Australis is such a big change in direction that the browser Mozilla currently releases as "Firefox" shouldn't be treated as a new version of the browser Mozilla used to release as Firefox, but rather as a fork. (Which, yes, implies that users shouldn't have been silently moved from one to the other -- that's something those users should've had to actively choose to do.)
In fairness, Mozilla's plan doesn't involve uploading to AMO, it involves uploading to a private repository of extensions. So rather than the entire public getting access to the extension, only Mozilla does.
It still has the potential to make developing, or at least testing, a pain in the neck though. Click through a prompt on every restart to stop programs from silently setting the pref that turns checking off? No thanks.
As I understand this, a vulnerable server can expose its private SSL key to an attacker. With this private key, I can decrypt all of its encrypted SSL traffic.
As already mentioned, it's anything in the server's memory. Or the client's, since Heartbleed affects clients too.
Now, as I understand this so far, having the private key is great, but I need to be able to MITM the connection to decrypt anything.
It depends whether the connection is using perfect forward secrecy or not. If it's using PFS, then you need an active MITM to grab the session keys, so you can't decrypt old captured traffic and you need to keep your MITM up for new traffic. If there's no PFS, then all traffic ever sent with a given SSL cert can be decrypted with access to that cert's private key. All you need is to passively sniff it, then store it for later on the off-chance you ever get (or crack) the key.
(I'm going to write a small essay on this, because it's important but very poorly documented on the web.)
Given that, you'd think PFS would be common, but according to this study it's only available on 60-70% of web servers (they don't give a precise number, just 60% that support DHE and 18% that support ECDHE, but those two sets overlap), of which 80% prefer to use cipher suites without PFS, so about half of webservers either don't support PFS or typically won't use it. Slashdot doesn't, for example. Neither does microsoft.com. I guess that's just the homepage, but then windowsupdate.microsoft.com doesn't use it either. It's not supported on outlook.com's web, IMAP, POP3, or SMTP servers. addons.mozilla.org and marketplace.firefox.com also join the club, but their main website and the Firefox update sites do PFS at least. I couldn't find a Google property that didn't do PFS.
And on top of that, of those sites that do use it, 99.3% use 1024-bit DH parameters, which essentially lowers the length of their RSA keys to 1024 bits (which affects the 80% of sites with 2048-bit or longer RSA keys).
If you want to make sure you're actually using PFS, and with decent DH parameters, you generally need to make sure to configure it. Apache does this for you automatically from 2.4.7 onwards (before that, it'll use PFS but only with 1024-bit DH parameters). A lot of other software requires being fed DH parameters manually -- for instance, Courier's IMAP/SMTP servers, ZNC, ircd-hybrid etc. (And when was the last time you configured DH parameters for a server?)
You can check if any given connection supports PFS by looking at the cipher suite in use. If it starts with DHE or ECDHE, it has PFS. (The "E" at the end stands for ephemeral; if it says DH, ECDH, or doesn't mention either of those, then there's no PFS). You can check with e.g. CipherFox in Firefox, or using the openssl command-line tools:
What I cannot get my head around is that Mozilla claims they cannot access your data (as they don't know your password) but that they are able to reset a lost password... how can that be a secure system??
They can't. You can, by decrypting all your data and then reencrypting it with a new key.
To be more specific, they can always reset your password, but if they (rather than you) do it, any data encrypted with kB will be lost. Any data encrypted with kA can be retained, because Mozilla have access to kA, which is more of an obfuscation key than an encryption key. (Currently, all data is encrypted using kB.)
Not realistically having password sync though... I didn't know that. That's, uh, unfortunate. Kinda limits the usefulness of Sync, I'd say. And apparently no info as to why other than a link to bug 986637 which is inaccessible to me:(
You can't unsend that data, but perfect forward secrecy means that old data can't be decrypted even if the SSL key leaks, and new data can only be decrypted with an active MITM.
...if only people would actually turn it on.
Of course, this particular vulnerability is even worse than just exposure of on-wire traffic. It also exposed potentially anything in memory for the past two years, including the things you didn't even want to send to other people -- and it exposed them to anybody on the internet, not just people in a position to capture all your traffic. Patching your copy of OpenSSL is certainly trivial, but dealing with all the rest of the fallout from this is most definitely not.
I'm on XP x64. This does not appear to be the case. The only stuff I don't have drivers for is stuff for which 64-bit Windows drivers don't exist at all. I don't have any hardware that's unsupported on XP x64 but is supported on Vista: either it works on XP x64, or it just plain wouldn't work on any 64-bit Windows.
(Actually, since it'll happily load unsigned drivers, I could make a reasonable claim that driver support is even better than later versions.)
Bitcoin mining has a beneficial side-effect: it makes it hard for somebody to double-spend their coins. If this wasn't hard, people could spend their coins, get whatever they paid for, then unspend their coins (by overwriting the original transaction with one where they paid those coins to themselves). Having this be hard is beneficial for a payment system.
Really? It allows Bitcoin to provide the same general service that companies like Paypal do, and a lot of people do use Paypal, which suggests they find it useful for something.
because the graph that represents all transactions ever made continues to grow exponentially and is increasing the complexity of cracking each transaction which requires more computing power and thus more energy.
No, that's not how it works: miners only have to consider the transactions they want to put into the block they're working on, not any of the transactions already in blocks. (I don't think their work even scales with the number of transactions they're considering, because an obvious optimization is to save the state of the SHA256 hashing code after you've fed the transactions in, rather than recalculate it each time.)
The point of Bitcoin is to make a payment network. It doesn't work very well as a currency, because it's not meant to be a currency. Its goal is to be a way to move dollars around, not to replace them.
You won't deal in Bitcoin directly, you'll go via somebody that handles it for you. So you don't need to worry about any complications arising from holding it for a long time, because you won't be holding any. (They won't need to worry much either, because they'll only be holding onto it for short periods and they can cover any losses from their transaction fees.)
I don't get why Bitcoin is useless without a net connection. Paypal requires an internet connection to use, and tons of people still use them -- that requirement hasn't killed them.
The Bitcoin p2p network is its infrastructure. It tracks who owns what, prevents people from spending bitcoin they don't own, or from spending it twice, prevents counterfeiting and provides compensation for the people who run it.
Does the company claim there's a reason for the numbers to go up in value? Perhaps, for instance, the numbers can be used to do the same thing as an existing service that's pulling in lots of money? And is the design and behavior of those numbers appropriate for doing that service?
If so, that's not a scam. If they hid info about the design of those numbers, and it turns out they actually aren't appropriate for providing the service the company claimed they were appropriate for, then yeah, they'd be scamming you. But if that's not the case?
Most people won't deal with Bitcoin directly, and so won't need to do any speculation. Payments will be handled by people like bitpay.com. Those people will need to speculate, but they'll only need to do it for short periods (because they only need to hold enough bitcoin to cover transactions for the next N hours) and they can cover any loses from transaction fees.
I don't think the deflationary aspect (the coin generation behavior) is a problem for its use as a payment network. The total number of bitcoins is arbitrary, and the only thing that happens when you change it is that the exchange rate changes to match.
If you reduce the total number of bitcoins available for transactions (either by destroying them, or by taking some out of circulation to speculate with them), all that happens is the exchange rate goes up, as people conduct transactions with the remaining coins. Similarly, if you increase the number available (e.g. via the per-block reward), the rate goes down as people do transactions using a larger pool of coins.
At no point does that make any difference for transactions. You can still do them just fine regardless of whether there's 21M or 210M or 0.21 BTC available for them. Who cares what number is attached to your $10 BTC transaction? It's still $10.
Deflation may well be bad for an economy, but Bitcoin is for making payments, not for being an economy.
I think the fact that the winning outcome is possible is pretty darn significant. That's enough by itself to make it not a Ponzi scheme.
As to the rest of your post... the use of absolutes in that FAQ answer was a terrible choice. It really should say "stable enough, fast enough, inexpensive enough".
bitpay.com exist and they charge a 1% transaction fee, which has to cover volatility in the exchange rate. That suggests that it's stable enough for them to do business without massive fees. Fast? Definitely not fast enough for immediate in-person transactions, especially without an internet connection available. Just use cash for those. Bitcoin doesn't have to be useful in every situation to be useful (for instance, Paypal wouldn't work well without an internet connection either, but people still use it.) If you're buying something online, the delivery time is often measured in days, so what's 20 minutes for the payment to go through?
Inexpensive... well, I can't predict miner fees, but miners will be competing for the fees, which will push them down as far as possible.
I've read that there are a large amount of Bitcoin suspected to be possessed by the really early adopters, and that will hang over Bitcoin like Damocles' sword.
What could those early adopters possibly do with all that bitcoin to stop Bitcoin from working? About the best they could do is tank the exchange rate, which would be really bad news for any day traders trying to gamble on the rate, but wouldn't actually mean anything at all for people using it for its intended use as a payment network.
Right, they accept money via Paypal... or via Bitcoin. That's the position Bitcoin occupies: not a replacement for the e.g. dollar, but a way to move your dollars around.
Late entrants provide them the money and in so doing lose theirs.... I suggest getting out of Bitcoin now.
See, this is a misconception that I've been trying to correct in this thread. You don't "get into Bitcoin" by buying up a bunch of bitcoin and sitting on it. You don't "get out of Bitcoin" by selling a bunch of bitcoin that you've been sitting on.
Bitcoin is a payment network. You use it to make payments. You don't buy bitcoin and sit on it; you buy it and then immediately send it to the person you're paying. They then sell it to convert it to whatever their normal currency is. I attempted to explain this in the post you responded to.
What you're describing is how you get into speculating on the bitcoin exchange rate. That's something completely different, and I won't stop you from getting involved in that if you want, but it's just like speculation on anything else: you might get burnt. However, if you just want to make a payment (which is what Bitcoin is for), then you don't need to do that.
Slashdot Mirror
1.1.
Australis is such a big change in direction that the browser Mozilla currently releases as "Firefox" shouldn't be treated as a new version of the browser Mozilla used to release as Firefox, but rather as a fork. (Which, yes, implies that users shouldn't have been silently moved from one to the other -- that's something those users should've had to actively choose to do.)
Do you, by any chance, have HTTPS Everywhere installed?
If so you might want to try disabling it.
In fairness, Mozilla's plan doesn't involve uploading to AMO, it involves uploading to a private repository of extensions. So rather than the entire public getting access to the extension, only Mozilla does.
It still has the potential to make developing, or at least testing, a pain in the neck though. Click through a prompt on every restart to stop programs from silently setting the pref that turns checking off? No thanks.
Because the plan totally isn't to do something pretty similar in Firefox.
As I understand this, a vulnerable server can expose its private SSL key to an attacker. With this private key, I can decrypt all of its encrypted SSL traffic.
As already mentioned, it's anything in the server's memory. Or the client's, since Heartbleed affects clients too.
Now, as I understand this so far, having the private key is great, but I need to be able to MITM the connection to decrypt anything.
It depends whether the connection is using perfect forward secrecy or not. If it's using PFS, then you need an active MITM to grab the session keys, so you can't decrypt old captured traffic and you need to keep your MITM up for new traffic. If there's no PFS, then all traffic ever sent with a given SSL cert can be decrypted with access to that cert's private key. All you need is to passively sniff it, then store it for later on the off-chance you ever get (or crack) the key.
(I'm going to write a small essay on this, because it's important but very poorly documented on the web.)
Given that, you'd think PFS would be common, but according to this study it's only available on 60-70% of web servers (they don't give a precise number, just 60% that support DHE and 18% that support ECDHE, but those two sets overlap), of which 80% prefer to use cipher suites without PFS, so about half of webservers either don't support PFS or typically won't use it. Slashdot doesn't, for example. Neither does microsoft.com. I guess that's just the homepage, but then windowsupdate.microsoft.com doesn't use it either. It's not supported on outlook.com's web, IMAP, POP3, or SMTP servers. addons.mozilla.org and marketplace.firefox.com also join the club, but their main website and the Firefox update sites do PFS at least. I couldn't find a Google property that didn't do PFS.
And on top of that, of those sites that do use it, 99.3% use 1024-bit DH parameters, which essentially lowers the length of their RSA keys to 1024 bits (which affects the 80% of sites with 2048-bit or longer RSA keys).
If you want to make sure you're actually using PFS, and with decent DH parameters, you generally need to make sure to configure it. Apache does this for you automatically from 2.4.7 onwards (before that, it'll use PFS but only with 1024-bit DH parameters). A lot of other software requires being fed DH parameters manually -- for instance, Courier's IMAP/SMTP servers, ZNC, ircd-hybrid etc. (And when was the last time you configured DH parameters for a server?)
You can check if any given connection supports PFS by looking at the cipher suite in use. If it starts with DHE or ECDHE, it has PFS. (The "E" at the end stands for ephemeral; if it says DH, ECDH, or doesn't mention either of those, then there's no PFS). You can check with e.g. CipherFox in Firefox, or using the openssl command-line tools:
$ openssl s_client -connect www.debian.org:443 | grep Cipher
Cipher : DHE-RSA-AES256-GCM-SHA384
If you point it at servers you use regularly, you'll probably be pretty depressed at the results. I know I was when I was making that list above...
Now fixed in 29! Bug 600500.
Check that out: an actual improvement in Australis.
They can't. You can, by decrypting all your data and then reencrypting it with a new key.
To be more specific, they can always reset your password, but if they (rather than you) do it, any data encrypted with kB will be lost. Any data encrypted with kA can be retained, because Mozilla have access to kA, which is more of an obfuscation key than an encryption key. (Currently, all data is encrypted using kB.)
Not realistically having password sync though... I didn't know that. That's, uh, unfortunate. Kinda limits the usefulness of Sync, I'd say. And apparently no info as to why other than a link to bug 986637 which is inaccessible to me :(
Except this still won't fix the fact that v4 is simply too small.
You can't unsend that data, but perfect forward secrecy means that old data can't be decrypted even if the SSL key leaks, and new data can only be decrypted with an active MITM.
...if only people would actually turn it on.
Of course, this particular vulnerability is even worse than just exposure of on-wire traffic. It also exposed potentially anything in memory for the past two years, including the things you didn't even want to send to other people -- and it exposed them to anybody on the internet, not just people in a position to capture all your traffic. Patching your copy of OpenSSL is certainly trivial, but dealing with all the rest of the fallout from this is most definitely not.
I'm on XP x64. This does not appear to be the case. The only stuff I don't have drivers for is stuff for which 64-bit Windows drivers don't exist at all. I don't have any hardware that's unsupported on XP x64 but is supported on Vista: either it works on XP x64, or it just plain wouldn't work on any 64-bit Windows.
(Actually, since it'll happily load unsigned drivers, I could make a reasonable claim that driver support is even better than later versions.)
Because if you use software from a software maker that doesn't follow those freedoms, then you're stuck following whatever they want.
The whole point of the freedoms is so you can do what you want with the software.
Did you miss all the RSA stories?
Whether they had a hand in this particular bug is conjecture. Whether they've had a hand in this sort of thing in general? They have.
Bitcoin mining has a beneficial side-effect: it makes it hard for somebody to double-spend their coins. If this wasn't hard, people could spend their coins, get whatever they paid for, then unspend their coins (by overwriting the original transaction with one where they paid those coins to themselves). Having this be hard is beneficial for a payment system.
Really? It allows Bitcoin to provide the same general service that companies like Paypal do, and a lot of people do use Paypal, which suggests they find it useful for something.
because the graph that represents all transactions ever made continues to grow exponentially and is increasing the complexity of cracking each transaction which requires more computing power and thus more energy.
No, that's not how it works: miners only have to consider the transactions they want to put into the block they're working on, not any of the transactions already in blocks. (I don't think their work even scales with the number of transactions they're considering, because an obvious optimization is to save the state of the SHA256 hashing code after you've fed the transactions in, rather than recalculate it each time.)
The point of Bitcoin is to make a payment network. It doesn't work very well as a currency, because it's not meant to be a currency. Its goal is to be a way to move dollars around, not to replace them.
You won't deal in Bitcoin directly, you'll go via somebody that handles it for you. So you don't need to worry about any complications arising from holding it for a long time, because you won't be holding any. (They won't need to worry much either, because they'll only be holding onto it for short periods and they can cover any losses from their transaction fees.)
I don't get why Bitcoin is useless without a net connection. Paypal requires an internet connection to use, and tons of people still use them -- that requirement hasn't killed them.
The Bitcoin p2p network is its infrastructure. It tracks who owns what, prevents people from spending bitcoin they don't own, or from spending it twice, prevents counterfeiting and provides compensation for the people who run it.
Do your catcoins have any of that?
Does the company claim there's a reason for the numbers to go up in value? Perhaps, for instance, the numbers can be used to do the same thing as an existing service that's pulling in lots of money? And is the design and behavior of those numbers appropriate for doing that service?
If so, that's not a scam. If they hid info about the design of those numbers, and it turns out they actually aren't appropriate for providing the service the company claimed they were appropriate for, then yeah, they'd be scamming you. But if that's not the case?
Most people won't deal with Bitcoin directly, and so won't need to do any speculation. Payments will be handled by people like bitpay.com. Those people will need to speculate, but they'll only need to do it for short periods (because they only need to hold enough bitcoin to cover transactions for the next N hours) and they can cover any loses from transaction fees.
I don't think the deflationary aspect (the coin generation behavior) is a problem for its use as a payment network. The total number of bitcoins is arbitrary, and the only thing that happens when you change it is that the exchange rate changes to match.
If you reduce the total number of bitcoins available for transactions (either by destroying them, or by taking some out of circulation to speculate with them), all that happens is the exchange rate goes up, as people conduct transactions with the remaining coins. Similarly, if you increase the number available (e.g. via the per-block reward), the rate goes down as people do transactions using a larger pool of coins.
At no point does that make any difference for transactions. You can still do them just fine regardless of whether there's 21M or 210M or 0.21 BTC available for them. Who cares what number is attached to your $10 BTC transaction? It's still $10.
Deflation may well be bad for an economy, but Bitcoin is for making payments, not for being an economy.
I think the fact that the winning outcome is possible is pretty darn significant. That's enough by itself to make it not a Ponzi scheme.
As to the rest of your post... the use of absolutes in that FAQ answer was a terrible choice. It really should say "stable enough, fast enough, inexpensive enough".
bitpay.com exist and they charge a 1% transaction fee, which has to cover volatility in the exchange rate. That suggests that it's stable enough for them to do business without massive fees. Fast? Definitely not fast enough for immediate in-person transactions, especially without an internet connection available. Just use cash for those. Bitcoin doesn't have to be useful in every situation to be useful (for instance, Paypal wouldn't work well without an internet connection either, but people still use it.) If you're buying something online, the delivery time is often measured in days, so what's 20 minutes for the payment to go through?
Inexpensive... well, I can't predict miner fees, but miners will be competing for the fees, which will push them down as far as possible.
I've read that there are a large amount of Bitcoin suspected to be possessed by the really early adopters, and that will hang over Bitcoin like Damocles' sword.
What could those early adopters possibly do with all that bitcoin to stop Bitcoin from working? About the best they could do is tank the exchange rate, which would be really bad news for any day traders trying to gamble on the rate, but wouldn't actually mean anything at all for people using it for its intended use as a payment network.
Right, they accept money via Paypal... or via Bitcoin. That's the position Bitcoin occupies: not a replacement for the e.g. dollar, but a way to move your dollars around.
I'm using them as an example because they do the same general thing Bitcoin is intended to do: move money around.
Bitcoin is not intended to replace the dollar -- it's intended to move your existing dollars around.
Late entrants provide them the money and in so doing lose theirs. ... I suggest getting out of Bitcoin now.
See, this is a misconception that I've been trying to correct in this thread. You don't "get into Bitcoin" by buying up a bunch of bitcoin and sitting on it. You don't "get out of Bitcoin" by selling a bunch of bitcoin that you've been sitting on.
Bitcoin is a payment network. You use it to make payments. You don't buy bitcoin and sit on it; you buy it and then immediately send it to the person you're paying. They then sell it to convert it to whatever their normal currency is. I attempted to explain this in the post you responded to.
What you're describing is how you get into speculating on the bitcoin exchange rate. That's something completely different, and I won't stop you from getting involved in that if you want, but it's just like speculation on anything else: you might get burnt. However, if you just want to make a payment (which is what Bitcoin is for), then you don't need to do that.
I'm sure they do, but "denying that you're a Ponzi scheme" isn't enough to make you a Ponzi scheme.
PayPal is not directly regulated by the US federal government, yet they seem to be fairly successful. I think this suggests that regulation isn't necessary for Paypal-like services to be successful.