These two sections are for serious discussion.

 - When you post, you must have a clear point. If you ramble on about nothing, then your post will be deleted.
 - You must stay fairly close to the topic being discussed in each thread.
 - While some amount of error is difficult to avoid, if your English is so broken that you sound stupid, then your post will be deleted.
 - No advertising of any kind.
 - Signatures are not displayed.
 - You must be at least a Jr Member to post in Serious Discussion, and a Full Member to post in Ivory Tower.
 - Posts in Serious Discussion only activate a potential-activity period. They do not increase your post count.
 - Posts in Ivory Tower neither activate a potential-activity period nor increase your post count.

Repeated violations of the rules will result in you being banned from the forum as a whole.

Humor is OK as long as it has a point. Any topic of conversation is allowed here, including altcoin talk, except:

 - If you want a response from forum administration, meta talk goes in Meta.
 - Altcoin talk that is advertisement/pump is not allowed, since no advertisement is allowed here.
 - Stuff globally disallowed/restricted (eg. Investigations content) is not allowed.

I see that newbies were already posting junk in Serious Discussion, so I made changes:
 - The member limitations are moved up one rank. You must be a Jr Member to post in Serious Discussion and a Full Member to post in Ivory Tower
 - Posts in Serious Discussion only activate a potential-activity period. They do not increase your post count.
 - Posts in Ivory Tower neither activate a potential-activity period nor increase your post count.


The name is supposed to be whimsical and slightly self-deprecating, not to imply that the idea of such a section is stupid/wrong.

Altcoin talk is OK there as long as it doesn't look like an advertisement. Any topic is OK unless explicitly banned (eg. Investigations content).

Created: https://bitcointalk.org/index.php?board=252.0

I created two boards:

 - Serious discussion. No limit on topic, but moderation of on-topicness and general sanity will be extra harsh. No advertising of any kind. Signatures are not displayed.
 - Ivory Tower. As above, but you must be at least a Member in order to post there.
 
Currently these boards are not treated specially in the activity calculation. I'm currently feeling that:
 - Removing them totally from the activity calculation is kind of unfair to posters there.
 - Allowing them just to activate a potential-activity period isn't much different from treating them normally for activity.
 - Treating them normally for activity won't be so bad, maybe.

But we'll see how it goes. These boards are largely experimental.

Update:

The forum sells ad space in the area beneath the first post of every topic page. This income is used primarily to cover hosting costs and to pay moderators for their work (there are many moderators, so each moderator gets only a small amount -- moderators should be seen as volunteers, not employees). Any leftover amount is typically either saved for future expenses or otherwise reinvested into the forum or the ecosystem.

Ads are allowed to contain any non-annoying HTML/CSS style. No images, JavaScript, or animation. Ads must appear 3 or fewer lines tall in my browser (Firefox, 900px wide). Ad text may not contain lies, misrepresentation, or inappropriate language. Ads may not link directly to any NSFW page. No ICOs, banks, or funds; I may very rarely make exceptions if you convince me that you are ultra legit, but don't count on it. Ads may be rejected for other reasons, and I may remove ads even after they are accepted.

There are 10 total ad slots which are randomly rotated. So one ad slot has a one in ten chance of appearing. Nine of the slots are for sale here. Ads appear only on topic pages with more than one post, and only for people using the default theme.

Duration

- Your ads are guaranteed to be up for at least 7 days.
- I usually try to keep ads up for no more than 8 or 9 days.
- Sometimes ads might be up for longer, but hopefully no longer than 12 days. Even if past rounds sometimes lasted for long periods of time, you should not rely on this for your ads.

Stats

Exact historical impression counts per slot:
https://bitcointalk.org/adrotate.php?adstats

Info about the current ad slots:
https://bitcointalk.org/adrotate.php?adinfo

Ad blocking

Hero/Legendary members, Donators, VIPs, and moderators have the ability to disable ads. I don't expect many people to use this option. These people don't increase the impression stats for your ads.

I try to bypass Adblock Plus filters as much as possible, though this is not guaranteed. It is difficult or impossible for ABP filters to block the ad space itself without blocking posts. However, filters can match against the URLs in your links, your CSS classes and style attributes, and the HTML structure of your ads.

To prevent matches against URLs: I have some JavaScript which fixes links blocked by ABP. You must tell me if you want this for your ads. When someone with ABP and JavaScript enabled views your ads, your links are changed to a special randomized bitcointalk.org URL which redirects to your site when visited. People without ABP are unaffected, even if they don't have JavaScript enabled. The downsides are:
- ABP users will see the redirection link when they hover over the link, even if they disable ABP for the forum.
- Getting referral stats might become even more difficult.
- Some users might get a warning when redirecting from https to http.

To prevent matching on CSS classes/styles: Don't use inline CSS. I can give your ad a CSS class that is randomized on each pageload, but you must request this.

To prevent matching against your HTML structure: Use only one <a> and no other tags if possible. If your ads get blocked because of matching done on something inside of your ad, you are responsible for noticing this and giving me new ad HTML.

Designing ads

Make sure that your ads look good when you download and edit this test page:
https://bitcointalk.org/ad_test.html
Also read the comments in that file.

Images are not allowed no matter how they are created (CSS, SVG, or data URI). Occasionally I will make an exception for small logos and such, but you must get pre-approval from me first.

The maximum size of any one ad is 51200 bytes.

I will send you more detailed styling rules if you win slots in this auction (or upon request).

Auction rules

You must be at least a Jr Member to bid. If you are not a Jr Member and you really want to bid, you should PM me first. Tell me in the PM what you're going to advertise. You might be required to pay some amount in advance. Everyone else: Please quickly PM newbies who try to bid here to warn them against impersonation scammers.

If you have never purchased forum ad space before, and it is not blatantly obvious what you're going to advertise, say what you're going to advertise in your first bid, or tell me in a PM.

Post your bids in this thread. Prices must be stated in BTC per slot. You must state the maximum number of slots you want. When the auction ends, the highest bidders will have their slots filled until all nine slots are filled.

So if someone bids for 9 slots @ 5 BTC and this is the highest bid, then he'll get all 9 slots. If the two highest bids are 9 slots @ 4 BTC and 1 slot @ 5 BTC, then the first person will get 8 slots and the second person will get 1 slot.

The notation "2 @ 5" means 2 slots for 5 BTC each. Not 2 slots for 5 BTC total.

- When you post a bid, the bids in your previous posts are considered to be automatically canceled. You can put multiple bids in one post, however.
- All bid prices must be evenly divisible by 0.02.
- The bidding starts at 0.02.
- I will end the auction at an arbitrary time. Unless I say otherwise, I typically try to end auctions within a few days of 10 days from the time of this post, but unexpected circumstances may sometimes force me to end the auction anytime between 4 and 22 days from the start. I have a small bias toward ending auctions on Fridays, Sundays, and Mondays.
- If two people bid at the same price, the person who bid first will have his slots filled first.
- Bids are considered invalid and will be ignored if they do not specify both a price and a max quantity, or if they could not possibly win any slots

If these rules are confusing, look at some of the past forum ad auctions to see how it's done.

I reserve the right to reject bids, even days after the bid is made.

You must pay for your slots within 24 hours of receiving the payment address. Otherwise your slots may be sold to someone else, and I might even give you a negative trust rating. I will send you the payment information via forum PM from this account ("theymos", user ID 35) after announcing the auction results in this thread. You might receive false payment information from scammers pretending to be me. They might even have somewhat similar usernames. Be careful.

As BTCforJoe said, you can't make the entire banner an image. Basically, if images are used for positioning or general text styling -- which CSS should be able to do --, then it's not allowed. But usually I allow little logos and such which can't be properly replicated in CSS.


Sorry, no.

Auction ended, final result:
Slots BTC/Slot Person
4 0.14 ChipMixer
2 0.12 Blocklancer
3 0.10 Aengus

For large spam campaigns, I retroactively wipe the spam PMs once they are discovered.

That means that it was a spam PM that got wiped before you read it.

Electrum is still one of my favorite wallets, but you have to understand its limitations:

 - Its privacy (and security, to some degree) is inherently bad due to its verification model.
 - It's written in an interpreted language, which makes me instantly suspicious of its security.
 - It has a very small team.

I'm OK with using Electrum for smallish amounts, with the assumption that all transactions/BTC in a single Electrum wallet can be trivially linked to each other.

IMO Electrum is still in the top two or three wallets. But although ThomasV is one of the best devs in Bitcoin, and some other wallet devs are also very good, this probably says more about how poor the wallet ecosystem is in general than how great Electrum is. Every wallet is seriously flawed in many ways.

- When someone violates the divisibility rule, I always round down to the nearest valid price.
- Please do not do the one-bid-per-slot thing. All of the slots are fungible, so you bid "number_of_slots @ price_per_slot".


Sorry, no ICOs.


I would accept your bid, but it's currently too low.


I would allow Bitcoin forks in general, but I find it somewhat deceptive to name a fork or other altcoin "Bitcoin ____", since they are not Bitcoin. So I will not accept your bid in this case.

Auction status:
Slots BTC/Slot Person
4 0.14 ChipMixer
5 0.06 let.bet

The auction continues.

That won't help.


There is no known way for them to steal your BTC in that case, though they can see your addresses/transactions and change your settings. I'm not sure (and maybe nobody yet fully knows) exactly how much damage they can do by changing your settings. So you should absolutely still update.


That's normal, it means that his key isn't connected to your GPG trust graph. Typically you would --lsign-key the key after verifying it through some other method. PGP is kind of weird.

A vulnerability was found in the Electrum wallet software which potentially allows random websites to steal your wallet via JavaScript. The bug presumably also affects altcoin derivatives of Electrum such as Electron Cash. If you don't use Electrum or a derivative, then you are not affected and you can ignore this.

Action steps:

 1. If you are running Electrum, shut it down right this second.
 2. Upgrade to 3.0.5 (making sure to verify the PGP signature).

You don't necessarily need to rush to upgrade. In fact, in cases like this it can be prudent to wait a while just to make sure that everything is settled. The important thing is to not use the old versions. If you have an old version sitting somewhere not being used, then it is harmless as long as you do not forget to upgrade it before using it again later.

If at any point in the past you:

 - Had Electrum open with no wallet passphrase set; and,
 - Had a webpage open

Then it is possible that your wallet is already compromised. Particularly paranoid people might want to send all of the BTC in their old Electrum wallet to a newly-generated Electrum wallet. (Though probably if someone has your wallet, then they already would've stolen all of the BTC in it...)

This was just fixed hours ago. The Electrum developer (ThomasV on the forum, ecdsa on github) will presumably post more detailed info and instructions in the near future.

Update 1: If you had no wallet password set, then theft is trivial. If you had a somewhat-decent wallet password set, then it seems that an attacker could "only" get address/transaction info from your wallet and change your Electrum settings, the latter of which seems to me to have a high chance of being exploitable further. So if you had a wallet password set, you can reduce your panic by a few notches, but you should still treat this very seriously.

Update 2: Version 3.0.5 was just released, which further protects the component of Electrum which was previously vulnerable. It is not critically necessary to upgrade from 3.0.4 to 3.0.5, though upgrading would be a good idea. Also, I've heard some people saying that only versions 3.0.0-3.0.3 are affected, but this is absolutely wrong; all versions from 2.6 to 3.0.3 are affected by the vulnerability.

Update 3: You definitely should upgrade from 3.0.4 to 3.0.5, since 3.0.4 may still be vulnerable to some attacks.

Update 4: Here is the official, more complete response from the Electrum dev team.

Update 5: Apparently only a minority of Electrum users have upgraded, so I'll make the news item red again for a while. No significant facts have changed since yesterday, though.

I heard from him a year or two ago, and he was OK.

Although he did sometimes annoy me (especially that time he threatened to commit suicide and I had to contact his local police), I miss the pure passion that he and many others had at the time. It's become pretty diluted now.

There are basically three "levels" of the vulnerability:

"Meltdown": Caused by an embarrassing flaw in Intel CPUs which allows any code running on the computer (including JavaScript) to ignore memory protection fairly easily and access the entire contents of memory. The part of this where code can access all of physical memory is what's fixed by the various OS patches already out. The browser patches (which are mainly for spectre-1, see below) can also help against meltdown somewhat.

"Spectre-2": Caused by widespread flaws in our understanding of CPU design. Affects most CPUs, almost certainly including all modern AMD CPUs, though attacks against Intel CPUs may be easier simply because the internals of Intel CPUs are more well-understood. As with meltdown, it allows any code running on the computer (potentially including JavaScript) to access the entire contents of memory. However, this is much more difficult to pull off. It will probably be a while before we see practical attacks, and doing it via JavaScript increases the difficulty so much that we might never see JS-based attacks. Fixing the part of this where code can access all of physical memory requires an OS update (done on Windows, not done yet on Linux) and probably an update to CPU microcode, which may depending on the circumstances require an update to UEFI/BIOS and/or other firmware. Spectre-2 will become a bigger and bigger problem as the months go on and people increasingly figure out how to exploit it, since solving it can be difficult, especially on older devices.

"Spectre-1": Caused by widespread flaws in our understanding of CPU / software design. Affects all CPUs. It has two effects. First and most seriously, it allows sandboxed code running within a process (such as JavaScript running in a browser) to read the process's memory outside of the sandbox. Second, it introduces yet another arcane timing-like attack between processes running on the same hardware. This probably cannot be fixed by OS updates; security-sensitive programs will basically have to be redesigned with this attack in mind, probably with support from changes in compilers / programming languages. The various browser updates that have recently been released address the most obvious uses of spectre-1, but they are far from a complete solution. A lot more work will be required to make things reasonably secure, and then this will continue to haunt software development forever, especially for the type of sensitive software that today worries about timing attacks.

If you are successfully attacked by the full-memory variants, then it allows an attacker to do things like capture any encryption keys currently active (eg. disk encryption, wallet encryption, gpg-agent keys, etc.), get passwords currently in memory, get wallet keys currently in memory, get some/all of your browser cookies, etc. If you are successfully attacked by the single-process variant, then the attacker can only see the memory of that process, such as seeing the contents of all of your tabs for a browser.

Software like Electrum can't do anything about meltdown or spectre-2 other than avoiding keeping keys in memory as much as possible. For spectre-1, adjustments may be necessary, but for Python programs like Electrum it may mostly or entirely be done at a lower level.

For illustration of how widespread this problem is: I designed a full CPU from scratch as a project in a university course, and I'm pretty sure that my relatively primitive CPU was vulnerable to at least spectre-1, since it did the type of speculation which is causing problems here. This is a very deep problem.

Note that I have reduced the starting price to 0.02 from 0.10.

The forum sells ad space in the area beneath the first post of every topic page. This income is used primarily to cover hosting costs and to pay moderators for their work (there are many moderators, so each moderator gets only a small amount -- moderators should be seen as volunteers, not employees). Any leftover amount is typically either saved for future expenses or otherwise reinvested into the forum or the ecosystem.

Ads are allowed to contain any non-annoying HTML/CSS style. No images, JavaScript, or animation. Ads must appear 3 or fewer lines tall in my browser (Firefox, 900px wide). Ad text may not contain lies, misrepresentation, or inappropriate language. Ads may not link directly to any NSFW page. No ICOs, banks, or funds; I may very rarely make exceptions if you convince me that you are ultra legit, but don't count on it. Ads may be rejected for other reasons, and I may remove ads even after they are accepted.

There are 10 total ad slots which are randomly rotated. So one ad slot has a one in ten chance of appearing. Nine of the slots are for sale here. Ads appear only on topic pages with more than one post, and only for people using the default theme.

Duration

- Your ads are guaranteed to be up for at least 7 days.
- I usually try to keep ads up for no more than 8 or 9 days.
- Sometimes ads might be up for longer, but hopefully no longer than 12 days. Even if past rounds sometimes lasted for long periods of time, you should not rely on this for your ads.

Stats

Exact historical impression counts per slot:
https://bitcointalk.org/adrotate.php?adstats

Info about the current ad slots:
https://bitcointalk.org/adrotate.php?adinfo

Ad blocking

Hero/Legendary members, Donators, VIPs, and moderators have the ability to disable ads. I don't expect many people to use this option. These people don't increase the impression stats for your ads.

I try to bypass Adblock Plus filters as much as possible, though this is not guaranteed. It is difficult or impossible for ABP filters to block the ad space itself without blocking posts. However, filters can match against the URLs in your links, your CSS classes and style attributes, and the HTML structure of your ads.

To prevent matches against URLs: I have some JavaScript which fixes links blocked by ABP. You must tell me if you want this for your ads. When someone with ABP and JavaScript enabled views your ads, your links are changed to a special randomized bitcointalk.org URL which redirects to your site when visited. People without ABP are unaffected, even if they don't have JavaScript enabled. The downsides are:
- ABP users will see the redirection link when they hover over the link, even if they disable ABP for the forum.
- Getting referral stats might become even more difficult.
- Some users might get a warning when redirecting from https to http.

To prevent matching on CSS classes/styles: Don't use inline CSS. I can give your ad a CSS class that is randomized on each pageload, but you must request this.

To prevent matching against your HTML structure: Use only one <a> and no other tags if possible. If your ads get blocked because of matching done on something inside of your ad, you are responsible for noticing this and giving me new ad HTML.

Designing ads

Make sure that your ads look good when you download and edit this test page:
https://bitcointalk.org/ad_test.html
Also read the comments in that file.

Images are not allowed no matter how they are created (CSS, SVG, or data URI). Occasionally I will make an exception for small logos and such, but you must get pre-approval from me first.

The maximum size of any one ad is 51200 bytes.

I will send you more detailed styling rules if you win slots in this auction (or upon request).

Auction rules

You must be at least a Jr Member to bid. If you are not a Jr Member and you really want to bid, you should PM me first. Tell me in the PM what you're going to advertise. You might be required to pay some amount in advance. Everyone else: Please quickly PM newbies who try to bid here to warn them against impersonation scammers.

If you have never purchased forum ad space before, and it is not blatantly obvious what you're going to advertise, say what you're going to advertise in your first bid, or tell me in a PM.

Post your bids in this thread. Prices must be stated in BTC per slot. You must state the maximum number of slots you want. When the auction ends, the highest bidders will have their slots filled until all nine slots are filled.

So if someone bids for 9 slots @ 5 BTC and this is the highest bid, then he'll get all 9 slots. If the two highest bids are 9 slots @ 4 BTC and 1 slot @ 5 BTC, then the first person will get 8 slots and the second person will get 1 slot.

The notation "2 @ 5" means 2 slots for 5 BTC each. Not 2 slots for 5 BTC total.

- When you post a bid, the bids in your previous posts are considered to be automatically canceled. You can put multiple bids in one post, however.
- All bid prices must be evenly divisible by 0.02.
- The bidding starts at 0.02.
- I will end the auction at an arbitrary time. Unless I say otherwise, I typically try to end auctions within a few days of 10 days from the time of this post, but unexpected circumstances may sometimes force me to end the auction anytime between 4 and 22 days from the start. I have a small bias toward ending auctions on Fridays, Sundays, and Mondays.
- If two people bid at the same price, the person who bid first will have his slots filled first.
- Bids are considered invalid and will be ignored if they do not specify both a price and a max quantity, or if they could not possibly win any slots

If these rules are confusing, look at some of the past forum ad auctions to see how it's done.

I reserve the right to reject bids, even days after the bid is made.

You must pay for your slots within 24 hours of receiving the payment address. Otherwise your slots may be sold to someone else, and I might even give you a negative trust rating. I will send you the payment information via forum PM from this account ("theymos", user ID 35) after announcing the auction results in this thread. You might receive false payment information from scammers pretending to be me. They might even have somewhat similar usernames. Be careful.

Bids must be evenly divisible by 0.02, so I will round down to 0.12.

Auction ended, final result:
3 0.14 FortuneJack
4 0.14 ChipMixer
2 0.12 Aengus

I posted an estimate like that a long time ago, but it was an estimate as of that time, not a guaranteed amount. The mod payments algorithm has never taken forum income into account whatsoever, and you can see that in 2015 and 2016 it was much higher than 25%.

The increased-value reserve and massive 2017 income (which may well have been just a weird temporary trend) came pretty suddenly. I'm not sure yet how best to handle it. I've been thinking of maybe allocating some of the money toward creating a registered non-profit which would have a similar mission as the forum, but would focus more on things like free-speech legal battles and the development of true decentralized forum software. I also need to figure out ways of delegating more, since I am absolutely swamped as things are right now. Perhaps I could hire someone with a business degree or something who can act more like a proper CEO. Suggestions publicly or via PM are welcome, but please focus more on structural improvements rather than lists of things to throw money at. This has already been the case to a large extent, but especially now, the limiting factor is mostly time/people/skill/trust rather than money.

blocklife wants to advertise an ICO, so his bid is rejected. Cryptex.net PMed me to cancel his bid.


You haven't PMed me, and it looks like you're going to advertise an ICO, so I will reject your bid. PM me if you wanted to advertise something else.

Current status:
Slots BTC/Slot Person
3 0.12 ChipMixer
3 0.10 FortuneJack

The auction continues.