1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <jim618@fastmail.co.uk>) id 1UwVan-0007O9-42
for bitcoin-development@lists.sourceforge.net;
Tue, 09 Jul 2013 10:56:21 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of fastmail.co.uk
designates 66.111.4.25 as permitted sender)
client-ip=66.111.4.25; envelope-from=jim618@fastmail.co.uk;
helo=out1-smtp.messagingengine.com;
Received: from out1-smtp.messagingengine.com ([66.111.4.25])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.76) id 1UwVak-0004s3-TS
for bitcoin-development@lists.sourceforge.net;
Tue, 09 Jul 2013 10:56:21 +0000
Received: from compute2.internal (compute2.nyi.mail.srv.osa [10.202.2.42])
by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 5AF2B20F60
for <bitcoin-development@lists.sourceforge.net>;
Tue, 9 Jul 2013 06:56:12 -0400 (EDT)
Received: from web1.nyi.mail.srv.osa ([10.202.2.211])
by compute2.internal (MEProxy); Tue, 09 Jul 2013 06:56:12 -0400
Received: by web1.nyi.mail.srv.osa (Postfix, from userid 99)
id E4D96F00003; Tue, 9 Jul 2013 06:56:11 -0400 (EDT)
Message-Id: <1373367371.4283.140661253533454.0D7E544E@webmail.messagingengine.com>
X-Sasl-Enc: s3mw8GgXQ4FIHkurVJGQKQHg8VZRJQ7jHZQJZfrBkiGi 1373367371
From: Jim <jim618@fastmail.co.uk>
To: bitcoin-development@lists.sourceforge.net
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
X-Mailer: MessagingEngine.com Webmail Interface - ajax-cea5092a
In-Reply-To: <CANEZrP0OZZDtRw_KYJpPkhYhQA75h5yyQRQrw+gxV0hsnc2bbg@mail.gmail.com>
References: <1372353053.10405.140661249237317.77984E1F@webmail.messagingengine.com>
<CAJHLa0Ncac9Xt-AQBnpghqqpfR-j6Xtd9qVQoUe2dPp0kJvz1A@mail.gmail.com>
<CANEZrP0k1HDrJC9DOn6JYiVcaRRXwVwxW7ZPjE9XvfTCHXX6pw@mail.gmail.com>
<CABsx9T3GJN0inGChebJt_dRLpVrPw7BTH8oQo6F4q6yFJaOoCA@mail.gmail.com>
<CANEZrP3LGxZ6E+9UWQH+_RN66dfeGzo4+QYACjauKRufpqB2QA@mail.gmail.com>
<1372605569.4937.140661250186789.39404E47@webmail.messagingengine.com>
<CAKm8k+20z0FkQjnYXjBwUSwY4ncTmMc-LXDH=hF6u55f_gWpkA@mail.gmail.com>
<CA+i0-i9tj8w7pNuk7nUBQKdxvizX+6_Ez1VA8OtKJNTqRrYtxg@mail.gmail.com>
<51DB6548.5070909@lavabit.com>
<CANEZrP0OZZDtRw_KYJpPkhYhQA75h5yyQRQrw+gxV0hsnc2bbg@mail.gmail.com>
Date: Tue, 09 Jul 2013 11:56:11 +0100
X-Spam-Score: -0.3 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(jim618[at]fastmail.co.uk)
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit (jim618[at]fastmail.co.uk)
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
1.0 FREEMAIL_REPLY From and body contain different freemails
X-Headers-End: 1UwVak-0004s3-TS
Subject: Re: [Bitcoin-development] Proposal: MultiBit as default desktop
client on bitcoin.org
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2013 10:56:21 -0000
Yes I would like to bundle a JVM as it would simplify the user
experience.
There are a few downsides though:
+ all the build packaging will need redoing and retesting.
+ it will bump up the MultiBit download from about 11MB to 30-40MB
(I think). This drops the maximum copies of MultiBit the multibit.org
server can deliver per day from around 90,000 to 30,000ish.
The multibit.org server maxes out at 1 TB of bandwidth per day.
Currently there is no provision to update anything automatically.
I would like to start having Bitcoin signed files that MultiBit can
check
and update (initially the checkpoints file, I18N files - NOT code
at first because of the security implications). I think this needs to be
in place before bundling a JVM so that users don't have to
keep redownloading it.
Having lists of all the artifacts signed and them having SHA256 hashes
then makes it practical/ safe to start mirroring the code. I can see
each mirror crosschecking the others that the SHA256s are correct
for instance. This would increase the maximum number of
downloads we could cope with.
On Tue, Jul 9, 2013, at 11:36 AM, Mike Hearn wrote:
> Modern Java versions let you bundle the app with a stripped down JVM. I
> don't know if Jim does that, but I think it's an obvious step towards
> making MultiBit friendlier and easier to use.
>
> BTW I believe most secure browsers (Chrome, Firefox) have banned the
> applet
> plugin or severely restrained it anyway. So even if you install the JVM
> and
> plugin together there is not an issue.
>
>
> On Tue, Jul 9, 2013 at 3:20 AM, Caleb James DeLisle <
> calebdelisle@lavabit.com> wrote:
>
> > Java (Applet) security is indeed abysmal but lets compare apples to apples.
> > With an applet some random guy with a website makes up some Java code and
> > your browser automatically executes it.
> > With Multibit you're only executing highly trusted code (so trusted that it
> > handles your money).
> > There has almost never been a Java exploit against secure trusted code.
> >
> > The idea of discouraging use of java apps just because people would be
> > tricked into activating the browser plugin when installing the JVM is
> > probably valid but Multibit is the only reasonably complete client outside
> > of bitcoinqt and I think client diversity is more important than stamping
> > out java.
> >
> > Thanks,
> > Caleb
> >
> >
> > On 07/08/2013 08:22 PM, Robert Backhaus wrote:
> > > But... Multibit is Java. Java's security problems has made it an instant
> > uninstall item on windows PCs for about a year now. Java exploits are a
> > dime a dozen.
> > >
> > > Yes, you can reduce some of the problems by manually disabling the
> > browser plugin, but how many users will do that?
> > >
> > > Recommending a fast SPV client as a first wallet - yes, of course.
> > Recommending users open such a huge attack interface on their computers by
> > installing Java - No go. Until Multibit is provided as a compiled binary
> > without a Java dependency, it is DOA.
> > >
> > >
> > > On 1 July 2013 02:39, Gary Rowe <g.rowe@froot.co.uk <mailto:
> > g.rowe@froot.co.uk>> wrote:
> > >
> > > I've beefed up the supporting documentation for the website to make
> > it more accessible for developers who wish to contribute. It's a Java
> > application serving HTML.
> > >
> > > It can be found here: https://github.com/jim618/multibit-website
> > >
> > >
> > > On 30 June 2013 16:19, Jim <jim618@fastmail.co.uk <mailto:
> > jim618@fastmail.co.uk>> wrote:
> > >
> > > Yeah "email jim' was never going to work so I have
> > > bumped up MultiBit support (a bit) by:
> > >
> > > + having a dedicated Support page on the website
> > > https://multibit.org/support.html
> > > It has fixes and support notes for the most common gotchas.
> > > + the in-app help also now has a 'Support' section with
> > > "Troubleshooting' and the commonest gotchas.
> > > I've also written more help to cover as much as possible.
> > > + Failing that people are directed first to
> > bitcoin.stackchange.com <http://bitcoin.stackchange.com>
> > > (I have a notification set up for the 'multibit' keyword.
> > > + Then finally users are directed to the github issues to search
> > > existing or raise a new issue. Gary and Tim often chip in on
> > there to
> > > close
> > > issues down as well as me.
> > >
> > >
> > >
> > > On Sun, Jun 30, 2013, at 12:42 PM, Mike Hearn wrote:
> > > > Sounds like we have consensus, Saivann, shall we do it?
> > > >
> > > > I'm also going to ask Theymos again to relax the newbie
> > restrictions
> > > > for the alt client forums. It's probably too hard to get
> > support at
> > > > the moment and "email jim" doesn't scale at all.
> > > >
> > > > On Fri, Jun 28, 2013 at 4:24 PM, Gavin Andresen <
> > gavinandresen@gmail.com <mailto:gavinandresen@gmail.com>>
> > > > wrote:
> > > > > I vote "yes" to have MultiBit replace Bitcoin-Qt as the
> > recommended
> > > > > desktop wallet app. I think most users will be happier with
> > it.
> > > > >
> > > > > If I'm wrong, it is easy to change back.
> > > > >
> > > > >
> > ------------------------------------------------------------------------------
> > > > > This SF.net email is sponsored by Windows:
> > > > >
> > > > > Build for Windows Store.
> > > > >
> > > > > http://p.sf.net/sfu/windows-dev2dev
> > > > > _______________________________________________
> > > > > Bitcoin-development mailing list
> > > > > Bitcoin-development@lists.sourceforge.net <mailto:
> > Bitcoin-development@lists.sourceforge.net>
> > > > >
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> > > >
> > > >
> > ------------------------------------------------------------------------------
> > > > This SF.net email is sponsored by Windows:
> > > >
> > > > Build for Windows Store.
> > > >
> > > > http://p.sf.net/sfu/windows-dev2dev
> > > > _______________________________________________
> > > > Bitcoin-development mailing list
> > > > Bitcoin-development@lists.sourceforge.net <mailto:
> > Bitcoin-development@lists.sourceforge.net>
> > > >
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> > >
> > >
> > > --
> > > https://multibit.org Money, reinvented
> > >
> > >
> > ------------------------------------------------------------------------------
> > > This SF.net email is sponsored by Windows:
> > >
> > > Build for Windows Store.
> > >
> > > http://p.sf.net/sfu/windows-dev2dev
> > > _______________________________________________
> > > Bitcoin-development mailing list
> > > Bitcoin-development@lists.sourceforge.net <mailto:
> > Bitcoin-development@lists.sourceforge.net>
> > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> > >
> > >
> > >
> > >
> > ------------------------------------------------------------------------------
> > > This SF.net email is sponsored by Windows:
> > >
> > > Build for Windows Store.
> > >
> > > http://p.sf.net/sfu/windows-dev2dev
> > > _______________________________________________
> > > Bitcoin-development mailing list
> > > Bitcoin-development@lists.sourceforge.net <mailto:
> > Bitcoin-development@lists.sourceforge.net>
> > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> > >
> > >
> > >
> > >
> > >
> > ------------------------------------------------------------------------------
> > > See everything from the browser to the database with AppDynamics
> > > Get end-to-end visibility with application monitoring from AppDynamics
> > > Isolate bottlenecks and diagnose root cause in seconds.
> > > Start your free trial of AppDynamics Pro today!
> > >
> > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> > >
> > >
> > >
> > > _______________________________________________
> > > Bitcoin-development mailing list
> > > Bitcoin-development@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> > >
> >
> >
> >
> > ------------------------------------------------------------------------------
> > See everything from the browser to the database with AppDynamics
> > Get end-to-end visibility with application monitoring from AppDynamics
> > Isolate bottlenecks and diagnose root cause in seconds.
> > Start your free trial of AppDynamics Pro today!
> > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> >
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
--
https://multibit.org Money, reinvented
|
