[Bitcoin-development] Dedicated server for bitcoin.org, your thoughts?

Troy Benjegerdes hozer at hozed.org
Fri Jan 3 17:38:17 UTC 2014


On Fri, Jan 03, 2014 at 09:59:15AM +0000, Drak wrote:
> On 3 January 2014 05:45, Troy Benjegerdes <hozer at hozed.org> wrote:
> 
> > On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote:
> > > On Tue, Dec 31, 2013 at 5:39 AM, Drak <drak at zikula.org> wrote:
> > > > The NSA has the ability, right now to change every download of
> > bitcoin-qt,
> > > > on the fly and the only cure is encryption.
> >
> > No, the only cure is the check the hashes. We should know something
> > about hashes here. TLS is a big pile of 'too big to audit'. Spend
> > a couple of satoshis and put the hash of the source tar.gz and the
> > binaries in the blockchain. Problem solved.
> 
> 
> Which is why, as pointed out several times at 30c3 by several renowned
> figures, why cryptography has remained squarely outside of mainstream use.
> It needs to just work and until you can trust the connection and what the
> end point sends you, automatically, it's a big fail and the attack vectors
> are many.
> 
> <sarcasm>I can just see my mother or grandma manually checking the hash of
> a download... </sarcasm>

'make' should check the hash. The binary should check it's own hash. The
operating system should check the hash.

How about if I sell your Grandma an android table loaded only with free 
software, and use the existing infrastructure android provides to only
allow software to be installed that can be integrity-verified from a 
public key that can be downloaded from the blockchain?

Would you pay $50 (or 2 litecoin) more for at tablet with free software
that protects you and your grandma's interests, rather than selling them
to google/apple/microsoft?

I'm working on eventually being able to build hardware for which the 
entire design specifications, from case to cpu core verilog, all they way
up to the pre-installed cryptographic currency wallet(s) are all signed
and released as part of the Debian archive. 

But I need people like you to explain to your Grandma why this hardware
costs more than hardware that monetizes eyeballs and sells your private
information to the highest bidder.




More information about the bitcoin-dev mailing list