From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WCen1-0002GZ-AD for bitcoin-development@lists.sourceforge.net; Mon, 10 Feb 2014 00:31:59 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of riseup.net designates 198.252.153.129 as permitted sender) client-ip=198.252.153.129; envelope-from=odinn.cyberguerrilla@riseup.net; helo=mx1.riseup.net; Received: from mx1.riseup.net ([198.252.153.129]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1WCen0-0002kX-18 for bitcoin-development@lists.sourceforge.net; Mon, 10 Feb 2014 00:31:59 +0000 Received: from fulvetta.riseup.net (fulvetta-pn.riseup.net [10.0.1.75]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 0A872512E8; Sun, 9 Feb 2014 16:31:52 -0800 (PST) Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: odinn.cyberguerrilla@fulvetta.riseup.net) with ESMTPSA id C38D217B Received: from localhost (127.0.0.1) (SquirrelMail authenticated user odinn.cyberguerrilla) by fulvetta.riseup.net with HTTP; Sun, 9 Feb 2014 16:31:51 -0800 Message-ID: Date: Sun, 9 Feb 2014 16:31:51 -0800 From: "Odinn Cyberguerrilla" To: unsystem@lists.dyne.org User-Agent: SquirrelMail/1.4.21 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: clamav-milter 0.97.8 at mx1 X-Virus-Status: Clean Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.1 (--) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [198.252.153.129 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.6 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines X-Headers-End: 1WCen0-0002kX-18 Cc: bitcoin-development@lists.sourceforge.net Subject: [Bitcoin-development] Malware authors and best practices for addressing the issue from development / licensing perspective or other X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Feb 2014 00:31:59 -0000 Hello, I have a request, which is how do developers address the circumstance in which someone utilizes your code as part of some effort to deprive (or steal as the case may be) someone of their bitcoin? This hasn't happened to me, but I have posed a question about it at bitcointalk: https://bitcointalk.org/index.php?topic=3D454903.msg5045596#msg5045596 It was prompted by the apparent use of sx by a malware author who then generated something called Stealthbit (which is malware, and which no-one should touch). [fortunately I have not tried to access or use Stealthbit.) However, this is a question that also touches on bitcoin development generally, due to that (it's happened before, it will happen again, etc.) people may end up using bitcoin code (if they haven't already) to develop something else that would then be used expressly to deprive someone of their bitcoins (such as steal them, but I am not thinking only of theft here). My question for developers is: Given that code is open source and anything can be done with it, good or bad, what are common development approaches to mitigate or potentially prevent malware authors from being able to easily appropriate the code you develop? I realize this question may sound dumb and out of place being that it is pretty obvious that code which is developed in a free, open source contex= t can technically be used for anything. However, beyond suggesting that people just go to bitcoin.org for wallet technology, what can be done in the development community that would lessen the likelihood that the code you develop might be "misappropriated?" Please note: I am not sure how this issue might be approached from a development perspective, or license (MIT, Affero GPL, etc.) perspective, or any other perspective.. I'm just asking the question. I support bitcoin and other decentralized currency efforts including walled development such as darkwallet, and I appreciate what you all are doing. Maybe I'm asking the wrong question and it shoul= d be put another way, but I hope you will rephrase my question(s) in a way that makes more sense in the context of the list discussion here. Thanks for your work.