There's an entire branch of formal language theory and information security dedicated towards making grammar explicit and unexploitable by reentrance issues like these. It's called language-theoretic security, or langsec for short.
This is actually a solved problem and Etherium if it was made by smart people could have structured its contracts in a manner that was subject to formal verification. It was not made by smart people, and formal verification is impossible. They did not consult with langsec experts or read any of the relevant papers to prevent parse tree differential attacks before wrapping hundreds of millions of dollars of deposits in this thing. What they have done is a level of negligence that should be criminal.
The effective market value of all of Etherium is $0 when people understand this. It cannot be secured as it was written by the developers. Smart contracts are an interesting idea and could happen in the future-- but not without roots of formal verification. This is a fraud as big as Theranos at this point.
I didn't put my personal politics at the forefront of my rhetoric when I was fighting my case, because the potential legal precedents involved were too important to have them overshadow it. We were talking about the future of everyone who uses a computer. It was important enough for the EFF and the world's most important legal scholars on the subject of computer crime to take up their pens on. I didn't want to disrespect their work at the time, so I bit my tongue and kept many of my thoughts to myself.
Now I am no longer fighting my case. No precedent that affects us all is on the line. I no longer have an obligation to keep my thoughts to myself, and thus speak them freely.
Those new blockchains are not Bitcoin. Bitcoin is not just a blockchain-- it is a specific implementation that uses a blockchain to implement a distributed currency with no central authority. The technology of the blockchain may have other applications (I myself am doubtful of your vision of its deployment in the financial industry) but the selling point of Bitcoin is a currency that courts can't take from you without your consent or at least the compromise of your keys.
https://www.eff.org/cases/us-v...
This case was me. I incremented a number at the end of a public URL and did 15 months in prison, and am only out now because of a successful federal criminal appeal. The government has been harassing me for 15 years.
That's nice. Bitcoin's only selling point is evading those centralized government economic controls. If it no longer does that, Visa is clearly superior to it.
Histrionic whining on Medium and Reddit is not the proper way to present engineering solutions. Their campaign looks more like some sort of intelligence operation than a patch submission. There's a reason for this: it is.
I have a lot of skin in the game on this issue. I am a target of the United States government, and as such I have a very hard time receiving money. It doesn't matter that I have left the United States because of continuing persecution there. Their control over wire transfers between all countries with Rothschild banks is complete. The United States seizes money on lawful transactions between EU states over things as insignificant as Cuban cigars, despite none of the countries involved participating in the US embargo against Cuba. I've had my bank accounts, payment processing services, and brokerage accounts shut off. Bitcoin is the only way I can engage with any financial services. If it is centralized and subject to controls similar to SWIFT wires and credit card processing, my continued existence would no longer be feasible. Bitcoin is the the most important development in human rights in centuries.
Here's the facts: Gavin Andresen and Mike Hearn want you to switch to something called Bitcoin XT or Bitcoin Unlimited or some other fork of Bitcoin that is under unilateral control so that they can centralize Bitcoin to a dangerous degree-- enough to put it under the control of a government hostile to liberty like the United States. While they do this, they hilariously complain about "oppression" and "censorship" on forums that clean away their bullshit altcoin spam postings.
There are two likely incentives for doing this:
1) They have placed short positions against Bitcoin.
2) They are funded by people that wish to see Bitcoin less free.
Now reflect for a moment that the only major industry supporter of the Bitcoin XT proposal is Coinbase whose gigantic series C round was lead by the New York Stock Exchange. I doubt their financial interests are aligned with a free and unregulated global marketplace.
The good news is that they seem to have lost most of this battle. Consensus on the network is determined by the nodes people run on it. Bitcoin XT only has about 500 nodes. Bitcoin Core, the real Bitcoin software, has about ten times that. The majority of the mining capacity is in China, and Chinese people have little incentive to centralize Bitcoin for the convenience of US intelligence and enforcement organizations. So I must celebrate China's shrewd rejection of XT today.
If you love liberty you should call XT's shilling and spamming out for what it is. If you are invested in Bitcoin you also must do so. If XT gets their way and centralizes Bitcoin, Bitcoin will lose its primary feature of freedom from centralized authorities and thus lose its source of value. You can also support Bitcoin's continued freedom by running a full Bitcoin Core node, and buying and saving Bitcoin.
Bitcoin transaction fees going up is not the end of the world. It's good for miners, and necessary to protect a limited resource like space on the blockchain. I'm willing to pay higher fees to see Bitcoin stay free from government control (and we're literally talking transaction fees of a few extra cents here), and everyone else who loves Bitcoin should be so willing as well.
In June of 2010 there was an AT&T API that published less sensitive customer data (ICC-ID and customer email) on the public Internet. I took a sample of this data from this public web server and gave it to a journalist to highlight AT&T's negligence with its customer's information. For this I lost 3 years of my life, 2 after having been kidnapped in a foreign territory being unable to return home and another 15 months counting extradition time in various jails and prisons.
That no one from AT&T is subject to a criminal penalty here is a big pile of fucking bullshit.
I will personally bet a Bitcoin that there will be client products affected within a week. Oberhumer, you willing to take my bet? Is anyone else?
Watching these idiots line up to say this isn't exploitable is giving me deja vu for GOBBLES back in the day.
I am frequently part of a Nagios on-call rotation. I brought a netbook with me nearly everywhere I went to respond to outages. I use them because they are light and I don't have to worry about the cost of them if they get stolen or ruined in a bike crash. I've been through 3 of them so far.
Dell's keyboard was absolutely awful for syntax-heavy shell operations. I write a dizzying sequence of regular expressions as part of regular maintenance operations, complicated by frequent escapes because I typically was so goddamned drunk that if I used quotes I would forget whether I was nesting quotes or not, or if I was in the middle of a quoted string at all. Dell's keyboard was absolutely unbearable, and I could not use it to write bash while wasted at a bar with dead in the water infrastructure which is basically the single most important function of a netbook.
I spent about 3 weeks with a Dell netbook because the CFO of our company said we were going all-Dell because we got some pittance of a discount. I said I would no longer be on-call until I got an Acer Aspire One (best shellscripting netbook keyboard, hands down) and it was about 3 days until one got ordered. This doesn't even begin to touch the idiocy of the Dell-only rule, as I'm sure plenty of/.ers are familiar with dysfunctionality of Dell's networking, SAN and NAS offerings which cannot be so cheaply replaced as a netbook.
Anyways, Dell got out of this market because nobody wanted to buy their garbage netbooks, with good reason. In fact, the only computer from a major manufacturer that I can tolerate in this size/weight profile is the Macbook Air-- and it doesn't even remotely begin to compete on price. Losing/wrecking a $300 device is one thing, when an identically configured machine costs $1400 its a much bigger deal.
Rob, I'm sorry about all those times we terrorized your network with banbots and the DCC SEND exploit.
I'm sorry that after Grog took over freenode by convincing you he was Greg Lehey of FreeBSD I took the liberty of impersonating your caller ID and voice to shout obscenities and insults on Greg's voicemail.
Yes, because a couple hours of work ruining a target we disliked was really the sole limit of our contribution to humanity. I'm sure as a snarky comment poster on slashdot you are perfectly capable of auditing code for 0-day vulnerabilities and then writing exploits for said vulnerabilities. Then you'd be perfectly capable of using them to root a box on the same switch as a freenode server and using ARP spoofing to play man-in-the-middle to all incoming connections. Petty tricks like these are surely not useful except for ruining Rob Levin! We should be ashamed at our lack of skill.
We are deputized by merit to punish the meritless. Your lack of perspective leads you to view us as wrongdoers. I assure you that the service which we provide humanity is a net positive boon. Systems without conflict or purgings become uselessly weak.
Rob Levin is a failure. He and his wife refuse to work. They are currently sucking off the teat of the federal government collecting disability for ADHD. He is a vile, disgusting example of modern American worthlessness and a sane society would expel him or put him in a work camp.
In #bantown we have two EFnet server operators. As we sat there ruining freenet they were amazed how we had managed to get that far. On EFnet, oper blocks are for one specific host and all oper hosts are spoofed so you have to figure out the box that a given oper is on and root it before getting any further. lilo's host was bound to *@*, leaving his network ripe for our taking. EFnet, despite being what lilo calls a "normal IRC experience" is thousands of times safer and more stable than Freenode. The man should learn to run an IRC network before he asks people to pay him for it.
PS, lilo: I still have root on a server that's on the same switch as one of your precious Freenode servers. Next we'll be arpmitm'ing and spoofing the C/N lines to link in a hacked server. I'll let you have fun running around trying to guess which one that server is.
You have three days to post "I have been trolled by Bantown" on global notice.
Doesn't matter if he's using TLS/SSL if his client isn't checking preshared keys. My "open" AP runs through a linux router which plays man in the middle upon all ssl traffic.:D
You misspelled aempirei. He's also known as Christopher Abad, and has been featured on Slashdot before for his contributions to the security community. Something tells me such a respect figure among whitehat hackers would not have much to do with some blog defacements.
Maybe you should stop blaming the actions of everyone who idles in that channel on a small minority of their non-livejournal-using denizens.
Here's betting this will be released in Windows Media DRM-laden formats that are next to worthless. I'll be impressed when they start releasing xvids over bittorrent.
Slashdot Mirror
There's an entire branch of formal language theory and information security dedicated towards making grammar explicit and unexploitable by reentrance issues like these. It's called language-theoretic security, or langsec for short.
http://langsec.org/
This is actually a solved problem and Etherium if it was made by smart people could have structured its contracts in a manner that was subject to formal verification. It was not made by smart people, and formal verification is impossible. They did not consult with langsec experts or read any of the relevant papers to prevent parse tree differential attacks before wrapping hundreds of millions of dollars of deposits in this thing. What they have done is a level of negligence that should be criminal.
The effective market value of all of Etherium is $0 when people understand this. It cannot be secured as it was written by the developers. Smart contracts are an interesting idea and could happen in the future-- but not without roots of formal verification. This is a fraud as big as Theranos at this point.
I am home, I'm an Abkhazian now. It's nice here. Hottest women you'll ever see.
Not that it is really relevant to this discussion, but my political views did not change when I was in prison. Here's an entry from my blog from 2008 demonstrating my long-held views, as well as a Fortune magazine article from 2010.
I didn't put my personal politics at the forefront of my rhetoric when I was fighting my case, because the potential legal precedents involved were too important to have them overshadow it. We were talking about the future of everyone who uses a computer. It was important enough for the EFF and the world's most important legal scholars on the subject of computer crime to take up their pens on. I didn't want to disrespect their work at the time, so I bit my tongue and kept many of my thoughts to myself.
Now I am no longer fighting my case. No precedent that affects us all is on the line. I no longer have an obligation to keep my thoughts to myself, and thus speak them freely.
Those new blockchains are not Bitcoin. Bitcoin is not just a blockchain-- it is a specific implementation that uses a blockchain to implement a distributed currency with no central authority. The technology of the blockchain may have other applications (I myself am doubtful of your vision of its deployment in the financial industry) but the selling point of Bitcoin is a currency that courts can't take from you without your consent or at least the compromise of your keys.
https://www.eff.org/cases/us-v... This case was me. I incremented a number at the end of a public URL and did 15 months in prison, and am only out now because of a successful federal criminal appeal. The government has been harassing me for 15 years.
That's nice. Bitcoin's only selling point is evading those centralized government economic controls. If it no longer does that, Visa is clearly superior to it.
They're at it again. Bitcoin XT/Unlimited/Classic developers are shilling emotionally charged rhetoric declaring the failure of Bitcoin. These blog posts are promoted by their connections in the (((international media))) to try to spread fear, uncertainty, and doubt around the status of Bitcoin and bully people into accepting their suicidal "solutions" to problems that don't really exist involving block size limits.
Histrionic whining on Medium and Reddit is not the proper way to present engineering solutions. Their campaign looks more like some sort of intelligence operation than a patch submission. There's a reason for this: it is.
I have a lot of skin in the game on this issue. I am a target of the United States government, and as such I have a very hard time receiving money. It doesn't matter that I have left the United States because of continuing persecution there. Their control over wire transfers between all countries with Rothschild banks is complete. The United States seizes money on lawful transactions between EU states over things as insignificant as Cuban cigars, despite none of the countries involved participating in the US embargo against Cuba. I've had my bank accounts, payment processing services, and brokerage accounts shut off. Bitcoin is the only way I can engage with any financial services. If it is centralized and subject to controls similar to SWIFT wires and credit card processing, my continued existence would no longer be feasible. Bitcoin is the the most important development in human rights in centuries.
Here's the facts: Gavin Andresen and Mike Hearn want you to switch to something called Bitcoin XT or Bitcoin Unlimited or some other fork of Bitcoin that is under unilateral control so that they can centralize Bitcoin to a dangerous degree-- enough to put it under the control of a government hostile to liberty like the United States. While they do this, they hilariously complain about "oppression" and "censorship" on forums that clean away their bullshit altcoin spam postings.
There are two likely incentives for doing this:
1) They have placed short positions against Bitcoin.
2) They are funded by people that wish to see Bitcoin less free.
Now reflect for a moment that the only major industry supporter of the Bitcoin XT proposal is Coinbase whose gigantic series C round was lead by the New York Stock Exchange. I doubt their financial interests are aligned with a free and unregulated global marketplace.
The good news is that they seem to have lost most of this battle. Consensus on the network is determined by the nodes people run on it. Bitcoin XT only has about 500 nodes. Bitcoin Core, the real Bitcoin software, has about ten times that. The majority of the mining capacity is in China, and Chinese people have little incentive to centralize Bitcoin for the convenience of US intelligence and enforcement organizations. So I must celebrate China's shrewd rejection of XT today.
If you love liberty you should call XT's shilling and spamming out for what it is. If you are invested in Bitcoin you also must do so. If XT gets their way and centralizes Bitcoin, Bitcoin will lose its primary feature of freedom from centralized authorities and thus lose its source of value. You can also support Bitcoin's continued freedom by running a full Bitcoin Core node, and buying and saving Bitcoin.
Bitcoin transaction fees going up is not the end of the world. It's good for miners, and necessary to protect a limited resource like space on the blockchain. I'm willing to pay higher fees to see Bitcoin stay free from government control (and we're literally talking transaction fees of a few extra cents here), and everyone else who loves Bitcoin should be so willing as well.
In June of 2010 there was an AT&T API that published less sensitive customer data (ICC-ID and customer email) on the public Internet. I took a sample of this data from this public web server and gave it to a journalist to highlight AT&T's negligence with its customer's information. For this I lost 3 years of my life, 2 after having been kidnapped in a foreign territory being unable to return home and another 15 months counting extradition time in various jails and prisons.
That no one from AT&T is subject to a criminal penalty here is a big pile of fucking bullshit.
That's a great question, best buy it when you make the bet to hedge the risk.
I will personally bet a Bitcoin that there will be client products affected within a week. Oberhumer, you willing to take my bet? Is anyone else? Watching these idiots line up to say this isn't exploitable is giving me deja vu for GOBBLES back in the day.
http://science.slashdot.org/story/11/11/15/1635240/nows-your-chance-to-apply-as-an-astronaut
wtg, its like CmdrTaco days up in here
I am frequently part of a Nagios on-call rotation. I brought a netbook with me nearly everywhere I went to respond to outages. I use them because they are light and I don't have to worry about the cost of them if they get stolen or ruined in a bike crash. I've been through 3 of them so far.
/.ers are familiar with dysfunctionality of Dell's networking, SAN and NAS offerings which cannot be so cheaply replaced as a netbook.
Dell's keyboard was absolutely awful for syntax-heavy shell operations. I write a dizzying sequence of regular expressions as part of regular maintenance operations, complicated by frequent escapes because I typically was so goddamned drunk that if I used quotes I would forget whether I was nesting quotes or not, or if I was in the middle of a quoted string at all. Dell's keyboard was absolutely unbearable, and I could not use it to write bash while wasted at a bar with dead in the water infrastructure which is basically the single most important function of a netbook.
I spent about 3 weeks with a Dell netbook because the CFO of our company said we were going all-Dell because we got some pittance of a discount. I said I would no longer be on-call until I got an Acer Aspire One (best shellscripting netbook keyboard, hands down) and it was about 3 days until one got ordered. This doesn't even begin to touch the idiocy of the Dell-only rule, as I'm sure plenty of
Anyways, Dell got out of this market because nobody wanted to buy their garbage netbooks, with good reason. In fact, the only computer from a major manufacturer that I can tolerate in this size/weight profile is the Macbook Air-- and it doesn't even remotely begin to compete on price. Losing/wrecking a $300 device is one thing, when an identically configured machine costs $1400 its a much bigger deal.
Rob, I'm sorry about all those times we terrorized your network with banbots and the DCC SEND exploit.
I'm sorry that after Grog took over freenode by convincing you he was Greg Lehey of FreeBSD I took the liberty of impersonating your caller ID and voice to shout obscenities and insults on Greg's voicemail.
I'm sorry that you never learned to use SSL or SSH and we pulled your oper block password off the wire.
I'm sorry about the time I pulled all your docs, released your SSN on the full-disclosure mailing list and gave your credit cards and checking account number to third world hustlers. That was really mean.
Most of all, I'm sorry you're dead because I'll have to find someone new to troll.
RIP Rob Levin, trolled to death by car.
Yes, because a couple hours of work ruining a target we disliked was really the sole limit of our contribution to humanity. I'm sure as a snarky comment poster on slashdot you are perfectly capable of auditing code for 0-day vulnerabilities and then writing exploits for said vulnerabilities. Then you'd be perfectly capable of using them to root a box on the same switch as a freenode server and using ARP spoofing to play man-in-the-middle to all incoming connections. Petty tricks like these are surely not useful except for ruining Rob Levin! We should be ashamed at our lack of skill.
We are deputized by merit to punish the meritless. Your lack of perspective leads you to view us as wrongdoers. I assure you that the service which we provide humanity is a net positive boon. Systems without conflict or purgings become uselessly weak.
Rob Levin is a failure. He and his wife refuse to work. They are currently sucking off the teat of the federal government collecting disability for ADHD. He is a vile, disgusting example of modern American worthlessness and a sane society would expel him or put him in a work camp.
Oh yes, I'll just give you a link to some IRC logs that incriminate my friends.
Just FYI: the services database wasn't compromised. Rob wasn't connecting via SSL and his oper password was sniffed off the wire.
In #bantown we have two EFnet server operators. As we sat there ruining freenet they were amazed how we had managed to get that far. On EFnet, oper blocks are for one specific host and all oper hosts are spoofed so you have to figure out the box that a given oper is on and root it before getting any further. lilo's host was bound to *@*, leaving his network ripe for our taking. EFnet, despite being what lilo calls a "normal IRC experience" is thousands of times safer and more stable than Freenode. The man should learn to run an IRC network before he asks people to pay him for it.
PS, lilo: I still have root on a server that's on the same switch as one of your precious Freenode servers. Next we'll be arpmitm'ing and spoofing the C/N lines to link in a hacked server. I'll let you have fun running around trying to guess which one that server is.
You have three days to post "I have been trolled by Bantown" on global notice.
Doesn't matter if he's using TLS/SSL if his client isn't checking preshared keys. My "open" AP runs through a linux router which plays man in the middle upon all ssl traffic. :D
They're hiding the cure for NAS! Quick, Ice-T, broadcast it to the whole world!
You misspelled aempirei. He's also known as Christopher Abad, and has been featured on Slashdot before for his contributions to the security community. Something tells me such a respect figure among whitehat hackers would not have much to do with some blog defacements.
Maybe you should stop blaming the actions of everyone who idles in that channel on a small minority of their non-livejournal-using denizens.
This release was so bad that Debian pulled it, in its entirety, out of testing for 3 days straight. I did a dist upgrade and everything KDE went away.
Been a KDE user for a long time, but 3.5 is half-baked and should not have been released except as an alpha.
Here's betting this will be released in Windows Media DRM-laden formats that are next to worthless. I'll be impressed when they start releasing xvids over bittorrent.
Except that FAT is the filesystem used on countless devices including USB storage.
I've heard this myth repeated on slashdot many times, but never seen any evidence of it being implemented in the wild.