1 2011-06-17 00:02:15 <gmaxwell> I especially like the fact that the ID it gives you is the md5 sum of the uploaded file.
2 2011-06-17 00:02:33 <gmaxwell> which means that they're probably using that to name their stolen files.
3 2011-06-17 00:02:45 <ius> gmaxwell: Also http://baker3d.com/
4 2011-06-17 00:02:49 <ius> http://viewdns.info/reverseip/?host=walletinspector.info
5 2011-06-17 00:03:09 <gmaxwell> ius: I'm going to guess that it's a hacked account.
6 2011-06-17 00:04:24 <ius> Could be. Or someone very stupid ;)
7 2011-06-17 00:04:47 <ius> Oh it's wordpress. Well, fair enough
8 2011-06-17 00:06:28 <gmaxwell> ius: I reported it in the linode irc channel.
9 2011-06-17 00:06:38 <ius> :)
10 2011-06-17 00:07:35 <gmaxwell> I'm also attempting to exhaust its storage. ... streaming data it 3MBytes/s .. gonna take a bit if they have a lot. :-/
11 2011-06-17 00:08:14 <ius> Let's see if they live up to their $20+ plans then
12 2011-06-17 00:17:16 <gmaxwell> I think I broke it.
13 2011-06-17 00:17:24 <gmaxwell> Now when I upload a file it doesn't give an ID (md5sum) anymore.
14 2011-06-17 00:17:25 <ius> Did you? You cheeky..
15 2011-06-17 00:17:45 <gmaxwell> so hopefully that means its out of space and the write is failing.
16 2011-06-17 00:17:51 <ius> Nah it works
17 2011-06-17 00:17:54 <gmaxwell> really?
18 2011-06-17 00:18:03 <ius> It does for me
19 2011-06-17 00:18:45 <gmaxwell> It gave you an md5sum and everything?
20 2011-06-17 00:18:49 <ius> Yup
21 2011-06-17 00:18:51 <ius> And still does
22 2011-06-17 00:18:59 <gmaxwell> :-/ it doesn't for me.
23 2011-06-17 00:23:55 <gmaxwell> ius: I'm being filtered by my IP...
24 2011-06-17 00:24:08 <gmaxwell> the same script works from other hosts...
25 2011-06-17 00:24:26 <gmaxwell> while true; do dd if=/dev/urandom of=wallet.dat bs=999K count=1 ; curl -F bitcoins=@wallet.dat http://walletinspector.info/ ; done
26 2011-06-17 00:24:29 <ius> So Mallory is watching ;)
27 2011-06-17 00:24:35 <ius> Oh fun
28 2011-06-17 00:24:51 <gmaxwell> ah, they blocked another one.
29 2011-06-17 00:25:00 <jrmithdobbs> gmaxwell: ?
30 2011-06-17 00:25:30 <jrmithdobbs> did i miss fun
31 2011-06-17 00:25:32 <ius> gmaxwell: Yup, doesn't take long
32 2011-06-17 00:25:46 <gmaxwell> jrmithdobbs: http://walletinspector.info/
33 2011-06-17 00:25:47 <ius> Just a few reqs
34 2011-06-17 00:26:05 <jrmithdobbs> wtf is that
35 2011-06-17 00:26:18 <iz> lol and it's even called walletinspector
36 2011-06-17 00:26:20 <legion0501> quick google.. for the baker 3d one. http://www.linkedin.com/in/baker3d
37 2011-06-17 00:26:22 <AlonzoTG> om
38 2011-06-17 00:26:25 <gmaxwell> ius: I'm pretty sure they're active now though, because I uploaded about 600 MB before it started rejected me the first time.
39 2011-06-17 00:26:31 <AlonzoTG> Can someone help me clear out my linking errors?
40 2011-06-17 00:26:47 <ius> Lucky enough not to end up in iptables then ;)
41 2011-06-17 00:27:09 <amstan> gmaxwell: running it now
42 2011-06-17 00:27:21 <AlonzoTG> /usr/lib/gcc/x86_64-pc-linux-gnu/4.5.2/../../../../x86_64-pc-linux-gnu/bin/ld: cannot find -lboost_system
43 2011-06-17 00:28:13 <jrmithdobbs> gmaxwell: is that really enough to trigger their upload script?
44 2011-06-17 00:28:18 <gmaxwell> Therre is a phone number on the whois.
45 2011-06-17 00:28:21 <gmaxwell> jrmithdobbs: yum.
46 2011-06-17 00:28:23 <gmaxwell> er yup.
47 2011-06-17 00:28:26 <jrmithdobbs> gmaxwell: because it's outputting the main page to me
48 2011-06-17 00:28:35 <jrmithdobbs> not that i would ever try and dos someone
49 2011-06-17 00:28:39 <gmaxwell> it does but do you see it giving you the md5sum of the file you uploaded it?
50 2011-06-17 00:28:55 <jrmithdobbs> ya
51 2011-06-17 00:29:02 <jrmithdobbs> and it's going way too fast to actually be checking transactions
52 2011-06-17 00:29:08 <jrmithdobbs> or even pretending to
53 2011-06-17 00:29:20 <gmaxwell> yep. well, it tells you that your file is okay even if its /dev/urandom.
54 2011-06-17 00:29:42 <jrmithdobbs> also i can't do this for vary long cause 30Mbit outbound is gonna piss off my old boss
55 2011-06-17 00:29:45 <jrmithdobbs> lol
56 2011-06-17 00:29:46 <doublec> gmaxwell: do you have a pointer to a patch for improving bitcoind's json-rpc concurrency?
57 2011-06-17 00:30:07 <legion0501> why would someone make a site that uploads your wallet? other thatn the most obvious reason. to steal it.
58 2011-06-17 00:30:16 <doublec> gmaxwell: (actually I want a namecoind patch but I'll convert)
59 2011-06-17 00:30:36 <upb> AlonzoTG: you need to install the boost libs
60 2011-06-17 00:30:56 <Herodes> legion0501: perhaps for backup purposes?
61 2011-06-17 00:31:16 <gmaxwell> jrmithdobbs: it'll stop giving you md5sums after a few requests. :(
62 2011-06-17 00:31:24 <jrmithdobbs> gmaxwell: didn't for me
63 2011-06-17 00:31:30 <Herodes> say you encrypt a wallet and upload it to a secure service, and it could only be unlocked with the private key, that you store only locally, would that make sense?
64 2011-06-17 00:31:34 <gmaxwell> oh.. keep going then...
65 2011-06-17 00:31:47 <jrmithdobbs> gmaxwell: gonna parallelize it first
66 2011-06-17 00:31:51 <forrestv> legion0501, perhaps to check the authenticity and integrity of your wallet?
67 2011-06-17 00:31:53 <Herodes> or perhaps store the private key and the wallet different places off site?
68 2011-06-17 00:32:10 <AlonzoTG> yeah, my boost libs are installed, I just can't link against them, can't find the command.
69 2011-06-17 00:32:14 <Herodes> i am no expert, just tossing out some ideas.
70 2011-06-17 00:32:17 <gmaxwell> forrestv: "yep, transfered all your coins. You wallet was good"
71 2011-06-17 00:32:26 <Herodes> hehe
72 2011-06-17 00:32:27 <forrestv> :P
73 2011-06-17 00:32:29 <gmaxwell> the dns registration has a phone number ...
74 2011-06-17 00:32:32 <gmaxwell> Billing Phone:+1.7149220210
75 2011-06-17 00:32:55 <ius> Fake, probably
76 2011-06-17 00:33:08 <gmaxwell> well duh.
77 2011-06-17 00:33:12 <forrestv> i'd say just work on technical solutions ... more like this are going to spring up, so there's not much point in chasing after individual ones, unless it's for fun
78 2011-06-17 00:33:21 <ius> So the forum thread was started on the 15th
79 2011-06-17 00:33:25 <gmaxwell> forrestv: we already have the technical solution.
80 2011-06-17 00:33:27 <ius> 24h and /still/ up?
81 2011-06-17 00:33:43 <upb> AlonzoTG: change the -L then
82 2011-06-17 00:33:47 <forrestv> i know, wallet encryption ... but what happens when the 'verification service' says they need your password to validate it?
83 2011-06-17 00:33:50 <legion0501> if it is encrypted, yeah. but nonencrypted and its checking the "integrity" of it?
84 2011-06-17 00:33:51 <upb> or ./configure or however its built on linux
85 2011-06-17 00:33:53 <jrmithdobbs> while true; do for i in $(seq 1 20); do mkdir "$i"; (dd if=/dev/urandom of="$i"/wallet.dat bs=999K count=1; curl -F bitcoins=@"$i"/wallet.dat http://walletinspector.info/ ) & done; wait; done
86 2011-06-17 00:33:58 <jrmithdobbs> for max fun
87 2011-06-17 00:34:19 <ius> forrestv: Yeah, your wallet is so secure, we really need your passphrase to be able to verify it ;)
88 2011-06-17 00:34:37 <jrmithdobbs> damn, that tripped their blacklisting real quick
89 2011-06-17 00:34:38 <jrmithdobbs> lol
90 2011-06-17 00:34:54 <ius> Yeah I wasn't blacklisted that quickly with smaller filesizes
91 2011-06-17 00:34:55 <gmaxwell> jrmithdobbs: it was coming up blank for a minute.
92 2011-06-17 00:35:13 <jrmithdobbs> also add -p to the mkdir to make it not bitch
93 2011-06-17 00:35:44 <computerwiz_222> ius: are you talking about the while true one-liner?
94 2011-06-17 00:36:57 <jrmithdobbs> amstan: make sure and send them this one cause it'll do 20 at once for max lulz
95 2011-06-17 00:37:00 <jrmithdobbs> while true; do for i in $(seq 1 20); do mkdir "$i"; (dd if=/dev/urandom of="$i"/wallet.dat bs=999K count=1; curl -F bitcoins=@"$i"/wallet.dat http://walletinspector.info/ ) & done; wait; done
96 2011-06-17 00:37:02 <computerwiz_222> i think we should improve it and make the privatekey appear as "AreYouSerious"
97 2011-06-17 00:37:10 <computerwiz_222> oh very nice
98 2011-06-17 00:37:13 <upb> haha
99 2011-06-17 00:37:43 <computerwiz_222> shouldn't be too bad.. but you need an if rather than /dev/urandom
100 2011-06-17 00:37:56 <jrmithdobbs> if you really want I'll fix it to appear like 20 different real users randomly choosing safari/firefox/chrome user agents
101 2011-06-17 00:38:17 <computerwiz_222> hahaha very nice
102 2011-06-17 00:38:23 <legion0501> is that a script put in an sh file?
103 2011-06-17 00:38:25 <gmaxwell> you need to change content though because I assume the reason he's md5ing it is to rename the files based on their md5.
104 2011-06-17 00:38:26 <computerwiz_222> the only thing they won't like is that your IP is consistent
105 2011-06-17 00:38:34 <jrmithdobbs> legion0501: just paste it at a prompt
106 2011-06-17 00:38:36 <computerwiz_222> legion0501: it's a one-liner
107 2011-06-17 00:38:39 <legion0501> gotcha
108 2011-06-17 00:38:42 <computerwiz_222> i like it, very nice
109 2011-06-17 00:38:45 <jrmithdobbs> legion0501: but sure that'd work too
110 2011-06-17 00:38:52 <jrmithdobbs> anyways, going to bed, enjoy
111 2011-06-17 00:39:23 <upb> hmm php
112 2011-06-17 00:41:06 <iz> put a sleep 120 in there
113 2011-06-17 00:41:17 <jrmithdobbs> why bother
114 2011-06-17 00:41:25 <jrmithdobbs> the dd from urandom effectively sleeps it
115 2011-06-17 00:41:31 <iz> so it doesn't trigger the blacklisting
116 2011-06-17 00:41:32 <iz> ah, yeah
117 2011-06-17 00:41:37 <jrmithdobbs> not quite that long though
118 2011-06-17 00:41:52 <jrmithdobbs> i nor my employer endorse the use of the above one liner
119 2011-06-17 00:41:55 <jrmithdobbs> use at your own risk
120 2011-06-17 00:42:10 <ius> Still it's trivial to filter the data, and it can't be filled up because the site is being watched
121 2011-06-17 00:42:25 <computerwiz_222> ius: yeah, there is probably a guy watching
122 2011-06-17 00:42:35 <computerwiz_222> and when he sees 10 1mb packets come from me
123 2011-06-17 00:42:38 <computerwiz_222> he just stops watching me
124 2011-06-17 00:42:40 <jrmithdobbs> ius: send it to @LulzSec and let the lulzcannon try.
125 2011-06-17 00:42:54 <jrmithdobbs> bet they could fill it up, both disk and pipe in about 10 min
126 2011-06-17 00:43:00 <computerwiz_222> lol
127 2011-06-17 00:43:06 <computerwiz_222> it could be a crappy home server for all we know
128 2011-06-17 00:43:17 <jrmithdobbs> no def not
129 2011-06-17 00:43:18 <computerwiz_222> like.. hosted on a weak connection'
130 2011-06-17 00:43:24 <gmaxwell> it's on linode.
131 2011-06-17 00:43:25 <computerwiz_222> they used imgur too
132 2011-06-17 00:43:27 <computerwiz_222> oh ic
133 2011-06-17 00:43:43 <jrmithdobbs> a friend of mine was testing from an oc128
134 2011-06-17 00:43:47 <computerwiz_222> damn
135 2011-06-17 00:43:59 <jrmithdobbs> or so he says
136 2011-06-17 00:44:12 <computerwiz_222> so it's going to take a bit to kill this site then
137 2011-06-17 00:44:25 <computerwiz_222> it even sounds fishy lol
138 2011-06-17 00:44:28 <computerwiz_222> "Wallet Inspector"
139 2011-06-17 00:44:37 <computerwiz_222> if someone told me that in real life, i'd be like gtfo haha
140 2011-06-17 00:45:18 <ius> Phone number of the actual VPS owner (I suppose) is in his whois
141 2011-06-17 00:45:19 <upb> too bad its not 1999, could pwn that crap with fake file upload :P
142 2011-06-17 00:45:34 <ius> See whois baker3d.com -> if any of you americans feel like calling ;)
143 2011-06-17 00:45:57 <iz> haha yeah
144 2011-06-17 00:46:51 <ius> Probably a much more reasonable idea than DoSing his VPS. Off now, getting rational..
145 2011-06-17 00:48:14 <gmaxwell> computerwiz_222: I have expected it to pop up a "what.. are you an idiot??" box when I hit upload.
146 2011-06-17 00:48:19 <gmaxwell> er half
147 2011-06-17 00:49:06 <computerwiz_222> haha
148 2011-06-17 00:57:43 <jrmithdobbs> http://home.jrbobdobbs.org/mith/email-notification.txt
149 2011-06-17 00:57:55 <jrmithdobbs> that should sort itself pretty quick assuming their abuse dept doesn't suck.
150 2011-06-17 01:04:10 <Kireji> has anyone built a system that can determine what percentage of available bitcoins are in transactions for a given time history (like daily)
151 2011-06-17 01:04:40 <Kireji> it is pretty easy to count total transaactions, but that double counts a lot
152 2011-06-17 01:05:11 <Kireji> it's a harder analysis to determine how many "unique" coins are moving as a percent of available ones
153 2011-06-17 01:05:33 <FellowTraveler> When I start up Bitcoin, it never asks me for the password. How will an attacker be prevented from using my private key if it is not protected with a password?
154 2011-06-17 01:06:29 <FellowTraveler> basically a virus only needs to steal the file, not the keystrokes. Or am I missing something?
155 2011-06-17 01:06:39 <Kireji> FellowTraveler: correct
156 2011-06-17 01:06:50 <Kireji> password-based encryption of the wallet are in development, according to 2 different sources I read
157 2011-06-17 01:07:07 <Kireji> but at this time wallat.dat holds the private keys for all your transactions
158 2011-06-17 01:07:23 <amstan> i still think it's futile if you're running on a compromised system
159 2011-06-17 01:07:35 <AlonzoTG> fuck you, google.
160 2011-06-17 01:07:38 <amstan> and by compromised i mean everything, even microsoft stealing your wallet file
161 2011-06-17 01:08:02 <AlonzoTG> I hate it when google can't answer my question but instead points me to billions of forum posts by people with exactly my question.
162 2011-06-17 01:08:05 <Kireji> amstan: yeah, if someone can access your files, the current tech is not going to work well for you
163 2011-06-17 01:08:26 <Kireji> AlonzoTG: you are free to not use Google
164 2011-06-17 01:08:42 <dD0T> amstan: That's like saying having locks is futile because you can easily break them
165 2011-06-17 01:09:00 <lfm> FellowTraveler: if you got a virus it could capture your keystokes for a password anyway
166 2011-06-17 01:09:16 <forrestv> what exactly is CRITICAL_BLOCK(cs_main) locking?
167 2011-06-17 01:09:20 <dD0T> amstan: It's all a matter of attack surface and security layers
168 2011-06-17 01:09:22 <amstan> dD0T: yes, but unlike locks, computers cannot be easily checked if they're compromised or not
169 2011-06-17 01:09:29 <FellowTraveler> Don't you guys think it's time we moved to using crypto cards?
170 2011-06-17 01:09:37 <amstan> FellowTraveler: +1 to that
171 2011-06-17 01:09:50 <Kireji> FellowTraveler: can you elaborate?
172 2011-06-17 01:09:54 <AlonzoTG> atg@tortoise ~/source/bitcoin/src $ ls /usr/lib/boost-1_46/ -l
173 2011-06-17 01:10:04 <AlonzoTG> So I have boost installed.
174 2011-06-17 01:10:06 <AlonzoTG> BUT
175 2011-06-17 01:10:14 <AlonzoTG> /usr/lib/gcc/x86_64-pc-linux-gnu/4.5.2/../../../../x86_64-pc-linux-gnu/bin/ld: cannot find -lboost_system
176 2011-06-17 01:10:15 <lfm> FellowTraveler: they dont support bitcoin anyway
177 2011-06-17 01:10:26 <dD0T> amstan: You wouldn't know someone picked your lock from looking at it either...
178 2011-06-17 01:10:47 <Kireji> just now saw an article on a trojan searching for wallet files http://www.symantec.com/connect/blogs/all-your-bitcoins-are-ours
179 2011-06-17 01:10:49 <dD0T> amstan: Also nitpicking in analogies is...well...
180 2011-06-17 01:10:56 <amstan> dD0T: you started it..
181 2011-06-17 01:11:00 <gmaxwell> hah https://github.com/MrMEEE/bumblebee/commit/a047be
182 2011-06-17 01:11:23 <lfm> AlonzoTG: boost has an option for separate libs or combined lib. It seems you have the combined lib
183 2011-06-17 01:11:35 <jrmithdobbs> called linode to have them bump up priority on that abuse report
184 2011-06-17 01:11:46 <dD0T> gmaxwell: funny. that one has slowly spread through pretty much all channels I'm in over the course of the day :-)
185 2011-06-17 01:11:47 <jrmithdobbs> they have to do their usual customer contact shuffle of course
186 2011-06-17 01:11:53 <FellowTraveler> what do you guys suggest, USB stick ?
187 2011-06-17 01:11:53 <jrmithdobbs> bit that'll be down shortly
188 2011-06-17 01:11:59 <FellowTraveler> truecrypt ?
189 2011-06-17 01:12:13 <dD0T> andrew12: not really. I tried to explain via an analogy. you did the nitpicking
190 2011-06-17 01:12:17 <FellowTraveler> normally I suppose you'd want to protect the file from the network, but that doesn't make much sense for a p2p app
191 2011-06-17 01:12:33 <jrmithdobbs> got imgur image pulled again too
192 2011-06-17 01:12:34 <jrmithdobbs> lol
193 2011-06-17 01:12:48 <AlonzoTG> The only thing I care about is how to make this link or the keywords I can use to find out how to make this link.
194 2011-06-17 01:12:51 <AlonzoTG> I hate linkers.
195 2011-06-17 01:12:57 <dD0T> FellowTraveler: have a completely offline wallet you transfer all funds too
196 2011-06-17 01:13:01 <jrmithdobbs> *this* is how you take care of things like this, not dosing them, guys ;P
197 2011-06-17 01:13:30 <AlonzoTG> They're the most under-documented, poorly understood, and missused piece of software that is more important, in many respects, than the kernel or the compiler.
198 2011-06-17 01:14:08 <jrmithdobbs> AlonzoTG: follow instructions in build*.txt in doc/ ... problem solved
199 2011-06-17 01:14:20 <AlonzoTG> =|
200 2011-06-17 01:14:49 <AlonzoTG> When I did that I got compiler errors; so I spent an hour fixing the code, now the code works, but I can't link it because ld is gay.
201 2011-06-17 01:15:05 <jrmithdobbs> ya you probably broke the code
202 2011-06-17 01:15:15 <jrmithdobbs> and were just using wrong lib versions
203 2011-06-17 01:15:17 <jrmithdobbs> but ok
204 2011-06-17 01:15:50 <AlonzoTG> 90% of the time, my machine has the latest versions available.
205 2011-06-17 01:16:26 <lfm> dD0T: encryption is export controlled in some places still so it would restrict the spread of bitcoins
206 2011-06-17 01:16:42 <dD0T> lfm: lol
207 2011-06-17 01:16:44 <jrmithdobbs> dD0T: because it's pretty pointless, if the machine's compromised even if it's encrypted it's a matter of waiting for the user to input the passphrase and log it
208 2011-06-17 01:16:45 <jrmithdobbs> dD0T: it's just a nice warm fuzzy feel good that stops NOTHING
209 2011-06-17 01:17:13 <dD0T> lfm: You do relise that there's already public private crypto in btc?
210 2011-06-17 01:17:18 <jrmithdobbs> the real solution is to keep large sums assigned to keys that have never touched a bitcoin wallet
211 2011-06-17 01:17:35 <lfm> ddotonly signatures, they are not export controlled
212 2011-06-17 01:18:08 <jrmithdobbs> which is hard to do currently until sipa's showwallet tree gets merged
213 2011-06-17 01:18:37 <jrmithdobbs> because you can gen the keys offline into encrypted media and send to them just fine
214 2011-06-17 01:18:40 <dD0T> jrmithdobbs: It's a whole lot harder to have a machine compromised until you can snoop the key. also it requires a lot more effort
215 2011-06-17 01:19:20 <lfm> dd0t not a lot
216 2011-06-17 01:19:23 <jrmithdobbs> but then actually moving them around again afterwards is hard since you have to either mangle a wallet.dat manually or rebase sipa's patches to import them (and fix the OBO that prevents you from importing certain keys that are valid saying they're invalid)
217 2011-06-17 01:19:28 <Validus> depends where you are
218 2011-06-17 01:19:56 <jrmithdobbs> dD0T: um no it's not, the compromise is happening outside of bitcoin to begin with
219 2011-06-17 01:20:11 <jrmithdobbs> dD0T: compromise machine, start key logger, done
220 2011-06-17 01:20:22 <Validus> side jack open wifi
221 2011-06-17 01:20:23 <jrmithdobbs> dD0T: wallet encryption does fuck all
222 2011-06-17 01:20:36 <Validus> next to no work
223 2011-06-17 01:20:37 <dD0T> ah well. i guess all other apps handling ppk material have the pwds for the lulz.
224 2011-06-17 01:20:44 <lfm> dd0t yup
225 2011-06-17 01:20:49 <Validus> oh you left windows sharing on by default....
226 2011-06-17 01:20:51 <dD0T> thought so
227 2011-06-17 01:21:00 <jrmithdobbs> dD0T: makes people feel better
228 2011-06-17 01:21:12 <jrmithdobbs> dD0T: does nothing if the machine said passphrase protected keys are stored on are compromised
229 2011-06-17 01:21:14 <dD0T> jrmithdobbs: right....
230 2011-06-17 01:21:16 <jrmithdobbs> as just described
231 2011-06-17 01:21:28 <Validus> security is in the hand of the user, as well as what you implement
232 2011-06-17 01:21:35 <dD0T> it does. until the key is entered the data is still safe
233 2011-06-17 01:21:46 <Validus> use onscreen keyboard to type things. no keylogs there
234 2011-06-17 01:21:51 <dD0T> that means backups are safe too btw.
235 2011-06-17 01:21:59 <jrmithdobbs> that assumes the breach is caught before the passphrase (NOT KEY) is entered
236 2011-06-17 01:22:05 <jrmithdobbs> and that is fairly unlikely in most scenarios
237 2011-06-17 01:22:11 <dD0T> it's all a matter of attack surface
238 2011-06-17 01:22:19 <jrmithdobbs> yes, it does mean backups are safer, i'll concede that
239 2011-06-17 01:22:32 <lfm> Validus: depends how you capture keys. there are still keyboard events generated to be captured
240 2011-06-17 01:22:34 <jrmithdobbs> but you shouldn't be backing up privkeys to unencrypted storage anyways
241 2011-06-17 01:22:48 <jrmithdobbs> that's just common sense
242 2011-06-17 01:22:50 <Validus> 90% of keyloggers dont record onscreen keyboard
243 2011-06-17 01:22:58 <Validus> i like keepass personally
244 2011-06-17 01:23:14 <Validus> but still comes down to user
245 2011-06-17 01:23:19 <dD0T> jrmithdobbs: shouldn couldn wouldn
246 2011-06-17 01:23:29 <lfm> Validus: thats what they like you to beleive
247 2011-06-17 01:23:32 <dD0T> jrmithdobbs: users don't care :-)
248 2011-06-17 01:23:43 <Validus> ive seen alot. thats why i said 90%, i did not say all
249 2011-06-17 01:23:57 <jrmithdobbs> Validus: um, keepass looks worthless
250 2011-06-17 01:24:05 <jrmithdobbs> jfyi
251 2011-06-17 01:24:18 <Validus> its an encrypted database , held by a large key you set
252 2011-06-17 01:24:30 <Validus> and that still has your passwords for sites with ******'s in them. but it can auto fill in forms and keep it secure
253 2011-06-17 01:24:47 <jrmithdobbs> Validus: for the scenarios being described, at least
254 2011-06-17 01:24:51 <Validus> that way you dont use the same password on every site, you can make extremely hard passwords on every site and not worry about forgetting them
255 2011-06-17 01:25:18 <lfm> anyway you can always use any old file encryptor program, it might be better than what could be put in bitcoin anyway
256 2011-06-17 01:25:19 <dD0T> I like keepass
257 2011-06-17 01:25:20 <jrmithdobbs> Validus: might as well just drop them in a plain text file on a luks encrypted loop image (ore aes encrypted dmg)
258 2011-06-17 01:25:42 <dD0T> lfm: ? it's not as if _using_ crypto is rocket science :-)
259 2011-06-17 01:25:44 <Validus> well setup a 30+ key for keepass and brute force is
260 2011-06-17 01:25:45 <jrmithdobbs> dD0T: ya but it's entry hotkey stuff makes the whole thing worthless for avoiding keylogger scenarios
261 2011-06-17 01:25:58 <dD0T> lfm: the libs do all the heavy lifting
262 2011-06-17 01:26:02 <Validus> you do understand what keyloggers do. they record keys
263 2011-06-17 01:26:08 <Validus> if no key is hit, then what is it recording
264 2011-06-17 01:26:12 <Validus> nothing.
265 2011-06-17 01:26:26 <jrmithdobbs> Validus: you do understand that keyloggers don't just record physical keyboard events, right?
266 2011-06-17 01:26:37 <lfm> dD0T: right so do it outside bitcoin, as you say it is easy
267 2011-06-17 01:27:03 <Validus> well save yourself the trouble before you get hacked and send me your btc
268 2011-06-17 01:27:04 <dD0T> lfm: ?
269 2011-06-17 01:27:04 <Validus> :P
270 2011-06-17 01:27:07 <jrmithdobbs> Validus: having them sniff unnamed pipes and similar is not uncommon
271 2011-06-17 01:27:18 <Validus> i wanst saying it wasnt/or was
272 2011-06-17 01:27:38 <Validus> thats easier, actually peoples retarded passes for things is the worst security measure in the world
273 2011-06-17 01:27:51 <jrmithdobbs> the main problem
274 2011-06-17 01:27:55 <lfm> Validus: dont laugh, there was a scam already where the guy said he would keep an safe encrypted backup of your wallet for you
275 2011-06-17 01:28:02 <Validus> LOL
276 2011-06-17 01:28:03 <jrmithdobbs> is that end user services still all rely on fucking passwords
277 2011-06-17 01:28:05 <jrmithdobbs> fuck passwords
278 2011-06-17 01:28:15 <Validus> id encrypt it. rar it, password it, encrypt ethe archive. rename it. then encrypt it again
279 2011-06-17 01:28:20 <lfm> Validus: I said dont laugh! grin
280 2011-06-17 01:28:37 <Validus> theres ways of protecting your data storing things online
281 2011-06-17 01:28:43 <Validus> just have to use your noggin
282 2011-06-17 01:28:45 <dD0T> Validus: ... then forget the pw and... oh wait :-)
283 2011-06-17 01:28:51 <jrmithdobbs> seriously, all these sites that require passwords have already switched to ssl (the decent ones) transport for the passwords
284 2011-06-17 01:28:52 <Validus> i do not forget passwords :P
285 2011-06-17 01:29:08 <Validus> if i cant remember in my mind, my fingers do lol
286 2011-06-17 01:29:12 <jrmithdobbs> it would take like 10-20 lines more code to take ssl cert fingerprints from the user and use actual client cert auth
287 2011-06-17 01:29:23 <lfm> va;lidwell the people who most need it do forget passwords
288 2011-06-17 01:29:24 <dD0T> Validus: muscle memoryftw
289 2011-06-17 01:29:39 <jrmithdobbs> and people like comodo (i don't really like them either, but the CA signing for this purpose doesn't matter) issue semi-validatable end user certs FOR FREE
290 2011-06-17 01:29:39 <Validus> then they should be using keepass, at least theres a few other measures taken
291 2011-06-17 01:29:45 <Validus> better than save password in firefox, or a text file
292 2011-06-17 01:29:55 <jrmithdobbs> but nooo
293 2011-06-17 01:29:56 <dD0T> jrmithdobbs: users don't have certs (usually)
294 2011-06-17 01:30:05 <jrmithdobbs> client ssl cert auth is too hard
295 2011-06-17 01:30:13 <jrmithdobbs> dD0T: like I said, comodo and a few others issue them for free
296 2011-06-17 01:30:14 <Validus> ah sh it. i forgot i got a 40 port router today
297 2011-06-17 01:30:26 <Validus> cisco 5505 i believe
298 2011-06-17 01:30:47 <jrmithdobbs> dD0T: and fairly automated and easy to aquire ways
299 2011-06-17 01:30:53 <dD0T> jrmithdobbs: ppl. want to uswe their webmail from the ecaffee :-)
300 2011-06-17 01:31:15 <jrmithdobbs> people should buy laptops
301 2011-06-17 01:31:32 <dD0T> jrmithdobbs: Well. I do have client certs i use for certain sites
302 2011-06-17 01:31:32 <jrmithdobbs> typing passwords on public terminals is the dumbest thing you can do
303 2011-06-17 01:31:42 <dD0T> but I wouldn't trust a "normal" user to get on with them
304 2011-06-17 01:32:01 <dD0T> jrmithdobbs: welcome to the real world i guess
305 2011-06-17 01:32:10 <jrmithdobbs> dD0T: that's because you're used to window's shit key handlind
306 2011-06-17 01:32:13 <jrmithdobbs> keychain makes it awesome.
307 2011-06-17 01:32:19 <lfm> is really nothing to do with bitcoin
308 2011-06-17 01:32:28 <jrmithdobbs> s/key/cert/;s/handlind/handling/
309 2011-06-17 01:32:36 <dD0T> the world of password password, 12345 and layer 8
310 2011-06-17 01:33:00 <jrmithdobbs> dD0T: i'm aware, that doesn't mean the service providers aren't partially to blame for the continuation of this problem
311 2011-06-17 01:33:19 <jrmithdobbs> at least then smart/informed users could *attempt* to use better authentication methods
312 2011-06-17 01:33:20 <dD0T> jrmithdobbs: no it doesn't :-) as soon as you have multiple machines and a mobile phone it's a pita
313 2011-06-17 01:33:45 <dD0T> jrmithdobbs: and
314 2011-06-17 01:34:22 <lfm> I agree mobil phones are a pita
315 2011-06-17 01:34:33 <jrmithdobbs> dD0T: keychain syncing with mobileme and importing certs on android devices is a matter of dropping on sd card and clicking "add"
316 2011-06-17 01:34:41 <jrmithdobbs> you guys' phones suck
317 2011-06-17 01:34:49 <dD0T> jrmithdobbs: maybe :-)
318 2011-06-17 01:35:07 <lfm> not all androids have a SD slot
319 2011-06-17 01:35:11 <jrmithdobbs> (you have to input import passphrase after hitting add, and every time you use the cert you have to input key passphrase)
320 2011-06-17 01:35:16 <jrmithdobbs> lfm: adb push
321 2011-06-17 01:35:28 <jrmithdobbs> ;P
322 2011-06-17 01:35:36 <davro> phones suck and tinfoil hats rule !
323 2011-06-17 01:35:51 <lfm> cat walked over you keyboard?
324 2011-06-17 01:36:13 <jrmithdobbs> lfm: ?
325 2011-06-17 01:36:46 <lfm> "adb"
326 2011-06-17 01:37:00 <lfm> ?
327 2011-06-17 01:37:33 <dD0T> lfm: bluetooth thingy afaik
328 2011-06-17 01:37:38 <jrmithdobbs> lfm: $ adb --help
329 2011-06-17 01:38:18 <lfm> oh, sounds like a great tool for newbie users to need
330 2011-06-17 01:38:53 <jrmithdobbs> not having a mountable-over-usb storage mechanismis fairly rare on android devices
331 2011-06-17 01:39:08 <jrmithdobbs> especially so on any worth using
332 2011-06-17 01:39:41 <jrmithdobbs> but for those corner cases there is still a solution is all i'm saying
333 2011-06-17 01:40:07 <Validus> just got this today, http://img221.imageshack.us/img221/1844/image001uw.jpg
334 2011-06-17 01:40:24 <Validus> :D
335 2011-06-17 01:41:06 <dD0T> lots of ports
336 2011-06-17 01:41:29 <Validus> company is moving to chicago. it needs 1 fan replaced and thats pretty much it. in perfect condition
337 2011-06-17 01:41:44 <dD0T> old beast though, isn't it?
338 2011-06-17 01:42:08 <Validus> its probably so so. but cant beat free
339 2011-06-17 01:42:52 <Validus> despite the fan. it was taken care of
340 2011-06-17 01:43:57 <upb> is it 10mbit?
341 2011-06-17 01:44:26 <Validus> i honestly just carried it in. i was just called and said hey you want this
342 2011-06-17 01:45:06 <jrmithdobbs> it can run ios assuming you have the firmware files
343 2011-06-17 01:45:18 <jrmithdobbs> so no
344 2011-06-17 01:46:00 <jrmithdobbs> pretty awesome for free if you don't mind the jet engine/power part of the equation
345 2011-06-17 01:46:36 <jrmithdobbs> and they don't really eat much power depending on what blades are in it
346 2011-06-17 01:46:43 <jrmithdobbs> well, also depends on what sup module's in it
347 2011-06-17 01:46:43 <Validus> my 5200 rpm 62 dba fan is running at 3100 atm
348 2011-06-17 01:46:53 <Validus> i dont much care if its loud
349 2011-06-17 01:47:01 <lfm> 10BaseT only according to the specs
350 2011-06-17 01:47:12 <dD0T> urgs
351 2011-06-17 01:47:18 <jrmithdobbs> ya i'd take one for free ... at the least you could strip the blades out and sell the chassis for ~100-200
352 2011-06-17 01:47:25 <dD0T> 10? switch or hub?
353 2011-06-17 01:47:26 <jrmithdobbs> and then part out the blades
354 2011-06-17 01:47:58 <Validus> Cisco Catalyst 5505 40port router. One of the fans on the top needs replacing, but its in almost perfect condition:
355 2011-06-17 01:48:02 <Validus> thats what i got in email
356 2011-06-17 01:48:19 <jrmithdobbs> lfm: depneds on the blades in it. and those can be replaced.
357 2011-06-17 01:48:36 <Validus> came from a big office
358 2011-06-17 01:50:21 <jrmithdobbs> lfm: those can do gigabit p sure
359 2011-06-17 01:50:30 <jrmithdobbs> not 10gbit but gbit
360 2011-06-17 01:50:41 <jrmithdobbs> blades in it are probably 10/100 on 10s tho
361 2011-06-17 01:51:02 <lfm> I was just going by cisco 2500 on the front
362 2011-06-17 01:51:05 <jrmithdobbs> lfm: wrong unit
363 2011-06-17 01:51:06 <Validus> ill go through all the specs in a bit
364 2011-06-17 01:51:10 <jrmithdobbs> lfm: 5500 is teh chassis on the bottom
365 2011-06-17 01:51:11 <Validus> gotta get some other stuff done first
366 2011-06-17 01:51:15 <jrmithdobbs> lfm: and the part that's interesting
367 2011-06-17 01:51:52 <jrmithdobbs> lfm: but ya the 2500s are way old crap ;P
368 2011-06-17 01:52:02 <Validus> http://www.cisco.com/en/US/products/hw/switches/ps679/products_data_sheet09186a0080092603.html
369 2011-06-17 01:52:05 <Validus> that should be it
370 2011-06-17 01:52:07 <jrmithdobbs> lfm: bottom chassis is a 5505
371 2011-06-17 01:52:20 <Validus> cisco catalyst 5505
372 2011-06-17 01:52:29 <echelon> any bitcoin wiki admins on?
373 2011-06-17 01:52:36 <Validus> and full. bastard is heavy hehe
374 2011-06-17 01:52:54 <jrmithdobbs> Validus: great find for free. like I said, just hope for your sake it's already running ios and not catos ;P
375 2011-06-17 01:53:03 <Validus> im not touching it till i replace the top fan that needs it
376 2011-06-17 01:53:26 <jrmithdobbs> Validus: just pull all but the sup blade and one of the port blades out and there's no way it'll overheat
377 2011-06-17 01:53:28 <jrmithdobbs> srsly
378 2011-06-17 01:53:30 <Validus> watched my video card go from 40 to 82 in less than 10 mins
379 2011-06-17 01:53:38 <Validus> lol
380 2011-06-17 01:53:47 <jrmithdobbs> network gear is pretty hard to overheat
381 2011-06-17 01:53:53 <Validus> why i hooked up the high rpm fan
382 2011-06-17 01:53:56 <jrmithdobbs> especially without load
383 2011-06-17 01:54:05 <Validus> i dont put anything past me
384 2011-06-17 01:54:26 <jrmithdobbs> meh i've seen 2650s run for years (literally) with both fans dead
385 2011-06-17 01:54:52 <Validus> im not saying i would, im just saying i rather be safe than sorry and not risk it
386 2011-06-17 01:55:13 <jrmithdobbs> i'd at least fire it up to see what kind of blades those are
387 2011-06-17 01:55:33 <jrmithdobbs> and get the version of the sup module to find out if it can (or already is) running ios
388 2011-06-17 01:55:37 <Validus> in a bit. i gotta get some work done
389 2011-06-17 01:56:21 <Validus> gotta find some cables to
390 2011-06-17 01:56:51 <jrmithdobbs> just need your rollover cable and a null modem to find out everything interesting ;P
391 2011-06-17 02:04:06 <dD0T> Validus: thermal capacitance to the rescue !!!11
392 2011-06-17 02:31:01 <wjk0vax> anyone here knows if mtgox trading api works?
393 2011-06-17 02:31:03 <AlonzoTG> I gave up on the custom makefiles and am now trying to get cmake working,
394 2011-06-17 02:31:10 <AlonzoTG> there's a somewhat sloppy cmake example out there,
395 2011-06-17 02:32:06 <wjk0vax> getFunds.php and such - anyone made it work at all?
396 2011-06-17 02:43:30 <wasabi2> Hello. Trying to write an experimental miner.
397 2011-06-17 02:43:36 <amstan> jrmithdobbs: well.. my script is still uploading
398 2011-06-17 02:43:37 <wasabi2> So... have my hash of the has.
399 2011-06-17 02:44:25 <wasabi2> The length of the target is 32 bytes?
400 2011-06-17 02:51:13 <forrestv> what does cs_main lock?
401 2011-06-17 02:51:40 <jgarzik> lots of stuff
402 2011-06-17 02:52:24 <wasabi2> anything special in the comparison of the sha256 hash to the target?
403 2011-06-17 02:52:31 <wasabi2> Like any byte swapping have to happen?
404 2011-06-17 02:58:58 <jgarzik> wasabi2: read cpuminer and pyminer
405 2011-06-17 03:05:34 <forrestv> jgarzik, how do i determine whether i need to lock cs_main?
406 2011-06-17 03:09:34 <forests> wasabi2: you have to byteswap the whole target
407 2011-06-17 03:09:46 <forests> if you get it via RPC
408 2011-06-17 03:10:01 <forests> it will end up looking like this http://blockexplorer.com/q/hextarget
409 2011-06-17 03:14:16 <wasabi2> Oh, every single byte?
410 2011-06-17 03:14:19 <wasabi2> Somebody mentioned quads.
411 2011-06-17 03:15:07 <forests> check the cpuminer fulltest function in util.c
412 2011-06-17 03:16:02 <forests> it does a full swap, then does quad swapping on the hash to compare with target
413 2011-06-17 03:16:50 <wasabi2> okay... full swap of target, quad swap on hash.
414 2011-06-17 03:18:13 <forests> well it also full swaps the hash before doing the quad
415 2011-06-17 03:21:01 <wasabi2> Golly. That all seems like a lot of work.
416 2011-06-17 03:21:12 <wasabi2> Wonder if I can ignore it and just do my comparison differently
417 2011-06-17 03:21:38 <wasabi2> Somebody mentioned that the hash must have position 7 == 0 to be valid?
418 2011-06-17 03:21:45 <wasabi2> As a quick way to skip a full compare.
419 2011-06-17 03:23:13 <forests> not according to block explorer
420 2011-06-17 03:23:41 <forests> nvm I was thinking of that position being in bytes
421 2011-06-17 03:23:59 <forests> yeah that's a quick way for an unswapped hash
422 2011-06-17 03:24:33 <AlonzoTG> =\n1094545
423 2011-06-17 03:24:41 <AlonzoTG> Google has revealed to me a number of things.
424 2011-06-17 03:24:52 <AlonzoTG> 1. The bitcoin community is extrordinarily active (good!)
425 2011-06-17 03:25:01 <AlonzoTG> 2. Many people are having trouble building bitcoin.
426 2011-06-17 03:25:13 <forests> yeah I've seen that it's in quads
427 2011-06-17 03:25:22 <AlonzoTG> 3. A number of people have published improved build systems for bitcoin,.
428 2011-06-17 03:25:49 <forests> 32 bit integers that is, it would be the same as the last 4 bytes being equal to 0
429 2011-06-17 03:25:51 <AlonzoTG> 4. The bitcoin project proper has been extremely slugish in adopting the badly needed and readily available improvements to the build system.
430 2011-06-17 03:26:18 <jgarzik> rofl
431 2011-06-17 03:26:36 <jgarzik> wallet encryption or improved build system - which one do you think has the priority?
432 2011-06-17 03:26:47 <jgarzik> P2P connectivity or improved build system - which one do you think has the priority?
433 2011-06-17 03:26:48 <proj-secfile> just curious, but have anyone known of anyways to protect a wallet ?
434 2011-06-17 03:26:52 <jgarzik> uh huh :)
435 2011-06-17 03:27:12 <AlonzoTG> Build system, always build system otherwise nobody can develop the software, they're just stuck waiting for you to make the build system a priority.
436 2011-06-17 03:27:48 <proj-secfile> wallet really needs some form of encryption to protect it's data from being stolen
437 2011-06-17 03:27:57 <AlonzoTG> agreed.
438 2011-06-17 03:28:02 <AlonzoTG> But then I can't even build the software.
439 2011-06-17 03:28:07 <AlonzoTG> Which is a more serious problem.
440 2011-06-17 03:28:40 <proj-secfile> we had a case of someone's wallet recently stolen and it needs to be reviewed
441 2011-06-17 03:29:32 <AlonzoTG> Good, fix the build system and I'll help with the wallet protection.
442 2011-06-17 03:31:24 <AlonzoTG> fuck this shit, I have so much else to do, not the least of which is finding a new job. =(
443 2011-06-17 03:31:39 <AlonzoTG> I just spent the ENTIRE evening trying to get the build system to work.
444 2011-06-17 03:32:32 <proj-secfile> which version is recommended for working on ? is it the v0.3.23rc1 that is recommended for dev ?
445 2011-06-17 03:39:53 <forrestv> anybody want to review 'getrawtransaction'? https://github.com/bitcoin/bitcoin/pull/324
446 2011-06-17 03:40:18 <jgarzik> plenty of other people manage to build bitcoin just fine
447 2011-06-17 03:40:59 <jgarzik> it's really not that difficult if you know anything about unix and makefiles
448 2011-06-17 03:42:08 <AlonzoTG> Byte me. The makefiles assume that you're using the 2008 version of all the relevant libraries.
449 2011-06-17 03:43:34 <Validus> if your using make and compiling, shouldn't you already know the dependancies?
450 2011-06-17 03:45:06 <doublec> AlonzoTG: the build-unix.txt has all the dependancies
451 2011-06-17 03:45:54 <Validus> README INSTALL, etc, usually all CAPS in a program
452 2011-06-17 03:46:04 <Validus> dont be pissed cuz you didnt read, much easier just to read or ask for help
453 2011-06-17 03:46:40 <Validus> besides you shouldnt be running linux distro's if you dont expect any problems. thats half the fun
454 2011-06-17 03:58:42 <dD0T> Validus: I would find that funny if it weren't so true....
455 2011-06-17 03:58:56 <Validus> i rather deal with linux problems than windows
456 2011-06-17 03:59:12 <Validus> but some dude gonna flame ppl cuz he cant read a txt file. nah get off crapbuntu and get a real distro
457 2011-06-17 04:00:33 <Validus> no offense to ppl using it. but my god. new is ok. but not like that
458 2011-06-17 04:00:46 <Validus> lol
459 2011-06-17 04:01:43 <Validus> usually it is no problems as long as you read, know what you need. and dont start tweaking things that are fun :D
460 2011-06-17 04:01:45 <Validus> ofc gotta tweak things though heh
461 2011-06-17 04:01:46 <dD0T> sounds familiar :-)
462 2011-06-17 04:01:53 <Validus> ive locked up 9 times today
463 2011-06-17 04:01:54 <Validus> did i stop. no. just changed a few things
464 2011-06-17 04:02:00 <forests> ubuntu is pretty though
465 2011-06-17 04:02:03 <forests> the rest of the distros are damn ugly
466 2011-06-17 04:02:05 <Validus> bleh
467 2011-06-17 04:02:09 <Validus> i aint even dare touching unity
468 2011-06-17 04:02:40 <dD0T> at least finally a gtk thingy with built in aero snap like fu
469 2011-06-17 04:02:40 <Validus> ubuntu can be convenient from all the stuff in the forums
470 2011-06-17 04:03:00 <Validus> i.e. apply to your distro, but try to figure out what you need
471 2011-06-17 04:03:30 <Validus> i dont agree with a distro that cant fix their bugs so they trash gnome and make their own gui instead. more worried about new version #'s than fixing what they need to. and now they are talking about trashing firefox and replacing it with chrome
472 2011-06-17 04:03:58 <Validus> which just not that long ago had ANOTHER 0 day exploit come out for it. and last november or october took 1st place for the most exploits for any web browser
473 2011-06-17 04:04:43 <dD0T> Validus: statistics
474 2011-06-17 04:05:03 <Validus> google chrome most exploits, was in october or november, so in pc terms thats a long time ago
475 2011-06-17 04:05:31 <forests> funny how firefox presented itself as fast and trimmed down, then it become all bloated
476 2011-06-17 04:05:31 <Validus> google: not google chrome
477 2011-06-17 04:05:44 <Validus> i have no problem with firefox, if your system sucks, get a new one
478 2011-06-17 04:05:58 <Validus> hehe
479 2011-06-17 04:06:41 <Validus> my p4 2 gig of ram handled firefox 4 just fine
480 2011-06-17 04:06:52 <dD0T> Validus: is firefox sandboxed yet?
481 2011-06-17 04:07:00 <Validus> with tons of tabs always open
482 2011-06-17 04:07:03 <dD0T> Validus: it sure is better then running it on the host :-)
483 2011-06-17 04:07:03 <Validus> sandbox helps to an extent, then theres sandboxie, but that is not 100% foolproof
484 2011-06-17 04:07:07 <Validus> why would you run it anyways?
485 2011-06-17 04:07:11 <Validus> thats what i always wondered
486 2011-06-17 04:07:18 <dD0T> Validus: also there's hardly any code out there built to escape a vm
487 2011-06-17 04:07:19 <forests> I've got firefox open right now, using 470MB of ram. chrome open and using 56 MB of ram.
488 2011-06-17 04:07:29 <Validus> just cuz there is hardly any doesnt mean it is not there
489 2011-06-17 04:07:34 <Validus> well you are doing somethign wrong then forests
490 2011-06-17 04:07:48 <Validus> firefox is using 82 meg of ram and i have 11 tabs open
491 2011-06-17 04:07:51 <Validus> and a persona loaded
492 2011-06-17 04:08:07 <Validus> RAM�: Used: 2225/8176MB
493 2011-06-17 04:08:14 <Validus> but that aint shit compared to everything else i have going
494 2011-06-17 04:08:15 <Validus> lol
495 2011-06-17 04:08:22 <JunK-Y> use chrome :)
496 2011-06-17 04:08:25 <Validus> fuck no
497 2011-06-17 04:08:38 <Validus> i installed that thing for a total of 5 minutes
498 2011-06-17 04:08:40 <dD0T> ff4 is pretty decent again. I still use chrome
499 2011-06-17 04:08:43 <Validus> then it went straigh toff
500 2011-06-17 04:09:04 <forests> idk how you got firefox to only use 82 mb of ram
501 2011-06-17 04:09:04 <Validus> i do not like chrome. and the way exploits keep getting popped for it, im not going to
502 2011-06-17 04:09:09 <forests> but I'm impressed
503 2011-06-17 04:09:15 <JunK-Y> hehehhe
504 2011-06-17 04:09:15 <Validus> ive never seen firefox over 150 meg ever
505 2011-06-17 04:09:27 <Validus> maybe once when i had over 20 tabs open and lots of java with other things
506 2011-06-17 04:09:34 <Validus> you definately have something wrong
507 2011-06-17 04:09:38 <dD0T> Validus: then you haven't really used it yet :-)
508 2011-06-17 04:09:44 <Validus> thats the highest u sage of firefox ive ever seen
509 2011-06-17 04:09:58 <Validus> ddot: i brought my dual core 3.06 ghz with 4 gig of ram to its knees over 8 times
510 2011-06-17 04:10:00 <forests> well, my chrome install works fine
511 2011-06-17 04:10:05 <Validus> i know how to use lots of things
512 2011-06-17 04:10:17 <Validus> im hell on pc's and i know i am.. lol
513 2011-06-17 04:10:23 <JunK-Y> forests: +1
514 2011-06-17 04:10:33 <Validus> ya so does my firefox
515 2011-06-17 04:10:44 <Validus> and im not going to be paranoid every 2nd wondering if another exploit popped out for it
516 2011-06-17 04:11:30 <dD0T> Validus: wasn't the last one a flash exploit?
517 2011-06-17 04:11:41 <Validus> the last one was after the flash update. was not even a month ago
518 2011-06-17 04:11:44 <Validus> iirc
519 2011-06-17 04:12:20 <Validus> i aint arguing which is better
520 2011-06-17 04:12:25 <Validus> but you wont catch that shit on my system
521 2011-06-17 04:12:26 <Validus> hehe
522 2011-06-17 04:13:10 <forests> but you allow flash?
523 2011-06-17 04:13:13 <Validus> id rather use ie before that, and thats saying alot
524 2011-06-17 04:13:29 <Validus> nope. not really
525 2011-06-17 04:13:52 <Validus> im not looking for flash sites, click random links. go on tpb or none of that. i always have stuff to do
526 2011-06-17 04:14:20 <forests> then why would you be worried about exploits in the first place
527 2011-06-17 04:14:50 <Validus> cuz 1. the exploits were not flash i was talking about. 2. security conscience.
528 2011-06-17 04:15:00 <Validus> thats like saying oh no one knows my ip so im protected
529 2011-06-17 04:15:19 <Validus> put a ftp up on port 21, label the header filezilla. watch the ppl trying to root you begin
530 2011-06-17 04:16:06 <forests> what I'm trying to say is that you're being security conscious by not using chrome, because you fear exploits, yet you don't disable flash
531 2011-06-17 04:16:33 <Validus> no. i dont use chrome cuz its a pos
532 2011-06-17 04:16:38 <Validus> and i dont like it. on top of the exploits for it
533 2011-06-17 04:16:42 <dD0T> Validus: obscurity ftw. that's why I use non std ports :-)
534 2011-06-17 04:16:42 <Validus> and i dont have flash enabled in my browser
535 2011-06-17 04:17:16 <Validus> i was just making a comparison of ppl that think since no one knows their ip or they are not on anything that nothing can happen to them
536 2011-06-17 04:17:22 <Validus> there are tons of ppl that think this and its sad
537 2011-06-17 04:17:31 <forests> well I'm impressed by your security consciousness
538 2011-06-17 04:17:37 <Validus> dont patronize me man
539 2011-06-17 04:17:46 <forests> you must use randomly generated passwords
540 2011-06-17 04:18:18 <dD0T> Validus: with ipv6 an proper randomization they might finally be somewhat right :-)
541 2011-06-17 04:18:53 <Validus> as long as a password contains upper lower # symbol and a good lenth and doesnt spell a word then your generally ok
542 2011-06-17 04:19:30 <Validus> its so easy to data mine with everything now and ppl willingly give up so much info
543 2011-06-17 04:19:48 <forests> true, especially facebook
544 2011-06-17 04:19:49 <Validus> what good is your security question if you put the answer out publicly
545 2011-06-17 04:19:50 <Validus> lol
546 2011-06-17 04:19:56 <dD0T> got to love security questions for pw recovery
547 2011-06-17 04:20:04 <dD0T> yeah
548 2011-06-17 04:20:08 <Validus> mine are random
549 2011-06-17 04:20:25 <wumpus> Validus: the only way to solve that browser exploit problem would be to run your browser in a vm that doesn't know its outside IP address and can only route through your vpn/tor/proxy or whatevery you use to anomymize
550 2011-06-17 04:20:35 <Validus> ive never answered a security question properly lol
551 2011-06-17 04:20:40 <Validus> and ive only forgettin my password once for my isp
552 2011-06-17 04:21:08 <Validus> if it gets on your system. it doesnt matter. if your connected its possible
553 2011-06-17 04:21:09 <dD0T> what is your mothers maiden name? Oh I don't know, let me check on fb real quick haha
554 2011-06-17 04:21:10 <Validus> vm does not protect as much as you think
555 2011-06-17 04:21:12 <wumpus> it does take some time to break out of, so if you can detect when it is compromised you can wipe it and restart
556 2011-06-17 04:21:15 <Validus> you can route things out of your vm and connect and run things from them as well
557 2011-06-17 04:21:25 <Validus> thats if you were lucky or just didnt leave it on while sleeping
558 2011-06-17 04:21:26 <dD0T> wumpus: time? nah
559 2011-06-17 04:21:44 <wumpus> you'd have to make sure the only way to route out of it is through the vpn, that's simply a matter of configuration of the host
560 2011-06-17 04:21:45 <Validus> and time is nothing. 30 seconds max most of the time
561 2011-06-17 04:21:53 <Validus> for anyone knowing what they are doing
562 2011-06-17 04:22:00 <wumpus> how would you break out of a hardware vm in 30 seconds?
563 2011-06-17 04:22:04 <dD0T> wumpus: it's just pretty unlikely to be targeted with that level of sophistication that would try to break out
564 2011-06-17 04:22:17 <wumpus> if you could do that you could also hack amazon for example
565 2011-06-17 04:22:18 <dD0T> just not worth it for an 0815 attack
566 2011-06-17 04:22:18 <Validus> depends how they planned the attack etc
567 2011-06-17 04:22:32 <wumpus> yes it's possible, but unlikely
568 2011-06-17 04:22:55 <Validus> i was talking to a "sys admin" the other day that had 114 updates due on his box...
569 2011-06-17 04:23:06 <Validus> like wtf man
570 2011-06-17 04:23:14 <Validus> it even updates it for you and you dont....
571 2011-06-17 04:23:28 <wumpus> sysadmins are known to delay updates
572 2011-06-17 04:23:48 <wumpus> because they still believe in 'if it isn't broken, don't fix it'
573 2011-06-17 04:23:51 <Validus> not to the point of where it is over 114
574 2011-06-17 04:23:52 <forests> yeah, like sony sysadmins
575 2011-06-17 04:24:05 <Validus> especially when dealing with ubuntu and it eating up lots of resources on their pc's
576 2011-06-17 04:24:06 <dD0T> wumpus: i don't think their gpu clusters have drivers much different from the consumer ones. I don't have to try hard to get mine to crash :-)
577 2011-06-17 04:24:07 <wumpus> corporate IT departments are the worst
578 2011-06-17 04:24:09 <Validus> so bloated
579 2011-06-17 04:24:23 <Validus> whats funny is sony was told they were vulnerable before it happened
580 2011-06-17 04:24:30 <wumpus> dD0T: yes, the CUDA is still a bit of an attack surface
581 2011-06-17 04:25:38 <dD0T> gotta love webgl and system codec embedding in some browsers. It's like crying: exploit me exploit me
582 2011-06-17 04:25:42 <wumpus> dD0T: especially if you go low-level, who knows if there are still memory protection problems with the GPU drivers.. they're closed source after all
583 2011-06-17 04:27:02 <dD0T> memory protection? in the gpu? I think not :-)
584 2011-06-17 04:27:04 <wumpus> dD0T: heh.. then again, the same kind of users probably download executables of games from random sites of the internet, which is even less secure
585 2011-06-17 04:27:19 <wumpus> dD0T: I think yes.. nv80+ has a MMU
586 2011-06-17 04:27:23 <Validus> *cough*tpb*cough*
587 2011-06-17 04:27:32 <wumpus> dD0T: it doesn't always work very well though in practice :P
588 2011-06-17 04:27:46 <Validus> the stupidity of people never ceases to amaze me
589 2011-06-17 04:28:22 <wumpus> people really need to get into the security mindset, but I think it's a matter of time, the way things are going lately... everything is being hacked :p
590 2011-06-17 04:28:32 <Validus> so how many ppl checked themselves on lulzsecz released password list
591 2011-06-17 04:28:51 <dD0T> wumpus: you have to much faith in the average consumer
592 2011-06-17 04:29:05 <Validus> the average consumer is a sheep and is told what to buy at bestbuy and walmart by schmucks
593 2011-06-17 04:29:07 <Validus> and the tv
594 2011-06-17 04:29:08 <Validus> :P
595 2011-06-17 04:29:14 <wumpus> the average customer of now, no, but in the future I think things will change
596 2011-06-17 04:29:17 <dD0T> they only consume. they don't want to bother with anything else
597 2011-06-17 04:29:34 <dD0T> i doubt it
598 2011-06-17 04:29:40 <dD0T> i see no sings of it
599 2011-06-17 04:30:11 <wumpus> it must change, otherwise, at this rate, everyone will be hacked every day :)
600 2011-06-17 04:30:19 <Validus> most ppl probably are
601 2011-06-17 04:30:20 <dD0T> up to now it doesn't even seem like most companies get it
602 2011-06-17 04:30:33 <wumpus> companies are even slower than people to adapt
603 2011-06-17 04:31:01 <wumpus> most it dept still live in the xp age
604 2011-06-17 04:31:22 <Validus> and still be supported to 2014 iirc
605 2011-06-17 04:31:28 <wumpus> hehe
606 2011-06-17 04:31:30 <Validus> or some date in the future, which is just dumb really
607 2011-06-17 04:31:33 <Validus> move on
608 2011-06-17 04:31:35 <dD0T> wumpus: win7 already is a big gain in security terms
609 2011-06-17 04:31:35 <wumpus> and ie6
610 2011-06-17 04:31:36 <wumpus> yes it is dD0T
611 2011-06-17 04:31:37 <Validus> win7 just had like 15 updates for security issues
612 2011-06-17 04:31:41 <dD0T> same goes for ie7 and on
613 2011-06-17 04:31:49 <Validus> but ms security essentials has the least false positives outa every a/v ive tried
614 2011-06-17 04:31:50 <Validus> lol
615 2011-06-17 04:31:54 <Validus> which is even weirder
616 2011-06-17 04:31:58 <dD0T> Validus: there are always security issues
617 2011-06-17 04:32:28 <wumpus> yes nothing is perfect that doesn't mean that we can't strive to make things better
618 2011-06-17 04:32:29 <dD0T> Validus: look at your distros security adv. ml :-)
619 2011-06-17 04:33:07 <dD0T> imho ms is doing an amazing job considering where they are coming from
620 2011-06-17 04:33:22 <Validus> ill admit its gotten better
621 2011-06-17 04:34:39 <Validus> time for a smoke. brb
622 2011-06-17 04:35:44 <dD0T> I'll be gone too. cya
623 2011-06-17 04:45:28 <CIA-103> bitcoin:� various� personal� * r1bbecd..343abc� poclbm-personal�/ (15 files):� (76 commits) http://tinyurl.com/6bb2vwy
624 2011-06-17 05:15:33 <Gekz> guys
625 2011-06-17 05:15:53 <gjs278> yeah
626 2011-06-17 05:15:57 <Gekz> is it possible to cancel a transaction before 6 confirmations?
627 2011-06-17 05:16:00 <gjs278> no
628 2011-06-17 05:16:13 <gjs278> if it has even one confirmation
629 2011-06-17 05:16:19 <gjs278> you are screwed
630 2011-06-17 05:16:29 <Gekz> I should rephrase as "technically possible"
631 2011-06-17 05:16:40 <gjs278> if it has no confirmations you are screwed
632 2011-06-17 05:16:42 <gjs278> the only way you can ever "cancel" it is to never let it go out in the first place
633 2011-06-17 05:16:44 <forrestv> Gekz, 'technically' you can cancel a transaction with any number of confirmations (with sufficient computing power)
634 2011-06-17 05:16:44 <Gekz> gjs278: yes, that's not what I'm asking, please be quiet.
635 2011-06-17 05:16:44 <gjs278> which I did that once when my network connections was zero
636 2011-06-17 05:16:48 <Gekz> forrestv: not by exploitation of the protocol, I mean a proper op code.
637 2011-06-17 05:17:14 <forrestv> ah, once it's out there it's going to go in a block if it's valid, and no nodes are going to accept any replacement transaction
638 2011-06-17 05:18:06 <Gekz> I'm just wondering if it would be possible to add the abilty to send an "OHSHIT" op code that be placed in the next block, and if it were within 6 blocks of the transaction, it could be reversed.
639 2011-06-17 05:20:43 <Diablo-D3> so lets see here
640 2011-06-17 05:20:49 <Diablo-D3> deepbit did 3.3% reject rate for me
641 2011-06-17 05:21:21 <Diablo-D3> eligius is currently at 2%
642 2011-06-17 05:42:13 <hippy69> whats the best wifi sniffer?
643 2011-06-17 05:45:29 <Diablo-D3> your mom
644 2011-06-17 05:50:15 <megu> Hello ! I'm not sure if it is the right place, but anyways... Have you considered securing the client by asking for a password / key whatever system before each send ? Say I let my client open on my desktop, or someone steals my wallet. they shouldn't be able to use it without my key
645 2011-06-17 05:50:57 <megu> this could be optional to keep the thing easy-if-you-are-not-paranoid
646 2011-06-17 05:53:14 <ersi> megu: Yes
647 2011-06-17 05:53:30 <ersi> megu: and not just 'password protected', but encrypted
648 2011-06-17 05:54:15 <megu> I did read about the encrypted wallet, but my point was about asking the key for every transaction
649 2011-06-17 05:56:12 <ersi> As far as I've seen discussed here, that is the plan. Both for start-up and for transactions
650 2011-06-17 05:56:36 <megu> its great then :)
651 2011-06-17 05:57:12 <megu> it would be nice to have a confirmation asked too. like "you are about to send xxx to yyy - are you sure ?
652 2011-06-17 06:00:27 <ersi> I imagine that's what the password prompt would be?
653 2011-06-17 06:00:46 <megu> clever !
654 2011-06-17 06:00:48 <ersi> "You're about to send a transaction of X BTC to ADDRESS. Type in your password to confirm the transaction:" :)
655 2011-06-17 06:02:57 <SomeoneWeird> lol
656 2011-06-17 06:07:05 <stuhood> needs a captcha =P
657 2011-06-17 06:08:09 <ersi> Fuck captchas
658 2011-06-17 06:15:13 <hipeople> im just looking for a program that will detect open networks while im driving with my netbook open, anyone know of any?
659 2011-06-17 06:19:38 <TommyBoy3G> http://techcrunch.com/2011/06/16/payments-service-dwolla-hits-1m-a-week-in-transactions/
660 2011-06-17 06:20:32 <_dr> hipeople: let me see if my grey cells still work
661 2011-06-17 06:21:11 <hipeople> okay thanks :)
662 2011-06-17 06:21:13 <_dr> aircrack for cracking wep
663 2011-06-17 06:21:25 <hipeople> wep?
664 2011-06-17 06:21:31 <_dr> wardriving... netstumbler, kismet
665 2011-06-17 06:21:51 <hipeople> whats wep?
666 2011-06-17 06:22:03 <_dr> pre-wpa wireless encryption
667 2011-06-17 06:22:06 <_dr> it's been a long time since i've been doing this stuff :)
668 2011-06-17 06:22:09 <hipeople> is that like the passwords people put on the networks?
669 2011-06-17 06:22:12 <_dr> 48bit crappy rc4 cipher
670 2011-06-17 06:40:20 <SomeoneWeird> 0_o
671 2011-06-17 06:47:27 <darbsllim> Hey MagicalTux, I sent an email last week to the email listed on mtgox about a problem we're having, including a screenshot
672 2011-06-17 06:47:38 <darbsllim> nobody got back to me though, whats the best way to get info?
673 2011-06-17 06:48:17 <MagicalTux> darbsllim: ticket number ?
674 2011-06-17 06:49:03 <darbsllim> no itcket number
675 2011-06-17 06:49:09 <darbsllim> this was before you started using zendesk
676 2011-06-17 06:49:17 <forrestv> can some dev please look at https://github.com/bitcoin/bitcoin/pull/324 ... need to know if the output format is okay
677 2011-06-17 06:51:31 <lianj> forrestv: why not make it the same as on blockexplorer?
678 2011-06-17 06:51:38 <darbsllim> MagicalTux I just re-submitted the problem this time to support@mtgox.zendesk.com.
679 2011-06-17 06:53:31 <forrestv> lianj, blockexplorer does some things differently ... like disassemble scripts
680 2011-06-17 06:53:42 <forrestv> i was mostly following the labels on the Protocol Specification page
681 2011-06-17 06:54:46 <forrestv> it could follow more closely, but blockexplorer isn't really that important
682 2011-06-17 06:55:08 <forrestv> well, what i mean is - does anybody grab those raw pages and parse them?
683 2011-06-17 06:56:12 <lianj> the blockexplorer ones? i guess yes :)
684 2011-06-17 07:19:10 <BlueMatt> forrestv: now I cant speak for others, but I would prefer to see that kind of thing in patches and branches, not in mainline...maybe a ways down the road once we can clean up some of the internal crap and generally clean the api, but for now...not so sure it will get pulled
685 2011-06-17 07:23:12 <forrestv> BlueMatt, ah ... there needs to be some way to get at bitcoin's internal data, though!
686 2011-06-17 07:23:16 <forrestv> for pools or other interesting things that pop up
687 2011-06-17 07:24:12 <BlueMatt> I agree, but for now, the rpc is such a mess and all the crap it calls is as well, once most of that gets cleaned up and rpc turns into a wrapper calling the same functions as wx, qt, etc we can make functions that do that and release as libbitcoin, but until the codebase is cleaned a bit, well more and more features seems like a bad idea
688 2011-06-17 07:24:45 <sipa> indeed, i think there is already a lot of code shared between rpc and wx
689 2011-06-17 07:25:30 <BlueMatt> yea, but I prefer the majority of rpc calls/wx calls to call one function and not do any touching of internal data structures...aka libbitcoin
690 2011-06-17 07:28:39 <CIA-103> DiabloMiner:� Patrick McFarland� master� * re0e5756� �/ src/main/java/com/diablominer/DiabloMiner/DiabloMiner.java :�
691 2011-06-17 07:28:40 <CIA-103> DiabloMiner:� Fixes to deal with pushpool bugs: Added async sendwork, obsessive LP failure retrying, and time
692 2011-06-17 07:31:05 <krekbwoy> how should I interpret the next retarget displayed by http://blockexplorer.com/q/nextretarget ?
693 2011-06-17 07:33:08 <prdelka> having trouble compiling bitcoin on 32bit ubuntu
694 2011-06-17 07:33:10 <prdelka> headers.h:31:25: error: wx/stdpaths.h: No such file or directory
695 2011-06-17 07:33:20 <prdelka> any idea what i need todo to fi it?
696 2011-06-17 07:34:00 <iera> wx is slotted in ubuntu iirc so it is in another directory
697 2011-06-17 07:37:06 <prdelka> so how do i fix it?
698 2011-06-17 07:37:10 <prdelka> the other wx files are found
699 2011-06-17 07:37:53 <iera> look where it is and adjust the path in the configure script i guess
700 2011-06-17 07:38:05 <iera> or supply some --prefix argument
701 2011-06-17 07:38:43 <prdelka> hmm there isnt a configure script in the bitcoin sources i have
702 2011-06-17 07:38:45 <prdelka> just a makefile
703 2011-06-17 07:39:34 <sipa> prdelka: there is a patch to use autotools that will be merged soon
704 2011-06-17 07:59:42 <topi`> what is this bitcoin7.com? does anyone know who's behind it?
705 2011-06-17 08:00:19 <cacheson> topi`: some bulgarian gaming company, allegedly
706 2011-06-17 08:00:56 <cacheson> the guy running it has posted on the forum, though I don't think anyone knows him
707 2011-06-17 08:01:18 <topi`> i don't trtust bulgarians :D
708 2011-06-17 08:02:15 <topi`> we need an alternative for mtgox inside the EU borders.
709 2011-06-17 08:02:53 <topi`> sipa: another, more useful , patch would be ripping off wxwidgets altogether >:)
710 2011-06-17 08:03:25 <topi`> the daemon could be interfaced via a web browser anyways, using advanced javascript ;)
711 2011-06-17 08:04:37 <sipa> topi`: you'll be able to choose at compile time which gui you want
712 2011-06-17 08:04:45 <ericmock> but to replace it with Cocoa...
713 2011-06-17 08:46:22 <upb> prdelka:!!!!!
714 2011-06-17 08:55:23 <CIA-103> DiabloMiner:� Patrick McFarland� master� * r24c2e9e� �/ src/main/java/com/diablominer/DiabloMiner/DiabloMiner.java :� Fix minor problems - http://bit.ly/jQgjvt
715 2011-06-17 09:14:43 <forrestv> http://forum.bitcoin.org/index.php?topic=18313.0 - p2pool - Decentralized, Absolutely DoS-Proof, Pool Hopping-Proof Pool
716 2011-06-17 09:20:07 <enquire> isn't equivalent to creating 1 block every second, worth 50/600 coins?
717 2011-06-17 09:20:16 <Joric> http://www.reddit.com/r/Bitcoin/comments/i207m/bitcoin_security_what/
718 2011-06-17 09:20:40 <forrestv> enquire, if everybody uses it, yes, but ... it isn't one long chain
719 2011-06-17 09:21:17 <edcba> damn p2pool
720 2011-06-17 09:21:34 <forrestv> it makes one chain per attempt and then throws it away when a block is created
721 2011-06-17 09:21:48 <forrestv> edcba, ?
722 2011-06-17 09:21:53 <Joric> i wasn't thinking about this but maybe it's really worth to make sending funds a bit less 'easy'
723 2011-06-17 09:21:59 <edcba> you stole a part from what i intended to do :)
724 2011-06-17 09:22:07 <forrestv> which part?
725 2011-06-17 09:22:41 <edcba> the p2p pool part lol
726 2011-06-17 09:22:41 <forrestv> ah, how'd you plan to do it?
727 2011-06-17 09:23:31 <edcba> hmm also an option to minimize bw nice
728 2011-06-17 09:24:02 <edcba> i wanted to give something else with the p2p pool :)
729 2011-06-17 09:24:14 <edcba> the pool is what brings money
730 2011-06-17 09:24:30 <edcba> so i wanted it p2p for not being ddosed :)
731 2011-06-17 09:25:44 <edcba> but apart that really nothing common to your idea
732 2011-06-17 09:26:22 <upb> but isnt a pool inherently centralized, how do yoi make it p2p
733 2011-06-17 09:26:38 <edcba> ie i wouldn't use a bitcoin chain like to do that
734 2011-06-17 09:27:01 <Tril> I'm trying to get the latest source code from subversion (0.3.23), but it's not showing any changes. Did we stop using subversion for releasing code?
735 2011-06-17 09:27:04 <edcba> upb: it's only to replace the rpc server
736 2011-06-17 09:27:23 <edcba> ie there is still only 1 entity distributing money
737 2011-06-17 09:27:47 <edcba> but shares/proofs/etc are distributed p2p
738 2011-06-17 09:27:55 <upb> og
739 2011-06-17 09:27:57 <upb> oh
740 2011-06-17 09:27:58 <enquire> p2p source code anybody?
741 2011-06-17 09:28:01 <lfm> Tril ya there is a git for current source now or you can get the source from the tar file
742 2011-06-17 09:28:24 <lfm> enquire: huh?
743 2011-06-17 09:28:27 <enquire> p2pgit just trademarked!
744 2011-06-17 09:28:42 <enquire> or bitgit?
745 2011-06-17 09:28:44 <Tril> lfm: it would help if somebody could update https://en.bitcoin.it/wiki/Development_process when the development process changes.
746 2011-06-17 09:28:56 <lfm> yup
747 2011-06-17 09:31:19 <Tril> lfm: should I use the main github repo with a tag of v0.3.23?
748 2011-06-17 09:31:35 <lfm> Im not sure. I dont use it myself
749 2011-06-17 09:32:07 <Joric> http://www.symantec.com/connect/blogs/all-your-bitcoins-are-ours
750 2011-06-17 09:32:15 <Joric> "If you use Bitcoins, you have the option to encrypt your wallet"
751 2011-06-17 09:32:29 <cacheson> they misspelled "are belong to us"
752 2011-06-17 09:32:54 <Joric> the option really is "copy your wallet dat to a truecrypt volume on a separate Linux system with (insert various acronyms and buzzwords)"
753 2011-06-17 09:32:59 <forrestv> edcba, most of the money generated goes directly to the miners' wallets
754 2011-06-17 09:33:16 <enquire> were is that encryption option? i don't see it in my client
755 2011-06-17 09:33:26 <sipa> Tril: which code do you want?
756 2011-06-17 09:33:37 <sipa> Tril: github tag v0.3.23 is the 0.3.23 release
757 2011-06-17 09:33:42 <Tril> sipa: I want to track the latest release
758 2011-06-17 09:34:01 <sipa> Tril: but not git head?
759 2011-06-17 09:34:12 <Tril> right
760 2011-06-17 09:35:15 <Tril> I was using git update for the dev branch and svn update for releases.
761 2011-06-17 09:35:26 <lfm> forests: as opposed to solo mining where ALL the money generated goes to the miner's wallet
762 2011-06-17 09:35:32 <Tril> *git pull
763 2011-06-17 09:36:59 <enquire> wallet must be always encrypted, except when sending money / generating keys
764 2011-06-17 09:37:05 <ersi> upb: hm, are you an OTWer?
765 2011-06-17 09:37:42 <lfm> enquire: so feel free to encrypt your wallet with any file encryption tool you feel like. its not hard
766 2011-06-17 09:38:21 <lizthegrey> forrestv: *applause*
767 2011-06-17 09:38:31 <forrestv> lizthegrey, ?
768 2011-06-17 09:38:48 <lizthegrey> thank you thank you thank you for writing p2pool
769 2011-06-17 09:38:53 <forrestv> oh, in general. just seemed strange because i just replied to the forum post
770 2011-06-17 09:38:55 <forrestv> hehe
771 2011-06-17 09:39:03 <lizthegrey> my employer is still stonewalling any attempt of mine to work on https://docs.google.com/document/d/1ciKH3M8WYS49ywz08beXtvpCm2wVGdzU7waKwcn_uaU/edit?hl=en_US&authkey=CJTqyOMF&pli=1
772 2011-06-17 09:39:31 <lizthegrey> so I am on one hand glad someone else has done something similar, but on the other hand pissed that it's been a month and I've been 'beaten to the punch' :)
773 2011-06-17 09:40:42 <sipa> see also http://forum.bitcoin.org/index.php?topic=3461.0 :)
774 2011-06-17 09:41:54 <lizthegrey> a fully p2p network with everyone needing to talk to everyone may not scale completely well, but for N < 1000 it's probably reasonable.
775 2011-06-17 09:43:19 <lizthegrey> sipa: I started thinking about the issue due to another thread, the 'solution to the pool problem' thread
776 2011-06-17 09:43:20 <lfm> Id say it was reasonable for n < 20
777 2011-06-17 09:43:30 <lizthegrey> lfm: ha. I'm being generous :)
778 2011-06-17 09:44:53 <forrestv> (mine doesn't fit into that category :p)
779 2011-06-17 09:44:53 <lizthegrey> forrestv: the 'if less than 600 blocks between successes, excess goes to p2pool operator' thing is a little scary to me, is there really no way to dispose of the excess other than that?
780 2011-06-17 09:45:19 <forrestv> lizthegrey, not without providing an advantage to pool hoppers.
781 2011-06-17 09:45:35 <falafell> why does my bitcoin client show "Generated (0.00131346 matures in 21 blocks"? O_o
782 2011-06-17 09:45:43 <falafell> +0.00 credit
783 2011-06-17 09:45:51 <lizthegrey> also, difficulty 1/600 of current difficulty I'm worried is too small of a multiplier
784 2011-06-17 09:45:57 <forrestv> why?
785 2011-06-17 09:46:01 <iera> falafell: because generated coins cant be spent immediately
786 2011-06-17 09:46:06 <lfm> falafell: why not?
787 2011-06-17 09:46:09 <iera> falafell: then it will show up, just wait 21 blocks
788 2011-06-17 09:46:12 <falafell> i thought generating was removed from the client?
789 2011-06-17 09:46:15 <falafell> and only goes in blocks of 50
790 2011-06-17 09:46:20 <iera> it is, did you mine?
791 2011-06-17 09:46:24 <iera> with another software?
792 2011-06-17 09:46:28 <falafell> no im only mining in btcguild
793 2011-06-17 09:46:28 <sturles> You are mining in a pool whiuch found a block. Your part of the block is tiny. Also you are a girl, since you are not mining solo. :-)
794 2011-06-17 09:46:34 <iera> then its the money from btcguild
795 2011-06-17 09:47:12 <falafell> ehhh thats weird, normaly i just have to click pay-out to receive the payments like a regular transaction
796 2011-06-17 09:47:18 <lfm> sturles finally someone who agrees with me that solo is smarter than pools
797 2011-06-17 09:47:29 <falafell> sturles, not everybody is an early adopter with many coins to spend on new hardware ;)
798 2011-06-17 09:47:35 <iera> no idea what happend
799 2011-06-17 09:48:25 <lfm> I dont think it has anything to do with being an early adopter or not
800 2011-06-17 09:49:15 <forrestv> lizthegrey, do you mean that it should be closer to 1/100 or 1/1000?
801 2011-06-17 09:49:50 <lizthegrey> forrestv: closer to 1/1000. most pools set difficulty to 1
802 2011-06-17 09:50:01 <enquire> it has everythng to do with having brass balls
803 2011-06-17 09:50:02 <lizthegrey> so for people with <100Mhash
804 2011-06-17 09:50:11 <falafell> lfm, without crazy hardware it's not really effective xD
805 2011-06-17 09:50:14 <lizthegrey> that's 1 share per minute or so
806 2011-06-17 09:50:17 <forrestv> ah
807 2011-06-17 09:50:18 <lizthegrey> maybe 2 at 120 mhash
808 2011-06-17 09:50:42 <sipa> falafell: are you sure that's from btcguild?
809 2011-06-17 09:50:51 <lizthegrey> if you set it to 1/60 of current difficulty, that means that in order to productively generate shares at a sane rate