|
How much do you want for this account?
|
|
|
|
|
Closing thread since Apparently I'm promoting a scam...
|
|
|
|
The tweet for those who didn't follow the link: @bitcointalk Non-authoritative answer: Name: http://bitcointalk.org Address: 186.2.165.183 : this means attackers use DNS Poisoning ... According to the OP, Theymos changed from his previous host NForce to another host because of suspicious activity. This would explain the IP change. Edit: Found the quote: To reduce downtime and avoid temporarily-broken features, I was originally going to stay in NFOrce's data center. However, some things made me suspicious and I moved everything elsewhere. That's where the extra day+ of downtime came from after a short period of uptime. No additional data was leaked. |
|
|
|
Seems Tor IP. Did he mail you anything ? If yes, may we get to know the content ? What are you talking about? Neither IP address shows up as a tor exit node. That list is for the most recent list of exit nodes which updates every hour. I would suggest looking here: https://collector.torproject.org/formats.html#exit-lists for archived lists from the past few days to see if one of the ips was an exit when the attack occurred. |
|
|
|
]I would prefer a GPG signed message over a twitter message for confirmation, however theymos did send out a GPG signed email advising to change your passwords when he last brought the forum online (the signature was good and was signed within minutes of the google timestamp of this thread previously being created). The google cashe of this thread says that theymos had encrypted the DB to prevent a similar attack in the future. Your password should be considered to be compromised regardless.
I would personally avoid doing any kind of business on here until theymos can prove his identity. I would also suggest treating anyone you deal with to be an imposter until you can get either a GPG or bitcoin signed message to confirm their identity.
Thanks theymos for all the time/effort you put into this
What was the message of the email, since I can't find any email from Bitcointalk or Theymos. |
|
|
|
I'm sure one could very likely happen though there will be a lot of scammers just trying to capitalise on it too.
No doubt about it, it's just a try to earn some free btc, highly doubt it's the real DB dump. And OP, you shouldnt post things like that, you are just helping the scammer spread his chances of earning on this. First thought that comes to my head is that its possible you uploaded that yourself. cheers Right. I did not think of that. I will edit the post. |
|
|
|
how much btc is 5000 satoshi?
1 Satoshi = 0.00000001 ฿ 10 Satoshi = 0.00000010 ฿ 100 Satoshi = 0.00000100 ฿ 1,000 Satoshi = 0.00001000 ฿ 10,000 Satoshi = 0.00010000 ฿ 100,000 Satoshi = 0.00100000 ฿ 1,000,000 Satoshi = 0.01000000 ฿ 10,000,000 Satoshi = 0.10000000 ฿ 100,000,000 Satoshi = 1.00000000 ฿ Therefore 5000 Satoshi is 0.00005 BTC. We have our own wiki website, and we need someone to add basic pages to it. The content is all provided, and any fields that are missing you can just write "Unknown". Basically this is mostly data-entry.
The starting price is, 5000 satoshi for each page added. The page template is provided already, you just make a new page and copy paste the template into it, then replace some fields on it.
How many pages are there to be added? |
|
|
|
|
What campaign is the Sr. Member enrolled in and how will we get the Bitcoin from it?
|
|
|
|
According to Theymos in his post before the forum went back down: Passwords are hashed with 7500 rounds of sha256crypt. This is pretty good, but certainly not beyond attack. Note that even though SHA-256 is used here, sha256crypt is different enough from Bitcoin's SHA-256d PoW algorithm that Bitcoin mining ASICs almost certainly cannot be modified to crack forum passwords. |
|
|
|
I'm one of those guys that doesn't understand a lot but I do know a little bit of knowledge is dangerous.
I've got Windows 7 pro 64bit but for some reason only 32bit Java and am too jittery to move to 64bit because I don't know what it's ll do to my computer and my understanding is it's important for me to have 64bit Java to get certain programs to run in the cryptosphere.
It wouldn't hurt to update to 64 bit Java. A lot of websites use java to do things, and 64 bit is generally better than 32 bit. There are no negative effects of upgrading. I did manage to get a wallet from blockchain.info and create an address to receive btc, I used what I believe to be a strong password but I still don't bother backing my wallet up. I'm afraid I'd mess it up. They keep asking me to improve my security by giving my phone number but that makes me nervous too.
There isn't much to mess up with a wallet backup, especially on a web wallet. All that happens is you download a copy of your wallet, it won't effect your wallet's balance or anything unless someone steals it. Even then, you can still get an encrypted backup which is decrypted upon upload to their site for a restore if you wish to do so. Since it is a web wallet, a backup is not necessary, since they probably also back everything up and if their servers crash, they are liable and should reimburse you for any loss. Why are you nervous about giving them your phone number for extra security? 2 factor authentication makes everything much more secure as a hacker who steals your password still cannot get into your account unless he also stole your phone. I just wonder where there might be a place where I can learn the basics of securing my wallet(s), for now I'm comfortable writing everything down on paper, then I backup by taking pictures of both my computer screen as well as my keys (identifiers?) and passwords on an old smartphone that is no longer being used for other purposes.
I suppose that is ok. You should download encrypted backups of your wallet, and keep multiple copies of it in different places. Perhaps one on your computer, another on a flash drive, and a third on your old phone. You should also create a paper wallet, there should be an option for this in blockchain.info. You print out the paper wallet and put it in a safe deposit box at the bank. These are the normal tactics of keeping your Bitcoin secure. And how do I get a password generator from the internet to my old phone. I do have the old desktop version for syncing and upgrades for the phone. Can I safely transfer a password generator to my phone and then be able to use it without service or connection to the internet? Is this a viable air gap? I don't have a second laptop.
Why would you need a password generator? You should be able to download an app and transfer it to your phone to install it, depending on the phone. The app should never access the internet and be done completely offline. This is a viable air gap, but why would you need it? I don't know what PGP or GPG means but I still don't want to wreck my computer until I find a decent tower unit that can more easily be upgraded so I can eventually support the network. After I learn enough to be a benefit to the network rather than little more than the curious child I feel now.
PGP is an encryption system, unrelated to the functioning of Bitcoin. It is similar to Bitcoin, in that it uses public key cryptography. PGP can be used to verify that someone is who they claim they are by creating a signed message which can be verified. It is also used to encrypt and decrypt messages so that certain information can be kept private. GPG is an implementation of PGP. |
|
|
|
Since you are running multiple nodes, the nodes will write and overwrite things in the data directory.
The nodes each write to their own data directory on the same NFS server but independent of each other. The nodes are for various different altcoins. Since all of the nodes are also accessing the same wallet.dat file, they cause it to be corrupted like the blockchain database files. The only weird thing is that the backups were also corrupted. You should keep the backups on a separate machine just in case.
It's not the same wallet.dat file, each node has it's own wallet.dat and blockchain. The wallet.dat is backed up to the local filesystem, not the NFS mount. Sorry, I misunderstood your problem. I think that there may be open issues with some of the altcoins. You should check the git repos and see if there are any issues that are similar to yours. Also, it would be helpful if we knew what the coins you have on this NFS. Regarding your corrupted wallet.dat, perhaps your backup had accidentally backed up a corrupted version of the wallet before you noticed? |
|
|
|
AFAIK Bitcoin Core keeps an index (or something like that) of all of the transactions for the addresses so it may not look through the entire blockchain. However, getbalance and listunspent must still iterate through that list for each of the 16000 addresses in order to find which ones are still unspent and what the total balance is.
So what I'm saying is, with a mysql database, even of size 1,000,000 records you can SUM the balances of 16,000 records in fractions of a second. I don't see why bitcoind cannot achieve the same performance? I mean literally if I imported the data from bitcoind into mysql (a list of all my addresses and transactions), it would take me millionseconds to do these same queries? At this point, I am not entirely sure. But, I believe that it has something to do with verifying each transaction e.g. checking the signature and scripts, however, as I said, I am not sure. I recommend that you take a look at the code and see if you can find the issue yourself. You can find the source at https://www.github.com/bitcoin/bitcoin and there are developer docs, which are easier to follow, at https://dev.visucore.com/bitcoin/doxygen/. The specific methods you are looking for are located in src/wallet/rpcwallet.cpp. If you do find that there is an issue with performance with no reasonable explanation, please open an issue with the developers, and perhaps write a patch and submit that to the core devs. |
|
|
|
|
Since you are running multiple nodes, the nodes will write and overwrite things in the data directory. This causes corruption because the nodes don't know what the other nodes wrote and the sudden change of data along with simultaneous reading and writing done by the nodes to the data directory causes all of these issues. The data is then constantly changed and corrupted, causing you to need to constantly reindex or redownload the blockchain. Since all of the nodes are also accessing the same wallet.dat file, they cause it to be corrupted like the blockchain database files. The only weird thing is that the backups were also corrupted. You should keep the backups on a separate machine just in case.
|
|
|
|
bitcoind is slower because there are not just 16000 things to look through. It must search through all 34 gigs of blockchain and find all of one addresses transactions, add up the inputs and outputs, and find which transactions have yet to be spent. Then it must repeat this for all 16000 of your addresses in order to return the data you asked for. This is why it takes so long.
Why would it need to search from all 34GB? Caches and indexes are not used? AFAIK Bitcoin Core keeps an index (or something like that) of all of the transactions for the addresses so it may not look through the entire blockchain. However, getbalance and listunspent must still iterate through that list for each of the 16000 addresses in order to find which ones are still unspent and what the total balance is. |
|
|
|
But why is it so inefficient?
A Mysql sum on 16,000 records takes fractions of a second on very low spec hardware....
So why does bitcoind take 3-4 seconds? (on very nice hardware)
bitcoind is slower because there are not just 16000 things to look through. It must search through all 34 gigs of blockchain and find all of one addresses transactions, add up the inputs and outputs, and find which transactions have yet to be spent. Then it must repeat this for all 16000 of your addresses in order to return the data you asked for. This is why it takes so long. |
|
|
|
Even with a mixer, the bitcoin address that the payment was sent to is still fixed. If it is for a porn site, now everyone knows what BTC addresses have made payments to a porn site. They may not know what the porn site did with the proceeds, but in this context, how important is that?
In this case, and most cases involving services, it doesn't matter what happens to the proceeds. What matters is the user's privacy. Say Bob signs up for that porn site, but doesn't want his girlfriend Alice to know. If the site uses the same address for everyone, then Alice could look at Bob's transactions and see that he made a payment to a porn site. However, if the site gives one deposit address per user, then Alice will see that Bob is making same sized payments consistently to someone at a consistent time interval. If they generate a new address then Alice will only see that Bob is sending same sized payments to someone, possibly different people because of the different addresses, and is sending them at a consistent time interval. With cases 2 and 3, Alice will know that Bob is paying for something. With case 2, she knows it is the same thing, a subscription to something. With case 3, she is unsure if it is the same thing, if the price is a common price, and she cannot be sure that the payments go to the same person. Most sites use case 3. They generate new addresses for each deposit. They also usually don't sweep all of the funds into the another large address, but instead will send withdrawals from an address that another user deposited in. This helps maintain anonymity. |
|
|
|
You shouldn't re-use addresses.
Satoshi made one post about the re-use of bitcoin addresses and everyone takes it to the extreme. Please explain why someone should not re-use an address. I'll save you the effort, because there are no valid technical reasons. There are "privacy reasons" (bearing in mind that bitcoin was never intended to be, or portrayed as, an anonymous payment method) why re-use may be considered less than ideal, but I'm tired of seeing people say you should not do it like it's a plague or something. The only good reason that people shouldn't reuse addresses is to maintain privacy. By not reusing addresses, it becomes more difficult to monitor and track someone's payments. As a service provider, it would be easier to give each customer their own address, BUT, many bitcoiners do not like to have their payments to be easily tracked, and by generating new addresses for each deposit, a service will appease the privacy minded and could gain more business. It is a bit odd. Bitcoin Forum has a field for "Bitcoin Address". I don't actually have a "Bitcoin Address", do I?
The Bitcoin Address field is a place for you to advertise your bitcoin address. Makes me wonder. In general, if I want anonymity, there is no way for me to advertise an address of mine. I know that sounds obvious, but if I wanted to receive payments, someone would have to goto my site and ask me for one.
It is still possible to maintain anonymity even with advertising an address. You could send the Bitcoin received by that address to a mixer or use any other method of mixing and anonymizing Bitcoin. It will prevent others from knowing what your other addresses are. |
|
|
|
What is the main reason my second scenario is not ideal? Is it the re-use of the payment address because now, that can be tracked and reduces anonymity? Or are there any other reasons? What about any increased risks?
Primarily because people can track someone's payments to a site and reduces the anonymity. |
|
|
|
So here is a few questions...
Blockchain lets you send BTC to someone, obviously. It has the option of "any address" vs selecting a specific address from a list.
1. Is it reasonable to assume that if I select a specific address, it will limit what I can send to the sum of all the unspent inputs sent to that specific address?
Yes. I know that in some clients, like Bitcoin Armory, you can specify which address(es) to send from, and it will only be able to spend from the unspent inputs for that address. 2. Or is there more magic to this? Like say if I don't have enough on that specific address's own unspent inputs (but do from other addresses), it first sends the necessary unspent inputs from those others to the selected one, and then sends from the selected one to my intended recipient, sending the change to whereever I designate?
It will prevent you from being able to send more than the amount for that address and it will not use other inputs unless you tell it to. 3. What would "any address" mean? Does it simply mean use any of the unspent inputs from any of the keypairs I have the private key for? So in theory, the "sender" could be a bunch of different addresses I have the private key for?
Any address means that it will create and send the transaction using as little input transactions as possible to keep the transaction as small as possible. The "sender" could be many different addresses. However, the more input transactions you use, the higher fee you will need to pay. MOST importantly...
4. If I am building out a service where I want to receive BTC from my customers, what is best practice for this? Give each of them a unique and unchanging BTC address to make payments to? Does this violate the principle then that BTC addresses are not to be re-used? I am trying to avoid burdening my customers with the need to goto my site each time they want to make a payment to me to request a new BTC address to pay me with. I am also trying to avoid a related burden then of having to store all the keypair information for all the BTC addresses of all my customers.
The ideal scenario would have been that I have ONE BTC address that ALL BTC payments from ALL customers come to. I own the private key for this address. This would require me to look at the sending address of payment to know who sent it. BAD idea. The sending address is not deterministic.
Less ideal scenario is I have ONE BTC address for EACH customer. So Bob has his deposit address with me. Alice has own own. I own the private keys for these. So now, I can infer that if a payment comes into Bob's deposit address, I credit Bob. Etc. I am making no assumptions on Bob's sending address. But Bob's deposit address is now fixed. A BTC address is being re-used.
Least preferable scenario is everytime Bob wants to send me BTC, he can login to my site, as for a new BTC address, and pay to that address. He could technically pay more than once to the same address but the point here is Bob can keep getting new BTC address to pay me with. I have to now remember all of Bob's deposit addresses on the backend.
Thoughts? I am I right about these three scenarios?
Your first scenario would not be ideal, as different wallets and services may send from addresses that the customer does not actually own. It would be difficult to determine who sent what transaction and the customer may not be reusing addresses, so you would get lots of complaints, and it would be hard to manage each customer's payments. The second scenario is very good for management, but reusing addresses is not recommended. However, it would allow you to easily track who is sending payments and easily credit them. You could also periodically sweep the funds from those addresses into your own main address. This however, breaks some of the anonymity because then others can see how much and when someone is depositing into your service. Ideally you would use the third scenario, which gives each customer a new address each time, and your backend would need to know which address will be the one that receives the payment so that it can record the total balance in a database. Then, after the payment confirms, it generates a new address and waits for a payment to that address. This helps the payments stay anonymous to outsiders. You could then periodically sweep all of the funds into your main address. |
|
|
|
|
Show Posts
