Re: [Bitcoin-development] Membership disabled due to bounces

2015-06-21 Thread Laszlo Hanyecz
I got ~500 uncaught bounce notifications, so it seems like something broke.

On Jun 21, 2015, at 11:00 AM, Matt Whitlock  wrote:

> I too got this message and had to re-enable my membership on the list. 
> There's no reason why messages sent by the list to my address would be 
> bouncing.
> 
> 
> On Sunday, 21 June 2015, at 9:06 am, Braun Brelin wrote:
>> Hi all,
>> 
>> I got a message saying that my membership in the list was disabled due to
>> excessive bounces.  As far as I can remember,  I've only ever sent out one
>> e-mail on the list (not including this one) and that was a few weeks ago.
>> Has anyone else seen this problem?  Could this be related in some way to
>> the issues regarding source forge and the mail list hosting issue?
>> 
>> Braun Brelin
> 
> --
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development


--
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Miners MiTM

2014-08-08 Thread Laszlo Hanyecz
Mutual CHAP could work.  This is commonly done in PPP and iSCSI.  The idea is 
simply that both sides authenticate.  The server expects the client to provide 
a password, and the client expects the server to provide a (different) 
password.  If you masquerade as the server, you won't be able to authenticate 
because every client has a different password they expect from the server, so 
they won't do work for you. MITM on the server can capture the exchange but 
CHAP protects against replay.

https://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol

-Laszlo


On Aug 8, 2014, at 6:21 PM, Jeff Garzik  wrote:

> gmaxwell noted on IRC that enabling TLS could be functionally, if not
> literally, a DoS on the pool servers.  Hence the thought towards a
> more lightweight method that simply prevents client payout redirection
> + server impersonation.
> 
> 
> On Fri, Aug 8, 2014 at 5:53 AM, Mike Hearn  wrote:
>>> Certificate validation isn't needed unless the attacker can do a direct
>>> MITM
>>> at connection time, which is a lot harder to maintain than injecting a
>>> client.reconnect.
>> 
>> 
>> Surely the TCP connection will be reset once the route reconfiguration is
>> completed, either by the MITM server or by the client TCP stack when it
>> discovers the server doesn't know about the connection anymore?
>> 
>> TLS without cert validation defeats the point, you can still be connected to
>> a MITM at any point by anyone who can simply interrupt or corrupt the
>> stream, forcing a reconnect.
>> 
>> --
>> Want fast and easy access to all the code in your enterprise? Index and
>> search up to 200,000 lines of code with a free copy of Black Duck
>> Code Sight - the same software that powers the world's largest code
>> search on Ohloh, the Black Duck Open Hub! Try it now.
>> http://p.sf.net/sfu/bds
>> ___
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>> 
> 
> 
> 
> -- 
> Jeff Garzik
> Bitcoin core developer and open source evangelist
> BitPay, Inc.  https://bitpay.com/
> 
> --
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development


--
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] DNS seeds unstable

2014-05-16 Thread Laszlo Hanyecz
It looks like it might be firewalled, probably just need to fix the ACL in EC2.

-Laszlo

On May 16, 2014, at 4:34 PM, Andreas Schildbach  wrote:

> Apparently British Telecom also cannot speak to Peter Todd's server.
> 
> That another very large ISP in Europe.
> 
> 
> On 05/15/2014 01:50 PM, Andreas Schildbach wrote:
>> I'm bringing this issue up again. The current Bitcoin DNS seed
>> infrastructure is unstable. I assume this is because of we're using a
>> custom DNS implementation which is not 100% compatible. There have been
>> bugs in the past, like a case sensitive match for the domain name.
>> 
>> Current state (seeds taken from bitcoinj):
>> 
>> mainnet:
>> 
>> seed.bitcoin.sipa.be OK
>> dnsseed.bluematt.me  OK
>> dnsseed.bitcoin.dashjr.org   SERVFAIL, tried multiple ISPs
>> seed.bitcoinstats.comOK
>> 
>> testnet:
>> 
>> testnet-seed.bitcoin.petertodd.org   SERVFAIL, just from Telefonica
>> testnet-seed.bluematt.me OK (but only returns one node)
>> 
>> Note: Telefonica is one of Europe's largest ISPs.
>> 
>> I would try to improve DNS myself, but I'm not capable of writing C. My
>> "fix" would be to reimplement everything in Java -- I doubt you guys
>> would be happy with that.
>> 
>> 
>> --
>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>> Instantly run your Selenium tests across 300+ browser/OS combos.
>> Get unparalleled scalability from the best Selenium testing platform 
>> available
>> Simple to use. Nothing to install. Get started now for free."
>> http://p.sf.net/sfu/SauceLabs
>> 
> 
> 
> 
> --
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development


--
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

2014-04-16 Thread Laszlo Hanyecz
I think a warning like this is inappropriate.

There are many reasons to use an out of date operating system and high level 
applications like wallets need not concern themselves with the rest of the 
system.  Maybe the wallet can scan your browser cache and tell you to stop 
visiting somesite.com too?

It just sounds like some kind of behavior modification that's being discussed 
here.. not-so-subtly suggesting that users shell out money for a newer version 
of the operating system, just to use their bitcoin wallets in a 'blessed' 
configuration.  This actually sounds very similar to what happens with Apple 
iPhones.. they somehow manage to 'invalidate' the charging cables and 
accessories with every major software version.  One day an accessory is working 
fine, then after the update users get a behavior modification nag every time 
they use it, urging them to buy a new one.  Along these same lines, might as 
well put a warning about the registry keys needing to be cleaned, and maybe a 
'shock the money' banner[1].

You guys all know how it works with financial software - there are many 
organizations using decades old software (and hardware) because they know its 
shortcomings, they've taken care of them in a way that works them, and they 
don't want to start all over just for the sake of having the newest version.

-Laszlo

[1] http://www.buzzfeed.com/adobe/obnoxious-banner-ads-that-everyone-remembers


On Apr 16, 2014, at 8:42 PM, Roy Badami  wrote:

> On Wed, Apr 16, 2014 at 05:20:41PM +0200, Pieter Wuille wrote:
>> On Wed, Apr 16, 2014 at 5:12 PM, Kevin  wrote:
>>> I think we should get to the bottom of this.  Should we assume that xp is
>>> not secure enough?
>> 
>> Yes.
> 
> Do we need a similar warning for OS X 10.6?  The EOL of that one is
> *far* less well known than XP (because of Apple's failure to
> communicate product lifecycles).
> 
> roy
> 
> 
>> 
>>> What is this warning?
>> 
>> Windows XP is no longer maintained. Don't use such a system for
>> protecting your money.
>> 
>>> Who is issuing this warning?
>> 
>> Microsoft: http://windows.microsoft.com/en-us/windows/end-support-help
>> 
>> The suggestion here is to make Bitcoin Core detect when it's running
>> on Windows XP, and warn the user (they are likely unaware of the
>> risks).
>> 
>> -- 
>> Pieter
>> 
>> --
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/NeoTech
>> ___
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>> 
> 
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development


--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Bitcoind-in-background mode for SPV wallets

2014-04-09 Thread Laszlo Hanyecz

On Apr 9, 2014, at 8:12 PM, slush  wrote:

> 
> These days IPv6 is slowly deploying to server environments, but maybe there's 
> some simple way how to bundle ipv6 tunnelling into bitcoind so any instance 
> will become ipv6-reachable automatically?
> 

Teredo is available by default on Microsoft systems and it's actually very 
common to see Teredo addresses as peers in torrents - this should work for 
bitcoin too, though I'm not sure if an app needs to set special flags to gain 
access to it.. there are probably some security settings around it.  In the US, 
AT&T/CenturyLink provide IPv6 by way of 6RD for DSL customers, Comcast has 
native IPv6 on residential (but not business) cable modems, and of course those 
who want to can always set up with a tunnel broker like Hurricane Electric - 
they even let you use your own IPv6 addresses.  IPv6 is great, but having an 
application running its own tunnels would not be a good way to leverage it.

Probably what's keeping a lot of them from being reachable is that most people 
just plug their CPE into a NAT router (without IPv6).  Teredo can help here 
though.
Putting an IPv6 checkbox in the settings with a link to an explanation might 
help with education and result in smarter operators who can make their nodes 
reachable.  A built in checker would be even better - something like a 
checklist showing red/green for different aspects of reachability 
(v4/teredo/v6).

-Laszlo



--
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Okay, time to bring up bitcoin/bitcoin

2014-04-02 Thread Laszlo Hanyecz
Maybe he has a fork on the real github.com and the link was a mistake.

http://news.nurse.com/article/20121203/NY02/112030026#.Uzw5UVy2uw8

I think it's possible that 'Kevin' is for real and maybe he doesn't realize he 
linked to a phishing site, if it was an accident.  If this is the same person, 
then he's blind, and maybe that's why he wrote 'U R L' instead of the usual 
'URL', by using speech to text or some other assistive tech.  It might be that 
he tried to fork github.com/bitcoin/bitcoin and just provided the wrong link.  
But regardless, stay away from the one with two Bs in it.

Thanks,
Laszlo


On Apr 2, 2014, at 3:59 PM, Kevin  wrote:

> On 4/2/2014 11:45 AM, Ricardo Filipe wrote:
>> Kevin,
>> the thing is you gave us a bad link... what is the correct URL of your 
>> project?
>> 
>> 2014-04-02 16:30 GMT+01:00 Kevin :
>>> On 4/2/2014 11:13 AM, Laszlo Hanyecz wrote:
>>>> Maybe this site serves up exploits selectively?  I'm guessing most people 
>>>> are getting the 'domain for sale' but whoever is the target probably gets 
>>>> something special?
>>>> 
>>>> On Apr 2, 2014, at 2:53 PM, Kevin  wrote:
>>>> 
>>>>> On 4/2/2014 9:08 AM, Jeff Garzik wrote:
>>>>>> At first, this is a poor choice of URL.
>>>>>> 
>>>>>> But it really looks like a phishing attempt that no one should visit.
>>>>>> 
>>>>>> 
>>>>>> On Tue, Apr 1, 2014 at 4:00 PM, Kevin  wrote:
>>>>>>> I've sat on this for some time after starting this.  I have forked this
>>>>>>> from bitcoin core and am working on a secure tax "mode" for bitcoin.  It
>>>>>>> is written in Autoit.  I know I know, scripting language alert!  I would
>>>>>>> like people to look at:
>>>>>>> http://www.githubb.com/bitcoin/bitcoin
>>>>>>> Look at it, and let's have an open dialog about it.  I want to know the
>>>>>>> good, the bad, and the ugly!
>>>>>>> 
>>>>>>> --
>>>>>>> Kevin
>>>>>>> 
>>>>>>> 
>>>>>>> --
>>>>>>> ___
>>>>>>> Bitcoin-development mailing list
>>>>>>> Bitcoin-development@lists.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>>> As far as choice of U R L, it may be a poor choice but I did this
>>>>> because I wanted it connected with the core.  As far as fishing it
>>>>> certainly is not that!  This is a serious project.
>>>>> 
>>>>> 
>>>>> --
>>>>> Kevin
>>>>> 
>>>>> 
>>>>> --
>>>>> ___
>>>>> Bitcoin-development mailing list
>>>>> Bitcoin-development@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>> I tell you that this is a serious project for bitcoin.  You are free to
>>> assume the worst.  After all, I did say the good the bad and the ugly
>>> would come out of this.  I happen to be a big believer in bitcoin and I
>>> feel this project holds water.  If you disagree, that's fine.
>>> 
>>> 
>>> --
>>> Kevin
>>> 
>>> 
>>> --
>>> ___
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> I understand now why someone thought I was fishing.  That link should work 
> just fine...I'm not sure what the problem is as I know I forked correctly.  I 
> guess I'll need to register a domain for it an get a page going and link from 
> there.  I just haven't gotten around to it but will do that.  I'll get going! 
>  Just know that I would never set up fishing; that's not my style.
> 
> 
> -- 
> Kevin
> 


--
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Okay, time to bring up bitcoin/bitcoin

2014-04-02 Thread Laszlo Hanyecz
www.githubb.com resolves to addresses announced by AS53665

Some basic info about AS53665 can be seen at http://bgp.he.net/AS53665
They probably have a dedi or VPS at Cogent.  They didn't even create an IRR 
record for their AS or their only route.

Let's see what google has to say about malware from AS53665 (TL;DR - it's a 
malware site)
http://www.google.com/safebrowsing/diagnostic?site=AS:53665

-Laszlo



On Apr 2, 2014, at 3:30 PM, Kevin  wrote:

> On 4/2/2014 11:13 AM, Laszlo Hanyecz wrote:
>> Maybe this site serves up exploits selectively?  I'm guessing most people 
>> are getting the 'domain for sale' but whoever is the target probably gets 
>> something special?
>> 
>> On Apr 2, 2014, at 2:53 PM, Kevin  wrote:
>> 
>>> On 4/2/2014 9:08 AM, Jeff Garzik wrote:
>>>> At first, this is a poor choice of URL.
>>>> 
>>>> But it really looks like a phishing attempt that no one should visit.
>>>> 
>>>> 
>>>> On Tue, Apr 1, 2014 at 4:00 PM, Kevin  wrote:
>>>>> I've sat on this for some time after starting this.  I have forked this
>>>>> from bitcoin core and am working on a secure tax "mode" for bitcoin.  It
>>>>> is written in Autoit.  I know I know, scripting language alert!  I would
>>>>> like people to look at:
>>>>> http://www.githubb.com/bitcoin/bitcoin
>>>>> Look at it, and let's have an open dialog about it.  I want to know the
>>>>> good, the bad, and the ugly!
>>>>> 
>>>>> --
>>>>> Kevin
>>>>> 
>>>>> 
>>>>> --
>>>>> ___
>>>>> Bitcoin-development mailing list
>>>>> Bitcoin-development@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>> 
>>> As far as choice of U R L, it may be a poor choice but I did this
>>> because I wanted it connected with the core.  As far as fishing it
>>> certainly is not that!  This is a serious project.
>>> 
>>> 
>>> -- 
>>> Kevin
>>> 
>>> 
>>> --
>>> ___
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> I tell you that this is a serious project for bitcoin.  You are free to 
> assume the worst.  After all, I did say the good the bad and the ugly would 
> come out of this.  I happen to be a big believer in bitcoin and I feel this 
> project holds water.  If you disagree, that's fine.
> 
> 
> -- 
> Kevin
> 


--
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Okay, time to bring up bitcoin/bitcoin

2014-04-02 Thread Laszlo Hanyecz
Maybe this site serves up exploits selectively?  I'm guessing most people are 
getting the 'domain for sale' but whoever is the target probably gets something 
special? 

On Apr 2, 2014, at 2:53 PM, Kevin  wrote:

> On 4/2/2014 9:08 AM, Jeff Garzik wrote:
>> At first, this is a poor choice of URL.
>> 
>> But it really looks like a phishing attempt that no one should visit.
>> 
>> 
>> On Tue, Apr 1, 2014 at 4:00 PM, Kevin  wrote:
>>> I've sat on this for some time after starting this.  I have forked this
>>> from bitcoin core and am working on a secure tax "mode" for bitcoin.  It
>>> is written in Autoit.  I know I know, scripting language alert!  I would
>>> like people to look at:
>>> http://www.githubb.com/bitcoin/bitcoin
>>> Look at it, and let's have an open dialog about it.  I want to know the
>>> good, the bad, and the ugly!
>>> 
>>> --
>>> Kevin
>>> 
>>> 
>>> --
>>> ___
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>> 
>> 
> As far as choice of U R L, it may be a poor choice but I did this 
> because I wanted it connected with the core.  As far as fishing it 
> certainly is not that!  This is a serious project.
> 
> 
> -- 
> Kevin
> 
> 
> --
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development


--
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development