On Sat, Aug 23, 2014 at 07:02:55PM +, Luke Dashjr wrote:
> On Saturday, August 23, 2014 6:44:15 PM Mike Hearn wrote:
> > > Not to mention encrypting basically non-sensitive inter-node traffic is
> > > almost completely worthless in providing anonymity anyway...
> >
> > Recall that P2P connecti
On Sat, Aug 23, 2014 at 12:44:14PM -0500, Troy Benjegerdes wrote:
What I would really like is a frontend and/or integration to Git/Mercurial that
> uses Bitcoin transactions *as* the signature, which has the nice side effect
> of
> providing timestamps backed by the full faith and credit of a bil
On Sat, Aug 23, 2014 at 1:36 PM, Paul Rabahy wrote:
> I want go give a bit of an outsiders perspective. I thoroughly understand
> the concepts of bitcoin and am a professional programmer, but have never
> taken the time to compile my own copy of bitcoin core.
>
> I have looked at the pull requests
I want go give a bit of an outsiders perspective. I thoroughly understand
the concepts of bitcoin and am a professional programmer, but have never
taken the time to compile my own copy of bitcoin core.
I have looked at the pull requests on Github many times. I have cloned the
repo to my own comput
On Saturday, August 23, 2014 6:44:15 PM Mike Hearn wrote:
> > Not to mention encrypting basically non-sensitive inter-node traffic is
> > almost completely worthless in providing anonymity anyway...
>
> Recall that P2P connections carry Bloom filters too, which are not public
> information.
As so
>
> Not to mention encrypting basically non-sensitive inter-node traffic is
> almost completely worthless in providing anonymity anyway...
>
Recall that P2P connections carry Bloom filters too, which are not public
information.
--
On Sat, Aug 23, 2014 at 12:50 PM, Troy Benjegerdes wrote:
> they can hire a hacker who will
> find a misplaced (} in your crypto code, and all the work you did to
> encrypt wire protocols becomes silently worthless.
>
Not to mention encrypting basically non-sensitive inter-node traffic is
almos
On Sat, Aug 23, 2014 at 04:50:30PM +, Justus Ranvier wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 08/23/2014 04:17 PM, xor wrote:
> > On Tuesday, August 19, 2014 07:40:39 PM Jeff Garzik wrote:
> >> Encryption is of little value if you may deduce the same
> >> information b
On Sat, Aug 23, 2014 at 10:32:15AM -0400, Peter Todd wrote:
> On Sat, Aug 23, 2014 at 01:17:01AM -0500, Troy Benjegerdes wrote:
> > This is why I clone git to mercurial, which is generally designed around the
> > assumption that history is immutable. You can't rewrite blockchain history,
> > and we
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/23/2014 04:17 PM, xor wrote:
> On Tuesday, August 19, 2014 07:40:39 PM Jeff Garzik wrote:
>> Encryption is of little value if you may deduce the same
>> information by observing packet sizes and timings.
>
> Instead of spawning a discussion wh
On Tuesday, August 19, 2014 07:40:39 PM Jeff Garzik wrote:
> Encryption is of little value if you may deduce the same information
> by observing packet sizes and timings.
Instead of spawning a discussion whether this aspect is a reason to NOT
encrypt, you should do the obvious:
Fix that as well.
>On Sat, Aug 23, 2014 at 1:38 PM, Pieter Wuille
>>wrote:
>
> Note that we're generally aiming (though not yet enforcing) to have
> merges done through the github-merge tool, which performs the merge
> locally, shows the resulting diff, compares it with the merge done by
> github, and GnuPG signs
On Sat, Aug 23, 2014 at 01:17:01AM -0500, Troy Benjegerdes wrote:
> This is why I clone git to mercurial, which is generally designed around the
> assumption that history is immutable. You can't rewrite blockchain history,
> and we should not be re-writing (rebasing) commit history either.
Git com
>
> Since when? This has been a recognized approach since people called it
> "hashcash" ([1] - before cryptocurrencies were even invented).
>
I only know of one site that worked the way you propose: TicketMaster, a
long time ago. They used it as a less harsh form of blocking for IPs that
they stro
On 23 August 2014 12:38, Pieter Wuille wrote:
> That allows using github as easy-access mechanism for people to
> contribute and inspect, while having a higher security standard for
> the actual changes done to master.
I'd also like to point out the obvious: git uses the previous hash as part
o
I think this is the only project where people are concerened wether commit
messages are signed or not.
Commit messages should be merged only upon their correctness, not their
signature.
I could care less if I receive a buggy patch that's signed.
http://twitter.com/gubatron
On Sat, Aug 23, 2014
Hi Mike,
thanks for your assessment.
Please find my replies in-line:
> >
> > Misbehaving addresses can have their connecting difficulty
> > scaled up, which should make it uneconomic to try to DoS the usage of
> > Tor exit nodes for connecting to Bitcoin.
> >
>
> You can't solve DoS by requiring
On Sat, Aug 23, 2014 at 8:17 AM, Troy Benjegerdes wrote:
> On Fri, Aug 22, 2014 at 09:20:11PM +0200, xor wrote:
>> On Tuesday, August 19, 2014 08:02:37 AM Jeff Garzik wrote:
>> > It would be nice if the issues and git repo for Bitcoin Core were not
>> > on such a centralized service as github, nic
I think it's a little disingenuous to talk about encrypting the P2P protocol
as a security improvement, when all the organized crime agencies need to do is
borrow a Fedex/UPS truck and deliver some laptops to Github employees and they
can insert whatever monitoring/0-day they want.
Encryption is c
On Fri, Aug 22, 2014 at 09:20:11PM +0200, xor wrote:
> On Tuesday, August 19, 2014 08:02:37 AM Jeff Garzik wrote:
> > It would be nice if the issues and git repo for Bitcoin Core were not
> > on such a centralized service as github, nice and convenient as it is.
>
> Assuming there is a problem wit
Gerrit is free if you can afford the admin(s) to maintain it.
http://code.google.com/p/gerrit/wiki/ShowCases
And yes, I'm volunteering to get paid to be the admin, especially if you
want a 'painless' log in with a github account feature, because it will
be very painful for me to unroll the damage
On Wed, Aug 20, 2014 at 08:24:33AM +0200, Wladimir wrote:
> On Wed, Aug 20, 2014 at 3:26 AM, Troy Benjegerdes wrote:
>
> > If bitcoin wants to become irrelevant, then by all means, continue to
> > depend on github and all the unknown attack surface it exposes.
> >
> > Those of us that do run our
22 matches
Mail list logo