This is incorrect. I used the tool offered by fillipio, and I was most certainly able to get cleartext HTTP sessions from other users out of the memory dumps.

The really important thing to keep in mind with Heartbleed, is that the entire goal of SSL is to encrypt traffic packets so that eavesdroppers of said packets (like the NSA!) cannot see what is inside of them. However, having the private keys most certainly allows an attacker to decrypt that traffic data, if they are able to get it (which the NSA almost always can).

So heartbleed can allow k1dd13s a mirror into other people's user sessions, I've seen it. Whatever is in RAM (in the heap) has a chance of being exposed directly. Indirectly, it can also allow anyone with OOB access to encrypted transit packets to decrypt them assuming they put in the trivial amount of effort to finagle the private keys out of the primary leak.

Hmm. So if this central authority requires 100% uptime to unblock transactions, then load-sharing across the network becomes a moot effort.

If transactions not certified by the central authority were blocked, then what would be the purpose of using proof of work and mining to defend against double spending? Just make that same central authority play double-spend referee. They already require 100% uptime to verify identities.

And what would be the value of distributing the ledger publicly? If the Central Authority disagrees with what your copy of the ledger says, then only their copy matters since they veto any transaction they choose. So that bitcoin aspect also becomes dead weight.

You are left with "central authority maintains central ledger and must remain online to authorize every transaction, checking the identity of all parties involved". This is indistinguishable from an older and well known payment system called "a Bank".

As others have mentioned, Bitcoin is a wallet software and a payment protocol. What you use it for (the moving around of accounting units) is nothing but a result of how you run the software, but the core software is 100% freely available and the protocol by which all Bitcoin participants must communicate is 100% transparent. That is what open source means in this context.

Contrast, please:

Interested but uninformed Linux user A: "How do I make XYZ change to the kernel?"

Linuxhead B: "Well, you log into www.linuxheadconsulting.com and after agreeing to some fees..."

A: But I thought Linux was open source?

B: Fine then, spend 20 years learning the arcane code and put in all the work to do it yourself. See if I care.

A: But it's haaaaaaard..

----

Interested but uninformed person A: "how do I get them?"

Bithead B: "well you log onto www.mtgox.com and after agreeing to some fees..."

A: But I thought Bitcoin was open source?

B: Fine then, build or purchase a mining rig and compete against the rest of the world, or post a buy ad to localbitcoins.com and do it yourself. See if I care.

A: But it's haaaaaard..

I do not think there is any conflict of interest, here, save perhaps the ever-present conflict of short- versus long-term interests in a capitolist system.

The developers, as probable holders of large sums of Bitcoin, are invested in the optimal success of the ecosystem. This ecosystem will thrive — and with it the value of the Bitcoin they hold will prosper — in direct proportion to it's usefulness and adoption as a payment platform. To that end, obviously an open standard and a bazaar model will have the most powerful effect.

The only conflict of interest is one of short term gain, of potential for someone to choose to try to short change the future of the ecosystem for a very short term and limited scope profit.

bitcoin ebay = Bitmit

bitcoin movie = The Pirate Bay

bitcoin music = CoinDL

bitcoin food = Pizza for coins, Foodler, and several restaurants with gift certs on Gyft. :3

Once you're launched you'll want to enter yourself onto the Bitcoin Wiki Business Listings page, it's a bit like a yellow pages for our growing merchant community. Lots of merchants forget to post there though, I had to remind Bitcoinin. ;3

This.

For those of us who run full 0.8.0 nodes, who either don't mine or only pool mine, is 0.8.1 a necessary step up, and if so why? And .. if not can we get an official blessing for our laziness? ;3

Just for everyone in the audience: Wallet users do not have to downgrade, this is just for the miners.

For the miners: that's not a bad question. :?

From what I can tell this problem was not caused by a malformed transaction, but by a malformed, mined block. If an attacker crafted a bad block, they would have to do so as a miner which would take an awful lot of patience or resources, so I don't think it was intentional.

As to why this wasn't caught in testing, that's a great question but I'll bet it's a tricky kind of bug specific to BDB that is hard to replicate if you aren't looking for it. Once the mess is cleaned up, and once we carve a clear upgrade path to 0.8 and beyond we'll be leaving BDB and it's bugfest behind, though.

Because 0.8 can accept the blocks generated by 0.7, 0.7 cannot accept the blocks generated by 0.8.

So on the one hand, enough miners can backpedal to make sure the 0.7 chain wins until we fix the problem, meaning everyone gets to stay on the same page, or we try to lean on the 0.8 block which will leave half or more of the world's miners and nodes on the wrong side of the fork until they all upgrade.

Yes. This problem was with the formation of one block, and a block is naught but a container of transactions. All the same transactions are still being put into blocks by the 0.7 miners. The wallet version you run is completely unrelated to the problem, this problem only pertains to the version of mining software. AFAWCT absolutely all transactions will be handled properly, save the block rewards for the miners who mine into the losing chain of course.

No raindrop takes responsibility for the flood, they say. ;3

My action is needed now? Like I have $800kusd to donate to Roger, or to exchange for electronic goods I could never get $800kusd of use out of?

I bought a bunch of usb keyboards I didn't really need, just because I tend to go through those (so I might need them in the future) and that is one item cheaper through here than other places. So there's my $15-20usd onto the pile.

If people are hoarding because *they* believe the unit value will go up, then the solution is to slash the prices to reflect that same commitment at the merchant. Don't be 1% cheaper than bigbox on 30% of your stock, go 30% cheaper on 99% of the stock and go long on Bitcoin to make up the difference in capital gains if you expect to reach these levels of volume. Because then you'll actually attract non-coiners to get off their ass, and coiners to get great deals and possibly even reflog your product.

I don't think there is any other method to meet both the ambition of $800kusd in the next 3 weeks, or making Newegg or Amazon even realize that you're there.

I think that Satoshi Dice is being used as a red herring and a scapegoat to kick the can down the road.

Luke accuses them of abusing the network. Our bandaid solution is to encourage miners who are amenable to blacklist their transactions (which is their prerogative, sure), and to take other steps to hassle SD (client changes to encourage higher fees to leave SD behind in priority, etc), so that maybe they'll become unprofitable enough that they stop representing such a high percentage of transactions and maybe we'll gain some breathing room before ordinary txn start fighting over their placement in blocks.

The question I am forced to ask is: are we really solving a problem this way, or are we spending our time on whack-a-mole?

SD is unquestionably profitable right now, and the allegation is because they are offloading much of their expenses to the rest of the network (blockchain bloat, premature block size limits reached, etc). So is it our job to classify this as a moral failure in SD and in the thousands of users who play it, to be punished by edict, or as a systems failure whereby we've built a transaction system that allows users to offload their expenses in this allegedly dangerous way?

Since SD is profitable and has to be targetted with filters to resist, what happens when a dozen SD knockoffs launch that evade filtering attempts? If they have profit incentive to do so, what will deter them? Should we really be blocking "1di" address prefixes (give or take), or should we instead be building something into the txn priority protocol that either discourage address re-use or re-spending of funds not yet confirmed?

If people want to spend their individual participatory power to hassle SD, that's not my business. But that probably belongs in a different thread. The problem of txn rate scalability and altering the system if possible to naturally resist anyone from being able to offload their expenses by making the txn fees you pay finance the costs you incur should be what our discussion is about. Be it because we've hit soft limit with SD, soft limit without SD or hard limit.

SatoshiDice is nothing but a symptom of an imbalance in our incentive structure. The sooner we solve the root of that problem, and enshrine this "social contract" luke holds so dear into the protocol itself somehow (where it can actually be enforced by technology instead of whinged about in forum drama), the more time we have to implement the solution before crashing into a wall or losing ground to a competing currency system.

That is some very good intel, thank you. :3

In my tests I guess I'm having some trouble now, after building the raw transaction in getting it signed properly. I've got my test private keys in a text file, I haven't created them or added them directly to bitcoind but the signrawtransaction docs make it sound like you can just enter the private keys as an argument.

All I know is this is going to take some work! xD

Say Luke, in the patch you posted in this thread could I get you to elaborate a little bit on the function CScript::IsBlacklisted()? This seems to be the razor which decides whether the txn will be allowed or not, but i'm not sure how to interpret the conditionals.

Thank ye, sir. :3

Blog post doesn't clarify how these colored coins could get successfully pegged to the pound.

• Issuer would have to be trusted (so much for "decentralized exchange")
• Market would have to trust someone will always be there to buy and sell these colored coins at 1GBP
• No entity, central or aggregate would be able to hold the price pegged without constantly burning wealth in the process (buying and selling at loss to manipulate price free market forces would otherwise randomize)

I'm just getting used to the ropes of the JSON API, finding my way around, and could use some guidance. :3

I used brainwallet.org to create 3 test addresses, and I recorded each of their Bitcoin Address, Public Key (130 characters [0-9A-F]), and Private Key WIF (starts with a 5).

I used bitcoind command "createmultisig" to generate a multisig address (36n5JExRtsHJrU9SrdqBLkucZyUdsdGN3s) and coupled redeemScript for 2-of-3 escrow on those three public keys, and spent a few millis into that address for testing. I noticed that the blockchain.info wallet refused to spend there (said the address was invalid) so I attempted to withdraw the fumes from my coinbase wallet, and that seemed to do the trick.

Now I cannot find any documentation detailing how one might go about creating and/or signing a transaction to spend back out of this beast again. :J How can I build a raw transaction, or where might one find docs on how to play with that process? What role does the redeemScript play? How can I sign the transaction blob with two different private keys I've stowed concurrently?

Any clues, ideas, or encouragement along this journey?

I'm hoping to learn enough about the process to work out the logic to code an API or GUI to automate it, or else to gain a greater appreciation for the challenges in the way.

Thank you, fellas.

- - Happ

And I've got my "Order Received" email from Avalon now!


(Plus 4th identical receipt from Walletbit, lols x3)

Interesting! since your email says the same thing as the one that I got, but with different typos baked in, it sounds like some poor sod is retyping the spiel every time. ;3