If they are running GNU/Linux on their servers and have fully patched their servers they are not vulnerable (this is the most likely scenario). If they are running GNU/Linux on their servers and have not patched their servers they are vulnerable. If they are running Microsoft Windows Server on their servers they are not vulnerable. If they are running Apple Server on their servers they are vulnerable (Apple has yet to issue any patches).
|
|
|
5) Some ideas I like Personal and / or Business hall of fame, straight donations to the development fund. 6) Donation of hash power by solo mining to a development donation address. 7) Opt in and or opt out donations in client and mining software. Some ideas I do not like. Business specifically set up to raise funds. This adds the issue of competing with independent businesses in the Monero economy space. A much better solution is to encourage business donations. Printing money for a "good cause" Whether it is from one time special blocks, taxes on mining fees etc. For possible discussion: Migrate the software to a strong copyleft. GPLv3+ or AGPLv3+ Most users would not see a difference; however distribution on closed propriety platforms that require additional restrictive terms, such as IOS, Windows 8.x RT etc. would require a separate license. This license can then require payment. In the IOS case Monero apps on iTunes would have to be paid apps. Those wishing to run Monero in IOS for free would have to jailbreak in order to have GPLv3 / AGPLv3 compatibility. This effectively "fleeces the iSheep". Note: A platform such as Android or Regular Windows is not impacted since they permit GPLv3+ / AGPLv3+ software. Edit: AGPLv3 would require a pool or an exchange to either pay a fee (to waive the Network requirement) or effectively make their internal software available to their customers under the AGPLv3. https://www.gnu.org/licenses/agpl-3.0.html, https://www.gnu.org/copyleft/gpl.html
|
|
|
By such logic, nobody really owns their phones either, they were assembled in China, not by us
Actually most people do not own their phones. The reason for this is that most cellular phones are locked down with DRM infected software. If one has an Android phone and roots it then one can take back ownership of what was rightfully one's own property in the first place. Now when it comes to Bitcoin or course one can own Bitcoin, or to be technical "control the private keys that allow one to spend the Bitcoin on the blockchain". If the OP is interested in playing language semantics to obtain benefits for which he or she is not eligible due to net worth, the my suggestion is to get professional legal advice in the relevant jurisdiction. Frankly, I must give kudos to the Australian Government for asking this question in the first place. It show the proper recognition of Bitcoin and other crypto currencies as a legitimate asset and / or money.
|
|
|
It is a perfectly legitimate question if there is a financial means test for disability benefits.
|
|
|
The real threats here are for example organizations such as the NFL (National Football League) and other paddlers of "premium" content, not the NSA. DRM is the prime suspect as to why Apple is using 7 year old software. Edit: Here is a post where apparently the FSF is saving Apple's skin on the DRM issue. fluchtpunkt 21 hours ago at 02:06 am No, as far as I have seen so far the first initial patch didn't actually fix the problem. The fact is that the bug was publicly disclosed yesterday, and you are ranting because there is no patch today, as of yet. The bug is fixed. The patch is available. Apple could have rolled it out by now. The GNU people even were so nice to backport the fixes to the ancient version Apple is using because Apple doesn't want code that's licensed with GPL v3. http://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-052Apple just has to apply the patch and provide a new bash binary through software update. Apple does not have to identify the bug, they don't have to come up with a solution, they don't have to verify the fix. Everything is done already. Stupid politics are the only thing that prevent the release of this bugfix. Probably because they like to bundle patches so people think their software is more secure because it isn't patched that often. http://www.macrumors.com/2014/09/25/bash-flaw-os-x/
|
|
|
First of all this is a valid exploit and can be easily patched on GNU/Linux distributions by updating bash to the latest version. From https://www.reddit.com/r/Bitcoin/comments/2heu88/if_you_are_storing_bitcoins_on_a_linuxmac_system/For example on Ubuntu 14.04 (GNU/Linux) sudo apt-get update
sudo apt-get install --only-upgrade bash
The man page for bash on Ubuntu 14.04 (GNU/Linux) before the update on shows the following: Bash is Copyright (C) 1989-2013 by the Free Software Foundation, Inc. This is fairly normal since it takes some time for packages to work their way into the final release of a GNU/Linux distribution. Now when it comes to OSX this gets really interesting. From further down in the same reddit thread The thread then goes to propose a fix by replacing the bash shell provided by Apple with a Homebrew solution and I would refer those interested in patching the OSX system to the reddit thread as a possible solution. What I find very interesting here is the copyright notice, both regarding the date and the copyright holder. This brings up the following question. Why on earth would Apple be using a 7 year old version of bash? The answer is not technical but legal, and it relates to DRM. The critical change here is that the Free Software Foundation released the GPLv3 in 2007 and then began slowly porting packages to GPLv3. Here is one of many summaries on the subject. http://oss-watch.ac.uk/resources/gplv3. Suffice to say that implementing GPLv3, unlike GPLv2, deep in an operating system, such as in the case of bash, makes the whole operating system highly toxic to DRM. For those of us who value our freedom and liberty this is of course a very valuable feature; however if one wishes to create a modern version of the telescreen in George Orwell's 1984 or some thing close to it, using DRM, the presence of GPLv3 code deep in the OS is a fatal bug. Apple was presented with a choice. Introduce GPLv3 code into OSX and IOS, thereby making these operating systems toxic to DRM or put its users at risk by using 7 year old FSF code that was still licensed under GPLv2. Apple decided to place the greed of organizations such as the MPAA and its own greed, by supporting DRM, ahead the legitimate security needs of its users when choosing to use 7 year old FSF code. The really disturbing question here is: What other vulnerabilities exist in OSX and IOS because of this reason? At least Microsoft writes it own code to implement DRM, rather than use 7 year old code whose copyright belongs to an organization led by no other than Richard Stallman, https://en.wikipedia.org/wiki/Richard_Stallman! It may take an entrepreneurial class action litigation firm to heard enough of the iSheep into a class action lawsuit against Apple to actually secure OSX and IOS, by dealing with the underlying legal cause of these vulnerabilities.
|
|
|
...
What's missing please ?
libunbound I ran into the same problem on Ubuntu 14.04 and solved it by installing libunbound
|
|
|
Hi folk,
I suspect some potential problem, so i would like to ask to contact me every exchange that trade CN (especially Polo, Bittrex and Bter). If someone is in touch with exchange operators, please let them know.
Zoidberg
X-posted from BBR thread. Seems an attack against Cryptonote coins may actually be underway? Is there a link to actual post where crypto_zoidberg posted this?
|
|
|
Is it plausible to make clients checkpoint themselves regularly? This would require the checkpoints to be saved in some external file that is integrity-verifiable.
We had this discussion a little while ago. If we provide a reasonably fast way of deploying run-time checkpoints, should the application verify them as being from us (the core team) or not? If they're verifiably from us (on the app side) we're centralising "control". If they're not verified, then a malicious attacker could send his own checkpoints. But if a malicious attacker has access to your .bitmonero / %APPDATA%/bitmonero folder, or he can convince you to put a file there, why bother with fake checkpoints? He can give you a fake p2pstate.bin or a fake blockchain.bin, so this is a nonsensical attack vector. Plus open checkpoints evaluated at runtime allow us to disappear off the face of the earth and a new group could still deliver checkpoints (ie. a reduction in centralisation). Thus, flat-file checkpoints seem to answer the immediate need for on-demand checkpointing. There's still a bit of work to do to manage periodic updates, but we're almost there - https://github.com/monero-project/bitmonero/pull/155With regards to rapidly delivering emergency checkpoints (which is, frankly, a different use-case) we're working on a solution for that too. We expect all of these to be temporary solutions that last for a few years only, after which we can remove them. Once could also give the end user the choice between requiring the application verify the checkpoints as being from the core team or not.
|
|
|
Does checkpointing make XMR more like a centralized currency?
no Well, actually, to some degree it is a form of centralised control. I'll quote from IRC - [11:28:52] fluffypony: the best way to prevent this sort of attack is to have a very, very large network hashrate [11:29:01] fluffypony: ours is still relatively small [11:29:36] Myagui: yeah, which begs for more/better miner software - particularly opensource for AMD (of which I have none, btw) [11:29:57] fluffypony: attacking Monero now using brute hashrate alone is a cop-out, because our network isn't strong enough to be considered "safe" by decentralised standards [11:30:08] dnaleor_: Myagui, bitcoin solved this problem exactly like xmr: https://en.bitcoin.it/wiki/Checkpoint_Lockin [11:31:19] Myagui: dnaleor_: got it, but just as fluffypony and I were getting too, that's not really a "solution", it's mitigation (and requires babysitting) [11:31:29] fluffypony: Myagui: yes [11:31:41] fluffypony: remember, Monero isn't a decentralised cryptocurrency yet [11:31:54] fluffypony: it *can be* one in the future when the network is bigger / stronger [11:32:17] fluffypony: so anyone buying Monero now isn't buying it because it's a perfect example of a decentralised cryptocurrency [11:32:25] fluffypony: they're buying it because it can potentially be one in future
A poor use of "perfect", but you get the drift. It can be a form of centralised control but it does not have to be. If the location of checkpoints is left to the developers then checkpoints become trusting the developers over the longest chain. There is however no reason in principle why this has to be the case, if the function of deciding where the checkpoints are, is separated from that of implementing the checkpoints in code. A POW currency can function perfectly well with different users, miners etc., disagreeing on this point and implementing checkpoints at different locations in the chain. One must recognize that the only barrier preventing end users miners etc., from choosing the location of checkpoints independently of the developers is coding skills. I for example may choose to disagree with fluffypony on the appropriate location of checkpoints while trusting his coding skills in implementing them.
|
|
|
Does checkpointing make XMR more like a centralized currency?
no There is actually nothing preventing a user from adding a checkpoint to the code they are using and recompiling. All they are actually saying is that they trust, as part of the consensus making process, a chain that matches up to the checkpoint over a longer chain that differs before the checkpoint.
|
|
|
It can literally become a war of attrition; however if the defence is in the process of developing a permanent fix then time is on the side of the defence. I compiled bitmonerod 4x over the last 24 hours on different computers.
|
|
|
If its a timewarp attack, and has just begun... I presume he first has to catch up with the current blockchain with his own private mining pool? Ultimately, I thought checkpoints made that pointless.. so Im not sure what his attack is.
In a temewarp attack the attacking chain has to be built up first in private over a period of time. It is then released in the visible portion of the attack. Every time a checkpoint is added this process of building the attacking chain has to be restarted from scratch again, effectively delaying the visible portion of the attack. Edit: Complacency while the attacking chain is being built, the non visible portion of the attack, becomrs the biggest enemy of the defence. This quote summarizes this very well. Yawn.. this isn't nearly as entertaining as I thought it would be.
Is Monero being attacked or not? If someone is performing a TW attack is there any way to tell?
From my experience with time warps attacks it takes a couple of days before the symptoms start to occur, but when they do....the chaos is sweet. ~BCX~
|
|
|
... He TW'd the deadline! I understand she TW'd the deadline!
|
|
|
Hi! Just a friendly member of the Stealthcoin community dropping by to tell you that the Bitcointalk user known as "Stealthcoin" is not associated in anyway with Stealthcoin or it's development. I've seen many Monero supporters lash out at Stealthcoin because of this users actions. User: https://bitcointalk.org/index.php?action=profile;u=209332Competition for anonymous coins is good. It means better quality, more competitive and more people promoting privacy oriented software and trade! Good luck to Monero! Once again, the user "Stealthcoin" is not associated in any way with the crypto currency known as Stealthcoin! Thank you
|
|
|
The core Monero group has requested all exchanges halt deposits and withdrawals for 24 hours due to the threat of BCX. Luckily my deposit to mintpal is now stuck at 18/20 confirms. I suspect there are many others in similar situations who don't follow the monero thread closely.
All of you monero shills and supporters should be seriously concerned that a few people have the ability to deny you access to your funds due to a threat.
They didn't even have the foresight t transfer to give more than a few minutes notice.
It is very good advice. Anyone who believes that Monero is going to die because of a TW attack and consequently is planning to sell would be crazy to wait until the attack starts and only then transfer XMR to an exchange. Then either the attack has failed, in which case what is the point of selling, or the attack at least partially works and the coins are lost in the transfer. The possibility of this attack has been known in advance for 3 days giving plenty of time to transfer coins.
|
|
|
Yep Monero is legit, everyone buy XMR
Can someone please explain what Monero has to do with the scaminess or lack thereof of NXT?
|
|
|
... Sure, like Poloniex wants to attract the attention of law enforcement . . . dying to give the FB! a tour around their servers . . .
It does not even have to be Poloniex. All it takes is one user who lost money because of the DDOS.
|
|
|
|