Being new here, I know exactly what you mean.  Quickseller knows how to put on a faux reasonableness when inserting himself into a thread which does not concern his own interests; and he’s deft at twisting words and playing the victim.  Those are marks of a confidence scammer, and many marks are taken in by it.  I myself may have been, had I jumped to conclusions rather than taking the time to grab my shovel and read through a few old, long threads.

Wherefore, I appreciate that you avoided the calumny against cockroaches of comparing them unfavourably to Quickseller.  I imagine that if a cockroach could use a computer, it would post an unending spam spew of mindless one-liners and copypastes whilst laying its alt eggs in every thread.  The poor roaches deserve our empathy.

In contrast to the poor roaches, Quickseller is a somewhat less intelligent version of Iago:  Treacherous, manipulative, seething with jealousy, skilled at insinuating himself into others’ trust and cultivating a false reputation for honesty, poisonous to the relations of all around him—why, yes, methinks “the Bitcoin Forum’s Iago” is my new nickname for Quickseller.

Strictly true—and I appreciate your respect for privacy.  However, that’s not a reason for not banning.  I’ve recently noticed some apparent troll control on one of the forums here; reading between the lines, based on admittedly limited information, I think it’s highly probable that a single individual was persistently wrecking threads with sockpuppets until enough of them got banned that he backed off.  (Or maybe he’s still trying, but mods figured him out and are now acting too fast for me to catch the action.)  If Tor/proxies were involved (and I don’t see it happening otherwise), the “evil IP” fee must also make trolling a real drag at some point.

Also relevant here:  A “Legendary” whom everybody seems to know is impressive to newbies, casual readers, and people who don’t even have an account.  (I myself spent much time reading the archives of this forum before finally registering an account—and then abandoning it for eight months due to the spam.  It took me longer than it should have to figure Quickseller for what he is, due to his account rank and apparent old-timer status.)  Although Quickseller has a known history of obtaining high-ranked accounts, those must cost far more than the “evil IP” fee—and there is perforce a limited supply of them.  Those can get banned, too.  That ultimately leaves a potential army of “Newbie” and “Jr. Member” accounts—much less impressive for rumour-mongering purposes.

N.b. that I’m trying to weigh both sides of the proposition here.  I don’t (yet) have any firm opinion of this particular issue, though I would lean toward banning mudslingers for accusations amounting to a palpable sham.  No community or society of any kind can long abide the depredations of gossips and rumour-mongers.  That is social poison.

(I will reply to others later.  Busy now.)

I have entered into a fully signed contract with a user on this forum.  The contract is dated 2018-02-14, and has the following SHA-256 hash:

2ca32f55ef88a9fe31f22b0abf5067b194fa67c60b3c335c3bb4ad73b4f3efab

I am creating this thread so as to have a convenient place to commit this hash in public.  I will promptly lock this thread and archive it; I will re-open it if/when results of the deal so warrant for any reason.

(Peter Todd would probably deem me lazy for not using real cryptographic timestamping; but for now, for this, this is “good enough”.)

Being new here, I’m not sure exactly how the forum’s policies developed; but I gather that the policy is against banning scammers for reason that that would place mods in the position of judging accusations.  Here, I suppose that this principle works in reverse, insofar as Quickseller is trying to scam people with false accusations.

That being said:  I do think that it would be appropriate to ban people for making accusations with not even a shred of colourable evidence, amounting to what lawyers call a “palpable sham”.

For an example of what meets that criterion, with bold/underline supplied:


Oh, I saw that coming a mile away!  I’m psychic, or Quickseller is amusingly transparent—or both:


Anyway:  In most any jurisdiction on Earth, if you try to file a lawsuit on the basis of “friend of a friend” double-hearsay, then you will be tossed out of court in a microsecond and get hit with sanctions for frivolous/vexatious litigation.  (Your lawyer, too—which is why most lawyers will refuse to file such lawsuits.)  Though this isn’t a court and shouldn’t pretend to be one, that provides a fair bit of perspective when contemplating Quickseller’s attempt to seriously damage Lauda’s reputation based on “my source tells me that he was told by people” malarkey.

---

C&C warning:  +2 for a good idea.  -1 for calling this forum “toxic”.  You ignorant fool, you assail the basic human rights of all the people who are munching popcorn whilst watching this.  As a resident evil clown, Quickseller provides a valuable service:  Without such threads as this, people would not eat popcorn, and would therefore become hungry.  Do you want to make forum users starve, you cruel sadist!?

Given how he gets whipped bloody in these threads without anything to show for it, Quickseller’s obscene antics could be motivated only by pure popcorn-consumption-inducing altruism.  Yea, Quickseller comes to sacrifice himself with bald-faced lies drenched in the milk of human kindness!  Please, have some empathy for all the poor, hungry forum users who would die without an inducement to eat popcorn.

---

Edit, P.S.—


Thanks for the idea of how to spend my newfound wealth.  Hundred-million-dollar-value pizzas are delicious, and so much more filling than mere popcorn.

That, you did.  Too bad I could not deploy technical means to express as much, as I promptly attempted:


Thus instead, I’ve been trying to work out how best to refactor my code now to potentially support this feature and similar later.  (Also, I am trying to work out an adequate test system so I can freely add features without risk of burning Other People’s Money.)  Nothing is in the public repo, as of yet; it’s more of a “back to the design phase” thing, and I believe in trying to keep my scratch work in my own bitbucket rather than spreading it to everyone’s.  I want to be able to plug in one-at-a-time key generation search, sipa’s keygrinder, trustless client-server “vanity tweak” generation, this (which I’ll call it a trustless pool batch tweak generator), and any other key/tweak generation methods which may arise—without substantial code copypaste.

As for the rest, I’ll try to be brief (good luck), since I should code it instead of chatting about it:


Thus in code terms, clients do secp256k1_ec_pubkey_tweak_mul(ctx, P_i, T_i).  (Not looking for handholding here; I just want to confirm my understanding in terms which will compile.)

Question:  Can anybody cause problems of any kind by using nonrandom T_i and/or P_i with interesting properties?  I think not, but wish to confirm.


Side note:  I’ve been mulling a better regex system.  Something simple and fast, and also secure for use with expressions from untrusted sources.  I like sticking with POSIX <regex.h>, because I always try to minimize unnecessary dependencies.  But if trying to match expressions from multiple people, it would make sense to use a library which could compile multiple expressions into one match program without hackish text manipulation à la snprintf(... "(%s)|(%s)|(%s)" ...).

This problem is made worse by unpredictable behaviour in identifying submatches with nested parentheses.  Discussing backreferences, FreeBSD’s regex(3)’s BUGS section blames this on vagueness the POSIX standard; and the problem is confirmed by my experience.  Reliable identification of top-level submatches would be an absolutely necessity here, for obvious reasons.

Does there exist a secure, efficient library offering multi-expression composite compilation and reliable submatch numbering?


secp256k1_ec_pubkey_combine() over array of all received keys, then secp256k1_ec_grind() with the result as “master” and server-generated random seeds.

Question:  If the server’s PRNG is broken (whether through malice or incompetence), does this affect user security?  IOW, do users need to trust the server for that?  I don’t think so, but I want to be sure.


I don’t see any _privkey_combine() function.  Could the server iteratively loop secp256k1_ec_privkey_tweak_add() over all received private keys, plus the generated tweak?

The lucky user does the final secp256k1_ec_privkey_tweak_mul() on his original private key (since the result generated by the server is based on his T_i from the initial step).


So, pure P2P.  I will try to remember not to bolt a DHT onto it unless I have some extreme form of Sybil resistance. <g>


To protect the privacy of users who may wish to generate different vanity addresses for unlinked nyms, this could be handled with a blind signature token system.  However, a relatively modest project then grows a significant layer of complexity.

Good behaviour in submitting private keys when asked could be easily tracked anonymously with such a token:  Send a private key when asked, receive a sent_private_key token.  The problem with using that for tracking work in a P2P system is the same as with exchanging work generally:  How to prove that the work was done?  I am thinking that in exchange for tokens, users could provide lists of distinct matches they have found for e.g. the output public key’s Hash160 starting with n zeroes (for some medium-sized n).  For each submitted POW match, receive a POW token.

Submitting a search expression costs one sent_private_key token, plus a number of POW tokens.  Since I am far from implementing this particular feature, I’ll wave my hands over that number for now—and over the question of whether this could be done without a server, or at least a semi-trusted supernode, who could be trusted to not cheat the token system (but trusted with nothing else).


I enjoy daemonology, and I am limited in the higher maths.  So, that works for me.  I don’t know how much time I’ll be able to sink into this, when I should be coding a commercial service (some productive hackery of TLS protocol minutia) I have on the backburner; but it seems I’ve inadvertently stumbled into what could become a very popular utility if done right.

---

General design note:  I would aim for the cleanest feasible separation between the key-handling code and the network exchange of data.  I do dislike how Bitcoin marries the wallet to the network node; it’s a smaller issue with well-written code (thank you gmaxwell for all your refactoring work), but I still prefer process isolation.  In addition to memory separation, this also permits application of OS-specific sandboxing features such as capabilities mode, where supported.

Thus, I will write new code with an eye toward eventually running a secrets-handling process with no network access; and that process can use various methods to exchange non-secret data with a network process which has no access even to the filesystem (let alone any secret keys).  The sandbox APIs are simple and easy on FreeBSD and OpenBSD.  I would accept well-written patches for Linux.  AFAIK, there is no such feature on Windows.  I don’t know anything about Mac.

---

Thanks again for the hardcore tech talk.  This is the forum I’ve said “I wish I could now experience”!  I know that a post is most valuable when it takes me all day to digest it, mull its potential implications, and formulate proper questions in response.

Lauda-Satoshi-meow-san, you’d better pay up fast if you don’t want for me to publicly reveal that you have never denied your meta-secret meta-identity!  The price is ONE MILLION BITCOINS!!

---

(suchmoon, now you’re the one who has me LOLling.  I relish the thought that people who dislike me may link to this post as evidence of how evil I am.  Also, I’m filing this away for the next “LAUDA == XYZ!!!11” thread.  Question:  If Lauda = aTriz = actmyname = ..., does this mean that all these people are not denied to be Satoshi?  I inquire for the purpose of my dissertation on QS logic, whereby “PHD” means “Piled Higher & Deeper”.)

I apologize.  Being new here, I am still a bit clumsy with forum protocol for what some people call “C&C warnings”.

By the way, on a more positive note (and speaking of “C”):  A friend of a friend reliable source told me that somebody close to Lauda told him that she is Satoshi Nakamoto disguised as a cat.  Lauda has never denied this.

---

Edit, after further thought to realize the sobering magnitude of this question:  Why has Lauda not denied this?  Lauda, why have you never denied that you are Satoshi Nakamoto disguised as a cat?  Oh dear me, I have discovered the real Satoshi!

Question-begging was predicted by me; but evidently, I overestimated Quickseller.  It seems he has not reached past the introductory chapters of the Book of Smear Tactics:

---

It has been clearly, repeatedly explained that in the absence of any evidence whatsoever, placing somebody in a position to deny a scandalous charge is a classic smear tactic and nothing more.

Being new here, I ask you to help me out:

I do not understand why some people are discussing baseless rumours about Lauda, instead of focusing on all the misdeeds and persistent rumours which Quickseller has never denied:






He has had plenty of opportunity to deny these things, but never made a statement about them.

Let the record reflect that Quickseller does not deny being an HIV-positive, crack-addicted paedophile and homosexual prostitute who beats his wife.

Sorry, I can’t resist—that sounds funny to me, much time as I’ve spent thinking about a different type of zero-knowledge.

I presume that if the Bitgrail devs manufactured a vacuum cleaner, it wouldn’t suck.

---

“Snakeoil” is a good word for many most the numeric vast majority of the alts.  As for “flashy”, I’d say that plenty of the current and potential future features in Bitcoin (and Lightning!) are exactly that.  However, unlike snakeoil, they take longer to develop than the fifteen-minute attention span of the average social media reader; also, they’re not being hyped promoted by armies of social media sockpuppet shills and, in this forum, signature-spammers.

Developing good ideas takes time.  Developing them into reliable implementations takes more time.  Patience is a forgotten virtue, and was never known at all to the peculiar brand of technical incompetents who enjoy tossing about Other People’s Money.

Fully analogous to a web browser’s “User-Agent” request header.  I might toss a wiseacre remark in there, if I were so foolish as to desire an anonymity set of 1.

This may not be such a bad idea with the “Server” response-header on a webserver.  Well—unless, that is, you mix things up between vhosts as all too many .onion server operators do.

Those who have received mail from me may (not) have noticed:

---

Edit:


Oh-no!  Time to develop censorware “filters” for Bitcoin version strings.

N.b. that outside quotes of others, I myself have never used a vulgar word on this forum.  As the only member of this forum who has ever received +50 for an insult, as a shriek from the target of the insult, I take pride in my ability to express my thoughts (including anger) via more cogent means.  I would still object to censorship of Bitcoin version strings.

On reading OP, my own first thought was of the whining in certain quarters about Core’s relatively slow pace and “it’s done when it’s done” policy.  Also directly related is persistent calumny over their cautious desire to avoid hardforking the chain, and do so only if necessary—following research of what could happen, and how to prevent “oopsies”.  I even once saw somewhere an explicit suggestion that Core should follow the amateurish wannabe cool kid Silicon Valley 2.0 motto of “move fast and break things” (!).

Whereas to the best of my knowledge, Core is the first and thus far, only open-source project wherein a tiny little bug could directly destroy liquid value equivalent to a hundred billion dollars in a microsecond.  I appreciate the “it’s done when it’s done” approach.

---

There is pertinent idiom, “Other People’s Money”.  I’ve mostly seen it applied by people who are critical of Bitcoin altogether, on grounds of the amount of ridiculously stupid code which idiots deploy to (mis)handle Bitcoin.  Of course, that’s like criticizing computers because most software of all kinds is trash (and so are all popular CPUs!).  Solution:  Don’t entrust your bitcoins to ridiculously stupid code, and don’t use services which do.

---

It’s not only a matter of Solidity.  IIUC, the exploitation of loopholes in the DAO contract (not a “hack”) applied some interesting “features” of the Ethereum VM itself.  Anyway, the whole concept of bolting a Turing-complete VM onto a blockchain is sheer lunacy.

This is why I am drooling over the concept of Simplicity (PDF) for Bitcoin.  A powerful smart-contracts DSL with formally verified properties, which is designed to support writing of formally verifiable contracts, is exactly what we need.

I posted fingerprints (thanks for quoting!).  Those will verify my keys, no matter where you obtain the actual keys.  For those who want something they can copypaste, I made the fingerprints hyperlink to keyserver webpages which will remain up-to-date as subkeys, uids, and certification signatures get added/revoked/expired.  Is that not good enough?


Good idea.

I was thinking to handle keyring distribution and maintenance via Github.  If somebody who already has all these keys would be so kind as to send a starting keyring to the e-mail address in my sig, that could speed things up.  I already spent enough time for now trying to copy and paste from forum threads.  The bigger part will be to manually verify keys against posted fingerprints, and assess the reliability of that connection for the purpose of exportable signatures.

It’s good to see that some people still believe in reading books, rather than simply Googling for unfamiliar words:


I myself have not yet made it through all of his sixteen books.  That takes awhile, together with comprehending the nineteenth-century social-historical context against which e.g. he prefaced The Will to Power, “What I am now going to relate is the history of the next two centuries.  I shall describe what will happen, what must necessarily happen: the triumph of nihilism.”

Also apropos hereof, with boldface supplied:



I intended to do exactly that, yesterday, with my reply to johhnyUA.  The greatest substance thereof was written immediately; but I decided to gather some supporting pictures, so as to aid comprehension by those who don’t read.  Will do, and link from here.

P.S.—

---

Edit, P.P.S.—I missed this on an initial skim over foolishness:


I was waiting for some thoughtless nitwit to accuse me of following the pseudointellectual pretender known as “Ayn Rand”.  No, I do not.  I pass that judgment after having read all of her published works, and then regretting the waste of my time.

I’ve never read Rothbard.  Thus, I can’t very well be advocating for his ideas, much less pushing them as “dogma”.

Be not so prejudiced, Lauda.  As is the rule in such matters, the stereotypical ones give the other 1% a bad name.

The short version:  An untested, experimental branch of my code now finds a speedup of 5x for difficult patterns using sipa’s keygrind:

https://github.com/nym-zone/segvan/tree/sipa_grind

My code needs some work to take full advantage of this.  It will be worth it.  I wish I’d had this when making the addresses in my signature—well, perhaps soon I may make better addresses for my signature!


I’ve also been seriously mulling ideas for an online service which finds “vanity tweaks” for a private key held by a user—essentially, convenient results from rented time on powerful CPUs in the “cloud” (much though I loathe that word).  I’m curious as to how popular such a service could be.  Anybody interested?

---

(What took so long?  After whipping together a quick implementation, I had hours drained by the bane of my existence, GNU autoconf.  A hint at a solution was eventually found in a comment (not the answer) to a Stackoverflow question.  Then, I had to fix one of my own dumb mistakes.  —Then, speed test and explore the performance characteristics of this code.)

Usenet is where people trolled, argued, and insulted each other shared knowledge, friendship, and source code long before the Web was invented.  Though it later ran over the Internet, it originally was distributed through UUCP.  Judging your age by your mental level, I infer that must have been before your parents were born.

Here, wiki link.  Shiny.  Go read.

It says much about you that you’re more effective at irritating people with LONG, UNTRIMMED QUOTES WHICH WOULD GET YOU FLAMED TO A CINDER ON USENET than with your puerile locker-room insults.

As the only member of this forum who has ever received +50 for an insult, as a shriek from the target of the insult, I grade you as an F in destructive creativity.  No, “F” for failure, you gutter-minded dolt.  Boorish and boring is not a winning combination.

I’ve been intending to catch up here.  Unlike Quickseller, who does not deny being “busy” hustling for crack, I myself am legitimately busy making people happy (or sometimes, sad).  For now, I just had to stop by and remark on this:


Being new here, hereto I’d only seen evidence that OgNasty is a slippery jerk.  Now, I may know him by the company he keeps.  Transitive trust is a double-edged sword, after all.  Thank you.

(OgNasty has “sold items to QS”, but “Risked BTC” is 0.0 and there’s no reference link?  Of course.)


Hey, I got red-tagged yesterday with 21,000,000 BTC “at risk” due to my “vast generalisations to suit USG narrative”.  May I please have some fake evidence that I be a spook or a USG shill?  (Evidently, discussing PGP and/or defending Segwit from FUD can be dangerous.)

After playing around a bit, I decided that the sanest way (easiest for auditors) is to do this with a public fork.  I merged sipa’s 201802_grind branch into the current bitcoin-core/secp256k1 master:

https://github.com/nym-zone/secp256k1/commits/sipa_201802_grind

The code you will soon see show up in segvan will match the code you find there.

Thanks to gmaxwell for the tip!

---

Edit 2018-02-13 08:58 UTC:  As of an hour or two ago, I finished an initial working implementation with sipa’s key-grinder.  It compiles fine on Linux in the same tree where I ran autogen.sh; but the resulting configure/Makefile hork up errors when transferred to another system for tests.  I will update OP and bump the thread when I have real news to report.

Classy:


Well, somebody can’t stand to see criticism of Mircea Popescu.

As the only reply by #479624 “Last of the V8s” to my most recent post in this thread, that’s on-topic in “Reputation” but off-topic in a PGP thread.  Apologies for the noise, folks.