You have entirely misunderstood that post. It is GitHub which was acquired by Microsoft, not Samourai. The only coinjoin implementation which bans certain coins is Wasabi. I've read somewhere that the US Treasury Department wants to target crypto mixers as they can be used by Hamas for money laundering/terrorist financing. This is just the usual nonsense from the government misusing some current event to justify their mass surveillance machine. The evidence shows Hamas have raised barely any money via cryptocurrency: https://nitter.cz/nic__carter/status/1717210060777009636#mOne can only imagine the US government will eventually "ban" Bitcoin like it banned Gold a few decades ago. Good luck confiscating bitcoin like they confiscated gold. I unfortunately lost all my private keys in an unfortunate boating accident. |
|
|
|
If company's work will be easily copied and sold better with high budget marketing, then one will rarely bother to create such a good product. Alternatively, if their code can be used by competitors then it incentivizes them to continue to develop and improve. Then I, a rich guy, hired some developers, copied your code and with way bigger marketing budget, released a product built on your code and somehow because of our bigger budget, we managed to become more popular than you and finally took you over. Then why have we not seen Microsoft Trezor or Apple Passport? These wallets are open source and anyone can clone them. It's not as simple as that. Do you want to buy a wallet from the people who developed and wrote the code themselves, or from the people who copied it verbatim? I can understand the arguments for source verifiable, but I will still argue that open source is better for the product and for the wider ecosystem, especially when your source verifiable project was built using other people's open source code. |
|
|
|
Just heat the room and every object in it including the coin to body temperature, and then there will be no net transfer to heat to or from any object.  But what about the fact that the heads and tails side have different engravings, meaning photons will hit them at a different angle, and that will produce a bias so imperceptibly small that it wouldn't even affect a single flip if you flipped a coin from now until the heat death of the universe? Better flip in a pitch black room just to be safe! These ever more ridiculous scenario are just that - ridiculous. Using von Neumann's algorithm and the same starting conditions for each flip is all that is needed to product a complete random string of bits. If someone is genuinely concerned about the different sides of the coin having a difference of a one degree and that somehow heating up the adjacent air enough to bias the flip, then they should be absolutely terrified of the security of literally everything else in their life, which won't be as random as this. |
|
|
|
That's interesting. I didn't know that. I thought that if you select the dice rolls seed generation method, that the entropy comes only from that source. But according to the documentation you linked to, 256 bits of entropy is already generated from Coldcard's hardware and the dice rolls are an addition on too of that. Coldcard provides all three options - PRNG only, PRNG + dice, or dice only. https://coldcard.com/docs/middle-ground/#generating-seed-wordshttps://coldcard.com/docs/paranoid/#generating-seed-words-with-256-bits-of-entropy-by-dice-rollsIn the thread I linked, the OP chose dice only and then proceeded with a single dice roll of 5. You can verify this yourself by going to Ian Coleman, showing entropy, putting in "5", choosing dice rolls, choosing 24 words, choosing BIP 84, and generating the same addresses as OP: https://mempool.space/address/bc1qln3mjur5h67xenn04vepunx27fhpvfgvqgwelxhttps://mempool.space/address/bc1qmq80v8cxlsuwkxc8yt7hzjf05jyga3q5uea9uk |
|
|
|
I can imagine how inaccurate their lightning network monitoring reports will be. Oh, absolutely. As we have seen in this thread, they fail to understand the most basic concepts about bitcoin (such as segwit v non-segwit), or indeed the most basic concepts about computers in general (such as bits v bytes). They fail to understand how easily their simply heuristics are fooled, such as with change being sent to different script types. They have absolutely zero evidence that their on-chain analysis is anything other than complete guesswork, and cannot say how many false positives they identify with their random guesswork. I am certain their Lightning analysis will be similar flawed, at best. However, apparently none of that stops the government relying on this made up bullshit in court and using it as evidence to prosecute potentially innocent individuals. If Chainalysis are offering it, the government will be buying it and using it against anyone they like. |
|
|
|
As a reminder: Any further nonsense from franky1 will be deleted. Please keep this on-topic.
You can see DooMADs post here for an explanation why: https://bitcointalk.org/index.php?topic=5471353.msg63048733#msg63048733
There are now over 120 comments on the proposal, but still only two are viewable. I wonder why they have chosen to withhold so many of the comments? which will give more value to the BTC you actually own. Maybe, but it still creates a two tier system which is bad for bitcoin on the whole, even if I never interact with any of these custodial services. |
|
|
|
The Bitcoin ETF will work just like IOU because the institution and the government never like decentralization.
This is clearly the future the government want for bitcoin. The majority just buy ETF IOUs. Those who do actually buy bitcoin can only do through via KYCed exchanges, and their bitcoin can only move from there to other KYCed exchanges. Actually owning your own bitcoin won't be allowed - after all, what are you trying to hide? But can the IRS be trusted that it won't share sensitive information with its fellow government agencies? They will, of course. All branches of the government freely share all the information they have on you with each other. are we then limited to the option of transacting face to face and on cold cash basis? If you want no traces left in the fiat system, then cash in person is the best way to do it, yes. I've done this for years. It works well. |
|
|
|
So, who the hell tells you that policemen cannot receive magician training to plant you some kind of pill/drug in your car? It is of course trivially easy to plant something with or without bodycams. And even if it were impossible, police could simply charge you for running a stop sign, running a red light, using your phone while driving, dangerous driving, or a hundred other things where bodycams are useless. More surveillance is never the answer, which is why even the NSA have admitted that mass surveillance has never prevented a single terrorist attack. As o_e_l_e_o said above, monero has a bounty of $625,000 if it gets cracked. Note the bounty no longer exists. The bounty eventually evolved to cover either Monero or Lightning transactions. It was awarded to Chainalysis in September of 2021, just before they publicly announced their "transaction monitoring solution" for Lightning ( https://www.chainalysis.com/blog/lightning-network-support/). So in other words the Monero bounty was unclaimed, and Chainalysis were awarded the money for instead offering the US government Lightning monitoring services. |
|
|
|
You don’t need a lot of skilled wallet users, just a few is enough to make the presence of any bugs available to community. Even Bitcoin Core has flaws and vulnerabilities which are identified, or even on occasion not identified before they were exploited, despite significantly more pairs of eyes on its code than on the code of an individual wallet. Despite how technically competent an individual reviewer is, more reviewers will always be safer. And you will get more reviewers if your code is open source and those reviewers have an incentive to spend their time examining your code. -snip- I don't disagree with any of that, but their code is still not open source and to call it such is simply incorrect. Is reproducible does not mean it is open source or the site is not correct about it. Read my previous replies in this thread. The source code is reproducible but it is not open source. |
|
|
|
Consider the perspective of an ordinary wallet user whose sole concern is the availability of code for scrutiny and verification. An ordinary wallet user does not have the requisite knowledge or ability to review the code themselves, and thus they rely on the community doing it for them and publicly flagging up any bugs, vulnerabilities, suspicious or malicious code. And code which is not open source and therefore prevents other projects, companies, developers, etc., from using that code in their products means that none of these projects, companies, developers, etc., will bother looking at the code, probing the limits of the code, building on top of the code, and so forth. Why would they waste their time going through the GitHub of a "source verifiable" project knowing they can't do anything with that code, when they could spend their time going through the GitHub of an "open source" project knowing they can use that code for anything they like? "Source accessible" or "source verifiable" simply means fewer people will be looking at the code than they would if it were open source. And for the ordinary wallet user, this is what matters. |
|
|
|
I just want to explain that ColdCard's source is available for anyone to use and verify Yes. It is source verifiable. It is not open source. Both of them are not open source but there is a huge difference. Then you can explain that difference, but calling Coldcard open source when it's not is simply incorrect. Ledger also claimed that they were moving to open source, and then created a new license for their code called "Source Code Accessibility License" which is also not open source. "Open source doesn’t just mean access to the source code."In a business where you work days and nights to write a code and there is a danger that rich businessman will copy and paste your code and sell a clone but dive you because of money and better marketing, I think it's okay to protect yourself from this danger. And yet, this is exactly what Coldcard did to Trezor code: https://nitter.cz/PavolRusnak/status/1022107617328619520#m. Why is it OK for Coldcard to use other people's code, but its not OK for other people to use Coldcard's code? |
|
|
|
Very reasonable that they forbid to sell purely their code, but they allow to use it in any other commercial product and sell those products based on their software. No, they don't. A quote from their license, with emphasis added: For purposes of the foregoing, "Sell" means practicing any or all of the rights granted to you under the License to provide to third parties, for a fee or other consideration (including without limitation fees for hosting or consulting/ support services related to the Software), a product or service whose value derives, entirely or substantially, from the functionality of the Software. Any license notice or attribution required by the License must also include this Commons Clause License Condition notice. You cannot use any part of their code in any other product which you then sell. Thus, it is not open source. Again, according to the definition of MIT-licence the software which is liable to it is open source. I have never encountered the contradictions to this coming from reputable sources. How about the source of the people who wrote the Commons Clause license Coldcard use in the first place: Is this “Open Source”?
No.
“Open source”, has a specific definition that was written years ago and is stewarded by the Open Source Initiative, which approves Open Source licenses. Applying the Commons Clause to an open source project will mean the source code is available, and meets many of the elements of the Open Source Definition, such as free access to source code, freedom to modify, and freedom to re-distribute, but not all of them. So to avoid confusion, it is best not to call Commons Clause software “open source.” Code clearly states: MIT licence.
MIT with Commons Clause attached, which makes it not open source. |
|
|
|
It's true that they copied others and use their work but Coldcard still came up with more unique product that no one has created before. We discussed this before, and my point remains the same: Coldcard used a huge variety of open source libraries and code when they built their device. To turn around and prevent people doing the same for their code is hypocrisy. When ColdCard left their code open-source, The Passport Foundation copied them, improved some UI details if I am not wrong and become a Coldcard's competitor. This means loss of customers, loss of sales and all these because someone copied your code and put it in a new design. If you are worried about someone building on top of your code and making a better product, the solution is to improve your own product, not stifle development and innovation, which is bad for everyone. Where would bitcoin be now if Satoshi had released bitcoin under a "source verifiable" license but prevented other people from developing on top of it? Being under MIT licence it's open source. It categorically isn't. They add the "Commons Clause" license, meaning they are not open source. Even the Coldcard website doesn't claim they are open source - they are source verifiable. |
|
|
|
Are these results accurate, especially since most of them are generated by artificial intelligence? Can it be relied upon to bring charges or acquit people, since they may lead to criminal charges, or is this not possible as they are based on random results or inaccurate. No, they are not accurate at all, and no, they should not be relied on as evidence in any court. Have a read of this thread: https://bitcointalk.org/index.php?topic=5464886.0One of the biggest blockchain analysis companies in existence - Chainalysis - has had to say in court multiple times that they have absolutely zero scientific evidence to back up any of their analysis techniques, and has absolutely no data on the accuracy of their techniques, how many false positives they identify, or indeed any proof whatsoever that their results are anything beyond guesswork. Blockchain analysis is a sham, and they've admitted it in court. It is not evidence based. See this post of mine from the above thread: I did a small experiment some time ago regarding blockchain analysis: https://bitcointalk.org/index.php?topic=5395035.msg59905002#msg59905002One particular piece of blockchain analysis software put a significant amount of coins in the wallet of various centralized exchanges in one of the categories of scams, hacks, or blacklists. Obviously the blockchain analysis software being used by these exchanges did not classify these coins in this manner, otherwise they wouldn't have accepted those coins. The fact that two different pieces of software can come to completely different conclusions about the exact same coins should be more than enough to tell you that blockchain analysis is made up trash. One of the core principles of any piece of science is that its results are repeatable and independently verifiable. If I come up with a process to say, isolate gold from an alloy, then I publish my methods and other people perform the same steps, end up with the same results, and verify my process works. If I come up with a process to say some coins are tainted, and other people do the same thing and end up with completely different results, then my process is bullshit. |
|
|
|
* Takes open source to the next level: The open source code can be viewed, verified and compiled directly from the device itself. This is not correct. Coldcard is not open source, but rather, it is "source verifiable". You can see their license here: https://github.com/Coldcard/firmware/blob/master/COPYING-CCYou can understand why this distinction is important here: https://nitter.cz/sethforprivacy/status/1651039483419058177Code that is not actually open source is bad for the product and bad for the ecosystem. If no one is actually allowed to use their code in other products, then you are going to have far fewer sets of eyes on the code since there is far less incentive for people to spend their time examining it. Open source code encourages competition which furthers development, which ultimately is good for bitcoin. I'm getting fed up of various projects claiming to be open source when they aren't, or claiming their not-open-source license is just as good as open source when it isn't. Open source has a very specific meaning and is very important to the ecosystem. Coldcard is not open source. |
|
|
|
Just lol. So your solution for corrupt police or a court system which assumes people are guilty on no evidence, is not to, you know, weed out the corruption or even enforce one of the oldest and most basic human rights of presumption of innocence? Your solution is more surveillance. So we all need to be surveilled at all times to protect us from the malicious state. That's the most insane logic I've heard yet. Bitcoin by default will not provide that . That's the first thing we agree on. Good thing that mixers and coinjoins exist. |
|
|
|
I don't think you need to check the checksum while you are are brute-forcing a seed. Because the checksum is deterministic and will always hash to the same value given a particular input.
That's going to save a lot of time and let you search faster, since computing a checksum is particularly expensive and can only be optimized so much. On the contrary - calculating the checksum speeds things up exponentially. If you are brute forcing a seed phrase, the only way to check you have the correct combination is to derive either a master key or an address from that seed phrase to check against a known value you already posses. To do this requires, at a minimum, 2048 rounds of HMAC-SHA512 and further rounds of HMAC-SHA512 alongside elliptic curve multiplication to work down the derivation path to reach a master key. If you want an address, then add in three SHA256s, one RIPEMD160, and a Base58 conversion as well. Conversely, calculating the checksum is very fast and requires only a single SHA256. If you are brute forcing 12 words, then only 1 in 16 seed phrases on average will have a valid checksum. For 24 words, it's only 1 in 256. That means that for either 93.75% or 99.6% of all seed phrases you can exclude them after performing a single SHA256, instead of having to perform the much more computational expensive derivation process as above. |
|
|
|
Ledger keeps repeating that "all hardware wallets require trust" and people get lost in this because while on one hand it's true to some degree, not every wallet requires as much trust as one that's closed source which also has the ability via firmware to split and send seeds through your USB/Bluetooth connection, through your PC and then stored elsewhere. Compare Ledger - closed source, connects to an internet enabled device, has the ability to send your seed phrase across the internet - to something like a Passport - open source, completely airgapped, communicates with QR codes - and the difference is stark. The difference in the amount of trust required, and the amount of independent verification which is possible, is astronomical. It's like saying "all software wallets require trust" when comparing something like airgapped open source Sparrow wallet, to hot closed source Trust wallet. There is simply no comparison, and anyone claiming they are in any way similar is either naive or malicious. "Oh but the shards are encrypted!" This only sounds good until you realize that Ledger themselves say that any device can restore the shards. So the encryption keys are either specific to ledger Hardware (meaning anybody with a Ledger has them) or they're stored at Ledger headquarters (meaning they have them and you have to hope they aren't leaked the way all those addresses and emails were). Any way you slice this it's frightening. The key is common to all Ledger devices, and therefore the encryption is utterly useless: https://bitcointalk.org/index.php?topic=5452900.msg62453002#msg62453002 |
|
|
|
I think it's a really cool idea and we should try to find a way to do it for this act too. I don't think so. They will simply ignore any AI generated content, and all it does is water down genuine comments and complaints. I'm curious now, will you, then, encourage that people don't declare their Bitcoin holdings? I would encourage people, as I have always done, do trade exclusively peer to peer and to never complete KYC anywhere, so there are no third parties which can track all your bitcoin and share that information with anyone they like. The strange thing is that Europe took the lead in this before the United States, which is now lagging behind. Everything I've seen come out of the EU in relation to bitcoin has been just as bad/stupid/misguided/idiotic as what our government in the US spits out. This kind of mass surveillance of bitcoin will only spread if we don't fight to put a stop to it. |
|
|
|
Honest question before i proceed to a full reply , how do we know that guy is innocent ? How do you know he is guilty? Whatever happened to presumption of innocence? The onus is not on the accused to prove innocence - the onus is on the prosecution to prove guilt. And the onus is not on me to to open myself up to complete scrutiny by blockchain analysis and other government funded mass surveillance tools and prove that I have "nothing to hide". Innocence is the default position. Privacy is the default position. |
|
|
|
|
Show Posts
