voluntarylabs / bitpost Goto Github PK

Hey guys,

Is it possible to export/back-up my identities?

Expected:
After clicking on close button if left upper corner (X) program is still marked as running in dock and I can open it by clicking on it in dock

Actual
After clicking on close button if left upper corner (X) program is still marked as running in dock but I CAN NOT open it by clicking on it in dock. For opening it I need to quit from it (right click in dock => quit) and open again

Can be reproduced: 100%

Mac OS: 10.9.4

BM-2cUKCK3nsVeGTm7w9oWY9DfX3xmDfa4ttA

The default Bitpost download happens over plain HTTP, not HTTPS. This means that a man-in-the-middle attacker on the network could trivially alter the executable binary to be a virus, potentially breaking the privacy that bitmessage claims to have, or stealing bitcoins, as many users who use bitpost also use cryptocurrencies.

The checksum on the website doesn't help, as it can also be modified in transit easily.

I understand I have the alternative of downloading releases from GitHub using https, but this is not something the average user will do.

Let's move voluntary.net to HTTPS and provide a download link to HTTPS as well. Let's have the binary SHA1 digest on an HTTPS-hosted website also.

The website currently contains a SHA1 digest of the binary download. While specific collisions have not yet been found, there are strong indicators that this can be broken given the right amount of money. I understand that the threat model of bitmessage thwarts against powerful agencies and can protect people who are performing acts against malicious governments, that can be particularly powerful.

Under this threat model, the use of SHA1 should be sunset and we should be switching to SHA256 for these checksums.

Click on an address in a received message, you're automatically put in the "Contact" tab with the cursor on "Enter Name" in the right hand pane (that part is very clever, I like it). Enter a name and hit return. A check mark appears below the address. Nothing else happens, contact is not added.

Click Channels
Click +
A new channel appears "Enter channel label" but is not editable.

The only thing you can do is delete it.

It would be nice to have some sort of indicator about how far out of sync messages are.

I download the source code folder ,and opened it in xcode, and tried to run it,t hen the error showed.

https://voluntary.net.s3.amazonaws.com/Bitpost.0.8.3beta.zip

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>Bitpost.0.8.3beta.zip</Key><RequestId>4B00AE4557759F55</RequestId><HostId>jOZ9MQfsIQSp/FEXP/hJAXPZkD3lus/PNeZuUTjjQntgTy8FNGWGp+wAn/RjH7Ei</HostId></Error>

Via a pinned key in the app.

If you need any help/advice with this please let me know.

Make sure to use this Sparkle: https://github.com/sparkle-project/Sparkle

Every time I start Bitpost I need to resize the window because it is too large.
Can you store the window dimensions after you close the application?

Sometimes Bitpost doesn't load and display a box with this title.
I have to restart it several time before it opens correctly.
What does it mean?

The current git tags used for releases are lightweight and not annotated. This is not suggested for release tags. Let's do the following:

• Switch to annotated git tags
• Start GPG-signing releases

The latter step is crucial if the PKI hierarchy for HTTPS is not expected to be trusted. The bitmessage threat model involves bad actors who can control the PKI hierarchy, and thus should not be relied upon for. While most users can rely on HTTPS for their downloads, users who require privacy against powerful actors will want to verify the GPG signatures on the binaries, so GPG-signing tags is important.