|
teste (OP)
|
 |
June 16, 2012, 04:10:32 AM |
|
Hi,
I see there is a pull to add auto update for Windows, so I would like to suggest:
1- If the update is only bug fixes the update process should go on background (the users will have NO option to deny the update) (something like how Google Chrome update works)
2- If the update has new features, the users will be asked to update but with option to not update.
Question: Any work on auto update for Linux?
|
|
|
|
|
|
|
|
The Bitcoin software, network, and concept is called "Bitcoin" with a capitalized "B". Bitcoin currency units are called "bitcoins" with a lowercase "b" -- this is often abbreviated BTC.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
Stardust
|
|
June 16, 2012, 06:51:46 AM |
|
Hopefully not, I don't care about M$ Windows, but no auto update for Linux please.
|
|
|
|
|
|
Realpra
|
|
June 16, 2012, 07:07:33 AM |
|
Really don't like that:
ONE break in or rogue programmer at the dev team HQ and all trust in bitcoin is destroyed + we loose millions.
Thanks, but no thanks.
|
|
|
|
kneim
Legendary
 Offline
Activity: 1666
Merit: 1000
|
|
June 16, 2012, 08:34:22 AM |
|
Really don't like that:
ONE break in or rogue programmer at the dev team HQ and all trust in bitcoin is destroyed + we loose millions.
Thanks, but no thanks.
Yes, minor bugs only with affirmation, major version not. Or yet better: A hint in the footer, the update as a button in the menu bar. |
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1039
|
|
June 16, 2012, 08:44:26 AM |
|
Yes, minor bugs only with affirmation, major version not.
Yeah, like the rogue bad guy would push a "major version" rather than labelling it a "minor bug fix"! Anyone who would run any type of Bitcoin software with auto-update enabled doesn't understand what they're dealing with. |
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
June 16, 2012, 08:45:35 AM |
|
so you want someone, to be able to download and execute unknown code on my machine. FUCK NO!
if you want this less secure auto-update feature, you must fork the code. and i will not use your code.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
Garr255
Legendary
Offline
Activity: 938
Merit: 1000
What's a GPU?
|
|
June 16, 2012, 08:48:06 AM |
|
so you want someone, to be able to download and execute unknown code on my machine. FUCK NO!
if you want this less secure auto-update feature, you must fork the code. and i will not use your code.
+1 |
“First they ignore you, then they laugh at you, then they fight you, then you win.” -- Mahatma Gandhi
Average time between signing on to bitcointalk: Two weeks. Please don't expect responses any faster than that!
|
|
|
|
Realpra
|
|
June 16, 2012, 09:14:01 AM |
|
Yes, minor bugs only with affirmation, major version not.
Yeah, like the rogue bad guy would push a "major version" rather than labelling it a "minor bug fix"! Anyone who would run any type of Bitcoin software with auto-update enabled doesn't understand what they're dealing with. I think he meant an update button was okay, but that you ACTUALLY had to press it yourself and that major updates were a no-go, no matter what. |
|
|
|
|
Pieter Wuille
|
|
June 16, 2012, 11:24:34 AM |
|
The binaries (at least for Windows and Linux) are built using gitian. This system performs the entire compilation process in a tightly controlled virtual machine, using a deterministic build process. This means that all developers (and others, if they like) can do the build themselves, and end up with the exact same binary (byte for byte identical). We then GPG sign the result, and upload it.
The (provisional) auto-update process uses these signatures (there have to be several) before installing an update.
|
I do Bitcoin stuff.
|
|
|
|
Realpra
|
|
June 16, 2012, 01:35:11 PM |
|
The (provisional) auto-update process uses these signatures (there have to be several) before installing an update.
Nifty, but why? Even the oldest BTC client can send and receive BTC as I understand it. Sure they aren't all safe and they may crash, but we can assume their users to some extent have taken their precautions. What if the attacker hacks your admin passes/signatures or in another way corrupts the process? Just not worth the risk to save 2 seconds in the update process (doing it yourself with a mouse click). |
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1039
|
|
June 16, 2012, 02:38:19 PM |
|
The (provisional) auto-update process uses these signatures (there have to be several) before installing an update.
I understand what you're saying, but it's missing the point to think that an auto-update is OK because it securely guarantees an upgrade to a specific official binary. If the auto-update somehow installs an official binary that has malicious behavior, it might reach 51% adoption very quickly. If people update by hand, the adoption rate is much slower and there's time for a frantic re-release if a catastrophic problem is discovered, before adoption reaches 51%. |
|
|
|
|
MatthewLM
Legendary
Offline
Activity: 1190
Merit: 1004
|
|
June 16, 2012, 04:54:27 PM |
|
Why not have an update feature that prompts the user to update? "An update for bitcoin is available. Would you like to install it?" "Yes" "No" "Do not ask me again"
|
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5194
Merit: 12985
|
|
June 16, 2012, 05:22:54 PM |
|
I don't like it. Having many different versions on the network prevents mistaken new rules (fee rules, anti-DoS rules, etc.) from doing a lot of damage. For example, there was a bug in the anti-DoS rules in the past which prevented nodes from uploading the full chain to anyone, but this didn't cause a lot of damage to the network because there were a lot of people using older versions without this bug. An auto-update dialog would increase adoption of new versions a lot.
Also, it's better for security to use the oldest version that's still safe and usable. New code hasn't been tested as much.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
Pieter Wuille
|
|
June 16, 2012, 08:09:25 PM |
|
I think I got carried away using the term "auto update" here. I certainly don't mean full automatic installation of new versions, merely a message warning for new versions, and only when enough signatures are available.
|
I do Bitcoin stuff.
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1039
|
|
June 16, 2012, 08:42:01 PM |
|
I certainly don't mean full automatic installation of new versions, merely a message warning for new versions, and only when enough signatures are available.
Even that's not a good thing. If you issue a "message warning" to users every time there's an update available, users will soon get upgrade fatigue and may miss urgent updates. By all means display a warning when a problem has been found and fixed. But an update notification should never be "in the user's face" if the update offers only increased functionality or cosmetic changes. |
|
|
|
|
|
Schleicher
|
|
June 16, 2012, 09:47:19 PM |
|
Did you ever see an update where no bugs had been fixed?
|
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1129
|
|
June 17, 2012, 11:08:44 AM |
|
The idea that old software is inherently better is bogus. Software doesn't age like a fine wine. Unless a software project is completely hosed new versions are less buggy than old versions. Regressions happen, but they should be rare.
It's also worth remembering that even in the case of the worst bugs possible that completely break the network, you can issue another auto update that fixes things again. It's only if you break the software and the update mechanism simultaneously that problems start.
Bitcoin is a system where people need to upgrade from time to time for the good of the network, this is especially true for people who are mining or who could benefit from upgraded security features. Auto update is absolutely essential for these people.
|
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
June 17, 2012, 11:41:08 AM |
|
The idea that old software is inherently better is bogus. Software doesn't age like a fine wine. Unless a software project is completely hosed new versions are less buggy than old versions. Regressions happen, but they should be rare.
It's also worth remembering that even in the case of the worst bugs possible that completely break the network, you can issue another auto update that fixes things again. It's only if you break the software and the update mechanism simultaneously that problems start.
Bitcoin is a system where people need to upgrade from time to time for the good of the network, this is especially true for people who are mining or who could benefit from upgraded security features. Auto update is absolutely essential for these people.
the argument for not auto updating is that it gives a higher diversity in the network, which i think is good. in my opinion does more diversity mean harder to attack, and new bugs have less impact. that was theymos's point too. people who mine or need security features, would naturally keep themselfs updated, they don't need auto-update, they are tech people. |
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
|
Deafboy
|
|
June 17, 2012, 12:40:24 PM |
|
Please no auto-update, or at least no auto-update for linux. Or if auto-update on linux, integrate it with existing PPA to avoid mess in packaging system.
But I don't like this idea at all.
|
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
June 17, 2012, 04:37:19 PM |
|
NO AUTO UPDATE FOR MAC OSX either please.
|
|
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1129
|
|
June 17, 2012, 06:04:11 PM |
|
Lack of auto update, in practice, means lots of people don't update ever. Look at the version skew on the current network for evidence.
Old versions harm the network, are likely to have lower security for their owners, and slow down deployment of new features that can benefit the entire Bitcoin ecosystem. As you should be keeping up to date anyway, you should want a helpful auto update feature. If you don't then you're just going to cause problems later.
|
|
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1039
|
|
June 17, 2012, 08:21:02 PM |
|
Auto-update is all fun and games until an update contains a vulnerability or a show-stopper bug. Sooner or later, this WILL happen.
Good software hygiene requires keeping control over what is being installed on your computer, and when.
|
|
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1129
|
|
June 17, 2012, 09:33:46 PM |
|
And how are users supposed to find out about those bugs in the non-auto scenario? Reading the forums?
Nothing stops an auto update mechanism having gradual rollout strategies, like by allowing the update servers to say "only update if the hash of your first key is < X"
|
|
|
|
|
|
teste (OP)
|
|
June 17, 2012, 09:39:10 PM |
|
What I want is:
1- download bitcoin tgz file, extract the files to a custom folder, execute the bin.
2- If a new version is released I wouldn't like to have to delete the folder and extract the files again.
When a new version is released I just want to be notified and asked if I want to update. (Like Firefox update process)
|
|
|
|
|
|
teste (OP)
|
|
June 17, 2012, 09:42:31 PM |
|
About auto update I prefer not comment. (Maybe only for critical vulnerabilities?)
|
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
June 17, 2012, 09:49:50 PM |
|
How about auto-cripple? Where developers can tell old versions to stop functioning, or at least to start overbearingly pester the user to upgrade. I thought this functionality was already in there from the beginning.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
HostFat
Staff
Legendary
Offline
Activity: 4214
Merit: 1203
I support freedom of choice
|
|
June 17, 2012, 10:04:10 PM |
|
I like the idea of the auto-update, I just don't like that it's forced.
- User must know that there is an update.
- User must know what the update does.
- User must able to auto-update Bitcoin with just a click.
- User should not be forced to update
|
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1039
|
|
June 18, 2012, 09:36:24 AM |
|
Nothing stops an auto update mechanism having gradual rollout strategies
If there's auto-update, it should certainly be rolled out gradually. How about auto-cripple? Where developers can tell old versions to stop functioning You definitely don't want to tempt an attacker with the chance to cripple everyone else, while they attempt their 51% attack! The power to deprecate old versions is already available to the network as a whole, since each node can refuse to connect to instances running an outdated version of the protocol. The network is where that power belongs - not with the developers, although developers of course can influence it by releasing new versions that are important enough to the network that it becomes worth deprecating older versions. |
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
June 18, 2012, 09:49:09 AM |
|
Nothing stops an auto update mechanism having gradual rollout strategies
If there's auto-update, it should certainly be rolled out gradually. How about auto-cripple? Where developers can tell old versions to stop functioning You definitely don't want to tempt an attacker with the chance to cripple everyone else, while they attempt their 51% attack! The power to deprecate old versions is already available to the network as a whole, since each node can refuse to connect to instances running an outdated version of the protocol. The network is where that power belongs - not with the developers, although developers of course can influence it by releasing new versions that are important enough to the network that it becomes worth deprecating older versions. thats excacly what alert messages does... cripple the clients... |
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1039
|
|
June 18, 2012, 04:50:55 PM |
|
thats excacly what alert messages does... cripple the clients...
Before Satoshi disappeared he removed crippling by alert messages. Now they just display the message. More details here: http://bitcointalk.org/index.php?topic=2228 |
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
June 18, 2012, 05:07:18 PM |
|
thats excacly what alert messages does... cripple the clients...
Before Satoshi disappeared he removed crippling by alert messages. Now they just display the message. More details here: http://bitcointalk.org/index.php?topic=2228was not aware of that.. |
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
|
