It is the same physical card in the same physical machine.  C++ is quite powerful.

That presumes that every other account on that very same box isn't doing anything dishonest.

If you successfully compiled or uploaded a packet sniffer on virtual machine #1, it will sniff packets for every other virtual machine on that box.

You also place an inordinate amount of trust on the jail system of the OS -- making sure that the various virtual machines can't see each other across the harddrive(s) they share.

And lastly, you'd be sharing SQL database access with everyone else on the virtual machine.  That could open up vulnerabilities if permissions are not exactly right.

Once again, there was a period of time between the alleged hack and the decision to do the roll-back.  You would have not said a word publicly during that period of time?  You would have been satisfied that MtGox was going to 'make it right' without even knowing they would do a roll-back?

Why?

And why presume ridicule or hatred if the hack was no fault of your own?

Speaking for myself, if I had even a thousand dollars worth of bitcoins trapped/lost in an exchange, I would have raised some very public holy hell.  It's only through open conversation that others might be made aware of the situation, beyond what MtGox is willing to provide.  And, quite frankly, you cannot simply presume that MtGox is giving the whole truth, or even any portion of the truth.

MtGox has said that they'd be responsible for 'gross negligence' only.  And supposing that gross negligence did take place, how much might MtGox twist reality in order to keep you from seeing the evidence of that negligence?

If the auditor account was used to hack the system, and/or dump the usernames/hashed passwords, etc., then the auditor account likely was granted more access to the database than was necessary for the performance of their audit.  That's negligence on the part of the database admin....and quite possibly rises to the level of gross negligence.

http://en.wikipedia.org/wiki/Gross_negligence

You can set up SQL to only grant access to specific tables based on their username/password combination.  You can also further restrict access by IP address -- which, as I understand, was in place.

So, for example, you could have complete access for Bob, and only show the user# and email addresses to Bill.  And you can set it up so that Bob can only log in from his own IP address, while Bill can log in from any IP address.

So if the auditor was only supposed to be auditing for evidence of gaming/fraud, then the auditor account access should have only been permitted to read those tables specific to what they were looking for.

Either the story as given to us so far is false, or the admin of the SQL database gave too much access/permission to the auditor's SQL account.  If too much access was given, then that MIGHT rise to the level of negligence, or even gross negligence.

That's the story from MtGox.  Backed up by what evidence?

If you accept that the coins were stolen, then fine -- a roll-back would seem most appropriate (to me, at least).  But without evidence to back up that story...

As I have said multiple times -- I don't need names, IP addresses, and all such details.  I would be satisfied with proof that 'criminal proceedings' have been initiated, as has been claimed.  Again -- if for no other reason than that filing false reports is felonious pretty much world-wide.

Oh lord....don't get me started on Gold-in-my-sacks...

When asked in the interview a couple days ago "Why did the auditor need access to the LIVE database", the response from MtGox was that they were auditing to make sure MtGox wasn't manipulating the quoted prices for sells and buys.  In other words, gaming their own clients.  That would be fraud.  So, by MtGox's own admission, the auditor was auditing for evidence or non-evidence of fraud.

So it wasn't a DVD.  It was live access to a database.  It would appear that the access included tables which the auditor didn't necessarily need.  And that MIGHT be (gross?) negligence...  

Then again, what if the auditor was from a government agency?  It might not be so easy to tell a government agency what tables they can and cannot look at...

Ran my own web-hosting company for six years.  I can tell you that multiple IP addresses can route to the same physical machine.  So the best such a reverse-IP lookup can do is tell you how many domains are on that one IP, not every IP assigned to the box.

In other words, a dedicated IP address is not the same as a dedicated server.  Many times, the box will only have a single IP -- but not always.

Police reports are normally public.  I am not asking for him to discuss specifics of the case.  Just prove that a case DOES IN FACT EXIST.  If there are details (eg. names, IP #s, etc.) that he or his lawyer would prefer to redact, then do the redaction before releasing.  

As it stands now, we have absolutely no proof that any authority has been notified, let alone 'criminal proceedings' initiated.

If the program created a new wallet file and keys, moves coins to that wallet, and quickly move them both (new wallet and new keys) to an external drive, and I quickly unplug that drive...  That wouldn't leave much of a window of vulnerability, would it?  

If that is possible, I think it would be of enormous use to end-users who might have enough bitcoins to consider putting them in a safety deposit box or other kind of safe.

It's an unrealized gain until it is actually converted into a legal tender currency.  Once you convert, you are required to report the gain as profit.  And if you're using the normal venues to cash out (Dwolla, LR, etc.), then it's quite likely that those monies are already being reported to the IRS, and will be cross-checked with your tax forms.

They may not have a legal obligation to provide a police report, or even a redacted police report.  But it was MtGox themselves who claimed that 'criminal proceedings' have been initiated.  They didn't have to make that claim either, right?  But since they did, why not bolster credibility by providing proof of claimed proceedings? 

There's a difference between what is legally required, and that which helps re-establish trust. 

Yakuza?  The Japanese mafia?  Nice...

http://en.wikipedia.org/wiki/Yakuza

Make it easier within the client to dump your bitcoins onto a flash/thumbdrive, making them inaccessible until re-imported into the client. 

For example, say you have 50 bitcoins.  You want to take half of them and put them on your thumbdrive.  Insert the removable drive, and choose "export bitcoins to drive" in the amount of 25 bitcoins.  After doing this, the client would report that you have 25 bitcoins available.

When you want to pull those coins off that thumbdrive, you could just "import bitcoins from drive".

You deleted everything in the AppData/Roaming folder except the wallet.dat file?  

Is the client re-downloading the blockchain now?

You might want to let it re-download the entire blockchain, close the client, copy the wallet.dat file to the folder, and then restart the application...

I'm not sure what use the wallet.dat file is without the entire blockchain in place...

Did you go in the menu "About" to check if the version is actually .23?

Unless and until terrorists can buy airplane tickets or weapons with bitcoins, their focus would probably be at the point where the bitcoins are converted into actual cash.

How long have the bitcoins you're trying to send been in your wallet?

I understand what you're suggesting.  Added "Random User w/SQL injection" as option...

"Government Agency of some sort" added...