So, you are trying to use the bundled Tor from Tor Browser rather than a dedicated Tor daemon?  This is not recommended.

IIRC, the default TCP port for Tor Browser’s Tor’s SOCKSPort is 127.0.0.1:9150, which explains why Bitcoin could not connect to port 9050.  On Linux, at least, recent versions of Tor Browser may even use a UNIX domain socket rather than a TCP socket.  But I’m not even sure what it does by default, since I use Tor Browser with an external Tor daemon on a network-isolating gateway.  I would need to search—I recommend that you do so, if you really want to use Tor Browser’s Tor.

If you want to add another SOCKSPort to Tor Browser, look for Browser/TorBrowser/Data/Tor/torrc.  See the Tor manual page for documentation of SOCKSPort.  Be aware that this will probably (?) be wiped out when you upgrade Tor Browser.

It is strongly recommended that you set up a separate Tor daemon for your Bitcoin.  I recommend doing so on a gateway which isolates the internal network; this affirmatively prevents all leaks of your “real” IP address, whether malicious or accidental.  Many applications leak horribly, doing direct DNS lookups even when they purport to accept SOCKS proxy settings.  You can set up a Tor gateway on a cheap computer with two Ethernet ports, or using VMs within the same physical machine.  On FreeBSD, the jail subsystem provides a lightweight means to achieve this.  N.b. that if you use a separate Tor daemon with Tor Browser, it requires some muttered incantations to disable Tor Browser’s bundled Tor; and you must do this to avoid “Tor-over-Tor”, which will harm your anonymity as well as killing performance.

@pebwindkraft, sorry, you were responding to a plagiarist who copied one of my old posts (and also a post by bob123), as reported by BitCryptex.

---

Replying to you, with corrected attribution:


First, I wish to highlight my critical next sentence, which you cut—here in boldface:


Sidechains/drivechains/etc. which you mention are irrelevant to concepts such as the MR POWA proposal—or total POW change.  These are aptly described as “nuclear options” for the main chain, in case certain ill-intended large centralized miners become an existential threat to Bitcoin.  But nuclear war is not a desirable prospect; it always has collateral damage, and it could be MAD.  Consider that in recent months, certain evil miners have tried to seriously compromise Bitcoin—and they failed, because other miners kept their own ASICs mining Bitcoin, and the network is much more resilient than some people expected.


Imagine you could get ten million devices each doing a modest 800 GH/s out on store shelves at a moderate price—made plug-and-play, and advertised as the hot new thing.  Just make sure the thing runs quietly, and has sleek industrial design.  Congratulations, you just added 8 EH/s—somewhere around (waves hands) doubling the global hashrate, with half of the global hashrate now spread amongst computer enthusiasts, gadget fetishists, people who want a show-off conversation piece, finance people, maybe even gamers (many of whom have a gadget fetish, and want to show off to their friends).

I know that there have been previous attempts to create something along these lines.  What is needed is for a well-established, competently managed Bitcoin company with in-house brains and leadership who cares about Bitcoin to take a serious interest in making hardware happen for miner decentralization.  I know that the whole process from ASIC development to fabbing, to device design, to manufacturing, to (sometimes most difficult for engineers) distribution would be a challenging task.  It is not a project which some genius lone-gun could pull off by himself.

(In my dreams:  Where’s a Blockstream conspiracy when you need one?  If they could do a satellite feed, they’re adept at the sorts of contracts they would need to arrange.  They are already hated by Jihan & Co.  Go for it.)

As for this:


Behold the power of nodes:  Invalid blocks do not exist, insofar as the blockchain is concerned.  Malicious miners can try to make all the invalid blocks they want, whether via “hidden functions” or otherwise; they’d only be wasting their electricity.  Malicious hardware manufacturers who added such “hidden functions” would be criminally defrauding their customers, but could not thus damage the Bitcoin network.  This is a non-issue.

My apologies.  I usually publish software with a manpage, plus a usage info printout on entry of incorrect options; but in this case, I consider the options interface to be unstable.  It may change.  For now, here is an ad hoc rundown of (only) the most important options:


The two modes are exclusive of each other.  However, within each mode, different address types can be handled simultaneously.  If you want to search for both "3" addresses and bech32 addresses, each key tested will be tested against both patterns.

For bech32, case-insensitive search is always used (regardless of options) for reason that Bech32 addresses themselves are case-insensitive.

Patterns are POSIX Extended Regex (not PCRE or similar).  No attempt whatsoever will be made to prevent you from searching on an impossible pattern.  If you enter a pattern which cannot be matched by a valid address, then segvan will spin forever.

Upon SIGINT (Ctrl-C in the terminal), segvan will gracefully exit after it has finished the current iteration.  SIGINFO (on BSD) or SIGUSR1 (Linux) will print statistics to stderr.

Addresses and WIF-encoded private keys are output together on an output line, with an intervening tab.  This is intended to be friendly for piping through shell scripts.

By default (which may change), private keys use a WIF version which is specific to Electrum, and tells Electrum which address type to use.  This has been tested by me with Electrum 3.

There is currently no multithreading.  Vanity search is probabilistic, with no state or need for synchronization between search threads; therefore, you can get similar performance to what multithreading would provide by running one segvan process per CPU core.

More options exist, but I am reluctant to document them before they’re stable.  Also, there is a hidden option for generating old-style P2PKH “1” addresses.  I’m not sure whether I want to document that, because I desire to promote Segwit use.  At present, the only valid reason for generating new P2PKH addresses is if you need a Bitcoin key which can be used to sign arbitrary messages, such as forum “stake” messages.  (For that particular purpose, I suggest staking a PGP key instead.)

I hope this helps.  Please be advised that a major update is planned; it has been stalled the past week or so, due to some unfortunate and irrelevant distractions.  For now, the code in the master branch is non-feature-complete, but reliable for use; and the code in the keygrind branch is working, but not fully tested.

The tension mounts.  The mighty nullius is off his game!  Can he make a comeback?

Join Joe’s Signatureless Challenge, and see if you can beat me at competitive sport-posting.  I double dare you.

Already answered this.  We are going in circles.

---

@JayJuanGee, I wished to reply to something you said above—perhaps later.

In a nutshell:  Specifically in this thread, as to motives, I am genuinely puzzled as to whether Alia is scamming, blinded by a gambler’s obsession with discovering the magic trick to winning, or some mix of both.  This question of mens rea (“guilty mind”) is totally irrelevant to my treatment of a mathematically impossible script, which could cause others to lose money if Alia were to commit the actus reus (“guilty act”) of again trying to sell it or take “investors”.  But culpability is relevant to how I treat Alia herself.

(And just in case you were thinking something else re “empathy”:  I assure you that even if against the odds, it be true that Alia is a girl, I find “mathematical mumbo jumbo” and “stupid equations” sneering somewhat less attractive than an active outbreak of genital herpes.)

---

Oh, my Bitcoin.  I wrote the foregoing before the following post appeared, then was suddenly interrupted by a little IRL incident.  I will take this as empirical evidence of my psychic powers, or cosmic influence over random events, or something of that nature.  And now, I will use this power to win at provably fair gambling!

I already posted my deposit txid.  Note that there was no change:  I anonymized a single coin, then sent that coin (less tx fee) to whatever address Alia specified to me.  The exact deposit amount was 0.01101346 BTC.

---

Sticking to the facts here:

It is correct that I had no proof that gambling had occurred.  Alia never told me what site she was ostensibly gambling on, and I did not ask.  Not that it would have mattered:  I know little enough about gambling that prior to seeing discussion amidst this scandal, I did not know that gambling sites had any publicly viewable wager or P/L pages.

(Incidentally, the neutral trust feedback which I left for Alia for this transaction was stated quite precisely as to facts (although I do not still agree with the opinion thereby stated, and thus removed it).  I write trust feedback comments with an almost legalistic treatment of facts.  And I sent neutral feedback—not out of any distrust for Alia, but because I am extremely conservative about trust.  For a single apparently successful transaction risking 0.01 BTC with someone with whom I have been in communication for all of eight days, formally neutral feedback is prescribed by my written trust feedback policy.)

Besides public posts in the “naked gambling” thread, all my communications with Alia in the matter occurred via PM.  I requested PGP encryption, since I consider traceable blockchain information (addresses, txids, weird amounts) to be confidential (now blown—by me).  As to the pertinent part of those communications, I will quote in pertinent part my more recent post from which you excerpted two sentences, which you did not link:

---

I wish to address some other issues in this case; but the Alia affair has consumed the bulk of my time and energy for most of the past week, and I need to do other things now.  Perhaps later.

Thread split from the merit abuse thread in Meta, since TryNinja beat me to the punch with something I had been investigating.

This is a labyrinth of alts and account sales.  I may edit and/or add to this post as evidence accrues.  At this point, there is sufficient documentation to issue feedback to many of the below-listed accounts, with this post as the reference.

---

Alts, and/or sold accounts made by same individual, and/or otherwise closely connected accounts:

• #1800324 “CasinoExpert”, registered 2018-02-05 04:49:12 UTC; Jr. Member; password recently reset, according to trust summary.  Has received a total of 20 merit from “77kdub” and “lolgato1”, sent a total of 10 merit to “HumberWins”.  Red-tagged 2018-03-01 by The Pharmacist as an account seller.  Last active 2018-03-04 (currently active).  Uses e-mail address francis1997a@outlook.com (thanks TryNinja for catching this; archive):
  
  
  Quote from: CasinoExpert on February 27, 2018, 10:42:42 PM
  Quote from: javiking on February 27, 2018, 10:39:17 PM

  where to contact you? do u have skype? or selly accounts?
  

  
  Hello contact me francis1997a@outlook.com skype
  
  I have three account netflix HD Ultra 4 supports tv
  
• #1644102 “HumberWins”, registered 2018-01-10 00:34:10 UTC; Member; password and e-mail recently reset/changed, according to trust summary.  Has received a total of 10 merit from “CasinoExpert”, thus rising to Member rank.  A snapshot of this account’s merit summary is below.  Red-tagged 2018-01-31 by The Pharmacist as an account seller.  Uses e-mail address caevajus8181@gmail.com (archive) (Subject:  “Re: buy verified GDAX accounts”):
  
  
  Quote from: HumberWins on January 26, 2018, 05:07:12 PM
  Quote from: r1dex on January 26, 2018, 04:42:07 PM

  Hi, I need both Bittrex and Gdax
  

  
  Friend u can contact me caevajus8181@gmail.com
  
  Proof of bittrex verified http://prntscr.com/i5zxo4
  
  How much u want pay me?
  
• #1093331 “YoYoBot”.  Red-tagged as a scammer by Lauda 2018-01-03.  Uses e-mail address caevajus8181@gmail.com (archive) (Subject: “(PAID O_O) BITCOIN TRANSACTION ACCELERATOR GUARANTEED MAXIMUM 1 HOUR”):
  
  
  Quote from: YoYoBot on December 29, 2017, 11:57:57 PM
  (PAID O_O) BITCOIN TRANSACTION ACCELERATOR GUARANTEED MAXIMUM 1 HOUR
  
  I am a member of f2pool.com that I can currently accelerate and I also use  btc.com which are currently paid but as I am a member of these web pages, I can grant them discounts
  
  The price of the acceleration will depend on the amount of the transactions and also the commissions and will be guaranteed with a maximum term of 1 hour.
  
  Otherwise, if we do not comply with our guarantee, we will try again and have 1 opportunity, but there are few probabilities, but it will confirm within 1 hour
  
  If you find it interesting to write here or pm, or otherwise I can be at 24 hours in that email caevajus8181@gmail.com will answer me or my other partners will answer
  
  We are happy to serve you
  
  
• #524606 “ser1ck”; see this post by Timelord2067 for allegations of yet more alts I have not run down.  Apparent scammer.  Uses e-mail address francis1997a@outlook.com:
  
  Quote from: Timelord2067 on January 14, 2016, 11:12:58 PM
  
  Alt account of lokos1913a, polloptc et al.
  
  

  Quote from: ser1ck on January 14, 2016, 09:23:08 PM

  Hi i sell bitcoin and receive paypal skrill neteller
  
  Avaliable :0.43 BTC
  
  You send first o use escrow
  
  Send pm or skype francis1997a@outlook.com
  

---

Prima facie merit abusers, not currently suspected of being alts of the above (evidence welcome):

• On 2018-03-02, #729028 “lolgato1” (a “Sr. Member”) awarded 10 merits to a post saying only and exactly this (archive):
  
  
  Quote from: CasinoExpert on March 01, 2018, 09:03:21 PM
  Price $15
  
  
  This was for the OP in a thread titled, “Neteller account verified” in the “Digital Goods → Invites & Accounts” section.
• On 2018-03-03, #459892 “77kdub” (a “Hero Member”) awarded 10 merits to a post saying only and exactly this (archive):
  
  
  Quote from: CasinoExpert on February 08, 2018, 11:16:27 AM
  yo solo 1 vez al dia
  
  
  ...thus, completing the 20 merits which “CasinoExpert” needed to have 10 sMerit to give to “HumberWins”.

---

Need corroborating evidence connecting “CasinoExpert” to 1Q8PWr4LLNqQcqAwMYA8QwEyhpJm9Z7qRm:

#652487 “magemist” has been widely making the following (archived) accusation against “CasinoExpert” in many threads; however, “magemist” is not a trustworthy accuser.  It is not unlikely that this information be correct.  However, in my judgment, it needs corroboration:


The 1Q8PWr4LLNqQcqAwMYA8QwEyhpJm9Z7qRm address is used by at least the following accounts (list is a work in progress):

• #1106392 “HumbertDice”, registered 2017-08-13 15:08:25 UTC; Jr. Member; trust summary; red-tagged by Lauda 2018-01-19 for multiple abuses.  56 activity, 73 posts, 0 merit.  Last active 2017-09-25 19:31:37 UTC.  Evidence (archived):
  
  
  Quote from: HumbertDice on September 01, 2017, 06:57:35 AM
  Loan Amount : 0.005 btc
  Collateral : Bitcointalk account
  Loan reason     : Personal payment
  Your BTC Address  : 1Q8PWr4LLNqQcqAwMYA8QwEyhpJm9Z7qRm
  Date of repayment  : 3/08/2017
  amount to repay 0.0065btc
  
• #1342249 HumbertxD, registered 2017-11-23 15:17:28 UTC; Newbie; password recently reset, according to trust summary; red-tagged by Lauda 2017-12-07 for multiple abuses. 13 activity, 13 posts, 0 merit.  Last active 2018-02-18 01:24:05 UTC.  Evidence (archived) from OP of topic titled, “!!!!!!!!!!!!!Bitcoin transaction accelerator FREE !!!!!!!!!!!!!!!!!!”:
  
  
  Quote from: HumbertxD on December 07, 2017, 02:49:55 AM
  Hello friend, I can help you to accelerate your free transactions and it would be good if you helped me to donate since I need for my operation
  
  Just leave your txid and your transactions will be accelerated in minutes if I am available
  
  Wallet donation: 1Q8PWr4LLNqQcqAwMYA8QwEyhpJm9Z7qRm
  
  Thank you
  

---

Cut and paste of notes from the Meta thread:

https://bitcointalk.org/index.php?action=merit;u=1644102

Replaced with archival links; red stars added to mark out posts merited multiple times:

---

https://web.archive.org/web/20180304231119/https://bitcointalk.org/index.php?topic=2751296.msg31219406#msg31219406

---

https://web.archive.org/web/20180304224458/https://bitcointalk.org/index.php?topic=2816184.msg28984243#msg28984243


https://web.archive.org/web/20180304224426/https://bitcointalk.org/index.php?topic=2665015.msg27182671#msg27182671

(Good catch.  I had not caught that e-mail yet.)


https://web.archive.org/web/20180304224409/https://bitcointalk.org/index.php?topic=3047492.msg31366785#msg31366785

Moved to Reputation:
https://bitcointalk.org/index.php?topic=3066549.0

---

My original post here:

Excellent work, TryNinja.  I was already tracing that one; you beat me to the punch!  I will update this post with potentially useful info.  Thanks.


I saw those, and did not see evidence that they are alts; but those +10s were clearly made in bad faith.  They look to me more like different individuals improperly colluding in some fashion.

To clarify my intents with this thread:

American politics present not the same two contestants each time, but the same two variations of the same contestant.  By fixing candidates with insider party politics via the “primary” system, America has perfected the art of a falsely bifurcated one-party system with two faces.  Besides window-dressings to excite the proles, the only differences between the candidates are in what special-interests they pander to.  Appearances and breakable promises aside, they are never permitted to differ by even an iota on any question of long-term or large-scale importance.

But my criticism is not limited to America—though they’re by far the worst in the West for institutionally rigged electoral politics, and the best at hiding their corruption.

In principle, right answers are not determined by numeric majorities.  Were you poll Roger Ver, James Dimon, and Greg Maxwell on engineering, monetary, and economic questions, then the resulting answers would all be wrong.  Advancing this concept, let Minitru Media hype a new discovery that 2+2=5.  Then, take a poll on the value of twice two.  You will get votes for “4” from Winston Smith and a few others who are politically incorrect, and “5” from the overwhelming majority.  This is the underlying principle of democracy; and it’s not a bug:  It’s a feature.

Moreover, universal suffrage is ochlocracy by definition.  Yet a mob never rules itself; and no stable government has ever permitted idiots even the slightest chance of influencing important matters of policy.  Who rules mob rule?  And what are the implications of idiots being permitted a vote?

If my vote has value equal to the vote of a grinning idiot who casts ballots based on what’s shiniest on TV and Facebook, then the value of my vote equals zero.  However, it is valuable to the system.  No government in all of history has ever survived without at least the tacit consent of the majority—no king, no republic, no dictatorship.  “Voter turnout” numbers are part of a feedback loop of manufactured consent, which protects the system from either imploding under its own weight, or exploding in revolution.

By refusing to vote, I incrementally lower voter turnout numbers.  More importantly to me, I preserve my unimpeached moral right to condemn a system which I do not endorse, do not consent to, and indeed, do not support in any way (except insofar as may be forced from me at the point of a gun, e.g. taxes).  If I were to cast a vote, then I would be admitting that I think the system has at least some legitimacy.  But I do not so think—thus I do not so do.

Refuse the system.  Boycott the vote.

BitcoinTalk Username: nullius (#976210)
Starting Post Count (including this one): 775
Current Rank: Member
BTC Address: 38i2Ccc9miWr2ZyyactRJ8HcDLdYtnNkxd

Note:  The potential of a $5 bonus does not outbid my PGP keys, etc.  Those who do not have paid signature ads may be more likely to actually use their signatures; thus, I suggest some option for an ad which could fit into one line, e.g.:

---

Indeed; thanks for the tip.  But it took me awhile to figure out the required form.  I’ve never done one of those before; it’s so confusing!

Where’s the sarcasm shill with that fancy paid /s signature ad?  I fear that I myself may be incapable of explaining this to Mr. Quickseller.

But let me try:  My quote provided exactly the answer your accusations are worth.  It should also satisfy you, given how determined you evidently are to find Lauda guilty of something—no matter how nonsensical.  Well, I suppose that Lauda must be guilty of something—behold the confession!  Happy now?  Everybody wins.  Don’t thank me; I’m just happy to help.

Thanks for the suggestions, Ben.

Unfortunately, to the best of my knowledge, all of your suggestions would require action by theymos; there’s nothing there which I could do myself, as a workaround to obtain downloads right now.  If there’s a legitimate public means to find a direct IP address, I’d appreciate being corrected here.  But I rather suspect that theymos wishes to keep his real IP addresses unknown to DDoSers; and if I could find it, so could they.


Same here.  Specifically as to Cloudflare, in addition to how they sometimes cavity-search you with Javascript while still failing to keep the site reliably available, see e.g.:

https://trac.torproject.org/24351


Cloudflare intercepts all traffic (and modifies at least HTTP response headers), as a matter of course!

My biggest complaint is that Cloudflare is a MITM attack against TLS on a substantial portion of the whole Internet.  From the user end of things, I generally boycott Cloudflared sites insofar as practical.  But I support the Bitcoin Forum, out of my respect for how theymos was honest with people when he was effectually forced behind Cloudflare by Internet arsonists:


To get a gauge on what independent, no-MITM DDoS protection can require for a(n extremely) high-profile target, I found Protonmail’s experience interesting:

https://protonmail.com/blog/ddos-protection-guide/


(N.b. that I don’t trust in-browser Javascript crypto which is downloaded separately for each session, and thus cannot be in any way verified and kept at a “known good” version.  That would be most dangerous for targeted attacks.  Moreso for a service which offers no alternative, as would allow people to choose according to their own security needs.  I’m not endorsing Protonmail by linking to them for other reasons; do your own PGP on your own hardware!)

For an easier limited workaround on theymos’ end, ChipMixer had an excellent suggestion upthread:


Though I would be concerned about the affordability of an ongoing subscription, an official .onion proxy would solve many problems.  I may even offer to help with such a project, depending on what would be required of me.  See my reply to ChipMixer upthread.

---

And congratulations, Phash2k reinvented Steem.  This sort of nonsense reminds me of one of the earliest posts to which I awarded merit.  It spoke of how DHTs...


No, the problem will not be fixed by sprinkling some magical blockchain pixie dust on it.

I remember the first time I ever spoke to a Japanese person.  Our conversation turned to global politics and society; whereupon he said, “Why are so many Americans fat?  We don’t have such fat people in Japan.”  Seriously, USians, that is your international reputation.  Most funny furrin’ folks are simply too polite to tell you to your big-mouthed fat faces.

---

One piece of the puzzle:  Processed vegetable fats are far cheaper to produce in the first instance than animal fats.  Furthermore, they are more shelf-stable—thus, friendlier to long BigCorp supply chains.

Alleged health “experts” who tell you that canola (rapeseed) or soy oils are “healthier” than butter or lard mean only that they are healthier for distribution logistics involving large warehouses and many middlemen.

Hydrogenated vegetable oils will blow you up whale-sized, and give you heart disease.  Implications are left as an exercise to the reader.

---

Cultural imperialist weaponry.  If America doesn’t bomb your country to rubble, they will invade it with McDonald’s and other anti-culture.

They want to take over the world, and are too fat and lazy to maintain their stockpile of atomic weapons.



Well, it would be impractical for everybody to cook individual meals every time they needed to eat.  This raises the atomization of society—worst in America, and accelerating with each generation.  Moreover, it raises the division of labour.  The latter inevitably leads to discussion of sex roles.

To date, I have met exactly one American woman under the age of 40 who excelled in the kitchen, and genuinely enjoyed cooking for others.  And she was not fat!  Actually, she was a bit too skinny.

(N.b., the kitchen was not the only place where she excelled.)

---

OK

---

Translation:  Grinning idiots.

---

Forsooth, the American cow is oblivious amidst its herd.  So too in every other way.

---

Killjoy.  (At least as to the one on the left...)


Actually, it’s not so simple.  Different foods are metabolized differently.

I eat a diet heavy in meat and dairy fats, very low in sugar, moderately high in complex carbohydrates.  On that, I am anything but fat.  But if I were to eat a McBurger-and-soda diet measured at a nominally equal number of Calories, then I have no doubt that I would blow up like an American.

(Technical aside:  Lowercase-c “calories” is the base unit; uppercase-C is actually kcal.  Use the uppercase C in these conversations.)

Quoting from another thread:


Through Tor—and this is not the first time I’ve had this problem:


I have had the same problem with PGP keys and the trust database.  Even right-clicking to save images from within a browsing session oft (inconsistently) results in a Cloudflare 403 HTML file, apparently due to some weird quirks in how Tor Browser interacts with Cloudflare’s control-freakiness.

I request a workaround or solution for this general problem.  (Note: “VPN” is a non-answer.)

P.S., on a personal note:

One reason why I’m fascinated with recursive compressor cases is that I myself once invented a lossless recursive compressor which would work on any data, even random data.

I was dumbfounded at my own brilliance!  I knew that what I had just done was mathematically impossible.

Since I knew that it was mathematically impossible, I painstakingly double-checked myself before telling anyone else.  Of course, I found that I had made a severe error in logic.  My invention would not work, could not be made to work, would never work.  It was actually quite stupid, albeit in a seductive “gotcha” way similar to those comedic paradoxical “proofs” that 1=2.

Oops.  So much for my dreams of backing up the entire Internet on a 5.25" floppy.  There goes my Fields Medal.  I chucked it into /dev/null, and life went on.  (I also resolved to triple-check any other brilliant ideas I conceived late at night, while more than slightly drunk.)

For the record, I have also invented a perpetual motion machine.  But for that, I have the excuse that it happened when I was about four years old.

Was that a question about the mystical judgment of the cosmos, as expressed through random events?  I am a certified cult leader; thus, I am qualified to speak on such matters.


Alia, you have told me privately of some studies in psychology.  Therefrom, you should realize that you are not immune to the vagaries of human nature; and if you’re smart enough to master the difficult task of truly objective introspection, then you will realize that this is a textbook example of a gambler obsessed with discovering a secret way to win.

You’re far from the first or the last; and the result is always the same:


Whereupon I think this is a good step in the right direction:


Whereas this is not—and it is inevitable over the course of time:


OUCH!  No, I’m not enjoying that.  Get out now!

I think you have sufficient intelligence to understand what is happening here, if only you will be sufficiently objective in your examination of your own actions.  I do realize that true objectivity toward oneself, objectivity from within, is a rare ability and impossible for most people (as well as being almost a tautological contradiction).  But you have been repeatedly shown, by people who do not hate you personally, that you are indeed “deluded” (at least in the colloquial sense).  Now, those charts really drive home the point.


Props to you for a tentative indication that you might actually admit you’re wrong here.  Admit it first to yourself—that’s oftentimes the hardest part.  Yes, I’m also sure you “will some day”.  But it would be better now—rather than someday after you’ve irreparably ruined yourself financially and in other ways, such as with reputational (and worse) consequences somewhere other than an Internet forum.  You could totally wreck yourself with this stuff, IRL, all around.  And you know it.

Edit:  Fix typo (s/to/by/); post archived:
https://web.archive.org/web/20180304043503/https://bitcointalk.org/index.php?topic=3044369.msg31526121#msg31526121

---

Done.  (Before I started writing this post.)  And if my friend takes me up on my offer, then this is money out of my pocket.

I’m not you, Alia.

txid:
b1f07dc051f2f34c2c2c0bb458e5a865d1b6e7c3c888fda8a0740200682c2d76

LockTime: Block 511907

Confirmed: Block 511908

I far overpaid the fee in hope of a fast confirmation in hopes that without undue delay, I could post this as confirmed.

The txids of our transactions were disclosed by me before, so people can trace this throught the blockchain:


I took about a zillion archives from that thread, so that may already be up on archive.org somewhere; and I will promptly archive this.  Also, I request that somebody please quote me here.

The only reason why I let you pick the charity was that I had already intended to donate to TPB after LoyceV pointed out their “BCH: Bcash. LOL” stance.  I only didn’t do it before, because I really don’t have the money to spare.

---

Empathy?  I’m on record as being so strongly in principle against empathy [see midway through post] that I’ve been accused of psychopathy.  I replied by dropping Nietzsche on all the bleeding hearts.  You may rest assured that I am not motivated by “empathy” for Alia.

(I also have another polemic in my drafts box against empathy.  Too much forum drama.  Too much distraction.)

---

Now, again:  How about that audit?

You were so close to the truth:


(And the two cases of sockpuppet can be clearly differentiated based on intelligence.)

Keeping focus on the top-line and bottom-line issue:  No, an audit does not mean “giving the script for free”.

Multi-billion-dollar software companies entrust their proprietary source code to independent auditors.  Do you really think your precious script is more valuable than that?

Now, I repeat:  Alia, you yourself made this an issue:


If your ultimate answer is that your critics lack sufficient knowledge to judge your script because they haven’t seen it, then it is incumbent on you to grant such knowledge.

You can’t have your cake and eat it, too, by claiming that secret knowledge overrides the known laws of mathematics, refusing to let anybody else examine it, and then claiming to “prove” that your script works based on statistically, scientifically invalid experimentation performed in an unverifiable manner.

Really, this secret knowledge is beginning to take on a quasi-mystical edge.

---

The precise amount of total Bitcoin which will ever exist is 20,999,999.9769 BTC, the final satoshi of which will be mined with block 6,929,999.  Thus, that must be some magical script you’ve got if you will win 21,000,000 BTC within the next 24 hours, including Satoshi’s coins.  It involves time travel, and also cryptographic breakage of all private keys required to release all UTXOs, including those controlled by burn addresses.  Magic!

That said, I agree with suchmoon.  And I am leaning back toward the theory that you sincerely believe in, and are obsessed with your script.  Take a break.  Please.

---

You will not be able to prove everyone else wrong, because you are wrong and they are right.  You would do much better for your reputation if you were to admit you’re wrong, and learn something.  I admit when I’m wrong—which is exceedingly rare, but it happens.


Wait.  I thought you weren’t selling it now—right?

Please do realize, nobody here is personally concerned with proving you wrong.  The motive of people arguing with you in this thread is to make sure that nobody else loses money by buying or investing in a mathematical impossibility.  If you were claiming something wacky which could not foreseeably cost others money (as Jude Austin with his alleged address collision), then I would have shrugged and gone away by about midway through page 2 of this thread.  For my part, I don’t have time for more than casual debunking of such things.

---

I’ve already offered to give the equivalent amount (in local fiat⁰) to a dear friend of mine IRL who was abandoned by her husband, and has struggled with multiple jobs to feed her young children while trying to somehow also take care of them.  Much though I’ve been able to console her loneliness some nights, I am in no financial position to really help her the way she really needs it—even if she’d let me.  I’ve been waiting to hear back.  She’s busy; and from prior experience trying to slip her enough cash for some groceries, I know that she is prickly about being treated as if a charity case.  If she refuses it, then I will probably donate it to the GPG project or similar.  I don’t want to profit from this affair.

---

0. Nobody IRL knows that I do Bitcoin.

---

Also, I did not want to discuss the details of our transaction; but since you raise it:

You told me that you initially lost all my money.  You said you covered it with your own funds, then recovered, won, and split the profit with me.  Beforehand, when you told me that you would not set a stop-loss as I requested, you said (of your own initiative) that you would instead insure my funds; but you did not say that insurance included continued gambling with a split of profits.

FWIW / at face value:

@gmaxwell, thanks for the explanation of the holdup issue and how to work around it with secret sharing.  I also appreciate the idea of hashing private keys, thus exploiting participants’ self-interested need to keep them absolutely secret early in the protocol.

In the interim between my above posts (2018-02-08), I was pondering another idea.  I frankly don’t know whether it’s a sound idea, or half-baked; so I kept it up my sleeve whilst mulling whether it’s even worth a mention.  Due to a sudden interest I have in provably fair gambling, I will now give it a shot.  Who knows—perhaps I may want to found my own gambling site, and make of myself Bitcoin thousandaire.


I’m usually a critic of Satoshi’s use of double-hashes.  But here, I think it can really come in handy:  Use the inner hash as the source of a public pseudorandom number which is infeasible to influence or predict in advance.

Zeroth iteration of the idea:  Breakage requires a partial preimage attack on the input to another partial preimage attack.  My gut tells me that this is one of those ideas which is either ingenious, or trivially stupid.

(Aside, is double-SHA256 fully baked into silicon in available current-generation mining hardware?  Or can it be programmed to return both the inner and outer hashes?  If the former, then add the cost of making your own ASICs in calculating the real-world cost of attack.)

If that does not suffice, next iteration:  Hash (or HMAC) the inner hash together with a different predefined nonce such as a counter.  E.g., for the hash at block height h, use:  HMAC_SHA256("I always win!" || (uint32_t)h, block_inner_hash).

Or hash the inner hash together with pseudorandom material from a different source, such as a popular altcoin blockchain with a different PoW.  E.g., hash this intermediate state from a Bitcoin double-hash together with some intermediate state from an Equihash.

Aside:  Of course, the inner hash can be kept secret by the generating miner whilst its commitment (the outer hash) is baked ever-deeper into the blockchain.  This can probably be useful for some other purpose.

I always approach such ideas by placing myself in the role of an attacker.  For simple use of the block hash as suggested by others, I understand that if the attacker wanted to influence m bits of the hash in addition to the n bits of needed zeroes, the cost of the attack is 2^m+n hashes.  I posit that to influence the inner and outer hashes simultaneously (“zeroth iteration”), the cost would again be 2^m * 2ⁿ = 2^m+n hashes.  That is why I am trying to tie the inner hash to something else, and/or use the inner hash as an input for another hash which also depends on other independent inputs.  I seek some way to substantially raise the cost above 2^m+n hashes.  There may be some means to exploit the irreversibility of the outer hash, which I have not yet thought of.

The goal seems obvious, but I must state it clearly for the sake of clear argument:  How could it be made infeasible for the miner to influence the result whilst also managing to create any Bitcoin blocks at all?  (Much less without impractically high risk of orphans?)  I know I did plenty of handwaving above.  Ultimately, I’d seek to pin it down to something with a rigorously characterized 128-bit security level (or higher).

N.b., I’d be as fascinated to see this idea attacked and shot down as I would be to find out that it’s a brilliant insight.

Thanks.

---

(Notice:  I independently conceived this idea on 2018-02-08; and I am first publicly disclosing it today, as of the timestamp on this post.  I will promptly archive-snapshot this post, so as to provide at least a modicum of prior art evidence in case it’s a good idea and some idiot runs to file for a patent on it.)