Bitcoin Forum
June 28, 2017, 02:08:13 AM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
Author Topic: Preview build of our new client (only for the adventurous!)  (Read 2046 times)
Offline Offline

Activity: 14

View Profile WWW
June 21, 2011, 02:04:10 AM

I don't, it's available so I read it.  I provide comments on it.  I participate in the community that is an open source project.  Could you hide malicious code in plain sight?  Sure.  Would the project see the light of day when said malicious code was discovered by someone with knowledge and the time to read the code?  Nope.  I'll use an open source project over a closed source one in a heart beat for that reason.  The likelihood something is hidden, and undiscovered, is much lower.

I am not sure what you mean about the project seeing the light of day, though I commend you for actually working your way through the code. You represent a tiny minority of computer users however and AllBitcoin is clearly not for you. OSS has many fantastic properties and I'm a big supporter of it. Many eyeballs on the code are great for security and bug finding. However OSS does not imply trust. For your amusement I recommend you check out some of the code presented here:

Most of us trust banks, OS vendors, video game developers, etc. enough to use their closed source software. I would prefer for it to be open sourced too, but that would not influence my level of trust in these organizations.

Bitcoins have helped expose how lax our security has been and if we want it to succeed, we have a lot of work ahead of us.

And how did Bitcoins expose lax security?  Because users had trojans?  Because a site got hacked?  What does any of that have to do with Bitcoins?  We don't need new banks because someone hacked a bank.

I meant it in the sense that prior to Bitcoins, most losses due to compromised computers could generally be reversed. Bitcoins give us irreversible transactions and a store of wealth sitting directly on our hard drives. We're not quite ready for this in terms of both social and software engineering but I'm sure we'll figure it out.

AllBitcoin (
+50% Profit and more via TELEGRAM
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Rob P.
Offline Offline

Activity: 84

View Profile WWW
June 21, 2011, 07:23:55 PM

We'll just have to agree to disagree on these points, I'm not going to allow the thread to digress into point/counter-point.

I wish you well in your endeavor, I just won't be using it.


If you like what I've written here, consider tipping the messenger:

If you don't like what I've written, send me a Tip and I'll stop talking.
Mike Caldwell
Offline Offline

Activity: 1358

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

View Profile WWW
June 21, 2011, 09:23:41 PM

I strongly think what you are doing is great, I have the following advice.

If your app managed everything other than a user's private keys, and outsourced all signing and key management operations to a DLL whose source you're willing to release (and where users could replace it with a DLL of their own), then I think most people's objections would be calmed.

The level of abstraction this open-source DLL might support: the DLL should support being asked what private keys it holds (DLL returns the public keys), and the DLL should support being asked to sign a transaction (where the cleartext and hash of the transaction is passed to the DLL so it can confirm with the user if that's OK).  The DLL should be relied upon to create new keypairs as well.  The DLL may not necessarily have access to the private keys, or might have to get a decryption key from the user "on the fly" in the form of a password prompt.

Ideally, one should be able to create a plug-in DLL that, for example, initiates a signing operation on a smart card or hardware wallet, if that user desired.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Pages: « 1 [2]  All
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!