[ANN] Bitcoin Foundation

[jgarzik]

Government pressure does not change that.  Government pressure cannot magically compromise SHA256 or ECDSA -- that's the whole point of the system.

Now, see? This is what hazek means by indirect answers. Did I ask anything about the bitcoin design?

You of all people know that if you can get a user to run an executable file on their computer you now own everything on the computer, and once that computer connects to the Internet, then you own that computer from anywhere in the world including executing more instructions.

How are we not connecting? You guys keep pointing to things like protocols and bylaws. That's NOT where our concern lies. Those things mean basically NOTHING in the day to day world.

Bitcoin design was the answer, because bitcoin design is directly relevant to why these fears are unrealistic, paranoid fantasies.

Satoshi created a design that enables open review, and gitian enhances that with provable binaries.

Any "government pressured" back-doored executable file would be immediately noticed by the community, with cryptographic certainty.

Aunt Tillie might wind up downloading bitcoin-paranoia.exe, but soon all hell would break loose, and forks would appear immediately.  Users would vote against bitcoin-paranoia.exe with their feet.  It is a self-correcting system.

How are we not connecting? You guys keep pointing to things like protocols and bylaws. That's NOT where our concern lies. Those things mean basically NOTHING in the day to day world.

That's the beauty of Satoshi's design:  they do.  If a judge or a man with a gun orders someone to add IP tracking, the system is designed to make that immediately apparent, and route around that.

[1714848358]

1714848358

[1714848358]

1714848358

[1714848358]

1714848358

[1714848358]

1714848358

[1714848358]

1714848358

[BkkCoins]

The foundation might consider a bylaw along the lines of:

Any recommendation to change Bitcoin client code that alters user privacy or acceptability of transactions must be voted unanimously. Such a recommendation to programmers must be non-compelling such that any programmers who choose not to implement the change need not fear for their job. Such a recommendation once decided upon and issued must be made public.

Or language to this effect as lawyers find suitable to ensure secret changes aren't given to programmers and then compelled to be implemented via fear of job loss.

[jgarzik]

I'm very interested in being a part of this aspect of things. I've worked in software QA (admittedly primarily video game related) for over a decade, and would love a chance to work on helping secure bitcoin software. the thought hadn't ever crossed my mind, or i'd have already been doing so.

who should i contact regarding this?

The bitcoin-development mailing list at http://sourceforge.net/projects/bitcoin/ currently has a thread discussing bitcoin testing.

We welcome -- and need! -- more people testing the software.

[kiba]

Or language to this effect as lawyers find suitable to ensure secret changes aren't given to programmers and then compelled to be implemented via fear of job loss.

Foundation members are not the only people who can fund Gavin and the others, you know? If they need money, they can go beg on bitcointalk.

[hazek]

Such non answers and trickery..

The system works how it works? How about with an answer like "Yes the system works where change is possible, especially backwards compatible change like BIP16, so yes theoretically we could make rules stricter to include an IP address with every transaction and if we got enough mining support there wouldn't even be a hard fork necessary. You are right that is a problem."

And the community would reject any version that added such IP tracking.  As they should.

Each user's use of bitcoin software is a vote to accept or reject changes.  If community does not like the changes coming down the pipe, they won't use them!  Every single change is public, out in the open for inspection.  The process for firing Gavin and any other dev is therefore simple.

git and gitian guard well against "include an IP address with every transaction" back doors.

Two years down the road the Bitcoin foundation will say jump, and the community will ask how high, how will you prevent this scenario from playing out?

[jgarzik]

Or language to this effect as lawyers find suitable to ensure secret changes aren't given to programmers and then compelled to be implemented via fear of job loss.

Secret changes do not occur in the current system; that is the part being missed.

Every git (or gitian, if binary) user around the world would instantly see the "secret" change.

[Yankee (BitInstant)]

Matt,

Yes you do, and I will show you why.

As you so helpfully pointed out, twice I asked you the same question, but no response from you!

I asked you:

You tell me, what can the foundation do thats not already obvious? We have no control over Bitcoin, Bitcoin runs itself.

To which you responded:

So what you are telling me now is that you lied in your post and that in fact you can gain power and are not limited by your bylaws except you can't control how Bitcoin is being run?

Which did not answer my question, so Ill rephrase and hope to get an answer.

Tell me, what specific power or control are you worried about that the foundation will try to do over Bitcoin?

Answer that, and I will tell you how the foundation will prevent that, and if we have nothing to do it, I promise to make sure those protections go into the bylaws.

Thanks

So you aren't going to point to the section of the bylaws the supposedly highly limits the Bitcoin Foundation as was implied with "We cant gain power, in fact we cannot do anything outside the bylaws." ?

I'm worried the foundation will grab the power to:
- claim to speak in the name of all users of the Bitcoin software
- claim to speak as the authority on Bitcoin software
- claim to be a watchdog over the code so individual members needn't worry
- claim to be the authority deciding which Bitcoin businesses are legitimate
- claim to be the authority that decides which Bitcoin projects are worthy of founding
- claim to be the authority that decides which developer's improvements should/shouldn't be added to the core Bitcoin code
- sell a change of Bitcoin or any "approved" layers on top, or just simply a policy or a mission statement to the corporate membership, shoved down the throats of all of the users through a founders 1 + corporate 2 vote giving them the majority

and I could think of more.. So please how are you going to prevent this from happening some day. I realize you probably aren't doing this today, but what about in a year, or 2 or 3 or 5?


After you are done addressing these, don't forget to explain what you meant by "We cant gain power, in fact we cannot do anything outside the bylaws.". It's extremely important that we understand how did you limit yourself through the bylaws as implied by your post. Preferably quote the bylaws. And if you didn't limit yourself, please explain why you worded your post in a manner leaving an impression you did.

Also, who the hell is Matt?

Matt,

Again, I clearly said the bylaws limit our corporate power which you already quoted. I did not say the bylaws limit the power over its control of Bitcoin.
Please stop trying to twist my words. I wrote "Your bylaws reference is speaking of something totally different, corporate law, that states that the foundation can sell t-shirts but not illegal firearms..nothing to do with promoting Bitcoin"

Now, onto the real issue...

I'm worried the foundation will grab the power to:

- claim to speak in the name of all users of the Bitcoin software
>> We claim to speak in the name of all members of the foundation. Bitcoin is open source, no one owns it.

- claim to speak as the authority on Bitcoin software
>> Bitcoin is open source, no one owns it. Anyone can write their own Bitcoin software. The foundation does not control any of the software.

- claim to be a watchdog over the code so individual members needn't worry
>> The foundation will pay for Quality Control and Assurance of the Bitcoin code from member dues. The InfoSec type companies will be hired to test the quality of the code and look for bugs/holes (Something which the dev teams badly needs and has requested many times) Any findings will be published the an update released. Any of the individual software writers or users are free to not update their clients or software.

- claim to be the authority deciding which Bitcoin businesses are legitimate
>> The foundation will attempt to build a vetting process to prevent scammer companies from exploiting Bitcoin users. It wil not just point a finger at a company and say "This is illegitimate". The foundation will release evidence acquired and present it to its members.

- claim to be the authority that decides which Bitcoin projects are worthy of founding
>> The foundation will fund projects that request to be funded. It is legally allowed to deny/approve anyone as its a member driven organization.

- claim to be the authority that decides which developer's improvements should/shouldn't be added to the core Bitcoin code
>> The foundation has no say in what goes in the code. Recommendations could be presented to the core dev team, and they can do as they see fit.

- sell a change of Bitcoin or any "approved" layers on top, or just simply a policy or a mission statement to the corporate membership, shoved down the throats of all of the users through a founders 1 + corporate 2 vote giving them the majority
>> Most policys and major changes would require a unanimous vote, not a majority.

Let me know if you have other concerns, I'll gladly respond to them.

Some of these concerns are real, and I think need to go intro the bylaws, so thank you for pointing them out....just wish you were a little nicer about it considering you asked to be treated like an adult

-Charlie

But no, you are blinded with ego and can't see three feet in front of you all the dangers that are possible even in this highly restrictive system.

Dude, you gotta stop with the personal insults at people. Have I insulted you? Why cant you have a normal and civilized conversion.

You asked to be treated like an adult, act like one!

Ok maybe you missed it at the very end, but who the hell is Matt? You want me to be nicer? Why not follow your own advice and stop calling people names that aren't theirs? I never called you any names, all I did was ask questions based off of your posts. And telling someone they are blinded by their ego just can't be an insult. No, I'm actually being extremely nice and cordial by my standards. But I'm not going not point out inconsistencies in your words for the sake of being nice.

As for your answers, I'm not happy, as you can imagine because you have just shown me with your answers that you will seek certain power to do certain things and no matter how open or well intentioned the process is going to be, given how you structured the board of directors you cannot promise me anything that would make me believe corruption and abuse isn't possible down the road. Now I have to trust you. And THAT is my main problem. Before all I needed to worry about was the code, now I need to worry about the code AND trusting you, something I did not consent to and had no need for.

And last but not least, let's clear this up please because I really wouldn't want to "twist your words". Explain what exactly did you mean in the below quote, specifically with the red underlined part:

The problem I have with this Foundation is that it asserted itself over this experiment and the community. No one asked you to. No one gave you permission. You just did it. You created a corporation to wield power no one granted you.

THIS! HEAR HEAR!

The problem with both you and shad0wbitz (which ive pointed out many times) is that you assume the foundation is assering itself, you assume we are wielding power which in fact we are not.

Its not a complicated structure to understand and you can create your own foundation to help further Bitcoin.

Foundation has no power or control, and no one owns the foundation its owned by you. Like I said, when elections come the whole board can be replaced and you can be on it

-Charlie

This contradicts your Executive Directors statement in regards to standards. You guys want to make standards for security and the Bitcoin protocol. You are asserting yourself in many ways, especially with your proposed certifications and the cost it takes for businesses to join.

Your foundation will eventually gain power if the industries within form trusts to control the message and force competitors out of its veil of legitimacy.

Matt,

That has nothing to do with power

Again, all you do is assume without facts.

" Your foundation will eventually gain power"

It's not my foundation, its YOUR foundation, Ive stated this many times.
We cant gain power, in fact we cannot do anything outside the bylaws.

The certifications are for anyone to join and use. If you dont like it, don't join it or start your own foundation.

If you have problems, join the board, and enjoy

Have a great day

-Charlie

Ah, I apologize Hazek,

Wasn't attempting to call you names, I just get confused between people I think are trolling here. I call Atlas Matt, Matt Atlas, ect...
Sorry if you think its intentional, I just can't tell the difference sometimes....

As per the underlined quote, again I simply said (I'm LOL'ing because Im repeating myself over and over again)
"Again, I clearly said the bylaws limit our corporate power which you already quoted. I did not say the bylaws limit the power over its control of Bitcoin."

Regarding my answers. You are not happy with? Ok, I'm sorry you are not happy with them.
The fact remains that anything the foundation does, it does not effect Bitcoin proper.
In regards to paying for things, vetting, QA...its the foundations money and can do what it feels it can to to help promote Bitcoin.
It will not do anything that will change Bitcoins course, path or core. If the community does not like it, it can reject it, so can all Bitcoiners.

If you don't like the way its set up, you don't need to join.

If you don't like my views, join, and contend my seat!

-Charlie

Such non answers and trickery..

The system works how it works? How about with an answer like "Yes the system works where change is possible, especially backwards compatible change like BIP16, so yes theoretically we could make rules stricter to include an IP address with every transaction and if we got enough mining support there wouldn't even be a hard fork necessary. You are right that is a problem."

And the community would reject any version that added such IP tracking.  As they should.

Each user's use of bitcoin software is a vote to accept or reject changes.  If community does not like the changes coming down the pipe, they won't use them!  Every single change is public, out in the open for inspection.  The process for firing Gavin and any other dev is therefore simple.

git and gitian guard well against "include an IP address with every transaction" back doors.

Two years down the road the Bitcoin foundation will say jump, and the community will ask how high, how will you prevent this scenario from playing out?

No, this will not happen. The foundation may make a recommendation regarding a certain matter and present its evidence. The community will decide the case based on its merits.

Please give the community more credit, don't insult us. We can think for ourselves.

Thats offensive.  

[hazek]

Or language to this effect as lawyers find suitable to ensure secret changes aren't given to programmers and then compelled to be implemented via fear of job loss.

Secret changes do not occur in the current system; that is the part being missed.

Every git (or gitian, if binary) user around the world would instantly see the "secret" change.

Why would the Bitcoin foundation, an organisaton that has the power to decide which Bitcoin business is legitimate, the power to employ the lead dev, the power to be the self anointed official spokesperson for Bitcoin need to do anything secretly 2 or 3 years down the road. Fear of secret changes is unfounded. The fear of pushed change that the community will simply swallow because the Bitcoin Foundation said so, isn't.

What's what I fear.

[gusti]

The foundation might consider a bylaw along the lines of:

Any recommendation to change Bitcoin client code that alters user privacy or acceptability of transactions must be voted unanimously. Such a recommendation to programmers must be non-compelling such that any programmers who choose not to implement the change need not fear for their job. Such a recommendation once decided upon and issued must be made public.

Or language to this effect as lawyers find suitable to ensure secret changes aren't given to programmers and then compelled to be implemented via fear of job loss.

This  ^^^
I would be glad if the bylaws includes the compromise by the foundation to not change or sponsor the change of  any of bitcoin basic principles, as they were initially envisioned by Satoshi.

[irritant]

why is  #bitcoin-foundation unable to join channel (invite only)  

[acoindr]

Or language to this effect as lawyers find suitable to ensure secret changes aren't given to programmers and then compelled to be implemented via fear of job loss.

Secret changes do not occur in the current system; that is the part being missed.

Every git (or gitian, if binary) user around the world would instantly see the "secret" change.

Okay, I think I see where our disconnect is happening. I don't know if it's intentional or you really are that innocently trusting/limited in imagination.

We're not talking about ONLY using systems as they are SUPPOSED to be used. We're talking about malicious intent, like the illegal wiretaps I talked about earlier. How many users download Bitcoin from Git? They don't. They go to a site like Bitcoin.org. In a "Bitcoin Foundation" world they would likely go there since it's the "official representation" of Bitcoin.

Now once a user is downloading a file from your site, how hard is it to give select users select files?

We are talking about issues of TRUST. THAT is our concern. An official Bitcoin Foundation necessarily gains inherent TRUST automatically, whether that foundation remains trustworthy or not. Make sense?

[jgarzik]

Two years down the road the Bitcoin foundation will say jump, and the community will ask how high, how will you prevent this scenario from playing out?

The devs would probably quit BF, I imagine.

What does the protocol design say is possible?  What the majority of users want.  If the majority of users want IP tracking and a 400M coin limit, that is what bitcoin becomes.

I wager the majority of bitcoin users will actively and fervently resist any such changes.  At least I hope so.

(of course, if the majority of users wanted IP tracking or currency supply inflation, per manifesto I would quit bitcoin in a heartbeat, and hope you would too)

[Yankee (BitInstant)]

The foundation might consider a bylaw along the lines of:

Any recommendation to change Bitcoin client code that alters user privacy or acceptability of transactions must be voted unanimously. Such a recommendation to programmers must be non-compelling such that any programmers who choose not to implement the change need not fear for their job. Such a recommendation once decided upon and issued must be made public.

Or language to this effect as lawyers find suitable to ensure secret changes aren't given to programmers and then compelled to be implemented via fear of job loss.

This  ^^^
I would be glad if the bylaws includes the compromise by the foundation to not change or sponsor the change of  any of bitcoin basic principles, as they were initially envisioned by Satoshi.

Agreed.

I would push for this change as well.

As a board member, I will bring it up in next weeks meeting, and then allow all members of the foundation to vote if it wants this change

Or language to this effect as lawyers find suitable to ensure secret changes aren't given to programmers and then compelled to be implemented via fear of job loss.

Secret changes do not occur in the current system; that is the part being missed.

Every git (or gitian, if binary) user around the world would instantly see the "secret" change.

Why would the Bitcoin foundation, an organisaton that has the power to decide which Bitcoin business is legitimate, the power to employ the lead dev, the power to be the self anointed official spokesperson for Bitcoin need to do anything secretly 2 or 3 years down the road. Fear of secret changes is unfounded. The fear of pushed change that the community will simply swallow because the Bitcoin Foundation said so, isn't.

What's what I fear.

Thats a real fear, and I fear that as well. However, the foundation will not do that.

Allow me to edit your words:

Why would the Bitcoin foundation, an organisaton that has the power to decide which Bitcoin business is legitimate, the power to employ the lead dev, the power to be the self anointed official spokesperson for Bitcoin need to do anything secretly 2 or 3 years down the road.

The foundation has no power to decide whats legitimate, it has the power to make recommendations and vet companies based on requests from its members.

Member: hey foundation, can you see if this guy is a scammer?
Foundation: Sure, we checked it out, and we think he is based on bla blah blah. We don't think you should use him, but the choice is yours.

The foundation is the spokesperson representing its members not Bitcoiners as a whole.

[jgarzik]

Every git (or gitian, if binary) user around the world would instantly see the "secret" change.

We're not talking about ONLY using systems as they are SUPPOSED to be used. We're talking about malicious intent, like the illegal wiretaps I talked about earlier. How many users download Bitcoin from Git? They don't. They go to a site like Bitcoin.org. In a "Bitcoin Foundation" world they would likely go there since it's the "official representation" of Bitcoin.

Now once a user is downloading a file from your site, how hard is it to give select users select files?

Google "gitian", please.

[BkkCoins]

Such non answers and trickery..

The system works how it works? How about with an answer like "Yes the system works where change is possible, especially backwards compatible change like BIP16, so yes theoretically we could make rules stricter to include an IP address with every transaction and if we got enough mining support there wouldn't even be a hard fork necessary. You are right that is a problem."

And the community would reject any version that added such IP tracking.  As they should.

Each user's use of bitcoin software is a vote to accept or reject changes.  If community does not like the changes coming down the pipe, they won't use them!  Every single change is public, out in the open for inspection.  The process for firing Gavin and any other dev is therefore simple.

git and gitian guard well against "include an IP address with every transaction" back doors.

I think you're being a little bit smug about this. We see behaviour everyday that indicates we cannot trust the general mass of users to make these choices - they simply go where blindly led. We saw around 50% of Bitcoin miners use Deepbit despite the known danger. We see the general public refuse to even consider using encrypted email, despite it allowing several benefits for all. We see them post all manner of public info online so why would we ever trust them to choose which Bitcoin client to use? They'll obviously choose the one with the nicest buttons and logo.

I don't think people here misunderstand that the tool chain has controls to prevent secret or malicious code change. I just don't don't think it is enough.

[hazek]

Ah, I apologize Hazek,

Wasn't attempting to call you names, I just get confused between people I think are trolling here. I call Atlas Matt, Matt Atlas, ect...
Sorry if you think its intentional, I just can't tell the difference sometimes....

Great, I'm glad we cleared this up. We can now both be nice to each other as I wont feel a stench of condescension in your replies to me anymore.

As per the underlined quote, again I simply said (I'm LOL'ing because Im repeating myself over and over again)
"Again, I clearly said the bylaws limit our corporate power which you already quoted. I did not say the bylaws limit the power over its control of Bitcoin."

Great, I finally understood this part as well and I do apologize for misunderstanding the meaning of it.

Regarding my answers. You are not happy with? Ok, I'm sorry you are not happy with them.
The fact remains that anything the foundation does, it does not effect Bitcoin proper.
In regards to paying for things, vetting, QA...its the foundations money and can do what it feels it can to to help promote Bitcoin.
It will not do anything that will change Bitcoins course, path or core. If the community does not like it, it can reject it, so can all Bitcoiners.

If you don't like the way its set up, you don't need to join.

If you don't like my views, join, and contend my seat!

-Charlie

Such non answers and trickery..

The system works how it works? How about with an answer like "Yes the system works where change is possible, especially backwards compatible change like BIP16, so yes theoretically we could make rules stricter to include an IP address with every transaction and if we got enough mining support there wouldn't even be a hard fork necessary. You are right that is a problem."

And the community would reject any version that added such IP tracking.  As they should.

Each user's use of bitcoin software is a vote to accept or reject changes.  If community does not like the changes coming down the pipe, they won't use them!  Every single change is public, out in the open for inspection.  The process for firing Gavin and any other dev is therefore simple.

git and gitian guard well against "include an IP address with every transaction" back doors.

Two years down the road the Bitcoin foundation will say jump, and the community will ask how high, how will you prevent this scenario from playing out?

No, this will not happen. The foundation may make a recommendation regarding a certain matter and present its evidence. The community will decide the case based on its merits.

Please give the community more credit, don't insult us. We can think for ourselves.

Thats offensive.  

Ah, the crux of the issue remains. I fear down the road this self imposed spokesperson, policy setting, business vetting, intertwined with corporate interest body will get corrupted and try and direct the for the most part ignorant user base to their advantage while you on the other hand have faith the community will be smart and vigilant enough to keep you in check.

Well then as long as the general electorate is the one of which we must now expect vigilance, I'm all calmed down and happy, especially since this works out so well in today's political systems. /this last part was a bit of sarcasm, not mean spirited of course, just for illustrating purposes


Why we needed this foot in the door for bad stuff to be possible to happen I will never understand.

[jgarzik]

I don't think people here misunderstand that the tool chain has controls to prevent secret or malicious code change. I just don't don't think it is enough.

You're right -- it is the community associated with the software that is vigilant.  The tools just help with the vigilance.

[hazek]

Two years down the road the Bitcoin foundation will say jump, and the community will ask how high, how will you prevent this scenario from playing out?

The devs would probably quit BF, I imagine.

What does the protocol design say is possible?  What the majority of users want.  If the majority of users want IP tracking and a 400M coin limit, that is what bitcoin becomes.

I wager the majority of bitcoin users will actively and fervently resist any such changes.  At least I hope so.

(of course, if the majority of users wanted IP tracking or currency supply inflation, per manifesto I would quit bitcoin in a heartbeat, and hope you would too)

Relying on hope is not such a great plan.. And yeah I would, in a heart beat. I'm, sadly, even considering it right now because of the Bitcoin Foundaton.

[acoindr]

I don't think people here misunderstand that the tool chain has controls to prevent secret or malicious code change. I just don't don't think it is enough.

You're right -- it is the community associated with the software that is vigilant.  The tools just help with the vigilance.

Exactly. You're right that gitian is a helpful tool, actually. But it still doesn't account for naive non-tech savvy users - the majority of users. These are the people that would be more reliant on (and trusting of) an "official" foundation.

[hazek]

Or language to this effect as lawyers find suitable to ensure secret changes aren't given to programmers and then compelled to be implemented via fear of job loss.

Secret changes do not occur in the current system; that is the part being missed.

Every git (or gitian, if binary) user around the world would instantly see the "secret" change.

Why would the Bitcoin foundation, an organisaton that has the power to decide which Bitcoin business is legitimate, the power to employ the lead dev, the power to be the self anointed official spokesperson for Bitcoin need to do anything secretly 2 or 3 years down the road. Fear of secret changes is unfounded. The fear of pushed change that the community will simply swallow because the Bitcoin Foundation said so, isn't.

What's what I fear.

Thats a real fear, and I fear that as well. However, the foundation will not do that.

Allow me to edit your words:

Why would the Bitcoin foundation, an organisaton that has the power to decide which Bitcoin business is legitimate, the power to employ the lead dev, the power to be the self anointed official spokesperson for Bitcoin need to do anything secretly 2 or 3 years down the road.

The foundation has no power to decide whats legitimate, it has the power to make recommendations and vet companies based on requests from its members.

Member: hey foundation, can you see if this guy is a scammer?
Foundation: Sure, we checked it out, and we think he is based on bla blah blah. We don't think you should use him, but the choice is yours.

The foundation is the spokesperson representing its members not Bitcoiners as a whole.

You really don't see that as a slippery slope?