That’s not the point, if I’m diligent enough to change a source code I’m also diligent enough to apply a -disablesafety switch which is much easier, the issue here is default behavior of the official client. Many people are going to just notice there is a new version, download and install it never realizing this new remote control was inserted there.
Saying that they can examine the source code or that it was openly discussed on the forum is like Facebook saying “but we have an option to delete your account, it’s in terms of service, section 76, line 346, under link named so-appalling-that-nobody-would-ever-click-it, then on page 2, just solve the capcha, confirm the dialog, that will disable your account and if you do not log in in a week it will be deleted”. In short … nobody actually does it … that’s how badware behaves and I do not want for Bitcoin to be badware.
If there is a remote safety disable function every user who has it enabled should consciously enable it knowing what it does. This can be easily accomplished by presenting a dialog urging user to enable it while explaining what it does in a GUI client and presenting a warning accomplishing the same task when daemon is run. Simple, efficient and everybody is happy. That’s how software that respects its users and is working for them should behave. I’m sure most people would enable it when understanding what it does … but sneaking this feature in without making sure the user specifically wants it there is making decisions for the user, I do not like decisions being made for me 😉
I’m aware of this because I read the forums but what in the future? (And what about people who do not read forums) Will there be another “feature” inserted and I’m not going to be even notified, explained what it does and asked if I want it enabled? I do not like that if you ask me … I want to know what software on my CPU does, if it doesn’t make reasonable effort to inform me of that and assure that I’m aware of it’s behavior I would consider it badware.
That’s at least my perspective … and the fix is extremely easy 😉
It can’t do arbitrary actions remotely. Maybe some of you are responding to other posters who suggested the alert system should do more?
If there is an alert, the following json-rpc methods return an error:
sendtoaddress
getbalance
getreceivedbyaddress
getreceivedbylabel
listreceivedbyaddress
listreceivedbylabel
The remaining 14 methods function as normal.
I believe the safer option should be enabled by default. If you want your server to keep trading and ignore an alert saying the money its receiving might be like the money from the overflow bug, then you can use the switch and not blame anyone else if you lose your money.
Worst case if you leave alerts enabled, your site stops trading until you upgrade or add the -disablesafemode switch.
Getting surprised by some temporary down time when your node would otherwise be at risk is better than getting surprised by a thief draining all your inventory.
Someday when we haven’t found any new bugs for a long time and it has been thoroughly security reviewed without finding anything, this can be scaled back. I’m not arguing that this is the permanent way of things forever. It’s still beta software.
54,945 total views, 27 views today
https://bitcointalk.org/index.php?topic=898.msg11150#msg11150