Author

Topic: Skeleton key? (was: Bitcoin press hits, notable sources) (Read 1694 times)

legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
Quote
They have a skeleton key that gives them control of the whole machine, any time they want.
This is false. Isn't it defamation? Consider suing them
legendary
Activity: 2058
Merit: 1452
* grue thinks the author is trying to spread FUD, and is basing it on a tiny sliver of truth (signed notifications).
member
Activity: 80
Merit: 10
Split from the press hits topic:

The only "skeleton key" I have is the private key for alert messages, that lets me sign messages that are broadcast and then displayed in the client (see https://en.bitcoin.it/wiki/Alerts for details, and the alerts that have been sent).

Yes, that's probably what the author was referring to (and what the author misunderstood).

Quote
MAYBE he is saying that the core developers could slip in a change to the source code without anybody else noticing... but we've worked hard to make that impossible (with things like the gitian reproducible build system so people can verify that we are creating executables from the source code that anybody can look at).

Slipping in an exploit by adding code that shouldn't be there in the first place is extremely unlikely for these reasons.
But slipping in an exploit by adding a feature that purports to do one thing but does another-- or does one thing except for a very specific edge case-- is very possible.  And the award for doing so is much bigger than, say, getting first place in the Underhanded C contest.
legendary
Activity: 1512
Merit: 1049
Death to enemies!
The shitty Qt version was the skeleton key in action. Totally changing UI and introducing stability, security and usability issues is the biggest problem. If it works, don't fix it!
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Quote
- Who decides on who gets writing permits to the source code?
Gavin(i think), have admin access to the mainstream repo.

Quote
- Who decides on who has to hand off writing permits? How is this guaranteed?
Gavin, or other developers. if you don't like it: go fork to code

Quote
- Who has access to the passwords, backups etc. (maybe some other entity, like github, sourceforge admins, googlemail..)?
doesn't matter. the developers signs the releases, if an external entity tried to change stuff, it would be notice big time.
 
Quote
- What safety procedures are in place to prevent abuse/theft outside manipulation of those writing/viewing permits?
can't be done, see above

Quote
- Are there rules in place that determine the steps undertaken to review and release an update/change to the source code?
no(i think), fork the code.

Quote
- Is there some sort of outside review?
its opensource, go review it yourself.

Quote
- How transparent are the decision making processes on who becomes active developer and who has to retire?
go read discussions on github

Quote
- Are there ways to improve the sefaty standards?
sure: fork the code.

https://github.com/bitcoin/bitcoin
legendary
Activity: 1022
Merit: 1000
Honestly, the administrative structure and execution behind the developers team worries me. Could someone please shed some light on the mechanics/processes by which shall be prevented that the developers (or some of them) implement a hidden piece of code in a new update that allows anyone to steal large amounts of bitcoin from updated clients in short time? This bitcoinwiki article names 4 active developers: https://en.bitcoin.it/wiki/Developers
the bicoin.org frontpage names 6.

If someone knows and can answer some of those questions, please feel free to do so. Providing some links to this information would of course be appreciated as well.
Maybe a quick explanation adressing some of these points could be given:

- Who decides on who gets writing permits to the source code?
- Who decides on who has to hand off writing permits? How is this guaranteed?
- Who has access to the passwords, backups etc. (maybe some other entity, like github, sourceforge admins, googlemail..)?
- What safety procedures are in place to prevent abuse/theft outside manipulation of those writing/viewing permits?
- Are there rules in place that determine the steps undertaken to review and release an update/change to the source code?
- Is there some sort of outside review?
- How transparent are the decision making processes on who becomes active developer and who has to retire?

- Are there ways to improve the sefaty standards?

A proactive and transparent way to deal with those concerns will help to diminish doubt and false ideas surrounding the developers team and the bitcoin project in its whole.

Thx for clearing up (and pls excuse that I didnt reaaally search much before posting;)
vip
Activity: 490
Merit: 271
ps - while your sig quote is nice, it is one of the many fake quotes attributed to prophetic dead people

http://www.snopes.com/quotes/lincoln.asp

You sir, are no sheep. Take that as a compliment.

I have found the earliest appearance of this quote yet.
Journal of United Labor
Vol 8, no. 20
Nov. 19, 1887
pg. 2


However, if the meaning is understood and believed, does it matter the status or position of the person who said it? i.e. Who says it shouldn't matter, if there is truth in the underlying idea.


hero member
Activity: 798
Merit: 1000
ps - while your sig quote is nice, it is one of the many fake quotes attributed to prophetic dead people

http://www.snopes.com/quotes/lincoln.asp
vip
Activity: 490
Merit: 271
you're really expecting an unbiased viewpoint from a site called creditcardassist?

lol, touché. Probably not, but worth a shot.
hero member
Activity: 798
Merit: 1000
you're really expecting an unbiased viewpoint from a site called creditcardassist?
vip
Activity: 490
Merit: 271
Quote
They have a skeleton key that gives them control of the whole machine, any time they want.

Read more: http://www.creditcardassist.com/blog/will-new-digital-currency-bitcoin-replace-the-dollar-20802/#ixzz1rsy7Ez5k


This is a strong accusation. Please make an effort to have it retracted or modified as to what the authors meaning was.


As to Gavin's 'skeleton key', the intent of it is understood but there is a hint of proprietary use there.

legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
Quote

They have a skeleton key that gives them control of the whole machine, any time they want.


Ahhh I didn't realize the article was about the Federal Reserve!!
hero member
Activity: 714
Merit: 500
It's open source, there are so many eyes ( i wish) watching, don't worry.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Quote
Don't Bank On Digital Currency 'Bitcoin' Replacing The Dollar

Ben DeMeter
2012-04-11

http://www.businessinsider.com/dont-bank-on-digital-currency-bitcoin-replacing-the-dollar-2012-4

What a nasty little piece of FUD this is:
Quote
It’s not just safety that has us concerned about Bitcoin, though. We’re also skeptical about how “decentralized” this digital currency can really be. Though the official wiki claims that the protocol is now mandated by community consensus, it’s impossible to ignore the power that the original developers have over the system.

They have a skeleton key that gives them control of the whole machine, any time they want.
diverting

Yeah, but isnt that true? Gavin Andresen and his other "trusted" developer have the power to implement any kind of backdoor in a coming update of the Bitcoin client and COULD just drain an arbitrary amount of bitcoins from the users, diverting them to their own adresses, or couldnt they?
Yeah sure, but so could anyone that feels like writing a virus and asking you to run it on your machine. The official client is scrutinized in every way all the time, and third parties often build binaries themselves to prove that nothing is wrong with the code. Any malicious code introduced would be pointed out quickly, and made known.

Additionally, this is the reason that there is NO automatic update facility in the official bitcoin client.
legendary
Activity: 1652
Merit: 2301
Chief Scientist
Split from the press hits topic:

The only "skeleton key" I have is the private key for alert messages, that lets me sign messages that are broadcast and then displayed in the client (see https://en.bitcoin.it/wiki/Alerts for details, and the alerts that have been sent).

MAYBE he is saying that the core developers could slip in a change to the source code without anybody else noticing... but we've worked hard to make that impossible (with things like the gitian reproducible build system so people can verify that we are creating executables from the source code that anybody can look at).

Smells like plain-old FUD to me.
hero member
Activity: 763
Merit: 500
Yeah, but isnt that true? Gavin Andresen and his other "trusted" developer have the power to implement any kind of backdoor in a coming update of the Bitcoin client and COULD just drain an arbitrary amount of bitcoins from the users, diverting them to their own adresses, or couldnt they?
first rule here: no discussions.

yes, if they conspire and put up a binary that is not identical with the source code its possible. but it could be theoretically fixed by creating a new hardcoded fork of the blockchain from an earlier point in time.
legendary
Activity: 1022
Merit: 1000
Quote
Don't Bank On Digital Currency 'Bitcoin' Replacing The Dollar

Ben DeMeter
2012-04-11

http://www.businessinsider.com/dont-bank-on-digital-currency-bitcoin-replacing-the-dollar-2012-4

What a nasty little piece of FUD this is:
Quote
It’s not just safety that has us concerned about Bitcoin, though. We’re also skeptical about how “decentralized” this digital currency can really be. Though the official wiki claims that the protocol is now mandated by community consensus, it’s impossible to ignore the power that the original developers have over the system.

They have a skeleton key that gives them control of the whole machine, any time they want.
diverting

Yeah, but isnt that true? Gavin Andresen and his other "trusted" developer have the power to implement any kind of backdoor in a coming update of the Bitcoin client and COULD just drain an arbitrary amount of bitcoins from the users, diverting them to their own adresses, or couldnt they?
Jump to: