On one hand I agree that threads related to him tend heavily to off-topic.

On the other hand, a big part of the reason that he's caused so much disruption (and he truly has)-- is because so many bitcoiners took one look at him, saw how transparently fake he was, and decided it was best to ignore him.  The only thing necessary for the triumph of evil is for good men to do nothing.  And that is what has happened here--

It's easy for him to spin the people who do speak out against his fraud as somehow being involved with some kind of personal play against him because as a community we haven't stood united against his fraud.  Instead, far too many have just responded like "Good thing I'm not ignorant enough to fall for that, better stay away so I don't get targeted with drama too."

In the future we're going to see more crap like him threatening any business that accepts Bitcoin with patent litigation, to which the common response will be "damn, this bitcoin stuff isn't worth the trouble" from most parties who's business isn't primarily about Bitcoin.  How could you expect otherwise when your response to wright is "damn, this wright stuff isn't worth the trouble"?

Because his lies are so prolific and layered in every one of these threads there are some newer bitcoiners that end up being corrected and put on a more sensible path.  It isn't always a question of people believing him outright, often its falling for one of his lesser lies like the claim that he's an "og bitcoin investor" or that kleiman had something to do with Bitcoin's creation.

The Wright threads also make it really easy to identify many idiots and shills.  I think we're all made better off by having access to such a quick classifier of the character of our fellow posters.

If someone broke into your house and was stealing stuff-- you wouldn't just say 'that thief doesn't deserve our attention' and ignore them.  We shouldn't hesitate to defend Bitcoin and the community surrounding it.

People do, for the most part, ignore people that caused trouble in the past but aren't anymore. You hear about wright because his scams are ongoing and still growing.

Now-- if you want to argue that various threads aren't very effective and that the community could do better?  I couldn't agree more.

Because he isn't, he's a scammer, and as long as he keeps up the act he can keep extracting money from calvin and other sucker investors. If he admits his fraud he'll end up in jail, if not worse -- some of the people he's ripped off don't sound the sort of people that it's wise to rip off.

I was commenting in a thread securing Bitcoin for inheritance and made the comment that if there is some asset you're going to give away after you die, it's usually better to give it away earlier and that made me think to post this year-end reminder:

For those fortunate enough to have a decent amount of highly appreciated Bitcoin: giving it away to less fortunate friends and family can be both a generous and tax efficient way to deal with it.

In the US, gifts of up to $15,000 per person per year (twice that if married) can be gift without triggering any gift tax, diminishing your lifetime gift tax exception (and even if your current holdings don't put you at risk of estate taxes, bitcoin value could go up or estate tax thresholds could go down...), or requiring any tax reporting.

The recipient of your gift inherits the cost basis and holding period.  Giving to family and friends who pay lower taxes than you (due to lower income, better deductions, etc.) is tax efficient because they pay the taxes at rates that apply to them if/when they sell your gift.

For example, say you have a sibling that only worked part of the year and earned $24,000.  You could gift them up to 2.1 BTC which you acquired years ago for $100, and they could sell it and pay no capital gains tax (because the LTCG rate for <$39,375 in income is 0%).   That's an extra $2236  (or $3548.58 if you are fortunate enough to have a 23.8% marginal LTCG rate) that stays among friends and family instead of getting paid in taxes compared to you selling the coins yourself and gifting cash or purchases using the proceeds.

Gifting away from ATH's works better, because the limits allow for more coins.

A big stash of Bitcoin doesn't do you any good after you're dead, and for people you'd otherwise consider bequeathing your coins to ... they would usually benefit more to receive them earlier and doing so can be a lot more tax efficient as an added bonus.

[Giving appreciated assets to a charity can have additional tax benefits, but because of recent changes to US tax code-- it's much harder to make use of those benefits than it used to be.  The standard deduction is so great now that you'd have to give a really large amount to overcome it, particularly with state taxes no longer creating a reason to itemize for many people. If you do intend to give to a charity it can be best to batch all donations up into a single year, potentially via a donor directed fund, so that you can just use the standard deduction in later years.]

You could also use a script that looks something like

IF yourkey CHECKSIGVERIFY ELSE <duration> CSV OP_DROP theirkey CHECKSIGVERIFY ENDIF.

Then any output of yours that hasn't been moved by the CSV time can also be spent using theirkey.

Then ideally you'd make your wallet smart enough to preferentially spend coins where are getting close to their expiration.

This is essentially the kind of script used for the blockstream green 2fa-- you can spend with your sig and blockstream's sig, or after a timeout with just your sig.

W/ future taproot, this additional spending branch wouldn't make your outputs look any different from anyone elses.


This scheme has the advantage that you can create your backup once (by precomputing the addresses you'll use in the future, or using public derivation), rather than having to continually update a set of nlocktimed transactions every time you get a new payment or move coins (e.g. due to making a new payment).

It has a disadvantage that CSVs can't be set that far in the future, though I suppose you could use a CLTV instead but the disadvantage there is that you must set it pretty far in the future because you can't keep updating it.

Another possibility is to use a two phase release:   You hand someone a presigned transaction with no locktime that moves your coins to an output you can spend instantly, or which they can spend after a CSV.    If they broadcast that transaction while you're still alive, you use your key to claw the funds back and the exclude them from your will in the future.  Otherwise they can collect them after the CSV.

This approach could have a much shorter timeout-- less delay in getting to your coins.

Downside is ... more incentive to cause you to have an unfortunate accident.

The proposed checktemplateverify could be used to make this last form also a one shot enrolment.

The incentive to cause you to kick the bucket is one of the reasons that non-interactive/one-shot schemes are better.  You can just not tell people that might get dumb ideas about their inheritance and have all the info in a safe deposit box they only get access to after you die.


All this said-- it can be advantageous to give away funds that you'd otherwise bequeath while you're still alive:  You get the enjoyment of seeing people use your gifts... and if you're in the US you can gift $15k per person per year without it counting against your estate taxes.   (You never know what bitcoin might be worth in the future-- perhaps your holdings might become valuable enough to trigger estate taxes even if they aren't now... and, of course, tax policy might change...)

You don't technically need a distribution at all-- you can go fetch all the components, and build all the parts--- and run your entire system yourself.

But, presumably, you'd like to do something more with your life than just maintain your computer.

The reason distributions exist is so that we can outsource the effort of assembling and maintaining our systems.  Unfortunately, as with all outsourcing, the tremendous amount of time saved comes with some costs.

I started using Linux full time with SLS. That original system I manually upgraded myself from across several libc versions and eventually to glibc and from aout to elf.  I learned a lot, but mostly what I learned is that maintaining a whole OS yourself is a lot of work.    I've run many other distribution but after RH5 or so I ran RH (and later fedora) mostly.

When Fedora started doing more things I disagreed with (gnomeifying everything backing MSFT-signed 'secure boot', etc.) I switched to gentoo.  Unfortunately, gentoo maintenance has significantly died (esp after google hired off most of the most active developers).  And without vigorous maintenance a distribution is pointless. I'm back to running fedora on most systems again.

If a distribution does something you don't like, you can work around it.  If it's too much trouble to work around--- did you really dislike it that much?  Life is too short to waste too much time time on OS maintenance/customization.

My recommendation is to pick a distribution *widely used* with an active and not-shrinking user community. Change the things you must, don't waste your time on the minor issues that you can just ignore.  Understand that outsourcing your system maintenance is a phenomenal benefit but it comes with a cost that not everything will be exactly how you want it all the time.  It's well worth that cost.

You should update your post with what you're actually taking about, the pastebin link doesn't work.

This might be of interest to you: https://bitcoincore.org/en/2016/02/26/zero-knowledge-contingent-payments-announcement/

as well as: https://github.com/unsystem/paypub

Considering that I have almost 3000 merit and considering that it has become a norm in some communities to accuse anyone who talks any sense of being me, I would like to humbly suggest that the new post-legendary rank be called "gmaxwell".

Thread in which I discuss cock-blocking Wright/Ayre from taking hundreds of thousands maybe 5.8 million BSV:

https://www.reddit.com/r/bsv/comments/eek2do/nchain_now_offering_a_100000_bribe_to_anyone_who/

The non-stop sequence of micro-architectural side channels on intel-- plus a moderate number on other vendors makes me pretty skeptical of having private keys on anything that isn't physically isolated.

I don't think you understood my point.

The idea you imagine cannot work because the keys cannot be cracked even with the computing power of every computer on earth for the rest of his life. The attacker just wastes his own time constructing and posting the 'hidden list'.

Instead, if the attacker pretends his motivation is cracking some hidden list, some people might participate (because why would they care if someone elses coins are stolen, so long as they get paid)--- and then he can give them malware either in the original software or in some later 'speedup'. *That* is a good reason well worth the attacker's time.

It works even better if someone shows up warning about hidden lists: that gives a cover motivation for the attacker which isn't a danger to the participants. Just like people who were suggesting pirate40 was really laundering drug money ultimately ended up encouraging people to pay into his ponzi scheme, before they heard the laundering claim they thought it was a scam (which it was).

Maybe your thought is right and the poster is just exceptionally stupid and does not realize that no key will ever be cracked this way. ... but it is safer to assume the poster is not stupid and has a motivation which actually makes sense like malware especially because we have several times seen users post 'key crackers' that were malware in the past.

I'm enjoying the irony of the p2sh address in this guy's signature.

That's been the default for a long time.


I strongly recommend using a firewall node:   Basically you run two bitcoin nodes instead of one.

An exterior one which talks to the outside world (probably no inbound connections, only only with a mixture of random connections and some addnodes),  and an inside node which your service runs against. The inside node connects only to the firewall node.

This protects your sensitive internal systems from some possible vulnerabilities in the node software. It also increases your flexibility in dealing with upgrades. E.g. if there is a softfork in bitcoin you can upgrade just the firewall node ... and reduce the risk of disrupting your operations by upgrading the inside node on a relaxed time frame.

If you're accepting low confirm count transactions from potentially untrustworthy users you will need to invest in network stability monitoring. You should know automatically if there are chain forks. You should also have redundant and diverse internet connectivity to make your bitcoin nodes hard to partition.

Seriously consider using encryption so that the system can't come up in a vulnerable state if power-cycled without intervention from your staff.  This might result in downtime if there is an unplanned reboot, but that's better than getting compromised.  Many methods of compromise result in a reboot-- e.g. social engineering data center remote hands into changing the root password on a host.  Several big users have been saved by having an encrypted wallet without the decryption key stored on the host (so they had to log in to unlock the wallet).

Datacenter facilities are often unprepared to handle the security requirement of cryptocurrency are are often shockingly easy to social engineer into tampering with hosts.  I know many parties that keep all their interactions with hosts under alternative names so that an attacker impersonating you doesn't know what names to use.

Obviously make sure you have good online AND offline backups and that your backups don't compromise your security.

Since you mention altcoins you should be aware that in the past some altcoins have been outright trojans and many are not maintained anywhere near as well as Bitcoin and have had serious vulnerabilities.  You should consider the possibility that someone hacks into one of your nodes and take measures to limit their ability to escalate their access to other parts of your system.   If FooCoinD ships a backdoor and everyone's FooCoins are stolen everywhere people might not hold that too harshly against you.  If the Bitcoin's you're holding due are also lost due to that attack it may look a lot less good for you.

"RPC allow from: Specific IP"  -- if you're running RPC to separate hosts you should setup an encrypted tunnel, unless the connection is otherwise via a physically isolated and secure network.

As far as other security stuff goes... standard host security applies though most advice isn't really made for targets as vulnerable as cryptocurrency users. I'm a fan of remote syslogging onto a system with no remote access (or extremely limited remote access).  Disable password authentication, ideally use ssh keys + U2F.

For bitcoincore.org we don't just use sshkey+u2f but we require two different U2Fs so that anyone that logs in has to get another user to help them log in.

Automate everything you can to minimize the number of people and frequency of manual interventions on your highly secure hosts. Don't give staff access that you don't need them to have just because you like them or they're important to the company.

Assume your staff's hosts will get compromised (this is something U2F helps a lot with).  It's worth time to setup tripwires-- logging that gets triggered (and sent out as alerts) when various commands get run that legit users would virtually never run but hackers might, selinux is very good at doing this. Make sure you don't flood yourself with false positives for any alarms you put in, however.

Consider pre-authoring sweep transactions that much each of your hot-wallet outputs over some nominal value to some secure cold wallet address(es), then don't broadcast these transactions but store them someplace you can easily get to in the event of a compromise. I've seen some hacked services struggle with tension between locking the hackers out of their systems and keeping their own access in order to move funds somewhere safer. It would be a lot better if you could just have a trip wire cause a fast shutdown of your wallet hosts, while separate systems could start sweeping funds out of harms way.

Consider having a canary wallet: e.g. a wallet.dat you put in a very visible location on every one of your supposedly secure systems, which contains enough funds to be worth stealing... which you monitor for theft. Hopefully a hacker that makes it onto your systems will find that first, rather than the really valuable stuff and can't resist stealing it and alerting you to their presence.

Keeping hackers out is obviously the highest goal but detecting, understanding, and mitigating compromise fast should be a close second.

And finally: forum comments aren't a replacement for competent professional security advice.

Am I really the third longest tenured staff, behind Theymos and Hostfat?

This seems unlikely to me.

I sometimes merit old posts with the thought in mind that eventually airdropped merit will be eliminated or the rank requirements will be increased so that airdrops wouldn't be enough. less often now that spending a few months inactive caused my source to get hobbled.

One possibility would just be listing the grandfathered rank separately.  "Hero Member / Legacy Legendary".

Of course, my perspective on the relative ease of getting merit is no doubt highly atypical.

FWIW, Satoshi has received enough merit to rank legendary.

What you're describing works out algebraically but not logically.

I can, indeed, take some valuable key  P,  and some other key with a private key I know Q to it and get a new key R = P + Q where if you find a xG = R and tell me, then I can compute xG = P and steal P's coins.

I even offered a bounty based on doing this to challenge one of the first of these bullshit fake crackers.

The problem is that finding _any_ discrete log of an arbitrary point in the secp256k1 group is intractably difficult-- so this scheme doesn't have a pay-off even if you get a LOT of suckers grinding for you.

What does have a pay-off though is making people think you're doing that so they're willing to help out just for the 1BTC you've promised... and meanwhile you slip them some malware. Probably the best way scammers have found to rip people off is to pretend to be doing something illegal and highly profitable to get people to go along with their scheme-- e.g. how pirate40 spread rumors that he was laundering drug money.

We've seen key attacking tools posted to BCT which certainly had malware and were used to rob people. But it takes a ton of effort to go actually find a subtle backdoor, so when someone posts some tool that doesn't make logical sense it's usually a good guess that it's just a trojan horse.

I know it's implausible, but there are BCT users that believe this stuff.

It might be that some of them are just wright shills/socks. But they're there, I down rate them when they're obnoxious about it.

Here are some examples:

https://bitcointalk.org/index.php?action=profile;u=711260
https://bitcointalk.org/index.php?action=profile;u=8389
https://bitcointalk.org/index.php?topic=5132383.msg50625151#msg50625151
https://bitcointalk.org/index.php?topic=5149062.msg51296314#msg51296314
https://bitcointalk.org/index.php?topic=5147410.msg51224404#msg51224404
https://bitcointalk.org/index.php?topic=5145673.0

There are some more in my ratings history... and many more if you go look under some rocks around here.

You shouldn't live like that. Sit down with your wife and make a financial plan that determines under what conditions you'll sell what.  This is something that you can collaborate on and find a solution that makes both of you feel comfortable.  Having a clear plan is the best way to avoid making irrational emotion driven decisions in the future and plus you can get out from under having this stupid Bitcoin thing hanging over your head.

Your marriage is worth more to you than some cryptocurrency, so act like it.

A bunch of these sites are "brain wallet tools" (for brain wallet fools) and they hash the data being input into them. E.g. they compute  sha256(input)*G rather than input*G.  If it accepts anything other than a number then it's almost certainly hashing it.

Likewise for scammer-version, in spite of all their crowing about hundreds of megabyte blocks, constant spamming with weather data transactions, and bcashers crying about services that had to shut down because the cost of a bsv node was too great, their chain is a about 30% smaller than Bitcoin's.

This is almost certainly yet another set of malware links.