New IRC bootstrapping using random channels.

[Gareth Nelson]

IRC isn't a sustainable discovery protocol anyway. It has lots of problems beyond startup time.

+1

I think the final straw is that it sets of botnet detectors for some ISPs. The last thing we want is for bitcoin to be classified as botnet

True. My ISP just blocked something yesterday, no connections 

I setup Tor last night just so I could proxy Bitcoin through it so it could connect.

Bitcoin needs to NOT use IRC, IMHO. It's too prone to being taken down by ISPs. I don't know what to tell you guys, but I do know that it's unfortunate that my ISP did what they did.

On the bright side, I found out about the wonders of Tor yesterday and am proudly running a relay 

What is it about IRC that makes it look like a botnet? I happily run an IRCD and an IRC client without issue, so what's the criteria for being botnet-like?

[1714900597]

1714900597

[1714900597]

1714900597

[1714900597]

1714900597

[1714900597]

1714900597

[1bitc0inplz]

What is it about IRC that makes it look like a botnet? I happily run an IRCD and an IRC client without issue, so what's the criteria for being botnet-like?

From what I understand, it's not so much the ports and what not, but the type of transmissions and their frequency. Apparently some (all?) botnets use IRC for communications, so the ISPs have gotten to where they look for frequent and seemingly autonomous transmissions across IRC.

At least that is my understand.

[CD-RW]

Hmm, so the -dnsseed is already implemented in 0.3.12-beta and could be fully utilized any moment?
I say go, then.

[laszlo]

Just so everyone understands..

* LFnet IRC network is primarily used for bitcoin - a few others and I maintain it and we're all bitcoin users. 

* I am a regular bitcoin contributor.  I'm also the guy that bought the 10,000 bitcoin pizza in case anyone is wondering.  I'm a moderator on this forum, I maintain the Mac OS build and I wrote the original GPU miner (http://heliacal.net/~solar/bitcoin/opencl-v2-svn-95-2010-06-30.patch)  - I hope that's enough credentials to prove to anyone that I'm not some BOFH IRC admin

* We will make sure the #bitcoinXX channels are not 'taken over' or anything like that.

* The IRC servers have been configured to limit the number of records returned when a client joins #bitcoin and issues a WHO request.  This greatly reduced the bandwidth and memory requirements.

* We use and monitor IRC and will keep an eye on the #bitcoinXX channels.  The channel modes will be locked to a reasonable normal setting like #bitcoin is today.

I would like to add an option/preference to disable IRC in the client.  It should be on by default, since that's the whole point, to bootstrap new users, but then the user should be able to switch it off.  There will still be plenty of people who leave it on to provide booting to others, but not everyone needs to do that; especially if you don't have the inbound port open.

I also think that alternative bootstrap methods are a good idea, but it should be possible to switch it all off once you're connected to the network.

Thanks,
Laszlo

[Matt Corallo]

I would like to add an option/preference to disable IRC in the client.  It should be on by default, since that's the whole point, to bootstrap new users, but then the user should be able to switch it off.  There will still be plenty of people who leave it on to provide booting to others, but not everyone needs to do that; especially if you don't have the inbound port open.

-noirc...done

I also think that alternative bootstrap methods are a good idea, but it should be possible to switch it all off once you're connected to the network.

That already pretty much happens, bitcoin prefers nodes it has previously connected to, so as long as it has made a decent number of connections in the past it shouldn't bother with nodes from bootstrap sources.  Plus keep in mind bootstrap sources are just lists of IPs, which is really no different from what you get via peer exchange. 

[Gareth Nelson]

Just so everyone understands..

* LFnet IRC network is primarily used for bitcoin - a few others and I maintain it and we're all bitcoin users. 

* I am a regular bitcoin contributor.  I'm also the guy that bought the 10,000 bitcoin pizza in case anyone is wondering.  I'm a moderator on this forum, I maintain the Mac OS build and I wrote the original GPU miner (http://heliacal.net/~solar/bitcoin/opencl-v2-svn-95-2010-06-30.patch)  - I hope that's enough credentials to prove to anyone that I'm not some BOFH IRC admin

* We will make sure the #bitcoinXX channels are not 'taken over' or anything like that.

* The IRC servers have been configured to limit the number of records returned when a client joins #bitcoin and issues a WHO request.  This greatly reduced the bandwidth and memory requirements.

* We use and monitor IRC and will keep an eye on the #bitcoinXX channels.  The channel modes will be locked to a reasonable normal setting like #bitcoin is today.

I would like to add an option/preference to disable IRC in the client.  It should be on by default, since that's the whole point, to bootstrap new users, but then the user should be able to switch it off.  There will still be plenty of people who leave it on to provide booting to others, but not everyone needs to do that; especially if you don't have the inbound port open.

I also think that alternative bootstrap methods are a good idea, but it should be possible to switch it all off once you're connected to the network.

Thanks,
Laszlo

Couldn't you in theory hijack almost the entire network?
I'm not claiming that you would of course, but i'm wary of that ability being available to any one entity - what if, for example, someone sniffed your connection and got /oper access?

[theymos]

IRC could only be used to "hijack" totally new users, though maybe IRC could break things by returning millions of bogus addresses and filling up addr.dat. Does Bitcoin defend against this?

[laszlo]

Couldn't you in theory hijack almost the entire network?

No, it wouldn't make much difference if the IRC network was compromised.

It is just used to get a list of hostnames to try to connect to, but you only need to connect to one real node in order to be able to receive the majority block chain.  It is just one of many methods used to find other nodes - the address messages broadcast on the bitcoin network are the primary means, and once you've been connected to the network the client keeps a local cache of the addresses it has seen.  The ones it sees on IRC are just added to the list.

[Gareth Nelson]

I don't think it would be possible to "hijack" anything, though maybe IRC could break things by returning millions of bogus addresses and filling up addr.dat. Does Bitcoin defend against this?

It would be simple - just add a bunch of peers you control and use them to poison the network - you could even be evil by sending your poison peers only to certain users to avoid everyone else noticing. Send one user 30 poison peers and they see 30 connections and think everything is normal.

[Gareth Nelson]

Couldn't you in theory hijack almost the entire network?

No, it wouldn't make much difference if the IRC network was compromised.

It is just used to get a list of hostnames to try to connect to, but you only need to connect to one real node in order to be able to receive the majority block chain.  It is just one of many methods used to find other nodes - the address messages broadcast on the bitcoin network are the primary means, and once you've been connected to the network the client keeps a local cache of the addresses it has seen.  The ones it sees on IRC are just added to the list.

You'd still be able to hijack new users

[MacRohard]

Couldn't you in theory hijack almost the entire network?

No, it wouldn't make much difference if the IRC network was compromised.

It is just used to get a list of hostnames to try to connect to, but you only need to connect to one real node in order to be able to receive the majority block chain.  It is just one of many methods used to find other nodes - the address messages broadcast on the bitcoin network are the primary means, and once you've been connected to the network the client keeps a local cache of the addresses it has seen.  The ones it sees on IRC are just added to the list.

You'd still be able to hijack new users

That would be true of any bootstrapping mechanism you can think of. At least with IRC it's somewhat transparent in that people can log in and see what's going on.. I don't really see any way around this though..

Also, users would probably notice that they weren't on the 'real' bitcoin network since they wouldn't be receiving any payments made to them or be able to send payments and also if they ever connect to a single real node by any of the bootstrapping mechanisms then they'd 'break out' of the illusion.

[MacRohard]

Infact, there's really very little motivation to 'hijack' a new user.. all you can really do is prevent them from communicating with other bitcoin users.. you can't steal their money or intercept their transactions.. all you could do it stop them from connecting to the network.. which they would probably notice and be able to work around. I guess you could force them to work on your block chain, but since mining is now disabled in the main client anyway that is no-longer true either.

[Gareth Nelson]

Couldn't you in theory hijack almost the entire network?

No, it wouldn't make much difference if the IRC network was compromised.

It is just used to get a list of hostnames to try to connect to, but you only need to connect to one real node in order to be able to receive the majority block chain.  It is just one of many methods used to find other nodes - the address messages broadcast on the bitcoin network are the primary means, and once you've been connected to the network the client keeps a local cache of the addresses it has seen.  The ones it sees on IRC are just added to the list.

You'd still be able to hijack new users

That would be true of any bootstrapping mechanism you can think of. At least with IRC it's somewhat transparent in that people can log in and see what's going on.. I don't really see any way around this though..

Also, users would probably notice that they weren't on the 'real' bitcoin network since they wouldn't be receiving any payments made to them or be able to send payments and also if they ever connect to a single real node by any of the bootstrapping mechanisms then they'd 'break out' of the illusion.

Connecting to a real node by what other mechanism?
This is why multiple mechanisms are a good thing

[WakiMiko]

what about the proposal to use bittorrent trackers to find other peers?

see http://forum.bitcoin.org/index.php?topic=84.msg119872#msg119872

clients can also specify the port they listen on

[Mike Hearn]

Thanks laszlo, I didn't realize LFnet was so customized for Bitcoin.

[CD-RW]

* We use and monitor IRC and will keep an eye on the #bitcoinXX channels.  The channel modes will be locked to a reasonable normal setting like #bitcoin is today.

Hmm. Needs more +m on #bitcoinXX channel, also do 'auto +m' on #bitcoinTEST. Not sure if it is possible but auto de-OP on #bitcoinXX join would also be nice.

// CD-RW

[xf2_org]

what about the proposal to use bittorrent trackers to find other peers?

see http://forum.bitcoin.org/index.php?topic=84.msg119872#msg119872

Bittorrent trackers require a DNS lookup... at which point you might as well just use -dnsseed

clients can also specify the port they listen on

IRC is just for bootstrapping.  Once you get at least one valid node, you connect and exchange peer addresses.  The bitcoin peer exchange includes listen port.

[CD-RW]

Yeah, DNSSeed will work fine I guess.

[just_someguy]

DNS is a step forward in speed but also a step back in functionality.
Encoded in the IRC nicks is the port the peer is listening on. The DNS peer lookup has no way to do that the moment.
This means DNS discovery can only use the standard port which makes blocking peer bootstrapping much easier.
Not a big issue right now but it does need to be addressed at some point.

[Pieter Wuille]

DNS does not completely replace IRC, as its database can only be updated by the maintainer, not by everyone.

However, nodes also pass known addresses (including port, even with IPv6 support) to eachother. So DNS bootstrapping is just bootstrapping, finding *some* node, that knows other accessible nodes.