|
Outside of the obvious no answer they can't be taken. I find it amazing the number of people who don't understand the concept of long term things.
I actually have some 30 year bonds that I bought while I was in college. Just sitting there earning interest for the last 2 1/2 decades. What if people decided to do the same with their BTC do you just want to take that?
Years ago (and they may still exist) there were 50 year bonds. Do you just want to take those from people?
How about show up at their house and take the cash they have in a shoebox in the back of the closet that they have been collecting since they were young?
-Dave
|
|
|
|
....Because an OP_RETURN script cannot be unlocked, and so these coins cannot be spent. Coins in burn addresses can be unlocked by one of the correct private keys, it is just that no one knows what those private keys are.
I know I have said this before but that is not 100% true / proven. With some of these addresses: We *assume* that due to the math that nobody has the address. We can prove that to generate the address through brute force cannot be done before the sun goes nova and destroys the Earth. We CANNOT prove that nobody has it. You can't prove a negative. And there is always the 2^160 to 1 chance (close enough to zero to be zero but still not zero)that someone has one of them. Sorry it's just one of those things that I think should be out there. -Dave |
|
|
|
Beware! I don't remember that I saw anyone posting this before, but if you already own ColdCard Mk3 hardware wallet you may want to check this out. This was first posted on twitter by LazyNinja and it reveal big security flaw with ColdCard Mk3 PIN Replacement Attack. He was able to bypass MK3 security feature and after second attack he was able to perform seed extraction from ColdCard device (passphrase was not extracted). If you are using Bootloader v2.0.0 or older than you are vulnerable to this attack, due to flaw in Mk3 architecture discovered by LazyNinja, that enabled PIN replacement. This was later fixed by ColdCard developers but you can't fix it yourself if you already own this device. Maybe this was the main reason for ColdCard decision to release Mk4 device with two secure elements, but I someone will try to find flaws in that system as well.  More details with videos: https://threadreaderapp.com/thread/1377362927729082368.htmlSolution for anyone who owns Mk3 device is to add mandatory passphrase and move funds to new address or use some other better hardware wallet. I have to say that I don't trust this new invention from ColdCard and they are only hardware wallet with secure element that got hacked, that is bad advertisment. Uhhhh -->You<-- posted it before.....in this thread...about a year ago. Things we learned today....dkbit98 is an true American and was drinking way to much at the Memorial Day BBQ and erased the last year of his memories. Important update for Coldcard hardware wallet and not so secure Secure Elements! @LazyNinja managed to find a flaw in architecture and bypass ColdCard MK3 security feature by opening hardware wallet, removing secure element and replacing device PIN with his own PIN code, and then he returned altered secure element and gained full access to device. Reminder that ColdCard is using ATECC608B secure element and this attack was possible with bootloader v2.0.0, and to fix this you need to have new updated bootloader v2.0.1 Similar pin replace attack could happen for ledger and other hardware wallet devices, but he said that hardware wallets are still 100x safer then using regular PC, however they are not invincible. Check out his thread and video procedure: https://threadreaderapp.com/thread/1377362927729082368.html |
|
|
|
... because the room temperature is 80 F ...
How much air movement do you have going over the heatsinks? 100F with a lot of air moving is going to keep it cooler then 80F and dead still air. =================
=Cooling=
=================
If you run a stick miner, use a cooling fan.
Increased cooling can reduce the chip's overall power usage.
Non cooled sticks are subject to thermal runaway where heat will trigger increased amperage draw increasing heat in a cycle until the unit fails.
So make sure you have enough air moving over it. Also, make sure that the heatsink is tight. Heating and cooling over time could have caused the screws to back off a bit. -Dave |
|
|
|
...
Btw as out there as badecker can be every once in a while he drops a golden nugget of info.
...
Which is 100% not relevant due to his plagiarism. For whatever reason the mods due not want to stop him. Probably for the same reason that the altcoin / tokens sections are allowed to fester the way they do. More posts = better to sell ad space and keep the forum up in google and other rankings. Just my cynical view. -Dave |
|
|
|
|
IIRC Sparrow is talking back to their own servers so you loose the privacy aspect.
Any reason you want to do this the hard way by putting the node on 1 machine in Windows and pulling the data from that instead of just using either one of the packaged 'nodes in a box' on the 400 and having it all run from there. You are just adding a lot more complexity for almost no benefit.
-Dave
|
|
|
|
There should probably be a discussion of is this the best way of doing it, if so fine lets keep it this way and make it a procedure. And if you don't follow it feel free to leave. OR This is the way we do it now, lets have a long discussion with a lot of input from everyone and come up with a process to do this. ....but it seems that acceptance of this way of working sets a precedent for someone else to propose similar such fork-activations, only to claim "this is how forks are done now"...
And that is the core of the issue. If there is a list of steps, and things that need to be submitted and how to do it and where to do it and what is needed. And once all of that is done, these are the next steps. It is a lot more difficult to have things like this happen. Because, if every time more BIPs show up, and the acceptance process is although well documented, does vary a little bit over time and how people see it. Which is the issue. What is a little bit? OK fine *that* is a little bit, here is a little bit more. And then 10 years from now you can't even see where the 1st little bit was because the acceptance process has changed that much. If it is written down and followed to the letter although it does make things more difficult it will prevent things like this. And if *anyone* wants to change it, everyone (or a majority or 75% or whatever) has to agree. -Dave |
|
|
|
|
The point, in general does remain the same.
You can cram a lot of stuff on under-powered slower devices with I/O and other things that can't keep up.
However, in the end you are not doing yourself any favors.
And as the blockchain gets bigger and the other apps that use it need more and more storage and everything else, you will hit sooner or later hit a wall.
Sometimes the wall is soft and padded and all you have to do is dd your older slower smaller drive to another one. Other times the entire thing gets corrupted and you have to start from scratch.
-Dave
|
|
|
|
|
Anybody can in theory invest in anything.
HOWEVER, many funds and other investors will not want to invest money in something that is not regulated.
The risks, which MAY or MAY NOT be higher give the appearance of higher risk so they are avoided. Either by policy or by intent.
Obviously, there are exceptions to this but the overall point is the same.
-Dave
|
|
|
|
Just adding the comment that yes I do use vanity addresses, but there are privacy concerns to keep in the back of your head due to address reuse. They're great for public usage, say a donation address or a payment address from an online service. Or even just similar addresses. If I generate 1000 addresses that start 1DaveF and just use those it's going to make someones life who would want to track me easier. That works both ways: you can use a popular vanity address to make it look like it's owned by someone else. I won't post them, but I found 55 addresses with "1DaveF". Some not even at the beginning (and this list isn't complete): 17pPCGgp1davefJpTqv1TgSLFnXL3b9Bjb
3QDhTb5TMxBZV2ijaXxtV77RRMgh1daVef If always use 1DaveF here for stuff I sell and sig campaigns and whatever, and with a bit of looking through the blockchain see that I send BTC to binance from those addresses there is no real privacy lost since I posted the address for all to see. NOW, you and I do a private deal. If at that time I give you a 1DaveF address to pay me and it goes to binance it's pretty much a given that it was me who got the funds at the 1DaveF address. That was the point I was making. If you post an address in public it's one thing. Using similar vanity addresses does (IMO) chip away at privacy. Since this is not the main point of this thread if we want to keep talking about it, we should probably start another one discussing this. -Dave |
|
|
|
|
Just adding the comment that yes I do use vanity addresses, but there are privacy concerns to keep in the back of your head due to address reuse.
Or even just similar addresses. If I generate 1000 addresses that start 1DaveF and just use those it's going to make someones life who would want to track me easier.
-Dave
|
|
|
|
|
Just a bit of an update since it's been 2 months:
He contacted the comp any and they responded promptly and have been discussing options of how / if it's possible to fix it.
The biggest issue is that it is working as intended and now they are trying to figure out a way to stop a USB device that from behaving like a USB device should.
All without increasing the chance of user error. That was something we did not think of when talking about it. The more steps / checks you put in that a person has to do, the more possibility of said person making a mistake.
Next update when I know more.
-Dave
|
|
|
|
Bump, with a radical security idea. There is no point in using a wallet if you can't feel secure updating it, as you will then be exposed to security vulnerabilities. Nobody has it, that I know of in the crypto space and that is the issue.
Yeah, possibly the big players [Coinbase, Gemini, Kracken, etc]
The standard claim by all of them is "We have the best security in the industry". I'm so tired of reading superlatives in every wallet description. so that wallets can't say exaggerations like this, a wallet security commitee needs to be formed. Its members should include contributors to various open-source wallets, as well as security professionals working for the big wallet companies. Their sole function would be to review the source code of every wallet (an audit) and then assign it a rating like A+, A, etc. It would also give out 0 ratings to wallets which aren't code-signed (not a problem as you can buy these from second-hand TLS sites for $60/year). In my opinion, all wallets should be code-signed by a reputable CA (even Electrum, eventually). The rating would be the only benchmark you are allowed to advertise in your wallet. It worked with UL Benchmarks I don't see why it wouldnt work wih code & software. Unfortunately most people in the space are not at all literate about cryptography.
That's not going to help someone against a rouge wallet. IMO, it still goes back to what I have been saying. Code is only part of the battle. The procedures and processes are the other part. Everyone looking at the code today does not matter if one person with the ability to sign it goes evil tomorrow. In addition to the code review an audit of the process and procedures done to run everything is also needed. Kind of like a conversation I had with someone making collectable coins that had pre-generated private keys: Them: "All keys are generated from a secure offline computer" Me: "So it's BIOS password protected, boots from a read only device like a DVD that you verify the checksum on every boot, and nobody else has access to the room where it is, and you you verify the printer that it prints to has not been modified tampered with, and the cables are good and you are sure they have not been compromised by anything like this: https://hak5.org/products/omg-adapterMe some more: And you have custom made holograms so if someone else gets a hold of the coin they just can't peel copy and stick on another hologram that looks the same? Them: No, are you paranoid or just an ass? Me: Both....
At a guess, I have no proof but it just looks like it from what I see here. Bad wallets, that were not deliberately malware / stealing from the start, have caused such a small percentage of loss vs user error, malware in general. I could be wrong but it really seems like although this is a good battle, there are bigger more important ones out there. -Dave |
|
|
|
|
The only reason to discuss them here and tag some is in case the "break out" of newbie / no or almost no good posts and try to become a 'real' user.
If they decide to build one of their alts up a bit to get into a real signature campaign or do something else with it even if it's selling something it puts up a roadblock.
Cheating and multi-accounting in all the bounty crap does not really hurt anyone except the crap bounties. But, tagging them and hopefully getting them banned does keep them from crawling out of their swamp to drag the slime here.
-Dave
|
|
|
|
|
Wish I could tell you that there was progress made with redoing this. But, he kept running into issues and then the unit that I using for testing died.
Once RPi 4 stock starts showing up again and prices get back to normal, I will push Ted to see if he can make some progress on the programming side.
-Dave
|
|
|
|
|
If the testnet difficulty is still to high to find a block with your CPU. s a thAought there are some altcoins out there which are pretty much dead but still have active nodes / miners you can probably find one of them that you can CPU mine.
Keep in mind there is no way to do anything with these coins other then mine. No exchanges / no value just kept alive because people want to keep them going.
If you are looking to learn playing with those may help you. Testnet is better since it is BTC, but not if you can't do what you need to do.
-Dave
|
|
|
|
This is Dave's shocked face. Oh, wait it's not. There are some things that on the surface look sketchy but are not. There are some things like this that just scream run away as fast as you can. As discussed I risked some BTC on coindebit yesterday because although IMO it did look a little off it had no screaming red flags. This service just had red flags all over it. Speaking of flags sine I am remote into my desktop I can't open one against their account: https://bitcointalk.org/index.php?action=trust;u=3455716 can someone do that just in case they come back or the website comes alive again. -Dave |
|
|
|
|
I also like the fact that as nullama said in the 1st post NiceHash allows you to withdraw via lightning. No reason to move such small amounts onchain.
And since you can mine other algos there if your 8 year old miner space heater dies. You can still run your GPU or CPU for a few hours here and there to get your funds out. Unlike every other place where it's just lost.
I still don't think you should be running old miners just to mine they are just not worth it. If you are doing what several of us here do and use them as space heaters for the winter that generate a little bit of BTC then it's not totally a waste of power.
-Dave
|
|
|
|
The "painfully slow" part is indeed useful (I'd guess though that it happens in the initial sync, or when it's a couple days behind), but I was more curious if anybody had the (expectedly bad) experience with lower spec Pi (3,2,1, or even Zero).
Think weeks vs. days. Not quite the same but, a RPi4 with a SSD can sync Umbrel in 3 or 4 days. That is over TOR and indexing the blockchain and the other stuff to run a lightning node. A RPi3, not a prepacked node setup, just the bare RPi software and bitcoind with a 7200 RPM is still churning through just the IBD after 2 1/2 weeks. Both are behind the same router on the same cable modem so it's not bandwidth just purely a performance issue. -Dave |
|
|
|
Nice little review. So you actually ordered physical card or this was only CoinDebit virtual card? I honestly expected to see that cards are coming from some exotic countries, and I wouldn't sent them any big money for sure. It would be good if they allow shipping to PO boxes or some other way of sending that wouldn't reveal your real identity. The biggest issue I see is that even though it's a US address it's a foreign bank.
Biggest issue for me is the fact they are not offering their service and cards to Europe other parts of the world. If bank is really from Columbia, than I see no real reason why they wouldn't offer it to people who want to use it worldwide, unless they have some restrictions for that. Virtual card. At the moment I'm out of addresses I would want to use for unknown services. Depending on the rules of the bank I can see them needing someghing in whatever country / region they want to issue cards in. So although in theory they could probably issue cards anywhere the rules of the bank don't allow them to. Just a guess but I have seen it before with other non crypto related banking things. -Dave |
|
|
|
|
Show Posts
