401
|
Economy / Service Discussion / Re: MtGox withdrawal delays [Gathering]
|
on: December 21, 2014, 08:13:45 AM
|
Whether bitcoin meets an early demise or not, there are certainly those out there who wouldn't mind giving it a little nudge towards the grave. I'm not talking about Prof. Bitcorn either who probably regrets now what he said. The anti-bitcoin publicity drive was kicked into high gear by the Mt. Gox collapse and has been relentless ever since. The proof point always is "Look at what happened to Mt. Gox."--it has become the poster child for why bitcoin is too scary for ordinary investors.
Prof Bitcorn may regret having given a specific date, but he has been interviewed recently and still stands by his "under 10$" prediction. His arguments are still valid. Negative articles these days do not mention MtGOX as much as the 60% loss of value over this year. For most investors, that is a very good reason to stay away from bitcoin. What is more disturbing to rational investors is that the bitcoin supporters and recognized bitcoin experts cannot provide a good explanation for why it surged 10x in 2013-11, why it has been falling through most of this year, why it had a modest recovery starting 2014-05-20, and why one should expect it to rise again in the future. I have my partial explanation for the first two. China had a huge number of amateur commodity speculators, and they switched to trading bitcoin when the Mainland exchanges opened in Beijing and gave them access to that market. But they have been dropping out it since the PBoC reduced it to a bad gambling game. (Because of the constant mining output, day-trading in bitcoin is a negative-sum game: the majority of traders must lose money, and the longer they trade, the more money they lose.) You won't find this explanation being aired in the bitcoin media like Coindesk, or offered by bitcoin gurus like Andreessen or Antonopoulos, because it is very bad for marketing. "By investing your life savings in our bitcoin fund, you will be placing your future in the hands of an army of amateur day-traders in China, who have no idea of what the blockchain is, and couldn't care less about it." Sure, why not? After a year, the only article that has looked into the demographics of the Chinese bitcoiners was published in (of all places!) the Chritian Science Monitor: http://www.csmonitor.com/World/Asia-Pacific/2013/1206/Why-the-Chinese-can-t-get-enough-of-Bitcoin-despite-bank-banThe bitcoin press much prefers to "explain" the price of bitcoin by ridiculous technical analysis, like that linear extrapolation of the logscale plot (which has been rather absent of late, since it now only shows that the extrapolation does not work any more). I still have found no explanation for the modest bubble that started on 2014-05-20. I also do not see any reason to expect another bubble in the future, that would push the price higher than the 2013-11 one. In my understanding, that would require the opening of a new market, even bigger (in terms of disposable money) than the mainland Chinese speculators. Where would that market be?
|
|
|
402
|
Bitcoin / Hardware / Re: BFL fucked us over again
|
on: December 21, 2014, 07:43:37 AM
|
Nice find! Quite intredasting... He may have gone the other way -- created a vanity address from a nickname that he picked before 2012-09-12. But the simplest explanation that fits the dates seems to be that one. There are 59 characters that can appear in addresses, correct? The chance of a random address ending with "SLok" is about 1 in 12 million. The chances of an EMC client having such an address by mere coincidence is still one in several thousands...
|
|
|
403
|
Bitcoin / Project Development / Re: [ESHOP launched] Trezor: Bitcoin hardware wallet
|
on: December 21, 2014, 07:15:54 AM
|
To clarify (?):
* No device will protect you, if you got the wrong address to start with.
the discussion was about finding methods to prevent that, BIP70 with a correctly enforced certificate chain being one suggestion, in which the device can help (by enforcing said certificate chain) Exactly. AFAIK Trezor plans to implement this BIP once it's accepted (It's in the final draft stage now). But provided that BIP70 is used, device may be able to protect you against address replacing malware. Assuming however that everybody you want to send bitcoins to can be certified in that way. What if the address-switching malware does its trick only on non-secured addresses? By the way, I do not see in the BIP-70 write-up an analysis explaining why it would be secure against malicious browsers and apps. I see only a claim that it is "more resistant" to them, but no explanation why. Is that obvious?
|
|
|
406
|
Bitcoin / Development & Technical Discussion / Re: Reused R values again
|
on: December 21, 2014, 06:38:50 AM
|
What's happening on blockchain.info? Lots of large transactions, loads going into this address - 1HWuTMEpRT8vUVLJ4C6Bkb28wwH3GvZkoX It's almost like somebody is sweeping wallets running down in wallet balance. I'm watching it go from eg - 63.87553 BTC to 63.65544 BTC to 63.4323 BTC [ ... ] This is insane, the total received is flying up on this address https://blockchain.info/address/1HWuTMEpRT8vUVLJ4C6Bkb28wwH3GvZkoXThe BCI page is quite misleading and confuses people all the time, it seems. The "Total received" field displayed by BCI is a pretty useless number, it is just the sum of all inputs to that address, including "change-back" amounts sent from that address to itself. So it only increases. The meaningful number is the "Balance", just below it, which in this case is now decreasing. That 1HWu address once collected many small payments from many sources, with some transactions with dozens of inputs; e.g. https://blockchain.info/tx/c8b71a3f0594a62b66caed2d18729264d65395645dd75a1fefab5c4f49687f4f on 2014-12-21 05:21:55 The inputs did not seem to be in any particular order. After that, it has been sending off small payments to many other addresses, e.g. 0.02539274 BTC to 1KeyvxgehPATPnnKYYb4ZckyXCHNzc5PgM, one by one. The owner of that 1HWu address processes each payment by taking the last input to 1HWu (say, 40.93936457 BTC), sending the small amount to the required address (say, 0.02539274 BTC to 1Keyv) and sending the change (40.91387183 BTC) back to 1HWu. Thus the "total received" keeps increasing, and each increment is the address balance, which is decreasing.
|
|
|
407
|
Economy / Service Discussion / Re: MtGox withdrawal delays [Gathering]
|
on: December 21, 2014, 01:28:13 AM
|
In fact, I'll never forget a professor in the New York bitcoin hearing held in late January predicting that bitcoin would hit $5 before the end of 2014. That's when it was still selling for north of $600! At this point, what did this gentleman know that would lead him to believe such a catastrophic loss was imminent? I'm not saying that he personally knew anything, yet it was common knowledge in certain circles back in the January to February timeframe that a massive sell-off was a definite possibility.
IIRC, he was the same Prof. who in another occasion predicted that BTC would be less than 10$ by mid-2014. There is a whole thread in this forum devoted to making fun of "Prof. Bitcorn". And yet he got it half right --- bitcoin lost 50% of its price between Jan/2014 and May/2014. I myself believe that it will probably end below 10$, although it may take a few years, and the price may do crazy things before that. So "Prof. Bitcorn" may still have the last laugh. AFAIK, his arguments did not have to do with MtGOX, but came simply from the fact that bitcoin has no underlying assets, pays no dividends, and has no backing institution committed (even weakly) to preserving its value. Therefore, the current price is still almost completely speculative: people are willing to pay 330 US$ for 1 BTC because they think that tomorrow people will think that the next day people will think that the next day people will think that ... that the next day people will think that some day, not too far away, people will think that it is worth 400US$, perhaps. He reasoned that the price cannot remain forever holding itself up by its bootstraps. If it were not for speculation, and people only bought bitcoin to use as currency, the price would be much less than 10$.
|
|
|
408
|
Economy / Service Discussion / Re: MtGox withdrawal delays [Gathering]
|
on: December 21, 2014, 01:09:25 AM
|
This article, posted March 2014, is outdated about the alleged "hack", but has some interesting trivia about MtGOX: http://www.wired.com/2014/03/bitcoin-exchange/I wasn't aware that Jesse Powell, who founded Kraken, was a close friend of Karpelès and Ver; so much that he rushed to help them after MtGOX was hacked for the first time, in 2011. I wasn't aware of this also and all this time day by day i search for news and updates for MtGox case... So let me understand... Founder of Kraken Jesse Powell and Mark Karpeles are friends? Jesse had helped him and now he helps also Kobayashi? What is going on? ?? I wonder if Kobayashi was aware of the close personal connection between Powell and Karpelès. Pehaps you should send Kobayashi a letter (on paper, to make sure that he reads it; formal and polite; even better if written by a lawyer) asking him if he is aware of that connection, with a copy of the article attached. No need to elaborate on theories or anything. If he was not aware, he will at least be more careful in his interactions with Kraken.
|
|
|
409
|
Bitcoin / Project Development / Re: [ESHOP launched] Trezor: Bitcoin hardware wallet
|
on: December 20, 2014, 09:17:41 PM
|
Now a weakness of having viruses on your computer could be that the address that you want to send the coins to can be modified before your PC displays it. IE you receive a PM and the virus changes all bitcoin addresses in your webrowser to their address or if you copy/paste it changes the addresses in the clipboard. So then when you THINK you're sending the bitcoins to the right person, it could actually be the wrong address. That is the #1 thing I would watch for.
This is the purpose of the screen, to verify the address and amount are correct before signing. no, it's not. The only way to guard against such attack (out of having one distinct channel to communicate Bitcoin addresses) is to support BIP 70 payments with properly pinned down certificates (so that the malware wouldn't be able to sign again in the middle with its own key). To clarify (?): * No device will protect you, if you got the wrong address to start with. If you are not a paranoid computer guy, malware could trick you by substituting the thief's address for a merchant's address that you got from email or a website. * Assuming you have the correct address (and a legitimate Trezor with legitimate bug-free firmware), checking the address on Trezor's screen will protect against malware on the PC. * As I understand it, the Ledger screen-less device picks some random letters from the address, and asks you to type the corresponding codes that you look up in an table provided with the device. Assuming you have the correct address (and a legitimate Ledger device with legitimate bug-free firmware), this protocol will protect from malware at first. However, as discussed above, after signing enough honest transactions the malware in the PC will get to know the code table; and then it will be able to trick the device into signing a transaction with the thief's address.
|
|
|
410
|
Bitcoin / Development & Technical Discussion / Re: Reused R values again
|
on: December 20, 2014, 06:44:46 AM
|
in order for the thief to generate the same private keys means he is also Blockchain.info user and they know who he is
The thief may be a BCI user, but it would be very stupid of him to use an address that BCI can associate to his person. He could easily have generated an address with any other software, and issued the transactions without using BCI. Unless he did first 5.9 BTC transfer within BCI, without thinking. There are other possibilities, I wonder: 1. The thief may have been scanning the blockchain, like @johoe, looking for weaknesses from the previous (non-BCI) bugs; 2. The BCI programmer introduced the bug on purpose, making it seem an accidental oversight; and then started scanning the queues and/or blockchains for compromised txs. 3. The thief stole the programmer's password at Github and uploaded the bug himself. (Perhaps he works at github.) 4. The thief hacked into the programmer's computer and introduced the bug on his working copy, which the programmer eventually committed. Has BCI excluded the last 2-3 possibilities above?
|
|
|
413
|
Economy / Speculation / Re: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion
|
on: December 19, 2014, 05:30:25 AM
|
BTC:RUR volume on BTC-e has "exploded" from ~200 BTC/day to ~800 BTC/day over the last 2-3 days. That is ~260'000 USD/day. Wow. In another few days those millions of desperate Russians will be able to buy a modest house in the Bay Area and relocate there. Seriously, volume has been up in all exchanges, as it usually does when the price changes fast (up or down).
|
|
|
415
|
Economy / Service Discussion / Re: MtGox withdrawal delays [Gathering]
|
on: December 19, 2014, 01:23:05 AM
|
we are heading to 1 year from shut down and still nothing back to us!
Bankruptcies in general take years to return money to creditors, and often return only a fraction of what is due (since a company goes bankrupt precisely becuse it has no hope of paying what it owes). People should know that before they trust their money to a company that does not undergo a real audit each quarter (and no exchange actually does that). This bankruptcy is quite unusual and complicated, with tens of thousands of creditors scattered all over the world, millions of records in its database, and 500 million USD of funds that management can't or doesn't want to explain where they went, and may not even have existed. For that reason the trustee asked, and was granted, extra time to collect and validate de claims; and he still seems to be quite lost about what to do. (It doesn't help that most of the creditors do not know, and do not want to know, what are the legal constraints that he must follow.) but i think police investigation with Mark and Kobayashi should have cleared the case within a month.... Of course i can imagine that Mark already hide whatever he could and now what? 1 year and we don't know if the coins ever existed or where are the coins now....
No one knows what the police has already found. That is normal, they are not expected to release any information until they have evidence that can stand in court (or conclude that they have no way to produce such evidence). The database has been leaked, but the "crowd detectives" that have looked into it have not reached any useful conclusions either, in spite of their considerable technical expertise. One problem is that most accounts remain anonymous, and thus may be fake, or may belong to the management, or to the thiefs. Another problem is that the database was doctored or truncated to an unknown extent. (That is one thing that the trustee's investigatores have already concluded). To get to the truth, the investigators need information from outside the database: they must subpoena bank records, interview people, get help from police forces in other countries... All that will take much more than 1 month.
|
|
|
416
|
Bitcoin / Project Development / Re: [ESHOP launched] Trezor: Bitcoin hardware wallet
|
on: December 19, 2014, 01:00:14 AM
|
You may like to know that the display-less competition has a serious weakness.
Which is why it'll be upgraded soon, but well, you need to bootstrap something at some point. Also, surprisingly, we still have a thread, which is, even more surprisingly, still not self administrated since the last few times I mentioned that to you => http://bitcointalk.org/index.php?topic=134999.0Thanks for the reminder, but I suppose that you have already discussed that problem over there.
|
|
|
417
|
Other / Off-topic / Re: Answer the question above with a question.
|
on: December 18, 2014, 11:36:46 PM
|
lol nice thread but some questions seems useless Why didn't you answer with a question? indeed when all you need to do is add one word... isnt ? why would you add only one word? Isn't that how computer types write a one-word sentence -- namely, they start with an empty sentence and then add n words to it, where n =1?
|
|
|
418
|
Bitcoin / Project Development / Re: [ESHOP launched] Trezor: Bitcoin hardware wallet
|
on: December 18, 2014, 10:17:38 PM
|
You may like to know that the display-less competition has a serious weakness.
The risk is a malicious software on the PC that plays the man-in-the-middle attack: it displays the merchant's address to the user, but uses the thief's address in the thansaction that is given to the device to sign.
The Trezor guards against that attack by displaying the address on its own window and asking the user to confirm through a Trezor button. The malware on the PC cannot interfere with that step.
The competition's device instead asks the user to pick a few specific letters from the displayed address, look them up in a code card provided by the manufacturer, and enter the corresponding codes on the PC keyboard. The malware on the PC does not know the code table, so it cannot convince the device to sign a different address...
... well, not right away, no. However, while signing a transaction honestly, the malware on the PC can record the letters shows to the user, and the corresponding codes that he typed. After honestly signing a certain number of transactions, it will know enough entries of the code table to pull the man-in-the-middle attack.
|
|
|
419
|
Bitcoin / Development & Technical Discussion / Re: Reused R values again
|
on: December 18, 2014, 06:41:13 PM
|
The prng code is 30 lines. It was trivial to resolve the few syntactic differences by hand.
Hmm... I used to test potential employees with less than 30 lines of C++ that only one out of one hundred understood perfectly so I guess that you must be an extremely good programmer. But a C++ program is a C program encrypted with a very strong encryption method.
|
|
|
|