Linux has found its niche. It's great for businesses which need to scale, that is to say, expand radically without the need to purchase extra licenses. Linux is a true success in that market.
For the mainstream user, well, are you so out of touch with soccer moms and the rest of the world?
i have tryed windows and mac and *bsd. i like linux best, it has more features. it is also more beautiful, then windows and mac. look at compiz. im not out of touch with the world. you are dear windows user. did you ever try linux? |
|
|
|
Well it's a question of thrust. Even if the source code is open, I don't have time to check it. correct, but you don't have to check it, you know that some will screem if there was malicious code in linux. I trust Microsoft not to put trojan, they are under much more sructiny and have much more to lose than a guy in his basement producing open source software. true, but why trust anyone when you don't have to. and you gets the same out of it. Plus on Windows 7 with the UAC activated it's probably harder to have some stuff installed without you knowing that on a Linux box. i dont think so, on linux you will need root privileges, before you can install anything harmful. you can also disallow a user not to execute anything, that is not whitelisted by root, this is not able by default. but this is not what im talking about, im talking about that MS can invade your computer via windows update, if they want to. true there are also auto updating features in linux distros, but they are opensource. you can see anythink with linux, but you dont have any clue what is happning on a windows. Also, it's fun to annoy Linux geeks by using Windows  LOL! yes linux geeks gets annoyed by it. im a linux geek, true. but right now im more curious, then annoyed.  |
|
|
|
I don't know what you mean by explaining to you, your point? I probably misunderstood but back to your thoery that's why I have reason to believe that other platforms like linux and mac arn't so easy to break into(I do realise that because windows is more popular it will be attacked more often and that more security holes will be found, blah, blah,blah). Mainly becuase theres a bunch of junk tracking software embedded right into the core files and possibly ridiculously high compression rates for transmitting such data heck it probubly just laches on to port 80 requests and gets sent out with the data.
[/qoute]
im not talking about braking in, there can be flaws in all OSes, and there are in linux, mac, and windows.
im only saying, that windows is closed source, and because of that, microsoft can control anything on your computer.
[qoute]
Anyways I dont know what your question had to do with pre installed trojans in connection with windows but thats the best I could come up with.
If you asking why do people buy windows computers with windows already on it preinstalled by joe-shmo, I would probubly say they are either knowledgable or not and would hopefully wipe the harddrive.
im think that windows is a trojan, plain and simple. its installed on nearly every sold computer in the world. therefor i call it a pre installed trojan. again we can even take it a step further, why do people chose closed source systems like: BIOS, microcode, malware built in the processor. why not open source it all? and be free from the threat from closed source? |
|
|
|
I personally can't be bothered with spending my whole weekend trying to get a webcam, scanner, or mobile broadband modem to work under linux, acquiring lots of technical knowledge that is practically worthless because it will be out of date in a few years. I mean, don't you have better stuff to do in your precious free time?
I know that this is not entirely the fault of linux but of the peripherals manufacturers who don't make drivers for linux, but what can I do about that?
Generally, linux sucks for multimedia stuff.
I like to use linux for coding though. But for that I can run it in a VM.
For secure stuff like online banking, I do use a separate linux netbook anyhow.
Why not benefit from the best of both worlds?
linux doesnot suck for multimedia stuff. i actually found is better then windows, because of the drm lockin windows and apple haves. it is not hard to get all the stuff working you are talking about. it works out of the box in ubuntu desktop(not using it very much, im using gentoo for laptop, and ubuntu for my server, it sould be opersite). i dont know about the scanner, i dont have one. but webcam and mobile broadband, it just works. |
|
|
|
|
yes im talking about windows, i simply can't understand why sooo many people cares so much about their privacy, and still uses windows.
the windows users have no way of knowing what microsoft does to them. i do not say microsoft does this things, im only saying they can do it!
can anyone please explain this for me? im simply incapable of understanding it.
use open source i say!
|
|
|
|
it would be the same as ripping the private key out of the wallet, and write it down on paper, which can be stolen. 130 chars(hex-encoded). the used once private key feature you are suggesting are also useless, an attacker does not get any knowledge about the private key. only proof that you have it, and the transaction is valid.
It doesn't matter if a trojan find's out because there are no BTC on that private key. The user just has to make sure he doesn't reuse that private key. simple attack method: make a trojan, which replace the bitcoin client, with a fake one that send all payment to the attacker. it breaks through: encryption, TAN, PIN, paper wallet, anything, as soon as you put it in the client yo are doomed. if you are unaware of it, and you will be. the only thing encryption is good for is protecting an wallet if it gets stolen, it does not protect you from anything else. if you would be very secure, you would make a physical device with a small LCD screen, which prints out the addresses, and the amounts. on that device the transaction will be signed. and the private key will never leave the device. this would be the only secure thing. |
|
|
|
How about having incomplete private keys in the wallet?
Every time you make a transfer using a certain key you would need to add missing characters using a printout that you make when the wallet is created. The program would then also transfer any difference in BTC to a new private key so that effectively each private key is only used once. You could also store the "printout" in some file of your own choosing in case you lose the printout.
it would be the same as ripping the private key out of the wallet, and write it down on paper, which can be stolen. 130 chars(hex-encoded). the used once private key feature you are suggesting are also useless, an attacker does not get any knowledge about the private key. only proof that you have it, and the transaction is valid. still if you gets trojan'ed you are still domed, when you put the key back into the client. |
|
|
|
I forgot if this idea has been mentioned, how about using onion layering (like on TOR), so each element of the delivery chain only knows their part and there is less need to keep online communication going between each step?
Thats what were doing. it can not be completely onion-style routing. we will know all the routes, as we are the single point of failure. of course we will try to do it as onion-style as possible. with pgp encrypted communication between the nodes, we cannot know the exact point and time, where the two nodes will meet, and exchange the package. |
|
|
|
well gentlemen, that was one hell of a conversation.
thank you all kindly. as a lowly network designer, i learned a lot. didn't cost anything, either.
whattaya youse guys think of Qubes, and their 'security by isolation' approach?
i've got no dog in the fight - but i'd really like to know what your opinions are.
it will work, as long as: a) the hypervisor is not compromised b) the machines does not interact with each other, or share the same passwords. |
|
|
|
no! I hold my coins until $50  |
|
|
|
|
i have not tested it but it should work.
|
|
|
|
Has anyone heard from BitOption?
I've sent him mails and PM's but nothing back, is he alright (or is this an orchastrated attempt by the forum to snub me)?
his profile say he was active 2 days ago. |
|
|
|
solution to ensure that packages are delivered
the sender that wants the package delivered generates a bunch of keys to give to each of the nodes, the end receiver who is getting the package has all the keys as well, each node does not know the others key, and for every delivery they use a different key. when one node drop the package off to another, they combine their keys when they meet up and submit the result to the sender and the receiver.
packages should contain a gps, water sensor, force detector and a wireless transmitter that sends a different confirmation for the combined result of the 2 keys. this insures that the package has not been replaced and has not been damaged. all of that could be combined into a small device.
most of that stuff should be optional, but if the sender and/or receiver is super paranoid, then they should have that available.
i cant think of a way to know if a package has been tampered with.
we have though of this, it will just be a simple system. where a runner, signs with his pgp key that he is responsible for this package, and gives it to the previous runner, who submits it to the server. when the next runner takes over the responsibility, the first runner loses it. you could also add insurance to the system, require that the runner haves some frozen bitcoins on the server, which first gets released, when he provides proof that the net runner has responsibility of the package. |
|
|
|
Hello,
you repead it now the third time, yes
I know how private key encryptions works, didnt you read my answer?
So we could mark this as solved.
for all you have writting, there is no proof that you know who public key cryptography works. you might think you know, and you may know it, i cant say. but by judging from your posts, you don't. sorry for being rude. In my latest post i wrote just to use a second private key encyption as "TAN"
which is not able to copy by trojans, because it is offline stored on paper.(input protection is secure? because i didnt get an answer)
There is no plaintext or privatekey broadcast, so the evilnodes are not needed (useless ;-) )
no your input is not secure, but that not a part of the discussion. if your system are invaded by a trojan, you are doomed. please dont make my suggestion more worse than it could be, i wrote 12-34 charcters
and not 8-12. if it is just a password-like TAN system, 12-34 should be enough. it could be used to encrypt the private key. but a private/public key is around 130 characters long (hexadecimal encoded). Also with a Privatekey encryption 12 Characters are not a problem (could be doubled easy, when adding a TANlistNumber-code, not a TAN)
again a private key is longer. TANs are random numbers. private and public keys are generated in pairs, they can be short and insecure(around 50 chars hex-encoded), or long and secure (around 130 chars hex-encoded). but if they are 12 long i could crack them in my head, with simple math, and you could too. You said in "bitcoin uses public-key-cryptography. the algoritm used is called ECDSA"
which is safe against bruteforce and evil nodes,
so if a second second privatekey encyption as "TAN" uses the same technique this problem is also solved.
feel free to pull the private keys out of the wallet and write them down on paper, it can be done with bitcointools( https://github.com/gavinandresen/bitcointools). but is would just be stupid to make a double encryption/signing, it has no effect at all. the only place this could be useful, would be if you should send money to two people. so its needed that they meet, and agree how they sould spend the money. but they dont trust each other. none of them can unlock the money without the other. My idea was not to make a big change, just a small.
For example with a new wallet, a user could gernerate 100 bitcoin adresses.
So my idea is instead of using 100 Adresses to modify the system to uses the 100 Adresses as TANs for one Adress.
i does not understand you are talking gibberish. (like i understand each adress has its own private key or not?)
yes every address has both a public and a private key. the public one is hashed(to make it shorter, it has nothing to do with security) and published. if so these 100 Privatekeys (99+1) are perfect and easy to modify with a TAN system.
? |
|
|
|
|
you simply dont understand it do ya?
the public key will be shared, therefor the name 'public' key
the privat key will not be shared, and as the name suggest.
you can then with the private key sign a transaction. that transaction can be verified with the public key.
an attacker are not able to change the transaction, without making the signature invalid.
what you are suggesting are (AFAIK):
a) first broadcast a hash of a TAN.
b) then make a transaction with that TAN, and publish that TAN. sure anyone can verify that hash(TAN)=hash_of_broadcasted_TAN
BUT, if your node are surrounded by an evil nodes, and you try broadcast the TAN.
they can ignore the transaction, copy the TAN, and put it in another transaction. bye bye btc.
also if a tan is short, 8-12 digest, it can be bruteforced.
seriously, please try to understand public key cryptography, before trying to change anything.
|
|
|
|
CAN GOLD SURVIVE WITHOUT FIAT CURRENCY ?
Fiat currency derive from gold, actually. see :http://www.rocketboom.com/bitcoins/ its basicly the same question, gold and bitcoin is a low supply resources. fiat currency could in the future be backed by bitcoins. |
|
|
|
|
CAN GOLD SURVIVE WITHOUT FIAT CURRENCY ?
|
|
|
|
|
Show Posts
