A fool and his not-really-money are soon parted
-
@DCoder That's pretty easy, if you put all money on "the blockchain".
Hint: It's the Thanos approach to reducing poverty.
-
@DCoder said in A fool and his not-really-money are soon parted:
IBM's latest buzzword vomit has a bold idea:
Source: @steckel
They're going to teach poor people to hack wallets?
-
@topspin said in A fool and his not-really-money are soon parted:
@DCoder That's pretty easy, if you put all money on "the blockchain".
Hint: It's the Thanos approach to reducing poverty.
Poverty is relative.
But combating poverty in the way 'poverty is relative' suggests requires tackling the extremely rich, which will not be received well by the extremely rich. And since money is power...
-
@PleegWat said in A fool and his not-really-money are soon parted:
Poverty is relative.
There's (almost) absolute poverty, which is where people don't have enough income to have the basic life necessities, and then there's true relative poverty, which is where people have less money than most of the rest of their social circle (broad definition; including people they observe on TV and online). The first causes ill-health directly, and the latter indirectly due to lack of social status (and that turns out to be important for those social primates known as homo sapiens).
The absolute poverty part is still relative as it depends on the ratio of income to prices, but that's more because the actual worth of any single base unit of currency is pretty arbitrary.
-
@dkf and then there's cryptopoverty where you thought you were rich but now you aren't and good luck finding the people who took your not-really-money.
-
-
Who's scamming whom? Or, who needs facts, I have outlandish claims!
Alleged $60,000 Coinomi exploit causes concern - Decrypt
A report by security consultant Warith Al Maawali claims he lost $60,000 to $70,000 while using the Coinomi wallet because of a spell checker vulnerability.
Al Maawali told Decrypt he used his Ethereum seed phrase in the Coinomi wallet to access Ethereum-based tokens that he owned but were not supported by the Exodus crypto wallet which he was already using. He said everything worked okay at first as the tokens showed up but then a few days later, the wallet was emptied.
Due to this, he did some research and found what he believes is a critical vulnerability within the Coinomi wallet. At the point where you enter your seed phrase, it is processed through a spell checker. This means the whole seed phrase is sent in plain text to a Google-owned website.
Programmer Martin Habovštiak confirmed on Twitter that the vulnerability is real but argued that there might be more a more nefarious reason for the loss. Habovštiak believes it was more likely the money was stolen via malware, or Maawali sent the coins to another account he owns to make it look like they were stolen and is trying to double his money.
-
@DCoder As if it needs the spellchecker to leak the password: the passphrase allows access to your wallet so any scammer who is savvy enough to do a dictionary attack can have the computer steal your funds in their sleep.
Filed under: Let's conveniently let the user provide 'high-entropy' data, What could possibly go wrong?
-
@JBert Eh, that's not right. The whole point of these passphrases is to convert the security of 128 bits† of random characters into something you can type easily (since you typically write these down on paper, not having to worry about transcribing special characters or distinguishing numbers/lowercase letters/uppercase letters, etc. is a good thing).
A simplified explanation of how seed phrases work is that the wallet software has a list of words taken from a dictionary, with each word assigned to a number. The seed phrase can be converted to a number which is used as the seed integer to a deterministic wallet that generates all the key pairs used in the wallet.
The English-language wordlist for the BIP39 standard has 2048 words, so if the phrase contained only 12 random words, the number of possible combinations would be 2048^12 = 2^132 and the phrase would have 132 bits of security. However, some of the data in a BIP39 phrase is not random, so the actual security of a 12-word BIP39 seed phrase is only 128 bits. This is approximately the same strength as all Bitcoin private keys, so most experts consider it to be sufficiently secure.
It is not safe to invent your own seed phrase because humans are bad at generating randomness. The best way is to allow the wallet software to generate a phrase which you write down.
† Is a 128 bit private key enough security for your
moneymagic beans? I'm not a cryptographer so this is just guesswork, but they use elliptic curve, not RSA, so that key size should be sufficient.
-
@boomzilla said in A fool and his not-really-money are soon parted:
They're going to teach poor people to hack wallets?
They're going to teach poor people how to sell cyrptocurrency-adjacent scams to rich idiots.
-
@PleegWat said in A fool and his not-really-money are soon parted:
But combating poverty in the way 'poverty is relative' suggests requires tackling the extremely rich, which will not be received well by the extremely rich. And since money is power...
They forget that there's also power in numbers. A bunch of money isn't going to keep you safe when the numbers 100,000:1 and they have the guillotine.
-
@DCoder said in A fool and his not-really-money are soon parted:
A report by security consultant Warith Al Maawali claims he lost $60,000 to $70,000 while using the Coinomi wallet because of a spell checker vulnerability.
Bitch, please. Far more people than you lose far more money to cryptocurrency for far stupider reasons every day. Which does make me wonder how there's any unstolen coins left in the world.
But anyways, it's your own goddamn fault for trusting your money to anything called "Coinomi".
Filed under:
, tah dah I stole all your money
-
A small business owner tried to use the great Shitcoin of the future:
Here's my honest feedback on the lightning network and Bitcoin:
I run a media company. It's based in Australia. I employ some people in the Philippines to help with back end stuff and some grunt work.
I want to pay them with Bitcoin. But there's a problem.
The fees just get too high. I had to completely write off the idea of paying my staff with Bitcoin during Dec 17 / Jan 18 when it was costing absurd amounts to get transactions confirmed in a reasonable time.
What concerned me the most was when I weighed into the block size debate and argued for higher blocks, I was told that I was doing it wrong or something, and just to wait. Well, I wanted to use Bitcoin now. But I trusted and waited.
Eventually my patience was rewarded. One day Lightning† was ready to use. I tried a custodial app which was easy to use, and also spun up my own node using Pierre Rochard's node launcher.
I was sold pretty quickly. I could easily send and receive small payments online. I bought some stickers. And I was relieved that this wasn't vapourware and Bitcoin had something of a chance at scaling. But then...
I started to hit some snags.
I won money on online betting sites, but couldn't withdraw the money because I needed incoming channels connecting to my node with money on the other side of the equation. I was like "what the fuck?"
I eventually managed to find a service that would open up channels back to me, (for a fee), and was able to receive money again. Then I started trying to close some channels to get money back out of lightning. God what a hassle.
Now I'm told some of the lightning problems will be solved with certain developments. But I assure you, the fundamental structure of lightning doesn't suit me at all for my business. I want to pay my staff each month. Businesses can't leave money tied up in Lightning channels.
Cash flow issues in actual businesses won't allow that kind of behaviour. So I'd have to create a new lightning channel every month to pay my staff anyway, so I'd be doing onchain tx anyway. But the staff don't get paid enough to warrant $100 fees for each channel.
Plus what are they doing to do once I've paid them via LN? There's no way I can expect them to run their own nodes. I honestly have no more love for lightning at all. I don't see it solving problems of scaling in a way that businesses or consumers actually function.
In my frustration I've gone back through a lot of the scaling debates and high fee discussions. I can confirm that there's been a lot of "these high fees are great" posts from pro lighting folk, and even "bitcoin isn't for poor people" stuff.
Frankly, I cannot see any logic to the argument that we need to keep nodes small so poor people can have them, when the fees to actually use the Bitcoin network price even the middle class out of using it. It's nonsense.
I'm not interested in waiting another 5 years before I can actually use Bitcoin in my company, I don't want custodial lightning, and I know that once there's another bull market, arbitrage opportunities are going to be prolific and demand on blockchain space will be high.
I hope I'm wrong about Lightning, and there's going to be a magical fix that will allow sending and receiving infinite amounts non custodially without needing to trust third parties, in a user friendly manner. But I can't see it. I gave it an honest shot, but it was such a hassle
Even if someone was happy to do all the channel openings and crap, it's years away from reaching a user-friendly state. I can't ask local merchants to go and buy server hardware to be able to accept this shit. It needs to run on an iPad. Only a custodial solution would work.
So there's one of two things that will happen. Everyone goes custodial, or we get bigger blocks. If we go custodial, game's fucked.
If we get big blocks, we can actually use this thing.I also run Bitcoin training seminars about Bitcoin. I won't be running any more until I can actually see where this thing is heading. This high fee bullshit makes the network unusable for normal people, and lighting is not easy to use, which any scaling solution needs to be
I'm strongly starting to think @DanielKrawisz was right, I've been listening to an echo chamber of people who have never run a business before, and I hope Daniel can answer more questions I have about his opinions of Bitcoin.
Source: @iwearahoodie
†Lightning Network: the Bitcoin network upgrade that was going to solve their throughput problems by … pushing a lot of the needed information through a different network of nodes. Magic!
Representative lines from Wikipedia:
The payment channels allow participants to transfer money to each other without having to make all their transactions public on the blockchain.
Due to the nature of the Lightning Network's dispute mechanism which requires all users to watch the blockchain constantly for fraud, the concept of a "watchtower" has been developed, where trust can be outsourced to watchtower nodes to monitor for fraud.
-
@DCoder
This is why you don't let socialists or anarchists (INB4: is there a difference?) design your economic systems.
-
@DCoder said in A fool and his not-really-money are soon parted:
I was told that I was doing it wrong
@DCoder said in A fool and his not-really-money are soon parted:
I was like "what the fuck?"
@DCoder said in A fool and his not-really-money are soon parted:
scaling
-
@DCoder said in A fool and his not-really-money are soon parted:
The fees just get too high. I had to completely write off the idea of paying my staff with Bitcoin during Dec 17 / Jan 18 when it was costing absurd amounts to get transactions confirmed in a reasonable time.
Don't expect real work from your staff, either, if you're trying to pay them with Monopoly money.
-
@topspin said in A fool and his not-really-money are soon parted:
if you're trying to pay them with Monopoly money
Canadian money is not Bitcoins
-
@TimeBandit said in A fool and his not-really-money are soon parted:
@topspin said in A fool and his not-really-money are soon parted:
if you're trying to pay them with Monopoly money
Canadian money is not Bitcoins
Even with our rainbow zoo half-joke Queen-loving money, our banks think cryptocurrencies are a fucking useless joke. Put Canadian Nicely:
https://www.bankofcanada.ca/2018/10/decrypting-crypto/
Decrypting “Crypto”
Deputy Governor Timothy Lane discusses the Bank of Canada’s research and responses to public interest in cryptocurrencies.
I want to share with you our current thinking about these virtual products.
The Bank of Canada is not responsible for regulating these crypto products. Indeed, the term “cryptocurrencies” is a misnomer. We prefer to call them “cryptoassets” because [...] they don’t do a good job of performing the basic functions of money.
One of our core functions at the Bank of Canada is to provide bank notes that Canadians can use with confidence. [...] bank notes are a simple but effective technology for keeping track of who is paying how much to whom [...] you can’t spend the same note twice;[...] works even when systems are down. [...] the acceptance of money is a matter of social convention. People accept cash as a means of payment because they know that others will do the same.
Those who believed that central banks could not be trusted to maintain the value of money were attracted by the idea of a money that is untouched by any public institution or individual.
Ironically, this very mechanism has turned out to be its fundamental flaw. When the limited supply of tokens meets large flows of demand from enthusiasts, the result—as we have seen—is wild fluctuations in the value of cryptoassets. These fluctuations have drawn in even more speculative money, which has further amplified the price movements
ICO ... are like crowdfunding—a means to raise equity capital without jumping through all the regulatory hoops needed to issue publicly traded securities.
crypto products do not yet pose financial stability risks. ... crypto products have a relatively small footprint in the financial system ... estimated at $230 billion ... While these seem like big numbers, they are dwarfed by other global financial markets: global equity markets alone have a market capitalization of around $100 trillion.
... there is little evidence that commercial banks are investing in cryptoassets or accepting them as collateral.
differences among regulations globally, together with the incompleteness of regulation in many jurisdictions, open room for promoters to engage in regulatory arbitrage, developing new products to exploit them.
-
-
@DCoder said in A fool and his not-really-money are soon parted:
Representative lines from Wikipedia:
The payment channels allow participants to transfer money to each other without having to make all their transactions public on the blockchain.
Due to the nature of the Lightning Network's dispute mechanism which requires all users to watch the blockchain constantly for fraud, the concept of a "watchtower" has been developed, where trust can be outsourced to watchtower nodes to monitor for fraud.So they've reinvented government. Good job!
-
@Rhywden said in A fool and his not-really-money are soon parted:
So they've reinvented government. Good job!
But slower, and less efficient, and less accountable.
It really is a marvel that they were able to pull that off when you actually think about it.
-
@Rhywden I've read that watching cryptocurrencies "develop" is like watching the history of banking and financial regulation in fast-forward.
-
So, remember that guy who died and wound up locking $143M of other people's bitcon in cold storage wallets forever?
Well, looks like there's more information coming out, they've figured out how to get the accounts to $0!
-
@izzion Came to the article expecting details of the incident, only got privacy WHARRGARBL.
-
@coderpatsy
tl;dr: the money hasn’t been in the alleged “cold storage wallets” since April of last year. Which can be proven by tracing the history of those wallets on the blockchain.
-
How can Zuckerborg stop, when it hasn't swallowed your entire life yet?
Get ready for a Facebook-sponsored cryptocurrency
New York Times: Facebook is building a new cryptocurrency for WhatsApp payments.
Facebook is preparing to launch a cryptocurrency, the The New York Times reports. The new cryptocurrency would be integrated with Facebook's WhatsApp messaging platform, allowing ordinary WhatsApp users to send electronic cash to friends and family across international borders. The Times says it talked to five anonymous sources who have been briefed on the project.
The most popular cryptocurrencies float freely against conventional currencies, leading to high volatility. By contrast, Facebook is planning to peg its currency to a basket of national currencies. This approach could give the new WhatsApp coin greater stability without tying it too tightly to any specific country's financial system.
There's no Bitcoin company with the capacity to reverse fraudulent transactions, restore lost coins, or shut down fraudulent service providers. This means that participation in the Bitcoin ecosystem requires a higher level of sophistication than the average Facebook or WhatsApp user has.
[G]overnment regulators are likely to demand that Facebook vet users, supply records to law enforcement, reverse fraudulent transactions, and comply with other banking regulations around the world just as conventional payment network providers must do. To comply with many of these regulations, Facebook would need to actively oversee the activities of third-party developers and require them to comply with many of those same regulations.
-
That is a cyberpunk classic: corporations more powerful than nation-states.
Facebook starts building its sovereignty by issuing its own money?
-
@Adynathos said in A fool and his not-really-money are soon parted:
issuing its own money
You didn't read the thread title, did you?
-
@DCoder if Facebook is handling the transactions in the first place, why have a crypto token? Just have a regular database with transactions! It's not like Facebook needs to raise funding. The only reason I can think of is they want to avoid regulations, but the article claims they'd still be required to follow those.
-
@Kian It might well be the old "X, but on the
Internetblockchain" buzzword gambit.If it isn't, I'm very curious how they're going to implement transaction reversal in a crypto coin. Seems like you would have to give one central authority the possibility to override things, which would ruin the big decentralization "benefit" the crypto-anarchists are always raving about...
-
@DCoder said in A fool and his not-really-money are soon parted:
I don't want to pay them
with Bitcoin.I realise this is a few days old but a correction was in order.
-
-
@Polygeekery said in A fool and his not-really-money are soon parted:
Didn't he not too long ago shill for some crypto stuff himself? Kind of ironic.
Oh well, guess he's seen the light, everyone makes mistakes.
-
@topspin said in A fool and his not-really-money are soon parted:
Didn't he not too long ago shill for some crypto stuff himself?
No clue. I don't follow the guy. I just like his taste in women.
-
@topspin said in A fool and his not-really-money are soon parted:
@Polygeekery said in A fool and his not-really-money are soon parted:
Didn't he not too long ago shill for some crypto stuff himself? Kind of ironic.
I don't remember that but I'm fairly certain I posted this comic in this thread. Ah, yes:
@boomzilla said in A fool and his not-really-money are soon parted:
-
@boomzilla said in A fool and his not-really-money are soon parted:
I posted this comic in this thread
But we have no chance to know for sure, do we now? And the solution to this, obviously, is to store posts in the blockchain!
Except... wait, your alts could have done the 51% attack against it.
-
@Applied-Mediocrity said in A fool and his not-really-money are soon parted:
Except... wait, your alts could have done the 51% attack against it.
A 51% attack is way too much
for a @boomzilla alt army.
-
@izzion said in A fool and his not-really-money are soon parted:
@Applied-Mediocrity said in A fool and his not-really-money are soon parted:
Except... wait, your alts could have done the 51% attack against it.
A 51% attack is way too much
for a @boomzilla alt army.Since all are @boomzilla-alts, it's obviously a 100% attack. But of course we don't actually do anything with it.
-
@dkf said in A fool and his not-really-money are soon parted:
@izzion said in A fool and his not-really-money are soon parted:
@Applied-Mediocrity said in A fool and his not-really-money are soon parted:
Except... wait, your alts could have done the 51% attack against it.
A 51% attack is way too much
for a @boomzilla alt army.Since all are @boomzilla-alts, it's obviously a 100% attack. But of course we don't actually do anything with it.
INB4 a 100 percent attack is indistinguishable from a genuine transaction.... Wait...
-
@topspin said in A fool and his not-really-money are soon parted:
@Polygeekery said in A fool and his not-really-money are soon parted:
Didn't he not too long ago shill for some crypto stuff himself? Kind of ironic.
Oh well, guess he's seen the light, everyone makes mistakes.I don't think that comic was him "seeing the light"; just the same sort of
stuff as usual. In fact I'm pretty sure it was in the lead up to his ICO thing.
-
@kazitor Well, apparently it wasn't too bad in his comics, mostly just some shilling in his blog (which probably no once cares about). It does stick out that, contrary to what we're used from
, it's the non-idiots suggesting Blockchain stuff.https://dilbert.com/strip/2017-10-16
https://dilbert.com/strip/2017-10-17
I love the "kinda doubt it" and "because you're a bad explainer, right?" parts of the last panel, but I've really not seen a good explanation why anything should be on the blockchain.
-
@topspin It's been pointed out how much it changes with a swap of eyes:
-
@topspin It's not like it's hard to explain blockchain. I do it every time someone asks me what my expert opinion on it is, so I can illustrate to them how whoever put the idea in their heads is a moron or trying to rook them.
-
@pie_flavor said in A fool and his not-really-money are soon parted:
@topspin It's not like it's hard to explain blockchain. I do it every time someone asks me what my expert opinion on it is, so I can illustrate to them how whoever put the idea in their heads is a moron or trying to rook them.
@topspin said in A fool and his not-really-money are soon parted:
a good explanation why anything should be on the blockchain
-
@topspin The only known explanation for why anything ever needed to be on the blockchain was so that shysters could rook money from rubes with dodgy investment opportunities.
-
@kazitor said in A fool and his not-really-money are soon parted:
@topspin said in A fool and his not-really-money are soon parted:
@Polygeekery said in A fool and his not-really-money are soon parted:
Didn't he not too long ago shill for some crypto stuff himself? Kind of ironic.
Oh well, guess he's seen the light, everyone makes mistakes.I don't think that comic was him "seeing the light"; just the same sort of
stuff as usual. In fact I'm pretty sure it was in the lead up to his ICO thing.Hmmm....how did we not hear about this when it happened?
https://blog.dilbert.com/2018/03/26/say-hello-to-the-whenhub-interface-app-and-our-public-ico-ito/
OK, so it's not really a currency, per se. But looks like he's now pitching it as a Patreon alternative:
So, at a minimum it's still going after about a year. I can't really find anything else about how they're doing.
-
@pie_flavor
So nobody ever asked you uh?
-
@boomzilla said in A fool and his not-really-money are soon parted:
@kazitor said in A fool and his not-really-money are soon parted:
@topspin said in A fool and his not-really-money are soon parted:
@Polygeekery said in A fool and his not-really-money are soon parted:
Didn't he not too long ago shill for some crypto stuff himself? Kind of ironic.
Oh well, guess he's seen the light, everyone makes mistakes.I don't think that comic was him "seeing the light"; just the same sort of
stuff as usual. In fact I'm pretty sure it was in the lead up to his ICO thing.Hmmm....how did we not hear about this when it happened?
https://blog.dilbert.com/2018/03/26/say-hello-to-the-whenhub-interface-app-and-our-public-ico-ito/
OK, so it's not really a currency, per se. But looks like he's now pitching it as a Patreon alternative:
So, at a minimum it's still going after about a year. I can't really find anything else about how they're doing.
Some dude said:
How do we know which Scott Adams is you on the WhenHub app? I contributed to one of them but then saw there are two of you on there. Thanks.
Wow, twitter only started getting fraudulent look-alike accounts for cryptoscamming in the last year or so. This place has already got them and it's new, amazing!
-
@Cursorkeys said in A fool and his not-really-money are soon parted:
Wow, twitter only started getting fraudulent look-alike accounts for cryptoscamming in the last year or so. This place has already got them and it's new, amazing!
Though, it also only got them in the last year or so
-
https://gizmodo.com/crypto-exchange-coinbase-says-it-made-a-mistake-buying-1833083372
Crypto Exchange Coinbase Says It Made a Mistake Buying Italian Firm Linked to Notorious Hacking Team
Cryptocurrency exchange Coinbase has acknowledged it made a major mistake when it bought Italian blockchain analytics firm Neutrino, whose senior management staff included several members of infamous Italian firm Hacking Team—which has reportedly sold powerful hacking and surveillance tools to...
"Let's buy this analytics firm that's run by grey/black hat hackers who deal with oppressive governments and also the FBI (but I repeat myself), and whose main business is selling PII to those same. What can go wrong?"
There's so much to unpack here. Let's see...
So CoinBase announce that they're going to acquire an analytics firm. CoinBase users (who are very privacy concerned) raise red flags with "whoa those guys um seriously you know they hack and sell PII right?" CoinBase either ignores or doesn't hear those concerns, and buys the firm anyways.
CoinBase brings on some of the firms employees and leaders and puts them into high-level positions. These are the people that CoinBase users were afraid of.
People also point out that since that firm sells software & information to the FBI, there is now a zero-degrees-of-seperation between the FBI and CoinBase. CoinBase users are really unhappy about that-- y'know, since the majority sentiment is that they want to untether from government, stay anonymous, and believe the FBI can put backdoors in (hint: they can and have for other things in the past).
Acquisition was done Feb 19th. So there's been, like, 3 weeks of access that the Hacking Team had,
Only now does CoinBase announce that those Hacking Team employees will "transition out" of CoinBase. There's no word on what that means, or when it will happen.
CoinBase puts out a public statement that amounts to "whoopsie doodle our bads". Actually, if they had just put out that statement in those words (in baby voice), it still would have been better than what they did say. Quothe their blag post:
we had a gap in our diligence process. While we looked hard at the technology and security of the Neutrino product, we did not properly evaluate everything from the perspective of our mission and values as a crypto company."
“We took some time to dig further into this over the past week,” said Armstrong, adding that those who previously worked at Hacking Team “will transition out of Coinbase.”
I know when I'm looking for someone to trust with my money, I love hearing they aren't able to do their basic due diligence on any acquisitions. Whoopsie doodle, hired a bunch of black hat hackers because we didn't even bother to google their names. If they didn't do something that simple, what else did they overlook?
Unless, and surely this couldn't be the case, CoinBase was lying about not doing due diligence. That's be bad for a company that's based on "trust", right-- because it'd mean not only did they willingly let risky people into the business, but also tried to cover it up (and the lie they chose was that they are incompetent). Can't be that at all. o wait... there's a Motherboard article from February reporting on CoinBase's horrible decision. Here's a choice quote, from a CoinBase spokesperson:
“We are aware that Neutrino’s co-founders previously worked at Hacking Team, which we reviewed as part of our security, technical, and hiring diligence,” the spokesperson said.
So... they did know? Or they were lying when they said they did their diligence? Or their diligence process sucks?
And that isn't even touching the statement about them "digging further" over the course of a week. You didn't dig deep enough during the initial diligence? But you were able to make massive employee decisions in a dime-turnaround? What did you dig up? That they were part of a hacking team? You didn't dig that up. You knew it already. People told you. You told them you knew. So maybe you dug up that they were doing something malicious with CoinBase? But again, how did you find that out so fast? And if you did, why aren't you disclosing the hack? And why are those employees still there being "transitioned out" rather than shitcanned immediately?
I can't think of a single scenario where the whole situation DOESN'T completely tank their reputation.
And a nice little cherry on top: when crypto users raised concerns about their PII being sold to third parties, CoinBase's oddly very specific response was:
“never shared our customers’ personally identifiable information with any third-party blockchain analysis vendors.”
Things that are ok under that statement:
- Providing personal (but not identifiable) information to third part blockchain analysis vendors
- Providing PII to third party vendors who aren't blockchain analysis
- Proving PII to any third party, like the FBI
- Providing PII to the Hacker Team, since they are now technically FIRST-PARTY vendors after the acquisition
- Having the PII stolen or leaked, which isn't technically "sharing"
