Button Text! Submit original article and get paid. Find out More

Bitcoin Q&A: Software distribution security

Evangelos asks from page 20 a Bitcoin user downloads a piece of software for example the Bitcoin core client software so evangelist question is what if this downloaded software is infected and serves on their interest who is responsible to distribute software if we are talking about the totally decentralized system how can I understand if it will be the original client software that’s a great question if I notice so first let’s look at how we deliver secure software to everyone who wants to use the Bitcoin core software or any other version of the software any other form of Bitcoin clients and then let’s look at what happens if it’s not the correct software so first of all Bitcoin is developed using an open source model and that means that there’s a collaborative development process that happens in a public system and that development is happening on github which is a collaborative software platform so developers from all around the world contribute changes to the code those are reviewed by thousands and thousands of people who each look at the code and a group of about 150 developers who work on this in a very concentrated manner some of them working full-time on this software all review and offer their opinion on the code there are some developers who through experience and many years of working on this project organized all of the changes into the latest version of the software and they produce releases and a release is simply a specific version which includes the changes in the code that leases being reviewed as we said in source code by many many developers from around the world now when Bitcoin was developed a new system for building software was developed called git Xion in fact this is an invention by the Bitcoin developers that is now used for secure software distribution across the world and across other platforms not just Bitcoin get seein as a system whereby software can be built independently on multiple different platforms and the results of the software build mechanism are deterministic this is called a deterministic build meaning that the get Ian system simulates the exact same platform across many many different computers that build the software independently from the source code and from a specific version of the source code they produce a binary that can be built on that can be executed on different platforms let’s say for example 64 bits x86 processors for use on Windows or on Linux and those builds have a fingerprints what Gideon does is by building the software independently on many different systems and then comparing the fingerprints it can W if you are getting the exact same executable result is everybody else and that becomes one of the release fields these are published on websites such as Bitcoin org Bitcoin core not org and other places where individual users developers miners etc can download executables of course you could also download the source code and using the get in system or just a traditional build mechanism you can build this executable and see what is produced if you know you have the right source code then the through building is on your own platform on your own computer you can get a trusted executable so once you have the executable you can also do a fingerprint on that executable and you can compare that fingerprints to the published fingerprints which are available on a number of different sites and confirm that in fact you have built the exact same executable as everybody else and you have the expected result now this ensures that when people download either the executable the source code they have a very dependable chain that goes back to the developers and the very very highly reviewed code that the developers of collaborating on but of course no process is perfect what happens if your software has been compromised well the other thing if you have software that is compromised the biggest risk is actually to your own individual wallet on that software so if you had for example downloaded a Bitcoin core software that had malware installed in it that will endanger your system and if you haven’t checked the fingerprints and if you haven’t used a deterministic build or if you didn’t download the software from a reputable source you may download in fact its software the thing that is most at risk there is your funds so if you put money into a wallet on a system that has a virus or malware some form of malware then you’ve heard likely to you lose your money that’s what the virus is going to target but it doesn’t actually pose a threat to the rest of the Bitcoin system and the reason for that is because on the Bitcoin network no nodes trusts any other node it is assumed that’s your nodes when it’s communicating with other nodes on the network it assumes that all of the other nodes cannot be trusted and it doesn’t take any of the data that is sent to it at face value it doesn’t assume that the data is correct every Bitcoin nodes independently validates all of the transactions blocks and forms its own authoritative opinion as to whether the nodes it’s connected to are telling it the truth or not if it finds nodes that are consistently lying to it sending its wrong transactions or invalid blocks it disconnects from those nodes and stops talking to them so every node has this defensive mechanism where it doesn’t trust any other nodes on the network and it validates for its own authoritative perspective the transactions the blocks all the way back to Genesis block as a result you don’t need to trust that other software is doing what it’s supposed to do you don’t trust that other software is doing what it’s supposed to do you validate yourself or rather your computer node validates everything itself so yes we can have malicious software introduced into Bitcoin it’s hard to do because of this deterministic build process because you can essentially evaluate a chain of custody that goes from the developer source code that’s widely reviewed all the way to the executable but even if you don’t validate that the risk that that poses is primarily to your own funds in your own machine because no other node on the network will trust you by default we don’t trust other systems the trustless nature of Bitcoin the decentralized nature of Bitcoin is because it doesn’t trust any other nodes on the network how is consensus on new rules and upgrades reached and who decides on what updates to include or reject our developers getting paid to do that so consensus on new rules and upgrades is reached in stages and at different parts of the system ultimately the people who decide which upgrades get implemented are the people running nodes and specifically the five constituencies of consensus the five groups of people that have control over consensus and these five groups have overlapped between them but broadly speaking they are the miners who choose what software to mine with the merchants who choose what software to run on the nodes that are accepting payments or buying and selling commercial goods and services the exchanges that are running nodes and deciding Watts rules to accept transactions for deposits and withdrawals and exchanges of cryptocurrency the developers who write the software but can’t force anybody to run that software and the companies that create wallets that decide what rules those wallets will work with and ultimately also the users who run those wallets or run their own nodes consensus is an emergent phenomenon meaning that the rules emerge from the agreement of all of those parties to operate under a single set of rules and those who deviate from the rules are punished by loss of funds they lose opportunity they lose profit they lose funds directly developers are getting paid nowadays because there are many companies that are willing to subsidize or fund or hire developers to work not only on their own projects but also to work on the core protocol but there are probably more than 400 contributors to the core protocol for example in the Bitcoin core project and they’re paid by a number of different companies and many of them are volunteers also you’ve got to keep in mind that many of these developers they can get a job pretty much anywhere they want and get paid very well for that job so they work wherever they want to work and on the projects they want to work they’re very very independent in that way they can’t be forced to implement the change they’re not interested and implemented in fact even the companies that pay them have to let them work on whatever they want to work because otherwise they’d stop working there many of these developers if you ask them why do you work for this company they’ll tell you I work for this company because all of the most smart people in the world that I know work for this company – probably one of the best rewards for developer or any creative or artistic person is to work among the best in their field and to be able to work with the best in their field on a daily basis they don’t do it for money how can a node running on one software for example Bitcoin core communicate with other nodes running a different software how does a miner decide to which software to use is it common for a miner to switch to another software that’s a great question so there’s a difference between the software the protocol and the consensus rules and all three matter so you can have one piece of software pick one core and that has a certain implementation but it uses the common protocol to communicate on the network and it follows the common consensus rules now Bitcoin core as the reference client tends to lead in what the interpretation of the protocol and the consensus rules is but nobody has to run Bitcoin core you can run a different software for example there is an implementation in nodejs called B core which is fully compatible in the protocol level fully compatible in the consensus rules there’s another implementation called the Bitcoin and Lippett coin is fully compatible with Bitcoin core in the protocol and in the consensus rules so by speaking a common language and following the same rules these three different clients can communicate on the same network arrive at the same consensus as to what has happened on the network and continue to remain within consensus by following those rules a miner can run any one of those for example to do mining and it really depends on what their preference is in terms of scalability and code quality and maintainability and security is it common for a miner to switch to another software not really and part of the reason for that is because Bitcoin core has demonstrated an extremely high level of quality with very very well tested software that’s tested not only by the developers but of course by everybody else who’s running it and very high standards for code maintenance and security updates which means that a miner switching to another software they can of course do that if they believe that the other software will be better maintained deliver better quality code or more secure code than the Bitcoin core project so far that doesn’t seem to be happening most miners use I think all miners in fact use Bitcoin core because it’s proven to be the most reliable software out there you