|
As with what everyone else more or less said. It's a bad idea. At the moment there are too many risks for not enough rewards.
Now if a major financial institution did it, with a ton a regulations and insurance and security. I could see it being attractive.
*I* would not do it, but if there was no more risk then a CD or savings account then I would see it's appeal.
-Dave
|
|
|
|
|
You can get a zero or energica today. No waiting. Well, it's Sunday night you may have to wait till tomorrow.
Yes they are way more expensive, but they have dealer networks, long term support and are proven designs.
With that being said, I am also in line for a Sondors, but I don't think it's going to be as good as the hype and doubt I'll see it before the middle of next riding season.
-Dave
|
|
|
|
Could be. We can't know for sure. Last year it did and then it recovered again. Bubble pop don't necessarily mean it is not going to recover again. Amazon did pop in early 2000's and then it recovered and became bigger and stronger than ever. Sure lots of other tech companies didn't recover and vanished during the dotcom era but who cares? Most of them were shitty companies anyway. Look at pets.com. Who in the right mind would invest in that shit? Yet, lots of people did and lost money. I say they deserved it.
The talking sock puppet is shocked at your disrespect of pets.com  But anyway, there were many that were not 'shitty companies' but got crushed along with the rest of them, not because they were bad but because the financing dried up all at once for good and bad. Which brings me to the point that there is no financing for BTC. It's all people like us, so even if the bubble bursts and BTC drops 80% again so what. WE use it and we will keep using it, and the price will come back. Big banks and finance companies will not matter. Small individual people will matter. That's what BTC was built for, people. And what we want to do with it. But having a talking puppet as a mascot would still be cool :-) -Dave |
|
|
|
Hey DaveF. Could you return and ask to make a pic maybe? Curious actually. And the training you'd need to do for that sounds a bit more than regular. Seems ripe for someone to come and take advantage of a careless employee.
Maybe a bit off-topic, but just saw the new South Park special and people were all accepting only Bitcoin, though the insinuation was less than savoury (fly-by-night MLM ponzi, which of course, is ironic given the setting was 40 years into the future, making Bitcoin 50 years old and ill-fitting for the fly by night label heh).
As I posted above I'll be back in the area after the new year, I'll do it then. If for some off reason I am there before I'll do it then. Biggest issue is I have to do most of the walk again since I started walking at Manhattan Ave & 101st and ended where St. Nicholas crosses Amsterdam. Which is probably 3+ miles. I really really think that it was 130s and I know it was before the Dunkin Donuts at 155th where I got a cup of coffee that didn't suck. Beyond that I can really been off. so while I think it was in the 130s, as I said above it could been in the 120s to the 140s. And since I am a paranoid idiot, I have the GPS tracking off on my phone so I can't even look back as to where I stopped for 15 minutes. -Dave |
|
|
|
|
This has been discussed before. There is no less security to having addresses with just letters. Yes in theory if you are running any of the brute forcing key cracking software it will get there sooner.
So instead of finding the key after the heat death of the universe, it will happen a week or two before that.
Still long after the sun has gone nova and reduced the earth to a cinder.
-Dave
|
|
|
|
|
And IMO this is also causing some people not to post there.
They take a look at something and think that it might be worth posting in press and then take a look at what is actually in the press board and not bother.
I used to post more in other sections and read more sections and have over time have really cut back where I go here due to spam / junk.
Some boards are just such a disaster it's not worth digging through the piles to get to something good. I don't think I am the only one in this situation.
-Dave
|
|
|
|
I just did $20 out
Out of curiosity, did the cashier make you wait for that amount? No, but the mempool was empty and a had a 2 sat/b fee. I don't know what the webpage he was looking at showed but he just took the receipt and scanned it in and handed me 20 singles. This was after I had given him 2 twenties and a ten for the $50 I put in. So I took that as a hint that he really did not want to talk about it. -Dave |
|
|
|
It's funny that they expect everyone to be on telegram, they should have sent out emails right after this shit happened, anyway, mining is going alright, heck, this is less scary than my experience with Poolin a while back, the pool was working just fine but my hashrate was showing zero.
I logged into the .net site and was unable to make any changes to the payout addresses as the email verification never came. They are probably having the same issue with their email server. I was however able to withdraw all mined coin to previously setup payment addresses. I did a quick look at the email that came in on Friday about the name going from .com to .net and it did not have any SPF / DKIM / DMARC information in it so there are a lot of email services that may just blackhole the email not even accept it. What those acronyms mean: SPF = https://en.wikipedia.org/wiki/Sender_Policy_FrameworkDKIM = https://en.wikipedia.org/wiki/DomainKeys_Identified_MailDMARC = https://en.wikipedia.org/wiki/DMARCOn a related note, things like this are why everyone should use DNSSEC, but for some reason trying to get people to do it is an uphill fight. I do it on the 2 domains that I have that matter. But not on the rest. Getting others to do it is just about impossible. There was even a discussion about a year ago on the bitcoin core github about making DNSSEC required for the seed nodes that went nowhere. Would not have made much of a difference on what happened here, but in general it's a good thing. DNSSEC = https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions-Dave |
|
|
|
the fact of their losses is the result of non-existent or obsolete security measures, that is the strong point of this project, limiting the risk of loss, currently anyone with access to a private key can empty the wallet completely, the same with multi-signatures always 2-3, 3-5 should be used. With this project, even if a subwallet has 10000BTC is hacked, your risk of losing will be the amount stipulated by you and not the total of the funds.
An exchange needs a hot wallet that can send enough to keep them running without human intervention. No 2nd password or anything like that. Just Dave requested funds, here they are. They should always keep most of their funds in a cold wallet that is multi-sig and / or hardware based to fill up the hot wallet. Either one needs human intervention. You are just doing it a different way. -Dave Why do you assume that this proposal cannot be automated without human intervention? Because if there is any automation of opening the wallet with the possibility of moving all the funds then it's vulnerable. That is the entire point of cold storage / hardware wallets. Someone has to physically do something. It's not 100% online and vulnerable. Even if it's click a button, you would like to assume the person moving the funds would at least check what is happening. If you can do it without that, then what's the point. -Dave |
|
|
|
It's always good to hear about more bitcoin ATMs being operated globally. I have always wanted to use a bitcoin ATM but sadly my country doesn't have one.
This made me think what if I had a bitcoin ATM. How would I make profits from operating a bitcoin ATM ?
Even if charged 5% for both incoming and outgoing transactions how would I be able to make enough profits to pay the rent and still saving some coins.
Unless and until we don't have our own space to operate an ATM it will be tough to get profits from a Bitcoin ATM.
Guess it really depends on use. At the moment with the dip BTC is at $54,000. If you are moving .1 BTC through it a week that is $5400 Even if you are just selling that is still 5% of $5400 or $270 a week $14,000 a year. Depending on where you live that could be a lot of money or put you well below the poverty line. -Dave |
|
|
|
the fact of their losses is the result of non-existent or obsolete security measures, that is the strong point of this project, limiting the risk of loss, currently anyone with access to a private key can empty the wallet completely, the same with multi-signatures always 2-3, 3-5 should be used. With this project, even if a subwallet has 10000BTC is hacked, your risk of losing will be the amount stipulated by you and not the total of the funds.
An exchange needs a hot wallet that can send enough to keep them running without human intervention. No 2nd password or anything like that. Just Dave requested funds, here they are. They should always keep most of their funds in a cold wallet that is multi-sig and / or hardware based to fill up the hot wallet. Either one needs human intervention. You are just doing it a different way. -Dave |
|
|
|
|
I posted something about this a while ago. It's getting better, and with places like bitrefill other gift card providers & all the exchanges offering credit cards it will get better still. Just slowly.
Big merchants can get reports about where their gift cards are purchased. So as they see more and more coming from places like bitrefill they might take a look and go hmmmm this could work. With PayPal now slowly letting merchants accept BTC / crypto how long till some do it on their own.
Credit cards are a bit different, the merchants might not know but the credit card processors know who controls the cards. How long till they go out and see that the BitPay / Coinbase / etc cards are being used more and decide to process crypto on their own offering it to more merchnats.
It's just inertia. It takes time to get it moving.
-Dave
|
|
|
|
And how did they get access to something that would have affected also f2pool and binance which both have reported issues?
What would be that thing aside from the GFW that could impact everything like this?
Because they all use the same registrar. Had to cut this short, sorry, but you've started with the wrong assumption, no they don't! Neither binance pool, not f2pool use it and I'm willing to bet that kano isn't either. Was going from here: Looks like it might be related to Alibaba Cloud. From CityAMIt seems the major pools of viaBTC, Poolin, F2Pool, Binance and BTCcom suddenly experienced connection interruptions. The only thing they all had in common was their DNS was provided by Alibaba Cloud, a Chinese owned operation. All had stopped resolving. I will admit I didn't look to see where they were, I saw the article posted and did not check more. That is on me. No idea about kano. Without getting into anything else, I will say that if they were using a different DNS provider (outside of China) then nothing makes sense. If China wanted to block external mining then all they had to do was block the pool IPs at the edge of China If they wanted to block internal miners from reaching them then you just block the routes internally to the country. This just puts a (very) small bump in the road. If your stratum did not disconnect then you never stopped mining. If you could get the IPs from someone who had them then you are back mining. If the pools changed name (viabtc.top) and started using cloudflare then you are back mining. Shutting down DNS and not keeping it down does not really do much. And if DNS / registrar were outside of China then there would be no way for them to stop resolving names to IPs. INSIDE China could be stopped, but Phil / Mopar and all of us in the USA and the rest of the world would not have had DNS resolution stop if they were using DNS and registrars outside of China. Since the government controls all telcom in China then it really is as easy as: Router(config)# ip route A.B.C.D Sub.Net.Mask.Here null0 And then propagate it. If you are using Cisco. But more or less it's all the same. -Dave |
|
|
|
And how did they get access to something that would have affected also f2pool and binance which both have reported issues?
What would be that thing aside from the GFW that could impact everything like this?
Because they all use the same registrar. Not saying that it does happen a lot, but it does happen regularly: https://www.zdnet.com/article/hackers-breached-greeces-top-level-domain-registrar/https://www.cpomagazine.com/cyber-security/domain-registrar-godaddy-breached-attackers-trick-employees-into-transferring-ownership-of-cryptocurrency-sites/https://arstechnica.com/information-technology/2019/02/inside-the-dnspionage-hacks-that-hijack-domains-at-an-unprecedented-scale/Now this is also an interesting little take on it. I am not saying that it happened here, just that it has happened. IF I get access to your DNS control I can set the IPs to wherever I like. I then set the TTL (How long once you ask for the IP for me to store it and not check again) to a very high number. So even if you get control there are still places around the world that will give the wrong information for days. However, if you shutdown the domain at the root registrars there is a good chance that even though it said this is the proper IP for this name and don't look for another X seconds. There are actually 2 TTLs (prepare for some really boring shit here) that although not going to be 100% the way it works it's the best I can do in a post not a 120 minute power point seminar.... Picking on stackoverflow.com here I pull all their DNS info: HEADER:
opcode = QUERY, id = 19492, rcode = NOERROR
header flags: reply, auth. answer, want recursion.
questions = 1, answers = 4, auth. records = 4, additional = 0
QUESTIONS:
stackoverflow.com., type = XX, class = 1
ANSWERS:
-> stackoverflow.com.
type = A, class = 1, ttl = 300, dlen = 4
IP address = 151.101.65.69
-> stackoverflow.com.
type = A, class = 1, ttl = 300, dlen = 4
IP address = 151.101.129.69
-> stackoverflow.com.
type = A, class = 1, ttl = 300, dlen = 4
IP address = 151.101.193.69
-> stackoverflow.com.
type = A, class = 1, ttl = 300, dlen = 4
IP address = 151.101.1.69
AUTHORITY RECORDS:
-> stackoverflow.com.
type = NS, class = 1, ttl = 172800, dlen = 23
nameserver = ns-1033.awsdns-01.org.
-> stackoverflow.com.
type = NS, class = 1, ttl = 172800, dlen = 19
nameserver = ns-358.awsdns-44.com.
-> stackoverflow.com.
type = NS, class = 1, ttl = 172800, dlen = 28
nameserver = ns-cloud-e1.googledomains.com.
-> stackoverflow.com.
type = NS, class = 1, ttl = 172800, dlen = 14
nameserver = ns-cloud-e2.googledomains.com. You can see that they have an A (Address) record set to expire in 300 seconds: stackoverflow.com.
type = A, class = 1, ttl = 300, dlen = 4
IP address = 151.101.65.69 BUT they also have these these things called AUTHORITY RECORDS which more or less mean that these are the proper DNS servers for them and don't worry about it for the next 172800 seconds (2880 minutes / 48 hours) so even if you hijack that domain and point it's DNS servers someplace else for the next 2 days from when you looked. IF YOU DNS IS SETUP TO OBEY THE TTLs then you will never ever care where the new DNS servers are. Those listed are it. AUTHORITY RECORDS:
-> stackoverflow.com.
type = NS, class = 1, ttl = 172800, dlen = 23
nameserver = ns-1033.awsdns-01.org.
However, if your domain is shutdown (like what viabtc.com) then it all stops then and there. I go to look for something and the root DNS zones say nope. Now as I said, this is not 100% the way it works but it does give you a general view. If you got control of the domain and did something funky then I could see them doing something like this to stop an attack. Now, I am not saying that is what happened. But all this "China is blocking" stuff just seems a bit off since traffic is passing. If you think about it, if China wanted to block it all they would have to do it tell the registrar, shut off access and give us the domain. And then tell the 100% owned by the government internet provider stop passing traffic to these IP addresses and call it a day. -Dave |
|
|
|
To me, this was the gov adding blocks to the GFW, this took them by "surprise" and they just scrambled to change dns.
And once again no, read what I posted above. Nothing is blocked. Not the IPs, not the services, nothing. The registrar that viabtc.com is hosted at put a block on the domain / shut it down. BUT they left every other VIA name untouched, just the .com is offline. If they wanted to block access all they had to do was put a block at the great firewall and those IPs would have dropped out of existence. But as others have reported, so long as you did not need to re-confirm the IP you could just keep mining. VIABTC could have just gone out and gotten a new domain name anywhere and said go here to mine. But they did not. So something else is going on. I run my own DNS servers, and since I log every request I went back and looked at what my miners asked for, put in those IPs and away they went to mine. There are 2 different things at play here when it comes to DNS 1) How long it takes to change DNS servers i.e. go from alibaba DNS to cloudflare. That is anywhere from 1 to 6 hours. Usually close to 1 hour. 2) How long it takes for other places to notice you changed IPs (having nothing to do with #1) that is configurable. And usually a few hours. BUT a lot of providers can and use their own time limits ignoring what the DNS provider says. I can set it to 1 minute, but no matter what there are a lot of places out there that default to 7200 seconds (2 hours) or 86400 seconds (24 hours) no matter what the DNS server tells them. -Dave Notes: 1) I was not mining BTC but ETH but that should not matter the IPs still pass data no problems. 2) I switched to nicehash as primary since the profit is much higher at the moment but the VIA IPs still show online |
|
|
|
What is interesting is that the registrar for both domains is https://net.cn but the .com is still on registrar hold as of now as I posted above, but the .net is fine. I am starting to think more and more this has nothing to do with anything China related and more of someone got access to something they should not have. If China wanted to block it registrar hold is not the way to do it. Just an edge block would work fine, just like any firewall. If viabtc wanted to deal with this quickly all they would have to do it send out a list of IP addresses to connect to instead of names that needed to be resolved. Since miners that were connected were still connected and mining then we know that the stratum servers and related services are not and were not being filtered or blocked. To me, on the surface that looks like something else. ... and moving DNS outside China is not a 5 minute exercise.
If it's on hold you can't move it at all. If it's not it take about an hour to propagate it. Which was about what the .net did from the alibaba DNS to cloudflare. -Dave |
|
|
|
The biggest issue I am seeing with hosting is that we are small players.
Yeah, that's defiantly an issue. Looks like plenty of options are available if you want 1MW plus of capacity. But even at the level, the host could still just decide they want the space and boot you after the contract is done. So buy $3Million worth of miners with a ~10 month ROI, only to have your host boot you after your 12-month contract.... that could hurt. Although it would probably only happen if profitability is high, so the miners could be worth close to or maybe even more than what you paid. All my S17s are worth significantly more than I paid for them 2 years ago (in $, not BTC obviously...). At that point it's probably better to buy your own container and have that hosted. At least then it would be a little more difficult and costly to decide to boot you when profitability spikes since they'd need to buy their own container and install it. Would be interesting if someplace would host a mini-container, something with a max of 200kw or so. What is kind of interesting is at least IMO is that for the server / network hosting kind of thing 3 year contracts and longer are readily available at least here in the US. 3 years does tend to be the best option for pricing in a lot of them. Looking around at mining stuff it's all month to month or 1yr. So for mining are these hosting facilities expecting you to fail or don't want to commit for more that that amount of time or  I'm wondering if a lot of them are not "real" hosting facilities, but rather someone who is getting space in a much larger facility then sub-leasing to miners. For what the company I work for pays for 4 racks / 8KVA there is no way we could be competitive to rent space to miners. For what the company in the next area over pays 100+ racks and 900KVA they could (don't leave your paperwork sitting on the table in the common area, I will read it). But they obviously have a much bigger monthly bill then we do.... -Dave |
|
|
|
Or they could just use an inexpensive hardware wallet and have 2 wallets on their machine. One that is password protected and the other that needs the HW wallet. Or another form of cold storage and only move when needed. Security protocols must be constantly updated. If we have learned anything from technology, it is that sooner or later they become obsolete. BitGrail, KuCoin, MtGox, Coincheck to mention a few, they relied too much on their security protocols, when talking about money the saying "if it ain't broke, don't fix it" is not valid.
Would not have mattered for any of those BitGrail was 99% a inside job MtGox was a disaster from the start with no security at all. Coincheck did not loose BTC they lost an alt. KuCoin lost a bunch of different coins / tokens and while some was BTC it was from a hot wallet that an exchange needs to function. They need to have a large amount always available to be able to function. Needing human intervention with anything means that you don't need some fancy new setup for security or ANY new setup for security. If there had to be a human there to verify the BTC move then it would not have happened since they would have seen the issue. -Dave |
|
|
|
This is so so nice. I haven't tried yet but it seems very interesting to me. As far as I know, BATM is fully centralized, did it ask for any phone number or KYC documents from you while you using it? I did not use Bitcoin ATM due to my personal anonymity,
Ehh I really don't see how it's a nice thing. It just adds unnecessary steps for most peeps, with the only positive advantage is that new users of the ATM has a customer support ready by default. I suppose that this is just to attract the random "John Doe's" that hear about BTC and want to say that they somehow also have BTC of their own. Even being capped at $100/day I wouldn't feel at rest by just going to a cashier and asking him/her to give me the equivalent in BTC - I just think that it would open myself to being a target. On a curious note, would this[1] be the shop @DaveF? I've searched around Manhattan Avenue and this is the closest one available. If not, I suppose you could submit[2] the location to their website.
[1] https://coinatmradar.com/bitcoin_atm/574/bitcoin-atm-cryptocurrency-atm-harlem-apollo-deli-fruit/[2] https://coinatmradar.com/submit/That was not it, I don't see it listed at all, I don't have the exact address it was raining and still dark out. I just kind of ducked into the 1st place I saw open that had coffee. It was probably after the change from Manhattan Ave to St Nicholas Ave. Still think it was in the 130s but could have been high 120s to low 140s. I was walking for a while at that point and not really paying attention since I knew it was going to be a long, cold, wet, walk. ... Last of all the time it takes to confirm might also vary and unless the miner fee is set quite high then a customer might have to wait around a long time for the transaction to confirm or the business might actually be unaware and put itself at risk if they don't want for adequate confirmations.
So long as there is 1 conf you are usually good to go. But it does give them a bit of play. No RBF and a high enough fee and a small enough amount then you can give the person his cash and let them leave. RBF and low fee, sorry buy another cup of our bad coffee and wait... It was an unbranded machine. No logos or anything, but it looked well built. So I don't know if it was a custom built thing or a new unit that I have not seen yet or something else. -Dave |
|
|
|
This is so so nice. I haven't tried yet but it seems very interesting to me. As far as I know, BATM is fully centralized, did it ask for any phone number or KYC documents from you while you using it? I did not use Bitcoin ATM due to my personal anonymity,
Your description does not specify anything about using phone numbers or KYC. Can you kindly inform me a little bit about this since you have witnessed it first hand?
The sign on the machine said Valid ID needed for all transactions, max $1000 / day. *BUT* it not ask me for anything. I don't know if it's up to the cashier or some other limit or thing. I just did $20 out and $50 in to play with it. The 5% each way was just too much to do more. And the coffee sucked so I was not sticking around. Will be back in the area after the new year so if nobody else gets there I will check again then. -Dave |
|
|
|
|
Show Posts
