Bitcoin core developers attack BU?

[Quickseller]

2 - The allegation is the blockstream core devs were behind the malicious attacks against the BU nodes this afternoon. There is also no question that Peter Todd (a blockstream core dev) did not responsibly disclose the bug that he was made aware of in the BU code.

This is not true. The bug was discovered and patched by BU devs first. Todd simply tweeted about it.

It still violates responsible disclosure principals and was very unethical.

No it doesn't because nothing was disclosed that wasn't already public. The BU devs committed a fix for that bug an hour before Todd decided to tweet about it. It was public info!

A bug/exploit by definition is public information. The fix was not yet implemented and therefore pointing to the exploit very publicly and drawing attention to the exploit was unethical.

If Peter Todd worked for any half reputable company, he would have been fired for doing this.

[1715253676]

1715253676

[1715253676]

1715253676

[Abdussamad]

2 - The allegation is the blockstream core devs were behind the malicious attacks against the BU nodes this afternoon. There is also no question that Peter Todd (a blockstream core dev) did not responsibly disclose the bug that he was made aware of in the BU code.

This is not true. The bug was discovered and patched by BU devs first. Todd simply tweeted about it.

It still violates responsible disclosure principals and was very unethical.

No it doesn't because nothing was disclosed that wasn't already public. The BU devs committed a fix for that bug an hour before Todd decided to tweet about it. It was public info!

if it was public info, it wasn't fixed because...?

They posted a fix on their git repo and that's how Todd got wind of it. So it was fixed but people hadn't downloaded the fix yet. You can't really blame Todd for this. Once a vulnerability is made public people have to scramble to get it fixed. People looking to exploit will also scramble to exploit it. It is the nature of the beast.

In other opensource projects the fix is pushed out first and later the vulnerability is spelled out to the public. In this case the vulnerability was so obvious that they couldn't hide it.

I was wrong that the BU devs found the vulnerability. It was an independent security researcher who found it and disclosed it to them privately. This is what the researcher who found the vulnerability had to say:

The problem is, the bugs are so glaringly obvious that when fixing it, it will be easy to notice for anyone watching their development process,” she said.

https://bitcoinmagazine.com/articles/security-researcher-found-bug-knocked-out-bitcoin-unlimited/?utm_content=buffer6e884&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

[jonald_fyookball]

i never blamed Peter Todd.

[AngryDwarf]

I was wrong that the BU devs found the vulnerability. It was an independent security researcher who found it and disclosed it to them privately. This is what the researcher who found the vulnerability had to say:

The problem is, the bugs are so glaringly obvious that when fixing it, it will be easy to notice for anyone watching their development process,” she said.

https://bitcoinmagazine.com/articles/security-researcher-found-bug-knocked-out-bitcoin-unlimited/?utm_content=buffer6e884&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

This is actually quite a good article.

But as BU is gaining traction, the BU code will come under closer and closer scrutiny, and these issues will be resolved. Those who prefer the BU future vision to the core future vision are more likely to get involved. Perhaps the article doesn't explore this possibility.

[Vaskiy]

BU doesn't have good blockchain developers team to fix it. A bug has been used to collapse the entire network. When it took around 40% support in a 24 hours time. Soon after the bug it dropped to 32% and continues. Several statements were made funny in the social Media regarding the collapse of BU.

[Sadlife]

Dont jump to conclusions man we dont actually know the exact truth Peter todd posted in his twitter account that he did not do it.
Well, if it was bitcoin core dev or some hacker sooner or later the Bug will be discovered and exploited.
I do hope that no more major flaw will be found in BU's code or if there is better fixed it already before some attacker tries to bring down the network again.
prevention is always better than cure.

[Paashaas]

https://bitcoinmagazine.com/articles/security-researcher-found-bug-knocked-out-bitcoin-unlimited/?utm_content=buffer6e884&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

the main problem for Bitcoin Unlimited, as pointed out by information security expert Andreas Antonopoulos, is that it lacks a significant development community to perform proper quality analysis. The number of developers working on Bitcoin Unlimited and Bitcoin Classic is relatively small, and the code that included the exploited vulnerability was merged after being reviewed by only one person — not a lot for security-critical code protecting people’s money

the vulnerabilities are so glaringly obvious, it is clear no one has audited their code because these stick out like a sore thumb,” she said. “I’m astounded the mining industry are running this software. But since they are, and a lot of people could get harmed, the best I can do, other than recommending they don’t use Bitcoin Unlimited, is to disclose the issues and hope they are competent enough to fix it.”

This guy knows it how BU is in deep shit, thx for sharing this article. All as expected but BU supporters are to stubborn to accept that.

[Wind_FURY]

Well, maybe Ciphera is not really Eric Lombrozo? 

But his statements couldn't be more clear.

don't you think you're going a little far off the deep end with this? i don't get how anyone could treat this article as anything other than squealing.

if they have a point to make then make it in a dignified manner. if they believe core is out to 'get them' then be better people and rise above it.

Yes, you have to ask them "really? this?". There is a concentrated effort to FUD Core, divide the community and then conquer. It began with XT vs. QT. That is where the Core vs. the big blockers argument started. I am all for competition but not the dirty tricks being done from both sides.

[hv_]

Well, maybe Ciphera is not really Eric Lombrozo? 

But his statements couldn't be more clear.

don't you think you're going a little far off the deep end with this? i don't get how anyone could treat this article as anything other than squealing.

if they have a point to make then make it in a dignified manner. if they believe core is out to 'get them' then be better people and rise above it.

Yes, you have to ask them "really? this?". There is a concentrated effort to FUD Core, divide the community and then conquer. It began with XT vs. QT. That is where the Core vs. the big blockers argument started. I am all for competition but not the dirty tricks being done from both sides.

Who next to Bullockstream is more responsible for

 'divide the community and then conquer'

??