Bitcoin Forum
November 01, 2024, 05:02:37 PM *
News: Bitcoin Pumpkin Carving Contest
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 »  All
  Print  
Author Topic: This message was too old and has been purged  (Read 9282 times)
TylerJordan
Newbie
*
Offline Offline

Activity: 58
Merit: 0



View Profile
February 04, 2015, 12:25:22 PM
 #41

Evil-K has found hard bugs before, he's proven he's capable. I think he should have been taken very seriously from the beginning.

On another note, I'm really shocked that there isn't a strong bounty system in place for catching bugs in the bitcoin code-base.  shocked!  If bitcoiner's wanted serious hard looks at the code, then IMO they'd consider looking into implementing a rewards/bounty program.

DannyHamilton
Legendary
*
Offline Offline

Activity: 3472
Merit: 4801



View Profile
February 04, 2015, 02:25:14 PM
 #42

Evil-K has found hard bugs before, he's proven he's capable. I think he should have been taken very seriously from the beginning.

On another note, I'm really shocked that there isn't a strong bounty system in place for catching bugs in the bitcoin code-base.  shocked!  If bitcoiner's wanted serious hard looks at the code, then IMO they'd consider looking into implementing a rewards/bounty program.

If you feel strongly about this, then you should start one.  The only reason that a strong bounty system doesn't exist is because nobody has bothered creating one.  It's an open system, feel free to be the guy that is responsible for creating and maintaining a reliable and trustworthy bounty program.
msin
Legendary
*
Offline Offline

Activity: 1470
Merit: 1004


View Profile
February 04, 2015, 04:46:53 PM
 #43

Evil-K has found hard bugs before, he's proven he's capable. I think he should have been taken very seriously from the beginning.

On another note, I'm really shocked that there isn't a strong bounty system in place for catching bugs in the bitcoin code-base.  shocked!  If bitcoiner's wanted serious hard looks at the code, then IMO they'd consider looking into implementing a rewards/bounty program.

If you feel strongly about this, then you should start one.  The only reason that a strong bounty system doesn't exist is because nobody has bothered creating one.  It's an open system, feel free to be the guy that is responsible for creating and maintaining a reliable and trustworthy bounty program.

That's BS.  Why wouldn't the "Foundation" have one?  You expect random users to start an important security related program for BTC?  Perhaps we wouldn't have issues like malleability if the Foundation was more proactive about this kind of stuff.  I guess they can discuss it at their Caribbean retreat Roll Eyes meanwhile hacks continue.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3472
Merit: 4801



View Profile
February 04, 2015, 04:57:36 PM
 #44

Evil-K has found hard bugs before, he's proven he's capable. I think he should have been taken very seriously from the beginning.

On another note, I'm really shocked that there isn't a strong bounty system in place for catching bugs in the bitcoin code-base.  shocked!  If bitcoiner's wanted serious hard looks at the code, then IMO they'd consider looking into implementing a rewards/bounty program.

If you feel strongly about this, then you should start one.  The only reason that a strong bounty system doesn't exist is because nobody has bothered creating one.  It's an open system, feel free to be the guy that is responsible for creating and maintaining a reliable and trustworthy bounty program.

That's BS.  Why wouldn't the "Foundation" have one?

"The Foundation" is simply a private club of bitcoin enthusiasts. There is nothing official about them.  You are welcome to start your own club and call it "The Bitcoin Association" if you want.  Unless you are a member of their club, they are not beholden to any of your personal interests.  If you want them to have a bounty program, then join their club and campaign for it.

You expect random users to start an important security related program for BTC?

Yes.  The bitcoin system is decentralized and open.  There is no "Bitcoin Company".  If anything ever gets done in the bitcoin community, it is only because a random user decided that it needed to be done, so they did it.

Perhaps we wouldn't have issues like malleability if the Foundation was more proactive about this kind of stuff.

Malleability was known about from very early on.  It wasn't addressed because there weren't any "random users" that felt it was important enough to address.

I guess they can discuss it at their Caribbean retreat Roll Eyes meanwhile hacks continue.

It's their retreat. They can discuss whatever they want.  Meanwhile, you are welcome to sit on your whining butt and continue to complain to the universe about how it doesn't operate the way you want it to.
msin
Legendary
*
Offline Offline

Activity: 1470
Merit: 1004


View Profile
February 04, 2015, 10:27:50 PM
 #45

Evil-K has found hard bugs before, he's proven he's capable. I think he should have been taken very seriously from the beginning.

On another note, I'm really shocked that there isn't a strong bounty system in place for catching bugs in the bitcoin code-base.  shocked!  If bitcoiner's wanted serious hard looks at the code, then IMO they'd consider looking into implementing a rewards/bounty program.

If you feel strongly about this, then you should start one.  The only reason that a strong bounty system doesn't exist is because nobody has bothered creating one.  It's an open system, feel free to be the guy that is responsible for creating and maintaining a reliable and trustworthy bounty program.

That's BS.  Why wouldn't the "Foundation" have one?

"The Foundation" is simply a private club of bitcoin enthusiasts. There is nothing official about them.  You are welcome to start your own club and call it "The Bitcoin Association" if you want.  Unless you are a member of their club, they are not beholden to any of your personal interests.  If you want them to have a bounty program, then join their club and campaign for it.

You expect random users to start an important security related program for BTC?

Yes.  The bitcoin system is decentralized and open.  There is no "Bitcoin Company".  If anything ever gets done in the bitcoin community, it is only because a random user decided that it needed to be done, so they did it.

Perhaps we wouldn't have issues like malleability if the Foundation was more proactive about this kind of stuff.

Malleability was known about from very early on.  It wasn't addressed because there weren't any "random users" that felt it was important enough to address.

I guess they can discuss it at their Caribbean retreat Roll Eyes meanwhile hacks continue.

It's their retreat. They can discuss whatever they want.  Meanwhile, you are welcome to sit on your whining butt and continue to complain to the universe about how it doesn't operate the way you want it to.

Thank you for the lessons wise one, until now I thought Bitcoin was a company run by the Foundation who was orchestrating Malleability hacks on exchanges.  I guess I should get off my whinny butt, after all, I've been here longer than you and haven't had the severely limited time to reach Legendary status. 
zanzibar
Hero Member
*****
Offline Offline

Activity: 715
Merit: 500



View Profile
February 04, 2015, 11:25:14 PM
 #46

Malleability was known about from very early on.  It wasn't addressed because there weren't any "random users" that felt it was important enough to address.

That's the point of a bounty program, to find exploits of known bugs.  I'm also really surprised there isn't a bug bounty program in place.  The Foundation would be able to easily organize something like this with the most exposure.  We are past the "everybody needs to contribute" days, need to be more organized for mass adoption.
TylerJordan
Newbie
*
Offline Offline

Activity: 58
Merit: 0



View Profile
February 05, 2015, 12:50:12 PM
 #47

Evil-K has found hard bugs before, he's proven he's capable. I think he should have been taken very seriously from the beginning.

On another note, I'm really shocked that there isn't a strong bounty system in place for catching bugs in the bitcoin code-base.  shocked!  If bitcoiner's wanted serious hard looks at the code, then IMO they'd consider looking into implementing a rewards/bounty program.

If you feel strongly about this, then you should start one.  The only reason that a strong bounty system doesn't exist is because nobody has bothered creating one.  It's an open system, feel free to be the guy that is responsible for creating and maintaining a reliable and trustworthy bounty program.

I feel strongly about being shocked. However as I don't use bitcoin anymore, except transitionally to buy NXT and MAIDSAFE, I'll leave the implementation of a bounty system to those who are invested in bitcoin and who would like to see the code analyzed with a fine-tooth comb.

but I tell ya....I'm shocked!   Grin
redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1043


#Free market


View Profile
February 05, 2015, 02:34:13 PM
 #48

@gmaxwell , can you tell if Evil-Knievel has right or not ? Thanks for the attention.
noma
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
February 05, 2015, 02:51:32 PM
 #49

Even though he has sent the bug to gmaxwell to be reviews, why did he already get a negative trust ?

▓▓▓▓    New Real-time Cryptocurrency Exchange             → CREATE  ACCOUNT ▓▓▓▓
▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅  BIT-X.com  ▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅
▓▓▓▓    Supported Currencies: BTC, LTC, USD, EUR, GBP → OFFICIAL THREAD ▓▓▓▓
Evil-Knievel (OP)
Legendary
*
Offline Offline

Activity: 1260
Merit: 1168



View Profile
February 05, 2015, 03:04:19 PM
Last edit: April 17, 2016, 07:57:42 PM by Evil-Knievel
 #50

This message was too old and has been purged
alani123
Legendary
*
Offline Offline

Activity: 2576
Merit: 1507



View Profile
February 05, 2015, 03:07:52 PM
 #51

You'd expect that something as big as bitcoin with an entire foundation behind it would have at least a small bug bounty. Yet we get to hear that no one cared enough to create one.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
 
 Duelbits 
██
██
██
██
██
██
██
██

██

██

██

██

██
TRY OUR UNIQUE GAMES!
    ◥ DICE  ◥ MINES  ◥ PLINKO  ◥ DUEL POKER  ◥ DICE DUELS   
█▀▀











█▄▄
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 KENONEW 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
10,000x
 
MULTIPLIER
██
██
██
██
██
██
██
██

██

██

██

██

██
 
NEARLY
UP TO
50%
REWARDS
██
██
██
██
██
██
██
██

██

██

██

██

██
[/tabl
mtwelve
Legendary
*
Offline Offline

Activity: 1330
Merit: 1009



View Profile WWW
February 05, 2015, 03:46:45 PM
 #52

Sent pm Wink

HIRE ME FOR SEO, SOCIAL MEDIA, COPYWRITING, AND MORE: https://bitcointalk.org/index.php?topic=5100134.0
ABitNut
Hero Member
*****
Offline Offline

Activity: 764
Merit: 500


I'm a cynic, I'm a quaint


View Profile
February 06, 2015, 07:45:19 AM
 #53

Even though he has sent the bug to gmaxwell to be reviews, why did he already get a negative trust ?

Self-proclaimed internet-sheriff's blind anger. Questionable behaviour, I agree.

Speaking about questionable behaviour... To me "Hey, I found a critical bug. I will inform you about it for BTC10" sounds an awful lot like "Hey, I can break your legs. For $2000 I won't".
bitspill
Legendary
*
Offline Offline

Activity: 2087
Merit: 1015



View Profile
February 06, 2015, 07:50:33 AM
 #54

Even though he has sent the bug to gmaxwell to be reviews, why did he already get a negative trust ?

Self-proclaimed internet-sheriff's blind anger. Questionable behaviour, I agree.

Speaking about questionable behaviour... To me "Hey, I found a critical bug. I will inform you about it for BTC10" sounds an awful lot like "Hey, I can break your legs. For $2000 I won't".

No, because then he'd be saying if you don't pay me the 10 btc I'm going to start shooting down every node I see until it's fixed.

Rather he simply wants to be compensated for his time spent digging into the code and finding a vulnerability.


To those who believe the Bitcoin Foundation should not offer these bounties I ask why does the EFF offer bounties and prizes?



Edit: Has gmaxwell verified the claim sent by PM yet?

{ BitSpill }
thompete
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
February 06, 2015, 08:17:04 AM
 #55



Edit: Has gmaxwell verified the claim sent by PM yet?

I don't think so it has been verified yet. All I see is a negative trust back in 2013 March by gmaxwell himself for a similar claim.
So I am confused about the whole situation right now.

ABitNut
Hero Member
*****
Offline Offline

Activity: 764
Merit: 500


I'm a cynic, I'm a quaint


View Profile
February 06, 2015, 09:47:41 AM
 #56

Even though he has sent the bug to gmaxwell to be reviews, why did he already get a negative trust ?

Self-proclaimed internet-sheriff's blind anger. Questionable behaviour, I agree.

Speaking about questionable behaviour... To me "Hey, I found a critical bug. I will inform you about it for BTC10" sounds an awful lot like "Hey, I can break your legs. For $2000 I won't".

No, because then he'd be saying if you don't pay me the 10 btc I'm going to start shooting down every node I see until it's fixed.

Rather he simply wants to be compensated for his time spent digging into the code and finding a vulnerability.


To those who believe the Bitcoin Foundation should not offer these bounties I ask why does the EFF offer bounties and prizes?



Edit: Has gmaxwell verified the claim sent by PM yet?

I realise that, which is why I said "sounds an awful lot like". Obviously he wants compensation for his work, which is alright. He's just not packaging his request that nicely. He's obviously rubbing people the wrong way. If he were to present it nicer he would be more likely to get what he wantstm.

Also the EFF offers those bounties to give people an incentive to go out and find issues. Evil-Knievel doesn't need such an incentive. He goes out looking with no prospect of a reward, only to request it upon finding something.

It's like finding someone's wallet. If you return it do you demand $10? Or do you just give it back and accept whatever reward they give? And how does that change if the owner put out posters offering a reward for finding their wallet?

Anyway, bottom line is that if he found an issue he deserves something. But there's no obligation for anyone to give him what he deserves.
redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1043


#Free market


View Profile
February 06, 2015, 10:41:06 AM
 #57

However why not "make" this bug and "turn off" some bitcoin node? I think it will be a valid proof. What do you think guys ?
xyzzyx
Sr. Member
****
Offline Offline

Activity: 490
Merit: 250


I don't really come from outer space.


View Profile
February 06, 2015, 11:56:57 AM
 #58

However why not "make" this bug and "turn off" some bitcoin node? I think it will be a valid proof. What do you think guys ?

As long as he gets permission from the node operator first, I think that's an excellent idea.

"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
bitspill
Legendary
*
Offline Offline

Activity: 2087
Merit: 1015



View Profile
February 06, 2015, 12:24:50 PM
 #59

However why not "make" this bug and "turn off" some bitcoin node? I think it will be a valid proof. What do you think guys ?

That's exactly what your not supposed to do when trying to disclose a bug.

http://mashable.com/2013/08/18/facebook-hacker-zuckerberg-timeline/

{ BitSpill }
redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1043


#Free market


View Profile
February 06, 2015, 12:27:44 PM
 #60

However why not "make" this bug and "turn off" some bitcoin node? I think it will be a valid proof. What do you think guys ?

That's exactly what your not supposed to do when trying to disclose a bug.

http://mashable.com/2013/08/18/facebook-hacker-zuckerberg-timeline/

I know , but  if he gets permission I think that is the best idea for prove he has right.
Pages: « 1 2 [3] 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!