You got a negative trust rating because you've hyped bogus and deceptive security claims multiple times and tried to charge people for exploit tools that didn't. But hey, you could still collect on that 50 BTC bounty I offered you for your last set of claims, and I'll even remove the negative trust to boot.

You mean outright fraudulent alarms. You note even here he says "probably".

I call bullshit.  Real cryptanalysis is specific.

FWIW, for those curious— the thread on the encryption issues: http://sourceforge.net/p/bitcoin/mailman/message/32107008/   (I made several posts after the first one too)

Outright enforced expiration is not reorganization safe and can cause coins and their history to be suddenly invalidated even in the complete absence of an attacker. This exposure different for coins based on their depth would degrade the fungability of the coins, and avoiding it is one of the reason that generated coins cannot be spent for 100 blocks.

There is, however, some work going on towards allowing single transaction refunds that would allow you to easily spend a coin to an alternative output in order to cancel it after some time has passed.  This addresses some but not all of the use-cases for expiration (as well as many other use cases) without the risks. I should have a proposal on the mailing list in a few days— I'm still hammering out the details of exactly what I'll be proposing with a few other people first.

If Hashfast fails to deliver, as they're currently doing for may customers— including yourself, I believe— how will you make your buyers whole? You should also be aware that there are people currently suing hashfast and this may result in making it harder for them to deliver. You should also be aware that HF has a history of unilaterally changing terms and claiming that not adopting their new terms voids all their obligations.

Does your "Caveat Emptor" mean that if Hashfast does not deliver you will do nothing?

Beyond my basic moral reservations with giving more funds to a company who is currently ripping so many people off— I suggest that instead of just collecting funds from people and give them to the black hole of fraudulent behavior that is hasfast you collect funds into escrow (e.g. with bitrated.com) and only pay hashfast on delivery.

Works fine here:


[gmaxwell@helmholtz tmp]$ bitcoin-cli listlockunspent
[
]
[gmaxwell@helmholtz tmp]$ bitcoin-cli lockunspent false '[{"txid":"76a914a86e8ee2a05a44613904e18132e49b2448adc4e688ac","vout":0}]'
true
[gmaxwell@helmholtz tmp]$ bitcoin-cli listlockunspent
[
    {
        "txid" : "0000000000000076a914a86e8ee2a05a44613904e18132e49b2448adc4e688ac",
        "vout" : 0
    }
]
[gmaxwell@helmholtz tmp]$ bitcoin-cli lockunspent true '[{"txid":"76a914a86e8ee2a05a44613904e18132e49b2448adc4e688ac","vout":0}]'
true
[gmaxwell@helmholtz tmp]$ bitcoin-cli listlockunspent
[
]
[gmaxwell@helmholtz tmp]$

An address is just a human friendly way to encode a template for a scriptPubKey. Transactions do not contain an address for each of their outputs, however, just the resulting scriptPubKey. There is no guarantee that you can reverse the operation for all transactions.

Whoptie do, blocks are expectation 20 minutes for a month.

Difficulty being hesitant to change improves security against isolation and decreases the amount pumping of difficulty by variance.

The missing points are on an alternative curve (the quadratic twist) and have a discrete log (a private key). For some curves used for cryptography the twist is not cryptographically strong— meaning the discrete log is 'easily solved' there— though ours is acceptably strong. It's still important that any verifier check the that the pubkey is on the curve (and especially important for anything doing ECDH).

It's arguably that bc.i should display something more useful there... but at the end of the day the key point remains that the bitcoin system itself doesn't have addresses— addresses are a wallet layer construct and any attempt at mapping back from the chain to addresses is going to have some limitations.

Perhaps not. I probably picked a poor example— and perhaps there isnt one— to describe a motivation for doing this.  Really when the payee is designated I think you can almost always completely remove the proving process from the cryptocurrency.

It's inherently interactive but it could potentially be asynchronous. 

Let me expand the idea further so that the application is more clear.   Say we make our SNARK circuit a universal circuit (like vntinyram) which takes a hash of the program as a public input (and the program itself as a private input).   Lets also assume that you and I are members of a trading club which frequently trades puzzle solutions for coins amongst its members.

Every member of the trading club compiles and the tinyram circuit and produces a ECDSA private key. They publish the verifier key and public keys to all the members of the club and (via some sibyl resistant process) the club produces a hash-tree over these verifier keys and the public keys which everyone in the club agrees is correct.

Now I can form a transaction which offers a coin to someone who can produce either dual SNARK proofs (or SNARK+sig), such one snark is mine, and the other is any which is not mine in the list (by providing the verification key and proving membership in the set committed in the transaction).

(If you don't-dual snark, and replace the hashtree with a ring signature of all the club members except me (or turn the hashtree approach into a ring signature by running selection and blinding in zero knowledge), then the identity of the redeeming party can be private and unknown even to me.)

In any case in this example there was interaction, but it was all in a setup phase, and the redemption can be asynchronous and one-shot.

Maybe, though this has weakness when you want an 'nlocktime' rule which is more complex than nlocktime.  E.g. transaction pays you if you present a receipt from your bank that the payment went through, it refunds to me if I can present proof from my bank that the transaction was reversed... then only after some very long timeout does the nlocktime come into play.

I agree. Though I'm not sure if non-interactive is the quite the right criteria it fails, I think it fails publicly verifiable (yes, the CRS schemes are 'publicly verifiable', but only with trust that is not really acceptable). The interactive schemes are often easy in part because there is a designated verifier.

I don't seek to say that trusted init can replace non-trusted, it really cannot for many things. I'm just exploring the space that tools with trusted initialization can be applied.

You did not offer me a refund, you offered me a settlement— as was plainly stated. The settlement was for a fraction of what you owe me according to our established agreement and had burdensome additional terms which I have never and will never agree to. (If we're to be pedantic: You also did not offer me federal reserve notes, fwiw.)

No court is going to ignore that you ignored a mountain of letters from me and my months long good faith effort to sort this out in a mutually agreeable manner, no court is going to ignore that you've never offered me a _refund_ just an additional contract "settlement" for a fraction of our agreed on terms. No court is going to ignore that you you're now publicly claiming that you're not going to pay me anything at all.

As I pointed out in prior (I believe now deleted) messages: I would happily take alternative compensation for your default and would even prefer alternative compensation if it was mutually beneficial. What I wouldn't accept is a tiny fraction of a refund plus a "disparagement agreement" while you walk away with a huge windfall and leave dozens of other customers screwed over here— while the "disparagement agreement" left me less able to help them.

But speaking of court— you're saying you're so confident about the outcome, OKAY— where is my release from the forced arbitration so we can actually take it to court without a months long dispute over the proper venue?

FWIW, it looks to me like they're selectively locking the other thread when they're not at the computer and can't be vigilantly deleting messages. Kinda crazy.

It's an output, and it's unspent. Bitcoin blockchain rules do absolutely nothing with the content of scriptpubkey until its spent.

I have a standing relationship with an attorney for a multitude of reasons.  I don't know why you keep talking about "bother the state of california", I believe I've not yet ever communicated with the state of California on any matter what-so-ever, and certainly not you or your company. You need to discontinue your lying here.

Okay, release me from the forced arbitration clause so that there isn't ton of time wasted arguing about the venue— since you're so confident that you'll prevail— and I'll go head with lawsuit now that you've _finally_ admitted that you're planning on actually returning nothing at all— and not leaving me thinking that you just have not been getting my letters.

By taking my funds and giving absolutely nothing, no refund no product you are a thief. And perhaps really what I should be doing is perusing criminal charges. Your theft is not just a civil matter at this point: No theory of law enables you to take peoples funds and give them nothing and then argue that they've somehow forfeit your obligation because you've successfully ignored all their attempts to communicate or negotiate and they wouldn't take a tiny fractional one-sided 'settlement' with onerous additional terms.

BDB is _only_ used for the wallet. The blockchain itself is stored as raw blocks.

Sadly, I don't because I simple don't have the time— or emotional tolerance— to see these guys through to court. Fortunately other people are already in the process of suing them, so some amount of justice may still be served.

I started the heavy prodding in public when I saw they were soliciting more rubes to screw over, with only a mild hope that I'd ever see a dollar or a Bitcoin out of them— that maybe if they saw they they were going to be able to get away with the highly profitable task of pulling in more victims without complaint they might try to rescue things with their past customers.  I think that at least the recent noise has been successful at increasing a lot of awareness, and maybe saved some people a $6k loss, so thats all good.

If there is anything someone thinks I can easily do to help them recover please let me know.

FWIW, Campbx seems to have lost my deposit of testnet BTC.  Glad they have a testnet site so that I could see that their service is having problems without using real coins!

I don't really agree there. This is what contracts exist for. The law doesn't have to forsee in advance every possible business contingency.  There is no basis in law that says that you can just ignore a contract when it suits you.

Gah no. I started to type January 1st and then realized the actual date was Dec 31st and didn't fix the month. My purchases were August 14th and September 1st, both Batch 1. (thanks for pointing that out, I fixed it)

They sent the revised terms to me on 08/21. I just personally consider them binding both due to the second purchase and because I talked to them after, considered immediately demanding a refund but didn't— because frankly the revised terms seemed more realistic to me... I was worried that they'd be a day late and get slammed with refunds and that didn't strike me as fair or wise. So if anything the contract revision increased my confidence... how foolish I was.

Well, hey, some of us still have money here, and their 90%-100% losses on HF so far haven't left them broke.  Is there some slot where I can insert money and receive justice? I too am unhappy with them getting away with the fraud— even more so than my financial loss. I'm willing to double down on my losses if I was reasonably confident that the result would be them not getting away with it, because I'm very concerned with the long term effects on the mining ecosystem if its possible for hardware vendors to freely get away with fraud. What I don't have an abundance of is time.

I was thinking of perhaps funding some bounties for things like most effective community action to prevent others from getting defrauded by hashfast, but I'm not sure I have time to administer it— and esp. in terms of figuring how how to convince people that I'm being serious when I say that I really don't want anything illegal done.