1001
|
Bitcoin / Technical Support / Re: bitcoind & JSON-RPC PHP error handling problem
|
on: November 16, 2011, 10:43:14 PM
|
bitcoind follows the JSON-RPC-over-HTTP spec for reporting errors, but it sounds like Sergio's library follows a different spec. You're not the first person to complain that bitcoind returns HTTP error codes; here's a one-line patch to change that behavior with a "-rpcerrorstatus=200" argument/option: diff --git a/src/bitcoinrpc.cpp b/src/bitcoinrpc.cpp index 31ef725..447b55c 100644 --- a/src/bitcoinrpc.cpp +++ b/src/bitcoinrpc.cpp @@ -2088,6 +2088,9 @@ void ErrorReply(std::ostream& stream, const Object& objError, const Value& id) if (code == -32600) nStatus = 400; else if (code == -32601) nStatus = 404; string strReply = JSONRPCReply(Value::null, objError, id); + + // Allow overriding the HTTP status response: + nStatus = GetArg("-rpcerrorstatus", nStatus); stream << HTTPReply(nStatus, strReply) << std::flush; }
Let me know if that solves the problem and/or if it causes any other issues; if it doesn't, I'll submit it as a PULL request.
|
|
|
1003
|
Bitcoin / Development & Technical Discussion / Re: Please help test:Bitcoin versions 0.4.1 and 0.5
|
on: November 16, 2011, 04:48:25 PM
|
I have upgraded to RC5 0.5 XP SP 3. I have encrypted the wallet. How do I know if it worked for sure?
To be absolutely sure, you need to extract your private keys and then run a tool to look for them in your wallet.dat file (or other files on your disk). If you are able to compile a custom version of bitcoin and run python, here's how: https://gist.github.com/1361001If you can't compile a custom version of bitcoin or run python code, then you'll have to trust other people to thoroughly test.
|
|
|
1005
|
Bitcoin / Development & Technical Discussion / Re: Microsoft Researchers Suggest Method to Improve Bitcoin Transaction Propagation
|
on: November 15, 2011, 02:09:33 PM
|
Has Gavin left a message about this topic somewhere?
No, I've been busy. Although I have in the past said that I'm worried about long-term incentives for relaying transactions (and am not worried at all about the block reward dropping and being replaced by fees). I skimmed the paper, and I'm really pleased to see very smart people thinking hard about the incentive structures built-in to Bitcoin. I think most people see all the digital signatures and peer-to-peer networking technology but miss that much of the brilliance of Bitcoin is how the incentives are designed. Overall, I think the paper is most valuable as a demonstration of how to prove that a particular solution to the problem could work-- whether or not the particular solution the authors propose (rewarding the relaying nodes) is the "best" solution I'm not sure -- there are lots of dimensions of 'goodness' here -- lowest cost, fastest transaction confirmations, easiest to implement, most compatible with the network we have now, etc. A while ago I proposed another potential solution: have relaying clients drop their connection to 'greedy' nodes. If you have a node that sends you new blocks but isn't relaying you new transactions, maybe drop your connection to it and ban it's IP address from re-connecting to you for a while. Or maybe don't relay (or relay after delaying a couple of minutes) new-block messages that you first see from that node. The idea is that a mild dis-incentive should be sufficient to encourage nodes to do the right thing and relay all valid transactions and blocks. Figuring out "isn't relaying you new transactions" in a spoof-proof way would be a little tricky-- you want to see real transactions, not miner-generated "I'm pretending to be a good network citizen" transactions. A scheme where you relay transactions to half of your peers and then monitor the other half to see if you receive the transaction back from them should work to detect nodes that are relaying many-fewer-than-normal transactions or blocks.
I've also said repeatedly in the past I'd like to see more diversity in the networks used to transmit bitcoin transactions/blocks (with bridges between them so we're all working on the same block-chain). There doesn't have to be just one right answer to this problem, and I would love to see people simulate or experiment with variations on the existing network protocol or radically different protocols.
|
|
|
1007
|
Bitcoin / Development & Technical Discussion / Re: bitcoin:<action>:<address>:<amount>:<comment> Web-based protocol
|
on: November 14, 2011, 06:51:10 PM
|
Spesmilo has supported URIs for months. The Satoshi client devs don't want to.
Huh what? Version 0.5 supports drag-and-drop of bitcoin: URIs. And there's a pull request pending for click-to-pay support. Security. Shortly after the first URI usage will be the first URI malware. Likely not something that should be rushed into. Of course it is open source so you can make a URI capable client. If the URI is only used in a user-mediated way, i.e., you click a payment button, and get a dialog from your client, then where is the security problem? Or do you mean script injection of some sort? Sanitizing the URI inputs shouldn't be too difficult… or am I missing something here? One fear is bitcoin-address-rewriting malware, like the URL-rewriting phishing malware we have today. Actually, combining the two would be very effective (direct the user to a phishing site where all the bitcoin: URIs pay or donate to the scammers). We need better ways users can be certain they are paying who they think they are paying.
|
|
|
1008
|
Bitcoin / Development & Technical Discussion / Re: Wallet encryption issue
|
on: November 12, 2011, 05:30:02 PM
|
Code review and testing for the proposed fix is welcome: https://github.com/gavinandresen/bitcoin-git/tree/encryptionbugHere's how I tested: I dumped private keys from an unencrypted wallet (using bitcointools). I wrote a little tool that took a list of private keys and a filename and reported whether or not the 32-bytes of any of the private keys appears anywhere in the file. I also hacked a copy of bitcoin to dump any newly-generated-private keys into debug.log before they are encrypted and written to disk. I verified that new keys for an encrypted wallet are never written to any of the Berkeley DB database files by encrypting the wallet, invalidating all of the existing keypool keys, generating new, encrypted keypool keys, sending bitcoins to a new, encrypted key, and checking all of the files for any unencrypted copies of the new private key. So the problem became how to deal with old, previously-unencrypted keys that were ending up in the wallet.dat file. I hoped that telling Berkeley DB to 'compact' the file would remove the 'slack' space that contained the old data (the root of the problem is BDB doesn't actually completely delete/overwrite data when you delete a key/value pair; if I missed a setting that makes it do that, please let me know). Doing that reduced the number of old private keys found by my tool, but didn't eliminate the problem. Pieter worked on a different solution in parallel-- completely rewriting the database to a new file when encryption is turned on, then, assuming the rewrite succeeds (we trust BDB to do what a database is designed to do-- reliably write data to the disk), replace the old wallet.dat with the new wallet.dat.rewrite. During that process, all keypool keys are marked as 'used' (which actually means just not writing a 'pool' entry for them in wallet.dat.rewrite). That works-- no old private keys made it into the new wallet.dat. But during testing I ran into two issues: 1) The wallet.dat file isn't the only place the old private keys were found; the database transaction log (database/log.000..N) and some of the __db.00N files also contained them. Adding a call to remove() the database environment at shutdown fixed the __db.00N issue; I had to write code to remove the database/log.000..N file on clean shutdown. 2) If more wallet database operations were performed after the rewrite (I had written code to top-up the keypool with new, secure keys before locking the wallet), old private keys could end up in the new wallet.dat. To fix both of those issues, we modified the code so that a shutdown happens after wallet re-encryption. ... which reminds me of something else I need to test: if you startup with a wallet encrypted by bitcoin versions 0.4.0 or 0.5.0, the wallet is re-encrypted and all of your old keypool keys are considered used. (I believe it does not shutdown after doing that, though, but it should)
We've never made any guarantees that unencrypted private keys will not end up on your hard disk; if you have a virus on your system that can directly read blocks off your hard disk then it can almost certainly also read system memory, and could steal your wallet passphrase the first time you sent bitcoins. Filling up free space on your disk (as suggested in this thread) might work, but it is a much better idea to send all of your bitcoins to new, 'born-encrypted' keys. Once fixed binaries are available, that will be easy-- just upgrade and then send all of your bitcoins to yourself, using newly-generated addresses.
Suggestions for more radical solutions, like storing private keys in a separate file, are out of scope. We got what we got; I personally think that a really good "deterministic private keys" solution, where the private keys for your wallet are derived from a passphrase that is only in your head (and maybe written down and stored in your safe deposit box) would be a better use of developer time rather than reworking how we store private keys on disk. Even better would be further work on multisignature/multidevice solutions so even if your private keys are compromised an attacker can't spend your coins.
|
|
|
1009
|
Bitcoin / Bitcoin Discussion / Re: Wallet encryption bug found (IMPORTANT!)
|
on: November 12, 2011, 04:46:31 PM
|
Features seem to be considered stable way too quickly. I'd like a version scheme like this: - Add new features to 0.5. - At some point, stop adding new features to 0.5 and call that the "unstable" release. Start adding new features to 0.6. - 0.4 remains the "stable" release for at least 6 months, and it is recommend that newbies use this version. The unstable version is also available in binary form and can be easily used. - Once 0.5 has been unstable for 6+ months, call that one stable. - As many past 0.x releases as possible continue to get bugfixes for people who like to use really stable software.
I'm still using 0.3.19, and it works fine with only a few modifications. I avoided several bugs by doing this.
Once this problem is fixed, it would be a good idea to issue an alert for users of affected versions. Maybe not many users are affected, but it seems irresponsible to not notify these users when they can be notified.
Luke-Jr is planning on supporting 0.4-based releases (finding somebody to fix wxWidgets-related bugs is an issue, though). The issue I have with calling any pre-1.0-release 'stable' is it implies a level of maturity that I don't think we're at yet. I can see 1-year develompment->unstable->stable release cycles once we're at a solid Bitcoin 1.0 release that I can actually feel comfortable recommending to my non-geek relatives. My fear is that developers would happily code away and use the development branch, bugs would pile up against the unstable branch (and would get ignored because developers were happily coding away on dev, and nobody really wants to do bug fixing or QA testing), and unstable would never become stable enough to tag 'stable.' But I've never led an open source software project before, so I might very well be wrong (best way to convince me is to point to other small open source projects that we can emulate-- I don't think emulating big projects like Ubuntu will work). I agree that when a fix has been tested and is available an alert to the affected versions is a good idea. IMO, You guys need to figure out an organized way to fund Gavin's work. IIRC, Gavin is paid full time for Bitcoin development as well as some other guy for Bitcoin QA. Unfortunately, TruCoin ran into a funding crunch because an investor got cold feet and had to stop paying for anything besides directly-related-to-TruCoin work.
|
|
|
1010
|
Bitcoin / Bitcoin Discussion / Re: Wallet encryption bug found (IMPORTANT!)
|
on: November 12, 2011, 12:00:42 AM
|
This issue can be "worked around" by generating a new address and sending all bitcoin there.
That's not quite right-- you need to exhaust all of the keys in your 'key pool' to be safe, so you'd have to ask for 101 new keys. Part of the fix is marking all of the keys in the keypool as used.
|
|
|
1011
|
Bitcoin / Bitcoin Discussion / Wallet encryption bug found (IMPORTANT!)
|
on: November 11, 2011, 09:57:20 PM
|
A serious bug was been found in the "encrypt wallet" function of bitcoin versions 0.4 and 0.5: private keys may be left unencrypted in the wallet.dat file after encryption. If your encrypted 0.4 wallet file is stolen, an attacker may be able to recover some or all of your private keys and steal some or all of your bitcoins. The development team has been working on fixes for bitcoin versions 0.4 and 0.5, but it will take at least a few days to test them thoroughly. Until they are available, you should assume that your 'encrypted' wallets are as vulnerable as an unencrypted wallet, and follow all the best practices for keeping them safe (see here for a list). It is embarrassing and astonishing that this critical a bug was not caught before the 0.4 release; constructive suggestions on how to improve the testing and release processes that do not assume access to hundreds of thousands of dollars of funds to hire security consultants or QA teams are welcome. Getting sufficient testing of code BEFORE it is released has been a chronic problem for this project.
|
|
|
1013
|
Bitcoin / Alternative clients / Re: Request for Standardization
|
on: November 10, 2011, 02:24:28 PM
|
@Gavin Andresen I've been making slow but steady progress on my at-the-network-level testing tool. [...]
What's working: python-based code that serializes/deserializes messages in both bitcoin's binary format (to talk to the node being tested) and JSON (so it is easy for us humans to tweak/examine test data). Connecting and requesting all blocks.
Where can I get my hands on that? I was looking for something like this for a long while. https://github.com/gavinandresen/Bitcoin-protocol-test-harnessStart with dumpblocks.py
|
|
|
1014
|
Bitcoin / Development & Technical Discussion / Re: [PULL] private key and wallet export/import
|
on: November 09, 2011, 10:30:07 PM
|
No issues with export wallets/private keys. I share gmaxwell's concerns about making it easy to shoot yourself in the foot, but most of us are grown-ups and if you're talking using the RPC interface there are already plenty of ways to shoot your feet.
Remove private key I had issues with, because if you're using the 'accounts' feature then removing keypairs from a wallet (and their associated transactions) does unpredictable things to account balances. At the very least, I think it should tell you what effects it had. Maybe a JSON result that tells you how account balances changed, e.g. { "" : 1, "John's Wallet" : 6.2, etc.}. That way, if it had an unexpected effects you would know to restore the wallet from backup.
And it seems like 'sweep private key' and 'merge wallets' is really the functionality most people want, not import private key/wallet keys. The only issue I have with them is they are slow because of the rescanning of the block chain, and they may not work or may not be secure if you don't happen to have the whole block chain downloaded.
|
|
|
1015
|
Bitcoin / Bitcoin Discussion / Re: Preinstalling bitcoin client
|
on: November 08, 2011, 02:03:39 PM
|
This would be a good bitcoin.stackexchange.com question.
Do what deepceleron says... although you might want to copy JUST the two blk*.dat files (you don't need addr.dat or the database/ subdirectory).
|
|
|
1017
|
Economy / Goods / [WTS] HP 530 LAPTOP
|
on: November 07, 2011, 08:49:59 PM
|
I purchased this laptop: http://www.ebay.com/itm/290608305269... to do Bitcoin 'gitian' builds. It's a perfectly good laptop, runs nicely, but I'm re-selling it because its Core Duo CPU can't do 64-bit builds. Specs are: 1.83 Mhz Core Duo processor 120GB memory 2G disk Wifi Running Ubuntu 11.04, includes laptop, battery and power supply. Asking 50 BTC, I'll pay shipping anywhere in the US; if I don't get any takers here, I'll re-auction it on Ebay on Friday, Nov 11.
|
|
|
1019
|
Bitcoin / Development & Technical Discussion / Re: Bitcoin v0.4.0 (Linux) stale connections handling
|
on: November 06, 2011, 05:55:57 PM
|
Any Bitcoin developers care to fix this problem?
Let me think... a problem that affects a small number of people... means you end up with 8 connections instead of more than 8... and has an easy, obvious workaround... and if fixed will be difficult to test thoroughly... Not high on my priority list. Things that ARE high on my priority list: + Getting the 0.5 release out the door + Improving initial startup and block download times + Solutions for wallet security and backup
|
|
|
1020
|
Bitcoin / Pools / Re: Mining pool support for multisignature transactions
|
on: November 04, 2011, 09:24:55 PM
|
I just mean make a new tx after each new block appears or at least at some regular interval so we can test building blocks knowing that one of these new tx types is included. Actually if there's an rpc call available to create one that would work as well... Then people testing can just create one when they need it.
I'm proposing one new RPC command: 'addmultisigaddress' ... that combines several public keys into one BIP 13 -style newfangled bitcoin address. You get the public keys from the 'validateaddress' RPC command, which I've extended to give the full public key if you give it one of your bitcoin addresses. I extended the 'send*' RPC commands so they know how to send to the newfangled bitcoin addresses, and can send coins you received as multisignature transactions if you hold all the corresponding private keys (listtransactions will also show you them, getbalance counts them in your balance, etc). So yes, anybody can generate new transactions to test... Alan Reiner is proposing BIP 10 as the 'real' way to get multisignature transactions signed and spent: https://gist.github.com/1321518(no implementation yet, as far as I know).
|
|
|
|