
Gavin Andresen's commit access to Bitcoin revoked, hacking suspected - apsec112
https://twitter.com/petertoddbtc/status/727078284345917441
======
tveita
This looks like a political statement, not like a serious security measure.
"No sane person would say the things this guy is saying, so he must have been
hacked." Like the Soviet Union where political opponents would be declared to
be insane to silence them.

What damage are they afraid he will do with commit access? Wouldn't it be
better to wait for him to commit so they can see what the "hacker" is trying
to accomplish?

~~~
petertodd
> What damage are they afraid he will do with commit access?

A lot of people run Bitcoin Core directly from the github repo without
checking the git commit signatures; someone who pushed a backdoored commit to
that repo could easily steal funds.

~~~
kerkeslager
> A lot of people run Bitcoin Core directly from the github repo without
> checking the git commit signatures

What? Why?

~~~
petertodd
Same reason people do curl | sudo bash

------
comboy
FYI, turns out he was not hacked:
[https://www.reddit.com/r/btc/comments/4hfyyo/gavin_can_you_p...](https://www.reddit.com/r/btc/comments/4hfyyo/gavin_can_you_please_detail_all_parts_of_the/d2plygg)

~~~
rhema
You would think that Satoshi, who has been in hiding for so long, would have a
fully planned reveal. He/she has had a long time to plan. As long as Satoshi
is not outed unintentionally, I would think he/she would have a long list of
lawyers and accountants. Roughly 1 million btc could be 400 million in assets.
That's a heck of a lot of capital to be dealing with reporters directly.

~~~
matt_wulfeck
His interview with BBC suggests he was outed against his desires and before he
had settled tax questions with the ATO.

~~~
woliveirajr
Having access to more critical data / keys / and so on, if he really planned
to go out, there would be better ways.

------
wfn
Apparently the "verification" shell script that Craig supplied had a
deliberate typo which made signature check step worthless:
[https://www.reddit.com/r/btc/comments/4hfyyo/gavin_can_you_p...](https://www.reddit.com/r/btc/comments/4hfyyo/gavin_can_you_please_detail_all_parts_of_the/d2poy67)

~~~
jcoffland
What this means is still unclear but it's not looking good for Craig Wright
being Satoshi.

------
Lazare
I'm as interested in the Satoshi/Wright drama as the next bored geek, but...

...come on, this is just getting silly. Nobody _really_ thinks Gavin was
hacked, do they?

------
tlrobinson
It's worth noting Gavin and Peter don't exactly see eye-to-eye on the future
direction of Bitcoin. I sense a hint of glee in this tweet.

------
jcoffland
The Core devs have been waiting for a chance to cut off Gavin's commit access.
This was just an excuse. I'm not defending Gavin. At this point it looks like
he was fooled but taking away his commit access was a political move. Commits
are public and reversible so there is no security emergency. Of anything this
is a strike against the credibility of the Core devs.

------
satysin
Sorry I have not been following what has been going on, can somebody catch me
up with a TL;DR?

~~~
VMG
Australian dude publishes fake proof he's the famous inventor of bitcoin:

* [http://www.drcraigwright.net/jean-paul-sartre-signing-signif...](http://www.drcraigwright.net/jean-paul-sartre-signing-significance/) * [https://www.reddit.com/r/Bitcoin/comments/4hflr3/craig_wrigh...](https://www.reddit.com/r/Bitcoin/comments/4hflr3/craig_wrights_signature_is_worthless/)

High-profile Bitcoin dev Gavin Andresen inexplicably supports the fraudster:
[http://gavinandresen.ninja/satoshi](http://gavinandresen.ninja/satoshi)

~~~
lumberjack
It looks unlikely but is there any actual evidence that he is not Satoshi?

~~~
Lazare
There is circumstantial evidence that he isn't Satoshi, eg, he doesn't sound
like Satoshi sounded, he doesn't act in ways congruent with Satoshi's actions,
he doesn't seem to share goals with Satoshi's actions, he doesn't seem to have
knowledge Satoshi had, etc.

On the other hand, it's absolutely possible that Wright _is_ Satoshi, and is
simply engaging in an elaborate hoax in which Satoshi does a great job of
pretending to be someone else who is doing a bad job of pretending to be
Satoshi. It could be!

This is the bitcoin equivalent of Last Thursdayism
([http://rationalwiki.org/wiki/Last_Thursdayism](http://rationalwiki.org/wiki/Last_Thursdayism))
and much like the original, it's impossible to disprove.

Bottom line though: The real Satoshi could trivially prove he was Satoshi if
he wanted to; Wright has not. Either 1) he's not Satoshi, or 2) he doesn't
want to prove that he is Satoshi. Given that he spoke to the BBC in an
apparent attempt to prove he is Satoshi, we can provisionally rule out option
2, leaving option 1:

He's not Satoshi.

~~~
gypsy_boots
This is my first time hearing of Last Thursdayism. Thank you for making my
head spin before 10am

~~~
Analemma_
RationalWiki: The first hit is always free ;)

------
uptown
For those that do own or trade Bitcoin, how did you acquire them? Mining? Buy
them out-right using a linked bank account on Coinbase (or some other
marketplace)? Received them in-trade from someone?

~~~
empath75
I have a regular scheduled buy on coinbase. I just use it as a second savings
account that has _waaaaay_ better returns than my actual savings account over
the past year.

~~~
uptown
And do you trust them linking to your bank account to perform the withdrawal?
I've never dealt with Coinbase before.

~~~
lucb1e
At least in Europe, fraudulent direct debit withdrawals are a lot more
damaging to the company performing them than to the person whose money was
taken -- the latter can undo the transaction and the former might lose the
right to do any (legit or not) direct debits plus bad press.

------
plingamp
There are so many theories on what is happening, let me propose yet another.
Satoshi Nakamoto is akin to the Dread Pirate Roberts. Who knows how many
Satoshi's there have been? Some may have died, some may have lost interest,
but the torch continues to burn, and must be passed on.

------
nxzero
Allowing any single person be able to push a commit to something as important
at Bitcoin sounds dangerous.

~~~
ianpurton
There's more to it than that. Bitcoin has many eyes watching the commits so a
commit from a bad actor wouldn't get very far.

Secondly the devs come to some form of consensus and Gitian build is created
and signed. [https://gitian.org/](https://gitian.org/).

Thirdly, the miners decide whether to build the blockchain based on the newer
version of the software.

~~~
nxzero
Do you know how Bitcoin insures the code reviews are done and there's not bias
in the review process?

~~~
pas
In theory they only do merges and everything has to go through a pull request.

Probably with this required status checks feature:
[https://help.github.com/articles/enabling-required-status-
ch...](https://help.github.com/articles/enabling-required-status-checks/)

------
typeforce
Relevant: [http://www.theonion.com/article/us-economy-grinds-to-halt-
as...](http://www.theonion.com/article/us-economy-grinds-to-halt-as-nation-
realizes-money-2912)

------
jbmorgado
Bitcoin is just a soap opera that keeps on giving... it's fantastic how much
credibility something can keep loosing and loosing.

~~~
orblivion
Why laugh at someone's failure? They're trying to pull off a very different
power structure. It has political issues they clearly haven't worked out, but
how much time in the grand scheme have they had to do so compared to the
standard ones?

~~~
Frondo
Well, because, frankly speaking, they're trying to pull off a very different
power structure without getting buy-in from everyone involved.

Green U.S. money? At least, at the end of the election cycle, I can cast a
vote for someone who will appoint a Fed chair I like. There's some tenuous
link from the decision-makers back to me, an American voter.

The bitcoin people? They just said "here it is, oh and also we call all the
shots, kthxbye". What if there's some feature of the new power structure I
don't like? Where can I seek redress? Ask a bitcoin advocate, and what you get
is crickets.

A new power structure should be _more_ inclusive of people's voices, not less.

So, in this case, I welcome the failure.

~~~
jamoes
With bitcoin, the election cycle is always happening. Every single block
miners decide which rules they want to enforce, and which proposals they want
to signal support for. You want to support 2 MB blocks? Run Bitcoin Classic,
or point your mining software toward a pool that supports it. You want to
support segwit? Run Core 0.12.1. Ultimately, the _market_ decides what becomes
of bitcoin, not some unaccountable, unelected bureaucrat.

Also, with bitcoin, all interaction is completely voluntary. There are no
legal tender laws or taxation propping up the value of the currency.

> So, in this case, I welcome the failure.

I wouldn't hold your breath. Bitcoin has been through many incidents that are
far worse than this, and it's only come out stronger for it.

~~~
Frondo
That's not an election. That's not voting.

And you and the other guy are illustrating _really well_ what I mean about the
bitcoiner anti-democratic point of view.

Running a piece of software isn't voting, and isn't "power to the people," but
you guys get so stuck up on this wordplay about how running the software is
the real, authentic "voting" that you really kinda miss the boat there.

So, well done with that.

~~~
EdHominem
So what does a real authentic vote look like to you, in a decentralized
system?

Who calls for the vote? Who counts them? Who is allowed to vote? Who isn't?
Who proposes ideas for a vote?

When the pool of people who understand what Bitcoin is gets totally
overwhelmed by people who don't, what keeps really stupid decisions from being
made?

When people vote for something that isn't already coded, who is responsible
for coding it?

------
coderdude
I like how Satoshi is a kind of genius God in some people's eyes. Explaining
what he would do in a situation, as though it is written in gospel somewhere.

~~~
ebbv
That's because Bitcoin's value is entirely belief based (you can't do anything
useful with a Bitcoin if nobody else believes it has value), so the whole
thing is much closer to a religion than anything based on reason and logic.

~~~
hellbanner
What kind of currency do you accept for your work? Is it reason and logic
based or a fiat "belief based" currency?

~~~
BenoitP
I'll take a bite. A currency that is backed by a powerful and stable state.

A state that enforces nearly constant but low inflation; a process by which
money has to be invested and flow into an economic system in order to have a
shot keeping the same value.

I bought 7BTC in April-May 2011 when they were at 7EUR each, during one of the
first press-coverage booms. Private key is currently in a cupboard on my old
laptop; And precisely because Bitcoin has not inflation, they're staying
there.

