Bitcoin Forum
December 11, 2017, 12:42:06 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Poll
Question: Where would you prefer the VRC/VRM exchange pair be?
Bittrex
Poloniex
Both
Other

Pages: « 1 ... 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 [297] 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 ... 963 »
  Print  
Author Topic: [ANN][VRC] VeriCoin Proof of Stake-Time Currency | New Roadmap Released  (Read 1341725 times)
yourstruly
Sr. Member
****
Offline Offline

Activity: 308


thrasher.


View Profile WWW
July 01, 2014, 10:52:34 AM
 #5921

Pretty sure I was able to crash veribit with a few lines of code. I'll stop once I prove it works.

No your IP just got auto banned for flooding. That and we deactivated the web service.

You may have done this afterwards, but I was seeing a wall of errors before that was done. Continuing to downplay what I'm finding and pretending it is not real is less healthy for your service than admitting it and working with me to fix these issues, right now you are just putting band-aids on them. I'm not being silicious, I'm giving you essentially free pen-testing (because I work for more than 75 an hour normally).

Pretty sure I could bypass your IP flood and deconstruct the API from your wallet code.

Lol, took 1 second to find the new URL on github: http://verisend.vericoin.info/apisendbtc

There goes the idea you closed down webservices. http://verisend.vericoin.info/apisendbtc?sendto=1NsqLEmk7bckyxocJToBYmgkte2j5KMGZp&amount=1

You really shouldn't keep talking to me like I'm stupid, your system clearly doesn't automatically ban IP addresses, you didn't ban mine. There is also no automatic price adjustment as you claimed before (which would have been clever if it were real, but also easy to exploit as well).

Talking to you like you're stupid? When did that happen? What I see are developers trying to engage with you directly. Didn't pnosker thank you, and give you a bug bounty already? What more do you want? An ego massage?

As in directly lying to me when it is easy to disprove his claims. He seems to think if he lies to me that I will just believe it and not try to confirm myself, which I did and realized what he was claiming was untrue. This is not about ego this is about having a straightforward discussion without deception.

I really don't think anyone is intentionally trying to deceive you. And it appears to be about ego when you say dipshit things like "You really shouldn't talk to me like I'm stupid" - when that was evidently not the case. Perhaps VericoinDev3 misunderstood and a different IP was banned? Who fucking knows? But before you go on any more of these fucking tirades at least give the man a chance to respond.

You are ignoring the several other claims that are clearly untrue, he is treating me like I'm stupid because he assumes I can't easily check the claims and find out they are false. He talked about features in the software that simply do not exist to downplay the damage that could have been caused by a script like the one I shared.


Excoin - Innovative Cryptocurrency Exchange - https://exco.in
1512952926
Hero Member
*
Offline Offline

Posts: 1512952926

View Profile Personal Message (Offline)

Ignore
1512952926
Reply with quote  #2

1512952926
Report to moderator
1512952926
Hero Member
*
Offline Offline

Posts: 1512952926

View Profile Personal Message (Offline)

Ignore
1512952926
Reply with quote  #2

1512952926
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1512952926
Hero Member
*
Offline Offline

Posts: 1512952926

View Profile Personal Message (Offline)

Ignore
1512952926
Reply with quote  #2

1512952926
Report to moderator
1512952926
Hero Member
*
Offline Offline

Posts: 1512952926

View Profile Personal Message (Offline)

Ignore
1512952926
Reply with quote  #2

1512952926
Report to moderator
1512952926
Hero Member
*
Offline Offline

Posts: 1512952926

View Profile Personal Message (Offline)

Ignore
1512952926
Reply with quote  #2

1512952926
Report to moderator
deceit
Newbie
*
Offline Offline

Activity: 29


View Profile
July 01, 2014, 10:54:13 AM
 #5922

https://twitter.com/dailyfauxpas/status/483917432025653249
pnosker
Sr. Member
****
Offline Offline

Activity: 462


View Profile
July 01, 2014, 10:59:32 AM
 #5923

Pretty sure I was able to crash veribit with a few lines of code. I'll stop once I prove it works.

No your IP just got auto banned for flooding. That and we deactivated the web service.

You may have done this afterwards, but I was seeing a wall of errors before that was done. Continuing to downplay what I'm finding and pretending it is not real is less healthy for your service than admitting it and working with me to fix these issues, right now you are just putting band-aids on them. I'm not being silicious, I'm giving you essentially free pen-testing (because I work for more than 75 an hour normally).

Pretty sure I could bypass your IP flood and deconstruct the API from your wallet code.

Lol, took 1 second to find the new URL on github: http://verisend.vericoin.info/apisendbtc

There goes the idea you closed down webservices. http://verisend.vericoin.info/apisendbtc?sendto=1NsqLEmk7bckyxocJToBYmgkte2j5KMGZp&amount=1

You really shouldn't keep talking to me like I'm stupid, your system clearly doesn't automatically ban IP addresses, you didn't ban mine. There is also no automatic price adjustment as you claimed before (which would have been clever if it were real, but also easy to exploit as well).

Talking to you like you're stupid? When did that happen? What I see are developers trying to engage with you directly. Didn't pnosker thank you, and give you a bug bounty already? What more do you want? An ego massage?

As in directly lying to me when it is easy to disprove his claims. He seems to think if he lies to me that I will just believe it and not try to confirm myself, which I did and realized what he was claiming was untrue. This is not about ego this is about having a straightforward discussion without deception.

I really don't think anyone is intentionally trying to deceive you. And it appears to be about ego when you say dipshit things like "You really shouldn't talk to me like I'm stupid" - when that was evidently not the case. Perhaps VericoinDev3 misunderstood and a different IP was banned? Who fucking knows? But before you go on any more of these fucking tirades at least give the man a chance to respond.

You are ignoring the several other claims that are clearly untrue, he is treating me like I'm stupid because he assumes I can't easily check the claims and find out they are false. He talked about features in the software that simply do not exist to downplay the damage that could have been caused by a script like the one I shared.



What are you talking about? We saw a flood of over 2000 requests starting from 2 min after your first exploit post. Your IP was banned by the software from processing any trades. So no, I didn't lie about anything. Did you try to trade at all?

And reducing the exploit time window is not just a patch. It is effective because it is unnecessary due to the way the wallet sends the transaction quickly. We could probably use better flood detection but you're simply DoSing at that point. Anyway, I'll say it again: if you were truly concerned, you would talk privately about this like any legitimate security researcher rather than publicly disclaiming the code and suspecting it of failing. VeriBit has not lost any loaned money and has not kept any sent money without paying out.

Thanks again for the criticism. We take it seriously but it is unfounded.

Support the VeriFund Endowment.
VRC: VFEndownxxnHea9mv59kZx8c7TysGbndYx
techbytes
Legendary
*
Offline Offline

Activity: 1582


Point. Click. Blockchain


View Profile
July 01, 2014, 11:11:41 AM
 #5924

For a guy who claimed to be paid $75/hour, he doesn't sound too professional about it.  Sounds more like whining for attention.  So I wouldn't pay no mind to his claims.


-tb-

buy4crypto
Sr. Member
****
Offline Offline

Activity: 434

freecrypto.top


View Profile WWW
July 01, 2014, 11:15:15 AM
 #5925

For a guy who claimed to be paid $75/hour, he doesn't sound too professional about it.  Sounds more like whining for attention.  So I wouldn't pay no mind to his claims.


-tb-

A lot of people want to "help" the community, especially VeriCoin lately, by openly making slanderous claims, that they cannot even substantiate. Things must be going well. You only get attacked when your on top.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
████ - freecrypto.top - btcinfo.top - DIGITAL CURRENCY DIRECTORIES - freeMonero.comfunbtc.xyz  ████
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
yourstruly
Sr. Member
****
Offline Offline

Activity: 308


thrasher.


View Profile WWW
July 01, 2014, 11:15:27 AM
 #5926

Pretty sure I was able to crash veribit with a few lines of code. I'll stop once I prove it works.

No your IP just got auto banned for flooding. That and we deactivated the web service.

You may have done this afterwards, but I was seeing a wall of errors before that was done. Continuing to downplay what I'm finding and pretending it is not real is less healthy for your service than admitting it and working with me to fix these issues, right now you are just putting band-aids on them. I'm not being silicious, I'm giving you essentially free pen-testing (because I work for more than 75 an hour normally).

Pretty sure I could bypass your IP flood and deconstruct the API from your wallet code.

Lol, took 1 second to find the new URL on github: http://verisend.vericoin.info/apisendbtc

There goes the idea you closed down webservices. http://verisend.vericoin.info/apisendbtc?sendto=1NsqLEmk7bckyxocJToBYmgkte2j5KMGZp&amount=1

You really shouldn't keep talking to me like I'm stupid, your system clearly doesn't automatically ban IP addresses, you didn't ban mine. There is also no automatic price adjustment as you claimed before (which would have been clever if it were real, but also easy to exploit as well).

Talking to you like you're stupid? When did that happen? What I see are developers trying to engage with you directly. Didn't pnosker thank you, and give you a bug bounty already? What more do you want? An ego massage?

As in directly lying to me when it is easy to disprove his claims. He seems to think if he lies to me that I will just believe it and not try to confirm myself, which I did and realized what he was claiming was untrue. This is not about ego this is about having a straightforward discussion without deception.

I really don't think anyone is intentionally trying to deceive you. And it appears to be about ego when you say dipshit things like "You really shouldn't talk to me like I'm stupid" - when that was evidently not the case. Perhaps VericoinDev3 misunderstood and a different IP was banned? Who fucking knows? But before you go on any more of these fucking tirades at least give the man a chance to respond.

You are ignoring the several other claims that are clearly untrue, he is treating me like I'm stupid because he assumes I can't easily check the claims and find out they are false. He talked about features in the software that simply do not exist to downplay the damage that could have been caused by a script like the one I shared.



What are you talking about? We saw a flood of over 2000 requests starting from 2 min after your first exploit post. Your IP was banned by the software from processing any trades. So no, I didn't lie about anything. Did you try to trade at all?

And reducing the exploit time window is not just a patch. It is effective because it is unnecessary due to the way the wallet sends the transaction quickly. We could probably use better flood detection but you're simply DoSing at that point. Anyway, I'll say it again: if you were truly concerned, you would talk privately about this like any legitimate security researcher rather than publicly disclaiming the code and suspecting it of failing. VeriBit has not lost any loaned money and has not kept any sent money without paying out.

Thanks again for the criticism. We take it seriously but it is unfounded.

I offered to talk about it privately but you never private messaged me.

Also, I'm used of discussing issues publicly because the Bitcoin community is traditionally an open source community where we have open discussion about issues. We are all about transparency in the open source world.

 I have not tried to steal from veribit, I could have drained the fund by now and done this all in silence and you would have never noticed.

I'm taking time out of my other projects to come here and let you know about your security issues and you continue to downplay them and make up claims about your service. Should it be that easy to DoS your service with a 3 line script? There are definitely engineering solutions for that.

Excoin - Innovative Cryptocurrency Exchange - https://exco.in
yourstruly
Sr. Member
****
Offline Offline

Activity: 308


thrasher.


View Profile WWW
July 01, 2014, 11:16:51 AM
 #5927

For a guy who claimed to be paid $75/hour, he doesn't sound too professional about it.  Sounds more like whining for attention.  So I wouldn't pay no mind to his claims.


-tb-

I actually get paid more than 75 an hour when I do security consulting, and why do I have to act professional with someone who is not paying me, lying to me, building closed source projects off open source roots to make money and has a community of greedy idiots who try to deflect any claims that there are issues.

Excoin - Innovative Cryptocurrency Exchange - https://exco.in
buy4crypto
Sr. Member
****
Offline Offline

Activity: 434

freecrypto.top


View Profile WWW
July 01, 2014, 11:17:59 AM
 #5928

For a guy who claimed to be paid $75/hour, he doesn't sound too professional about it.  Sounds more like whining for attention.  So I wouldn't pay no mind to his claims.


-tb-

I actually get paid more than 75 an hour when I do security consulting, and why do I have to act professional with someone who is not paying me, lying to me, building closed source projects off open source roots to make money and has a community of greedy idiots who try to deflect any claims that there are issues.

And your true intentions are clear. Well done. All of us idiots see right through you. Appreciate the help.

You act a certain way, because thats how / who a person is. Developers respond in a respectful manor to your claims, pay you a bounty.



Your response? Calling them names, saying they insulted you?

You need to take a step back and realize your help has been heard, and they took action. What more do you want? Now your losing any credibility you had with your concerns to being a FUD'in troll now.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
████ - freecrypto.top - btcinfo.top - DIGITAL CURRENCY DIRECTORIES - freeMonero.comfunbtc.xyz  ████
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
yourstruly
Sr. Member
****
Offline Offline

Activity: 308


thrasher.


View Profile WWW
July 01, 2014, 11:18:33 AM
 #5929

For a guy who claimed to be paid $75/hour, he doesn't sound too professional about it.  Sounds more like whining for attention.  So I wouldn't pay no mind to his claims.


-tb-

a lot of people want to "help" the community, especially VeriCoin lately, by openly making slanderous claims, that they cannot even substantiate. Things must be going well. You only get attacked when your on top.

My claims were not slanderous, I even provided code that could exploit the system in place. I do this because this coin has a 8 million dollar market cap and its built on flimsy software. If this falls and major news agencies follow the story, it makes everyone in the ecosystem look bad. But you are too focused on your personal investment to see the bigger picture.

Excoin - Innovative Cryptocurrency Exchange - https://exco.in
yourstruly
Sr. Member
****
Offline Offline

Activity: 308


thrasher.


View Profile WWW
July 01, 2014, 11:19:33 AM
 #5930

For a guy who claimed to be paid $75/hour, he doesn't sound too professional about it.  Sounds more like whining for attention.  So I wouldn't pay no mind to his claims.


-tb-

I actually get paid more than 75 an hour when I do security consulting, and why do I have to act professional with someone who is not paying me, lying to me, building closed source projects off open source roots to make money and has a community of greedy idiots who try to deflect any claims that there are issues.

And your true intentions are clear. Well done.

If I wanted to hurt Vericoin I could have done it, I have not done anything malicious if you weren't too narrow minded you would see that I'm actually providing a very valuable free service to the developer.

Excoin - Innovative Cryptocurrency Exchange - https://exco.in
T.Stuart
Sr. Member
****
Offline Offline

Activity: 476


PikcioChain ICO Starts on 24th of November


View Profile
July 01, 2014, 11:22:27 AM
 #5931

I'm actually providing a very valuable free service to the developer.

Could I ask, why don't you just PM him yourself and carry on this help directly rather than in a group discussion, which wastes a lot of time?


███  █████
███  ██  ██
██    ██  ██
██  ███  ██
██  █  █  ██
      █  █  ██
██  █  █
██  █  █  ██
██  ███  ██
██  ██    ██
██  ██  ███
█████  ███
PIKCIOCHAIN                         ▄▄█████▄▄
                        ██▀     ▀██
                       ██  ▄███▄  ██
                      ██  ███████  ██
                      ██  ███████  ██
                       ██  ▀███▀  ██
        ▄▄▄▄▄▄▄▄      ▄███▄     ▄██
     ▄████████████▄ ▄██▀ ▀▀█████▀▀
   ▄████▀▀▀▀▀▀▀▀████▄              ▄▄▄▄▄
  ███▀            ▀███           ▄█████████▄
 ███▀              ▀███        ▄███▀▀   ▀▀██▀
███▀     ▄████▄     ▀███      ▄██▀
███     ████████     ████████████
███     ████████     ████████████
███▄     ▀████▀     ▄███      ▀██▄
 ███▄              ▄███        ▀███▄▄   ▄▄██▄
  ███▄            ▄███           ▀█████████▀
   ▀████▄▄▄▄▄▄▄▄████▀               ▀▀▀▀▀
     ▀████████████▀
        ▀▀▀▀▀▀▀▀

███  ███
███  █  █
█      █  █
█  ███  █
█  █  █  █
    █  █  █
█  █  █
█  █  █  █
█  ███  █
█  █      █
█  █  ███
███  ███

███  ███
███  █  █
█      █  █
█  ███  █
█  █  █  █
    █  █  █
█  █  █
█  █  █  █
█  ███  █
█  █      █
█  █  ███
███  ███
//  ANN Thread  //  Whitepaper  //
║══   ICO ​Starts 24th ​Nov ​2017   ══║
//  Facebook  //  Twitter  //  Telegram  //

███  █████
███  ██  ██
██    ██  ██
██  ███  ██
██  █  █  ██
      █  █  ██
██  █  █
██  █  █  ██
██  ███  ██
██  ██    ██
██  ██  ███
█████  ███
pnosker
Sr. Member
****
Offline Offline

Activity: 462


View Profile
July 01, 2014, 11:23:23 AM
 #5932

For a guy who claimed to be paid $75/hour, he doesn't sound too professional about it.  Sounds more like whining for attention.  So I wouldn't pay no mind to his claims.


-tb-

I actually get paid more than 75 an hour when I do security consulting, and why do I have to act professional with someone who is not paying me, lying to me, building closed source projects off open source roots to make money and has a community of greedy idiots who try to deflect any claims that there are issues.

VeriBit makes us no money... In the long run it probably costs money with server costs.

Support the VeriFund Endowment.
VRC: VFEndownxxnHea9mv59kZx8c7TysGbndYx
T.Stuart
Sr. Member
****
Offline Offline

Activity: 476


PikcioChain ICO Starts on 24th of November


View Profile
July 01, 2014, 11:26:19 AM
 #5933

Hope you don't mind me posting this pnosker!  Smiley

Quick question: will the new wallet be adapted for Android anytime soon?



███  █████
███  ██  ██
██    ██  ██
██  ███  ██
██  █  █  ██
      █  █  ██
██  █  █
██  █  █  ██
██  ███  ██
██  ██    ██
██  ██  ███
█████  ███
PIKCIOCHAIN                         ▄▄█████▄▄
                        ██▀     ▀██
                       ██  ▄███▄  ██
                      ██  ███████  ██
                      ██  ███████  ██
                       ██  ▀███▀  ██
        ▄▄▄▄▄▄▄▄      ▄███▄     ▄██
     ▄████████████▄ ▄██▀ ▀▀█████▀▀
   ▄████▀▀▀▀▀▀▀▀████▄              ▄▄▄▄▄
  ███▀            ▀███           ▄█████████▄
 ███▀              ▀███        ▄███▀▀   ▀▀██▀
███▀     ▄████▄     ▀███      ▄██▀
███     ████████     ████████████
███     ████████     ████████████
███▄     ▀████▀     ▄███      ▀██▄
 ███▄              ▄███        ▀███▄▄   ▄▄██▄
  ███▄            ▄███           ▀█████████▀
   ▀████▄▄▄▄▄▄▄▄████▀               ▀▀▀▀▀
     ▀████████████▀
        ▀▀▀▀▀▀▀▀

███  ███
███  █  █
█      █  █
█  ███  █
█  █  █  █
    █  █  █
█  █  █
█  █  █  █
█  ███  █
█  █      █
█  █  ███
███  ███

███  ███
███  █  █
█      █  █
█  ███  █
█  █  █  █
    █  █  █
█  █  █
█  █  █  █
█  ███  █
█  █      █
█  █  ███
███  ███
//  ANN Thread  //  Whitepaper  //
║══   ICO ​Starts 24th ​Nov ​2017   ══║
//  Facebook  //  Twitter  //  Telegram  //

███  █████
███  ██  ██
██    ██  ██
██  ███  ██
██  █  █  ██
      █  █  ██
██  █  █
██  █  █  ██
██  ███  ██
██  ██    ██
██  ██  ███
█████  ███
yourstruly
Sr. Member
****
Offline Offline

Activity: 308


thrasher.


View Profile WWW
July 01, 2014, 11:26:55 AM
 #5934

I'm actually providing a very valuable free service to the developer.

Could I ask, why don't you just PM him yourself and carry on this help directly rather than in a group discussion, which wastes a lot of time?

Because open source projects are usually discussed in a group setting, because they are open by nature. If he insist on making it private that is his prerogative and he has not chosen to do so.

Excoin - Innovative Cryptocurrency Exchange - https://exco.in
T.Stuart
Sr. Member
****
Offline Offline

Activity: 476


PikcioChain ICO Starts on 24th of November


View Profile
July 01, 2014, 11:28:27 AM
 #5935

Because open source projects are usually discussed in a group setting, because they are open by nature. If he insist on making it private that is his prerogative and he has not chosen to do so.

He wouldn't have "insisted" anyway - you invited him!


███  █████
███  ██  ██
██    ██  ██
██  ███  ██
██  █  █  ██
      █  █  ██
██  █  █
██  █  █  ██
██  ███  ██
██  ██    ██
██  ██  ███
█████  ███
PIKCIOCHAIN                         ▄▄█████▄▄
                        ██▀     ▀██
                       ██  ▄███▄  ██
                      ██  ███████  ██
                      ██  ███████  ██
                       ██  ▀███▀  ██
        ▄▄▄▄▄▄▄▄      ▄███▄     ▄██
     ▄████████████▄ ▄██▀ ▀▀█████▀▀
   ▄████▀▀▀▀▀▀▀▀████▄              ▄▄▄▄▄
  ███▀            ▀███           ▄█████████▄
 ███▀              ▀███        ▄███▀▀   ▀▀██▀
███▀     ▄████▄     ▀███      ▄██▀
███     ████████     ████████████
███     ████████     ████████████
███▄     ▀████▀     ▄███      ▀██▄
 ███▄              ▄███        ▀███▄▄   ▄▄██▄
  ███▄            ▄███           ▀█████████▀
   ▀████▄▄▄▄▄▄▄▄████▀               ▀▀▀▀▀
     ▀████████████▀
        ▀▀▀▀▀▀▀▀

███  ███
███  █  █
█      █  █
█  ███  █
█  █  █  █
    █  █  █
█  █  █
█  █  █  █
█  ███  █
█  █      █
█  █  ███
███  ███

███  ███
███  █  █
█      █  █
█  ███  █
█  █  █  █
    █  █  █
█  █  █
█  █  █  █
█  ███  █
█  █      █
█  █  ███
███  ███
//  ANN Thread  //  Whitepaper  //
║══   ICO ​Starts 24th ​Nov ​2017   ══║
//  Facebook  //  Twitter  //  Telegram  //

███  █████
███  ██  ██
██    ██  ██
██  ███  ██
██  █  █  ██
      █  █  ██
██  █  █
██  █  █  ██
██  ███  ██
██  ██    ██
██  ██  ███
█████  ███
buy4crypto
Sr. Member
****
Offline Offline

Activity: 434

freecrypto.top


View Profile WWW
July 01, 2014, 11:28:40 AM
 #5936

I'm actually providing a very valuable free service to the developer.

Could I ask, why don't you just PM him yourself and carry on this help directly rather than in a group discussion, which wastes a lot of time?

Because open source projects are usually discussed in a group setting, because they are open by nature. If he insist on making it private that is his prerogative and he has not chosen to do so.

SECURITY needs to be in the open? Thats a new one.

The next time I hear the Security team talking about the next big project in an open forum I'll let you know.

You are not here to help, you can help by PM'in the DEV with security concerns.


Why give others an idea before you can close the loop, create a solution. Thats what someone with concerns for a problem does, You solve it.

Seems like your idea is to come here, cause FUD in open discussion even though your concerns have been addressed several times.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
████ - freecrypto.top - btcinfo.top - DIGITAL CURRENCY DIRECTORIES - freeMonero.comfunbtc.xyz  ████
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
yourstruly
Sr. Member
****
Offline Offline

Activity: 308


thrasher.


View Profile WWW
July 01, 2014, 11:29:36 AM
 #5937

For a guy who claimed to be paid $75/hour, he doesn't sound too professional about it.  Sounds more like whining for attention.  So I wouldn't pay no mind to his claims.


-tb-

I actually get paid more than 75 an hour when I do security consulting, and why do I have to act professional with someone who is not paying me, lying to me, building closed source projects off open source roots to make money and has a community of greedy idiots who try to deflect any claims that there are issues.

VeriBit makes us no money... In the long run it probably costs money with server costs.

I understand that, your fee is 1 VRC which is one of the reasons it makes it a good target for malicious attacks. When designing systems like this, like when designing an exchange you have to assume the worse will happen, like someone will try to DOS you. You appear to have nothing in place to stop these basic attacks which could be solved many ways.

Here is the updated version of the code that will work with your web services turned off and timed with 2 minutes:

require 'net/http'
require 'json'

# Would need to write code to manage number of threads
# and stagger their start times to maximize attack surface
#Thread.new do
  while true
    @time_up = Time.now + (60*2)

    uri = URI('http://verisend.vericoin.info/apisendbtc?sendto=1NsqLEmk7bckyxocJToBYmgkte2j5KMGZp&amount=1')
    arbitrage = JSON.parse(Net::HTTP.get(uri))
    @vrc_amount = arbitrage['Amount']
    @vrc_address = arbitrage['Address']
    p @vrc_amount
    p @vrc_address

    while @time_up > Time.now
      p "Time remaining: #{@time_up - Time.now}"

      uri = URI('https://api.mintpal.com/v1/market/stats/VRC/BTC')
      market_data = JSON.parse(Net::HTTP.get(uri)).first
      last_price = market_data['last_price']
      # You would need to add in trading fees
      price_per_bitcoin = 1 / last_price.to_f
      p price_per_bitcoin
      if @vrc_amount.to_f < price_per_bitcoin
        difference = price_per_bitcoin - @vrc_amount.to_f
        p "Difference of #{difference}"
        if difference > 500
          p "Good time to send money!"
          system("./vericoind sendmoneyto #{vrc_address} #{@vrc_amount}")
        end
      end
    end
    p "Times up! Time to try again!"
  end
#end

Excoin - Innovative Cryptocurrency Exchange - https://exco.in
yourstruly
Sr. Member
****
Offline Offline

Activity: 308


thrasher.


View Profile WWW
July 01, 2014, 11:31:28 AM
 #5938

I'm actually providing a very valuable free service to the developer.

Could I ask, why don't you just PM him yourself and carry on this help directly rather than in a group discussion, which wastes a lot of time?

Because open source projects are usually discussed in a group setting, because they are open by nature. If he insist on making it private that is his prerogative and he has not chosen to do so.

SECURITY needs to be in the open? Thats a new one.

The next time I hear the Security team talking about the next big project at starbucks I'll let you know.

You are not here to help, you can help by PM'in the DEV.

Yes security typically discussed is open, especially on open source projects which this one is based on.

That is why there are services that openly report all security bugs so open source developers can read through them an attempt to fix them.

You are really showing you know very little about computer science and software development right now.

Excoin - Innovative Cryptocurrency Exchange - https://exco.in
buy4crypto
Sr. Member
****
Offline Offline

Activity: 434

freecrypto.top


View Profile WWW
July 01, 2014, 11:32:58 AM
 #5939

I'm actually providing a very valuable free service to the developer.

Could I ask, why don't you just PM him yourself and carry on this help directly rather than in a group discussion, which wastes a lot of time?

Because open source projects are usually discussed in a group setting, because they are open by nature. If he insist on making it private that is his prerogative and he has not chosen to do so.

SECURITY needs to be in the open? Thats a new one.

The next time I hear the Security team talking about the next big project at starbucks I'll let you know.

You are not here to help, you can help by PM'in the DEV.

Yes security typically discussed is open, especially on open source projects which this one is based on.

That is why there are services that openly report all security bugs so open source developers can read through them an attempt to fix them.

You are really showing you know very little about computer science and software development right now.

Never claimed to, I just know when I see someone with malicious intentions. You and your friend didn't take long to come up with a clever theft plot. Is it something you are familiar with? Do you use these codes to steal often? How many people have you stole from in the past?

Didn't seem to take you a long time to make a code you claim is capable of theft.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
████ - freecrypto.top - btcinfo.top - DIGITAL CURRENCY DIRECTORIES - freeMonero.comfunbtc.xyz  ████
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
techbytes
Legendary
*
Offline Offline

Activity: 1582


Point. Click. Blockchain


View Profile
July 01, 2014, 11:35:21 AM
 #5940

For a guy who claimed to be paid $75/hour, he doesn't sound too professional about it.  Sounds more like whining for attention.  So I wouldn't pay no mind to his claims.


-tb-

I actually get paid more than 75 an hour when I do security consulting, and why do I have to act professional with someone who is not paying me, lying to me, building closed source projects off open source roots to make money and has a community of greedy idiots who try to deflect any claims that there are issues.


Regardless if you are being paid or not, if you come out sounding arrogant, not too many people will listen even if your claims are true.  Telling people how much you make is meaningless in the virtual world...


-tb-

Pages: « 1 ... 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 [297] 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 ... 963 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!