<shiza>
SSH+Git on a VPS beats GitHub transference speeds (clone etc.) by a large advantage, but have to pay...
<shiza>
... and choose an issue tracker, and make a good choice.
* shiza
cries
sipsorcery has joined #bitcoin-core-dev
lkqwejhhgasdjhgn has quit [Quit: Konversation terminated!]
bitcoin-git has joined #bitcoin-core-dev
<bitcoin-git>
[bitcoin] glozow opened pull request #22677: [RFC] cut the validation <-> txmempool circular dependency (master...2021-08-circular-dep) https://github.com/bitcoin/bitcoin/pull/22677
bitcoin-git has left #bitcoin-core-dev [#bitcoin-core-dev]
AaronvanW has joined #bitcoin-core-dev
lightlike has joined #bitcoin-core-dev
Aaronvan_ has joined #bitcoin-core-dev
greypw has quit [Quit: I'll be back!]
AaronvanW has quit [Ping timeout: 268 seconds]
sipsorcery has quit [Ping timeout: 258 seconds]
FelixWeis has quit [Ping timeout: 258 seconds]
elichai2 has quit [Ping timeout: 258 seconds]
sipsorcery has joined #bitcoin-core-dev
FelixWeis has joined #bitcoin-core-dev
elichai2 has joined #bitcoin-core-dev
sipsorcery has quit [Ping timeout: 272 seconds]
bitboy has joined #bitcoin-core-dev
<bitboy>
are there any devs around? i found a virus in one of the depository files
teguest has joined #bitcoin-core-dev
<achow101>
bitboy: which?
teguest has quit [Client Quit]
<bitboy>
are you a dev?
<achow101>
are you sure it isn't antivirus software thinking that a software looking for a wallet.dat file is malware (even though Core makes it)? Or it's detecting the mining code and calling it malware?
<achow101>
yes
<bitboy>
i don't know, i am just a regular user, but i am very freaked out right now
<bitboy>
let me get you the info sec
<bitboy>
i had an old copy of the bitcoin core 0.15.1 DMG file on my mac, and recently installed BitDefender anti-virus (from the Mac App Store), and it said that it had a virus in it: Application.MAC.Miner.NB inside the DMG, specifically Bitcoin-Qt.app/Contents/MacOS/BITCOIN_QT
<bitboy>
the first thing i did was check all copies i have of this with the virus scanner, and they all returned the same result and showed as infected.
<bitboy>
then i checked each files hash to the hash on the bitcoin.org depository (https://bitcoin.org/bin/insecure-CVE-2018-17144/bitcoin-core-0.15.1/), and they matched perfectly ... so then i downloaded 0.15.1 off of the depository and ran it through the virus scanner and got the same warning that it had a virus. so the one hosted on bitcoin.org got
<bitboy>
flagged in the virus scanner as well. i see this version is no longer available on the website for security reasons.
<bitboy>
then i tried 2 other virus scanners (malwarebytes and bitmedic) and they returned negative results from the scan.
<achow101>
that's a false positive
<achow101>
it's detecting mining code and classifying it as malware
<achow101>
as long as the hashes match the published hashes, its fine
<bitboy>
but i have other version of bitcoin core .dmgs on my computers and that antivirus software didnt flag those
<achow101>
some AVs have added exceptions for some versions of Bitcoin Core
<achow101>
it may not have an exception for 0.15.1
<bitboy>
its very old but i was using it until a few months ago, so i randomly decided to instal anti virus software and it flagged it, then i wanted to throw up lol
<achow101>
Bitcoin Core is frequently incorrectly flagged as malware because it searchs for a wallet.dat file and includes mining code
<achow101>
as long as the hashes match the published hashes, it's fine
<bitboy>
i upgraded to the latest version, but it was crashing when using the old 0.15.1 wallet. took two weeks to figure out how to get it to work again :(
<bitboy>
there is a bug in 0.21.1 that wont be fixed till next release
<bitboy>
so, the bit-defender software looked inside the 0.15.1 DMG and specifically had a problem with Bitcoin-Qt.app/Contents/MacOS/BITCOIN_QT
<bitboy>
you're 100% sure that it's a false positive?
<achow101>
everyone who built that release has added their hashes there. they should all be the same hashes, and match the hash of the dmg you have too
<bitboy>
for the local copies i had, and it matched the number on the depository
babasancheti has joined #bitcoin-core-dev
<achow101>
that's the correct way to verify the hashes. you should also verify the signature on the SHA256SUMS.asc file as described in the instructions I just linked
<bitboy>
i looked inside there and that hash matches my local copies
<achow101>
then your local copy does not have a virus
<bitboy>
i was using those copies for years
<bitboy>
so you would think that if it did have a virus something would have happened by now as well
<bitboy>
i won't lie, i lost my mind when it got flagged by the antivius software, like that is litereally my worst nightmare scenario lol. i have been trying to get in contact with devs for a week now. thank you so much for your help. i will recheck everything just in case from my backups.
dviola has quit [Ping timeout: 272 seconds]
<gene>
bitboy: if viruses are your worst nightmare, time to stop using computers
yanmaani has quit [Ping timeout: 244 seconds]
<bitboy>
it's more like having all my money stolen that is my worst nightmare
<gene>
yeah, that would suck. look into cold storage, and getting a hardware wallet
<bitboy>
i dont keep any wallets online ever
<bitboy>
but do you prefer a hardware wallet vs a core wallet?
<bitboy>
seems like most people use hardware wallets these days
<gene>
why not both? :) with PSBT think you can use some hardware wallets with core
<bitboy>
would you agree with the statement that using core is more for a power user
<gene>
depends, there is a GUI
<bitboy>
i would think that 99% of people that are using bitcoin are not using core
<bitboy>
most people probably using android/ios wallet, or keeping their coins on an exchange, or hardware wallet
<gene>
unfortunate, but you are probably right
<gene>
luckily, you don't have to follow the majority
<bitboy>
yeah, it's too complex for most people and this is really the original way to do things
<bitboy>
question: why have many versions including 0.15.1 been removing from bitcoin.org and a notice posted "Bitcoin Core version 0.15.1 is not available for security reasons:" ... any idea?
<dodo>
"security reasons"
<bitboy>
which means what exactly though. they are all moved to the 'insecure' directory. i guess they don't want to say, but does mean that the software is compromised
<dodo>
the 0.15.2 release notes contain some info
<bitboy>
Denial-of-Service vulnerability
Aaronvan_ has quit [Remote host closed the connection]
nathanael has quit [Quit: connection reset by purr]
<bitboy>
ok, so nothing that could have allowed someone to steal coins i assume. definitely will never be using those old versions again, that's for sure.
nathanael has joined #bitcoin-core-dev
<dodo>
well, you can make bitcoind crash.. crashing an app is very bad because it can easily lead to a more serious exploit if another problem is in the code
sipsorcery has joined #bitcoin-core-dev
<bitboy>
yeah, but if i was using the software previously and nothing happened and i stopped using it, i will assume that i am OK
<bitboy>
i wonder if i should email Bit-Defender antivirus that their software was flagging 0.15.1 as a virus with a false positive
AaronvanW has joined #bitcoin-core-dev
AaronvanW has quit [Ping timeout: 248 seconds]
<sipa_>
bitboy: bitcoin core has never had any money-stealing wallet bugs
<sipa_>
to the best of my knowledge
<sipa_>
the OP_RETURN bug sort of allowed anyone to take anyone's coins, due to a bug in consensus rules, but that's ancient history (2010)
<bitboy>
sipa: are you pieter?
<sipa_>
yes, i saw your email
<bitboy>
sorry for emailing you, i just was reading your stuff on stack exchange and thought you would be able to help
<bitboy>
wasn't sure who to ask
<sipa_>
np
<bitboy>
so you think it was a false positive
<sipa_>
but yes, what achow101 says is correct: it is a flase positive
<bitboy>
i was using it for years and have had 0 problems so i would agree with that assessment
<sipa_>
if it mathhes the release signatures, there is no malware in it obviously
<sipa_>
sorry for typing, i'm on my phone in the car
<sipa_>
(not driving)
<bitboy>
yeah, it still freaked me out LOL. i wonder if i should email bit-defender and tell them
<sipa_>
i'd just move on
<sipa_>
0.15 is history
babasancheti has quit [Quit: Client closed]
<bitboy>
so the issue is i was using 0.15.1 then hadn't opened my wallet in years, and upgraded to 0.21.1
<bitboy>
the 0.15.1 wallet was crashing 0.21.1 on the rescan
<bitboy>
took quite a while to figure out how to get it to work
<bitboy>
there is a bug that is now known and will be fixed in the next release
<achow101>
you could try 22.0rc2
<bitboy>
i figured out how to fix it
<bitboy>
i just actually saw your post on stack exchange about antivirus and wallets haha
<bitboy>
thanks again so much for the help, i can't tell you what a horrible feeling it was when i saw it got flagged
<bitboy>
now i found a rejected signing certificate in Signal
AaronvanW has joined #bitcoin-core-dev
lightlike has quit [Quit: Leaving]
AaronvanW has quit [Ping timeout: 258 seconds]
grettke has joined #bitcoin-core-dev
AaronvanW has joined #bitcoin-core-dev
Kiminuo has quit [Quit: Client closed]
AaronvanW has quit [Ping timeout: 268 seconds]
AaronvanW has joined #bitcoin-core-dev
bitboy has quit [Quit: Client closed]
grettke has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
bitboy has joined #bitcoin-core-dev
<bitboy>
thank you again for the help andrew, i see you actually were one of the devs on 0.15.1 from the github link you sent me. i trust your knowledge on this issue, and now i can sleep well at night!
<roasbeef>
so I'm working on a bip 155 implementation for neutrino/btcd, do I understand it correctly that there's essentially a dependancy (in order to _not_ split the network) on bip 339 for bip 155?
<roasbeef>
given the behavior of sending something _before_ verack breaks the connection for older nodes, and you need to advertise version 70016 in order for the other peer to start sendign your the addrv2 messages?
<roasbeef>
since the "new" protocol essentially uses the space between version and verack for interactive protocol feature negotiation instead of service bits
<roasbeef>
as in, a node can't implement the addrv2 stuff w/o also understanding the wtxid relay semantics? tho I guess a peer can just accept that message but then not relay wtxid stuff?
<roasbeef>
as otherwise seems transaction relay would break, assuming bitcoind always prfers the new inv msg type
<roasbeef>
also how does bitcoind handle boostrap of an "addrv2" preferred node? since there isn't a new service bit, I don't know before connecting to a node if they can send me addr v2 right?
<roasbeef>
if bitcoind gets an addr message (peer is older), does it "massage" that into an addrv2 message and then relay that instead when peers are asked?
jonatack has joined #bitcoin-core-dev
<sipa_>
roasbeef: yes, it will convert
<sipa_>
when possible
<_aj_>
roasbeef: bitcoind relays addresses; it does so via addrv2 messages for peers that support it, and addr messages for peers that don't (and doesn't relay addresses that can't be relayed via addr messages in that case -- see IsAddrCompatible)
AaronvanW has quit [Remote host closed the connection]
Guyver2 has quit [Quit: Going offline, see ya! (www.adiirc.com)]
<sipa_>
roasbeef: you can just send protocol 70016 and not send send WTXIDRELAY
<sipa_>
protocol versions don't enable features; they enable messages
AaronvanW has joined #bitcoin-core-dev
<sipa_>
(at least the last few years)
sipsorcery has quit [Ping timeout: 268 seconds]
rockslide has quit [Quit: rockslide]
AaronvanW has quit [Ping timeout: 248 seconds]
AaronvanW has joined #bitcoin-core-dev
bomb-on has quit [Quit: aллилѹіа!]
AaronvanW has quit [Ping timeout: 272 seconds]
AaronvanW has joined #bitcoin-core-dev
grettke has joined #bitcoin-core-dev
Guest17 has joined #bitcoin-core-dev
Guest17 has quit [Ping timeout: 246 seconds]
sipsorcery has joined #bitcoin-core-dev
grettke has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]