Bitcoin Forum
December 04, 2016, 08:33:01 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Skeleton key? (was: Bitcoin press hits, notable sources)  (Read 1443 times)
Spekulatius
Legendary
*
Offline Offline

Activity: 1022



View Profile
April 12, 2012, 03:22:44 PM
 #1

Quote
Don't Bank On Digital Currency 'Bitcoin' Replacing The Dollar

Ben DeMeter
2012-04-11

http://www.businessinsider.com/dont-bank-on-digital-currency-bitcoin-replacing-the-dollar-2012-4

What a nasty little piece of FUD this is:
Quote
It’s not just safety that has us concerned about Bitcoin, though. We’re also skeptical about how “decentralized” this digital currency can really be. Though the official wiki claims that the protocol is now mandated by community consensus, it’s impossible to ignore the power that the original developers have over the system.

They have a skeleton key that gives them control of the whole machine, any time they want.
diverting

Yeah, but isnt that true? Gavin Andresen and his other "trusted" developer have the power to implement any kind of backdoor in a coming update of the Bitcoin client and COULD just drain an arbitrary amount of bitcoins from the users, diverting them to their own adresses, or couldnt they?
1480840381
Hero Member
*
Offline Offline

Posts: 1480840381

View Profile Personal Message (Offline)

Ignore
1480840381
Reply with quote  #2

1480840381
Report to moderator
1480840381
Hero Member
*
Offline Offline

Posts: 1480840381

View Profile Personal Message (Offline)

Ignore
1480840381
Reply with quote  #2

1480840381
Report to moderator
1480840381
Hero Member
*
Offline Offline

Posts: 1480840381

View Profile Personal Message (Offline)

Ignore
1480840381
Reply with quote  #2

1480840381
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480840381
Hero Member
*
Offline Offline

Posts: 1480840381

View Profile Personal Message (Offline)

Ignore
1480840381
Reply with quote  #2

1480840381
Report to moderator
phatsphere
Hero Member
*****
Offline Offline

Activity: 739


View Profile
April 12, 2012, 03:28:17 PM
 #2

Yeah, but isnt that true? Gavin Andresen and his other "trusted" developer have the power to implement any kind of backdoor in a coming update of the Bitcoin client and COULD just drain an arbitrary amount of bitcoins from the users, diverting them to their own adresses, or couldnt they?
first rule here: no discussions.

yes, if they conspire and put up a binary that is not identical with the source code its possible. but it could be theoretically fixed by creating a new hardcoded fork of the blockchain from an earlier point in time.
Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
April 12, 2012, 05:30:55 PM
 #3

Split from the press hits topic:

The only "skeleton key" I have is the private key for alert messages, that lets me sign messages that are broadcast and then displayed in the client (see https://en.bitcoin.it/wiki/Alerts for details, and the alerts that have been sent).

MAYBE he is saying that the core developers could slip in a change to the source code without anybody else noticing... but we've worked hard to make that impossible (with things like the gitian reproducible build system so people can verify that we are creating executables from the source code that anybody can look at).

Smells like plain-old FUD to me.

How often do you get the chance to work on a potentially world-changing project?
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
April 12, 2012, 05:33:18 PM
 #4

Quote
Don't Bank On Digital Currency 'Bitcoin' Replacing The Dollar

Ben DeMeter
2012-04-11

http://www.businessinsider.com/dont-bank-on-digital-currency-bitcoin-replacing-the-dollar-2012-4

What a nasty little piece of FUD this is:
Quote
It’s not just safety that has us concerned about Bitcoin, though. We’re also skeptical about how “decentralized” this digital currency can really be. Though the official wiki claims that the protocol is now mandated by community consensus, it’s impossible to ignore the power that the original developers have over the system.

They have a skeleton key that gives them control of the whole machine, any time they want.
diverting

Yeah, but isnt that true? Gavin Andresen and his other "trusted" developer have the power to implement any kind of backdoor in a coming update of the Bitcoin client and COULD just drain an arbitrary amount of bitcoins from the users, diverting them to their own adresses, or couldnt they?
Yeah sure, but so could anyone that feels like writing a virus and asking you to run it on your machine. The official client is scrutinized in every way all the time, and third parties often build binaries themselves to prove that nothing is wrong with the code. Any malicious code introduced would be pointed out quickly, and made known.

Additionally, this is the reason that there is NO automatic update facility in the official bitcoin client.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
finway
Hero Member
*****
Offline Offline

Activity: 714


View Profile
April 13, 2012, 02:04:31 AM
 #5

It's open source, there are so many eyes ( i wish) watching, don't worry.

evoorhees
Legendary
*
Offline Offline

Activity: 994


Democracy is the original 51% attack


View Profile
April 13, 2012, 02:30:37 AM
 #6

Quote

They have a skeleton key that gives them control of the whole machine, any time they want.


Ahhh I didn't realize the article was about the Federal Reserve!!
BTC_Bear
B4 Foundation
VIP
Sr. Member
*
Offline Offline

Activity: 364


Best Offense is a Good Defense


View Profile WWW
April 13, 2012, 03:05:47 AM
 #7

Quote
They have a skeleton key that gives them control of the whole machine, any time they want.

Read more: http://www.creditcardassist.com/blog/will-new-digital-currency-bitcoin-replace-the-dollar-20802/#ixzz1rsy7Ez5k


This is a strong accusation. Please make an effort to have it retracted or modified as to what the authors meaning was.


As to Gavin's 'skeleton key', the intent of it is understood but there is a hint of proprietary use there.


Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4
Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
April 13, 2012, 03:41:36 AM
 #8

you're really expecting an unbiased viewpoint from a site called creditcardassist?

BTC_Bear
B4 Foundation
VIP
Sr. Member
*
Offline Offline

Activity: 364


Best Offense is a Good Defense


View Profile WWW
April 13, 2012, 03:43:19 AM
 #9

you're really expecting an unbiased viewpoint from a site called creditcardassist?

lol, touché. Probably not, but worth a shot.

Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4
Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
April 13, 2012, 03:47:33 AM
 #10

ps - while your sig quote is nice, it is one of the many fake quotes attributed to prophetic dead people

http://www.snopes.com/quotes/lincoln.asp

BTC_Bear
B4 Foundation
VIP
Sr. Member
*
Offline Offline

Activity: 364


Best Offense is a Good Defense


View Profile WWW
April 13, 2012, 04:00:50 AM
 #11

ps - while your sig quote is nice, it is one of the many fake quotes attributed to prophetic dead people

http://www.snopes.com/quotes/lincoln.asp

You sir, are no sheep. Take that as a compliment.

I have found the earliest appearance of this quote yet.
Journal of United Labor
Vol 8, no. 20
Nov. 19, 1887
pg. 2


However, if the meaning is understood and believed, does it matter the status or position of the person who said it? i.e. Who says it shouldn't matter, if there is truth in the underlying idea.



Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4
Spekulatius
Legendary
*
Offline Offline

Activity: 1022



View Profile
April 13, 2012, 07:46:04 PM
 #12

Honestly, the administrative structure and execution behind the developers team worries me. Could someone please shed some light on the mechanics/processes by which shall be prevented that the developers (or some of them) implement a hidden piece of code in a new update that allows anyone to steal large amounts of bitcoin from updated clients in short time? This bitcoinwiki article names 4 active developers: https://en.bitcoin.it/wiki/Developers
the bicoin.org frontpage names 6.

If someone knows and can answer some of those questions, please feel free to do so. Providing some links to this information would of course be appreciated as well.
Maybe a quick explanation adressing some of these points could be given:

- Who decides on who gets writing permits to the source code?
- Who decides on who has to hand off writing permits? How is this guaranteed?
- Who has access to the passwords, backups etc. (maybe some other entity, like github, sourceforge admins, googlemail..)?
- What safety procedures are in place to prevent abuse/theft outside manipulation of those writing/viewing permits?
- Are there rules in place that determine the steps undertaken to review and release an update/change to the source code?
- Is there some sort of outside review?
- How transparent are the decision making processes on who becomes active developer and who has to retire?

- Are there ways to improve the sefaty standards?

A proactive and transparent way to deal with those concerns will help to diminish doubt and false ideas surrounding the developers team and the bitcoin project in its whole.

Thx for clearing up (and pls excuse that I didnt reaaally search much before posting;)
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
April 13, 2012, 07:59:24 PM
 #13

Quote
- Who decides on who gets writing permits to the source code?
Gavin(i think), have admin access to the mainstream repo.

Quote
- Who decides on who has to hand off writing permits? How is this guaranteed?
Gavin, or other developers. if you don't like it: go fork to code

Quote
- Who has access to the passwords, backups etc. (maybe some other entity, like github, sourceforge admins, googlemail..)?
doesn't matter. the developers signs the releases, if an external entity tried to change stuff, it would be notice big time.
 
Quote
- What safety procedures are in place to prevent abuse/theft outside manipulation of those writing/viewing permits?
can't be done, see above

Quote
- Are there rules in place that determine the steps undertaken to review and release an update/change to the source code?
no(i think), fork the code.

Quote
- Is there some sort of outside review?
its opensource, go review it yourself.

Quote
- How transparent are the decision making processes on who becomes active developer and who has to retire?
go read discussions on github

Quote
- Are there ways to improve the sefaty standards?
sure: fork the code.

https://github.com/bitcoin/bitcoin

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
MysteryMiner
Legendary
*
Offline Offline

Activity: 910



View Profile
April 15, 2012, 12:45:37 AM
 #14

The shitty Qt version was the skeleton key in action. Totally changing UI and introducing stability, security and usability issues is the biggest problem. If it works, don't fix it!

1LEaxxAh1LKFUvDKYVhiMEVAHRM7K5o7cF
jancsika
Member
**
Offline Offline

Activity: 81


View Profile
April 15, 2012, 01:57:19 AM
 #15

Split from the press hits topic:

The only "skeleton key" I have is the private key for alert messages, that lets me sign messages that are broadcast and then displayed in the client (see https://en.bitcoin.it/wiki/Alerts for details, and the alerts that have been sent).

Yes, that's probably what the author was referring to (and what the author misunderstood).

Quote
MAYBE he is saying that the core developers could slip in a change to the source code without anybody else noticing... but we've worked hard to make that impossible (with things like the gitian reproducible build system so people can verify that we are creating executables from the source code that anybody can look at).

Slipping in an exploit by adding code that shouldn't be there in the first place is extremely unlikely for these reasons.
But slipping in an exploit by adding a feature that purports to do one thing but does another-- or does one thing except for a very specific edge case-- is very possible.  And the award for doing so is much bigger than, say, getting first place in the Underhanded C contest.
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
April 15, 2012, 02:17:30 AM
 #16

* grue thinks the author is trying to spread FUD, and is basing it on a tiny sliver of truth (signed notifications).

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
April 15, 2012, 10:28:08 AM
 #17

Quote
They have a skeleton key that gives them control of the whole machine, any time they want.
This is false. Isn't it defamation? Consider suing them
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!