedia.org/wiki/Flopticalhttp://en.wikipedia.org/wiki/SuperDiskhttp://en.wikipedia.org/wiki/Zip_drivehttp://en.wikipedia.org/wiki/Sony_HiFDhttp://en.wikipedia.org/wiki/Caleb_UHD144but those aren't real floppies and do have firmware. Although they are so rare, that one can probably assume that nobody would bother to hack them.
|
|
|
|
Adrian-x
Legendary
Offline
Activity: 1372
Merit: 1000
|
|
October 06, 2014, 10:58:28 PM |
|
Every time I updated Armory (windows 64 bit version) my antivirus software quarantines “guardian.exe” I wasn’t able to find a satisfactory explanation as to its function.
can anyone shed some light on the following questions:
What does it do? Why does Armory need it? My Armory seems to functions just fine without it, is there anything I should know or be concerned about? Is it safe to ask my antivirus to ignore this file?
Thanks,
|
Thank me in Bits 12MwnzxtprG2mHm3rKdgi7NmJKCypsMMQw
|
|
|
Moria843
Sr. Member
Offline
Activity: 442
Merit: 250
Found Lost beach - quiet now
|
|
October 06, 2014, 11:28:30 PM |
|
Would be using old IDE/ATA interface, not USB. Sure floppy has firmware, but I doubt the BadUSB problem attacks IDE/ATA firmware or if the old firmware was even writeable.
My cold storage XP computer already has a floppy and I have a PCI to IDE controller card that will allow me to interface an old floppy (I have several sitting around) to my on-line computer. Floppies would be used to transfer signature files. Just wondering if the old technology might be less susceptible to hacks like BadUSB.
You seem to be confused. Floppies have no firmware neither in the drive nor in the controller. It is all hard-wired logic sequencers. Moreover normal floppies never used IDE/ATA interface or anything similar, those were for hard drives. Fortunately the connectors won't fit, so there's no possibility of damage. Lots of even fairly modern motherboards will support floppy connected via the LPC as a last-resort recovery from a locked-out administrator access to the IPMI, AMT or similar pre-boot low-level interfaces. It is frequently not even described in the regular documentation. There are some extremely rare IDE-attached floppy-like drives like: http://en.wikipedia.org/wiki/Flopticalhttp://en.wikipedia.org/wiki/SuperDiskhttp://en.wikipedia.org/wiki/Zip_drivehttp://en.wikipedia.org/wiki/Sony_HiFDhttp://en.wikipedia.org/wiki/Caleb_UHD144but those aren't real floppies and do have firmware. Although they are so rare, that one can probably assume that nobody would bother to hack them. You're right. I was looking at my old "Super I/O" card that states it "contains a Floppy Disk Controller" and thought this was an IDE/ATA interface but guess that's different. It states: » Supports two 360K / 720K / 1.2M / 1.44M / 2.88M floppy disk drives » Enhanced digital data separator » 3-Mode drives supported But, it's definitely not USB since it has the old parallel ribbon cable connectors that connect to the old 3.5" floppy drives.
|
Hot time, summer in the city, back of my mine getting hot & gritty!!!
|
|
|
goatpig
Moderator
Legendary
Offline
Activity: 3738
Merit: 1360
Armory Developer
|
|
October 06, 2014, 11:47:10 PM |
|
Every time I updated Armory (windows 64 bit version) my antivirus software quarantines “guardian.exe” I wasn’t able to find a satisfactory explanation as to its function.
can anyone shed some light on the following questions:
What does it do? Why does Armory need it? My Armory seems to functions just fine without it, is there anything I should know or be concerned about? Is it safe to ask my antivirus to ignore this file?
Thanks,
If you use auto managed bitcoind, it will be ran monitor the bitcoind instance spawned by Armory. If Armory was to crash, it will kill that bitcoind instance and exit.
|
|
|
|
etotheipi (OP)
Legendary
Offline
Activity: 1428
Merit: 1093
Core Armory Developer
|
|
October 07, 2014, 12:50:09 AM |
|
Every time I updated Armory (windows 64 bit version) my antivirus software quarantines “guardian.exe” I wasn’t able to find a satisfactory explanation as to its function.
can anyone shed some light on the following questions:
What does it do? Why does Armory need it? My Armory seems to functions just fine without it, is there anything I should know or be concerned about? Is it safe to ask my antivirus to ignore this file?
Thanks,
If you use auto managed bitcoind, it will be ran monitor the bitcoind instance spawned by Armory. If Armory was to crash, it will kill that bitcoind instance and exit. More specifically, if Armory runs Bitcoin Core for you in the background, sometimes it will leave Bitcoin Core running in the background if Armory crashes. guardian.exe is a very short program with the sole purpose of killing Bitcoin Core if Armory fails to close it. It was especially important on Windows where Armory would mysteriously fail to close Core even on a clean shutdown. If you quarantine guardian.exe and don't allow it to run, you'll be fine. But you might occasionally start Armory and it will tell you Core is already running, even though you never started it. You'll have to go into the task manager and kill it manually.
|
|
|
|
Adrian-x
Legendary
Offline
Activity: 1372
Merit: 1000
|
|
October 07, 2014, 12:55:32 AM |
|
thanks etotheipi and goatpig,
Occasionally I feel armory didn’t close properly as Armory has to re index the internal database on reboot. Not sure as this hasn’t happened with 0.92.3 yet but would that be related?
|
Thank me in Bits 12MwnzxtprG2mHm3rKdgi7NmJKCypsMMQw
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
October 07, 2014, 01:12:42 AM Last edit: October 07, 2014, 04:03:14 AM by 2112 |
|
You're right. I was looking at my old "Super I/O" card that states it "contains a Floppy Disk Controller" and thought this was an IDE/ATA interface but guess that's different. It states: » Supports two 360K / 720K / 1.2M / 1.44M / 2.88M floppy disk drives » Enhanced digital data separator » 3-Mode drives supported But, it's definitely not USB since it has the old parallel ribbon cable connectors that connect to the old 3.5" floppy drives.
Yep, you are good to go and as safe as the US ICBM operators. Although if I remember correctly the ICBM operators are required to sit on their chairs (with rails instead of rollers) and wear seat-belts (chairbelts?) when swapping floppies. Important edit for the beginners:1) Do not allow any of the computers to boot off of the floppy or CD-ROM. Always remember to immediately remove the floppy or CD-RW used to exchange the data between the computers, lest you forget and reboot the machine accidentally. 2) Do not install any additional drivers that might have came with the PCI board or the laptop expansion bay. The added device should be recognized by the OS itself. If the device isn't auto-recognized then it also isn't really safe. There were well-know vendors who inadvertently distributed viruses/trojans/bad OS patches on their pressed driver CD-ROMs. I apologize for not putting this disclaimer when writing the original message.
|
|
|
|
etotheipi (OP)
Legendary
Offline
Activity: 1428
Merit: 1093
Core Armory Developer
|
|
October 07, 2014, 02:50:17 AM |
|
Sorry for the delay guys. First, my release script was broken, and I wasn't able to sign the 0.92.3 tag before making the full release. I had planned to do it the next day. The next day my primary hard-drive died before I could complete the process. D'oh! Anyways, I got everything sorted out now and I just pushed the tag v0.92.3. That should complete the release. Future releases should have the signed tag pushed at the same time the signed installers are uploaded to S3.
|
|
|
|
paranoidx
|
|
October 07, 2014, 04:00:29 AM |
|
Okay, tried to update armory through the .deb file 13.10. I'm running Linux Mint 16 petra.
it gave me an error and told me I had to run sudo apt-get install -f from the terminal. It wouldn't let me open a terminal window, so I restarted the system.
Instead of booting to the Linux Mint logon screen, it now gives me the Ubuntu 13.10 startup screen but never gets to logon.
I went into linux mint recovery and did the sudo apt0get install -f from there, but rebooting the system still gives me a stuck screen that shows ubuntu 13.10.
Any ideas?
|
|
|
|
|