大家还是都来做点事情抓贼,实在不行出出主意也行,有知道消息的披露一下,
小偷不除,最后倒霉的还是诸位。
诸位靠自己本事防得住黑客的偷窃吗?
那何不助比特儿大户清除自己后患?
放本地冷錢包就可以, 自己的錢為何要假手於人? 放冷钱包就是鼓励不花钱,这对比特币推广是负面影响!这次比特儿事件说明黑客在比特币网络简直就是如鱼得水,比特币网络对小白来说就是黑客的收割场! 講那麼多, 一個字就是"懶": 懶得去學, 懶得打開冷錢包付款. 懶惰就要付出代價 |
|
|
|
大家还是都来做点事情抓贼,实在不行出出主意也行,有知道消息的披露一下,
小偷不除,最后倒霉的还是诸位。
诸位靠自己本事防得住黑客的偷窃吗?
那何不助比特儿大户清除自己后患?
放本地冷錢包就可以, 自己的錢為何要假手於人? |
|
|
|
|
就那麼110BTC算什麼? 比這個大十倍百倍以上的都發生過很多次了, 這小數目很容易清洗
4千萬NXT就可能真的有點麻煩了, 不過只要打折出售還是會有人要的
|
|
|
|
不是所有水都是浑的,至少没你眼中那么浑。比特儿再傻,也不会做这样一出戏,因为成本太高了。
无论从哪方面看这都不像是一场戏,更像是真的。
是的, 比特兒再傻, 也不會把1000萬人民幣放在熱錢包 |
|
|
|
是自导自演的吧
會不會是這樣? 1. 首先謊稱被盜, 準備只賠償1/10給用戶 2. 豈料社群很團結, 要回滾交易 3. 唯有裝作和黑客談判成功, 可以用30萬人民幣的BTC買回1000萬的NXT, 要社群不要回滾 4. 在黑客離線的情況下, 發了約定的100BTC, 還發了額外的12.3BTC, 但一毛錢也沒收回來 (這是最不合理的, 誰見過這樣笨的肉包子打狗? 如果不是自導自演, 那肯定是瘋了) 5. 由於回滾必須在720個區塊內完成, 只要拖到那時候, 計劃就成功了 6. 最後發出聲明: "我們已盡力了, 只是黑客背信, 也沒辦法" 1,没有迹 象表明是自导自演,按道理来说也不可能,看韩林和黑客的对话完全不像是自导自演的。 自导自演的成本太高了,风险也很高。 2,况且5000万个NXT想套现还不是那么容易的事情。深度一砸就没了。 3,112.3个其实是110个,2.3个早就存在地址里的。应该是慌张发多了10个。 如果看起來都像自導自演那就真的太笨了吧? 最可疑的一點是為何在黑客離線後仍要全數付贖金? 那多付的10個也可能是要"證明"自己慌張吧? |
|
|
|
My best guess is that Satoshi preferred the input/output model because it makes very easy preventing transaction spam on the network (before inclusion into the blockchain).
When you adopt the account/balance model, you must choose one of the following design decisions to be able to detect double-spends (which can be used to DoS the network):
1. Require transactions to include a proof-of-work
2. Predict the balance of each account every time you receive a transaction
3. Reduce the block interval to a value so small that allowing a single transaction per block is enough for the user (e.g. 5 seconds). Then you forward a single transaction per account between blocks.
There are surely more solutions, but probably more complicated.
The simplest solution (for a 10 minute block interval) is the one Satoshi choose, because it does not require additional temporary data structures.
Sergio. Just using an incrementing nonce for each account is sufficient to solve the issue. Not so simple. All full nodes have to keep the nonce of all addresses, even for those with zero balance. No pruning is possible. |
|
|
|
是自导自演的吧
會不會是這樣? 1. 首先謊稱被盜, 準備只賠償1/10給用戶 2. 豈料社群很團結, 要回滾交易 3. 唯有裝作和黑客談判成功, 可以用30萬人民幣的BTC買回1000萬的NXT, 要社群不要回滾 4. 在黑客離線的情況下, 發了約定的100BTC, 還發了額外的12.3BTC, 但一毛錢也沒收回來 (這是最不合理的, 誰見過這樣笨的肉包子打狗? 如果不是自導自演, 那肯定是瘋了) 5. 由於回滾必須在720個區塊內完成, 只要拖到那時候, 計劃就成功了 6. 最後發出聲明: "我們已盡力了, 只是黑客背信, 也沒辦法" |
|
|
|
And send 10 gajigga bytes of potentially min traffic around the network. Besides unless your "distributed timestamp server" is another POW blockchain (in which case nothing has been achieved) its not obvious how to construct that in a decentralized way.
Generally if you can assume the existence of such a construct no mining is needed at all. Mining exists basically to solve that problem.
So you mean such distributed time server would remove the need for mining entirely? The time server could be tricky to implement, but maybe doable! NTP is perhaps something that could be used as a foundation for the distributed time server: Are you saying that your whole proposal is building on "perhaps something"? Come back after you figure out how it might work. A distributed time server with random nonce generation is probably tricky to develop. But it's the general idea I wanted to present. So that other people can figure out possible solutions or explain why it would be impossible. You are saying nothing but "I want this, I want that" without really knowing what you are talking about. The Bitcoin miner network IS already a distributed time server. Due to its decentralized nature its resolution could not be too high. If you believe you are able to create an even better distributed time server than the miner network, just do it. |
|
|
|
And send 10 gajigga bytes of potentially min traffic around the network. Besides unless your "distributed timestamp server" is another POW blockchain (in which case nothing has been achieved) its not obvious how to construct that in a decentralized way.
Generally if you can assume the existence of such a construct no mining is needed at all. Mining exists basically to solve that problem.
So you mean such distributed time server would remove the need for mining entirely? The time server could be tricky to implement, but maybe doable! NTP is perhaps something that could be used as a foundation for the distributed time server: Are you saying that your whole proposal is building on "perhaps something"? Come back after you figure out how it might work. |
|
|
|
Don't also miss https://en.bitcoin.it/wiki/User:Gmaxwell/block_network_codingSee also the PGP SKS keyserver, which uses efficient set reconciliation. This change can launch Bitcoin from being a serious competitor to Western Union (today) to a serious competitor to VISA (later next year). I'm a fan of fancy schemes to increase efficiency (see link) but that is a bit over the top. The impact is much more modest than you're thinking, especially compared to the kind of forwarding that p2pool and bluematt's relay network already do (send blocks without repeating transactions that the far end already knows you have). The transactions still must be sent and validated. It does avoid the 2x bandwidth overhead of sending it again with the block, and the marginal latency that implies— but so do simpler tools e.g. matt's relay for me has a hitrate of "In total, skipped 140004 of 142773 (0.9806055766846673%)" since last restart. Unlike some other technologies like fraud proofs these doesn't change the decentralization/scale tradeoff or the bandwidth usage (It's still O(n) with the number of transactions, they're just happening earlier). It's all awesome sauce and all and should be a great thing to have, but that I love this stuff makes it hurt all the more to see it exaggerated.  I think you somehow understated the implication of Gavin's proposal. Although the bandwidth or CPU usage are still O(n), the block propagation becomes O(1). Since the risk of block orphaning is positively correlated with block propagation time, this proposal will reduce the cost related to block orphaning and encourage miners to include more transactions in a block |
|
|
|
自796去年11月份推出期货后,就一直跌跌不休,可见期货对比特币的危害之大。 這種垃圾邏輯應該寫在開頭, 就不用浪費我時間看完整篇了 |
|
|
|
Today, I was able to confirm both the good luck and the superstition with 777
I was in my local Chinese town to-go restaurant, and I told the gentleman behind the counter that i wanted 6 barbecued chicken wings and 10 soy chicken feet. He was NOT sure about what I said and he asked the lady next to him to translate into chinese.
When he weighed up the chicken wings, I saw the price came to $7.xx, and I had not really noticed the details of the price, I was just thinking, "shit more than $7.xx for 6 chicken wings." Don't get me wrong, they were big-ass chicken wings, but still I was thinking about the price, and as the guy was acknowledging the price, he was getting really excited about how lucky I was and kept pointing at the wings and the box and going "oh, oh, oh..."
I then glanced back at the price on the scale, and it was $7.77, and I just smiled and nodded in agreement with the guy, even though I was thinking that it was NOT such a big deal. Then as he weighed my 10 soy chicken feet, he wrote down the price and threw in two extra soy chicken feet.. and he kind of winked at me. Then I thought, "oh, there is something to the luck of $7.77 b/c I just scored two extra soy chicken feet out of the deal."
Anyhow, rumor about lucky 7s is true in the Chinese community and confirmed by experience of two extra soy chicken feet.
Edit: BTW... I was thinking that since 6 chicken wings was $7.77, then 5 chicken wings would have been $6.66 and 7 chicken wings would have been $8.88.. just gotta get lucky, or unlucky with the exact weight of each chicken wing.
4 and 7, particularly 4, is more considered as bad rather than good in Chinese culture. "4" sounds like "die", and "7" is also related to death. Commemorative banknote with 4 or 7 in the serial number will carry a lesser premium. Just search "無47" (No 4 and 7) ( https://www.google.com.hk/search?q=%E7%84%A147 ) and you will find lots of ads of commemorative banknote trading |
|
|
|
my understanding is that you do not enter the seed as a string of words, but rather follow prompts from the mytrezor page such as:
Exactly. Old firmware (1.2.0 and older) used 50% fake words. New firmware (1.2.1+) always asks for 24 words (making it 12 fake words for 12-word mnemonic, 6 fake words for 18-word mnemonic and no fake words for 24-word mnemonic). And we also switched the default from 12 words to 24 words, so most of the people will not see the "fake words" feature anymore. Without any fake word for 24-word mnemonic, the entropy is reduced from 256bits to only 79bits. This is not acceptable for long term storage |
|
|
|
@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.
But if the new Trezor can use those words in random order, why couldn't the attacker do it too? Please read this: https://github.com/satoshilabs/docs/blob/master/trezor-user/recovery.rst' I have read it but cannot see the answer. The attack that worries the OP may be: hacker installs malicious browser/plugin in many computers and waits for one of the owners to start the recovery procedure. As the victim types the words, the malicious software sends them to the thief, and sends the wrong words to the victim's Trezor, so that his recovery will fail. Meanwhile the thief starts the legitimate recovery procedure with another Trezor, enters the words (garbled, with nulls and all), and gets access to the victim's wallet. (A basic problem of all security systems is that, whatever one must do to get access, someone else with the right information could do the same. Including biometrics. Thus, security always depends ultimately on preventing the bad guys from getting some critical information that the good guys have somewhere.) The TREZOR will ask you to enter the recovery seed in random order, and the order is only displayed on the trezor. You computer dosn't know what order is right. So even if the attacker has all words, it is pretty much useless. And the entered order is different everytime you are promted to enter it! As I read from the manual, the Trezor will also ask the user to input some random extra words, making it more secure. Still, I don't feel very comfortable to enter my private key on a network-connected computer. |
|
|
|
@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.
But if the new Trezor can use those words in random order, why couldn't the attacker do it too? Please read this: https://github.com/satoshilabs/docs/blob/master/trezor-user/recovery.rst' I have read it but cannot see the answer. The attack that worries the OP may be: hacker installs malicious browser/plugin in many computers and waits for one of the owners to start the recovery procedure. As the victim types the words, the malicious software sends them to the thief, and sends the wrong words to the victim's Trezor, so that his recovery will fail. Meanwhile the thief starts the legitimate recovery procedure with another Trezor, enters the words (garbled, with nulls and all), and gets access to the victim's wallet. (A basic problem of all security systems is that, whatever one must do to get access, someone else with the right information could do the same. Including biometrics. Thus, security always depends ultimately on preventing the bad guys from getting some critical information that the good guys have somewhere.) Only the victim and victim's Trezor knows the order of the words. The order is generated by Trezor, only shown on its screen, and never transmitted to the infected computer. The malware may make the recovery fail. However, as the malware does not know the order, it can't recover the wallet either |
|
|
|
In other words, you're saying that people attach a speculative premium to bitcoin. I disagree--there has always been a speculative discount relative to its utility. This discount reflects the non-zero probability that bitcoin may fail.
True believers in the future success of bitcoin as global currency should be buying and holding even if the price rose to five figures. That they are not means that any such true believers have run out of money so they can't influence the price any more. A rational true believer should understand that any project has a non-zero probability to fail. Also, no one wants to live in underground sewage while holding five figures of bitcoin @ five figures USD each. |
|
|
|
@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.
In case you didn't catch the factorial operator, that's 6.2044840173323943936 × 10^23 combinations that an attacker has to try. Even if they could try 1 quadrillion combinations per second, it would still take 20 years to exhaust every possibility. Put another way, in order for an attacker to be able to find your seed within 10 minutes (during which time you should easily be able to transfer the coins to a different device), they would need to be able to try 10^21 (1 sextillion) combinations per second. This assumes that the first 6.2044840173323943936 × 10^23 - 1 tested combinations are all incorrect, which is extremely unlikely. The probability of this happening is equal to having a correct guess in the first attempt By the way, the manual should warn the user that after recovery the wallet is not perfectly safe and they should transfer everything to a new wallet I think Perlover's solution is better |
|
|
|
@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.
But if the new Trezor can use those words in random order, why couldn't the attacker do it too? Please read this: https://github.com/satoshilabs/docs/blob/master/trezor-user/recovery.rst |
|
|
|
@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.
In case you didn't catch the factorial operator, that's 6.2044840173323943936 × 10^23 combinations that an attacker has to try. Even if they could try 1 quadrillion combinations per second, it would still take 20 years to exhaust every possibility. Put another way, in order for an attacker to be able to find your seed within 10 minutes (during which time you should easily be able to transfer the coins to a different device), they would need to be able to try 10^21 (1 sextillion) combinations per second. This assumes that the first 6.2044840173323943936 × 10^23 - 1 tested combinations are all incorrect, which is extremely unlikely. The probability of this happening is equal to having a correct guess in the first attempt |
|
|
|
|
Show Posts
