Pages:
Author

Topic: Satoshi client auto update (Read 2500 times)

legendary
Activity: 1050
Merit: 1000
You are WRONG!
June 18, 2012, 12:07:18 PM
#31
thats excacly what alert messages does... cripple the clients...
Before Satoshi disappeared he removed crippling by alert messages. Now they just display the message.

More details here:
https://bitcointalksearch.org/topic/added-some-dos-limits-removed-safe-mode-0319-2228

was not aware of that..
donator
Activity: 826
Merit: 1060
June 18, 2012, 11:50:55 AM
#30
thats excacly what alert messages does... cripple the clients...
Before Satoshi disappeared he removed crippling by alert messages. Now they just display the message.

More details here:
https://bitcointalksearch.org/topic/added-some-dos-limits-removed-safe-mode-0319-2228
legendary
Activity: 1050
Merit: 1000
You are WRONG!
June 18, 2012, 04:49:09 AM
#29
Nothing stops an auto update mechanism having gradual rollout strategies
If there's auto-update, it should certainly be rolled out gradually.

Quote from: casascius
How about auto-cripple?  Where developers can tell old versions to stop functioning
You definitely don't want to tempt an attacker with the chance to cripple everyone else, while they attempt their 51% attack!

The power to deprecate old versions is already available to the network as a whole, since each node can refuse to connect to instances running an outdated version of the protocol. The network is where that power belongs - not with the developers, although developers of course can influence it by releasing new versions that are important enough to the network that it becomes worth deprecating older versions.
thats excacly what alert messages does... cripple the clients...
donator
Activity: 826
Merit: 1060
June 18, 2012, 04:36:24 AM
#28
Nothing stops an auto update mechanism having gradual rollout strategies
If there's auto-update, it should certainly be rolled out gradually.

Quote from: casascius
How about auto-cripple?  Where developers can tell old versions to stop functioning
You definitely don't want to tempt an attacker with the chance to cripple everyone else, while they attempt their 51% attack!

The power to deprecate old versions is already available to the network as a whole, since each node can refuse to connect to instances running an outdated version of the protocol. The network is where that power belongs - not with the developers, although developers of course can influence it by releasing new versions that are important enough to the network that it becomes worth deprecating older versions.
staff
Activity: 4270
Merit: 1209
I support freedom of choice
June 17, 2012, 05:04:10 PM
#27
I like the idea of the auto-update, I just don't like that it's forced.
- User must know that there is an update.
- User must know what the update does.
- User must able to auto-update Bitcoin with just a click.
- User should not be forced to update
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
June 17, 2012, 04:49:50 PM
#26
How about auto-cripple?  Where developers can tell old versions to stop functioning, or at least to start overbearingly pester the user to upgrade.  I thought this functionality was already in there from the beginning.
sr. member
Activity: 312
Merit: 250
June 17, 2012, 04:42:31 PM
#25
About auto update I prefer not comment. (Maybe only for critical vulnerabilities?)
sr. member
Activity: 312
Merit: 250
June 17, 2012, 04:39:10 PM
#24
What I want is:

1- download bitcoin tgz file, extract the files to a custom folder,  execute the bin.
2- If a new version is released I wouldn't like to have to delete the folder and extract the files again.
 
When a new version is released I just want to be notified and asked if I want to update. (Like Firefox update process)
legendary
Activity: 1526
Merit: 1134
June 17, 2012, 04:33:46 PM
#23
And how are users supposed to find out about those bugs in the non-auto scenario? Reading the forums?

Nothing stops an auto update mechanism having gradual rollout strategies, like by allowing the update servers to say "only update if the hash of your first key is < X"
donator
Activity: 826
Merit: 1060
June 17, 2012, 03:21:02 PM
#22
Auto-update is all fun and games until an update contains a vulnerability or a show-stopper bug. Sooner or later, this WILL happen.

Good software hygiene requires keeping control over what is being installed on your computer, and when.
legendary
Activity: 1526
Merit: 1134
June 17, 2012, 01:04:11 PM
#21
Lack of auto update, in practice, means lots of people don't update ever. Look at the version skew on the current network for evidence.

Old versions harm the network, are likely to have lower security for their owners, and slow down deployment of new features that can benefit the entire Bitcoin ecosystem. As you should be keeping up to date anyway, you should want a helpful auto update feature. If you don't then you're just going to cause problems later.
legendary
Activity: 1498
Merit: 1000
June 17, 2012, 11:37:19 AM
#20
NO AUTO UPDATE FOR MAC OSX either please.
hero member
Activity: 482
Merit: 502
June 17, 2012, 07:40:24 AM
#19
Please no auto-update, or at least no auto-update for linux. Or if auto-update on linux, integrate it with existing PPA to avoid mess in packaging system.
But I don't like this idea at all.
legendary
Activity: 1050
Merit: 1000
You are WRONG!
June 17, 2012, 06:41:08 AM
#18
The idea that old software is inherently better is bogus. Software doesn't age like a fine wine. Unless a software project is completely hosed new versions are less buggy than old versions. Regressions happen, but they should be rare.

It's also worth remembering that even in the case of the worst bugs possible that completely break the network, you can issue another auto update that fixes things again. It's only if you break the software and the update mechanism simultaneously that problems start.

Bitcoin is a system where people need to upgrade from time to time for the good of the network, this is especially true for people who are mining or who could benefit from upgraded security features. Auto update is absolutely essential for these people.
the argument for not auto updating is that it gives a higher diversity in the network, which i think is good.
in my opinion does more diversity mean harder to attack, and new bugs have less impact.

that was theymos's point too.


people who mine or need security features, would naturally keep themselfs updated, they don't need auto-update, they are tech people.
legendary
Activity: 1526
Merit: 1134
June 17, 2012, 06:08:44 AM
#17
The idea that old software is inherently better is bogus. Software doesn't age like a fine wine. Unless a software project is completely hosed new versions are less buggy than old versions. Regressions happen, but they should be rare.

It's also worth remembering that even in the case of the worst bugs possible that completely break the network, you can issue another auto update that fixes things again. It's only if you break the software and the update mechanism simultaneously that problems start.

Bitcoin is a system where people need to upgrade from time to time for the good of the network, this is especially true for people who are mining or who could benefit from upgraded security features. Auto update is absolutely essential for these people.
hero member
Activity: 675
Merit: 514
June 16, 2012, 04:47:19 PM
#16
Did you ever see an update where no bugs had been fixed?
donator
Activity: 826
Merit: 1060
June 16, 2012, 03:42:01 PM
#15
I certainly don't mean full automatic installation of new versions, merely a message warning for new versions, and only when enough signatures are available.

Even that's not a good thing. If you issue a "message warning" to users every time there's an update available, users will soon get upgrade fatigue and may miss urgent updates.

By all means display a warning when a problem has been found and fixed. But an update notification should never be "in the user's face" if the update offers only increased functionality or cosmetic changes.
legendary
Activity: 1072
Merit: 1189
June 16, 2012, 03:09:25 PM
#14
I think I got carried away using the term "auto update" here. I certainly don't mean full automatic installation of new versions, merely a message warning for new versions, and only when enough signatures are available.
administrator
Activity: 5222
Merit: 13032
June 16, 2012, 12:22:54 PM
#13
I don't like it. Having many different versions on the network prevents mistaken new rules (fee rules, anti-DoS rules, etc.) from doing a lot of damage. For example, there was a bug in the anti-DoS rules in the past which prevented nodes from uploading the full chain to anyone, but this didn't cause a lot of damage to the network because there were a lot of people using older versions without this bug. An auto-update dialog would increase adoption of new versions a lot.

Also, it's better for security to use the oldest version that's still safe and usable. New code hasn't been tested as much.
legendary
Activity: 1190
Merit: 1004
June 16, 2012, 11:54:27 AM
#12
Why not have an update feature that prompts the user to update? "An update for bitcoin is available. Would you like to install it?" "Yes" "No" "Do not ask me again"
Pages:
Jump to: