Bitcoin’s open-source design is a key part of its security. In theory, developments and fixes should be transparent to align with this design feature.
However, when a couple of security bugs were patched in September, developments were not made in the spirit of open design but rather were implemented without discussion.
The original problem could be traced back to a denial of service attack Bitcoin suffered in June. An initial patch fixed a flaw that allowed attackers to stuff system memory with flawed transactions.
However, that first patch had its own bugs, and it too had to be resolved.
The bugs themselves are not the issue here. What bothers some, including blogger Sergio Lerner, is the opacity with which Bitcoin’s core development team implemented those changes.
“[T]he github commit of the patch does not show a history of a discussion regarding the patch correctness, nor is it recorded if the code was audited and by whom,” Lerner said.
This indicates that the testing performed before releasing the patch could have been faulty, and this gets to the heart of computer security. When fixing a security issue, you need to be able to understand why the flaw was there to begin with so you can anticipate the possibility of future problems.
Bitcoin’s open-source design is supposed to allow anyone to spot a problem and comment on it. Understanding and solutions can thus be crowd sourced.
Instead, what appeared to happen was someone spotted a problem, cobbled together a poor solution, then tried to white out that mistake.
Sure, it’s natural to want to sweep one’s mistakes under the rug. But to obscure development with such opacity undercuts the power of crowd sourced problem solving, and now we cannot know what problems could have been revealed in the testing process.
Again, Bitcoin was designed in the spirit of transparency. It’s harder for governments or saboteurs to install flaws or back doors with everyone going over the code.
Does that sound paranoid? It shouldn’t: We now know that the NSA deliberately introduced flaws into standard encryption protocols so that our movements online could be tracked even when we were told they couldn’t be.
If Bitcoin users — and that goes for the whole community, from traders to miners to developers — fail to uphold a standard of openness, then the currency’s baked-in security features will all be for naught.
A summary of some Bitcoin-Pi innovations we have seen
The pairing of Bitcoin with the Raspberry Pi has been a match made in heaven for some hobbyists.
The tiny computer with a lone circuit board has proven sufficiently inexpensive and versatile to drive a number of innovations. It’s relationship with Bitcoin, though, has proven to be one of its most electric.
The affair got pretty serious once users found ways to turn the Pi into Bitcoin mining machines. The computer, itself no larger than a credit card, is not powerful enough on its own to mine effectively, but a few USB powered Asicminer Block Erupters can do the trick. Four such devices connected through a Pi have shown an average hash rate of about 1.3 GH/s. Not bad for a pocket money machine.
In August, at the Defcon conference in Las Vegas, a hacker showed off a briefcase with a coin slot that would allow anyone to exchange loose change for Bitcoins. The briefcase, according to The Verge, ran on a Pi with a 4G modem, and would spit out a receipt with a QR code in exchange for coins. Users could then redeem those codes for Bitcoins.
The Piper wallet team built their device around a Raspberry Pi. Piper is a paper wallet, which allows for offline storage of Bitcoins and is regarded as among the safest ways to store your digital money. The Piper’s random number generator passes all 26 Dieharder tests for secure random number creation, making it the safest paper wallet printer available. Piper is available for $199 at piper.pw.
Finally, game maker Liberty Games has built a pool table that accepts Bitcoins on runs on Raspberry Pi. The pool table has a normal coin slot, but beside that is a QR code and screen that shows the price per play in BTC. If you’re short some quarters in the pool hall, you can just scan the code and send the amount listed on the LCD screen to your Bitcoin wallet address. The company’s technical director said creating the technology was easy, and actually waiting for a made-to-order pool table was the longest part of the whole process.
Raspberry Pi is such an ideal Bitcoin partner because of the vast amount of online support available to developers, hobbyists and tinkerers. And this partnership could lead a swift charge of Bitcoin into the mainstream.
With small, inexpensive hardware and plenty of people capable of developing it, an easy payment gateway exists now for just about anyone who would like to accept Bitcoin payments. It just takes one person to see the Bitcoin payment gateway in the pool hall and decide that the same could work at gas stations, vending machines and grocery checkouts.