Bitcoin address blacklists discovered in Gentoo Linux
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
October 10, 2014
It's being reported this morning that Bitcoin address blacklists have been discovered in the Gentoo Linux bitcoind 0.9.3 distribution that was issued a few weeks ago.
The security patch was deployed by Bitcoin developer Luke Dashjr who maintains the Gentoo distribution.
A bug report was posted to Gentoo’s bug repository-- ``Net-p2p/bitcoind and net-p2p/bitcoin-qt enables ljr use flag by default, then breaks bitcoin altogether.``
The official bitcoind and bitcoin-qt in the Gentoo distribution enables security patches which breaks Bitcoin by default.
Please disable the ljr patches by default or preferably all together, Gentoo advises.
Enabling the [ljr use flag] results in errors like these-- 2014-10-05 11:38:09 ERROR: AcceptToMemoryPool : ignoring transaction 289673d37df1a709829b3f3ea7b8549703f4251f26f5721863aacbccc47b95a9 with blacklisted output (SatoshiDice).
The report was then followed by an intense discussion on the Gentoo bug repository and the Reddit website.
Luke-jr has taken corrective measures and apologized on Reddit earlier today-- “Deploying the ‘ljr’ USE flag to Gentoo as a default was wrong and has since been disabled, as well as splitting the spam filtering off to an independent ‘ljr-antispam’ USE flag so the rest of my patch is not tied to it.``
``Currently, these changes are only available in the bitcoin overlay, but should make it to the main Portage tree within a few days,`` he added.
``While I still believe the full patch is the best solution for users today (I have been using it for years myself), I do recognise that it should not be enabled without ensuring everyone receiving it is well-aware.``
``What I should have done, in hindsight, was at the very least have a pre-installation notice informing users of the patch and a link to more details on what exactly is included in it and what those changes mean. I will put more effort into ensuring future patches are clearly disclosed upfront,`` he added.
``Over the longer term, my hope is to see a BITCOIN_NODE_POLICY variable that can be specified as “ljr”, “vanilla”, or hopefully many other policies to match people’s many different preference in how their own system’s resources are utilized,`` he said.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!