In addition to the valid concerns and questions in this thread, a quick look at the recent post history for Come-from-Beyond shows that it contains very little beyond FUD attempts.
Thx. I was waiting for a reply like urs. To just to make statement that I understand that there are a lot of bitcoiners and litecoiners who are against any possible competitor of their lovely Coin. So I'll ignore all replies which r non-constructive ones. No, no. We welcome competitors. If not for the corpses of the dead alternate coin systems covering the field, how would we have any way to tell how great bitcoin is? |
|
|
|
... so we are playing spot the spook now?
I thought there were laws that public officials acting in official capacity have to make themselves known when asked ... or is it just a crypto-police state, not a real one?
Confirmed. This is why you always ask the guy selling you drugs if he is a cop three times, like in the movies. |
|
|
|
|
The "short" version:
generate a random 256 bit number. Use a high quality entropy source.
make sure it is less than the number of possible spots in the curve you are using (start over if it is)
-> this is your private key
do an elliptic curve multiply of your curve's generator point by the private key
-> this is your public key
Converting those keys to/from other formats (like bitcoin addresses or WIF) is another big topic.
|
|
|
|
You'll know bitcoin's boat has sailed when we're struggling to find uses for bitcoin beyond narcotics trading, gambling, and buying bitcoins simply because of the belief they are going to be worth more in the future without a concrete reason as to why.
Who is struggling to find uses? Every single store on the internet should be using bitcoin, plus bitcoin enables dozens or hundreds of new things that haven't been invented yet. |
|
|
|
If the objective is to sign the binaries in a Windows-favored style just so that it's signed for the sake of shutting up the OS about untrusted software, just one person doing the signature will accomplish the objective. That person can just as well sign with a personal (rather than organizational) signature. Until Windows makes any distinction between once-signed and multiply-signed binaries, the practical difference is moot. Mac OS X likely falls under the same umbrella. Multiple PGP signatures can and ought to be checked by those able to do so.
I might point out that someone downloading an update is far more in a position to be scammed than someone downloading the client for the first time, since the updater is far more likely to own coins. Therefore, I would submit including an automated update mechanism in the client with authentication built in would be the most effective mechanism to bring secure client downloads to bitcoin users.
I believe that Windows binary signing is meant to make sure that code can be connected with a real person or organization. It wasn't designed to be a technical based control against all rogue code, it's meant to be a legal/social one (where someone who signs something harmful can be identified and held accountable - as well as the certificate revoked - and therefore has an incentive not to abuse it).
I think you missed a key point, pun intended. The build process demands that multiple people all produce exactly the same binary file, bit for bit. The only way to do this is to have multiple people with the same private signing key, which is bad security, and had certainly better be grounds for revocation of the signing certificate. You are somewhat right about the technical control / legal control aspect, but it turns out that whatever the intention was, lots of things treat binaries differently based on the validity of the signature. |
|
|
|
There doesn't need to be consideration in this case because there is detrimental reliance sufficient to establish promissory estoppel (see my other post). But there was consideration -- Goat acquired shares on GLBSE, transactions for which GLBSE receives a commission. You'd need a lawyer with huge balls to argue that this counts as consideration. |
|
|
|
How do you know there aren't feds who legit use bitcoins because they know too much and want to protect their interest?
The market cap is too low for The Company to care. We need to grow by a couple of zeros before it will be useful. I know that isn't what you asked, but still... |
|
|
|
It's been over a year since this thread was touched. I was just looking at my system with Process Explorer and out of the 62 processes, only 3 are not signed. One of them is Bitcoin-qt. Is there any downside to signing? I always verify with Gavin's signature and I trust that keychain more than I would one issued by a centralized authority... We all know what has happened to SSL CAs. Is this the argument?
Matt hit it. (And Maged beat me to it, but I think I explain more.) On code signing:
This one is a bit more difficult. Because Bitcoin will be built deterministically, we have two options. A. send the code signing private key around to all the devs for that to be a part of the building process (this is even harder as the building happens on Linux via the MinGW cross compiler) or B. find a way to strip out the code signing certificate in the download script and then check the stripped version instead of the signed version. I googled this pretty quick and saw no simple CLI program which will do this, but I might have missed something as I didnt spend too much time on it. If anyone finds something, please tell me.
Bitcoin-qt isn't built in Windows, it is cross-compiled from a Linux. Even worse, the build process is totally scripted inside a Linux virtual machine. There are several people that build the binaries in this way, and then they compute hashes on the outputs. The official releases only get posted after a bunch of people have all built exactly the same files, as verified by the hashes. To get signed Windows binaries, we would need to distribute the signing key to everyone that builds the releases, which would be bad. Also, I'm guessing here, but I bet that Microsoft's policies for accepting CA certs for code signing require that the CA have policies that prevent distribution of the keys they hand out. Phew, I managed to get all of the way through a PKI post without going off onto a tangent about how the current CA scheme used by SSL and everything else is absolutely and totally fucked and broken. Er, almost. |
|
|
|
|
One of my wallets currently has 1813 unspent transactions, mostly less than 0.2 each. This will get worse before it gets better.
I've been working on what I call a "dust collector" that uses the raw transaction API on the satoshi client to gather up small transactions and turn them into fewer larger transactions. But it is hard (assuming that you care about doing it right). And there are huge privacy implications, which is what really made me step back.
Offline and semi-offline wallets just makes it worse.
I do feel that there should be an automated process doing this from time to time, but the balance is hard. On one hand, older transactions are more secure, and count less when evaluating for relaying and fees. On the other, if you don't gather them up, the user can be faced with the shocking surprise that their balance can't be spent the way they want to spend it. On the gripping hand, the user expects the software to provide as much (security|anonymity|privacy) as possible without them having to know how or why or when or where.
|
|
|
|
More fun when you make a game of it. |
|
|
|
so i have access to an US that i'd like to use to scan my gold coins for integrity. i was wondering if any of you guys know the velocity settings. i captured this image off the Goldmoney video but see 2 different velocity settings that are quite far apart. what do they mean and which one is the appropriate one?  The screen shows Velocity L and Velocity S. If I had to guess, I'd say Velocity L and Velocity SAlso, my understanding of waves in general suggests that one or more of those isn't a setting, but a measured parameter. |
|
|
|
|
satoshidice generated a huge pile of secrets, like many years worth. They published hashes of each secret, and each day they reveal the prior day's secret. You can compare the secret with your transaction hash and confirm that they aren't cheating.
That is one option. The other option would be to put a delay in, and use the hash of the next block following the incoming transaction to decide if the flip won or not.
|
|
|
|
Seems unlikely. MPEx has you sign with PGP or GPG instead of bitcoin but that is just as "inconvenient", requiring doing a copy and paste then the signing then copy and paste the result. Copy nad paste is way too complicated for "normal" folk apparently.
You need the signing app to pop up automatically like your email client does for mailto: URLs, and automatically submit the result back into the form or something like that and still people aren't going to like it, thus the browser plugin. Then they'll complain they don't want to install the plugin.
MPEX uses signatures and encryption, not just signatures. And encryption provides half of the authentication, and all of the privacy in the PGP/GPG model. Bitcoin keys can't be used for encryption, only signing. If you've created a key recently (last 5 years? 10?) you may have noticed that the default is to create two sets of keys, one for encryption, and one for signing. |
|
|
|
|
I was just grepping through the source, and those enums get passed around a lot, but appear only to be consumed in the IMPLEMENT_SERIALIZE functions of various classes.
For example, CAddress::IMPLEMENT_SERIALIZE in protocol.h adds the nVersion and nTime if called with SER_DISK, but does not otherwise. The others look mostly similar.
SER_DISK only seems to be consumed in protocol.h and wallet.cpp, neither of which involve the block chain, so there should be no differences in the block format there.
If you want to go looking for them yourself, don't forget to also look for SER_GETHASH.
|
|
|
|
But i dont understand your fear kjj of "stealing". How can it be stealing when bitcoins lay 99 years at an address? Do you await to have bitcoins 99 years at the same address from now? That cant happen in my opinion. So stealing cant happen too. If bitcoins are lying at an address that long its a pretty sure sign that they are abandoned.
And its not about taking them away... they vanish for the net. Its not someone who takes them out. The net says they are vanished because they are too old and they can be mined from a random miner then.
Stealing would imply a owner. Where should this owner be?
The owner that they would be stolen from is either my estate, or my heir. Or, if medical technology makes a decent leap forward in the next couple of decades, me. You don't have to agree with me on any part of this. I'm just telling you that there have been many proposals to do exactly this, and (approximately) no one here is interested. |
|
|
|
I've just been told the Canadian Mint will sue us if we dont take down the picture...which we just did.
We were also told that we'd probably win such lawsuit due to a strong argument for parody and/or protected political speech (at least in our 1st amendment loving country), and these apply to copyright and trademark claims. However, and this is why it's called a chilling effect, those are defenses to a lawsuit that's already in court so if I have to rely on them it means I've already hired defense counsel etc.
Maybe we could crowd source legal defense....
Heh. Post scans of the takedown notice, along with instructions on how to search google images for the many, many copies of it that are already out. That is the real Streisand Effect... And yeah, you'd totally win in the US, and if your lawyer was awake, you'd win a judgment for Anti-SLAPP too. |
|
|
|
I learned that there is already a coin age. Im not sure but its the time when a transaction for a satoshi was made the last time. So assuming that after 99years without a transaction the btc are abandoned the network could say they vanish. How could this be used to steal money? I mean it would be a rule in the net that btc that are older than 99years at one place vanish. The coin age cant be faked because the time of block creating would be taken in account. So i dont see where a security risk is. But im not into the techniques of the net. Care to elaborate whats the risk?  We don't want our coins stolen, not after a day, not after 99 years, not after a million years. We will not support a change to the protocol that would allow that. The only way that coins can be spent is by signing a transaction for them using the private key. The network will never allow any other way to spend coins. If you feel strongly about stealing coins, feel free to create your own network. Plenty of others have done so, and no one uses any of them. |
|
|
|
From a PM I sent a month ago... (I thought about sending something like this last night, but right now I don't remember if I did or not. Insomnia for the win! Sorry if this is a duplicate, been up late a couple of nights in a row thinking on this.)
So, I happened to be working on setting up litecoin mining on my rigs and registering for MPEX at the same time, and it gave me an idea. Mind if I bounce it off you before I inflict it on the world?
Basically, for all of MPEX's fancy cryptography, I'm still not buying shares, I'm buying entries in a ledger. This seems wrong, the world deserves better.
I'm thinking of an altchain for recording securities (stocks and bonds). For now, I'm thinking it should be called securitycoin, or S-coin, or STC.
Say we add a payload field to the TxOut structure. (It'll likely be a blob of DER)
If you want to create a new stock, you encode a bunch of information (the name of the issue, the number of shares, some other stuff and a hash of the prospectus) and call it the issue. Then you hash the issue along with a secret and call that a registration. Then you create a payload including the registration and burn a few S-coins in fees to embed it in the chain. Then, when you feel it is deep enough, you redeem the transaction with the registration to create a new transaction with the issue as a payload (also the secret, to prove that it was you. This is anti-front running stuff).
Now you can redeem the issue with a send to a bunch of brokers. The brokers can redeem those as usual, and send the shares to clients. Clients can redeem their transactions and send them to other people, if they so desire. *
Once the issue is done, every share has a provable owner, and the owner owns the shares, not the issuer, not the broker, and not some exchange. Even better, if we use regular bitcoin addresses on this network, the issuer can query the chain and get a list of addresses and holdings to send dividends to (on the bitcoin chain).
The system could even handle splits, merges and votes. The only trick there is to encode the payload in a way that the network can validate the payload cheaply. For example, in addition to enforcing coin_out < coin_in, it also needs to verify that shares_out = shares_in (paying network fees with shares seems silly, but replace the = with < and it can happen).
Since this system isn't for buying packs of gum at the store, we could slow the network down, maybe to 1 block per hour, to keep the size small. And we could keep the value of the coins high-ish, giving an incentive for people to merge-mine it, by charging high fees for things like registrations, issues and vote requests, and small fees (or none) for sends and votes.
* I don't think it is possible to take the brokers out of the system. I don't see any obvious way to make a pair of transactions on different chains that redeem each other. If there is such a thing, you and your broker could create such a contract and make the trade atomic. Until then, one of you needs to trust the other. Then again, if we are using the same keys in both places, maybe multi-sig can do it, don't know. At worst, it is no worse than any other bitcoin/world interaction, and you still get the benefits of recording stock ownership in the chain.
Also, see this thread and search for pybond. When I got to thinking about Open Transactions the other night, I was thinking it might be possible to do everything in a distributed provable exchange using that system. Talking to Fellow Traveller about it is on my todo list. |
|
|
|
I thought so when it would mean taking away... but how about every transaction has a timeout? So that an amount of bitcoins sent to an address has a timeout of 99years. And as long as the btc arent send into another transaction the timeout isnt set back. So after 99 years the btc simply vanish and can be mined again. When the timeout cant be manipulated there shouldnt be a risk anymore am i wrong?
Won't happen, same reason. |
|
|
|
But i think the 99-year-idea is nice too. Because it could run miners make a bit more profitabel once all 21.000.000 BTC are mined. I mean miners are needed then too and they would only get money from fees. I think bitcoin will face a problem then. This idea could make it a bit more profitabel to help let the network live.
Second good thing is that the amount of useable bitcoins remains the same.
And i dont think this will break trust. No bitcoinuser will have bitcoins at an address for 99 years without moving it. The only trustproblem could be when this is a securityrisk.
This will never, ever, ever, ever happen. If the network can steal coins from any transaction, it can steal coins from every transaction. |
|
|
|
|
Show Posts
