Not anymore. As the flash process shrinks, longevity (number of erase cycles) drops. This drives controller manufacturers to ever more lazy trim command handling (and what you are probably talking about is garbage collection, which has to be filesystem aware). The currently most popular controllers (Sandforce 12xx and 22xx series) do not have active GC and also employ compression, meaning there is a lot more actual free space so trims are executed even lazier. Active GC depends on filesystem bitmap snooping, which usually excludes most other filesystems besides NTFS.

Lazy trim handling means that when you shred LBA 500 to 1000, the controller remaps these to a different flash region from the fresh overprovisioning pool, then notes the old physical location in its internal bitmap. If your SSD is brand new, it will never delete anything until you have written all flash at least once, at which point it will clean out as much as needed for the OP pool, i.e. your data may stick around for a very long time. For wear leveling purposes it might even not erase that particular flash region until a multiple of the whole device's capacity has been written. Increase that by another factor of 2 to 3 due to compression.

Also, ATA trim commands do not propagate through most current RAID controllers. And many systems do not support trim altogether (Windows XP, MacOS 10.5 and older, Linux before 2.6.36 IIRC, Windows 7 with default (buggy PoS msahci) driver partially, it swallows large trims etc.).

The only way to erase data on an SSD with 100% certainty is issueing a secure erase ATA command, this puts 21V on the substrate, emptying all flash cells at the same time. Needless to say this will delete all data, including partitioning and MBR, and shorten the longevity of the device by one cycle (usually out of 1500 to 3000 now for 25 nm MLC).

Using encryption on your wallet is pointless in this scenario unless no unencrypted version of it is ever written, including as part of swap or a hibernation file.

The bottom line is that if you are paranoid, don't use an SSD

You could get 15 minute famous, go on a reality show, sell the movie rights. Probably worth something

Promo idea: Oprah hides 10 BTC under every audience member's chair.


Aren't anarchists those people blowing stuff up? I'm sure it was dem anarchists starting some big war.


This is a terrible idea. Technically, as time passes it will require exponentially more work traversing the chain (enough mixing an you'll end up with a travelling salesman like problem).

If that somehow was no problem, it could be abused for market manipulation. Blacklist a sufficiently large enough number of coins, value of the rest goes up. If you have no mechanism to unlist them (after 'catching a thief' for example), you have just destroyed coins. If you do, then that can be used to manipulate the market in the opposite direction (inflation).

If this was largely accepted, a government could use it as a de facto standard, publish a list on a website which could be automatically used by a client, and you basically have a central bank like market manipulation tool. You also have a tool that will give any well orgazined entity the power to destroy opponents (freeze their holdings).

If this was only accepted on a case by case basis, it would end up as a public popularity contest of sadder than sad stories, and may the best (media backed) actor win. In other words, it would propagate duplicity and propaganda.

Lastly, any address publication on websites and clients looking at this diminishes the whole idea behind decentralization.

Another Slashdot mention:
http://it.slashdot.org/story/11/06/17/141228/Trojan-Goes-After-Bitcoins

Linked from there, Symantec on whether it's worth for botnets to CPU mine (they say no but the numbers say yes, at current difficulty certainly):
http://www.symantec.com/connect/blogs/bitcoin-botnet-mining

http://www.net-security.org/malware_news.php?id=1752 (also about the trojan)
http://www.symantec.com/connect/blogs/all-your-bitcoins-are-ours (seen this in other topic too)

Just thinking aloud: a client could be released that will switch over to the new protocol at a certain event like a future block number + date (block number against bad clocks/timing issues, date against sudden increase in miners, whichever comes later) so you can have a sufficient period with people updating before everyone switches at the same time. If the switchover fails, client falls back to previous mode, network rejects those that don't. If switchover works then those that have not updated by then are rejected, forcing a client update. Don't know if there is a 'your client is no longer compatible/outdated' message in there already (or protocol version check or similar) but maybe you could have another update before adding that.

LOL, he has promised a video a day until Bitcoin crashes. Hilarious stuff whatever you think of his message. I need to stock up on extra popcorn.

Psst! The next solar cycle is said to be minimal, it's time to buy!
http://www.networkworld.com/community/blog/big-drop-solar-activity-could-mean-much-coole

Can whoever is jobbing the market please drop the rate to below $4 so I can buy in, kthx.

That's a disturbing image


Let me reshuffle that sentence for you: "We had flaws, we were not ready for the start yesterday. We still have, we are still not ready for the start today."

(good thing about that: it's reusable)

Ah, somehow missed that one (post#27 in this very thread).

I would guess Bruce got a similar offer then. Bad show bitcoin7.

Well, they say any publicity is good publicity. It might attract a lot of people who get curious about it, obviously this cannot be held against the idea behind the technology and most people will hopefully recognize that.

I originally read that as proactively seeking regulation from the government (like I'm thinking about going to the local tax office to get their stance on Bitcoin before I jump into it), but you are right it could be read that they don't have the necessary paperwork yet either. I guess the main difference is that they didn't rip off Tradehill, or tried to grease luminaries.


If that's aimed at me, maybe that was lost in the sarcasm (because bitcoin7 was pulling the same slur) but I specifically said I don't trust the person/organization, not the country. But you're right, Amirs can't be trusted


Apples and Oranges. A better analogy would be pharmaceutical companies greasing doctors to recommend their brands instead of (cheaper) generic drugs. Bribing someone famous is not quite the same as bribing someone in authority, or bribing the news anchor. Someone you don't just want to, but *have* to trust, or expect to be impartial, or at least upfront about it.


Didn't sound like he was offered a sponsor deal, although Bruce obviously isn't impartial here. Still, he was upfront about the Tradehill sponsoring on the show, nothing wrong with that. The confusion about him being the proprietor was started by someone possibly referring to Jered as 'very trusted member of the community', and someone else combined the OP with that. Bruce did set the record straight fairly quickly (it's hard to follow everything here as it is, I'm sure he's busy enough already).


That sounds quite benign (basically same deal as Tradehill for the referrals) but doesn't mention money, it should be interesting whether Bruce (and Jeff Garzik) got the same message.

Well yeah, if the exchange is compromised you can't do much, but given the fact that a lot of people are using Windows and use it for regular network access at the same time I'm inclined to give them the benefit of the doubt for now.

I'm more curious right now about how they do it, because there is supposedly a $1000 limit a day on transfers, in BTC too.

Not that I know of, but since it's possible you might as well. If you are really paranoid of course, you would need to reflash externally, since it might protect itself against reflashing by immediately reflashing the attack code from memory

It's less likely a generic botnet operator would go to the trouble but that's only because of 'low hanging fruit' being readily available.

I guess the bottom line is that most people will do the minimum for protection, i.e. whatever the client already offers, and malware will focus on the lowest common denominator as long as it's profitable enough, but go the extra mile if it's worth it (and evolve when the client gets better protection etc.).


Yes, and my point was that it's a mistake to discount all possibilities. Your original post didn't say anything about a separate machine BTW. But it hardly matters, unless that machine has not been connecting to your network, or to any network in general, it too cannot be considered as provably clean. Your account has been hacked, you don't know where from, assume the worst.

The line at the top of the page occasionally says: News: Version 0.3.22 is now available. (not 0.3.23)

Right. But if you use VNC from a different machine, why not just run your VM there? Or vanilla Bitcoin? Since you are assuming that that machine is and remains clean, otherwise using VNC from there is just as pointless. It would even increase security since you seem to assume the original VM/VNC host could be compromised.


Definitely, if you have a sizable wallet it's worth it. If Bitcoin really takes off there will be businesses around this putting something on a cheap device, maybe smartphone.

That's awesome, "My Bitcoin is backed by gold! Have at that you fiat based currency!"

If LogMeIn, VNC or remote desktop can do all of that, so can malware. A scrambled mouse driven keyboard is no protection against a screenshot + mouse capture, or delta based screengrabs a la remote desktop. Audio + webcam are routinely used for spying, whether in the form of anti-theft (Prey) or highschool scandal where teachers were watching the kids at home like a soap.

Of course I agree that the base attack will most likely be limited, but a simple screengrab with a large enough balance visible will be plenty of reason to upgrade the kit with more sophisticated modules.

It's always good to assume the worst in security, so you cannot depend on a compromise that only installs a DDoS module, especially if Bitcoin becomes prevalent.

If Bitcoin fails, we are all out a lot (3% inflation a year equals 1921% in a century..)

Main Dutch computer site with blurb about the 25k BTC heist (first article on Bitcoin there):

http://tweakers.net/nieuws/75076/dief-plundert-bitcoin-rekening-met-half-miljoen-virtuele-dollars.html



It's a collector's coin with the currently hip thing, nothing to do with the mainstream. RFID/NFC is coming, whether you like it or not, but that has little to do with Bitcoin. QR codes are little more than barcode 2.0.



eof's dad? Sorry if I came across as acrimonious, but seeing the oblivious rosily reminiscing about one of the blackest days in computing history (yeah, I was was there, seriously) makes my skin crawl. PM me if you feel the need to retort.

Et tu Brute? DOS to which Windows? 3.1? If you were still using DOS when 95 came out you must have been living in a special cave where no Amiga, Mac, by then even Linux existed for years (or you had no friends and whatever dad bought for work was the universe, no offense). Those systems were out for up to 11 years earlier and in various ways still/already superior. 95 was a special horror in many ways but this isn't the place for that (woe onto support). 3.1 even more so (extreme productivity loss through massive slowdown and instability compared to DOS). If you do mean 1.0, *facepalm*

You are assuming your system is OK after *something* got compromised? Any password is useless against a keylogger (that includes a future Bitcoin cient offering wallet encryption).

Today crimeware kits are sold with a nice GUI for the thump your head variety criminal who barely knows left from right mouse button. A Bitcoin tailored kit will have some kind of exploit to get in, a module for uploading wallet.dat, keylogger/VNC etc. functionality if needed, a module for cleaning up after itself as if it had never existed and one for hiding itself from the usual suspects (all antiviruses, Spybot S&D, Wireshark, process explorer etc.) until such time that your wallet contains enough coin. Hell, the specialists already own a sizable number of machines and the crimeware might function as a search engine for interesting data on the botnet. They may even fix other vulnerabilities to keep the competition out and keep your system in shape to guarantee uptime (a dead zombie is worthless, heh).

The only way to be sure is to start completely fresh. Including BIOS flashes and viewing old backups as compromised too. And changing Bitcoin addresses, obviously.