Bitcoin Forum
December 03, 2016, 02:27:46 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: an appeal to reason  (Read 1502 times)
Piper67
Legendary
*
Offline Offline

Activity: 1008



View Profile
August 30, 2011, 01:44:56 PM
 #1

An internet forum is probably not the place to ask that reason prevail, but haven't we flogged some dead horses enough? Allegations of child sexual abuse? Really, is that what this has come to?

Some really interesting, juicy stuff is happening with Bitcoin (ATM's, the lightning speed at which Bit-Pay resolved the question of donations, the javascript work being done by Stefan Thomas and so on).

It would speak volumes to the maturity of this forum, and of the Bitcoin community at large, if we could concentrate on those.
1480732066
Hero Member
*
Offline Offline

Posts: 1480732066

View Profile Personal Message (Offline)

Ignore
1480732066
Reply with quote  #2

1480732066
Report to moderator
1480732066
Hero Member
*
Offline Offline

Posts: 1480732066

View Profile Personal Message (Offline)

Ignore
1480732066
Reply with quote  #2

1480732066
Report to moderator
1480732066
Hero Member
*
Offline Offline

Posts: 1480732066

View Profile Personal Message (Offline)

Ignore
1480732066
Reply with quote  #2

1480732066
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480732066
Hero Member
*
Offline Offline

Posts: 1480732066

View Profile Personal Message (Offline)

Ignore
1480732066
Reply with quote  #2

1480732066
Report to moderator
1480732066
Hero Member
*
Offline Offline

Posts: 1480732066

View Profile Personal Message (Offline)

Ignore
1480732066
Reply with quote  #2

1480732066
Report to moderator
worldly
Full Member
***
Offline Offline

Activity: 137



View Profile WWW
August 30, 2011, 02:29:18 PM
 #2

bump

European Bitcoin Conference Prague 2011
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
August 30, 2011, 02:34:17 PM
 #3

Reason is useless against trolls.
elggawf
Sr. Member
****
Offline Offline

Activity: 308



View Profile
August 30, 2011, 02:34:32 PM
 #4

Bitcoin-Charity also made their first actual cash donation to Medecins sans Frontieres, which I think is good news.

^_^
Lucidize
Member
**
Offline Offline

Activity: 61


View Profile WWW
August 30, 2011, 02:37:01 PM
 #5

I totally agree, but don't you think creating new threads about all this scandal is just fueling the fire? The people who do not already know about it will be going to search what the hell is going on and then it's just more muck-spreading.
The best thing to do is ignore it and the kids will get bored.

Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
August 30, 2011, 02:37:20 PM
 #6

A bunch of trolls are monopolyzing the forum...
Tasty Champa
Member
**
Offline Offline

Activity: 84


View Profile
August 30, 2011, 02:48:23 PM
 #7

What is Stefan Thomas doing with JS?

Inquiring minds want to know!
Piper67
Legendary
*
Offline Offline

Activity: 1008



View Profile
August 30, 2011, 02:51:07 PM
 #8

What is Stefan Thomas doing with JS?

Inquiring minds want to know!

I understand he's working on an online wallet, with encryption, that you'll be able to access from your handheld device and will be secure. Really, really cool stuff. www.bitcoinjs.org
elggawf
Sr. Member
****
Offline Offline

Activity: 308



View Profile
August 30, 2011, 03:15:26 PM
 #9

On the subject of Webcoin, I'll just leave this here.

^_^
Piper67
Legendary
*
Offline Offline

Activity: 1008



View Profile
August 30, 2011, 03:19:02 PM
 #10

On the subject of Webcoin, I'll just leave this here.

Have you sent this to Stefan, elggawf? He does seem to know what he's talking about, and you seem to think this could be a potential problem. I'm sure you two (and the rest of us by extension) could only benefit from the discussion.

He's on here in the forums as well, if you can't find him, I could try and give it a go.

Cheers,
Bigpiggy01
Hero Member
*****
Offline Offline

Activity: 616



View Profile
August 30, 2011, 04:10:19 PM
 #11

Good to see a bit of sanity here  Grin

I'll go cancel my order for paranoia meds on silkroad  Wink

teflone
Hero Member
*****
Offline Offline

Activity: 770


You're fat, because you dont have any pics on FB


View Profile
August 30, 2011, 06:26:01 PM
 #12

IBB's First Official dividends payout Smiley

https://bitcointalk.org/index.php?topic=21732.msg489254#msg489254

For Canadians by Canadians: Canada's Bitcoin Community - https://www.coinforum.ca/
elggawf
Sr. Member
****
Offline Offline

Activity: 308



View Profile
August 30, 2011, 06:44:43 PM
 #13

Have you sent this to Stefan, elggawf? He does seem to know what he's talking about, and you seem to think this could be a potential problem. I'm sure you two (and the rest of us by extension) could only benefit from the discussion.

He's on here in the forums as well, if you can't find him, I could try and give it a go.

Nah, I haven't. I just saw that the other day, and the Bitcoin JS thing this morning. I don't fully comprehend the security issues they're talking about, but basically as I understand it if someone can MITM the wallet site, then they can just send backdoored javascript for the crypto and the javascript crypto advantage disappears.

I'm not sure it even applies to the wallet site as it's implemented by Stefan (nor do I particularly care), but I just thought it might make for interesting, non-sordid conversation. Smiley

^_^
Piper67
Legendary
*
Offline Offline

Activity: 1008



View Profile
August 30, 2011, 06:45:09 PM
 #14

On the subject of Webcoin, I'll just leave this here.

Hey Elggawf:

I forwarded that article to Stefan on another thread, and he replied pretty quickly. I have to admit most of this is beyond my comprehension, as I'm not a programmer, but I decided to copy it here (and perhaps even send you his reply privately) so that you can go through it and see if there are chinks in the armour, so to speak.

Here's what he said:

The main point of the article is that if the server sent you the JavaScript, you're already trusting the server, so you might as well do the crypto stuff server side and use SSL for transmission.

Browser-based crypto is by no means our end goal, but rather a stepping stone. Here are some of the things I am working on or predicting:

Downloadable bundles. There is no reason you can't take the HTML/JS from bitcoinjs-gui, package it up as an AIR or xulrunner app and have people download and install it. It would then have the same properties as regular Bitcoin with respect to software delivery.

Software security device. If you have more than a few bitcents you can install a piece of software that moves your keys and the crypto outside of the browser. If you initiate a transaction within Webcoin or another client, the locally installed software will pop up a window showing the details of the transaction pending your final confirmation.

Building a dedicated software security device will also pave the way for:

Hardware security device. For even larger amounts no measure of software security will be sufficient. A hardware device with a display and internal signing would definitely by a major step forward.

Split key signing. Half your key is on your device, the other half is at a wallet hosting service. The service could offer any kind of verification you want: Yubikey, SMS, phone call, whatever. You'd probably set a daily limit. Under the limit you don't need any special verification. Note that you could have both keys as physical backups, so you wouldn't be dependent on the hosting service if they decide to randomly disappear one day.

Also I want to point out that the only part of BitcoinJS that this criticism affects at all is Webcoin. I know some folks are working on various native clients that use our server APIs, but could be implemented in Java, Objective-C, C#, etc.
elggawf
Sr. Member
****
Offline Offline

Activity: 308



View Profile
August 30, 2011, 06:46:24 PM
 #15

Thanks for that response, I'll read it after lunch.

Update: Yeah, it's about what I figured he'd say, it sounds like he knows what he's doing - at least much more than I do. I would guess (extremely uneducated) that as long as the Webcoin stuff is delivered over HTTPS, that probably most of the article I posted really doesn't apply to Webcoin.

Then again though, I really gotta stress that I'm by no means an expert in that field.

^_^
norulezapply
Sr. Member
****
Offline Offline

Activity: 475


View Profile
August 30, 2011, 07:45:53 PM
 #16

This looks like a great idea but in practise I wouldn't trust it for handling any transactions or wallet data. Block exploring and stats would be aided greatly by this but on the security side of things this seems very susceptable to hacking and man-in-the-middle attacks.

If my post helped, I'll happily accept a few bitmills!   15rGg6A1JFZV3b7TTbtpAaiYGdUD1e1oAm
Piper67
Legendary
*
Offline Offline

Activity: 1008



View Profile
August 30, 2011, 07:48:09 PM
 #17

This looks like a great idea but in practise I wouldn't trust it for handling any transactions or wallet data. Block exploring and stats would be aided greatly by this but on the security side of things this seems very susceptable to hacking and man-in-the-middle attacks.

Would you trust it as a way to hold the small amounts that you may use in day to day life? In other words, do you see it as being on a similar level of security as instawallet? Perhaps higher?
norulezapply
Sr. Member
****
Offline Offline

Activity: 475


View Profile
August 30, 2011, 08:01:29 PM
 #18

I haven't read into instawallet. If it was more convienient then I may store 0.5BTC or so. But in reality I can make payments just as easily with the official bitcoin client already, which is much more secure as it's not (browser delivered) JavaScript, so I'd just use that for peace of mind. I can see why it has advantages but I personally prefer security over usability.


EDIT: although saying that, there's nothing to stop someone injecting JavaScript into my browser via a MitM attack regardless of whether I'm using a bitcoinJS based site or not, so yes I think I would probably use it for micro payments.

If my post helped, I'll happily accept a few bitmills!   15rGg6A1JFZV3b7TTbtpAaiYGdUD1e1oAm
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!