On Fri, Jan 03, 2014 at 09:59:15AM +0000, Drak wrote: > On 3 January 2014 05:45, Troy Benjegerdes <ho...@hozed.org> wrote: > > > On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote: > > > On Tue, Dec 31, 2013 at 5:39 AM, Drak <d...@zikula.org> wrote: > > > > The NSA has the ability, right now to change every download of > > bitcoin-qt, > > > > on the fly and the only cure is encryption. > > > > No, the only cure is the check the hashes. We should know something > > about hashes here. TLS is a big pile of 'too big to audit'. Spend > > a couple of satoshis and put the hash of the source tar.gz and the > > binaries in the blockchain. Problem solved. > > > Which is why, as pointed out several times at 30c3 by several renowned > figures, why cryptography has remained squarely outside of mainstream use. > It needs to just work and until you can trust the connection and what the > end point sends you, automatically, it's a big fail and the attack vectors > are many. > > <sarcasm>I can just see my mother or grandma manually checking the hash of > a download... </sarcasm>
'make' should check the hash. The binary should check it's own hash. The operating system should check the hash. How about if I sell your Grandma an android table loaded only with free software, and use the existing infrastructure android provides to only allow software to be installed that can be integrity-verified from a public key that can be downloaded from the blockchain? Would you pay $50 (or 2 litecoin) more for at tablet with free software that protects you and your grandma's interests, rather than selling them to google/apple/microsoft? I'm working on eventually being able to build hardware for which the entire design specifications, from case to cpu core verilog, all they way up to the pre-installed cryptographic currency wallet(s) are all signed and released as part of the Debian archive. But I need people like you to explain to your Grandma why this hardware costs more than hardware that monetizes eyeballs and sells your private information to the highest bidder. ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
