Topic: My (and many others') rant about Bitcoin-QT - page 2. (Read 3535 times)

Yes we agree on that, that's the plan.
"Receive" tab will be a place to create payment requests (ie a URI or QR code), no longer a list of addresses, as that encourages re-use and is confusing to users.

What people forget is that bitcoin is still beta software. It may sometimes appear that way in retrospect but it is not completely obvious what is the best way to do things. The experimentation that the different clients/frontends do is good. We cannot revamp the interface every version for experimentation and lulz, so when we change it must be an overall improvement (that's validated somewhere else).

That indeed sounds weird.

Let me see if I could drag out some screenshots and also his configuration. I figured you'd like to know about this one.

Advanced users are better served by advanced clients. Bitcoin-Qt is not ideal for any use case.

Actually I think a "bitcoin for the masses" client should go the other way around: eventually hide all addresses from users, and just let them know they have "wallets".

All you need to know is that you have "wallets" or "accounts". Whenever you want to receive money in one of your wallets, your client generates you an URI, a QR-code or a simple file that contains a master public key for a deterministic key sequence. This master public key could be generated via a another "master-master-key", basically you'd have a grand-master-key for a wallet, which could generate different master keys for each time you want to produce a "bill".
You'd send this file/URL/QR-code to the payer. He'd add it to his payees' list, your name would show. Every time he wants to send you anything, he just chooses your name, and his client generates a new key from the master-key it has.

Users would only see something like an address is if they ever try to read the URI/file/QR-code - what they don't really need to. And once the secure payment protocol is implemented, a payee with a recognized certificate could even use URL shortners instead. A feature rich client could smoothly integrate with some shortner when applicable. And even if you don't want to pay for a recognized certificate, sending a self-signed key once is no less secure than sending a plain address.

My point is that the technical complexity and "weirdness/geekness" of addresses can be hidden, making it much more user friendly IMHO. And at the same time we make sure people would use Bitcoin addresses as recommended: one per transaction.

That indeed sounds weird.

The old UI (wxbitcoin) used to generate new, unlabaled addresses in some circumstances. With Bitcoin-Qt this should not be happening.

The wallet starts with one receiving address, and all receiving addresses after that should be manually created. If receiving addresses still appear out of the blue with 0.8.x this is a (minor) bug. To be able to fix it I need a way to reproduce it.

This is the weird part

Sipa is correct there.

John could you help answer this question on stackexchange?

http://bitcoin.stackexchange.com/questions/10117/are-change-addresses-visible-from-the-gui-in-the-bitcoin-qt-client/10140?noredirect=1#comment13366_10140

Why are you (as a newbie) concerned what address the coins are on? I'm sorry to say this, and I'm willing to explain how it works, but to normal users the wallet should be an opaque abstraction. Usually when people want to work with individual addresses, they're doing something dangerous or wrong.
You can be assured that the change will go to a private key under your control, otherwise you would no longer see it in your balance.

Warning users against some bad practices with Bitcoin-qt is good. For example, please warn them that messing around with importing/exporting private keys is dangerous (see above) and a recipe for coin loss or theft.

It's also perfectly fine to recommend another client to newbies, as long as you also warn of their respective risks (for example, theft with online wallets) as well.

You know you're right. How about I explain the formal definition as described by CWE -[http://cwe.mitre.org/] for a mainstream course designed for average everyday people. Let's spend hours using highly technical language and very precise definitions so everyone can be an armchair software engineer by the end of the course. Yes you are correct about your use of weakness. I fundamentally disagree with weaknesses being used in this sense and some members of the software development community agree with a broader notion. If I engineer my UI in a way that encourages the user to do something that could result in a hacker exploiting the software, then it is a weakness. It is not in a technical sense you are correct. But the end result is the same, the user gets screwed. Look at windows vista and UAC. Go ahead and google it. This is a the very first result: http://www.petri.co.il/disable_uac_in_windows_vista.htm. UAC was meant to correct issues windows xp had and it was so poorly designed that users turned it off. All that code was wasted.

I will not use the term nor did I intend to do so in a technical sense here. I was merely trying to collect people's frustrations with bitcoin-qt so I could make sure new users don't experience the same problems you had. Get off your damn high horse and stop being an ass. I'm trying to help this community.

No I was very happy you changed it from that greedy $9 to free, and even gave it to some friends. But now your just saying the software has weaknesses it clearly doesn't have a weakness, if it did I be the first one on a soapbox screaming about it. Weakness in software development means that it can be hacked. This is an inconvenience that is necessary so a hacker couldn't take advantage. So I think you need more refinement and more information before making insane comments, that discredit you and your course.

Also your failing at your goal as in to help people if your going start saying misinformation.

Also I am sorry but since I work for my self and I been working with bitcoin for the last 2 years, I doubt you be as knowledgable as me, but you can try. I am probably more than 3/4 to the 15,000 hours to be an expert on bitcoin.

Gweedo my goal is to help people understand how Bitcoin works. Maybe one day, i'll be as knowledgeable and wonderful as you, but until then I'm simply going to continue working hard and answering as many questions as I can. You may have also noticed that I have reached out to many experts within the community including Wladimir J. van der Laan to help me edit and refine my content.

In all the software projects I've worked on, weaknesses are not just considered security flaws. If I build a system that requires my users to do something cumbersome to be safe, then most users will not do it. I am truly sorry such a concept is lost to you. I am also sorry that I have offended you in some way by building a free course with members of this community.

That is an inconvenience, not a weakness. This is why newbies shouldn't be making classes, now your going to spread false information to people who will think your an expert. Thank you for spreading misinformation.

This reminds me of a quote from one of the devs of internet explorer saying that if IE 6 is used properly it is almost unhackable. There is a world of difference between proper use and actual use. I'm discussing weaknesses in terms of useability or encouraging potentially unsafe behavior.

The key pool purge after encryption is an example on a weakness in my opinion for those backing up their wallet. 

There are no weakness, there are inconveniences but weakness would suggest it can be hacked and it really can't be hack.

I'm making a lecture tonight on bitcoin-QT and I'd love to include a structured criticism section in the lecture. What would you guys say are the five biggest weaknesses of bitcoin-QT:

https://www.udemy.com/bitcoin-or-how-i-learned-to-stop-worrying-and-love-crypto/

LMAO I like how your talking about being hacked then you turn to Electrum, which is a great piece of software don't get me wrong, but that is less secured then bitcoin-qt and blockchain.info which requires the site to be up, and as we seen if it goes down then you really can't get your bitcoins unless you have a backup install multi-bit and use another less secured program.

If you don't like bitcoin-qt use Armory gives you better control. I use Armory as where I store most of my wealth, and bitcoin-qt where I currently hold ~$100 for quick spending if I need too.

Bitcoin-qt is very secure, it is only trust-less node (which i hope that changes soon)

I too have a few questions. I am a non-techie newbie. I will appreciate answering.

A. CASE #1

1. At the moment I can see 2 addresses in my Bitcoin-Qt. Let's assume the balance in my Bitcoin-Qt is BTC 10.

2. When I send BTC 1 to a friend of mine, the remaining  BTC 9 is sent to another address of mine (the one I can't see within a pool of about 100 addresses sitting hidden in wallet.dat) - am I correct?

3. Is blockchain.info the only place I can check to which address BTC 9 were sent? What if blockchain.info is down? Is there a way to check from within Bitcoin-Qt to which address BTC 9 were sent?

--------------------------------------------------------------------------------------

B. CASE #2

1. I am given a present, a print-out from bitaddress.org - an address with BTC 5 in it and a private key to this address.

2. The moment I import the private key from the print-out in my Bitcoin-Qt:
a) BTC 5 is added to the balance in my Bitcoin-Qt, and also
b) the address from the print-out is added to a pool of addresses in my wallet and no-one else can use this address but me - I am correct?

--------------------------------------------------------------------------------------

C. CASE #3

1. There is / are account(s) in a wallet. There are addresses in accounts - I am correct?

2. When I pay BTC 1 somebody for a service, the remaining BTC 9 are sent to a hidden address. These BTC 9 are sent internally to the same account as the original BTC 10 or to a new account?

Thank you.

Can anyone tell me if I get this right? What if I have a bunch of offline cold wallets. If I were to spend all the coins one of these wallets, don't I just put the corresponding wallet.dat file in the right directly and let BitcoinQT do its thing (with -rescan)? Or do I have to do something else to make sure I don't lose the coins?

Bitcoin-qt is for services, not for users.