-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I have updated the forum's HTTPS keys.

bitcointalk.org RSA, exponent 65537, modulus:
00 c8 9d 5f 0e 95 79 ad b9 9f 6e b5 16 c9 bd
12 0e 98 2f 23 08 00 73 3f 71 b2 ce fb 93 8e
5f 2a 12 7d 35 c6 91 f3 f6 ec 3e ab bd 06 08
5b 12 c1 6e 96 71 33 20 ba 93 1a a2 c3 15 56
6d de 9b 3f 6f f4 06 0a 92 06 96 b7 f8 7f 65
f5 c8 0e ab a2 8b a6 33 11 82 8e eb ba a0 67
48 93 d1 f0 2b 45 68 5f 07 fd 6f 1f 3f 3e 11
58 e7 e3 c9 91 24 8f aa f9 c9 b2 84 1d 13 67
94 63 d4 ef d0 e3 4d 48 4f f8 47 a7 ec 95 72
5a 03 f6 94 4f d5 f7 76 92 ed 55 71 a8 12 14
e7 be 5e bf 33 9a b2 ea 10 d9 54 93 42 25 60
0c 86 d5 a3 f6 5e d5 ee 0d c9 94 23 f2 d6 cb
24 ee e0 6c 50 37 2a 9d 6e 41 19 3b 9f c0 d7
16 bd ac 1e a8 59 d1 0a 23 e4 e8 61 1f 7e cd
da d5 91 74 65 f1 e0 d8 96 d8 28 2c 0f 5e 94
67 f9 18 b6 d0 4f 2e 39 a4 67 13 51 aa 4b 21
04 8b a8 45 91 e0 8c 25 8d b3 fd 10 d9 61 10
9d 1f

*.bitcointalk.org RSA, exponent 65537, modulus:
00 dc 19 96 b1 b1 ab bd a9 59 07 5a 0f ab 38
ad f6 5e 13 68 f5 66 66 ac 5f 3a 2d dc 51 26
df 41 91 47 0f 28 81 db 60 b4 d9 d7 b3 fb 4a
71 0d 85 70 cf 68 e1 75 10 d1 1e df 12 db 17
23 49 d0 43 59 a3 74 a2 d2 80 01 cc 68 74 1e
6a d7 99 39 3a 16 ec 41 dc 52 48 12 59 9e e9
80 41 74 be c7 04 ad c1 66 aa e8 46 82 54 e0
de aa 69 f1 88 d6 73 63 64 27 2a 92 e8 46 b2
45 44 50 ce 30 dd b5 a7 bb 88 52 d1 ac c9 5e
24 3e b2 39 e0 92 7e 52 f4 d1 22 ac f5 3b 7d
b6 d9 a1 1f de 4e 13 2f 0a 66 5f 8d 21 1e 0c
7d 4c e5 23 7c 9d 03 6f 21 8f 6a ac 48 b0 a7
be e6 67 7f e0 d4 0c 5f d3 ca 76 31 34 d4 11
a2 a1 87 0b d0 54 30 49 0d e4 1d 9b db 47 1e
b1 9e 35 25 e6 ac d9 41 a9 7b fc 67 90 4d fa
15 6a bd 9e 5d a2 c7 e0 cf cd 04 0d c8 77 25
4f 06 01 68 7a da b8 9d 14 dd 81 4b 03 3c 5b
a6 fd
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlNJdBAACgkQxlVWk9q1kecbOQD/QjGjDtcqUoAzMoPUdeLyDHPV
+DdS1dVDRP/bgUogqrIBAIeo4Onxia4VY7OmadmAaLtOR9WtUgVHeJtYxQ9uDIRu
=oKJI
-----END PGP SIGNATURE-----

It was, but it was fixed hours after the vulnerability was announced. It's very unlikely IMO that the private key was compromised, and an attacker would also need to be able to read traffic between you and the forum to see anything, so a lot of concern isn't necessary IMO. I will still update the TLS keys as soon as I can. (RapidSSL/NameCheap has some technical problems with reissues -- it seems that they always sign the last certificate you sent them when doing a reissue, so you actually need to reissue twice to change the cert, and this takes time.)

No. 

You'll notice that some links (such as the logout link) end in a long code like this:
https://bitcointalk.org/index.php?action=logout;sesc=3da541559918a808c2402bba5012f6c
All forms also have something like this, but it's hidden. The purpose of this code is to prevent CSRF attacks.

If you click a link or send a form that contains the wrong code, then you get the "session verification failed" error. This can happen when your code changes, but you're still looking at the old version of the page for some reason. Aggressive caching could cause this. Or maybe your browser is discarding the PHPSESSID cookie very frequently for some reason; your session code changes whenever you're issued a new PHPSESSID.

I very rarely see that error. Maybe your browser is handling cookies strangely or aggressively caching pages.

The instructions are in src/doc/build-unix.md. For bitcoind, you only need OpenSSL (the fixed version), Boost, and Berkeley DB.

The downloaded bin directory contains a few executable files. Find the locations of those files already on your system and replace them with the new versions. Maybe they're in /usr/bin?

When you run bitcoind, you can run it with a number of command-line switches such as -config=..., -connect=..., etc. If you run bitcoind with -rpcssl=1, then you're potentially vulnerable to this bug.

That's a good policy. I also do that. You don't need to update from versions older than 0.9.0 unless you're using rpcssl. Most people aren't.


bitaddress.org's HTTPS may have been compromised due to this OpenSSL bug, which could have allowed a man-in-the-middle to serve you malicious JavaScript.

I recommend not using JavaScript Bitcoin software for anything important.


No, but don't ever run your 0.9.0 installation. When you want to access your cold storage, update to the latest version first.

All versions of Bitcoin-Qt are affected by the rpcssl part of the vulnerability if they are linked with an affected OpenSSL version.

The payment protocol only exists in 0.9.

If you are using the graphical version of 0.9.0 on any platform, you must update immediately. Download here. If you can't update immediately, shut down Bitcoin until you can. If you ever used the payment protocol (you clicked a bitcoin: link and saw a green box in Bitcoin Core's send dialog), then you should consider your wallet to be compromised. Carefully generate an entirely new wallet (not just a new address) and send all of your bitcoins there. Do not delete your old wallet.

If you are using any other version of Bitcoin-Qt/Bitcoin Core, including bitcoind 0.9.0, you are vulnerable only if the rpcssl command-line option is set. If it is not, then no immediate action is required. If it is, and if an attacker could have possibly communicated with the RPC port, then you should consider your wallet to be compromised.

This vulnerability is caused by a critical bug in the OpenSSL library used by Bitcoin Core. Successfully attacking Bitcoin Core by means of this bug seems to be difficult in most cases, and it seems at this point that even successful attacks may be limited, but I recommend taking the above actions just in case.

If you are using a binary version of Bitcoin Core obtained from bitcoin.org or SourceForge, then updating your system's version of OpenSSL will not help. OpenSSL is packaged with the binary on all platforms.

Download 0.9.1
Announcement

Other software (including other wallet software) may also be affected by this bug. OpenSSL is extremely common.

484 accounts were updated. If your wiki account's email address as of March 31 had the same email address as your forum account as of April 2, and if you met the activity requirements on April 2, then your wiki account should now be capable of editing.

Trust spam isn't allowed. If I see anyone posting dozens of fake trust ratings (from one account or many alt accounts), I will delete all of their ratings. But Inaba is hiring multiple people to create these ratings. It is impossible for me to determine whether these ratings are "real" or not, so I'm not going to delete them. (Obviously all negative ratings are very likely to be fake, but I'm not going to guess about this.)

I agree that it is a little annoying to see a wall of negative ratings, but this is in the "untrusted" section. The way things are set up currently, untrusted ratings can be easily spammed in a number of ways. That's why those ratings are hidden by default.

It's possible. We've recently been seeing many IPs that drain tons of bandwidth or perform requests very quickly, so we've started banning some of these. You shouldn't have been banned unless you were doing something very unusual, though.

PM me your IP.

It's not done yet. However, the data collection part is probably done now, so trying to get more activity or creating a wiki account probably won't get you anything now. I will announce the details here when it's all done.

"Custom hardware" is now called Hardware. The old Hardware section is now "CPU/GPU Bitcoin mining hardware" and archived. You can't post new topics or posts to an archived section, but you can move your topics out to a different section. If a topic should be moved out and the topic-starter is not available to do it, report the topic.

All Bitcoin hardware talk should go in the (new) Hardware section. Altcoin hardware talk should go in the altcoin mining section.

The forum sells ad space in the area beneath the first post of every topic page. About 25% of ad income goes to the forum moderators as thanks for all of their work. (There are many moderators, so each moderator gets only a small amount -- moderators should be seen as volunteers, not employees.) The rest is stored in the forum's treasury (verifiably), where it sits until the forum needs it.

Ads are allowed to contain any non-annoying HTML/CSS style. No images, JavaScript, or animation (no marquee or blinking). Ads must appear 3 or fewer lines tall in my browser (Firefox, 700px wide). Ad text may not contain lies, misrepresentation, or inappropriate language. Ads may not link directly to any NSFW page. Ads may be rejected for other reasons, and I may remove ads even after they are accepted.

There are 10 total ad slots which are randomly rotated. So one ad slot has a one in ten chance of appearing. Eight of the slots are for sale here. Ads appear only on topic pages with more than one post, and only for people using the default theme.

The ad lasts at least 7 days starting from when I put it up. (However, if you look at the ad history you'll see that ads usually get at least 8 days, and sometimes as many as 10, but this is random and definitely not guaranteed.)

Stats

Exact historical impression counts per slot:
https://bitcointalk.org/adrotate.php?adstats

Info about the current ad slots:
https://bitcointalk.org/adrotate.php?adinfo

Ad blocking

Hero members, Donators, VIPs, and moderators have the ability to disable ads. I don't expect many people to use this option. These people don't increase the impression counts for your ads.

I try to bypass Adblock Plus filters as much as possible, though this is not guaranteed. It is difficult or impossible for ABP filters to block the ad space itself without blocking posts. However, filters can match against the URLs in your links, your CSS classes and style attributes, and the HTML structure of your ads.

To prevent matches against URLs: I have some JavaScript which fixes links blocked by ABP. You must tell me if you want this for your ads. When someone with ABP and JavaScript enabled views your ads, your links are changed to a special randomized bitcointalk.org URL which redirects to your site when visited. People without ABP are unaffected, even if they don't have JavaScript enabled. The downsides are:
- ABP users will see the redirection link when they hover over the link, even if they disable ABP for the forum.
- Getting referral stats might become even more difficult.
- Some users might get a warning when redirecting from https to http.

To prevent matching on CSS classes/styles: Don't use inline CSS. I can give your ad a CSS class that is randomized on each pageload, but you must request this.

To prevent matching against your HTML structure: Use only one <a> and no other tags if possible. If your ads get blocked because of matching done on something inside of your ad, you are responsible for noticing this and giving me new ad HTML.

Auction rules

Post your bids in this thread. Prices must be stated in BTC per slot. You must state the max number of slots you want. When the auction ends, the highest bidders will have their slots filled until all eight slots are filled.

I reserve the right to reject bids, even days after the bid is made. In particular, bids from people with less than 15 activity points are likely to be rejected. I recommend not getting into a bidding war with someone who has less than 15 activity points, as their bids might not be accepted, but your latest bids will still stand. If you need to know right away whether someone's bids will be accepted, PM me.

So if someone bids for 8 slots @ 5 BTC and this is the highest bid, then he'll get all 8 slots. If the two highest bids are 8 slots @ 4 BTC and 1 slot @ 5 BTC, then the first person will get 7 slots and the second person will get 1 slot.

The notation "2 @ 5" means 2 slots for 5 BTC each. Not 2 slots for 5 BTC total.

- When you post a bid, the bids in your previous posts are considered to be automatically canceled. You can put multiple bids in one post, however.
- All bid prices must be evenly divisible by 0.05.
- The bidding starts at 0.50.
- I will end the auction at an arbitrary time no more than 12 days from now. (I will probably end the auction 1-3 days before the ads are scheduled to go up.)
- If two people bid at the same price, the person who bid first will have his slots filled first.
- Bids are considered invalid and will be ignored if they do not specify both a price and a max quantity, or if they could not possibly win any slots

If these rules are confusing, look at some of the past forum ad auctions to see how it's done.

You must pay for your slots within 24 hours of receiving the payment address. Otherwise your slots may be sold to someone else.

Auction ended. Final result:

Slots BTC/Slot Person
1 5.80 PBmining
1 5.80 CoinReporting
1 5.75 S3052
3 5.70 CEX
1 5.65 betcointm
1 5.65 BITMAIN


You are too new. PM me in advance next time.