I've no quibbles with your other points, but this nit is worth picking.  I recently read a book called "Debt: The First 5,000 Years" which contradicts the usual dogma that money arose to solve the problem of barter.  Here is the author's discussion of that point in depth.

http://www.nakedcapitalism.com/2011/09/david-graeber-on-the-invention-of-money-%E2%80%93-notes-on-sex-adventure-monomaniacal-sociopathy-and-the-true-function-of-economics.html

I just meant using the torify wrapper, which is trivial compared to any iptables mucking.

torify thttpd

as long as it's all in userland, it'll work (you can't torify vmware)

Nobody in this thread is claiming tor is invulnerable, but the ideas you've proposed are not at all sound.  Now if you had said something like, hidden services can be revealed by a malicious node which advertises infinite bandwidth, causing the hidden service to preferentially route through it, you might have more credibility, though this attack can be mitigated by specifying a strict list of entry nodes.  Which I'm sure the SR crew are aware of, given the ease of this potential attack and their history of continuing to operate despite the yelling about them in Congress.

Someone may compromise SR, but I think it far more likely to get infiltrated, or discovered through old fashioned sleuthing, or to have been a honeypot operation from the beginning, than through a known technical flaw.


This was not an exact clone of SR.  The operators used hushmail and paypal, both of which rolled over for the feds, as anyone would have predicted.  You're not even reading your own links now!  FUD indeed.

If you could be arsed to take your own advice and read some docs, you'd know that there is no exit node involved in accessing a hidden service.

The government uses tor for its own purposes, so it has little incentive to ddos nodes.


SSL traffic is normal traffic.  If an ssh tunnel is employed, there are no files to look at.  You're grasping at straws in order to avoid admitting that you don't know enough about your topic.


This would be a stupid thing to allow.  I'd be surprised if this was possible on SR.  Even beyond disallowing such an attack, the web server could easily be prevented from connecting anywhere without tor, a step that I doubt the SR admins have neglected to take.

By the way, you are mistaken about the "direct server to server link up"; you wouldn't catch the server's IP this way, only that of improperly configured SR users (more likely, just that of a tor exit node).  Your server logs would only contain the hidden service hostname as the referer.


This is so naive it's cute.

The existence of shady hosts notwithstanding, it really could be anywhere.  It could be on a hacked box in Russia.  It could be secreted in a closet at a NOC.  It could be somewhere completely different and using an ssh tunnel through a rogue access point in any organization.  The traffic would look like normal SSL traffic, and because of the way hidden services work, if the server or its tunnel endpoint ever went down, a backup could be placed elsewhere and nobody would have to update their links to it.  That's because the hidden service hostname is actually a hash of its private key.


I appreciate your concern, but I'm not the one being willfully ignorant here.

You claim you want to know, then you decide to be spiteful instead.  The most charitable reading is that you are spreading FUD.

As for other programs on the same computer not using tor, if you torify your shell then every process forked from it will use tor.  This is a trivial enough workaround to make your point uninteresting to anyone who hasn't just learned about tor.

Load it in a VM that you can revert after, Mr. Security Expert.  You seem to talk a lot for someone who is unwilling to read.

Estimated next difficulty, from bitcoinwatch.com = 2,432,977

From the FAQ:


Estimated next payout per share = 50 / (2432977 * (1 - 0.015)) = 0.0000208639133538035724607017707864649426407520644597 (according to wolframalpha.com)

If I am newbie enough, I'll PM you an addr

Truecrypt can do this. 

http://www.truecrypt.org/docs/?s=plausible-deniability

See also http://marutukku.org/

Anyone try this image yet?

I'm eager to know if it works, but too busy lately for messing with hardware :/

(10:59:50 PM) Glasswalker [~glasswalk@bas4-kingston08-1177944628.dsl.bell.ca] entered the room.
(10:59:54 PM) Glasswalker: Hey anyone here?
(11:00:29 PM) Glasswalker: I'm on my laptop at my inlaws, and don't have my password db readily available to log into bitcointalk
(11:00:37 PM) Glasswalker: but I have a new bitstream for people to test
(11:01:02 PM) Glasswalker: at http://www.btcsyn.com/bitstreams/cairnsmore_125_test.zip
(11:01:15 PM) Glasswalker: be aware this is untested, it uses new code that may not even work
(11:01:21 PM) Glasswalker: but I hope it's nice and stable in all 4 slots
(11:01:30 PM) Glasswalker: so I'm not wasting time optimizing the 175Mhz version of the same code.
(11:01:48 PM) Glasswalker: It's 25Mhz source clock, 57600 baud same as last bitstream, uses glasswalker controller
(11:02:11 PM) Glasswalker: If someone here could please post this info to the bitcointalk threads I would appreciate it
(11:02:30 PM) Glasswalker: This one is 125Mhz (125Mhash)
(11:02:33 PM) Glasswalker: only for testing functionality
(11:02:45 PM) Glasswalker: But if this works, I should have a 175Mhz version very soon
(11:03:00 PM) Glasswalker: if it fails, at least I know I need to debug it. instead of wasting a ton of compute power on optimizing bugged code
(11:03:27 PM) Glasswalker: Isokivi: *poke*
(11:03:50 PM) Glasswalker: zefir: *poke*
(11:04:01 PM) Glasswalker: makomk: *poke*
(11:04:03 PM) Glasswalker: lol
(11:04:32 PM) Glasswalker: ok well I've got to head to sleep, hopefully someone sees this, Tomorrow I'll get my pwdb going and get on and post it up myself if nobody beats me to it, but it might not be till the end of the day
(11:08:40 PM) Glasswalker: Night all, here's hoping someone has some success with the 125Mhz test.
(11:08:51 PM) Glasswalker: I've also sent it to Yohan at Enterpoint for testing.
(11:13:50 PM) Glasswalker left the room (quit: Ping timeout: 240 seconds).

This is the only AR-15 part that would legally require a background check in USA.

If someone has a 3D printer they could print one, though I don't know how well it would work:

http://www.thingiverse.com/thing:11770

Here is a link to the current latest release.

Direct download: http://biomancer.net/bamt/bamt_v0.5a.zip

md5sum: 692d336de35fd3f3b4561ff39b109d08  bamt_v0.5a.zip

Google cache

http://webcache.googleusercontent.com/search?q=cache:yVTj7uX9wxQJ:expertscolumn.com/content/why-megaupload-was-really-shutdown+&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a

The copyright is expired and the author is deceased.  Project Gutenberg has it:

http://ebooks.gutenberg.us/WorldeBookLibrary.com/confessstock.htm

+1

I paid $600 each, hoping to get 700MH/s out of them after DiabloMiner is tweaked a bit more...   I've been having trouble finding 5970's or I would have opted for that instead.

Thank you very much for your help!

Damn, that is crazy!  One of my friends is trying to RMA a card right now and Sapphire won't even answer their phones.

Fortunately, none of my cards are Sapphires...  the 6870's are XFX, the 6750's and the 5770's are HIS, and the 7970's are Diamonds.  I have no experience with Diamond but that was the only brand available, damn they all sold out quick...  I had a pair of XFX 7970's in my shopping cart that someone else bought out from under me while I was logging in

It's an XFX card, and they issued me an RMA immediately when I called them after my ticket had idled for a couple days through New Year's.  I figured a warranty replacement for the $20 shipping cost was better than a $14+shipping replacement fan from ebay, and being out of commission longer won't be such a big hit soon considering it will be just one of nine cards.