[liberationtech] Tool so people might stop doing crazy things with their bitcoins (and stop being robbed)
Aymeric Vitte
vitteaymeric at gmail.com
Mon Jan 29 03:17:51 PST 2018
We had some more friendly discussions off the list with Thomas
Just to clarify one point since maybe what I wrote can lead to some
(mis)interpretation: I did not say "this project is not open source but
that's the same", because that's not the same, I just said "this module
is critical, it's not open source but you can check the code, and please
note that it can be combined with other modules of mine that are fully
open source"
It's not trivial to check the minified part, but by "check the code" I
mean that you can check what it is doing, and as stated put the output
in a standard tx decoding tool to see that it is behaving correctly
For those that don't really follow the bitcoin world there is no word
strong enough to describe what is going on ("crazy", "outstanding",
etc), I myself did discover to what extent it was while doing the tool
(and some unfortunately made mistakes with the first versions that I did
not foresee), this is quite "incredible" (weak word again) how people
get misleaded and what they are doing, usually ending up by losing all
of their coins, much worrying too is that even those that seem to
understand what they are doing don't in fact
I will put back the "should this work..." sentence in the repo
Le 28/01/2018 à 19:24, Yosem Companys a écrit :
> I'm no longer a list moderator, but I can't help but intervene here.
> All of you have been and continue to be great contributors to the
> larger liberationtech community. A longstanding participant has
> created something to try to advance the public good. There may be
> differences in terms of how to do it. But we can all speak amicably
> about the issues.
>
> On Sun, Jan 28, 2018 at 10:16 AM, Aymeric Vitte
> <vitteaymeric at gmail.com <mailto:vitteaymeric at gmail.com>> wrote:
>
> Sorry I don't get a single thing in your answer, apparently you don't
> know what you are talking about (and please keep your statements for
> yourself, like "knowledgeable enough" and auditing the bitcoin
> core code)
>
> It's quite easy to check what the module is doing, this is "just"
> implementing the bitcoin protocol, which works for quasi all of
> existing
> coins, there are no crypto inventions/tricks, and such tool does not
> exist then there is a real added value
>
> Probably you don't know very well the bitcoin world and the current
> mess, please read everything again and we could discuss, and indeed I
> really care that people don't make mistakes with this module
>
> And see https://github.com/Ayms/bitcoin-wallets
> <https://github.com/Ayms/bitcoin-wallets> or
> https://github.com/Ayms/zcash-wallets
> <https://github.com/Ayms/zcash-wallets> or
> https://github.com/Ayms/cashaddress
> <https://github.com/Ayms/cashaddress> , those ones are not trivial
> at all
> also and completely open source, and btw can be combined with the
> module
> of course as explained, should people read things, consider
> reading the
> "not coming from nowhere" link too and linked issues on BTG github rep
> where people commented
>
> See the git history of the README for your last question
>
>
> Le 28/01/2018 à 16:53, Thomas Delrue a écrit :
> > On 01/28/2018 06:22 AM, Aymeric Vitte wrote:
> >> People don't estimate the effort to do such tool, which is not
> >> trivial at all given the over complexification of bitcoin
> stuff, and
> >> are trying to cheat modifying the code to remove the fees
> (which is a
> >> bit crazy for such a module and could just result for them to send
> >> their coins to some wrong places or have them locked somewhere)
> > And so your solution is not to prevent the 'cheating' but instead to
> > hide it, wave your hands and say "these are not the droids you are
> > looking for, move along"?
> > If that is the case, I have a hard time understanding what your
> > value-add is, because your solution has a hard-embedded way to
> cheat,
> > that is fundamental to its operation.
> > Security through obscurity only works for an ever diminishing time.
> >
> >> I think it's useless to restart an "open source vs not open source"
> >> discussion, open source does not mean secure and easy to audit (try
> >> for example to audit the bitcoin core source code and all
> >> dependencies), the only thing that matters is that the code is
> >> provided and can be checked, which is the case
> > It is most certainly *not* useless to restart this discussion
> because
> > people still don't "get it". People need to be told about it
> over and
> > over again as demonstrated again right here.
> >
> > The fact that neither you nor I are knowledgeable enough to be
> auditing
> > the BitCoin core source code is not important; what is more
> important is
> > that someone who /is/ capable, has the ability, means and access
> to do
> > so: light works as a disinfectant and your choice to hide from
> the light
> > speaks for itself.
> >
> > Sadly, you also chose to keep something related to crypto
> (generation of
> > hashes) in an inaccessible state. If anything, this is the part that
> > should be made most easy to audit to those with expertise in
> that area
> > since it is the thing that will provide 'trust' to your system.
> Since
> > you're dealing with money, I'm pretty convinced that it is
> incredibly
> > important to you that people trust your implementation.
> >
> > Keeping a part, crucial to said trust, inaccessible is a big red
> flag to
> > me because chances are, you're rolling your own crypto/hashing.
> And as
> > we all (should) know: unless you are or have a team
> cryptographers that
> > do this for a living, rolling your own encryption will result in
> enCRAPtion.
> > If you're not rolling your own and are using a standard, then
> why not
> > make that easy to figure out and audit?
> >
> > Are you or do you employ one or more cryptographers?
> >
> >> In the first versions we stated something like "Should this project
> >> be funded we will remove the dev fees and it will become fully open
> >> source"
> > Where exactly is this stated? I can't find it if I search your
> github
> > spot for the term "source":
> > https://github.com/Ayms/bitcoin-transactions/search?q=source
> <https://github.com/Ayms/bitcoin-transactions/search?q=source>
> >
>
> --
> Bitcoin transactions made simple:
> https://github.com/Ayms/bitcoin-transactions
> <https://github.com/Ayms/bitcoin-transactions>
> Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
> <https://github.com/Ayms/zcash-wallets>
> Bitcoin wallets made simple:
> https://github.com/Ayms/bitcoin-wallets
> <https://github.com/Ayms/bitcoin-wallets>
> Get the torrent dynamic blocklist: http://peersm.com/getblocklist
> Check the 10 M passwords list: http://peersm.com/findmyass
> Anti-spies and private torrents, dynamic blocklist:
> http://torrent-live.org
> Peersm : http://www.peersm.com
> torrent-live: https://github.com/Ayms/torrent-live
> node-Tor <https://github.com/Ayms/torrent-live%0Anode-Tor> :
> https://www.github.com/Ayms/node-Tor
> <https://www.github.com/Ayms/node-Tor>
> GitHub : https://www.github.com/Ayms
>
> --
> Liberationtech is public & archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> <https://mailman.stanford.edu/mailman/listinfo/liberationtech>.
> Unsubscribe, change to digest, or change password by emailing the
> moderator at zakwhitt at stanford.edu <mailto:zakwhitt at stanford.edu>.
>
>
>
>
--
Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions
Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20180129/b008521b/attachment.html>
More information about the liberationtech
mailing list