Title says it all.
#'s T 3131 & T 3132
Asking 0.015BTC for the pair shipped anywhere in the USA.
BTC address: 3Kdr6W85fdXY2Bj6C2CzwyBYhmUE3GvvsE
Can also take the equivalent amounts in some alts or send you a LN invoice.
I will not ship internationally, but will ship to anyone who you want to re-ship to you.
Both minerjones and MoparMiningLLC offer to do this.
If you have any questions ask.   Cleaning out a lot of stuff. So there will be a lot of things listed over the coming weeks. If you have something specific you might want ask and I'll take a look, but no I am not going to go and make a complete list I just don't have the time at the moment. -Dave |
|
|
|
Why do people choose to not use reputable, open-source software when it comes to their life savings? I mean, you seriously don't think it's a good idea to spend an hour or two extra, to ensure you won't just let a stranger ruin your life?
Part of the problem that I have been saying for years is the fact that people have grown so accustomed to the security that comes with their bank and brokerage applications. Where if you do something stupid more than likely you could get your money back and if you forget your password you have way of recovering it and they have safeguards against you doing things without clicking I am sure a bunch of times. So, people think that all financial applications including cryptocurrency ones are more or less operating the same way. And then are shocked when they do not. For all of everybody running around screaming about everything in the financial world even back in 2008 with all the bank failures and all the other banks that imploded so far this year more or less in most occurrences people got all their money back. Now try to convince those people that they are responsible for their own actions. I'm also going to go out on a limb here and say that it is older people that this happens too. Whether or not everybody wants to run screaming about this group or that group kids today(and I'm gonna say anybody under 30 ) have seen and heard all the disasters that happen online and because they grew up with the tech they understand a lot of its limitations. Grandma and grandpa who you finally convinced to use online banking now think everything operates the same way, and when they had a problem with their online checking account they could call an 800 number and spend an hour getting help through the situation. Do you think they're going to understand the concept of custodial or non custodial or open source or closed source? Or the fact that if they forget the password there's absolutely nothing anybody can do about it. Yes it's a generalization, but probably fairly accurate. -Dave |
|
|
|
I don't see how their software can be compromised unless they were lying about how are the private keys generated and them being non custodial. Atomic wallet is closed source. Anything could be hiding in the code, not just from them being actively malicious but also from a rogue employee sneaking something in, a malicious third party sneaking something in, someone compromising their app store account to upload a malicious app, or even just plain incompetence. I am also reminded of the Copay wallet hack several years ago. Copay had a dependency on a specific JavaScript library which was no longer maintained. A malicious third party obtained control of this library, merged a malicious update, and it was pulled in to Copay updates without anyone realizing. Just another in the long list of reasons to never use closed source wallets. On top of that, Atomic wallet is owned is owned by Binance which historically has few questionable behavior. Are you confusing them with Trust wallet? I didn't think Atomic was also owned by Binance? For those of you like me that did not remember if you left any funds in there (I had an entire $2 of tron so no big deal) just put your phone in airplane mode or disconnect your internet from you PC and check. And then if needed get your private keys. Don't start with getting the keys and importing do a time / effort analysis. Copay was open source. But as I have said countless times. Open source and build verified still does not prevent bad coding. Or as you mentioned a supply chain attack. It just allows more people to see the bad code and report it and get it fixed. And also as I have said countless times. Open source don't mean shit if people don't verify the source vs compiled that you are downloading. And lets not forget the HOW SECURE IS THE PROCESS OF UPLOADING THE APP TO THE VARIOUS APP STORES. Everything else could be perfect, but if you don't secure that system then you are not secure. -Dave |
|
|
|
It’s super cheap to buy them and they end up in every kind of envoirements, scientist, government, businesses etc.. In those kind of envoirments devices like this are also very hard to track, so in my opinion the only reason to counterfeit such a device would really be some kind of malicious activity. I think otherwise the profit would be to small. Is there a good way to see if a chip is real or counterfeit?
Yes & no. If you buy from them: https://shop.m5stack.com/ you can probably assume it's real. And I would think the ones coming out of their approved resellers are also real. Beyond that, I don't think you can. A tech I know bought a bunch from them and when he needed more went to what he thought was a reputable site since at the time M5 had no stock. When one died and he sent it back to M5 it came back as not made by us. Looking at them side by side they were the same. Even in the same packing. Their attitude was we sell them and so do these people, getting it elsewhere you are on your own. So, yes people will clone a $25 thing. Might not even be for evil reasons, just something cheap to make with a good profit margin. There are even youtube videos about people selling counterfeit IC chips in the $3 range so..... https://www.youtube.com/watch?v=12u_hBkHB88-Dave |
|
|
|
From the paranoid tinfoil hat wearing department, be careful where you buy some of these boards from. Not necessarily anything malicious directed towards Bitcoin wallets, but even at the ridiculously low price points that you could find and online there are still a ton of counterfeits out there. I'm assuming that they are just cheap knockoffs being passed off as the less cheap real thing. But in the end you don't have a verifiable source of where some of these chips came from or even who did what at the factory when they were assembled. Why anyone would create a pirate / clone M5 stack is beyond me, but they are out there  -Dave |
|
|
|
Look everyone it's satoshi. Those are the txids for the 1st 3 blocks mined. And on a side note wallets from that era cannot easily be opened in a modern client. And probably a bunch of other things show that this is not your wallet. -Dave |
|
|
|
|
I am going to have to go with the theory of what most things are written in a particular language. It's white the person knows.
Many times, we have done things for web-based apps in PHP that we know can be done more efficiently using a different language. But, and this is a huge BUT everybody in the office knows PHP everybody in the office can deal with any issues if they come up. So PHP it is. Satoshi could have done it differently, but if C++ was what was known then that is what was used.
-Dave
|
|
|
|
|
I also think a lot of it comes from culture differences. What is acceptable in one location may or may not be acceptable everywhere. Heck, I'm from New York and even now and then I have to edit what I typed before posting since I know the toothless inbred rednecks who get offended at everything people in the middle of the US who don't like people on the coasts may take offense at things I say.
And, this is what I have been ranting about for years. The feedback system is broken, so things that people post as negative possibly should have been more neutral but it's what we have so we have to work with it.
-Dave
|
|
|
|
realistically, bad programming and bad RNGs are probably going to cause more duplicate wallets from duplicate seeds than actually being able to brute force it or properly written software creating a duplicate seed just by random See these brain wallets, or posted private keys that still receive funds. Yes, but that is more an example of humans being humans and doing insecure things. I was thinking more along the lines of some chip manufacturer doing something stupid in an otherwise good RNG and for some reason instead of spitting out one of close to trillions of possible numbers, spitting out one of 10. Or some wallet that had some things set in testing that still made it into production so once again instead of just about infinite choices it's one of only a few. Which is why I'll let others play with the 1st wallets that use the tropic square chip. Considering the people making it and their security choices I'll let others figure out what they missed in the 1st generation of their security chip. Because, you can be open source and auditable all you want. But, without specialized tools and knowledge you can't really know whats in the silicon. Which leads to the next thought, even with tons of people over a decade looking at their stuff, you still had spectre and meltdown hit so many processor manufacturers. -Dave |
|
|
|
|
Add the other point to think about is that even F through some bizarre are accountable bad luck your 128 bit entropy words were an exact match to an already existing wallet. Is there an active wallet? Or is it just a wallet that somebody created and then abandoned years ago. Maybe I'm a unique case camera but I probably have created used and then abandoned 50 plus wallets generated from 12 word seeds over the years. I have several hot wallets that I don't keep a lot of funds in, but I do like to have immediate available funds on several devices at a time that are all totally unrelated to each other. And when I'm done after what could be weeks or months, I archive out the seed and create a new one.
I don't think I'm alone in doing this. So yes you could find day's wallet #37. You get to see all my transactions from 2020. Have a blast with that.
Yes it's a privacy issue but it's not a real security issue.
realistically, bad programming and bad RNGs are probably going to cause more duplicate wallets from duplicate seeds than actually being able to brute force it or properly written software creating a duplicate seed just by random chance.
-Dave
|
|
|
|
|
The mempool is where the Bitcoin software stores all the unprocessed transactions waiting to be mined.
It is set to 300 megabytes by default so as it fills up, transactions that would put it above the 300 megabyte limit are purged in the order of lowest transaction fees first.
Most mining pools, have it set way higher than that because they don't want to ever run the risk of not being able to mine something.
The problem you are encountering now is the fact that since the address you are apparently sending to is an exchange and not a address you control, so there is no way for you to spend the unconfirmed transaction with a high fee. An exchange won't do it, so unless shoppy will retransmit these transactions with higher fees, you're just going to have to wait.
Did you contact shoppy support? If So what did they say?
There have been a few transactions mind with fees in the high teens sat / vb over the past couple of days. So if there is a low and new transactions over this coming weekend, there is a possibility that yours might actually get mined.
-Dave
|
|
|
|
|
1) Yes they can decide.
2) No consequence at all, except they don't get the fee for that transaction
3) It stays in the mempool and some other miner will mine it.
There are some minor exceptions to all of this. Such as if someone sends a CPFP transaction the miner must include the parent. But for the most part miners can pick and choose what transactions they put in. And for the most part they pick the ones with the highest fees of sat / VB
Some pools like VIABTC have a PAID service where they will put in a low fee transaction, and others have shown they will flat out reject some transactions that have violate OFAC (but I think they all started ignoring that anyway)
But for the most part miners make blocks how they want.
-Dave
|
|
|
|
No the transaction is within the bitcoin core wallet that you have running on the node. If you have the actual TX that you can see on a block explorer it's out of lightning (2nd layer) and into the 1st layer itself.
So all you have to do is spend that transaction with the CPFP.
How do you have this setup? You should have some access to that wallet to send the funds.
-Dave
I might be wrong, but I don't think CLN uses a bitcoin core wallet? bitcoin-cli listwallets returns an empty array for instance. Also CLN does not seem to be aware at all about what is going on in the mempool. I thought it did, could be wrong I have never tried with CLN but it was in the back of my head that unlike LND it did. For LND people have written tools to get to the keys https://github.com/lightninglabs/chantoolswalletinfo Shows info about an lnd wallet.db file and optionally extracts the BIP32 HD root key Not sure if anything similar exists for CLN Sorry I can't help more. -Dave |
|
|
|
|
No the transaction is within the bitcoin core wallet that you have running on the node. If you have the actual TX that you can see on a block explorer it's out of lightning (2nd layer) and into the 1st layer itself.
So all you have to do is spend that transaction with the CPFP.
How do you have this setup? You should have some access to that wallet to send the funds.
-Dave
|
|
|
|
... when closing a channel and CLN ended up closing a channel with a fee of 20 sats/vByte. I would like to send the UTXO from the stuck transaction to another UTXO using a higher rate than necessary so the average rate for both transactions is sufficient to include my transaction, but lightning-cli is unable to see the stuck transaction....
You are overthinking it. From the actual bitcoin node do a CPFP transaction with the higher fee to another address. That will get the 1st TX for the closing of the channel confirmed and the channel closed. No need to mess around with the lightning node and risk broadcasting a TX that might cause another issue. And at 20 sats/vByte I think the VIABTC tool will work too. https://www.viabtc.com/tools/txaccelerator-Dave |
|
|
|
Gotcha! Thanks for that. I don't care about seeing fees. I just want to be able to look up addresses and transactions.
I especially want to be able to look up my own addresses privately.
If you are looking for more privacy you might want to look at also putting together an electrum server and only running under TOR. Doing it yourself is a good learning experiance, but you will wind up pulling your hair out at times getting things to work. Or, you could just use one of the pre-packaged ones like mynodebtc or umbel and so on. Just checking addresses is not much of a privacy leak, vs actually sending TX and having a client connecting to some random electum node. Not MUCH more mind you, just a bit more. And they have all the other good things, like coinjoin apps, explorers and so on. You don't learn as much, but they do work. -Dave |
|
|
|
The main thing to keep in mind is that with most camera possibly all of the hardware wallets out there today they are using standardized chips to perform the functions. So yes these chips might be doing something shady, but and this is important, it would be doing it for all the devices that they are used on. So if something was wrong with them it would not just involve hardware wallets.
Correct, but it is hard to believe that HW vendors buy those chips on the wild market apiece. More likely than not they do it by batches via contracts with makers. So those chips used in HW might have dedicated "hidden" features. Doubt it, most of them don't sell direct to 'small users' and lets be honest that is what hardware wallet makers are. They unless you are taking thousands and thousands all at once you get the 'go the resellers' when trying to buy. Trust me, been there, done that. Keep in mind most of these chips cost below $1 when dealing in the single unit price and drop to $0.80 or less when dealing in quantity. They don't want to talk to you for 2500 of them, they want to sell to Mouser or Digikey and have them deal with you: https://www.mouser.com/ProductDetail/Microchip-Technology/ATECC608B-MAHDA-S?qs=sPbYRqrBIVnKfPKcuUlUgg%3D%3Dhttps://www.digikey.com/en/products/detail/microchip-technology/ATECC608B-MAHDA-S/13415130?s=N4IgTCBcDaIAQEEAqBRAwmgbABgBwCEBaAWQQAkARBQgZRAF0BfIAEven when you get to the higher end chips, you are still under $3.00 each in quantity 10+: https://www.mouser.com/ProductDetail/Analog-Devices-Maxim-Integrated/DS28C36BQ%2bT?qs=vLWxofP3U2zN7T53brV95A%3D%3DI guess the best way to put it, is one of the clients for my day job is a board level component manufacturer. When I need a part that is in their 'sample pack' or small local warehouse I can grab it from them if I am in the area. But if I need 25 of a part, THEY send me to digikey.... -Dave |
|
|
|
|
Full disclosure, while posting this I am wearing a sinbad signature.
I think, over time all mixers are going to be shut down by various government entities. Even if they are doing nothing illegitimate, for some reason everybody in law enforcement sees them as illegitimate. I will also say, with more and more exchanges that are not requiring KYC going away I see privacy becoming more and more difficult to obtain.
Continuing with that thought, I have posted many times about various ways to somewhat reliably break proof of ownership of coins. It requires time and effort a decent knowledge of exchanges and (this is important) hunting down exchanges that consider a simple SMS and e-mail address enough KYC for a certain level of withdrawals. Because, if you deposit coins in one exchange using a disposable e-mail and phone number, convert them to another coin, transfer that coin to another exchange that just requires an e-mail address and disposable phone number, and then withdraw from that second exchange after converting to another coin good luck ever being able to prove anything especially if you used XMR or other privacy coins to transfer between exchanges.
Tinfoil hat paranoia, the last mixer that is left standing is run by the NSA....
-Dave
|
|
|
|
|
It's also kind of a trick question. The answer, IMO is mostly because it was there in the beginning and it still works now. I don't think there has been a lot of discussion about changing it. I have seen some discussions crop up now and then, but nobody really seems to care enough to put forth any kind of effort to change it.
So the simple answer, getting rid of anything that has to do with non restrictive use, more restrictive use, less restrictive use, is purely inertia. It is there and it works, so it stays the way it is.
From the department of...If it ain't broke, don't fix it....
-Dave
|
|
|
|
I guess i used a python script from github way back in 2017-18 to generate address and keys, when i check the private keys on bitaddress it shows wrong for both. That's the risk of using "weird" ways to create private keys: it could be a bug, but it could also be malicious, in which case the creator of the script gave you his own address. Too late for now, but for next time: when I create a private key and address in a non-standard way, I always use different software to see if I can reproduce the address from that private key before funding it. Which goes back to the question I asked the OP above. When the address was created did he verify it in a wallet / other way that the private key = address. If not then who knows what the address actually is. Could be the writer of the script did something malicious and only gave addresses that they had the private keys too. Could be they just messed up some code. -Dave |
|
|
|
|
Show Posts
