Or they could use the software being promoted in the OP. I was trying to make the point that the software in the OP has a target market of businesses, not individuals acting as not in a business capacity.

I don't think so. I was describing a common practice that some banks use when shipping cash.

I don't think it is trivial to print or print on a tamper-evident seal. Although as I previously posted, it is probably not difficult to procure a tamper-evident seal that looks a particular way. This means the attacker would need to have the specific serial number in advance or order a particular serial number seal after he obtains possession of the HW wallet.

The advantage of using a serial number seal is that an attacker will need to take additional time to forge the seal. The delay should set off red flags to the end-user.

*I also specifically use the term "tamper-evident" not "tamper-proof" as these types of devices cannot guarantee they have not been tampered with, and it is possible to defeat the device.

Just because Cuomo believed he could harass women with impunity because he is a powerful Democrat, doesn't mean that doing so was okay.

The issue of hospitals being overcrowded was not applicable in any red state. The issue of tens of thousands of vulnerable seniors being killed in nursing homes was not an issue in any red state.

I think the OP is mischaracterizing what the SEC is doing. They are threatening litigation if Coinbase offers a particular product, due to the product’s violation of securities laws, but they are unwilling to discuss exactly how the product violates the law, preventing Coinbase from being able to modify their product in order to comply with the law.

Basically, the SEC does not want Coinbase and DeFi in general to be able to complete with the banking ecosystem. They just won’t allow it. No discussion, no explanation as to how laws would be broken. No avenue for Coinbase to remediate any violations. 

Some people have zero tolerance for those that are different, or that think differently than they do. It is sad really. I think a large part of this is due to their inability to think critically or use sound logic to reason and persuade others. Another part of this is just that they are in desperate need of male validation.

The premise of my previous post what that you somehow knew a cloud mining company to not be a scam. If a company was stealing images of miners from other companies, it would probably be fair to say they would be solidly in the scam category.

I am not sure if units of evil are removed from IP/ranges when a ban is reversed, or not.

In either case, the effect of a single ban is very small, and it is unusual for bans to get reversed when compared to the total number of bans issued (there are thousands of bans issued for things like spambots). I don't think it would be very common for someone to have to pay a fee in order to register due to a single erroneous ban.

Most units of evil are the result of spambots.

My understanding is that a unit of evil is applied to the IP/range as of the time the ban is applied. I understand that a signature ban is typically applied in addition to a temp ban that is much longer than the temp ban, and is given as a way to allow someone to continue posting, but not to be able to advertise in their signature.

I read the entire post you quoted, and I think you are reading the information incorrectly. If you create an account, and due to your registration IP address, you need to pay a fee of x BTC, this amount will remain static, even if a long period of time elapses and no additional accounts in the IP/range are banned.

This could result in someone creating an account one day, being asked to pay a fee of x BTC, never pay the fee, and months later, create a second account using the same IP address, and not being asked to pay a fee to be allowed the post. The first account would be unable to post until the fee is paid, or is whitelisted.

There mere presence of a tamper-evident seal means very little. The presence of a tamper-evident seal provides more value when the person checking for the seal is familiar with the seal, what it should look like unbroken, and what it should look like broken. They provide additional value when there is a serial number on the seal that needs to match some kind of log that was received separately.

There is less security added when someone is receiving an item on a one-time basis that has a tamper-evident seal. As you noted, these can be faked, I don't think it is as trivial as you say, but it is probably not terribly difficult for a sophisticated attacker. I would say that using a security sticker is probably better than not using one, and I don't think there is much more that can be done to ensure the HW wallet is not tampered with.

Well, according to the documentation, you need to control the domain in order for this to work as intended. For example, if my email is PN7@google.com, if someone was directed to go to google_ln_payments.com/.well-known/lnurlp/PN7 in order to pay me via LN, how would they know the owner of PN7@google.com would receive the payment? Anyone who controls the other domain would be able to receive the payment.

In general, someone receiving a "personal" number of payments can create a LN invoice (or generate a bitcoin address) on an ad-hoc basis manually. A business will typically need to automate the generation of LN invoices and the generation of bitcoin addresses for their customers to pay.

In the past, most cloud mining companies have been outright scams, frequently via some kind of long con. I expect that in the future (along with the cloud mining companies that presently exist), most cloud mining companies will turn out to be a scam.

Even if you could somehow guarantee that a cloud mining company was not a scam, it would probably not be a good idea to "invest" in a cloud mining contract. I will list some of the reasons why below:

Additional Middlemen need to profit:
When you buy a cloud mining contract, you will almost always buy from an entity that is not the manufacturer of the mining equipment. This means there will be at least one additional entity that will need to charge a markup in order to turn an expected profit. If the cloud mining company advertises, the price you pay for a cloud mining contract will need to be increased in order to pay for the advertising expenses.

Cloud mining companies will have difficulty scaling:
Normally, very large miners can find efficiencies in their setup to reduce unit costs, however, this generally takes some trial and error. Cloud mining companies will generally need to "lock in" their expected costs when pricing their contracts to customers to ensure their operation is not unprofitable. If a cloud mining company were to find efficiencies after they initially sell their contracts, they would not pass those cost savings onto their customers, but they have little reason to look for those additional efficiencies, as they would already be operating profitably.
Similarly, very small mining operations may sometimes be able to find unique discounts that are only available to very small operations, for example, a datacenter (sublease) may have a limited amount of space to rent at a lower than the otherwise normal price. Or a small miner may have a unique situation in which they can procure a limited amount of electricity that is free or that has a lower than market cost.

I don't have a problem with how BADecker posts (I do however disagree with the substance of many/most/all(?) of his views). The thread in question resulted in a discussion about what BADecker was posting about. His way of formulating arguments is to cite what other people write.

Right. As the number of posts increase, so does the amount of time it takes to check one additional post.

You are describing one way in which all current posts could be checked for plagiarism (at least plagiarism by copying other users' posts).

What you describe is missing two things. Existing posts would not be checked for plagiarism, and if a post is written in the future and is subsequently plagiarized, the setup you describe would not catch it.

The email is a work email, and it is not going to remain compromised for an extended period of time. Anyone can create a bitcointalk forum handle of anything they want, so the bitcointalk account may or may not be compromised. I think there is a high probability the phone number actually belongs to the person the OP is claiming to be.
So no matter people try to contact the person via email or phone call, it will all ended up answered by the imposter.
You can facetime with both an email and a phone number. Ditto with other video call services.

The OP's claimed email address clearly indicates he works for the FDA.:

If you are doing something like storing your seed (either in written format or stored in a HW wallet) in an unlocked desk drawer, your coin is generally not very safe from theft. The fact that your written seed is stored with your HW wallet is not going to change this. I might argue that storing your written seed with your HW wallet might make some people realize that they are storing their seed in an insecure location.

Similarly, storing your seed in one location is going to put you at risk of loss due to fire/disaster. However, storing two copies of your seed at your home does not preclude you from storing your third copy off-site.

I was originally responding to the following statement:
There is a difference between saying to "never" store your HW wallet with your written seed and saying that you need to have at least one copy of your seed in an off-site location.

I would go a step further and say that someone could replicate a HW wallet, but use entirely different equipment and firmware. A reseller could purchase their own tamper-proofevident bags/seals to make it appear the HW wallet came from the stated manufacturer. The fake HW wallet may look very similar to HW wallets produced by the claimed manufacturer and may interact with wallet software the same way.

An attacker would not need to fake the checksum. An adversary could simply produce a device that looks for a different checksum.

I have no idea if the OP is who he says he is. The telephone number and email address appear to be associated with the person who the OP says he is. This person appears to work for the FDA, and I am not sure why the FDA would be investigating anything to do with bitcoin, or even most crimes (the only crimes they investigate are those related to products the FDA regulates).

The person the OP claims to be does not appear to work in the law enforcement side of the FDA. I think there is a chance the OP is actually trying to get people to harass the person he is claiming to be by posting his contact information.

There are a number of private entities that I believe contract with government law enforcement agencies that help with the types of problems the OP claims to need help investigating. One of the well-known companies is chainanalysis.

I would operate under the assumption that most people operate under the assumption that nearly all bitcoin users have multiple copies of their seed stored in multiple locations. This means an adversary who incidentally obtains possession of a HW wallet will likely believe the owner will quickly take steps to move the coin away from private keys associated with that HW wallet.

The typical threat model for most people is to have backups of your private keys in at least one off-site location. This could mean having a single copy of your backup on an off-site location, or two copies at an off-site location. The former would mean you should have two copies of your private keys on-site, and the later would mean you have one copy on-site. In both cases, you have two copies of your private keys in at least one location. I am not aware of any security experts recommending having your private keys stored in multiple off-site locations for a threat model for an individual person.

The OP is talking about having potentially 4 or 5 off-site locations to store his private keys, and keeping his HW wallets separate from his "written" seeds would mean he would have 8 or 10 off-site locations storing his private keys. IMO that is just excessive.

An attack may be deliberate or incidental. The risk of loss in incidental attacks (such as a random attack of a bank customer) is probably low. An incidental attack involving the theft of a HW wallet will probably not result in any additional attacks, however an incidental attack involving the theft of a seed stored in written from has a higher chance of additional deliberate attacks involving the attempt to steal the additional seeds.

I am curious as to why you say this.

HW wallets typically have a lower threat profile than plaintext seed words, and as such, fewer security measures can be used when securing them. If a HW wallet is stored via means that would be considered safe to store a plaintext seed, I don't see any issue if both a HW wallet and a plaintext seed are stored in the same location.

I am also not aware of any widely accepted best security practices involving two backups of a private key stored via two mediums of storage needing to be stored in two locations.

It is not terribly difficult to remove things such as quotes from posts. Markup (things such as bold, and links) can also be removed trivially.

Splitting up the text of posts into sets of 6 words will be expensive, but is doable. A text with n words will have n - 6 sets of words.

The problem is that it is really not possible to check every new post for plagiarism because the cost of checking an additional post will grow for every additional post written. For example, if there are 100 posts that exist on the forum, the cost of checking a new post against all existing posts is 100 units. Once there are 1000 posts on the forum, the cost of checking a single new post against all existing posts is 1000 units. For each additional post made, it costs one additional unit to check a single additional post. This is obviously not sustainable.

As a holder of a debt obligation, you have an expectation of repayment obligations, and/or repurchase obligations as outlined with the agreement between you and the creditor (in this case Dean/BetKing).

If the creditor fails to honor any repayment or repurchase obligations, as a holder of a debt obligation, you have a cause of action against the creditor. A holder of a debt obligation can be made whole by the creditor honoring their repayment or repurchase obligations. A holder of a debt obligation can also choose to settle their claims by accepting less than the total amount owed in exchange for a quick resolution and/or certainty they will receive a recovery. If you sell your debt obligation you are selling the right to receive a repayment (and to sell your debt obligation via repurchase) to the buyer, who can choose to settle if he so chooses.

The title of this thread appears to imply that you "lost" 99% of your "investment" due to Dean's/BetKing's default in their obligations. A key part of the type of flag you opened is that there needs to be a way in which you can be made whole, and have the flag rescinded. Presumably, you want to receive the 99% of your initial investment that you lost. If this happens, what happens to the buyer of your BKB? They presumably bought a token with a face value of $1.00 for a price of $0.01. If they bought at a discount, the face value remains the same, and they presumably bought with the expectation of either being able to receive the full face value of the token or being able to settle for less than face value, but at an amount greater than their purchase price.

This is an important part of contract law, and should be considered prior to supporting a flag involving a contract violation.