6202
|
Bitcoin / Mining / Re: Is my Kill a Watt wrong? says pulling almost 1300W from 1200 W PSU?
|
on: May 15, 2013, 05:15:03 AM
|
One way to check for a bad kill-a-watt is to plug something into it which has a defined wattage (hairdryer, lightbulb, etc). If nothing else a multi-plug extension cord, and as many lamps w/ 120W bulbs as you can find makes a good test load. Make sure to find out the max wattage the k-a-w can handle before you melt it trying to plug in an arc welder.
|
|
|
6204
|
Economy / Currency exchange / Re: Bitcoins Direct - Private off exchange sales by bank wire only 0.89% over spot.
|
on: May 14, 2013, 09:37:38 PM
|
Update: Lots of coins available.
That wouldn't have anything to do with the turnover of 40,000 BTC at MtGox a bit over an hour ago, would it? Perhaps you managed to get some cheap purchases in as the exchange rate dropped to $109.42 and then bounced right back up to $116? Well we have had high volume regardless of the spike but yes we generally keep orders on multiple markets to soak up "panic supply" so we got even more coins than normal.
|
|
|
6208
|
Bitcoin / Bitcoin Discussion / Re: Dwolla stopped from dealing with MtGox!
|
on: May 14, 2013, 09:14:45 PM
|
If that's the case, the people who really need to be concerned about this news are the Dwolla employees and the VCs and angels who have done Dwolla funding rounds.
This. Just wondering if anyone knows of anyone who has used Dwolla for non-Bitcoin related purchase. Being conservative I would say at least 75%+ of their volume is Bitcoin related and in reality it is probably 95%+.
|
|
|
6209
|
Other / Beginners & Help / Re: DEFINITE MOB CONTROL OF BITCOIN PRICES
|
on: May 14, 2013, 09:09:17 PM
|
Bitcoin has had plenty of periods of relative stability. ~$10, ~$15, etc. This is nothing new. In stock market terms it is called consolidation.
Now if it remained at $110 +/- $10 for the next 180 days well that might be something new.
|
|
|
6211
|
Other / Beginners & Help / Re: Award of coins, same block twice ?
|
on: May 14, 2013, 05:53:53 PM
|
Danny, thanks for the great answer on the award of the coins !! all clearer after that ; and I can see how being well connected in the P2P network would be beneficial. can't help but wonder now ! if Miner_a in your example has effectively received the new coins as a special transaction in their newly solved block (in a fork that will surely become orphaned) could they not attempt to spend those coins immediately before they effectively become invalidated !! No the network prevents this by making newly coined mined non-transferable for 100/120 blocks* (~1 day). If a miner's chain eventually becomes orphaned only the miner loses. * 100 is enforced at the protocol. A new tx with inputs from the coinbase tx of block X is considered invalid for relay or inclusion in a block until block X +100. The reference client prevents the creation of said transactions until the block is 120 blocks deep in the chain.
|
|
|
6212
|
Bitcoin / Bitcoin Discussion / Re: WARNING! Bitcoin will soon block small transaction outputs
|
on: May 14, 2013, 04:32:47 PM
|
BRING ON THE FORKS! ITS PAST DUE WE FIX BITCOIN! E-Mail BitHits.info@gmail.com if you are interested in doing this. I'll be starting a website in the near future dedicated to fixing BitCoin before self-righteous fucks destroy it with what 'they think' is best for BitCoin. Why do you hate freedom? Miners now (post 0.8.2) will have the CHOICE (but not requirement) to restrict uneconomical transactions to improve the efficiency of the network. What about choice do you find so scary?
|
|
|
6213
|
Economy / Trading Discussion / Re: How to SAFELY sell Bitcoins on eBay
|
on: May 14, 2013, 02:09:55 AM
|
How long do chargebacks typically have to occur? It is a 30 day timeframe is it not? I'll attempt to try this, not too worried about losing a small amount of BTC. Will report back here once everything is done.
120 days from the statement after the unauthorized transaction occurs.
|
|
|
6214
|
Other / Off-topic / Re: Amazon coin / Bitcoin parody
|
on: May 13, 2013, 11:39:24 PM
|
If AZC will grow then we will have next Linden dollar.
EDIT: new way, how to convert fiat into BTC
Nope. At least Linden dollars is a true virtual currency. A centrally controlled and issued one but a true currency. 1) AMZ Coins are simply another way of saying $0.01 worth of not tradeable, non-convertable, non-cancellable gift card money. Nothing more. 2) No form of trading is possible. No converting back to USD, no trading between user accounts. Nothing.
|
|
|
6215
|
Bitcoin / Mining / Re: Why does everyone think Solo Mining is a waste of time?
|
on: May 13, 2013, 07:27:32 PM
|
This is a little troubling since what is "very low" hash rate is in state of flux at the moment and soon "very low" could be measured in Ghs.
Well low is relative to p2pool total hashing power. IIRC (been a while since I did any mining) p2pool "share chain" is ~5000 shares long and with dynamic difficulty that means you would want to have at least 1/5000th of total hashing power of the pool. That would still be a little low because due to volatility 50% of the time you would have no shares in the chain when a block was found (sometimes you would have 2+ but that doesn't reduce volatility). With more like 1/1000th of pool hashing power most of the time (~90% of blocks) you will have at least one share in the chain. If p2pool reached 1 terrahash then like MH/s scale miners wouldn't be very viable. 10TH/s would probably kill off most GPU miners too. Note if p2pool uses a longer or shorter share chain now you should adjust those numbers.
|
|
|
6216
|
Other / Beginners & Help / Re: Is miningunited.com a SCAM, turning .1 bitcoins into .137 for almost free?
|
on: May 13, 2013, 07:21:51 PM
|
To those just now realizing it is a scam ... I mean really. 37% interest for a week? Really? Pirate only gave 7% and that was a massive masssive warning sign.
37% weekly interest is 1,286,676,865% annually. Anyone know a miner which makes 1 billion % profit per year. i.e. guy a $200 GPU, spend $100 in electricity and get $3,860,030,594 in annual mining rewards. That is the kind of gross profits they would need ... just to break even and pay all of it out as interest.
|
|
|
6217
|
Other / Beginners & Help / Re: Is miningunited.com a SCAM, turning .1 bitcoins into .137 for almost free?
|
on: May 13, 2013, 07:19:23 PM
|
Last I checked bitcoin is still a VIRTUAL-currency am I right? How do you get in legal trouble trading things that aren't even real money? If that's ignorant then please enlighten this newbie You may have paid real money for bitcoins but that doesn't magically make bitcoin become real money all of a sudden. And no I'm not trying to be sarcastic...I'm asking an honest question. Last time I checked gold or cars aren't money. Obviously it isn't against the law for someone to take your car or break into your house and steal your gold right?
|
|
|
6218
|
Other / Beginners & Help / Re: mt gox account stolen, I lost all my money
|
on: May 13, 2013, 07:04:05 PM
|
Please provide some examples, your linked article did nothing of the sort. Nobody said anything about holy grail but extraordinary claims require extraordinary details. The OP provided no details so to assume MtGox 2FA has been compromised is dubious at this time. Measures like the above would greatly help secure user accounts (in addition to TFA) while being rather easy to implement, so Gox really has no excuses for neglecting such details. Unless the OP had a horribly weak password the most common attack vector is compromise to the users machine and gain access to credentials via keylogger. In that instance it is highly likely the user's email address is compromised as well (unless it is also protected by 2FA). A more sophisticated attack would use OP computer as a proxy or to just steal the OP session when already logged in. In either case the only IP would be the users. Layering steps and procedures which all involve the same compromised machine is probably just "feel good" security. My claim was not that extraordinary... It's not like I'm saying I was abducted by a UFO or something Anyway, here's one rather famous example: http://arstechnica.com/security/2012/12/sophisticated-botnet-steals-more-than-47m-by-infecting-pcs-and-phones/I agree with the rest of your comments. Nice example. This is one reason why I favor dedicated offline tokens. PayPal (of all people) uses a nice one which is the size of a credit card so you can easily store it in your wallet. The extraordinary claim was more direct at the OP claim. Some details would be nice. Past examples of people reporting their 2FA on MtGox was compromised turned out to be untrue (in one example user never activated it due to user error).
|
|
|
6219
|
Other / Meta / Re: Enhancing the security of this forum by integrating two factor authentication.
|
on: May 13, 2013, 06:53:52 PM
|
Yes, please add 2FA! But how would OpenID be connected to that? I'm usually just annoyed by sites that want to rely on OpenID or Google accounts and not have their own account credentials. Separate credentials + 2FA for each site is much better and simpler IMO.
If we used OpenID as a 2FA method, it would be separate from Google Authenticator. What's the problem with using Google Authenticator? It has nothing to do with Google accounts, and is very easy to implement. I even added it to my own ssh server. Yeah there seems to be some confusion on how these various components fit together. The TOTP standard: RFC6238RFC6238 is an open standards which allows a remote user (forum user) and a website (bitcoin talk forum) to generate the same code at the same time. It is a time based token. The inputs for the algorithm are a shared secret and the current time. Note this requirement the public website AND the user to run the same algorithm but they don't need to even be created by the same codebase as long as they properly implement RFC6238. site implementation AND a remote implementation. This is how both entities can "know" the same code at the same time without any communication. The site (any site) just needs an implementation of RFC6238. https://tools.ietf.org/html/rfc6238The site needs to run code which will allow it to assign a shared secret to each user (often in form of QR code) and maintain those shared secrets in the login tables of the database. When user later provides a TOTP the site will take the shared secret & current time to generate a code and see if it matches what users provides. Google does provide source code for this but a site doesn't need to run google code any public server implementation of RFC6238 will work with any client implementation. That is the whole point of an open standard. http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm#Public_Server_ImplementationsSo as an example a website could use OATH Toolkit (public server implementation of RFC6238) and a user who has Google Authenticator (client implementation of RFC6238) could generate the proper code. I guess the best analogy would be web server and web browser. They both implement the http protocol. You don't need to use a google chrome webserver in order for users running google chrome browser to see your website. http://www.nongnu.org/oath-toolkit/OpenIDOpenID isn't 2FA. It is simply authentication. It allows you to use a site you ALREADY HAVE to register on new sites in a secure manner (site owners can't link identities together). Note it isn't 2FA it is just a replacement for normal login. Now if your OpenID login HAS 2FA (i.e. you use gmail = an open ID provider and your gmail account has 2FA) then it can be more secure but if your OpenID account has your email address as the username and password is "password" it isn't going to be any more secure. http://openid.net/get-an-openid/
|
|
|
6220
|
Other / Beginners & Help / Re: mt gox account stolen, I lost all my money
|
on: May 13, 2013, 06:28:42 PM
|
Please provide some examples, your linked article did nothing of the sort. Nobody said anything about holy grail but extraordinary claims require extraordinary details. The OP provided no details so to assume MtGox 2FA has been compromised is dubious at this time. Measures like the above would greatly help secure user accounts (in addition to TFA) while being rather easy to implement, so Gox really has no excuses for neglecting such details. Unless the OP had a horribly weak password the most common attack vector is compromise to the users machine and gain access to credentials via keylogger. In that instance it is highly likely the user's email address is compromised as well (unless it is also protected by 2FA). A more sophisticated attack would use OP computer as a proxy or to just steal the OP session when already logged in. In either case the only IP would be the users. Layering steps and procedures which all involve the same compromised machine is probably just "feel good" security.
|
|
|
|