[ANNOUNCE] Electrum - Lightweight Bitcoin Client

[Red Emerald]

It's been a while since I've been on the forum. Nice to see you guys managed to find an awesome charity!

Sent another bitcoin for the next charity: http://blockchain.info/tx-index/3608083/6785f705b690e34fa0fe5a890b4a42615e62ce772adc632a0b4af8a832f73b3a

Did you mean to post this in the Bitcoin 100 topic?

[1714158785]

1714158785

[1714158785]

1714158785

[1714158785]

1714158785

[BTCurious]

Yup I did. Don't know how I messed that up

[ovidiusoft]

Hello,

I just released Electrum 0.43.  
You can get it from http://ecdsa.org/electrum

Changelog:
* this version fixes the wallet recovery issues encountered with 0.42
* support for the stratum protocol (over tcp and http).
* The default interface is now stratum/tcp; it is faster than the native interface.

This client still supports the native protocol, because the stratum interface is still in beta stage and might be modified.

I just released BitSafe-Electrum with 0.43, so you can always have with you the Bitcoin client you love and use

https://bitcointalk.org/index.php?topic=54376.0

Edit: and a small update to 0.43a. Please use this version.

[bravetheheat]

There's an error that I encountered when upgrading from 0.42 to 0.43a:

Code:

david@david-xubuntu:~/electrum/client$ ./electrum
Traceback (most recent call last):
  File "./electrum", line 71, in <module>
    WalletSynchronizer(wallet,True).start()
  File "/home/david/electrum/client/interface.py", line 344, in __init__
    self.start_interface()
  File "/home/david/electrum/client/interface.py", line 415, in start_interface
    self.wallet.pick_random_server()
AttributeError: Wallet instance has no attribute 'pick_random_server'

Had to destroy the existing wallet and recover from seed.

[ThomasV]

There's an error that I encountered when upgrading from 0.42 to 0.43a:

Code:

david@david-xubuntu:~/electrum/client$ ./electrum
Traceback (most recent call last):
  File "./electrum", line 71, in <module>
    WalletSynchronizer(wallet,True).start()
  File "/home/david/electrum/client/interface.py", line 344, in __init__
    self.start_interface()
  File "/home/david/electrum/client/interface.py", line 415, in start_interface
    self.wallet.pick_random_server()
AttributeError: Wallet instance has no attribute 'pick_random_server'

Had to destroy the existing wallet and recover from seed.

hi,

sorry about that; that's another bug.
I realize that I should have taken more time for testing before that release..

Edit: that bug is fixed in version 0.43b. (use it if you want to recover the labels in your old wallet)

[flatfly]

Hi Thomas,

Just a quick question:

Is it bad to have 2 instances of Electrum running at the same time (on the same machine, reading and writing the same wallet dat file)? For instance, can it cause wallet corruption or other bad things?

The reason I'm asking is, when clicking a bitcoin URI on a website, it will correctly launch Electrum and populate the Send tab with the requested parameters, but if Electrum is open already, a second instance will open.

Everything appears to work fine, but I was just curious if you could confirm that this is not a problem
regarding the wallet file consistency.

Thanks!

[ThomasV]

Hi Thomas,

Just a quick question:

Is it bad to have 2 instances of Electrum running at the same time (on the same machine, reading and writing the same wallet dat file)? For instance, can it cause wallet corruption or other bad things?

The reason I'm asking is, when clicking a bitcoin URI on a website, it will correctly launch Electrum and populate the Send tab with the requested parameters, but if Electrum is open already, a second instance will open.

Everything appears to work fine, but I was just curious if you could confirm that this is not a problem
regarding the wallet file consistency.

Thanks!

I believe it depends on how the OS handles it. With Linux I never had a problem.

[flatfly]

OK, thanks for the fast response! I haven't had any problems either.

[molecular]

updated 0.38 -> 0.43c

can't connect:

Code:

not connected
connecting to ecdsa.org:50001:t
connecting to electrum.novit.ro:50001:t
connecting to electrum.bitcoins.sk:50001:t
not connected
not connected
Traceback (most recent call last):
  File "/home/nick/bitcoin/electrum/client/gui_qt.py", line 928, in <lambda>
    radio2.clicked.connect(lambda x: set_protocol('h') )
  File "/home/nick/bitcoin/electrum/client/gui_qt.py", line 920, in set_protocol
    pp = plist[host]
KeyError: u'electrum.bitcoins.sk'
Traceback (most recent call last):
  File "/home/nick/bitcoin/electrum/client/gui_qt.py", line 927, in <lambda>
    radio1.clicked.connect(lambda x: set_protocol('t') )
  File "/home/nick/bitcoin/electrum/client/gui_qt.py", line 920, in set_protocol
    pp = plist[host]
KeyError: u'electrum.bitcoins.sk'
not connected
not connected
not connected
not connected
not connected
not connected
not connected
not connected
not connected

[ThomasV]

updated 0.38 -> 0.43c

can't connect:
..

issue solved on irc

[flatfly]

Hi Thomas,

I just read this on the bitcoin wiki FAQ:

you can try an alternative "lite" client such as Multibit or a super-light client like electrum though these clients have somewhat weaker security, are less mature, and don't contribute to the health of the P2P network.

Why would they say such a thing? To the contrary, I have the feeling that Electrum has extremely good security. Would like to hear your thoughts on that.

Keep up the great job!

[ThomasV]

Hi Thomas,

I just read this on the bitcoin wiki FAQ:

you can try an alternative "lite" client such as Multibit or a super-light client like electrum though these clients have somewhat weaker security, are less mature, and don't contribute to the health of the P2P network.

Why would they say such a thing? To the contrary, I have the feeling that Electrum has extremely good security. Would like to hear your thoughts on that.

Keep up the great job!

This is FUD.

Concerning the "health of the P2P network":
Electrum servers are full Bitcoin nodes, and it is their interest to broadcast transactions as effectively as possible for their clients.
There has been a "red balloons" paper by some microsoft researchers, who pretend that there is a weakness in Bitcoin, because miners have an incentive not to broadcast transactions. This paper lives in a completely theoretical world where the Bitcoin network is made of miners only. In reality, the Bitcoin network is very heterogeneous, made of nodes that have different incentives, and Electrum servers contribute to its diversity. Electrum servers have an incentive to broadcast transactions. They contribute to the health of the network.

Concerning weaker security: it is true that Electrum clients are vulnerable to the servers they connect to. Although the server cannot steal your money, it can send you fake information, for example make you believe that you received a payment that didnt occur. I have two objections to that argument.
 - users can use information from various servers, or from other sources, such as blockexplorer websites, to check if they received a payment. we can also imagine enhanced clients that automatically confront the information sent by several servers.
 - Electrum servers are currently providing blockchain services free of charge. I believe that in the future they might want to charge a very small fee, such as miners do, in order to cover their operation costs. If I get paid from my clients, then  I have little incentive to screw them up.

In the world of possible threats, I do not think that the 'somewhat weaker security' of the Electrum client-server model is a real concern. There are other threats that are much more real.
For example:
 - the forum is full of messages by users who lost bitcoins because they did not backup their wallet correctly. Some developers tend to consider that it is not their problem if users lose coins because they did not do regular backups. I disagree with that. I believe that this is a major problem for Bitcoin. To work as a currency, Bitcoin must be safe, not only for computer experts. It must be perceived as a safe store of value by everyone. For a non expert, 'I guess you do not know how to do backups' sounds very much like 'your coins might disappear randomly and it will be your fault'. The deterministic wallet of Electrum is meant to address that.
 - Web wallets (such as strongcoin, blockchain.info, etc) can get hacked. An attacker gaining access to their servers can modify the javascript executed by the clients, and get access to their private keys. This is a very real threat.
 - another very real threat is people distributing binaries, such as you I am not saying that what you are doing is wrong, and I do appreciate your efforts; it is very nice to have binaries. However, people should understand that there is a difference between source code and binaries. if they run your Electrum binary, they should know that they trust you for not inserting malicious lines in my code. Perhaps you should explain that, who you are, etc.

[flatfly]

Thanks for the detailed response! I actually fully agree with everything you said.

Regarding the risks and benefits of using a self-contained binary vs manually installing
python and required packages and running the source code (a little burdensome on Windows),
I will prepare a FAQ item on my web page to address that, as well as who I am, so that ordinary
users can make an informed decision.

Cheers

[Xenland]

BTW it would really help you if you had your code reviewed by someone with good reputation and given a stamp of approval to raise you're trustworthiness especially since you're client is talking to your server.

If you've already done that, I apologize, but I didn't find it mentioned on your webpage.

Ive personally skimmed through the code before installing electrum i didnt see anything malicous.
I can assume its safe based on the way it works that bitcoins arent accessable by any electrum servers with out the owners permission(signature). So it littterly is a bitcoin server for bitcoin lite clients with out loss of security

[ThomasV]

WARNING
A new website popped up, that lets users generate addresses from their Electrum or Armory seed: http://brainwallet.org/

Currently, it is not clear who created that website.
I previously thought it was Joric, but he just said he is not the author.

After a quick inspection, the javascript does not send your seed to a remote server.
However, nothing guarantees that the server will always send you the same javascript

In other words: this could very well be a phishing attempt.
If you ever used that website, move your funds to a new wallet immediately!

[flatfly]

And according to GitHub, the author is still actively updating it... Seems pretty well implemented, but I can't
find any non-malicious use for this (unless you download the tarball and run it locally, perhaps)...
Out of curiosity, how did you find out about that site?

Just did a WHOIS on the domain, doesn't seem to reveal any obvious clues...

[ThomasV]

And according to GitHub, the author is still actively updating it... Seems pretty well implemented, but I can't
find any non-malicious use for this (unless you download the tarball and run it locally, perhaps)...
Out of curiosity, how did you find out about that site?

it's been mentioned on irc a few times

[Joric]

And according to GitHub, the author is still actively updating it... Seems pretty well implemented, but I can't
find any non-malicious use for this (unless you download the tarball and run it locally, perhaps)...
Out of curiosity, how did you find out about that site?

it's been mentioned on irc a few times

It's really me, sorry for the confusion. The site is just a coding exercise, nothing more, and it's hosted right on the GitHub repository (thought it will be, like, a step forward from the bitaddress.org that apparently uses foreign hosting). If I knew that GitHub doesn't support SSL for project pages I wouldn't even bother CNAMEing it.

[ThomasV]

It's really me, sorry for the confusion. The site is just a coding exercize, nothing more, and it's hosted right on the GitHub repository (thought it will be, like, a step forward from the bitaddress.org that apparently uses foreign hosting). If I knew that GitHub doesn't support SSL for project pages I wouldn't even bother CNAMEing it.

thanks for the clarification.
the fact that you finally acknowledge being the author does not change anything to my previous warning.

[Herbert]

@Joric: +1 for the default passphrase