|
Title: [ALERT] Alert System Retirement Post by: achow101 on November 01, 2016, 02:43:26 PM For reals this time.
The alert system is being retired. This is the pre-warning warning. Tomorrow the pre-final alert will be sent. Read more at https:/bitcoin.org/alert-retirement. Full text copied below. Quote Summary The network wide Alert system is being retired. No Bitcoins are at risk and this warning may be safely ignored. Upgrade to the newest version of your wallet software to no longer see the alert. Reasons for Retirement The network wide Alert system was created by Satoshi Nakamoto as a means of informing Bitcoin users of any important information regarding Bitcoin. It has been used in the past to inform users about important network events such as accidental blockchain forks. However, the Alert system also represents a large source of centralization in Bitcoin. The holders of the singular Alert Key can at any time send an alert which could affect the entire network. As more developers join, the Alert Key is given to others, but cannot be taken away from those who have left. This has led to the Alert Key potentially falling into the hands of malicious actors who could use it to disrupt the network. Because there is only one Alert key, it is not possible to prevent former developers from sending an alert nor is it possible to identify who sent an Alert. In addition, the Alert system is primarily Bitcoin Core specific. Many other wallets have their own systems in place but still must have handling for the Alert system because it is network wide. Something specific for one software should not be imposed on the entire network. The Alert system has also lost its usefulness. It is no longer necessary to use it to inform users about problematic network events as users can easily get their information from any major Bitcoin news outlet. The Retirement Plan Retirement of the Alert system consists of a pre-final alert (this alert) which will warn about the impending retirement, a final maximum sequence alert which cannot be overridden and displays a static "Alert Key Compromised" message, and the publishing of the Alert key itself. The final alert will be hard coded into Bitcoin Core 0.14 to ensure that all old nodes receive the final alert.
Software without the Alert system Most major Bitcoin wallets have already removed the alert system in the most recent releases. The software listed below are guaranteed to have removed/disabled the Alert system or allow you to disable it.
See also Original email proposing retirement (https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-September/013104.html) Pull request removing Alert system (https://github.com/bitcoin/bitcoin/pull/7692) Removal discussion on github (https://github.com/bitcoin/bitcoin/pull/6260) Pull request disabling alerts (https://github.com/bitcoin/bitcoin/pull/6274) IRC Discussion (https://botbot.me/freenode/bitcoin-core-dev/2016-09-22/?msg=73446303&page=6) Title: Re: [ALERT] Alert System Retirement Post by: BillyBobZorton on November 01, 2016, 03:46:40 PM I think it's a good idea. I never liked the fact that people that don't even work in bitcoin anymore, have such power to influence bitcoin users. Like imagine "X" ex developer tells people how if you dont move to "bitcoin XT/classic/unlimited" your coins will be at risk or something like that.
It can be used to coerce and scare people. Anyone can find information on websites like reddit if something is going on. Title: Re: [ALERT] Alert System Retirement Post by: tunctioncloud on November 01, 2016, 03:49:40 PM Well, that's a nice idea I think, as BillyBobZorton pointed it out. We should however put back a new alert system that is actualised I think.
Title: Re: [ALERT] Alert System Retirement Post by: U2 on November 01, 2016, 04:02:07 PM I didn't even know there was an alert system. I guess you learn something new every day haha :). Thanks achow101 for the helpful tips.
Title: Re: [ALERT] Alert System Retirement Post by: pawel7777 on November 01, 2016, 04:02:52 PM Is there any new alert-system replacing the old one, or was the entire idea of alerting users in case of emergency deemed as unnecessary?
Title: Re: [ALERT] Alert System Retirement Post by: achow101 on November 01, 2016, 04:09:58 PM Is there any new alert-system replacing the old one, or was the entire idea of alerting users in case of emergency deemed as unnecessary? There won't be a replacement, or if there is, it will be client specific. So far, no plans for that as Bitcoin has grown big enough that other media sources (e.g. bitcoin.org, coindesk, cointelegraph, bitcointalk, reddit) are sufficient to alert about emergencies.Title: Re: [ALERT] Alert System Retirement Post by: manselr on November 01, 2016, 04:13:34 PM I didn't even know there was an alert system. I guess you learn something new every day haha :). Thanks achow101 for the helpful tips. I don't remember ever seeing an alert and I have been using Bitcoin Core since it was called Bitcoin QT around version 0.7... I wonder how the alert looked like. Is this orange square message an alert? http://i.stack.imgur.com/eof8u.png Title: Re: [ALERT] Alert System Retirement Post by: achow101 on November 01, 2016, 04:18:30 PM I didn't even know there was an alert system. I guess you learn something new every day haha :). Thanks achow101 for the helpful tips. I don't remember ever seeing an alert and I have been using Bitcoin Core since it was called Bitcoin QT around version 0.7... I wonder how the alert looked like. Is this orange square message an alert? Title: Re: [ALERT] Alert System Retirement Post by: xdrpx on November 01, 2016, 04:20:34 PM That's interesting, it's good to know that the alert key being in the hands of a few is supporting centralization and indirectly affecting the entire network by spreading some form of news. Also, I was wondering why give out the Alert key to the public? Is there any benefit for us from it or is it being done just to support decentralization? Would be nice to know how the alert system works on Bitcoin core, I was assuming it was the alert system on Bitcoin.org's website towards the top.
Title: Re: [ALERT] Alert System Retirement Post by: achow101 on November 01, 2016, 04:27:26 PM That's interesting, it's good to know that the alert key being in the hands of a few is supporting centralization and indirectly affecting the entire network by spreading some form of news. Also, I was wondering why give out the Alert key to the public? Is there any benefit for us from it or is it being done just to support decentralization? It's being done to support decentralization and to actually kill off the alert system. By releasing the key, the system is completely discredited.Would be nice to know how the alert system works on Bitcoin core, I was assuming it was the alert system on Bitcoin.org's website towards the top. Bitcoin.org and the alert system are two different things. The alert system was part of the P2P protocol. It is a protocol message that is passed around from node to node. Upon receipt of the message, Bitcoin Core will show a banner and put an error message in every single RPC call.Title: Re: [ALERT] Alert System Retirement Post by: tee-rex on November 01, 2016, 04:46:53 PM That's interesting, it's good to know that the alert key being in the hands of a few is supporting centralization and indirectly affecting the entire network by spreading some form of news. Also, I was wondering why give out the Alert key to the public? Is there any benefit for us from it or is it being done just to support decentralization? It's being done to support decentralization and to actually kill off the alert system. By releasing the key, the system is completely discredited.I also thought about asking that very question. Does it make any sense to release the key beyond making the retired system completely "discredited"? Why would developers need to do that at all? What kind of pain in the ass makes them want to "discredit the system"? Are they seeking revenge on someone or what? If the system is dismantled completely, then giving out the public key is technically irrelevant, but if it is not and somehow it is still valid and active, it might wreak havoc. Title: Re: [ALERT] Alert System Retirement Post by: achow101 on November 01, 2016, 05:04:11 PM That's interesting, it's good to know that the alert key being in the hands of a few is supporting centralization and indirectly affecting the entire network by spreading some form of news. Also, I was wondering why give out the Alert key to the public? Is there any benefit for us from it or is it being done just to support decentralization? It's being done to support decentralization and to actually kill off the alert system. By releasing the key, the system is completely discredited.I also thought about asking that very question. Does it make any sense to release the key beyond making the retired system completely "discredited"? Why would developers need to do that at all? What kind of pain in the ass makes them want to "discredit the system"? Are they seeking revenge on someone or what? If the system is dismantled completely, then giving out the public key is technically irrelevant, but if it is not and somehow it is still valid and active, it might wreak havoc. Title: Re: [ALERT] Alert System Retirement Post by: yayayo on November 01, 2016, 05:14:04 PM A really good decision, because the alert system has become a potential risk considering that there are people in possession of the alert key that have proven to stand against the original idea of Bitcoin as a decentralized and fully fungible currency. The consequences of even a singular abuse could be dramatic, because a lot of users would trust it as a credible source and may even give information of the alert system preference over other sources of information.
In my opinion, the alert key is a classic example of a feature that is added to increase security in one respect but at the same time is adding a another form of insecurity. The alert key made sense at the time Bitcoin was in experimental stage and used by few people, having a limited number of developers. Its removal is overdue. ya.ya.yo! Title: Re: [ALERT] Alert System Retirement Post by: tee-rex on November 01, 2016, 05:22:11 PM That's interesting, it's good to know that the alert key being in the hands of a few is supporting centralization and indirectly affecting the entire network by spreading some form of news. Also, I was wondering why give out the Alert key to the public? Is there any benefit for us from it or is it being done just to support decentralization? It's being done to support decentralization and to actually kill off the alert system. By releasing the key, the system is completely discredited.I also thought about asking that very question. Does it make any sense to release the key beyond making the retired system completely "discredited"? Why would developers need to do that at all? What kind of pain in the ass makes them want to "discredit the system"? Are they seeking revenge on someone or what? If the system is dismantled completely, then giving out the public key is technically irrelevant, but if it is not and somehow it is still valid and active, it might wreak havoc. But what is the real purpose of giving out the key? I remember a time when the Linux iptables had a feature that allowed to send back the offending packets to the source (it was called MIRROR or something to that tune, if I'm not mistaken), but it got soon removed since that had been a silly idea right from the start. Why not just abandon this Alert system without making it look like a personal vendetta? Title: Re: [ALERT] Alert System Retirement Post by: oblivi on November 01, 2016, 05:29:19 PM That's interesting, it's good to know that the alert key being in the hands of a few is supporting centralization and indirectly affecting the entire network by spreading some form of news. Also, I was wondering why give out the Alert key to the public? Is there any benefit for us from it or is it being done just to support decentralization? It's being done to support decentralization and to actually kill off the alert system. By releasing the key, the system is completely discredited.I also thought about asking that very question. Does it make any sense to release the key beyond making the retired system completely "discredited"? Why would developers need to do that at all? What kind of pain in the ass makes them want to "discredit the system"? Are they seeking revenge on someone or what? If the system is dismantled completely, then giving out the public key is technically irrelevant, but if it is not and somehow it is still valid and active, it might wreak havoc. But what is the real purpose of giving out the key? I remember a time when the Linux iptables had a feature that allowed to send back the offending packets to the source (it was called MIRROR or something to that tune, if I'm not mistaken), but it got soon removed since that had been a silly idea right from the start. Why not just abandon this Alert system without making it look like a personal vendetta? I guess they give out the key to demonstrate that the key is useless after they remove the alert system. What I don't get is... wouldn't the key will still be useful to trigger alerts in the pre 0.13 software?? Title: Re: [ALERT] Alert System Retirement Post by: Kprawn on November 01, 2016, 05:30:49 PM It somehow feels wrong to undo Satoshi's master plan to inform users when major events happens, but I can see how some people might misuse
this system, if they cannot be properly removed. I was under the impression Gavin's key was removed and he could not access that system... or do they mean that a rogue developer might try to sabotage Bitcoin whilst he or she still has the key? Well I hope there are a good replacement that can be properly verified with a PGP key. ::) Title: Re: [ALERT] Alert System Retirement Post by: oblivi on November 01, 2016, 05:46:50 PM It somehow feels wrong to undo Satoshi's master plan to inform users when major events happens, but I can see how some people might misuse this system, if they cannot be properly removed. I was under the impression Gavin's key was removed and he could not access that system... or do they mean that a rogue developer might try to sabotage Bitcoin whilst he or she still has the key? Well I hope there are a good replacement that can be properly verified with a PGP key. ::) But like other people pointed at, it's just not a good idea anymore. Back in the day, there was barely no sites reporting bitcoin stuff, now you have millions of bitcoin sites with constant news, even bitcoin core has its own website, back then all there was was the bitcoin client really... so it was needed, today not so much. Title: Re: [ALERT] Alert System Retirement Post by: tee-rex on November 01, 2016, 05:50:47 PM I also thought about asking that very question. Does it make any sense to release the key beyond making the retired system completely "discredited"? Why would developers need to do that at all? What kind of pain in the ass makes them want to "discredit the system"? Are they seeking revenge on someone or what? If the system is dismantled completely, then giving out the public key is technically irrelevant, but if it is not and somehow it is still valid and active, it might wreak havoc. The system will be sufficiently dead by the time that the key is released. A maximum sequence alert cannot be overridden. Bitcoin Core 0.14 will be constantly broadcasting that final alert so that all nodes receive it by the time the hey is released.But what is the real purpose of giving out the key? I remember a time when the Linux iptables had a feature that allowed to send back the offending packets to the source (it was called MIRROR or something to that tune, if I'm not mistaken), but it got soon removed since that had been a silly idea right from the start. Why not just abandon this Alert system without making it look like a personal vendetta? I guess they give out the key to demonstrate that the key is useless after they remove the alert system. This is the "official version", which is meaningless, in my view. And it is a childish act as well since this key was not intended to be made public in the first place, as I got it. To further clarify my point, would the developers want to release the old inactive key if they decided just to change it, for whatever reason (let's assume that it is possible to change the key)? Would you believe them if they said they would release it to the public to demonstrate that the old key is no longer useful? Title: Re: [ALERT] Alert System Retirement Post by: achow101 on November 01, 2016, 06:01:38 PM But what is the real purpose of giving out the key? I remember a time when the Linux iptables had a feature that allowed to send back the offending packets to the source (it was called MIRROR or something to that tune, if I'm not mistaken), but it got soon removed since that had been a silly idea right from the start. Why not just abandon this Alert system without making it look like a personal vendetta? Read the last paragraph of this email: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-September/013104.htmlWhat I don't get is... wouldn't the key will still be useful to trigger alerts in the pre 0.13 software?? As I explained earlier, no this cannot happen. The final alert is a maximum sequence alert which cannot be overridden. It displays a static message "Alert Key Compromised" which is hard coded into the alert handler. The final alert will be broadcast by all 0.14 nodes to ensure that everyone gets the alert. This process renders the entire alert system useless and thus safe to disclose the alert key.It somehow feels wrong to undo Satoshi's master plan to inform users when major events happens, but I can see how some people might misuse There are no individual alert keys for each person. There is one singular key and you cannot prove that you don't have the key. A major issue is that when an alert is sent, it is impossible to know who actually sent it. Gavin has the key, and will always have the key. Mark Karpeles has the key, and will always have the key. this system, if they cannot be properly removed. I was under the impression Gavin's key was removed and he could not access that system... or do they mean that a rogue developer might try to sabotage Bitcoin whilst he or she still has the key? Well I hope there are a good replacement that can be properly verified with a PGP key. ::) This is the "official version", which is meaningless, in my view. And it is a childish act as well since this key was not intended to be made public in the first place, as I got it. How is it a childish act? It isn't retaliating against anyone, it is to provide transparency and to show how the alert system has been successfully retired.To further clarify my point, would the developers want to release the old inactive key if they decided just to change it, for whatever reason (let's assume that it is possible to change the key)? Yes, I would want the developers to release the old inactive key if they changed. If they changed the key, they would follow a process very similar to what is being done now; the developers aren't stupid and do think of the consequences. They would have the max sequence alert broadcast to have the "Alert key compromised". The next version of the software would have that same alert hard coded and continuously broadcast to make sure all old nodes get the message. That new release would also have the new key, or, in this case, no key and the whole thing gone.Would you believe them if they said they would release it to the public to demonstrate that the old key is no longer useful? Title: Re: [ALERT] Alert System Retirement Post by: tee-rex on November 01, 2016, 07:05:34 PM To further clarify my point, would the developers want to release the old inactive key if they decided just to change it, for whatever reason (let's assume that it is possible to change the key)? Yes, I would want the developers to release the old inactive key if they changed. If they changed the key, they would follow a process very similar to what is being done now; the developers aren't stupid and do think of the consequences. They would have the max sequence alert broadcast to have the "Alert key compromised". The next version of the software would have that same alert hard coded and continuously broadcast to make sure all old nodes get the message. That new release would also have the new key, or, in this case, no key and the whole thing gone.Would you believe them if they said they would release it to the public to demonstrate that the old key is no longer useful? Now all we need is to find out if the Alert key has ever been changed. If it hasn't been, then there is no evidence as to what might have happened, then let's call it a day, for the lack of evidence, obviously. If they changed the key and disclosed the old one, that would mean one thing, but if they changed it and didn't disclose the old key, that would mean something totally different, correct? Title: Re: [ALERT] Alert System Retirement Post by: achow101 on November 01, 2016, 07:10:25 PM Now all we need is to find out if the Alert key has ever been changed. If it hasn't been, then there is no evidence as to what might have happened, then let's call it a day, for the lack of evidence, obviously. If they changed the key and disclosed the old one, that would mean one thing, but if they changed it and didn't disclose the old key, that would mean something totally different, right? The key has never been changed. You can follow the commits in the git tree. The only change to it has been its removal.Title: Re: [ALERT] Alert System Retirement Post by: calkob on November 01, 2016, 07:34:30 PM Great idea as this may have been used in the future by someone with malicious intent. although to be honest i didnt even know that it existed. ;D
Title: Re: [ALERT] Alert System Retirement Post by: Meuh6879 on November 01, 2016, 09:34:22 PM Good ... Nanos can not shutdown Bitcoin in the future.
http://imagizer.imageshack.us/a/img922/2342/4lMFX0.gif Title: Re: [ALERT] Alert System Retirement Post by: achow101 on November 02, 2016, 04:36:36 PM The pre final alert has been sent.
Title: Re: [ALERT] Alert System Retirement Post by: tee-rex on November 02, 2016, 05:29:49 PM Now all we need is to find out if the Alert key has ever been changed. If it hasn't been, then there is no evidence as to what might have happened, then let's call it a day, for the lack of evidence, obviously. If they changed the key and disclosed the old one, that would mean one thing, but if they changed it and didn't disclose the old key, that would mean something totally different, right? The key has never been changed. You can follow the commits in the git tree. The only change to it has been its removal.Got it. But what is the real purpose of giving out the key? I remember a time when the Linux iptables had a feature that allowed to send back the offending packets to the source (it was called MIRROR or something to that tune, if I'm not mistaken), but it got soon removed since that had been a silly idea right from the start. Why not just abandon this Alert system without making it look like a personal vendetta? Read the last paragraph of this email: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-September/013104.htmlMissed that part somehow (emphasis added): Quote At some point after that, I would then plan to disclose this private key in public, eliminating any further potential of reputation attacks and diminishing the risk of misunderstanding the key as some special trusted source of authority. I still don't understand two things. 1) what further potential reputation attacks are possible, and 2) which seems to me the most important here, wasn't the key exactly that? I mean, a special trusted source of authority? Regarding the first, just mentioning further reputation attacks is already telling a lot by itself. Regarding the second, I think just because the key was available only to a few core developers and due to the fact that it served a special purpose of alerting users, it implies that it should have been trusted and authoritative. Otherwise, it couldn't function as a true Alert key as far as I get it. Title: Re: [ALERT] Alert System Retirement Post by: mbuk81 on November 02, 2016, 06:02:02 PM me neither new or needed this services as bitcoins are becoming more many stream then either now
so this type of system is not needed anymore so I guess that's why is being shut down as 1000 others site are doing the same sort of things but thanks to op for informing us so that the users that did use it now to look somewhere else for the info. Title: Re: [ALERT] Alert System Retirement Post by: achow101 on November 02, 2016, 06:14:34 PM I still don't understand two things. 1) what further potential reputation attacks are possible, I'm not quite sure what Greg exactly meant with further potential reputation attacks.and 2) which seems to me the most important here, wasn't the key exactly that? I mean, a special trusted source of authority? Regarding the first, just mentioning further reputation attacks is already telling a lot by itself. Regarding the second, I think just because the key was available only to a few core developers and due to the fact that it served a special purpose of alerting users, it implies that it should have been trusted and authoritative. Otherwise, it couldn't function as a true Alert key as far as I get it. The issue with the "special trusted source of authority" is that some people thought that the alert key holders could use their key to influence important aspects of Bitcoin. For example (from the email), one person asked the devs whether they could use the key to reset the difficulty. So the thinking goes: if the key is still held secret after the alert system is dead, people may still think that it holds some special importance and can still be used as a centralizing trusted authority. The goal is to avoid this and to kill off any significance the key may have by publishing it publicly.Title: Re: [ALERT] Alert System Retirement Post by: neurotypical on November 02, 2016, 06:16:19 PM I think what reputation attacks mean is, somebody that has a reputation in the bitcoin ecosystem (like Gavin Andressen for example) could use their key to push a certain agenda.
If nobody has the key, then nobody can do that sort of attack anymore. Title: Re: [ALERT] Alert System Retirement Post by: tee-rex on November 02, 2016, 06:23:22 PM So the thinking goes: if the key is still held secret after the alert system is dead, people may still think that it holds some special importance and can still be used as a centralizing trusted authority. The goal is to avoid this and to kill off any significance the key may have by publishing it publicly. That makes sense provided that this key is the key. But really paranoid people could still claim that the key disclosed has nothing to do with the real Alert key, or whatever else it might have been used for. And because the whole system will already be dismantled by the time the key is released to the public, it won't be possible to check that. Maybe, I'm missing something here, and there are ways to actually prove the authenticity of the key even if the system has already been removed from Bitcoin. I just don't know, that's why I'm asking. Title: Re: [ALERT] Alert System Retirement Post by: achow101 on November 02, 2016, 06:33:57 PM So the thinking goes: if the key is still held secret after the alert system is dead, people may still think that it holds some special importance and can still be used as a centralizing trusted authority. The goal is to avoid this and to kill off any significance the key may have by publishing it publicly. That makes sense provided that this key is the key. But really paranoid people could still claim that the key disclosed has nothing to do with the real Alert key, or whatever else it might have been used for. And because the whole system will already be dismantled by the time the key is released to the public, it won't be possible to check that. Maybe, I'm missing something here, and there are ways to actually prove the authenticity of the key even if the system has already been removed from Bitcoin. I just don't know, that's why I'm asking. I think what reputation attacks mean is, somebody that has a reputation in the bitcoin ecosystem (like Gavin Andressen for example) could use their key to push a certain agenda. Ahh. Yes, I did not think of that. Someone who holds the key could sign a message and post it somewhere claiming something which could be bad for Bitcoin. Because the key would still be held privately, the person who made that message could claim that the core devs want people to follow the signed message because people may think the key still holds some significance. By revealing the key publicly, this potential attack vector is completely removed.If nobody has the key, then nobody can do that sort of attack anymore. Title: Re: [ALERT] Alert System Retirement Post by: tee-rex on November 02, 2016, 07:05:00 PM So the thinking goes: if the key is still held secret after the alert system is dead, people may still think that it holds some special importance and can still be used as a centralizing trusted authority. The goal is to avoid this and to kill off any significance the key may have by publishing it publicly. That makes sense provided that this key is the key. But really paranoid people could still claim that the key disclosed has nothing to do with the real Alert key, or whatever else it might have been used for. And because the whole system will already be dismantled by the time the key is released to the public, it won't be possible to check that. Maybe, I'm missing something here, and there are ways to actually prove the authenticity of the key even if the system has already been removed from Bitcoin. I just don't know, that's why I'm asking. I think what reputation attacks mean is, somebody that has a reputation in the bitcoin ecosystem (like Gavin Andressen for example) could use their key to push a certain agenda. Ahh. Yes, I did not think of that. Someone who holds the key could sign a message and post it somewhere claiming something which could be bad for Bitcoin. Because the key would still be held privately, the person who made that message could claim that the core devs want people to follow the signed message because people may think the key still holds some significance. By revealing the key publicly, this potential attack vector is completely removed.If nobody has the key, then nobody can do that sort of attack anymore. So revealing the key to the public serves two purposes. First, it removes the existing suspicion that the key might have been used for something other than sending alerts to people (for example, arbitrarily changing difficulty). And, second, it eliminates the possibility of someone holding this key privately to sign a loaded message and thus negatively affect Bitcoin. Below is a part of the email that throws some light in regard to reputation attacks: Quote It also had the problem of being unaccountable. No one can tell which of the key holders created a message. This creates a risk of misuse with a false origin to attack someone's reputation That makes sense, after all. |
