Bitcoin Forum
October 17, 2018, 05:24:36 PM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
  Home Help Search Donate Login Register  
  Show Posts
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 »
1  Other / Off-topic / PGP key for RGBKey, uid #182468 on: April 24, 2018, 09:53:08 PM
Quoted below as requested.  But the important part is to establish a fingerprint which people can check.  The fingerprint I observe is: 0xABE2DC997C2233012A86D8BE66F1B6C95688A943

Archival link changed to https: https://archive.li/ZabYw  ...and .onion, for Tor users: http://archivecaslytosk.onion/ZabYw

Edit:  Archive of this post (and the rest of the thread): https://web.archive.org/web/20180424215333/https://bitcointalk.org/index.php?topic=3323999.msg35510465#msg35510465

It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.

I agree with that assessment.  I see that you use Ed25519, which I also currently use for my identity key.

(Aside:  I am disappointed that the current draft in the process to revise RFC 4880 does not specify anything stronger, such as Ed448-Goldilocks.  I should probably do something about that.  It does prospectively specify Ed25519/Curve25519 as OpenPGP standard.)

If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.

This is always problematic for someone who exists as a nym.  How would you propose binding 0xABE2DC997C2233012A86D8BE66F1B6C95688A943 to “RGBKey” and the given e-mail address?  It’s not as if you would be flashing state-issued ID documents at me.  I think that some level of TOFU is necessary in these situations.  For my part, I have simply tried to spread my PGP fingerprint anywhere I can (forum post sigs, sigs in mailing list archives, etc., etc.).

As it stands, all I know is that somebody with sufficient Bitcointalk.org access to create a forum post as #182468 claims that key unidirectionally.  This could hypothetically include forum admins, blackhats, Cloudflare, the NSA...  There is no cryptographic binding of identity, and there can’t be, insofar as you may have no other cryptographic anchor to which to bind.  If you have a long-established, widely-published Bitcoin address, an X.509 certificate (LOL, CAs), or some other form of public-key crypto more or less strongly linked to “RGBKey”, that could be helpful.

If I've missed anything here, please let me know.

The (weak) binding of forum uid #182468 → PGP key is unidirectional; I see no statement signed by the key, claiming uid #182468 “RGBKey”.  This is typically resolved with a clearsigned statement acknowledging the identity.  But if the Bitcoin Forum is especially important to your identity, you may want to instead add a PGP userid to your key specifying your forum identity.  All userids must be certified by your (C) key to be valid.  I added that to my key last month; please have a look:

Quote
uid Bitcoin Forum uid 976210 (https://bitcointalk.org/)

In gpg, I specified “Bitcoin Forum uid 976210” as my “Name” and the URL as the “Comment”.  An OpenPGP userid is anyway only a single UTF-8 text string, as specified by RFC 4880 §5.11.  E-mail addresses are enclosed in angle brackets and comments are parenthesized by common convention, in the manner of RFC 2822; but if you do a hex dump of your public key, you’ll see that the User ID packet is just one string.

Also:  man gpg and look for --export-secret-subkeys; also, --expert --full-generate-key (which I presume you used anyway to get an ECC key).

This lets you generate a Certification (C)-only primary key plus signing (S) and encryption (E) subkeys on an airgap machine, then export only the subkeys to your networked machine (using a GnuPG extension which, to my knowledge, is only compatible with GnuPG).  This way, even if your networked machine is compromised, your identity is not; and you can issue new subkeys using your airgapped primary key.  Examine my keys to see what the result may look like.

Most people don’t seem to care about this; but I myself value the extra margin of safety for a pseudonymous person who exists only as a virtual identity.  My identity is anchored in a strictly offline key:  I am 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C (or whatever other keys I may use that key to roll over to in the future, if and as better algorithms become available).

Edit 1:  I just noticed that you are currently using a 32-bit keyid in your personal text.  Please reconsider.  32-bit keyids are totally insecure; using fast ECC crypto (in that case secp256k1), I myself bruteforced keyid 0x69696969 in 1055.33375204 seconds on one core of an old laptop CPU.  See also https://evil32.com/.  I don’t trust 64-bit keyids, either.  The Bitcoin mining network currently does 264 work every few seconds.  For creating a “vanity” keyid, it is an amount of computation within reach of a powerful adversary (or anybody with access to a large distributed computing grid/botnet/whatever, plus lots of patience).  Whereas the full fingerprint is a SHA-1 hash (soon to be changed to SHA-256 with v5 keys), which is still secure against a full preimage attack.



Full quote of OP:

Hey folks,

I've been a longstanding advocate of encryption, but I've come to realize that I don't really have an established PGP key to use for communications here. I've just created a new one (I created one ~4 years ago and have since lost it) and I'm going to publish it here and record it. I would greatly appreciate it if a few (please don't go too overboard) people would quote this post to establish it. I will also use archive.is to record this post and post it in a follow-up reply.

Here is my key:
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEWtLazxYJKwYBBAHaRw8BAQdAgX5FwRIX6Vjq4cGZmrufz1/9PMBx40DcdTeD
Yw2P2Ry0GVJHQktleSA8cmdia2V5QGdtYWlsLmNvbT6IkAQTFggAOBYhBKvi3Jl8
IjMBKobYvmbxtslWiKlDBQJa0trPAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
AAoJEGbxtslWiKlDDF8BAOMjI3HkUOpMU1/qiFixKqB9DywR6WLtq/gO/1FuglFo
AQCK6+OKONT+dCxGRZShrolXpCd1hhGXWhkPU9yj5mvlCbg4BFrS2s8SCisGAQQB
l1UBBQEBB0A6iXCX3Rvd8SWXxDuqd8CFL1jtD7IeUaSlVEmx8OSAQgMBCAeIeAQY
FggAIBYhBKvi3Jl8IjMBKobYvmbxtslWiKlDBQJa0trPAhsMAAoJEGbxtslWiKlD
iGgBAILE2I8JZs2EVEtQiEVLi0/gZ7Mb5+/VIG7GAkmRsWV3AQD1pHktwUWF1i6G
Y4g5j275O69cp2muXydlsBr8fIXlBQ==
=CmTR
-----END PGP PUBLIC KEY BLOCK-----

It is an ECC key, which I believe is currently the best (or at least better than standard) key type to use.

I've also published it to MIT's keyserver.

If any established forum members would like to attempt to verify that I am who I say I am and sign my key, I would appreciate it.

If I've missed anything here, please let me know.
2  Economy / Service Announcements / Lightning would work for Sporestack! on: April 24, 2018, 07:58:35 PM
Hello, Teran,

Thanks for the thoughtful reply.  It’s rare to see such discussion.  I apologize for the delayed response.

Although I don’t know how Sporestack works internally, Lightning is actually ideal for your business model.  Your concern isn’t too clear, but I infer you think there is some need of per-customer accounting state.  If so, no, this is not the case.  It is not necessary to have a payment channel open with each customer.  You simply present customers with single-use Lightning payment requests which can encode much useful information, including the amount and the request expiration time.  Payment requests are designed to be embedded in QR codes, though you need a bigger QR code area than you do for a Bitcoin address.  This can be used by any customer who can find a route to your node (rather like the Internet itself).  Payments are source-routed; and there has been extensive work on onion-routing (exactly in the Tor sense).

Lightning overall keeps less state than on-chain transactions, insofar as the only global and/or permanently immutable state is in channel open/close transactions on the blockchain; information on individual payments is local and, if desired, somewhat ephemeral.  Also, you never really know where a payment is coming from, which should suit you fine.

Otherwise stated, Lightning will indeed support this business model:

But the bread and butter of SporeStack is anyong being able to pick up a Bitcoin or Bitcoin Cash mobile wallet, scan a QR code, and get a server.

Moving money respectively onto or off of your Lightning channels to fund a channel or “cash out” onto the blockchain is conceptually not too different than moving money between hot and cold wallets.  If you already run a Core node, clightning will work with that, too.

I may have more to say on these matters.  I do like your business model.  Yet to start with, I simply wanted to clarify about Lightning Network.
3  Other / Meta / Feature request: Humour system on: April 02, 2018, 06:33:22 AM
A lot of users now are laughing not because it is an april fools prank but the burdens were not true. I shocked also when I noticed that the new rank system are suddenly gone to the thread I am reading.
A while ago, I am thinking on what are the combination numbers to rank up. I thought also that there are algorithms used in order to calculate the new rank requirements till I came to the point that I will not rank up anymore. But then, I am very thankful that it is just a prank. A discouraging ranking system turns to a joke! Those who complained, you may now celebrate!
P.S. It might be prank as of now, but it may come true in the near future.
Many users were commenting yesterday and though claiming it to be a joke but I was seeing a fear behind their statements.  A new tough measure to pass for higher ranking.  Haa haa but many were showing them to be normal but in reality they were not.
I was happy with new system and took it seriously.  I was seeing it as opportunity to rank up.  But  Grin  such a big joke.

I hereby propose the addition of a new Humour score.  Unlike activity and merit points, humour points can be lost for humourlessness, literal-mindedness, broken sarcasm detectors, inability to grasp satire, or employment at a humourless alphabet-soup agency.

Humour will not affect rank.  However, those with zero or negative humour scores shall have their signatures displayed upside-down and backwards.  Also, such persons should carry a warning beneath their usernames:  “Jest with extreme caution.”

This is a serious idea.  @theymos, please implement it!

I was surprised (and laughing) at how many people took this seriously. I thought that this was way more obvious than last year, but I guess not.

A paid sarcasm shill once warned me about this sort of thing.



P.S., Dr. Cerimon shall must needs advise on how best to program the forum software to distinguish between good and ill humours.
4  Other / Meta / s/nullius/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ on: April 02, 2018, 05:55:21 AM
I was surprised (and laughing) at how many people took this seriously. I thought that this was way more obvious than last year, but I guess not.

A paid sarcasm shill once warned me about this sort of thing.

- Virtue was the edit distance between your name and "Lauda". Wink

Oh, snap!  Thus, I suppose that Lauda had 0 virtue, and was the only user who had 0 virtue?  Together with the witchcraft hint, that would have been a dead giveaway; but unfortunately, I was off the forum most of the day and didn’t see Lauda’s “new new” stats.  Anyway, I figured that I could await virtue.txt.xz.

May I please change my username to the letter x repeated the maximal number of characters in a forum username, whatever that may be?  This would have maximal virtue.  It seems bland; but all forum users who desire to be virtuous must forthwith pray to have their usernames changed to maximal-length strings which do not include any of the letters L, a, u, or d.  However arbitrary this rule may seem, avoiding the Inquisition is no laughing matter; and sacrifices must be made in the War on Pill-Shaped Drugs Negative Trust Terror Flying Catbats Witchcraft!

I had kind of wanted to actually have a running game-of-life board in JavaScript on everyone's profile, but I didn't have time.

(BTW, when are we getting Conway-GoL-Coin? It's Turing-complete! Wink)

Well, of course this could be done as a token built on any coin which already has Turing-complete VM.  This gives me an idea which, if implemented, would be even more spectacularly destructive innocently cute than Cryptokitties.



Pardon, theymos, sir; may I please take this opportunity to thank you for a joke I much appreciated?  Thanks.
5  Other / Meta / 0day forum EXPLOIT: fMerit MLCG virtue underflow privilege escalation on: April 02, 2018, 03:29:35 AM
Topic:fMerit MLCG virtue underflow privilege escalation
Announced:2018-04-01
Credit:Tailored Access Operations
Fort Meade, Maryland, U.S.A.
Severity:Critical
CVE Name:CVE-2018-18A1

I. Background

A linear congruential generator is not considered to be a CSPRNG.

II. Problem Description l33t sploit c0de

The modified linear congruential generator used to calculate fMerit has a biased distribution.  Users with low virtue may exploit this bias to uprank to Administrator, thus gaining total control of the forum.

To deter abuse, the 0day POC exploit has been coded in Brainfuck:

Code:
-,+[-[>>++++[>+++++
+++<-]<+<-[>+>+>-[>
>>]<[[>+<-]>>+>]<<<
<<-]]>>>[-]+>--[-[<
->+++[-]]]<[+++++++
+++++<[>-[>+>>]>[+[
<+>-]>+>>]<<<<<-]>>
[<+>-]>[-[-<<[-]>>]
<<[<<->>-]>>]<<[<<+
>>-]]<[-]<.[-]<-,+]

III. Impact

Bitcoin Forum pwned!

IV. Workaround

Switching from Cloudflare to a RFC 3514 compliant packet filter will stop the pwnage, and also prevent DDoS attacks—and also block Cloudflare.

V. Solution

Upgrade the fMerit system to use a properly seeded CSPRNG.



So, how long to process this before I get my ethical hacker symbol badge?
6  Bitcoin / Development & Technical Discussion / Re: segvan: Segwit vanity address & bulk address generator on: March 29, 2018, 04:29:51 PM
Notice:  As a pseudonymous developer who can only pay in BTC, I am currently seeking a legitimate means of Amazon EC2 access.  The most immediate (but not only) motivation therefor is for work on a segvan client/server trustless tweak generator.  Trustworthy persons with their own EC2 accounts are invited to work with me.  This is for long-term legitimate development:  I am NOT trying to buy an account; offers of such will be treated as spam.

(Translation:  Plan A embraced BCH, and lacked EC2’s flexibility anyway.)





I’ve also been seriously mulling ideas for an online service which finds “vanity tweaks” for a private key held by a user—essentially, convenient results from rented time on powerful CPUs in the “cloud” (much though I loathe that word).  I’m curious as to how popular such a service could be.  Anybody interested?

I'd be interested in a service like that. Please could you PM me if you ever get round to doing it? Thanks :)

Please see above.  I’m currently trying to do a 245 (9 characters of Bech32) search on a very slow laptop; I estimate that after both cores spin sipa’s keygrinder 24/7 for two months, I will then have about a 1% chance of having found a match.  Getting access to some fast cloud computing would give me both the impetus and the opportunity to develop a production-quality client/server implementation.





I just used segvan to find 3Jjjjj8466bZXCFJQGDk1reaAXwrri39Vz, 3AAaAAMy2auJ1c5wCRj7Qbzx8qshh9cVrx and 3FffFFLntXU14ePkYK3pyASx2Smaw5TfF1 :)

Unfortunately I had to build from master instead of the sipa_grind branch so I think I'm missing out on the huge performance improvements. Is the sipa_grind meant to be working right now?

I also noticed the 333333mR6i1xHnDQAy1xUwvbGXFqjGgzUU address in your signature and profile!

Apples to apples, rounding liberally, the same patterns with the same codepath give me about 7000 keys/sec generating keys one by one, and 35000 keys/sec with sipa’s keygrinder.  Thus, about a 5x speedup.  (For comparison, with OpenSSL on the same hardware, I maxed out at about 1400 keys/sec.  Core’s secp256k1 really blows OpenSSL away; it is something to be most thankful for when synching the blockchain.)





If you want this to become more popular like vanitygen original version, you need to make windows version of it.
Most users using Windows while generating their private keys. You need above average knowledge to compile it yourself and use linux.

Please see the discussion of Windows porting in a Segwit vanity address generator request thread which pushed me to make an initial release of segvan.

My current priorities are approximately:

0.0. Stable, feature-complete, well-tested implementation on FreeBSD and Linux.  This is much more popular than I’d expected when I whipped up v0.0.0 on an idle afternoon in December.  I want to do it right.

0.1. Packaging on FreeBSD ports and at least one or two popular Linux distributions such as Debian (depending on acceptance by those with commit bits).  This would cut down on the “above average knowledge to compile it” part.  As of this writing, there are 31593 FreeBSD ports available; and the Debian homepage currently claims >51000 packages.  I understand that lack of application compatibility is one of the major problems faced by Microsoft Windows users; and if I have a popular application, I will try to see how I can help with that.

1. Online services, possibly including a stripped-down trustless tweak generation client usable in some way with Microsoft Windows, among others.  This is a high priority to me, since I myself am poor in hardware; and the v1 network protocol I have in mind would make it almost trivial to support securely ordering up vanity addresses from your Windows PC, your iPhone, or whatever.

2. If that does not resolve demand, then maybe a Windows port, potentially with fewer features.  The modularization I am now doing should help with portability.  For example, one of the first roadblocks I hit with a mingw build was POSIX regex support.  The ultra-fast prefix checker I’m currently playing with is portable C code; a Windows build might include that and omit regex support, at least initially.





Code:
pc@pc:~/segvan$ ./segvan -r accs

Anchored regexes will usually be significantly faster (or less slow, depending on your perspective).  Thus, try ^bc1qaccs unless you truly desire every match appearing anywhere in the string.  Giving the HRP/separator prefix is necessary, since segvan currently matches against a whole address; and no warning will be given if you provide an impossible pattern.
7  Economy / Service Announcements / PSA: Pushing Btrash will lose you customers. on: March 29, 2018, 04:11:26 PM
SporeStack now accepts Bitcoin Cash: https://sporestack.com/news#2017-12-12

SporeStack accepts (and prefers) Bitcoin Cash

2017-12-12

We highly recommend switching over to Bitcoin Cash as soon as possible for SporeStack use.

Well, this is unfortunate.  I’ve quietly had my eye on Sporestack for over a year, with an eye toward future projects.  As an all-Tor, all-the-time ghost in the.nym.zone with no means of payment other than Bitcoin, it seemed well suited to me.  But I’m prudent in saving my bits; and I did not have an urgent need for a VPS.  Thus, I simply checked in every few months to see the latest developments—and now, when I have a potential immediate need for service.

FYI, pushing the agenda of Bitcoin distorters and their kakocracy will exclude Bitcoin zealots as your potential customers.  Case in point:  Me.

I’d say good-bye at this point, but I am curious:  If fees were the problem, as stated on the Sporestack website, then why didn’t you add Lightning Network support?  LN mainnet became active soon after you started “highly [recommending]” fake-Bitcoin.  Come to think of it, I may soon need some means to anonymously set up a Lightning node in the cloud.

I’m also curious as to whether your recommendation still holds when with Segwit addresses, for almost two months now, I’ve been paying fees sometimes as low as 1 sat/B (!), never higher than 5 sat/B.
8  Economy / Games and rounds / My congratulations to other Round 3 winners—and a plot twist for Round 4... on: March 26, 2018, 09:13:29 AM
Congratuations to bitmover, Blue Tyrant, and the runners-up!

nullius: Man. You had me worried at the beginning of the week. I know the CloudFlare issue is a huge one for you, as a proponent for security and privacy. So seeing posts repeatedly about the issue had me concerned that you would not be able to deliver. But you did. [...]

Joe, your critique described my past week on the forum similarly to how I myself would have put it.

In the hope of spreading some old-school antispam culture here, I will select The Rules of Spam, Bitcointalk.org Edition as the post to receive my prize merits.

It is true that frankly, Cloudflare’s Javascript checks have been driving me away from the forum.  For that reason, I was away for two whole days this past week; and I think that in the time since I started actively using my account, the only period during which I posted less than this week was when I took a three-week forum hiatus in January.  I also lost the draft of an extensive Dev & Tech post, due to a mishap with the ephemeral VM which contains a browser running scripts I distrust.  Going forward, I hope that some means can be found to fend off Internet arsonists without impact on legitimate users.





And now, with a bow and my thanks to Joe for running this contest, I must sadly decline to enter Round 4—well, sort of.

I may have inadvertently entered a fictional character who has limited purview, and thus far makes few posts.  Such is life in the æthereal0 mists of the.nym.zone:  She approached me, offered her PGP key (0x69696969), and pleaded with tremulous eyes that she must enter Joe’s contest for the greater glory of her bitcult.faith.  What could a flesh-and-blood mortal man say to that?  I must stand down, lest she be barred by the alt-account rule.

Can she be competitive against people who actually exist?  The contest grows more exciting yet!  I am curious to see what Joe’s critique will be.



0. Not “ETHereal”.  Bitgod forbid.
9  Economy / Reputation / Public hate from Btrash shill #981616 “vsyc” on: March 25, 2018, 08:22:30 PM
An off-topic insult by Btrash shill #981616 “vsyc” has been archived and deleted from my trust feedback policy thread:

You such a joke, catch negative trust from me Smiley))

Retaliatory negative trust feedback from “vsyc” to nullius:

Date: 2018-03-25
Risked BTC amount: 0
Reference: (none)

Quote from: vsyc
Sometimes hope for betterment is wasted. This person does not respect other view and believes. No personality behind, some driven scam bot.

Stay away.


Negative trust feedback from nullius to “vsyc”:

Date: 2018-03-12
Risked BTC amount: 0
Reference: https://web.archive.org/web/20180312074550/https://bitcointalk.org/index.php?topic=2399315.0;all

Quote from: nullius
When I was at Newbie rank and had been actively posting for less than 48 hours, I got into an argument involving two Btrash shills:  #981616 “vsyc”, and #494856 “Mrpumperitis”.  Their rank dishonesty made me distrust them; and I wanted to express my distrust through the forum’s trust system.  Being new here, however, I did not yet really understand how the trust system worked; and I feared retaliatory negative feedback (such as I noticed “Mrpumperitis” leave for others), since I did not yet realize that such a thing from a Btrasher would be a badge of honour for me.

I resolved that someday, I would return and make public my distrust of these two odious characters.  That day has come sooner than I’d expected.

Disinfo-mongers who push a scamfork by every means of artifice and insult are *untrustworthy*.  AVOID.

This feedback is made consistently with my trust feedback policy:
https://bitcointalk.org/index.php?topic=3009256.0

N.b. that “vsyc” first came to my attention on a thread wherein after theymos said this:

If someone is fraudulently passing off Bcash as Bitcoin, the most appropriate response is probably to give that person negative trust.

...“vsyc” proceeded to declare:

When exchanges start switching to Bitcoin Cash and recognise it as next version of Bitcoin, than you will look like stupid clowns.

Bitcoin is a scam. Bitcoin Cash is the future and upgrade of Bitcoin (a.k.a. Dead Horse)

(...etc., ad nauseam...)





Historical note:  That thread saw my first direct involvement with immediate controversy on the Bitcoin Forum, although it wasn’t really an interesting fight due to the abject stupidity of Btrash pushers; e.g.:

ill say it here...BITCOIN CASH IS THE REAL BITCOIN

Yawn.

(But it is amusing that this should be brought up again today, shortly after I became involved in a discussion about how an open, honest form of ASICBOOST is coming to Bitcoin.)
10  Bitcoin / Development & Technical Discussion / On the difference between an optimization and an attack on: March 25, 2018, 06:48:33 PM
As others have already explained, Segwit prevents the covert form of ASICBOOST (and I have always been careful to make that distinction when discussing ASICBOOST on this forum).

ASICBOOST is not evil per se.  If everybody has it and uses it openly, then it is simply an optimization.  But if one party has a patent on it and stealthily uses the covert form (prevented by Segwit), then that party has an unfair advantage—leading to worse miner centralization.  That constitutes an attack on the Bitcoin network.

I like the sound of an open, defensively-licensed overt ASICBOOST being sold by a major new competitor to Bitmain.  This could solve some serious problems with centralization not only of mining, but of sources of mining hardware.  I hope it will ultimately lead to greater hardware availability, which is necessary to decentralize the global hashrate.  Altogether, it is also an excellent reason to stick with SHA-256 for Bitcoin’s PoW algorithm!

Times are about to get more interesting...



Thanks @BtcDrak for doing this.  If you want to understand who is behind this new Halong Mining, peruse the bitcoin-dev archives and the Core commit history a bit.
11  Bitcoin / Development & Technical Discussion / Vanity addresses are susceptible to spoofing, *not* a secure UI feature. on: March 25, 2018, 05:44:50 PM
Darkstar has if I'm not wrong 1darkstr or something similar. People recongise those addresses quickly as compared to random ones which are hard to remember

 Cheesy

1DarkStrRagcDjWtsPGxkav4WG3poLXzDS

I'd get 1DarkStar, but that's too long for me to feasibly make or pay someone to get at a reasonable price.

I just want to note, this is NOT a good means to recognize an address.  There are at least 2100254120907352485526230505830591911428096 (5824) addresses which match the pattern ^1DarkStr.+DS$.  Somebody else could easily find a different one to spoof DarkStar_’s address.

I know that this is a real problem with Tor .onion vanity addresses; and I suspect it may be with Bitcoin vanity addresses, too.

A vanity address is good for showing off, and/or making a statement such as with my 35segwitgLKnDi2kn7unNdETrZzHD2c5xh address.  But it is highly insecure as a user interface feature.
12  Bitcoin / Development & Technical Discussion / Collisions of randomly generated keys are impossible in practice. on: March 25, 2018, 03:07:35 PM
What I was imagining was that there could be a simple loop in the program.  Start with the "first" private key (...001), go through the various hashing steps and see if you get a public address with the desired pattern.  If not, then increment the private key by 1 (...002) and do the hashes again. That way, the attempted private keys would effectively get "burned" and not be reused.

It's like buying millions of lottery tickets in the same draw to try to cover as many numbers as possible.  You might as well start with 1-2-3-4-5-6 and then 1-2-3-4-5-7 and so on methodically than to choose a bunch of random "pick 6" numbers.  The chance to win is the same for any set of numbers, but there is a slight chance that a "pick 6" could be generated twice, thereby wasting the ticket (i.e. if you win, you would be splitting the jackpot with yourself).  I suppose the "slight" chance is so slight that maybe it doesn't matter.

The entire security of Bitcoin, PGP, TLS/SSL, Tor, disk encryption, and all other crypto using fixed-length keys rests on the premise that the “slight” chance of a collision is impossible as a practical matter.

Think:  The probability of you picking the same key twice is equal to the probability of an attacker randomly picking your key in a bruteforce attack.

Theoreticians use terms such as “negligible probability” because such a thing is possible in theory.  But it will never actually happen that you generate the same key twice, unless your random number generator is so badly broken as to be worse than useless.  Conceptually, think of randomly picking one drop of water from the ocean, then another, and getting the same drop; or randomly picking one grain of sand from anywhere on Earth, then another, and getting the same grain of sand.  2160 is much bigger than that.

Whereas LoyceV speaks truly:

What I was imagining was that there could be a simple loop in the program.  Start with the "first" private key (...001), go through the various hashing steps and see if you get a public address with the desired pattern.  If not, then increment the private key by 1 (...002) and do the hashes again.
A fixed instead of truely random starting point would mean your private key isn't secure. It would mean anyone could reproduce your search and steal your coins.

Note, however, that Vanitygen does try sequential points from a randomly chosen starting point.  (“Sequential” here does not mean linear “1, 2, 3”; rather, it uses elliptic curve point addition.)  It does this for reason of efficiency.  sipa’s keygrinder used in the current development branch of segvan uses similar methods to rapidly generate a great quantity of keys (or optionally, tweaks) from a single random seed.  This can be secure if and only if all seed and key material other than the “winning” key is destroyed and never reused.
13  Bitcoin / Development & Technical Discussion / Answers to vanity generation technical questions on: March 25, 2018, 12:54:51 PM
Each extra character makes it 58 times more difficult to find.
Note that starting with a Capital can be 58 times faster (depending on which character you use): 1Abcdef or 1ABCDEF are much faster than 1abcdef.

Just two questions about the two points:

  • Why is it 58 exactly? My guess would be: is it something like 26 +26+ 10 = 62 (alphabet sets in caps and regular making the 26 each and the 10 being the number of numbers zero to nice) minus four illegal characters?

Yes, 62 minus four illegal characters.  That equals “58 exactly”.

Old-style (pre-Bech32) Bitcoin addresses use base58, not base-62.  Each character is a radix-58 digit, in the range of [0, 57].  Following are the “digits” used by Bitcoin, from an old code snippet of mine.  Observe that “I” (uppercase i), “O” (uppercase o), “0” (numeral zero), and “l” (lowercase L) are excluded.

Code:
const char base58[59] =
"123456789" /* 9, [0..8] */
"ABCDEFGHJKLMNPQRSTUVWXYZ" /* 24, [9..32] */
"abcdefghijkmnopqrstuvwxyz"; /* 25, [33..57] */

  • Why are capital letters easier to find as compared to regular numbers and what's like the "math" behind it?

Capital letters are not generally easier to find.  However, at the beginning, they represent a lower number.  Since the large integer being represented is in a range which is not a power of 58, higher digits at the beginning may be rare, or even impossible.

For an analogy:

Imagine that you are searching for a pattern of base-10 digits in a 30-bit base-2 (binary) number.  The number you seek has a range of [0, 1073741823].  Digits [2-9] are impossible in the first position; and digit 1 is only in the first position for 73741824/1073741823 ≈ 6.9% of randomly selected 30-bit numbers.

Here, you are searching for a 192-bit base-2 (binary) number, where the upper 160 bits are uniformly distributed and the lower 32 bits are also uniformly distributed (but dependent on the upper 160 bits).  You are representing that number as a base58 number.  Probability of hitting various base58 digits in the first position is left as an exercise to the reader. <g>





Hmm, I'm guessing this more of a practical real life data rather than actual theoretical analysis?
Yes. The theoretical answer must be somewhere within the hashing algorithm, but that's beyond my understanding.

The theoretical answer is actually not in the hashing algorithm at all, but rather, in how a pseudorandom number uniformly distributed across a binary search space is represented in radix-58 (base58).





If you just restart it, nothing is lost. It just makes a clean random start at another point than where you started before.

What does "nothing is lost" mean?  It went through 12 quadrillion tries before crashing.  Is every try completely random (it doesn't "save" a list of previous attempts or go in some methodical order)? 

LoyceV provided a good explanation by analogy to dice throws.  I have only to add:  This is a probabilistic search.  You could hit your lucky address on the very first try (like winning a lottery).  Considering your previous 12 quadrillion “losses” is actually an instance of classic Gambler’s Fallacy.

The probability of repeating one of those 12q tries is the same as trying an untried one? 

In both cases, the probability is negligible = practically impossible.  12 quadrillion (1.2 x 1016) is a drop in the ocean of a 2160 search space (>1048, more than a thousand quadrillion quadrillion quadrillion).

(N.b. that the search space is of size 2160 although its input is 33 octets for compressed keys and 65 octets for uncompressed keys, and the output is a 192-bit number due to the 32-bit checksum.)
14  Economy / Gambling / Avoid this crypto snakeoil: TELEGRAM-DICE.COM on: March 23, 2018, 08:39:58 PM
TELEGRAM DICE

[...]

Visit https://telegram-dice.com for faucet and live data.

[...]

   Provably fair
🤖
      The random number is simply created from last Bitcoin transaction , we extract the last 4 digits from last Bitcoin transaction hash
      Bets are instantly verifiable

The described system is premised on a severe misunderstanding of how Bitcoin works, coupled with incorrect claims about provably fair systems.  It reeks of pure snakeoil.

Foremost, learn the first rule of applied cryptography:  Almost anybody can design a system which he himself cannot break.  That appears to be what you’ve done here—assuming good faith on your part:  You made a system which you don’t know how to break, then assumed that it could not be broken by people who have far more knowledge than you do.

As RGBKey correctly states, there is no such thing as a “last Bitcoin transaction”.  The whole purpose of the Bitcoin mining system is to create a Byzantine fault-tolerant ordering where no order otherwise exists.  If you are drawing off the last transaction which your node’s mempool happened to see (or you claim to), then you can easily cheat.  Furthermore, an attacker could easily influence your mempool.  You are just waiting for some smart person to clean out your funds!

Forget about using transaction hashes:  Even a block ID is not secure for this purpose, since it can be influenced by miners.  (I should add:  The hashes of confirmed transactions within a block are also easily influenced by miners, since a miner is the one who chooses which transactions to include in the block.)

The hash the last block's ID approach can be biased by miners.  Without knowing what the the result would be used for you can't argue that they wouldn't do it... if they could make themselves win a 100 BTC lottery for sure, ... it would be totally reasonable to orphan and throw out blocks to pull it off.    The earlier proposal to use "the last 64 blocks" doesn't help, the last block is sufficient-- it already commits to all prior blocks anyways.

But that is not the only place where your design is insecure.

You say, “we extract the last 4 digits from last Bitcoin transaction hash” (boldface in the original).  But it would be trivial to create a transaction with fully customized, artificially chosen last 4 digits of its txid!  By tinkering with the nonce used for signature generation in a non-Segwit transaction, I can create any “last 4 digits” I want with an average of only 232 work.  Creating a valid Segwit transaction with predetermined last 4 digits to its txid would be a bit trickier; but off-the-cuff, I can think of a way to do it.  Either way, you have created a system which allows anybody to spend some CPU power and fully determine the outcome of a bet.

So, your system has multiple severe security flaws.

Moreover, you destroy your own credibility is when you throw FUD on sites which are actually provably fair.

the other dice can cheat and change the seed at any time

Wrong.  A site which uses a properly designed commit-and-reveal system cannot cheat, and is guaranteed by the laws of mathematics to be not cheating.  If a site claims to be provably fair when it isn’t (as you are doing), then that is simply fraudulent false advertising.

I respect your opinion

It is not a matter of “opinion” in any arbitrary sense.  Either a site is in fact provably fair, or it is in fact not.  This is a question of mathematics and cryptography—notoriously objective subjects which have no respect for “opinions” in the colloquial sense of that word.

So claiming that you know the truth and writing it in bold and very big , is a little snooty coming from somone who are promoting another dice in his banner.

I have no affiliation with any existing dice site, although my PGP keys are paying an awful lot for my signature space.  I know that RGBKey is correct in what he says, because I have a technical understanding of how Bitcoin works and also, of how provably fair systems work.

What RGBKey has explained to you is very basic Bitcoin knowledge, plus a dash of Applied Cryptography 101.  It is a matter of factual correctness, not of opinions; and your ad hominem argumentation does not change the facts.



To OP, you should not foist such an insecure site on the public with incorrect claims that it is “provably fair”.  It provably isn’t.  If you want to design your own dice system, then you need to either engage in long study of the secure design and implementation of cryptographic protocols, or hire a competent expert to help you.

To others reading this thread:  Avoid this site.
15  Other / Meta / Cloudflare tried to CAPTCHA me! on: March 23, 2018, 07:30:34 PM
The Cloudflare Javascript cavity-searches continue—on and off, much more “on” than “off”.  This seems to occur about as often as I get a new IP address, approximately every 10 minutes.  The “browser check” page interacts badly with multiple SMF functions, including posting and sending PMs.

Worse, about an hour ago, Cloudflare tried to CAPTCHA me when I was making a post:

Screenshot of Cloudflare CAPTCHA on bitcointalk.org

I backed up, changed Tor circuits, and pasted in my post again.  The change of circuits worked—this time.

I don’t want to keep complaining on this thread, but the situation keeps getting worse.  Moreover, I needed to leave a note somewhere—just in case:

I will not jump through “I am not a robot” hoops simply to access the site when I’m already logged in.  If I suddenly disappear, please check to see whether Cloudflare is CAPTCHAing Tor users.

To inform those who may make assumptions based on non-Tor experience:  The Google CAPTCHA (used by Cloudflare) cranks up the tedium all the way for Tor users, with multiple successive challenges which slooooowly load new images.0  It always takes more than a full minute to complete.  Worse, for the past few months, Google has been frequently refusing to serve CAPTCHAs to Tor users.  The last time I needed to do a Google CAPTCHA, the whole process of obtaining and then solving it took me about 10 minutes!  Obviously, I will NOT even consider doing that just to load a webpage.  I don’t care if the webpage be carved of solid gold.  It is outrageous in principle.

CAPTCHAs for page loads would mean an effectual ban of Tor users.  Please don’t let that happen.





0. Aside, I do not see what possible purpose the long artificial delays in challenge image loading have for stopping robots.  A robot’s time is worth nothing, and it has no feelings of mind-dulling boredom.  The only conceivable purpose of these long delays is to torment humans who use Tor.

Overall, Cloudflare’s mistreatment of Tor users has for years been a textbook example of “the nudge” method for social engineering.  Cloudflare loudly claimes to support privacy, and they say they don’t hate Tor.  But actions are louder than words; and the net effect of their actions is to consistently discourage Tor use.

With only a few exceptions such as the Bitcoin Forum, I have been boycotting Cloudflared sites for about four years now.  I do not want a man in the middle serving as a mass-decryption point to monitor my communications with a wide range of sites.  I do not want to be tormented and have chunks of my lifetime stolen as punishment for caring about my own privacy.  And I miss nothing; it’s not my loss.  There is plenty of other Internet for me.
16  Other / Meta / Demand for self-doxing; really capital punishment; cart00neys; ceterum censeo... on: March 23, 2018, 06:22:24 PM
Can you clearly mention which part of country does Lauda belongs and what is his TAX ID?

Why do you have this insane notion that someone would willingly post their location and tax details to a public forum?

Because he’s insane.  “Bats in the belfry” is my medical diagnosis, especially since it has been discovered that Lauda is in fact a flying catbat.

Of course, a location sufficient to identify jurisdiction would not suffice:  Also impliedly needed are a full “legal” name, and a physical address.  Date of birth would also be helpful.  Plus of course, the tax ID (if Lauda even be subject to a jurisdiction which uses tax ID numbers).  Altogether, endlasuresh has peremptorily commanded that Lauda commit the most extraordinary self-doxing ever yet seen on the Intertubes!

In other news, doctor, I urgently need your help with a serious case of Pleurodelinaemia.





You forgot:  Lauda is a tax evading sockpuppeting pill addict who turned you into a newt.  Even if you got better, you should not let the crime go unpunished!

Yes, a most horrendous case of Pleurodelinaemia, and one that required my years of knowledge to treat. Casting such a spell is clearly treason, and therefore I would argue for capital punishment.

Capital punishment?  Oh, no—not punishment of the Bitcoins!  That would be cruel and unusual.





Still this thread not reached to FBI, but ill submit it to FBI and CBI.nic.in as one Indian here said same thing retarded.

In nanae, a ridiculous legal threat such as this was called a “cartooney” (also spelt “cart00ney”).  The same as for “lawsuites” which will be filed any time, now...

Anyway, I know that the FBI just loves receiving nonsensical reports about imaginary crimes by persons who are probably not even under the jurisdiction of the United States.  To help keep busy agents organized, they even have a special file for such reports.  It is called the “roundfile”.

P.S., please also report me to the FBI, the CBI, the ABC, and the XYZ, too.  I would not want to feel left out—and nor would any agency!

[Pre-posting edit:  @Steamtyme, I wrote that before I saw your post.  Good thinking.  Cheers.]





You never seen Lauda's nasty things here?

You have no idea how nasty Lauda is!  Look here:

As I was initiated into a cryptic cult with rites of the goddess Hecate, the renowned paranormal researcher William Blake caught this photograph of Lauda shapeshifted to the form of a flying catbat:

Photo of LAUDA as a FLYING CATBAT
The witch LAUDA
Identified Flying Object (IFO)
(Better than a UFO.  Much better than an ICO.)


Is any more actual proof needed to sustain a charge of witchcraft? Shocked





Ceterum censeo, Quickseller should kill himself.
17  Economy / Reputation / The witch LAUDA gave me Pleurodelinaemia!! on: March 23, 2018, 05:29:18 PM
As I was initiated into a cryptic cult with rites of the goddess Hecate, the renowned paranormal researcher William Blake caught this photograph of Lauda shapeshifted to the form of a flying catbat:

Well, that’s nothing.  Lauda became angry at me when I failed to keep up a regular schedule of worshipping the devil and oppressing spammers and scammers poor, innocent denizens of the forum.  Now, it is difficult for me to type any posts at all.  Just look at me!  My fingers!

Loading photo of nullius as a newt...
nullius under Lauda’s spell
(Photo credit: Connor Long.)

On the bright side, I now have a voracious appetite for mosquito larvae.  Delicious!





You forgot:  Lauda is a tax evading sockpuppeting pill addict who turned you into a newt.  Even if you got better, you should not let the crime go unpunished!

Yes, a most horrendous case of Pleurodelinaemia, and one that required my years of knowledge to treat. Casting such a spell is clearly treason, and therefore I would argue for capital punishment.

Dr. o_e_l_e_o, a web search review of the literature makes it apparent that you have advanced the medical state of the art with your characterization and efficacious treatment of Pleurodelinaemia, as well as adding that word to the medical lexicon.  Now, I need your help!

HELP!

LAUDA MUST BE STOPPED!
18  Bitcoin / Development & Technical Discussion / Hardware wallets vs. airgap machines; supply-chain attacks; forward/backward sec on: March 23, 2018, 03:50:03 AM
How about an air-gapped PC?

This.  With the proviso that this means a dedicated machine which is never connected to a network, and has hardware capable of non-contact connections (such as wifi and bluetooth) physically removed.  I state this explicitly, for I’ve observed that many people mistakenly believe that rebooting their network machines with a live CD/USB makes for an “airgap”.

Part of the advantage of an airgap machine is that the hardware can be purchased anonymously.  For ordinary individuals, buying an inexpensive laptop (sufficient for Bitcoin, PGP, etc.) off the shelf for cash is the only practical means I know for precluding any chance of a targeted supply-chain attack.  Wherefore this part of the Ledger vulnerability disclosure blog post caught my attention (boldface is in the original):

Quote from: Saleem Rashid
In this disclosure, we will focus primarily on the case of supply chain attacks. That is: whether or not you can trust your hardware wallet when you purchase it from a reseller or third party. But, as I explain briefly at the beginning of this article, the methods described here can be applied to the other two attack vectors.

Well, that was always my biggest problem with hardware wallets!  How do I get one?

A company garners my distrust when it not only fails to adequately address this question, but gives its customers advice so irresponsible as to verge on negligence (archive.is link corrected to https):

Quote from: Saleem Rashid
Ledger’s CTO even goes as far as to tell users that it is completely safe to purchase from eBay (archive.is / archive.org).

Do they claim their hardware to be unhackable!?

The first rule of computer security is physical security.  If an attacker comes into physical possession of your hardware, then you must thence permanently consider that hardware to be compromised.

My understanding of tamper-resistant hardware wallets was always that they would resist extraction of keymat already stored on the device—backward-looking protection of data at rest.  Not that they would guarantee forward safety of the device after it had been in possession of an adversary.

An airgap PC with properly0 encrypted disks will also protect your coins against thieves who steal the device—but with the difficulty that this only moves the key management problem from one place to another:  How do you secure your disk encryption keys?  Tamper-resistant hardware could be quite helpful here; I’ve had some relevant thoughts, but of course, that would require obtaining uncompromised tamper-resistant hardware.

(Of course, an airgap PC which has been stolen and recovered must be treated as permanently compromised.)


0. Don’t get me started.
19  Other / Meta / Plagiarist socks: #1633886 “salsa” #1644895 “bitcoinbooster” #1644927 “serasara” on: March 22, 2018, 11:29:45 PM
Please nuke the following accounts from orbit.  Since they all seem to represent some of the tottering first steps of an aspiring account farmer, I recommend that Administrators check IP evidence for any linkage to other accounts.  If such a thing were practicable, the individual who did this should be altogether deprived of Internet access, an also of oxygen.


Eight out of nine posts by “salsa” are plagiarism.  (The ninth is a one-line shitpost praising an allegedly free “transaction accelerator”.)  The other two above-listed accounts are almost certainly sockpuppets of the same individual.

I shall now proceed to quote each and every post by all three of these accounts.  Yes, it’s that bad.

Table of Contents






For its first post, “salsa” chose a modus operandi of copypasting the OP of the thread, in the same thread.  More of this is seen below.

Original, topic OP:

https://web.archive.org/web/20180322011643/https://bitcointalk.org/index.php?topic=2353448.msg23988064#msg23988064
I see a lot of people pushing for companies like Amazon to accept Bitcoin as a payment option. Have we considered the

implications of these decisions? Let's say we cannot scale to "service" the need for millions of new people who would use

this technology for the first time. What a big embarrassment would it be, if people waited 13 hours for their transactions to

be confirmed. Doing this now will hurt Bitcoin more than any other "bad" thing that has happened to it before.

We need to wait for the perfect scaling solution to address this problem, before Amazon or any other big retailer starts to

accept Bitcoin as a payment option. The Lightning Network might get us close, but it is not a proven technology yet.

Let's hear your thoughts on this?  Huh Huh

Plagiarized on page 7 of the same thread as the first-ever post by the “salsa” account:

https://web.archive.org/web/20180322011526/https://bitcointalk.org/index.php?topic=2353448.msg27747879#msg27747879
I see a lot of people pushing for companies like Amazon to accept Bitcoin as a payment option. Have we considered the

implications of these decisions? Let's say we cannot scale to "service" the need for millions of new people who would use

this technology for the first time. What a big embarrassment would it be, if people waited 13 hours for their transactions to

be confirmed. Doing this now will hurt Bitcoin more than any other "bad" thing that has happened to it before.

We need to wait for the perfect scaling solution to address this problem, before Amazon or any other big retailer starts to

accept Bitcoin as a payment option. The Lightning Network might get us close, but it is not a proven technology yet.






“salsa” used the same m.o. for its second post.

Original, topic OP:

https://web.archive.org/web/20180322011958/https://bitcointalk.org/index.php?topic=133931.msg1426125#msg1426125
In these times of Mass scammers out there, I urge people to use an escrow. There are many good members out there willing to help to secure the bitcoin community, There are also more people willing to do anything to scam you out of your coins, Please just do your research on someone before you part with your hard earned coins.

An escrow list - updated 11/17

Note to mod, I know this is in the wrong section as I am not selling anything, I feel we all need to be wiser, People in the selling forums are less likely to look elsewhere for information on what this is and how it is acheved,
Even if a few people read this and use escrow, Or a few scammers don't get their coins, I will consider this a good job.
Please consider not moveing out the way, This needs to be addressed.

** jan 16

There is a new wave of possible scammers, People who buy up legendary accounts and trade untill they have large sum of money then run, This has been done with a very trusted account recently.

Please be cautious, I am trying to set up a 3 way secure key escrow for my personal escrows to add peace of mind.

I would like to point out, that I do not partake in escrowing forum accounts, I never have and never will, in fact its against the rules on my forum, This is a trust based commodity as it stands, if we keep moving the goal posts as well as the stadium, no one can be accountable for theft!

Keep safe people, dont give up, trust in BTC, suspect people :-)

** April 17

please watch out for fake accounts made to look like hero/legendary escrow accounts, check the join date and the letters of the name exatly! some use numerical 0 instead of alphabetical O, and please watch out for sold accounts! this forum allows selling of any account, so make it difficult to know who's still real, I do not allow selling of accounts on my forum  Roll Eyes

Plagiarized on page 14 of same thread as the second post by the “salsa” account:

https://web.archive.org/web/20180322012127/https://bitcointalk.org/index.php?topic=133931.msg27748797#msg27748797
In these times of Mass scammers out there, I urge people to use an escrow. There are many good members out there willing to help to secure the bitcoin community, There are also more people willing to do anything to scam you out of your coins, Please just do your research on someone before you part with your hard earned coins.

An escrow list - updated 11/17

Note to mod, I know this is in the wrong section as I am not selling anything, I feel we all need to be wiser, People in the selling forums are less likely to look elsewhere for information on what this is and how it is acheved,
Even if a few people read this and use escrow, Or a few scammers don't get their coins, I will consider this a good job.
Please consider not moveing out the way, This needs to be addressed.

** jan 16

There is a new wave of possible scammers, People who buy up legendary accounts and trade untill they have large sum of money then run, This has been done with a very trusted account recently.

Please be cautious, I am trying to set up a 3 way secure key escrow for my personal escrows to add peace of mind.

I would like to point out, that I do not partake in escrowing forum accounts, I never have and never will, in fact its against the rules on my forum, This is a trust based commodity as it stands, if we keep moving the goal posts as well as the stadium, no one can be accountable for theft!

Keep safe people, dont give up, trust in BTC, suspect people :-)

** April 17

please watch out for fake accounts made to look like hero/legendary escrow accounts, check the join date and the letters of the name exatly! some use numerical 0 instead of alphabetical O, and please watch out for sold accounts! this forum allows selling of any account, so make it difficult to know who's still real, I do not allow selling of accounts on my forum   Roll Eyes





I can’t find the source for the third post by the “salsa” account; but it is obviously plagiarized, too.  It even references a “table below” which does not exist in the post.  It appears to be copied from marketing materials for Monex Investindo Futures (MIFX), an Indonesian forex broker.  Incidentally, the material is off-topic in the thread.

https://web.archive.org/web/20180322013759/https://bitcointalk.org/index.php?topic=2711756.msg27751213#msg27751213
What is the effect of spread on profit opportunities?
Often traders only consider commissions trading. In reality, trading profits depend on commissions and spreads. Monex comes with the lowest commission and spread combinations with no hidden costs that give you a lower break-even point and a 40% higher profit chance *.
* You can see illustrations of the effect of spreads and commissions in the table below

Why deal with market execution?
Market execution is an order to buy or sell at the best available price when the broker receives the request. The order will be immediately done without "requote" or rejection at the best market price so as to guarantee the speed of your transaction.

Why choose an official licensed legal broker?
As a legal broker under the supervision of BAPPEBTI, Monex has operational standards in line with applicable regulations, including a separate account system applied to all customer funds. This ensures the security of your funds is assured during trading. You can also enjoy the ease of withdrawing funds on the same day as all client funds are kept in account in Indonesia.





Similar as with the account’s third post, its fourth post is self-evident copypaste plagiarism related to an Indonesian service, stuck in a thread where it is off-topic (here deep on page 5).  This one appears to have potentially been run through a machine translation, and self-references “the authors” (plural).

https://web.archive.org/web/20180322014357/https://bitcointalk.org/index.php?topic=2694817.msg27751818#msg27751818
The rapid development of the business world in line with technological developments has had a major impact on the economic development of Indonesia. This is seen by the tight competition in the business world both trade and industry products and services and the increasing demands of consumers not only limited products or goods consumed but also improved quality of service / service for the product.
This increasingly fierce competition requires companies to manage all existing resources optimally in order to survive in the business world tends to change rapidly. Inventory of goods is one important resource for the survival of a company.
Hospital is one form of business services that provide health services in fulfilling the life of the community, where hospitals in this day and age again only how a person was quickly healed. A very significant development of the proliferation of clinics and hospitals, so the management must strive to provide the best service to paasien not only how to cure it but also apply how to provide support facilities to patients.
Therefore, the authors are interested to discuss the problem Supporting Facilities (Facilities Support) at the Hospital with the aim of improving service to consumers in this case the patient.





For its fifth post, “salsa” copypaste from an article about the outsourcing of graphic design.  But here, “salsa” added its own creative touch:  Two emoticons appended to the bottom of the copypaste!

Note:  The sentence, “Graphic design is one of those things where people like different things but dislike the same ones” is a witty quip which appears to have been plagiarized by other sites (e.g.).

Putative original—link and boldface here presented as in the original:

https://www.ictc-burgas.org/en/news/graphic-design-with-an-outsourcing-company-pros-and-cons
(URL failed to load for me; may be blocking Tor?)

https://web.archive.org/web/20180322015136/https://www.ictc-burgas.org/en/news/graphic-design-with-an-outsourcing-company-pros-and-cons

Quote from: ICT Burgas
Graphic design is one of those things where people like different things but dislike the same ones. In a way, when a bad design appears in the world, anyone can tell it’s bad. That’s why you need to be extra cautious when delegating your graphic design tasks to someone else.

                 

Once familiar with the risks, taking the decision of choosing the right outsourcing company will turn into a child’s play. Or at least your choice spectrum will be significantly narrowed down.

If you’re looking for a partner, we - from ICT Burgas, can connect any business looking for outsourcing opportunities with the appropriate local company and guarantee its efficiency and premium quality.

We’ve always preferred bad news served first so let’s try something unconventional and start with the cons of outsourcing your graphic design tasks.

Cons

[...]

Plagiarism, with addition of two eye-rolling emoticons:

https://web.archive.org/web/20180322020038/https://bitcointalk.org/index.php?topic=2717933.msg27815054#msg27815054
Graphic design is one of those things where people like different things but dislike the same ones. In a way, when a bad design appears in the world, anyone can tell it’s bad. That’s why you need to be extra cautious when delegating your graphic design tasks to someone else.

                 

Once familiar with the risks, taking the decision of choosing the right outsourcing company will turn into a child’s play. Or at least your choice spectrum will be significantly narrowed down.

If you’re looking for a partner, we - from ICT Burgas, can connect any business looking for outsourcing opportunities with the appropriate local company and guarantee its efficiency and premium quality.

We’ve always preferred bad news served first so let’s try something unconventional and start with the cons of outsourcing your graphic design tasks.

  Roll Eyes Roll Eyes

Note:  The copypaste job did not retain formatting, but did keep the weird invisible whitespace on the apparently blank second line.





For its sixth post, the “salsa” account plagiarized an old version of Wikipedia’ Bitcoin article.  This text has been plagiarized (without attribution) on multiple other websites, and was likely copied from one of those.

Wikipedia’s edit history has many variations of the wording within this passage; there is probably one which is an exact match, which I simply didn’t find in the page’s voluminous edit history.

(Aside:  1rYK1YzEGa59pI314159KUF2Za4jAYYTd also shows up as an example address in https://casascius.com/AgreementToDeliverBitcoins.pdf, which is still served up with a last-modified date of 2011-02-04 17:39:13 (UTC).  Does anybody know what that address is, or where it originated?)

2011 vintage Wikipedia:
https://en.wikipedia.org/w/index.php?title=Bitcoin&oldid=416583341

Quote from: Wikipedia
Bitcoin is a peer-to-peer implementation of Wei Dai's b-money proposal and Nick Szabo's Bitgold proposal. The principles of the system are described in Satoshi Nakamoto's 2008 Bitcoin whitepaper.[1]
Addresses

Any person participating in the bitcoin network has a wallet containing an arbitrary number of cryptographic keypairs. The public keys, or bitcoin addresses, act as the sending or receiving endpoints for all payments. Their corresponding private keys authorize payments from that user only. Addresses contain no information about their owner and are generally anonymous.[2] Addresses in human-readable form are strings of random numbers and letters around 33 characters in length, of the form 1rYK1YzEGa59pI314159KUF2Za4jAYYTd. Bitcoin users can own multiple addresses, and in fact can generate new ones without any limit, as generating a new address is relatively instantaneous, simply equivalent to generating a public/private key pair, and requires no contact with any nodes of the network. Creating single-purpose/single-use addresses can help preserve a user's anonymity.

Plagiarism:

https://web.archive.org/web/20180322024338/https://bitcointalk.org/index.php?topic=133931.msg27821715#msg27821715
Bitcoin is a peer-to-peer implementation of the b-money proposal by Wei Dai and Bitgold's proposal by Nick Szabo. The principle of the system in general has been described in 2008 by Satoshi Nakamoto.
Delivery

Someone who participates in a bitcoin network has a wallet that stores some keypair - keypair critiques. Public key - public key, or address - bitcoin address, which acts as the endpoint send or receive for all payments. The associated private key only allows payments only from the user itself. Addresses do not contain any information about the owner and are generally unknown. [8] Addresses in human readable format consist of random numbers and letters that are approximately 33 characters long, in the format 1rYK1YzEGa59pI314159KUF2Za4jAYYTd. Bitcoin users can have multiple addresses, and the fact can generate new addresses without any restrictions, because creating a new address is immediate, comparable to generating a common





The “salsa” account’s seventh post is self-evident plagiarism from a source I cannot immediately locate.  It appears to be from marketing materials for “Journals, cloud-based online accounting software”.

https://web.archive.org/web/20180322031043/https://bitcointalk.org/index.php?topic=1635900.msg27824788#msg27824788
Accounting according to the American Accounting Association is a process of identifying, measuring, and communicating economic information to get the right decision from users of corporate information. However, in the process many companies experience mistakes in the accounting process that can cause losses to the loss of trust from others. Here are some mistakes in accounting processes that are often found in companies.

 

Recording & Reconciliation Errors

As businesses begin to run smoothly, many entrepreneurs ignore the financial statements simply by reason of not having much time. By not logging business transactions, financial statements will be inconsistent with actual company conditions. Inappropriate and inappropriate financial statements can have a negative effect on the company such as credit rating to be bad or delivery of goods from suppliers to be not smooth.

 

Only Make Reports as Records

Many entrepreneurs see accounting only as a process of recording corporate financial data that serves only to calculate the balance of the company or the interests of taxation. But in reality, financial statements can provide information as a consideration chart to determine decisions or create strategies for developing a company's business.

 

Forgot Saving Transaction Proof

Often forget to keep a proof of a transaction like a receipt or note often happens to everyone, especially when attention and thoughts are focused on things. While receipts and notes can be a valid evidence when there is a difference in the number at the time of checking financial statements. Not only that, receipts and notes are also very useful and can facilitate the process of audit and taxation.

 

Mathematical Error When Counting

Counting errors do not only happen to the culprits but also often happen to experienced accountants. This error often occurs when in a hurry or when tired so can not detect the error. Error calculating when combined with input and reconciliation errors can be a big mistake in the company's financial statements. Where, if the error is unknown for months can lead to a more complex problem when it wants to fix and resolve it.

 

Those are some of the most common mistakes in the accounting process. To reduce accounting mistakes many entrepreneurs are entrusting their business accounting process with accounting software. Journals, cloud-based online accounting software can help entrepreneurs in making financial reports instantly. Not only that, with Journal accounting software, you can also monitor financial reports anywhere and anytime in real-time. For more info on Journals, you can see here.





For its eighth post, “salsa” liked a really stupid post so much that its controlling wetware almost simultaneously copypasted it under two different accounts, then praised it with a self-evident sockpuppet.

I wonder what is so significant about this post?  Why did this idiocy warrant such attention?

Putative original, by an account which last posted on 2017-11-22, although its profile page shows a login as recently as 2018-03-20 (mostly ungrammatical posts; interests include: airdrops, altcoins, “transaction accelerators”, praising the S2X team...):

https://web.archive.org/web/20180322031319/https://bitcointalk.org/index.php?topic=2340424.msg23822464#msg23822464
One point I'd like to make is that while Blockchain is a topic that is often associated with Bitcoin, it can exist entirely independent of Bitcoin. There's lots of technical and intellectual "baggage" associated with Bitcoin, and those negatives shouldn't prejudice someone as to the possible uses of Blockchain.

Copypaste by #1644895 “bitcoinbooster”, first and only post by account created 2018-01-10 02:59:21:

https://web.archive.org/web/20180322031648/https://bitcointalk.org/index.php?topic=2718302.msg27814176#msg27814176
One point I'd like to make is that while Blockchain is a topic that is often associated with Bitcoin, it can exist entirely independent of Bitcoin. There's lots of technical and intellectual "baggage" associated with Bitcoin, and those negatives shouldn't prejudice someone as to the possible uses of Blockchain.

Instant agreement nine minutes later by #1644927 “serasara”, first and only post of account created 2018-01-10 03:08:09:

https://web.archive.org/web/20180322031712/https://bitcointalk.org/index.php?topic=2718302.msg27814422#msg27814422
One point I'd like to make is that while Blockchain is a topic that is often associated with Bitcoin, it can exist entirely independent of Bitcoin. There's lots of technical and intellectual "baggage" associated with Bitcoin, and those negatives shouldn't prejudice someone as to the possible uses of Blockchain.

I agree with you, thank you for that insight!

Eighth post of “salsa”, almost certainly the same wetware operating this sockpuppet show; note the timestamps on all the copies of this obscure post!

https://web.archive.org/web/20180322032502/https://bitcointalk.org/index.php?topic=2707174.msg27827623#msg27827623
One point I'd like to make is that while Blockchain is a topic that is often associated with Bitcoin, it can exist entirely independent of Bitcoin. There's lots of technical and intellectual "baggage" associated with Bitcoin, and those negatives shouldn't prejudice someone as to the possible uses of Blockchain.





For its ninth post, “salsa” made a shitpost praising an allegedly free “transaction accelerator”:

Re: [FREE] Bitcoin Transaction Accelerator
https://web.archive.org/web/20180322032811/https://bitcointalk.org/index.php?topic=2455333.msg27830871#msg27830871
your website is really good. that's really help me as beginners to understand important concepts surrounding cryptos.

Well, I suppose that’s “original” in the sense that I have no evidence of it having been plagiarized.  What a contribution to the forum!

Please guarantee that that shall have been the last-ever post by that account—and if any other linkage can be found, please terminate this person’s posting career!
20  Alternate cryptocurrencies / Announcements (Altcoins) / Re: ⚠️ “Relex [RLX]” = SPAMMERS ☠️ on: March 22, 2018, 09:23:06 PM
#1100145 “KevinVu-Relex” is spamming the forum for this stupid token.  I just reported 4 out of 8 posts “KevinVu-Relex” has ever made, for violation of this strict rule (boldface added) as quoted in the Bitcointalk.org rules:

Ads are typically not allowed in posts (outside of the signature area) because they are annoying and off-topic. It is especially disallowed to put ads or signatures at the bottom of all of your posts. Except for traditional valedictions, which are tolerated but discouraged, signatures are for the signature area only.

Are you mentally ill? The team might not be aware of such an arbitrary rule, hell I wasn't until you pointed it out.

Failure to read the rules is “the team’s” problem, not mine.  It is evidently a problem with consequences, since #1100145 “KevinVu-Relex” has been nuked:

https://bitcointalk.org/modlog.php
Quote from: Deletion log
Nuke user: N/A in topic #0 by member #1100145

As for your mental health question, I suggest that you ask your doctor about narcissism.  The world does not revolve around you.  You must learn to heed rules made for the proper functioning of a social community, or GTFO.





https://web.archive.org/web/20180322195227/https://bitcointalk.org/index.php?topic=2075473.msg32918984#msg32918984
Spam? He was replying to questions, and linking their ANN at the end of his comments. I'd be hard pressed to call that spamming. Spamming would be him posting the same ad or link over and over, without provocation. I started reading your paragraph thinking I'd come away with a convincing argument, but I'm just disappointed I read it now.

I could see that but all of his responses were true and it wasn't like he was outright shilling the relex token so i dont see the problem to be honest. His responses excluding the link we're free of any shilling. So id just tell him to remove it, but i wouldnt say its spam...

Two living examples of Sharp’s Corollary:  “Spammers attempt to re-define ‘spamming’ as that which they do not do.”  Also, of Rules-Keeper Shaffer’s Refrain.

You do not get to define what spam is.





Maybe you are trying to FUD to get the price lowered (won't work), or maybe you are too poor to buy dirt cheap RLX, and you are jealous.

I wouldn’t take your spamcoin if it were given to me for free.

Anyway, thank you for helping confirm that Relex and Relex supporters are a nest of spammers and spam-apologists.  I will remember to never, ever buy anything made by anybody involved with Relex; and I recommend that others do likewise.

DO NOT BUY RELEX.  DO NOT SUPPORT SPAM!
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 »
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!