Forgot your password?
typodupeerror

Comment: No big surprise there (Score 5, Informative) 301

by retep (#46570671) Attached to: Researchers Find Problems With Rules of Bitcoin

Ignoring game theory, it's easy to see how the model of mining being only paid by transaction fees doesn't make sense. After all, mining security is something that benefits all holders of Bitcoin, regardless of whether or not they perform transactions, so surely all Bitcoin holders should be contributing to that security.

How do you do that? Make everyone pay equally. Currently that is how Bitcoin works due to the inflation subsidy. (about ~10% per year right now, leading to a per transaction cost of about $50) Just keeping that subsidy indefinitely at some sane level, say 1%, is perfectly reasonable. There's other options too, but fundamentally people like a free lunch.

-Peter Todd, Bitcoin developer

Comment: Re:x.509 WTF? (Score 1) 110

by retep (#46554029) Attached to: Fake PGP Keys For Crypto Developers Found

Regarding binary and source code distribution, there's nothing to fix really - both source and binaries are already protected by X.509 certificates by virtue of being hosted on SSL-using websites: https://www.mail-archive.com/b... Secondly PGP keys are hosted on https://bitcoin.org/ which gives users a manual way to get them securely, verified by X.509. We should check that certificate pinning is being used, and it'd be good to have a second code repo beyond github, but we're in pretty good shape already. I'm willing to call a spade a spade: Mike's loud pronouncement about how this is proof that PGP sucks is trolling.

As for payment authentication, keep in mind I'm a consultant. I act as official Chief Scientist for Mastercoin, and unofficial "chief scientist" for a whole bunch of other projects. My job is to advise other people who are doing the actual work; if I tried to fix everything directly myself I'd be wasting my time. Heck, right now I'm writing an (private) email outlining some ideas on the specifics of OpenPGP/X.509 integration to one of my clients and I expect we'll start to see this stuff get actually implemented in the future. It won't be my code, but I'm happy to have done my part in guiding others building secure systems.

Comment: Re:The chain of trust is broken. (Score 2) 110

by retep (#46553603) Attached to: Fake PGP Keys For Crypto Developers Found

Agreed!

Personally I'm actually kind of excited to see the security requirements for Bitcoin usage and Bitcoin-related development push more developers and users to learn about and understand OpenPGP and the web-of-trust. It's been a real backwater for years now, but there's so much that can be done to improve UI's for understanding how the web-of-trust works and using it. That no-one has made even a simple "mass-and-springs" visualization tool for WoT signatures is sad, yet even something as simple as that would go a long way to helping developers use PGP properly.

Secondly, we have to remember our goal doesn't need to be "get grandma using PGP" - just "get developers using PGP" and "get professionals moving large amounts of money using PGP" is by itself a worthy and very attainable goal. It's totally OK if for low-security-applications like small value Bitcoin payments just outsource trust to centralized certificate authorities. What matters is that for the applications with high security requirements, like large Bitcoin payments and Bitcoin-related software development, have the tools to do the job right without blind single-point-of-failure reliance on any one authority.

Comment: Re:x.509 WTF? (Score 3, Informative) 110

by retep (#46553463) Attached to: Fake PGP Keys For Crypto Developers Found

Never mind that we don't need to switch to X.509, we can add X.509 certs to OpenPGP.

When you think about it, in the web-of-trust model centralized certificate authorities are just entities that a lot of people happen to trust; there's absolutely nothing stopping us from taking X.509 certs and adding them to OpenPGP keys as just another type of signature and the X.509 certificate providers have no (technical) means of stopping people from doing that.

I've argued before to the Bitcoin community that what we really want is a "best of both worlds" solution where we support centralized certificate authorities via X.509 and OpenPGP for applications with low security needs while maintaining the ability to use the WoT for those applications with higher needs. It's totally OK if average user just uses software that automatically checks the X.509 cert or OpenPGP signature issued by a certificate authority when they download some wallet software or make a payment to someone. Meanwhile advanced users, and particularly developers, can check all the signatures, WoT, certificate authority, whatever, to be sure they have the right software when they're downloading "clean" copies for their Bitcoin exchange, or making high-value payments.

What really amazes me is how people seem to think this is a binary decision, centralized PKI or WoT. It's not at all! Heck lots of organizations already apply the central certificate authority model with OpenPGP - just looks at all the Linux distributions that have master OpenPGP keys to sign packages. That's a certificate authority, but with OpenPGP technology.

Mike Hearn has been lately going on a bit of a war-path trying to push Bitcoin into a model of blind reliance on singular centralized PKI authorities and frankly it's just nuts. He's even gone as far as to strongly advocate that we don't even support multiple X.509 certs for applications, which would at least require an attacker to compromise more than one certificate authority. This is particularly crazy when at the same time he has advocated that websites, e.g. bitcointalk, reddit, slashdot, etc. sign cryptographic certificates linking usernames to identities. The idea here is if I want to pay "IamTheRealMike" my wallet software could have, say, slashdot's certificate pre-loaded and trusted, and then I'd tell it to give the funds to that username. But why would I do that? I want to pay Mike Hearn. I happen to know he's "IamTheRealMike" on slashdot.org, and "Mike Hearn" on bitcointalk, so obviously if it's a non-trivial sum of money I'd want to be able to check that both sites have stated that they're the same person, and maybe I'll check WoT too, and, say, his countries passport office. It just makes so much sense to give people options like that, but we're rather mysteriously seeing resistance. If anything, I think it's kinda insulting to the professionals in this space, both developers and finance people, to tell them "We're all too stupid to learn about anything more complex than trusting the magic green checkbox". If I was running a big Bitcoin-related business I sure as hell would want more assurance than that; when I'm writing software used by others I sure as hell want more assurance than that.

Anyway, in the OpenPGP world I'm really excited to see KeyBase pop up. It's not perfect - the functionality probably should have been just an add-on to OpenPGP rather than a website - but it's a great step in the right direction of giving flexibility and user-friendlyness to the WoT. It also works great as a local application, so if you choose to you aren't relying on their website/service for the guarantees it provides.

Comment: Re:Helium Leaks (Score 0) 297

by retep (#45326947) Attached to: 6TB Helium-Filled Hard Drives Take Flight

Provided that atmospheric pressure works the fact that helium leaks is irrelevant: helium leaks into the harddrive just as easily as it leaks out of the harddrive. All you have to do is make sure that the harddrive is leak-tight for everything but helium - fortunately this is pretty easy to do as helium is the only gas that leaks as easily as it.

+ - Wikileaks Cablegate and other illegal data uploaded to the Bitcoin blockchain->

Submitted by Anonymous Coward
An anonymous reader writes "In addition to the Mt. Gox hack, there may be another important reason for the sudden drop in Bitcoin's value: Illegal data in the blockchain. First brought to the attention of the public via a reddit post someone has uploaded a copy of the Wikileak's cablegate-201012041811.7z, the AMI BIOS private key that was leaked recently, a bunch of GPG encrypted data, and later the text of the Jailbait and 'Hard Candy' sections of the Hidden Wiki, according to a reddit comment. More importantly though, a download and upload tool was inserted first as raw text, in a way that can be easily found in the blockchain data itself with the UNIX strings command, so unlike previous examples of data being uploaded it became public knowledge and snowballed into a real issue with the developers discussing it, with one even proposing a blacklist of 'illegal transactions' should be agreed upon by the community and applied centrally."
Link to Original Source

+ - IRS Can Read Your Email Without Warrant for Tax Info ->

Submitted by kodiaktau
kodiaktau (2351664) writes "The ACLU has issued a FOIA request to determine how the IRS is using its warrantless ability to read email. The request is based on the antiquated Electronic Communication Protection Act federal agencies can and do request and read email that is over 180 days old. The IRS response can be found at http://www.aclu.org/national-security/irs-response-warrantless-electronic-communications-foia-request. The IRS asserts that it can and will continue to make warrantless requests to ISPs to track down tax evasion. http://www.irs.gov/irm/part9/irm_09-004-006.html#d0e319."
Link to Original Source
Bitcoin

+ - Bitcoin blockchain forked by backward-compatibility issue->

Submitted by jhantin
jhantin (252660) writes "The Bitcoin blockchain has forked due to a lurking backward-compatibility issue: versions older than 0.8 do not properly handle blocks larger than about 500k, and Slush's pool mined a 974k block today. The problem is that not all mining operations are on 0.8; blocks are being generated by a mix of several different versions of the daemon, each making its own decision as to which of the two forks is preferable to extend, and older versions refuse to honor or extend from a block of this size.

The consensus on #bitcoin-dev is damage control: miners need to mine on pre-0.8 code so the backward-compatible fork will outgrow and thus dominate the compatibility-breaking one; merchants need to stop accepting transactions until the network re-converges on the backward-compatible fork of the chain; and average users can ignore the warning that they are out of sync and need to upgrade."

Link to Original Source

Comment: Re:You use GPUs for video games? (Score 1) 112

by retep (#42984177) Attached to: New GPU Testing Methodology Puts Multi-GPU Solutions In Question

Keep in mind that for Bitcoin the individuals like you running tiny little mining setups that might not be actually profitable as a fun hobby are a very good thing. Bitcoin needs mining power to be as well distributed as possible to make it difficult to co-opt, so the hundreds or maybe even thousands of individuals like you help that goal. However, it's helped best if you actually validate your blocks properly, and that means mining with P2Pool right now.

Bitcoin is lucky that the costs to mine for a small rig, on a $/hash/sec basis, are probably actually less than larger setups because on a small enough scale you can ignore cooling issues and often ignore power issues too. (heating in the winter or free power) There is overhead of course, you have to setup your mining rig, but that's often written off as a fun hobby.

"Who cares if it doesn't do anything? It was made with our new Triple-Iso-Bifurcated-Krypton-Gate-MOS process ..."

Working...