ChartBuddy
Legendary
Offline
Activity: 2338
Merit: 1802
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
April 22, 2022, 12:03:32 AM |
|
|
|
|
|
JayJuanGee
Legendary
Offline
Activity: 3878
Merit: 11087
Self-Custody is a right. Say no to"Non-custodial"
|
|
April 22, 2022, 12:24:29 AM Last edit: April 22, 2022, 01:35:22 AM by JayJuanGee Merited by OutOfMemory (1) |
|
Journalist Juanita is a piece of toxic ass floppy-dangling piece of cunt. sHe is never happy with anyone. sHe is so much against and speaks often against so many people. [...] I was hoping that we (not royal in this instance) would not end like this. [...] Who told you I was/am not a royal?? Yes... you are royal - a royal pain in the ass.
|
|
|
|
BobLawblaw
Legendary
Offline
Activity: 1865
Merit: 5684
Neighborhood Shenanigans Dispenser
|
|
April 22, 2022, 12:47:29 AM |
|
CasaHODL went woke SJW, so, it's nice to see they are looking to lose so much business with their bravery.
See Twitter, tl;dr: "we need more womens and colored hoomanz working 4 uz!"
Fucking retarded space rock.
|
|
|
|
savetherainforest
|
|
April 22, 2022, 01:00:34 AM |
|
CasaHODL went woke SJW, so, it's nice to see they are looking to lose so much business with their bravery.
See Twitter, tl;dr: "we need more womens and colored hoomanz working 4 uz!"
Fucking retarded space rock.
What's wrong with robots??
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2338
Merit: 1802
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
April 22, 2022, 01:03:28 AM |
|
|
|
|
|
suchmoon
Legendary
Offline
Activity: 3836
Merit: 9058
https://bpip.org
|
I just realized that MicroStrategy has been selling bitcoin without telling no one. Michael Saylor said he would never do so, but yesterday he sold more than 1500 bitcoins. More info below Don't worry, this sounds like bullshit, and it's debunked somewhere down in that thread. I'm just amazed at how much brain damage shitcoining can cause. Just look at this self-proclaimed "CEO":
|
|
|
|
ImThour
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1614
Bitcoin Bottom was at $15.4k
|
|
April 22, 2022, 01:16:26 AM |
|
I just realized that MicroStrategy has been selling bitcoin without telling no one. Michael Saylor said he would never do so, but yesterday he sold more than 1500 bitcoins. More info below Don't worry, this sounds like bullshit, and it's debunked somewhere down in that thread. I'm just amazed at how much brain damage shitcoining can cause. Just look at this self-proclaimed "CEO": That's not even MicroStrategy's address. I have been following that whale since early 2021, people are so stupid IDK mate.
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2338
Merit: 1802
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
April 22, 2022, 02:01:21 AM |
|
|
|
|
|
OROBTC
Legendary
Offline
Activity: 2926
Merit: 1863
|
|
April 22, 2022, 02:47:47 AM Merited by JayJuanGee (1) |
|
...
I did have a chance to talk with a younger guy (40s) about BTC (and crypto), but I told him that I was BTC only, and to solicit opinions on alts elsewhere. He seemed genuinely interested, I will inquire later if he jumps in the pool.
He will probably go all in on poocoin after looking at alts. My friend is a serious guy, he will likely ask various others and move slowly. (I am not all that serious, but do move slowly.) I did tell him to edge into any purchases, I should have mentioned JJG's Dollar Cost Averaging thoughts in regards to his budget, goals and financial means. He DID tell me he is OK with volatility and thinking long term, and I believe that. I hope that he does not get suckered into ALTS, but that is his decision. He's not a programmer either -- I hardly know any of them, looks like I come from a different space than most here..
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2338
Merit: 1802
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
April 22, 2022, 03:03:32 AM |
|
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2338
Merit: 1802
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
April 22, 2022, 04:01:20 AM |
|
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2338
Merit: 1802
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
April 22, 2022, 05:01:21 AM |
|
|
|
|
|
Hueristic
Legendary
Offline
Activity: 3976
Merit: 5421
Doomed to see the future and unable to prevent it
|
|
April 22, 2022, 05:53:49 AM |
|
“It’s hard to overstate the severity of this bug. If you are using ECDSA signatures for any of these security mechanisms, then an attacker can trivially and completely bypass them if your server is running any Java 15, 16, 17, or 18 version before the April 2022 Critical Patch Update (CPU). For context, almost all WebAuthn/FIDO devices in the real world (including Yubikeys use ECDSA signatures and many OIDC providers use ECDSA-signed JWTs.”
The bug, tracked as CVE-2022-21449, carries a severity rating of 7.5 out of a possible 10, but Madden said based on his assessment, he’d rate the severity at a perfect 10 “due to the wide range of impacts on different functionality in an access management context.” In its grimmest form, the bug could be exploited by someone outside a vulnerable network with no verification at all.
Other security experts also had strong reactions, with one declaring it “the crypto bug of the year.”
A mitigating factor is that Java versions 15 and above don’t appear to be as widely used as earlier versions. Data collected in February and March 2021 from security firm Snyk showed that Java 15, the latest version at that time, accounted for 12 percent of deployments. While Madden said that the specific ECDSA implementation flaw affected only Java 15 and higher, Oracle also listed versions 7, 8, and 11 as vulnerable. Madden said that the discrepancy may result from separate crypto bugs fixed in the earlier releases. a/0 = valid signature
ECDSA signatures rely on a pseudo-random number, typically notated as K, that’s used to derive two additional numbers, R and S. To verify a signature as valid, a party must check the equation involving R and S, the signer’s public key, and a cryptographic hash of the message. When both sides of the equation are equal, the signature is valid.
In a writeup published Wednesday, security firm Sophos further explained the process:
S1. Select a cryptographically sound random integer K between 1 and N-1 inclusive. S2. Compute R from K using Elliptic Curve multiplication. S3. In the unlikely event that R is zero, go back to step 1 and start over. S4. Compute S from K, R, the hash to be signed, and the private key. S5. In the unlikely event that S is zero, go back to step 1 and start over.
For the process to work correctly, neither R nor S can ever be a zero. That’s because one side of the equation is R, and the other is multiplied by R and a value from S. If the values are both 0, the verification check translates to 0 = 0 X (other values from the private key and hash), which will be true regardless of the additional values. That means an adversary only needs to submit a blank signature to pass the verification check successfully.
Madden wrote:
Guess which check Java forgot?
That’s right. Java’s implementation of ECDSA signature verification didn’t check if R or S were zero, so you could produce a signature value in which they are both 0 (appropriately encoded) and Java would accept it as a valid signature for any message and for any public key. The digital equivalent of a blank ID card.
Below is an interactive JShell session Madden created that shows a vulnerable implementation accepting a blank signature as valid when verifying a message and public key:
| Welcome to JShell -- Version 17.0.1 | For an introduction type: /help intro jshell> import java.security.* jshell> var keys = KeyPairGenerator.getInstance("EC").generateKeyPair() keys ==> java.security.KeyPair@626b2d4a jshell> var blankSignature = new byte[64] blankSignature ==> byte[64] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ... , 0, 0, 0, 0, 0, 0, 0, 0 } jshell> var sig = Signature.getInstance("SHA256WithECDSAInP1363Format") sig ==> Signature object: SHA256WithECDSAInP1363Format<not initialized> jshell> sig.initVerify(keys.getPublic()) jshell> sig.update("Hello, World".getBytes()) jshell> sig.verify(blankSignature) $8 ==> true // Oops, that shouldn't have verified...
Organizations that are using any of the affected versions of Java to validate signatures should place a high priority on patching. It will also be important to monitor for advisories from app and product makers to see if any of their wares are made vulnerable. While the threat from CVE-2022-21449 appears limited to new Java versions, its severity is high enough to warrant vigilance.
https://arstechnica.com/information-technology/2022/04/major-crypto-blunder-in-java-enables-psychic-paper-forgeries/
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2338
Merit: 1802
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
April 22, 2022, 06:03:32 AM |
|
|
|
|
|
JayJuanGee
Legendary
Offline
Activity: 3878
Merit: 11087
Self-Custody is a right. Say no to"Non-custodial"
|
|
April 22, 2022, 06:10:46 AM Last edit: April 22, 2022, 06:35:58 AM by JayJuanGee |
|
My friend is a serious guy, he will likely ask various others and move slowly. (I am not all that serious, but do move slowly.) I did tell him to edge into any purchases, I should have mentioned JJG's Dollar Cost Averaging thoughts in regards to his budget, goals and financial means. He DID tell me he is OK with volatility and thinking long term, and I believe that.
I hope that he does not get suckered into ALTS, but that is his decision.
He's not a programmer either -- I hardly know any of them, looks like I come from a different space than most here..
For sure, DCA and incrementalism is a practice that goes way beyond my thinking - even though I do harp on it quite a bit regarding the main part of any common practice that someone just getting into bitcoin should consider. I share a lot of your frustration with your friend because a lot of people might already know about DCA and they are receptive to the idea of DCA - yet when they are into not seeming to sufficiently understand the difference between shitcoins and bitcoin, they also end up applying DCA to shitcoins (at least many of us bitcoiners who might have some dabblings with shitcoins recognize and appreciate that they are not long term investments - but surely even long term bitcoiners get confused about that point, too). I frequently seem to be throwing out the idea that DCA works as a method for long term investing because there has already been a determination that either fundamentals are strong in the underlying asset or that there is reason to believe that a determination can possibly later be made that fundamentals are strong in the underlying asset - which for bitcoin has largely come to mean that there are pretty decent odds that no matter what period that anyone starts investing into bitcoin, the price has quite likely strong chances of being higher 4-10 years later in real terms than it was at the time of the purchase, and the odds of the DCA investor to continue to bring down cost per BTC in the event that the price ends up turning against him/her and going down. So in some sense DCA works best when the BTC price is waffling all over the place including getting stuck in a spiraling downtrend, but DCA does not work as well when the BTC price gets on one of its decently long term UP trends. Lump sum investing would work better in those instances - but still lump sum investing takes way more knowledge regarding market dynamics than a DCA approach. One way of attempting to partially address the dilemma of a problem in which the BTC price may well go up a lot in the short-term is to engage in a bit of a frontloading of the investment - and of course, another dilemma will still be presented regarding how much to frontload.. .We can also recognize that not everyone has the luxury of frontloading their investment either because they do not necessarily have a lump sum amount in which they can choose how to "get started," but for those who do have some kind of potential lump sum amount that they can potentially frontload into their bitcoin investment I tend to consider to strt by dividing that lump sum amount and also a period of cashflow for the next 6 months for example, and then adding all those up and then dividing into three parts one part lump sum, one part DCA and one part buying on dips... the answer regarding how to divy it up exactly over those first six months is not necessarily be obvious - because there would surely need to be quite a bit of accounting for individual circumstances and the employment of discretion that also attempts to account for timeline, other investments, view of bitcoin compared with other investments, risk tolerance and time, skills and abilities to plan, strategize and to learn and tweak along the way and in more advanced approaches (surely not necessary to get started) may well include the use of financial instruments and leverage, trading and reallocation from time to time (also reallocation may or may not be necessary or even advantageous... but of course, discretionary and individuals should be attempting to engage in their investment at least sufficiently to take responsibility over each and all of their investment portfolio - initial allocations and then managing it as it "hopefully" grows.). So for sure what I am saying is that people tend to get quite confused (I did as well, and probably quite few other people got confused early in their coming to bitcoin), and then we end up wanting to diversify into some various shitcoin projects and attempt to pick the "best of the shitcoins" or the "better of the shitcoins" which does not tend to be a great approach rather than just picking the sector leader, which is quite obviously bitcoin. It seems that people have to learn that bitcoin is the sector leader on their own and probably takes some time - and maybe having them watch around 30-50 Michael Saylor videos might help them out in terms of coming to the conclusion that it makes little to no sense to diversify into shitcoins once the sector leader has been identified.... For starts on a great Saylor clip, go back to that Saylor clip that AlcoHoDL had provided from 2021 and click on the youtube link therein.... it took me a while to find that post.
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2338
Merit: 1802
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
April 22, 2022, 07:03:28 AM |
|
|
|
|
|
El duderino_
Legendary
Offline
Activity: 2674
Merit: 13157
BTC + Crossfit, living life.
|
|
|
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2338
Merit: 1802
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
April 22, 2022, 08:03:27 AM |
|
|
|
|
|
|