1301
|
Economy / Speculation / Re: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion
|
on: October 03, 2014, 05:05:14 AM
|
How dumb can one be: Keeping Your 750 BTC on Your Bitcoin-Qt client on Your MacBook and then going online withit on public WiFi when travelling to Bali Respect, "former computer science student" Everybody will do some really stupid thing now and then. People are said to be "smart" if they do it only now and then. The article I can find on this is really fucking terrible. However, I cant feel much sympathy for him. As long as the thief left him behind a couple % of his wallet, then they are fine in my books too. Weird. Will you think so when it will be your turn to have all your coins (minus a couple %) stolen?
|
|
|
1303
|
Other / Off-topic / Re: Answer the question above with a question.
|
on: October 02, 2014, 09:34:20 PM
|
So what about now?
I don't know; does anyone care about mistletoe? Don't you think that's a strange question? Don't you think one of the fun in this thread is to ask strange questions? Would lead carbide be a more fun topic than mistletoe berries?
|
|
|
1304
|
Bitcoin / Hardware / Re: BFL fucked us over again
|
on: October 02, 2014, 08:56:06 PM
|
Someone asked why would Josh's passport record a trip through North Korea and wondered whether mining chips can be used for military purposes.
I supposee that if he were indeed involved in illegal military or intelligence businesses with NK, he would not go in person and have his passport stamped. But who knows.
As for other uses of mining chips: I believe they can be handy for certain kinds of cryptanalysis. Say that you know the precise contents of a document (e.g. a webpage, an automatic email, a PDF form, etc.) except for one variable field (PIN, password, CC number, bank account, crypto key, ...) and you know the SHA256 hash of the document. Then you can discover that unknown field by brute-force enumeration of all possible values and computing the respective hashes.
With a 1 GH/s chip you could recover a 9-digit PIN or a 5-character password from that data in about one second, a 6-character password in few days, etc. . With a 100 TH/s installation you could crack an 8-character password in a few seconds, etc.
|
|
|
1306
|
Economy / Speculation / Re: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion
|
on: October 02, 2014, 08:08:32 PM
|
The largest denomination banknote ever officially issued for circulation was in 1946 by the Hungarian National Bank for the amount of 100 quintillion pengő (100,000,000,000,000,000,000, or 1020; 100 million million million). The text says apparently "ONE BILLION B.-PENGŐ". Is a "B.-PENGŐ" one billion pengő? (note that "Billion" is "milliard" in Hungarian.)
|
|
|
1307
|
Other / Off-topic / Re: Totally Off-Topic!
|
on: October 02, 2014, 04:19:41 PM
|
Although I have seen claims that some alchemical traditions substitute Milla Jovovich for chewing gum.
|
|
|
1310
|
Bitcoin / Hardware / Re: AMT users thread.
|
on: October 02, 2014, 03:12:17 PM
|
The crazy thing is no matter what the miner ALWAYS reports 1.27Ths. So some web coding was done to falsify the numbers. Probably why SSH access was such a pain in the ass to get for most. Because then it means getting access to cgminer and seeing the real hash rate.
There is no such thing as a "part-time" or "mostly honest" scammer. Once a person chooses that path in life, he must follow it in earnest.
|
|
|
1311
|
Other / Off-topic / Re: Totally Off-Topic!
|
on: October 02, 2014, 02:55:05 PM
|
The five elements that make up all things in the universe are air, fire, water, earth, and chewing gum. I learned that from a comic strip, years ago.
|
|
|
1312
|
Alternate cryptocurrencies / Altcoin Discussion / Re: The Monero Free For All Thread
|
on: October 02, 2014, 02:17:38 PM
|
Upthread an assertion that the 4 blocks in 1 minute event would occur ever hour was implied to mean "no evidence for" [...]
Indeed it means that the fact "several instances of 4 blocks in one minute" is no evidence for anything. Surely you know the difference between "X is not evidence of attack" and "X is evidence that there is no attack".
|
|
|
1313
|
Alternate cryptocurrencies / Altcoin Discussion / Re: The Monero Free For All Thread
|
on: October 02, 2014, 02:10:48 PM
|
Did you miss the entire discussion about permutations of consecutive independent trials (i.e. not separated by 65 minutes each)?
I saw the lengthy discussion, and I did not see the point of it. If someone is causing the block rate to be higher than one per minute, that should be detected by counting blocks in some long interval (say, 10 hours) . If the block rate is OK but the suspicion is that the timing of blocks is being manipulated, that should be detected by plotting a histogram of block-to-block gaps, or of number of blocks in successive 2 minute intervals, again over a long enough period. Computing the probability of a certain complicated pattern occurring, after seeing it occur, is a tricky business. The chance of my mother marrying my father was one in two billions or so; that does not mean that my mere existence is a sign that something fishy is going one with the universe...
|
|
|
1314
|
Alternate cryptocurrencies / Altcoin Discussion / Re: rpietila Altcoin Observer
|
on: October 02, 2014, 09:35:23 AM
|
Hm, this is quite a change from the arguments used up to six months ago. Claims like "1 BTC will soon be worth over 100'000 dollars" were entirely based on the prediction that bitcoin would capture some fraction of the e-payments in the world, and the price would have to be that high in order to have that much dollar volume with 21 million coins.
Although I reserve the right to change opinions, that is something I have never emphasized. Only that someone else but you has said it, does not make me responsible. I did not mean you specifically, but that was THE argument, nine months ago. I don't recall reading any other back then.
|
|
|
1315
|
Other / Off-topic / Re: Totally Off-Topic!
|
on: October 01, 2014, 09:28:15 PM
|
That was the controversial first interracial kiss that was aired on live television.
When was that? I recall an old TV series with a black mom, white dad (Mickey Rooney perhaps?), but I don't recall them ever kissing. Or even touching. Just to remain off-topic, the poles of the Earth are more than 20 km closer to the center than the Equator is; almost as far as the Poles in Poland compared to the Ecuadorians in Ecuador.
|
|
|
1316
|
Bitcoin / Project Development / Re: [NOW AVAILABLE] btchip : a Smartcard wallet
|
on: October 01, 2014, 08:17:13 PM
|
[ Reposting some comments from the Trezor thread, somewhat edited ] 1.) [ The BTCchip] has no screen but offers a "hardened mode" which requires you to plug it into another computer (or the same one). It will emulate a keyboard and tell you the transaction info and a one-time PIN which you'll have to enter after re-plugging again into the main computer with the wallet. It's way less elegant than trezor in this regard, but this protects against malware sneaking in attackers address.
If you plug it into the same computer, which is compromised, the malware could intercept the keyboard signals coming from the device and replace the transaction details shown to the user, while retaining the PIN. Or is there a protection against that? How could there even be a protection against that ? It just raises the malware complexity from an application malware to a full OS compromise. If you are using someone else's computer, it may easily have a hacked OS. Ditto if the malware was installed in your computer by someone hacking into it with root access. The Trezor seems to protect against that risk, since the transaction details are displayed on the Trezor's screen and confirmed there. (Neither device will protect against the user copying or scanning the wrong payment address from merchant's homepage that was hacked --- at the server, by IP/URL spoofing, or by a compromised browser. For that, the user must be careful to get the address from a secure source that cannot be easily hacked.) Hardware wallets are supposed to be most useful when one is traveling and must use a computer provided by the local shop, hotel, guide, cybercafe, etc.. In those scenarios, there is the possiility that the PC has malicious hardware as well as malicious software, that the devce will be stolen after the use, and that there are hidden cameras watching over the user's shoulder. One should make sure that they are safe in that scenario.
Then just use the next computer sitting nearby to view the second factor. Works well in a cybercafe and a hotel. I am not clear yet on how BTCchip works, but if one computer in such a place is compromised, there is a high chance that all of them are. Especially if (a) the computer was compromised specifically to steal bitcoins from BTCchips (which is the assumption), or (b) the hacker may be an employee of the place. 2.) The device requires the user to enter a PIN. If entered wrongly 3 times, device will delete wallet info.
I understand that it is a fixed PIN that must be entered in "non-hardened mode", or before starting the "hardened mode" procedure; correct? In that case, if malware on the computer captures that PIN, and the device is stolen some time later, would that captured PIN enable the thief to use the device? yes, the PIN is not an anti malware protection, it's an anti theft protection. If a chip-enabled credit/debit card gets stolen, the owner should worry that the PIN was captured visually (by a camera or person looking over his shoulder) or by a physically hacked CC reader at some store. If a BTCchip gets stolen, the owner should worry that the PIN may have been captured visually as he typed it on the computer's keyboard, OR by a keylogger in the computer. The latter is much more likely to occur than a hacked CC reader. If a Trezor gets stolen, the owner should worry only if there is a chance that the PIN scramble matrix was captured visually from the Trezor screen. Malware alone cannot capture the Trezor PIN. General comment: Stealing bitcoins by hacking may become a big issue, if it is not already. Hardware wallets like Trezor and BTCchip surely improve the security, but substantial risk will remain. Malicious hackers will be strongly motivated to use all their ingenuity to overcome the device's protections. Bitcoin theft seems more tempting than credit/debit card theft, for several reasons. For one thing, bitcoin transactions are instantaneous (even though confirmation may take 10 minutes on average) and final. Even if the victim uses Trezor or BTCchip, if the device is stolen after the thief got the PIN, the coins will probably be gone before the user gets the chance to move them, and they cannot be recovered (unless the thief is caught and convinced to return them). In comparison, when someone's credit/debit card is stolen, the owner can call the company to cancel it, and there is a good chance that it will be canceled before the thief has a chance to get value out of the card. Moreover, the bitcoin network provides no anti-theft barriers: no one will call the victim to confirm a transaction that moves a million BTC from his account to someone else's account. Even if if the probability of success of some hacking attack mode is 0.1% or less, the per-target cost of such an attack is small, thousands of computers can be hacked automatically, and the payoff from one successful attemp may be quite substantial. See that Australian guy who was recently hacked out of 750 BTC, almost 300'000 USD. Note that the malware may be programmed to act only if the wallet has a large enough sum. I do not expect that the manufacturers of hardware wallets will go out of their way to warn users of these remaining risks. The bitcoin media and the community should do that. However, manufacturers should put clear disclaimers in their warranties and ads, so that they are not blamed if bitcoins are stolen from clients.
|
|
|
1319
|
Bitcoin / Project Development / Re: [ESHOP launched] Trezor: Bitcoin hardware wallet
|
on: October 01, 2014, 03:34:05 PM
|
That thread is moderated by the manufacturer. Nothing against BTCchip specifically, but product criticisms are often deleted in such threads. Inasmuch as criticisms of BTCchip are indirect endorsements of Trezor, its seems safer to post them here. If you plug into the same computer, which is compromised, the malware could intercept the keyboard signals coming from the device and replace the transaction details shown to the user, while retaining the PIN. Or is there a protection against that?
How could there even be a protection against that ? It just raises the malware complexity from an application malware to a full OS compromise. If you are using someone else's computer, a hacked OS is no big deal. Ditto if the malware was installed in your computer by someone hacking into it with root access. The Trezor seems to protect against that risk, since the transaction details are displayed on the Trezor's screen and confirmed there. (Neither device will protect against the user copying or scanning the wrong payment address from merchant's homepage that was hacked --- at the server, by IP/URL spoofing, or by a compromised browser. For that, the user must be careful to get the address from a secure source that cannot be easily hacked.) Hardware wallets are supposed to be most useful when one is traveling and must use a computer provided by the local shop, hotel, guide, cybercafe, etc.. In those scenarios, there is the possiility that the PC has malicious hardware as well as malicious software, that the devce will be stolen after the use, and that there are hidden cameras watching over the user's shoulder. One should make sure that they are safe in that scenario.
Then just use the next computer sitting nearby to view the second factor. Works well in a cybercafe and a hotel. I am not clear yet on how BTCchip works, but if one computer in such a place is compromised, there is a high chance that all of them are. Especially if (a) the computer was compromised specifically to steal bitcoins from BTCchips (which is the assumption), or (b) the hacker may be an employee of the place. I understand that it is a fixed PIN that must be entered in "non-hardened mode", or before starting the "hardened mode" procedure; correct? In that case, if malware on the computer captures that PIN, and the device is stolen some time later, would that captured PIN enable the thief to use the device?
yes, the PIN is not an anti malware protection, it's an anti theft protection. If someone suspects the theft of his a chip-enabled credit/debit card, he may worry that the PIN was captured visually (by a camera or someone looking over his shoulder) or by a doctored handheld terminal. If that happens to a Trezor user, he should worry only if there is a chance that the PIN was captured visually from the Trezor screen. If that happens to a BTCchip user, he should worry that the PIN may have been captured visually from the computer's keyboard, OR by a keylogger in the computer. However, the credit/debit card user can call the company to cancel it, and there is a good chance that it will be canceled before the thief has a chance to get value out of the card. With both the Trezor and the BTCchip, if the device is stolen after the thief got the PIN, the coins will probably be gone before the user gets the chance to move them. Stealing bitcoins by hacking may become a big issue, if it is not already. Even if if the probability of success of some hacking attack mode is 0.1% or less, the per-target cost of such an attack is small, thousands of computers can be hacked automatically, and the payoff from one successful attemp may be quite substantial. See that Australian guy who was recently hacked out of 750 BTC, almost 300'000 USD. Note that the malware may be programmed to act only if the wallet has a large enough sum. Hardware wallets surely improve the security, but substantial risk will remain. Malicious hackers will be strongly motivated to use all their ingenuity to overcome the device's protections.
|
|
|
1320
|
Alternate cryptocurrencies / Altcoin Discussion / Re: rpietila Altcoin Observer
|
on: October 01, 2014, 12:34:06 PM
|
As well I could have said that the hoarding is the only thing that gives value to anything [ ... ]. If there is no interest in anyone to hoard (save) in your currency, even the marvellous use cases do not give it any value, as it just travels lightning-speed through the use cases, but is not in demand by anyone.
Hm, this is quite a change from the arguments used up to six months ago. Claims like "1 BTC will soon be worth over 100'000 dollars" were entirely based on the prediction that bitcoin would capture some fraction of the e-payments in the world, and the price would have to be that high in order to have that much dollar volume with 21 million coins.
|
|
|
|