Pages:
Author

Topic: Yet another Coin Control Release [CLOSED] - page 7. (Read 47472 times)

member
Activity: 93
Merit: 10
Let me see if I'm understanding this...

Suppose you received 10 BTC for services or whatever.

If you want to spend 1 BTC, your wallet sends all 10 BTC as a complete lump, then sends the remaining 9 BTC back to you?

So in that sense it's very much like handing over a $10 note to buy a $1 item and getting $9 change, right?

But while receiving your change your wallet locks that money with a new key, and doesn't tell you the key? So at that point you CAN still spend those 9 BTC, but if you lose your wallet you lose those 9 BTC because you don't have the key for them?

So even if you do an up-to-date backup, you're just backing up your private key again - which hasn't changed, so you STILL don't have the key for the 9 BTC change and you'd still lose those 9 BTC (at today's price, over $1000)?

If that's correct then that's nutz.


What if you did 'export private keys' or whatever, would you then have the keys for the change?


 Shocked
member
Activity: 81
Merit: 1002
It was only the wind.
I would like to try this.  I don't want to take the time to figure out if it is a Trojan.  Will it steal my bitcoins?  Has anybody checked this?

Highly unlikely.

Such things are almost trivial to spot by an experienced developer or even better: code audit - oriented developer/specialist (when you have the source code).

Oh, really? http://underhanded.xcott.com/

YA, RLY.

Trying to hide code is trivial to spot because such code immediately fails readibility/understanding tests.

Unreadable or not understable code = suspicious code.

I don't think you understood the contest. The point was to write a short, simple, readable program that hid underhanded behavior. Even experienced programmers can miss that there should be a semicolon somewhere, and there isn't, for example.

It is simply extremely difficult to write a program which will do some "Complex Evil Thing(tm)" (like turning your comp into a botnet zombie or stealing your bitcoins) without the code looking suspicious.

It is possible, however highly unlikely.

No arguments here.
sr. member
Activity: 364
Merit: 250
+1 for adding those feature in the main client
I would really like to have them on it.
sr. member
Activity: 364
Merit: 250
Quote from: cozz link=topic=144331.msg1530422#msg1530422
[b
What is an unspent output?[/b]
Lets say your bitcoin address is 111. Now someone sends 1 BTC to this address. Now address 111 has one unspent output. Now someone else sends 2 BTC to this address. Now address 111 has two unspent outputs and a balance of 3 BTC in total.

So now ur telling me an unspent output is really a sig script from a previous tx to that receiving address. So 2 txs to an address: 2 sig scripts controlling the movement of coins there.  But 111 would list 3 BTC in the UTXO correct?  UTXO doesn't list the address twice.  Once with 1 btc, and again with 2 btc.  That's all kinds of database fail.  (unless your goal is to allow for every coin balance in UTXO to reference the blockchain txs that created it.  Then its dbase overkill.)  I still can't understand why Satoshi didn't build pruning in from day one.

Quote
Now lets say you want to send someone 0.1 ...You always have to spent the whole output. This means in this case the bitcoin client would take the first unspent output, send 0.1 BTC to the other person and 0.9 BTC back to yourself. For this the client creates a new change address in the background and adds this address to your wallet. 

Why on God's green earth did Satoshi choose to do this.   I;ve seen txns on blockexplorer  that only move a portion of a balance to a new address.  No, 2 output address to move the "change" of the unspent input.  Or is it that i'm just seeing a full unspent input being moved?

Why don't tx's just track the net movement from one address to another(s), and have the client alter the UTXO table (which i think just contains the output addresses and their total balances).  Then every 10 blocks or so, hash this UTXO and include it in the header (say stuff it in the merkle root as if it were a tx hash).    This means a new client could just d/l the last X number of blocks & headers till it felt confident it had enough. DL then most recent UTXO, and then check then UTXO it received by walking it back by all the txns in the X blocks it d/led and checking the UTXO hashes in the header?   Could allow new clients to d/l and catch up to the current chain in minutes instead of days. Then it will be like Star Terk II, where days become hours.

Wouldn't this be the most elegant way to prune?   It might of course require a new data field added to the header (UTXO hash), but maybe this can be stuffed into the merkle root instead, as if it were a tx hash.   Thus, the UTXO hash data would be seeded into the header via the merkle root w/o having to add a new header field which would be a hard fork. 

Of course how to get the UTXO hash to look like a tx is key.  Aren't there unused data fields in the coinbase.  Does coinbase go into the merkle roots?  Does the unused field get hashed into that?   thus that would be the best place to stick the utxo hash.
member
Activity: 81
Merit: 1002
It was only the wind.
I would like to try this.  I don't want to take the time to figure out if it is a Trojan.  Will it steal my bitcoins?  Has anybody checked this?

Highly unlikely.

Such things are almost trivial to spot by an experienced developer or even better: code audit - oriented developer/specialist (when you have the source code).

Oh, really? http://underhanded.xcott.com/

YA, RLY.

Trying to hide code is trivial to spot because such code immediately fails readibility/understanding tests.

Unreadable or not understable code = suspicious code.

I don't think you understood the contest. The point was to write a short, simple, readable program that hid underhanded behavior. Even experienced programmers can miss that there should be a semicolon somewhere, and there isn't, for example.
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952

Thank you very much, this is highly appreciated & anticipated by many people.
legendary
Activity: 2576
Merit: 1186
newbie
Activity: 7
Merit: 0
long loong awaited feature for Bitcoin-qt. Thanks for this wonderful piece of addition!
Let us all hope it finally makes it officially into v0.9. Please dont give up!
Donated you to finish the testing plan for gavin  Smiley Smiley
legendary
Activity: 1937
Merit: 1001
great work Smiley
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
I would like to try this.  I don't want to take the time to figure out if it is a Trojan.  Will it steal my bitcoins?  Has anybody checked this?

Highly unlikely.

Such things are almost trivial to spot by an experienced developer or even better: code audit - oriented developer/specialist (when you have the source code).

Oh, really? http://underhanded.xcott.com/

YA, RLY.

Trying to hide code is trivial to spot because such code immediately fails readibility/understanding tests.

Unreadable or not understable code = suspicious code.

I don't think you understood the contest. The point was to write a short, simple, readable program that hid underhanded behavior. Even experienced programmers can miss that there should be a semicolon somewhere, and there isn't, for example.

It is simply extremely difficult to write a program which will do some "Complex Evil Thing(tm)" (like turning your comp into a botnet zombie or stealing your bitcoins) without the code looking suspicious.

It is possible, however highly unlikely.
sr. member
Activity: 448
Merit: 250
I've downloaded it, will check it out. Functionality like this is badly needed. Let's get some testing set up so people feel comfortable putting it into 0.9.

member
Activity: 81
Merit: 1002
It was only the wind.
I would like to try this.  I don't want to take the time to figure out if it is a Trojan.  Will it steal my bitcoins?  Has anybody checked this?

Highly unlikely.

Such things are almost trivial to spot by an experienced developer or even better: code audit - oriented developer/specialist (when you have the source code).

Oh, really? http://underhanded.xcott.com/
legendary
Activity: 1652
Merit: 2311
Chief Scientist
The bottleneck for getting this pulled is testing.

It needs a thorough test plan that tries to test edge cases where things might break, and then it needs people to carry out that test plan to make sure it is solid. "It works for me" isn't good enough for wallet-touching code.

See https://github.com/bitcoin/QA  for a suggested process.
member
Activity: 61
Merit: 15
UPDATE: v0.8.1
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
I would like to try this.  I don't want to take the time to figure out if it is a Trojan.  Will it steal my bitcoins?  Has anybody checked this?

Highly unlikely.

Such things are almost trivial to spot by an experienced developer or even better: code audit - oriented developer/specialist (when you have the source code).

Oh, really? http://underhanded.xcott.com/

YA, RLY.

Trying to hide code is trivial to spot because such code immediately fails readibility/understanding tests.

Unreadable or not understable code = suspicious code.
donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
I would like to try this.  I don't want to take the time to figure out if it is a Trojan.  Will it steal my bitcoins?  Has anybody checked this?

That's a good reason why some sort of outboard "coin control utility" isn't a substitute for upstreaming this functionality.

IMHO encouraging end-users to get in the habit of downloading and using third-party "wallet plugins" is probably not a good idea security-wise.
member
Activity: 61
Merit: 15
UPDATE:

first of all, thank you to the 2 people who donated.

gmaxwell from the devs gave me some pointers, so I implemented them:

- removed send change "back to input", because this might confuse people
- address-label is shown, if you enter a change address, also warning if change address is not in wallet or invalid address
- you can now lock/unlock per right-click in the GUI (same as the new cli method "lockunspent")
- (un)select all is now a button to be easier recognizable
- confirmations is now a number, no more icons
- the calculation labels are now on top and also shown in send coins dialog (see screenshots)
- "priority" added (very low - very high): miners order transactions by priority when selecting which go into a block
   priority = coinage / transactionsize
   coinage = value * confirmations
- fee is now calculated for real (before it did not take min-fee into account)
  In order to be able to send a free transaction, you need to follow the rules:
     - transaction size must be < 10000 bytes
     - priority must be at least "medium"
     - any recipient must receive at least 0.01BTC
     - change must be either zero or at least 0.01BTC
  If you violate one rule you will see a min-fee and also the labels turn red:
  Bytes.Priority,Low Output,Change. Depending which rule you violated.
  Those 4 labels also have tool tips explaining this.
  Also remember that violating one of the first 2 rules means 0.0005 PER kilobyte min-fee,
  while violating one of the last 2 means 0.0005 min-fee only.
(Just for the record, I did not make those rules, if you dont like them complain to satoshi:)
sr. member
Activity: 369
Merit: 250
Please include it in 0.8.1 *exactly like this* Smiley
IMO, this is definitely a 0.9 feature at the earliest. Way too big a change for 0.8.x Smiley

Shut up luke. In this instance, your opinion goes against the collective voices of the bitcoin userbase.

... Not only do plenty of people want this feature, the idea has even been tried, and tested for long enough, and it even works well for other bitcoin clients, etc. etc. etc. Even if this feature causes the next version of 0.8.x to wait an extra month or even longer in release candidate status while the features are getting debugged, fine by me. That's perfectly acceptable.

The OP on this thread even explicitly says this feature is disabled by default:

Main
  • Settings checkbox "Display coin control features (experts only!)" (default=no)

So let's please just finally add this feature. We've already waited long enough while GBT was implemented and blockchain data was switched over to being stored with LevelDB, etc. etc. etc.
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
I would like to try this.  I don't want to take the time to figure out if it is a Trojan.  Will it steal my bitcoins?  Has anybody checked this?

Highly unlikely.

Such things are almost trivial to spot by an experienced developer or even better: code audit - oriented developer/specialist (when you have the source code).
sr. member
Activity: 451
Merit: 250
I would like to try this.  I don't want to take the time to figure out if it is a Trojan.  Will it steal my bitcoins?  Has anybody checked this?

Sam
Pages:
Jump to: