0.4rc2 is working a lot better than 0.3.24 on my OSX Snow Leopard. It seems to write a lot less data continuously to disk (which made .24 almost impossible to use) and for some reason I'm getting a lot more (8+) connections now vs just 8 before (same router, UPnP support switched on in both versions). Both of these things might play a part in that blocks now seem to be downloaded much quicker than before as well. Oh wallet encryption? Haven't tried that out yet
|
|
|
I like this interpretation, now what if I sell a $20 t-shirt with the QR code, and a blank shirt of the same price, but I don't advertise or list this theoretical $20 shirt without the QR code on my site, but agree to sell the blank shirt at the same price if someone requested it?
Creative Commons is a child of the attribution economy spearheaded amongst others by the Open Source community. (Some of Lessig's better known books are a good read on that subject). Attribution and OSS licenses are closely related to intention, as can be seen when someone slips up on an Open Source license violation. If it wasn't by intention, the community is fine with it. If it was intentionally, hell breaks loose. So. If your intention is to just sell phelix' QR-code on an otherwise blank t-shirt, and that is your business idea, my opinion would be that you would be in violation of the CC license. If your business is in selling something else and the QR-code is just added to advertise or to explain Bitcoin, I'd consider that to be ok. (IANAL, but they do ask me for CC and OSS license explanations)
|
|
|
I'm reasonably well known in the early history of the Internet
(Trusting you to not just claim you are that John Nagle of course) Indeed you are, thanks for the clarification. I read your posts differently knowing that.
|
|
|
Too bad this is released as non-commercial, how can anyone put it on stickers, shirts etc? They would have to give them away for free? No incentive to do so. Can someone make a similiar but original work and release it public domain? I like the one marcusaurelius did in this thread as pub domain but I prefer the 'dots' in the OP's image
Depends on how you (and phelix) reads the license. I read it as you're not allowed to use the QR-code itself for commercial gain, but if it's just part something else and that something else is what has the value you're charging for I don't see how that would be against the license. E.g. white t-shirt without QR-code $10 and with QR-code $20 wouldn't be ok. Print t-shirt without QR-code $20 and with QR-code $20 would be. Other opinions? I admit to being a huge fan of CC licenses and the topic of what constitutes NC or non-NC comes up regularly among us who use it. http://wiki.creativecommons.org/Defining_NoncommercialEspecially this comment from Lessig himself should be relevant to this case: http://blogoscoped.com/archive/2008-02-07-n77.html (The best thing would of course be for phelix to add his intentions to the OP)
|
|
|
I want to add that the amount of HDD "swapping" on new blocks is unreasonable. It sounds like the client performs defragmentation.
Can't this be optimized? Cached? It's very annoying and doesn't do any good for the disk.
I've seen constant write-to-disk of about 1MB (megabyte) per second on both old and fresh installs by multiple users. I thought naïvely this was a Mac specific 0.3.24 problem (edit: but 4.0rc2 seems to do it a lot less). Is this what you mean above? Constant disk writing slows down a lot of systems, and I advice against running Bitcoin if you have either a laptop and/or an SSD because of it. I'd say it's actually more of a problem currently than the size of the blockchain (although the latter is almost a deal breaker when it comes to showing how Bitcoin works to new users: "Come back tomorrow, if you punch a hole in your firewall that is").
|
|
|
To everyone that thought i didn't know anything about salts.... Didn't I just say something this earlier about a page back?
No. I still don't get why people believe salt is about increasing the difficulty in brute forcing. While it may be a side effect depending on how it's implemented, the main purpose is in making rainbow tables inefficient. Yes, brute forcing one user at a time with or without a salt would take the same amount of time. Exactly, but it has to be explained here since quite a few seem to believe otherwise. Properly implemented salt:
Random salt. The attacker can not pre-compute the salt, because it's different for every user. Random vs the username, as was the case here, then? Are you trying to claim that using the username as salt makes it static over the whole database?? If not, the difference between random and username becomes slim. This whole discussion began with self-appointed security experts claiming there was something inherently stupid in using the username as salt.
|
|
|
My theory was that if someone were to set a static salt in a file and the attacker only downloaded the database it would render useless(this only works if the salt length is of a long length such as 64characters long mininum).
Thats just my thoery, any great ideas on protecting your self bruteforcing for this particular situatiom?
You cannot protect a password hash from brute forcing and still allowing an authentication system to work. Some seem to mistake salt for a secret nonce (which it isn't) which would just make the database of secret nonces into another password database. There's no reason to suspect two databases to be more secure than one. Salt's only purpose is to make rainbow table lookups ineffective/useless. The salt used on this forum succeeded in doing that. I'm worried about the lack of basic crypto terminology and usage in some posts here.
|
|
|
WHAT PROGRAMMER IN THEIR RIGHT MIND SALTS WITH THAT KIND OF DATA!?!?!
Anyone who understands what salt is and why it is used? Using the nickname as salt instead of a random value doesn't change the fact that it makes rainbow table lookups useless. Salt is never a secret and doesn't protect against brute forcing anyway. http://en.wikipedia.org/wiki/Salt_(cryptography)
|
|
|
The principle of this browser extension is that at any site where you are asked to enter a password, the extension will enter a password that is sha256(<your password of choice> + domain) (or any other cryptographic hash function). For example, if my chosen password is "masterpassword", the password that would be used to log into gmail.com would be sha256("masterpasswordgmail.com") (=9b2b649d3124c81093f9080a88b9d3723940dfe0707d8524d0403c9641bc99c3).
According to your description you only get entropy matching your password. Unless your password is a complex 12 char password that means an attacker can still bruteforce it. While they do need to know that your passwords are generated this way, they have knowledge of the domain of the site and the above indeed looks like an obvious hash. Security by obscurity isn't.
|
|
|
The point is
... that you even after having been told you've completely misunderstood "salt" kept posting your misinformed rants. "Ignore user" is the best thing that's happened to these forums.
|
|
|
Srsly?
So, in short. You belong to the crowd who believe your own non-vetted coding to be vastly superior to the joint work of others, when it comes to writing secure online software, yet you have no idea what salt is or why it's used? Your posts contain nothing of value.
|
|
|
This subtlety matters though. Some people claim bitcoin is doomed if the exchange rate drops any more. In reality, though, all that matters is that the price stabilises somewhere. Whether that's at 0.01 USD or $1000 USD makes little difference.
Some people, who are used to dealing in multiple currencies, don't even think that matters. While $/€ might not move more than 20% over a few months, you still have to hedge for currency volatility just as with Bitcoin.
|
|
|
but SHOULD NOT generate or store that password on lastpass.com or ANY third-party password service. Use of such a service is placing the security of your information in the hands of a third party. That's NUTs.
First study how LastPass works, then post. They don't hold your passwords. They cannot retrieve them. Can someone explain to me how/why lastpass.com is better than your browser's password store? I use pwgen to generate seriously crazy passwords for each individual site and let my browser remember the passwords. Nobody has access to my computer except me, and even when they do, it's through their own account.
Your browser store is at risk of being easily broken into by a client side web browser exploit. I'll just repeat what so many have already posted: Use LastPass. Generate a new 12+ char password for each site you use. Sleep well.
|
|
|
your legal opinions aren't worth anything
which you can all take with a grain of salt
then sure.
Thank you for the time you took in contributing nothing. I can only hope you're on retainer
|
|
|
Because it's irrelevant?
No man... it's not irrelevant... it's the basis of the entire experiment. If it falls to pennies or lower... it's game over for all of us... I think you've misunderstood Bitcoin. Completely. This price of BTC is irrelevant to its function as a currency. If you believe it to have been an investment, that's your gamble.
|
|
|
If someone can logically answer why there is no mechanism to slow down the rate of printing then I want to hear it.
Because it's irrelevant?
|
|
|
You fucking idiot.
It's nice to see you too ArtForz himself, the man who supposedly spend a shitload of his own cash, to pursue as close to an ASIC as he could get (the sASIC he mentioned) doesn't believe ASICs are viable... ... and crush your FPGA argument at the same time? I don't agree with ArtForz though, with a _low_ BTC price ASICs make sense. FPGAs already. I'm not posting calculations!
Understandable. After all, those calculations would likely disprove your own point
|
|
|
Do you have any idea how many New users signed up, just to find their way into this thread because of where it was posted originally ?
No, but it's likely I don't even see them. Since theymos implemented the "ignore user" functionality I've started using it extensively. Some well trolled threads become almost empty of posts
|
|
|
I guess we're agreeing then. IMO the current bitcoin economy is not anywhere near the size and the future way too uncertain to have anyone blow the money required on the NRE of designing a real ASIC at a competitive structure size. But who knows.
DEFXOR, IF YOU'RE AROUND, PLEASE READ THIS A FEW MILLION TIMES. Why? You've still been wrong on everything you claim and you still haven't produced any calculations of value for the rest of us You're not saved by the ASIC/sASIC/ASIC(EasyPath FPGA)/FPGA distinctions either. To remind you: There is no FPGA/ASIC uptake, you're just fucking stupid.
And anyone that believes FPGAs will ever be cost effective for mining is deluded. Anyone who believes there will ever be a Bitcoin ASIC is simply fucking retarded.
I'd really like for you to start showing us some calculations. I've done with BTC at $8 and $4 respectively.
|
|
|
Don't know if you want this thread to be "clean" but I just wanted to say that I really like your craps table It made me finally figure out the rules ...
|
|
|
|