public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: "Odinn Cyberguerrilla" <odinn.cyberguerrilla@riseup.net>
To: unsystem@lists.dyne.org
Cc: bitcoin-development@lists.sourceforge.net
Subject: [Bitcoin-development] Malware authors and best practices for addressing the issue from development / licensing perspective or other
Date: Sun, 9 Feb 2014 16:31:51 -0800	[thread overview]
Message-ID: <e7fa1100d6d6077002a3c04f4fbf0f49.squirrel@fulvetta.riseup.net> (raw)

Hello,

I have a request, which is how do developers address the circumstance in
which someone utilizes your code as part of some effort to deprive (or
steal as the case may be) someone of their bitcoin?

This hasn't happened to me, but I have posed a question about it at
bitcointalk:

https://bitcointalk.org/index.php?topic=454903.msg5045596#msg5045596

It was prompted by the apparent use of sx by a malware author who then
generated something called Stealthbit (which is malware, and which no-one
should touch).  [fortunately I have not tried to access or use
Stealthbit.)  However, this is a question that also touches on bitcoin
development generally, due to that (it's happened before, it will happen
again, etc.) people may end up using bitcoin code (if they haven't
already) to develop something else that would then be used expressly to
deprive someone of their bitcoins (such as steal them, but I am not
thinking only of theft here).  My question for developers is:  Given that
code is open source and anything can be done with it, good or bad, what
are common development approaches to mitigate or potentially prevent
malware authors from being able to easily appropriate the code you
develop?

I realize this question may sound dumb and out of place being that it is
pretty obvious that code which is developed in a free, open source context
can technically be used for anything.  However, beyond suggesting that
people just go to bitcoin.org for wallet technology, what can be done in
the development community that would lessen the likelihood that the code
you develop might be "misappropriated?"  Please note: I am not sure how
this issue might be approached from a development perspective, or license
(MIT, Affero GPL, etc.) perspective, or any other perspective.. I'm just
asking the question.  I support bitcoin and other decentralized currency
efforts including walled development such as darkwallet, and I appreciate
what you all are doing.  Maybe I'm asking the wrong question and it should
be put another way, but I hope you will rephrase my question(s) in a way
that makes more sense in the context of the list discussion here.

Thanks for your work.




                 reply	other threads:[~2014-02-10  0:31 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e7fa1100d6d6077002a3c04f4fbf0f49.squirrel@fulvetta.riseup.net \
    --to=odinn.cyberguerrilla@riseup.net \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=unsystem@lists.dyne.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox