Re: [Bitcoin-development] Bitcoin-development Digest, Vol 35, Issue 61

[Ron]

...
Message: 4
Date: Wed, 16 Apr 2014 21:43:10 +0200
From: Adam Back 
Subject: Re: [Bitcoin-development] Warning message when running wallet
    in Windows XP (or drop support?)
To: Wladimir 
Cc: Bitcoin Dev 
Message-ID: <20140416194310.ga11...@netbook.cypherspace.org>
Content-Type: text/plain; charset=iso-8859-1; format=flowed

Not to get snarky or OS elitist but as I understand it windows security,
even during its support period has been measured in low digit number of days
in the year when is NOT an outstanding known remote root compromise or
combination of remote user compromise + priviledge escalation.  Add in
phishing, watering holes, malware and the average windows computer is
probably compromised a dozen times over.  Apparently for sometime it was not
easily possible to secure it install boot - install OS, connect to network
to download security updates, IP range scanned and compromised faster than
you can patch it.

Adam
...

Right.

The trick was to install off line, add your own (free or commercial s/w 
firewall) then 
connect, behind a router that had no port forwarding, etc.  Hell before cheap 
routers I ran one Win95B as I remember, using ICS to a hub that feed my LAN and 
in front 
was a dialup and a cable modem.  Atguard was the S/W firewall, worked great and 
never was penetrated.

And if one used IE for anything, or any form of Outlook one was and still is a 
fool. 
There are still fools who think that their Windows Vista, 7, 8 or 8.1 is safe 
because 
MS updates it days, weeks or longer after an exploit is found/exposed/known... 
And
they feel that they can install and run anything anyone says is OK?  No 
firewall can protect 
against shall we say digital naivety. 

Ah what fools these mortals be.  Then there are others that have never used IE, 
never installed/enabled Outlook, never enabled UPNP &/or, DCOM; never executed 
"unknown" s/w, and always had their own s/w firewall on, long before MS even 
thought of "Windows Firewall".  Does anyone (other than zone alarm) check for 
data leaving one's computer "unexpectedely"?  Those machines could run Win95B, 
Win98SE, NT4, Win2K, XP pro long past MS's "cut off date" and barely notice
anything. The show stopper is usually the browser (FF) or Adobe flash or pdf 
demanding more OS functions, usually so that they can perform more functions 
more poorly, I'm sorry to say.

Check the live desktop OSs connected to the internet, by version at 
Market share for mobile, browsers, operating systems and search engines | 
NetMarketShare 


 
 Market share for mobile, browsers, operating systems and search engines | 
NetMarketShare
Market share for mobile, browsers, operating systems, search engines and social 
media. Mobile market share and desktop market share data.  
View on www.netmarketshare.com Preview by Yahoo  
  last I checked, XP was still ~29% and all Windows versions, ~90%

Computer safety, like driver safety, has more to do with the knowledge and 
skill 
of the operator/driver, than the "newness" of the car/computer.  A good 
driver/computer 
user, never gets into a situation that he/she can't 
repair/reverse/prevent/recover from
etc.  Drive/run a motorcycle/computer and you will learn defensive 
driving/computing 

really fast or be roadkill on the highway/digital highway.

Ron--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

[Bitcoin-development] Bitcoin Core Nightly Builds

[Warren Togami Jr.]

The Bitcoin Core developers have a desire to do a mostly bug-fix, cleanup
and translation update release in v0.9.2 a few weeks from now.  You do not
need to be a developer to help!  With these unofficial nightly builds,
power users can more easily aid in testing of the master branch which will
help to find bugs and polish things up faster.  Additionally translators
can more easily run the latest code and see what strings need to be
translated as we rapidly approach the next stable release.

https://bitcointalk.org/index.php?topic=571414.0
Read more details here.

Warren Togami
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Gregory Maxwell]

Bringing the thread back on-topic:

On Wed, Apr 16, 2014 at 1:14 AM, Wladimir  wrote:
> Hello,
> Today I noticed that even my bank is warning people to not do internet
> banking with Windows XP.
> If it is no longer secure enough for online banking it's CERTAINLY not
> secure enough to run a wallet (for a node only it would be ok-ish as they
> have no keys to protect).
> Any opinions on what to do here?

I think eventually multi-wallet support will make it so that a wallet
won't be created by default. Instead users would create-wallet, which
would also give them options like using a HSM (e.g. trezor) or
multisig secured wallet.  That would be a great point where, if they
elect to run and ordinary unsecured wallet, and the software detects
that the host is known-to-not-likely-be-secure it could whine at them
and direct them to a security best practices page.

Then you also avoid whining at people who never run a wallet or use a
hsm making the host security somewhat moot.

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Pieter Wuille]

On Wed, Apr 16, 2014 at 11:39 PM, Mark Friedenbach  wrote:
> On 04/16/2014 02:29 PM, Kevin wrote:
>> Okay, so how about an autoupdate function which pulls a work around off
>> the server?  Sooner or later, the vulnerabilities must be faced.
>
> NO. Bitcoin Core will never have an auto-update functionality. That
> would be a single point of failure whose compromise could result in the
> theft of every last bitcoin held in a Bitcoin Core wallet.

Or, even accidentally, cause a hard forking bug to be rolled out (or
worsen one).

-- 
Pieter

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Mark Friedenbach]

On 04/16/2014 02:29 PM, Kevin wrote:
> Okay, so how about an autoupdate function which pulls a work around off 
> the server?  Sooner or later, the vulnerabilities must be faced.

NO. Bitcoin Core will never have an auto-update functionality. That
would be a single point of failure whose compromise could result in the
theft of every last bitcoin held in a Bitcoin Core wallet.

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Kevin]

On 4/16/2014 5:10 PM, Laszlo Hanyecz wrote:
> I think a warning like this is inappropriate.
>
> There are many reasons to use an out of date operating system and high level 
> applications like wallets need not concern themselves with the rest of the 
> system.  Maybe the wallet can scan your browser cache and tell you to stop 
> visiting somesite.com too?
>
> It just sounds like some kind of behavior modification that's being discussed 
> here.. not-so-subtly suggesting that users shell out money for a newer 
> version of the operating system, just to use their bitcoin wallets in a 
> 'blessed' configuration.  This actually sounds very similar to what happens 
> with Apple iPhones.. they somehow manage to 'invalidate' the charging cables 
> and accessories with every major software version.  One day an accessory is 
> working fine, then after the update users get a behavior modification nag 
> every time they use it, urging them to buy a new one.  Along these same 
> lines, might as well put a warning about the registry keys needing to be 
> cleaned, and maybe a 'shock the money' banner[1].
>
> You guys all know how it works with financial software - there are many 
> organizations using decades old software (and hardware) because they know its 
> shortcomings, they've taken care of them in a way that works them, and they 
> don't want to start all over just for the sake of having the newest version.
>
> -Laszlo
>
> [1] http://www.buzzfeed.com/adobe/obnoxious-banner-ads-that-everyone-remembers
>
>
> On Apr 16, 2014, at 8:42 PM, Roy Badami  wrote:
>
>> On Wed, Apr 16, 2014 at 05:20:41PM +0200, Pieter Wuille wrote:
>>> On Wed, Apr 16, 2014 at 5:12 PM, Kevin  wrote:
 I think we should get to the bottom of this.  Should we assume that xp is
 not secure enough?
>>> Yes.
>> Do we need a similar warning for OS X 10.6?  The EOL of that one is
>> *far* less well known than XP (because of Apple's failure to
>> communicate product lifecycles).
>>
>> roy
>>
>>
 What is this warning?
>>> Windows XP is no longer maintained. Don't use such a system for
>>> protecting your money.
>>>
 Who is issuing this warning?
>>> Microsoft: http://windows.microsoft.com/en-us/windows/end-support-help
>>>
>>> The suggestion here is to make Bitcoin Core detect when it's running
>>> on Windows XP, and warn the user (they are likely unaware of the
>>> risks).
>>>
>>> -- 
>>> Pieter
>>>
>>> --
>>> Learn Graph Databases - Download FREE O'Reilly Book
>>> "Graph Databases" is the definitive new guide to graph databases and their
>>> applications. Written by three acclaimed leaders in the field,
>>> this first edition is now available. Download your free book today!
>>> http://p.sf.net/sfu/NeoTech
>>> ___
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>
>> --
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/NeoTech
>> ___
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Okay, so how about an autoupdate function which pulls a work around off 
the server?  Sooner or later, the vulnerabilities must be faced.


-- 
Kevin


--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Laszlo Hanyecz]

I think a warning like this is inappropriate.

There are many reasons to use an out of date operating system and high level 
applications like wallets need not concern themselves with the rest of the 
system.  Maybe the wallet can scan your browser cache and tell you to stop 
visiting somesite.com too?

It just sounds like some kind of behavior modification that's being discussed 
here.. not-so-subtly suggesting that users shell out money for a newer version 
of the operating system, just to use their bitcoin wallets in a 'blessed' 
configuration.  This actually sounds very similar to what happens with Apple 
iPhones.. they somehow manage to 'invalidate' the charging cables and 
accessories with every major software version.  One day an accessory is working 
fine, then after the update users get a behavior modification nag every time 
they use it, urging them to buy a new one.  Along these same lines, might as 
well put a warning about the registry keys needing to be cleaned, and maybe a 
'shock the money' banner[1].

You guys all know how it works with financial software - there are many 
organizations using decades old software (and hardware) because they know its 
shortcomings, they've taken care of them in a way that works them, and they 
don't want to start all over just for the sake of having the newest version.

-Laszlo

[1] http://www.buzzfeed.com/adobe/obnoxious-banner-ads-that-everyone-remembers


On Apr 16, 2014, at 8:42 PM, Roy Badami  wrote:

> On Wed, Apr 16, 2014 at 05:20:41PM +0200, Pieter Wuille wrote:
>> On Wed, Apr 16, 2014 at 5:12 PM, Kevin  wrote:
>>> I think we should get to the bottom of this.  Should we assume that xp is
>>> not secure enough?
>> 
>> Yes.
> 
> Do we need a similar warning for OS X 10.6?  The EOL of that one is
> *far* less well known than XP (because of Apple's failure to
> communicate product lifecycles).
> 
> roy
> 
> 
>> 
>>> What is this warning?
>> 
>> Windows XP is no longer maintained. Don't use such a system for
>> protecting your money.
>> 
>>> Who is issuing this warning?
>> 
>> Microsoft: http://windows.microsoft.com/en-us/windows/end-support-help
>> 
>> The suggestion here is to make Bitcoin Core detect when it's running
>> on Windows XP, and warn the user (they are likely unaware of the
>> risks).
>> 
>> -- 
>> Pieter
>> 
>> --
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/NeoTech
>> ___
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>> 
> 
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development


--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Roy Badami]

On Wed, Apr 16, 2014 at 05:20:41PM +0200, Pieter Wuille wrote:
> On Wed, Apr 16, 2014 at 5:12 PM, Kevin  wrote:
> > I think we should get to the bottom of this.  Should we assume that xp is
> > not secure enough?
> 
> Yes.

Do we need a similar warning for OS X 10.6?  The EOL of that one is
*far* less well known than XP (because of Apple's failure to
communicate product lifecycles).

roy


> 
> > What is this warning?
> 
> Windows XP is no longer maintained. Don't use such a system for
> protecting your money.
> 
> > Who is issuing this warning?
> 
> Microsoft: http://windows.microsoft.com/en-us/windows/end-support-help
> 
> The suggestion here is to make Bitcoin Core detect when it's running
> on Windows XP, and warn the user (they are likely unaware of the
> risks).
> 
> -- 
> Pieter
> 
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> 

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Adam Back]

Not to get snarky or OS elitist but as I understand it windows security,
even during its support period has been measured in low digit number of days
in the year when is NOT an outstanding known remote root compromise or
combination of remote user compromise + priviledge escalation.  Add in
phishing, watering holes, malware and the average windows computer is
probably compromised a dozen times over.  Apparently for sometime it was not
easily possible to secure it install boot - install OS, connect to network
to download security updates, IP range scanned and compromised faster than
you can patch it.

Adam

On Wed, Apr 16, 2014 at 05:28:27PM +0200, Wladimir wrote:
>   On Wed, Apr 16, 2014 at 5:20 PM, Pieter Wuille
>   <[1]pieter.wui...@gmail.com> wrote:
>
>   On Wed, Apr 16, 2014 at 5:12 PM, Kevin <[2]kevinsisco61...@gmail.com>
>   wrote:
>   > I think we should get to the bottom of this. Â Should we assume that
>   xp is
>   > not secure enough?
>
> Yes.
>
>   It will quickly grow extremely insecure.
>   People will be actively analyzing patches to post-XP versions to find
>   security problems that are patched there, to see if they can be
>   exploited on XP.
>   Wladimir

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Kevin]

On 4/16/2014 12:41 PM, Chris Williams wrote:

It may not be our place to say whether XP is secure or not, but if we say that 
we support it then we have to run test passes against XP as a platform, and if 
an XP user reports a bug, then we have to do something to address it.  So, it 
becomes a test and support issue, not a security issue.

That's why it doesn't make sense to support an OS platform that the original 
vendor (MS) no longer supports themselves.

On Apr 16, 2014, at 9:35 AM, Mark Friedenbach  wrote:


On 04/16/2014 09:27 AM, Kevin wrote:

Should we then add an alert message to wallet installers such as, "Such
and such will not run on windows xp?"

It's not really our place to police that ... plus it's perfectly safe to
be running Bitcoin Core as a full node on XP. It's just the wallet
functionality that people should be careful about. We're talking about
such a small intersection of people who are running XP, have systems
powerful enough to run Bitcoin Core, and use the wallet functionality.

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development



--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech


___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Okay, so we simply stop supporting it.  Should bitcoin pull support 
altogether?



--
Kevin

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Chris Williams]

You’re right.  That’s a huge oversight.  I think any software product you’ve 
ever considered installing has a section that says

“Hey, we want this much ram on your system, this much disk space, this 
processor, etc”.

Otherwise, you’re just setting yourself up for a bad user experience from 
people with marginal machines.


On Apr 16, 2014, at 9:44 AM, Mark Friedenbach  wrote:

> We don't support XP. In fact we don't support *any* distribution, but I
> will assume you mean "provide a binary which runs on X." Can you find
> any reference to Windows XP on the website? I can't.
> 
> On 04/16/2014 09:41 AM, Chris Williams wrote:
>> It may not be our place to say whether XP is secure or not, but if we say 
>> that we support it then we have to run test passes against XP as a platform, 
>> and if an XP user reports a bug, then we have to do something to address it. 
>>  So, it becomes a test and support issue, not a security issue.
>> 
>> That’s why it doesn’t make sense to support an OS platform that the original 
>> vendor (MS) no longer supports themselves.
>> 
>> On Apr 16, 2014, at 9:35 AM, Mark Friedenbach  wrote:
>> 
>>> On 04/16/2014 09:27 AM, Kevin wrote:
 Should we then add an alert message to wallet installers such as, "Such
 and such will not run on windows xp?"
>>> 
>>> It's not really our place to police that ... plus it's perfectly safe to
>>> be running Bitcoin Core as a full node on XP. It's just the wallet
>>> functionality that people should be careful about. We're talking about
>>> such a small intersection of people who are running XP, have systems
>>> powerful enough to run Bitcoin Core, and use the wallet functionality.
>>> 
>>> --
>>> Learn Graph Databases - Download FREE O'Reilly Book
>>> "Graph Databases" is the definitive new guide to graph databases and their
>>> applications. Written by three acclaimed leaders in the field,
>>> this first edition is now available. Download your free book today!
>>> http://p.sf.net/sfu/NeoTech
>>> ___
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>> 



signature.asc
Description: Message signed with OpenPGP using GPGMail
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Mark Friedenbach]

We don't support XP. In fact we don't support *any* distribution, but I
will assume you mean "provide a binary which runs on X." Can you find
any reference to Windows XP on the website? I can't.

On 04/16/2014 09:41 AM, Chris Williams wrote:
> It may not be our place to say whether XP is secure or not, but if we say 
> that we support it then we have to run test passes against XP as a platform, 
> and if an XP user reports a bug, then we have to do something to address it.  
> So, it becomes a test and support issue, not a security issue.
> 
> That’s why it doesn’t make sense to support an OS platform that the original 
> vendor (MS) no longer supports themselves.
> 
> On Apr 16, 2014, at 9:35 AM, Mark Friedenbach  wrote:
> 
>> On 04/16/2014 09:27 AM, Kevin wrote:
>>> Should we then add an alert message to wallet installers such as, "Such
>>> and such will not run on windows xp?"
>>
>> It's not really our place to police that ... plus it's perfectly safe to
>> be running Bitcoin Core as a full node on XP. It's just the wallet
>> functionality that people should be careful about. We're talking about
>> such a small intersection of people who are running XP, have systems
>> powerful enough to run Bitcoin Core, and use the wallet functionality.
>>
>> --
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/NeoTech
>> ___
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> 

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Chris Williams]

It may not be our place to say whether XP is secure or not, but if we say that 
we support it then we have to run test passes against XP as a platform, and if 
an XP user reports a bug, then we have to do something to address it.  So, it 
becomes a test and support issue, not a security issue.

That’s why it doesn’t make sense to support an OS platform that the original 
vendor (MS) no longer supports themselves.

On Apr 16, 2014, at 9:35 AM, Mark Friedenbach  wrote:

> On 04/16/2014 09:27 AM, Kevin wrote:
>> Should we then add an alert message to wallet installers such as, "Such
>> and such will not run on windows xp?"
> 
> It's not really our place to police that ... plus it's perfectly safe to
> be running Bitcoin Core as a full node on XP. It's just the wallet
> functionality that people should be careful about. We're talking about
> such a small intersection of people who are running XP, have systems
> powerful enough to run Bitcoin Core, and use the wallet functionality.
> 
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development



signature.asc
Description: Message signed with OpenPGP using GPGMail
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Mark Friedenbach]

On 04/16/2014 09:27 AM, Kevin wrote:
> Should we then add an alert message to wallet installers such as, "Such
> and such will not run on windows xp?"

It's not really our place to police that ... plus it's perfectly safe to
be running Bitcoin Core as a full node on XP. It's just the wallet
functionality that people should be careful about. We're talking about
such a small intersection of people who are running XP, have systems
powerful enough to run Bitcoin Core, and use the wallet functionality.

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Kevin]

On 4/16/2014 11:28 AM, Wladimir wrote:


On Wed, Apr 16, 2014 at 5:20 PM, Pieter Wuille 
mailto:pieter.wui...@gmail.com>> wrote:


On Wed, Apr 16, 2014 at 5:12 PM, Kevin mailto:kevinsisco61...@gmail.com>> wrote:
> I think we should get to the bottom of this.  Should we assume
that xp is
> not secure enough?

Yes.


It will quickly grow extremely insecure.

People will be actively analyzing patches to post-XP versions to find 
security problems that are patched there, to see if they can be 
exploited on XP.


Wladimir

Should we then add an alert message to wallet installers such as, "Such 
and such will not run on windows xp?"



--
Kevin

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Wladimir]

On Wed, Apr 16, 2014 at 5:20 PM, Pieter Wuille wrote:

> On Wed, Apr 16, 2014 at 5:12 PM, Kevin  wrote:
> > I think we should get to the bottom of this.  Should we assume that xp is
> > not secure enough?
>
> Yes.
>

It will quickly grow extremely insecure.

People will be actively analyzing patches to post-XP versions to find
security problems that are patched there, to see if they can be exploited
on XP.

Wladimir
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Mark Friedenbach]

XP is no longer receiving security patches from Microsoft, and hasn't been
for some time. There are known remote exploits that aren't going to be
fixed, ever.
On Apr 16, 2014 8:15 AM, "Kevin"  wrote:

>  On 4/16/2014 4:14 AM, Wladimir wrote:
>
>  Hello,
>
> Today I noticed that even my bank is warning people to not do internet
> banking with Windows XP.
>
> If it is no longer secure enough for online banking it's CERTAINLY not
> secure enough to run a wallet (for a node only it would be ok-ish as they
> have no keys to protect).
>  Any opinions on what to do here? Just warn and allow the user to
> continue? Redirect them to a 'Windows XP is dangerous' message on
> bitcoin.org? (Microsoft uses
> http://windows.microsoft.com/en-us/windows/end-support-help)
>
>  The drawback of dropping XP support completely would be that a lot of
> computers (especially in China and Russia etc) are still running XP, so
> this could cause the network to lose nodes.
>
> If you're maintainer of other wallet software: how are you handling this?
>  Are you going to drop XP support completely? If so, starting from when?
>
> Regards,
>  Wladimir
>
>
>
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book 
> today!http://p.sf.net/sfu/NeoTech
>
>
>
> ___
> Bitcoin-development mailing 
> listBitcoin-development@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>  I think we should get to the bottom of this.  Should we assume that xp is
> not secure enough?  What is this warning?  Who is issuing this warning?
>
>
> --
> Kevin
>
>
>
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Pieter Wuille]

On Wed, Apr 16, 2014 at 5:12 PM, Kevin  wrote:
> I think we should get to the bottom of this.  Should we assume that xp is
> not secure enough?

Yes.

> What is this warning?

Windows XP is no longer maintained. Don't use such a system for
protecting your money.

> Who is issuing this warning?

Microsoft: http://windows.microsoft.com/en-us/windows/end-support-help

The suggestion here is to make Bitcoin Core detect when it's running
on Windows XP, and warn the user (they are likely unaware of the
risks).

-- 
Pieter

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Kevin]

On 4/16/2014 4:14 AM, Wladimir wrote:

Hello,

Today I noticed that even my bank is warning people to not do internet 
banking with Windows XP.


If it is no longer secure enough for online banking it's CERTAINLY not 
secure enough to run a wallet (for a node only it would be ok-ish as 
they have no keys to protect).


Any opinions on what to do here? Just warn and allow the user to 
continue? Redirect them to a 'Windows XP is dangerous' message on 
bitcoin.org ? (Microsoft uses 
http://windows.microsoft.com/en-us/windows/end-support-help)


The drawback of dropping XP support completely would be that a lot of 
computers (especially in China and Russia etc) are still running XP, 
so this could cause the network to lose nodes.


If you're maintainer of other wallet software: how are you handling this?
Are you going to drop XP support completely? If so, starting from when?

Regards,
Wladimir



--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech


___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
I think we should get to the bottom of this.  Should we assume that xp 
is not secure enough?  What is this warning?  Who is issuing this warning?



--
Kevin

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

[Bitcoin-development] mid-term bitcoin security (Re: Warning message when running wallet in Windows XP (or drop support?))

[Adam Back]

Big picture/mid-term I think air-gaps and zero-trust ecosystem components
are the only solution.  (zero-trust meaning like real-time auditability, or
type 2/type 3 exchanges based on atomic-swap, trustless escrow etc).

Need a mass-production and air-drop of trezors :)

There is one more problem address-substitution via untrusted network/user
and weak site with 1mil lines of swiss-cheese security app-store.  So some
kind of address authentication TOFU.  Aside from X509 bloatware which could
be extended from payment protocol to do that, I'd argue for a native simple
TOFU format like Alan Reiner's multiplier * base approach (where base is the
TOFU handle).  And/or something like the IBE address proposal (which gives a
bandwidth efficiently SPV queryable way to check if funds received).  Worst
case if weil-pairing gets broken it auto-devolves to the current status
quo.

Btw not to reignite the stealth vs reusable address bike shedding, but
contrarily I was thinking it maybe actually better to try to rebrand address
as "invoice number".  People understand double paying an invoice is not a
good idea.  And if they receive the same invoice twice they'll query it.

Adam

On Wed, Apr 16, 2014 at 11:41:48AM +0200, Wladimir wrote:
>   On Wed, Apr 16, 2014 at 10:45 AM, Melvin Carvalho
>   <[1]melvincarva...@gmail.com> wrote:
>
>   XP with a trezor would work fine tho?
>
>   Probably - but that's a very rare edge case. People that are security
>   conscious enough to buy a Trezor will not run XP. Also I don't dare to
>   say that there is not some way to sociaal-engineer the user with
>   malware on a compromised OS even with a trezor.
>   Maybe: for 0.9.2 add a warning message and push people to upgrade
>   (either to Win8.1 or something else), then in the next major release
>   0.10.0 drop XP support completely.
>   Wladimir
>
>References
>
>   1. mailto:melvincarva...@gmail.com

>--
>Learn Graph Databases - Download FREE O'Reilly Book
>"Graph Databases" is the definitive new guide to graph databases and their
>applications. Written by three acclaimed leaders in the field,
>this first edition is now available. Download your free book today!
>http://p.sf.net/sfu/NeoTech

>___
>Bitcoin-development mailing list
>Bitcoin-development@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/bitcoin-development


--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Wladimir]

On Wed, Apr 16, 2014 at 10:45 AM, Melvin Carvalho
wrote:

> XP with a trezor would work fine tho?
>

Probably - but that's a very rare edge case. People that are security
conscious enough to buy a Trezor will not run XP. Also I don't dare to say
that there is not some way to sociaal-engineer the user with malware on a
compromised OS even with a trezor.

Maybe: for 0.9.2 add a warning message and push people to upgrade (either
to Win8.1 or something else), then in the next major release 0.10.0 drop XP
support completely.

Wladimir
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Melvin Carvalho]

On 16 April 2014 10:14, Wladimir  wrote:

> Hello,
>
> Today I noticed that even my bank is warning people to not do internet
> banking with Windows XP.
>
> If it is no longer secure enough for online banking it's CERTAINLY not
> secure enough to run a wallet (for a node only it would be ok-ish as they
> have no keys to protect).
> Any opinions on what to do here? Just warn and allow the user to continue?
> Redirect them to a 'Windows XP is dangerous' message on bitcoin.org?
> (Microsoft uses
> http://windows.microsoft.com/en-us/windows/end-support-help)
>
> The drawback of dropping XP support completely would be that a lot of
> computers (especially in China and Russia etc) are still running XP, so
> this could cause the network to lose nodes.
>

XP with a trezor would work fine tho?

My personal preference would be a warning, and to direct them to a free
software operating system that they could upgrade to.


>
> If you're maintainer of other wallet software: how are you handling this?
> Are you going to drop XP support completely? If so, starting from when?
>
> Regards,
> Wladimir
>
>
>
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

[Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Wladimir]

Hello,

Today I noticed that even my bank is warning people to not do internet
banking with Windows XP.

If it is no longer secure enough for online banking it's CERTAINLY not
secure enough to run a wallet (for a node only it would be ok-ish as they
have no keys to protect).
Any opinions on what to do here? Just warn and allow the user to continue?
Redirect them to a 'Windows XP is dangerous' message on bitcoin.org?
(Microsoft uses http://windows.microsoft.com/en-us/windows/end-support-help)

The drawback of dropping XP support completely would be that a lot of
computers (especially in China and Russia etc) are still running XP, so
this could cause the network to lose nodes.

If you're maintainer of other wallet software: how are you handling this?
Are you going to drop XP support completely? If so, starting from when?

Regards,
Wladimir
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development