Satoshi client auto update | Bitcointalksearch.org

kokjo

legendary

Activity: 1050

Merit: 1000

You are WRONG!

Quote from: ribuck on June 18, 2012, 12:50:55 PM

Quote from: kokjo on June 18, 2012, 05:49:09 AM

thats excacly what alert messages does... cripple the clients...

Before Satoshi disappeared he removed crippling by alert messages. Now they just display the message.

More details here:
https://bitcointalksearch.org/topic/added-some-dos-limits-removed-safe-mode-0319-2228

was not aware of that..

ribuck

donator

Activity: 826

Merit: 1060

Quote from: kokjo on June 18, 2012, 05:49:09 AM

thats excacly what alert messages does... cripple the clients...

Before Satoshi disappeared he removed crippling by alert messages. Now they just display the message.

More details here:
https://bitcointalksearch.org/topic/added-some-dos-limits-removed-safe-mode-0319-2228

kokjo

legendary

Activity: 1050

Merit: 1000

You are WRONG!

Quote from: ribuck on June 18, 2012, 05:36:24 AM

Quote from: Mike Hearn on June 17, 2012, 05:33:46 PM

Nothing stops an auto update mechanism having gradual rollout strategies

If there's auto-update, it should certainly be rolled out gradually.

Quote from: casascius

How about auto-cripple? Where developers can tell old versions to stop functioning

You definitely don't want to tempt an attacker with the chance to cripple everyone else, while they attempt their 51% attack!

The power to deprecate old versions is already available to the network as a whole, since each node can refuse to connect to instances running an outdated version of the protocol. The network is where that power belongs - not with the developers, although developers of course can influence it by releasing new versions that are important enough to the network that it becomes worth deprecating older versions.

thats excacly what alert messages does... cripple the clients...

ribuck

donator

Activity: 826

Merit: 1060

Quote from: Mike Hearn on June 17, 2012, 05:33:46 PM

Nothing stops an auto update mechanism having gradual rollout strategies

If there's auto-update, it should certainly be rolled out gradually.

Quote from: casascius

How about auto-cripple? Where developers can tell old versions to stop functioning

You definitely don't want to tempt an attacker with the chance to cripple everyone else, while they attempt their 51% attack!

The power to deprecate old versions is already available to the network as a whole, since each node can refuse to connect to instances running an outdated version of the protocol. The network is where that power belongs - not with the developers, although developers of course can influence it by releasing new versions that are important enough to the network that it becomes worth deprecating older versions.

HostFat

staff

Activity: 4256

Merit: 1208

I support freedom of choice

I like the idea of the auto-update, I just don't like that it's forced.
- User must know that there is an update.
- User must know what the update does.
- User must able to auto-update Bitcoin with just a click.
- User should not be forced to update

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

How about auto-cripple? Where developers can tell old versions to stop functioning, or at least to start overbearingly pester the user to upgrade. I thought this functionality was already in there from the beginning.

teste

sr. member

Activity: 312

Merit: 250

About auto update I prefer not comment. (Maybe only for critical vulnerabilities?)

teste

sr. member

Activity: 312

Merit: 250

What I want is:

1- download bitcoin tgz file, extract the files to a custom folder, execute the bin.
2- If a new version is released I wouldn't like to have to delete the folder and extract the files again.

When a new version is released I just want to be notified and asked if I want to update. (Like Firefox update process)

Mike Hearn

legendary

Activity: 1526

Merit: 1134

And how are users supposed to find out about those bugs in the non-auto scenario? Reading the forums?

Nothing stops an auto update mechanism having gradual rollout strategies, like by allowing the update servers to say "only update if the hash of your first key is < X"

ribuck

donator

Activity: 826

Merit: 1060

Auto-update is all fun and games until an update contains a vulnerability or a show-stopper bug. Sooner or later, this WILL happen.

Good software hygiene requires keeping control over what is being installed on your computer, and when.

Mike Hearn

legendary

Activity: 1526

Merit: 1134

Lack of auto update, in practice, means lots of people don't update ever. Look at the version skew on the current network for evidence.

Old versions harm the network, are likely to have lower security for their owners, and slow down deployment of new features that can benefit the entire Bitcoin ecosystem. As you should be keeping up to date anyway, you should want a helpful auto update feature. If you don't then you're just going to cause problems later.

gweedo

legendary

Activity: 1498

Merit: 1000

NO AUTO UPDATE FOR MAC OSX either please.

Deafboy

hero member

Activity: 482

Merit: 502

Please no auto-update, or at least no auto-update for linux. Or if auto-update on linux, integrate it with existing PPA to avoid mess in packaging system.
But I don't like this idea at all.

kokjo

legendary

Activity: 1050

Merit: 1000

You are WRONG!

Quote from: Mike Hearn on June 17, 2012, 07:08:44 AM

The idea that old software is inherently better is bogus. Software doesn't age like a fine wine. Unless a software project is completely hosed new versions are less buggy than old versions. Regressions happen, but they should be rare.

It's also worth remembering that even in the case of the worst bugs possible that completely break the network, you can issue another auto update that fixes things again. It's only if you break the software and the update mechanism simultaneously that problems start.

Bitcoin is a system where people need to upgrade from time to time for the good of the network, this is especially true for people who are mining or who could benefit from upgraded security features. Auto update is absolutely essential for these people.

the argument for not auto updating is that it gives a higher diversity in the network, which i think is good.
in my opinion does more diversity mean harder to attack, and new bugs have less impact.

that was theymos's point too.

people who mine or need security features, would naturally keep themselfs updated, they don't need auto-update, they are tech people.

Mike Hearn

legendary

Activity: 1526

Merit: 1134

The idea that old software is inherently better is bogus. Software doesn't age like a fine wine. Unless a software project is completely hosed new versions are less buggy than old versions. Regressions happen, but they should be rare.

It's also worth remembering that even in the case of the worst bugs possible that completely break the network, you can issue another auto update that fixes things again. It's only if you break the software and the update mechanism simultaneously that problems start.

Bitcoin is a system where people need to upgrade from time to time for the good of the network, this is especially true for people who are mining or who could benefit from upgraded security features. Auto update is absolutely essential for these people.

Schleicher

hero member

Activity: 675

Merit: 514

Did you ever see an update where no bugs had been fixed?

ribuck

donator

Activity: 826

Merit: 1060

Quote from: Pieter Wuille on June 16, 2012, 04:09:25 PM

I certainly don't mean full automatic installation of new versions, merely a message warning for new versions, and only when enough signatures are available.

Even that's not a good thing. If you issue a "message warning" to users every time there's an update available, users will soon get upgrade fatigue and may miss urgent updates.

By all means display a warning when a problem has been found and fixed. But an update notification should never be "in the user's face" if the update offers only increased functionality or cosmetic changes.

Pieter Wuille

legendary

Activity: 1072

Merit: 1181

I think I got carried away using the term "auto update" here. I certainly don't mean full automatic installation of new versions, merely a message warning for new versions, and only when enough signatures are available.

theymos

administrator

Activity: 5222

Merit: 13032

I don't like it. Having many different versions on the network prevents mistaken new rules (fee rules, anti-DoS rules, etc.) from doing a lot of damage. For example, there was a bug in the anti-DoS rules in the past which prevented nodes from uploading the full chain to anyone, but this didn't cause a lot of damage to the network because there were a lot of people using older versions without this bug. An auto-update dialog would increase adoption of new versions a lot.

Also, it's better for security to use the oldest version that's still safe and usable. New code hasn't been tested as much.

MatthewLM

legendary

Activity: 1190

Merit: 1004

Why not have an update feature that prompts the user to update? "An update for bitcoin is available. Would you like to install it?" "Yes" "No" "Do not ask me again"

Topic: Satoshi client auto update (Read 2477 times)