unless we manage to diversify between different digital signature algos; besides ECDSA, there is at least the old fashion RSA and the DSA.

it is not even that one could diversify his savings between different algos.
giving the scripting language that is already in the protocol, one could protect an unspent output using several different signing algos at the same time, one after another.
and it is very unlikely that all of them would get broken.

but this requires a hard fork and having in mind that the satoshi client has a mining monopoly these days, we won't introduce a new signing method without an active support from the dev team.

Thanks, @wtogami - well done!

This solution has flaws, but is better than nothing.

The concerns about a possible weaknesses in ECDSA are serious and not addressing them ASAP is irresponsible, to say the least.

Right. Bring more nazi symbols, to prove that pirateat40 was a scammer and a pure criminal, while US gov had completely nothing to do with stealing your money.

Still, according to my definition to be a scammer one needs to have an intent to scam - and IMHO pirateat40 had no such intent. He was just an idiot and a total tool.

well, laught as much as you want, but try to buy bitcoins to repay your lenders, having the collateral funds frozen, mr smart ass
and who froze the collateral funds? your nazi government - who else?

I am telling you: he does not have that stash.
All he might have are his personal coins, maybe a few tens of thousands, which today should be enough for a preposterous life.

But the stash itself was hold by his customers - and he was holding the customers' dollars, as a collateral.
The idea seemed safe, but when it came to then point the customers did not give him back the coins, and pulled the strings making the dollar funds frozen, making him unable to exchange the collateral into bitcoins. And let me remind you that it was with your applause guys, since you were all so happy that SEC froze his bank account.

It was somebody's brilliant plan to purchase hundreds of thousands of coins, without moving the price.
Buying tons of bitcoins with a huge discount by pretending borrowing them with a huge interest.
And I doubt that the somebody was the pirate himself - it had to be someone with good connections in US authorities.
So IMHO the party most responsible for stealing your money is the US government itself - just like in the case of MtGox and Btc24 frozen funds.

OK, just let me help them a bit, so they would not need to wast their time digging through your bullshit.

People, I suggest you to see this post, that should give you a clue about the relations between Goat and Nefario:
https://bitcointalk.org/index.php?topic=82573.msg1143404#msg1143404

And here is the final chart showing the volume of Goat's PPT bonds in circulation at GLBSE (that's the same bonds about which Nefraio said that "The Goat has done nothing wrong", denying the fact that Goat was letting new bonds on the the market, while not being able to deposit the relevant amount at the pirate's bank anymore).



Also here:
https://bitcointalk.org/index.php?topic=82573.msg1161899#msg1161899
https://bitcointalk.org/index.php?topic=82573.msg1173216#msg1173216

Technically I only connect Nefario to your scam, and your scam to this...

It is still in that threat.
https://bitcointalk.org/index.php?topic=82573.msg1126157#msg1126157

Anyone can go and see how you were selling more and more PPT bonds, while it was already clear that pirate would not accept any more deposits.
And I also know for a fact that Nefario was your lying bitch, since (unlike you) I do not need to write down a 5 digit number to remember it the next day.

BTW, I remember very clearly how you did not like my comments back then - so much that you went to theymos asking him to remove my posts from your topic.
Which he did... which was weird for me... until I found out that our great admin had a secret share in GLBSE.
But at least he had a dignity to put my comments back, into a different thread - so he wasn't as much of a crook as the two of you, but just a secret investor with a conflict of interest

And for me the only black and white case is that you Goat are a mean and cheeky crook, who was selling counterfeited bonds, profiting on the collapse of the pirate's business.
While Nefario was helping you with it.

Right.
Then you probably work for the authorities

How was he supposed to give back the money if you froze his funds?

If he was a criminal shouldn't he be in a jail?

Obviously they have nothing on him - just like they have nothing on MtGox, but the US authorities still froze 5mln USD on their account and do not want to give it back.

Btc24 - the Polish authorities froze 1mln EUR on their bank account and also do not want to give it back.

If you are saying that pirateat40 was a criminal, then by the same logic, you should be saying that MtGox and Btc24 are criminals, because they also got their funds frozen by authorities.
MtGox had enough money to compensate their customers, but bct24 customers are still suffering - it's not much different than the pirate's case.

I don't think you guys understand what has actually happened here.

Today it is pretty clear what pirate's business was about. IMO, it was not a ponzi scheme.
He was borrowing coins and lending them to other people, though keeping their USD as a collateral - probably with ~10%/week interests, maybe more.
The idea was that in case if they would not return him then coins, he would just buy them on the maker, using the dollars.
What has happened though is that at the very moment when he was trying to do so, his customers informed SEC and SEC has blocked the funds on his bank account - thus he was not able to buy back the coins and return them. And considering the price raise, he never will anymore, even if they will eventually release his funds.

You need to understand that this was probably someone's insidious plan to acquire hundreds of thousands of bitcoins, without moving the market, at a discounted price, and pirateat40 was probably just an unconscious sucker.

Which does not mean that he has not made lots of money on this, assuring people that his business model was safe, while in fact it wasn't - the pirate was just too stupid to see it.

So most important question we should be asking here is: who were his customers - who got the coins?
For me, whoever they were, it seems that like they had some good inside in either US gov of financial institutions (likely both).
It's a shame though that the sucker does not want to blow a whistle, since this is the least he could have done after doing this to people who had trusted him.

It's an admirable stand, but we are talking about wallet-less node here and something that only a small percentage of the net would use anyway.

I don't see a potential for a big damage - the worst thing that can happen is a chain fork, that would only speed up the process of maturing your fine lib.

If someone wants to secure receiving millions of dollars, I'd rather advise him to use more than one node while making sure that he received the money - a totally different ones, using not only different ECDSA libs, but basically different everything. And run them on different PCs..

Personally, I would rather advise you to replace it with the code made by sipa, so you would not need to worry about NSA backdoors

Yeah. Part of the C++ library, which I need like an hour to build.


I thought someone once said here that the payment protocol does not add any more external libs.
Well, I guess he was wrong again...

With this code, just getting rid of boost seems quite impossible.

LevelDB - one would need to create a new db engine, from scratch, wanting to get rid of this one.
But LevelDB is an internal code already, so I guess it could stay. It's a fairly simple one and easy to audit.

As for OpenSSL - I guess you could embed the hashing functions into the code and use the ecdsa functions made by sipa.

The rest (berkeley, upnp, zlip, png & qr) should be much easier to remove.

EDIT:
Oh, wait... WTF is protobuf?
You guys are not giving up adding more crap in, are you?

Exactly.
The alleged DPRs wallet was finally decrypted by FBI, just a day or two after these "conspiracy theories" started to leak out, thus "proving" that they are all bullshit.
What a coincidence.

Yes.

What can be an other reason for a node that keeps connecting to you and after connected is only listening for invs, though never asking for any data?
The only reason that comes to my mind is that it tries to collect IP addresses where new invs originate from. Might also be for new blocks - not necessarily only for transactions.

And that I call a spying node, though you can call it whatever you like. A curious node, for instance

but from I understand, it will only be controlled by a command line switch.
all the crap, plus tones of a new crap, will be still linked with the node, won't it?

so that is definitely not what I meant by "wallet-less reference node, with minimal external dependencies".
command line switches disabling functionality do not make a code easier to audit, nor less open for a potential exploits.

and BTW man, thanks for being one of a few out there who at least try to do it the right way
https://github.com/bitcoin/bitcoin/pull/2901

And I mean that these nodes seem to be there to not do any DoS attacks, but rather to collect information, so changing the subVer won't change a bit in the matter.

And BTW these spying nodes have been there for at least a month and I even have this issue addressed deep on my todo list.