Bitcoin Forum
December 10, 2016, 05:17:53 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Security update: duplicate transaction vulnerability fix  (Read 12181 times)
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
March 09, 2012, 12:00:43 AM
 #41

All of this technical stuff is way over my head, but I'd like to share my ignorant thoughts anyways.

It seems to me that 8 days is not enough time for people to really do their research on the matter. If I were a miner, or the operator of a mining pool, I would want to know EXACTLY what I'm doing before I made any serious changes.

Secondly, even if 8 days is enough time there is something unsettling about this. What you essentially have is a few highly skilled coders in the know. If they can dupe the mining community into something, anything, nefarious it could destroy Bitcoin. Obviously, I'm not saying that they will, but posit this:

Imagine highly skilled feds, or any other criminal organization, infiltrated the upper echelon of Bitcoin coders. They spent long hours making it better and building a reputation for themselves, slowly but surely dominating the entire field of coders. Then, one day, it's time to destroy Bitcoin and they issue some sort of scenario similar to the one we're dealing with now, for the mining community to go to a new blockchain or something, and the mining community takes their word for it, and BAM, Bitcoin is hashed forever.

I understand this is conspiracy theory stuff, but can anyone unsettle my fears about this scenario?

Simple. As long as the process is completely transparent and open there's really nothing anyone could "sneak" past everyone else in order to cause damage. And if you checked the OP, it pretty much doesn't get any more transparent then how they're going about with this fix. I mean you can even read the mailing list how the devs formulated the fix..

Two more questions then:

Is 8 days really enough time to vet a potentially nefarious plan?

What if a few people DO see something nefarious in it, will they be listened to, or ignored?

Also (all?) of the coders are known by real name. If they f*ckup bitcoin, they will be known by everyone as the person who screwed things up.
That would be the same as destroying many peoples money, and time invested and many companies and that is not like something you would like to do, ofcourse there is allways the possibility that they are threatened by jail or whatever unless they do this. But in this case its far from very likely.

No one is going to jail for destroying someone else's bitcoins until a government considers bitcoin a currency.

1481347073
Hero Member
*
Offline Offline

Posts: 1481347073

View Profile Personal Message (Offline)

Ignore
1481347073
Reply with quote  #2

1481347073
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481347073
Hero Member
*
Offline Offline

Posts: 1481347073

View Profile Personal Message (Offline)

Ignore
1481347073
Reply with quote  #2

1481347073
Report to moderator
1481347073
Hero Member
*
Offline Offline

Posts: 1481347073

View Profile Personal Message (Offline)

Ignore
1481347073
Reply with quote  #2

1481347073
Report to moderator
1481347073
Hero Member
*
Offline Offline

Posts: 1481347073

View Profile Personal Message (Offline)

Ignore
1481347073
Reply with quote  #2

1481347073
Report to moderator
ssaCEO
Hero Member
*****
Offline Offline

Activity: 568



View Profile WWW
March 09, 2012, 12:23:43 AM
 #42

I'm running a CentOS 5.6 build that I had to compile myself. Major alterations had to be made to the make file and tons of libraries had to be prepared. And I really, really don't want to do that again.

Any chance of a CentOS binary anytime soon? I know a lot of merchant sites could really use one. And if not - what happens if we don't upgrade?

mc_lovin
Legendary
*
Offline Offline

Activity: 1134


www.bitcointrading.com


View Profile WWW
March 09, 2012, 01:28:46 AM
 #43

Wow, I'm glad you guys are so smart.  I posted this on BitcoinTrading.com to spread the word.  Keep up the good work.

BlackPrapor
Hero Member
*****
Offline Offline

Activity: 584



View Profile
March 10, 2012, 01:37:14 PM
 #44

Very unlikely.  Someone would need to plan the attack very carefully, have huge amounts of hashing power hiding offline, and gain essentially nothing from it.
I don't see very much as unlikely when you're talking about challenging the global banking cartel.
Exactly. When you see these kind of guys rolling out of blue, and security fix is coming up, it makes you think twice before you do anything. Bankers can gain from this one thing, the only thing they want is total control. If BTC is destroyed, then there is no alternative. Or, it would have to be done all over again, from scratch, taking into account all previous mistakes.
Cheers,
May the BitForce be with you  Grin

There is no place like 127.0.0.1
In blockchain we trust
Luke-Jr
Legendary
*
Offline Offline

Activity: 2100



View Profile
March 10, 2012, 08:05:43 PM
 #45

Do we have an ETA on the patch getting merged and included in rc3 or whatever?
This is already part of 0.4.4rc3 and 0.5.3rc3.

Diapolo
Hero Member
*****
Offline Offline

Activity: 769



View Profile WWW
March 11, 2012, 10:37:11 AM
 #46

Do we have an ETA on the patch getting merged and included in rc3 or whatever?
This is already part of 0.4.4rc3 and 0.5.3rc3.

I guess the question was, when will an 0.6 RC3 be released, that includes this fix Smiley. I use RC2 and don't want to switch back to 0.5.x.

Dia

Liked my former work for Bitcoin Core? Drop me a donation via:
1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x
bitcoin:1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x?label=Diapolo
neofutur
Full Member
***
Offline Offline

Activity: 147



View Profile WWW
March 11, 2012, 10:53:55 AM
 #47

Do we have an ETA on the patch getting merged and included in rc3 or whatever?
This is already part of 0.4.4rc3 and 0.5.3rc3.

 is there an ebuild and / or a USE flag for bip30 in the gentoo ebuild ?

Pieter Wuille
Legendary
*
Offline Offline

Activity: 1036


View Profile WWW
March 15, 2012, 04:38:24 PM
 #48

0.5.3 was just released, with BIP30 support.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
Luke-Jr
Legendary
*
Offline Offline

Activity: 2100



View Profile
March 15, 2012, 05:03:30 PM
 #49

is there an ebuild and / or a USE flag for bip30 in the gentoo ebuild ?
There are 0.4.4 and 0.5.3 ebuilds. It's not optional, so no USE flag.

Luke-Jr
Legendary
*
Offline Offline

Activity: 2100



View Profile
March 26, 2012, 09:17:29 PM
 #50

FWIW, this issue has been assigned CVE-2012-1909

Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!