Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Wladimir]

On Thu, Apr 17, 2014 at 12:06 AM, Gregory Maxwell wrote:

> Bringing the thread back on-topic:
>

Thanks.


>  On Wed, Apr 16, 2014 at 1:14 AM, Wladimir  wrote:
> > Hello,
> > Today I noticed that even my bank is warning people to not do internet
> > banking with Windows XP.
> > If it is no longer secure enough for online banking it's CERTAINLY not
> > secure enough to run a wallet (for a node only it would be ok-ish as they
> > have no keys to protect).
> > Any opinions on what to do here?
>
> I think eventually multi-wallet support will make it so that a wallet
> won't be created by default.


After the wallet split-off this will also be easier:

- Bitcoin Core Node
- Bitcoin Core Wallet

The node would be as compatible as possible with any OS in existence, but
the wallet can be more picky.


> Instead users would create-wallet, which
> would also give them options like using a HSM (e.g. trezor) or
> multisig secured wallet.


HSMs complicate this; I'm not even sure how this will work, are the Trezor
guys planning to contribute support for their device to wallets including
Bitcoin Core?

Hopefully by that time, everyone will have forgotten about XP already :)

Wladimir
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Wladimir]

On Wed, Apr 16, 2014 at 10:14 PM, Ben Carroll  wrote:

While forcefully dropping XP support would seem like a waste of time, and
> somewhat arbitrary.  If windows builds just stops working for XP, it just
> stops working, however I don't foresee that happening.  I would make a
> reasonable guess that the client probably would even run without fuss on
> Win2k.
>

The _WIN32_WINNT define that is used (0x0501) makes Windows XP the lowest
version that the software will run on. It would be trivial to bump this to
Windows Vista (0x0600).

But in that case the user won't get a helpful message, the software will
outright refuse to run. So I thought, maybe it makes sense to show a
message that XP support is going to be removed - which must happen sooner
or later.

The insecurity of the platform adds urgence to this. So I thought "let's
ask for advice on the mailing list".

But what I get is contortions into unrelated topics (what does auto-update
have to do with this?), paranoid banter about 'manipulating users',
diversions into other topics. Sure, there's a thin line between being
helpful and being seen as manipulative, but it's over the top to compare
this with in-browser banners. It could be so much as a one-time message.

But it's time to close this issue. I'll do nothing here. I will however
stop testing on a Windows XP VM myself.

Wladimir
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Gregory Maxwell]

Bringing the thread back on-topic:

On Wed, Apr 16, 2014 at 1:14 AM, Wladimir  wrote:
> Hello,
> Today I noticed that even my bank is warning people to not do internet
> banking with Windows XP.
> If it is no longer secure enough for online banking it's CERTAINLY not
> secure enough to run a wallet (for a node only it would be ok-ish as they
> have no keys to protect).
> Any opinions on what to do here?

I think eventually multi-wallet support will make it so that a wallet
won't be created by default. Instead users would create-wallet, which
would also give them options like using a HSM (e.g. trezor) or
multisig secured wallet.  That would be a great point where, if they
elect to run and ordinary unsecured wallet, and the software detects
that the host is known-to-not-likely-be-secure it could whine at them
and direct them to a security best practices page.

Then you also avoid whining at people who never run a wallet or use a
hsm making the host security somewhat moot.

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Pieter Wuille]

On Wed, Apr 16, 2014 at 11:39 PM, Mark Friedenbach  wrote:
> On 04/16/2014 02:29 PM, Kevin wrote:
>> Okay, so how about an autoupdate function which pulls a work around off
>> the server?  Sooner or later, the vulnerabilities must be faced.
>
> NO. Bitcoin Core will never have an auto-update functionality. That
> would be a single point of failure whose compromise could result in the
> theft of every last bitcoin held in a Bitcoin Core wallet.

Or, even accidentally, cause a hard forking bug to be rolled out (or
worsen one).

-- 
Pieter

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Mark Friedenbach]

On 04/16/2014 02:29 PM, Kevin wrote:
> Okay, so how about an autoupdate function which pulls a work around off 
> the server?  Sooner or later, the vulnerabilities must be faced.

NO. Bitcoin Core will never have an auto-update functionality. That
would be a single point of failure whose compromise could result in the
theft of every last bitcoin held in a Bitcoin Core wallet.

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Kevin]

On 4/16/2014 5:10 PM, Laszlo Hanyecz wrote:
> I think a warning like this is inappropriate.
>
> There are many reasons to use an out of date operating system and high level 
> applications like wallets need not concern themselves with the rest of the 
> system.  Maybe the wallet can scan your browser cache and tell you to stop 
> visiting somesite.com too?
>
> It just sounds like some kind of behavior modification that's being discussed 
> here.. not-so-subtly suggesting that users shell out money for a newer 
> version of the operating system, just to use their bitcoin wallets in a 
> 'blessed' configuration.  This actually sounds very similar to what happens 
> with Apple iPhones.. they somehow manage to 'invalidate' the charging cables 
> and accessories with every major software version.  One day an accessory is 
> working fine, then after the update users get a behavior modification nag 
> every time they use it, urging them to buy a new one.  Along these same 
> lines, might as well put a warning about the registry keys needing to be 
> cleaned, and maybe a 'shock the money' banner[1].
>
> You guys all know how it works with financial software - there are many 
> organizations using decades old software (and hardware) because they know its 
> shortcomings, they've taken care of them in a way that works them, and they 
> don't want to start all over just for the sake of having the newest version.
>
> -Laszlo
>
> [1] http://www.buzzfeed.com/adobe/obnoxious-banner-ads-that-everyone-remembers
>
>
> On Apr 16, 2014, at 8:42 PM, Roy Badami  wrote:
>
>> On Wed, Apr 16, 2014 at 05:20:41PM +0200, Pieter Wuille wrote:
>>> On Wed, Apr 16, 2014 at 5:12 PM, Kevin  wrote:
 I think we should get to the bottom of this.  Should we assume that xp is
 not secure enough?
>>> Yes.
>> Do we need a similar warning for OS X 10.6?  The EOL of that one is
>> *far* less well known than XP (because of Apple's failure to
>> communicate product lifecycles).
>>
>> roy
>>
>>
 What is this warning?
>>> Windows XP is no longer maintained. Don't use such a system for
>>> protecting your money.
>>>
 Who is issuing this warning?
>>> Microsoft: http://windows.microsoft.com/en-us/windows/end-support-help
>>>
>>> The suggestion here is to make Bitcoin Core detect when it's running
>>> on Windows XP, and warn the user (they are likely unaware of the
>>> risks).
>>>
>>> -- 
>>> Pieter
>>>
>>> --
>>> Learn Graph Databases - Download FREE O'Reilly Book
>>> "Graph Databases" is the definitive new guide to graph databases and their
>>> applications. Written by three acclaimed leaders in the field,
>>> this first edition is now available. Download your free book today!
>>> http://p.sf.net/sfu/NeoTech
>>> ___
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>
>> --
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/NeoTech
>> ___
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Okay, so how about an autoupdate function which pulls a work around off 
the server?  Sooner or later, the vulnerabilities must be faced.


-- 
Kevin


--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Laszlo Hanyecz]

I think a warning like this is inappropriate.

There are many reasons to use an out of date operating system and high level 
applications like wallets need not concern themselves with the rest of the 
system.  Maybe the wallet can scan your browser cache and tell you to stop 
visiting somesite.com too?

It just sounds like some kind of behavior modification that's being discussed 
here.. not-so-subtly suggesting that users shell out money for a newer version 
of the operating system, just to use their bitcoin wallets in a 'blessed' 
configuration.  This actually sounds very similar to what happens with Apple 
iPhones.. they somehow manage to 'invalidate' the charging cables and 
accessories with every major software version.  One day an accessory is working 
fine, then after the update users get a behavior modification nag every time 
they use it, urging them to buy a new one.  Along these same lines, might as 
well put a warning about the registry keys needing to be cleaned, and maybe a 
'shock the money' banner[1].

You guys all know how it works with financial software - there are many 
organizations using decades old software (and hardware) because they know its 
shortcomings, they've taken care of them in a way that works them, and they 
don't want to start all over just for the sake of having the newest version.

-Laszlo

[1] http://www.buzzfeed.com/adobe/obnoxious-banner-ads-that-everyone-remembers


On Apr 16, 2014, at 8:42 PM, Roy Badami  wrote:

> On Wed, Apr 16, 2014 at 05:20:41PM +0200, Pieter Wuille wrote:
>> On Wed, Apr 16, 2014 at 5:12 PM, Kevin  wrote:
>>> I think we should get to the bottom of this.  Should we assume that xp is
>>> not secure enough?
>> 
>> Yes.
> 
> Do we need a similar warning for OS X 10.6?  The EOL of that one is
> *far* less well known than XP (because of Apple's failure to
> communicate product lifecycles).
> 
> roy
> 
> 
>> 
>>> What is this warning?
>> 
>> Windows XP is no longer maintained. Don't use such a system for
>> protecting your money.
>> 
>>> Who is issuing this warning?
>> 
>> Microsoft: http://windows.microsoft.com/en-us/windows/end-support-help
>> 
>> The suggestion here is to make Bitcoin Core detect when it's running
>> on Windows XP, and warn the user (they are likely unaware of the
>> risks).
>> 
>> -- 
>> Pieter
>> 
>> --
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/NeoTech
>> ___
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>> 
> 
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development


--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Roy Badami]

On Wed, Apr 16, 2014 at 05:20:41PM +0200, Pieter Wuille wrote:
> On Wed, Apr 16, 2014 at 5:12 PM, Kevin  wrote:
> > I think we should get to the bottom of this.  Should we assume that xp is
> > not secure enough?
> 
> Yes.

Do we need a similar warning for OS X 10.6?  The EOL of that one is
*far* less well known than XP (because of Apple's failure to
communicate product lifecycles).

roy


> 
> > What is this warning?
> 
> Windows XP is no longer maintained. Don't use such a system for
> protecting your money.
> 
> > Who is issuing this warning?
> 
> Microsoft: http://windows.microsoft.com/en-us/windows/end-support-help
> 
> The suggestion here is to make Bitcoin Core detect when it's running
> on Windows XP, and warn the user (they are likely unaware of the
> risks).
> 
> -- 
> Pieter
> 
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> 

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Adam Back]

Not to get snarky or OS elitist but as I understand it windows security,
even during its support period has been measured in low digit number of days
in the year when is NOT an outstanding known remote root compromise or
combination of remote user compromise + priviledge escalation.  Add in
phishing, watering holes, malware and the average windows computer is
probably compromised a dozen times over.  Apparently for sometime it was not
easily possible to secure it install boot - install OS, connect to network
to download security updates, IP range scanned and compromised faster than
you can patch it.

Adam

On Wed, Apr 16, 2014 at 05:28:27PM +0200, Wladimir wrote:
>   On Wed, Apr 16, 2014 at 5:20 PM, Pieter Wuille
>   <[1]pieter.wui...@gmail.com> wrote:
>
>   On Wed, Apr 16, 2014 at 5:12 PM, Kevin <[2]kevinsisco61...@gmail.com>
>   wrote:
>   > I think we should get to the bottom of this. Â Should we assume that
>   xp is
>   > not secure enough?
>
> Yes.
>
>   It will quickly grow extremely insecure.
>   People will be actively analyzing patches to post-XP versions to find
>   security problems that are patched there, to see if they can be
>   exploited on XP.
>   Wladimir

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Kevin]

On 4/16/2014 12:41 PM, Chris Williams wrote:

It may not be our place to say whether XP is secure or not, but if we say that 
we support it then we have to run test passes against XP as a platform, and if 
an XP user reports a bug, then we have to do something to address it.  So, it 
becomes a test and support issue, not a security issue.

That's why it doesn't make sense to support an OS platform that the original 
vendor (MS) no longer supports themselves.

On Apr 16, 2014, at 9:35 AM, Mark Friedenbach  wrote:


On 04/16/2014 09:27 AM, Kevin wrote:

Should we then add an alert message to wallet installers such as, "Such
and such will not run on windows xp?"

It's not really our place to police that ... plus it's perfectly safe to
be running Bitcoin Core as a full node on XP. It's just the wallet
functionality that people should be careful about. We're talking about
such a small intersection of people who are running XP, have systems
powerful enough to run Bitcoin Core, and use the wallet functionality.

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development



--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech


___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Okay, so we simply stop supporting it.  Should bitcoin pull support 
altogether?



--
Kevin

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Chris Williams]

You’re right.  That’s a huge oversight.  I think any software product you’ve 
ever considered installing has a section that says

“Hey, we want this much ram on your system, this much disk space, this 
processor, etc”.

Otherwise, you’re just setting yourself up for a bad user experience from 
people with marginal machines.


On Apr 16, 2014, at 9:44 AM, Mark Friedenbach  wrote:

> We don't support XP. In fact we don't support *any* distribution, but I
> will assume you mean "provide a binary which runs on X." Can you find
> any reference to Windows XP on the website? I can't.
> 
> On 04/16/2014 09:41 AM, Chris Williams wrote:
>> It may not be our place to say whether XP is secure or not, but if we say 
>> that we support it then we have to run test passes against XP as a platform, 
>> and if an XP user reports a bug, then we have to do something to address it. 
>>  So, it becomes a test and support issue, not a security issue.
>> 
>> That’s why it doesn’t make sense to support an OS platform that the original 
>> vendor (MS) no longer supports themselves.
>> 
>> On Apr 16, 2014, at 9:35 AM, Mark Friedenbach  wrote:
>> 
>>> On 04/16/2014 09:27 AM, Kevin wrote:
 Should we then add an alert message to wallet installers such as, "Such
 and such will not run on windows xp?"
>>> 
>>> It's not really our place to police that ... plus it's perfectly safe to
>>> be running Bitcoin Core as a full node on XP. It's just the wallet
>>> functionality that people should be careful about. We're talking about
>>> such a small intersection of people who are running XP, have systems
>>> powerful enough to run Bitcoin Core, and use the wallet functionality.
>>> 
>>> --
>>> Learn Graph Databases - Download FREE O'Reilly Book
>>> "Graph Databases" is the definitive new guide to graph databases and their
>>> applications. Written by three acclaimed leaders in the field,
>>> this first edition is now available. Download your free book today!
>>> http://p.sf.net/sfu/NeoTech
>>> ___
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>> 



signature.asc
Description: Message signed with OpenPGP using GPGMail
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Mark Friedenbach]

We don't support XP. In fact we don't support *any* distribution, but I
will assume you mean "provide a binary which runs on X." Can you find
any reference to Windows XP on the website? I can't.

On 04/16/2014 09:41 AM, Chris Williams wrote:
> It may not be our place to say whether XP is secure or not, but if we say 
> that we support it then we have to run test passes against XP as a platform, 
> and if an XP user reports a bug, then we have to do something to address it.  
> So, it becomes a test and support issue, not a security issue.
> 
> That’s why it doesn’t make sense to support an OS platform that the original 
> vendor (MS) no longer supports themselves.
> 
> On Apr 16, 2014, at 9:35 AM, Mark Friedenbach  wrote:
> 
>> On 04/16/2014 09:27 AM, Kevin wrote:
>>> Should we then add an alert message to wallet installers such as, "Such
>>> and such will not run on windows xp?"
>>
>> It's not really our place to police that ... plus it's perfectly safe to
>> be running Bitcoin Core as a full node on XP. It's just the wallet
>> functionality that people should be careful about. We're talking about
>> such a small intersection of people who are running XP, have systems
>> powerful enough to run Bitcoin Core, and use the wallet functionality.
>>
>> --
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/NeoTech
>> ___
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> 

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Chris Williams]

It may not be our place to say whether XP is secure or not, but if we say that 
we support it then we have to run test passes against XP as a platform, and if 
an XP user reports a bug, then we have to do something to address it.  So, it 
becomes a test and support issue, not a security issue.

That’s why it doesn’t make sense to support an OS platform that the original 
vendor (MS) no longer supports themselves.

On Apr 16, 2014, at 9:35 AM, Mark Friedenbach  wrote:

> On 04/16/2014 09:27 AM, Kevin wrote:
>> Should we then add an alert message to wallet installers such as, "Such
>> and such will not run on windows xp?"
> 
> It's not really our place to police that ... plus it's perfectly safe to
> be running Bitcoin Core as a full node on XP. It's just the wallet
> functionality that people should be careful about. We're talking about
> such a small intersection of people who are running XP, have systems
> powerful enough to run Bitcoin Core, and use the wallet functionality.
> 
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development



signature.asc
Description: Message signed with OpenPGP using GPGMail
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Mark Friedenbach]

On 04/16/2014 09:27 AM, Kevin wrote:
> Should we then add an alert message to wallet installers such as, "Such
> and such will not run on windows xp?"

It's not really our place to police that ... plus it's perfectly safe to
be running Bitcoin Core as a full node on XP. It's just the wallet
functionality that people should be careful about. We're talking about
such a small intersection of people who are running XP, have systems
powerful enough to run Bitcoin Core, and use the wallet functionality.

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Kevin]

On 4/16/2014 11:28 AM, Wladimir wrote:


On Wed, Apr 16, 2014 at 5:20 PM, Pieter Wuille 
mailto:pieter.wui...@gmail.com>> wrote:


On Wed, Apr 16, 2014 at 5:12 PM, Kevin mailto:kevinsisco61...@gmail.com>> wrote:
> I think we should get to the bottom of this.  Should we assume
that xp is
> not secure enough?

Yes.


It will quickly grow extremely insecure.

People will be actively analyzing patches to post-XP versions to find 
security problems that are patched there, to see if they can be 
exploited on XP.


Wladimir

Should we then add an alert message to wallet installers such as, "Such 
and such will not run on windows xp?"



--
Kevin

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Wladimir]

On Wed, Apr 16, 2014 at 5:20 PM, Pieter Wuille wrote:

> On Wed, Apr 16, 2014 at 5:12 PM, Kevin  wrote:
> > I think we should get to the bottom of this.  Should we assume that xp is
> > not secure enough?
>
> Yes.
>

It will quickly grow extremely insecure.

People will be actively analyzing patches to post-XP versions to find
security problems that are patched there, to see if they can be exploited
on XP.

Wladimir
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Mark Friedenbach]

XP is no longer receiving security patches from Microsoft, and hasn't been
for some time. There are known remote exploits that aren't going to be
fixed, ever.
On Apr 16, 2014 8:15 AM, "Kevin"  wrote:

>  On 4/16/2014 4:14 AM, Wladimir wrote:
>
>  Hello,
>
> Today I noticed that even my bank is warning people to not do internet
> banking with Windows XP.
>
> If it is no longer secure enough for online banking it's CERTAINLY not
> secure enough to run a wallet (for a node only it would be ok-ish as they
> have no keys to protect).
>  Any opinions on what to do here? Just warn and allow the user to
> continue? Redirect them to a 'Windows XP is dangerous' message on
> bitcoin.org? (Microsoft uses
> http://windows.microsoft.com/en-us/windows/end-support-help)
>
>  The drawback of dropping XP support completely would be that a lot of
> computers (especially in China and Russia etc) are still running XP, so
> this could cause the network to lose nodes.
>
> If you're maintainer of other wallet software: how are you handling this?
>  Are you going to drop XP support completely? If so, starting from when?
>
> Regards,
>  Wladimir
>
>
>
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book 
> today!http://p.sf.net/sfu/NeoTech
>
>
>
> ___
> Bitcoin-development mailing 
> listBitcoin-development@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>  I think we should get to the bottom of this.  Should we assume that xp is
> not secure enough?  What is this warning?  Who is issuing this warning?
>
>
> --
> Kevin
>
>
>
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Pieter Wuille]

On Wed, Apr 16, 2014 at 5:12 PM, Kevin  wrote:
> I think we should get to the bottom of this.  Should we assume that xp is
> not secure enough?

Yes.

> What is this warning?

Windows XP is no longer maintained. Don't use such a system for
protecting your money.

> Who is issuing this warning?

Microsoft: http://windows.microsoft.com/en-us/windows/end-support-help

The suggestion here is to make Bitcoin Core detect when it's running
on Windows XP, and warn the user (they are likely unaware of the
risks).

-- 
Pieter

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Kevin]

On 4/16/2014 4:14 AM, Wladimir wrote:

Hello,

Today I noticed that even my bank is warning people to not do internet 
banking with Windows XP.


If it is no longer secure enough for online banking it's CERTAINLY not 
secure enough to run a wallet (for a node only it would be ok-ish as 
they have no keys to protect).


Any opinions on what to do here? Just warn and allow the user to 
continue? Redirect them to a 'Windows XP is dangerous' message on 
bitcoin.org ? (Microsoft uses 
http://windows.microsoft.com/en-us/windows/end-support-help)


The drawback of dropping XP support completely would be that a lot of 
computers (especially in China and Russia etc) are still running XP, 
so this could cause the network to lose nodes.


If you're maintainer of other wallet software: how are you handling this?
Are you going to drop XP support completely? If so, starting from when?

Regards,
Wladimir



--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech


___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
I think we should get to the bottom of this.  Should we assume that xp 
is not secure enough?  What is this warning?  Who is issuing this warning?



--
Kevin

--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Wladimir]

On Wed, Apr 16, 2014 at 10:45 AM, Melvin Carvalho
wrote:

> XP with a trezor would work fine tho?
>

Probably - but that's a very rare edge case. People that are security
conscious enough to buy a Trezor will not run XP. Also I don't dare to say
that there is not some way to sociaal-engineer the user with malware on a
compromised OS even with a trezor.

Maybe: for 0.9.2 add a warning message and push people to upgrade (either
to Win8.1 or something else), then in the next major release 0.10.0 drop XP
support completely.

Wladimir
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Melvin Carvalho]

On 16 April 2014 10:14, Wladimir  wrote:

> Hello,
>
> Today I noticed that even my bank is warning people to not do internet
> banking with Windows XP.
>
> If it is no longer secure enough for online banking it's CERTAINLY not
> secure enough to run a wallet (for a node only it would be ok-ish as they
> have no keys to protect).
> Any opinions on what to do here? Just warn and allow the user to continue?
> Redirect them to a 'Windows XP is dangerous' message on bitcoin.org?
> (Microsoft uses
> http://windows.microsoft.com/en-us/windows/end-support-help)
>
> The drawback of dropping XP support completely would be that a lot of
> computers (especially in China and Russia etc) are still running XP, so
> this could cause the network to lose nodes.
>

XP with a trezor would work fine tho?

My personal preference would be a warning, and to direct them to a free
software operating system that they could upgrade to.


>
> If you're maintainer of other wallet software: how are you handling this?
> Are you going to drop XP support completely? If so, starting from when?
>
> Regards,
> Wladimir
>
>
>
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> ___
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

[Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?)

[Wladimir]

Hello,

Today I noticed that even my bank is warning people to not do internet
banking with Windows XP.

If it is no longer secure enough for online banking it's CERTAINLY not
secure enough to run a wallet (for a node only it would be ok-ish as they
have no keys to protect).
Any opinions on what to do here? Just warn and allow the user to continue?
Redirect them to a 'Windows XP is dangerous' message on bitcoin.org?
(Microsoft uses http://windows.microsoft.com/en-us/windows/end-support-help)

The drawback of dropping XP support completely would be that a lot of
computers (especially in China and Russia etc) are still running XP, so
this could cause the network to lose nodes.

If you're maintainer of other wallet software: how are you handling this?
Are you going to drop XP support completely? If so, starting from when?

Regards,
Wladimir
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development