0 Members and 1 Guest are viewing this topic.
New stuff for 0.91-beta!Finally ready to lock down the feature set for 0.91-beta. I posted a testing version a couple weeks ago, and then some internal discussions revealed it was actually possible (and easy) to integrate BitTorrent into Armory to dramatically improve the initial synchronization! But that's not it: we are now running 30+ seedboxes to make sure there is sufficient seeding power for... a lot ... of users simultaneously. The joys of being a company with capital to make such investments! (and really, it's not terribly expensive) And yet there's more! I had been meaning to update the announcement system for a long time, and never quite had the motivation to do it. With the necessity to periodically update the bootstrap.dat.torrent file, I decided now was the time. Armory now has a hard-coded offline signing Bitcoin key, that is used to sign all announcement data, including torrents, upgrade info and alerts. This channel is protected to the same level of security as the releases themselves. It will be used sparingly:URLs, hashes, changelogs for all new versions of Armory and CoreBitcoin. This made it possible to also integrate a "Secure Downloader" that downloads installers and verifies signatures for you!Notifications list for critical announcements and alerts (including low-priority testing announcements if selected in the settings)It's all stored in an announce file which is periodically retrieved by Armory. If the announce file has no valid signature, it's as if it doesn't exist. Similarly, when data is downloaded, it must match the hash in the announce file, or it will be discarded. All text files will, themselves, be in Armory signature blocks, and can be manually verified in Armory via Tools -> Message Signing/Verification from the main window.tl;drAutomatic usage of torrent and Armory seedboxes to bootstrap a cold start. I downloaded the blockchain at 4 MB/s on my connection! (unfortunately, bitcoin-qt still takes 2-3 hours to process the bootstrap.dat, but the total time is still faster for most, and much more reliable)Armory works even if the torrent library is actually removed. I don't think most people would care, but just in case... remove the BitTornado directory and it will sync with the network normally via Bitcoin P2P.Secure downloader provides a secure way to update Armory without using GPG. This even includes the ability to "Save with offline-verifiable signatures". This means you can create a .signed file to take to the offline computer and it won't even write the package to disk unless the signature is valid.General notifications: We finally have a way to issue critical security alerts if the need arises. Can select the threshold in the settings, including a "testing" mode, which we might use to communicate with people actively helping test.We are still tweaking a few things, but otherwise the testing version is about ready to go. It's on 0.91-dev if anyone is willing to help sanity check that all the files are committed, etc. Will merge into the "testing" branch and make Windows and OSX installers in the next two days. I will also start another testing thread (with bug bounty!) when we do.P.S. - If you run with 0.91-dev right now, you'll need to use --test-announce to see the announcements, downloads and use torrent. And they're all fake at the moment (except for the torrent), so it the actual information displayed isn't all that meaningful. The Armory downloads for Mac and Ubuntu should technically work, but may not download anything actually useful (though you can test the offline-verify-signature feature)
Page created in 0.037 seconds with 25 queries.