Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required

[bet4btc]

When the ppa version will be ready?  

what will happen if i will run the Linux version, with the Current version of qt (ppa)
Is it possible to  "switch" between versions at any given time, consider the block chain is updating sometimes from the linux version and some times from the pp version?

[Luke-Jr]

Everyone should keep in mind at all times that Bitcoin is still an experiment, Bitcoin technology (consensus systems) is still a very new field of computer science, and the whole thing could fall apart overnight.

If payment protocol is distributed with Core, it should be an optional thing, which the user can decide to activate (by checkbox, whatever). Security is much more important.

Of all the possible security flaws... OpenSSL, a security-oriented library, having a vulnerability in the most fundamental security feature used by virtually everything... is the LAST thing anyone would have reasonably considered to be a risk to security.

Edit. imho the dialog introduced in 0.9.0 which replaced the receiving addresses field is not an improvement. It makes things more awkward. (An example of a really good improvement is coincontrol and wallet file selection.)

It's much less confusing and makes it easier to use Bitcoin correctly.
Coin Control is handy, but inevitably a power user tool that is likely to give newbies the wrong idea.
Multiwallet support is unfortunately lagging behind since CodeShark went and made his own wallet instead.

When the ppa version will be ready? 

Never, it's not affected (although your OS probably is...)

[bet4btc]

Luke,
what will happen if i will run the Linux version and then switch back to the ppa version, will the wallet will sync properly?

[Luke-Jr]

Luke,
what will happen if i will run the Linux version and then switch back to the ppa version, will the wallet will sync properly?

It should, but there's no point.

[bet4btc]

Luke,
what will happen if i will run the Linux version and then switch back to the ppa version, will the wallet will sync properly?

It should, but there's no point.

Well, as for the openssl, what i did is this :

aptitude show libssl1.0.0 | grep Version

and it show this-

Version: 1.0.1-4ubuntu5.12

which seems to be the latest for ubuntu 12.04 LTS

I am still not sure i am protected..

[Luke-Jr]

Luke,
what will happen if i will run the Linux version and then switch back to the ppa version, will the wallet will sync properly?

It should, but there's no point.

Well, as for the openssl, what i did is this :

aptitude show libssl1.0.0 | grep Version

and it show this-

Version: 1.0.1-4ubuntu5.12

which seems to be the latest for ubuntu 12.04 LTS

I am still not sure i am protected..

http://www.ubuntu.com/usn/usn-2165-1/

[wumpus]

If payment protocol was not supported people would be complaining about lack of support for the new merchant integration methods.

Who did complain?

No one yet. But that would happen soon enough after the new BIP007x features are rolled out by other (BitcoinJ) based wallets.

In any case the plan is to split the wallet off to a different repository, so that it can be maintained separately. This means you can create a fork with your own (subset of) features, without forking the entire node implementation as well.

This can happen only after SPV functionality has been implemented though. This would also isolate the wallet from potential bugs in the P2P network code (and vice versa), and also means that even if you run a full node, you don't have to have your wallet always online.

[IIOII]

Of all the possible security flaws... OpenSSL, a security-oriented library, having a vulnerability in the most fundamental security feature used by virtually everything... is the LAST thing anyone would have reasonably considered to be a risk to security.

Any reliance on external libraries is added security risk. Because Core is financial software the most paranoid security approach should be in place. So where external libraries are not essential they should be avoided.

It's much less confusing and makes it easier to use Bitcoin correctly.
Coin Control is handy, but inevitably a power user tool that is likely to give newbies the wrong idea.
Multiwallet support is unfortunately lagging behind since CodeShark went and made his own wallet instead.

This is Bitcoin Core. You do not need to hide all complexity from the user. I'm accustomed to initiate all payments by myself - I dislike direct debit and similar things, because it gives me less feeling of control. Maybe this is also a question of cultural socialisation, so preference maybe different across countries - I don't know. Regardless, I think a Bitcoin Core user can be expected to know how to copy and paste Bitcoin addresses and type in the correct amount - there is no need for simplification.
There can be third party wallets which are "easier" to use.

[IIOII]

In any case the plan is to split the wallet off to a different repository, so that it can be maintained separately. This means you can create a fork with your own (subset of) features, without forking the entire node implementation as well.

This can happen only after SPV functionality has been implemented though. This would also isolate the wallet from potential bugs in the P2P network code (and vice versa), and also means that even if you run a full node, you don't have to have your wallet always online.

This is encouraging.

[windpath]

The protocol specifies flawless security (except quantum computing vulnerability). WHY on earth has this flawless security be ruined by eager developers adding features that are not essential to bitcoin protocol?

Right, in principle, wallet functionality isn't needed at all to maintain the Bitcoin P2P network, the reason for Bitcoin Core's existence.

This is why --disable-wallet mode was introduced in 0.9.0. It allows you to build without the wallet, which removes quite a few dependencies (OpenSSL however is still required as we also use it for ECDSA at this point, and for RPC SSL support, but this could change after merging sipa's ECDSA library).

In the long run there are two options: either we remove the wallet, or we keep it and try to keep up with features of other wallets. Keeping up includes the payment protocol. If payment protocol was not supported people would be complaining about lack of support for the new merchant integration methods.

With the rename to "Bitcoin Core", you would think it would be just that, the CORE p2p network/functionality.

IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it.

At the very least separate out all "features" that are not required by the core as a separate application.

[wumpus]

With the rename to "Bitcoin Core", you would think it would be just that, the CORE p2p network/functionality.

IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it.

At the very least separate out all "features" that are not required by the core as a separate application.

I'm not sure I follow you. In the post that you reply to, I talk about splitting off the wallet functionality. I don't see why you still feel that you need to rant. This can't be done in one day (unless we get a lot of knowledgeable new contributors), but it is the planned direction.

[Luke-Jr]

IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it.

Nor does the Foundation have any relationship to Bitcoin Core.

At the very least separate out all "features" that are not required by the core as a separate application.

That includes the wallet.

[windpath]

With the rename to "Bitcoin Core", you would think it would be just that, the CORE p2p network/functionality.

IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it.

At the very least separate out all "features" that are not required by the core as a separate application.

I'm not sure I follow you. In the post that you reply to, I talk about splitting off the wallet functionality. I don't see why you still feel that you need to rant. This can't be done in one day (unless we get a lot of knowledgeable new contributors), but it is the planned direction.

Re-reading my post, it does come off as a rant, that is not how it is intended....

I just believe that the "core" should be just that, the minimum code required to participate in and contribute to the network.

I think the planned direction to split out the wallet  is great, and appreciate you taking it.

[windpath]

IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it.

Nor does the Foundation have any relationship to Bitcoin Core.

I'm not sure I understand, this is from the foundation site:

As a non-political online money, Bitcoin is backed exclusively by code. This means that—ultimately—it is only as good as its software design. By funding the Bitcoin infrastructure, including a core development team, we can make Bitcoin more respected, trusted and useful to people worldwide.

Is this not a "relationship" to the core and its development? 

[Luke-Jr]

IMO the foundation has no business competing with other clients and features, be responsible for the core, let others build on it.

Nor does the Foundation have any relationship to Bitcoin Core.

I'm not sure I understand, this is from the foundation site:

As a non-political online money, Bitcoin is backed exclusively by code. This means that—ultimately—it is only as good as its software design. By funding the Bitcoin infrastructure, including a core development team, we can make Bitcoin more respected, trusted and useful to people worldwide.

Is this not a "relationship" to the core and its development? 

The Foundation contributes financially to Bitcoin development in general.
It doesn't (or at least, isn't supposed to) favour or control any given implementation.

[wumpus]

Re-reading my post, it does come off as a rant, that is not how it is intended....

I just believe that the "core" should be just that, the minimum code required to participate in and contribute to the network.

I think the planned direction to split out the wallet  is great, and appreciate you taking it.

It would be interesting if the authors of other* (SPV) wallets made it possible to run and manage a walletless bitcoind in the background, so that their users can optionally contribute to the network by running a full node.

*Armory does this, but only because it needs to, it cannot work in SPV mode

[Meuh6879]

update the binary (i don't touch the folder) is the right choice ?
(openssl is in binary file bitcoin-qt.exe, no ?)

[windpath]

The Foundation contributes financially to Bitcoin development in general.
It doesn't (or at least, isn't supposed to) favour or control any given implementation.

I'm sorry, and I'm sure I'm not the first to point this out, when you have a board comprised of people running businesses based on Bitcoin it becomes very difficult to assert that their own positions and goals do not drive decision making about the core.

I honestly don't know any members of the board personally, and am not trying to throw anyone under the bus here, but I think we need to be realistic about "how it works"....

It would be interesting if the authors of other* (SPV) wallets made it possible to run and manage a walletless bitcoind in the background, so that their users can optionally contribute to the network by running a full node.

*Armory does this, but only because it needs to, it cannot work in SPV mode

100% agreed, I run 2 full nodes. 1 on my day-to-day computer (with Armory), and a second on a dedicated server that we pull data from for our site (http://162.242.245.151/).

I feel both obligated and proud to support the network, and can't see a reason that anyone involved with Bitcoin would not, would be nice if all wallet software had this option.

[KGambler]

Should we change our wallet password too?

[wumpus]

Should we change our wallet password too?

Not really. There are two scenarios:

1) Your private keys are not compromised. Either you never used a bitcoin: URI with a payment request, or, at least never from a compromised server. No need to change your password or do anything.

2) Your private keys are compromised. You clicked on a bitcoin: URI in your browser that fetched a payment request from a malicious SSL server. By an unlikely fluke, memory was leaked to the server that contained private keys. Send your coins to a new wallet while you can, before the attacker abuses your keys. Changing the password is not enough as a precaution in this case.