From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Vz8hX-0001OP-4z for bitcoin-development@lists.sourceforge.net; Fri, 03 Jan 2014 17:38:27 +0000 X-ACL-Warn: Received: from nl.grid.coop ([50.7.166.116]) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1Vz8hU-0006m9-GC for bitcoin-development@lists.sourceforge.net; Fri, 03 Jan 2014 17:38:27 +0000 Received: from localhost (localhost [127.0.0.1]) (uid 1000) by nl.grid.coop with local; Fri, 03 Jan 2014 11:38:17 -0600 id 000000000006E26E.0000000052C6F589.00006EB2 Date: Fri, 3 Jan 2014 11:38:17 -0600 From: Troy Benjegerdes To: Drak Message-ID: <20140103173817.GN3180@nl.grid.coop> References: <1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net> <52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org> <20131212205106.GA4572@netbook.cypherspace.org> <20140103054515.GL3180@nl.grid.coop> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.5 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1Vz8hU-0006m9-GC Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org, your thoughts? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jan 2014 17:38:27 -0000 On Fri, Jan 03, 2014 at 09:59:15AM +0000, Drak wrote: > On 3 January 2014 05:45, Troy Benjegerdes wrote: > > > On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote: > > > On Tue, Dec 31, 2013 at 5:39 AM, Drak wrote: > > > > The NSA has the ability, right now to change every download of > > bitcoin-qt, > > > > on the fly and the only cure is encryption. > > > > No, the only cure is the check the hashes. We should know something > > about hashes here. TLS is a big pile of 'too big to audit'. Spend > > a couple of satoshis and put the hash of the source tar.gz and the > > binaries in the blockchain. Problem solved. > > > Which is why, as pointed out several times at 30c3 by several renowned > figures, why cryptography has remained squarely outside of mainstream use. > It needs to just work and until you can trust the connection and what the > end point sends you, automatically, it's a big fail and the attack vectors > are many. > > I can just see my mother or grandma manually checking the hash of > a download... 'make' should check the hash. The binary should check it's own hash. The operating system should check the hash. How about if I sell your Grandma an android table loaded only with free software, and use the existing infrastructure android provides to only allow software to be installed that can be integrity-verified from a public key that can be downloaded from the blockchain? Would you pay $50 (or 2 litecoin) more for at tablet with free software that protects you and your grandma's interests, rather than selling them to google/apple/microsoft? I'm working on eventually being able to build hardware for which the entire design specifications, from case to cpu core verilog, all they way up to the pre-installed cryptographic currency wallet(s) are all signed and released as part of the Debian archive. But I need people like you to explain to your Grandma why this hardware costs more than hardware that monetizes eyeballs and sells your private information to the highest bidder.