The vulnerability breakdown is 1 Denial of Service, 2 down-grades, and 2 side-channel attacks. Downgrade and side-channel attacks are prevalent where backward compatibility functionality exists.

"Also, this isn't a heist, because nothing was stolen. It's more of a counterfeiting operation, if I understand the commentary correctly. Someone took advantage of a recursive bug and an anti-pattern of calling recursive code before updating values and essentially created more 33% more Ether than previously existed out of thin air."

It was a heist. Ether didn't get created, it just got moved. The child DAO tokens could theoretically have been "created" out of thin air if you drained the DAO past 0 recursively, then the balances were updated on all those recursive calls (after the sending of the tokens). That didn't happen though, he was just able to stack a bunch of withdraw operations up recursively, and the withdraws executed before the balance was checked (for each method call). Even if the past zero drain had been attempted, the Ethereum network would have errored out when the contract tried to send more funds than it had, so you couldn't generate Ether out of the ether (teehee).

Here's a great write-up: http://hackingdistributed.com/...

Yah know what, you're actually right. I was thinking of the normal "race to the goal" zero confirmation attack, but you could theoretically stretch it a bit. I apologize. However, it's pretty easy to detect if someone is attempting this longer time period attack, and the payment processors should be able to incorporate that logic fairly simply. The ones that don't will almost certainly be out of business quickly.

"The difference between you and me is that I read these claims with a degree of skepticism, while you swallowed them whole."

No, the difference between you and me is that I don't insert strawmen into an argument. The situation you tried to claim was easier (paying with a credit card) is not the situation they were trying to address. I pointed that out, and now you're trying to back-pedal.

Steam is accepting Bitcoin, so apparently they thought it would be beneficial in addition to their current payment options. You can go claiming it's not beneficial as much as you want, but Steam apparently disagrees with you.

"And with the way Bitcoin works now, one can easily scam Steam out of a sale, play the game and beat it in a couple of days, reverse the transaction, get banned, repeat with new account and wallet, and Steam will never be able to stop them." The reversing of transactions is only possible for zero-confirmation transactions. That's ~10 minutes you have to beat the game, not a couple days.

You're not big on reading, are you? Steam identified payment as a problem, so apparently they weren't buying the games or were having significant trouble doing so.

From TFA: “While more users are coming online in in these countries, traditional payment options like credit cards often aren’t available.” Great job making a completely invalid point.

Simple international payments for a product that doesn't require instant confirmation. Exactly what the technology was designed for! Well done, Steam.

They do rotate their offerings. Generally the content is always available, but what is free vs paid will rotate over time.

The majority of the stuff in this database is boots and other gear, not guns and armored vehicles. You even get stuff like printers and fax machines from this program. If you scroll through Alaska's list almost all of it is cold weather gear.

This program is used to get a second use out of any military surplus, it is not some sort of "arm the cops" program. That's just what people are focusing on right now because it's news-worthy. This program has almost jack-squat to do with how police forces are armed (they buy most of their stuff new), it just has the combined words "military" and "police" which gets hits on websites.

False. They're primarily focused on traffic violations.

That exists already for most phones. Police do not attempt to recover stolen phones. They just don't care (they say they don't have the time resources to do that, remember that next time you're getting a speeding ticket for going 8 over the limit).

Look, I don't mean to be a prick, but moral relativism by definition says wrong is subjective. Whatever you're trying to talk about, it's not moral relativism.

What do you mean by integer rounded? His graphs are of score on the x and # of that score on the y. Both his axes are integer values. Do you mean it's possible the test had fractional scores and he (or the scorers) rounded them in the analysis? Otherwise I don't understand your point.

Well, with your 31 years of experience as an independent country, I'm shocked we haven't all followed your example...of partial governance...of your own "country"...