Difference between revisions of "User talk:Luke-jr"

From Bitcoin Wiki
Jump to: navigation, search
(bitcoind release history)
(Nick Szabo: new section)
 
(18 intermediate revisions by 11 users not shown)
Line 1: Line 1:
== Reverted your edit on Alt-chain release RFC ==
+
* My comments on [[Tonal Bitcoin]] are not "trolling".  They are my opinions, and you can discuss it on the talk page based on the merits. If you delete my comments again from a discuss page, I will ask the administrators to ban your account. That is not acceptable wikipedia behavior  [[User:Lunokhod|Lunokhod]] ([[User talk:Lunokhod|talk]])
  
I think your edit is anti-competitive, and is against the spirit in which I drafted the RFC.
+
== Thanks for helping on the [[Heaven Sent Gaming]] article. ==
You can write a paragraph that encourages working within the boundaries of Bitcoin, but it must accept the possibility of deciding to create a real, competing alt coin. I also disapprove of you deleting the exchanges section.
 
  
[[User:Ripper234|Ripper234]] ([[User talk:Ripper234|talk]]) 17:53, 19 August 2012 (GMT)
+
The bias was sloppy copyediting on my part, thanks for fixing it. [[User:Anon y Mouse|Anon y Mouse]] ([[User talk:Anon y Mouse|talk]]) 10:55, 24 August 2014 (UTC)
  
Your recent edits on litecoin are interesting lukeJnr.
+
== Headers ==
I'm concerned that you consider litecoin a threat to bitcoin rather than something which improves the overall system of electronic payments.
 
The biggest threat to bitcoin as a network is actually terracoin.
 
  
--[[User:laSeek|laSeek]] ([[User talk:laSeek|talk]])
+
Hi Luke, can you restore the [[Headers]] article please? It was useful for finding information about headers, and it's not obvious where people need to go without this reference article. There's already an article for [[block]]s, so I don't see why you needed to delete this, since it was useful.
  
* I haven't made any edits to Litecoin recently. I'm not familiar with Terracoin. --[[User:Luke-jr|Luke-jr]] ([[User talk:Luke-jr|talk]]) 01:40, 20 December 2012 (GMT)
+
: There was no useful information, it was just a stub. Furthermore, headers are not a thing, they are just a part of a block... --[[User:Luke-jr|Luke-jr]] ([[User talk:Luke-jr|talk]]) 21:03, 5 September 2014 (UTC)
  
== Undid/revision of yours in [[Address]] ==
+
== deep web ==
  
Hi
+
Luke-jr, bitcoin and deep web is closely related, as I previosly said... Your wiki contains bitcoin services as well as hidden wiki, it is only info ( nothing illegal) [[User:TheHiddenWiki|TheHiddenWiki]] ([[User talk:TheHiddenWiki|talk]]) 14:53, 11 September 2014 (UTC)
  
I cite from the log-file of article address:
+
== 247exchange ==
''# (cur | prev) 2013-01-02T23:23:14‎ Luke-jr (Talk | contribs)‎ . . (6,151 bytes) (-125)‎ . . (Undo revision 34431 by Smtp (talk): This does not apply to newer addresses, and is already covered in the details that follow) (undo)
 
# (cur | prev) 2013-01-02T20:46:58‎ Smtp (Talk | contribs)‎ . . (6,276 bytes) (+125)‎ . . (bitcoin address  is a encoded hashvalue of a public key!) (undo)''.
 
  
Sorry, where is this ''This does not apply to newer addresses, and is already covered in the details that follow'' mentioned in the article?
+
Hello Luke,
 +
is it possible to list our exchange service 247exchange.com here please: https://en.bitcoin.it/wiki/Buying_Bitcoins_(the_newbie_version)?
 +
We accept credit/debit cards (Visa, MasterCard, Maestro) for instant buying Bitcoin. SWIFT and SEPA bank transfers are also accepted. All countries except USA (where we don't have the licenses yet) are supported.
 +
Our exchange is licensed, secure and easy-to-use.
 +
Thanks in advance!
  
smtp
+
== Weighing in on my discussion with RyanC ==
  
* Newer (version 5) addresses do not always represent a public key, and even when they do, don't contain the hash of that key itself. --[[User:Luke-jr|Luke-jr]] ([[User talk:Luke-jr|talk]]) 01:00, 6 January 2013 (GMT)
+
Hi Luke, I've been discussing the pros/cons of Warpwallets with Ryan Castelluci on his [[User talk:Ryanc|talk page]]. Could you share your analysis?  
* Aha ... "always" was the critical word. I did not know. This "address" is also not very well defined. :) But are these common named "bitcoin addresses" in more than 99.9 % of the txouts (of current usage) still RIPEMD-160 hashs of public keys, or I'm wrong? [[User:Smtp|Smtp]] ([[User talk:Smtp|talk]]) 11:07, 6 January 2013 (GMT)
 
* The newer addresses are defined in [[BIP 0013]]. --[[User:Luke-jr|Luke-jr]] ([[User talk:Luke-jr|talk]]) 13:20, 6 January 2013 (GMT)
 
  
==bitcoind release history==
+
It's a long discussion so to reiterate my position:  
A different point: in the article [[Bitcoind]] in the release history table, I just have deleted your "source" entry in the colum platform. You should write there the supported OS and still better give a reference for this release as a URL. :) Thx, smtp [[User:Smtp|Smtp]] ([[User talk:Smtp|talk]]) 11:07, 6 January 2013 (GMT)
 
  
** Many of the stable/backport releases exist only as tags or win32+source code tarballs. Just putting win32 in the latter cases suggests Linux isn't supported, when in fact you only need to build the binaries yourself. --[[User:Luke-jr|Luke-jr]] ([[User talk:Luke-jr|talk]]) 13:20, 6 January 2013 (GMT)
+
1) There is a [https://nakedsecurity.sophos.com/2013/08/12/android-random-number-flaw-implicated-in-bitcoin-thefts/ real problem] with the faithfulness of blackbox RNGs that is hard to solve. RyanC agrees with me on that point.
  
*** Okay .. the supported platforms are Win32 & Linux? MaxOS X also?  Why did you not put this info there in? When I filled the other columns entries with Win32/Linux/MaxOsX I did not say anything about source or binary or both because I did not check it. But this will not be indicated by this column. So what is your problem? Please give a valid reference then the user can check your claim resp. see how the OS is supported by this release. This should be easily possible for you, I think, because all these releases are at most a year old and your a a developper I guess. :) BTW: Of course you are free to open a further column in the table to distinguish between binary and source if you like. [[User:Smtp|Smtp]] ([[User talk:Smtp|talk]]) 18:25, 6 January 2013 (GMT)
+
2) It's unwise to trust systems we can't verify when the stakes are high. For example, we can recommend users verify they're running a trustworthy wallet on a clean computer. Sounds great but if you really want to be sure that's very hard even for an expert. We can recommend they verify their wallet is actually (not just "supposed to", according to the source) using a faithful CSPRNG to generate the seed but '''nobody''' knows how to do that.
  
**** Supported platforms are all 3, but binaries are only provided for some of them for stable/backport releases. If the OS lists are for actual functioning support, then it is the same for all versions - so why list it per-version at all? I was thinking it was to signify binary availability. I used as my source [http://luke.dashjr.org/programs/bitcoin/files/bitcoind/ my primary mirror of bitcoind builds], which is also the main distribution location for most stable/backport binaries since they get less attention than the 3-signature requirement we impose on SourceForge files. --[[User:Luke-jr|Luke-jr]] ([[User talk:Luke-jr|talk]]) 19:42, 6 January 2013 (GMT)
+
3) What I like about Warpwallet is that it provides a unique blend of [http://maxtaco.github.io/bitcoin/2014/01/16/how-jason-bourne-stores-his-bitcoin/ simplicity with security].
 +
 
 +
It's not idiot proof, but none of the other solutions are either. For some use cases it's a genuinely better recommendation than the more traditional alternatives, and if that's true we owe it to the non-experts who look up to us not to parrot old advice. When a new technique comes along, let's think it through.
 +
 
 +
We also need to accept that different solutions have relative advantages and trade-offs. Computer security is hard. There's no way around nuance. There are no absolutes. Nothing we recommend will fully protect users from being stupid or negligent. Some users will always choose the dancing pigs.
 +
 
 +
We can recommend they don't store large amounts in hot wallets, but they'll do that anyway. We can recommend they don't backup their "encrypted" wallet to the cloud, but of course they will. We can recommend a random passphrase and they'll use something from a dictionary or a famous quote. We can recommend they pay more for a hardware wallet from a trustworthy source, they won't be able to tell who's trustworthy and they'll just opt to pay less. They're lose their paper backups to the cleaning lady, fire and flood. They will forget their encryption passwords.
 +
 
 +
We don't respond to that by treating everyone like stupid irresponsible babies. We accept personal responsibility and give those that want it the best advice we have.
 +
 
 +
4) Warpwallet is mostly guilty by association with naive SHA256 Brainwallets. Putting the SHA256 technique in anything with a web interface was like leaving a loaded gun around. Of course people got hurt and that's tragic.
 +
 
 +
I understand why the natural reaction to that is just to taboo the whole brainwallet concept after that, but using extreme key stretching together with salting is something qualitatively different.
 +
 
 +
You can't just cut and paste the SHA256 brainwallet public service announcement on to the new thing because the stupid thing came first. That would be like giving SHA256 brainwallets a pass if Warpwallet came first. The devil is in the details. We need to re-evaluate based on evidence. Warpwallet changes the cost of attack so that there's no longer a weak central point of failure users are known to be notoriously bad at.
 +
 
 +
Case in point, the Warpwallet challenge offered a $20,000 jackpot to crack an intentionally weak 8-character unsalted wallet and survived unclaimed for 2.5 years. RyanC has argued a large botnet running his software could crack the challenge in a year or so and I hope someone does that to prove him right.
 +
 
 +
But if the challenge was modified to use an unknown e-mail salt, Ryanc's Brainflayer running on a 25M node botnet would never find it. The universe would end first. If Warpwallet challenge included a list of 1000 possible e-mail salts, it would take the botnet 9 years to crack. To search 10,000 suspected e-mail salts: 90 years. That's not my opinion, that's math.
 +
 
 +
Maybe I'm missing something, but my conclusion is that if you use Warpwallet with a pretty good passphrase and your e-mail as salt, you're much more likely to get your coins stolen by someone beating you over the head with a $5 wrench than a Brainflayer botnet with millions of nodes running for decades.
 +
 
 +
Don't you agree? If not, that's fine, but please help me understand why.
 +
 
 +
== Nick Szabo ==
 +
 
 +
Hi Luke-jr.
 +
Would be great to have more info on why the [[Nick Szabo]] article was deleted.
 +
We have a number or articles referencing him -- it's hard to argue he doesn't deserve an article here. Was it just incomplete or low quality?
 +
 
 +
Thanks, -- [[User:JonathanCross|JonathanCross]] ([[User talk:JonathanCross|talk]]) 23:33, 12 August 2019 (UTC)

Latest revision as of 23:33, 12 August 2019

  • My comments on Tonal Bitcoin are not "trolling". They are my opinions, and you can discuss it on the talk page based on the merits. If you delete my comments again from a discuss page, I will ask the administrators to ban your account. That is not acceptable wikipedia behavior Lunokhod (talk)

Thanks for helping on the Heaven Sent Gaming article.

The bias was sloppy copyediting on my part, thanks for fixing it. Anon y Mouse (talk) 10:55, 24 August 2014 (UTC)

Headers

Hi Luke, can you restore the Headers article please? It was useful for finding information about headers, and it's not obvious where people need to go without this reference article. There's already an article for blocks, so I don't see why you needed to delete this, since it was useful.

There was no useful information, it was just a stub. Furthermore, headers are not a thing, they are just a part of a block... --Luke-jr (talk) 21:03, 5 September 2014 (UTC)

deep web

Luke-jr, bitcoin and deep web is closely related, as I previosly said... Your wiki contains bitcoin services as well as hidden wiki, it is only info ( nothing illegal) TheHiddenWiki (talk) 14:53, 11 September 2014 (UTC)

247exchange

Hello Luke, is it possible to list our exchange service 247exchange.com here please: https://en.bitcoin.it/wiki/Buying_Bitcoins_(the_newbie_version)? We accept credit/debit cards (Visa, MasterCard, Maestro) for instant buying Bitcoin. SWIFT and SEPA bank transfers are also accepted. All countries except USA (where we don't have the licenses yet) are supported. Our exchange is licensed, secure and easy-to-use. Thanks in advance!

Weighing in on my discussion with RyanC

Hi Luke, I've been discussing the pros/cons of Warpwallets with Ryan Castelluci on his talk page. Could you share your analysis?

It's a long discussion so to reiterate my position:

1) There is a real problem with the faithfulness of blackbox RNGs that is hard to solve. RyanC agrees with me on that point.

2) It's unwise to trust systems we can't verify when the stakes are high. For example, we can recommend users verify they're running a trustworthy wallet on a clean computer. Sounds great but if you really want to be sure that's very hard even for an expert. We can recommend they verify their wallet is actually (not just "supposed to", according to the source) using a faithful CSPRNG to generate the seed but nobody knows how to do that.

3) What I like about Warpwallet is that it provides a unique blend of simplicity with security.

It's not idiot proof, but none of the other solutions are either. For some use cases it's a genuinely better recommendation than the more traditional alternatives, and if that's true we owe it to the non-experts who look up to us not to parrot old advice. When a new technique comes along, let's think it through.

We also need to accept that different solutions have relative advantages and trade-offs. Computer security is hard. There's no way around nuance. There are no absolutes. Nothing we recommend will fully protect users from being stupid or negligent. Some users will always choose the dancing pigs.

We can recommend they don't store large amounts in hot wallets, but they'll do that anyway. We can recommend they don't backup their "encrypted" wallet to the cloud, but of course they will. We can recommend a random passphrase and they'll use something from a dictionary or a famous quote. We can recommend they pay more for a hardware wallet from a trustworthy source, they won't be able to tell who's trustworthy and they'll just opt to pay less. They're lose their paper backups to the cleaning lady, fire and flood. They will forget their encryption passwords.

We don't respond to that by treating everyone like stupid irresponsible babies. We accept personal responsibility and give those that want it the best advice we have.

4) Warpwallet is mostly guilty by association with naive SHA256 Brainwallets. Putting the SHA256 technique in anything with a web interface was like leaving a loaded gun around. Of course people got hurt and that's tragic.

I understand why the natural reaction to that is just to taboo the whole brainwallet concept after that, but using extreme key stretching together with salting is something qualitatively different.

You can't just cut and paste the SHA256 brainwallet public service announcement on to the new thing because the stupid thing came first. That would be like giving SHA256 brainwallets a pass if Warpwallet came first. The devil is in the details. We need to re-evaluate based on evidence. Warpwallet changes the cost of attack so that there's no longer a weak central point of failure users are known to be notoriously bad at.

Case in point, the Warpwallet challenge offered a $20,000 jackpot to crack an intentionally weak 8-character unsalted wallet and survived unclaimed for 2.5 years. RyanC has argued a large botnet running his software could crack the challenge in a year or so and I hope someone does that to prove him right.

But if the challenge was modified to use an unknown e-mail salt, Ryanc's Brainflayer running on a 25M node botnet would never find it. The universe would end first. If Warpwallet challenge included a list of 1000 possible e-mail salts, it would take the botnet 9 years to crack. To search 10,000 suspected e-mail salts: 90 years. That's not my opinion, that's math.

Maybe I'm missing something, but my conclusion is that if you use Warpwallet with a pretty good passphrase and your e-mail as salt, you're much more likely to get your coins stolen by someone beating you over the head with a $5 wrench than a Brainflayer botnet with millions of nodes running for decades.

Don't you agree? If not, that's fine, but please help me understand why.

Nick Szabo

Hi Luke-jr. Would be great to have more info on why the Nick Szabo article was deleted. We have a number or articles referencing him -- it's hard to argue he doesn't deserve an article here. Was it just incomplete or low quality?

Thanks, -- JonathanCross (talk) 23:33, 12 August 2019 (UTC)