Bitcoin's Software Gets Security Fixes, New Features

itwbennett (1594911) writes "The software driving Bitcoin's network was upgraded Wednesday, with security fixes addressing a problem that defunct bitcoin exchange Mt. Gox blamed for losing nearly half a billion dollars worth of bitcoins. The latest version of bitcoin's software, 0.9.0, contains more than a half dozen fixes for transaction malleability, according to the release notes for the software. Bitcoin Core also contains a new feature for payment requests. Previously, merchants couldn't attach a note describing an invoice, and people also could not supply a refund address to a merchant. The latest version automatically supplies a refund address." This wouldn't have prevented the Mt. Gox implosion since they weren't using the reference implementation. The foundation also renamed the software to "Bitcoin Core" to avoid confusion between Bitcoin-the-network and Bitcoin-the-reference-implementation,

What?

[DogDude]

Are you fucking kidding me? Bug fixes for a currency?

I'd be real curious to see how many Bitcoin users are also Amway and Herbalife salesmen.

Re:What?

New currency often has additional security features to prevent counterfeiting, why can't a crypto-currency do the same?

Re:What?

Has AIDS? What the hell is a comment like that?

Re:What?

[pla]

Are you fucking kidding me? Bug fixes for a currency?

Why? The Federal reserve calls these "Quantitative Easing". We've had three major patches in as many years, along with quite a few minor updates to those outside the normal update release cycle.

Re:What?

[TheCarp]

Um actually I believe you mean the treasury calls this "A new series". You know, like that line of purple spooge they put across some of the new bills.

Turns out, older series of the "Cash" currency had bugs which allowed for unscrupulous parties to make copies and double spend. So the treasury has released a patch, which is rolled out as they get their hands on older series bills and destroy them to be replaced by the new ones.

Don't get me wrong, I am ready willing and able to get into some fed hate, but, this is just a better example.

Re:What?

Aren't new "copy resistant" dollar bills similar? All the tech that goes into making dollars hard to duplicate?

Re:What?

[Chrisq]

Are you fucking kidding me? Bug fixes for a currency?

Not unprecedented in the real world: New pound coin designed to combat counterfeiting

Re:What?

[FatdogHaiku]

Are you fucking kidding me? Bug fixes for a currency?

Governments are often adding security features to curtail counterfeiting... that's a real world bug fix of currency. And just as in the digital world it is a battle of escalation. "He pulls a knife, you pull a gun. He sends one of yours to the hospital, you send one of his to the morgue!" In any case Sean Connery gets a royalty check...

Re:What?

[pla]

Um actually I believe you mean the treasury calls this "A new series". You know, like that line of purple spooge they put across some of the new bills.

Ah, good point, that does make a better example than mine. :)

Re:What?

[DaveV1.0]

Um, no. You don't understand the term Quantitative Easing if you actually believe that.

Re:What?

[DaveV1.0]

That is not a bug fix because it wasn't a bug. That is making an upgrade to cope with technological change. In essence you are saying that the Unix password hash was buggy because technology improvements made it possible to brute force it thus making it necessary to implement the shadow file.

Re:What?

We get it, you and the people who modded you up don't like the Fed and what they've been doing. But messing with the money supply has nothing to do with these bug fixes. If they had suddenly said, "Oh, we'll change the maximum number of possible Bitcoins," or otherwise changed the supply, then it would be relevant.

Re:What?

[ultranova]

In essence you are saying that the Unix password hash was buggy because technology improvements made it possible to brute force it thus making it necessary to implement the shadow file.

Yes, it was a bug to leave password hashes in a publicly readable file. Even if hashing was a magical algorithm that always took the same amount of time regardless of CPU, leaving the hash in the open allowed a potential attacker to try a dictionary attack without alerting anyone. It was simply idiotic.

Re:What?

[r.freeman]

Of course currencies can get a bug fix. E.g. US dollary has an exploit - it can be printed out of think air, on overnment whim, and therefore it is worht now x10 - x100 time sless then decade ago.
US Dollar lost 90-95% of value. (While bitcoin only gains value so far.)

So the bugfix for US dollar would be to return to gold standard or something else that at least is limited.

This fix was applied by one of USA presidents afair (to reduce influence of private shady FED bank at least), but then he got shot on order of "unknown" powers.
And guess what was the first order of the vice-president who replaced the assasinated president.
Therefore US Dollary remains exploitable at it's core, it is bad midle-long term store of value and will continue it's declining over next decades.

I'm happy my real money got fixed instead, as seen on github.

Re:What?

[r.freeman]

Self-correction, to be exact it was over 90% over the century; Either way so far bitcoin is deflational.

http://thefinancialphysician.c...

But that is just about investment; As means to pay anoune from a computer, in DIY way, Bitcoin (and such solutions) are best tools we have now.

Re:What?

[DaveV1.0]

If the dictionary attack were to take an average of 2 trillion years to guess a single password, would it still be "simply idiotic"? Remember that most encryption would fall in that time frame.

Re:What?

[TheCarp]

A DICTIONARY ATTACK..... takes.... "Trillions of years"? I don't think so. Maybe a brute force, but, password standards TODAY lead to passwords that can be easily guessed by machines. Exposed hashes allow the attack to be done offline at the attacker's leisure.... it was never a good idea, and the level of protection you are postulating never existed for those very reasons.

But yes, I guess its true, if you have really good, "lifetime of the universe to guess" passwords, and ALL of the passwords on the system are all of that level of goodness.... and you are sure your hashes have no collisions with easier to guess passwords, then yes, you can leave your hashes in the password file....hell, at that point, you can post them in your SIG.

However, if you are wrong, then publishing them will mean someone can crack your password or an equivalent before doing anything that might have a chance of alerting you or a sysadmin.

Re:What?

[TheCarp]

I was thinking some more about this and really....isn't it just semantics at this point? You could say it wasn't a bug in bitcoin that was fixed either. A number is the same number zero padded or not.... that is why transactions were "mutable", not because the signature number changes, but because zero padding doesn't change a number.

The bug was not even in bitcoin really. Bitcoin protocol specified that hashes should not be zero padded, and gox was zero padding. Thats bthe bug. In fact, if you really want to identify a bug in bitcoin over it.... it was that it EVER accepted padding when it explicitly said not to pad in the protocol....a bug which was already fixed. (and fixing it opened the door for this trouble since it meant that mtgox transactions would never be accepted without mutation)

What is really interesting to me is that fix. If it was fixed and nobody was re-transmitting mutated transactions, mtgox would have been broken, nobody would be able to get coins out, and they would have to fix it. Even a few hours in that state would have been noticable and lead them to look to fixing it.

So somehow, when it was fixed, someone had to have started within a very short time doing retransmits, OR, have already been doing them with less frequent success. This makes me seriously wonder who "fixed" the original bug and what their motivation was.

Re:What?

I know it's shocking but it's true. He's a flaming poofter with AIDS.

There's an app for that.

Re:What?

[1s44c]

Are you fucking kidding me? Bug fixes for a currency?

Software gets updated now and then for enhancements and improvements. Don't you know anything about software? I thought this was slashdot.

Re:What?

[1s44c]

Are you fucking kidding me? Bug fixes for a currency?
Why? The Federal reserve calls these "Quantitative Easing". We've had three major patches in as many years, along with quite a few minor updates to those outside the normal update release cycle.

Thats nothing like the same thing. The Fed prints more money to bail out their irresponsible friends. Bitcoin adds features that do something useful.

Re:What?

[tehlinux]

I’ve been sticking $30 dollars in pennies up my ass for the past 11 years! That’s 3,000 pennies a day; 21,000 pennies a week; 1,092,000 pennies a year! To date that’s 12,012,000 pennies, 8 times the population of Nebraska. Those pennies have been in my ass! You think you’re better than me? Oh, you’re not better than me. You handle my ass pennies everyday. You pick up my ass pennies for good luck. You throw my ass pennies in fountains and make wishes on them. You give my ass pennies to your little daughter to buy gumballs with.

Re:What?

Turns out, older series of the "Cash" currency had bugs which allowed for unscrupulous parties to make copies and double spend.

That's not a good analogy. The "transaction malleability" problem is more akin to going to the bank, and instead of everyone waiting in line a huge mob of people all rush the counter at once, so that the money the teller just took out of your account ends up getting handed to someone other than you.
And yes, generally speaking that "bug" has been fixed through a combination of common sense and a thing called a Security Guard.

Re:What?

Governments are often adding security features to curtail counterfeiting... that's a real world bug fix of currency

It has nothing at all to do with this situation at all, because the "bug fix" is not about counterfeiting bit-coins. It's about the ability to fool someone who is conducting transactions and trick them into giving bitcoins to the wrong person.

If you want a real world analogy it's more like how con artists will short-change a retail clerk. Let's say you owe $4.95, you pull out a $20, then take it back and hand them a $10, they stick the $10 in the drawer and when they give you the $5.05 back you say "But I gave you a $20!". If the con artist is clever about how they do it, they can actually get a good number of clerks to become confused and think they really did just take a $20.
Which is why most clerks will set your bill ON the register until AFTER they hand back your change.

But for all those who are saying "this isn't a problem with the currency" well technically no it's not, but it IS a problem with the standard software distributed to handle the transactions, so from the POV of most end users it's the "same thing".

Re:What?

[toddestan]

Well, it's not unprecedented. Off the top of my head:

* The relief on the design was lowered after the first year of the Peace Dollar (1921) because the original relief kept breaking the dies.
* The original design of the Morgan dollar has eight feathers in the tail of the eagle. Eagles always have an odd number of tail feathers so the design was changed to 7 sometime during the first year of minting (1878).
* The original 1883 Nickel had only "V" as the denomination (no cents) which lead to people dipping them in gold and trying to pass them off as $5 gold coins.
* The denomination "FIVE CENTS" on the rear of the buffalo nickel originally was one of the highest points on the back of the coin and was thus one of the first areas to wear away. To avoid a repeat of 1883, the area around the text was lowered within the first year to protect the denomination from being worn off.
* Similar to the buffalo nickel, on the standing liberty quarter originally the date was one of the first things to wear away. While not as big of a deal as the denomination wearing off, the design was nevertheless changed to address this.
* In 1828, originally on the half cent there was only 12 stars on the obverse of the coin, which was simply a screw-up as far as anyone can tell. This was fixed to the correct 13 stars sometime in the middle of the year.
* One of the reasons why the "flying eagle" cent design only lasted 2 years (1857-1858) before being redesigned is that the coins did not stack well.

Re:What?

[lcp]

I think it's very normal. In the future, everyone will use Bitcoin :)

Let me be the first to say

Thanks, Dorian!

Just in time for another price dive

Bitcoin is seriously overbought right now. Just the 24*6*25BTC that are mined every day are enough to send the price down because there's very little demand for them. Anybody who was already convinced of Bitcoin is waiting for lower prices to buy more and everybody else just isn't interested right now. Bitcoin looks dangerous, there are thefts everywhere: It's not just the exchanges which get robbed of their hot wallets. PC malware comes with BTC stealing components nowadays. Why buy Bitcoins? You can hardly do anything with them right now, except for niche markets. And how would you use them if you could? Make an irreversible transaction to a far away merchant, hoping you'll get your goods and the merchant doesn't just vanish? Right now, it's not very usable, so it can only be seen as an investment in a very uncertain future.

Re:Just in time for another price dive

[Archangel+Michael]

Problem is, the value of BitCoins exceeds the market demand / use for them. This means it is well into "speculation" arena, and will remain so, until there is a large thawing of coins by the people currently hording them. As these people age, their goal of making a fortune will diminish as "unrealized" profit becomes lost to Bitcoin dustbin.

The problem with hording, is that the value is gone once the person who hid it is dead, and nobody knows it even existed. But unlike Gold, bitcoins burried will be lost forever if there is nobody to remember the password for the wallet.

http://www.cnn.com/2014/02/25/...

Once BitCoin starts to become viable alternative currency, actively traded for goods and services, then I'll become a believer in the value. The problem right now, the only people using BitCoins, are traders. It may end up being just a tool to hold accumulated wealth, and that would be a shame.

Re:Just in time for another price dive

[gstoddart]

The problem right now, the only people using BitCoins, are traders. It may end up being just a tool to hold accumulated wealth, and that would be a shame.

Why does that sound like those "Ty Beanie Babies" which were worth bazillions for a while and are now essentially worthless?

It's like a stock market frenzy to own the latest fad, and getting in an out makes you money, and the last one holding the bag is out of luck.

Re:Just in time for another price dive

Correct. Right now the "market capitalization" of all existing Bitcoins is roughly 6 billion USD, but if you unload 2 million USD worth of BTC (a day worth of mining) onto the market without being super careful, you move the price by close to one percent. If that isn't overvalued, I don't know what is.

Re:Just in time for another price dive

Problem is, the value of BitCoins exceeds the market demand / use for them.

How do you know this? One can see people buying and selling in realtime on Bitstamp, i.e. making a market. Your comment is the same kind of cluelessness I hear when somebody says "I can't sell my house, there are no buyers." No, it just means you are asking too much.

Re:Just in time for another price dive

[Archangel+Michael]

Some Beanie Babies are still worth a fortune. The problem is, they are the ones nobody wanted in the first place, or are the ones that everyone STILL wants.

Re:Just in time for another price dive

[Archangel+Michael]

I know this because I can observe the marketplace, and understand how the market works. Right now, Bitcoins are exceedingly un-useful besides speculation. Speculation requires patience. When that patience wears thin, you'll see the real value in BitCoins.

If you can name, without Googling it, three major retailiers/service providers that take BitCoin, I'll be surprised. There are a few minor places that like being seen as "cutting edge" that take Bitcoin, but for the most part, there is no utility for BitCoins. When that changes, you'll start to see the real value of BitCoins.

There is a long term option that BitCoins become "Wealth Holders", where people store wealth apart from banking and government entities. I'm starting to think this might actually be the "killer app" of BitCoins.

Re:Just in time for another price dive

[higuita]

It is possible to have a wallet that requires 2 signature to make a valid transaction (good for companies) and also, a wallet that may be operated by one of 2 private keys ( good for couples or partners)

It is not much different from hiding the gold. if you are the only one that knows where it is, it may be lost after you are dead (people may find a "treasure" later, as people may "guess" a password later)

Re:Just in time for another price dive

[Glock27]

TigerDirect, Overstock.com, and Gyft.

Be surprised. :-)

I think BTC will do well in the long run, simply because of low transaction cost/friction. Not to mention the small size and light weight. ;-)

Re:Just in time for another price dive

[Lennie]

Bitcoin isn't like your normal economy you might know so well, because it is a deflationary currency, so people want to keep their coins because the value increases over time.

Re:Just in time for another price dive

[Hognoxious]

thawing of coins by the people currently hording them.

They're putting them on horses, assembling them into an army and rampaging across Asia?

Re:Just in time for another price dive

[1s44c]

You can buy lots of nice things with Bitcoin right now, I do all the time. Food, computer parts, bed sheets, all sorts of things. Bitcoin allows sellers to sell without getting robbed by banks. Obviously you should get the reviews of people you deal with in any currency.

If you give cash, bitcoin, gold, or anything else to anonymous drug dealers or shady investment manager snake oil merchants you will be robbed. Don't do that. This isn't something that only happens in the bitcoin world.

Re:Just in time for another price dive

[1s44c]

Right now, Bitcoins are exceedingly un-useful besides speculation.

That just isn't true. I brought a nice meal with bitcoins earlier today. You can also buy all sorts of legal things from some really huge suppliers like overstock.

Bitcoins have essentially no banking costs unlike the huge costs involved with accepting VISA or Mastercard. They are the perfect tool for small merchants who can't afford to have their entire profit margins eaten by banks.

Re:Just in time for another price dive

When you "pay bitcoin" to TigerDirect or Overstock, you actually pay your bitcoin to an intermediary which immediately converts to dollars and wires them to TigerDirect or Overstock. This is because companies like TigerDirect and Overstock simply cannot directly accept bitcoins: they have to pay their suppliers and employees in real money. Also, the bitcoin intermediary companies are venture capitalized startups with no known profitable business model. It's not at all obvious that they won't go bankrupt once their seed money runs out.

So these "bitcoin retailers" actually reinforce ArchangelMichael's point: right now bitcoin's value is speculative. There is next to no direct economic activity involving bitcoins. Virtually all bitcoiner examples of "adoption" are just bitcoin startups acting as a translator between bitcoin speculators and the real world economy. Analyzed end to end, it's still dollars or euros or whatever moving from customers to businesses, just with some crazy-ass intermediate steps in bitcoin land.

And those steps are truly crazy. You claim:

I think BTC will do well in the long run, simply because of low transaction cost/friction.

Let's take a look at that low, low friction. Right now in order to place a bitcoin order with TigerDirect or Overstock, you must submit your order and wait for the etailer to send a notification to their bitcoin intermediary. The intermediary turns around and emails you a bitcoin wallet address with a USD-to-bitcoin quote based on current market prices. Because bitcoin prices are hilariously volatile (because it's not functioning as a real currency and speculators can and do bounce the value around), the intermediaries all give you a very short time to send the requested amount of bitcoins to the special wallet address. And oh by the way the conversion rates are generally skewed in favor of the payment processor so you're really paying a hefty transaction fee here.

Okay so far, right? Not too much hassle? Well... even if you send the coins off immediately, the anti-volatility window is so short that frequently the wallet doesn't receive your bitcoins inside the time window. You see, bitcoin is not nearly as "instant" as true believers want everyone to believe it is. When this happens, since Bitcoin transactions are irreversible, now your fake libertarian idiot money is in the hands of the payment processor even though you didn't buy anything, and you have to beg them to send it back. Since, like virtually all Bitcoin related businesses, they are run by total incompetents, this can take weeks. Bitcoiner message boards are full of sob stories from people who tried to buy shit on overstock using bitcoins and got burned by this problem. And as far as I can tell, TigerDirect is even more hilariously awful, because the TigerDirect interface to Bitcoin payment processors is halfassed and TigerDirect employees apparently give no fucks about helping people resolve issues even under ordinary circumstances.

Another fun one: if you have to return an item bought with bitcoin, the etailer sure as shit isn't gonna send you bitcoins direct -- they don't have any! Never did, despite the overstock.com CEO's well publicized pandering to bitcoiners. So, the way the terms of Bitcoin service work on these sites is that the etailer refunds the payment processor in dollars, and the payment processor then refunds you bitcoins at whatever the payment processor decides the current market rate is. Not the rate when you made the purchase! If the price of bitcoin has gone up since you bought the item (and it should be, according to evangelical bitcoiner up uP UP dogma), you'll be getting back fewer bitcoins than you spent.

(If you're wondering why overstock doesn't just refund you dollars, well, if they allowed bitcoin payments to be refunded in dollars it would be about two microseconds before a bajillion bitcoiners started trying to cash out through them. With all the exchange hijinx it's been g

Re:Just in time for another price dive

[Comrade+Ogilvy]

I am a bit of a bitcoin skeptic, but I see a very plausible niche as a competitor to credit cards. There are hidden costs and risks to small vendors using bitcoins, but when competing with 3% off the top, there is room for insurance (or self-insurance) to cover the glitches.

Re:Just in time for another price dive

[ncc74656]

TigerDirect, Overstock.com, and Gyft.

Another one I've run across lately is Zinc. I'm testing it out with a hard drive I needed to replace a bad drive in my media server. In addition to allowing you to pay with Bitcoin (or Dwolla, if that's your bag), it'll shop your purchase around among other vendors for a better deal. I put the order together on Amazon (which which I could've used Gyft, and have done so in the past), but they ended up placing the order with Newegg instead (for which there isn't otherwise a way to pay with Bitcoin) to knock a few dollars off. It's supposed to arrive tomorrow...we'll see.

Re:Just in time for another price dive

[dns_server]

As bitcoin uses public / private key cryptography you could have clients only have the public key until you need the private key.
So the client would be able to see that someone has sent them bitcoin but not be able to use them as they do not have the key allowing a store to validate that someone has sent in the coins.

Paper wallets is one implementation of this idea, where there is a piece of paper with 2 qr codes with your public and private keys.
Give everyone your public key but when you need to send the coins somewhere you need to scan the qr code to import the key.
You could probably come up with a system requiring you to assemble the private key from several parts.

LOL .. 0.9.0?

[gstoddart]

Do people expect someone to take seriously a piece of software to manage financial transactions with a version like that?

Sorry, but some of us have always looked at BitCoin and thought some combination of "why?" and "no frigging way".

New stories over the last few months aren't doing anything to change that.

This whole thing sounds like it's several years away from being trustworthy, by which point it will either be regulated by governments, or controlled by corporations.

But, hey, if you want to put your money into a currency which is still getting bug fixes, go right ahead. That's your choice.

Re:LOL .. 0.9.0?

[johnsie]

This is why Dogecoin is better. It's still possible to get the coins easily without much investment.

Re:LOL .. 0.9.0?

While I do agree calling it something like 0.9.0 is stupid would it make a difference if it was called 9.0? It's the same software.

Re:LOL .. 0.9.0?

[indeterminator]

The nature of capital investment: getting in early gives you high profit expectation, with high risk of spectacular failure. Getting in late when things have stabilized, gives lower risk with low expected return.

Re:LOL .. 0.9.0?

Are you saying that you would trust it if it was called Bitcoin 500.3?

Re:LOL .. 0.9.0?

[QuasiSteve]

Do people expect someone to take seriously a piece of software to manage financial transactions with a version like that?

Sure, why not?

Apparently we can't take FireFox seriously because it's at version 28(!) (nevermind that Chrome is at 33.0.1750.154 (dude what?)) either.

So, should everything just be labeled v1.0 eternally (or v2.0 for the people who never trust first releases) based on the psychological effects of a version number?

Re:LOL .. 0.9.0?

[ratboy666]

But... I assume you are in the US or Canada. Didn't your currency just get a bug fix update for anti counterfeiting? An update to the US $100 bill was released October 2013. Obviously, you can't trust that yet -- give it a few years.

As to being "regulated" by government, -- what is that, exactly? BTC is one possible crypto-currency, so it is of interest what you think this "regulation" should look like.

Re:LOL .. 0.9.0?

[gstoddart]

While I do agree calling it something like 0.9.0 is stupid would it make a difference if it was called 9.0? It's the same software.

Major vendors do the same thing.

The thing is, the customers still know you went from 1.1 to 9.2, and they assume it's a steaming heap of beta and stay away from it for a while.

But, for me, between the news coverage and relative newness of this, I just don't see why I would be inclined to either want it or trust it.

That doesn't mean it doesn't sound vaguely cool. But it also isn't something I'd entrust my money to. Then again, I also refuse to entrust my money to PayPal, because they're not a bank either.

Real banks and the real banking system operates under rules and laws. Anything outside of that falls into the "buyer beware" category, as we keep seeing in news stories. How many BitCoin services have been ripped off in the last few months?

For me, I'll just pass on this whole thing.

Re:LOL .. 0.9.0?

[Jeremi]

Do people expect someone to take seriously a piece of software to manage financial transactions with a version like that?

Apparently people do take it seriously, so it looks like the answer is yes.

Staying in the 0.x range for a long time is typical for open-source software -- a lot of packages don't go to 1.0 until they have been in use for many years. It doesn't necessarily imply anything bad (or good) about the reliability of the software.

If BitCoin was commercial software, no doubt it would be up to Version 7 Professional Platinum Collector's Edition now... but then again, if it was commercial software, it would probably be closed source, and therefore nobody would trust it enough to use it, and we wouldn't be having this conversation.

Re:LOL .. 0.9.0?

It's pretty common for open source software to stay in beta almost forever. Bitcoin is no different, it's OSS and it's still in experimental stage.

Re:LOL .. 0.9.0?

[Animats]

The base Bitcoin technology is surprisingly good. Nobody has been able to double-spend yet. The "mallability" bug has to do with programs which incorrectly decide a transaction didn't go through and redo it.

Most of Bitcoin's problems aren't with the software. Bitcoin's irrevocable money sends to anonymous remote parties are the con man's dream. At last, you can rip people off without ever giving them enough info to find you. That's why Bitcoin is such a scumbag magnet.

Mt. Gox's problems stem from a combination of incompetence and criminal activity. They're not technical. Karpeles was running a business that handled a billion dollars a year without an accountant, a controller, an inside auditor, an outside auditor, or a compliance officer. You can't do that and succeed. You have to have enough separation of functions that no employee can steal without detection. Mt. Gox didn't have that. Probably so that Karpeles could steal.

Re:LOL .. 0.9.0?

[IamTheRealMike]

The point of using such a version number is exactly to remind people that Bitcoin is new and experimental. It's quite possible to understand that something is a risky experiment, yet still take it seriously - these two things are not incompatible.

But, hey, if you want to put your money into a currency which is still getting bug fixes, go right ahead. That's your choice.

Banks and governments routinely have to upgrade banknotes and other forms of security on their own money, which you can see as "fixing bugs" in the sense that the ability to counterfeit is a bug. Development never really stops, so a 0.9 vs 1.0 is an entirely arbitrary line in the sand.

Re:LOL .. 0.9.0?

But, hey, if you want to put your money into a currency which is still getting bug fixes, go right ahead. That's your choice.

The UK just announced that they were replacing their One Pound coin with a new design (a two-colour polygon rather than a purely 'gold' circle) to prevent counterfeiting. Is GBP unsafe now?

Re:LOL .. 0.9.0?

[moke]

You're right, I'm such an idiot, I bought some when the version was 0.7.2.

If I had only looked at the version number I could have saved myself from making $50,000

Re:LOL .. 0.9.0?

[jones_supa]

Yes, it would make a difference. Any other questions?

Re:LOL .. 0.9.0?

Linux is crap. Still at version 3 and it's been, what, over 20 years? Should be around version 2014 by now, amirite?

Re:LOL .. 0.9.0?

[gstoddart]

As to being "regulated" by government, -- what is that, exactly? BTC is one possible crypto-currency, so it is of interest what you think this "regulation" should look like.

Banking laws. Deposit protection. Rules about how they can't just decide that your money is now their money. Legal oversight.

There's also a huge difference between issues of government notes (which are still legal tender even if someone counterfeits them), and the underlying system of transfers and transactions.

To me, Bitcoin and all cyrpto currencies are in their infancy, and have yet to deal with all of the issues real banking systems have been doing for decades.

And, I'm sorry, but I'll go with decades of experience when it comes to my money. Because if the bank fucks up there's rules in place for how they deal with it. There's deposit insurance. There is established case law to determine what happens.

Cryptocurrency is pretty much the wild west, and is going to go through far more growing pains until it's 'respectable' to some people. And, like I said, by then it will be either regulated or under control of corporations.

Re:LOL .. 0.9.0?

[jones_supa]

It's not a psychological effect but a very well-known convention that the major version number 0 is reserved for beta releases.

Re:LOL .. 0.9.0?

[Marginal+Coward]

These things seem to matter to somebody. See http://linux.slashdot.org/stor.... Also, calling it something like "Millennium Edition" probably would be a bad idea. ;-)

Re:LOL .. 0.9.0?

o people expect someone to take seriously an operating system with a version like that?

Sorry, but some of us have always looked at Linux and thought some combination of "why?" and "no frigging way".

New exploits over the last few months aren't doing anything to change that.

This whole thing sounds like it's several years away from being trustworthy, by which point it will either be closed source, or controlled by corporations.

But, hey, if you want to put your time into an OS which is still getting bug fixes, go right ahead. That's your choice.

Re:LOL .. 0.9.0?

[gstoddart]

If I had only looked at the version number I could have saved myself from making $50,000

Hey, if you want to get involved in speculative investment, that's your right. But you also can't deny that theft was occuring at those lower version numbers and you could just as easily have nothing left.

You could do the same with penny stocks and day trading as well.

But I wouldn't do it, which is my entire point.

So far nobody has given any reasons why BitCoin is a good idea or should be trusted, they've given the intellectual equivalent of "I know you are but what am I".

Feel free to make you case, but if all you have is that you made money on speculative investments and therefore all speculative investments are good ... well, you're going to have to do better.

Re:LOL .. 0.9.0?

Why? Because you're an idiot?

Re:LOL .. 0.9.0?

How much money have you invested in Firefox?

Re:LOL .. 0.9.0?

[ameen.ross]

So would you prefer unstable software labeled "release quality" with a version number of 9.0?

Re:LOL .. 0.9.0?

You have no clue about network systems and security or how they work, do you?
Your the type of person that would give all your gold up for paper aren't you ?
Trusting in one central system will bankrupt all. Its already been proven several million times over ........

Re:LOL .. 0.9.0?

[gstoddart]

Also, calling it something like "Millennium Edition" probably would be a bad idea. ;-)

Bah, if you were a Mt Gox user you could call it the "Money-none-ium Edition" and it would have been accurate. ;-)

Re:LOL .. 0.9.0?

Yes, specifically "v0.9.0.0-g92d25e4-beta".

I'll echo what pretty much all the devs are saying: "This is an experiment. Do not invest more money than you can afford to lose."

Re:LOL .. 0.9.0?

[DaveV1.0]

Because it is generally accepted that the three digit version number system works as major.minor.patch_level. A 0 major version level means the software is still in beta and not fit for production use.

Does that answer your question, Trolio?

Re:LOL .. 0.9.0?

[DaveV1.0]

That would be FireFox version number 28.0.0 and Chrome major version 33, minor version 0, patch level 1750, build 154.

Or, don't you know how version numbers work?

Re:LOL .. 0.9.0?

[QuasiSteve]

Which, in turn, means nothing more than "we think this release is pretty good, but we want everybody to hammer away at it until we can be sure"; which is exactly what happened, and why there was another release. Note that the issue found wasn't nearly as devastating as a myriad of issues surrounding Bitcoin that has nothing to do with the reference client and protocol.

Perhaps it's time to re-evaluate what version numbers actually mean. Or, as many other developers seem to have done, let version numbers go almost entirely.. hide them from view, number releases by date, etc.

Re:LOL .. 0.9.0?

[Archangel+Michael]

Rules and laws aren't for the rich and powerful, they are for us commoners. The rich and powerful have their own rules, which mostly fall around making rules and laws for everyone else to obey. Feinstein didn't care about spying on Americans until it hit her, then she became outraged. The game is corrupted beyond comprehension. The only recourse we have is complete and utter disdain for all rules and laws that are used to control us, that do not apply the rich and powerful.

Re:LOL .. 0.9.0?

[mlw4428]

> If BitCoin was commercial software, no doubt it would be up to Version 7 Professional Platinum Collector's Edition now... but then again, if it was commercial software, it would probably be closed source, and therefore nobody would trust it enough to use it, and we wouldn't be having this conversation.

Because people don't trust software like Microsoft Windows or Epic Systems's EPIC or Autodesk...no sir, no one trusts commercial software. Tell me, when you get done fapping to open source is the napkin you use for clean up GPL compatible?

Re:LOL .. 0.9.0?

Most of Bitcoin's problems aren't with the software. Bitcoin's irrevocable money sends to anonymous remote parties are the con man's dream. At last, you can rip people off without ever giving them enough info to find you. That's why Bitcoin is such a scumbag magnet.

The services necessary to protect the naive will come with time. People will demand security, and the market will provide it (for a fee). Meanwhile, people savvy enough not to send their life savings to self-proclaimed Nigerian princes will be free to manage their own wealth.

Right now, we have systems which protect everyone by default. Unfortunately, this means that the prudent are required to pay extra to cover the losses of the feeble minded. This moral hazard is one reason for the ridiculous transaction fees and invasion of privacy we experience today.

Of course, most people will go begging their governments to "regulate Bitcoin". Those that value liberty will be advised to counter this by supporting the efforts of groups in the community that champion decentralisation and privacy. Fortunately, this includes pretty much all of the core devs at present, so the future of Bitcoin is looking bright indeed.

Re:LOL .. 0.9.0?

[IamTheRealMike]

Most of Bitcoin's problems aren't with the software. Bitcoin's irrevocable money sends to anonymous remote parties are the con man's dream. At last, you can rip people off without ever giving them enough info to find you. That's why Bitcoin is such a scumbag magnet.

You can turn that around and make the same criticism of credit cards, from the sellers perspective. They're also a scumbag magnet. Trying to sell anything with credit cards is a fraud nightmare. Banks routinely approve transactions that are later reversed due to card detail theft, and the seller is just expected to suck it up. I've seen what big sellers have to do to control fraud. And sellers matter: it takes two to tango!

That said, Bitcoin can theoretically do dispute mediated transactions (where they could be reversed later in case of seller fraud). However the user interfaces and workflows for this are immature and so in practice it's not done much today. Perhaps this year we will see that change.

Re:LOL .. 0.9.0?

All of Google is still beta...

Re:LOL .. 0.9.0?

[DaveV1.0]

Staying in the 0.x range for a long time is typical for open-source software -- a lot of packages don't go to 1.0 until they have been in use for many years. It doesn't necessarily imply anything bad (or good) about the reliability of the software.

This is an abuse of the standard version numbering system so that when a critical bug appears, they can say "but it is still in beta so what do you expect". That so much open source software is in perpetual beta is not a good thing, especially when one is trying to sell one's bosses on using it and they see anything under version 1.0.0 as being beta software and thus unreliable.

Personally, I see perpetual beta as an attempt to abdicate responsibility for the software by never saying it is ready for use by the general public. It shows a lack of confidence in the code and the project. And, I see having a major version of zero with a minor version in the triple or quadruple digits as either a failure of project management (via feature creep or failure to keep the project on track), a failure of design (the design is so poor that the software can't pass UAT), or a failure of software development to deliver a product that meets the design specifications.

Re:LOL .. 0.9.0?

[DaveV1.0]

How much would you lose if someone were to publish a way to multiply spend bitcoins, spend phantom bitcoins, or generate spurious transactions using other people's bitcoins?

Re:LOL .. 0.9.0?

Do people expect someone to take seriously a piece of software to manage financial transactions with a version like that?

I think it says something about Slashdot when a comment about 100% arbitrary version numbers... but in Bitcoin... is modded up.

Sorry, but some of us have always looked at BitCoin and thought some combination of "why?" and "no frigging way".

Next time you might convince someone you did some basic research if you spell it "Bitcoin" or "bitcoin".

New stories over the last few months aren't doing anything to change that.

Is there any quantitative evidence that would? It seems like you guys are fishing for complaints, bitter about missing the boat when you first heard about it years ago. At this point you have to either be embarrassed and admit you were wrong, or stubbornly insist that it will crash any day now.

This whole thing sounds like it's several years away from being trustworthy, by which point it will either be regulated by governments, or controlled by corporations.

FUD. It's already regulated at exchanges, but regulating the protocol is impossible.

But, hey, if you want to put your money into a currency which is still getting bug fixes, go right ahead. That's your choice.

Are you the impression that all of the "bugs" in the mainstream financial system have been fixed? They've got project managers from hell - Congress.

Re:LOL .. 0.9.0?

[QuasiSteve]

Oh I do, but what does it actually tell me?

Should I be waiting for build 1 of patch level 1751 because clearly patch level 1750 needed 154 builds just to make it out and I don't know if I can trust a patch level that needs that many builds.

Or better yet, major version 34.0.0.0? Or would that again be bad because first releases are always still going to have residual bugs that don't pop up until millions of people have worked with it?

I know what it technically tells me, but apparently we're mostly going off of psychology here ("0.x means beta means untrustable!").

Re:LOL .. 0.9.0?

[serviscope_minor]

So far nobody has given any reasons why BitCoin is a good idea

It's a good idea because it allows you to send money to anywhere with no fee. Also, it allows you to receive money without having a payment processor take a cut and a risk of charge backs.

Of course those have downsides too, but that's why it is a good idea.

It's also a good idea in that the maths is sound and has no attacks against it (barring the 51% one).

or should be trusted, they've given the intellectual equivalent of "I know you are but what am I".

There's not been a single theortical attack against bitcoin, never mind a practical one. From that point of view, bitcoin is 100% trustworthy. The problems are on the boundaries (exchanges, malware, etc) not with bitcoin itself.

Re:LOL .. 0.9.0?

[reikae]

They work exactly like the developers in question want.

Re:LOL .. 0.9.0?

Indeed, you have to get in early to make money on pyramid schemes, but this downward spiral that hit bitcoin is going to hit any similair coin for the same reasons (in part due to bitcoins legacy, bitcoin really botched this up)

Re:LOL .. 0.9.0?

There has been a double spend before. And there will be again.

http://eprint.iacr.org/2012/248.pdf

Re:LOL .. 0.9.0?

[DaveV1.0]

Seeing as you don't know if there will be a major version 34.0.0.0, or if it will be worth waiting for it, you are asking a foolish question akin to "Should I not date this woman because I might meet someone better later?" Does version 28 do what you need and want while whatever version or other software you are using now doesn't? Yes? Then use it. Otherwise, why change? Version changes are solely due to bugs. New requested features, user requested changes to the UI, even changes in standards or outside APIs can cause a change and thus a version number change.

Your argument relies on ignoring the "why" and "what" of the change while asking "should I adopt the change", making the question unanswerable.

Re:LOL .. 0.9.0?

[hodet]

Whose replacing all of their money with bitcoin? It's not a replacement, it's just another option for some circumstances and it will get better as time goes on. Really, it's not football game, there is no home team, you can use both if you so choose.

Re:LOL .. 0.9.0?

There's not been a single theortical attack against bitcoin, never mind a practical one

LOL ... our hypothetical currency is theoretically secure, so we'll pretend that the actual thefts didn't happen in practice and the BitCoin itself is still secure, unless you try to actually use it??? Is this a perfectly spherical cow?

From that point of view, bitcoin is 100% trustworthy.

Riiight.

The problems are on the boundaries (exchanges, malware, etc) not with bitcoin itself.

So, could I extend your logic to say that in the US is theoretically secure from terrorist attacks, and that the WTC thing was just an attack on the boundaries then?

That the banking system is theoretically secure, and Bernie Madoff and Enron are just an attack on the boundaries then?

As soon as you take BitCoin outside of the realm of being purely hypothetical and theoretical ... it's the boundaries (as you call them) that are the weak points. That doesn't mean the weak points aren't there.

And, from the news reports, in the real world, it's got some pretty major flaws.

Re:LOL .. 0.9.0?

[reikae]

There is no need to covertly adbicate responsibility, when it's spelled out clearly in every license I've ever read that the developers take no responsibility whatsoever.

Re:LOL .. 0.9.0?

[konohitowa]

So, essentially it has nothing to do with facts to you, but rather image. I guess they just need to call it Bitcoin 13.04.

Re:LOL .. 0.9.0?

[sootman]

> So, should everything just be labeled v1.0 eternally
> (or v2.0 for the people who never trust first releases)
> based on the psychological effects of a version number?

Yes. And the price should end in 99. :-)

Re:LOL .. 0.9.0?

[DaveV1.0]

You are confusing a problem fix with a change to cope with improved technology. This is like saying lack of wifi support in software developed before there was wifi is a bug.

Re:LOL .. 0.9.0?

[higuita]

you don't use computer right? when did a version number had anything to do with the quality of the software?

Re:LOL .. 0.9.0?

[DaveV1.0]

Appearances matter. What does it say that the developers and project managers don't think a piece of software is ready after 2, 5, even 10 years of "we think this release is pretty good, but we want everybody to hammer away at it until we can be sure"?

Why is it that the output of the process is never deemed to meet the design specifications? Is it that the specifications keep changing? Is it that the developers aren't up to the task? Is it that the design is fundamentally flawed? Why is it that the software can't pass muster?

Re:LOL .. 0.9.0?

[higuita]

you can fake US dollars ... you can fake a bitcoin ... at least, not yet... maybe with quantum computers?! :)

it is hard to fake US dollars transations ... you can't fake a bitcoin transaction (again, until we get quantum computers!)

you can stole both if the owner is not careful enough

so yes.... theoretically bitcoin is more secure, you have better tools to control it than to control US dollars... now if you are stupid, you may still lose then easily

Re:LOL .. 0.9.0?

[LordLimecat]

0.9.0 usually indicates that the developers themselves dont believe it is production quality.

Re:LOL .. 0.9.0?

[LordLimecat]

It tells you that 28 versions ago Mozilla believed, themselves, that Firefox was ready for production.

Re:LOL .. 0.9.0?

> Nobody has been able to double-spend yet
Yeah. because there wasn't that one update that forked the block chain due to the old version not accepting the larger size of something or other. And it totally didn't result in a fork that appeared valid to a heck of a lot of people. And no one used that time to do transactions on that fork.

Re:LOL .. 0.9.0?

[QuasiSteve]

Your argument relies on ignoring the "why" and "what" of the change while asking "should I adopt the change", making the question unanswerable.

Which is different from what people further up in the comment stream have been trying to say, by ignoring the actual merits of the version and instead concentrating on the version number and equating that to a presumed state, how?

Or is it only special when it's < 1.0 ?

Re:LOL .. 0.9.0?

[LordLimecat]

Its a bad idea because if your money "disappears" during one of those transfers, there isnt any regulation governing "what happens now".

Re:LOL .. 0.9.0?

[QuasiSteve]

Appearances matter. What does it say that the developers and project managers don't think a piece of software is ready after 2, 5, even 10 years

You're still arguing that 0.x means they don't think it's 'ready'. Maybe they really do think that, hell if I know - as per your second paragraph, 'ready' may well be a moving target as it is. Does that mean it "doesn't pass muster"?

How many people adopted Gmail *in production* even though it was in beta, explicitly labeled as such, for years?

OP's beef was clearly entirely based on a version number and a presumed associated state, rather than factual knowledge of the merits of the software and that, as your second paragraph further demonstrates, is far more a psychology thing (based on decades of precedent of labeling) than an actual thing.

Re:LOL .. 0.9.0?

[bill_mcgonigle]

This whole thing sounds like it's several years away from being trustworthy

The currency is trustworthy, to the best of anybody's knowledge. The systems around it are very immature.

Some friends of mine run a medical first aid charity and just yesterday all of their donations were stolen from their blockchain.info account.

Aside: apparently the way this works is you log onto the site and enter your password, and Google Authenticator, and then it downloads your wallet to the local machine, where it's decrypted. At that point the bitcoin malware steals your wallet and passphrase. But, back to the show:

The reddit thread about this event was severe.

What idiots for not having a hot wallet and several cold wallets. What idiots for not printing out their keys on paper and keeping them on a computer instead. What idiots for not booting a brand new machine with Tails, establishing an address, then wiping the hard drive and destroying the WiFi card and only ever using paper to get funds between them!

These redditors are insensitive assholes, but they're probably not wrong. That appears to be the level of security effort necessary to safely use bitcoin. The "be your own bank" mantra means you have to be as good as a bank, but if you are you have the same level of control as a bank.

So, buyer beware: bitcoin is a powerful tool, but so is a four foot chain saw. Use both carefully and appropriately. At some point there will be systems in place to not have to worry so much about these things (just like you can hire a guy to bring you a load of firewood).

Re:LOL .. 0.9.0?

Better link (it doesn't appear your paper's authors actually got a double-spend): https://bitcointalk.org/index....
Note that this happened during a time of transition for the main blockchain, when there were public warnings against trusting transactions too much.

Re:LOL .. 0.9.0?

Bitcoin didn't "botch this up" any more than the internet "botched this up". Mt Gox fucked the pooch with a bunch of people's Bitcoins in the same way that Washington Mutual, & Bear Stearns fucked up with a bunch of people's USD. Unlike USD, Bitcoin only took out the accounts of people who were involved in FOREX trading. Washington Mutual, Bear Stearns, & Company nearly bankrupted the FDIC with their USD shenanigans.

As a result of THEIR failures in 2008, the entire global economy took a nose-dive along with the 401(k)s, IRAs, mutual funds, and collective appraised home-equity values.

During this period, rather than blaming the USD/SWIFT banking network/etc. for fractional reserve lending practices/fiat currency/interest rate manipulations(resulting in market inefficiencies/distortions) leading to "the-single-largest-wealth-transfer-in-human-history" under the TARP bailouts(paying back tax-payer-backed loans made during hyper-deflationary conditions with post-QE-hyper-inflated elastic-currency does NOT count as "paying back the loan") people(rightfully!) blamed BofA, JPM, GS, & company for using government/congress/treasury dept. insiders to funnel money from tax-payer's salary's buying-power(commodity prices++) in to the pockets of stock-holders, hedge-fund managers.

It's called "the inflation tax", and Ron Paul was bemoaning it during the 2007 presidential primaries while Hilary Clinton & Obama were dueling banjos on gun control, ending foreign interventionism(lol jk), closing Guantanamo bay, and government transparency.

While the government kleptocracy/plutocracy market is booming, people would rather talk about the failures of a start-up(GASP!) in an emerging crypto-currency market, & Flight 370(why are my tax-dollars being used to hunt for an airplane which the spy satellites have already located->EXPENSIVE bullshit sock-puppet theater!) rather than talk about shit that matters! You know? Like: WW3/Ukraine or media conglomerates (like Dice Media & Rupert Murdoch) holding a monopoly controlling the topic & direction of public dialogue?

Why should I try to dissuade you from your opinions? Keep talking shit about bitcoin for all I care with your FUD/misinformation. Lower prices for me to buy cheap BTC.

Re:LOL .. 0.9.0?

[Kremmy]

I feel that you likely don't understand the process of development and the meaning of the version number.
The version number, "0.9.0", in this case represents a Pre-Release snapshot of the software code. You can tell because the first number, the Major version number, is 0. This usually means that the software is currently in development and is hopefully actively being worked on. In this case, we're being given information about a NEW release, which is versioned '0.9.0'. In other words, things are progressing in the manner they explicitly should and I take offense that you feel software grows on trees.

Re:LOL .. 0.9.0?

[Kremmy]

The system of rules and laws are really important to bring up in this context, and the reason for that is because of the protections that people enjoy due to the banking system. I've seen some arguments talking about how BitCoin is vulnerable to all kinds of things that fiat isn't, and the reasons they bring up are the banks and the banking system. But the problem with that in my eyes comes from the fact that the fiat currency doesn't have any of those protections whatsoever, they come only from the banking institution, and the banking institution will function similarly no matter what currency the banking system is shuffling around. I submit the global economy and all of the currencies involved in it as proof of concept.

Re:LOL .. 0.9.0?

i'd rather hear from DaveV2.0 after the first round flaws are fixed.

you're an ignorant hypocrite.

Re:LOL .. 0.9.0?

[jones_supa]

There surely is no shortage of angry ACs today.

Re:LOL .. 0.9.0?

[Agent0013]

Rules about how they can't just decide that your money is now their money. Legal oversight.

I think the government can just decide that all your money is now their money. If it's in a bank account they can freeze it without you even getting a trial. Perhaps after a trial you may get it back, but how do you afford your attorney without your money is your problem. And if you have it as cash, the police have seized it without any evidence or trial that it must be drug money and so they can confiscate it. One poor couple I read about was going out to buy a car with cash and had the cops take all their savings.

Because if the bank fucks up there's rules in place for how they deal with it. There's deposit insurance..

FDIC insurance only covers you up to $250,000. That is a lot of money for sure, but for people who have millions it is a poor substitute for losing the rest.

All these things you like about our current banking industry are additions to regular cash, not a part of it. There is nothing stopping these regulations and insurance and rules being added to a digital currency. The cryptocurrency is just a version of cash that can be stored digitally as bits or sent over a wire. The rest of the banking industry would have to be built around it like it is with the US$. It is at the wild wist stage and mostly seems to be speculators at this point, but that doesn't mean there is no place for a digital currency. I think there are speculators that deal in the more traditional country currencies also, or at least in the differences in exchange rates from day to day. The only difference is with Bitcoin there is not enough regular transaction that the speculators end up effecting the price of the currency much more significantly.

Re:LOL .. 0.9.0?

[Agent0013]

After all the revelations about the NSA putting back doors into MS Windows and other crypto or security software, you are seriously trying to say people trust this? All I can say to that is . . . Wow!

Re:LOL .. 0.9.0?

[DaveV1.0]

Oh, there are reasons. Pride, standing, "face".

Re:LOL .. 0.9.0?

Standard version numbering system... is there a draft of this somewhere? Like on IEEE or something?

There's nothing standard about versioning. It's only your perception of whatever standard of whatever hole that you're currently working in.

From where I work, the "standard" version number keeps track of versioning of various components and has nothing to do with major/minor. In the end, no one really gives a rats arse as long as it's documented and the customer knows it's a seperate release.

Go back under your mechanical bridge, you robot troll.

Re:LOL .. 0.9.0?

[DaveV1.0]

Seeing as anything under version 1.0 is considered a beta version, yes. That is the point.

Re:LOL .. 0.9.0?

[DaveV1.0]

If they thought it was ready, they would move it out of beta and give it a version number of one. Otherwise, they are publicly saying, whether they mean to or not, that the software does not pass muster in their own eyes.

A moving target for being "ready" is a sign of bad design and/or bad management.

Many people doing one thing is not a reason nor an excuse to do a different thing. (this is the fallacy that two wrongs make a right)

While you may be right, this is caused by the abuse of the standard version numbering system that is rampant in FLOSS. If you don't want your project to be viewed as immature, beta crap you need to stop labeling it as such and stop complaining that people believe and state that it is just that.

Re:LOL .. 0.9.0?

Read this and then tell me how they are going to do that: http://www.bitcoin.org/bitcoin.pdf

Re:LOL .. 0.9.0?

[serviscope_minor]

Its a bad idea because if your money "disappears" during one of those transfers, there isnt any regulation governing "what happens now".

One of what transfers? The bitcoin protocol is fine: the money won't be lost.

What you are complaining about is unregulated exchanges, not unregulated bitcoin.

Besides the GP asked why it was a good idea.

Re:LOL .. 0.9.0?

Trusting a company's software where that company will not allow you to inspect the code is a bit like trusting a guy that offers to hold and invest your money and pay 7% per week in interest but refuses to disclose any details of the investment.

Re:LOL .. 0.9.0?

Is it possible that you're just impatient; so accustomed to the "intelligent design" approach of a company's closed-source offering that you condemn the "evolutionary" approach of open collaboration based on the time necessary to produce a reliable product?

Allowing a piece of open-source software to mature before going to 1.0.0 is prudent. It's propriatory offerings, competing with one another to wow potential users, that often fail to employ a useful or consistent numbering system.

You shouldn't be trying to sell your boss on using beta software! You're a fine one to rant about responsibility.

Bitcoin is in beta, in fact and in spirit. Any use of the system or protocol should be testing or play. Don't do anything serious with it unless you really know what you are doing and are prepared to accept total loss of any money invested.

Re:LOL .. 0.9.0?

[JesseMcDonald]

Banking laws. Deposit protection. Rules about how they can't just decide that your money is now their money. Legal oversight.

You're talking about online wallets, not Bitcoin. Bitcoin isn't banking, and doesn't have deposits, just a note in a shared database that says a certain number of bitcoins were sent to your address, and can be sent on to someone else if you supply a transaction signed with a certain key (or set of keys). It's all just communication and consensus, which puts any attempt to regulate Bitcoin itself on fairly shaky ground with regard to the First Amendment in the U.S., or freedom of speech in general internationally. Online wallets and exchanges are a different matter, of course—particularly if they deal in national currencies alongside Bitcoin—but you don't have to use them.

Re:LOL .. 0.9.0?

[mlw4428]

Not all software is security or part of the OS. Many bank's software is proprietary and generally runs on mainframes. Having the source code doesn't mean that something is secure and some flaws in software can be used as backdoors. OpenSSH had a major one a while ago which impacted several versions.

I'm not saying open source is less secure -- I'm saying that not all commercial software is a inherently insecure because it's closed source. You're making certain incidences out to be the issue with everyone's software.

Re:LOL .. 0.9.0?

[mlw4428]

The difference is that if there is an issue that damages my company I have a contract wherein I can sue the living shit out of the guy who made the software. I've yet to meet any open source software that doesn't have the disclaimer of "use at your own risk".

Re:LOL .. 0.9.0?

[1s44c]

Have you seen the current banking system? Credit cards have the same username and password. It's written in big numbers on the front of the card. Checks only need one easily faked signature. PIN numbers on bank cards are only 4 digit numbers. Magnetic strip bank cards can be easily copied with cheap equipment. Identity theft is rampant due to insecurity everywhere. North Korea has been printing US dollar notes for years now, the copies are so good US banks can't even tell the difference.

BitCoin, or something like it, has strong advantages over the current insecure mess. It actually uses hard math instead of trivially faked or copied nonsense.

Re:LOL .. 0.9.0?

[1s44c]

Version numbers mean different things to different projects. You might use major.minor.patch_level but you are going to get very confused by a lot of the major projects out there. It's an arbitrary number that increments, anything else is project specific.

Re:LOL .. 0.9.0?

[1s44c]

Are you saying that you would trust it if it was called Bitcoin 500.3?

I think that's the general message here. People are not entirely rational.

Re:LOL .. 0.9.0?

[1s44c]

So would you prefer unstable software labeled "release quality" with a version number of 9.0?

Heh. Windows users. Heh.

Re:LOL .. 0.9.0?

[1s44c]

One pound coins are unsafe and have been for some time, the level of risk is normally acceptable though. Faking physical money has been going on since coin clippers would clip off the edges of roman coins to melt down and make new coins. Don't forget all those fake dollar bills out there? Not seen them? Oh yes you have, you just didn't recognize them.

That kind of thing is mathematically impossible with bitcoin.

Re:LOL .. 0.9.0?

[1s44c]

There's not been a single theortical attack against bitcoin, never mind a practical one

LOL ... our hypothetical currency is theoretically secure, so we'll pretend that the actual thefts didn't happen in practice and the BitCoin itself is still secure, unless you try to actually use it??? Is this a perfectly spherical cow?

That's just like saying cash in a bank vault isn't perfectly secure because you might take it out and give it to con men. It's perfectly safe to use bitcoin, it's not perfectly safe to give it away to snake oil merchants who make empty promises. You have to check who you are dealing with in any matter that involves anything of value. Anyone can setup a respectable looking website.

Re:LOL .. 0.9.0?

[1s44c]

Its a bad idea because if your money "disappears" during one of those transfers, there isnt any regulation governing "what happens now".

That can't happen. Either the transaction is accepted by the network or it's not and you can back out.

Re:LOL .. 0.9.0?

[1s44c]

So, essentially it has nothing to do with facts to you, but rather image. I guess they just need to call it Bitcoin 13.04.

You are exactly right, but don't underestimate the effects of image. Why not just add a 1. to the start of the number? Sun did pretty much that with their Solaris version numbers.

Re:LOL .. 0.9.0?

Version 7 Professional Platinum Collector's Edition

BitCoin Enterprise 7 Multiuser Premium Edition

Please kids, leave the marketing stuff to the pros. "Collectors"..... Sheesh.

Re:LOL .. 0.9.0?

So, buyer beware: bitcoin is a powerful tool, but so is a four foot chain saw. Use both carefully and appropriately. At some point there will be systems in place to not have to worry so much about these things (just like you can hire a guy to bring you a load of firewood).

Using systems capable of protecting you from the myriad of motor-driven sharp edges projecting out of bitcoin destroys all the properties which are supposed to attract you into using bitcoin over conventional currencies in the first place. In other words, by the time we get there, there will be absolutely no point in using bitcoin on the back end because it's just an expensive ledger, and one with some serious policy deficiencies.

(By policy deficiencies I mean that it's impossible to make monetary supply policy one way or the other, you're just stuck with the obviously stupid algorithm pulled out of Nakamoto's ass until you can convince everyone to change, which you won't be able to because internet libertarians.)

Of course, in all likelihood bitcoin will collapse into total irrelevance long before anyone actually puts serious effort into building such systems around it.

Re:LOL .. 0.9.0?

The bitcoin network happily accepts transactions sent to the wrong address, including addresses for which nobody knows the private key. Lots of bitcoins have been blackholed.

This is an inherent "feature" of the bitcoin protocol, as a matter of fact -- you're supposed to be able to create addresses anonymously without transactions showing up, so the network has no fucking clue whether the string of random bits a transaction is sending bitcoins to are an address that someone has claimed.

Re:LOL .. 0.9.0?

[Fr33z0r]

Sorry, but some of us have always looked at BitCoin and thought some combination of "why?" and "no frigging way".

I used to be one of those guys, then I really looked into what it is and how it works and was really, *really* impressed.

This whole thing sounds like it's several years away from being trustworthy, by which point it will either be regulated by governments, or controlled by corporations.

This says it all - it *sounds* like it's untrustworthy, but the reality is that it isn't, otherwise it would be worthless by now (it's open source after all - if it could be picked apart so easy it would have been)

What you're noticing is a slew of bad news tangentially related to the core technology. CPUs aren't at fault for Windows' security failings, HTML's not at fault for IIS, and BitCoin's not broken because MtGox wrote bad code.

Re:LOL .. 0.9.0?

[konohitowa]

Yeah, wasn't that weird? Java even more so, though. Java 2 is 1.2; Java 5 is 1.5. I haven't paid attention - are they still doing that? Personally, I was rather fond of SunOS 4.1.4.

Re:LOL .. 0.9.0?

[Jeremi]

Because people don't trust software like Microsoft Windows or Epic Systems's EPIC or Autodesk...no sir, no one trusts commercial software.

An excellent refutation of a point that was never made. No one would trust closed-source *BitCoin* software. Hell, a lot of people don't trust open-source BitCoin software, which they can audit as thoroughly as they want.

Tell me, when you get done fapping to open source is the napkin you use for clean up GPL compatible?

Tell me, does being an obnoxious prick on the Internet improve your life in any tangible way?

alpha currency

Early adoption is always expensive. At least with bitcoin those early adopters who did/didn't business with Mt. Gox still got to ride the appreciation wave up.

checkpoint

I like this feature:
Add a new checkpoint at block 279,000

Yay! Now I only need to download blocks after 279,000.

Bitcoin the MT Gox edition

https://www.youtube.com/watch?v=-DT7bX-B1Mg

Re:LOL .. Linux 0.11

Do people expect someone to take seriously an operating system with a version like that?

Sorry, but some of us have always looked at Linux and thought some combination of "why?" and "no frigging way".

New exploits over the last few months aren't doing anything to change that.

This whole thing sounds like it's several years away from being trustworthy, by which point it will either be non free, or controlled by corporations.

But, hey, if you want to put your money and time into an OS which is still getting bug fixes, go right ahead. That's your choice.

A Warning to the Uninitiated

If you want to join the experiment and get some Bitcoin, this software is not a good choice for your wallet. The official Bitcoin client does not support any way of securing your Bitcoins against theft through malware. While the wallet can be encrypted, you have to decrypt it to use it, and at that time, your BTC are up for grabs by any of a multitude of BTC stealing trojans. (The official client software is what's called a hot wallet. You shouldn't use a hot wallet for any amount that you can't afford to lose.) Also, backups are an issue. You absolutely have to have a backup, or a hard disk crash or other computer problem can irrevocably wipe out your entire wallet. But backups are difficult with the official Bitcoin client: In order to be sure that all keys are in the backup, you have to keep making backups, because new information is added to the wallet file from time to time, and without that information, you can't access all your BTC.

I'm glad of the version number

[Cro+Magnon]

To me, a version 1.00 means it's not ready for primetime. I'd say that's accurate, even though the crap we're hearing about isn't the software itself.

so much for untracability

[Chrisq]

latest version automatically supplies a refund address

so much for untracability

Re:so much for untracability

[higuita]

all transactions are public... who said that bitcoin aren't traceable? they are anonymous as if you shut up, no one knows to whom that address belongs

Re:so much for untracability

[QuasiSteve]

so much for untracability

Uhm. The public ledger makes it rather explicit that every transaction can be traced between two points.

latest version automatically supplies a refund address

You can always manually specify a refund address, maybe you'll chose the one you already spent from, thus increasing taint.
I..e. Bob sends Bitcoin to Alice, Alice can't deliver the goods and decides to refund, and thus refunds to Bob.

With refund addresses newly generated, people can only see that Alice made another transfer to X. X could be Bob (and if the amount is rather distinguishing, could be a reasonable assumption), but it could be Eve.

Note also that this is just a change in the reference client which can be safely ignored. You don't have to provide a refund address.

It's pretty simple

[SinisterEVIL]

If you truly understand digital currencies then you support them. If you do not understand them, you dislike and distrust them. Do more research.

What is your point?

I guess I don't get what your point is. It is a currency no different than a dollar or peso. It has the benefit of being anonymous and not tied to a world government. Those might not seem important to you but they are, they have the power to make it extremely powerful and useful in many situations. Look at countries that have had their currencies become worthless or inaccessible overnight around the world... nah, an alternative to that wouldn't have been worth more than gold, right? Most currency has value because people believe it does, nothing more. The "protections" are mostly for show as well.

Let's see, I trade stocks pretty heavily and I do OK there, I also invested $500 into some used GPUs and a PSU and set up a smallish farm that generates a few hundred dollars a month at current prices. As an investment it has more than paid off and at a faster and higher percentage than even my more speculative stock investments. I'd say that is reason enough.

Re:What is your point?

I guess I don't get what your point is. It is a currency no different than a dollar or peso. It has the benefit of being anonymous and not tied to a world government. Those might not seem important to you but they are, they have the power to make it extremely powerful and useful in many situations. .

Except that since the block chain is publicly available and includes complete transaction records; it is not actually anonymous, and If you think bitcoin is outside the control of governments you don't understand how governments work (a large economy like the US or China could setup enough mining rigs that they'd control 51% of the network and have total authority over the system). And that's ignoring the much easier and more practical approach of simply passing laws that regulate Bitcoin.

Let's see, I trade stocks pretty heavily and I do OK there, I also invested $500 into some used GPUs and a PSU and set up a smallish farm that generates a few hundred dollars a month at current prices. As an investment it has more than paid off and at a faster and higher percentage than even my more speculative stock investments. I'd say that is reason enough.

In other words, it's been a good speculative investment for you (no one really disputes that you can day trade bitcoin and do well). That however is not indicative of it being a useful currency or even likely to remain a good speculative investment (tulip bulbs being a typical historical example)

Central sofware banker

And the hack-patch-hack cycle goes on... If patches are provided, would that not mean the "currency" is centralize? And would this also mean that BitCoin is actually more of a payment system and investment gimmick than an ACTUAL currency... Funny that investments in it are based on U.S. DOLLARS! How is that getting away from the world standard currency? Seems it is pinned to the value of the U.S. Dollar and that coins are backed by nothing, so where does that leave it? At least my greenbacks are insured!

Re:Central sofware banker

If patches are provided, would that not mean the "currency" is centralize?

Why? That doesn't follow.

And would this also mean that BitCoin is actually more of a payment system and investment gimmick than an ACTUAL currency...

That's the whole idea. If fact, that's the idea behind "ACTUAL" currency too.

Funny that investments in it are based on U.S. DOLLARS!

What do you mean?

How is that getting away from the world standard currency?

What's the world standard currency and why do you feel we're supposed to get away from it?

Seems it is pinned to the value of the U.S. Dollar

No, it's independent of the value of the U.S. Dollar. That's why the price for 1 bitcoin changes.

At least my greenbacks are insured!

What kind of insurance do you have? Do you mean to say that whenever the USD drops in someone gives you more to balance it out? Or do you mean that you are insured against your cash being stolen from you?

Re: Central sofware banker

Well I think I was pretty clear, but I'll have a stab at the nonsense just the same.

Insured = FDIC + Bonds + treasury (issued) inflation protected securities (TIPS bonds)! Done.

It's worse than a government centralized currency, because possibly, a single individual has complete control of the currency through software revisions! An update could render your pervious coins incompatible with the trading system. Not centralized you say? LOL. Done!

The market valuation of BC "is" priced in U.S Dollars, so if the dollar goes up or down, so does the value of BC with respect to buying power, it's no different than oil, it's market price is based in the value of the dollar... Stay in school -or- go back! Done.

It's such a ridiculous argument, and obvious to the educated, that I'll leave it there, as that's plenty for the non-fanboys...

Re:Central sofware banker

[1s44c]

That's so far from the truth on all points it's hard to respond to.

Bitcoin can be changed?

[MrEricSir]

But I was told that manipulating currencies was always bad, and that Bitcoin was completely different than The Dreaded Fed (TM)!

Re:Bitcoin can be changed?

[QuasiSteve]

Of course Bitcoin can be changed. You can make a version of Bitcoin in which, for example, the supply is raised. All you then need to do is convince the network that your version is the authoritative version, and all you need for that is to bribe a few pool operators who have unsurprisingly little interest in that sort of thing happening.

The currency can't practically be manipulated at this time. The market can always be manipulated, of course.

Spaceballs

That is all.

So.... Bitcoin was broken?

[H0p313ss]

A better title would be: Bitcoin protocol is insecure if used badly

Re:So.... Bitcoin was broken?

Some dude promised to give me $1000 if I handed him $800 cash.

He handed me a check and told me he need the cash fast or else he would go to someone else. I couldn't resist such a good deal so I handed him the cash and took the check.

The check bounced and the bank won't listen to my complaints, the checking/banking system is broken.

Re:So.... Bitcoin was broken?

[H0p313ss]

So you're saying Bitcoin makes it even easier to be a complete idiot?

Perhaps I'm misreading your analogy.

And yes... I'm being facetious, it's kind of my thing.

Re:LOL .. Linux 0.11

[LordLimecat]

Version 1.0 of Linux came out 2 years after its initial alpha release in 1992. If you used it in production prior to that you deserved everything you got, because before then even Linus is saying "not production ready" with the version number.

Nice

Now is there a fix for the value of bitcoins being based on nothing more than fairy dust and wishful thinking?

Re:Nice

[1s44c]

All world currencies and share prices are based on wishful thinking. You are not going to get the gold standard back.

Locking the stables....

[unixisc]

....after the Bitcoin horse has bolted

Re:Locking the stables....

[ras]

Yeah, you could be forgiven for thinking that from the headline, or indeed the linked story. Both are wrong.

Yes, there transaction malleability issues were fixed. But no, mtgox woes weren't caused by transaction malleability. Yes, I realise mtgox claims they were, and I realise the popular media swallowed that line without questioning it too much. In reality it was at best tangentially related and mtgox's statements on the issue were PR statements designed to keep customers, not an explanation of what happen. To date they have released any resembling that.

There were a number of transaction malleability problems. The most serious were fixed a year ago. The one fixed a year ago was the bitcoin core software accepted numbers with leading zero's, thus there were several ways to write down the same transaction. This was never intentional, and the fix was to ban numbers with leading zeros. To my knowledge that form of malleability was never exploited. Mtgox's problem was their software produced transactions with leading zero's, so their transactions were rejected by the mining network after the fix. Hackers found a way to exploit that, due to a second bug in the mtgox software.

The headline is also miss-leading on the shear number of changes. Like the web, bitcoin software has several parts. Among them are a GUI client part people use to manage their wallets, a part that can do mining, and a core part the defines the bitcoin protocol and messages. It is the core part that is the equivalent of the HTML 4.01 spec. It was the bit tightened to prevent transaction malleability, a better definition for OP_RETURN and a few other tweaks. The bulk of the changes were in the rest. However, "the rest" is to bitcoin like web browsers, proxies specific servers are to the HTML 4.01 spec. Very few people actually use the reference bitcoin wallet, for instance.

Stop Feeding BTC stories guys

This is a request to ask you guys to join me in Not Commenting on the next BTC ponzi coin story. Let it die peacefully.

welcome to capitalism

It is the way of the free market, create something, market the hell out of it, limit its production driving up demand and value, people are suckers, they buy it up. Then it takes a nose dive, and people are left pissing in the wind, instead of wiping their behinds with wads of cash from there investment.

Bigwigs, companies, investors, stock brokers, and a few Jane/Joe's public who know how the system works, can use it as a free-for-all and make out like fat pigs, the 1%'ers.

A previous comment, wasn't to far off, the virtual currency that is being mined, by hacking peoples computers/devices, it is almost impossible to trace who is stealing/mining it. It is pretty much a ghost currency. And for these very reasons it scares the Feds/government, however I would bet their doing the same. You could get crazy and even mention they may have created the currency to for extra funding, similar to how the CIA funded themselves by becoming drug lords.

"More than half a dozen"

"More than half a dozen"... sounds like "7 or more", amirite?