Author

Topic: Meanwhile real people continue real work on reference bitcoin client. (Read 822 times)

legendary
Activity: 1652
Merit: 4392
Be a bank
legendary
Activity: 1652
Merit: 4392
Be a bank
https://twitter.com/qntra/status/699638463285428224
http://qntra.net/2016/02/google-unveils-glibc-dns-client-vulnerability-many-bitcoin-implementations-affected/
http://log.bitcoin-assets.com/?date=16-02-2016#1406870 and ff

Google Unveils Glibc DNS Client Vulnerability, Many Bitcoin Implementations Affected
Posted on February 16, 2016 by Bingo Boingo   

Today Google's online security blog unveiled a buffer overflow in the Gnu C library's DNS client (archived). The vulnerability allows the getaddrinfo function to overflow opening the doors to all manner of malice. This vulnerability affects all Bitcoin implementations compiled against the GNU C library which invoke DNS. This includes Bitcoin Core and the clients programmed to eventually fork into altcoins including the "Bitcoin" XT and "Bitcoin" "Classic" network clients. The reference Bitcoin implementation maintained by the Bitcoin Foundation is unaffected as DNS was excised from that client,1 and scripts are available for building the reference implementation against the musl C library.2 It is strongly recommended that Bitcoin users patch their preferred client3 to remove DNS or move to a client maintained by a team that cares about security and eliminating unnecessary attack surfaces in advance.

    The reference Client also had upnp excised before critical vulnerabilities in that code were publically exposed.  ↩

    Most Flagship nodes running the reference client are built against musl rather than glibc.  ↩

    You may have to do this yourself.  ↩

legendary
Activity: 1652
Merit: 4392
Be a bank
I don't get this. Can you give us cliffs on how this solves the problem of scalability that 20MB brings and the lack of decentralization that 1MB + Lightning Network brings? (and eventually problems anyway because even with 1MB + LN the 1MB will eventually not be enough).
if there's a problem of scalability the devs will get to it once they have done the more important work such as freeing the client from the cruft wrongheadedly added in recent years
hero member
Activity: 672
Merit: 503
I don't get this. Can you give us cliffs on how this solves the problem of scalability that 20MB brings and the lack of decentralization that 1MB + Lightning Network brings? (and eventually problems anyway because even with 1MB + LN the 1MB will eventually not be enough).
legendary
Activity: 1652
Merit: 4392
Be a bank
http://qntra.net/2015/06/foundation-report-bring-bitcoin-client-performance-improvement-and-testing/

This month's State of Bitcoin Address issued by the Bitcoin Foundation largely covers the submission and testing of two patches which promise to greatly reduce the memory usage of the Bitcoin reference client. The two major patches submitted are named "Orphanage Thermonuke" and "Transaction Orphanage Amputation" and in tandem they have the potential to seriously clamp down on Bitcoind's memory footprint and could lead to Bitcoin nodes running on more kinds of hardware. The patches work in tandem to drastically alter the Bitcoind client sync mechanism in a radical way.
...
Testing of the new patched Bitcoind variations against their predecessors continues apace as the Foundation's project of tearing the Bitcoin reference implementation down to the bare wood appears to be reaching the point where their software is concretely improved over its predecessors. Given the amount of further testing the reports indicates as necessary, the Foundation has not offered at target for when they might offer a version 0.5.3.2 release.


This is where bitcoin is at, not with the guy who kowtowed to the CIA, nor the one who introduced Heartbleed to the client, nor the ones with the VC backing, but here:

http://thebitcoin.foundation/index.html
Jump to: