kjj
Legendary
Offline
Activity: 1302
Merit: 1024
|
|
June 06, 2013, 12:05:29 PM |
|
Getting the gitian build system working is not a trivial task. New releases are typically delayed for several hours while the dev team waits for more people with working systems to show up to verify the hash of the resulting binary.
If anyone is looking for a way to get involved and help the project, setting up another build environment and hanging out in the dev channel on release days would be a good way to do it.
|
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8 I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
|
|
|
TalkImg was created especially for hosting images on bitcointalk.org: try it next time you want to post an image
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
oakpacific
|
|
June 06, 2013, 12:15:53 PM |
|
Also, all the alternative clients developers will have to understand the Bitcoin-qt code, some of them will notice it if there is anything wrong.
|
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1091
|
|
June 06, 2013, 02:20:02 PM |
|
Getting the gitian build system working is not a trivial task. New releases are typically delayed for several hours while the dev team waits for more people with working systems to show up to verify the hash of the resulting binary.
If anyone is looking for a way to get involved and help the project, setting up another build environment and hanging out in the dev channel on release days would be a good way to do it.
+1
|
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own. Visit bloq.com / metronome.io Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
|
grau
|
|
June 06, 2013, 02:53:10 PM |
|
Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.
The devs would be forced to comply right?
Very unlikely scenario, but in that case I would be happy serving you an alternate implementation. Bitcoin is a protocol, not an implementation and even less a binary. Edit: Thinking through the technical implications, this would end up in a fork since older or alternate clients would not accept the transactions confiscating funds. The resolution of the fork would unlikely be a vote for a version that has these features.
|
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2164
Chief Scientist
|
|
June 06, 2013, 05:16:03 PM |
|
Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.
The devs would be forced to comply right?
Pieter and Wladimir are not US citizens, so a US judge can't order them to do anything. If I was ordered to insert a backdoor, I'd just resign as lead developer and find something else to work on. But this whole scenario sounds like a paranoid delusion; has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1091
|
|
June 06, 2013, 07:33:52 PM |
|
has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?
Not AFAIK. Usually it is tried at least somewhat surreptitiously, e.g. Report of FBI back door roils OpenBSD community http://news.cnet.com/8301-31921_3-20025767-281.html
|
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own. Visit bloq.com / metronome.io Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1005
Bringing Legendary Har® to you since 1952
|
|
June 06, 2013, 09:04:59 PM |
|
This one has not been confirmed. And thousands people probably already looked at the code, because the case is like what 5 ? 10 ? years old ?
|
|
|
|
|
ninjarobot
|
|
June 06, 2013, 11:51:59 PM |
|
I would worry more about backdoors in ASIC mining hardware. If we end up in a situation where most of the ASIC miners needed to be competitive in the mining business come from a few suppliers in China that might reason to worry. Especially in the light of the recent allegations of government installed backdoors in telecoms equipment from Huawei and ZTE. See: http://www.zdnet.com/former-pentagon-analyst-china-has-backdoors-to-80-of-telecoms-7000000908/The bitcoin software is easy to audit. The mining hardware? not so much.
|
|
|
|
evilpete
Member
Offline
Activity: 77
Merit: 10
|
|
June 07, 2013, 12:54:51 AM |
|
Folks are asking the wrong questions. The more interesting questions are:
If it were so ordered, how might it be done?
If it were done, how could it be kept hidden to stop it being circumvented? (given that the point of bitcoin is that people are supposed to be a validating node.. right?)
What would they really want, anyway? A copy of transactions? (like the public block chain? oh wait..) Map addresses to people? (That's what the FinCEN MSB/etc stuff is for)
Backdoors like registering private keys or even public addresses would never work (too many alternative clients, a huge can of worms - people would remember Clipper quickly)
Backdooring miners is academic - all they're doing is gathering signature transactions into a blockchain. You need to private keys (see above) to take somebody's BTC. They can't tamper with the blockchain, it would be rejected by the rest of the network. The block chain is to provide consensus of which version of transaction is the right one, it doesn't make actual transactions.
No, its far easier and more practical to raid your home at first light, seize everything you have, and present you with alternatives so horrible that you'll cave. A bit of shock and awe goes a long way to keep people in line.
There's no gain for "the government" to backdoor the bitcoin code when there's far more effective tactics. Be more worried about the highly effective, low tech attacks. Its hard to spend your bitcoins if you're in prison.
|
First they ignore you, then they laugh at you, then they fight you, then you win. - Mahatma Gandhi
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
June 07, 2013, 07:08:53 AM |
|
Rubber Hose!
If your wallet is protected by a 64 character alphanumeric pass phrase, they will use a $5 wrench to extract it from you.
|
|
|
|
TierNolan
Legendary
Offline
Activity: 1232
Merit: 1077
|
|
June 07, 2013, 10:52:19 AM |
|
I would worry more about backdoors in ASIC mining hardware.
If the hardware just does hashing then you can't really have a backdoor. You tell the hardware what header you want it to hash and what nonce range to use. A miner that is more complex and builds up its own blocks would be different.
|
1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
|
|
|
Sukrim
Legendary
Offline
Activity: 2618
Merit: 1006
|
|
June 07, 2013, 12:15:41 PM |
|
Well, you could easily append stuff to the merkle root I guess... The problem is that the coinbase transaction is unknown to the miner itself and that is the one and nearly only one that matters to miners. You could make them "break" at a certain point of time though for example. An interesting concept would be an ASIC that spends e.g. 1 BTC for each block it produces from a known address to the ASIC developers and that gets distributed for free. One that address runs dry (hacked or simply enough blocks mined), the ASICs stop working. It is in the best interest of miners then to transfer some BTC to this address again to pay for their ASICs that way. It's not 100% possible right now (as the ASIC would need to know about a new unspent output in that address) but it might be a possibility at least maybe in the future. By the way: What about a guide/script to do the following: Get a vanilla LTS Linux distro (e.g. Ubuntu) Install something like Jenkins or buildbot Install gitian Configure Jenkins or buildbot to build every commit in the bitcoin github repo via gitian Provide a way to sign and publish the output of these builds I would love to help verify builds for various platforms but setting all these things up is a bit much to ask and surely has already been done by some people. If there is a guide (or even better: a simple commented shellscript that already installs all required dependencies etc. from a vanilla installation/liveDVD) somewhere then I'd be happy to donate my CPU time + HDD space towards this. I don't really want to "donate" hours of my time though to make gitian, buildbot and whatever you use for signing this (maybe Bitcoin and/or Bitmessage private keys? ) run if there could be already a standard platform for doing so. TL;DR: Give me a shellscript that "just works"(TM) with a specific liveDVD of some Linux distro that builds Bitcoin binaries and I would love to verify signatures.
|
|
|
|
|
bitzox
|
|
June 07, 2013, 05:06:24 PM |
|
No, its far easier and more practical to raid your home at first light, seize everything you have, and present you with alternatives so horrible that you'll cave. A bit of shock and awe goes a long way to keep people in line.
This right here is 100% on point. Why bother with the hassle of installing a backdoor on the code when they can simply arrest you threaten you and your spouse with 20 years in prison and tell you if you surrender your coins they will let your wife off and knock your sentence down to 10-15. That doesn't work? Ok you're now declared an enemy combatant(who needs justification, that's why we have the patriot act), no legal rights, and deported to guantanamo. Oh Guantanamo is finally closed? You think that means you get a break? Nope, now you get to go rot in some hell hole jail set up in one of our "allied" (ie colony) third world nations. Enjoy rotting in prison in Turkmenistan.
|
18QpV8ZF3Y4oK8guDQiwTAK73W9r5nvBtm
|
|
|
jaywaka2713
Sr. Member
Offline
Activity: 266
Merit: 250
aka 7Strykes
|
|
June 07, 2013, 05:09:18 PM |
|
Exactly. Or just use a truecrypt hidden container so they think they've retrieved your wallet but just have it empty.
|
|
|
|
riush
Member
Offline
Activity: 73
Merit: 10
|
|
June 09, 2013, 12:19:06 AM Last edit: June 09, 2013, 12:34:18 AM by riush |
|
has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?
It has happened to the JAP project ( http://en.wikipedia.org/wiki/Java_Anon_Proxy) In 2003, the German BKA[8][9] obtained a warrant to force the Dresden Mix operators to log access to a specific web address and to introduce a crime detection function in the server software making this possible.
AFAIK they handled the situation by putting in the code, openly labeling it as what it is, and when asked about it they just said "we can't talk about that..." and everybody knew what was going on. It pretty much killed the project, though, which was about to be overtaken by tor at the time anyway (at least from my point of view). Regarding bitcoin, I don't think it would take more than an hour to be the topic of discussion on IRC if Gavin did actually commit something like that. Let alone release it. And, as he already said, our developer community is spread over several countries/continents so it's extremely hard to put them all under legal pressure simultaneously. Maybe it would be nice to better track / display who reviewed what code. I know you can count the ACKs in the github discussions, but maybe it would put some minds at rest if there was a website listing commits/tags/builds along with green badges representing valid signatures from the core devs.
|
1MKKiJhUJgqKyfCLeo7bB1bvELNEM8wUbz
|
|
|
jubalix
Legendary
Offline
Activity: 2618
Merit: 1022
|
|
June 24, 2013, 01:21:25 PM |
|
Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.
The devs would be forced to comply right?
Open source software makes it so that every change is visible. Currently the Bitcoin-Qt/bitcoind release is signed by the Bitcoin Foundation ... which means the release won't work for Windows 8 and Mac users (as an update) unless Bitconi Foundation signs it. This makes it difficult for some other dev team members who are not a party to this hypothetical IRS backdoor demand to be able to release updates to the client without this backdoor themselves. It would probably have to be a fork with a different name (and signed by some other organization). But the developers don't have final say as to what changes are accepted for the Bitcoin protocol. It is the economic majority who decides: - http://en.bitcoin.it/wiki/Economic_majorityi don't get this why does it need to be signed, just copy the cod, take out signing requirement bit and release....what am I missing
|
|
|
|
jubalix
Legendary
Offline
Activity: 2618
Merit: 1022
|
|
June 24, 2013, 01:23:38 PM |
|
you would not necessarily know that there is a backdoor.
For an experienced programmer who reviews Bitcoin code on a daily basis it should be trivial to spot such a backdoor. Git is such an extremely powerful tool to review exactly who does what and when. It will be almost unfeasible to put a backdoor in Bitcoin, currently. what if they get to git, to not compare this code, mod git just for BTC, in some update, that would trick you as you had being relying on git to find the difference.
|
|
|
|
|