btcinfo  

Hic inserere motto

Yet another Zcash bug

September 27, 2019 — shinohai

Zcash is urging it's userbase to immediately upgrade their wallets and node software to apply an "important security fix". A bulletin issued by the developers released no details, but stated:

"Version 2.0.7-3 of Zcashd includes an important security fix in response to an issue that was reported to us on Friday September 13th 2019 by Florian Tramèr, Dan Boneh, and Kenneth G. Paterson. Users should upgrade their nodes to this version immediately and discontinue use of older versions. Please note that the issue does not put funds at risk of theft or counterfeiting. More details of the issue will be released in coordination with the reporters of the issue at a future date."

This latest undisclosed issue is the second reported flaw in Zcash this year alone, the first being a bug that was found that allowed one to print unlimited monies which the developers kept secret for 8 months.

Tags: News, Cryptocurrency, Insecurity, Lulz

soopy452000, an indictment

August 14, 2019 — shinohai

Sometime around the exit of Bryce Weiner, the Unobtanium project acquired a new "developer" who goes by the moniker of soopy452000. Let's examine a few alarm bells on why you shouldn't let this guy anywhere near you coin, or anything to do with mission-critical code for that matter, and put this conversation to bed.

Love 'em and leave 'em. Señor soopy has a reputation of inserting himself into cryptocoin communities, making questionable code changes, and absconding with funds. Good 'ol Bitcointalk registers a complaint from a user who testifies he sold 3 billion Beecoin for LTC, left the community hanging, and moved on to Navcoin. (archived)

anotherlateminer: "Read 2 pages from here: https://bitcointalk.org/index.php?topic=601247.msg8923728#msg8923728 BEEs have been sold in order to be used for development and there are still no signs of any development. LTC are just gone."

Telegram chats have provided a few gems as well:

A kind stranger comes to the main channel to warn what UNO might be getting into. (archived)

It didn't take long for teh lulz to manifest:

Readers of this blog already know about the war on cryptography from various "nation-states", and why you should be very careful of what tools you use when working with these items. Soopy exhibits very amateur behavior when dealing with such, from generating keys using keybase.io1 (archived), to posting unusable signed walls of text to Telegram chats that can't be verified.

Yes, this has predictable results, and clowns in this camp will likely come up with the same tired excuses to explain it. (archived)

Socialisms, like zooko.usg "dev subsidies" have no place in cryptocurrency. But that doesn't stop picadors trained in the Democratic Socialist Republic of Sri Lanka from trying to print unlimited money, and hoping no one notices, as was the case with 42coin:

"What is remarkable in the history of 42, is that until the spring of 2014 the coin supply was really capped at 42, but on March 17, 2014, the GitHub user sherlockcoin (aka soopy452000) made it unlimited. He was working under KGW implementation and no one noticed this "small change"." (archived)

So there you have it folks, and the above-stated reasons are just a few examples of why I won't be trusting any code pushed by this moron to the "official" Github2, and neither should you. But, Caveat Emptor, do your own research, and decide for yourself.

Read more...

A patch for db4.8 on gcc8+

August 10, 2019 — shinohai

The march of "progress" sometimes brings about a lot of headaches, especially when I am forced to work on heathen systems such as Debian and Ubuntu. This became readily apparent while installing bitcoind (core) to a server equipped with gcc-9.1.0 this past week. While building the dependencies, db-4.8.30.NC promptly shat out this error:

definition of 'int __atomic_compare_exchange(db_atomic_t*, atomic_value_t, atomic_value_t)' ambiguates built-in declaration 'bool __atomic_compare_exchange(long unsigned int, volatile void*, void*, void*, int, int)' static inline int __atomic_compare_exchange

A relatively simple patch allowed me continue building error-free. I have included in the /library/ here for future reference. Place it in the root of the db-4.8.30.NC folder and apply manually as you would any other patch.

While impossible to completely rid the world of such fuckery, I consider this just another tool in the box to make things slightly less painful

Tags: Bitcoin, UNIX, Webshit

btcbase logs fail again

August 02, 2019 — shinohai

The btcbase irc log for the tmsr in #trilema has apparently left the building once more, leaving the crumbling republic with no real-time documentation of it's proceedings. Caesar Augustus hinges hopes on forum member lobbes finishing a logbot, hopefully one that doesn't put the `$` symbol in front of words every third line like it's author. Until then, it appear the channel will enter radio silence.

UPDATE: A Trilema post was made on subject, with the following at the tail of the logs:

    Aug 02 08:28:52 * feedbot has quit (Write error: Connection reset by peer)
    Aug 02 08:34:50 * mircea_popescu removes channel operator status from deedbot
    Aug 02 08:34:54 * mircea_popescu removes voice from whaack
    Aug 02 08:34:58 * mircea_popescu removes voice from trinque
    Aug 02 08:35:01 * mircea_popescu removes voice from spyked
    Aug 02 08:35:08 * mircea_popescu removes channel operator status from scriba
    Aug 02 08:35:13 * mircea_popescu removes voice from scriba
    Aug 02 08:35:17 * mircea_popescu removes voice from phf
    Aug 02 08:35:20 * mircea_popescu removes voice from mod6
    Aug 02 08:35:23 * mircea_popescu removes voice from Mocky
    Aug 02 08:35:26 * mircea_popescu removes voice from lobbes
    Aug 02 08:35:30 * mircea_popescu removes voice from jurov
    Aug 02 08:35:33 * mircea_popescu removes voice from dorion
    Aug 02 08:35:37 * mircea_popescu removes voice from diana_coman
    Aug 02 08:35:41 * mircea_popescu removes voice from danielpbarron
    Aug 02 08:35:44 * mircea_popescu removes voice from bvt
    Aug 02 08:35:48 * mircea_popescu removes voice from BingoBoingo
    Aug 02 08:35:51 * mircea_popescu removes voice from billymg
    Aug 02 08:35:55 * mircea_popescu removes voice from ave1
    Aug 02 08:35:59 * mircea_popescu removes voice from auctionbot
    Aug 02 08:36:03 * mircea_popescu removes voice from asciilifeform
    Aug 02 08:36:09 * mircea_popescu removes voice from mircea_popescu
    Aug 02 08:36:14 * mircea_popescu removes channel operator status from mircea_popescu

Tags: News, Bitcoin, Lulz

Bitcoin SV scheduled fork will increase block size to 2GB

July 23, 2019 — shinohai
Faketoshi's shitcoin "Bitcoin SV" is planning an update, called "Quasar" on July 24, and will increase maximum block size to 2GB. The upgrade will likely allow more weather app data to be stored in their "blockchain". The forecast calls for a 100% chance of lies and scams.

Tags: News, Bitcoin, Cryptocurrency, Lulz

Lead dick leaves Unobtanium project

July 19, 2019 — shinohai

After several days of huffing and puffing in the Unobtanium channel on Telegram, serial vaporware developer Bryce Weiner announced on twitter that he was leaving the UNO project. The wanting Weiner is known for his centralized shitcoin exchange alt.market (that will be ready any day now™®) and the "Bitcoin killer" shitcoin TAO (XTO), currently listed as "inactive" on coinmarketcap.

Tags: News, Bitcoin, Cryptocurrency, Lulz

Canonical Shithub repositories hacked

July 06, 2019 — shinohai

Canonical Ltd (Ubuntu) source code repositories on Shithub were reportedly compromised this morning, complete with buttery screenshots. (archived)

No official word from Shithub or Canonical was available at the time of posting.

Tags: News, Insecurity, Lulz

Shinohai's Saturday Shitcoin Selections 4

July 06, 2019 — shinohai

The lulz in this story begin in a thread for the XJO cryptocuurency on bitcointalk. This guy suggests you can "run an entire 'DNM' on the XJO blockchain" and links to a javascript page (archived) that will happily eat your private keyz and encrypt and decrypt thingz for you!

Why this is incredibly stupid:

  1. iGolder.com should be all you need to know, but you can also google search it if you wish.
  2. No mention is made of airgap setups, and the joulecoin.info site is connected to the internet when performing crypto functions.
  3. No mention made of layering (see above), and why you should be using 4096-bit or higher rsa keys for any comms, period.
  4. Cost of 51% attacks and other lulz would be near nothing for interested 3-letter agencies.
  5. Point #1 is honestly enough to end this discussion.

"But it's so luser friendly, everyone can do it!"

There is no scenario that exists, or shall ever exist, where "paste your key here" ever becomes proper handling of cryptographic keys, and certainly not in situations that require proper OPSEC and associated sanitation procedures. This is seriously the most retarded post I've read all year, and tardstalk produces some very brain-damaged threads.

TL;DR OP is an utter moron and you should seek advice elsewhere if you use crypto in any high-risk situations.

Tags: News, Cryptocurrency, Insecurity, Lulz