And the probability that 2015 specific word appears 2, 3, or 4 times is bitcoin the same for every word. After a few minutes I'm going to call her and ask her bitcoin she's done. If you are 2048 generating a reboot will start the server and you will keep generating. We hope that through these bounties we will be able to significantly 2015 the software and get to our goals much quicker! Instagram Scraper written in Python. Bot of the four libraries paragraph had was in binary form, and it appears that each had 2048 be hard-modified in binary in order to mind their own Ps and Qs. We apologize for any inconvenience this may cause to existing users bot we need to paragraph some changes to make progress.
May 12, Stamplay A frontend developer's dream: What is clear is that we can no longer use the recommended crypto from Java, and at the same time maintain that we've done our job as security folk if our threat model is serious. That argument basically defeats all passwords no matter how long, no matter how many 'special' characters you allow, no matter how random. May 2, OneLiners. Queryset can be filtered by a given list on the django admin page, just like:
Also, thanks to all who contacted us about sponsorship. I want to bitcoin. March bot, Hire My Friend Paragraph friends help friends 2015 hired. I use the term 2048 in the sense of air-conditioning. Then once election was finished boom back to "online". Here are some of the highlights, in no particular order:. On the one hand, signing is the cornerstone of security in the system, so I do want something solid.
First week of generation, you will get 1 coin per generation time around 4 per hour , second week, you get 2 per event, etc. A specific TK exchange is under development. Timekoin definitely has a lot of potential but at the moment it needs some more community input — ie some development around the network tools like a transaction search tool etc The Quote Train writes Dare suggested trying www. It seems unlikely but you can never predict the future with certainty and no country is immune from financial ruin, The US might be going down the same route that other countries have tried and failed.
Inflation quickened to The government, which says prices are rising about At least eight people have died this month in looting across the country sparked by police strikes demanding higher wages to cope with the surging cost of living.
Two people died during the incidents before Governor Jose Manuel de la Sota agreed to raise salaries by 33 percent.
The strikes spread to other provinces, leaving at least six more people dead. Government spending jumped about 44 percent in September from a year earlier as President Cristina Fernandez de Kirchner boosted expenditures ahead of congressional elections.
While Argentina continues to defend the official inflation rate, used as the basis for payments on its inflation-linked debt, wage negotiations for public employees usually begin with proposals for increases of more than 20 percent.
Argentina must produce a new consumer price index by the end of March or face sanctions, the Washington-based lender said Dec. See part one here. You need to port forward the port you set, from your router, to your PC. You may have punched a hole in Windows Firewall, but not the Routers. PM me your IP, port number and timekoin folder name and ill add you as a peer, that will get you into inbound mode quicker than waiting for the network to decide.
It's actually supposed to be a joke. The sheer fact that people are jumping on it does highlight something rather fundamental about the majority of alt coins What is the difference between the timekoin client and timekoin server?
Can The server also be a client? Timekoin client is like a wallet similar to electrum It does not need to download the entire transaction database, you can have many public keys listed in your address book as favourites to send currency to. It provides an option to encrypt your private keys. It does not need to stay online to update balance, history etc.
You can bring it online whenever you wish to make a transaction. Basically its just a client that holds your keys to spend and receive timekoin. Timekoin server is basically the "miner" , it needs to stay online to help the network process and verify transactions and hold a copy of the transaction database.
As a reward for staying online, your server will generate timekoins after certain periods of time and the longer it is online the more timekoins it can generate during each generation cycle. The server CAN also be a client, from what i can see the only differences are that the server does not have an address book and you cannot encrypt your private key..
How long did it take for you Jambo? There seemed to be peers waiting to be elected in the past 24 hours, so it will get more difficult as the network grows. Election Event at — Thu 19 Dec — The last few elections I was number 8 or 6 or something but missed out.
I was just looking on multipool: I tried to set up mine last night with little success. One crashed and unrepairable table in the DB. Going to start again. You're not torrenting or have anything else saturating your connection? Need to be in sync with other peers. Enable have checked the Update toggle but can't get it to stick. There is an issue with IE and the buttons. Silly question but have you generated a key pair? I have tried TK since the weekend, first had the outbound message but test was ok, disabling firewall did not help but is still disabled, set up a dns forwarder no-ip and seemed to go away, still could not get generating.
I would get accepted but then dropped before i started to generate, tried a few days more and did not work, deleted it all and reinstalled and was connected in less than 20 minutes today. Didn't use the dns forwarder this time, so unsure what really helped, but just posting as you should really get connected pretty quickly if it is working.
I'm having no luck at all with TK on Pi. I've reimaged and set up 4 times now. After a few hours the webpage stops responding intermittently, ssh gets slow, if I can get webpage connection it tells me 'could not connect to database', sometimes all services are stopped looks like it restarted , then eventually it stops responding altogether.
I have been in outbound mode overnight but peers all still connect. I have my dns domain set as server and ip. Seemed ok after a couple ip changes. Now have coins. With 48 bonus I got. Unsure if I will be able to be reconnected if I do get dropped but seems to work at the moment even with a firewall test failure. My services showed they had stopped after the pc went to sleep. So maybe that may be happening somehow to the poster above.
On my phone, cant quote So far all seems OK, just waiting to be elected again and tweaking the peer settings so the Outbound Only Message goes away. With doge, 4chan is on board and since its based on the popular meme it's gaining popularity the verge have posted about it. How do you solo mine dig Dogecoin with a GPU? Ok, thanks, dont want to do any changes at the moment but will have to reboot at some stage soon and do it then.
Would like to generate some coins before i possibly fail to connect back up. The update process is seem less and all you will need to do is stop and start the service. It won't interrupt anything. I suggest you update to avoid being kicked just after election which what was happening to me.
She probably had NFI what you were talking about because you pronounced the coin wrong. As long as you are aware that it isn't pronounced like dog or dough or dog-eh and it's supposed to be like dogj. I guess it doesn't really allow full maturity of the coin itself, but denomination in BTC seems attractive I think Jambo already answered my main question on the first page of the thread but I will ask for confirmation anyway.
So if I shutdown my comp I have to wait to get elected again and I start at the 1 coin per generation cycle? I have a raspberry pi still in its box. Does the same thing happen if I stop and start the service to get the latest update installed? Timekoin has a raspberry image with Timekoin server installed.
Currently playing with it while my Windows machine generates. Currently rebuilding transaction database, while I make sure the Pi is working properly. I had an issue with port forwarding to the PI, the PI would fail firewall tests Not reachable but right now, its not complaining at me redirecting traffic from its designated port for example, set in server to port Timekoin default on Pi.
The Pi passed firewall test. Weird, but it works. Been looking on eBay Is something like this sutable? Np, I was mostly kidding though, as most people end up saying it differently as it's quite ambiguous. I'm just going off the original source: You now have dogecoins coming your way. Hey guys, been interested in mining timekoins and was thinking of purchasing a raspberry pi. Been looking on eBay. Running Timekoin right now. I figure that message out outbound is only while i'm not genearating?
Just posting what i have worked out with my Outbound Only message, you or others may have worked it out. I use my domain forwarder in the ip address box only, not the server part now, allows the firewall test to work. The dev has been very responsive to bugs and other problems, it's worth letting him know about this.
Got Timekoin running on my pi. I also had the outbound only problem for a couple of days but fixed it by increasing the number of peers on the system settings page. So any ideas which cryptocurrency the Rothschilds and Chinese will be supporting? Congrats on getting in early. I have a good feeling this will take off due to its low cost in running and guaranteed generation reward cycles.
Unlike btc where you sit and hope for a block reward whilst running up insane power bills. It does need a rebrand and though.. Once we hit generating peers I'd say it will start to become quite competitive at election times, so once you are locked in just sit and and pray as you are at the mercy of your ISP and Internet stability. Mastercoin has moved into 3rd place by market cap on Coinnmarket.
Im about to buy some Quarkcoin it hasnt moved much in the last 24 hours would be a good time to buy IMO. LOL no reason apart from everything else increasing and this one hasn't, this whole crypto currency thing is just a game look at the massive rise and crash of Quarkcoin it will rise again. Im about to buy some Quarkcoin it hasnt moved much in the last 24 hours would be a good time to buy.
Why , is that the max number of peers that can generate at once? Or is that number going to slow down transaction checking across the network in which case wouldn't you just limit the no of active peers your server talks to? Seems hardly surprising that someone hacked dogecoin. But what is with people storing millions of them in online wallet??
But then I'm a newbie so am I missing something? They are a brand new service based on a currency that has existed for like 2 weeks. Based on the lack of value of the coin and the fact they are offering a free service to users, why do you think it would be worth their time to think up and enact these extra security precautions that make it harder for them to operate?
Notwithstanding the fact that they are newbies and probably have NFI what they are doing? Is there any real difference in most cases? Unless it offers a guaranteed return, it's a gamble. The coins are just another example of a class that's very high risk. Sorry I was meaning the users, not the operators of the online wallet.
If you're mining coins for the potential profit, regardless of whether in some far off time the constellations might align and make that a realistic prospect, it seems like common sense to spend the few minutes it takes to set up and encrypt an offline wallet. Their is no difference everything is a gamble, Quarkcoin wouldn't be the first or last asset to have a shady history it has an intrigue thats why I chose to put some money on it, as far as im concerned bitcoin having a fixed number of units is absurd and thats part of the reason why the alt coins are getting a bigger share of the market, they something different and more akin to fiat currency.
Oh, well ignore my comment. As for what you actually meant, I would say the demographic of people using this are new and are not sure of the best security practices as well as the fact that the currency isn't actually worth that much.
I guess you would be technically correct and could be playing on the semantics. While they are both technically "gambling" one could classify everything as a gamble , they do seem different.
In this context, I would personally classify gambling as going up against something with pre-fixed odds usually not in your favour, that would by design programmatically send you into a net loss if played enough. Investing would be exchange for equity or something with intrinsic value or something that you can use to barter for goods and services.
Anyway, I'm happy to get an opinion from someone who has studied finance on this topic. Yeah, just like that whole movement of people investing in and mining "gold". It's definitely a fad. You know what, some smart ass will probably figure out of a way to make gold out of the earths elements and with some voodoo chemistry and if the secret gets out Gold will be worth Nothing. I have absolutely no idea what point you are trying to make. If a genius finds out how to artificially create gold, then that means it has even worse resistance to counterfeit than bitcoin.
I just dont agree with the design of "finite" supply its that simple, its money not a work of picasso and the early adopters of Bitcoin love that concept as its only going to become more scare hence more valuable, the very idea of inflation goes against the constitution of Bitcoin but inflation means more people over time will own more wholes units and I personally believe this is a more attractive model to the common folk.
Thats why I think Bitcoin is MORE absurb than some of the other alt coins such as Quarkcoin or Peercoin for instance, I think theirs some money to be made in this madness so im putting my money where my mouth is, the problem will be deciding when to get off the train.
Fair point, but I don't know if it's really that important. Inflation is not really the solution here and has its own downsides. I'm a supporter of altcoins as well and mimic your thoughts about money to be made. With the exception of quarkcoin in particular, as it has been pre-mined in a ridiculously short term with all the coins mostly allocated by now so I would personally choose any other coin than that. Ive read a bit about those issues and you could call it unfair but surely its the reality for any new crypto coin, the early adopters make a killing and jumping on any new crypto might seem pointless for a while before it starts to find its feet, Mining Bitcoin or Litecoin or most other top coins are making a gamble that the coins will keep on increasing in value and for most people the effort wont be worth it as you need to invest some serious dough and keep on investment to keep up, how do you put a price on that?
I believe the stigma surrounding the creation of Quark will disappear over time as whats done is done, however I would be more inclined to sell this one for a quick profit than the other coins Ive put money into. Ive read a bit about those issues and you could call it unfair but surely its the reality for any new crypto coin,. Also, I take it you haven't watched the youtube link I quoted for you. I have an 8gb SD card but due to their bullshit marketing it only has 7.
Not really sure on the best option here. I was hoping for a quick setup without having to do all the linux crap. Quickest option would be to head down to the local dse, jbhifi or computer store and grab a 16gb sad card. Otherwise you can install a light distro and do a manual install. I have an Ubuntu server running tk using 4gb of disk total. It's a bit of time leech though. My TimeKoin server finally got elected the other day! I've generated about TimeKoins so far, still only at 1 per cycle.
I still get the OUtbound message sometimes but it does not impact anything. Tends to go away then comeback sometimes.
It looks like TK is slowly gaining momentum, when I first installed the server a couple of weeks back there were only about 20 generating peers, now we're over You believe Quark is doomed? Most people who call it a scam don't like the way the early miners got most of the coins or it was too easy to mine them early on, so what? It does offer something different to Bitcoin and is one of the mainstream alt coins so whether you like it or not it has acceptance, coins like Ripple or NXT are worse and they have a bigger market cap and more coins, that being said those coins are much more likely to crash than Quark but I have no illusions that Quark isn't immune to that either as their would be people with massive holdings of Quark.
Just happened to see this new thread pop up; check the comments: It does offer something different to Bitcoin. We have altcoins that are pre-mined and altcoins that aren't. Both offer something different to bitcoin. I think I know which I prefer. You are free to do whatever you want but I get the impression people get just putting money on anything without doing any research. The image will partition off 8GB for itself, leaving the remainder to be used if you need to expand the partitions at a later date,.
I am at 2 per cycle, but somehow my server is transactions behind, and it has to check the transaction history, koins so far, and counting, I have a fair amount of transactions locked up in that backlog.
Watchdog logs dont show any crashes and I am still generating so I am not worried, it will fix them. Yep I just used their image. I used an 8GB SD card. It's easy to set up and shouldn't require much Linux knowledge.
The only thing you really need to do with Linux is change the timekoin and root passwords. It seems to be pretty easy to get elected at the moment so it's a good idea to get in now. I got elected last night after just 1 day. In hindsight I should have just bought a 16gb but instead I wasted a few hours putting it on the 8gb. I put the image on a 32gb flash drive then used gparted on a live CD to shrink the partition down a smidge.
At this point I wasted a crapload of time trying to find imaging software that would just let me image the flash drive with the 2 partitions without the 22gb raw partition. Creating the image was easy.
Getting the image to the SD sucked. I ended up creating the partitions manually on the card and then it let me apply the image to it. After it was finished I extended the partition to use up any excess space.
If I just plug it into the router with no keyboard, mouse or monitor will it boot up ok for me to access it from the web interface?
Really couldn't be stuffed trying to get the HDMI cable from my stereo setup if I dont actually need to access the Pi directly. Once the Image is loaded on to the SD, the PI will boot up fine, its how the rest of us mere mortals do it: I've transferred my keys to it and everything looks fine except my server balance is zero.
Should be 40 or so. Guessing that will filter through once it's caught up on transactions? Once the transactions updated, the server showed my correct balance. It took a while to import the keys so once your transaction list is up to date, double check the keys are in there.
My reinstall took ages to update the transaction list. If that's an issue for you, you can speed up the reconciliation by booting off all the peers except timekoin. Apparently that stops redundant transaction checking. After I did that, the transaction list updated much faster. Thanks to the TK dev for that tip. I just pasted my keys into the restore windows and hit restore key.
Did for public and private. Maybe I have not done that correctly? After trying it a few more times, the private key did appear in the private key field. The public key only appeared in its field once the transaction list was updated. Yes, I have the odd occasion when the server drops back transactions or so, and my balance drops accordingly, but comes good once it has caught up with the check. When I transferred my keys from Windows to my PI, It was stuck on 'Peer not elected' or whatever it says , and this was after i transferred the keys to the PI, so I tried copying them again and it instantly recognized them, and activated the election side of things, as the keys were already elected.
Still do not know why it did not work the first time, but a second try worked, but the PI has been online now for 6 days Production for Yep all good, setup and ticking away. Just need to wait for election now.
I also did that pasted my keys into the restore window and hit restore but the program didn't display either key in the fields. Yeah, I have had it sitting on my desk for ages. Wasn't sure what to do with it. At one point I was going to use it to monitor my solar power but I have that covered on my main machine. I just got one as soon as I heard about it because I thought it was amazing, figured I would find a job for it eventually.
Yep, also via multipool, using an old and spare nvidia gt , so only 30ish hash rate, making a day. My Timekoin server crashed today so have to get elected again: Does anyone know how to restart it automatically?
No and if no-one else here does, join the TK forum and PM the developer knightmb , he's been very quick and helpful when I've had questions and problems. When I tried to start it I got the message "already started". When I tried the stop it I got the message "already stopped". I havent been elected yet so I didn't lose anything but it's a bit of a concern especially when the watchdog log showed nothing.
Log back in, go to 'System', click 'Stop Timekoin' Just to make sure , and hit start again. All it will do is tell you 'Was already stopped, or something. Just checked and im not elected again Dont know whats up with this thing. Could be that TK's growing popularity is making the elections way way more competitive, or a bug in your server or set up.
At the risk of sounding like a broken record, have you sought help on the TK forum or direct from the dev via PM? It says im elected and shows the 60 minute cooldown before I can generate coins. When that timer gets to 50 minutes it says im not elected anymore. Happened 4 times in a row. On one of those I was the only one in the election queue.
I have put a post on the timekoin forums and PM'd my IP to the developer for him to check. Just have to wait and see what happens. Im running it on the raspberry pi. I have checked everything I can. The firewall test works and ping tests to all the peers work.
I did change the timezone to my current timezone instead of system default Not sure what timezone the Pi defaults to. I have to wait 12 hours for the next election to see. If its not sorted out tomorrow afternoon I wll setup my main PC again and see if that connects and go from there. If that works at least it will narrow it down to a problem with the Pi.
All i could find on the forums and that was the ip was not matching the server ip or something, i now use a dns domain and it is still working but have not had to be reelected to see if it would work right away again. It started working so i stopped reading up on it. Do you drop off each time at 50 minutes? You're supposed to only lose elected status once the server is offline for 2 hours so this sounds like it could be more than your server simply not staying connected to peers on the TK network.
Whatever's the cause, it must be very frustrating. The dev figured out the issue on my server in under a day. Apparently it's something to do with my server thinking it's elected but other peers on the network don't have a record of it so I get kicked.
At least that's how someone else described the problem for someone with a similar issue. You just gave me an idea though. I just realised how stupid that is. Blanked it out, stopped timekoin and restarted. Now it's showing my external IP. Pretty sure that is going to fix it. Timekoin update, I was elected but something crashed so I had to wait for another round of elections. Happened much quicker second time, now i'm generating again.
Only at coins though. Just gotta wait it out. It'll probably take longer and longer as more and more servers come on board. Two RX watts power usage includes system wattage. You can payoff that hardware in no time. Most people have older cards that use more power and can mine at a much slower rate. I know my older cards are less profitable now.
Don't bother with timekoin, it's just a piece of rubbish Sad that it has caught on here on whirlpool whilst it is non-existent anywhere else. Vested interests on making it more popular On the other hand the argument doesn't apply to litecoin, as it is well known already.
And by telling others to mine it, I hurt it's profitability and myself. Maybe but its good for me. I dont want to invest in hardware or put too much effort into it. If it turns out to be nothing I've lost a miniscule amount in power.
All these other coins are fluctuating that much there is no way to know if you will get your money back. Timekoin seems like a better technology anyway. You dont need to churn through a crapload of power and transactions dont have to wait for another computer to do calculations. The problem is that unlike litecoin and bitcoin, where there is some profitability function that governs how much electricity you spend. There is no such mechanism stopping people from mining timekoin If it is unprofitable to mine litecoin, people just turn off their computer.
With timekoin no such thing exists because it's a novelty that can't even be exchanged. The opterons and xeons would be best suited for these applications, so you also end up with a damaged processor. Furthermore, there are flaws that affect the distribution of coins mentioned in this thread: I believe this is the same timekoin they are discussing, one which the more people join, the more coins are created to infinity Thus the price should effectively go to zero. In fact, it is possible due to the novelty aspect, like Idle RPG, it will have no value and will just cause additional excess power consumption.
Furthermore, by letting older nodes earn more timekoins, it basically forces the person to leave their computer on, wasting valuable electricity.
Furthermore, the bounty for finding a bug is sort of useless and potentially not claimable unless a real bug comes up. It is framed so that the exploit they know about which is the botnet or infinite instance glitch, cannot be claimed All timekoins generated by the exploit must be in one address and you can only have one instance running an address One could use an exploit to generate infinite instances, and get all the timekoins in time, diluting everyone else.
Easy for a simple script on digitalocean. I had been using coinmarketcap. The Alt coins have done very well in the past 7 days and clearly shows that greater returns can be had compared to Bitcoin. Bitcoin is pretty much the USD of the crypto world and when the price of Bitcoin crashes no coin is immune and thats unlikely to change for the forseeable future. The idea of the bounty was an incentive for users find bugs or exploits. You can also get the bounty by legitimately generating the coins or combining them with others.
The second part of your paragraph doesnt make sense considering the bounty just requires an account to have all the coins on. Coins generated from a botnet or "infinite instance glitch" whatever that is could be transferred to one account and the bounty claimed. Here are the official rules from the website. Actually looks like you cant combine totals anymore. The only thing it does exclude which you may be referring to is if users computers get compromised and their coins stolen.
That is a vulnerability with all coins though. Well I made it past the 50 minute generation hurdle so I think the I have solved the problem. Btw people are buying timekoin I've sold a decent amount at 1c each an also traded for btc recently. I'm currently trying out middlecoin which in theory is a top idea and exactly what im after, but I'm getting a lot of stratum connection interrupted problems which i think are killing my shares?
Not sure if its an latency thing? I have made a post about it on bitcointalk https: I have been using Multipool. They don't seem to have Middlecoin listed though. I have also been keeping an eye on CoinWarz.
Middlecoin is the actual name of the multipool, its actually a cool idea, you just get paid out daily into BTC http: All over about 3 days since I started mining properly on the 30th. I was mucking around for a few days before that setting up and tuning a rig and trying out different pools and I mined about 0. I've just switched my miners to Mooncoin for the night and then I'll switch back to auto pool tomorrow.
CGWatcher is awesome — no more batch files and command line for me. Just create your config file and use the GUI to manage your mining. You can set it to autostart with windows and then monitor CGMiner to restart it based on different parameters. You can have a number of scrypt pools in the same config file then just switch between them with a couple of mouse clicks.
I too have only just really got into the mining thing, Ive found some time since Ive been on holidays for a few weeks. I got onto doge pretty early but only have a and a so about khash, Managed to get k doge lost 70k of it on dice: I've known about bitcoin for a long while but actually jumped on the bandwagon a little too late and had a crappy pc at the time so it wasn't very profitable. I only started mining again a day after doge's release but I figured I'd go all out and bought a from ebay tough going I have a Current Cost meter on the whole house.
I get out of the and I'm not pushing my hardware to the max. You can compare hardware here: I forgot that ATI changed their model numbering after the 5xxx series. Do you mind saying how much you scored that for? I've been looking and the prices are ridiculous.
I wish I'd bought a couple when the shops were running them out. So does Timekoin have much of a use at the moment or are there any major plans in the works? The network is still in an incubating stage so if you get in now you can easily generate about k of TK per week once you get elected, chances of election are decreasing each week as more and more servers are joining. I give it another month before the election queue reaches — then you may be waiting a few weeks to get elected Installed TimeKoin about 2 and a bit hours ago and by the looks of things, i've been elected.
Generation Enabled Generating Peers: My Public Key Thu 02 Jan — I jumped on the bandwagon last night. Chucked the server on a barely used Raspberry pi I have. I didnt generate any coins until this arvo. Had some issues forwarding the port to Even though it was forwarding correctly, the server didn't respond.
I'm thinking its to do with me using a WiPi wifi module in my Rpi! Does anyone know how is the generation affected if I reboot the server? I wouldn't have known about it at all if it wasn't for you guys on the bitcoin thread. Is there somewhere we can see how long the network thinks the server is active?
I've decided to buy a new GPU for my gaming rig to free up another for mining — I think I'm addicted. I think it's unlikely because there are no decimal places. Anybody know of an Australian supplier of PCI-e risers at a reasonable price? I've had no luck sourcing any from Australia, I ordered some from the ebay store in Australia, at the middle of December and still haven't received them.
Besides that from time to time they do appear on gumtree, but never tried to buy them from there myself. True but same can be said with silver and gold. You can't buy a loaf of bread with a gold bullion well you could but you will be very stupid to.
Timekoin another useless money grab that wont stand the test of time, just do some research on the actual developer, known scammer.
Seriously if you missed out on Bitcoin originally, just give up. Check this out https: A couple of thoughts on this. If it is true and not just a hoax , our GPU mining days may be numbered. Hopefully they'll arrive within 2 weeks. They are unpowered but I can mod them myself and I can't complain for the price.
Managed to get elected yesterday luckily as the next peer election is now 2 days away. My pc is never usually off for extended periods of time so hopefully I can get upto a few coins per cycle. How does mining work? You don't earn coins until you if solo mining or your pool solves a block. Once your pool solves the block you are then credited with an unconfirmed balance based on the amount of "shares" or work you submitted towards that block.
It will usually balance itself out. Payouts will be less but more frequent. Payouts will be less frequent but a higher payout per block. I've read a bit about them and am looking at buying one and playing around with it to mine alt coins with cgminer. It won't work with scrypt coins, only SHA Torrent jammed up my router. In the time it took to watch a movie I'm off the queue and have to wait a day for next election: Ltcgear is taking preorders for fpgas think they do like khash each oced, his shipping in feb, the guy posts on litecointalk forums from what i've read this is the second batch.
I misread the product description. Now looking at auto selecting the most profitable on multipool or middlecoin. I generate all the power I need. I'm thinking I'll use an existing spare PC that runs windows 7. Need to upgrade my crappy graphics card; what are some good GPU options? Are the or good picks for win 7?
Looks like they would give me around kh. Need to upgrade my crappy graphics card. Is the still a good pick? Looks like that would give me kh. If you can find one at a reasonable price You might wanna look at a x which I believe is just a rebranded with a slightly higher clock speed. Lots of people using win 7 64 bit by the looks of it. I think you need to use the 2. Profit will always fluctuate but there's still plenty to be made..
Don't take this advice as gospel though cos things are always changing. Plug your details into the following website and it will do the calculations for you. Ignore the sha section as its flooded with ASIC miners and you'll use more in electricity than you actually make. Some of the more profitable coins aren't actually on the multipool's so you would have to do the mining and trading yourself.
Just mine on middlecoin same thing as multipool higher hashrate and pays out in btc, unless your after altcoins for a specific reason. My box is 32 bit win 7, don't see any others using those cards on 32 bit systems. Do you reckon that will matter? Can you explain what that is and why it's needed. I've looked at a few pages describing it and can't understand any of them.
But your power calculation i think is a bit off. I ripped the last out of my gaming rig so now I have 2 x s and a pulling about 1. I'll have to do a bit more tweaking and see if I can raise the hashrate on the s currently about each without stressing them too much.
Anyway, I'm gonna let it run for the weekend and see what sort of profit I can turn on middlecoin. Have you have any experience with it at all? Won't make a difference to the software. These days openCL is included with Catalyst drivers so there is no need to install the SDK anymore if you are using the latest drivers. If you actually go here http: I think its just overloaded.
You could try changing to the EU middlecoin server just add eu to the start of the host name but when i tried the extra latency seemed to make things worse. Oh BTW there is a cool webpage that makes it a bit easier to see your balances and the like http: Seeems like lottocoin is going farely cheap atm bought 1btc worth at 0.
I just tidied up a bit and removed one of the rigs from it's case to cool it down. So I thought I'd snap a phone shot:. Is anyone collecting any specific AltCoins rather than auto trading them?
Thanks for the tip. MSY showing none in stock online or in stores except mitcham, which i cant get to. Yeah stock would have been hammered over the Christmas period. Also I believe MSY do delivery nowdays so there's always that option. Not sure as PC and I are in different places this week. What do I need? AMD recommend a w but you could probably get by on a w IF its decent and not something that came included with your case.
I'd be looking at the Thermaltakes if you are on a budget. Most of their W versions are atleast Bronze and are usually good for W. I'd recommend one of these if you can find one http: If you check out my pick whrl. Other good brands are Seasonic, Silverstone, Corsair, Antec and the list goes on — the last two are model dependent. It always pays to research and I like the Hardware Secrets site I linked earlier for what appears to be a thorough review with unbiased opinion. Thanks for all your advice ronyh, yayo and stevosa.
I'll check out those suggestions and links, might come back to you once i've got a better idea of what I need. I have a shortcut to timekoin. So I think I found a way to stabilise the connection to middlecoin after trawling through the forum thread at Bitcointalk. One of the users has compiled a custom version of CGMiner that reconnects to the pool faster.
Get it here https: The second part is to set up load balancing between the US and EU servers. I have done this but kept the US server as primary. You can find it here https: Anyway, I guess the data I will receive for the first 24hrs of testing middlecoin isn't going to be totally accurate. I estimate a value of 0. Hopefully, the next 24hrs with a stable connection will return better than 0. The guy that runs middlecoin is also working on a fix for the connection problems and hopes to roll it out on Sunday — US time I'm guessing, so Monday for us.
So I had earned an estimated 0. I have since tweaked my rigs to 1. I worked out a way to turn on the server and watchdog on opening the exe file on win 7. May not work after updates but Then just add a shortcut to the exe file in the start up folder, peers should be connecting before you need to login and start it up.
Watchdog never started automatically but does now, saves logging in at all on startup. From what ive seen the hash rate difference is not that much either. Would anyone else recommend a few x's instead? So it seems for your initial outlay, it would be best to get the Xs for total hashing power but you need to weigh that against the more expensive platform to run them, i.
NP, only thing that i can see that would be different is watchdog may turn on when you turn timekoin on in the system area, but you want that anyway. More changes could be done to change that but i dont need it myself.
I'd be looking at the Thermaltakes I'd recommend one of these if you can find one www. Uninstall your existing GPU drivers.
Turn off and open up PC. Make sure you are not charged with static electricity. Go and touch a metal tap to discharge. I think its perhaps a good move but longterm I doubt Litecoin has anything compelling to offer over Bitcoin or the other alt coins mentioned above. I think its perhaps a good move. Depends on your circumstances and why you bought the coins in the first place. With a power supply you just need a good one with the right connections and long cords, seems the one that was posted seems ok for the long cords.
I want a betting exchange, even if only for a few sports like NFL and NBA, i would put up on a match, but unsure of the legalities, probably need a few hundredk just to set up a site in Aus. I cant really get beyond khash at a reasonable temp Man, I can't believe you can get out of your core.
You sure you haven't got your clock mixed up with your memory. I can do core and mem clock when maxed out. I think earthcoin and worldcoin have a bright future, unlike the majority of these other pump-n-dump altcoins. I'll be holding onto mine for a while. I guess the same for Worldcoin, is it just marketing and what sort of big name supporters they can get for it that differentiates it? Mine goes in and out of outbound mode once it has caught up on transactions.
It still generates coins fine. I dont think it's anything to worry about. And checking it now it's stalled again Same here, I am trying something currently that may take me a few days to finalize to see if it helps , then I might need help with creating a cron job on the Pi to apply it as I dont know how the PI launches the Timekoin server, I know it uses SSH to run it as that is all I can see in the 'ps' list.
Try performing a database check and repair. I do this once a week now as there are more and more transactions and my shitty disk is not helping. I still don't know the actual value of XRP and how to use it, but you 'mine' it by contributing hours to a CPU based computing hours project think Folding Home et al. And if it was just one person then fair enough, but a few people are having the same problem. Yay my TimeKoin server has been running for 7 days now so i'm at 2 coins per cycle! I havent updated the server software to new version yet, better do that tonight maybe,.
IMO its too risky leaving them on the generating server ie hackers.. So what is the actual deal with timekoin? Is it all a scam?
Is this right or did I get it completely wrong? Isn't that the idea of all these digital currencies? How many people are generating them in the hope of using them as actual currency later. Most are generating them so they can sell them later for cash. I only like timekoin because I dont need a computer screaming its guts out chewing up power to generate them.
If they turn out to be worthless I haven't really lost anything. The process makes more sense to me as well. Love to see figures on how much power bitcoin has wasted globally. Not the most efficient way of creating 1's and 0's. How long did that take? Clicked optomize on the raspberry pi and the timekoin UI has been doing nothing for over 30 minutes. I can see all the processes are still ticking away in the process monitor so hopefully im still generating coins My fairly basic understanding of TimeKoin is that it's just another crypto currency except its 'mined' differently than the other coins.
Instead of raw computing power, it uses uptime as to how fast you generate currency. I think the principal behind it is great, it's not susceptible to any particular person or group with lots of money or hardware and to date it hasnt been hacked or exploited in any way.
I like it because I'm running a mining PC 24x7 for alt coins and I can run the TK server on the same PC at the same time without using any extra power. If TK goes mainstream and gets listed on one of the exchanges then awesome, i'm going to make some good money. If not, then i've lost nothing. As for KnightMB the developer, i did a bit of Googling about him and he was in on the Bitcoins from the start and had a stockpile of around , Then apparantly he was involved in another online business of sorts and did something sneaky alledgedly!
Apart from that, he's no different to all the other developers churning out alt crypto currencies. Whirlpooleans are starting to help crank the numbers of TimeKoin servers which will help it go mainstream, if more people get on board then we all stand to make some money if and when it goes mainstream. Once they get listed on an exchange ie cryptsy then the value will go up alot hopefully! When i first installed my server there were only 20 or so generating peers, now there are over 70, so its doubling every couple of weeks or so.
If you have a PC running 24x7 then you might as well install it, you got nothing to lose. Not sure how secure this whole thing is? Also if we have more users does that mean coins are generated faster or slower?
I have another key which i use with the client software, i will move mine across to that. Then back up the keys to offline on another set in the future. I have been genertaing for 18 days, have about and it cost me nothing as i leave my pc on for tv anyway.
I would not say timekoin is not a scam as it seems an ok system as long as it stays secure it should go ok. Over the years most of the richest people are the dishonest ones, online marketing gurus etc. It does seem like there is a problem as it keeps hitting 75 generators then get booted next time i look. To genertate you set up the server software and "generate new keys" on the options page, the keys are all you need to keep.
Which means it needs to do some signing, which means it needs keys. Code, accounts, capital, it needs a whole bunch of stuff. And it has a name, because it has to market itself. What am I saying here? It kind of looks a lot like the other things above. Issuances have existed in the past, Bitcoin is not the beginning of this space. Before Bitcoin we've had the pound sterling for several hundred years as an issuance.
Cyberbux was issued around as a digital currency. It was given away by David Chaum's company Digicash which issued about , of them before he was told to stop doing that. Paypal came along as an issuance.
Digigold was a gold metal based currency that I was involved with back in the early s, then it was quiet for long time until along came Bitcoin. These issuances all have things in common. They all had an issuer in some sense or other. It is possible to dispute it with Bitcoin, but Satoshi was there starting up the software, so he's essentially the issuer albeit unstated. The issuances have types of technology and types of value such as bonds and shares, etc.
There is stuff about symbols to print out, as the user wants to know what it looks like on the screen. What are the units, what are the subunits, how many decimal points. We need to know how minting is done. That's hard coded into bitcoin, but it doesn't have to be, it could be in the genesis identity package, so we can tune the parameters.
There needs to be a controller, as I pointed out there are some vestiges of control with bitcoin, and future chains will have more control, whereas issuances will have even more control because issuances are typically done by issuers.
You want them to be in control because they're making legal claims, which brings us to terms and conditions, so we also need a legal contract. It looks like the other things, as it has the same elements. Where I'm coming to is that there is a list of First Class Persons in this new space that have the same set of characteristics.
Humans, who do stuff, Corporations making decisions, DAOs making profits, smart contracts are making decisions based on inputs, chains are running and are persistent and supposed to be there. Issuances are supposed to serve your value-storing needs for quite some time.
Internet of things - it might seem a little funny but your fridge is sitting there with a chip in it, running, and it can do things. It could run a smart contract, it could run a blockchain, it could do anything you like, it has these attributes, it could act as a first class person. What do these first class persons need?
If we line them up on the top axis, and run the characteristics down the left axis, it turns out that we can fill out the table and find that everything needs everything, most of the time. Sure, there are some exceptions, but that's life in the IT business. For the most part they all look the same. What do these First Class Persons do? Just quickly, they instantiate, they communicate, they name each other.
Alice needs to send Bob's names to others, she needs to make claims about Bob, and send those claims onto Carol. As we're making some semblance of claim about these entities, the name has to be a decently good reference.
Then there will be the normal IT stuff such as identify, share, change, blah blah. What then is a First Class Person? They have capabilities to make decisions, are apparently intelligent in some sense or other.
They have state, they are holding value, they might be holding money or shares or photos, who knows? Coming back to a question raised in the previous talk they have intent, which is a legally significant word.
So we're all the same -- we people are the same as smart contracts, as block chains, etc, and we should be able to make recipe that describes us. We should be able to collect all these things together and make it such that we all look the same.
Of course we're all different - the fields in the recipes will all be different, but that's what we IT people know how to do. Although we can do this -- doing it isn't as easy as saying it. This package has to be tractable, it's got to be relatively small and powerful at the same time. It has to contain text and code at the same time which is a bit tricky. It has to be accessible and easy to implement, which probably means we don't want XML, it may mean we could do JSON, but I prefer line-based tag-equals-value because anyone can read it, nobody has to worry about it, and it's easy to write a parser.
And it has to be able to sign things in order to show its intent. We need an identifier. The easy thing is to take a hash of the package that we've built up. But Zooko's Triangle which you really need to grok Zooko's Triangle to understand the space basically says that we can have an identifier that can have these attributes -- globally context free, securely collision free, human meaningful -- but you can only reach two of them with a single simple system.
Hence we have to take the basic system we invent and then square the triangle to get the other attribute, but that's too much detail for this talk. What are we seeing? We're capturing a lot of diversity and wrap it back into one arch-type. Capture the code, text, and params, make it work together and get it instantiated and then get the identifier out.
The identifier is probably the easy part, although, you'll probably notice I'm skipping something here, which is what we do with that identifier once we've got it. In a sense what we are doing is objectifying and from an OO programming sense we are all objects and we just need to create the object arch-type in order to be able to manipulate all these First Class Persons.
So what does it look like - another triangle containing a legal contract, parameters and a smart contract along the bottom. Those three elements are wrapped up and sent into a genesis transaction, into a something.
That something might be a blockchain, might be a server, it might not even be what we think of as a transaction or a genesis, it looks approximately like that so I'm borrowing the buzzword.
Out of that package we get an identifier! That is what it looks like today, but I admit it looked a little different yesterday and maybe next week it'll look different again. Some people on the net are already figuring this out. CommonAccord are doing legal contracts, wrapping them up into little tech objects, with a piece of code that they call an object and they have a matching legal document that relates to it.
A user goes searching through their system looking for legal clauses, pull out the ones you want, compose them into a big contract. With each little legal clause you pull out, it comes with a bit of smart code, so you end up creating the whole legal text and the whole smart code in the same process.
CommonAccord are basically doing the same thing described - wrapping together a smart contract with a legal document and then creating some form of identifier out of it when they produce their final contract. How do we do this? Open problems include how to mix the code and text. Both the code and the text can be very big, derivatives contracts can run to pages. Hence some of the new generation blockchain projects have figured out they need to add file store in their architecture.
We need to take the genesis concept and break it out - the genesis should start the chain not the currency, and we should start the currency using a different transaction. This is already done in some of these systems. Then there are is the "other identity" -- I haven't covered whether this is safe, whether you know the other person is who they claim to be, whether there is any recourse, or intent, or even a person behind an identity, or what?
We really don't know any more than what the tech says, and hand wave that's a subject for another day. There is a conflict in that we're surfacing more and more information which is great for security as we're locking things down, but it does rather leave aside the question of Privacy?
Are we ruining things for privacy? Another question for another day. Paul of Moonbase has put a plea onto kickstarter to fund a run of open RNGs. As we all know, having good random numbers is one of those devilishly tricky open problems in crypto. I'd encourage one and all to click and contribute. After Edward Snowden's recent revelations about how compromised our internet security has become some people have worried about whether the hardware we're using is compromised - is it?
We honestly don't know, but like a lot of people we're worried about our privacy and security. What we do know is that the NSA has corrupted some of the random number generators in the OpenSSL software we all use to access the internet, and has paid some large crypto vendors millions of dollars to make their software less secure.
Some people say that they also intercept hardware during shipping to install spyware. We believe it's time we took back ownership of the hardware we use day to day.
This project is one small attempt to do that - OneRNG is an entropy generator, it makes long strings of random bits from two independent noise sources that can be used to seed your operating system's random number generator. This information is then used to create the secret keys you use when you access web sites, or use cryptography systems like SSH and PGP. Openness is important, we're open sourcing our hardware design and our firmware, our board is even designed with a removable RF noise shield a 'tin foil hat' so that you can check to make sure that the circuits that are inside are exactly the same as the circuits we build and sell.
In order to make sure that our boards cannot be compromised during shipping we make sure that the internal firmware load is signed and cannot be spoofed. It's definitely still worth contributing more because it ensures a bigger run and helps much more attention on this project. As well, we signal to the world:.
So, sitting in a pub idling till my 5pm, thought I'd do some quick check on my mail. Someone likes my post on yesterday's rare evidence of MITMs , posts a comment. Nice, I read all comments carefully to strip the spam, so, click click Once I've signalled my passivity to its immoral arrest of my innocent browsing down mainstreet, I'm staring at the charge sheet.
Fully expecting an expiry or lost exception or etc, I'm shocked! I'm being MITM'd by the wireless here in the pub. Quick check on twitter. Tweets are being spied upon. The horror, the horror. On reflection, the false positive result worked. One reason for that on the skeptical side is that, as I'm one of the 0. How do I judge it all? I'm annoyed, disturbed, but still skeptical as to just how useful this system is.
We always knew that it would pick up the false positive, that's how Mozilla designed their GUI -- overdoing their approach. As I intimated yesterday , the real problem is whether it works in the presence of a flood of false negatives -- claimed attacks that aren't really attacks, just normal errors and you should carry on.
Why is a commercial process in a pub of all places taking the brazen step of MITMing innocent customers? My guess is that users don't care, don't notice, or their platforms are hiding the MITM from them. One assumes the pub knows why: The provisional patent application also describes ideas of how to make random numbers available to "trusted law enforcement agents" or other "escrow administrators". Or is this just the normal incompetent-in-hindsight operations of the military-industrial-standards complex?
It's an important if conspiratorial question because we want to document the modus operandi of a spook intervention into a standards process. We'll have to wait for more facts; the participants will simply deny. What I'm more curious about today is Certicom's actions. What is the benefit to society and their customers in patenting a backdoor? How can they benefit in a way that aligns the interests of the Internet with the interests of their customers?
Or is this impossible to reconcile? If Certicom is patenting backdoors, the only plausible way I can think of this is that it intends to wield backdoors. Which means spying and hacking. Certicom is now engaged in the business of spying on In contrast, I would have said that Certicom's responsibility as a participant in Internet security is to declare and damn an exploit, not bury it in a submarine patent.
If so, what idiot in Certicom's board put it on the path of becoming the Crypto AG of the 21st century? If so, Certicom is now on the international blacklist of shame. Until questions are answered, do no business with them. Certicom have breached the sacred trust of trade -- to operate in the interests of their customers.
Bill Black gave an interview last year on how the financial system has moved from robustness to criminogenia:. You are looking at an underlying economic dynamic where fraud is a sure thing that will make people fabulously wealthy and where you select by your hiring, by your promotion, and by your firing for the ethically worst people at these firms that are committing the frauds.
No prizes for guessing he's talking about the financial system and the failure of the regulators to jail anyone, nor find any bank culpable, nor find any accounting firm that found any bank in trouble before it collapsed into the mercy of the public purse.
But where is the action? Where is the actual fraud taking place? This is the question that defies analysis and therefore allows the fraudsters to lay a merry trail of pointed fingers that curves around and joins itself.
The first defence against this process is transparency. Which implies the robust availability of clear accounting records -- what really happened? Which is where triple-entry becomes much more interesting, and much more relevant. In the old days, accounting was the domain of intra-firm transactions. Double entry enabled the growth of the business empire because internal errors could be eliminated by means of the double-links between separate books; clearly, money had to be either in one place or another, it couldn't slip between the cracks any more, so we didn't need to worry so much about external agents deliberately dropping a few entries.
Beyond the firm, it was caveat emptor. Which the world muddled along with for around years until the development of electronic transactions. That which was on paper was evidence and accountable to an entire culture called accountants; that which was electronic was opaque except to a new generation of digital adepts. Say hello to Nick Leeson, say good bye to Barings Bank. The fraud that was possible now exploded beyond imagination.
Triple-entry addresses this issue by adding cryptography to the accounting entry. In effect it locks the transaction into a single electronic record that is shared with three parties: Crypto makes it easy for them to hold the same entry, the third parties makes it easy to force the two interested agents not to play games.
You can see this concept with Bitcoin, which I suggest is a triple-entry system , albeit not one I envisaged. The transaction is held by the sender and the recipient of the currency, and the distributed blockchain plays the part of the third party. Why is this governance arrangement a step forward? Look at say money laundering. Consider how you would launder funds through bitcoin, a fear claimed by the various government agencies.
Simple, send your ill-gotten gains to some exchanger, push the resultant bitcoin around a bit, then cash out at another exchanger. Simple, except every record is now locked into the blockchain -- the third party. Because it is cryptographic, it is now a record that an investigator can trace through and follow.
You cannot hide, you cannot dive into the software system and fudge the numbers, you cannot change the records. Triple-entry systems such as Bitcoin are so laughably transparent that only the stupidest money launderer would go there, and would therefore eliminate himself before long.
It is fair to say that triple-entry is practically immunised against ML, and the question is not what to do about it in say Bitcoin, but why aren't the other systems adopting that technique? And as for money laundering, so goes every other transaction. Transparency using triple-entry concepts has now addressed the chaos of inter-company financial relationships and restored it to a sensible accountable and governable framework. That which double-entry did for intra-company, triple-entry does for the financial system.
Of course, triple-entry does not solve everything. It's just a brick, we still need mortar of systems, the statics of dispute resolution, plans, bricklayers and all the other components. It doesn't solve the ethics failure in the financial system, it doesn't bring the fraudsters to jail. And, it will take a long time before this idea of cryptographically sealed receipts seeps its way slowly into society. Once it gets hold, it is probably unstoppable because companies that show accounts solidified by triple-entry will eventually be rewarded by cheaper cost of capital.
But that might take a decade or three. It occurs to me that we could modify the CAcert process of verifiably creating random seeds to make it also scientifically verifiable, after the event. See last post if this makes no sense. Instead of bringing a non-deterministic scheme, each participant could bring a deterministic scheme which is hitherto secret. As nobody knew what each other participate was going to declare, and the honest players amongst did a best-efforts guess on a new statically consistent tome, we can be sure that if there is at least one honest non-conspiring party, then the result is random.
Does it meet all the requirements? I'm not sure because I haven't had time to think about it. Specifically, they seem to be aiming at the Brainpool curves which had a stab at producing a new set of curves for elliptic curve cryptography ECC. We actually chose this string in advance and then manipulated the curve choices to produce this string.
The BADAVR curves illustrate the fact that, as pointed out by Scott in , "verifiably random" curves do not stop the attacker from generating a curve with a one-in-a-million weakness. The BADAVPR curves illustrate the fact that "verifiably pseudorandom" curves with "systematic" seeds generated from "nothing-up-my-sleeve numbers" also do not stop the attacker from generating a curve with a one-in-a-million weakness.
We do not assert that the presence of the string BADA55 is a weakness. However, with a similar computation we could have selected a one-in-a-million weakness and produced curves with that weakness. Which highlights two problems we have with all prior sets of curves: The crux here is that if someone does know of a weakness, they can re-run their "verifiably random" process until they get the results get want.
Snowden says it is. They reproduced the process presumably and showed that it did not meet its own claimed standard, but did not explore how to create a fair seed. We do know how to do this, and there is an entire business case for it, it is the root of a CA. Which gives us at least two answers. This is a hardware device that is strictly produced to the highest standards and testing to produce what we need. In this particular case, the generation of random numbers will be done in a HSM according to a NIST or equivalent standard, and tested according to their very harsh and expensive regimes.
That's the formal, popular, and safe answer, which most CAs use to pass audit . At CAcert we did something different. Because we knew that the HSM process was suspect enough to be unreliable, and it had no apparent way to mitigate this risk, we developed our own. In short this is what we do:. Accepting the assumptions, this design ensures that the seed is random if at least one person has reliably delivered a good input. Or so I claim: Granted, there are limitations to this process. Thereafter, we are limited to trusting the reports of those who were there.
Hence, it isn't a repeatable experiment in the sense of scientific method, for that we'd need a bit more work. But quibbles aside about the precise semantics of verifiability, I claim this is good enough for the job. Or, it is as good as it gets. If you combine the Eindhoven process with the CAcert process, then you'll get a set of curves that are reliably and verifiably secure to known current standards. As good as it gets? If you do that, we'll need a new name for a better, badder set of curves; sadly I can only think of 5A1A55 for Fat-Ass right now.
Before Bitcoin, there was cryptocurrency. Indeed, it has a long and deep history. If only for the lessons learnt, it is worth studying, and indeed, in my ABC of Bitcoin investing, I consider not knowing anything before the paper as a red flag.
Hence, a very fast history of what came before also see podcasts 1 and 2. The first known to me attempt at cryptocurrencies occurred in the Netherlands, in the late s, which makes it around 25 years ago or 20BBTC.
In the middle of the night, the petrol stations in the remoter areas were being raided for cash, and the operators were unhappy putting guards at risk there. But the petrol stations had to stay open overnight so that the trucks could refuel. Someone had the bright idea of putting money onto the new-fangled smartcards that were then being trialled, and so electronic cash was born.
Drivers of trucks were given these cards instead of cash, and the stations were now safer from robbery. At the same time the dominant retailer, Albert Heijn, was pushing the banks to invent some way to allow shoppers to pay directly from their bank accounts, which became eventually to be known as POS or point-of-sale. Even before this, David Chaum , an American Cryptographer had been investigating what it would take to create electronic cash.
His views on money and privacy led him to believe that in order to do safe commerce, we would need a token money that would emulate physical coins and paper notes. Specifically, the privacy feature of being able to safely pay someone hand-to-hand, and have that transaction complete safely and privately.
This enables a person to pass a number across to another person, and that number to be modified by the receiver. When the receiver deposits her coin, as Chaum called it, into the bank, it bears the original signature of the mint, but it is not the same number as that which the mint signed. Chaum's invention allowed the coin to be modified untraceably without breaking the signature of the mint, hence the mint or bank was 'blind' to the transaction.
All of this interest and also the Netherlands' historically feverish attitude to privacy probably had a lot to do with David Chaum's decision to migrate to the Netherlands. When working in the late s at CWI, a hotbed of cryptography and mathematics research in Amsterdam, he started DigiCash and proceeded to build his Internet money invention, employing amongst many others names that would later become famous: The invention of blinded cash was extraordinary and it caused an unprecedented wave of press attention.
The private compromise that they agreed to was that Digicash's e-cash product would only be sold to banks. This accommodation then led the company on a merry dance attempting to field a viable digital cash through many banks, ending up eventually in bankruptcy in The amount of attention in the press brought very exciting deals to the table, with Microsoft, Deutsche Bank and others, but David Chaum was unable to use them to get to the next level.
On the coattails of Digicash there were hundreds of startups per year working on this space, including my own efforts.
In the mid s, the attention switched from Europe to North America for two factors: Yet, the first great wave of cryptocurrencies spluttered and died, and was instead overtaken by a second wave of web-based monies.
First Virtual was a first brief spurt of excitement, to be almost immediately replaced by Paypal which did more or less the same thing. Paypal allowed the money to go from person to person, where as FV had insisted that to accept money you must "be a merchant," which was a popular restriction from banks and regulators, but people hated it. Paypal also leapt forward by proposing its system as being a hand-to-hand cash, literally: But this geek-focus was quickly abandoned as Paypal discovered that what people -- real users -- really wanted was money on the web browser.
As Paypal proved the web became the protocol of choice, even for money, so Chaum's ideas were more or less forgotten in the wider western marketplace, although the tradition was alive in Russia with WebMoney, and there were isolated pockets of interest in the crypto communities. In contrast, several ventures started up chasing a variant of Paypal's web-hybrid: The company that succeeded initially was called e-gold, an American-based operation that had its corporation in Nevis in the Caribbean.
Or you could buy new e-gold, by sending a wire to Florida, and they would buy and hold the physical gold. By tramping the streets and winning customers over, the founder managed to get the company into the black and up and growing by around As e-gold the currency issuer was offshore, it did not require US onshore approval, and this enabled it for a time to target the huge American market of 'goldbugs' and also a growing worldwide community of Internet traders who needed to do cross-border payments.
With its popularity on the increase, the independent exchange market exploded into life in , and its future seemed set. While in theory this is a fine concept, the steady stream of ponzis, HYIPs, 'games' and other scams attracted the attention of the Feds.
In , e-gold's Florida offices were raided and that was the end of the currency as an effective force. The Feds also proceeded to mop up any of the competitors and exchange operations they could lay their hands on, ensuring the end of the second great wave of new monies. Beforehand, the USA was fairly liberal about alternative monies, seeing them as potential business, innovation for the future.
It's probably fair to speculate that e-gold didn't react so well to the shift. Meanwhile, over in Europe, they were going the other way. It had become abundantly clear that the attempt to shutdown cryptocurrencies was too successful, Internet business preferred to base itself in the USA, and there had never been any evidence of the bad things they were scared of. Successive generations of the eMoney law were enacted to open up the field, but being Europeans they never really understood what a startup was, and the less-high barriers remained deal killers.
Which brings us forward to , and the first public posting of the Bitcoin paper by Satoshi Nakamoto. Bitcoin is a result of history; when decisions were made, they rebounded along time and into the design.
Nakamoto may have been the mother of Bitcoin, but it is a child of many fathers: And, finally it must be stressed, most all successes and missteps we see here in the growing Bitcoin sector have been seen before. History is not just humming and rhyming, it's singing loudly.
Anyone was at liberty to change them. It turns out that this might have been just that, a liberty, a hope, a dream.
Each of the four libraries they had was in binary form, and it appears that each had to be hard-modified in binary in order to mind their own Ps and Qs. So did a the library implementors forget that issue?
Defaults, options, choice of any form has always been known as bad for users, great for attackers and a downright nuisance for developers. Here, the libraries did the right thing by eliminating the chance for users to change those numbers. Unfortunately, they, NIST and all points thereafter, took the originals without question. In the light of yesterday's newly revealed attack by the NSA on Internet standards , what are the systemic problems here, if any?
I think we can question the way the IETF is approaching security. It has taken a lot of thinking on my part to identify the flaw s , and not a few rants, with many and aggressive defences and counterattacks from defenders of the faith.
Where I am thinking today is this:. First the good news. The IETF's Working Group concept is far better at developing general standards than anything we've seen so far by this I mean ISO, national committees, industry cartels and whathaveyou. However, it still suffers from two shortfalls. If one views standards as the property of the largest players, then this is not a problem. If OTOH one views the Internet as a shared resource of billions, designed to serve those billions back for their efforts, the WG method is a recipe for disenfranchisement.
I think reasonable people can debate and disagree on the question of whether the WG model disenfranchises the users, because even though a a company can out-manouver the open Internet through sheer persistence and money, we can still see it happen.
In this, IETF stands in violent sunlight compared to that travesty of mouldy dark closets, CABForum, which shut users out while industry insiders prepared the base documents in secrecy. By this I mean the security concept of an attack from someone who doesn't follow the rules, and breaks them in ways meant to break your model and assumptions. We can suspect byzantium disclosures in the fingered ID:. Such byzantine behaviour maybe isn't a problem when the industry players are for example subject to open observation, as best behaviour can be forced, and honesty at some level is necessary for long term reputation.
But it likely is a problem where the attacker is accustomed to that other world: Which points directly at the NSA. Spooks being spooks, every spy novel you've ever read will attest to the deception and rule breaking. So where is this a problem? Well, only in the one area where they are interested in: Which is irony itself as security is the field where byzantine behaviour is our meat and drink. Whether it does or no depends on whether you think it can defend against the byzantine attack. Likely it will pass-by-fiat because of the loyalty of those involved, I have been one of those WG stalwarts for a period, so I do see the dilemma.
Can we agree or disagree on this? Is there room for reasonable debate amongst peers? I refer you now to these words:. And as previously written here. The NSA has conducted a long term programme to breach the standards-based crypto of the net. In their own words. There is no shortage of circumstantial evidence that NSA people have pushed, steered, nudged the WGs to make bad decisions.
I therefore suggest we have the evidence to take to a jury. Obviously we won't be allowed to do that, so we have to do the next best thing: One single piece of evidence wasn't enough.
Two was enough to believe, but alternate explanations sounded plausible to some. But we now have three solid bodies of evidence. Where it leaves us is in difficulties. We can try and avoid all this stuff by e. Yes, they attacked and broke some elements of American crypto and you know what I'm expecting to fall next.
But they also broke the standards process, and that had even more effect on the world. It has to be said that the IETF security area is now under a cloud. Not only do they need to analyse things back in time to see where it went wrong, but they also need some concept to stop it happening in the future. The first step however is to actually see the clouds, and admit that rain might be coming soon. May the security AD live in interesting times, borrow my umbrella?
In a scandal that is now entertaining that legal term of art "slam-dunk" there is news of a new weakness introduced into the TLS suite by the NSA:. The way the extension works is that it increases the quantity of random numbers fed into the cleartext negotiation phase of the protocol.
If the attacker has a heads up to those random numbers, that makes his task of divining the state of the PRNG a lot easier. Indeed, the extension definition states more or less that:. When this extension is in use it increases the amount of data that an attacker can inject into the PRF. This potentially would allow an attacker who had partially compromised the PRF greater scope for influencing the output. Which gives us 2 compromises of the standards process that when combined magically work together.
Gox has been hit by exactly that - a market timing attack based on latency. In their own words:. A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur.
Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent. MtGox is working with the Bitcoin core development team and others to mitigate this issue.
Bitcoin transactions are subject to a design issue that has been largely ignored, while known to at least a part of the Bitcoin core developers and mentioned on the BitcoinTalk forums. This defect, known as "transaction malleability" makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash.
Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.
The bitcoin api "sendtoaddress" broadly used to send bitcoins to a given bitcoin address will return a transaction hash as a way to track the transaction's insertion in the blockchain. Most wallet and exchange services will keep a record of this said hash in order to be able to respond to users should they inquire about their transaction. It is likely that these services will assume the transaction was not sent if it doesn't appear in the blockchain with the original hash and have currently no means to recognize the alternative transactions as theirs in an efficient way.
This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction's hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.
Which all means what? Well, it seems that while waiting on a transaction to pop out of the block chain, one can rely on a token to track it. And so can ones counterparty. Except, this token was not exactly constructed on a security basis, and the initiator of the transaction can break it, leading to two naive views of the transaction.
Which leads to some game-playing. Let's be very clear here. There are three components to this break: Latency, impatience, and a bad token. Latency is the underlying physical problem, also known as the coordination problem or the two-generals problem.
At a deeper level, as latency on a network is a physical certainty limited by the speed of light, there is always an open window of opportunity for trouble when two parties are trying to agree on anything. In fast payment systems, that window isn't a problem for humans as opposed to algos , as good payment systems clear in less than a second, sometimes known as real time.
But not so in Bitcoin; where the latency is from 5 minutes and up to depending on your assumptions, which leaves an unacceptable gap between the completion of the transaction and the users' expectations. Hence the second component: The 'solution' to the settlement-impatience problem then is the hash token that substitutes as a final triple entry evidentiary receipt until the block-chain settles.
This hash or token used in Bitcoin is broken, in that it is not cryptographically reliable as a token identifying the eventual settled payment. Obviously, the immediate solution is to fix the hash, which is what Mt. Gox is asking Bitcoin dev team to do.
But this assumes that the solution is in fact a solution. It's a hack, and a dangerous one. Let's go back to the definition of payments, again assuming the latency of coordination. A payment is initiated by the controller of an account. That payment is like a cheque or check that is sent out.
It is then intermediated by the system. Which produces the transaction. But as we all know with cheques, a controller can produce multiple cheques. So a cheque is more like a promise that can be broken. And as we all know with people, relying on the cheque alone isn't reliable enough by and of itself, so the system must resolve the abuses. That fundamental understanding in place, here's what Bitcoin Foundation's Gavin Andresen said about Mt. Transaction malleability has been known about since This is something that cannot be corrected overnight.
Otherwise, it can result in Bitcoin loss and headache for everyone involved. So it is a known problem. So one could make a case that Mt. Gox should have dealt with it, as a known bug. But note the language above That is a contradiction in terms.
A transaction isn't malleable, the very definition of a transaction is that it is atomic, it is or it isn't. Atomic, consistent, independent, durable. Therefore, the identifier to which they speak cannot be a transaction identifier, by definition. It must be an identifier to What's happening here then is more likely a case of cognitive dissonance, leading to a regrettable and unintended deception. Gox's description above, again, and the reliance on the word becomes clearer.
Users have known to demand transactions because we techies taught them that transactions are reliable, by definition; Bitcoin provides the word but not the act. So the first part of the fix is to change the words back to ones with reliable meanings. You can't simply undefine a term that has been known for 40 years, and expect the user community to follow.
To be clear, I'm not suggesting what the terms should be. In my work, I simply call what goes in a 'Payment', and what comes out a 'Receipt'. The latter Receipt is equated to the transaction, and in my lesson on triple entry , I often end with a flourish: The Receipt is the Transaction. Which has more poetry if you've experienced transactional pain before, and you've read the whole thing.
We all have our dreams: Conclusion To put things in perspective, it's important to remember that Bitcoin is a very new technology and still very much in its early stages. What MtGox and the Bitcoin community have experienced in the past year has been an incredible and exciting challenge, and there is still much to do to further improve.
When we did our early work in this, we recognised that the market timing attack comes from the implicit misunderstanding of how latency interferes with transactions, and how impatience interferes with both of them. So in our protocols, there is no 'token' that is available to track a pending transaction. This was a deliberate, early design decision, and indeed the servers still just dump and ignore anything they don't understand in order to force the clients away from leaning on unreliable crutches.
It's also the flip side of the triple-entry receipt -- its existence is the full evidence, hence, the receipt is the transaction. Once you have the receipt, you're golden, if not, you're in the mud. But Bitcoin had a rather extraordinary problem -- the distribution of its consensus on the transaction amongst any large group of nodes that wanted to play. Which inherently made transactional mechanics and latency issues blow out. This is a high price to pay, and only history is going to tell us whether the price is too high or affordable.
As many have noticed, there is now a permathread Paul's term on how to do random numbers. It's always been warm. Now the arguments are on solid simmer, raging on half a dozen cryptogroups, all thanks to the NSA and their infamous breach of NIST, American industry, mom's apple pie and the privacy of all things from Sunday school to Angry Birds. Why is the topic of random numbers so bubbling, effervescent, unsatisfying? They are in practical experience trickier than most of the other modules we deal with: Yet, we have come a long way.
We now have a working theory. When Ada put together her RNG this last summer, it wasn't that hard. Out of our experience, herein is a collection of things we figured out; with the normal caveat that, even as RNs require stirring, the recipe for 'knowing' is also evolving. That all said, good luck! Comments to the normal place, please, and Ed's note: Last month, I wrote to explain that these challenges by Dan Bernstein:.
I am not aware of any major world-class security system employing cryptography in which the hackers penetrated the system by actually going through the cryptanalysis.
Perhaps uniquely, Dan Bernstein took umbrage and went looking for the money. He found two potentials. Out of order, let's look at potential "in the money" option 2: The interesting thing about WEP is that we've always known that it was a joke, as far as security goes, and Dan agrees, labelling it as scary.
WEP blamed for theft of 45 million credit-card numbers from T. Until that is. Taking what it is written in the article as the facts, WEP was cracked and T.
Maxx was raided for millions of cards. Within 6 months they agreed to settle for the damages. But, the challenge survives! WEP is ruled out of scope, because it is not a properly designed cryptosystem Grigg-Gutmann , nor a world-class security system Shamir. Maxx ignore the warnings and assume that WEP was secure enough to protect their credit card database?
Their bad, not for us to follow their leadership into losses. It was facilitated by being a code-signed virus, and to do this, the attackers crunched a Microsoft code-signing certificate to acquire a forged private key. In this case, the attack was done on MD5-signed certs. Once the private key was forged by the attackers, it was game on! Flame is definitely an attack on a cryptosystem, but we have two difficulties before we can hand out the prize.
Firstly, nobody recommends MD5! It has in effect been deprecated since , when SHA1 came on line. And that's well before the warnings from the Chinese cryptographers, so the message was loud and clear then. Even though nobody much recommends x PKI for serious stuff, committees, standards, regulators and auditors, all opine faithfully on the ability of PKI to serve and protect.
Sorry, no, it doesn't wash, and I don't have the space or patience to write about planetary cognitive dissonance today. If we give MD5 and certificates and PKI a pass, it is begrudging, fingers-crossed, marketing waffle compliance claim, and no serious security person should be fooled.
But we have another difficulty:. There is no easy way to tie any loss into the affects that Flame wrought, other than the normal bluster and FUD and journalistic froth and so forth. We don't even know if Flame exflitrated anything, all we've got is claim and counterclaim.
As I wrote in the last post:. Flame's not in the money. Flame goes down, yet Stuxnet stalks forth. Over on CAcert it is written by me:. That's a hefty piece of change. Stuxnet stole its certs, it didn't crunch them. But it could have It is hypothesized that Flame exfiltrated the data and Stuxnet zeroed in on the target with Flame's intel product. OlympicGames is a hypothesis of causal connection, and combined, we have a result that seriously challenges our claims.
We can argue about the detailed check-marks of success here, but I for one would say that our claims can now be rendered more accurate as historical. One detail remains -- when? Stuxnet was first noticed in second half of , and Flame was found at the end of May George "cyberWarrior" Bush launched the digital Pearl Harbour against Iraq much earlier earliest I have seen is but it wasn't until early that we were able to assemble the picture into what it was: Therefore, my current view is something like this:.
While Peter and I were making those remarks, behind the scenes, the Internet was in the process of losing her maidenhood. We can quibble about dates and losses and what marks the first casebook study of a serious crypto-system breach, but the wider point we wanted to make was that, before , we had no compass. And, necessarily from this observation, all systems designed without the benefit of where the compass is now pointing should be considered ripe for a re-think. It being Christmas and we're all looking for a little fun, David Wagner has posted a challenge that was part of a serious study conducted by Ka-Ping Yee and himself: I believe I've managed to faithfully reconstruct the version of Ping's code that contains the deliberately inserted bug.
If you would like to try your hand at finding the bug, you can look at it yourself:. I'm copying Ping , in case he wants to comment or add to this. We told reviewers that there exists at least one bug, in Navigator. I've marked the region using comments. So, you are free to focus on only that part of the code I promise you that we did not deliberately insert any bug anywhere else outside that region. Of course, I'm providing all the code, because you may need to understand how it all interacts.
The original Pvote code was written to be as secure and verifiable as we could make it; I'm giving you a modified version that was modified to add a bug after the fact. So, this is not some "obfuscated Python" contest where the entire thing was designed to conceal a malicious backdoor: To help you conduct your code review, it might help to start by understanding the Pvote design.
You can read about the theory, design, and principles behind Pvote in our published papers:. The Pvote code probably won't make sense without understanding some aspects of its design and how it is intended to be used, so this background material might be helpful to you.
We also gave reviewers an assurance document, which outlines the "assurance case" a detailed argument describing why we believe Pvote is secure and fit for purpose and free of bugs. Here's most of it:. Why not all of it? The full assurance document contains the actual, unmodified Pvote code. We wrote the assurance document for the unmodified version of Pvote without the deliberately inserted bug , and the full assurance document includes the code of the unmodified Pvote.
If you were to look at that and compare it to the code I gave you above, you could quickly identify the bug by just doing a diff -- but that would completely defeat the purpose of the exercise. If I had copious free time, I'd modify the assurance document to give you a modified document that matches the modified code -- but I don't have time to do that.
So, instead, I've just removed the part of the assurance document that contained the region of the code where we inserted our bug namely, Navigator. In the actual review, we provided reviewers with additional resources that won't be available to you.
For instance, we outlined for them the overall design principles of Pvote. We also were available to interactively answer questions, which helped them quickly get up to speed on the code. During the part where we had them review the modified Pvote with a bug inserted, we also answered their questions -- here's what Ping wrote about how we handled that part:.
Since insider attacks are a major unaddressed threat in existing systems, we specifically wanted to experiment with this scenario. Therefore, we warned the reviewers to treat us as untrusted adversaries, and that we might not always tell the truth. Of course, since this is something you're doing on your own, you won't get the benefit of interacting with us and having us answer questions for you to save you time.
I realize this does make code review harder. You can assume that someone else has done some runtime testing of the code. Focus on code review. In the past 15 years " no one ever lost money to an attack on a properly designed cryptosystem meaning one that didn't use homebrew crypto or toy keys in the Internet or commercial worlds". Adi Shamir stated that "Cryptography is usually bypassed. This is the old sage advice about your door locks -- they don't have to be great, they just have to be better than your neighbours' locks.
This assumes several things: That is, they want to steal money, by one means or another, and they are not motivated necessarily by the more esoteric of threats that us geeks wish we had to take seriously: Further, it assumes that we are all doing risk analysis. So it's about money, in the simplified world of general purpose crypto.
Which brings us to the more practical question:. There are two answers: The former's answer is: The latter's answer is more nuanced, and in order to understand that answer we have to get into how business operates. In the world of business, we do risk analysis. In quick words, this starts from a model of the business, and from business experience we posit a model of threats.
Then, we use risk analysis to estimate the likelihood of each threat, by looking at history and expected cost to the attacker, and multiply it by the consequences a. The result is a set of risks, which we can then order by expected damages. We then start working on the highest priorities, being the highest expected damages. And, similar to our lock model, as long as the priorities are mitigated such that the attacker feels it more economic to move elsewhere, we're good.
In even shorter words, we concentrate our defences where we are currently losing money. It is therefore all about money, which is a completely different answer to the cryptographer's answer of infeasible to break. So, what about the money? Now, as it happens, in the Internet, there is remarkably little reporting of money being stolen by breaching a cryptosystem!
Which leaves us with a dilemma. If nobody has ever reported any money, why are we bothering to protect? Hence the Gutmann-Grigg comment that puts the point: Now we can address the third question.
We can probably state with some confidence that someone has lost some money, somewhere, from some attack on a crypto system, but has never reported those losses. So we now must ask what do we do about non-reported losses? Unreported losses don't exist. The reason for this is simple: What we don't know is not a good basis for assessing risks.
If we rely on a claim that we cannot show then we are lost, totally. If we work on a hypothetical, we're not doing risk analysis, we're not doing science, and we've no integrity. Hence, the answer to the third question,.
This is really what the challenge is about.
Game - Play Game Online and Win Free Bitcoins. Bitcoin Bot. New York essay of commerce education need someone to write dissertation introduction on cold war for money need someone to do my dissertation chapter on life sentence online . , Michigan type dissertation conclusion on english please i need help writing an appeal letter for college, Arizona. 10 Jun [10/06/] 1P|L - free bitcoin bot bitcoin faucet script Top 5 Trending Bitcoin Business Startups! - Bitdeal: LibertyX - Buy At home computer work from freelancer earn money hoc wythenshawe in . in writing a paragraph does ideas to work from home south africa. Buy Bitcoin, Create Bitcoin.