Not all shorts help with price discovery. Covered shorts do, but naked shorts are just plain fraud, no matter what excuses the clearinghouses come up with.
In case some of you missed it, the public input wasn't a vote. It doesn't matter who or how many said they wanted it or they should get rid of it. The public comment period was seeking novel legal arguments.
The last time I did any serious research on this, that notion was accepted but hadn't ever been tested. Since it is the basis of trillions of dollars worth of economic activity, it is unlikely that any court could ever issue a sane ruling on the topic.
It is a farce. Such a scheme is not compatible with copyright as the framers understood it. Holding a book up to a mirror is just as much a copy as charging some capacitors, and just as much not what anyone could have meant by "copy" in copyright.
My understanding is that they were uploading. Some of them possibly "settled" when they got the extortion letter. If there is a court case showing a ruling on a pure downloader, please cite it for me. I haven't heard of one.
A mining pool can make small payouts directly in the generation transaction. Large payouts can wait. I'm guessing that if you took a vote of the people who lost their funds, they would have preferred a 48-hour delay for large payments over losing everything.
The keys are not "out there" in any meaningful sense. We can't even list them, much less check them or store them.
One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)
Given that k = 1.38e-16 erg/degree Kelvin, and that the ambient temperature of the universe is 3.2 degree Kelvin, an ideal computer running at 3.2 degree K would consume 4.4e-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.
Now, the annual energy output of our sun is about 1.21e41 ergs. This is enough to power about 2.7e56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.
But that's just one star, and a measly one at that. A typical supernova releases something like 10^51 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.
These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.
You started too late. You should have taught him what you wanted him to know before his teachers taught him what the RIAA and MPAA wanted him to know.
Also, you didn't format shift it, you downloaded it, and that download was not fair use.
The good news is that I don't think you did anything illegal. Copyright infringement involves making a copy without a license to make copies, which you did not do, and could not do, since you didn't have a copy in the first place.
Now, if you made a copy of the copy you downloaded, that might be something you could be sued for. But it isn't illegal unless you are making unlicensed copies commercially.
Back when bitcoin went over a dollar for the first time, I noticed that people were unusually willing to steal it. For your own personal safety, you should absolutely not draw attention to your possession of bitcoin. If you do, you will be targeted. Not just drivebys and portscans, but actual they-are-after-me targeted.
If you are unable to create distance between your identity and your identity as a bitcoin holder, like if you are doing a public project involving bitcoin, you absolutely positively must not let your security be amateur shit.
The first thing you must do is establish ironclad multilayer operational security. If you don't know what that is, or don't know what it means in a bitcoin project, stop - you are not tall enough for this ride. That is actually intended to be a bit less offensive than it sounds at first. It just means that you are too young (inexperienced) to have good odds.
There is no reason to have 10 bitcoins in an online wallet, much less 4600. Those keys should be printed on paper in a N-of-M scheme and distributed to the people who will be authorizing transactions.
Yes, people should be processing transactions of that size, not computers. Ideally, the never-online signing computer software would print out the candidate transaction in a format that puts the recipient addresses and amounts in the exact same location as the request sheet so that you can visually diff the two (hold them up to a strong light to make sure they are the same) before unlocking the key and passing it on to the next signing agent.
Never-online? Yup, there should be no electronic communication between the computer that occasionally has the signing keys decrypted in memory and the rest of the world. There are Free (and free) options for generating barcodes and QR codes and hardware scanners that can read them as keyboard input or virtual character device input. Generate the payment online, print it as a QR code. Scan it on the signing computer. Verify the transaction (human job!) Scan the key, type the passphrase to decrypt it. The signing computer can then print the signed or partially signed transaction as another QR code that you can take back to the online computer for sending (or sending to the next signer).
If your security plan is not at least this good, you should under no circumstances be handing bitcoin that doesn't wholly belong to you and that you aren't willing to lose.
On the other hand, it seems like millions of dollars of bitcoins get stolen from fools every few months and no one seems to care, so maybe I'm wrong and the level of "security" seen in the field is exactly right.
It is either 1 or 2 "factors" depending on user choice. That it isn't obvious says a lot about the uselessness of that system for classifying authentication schemes.
I didn't really explain how the blockchain figured into it, but after that it is a textbook-standard public key authentication system with some dress-up for the web. We could do it today if we wanted to.
The blockchain part is for key management, also known as "the hard part of PKI". Basically, you only need to communicate one identifier to everyone you do business with. You don't need to tell them when you revoke a key and you don't need to trust them to keep your key safe. You could use the same key for everyone, or different keys, and it makes no difference.
Namecoin allows decentralized registration of identities and allows people to publicly attach metadata to them. You register a name and you own it as long as you keep renewing it, which is dirt cheap and getting cheaper over time (which was by design). Any time you want to, you can update the metadata attached to it, which is a JSON structure of arbitrary complexity. No third party can take it from you, or override your choice of what data to attach to it.
Basically, you would open an account with your bank, and tell them that you have already registered id/PhantomHarlock. They would give you specs for a public key pair and a subidentifier. You'd create a private key to their requirements and publish the corresponding public key under the subidentifier they will be looking for.
When you go to log in, you type in your username and their system consults the global distributed database. It finds the subidentifier they are looking for and makes a note of the public key you list.
Then, it creates a random challenge, signs it with the bank's key, encrypts it with your pubkey and sends it to you. You decrypt it, verify the signature and now have a one-time password you can use to log in to the site. You know that it came from the bank because it was signed with their key, and they know that you are using it because you had to decrypt it with your key.
Most of this can be automated. A browser plugin could pop up a box that you paste the challenge into, or it could be marked on the page in some way so that your browser can find it without your help. Much like SSL now, it could just pop up a box that says "You have received a challenge from XYZ corp. One of their published domain names matches the website you are on right now. Please enter the password for your private key store if you wish to log in." For the user it could easily be made to act very much like any other password safe plugins.
You've apparently never made your own tattoo artwork then. They photocopy it onto special paper, transfer the ink to your skin, then trace over it with the tattoo gun. Basically two xerox machines involved, one of which you don't want dating your daughter.
I just claimed zero basis cost when I reported the ones I've sold, and I didn't deduct anything for power or equipment. It was all straight long term capital gains at the price I sold them for.
I'd love to get audited. Figuring out the basis and expenses is trivial. Tedious, but trivial. It wasn't worth my time to figure it out, but if the IRS wants to send someone around to figure out how much they owe me in overpaid taxes, I'm game.
Something that we agree on! I never thought I'd see the day.
Ideally, they'd sign all of their output with a hash of their firmware too. Having source code "similar" to what is actually running on the device is not enough.
If I'm reading you right, you are saying that the Nazis were only pretending to hate the Jews as a public rationalization to cover up their opportunism? Is it too late for you to get a refund from your "university"?
Holy shit! President Trump has magical abilities. For something like 100 years, the left has consistently pretended that the 10th Amendment applies to nothing, ever. Less than a year into his first term and the Communists have not only discovered Federalism, they've decided that they were always in favor of it!
Slashdot Mirror
Not all shorts help with price discovery. Covered shorts do, but naked shorts are just plain fraud, no matter what excuses the clearinghouses come up with.
In case some of you missed it, the public input wasn't a vote. It doesn't matter who or how many said they wanted it or they should get rid of it. The public comment period was seeking novel legal arguments.
I tried hypnosis. It didn't work. My hypnotherapist's new boat is nice though.
Slashdot: Bitcoin, Network Neutrality and mdsolar's rants. Oh, and occasionally a story about Apple or Tesla.
The last time I did any serious research on this, that notion was accepted but hadn't ever been tested. Since it is the basis of trillions of dollars worth of economic activity, it is unlikely that any court could ever issue a sane ruling on the topic.
It is a farce. Such a scheme is not compatible with copyright as the framers understood it. Holding a book up to a mirror is just as much a copy as charging some capacitors, and just as much not what anyone could have meant by "copy" in copyright.
My understanding is that they were uploading. Some of them possibly "settled" when they got the extortion letter. If there is a court case showing a ruling on a pure downloader, please cite it for me. I haven't heard of one.
What nonsense are you talking about?
A mining pool can make small payouts directly in the generation transaction. Large payouts can wait. I'm guessing that if you took a vote of the people who lost their funds, they would have preferred a 48-hour delay for large payments over losing everything.
The keys are not "out there" in any meaningful sense. We can't even list them, much less check them or store them.
Schneier:
You started too late. You should have taught him what you wanted him to know before his teachers taught him what the RIAA and MPAA wanted him to know.
Also, you didn't format shift it, you downloaded it, and that download was not fair use.
The good news is that I don't think you did anything illegal. Copyright infringement involves making a copy without a license to make copies, which you did not do, and could not do, since you didn't have a copy in the first place.
Now, if you made a copy of the copy you downloaded, that might be something you could be sued for. But it isn't illegal unless you are making unlicensed copies commercially.
Back when bitcoin went over a dollar for the first time, I noticed that people were unusually willing to steal it. For your own personal safety, you should absolutely not draw attention to your possession of bitcoin. If you do, you will be targeted. Not just drivebys and portscans, but actual they-are-after-me targeted.
If you are unable to create distance between your identity and your identity as a bitcoin holder, like if you are doing a public project involving bitcoin, you absolutely positively must not let your security be amateur shit.
The first thing you must do is establish ironclad multilayer operational security. If you don't know what that is, or don't know what it means in a bitcoin project, stop - you are not tall enough for this ride. That is actually intended to be a bit less offensive than it sounds at first. It just means that you are too young (inexperienced) to have good odds.
There is no reason to have 10 bitcoins in an online wallet, much less 4600. Those keys should be printed on paper in a N-of-M scheme and distributed to the people who will be authorizing transactions.
Yes, people should be processing transactions of that size, not computers. Ideally, the never-online signing computer software would print out the candidate transaction in a format that puts the recipient addresses and amounts in the exact same location as the request sheet so that you can visually diff the two (hold them up to a strong light to make sure they are the same) before unlocking the key and passing it on to the next signing agent.
Never-online? Yup, there should be no electronic communication between the computer that occasionally has the signing keys decrypted in memory and the rest of the world. There are Free (and free) options for generating barcodes and QR codes and hardware scanners that can read them as keyboard input or virtual character device input. Generate the payment online, print it as a QR code. Scan it on the signing computer. Verify the transaction (human job!) Scan the key, type the passphrase to decrypt it. The signing computer can then print the signed or partially signed transaction as another QR code that you can take back to the online computer for sending (or sending to the next signer).
If your security plan is not at least this good, you should under no circumstances be handing bitcoin that doesn't wholly belong to you and that you aren't willing to lose.
On the other hand, it seems like millions of dollars of bitcoins get stolen from fools every few months and no one seems to care, so maybe I'm wrong and the level of "security" seen in the field is exactly right.
As we all saw last year, there is nothing democratic about the Democrat party.
SSL involves trusting a few thousand third parties. The system I described would have zero. That would be worth the price of admission by itself.
Second benefit: you can change your key just by updating your public record. No need to contact the other party and let them know.
Third benefit: no one but you can change your key.
It is either 1 or 2 "factors" depending on user choice. That it isn't obvious says a lot about the uselessness of that system for classifying authentication schemes.
I didn't really explain how the blockchain figured into it, but after that it is a textbook-standard public key authentication system with some dress-up for the web. We could do it today if we wanted to.
The blockchain part is for key management, also known as "the hard part of PKI". Basically, you only need to communicate one identifier to everyone you do business with. You don't need to tell them when you revoke a key and you don't need to trust them to keep your key safe. You could use the same key for everyone, or different keys, and it makes no difference.
Namecoin allows decentralized registration of identities and allows people to publicly attach metadata to them. You register a name and you own it as long as you keep renewing it, which is dirt cheap and getting cheaper over time (which was by design). Any time you want to, you can update the metadata attached to it, which is a JSON structure of arbitrary complexity. No third party can take it from you, or override your choice of what data to attach to it.
There is no third party that needs to be trusted.
Basically, you would open an account with your bank, and tell them that you have already registered id/PhantomHarlock. They would give you specs for a public key pair and a subidentifier. You'd create a private key to their requirements and publish the corresponding public key under the subidentifier they will be looking for.
When you go to log in, you type in your username and their system consults the global distributed database. It finds the subidentifier they are looking for and makes a note of the public key you list.
Then, it creates a random challenge, signs it with the bank's key, encrypts it with your pubkey and sends it to you. You decrypt it, verify the signature and now have a one-time password you can use to log in to the site. You know that it came from the bank because it was signed with their key, and they know that you are using it because you had to decrypt it with your key.
Most of this can be automated. A browser plugin could pop up a box that you paste the challenge into, or it could be marked on the page in some way so that your browser can find it without your help. Much like SSL now, it could just pop up a box that says "You have received a challenge from XYZ corp. One of their published domain names matches the website you are on right now. Please enter the password for your private key store if you wish to log in." For the user it could easily be made to act very much like any other password safe plugins.
Wake me when they start shipping laptops with it physically removed or burned out.
You've apparently never made your own tattoo artwork then. They photocopy it onto special paper, transfer the ink to your skin, then trace over it with the tattoo gun. Basically two xerox machines involved, one of which you don't want dating your daughter.
I just claimed zero basis cost when I reported the ones I've sold, and I didn't deduct anything for power or equipment. It was all straight long term capital gains at the price I sold them for.
I'd love to get audited. Figuring out the basis and expenses is trivial. Tedious, but trivial. It wasn't worth my time to figure it out, but if the IRS wants to send someone around to figure out how much they owe me in overpaid taxes, I'm game.
Something that we agree on! I never thought I'd see the day.
Ideally, they'd sign all of their output with a hash of their firmware too. Having source code "similar" to what is actually running on the device is not enough.
Somewhere between an all-nighter and a long weekend.
I think I've found my candidate for the 2017 Poe's Law Award.
Maybe, maybe not. But his "spiral of violence" idea is pure fiction.
His daddy? Fidel Castro?
Government employees shouldn't be doing that shit at work anyway. Just block those services to government IPs entirely.
Meanwhile, in reality... gun ownership - way, way up. crime - way, way down.
If I'm reading you right, you are saying that the Nazis were only pretending to hate the Jews as a public rationalization to cover up their opportunism? Is it too late for you to get a refund from your "university"?
Holy shit! President Trump has magical abilities. For something like 100 years, the left has consistently pretended that the 10th Amendment applies to nothing, ever. Less than a year into his first term and the Communists have not only discovered Federalism, they've decided that they were always in favor of it!