Bitcoin Forum
December 05, 2016, 06:43:17 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: The Most Important Bitcoin Client Feature IMHO...  (Read 3221 times)
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280


View Profile
May 08, 2011, 07:27:23 PM
 #1

Would be updating automatically, or at least informing the user that a new version of the Bitcoin client is available.

FileZilla, VLC, uTorrent, and many other open source projects do this quite nicely. Could we simply borrow their code?

Would bitcoin's decentralized nature might make this a bit more difficult?

Nobody would feel comfortable associating just one domain name with the "update notification" code I doubt, it would be too simple of an attack vector. Perhaps once we get the bitDNS and/or namecoin setup...
1480963397
Hero Member
*
Offline Offline

Posts: 1480963397

View Profile Personal Message (Offline)

Ignore
1480963397
Reply with quote  #2

1480963397
Report to moderator
1480963397
Hero Member
*
Offline Offline

Posts: 1480963397

View Profile Personal Message (Offline)

Ignore
1480963397
Reply with quote  #2

1480963397
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480963397
Hero Member
*
Offline Offline

Posts: 1480963397

View Profile Personal Message (Offline)

Ignore
1480963397
Reply with quote  #2

1480963397
Report to moderator
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
May 08, 2011, 07:29:23 PM
 #2

Would be updating automatically, or at least informing the user that a new version is available.

FileZilla, VLC, uTorrent, and many other open source projects do this quite nicely. Could we simply borrow their code?

Would bitcoin's decentralized nature might make this a bit more difficult?

Nobody would feel comfortable associating just one domain name with the "update notification" code I doubt, it would be too simple of an attack vector. Perhaps once we get the bitDNS and/or namecoin setup...
The new distribution/download script devrandom is working on for gitian and bitcoin 0.4.0 should be able to handle such things in a couple version out.  It also solves the trust issue as it requires a certain number of trusted developers to sign a new release after building it themselves deterministically before it will download and install the new version.

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
May 08, 2011, 07:31:46 PM
 #3

I strongly disagree. (on topic to another thread: does that make me an extremist?)

Automatic updating is merely yet another attack vector. I highly doubt it could be made secure. Is there any other money handling software that automatically updates?
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
May 08, 2011, 07:34:02 PM
 #4

Automatic updating is merely yet another attack vector. I highly doubt it could be made secure. Is there any other money handling software that automatically updates?
How could you exploit a system which requires developers to sign the results with gpg?  You'd have to steal the gpg keys of multiple developers.

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
Garrett Burgwardt
Sr. Member
****
Offline Offline

Activity: 350



View Profile
May 08, 2011, 07:35:15 PM
 #5

People should have to think about the things being added or changed in a new version so that the core of bitcoin isn't changed.
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
May 08, 2011, 07:39:55 PM
 #6

People should have to think about the things being added or changed in a new version so that the core of bitcoin isn't changed.
That is the point of distributed signatures.  Developers who are trusted by the community put their stamp of approval on changes.  Any interested users can obviously still watch the changes and chose for themselves but, lets face it, 99% of users just don't care.  Many of the changes are changes in tx requirements for mining and other small things that no one but small groups care about anyway. 

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
genjix
Legendary
*
expert
Offline Offline

Activity: 1232


View Profile
May 08, 2011, 08:16:46 PM
 #7

apt-get
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
May 08, 2011, 08:19:52 PM
 #8

apt-get
Have fun getting that to work while we are still on wx 2.9.  Plus the recommended package will be the downloaded which checks trust on binaries before they are distributed (instead of the bitcoin binary itself).

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
HostFat
Staff
Legendary
*
Offline Offline

Activity: 2282


I support freedom of choice


View Profile WWW
May 08, 2011, 08:23:13 PM
 #9

I asked it some times ago Cheesy
http://bitcointalk.org/index.php?topic=259

Eternity Wall: Messages lasting forever - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
May 08, 2011, 10:53:28 PM
 #10

Automatic updating is merely yet another attack vector. I highly doubt it could be made secure. Is there any other money handling software that automatically updates?
How could you exploit a system which requires developers to sign the results with gpg?  You'd have to steal the gpg keys of multiple developers.

I responded before I saw your post. Do you have details on the implementation you describe?
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280


View Profile
May 09, 2011, 04:14:32 AM
 #11

I just thought of a potential problem the open sourced bitcoin community might face...

How many people currently have to "ok" a release?

What if tomorrow the value of BTC jumped up to $100,000 USD/BTC and Gavin decided he now wanted to "round" every transaction down and send the remainder to his own account (like the plot from "office space").

No offense to Gavin, but most everybody has their price.  Undecided
njloof
Member
**
Offline Offline

Activity: 75


View Profile
May 09, 2011, 05:35:00 AM
 #12

What if tomorrow the value of BTC jumped up to $100,000 USD/BTC and Gavin decided he now wanted to "round" every transaction down and send the remainder to his own account (like the plot from "office space").

OK, but the transaction record is public. That hack would make for some interesting reading on blockexplorer.com.
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280


View Profile
May 09, 2011, 05:52:02 AM
 #13

What if tomorrow the value of BTC jumped up to $100,000 USD/BTC and Gavin decided he now wanted to "round" every transaction down and send the remainder to his own account (like the plot from "office space").

OK, but the transaction record is public. That hack would make for some interesting reading on blockexplorer.com.


Sure, but the damage would have already been done.

One could (in theory, if (s)he were in charge of releases)...

1) Round up (or even direct the entire transaction amount) to his/her bitcoin address.
2) Sell as many bitcoins as they possibly could on any/every market within 24 hours.
3) (OPTIONAL) DDOS the bitcoin.org forums for another few days until their payments came through.

As of right now, that person could probably steal a few hundred thousand USD.

In the not too distant future, that person could feasibly steal millions of dollars, in less than a day... I regrettably imagine that there are already some people with similar plans.
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
May 09, 2011, 06:29:48 AM
 #14

I don't agree. The agency managing the automatic updates can instantly transform the network into whatever they want. They would be pretty much like the Fed.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
HostFat
Staff
Legendary
*
Offline Offline

Activity: 2282


I support freedom of choice


View Profile WWW
May 09, 2011, 06:43:14 AM
 #15

Anyway, every p2p network works better if it has every clients updated Wink

Eternity Wall: Messages lasting forever - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
May 09, 2011, 08:56:04 AM
 #16

I responded before I saw your post. Do you have details on the implementation you describe?
Current build instructions are at https://gist.github.com/806265.  The download/install/etc script is still a WIP, but you'd have to ask devrandom for more details on that.  Current signed copy of 0.3.21 is available on request (signatures in bitcoin-release repository of devrandom on github).

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
May 09, 2011, 02:01:41 PM
 #17

Well, I am not opposed to an automatic update system as long as all of the current developers agree that there aren't any security concerns, it is optional, and the user is prompted to update.
M4v3R
Hero Member
*****
Offline Offline

Activity: 607



View Profile
May 09, 2011, 03:22:57 PM
 #18

Google Chrome auto-updates without user knowing, and while many would argue that's a privacy breach, etc. etc. blah blah blah, no one can argue that Chrome has most up-to-date installs from all browsers. And because Bitcoin handles money, in my opinion it SHOULD auto-update in this manner, because if (when) we discover a hole in the protocol/client, it can take ages before everybody updates to new version.
Of course it could be done in way that an experienced user could turn it off, and there also could be stable and dev channels, just like Chrome does.
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2492


View Profile
May 14, 2011, 05:24:47 AM
 #19

Automatic updates make things way too centralized, IMO.

Gavin should have an alert key, though, and an alert should be issued for every new version.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
May 14, 2011, 06:42:17 AM
 #20

Google Chrome auto-updates without user knowing, and while many would argue that's a privacy breach, etc. etc. blah blah blah, no one can argue that Chrome has most up-to-date installs from all browsers. And because Bitcoin handles money, in my opinion it SHOULD auto-update in this manner, because if (when) we discover a hole in the protocol/client, it can take ages before everybody updates to new version.
Of course it could be done in way that an experienced user could turn it off, and there also could be stable and dev channels, just like Chrome does.

Right...so:

1. Outdated clients are potential attack vector.

2. Somebody mimicking Gavin is also an attack vector.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!