Let's stop here, this is shared now at least (without unfortunately addressing the intended problem), people like it or not, as they wish, you can't decide for them and it seems like that you pay a very little attention to others' opinions and don't know very well what is going on, ignoring too the use of other modules that goes with it
Le 29/01/2018 à 21:31, Marc Juul a écrit : > > > On Mon, Jan 29, 2018 at 8:30 AM, Aymeric Vitte <vitteayme...@gmail.com > <mailto:vitteayme...@gmail.com>> wrote: > > What do you mean by "since we can't compile it after inspecting > the source code"? > > It's only 1000 lines of javascript for nodejs using two other well > known modules, there is no compilation, you run it like this > > s/compile/minify/ > > Yes it is only 1000 lines, except for that one suspiciously minified > line. I'm sure someone could check it if they really wanted to, but > dang that'd be annoying. At that point they might consider just > re-writing it. > > And there are no plans to package it in a .exe or other for the > very reason that you mention, even if some people asked for it > > And probably it would be good that you take a look at the posting > history and projects of the "someone", as well as what people > think about the tool, before advising what should be on this list > or not > > > Your past posting history does not affect the content of this post. > Neither does other people's opinion of your tool. > > > I indeed did hesitate to post it here because I knew that such > discussions would come, unfortunately shadowing more productive > ones and the interesting part > > > Yes it's unfortunate that you chose to create this code in a away that > it sends you money every time it's used, attempted to use copyright > law to prevent people from changing that fact, and then posted it > here. Don't put the blame on others for discussing that fact. > > > > Le 29/01/2018 à 13:25, Marc Juul a écrit : >> Sure. I do feel like advertising a tool like this goes against >> the spirit of this list. This is someone advertising their own >> for-profit non-open source tool that charges you a percentage fee >> every time you use it and since we can't compile it after >> inspecting the source code there is no way to verify that it >> isn't simply a scam that will steal all of your money at some >> later date. >> >> On Sun, Jan 28, 2018 at 10:24 AM, Yosem Companys >> <ycompa...@gmail.com <mailto:ycompa...@gmail.com>> wrote: >> >> I'm no longer a list moderator, but I can't help but >> intervene here. All of you have been and continue to be great >> contributors to the larger liberationtech community. A >> longstanding participant has created something to try to >> advance the public good. There may be differences in terms of >> how to do it. But we can all speak amicably about the issues. >> >> On Sun, Jan 28, 2018 at 10:16 AM, Aymeric Vitte >> <vitteayme...@gmail.com <mailto:vitteayme...@gmail.com>> wrote: >> >> Sorry I don't get a single thing in your answer, >> apparently you don't >> know what you are talking about (and please keep your >> statements for >> yourself, like "knowledgeable enough" and auditing the >> bitcoin core code) >> >> It's quite easy to check what the module is doing, this >> is "just" >> implementing the bitcoin protocol, which works for quasi >> all of existing >> coins, there are no crypto inventions/tricks, and such >> tool does not >> exist then there is a real added value >> >> Probably you don't know very well the bitcoin world and >> the current >> mess, please read everything again and we could discuss, >> and indeed I >> really care that people don't make mistakes with this module >> >> And see https://github.com/Ayms/bitcoin-wallets >> <https://github.com/Ayms/bitcoin-wallets> or >> https://github.com/Ayms/zcash-wallets >> <https://github.com/Ayms/zcash-wallets> or >> https://github.com/Ayms/cashaddress >> <https://github.com/Ayms/cashaddress> , those ones are >> not trivial at all >> also and completely open source, and btw can be combined >> with the module >> of course as explained, should people read things, >> consider reading the >> "not coming from nowhere" link too and linked issues on >> BTG github rep >> where people commented >> >> See the git history of the README for your last question >> >> >> Le 28/01/2018 à 16:53, Thomas Delrue a écrit : >> > On 01/28/2018 06:22 AM, Aymeric Vitte wrote: >> >> People don't estimate the effort to do such tool, >> which is not >> >> trivial at all given the over complexification of >> bitcoin stuff, and >> >> are trying to cheat modifying the code to remove the >> fees (which is a >> >> bit crazy for such a module and could just result for >> them to send >> >> their coins to some wrong places or have them locked >> somewhere) >> > And so your solution is not to prevent the 'cheating' >> but instead to >> > hide it, wave your hands and say "these are not the >> droids you are >> > looking for, move along"? >> > If that is the case, I have a hard time understanding >> what your >> > value-add is, because your solution has a hard-embedded >> way to cheat, >> > that is fundamental to its operation. >> > Security through obscurity only works for an ever >> diminishing time. >> > >> >> I think it's useless to restart an "open source vs not >> open source" >> >> discussion, open source does not mean secure and easy >> to audit (try >> >> for example to audit the bitcoin core source code and all >> >> dependencies), the only thing that matters is that the >> code is >> >> provided and can be checked, which is the case >> > It is most certainly *not* useless to restart this >> discussion because >> > people still don't "get it". People need to be told >> about it over and >> > over again as demonstrated again right here. >> > >> > The fact that neither you nor I are knowledgeable >> enough to be auditing >> > the BitCoin core source code is not important; what is >> more important is >> > that someone who /is/ capable, has the ability, means >> and access to do >> > so: light works as a disinfectant and your choice to >> hide from the light >> > speaks for itself. >> > >> > Sadly, you also chose to keep something related to >> crypto (generation of >> > hashes) in an inaccessible state. If anything, this is >> the part that >> > should be made most easy to audit to those with >> expertise in that area >> > since it is the thing that will provide 'trust' to your >> system. Since >> > you're dealing with money, I'm pretty convinced that it >> is incredibly >> > important to you that people trust your implementation. >> > >> > Keeping a part, crucial to said trust, inaccessible is >> a big red flag to >> > me because chances are, you're rolling your own >> crypto/hashing. And as >> > we all (should) know: unless you are or have a team >> cryptographers that >> > do this for a living, rolling your own encryption will >> result in enCRAPtion. >> > If you're not rolling your own and are using a >> standard, then why not >> > make that easy to figure out and audit? >> > >> > Are you or do you employ one or more cryptographers? >> > >> >> In the first versions we stated something like "Should >> this project >> >> be funded we will remove the dev fees and it will >> become fully open >> >> source" >> > Where exactly is this stated? I can't find it if I >> search your github >> > spot for the term "source": >> > >> https://github.com/Ayms/bitcoin-transactions/search?q=source >> <https://github.com/Ayms/bitcoin-transactions/search?q=source> >> > >> >> -- >> Bitcoin transactions made simple: >> https://github.com/Ayms/bitcoin-transactions >> <https://github.com/Ayms/bitcoin-transactions> >> Zcash wallets made simple: >> https://github.com/Ayms/zcash-wallets >> <https://github.com/Ayms/zcash-wallets> >> Bitcoin wallets made simple: >> https://github.com/Ayms/bitcoin-wallets >> <https://github.com/Ayms/bitcoin-wallets> >> Get the torrent dynamic blocklist: >> http://peersm.com/getblocklist >> Check the 10 M passwords list: http://peersm.com/findmyass >> Anti-spies and private torrents, dynamic blocklist: >> http://torrent-live.org >> Peersm : http://www.peersm.com >> torrent-live: https://github.com/Ayms/torrent-live >> node-Tor <https://github.com/Ayms/torrent-livenode-Tor> : >> https://www.github.com/Ayms/node-Tor >> <https://www.github.com/Ayms/node-Tor> >> GitHub : https://www.github.com/Ayms >> >> -- >> Liberationtech is public & archives are searchable on >> Google. Violations of list guidelines will get you >> moderated: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >> <https://mailman.stanford.edu/mailman/listinfo/liberationtech>. >> Unsubscribe, change to digest, or change password by >> emailing the moderator at zakwh...@stanford.edu >> <mailto:zakwh...@stanford.edu>. >> >> >> >> -- >> Liberationtech is public & archives are searchable on Google. >> Violations of list guidelines will get you moderated: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >> <https://mailman.stanford.edu/mailman/listinfo/liberationtech>. >> Unsubscribe, change to digest, or change password by emailing >> the moderator at zakwh...@stanford.edu >> <mailto:zakwh...@stanford.edu>. >> >> >> >> > > -- > Bitcoin transactions made simple: > https://github.com/Ayms/bitcoin-transactions > <https://github.com/Ayms/bitcoin-transactions> > Zcash wallets made simple: https://github.com/Ayms/zcash-wallets > <https://github.com/Ayms/zcash-wallets> > Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets > <https://github.com/Ayms/bitcoin-wallets> > Get the torrent dynamic blocklist: http://peersm.com/getblocklist > Check the 10 M passwords list: http://peersm.com/findmyass > Anti-spies and private torrents, dynamic blocklist: > http://torrent-live.org > Peersm : http://www.peersm.com > torrent-live: https://github.com/Ayms/torrent-live > <https://github.com/Ayms/torrent-live> > node-Tor : https://www.github.com/Ayms/node-Tor > <https://www.github.com/Ayms/node-Tor> > GitHub : https://www.github.com/Ayms > > > -- > Liberationtech is public & archives are searchable on Google. > Violations of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > <https://mailman.stanford.edu/mailman/listinfo/liberationtech>. > Unsubscribe, change to digest, or change password by emailing the > moderator at zakwh...@stanford.edu <mailto:zakwh...@stanford.edu>. > > > > -- Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions Zcash wallets made simple: https://github.com/Ayms/zcash-wallets Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets Get the torrent dynamic blocklist: http://peersm.com/getblocklist Check the 10 M passwords list: http://peersm.com/findmyass Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org Peersm : http://www.peersm.com torrent-live: https://github.com/Ayms/torrent-live node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing the moderator at zakwh...@stanford.edu.
