The current block reward is 25 * $577 = $14,425. This is huge compared to the current transactions fees.
Yes, it is huge compared to today's transaction fees. But mining fees will continue for some time yet. The bet is by the time they become insignificant mining fees won't be so small. A clue is the credit card network current roughly 10,000 transaction per second. If bitcoin managed that at 0.6c per kilobyte (the fee bitcoin relays demand) mining fees would be $72,000 per block.
To gain an insight into the odds of that happening, Paypal processes around 9 million transactions per day, or 100 per second. Paypal's revenues were $6.6 billion last year. That translates to Paypal making over $2 per transaction. Bitcoin doesn't offer the same service of course, but it currently charges $0.002 for a single transaction. (A transaction takes roughly 360 bytes).
remember that Bitcoin isn't the only game in town and miners can switch to mining an altcoin if they're not satisfied with the way "bitcoin is supposed to work".
You forget there are users of these coins - be they bitcoins or altcoins. In the end it is the users that pay the mining costs, be they transaction fees or mining rewards. In a word of competing altcoins, this translates to only the users having a vote on what the best set of rules are. What the miners think of the rules is largely immaterial. If you think this isn't true, try and set up a altcoin with spectacular miners rewards and see how many users you get. Maybe you will succeed where all other altcoin founders have failed.
The bitcoin foundation seems to be very aware of this underlying reality, and is behaving accordingly.
and you really think all that effort in mining is going to be maintained once the coin pool is exhausted and they are only competing for transaction fees?
Just about all mining is done using ASIC now, and ASIC's are in an unenviable position. Unlike CPU's and GPU's or even FPGA's, they are utterly useless outside of bitcoin. So they will remain deployed until they cost more in power to run than they get in mining fees. This means the current mining power isn't going away any time soon.
Botnet's can earn a return from a variety of sources, not just mining. So the question becomes "is it worth competing against the ASIC's"? In terms of power cost a top end Intel CPU's is roughly 100,000 worse than an ASIC. So even if some miners drop out Botnet's are unlikely to win more than a minor percentage. If the rewards of mining have dropped so much that ASIC's are dropping out, then it's a minor percentage of a small number. Add to that mining's soaking up 100% of CPU time makes an infection by the bot stand out, which decreases the half life of your botnet... and yeah, I expect it will continue even when there are only transaction fees.
Then there is the whole other question of "does it matter?" If a botnet does take over the mining pool, there is the little issue that bitcoin is intrinsically worth nothing. It's not like they have taken over a pot of gold. Bitcoin is only worth something if people trust it. So if they don't undermine it, they have something that will pay out forever. If they do undermine it, they have got control of 2^51 bits that no one in the right mind would buy and their source of transaction fees has dried up.
It's weird actually. Claiming bitcoin can never succeed because it is worth nothing has to be one of the more popular meme's. The reality is being worth nothing is one of bitcoin's core defences. So far all currencies that have been based on something tangible (like e-Gold) have lacked that defence, and have failed.
except the problem of criminals leveraging other peoples resources. When you can utilise bots to farm for you you can effectively undercut other peoples market making any legitimate miner completely unprofitable.
Said like a person who doesn't have a clue about the shear amount of resources being thrown at bitcoin mining.
Currently, the bitcoin mining network is doing 6,549,663,840,000,000 SHA-256 hashes per second. Lets say you have a botnet of 1 million Haswell's. The fastest Intel CPU there is, a Xeon, and it can't do more than 20M hashes per second. So your 1 million Haswell botnet will manage to capture 0.3% of the bitcoin networks mining power.
Yes, people have speculated in the past that bitcoin might be susceptible to botnets. Even if was true the vulnerability window has well and truly closed.
Firstly, there already is a "tax" of the sort they say is needed. Currently the bitcoin relays don't accept transactions containing a tip of less than 0.6cents per kilobyte.
Secondly, there is nothing to force a miner to pick up a transaction, now. Right now, if a transaction doesn't contain a fee there is no incentive for the miner to include it in the block they are working on. Regardless of whether the miner includes transactions or not, they still get the mining reward.
Transaction fees are like an auction. The customer puts in a bid at the lowest price he thinks the miners will accept, each miner decides whether that fee makes it worth his while to include the block. If the customer wants the transaction processed quickly he will put a comparatively high fee on it so every miner will be interested. If not, they put a low fee on it.
This is called a market. It is how bitcoin is supposed to work.
Bitcoin is an authetication system for bitcoin transactions... But the methods it uses show up just how primitive most of the default security structures of the modern internet really are.
Yes, +1000. Oh, if only I had mod points.
Both X509 and the "web-of-trust" are bloody terrible. Out of the two X509 is marginally better. If you are dealing with a shop unknown to you, X509 does give you a small amount of confidence their web sites cert is controlled by them. A GPG key signed by 100's of people you don't know doesn't. Unfortunately SSL then weakens this to being almost useless by not creating a new trust relationship with that store's cert, and ignoring the X509 PKI infrastructure from then on. A basic security tenant is if you must trust Trent, you do it for as little as possible. X509 requires you to do it forever, rendering you vulnerable to failures in it's PKI forever. At least GPG does allow you to bypass Trent.
The root cause is that both require to put your trust in some arbitrary thing - be it X509 or the web-of-trust. In reality when I go to debian or mozilla or a web store, I've already made my decision I'm going to trust them. Rarely (if ever) do the assertions of the PKI networks have a bearing on the decision. Debian then seals that trust by installing a certs in the install image, so I can be sure every upgrade from then on come from Debian. I presume the Mozilla does the same thing. In both cases they take responsibility for their own security once I have made my decision. The reason I want an encrypted connection to the web store is to protect the funds transfer. The people who I put in charge to manage the security of those funds is the bank, who make me sign lots of pieces of paper and use lots of passwords to prove who I am. Everywhere, that is, except the 'net, where they rely on X509 PKI to ensure I really am talking to their web site and not Mr Slimeball.Phising's web site. Seriously, what is wrong with sending me an X509 cert and insisting I identify myself with that? It almost as if they believe the 'net is the safest place on the planet, rather than than the one of the most infested phishers, con artists, and NSA types.
The people who programmed "the computer" were better.
You don't say why. But I'm guessing if I follow you logic the people who programmed Deep Blue were better at chess than Deep Blue itself, or the people who programmed Watson were better at Jeopardy than Watson. Since computers did these tasks better than the best people in the world clearly they weren't, and by a large margin.
Technically computers can do some things better than us. For example, they can store a series of images of someone responding to pain perfectly for long periods of time. Humans can't. A direct consequence is humans must make their decision on a facial expression within a second or so. Computer's on the other hand can take as long as they want. So if you give them 20 minutes they can multiply whatever power they have at hand by over 1000 (since 20 minutes is over a 1000 seconds).
The reality is that the issue isn't the about of computer power a computer can bring to the table. It is true humans have huge brains, but it has to be split over many tasks. For any single task it is now easy to throw order's of magnitude more compute power at it than a human can. So the problem isn't that the brain is more powerful than a computer, the problem is the programmers figuring how to do the task. One they do that - well Facebook is now better at recognising faces in photographs that a human is.
Yeah, you could be forgiven for thinking that from the headline, or indeed the linked story. Both are wrong.
Yes, there transaction malleability issues were fixed. But no, mtgox woes weren't caused by transaction malleability. Yes, I realise mtgox claims they were, and I realise the popular media swallowed that line without questioning it too much. In reality it was at best tangentially related and mtgox's statements on the issue were PR statements designed to keep customers, not an explanation of what happen. To date they have released any resembling that.
There were a number of transaction malleability problems. The most serious were fixed a year ago. The one fixed a year ago was the bitcoin core software accepted numbers with leading zero's, thus there were several ways to write down the same transaction. This was never intentional, and the fix was to ban numbers with leading zeros. To my knowledge that form of malleability was never exploited. Mtgox's problem was their software produced transactions with leading zero's, so their transactions were rejected by the mining network after the fix. Hackers found a way to exploit that, due to a second bug in the mtgox software.
The headline is also miss-leading on the shear number of changes. Like the web, bitcoin software has several parts. Among them are a GUI client part people use to manage their wallets, a part that can do mining, and a core part the defines the bitcoin protocol and messages. It is the core part that is the equivalent of the HTML 4.01 spec. It was the bit tightened to prevent transaction malleability, a better definition for OP_RETURN and a few other tweaks. The bulk of the changes were in the rest. However, "the rest" is to bitcoin like web browsers, proxies specific servers are to the HTML 4.01 spec. Very few people actually use the reference bitcoin wallet, for instance.
Except that not every bitcoin transaction is made by the owner.
I am not sure what you mean. Every spend of your bitcoins has to be signed by your private key. It doesn't have to be submitted by you, but it must be authorised by you by that signature.
Note that doing that can consist of running a computer with a fully patched operating system, anti-malware protection, etc., if it's on line.
Hmmm. What do you think bitcoin is good for? Do you think it is the equivalent of storing your life's savings under a mattress, or doing transactions?
You can use it to do either. The mattress scenario is easy enough. You just print your private keys out a few times on a piece of paper, and put them in safe deposit boxes. To put money under the mattress you just transfer funds to that key. You don't need access to the private key to do that. To get a large lump out of the mattress is appropriately more difficult and tedious. You disconnect the network, boot off a live CD, create the necessary transaction and put it on a USB key, reboot and send the transaction. It may be painful (although maybe not as painful as having to visit a bank), but it's safe from virus and hackers.
However, the mattress isn't what bitcoin is meant to be good at. It's forte is doing transactions cheaply and quickly. A far more likely scenario is putting the amount of cash you would normally carry around in your wallet into your phone instead. Just like traditional cash, this is an amount of money you can afford to lose.
Computer security is far from what it would need to be to make this practical.
Actually, it isn't. True, traditional PC's aren't secure. But Android and iOS devices together with their TPM's are more than secure enough. They are so secure not even the FBI can crack an encrypted iPhone - they have to be sent back to Apple. Just like a wallet the risk comes more from losing the damned thing rather than it being cracked by a remote hacker. But unlike a real wallet, these devices can actively assist with security. They can demand PIN's, or fingerprints. They can restrict how many bitcoins can be paid out to an unknown keys in a day.
However, the reality is that in the country I live in at least, direct transfers between banks are already so fast (read: seconds), and so cheap (read: free, between any bank in the country, regardless of who owns it or how far away it is) that bitcoin is going to have a hard time competing. I gather the US still uses cheques and bankers deliberately make dealing with competitors difficult. They may have created fertile ground for new weeds like bitcoin to grow in. When it comes to international transfers, where I wear all the risk and yet it still costs a 10's of dollars to transfer money, things are definitely different. And surprise, surprise, it is in international transfers that bitcoin is seeing the most use right now.
I said that transaction malleability was exploited by hackers; it was.
I thought I was pretty clear when I said it wasn't.
The fact that the Bitcoin software no longer has this bug does not change the fact that it once did have this bug, and that this bug has been exploited.
Again no, as far as I know it was never exploited. But I can see you prefer to believe an internet echo chamber confirming your world views over me over me, who is saying you are just plain wrong. More on the dangers of doing that later. For now I assume you really are willing to discard your tin foil hat if you understood what happened. Unfortunately that is going to require going into some detail.
The transaction malleability problem we are discussing here is actually about how the transaction signature is represented. As I said, there are other causes of malleability, some of which haven't been fixed. The transaction signature is particularly important because the bitcoin protocol uses it to identify the transaction. When used in that manner the same piece of information is called a transaction id. Because it does uniquely identify a transaction once it is accepted into the block chain bitcoin exchanges sometimes use the transaction id to match for transactions they have generated.
The different ways of representing a transaction id doesn't effect the core operators of bitcoin, so it was never regarded as serious. The reason it didn't effect bitcoin is two otherwise identical transactions with different transaction id's look like a double spend. Naturally the bitcoin protocol rejects all but the first attempt, so it doesn't matter how many different transaction id's you throw at it. Bitcoin is based on the premise that there is one and only one true and correct transaction history – and that is the block chain. You can throw any rubbish you like at it (and there have been many attempts at DDOS it by doing just that), but as far as bitcoin is concerned the only transactions that exist are the ones that get appended to the block chain. So if there are transactions with multiple id's, it is the id that gets into the block chain that is the official one. The rest never happened.
So far I expect this matches your understanding of the root cause of the problem. It is about now we depart from that.
The transaction signature / id is a ECDSA signature. Here is a real one:
770a723381d3edbcbfd06cecdd7b9f8569e9691d3a06a8a9c8972dd6fcbc8493. It looks remarkably like a fixed length SHA checksum doesn't it? It's not. An ECDSA signature is two large numbers, which in bitcoin is encoded in DER format.
DER format is used because, quoting from that Wikipedia link: “DER is a subset of BER providing for exactly one way to encode an ASN.1 value the shortest possible length encoding must be used”. Which sort of begs the question “how it be malleable”? It isn't. But, the software the reference bitcoin software uses to produce and decode these signatures is openssl, and like all good internet software openssl follows Postel's Law: “"Be liberal in what you accept, and conservative in what you send”. So OpenSSL always generates valid bitcoin signatures, but it accepts invalid ones, and in particular numbers with leading zeros. Whether you call this a bug or feature is more a matter of taste than anything else.
This bug / feature was noticed by the bitcoin developers some 3 years ago. It wasn't viewed as serious. As I said, it doesn'
While it is true that the transfers are not reversible on a whim, the bank is still liable to prove that the customer initiated the transaction, much the same as if someone appeared at the bank and withdrew cash.
Yes. But this is only because the banks can and do make mistakes, signatures can be forged and so on. One of the fundamentals bitcoin is built on is it never makes a mistake like that. Every addition to the block chain is checked by every miner, so if some random miner suffers a bit error in RAM, it will be rejected by the network. The whim part is taken care of by requiring the customer to sign the transaction using a digital signature. It can't be forged. Either the customer authorised the transaction, or they did the equivalent of giving away their banking password.
And since bitcoin can't make mistakes like the ones you are alluding to, it can uphold the normal banking standards you describe and yet not need to do a reversals.
6% of all of the bitcoins in existence got stolen a few weeks ago. It was merely the highest profile in a string of huge robberies.
True. But what does that have to do someone breaking into a bank vault? Mtgox isn't a bank. They are a broker - they buy and sell bitcoins. Some people gave them bitcoins to sell, but they lost (by double spending them) them instead.
As I said elsewhere in this thread, here we have yet another example of someone who don't have a clue about what bitcoin is or how it operates, making a comment demonstrating his ignorance in spades and that comment modded to +5.
If you have to ask Slashdot, then I'm afraid that the answer is no, you have reached the end of learning new tricks if you cannot figure something this simple out on your own.
Right answer, wrong reason.
Every good engineer I know, software or otherwise, can't resist learning how the next new shiny works and seeing if they can't put it to good use. In fact I sometimes feel guilty of wasting inordinate amounts of time doing that sort of thing. Thus I know I can learn new tricks because I do it all the time.
They reality is it I hadn't done that all my life, I would be in the dust bin now. I learnt to program in the 70's, on punch cards. Our uni lecturers tried to get us to imagine the shiny's we would have now, I guess as a way of preparing us for continual learning. It's funny now I look back on it, but among the many things we didn't think of are the internet, mobile phones, public-key cryptography, or cryptographic hash functions. It's been a remarkable time to live through.
If the submitter doesn't know he can learn new things too, he is in deeper shit than he realises. It's not a question of whether he can or can't - he almost certainly can. But if he hasn't been doing continually, there is soooo much to catch up on.
This is totally false. Almost all bank transactions are reversible in the case of fraud, no bitcoin transactions are ever reversible.
Only for some definition of "totally" that does mean 100% of transactions. And when you get to the the space bitcoin is trying to compete in - international direct transfers, your "totally" becomes close to 0%.
SWIFT MT-103s are the most commonly used form of SWIFT communication, and one which many people will have utilized without even knowing it. For most bank customers, they are known not as MT-103s at all, but rather as wire transfers, telegraphic transfers, or SWIFT transfers. A SWIFT MT-103 is used by the bank when its customers wish to make payment to customers of another bank in another country.
How Do I Send A MT-103 ?
An MT-103 is the most commonly utilized type of SWIFT message. In order to send one, simply contact your bank and let them know that you would like to send a telegraphic or wire transfer. They will require the recipient’s bank details, and also the SWIFT code of the recipient’s bank. If the recipient is not aware of their bank’s SWIFT code, it is a fairly simple matter for the recipient to inquire at their bank.
Are MT-103s Reversible?
No. Once a MT-103 has been made, it is not reversible. Sending a MT-103 is the equivalent of handing someone cash in many respects, so due care should be taken when initiating a MT-103.
How often does someone break into a bank vault?... The impact is way, way worse with bitcoin.
How do you know? It has never happened. There is only one bitcoin banker - it's the miners. There is only one bank statement issued by those bankers, and that's the block chain. So far the miners have never lost a bitcoin. You can verify that yourself. The block chain is a public document. I think it's fair to said bitcoin is built on the fact that they never will. It's a pretty safe bet, because if the bitcoin software adheres to the protocol description, mathematically, they never can.
If you give your bitcoins to a broker like mtgox, well anything can happen. In fact if you can name something an imbecile or criminal could do to you if trusted them with your money, then in the bitcoin world it probably has happened. Some brokers didn't bother with backups. Some were minors, and literally stole the bitcoins they were given. Some (including mtgox) leaked passwords they were given. The list is beyond belief, and is responsible for all the headlines you see.
But your fantasy of the the vault all bitcoin is stored in being raided - that has never happened. One of the beauties of bitcoin is it is probably impossible. Indeed bitcoin is immune to most of the foibles of normal bankers. The bitcoin banker doesn't loan bitcoins. It doesn't make mistakes. Unlike fiat currencies the people who control it can't inflate it into worthlessness.
As I understand it, the Mt.Gox fiasco was due in part to a hacker's ability to exploit transaction malleability in Bitcoin. Yes, Gox should have updated their software, but the Bitcoin protocol had a known weakness in it, and we've seen the result.
Your understanding is wrong. The mtgox fiasco didn't occur because the miners accepted malleable transactions. It happened when the miners stopped accepting transactions that were malleable. Well, not all malleable transactions. But they did stop accepting the invalid transactions mtgox was generating. Generating those invalid transactions was mtgox bug 1. Mtgox bug 2 was when people fixed their bad formatting and they were accepted the block chain, mtgox software didn't recognise them. Mtgox bug 3 was they they then repeated the same transaction without doing a full audit of their ledger to verify some other mistake hadn't been made. Doing it twice is a bit of a risk given bitcoin transactions aren't reversible. But to be fair, mtgox said they authorised such double spends manually.
But... it is almost inconceivable that a human authorised $350M in double spends without getting suspicious. So that brings us to the unknown mtgox bug 4. Somehow, they managed to figure out a way of authorising $350M in double spends without anybody noticing. Surely this must quality for the Guinness Book of Records greatest accounting cluster fuck of all time.
But bitcoin protocol bug - sorry no, not this time. Bitcoin offers very few guarantees. I guess a known mining rate, whatever appears on the audit trail is the one and only correct history of bitcoin, and that history will never change are the main three. In the early days, back when people sent 1000's of bitcoins to pay for a pizza, there were bugs that in the bitcoin software that meant those guarantees weren't upheld. But it was also a nicer time. It was when bitcoin was just a toy friends played with, so such mistakes could be and were always fixed. No bitcoin has every been permanently lost because because of such bugs.
I know I shouldn't care when a person on the internet is wrong. Not just a little bit wrong, but tinfoil hat type wrong as you are in this case. But seeing tinfoil hat comments being modded up to +5 is difficult to swallow silently.
- June 2011: seller's administrator account was hacked by an unknown process. The priveleges were then abused to generate humungous quantities of BTC. None of the BTC, however, was backed by Mt. Gox. The attackers sold the BTC generated, driving Mt. Gox BTC prices down to cents. They then purchased the cheap BTC with their own accounts and withdrew the money.... Many customers claim they have lost money from this reversion, but Mt. Gox claims it has reimbursed all customers fully for this theft. After the incident, Mt. Gox shut down for several days.
- June 2011: Users with weak passwords on MyBitcoin who used the same password on Mt. Gox were in for a surprise after the June 2011 Mt. Gox Incident allowed weakly-salted hashes of all Mt. Gox user passwords to be leaked. These passwords were then hacked on MyBitcoin and a significant amount of money lost.
- October 2011: Mt. Gox accidentally destroyed 2609.36304319 bitcoins.
- July 2012: A hacker infiltrated the Mt. Gox account used by Bitcoin Syndicate, sold off the USD owned, and withdrew all balances.
- July 2012: On July 13, 2012, a thief compromised the Bitcoinica Mt. Gox account. The thief made off with around 30% of Bitcoinica's bitcoin assets.
The entity receiving the money is known as a stateless organisation. It's controlled by Apple, obviously.
How does an organisation become stateless? They take advantage of different of residency in different jurisdictions. For example, country A may say you are based in A if your headquarters are there. Country B may say you are a country B organisation if your board meets there. Country C may say a company is comes under its laws if the bulk of its board are residents there.
One way to be stateless that that situation is to have your headquarters in country B, and have your board meet in country A.
This is what the entity Apple transfers the money too does, so it isn't under the control of any country's laws. It is perfectly legal, of course.
This loophole won't be around for much longer. All that is needed to fix it is the various countries get the respective laws consistent. Doing that is on the agenda for the G20 meeting in September.
As others, the study was done on mice, who are herbivores in the wild. They say what happens to them will also happen to us, but we have been eating meat a long while now.
I wonder if also applies to my cat? <scarcasm>I know cat's are predominately carnivores, but that shouldn't matter, right?</scarcasm>
144 pages is fairly short and compact for a security tool.
It's a pretty dumb security tool. It allows you become user X if based on a few simple credentials. In fact I can list them: your user, your group, the computer you are on and the program you are running. On top of that, you can ask it to do a few things when to assume user X's credentials like clear the environment, close a few files, log something - nothing you could not also do by running a wrapper script.
That's it. It's not much. To configure this relatively simple thing the author invented this god awful syntax. It's one virtue is it's compactness - so it's forgivable I suppose, particularly if he writes a clear man page readable by humans. But he didn't. He used EBNF. Now let me tell you, as a person who has written parser generators, an inevitable fact about any non-trivial grammar. When first written they are full of bugs. It's hardly surprising given they are regular expressions on steroids, and most people struggle to get just one non-trivial regular expression right - and an EBNF is a list of them. Thus even the person writing them can not predict the language they will recognise. The only way to get rid of the bugs is to compile a parser from them, test it on various language constructs, then fix the surprises.
You can take it from that EBNF is a great way to express things so a computer will understand it. But not so good for a human. If you are expecting someone to write a computer program to match the grammar, it might be a reasonable choice. If you are using it in a man page that only humans will read it's a bloody awful choice. Maybe it might be justifiable if he just ripped the grammar straight out of his source code. At least we could be sure it was right them. But he didn't. The source doesn't use a grammar at all.
But then if the grammar in the man page has never been compiled or tested, and given it is non-trival, then if what I said above is true it won't recognise the sudo config file. And it doesn't. For instance, nowhere in the grammar does it express all commands must lie on a single line. In fact he doesn't even mention it directly the text either, beyond saying at the end you can split long lines using a \. You are meant to infer it from the examples I guess.
So to sum up, we have a simple concepts expressed in a terse and complex configuration language, which is described by a an untested EBNF so complex it needs it's own syntax description in the man page, and we know the EBNF is incomplete. That is why the sudo man page is a cluster fuck. It has nothing to do with your "oh security is complex" throw away line.
And does it need a 144 page book to explain it? No, of course not. A man page about the size of the one we have could get all the concepts across just fine.
This reminded me of the claims Steve Perlman made in 2011. He said his technique would overcome Shannon’s Law. He was justifiably ridiculed. At least this mob isn't claiming they can break the laws of physics.
Oh wait, this is Perlman, peddling the same dog and pony show. Only this time he's got an article in IEEE Spectrum to print his claims. I hope that means he no longer says he can beat the laws of physics into submission.
The original claims of the impossible aside, the idea was to monitor the signal of each phone in real time from a central point, do some calculations to figure out the path distance from each antenna the phone, then do some more calculations to split up and phase change outgoing signal so the signals from those antennas so they constructively interfered to produce the wanted signal at the phone. The tracking has to be damned accurate - much better than GPS because a 1Ghz mobile phone signal has a wave length of about a meter, and you need better than 1/4 of the wavelength. And it has to be fast, because if the phone or objects around it move it all goes to put. So if you are walking at comfortable 1 metre per second, in 0.25 seconds it's all gone to pot. In a car that drops to 0.02 seconds. Oh, and since we as talking 1GHz, we have to measure it within a few 100 picoseconds. And since you don't use one antenna to service just one phone, he will have to be doing this for 100's of phone simultaneously. Oh, and that means when he is calculating the phase and amplitude of the signal his antenna is generating, he has to solve 100's linear equations with 100's of variables so he can ensure each signal he sends from each antenna adds up to what each phone needs. And since the collective antenna group is sending at oh, say 100Gb/s and he has to do this for every fucking bit, so he has 10 picoseconds per bit to do it in.
Instead is sounds like that fact that the man running the original Silk Road was earning over $10M a month, and only got caught because he was sloppy got published far and wide. There is almost certain a flood of Silk Road clones out there now. It's probably one of the few things that outnumbers bitcoin clones. I expect most of them are run by 2 bit crims who picked up their l33t script kiddie skills from their prepubescent cousin.
I am somewhat surprised there has only been 3 of these so far. I expect this is the start of a never ending flood, and it will only drop off the newspapers when it becomes obvious it's an everyday event.
Since this seems to be the place to post comments on beta:
1. That/. is a predominately text site. That is what you current audience likes. When ther new beta home page displays there is no visible text. Instead we see some god awful graphic occupying the entire visible part of the page. Ick, ick, ick. If I want entertainment served up as cute photos I can go to imgur. Reduce the graphics, reduce the load times.
2. The home page is... boring. The current/. page is surrounded by options and knick knacks and useful information. The new one looks like - a spartan mobile page clumsily expanded to fill up a desktop page. Thus you end up with heaps of boring white space. Worse - to get to those knick knacks now required multiple clicks. For fucks sake - you must have witnessed the savaging both Windows 8 and Gnome 3 got here for doing the same thing. Yet you repeat same basic design error????
3. The main body of the home page is also a mess. Before we had a regular layout - dense text describing the story with a small graphic breaking between stories that helped to break up the blocks of text. Now we either pure text with nothing to break it up, but the occasional story having a huge graphic you have to scroll past to get to the meat - the text./. isn't a fashion magazine. We aren't here for the graphics. The graphics is there purely to help us parse the text.
4. In the stories themselves. As others have said, there is too much white space. To me this seems to be just a line space / font choice issue. Hint: here the priority should be making the text easy to read, not making it look good, we clicked are here to read the text not to appreciate the skills of your graphic artist. The tiny font + heaps of white space may look "balanced" in somebodies mind, but it makes that harder to read than it need be.
5. To me the most important piece of information about a comment is the thread it's in. That remains obvious, fortunately. The second most important piece of information is the moderation score. And you put that in a dim, small font???
6. Keyboard navigation doesn't work. Seriously? You put this up for people to use as beta (one step away from production) and took away the feature at least 10% of us use to navigate it? What were you expecting - us to show the love?
7. What happened to the plain text / html options when replying? What replaced it? How are we supposed to format our replies now? Surely you don't expect us to go on a whumpus hunt to find all this out? At the very least a "help with formatting" link would be appreciated.
8. When replying to a comment there is no default subject. What's wrong with "Re: (old subject)?".
9. You have a "Share" button on comments. I think it may be a permanent URL to the comment. That might have been what "Share" meant a decade ago, but now "Share" means post a link to your favourite social media site and when you click something like a dropdown of common social media sites appears. "Permalink" is a better name for it.
10. On the main page, "Older" points left. On what planet is that the standard? Everywhere else "older" posts slide are on the right, and indeed a swiping the screen left makes them appear.
I can't help but agree with the FUCK BETA crowd, even though I have started modding them down. This isn't beta quality, and it should never have been inflicted on the undeserving public.
There are a tons of devices like these out there and if they cannot operate reliably over a VoIP based network
True. Theses devices are modems, and they power things like fax'es and EFTPOS terminals.
You know what? Modems are what we use to send digital over an analogue line. They don't work over some VOIP, but ye gods if you are kludging a digital line over VOIP emulating a analogue signal over a digital signal which is sent using an analogue PYH using a high speed modem - maybe it is time for a layer or two to die.
In other words, complaining that about VOIP making life difficult for modems is like a teamster complaining how the hard the asphalt is on the horse's hooves.
What happens when your power goes out and you have Charter-crap or Comcast-shite or UVerse-dung ? You're screwed.
I don't know about Charter-crap or Comcast-shite, but here in Australia I can tell you what happens with a PODF. Initially batteries in the exchange power the PODF, and it's all good as you say. But if the outage is caused by a category 5 cyclone named say Yasi then some of the exchanges will be isolated, so the next thing that happens is the batteries go flat. Not a huge problem as the diesel generator cuts in automatically. But then it runs out of fuel, and your PODF dies.
So what now? Well I can tell you what thousands of Aussie's effected by Yasi did. They used their mobiles. If the mobiles didn't work they hopped into the car and drove to somewhere that did. And if their mobiles went flat they charged them using the car. Turns out determined human with car and mobile beats PODF every time.
Here in Australia we are building something called the NBN. Sort of like the FCC plan being described here, but we are skipping the trial step. (Well, not really. The NBN is better described as "re-writing the country", but exactly what that means is up for debate, however one thing is clear: POTS dies.) There used to be a huge debate about batteries, just like the one you are starting here. Yasi ended it.
If Google isn't careful, they will loose this race. Right now it is a bit of a toss up. It wasn't always so. A few years ago OSM was just toy, and the Android Google Maps app did a reasonable job of offline maps and searching the local area. My how things have changed.
On the one hand Google has been busily removing features from it's Maps app. I think they were trying to make it easier to use. Whether they achieved that is debatable, but what they done is make it less useful. You can't measure distances now, the search for local places of interest is all but useless, there is no way to find out what maps are available for offline use.
OsmAnd+ on the other hand has acquired one big missing feature - directions, navigation and voice. Amazingly its point of interest search works much better than Google, possibly because the locals enter the point of interest data. And it always had a number of features Google Maps doesn't:
Measure distances.
Add way points for navigation.
Directed Address Entry.
Display custom underlay / overlay maps.
Record / display GPS tracks.
Totally offline operation.
If something is wrong or missing, you can add it.
Normally I would not bet against Google. But collecting traffic and public transport out of the realms of possibility for Osm. If that happens, I can't think why anybody would choose to use Google Maps over OSM.
Slashdot Mirror
The current block reward is 25 * $577 = $14,425. This is huge compared to the current transactions fees.
Yes, it is huge compared to today's transaction fees. But mining fees will continue for some time yet. The bet is by the time they become insignificant mining fees won't be so small. A clue is the credit card network current roughly 10,000 transaction per second. If bitcoin managed that at 0.6c per kilobyte (the fee bitcoin relays demand) mining fees would be $72,000 per block.
To gain an insight into the odds of that happening, Paypal processes around 9 million transactions per day, or 100 per second. Paypal's revenues were $6.6 billion last year. That translates to Paypal making over $2 per transaction. Bitcoin doesn't offer the same service of course, but it currently charges $0.002 for a single transaction. (A transaction takes roughly 360 bytes).
remember that Bitcoin isn't the only game in town and miners can switch to mining an altcoin if they're not satisfied with the way "bitcoin is supposed to work".
You forget there are users of these coins - be they bitcoins or altcoins. In the end it is the users that pay the mining costs, be they transaction fees or mining rewards. In a word of competing altcoins, this translates to only the users having a vote on what the best set of rules are. What the miners think of the rules is largely immaterial. If you think this isn't true, try and set up a altcoin with spectacular miners rewards and see how many users you get. Maybe you will succeed where all other altcoin founders have failed.
The bitcoin foundation seems to be very aware of this underlying reality, and is behaving accordingly.
and you really think all that effort in mining is going to be maintained once the coin pool is exhausted and they are only competing for transaction fees?
Just about all mining is done using ASIC now, and ASIC's are in an unenviable position. Unlike CPU's and GPU's or even FPGA's, they are utterly useless outside of bitcoin. So they will remain deployed until they cost more in power to run than they get in mining fees. This means the current mining power isn't going away any time soon.
Botnet's can earn a return from a variety of sources, not just mining. So the question becomes "is it worth competing against the ASIC's"? In terms of power cost a top end Intel CPU's is roughly 100,000 worse than an ASIC. So even if some miners drop out Botnet's are unlikely to win more than a minor percentage. If the rewards of mining have dropped so much that ASIC's are dropping out, then it's a minor percentage of a small number. Add to that mining's soaking up 100% of CPU time makes an infection by the bot stand out, which decreases the half life of your botnet ... and yeah, I expect it will continue even when there are only transaction fees.
Then there is the whole other question of "does it matter?" If a botnet does take over the mining pool, there is the little issue that bitcoin is intrinsically worth nothing. It's not like they have taken over a pot of gold. Bitcoin is only worth something if people trust it. So if they don't undermine it, they have something that will pay out forever. If they do undermine it, they have got control of 2^51 bits that no one in the right mind would buy and their source of transaction fees has dried up.
It's weird actually. Claiming bitcoin can never succeed because it is worth nothing has to be one of the more popular meme's. The reality is being worth nothing is one of bitcoin's core defences. So far all currencies that have been based on something tangible (like e-Gold) have lacked that defence, and have failed.
except the problem of criminals leveraging other peoples resources. When you can utilise bots to farm for you you can effectively undercut other peoples market making any legitimate miner completely unprofitable.
Said like a person who doesn't have a clue about the shear amount of resources being thrown at bitcoin mining.
Currently, the bitcoin mining network is doing 6,549,663,840,000,000 SHA-256 hashes per second. Lets say you have a botnet of 1 million Haswell's. The fastest Intel CPU there is, a Xeon, and it can't do more than 20M hashes per second. So your 1 million Haswell botnet will manage to capture 0.3% of the bitcoin networks mining power.
Yes, people have speculated in the past that bitcoin might be susceptible to botnets. Even if was true the vulnerability window has well and truly closed.
Firstly, there already is a "tax" of the sort they say is needed. Currently the bitcoin relays don't accept transactions containing a tip of less than 0.6cents per kilobyte.
Secondly, there is nothing to force a miner to pick up a transaction, now. Right now, if a transaction doesn't contain a fee there is no incentive for the miner to include it in the block they are working on. Regardless of whether the miner includes transactions or not, they still get the mining reward.
Transaction fees are like an auction. The customer puts in a bid at the lowest price he thinks the miners will accept, each miner decides whether that fee makes it worth his while to include the block. If the customer wants the transaction processed quickly he will put a comparatively high fee on it so every miner will be interested. If not, they put a low fee on it.
This is called a market. It is how bitcoin is supposed to work.
Bitcoin is an authetication system for bitcoin transactions ... But the methods it uses show up just how primitive most of the default security structures of the modern internet really are.
Yes, +1000. Oh, if only I had mod points.
Both X509 and the "web-of-trust" are bloody terrible. Out of the two X509 is marginally better. If you are dealing with a shop unknown to you, X509 does give you a small amount of confidence their web sites cert is controlled by them. A GPG key signed by 100's of people you don't know doesn't. Unfortunately SSL then weakens this to being almost useless by not creating a new trust relationship with that store's cert, and ignoring the X509 PKI infrastructure from then on. A basic security tenant is if you must trust Trent, you do it for as little as possible. X509 requires you to do it forever, rendering you vulnerable to failures in it's PKI forever. At least GPG does allow you to bypass Trent.
The root cause is that both require to put your trust in some arbitrary thing - be it X509 or the web-of-trust. In reality when I go to debian or mozilla or a web store, I've already made my decision I'm going to trust them. Rarely (if ever) do the assertions of the PKI networks have a bearing on the decision. Debian then seals that trust by installing a certs in the install image, so I can be sure every upgrade from then on come from Debian. I presume the Mozilla does the same thing. In both cases they take responsibility for their own security once I have made my decision. The reason I want an encrypted connection to the web store is to protect the funds transfer. The people who I put in charge to manage the security of those funds is the bank, who make me sign lots of pieces of paper and use lots of passwords to prove who I am. Everywhere, that is, except the 'net, where they rely on X509 PKI to ensure I really am talking to their web site and not Mr Slimeball.Phising's web site. Seriously, what is wrong with sending me an X509 cert and insisting I identify myself with that? It almost as if they believe the 'net is the safest place on the planet, rather than than the one of the most infested phishers, con artists, and NSA types.
The people who programmed "the computer" were better.
You don't say why. But I'm guessing if I follow you logic the people who programmed Deep Blue were better at chess than Deep Blue itself, or the people who programmed Watson were better at Jeopardy than Watson. Since computers did these tasks better than the best people in the world clearly they weren't, and by a large margin.
Technically computers can do some things better than us. For example, they can store a series of images of someone responding to pain perfectly for long periods of time. Humans can't. A direct consequence is humans must make their decision on a facial expression within a second or so. Computer's on the other hand can take as long as they want. So if you give them 20 minutes they can multiply whatever power they have at hand by over 1000 (since 20 minutes is over a 1000 seconds).
The reality is that the issue isn't the about of computer power a computer can bring to the table. It is true humans have huge brains, but it has to be split over many tasks. For any single task it is now easy to throw order's of magnitude more compute power at it than a human can. So the problem isn't that the brain is more powerful than a computer, the problem is the programmers figuring how to do the task. One they do that - well Facebook is now better at recognising faces in photographs that a human is.
Yeah, you could be forgiven for thinking that from the headline, or indeed the linked story. Both are wrong.
Yes, there transaction malleability issues were fixed. But no, mtgox woes weren't caused by transaction malleability. Yes, I realise mtgox claims they were, and I realise the popular media swallowed that line without questioning it too much. In reality it was at best tangentially related and mtgox's statements on the issue were PR statements designed to keep customers, not an explanation of what happen. To date they have released any resembling that.
There were a number of transaction malleability problems. The most serious were fixed a year ago. The one fixed a year ago was the bitcoin core software accepted numbers with leading zero's, thus there were several ways to write down the same transaction. This was never intentional, and the fix was to ban numbers with leading zeros. To my knowledge that form of malleability was never exploited. Mtgox's problem was their software produced transactions with leading zero's, so their transactions were rejected by the mining network after the fix. Hackers found a way to exploit that, due to a second bug in the mtgox software.
The headline is also miss-leading on the shear number of changes. Like the web, bitcoin software has several parts. Among them are a GUI client part people use to manage their wallets, a part that can do mining, and a core part the defines the bitcoin protocol and messages. It is the core part that is the equivalent of the HTML 4.01 spec. It was the bit tightened to prevent transaction malleability, a better definition for OP_RETURN and a few other tweaks. The bulk of the changes were in the rest. However, "the rest" is to bitcoin like web browsers, proxies specific servers are to the HTML 4.01 spec. Very few people actually use the reference bitcoin wallet, for instance.
Except that not every bitcoin transaction is made by the owner.
I am not sure what you mean. Every spend of your bitcoins has to be signed by your private key. It doesn't have to be submitted by you, but it must be authorised by you by that signature.
Note that doing that can consist of running a computer with a fully patched operating system, anti-malware protection, etc., if it's on line.
Hmmm. What do you think bitcoin is good for? Do you think it is the equivalent of storing your life's savings under a mattress, or doing transactions?
You can use it to do either. The mattress scenario is easy enough. You just print your private keys out a few times on a piece of paper, and put them in safe deposit boxes. To put money under the mattress you just transfer funds to that key. You don't need access to the private key to do that. To get a large lump out of the mattress is appropriately more difficult and tedious. You disconnect the network, boot off a live CD, create the necessary transaction and put it on a USB key, reboot and send the transaction. It may be painful (although maybe not as painful as having to visit a bank), but it's safe from virus and hackers.
However, the mattress isn't what bitcoin is meant to be good at. It's forte is doing transactions cheaply and quickly. A far more likely scenario is putting the amount of cash you would normally carry around in your wallet into your phone instead. Just like traditional cash, this is an amount of money you can afford to lose.
Computer security is far from what it would need to be to make this practical.
Actually, it isn't. True, traditional PC's aren't secure. But Android and iOS devices together with their TPM's are more than secure enough. They are so secure not even the FBI can crack an encrypted iPhone - they have to be sent back to Apple. Just like a wallet the risk comes more from losing the damned thing rather than it being cracked by a remote hacker. But unlike a real wallet, these devices can actively assist with security. They can demand PIN's, or fingerprints. They can restrict how many bitcoins can be paid out to an unknown keys in a day.
However, the reality is that in the country I live in at least, direct transfers between banks are already so fast (read: seconds), and so cheap (read: free, between any bank in the country, regardless of who owns it or how far away it is) that bitcoin is going to have a hard time competing. I gather the US still uses cheques and bankers deliberately make dealing with competitors difficult. They may have created fertile ground for new weeds like bitcoin to grow in. When it comes to international transfers, where I wear all the risk and yet it still costs a 10's of dollars to transfer money, things are definitely different. And surprise, surprise, it is in international transfers that bitcoin is seeing the most use right now.
I said that transaction malleability was exploited by hackers; it was.
I thought I was pretty clear when I said it wasn't.
The fact that the Bitcoin software no longer has this bug does not change the fact that it once did have this bug, and that this bug has been exploited.
Again no, as far as I know it was never exploited. But I can see you prefer to believe an internet echo chamber confirming your world views over me over me, who is saying you are just plain wrong. More on the dangers of doing that later. For now I assume you really are willing to discard your tin foil hat if you understood what happened. Unfortunately that is going to require going into some detail.
The transaction malleability problem we are discussing here is actually about how the transaction signature is represented. As I said, there are other causes of malleability, some of which haven't been fixed. The transaction signature is particularly important because the bitcoin protocol uses it to identify the transaction. When used in that manner the same piece of information is called a transaction id. Because it does uniquely identify a transaction once it is accepted into the block chain bitcoin exchanges sometimes use the transaction id to match for transactions they have generated.
The different ways of representing a transaction id doesn't effect the core operators of bitcoin, so it was never regarded as serious. The reason it didn't effect bitcoin is two otherwise identical transactions with different transaction id's look like a double spend. Naturally the bitcoin protocol rejects all but the first attempt, so it doesn't matter how many different transaction id's you throw at it. Bitcoin is based on the premise that there is one and only one true and correct transaction history – and that is the block chain. You can throw any rubbish you like at it (and there have been many attempts at DDOS it by doing just that), but as far as bitcoin is concerned the only transactions that exist are the ones that get appended to the block chain. So if there are transactions with multiple id's, it is the id that gets into the block chain that is the official one. The rest never happened.
So far I expect this matches your understanding of the root cause of the problem. It is about now we depart from that.
The transaction signature / id is a ECDSA signature. Here is a real one: 770a723381d3edbcbfd06cecdd7b9f8569e9691d3a06a8a9c8972dd6fcbc8493 . It looks remarkably like a fixed length SHA checksum doesn't it? It's not. An ECDSA signature is two large numbers, which in bitcoin is encoded in DER format. DER format is used because, quoting from that Wikipedia link: “DER is a subset of BER providing for exactly one way to encode an ASN.1 value the shortest possible length encoding must be used”. Which sort of begs the question “how it be malleable”? It isn't. But, the software the reference bitcoin software uses to produce and decode these signatures is openssl, and like all good internet software openssl follows Postel's Law: “"Be liberal in what you accept, and conservative in what you send”. So OpenSSL always generates valid bitcoin signatures, but it accepts invalid ones, and in particular numbers with leading zeros. Whether you call this a bug or feature is more a matter of taste than anything else.
This bug / feature was noticed by the bitcoin developers some 3 years ago. It wasn't viewed as serious. As I said, it doesn'
While it is true that the transfers are not reversible on a whim, the bank is still liable to prove that the customer initiated the transaction, much the same as if someone appeared at the bank and withdrew cash.
Yes. But this is only because the banks can and do make mistakes, signatures can be forged and so on. One of the fundamentals bitcoin is built on is it never makes a mistake like that. Every addition to the block chain is checked by every miner, so if some random miner suffers a bit error in RAM, it will be rejected by the network. The whim part is taken care of by requiring the customer to sign the transaction using a digital signature. It can't be forged. Either the customer authorised the transaction, or they did the equivalent of giving away their banking password.
And since bitcoin can't make mistakes like the ones you are alluding to, it can uphold the normal banking standards you describe and yet not need to do a reversals.
6% of all of the bitcoins in existence got stolen a few weeks ago. It was merely the highest profile in a string of huge robberies.
True. But what does that have to do someone breaking into a bank vault? Mtgox isn't a bank. They are a broker - they buy and sell bitcoins. Some people gave them bitcoins to sell, but they lost (by double spending them) them instead.
As I said elsewhere in this thread, here we have yet another example of someone who don't have a clue about what bitcoin is or how it operates, making a comment demonstrating his ignorance in spades and that comment modded to +5.
If you have to ask Slashdot, then I'm afraid that the answer is no, you have reached the end of learning new tricks if you cannot figure something this simple out on your own.
Right answer, wrong reason.
Every good engineer I know, software or otherwise, can't resist learning how the next new shiny works and seeing if they can't put it to good use. In fact I sometimes feel guilty of wasting inordinate amounts of time doing that sort of thing. Thus I know I can learn new tricks because I do it all the time.
They reality is it I hadn't done that all my life, I would be in the dust bin now. I learnt to program in the 70's, on punch cards. Our uni lecturers tried to get us to imagine the shiny's we would have now, I guess as a way of preparing us for continual learning. It's funny now I look back on it, but among the many things we didn't think of are the internet, mobile phones, public-key cryptography, or cryptographic hash functions. It's been a remarkable time to live through.
If the submitter doesn't know he can learn new things too, he is in deeper shit than he realises. It's not a question of whether he can or can't - he almost certainly can. But if he hasn't been doing continually, there is soooo much to catch up on.
This is totally false. Almost all bank transactions are reversible in the case of fraud, no bitcoin transactions are ever reversible.
Only for some definition of "totally" that does mean 100% of transactions. And when you get to the the space bitcoin is trying to compete in - international direct transfers, your "totally" becomes close to 0%.
From http://www.globalgrainsvn.com/GGS/MT103.html:
SWIFT MT-103
SWIFT MT-103s are the most commonly used form of SWIFT communication, and one which many people will have utilized without even knowing it. For most bank customers, they are known not as MT-103s at all, but rather as wire transfers, telegraphic transfers, or SWIFT transfers. A SWIFT MT-103 is used by the bank when its customers wish to make payment to customers of another bank in another country.
How Do I Send A MT-103 ?
An MT-103 is the most commonly utilized type of SWIFT message. In order to send one, simply contact your bank and let them know that you would like to send a telegraphic or wire transfer. They will require the recipient’s bank details, and also the SWIFT code of the recipient’s bank. If the recipient is not aware of their bank’s SWIFT code, it is a fairly simple matter for the recipient to inquire at their bank.
Are MT-103s Reversible?
No. Once a MT-103 has been made, it is not reversible. Sending a MT-103 is the equivalent of handing someone cash in many respects, so due care should be taken when initiating a MT-103.
How often does someone break into a bank vault? ... The impact is way, way worse with bitcoin.
How do you know? It has never happened. There is only one bitcoin banker - it's the miners. There is only one bank statement issued by those bankers, and that's the block chain. So far the miners have never lost a bitcoin. You can verify that yourself. The block chain is a public document. I think it's fair to said bitcoin is built on the fact that they never will. It's a pretty safe bet, because if the bitcoin software adheres to the protocol description, mathematically, they never can.
If you give your bitcoins to a broker like mtgox, well anything can happen. In fact if you can name something an imbecile or criminal could do to you if trusted them with your money, then in the bitcoin world it probably has happened. Some brokers didn't bother with backups. Some were minors, and literally stole the bitcoins they were given. Some (including mtgox) leaked passwords they were given. The list is beyond belief, and is responsible for all the headlines you see.
But your fantasy of the the vault all bitcoin is stored in being raided - that has never happened. One of the beauties of bitcoin is it is probably impossible. Indeed bitcoin is immune to most of the foibles of normal bankers. The bitcoin banker doesn't loan bitcoins. It doesn't make mistakes. Unlike fiat currencies the people who control it can't inflate it into worthlessness.
Your understanding is wrong. The mtgox fiasco didn't occur because the miners accepted malleable transactions. It happened when the miners stopped accepting transactions that were malleable. Well, not all malleable transactions. But they did stop accepting the invalid transactions mtgox was generating. Generating those invalid transactions was mtgox bug 1. Mtgox bug 2 was when people fixed their bad formatting and they were accepted the block chain, mtgox software didn't recognise them. Mtgox bug 3 was they they then repeated the same transaction without doing a full audit of their ledger to verify some other mistake hadn't been made. Doing it twice is a bit of a risk given bitcoin transactions aren't reversible. But to be fair, mtgox said they authorised such double spends manually.
But ... it is almost inconceivable that a human authorised $350M in double spends without getting suspicious. So that brings us to the unknown mtgox bug 4. Somehow, they managed to figure out a way of authorising $350M in double spends without anybody noticing. Surely this must quality for the Guinness Book of Records greatest accounting cluster fuck of all time.
But bitcoin protocol bug - sorry no, not this time. Bitcoin offers very few guarantees. I guess a known mining rate, whatever appears on the audit trail is the one and only correct history of bitcoin, and that history will never change are the main three. In the early days, back when people sent 1000's of bitcoins to pay for a pizza, there were bugs that in the bitcoin software that meant those guarantees weren't upheld. But it was also a nicer time. It was when bitcoin was just a toy friends played with, so such mistakes could be and were always fixed. No bitcoin has every been permanently lost because because of such bugs.
I know I shouldn't care when a person on the internet is wrong. Not just a little bit wrong, but tinfoil hat type wrong as you are in this case. But seeing tinfoil hat comments being modded up to +5 is difficult to swallow silently.
Consider these Mt. Gox loses:
But for any programmer, none of this is a surprise given he hacked up an ssh server in PHP, then deployed it on a production server.
The entity receiving the money is known as a stateless organisation. It's controlled by Apple, obviously.
How does an organisation become stateless? They take advantage of different of residency in different jurisdictions. For example, country A may say you are based in A if your headquarters are there. Country B may say you are a country B organisation if your board meets there. Country C may say a company is comes under its laws if the bulk of its board are residents there.
One way to be stateless that that situation is to have your headquarters in country B, and have your board meet in country A.
This is what the entity Apple transfers the money too does, so it isn't under the control of any country's laws. It is perfectly legal, of course.
This loophole won't be around for much longer. All that is needed to fix it is the various countries get the respective laws consistent. Doing that is on the agenda for the G20 meeting in September.
As others, the study was done on mice, who are herbivores in the wild. They say what happens to them will also happen to us, but we have been eating meat a long while now.
I wonder if also applies to my cat? <scarcasm>I know cat's are predominately carnivores, but that shouldn't matter, right?</scarcasm>
It's a pretty dumb security tool. It allows you become user X if based on a few simple credentials. In fact I can list them: your user, your group, the computer you are on and the program you are running. On top of that, you can ask it to do a few things when to assume user X's credentials like clear the environment, close a few files, log something - nothing you could not also do by running a wrapper script.
That's it. It's not much. To configure this relatively simple thing the author invented this god awful syntax. It's one virtue is it's compactness - so it's forgivable I suppose, particularly if he writes a clear man page readable by humans. But he didn't. He used EBNF. Now let me tell you, as a person who has written parser generators, an inevitable fact about any non-trivial grammar. When first written they are full of bugs. It's hardly surprising given they are regular expressions on steroids, and most people struggle to get just one non-trivial regular expression right - and an EBNF is a list of them. Thus even the person writing them can not predict the language they will recognise. The only way to get rid of the bugs is to compile a parser from them, test it on various language constructs, then fix the surprises.
You can take it from that EBNF is a great way to express things so a computer will understand it. But not so good for a human. If you are expecting someone to write a computer program to match the grammar, it might be a reasonable choice. If you are using it in a man page that only humans will read it's a bloody awful choice. Maybe it might be justifiable if he just ripped the grammar straight out of his source code. At least we could be sure it was right them. But he didn't. The source doesn't use a grammar at all.
But then if the grammar in the man page has never been compiled or tested, and given it is non-trival, then if what I said above is true it won't recognise the sudo config file. And it doesn't. For instance, nowhere in the grammar does it express all commands must lie on a single line. In fact he doesn't even mention it directly the text either, beyond saying at the end you can split long lines using a \. You are meant to infer it from the examples I guess.
So to sum up, we have a simple concepts expressed in a terse and complex configuration language, which is described by a an untested EBNF so complex it needs it's own syntax description in the man page, and we know the EBNF is incomplete. That is why the sudo man page is a cluster fuck. It has nothing to do with your "oh security is complex" throw away line.
And does it need a 144 page book to explain it? No, of course not. A man page about the size of the one we have could get all the concepts across just fine.
This reminded me of the claims Steve Perlman made in 2011. He said his technique would overcome Shannon’s Law. He was justifiably ridiculed. At least this mob isn't claiming they can break the laws of physics.
Oh wait, this is Perlman, peddling the same dog and pony show. Only this time he's got an article in IEEE Spectrum to print his claims. I hope that means he no longer says he can beat the laws of physics into submission.
The original claims of the impossible aside, the idea was to monitor the signal of each phone in real time from a central point, do some calculations to figure out the path distance from each antenna the phone, then do some more calculations to split up and phase change outgoing signal so the signals from those antennas so they constructively interfered to produce the wanted signal at the phone. The tracking has to be damned accurate - much better than GPS because a 1Ghz mobile phone signal has a wave length of about a meter, and you need better than 1/4 of the wavelength. And it has to be fast, because if the phone or objects around it move it all goes to put. So if you are walking at comfortable 1 metre per second, in 0.25 seconds it's all gone to pot. In a car that drops to 0.02 seconds. Oh, and since we as talking 1GHz, we have to measure it within a few 100 picoseconds. And since you don't use one antenna to service just one phone, he will have to be doing this for 100's of phone simultaneously. Oh, and that means when he is calculating the phase and amplitude of the signal his antenna is generating, he has to solve 100's linear equations with 100's of variables so he can ensure each signal he sends from each antenna adds up to what each phone needs. And since the collective antenna group is sending at oh, say 100Gb/s and he has to do this for every fucking bit, so he has 10 picoseconds per bit to do it in.
Yeah, right. It will be out by Xmas, I'm sure.
It doesn't sound like Tor is compromised to me.
Instead is sounds like that fact that the man running the original Silk Road was earning over $10M a month, and only got caught because he was sloppy got published far and wide. There is almost certain a flood of Silk Road clones out there now. It's probably one of the few things that outnumbers bitcoin clones. I expect most of them are run by 2 bit crims who picked up their l33t script kiddie skills from their prepubescent cousin.
I am somewhat surprised there has only been 3 of these so far. I expect this is the start of a never ending flood, and it will only drop off the newspapers when it becomes obvious it's an everyday event.
Since this seems to be the place to post comments on beta:
I can't help but agree with the FUCK BETA crowd, even though I have started modding them down. This isn't beta quality, and it should never have been inflicted on the undeserving public.
True. Theses devices are modems, and they power things like fax'es and EFTPOS terminals.
You know what? Modems are what we use to send digital over an analogue line. They don't work over some VOIP, but ye gods if you are kludging a digital line over VOIP emulating a analogue signal over a digital signal which is sent using an analogue PYH using a high speed modem - maybe it is time for a layer or two to die.
In other words, complaining that about VOIP making life difficult for modems is like a teamster complaining how the hard the asphalt is on the horse's hooves.
I don't know about Charter-crap or Comcast-shite, but here in Australia I can tell you what happens with a PODF. Initially batteries in the exchange power the PODF, and it's all good as you say. But if the outage is caused by a category 5 cyclone named say Yasi then some of the exchanges will be isolated, so the next thing that happens is the batteries go flat. Not a huge problem as the diesel generator cuts in automatically. But then it runs out of fuel, and your PODF dies.
So what now? Well I can tell you what thousands of Aussie's effected by Yasi did. They used their mobiles. If the mobiles didn't work they hopped into the car and drove to somewhere that did. And if their mobiles went flat they charged them using the car. Turns out determined human with car and mobile beats PODF every time.
Here in Australia we are building something called the NBN. Sort of like the FCC plan being described here, but we are skipping the trial step. (Well, not really. The NBN is better described as "re-writing the country", but exactly what that means is up for debate, however one thing is clear: POTS dies.) There used to be a huge debate about batteries, just like the one you are starting here. Yasi ended it.
If Google isn't careful, they will loose this race. Right now it is a bit of a toss up. It wasn't always so. A few years ago OSM was just toy, and the Android Google Maps app did a reasonable job of offline maps and searching the local area. My how things have changed.
On the one hand Google has been busily removing features from it's Maps app. I think they were trying to make it easier to use. Whether they achieved that is debatable, but what they done is make it less useful. You can't measure distances now, the search for local places of interest is all but useless, there is no way to find out what maps are available for offline use.
OsmAnd+ on the other hand has acquired one big missing feature - directions, navigation and voice. Amazingly its point of interest search works much better than Google, possibly because the locals enter the point of interest data. And it always had a number of features Google Maps doesn't:
Normally I would not bet against Google. But collecting traffic and public transport out of the realms of possibility for Osm. If that happens, I can't think why anybody would choose to use Google Maps over OSM.