Ever heard of credit card skimming? It captures the info on the magnetic strip and steals the credit card number and the CVV code. A camera records you as you enter your PIN code. I read a story a few years ago about a guy who worked at a gas station who was skimming the cards of some of the customers. He would first give them a fake lookalike device to swipe their card and enter their PIN. After that he would say, crap the device isn't working. Please try this one. He would then connect the real one and have them pay what they owed. There are ways to do it.

That's unimportant at this point. We aren't discussing potential punishments. 

Bitcoin isn't insured by the US government or anyone else either. Do you trust and use it?

OK, good to know. I asked that question because your website talks about "blazing-fast deposits" that take less than five minutes. That made it look like you have instant deposits to me. Maybe you can change that since that's not the case. The claim that the deposits are "blazing-fast" isn't true if the appropriate network fees weren't paid by the sender. On top of that, the next Bitcoin block can sometimes take 30-40 or more minutes to be constructed.

Actually, there are no rules when it comes to meriting at all. There is only the community's viewpoint on this matter. If you want to see what theymos thinks about it, take a look at his quote that LoyceV posted in post #14.

Like I said in my OP, this is only a fictional scenario and not something I have plans to do.

Thanks for the list. The OpenSSL wiki has the site I used and recommended placed on top, so everything is good. I did notice a significant difference in size. The Windows installer I downloaded from the wiki source is 63MB, while the curl 7.78.0 for Windows is only 5MB. I guess the first source contains many more libraries and/or tools while curl.se only comes with the basic package.   

I was watching this video of Andreas explaining the dangers of splitting your seed into several parts. He was answering a question from someone who wanted to know about the safety of splitting the seed into three different locations. Any two of those locations would contain all the words and would be enough to recreate the mnemonic.

A)   Words 1-8 and 9-16
B)   Words 1-8 and 17-24
C)   Words 9-16 and 17-24

Andreas explains that it’s a bad idea and suggests using Shamir's Secret Sharing scheme to those who want to split up their seed words for whatever reason.

A 24-word recovery phrase contains 256 bits of entropy. That’s impossible to brute-force with today’s technology. In the proposed method of spitting represented above, there are 16 out of 24 words in each location. 8 words are missing. AA explains how the last word of the phrase is the checksum, and since only one word fits in that position, it can be brute-forced much easier than the rest.

Location A doesn’t contain the checksum, and you will be required to brute-force 7 of the missing words + the checksum. AA says that it decreases the entropy to 80 bits that need to be brute-forced. I don’t have any knowledge about brute-forcing, but Andreas says that’s an exponential. It’s not going to take one-third of the time (since you only need to crack 1/3 of the seed). It’s much less than that. According to the explanation under the video, it’s 2^176 times easier to brute-force those 80 bits of entropy. He goes on to mention that this could be easily done in the next decade with the appropriate hardware, especially if the checksum is known.   

Did he set the bar too low, or could this be “easily brute-forced in the next decade”? 2^176 times quicker to brute-force doesn’t tell me much about a timeframe, so with the most powerful possible hardware, how long would such a process take approximately?


The video about this topic can be watched here:
https://www.youtube.com/watch?v=p5nSibpfHYE&list=PLPQwGV1aLnTuN6kdNWlElfr2tzigB9Nnj&index=35

That's because the majority of other sites have Curacao-based gaming licenses, but this platform is licensed in Montenegro. Different licensor = different restrictions.

They explained this in one of their previous posts. If you deposit or withdraw less than the minimum amount, that's when that rule can kicks in. Unless you do that, it's not going to happen.

---

@btc365partners
You accept USDT but over which network? Do you accept the TRC20 version over Tron?
You stated that your deposit and withdrawal times are 5 minutes of less. Does that mean you have instant deposits, or how many confirmations are needed for the balance to be credited in BTC and ETH?

I am basing that solely on the info found on Zion's homepage. 

I am not sure what you consider long-term but there are different currencies and languages, and depending on where you are, it's you who need to adapt and not the other way around. You can try and shop with your dominant USD or EUR or whatever in a particular country and see how far that gets you. When I was doing some work in Germany a long time ago, I asked my boss if we can speak in English because I am fluent in English and still learning German. She said no! We speak German here. In other words, you can take your dominant English language and shove it. She just said it nicely.

So what? Since when is more competition not desirable? If I buy my groceries at shop #1, I should never enter shops #2 or #3 even if they have the same or better type of offers and should consider them stupid for trying?

I am not familiar with either Zion or Activity Pub, but I don't think the idea is stupid. Besides, there isn't just one internet browser, there are many different types. There isn't one document creating and editing software, there are multiple.

Zion claims that content creators can get paid for their creations and those who consume the content can get in on it as well. Compare that with traditional social media platforms, you get nothing unless you are a famous person with millions of followers. On the other hand, the platforms make money on your data and interests. 

I don't need the card. I just need the numbers on it, the CVV number, and its expiration date and I can shop with it online. With a little bit of research, I could also replicate those numbers on a blank card with a piece of hardware and withdraw money from ATMs as well if I unfreeze it or if it already is unfrozen.

So you consider your credit card the first level of security and your online banking account the 2nd level? OK. In that case, why is your hardware or software wallet (protected with a PIN or password) not the first level of security, and your private keys or seed phrase not the 2FA? If you don't consider that to be optimal, you can introduce a passphrase or multisignature setup like mentioned above.

It's awfully slow and a boring process, but as NeuroticFish said, if you don't mind checking it manually block by block, use this https://www.blockchain.com/btc/block/1. Just change the last digit to the next block number. I checked the first 20 and there are only block rewards in those.

I remember this issue and it was much more severe than what Ledger was ready to admit.
However, if you scroll down on that report you shared to the section that describes the "Attack methods", you will see some examples how that vulnerability could have been used in practice.

They say:

Invited by whom? You shouldn't trust and use dubious services and websites whether it's about crypto or anything else or accept invites and click on links from people you don't know. Unless you fiddle around with such things, you would have been safe from the attack.

I am not sure what exactly is meant with this. Maybe it's about connecting your Ledger hardware to a DEX. This is in my opinion the most dangerous attack method. If you had to connect to an unpopular exchange for whatever reason and they had ways to steal your bitcoin.

Whoever is involved in crypto should know by now where and how to download the official software, what phishing is, and how to check the authenticity of what they just downloaded. That's now possible to do with Ledger Live as well. Don't fall for fake apps and your bitcoins will stay safe. 

You just explained how your bank protects someone from using you credit card. The fact that your card is "frozen" provides no security whatsoever if someone knows how to access your online banking account. If I have your login data, I can unfreeze the card with the click of a button. Where is the second factor authentification for freezing and unfreezing if it can be done with the same password and account?

It basically comes down to what you use your phone for. Don't poke the bear if you don't want to get attacked. If you aren't someone who needs 40 different apps, games, widgets, or add-ons, a mobile wallet is a decent solution to work as your hot wallet. Each of those unknown apps is a new potential threat to your security and privacy anyways. Just keep it to a minimum and apply the same logic you use on your home PC to your phone as well. That includes not visiting weird websites, opening email attachments, etc. Phones also have anti-virus software and ad blockers.   

Chances of something like that to happen are of course higher if you carry that device with you all the time like you do with a phone. But a thief can also rob your home and turn your life in a nightmare   

Lucius is right when he talks about certain brands stop receiving new security and system upgrades. I am stuck on Android 9 for example and haven't had an update since October 2020.

Same here. Although Kleopatra is supposed to support .pem files, there seems to be a compatibility issue and it can't be imported as you realized as well.

There are Windows installers for OpenSSL here. This site was suggested on a few forums as a source to get hold of OpenSSL without having to compile it yourself.

---

The Ledger files can be anywhere, as long as they are in the same folder. You just need to configure OpenSSL to the correct directory and it will work.

If something like that were to happen and someone stole your account, your threads are safe as long as other people posted in them. You can't delete a thread containing posts of other forum members. You can only delete your own posts, move, or lock the thread.

There are, of course, other means of contact including Skype or social media. But I intentionally created a scenario in which I wanted the forum's PM system to be the only thing I wished to use. 

I think there is a big different between betting on club friendly matches and national team friendlies.

Club friendlies are mostly played during the off-season, like the summer friendlies that just passed and were played throughout July and August. Those matches are played while the teams are in preparation mode and the players aren't in their competitive rhythm yet. New players arrive at clubs, and club friendlies are the time when their abilities and strengths are put to the test. The players usually don't have the strength for a 90 minutes match, so you often see the entire team being substituted at half time or around the one hour mark. Wagering  a lot of money on the favorites in such matches could be dangerous. The pre-season friendlies are also the time to test youth players to figure out which of them will stay at the club, who will be sold, or send out on loan.

International friendlies are different. They are played during the on-going football season. The players are already in good physical shape and their club competitions are in progress. There aren't that many international friendlies due to limited availability of players, so the national teams can't experiment a lot, and they tend to bring out a strong squad. The favorites will usually play to win, and it makes much more sense to wager money on this type of games.   

Ne znam koje faktore uzima u obzir ali ima puno posla bez obzira. Ja sam kod jedne svoje prijave ušao u završni krug kada se je tražio veći broj novih članova i nisam tad primljen. Prijavio sam se onda više puta u narednim rundama kad god su primali nove članove i nikad nisam prošao prvu rundu. I onda jedan dan stiže PM i pitanje jesi još zainteresovan da pristupiš kampanji i to bi bilo to. Mislim da smo ja i dkbit98 na sličan način primljeni s tim da je on tjedan ili dva prije mene ušao. Nikad se ne zna šta im je u tom trenutku bitno kod novih članova. Pišem u množini jer se DS vjerovatno konsultuje sa CM adminom. 

I thought it didn't have any affects on the PM restrictions because I seem to remember an old post by theymos in which he said that it doesn't. Good to know that I was wrong. That basically solves this potential problem, thanks!

That is isn't the ideal solution either. Asking someone to merit you isn't the way it's supposed to work and is also frowned upon. 

No, not meriting on the road. Sending PMs while on the road. Newbies have a PM limitation of only 2 PMs in a 24 hour period. Let's assume that I have to keep in touch with x number of forum members daily while I am on my travels, and I only want to be in contact with them through the forum's PM system. I would only be able to send 2 PMs daily and that's it. But LoyceV cleared it up now, and purchasing a copper membership would solve the PM problem.

I finally got the "Verified OK" notification for the SHA512 hash with OpenSSL. I haven't worked with this software in the past, so I had problems navigating to the correct path destination.

For those who want to try, the correct command is: cd followed by the path location. For example, if the folder with the downloaded Ledger files is on your Desktop, you would enter something like this:

Maybe I don't want to bother that much or don't have the time for it.

This is the first time I hear that he can do that? Are there are any documented cases where he has done that that you know about?

I know. That's part of the reason why I created this thread. To see how the community looks at all this. 

I think it still counts as merit abuse. It's just that the motives are different. You aren't meriting yourself to rank up and participate in bounties, signature campaigns, giveaways, etc. You are only doing it to help yourself engage in regular forum activities easier. Like writing and replying to PMs without waiting for 24 or x hours to pass.