Plain carbon steel, alloy steel, or stainless steel?
Many have gone back further than one release.
Itās just software.
Maybe if your concerned completely delete all chia installed on your system, that will still leave your keys intact on that box.
Just beware of the hard fork approaching when you must be upgraded before, but thats June iirc.
2 Likes
Github is as secure as it can be. Their business model is not collecting your code and reselling it, as it is open to anyone who wants to have it, so they have zero incentives to mess things up, and have competition take over that market.
If it was not that secure, think about Chia, all their software / assets are stored there. If anyone (you or I) could change that they would be going home long time ago.
As far as going back, what counts is mostly your dbs (formats) and .chia_keys folder. I donāt think that were any changes around that between 1.3.3 and 1.3.4. On the other hand, going back to v1.2.11 means old db formats for both wallet and bc.
As far as that emlowe stating that they are working on that problem, in software if there is no ETA that is just talk for talk. He didnāt even bother to say whether they understand the issue. When that OpenSSL was threatening network collapse, the new version was released a couple days after that broken one. In this case, the problem is on end user side, so they have no pressure to fix it.
1 Like
On the other hand, itās nice to see that theyāre working on it.
Normally I see that the post isnāt responded to in 20 days ( iirc )and they are closing it and considering it ok.
1 Like
Your killing me. xxxxxxxxxxxxxxxxxxx
I guess Iām just lucky, I did get two blocks since I upgraded to 1.3.4
1 Like
1 Like
I back revved from Chia 1.3.4 to 1.3.3.
It was 100% without incident.
Everything is running smoothly.
I recommend that no one attempt to use 1.3.4, unless they have a specific reason for needing that version.
1.3.4 might work just fine for some folks. Perhaps is was the size of my farm that resulted in problems?
It might be safe to try 1.3.4, if rolling back to 1.3.3 will work for others as smoothly as it worked for me.
Never again will I install the latest version, without first hearing that it is issue-free, or that few or only minor issues are reported.
1 Like
I wont repeat myself, I hope you have better luck soon.
I think that you are overestimating protection those 24 words give you. Last time I checked (really long time ago), when I messed up few words, chia was guiding me from one bad word to another, and it was fairly easy to recover the originals. Granted, my changes didnāt deviate too much from the originals, but that is really idiotic to let the user know which word is at play, as chars are restricted to lower case only, plus they have upper / lower limits, so easy to dictionary target those.
So, I would say that as long as those mnemonics are not password protected (not a box, but blockchain stored, e.g., similar to SSH) it is kind of a joke.
1 Like
@Jacek
Wow! I never would have assumed that Chia would help someone figure out any part of the mnemonics. They are well intentioned. But that person they are helping could be an attacker.
I am considering putting my 24 words into either a keepass database or a veracrypt volume. And it will be on an off-line flash drive.
You didnāt even see my drone fly by your windows and take a picture of your 24 words when it was on the screen.
I just started this Vm this morning to test the Friday morning beta.
No problem for me, was a smooth upgrade, I only have 211TiB of plots though.
I also had no problems in the upgrades. My simple plan has always been, shut down chia, reboot and install. resync in less than 8 minutes. So far so good.
Iāve had numerous problems over the past year, but its getting better, possibly because Iāve now worked out the doās and do nots of running Chia.
I canāt reboot as the server is doing other things as well, but I always use Process Explorer to make sure its fully closed, only ever edit the config when Chia is closed as well, and that seems to have cured most the problems.
1 Like
With all of the 3-letter agencies monitoring me, your drone just blended in.
yep yep
Well, it is worse than that.
I have just run a couple of RPC calls on my node. With no prior information provided to my code, after two calls I got my mnemonics.
WTF is that for security. Any garbage malware / script can do such thing easily. All the nonsense about āsecuringā your keys by creating a box password, all the nonsense about storing your keys somewhere, just two simple calls, and I have everything I need. This is basically security through primitive obscurity. The good part is that I really donāt need to store my mnemonics anymore, as I can get them anytime I want
I would think that this needs to be patched, possibly tomorrow.
1 Like