It has long since become a tradition to only patch stuff up when an actual attack emerges, hence leading to emergence of a tradition to demonstrate the "seriousness" of attack.
Yeah, especially when someone (CH/RS) dares you to go ahead and do it...
Topic: Alternative Block Chains : be safe! - page 88. (Read 1327873 times)
Yeah, especially when someone (CH/RS) dares you to go ahead and do it...
I'd like to remind everyone that Gavin, with all due respect, is not an angry deity and can neither drown people he vaguely disapproves of nor feed them to the lo(l)custs.
I strongly agree. That's partly why I haven't messed with the alt chains. I even mentioned this on the announcement thread for lxcoin but it got drowned out with all the excitement about it.
It has long since become a tradition to only patch stuff up when an actual attack emerges, hence leading to emergence of a tradition to demonstrate the "seriousness" of attack.
While I personally would rather follow a different approach, this state of affairs is by no means limited to Bitcoin community or even IT in general, and is here to stay.
While I personally would rather follow a different approach, this state of affairs is by no means limited to Bitcoin community or even IT in general, and is here to stay.
Um, with all due respect, Artforz did not burn anyone's house down with lemons, and his actions have inflicted far less damage upon SolidCoin's credibility than CH's, let's say, questionable public relations escapades.
Some people only have one computer and that must suck. Fortunately I have multiple so I can use some of my alt-miners to do this safely.
People with only one computer can still securely isolate different wallets & apps from each other by using privilege separation. For example on Linux, run bitcoin/namecoin/i0coin/etc under separate user accounts, and chmod 700 their home directories.
I would say you nailed this one bullseye with one shot. I think your real concern isn't our "safety" it's yours. Sooner or later one of these alt-chains are going to replace Bitcoin if Bitcoin doesn't do some seriously needed updating and improvements.
You know it, I know it and so does everyone else.
Sometimes the truth isn't all warm and fuzzy, sometimes it's just plain brutal.
I'd like to point out that there is no particular reason why several chains with different properties can't coexist.
For instance, there could be one well-established, reliable chain with only the most needed, most tested and most secure features, and a [pimp] fast-blocked, permanently experimental (sorta like TOR is always experimental forever ) feature-rich one [/pimp]
, as well as dedicated-purpose chains like Namecoin and such. Also, coins with different degrees of "necessary centralization" might exist, with userbase preference being driven by how comfortable they are with a given net's distribution of "powers that be"
Bitcoin, due to its prominence, has become "serious business". That necessitates a very conservative approach to development.
[pimp]That's why I started a fork with a more lighthearted approach to ... pretty much everything [/pimp]
You can have more than one wallet dat.
You just need 1 portable bitcoin client that can safely reside on an encrypted and backed up volume, and one regular one for day to day tiny stuff. It's not like you routinely send 5000+ BTC, no?
Incidentally, cobbling together a somewhat workable portable bitcoin is pretty straightforward.
You just need 1 portable bitcoin client that can safely reside on an encrypted and backed up volume, and one regular one for day to day tiny stuff. It's not like you routinely send 5000+ BTC, no?
Incidentally, cobbling together a somewhat workable portable bitcoin is pretty straightforward.
Some people only have one computer and that must suck. Fortunately I have multiple so I can use some of my alt-miners to do this safely.
Generally, if you have a large amount of bitcoins on a given PC, being extra-cautious about third party software (be it an Alt-coin client or a particularly fancy casual game) is advisable.
Good advice.
Using an alternate cryptocurrency client would be a great way to get many people to install a hidden virus that targets Bitcoin users.
If you have a significant amount of Bitcoins, I wouldn't run other clients on the same computer until the alternates have developed trust over a longer period of time... I'm probably on the paranoid side of things though.
These new cryptocurrencies are interesting, and it will be fascinating to see how it will all play out.
Using an alternate cryptocurrency client would be a great way to get many people to install a hidden virus that targets Bitcoin users.
If you have a significant amount of Bitcoins, I wouldn't run other clients on the same computer until the alternates have developed trust over a longer period of time... I'm probably on the paranoid side of things though.
These new cryptocurrencies are interesting, and it will be fascinating to see how it will all play out.
Also, don't believe everything that prominent members of the Bitcoin community have to say about alternative chains. In particular, I know some people think that the number of confirmations doesn't matter and all that matters is the total expected time of the confirmations, so that 1 10-minute-average confirmation is more secure than 3 3-minute-average confirmations. If you read Satoshi's paper it's clear this isn't true; the number of confirmations is actually more important because transaction security increases exponentially with more confirmations. (His paper has approximate figures; you'll notice that accepting 1 and 2-confirmation transactions is fairly risky.)
Thank you Gavin.
The only things I might add is that "use a different password" isn't limited to exchanges, but applies to forums, emails, and even pools , and that some antivirus heuristics seem to hate anything that has mining code in it and isn't explicitly whitelisted.
The only things I might add is that "use a different password" isn't limited to exchanges, but applies to forums, emails, and even pools
, and that some antivirus heuristics seem to hate anything that has mining code in it and isn't explicitly whitelisted. 
I haven't seen anybody post about what would be my biggest worry if I were trying out alternative block chains. I realize this may be perceived as "Gavin is FUD'ding anything that isn't bitcoin!" (FUD == Fear, Uncertainty and Doubt) But I think some of you might be forgetting some basic computer security fundamentals in the excitement to be early adopters.
When I first heard about bitcoin, my questions were:
1) Can it possibly work (do the ideas for how it works make sense)?
2) Is it a scam?
3) If it is not a scam, could it open my computer up to viruses/trojans if I run it?
I answered those questions by:
1) Reading and understanding Satoshi's whitepaper. Then thinking about it for a day or two and reading it again.
2) Finding out everything I could about the project. I read every forum thread here (there were probably under a hundred threads back then) and read Satoshi's initial postings on the crypto mailing list.
3) Downloaded and skimmed the source code to see if it looked vulnerable to buffer overflow or other remotely exploitable attacks.
If I were going to experiment with an alternative block-chain, I'd go through the same process again. But I'm an old conservative fuddy-duddy.
If you want to take a risk on a brand-new alternative block-chain, I'd strongly suggest that you:
1) Run the software in a virtual machine or on a machine that doesn't contain anything valuable.
2) Don't invest more money or time than you can afford to lose.
3) Use a different passphrase at every exchange site.
When I first heard about bitcoin, my questions were:
1) Can it possibly work (do the ideas for how it works make sense)?
2) Is it a scam?
3) If it is not a scam, could it open my computer up to viruses/trojans if I run it?
I answered those questions by:
1) Reading and understanding Satoshi's whitepaper. Then thinking about it for a day or two and reading it again.
2) Finding out everything I could about the project. I read every forum thread here (there were probably under a hundred threads back then) and read Satoshi's initial postings on the crypto mailing list.
3) Downloaded and skimmed the source code to see if it looked vulnerable to buffer overflow or other remotely exploitable attacks.
If I were going to experiment with an alternative block-chain, I'd go through the same process again. But I'm an old conservative fuddy-duddy.
If you want to take a risk on a brand-new alternative block-chain, I'd strongly suggest that you:
1) Run the software in a virtual machine or on a machine that doesn't contain anything valuable.
2) Don't invest more money or time than you can afford to lose.
3) Use a different passphrase at every exchange site.
Jump to: