Topic: [ANNOUNCE] Electrum - Lightweight Bitcoin Client - page 77. (Read 274562 times)

thanks for the clarification.
the fact that you finally acknowledge being the author does not change anything to my previous warning.

It's really me, sorry for the confusion. The site is just a coding exercise, nothing more, and it's hosted right on the GitHub repository (thought it will be, like, a step forward from the bitaddress.org that apparently uses foreign hosting). If I knew that GitHub doesn't support SSL for project pages I wouldn't even bother CNAMEing it.

it's been mentioned on irc a few times

And according to GitHub, the author is still actively updating it... Seems pretty well implemented, but I can't
find any non-malicious use for this (unless you download the tarball and run it locally, perhaps)...
Out of curiosity, how did you find out about that site?

Just did a WHOIS on the domain, doesn't seem to reveal any obvious clues...

WARNING
A new website popped up, that lets users generate addresses from their Electrum or Armory seed: http://brainwallet.org/

Currently, it is not clear who created that website.
I previously thought it was Joric, but he just said he is not the author.

After a quick inspection, the javascript does not send your seed to a remote server.
However, nothing guarantees that the server will always send you the same javascript

In other words: this could very well be a phishing attempt.
If you ever used that website, move your funds to a new wallet immediately!

Ive personally skimmed through the code before installing electrum i didnt see anything malicous.
I can assume its safe based on the way it works that bitcoins arent accessable by any electrum servers with out the owners permission(signature). So it littterly is a bitcoin server for bitcoin lite clients with out loss of security

Thanks for the detailed response! I actually fully agree with everything you said.

Regarding the risks and benefits of using a self-contained binary vs manually installing
python and required packages and running the source code (a little burdensome on Windows),
I will prepare a FAQ item on my web page to address that, as well as who I am, so that ordinary
users can make an informed decision.

Cheers

This is FUD.

Concerning the "health of the P2P network":
Electrum servers are full Bitcoin nodes, and it is their interest to broadcast transactions as effectively as possible for their clients.
There has been a "red balloons" paper by some microsoft researchers, who pretend that there is a weakness in Bitcoin, because miners have an incentive not to broadcast transactions. This paper lives in a completely theoretical world where the Bitcoin network is made of miners only. In reality, the Bitcoin network is very heterogeneous, made of nodes that have different incentives, and Electrum servers contribute to its diversity. Electrum servers have an incentive to broadcast transactions. They contribute to the health of the network.

Concerning weaker security: it is true that Electrum clients are vulnerable to the servers they connect to. Although the server cannot steal your money, it can send you fake information, for example make you believe that you received a payment that didnt occur. I have two objections to that argument.
 - users can use information from various servers, or from other sources, such as blockexplorer websites, to check if they received a payment. we can also imagine enhanced clients that automatically confront the information sent by several servers.
 - Electrum servers are currently providing blockchain services free of charge. I believe that in the future they might want to charge a very small fee, such as miners do, in order to cover their operation costs. If I get paid from my clients, then  I have little incentive to screw them up.

In the world of possible threats, I do not think that the 'somewhat weaker security' of the Electrum client-server model is a real concern. There are other threats that are much more real.
For example:
 - the forum is full of messages by users who lost bitcoins because they did not backup their wallet correctly. Some developers tend to consider that it is not their problem if users lose coins because they did not do regular backups. I disagree with that. I believe that this is a major problem for Bitcoin. To work as a currency, Bitcoin must be safe, not only for computer experts. It must be perceived as a safe store of value by everyone. For a non expert, 'I guess you do not know how to do backups' sounds very much like 'your coins might disappear randomly and it will be your fault'. The deterministic wallet of Electrum is meant to address that.
 - Web wallets (such as strongcoin, blockchain.info, etc) can get hacked. An attacker gaining access to their servers can modify the javascript executed by the clients, and get access to their private keys. This is a very real threat.
 - another very real threat is people distributing binaries, such as you I am not saying that what you are doing is wrong, and I do appreciate your efforts; it is very nice to have binaries. However, people should understand that there is a difference between source code and binaries. if they run your Electrum binary, they should know that they trust you for not inserting malicious lines in my code. Perhaps you should explain that, who you are, etc.

Hi Thomas,

I just read this on the bitcoin wiki FAQ:


Why would they say such a thing? To the contrary, I have the feeling that Electrum has extremely good security. Would like to hear your thoughts on that.

Keep up the great job!

issue solved on irc

updated 0.38 -> 0.43c

can't connect:

OK, thanks for the fast response! I haven't had any problems either.

I believe it depends on how the OS handles it. With Linux I never had a problem.

Hi Thomas,

Just a quick question:

Is it bad to have 2 instances of Electrum running at the same time (on the same machine, reading and writing the same wallet dat file)? For instance, can it cause wallet corruption or other bad things?

The reason I'm asking is, when clicking a bitcoin URI on a website, it will correctly launch Electrum and populate the Send tab with the requested parameters, but if Electrum is open already, a second instance will open.

Everything appears to work fine, but I was just curious if you could confirm that this is not a problem
regarding the wallet file consistency.

Thanks!

hi,

sorry about that; that's another bug.
I realize that I should have taken more time for testing before that release..

Edit: that bug is fixed in version 0.43b. (use it if you want to recover the labels in your old wallet)

There's an error that I encountered when upgrading from 0.42 to 0.43a:

Had to destroy the existing wallet and recover from seed.

I just released BitSafe-Electrum with 0.43, so you can always have with you the Bitcoin client you love and use

https://bitcointalksearch.org/topic/bitsafe-fork-with-electrum-included-54376

Edit: and a small update to 0.43a. Please use this version.

Yup I did. Don't know how I messed that up

Did you mean to post this in the Bitcoin 100 topic?

Hello,

I just released Electrum 0.43. 
You can get it from http://ecdsa.org/electrum

Changelog:
* this version fixes the wallet recovery issues encountered with 0.42
* support for the stratum protocol (over tcp and http).
* The default interface is now stratum/tcp; it is faster than the native interface.

This client still supports the native protocol, because the stratum interface is still in beta stage and might be modified.