achow101 (OP)
Staff
Legendary
 Offline
Activity: 3430
Merit: 6720
Just writing some code
|
 |
November 01, 2016, 02:43:26 PM
Last edit: November 01, 2016, 03:05:09 PM by achow101 |
|
For reals this time. The alert system is being retired. This is the pre-warning warning. Tomorrow the pre-final alert will be sent. Read more at https:/bitcoin.org/alert-retirement. Full text copied below. SummaryThe network wide Alert system is being retired. No Bitcoins are at risk and this warning may be safely ignored.Upgrade to the newest version of your wallet software to no longer see the alert. Reasons for RetirementThe network wide Alert system was created by Satoshi Nakamoto as a means of informing Bitcoin users of any important information regarding Bitcoin. It has been used in the past to inform users about important network events such as accidental blockchain forks. However, the Alert system also represents a large source of centralization in Bitcoin. The holders of the singular Alert Key can at any time send an alert which could affect the entire network. As more developers join, the Alert Key is given to others, but cannot be taken away from those who have left. This has led to the Alert Key potentially falling into the hands of malicious actors who could use it to disrupt the network. Because there is only one Alert key, it is not possible to prevent former developers from sending an alert nor is it possible to identify who sent an Alert. In addition, the Alert system is primarily Bitcoin Core specific. Many other wallets have their own systems in place but still must have handling for the Alert system because it is network wide. Something specific for one software should not be imposed on the entire network. The Alert system has also lost its usefulness. It is no longer necessary to use it to inform users about problematic network events as users can easily get their information from any major Bitcoin news outlet. The Retirement PlanRetirement of the Alert system consists of a pre-final alert (this alert) which will warn about the impending retirement, a final maximum sequence alert which cannot be overridden and displays a static "Alert Key Compromised" message, and the publishing of the Alert key itself. The final alert will be hard coded into Bitcoin Core 0.14 to ensure that all old nodes receive the final alert. | Action | Description | Date | | Pre-final Alert Posts | Posts on Bitcoin.org, various forums, and various mailing lists that the Alert system will be retired | 2016-11-01 | | Pre-final Alert | The alert itself warning that the Alert system will be retired | 2016-11-02 | | Final Alert | Max sequence Alert to disable the Alert system | 2017 (Will coincide with Bitcoin Core 0.14 Release Candidate process) | | Alert key released | The Alert key will be made publicly available | 1-2 months after the Final Alert |
Software without the Alert systemMost major Bitcoin wallets have already removed the alert system in the most recent releases. The software listed below are guaranteed to have removed/disabled the Alert system or allow you to disable it. - Bitcoin Core 0.13.1, 0.13.0, 0.12.1
- Bitcoin Core 0.10.3, 0.11.x, and 0.12.x can disable alerts with `-alerts=0`
- Armory 0.94.1+
See alsoOriginal email proposing retirementPull request removing Alert systemRemoval discussion on githubPull request disabling alertsIRC Discussion |
|
|
|
BillyBobZorton
Legendary
Offline
Activity: 1204
Merit: 1028
|
|
November 01, 2016, 03:46:40 PM |
|
I think it's a good idea. I never liked the fact that people that don't even work in bitcoin anymore, have such power to influence bitcoin users. Like imagine "X" ex developer tells people how if you dont move to "bitcoin XT/classic/unlimited" your coins will be at risk or something like that.
It can be used to coerce and scare people. Anyone can find information on websites like reddit if something is going on.
|
|
|
|
|
|
tunctioncloud
|
|
November 01, 2016, 03:49:40 PM |
|
Well, that's a nice idea I think, as BillyBobZorton pointed it out. We should however put back a new alert system that is actualised I think.
|
|
|
|
|
|
U2
|
|
November 01, 2016, 04:02:07 PM |
|
I didn't even know there was an alert system. I guess you learn something new every day haha  . Thanks achow101 for the helpful tips. |
|
|
|
|
pawel7777
Legendary
Offline
Activity: 2492
Merit: 1588
|
|
November 01, 2016, 04:02:52 PM |
|
Is there any new alert-system replacing the old one, or was the entire idea of alerting users in case of emergency deemed as unnecessary?
|
|
|
|
achow101 (OP)
Staff
Legendary
Offline
Activity: 3430
Merit: 6720
Just writing some code
|
|
November 01, 2016, 04:09:58 PM |
|
Is there any new alert-system replacing the old one, or was the entire idea of alerting users in case of emergency deemed as unnecessary?
There won't be a replacement, or if there is, it will be client specific. So far, no plans for that as Bitcoin has grown big enough that other media sources (e.g. bitcoin.org, coindesk, cointelegraph, bitcointalk, reddit) are sufficient to alert about emergencies. |
|
|
|
manselr
Legendary
Offline
Activity: 868
Merit: 1004
|
|
November 01, 2016, 04:13:34 PM |
|
I didn't even know there was an alert system. I guess you learn something new every day haha . Thanks achow101 for the helpful tips. I don't remember ever seeing an alert and I have been using Bitcoin Core since it was called Bitcoin QT around version 0.7... I wonder how the alert looked like. Is this orange square message an alert?  |
|
|
|
|
achow101 (OP)
Staff
Legendary
Offline
Activity: 3430
Merit: 6720
Just writing some code
|
|
November 01, 2016, 04:18:30 PM |
|
I didn't even know there was an alert system. I guess you learn something new every day haha . Thanks achow101 for the helpful tips. I don't remember ever seeing an alert and I have been using Bitcoin Core since it was called Bitcoin QT around version 0.7... I wonder how the alert looked like. Is this orange square message an alert? That banner is not an alert, but an alert will look nearly identical to that. |
|
|
|
|
xdrpx
|
|
November 01, 2016, 04:20:34 PM |
|
That's interesting, it's good to know that the alert key being in the hands of a few is supporting centralization and indirectly affecting the entire network by spreading some form of news. Also, I was wondering why give out the Alert key to the public? Is there any benefit for us from it or is it being done just to support decentralization? Would be nice to know how the alert system works on Bitcoin core, I was assuming it was the alert system on Bitcoin.org's website towards the top.
|
|
|
|
|
achow101 (OP)
Staff
Legendary
Offline
Activity: 3430
Merit: 6720
Just writing some code
|
|
November 01, 2016, 04:27:26 PM |
|
That's interesting, it's good to know that the alert key being in the hands of a few is supporting centralization and indirectly affecting the entire network by spreading some form of news. Also, I was wondering why give out the Alert key to the public? Is there any benefit for us from it or is it being done just to support decentralization?
It's being done to support decentralization and to actually kill off the alert system. By releasing the key, the system is completely discredited. Would be nice to know how the alert system works on Bitcoin core, I was assuming it was the alert system on Bitcoin.org's website towards the top.
Bitcoin.org and the alert system are two different things. The alert system was part of the P2P protocol. It is a protocol message that is passed around from node to node. Upon receipt of the message, Bitcoin Core will show a banner and put an error message in every single RPC call. |
|
|
|
|
tee-rex
|
|
November 01, 2016, 04:46:53 PM |
|
That's interesting, it's good to know that the alert key being in the hands of a few is supporting centralization and indirectly affecting the entire network by spreading some form of news. Also, I was wondering why give out the Alert key to the public? Is there any benefit for us from it or is it being done just to support decentralization?
It's being done to support decentralization and to actually kill off the alert system. By releasing the key, the system is completely discredited. I also thought about asking that very question. Does it make any sense to release the key beyond making the retired system completely "discredited"? Why would developers need to do that at all? What kind of pain in the ass makes them want to "discredit the system"? Are they seeking revenge on someone or what? If the system is dismantled completely, then giving out the public key is technically irrelevant, but if it is not and somehow it is still valid and active, it might wreak havoc. |
|
|
|
|
achow101 (OP)
Staff
Legendary
Offline
Activity: 3430
Merit: 6720
Just writing some code
|
|
November 01, 2016, 05:04:11 PM |
|
That's interesting, it's good to know that the alert key being in the hands of a few is supporting centralization and indirectly affecting the entire network by spreading some form of news. Also, I was wondering why give out the Alert key to the public? Is there any benefit for us from it or is it being done just to support decentralization?
It's being done to support decentralization and to actually kill off the alert system. By releasing the key, the system is completely discredited. I also thought about asking that very question. Does it make any sense to release the key beyond making the retired system completely "discredited"? Why would developers need to do that at all? What kind of pain in the ass makes them want to "discredit the system"? Are they seeking revenge on someone or what? If the system is dismantled completely, then giving out the public key is technically irrelevant, but if it is not and somehow it is still valid and active, it might wreak havoc. The system will be sufficiently dead by the time that the key is released. A maximum sequence alert cannot be overridden. Bitcoin Core 0.14 will be constantly broadcasting that final alert so that all nodes receive it by the time the hey is released. |
|
|
|
yayayo
Legendary
Offline
Activity: 1806
Merit: 1024
|
|
November 01, 2016, 05:14:04 PM |
|
A really good decision, because the alert system has become a potential risk considering that there are people in possession of the alert key that have proven to stand against the original idea of Bitcoin as a decentralized and fully fungible currency. The consequences of even a singular abuse could be dramatic, because a lot of users would trust it as a credible source and may even give information of the alert system preference over other sources of information.
In my opinion, the alert key is a classic example of a feature that is added to increase security in one respect but at the same time is adding a another form of insecurity. The alert key made sense at the time Bitcoin was in experimental stage and used by few people, having a limited number of developers. Its removal is overdue.
ya.ya.yo!
|
|
|
|
|
|
.
..1xBit.com Super Six.. | ▄█████████████▄
████████████▀▀▀
█████████████▄
█████████▌▀████
██████████ ▀██
██████████▌ ▀
████████████▄▄
███████████████
███████████████
███████████████
███████████████
███████████████
▀██████████████ | ███████████████
█████████████▀
█████▀▀
███▀ ▄███ ▄
██▄▄████▌ ▄█
████████
████████▌
█████████ ▐█
██████████ ▐█
███████▀▀ ▄██
███▀ ▄▄▄█████
███ ▄██████████
███████████████ | ███████████████
███████████████
███████████████
███████████████
███████████████
███████████▀▀▀█
██████████
███████████▄▄▄█
███████████████
███████████████
███████████████
███████████████
███████████████ | ▄█████
▄██████
▄███████
▄████████
▄█████████
▄██████████
▄███████████
▄████████████
▄█████████████
▄██████████████
▀▀███████████
▀▀███████
▀▀██▀ | ▄▄██▌
▄▄███████
█████████▀
▄██▄▄▀▀██▀▀
▄██████ ▄▄▄
███████ ▄█▄ ▄
▀██████ █ ▀█
▀▀▀ ▄ ▀▄▄█▀
▄▄█████▄ ▀▀▀
▀████████
▀█████▀ ████
▀▀▀ █████
█████ | ▄ █▄▄ █ ▄
▀▄██▀▀▀▀▀▀▀▀
▀ ▄▄█████▄█▄▄
▄ ▄███▀ ▀▀ ▀▀▄
▄██▄███▄ ▀▀▀▀▄ ▄▄
▄████████▄▄▄▄▄█▄▄▄██
████████████▀▀ █ ▐█
██████████████▄ ▄▄▀██▄██
▐██████████████ ▄███
████▀████████████▄███▀
▀█▀ ▐█████████████▀
▐████████████▀
▀█████▀▀▀ █▀ | .
Premier League
LaLiga
Serie A | .
Bundesliga
Ligue 1
Primeira Liga | | .
..TAKE PART.. |
|
|
|
|
tee-rex
|
|
November 01, 2016, 05:22:11 PM |
|
That's interesting, it's good to know that the alert key being in the hands of a few is supporting centralization and indirectly affecting the entire network by spreading some form of news. Also, I was wondering why give out the Alert key to the public? Is there any benefit for us from it or is it being done just to support decentralization?
It's being done to support decentralization and to actually kill off the alert system. By releasing the key, the system is completely discredited. I also thought about asking that very question. Does it make any sense to release the key beyond making the retired system completely "discredited"? Why would developers need to do that at all? What kind of pain in the ass makes them want to "discredit the system"? Are they seeking revenge on someone or what? If the system is dismantled completely, then giving out the public key is technically irrelevant, but if it is not and somehow it is still valid and active, it might wreak havoc. The system will be sufficiently dead by the time that the key is released. A maximum sequence alert cannot be overridden. Bitcoin Core 0.14 will be constantly broadcasting that final alert so that all nodes receive it by the time the hey is released. But what is the real purpose of giving out the key? I remember a time when the Linux iptables had a feature that allowed to send back the offending packets to the source (it was called MIRROR or something to that tune, if I'm not mistaken), but it got soon removed since that had been a silly idea right from the start. Why not just abandon this Alert system without making it look like a personal vendetta? |
|
|
|
|
|
oblivi
|
|
November 01, 2016, 05:29:19 PM |
|
That's interesting, it's good to know that the alert key being in the hands of a few is supporting centralization and indirectly affecting the entire network by spreading some form of news. Also, I was wondering why give out the Alert key to the public? Is there any benefit for us from it or is it being done just to support decentralization?
It's being done to support decentralization and to actually kill off the alert system. By releasing the key, the system is completely discredited. I also thought about asking that very question. Does it make any sense to release the key beyond making the retired system completely "discredited"? Why would developers need to do that at all? What kind of pain in the ass makes them want to "discredit the system"? Are they seeking revenge on someone or what? If the system is dismantled completely, then giving out the public key is technically irrelevant, but if it is not and somehow it is still valid and active, it might wreak havoc. The system will be sufficiently dead by the time that the key is released. A maximum sequence alert cannot be overridden. Bitcoin Core 0.14 will be constantly broadcasting that final alert so that all nodes receive it by the time the hey is released. But what is the real purpose of giving out the key? I remember a time when the Linux iptables had a feature that allowed to send back the offending packets to the source (it was called MIRROR or something to that tune, if I'm not mistaken), but it got soon removed since that had been a silly idea right from the start. Why not just abandon this Alert system without making it look like a personal vendetta? I guess they give out the key to demonstrate that the key is useless after they remove the alert system. What I don't get is... wouldn't the key will still be useful to trigger alerts in the pre 0.13 software?? |
|
|
|
|
Kprawn
Legendary
Offline
Activity: 1904
Merit: 1074
|
|
November 01, 2016, 05:30:49 PM |
|
It somehow feels wrong to undo Satoshi's master plan to inform users when major events happens, but I can see how some people might misuse this system, if they cannot be properly removed. I was under the impression Gavin's key was removed and he could not access that system... or do they mean that a rogue developer might try to sabotage Bitcoin whilst he or she still has the key? Well I hope there are a good replacement that can be properly verified with a PGP key.  |
|
|
|
|
oblivi
|
|
November 01, 2016, 05:46:50 PM |
|
It somehow feels wrong to undo Satoshi's master plan to inform users when major events happens, but I can see how some people might misuse this system, if they cannot be properly removed. I was under the impression Gavin's key was removed and he could not access that system... or do they mean that a rogue developer might try to sabotage Bitcoin whilst he or she still has the key? Well I hope there are a good replacement that can be properly verified with a PGP key. But like other people pointed at, it's just not a good idea anymore. Back in the day, there was barely no sites reporting bitcoin stuff, now you have millions of bitcoin sites with constant news, even bitcoin core has its own website, back then all there was was the bitcoin client really... so it was needed, today not so much. |
|
|
|
|
|
tee-rex
|
|
November 01, 2016, 05:50:47 PM |
|
I also thought about asking that very question. Does it make any sense to release the key beyond making the retired system completely "discredited"? Why would developers need to do that at all? What kind of pain in the ass makes them want to "discredit the system"? Are they seeking revenge on someone or what? If the system is dismantled completely, then giving out the public key is technically irrelevant, but if it is not and somehow it is still valid and active, it might wreak havoc.
The system will be sufficiently dead by the time that the key is released. A maximum sequence alert cannot be overridden. Bitcoin Core 0.14 will be constantly broadcasting that final alert so that all nodes receive it by the time the hey is released. But what is the real purpose of giving out the key? I remember a time when the Linux iptables had a feature that allowed to send back the offending packets to the source (it was called MIRROR or something to that tune, if I'm not mistaken), but it got soon removed since that had been a silly idea right from the start. Why not just abandon this Alert system without making it look like a personal vendetta? I guess they give out the key to demonstrate that the key is useless after they remove the alert system. This is the "official version", which is meaningless, in my view. And it is a childish act as well since this key was not intended to be made public in the first place, as I got it. To further clarify my point, would the developers want to release the old inactive key if they decided just to change it, for whatever reason (let's assume that it is possible to change the key)? Would you believe them if they said they would release it to the public to demonstrate that the old key is no longer useful? |
|
|
|
|
achow101 (OP)
Staff
Legendary
Offline
Activity: 3430
Merit: 6720
Just writing some code
|
|
November 01, 2016, 06:01:38 PM |
|
But what is the real purpose of giving out the key? I remember a time when the Linux iptables had a feature that allowed to send back the offending packets to the source (it was called MIRROR or something to that tune, if I'm not mistaken), but it got soon removed since that had been a silly idea right from the start. Why not just abandon this Alert system without making it look like a personal vendetta?
Read the last paragraph of this email: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-September/013104.htmlWhat I don't get is... wouldn't the key will still be useful to trigger alerts in the pre 0.13 software??
As I explained earlier, no this cannot happen. The final alert is a maximum sequence alert which cannot be overridden. It displays a static message "Alert Key Compromised" which is hard coded into the alert handler. The final alert will be broadcast by all 0.14 nodes to ensure that everyone gets the alert. This process renders the entire alert system useless and thus safe to disclose the alert key. It somehow feels wrong to undo Satoshi's master plan to inform users when major events happens, but I can see how some people might misuse this system, if they cannot be properly removed. I was under the impression Gavin's key was removed and he could not access that system... or do they mean that a rogue developer might try to sabotage Bitcoin whilst he or she still has the key? Well I hope there are a good replacement that can be properly verified with a PGP key. There are no individual alert keys for each person. There is one singular key and you cannot prove that you don't have the key. A major issue is that when an alert is sent, it is impossible to know who actually sent it. Gavin has the key, and will always have the key. Mark Karpeles has the key, and will always have the key. This is the "official version", which is meaningless, in my view. And it is a childish act as well since this key was not intended to be made public in the first place, as I got it.
How is it a childish act? It isn't retaliating against anyone, it is to provide transparency and to show how the alert system has been successfully retired. To further clarify my point, would the developers want to release the old inactive key if they decided just to change it, for whatever reason (let's assume that it is possible to change the key)?
Would you believe them if they said they would release it to the public to demonstrate that the old key is no longer useful?
Yes, I would want the developers to release the old inactive key if they changed. If they changed the key, they would follow a process very similar to what is being done now; the developers aren't stupid and do think of the consequences. They would have the max sequence alert broadcast to have the "Alert key compromised". The next version of the software would have that same alert hard coded and continuously broadcast to make sure all old nodes get the message. That new release would also have the new key, or, in this case, no key and the whole thing gone. |
|
|
|
|
tee-rex
|
|
November 01, 2016, 07:05:34 PM |
|
To further clarify my point, would the developers want to release the old inactive key if they decided just to change it, for whatever reason (let's assume that it is possible to change the key)?
Would you believe them if they said they would release it to the public to demonstrate that the old key is no longer useful?
Yes, I would want the developers to release the old inactive key if they changed. If they changed the key, they would follow a process very similar to what is being done now; the developers aren't stupid and do think of the consequences. They would have the max sequence alert broadcast to have the "Alert key compromised". The next version of the software would have that same alert hard coded and continuously broadcast to make sure all old nodes get the message. That new release would also have the new key, or, in this case, no key and the whole thing gone. Now all we need is to find out if the Alert key has ever been changed. If it hasn't been, then there is no evidence as to what might have happened, then let's call it a day, for the lack of evidence, obviously. If they changed the key and disclosed the old one, that would mean one thing, but if they changed it and didn't disclose the old key, that would mean something totally different, correct? |
|
|
|
|
|
