I came across a video showing an interesting way of hiding your valuables, which can include seed phrases or hardware wallets. A fake bathroom tile with a drawer inside of the wall. The drawer is controlled remotely and pops out with the press of a button. You can then pull it out. The drawer is neatly concealed and hard to spot. At least that's how it looks in the video. Before you watch the video, try to guess which one is the fake tile on the wall? Can you spot it? Video Link
|
|
|
I heard about this No-KYC exchange yesterday, and since we don't have a discussion about it, I will briefly introduce it here. For the record, I am in no way associated with the service and I haven't used it. This is for informational purposes only. The exchange is called SpikeToSpike. It operates out of Georgia but they are most popular for their services rendered to the Brazilian market. It's a no-KYC custodial service that uses a Telegram bot to make crypto to fiat exchanges. The liquidity is provided by Spike liquidity providers, so you aren't looking for peers to trade with on your own. The swap process begins on the official website. After you enter the details for your swap, the service generates a unique link that takes you to Telegram where the exchange itself takes place. This is still in the early stages and SpikeToSpike is supposed to release a mobile app in the future. Supported CryptocurrenciesYou can only buy and sell bitcoin and tether. The service supports on-chain BTC, the Lightning Network, and Liquid. Supported Fiat Currencies- USD - GBP - EUR - BRL Supported Fiat Payment Methods- Wise - Revolut - Transferencia Bancaria (only Brazil) - Boleto Bancaria (only Brazil) - DePix (only Brazil) FeesThe fees are the first reason I don't recommend using SpikeToSpike at the moment. They are way too high in my opinion. - 5% for swaps above $1000 - 10% for swaps below $1000 You can get 20% off your trading fees by entering a referral code. I don't want to mention them here, but if you are interested, you can find one in the description of the YouTube video under sources. I have also found similar codes on Twitter. - There is no clear information on the minimum trade amounts, but the fees page mentions $/€/Ł/R$500. However, it seems you can start trading from $/€/Ł/$200. TermsThe terms of service are the second reason I don't recommend using SpikeToSpike in its current form and unless the following changes. - An exchange can take from 30 minutes to 72 hours depending on bank processing times, network congestion, the speed of the liquidity providers etc. - In case of disputes, users are encouraged to contact @SpikeHelper on Telegram to resolve the issues. This can take 7-30 days. Dishonest providers will be financially penalized. Users who report unfounded disputes will have to pay a penalty of 10% of the trade value. Here comes the worst part. The service has financial penalties based on your conduct before and during disputes. - 10% financial penalty for defamation on social media prior to trying to resolve the matter. - 20% financial penalty for defamation during the trade resolution period. - 100% financial penalty for (attempted) fraud and chargebacks. - 100% financial penalty for using funds from illegal origins (no further information what the service considers illegal). - 125% financial penalty for the liquidity provider if they act in bad faith during the exchange. - 125% financial penalty for the liquidity provider who doesn't send funds to the user after receiving payment and proof of it during the arbitration period.
Considering the above information, I wouldn't recommend using SpikeToSpike. There are better, faster, and cheaper alternatives. We can keep an eye on the project, maybe the service will improve in the future. They should add more fiat payment methods, not just Revolut and Wise. The fees of 5% or 10% are too high. They should also lower their minimum trading amounts if the information about $/€/Ł/R$500 is correct. I don't know of any other exchanges that issue financial penalties for defamation, but I can understand them to some degree. I completely disagree with the penalties for illegal sources of funds because there is no information about what they consider illegal. Besides, if they don't like it, they should just reject the swap and not confiscate the user's funds. Let's see if any of this will change in the future. Has anyone heard of or tried SpikeToSpike? Sourceshttps://spiketospike.com/https://www.youtube.com/watch?v=9hzcDvKyWYA
|
|
|
16 and 17 July is Amazon Prime day. Trezor offers offers several discounts for purchases over their Amazon shop. Here is what you can get: - Trezor One: $41.30 (30% discount). - Trezor Model T: $89.40 (50% discount). - Trezor Keep Metal (24-word seeds): $79.20 (20% discount). It's worth noting that the Trezor Model T is no longer being sold over the official Trezor shop. Trezor One is still available, but it might be dropped at one point in the future as well. * These discounts are only available for Amazon Prime members.
|
|
|
o_e_l_e_o left Bitcointalk in January 2024 after revealing that he had health problems. He will forever remain one of the most technically knowledgeable individuals to have ever posted on the forum.
o_e_l_e_o has written over 16.000 posts and collected over 18.000 merits. It's difficult to single out only a few of his posts due to the general quality, logic, and technical know-how he displayed all the time. I decided to try. And for that, I used merits as the factor to create a list of 100 of his most merited posts. You can see them in the tables below. I haven't included some posts that were off-topic and/or were posted in Politics & Society.
This is only a small part of the contributions o_e_l_e_o made to Bitcointalk.
Let me know if you notice any mistakes.
Local Rules:
1. Kruw isn't allowed to mention or promote anything related to his coordinator or his wallet(s) of choice. If he does, it will be reported and deleted. 2. Spam and off-topic posts will be deleted.
|
|
|
Saifedean Ammous is the famous author of The Bitcoin Standard, The Fiat Standard, and Principles of Economics. If you haven't, you can read more about him and purchase his books from the links on his website > https://saifedean.com/. But if you'd like a digital copy of one of his popular books, you can get it from here. Please verify the safety of anything you click or download yourself!This is not an illegal copy because Saifedean reposted a tweet with the link on his Twitter profile ( https://x.com/CarlBMenger/status/1803684730857996385), thereby giving his permission. You can download your copies by using the Mirror links on the right. Some of the books are in .pdf, others are in .epub format. For the epub files, you will need to use an e-book software like the open-source Calibre, Adobe Digital Editions, or anything else you prefer. If you like these books, support the author by buying physical copies. I own 2 of his 3 famous books, and I am planning to get the third one in the future. This is excellent reading material for anyone interested in Bitcoin, especially newbies and it's free. * Note: Don't post alternative and illegal download links to other sources where you can download these books. That's not the purpose of this thread. I will delete such posts.
|
|
|
I was initially going to create a thread focusing only on one feature and issue I was having with my Jade, but then I thought why not write a quick review about this hardware wallet. So, here it is… I bought the Blockstream Jade a few months ago from the official shop in the US and had it delivered to the EU. It’s not the most cost-effective way because there are shipping fees, import taxes, and customs fees (depending on the destination country I didn’t worry about that because I wanted to purchase it from the manufacturer directly and not a reseller. You might save some money buying it from a reseller in your country, especially if it’s a shop close to you that you can visit and not leave your personal details on a server somewhere. I made the purchase via bitcoin. The Blockstream store accepts crypto via BTCPayServer, which is nice. Box ContentsThis is the box content: • Jade hardware wallet • 1 USB cable • 1 Recovery sheet • 1 compact SeedQR templete for 12-word seeds • 1 compact SeedQR templete for 24-word seeds • A Get Started manual Blockstream could have done better here. You only get one recovery sheet. They could have thrown in at least two. The same goes for the SeedQR templetes. The SetupBefore I set up my device, I first downloaded the latest firmware. Blockstream gives you a few options here: You can install the firmware from the Blockstream Green software wallet, the web portal, or an advanced setup that requires cloning the repository and using a command line. I upgraded the firmware via the web portal. You can choose one of two firmware versions. One has Bluetooth enabled, and the other one comes with disabled Bluetooth capabilities. I went with the second option. Blockstream Jade has a Basic and Advanced setup. The Basic option requires the device to hold your seed, like a standard hardware wallet. You also generate a PIN code that you use with a blind oracle that functions as a virtual secure element. But my goal was to use Jade as a stateless signer, which requires an advanced setup. That’s where the SeedQR template comes in place. First, you have to generate a 12 or 24-word seed and back it up properly. I also added a long passphrase for extra security. Then, it’s time to create your SeedQR. For that, you will need a sharpie or a marker. You use it to place small dots on the provided template sheet. This process takes some time, and I was very careful with it since Blockstream only gives you one copy per 12/24-word seeds. When I was done, I double-checked everything and made sure I could recover my wallet. Exporting the Master Public KeyBecause Jade is an airgapped hardware wallet, it needs an internet-connected companion software app to create and broadcast transactions. There are multiple choices, but I went with Blue Wallet for Android and Sparrow Wallet for my desktop. Exporting the keys from Jade and importing them into Blue Wallet was quick and painless. There were no problems with the QR scanning. The same process on Sparrow Wallet was a huge pain in the ass. I don’t know if it’s a compatibility issue, if the camera on my business laptop sucks, or something else was going on, but it was far from pleasant. It took me several minutes to get the status bar to load to 100% when scanning the QR code. I was close to giving up when it finally worked. I tried adjusting the brightness levels on the Jade, but that didn’t help. There is no option to change the QR density in Jade. It was quite difficult to center the Jade in the middle of the scan surface that Sparrow Wallet provides and figure out the angle correctly. Does anyone else here have a Jade? Have you tried pairing it with Sparrow Wallet? If so, what’s your experience? Wallet RecoveryIn stateless mode, the Jade wipes itself clean every time you turn it off. The next time you turn it back on, you have to re-scan your SeedQR to be able to work with your wallet. Scanning the QR with the Jade works nicely, but you need to make sure there isn’t any shadow on the QR template because that can slow down the process. Because I used a rather complex passphrase, it takes a while to enter it with the Jade. The device has a navigation wheel at the top that you use to swipe between the characters and enter them one by one. You will need a few minutes to get there if you have to navigate between upper and lowercase characters, special-case characters, and letters. There is a way to make this process a bit easier for you. If you go into the Options of your Jade and select “BIP39 Passphrase”, you can change the method from “Manual” to “Wordlist.” With manual mode, you enter one character after the other. With “Wordlist,” you can only use words from the BIP39 wordlist. As soon as you enter the first few characters, Jade allows you to select possible word combinations to speed up the process. All words will be in lowercase characters with an automatic empty space between them, except the last word. Sending & Receiving TransactionsWhen your SeedQR is loaded into the Jade, you can verify that the receiving address in your companion app belongs to that seed. By scanning the addresses’ QR code, the Jade shows you if it’s part of your wallet. I like doing it for peace of mind. The sending to Jade is pretty self-explanatory. The process of sending from the Jade is the same as that of any airgapped hardware wallet. You create the transaction on the companion app, bring over the PSBT to the hardware device via QR code for signing, and bring back the signed transaction for broadcasting on the hot wallet. Sending from the Jade in connection with Blue Wallet was easy. I had no problems scanning the signed transaction to broadcast it on Blue Wallet. Again, it was Sparrow Wallet on my desktop that created problems, and I couldn’t scan the QR code at all this time. Overall ExperienceFor the price of this device, I am satisfied. I would prefer if I could use it in connection with Sparrow Wallet, but as I explained earlier, it’s not working correctly. It’s a good wallet. I already moved some bitcoin to it, and I am waiting for a good opportunity for another consolidation to move another stash.
|
|
|
Trezor has announced they are releasing a new product on 14 June. They are being secretive about what it is. It will be presented to the audience at BTC Prague. So far, they have said that the Trezor Safe Family will grow. They are also calling the release their " most advanced member yet." Could it be an accessory to the Trezor Safe 3? In that case, why refer to it as a new member?! They have posted a picture of the upcoming product on their website: https://content.trezor.io/new-products-2024Could it be a armband? Perhaps a stripe type of hardware wallet or accessory to the Trezor Safe 3. What are your thought?
|
|
|
My Trust In You is Broken is a new documentary that was released yesterday. It tells the story of BTCPay Server, its origins, and where they are now. Get to know Nicolas Dorier, the creator of BTCPay Server (who has an account on this forum), who explains his reasons for creating the service. You will also meet other enthusiasts who love the project and contribute to it in various ways. The documentary touched upon the block size war in 2017 and why BitPay needed to be replaced with something trustless, free, and better. It's an interesting watch for bitcoiners, and I recommend you take a look. I will end this with the words of Nicolas Dorier toward BitPay: " This is lies, my trust in you is broken, I will make you obsolete." You can watch the documentary here: MY TRUST IN YOU IS BROKEN | BTCPay Documentary
|
|
|
Jameson Lopp carried out an interesting test to check how different hardware wallets performed when signing multisig transactions of various complexities. Each hardware wallet has its own limitations, so the question is, which ones are the best for multisig transactions involving 10 and 100 inputs? First, here is a list of the hardware wallets he tested: - Blockstream Jade
- Cobo Vault
- Coinkite Coldcard Mk4
- Coinkite Coldcard Q
- Foundation Passport Founder’s Edition
- Keystone Pro
- Keystone 3 Pro
- Ledger Nano S
- Ledger Nano S Plus
- SeedSigner
- BitBox02
- Specter DIY
- Trezor Model One
- Trezor Model T
- Trezor Safe 3
* More information on firmware and software versions in the source. The tests were done using Sparrow Wallet 1.8.2 and Electrum 4.5.3 (Ledger only) on Ubuntu 22.04. Jameson created native segwit multisig wallets on the hardware devices he tested. He funded each wallet with 100 transactions to create 100 UTXOs. Everything was done on Testnet. Testing Results 2-of-3 multisig:The first test was for 2-of-3 multisig. He made two transactions: the first one spent 10 UTXOs, while the second one spent all 100 UTXOs. Here are the results: We can see that Seedsigner is the absolute winner, with the best results. Coldcard Mk4, Cobo Vault, and Keystone Pro also performed decently. Ledger Nano S and Ledger Nano S Plus performed the worst using the HW1 library, with the Nano S granddad requiring almost two hours to sign the 100-input transaction. The results were better using Electrum. The Passport Founder's Edition didn't have enough memory to complete the second test but did well for the first transaction. Jameson noted he used outdated firmware and will perform a second test with the newest version. 3-of-5 multisigThe second test was for a 3-of-5 multisig. Again, he made two transactions: one spending 10 UTXOs, while the second spent all 100 UTXOs. Here are the results: Seedsigner was again ahead of the pack, with Cobo Vault and Keystone Pro being the runners-up. Just like with the first test, Ledger Nano S and Nano S Plus had terrible results using the HW1 library. It's a different picture when using Electrum, but it's still not good enough. The Passport Founder's Edition again failed to sign the 100 inputs multisig transaction. Scaling performance test:The last test compares each device against each other. The aim is to show if the hardware wallet scales linearly. That means that the 100-input transaction should take 10 times as long as the 10-input transaction. If it scales poorly, it will take longer. If it scales well, it will take less time. Here are the results: The overall winners in this category are Bitbox 02, Keystone Pro, and Trezor Safe 3. The Ledger Nano S/Nano S Plus didn't perform bad on Electum, but their results using HWI are the worst of all tested models. The Passport Founder's Edition couldn't be assessed for the previously mentioned reasons. I recommend you read the rest of Jameson's report in his blog post. He discusses a major downside of the Seedsigner, despite the excellent performance during his tests. He also offers additional notes on Ledger's performance and the reasons for the bad results. Source: https://blog.casa.io/bitcoin-multisig-hardware-signing-performance-2024/
|
|
|
Trezor's X account was hacked late in the evening of 19 March. Whoever got access to it advertised the presale of a fake $TRZR token on the Solana blockchain. Users were asked to send SOL to an address posted in the tweet. Trezor has regained access to their account and confirmed the hack. They also said that they used a strong password and had 2FA activated on Twitter. Some speculate it was a SIM swap attack. According to ZachXBT, the hack wasn't successful compared to many others. The address received a little over $8,000 in SOL. Crypto companies that are responsible in part for safeguarding user's sensitive information need to up their own game.
|
|
|
We have heard of storing seeds on paper and metal and now there is a new method to do it on soda cans. The company BitCan has released its solution for a DIY Bitcoin Seed Storage. What's interesting here isn't the material used to store the seed but the type of encoding using glyphs. What you need to create your seed- A soda can
- A flat-head screwdriver
- A pen
- A piece of paper
- A printer to print out the template
BitCan has created a template that anyone can print, and it looks like this: After you print the template, you can translate your seed words into glyphs. You should already have a securely generated seed. Each word from the wordlist has its unique pattern, which you can see on the website. Here is an example: Setup Process- Using the table with the glyphs, draw your seed words on the printed template.
- Stick the filled-out template on a flattened soda can.
- Take a screwdriver and etch the glyphs into the can. Use a light hammer if necessary.
- Double-check if everything is correct, and find a place to store the metal backup.
Here are a few pictures of how it could look:
..................................... |
| | |
Decoding Instructions- BitCan recommends writing down all glyphs on a piece of paper. Better yet, use the provided template.
- Look at the bottom square of each glyph first to identify which starting letter the symbol belongs to.
- After that, identify the upper square to find the correct word.
- An alternative is using binary search to go through the word list.
Pros1. It's inconspicuous. You wouldn't know what it is even if you saw it somewhere. Even those familiar with seed phrases wouldn't know what they are looking at unless they know about this seed storage method. 2. It's cheap/free. It requires zero investment, assuming you own an aluminum can, a pen, a screwdriver, a piece of paper, and a printer. 3. Easy to hide because it's thin and small. 4. Can be hidden in plain sight. If you are interested in ancient civilizations and have items or artifacts in your home, you could hide the plate there and make it seem like they are symbols from ancient history. 5. It provides protection against water and moisture. 6. You can use the glyphs system to make seed backups on better-quality materials than aluminum soda cans! Cons 1. It won't protect you against heat from a house fire. 2. Aluminum is more prone to corrosion than other more durable metals. 3. The encoding and especially the decoding process is time-consuming. 4. The possibility of making a mistake is greater than when backing up common seed words. Source: https://bitcan.world/
|
|
|
I am looking for people who would occasionally be interested in accepting my BTC in exchange for USDT on the Tron network and DAI. No newbies and brand new accounts.
The sums vary depending on my needs. Post here if you are interested and send me a PM.
|
|
|
The question of whether Bitcoin was created by the NSA has popped up several times. Some believe that Satoshi was an NSA agent. We know that the secret documents Edward Snowden made public made interesting revelations. Among them are the backdoors the NSA inserted in Pseudorandom Number Generators. PRNGs can be intentionally weakened to allow backdoor access, enabling an entity with knowledge of the backdoors to predict the outputs of weak generators. Any system relying on such PRNGs would thus be insecure. The NSA has looked for ways to decrypt encrypted data to gain access to it. They managed to do that by compromising the Dual EC DRBG algorithm, which was thought to be secure. In a different example, the NSA reportedly paid $10 million to the encryption company RSA to use a weak encryption algorithm, which the NSA had a backdoor to. It was for a protocol that was certified in the US by the National Institute of Standards and Technology (NIST). We know from other sources that the NSA and the UK's GCHQ have the tools to decrypt emails, online banking accounts, etc. A US program paid tech companies millions to favor their weak RNGs and insert intentional weaknesses that the government can exploit. The agencies also cooperate with ISPs and telecommunication companies. The NSA has also exploited internet cable taps and tried to find ways to decrypt data from Google, Hotmail, Yahoo, Facebook, etc. Security agencies have ways to break the encryption of fiber-optic internet cables.
When Satoshi created Bitcoin, they could have used a certified method to achieve randomness. One of those that turned out later to be backdoored and weak. Instead, they used an uncertified method in ECDSA and secp256k1 for key generation. One might wonder if this was just a coincidence or a choice made by someone who knew about the backdoors in certified RNGs. Did Satoshi have insider knowledge about potentially vulnerable algorithms, or did they make their own conclusions that certified encryption wasn't safe based on their programming and cryptographic knowledge? Insecurities in certain certified systems were already found as early as 2007/2008. It could well be that Satoshi knew about this and had nothing to do with the NSA.
I don't think Bitcoin was created by the NSA or a similar agency. I also don't think Satoshi was an NSA operative in any form. I believe he thoroughly studied encryption algorithms and cryptography before choosing what key generation method to adopt for Bitcoin. But it’s an interesting idea. What do you think? Was Satoshi in the NSA or just a knowledgeable programmer who appeared at the right time? Sources and further reading: https://www.reddit.com/r/Bitcoin/comments/1alb982/saw_this_video_was_wondering_what_you_guys_think/https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.htmlhttps://www.theverge.com/2013/12/20/5231006/nsa-paid-10-million-for-a-back-door-into-rsa-encryption-according-tohttps://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
|
|
|
Šta je /][banned mixer] projekat?Mi smo prva platforma koja svakome omogućuje pokretanje vlastitog biznisa i da profitira od usluga anonimizacije kripta. Možete postati i partner i investitor. Jambler ne posluje direktno s klijentima. Ovaj pristup je vrlo sličan referral programima i izbjegava sukobe interesa između platforme i partnera. Naš algoritam naravno podrazumjeva prodaju čistog bitcoina sa mjenjačnica kriptovaluta partnerima koji koriste našu platformu. Jednom riječju, Jambler kupuje ouput transakcije sa mjenačnica kriptovaluta i/ili od rudara, provjerava njihov kvalitet i preprodaje ih partnerima koji potom komuniciraju s krajnjim klijentima. Svrha našeg poslovanja je omogučiti sigurnost vlasnicima kriptovaluta i sigurnost njihove štednje. Mogu li vam povjeriti svoj novac?Svi [banned mixer] korisnici, partneri, prodavači (investitori) i krajnji korisnici zaštićeni su od slučajnih i namjernih grešaka. Sve dolazne transakcije se potvrđuju jamstvenim pismima potpisanim PGP-om. Da biste provjerili jamstveno pismo, instalirajte PGP softver (na primjer, PGP4Win), importujte /pgp-key.txt]javni ključ [banned mixer] sa web stranice u instalirani softver i potvrdite digitalni potpis. Kako mogu pokrenuti vlastiti posao? Vrlo je jednostavno! Ne morate vi koristiti algoritme miksera ili tražiti finansije da biste došli do sredstava, mi smo to učinili za vas. - Registrujte se na [banned mixer] web stranici kao partner, navedite BTC adresu za primanje profita i proviziju za miksanje, konfigurirajte automatsko povlačenje sredstava i unesite naziv svog projekta. Platforma će generirati BTC adrese, izdavati jamstvena pisma u vaše ime, kontrolisati novčane tokove i slati vama vašu dobit.
- Uradite dizajn web stranice svog miksera ili koristite jedan od šablona koji smo pripremili za vas. Na svom ličnom nalogu možete pronaći HTML šablone za Tor i Clearnet verziju miksera i PHP gateway za povezivanje s našim sustavom. Preuzmite to i uploadujte na svoj hosting.
- Vaš mikser je spreman za rad, sve što treba da uredite je da privučete klijente. Od svake transakcije ostvarivat ćete prihod od kamata. Dobivat ćete obavještenja od platforme putem Jabber ili Telegrama o novim zahtjevima i izvršenju transakcija putem vašeg miksera.
Zašto mi se isplati koristiti [banned mixer] za investiranje?Prvo, imamo stalnu potražnju za transakcijama sa mjenačnica za koje smo spremni platiti bounty nagradu. [banned mixer] stalno kupuje output transakcije sa Bitcoin mjenačnica i za to plaća bonus od 1%. Prosječno vrijeme povrata investicije je 12 sati. Dalje, naš poslovni model je transparentan. Jasno pokazuje od kojih sredstava [banned mixer] isplačuje provizije prodavačima/investitorima. Kako bi se uklonili rizici od prijema kriptovaluta sumnjivog porijekla, sav Bitcoin od investitora se provjerava sustavom bodovanja, uključujući korištenje blockchain analysis kompanija. Transakcije koje su prošle provjeru, ulaze u sustav a transakcije koje ne prođu provjeru, vraćaju se klijentima na istu adresu. Ova faza omogućuje zaustavljanje pokušaja nepoštenih investitora da iskoriste svoju investiciju kao mikser kako bi očistili svoj novac i istovremeno ostvarili profit. [banned mixer] ne koristi kriptovalute koje nisu prošle sigurnosnu provjeru. To je neophodna sigurnosna mjera. Koje mjenačnice podržavate?Poloniex, Binance, Korbit, Bitfinex, Bitstamp, Pbit, GDAX, Okcoin, Kraken, Gemini, BTCC, CEX.IO, itBit, Simex, Lakebtc, Exmo, Bitbay i Livecoin. Spremni smo vam biti na usluzi 24 sata dnevno tokom cijelog perioda naše suradnje. Naš moto je anonimnost, brzina i pouzdanost. Cijenimo svoj ugled i vaše povjerenje. Kontaktirajte nas i provjerite najnovije informacije. Napravite svoj profitabilni Bitcoin mikser i počnite pisati svoju vlastitu priču o uspjesima s /][banned mixer]Email: support@[banned mixer] [banned mixer] PGP fingerprint: B8A5 CFCA F63F F2D8 384A 6B12 D3B2 8095 6F0E 7CAF
|
|
|
I just came across this article, and it seems it hasn't been discussed here. The Biden Administration Wants To Create A Registry Of Bitcoin MinersMy first thought: What could possibly go wrong with a war-hungry and war-supporting government, which is in great debt to have an updated list of all Bitcoin mining operations on its soil? It could perhaps come in handy if a war on Bitcoin is declared or new revenue sources need to be found to finance the pursuit of freedom and democracy.
Let's get to it. the Biden Administration announced an emergency data collection initiative targeted at bitcoin mining operations in the US via the US Energy Information Administration, an "independent" sub-agency of the Department of Energy. It seems that the Biden Administration is identifying the electricity usage of the bitcoin mining industry as an emergency that is threatening grid stability throughout the US, as is evidenced by the name of the survey; "Proposed Emergency Survey - Cryptocurrency Mining Facilities." Here are a few interesting points from the article: - They require that all mining facilities respond and fill out the survey as it's required by law. - The companies need to submit their addresses and points of contact. - The companies must state if they are mining Proof-of-Stake or Proof-of-Work coins. We all know this is bullshit, as Bitcoin is the target here. - The companies need to state how many facilities they have in the US and provide precise coordinates. - Mining companies must state the number of miners, their models, and the number of produced hashrate. - EIA also requires information about how much electricity is being consumed. - They need to name their electricity service providers. Source: https://tftc.io/eia-bitcoin-mining-survey/Official survey announcement: https://www.eia.gov/pressroom/releases/press550.php?ref=tftc.io
|
|
|
Trezor has just informed the public that there was a security incident on 17 January 2024 that affected their third-party support ticketing portal. Someone gained access to the platform and certain sensitive data. Here is what is known so far: - The hack DID NOT compromise the hardware wallets or seeds of users in any way. - Trezor was not hacked. A third-party service they use was compromised. - The hack affected users who may have been in contact with Trezor customer support since December 2021. - It's believed that up to 66,000 users may have been affected. - The leaked data involves email addresses and names/usernames used. - The hacker already contacted 41 users and requested they email him their seeds to "check the firmware version on their device." Trezor has already started contacting the 66,000 users they believe may have been affected. If you are among those, expect an email from noreply@trezor.io today or tomorrow. Here is an example of the phishing email that customers received from the hacker: What now? Nothing changes. Never enter your seed or send it to anyone, no matter who asks. Think before you do anything that might compromise you and your funds. You can read a detailed report on the security incident on the Trezor blog: https://blog.trezor.io/trezor-security-update-stay-vigilant-against-potential-phishing-attack-bb05015a21f8
|
|
|
A group of researchers carried out a test to investigate the randomness of fair coin flips. They collected 350,757 coin flips, recorded the results, and concluded that when a person tosses a coin in the air, it has about a 51% probability of landing on the same side it started. This same-side bias varies and is different from person to person. Some have almost none or very little bias, while others display a more significant bias. The researchers believe the bias comes from the rotations and wobbliness of the coin, which causes it to land on the same side more often than not. They posted this data in support of their hypothesis: Pr(same side) = 0.508, 95% credible interval (CI) [0.506, 0.509], BF same-side bias = 2364 Their research also confirmed that the coin is equally likely to land on both heads and tails if those were the starting positions (the side that was up). They didn't record a bias that one side is more likely to end on the same side than the other. Pr(heads) = 0.500, 95% CI [0.498, 0.502], BF heads-tails bias = 0.183 They carried out the test with 48 people who used 46 different coins and denominations. The total number of coin flips was 350,757. The results show 178,078 landings on the same side. The researchers did mention a concern they had. The people who participated in the test were aware of the main hypothesis they were testing. With that in mind, manipulations or attempts to manipulate the results to either prove or disapprove the theory are possible. The source also mentions the scope of this same-side bias in a betting scenario. If you bet $1 on the result of a coin toss to get $2 if you predict correctly or lose the $1 if you predict wrong, you would earn an average of $19 after 1000 coin flips. But knowing the starting position of the coin is essential. Could these findings lower the security of seeds generated from coin tosses, considering that the starting positions of the coins aren't known to a third party? I remember that o_e_l_e_o recommended using von Neumann's unbiased coin flipping algorithm in a similar discussion from a few weeks ago. One more reason to use this algorithm if coin tossing is your system of generating seeds. Sources used: https://arxiv.org/pdf/2310.04153.pdfhttps://arxiv.org/abs/2310.04153
|
|
|
We had thousands of broken image links after Imgur stopped working on the forum. Many users have replaced their old links and migrated to other services, like TalkImg. But there are still many images to fix. I didn't do anything with my old Imgur images until two days ago when I decided to try TryNinja's Imgur to TalkImg script. Everything has been corrected now. Because it's so easy to use and fully automated, I figured I should create this thread that we can use to tag active Bitcointalk members we find who still have broken Imgur images in their posts. It will help to clean up the forum and make it look better. Most users use a notifications bot nowadays, so a simple @username should do the trick and make them aware of this topic. TryNinja explains how to work with the script here: [Script] Imgur to TalkImg - automatically fix your broken images. Please read it. You will find the code for the script in his OP, but here it is again for reference: https://gist.github.com/ninjastic/36c14fb2eb1c4b750f40f332d408688fAlways verify and compare the provided link above to see if it's the same as in TryNinja's topic before you use it! Simple how-to guide: The code goes through your entire post history, finds Imgur links, uploads the images to TalkImg, and edits your posts with the new links. The script doesn't require your forum login data, and you don't have to edit the code in any way (unless you want to) for it to work. Modifying the code to fix images from other image hosts is possible if needed. In my example, I had some pictures on vgy.me that were deleted. 1. Copy the codebase from the official gist.github link. The link is provided above. 2. Open any Bitcointalk forum page. 3. Click F12 or right-click with your mouse and select 'Inspect' to open the Developer Tools window. 4. Click on the 'Console' tab, which you can find between 'Elements' and 'Sources'. 5. Paste the code from gist.github and click enter. The code won't work at the moment without applying the fix as mentioned in this post.6. Let it work until it reaches 100%. Don't use the forum for browsing and posting during the image upload process to avoid issues. If you have questions or run into problems, please post them in TryNinja's topic > [Script] Imgur to TalkImg - automatically fix your broken images. Please don't PM users and bother them about their broken image links. You never know if someone might react negatively and report you for PM spam for whatever reason. Just mention their username and tag them here; if they want, they will respond. If not, give it up and don't bother them anymore. Use any message you want. Here is an example that I will start with. I would like to thank TryNinja for creating the script and joker_josue for TalkImg!
|
|
|
This topic has probably been covered many times, but I have a few questions I want to address.
As an intro, we can use dice to generate a seed phrase. Bitcoin hardware wallets/signing devices such as Coldcard or Seedsigner allow you to input the results of 50/99/x number of rolls and convert that into a seed.
A big danger of using dice rolls is if the dice are biased and more likely to land on one or multiple numbers. It affects the randomness, hence the security of your seed and Bitcoin. A truly unique dice roll is one where each outcome is equally likely. If one or more numbers have a greater chance to land on top, that is obviously not the case. It limits the keyspace from where the seed is generated, making brute forcing easier. Surely not easy enough, but easier.
A couple of questions: In what ways are dice biased? Is the bias random? For instance, am I more likely to roll a 2 than any other numbers on dice #1 and a 3 on dice #2?
Are dice manipulated on purpose, and if so, manipulated to achieve what results (rolls)? Or is the bias a result of low-quality production? If they are not manipulated on purpose, and the bias is random for each dice, wouldn't it even out if I have multiple dice (10, for instance) and roll them as many times as possible? If each dice is biased to a different number, can we really talk about a significant loss of randomness in the final result?
To take this further, how could someone take advantage of the bias in my dice to bruteforce my seed without knowing what that bias is? Even if 8/10 of my dice are biased and only 2 produce near-perfect results, wouldn't you need to know the exact bias to brute force my seed? If my thinking is correct, having knowledge of this bias would be essential for whoever or whatever is trying to hack my seed phrase because, based on the results alone, you can't possibly know that one of my dice has a tendency to roll a 2. In theory, if I throw 10 dice in the air, biased or unbiased, they could all show the result 2. Very unlikely, but still possible. How would the attacker differentiate the biased from the unbiased rolls?
As a way to mitigate bias, it's better to use different types of dice from different manufacturers, sizes, etc. Although I can't possibly see all dice from manufacturer #1 as being biased to the same number and the dice from manufacturer #2 to a different number. It must be a random bias.
When we are on the subject of manually testing a die, it's very difficult to discover a slight bias. Obviously, if every second roll lands on the same number and you rolled it hundreds of times, it's enough proof that something is wrong. If all numbers appear in what seems to be a random fashion, it isn't easy to come to a conclusion. Randomness means that the number 5 could be rolled 1/10 times. But even if you roll it 7/10 times, we can't talk about bias if you don't get approximately the same number of unexpected results after dozens and hundreds of attempts.
|
|
|
|