No it is *NOT*.


You're mistaken co-op with ruling. Unless the US sees *REALLY* evil (read: financial interest) on btc or ixc and go on a strong campaign against it, like as the so called "war on drugs", most of the other countries will not follow.
If US starts to bitch its allies enough to get them leaving NATO you'll see how fast the largest World debtor goes down.

Right, the US citizens really should worry about that, as for those it is in fact their government. However to many and many people around the globe "their government" can do whatever it wants and those people wouldn't be giving a damn about it. I just need to call China "my government", for an instance, to have US way way offshore and print its bans in soft toilet paper.

It's something you easily notice in this forum about Americans: They truly believe "US rules the World". It seams their government manages to scare them so well that they come to believe the entire planet is under its boot.
A bit like a whore believing his pimp to be the strongest man in the World, I guess...

That won't be a branch, will be the same development, but because I don't have limitless free time, I'll start by cutting some issues in the private frontend and later input the remaining ideas for this project. The final project must be a single branch, with ability to enable/disable webservice's features, such as SHA1 pwd crypt (bad idea if your VM has just 128 Mb of RAM or less), captchas (senseless to connect to 192.168.x.x), and so on.

Another thing, before your cast of "security wannabes", shouldn't you read the aim of the project first?

This project is initially designed to be used as frontend for Debian VM's - NOT as a webservice. Webservice will have a few differences in account features, such as captchas to prevent brutte forcing and other pwd security.

@Xephan;

I accept criticism, I DO NOT ACCEPT, is someone scratching his balls and just showing his face to say things like "for fuck sake you can't code". This ain't about being "infallible" or "too good", it's a matter of RESPECT others' work.

THIS...

I would ask otherwise, can't someone develop something wasting TIME and for FREE, without having some full of shit "security troll" to show around as an unwanted sort of "consultant"?

So next time, if you don't want shit thrown at you, don't throw at others.

"Hacking" is actually do the things in an unorthodox way.

But my point was on "claim vs reality", not on how many gf a hacker has or not. I know those forums, it mostly goes around like:
- Let's strike xpto.com?
- Yeah! Yeah!
- They've a XSS/CSRF exploit
- Whow!!!! Easy picking! We will screw it!
...after 1.000.000 fails you got the two "hacker kinds":
Liar:
- I'm in!
- Sweet! Help us out.
- Oh shit! Just logged out. I'll teach you guys later, need to check the logs. (and wait this to be forgotten)
Honest:
- You guys up to DDoS it?

 

What's the use of this anyway?!

Name them! What can you do with XSS/CSRF? Log the user out?


This actually means: "I don't even know what I'm talking about, but I'm full of shit and will try to impress with my 'security skills'". For fuck sake! STOP casting bullshit you read in "hackers forums".

BTW, those "hacker forums" are normally like those guys who finish high school virgins; they make the hardest and most long shot attack look like the easiest thing around, yet they never actually did any, just like those boys who never actually got anyone but will jump on claim to had half of the school girls.

No, that line means:

If no account is selected, then select <account Prefix from config>_<user id>_<first account - which is ALWAYS 1>

if you do this, and taken $account_id isn't set, will mean PC_1_<nothing here... empty>

Just created a GitHub repo: https://github.com/BCEmporium/PHPCoin

@Xephan;
Fair enough, I'm not up to waste time in those sort of discussions. But to the end, if one gets your db, other than a dump:

mysql_query("UPDATE users SET `password` = '$mynewHash' WHERE uid = $target_id");

or, moving with money:

mysql_query("UPDATE users SET `balance` = 10000000 WHERE uid = $my_id");

Bottom line, "assuming that someone can get the database" isn't security. If someone gets the db is already too late... only solution probably: sudo /etc/init.d/mysql stop && shutdown -hP now

Sorry... damn! Changing OS is a pain 
Tried with VirtualBox to fire my Debian VM, but it was eating 100% CPU, means this was slower than a turtle with a broken leg. Then software; 1st try: Geany, now trying Aptana Studio. Coding the Admin block now.

You're right, my bad. Sorry.

The correct term is "Deprecated", not "Broken".

Who's to contact in this exchange?
Just made an account with my yahoo id and sent some btc, now try to login back with the same open id and it offers me to "create an accout"... 

Vote AGAINST this idea.

Reason:

It breaks network neutrality.
As no one has the "global web jurisdiction" (No, US doesn't "rule the World"), some ISP's will not bite this scheme and will not pay, so the "payees" and "payer ISP's" may attempt to block or slow those ISP's.

This is a wrong statement, MD5 wasn't ever broken nor is. The only way it would be considered as so if you or someone can actually reverse it and that, so far, is impossible.
Being open to Brutte-forcing doesn't make anything "broken" as no known algorithm is resistant to it. All you can make is it slower to bf, not prevent it.
MD5 is just "fastest to brutte-forced than others", along with those "rainbow tables" (which is just a database with pre-computed hashes, btw).

About that "old/new", it refers to: old -> Jed time / new -> some time after M'Tux bough that, not as "old before the attack/new after", as I believe you were assuming.

Actually you'd people starting to complaint out of accounts being ripped more than 2 weeks before the attack. And yes, cryptography on hashing, has improved A LOT since Bitcoin came around. The same methods to "mine more coins", as GPU mining, are the ones used now to reverse hashes. Whereas MD5 would sound safe under 1~2 Ghz CPU hashing, they're now "pieces of cake" for most GPU based crackers.

And that my pass wasn't of "they see THEN they changed", it was actually as it was in that db dump file.

Actually my account's password there was hashed with md5 salted crypt algorithm ($3$salt$hash)... which makes me believe also, someone had that db for quite a while. The added difficulty would represent one thing; the attack may not happen when it happened, but somewhere in the future... thus the attack would come to place either way.

Going to fire the VM now and will work on it a while.

I still believe M'Tux took the wrong lessons there. He wasn't hacked due to strength or lack of strength of his password hashing, he was hacked by leting his database fell in the wrong hands. Starting from here, hashing algorithms doesn't "save you" of anything and enforce "strong passwords" will make your customers unhappy.

Nothing, PHP is inheritelly "Open Source", unless I obfuscate that with Zend or Roadsend, as I didn't the source is openly available.

I'd delay those two days due to Linux, I'm giving it a try at my desktop (part 1001st) and started with the wrong foot; OpenSuSE... well... I've a nForce chipset, isn't easy for starters, but OpenSuSE always manage to screw graphics - had the same issue with SuSE and Via C3 some 5 years ago. That mean format and reformat to end up with Ubuntu and today is party time with my old army mates.