diff options
author | Mike Hearn <mike@plan99.net> | 2013-07-09 13:18:07 +0200 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2013-07-09 11:18:18 +0000 |
commit | 6c242220779434a4155bf48118797e4be122385e (patch) | |
tree | f42f865c8d22fdd037b51dfc5f714238af2612ad | |
parent | 6ab3cbcc099ca53b2352012fdf65adecea8eb844 (diff) | |
download | pi-bitcoindev-6c242220779434a4155bf48118797e4be122385e.tar.gz pi-bitcoindev-6c242220779434a4155bf48118797e4be122385e.zip |
Re: [Bitcoin-development] Proposal: MultiBit as default desktop client on bitcoin.org
-rw-r--r-- | 17/5ff62ff702b9722e9dc97bfb70892b3af8d239 | 843 |
1 files changed, 843 insertions, 0 deletions
diff --git a/17/5ff62ff702b9722e9dc97bfb70892b3af8d239 b/17/5ff62ff702b9722e9dc97bfb70892b3af8d239 new file mode 100644 index 000000000..dfc20c327 --- /dev/null +++ b/17/5ff62ff702b9722e9dc97bfb70892b3af8d239 @@ -0,0 +1,843 @@ +Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] + helo=mx.sourceforge.net) + by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) + (envelope-from <mh.in.england@gmail.com>) id 1UwVw2-0008NW-1w + for bitcoin-development@lists.sourceforge.net; + Tue, 09 Jul 2013 11:18:18 +0000 +Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com + designates 209.85.219.46 as permitted sender) + client-ip=209.85.219.46; envelope-from=mh.in.england@gmail.com; + helo=mail-oa0-f46.google.com; +Received: from mail-oa0-f46.google.com ([209.85.219.46]) + by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) + (Exim 4.76) id 1UwVvw-0001e3-NO + for bitcoin-development@lists.sourceforge.net; + Tue, 09 Jul 2013 11:18:18 +0000 +Received: by mail-oa0-f46.google.com with SMTP id h1so7709888oag.5 + for <bitcoin-development@lists.sourceforge.net>; + Tue, 09 Jul 2013 04:18:07 -0700 (PDT) +MIME-Version: 1.0 +X-Received: by 10.60.133.44 with SMTP id oz12mr23551105oeb.62.1373368687173; + Tue, 09 Jul 2013 04:18:07 -0700 (PDT) +Sender: mh.in.england@gmail.com +Received: by 10.76.23.36 with HTTP; Tue, 9 Jul 2013 04:18:07 -0700 (PDT) +In-Reply-To: <CANEZrP3zi4sWBJa-9hu4S2+gT5pP-6JzNi=mJQi=OnzF5iZE_w@mail.gmail.com> +References: <1372353053.10405.140661249237317.77984E1F@webmail.messagingengine.com> + <CAJHLa0Ncac9Xt-AQBnpghqqpfR-j6Xtd9qVQoUe2dPp0kJvz1A@mail.gmail.com> + <CANEZrP0k1HDrJC9DOn6JYiVcaRRXwVwxW7ZPjE9XvfTCHXX6pw@mail.gmail.com> + <CABsx9T3GJN0inGChebJt_dRLpVrPw7BTH8oQo6F4q6yFJaOoCA@mail.gmail.com> + <CANEZrP3LGxZ6E+9UWQH+_RN66dfeGzo4+QYACjauKRufpqB2QA@mail.gmail.com> + <1372605569.4937.140661250186789.39404E47@webmail.messagingengine.com> + <CAKm8k+20z0FkQjnYXjBwUSwY4ncTmMc-LXDH=hF6u55f_gWpkA@mail.gmail.com> + <CA+i0-i9tj8w7pNuk7nUBQKdxvizX+6_Ez1VA8OtKJNTqRrYtxg@mail.gmail.com> + <51DB6548.5070909@lavabit.com> + <CANEZrP0OZZDtRw_KYJpPkhYhQA75h5yyQRQrw+gxV0hsnc2bbg@mail.gmail.com> + <1373367371.4283.140661253533454.0D7E544E@webmail.messagingengine.com> + <CANEZrP3zi4sWBJa-9hu4S2+gT5pP-6JzNi=mJQi=OnzF5iZE_w@mail.gmail.com> +Date: Tue, 9 Jul 2013 13:18:07 +0200 +X-Google-Sender-Auth: ssf639G6UbSulI5KIkjLVraFm6s +Message-ID: <CANEZrP03kR2J858mpcqW3drAMzHsEKLWAmY-a=CyPQVcW+MCrw@mail.gmail.com> +From: Mike Hearn <mike@plan99.net> +To: Jim <jim618@fastmail.co.uk> +Content-Type: multipart/alternative; boundary=047d7b4728b4bf15cb04e112509c +X-Spam-Score: -0.5 (/) +X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. + See http://spamassassin.org/tag/ for more details. + -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for + sender-domain + 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider + (mh.in.england[at]gmail.com) + -0.0 SPF_PASS SPF: sender matches SPF record + 1.0 HTML_MESSAGE BODY: HTML included in message + 0.1 DKIM_SIGNED Message has a DKIM or DK signature, + not necessarily valid + -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature +X-Headers-End: 1UwVvw-0001e3-NO +Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net> +Subject: Re: [Bitcoin-development] Proposal: MultiBit as default desktop + client on bitcoin.org +X-BeenThere: bitcoin-development@lists.sourceforge.net +X-Mailman-Version: 2.1.9 +Precedence: list +List-Id: <bitcoin-development.lists.sourceforge.net> +List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> +List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> +List-Post: <mailto:bitcoin-development@lists.sourceforge.net> +List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> +List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> +X-List-Received-Date: Tue, 09 Jul 2013 11:18:18 -0000 + +--047d7b4728b4bf15cb04e112509c +Content-Type: text/plain; charset=UTF-8 + +By the way, the Java Web Start system has improved a lot in recent versions +as well. I just tried running http://jfxtras.org/ and this was the +experience: + + - It told me my Java was insecure and that I should download the latest + version (hah). It had three buttons, one saying "Update", one saying "Block + content in browser" and one saying "Later". So it seems Java learned how to + disable its plugin by itself anyway. I think on non-Linux platforms it + probably knows how to update itself as well these days. + - As it happens I don't care right now because jfxtras is a source I + trust, so I clicked later and it popped up a permission screen saying the + author was unknown, could damage my computer, etc. Actually, Jim has a code + signing cert so this would show his identity at that point. + - Clicked run. The app downloaded in a few seconds and was running. + - JavaWS keeps the app up to date for you at that point. + +It's triggered by downloading and opening a .jnlp file, so - same security +boundaries as a regular app download, except you download metadata for the +runtime instead of the whole app at once. + +It might be worth providing a JNLP option on the multibit webpage as well, +as although I wouldn't let the applet plugin in my browser, once I made an +explicit decision to go to multibit.org and trust James Burton with my +money, the JWS experience at that point is pretty good. Until we have our +own auto update engine it's better than nothing. + + + +On Tue, Jul 9, 2013 at 1:04 PM, Mike Hearn <mike@plan99.net> wrote: + +> How many downloads/day do we see currently? I think you said it's on the +> order of a few thousand, so nowhere near 30k I'd guess. Anyway I can mirror +> it if we need to. +> +> The JavaFX packager is supposed to delete parts of the JVM that aren't +> used. Is the 30-40mb figure based on using that tool or something else? +> Note that you don't need to use the JFX widget toolkit to use the bundler +> tool. +> +> We could also invest in a copy of JET, which does native compilation down +> to self contained Windows binaries. It might create smaller bundles. But, +> it's a proprietary tool and I don't know how reproducible its outputs are. +> +> For the auto update, is there an existing auto update framework that we +> can modify to support threshold signed updates? I'm sure such a thing must +> exist. The updates would download in the background and then the app can +> just ask the user to restart it once the update is locally available, as +> Chrome does. +> +> +> +> On Tue, Jul 9, 2013 at 12:56 PM, Jim <jim618@fastmail.co.uk> wrote: +> +>> Yes I would like to bundle a JVM as it would simplify the user +>> experience. +>> +>> There are a few downsides though: +>> + all the build packaging will need redoing and retesting. +>> + it will bump up the MultiBit download from about 11MB to 30-40MB +>> (I think). This drops the maximum copies of MultiBit the multibit.org +>> server can deliver per day from around 90,000 to 30,000ish. +>> The multibit.org server maxes out at 1 TB of bandwidth per day. +>> +>> Currently there is no provision to update anything automatically. +>> I would like to start having Bitcoin signed files that MultiBit can +>> check +>> and update (initially the checkpoints file, I18N files - NOT code +>> at first because of the security implications). I think this needs to be +>> in place before bundling a JVM so that users don't have to +>> keep redownloading it. +>> +>> Having lists of all the artifacts signed and them having SHA256 hashes +>> then makes it practical/ safe to start mirroring the code. I can see +>> each mirror crosschecking the others that the SHA256s are correct +>> for instance. This would increase the maximum number of +>> downloads we could cope with. +>> +>> +>> On Tue, Jul 9, 2013, at 11:36 AM, Mike Hearn wrote: +>> > Modern Java versions let you bundle the app with a stripped down JVM. I +>> > don't know if Jim does that, but I think it's an obvious step towards +>> > making MultiBit friendlier and easier to use. +>> > +>> > BTW I believe most secure browsers (Chrome, Firefox) have banned the +>> > applet +>> > plugin or severely restrained it anyway. So even if you install the JVM +>> > and +>> > plugin together there is not an issue. +>> > +>> > +>> > On Tue, Jul 9, 2013 at 3:20 AM, Caleb James DeLisle < +>> > calebdelisle@lavabit.com> wrote: +>> > +>> > > Java (Applet) security is indeed abysmal but lets compare apples to +>> apples. +>> > > With an applet some random guy with a website makes up some Java code +>> and +>> > > your browser automatically executes it. +>> > > With Multibit you're only executing highly trusted code (so trusted +>> that it +>> > > handles your money). +>> > > There has almost never been a Java exploit against secure trusted +>> code. +>> > > +>> > > The idea of discouraging use of java apps just because people would be +>> > > tricked into activating the browser plugin when installing the JVM is +>> > > probably valid but Multibit is the only reasonably complete client +>> outside +>> > > of bitcoinqt and I think client diversity is more important than +>> stamping +>> > > out java. +>> > > +>> > > Thanks, +>> > > Caleb +>> > > +>> > > +>> > > On 07/08/2013 08:22 PM, Robert Backhaus wrote: +>> > > > But... Multibit is Java. Java's security problems has made it an +>> instant +>> > > uninstall item on windows PCs for about a year now. Java exploits are +>> a +>> > > dime a dozen. +>> > > > +>> > > > Yes, you can reduce some of the problems by manually disabling the +>> > > browser plugin, but how many users will do that? +>> > > > +>> > > > Recommending a fast SPV client as a first wallet - yes, of course. +>> > > Recommending users open such a huge attack interface on their +>> computers by +>> > > installing Java - No go. Until Multibit is provided as a compiled +>> binary +>> > > without a Java dependency, it is DOA. +>> > > > +>> > > > +>> > > > On 1 July 2013 02:39, Gary Rowe <g.rowe@froot.co.uk <mailto: +>> > > g.rowe@froot.co.uk>> wrote: +>> > > > +>> > > > I've beefed up the supporting documentation for the website to +>> make +>> > > it more accessible for developers who wish to contribute. It's a Java +>> > > application serving HTML. +>> > > > +>> > > > It can be found here: +>> https://github.com/jim618/multibit-website +>> > > > +>> > > > +>> > > > On 30 June 2013 16:19, Jim <jim618@fastmail.co.uk <mailto: +>> > > jim618@fastmail.co.uk>> wrote: +>> > > > +>> > > > Yeah "email jim' was never going to work so I have +>> > > > bumped up MultiBit support (a bit) by: +>> > > > +>> > > > + having a dedicated Support page on the website +>> > > > https://multibit.org/support.html +>> > > > It has fixes and support notes for the most common +>> gotchas. +>> > > > + the in-app help also now has a 'Support' section with +>> > > > "Troubleshooting' and the commonest gotchas. +>> > > > I've also written more help to cover as much as possible. +>> > > > + Failing that people are directed first to +>> > > bitcoin.stackchange.com <http://bitcoin.stackchange.com> +>> > > > (I have a notification set up for the 'multibit' keyword. +>> > > > + Then finally users are directed to the github issues to +>> search +>> > > > existing or raise a new issue. Gary and Tim often chip +>> in on +>> > > there to +>> > > > close +>> > > > issues down as well as me. +>> > > > +>> > > > +>> > > > +>> > > > On Sun, Jun 30, 2013, at 12:42 PM, Mike Hearn wrote: +>> > > > > Sounds like we have consensus, Saivann, shall we do it? +>> > > > > +>> > > > > I'm also going to ask Theymos again to relax the newbie +>> > > restrictions +>> > > > > for the alt client forums. It's probably too hard to get +>> > > support at +>> > > > > the moment and "email jim" doesn't scale at all. +>> > > > > +>> > > > > On Fri, Jun 28, 2013 at 4:24 PM, Gavin Andresen < +>> > > gavinandresen@gmail.com <mailto:gavinandresen@gmail.com>> +>> > > > > wrote: +>> > > > > > I vote "yes" to have MultiBit replace Bitcoin-Qt as the +>> > > recommended +>> > > > > > desktop wallet app. I think most users will be happier +>> with +>> > > it. +>> > > > > > +>> > > > > > If I'm wrong, it is easy to change back. +>> > > > > > +>> > > > > > +>> > > +>> ------------------------------------------------------------------------------ +>> > > > > > This SF.net email is sponsored by Windows: +>> > > > > > +>> > > > > > Build for Windows Store. +>> > > > > > +>> > > > > > http://p.sf.net/sfu/windows-dev2dev +>> > > > > > _______________________________________________ +>> > > > > > Bitcoin-development mailing list +>> > > > > > Bitcoin-development@lists.sourceforge.net <mailto: +>> > > Bitcoin-development@lists.sourceforge.net> +>> > > > > > +>> > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development +>> > > > > +>> > > > > +>> > > +>> ------------------------------------------------------------------------------ +>> > > > > This SF.net email is sponsored by Windows: +>> > > > > +>> > > > > Build for Windows Store. +>> > > > > +>> > > > > http://p.sf.net/sfu/windows-dev2dev +>> > > > > _______________________________________________ +>> > > > > Bitcoin-development mailing list +>> > > > > Bitcoin-development@lists.sourceforge.net <mailto: +>> > > Bitcoin-development@lists.sourceforge.net> +>> > > > > +>> > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development +>> > > > +>> > > > +>> > > > -- +>> > > > https://multibit.org Money, reinvented +>> > > > +>> > > > +>> > > +>> ------------------------------------------------------------------------------ +>> > > > This SF.net email is sponsored by Windows: +>> > > > +>> > > > Build for Windows Store. +>> > > > +>> > > > http://p.sf.net/sfu/windows-dev2dev +>> > > > _______________________________________________ +>> > > > Bitcoin-development mailing list +>> > > > Bitcoin-development@lists.sourceforge.net <mailto: +>> > > Bitcoin-development@lists.sourceforge.net> +>> > > > +>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development +>> > > > +>> > > > +>> > > > +>> > > > +>> > > +>> ------------------------------------------------------------------------------ +>> > > > This SF.net email is sponsored by Windows: +>> > > > +>> > > > Build for Windows Store. +>> > > > +>> > > > http://p.sf.net/sfu/windows-dev2dev +>> > > > _______________________________________________ +>> > > > Bitcoin-development mailing list +>> > > > Bitcoin-development@lists.sourceforge.net <mailto: +>> > > Bitcoin-development@lists.sourceforge.net> +>> > > > +>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development +>> > > > +>> > > > +>> > > > +>> > > > +>> > > > +>> > > +>> ------------------------------------------------------------------------------ +>> > > > See everything from the browser to the database with AppDynamics +>> > > > Get end-to-end visibility with application monitoring from +>> AppDynamics +>> > > > Isolate bottlenecks and diagnose root cause in seconds. +>> > > > Start your free trial of AppDynamics Pro today! +>> > > > +>> > > +>> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk +>> > > > +>> > > > +>> > > > +>> > > > _______________________________________________ +>> > > > Bitcoin-development mailing list +>> > > > Bitcoin-development@lists.sourceforge.net +>> > > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development +>> > > > +>> > > +>> > > +>> > > +>> > > +>> ------------------------------------------------------------------------------ +>> > > See everything from the browser to the database with AppDynamics +>> > > Get end-to-end visibility with application monitoring from AppDynamics +>> > > Isolate bottlenecks and diagnose root cause in seconds. +>> > > Start your free trial of AppDynamics Pro today! +>> > > +>> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk +>> > > _______________________________________________ +>> > > Bitcoin-development mailing list +>> > > Bitcoin-development@lists.sourceforge.net +>> > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development +>> > > +>> > +>> ------------------------------------------------------------------------------ +>> > See everything from the browser to the database with AppDynamics +>> > Get end-to-end visibility with application monitoring from AppDynamics +>> > Isolate bottlenecks and diagnose root cause in seconds. +>> > Start your free trial of AppDynamics Pro today! +>> > +>> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk +>> > _______________________________________________ +>> > Bitcoin-development mailing list +>> > Bitcoin-development@lists.sourceforge.net +>> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development +>> +>> +>> -- +>> https://multibit.org Money, reinvented +>> +>> +>> ------------------------------------------------------------------------------ +>> See everything from the browser to the database with AppDynamics +>> Get end-to-end visibility with application monitoring from AppDynamics +>> Isolate bottlenecks and diagnose root cause in seconds. +>> Start your free trial of AppDynamics Pro today! +>> +>> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk +>> _______________________________________________ +>> Bitcoin-development mailing list +>> Bitcoin-development@lists.sourceforge.net +>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development +>> +> +> + +--047d7b4728b4bf15cb04e112509c +Content-Type: text/html; charset=UTF-8 +Content-Transfer-Encoding: quoted-printable + +<div dir=3D"ltr">By the way, the Java Web Start system has improved a lot i= +n recent versions as well. I just tried running=C2=A0<a href=3D"http://jfxt= +ras.org/">http://jfxtras.org/</a>=C2=A0and this was the experience:<div><ul= +><li>It told me my Java was insecure and that I should download the latest = +version (hah). It had three buttons, one saying "Update", one say= +ing "Block content in browser" and one saying "Later". = +So it seems Java learned how to disable its plugin by itself anyway. I thin= +k on non-Linux platforms it probably knows how to update itself as well the= +se days.</li> +<li>As it happens I don't care right now because jfxtras is a source I = +trust, so I clicked later and it popped up a permission screen saying the a= +uthor was unknown, could damage my computer, etc. Actually, Jim has a code = +signing cert so this would show his identity at that point.</li> +<li>Clicked run. The app downloaded in a few seconds and was running.</li><= +li>JavaWS keeps the app up to date for you at that point.</li></ul><div>It&= +#39;s triggered by downloading and opening a .jnlp file, so - same security= + boundaries as a regular app download, except you download metadata for the= + runtime instead of the whole app at once.</div> +</div><div><br></div><div>It might be worth providing a JNLP option on the = +multibit webpage as well, as although I wouldn't let the applet plugin = +in my browser, once I made an explicit decision to go to <a href=3D"http://= +multibit.org">multibit.org</a> and trust James Burton with my money, the JW= +S experience at that point is pretty good. Until we have our own auto updat= +e engine it's better than nothing.</div> +<div><br></div></div><div class=3D"gmail_extra"><br><br><div class=3D"gmail= +_quote">On Tue, Jul 9, 2013 at 1:04 PM, Mike Hearn <span dir=3D"ltr"><<a= + href=3D"mailto:mike@plan99.net" target=3D"_blank">mike@plan99.net</a>><= +/span> wrote:<br> +<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= +x #ccc solid;padding-left:1ex"><div dir=3D"ltr">How many downloads/day do w= +e see currently? I think you said it's on the order of a few thousand, = +so nowhere near 30k I'd guess. Anyway I can mirror it if we need to.<di= +v> +<br></div><div>The JavaFX packager is supposed to delete parts of the JVM t= +hat aren't used. Is the 30-40mb figure based on using that tool or some= +thing else? Note that you don't need to use the JFX widget toolkit to u= +se the bundler tool.</div> + +<div><br></div><div>We could also invest in a copy of JET, which does nativ= +e compilation down to self contained Windows binaries. It might create smal= +ler bundles. But, it's a proprietary tool and I don't know how repr= +oducible its outputs are.</div> + +<div><br></div><div>For the auto update, is there an existing auto update f= +ramework that we can modify to support threshold signed updates? I'm su= +re such a thing must exist. The updates would download in the background an= +d then the app can just ask the user to restart it once the update is local= +ly available, as Chrome does.</div> + +<div><br></div></div><div class=3D"HOEnZb"><div class=3D"h5"><div class=3D"= +gmail_extra"><br><br><div class=3D"gmail_quote">On Tue, Jul 9, 2013 at 12:5= +6 PM, Jim <span dir=3D"ltr"><<a href=3D"mailto:jim618@fastmail.co.uk" ta= +rget=3D"_blank">jim618@fastmail.co.uk</a>></span> wrote:<br> + +<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= +x #ccc solid;padding-left:1ex">Yes I would like to bundle a JVM as it would= + simplify the user<br> +experience.<br> +<br> +There are a few downsides though:<br> ++ all the build packaging will need redoing and retesting.<br> ++ it will bump up the MultiBit download from about 11MB to 30-40MB<br> +(I think). This drops the maximum copies of MultiBit the <a href=3D"http://= +multibit.org" target=3D"_blank">multibit.org</a><br> +server can deliver per day from around 90,000 to 30,000ish.<br> +The <a href=3D"http://multibit.org" target=3D"_blank">multibit.org</a> serv= +er maxes out at 1 TB of bandwidth per day.<br> +<br> +Currently there is no provision to update anything automatically.<br> +I would like to start having Bitcoin signed files that MultiBit can<br> +check<br> +and update (initially the checkpoints file, I18N files - NOT code<br> +at first because of the security implications). I think this needs to be<br= +> +in place before bundling a JVM so that users don't have to<br> +keep redownloading it.<br> +<br> +Having lists of all the artifacts signed and them having SHA256 hashes<br> +then makes it practical/ safe to start mirroring the code. I can see<br> +each mirror crosschecking the others that the SHA256s are correct<br> +for instance. This would increase the maximum number of<br> +downloads we could cope with.<br> +<div><div><br> +<br> +On Tue, Jul 9, 2013, at 11:36 AM, Mike Hearn wrote:<br> +> Modern Java versions let you bundle the app with a stripped down JVM. = +I<br> +> don't know if Jim does that, but I think it's an obvious step = +towards<br> +> making MultiBit friendlier and easier to use.<br> +><br> +> BTW I believe most secure browsers (Chrome, Firefox) have banned the<b= +r> +> applet<br> +> plugin or severely restrained it anyway. So even if you install the JV= +M<br> +> and<br> +> plugin together there is not an issue.<br> +><br> +><br> +> On Tue, Jul 9, 2013 at 3:20 AM, Caleb James DeLisle <<br> +> <a href=3D"mailto:calebdelisle@lavabit.com" target=3D"_blank">calebdel= +isle@lavabit.com</a>> wrote:<br> +><br> +> > Java (Applet) security is indeed abysmal but lets compare apples = +to apples.<br> +> > With an applet some random guy with a website makes up some Java = +code and<br> +> > your browser automatically executes it.<br> +> > With Multibit you're only executing highly trusted code (so t= +rusted that it<br> +> > handles your money).<br> +> > There has almost never been a Java exploit against secure trusted= + code.<br> +> ><br> +> > The idea of discouraging use of java apps just because people wou= +ld be<br> +> > tricked into activating the browser plugin when installing the JV= +M is<br> +> > probably valid but Multibit is the only reasonably complete clien= +t outside<br> +> > of bitcoinqt and I think client diversity is more important than = +stamping<br> +> > out java.<br> +> ><br> +> > Thanks,<br> +> > Caleb<br> +> ><br> +> ><br> +> > On 07/08/2013 08:22 PM, Robert Backhaus wrote:<br> +> > > But... Multibit is Java. Java's security problems has ma= +de it an instant<br> +> > uninstall item on windows PCs for about a year now. Java exploits= + are a<br> +> > dime a dozen.<br> +> > ><br> +> > > Yes, you can reduce some of the problems by manually disabli= +ng the<br> +> > browser plugin, but how many users will do that?<br> +> > ><br> +> > > Recommending a fast SPV client as a first wallet - yes, of c= +ourse.<br> +> > Recommending users open such a huge attack interface on their com= +puters by<br> +> > installing Java - No go. Until Multibit is provided as a compiled= + binary<br> +> > without a Java dependency, it is DOA.<br> +> > ><br> +> > ><br> +> > > On 1 July 2013 02:39, Gary Rowe <<a href=3D"mailto:g.rowe= +@froot.co.uk" target=3D"_blank">g.rowe@froot.co.uk</a> <mailto:<br> +> > <a href=3D"mailto:g.rowe@froot.co.uk" target=3D"_blank">g.rowe@fr= +oot.co.uk</a>>> wrote:<br> +> > ><br> +> > > =C2=A0 =C2=A0 I've beefed up the supporting documentatio= +n for the website to make<br> +> > it more accessible for developers who wish to contribute. It'= +s a Java<br> +> > application serving HTML.<br> +> > ><br> +> > > =C2=A0 =C2=A0 It can be found here: <a href=3D"https://githu= +b.com/jim618/multibit-website" target=3D"_blank">https://github.com/jim618/= +multibit-website</a><br> +> > ><br> +> > ><br> +> > > =C2=A0 =C2=A0 On 30 June 2013 16:19, Jim <<a href=3D"mail= +to:jim618@fastmail.co.uk" target=3D"_blank">jim618@fastmail.co.uk</a> <m= +ailto:<br> +> > <a href=3D"mailto:jim618@fastmail.co.uk" target=3D"_blank">jim618= +@fastmail.co.uk</a>>> wrote:<br> +> > ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 Yeah "email jim' was ne= +ver going to work so I have<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 bumped up MultiBit support (a bi= +t) by:<br> +> > ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 + having a dedicated Support pag= +e on the website<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a href=3D"https://= +multibit.org/support.html" target=3D"_blank">https://multibit.org/support.h= +tml</a><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0It has fixes and su= +pport notes for the most common gotchas.<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 + the in-app help also now has a= + 'Support' section with<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0"Troubleshooti= +ng' and the commonest gotchas.<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0I've also writt= +en more help to cover as much as possible.<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 + Failing that people are direct= +ed first to<br> +> > <a href=3D"http://bitcoin.stackchange.com" target=3D"_blank">bitc= +oin.stackchange.com</a> <<a href=3D"http://bitcoin.stackchange.com" targ= +et=3D"_blank">http://bitcoin.stackchange.com</a>><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(I have a notificat= +ion set up for the 'multibit' keyword.<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 + Then finally users are directe= +d to the github issues to search<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0existing or raise a= + new issue. Gary and Tim often chip in on<br> +> > there to<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0close<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0issues down as well= + as me.<br> +> > ><br> +> > ><br> +> > ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 On Sun, Jun 30, 2013, at 12:42 P= +M, Mike Hearn wrote:<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > Sounds like we have consens= +us, Saivann, shall we do it?<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > I'm also going to ask T= +heymos again to relax the newbie<br> +> > restrictions<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > for the alt client forums. = +It's probably too hard to get<br> +> > support at<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > the moment and "email = +jim" doesn't scale at all.<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > On Fri, Jun 28, 2013 at 4:2= +4 PM, Gavin Andresen <<br> +> > <a href=3D"mailto:gavinandresen@gmail.com" target=3D"_blank">gavi= +nandresen@gmail.com</a> <mailto:<a href=3D"mailto:gavinandresen@gmail.co= +m" target=3D"_blank">gavinandresen@gmail.com</a>>><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > wrote:<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > > I vote "yes"= + to have MultiBit replace Bitcoin-Qt as the<br> +> > recommended<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > > desktop wallet app. I = +think most users will be happier with<br> +> > it.<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > > If I'm wrong, it i= +s easy to change back.<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > ><br> +> > -----------------------------------------------------------------= +-------------<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > > This SF.net email is s= +ponsored by Windows:<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > > Build for Windows Stor= +e.<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > > <a href=3D"http://p.sf= +.net/sfu/windows-dev2dev" target=3D"_blank">http://p.sf.net/sfu/windows-dev= +2dev</a><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > > ______________________= +_________________________<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > > Bitcoin-development ma= +iling list<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > > <a href=3D"mailto:Bitc= +oin-development@lists.sourceforge.net" target=3D"_blank">Bitcoin-developmen= +t@lists.sourceforge.net</a> <mailto:<br> +> > <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" targ= +et=3D"_blank">Bitcoin-development@lists.sourceforge.net</a>><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > ><br> +> > <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-d= +evelopment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/= +bitcoin-development</a><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 ><br> +> > -----------------------------------------------------------------= +-------------<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > This SF.net email is sponso= +red by Windows:<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > Build for Windows Store.<br= +> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > <a href=3D"http://p.sf.net/= +sfu/windows-dev2dev" target=3D"_blank">http://p.sf.net/sfu/windows-dev2dev<= +/a><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > ___________________________= +____________________<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > Bitcoin-development mailing= + list<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 > <a href=3D"mailto:Bitcoin-d= +evelopment@lists.sourceforge.net" target=3D"_blank">Bitcoin-development@lis= +ts.sourceforge.net</a> <mailto:<br> +> > <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" targ= +et=3D"_blank">Bitcoin-development@lists.sourceforge.net</a>><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 ><br> +> > <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-d= +evelopment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/= +bitcoin-development</a><br> +> > ><br> +> > ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 --<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"https://multibit.org"= + target=3D"_blank">https://multibit.org</a> =C2=A0 =C2=A0Money, reinvented<= +br> +> > ><br> +> > ><br> +> > -----------------------------------------------------------------= +-------------<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 This SF.net email is sponsored b= +y Windows:<br> +> > ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 Build for Windows Store.<br> +> > ><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"http://p.sf.net/sfu/w= +indows-dev2dev" target=3D"_blank">http://p.sf.net/sfu/windows-dev2dev</a><b= +r> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 ________________________________= +_______________<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 Bitcoin-development mailing list= +<br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"mailto:Bitcoin-develo= +pment@lists.sourceforge.net" target=3D"_blank">Bitcoin-development@lists.so= +urceforge.net</a> <mailto:<br> +> > <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" targ= +et=3D"_blank">Bitcoin-development@lists.sourceforge.net</a>><br> +> > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D"https://lists.sourcef= +orge.net/lists/listinfo/bitcoin-development" target=3D"_blank">https://list= +s.sourceforge.net/lists/listinfo/bitcoin-development</a><br> +> > ><br> +> > ><br> +> > ><br> +> > ><br> +> > -----------------------------------------------------------------= +-------------<br> +> > > =C2=A0 =C2=A0 This SF.net email is sponsored by Windows:<br> +> > ><br> +> > > =C2=A0 =C2=A0 Build for Windows Store.<br> +> > ><br> +> > > =C2=A0 =C2=A0 <a href=3D"http://p.sf.net/sfu/windows-dev2dev= +" target=3D"_blank">http://p.sf.net/sfu/windows-dev2dev</a><br> +> > > =C2=A0 =C2=A0 ______________________________________________= +_<br> +> > > =C2=A0 =C2=A0 Bitcoin-development mailing list<br> +> > > =C2=A0 =C2=A0 <a href=3D"mailto:Bitcoin-development@lists.so= +urceforge.net" target=3D"_blank">Bitcoin-development@lists.sourceforge.net<= +/a> <mailto:<br> +> > <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" targ= +et=3D"_blank">Bitcoin-development@lists.sourceforge.net</a>><br> +> > > =C2=A0 =C2=A0 <a href=3D"https://lists.sourceforge.net/lists= +/listinfo/bitcoin-development" target=3D"_blank">https://lists.sourceforge.= +net/lists/listinfo/bitcoin-development</a><br> +> > ><br> +> > ><br> +> > ><br> +> > ><br> +> > ><br> +> > -----------------------------------------------------------------= +-------------<br> +> > > See everything from the browser to the database with AppDyna= +mics<br> +> > > Get end-to-end visibility with application monitoring from A= +ppDynamics<br> +> > > Isolate bottlenecks and diagnose root cause in seconds.<br> +> > > Start your free trial of AppDynamics Pro today!<br> +> > ><br> +> > <a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D488088= +31&iu=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclic= +k.net/gampad/clk?id=3D48808831&iu=3D/4140/ostg.clktrk</a><br> +> > ><br> +> > ><br> +> > ><br> +> > > _______________________________________________<br> +> > > Bitcoin-development mailing list<br> +> > > <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net"= + target=3D"_blank">Bitcoin-development@lists.sourceforge.net</a><br> +> > > <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitc= +oin-development" target=3D"_blank">https://lists.sourceforge.net/lists/list= +info/bitcoin-development</a><br> +> > ><br> +> ><br> +> ><br> +> ><br> +> > -----------------------------------------------------------------= +-------------<br> +> > See everything from the browser to the database with AppDynamics<= +br> +> > Get end-to-end visibility with application monitoring from AppDyn= +amics<br> +> > Isolate bottlenecks and diagnose root cause in seconds.<br> +> > Start your free trial of AppDynamics Pro today!<br> +> > <a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D488088= +31&iu=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclic= +k.net/gampad/clk?id=3D48808831&iu=3D/4140/ostg.clktrk</a><br> +> > _______________________________________________<br> +> > Bitcoin-development mailing list<br> +> > <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" targ= +et=3D"_blank">Bitcoin-development@lists.sourceforge.net</a><br> +> > <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-d= +evelopment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/= +bitcoin-development</a><br> +> ><br> +> ----------------------------------------------------------------------= +--------<br> +> See everything from the browser to the database with AppDynamics<br> +> Get end-to-end visibility with application monitoring from AppDynamics= +<br> +> Isolate bottlenecks and diagnose root cause in seconds.<br> +> Start your free trial of AppDynamics Pro today!<br> +> <a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D48808831&am= +p;iu=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net= +/gampad/clk?id=3D48808831&iu=3D/4140/ostg.clktrk</a><br> +> _______________________________________________<br> +> Bitcoin-development mailing list<br> +> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D= +"_blank">Bitcoin-development@lists.sourceforge.net</a><br> +> <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-develo= +pment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitco= +in-development</a><br> +<br> +<br> +--<br> +<a href=3D"https://multibit.org" target=3D"_blank">https://multibit.org</a>= + =C2=A0 =C2=A0Money, reinvented<br> +<br> +---------------------------------------------------------------------------= +---<br> +See everything from the browser to the database with AppDynamics<br> +Get end-to-end visibility with application monitoring from AppDynamics<br> +Isolate bottlenecks and diagnose root cause in seconds.<br> +Start your free trial of AppDynamics Pro today!<br> +<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D48808831&iu= +=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam= +pad/clk?id=3D48808831&iu=3D/4140/ostg.clktrk</a><br> +_______________________________________________<br> +Bitcoin-development mailing list<br> +<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla= +nk">Bitcoin-development@lists.sourceforge.net</a><br> +<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development= +" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de= +velopment</a><br> +</div></div></blockquote></div><br></div> +</div></div></blockquote></div><br></div> + +--047d7b4728b4bf15cb04e112509c-- + + |