IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it. Nor does the Foundation have any relationship to Bitcoin Core. I'm not sure I understand, this is from the foundation site: As a non-political online money, Bitcoin is backed exclusively by code. This means that—ultimately—it is only as good as its software design. By funding the Bitcoin infrastructure, including a core development team, we can make Bitcoin more respected, trusted and useful to people worldwide. Is this not a "relationship" to the core and its development?  The Foundation contributes financially to Bitcoin development in general. It doesn't (or at least, isn't supposed to) favour or control any given implementation. |
|
|
|
IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it. Nor does the Foundation have any relationship to Bitcoin Core. At the very least separate out all "features" that are not required by the core as a separate application. That includes the wallet. |
|
|
|
Luke,
what will happen if i will run the Linux version and then switch back to the ppa version, will the wallet will sync properly?
It should, but there's no point. Well, as for the openssl, what i did is this : aptitude show libssl1.0.0 | grep Version and it show this- Version: 1.0.1-4ubuntu5.12 which seems to be the latest for ubuntu 12.04 LTS I am still not sure i am protected.. |
|
|
|
Luke,
what will happen if i will run the Linux version and then switch back to the ppa version, will the wallet will sync properly?
It should, but there's no point. |
|
|
|
Everyone should keep in mind at all times that Bitcoin is still an experiment, Bitcoin technology (consensus systems) is still a very new field of computer science, and the whole thing could fall apart overnight. If payment protocol is distributed with Core, it should be an optional thing, which the user can decide to activate (by checkbox, whatever). Security is much more important. Of all the possible security flaws... OpenSSL, a security-oriented library, having a vulnerability in the most fundamental security feature used by virtually everything... is the LAST thing anyone would have reasonably considered to be a risk to security. Edit. imho the dialog introduced in 0.9.0 which replaced the receiving addresses field is not an improvement. It makes things more awkward. (An example of a really good improvement is coincontrol and wallet file selection.) It's much less confusing and makes it easier to use Bitcoin correctly. Coin Control is handy, but inevitably a power user tool that is likely to give newbies the wrong idea. Multiwallet support is unfortunately lagging behind since CodeShark went and made his own wallet instead.  When the ppa version will be ready?  Never, it's not affected (although your OS probably is...) |
|
|
|
i am using QT v8.0.6 beta, need to upgrade or i am safe and sound?
0.8.6 is only vulnerable if you use the -rpcssl options and expose RPC to the internet - which is vulnerable to other attacks even with this fixed. So probably not. |
|
|
|
Could somebody describe how the attack would work when somebody had been using Bitcoin Core 0.9.0 and clicked on a "bitcoin:" link? Would the wallet be considered compromised even if I generated the "bitcoin:" link myself and clicked it just to see how the new payment function worked? In that case, how the private keys would have been exposed?
I just cannot wrap my head around it yet.
In this case, the risk is only if you were MITM'd... |
|
|
|
If you are using the graphical version of 0.9.0 on any platform, you must update immediately. If you are using packages from your Linux distro (Ubuntu PPA included), 0.9.1 has no changes for you. Instead, you must upgrade to a fixed OpenSSL version. So if libssl1.0.0 has been updated then all is good and we can still use 0.9.0 ?  Just be sure it's updated to a fixed version. |
|
|
|
Memorized private keys, the safest way to own bitcoin. Memorized private keys are in fact one of the least secure ways to own bitcoin. Can really the CLIENT KEYs be compromised by this bug?
What I have understand, its a bug in the OpenSSL Implementation of Heartbeat protocol of TLS 1.2, causing OpenSSL to leak contents of RAM in the server.
This means, the attack vector would be limited to:
impersonating a server and replacing a bitcoin adress in the payment protocol, by stealing the SERVER KEYs.
Thus any client-side wallets should be safe since those private keys are never transmitted or kept by the server? (except for webshops and online services running a server-side bitcoin client relying on a vulnerable OpenSSL)
The bitcoin core protocol (port 8333) is not using any form of SSL at all what I know?
If what the Bitcoin devs say is correct (that client keys can be compromised), would also mean that any website using SSL can steal RAM contents of client computers, which would mean my site can get my visitor's bank details, and that would make the security hole way more critical than it is today.
The vulnerability is bidirectional. The server (or anyone MITMing it!) can get the client to leak information too, which could include private wallet data. |
|
|
|
If you are using the graphical version of 0.9.0 on any platform, you must update immediately. If you are using packages from your Linux distro (Ubuntu PPA included), 0.9.1 has no changes for you. Instead, you must upgrade to a fixed OpenSSL version. |
|
|
|
|
Does anyone use the E(fficiency) displayed on the TUI? Any other options I can deprecate to make more room for new ones? :p
|
|
|
|
So these wont run to 4ghs plugged straight into a laptop usb port ?
There's at least a risk that you damage the laptop. definitely...any news on the bfgminer support?  Still waiting on goodney.. So these wont run to 4ghs plugged straight into a laptop usb port ?
There's at least a risk that you damage the laptop. Unless that damage is in the form of scratching up the port because of https://i.imgur.com/8cEBpMB.png , that laptop would have to be returned under warranty and not accepted back. Proper USB ports don't care about 'too much' current draw.. either they'll sag in voltage in response to the point where the overcurrent situation dies off, or they just plain shut down (either through a passive 'fuse' or through active management). above does not apply to any miners that accept external power - that has to be isolated properly from the host deviceHave you seen any proper USB hosts/hubs?  |
|
|
|
So these wont run to 4ghs plugged straight into a laptop usb port ?
There's at least a risk that you damage the laptop. |
|
|
|
Just out of curiosity what sort of checking is possible against block withholding and faking Proof of Work ? These kind of things tend me a cat-and-mouse type game, so revealing the methods used would allow an attacker to disguise himself from it. That being said, disclosure "out of curiosity" seems to be a bad idea.  |
|
|
|
Thats great to hear but I am worried there might be some imminent abuse coming.
Any way to limit the amount of edits one can do? similar to activity on this forum
I had/have similar fears. Anyone who abuses wiki edit privileges may have their forum account "punished" (yet to be defined by theymos). Also part of the reason this is a one-time thing, is so that banned users can't just recreate a new wiki account and keep abusing it. Making a note on this thread since this seems like the best place to ask for someone to fix the problem. https://bitcointalk.org/index.php?topic=558935.msg6091129#msg6091129Can't edit it so can someone with the required permissions change the url on this page as it is Protected None of the wiki pages mentioned there are protected... |
|
|
|
Ugh, please talk to people before messing up almost every wiki page.. - Pages about compromised services should not be simply deleted.
- Pages like Bitcoin Can that just cover purpose, facts, etc are not "written like an advertisement"
- The "wrongperson" template erroneously infers that the Bitcoin Wiki is an encyclopedia, which it is not
- Tagging pages just because you subjectively feel they could be rewritten better is not helpful.
- The Bitcoin Wiki is a host to much technical documentation. It is not an error and should not be tagged that pages are technical.
- How-to content is normal and expected on the Bitcoin Wiki
- Everything can always use improvement. Adding a "please cleanup" tag just makes it worse (especially when many of these pages you're tagging are just fine as-is).
- Some pages correctly use "you" and "we" pronouns, and should not be tagged.
- The Bitcoin Wiki is again, not an encyclopedia, and does not have notability requirements.
Edit: But the effort is of course still appreciated! |
|
|
|
Pushed a "gridseed" branch to the main BFGMiner git based on nwoolls's code. I'm not sure how these are supposed to perform, but I get some inconsistent results in benchmark mode: DMU 0: | 36.8/ 68.2/ 41.7kh/s | A: 28 R:0+0(none) HW:0/none
GSD 0: | 0.73/ 1.27/ 0.17Mh/s | A:112 R:0+0(none) HW:8/none How's it work for others who have been using them in production? The gridseed support works fine, at least it does for me on Win7-64. How about implementing the support for Technobit Hex boards? He has tried in the past. The controller on the boards doesn't play nice with linux's USB CDC driver ^ this; which is why I sent it on to nwoolls who works on Mac/Windows. He's away right now, but perhaps when he gets home he can comment on where it is on his todo list. |
|
|
|
Isn't DVC also a coin that is merge mined?
Before adding MZC wouldn't it make sense to merge mine DVC?
(I like MZC and Huntercoin too)
Not just devcoin. I know that there are also i0coin, ixcoin, groupcoin and probably a lot more that I don't know about... There are a lot of them... But you get next to nothing for them... Getting 105% on PPS on NMC get you more... Again, scamcoins need not apply. |
|
|
|
|
Show Posts
