Is it safe to use the 0.6.0 version?, newly released.
Yes 
Topic: URGENT: Windows Bitcoin-Qt update (Read 28188 times)
Is it safe to use the 0.6.0 version?, newly released.
The numbers are chosen by an external advisory yes, but apparently it's just a number to identify the problem.
I think it'd be a little more useful if information about the issue could actually be found in online databases directly about it.
I think it'd be a little more useful if information about the issue could actually be found in online databases directly about it.
I had exactly this in my mind
, a public database, an external given ID and independent information about issues.Dia
The numbers are chosen by an external advisory yes, but apparently it's just a number to identify the problem.
I think it'd be a little more useful if information about the issue could actually be found in online databases directly about it.
I think it'd be a little more useful if information about the issue could actually be found in online databases directly about it.
FWIW, this issue has been assigned CVE-2012-1910
That's a great step, it would be even better to link the advisory. One I found by that number was for JavaRE and the other for Bind DNS :-/.
Dia
Then who did chose that CVE numbers? I thought these numbers were assigned by an external company or organisation ... my fault then.
FWIW, this issue has been assigned CVE-2012-1910
That's a great step, it would be even better to link the advisory. One I found by that number was for JavaRE and the other for Bind DNS :-/.
Dia
FWIW, this issue has been assigned CVE-2012-1910
That's a great step, it would be even better to link the advisory. One I found by that number was for JavaRE and the other for Bind DNS :-/.
Dia
FWIW, this issue has been assigned CVE-2012-1910
+1 for an implementation in a safer language.
I keep saying the same thing; it's just absurd to use a highspeed-hacker-language for financial transactions.
We need another client for broad usage. If everyone hates Mono so much, well then use Java or something, but not something that cares little about type safety, operates directly on memory pointers etc. Think aspect-oriented programming, contracts, this is the kind of stuff we need, and it's as far from C++ as you get.
I keep saying the same thing; it's just absurd to use a highspeed-hacker-language for financial transactions.
We need another client for broad usage. If everyone hates Mono so much, well then use Java or something, but not something that cares little about type safety, operates directly on memory pointers etc. Think aspect-oriented programming, contracts, this is the kind of stuff we need, and it's as far from C++ as you get.
I hate Java more than Python, than Basic ... Windows is written in what language? Linux kernel is written in?
Dia
Can you please stop discussing what language Bitcoin clients are supposed to be written in? This thread is about the specific security problem found here.
Start a discussion in the dev section, if you like a language flamewar.
+1 for an implementation in a safer language.
I keep saying the same thing; it's just absurd to use a highspeed-hacker-language for financial transactions.
We need another client for broad usage. If everyone hates Mono so much, well then use Java or something, but not something that cares little about type safety, operates directly on memory pointers etc. Think aspect-oriented programming, contracts, this is the kind of stuff we need, and it's as far from C++ as you get.
I keep saying the same thing; it's just absurd to use a highspeed-hacker-language for financial transactions.
We need another client for broad usage. If everyone hates Mono so much, well then use Java or something, but not something that cares little about type safety, operates directly on memory pointers etc. Think aspect-oriented programming, contracts, this is the kind of stuff we need, and it's as far from C++ as you get.
I hate Java more than Python, than Basic ... Windows is written in what language? Linux kernel is written in?
Dia
Is this affecting Bitcoin version 0.3.21?
Not this, but 0.3.* are not maintained and have several security and other bugs. Upgrade to at least 0.4.4. Is this affecting Bitcoin version 0.3.21?
No, only windows version of Bitcoin-Qt are affected, a GUI that was only merged in 0.5.0.
However, it's generally a bad idea to keep using such old versions...
+1 for an implementation in a safer language.
I keep saying the same thing; it's just absurd to use a highspeed-hacker-language for financial transactions.
We need another client for broad usage. If everyone hates Mono so much, well then use Java or something, but not something that cares little about type safety, operates directly on memory pointers etc. Think aspect-oriented programming, contracts, this is the kind of stuff we need, and it's as far from C++ as you get.
I keep saying the same thing; it's just absurd to use a highspeed-hacker-language for financial transactions.
We need another client for broad usage. If everyone hates Mono so much, well then use Java or something, but not something that cares little about type safety, operates directly on memory pointers etc. Think aspect-oriented programming, contracts, this is the kind of stuff we need, and it's as far from C++ as you get.
Is this affecting Bitcoin version 0.3.21?
I just tried that, seemed to make it worse. Looked into the logs (new information after what Diapolo said to do), said something about the indexing.
So, I am re-building my blkindex.dat.
I'll post what I find.
So, I am re-building my blkindex.dat.
I'll post what I find.
Anyone else having this problem?
You could try this, perhaps it's related: https://bitcointalksearch.org/topic/m.779221
Dia
Anyone else having this problem?
Quote
about 3 days ago i was commenting on the language choice.
from a software architecture standpoint other languages than c++ would make more sense in such a sensitive area.
from a software architecture standpoint other languages than c++ would make more sense in such a sensitive area.
This is nonsense. If anything, more advanced languages can have their own vulnerabilities which could bitcoin vulnerable without any mistakes acutally made by the developers. This is almost impossible with a low level language like c++.
Apart from that, a program's security does not depend on the language, it depends on the coding.
I'm sorry but you are completely wrong here.
You have to be god-like to not create security vulnerabilities in significantly C/C++ software. 'Direct' buffer overflows can be avoided by littering your code with meticulous boiler plate (and praying you haven't made a mistake somewhere). But integer overflows leading to buffer overflows are so hopelessly trickly that I have no faith in any C/C++ being safe.
Java/Python/Ruby/Lisp buffer overflows simply don't exist... a huge class of exploit eradicated by language choice. And there's a long list of languages immune to buffer overflows (this is mostly a glaring hole in C/C++). Look up US military/intelligence mandates about language choice. C/C++ is so bad that it should be immediately abandoned and _never_ used for _anything_. Why do you think computer security is such a disaster (it was all C/C++ until the recent xss/xsrf/sql havoc - and that too is a design flaw).
That you think "this is nonsense" means that your own code is already insecure, and you just don't know it.
+1
C++ used to be my favorite language... until I learned Lisp and Python.
Now my foot is finally recovering from being shot too many times
I think you mean your knee.
Also, thank you for the fix, developers.
https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.6.0/test/
https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.5.3/
https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.5.3/
now please for the non-coders:
are the the posted (above) windows-binaries safe?
Yes.
Binaries are available at SourceForge:
https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.6.0/test/
https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.5.3/
now please for the non-coders:
are the the posted (above) windows-binaries safe?
Jump to: