What if dev-team is compromised?

[im3w1l]

Suppose someone accidentally the whole dev team? Or suppose it is infiltrated? Or suppose they are bought off?

How should we as a community react? Probably fork right, but what fork? It is easy to imagine a dozen forks springing up before things stabilize. In a worst case they could be so weak, the original, comprised chain becomes the favored one, simply because it is easier to stick with the status quo.

Maybe we could benefit from a chain of command or something?

[1715323108]

1715323108

[1715323108]

1715323108

[1715323108]

1715323108

[1715323108]

1715323108

[1715323108]

1715323108

[greyhawk]

Mother Hen, put im3w1l on the List. They're trying to organize.

[acoindr]

Suppose someone accidentally the whole dev team? Or suppose it is infiltrated? Or suppose they are bought off?

How should we as a community react? Probably fork right, but what fork? It is easy to imagine a dozen forks springing up before things stabilize. In a worst case they could be so weak, the original, comprised chain becomes the favored one, simply because it is easier to stick with the status quo.

Maybe we could benefit from a chain of command or something?

While the dev-team is brilliant they don't equal Bitcoin. The community doesn't always go for what the dev-team suggests. In fact sometimes there are differences of opinion within the dev-team. Also, the dev-team isn't set in stone. Members of the core dev-team can change.

This is a strength of Bitcoin being decentralized. There is no single point of failure. Since the entire community benefits from Bitcoin being successful, everyone naturally desires to do what it takes to make that happen. This usually means as long as things are working there is no reason to change or accept any changes. Only changes which can win a large majority of support, what Gavin often calls a supermajority, will usually have any chance at being implemented.

[Stephen Gornick]

Probably fork right, but what fork?

Well, let's take the unintentional change to the Bitcoin protocol that happened with the Bitcoin-Qt/bitcoind v0.8 release.

It caused a hard fork.

It took less than an hour for a sufficient amount of hashing capacity to conclude that coins mined using v0.8 blocks would become worthless and thus abandon it to go back to the protocol as it exists in v0.7 and prior (or use a v0.8 patch that fixed the incompatability).

That's because the economic majority favored the v0.7 side.  

 - https://en.bitcoin.it/wiki/Economic_majority

And that's for a change that introduced that unwanted behavior had slipped through undiscovered.  An intentional change to alter the protocol would likely not go unnoticed as there are many eyes on every change to the source that is released:
 - https://en.bitcoin.it/wiki/Release_process

[LiteCoinGuy]

switch to litecoin, its more userbased.

[Rassah]

If the dev team was compromised, then Bitcoin-QT would change, but Electrum, Blockchain.info, the wallets on exchanges, all the mobile phone wallets, and all the mining pools, will continue working as usual, and will likely reject Bitcoin-QT transactions and blocks, which would instantly throw really huge red flags that something is up. So, anyone using anything other than QT will be fine, and anyone using QT will just have to either downgrade to an older version, or export their private keys to a non-compromised wallet.

[grue]

switch to litecoin, its more userbased.

And how exactly is it more "userbased"?

[greyhawk]

switch to litecoin, its more userbased.

And how exactly is it more "userbased"?

By being more buzzwordy 

[acoindr]

If the dev team was compromised, then Bitcoin-QT would change, but Electrum, Blockchain.info, the wallets on exchanges, all the mobile phone wallets, and all the mining pools, will continue working as usual, and will likely reject Bitcoin-QT transactions and blocks, which would instantly throw really huge red flags that something is up. So, anyone using anything other than QT will be fine, and anyone using QT will just have to either downgrade to an older version, or export their private keys to a non-compromised wallet.

Incorrect.

The dev team can't make any changes to all the Bitcoin-Qt versions already distributed and running on various computers. If you don't want to agree to any changes, simply do not upgrade.

[dillpicklechips]

switch to litecoin, its more userbased.

And how exactly is it more "userbased"?

No dev-team to compromise?

[dillpicklechips]

Probably fork right, but what fork?

Well, let's take the unintentional change to the Bitcoin protocol that happened with the Bitcoin-Qt/bitcoind v0.8 release.

It caused a hard fork.

It took less than an hour for a sufficient amount of hashing capacity to conclude that coins mined using v0.8 blocks would become worthless and thus abandon it to go back to the protocol as it exists in v0.7 and prior (or use a v0.8 patch that fixed the incompatability).

That's because the economic majority favored the v0.7 side.  

 - https://en.bitcoin.it/wiki/Economic_majority

And that's for a change that introduced that unwanted behavior had slipped through undiscovered.  An intentional change to alter the protocol would likely not go unnoticed as there are many eyes on every change to the source that is released:
 - https://en.bitcoin.it/wiki/Release_process

Does bitcoin have some type of alert/alarm when a fork exists so I can avoid taking payments or sending during this time?

[theymos]

Does bitcoin have some type of alert/alarm when a fork exists so I can avoid taking payments or sending during this time?

Yes. If there's an invalid chain longer than your current chain, Bitcoin will automatically give you a warning and go into safe mode. 0.8.5 (probably) will go into safe mode if a competing chain is even approaching a dangerous length.

[bbit]

Things would move forward. I don't see the dev-team being compromised.

[johnyj]

One dev team down, thousands up  

[bg002h]

...then their salaries for working on Bitcoin will be cut

Seriously, if they were compromised, we'd lose a lot of free employees...

[600watt]

-invent new payment technology
-get all the hackers, drug users, hippies, conspiracy theorists, liberals to love it
-compromise dev team
-pull the plug
-laugh all the way home

[WSDN]

One dev team down, thousands up  

+1

[infested999]

Suppose someone accidentally the whole dev team? Or suppose it is infiltrated? Or suppose they are bought off?

How should we as a community react? Probably fork right, but what fork? It is easy to imagine a dozen forks springing up before things stabilize. In a worst case they could be so weak, the original, comprised chain becomes the favored one, simply because it is easier to stick with the status quo.

Maybe we could benefit from a chain of command or something?

This has already happened, forcing the transactions to be over a certain amount of coins. Nothing you can do, just take it, as we have seen.

Is this the twitch chat?

Oh, I only get one message in slow mode huh? Well, if I only get one message, I'll make it sweet and sharp. These authoritarian mods will not be tolerated. Dota 2 was based on the premise of the free market, and it has slowly been corrupted by nazi mods in chats who are power hungry. Don't ruin the Dota 2 and twitch experience. Thanks.

from here: http://www.youtube.com/watch?v=Vfdky8Nmlic

This content has been modified to fit your simple mind:

Oh, I only get one tx with this fee huh? Well, if I only get one tx, I'll make it sweet and sharp. These authoritarian mods will not be tolerated. Bitcoin was based on the premise of the free market, and it has slowly been corrupted by nazi mods in the dev-forum who are power hungry. Don't ruin the Bitcoin and capitalist experience. Thanks.

[gmaxwell]

How do you know it isn't already?

[Rassah]

How do you know it isn't already?

Because your handlers wouldn't allow you to say that, and if you reply, it's proof you are still alive and not in solitary confinement.

[theymos]

Because your handlers wouldn't allow you to say that, and if you reply, it's proof you are still alive and not in solitary confinement.

That's exactly what they want you to think.

[Rassah]

Because your handlers wouldn't allow you to say that, and if you reply, it's proof you are still alive and not in solitary confinement.

That's exactly what they want you to think.

Crap. Guess I better cash out that 750 before it becomes worthless! 

[Kouye]

Wow.
Answer is much simplier than that.

If devs try to cheat, they will be busted within 30 seconds at most, and will be jailed/banned/replaced.

/thread.

[gmaxwell]

If devs try to cheat, they will be busted within 30 seconds at most, and will be jailed/banned/replaced.

oh... if were true ...

But it's not.  The assumption that it is already true is probably a major reason that it isn't: a catch 22.

[jbreher]

Does bitcoin have some type of alert/alarm when a fork exists so I can avoid taking payments or sending during this time?

Yes. If there's an invalid chain longer than your current chain, Bitcoin will automatically give you a warning and go into safe mode. 0.8.5 (probably) will go into safe mode if a competing chain is even approaching a dangerous length.

OK - where do I learn what this 'safe mode' is?

[elor70]

i dont think they have that much power over us...

[im3w1l]

Story time:

The year is 2016. Bitcoin has been a massive success, and is adopted far and wide. The success naturally lead to an influx of new users with different values from the old timers. Eternal September set in slowly, but surely. New voices were heard, questions were being asked. "Pedophilia is horrible and must be banned", "We can't go fund some terrorists", "Is is it really fair that 10% of users own 90% of bitcoin?". At first they were few enough that the community could point and laugh. They were written off as trolls. But the tides of history swept in mercilessly. They grew in strength. One day it was announced on the forums: "50% of bitcoins are to be redistributed to disadvantaged groups". A long explanation of privilege and of how some people had not had a fair chance at securing coins followed. People were upset. Can they really do that? The early adopters were most upset of all, both because of the theft, but also because they very truer believers. Forum post after forum post were written to talk some sense into the dev team. Banwave after banwave rolled in. Of course it didn't make them disappear. But it hid them. Safely away from the large hordes of users that didn't really care and just wanted to buy stuff online. The crowds network effects are made of. A fork was created where the redistribution had never taken place. The ideologues used it, but it never really caught on. Most users were to lazy to type in a new chain configuration. And besides, wasn't it right that everyone got a fair chance in the new age?

The End

[thechevalier]

Yes, that is a real threat.

Some would argue the dev-team is already compromised--what with their rush to cozy up to regulators (not what I think).

That's why projects like btcd are so important. It's concerning there are not more independent implementations of the Bitcoin protocol.

[TraderTimm]

And then began the dark times...

"The Blockchain Wars"

Paul always knew he wanted to be a miner. Now with Bitcoin entering its final years of rewarding those with the dedication and grit to keep their machines running, all racing along the the difficulty curve that rose from the foggy depths of single digits towards the trillions. Just one found block, and he wouldn't have to work for the rest of his life. Not that he minded, there were plenty of places where his skills could be utilized, but it wasn't for him.

Paul dreaded the monotony and slow death that large corporations offered, especially after the special economic zones started running. Wedded to a firm for life, working up the ranks and sucking down the horrible beverages, most designed to "accentuate" your mental skills. Pure chemical blather, he thought.

But nothing like mining. Nothing like tweaking your machine until it was churning just fast enough to produce hashes, but cool enough not to self-combust. Paul was a pro. He had all the latest tech, everything had been through a few test baths of sub-zero coolant, just to get a baseline. He would then start working on the custom enclosures and pressure vessels that would house his hyperactive circuits, keeping them just on the right side of self-destruction.

That's when his jaw buzzed. A dropdown slid into his view, announcing Jerry's insistent hail. Tensing his muscles slightly, he made the scissor-like motion to answer.

"Look -- hey Paul-o, we gotta shift and shift it now, man!"

Jerry's breathing was ragged, and for a moment Paul thought he was running away from something.

"I'm in the shop, what's the deal?"

"Its the chain man - we gotta boost off this chain before we get our asses swamped!"

Satoshi save us, not this shit again...

"Look, I only have 10 PetaHashes and that's all from recycled stuff, and most of that is splintered along some alts that I care about. You want to play chain-war, you get someone else."

"Comon Paul.. look, you gotta back me here - you know if my alt gets swamped then I'm done, right? I've worked on this so LONG..."

Ragged breath, some coughing rattling down the thinband in slight attenuated shifts.

"Alright, fine. I'll see if I can cobble together some of the older shit I have in storage. I'll get back to you, k?"

"Oh THANKS MAN, You and me baby -- we're gonna make 'em wish they never tried!! Woo-"

Paul cut off the call mid whoop, not wanting to subject himself to another aural beating. Great. Another chain war, another series of long feints to defend somebody's idea of the best cryptonomy. Paul shook his head, knowing he'd support his friend, but at what cost? He had his own projects, thank you -- and having to turn most of his capacity over to some other chain... dammit, dammit...

Well, beats working for the corps, and at least you get to stay in this boosted unit on the edge of the zone. Paul put his head in his hands, trying to knead out some of the tiredness from behind his eyes.

[Dabs]

Ok, how do you forcefully re-distribute coins that are buried more than 100 blocks deep already?

[gmaxwell]

Ok, how do you forcefully re-distribute coins that are buried more than 100 blocks deep already?

Pretty trivially when almost everyone is on a SPV node because a full node requires gigabits of network connectivity, and when everyone who isn't would have to accept the invalid blocks or otherwise be left behind by the economic supermajority of people who are.   (this is all in some fantasy world where Bitcoin is widely used enough for a seriously funded attack, right?)

[Dabs]

The fairy tales I'm reading so far are just the not-too-distant future, or a close future. I don't see SPV only nodes existing except on mobile devices.

A lot of people will keep their full nodes for at least the next decade, or two.

I use only bitcoin-qt on my laptop, that's a full node right? I don't see myself switching from it for a long time. When it takes up half of my hard drive space, I may consider the alternatives, but for now I will keep using this.

[virtualmaster]

This is a really serious threat compromising Bitcoin on the developer side.
Let me show some ideas how the Namecoin identity and namespace system could contribute to improve this threat.
If every developer and some security experts creates a Namecoin identity for ex. id/gagarin and id/bob and they publicate this on their main website.
http://dot-bit.org/Namespace:Identity
Everybody could check the authenticity of their files or expertise analysis published against the key on their Namecoin id id/gagarin and id/bob.

It could be also created a new namespace bitcoin/ and they create there also an identity bitcoin/gagarin and bitcoin/bob for bitcoin related issues, which is signed with their key published on id/gagarin and id/bob. It could be created also namespace entries for every subproject, like gagarin084, gagarin091 ....
In every namespace entry would be stored the signature of the downloadable file. L
like bitcoin/gagarin084{
"signature" : "signaturetext",
"update-priority" : "high",
"improovements" : "security, client-graphic",
"comments" : "...",
"available" : "http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.4/",
...
}

In bitcoin/gagarin he makes an entry for every version
bitcoin/gagarin
{
...
"releases" : [..., "gagarin083", "gagarin084"]
}

Some security experts or known developers could publish their meaning on every release.
For ex.

like bitcoin/bob084{
"signature" : "signaturetext",
"downloaded from" : "http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.4/",
"version" : "windows binary",
"network-communication" : " not checked",
"local-activity" : "checked",
local-encryption" : "checked",
"comments" : "it seems to be in order, no dubious activity detected",
...
}


So every release is signed and commented from authenticated authors and the signatures are stored unfalsifiable in the Namecoin blockchain.
It is not affected by website hijacking or take down.

You can explore the entries from the namecoin client or from the web
explorer.bit/ -> for ex. id/khal (enable .bit browsing)
It works on any namespace like anything/youimagine.

[gmaxwell]

Everybody could check the authenticity of their files or expertise analysis published against the key on their Namecoin id id/gavin and id/bruce.

I hate to crap on someones neat idea, but this sounds completely pointless. You need some way to know that these IDs are the right people, and that id/gavin isn't just some squatter and the real gavin isn't id/gavin11.  If you've solved that then you can just use the PGP signatures we already have.

Better, the PGP keys are connected to the PGP web of trust, so you do have a starting point to cold validate the keys at least as belonging to specific named people. 

[virtualmaster]

Everybody could check the authenticity of their files or expertise analysis published against the key on their Namecoin id id/gavin and id/bruce.

I hate to crap on someones neat idea, but this sounds completely pointless. You need some way to know that these IDs are the right people, and that id/gavin isn't just some squatter and the real gavin isn't id/gavin11.  If you've solved that then you can just use the PGP signatures we already have.

Better, the PGP keys are connected to the PGP web of trust, so you do have a starting point to cold validate the keys at least as belonging to specific named people. 

May be you have right with the real names. So I changed them even if they are not so suggestive.

[Luckybit]

Suppose someone accidentally the whole dev team? Or suppose it is infiltrated? Or suppose they are bought off?

How should we as a community react? Probably fork right, but what fork? It is easy to imagine a dozen forks springing up before things stabilize. In a worst case they could be so weak, the original, comprised chain becomes the favored one, simply because it is easier to stick with the status quo.

Maybe we could benefit from a chain of command or something?

It's open source so it wont make much of a difference but it does mean an audit would be necessary and a complete rewrite.

[crazy_rabbit]

The US government intelligence agencies have been interested in Bitcoin for a number of years now. I'm sure if it's compromised, it's been compromised for awhile now.

That said, this is why it's important to be open source and make sure everyone is checking everything.

[TraderTimm]

In all seriousness though, I'd like to have a mechanism whereby if a core developer is approached by any gov't to compromise bitcoin, they have to resign - and announce that publicly, signing the message with the same pgp signature used to commit their changes to the Bitcoin codebase.

I know that the devs wouldn't just sit there if such a situation occurred, but I'd feel better knowing there was some kind of notification process to deal with it.

[Rassah]

In all seriousness though, I'd like to have a mechanism whereby if a core developer is approached by any gov't to compromise bitcoin, they have to resign - and announce that publicly, signing the message with the same pgp signature used to commit their changes to the Bitcoin codebase.

I know that the devs wouldn't just sit there if such a situation occurred, but I'd feel better knowing there was some kind of notification process to deal with it.

Good idea, but may be unnecessary, due to so many different devs working on different bitcoin clients. It'll be like someone from the gov asking a dev working on Ubuntu to compromise it. All other Ubuntu devs will notice, all other Linux devs that use Ubuntu code will notice, and all the dozens of other Linux distros will not even notice.

[will1982]

I imagine that, if malicious, the compromisors (?) would push out an update to QT with a virus or a way to screw up the network

[gmaxwell]

In all seriousness though, I'd like to have a mechanism whereby if a core developer is approached by any gov't to compromise bitcoin, they have to resign - and announce that publicly, signing the message with the same pgp signature used to commit their changes to the Bitcoin codebase.

But whats that even mean exactly?

I had some doofbrained researchers contact me to ask about adding tracking code to Bitcoin to help with their research. I told them to buzz off in perhaps excessively rude terms. If it was some law enforcement, some officer Obie from Stockbridge, Nowhere?  I'd have to resign?

Or maybe those researchers were really government shills (how would I know?) does that mean I'm already free?  ?? ?!? FREE?! IT WAS THAT EASY OMG I'M FREE   FREEEE FREEEEEEE!

I imagine that, if malicious, the compromisors (?) would push out an update to QT with a virus or a way to screw up the network

This is why we don't have an auto-updater. We should eventually gain some kind of update tool... Without one a lot of people just keep downloading the software and not checking the PGP signatures, and every time they do it they're exposed to getting an exploited version.

The community should absolutely not accept just some tool that lets a single person or even a small number of people rapidly push out replacement software to all the users.  If you want to give the developers of your node software crazy power just in case of emergencies, give them a key that makes it shut off, but don't let them freely push updates.  If I ever come back asking for the ability to rapidly push updates that means I've be replaced by an alien symbiont. (And really: the same for any developer, you'd have to be evil or crazy to want that ability: It makes you a target)

I'd like to see is someday have a system where developers can push an update out and your computer will download it but not install it. And after a minimum delay of a couple days if it gets enough positive signatures and no (or not too many) negative signatures, it will wait a random amount of time (e.g. up to a week) and then start asking you if you'd like to make the upgrade (this way if it's busted you might hear about it or the update may be withdrawn after other people update but before you install it)... obviously you could go and manually trigger the upgrade at any point.  This would give time for a lot of people to review any updates and sound alarms if they found problems. It could also allow us to be very liberal in granting veto access, since the vetos would just make things fall back to a manually triggered install.

[TraderTimm]

In all seriousness though, I'd like to have a mechanism whereby if a core developer is approached by any gov't to compromise bitcoin, they have to resign - and announce that publicly, signing the message with the same pgp signature used to commit their changes to the Bitcoin codebase.

But whats that even mean exactly?

I had some doofbrained researchers contact me to ask about adding tracking code to Bitcoin to help with their research. I told them to buzz off in perhaps excessively rude terms. If it was some law enforcement, some officer Obie from Stockbridge, Nowhere?  I'd have to resign?

Or maybe those researchers were really government shills (how would I know?) does that mean I'm already free?  ?? ?!? FREE?! IT WAS THAT EASY OMG I'M FREE   FREEEE FREEEEEEE!

Oh you silly man.

What I mean is the scenario where you're served a FISA order to comply under penalty of (something grave). If you're not in the jurisdiction of the USA, good for you, but if you are, it would mean you couldn't say anything about it directly. You'd have to pull a "Lavabit" and say -- "Well, nice working with you, have a good one." and we'd all know what was up.

I don't want you to, and frankly, I don't see how anyone can prevent you from working on what you want to - but I am more concerned about bullying by assorted "secret court" crap.

That's all.

[greyhawk]

Excellent, so as a government agency all I need to do is approach all developers, who then summarily resign and lookie there, I've just killed off Bitcoin, aren't I neat?

[TraderTimm]

Excellent, so as a government agency all I need to do is approach all developers, who then summarily resign and lookie there, I've just killed off Bitcoin, aren't I neat?

So, if one of them does get approached with a gag-order not to discuss it, what would be your brilliant idea?

[greyhawk]

Excellent, so as a government agency all I need to do is approach all developers, who then summarily resign and lookie there, I've just killed off Bitcoin, aren't I neat?

So, if one of them does get approached with a gag-order not to discuss it, what would be your brilliant idea?

I'm not here to promote and/or save bitcoin. I'm here to spread FUD and laugh at people. Why are you asking me?

[genjix]

I have been approached by UK cyber-crimes police multiple times to work for them.

[greyhawk]

I have been approached by UK cyber-crimes police multiple times to work for them.

Do they know about your underage porn business?

[TraderTimm]

I'm not here to promote and/or save bitcoin. I'm here to spread FUD and laugh at people. Why are you asking me?

Thanks for self-outing yourself. Filter updated.

[greyhawk]

I'm not here to promote and/or save bitcoin. I'm here to spread FUD and laugh at people. Why are you asking me?

Thanks for self-outing yourself. Filter updated.

Enjoy your echo chamber. 

[TippingPoint]

If NSA wanted to compromise one or more persons in order to subtly affect decisions, what methods would they use?  Snowden describes a case that he learned about.  

Whistleblower Edward Snowden Describes The Time The CIA Got A Swiss Banker Drunk And Put Him Behind The Wheel
http://www.businessinsider.com/edward-snowden-describes-cia-tricks-2013-6#ixzz2eVQoKJCW

The known methods used to "turn" subjects include sex, financial pressure, and occasionally drug use to blackmail or extort, and force seemingly small changes in behavior.  These changes are then leveraged to force even greater changes in behavior.

The attack vectors are typically the spouse, child custody, job security, and criminal prosecution.

[crazy_rabbit]

The NSA would just join. They would do that by submitting regularly awesome code updates, doing incredible code work, being helpful, etc... they would sale right on into the team. But the rest of the team would be checking their code, we hope. So what can you do?

FYI: genijx just released a pre-alpha of a totally independent implementation of Bitcoin. This is what we really need to fight this sort of worry. Multiple, entirely different, implementations of the protocol.

[fenican]

If the dev team was compromised, then Bitcoin-QT would change, but Electrum, Blockchain.info, the wallets on exchanges, all the mobile phone wallets, and all the mining pools, will continue working as usual, and will likely reject Bitcoin-QT transactions and blocks, which would instantly throw really huge red flags that something is up. So, anyone using anything other than QT will be fine, and anyone using QT will just have to either downgrade to an older version, or export their private keys to a non-compromised wallet.

Incorrect.

The dev team can't make any changes to all the Bitcoin-Qt versions already distributed and running on various computers. If you don't want to agree to any changes, simply do not upgrade.

True until an auto-update feature is added

[theymos]

I am concerned about the security of the development team.  They give out too much personal information and I even saw Gavin's house on one news report.  Not a good idea.

Yeah, some strongly-anonymous person besides Satoshi should really have a copy of the alert key. (I am not very public, but I'm not terribly anonymous.) Control of the bitcoin.org and bitcointalk.org domain names is shared between Sirius and an anonymous person, which is good.

Or maybe we need to establish a "Bitcoin Defense Force" to act as bodyguards for all of the devs.

[Dabs]

Or maybe we need to establish a "Bitcoin Defense Force" to act as bodyguards for all of the devs.

I can help, but I can only offer protection if you are in my country. If you're somewhere else, you'd have to fly me there and issue me a work contract or something so I get a visa if needed.

[TippingPoint]

I recommend that the development team have one or more distress codes (inocuous words or phrases).

[QuestionAuthority]

I am concerned about the security of the development team.  They give out too much personal information and I even saw Gavin's house on one news report.  Not a good idea.

Yeah, some strongly-anonymous person besides Satoshi should really have a copy of the alert key. (I am not very public, but I'm not terribly anonymous.) Control of the bitcoin.org and bitcointalk.org domain names is shared between Sirius and an anonymous person, which is good.

Or maybe we need to establish a "Bitcoin Defense Force" to act as bodyguards for all of the devs.

Are you saying that you, Sirius and the person calling himself Satoshi are still in communication and all have control? Do you talk to Satoshi often?

[Dabs]

I recommend that the development team have one or more distress codes (inocuous words or phrases).

They just need a dead man's switch. When they are "compromised" they simply don't reset the switch and let it activate. Oh, of course, you'll say, the evil government agencies will instruct them to reset the switch.

[gmaxwell]

They just need a dead man's switch. When they are "compromised" they simply don't reset the switch and let it activate. Oh, of course, you'll say, the evil government agencies will instruct them to reset the switch.

There is a popular mining pool has a deadmans switch to turn over control of the pool to the backup ops if the main ops go offline...

It has fired accidentally once.  These things are tricky to get right.

Worse, they can create some perverse incentives.  If we had a deadmans switch we might not tell you if we thought it would make attacks more likely.

[Dabs]

Don't tell anyone. That's the point. Suddenly we'll just get an email with a signed GPG message stating that "We put this in place some time ago, here is the secret word, here is the hash, don't trust any source code from me from now on without looking at it, etc, this was supposed to fire if I don't reset this for 2 months, etc etc."

That, or you have this thing that sends a message if you trigger it, and you will trigger it if you got compromised while you still have the power to trigger it. Because you can't trigger it if you're dead. So it's an "alive man's switch".

If you're dead and gone, then obviously no further source code or binary can come from you. In that case, you also have a true dead man's switch set for about 1 year.

[luv2drnkbr]

Suppose someone accidentally the whole dev team? Or suppose it is infiltrated? Or suppose they are bought off?

How should we as a community react? Probably fork right, but what fork? It is easy to imagine a dozen forks springing up before things stabilize. In a worst case they could be so weak, the original, comprised chain becomes the favored one, simply because it is easier to stick with the status quo.

Maybe we could benefit from a chain of command or something?

This has already happened, forcing the transactions to be over a certain amount of coins. Nothing you can do, just take it, as we have seen.

Sigh, no it hasn't.  Actually, exactly the opposite of that has happened.  Gavin made a change to the DEFAULT configuration options so that dust spam wouldn't propogate.  HOWEVER, you can change that yourself in your configuration file, and mine yourself, and connect to miners that accept dust spam.  Dust is still a valid transaction, and if you mine yourself and happen to find a block, other people will accept that block.  Currently, most users and miners simply drop and don't relay dust transactions, BUT if you want that to change, all you have to do is rally support.  The devs made this OPTIONAL, so that if the COMMUNITY decides it's best, they can still relay all the dust they want.  Just add this to your config file:

Code:

mintxfee=0.00000001
mintxrelayfee=0.00000000
addnode=173.242.112.53
addnode=184.152.8.228

mintxfee must be 1 satoshi, because if you put zero it gets confused, because it already has a way to deal with 0 mintxfee.. they're called no-fee transactions. So mintxfee is the minimum amount for a transaction fee that is non-zero, which of course is 1 satoshi.  The addnodes are the only two nodes I know of that mine and relay dust tx's.

[luv2drnkbr]

I am not going to respond to this since it is way off topic but if you want to believe the community had a hand in choosing go ahead, nothing will stop you from believing that.

First of all, every single one of my beliefs can change with logic and/or new information.  Secondly, I never said the community had a giant role in making that change.  All I said was that the devs recognized that the community must be able to decide, and they made sure to leave it as an OPTION so that if the users really did hate the change, they had the power to undo it.

The whole ROLE of developers is to improve the software and think about the long term.  Gavin made a change he thought did that.  That's his job.  If you disagree, then go rally users to implement the config changes I listed.  It's really easy.