If you don't use RPC over SSL then there is no need to upgrade, of course an upgrade won't hurt.

As for "backup before upgrade"?  ALWAYS backup before upgrade, every single upgrade and periodically between upgrades.  You never need to ask that question again because there is never a scenario where if you are deciding if you should make a backup that it would be a bad idea to do so.  Always use dates in the names of backups so you don't write over previous versions.

I would say sign that message with the genesis block key.

Amazon should get "asteroids capable of killing all life on the planet" insurance coverage as the odds of that happening are quadrillions of times more likely than a 160 bit random collision.

As a general rule before you start messing around with custom applications just try executing the command from the command line
bitcoind <command> <arguments>
if you get nothing there then it isn't a PHP issue it means the bitcoind is broken or behind.

bitcoind getinfo

should give you some basic info like connections to the network and blockheight.

Even if you are using RPC you would have had to manually create a SSL private key and SSL cert using openssl and then manually install those by setting params in the bitcoin.conf in order to be be exectuing those RPC calls over SSL.

If all of those sounds foreign the simple answer is unless you already knew you were using RPC over SSL you weren't using it.

You think that is bad.  The server OS use the same interface.   Imagine no start menu on a server.

SSL is used as both ends of the connection.  I don't know enough about the new payment protocol "feature" to provide guidance on the scope and severity of a compromise.  Since this is money we are talking about it is likely a good idea to be overly cautious. 

XP entire security model is broken.  Microsoft has tried to patch it as best they could but it is like adding suport to a house built on sand.   Windows 7 is vastly superior from a security standpoint.   There are whole classes of security vulnerabilities which affect XP only, 90%+ of botnet nodes are Windows XP machines.  Sure you could use a patch which completely rewrites the core processes of XP but you would essentially be creating Windows 7.  There is absolutely no reason to be using Windows XP at this point (or even four years ago).

If Windows 7 offered nothing else the inclusion of Address Space Layout Randomization (ASLR), PatchGuard, UAC, and Protected Mode Internet Explorer make it inherently more secure than Windows XP can ever be.

Do you use SSL for remote RPC calls to your bitcoind daemon?  No.  Then it doesn't affect you even if you use Bitcoin-Core (the client formerly known as Bitcoin-QT).  Forgot about the new payment protocol system.  Great timing on that one.

Switching to an online account would be foolish.  Shutdown your client if you are worried.  Don't statup it up again until you have upgraded.

Um you do know that bitcoin.og is both a domian name and a host name.   Most sites use a null or naked domain as their host.  There is very likely no something.bitcointalk.org.

Now if the site was forum.bitcointalk.org you couldn't enter just bitcointalk.org.


Yup only A record points to bitcointalk.org not something.bitcointalk.org

Most users have absolutely no reason to upgrade.  SSL isn't used in the Bitcoin protocol.

Only users who use bitcoind RPC calls over SSL/TSL connection have any potential vulnerability.

Do you not use bitcoind RPC?  Then there is no urgent need to upgrade.
Do you use bitcoind RPC but don't use SSL? Then there is no urgent need to upgrade.
Do you use bitcoind RPC over SSL?  Then you should halt your bitcoind server and upgrade before restoring access.

On edit:  Bad information.  The payment protocol uses SSL any user could already be compromised if they used the new payment protocol "feature".  Upgrade now or if you can't shutdown the client and don't restart it until such time as you can upgrade. 

I don't vouch for the accuracy of this test but it indicates no vulnerability
http://filippo.io/Heartbleed/#cryptsy.com

Generating a new key and cert as well as revoking the old cert takes less than an hour (honestly more like ten minutes but was being conservative).  Of course many website were completely unaffected as they didn't use the compromised version of OpenSSL.  BitSimple (among many other Bitcoin related sites) for example is unaffected.  

How cheap can radioactive material be?  $50?  $20?  $10?  How about $3.99?  Went to Walmart (where else) looking for the cheapest ionizing smoke detector they had.  Found a $11.99 one and I almost missed this piece of junk on the bottom shelf.

http://i.minus.com/iooRCdj2MjLX.jpg
Sentry i9040 Smoke Alarm, Walmart price $3.99!  Score!

http://i.minus.com/iebvNWkZIH9dy.jpg

Bingo that is what we are looking for.  A quick tip about smoke detectors, most detectors in the US use Am-241 a radioactive isotope.  It might not be as common in other countries and the use of radioactive detectors may be completely outlawed.  Am-241 is chosen because it emits (mostly) alpha radiation which is blocked by even a piece of paper or about one inch of air.  The packages may say Am-241 on it or it may just was ionizing.  There are no radioactive smoke detectors which are optical based so if you see anything on the box about optical detection that is likely not the model you want.

http://i.minus.com/iY8PI0991vfKy.jpg
So there were some kind of clips holding the top on the detector I just broke them by putting a screwdriver between the top and base.  Nice thing about $3 smoke detector is the plastic was very cheap and weak.  That silver dome is the detection chamber.  It is the only part we are interested in.  So I just popped the circuit board out and cut the wires.

Safety:
Am-241 is pretty safe as far as radioactive isotopes go but don't be stupid with your health.  I recommend you wear gloves and operate on a clean and clear workspace.  Throw all the trashed components, your gloves, and any paper towels used to clean up dust into a plastic bag when complete.  Since Am-241 is primary an alpha emitted the greatest danger is if you ingest, breath in, or somehow get it into your bloodstream (i.e. cut yourself with a knife that you scrapped some Am-241 onto).

http://i.minus.com/iMWKEnHJ5ehB5.jpg
The backside of the circuit board.  Notice the board is covered in wax so if you notice white flakes coming off the board it isn't lethal radioactive material it is just wax.  You will notice there are three clips here (first one already destroyed) however that metal cap it actual held in place by the two long solder joints (one to the left of "TP2" and the other just above the arrow in the lower left).  You probably could desolder the shield and on a better made model you might have to but this is some cheap junk and after about 3 minutes with a screw driver, needle nose pliers, and some tin snips I ended up with this.  There is no exact science to this just use the minimum force necessary you don't want to damage the Am-241 slug.

http://i.minus.com/iSMXogIB9IWHC.jpg
The shield on the right covers the "white stand" which holds the Am-241.  The metal foil in the center of the photo is the top conductor.  It is attached to the top of the white stand and easy to remove with some pliers. The smaller inner/lower metal foil which is still attached to white stand is the second conductor.  When smoke particles enter the space between them they are ionized by the alpha particles emitted by the Am-241 and complete a circuit which trips the alarm.  The metal slug in the center of the white stand is what contains the Am-241.  We want to remove that as carefully as possible without damaging it.  The Am-241 is actually applied in a layer on the surface of the copper colored metal in the indention of the slug.  You want to avoid scrapping across that as you could produce dust containing Am-241.

http://i.minus.com/i3cjGPdStGzAB.jpg
I found it easiest to rip off the lower foil (needle nose pliers worked great).  The slug is wedged into the stand from the backside.  You may be able to knock it loose but I found it easier to just cut the cheap white stand down until the slug came free.  However you break it out the goal should be to destroy the material around the slug not the slug itself.  We are trashing everything else and we want to avoid disturbing the Am-241 on the surface of the slug.

http://i.minus.com/idYSfqiXrPNIx.jpg
Tada 0.9 microcuries of Am-241 for $3.99 and maybe 10 minutes of work.   1 microcurie scientific samples generally run $50 to $200 so this is quite a deal.  It would be a good idea now to clean down your workspace.  Dispose of all the other material, used gloves, and cleaning supplies. (in a sealed plastic bag).  The Am-241 doesn't need heavy lead shielding but keep out away from children and pets (consumption would be very bad).  I stored my sample in a used pill bottle and clearly marked.

DISCLAIMER:  Am-241 is relatively safe compared to other isotopes however all radioactive sources this information is provided as educational only and you accept full responsibility for your actions.  You are responsible for ensuring that the removal and/or possession of 0.9 microcuries of Am-241 is not prohibited by local law.

Possibly as a future project however at this point it really is just a proof of concept prototype.  It may not go beyond that.

A normal photograph probably not. The pixels aren't random they are organized into all types of patterns, also subsequent photos won't be independent.  There is a project which uses a capped webcam as a source of entropy.  A perfect web cam would show a uniform black output but due to noise in the sensor it produces spots which if not random are at least a very complex chaotic system. 

http://sourceforge.net/projects/lavarnd/

It is a form of TRNG however I am more interested in the sub category of TRNG based on quantum observations.   Still there is more than one way to gather entropy.

Probably.  The G-M tube selected is very sensitive to alpha radiation.  This allows a high number of events (counts per minute) without needing to use a source with high beta or gamma activity (dangerous).  It is very possible that cheaper less sensitive tube will also work depending on the radioactive source and the throughput of random bits required.  I intend the design to use a simple two pin connector for attaching the tube using soldered on leads, and an adjustable high voltage power supply so the design could be adaptable to other tubes which operate in a 300V to 500V range.

As long as the dice are fair it certainly is, so would flipping a lot of coins.  The collection of data however is manual and slow.

Well to be clear this isn't "my" approach, just the one I am planning to use.    I don't want people to incorrectly give credit where no credit is due.  Fourmilabs in switzerland has been providing true random numbers over the internet produced from observing radioactive decay for the better part of a decay.  The interesting thing is that micro controllers have gotten fast and cheap enough combined with a lot of open source hardware information at there that it becomes economical for a hobbyist to build their own "hotbits" device at home.

I own one of their keys.  It does seem difficult to order more at the current time for some reason (maybe creator moved on to other projects).  However the simtec is a black box.  I am interested in an open source implementation.