Pages:
Author

Topic: Roadmap to 1.0? (Read 3587 times)

legendary
Activity: 2940
Merit: 1333
July 02, 2012, 05:05:10 AM
#28
I assume the next major release will be 0.7, we'll be running out of 0.x headroom pretty soon Smiley

After 0.9 come 0.10 and 0.11; they're not decimals.

When a period is used to separate sequences, it does not represent a decimal point, and the sequences do not have positional significance. An identifier of 2.5, for instance, is not "two and a half" or "half way to version three"

Most free software packages treat numbers as a continuous stream, therefore a free software or open source product may have version numbers 1.7.0, 1.8.0, 1.8.1, 1.9.0, 1.10.0, 1.11.0, 1.11.1, 1.11.2, etc.
legendary
Activity: 4536
Merit: 3188
Vile Vixen and Miss Bitcointalk 2021-2023
July 02, 2012, 03:57:05 AM
#27
How hard would it be to screen-scrape the password screen?
Sure, it's an extra measure of security, no reason not to implement it ... but it won't protect against capable trojan writers.
Not hard at all. In fact, I think a few (possibly even most) keyloggers take a screenshot on every mouseclick for exactly this reason. The reason not to implement a randomly-changing on-screen keyboard is that it's damn annoying and doesn't really provide much (if any) improved security, and in fact will probably reduce security substantially as it encourages users to use short passwords, due to how damn annoying it is to click a huge number of buttons when the buttons keep shifting positions randomly every time you click one. Angry

Seriously, security features that are annoying are as bad as no security at all because users will actively try to avoid using them properly: people would rather be insecure than annoyed. They may not admit it, but it's the truth. All security features must be designed with non-annoyingness in mind.
legendary
Activity: 1358
Merit: 1003
Ron Gross
July 02, 2012, 02:34:24 AM
#26
Thing is, that's not very user-friendly for grandma.
In defense of the screen keyboard: Maplestory is played by pretty young kids - if they can do it, surely an un-demented grandmother could.

How hard would it be to screen-scrape the password screen?
Sure, it's an extra measure of security, no reason not to implement it ... but it won't protect against capable trojan writers.
hero member
Activity: 815
Merit: 1000
July 02, 2012, 01:32:12 AM
#25
Thing is, that's not very user-friendly for grandma.
In defense of the screen keyboard: Maplestory is played by pretty young kids - if they can do it, surely an un-demented grandmother could.
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
July 01, 2012, 05:10:13 PM
#24
@Gavin

BTW could the way passwords are punched in on the main client to unlock wallets be changed?

What I am thinking about is an on screen keyboard with these features:
1. Keys are shuffled each press.
2. Screen-keyboard window is placed randomly on screen.
(Saw it back when I played MapleStory - never in my online bank  Grin)

That way future BTC key loggers will be out of luck.

Thing is, that's not very user-friendly for grandma.

Honestly, the usable-by-grandma goal and the grandma-wont-lose-coins goal are mutually contradicting. I'm beginning to wonder if it's even worth trying to achieve both, and frankly if it's not, I'd vote for choosing the coins-are-hard-to-lose goal. Let someone besides the Satoshi client developers worry about how simple and accessible the technology is for grandma--I'm sure other client developers and companies can handle that just fine.
hero member
Activity: 815
Merit: 1000
July 01, 2012, 02:42:28 PM
#23
@Gavin

BTW could the way passwords are punched in on the main client to unlock wallets be changed?

What I am thinking about is an on screen keyboard with these features:
1. Keys are shuffled each press.
2. Screen-keyboard window is placed randomly on screen.
(Saw it back when I played MapleStory - never in my online bank  Grin)

That way future BTC key loggers will be out of luck.
member
Activity: 115
Merit: 10
July 01, 2012, 02:22:11 PM
#22
The things on my "good enough to be called 1.0" list are:

+ easy enough for my grandma to use
+ secure enough that it'd be hard for my grandma to lose her bitcoins, even if her computer is infected by 11 bitcoin-stealing trojans and then catches fire and explodes.
+ past the December block-reward-drops-to-25



To solve 'security' for non-computer people, you'd likely need non-computer wallets (paper wallets...grandparents are already familiar with important documents, or so I read).

For a "user-friendly-version install":
1) Test the user's printer.
2) Load some bootable image onto a flash drive.
3) Restart and boot into the flash drive.
4) Have this pristine world generate and print paper wallets.
5) After it reboots back into mac/windows, (on the paper wallets can be instructions for making the equivalent "watch-only" wallet, and something like *ONLY LET THOSE YOU TRUST SEE OR COPY THIS PART OF THE DOCUMENT* for the private keys).

Obviously the "spend problem" is more complicated...funds could be spent:
Within tiny-Linux again, or via a version of "offline transactions", or you could make every transaction immediately dump the remaining/unspent BTC into the "next" paper wallet...needs lots of wallets and not as user friendly, but good for large transactions.
OR, maybe they NEVER spend the BTC...since banks/lenders can use the blockchain to see how much BTC is in a wallet, normies can just borrow USD against the paper-"savings" BTC wallet as collateral (what Zuckerberg does with his FB shares...tax free!). For smaller transactions this would be ideal. (In fact, a BTC payable credit/debit card would make a month's worth of transactions into one transaction...[for transactions that don't need to be anonymous]).

...clearly it depends, to some extent, on new BTC innovations.
legendary
Activity: 1512
Merit: 1036
June 24, 2012, 02:29:51 PM
#21
+ past the December block-reward-drops-to-25

 Shocked

I'm kind of surprised that even Gavin worries a bit about this.

It's not that he worries, it's just something that we need to prove as working in production.
There's a difference between testing something in a lab (testnet) and making it work in production ... we need to get this level of confidence.
You could make a 25BTC generate now and see if it crashes the network.... Testing is worth 25BTC, isn't it?
You'll have to wait to December to test that everybody orphans your 50BTC generate hack block though.

and also...
After we decide that it's out of beta, feature complete and tested, and we won't have any need to reset the blockchain back to block 0?
legendary
Activity: 1526
Merit: 1134
June 24, 2012, 07:06:41 AM
#20
I think we can get there by supporting 2-factor coins (computer+phone both sign transactions), real world identities for merchants (EV SSL cert signs an assertion of ownership of a Bitcoin key), paper backups of wallets and so on. No hardware needed beyond a smart phone.

I was the one who proposed using TPMs and secure CPU extensions for protection of private keys. The technology is sufficiently specialized that I don't anticipate regular end users having access to it any time soon. Merchants and exchange operators, on the other hand, could well benefit, but the expertise needed to produce such a solution is rare.
legendary
Activity: 905
Merit: 1012
June 23, 2012, 01:08:05 PM
#19
There was talk about using TPM modules to firewall access to private keys. That would help significantly, but I don't think this has advanced to an actual proposal yet.
sr. member
Activity: 462
Merit: 250
June 23, 2012, 10:34:16 AM
#18
+ secure enough that it'd be hard for my grandma to lose her bitcoins, even if her computer is infected by 11 bitcoin-stealing trojans and then catches fire and explodes.

I'd be really interested to read any existing discussions about how to reach that level of security.  Does it need specialized hardware or a centralised backup system?  (I know about multisig and how that would help, but it seems as though for that to be effective you would still need a trusted place to stand.)
legendary
Activity: 1260
Merit: 1031
Rational Exuberance
June 22, 2012, 09:54:19 AM
#17
The things on my "good enough to be called 1.0" list are:

+ easy enough for my grandma to use
+ secure enough that it'd be hard for my grandma to lose her bitcoins, even if her computer is infected by 11 bitcoin-stealing trojans and then catches fire and explodes.
+ past the December block-reward-drops-to-25



Heh. That's on my list too:



(From my Using Memes to Explain Bitcoin)
staff
Activity: 4284
Merit: 8808
June 21, 2012, 11:02:10 AM
#16
By the way, is there any plan to implement a "header-only" mode on the main client, as Satoshi described it in his white paper?

People are working on something better than that which won't compromise a node's ability to function as an autonomous fully validating node but will still make things much faster and use less storage.

More important than supporting header only (SPV) mode, but rather the ability to start as a SPV node and sync-up and transition in the background.  But this isn't yet in the immediate pipeline.
legendary
Activity: 1288
Merit: 1080
June 21, 2012, 10:53:01 AM
#15
I'll buy my grandma a terabyte drive for Christmas.

No, seriously, a better startup experience is part of "easy to use" -- waiting hours for the blockchain to sync sucks.


By the way, is there any plan to implement a "header-only" mode on the main client, as Satoshi described it in his white paper?

PS.  sorry I realize it has been discussed already.
legendary
Activity: 1190
Merit: 1000
www.bitcointrading.com
June 21, 2012, 10:44:51 AM
#14
I'll buy my grandma a terabyte drive for Christmas.
Hopefully the blockchain won't eat up that terabyte!  Wink  jk

I can't immediately think of anything that should be included in the 1.0 release, but I have a comment..  In the "about" page on the satoshi client, it says "This is expiremental software."  Is that going to stay there forever or will it be removed one day?
legendary
Activity: 1288
Merit: 1080
June 21, 2012, 08:15:23 AM
#13
+ past the December block-reward-drops-to-25

 Shocked

I'm kind of surprised that even Gavin worries a bit about this.

It's not that he worries, it's just something that we need to prove as working in production.
There's a difference between testing something in a lab (testnet) and making it work in production ... we need to get this level of confidence.

Indeed.
legendary
Activity: 1358
Merit: 1003
Ron Gross
June 21, 2012, 08:14:38 AM
#12
+ past the December block-reward-drops-to-25

 Shocked

I'm kind of surprised that even Gavin worries a bit about this.

It's not that he worries, it's just something that we need to prove as working in production.
There's a difference between testing something in a lab (testnet) and making it work in production ... we need to get this level of confidence.
legendary
Activity: 1288
Merit: 1080
June 21, 2012, 08:13:12 AM
#11
+ past the December block-reward-drops-to-25

 Shocked

I'm kind of surprised that even Gavin worries a bit about this.
hero member
Activity: 742
Merit: 500
June 21, 2012, 06:13:16 AM
#10
'Official' lite client at some point?

This
legendary
Activity: 1400
Merit: 1005
June 20, 2012, 07:25:55 PM
#9
I'll buy my grandma a terabyte drive for Christmas.

No, seriously, a better startup experience is part of "easy to use" -- waiting hours for the blockchain to sync sucks.

Roger that.  Wink
Pages:
Jump to: