|
|
|
|
|
|
|
|
|
"The nature of Bitcoin is such that once version 0.1 was released, the
core design was set in stone for the rest of its lifetime." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Hueristic
Legendary
 Offline
Activity: 3794
Merit: 4861
Doomed to see the future and unable to prevent it
|
 |
November 19, 2019, 02:20:57 AM |
|
Last time I was a picture of him he looked like a MethHead with Aids. |
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
Deathwing
Legendary
Offline
Activity: 1638
Merit: 1328
Stultorum infinitus est numerus
|
|
November 19, 2019, 03:02:36 AM |
|
So I have been looking around but wasn't able to find an answer for it on Reddit and some other site on the internet. When exactly does the fork happen for the RandomX (RX) mining algorithm? I read it is coming with the v0.15 update but considering that the CLI has already released and the only thing required is a GUI update, does this mean that the algorithm will switch when the GUI update is released?
|
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
November 19, 2019, 08:31:17 AM |
|
So I have been looking around but wasn't able to find an answer for it on Reddit and some other site on the internet. When exactly does the fork happen for the RandomX (RX) mining algorithm? I read it is coming with the v0.15 update but considering that the CLI has already released and the only thing required is a GUI update, does this mean that the algorithm will switch when the GUI update is released?
The fork to RandomX will happen around November 30, block height 1978433 |
|
|
|
|
|
akhjob
|
Looks like the CLI binaries available at getmonero.org has been compromised and the users are advised to check the integrity of the binaries they download. Some users noticed the hash of the binaries they downloaded did not match the expected one: https://github.com/monero-project/monero/issues/6151It appears the box has been indeed compromised and different CLI binaries served for 35 minutes. Downloads are now served from a safe fallback source. Always check the integrity of the binaries you download! If you downloaded binaries in the last 24h, and did not check the integrity of the files, do it immediately. If the hashes do not match, do NOT run what you downloaded. If you have already run them, transfer the funds out of all wallets that you opened with the (probably malicious) executables immediately, using a safe version of the Monero wallet (the one online as we speak is safe -- but check the hashes). More information will be posted as several people are currently investigating to get to the bottom of this. Correct hashes are available here (check the signature): https://web.getmonero.org/downloads/hashes.txtsource: https://amp.reddit.com/r/Monero/comments/dyfozs/security_warning_cli_binaries_available_on/ |
|
|
|
|
|
MATHReX
|
|
November 19, 2019, 07:08:57 PM |
|
Oh, that is crazy! Thank you for the update. How is something like this even possible? I downloaded the wallet a while ago in my PC with Ryzen 7 1700 to be ready for RandomX. Anyway, the checksum matches as I downloaded directly from the GitHub releases. |
|
|
|
|
Hueristic
Legendary
Offline
Activity: 3794
Merit: 4861
Doomed to see the future and unable to prevent it
|
|
November 19, 2019, 11:48:38 PM |
|
As far I can see, it doesn't seem to create any additional files or folders - it simply steals your seed and attempts to exfiltrate funds from your wallet. https://bartblaze.blogspot.com/2019/11/monero-project-compromised.html |
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
|
StonerStanley
|
|
November 20, 2019, 07:33:19 PM |
|
which vulnerability has been used to hack the website ?
|
|
|
|
|
dEBRUYNE
Legendary
Offline
Activity: 2268
Merit: 1141
|
|
November 23, 2019, 06:18:29 PM |
|
|
|
|
|
|
Millionero
|
|
November 24, 2019, 01:15:39 PM
Last edit: November 24, 2019, 02:36:10 PM by Millionero |
|
I use linux 64 bit cli only. Going through the ridiculously complicated verification procedure now. Just finished section 3.2 of these instructions: https://src.getmonero.org/resources/user-guides/verification-allos-advanced.htmlSection 4, download and verify binary, directs you to get the file via command line wget -O monero-linux-x64-v0.12.0.0.tar.bz2 https://downloads.getmonero.org/cli/linux64 But after executing the command, I notice it's version 12.0.0. So is the correct command actually wget -O monero-linux-x64-v0.15.0.1.tar.bz2 https://downloads.getmonero.org/cli/linux64 ? And where did the file go, if it's not in the downloads folder? I just did the point-and-click download of the cli file from the getmonero.org website and monero-linux-x64-v0.15.0.1.tar.bz2 appears in the downloads folder. So I am going to go back and do the command wget -O monero-linux-x64-v0.15.0.1.tar.bz2 https://downloads.getmonero.org/cli/linux64 continue following the instructions, and hope for the best I suppose. a@galliumos:~$ shasum -a 256 monero-linux-x64-v0.15.0.1.tar.bz2
8d61f992a7e2dbc3d753470b4928b5bb9134ea14cf6f2973ba11d1600c0ce9ad monero-linux-x64-v0.15.0.1.tar.bz2
a@galliumos:~$ And now the instructions say Your SHA256 hash should match the one listed in the hashes.txt file for your binary file.
Where is this file? Yeah, I'm going to look for it, but I shouldn't have to. Ok, scrolling back, I see that in step 3.1 I downloaded hashest.txt It's not in downloads. Where is it, or is somebody going to imply that I'm simply stupid for not having the answer? I'm starting to get annoyed, and I've been involved with this coin since the very beginning, spring 2014. Somebody needs to make monero usable or nobody's ever going to adopt this coin except total freaking nerdheads who live in bubbles. Okay, since I don't know where my hashes.txt file is, I go to getmonero.org to see the hash for 15.0.1 linux cli only. It matches the result of the shasum command, so I guess it's safe to continue. Just one little problem. The zip in downloads is the one I downloaded from getmonero.org through the browser. Where is the binary that I downloaded through the cli? Ah, I see it's in the home directory (along with 12.0.0 that I downloaded as a result of naively copy-pasting the command in the instructions, and which a less alert person might have installed unthinkingly LOL). And of course another stupid mistake I could make would be to use the zip which is in the downloads folder, and isn't actually verified. So there you have a narrative of what happens when a normal human being attempts to RTFM and use monero properly. It's not a pretty picture. |
|
|
|
|
|
gembitz
|
|
November 24, 2019, 02:48:07 PM |
|
I use linux 64 bit cli only. Going through the ridiculously complicated verification procedure now. Just finished section 3.2 of these instructions: https://src.getmonero.org/resources/user-guides/verification-allos-advanced.htmlSection 4, download and verify binary, directs you to get the file via command line wget -O monero-linux-x64-v0.12.0.0.tar.bz2 https://downloads.getmonero.org/cli/linux64 But after executing the command, I notice it's version 12.0.0. So is the correct command actually wget -O monero-linux-x64-v0.15.0.1.tar.bz2 https://downloads.getmonero.org/cli/linux64 ? And where did the file go, if it's not in the downloads folder? I just did the point-and-click download of the cli file from the getmonero.org website and monero-linux-x64-v0.15.0.1.tar.bz2 appears in the downloads folder. So I am going to go back and do the command wget -O monero-linux-x64-v0.15.0.1.tar.bz2 https://downloads.getmonero.org/cli/linux64 continue following the instructions, and hope for the best I suppose. a@galliumos:~$ shasum -a 256 monero-linux-x64-v0.15.0.1.tar.bz2
8d61f992a7e2dbc3d753470b4928b5bb9134ea14cf6f2973ba11d1600c0ce9ad monero-linux-x64-v0.15.0.1.tar.bz2
a@galliumos:~$ And now the instructions say Your SHA256 hash should match the one listed in the hashes.txt file for your binary file.
Where is this file? Yeah, I'm going to look for it, but I shouldn't have to. Ok, scrolling back, I see that in step 3.1 I downloaded hashest.txt It's not in downloads. Where is it, or is somebody going to imply that I'm simply stupid for not having the answer? I'm starting to get annoyed, and I've been involved with this coin since the very beginning, spring 2014. Somebody needs to make monero usable or nobody's ever going to adopt this coin except total freaking nerdheads who live in bubbles. Okay, since I don't know where my hashes.txt file is, I go to getmonero.org to see the hash for 15.0.1 linux cli only. It matches the result of the shasum command, so I guess it's safe to continue. Just one little problem. The zip in downloads is the one I downloaded from getmonero.org through the browser. Where is the binary that I downloaded through the cli? Ah, I see it's in the home directory (along with 12.0.0 that I downloaded as a result of naively copy-pasting the command in the instructions, and which a less alert person might have installed unthinkingly LOL). And of course another stupid mistake I could make would be to use the zip which is in the downloads folder, and isn't actually verified. So there you have a narrative of what happens when a normal human being attempts to RTFM and use monero properly. It's not a pretty picture. WHAT PART OF "BREACHED BINARIES" ARE YOU FUCKED UP ABOUT?  LEL REEEEEE |
©2021*MY POSTS ARE STRICTLY FOR NOVELTY AND/OR PRESERVATION/COLLECTING PURPOSES ONLY!*It should not be regarded as investment/trading advice.*advocate to promote sharing and free software for the bitcoin community* #EFF #FSF #XTZ ===> START WITH NOTHING AND BUILD IT INTO SOMETHING!
|
|
|
|
Millionero
|
|
November 24, 2019, 03:07:21 PM |
|
Holy God. Is there no escaping this demented creature?
|
|
|
|
|
dEBRUYNE
Legendary
Offline
Activity: 2268
Merit: 1141
|
|
November 24, 2019, 06:46:49 PM |
|
I use linux 64 bit cli only. Going through the ridiculously complicated verification procedure now. Just finished section 3.2 of these instructions: https://src.getmonero.org/resources/user-guides/verification-allos-advanced.htmlSection 4, download and verify binary, directs you to get the file via command line wget -O monero-linux-x64-v0.12.0.0.tar.bz2 https://downloads.getmonero.org/cli/linux64 But after executing the command, I notice it's version 12.0.0. So is the correct command actually wget -O monero-linux-x64-v0.15.0.1.tar.bz2 https://downloads.getmonero.org/cli/linux64 ? And where did the file go, if it's not in the downloads folder? I just did the point-and-click download of the cli file from the getmonero.org website and monero-linux-x64-v0.15.0.1.tar.bz2 appears in the downloads folder. So I am going to go back and do the command wget -O monero-linux-x64-v0.15.0.1.tar.bz2 https://downloads.getmonero.org/cli/linux64 continue following the instructions, and hope for the best I suppose. a@galliumos:~$ shasum -a 256 monero-linux-x64-v0.15.0.1.tar.bz2
8d61f992a7e2dbc3d753470b4928b5bb9134ea14cf6f2973ba11d1600c0ce9ad monero-linux-x64-v0.15.0.1.tar.bz2
a@galliumos:~$ And now the instructions say Your SHA256 hash should match the one listed in the hashes.txt file for your binary file.
Where is this file? Yeah, I'm going to look for it, but I shouldn't have to. Ok, scrolling back, I see that in step 3.1 I downloaded hashest.txt It's not in downloads. Where is it, or is somebody going to imply that I'm simply stupid for not having the answer? I'm starting to get annoyed, and I've been involved with this coin since the very beginning, spring 2014. Somebody needs to make monero usable or nobody's ever going to adopt this coin except total freaking nerdheads who live in bubbles. Okay, since I don't know where my hashes.txt file is, I go to getmonero.org to see the hash for 15.0.1 linux cli only. It matches the result of the shasum command, so I guess it's safe to continue. Just one little problem. The zip in downloads is the one I downloaded from getmonero.org through the browser. Where is the binary that I downloaded through the cli? Ah, I see it's in the home directory (along with 12.0.0 that I downloaded as a result of naively copy-pasting the command in the instructions, and which a less alert person might have installed unthinkingly LOL). And of course another stupid mistake I could make would be to use the zip which is in the downloads folder, and isn't actually verified. So there you have a narrative of what happens when a normal human being attempts to RTFM and use monero properly. It's not a pretty picture. You don't necessarily have to use wget to download the binaries. Put differently, you can simply download the file (.tar.bz2 for Linux 64-bit in your case) from the website. The hashes.txt file is present on the downloads page. You need to save the content to a text file on your local system. You should check the hashes.txt file against Fluffypony's GPG key. Merely checking the SHA256 hash is not sufficient, as an adversary could replace that. Admittedly, the guide could use an update. That being said, there is a limit to how easy verifying the GPG signed hashes can be made. However, moneromooo is working on a secure updater/installer for Monero, see: https://github.com/moneromooo-monero/monero-update |
|
|
|
|
Millionero
|
|
November 24, 2019, 08:34:05 PM |
|
The hashes.txt file is present on the downloads page.
"Page" sounds like a website. Again, where exactly is this hashes.txt file? |
|
|
|
|
Hueristic
Legendary
Offline
Activity: 3794
Merit: 4861
Doomed to see the future and unable to prevent it
|
|
November 24, 2019, 10:31:19 PM
Last edit: November 24, 2019, 10:46:24 PM by Hueristic |
|
The hashes.txt file is present on the downloads page.
"Page" sounds like a website. Again, where exactly is this hashes.txt file? I think he means you have to grab the text and create the text file yourself. It's easy. Dos command for n00bs on winblows: Copy con hashes.txt [entr] paste text here [f6 key] Are you trying to make it look complicated? They can also just paste in notepad (or any "Basic text editor like TED for Dos) and save but not anything like wordpad that adds control characters. Doesn't everyone know this stuff? Why make it easy for n00bs when we can just shovel up a tough to check binary that's infected? Its not like someone profited from that right? Holy God. Is there no escaping this demented creature?
Ignore Button? You can also use the report button for trolling. |
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
|
Millionero
|
|
November 25, 2019, 01:10:55 AM
Last edit: November 25, 2019, 01:21:05 AM by Millionero |
|
Not helpful.
|
|
|
|
|
elrippos friend
Full Member
Offline
Activity: 1179
Merit: 210
only hodl what you understand and love!
|
|
November 25, 2019, 07:11:52 AM |
|
|
|
|
|
Globb0
Legendary
Offline
Activity: 2674
Merit: 2053
Free spirit
|
|
November 25, 2019, 09:54:10 AM |
|
If the file can be compromised then presumably they could compromise the hash too.
|
|
|
|
|
dEBRUYNE
Legendary
Offline
Activity: 2268
Merit: 1141
|
|
November 25, 2019, 12:41:20 PM |
|
The hashes.txt file is present on the downloads page.
"Page" sounds like a website. Again, where exactly is this hashes.txt file? See the link elrippos friend posted. The link is displayed on the downloads page. |
|
|
|
dEBRUYNE
Legendary
Offline
Activity: 2268
Merit: 1141
|
|
November 25, 2019, 12:41:36 PM |
|
If the file can be compromised then presumably they could compromise the hash too.
Verification of the file against Fluffypony's GPG key would fail though. |
|
|
|
|
