Bitcoin Forum
December 05, 2016, 12:47:05 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Poll
Question: Have you read and understood EVERY SINGLE line of source code of a version of the bitcoin software?
Yes - 5 (13.5%)
No - 32 (86.5%)
Total Voters: 36

Pages: [1]
  Print  
Author Topic: Has anyone actually ever looked at every line of code?  (Read 1797 times)
kroptofer
Newbie
*
Offline Offline

Activity: 18


View Profile
June 03, 2011, 01:23:51 AM
 #1

Now don't take this the wrong way. I'm not trying to prove some sort of anti-bitcoin point here. I already know that a vast majority of people (including myself) will not be able to seriously vote "Yes" in this poll. However, this question has been lingering in my mind since day one.

When a handful of people first downloaded version 0.1, we basically crossed our fingers and trusted this "Satoshi" fellow not to screw us over. This move seems to have payed off pretty well and all, but still: how many people can claim to have actually seen and felt in their very souls the proof that bitcoins are "cryptographically secure" and will be capped off at 21 million? I for one opened some of the .cpp and header files only to be greeted by a sea of vague functions, structures I'm not familiar with, and C++ libraries I have never used. Back In 2009 I'm sure most users were similarly overwhelmed. By now out of the many thousands there must be at least a handful of programmers skilled and persistent enough to stubbornly sit through the whole darn program. I would really like to hear responses from some of them. Thank you.
1480898825
Hero Member
*
Offline Offline

Posts: 1480898825

View Profile Personal Message (Offline)

Ignore
1480898825
Reply with quote  #2

1480898825
Report to moderator
1480898825
Hero Member
*
Offline Offline

Posts: 1480898825

View Profile Personal Message (Offline)

Ignore
1480898825
Reply with quote  #2

1480898825
Report to moderator
1480898825
Hero Member
*
Offline Offline

Posts: 1480898825

View Profile Personal Message (Offline)

Ignore
1480898825
Reply with quote  #2

1480898825
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480898825
Hero Member
*
Offline Offline

Posts: 1480898825

View Profile Personal Message (Offline)

Ignore
1480898825
Reply with quote  #2

1480898825
Report to moderator
1480898825
Hero Member
*
Offline Offline

Posts: 1480898825

View Profile Personal Message (Offline)

Ignore
1480898825
Reply with quote  #2

1480898825
Report to moderator
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2086



View Profile
June 03, 2011, 01:29:18 AM
 #2


This is a misleading question.

You could break the poll down into modules or sections of the code and see how many people had understood every line of each section. No one person need to have looked over/understood every line as long as many people had understood each piece ... unless there was a way to slip something in the cracks.

mcdett
Full Member
***
Offline Offline

Activity: 157



View Profile
June 03, 2011, 01:47:31 AM
 #3

I've spent a fair amount of time looking at aspects of the code that had relevancy to my needs.  I've written custom patches to achieve functionality I needed.

I have NOT looked seriously at all lines of the code.

I'm in the comp sec field and a review of this code by a reputable company would cost around $60k USD --> @mtgox high (11 usd) --> 5455 btc.  Maybe someone could put together a bounty :-p
kroptofer
Newbie
*
Offline Offline

Activity: 18


View Profile
June 03, 2011, 02:03:26 AM
 #4


This is a misleading question.

You could break the poll down into modules or sections of the code and see how many people had understood every line of each section. No one person need to have looked over/understood every line as long as many people had understood each piece ... unless there was a way to slip something in the cracks.

I see your point and I was kind of expecting a response of this shade. I thought of including several choices, but then I would have to dilute this poll with subjective options like "No. But I have understood most of it" and "No. I have read most of it but only understood a small portion" and "I got the gist of the source files but none of the headers". Or a whole bunch of options for different sections of code and one for those who do not know any C++. Alright, so maybe this would be the better way to go, but that's not what's important. I mostly started this thread to hear from those rare savants who can wrap their minds around the entirety of a program. Guys who are real geniuses like Satoshi Nakamoto must be. So far the closest I've heard was Gavin Andresen in "Making Money" saying "I'm a geek, I understand this stuff".
unk
Member
**
Offline Offline

Activity: 84


View Profile
June 03, 2011, 02:43:29 AM
 #5

i've carefully read about 40% of the code of the c++ peer, particularly the networking code because that's one area where even good programmers commonly make mistakes. i haven't found anything of note other than denial-of-service attacks that satoshi was already aware of. that said, i did not notice the overflow bug in the transaction-verification code before it affected the block chain, and i should have done because i had looked carefully at that function.

i've looked at most of mike's java code as well, though in a more cursory fashion.

hal finney one said he reviewed much of the c++ peer's code. i forget how long ago that was, but i'm pretty sure he said it publicly.
BTCCC
Newbie
*
Offline Offline

Activity: 21


View Profile
June 03, 2011, 03:34:12 AM
 #6

I have read most of the crypt implementation but thats about it.
sandos
Member
**
Offline Offline

Activity: 106


View Profile
June 03, 2011, 07:13:28 AM
 #7

Hss anybody done any fuzz-testing? Both valid protocol and invalid stuff?
unk
Member
**
Offline Offline

Activity: 84


View Profile
June 03, 2011, 07:26:13 AM
 #8

i've seen little evidence of it myself.

more intelligent denial-of-service attacks are not difficult. for example, off the top of my head, you could send many transactions with invalid signatures, tying up the cpu of peers.

attacks just lead to an arms race between the developers and the attackers. in principle they should be easy to address, but principle is not always the same as practice. in practice, i'm not sure what would happen in the event of coordinated distributed attacks, in part because developing for bitcoin has a learning curve greater than for most similar projects; there are maybe a dozen of us who could respond quickly. and the work might be asymmetric: it might be easier to mount attacks than to develop countermeasures, practically speaking.

because people here are loathe to find any fault with bitcoin and routinely impugn the motives of those who point them out, i feel like i should directly quote satoshi on this, from his last message in the forum:

Quote
As Gavin and I have said clearly before, the software is not at all resistant to DoS attack.  [A recent change] is one improvement, but there are still more ways to attack than I can count.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2086



View Profile
June 03, 2011, 07:33:57 AM
 #9


fault finding is good, it is open source after all, bug reports are welcome, intentions to fix things are extra welcomed.

interfect
Full Member
***
Offline Offline

Activity: 139


View Profile
June 03, 2011, 07:53:57 AM
 #10

I would like to see a code review of the client done. But the problem is that it's invalid with each new version. How do we know that the next version won't have a feature that sends the (amazing) Bitcoin devs all the coins of 0.01% of users? Or that the released binaries match the source?
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
June 03, 2011, 07:58:34 AM
 #11

At this point, I don't think that any one person has looked at all of the code.  But, for any given section, several people have looked at it.

And there are quite a few people that inspect each and every change that gets pulled into the main branch.  An actual attack would need to be very subtle to get in.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
AHemlocksLie
Newbie
*
Offline Offline

Activity: 6


View Profile
June 03, 2011, 08:52:26 AM
 #12

Even if you had a bunch of people reviewing the changes, this simply means you can't put it all in one single update. If you spread malicious changes out and disguise them within real applications, you can slowly build the skeleton of an attack.

As always, tips always appreciated. C;
1MTCCq1jNxBZ5rR1zfVKgS6jLURvshCxv4
Timo Y
Legendary
*
Offline Offline

Activity: 938


bitcoin - the aerogel of money


View Profile
June 03, 2011, 09:11:25 AM
 #13

Do I understand the General Proof of Fermat's Last Theorem??

Hell no.

Do I believe this proof is correct? Yes.

Why? Because mathematicians are competitive, and there is a huge motivation for trying exposing a hole in this proof.

Same with the Bitcoin source code. The more famous Bitcoin becomes, the more confident I am that it doesn't have any security holes.

GPG ID: FA868D77   bitcoin-otc:forever-d
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
June 03, 2011, 08:47:34 PM
 #14

Now don't take this the wrong way. I'm not trying to prove some sort of anti-bitcoin point here. I already know that a vast majority of people (including myself) will not be able to seriously vote "Yes" in this poll. However, this question has been lingering in my mind since day one.

When a handful of people first downloaded version 0.1, we basically crossed our fingers and trusted this "Satoshi" fellow not to screw us over. This move seems to have payed off pretty well and all, but still: how many people can claim to have actually seen and felt in their very souls the proof that bitcoins are "cryptographically secure" and will be capped off at 21 million? I for one opened some of the .cpp and header files only to be greeted by a sea of vague functions, structures I'm not familiar with, and C++ libraries I have never used. Back In 2009 I'm sure most users were similarly overwhelmed. By now out of the many thousands there must be at least a handful of programmers skilled and persistent enough to stubbornly sit through the whole darn program. I would really like to hear responses from some of them. Thank you.

These are two different questions.

It's not really necessary to personally read every single line of code in order to ensure that some single function does what is intended. It IS necessary to know how to use grep, though. Smiley

In this case I've examined the relevant code, and I can say that (in the current source) the subsidy does indeed halve every 210,000 blocks and because of the manner in which it's halved, will indeed eventually be cut to zero.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!