[liberationtech] Tool so people might stop doing crazy things with their bitcoins (and stop being robbed)

Mon Jan 29 04:25:53 PST 2018

Sure. I do feel like advertising a tool like this goes against the spirit
of this list. This is someone advertising their own for-profit non-open
source tool that charges you a percentage fee every time you use it and
since we can't compile it after inspecting the source code there is no way
to verify that it isn't simply a scam that will steal all of your money at
some later date.

On Sun, Jan 28, 2018 at 10:24 AM, Yosem Companys <ycompanys at gmail.com>
wrote:

> I'm no longer a list moderator, but I can't help but intervene here. All
> of you have been and continue to be great contributors to the larger
> liberationtech community. A longstanding participant has created something
> to try to advance the public good. There may be differences in terms of how
> to do it.  But we can all speak amicably about the issues.
>
> On Sun, Jan 28, 2018 at 10:16 AM, Aymeric Vitte <vitteaymeric at gmail.com>
> wrote:
>
>> Sorry I don't get a single thing in your answer, apparently you don't
>> know what you are talking about (and please keep your statements for
>> yourself, like "knowledgeable enough" and auditing the bitcoin core code)
>>
>> It's quite easy to check what the module is doing, this is "just"
>> implementing the bitcoin protocol, which works for quasi all of existing
>> coins, there are no crypto inventions/tricks, and such tool does not
>> exist then there is a real added value
>>
>> Probably you don't know very well the bitcoin world and the current
>> mess, please read everything again and we could discuss, and indeed I
>> really care that people don't make mistakes with this module
>>
>> And see https://github.com/Ayms/bitcoin-wallets or
>> https://github.com/Ayms/zcash-wallets or
>> https://github.com/Ayms/cashaddress , those ones are not trivial at all
>> also and completely open source, and btw can be combined with the module
>> of course as explained, should people read things, consider reading the
>> "not coming from nowhere" link too and linked issues on BTG github rep
>> where people commented
>>
>> See the git history of the README for your last question
>>
>>
>> Le 28/01/2018 à 16:53, Thomas Delrue a écrit :
>> > On 01/28/2018 06:22 AM, Aymeric Vitte wrote:
>> >> People don't estimate the effort to do such tool, which is not
>> >> trivial at all given the over complexification of bitcoin stuff, and
>> >> are trying to cheat modifying the code to remove the fees (which is a
>> >> bit crazy for such a module and could just result for them to send
>> >> their coins to some wrong places or have them locked somewhere)
>> > And so your solution is not to prevent the 'cheating' but instead to
>> > hide it, wave your hands and say "these are not the droids you are
>> > looking for, move along"?
>> > If that is the case, I have a hard time understanding what your
>> > value-add is, because your solution has a hard-embedded way to cheat,
>> > that is fundamental to its operation.
>> > Security through obscurity only works for an ever diminishing time.
>> >
>> >> I think it's useless to restart an "open source vs not open source"
>> >> discussion, open source does not mean secure and easy to audit (try
>> >> for example to audit the bitcoin core source code and all
>> >> dependencies), the only thing that matters is that the code is
>> >> provided and can be checked, which is the case
>> > It is most certainly *not* useless to restart this discussion because
>> > people still don't "get it". People need to be told about it over and
>> > over again as demonstrated again right here.
>> >
>> > The fact that neither you nor I are knowledgeable enough to be auditing
>> > the BitCoin core source code is not important; what is more important is
>> > that someone who /is/ capable, has the ability, means and access to do
>> > so: light works as a disinfectant and your choice to hide from the light
>> > speaks for itself.
>> >
>> > Sadly, you also chose to keep something related to crypto (generation of
>> > hashes) in an inaccessible state. If anything, this is the part that
>> > should be made most easy to audit to those with expertise in that area
>> > since it is the thing that will provide 'trust' to your system. Since
>> > you're dealing with money, I'm pretty convinced that it is incredibly
>> > important to you that people trust your implementation.
>> >
>> > Keeping a part, crucial to said trust, inaccessible is a big red flag to
>> > me because chances are, you're rolling your own crypto/hashing. And as
>> > we all (should) know: unless you are or have a team cryptographers that
>> > do this for a living, rolling your own encryption will result in
>> enCRAPtion.
>> > If you're not rolling your own and are using a standard, then why not
>> > make that easy to figure out and audit?
>> >
>> > Are you or do you employ one or more cryptographers?
>> >
>> >> In the first versions we stated something like "Should this project
>> >> be funded we will remove the dev fees and it will become fully open
>> >> source"
>> > Where exactly is this stated? I can't find it if I search your github
>> > spot for the term  "source":
>> > https://github.com/Ayms/bitcoin-transactions/search?q=source
>> >
>>
>> --
>> Bitcoin transactions made simple: https://github.com/Ayms/bitcoi
>> n-transactions
>> Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
>> Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets
>> Get the torrent dynamic blocklist: http://peersm.com/getblocklist
>> Check the 10 M passwords list: http://peersm.com/findmyass
>> Anti-spies and private torrents, dynamic blocklist:
>> http://torrent-live.org
>> Peersm : http://www.peersm.com
>> torrent-live: https://github.com/Ayms/torrent-live
>> node-Tor <https://github.com/Ayms/torrent-livenode-Tor> :
>> https://www.github.com/Ayms/node-Tor
>> GitHub : https://www.github.com/Ayms
>>
>> --
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated: https://mailman.stanford.edu/m
>> ailman/listinfo/liberationtech. Unsubscribe, change to digest, or change
>> password by emailing the moderator at zakwhitt at stanford.edu.
>>
>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated: https://mailman.stanford.edu/
> mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change
> password by emailing the moderator at zakwhitt at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20180129/2836abc7/attachment.html>