Bitcoin Forum
December 05, 2016, 12:34:33 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Satoshi client auto update  (Read 2222 times)
teste
Sr. Member
****
Offline Offline

Activity: 316


View Profile
June 16, 2012, 04:10:32 AM
 #1

Hi,

I see there is a pull to add auto update for Windows, so I would like to suggest:

1- If the update is only bug fixes the update process should go on background (the users will have NO option to deny the update) (something like how Google Chrome update works)
2- If the update has new features, the users will be asked to update but with option to not update.

Question: Any work on auto update for Linux?
1480941273
Hero Member
*
Offline Offline

Posts: 1480941273

View Profile Personal Message (Offline)

Ignore
1480941273
Reply with quote  #2

1480941273
Report to moderator
1480941273
Hero Member
*
Offline Offline

Posts: 1480941273

View Profile Personal Message (Offline)

Ignore
1480941273
Reply with quote  #2

1480941273
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480941273
Hero Member
*
Offline Offline

Posts: 1480941273

View Profile Personal Message (Offline)

Ignore
1480941273
Reply with quote  #2

1480941273
Report to moderator
1480941273
Hero Member
*
Offline Offline

Posts: 1480941273

View Profile Personal Message (Offline)

Ignore
1480941273
Reply with quote  #2

1480941273
Report to moderator
1480941273
Hero Member
*
Offline Offline

Posts: 1480941273

View Profile Personal Message (Offline)

Ignore
1480941273
Reply with quote  #2

1480941273
Report to moderator
Stardust
Full Member
***
Offline Offline

Activity: 190


View Profile
June 16, 2012, 06:51:46 AM
 #2

Hopefully not, I don't care about M$ Windows, but no auto update for Linux please.
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
June 16, 2012, 07:07:33 AM
 #3

Really don't like that:

ONE break in or rogue programmer at the dev team HQ and all trust in bitcoin is destroyed + we loose millions.

Thanks, but no thanks.

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
kneim
Legendary
*
Offline Offline

Activity: 1498


View Profile
June 16, 2012, 08:34:22 AM
 #4

Really don't like that:

ONE break in or rogue programmer at the dev team HQ and all trust in bitcoin is destroyed + we loose millions.

Thanks, but no thanks.

Yes, minor bugs only with affirmation, major version not.

Or yet better: A hint in the footer, the update as a button in the menu bar.

ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
June 16, 2012, 08:44:26 AM
 #5

Yes, minor bugs only with affirmation, major version not.
Yeah, like the rogue bad guy would push a "major version" rather than labelling it a "minor bug fix"!

Anyone who would run any type of Bitcoin software with auto-update enabled doesn't understand what they're dealing with.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
June 16, 2012, 08:45:35 AM
 #6

so you want someone, to be able to download and execute unknown code on my machine. FUCK NO!

if you want this less secure auto-update feature, you must fork the code. and i will not use your code.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Garr255
Legendary
*
Offline Offline

Activity: 952


What's a GPU?


View Profile
June 16, 2012, 08:48:06 AM
 #7

so you want someone, to be able to download and execute unknown code on my machine. FUCK NO!

if you want this less secure auto-update feature, you must fork the code. and i will not use your code.

+1

“First they ignore you, then they laugh at you, then they fight you, then you win.”  -- Mahatma Gandhi

Average time between signing on to bitcointalk: Two weeks. Please don't expect responses any faster than that!
fanquake
Donator
Sr. Member
*
Offline Offline

Activity: 266


View Profile
June 16, 2012, 09:02:21 AM
 #8

The pull request has since been closed https://github.com/bitcoin/bitcoin/pull/1453
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
June 16, 2012, 09:14:01 AM
 #9

Yes, minor bugs only with affirmation, major version not.
Yeah, like the rogue bad guy would push a "major version" rather than labelling it a "minor bug fix"!

Anyone who would run any type of Bitcoin software with auto-update enabled doesn't understand what they're dealing with.
I think he meant an update button was okay, but that you ACTUALLY had to press it yourself and that major updates were a no-go, no matter what.

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
Pieter Wuille
Legendary
*
qt
Offline Offline

Activity: 1036


View Profile WWW
June 16, 2012, 11:24:34 AM
 #10

The binaries (at least for Windows and Linux) are built using gitian. This system performs the entire compilation process in a tightly controlled virtual machine, using a deterministic build process. This means that all developers (and others, if they like) can do the build themselves, and end up with the exact same binary (byte for byte identical). We then GPG sign the result, and upload it.

The (provisional) auto-update process uses these signatures (there have to be several) before installing an update.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
June 16, 2012, 01:35:11 PM
 #11

The (provisional) auto-update process uses these signatures (there have to be several) before installing an update.
Nifty, but why?

Even the oldest BTC client can send and receive BTC as I understand it.

Sure they aren't all safe and they may crash, but we can assume their users to some extent have taken their precautions.

What if the attacker hacks your admin passes/signatures or in another way corrupts the process?


Just not worth the risk to save 2 seconds in the update process (doing it yourself with a mouse click).

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
June 16, 2012, 02:38:19 PM
 #12

The (provisional) auto-update process uses these signatures (there have to be several) before installing an update.
I understand what you're saying, but it's missing the point to think that an auto-update is OK because it securely guarantees an upgrade to a specific official binary.

If the auto-update somehow installs an official binary that has malicious behavior, it might reach 51% adoption very quickly. If people update by hand, the adoption rate is much slower and there's time for a frantic re-release if a catastrophic problem is discovered, before adoption reaches 51%.
MatthewLM
Legendary
*
Offline Offline

Activity: 1092



View Profile WWW
June 16, 2012, 04:54:27 PM
 #13

Why not have an update feature that prompts the user to update? "An update for bitcoin is available. Would you like to install it?" "Yes" "No" "Do not ask me again"

Bitcoin Extra Wallet | Peercoin Android Wallet
BTC: 1D5A1q5d192j5gYuWiP3CSE5fcaaZxe6E9  PPC: PH7fVn1Xs7nkUFmdwCX2ZRYfLPCSwGxAq9
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2492


View Profile
June 16, 2012, 05:22:54 PM
 #14

I don't like it. Having many different versions on the network prevents mistaken new rules (fee rules, anti-DoS rules, etc.) from doing a lot of damage. For example, there was a bug in the anti-DoS rules in the past which prevented nodes from uploading the full chain to anyone, but this didn't cause a lot of damage to the network because there were a lot of people using older versions without this bug. An auto-update dialog would increase adoption of new versions a lot.

Also, it's better for security to use the oldest version that's still safe and usable. New code hasn't been tested as much.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Pieter Wuille
Legendary
*
qt
Offline Offline

Activity: 1036


View Profile WWW
June 16, 2012, 08:09:25 PM
 #15

I think I got carried away using the term "auto update" here. I certainly don't mean full automatic installation of new versions, merely a message warning for new versions, and only when enough signatures are available.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
June 16, 2012, 08:42:01 PM
 #16

I certainly don't mean full automatic installation of new versions, merely a message warning for new versions, and only when enough signatures are available.

Even that's not a good thing. If you issue a "message warning" to users every time there's an update available, users will soon get upgrade fatigue and may miss urgent updates.

By all means display a warning when a problem has been found and fixed. But an update notification should never be "in the user's face" if the update offers only increased functionality or cosmetic changes.
Schleicher
Hero Member
*****
Offline Offline

Activity: 630



View Profile
June 16, 2012, 09:47:19 PM
 #17

Did you ever see an update where no bugs had been fixed?

Bitcoin donations: 1H2BHSyuwLP9vqt2p3bK9G3mDJsAi7qChw
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
June 17, 2012, 11:08:44 AM
 #18

The idea that old software is inherently better is bogus. Software doesn't age like a fine wine. Unless a software project is completely hosed new versions are less buggy than old versions. Regressions happen, but they should be rare.

It's also worth remembering that even in the case of the worst bugs possible that completely break the network, you can issue another auto update that fixes things again. It's only if you break the software and the update mechanism simultaneously that problems start.

Bitcoin is a system where people need to upgrade from time to time for the good of the network, this is especially true for people who are mining or who could benefit from upgraded security features. Auto update is absolutely essential for these people.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
June 17, 2012, 11:41:08 AM
 #19

The idea that old software is inherently better is bogus. Software doesn't age like a fine wine. Unless a software project is completely hosed new versions are less buggy than old versions. Regressions happen, but they should be rare.

It's also worth remembering that even in the case of the worst bugs possible that completely break the network, you can issue another auto update that fixes things again. It's only if you break the software and the update mechanism simultaneously that problems start.

Bitcoin is a system where people need to upgrade from time to time for the good of the network, this is especially true for people who are mining or who could benefit from upgraded security features. Auto update is absolutely essential for these people.
the argument for not auto updating is that it gives a higher diversity in the network, which i think is good.
in my opinion does more diversity mean harder to attack, and new bugs have less impact.

that was theymos's point too.


people who mine or need security features, would naturally keep themselfs updated, they don't need auto-update, they are tech people.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Deafboy
Hero Member
*****
Offline Offline

Activity: 484



View Profile WWW
June 17, 2012, 12:40:24 PM
 #20

Please no auto-update, or at least no auto-update for linux. Or if auto-update on linux, integrate it with existing PPA to avoid mess in packaging system.
But I don't like this idea at all.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!