|
Anonymous
Guest
|
 |
July 29, 2010, 08:03:07 PM
Last edit: September 11, 2011, 05:16:49 PM by davidonpda |
|
adg
|
|
|
|
|
|
|
|
|
|
"Your bitcoin is secured in a way that is physically impossible for others to access, no matter for what reason, no matter how good the excuse, no matter a majority of miners, no matter what." -- Greg Maxwell
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
knightmb
|
|
July 29, 2010, 08:12:02 PM |
|
In this forum, I don't see why not. Basically, the implementation bug means that the client wasn't following it's own rules. Someone may have found a way to double-spend coin for example that the Client doesn't catch because of how it processes the rules to counter this kind of action.
|
Timekoin - The World's Most Energy Efficient Encrypted Digital Currency
|
|
|
jgarzik
Legendary
 Offline
Activity: 1596
Merit: 1091
|
|
July 29, 2010, 08:12:14 PM |
|
Is it too early to discuss what happened until more users upgrade?
I am interested in the meta-discussion, about security policy. In other open source projects, representatives of "key parties" tend to gather on a "vendor security" mailing list that is closed to the public. Vulnerabilities that might have real world consequences are discussed there, and then a coordinated release occurs, where all key players publish the security fixes at the same time. |
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
|
knightmb
|
|
July 29, 2010, 08:13:57 PM |
|
Since we mostly communicate by forum here, the closest would be a member group that has access to a special forum here just for that issue that the public can't normally see. I'm fairly certain the simple machines forum supports that feature?
|
Timekoin - The World's Most Energy Efficient Encrypted Digital Currency
|
|
|
|
knightmb
|
|
July 29, 2010, 08:19:16 PM |
|
I'd support the idea. More trusted members and programmers could post security risks or exploits. Maybe the better way is just to message the developer if they are discovered.
Both can work, but a members forum would help to keep out the noise; otherwise everyone will end up messaging the lead developer with every possible thing they here in the news and end up taking his/her time to filter it out on whether it's really a risk or not. |
Timekoin - The World's Most Energy Efficient Encrypted Digital Currency
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1091
|
|
July 29, 2010, 08:22:59 PM |
|
BTW, an important feature of these mailing lists is that anyone can post... but only the "vendor security" group can read the posts. Thus, it is easy for an outsider with a real security issue to provide detailed information to vendor-sec@myopensourceproject.org, while preventing unscrupulous people from reading the sensitive information. I suppose a PM to <somebody>, plus discussion on a closed forum, is the best this forum software can handle. |
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
satoshi
Founder
Sr. Member
Offline
Activity: 364
Merit: 6722
|
|
July 29, 2010, 10:04:15 PM |
|
Actually, it works well to just PM me. I'm the one who's going to be fixing it. If you find a security flaw, I would definitely like to hear from you privately to fix it before it goes public.
|
|
|
|
|
jimbobway
Legendary
Offline
Activity: 1304
Merit: 1014
|
|
July 29, 2010, 10:59:48 PM |
|
Actually, it works well to just PM me. I'm the one who's going to be fixing it. If you find a security flaw, I would definitely like to hear from you privately to fix it before it goes public.
Suppose, god forbid, you were no longer able to program or were unavailable due to unknown circumstances. Do you have a procedure in mind to continue bitcoin in your absence? |
|
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1091
|
|
July 29, 2010, 11:03:33 PM |
|
Suppose, god forbid, you were no longer able to program or were unavailable due to unknown circumstances. Do you have a procedure in mind to continue bitcoin in your absence?
It's called open source  The community is already guaranteed to continue. |
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
|
lachesis
|
|
July 30, 2010, 01:01:58 AM |
|
It's called open source The community is already guaranteed to continue. It would be useful if somebody else had commit access to the SVN and there was an explicit plan in place to continue in Satoshi's absence. |
|
|
|
Olipro
Member
Offline
Activity: 70
Merit: 10
|
|
July 30, 2010, 01:04:02 AM |
|
It's called open source The community is already guaranteed to continue. It would be useful if somebody else had commit access to the SVN and there was an explicit plan in place to continue in Satoshi's absence. why? it's not the only SVN service in the world, what actually matters is the bitcoin.org domain |
|
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1014
|
|
July 30, 2010, 01:12:30 AM |
|
It's called open source The community is already guaranteed to continue. It would be useful if somebody else had commit access to the SVN and there was an explicit plan in place to continue in Satoshi's absence. why? it's not the only SVN service in the world, what actually matters is the bitcoin.org domain Well, it's not decentralized like git. |
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1091
|
|
July 30, 2010, 02:00:55 AM |
|
It's called open source The community is already guaranteed to continue. It would be useful if somebody else had commit access to the SVN and there was an explicit plan in place to continue in Satoshi's absence. Why? There isn't any reason why the project will suddenly collapse if Satoshi becomes absent. Eventually patches to the source would accumulate, someone will become a patch collector, and if enough people download the source&binaries from The Patch Collector, that person winds up (often reluctantly) the new de facto maintainer. People worry an awful lot about rules and rule-making. But there is no driving need for any Continuity of Government plan, here As long as the source code remains open, that is sufficient. If there is a need, and enough interest, the community will provide. Trust in the community |
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
jimbobway
Legendary
Offline
Activity: 1304
Merit: 1014
|
|
July 30, 2010, 02:11:32 AM |
|
Since satoshi is the founder, I am suggesting that he create a roadmap of what he plans to do. Right now all I know is the client and only the client but I don't know of satoshi has bigger, grander plans. If he could supply us with his vision and what he wants to do with bitcoin it would be great.
What I would hate seeing is if bitcoin has multiple flavors, like Linux has multiple flavors (which is arguable). Too many flavors and too many branches could weaken the concept of bitcoin, not to mention devalue my bitcoins I already own.
I think the domain, bitcoin.org, could be important because of name branding and also because it could serve as a central authority on the status and future of bitcoin.
|
|
|
|
|
|
lfm
|
|
July 30, 2010, 09:00:17 AM |
|
Since satoshi is the founder, I am suggesting that he create a roadmap of what he plans to do. Right now all I know is the client and only the client but I don't know of satoshi has bigger, grander plans. If he could supply us with his vision and what he wants to do with bitcoin it would be great.
What I would hate seeing is if bitcoin has multiple flavors, like Linux has multiple flavors (which is arguable). Too many flavors and too many branches could weaken the concept of bitcoin, not to mention devalue my bitcoins I already own.
I think the domain, bitcoin.org, could be important because of name branding and also because it could serve as a central authority on the status and future of bitcoin.
Almost seems like you WANT a central authority! Isn't that what bitcoin is supposed to not need? It should be able to survive more than one client implementation with only a shared protocol and perhaps a shared wallet format. |
|
|
|
|
|
knightmb
|
|
July 30, 2010, 08:57:55 PM |
|
|
Timekoin - The World's Most Energy Efficient Encrypted Digital Currency
|
|
|
jimbobway
Legendary
Offline
Activity: 1304
Merit: 1014
|
|
July 30, 2010, 10:02:48 PM |
|
Since satoshi is the founder, I am suggesting that he create a roadmap of what he plans to do. Right now all I know is the client and only the client but I don't know of satoshi has bigger, grander plans. If he could supply us with his vision and what he wants to do with bitcoin it would be great.
What I would hate seeing is if bitcoin has multiple flavors, like Linux has multiple flavors (which is arguable). Too many flavors and too many branches could weaken the concept of bitcoin, not to mention devalue my bitcoins I already own.
I think the domain, bitcoin.org, could be important because of name branding and also because it could serve as a central authority on the status and future of bitcoin.
Almost seems like you WANT a central authority! Isn't that what bitcoin is supposed to not need? It should be able to survive more than one client implementation with only a shared protocol and perhaps a shared wallet format. Agreed on same shared protocol and perhaps wallet. What I don't want happening is someone starts their own chain. Nothing stopping anyone from doing this, but the longer the chain the stronger the concept of bitcoin, right? |
|
|
|
|
|
knightmb
|
|
July 30, 2010, 10:19:45 PM |
|
If someone started a new chain on the "production" network; it would have to be longer than the current chain. So given how much CPU time it took to generate that one, I don't see anyone trying to start a new chain anytime soon.
|
Timekoin - The World's Most Energy Efficient Encrypted Digital Currency
|
|
|
jimbobway
Legendary
Offline
Activity: 1304
Merit: 1014
|
|
July 31, 2010, 04:38:47 AM |
|
If someone started a new chain on the "production" network; it would have to be longer than the current chain. So given how much CPU time it took to generate that one, I don't see anyone trying to start a new chain anytime soon.
Right. What I was trying to say was I can start my own bitcoin network and start my own chain there. (Kind of like how the test network is separate from production.) If bitcoin.com expired and someone grabbed it then it could have some repercussions. They could claim the brand new network was the real network. Far fetched? I guessed maybe I might be being a lil nitpicky. |
|
|
|
|
Insti
Sr. Member
Offline
Activity: 294
Merit: 252
Firstbits: 1duzy
|
|
July 31, 2010, 07:35:37 PM |
|
What I was trying to say was I can start my own bitcoin network and start my own chain there. (Kind of like how the test network is separate from production.) If bitcoin.com expired and someone grabbed it then it could have some repercussions. They could claim the brand new network was the real network. Far fetched? I guessed maybe I might be being a lil nitpicky.
They could do that. But we know the hash of the genesis block of the 'real' bitcoin so we wouldn't be accepting any of their bogus transactions. This is no different from me opening a beverage factory, putting some muddy water in cans, and calling my product 'Coke'. I might be able to fool some people who've never experienced the real thing, but no-one who knew what Coke was would touch it. |
|
|
|
|
|
