[Using Bitcoin securely and effectively is so complicated even the Loonix geeks are getting pwned.]

Notice a common thread with all the negative press lately? It's all about the lack of security and confidence.

Using Bitcoin securely and effectively is so complicated even the Loonix geeks are getting pwned.

If a piece of software is too complicated to use correctly that is a failure in the design and/or implementation and should not be considered the fault of the user. It's easy to pass the blame but this won't improve our situation one iota.

There is a whole domain of software and security engineering associated with this subject "Usable Security" that has its roots all the way back in "Why Johnny Can't Encrypt". How many of you use PGP encryption? Show of hands? (See, they still don't have it right: http://scholar.google.com/scholar?q=why+johnny+can't+encrypt&oi=scholart)

Next month is a great conference on this topic: "Symposium On Usable Privacy and Security (SOUPS)" http://cups.cs.cmu.edu/soups/2011/

I'd donate some coins to fund developer attendance at SOUPS. Too late for the early-bird discount, but worthwhile at any price.

I posted this in the bitcoin forum and not the technical / developer forum because they don't seem to care. Maybe if enough of us impressed upon the bitcoin developers the dire and immediate importance of usable security in Bitcoin we could focus improvements along this angle instead of all that pie sky B.S. scattered over github like tornado detritus.

Here's to hoping...

The faucet is kinda boring and I've got some coin to dispense.

So, what would you do for a bitcoin? This thread will be open for 1 hour and I'll pick five winners.

[Stop reading now and rest assured in the knowledge that Bitcoin is safe for the rest of this decade if not century with regards to SHA256.]

If you're reading this, you may be concerned or interested or exasperated over rumors of SHA256 weakness and in turn the implications for Bitcoin.

Stop reading now and rest assured in the knowledge that Bitcoin is safe for the rest of this decade if not century with regards to SHA256.

In fact, Bitcoin is probably safe beyond this century for reasons I will explain in more detail. First, let us discuss potential attacks against cryptographic digests (hash functions) in order of difficulty:

1. Collisions with less effort than expected on reduced round variants of a digest.
2. Collisions with less effort than expected on the full digest.
3. First-order preimage attacks against reduced round variants of a digest.
4. First-order preimage attacks against full digest.
5. Second-order preimage attacks against reduced round variants of a digest.
6. Second-order preimage attacks against full digest.
7. Practical attacks applied to full digest in the wild.

Yes, that's right. Bitcoin is safe until all of pins 1-6 have been tackled, and even then the costs are likely to make such efforts against Bitcoin impractical.

Even MD5 and SHA-1 are only vulnerable to #'s 1 and 2.

Find this subject interesting? You might like "The code monkey's guide to cryptographic hashes for content-based addressing" which is relevant to Bitcoin: http://valerieaurora.org/monkey.html

Now we can all go back to the illuminati and hacker threads.  Thanks!

[Please protect your users and temporarily lock-down these accounts until a password reset has been performed!]

Here is a reduced set of the leak containing username and email. Anyone running bitcoin related sites where logins may have been re-used: Please protect your users and temporarily lock-down these accounts until a password reset has been performed!

http://76.74.251.235:27582/mtgox-accounts-name-email-only.csv

These users should know better than to re-use credentials, but many are not being smart. Limit damage if possible.

A series of studies, "Peacocks, Porsches and Thorstein Veblen: Conspicuous Consumption as a Sexual Signaling System," was published recently in the Journal of Personality and Social Psychology.

A peacock's tail is beautiful: magnificent plumage, iridescent colors. Alas, it is also wasteful. It takes a tremendous amount of energy to develop. Sound like bitcoins?

Sexual signalling really works -- just not necessarily as intended when a man buys the biggest TV or the flashiest car or has the fattest bitcoin wallet.dat.

Women, they found, respond to men who spend lavishly. In one of the studies, women viewed two biographies for a man -- each 32, with a master's degree, a good job and interests in bicycling, movies and music. The only difference -- one drove a Porsche ($58,000) and the other a Honda Civic ($15,655).

The women preferred the man with the Porsche as a date -- but not for marriage. They inferred from his flashy spending that he was interested in sex without commitment, the study concluded.

Through surveys of men under 30, the most sexually active age group, the researchers also concluded that about one-third are consistent peacocks. Another third switch back and forth depending on the situation. But they tend to be problem boyfriends.

Once a peacock always a peacock, he added -- since that same group tends to be the problem husbands.

"They are the guys who cheat on their wives," Griskevicius said.

The moral of this story: Don't marry a guy who has bitcoins!

Ref: http://www.startribune.com/lifestyle/relationship/123994144.html