goatpig
Moderator
Legendary
 Offline
Activity: 3668
Merit: 1345
Armory Developer
|
 |
January 14, 2016, 08:21:01 PM |
|
Instead of putting the OS variant etc. into a GET variable
The GET vs POST distinction is irrelevant with SSL why not just have the server respond with a generic XML file that has the current version for each OS?
Then the client can look through the XML file (or whatever) to see what the current version is. If it is newer than what is running, the user gets an alert that they may want to upgrade.
We already do that. The calling back home part is a story on its own. There is a thread about this, what it used to do, and what it has changed to after the community complained about the type of content being sent to our servers. You should dig that up. I don't remember what the conclusion was (it was over a year ago), but I believe the community was satisfied with the changes. What you should really be asking for is a dialogue showing up at Armory's startup with a warning that it wants to phone home and an option to change the setting with all the warnings, caveats, DNAA and all that stuff. |
|
|
|
|
|
|
|
|
|
|
"Governments are good at cutting off the heads of a centrally
controlled
networks like Napster, but pure P2P networks like Gnutella and Tor seem
to be holding their own." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
AliceWonderMiscreations (OP)
|
|
January 14, 2016, 08:23:50 PM |
|
Instead of putting the OS variant etc. into a GET variable
The GET vs POST distinction is irrelevant with SSL No it is not. GET variables end up in the server log files, POST data submissions do not. |
I hereby reserve the right to sometimes be wrong
|
|
|
achow101
Staff
Legendary
Offline
Activity: 3388
Merit: 6581
Just writing some code
|
|
January 14, 2016, 09:24:39 PM |
|
Instead of putting the OS variant etc. into a GET variable
The GET vs POST distinction is irrelevant with SSL No it is not. GET variables end up in the server log files, POST data submissions do not. How so? I think it is fairly trivial to log all the details of both GET and POST requests. We already do that. The calling back home part is a story on its own. There is a thread about this, what it used to do, and what it has changed to after the community complained about the type of content being sent to our servers. You should dig that up. I don't remember what the conclusion was (it was over a year ago), but I believe the community was satisfied with the changes.
What you should really be asking for is a dialogue showing up at Armory's startup with a warning that it wants to phone home and an option to change the setting with all the warnings, caveats, DNAA and all that stuff.
I believe this was the post with the solution: https://bitcointalk.org/index.php?topic=731315.msg8299712#msg8299712 |
|
|
|
|
AliceWonderMiscreations (OP)
|
|
January 14, 2016, 09:38:42 PM |
|
GET variables are part of the requested URI and therefore logging them is standard. It is very unusual for them NOT to be in the typical access / error log. POST - I suppose it technically is possible for them to be logged, you can log anything, but I have never seen a server put POST data in the standard access / error logs. GET - I've never seen a server that doesn't.
The log files thus because a source of information, and often times when a remote log server is used, access to log files can be achieved without rooting the specific server handling the requests.
Log files are also often viewed by a multitude of different system administrators and sometimes even third party contractors, especially with support requests.
As such, data that can be considered sensitive should never be used in GET variables.
What distribution of what OS a user is running certainly counts.
|
I hereby reserve the right to sometimes be wrong
|
|
|
goatpig
Moderator
Legendary
Offline
Activity: 3668
Merit: 1345
Armory Developer
|
|
January 15, 2016, 01:55:59 AM |
|
It is. GET variables are part of the requested URI and therefore logging them is standard. It is very unusual for them NOT to be in the typical access / error log. POST - I suppose it technically is possible for them to be logged, you can log anything, but I have never seen a server put POST data in the standard access / error logs. GET - I've never seen a server that doesn't.
The log files thus because a source of information, and often times when a remote log server is used, access to log files can be achieved without rooting the specific server handling the requests.
Log files are also often viewed by a multitude of different system administrators and sometimes even third party contractors, especially with support requests.
As such, data that can be considered sensitive should never be used in GET variables.
What distribution of what OS a user is running certainly counts.
I'll look into changing it to POST for the next version. |
|
|
|
|
AliceWonderMiscreations (OP)
|
|
January 15, 2016, 04:47:32 PM |
|
I would like to apologize. I believe I was making a mountain out of a molehill. -=- For the Armory RPM I am packaging for my LibreLAMP project - I will be doing the following : sed -ie s?"^Exec=.*"?"Exec=/usr/bin/armory --skip-announce-check"? dpkgfiles/armory.desktop
As it is in a yum repository, updating through yum will be the right way to do it anyway, and so turning off the announce check makes sense both from that perspective and from the privacy perspective. I would still prefer the data be sent by post. But I think I was too aggressive in my stance. -=- Armory is still broken on CentOS 7 but the problem may actually be related to my build of bitcoind - the problem is a socket error, and I'm building bitcoind against LibreSSL. So I want to test it built using OpenSSL to see if there's a difference. |
I hereby reserve the right to sometimes be wrong
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3071
|
|
January 15, 2016, 05:30:56 PM |
|
Armory is still broken on CentOS 7 but the problem may actually be related to my build of bitcoind - the problem is a socket error, and I'm building bitcoind against LibreSSL.
So I want to test it built using OpenSSL to see if there's a difference.
Using the specific OpenSSL release prescribed by the Bitcoin developers is imperative apparently. I think the best case would be that the test node might reject signatures created by the regular clients using OpenSSL 1.0.1k, the worst might be the build failing (fairly sure there was a check put into the build file for 0.11, but maybe you're not using that). I'd definitely eliminate guaranteed problems like that first. |
Vires in numeris
|
|
|
|
AliceWonderMiscreations (OP)
|
|
January 15, 2016, 05:39:41 PM |
|
Armory is still broken on CentOS 7 but the problem may actually be related to my build of bitcoind - the problem is a socket error, and I'm building bitcoind against LibreSSL.
So I want to test it built using OpenSSL to see if there's a difference.
Using the specific OpenSSL release prescribed by the Bitcoin developers is imperative apparently. I think the best case would be that the test node might reject signatures created by the regular clients using OpenSSL 1.0.1k, the worst might be the build failing (fairly sure there was a check put into the build file for 0.11, but maybe you're not using that). I'd definitely eliminate guaranteed problems like that first. The OpenSSL must have EC support OpenSSL in CentOS 7 does not but I know how to build an OpenSSL that works for building bitcoin-core that installs in parallel, I just prefer LibreSSL over OpenSSL in general. Not only does the openssl with proper support install in parallel, but in the mock build system it's devel files would be the only openssl devel files installed so it would be impossible for bitcoin-core to accidentally link against the wrong one. However I prefer LibreSSL - I think the OpenSSL project is bloated and buggy. -=- The current bitcoin-core builds against LibreSSL but you have to use a switch specifying --with-libressl With that switch, it compiles successfully. Without that switch, it exist during configure. The qt client is able to validate blocks and create transactions that are accepted by other nodes. The bitcoind daemon is able to validate blocks, but I have not tried creating transactions with it yet. However it is possible there is a bug with bitcoind accepting connections from other processes (such as armory) when built against LibreSSL, that is what I need to figure out. EDIT It should be noted that LibreSSL is API compatible with OpenSSL 1.0.1 - but there are sometimes bugs in software that uses that API that don't show up when building against OpenSSL. That's what may be going on here, a bug in bitcoin-core socket handling that doesn't show up when using OpenSSL but does show up when using LibreSSL. |
I hereby reserve the right to sometimes be wrong
|
|
|
goatpig
Moderator
Legendary
Offline
Activity: 3668
Merit: 1345
Armory Developer
|
|
January 15, 2016, 05:46:49 PM |
|
I would still prefer the data be sent by post. But I think I was too aggressive in my stance.
It's a good suggestion and I'm wondering why we using GET instead of POST now. I'll look into it. It's not that the change is difficult or anything, it's more an issue of logistics (I don't have access to the server, have to explain the why and how of that change to the other devs, make a ticket, document the process, all that stuff). As it is in a yum repository
Are you saying you didn't build Armory from source? Let me make this clear: we do not officially support CentOS. You will not find any packages we signed for that OS. And for what it's worth, I have no idea who built the Armory on the repo you are using. Armory is still broken on CentOS 7 but the problem may actually be related to my build of bitcoind - the problem is a socket error, and I'm building bitcoind against LibreSSL.
Is OpenSSL used in any way by the P2P layer in Core? I thought it was only for crypto. Did you consider the libsecpk1 branches? Anyways, I'd check permissions and security settings first, and I'd also make sure Python twisted works properly. |
|
|
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3071
|
|
January 15, 2016, 07:09:56 PM |
|
EDIT
It should be noted that LibreSSL is API compatible with OpenSSL 1.0.1 - but there are sometimes bugs in software that uses that API that don't show up when building against OpenSSL. That's what may be going on here, a bug in bitcoin-core socket handling that doesn't show up when using OpenSSL but does show up when using LibreSSL.
Not sure if I was clear enough, that's what I meant (but not your bug, the core developers state that the ECDSA code specifically exhibits differing behaviour between OpenSSL versions). Definitely ditch LibreSSL IMO. |
Vires in numeris
|
|
|
|
AliceWonderMiscreations (OP)
|
|
January 15, 2016, 08:08:41 PM |
|
EDIT
It should be noted that LibreSSL is API compatible with OpenSSL 1.0.1 - but there are sometimes bugs in software that uses that API that don't show up when building against OpenSSL. That's what may be going on here, a bug in bitcoin-core socket handling that doesn't show up when using OpenSSL but does show up when using LibreSSL.
Not sure if I was clear enough, that's what I meant (but not your bug, the core developers state that the ECDSA code specifically exhibits differing behaviour between OpenSSL versions). Definitely ditch LibreSSL IMO. Well I would rather keep using bitcoin-qt than ditch LibreSSL. I am very committed to LibreSSL and am very annoyed at the OpenSSL development process, which seems to be more about getting money from the FIPS consulting than anything else these days. If bitcoin-qt didn't work with LibreSSL (as it didn't until recently) then I would have no choice, but since bitcoin-qt does work with LibreSSL then I have a choice, and that choice is to ditch OpenSSL wherever possible. That's why I run a CentOS 7 yum repository based on LibreSSL with lots of different software rebuilt against LibreSSL. I don't trust the OpenSSL library to be secure. |
I hereby reserve the right to sometimes be wrong
|
|
|
|
AliceWonderMiscreations (OP)
|
|
January 15, 2016, 08:21:40 PM |
|
With OpenSSL heartbleed wasn't what prompted the fork to LibreSSL, it was the final straw.
There were undisputed bugs in OpenSSL for years, in their bug-tracking system, with patches submitted to fix them, that were ignored by the OpenSSL developers while the OpenSSL developers continued to add new (sometimes dangerous) features, including heartbeat.
That's what prompted the fork.
OpenSSL post fork has cleaned up a bit, in response to the fork, but I still don't trust their development process. If that means a little patience is required before I can run armory (and I'm not sure that is actually the issue yet) then I will just have a little more patience. Not a biggie.
|
I hereby reserve the right to sometimes be wrong
|
|
|
achow101
Staff
Legendary
Offline
Activity: 3388
Merit: 6581
Just writing some code
|
|
January 15, 2016, 08:34:48 PM |
|
EDIT
It should be noted that LibreSSL is API compatible with OpenSSL 1.0.1 - but there are sometimes bugs in software that uses that API that don't show up when building against OpenSSL. That's what may be going on here, a bug in bitcoin-core socket handling that doesn't show up when using OpenSSL but does show up when using LibreSSL.
Not sure if I was clear enough, that's what I meant (but not your bug, the core developers state that the ECDSA code specifically exhibits differing behaviour between OpenSSL versions). Definitely ditch LibreSSL IMO. Well I would rather keep using bitcoin-qt than ditch LibreSSL. I am very committed to LibreSSL and am very annoyed at the OpenSSL development process, which seems to be more about getting money from the FIPS consulting than anything else these days. If bitcoin-qt didn't work with LibreSSL (as it didn't until recently) then I would have no choice, but since bitcoin-qt does work with LibreSSL then I have a choice, and that choice is to ditch OpenSSL wherever possible. That's why I run a CentOS 7 yum repository based on LibreSSL with lots of different software rebuilt against LibreSSL. I don't trust the OpenSSL library to be secure. Bitcoin Core is moving off of OpenSSL when 0.12 is released in a few weeks. Instead they will be using their own libsecp256k1 library for all EC operations which will be faster than using OpenSSL. That may also fix your problems. |
|
|
|
|
AliceWonderMiscreations (OP)
|
|
January 15, 2016, 10:15:45 PM |
|
EDIT
It should be noted that LibreSSL is API compatible with OpenSSL 1.0.1 - but there are sometimes bugs in software that uses that API that don't show up when building against OpenSSL. That's what may be going on here, a bug in bitcoin-core socket handling that doesn't show up when using OpenSSL but does show up when using LibreSSL.
Not sure if I was clear enough, that's what I meant (but not your bug, the core developers state that the ECDSA code specifically exhibits differing behaviour between OpenSSL versions). Definitely ditch LibreSSL IMO. Well I would rather keep using bitcoin-qt than ditch LibreSSL. I am very committed to LibreSSL and am very annoyed at the OpenSSL development process, which seems to be more about getting money from the FIPS consulting than anything else these days. If bitcoin-qt didn't work with LibreSSL (as it didn't until recently) then I would have no choice, but since bitcoin-qt does work with LibreSSL then I have a choice, and that choice is to ditch OpenSSL wherever possible. That's why I run a CentOS 7 yum repository based on LibreSSL with lots of different software rebuilt against LibreSSL. I don't trust the OpenSSL library to be secure. Bitcoin Core is moving off of OpenSSL when 0.12 is released in a few weeks. Instead they will be using their own libsecp256k1 library for all EC operations which will be faster than using OpenSSL. That may also fix your problems. Yes, I've found that library on github and actually have done a little playing with an experimental PHP module that links against it. Moving to that library is the right thing to do IMHO. |
I hereby reserve the right to sometimes be wrong
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3071
|
|
January 15, 2016, 11:33:02 PM |
|
Well I would rather keep using bitcoin-qt than ditch LibreSSL.
I am very committed to LibreSSL and am very annoyed at the OpenSSL development process, which seems to be more about getting money from the FIPS consulting than anything else these days.
If bitcoin-qt didn't work with LibreSSL (as it didn't until recently) then I would have no choice, but since bitcoin-qt does work with LibreSSL then I have a choice, and that choice is to ditch OpenSSL wherever possible.
That's why I run a CentOS 7 yum repository based on LibreSSL with lots of different software rebuilt against LibreSSL. I don't trust the OpenSSL library to be secure.
You're trying to convert a missionary here, I'm also inclined toward LibreSSL after the problems with OpenSSL (and well done for putting it together incidentally, it must have been challenging whichever way you approached it). But not for this one purpose, it's part of the consensus driven code base. With crypto-driven consensus, correctness is not important if there's a practical reason to stick with incorrectness in respect of long-term development goals (like the Core developed in-house libsecp256k1 library mentioned by knightdk, that's been several years in the making now and only just about to see a release) |
Vires in numeris
|
|
|
|
