TylerJordan
Newbie
Offline
Activity: 58
Merit: 0
|
|
February 04, 2015, 12:25:22 PM |
|
Evil-K has found hard bugs before, he's proven he's capable. I think he should have been taken very seriously from the beginning.
On another note, I'm really shocked that there isn't a strong bounty system in place for catching bugs in the bitcoin code-base. shocked! If bitcoiner's wanted serious hard looks at the code, then IMO they'd consider looking into implementing a rewards/bounty program.
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3472
Merit: 4801
|
|
February 04, 2015, 02:25:14 PM |
|
Evil-K has found hard bugs before, he's proven he's capable. I think he should have been taken very seriously from the beginning.
On another note, I'm really shocked that there isn't a strong bounty system in place for catching bugs in the bitcoin code-base. shocked! If bitcoiner's wanted serious hard looks at the code, then IMO they'd consider looking into implementing a rewards/bounty program.
If you feel strongly about this, then you should start one. The only reason that a strong bounty system doesn't exist is because nobody has bothered creating one. It's an open system, feel free to be the guy that is responsible for creating and maintaining a reliable and trustworthy bounty program.
|
|
|
|
msin
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
February 04, 2015, 04:46:53 PM |
|
Evil-K has found hard bugs before, he's proven he's capable. I think he should have been taken very seriously from the beginning.
On another note, I'm really shocked that there isn't a strong bounty system in place for catching bugs in the bitcoin code-base. shocked! If bitcoiner's wanted serious hard looks at the code, then IMO they'd consider looking into implementing a rewards/bounty program.
If you feel strongly about this, then you should start one. The only reason that a strong bounty system doesn't exist is because nobody has bothered creating one. It's an open system, feel free to be the guy that is responsible for creating and maintaining a reliable and trustworthy bounty program. That's BS. Why wouldn't the "Foundation" have one? You expect random users to start an important security related program for BTC? Perhaps we wouldn't have issues like malleability if the Foundation was more proactive about this kind of stuff. I guess they can discuss it at their Caribbean retreat meanwhile hacks continue.
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3472
Merit: 4801
|
|
February 04, 2015, 04:57:36 PM |
|
Evil-K has found hard bugs before, he's proven he's capable. I think he should have been taken very seriously from the beginning.
On another note, I'm really shocked that there isn't a strong bounty system in place for catching bugs in the bitcoin code-base. shocked! If bitcoiner's wanted serious hard looks at the code, then IMO they'd consider looking into implementing a rewards/bounty program.
If you feel strongly about this, then you should start one. The only reason that a strong bounty system doesn't exist is because nobody has bothered creating one. It's an open system, feel free to be the guy that is responsible for creating and maintaining a reliable and trustworthy bounty program. That's BS. Why wouldn't the "Foundation" have one? "The Foundation" is simply a private club of bitcoin enthusiasts. There is nothing official about them. You are welcome to start your own club and call it "The Bitcoin Association" if you want. Unless you are a member of their club, they are not beholden to any of your personal interests. If you want them to have a bounty program, then join their club and campaign for it. You expect random users to start an important security related program for BTC?
Yes. The bitcoin system is decentralized and open. There is no "Bitcoin Company". If anything ever gets done in the bitcoin community, it is only because a random user decided that it needed to be done, so they did it. Perhaps we wouldn't have issues like malleability if the Foundation was more proactive about this kind of stuff.
Malleability was known about from very early on. It wasn't addressed because there weren't any "random users" that felt it was important enough to address. I guess they can discuss it at their Caribbean retreat meanwhile hacks continue. It's their retreat. They can discuss whatever they want. Meanwhile, you are welcome to sit on your whining butt and continue to complain to the universe about how it doesn't operate the way you want it to.
|
|
|
|
msin
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
February 04, 2015, 10:27:50 PM |
|
Evil-K has found hard bugs before, he's proven he's capable. I think he should have been taken very seriously from the beginning.
On another note, I'm really shocked that there isn't a strong bounty system in place for catching bugs in the bitcoin code-base. shocked! If bitcoiner's wanted serious hard looks at the code, then IMO they'd consider looking into implementing a rewards/bounty program.
If you feel strongly about this, then you should start one. The only reason that a strong bounty system doesn't exist is because nobody has bothered creating one. It's an open system, feel free to be the guy that is responsible for creating and maintaining a reliable and trustworthy bounty program. That's BS. Why wouldn't the "Foundation" have one? "The Foundation" is simply a private club of bitcoin enthusiasts. There is nothing official about them. You are welcome to start your own club and call it "The Bitcoin Association" if you want. Unless you are a member of their club, they are not beholden to any of your personal interests. If you want them to have a bounty program, then join their club and campaign for it. You expect random users to start an important security related program for BTC?
Yes. The bitcoin system is decentralized and open. There is no "Bitcoin Company". If anything ever gets done in the bitcoin community, it is only because a random user decided that it needed to be done, so they did it. Perhaps we wouldn't have issues like malleability if the Foundation was more proactive about this kind of stuff.
Malleability was known about from very early on. It wasn't addressed because there weren't any "random users" that felt it was important enough to address. I guess they can discuss it at their Caribbean retreat meanwhile hacks continue. It's their retreat. They can discuss whatever they want. Meanwhile, you are welcome to sit on your whining butt and continue to complain to the universe about how it doesn't operate the way you want it to. Thank you for the lessons wise one, until now I thought Bitcoin was a company run by the Foundation who was orchestrating Malleability hacks on exchanges. I guess I should get off my whinny butt, after all, I've been here longer than you and haven't had the severely limited time to reach Legendary status.
|
|
|
|
zanzibar
|
|
February 04, 2015, 11:25:14 PM |
|
Malleability was known about from very early on. It wasn't addressed because there weren't any "random users" that felt it was important enough to address.
That's the point of a bounty program, to find exploits of known bugs. I'm also really surprised there isn't a bug bounty program in place. The Foundation would be able to easily organize something like this with the most exposure. We are past the "everybody needs to contribute" days, need to be more organized for mass adoption.
|
|
|
|
TylerJordan
Newbie
Offline
Activity: 58
Merit: 0
|
|
February 05, 2015, 12:50:12 PM |
|
Evil-K has found hard bugs before, he's proven he's capable. I think he should have been taken very seriously from the beginning.
On another note, I'm really shocked that there isn't a strong bounty system in place for catching bugs in the bitcoin code-base. shocked! If bitcoiner's wanted serious hard looks at the code, then IMO they'd consider looking into implementing a rewards/bounty program.
If you feel strongly about this, then you should start one. The only reason that a strong bounty system doesn't exist is because nobody has bothered creating one. It's an open system, feel free to be the guy that is responsible for creating and maintaining a reliable and trustworthy bounty program. I feel strongly about being shocked. However as I don't use bitcoin anymore, except transitionally to buy NXT and MAIDSAFE, I'll leave the implementation of a bounty system to those who are invested in bitcoin and who would like to see the code analyzed with a fine-tooth comb. but I tell ya....I'm shocked!
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1043
#Free market
|
|
February 05, 2015, 02:34:13 PM |
|
@gmaxwell , can you tell if Evil-Knievel has right or not ? Thanks for the attention.
|
|
|
|
noma
|
|
February 05, 2015, 02:51:32 PM |
|
Even though he has sent the bug to gmaxwell to be reviews, why did he already get a negative trust ?
|
|
|
|
Evil-Knievel (OP)
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
February 05, 2015, 03:04:19 PM Last edit: April 17, 2016, 07:57:42 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
alani123
Legendary
Offline
Activity: 2576
Merit: 1507
|
|
February 05, 2015, 03:07:52 PM |
|
You'd expect that something as big as bitcoin with an entire foundation behind it would have at least a small bug bounty. Yet we get to hear that no one cared enough to create one.
|
| Duelbits | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | TRY OUR UNIQUE GAMES! ◥ DICE ◥ MINES ◥ PLINKO ◥ DUEL POKER ◥ DICE DUELS | | | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ KENONEW ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ | | 10,000x MULTIPLIER | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ |
[/tabl
|
|
|
mtwelve
Legendary
Offline
Activity: 1330
Merit: 1009
|
|
February 05, 2015, 03:46:45 PM |
|
Sent pm
|
|
|
|
ABitNut
|
|
February 06, 2015, 07:45:19 AM |
|
Even though he has sent the bug to gmaxwell to be reviews, why did he already get a negative trust ?
Self-proclaimed internet-sheriff's blind anger. Questionable behaviour, I agree. Speaking about questionable behaviour... To me "Hey, I found a critical bug. I will inform you about it for BTC10" sounds an awful lot like "Hey, I can break your legs. For $2000 I won't".
|
|
|
|
bitspill
Legendary
Offline
Activity: 2087
Merit: 1015
|
|
February 06, 2015, 07:50:33 AM |
|
Even though he has sent the bug to gmaxwell to be reviews, why did he already get a negative trust ?
Self-proclaimed internet-sheriff's blind anger. Questionable behaviour, I agree. Speaking about questionable behaviour... To me "Hey, I found a critical bug. I will inform you about it for BTC10" sounds an awful lot like "Hey, I can break your legs. For $2000 I won't". No, because then he'd be saying if you don't pay me the 10 btc I'm going to start shooting down every node I see until it's fixed. Rather he simply wants to be compensated for his time spent digging into the code and finding a vulnerability. To those who believe the Bitcoin Foundation should not offer these bounties I ask why does the EFF offer bounties and prizes? Edit: Has gmaxwell verified the claim sent by PM yet?
|
|
|
|
thompete
|
|
February 06, 2015, 08:17:04 AM |
|
Edit: Has gmaxwell verified the claim sent by PM yet?
I don't think so it has been verified yet. All I see is a negative trust back in 2013 March by gmaxwell himself for a similar claim. So I am confused about the whole situation right now.
|
|
|
|
ABitNut
|
|
February 06, 2015, 09:47:41 AM |
|
Even though he has sent the bug to gmaxwell to be reviews, why did he already get a negative trust ?
Self-proclaimed internet-sheriff's blind anger. Questionable behaviour, I agree. Speaking about questionable behaviour... To me "Hey, I found a critical bug. I will inform you about it for BTC10" sounds an awful lot like "Hey, I can break your legs. For $2000 I won't". No, because then he'd be saying if you don't pay me the 10 btc I'm going to start shooting down every node I see until it's fixed. Rather he simply wants to be compensated for his time spent digging into the code and finding a vulnerability. To those who believe the Bitcoin Foundation should not offer these bounties I ask why does the EFF offer bounties and prizes? Edit: Has gmaxwell verified the claim sent by PM yet? I realise that, which is why I said "sounds an awful lot like". Obviously he wants compensation for his work, which is alright. He's just not packaging his request that nicely. He's obviously rubbing people the wrong way. If he were to present it nicer he would be more likely to get what he wants tm. Also the EFF offers those bounties to give people an incentive to go out and find issues. Evil-Knievel doesn't need such an incentive. He goes out looking with no prospect of a reward, only to request it upon finding something. It's like finding someone's wallet. If you return it do you demand $10? Or do you just give it back and accept whatever reward they give? And how does that change if the owner put out posters offering a reward for finding their wallet? Anyway, bottom line is that if he found an issue he deserves something. But there's no obligation for anyone to give him what he deserves.
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1043
#Free market
|
|
February 06, 2015, 10:41:06 AM |
|
However why not "make" this bug and "turn off" some bitcoin node? I think it will be a valid proof. What do you think guys ?
|
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
February 06, 2015, 11:56:57 AM |
|
However why not "make" this bug and "turn off" some bitcoin node? I think it will be a valid proof. What do you think guys ?
As long as he gets permission from the node operator first, I think that's an excellent idea.
|
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1043
#Free market
|
|
February 06, 2015, 12:27:44 PM |
|
I know , but if he gets permission I think that is the best idea for prove he has right.
|
|
|
|
|