They say that a picture is worth a thousand words, but I will still write something considering that it is about a application to become a merit source. I believe that as someone who is online practically every day on the forum and visits various boards, I could contribute to the forum in the way of being a good merit source - and besides, it has just been 9 years since the registration on this forum, which, along with all the other statistics, has some significance.
I believe that there are many good posts that do not receive a single merit, but also that there are many that I personally reward with only 1 merit because unfortunately my sMerits supply does not allow me to give more. I know that there are currently several applications that are active from good members who will hopefully become merit sources in the near future, and I hope that the admin will consider mine as well.
It was difficult to choose only 10 posts that would meet the criteria, but I believe that these 10 posts that I have chosen can serve as a good example of what I consider to be posts that are worthy of an award with merits.
All your comments and questions are welcome
1.
Yes bitcoin.org is legit.
BUT, and this is just me talking, I would not trust their recommendations for anything.
A while ago lukejr suffered a hacking event / hack:
https://bitcointalk.org/index.php?topic=5432665.0On the bitcoinknots page that he maintains there WAS actually a warning that the downloads may be compromised. It's not there anymore but for a while it said
This server may be compromised at present. Do not blindly trust downloads - always verify both the SHA256 hash and the OpenPGP signatures match. Luke Dashjr's OpenPGP key is likely to be compromised, so his signatures have been removed and replaced with other developers' signatures. There is no evidence of a tampered download ever having been offered, but if you have downloaded Bitcoin Knots after 2022 December 1st, it is recommended you re-verify the files you previously downloaded to be sure.
At NO TIME did the maintainer of the bitcoin.org site put up a warning.
1 line of text was all that was needed. But NOPE they didn't.
If they can't do that, then why trust them with other recommendations.
-Dave
2.
Glad you found the right area for this (or close enough)
One thing that must be pointed out is
if they have found a weakness in sha256 the effect of it goes far beyond Bitcoin. SHA256 is used as the basis of most commercial financial and document encryption because (to date) it is uncrackable when a long enough key is used - finding a way to hack it would have major repercussions across many markets and industries.
The weakness they claim to have found is based on them stating that AI-driven pattern analysis can narrow down the data ranges that still must be guessed by established brute-force miner chips. As I said in the other thread I do not think it can be done because
there are no patterns in proper sha256 encryption. If any patterns DO exist in a hash or series of hashes it is the result of a problem with the RNG that created the hash in the 1st place. Most - but not all - RNG's do not have issues and generate truly random numbers that are used as an encryption seed. Knowing the bias that any given RNG can introduce would certainly allow for making more accurate guesses to possible decryption values provided that you know which specific RNG was used and what (if any) flaws it has. If a different RNG is used that advantage is gone.
Regarding Bitmain, Canaan, Bitfury, et al - all of those miner companies also make pattern recognition AI chips. You really think they have not investigated this?
A worrisome bit from the Financial Time article:
Quantum Blockchain told FTAV it has not published any papers on technology or methodology “in order to protect their research”. Its patent applications are “as far as they have dared to go with making the developments public,” said a spokesman
which to me raises a huge red flag. That is NOT how research works! Publishing papers is the ONLY way to have ideas properly examined and critiqued by ones peers. Not publishing and using the excuse that it is 'to protect their research' screams scamming Marketing Speak.
A Patent does NOT have to describe how to create a
workable process, device, or idea. It only must describe how you
say it will work. The numerous patents for perpetual motion machines, free-energy devices and their ilk prove that. Pursuing and even being granted a patent for something does not mean it works or ever can work.
3.
- Otherwise, a simple 51% attack will do some work to destroy the reputation.
This remains to be seen. I mentioned this scenario briefly in my last post: if there's not much damage (in terms of double spends) done, then it could be possible that BTC recovers relatively fast, as did most of the altcoins which were 51% attacked until now. And if this happens, then all the effort of the state was in vain, and even such an attack would be expensive.
A big dictatorship like China or Russia could perhaps be tempted to perform this type of attack anyway because they could try to hide the attack, as they don't need to care that much about transparency. But for any government of a democratic state such an attack would be basically suicide - why should people pay with their taxes for an attack on a tool that e.g. 10% of the voters already use? This would be a major scandal. In China or Russia it could work to hide it, but there are risks that such an attack could destabilize the government if there are traitors leaking the attack. I believe even in the most aggressive and authoritarian of the big dictatorships, Russia (and much less China) they aren't that dumb to waste billions on that.
The only actual constellation I can imagine is an intelligence department of a dictatorship performing the attack, but sponsored in secret by several other countries (every government contributing with, let's say, less than $1 billion, which perhaps can be hidden). But even there, all participants would be at risk to destabilize.
Thus a FUD & Regulation attack is much more promising. But if they go too far the attack could impact in public opinion against the governments and could lead to resistance, like we've seen in the European Parliament. The more Bitcoiners we are, the less likely is such an attack. I think for a completely destructive attack of this kind thus it's already late.
We could also speculate: was Ordinals such an attack?
The idea itself is not bad for a malicious entity - create some service on top of Bitcoin that lowers the utility of the chain for most users because it clogs the blocks, but leads to profits for a sub-group like the NFT investors and can even return the cost of the attacks from "greater fools" (like those buying ORDI at $60 or more). However, due to the way such "trends" work, sustaining such an attack would be very expensive too. And we can already say that it probably failed, because Bitcoin became even more popular. The long term solution to make such a "spam attack" much more unlikely would be - second layers (sidechains, rollups and LN).
4.
The US government selling bitcoin will never cause the market to crash and that's obvious. But what I find strange is that the bitcoin market is worth more than 1 trillion USD and the total market capitalization is almost 3 trillion USD. But why every time just a few billion USD (BTC) sold at the same time can cause a decline of 5 to 15%, it is difficult to understand because 2 or 3 billion USD is very small compared to the trading volume and as marketized capital.
Take two half a litre glasses that are 2/3 full, and move 1/10 or 1/5 of the water between them.
You can move like a million litres, that is the volume, but what happens if you try to dump an additional litre into them? They both overflow.
So despite being able to move back an forth 1 million litres, just one poured without 1 taken out made them overflow.
That's the difference between value and market depth.
Look here:
https://coinmarketcap.com/currencies/bitcoin/BTC/fusd volume is right now 5 billion, but it would take only 4 million to reduce the price by -2% (market depth).
5.
I keep the source code closed at the moment, but just ask if you would like to collaborate.
You can run the binaries released it if you want: <link-removed>
I can only expressly
warn everyone not to download ready-made binaries from unknown sources and run them on their computer. As long as the source code is not open, you never know what the program is doing in the background. Someone with malicious intentions could use the executed program, for example, to spy on and extract data from your own PC, i.e. it could, for example, read your existing hard disk or RAM data and copy passwords or wallet files out to the INternet on some server.
Never ever download programs in .dll or .exe form from unknown sources and never run them. Whether and whom you trust is of course up to you, this is only a well-intentioned warning.
The shown program (test.bat) calls a binary executable:
colisionador_x86_64.exe -list puzzle_r160list_sorted.csv -puzzle 0 -threads 1 -start_pk_bin 0000000000000000000000000000000000000000000000000000000000000001
as well as all other start scripts listed here. Stay away
!
6.
For everyone else: There's no need for a signed message or transaction ID since it's a made up scenario of scammer who doesn't know how Bitcoin address works.
He wanted to pass that he "
accidentally" typed the wrong last character thinking that it wont invalidate the address.
The alleged address that received the 4.37BTC doesn't have the correct checksum,
thus any well-written wallet wont be able to send to it.
You can try it in any wallet that you use.
Some technical explanations:
- Address 1L1UduuGPZ8ttGe59F2w9tTEumQFhtxiuT, base58 decoded, separated the last 4Bytes checksum: 00d08175a8f7d52324279706dae9d132e17a1bfce8 8c7b316e
- The first 4-Bytes of the SHA256x2 hash of the above's left part should be equal to the right part (checksum): 8c7b316e.
- So let's get: SHA256[SHA256(00d08175a8f7d52324279706dae9d132e17a1bfce8)]: 8c7b316c28e25f67a1b027243d1b9558c15a7efb10e8e283c2ce9e12f89f794a
- The first 4-Bytes of the above are: 8c7b316c which isn't equal to 8c7b316e.
- With that, the address is invalid.
On a slim chance that the exchange/wallet is miswritten to accept such address:
Since it's only the checksum part that's wrong, the output should still be sent to the address with the correct checksum, thus, to his own address ending with "
R".
That's because Bitcoin P2PKH outputs aren't actually addresses but "
scriptPubkey" or "
locking script" which is in the first part of the decoded data above.
It's a different scenario if he edited one character that's not part of the checksum instead since it would be sent to another address. (
only if a buggy wallet allows it)
There's a 1 out of 32bit chance (
4-Bytes) that it will be valid to any wallets, that's 1 out of 4,294,967,296 (
2^32).
7.
The answer is absolutely not.
No blockchain system can come even close to handling mainstream loads, which would require transaction loads in the millions of transactions per second. Bitcoin is necessarily slow and expensive by design. You cannot have a decentralized system that is fast/cheap because it would be too easy to subvert (long long story short).
Only a fully centralized system--and even then, a very purpose-built, streamlined system--could manage this problem.
Here are the calculations as I wrote them up here a while back:
***
Let's start with the estimates of the number of credit card transactions there are on any given day, and extrapolate the peak volume per month, then per day, then per hour, then per second.
To keep the numbers easy, I'll just give you the very rounded numbers:
1. There are about two billion credit card transactions, world-wide, per day--if you average over the course of a whole year.
2. But some months, e.g. the holiday season, have much higher volume, so figure ten billion per day during those periods.
3. This comes to about 500m transactions per hour, but all of the hours in the day are not the same from the standpoint of purchase volume: there are peak shopping hours. Those hours can be 10x higher sometimes. So figure two billion transactions per hour during peak-peak periods.
4. Any internet-level system needs to account for a multiplied "peak second" volume, as the network can create holdups, which are then released like when you put your hand in front of a stream of water than then pull it away--and getting "behind" will cause a "traffic jam". Hence, figure a rate of about 10 billion transactions per hours to account for that, which comes to about 300k transactions per second.
5. So that's just credit cards, and that's just the volume we have today. But the vision here is extremely fast, extremely small, extremely cheap transactions that can be used even more broadly than credit cards: in other words, the vision is that someday humans will not use paper or metal currency at all, since we will have a system that cheap enough and fast enough to truly replace cash. Current estimates put the number of cash transactions at about 3x that of credit cards in developed countries. Hence you get to (again, heavily rounding here) to a level at about one million transactions per second.
So the "replace all current transactions" level of performance is about one million transactions per second, and for growth, to actually handle this problem, you need to imagine you could eventually end up at a multiple of that, e.g. millions of transactions per second.
8.
Eventough a hardfork is always a strain on the community, i have to say that a hardfork solving this mempool flood would be interesting. I'd defenately think solving the mempool congestion with those inscription thingies would be a better cause than the last "big" hardfork (BCH).
If such a fork would exist, i'd think it would have a reasonable chance of getting adopted by the majority (depending on how many of the core dev's were willing to switch to said fork).
If enough users adopt the fork, miners would eventually switch since big adoption usually means an OK FIAT value, and eventough the block reward is getting lower, money could still be made mining the "new" fork. Personally, i think it would be great being able to make a transaction that doesn't need 200 sats/vbyte to have a decent chance of getting confirmed in the next couple of blocks... I'd also think it would be a good idear if the nodes didn't have to fill their disks with nonsense data when they store the blocks.
And censorship? What censorship? Those inscription thingies could still exist in the "old" chain. If they want to keep filling blocks with their data, they can do so, just not on the "new" chain... If somebody wants a chain to store even more ridiculous stuff, they can make their own fork, and if they gain some adoption, they have a network and they can store whatever they want... I don't see creating a hardfork to see if it gains adoption as censoring.
I'm not saying it's a good idear per sé, i'm not saying i would blindly follow such a fork, i'm just saying that such a fork would probably have more merit than BCH, and eventough BCH did not gain the biggest part of the community, it does still exist.
9.
You're talking about 2140 but I would be worried much sooner, unless you believe the market cap will double after each halving.
Two more halvings and the security of Bitcoin could be in great danger due to economical factors and before this happens we will see higher centralization due to less companies mining it.
The tx fees will not be enough and block reward will be too small, if you can't see it - you're blind.
There are only two solutions to this problem:
.1 Switching to tail-emission and forgetting about "there will only be 21m" mantra.
.2 Switching to PoS (which will make it even more centralized)
Tail emission quick summary:
https://www.youtube.com/watch?v=sRwSqM0YBtoAnother problem is the Bitcoin project competition, mining companies don't care about the project and securing it, they only care about profits.
So why would they buy another batch of power hungry ASIC's if they can buy a lot of general purpose CPU's and mine with them more profitably ?
Add the fact that you have more resale value of this CPU's, better warranty, etc.
Numbers will speak and if Bitcoin price craze stops, this companies will reevaluate their mining business and alternatives.
If they see they can have double the profit mining with CPU's on a stable enough project... they will switch in a blink of an eye.
They could as well trade to BTC if they want, but the matter is - security of Bitcoin will be in danger.
Some hints about current Bitcoin mining profitability (or rather lack of it):
https://www.youtube.com/watch?v=QCFwmJXx7dcIt will only get worse as the electricity costs rises and more mining taxation come.
If nothing changes, there will never be 21m - So the mantra will die anyway along with the project.
As far as high fees, people will just use 2nd layers.
If you're gonna use second layer solutions, you can as well use PayPal.
If there will be a decentralized way to handle much more transactions per second than today, it can as well be incorporated into first layer.
Centralized "solutions" are not solutions and LN has failed in this regard.
It's a shame "hard fork" term was even invented, because before that we just called it "Update" and all software needs updates.
Due to this protocol code stagnation, right now I don't see bright future for it.
Maybe someday it will change but it could be too late.
PS. I know I sound very pessimistic but it's safer to be incorrectly pessimistic than incorrectly optimistic.
10.
I actually consider moving, i already downloaded aegis and bitwarden. I remember some people here recommends using aegis as their 2fa manager. I would love to hear thoughts on those who have experienced of using of both app (aegis and bitwarden).
I've used both and I would recommend both (be aware that Aegis is just a TOTP generator, it can't hold any passwords). Bitwarden has the possibility that you can self-host it but you have to consider what is safer : Are you able to provide a more secure environment than Bitwarden infrastructure? If you are then you should run your own version so that you are in full control. Otherwise you will just have to trust that Bitwarden will protect your encrypted vault better than you would. They use AES-CBC 256-bit encryption for your vault and PBKDF2 SHA-256 to make a derivation of your private key[1] (using 200,001 rounds both on the server side and client side) so it ends up being better than the encryption implemented by Authy (which is almost the same, but it only uses 1000 rounds[2]). The integration of the TOTP within the app works really well and if you have the browser extension running then it is a seamless experience when you are logging in to any service. Do note that you only have access to TOTP integration if you pay their premium plan - which I consider quite affordable at $10 per year - plus you'll also get 1GB of encrypted file storage and access to Bitwarden Send[3] for both text and files.
If it was me what would allow me to rest better at night would be a combination of the two - Bitwarden for my password needs and then Aegis for my TOTP needs. Like I said to TryNinja I wouldn't feel safe having all of them stored in Bitwarden - if by any random chance a malicious actor would gain access to my vault then he/she would have total control of my accounts.
[1]
https://bitwarden.com/help/what-encryption-is-used/[2]
https://authy.com/blog/how-the-authy-two-factor-backups-work/[3]
https://bitwarden.com/products/send/