Something tells me Matt Prince would sooner shut down CF than bow to NSA demands.
If that were true, he wouldn't have built something so perfect for abuse.
Readit Newsjwilkins commented on Back door found in Allwinner Linux kernels theregister.co.uk/2016/05... · Posted by u/powerbook5300CS
jwilkins commented on Craig Steven Wright claims to be Satoshi Nakamoto economist.com/news/briefi... · Posted by u/shazad
What do you make of Ian Grigg claiming to confirm Wright, having known him as part of the Satoshi team? http://financialcryptography.com/mt/archives/001593.html
He now retracts, says it was poorly worded:
https://twitter.com/iang_fc/status/727071298325618689
/dev/urandom while entropy available is low:
$ rngtest -c 200000 -b 2000 < /dev/urandom
.....
rngtest: bits received from input: 4000000032
rngtest: FIPS 140-2 successes: 199848
rngtest: FIPS 140-2 failures: 152
rngtest: FIPS 140-2(2001-10-10) Monobit: 24
rngtest: FIPS 140-2(2001-10-10) Poker: 15
rngtest: FIPS 140-2(2001-10-10) Runs: 60
rngtest: FIPS 140-2(2001-10-10) Long run: 54
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=3.782; avg=63.752; max=82.928)Mibits/s
rngtest: FIPS tests speed: (min=4.559; avg=158.909; max=194.627)Mibits/s
rngtest: Program run time: 83882495 microseconds
I hope that this was offered as an example of the sorts of broken thinking that justifies this sort of backdoor that eventually leaks/is discovered by others.
1. Key based backdoors are as good as it gets, but in order to be useful to most large entities, they have to be at least somewhat exposed internally, making them prime targets for leakers. 2. Hackers routinely take over routers. Ask Juniper. 3. Telcos get hacked. 4. Hackers are curious fuckers who are interested in the most obscure things. 5. Also the most impressive boxes, someone will either find a way to emulate it or someone from the team will find it impossible not to build one at home on the weekend 6. See wireshark also the automated protocol dissector research 7. Vendors are owned, hackers get early access too.
jwilkins commented on Hidden in plain sight: Brute-forcing Slack private files ibuildings.nl/blog/2015/1... · Posted by u/relaxnow
Also important to note it took Slack over a year to fix this issue often with long stretches of silence even with requests from the bug hunter.
One thing I can add from my analysis is that there aren't seperate counters for files/teams/etc. there's only one. So if a given id is used by a team, it won't be used as a file id.
jwilkins commented on Hidden in plain sight: Brute-forcing Slack private files ibuildings.nl/blog/2015/1... · Posted by u/relaxnow
Also important to note it took Slack over a year to fix this issue often with long stretches of silence even with requests from the bug hunter.
Interestingly, I put the same bug in at HackerOne 9 months ago. It was closed as not applicable. So they had at least two independent reports of the same bug and failed to understand it, acknowledge it and then fix it.
Way to go slack.
If you have any critical data passing through slack, when you get owned, you won't be able to say say it wasn't entirely preventable.
jwilkins commented on Easy to use well documented crypto library that can be trusted? · Posted by u/hrshenk
DJB's nacl or libgpgme.
jwilkins commented on The Bitcoin Blocksize: A Summary rusty.ozlabs.org/?p=535... · Posted by u/alexcasalboni
$1.63 per transaction rules out the possibility of microtransactions. I personally don't think that anyone has the moral authority to deem a use-case "wrong" for a currency. You need to support transactions involving pocket change just as well as you support transactions in benjamins to see wide acceptance.
Such high transaction fees effectively make the currency indivisible to a substantial degree. Sure you can send someone a penny, but if it costs $1.63 most people won't. So that sets a very high minimum floor before people will consider using it in a transaction. Note that this is different from transaction service fees - yes, some places have minimums for CCs, but it doesn't cost me anything to hand you a penny, or even to send you a check for a penny.
The answer to blockchain size is - sidechains, actually. What I have a problem with is meta-currency - the idea that you must necessarily transfer to a separate currency or trust a third party to perform day-to-day transactions. That creates independent currencies with their own security risks, and divides the hashrate into individual pools which are more easily attacked.
Instead what I want are sidechains that compress a series of transactions. You never actually trade on a sidechain, but at some trigger event or time interval a series of transactions is brought onto a sidechain and reduced to a net-sum of inputs and outputs, then instantly reattached to the main blockchain as a single net transaction. You can call this checkpointing or whatever you like, but it doesn't need to be (and shouldn't be) all of the transactions on the blockchain, or even the most recent transactions that are sidechained. In fact I think it makes the most sense for it to be the oldest, say the oldest week of transactions (targeted) within a rolling 28 day window. Long enough to make attacks difficult, short enough it's not too large on disk.
You essentially rebase the blockchain onto a new squashed changeset. This transaction also includes the original hash of the transaction that used to be there, so the chain still validates properly, and the hash of the last confirmed regular block, so it can be strictly sequenced. Everyone validates the squashblock to be sure that it tallies properly and hashes correctly, and if it doesn't reach consensus it's not accepted. If accepted, the next regular/squashblock must include the hash of the squashblock to indicate acceptance.
Still doesn't solve the problem of dust taking up space, but it solves most of the problem. Or maybe sweeping dust is part of the reward for the squashblock somehow. I do like the idea that if you don't sweep your ha'pennies they fall into the couch cushion. Maybe you'd implement that like "any dust that hasn't moved in a block before the squashblock is confirmed may be arbitrarily moved", so dust older than a month (average) is swept.
Why does the penny transaction have to confirm in 10 mins? Currently, and for at least a couple of years, you will likely still be able to send 0 fee transactions. The time for them to appear in a block will increase however.
Have you heard of Lightning (https://lightning.network)?