Nowadays, people who register using a proxy/VPN will automatically be prompted to pay a small registration fee before being allowed to post.

Multiplying random numbers with less random numbers reduces the final number's randomness.

Here's an example. Say you want to generate random numbers mod 4. So you first generate a random number with probability distribution:

Now you get another number from elsewhere with this distribution:

Then your final number's probability will be this (using the multiplication rule):

The result is not at all uniform. This same thing will happen with larger numbers, though it might be less noticeable.

The proper way to do this is to use a cryptographically-secure pseudorandom number generator (CSPRNG) and seed it with both the random number and the non-random number. One simple algorithm is to treat the random number as a string, concatenate it with the non-random number, and hash this combined string with a cryptographically-secure hash function. Then convert the hash into a number.

However, you should not implement cryptographic algorithms unless you really know what you're doing. There are all kinds of possible pitfalls. Use a prebuilt CSPRNG from a library like OpenSSL instead.

I've thought about that before, but I think that there might be legal problems with that. It might make the forum a "money transmitter".

It was down for a few hours.

The forum sells ad space in the area beneath the first post of every topic page. About 25% of ad income goes to the forum moderators as thanks for all of their work. (There are many moderators, so each moderator gets only a small amount -- moderators should be seen as volunteers, not employees.) The rest is stored in the forum's treasury (verifiably), where it sits until the forum needs it.

Ads are allowed to contain any non-annoying HTML/CSS style. No images, JavaScript, or animation (no marquee or blinking). Ads must appear 3 or fewer lines tall in my browser (Firefox, 700px wide). Ad text may not contain lies, misrepresentation, or inappropriate language. Ads may not link directly to any NSFW page. Ads may be rejected for other reasons, and I may remove ads even after they are accepted.

There are 10 total ad slots which are randomly rotated. So one ad slot has a one in ten chance of appearing. Eight of the slots are for sale here. Ads appear only on topic pages with more than one post, and only for people using the default theme.

The ad lasts at least 7 days starting from when I put it up. (However, if you look at the ad history you'll see that ads usually get at least 8 days, and sometimes as many as 10, but this is random and definitely not guaranteed.)

Stats

Exact historical impression counts per slot:
https://bitcointalk.org/adrotate.php?adstats

Info about the current ad slots:
https://bitcointalk.org/adrotate.php?adinfo

Ad blocking

Hero members, Donators, VIPs, and moderators have the ability to disable ads. I don't expect many people to use this option. These people don't increase the impression counts for your ads.

I try to bypass Adblock Plus filters as much as possible, though this is not guaranteed. It is difficult or impossible for ABP filters to block the ad space itself without blocking posts. However, filters can match against the URLs in your links, your CSS classes and style attributes, and the HTML structure of your ads.

To prevent matches against URLs: I have some JavaScript which fixes links blocked by ABP. You must tell me if you want this for your ads. When someone with ABP and JavaScript enabled views your ads, your links are changed to a special randomized bitcointalk.org URL which redirects to your site when visited. People without ABP are unaffected, even if they don't have JavaScript enabled. The downsides are:
- ABP users will see the redirection link when they hover over the link, even if they disable ABP for the forum.
- Getting referral stats might become even more difficult.
- Some users might get a warning when redirecting from https to http.

To prevent matching on CSS classes/styles: Don't use inline CSS. I can give your ad a CSS class that is randomized on each pageload, but you must request this.

To prevent matching against your HTML structure: Use only one <a> and no other tags if possible. If your ads get blocked because of matching done on something inside of your ad, you are responsible for noticing this and giving me new ad HTML.

Auction rules

Post your bids in this thread. Prices must be stated in BTC per slot. You must state the max number of slots you want. When the auction ends, the highest bidders will have their slots filled until all eight slots are filled.

I reserve the right to reject bids, even days after the bid is made. In particular, bids from people with less than 15 activity points are likely to be rejected. I recommend not getting into a bidding war with someone who has less than 15 activity points, as their bids might not be accepted, but your latest bids will still stand. If you need to know right away whether someone's bids will be accepted, PM me.

So if someone bids for 8 slots @ 5 BTC and this is the highest bid, then he'll get all 8 slots. If the two highest bids are 8 slots @ 4 BTC and 1 slot @ 5 BTC, then the first person will get 7 slots and the second person will get 1 slot.

The notation "2 @ 5" means 2 slots for 5 BTC each. Not 2 slots for 5 BTC total.

- When you post a bid, the bids in your previous posts are considered to be automatically canceled. You can put multiple bids in one post, however.
- All bid prices must be evenly divisible by 0.05.
- The bidding starts at 0.50.
- I will end the auction at an arbitrary time no more than 12 days from now. (I will probably end the auction 1-3 days before the ads are scheduled to go up.)
- If two people bid at the same price, the person who bid first will have his slots filled first.
- Bids are considered invalid and will be ignored if they do not specify both a price and a max quantity, or if they could not possibly win any slots

If these rules are confusing, look at some of the past forum ad auctions to see how it's done.

You must pay for your slots within 24 hours of receiving the payment address. Otherwise your slots may be sold to someone else, and I might even give you a negative trust rating. I will send you the payment information via forum PM from this account ("theymos", user ID 35). You might receive false payment information from scammers pretending to be me. They might even have somewhat similar usernames. Be careful.

Auction ended. Final result:
Slots BTC/Slot Person
1 1.80 FortuneJack
4 1.70 MariaQin
1 1.70 NitrogenSports
2 1.65 CEX

The main problem with I2P and Tor is that they only try to protect you against mostly-passive attackers who have absolutely no idea of where you might actually be on the Internet. The Tor threat model says (and this is also true of I2P):


But attackers looking for the real IP of a target hidden service can significantly narrow the set of possible targets by enumerating all active Tor/I2P users (using widespread traffic analysis or by having a lot of nodes on the network), and then they can further narrow it by doing intersection attacks. Once they've narrowed it down to a few hundred possibilities, they can try timing attacks against each one to get solid proof that they're the target.

(I wonder if the hidden services that were not taken down in the recent bust have anything in common. Are they in a particular country that's unfriendly to NSA demands? Do they use a fixed set of trusted entry guards? Probably we won't find out, unfortunately.)

I just don't think that low-latency client<->server networks can be secure. What we need are distributed data stores like Freenet so that the originator/owner of content doesn't need to always be online and moreover has plausible deniability even if they are under active surveillance. However, I really doubt that any existing anonymous data store could actually stand up to targeted traffic analysis of the content originator. Freenet seems to be put together in an especially haphazard way, without much theoretical basis for its claimed anonymity.

I like a lot of what I've read about GNUnet. I think that a good path forward for anonymous networks would be:
- Make the GNUnet software user-friendly.
- Create message board and Web functionality (like FProxy) on top of GNUnet.
- Make GNUnet work over I2P.
- Increase the popularity of GNUnet+I2P so that attackers can't just do traffic analysis of every single user.

I2P is very similar to Tor technologically. If the Feds are using technical attacks against Tor, then the same attacks will probably also work against I2P. In fact, some attacks are easier against I2P because it has far fewer users and its network isn't carefully managed in the same way that Tor's network is.

I don't believe that any anonymity network in existence today is safe enough to directly run an illegal website on, unfortunately.

The default has always been 2.

I made three improvements to the Trust system:

Firstly, there is now a neutral rating type. Neutral ratings don't affect a person's trust score at all. On a person's trust page, positive ratings are bold, neutral ratings are italic, and negative ratings are red bold-italic.

Secondly, it is now possible to exclude users in your trust list. Prefix a person's name with a tilde character (~) if you want to exclude them. If you exclude someone, then you will never see that person's ratings as trusted, even if the person is trusted by other people in your trust network.

Exclusions also travel through the trust network. If one person in your trust network trusts someone and another person excludes them, then whether or not they're seen as trusted for you is decided using these rules:
1. If someone at a lower depth (ie, closer to your trust list) disagrees with someone at a higher depth, then the person at the lowest depth wins. Due to this, no one can overrule anything you put in your trust list directly.
2. If multiple people at the same depth disagree, then the rating type that is most popular among these people wins. For example, say that you have three people in your trust list. If two of them trust someone and one of them excludes that person, then the person will not be excluded.
3. If an equal number of people at the same depth include and exclude a person, then the person will be included.

Finally, I added an easier-to-understand way of viewing your trust network to the trust settings page. The number in parentheses is the number of people in the preceding (lower) depth level who trust the person minus the number of people at the preceding depth level who exclude that person. This view contains slightly less information than the hierarchical view -- there's a link to the old view at the bottom of the trust settings page.

Also, the maximum trust depth is now 4 instead of 3, though it's probably still not a good idea to go above 2.

Your wallet remains unlocked for a while. IIRC it's 5 or 10 minutes.

I didn't know that hilariousandco was so skilled a rapper that he could rap someone into submission. Impressive!

Thanks for the input, everyone! I think I might go with "Libertas Lunae" even if it maybe doesn't exactly match the meaning I intend. Luna/Lunaris don't sound quite as good IMO.

I haven't fully developed the idea of what I'd want the organization to do or look like. It might do one of these things:
- Hold some of the forum's BTC as a separate entity to improve the forum's decentralization. It might also use some of this money to help Bitcoin development (and other such things).
- Legally own the bitcointalk.org and maybe bitcoin.it domain names while remaining somewhat separate from their operation, again to improve decentralization. It might also collect donations as a non-profit corporation and use this to help Bitcoin development (and other such things).
- Act as a "competitor" to the Bitcoin Foundation in some areas.

Those are just some ideas of things that I've been thinking an organization might be needed for. But I still need to think about it more.

I fixed the SMF allowedTo function.

I was testing something. I'm not banned now.

That was already supposed to have been the case, but it wasn't working. I fixed it.

For some strange reason, there's no way to use SMF's allowedTo function to accurately test whether someone can post unless you have a board loaded. allowedTo('post_reply_any', array(1)) doesn't actually check whether someone can post replies in board #1, and apparently this form of allowedTo isn't used anywhere in SMF, presumably because it's broken... I wonder whether this is fixed in 2.0.

Yes.

This is the current status:

Slots BTC/Slot Person
2 0.80 pandacoin
4 0.80 CEX
4 0.70 jief78
1 0.65 ACCTseller
4 0.60 FortuneJack
2 0.60 stellarman
2 0.60 marcotheminer

Only the first 8 slots would be filled if the auction were ended now, though.

That's awful. I hope things turn out as well as possible for you.


Don't worry about it.

I was thinking of naming a Bitcoin organization "Lunae Libertas", which I intend to have a meaning similar to "Lunar Liberty", but I don't know any Latin. Is this correct?

The idea is that the organization will (in part) work to ensure that we'll still have liberty in the Bitcoin ecosystem once we've gotten "to the moon!!!".