On 3 January 2014 05:45, Troy Benjegerdes ho...@hozed.org wrote:
On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote:
On Tue, Dec 31, 2013 at 5:39 AM, Drak d...@zikula.org wrote:
The NSA has the ability, right now to change every download of
bitcoin-qt,
on the fly and the
You know if you want to make some form of investment, you might like make an
attempt to look them up on the internet, check the phone number in a phone
book or directory enquiries, look for references and reviews?
So it is with the hash of the binary you are about to trust with your
investment
On 1/3/14, Troy Benjegerdes ho...@hozed.org wrote:
'make' should check the hash.
An attacker could replace that part of the makefile.
Anyway, I think this is more oriented for compiled binaries, not for
people downloading the sources. I assume most of that people just use
git.
The binary
On 12/31/13, Mike Hearn m...@plan99.net wrote:
remember suggesting that we whack Google Analytics or
some other statistics package on when the new website design was done and
that was rejected for similar reasons (organisations are bad).
Analytics software would be useful. I suggest using
So I looked into gitian, the first thing I noticed was the hashes that
people were signing, for example:
https://github.com/bitcoin/gitian.sigs/blob/master/0.8.6-win32/gavinandresen/bitcoin-build.assert
don't match the hash of the file 'bitcoin-0.8.6-win32-setup.exe' actually
hosted by
That seems overly complicated, there's no need for the Bitcoin protocol to
be involved. Deterministic builds with threshold signed updates are a
problem the entire crypto community is now interested in solving - any
solution should be generic.
Really all you need is an update engine that allows a
Oh, it did? When was that? I must have missed this excitement :)
I would be very interested to learn more about this. It seems the steady
state load on the site is not very high:
https://github.com/bitcoin/bitcoin.org/pull/287
(Saivann ran Google Analytics on the site for a little while to
Has anyone seen the talk at 30c3 on the current NSA capabilities?
https://www.youtube.com/watch?v=b0w36GAyZIA
Specifically they are able to beat the speed of light between you and a
website such that if you communicate with Bob, they can sent competing
packets that will arrive before Bob's
On Tue, Dec 31, 2013 at 5:39 AM, Drak d...@zikula.org wrote:
The NSA has the ability, right now to change every download of bitcoin-qt,
on the fly and the only cure is encryption.
Please cut it out with the snake oil pedaling. This is really over the
top. You're invoking the NSA as the threat
Given that hardly anyone checks the signatures, it's fair to say downloads
aren't protected by anything at the moment. SSL for downloads can only
raise the bar, never lower it, and if the NSA want to kick off the process
of revoking some of the big CA's then I'm game (assuming anyone detects it
of
Interesting. I think the original BitDNS discussion was more interesting
that what currently is happening with namecoin, see
https://bitcointalk.org/index.php?topic=1790.0
Satoshi said there: 1) IP records don't need to be in the chain, just do
registrar function not DNS. And CA problem solved,
I didn't know about the dedicated server meltdown, it wasn't any of my infra. Anyway, my previous offer still stands.One less 'security theater' approach would be if we could provide forward-validation of updates using the blockchain. It's always going to be up to the user the first time they
We already have a wonderful system for secure updating - gitian-downloader. We
just neither use it not bother making actual gitian releases so anyone can use
it to verify signatures of downloads.
Jeremy Spilman jer...@taplink.co wrote:
I didn't know about the dedicated server meltdown, it
I've been lurking on this convo since it began, but I wanted to say
thanks, theymos
cheers to you all and yay for decentralization, wherever it leads.
-odinn
muh latest: http://github.com/ABISprotocol/ABIS
On Sun, Dec 8, 2013, at 03:11 PM, Drak wrote:
It's not just about trust, there is the
There is really no excuse for not using an SSL certificate. Without one it
would be trivial for an attacker to change the contents of the page via
MITM.
Recent studies have shown MASSIVE abuse of the BGP routing protocol being
used to redirect websites through a third party.
This is not a
On Sun, Dec 8, 2013 at 11:16 AM, Drak d...@zikula.org wrote:
BGP redirection is a reality and can be exploited without much
You're managing to argue against SSL. Because it actually provides
basically protection against an attacker who can actively intercept
traffic to the server. Against that
On Sun, Dec 8, 2013 at 12:40 PM, Drak d...@zikula.org wrote:
Let me clarify. SSL renders BGP redirection useless because the browser
holds the signatures of CA's it trusts: an attacker cannot spoof a
certificate because it needs to be signed by a trusted CA: that's the point
of SSL, it
On 8 December 2013 20:40, Gregory Maxwell gmaxw...@gmail.com wrote:
On Sun, Dec 8, 2013 at 12:28 PM, Mike Hearn m...@plan99.net wrote:
Right now I think Sirius still owns DNS for bitcoin.org which is
nonsense.
He needs to pass it on to someone who is actually still involved with the
On Sunday, December 08, 2013 8:51:07 PM Drak wrote:
Otherwise, who has admin rights to the code projects
(github/sourceforge/this mailing list)? Those people have proven they can
be trusted so far.
Can someone explain how Sirius has proven the least bit untrustworthy?
Luke
On 8 December 2013 21:01, Luke-Jr l...@dashjr.org wrote:
On Sunday, December 08, 2013 8:51:07 PM Drak wrote:
Otherwise, who has admin rights to the code projects
(github/sourceforge/this mailing list)? Those people have proven they can
be trusted so far.
Can someone explain how Sirius
On Sun, 8 Dec 2013 13:14:44 -0800, Gregory Maxwell wrote:
On Sun, Dec 8, 2013 at 1:07 PM, Drak d...@zikula.org wrote:
Simple verification relies on being able to answer the email sent to
the
person in the whois records, or standard admin/webmaster@ addresses
to prove
ownership of the
On Sunday, December 08, 2013 9:16:09 PM Saïvann Carignan wrote:
1) Who pays for it? Most obvious answer: Foundation. However there's
currently a fairly clear line between the foundation website and the
bitcoin.org http://bitcoin.org website. I personally am fine with the
bitcoin foundation
On Sun, Dec 8, 2013, at 03:11 PM, Drak wrote:
It's not just about trust, there is the robustness factor: what if he
becomes sick, unavailable, hit by a bus? Others need the ability to
pickup and run with it. The control over the domain (including ability
to renew registration, alter nameservers)
Have you considered black lotus dedicated servers?
On 12/08/2013 03:16 PM, Saïvann Carignan wrote:
Issues that would need to be resolved:
1) Who pays for it? Most obvious answer: Foundation. However there's
currently a fairly clear line between the foundation website and the
bitcoin.org
Maybe bitcointalk.org would like to donate a few BTC from the 6,000 BTC new
forum fund to sponsor hosting?
On Dec 8, 2013, at 5:51 PM, theymos they...@mm.st wrote:
I'm sure that you can find a sponsor for a dedicated server.
On Sun, Dec 8, 2013 at 8:03 PM, Mike Hearn m...@plan99.net wrote:
I bring this up because of the recent bitcointalk fiasco. AFAIK the domains
are registered and controlled in the same way. It's likely that the current
registrar isn't very secure.
I registered bitcointalk.org originally, then
I can provide the server hardware and colocation (space, power, and bandwidth) if dedicated 50Mbit in 55 S. Market, San Jose, CA data center is acceptable.If it needs more bandwidth than that, in a few months I hope to be getting space in LA with 1Gbit, but I can't commit to that now.On Sun, Dec
I would like to know what are your thoughts on moving bitcoin.org on a
dedicated server with a SSL certificate?
I am considering the idea more seriously, but I'd like some feedback
before taking steps.
Saïvann
--
Hello, re. the dedicated server for bitcoin.org idea, I have a few thoughts
1) I have commented in a blogpost of August 2013 at
https://odinn.cyberguerrilla.org/ with some thoughts relative to possible
issues with CA related to bitcoin.org - where I mentioned something
relative to the DigiCert
29 matches
Mail list logo