I noticed that the real DannyHamilton recently red-tagged a bunch of merit-beggars.  Such actions usually do raise the ire of spammers, scammers, and net.abusers of all kinds.

@hilarious, thanks for the heads-up on this!

I don’t see the point of this question.

FYI, Core developers are sensitive and cautious as to patent issues.  I know of code within Core which is marked experimental and not compiled by default, due to using methods which may be possibly arguably allegeably patented in some jurisdictions.  Those who are not in such jurisdictions or are doing R&D may enable this code (performance increase stuff).  Moreover, I know of instances in which Core has decided against adding features which may incur patent problems in some places.

The implication about anonymous or pseudonymous developers is improper.  Speaking only for myself (and n.b. that I have not yet contributed anything to Core other than a small BIP patch):  On a personal level, patents (and also copyrights) are nonexistent to me.  This is based on my principles and my opinions, as applied to me only.  Whereas I would never knowingly place people who rely on my code in the position of potentially getting blindsided with liabilities unforeseen by them.  My responsibility is to them.  That is also a matter of principle.  It doesn’t matter if I’m “anonymous”:  I know that my users aren’t, and they are trusting me.

“Anonymous” developers are perhaps in some ways the most sensitive to such issues.  “Anonymity” is often a sign that somebody realizes the brokenness of society, law, and just about everything else so fully as to take on the substantial burden of compartmenting one’s life.  It’s not easy.

Moreover:  Every line of code in Core is reviewed by very smart people who are not anonymous at all.  Good luck slipping something in on their watch.

(Boldface is here added to question-begging.  Smart, well-informed people don’t have “so much fear” about quantum computers; thus, there is no “why”.  I have never beaten my wife; therefore, I have never stopped beating my wife.)


Yes, so very many threads.  Behold the power of Quantum FUD®, superposition of which is entangled across the forum!


Xynerise, you seem generally well-informed; but here, I think you are sorely mistaken in picking up an unfortunately popular meme.  Quoting one of my better Jr. Member posts from way back when, in the context of a thread about Bitcoin and quantum computers (bracketed clarification added):


Also apropos, in a distinct context (whereas FUD can only be distinct without difference):


Evidently, I am not the only one to be of the opinion that “hash public keys for quantum resistance” is a regrettable meme.  Quoting from discussion of Taproot on bitcoin-dev, 2018-01-23:

---

As a general point about the strength of Bitcoin’s cryptographic security, from an adapted self-quote, I hereby formally posit the Nullian Flying Fire Hydrant Rule:


Please.  You don’t worry about being killed by a flying fire hydrant.  Whereas to be killed by a flying fire hydrant is not only possible, but astronomically more probable than any cryptographic break of Bitcoin security.

At some point, after the size of 2¹²⁸ is explained for the 2¹²⁷th time, anti-Botcoin FUDsters realize that FUDding Bitcoin security in the present just makes them look absurd.  So, they upgrade to Quantum FUD® technology:  Point to an uncertain future, oversimplify complex technological questions much debated by experts, and then beg the question of “why there is so much fear about the development of quantum computers”.

Practical, usable quantum computers do not exist.  Their present is fantasy, and their future is unknown.  Some experts are of the opinion that a practical quantum computer capable of useful computation may be impossible—scientifically, physically, mathematically impossible.

E.g., quoting from one of my Newbie-rank posts, q.v.; see also the ensuing discussion between myself and haltingprobability:


On that note, in closing, I will repeat in this Quantum FUD® context what I said more generally about Bitcoin’s public-key security:

---

I think Xynerise concludes correctly:

At 11:05:49 today, 23 February 2018, I permanently surpassed #1076869 “pitipawn” on the list of Top-merited users, all-time.  pitiprawn had been #4.  He was ahead of me for all of about twelve days.  And I did it the honest way.

Now, the “pitiprawn” account is forever stuck at 478 merit.  That’s not even the threshold for Hero Membership.  In time, others will also surpass him.  He will drift down the all-time top-merited list, until he drops off the bottom.  Eventually, every new account who reaches Hero Member will exceed him; at that, going from zero to Hero is now every new user’s chance to beat pitiprawn.

In time, pitiprawn will sink down to the level of a footnote in the annals of forum abuse handling.  Lauda will be remembered not for stopping pitiprawn, but for squashing him together with so very many worms just like him; pitiprawn himself is no more significant in that story than dirt swept into a dustpan.  pitiprawn himself shall be all but forgotten, fallen to the implicit damnatio memoriae of the utterly worthless.

Infamous last words (translated by Betfair):


Crime doesn’t pay.

---

Criminal scum.  There is a reason why I said, “crime doesn’t pay.”  Someone who dovetailed the “pump” part of pump-and-dump with a merit abuse racket is of criminal character.  I would never be surprised to find such a character doing de jure crimes, such as escalating to death threats when he doesn’t get his way.  People do not change, I know.

It is a principle well-known to both expert liars and expert lie-detectors that a big bald-faced lie, said with a straight face, will always leave behind this poisonous residue.

Most people are a tiny bit corrupt, in some small way; they themselves can comprehend, sometimes even identify with the telling of small lies.  Thus, they know that small lies happen.  Whereas no ordinary person can really believe deep in his heart that somebody could tell a huge lie.  The mind may know of such things, in the manner of book-learning; but emotions and conscience refuse to grasp the existence of such a monstrosity.

The understanding of big lies is a thing unto the opposing realms of philosophers, hardened criminals, and forensic psychologists.

Protip:  If you want to really smear someone, tell a lie so bold that nobody can believe you just made it up.  Repeat it over and again.  Then repeat the whole process tomorrow, with a new lie.  Quickseller explained in three sentences.

---

Bingo.

---

No, not under the inquisitorial system.  The accusatorial system has an accuser.  The inquisitorial system has a _______.


In the quote of Quickseller to which you replied, he wasn’t even telling people to find proof.  He was telling people to start with what he alleges to be a randomized “~1 in 9 chance” of an account upon whom to throw suspicion.  This is followed by, “...and from there it should not be difficult to find the rest.”  Otherwise stated:  “it should not be difficult to find what you are looking for.”  Neat psych-out of idiots who will happily stare at the clouds until they see faces in them.

---

Now that you have confessed to putting the alt voices in Quickseller’s head, it is time for you to BURN.

---

I emphasize:  So, a known account dealer with expertise in alt accounts has conveniently alleged that some mysterious alt accounts added Lauda to their trust lists.  ’Tis a mystery how that happened, if it happened at all.

What a fair and even-handed beginning.  Shows good faith (and good orthography).  And surely, the judiciousness of this post will only improve.


My trust list currently contains (exactly) the following two entries.  Do you wish to suggest that gmaxwell could potentially hold some responsibility for my putting him there?  (Other than by demonstrating great evidence of trustworthiness, that is to say.)



Considering this in the hypothetical, that would be a most excellent means for somebody with a long-term vendetta to try to set Lauda up in public as having done something fishy.

I say “considering this in the hypothetical”, because you don’t seem to have bothered with identifying these alleged accounts—much less with providing evidence that they be alts.


Again, taking this hypothetically:  Perhaps nobody brought those accounts plus appropriate evidence to Lauda’s attention.

I see you have done nothing to correct this deficiency.


So?

---

It’s what he does.  It’s all he does.

---

A most appropriate response to the allegation:  “Somewhere in this trust dump are some accounts I claim are alts, without saying which or why.  Obviously, you are responsible for this.  Do you deny it?”

You’re racist against altcoins.


You’re racist against words you do not understand.


You’re racist against idiots.


You’re racist against people who wish that the forum be run for their own personal benefit, everyone else be damned.

3 weeks, 3 days, 4 hours, 4 minutes, 25 seconds.


Congratulations, Alia.  An outlier you are, indeed.

(Good girl.)

(Actually, nothing changed.  One post got through without problems, for some reason.)  Edit:  In the time it took to write this, something seems to have changed.  I’m not yet sure; but this is my first post in some hours which was not quasi-eaten, etc.

If theymos twiddled some knobs—thank you.  If not—then for future reference, I want it somehow known that occasionally, if Cloudflare is busy valiantly stopping a DDoS attack, I might become unavailable on the forum due to denial of service.

---

Cloudflare is an anti-user D.o.S., Denial of Service!  It is currently making the forum unusable through Tor.  “Unusuable” meaning, to a reasonable person; I am sometimes unreasonably stubborn.

It repeatedly hits my browser with Javascript checks, re-checks, Rapiscans porno-scans, X-rays, and cavity searches which spin my CPU, eat up my RAM, and do who-knows-what else.  It does this so frequently that because I spend significant time on posts, I am regularly directed to a blank form which even forgets which thread I’m trying to reply in.  My posts would be eaten, and lost forever if I didn’t have a copy set aside outside the browser.

If I weren’t so fond of this forum and already quite invested in it, I would have given up three hours ago.

Please do something about this!  I suggest starting by immersing DDoS attackers in boiling oil.  I am fantasizing about that right now.  But really, if you’re going to get DDoSed, DoSing your users is not the solution.

---

How do you know that?  The type of attacks which break out of VMs are not typically used by the authors of popular widespread malware.


You may be assured, I would not allege “open source” to be a security panacea!  The magical security of open source is a pernicious and contemptible myth.  Availability of source code is only a prerequisite which facilitates auditing.  When actual people (as opposed to hypothetical eyeballs) are auditing the source, the next step is reproducible builds, as Core does.

But the availability of source code provides the potential.  Intentionally opaque blobs do not.

---

Xen: Bare-metal hypervisor, but more or less married to Linux for dom0 (last I checked)

KVM: Linux thing

Bhyve: FreeBSD thing

VirtualBox: Mostly open-source thing.

qemu: Not a VMM per se; but I feel it deserves mention here.

Am I forgetting any popular ones?


Zeroth of all, do you fake all these things separately each time you hit the “New Identity” button?  And how many combinations thereof could you reasonably make?  The most urgent concern is not preventing identification of your computer:  It is preventing linkability of your browsing sessions.

And first of all, some things can reveal quite hardware-specific information.  Reading from <canvas>.  webgl.  Many others, because browser makers are idiots who add stupid new features willy-nilly (or may want things this way).  Some of these are disabled or limited in Tor Browser.  But you said VPN—actually, if you use an ordinary browser with a VPN, you are pretty much toast anyway for fingerprinting.

How about CPU timing?  The Javascript language provides sufficient resolution to make this a fingerprinting issue.  (Tor Browser limits the resolution, but not enough IMO.)

How about the fact that—well, correct me if I’m wrong, but I doubt that VMware lets you conceal the fact that you are running in VMware.  It probably leaks the version, too!  ESXi, did you say?  Is my brain half-melted by the heat of Cloudflare spinning my CPU, or is ESXi some kind of server stuff which is very rare for end-users?  Ooh, 23.8 bits of suchmoon identification!

(In a related matter:  When I started searching for privacy leaks, I found some very unpleasant surprises in my kernel.  Don’t get me started.  It is astonishing how much uniquely identifying hardware info can be easily scooped up by heavily sandboxed unprivileged processes.  How do you do your Tor daemon?)

Note:  I am not even up right now on all the latest research.  I have seen some tantalizing discussions of fingerprint attacks which will turn your whole browser into a supercookie to link your sessions.

From there, the concept is simple:  suchmoon on bitcointalk.org = xyz on abc = [your so-called “real name”] who lives at [address], according to that non-Bitcoin online shopping you just did.  Oopsie!


PMs here are a disaster, in my opinion.

Feature suggestion for a “crypto” forum:  An opt-in remailer, which would let me send mail to suchmoon@users.bitcointalk.org—or maybe 234771@, since usernames here can contain charcters which are problematic.  (Problematic, despite being allowed by the original RFC 822.)  Spam could be curtailed by requiring SMTP envelope FROM the registered e-mail address, and obeying SPF records, etc.

That way, I could use the very convenient PGP functionality of my mail client.  Plus its drafts box.

I should start a new Meta topic.  Watch for it.

Link, please?

By the way:


Even without context, that simply sounds like part of how cryptographers reduce the security of their work to a few security assumptions, and then of course should explain what happens if those assumptions were to fail.

The part about the commitment scheme and proof system sounds like this quote pertains to SNARKs.

FYI, if the discrete logarithm assumption were to fail, a great number of things would be shattered—from your web browser’s DH-based key agreements, to Bitcoin’s public-key security.  Also, almost no cryptosystems in widespread use today are PQ safe; however, quantum computers do not exist—not yet, and maybe never.

Also, how able.  Innately.  People are pressured to shy away from that fact, nowadays.  I gave the analogy upthread:  No matter how dedicated and passionate I may be, I will never in this life become an Olympic gymnast.  So as for most people and programming, electrical engineering, theoretical physics...  No, not everybody can be a rocket scientist.


A bit of my own:

As I was forced to admit when gmaxwell showed up in a thread, I have inadequate formal foundations.  Quoting my reply to gmaxwell:


Many years ago, I started out as a self-described “power user”; though in retrospect, that seems a joke.  I was the guy who could always make the computer work; non-technical people thought I had magic powers.  Also, I always had a strong interest in cryptography.  Read books about it.  Used PGP, etc.  Did cypherpunk stuff.  I had some odd personality quirks; if I wanted to understand how e-mail worked, I would read some RFCs even though I wasn’t implementing anything, and didn’t know how to.

I had always wanted to learn programming; but tutorials didn’t get me beyond what I would call an “advanced beginner” level.  (That is to say:  I could tinker with existing code, and write small programs which did not segfault.  I always did like pointers.)  As a related issue, I wanted to escape Gatesland to a realm with no Windows.  My attempts at that also had the usual results.

Finally, I did the equivalent of natural-language immersion:  Built a new machine, installed FreeBSD on it, and left myself nowhere else to go.  Thence ensued an intense time of pain and joy.  manpages and /usr/src became my best friends.  Also, some very old gems in /usr/share/doc; see the usd, psd, and papers subdirectories.

For assistance in this strange new land, I also had a copy of the C standard, some good old-fashioned FAQs, etc.  One would not learn a new tongue without a dictionary, either.  But mostly, I just read—and read—and read—then experimented, then read some more.  For about a year, one of my biggest passions was simply reading C code until I understood it.

I’ve intended to write up a story of my “UNIX and C by immersion” experience, and post it in Off-Topic.  The foregoing is the abbreviated version.  Perhaps it may suffice...

I’ve also tried to brush up on maths and CS.  Either I need formal instruction for formal rigour, or I’m too lazy, or I lack the innate aptitude.  I probably do know more about computer science concepts than many working “programmers” (a/k/a code monkeys).  This scares me, because I only really know enough to semi-competently choose between algorithms and between implementations of algorithms.

Apropos the topic:  Learning to code is not where to start.  For example:  Before I ever wrote printf("Hello, world!\n");, I knew that I wanted to manage my own memory; and I had an adequate understanding of why this was an important issue.  Learning to code is certainly not the place to start exercising a “passion for cryptos”, per OP.  If passionate about “cryptos”, first learn the basics of applied cryptography.  Most of all, learn generally about computing!  And how do I know OP does not already know these things?  Well, as I said:  By the time you reach the point of picking a language, you should know enough to pick one yourself.

---

(Sorry this is rough.  I am outside my usual forum access environment.)

Edit to add PSA from someone who claims to know a few things about security:  Disable Javascript!

I have been disabling Javascript since the 90s.  The habit has almost certainly saved me from being elitely h4x0r3d.  The Web is almost useless, nowadays.

---

Oh, I do this generally; and I did that when I first started posting here!  But I made myself a dedicated Bitcoin Forum “thing” on the day that I was forced to try seventeen (17) different Tor circuits before Google deigned to grant me a login CAPTCHA.  See “Google is locking Tor users out of Bitcointalk.org!”.  One of my Newbie rank posts!

There and somewhere in the main reCAPTCHA thread, I also think aloud about how Google forcing users to rapidly cycle through circuits may help network adversaries deanonymize users.

Now, Cloudflare + Google are hitting Tor users from both sides:  Cloudflare sometimes requires Javascript to even read the site; and Google effectually forces Tor users to try to maintain a long-term login cookie.  Ephemeral VM browser?  Nope!  Disable Javascript?  Nope!

And I disagree with you that a VM is good enough.  I dislike and try to avoid Javascript, even in a VM.  Do you follow the security bulletins for, say, Xen?  Ouch.  (I desire to not specify what I use, for obvious reasons.)  Moreover, a VM does nothing to protect you against fingerprinting attacks which require Javascript.  I would be amazed if Cloudflare was not somehow doing that with its forced-JS.  Of course, the objective there is not to remotely compromise your system, but rather, to link together different secret identities.

Browsers are some of the worst software on Earth; and nowadays we are all forced to either use them, or unplug from—everything.  Then, we are forced to let them run network-loaded executable code.  Not good.

(Aside, an ephemeral VM also makes it difficult to use a text editor and a local drafts directory to produce high-quality posts of the long type.  I would still do it for security; but it does make the writer miserable.)

---

Is it fully open-source?  I don’t know for certain, nowadays; I’m asking.  The last time I used VMware, it was a pile of inscrutable BLOBs; but that was a very long time ago.

theymos posted a notice about the move in on 2017-11-29:

“Moving to Cloudflare”

[Edit:  @mods, apologies for making this a new thread.  I tried to post it in the Cloudflare thread.  When Cloudflare ate my post and threw me back to a blank form as described below, I did not realize SMF’s reply info somehow got lost—thus resulting in a new thread.  Meta won’t let me delete my own topic; I just tried.]


@theymos, you’ve always been supportive of privacy and security.  Please be aware that Cloudflare is blocking those who use Tor for the former, and disable Javascript for the latter:


This is not the first time this has happened.  Last time, you posted a note in some Meta thread indicating that there was a DDoS attack.  Usually, the forced-Javascript screen has gone away if I waited an unpredictable time; however, insofar as I can gather, waiting will only work from fresh browsers without “cf_*” cookies.

I observed 5xx Cloudflare errors, earlier.  It’s not even keeping the site up!  Unreliable, incompetent DDoS protection which decrypts all user traffic and forces users to let Cloudflare run unknown, unexplained code on their machines—this is not a very good deal.

---

Sorry this post is convoluted.  Cloudflare is now requiring users to keep Javascript enabled; I have not seen this before on this forum!  Cloudflare almost ate my post with its “examination” page; when I first tried to post, I was redirected to a blank forum.  It is fortunate that I use an external text editor...

---

I used some weird ephemeral setup to get in here and post this.  Since I am not inclined to run Cloudflare cavity-search code in the dedicated browser instance I use for the Bitcoin Forum, this is problematic.

Not-yet-working suggested workaround for JS-disabling Tor users:  Try moving cookies between a “weird ephemeral setup” and your usual browser.  I got a new “cf_clearance” cookie (with expiry time just over a day), but I must have missed something else.  (...such as the fact that it’s now continuously requiring Javascript.)

Hey, Alia, I am ready to send up to somewhere >0.01 BTC for you to gamble as I promised upthread.  A thoroughly anonymized coin awaits your lucky touch.  Camming is not requested—unless you wish to use an encrypted video chat program I want to show you; however, live video will be laggy/glitchy through Tor on my end.  I do ask for a conservative stop-loss.  If you lose, then you can make it up to me later when I drill you (so to speak) on proper PGP usage.  Well—that makes no difference, does it?  Play to win.

---

Some people are just jerks.  Jealous jerks with no money for fun.  Pathetic.

Excepting scams and such, I myself simply stay out of threads for services I don’t want.  Indeed, this hereby is the first time I’ve ever even read anything from the Gambling forum; for I myself don’t enjoy games of chance, although I oft wager on other things.  Mostly, I place bets on people.  Whereas if you wish to offer good odds, I will book bets against the kinds of people who take pleasure in dumping on the thread of a sexy girl and her titillating idea.

---

I suppose you mean the book whereby prophets speak as such:



Well, that explains at least half the jerks here.  (Also—some of them are freaked out by vaginas, a phenomenon which is not mutually exclusive.)

P.S.—good work, Alia.

Having already characterized this case upthread as the the single worst case of merit abuse anywhere on the forum, I want to emphasize this:


Surely, I am far from alone in having noticed that something was amiss.  I myself noticed pitiprawn sometime before 11 February; but due to the language barrier, I was then only able to adduce that pitiprawn was “running Turkish threads soliciting merit in some fashion”:


pitiprawn’s outrageous, organized, wanton and willful abuse continued for weeks.  When a Turkish user stepped forward with translation, the abuse was stopped cold.

This is an instructive example for those who want to clean up some of the abuse which is effectually protected by language barriers.  Most of all, it is an admirable precedent for users who frequent the “local” forums.  If you see something awful, don’t just ignore it!

---

(Note that that last line was deleted by talatk while I was writing this post; I noticed this just before posting.  I have added the red emphasis.)

BREAKING NEWS:  #476302 “talatk” has become king of the world and emperor of the universe.  He now issues peremptory edicts defining Lauda’s rights, and calling Lauda to answer.  Also, telling me what to do.

I’ll grab popcorn.

NOTICE:  talatk, please be advised that based on your behaviour here, any PMs, e-mails, or other communications you send to me may be published at my sole discretion.  This is a special new policy.

---

Edit, P.S.—

Betfair, alas:  Sarcasm and satire do not work with fools on the Internet.

I will now start spamming, scamming, punching old people on the street at random, and selling merit in exchange for BCH.  Just for fun!  Hahah.  So very funny, I am laughing myself to death.

So...  Why do people not call him out on that?  Oh, right.  I know.  But really—people are scared of that guy?  Seriously?


As you know, I am exceedingly careful with evidence as to serious accusations.  I have much reading to do before I can state my own conclusions about—well, some of these things.  The “charity” quote, I can call right now:  Outrageous.  Scam.  What next, will he find Xenu or something?

Edit:  ...or does he expressly advertise somewhere that the purpose of NastyFans is not-for-profit?  Reputable nonprofit clubs do exist.  They do not advertise themselves as investments or profit-making devices.  —  This is a question.  I am asking.

Wait a minute:  This big man is living off the charity of his fans?


My apologies; I do not wish to make light of a grave matter.  I am simply aghast at a statement which is a sick joke on its face.

Being new here, I am not yet familiar with the facts in re NastyFans.  At this point in time, my only certain knowledge of the matter is that only an imbecile with ill taste would ever invest even a satoshi in anything named “NastyFans”.  Thanks for the info.  Time to start examining this matter seriously.