Bitcoin Forum
November 07, 2024, 03:02:38 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: The Most Important Bitcoin Client Feature IMHO...  (Read 3627 times)
gigabytecoin (OP)
Sr. Member
****
Offline Offline

Activity: 280
Merit: 252


View Profile
May 08, 2011, 07:27:23 PM
 #1

Would be updating automatically, or at least informing the user that a new version of the Bitcoin client is available.

FileZilla, VLC, uTorrent, and many other open source projects do this quite nicely. Could we simply borrow their code?

Would bitcoin's decentralized nature might make this a bit more difficult?

Nobody would feel comfortable associating just one domain name with the "update notification" code I doubt, it would be too simple of an attack vector. Perhaps once we get the bitDNS and/or namecoin setup...
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 755
Merit: 515


View Profile
May 08, 2011, 07:29:23 PM
 #2

Would be updating automatically, or at least informing the user that a new version is available.

FileZilla, VLC, uTorrent, and many other open source projects do this quite nicely. Could we simply borrow their code?

Would bitcoin's decentralized nature might make this a bit more difficult?

Nobody would feel comfortable associating just one domain name with the "update notification" code I doubt, it would be too simple of an attack vector. Perhaps once we get the bitDNS and/or namecoin setup...
The new distribution/download script devrandom is working on for gitian and bitcoin 0.4.0 should be able to handle such things in a couple version out.  It also solves the trust issue as it requires a certain number of trusted developers to sign a new release after building it themselves deterministically before it will download and install the new version.

Bitcoin Core, rust-lightning, http://bitcoinfibre.org etc.
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
BitterTea
Sr. Member
****
Offline Offline

Activity: 294
Merit: 252



View Profile
May 08, 2011, 07:31:46 PM
 #3

I strongly disagree. (on topic to another thread: does that make me an extremist?)

Automatic updating is merely yet another attack vector. I highly doubt it could be made secure. Is there any other money handling software that automatically updates?
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 755
Merit: 515


View Profile
May 08, 2011, 07:34:02 PM
 #4

Automatic updating is merely yet another attack vector. I highly doubt it could be made secure. Is there any other money handling software that automatically updates?
How could you exploit a system which requires developers to sign the results with gpg?  You'd have to steal the gpg keys of multiple developers.

Bitcoin Core, rust-lightning, http://bitcoinfibre.org etc.
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
Garrett Burgwardt
Sr. Member
****
Offline Offline

Activity: 406
Merit: 256


View Profile
May 08, 2011, 07:35:15 PM
 #5

People should have to think about the things being added or changed in a new version so that the core of bitcoin isn't changed.
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 755
Merit: 515


View Profile
May 08, 2011, 07:39:55 PM
 #6

People should have to think about the things being added or changed in a new version so that the core of bitcoin isn't changed.
That is the point of distributed signatures.  Developers who are trusted by the community put their stamp of approval on changes.  Any interested users can obviously still watch the changes and chose for themselves but, lets face it, 99% of users just don't care.  Many of the changes are changes in tx requirements for mining and other small things that no one but small groups care about anyway. 

Bitcoin Core, rust-lightning, http://bitcoinfibre.org etc.
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
genjix
Legendary
*
expert
Offline Offline

Activity: 1232
Merit: 1076


View Profile
May 08, 2011, 08:16:46 PM
 #7

apt-get
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 755
Merit: 515


View Profile
May 08, 2011, 08:19:52 PM
 #8

apt-get
Have fun getting that to work while we are still on wx 2.9.  Plus the recommended package will be the downloaded which checks trust on binaries before they are distributed (instead of the bitcoin binary itself).

Bitcoin Core, rust-lightning, http://bitcoinfibre.org etc.
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
HostFat
Staff
Legendary
*
Offline Offline

Activity: 4270
Merit: 1209


I support freedom of choice


View Profile WWW
May 08, 2011, 08:23:13 PM
 #9

I asked it some times ago Cheesy
http://bitcointalk.org/index.php?topic=259

NON DO ASSISTENZA PRIVATA - https://t.me/hostfatmind/
BitterTea
Sr. Member
****
Offline Offline

Activity: 294
Merit: 252



View Profile
May 08, 2011, 10:53:28 PM
 #10

Automatic updating is merely yet another attack vector. I highly doubt it could be made secure. Is there any other money handling software that automatically updates?
How could you exploit a system which requires developers to sign the results with gpg?  You'd have to steal the gpg keys of multiple developers.

I responded before I saw your post. Do you have details on the implementation you describe?
gigabytecoin (OP)
Sr. Member
****
Offline Offline

Activity: 280
Merit: 252


View Profile
May 09, 2011, 04:14:32 AM
 #11

I just thought of a potential problem the open sourced bitcoin community might face...

How many people currently have to "ok" a release?

What if tomorrow the value of BTC jumped up to $100,000 USD/BTC and Gavin decided he now wanted to "round" every transaction down and send the remainder to his own account (like the plot from "office space").

No offense to Gavin, but most everybody has their price.  Undecided
njloof
Member
**
Offline Offline

Activity: 73
Merit: 10


View Profile
May 09, 2011, 05:35:00 AM
 #12

What if tomorrow the value of BTC jumped up to $100,000 USD/BTC and Gavin decided he now wanted to "round" every transaction down and send the remainder to his own account (like the plot from "office space").

OK, but the transaction record is public. That hack would make for some interesting reading on blockexplorer.com.
gigabytecoin (OP)
Sr. Member
****
Offline Offline

Activity: 280
Merit: 252


View Profile
May 09, 2011, 05:52:02 AM
 #13

What if tomorrow the value of BTC jumped up to $100,000 USD/BTC and Gavin decided he now wanted to "round" every transaction down and send the remainder to his own account (like the plot from "office space").

OK, but the transaction record is public. That hack would make for some interesting reading on blockexplorer.com.


Sure, but the damage would have already been done.

One could (in theory, if (s)he were in charge of releases)...

1) Round up (or even direct the entire transaction amount) to his/her bitcoin address.
2) Sell as many bitcoins as they possibly could on any/every market within 24 hours.
3) (OPTIONAL) DDOS the bitcoin.org forums for another few days until their payments came through.

As of right now, that person could probably steal a few hundred thousand USD.

In the not too distant future, that person could feasibly steal millions of dollars, in less than a day... I regrettably imagine that there are already some people with similar plans.
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 812
Merit: 1022

No Maps for These Territories


View Profile
May 09, 2011, 06:29:48 AM
 #14

I don't agree. The agency managing the automatic updates can instantly transform the network into whatever they want. They would be pretty much like the Fed.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
HostFat
Staff
Legendary
*
Offline Offline

Activity: 4270
Merit: 1209


I support freedom of choice


View Profile WWW
May 09, 2011, 06:43:14 AM
 #15

Anyway, every p2p network works better if it has every clients updated Wink

NON DO ASSISTENZA PRIVATA - https://t.me/hostfatmind/
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 755
Merit: 515


View Profile
May 09, 2011, 08:56:04 AM
 #16

I responded before I saw your post. Do you have details on the implementation you describe?
Current build instructions are at https://gist.github.com/806265.  The download/install/etc script is still a WIP, but you'd have to ask devrandom for more details on that.  Current signed copy of 0.3.21 is available on request (signatures in bitcoin-release repository of devrandom on github).

Bitcoin Core, rust-lightning, http://bitcoinfibre.org etc.
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
BitterTea
Sr. Member
****
Offline Offline

Activity: 294
Merit: 252



View Profile
May 09, 2011, 02:01:41 PM
 #17

Well, I am not opposed to an automatic update system as long as all of the current developers agree that there aren't any security concerns, it is optional, and the user is prompted to update.
M4v3R
Hero Member
*****
Offline Offline

Activity: 607
Merit: 500


View Profile
May 09, 2011, 03:22:57 PM
 #18

Google Chrome auto-updates without user knowing, and while many would argue that's a privacy breach, etc. etc. blah blah blah, no one can argue that Chrome has most up-to-date installs from all browsers. And because Bitcoin handles money, in my opinion it SHOULD auto-update in this manner, because if (when) we discover a hole in the protocol/client, it can take ages before everybody updates to new version.
Of course it could be done in way that an experienced user could turn it off, and there also could be stable and dev channels, just like Chrome does.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5376
Merit: 13399


View Profile
May 14, 2011, 05:24:47 AM
 #19

Automatic updates make things way too centralized, IMO.

Gavin should have an alert key, though, and an alert should be issued for every new version.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
kiba
Legendary
*
Offline Offline

Activity: 980
Merit: 1020


View Profile
May 14, 2011, 06:42:17 AM
 #20

Google Chrome auto-updates without user knowing, and while many would argue that's a privacy breach, etc. etc. blah blah blah, no one can argue that Chrome has most up-to-date installs from all browsers. And because Bitcoin handles money, in my opinion it SHOULD auto-update in this manner, because if (when) we discover a hole in the protocol/client, it can take ages before everybody updates to new version.
Of course it could be done in way that an experienced user could turn it off, and there also could be stable and dev channels, just like Chrome does.

Right...so:

1. Outdated clients are potential attack vector.

2. Somebody mimicking Gavin is also an attack vector.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!