Japan will not be willing to engage in war, they will just be minding their own business because war is expensive. the ones who got the appetite for it are the rich countries who can dictate where economy is going after a global recession.
I think the opposite is more likely. China is Japan’s adversary and has been increasing their military spending in recent years as a means to counter Chinese projections of strength.
Biden is doing exactly what he said he would do to energy prices — he intentionally making them very high so that people will have greater incentives to buy electric cars that are powered by electricity from coal. It should be no surprise that the Saudis are not receptive to Biden’s request for more oil if you read his comments about the Saudi royal family.
I don’t think the US will provoke a war with China via Taiwan. It is more likely that China will invade Taiwan after Russia wins its war in Ukraine (assuming they do). I think China wants to see if Russia sees are real consequences for the invasion. This will likely result in a real war directly with China, although based on the fact that the Chinese government likely has a lot of dirt on the Biden family, it is possible that the US will initially sit out of the war. |
|
|
|
I'm pretty sure people still use them. Even better if they use something they use much heavier encryption (such as WarpWallet).
The idea of simply remembering your money is appealing to me (but I don't dare risk it for a large amount).
What I don't understand is why don't they use the hash function millions of times to make their brain wallet even more secure? We all know that just hashing a subjectively difficult passphrase isn't as much secure as it is to generate an entropy randomly. There wouldn't be such thread if brain wallet users hashed more than once, because, apparently, some passphrases aren't as strong as they thought. Dont do this. Hashing a pass phrase will not result in additional entropy. If an adversary were to know that you hashed a brain wallet pass phrase, they could do the same to brain wallet candidate pass phrases they believe you are likely to use. |
|
|
|
The fact that the private key is derived using SHA-256 does not make it a brain wallet. A HD wallet seed comes from the SHA-512 hash of the BIP-39 seed phrase. Does that make an HD wallet a brain wallet? A brain wallet is derived from something that can be memorized. That is why it is called a "brain" wallet. The mini-key is a random sequence and is not intended to be memorized so it is not basically a SHA-256 brain wallet.
What about "my private key is generated from 111th block's hash in bitcoin blockchain"? You do not remember exact value which is used to produce private key, but you remember the way how to find it - exactly like "my phrase is second verse of song X". One thing is sure in my opinion - brain wallets belongs to past. Using a private key that is derived from in a similar manner is very risky, and is very likely to result in tears. There are many people who are monitoring a large scope of potential addresses for transactions being sent to them, and some of these people look to bitcoin-related forums to increase the scope of these addresses. You can call it a brain wallet if you want, but my advice is to not do it. |
|
|
|
I thought the mini private key format, used for Casascius physical bitcoins should rate a mention here, because it's basically a SHA256 brainwallet... but with a randomly generated passphrase. https://en.bitcoin.it/wiki/Mini_private_key_formatGiven that the random passphrase length is 22 characters (early version) or 30 characters, the chances of brute forcing it are still virtually nil, but technically, it is less secure than a standard key, in particular because 99%+ of the tries can be discarded after the first SHA256 hash. I came across my simple mini key generator tonight, and I'm having another play with it. The naive version uses random() and outputs about 8000 valid keys per second on a single core of an i7-3960X. I updated it to use the xoshiro256** PRNG, and the speed increases to around 13000 valid keys per second. Because the generation process requires that the first byte of the candidate hash be '00', on average only 1/256 candidates will be valid, so it's really testing about 3.3 million keys per second. It's still a massive search space (58^30?), even for a SHA256 brainwallet, and prematurely discarding 255 out of 256 candidates does not reduce the search space... it just makes searching faster. Plus, how many Casascius coins were ever created, and how many would still be funded? So this is really just a curiosity. The reason why brain wallets are insecure is that they are typically generated in ways that are not truly random. Generating a brain wallet using a random function will not have this problem. For example, if a brain wallet is a phrase that is found in literature, there are a very limited number of phrases in literature, and the number of candidate brain wallets are many orders of magnitude less than the number of potential private keys. |
|
|
|
What is your opinion about this? Is there any good reason not to use a self-custody wallet?
Holding your own coin is very different than having a password to a bank account. There is no way to "reset your password" if you forget your passphrase, and best practices include keeping multiple backups of your private keys in multiple locations via multiple mediums of storage -- all of this is new for most people. If you do not fully understand how to implement the above, it is probably best to not hold your own coin, at least not in substantial amounts, as there is a serious risk that you will permanently and irreversibly lose access to your coin. Some custodial storage "services" (such as exchanges) will turn out to be scams, and although these services (should) employ experts in securing coin, mistakes still happen, and these services are a bigger target for hackers, so there is the risk that coin will be stolen from these services. Storing coin on a centralized service also opens up the potential that your account will get hacked, and your coin be stolen from this service. It is important for people to fully understand the risks and advantages of storing their coin via various means, that are personalized for them specifically. Once someone understand the risks, they can evaluate how to best store their coin. |
|
|
|
Also note that there are many existing things with no BIPs. For example, where are BIPs for the Lightning Network?
LN is entirely separate from bitcoin core. It uses existing consensus rules to implement a layer 2 protocol. Further, the software is entirely separate. There are a number of BIPs that made LN possible. The BIP related to SW is a major one that comes to mind. There are others going back years before the concept of LN was ever made public. The BIP related to nTineLock is one example. |
|
|
|
So, the card itself is issued though webbank took a look and although it's not really highlighted on the Gemini site it is on the webbank site:
This kind of arrangement is common. Various airlines have cards issued by major banks (American - Citi, United - Chase, etc). Even brands that have their own billing interface have this arrangement, for example the Apple Card is issued by Goldman Sachs, but you access your account exclusively via the Apple wallet app. Some smaller banks will even outsource the underwriting and servicing of their branded credit cards to larger banks. |
|
|
|
nullius is indeed a cunt ✔
I am generally against name calling and personal attacks. I stated my opinion on the fillippone situation and I said that I think nullis is in the wrong. But I don’t think two wrongs make a right, and I don’t think calling anyone a “cunt” is going to result in anything productive. |
|
|
|
And that's not how I or fillippone see it; it's the way the protocol sees it. If you have a private key, you can sign messages with it. You're, therefore, the signer and, ultimately, the legitimate owner of that key. I don’t think I would agree with that broad or a statement. For example, if someone uses deception or exploits a weakness in security to install malware on a computer to obtain a private key, I would not consider the person the “legitimate” owner of the key. Similarly, if someone uses a $5 wrench attack to obtain a private key, they are not the legitimate owner of said key. After reading the thread in question, it is clear that fillippone was not using deception, nor force upon any third party to try to find a private key originally used by someone else. As such, I don’t think it is accurate for nullis to describe fillippone as a “wallet thief”, wannabe or otherwise.
fillippone was using what amounts to be brute force to look for used private keys. If however there was a more efficient means to generate an already used private key, I would expect many people to generate these keys, which is why I desire bitcoin to use robust means of cryptography to go from private key, ultimately to address. I would equate calling someone looking for weakness in the cryptography used in bitcoin as a “wallet thief” the same as discouraging looking for weaknesses in cryptography, and that will ultimately lead to negative results. |
|
|
|
PrimeNumber7, I think that Lauda probably cared about her privacy from the beginning. I have seen evidence that Lauda was not initially careful with their identity when they initially joined the forum. I prefer to not publicly state what evidence I have seen as it may weaken Lauda's privacy as it stands today. But assuming the contrary arguendo, there are various other reasons besides cypherpunk-anonymity why someone may obfuscate his or her identity online. For instance, I know that some women with high technical skills masquerade as men, to avoid unwanted sexual attention that is oft crude and gratuitous in anonymous Internet environments. I think that’s unfortunate, but it is has been a reality for decades—perhaps somewhat less so now. Who knows? I myself explicitly claim to be a man; but you have no proof that I am not just putting on a sometimes aggressive display of overt masculinity so I can fit in with the fellows in WO. Anyway, it is nobody’s business.
I think Lauda initially struggled with some of the technical aspects of Bitcoin, and later learned the necessary skills to understand bitcoin. I find the reasons that I previously stated to be most reasonable. |
|
|
|
I find it quite disturbing that there hasn't been a single new BIP submitted to the github repository at https://github.com/bitcoin/bips, ever since 2021-06-27 [a bunch of BIPs about descriptors were made at that time]. What happened? It is not about now being submitted - there are BIPs not merged. There is quite huge list of pull requests: https://github.com/bitcoin/bips/pullsI do not know who is responsible for processing that requests, but indeed, it looks like a quite big backlog. The threshold to submit a PR is low, so some of them may not be seriously considered, and/or are a low priority. The development of Bitcoin is different from most other software because no one entity is responsible for it, and also because there is so much commerce that involves bitcoin. The later gives an incentive for many to try to influence the development of bitcoin for various reasons. As achow101 said above, much of the work regarding BIPs is done outside of github. |
|
|
|
RaltcoinsB has 9 people added into their trust list. How was he eligible for being a DT1 member? Is this a bug or something I'm not aware of? My theory is they added DefaultTrust, which isn't included in theymos' weekly data dumps. So it doesn't show up in my Trust list viewer, but it might still count to be eligible for DT1-selection. My next theory is it could also work with 8 visible inclusions, if the user also adds OldScammerTag. This is likely the case. I just changed my trust settings to view RaltcoinsB's trust list in 'real time' and this person includes 9 'people' along with the 'DefaultTrust' account. Both 'DefaultTrust' and 'OldScammerTag' are actual accounts in the forum database, so any algorithm that checks for a number of accounts will take these accounts into consideration. I think the 'OldScammerTag' is likely obsolete at this point, although I am unsure if it is appropriate to outright delete the account (along with the associated ratings with the account). The algorithm will need to be updated to exclude these two "accounts" or a decision needs to be made that including as few as 8 accounts is acceptable if these two are included in one's trust list. |
|
|
|
what about protonmail? if you had to store it in the cloud would that be the best option? Nope. If you must store something sensitive in the cloud (and I'm not sure that is ever actually the case) the only two acceptable options are either 1) don't do it, or 2) set up your own cloud server. There is a "US Government" "region" in AWS that is used by various US government agencies, including the DOD. I don't think the nuclear launch codes are stored there, but I do understand that classified (and other sensitive) information is likely to be stored there. So a "never" policy for using cloud services is probably not appropriate, but it is important to understand the risks involved. It is easy to make mistakes with permissions when using cloud services, although most cloud providers will alert you when you are doing something that is clearly undesirable, there is no guarantee that your cloud provider will catch all mistakes regarding permissions. It is similarly possible to make other mistakes that will result in either your cloud services being exposed to the general public or that may result in your information being exposed to someone you don't intend to have it exposed to. In general, the appropriate customers for cloud services are governments and/or businesses. If you cannot be described as either of these and are using the cloud to store sensitive information, you are probably doing something wrong. Governments and businesses can hire professionals whose job it is to ensure that relevant settings are correct and that your private information will not be exposed to those who should not have access to it. They can also hire separate professionals to audit the above |
|
|
|
I don't think a large holder would be acting rationally by doing this. I think this holder would be better off selling their coin if they were needing to provide security for everyone. You say in your very next sentence that without a tail emission users are incentivized to hold on to their coin for as long as possible and not sell it. It would be entirely rational for a large holder to spend a very small amount of their coin on securing the network if they believe the value of the rest of their coin will be worth more in the future than it is worth to them if they were to sell everything now. You are also assuming that the only value that the large holder cares about is the fiat value of their bitcoin, and not about any of the other benefits bitcoin brings as a superior form of money. If the security of the network depends on a subset of the users of said network, over time, some of the people who "donated" to the security will stop doing so and will allow the remaining of those who is providing security to continue doing so. Over time, this will result in a small group of people being responsible for security. That would not be a good solution. It would make L2 solutions like LN impossible to implement because the sum of the total inputs would always be changing. There is no need to update it every second. The same with halvings, you have them every four years, not every block. And the same with difficulty adjustments, you have them every two weeks, not every block. And the same with the coinbase maturity, you have it set to 100 blocks. So, the sum of the total inputs can be calculated in the same way for a long time, and then be adjusted every sometimes, just like other parameters are adjusted. Also, coins can be timelocked to the future, so it won't be "I lock some coins now, and the next miner will get it". It should rather be: "I lock some coins now, and 210,000 blocks later, some miner will get it". LN closing transactions are currently designed such that they can be broadcast at an arbitrary time in the future. Further, if coin is removed from (a subset of) the UTXO set at intervals less frequent than every block, there will be incentives to get transactions confirmed prior to this frequency, and as such, the cost of getting transactions confirmed will spike immediately prior to these block heights. This issue can be entirely resolved by simply increasing the total supply of bitcoin. Tail Emission is already a major change, so if this change were to be adopted, you may as well adopt it in the most simple way, and increasing the total coin supply is the simplest way to achieve this. |
|
|
|
Opening a preview on your phone is probably harmless too. I don't think there's anything a pdf can do to cause much damage (and I'm assuming this is how a preview would've been rendered as iPhones can't view odt or doc formats afaik).
What about opening preview on laptop?
Even previewing a potentially malicious file is generally not a good idea on a phone or a laptop. While "previewing" a file will generally mean that you are looking at the file in a more "sandboxed" environment, there is no guarantee that someone has not figured out a way to get arbitrary code to run when someone "previews" a file. I remember I said "probably" at the time because I was thinking specifically about the document being full of links (either clearly displayed as hyperlinks or hidden - like an image being hyperlinked from), clicking on of those and downloading something that could then spread malware/infect your phone. Using the "preview" feature will prevent you from visiting any (malicious) links, however, it is not guaranteed to prevent you from opening malware, including malware that is hidden. So say someone gives you their btc address that they want you to send btc to. They type it to you on messenger or email. Now you would then use your mouse to copy and paste that btc address for you to send btc to. Now is it possible that btc address they post could have malware or not? i assume as long as you use mouse to copy and paste and as long as it doesn't display any link... then its safe?
i assume a person can't post the btc address like this.... 3b9omwjekw509906jkfjslfs and the moment you copy the btc address or paste it... you somehow get malware right? Such that a person can't make something that look like a btc address... an actual link that you can click on to get malware?
If you have raw text, that text is compromised of a bitcoin address, and you copy that text, you will not be exposed to malware. There is however always the potential that someone will transmit hidden malware to you via whatever means of transmission they send you that address. If someone is communicating with you via a messaging app, or via email, there is the risk that malware is being transmitted to you via that app or via email. |
|
|
|
Opening a preview on your phone is probably harmless too. I don't think there's anything a pdf can do to cause much damage (and I'm assuming this is how a preview would've been rendered as iPhones can't view odt or doc formats afaik).
What about opening preview on laptop?
Even previewing a potentially malicious file is generally not a good idea on a phone or a laptop. While "previewing" a file will generally mean that you are looking at the file in a more "sandboxed" environment, there is no guarantee that someone has not figured out a way to get arbitrary code to run when someone "previews" a file. Can someone here explain how i would find out if my pc or iphone is safe from malware/keylogger? Also i pay for antivirus... kaspersky total. Previously had used the free windows defender antivirus. [/b]
It is not possible to know with certainty that your computer is not infected with malware. If you had antivirus software running when you opened the potentially malicious file, your chances of being infected are lower, but it is still possible that someone infected your computer with malware that your antivirus software did not detect as being malicious. It is also possible that any malware will change the output from your antivirus software. |
|
|
|
People generally do the opposite - consolidate their UTXO when fees are low, because transaction costs more heavily depend on number of inputs rather than number of outputs.
The only reason why someone may want to split up their unspent outputs would be if they knew with certainty that they will be spending very specific amounts in the future (and they have a good estimate as to the future fee rates), and they split up their unspent outputs in a way such that a single new, split output is equal to an amount the person needs to pay in the future, plus tx fees, with no change. If fees go up by enough in the future, this may make sense, although it is generally unusual to know the exact amount that will be spent in the future. |
|
|
|
I just have one question about this sim port attack. In order for anyone to hijack my SIM, he needs to be present in my local area and it can't be done outside the country. Is it so?
For example, In my country, we have JAZZ, WARID, and Ufone mobile operators and since these networks are available locally, it is not possible for anyone to port my sim internationally and get the codes/SMS etc. ?
The attacker would need to have assistance from someone who has the ability to update your mobile phone account with a new SIM card. This means the attacker can be in any location. Some mobile phone operators have employees based in other countries than where they operate. |
|
|
|
If Mommy really wanted an abortion, and especially if she was a big pusher for abortions in general, maybe it's good that her kids get aborted. After all, if her kids come into this world alive, who will train them? Mother (and maybe father), of course. So, they will get trained to abort their offspring when they get old enough to have some. So, it works out well, even though it is unfair to the aborted kids. At least those aborted kids won't grow up to become abortionists/murderers... because they don't exist, having been aborted. That's one way to limit abortions. But the pro-lifers will let their children live. And they will teach them that abortion is wrong. And if they do a good enough job of it, their kids won't have abortions, but will teach their kids against abortion, as well. So, gradually, the abortionists will murder abortion out of existence.  Except that most children have values imposed onto them by their teachers and schools. The issue needs to be solved by reforming the education system to prevent what can only reasonably be described as very sick teachers from imposing values onto young children. |
|
|
|
Debasement doesn’t reduce fees tho, these two aren’t correlated. You would pay the same fees, regardless of debasement or not. The concern of some people is that transaction fees alone wouldn’t be enough to compensate miners and thus secure the network.
Reducing fees wouldn’t be that simple, you need to let more transactions in. But this comes at the cost of decentralization, depending on how much throughput you let in, because it becomes much harder to run a node. And if blockspace isn’t scarce enough, transactions fees are less likely to be enough to compensate miners, because it’s based on a fee market.
That statement demonstrates a misunderstanding about the economics of Bitcoin mining. Here is how it works: If a miner feels that they are not being adequately compensated for mining (simply stated, they aren't making a profit), they will stop mining, and the difficulty will adjust to increase the compensation for the miners that remain. That process will continue until the remaining miners feel that they are being adequately compensated. So, only in an exceptional scenarios will transaction fees not be enough to compensate miners. However, as @tadamichi also states, there is a danger that low transaction fees could become a security risk. It is the value of the block reward (and not the number of miners) that determines the level of security against a 51% attack. This is not quite right. What you say is true only for economically rational miners, and only to the extent that the miners are strickly rational in regards to the economics of mining bitcoin. One of the assumptions that satoshi made when designing the security of bitcon was that the majority of miners would be honest. Currently, it is very expensive for a bad actor to control a large percentage of the network hashrate, but if total block rewards (block subsidy plus transaction fees) become too low, it will become less expensive for a bad actor to control a majority of the network hashrate. I would also point out that if a miner was not being rewarded enough for their mining activities, in addition to turning off their equipment, they will also often attempt to sell their equipment.
Another thing is that tail supply can be reached by taking coins from people, without increasing 21 million coins limit. Then, it will be obvious to everyone, what this proposal is truly about. Because if more coins will be produced, then it is more sneaky, because many people don't understand, how inflation works, but if they will start losing satoshis, then they will see that in a crystal clear way.
That would not be a good solution. It would make L2 solutions like LN impossible to implement because the sum of the total inputs would always be changing. If it were decided to implement a tail supply, it would be superior to simply issue more than 21M coin.
Then you have three options Fourth option: Large holders of bitcoin are incentivized to mine, even with minimal or zero fees or block subsidy, in order to protect both the security and the value of their bitcoin. The outcome for these users would be little different than having a tail supply. With them mining for zero reward, they would be spending a small proportion of their money to secure the rest of their money. With a tail supply, they would be losing a small proportion of the value of their money to secure the rest of their money. Arguments against this is that it is effectively discriminating against the good will of the users who partake in mining, and of course the free rider problem. I don't think a large holder would be acting rationally by doing this. I think this holder would be better off selling their coin if they were needing to provide security for everyone.
From an economics perspective, having modest inflation is generally a positive outcome. Modest inflation will encourage people to actually spend their coin on goods/services rather than simply hoarding their coin until they absolutatly need to spend it. Modest inflation should encourage additional adoption, as it will cause the bitcoin ecosystem/economy to grow. |
|
|
|
|
Show Posts
