561 posts • joined 11 Jul 2011
He was a very naughty boy
And I'm very glad he's now able to use his skills to make an honest living. Should have been given a hundred hours community service by the local magistrate and the chance to get on with life much, much sooner. Instead he spent what should have been the best years of his life awaiting extradition and is still confined to the UK until the US legal system and politicians stop behaving like drooling idiots.
That's probably why the code got into a mess. Having a good testsuite will certainly help in refactoring. Problems this library has to deal with include doing integer arithmetic securely on 4096 bit numbers and larger and at high performance on different CPUs. And you can't afford to leave any clues in memory which might be reallocated to a different process afterwards. So you've got all this non-standard stuff done in many different ways, and need to avoid integer overflow and stack and heap smashing bugs as well, none of which you can develop automated tests for until you know about them.
foxes and the management of hen houses
Talking of conflicts of interest, can any beneficiary of strong IP protection be trusted to present an unbiased view ? Surely the conflict of interest present in the behaviour of WIPO is dwarfed by the conflict of interest inherent in the simple existence of this organisation.
"disappear forever. Will it happen with bitcoin ??"
Unless the cypto protocols are broken and the system branches wildly without consensus about which branch is "authentic", I expect Bitcoins might be traded in 100 years, just as Penny Blacks are after they ceased to be carried by anyone's need to have letters delivered, amongst a historically inclined and nerdy trainspotterish sect. They probably won't generate many press articles though once they stop carrying some other historical baggage with them such as payment for blackmail demands, other than in the cryptocurrency equivalents of stamp-collector's magazines.
Of course this is all predicated on continuing interest in the "my CPU/GPU/Hashing farm is bigger than yours" electricity-wasting competition continuing.
Re: A matter of scale
If you're interested in non-state currencies which have been proven to have operated at scale with a stable value standard for decades (since the 1930ies) have a look at Wirbank in Switzerland. If you are a Swiss SME with a good trading reputation, then you'll be able to get the cheapest mortgage finance in the world using this community currency, which is very widely used and accepted by and between Swiss SMEs. It's just like a LETS, in relation to how the accounting is done, except it's done as a professional and not as a voluntary operation, and credit control is done managerially rather than by providers of goods and services within the currency.
State currencies not the only game in town
I'm a member of a LETS group which has operated for 21 years. Money earned that long ago is still spendable at par with conventional UK sterling at our trading events. You don't have to waste electricity to do double entry accounting within a closed group. And if you dislike conventional currencies as value standards, do the same kind of accounting using hours or minimum wage hours as your value standard at the cost of making it marginally more difficult for account-holders doing tax returns.
Re: I'm not surprised
Bitcoin doesn't circumvent any legitimate businesses. The idea that it reduces money transfer fees can only operate for those willing to enter into risks (which carry costs of their own) much greater than those undergone by those using conventional markets. An argument could be made comparing Bitcoins against gambling tokens issued and redeemed at casino cages, but I don't think any casinos consider their business models to be threatened by Bitcoin.
It's a bubble speculation which has proved of some ongoing value to some cyber-criminals, drug dealers, botnet operators and digital blackmailers. The exchange value of a Bitcoin is predicated on a similar basis to the value of rare postage stamps, but is much less stable. These are man-made artefacts in deliberately limited editions of interest to collectors of such, and of no intrinsic interest to anyone else, unless your computer delivers you a notice telling you one is required as a fee to a blackmailer to recover the encryption key from a server operated by criminals or your data will be deleted.
Has to be multicurrency to be useful
Because many things can be currencies in different contexts. E.G. air miles, my supermarket's points, the balance I have with my local LETS, prepaid credits I have with Oyster or on my PAYG phone. And if physical cash is insecure, having to manage many physical kinds of cash in my wallet is worse. Pushing the idea that the whole world transacts using a single currency suits those interested in preventing competition so the usual suspects can get their rake offs.
Re: Hang on a minute…
SSH can be setup either to use a shared secret password, or to use public/private keypairs, where only the public key would have needed embedding, and clearly the latter approach is safer if slightly harder to setup. I've installed it using both approaches. Cisco had wanted to leave a way in for themselves and/or their spook friends without it becoming so easily exploitable and had thought a bit more carefully about this, they wouldn't have used the shared secret password approach.
NSA behind this ?
You can't achieve security without trust at some level. That's looking at it from the point of view of risk management which is possible, and not full risk elimination which isn't possible.
You can make whatever conclusions you like of the fact Phil Zimmerman is their CEO. He was the author of PGP and faced a grand jury trial many years ago which was eventually thrown out, based on the allegation his authorship and release of PGP contravened export regulations which classified crypto software as equivalent to munitions at the time. You can form whatever opinion you like of Phil's motivations in doing this, and of his ability effectively to select and manage whichever professional engineers he has chosen to collaborate with him on this.
anonymous phone purchase
If it's PAYG, get a friend or agency to buy and register it for you. Illegal in some countries, but effectively unenforceable.
Bit like the law which required London cabbies to have a bale of straw in the boot repealed in the 1960ies, long after anyone was worried about starving cab horses. Ultimately that kind of law would prevent any kind of exchange or contract from being legal unless one side paid legal tender currency to the other.
Pick of jobs
Robert Morris didn't do too badly. But computer crims didn't have to waste 10 years of their life awaiting threatened extradition then. https://en.wikipedia.org/wiki/Morris_worm
Re: Worked on something similar to this.
Me too, in the early eighties. I didn't even know then the name of the problem. Ended up optimising 3 variables, 1. The time on the CNC drilling tool used to drill a stack of PCBs, 2. The machine time on the much more expensive mainframe computer, and 3. the number of days programming effort.
I seem to remember I did it by dividing up the rectangular area into a number of smaller squares with suitable start and end nodes within each square to minimise movement of the drill head between squares, optimised the route within each square and moved between adjacent squares.
Re: Been there, done that. - well more or less depending how you view it
"The user id doesn't work on your demo app."
Fixed it for now.
Been there, done that. - well more or less depending how you view it
If the people providing the goods and services being sold decide the credit rating of people doing the buying, within a group of people who trade with each other and keep score , you don't entirely need the BofE issued stuff, you can create, circulate and destruct some of your own as part of the process. I've even coded a webapp to keep score , it's all just double entry accounting.
the terminator is already very nearly here
If you were a known Al Quada operative organising training in Waziristan with a known face, would you trust the drone overhead not to be making targeting and missile launch decisions itself based upon facial recognition ?
Interesting to know
What proportion of newly mined bitcoins (and increasingly transaction charges) are using stolen CPU capacity (botnets) and unauthorised use of electricity.
"Pity that the most crumpled places in the UK, i.e. those best suited to hydro-storage, are those bits most likely to devolve and claim independence."
Matters from one point of view, but not this one given suitable market incentives. Eire has been considering using their western mountain ranges for pumped storage. Not so much for their own needs, but to sell more reliable renewable electricity to the UK. Same applies to increasing interconnector capacity across the North Sea (as well as the Irish Sea), enabling access to Norweigan hydro and pumped storage on a commercial basis.
Who cares about commercial crypto ?
When this all depends upon previously amateur stuff like OpenSSL where they found gaping holes due to the guy who maintains it having to do something else for a living ? Actually that was the case until last month, when organisations realised they were sufficiently dependent upon it that they started paying to have it maintained. http://opensslfoundation.com/freesupport.html
Re: complexity and obsequiousness
Block structure based on typographical convention has the interesting effect of encouraging you to use the main roads more because of these minor speed bumps, rather than trying to construct very long journeys using seemingly more familiar and understandable but minor and tangled roads and lanes.
For projects requiring more than a couple of hundred lines of code, you should generally be focussed on the source files, packages, modules, classes and objects concepts relating to the problem and solution, not on how you get to do function, loop and branch control done in order to patch together something that just about works but is neither scalable nor maintainable.
Re: Fraudulent Source?
"How do you decide that?"
Look up the IP address of the SMTP client sending to your SMTP server, or the last SMTP server in the Received: header chain you trust. If the reverse DNS PTR record indicates it's a dynamic host, reject it. If you're its ISP providing a smarthost for it, rate limit it. If its address is in zen.spamhaus.org reject it. That will get rid of about 95% of spam.
You can then get rid of another 4% or so using more complex measures such as maintaining your own DNSBL, using Spamassassin, ClamAV, SPF, URLBLs.
One side used to make fantastic innovative and high quality electronic consumer goods. Which were excellent at copying things. Sounds onto tape. Tape into sound. TV signals into pictures.
The other side tried to make a business out of media and copyright and wanted to stop the other side of the business making it easy to copy content easily or perfectly.
The solution - split Sony into 2 companies where one side isn't trying to sabotage the other.
Re: If that's not a typo...
The level of security audit and testing feasible on hardware and software is proportional to its age.
So if you really want a secure system, you don't want the latest shiny. You do want something that's been around for a while and has been very heavily used by many curious people willing to publish what they have discovered.
So why should the miner care
If the mining is done on pwned hardware anyway ? The beneficiary doesn't pay for the electricity used to run pwned hardware. It's an externality.
Given the amount of pwned hardware on the planet, it seems economically improbable that anyone paying for their own rigs will be competitive in this murky world against pwned botnet mining.
Cut my programming teeth on S/390 TSO architecture
We were developing CAD/CAM programs in this environment starting in the early eighties, because it's what was available then, based on use of this system for stock control in a large electronics manufacturing environment. We fairly soon moved this Fortran code onto smaller machines, DEC/VAX minicomputers and early Apollo workstations. We even had an early IBM-PC in the development lab, but this was more a curiosity than something we could do much real work on initially. The Unix based Apollo and early Sun workstations were much closer to later PCs once these acquired similar amounts of memory, X-Windows like GUIs and more respectable graphics and storage capabilities, and multi-user operating systems.
Re: Interesting, but
If it is closed and curved, and you could see the same object more than once, you wouldn't see exactly the same object, more a much younger and older version of the same object. Chances are you can't see all the way around in time to see anything more than once in that way, because the big bang occurred more recently than would make that possible. It's possible to see the same object through more than one tiny variations in direction, due to gravitational lensing. But it would be a very major cosmological discovery if we started to observe a provably same, distant and early galaxy in more than one very different direction.
What is even more weird is that the further you look in any direction, the closer you get to the same big bang singularity which existed in a much smaller region. That's a bit like the idea of a universe being like an expanding balloon but with an extra dimension - we can look in any direction on the surface of a balloon and you get back to the same point when the much smaller balloon hadn't been inflated.
So who are they speaking for anyway ?
There already is a European data network, and no particular reason for messages not to be most efficiently routed within it, as I'm sure very many are. But that doesn't stop a free citizen or business operating within an EU or Shengen country locating data and servers wherever personal preference, business or legal issues require.
I'm free to locate my server wherever it suits me and commerce offers suitable facilities, and having some crat or politician telling me I can't locate it where I want to reduces the reasons for me to want to locate it closer to home.
organics likely to be purchased by richer consumers
Richer people are probably less likely to smoke or have other risk factors associated with poor environment, and less likely to have suffered poor health in the past which causes poverty. Also richer people who are likely to live older, so have a greater risk exposure to cancers associated with being around for longer. I'd guess these factors will probably dominate over the factors looked at in the study, in the sense whatever differences are more likely to be correlations than causations.
"And what does "control of ICANN" mean?"
If whoever controls ICANN does something really stupid, people (mostly ISP technicians) get their DNS resolvers to point to emergency root zone copies provided by a more reputable party, e.g. some organisation formed for this purpose by the various TLD DNS content server operators. It'll be a little more difficult when lots of barely computer literate end users will be running DNSSEC end to end down to client level, as that would then also require automated OS patches to change the DNSSEC root of trust key. But that's likely to be a long way off.
Not sure if flogging off top level domains to the highest bidder, as ICANN are now doing, qualifies as really stupid as I guess it will make their directors and execs personally a lot more wealthy in the short term. But it's certainly going to increase breakage for everyone else.
Using more than one system at the same time is the worst as this results in rocket fuel strength or weak beer. On an international brewing forum I try to discourage exchanges of recipes using gallons as often no-one knows which kind of gallon others are using unless they know which side of the pond they're based. Pounds and ounces are the same both sides, but gallons are smaller in North America, also having the effect of us Brits making us think Yank gas guzzlers drink even more gas than they do.
To accommodate all the random books in the Library of Babel postulated by Jorge Luis Borges, needed to include the works of Shakespeare should it be assumed such volumes arose entirely from chance.
If the fine tuned universe problem is genuine, cosmologists have a similar problem, but solving it using the assumption of an infinite energy singularity alone creating all possible universes doesn't seem any more plausible to me without much better evidence than the evidence we have .
Re: Multiverse? So 1990's, THIS universe is someone's simulation
"There are no clues to whether reality is real or fake."
I guess that's what Plato figured out with his cave analogy. To this we nowadays add the problems of perception and consciousness, in the sense our perception is bound up in our theories about optical and sound wave radiations impacting upon our eyes and ears, so we don't experience things entirely objectively at all - to do that would require our ability to perceive independently of the mental models we need to use to make sense of our perceptions.
Law unto themselves
The fact ICANN is technically a non profit doesn't mean it hasn't been given a license to print money for the benefit of it's executives and directors. How much are TLDs sold for advertising purposes worth, and to what extent does ICANN bringing these into existence indicate any kind of global consensus other than a self-interested one ?
I see controversy ahead.
windpower reduces hurricane damage caused by hot air
If this article based upon a paper by Marc Jacobson from Stanford University to the American Association for the Advancement of Science is to be believed, having more offshore wind electricity generation, by reducing the surface windspeed influence upon hurricane formation, will directly reduce risk to coastal areas of hurricanes and storm surges.
gambling chip currency
Useful within a casino but not much outside. Created using a specialised manufacturing process with some interesting security properties. Your holdings go up or down relative to real money as they would in any casino where you gamble. In the case of Bitcoin this gambling chip is used within a network of casinos, so can go outside. Most users obtain these chips from a casino cage, here known as a Bitcoin exchange. It's also a bad idea to leave your cash at a casino cage for long in case the casino is robbed or defrauded and goes out of business. But without the exchanges, this gambling chip would probably cease to be played with, as new gamblers would find it more difficult to get involved, though these chips could hypothetically continue to be used between gamblers who arbitrarily value these.
And if the state really wants to regulate this game, it seems most rational this should occur based on the same motivations and methodology by which gambling is regulated.
Pure honey, water and yeast doesn't ferment well because it is low in the nutrients yeast needs to grow and has a neutral Ph. It's also low in tannin leading to a flabby drink tasting medicinal and lacking bite. Add some tea and fruit juice (e.g. lemon) and these deficits are remedied. The honey taste with the sugar replaced for alcohol also benefits from spices, I suggest gentle portions of cloves, cinnamon, coriander, nutmeg and ginger. That's a wine mead. An alternative is to make a beer mead - use hops and a small amount of malt to act as yeast nutrient without overwhelming the honey flavour.
Never seen that airlock before
Searching for 'shax airlock' found nothing relevant. Also, if the initial ferment is fast, as suggested by these ingredients and instructions, there seems to be a risk of the airlock blocking with foam and a very messy bottle bomb if there's no other way for the C02 to escape.
I'd always suggest leaving 20% headroom for foam, and also for the first week no bubbler is required, just put some clean tissue over the top and a rubber band - less risky and gives the yeast a bit of oxygen to feed on until it gets started when the C02 blowing out will make the ferment anaerobic.
If you haven't got a proper airlock I'd suggest using a food grade plastic bag tied over the top with rubber bands during the second week. Also as there is no fruit pulp in the recipe to be liquified in the ferment, I can't really see what the pectolase is for - seems a bit pointless to me.
FSO as I see it is more an educational application for student learning projects and hobbyists. The effect of weather conditions on propagation are reliable enough for hobbyist applications, but probably not reliable enough for transaction markets.
For those wanting to play, have a look at Ronja .
Re: The world would be a better place
There seems little point banning based on legal minimum duration of exposure to risk of ownership, though there would be a moral case for that. It seems to me to make more sense to introduce the Tobin Tax on such transactions - a very tiny percentage of the value of the transaction which encourages longer term thinking by the investor, and which benefits public services also.
It's built into the DNA of the kind of government we have. This is based on the idea that a government collects taxes, the primary purpose of which is to secure its citizens based upon some kind of rule of law, as opposed to banditry or mafia rule which doesn't give a toss about any laws.
And if you don't like the consequences of this kind of DNA, based around the idea of government as having a monopoly over the exercise of power, then make this kind of government something we can progressively defund by supporting another kind, enabling us to vote how taxes are spent in a more direct and decentralised way: http://copsewood.net/writings/kaytax.html
Microsoft needs to adapt
To the fact that competition exists. Just as IBM did successfully a couple of decades ago, by decoupling their major product divisions. Getting their business and server software to work well on other OS platforms would be a start. This would improve software quality and resilience also, by removing undocumented and proprietary hooks between the OS and application and network layers which shouldn't be there in the first place.
Getting Active Directory to fully support Linux and Apple products, as well as the main mobile platforms would also be relevant.
I've used Linux on the desktop, server and embedded platforms for years, but Microsoft still has some excellent products. And they really can't afford to restrict the market for these products to their own OS platforms.
Re: I'd pass that test
"In all a completely useless piece of legislation."
Not useless if someone illegally requests you obtain this personal data in writing. This written request then becomes evidence of the offence having been committed. Also going into an interview covertly wired for sound is likely to obtain evidence of this request spoken suitable for public exposure and prosecution. It's a standard news gathering technique.
I'd would also tell a prospective employer to f*** off if they asked for my Facebook password - I've heard of some doing that but I would never want to work for such a s***. That kind of request for me would be the end of the interview.
Problem mainly solveable using standards
Having to remember and input passwords makes any online system depending upon these weak.
The banks have (largely) solved this by giving everyone a uniquely keyed device with a trivial secret needed with it (chip and pin) and issuing all merchants with a device it plugs into. Something you have and something you know. A standard intended to be usable by any number of servers and users for any number of applications has to be able to do at least as good as this. Initially I think it will be an application run on mobile phones which have the standards compliant embedded crypto chip which can sign stuff or one time entry tokens as you. Those wanting a device which hasn't got other (non security) applications will be able to find such on the open market once the API and network standards etc are well enough defined. Goes without saying these devices should be able to talk securely over Wifi, USB and Bluetooth - mobile phone apps already do. Maybe the SIM card could have some useful crypto extras standardised for this.
If you want better than something you know and something you have, then not too difficult to add a fingerprint reader - something you are, but knowledge of your biometric used to unlock your device need be known only by the user and the security device the biometric unlocks.
The obvious userid is any email address which can be routed to message the security device. No harm and much benefit in having more than one which a security device can sign for. The obvious PKI where certificates for such device keys should be stored and found is DNSSEC.
No such solution will ever be perfect. Questions to ask about new proposed solutions like this are whether it is usable, affordable, open to all developers, and better than what was used for this purpose previously.
self serving ICANN
The problem is that its pseudo-accountable self-funding structure results in ICANN becoming self-serving as well. Not that you need a very large organisation to manage the equivalent in the DNS space of deciding which international dialling prefixes the ITU manage uncontentiously in the telephony space.
Unfortunately a self-serving organisation isn't going to stop there. Flogging off .porn and .cocacola at $185,000 a pop resulting in pollution of the DNS top level domain space comes next.
"That one is a myth. Every transaction on the Bitcoin network is visible to the public, which makes it virtually impossible to launder money on it."
Not impossible for those in control of botnet capacity.
For them there's no shortage of Bitcoin IDs represented as public keys, IP addresses, and different chains of relays usable for hiding the human identity behind each transaction. IDs available on the Bitcoin network associated with exchange acounts can over time exhange enough cash in or out of it. Given very low transaction costs, much of the rest of the Bitcoin traffic can then be chaff, preventing traffic analysis being effective when conducted by those studying the blockchain. This means large enough transactions can split into small enough chunks and routed sufficiently independently of each other or any real world identity, e.g. traceable through IP address, from the POV of anyone studying the blockchain. Enough Botnet capacity can be devoted to mining that Bitcoin transactions costs are a profit to Botnet operators anyway.
Knowing the IP addresses may partly identify the legitimate Bot owners. This doesn't disclose anything about the identities of those criminally controlling the Botnet.
@Vega Re: This would be a good moment
This is just one exchange - a has-been at that - being horribly inept. There is nothing here that affects bitcoin as a whole."
If it's nothing that affects Bitcoin as a whole, how come the 30% drop in exchange value ?
not chucking out the contract baby with the fraud bathwater
"It's a shame really that the groups opposed to Bitcoin have most of the world's money and could, if they wanted, subvert as they see fit."
As someone opposed to Bitcoin but who has developed other types of complementary currencies with some local success, it's important not to throw out the baby represented by the ability of 2 parties to form a contract in their mutual interests with the bathwater of the various fraud and crime opportunities Bitcoin and similar mechanisms of exchange enable.
So personally I think governments with regulation concerns should consider the extent to which particular Bitcoin type businesses create and provide opportunities for money laundering, Ponzi and other advance fee frauds and regulate these business types in manners compatible with current regulatory principles.
I've seen a number of Bitcoin related business scams in related news over the last couple of years, including wallet providers running off with deposits, electronics mining rig manufacturers taking advance payment and not delivering goods, and then of course there is the issue of money laundering. Not a set of problems mutually operated double-entry accounted currencies (the largest of which is the Swiss Wirbank) seem to have experienced to any great extent - and we don't want our kind of operation chucked out by laws intended for overzealous regulation of currency types which seem to deserve stricter oversight based upon existing regulatory principles than we do.
Putty - how best to use
Putty works fine in X forwarding mode. Install X-Ming with the --multiwindow flag to provide X suppport on Windows. After starting X-Ming, Login with Putty in that mode and then launch and display a real Linux terminal (of your choice) on your Windows desktop from your Putty command line e.g. like this:
then you don't have to put up with the crummy Putty ssh terminal lacking Unicode character support.
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Human spacecraft dodge COMET CHUNKS pelting off Mars
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
- Downrange Are you a gun owner? Let us in OR ELSE, say Blighty's top cops