Skip to content

Blur v0.1.9.8.1 'Radiance'
Compare
Choose a tag to compare
@who-biz who-biz released this 12 Jul 05:55
· 268 commits to master since this release
v0.1.9.8.1
5719453

Blur v0.1.9.8.1 'Radiance' Release Brief

This update is STRONGLY RECOMMENDED for all nodes, as it includes a bugfix for the Monero wallet vulnerability (disclosed July 2nd, 2019), that could result in fake transaction amounts (controlled by an attacker) being displayed, within an incoming transfer.

This release also fixes a bug in the previously released v0.1.9.8 that caused a failure when trying to open wallet files created prior to v0.1.9.8.

This release did not port XMR's patch directly. Therefore, if you are a virtual service provider, it is critical that you ignore (or continue to ignore) coinbase tx's when scanning outputs.

This is precautionary, and can be achieved with the command set refresh-type no-coinbase issued to blur-wallet-cli for each wallet that is receiving transfers. This only needs done once, and is a persistent setting. If you are unsure of your wallets' settings, you can view them by issuing the command set with no parameters. In the list that displays, you will see the following:

[wallet bL3nhB]: set		
seed = English
always-confirm-transfers = 1
print-ring-members = 0
store-tx-info = 1
auto-refresh = 1
refresh-type = full
priority = 0
confirm-missing-payment-id = 1
ask-password = 1
unit = blur
min-outputs-count = 0
min-outputs-value = 0.000000000000
merge-destinations = 0
confirm-backlog = 1
confirm-backlog-threshold = 0
confirm-export-overwrite = 1
refresh-from-block-height = 511095
auto-low-priority = 1
segregate-pre-fork-outputs = 0
key-reuse-mitigation2 = 0
subaddress-lookahead = 50:200
segregation-height = 0

Your value for refresh-type should read full or no-coinbase. If it says full, you have not disabled coinbase scanning.

Due to past issues with miner transactions, we strongly recommend that any exchange, custodial service, etc. (which receives BLUR at centralized wallets) does not allow their users to mine BLUR to custodial wallet addresses. This will ensure that your wallets do not receive fake transfer amounts from the XMR vulnerability (even if this patch does not fully address the issue). This may also prevent future bugs, if other similar bugs are found within miner transactions, from impacting your wallets.

Please see the changelog below for a record of other relevant changes/improvements.

Changelog

  • RPC methods for previously removed save_graph commands have now also been removed (3f3ac3c)
  • Updated snapcraft build to use ubuntu18 core (fc1aebc)
  • Removed unsafe use of std namespace from wallet2.cpp to use safely scoped types, instead (8844314)
  • Fixed inconsistency in non-const operator within tx_pool & sortting (d52daa3)
  • Removed an unused lambda capture from net_node.inl (ea7e7f0)
  • Added libhydrogen as a submodule for future use (1e66139)
  • Removed the last remnants of ZeroMQ dependency & associated macros (5c84e0c)
  • Fixed static linking of libncurses on macOS (10832b8)
  • Removed the last remnants from Unbound and MiniUPnP dependencies (10832b8)
  • Fixed a failure to retrieve HF version 1 from a non-existent database (6571eac)
  • Bugfix for wallet output scanning & removal of optimize-coinbase refresh type (81bdea5)
  • Removal of light_wallet-specific functions and API endpoints (81bdea5)
  • Fixed a mathematical omission in block verification, that caused the wrong PoW hash to be computed for blocks prior to hardfork v7. Verification now properly computes the PoW hash for each block, at every hardfork & algorithm variant (92748d5)

Please verify the following sha256sums against those of the files you download:

blur-v0.1.9.8.1-linux-x86_64.tar.gz:
7d6e72eb0d75cc353a5cb0b220427a88aaf5e1b8696f738f3b7455a35b9bac9d

blur-v0.1.9.8.1-mac-x86_64.zip:
85e077b63f9414ad3540abd2001321c786b8a68187aaa54f2aad2110a6efaa43

blur-v0.1.9.8.1-win-x86_64.zip:
f2237d0c72ee2f239f41d94d3dd36f898d441a01f28e69d400c47aa9eb4e056b

Contents:


Seed Node Addresses:

Mainnet Nodes

  • Node 1: 66.70.188.178:52541
  • Node 2: 66.70.189.131:52541
  • Node 3: 66.70.189.183:52541

Linux & Mac Instructions

Download and unzip the compressed binaries. Start the daemon with the command ./blurd Your daemon will then begin to sync with the network.

Please add the seed node addresses below if you have trouble syncing.

Open a terminal and launch the daemon executable with the following options:

./blurd --add-priority-node=66.70.188.178:52541 --add-priority-node=66.70.189.183:52541 --add-priority-node=66.70.189.131:52541 --p2p-bind-port 52541 --rpc-bind-port 52542 --rpc-bind-ip 127.0.0.1

Wait for sync to complete, open a new tab or terminal window, and then start the wallet with:

./blur-wallet-cli

Follow the prompts to setup a new wallet. When prompted for the password, the CLI will not show a password as you type, as echo has been turned off for password entry.

Record the information for your wallet.

You can mine from your wallet, using the start_mining <threads> command -- but using that method directly from the wallet is NOT recommended.

Secure way to mine: Once you've generated a wallet address, issue the following command to a running daemon:

start_mining <address> <# of threads>

Example: start_mining bL4PdWFk3VVgEGYezGTXigHrsoJ3JGKgxKDi1gHXT7GKTLawFu3WMhu53Gc2KCmxxmCHbR4VEYMQ93PRv8vWgJ8j2mMHVEzLu 4

Or: Use the following startup flags when launching the daemon:

./blurd --start-mining <BLUR address> --mining-threads <num. threads>

Example: ./blurd --start-mining bL4PdWFk3VVgEGYezGTXigHrsoJ3JGKgxKDi1gHXT7GKTLawFu3WMhu53Gc2KCmxxmCHbR4VEYMQ93PRv8vWgJ8j2mMHVEzLu --mining-threads 4

You should see a message for each thread that reads: Mining started for thread[0] or something similar.

To view your hashrate in real-time, use the command show_hr.

Whenever you find a block, your daemon will show a bold message with the block # found. It is normal to experience a slight delay between that message and the balance reflecting in your wallet.

Windows Instructions

Download and unzip the compressed binaries. Double click the file named blurd.exe. Your daemon will then begin to sync with the network. Once it is fully synced, double click the blur-wallet-cli.exe to open the wallet.

For Sync issues on Windows:

Open Windows Powershell (Windows Key + X, then click powershell (non-admin) and type cd Downloads/blur-v0.1.9.8.1-win-x86_64 to switch to the directory you extracted the binaries into. Launch the daemon executable with the following options:

blurd.exe --add-priority-node=66.70.188.178:52541 --add-priority-node=66.70.189.183:52541 --add-priority-node=66.70.189.131:52541 --p2p-bind-port 52541 --rpc-bind-port 52542 --rpc-bind-ip 127.0.0.1

Start the daemon by double-clicking the blurd.exe file.

You will see a pop-up from your firewall. Be sure to check the box next to "Private Networks" if you are on a private network, or your daemon will not be able to sync with the network. If you daemon stalls while syncing, close and restart the program. You will not lose any blocks you have already synced with. Once your daemon is synced with the network...

Start the wallet by double-clicking the blur-wallet-cli file.

Follow the prompts to setup a new wallet. When prompted for the password, please note that the CLI will not show a password or indicate your keystrokes as you type.

Follow the prompts to setup a new wallet. When prompted for the password, the CLI will not show a password as you type, as echo has been turned off for password entry.

Record the information for your wallet.

You can mine from your wallet, using the start_mining <threads> command -- but using that method directly from the wallet is NOT recommended.

Secure way to mine: Once you've generated a wallet address, issue the following command to a running daemon:

start_mining <address> <# of threads>

Example: start_mining bL4PdWFk3VVgEGYezGTXigHrsoJ3JGKgxKDi1gHXT7GKTLawFu3WMhu53Gc2KCmxxmCHbR4VEYMQ93PRv8vWgJ8j2mMHVEzLu 4

Or: Use the following startup flags when launching the daemon, from Powershell:

blurd.exe --start-mining <BLUR address> --mining-threads <num. threads>

Example: blurd.exe --start-mining bL4PdWFk3VVgEGYezGTXigHrsoJ3JGKgxKDi1gHXT7GKTLawFu3WMhu53Gc2KCmxxmCHbR4VEYMQ93PRv8vWgJ8j2mMHVEzLu --mining-threads 4

You should see a message for each thread that reads: Mining started for thread[0] or something similar.

To view your hashrate in real-time, use the command show_hr.

Whenever you find a block, your daemon will show a bold message with the block # found. It is normal to experience a slight delay between that message and the balance reflecting in your wallet.

You should see the message: Mining started in daemon

Switch back to the terminal or tab in which your daemon is running, and type show_hr for real-time hashrate monitoring. For further commands in either the wallet or the daemon, type help into either CLI. Note that the commands for the daemon and wallet are different.

Whenever you find a block, your daemon will show a bold message with the block # found. There is a slight delay between that message and the balance reflecting in your wallet.

How To Verify These Binaries:

Download the zip archive of your choice and the accompanying '.asc' file. If you haven't already, download and install GnuPG.

Linux
Type the following command into a terminal: gpg --keyserver sks-keyservers.net --recv-keys D5C9054050576902

After downloading they public keys, check their fingerprint: gpg --fingerprint D5C9054050576902

You should see the output:

pub rsa4096 2018-06-07 [SC]
F3FE DCCF A90C 5683 1318 3C33 D5C9 0540 5057 6902
uid [ unknown] Blur Network (Blur: The Private Cryptocurrency) <[email protected]>
sub rsa4096 2018-06-07 [E]

Then, verify the files you've downloaded with: gpg --verify blur-v0.1.9.8.1-linux-x86_64.tar.gz.asc blur-v0.1.9.8.1-linux-x86_64.tar.gz The output should say "Good Signature." The warning message is due to no trust index being assigned to the signature, simply ignore it.

Windows
Open cmd.exe and type: "C:\Program Files\Gnu\GnuPg\gpg.exe" --keyserver sks-keyservers.net --recv-keys D5C9054050576902

After downloading they public keys, check their fingerprint: "C:\Program Files\Gnu\GnuPg\gpg.exe" --fingerprint D5C9054050576902

You should see the output:

pub rsa4096 2018-06-07 [SC]
F3FE DCCF A90C 5683 1318 3C33 D5C9 0540 5057 6902
uid [ unknown] Blur Network (Blur: The Private Cryptocurrency) <[email protected]>
sub rsa4096 2018-06-07 [E]

Move into your downloads folder with cd C:\Users\[your username]\Downloads Then, verify the files you've downloaded with: "C:\Program Files\Gnu\GnuPg\gpg.exe" --verify blur-v0.1.9.8.1-win-x86_64.zip.asc blur-v0.1.9.8.1-win-x86_64.zip The output should say "Good Signature." The warning message is due to no trust index being assigned to the signature, simply ignore it.

Assets 8
Loading