Re: [Bitcoin-development] Safe auto-updating

2013-08-05 Thread Daniel F
If you want package authentication, you should at least throw in some
digital signing, not just a checksum. With a compromised host, both the
checksum and binaries can be changed undetectably, but if there's a
signature made by a key that is not kept on the host, there's no way to
fake a valid binary.

There may be other issues people would want to bring up, but surely just
a checksum is not sufficient.

on 08/05/2013 10:39 AM Wendell said the following:
 For usability purposes, we at Hive would like to have an
 auto-updater
in our wallet app.
 
 What is a safe way to do this? I understand that Bitcoin-QT lacks
 such
an updater for security reasons... Has been thought out in more detail
since that decision was made?
 
 We have been toying around with the idea of placing one server
 behind
a Tor hidden service, whose only function is to output a checksum of the
update package. The theory is that if it is well-secured, it will at
least be immune to tampering at the physical hosting level.
 
 Any thoughts or advice about any of this?
 -wendell
 
 grabhive.com | twitter.com/grabhive | gpg: 6C0C9411
 
 
 
 --
 Get your SQL database under version control now!
 Version control is standard for application code, but databases havent 
 caught up. So what steps can you take to put your SQL databases under 
 version control? Why should you start doing it? Read more to find out.
 http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk
 
 
 
 ___
 Bitcoin-development mailing list
 Bitcoin-development@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/bitcoin-development
 


--
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Proposal: MultiBit as default desktop client on bitcoin.org

2013-07-09 Thread Daniel F
on 07/09/2013 06:56 AM Jim said the following:
 + it will bump up the MultiBit download from about 11MB to 30-40MB 
 (I think). This drops the maximum copies of MultiBit the multibit.org 
 server can deliver per day from around 90,000 to 30,000ish. 
 The multibit.org server maxes out at 1 TB of bandwidth per day.

You could host your downloads on sourceforge and achieve virtually
unlimited capacity.

--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Proposal: MultiBit as default desktop client on bitcoin.org

2013-07-09 Thread Daniel F
on 07/09/2013 10:28 AM Mike Hearn said the following:
 SourceForge has a horrible UI and blocks some countries. It also exposes
 us to a large and potentially hackable mirror network. Whilst we're not
 bandwidth constrained on our own servers, let's try and keep using them.

the point was just that if need be free capacity is available without
having to throw money at it. until there's no need, doesn't matter.

also hackability (and ui) should be irrelevant for the autoupdate
process (which i presume will do all kinds of checksum and sig
verification). and it's likely the autoupdates that will create very
lumpy download demand.


--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Bitcoin Testing Project

2012-09-25 Thread Daniel F
on 09/25/2012 02:32 PM steve said the following:
 Anyone interested in helping out/reviewing processes? even if it is just
 some encouragement, it is all greatly appreciated.

not enough time in the day for me to seriously help out, but since you
asked, here's some encouragement. :) more testing == good.



signature.asc
Description: OpenPGP digital signature
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] off-topic: bitcoin-forum...

2012-02-19 Thread Daniel F
on 02/19/2012 04:32 PM grarpamp said the following:
 I am trying to post on the bitcoin forums (bitcointalk.org)
 I wish there were a bitcoin-user mailing list??? But the one on
 sourceforge is dead. Forums are too full of avatars, smilies,
 sigblocks and dead mass to be of much use. Not to mention
 when they vanish, any content dies with it instead of living
 on in various archives.
Some time ago i started a googlegroup mailing list, bitcoin-discussion.
It's been pretty low-volume... but it's something. :)

http://groups.google.com/group/bitcoin-discussion

or we could try to revive the bitcoin-list ml on sf.

--
Virtualization  Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] off-topic: bitcoin-forum...

2012-02-19 Thread Daniel F
on 02/19/2012 07:13 PM grarpamp said the following:
 Some time ago i started a googlegroup mailing list, bitcoin-discussion.
 It's been pretty low-volume... but it's something. :)
 http://groups.google.com/group/bitcoin-discussion
 
 Unfortunately it appears to be just as dead as the one
 on sourceforge.

That's exactly what i said above, in a more euphemistic fashion :D

 Well there's a couple things I see...
 
 1) Yes, IMO, a real mailing list for users needs to exist.
 Among the prior reasons... lists tend to house a more
 technical crowd than forums which are magnets for
 initiates.

indeed.

 2) There was originally one client. Now there are many,
 all adherant to the same bitcoin spec. So while:
  bitcoin-development@lists.sourceforge.net
 represents the dev community for the original client,
 it may not, or won't be, for any other client.
 And as:
  bitcoin-l...@lists.sourceforge.net
 was for, and is administratively tied to, the original client...
 it may not be the place, or a welcome one, to hold talk of all
 the adherant clients.

i'm sure that with the list being unused, we could change the charter
and do whatever with it, and the people who matter probably won't object.

 3) The sourceforge list browsing interface is ridiculously
 lame and overweight, and it doesn't appear to be setting
 a '^Reply-to: ' header which is bad. Googlegroups would
 be an ok site I suppose. And a pure MailMan interface would
 be even better and more customarily accepted.

Indeed, good points on all counts.

 So for the user list, I'd suggest:
 1) Search a bit to make sure there's not already a busy list
 out there somewhere. Check the list aggregator sites
 like markmail, gmane, etc too.
 2) Charter it as bitcoin protocol, client agnostic.
 3) Find an impartial administrative and robust home for the list
 with browsable, searchable and hopefully downloadable archives.
 4) Make the announcement to other known client lists/forums.
 5) Close any relevant old lists.
 6) Promote via similar announcement from time to time.

good points. re 1), i'm pretty sure that -dev is the most active
bitcoin-related public mailing list. things may have changed in the past
half-year, but it seems unlikely.

 http://groups.google.com/group/bitcoin-discussion/about
 Description: A place for discussion related to bitcoin.
 
 Is this sufficient charter to go with? Is the creator/maintainer
 known impartial? What happens to ongoing list operations when
 said people vanish? It is presumed googlegroups itself is robust.

charter can be changed if needed. creator/maintainer, that being me, is
generally known to be a pretty decent guy :). i'm not attached to this
particular list though, but whatever happens, i'd hope that there will
be more people willing to share administrative duties. not sure if
googlegroups is the best interface, if we can find some good free host
with mailman, downloadable archives, the works, that may be preferable.
i started that group on gg simply because it was free and easily
available and easy to set up.

--
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Fwd: [BIP 15] Aliases

2011-12-12 Thread Daniel F
 I was in brmlab and wanted to pay 1 BTC for a Club Mate. They had on the wall 
 a picture of their QR code and a bitcoin address. I don't own a mobile phone 
 so the QR code is
 useless. Then I remembered FirstBits, went to my terminal and typed
 1brmlab. I got their bitcoin address from the website and copied that,
 then opened my terminal and pasted that in to send 1 BTC.

ok, imagine if firstbits didn't exist. instead of going to firstbits,
you would have gone to your terminal, opened up brmlabs website, and
copied the address from there?

there may be some arguments for name- address translation, but i'm
sorry to say, that your example is not one of them. if anything, it
seems to suggest that firstbits is completely useless, since it saves
approximately zero effort.

--
Systems Optimization Self Assessment
Improve efficiency and utilization of IT resources. Drive out cost and 
improve service delivery. Take 5 minutes to use this Systems Optimization 
Self Assessment. http://www.accelacomm.com/jaw/sdnl/114/51450054/
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development