I want to rent out a dedicated GPU miner for a potentially long-term to use to recover forgotten passwords.

You will need to do a clean install of Ubuntu Desktop and install drivers and have it working with cgminer and oclhashcat. I will need SSH access to the machine.

The GPU's must run stable and cool. They should not be overclocked or overvolted. The system should also have good uptime.

I will also need 100GB diskspace, minimum 2GB ram and a relatively fast processor.

I will pay more than what altcoin mining pays.

I'd like to start out by renting a rig with 1 or 2 cards. If you are interested please shoot me a pm and we can discuss it more.

I want to rent out a dedicated GPU miner for a potentially long-term to use to recover forgotten passwords.

You will need to do a clean install of Ubuntu Desktop and install drivers and have it working with cgminer and oclhashcat. I will need SSH access to the machine.

The GPU's must run stable and cool. They should not be overclocked or overvolted. The system should also have good uptime.

I will also need 100GB diskspace, minimum 2GB ram and a relatively fast processor.

I will pay more than what altcoin mining pays.

I'd like to start out by renting a rig with 1 or 2 cards. If you are interested please shoot me a pm and we can discuss it more.

You're mistaken. After OpenSSL decrypts data it recieves from the client it temporarily stores it in RAM. You can use heartbleed to get the POST data or part of it when a user logs in if you can time it right. The POST data of course contains the password in plaintext, the hashing is done server-side.

It is difficult to time it right but it does work. However it is incredibly easy to steal session id's using heartbleed as the session id is sent every time a user views a page. An attacker can then use that session id to login as the user.

I'm not entirely sure about this, but "the word on the street is" the forum was using an older version of OpenSSL which did not have the heartbeat extension so we were not vulnerable.

The SSL certificate has not been updated either, which would also point to this being the case as theymos would have certainly replaced it should the forum been vulnerable to heartbleed.

Also, just to correct your post, while LastPass was vulnerable to heartbleed the attack was useless as all LastPass data is client-side encrypted, meaning an attacker still could not read your data.

I've been working for the past few days on a patch for SMF 1.1.19 to add 2 factor authentication (whenever I have free time).  I plan to add it to both the login and password recovery (this will be configurable per user) and plan to support Google Authenticator and signed PGP messages.

I don't have a lot of free time to work on it but I hope to have something to send to Theymos soon so I can claim that bounty.

No. The exchange is not "banned". It's still allowed to run and I'm sure they may try some loop-holes to get around this. For example, the chinese government have said nothing about depositing to the exchange via cash so that may be an option for them.

Admittedly my personal opinion is that this is a first step by the Chinese government towards dealing with the problems Bitcoin causes for their oppressive of currency controls, how exactly they are going to do that we don't know, but as of right now the Chinese government have shown no intention at all to "ban" or "shutdown" the Bitcoin exchanges.

The rumors are that the Chinese government are going to shutdown the exchange. According to Lee this isn't whats happening, its that they are preventing people from depositing fiat to the exchange from a chinese bank account. The exchange is still allowed to run. Withdrawals to chinese bank accounts are still allowed and deposits and withdrawals in BTC are still allowed. You can still buy and sell Bitcoin, but you cant deposit money from your chinese bank account.

In what way are the staff do you think the staff are involved?

Usually the best way to fix issues like this is to suggest solutions instead of just throwing around accusations. It seems like lots of people here enjoy pointing out what they think are problems with this forum but don't offer any viable solutions that would fix them.

If people think moderators are deleting scam accusations, then why don't we have more accountability for the actions of moderators?
Perhaps a log of mod actions be visible and posts/threads that are deleted be accessible via this log for a brief amount of time after they are deleted. Then you can easily see what exactly the mods are up to and instead of thinking they are deleting scam accusations you will be able to quite easily prove it.

A useful tip: the website bitcointa.lk regularly crawls bitcointalk.org and has an archive of deleted posts so you can use this to see the posts people delete, including moderators. If they are indeed aiding scammers by deleting scam accusations they are doing a bad job as the scam accusations subforum is very lightly moderated.

Another common accusation is that Theymos is aiding scammers by allowing them to purchase advertising. How do you think he should solve this problem?
Should he ask all advertisers for Photo ID?
Should he then submit all ID scans to Law Enforcement? if not what happens if he is compelled by law to hand them over?
Should he hire private investigators to background check each and every potential advertiser?
Should he personally decide which ads he wants to display, and then be accused by people of censorship or being biased for or against certain advertisers?

You also touched on the staff being anonymous, I don't think thats the case. It seems to me that the moderators are not required to prove their identity nor are they required to publicly post it. They may or may not be anonymous and it is certainly possible to find out who a number of them are. I'm unaware of any forums that require volunteer moderators to prove their real identity or have it publicly accessible. I can't see why people have issue with this because knowing who they are doesn't change anything, they could still be "deeply involved with scams". Many scammers in the Bitcoin community are known yet remain unpunished. Many mexican drug lords are not only known but internationally famous yet still remain free. Knowing someones identity does not make that person more trustworthy.

I would also like to point out, if the moderators are deeply involved in scams then why aren't they deleting the hundreds of posts such as yours that accuse them of it? I find it quite strange you accuse the staff of these things yet they allow you to post it. Try accusing the mods of any other 100,000+ member internet forum of aiding scammers, I can almost guarantee you that the post will be deleted and you will likely be banned.

Well, you of course need to have the private key in order to sign the transaction. I'm not familiar with the blockchain API (I must check it out) but if they don't store the private key, then you must have to store it. If you are signing the transactions on your machine and pushing the signed transactions through the API then there is very little risk, but if you are actually transmitting the private keys to them and letting them do the signing then that poses all sorts of risks such as man-in-the-middle attacks or blockchain directly being hacked.

Other problems with API's are of course if the API goes offline so does your service - in fact there was an outage over at Blockchain just a few days ago. Or if Blockchain were to get hacked an attacker could feed you with fake data which could cause you losses, for example, if you are using the Blockchain API to find out when a deposit happens it could tell you a payment to you occurred when it did not. It's generally a good idea to avoid relying on third parties when it is unnecessary.

Take a look at Armory. It is an entire hot/cold wallet system and should cater to most needs.

Well if you are indeed mining at 720Mhash then it is highly unlikely that only your CPU is doing the mining as most CPU's can only mine at around 2-3Mhash.

Here is the basic idea of a hot/cold wallet system:

Cold wallet:
The cold storage is done on an air-gapped machine, that is a computer that is not connected to any network. The private keys can be stored on this machine or on a paper wallet etc. The transactions are signed on this machine, the signed transaction is then moved to an internet connected machine where it is then broadcast to the network.

Hot wallet:
Hot wallet is usually kept on an internet connected machine. A small amount of BTC is kept on this machine, enough for day-to-day use. When it gets low it is topped up from the cold wallet.

I would not recommend using 3rd party API's to manage your hot wallet as it carries extra unnecessary risk. If coinbase were to get hacked you'd lose your BTC. If your machine is compromised oauth or 2FA won't protect you so it provides no extra security.

Those API's are only useful if for some reason you are unable to run a client or maintaining one is unnecessary for your use.

I recommend you take a look at the Armory Bitcoin client - https://bitcointalk.org/index.php?board=97.0

This isn't the Bitcoin development teams fault. This is canonicals as they manage the repository. OP is installing from the main repository and not the third-party managed PPA which has a newer version.

Different distro's have different processes when it comes to updating packages in repositories but most have extensive an testing process before including it, which is why the Ubuntu version is outdated - they haven't got around to testing the newer versions yet. Most of the packages in the Ubuntu repository are outdated intentionally. New features in newer versions may have bugs so they wait a while for it to mature before including it and normally only update when its necessary (security vulnerability is found etc).

These are the most common reasons:

Your fee is too low to be included by a miner or too low to be relayed by nodes.

Your client is not properly connected to the network when broadcasting the transaction.

An input your are spending is unconfirmed and will never confirm.

The transaction is too small (less than 5430 satoshi's)

Good point. I added to my post.

If syncing your Bitcoin client is taking too long for your liking you may be better off using a Bitcoin client that uses the SPV protocol. These clients do not require you to maintain a full copy of the blockchain - they sync almost immediately.

Have a look here:
https://bitcointalk.org/index.php?board=37.0

Two popular SPV clients are Electrum and Multibit.

One thing to note with SPV clients is that you need to trust the nodes your client is connecting to more than with Bitcoin Core. Its possible for nodes to "hold back" transactions and not tell you about them. They cannot fake transactions, only not tell you about them. The newer versions of Electrum connect to more than 1 node which mitigates this risk as all of the nodes would have to "hold back" the same transaction as well.

You need to install a newer version of glibc. Unfortunately the newer version is not included in the wheezy repository yet.

There are a couple of ways of doing this but the easiest is to temporarily add the sid repository, install the newer version of glibc (which is in the sid repository) and then remove the sid repository so that you don't accidentally update your system to sid.

Run the following as root:


And then immediately after remove the line "deb http://ftp.debian.org/debian sid main" from /etc/apt/sources.list and run apt-get update again.