Bitcoin Forum
December 17, 2017, 04:56:34 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4]  All
  Print  
Author Topic: URGENT: Windows Bitcoin-Qt update  (Read 27901 times)
Pieter Wuille
Legendary
*
Offline Offline

Activity: 1050


View Profile WWW
March 19, 2012, 10:25:49 PM
 #61


Yes.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
1513529794
Hero Member
*
Offline Offline

Posts: 1513529794

View Profile Personal Message (Offline)

Ignore
1513529794
Reply with quote  #2

1513529794
Report to moderator
1513529794
Hero Member
*
Offline Offline

Posts: 1513529794

View Profile Personal Message (Offline)

Ignore
1513529794
Reply with quote  #2

1513529794
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513529794
Hero Member
*
Offline Offline

Posts: 1513529794

View Profile Personal Message (Offline)

Ignore
1513529794
Reply with quote  #2

1513529794
Report to moderator
Nyaaan
Full Member
***
Offline Offline

Activity: 140


View Profile WWW
March 22, 2012, 01:33:23 PM
 #62

Quote
about 3 days ago i was commenting on the language choice.
from a software architecture standpoint other languages than c++ would make more sense in such a sensitive area.

This is nonsense. If anything, more advanced languages can have their own vulnerabilities which could bitcoin vulnerable without any mistakes acutally made by the developers. This is almost impossible with a low level language like c++.
Apart from that, a program's security does not depend on the language, it depends on the coding.

I'm sorry but you are completely wrong here.

You have to be god-like to not create security vulnerabilities in significantly C/C++ software.  'Direct' buffer overflows can be avoided by littering your code with meticulous boiler plate (and praying you haven't made a mistake somewhere).  But integer overflows leading to buffer overflows are so hopelessly trickly that I have no faith in any C/C++ being safe.

Java/Python/Ruby/Lisp buffer overflows simply don't exist... a huge class of exploit eradicated by language choice.  And there's a long list of languages immune to buffer overflows (this is mostly a glaring hole in C/C++).  Look up US military/intelligence mandates about language choice.  C/C++ is so bad that it should be immediately abandoned and _never_ used for _anything_.  Why do you think computer security is such a disaster (it was all C/C++ until the recent xss/xsrf/sql havoc - and that too is a design flaw).

That you think "this is nonsense" means that your own code is already insecure, and you just don't know it.


+1

C++ used to be my favorite language... until I learned Lisp and Python.

Now my foot is finally recovering from being shot too many times

I think you mean your knee.

Also, thank you for the fix, developers.
NothinG
Hero Member
*****
Offline Offline

Activity: 560



View Profile
March 23, 2012, 03:23:20 AM
 #63



Anyone else having this problem?

Diapolo
Hero Member
*****
Offline Offline

Activity: 676



View Profile WWW
March 23, 2012, 05:53:12 AM
 #64



Anyone else having this problem?

You could try this, perhaps it's related: https://bitcointalk.org/index.php?topic=66887.msg779221#msg779221

Dia

Liked my former work for Bitcoin Core? Drop me a donation via:
1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x
bitcoin:1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x?label=Diapolo
NothinG
Hero Member
*****
Offline Offline

Activity: 560



View Profile
March 23, 2012, 05:59:25 AM
 #65


You could try this, perhaps it's related: https://bitcointalk.org/index.php?topic=66887.msg779221#msg779221

Dia
I just tried that, seemed to make it worse. Looked into the logs (new information after what Diapolo said to do), said something about the indexing.
So, I am re-building my blkindex.dat.
I'll post what I find.

JackH
Sr. Member
****
Offline Offline

Activity: 380


View Profile
March 24, 2012, 11:53:07 AM
 #66

Is this affecting Bitcoin version 0.3.21?

<helo> funny that this proposal grows the maximum block size to 8GB, and is seen as a compromise
<helo> oh, you don't like a 20x increase? well how about 8192x increase?
<JackH> lmao
Vandroiy
Legendary
*
Offline Offline

Activity: 1036


View Profile
March 24, 2012, 01:53:11 PM
 #67

+1 for an implementation in a safer language.

I keep saying the same thing; it's just absurd to use a highspeed-hacker-language for financial transactions.

We need another client for broad usage. If everyone hates Mono so much, well then use Java or something, but not something that cares little about type safety, operates directly on memory pointers etc. Think aspect-oriented programming, contracts, this is the kind of stuff we need, and it's as far from C++ as you get.
Pieter Wuille
Legendary
*
Offline Offline

Activity: 1050


View Profile WWW
March 24, 2012, 01:57:09 PM
 #68

Is this affecting Bitcoin version 0.3.21?

No, only windows version of Bitcoin-Qt are affected, a GUI that was only merged in 0.5.0.

However, it's generally a bad idea to keep using such old versions...

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
Luke-Jr
Legendary
*
Offline Offline

Activity: 2282



View Profile
March 24, 2012, 02:02:09 PM
 #69

Is this affecting Bitcoin version 0.3.21?
Not this, but 0.3.* are not maintained and have several security and other bugs. Upgrade to at least 0.4.4.

Diapolo
Hero Member
*****
Offline Offline

Activity: 676



View Profile WWW
March 24, 2012, 02:08:05 PM
 #70

+1 for an implementation in a safer language.

I keep saying the same thing; it's just absurd to use a highspeed-hacker-language for financial transactions.

We need another client for broad usage. If everyone hates Mono so much, well then use Java or something, but not something that cares little about type safety, operates directly on memory pointers etc. Think aspect-oriented programming, contracts, this is the kind of stuff we need, and it's as far from C++ as you get.

I hate Java more than Python, than Basic ... Windows is written in what language? Linux kernel is written in?

Dia

Liked my former work for Bitcoin Core? Drop me a donation via:
1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x
bitcoin:1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x?label=Diapolo
Pieter Wuille
Legendary
*
Offline Offline

Activity: 1050


View Profile WWW
March 24, 2012, 02:14:04 PM
 #71

+1 for an implementation in a safer language.

I keep saying the same thing; it's just absurd to use a highspeed-hacker-language for financial transactions.

We need another client for broad usage. If everyone hates Mono so much, well then use Java or something, but not something that cares little about type safety, operates directly on memory pointers etc. Think aspect-oriented programming, contracts, this is the kind of stuff we need, and it's as far from C++ as you get.

I hate Java more than Python, than Basic ... Windows is written in what language? Linux kernel is written in?

Dia

Can you please stop discussing what language Bitcoin clients are supposed to be written in? This thread is about the specific security problem found here.

Start a discussion in the dev section, if you like a language flamewar.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
Luke-Jr
Legendary
*
Offline Offline

Activity: 2282



View Profile
March 26, 2012, 09:16:58 PM
 #72

FWIW, this issue has been assigned CVE-2012-1910

Diapolo
Hero Member
*****
Offline Offline

Activity: 676



View Profile WWW
March 27, 2012, 05:23:08 AM
 #73

FWIW, this issue has been assigned CVE-2012-1910

That's a great step, it would be even better to link the advisory. One I found by that number was for JavaRE and the other for Bind DNS :-/.

Dia

Liked my former work for Bitcoin Core? Drop me a donation via:
1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x
bitcoin:1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x?label=Diapolo
Luke-Jr
Legendary
*
Offline Offline

Activity: 2282



View Profile
March 27, 2012, 05:24:11 AM
 #74

FWIW, this issue has been assigned CVE-2012-1910

That's a great step, it would be even better to link the advisory. One I found by that number was for JavaRE and the other for Bind DNS :-/.

Dia
This thread is the advisory...

Diapolo
Hero Member
*****
Offline Offline

Activity: 676



View Profile WWW
March 27, 2012, 05:27:14 AM
 #75

FWIW, this issue has been assigned CVE-2012-1910

That's a great step, it would be even better to link the advisory. One I found by that number was for JavaRE and the other for Bind DNS :-/.

Dia
This thread is the advisory...

Then who did chose that CVE numbers? I thought these numbers were assigned by an external company or organisation ... my fault then.

Liked my former work for Bitcoin Core? Drop me a donation via:
1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x
bitcoin:1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x?label=Diapolo
Pieter Wuille
Legendary
*
Offline Offline

Activity: 1050


View Profile WWW
March 27, 2012, 02:20:12 PM
 #76

The numbers are chosen by an external advisory yes, but apparently it's just a number to identify the problem.

I think it'd be a little more useful if information about the issue could actually be found in online databases directly about it.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
Diapolo
Hero Member
*****
Offline Offline

Activity: 676



View Profile WWW
March 27, 2012, 02:35:27 PM
 #77

The numbers are chosen by an external advisory yes, but apparently it's just a number to identify the problem.

I think it'd be a little more useful if information about the issue could actually be found in online databases directly about it.

I had exactly this in my mind Smiley, a public database, an external given ID and independent information about issues.

Dia

Liked my former work for Bitcoin Core? Drop me a donation via:
1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x
bitcoin:1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x?label=Diapolo
fabrizziop
Hero Member
*****
Offline Offline

Activity: 508



View Profile
April 01, 2012, 01:28:41 AM
 #78

Is it safe to use the 0.6.0 version?, newly released.
Luke-Jr
Legendary
*
Offline Offline

Activity: 2282



View Profile
April 01, 2012, 01:41:18 AM
 #79

Is it safe to use the 0.6.0 version?, newly released.
Yes

Pages: « 1 2 3 [4]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!