|
I am going to go back to two things.
1) The saying 'There is no such thing as bad publicity':
It put Lightning Labs name out there and it put it in front of a lot of people who may not know about them But they do know about WEF
As a group here, since we think a bit differently about BTC, but others may see it as giving L2 solutions and BTC in general a boost.
2) We are all BTC enthusiasts here and understand it better.
The average person who saw the superbowl commercials last week and decided to check out BTC / crypto probably never saw this forum or even heard of it.
They do see press about the WEF.
Not saying it's good, just that it is.
-Dave
|
|
|
|
Still, they chances are too small.
Agreed that the chances are VERY small, but it's something to think about. We have to somewhat accept that the pools back end and management are 'secure' in the fact that they can't be compromised to do a 50% attack. However, since the back end of ALL of them are a deep dark secret, we don't know how secure they really are. If a state actor (or Dr. Evil) could get access to the pools themselves, then they don't need their massive mines (or volcano layer) all they need to do is compromise the back ends. And I got a full letter grade hit with a similar math thing dealing with resource allocation back in college, which was why I thought of it. 30 years later and it still bugs me.... -Dave |
|
|
|
Your numbers are off from mine. The tool he is using to make the numbers comes from a tool made by Greg Maxwell which you can access an archived version of here: https://web.archive.org/web/20181231045818/https://people.xiph.org/~greg/attack_success.htmlIt is implementing the equations found in "Section 11: Calculations" of the bitcoin whitepaper. Since p and q are probabilities, then if q is 0.1462, then p must be 0.8538. You can confirm this is you put in an attacker with a proportion of 0.49 of the hashrate. Since the honest network only has 0.51, then the attacker has a very high chance (98%) of being successful at overturning a single confirmation. If it didn't take account of this, with the attacker having 0.49 of the honest network's 1, then the chance would be somewhere in the region of 69%. What I was trying to point out was that there are 2 scenarios. One is the Government / Bond Villain. The other is a *miner* does it. If a large miner does it, say antpool since that is what was discussed, then the network math changes since the 'good' miners now have less hash power. The total hash power at the moment is 211.3 EH/s I am going to round that down to 200 for ease of math. And antpool has 14.6 % of that lets round that down to 14 once again for ease of math. 14% of 200 is 28EH/s once again, not perfect math but easy to see. If antpool goes and tries a 51% attack then it's no longer 14%, it's a larger % since you have 28EH/s going against what is now only 172EH/s -Dave |
|
|
|
As @cygan said by default Umbrel is running on TOR and you cannot disable that for now.
You *do not* need to use port forwarding it all just goes through the TOR network for connections to the outside world.
However, you should have more then 1 connection.
-Dave
Are you sure Umbrel with Tor will have many inbound connections? Not 100% sure since I have tinkered with mine a lot, all I can say is mine DID before I took it offline last month. Take a look here: https://community.getumbrel.com/t/is-there-a-way-to-increase-the-number-of-peers/5150 You might want to post a question there too and see. The community is active and willing to help. Side note, before opening ports make sure you understand the security implications of letting ANY inbound traffic into your network. -Dave |
|
|
|
|
As @cygan said by default Umbrel is running on TOR and you cannot disable that for now.
You *do not* need to use port forwarding it all just goes through the TOR network for connections to the outside world.
However, you should have more then 1 connection.
-Dave
|
|
|
|
for example if the owner of the hash rate tries to reverse a transaction with 3 or less confirms probably he can have a high chance with reversing such transactions. Let's take AntPool as an example, which is the largest mining pool at the moment. They own 14.62% of the network's hash rate according to btc.com. (30,990.56 PH/s) AttackerSuccessProbability(0.1462,1)=0.301662
AttackerSuccessProbability(0.1462,2)=0.109282
AttackerSuccessProbability(0.1462,3)=0.0409805
They have a 30.1% chance of reversing the last block, 10.9% for the last two blocks and 4% for the last three. In other words, it becomes extremely unlikely, even for the largest pool to reverse your transaction if you wait for >=3 blocks. I don't think this attack happens easily like that. It has never happened to Bitcoin before and no, it isn't easy. Your numbers are off from mine. When you did the 14.62% of the network calc did you remember to drop that amount from the network itself? Remember it would only have 85% of the hash rate it has now since they would be off doing their own thing. Either way it's just about impossible and would destroy much of the value of BTC so there would not even been an economic advantage for any of the big pools to do it. -Dave |
|
|
|
|
The other thing to keep in mind is that to do most deeper attacks say just past one or two blocks, which even now is just about impossible, would take a government or Bond Villain amount of resources.
Miners, power for the miners, massive cooling for the miners, support staff and the hidden volcano layer to hold all the miners. And so on.
-Dave
|
|
|
|
Not your keys Not your coins. I really think every APP and wallet should start with that. Let people know that yes you can keep your BTC anyplace they want. But, if it's not local to them then it's not theirs. I just bought some BTC to trade, and I left it on the exchange. I know the risks. How many people do not?  -Dave |
|
|
|
On the 1st post of the support thread the zombie issue is mentioned. Take a look: https://bitcointalk.org/index.php?topic=1764803.0I asked about the hardware you were using 1st just to make sure that you were not plugging them into an non-powered hub and a RPi3 or something..... Should have mentioned that post. My bad. At a guess the previous owner messed with the voltage potentiometer. Good luck. -Dave |
|
|
|
so i have a bunch of 2pac usb miners. running cgminer and followed all the steps. starting up the miner everything looks great. then just seconds after issues start to happen. this is for all the 2pacs. i have 3 newpacs, start them all all run run. after about 5 minutes one stop working and the other 2 continue to work fine. im so baffled. did i buy all burned out miners? any help and suggestions would be grateful!!! here's photos.     not sure why the images are showing as links and not images..... Because new users can't post images. With that being said, what do you have them plugged into. The USB hub might not be able to power all of them or the power supply you are using for the hub might not be up to the task. Can we get the info on that. Also, what PC hardware are you running it on, and is it doing anything else at the time? -Dave |
|
|
|
|
A lot of the nodes in a box / pre-configured builds are on Tor or have a 1 click tor activate. Umbrel and raspiblitz come to mind. I think MynodeBTC does it too, not sure if it's in the free version or not. So if someone is spinning up a bunch of them for whatever reason it could be it.
And just to say it again, it will hide the fact that you are running a node, all your transactions are still public.
It's amazing how many people I have to explain that to.
-Dave
|
|
|
|
Meaning if the computer is air gap then this risk doesn't exist Absolutely. But very few people actually use properly airgapped computers, and if you have the technical knowledge required to properly airgap a device, then you are almost certainly already aware of the risks of printing a seed phrase over hand writing one and how to mitigate against those risks too. Makes me wonder how easy it would be to create a bootable Linux disto with nothing but printer drivers so to speak. No networking but CUPS installed as @ETFbitcoin mentioned AND although driverless printing kind of works, on the rest of the DVD / USB you would have nothing but all the printer drivers you could find. That and a copy of something to generate a seed phrase. -Dave |
|
|
|
If you don't want to go the metal way as others have posted, and use paper make sure it's good paper: https://bitcointalk.org/index.php?topic=5296179.0And obviously make sure it's in a safe place. As the saying goes, don't re-invent the wheel. Doing things that you think will make it more secure, like rearranging words or splitting them in odd ways can loose all your BTC if 10 years from now you forgot what you did and now have your restore words that you don't remember how to restore. -Dave |
|
|
|
|
The github mentioned in the 1st post is new (under 2 months) and has posted 6 things, 5 of which are exe files with no source code or any contact information.
Run away as fast as you can.
At a guess they are probably going to let it sit for a bit and see who they can get to download it and steal all their funds / infect their system.
Where / how did you find it? Might have a bit more context then.
-Dave
|
|
|
|
Mine is smaller: https://bitcointalk.org/index.php?topic=5364113Is that a RPi in there? I am on mobile and I can't tell if it's that or something else. I do like Umbrel, but as I have pointed out the 'app store' thing allowing it to do much more then BTC makes me worry about the security of it. We know what the security risks are for a lot of the crypto apps, but what if you installed Pi-Hole and someone found and exploited something with that.... -Dave |
|
|
|
|
So they are breaking the law by blocking the roads.
They are hurting businesses that need to have vehicles pass, and the government should do nothing?
You want to protest fine, you want to line the side of the roads and hang banners & stuff and stand out there also fine.
You block the roads so people (oh and wait for it....emergency vehicles too) cannot pass. Personally I think they should all be arrested.
No different then people on strike or union people protesting non union labor or any other things in front of businesses / on the street. You can yell and shout and do whatever you want. You can't stop people from passing through. Hitting them in the wallet will probably get the point across.
-Dave
|
|
|
|
|
A few days over 3 weeks after surgery.
Better, still not good.
Turns out it was larger then they saw on the scans. Surgeon did not tell me sooner after the operation since it really did not matter at that point. Didn't want to stress me.
He needed 3 pieces of mesh to make the repair. Oops, Dave broke himself good....
Can function, just moving slow and can't move in certain ways without my body letting me know about it.
Not taking anything stronger then Advil / Aleve.
-Dave
|
|
|
|
Just to clarify, the Commons Clause license means you can freely access, modify and distribute modified and original software on which this license applies, but you cannot sell it or use this software for commercial purposes. If you are using licensed software, you must include a copyright notice, retain the original copyright and also include the "NOTICE" text file which usually contains some attribution notes. Interestingly, on the page describing what the Commons Clause license is, it is said that "when the Commons Clause is applied to an existing open-source project, it only affects code moving forward -- meaning no existing users are immediately affected. Licenses applied to previous versions are not revoked, so the Clause will only apply to future releases." Does it mean I can take previous versions of ColdCard source code, fork or modify them and then sell to whoever I want? Yes. But it's a fine line to walk. You take their old code and produce something. They make an update to the code to do something / fix something. You want to do / fix the same thing, but the way they did it was the best way and through your testing you came up with the same code to do it. Can you prove that you did not take their code from ColcCardfile.py and just copy it to witcher_sensefile.py to fix an issue but developed it on your own? Might me a rabbit hole you don't want to go down. -Dave |
|
|
|
|
At a *guess* since it was not Gemini accounts in general (at least none have been reported) and just people with IRA Financial I would think that it's on the brokers side.
Now, if there was a custom solution between the 2 then the *fault* might be with Gemini but not the actual vulnerability.
Until the final report comes out or they release more details, it is all just speculation as to what happened.
-Dave
|
|
|
|
|
Show Posts
