Is Theymos anonymous?

[theymos]

Since you asked maybe cuz he was on the "default trust" list?

Ask anyone on the default trust list (or any of the moderators) how well they know me... I don't need to be friends with people to identify them as good moderators or trust-list-builders.

[1715034541]

1715034541

[1715034541]

1715034541

[1715034541]

1715034541

[1715034541]

1715034541

[1715034541]

1715034541

[SaltySpitoon]

Since you asked maybe cuz he was on the "default trust" list?

yeah, Theymos, would you mind telling us the reason Tradefortress was on the default trust list? My speculation was that he had "disclosed security flaws in a responsible manner" as your feedback for him said, but was that the reason or was there another reason?

[theymos]

yeah, Theymos, would you mind telling us the reason Tradefortress was on the default trust list? My speculation was that he had "disclosed security flaws in a responsible manner" as your feedback for him said, but was that the reason or was there another reason?

No. The damage someone in DefaultTrust can do is very limited, so a lot of trust isn't required. I've actually long been suspicious of TradeFortress because he was holding too much BTC, CoinLenders looked like a HYIP, and I've heard some suspicious rumors about him. But I thought that he was very unlikely to go totally crazy with trust. (And he didn't.)

He was on DefaultTrust because his trust list was good. There were only a few problems that ever resulted from his list, but he brought many good people into the trust network. He also seemed to understand the trust system more than anyone else, and he paid the most attention to trust activity across the trust system.

Someone in DefaultTrust is like a moderator responsible for cultivating a good trust network. They need to make sure that anyone trusting them sees many accurate ratings and no inaccurate ratings. Actual trustworthiness is important, but I can quickly respond to any abuses, so it isn't the most important factor in my decision to add someone to DefaultTrust.

The default trust network needs to work in this (somewhat counter-intuitive) centralized way, but you don't need to use the trust system in this way. You can use it more like a web of trust, adding only people who you trust to your trust list.

[theymos]

Well, you said you trusted the guy. You vouched for him.

No. That's not how the Trust system works. There's a reason why trust lists and trust ratings are separate. You can trust that someone is not a scammer but not trust them to have a good trust list, and vice-versa. Listing someone in your trust list indicates only that you like their ratings and/or trust list in some way (defined by you). With the default trust system, my goal is to maximize the number of default-trusted ratings while minimizing the number of incorrect ratings (especially negative ones). There haven't been any major failures in this area.

There actually isn't a way to vouch for someone in the trust system if you use it properly. There are only trust events which are interpreted by users, and trust list relationships which are mostly unrelated to real trust. This is why I kept my positive trust rating of TF even though my overall trust in him has diminished. My personal history with TF has not changed. My trust in him has diminished, but only because of how I am interpreting other trust events. My own history/rating is still relevant to the full picture of TF's trustworthiness in my mind, and it may still be relevant to others.

Your misunderstanding of how the trust system works is one reason why you are not in DefaultTrust.

[theymos]

"Actual trustworthiness is important"  But you say you did not trust him?

I trusted him not to abuse his power. Mostly because he had much to lose and almost nothing to gain by doing so, not because I thought that he was particularly ethical. And I was right: he didn't abuse his power in any noticeable way.

[go1111111]

I've been a professional software developer for almost 10 years, I have a pretty decent idea of what it takes to run a site using someone else's forum software.

No offense, but your statements say otherwise. Hint:

-Bitcointalk uses Javascript. It is well known that a lot of members here will be on bitcointalk and on their favorite web wallet site at the same time. There may be some XSS opportunity here, though as I said I'm not an expert.

And so 90% of the internet, also you have no understanding of XSS. Can you please stop posting your "expert" opinions please? Because that's simply dumb.

I think some of you are misinterpreting my statement, which is understandable because it wasn't too clear. By "I have a pretty decent idea of what it takes to run a site using someone else's forum software" I meant that I had a sense of the resources it takes to do so, not that I'm familiar with the day to day technical process. I know people who run forums, I know roughly how much they spend on them, and I know how good their forums are. I know that bitcointalk doesn't look like a forum with 600k in funding.

You have correctly identified that I know almost nothing about XSS. I wasn't relying on my technical experience to give credibility to my XSS concerns. I pointed out my background to call bullshit on the idea that someone was spending $600k on this forum. Theymos basically confirmed that by saying that the 600k hasn't been spent.

[davout]

OP yes Theymos has been doxed but that info is not public for obvious reasons. However there is a fair amount on the Intternet if you know where to look.

Also ignore these trolls(staff). Your question was a valid one.

Hey Goat! What's today's reason for being butthurt?

Nobody said OP's question was invalid, he's just looking for answers in the wrong places, namely this forum.
My suggestion would be to skip the forum's trust system altogether and use bitcoin-otc.com which is much simpler and straightforward and doesn't have the bizarre concept of "default trust".

[davout]

First of all no software development was done here.

That has already been said had you read the thread before proceeding to give me a good laugh.

When it comes to fine tuning the performance

Lurk more, it's not about performance.

if i can sustain a single website on 33 server cluster running a custom build of gentoo, with 14 billion monthly pageviews with occasional influxes of DDOS saturating an entire OC192, on a super strict budget, then by god one can sustain this fucking site for less than 2BTC/mo.

It always surprises me to see what some people will masturbate to.

Anyway, lemme backtrack to your idiotic statement. Full time IT guy to manage things? sure, if he's a retard. the guys that do the real, serious work are the core linux kernel developers, and those are extreme geeks. the kind you can respect. too bad there aren't enough of them.

Ok, let me get something straight here, the words I say mean something, probably not what you think though. When I say "software project" I don't mean "things", I mean "software project" which has much more to it than "fine tuning nginx", throw 600k, some developers and half a ton of cheesy poofs into a room, what usually comes out isn't a working product someone cares about. It's usually more around the lines of a couple homemade frameworks, and fattened developers.

@OP passwords are usually md5/sha1 encrypted with these forum scripts,

Things have a proper name, the proper name for md5 and sha1 is "a hash function", repeat after me: "a hash function". And I may even precise it further "a broken hash function". It is used mostly by confused PHPtards who have no idea about what they are doing. So if someone asks your opinion next time, point them at bcrypt, no fucking exceptions.

put faith and trust in your intuition.

That seems to be the reason of your confusion, the correct way to make decision is by "thinking", thinking may or may not take your original gut feeling into account.

and use pgp when sending PMs discussing sketchy shit. the fbi could be lurking inside. the integrity of things is always questionable.

See, we have one fine example of mental confusion here, using PGP when sending PMs about sketchy shit won't protect you from getting entrapped by the FBI if they are, as you say, lurking inside.

[ScammerZhouTong]

theymos reads a lot of PMs, and not for a good reason.

[davout]

but i have to say to never test the doj/fbi/cia/nsa. they will shred you! i've seen them pull some very elaborate schemes. you're only safe in russia and china. you cannot fight the doj/gov. they will own you.

See, you finally have a valid point. If you pursue your reasoning, based on the assertion you made, and with which I fully agree, the correct course of action becomes clear : don't test them, don't do shit that'll get you on their radar.

If you think you're safe using PGP in PMs you're wrong, they'll own the forum, exploit your browser, exploit your machine through some zero-day and use it a side channel to pull the keys from your machine and work from there. Not saying that PGP is broken, just saying a technical protection measure is never a security silver bullet, they could entrap you, they could use black bag cryptanalysis or whatever they do to get their shit done.

There's already tons of fun and interesting stuff to do legally, be safe and let others get in trouble.

[DobZombie]

I'm not a security expert, but if Theymos did want to be untrustworthy, it seems like he's in a better position to do harm than a lot of people:

-Bitcointalk uses Javascript. It is well known that a lot of members here will be on bitcointalk and on their favorite web wallet site at the same time. There may be some XSS opportunity here, though as I said I'm not an expert.

-There are some small % of newb/dumb bitcointalk forum members who probably use a similar password on bitcointalk and on their favorite web wallet. It seems possible that Theymos could somehow get access to people's bitcointalk passwords if he wanted, giving him or his friends a huge password cracking advantage over a random person.

A few small bits of info that I found mildly concerning, and caused me to be curious about Theymos:

-Theymos seems to have been a defender/supporter of TradeFortress. It's possible that they are friends, but I'm not sure. The circumstances around 1 million dollars disappearing from TradeFortress's inputs.io business suggest that TradeFortress may be very shady.

-There are a lot of people on reddit who pop up with stories about how funds were stolen from their hot wallets because they didn't have 2-factor authentication, and they describe having pretty complex passwords. It's somewhat of a mystery how their passwords are being cracked.

-The fact that Theymos allegedly raised like $600k for this forum, yet the forum is not that good technically, is sort of weird and makes me wonder how much of that was actually spent on the forum.

I'm not saying we should suspect Theymos of any nefarious activities, but the above is just why I care more about Theymos's trust level than I care about a random user's.

 

You forgot about the $50,000 he gets each week for ad revenue.

The guy must be absolutely rolling it in right now!

[b!z]

I've been a professional software developer for almost 10 years, I have a pretty decent idea of what it takes to run a site using someone else's forum software.

No offense, but your statements say otherwise. Hint:

-Bitcointalk uses Javascript. It is well known that a lot of members here will be on bitcointalk and on their favorite web wallet site at the same time. There may be some XSS opportunity here, though as I said I'm not an expert.

And so 90% of the internet, also you have no understanding of XSS. Can you please stop posting your "expert" opinions please? Because that's simply dumb.

Also Theymos was doxed, google it.

Doxed? No. He put his information online. http://theymos.com

[Kluge]

You forgot about the $50,000 he gets each week for ad revenue.

The guy must be absolutely rolling it in right now!

Unless he hands out blowjobs while off duty there is no fuckin way this site generates that kind of revenue. Esp per week. That's the dumbest thing I've heard anyone ever say. Don't go around telling people that.

I don't see any doubleclick tags in the site serving me a premium ad. I barely see any ads. And they aren't ads tracked in the traditional fashion (CPM/CPC/affiliate/ etc).  Simple plain HTML ads with an external link. This cannot generate the amount of ad revenue you claim.

And even if he is making bank good for him. Stop
Hating.

When TF was buying, each ad cycle could earn well over $50K, but now it's more like $10K per week. ~25% goes to mods (and part to himself, I think?). The rest goes into the forum treasury of ~5.6KBTC (>$2M). You're apparently doing ad revenue wrong.

https://bitcointalk.org/index.php?topic=301062.0

[Mike Christ]

I always thought Theymos was a wizard of some sort.

[Gyrsur]

do you guys talking about thermos?  

[augustocroppo]

I'm not a sociable guy. There are few people in the Bitcoin community who I have any sort of casual relationship with. AFAIK, I've met a grand total of two forum users AFK.

Your misunderstanding of how the trust system works is one reason why you are not in DefaultTrust.

You live in a bubble and want to determine how a whole community should trust each other?

Time for a reality check!

[uMMcQxCWELNzkt]

I heard Theymos lives in some kind of Bitcave.

[RodeoX]

I believe Theymos is one of my neighbors. He lives somewhere near me anyway. But if he wishes to remain private, then I'm with him.

[RodeoX]

I believe Theymos is one of my neighbors. He lives somewhere near me anyway. But if he wishes to remain private, then I'm with him.

I'm all for respecting privacy. Pretty much everyone one here will agree unless someone scams.

Agreed. 

[MaxBTC1]

If he is, is he also legion?