.... but why don't you add Tor into Namecoin? eh?, what does this even mean?
|
|
|
There has got to be a way to profit off my own bankruptcy, right?
Actually there are a few, CDS (credit default swaps) being popular among failing banks, corporates and sovereigns.
|
|
|
the development of an alt-coin (double blinding signing) which makes such registries more such lunacy more difficult to implement.
Are you suggesting it is possible to combine eCash blinded signature with a decentralized blockchain, somehow? In other words, a fully anonymous p2p currency?? Please, explain a little more if that's the case. Perhaps open a new topic about it... Yeah, it would be like magic. I mean Bitcoin is like magic sort of, but no double spending and no trail just seems like fairy tales. Obv I'm very interested if someone can explain how this could be possible. Homomorphic encryption should theoretically be able to do what you are calling a "fairy tales" ... noone said it was easy though.
|
|
|
As much as it pains me to admit I think this idea of tainted coins will lead bitcoin to it's death.
Me too. Someone should file a bug report to the devs. The solution, of course, is strong anonymity and not the half-baked pseudo-anonymity scheme bitcoin uses at present ... like real cash (who woulda thunk?)
|
|
|
Isn't the person who committed the theft (or other crime) the one who's tainted, not the bitcoins? And what is a bitcoin but a record of a transaction? What would you expect to happen if someone stole your bitcoins? What if you had a fraction of a fraction of a tainted bitcoin in your wallet, among thousands of non-tainted coins, and law enforcement confiscated your entire wallet because it contained a tainted coin? Do you expect them to understand or care about the finer distinctions of bitcoin or monetary science?
Quite, money is an information technology, and like all technologies is amoral. Requiring bitcoins to have a moral status is ludicrous, and belies a fundamental misunderstanding of what money is. Best leave moral judgements up to the conscience of the thieves and the God who watches over all and don't place such an impossible requirement on bitcoin.
|
|
|
So would it be reasonable for anybody lucky enough to receive refunds from Bitcoinica, via Luke-Jr's recovery of stolen coins operation from those handed out by BitcoinicaHacker, to request that they be suitably mixed first, e.g. http://www.bitcoinfog.com/ .... since those coins that were once "tainted" are now no longer "tainted" having been returned to their original owners, albeit via many entity's addresses and sundry circuitous routes? Is it legitimate to "untaint" your own previously held coins "tainted" by the baddies? Enquiring minds are wondering.
|
|
|
I luv these geeked out security discussions after the fact .... and in the end when everything is plain sailing they go back to hiding the key under the doormat.
|
|
|
Attack vectors:
- The idiots at the hosting company, or anyone getting access, can try a cold boot attack against your server. Bare metal isn't enough by far for physical security.
- You call them idiots, but they can at least take your site down easily, for damaging rep.
- Those guys can also reroute your traffic for man in the middle attacks vs your clients -- do you believe they will not click through SSL security warnings?
- If you login via ssh, I hope you got the server key and enabled strict checking, to avoid man in the middle attacks. You should consider something stronger than mere software keys too. Require 2 persons, or at least std 2 factor auth. And you need remote logging to another secured system for a verifyable audit trail.
- I hope you do debian security updates more often than you update your sig, which still advertises transfers to bitcoinica.
- Bragging about your server on the net while calling ISP employees idiots is a bad idea.
Free advice.
-coinft.
Of course no system can be 100% secure unless you have sole physical access to the server, and then there are other worries as well. I am just saying. From having a Rackspace VM holding 100K to my solution, there is a whole lot more security, and as you point on your post, the attack vectors need to be substantially more sophisticated than breaking into an IMAP account. I wasn't calling my ISP guys idiots by the way, I was just talking generically. Our app server is neither hosted nor collocated. The rest of our infrastructure is. aurumXchange ... I'm sure that live security testing of your set-up can be arranged if needs be ...
|
|
|
Good to see the pretenders and lightweights are getting weeded out as need be. Better to go through these kind of stresses, shall we call it 'testing', while the experiment is still beta.
Now anyone who has received 'dirty' coins and wants to give those 'tainted' coins back, if they feel it is the right thing to do, can send them to zhou or who? That weak fungibility is almost worth a bug report or do we need to see it happen a few more times?
|
|
|
This is good. Will be interesting when the Mt. Gox, Bitcoinica, BitInstant, Intersangos, etc who are basing businesses on the bitcoin s/ware platform realise some QA and testing is essential ...
|
|
|
More to the point: People value bits and bytes - to stop people from transferring value over the Internet is to stop people from using the Internet!
Shhh, don't give them any ideas, the racket-protecting parasites are doing enough damage already.
|
|
|
Should I be worried? Or should the real owner be worried? I guess if I was malicious I could use the registration information to seize control of the domains. Have you absolutely ruled out amnesia? Or multiple personality disorder? Sounds crazy but you never know, how well do you know yourself? Have you been visiting Silk Road recently?
|
|
|
Okay, colour me ignorant, call me whatever names you like.
If they aren't going to regulate the software, just what are they going to regulate (I don't think I read that anywhere in your rant above)?
|
|
|
Good idea. Bounties for testing makes a change to the frosty reception testers have received prior ... just saying.
Edit: also proposed previously to create a #bitcoin-test irc separate to #bitcoin-dev to enable more focus, cogent threads, etc. Might be worth looking at now.
|
|
|
Unfortunately, there is inadequate interest (1 other) ... (unless J. Matonis is taking a special trip ) so I'm cancelling it.
|
|
|
And you don't think they should be able to undercut me with my suppliers if they can afford it? I mean if my production costs are higher than theirs isn't it better I get undercut and go out of business? And on the other hand if they undercut me just to deny me my supplier don't think they'll go out of business sooner or later because of higher costs of their production?
Your example also suggests to me that secrecy is a tool for defending my complacency and perhaps even laziness. If I work hard enough while knowing my finances are public and knowing my suppliers might be denied to me by getting undercut by my competitor I can preemptively make a deal with my supplier to ensure he wont accept someone else's business.
I don't know, but your example is far from real evidence that I was hoping someone would show to me. Perhaps a real world example would be nice.
I'd suggest go into business and find out for yourself. There are thousands of reasons why businesses (and individuals) need financial privacy, too many to think of and list here. Basically it is a big source of information leakage to have your finances known by the competition, think of your financial information as Intellectual Property.
|
|
|
|