log☇︎
1013300+ entries in 0.683s
mircea_popescu: FabianB it pains me to say, but i doubt evoorhees is as retarded as me, to end up making multiple payments :D
OneEyed: mircea_popescu: why? I am talking about intercepting the message as submitted, that is signed by the customer key and encrypted with mpex key.
FabianB: jurov: heh, maybe i should buy some S.DICE too to test divs again
mircea_popescu: OneEyed you can reuse the same clearsigned message, but you'll have to re-encrypt with mpex key
mircea_popescu: jurov well that's great news!
mircea_popescu: OneEyed that's exactly what i mean
jurov: mircea, there aren't so many holes in coinbr, mostly UI glitches... only the dividends caught me with pants down
OneEyed: Or, as an attacker, intercept such a message, then resubmit it a day later, then again, then again, causing the original customer to buy 30 foobar instead of the intended 10?
OneEyed: You mean I can't sign a message containing "BUY|foobar|10|1", submit it, then submit it again a day later?
mircea_popescu: the 2nd and subsequent requests on the same command just die with an error message.
OneEyed: (sorry if I look inquisitive, but your model is really interesting, I like this way of taking commands)
OneEyed: mircea_popescu: as far as security is concerned, I haven't seen anything against replay attack. Maybe the attacker should have the possibility to add a "serial" or "uid" extra field, to ensure a signed message cannot be submitted again without being regenerated (it would require a new UID).
mircea_popescu: it's not a priority atm tho.
mircea_popescu: maybe something like that could be made to work
OneEyed: Only a keyring file, which is public information, would be transmitted
OneEyed: mircea_popescu: what I had in mind, was a "gpg --refresh-keys" on an internet-connected server, then send the updated keyring to the non-internet machine, and have gpg merge both keyrings (keys being in append-only mode, this cannot remove any information or inject any bogus unsigned information, especially if no new keys are imported during the merge)
mircea_popescu: pgp software was not really tested in this sort of environment, so im not letting it see the internets.
OneEyed: And even a revocation would only happen if the key was really compromised
OneEyed: My point was that key update can be hijacked, that wouldn't do any harm except mark a compromised key as compromised
mircea_popescu: if there is then there might be.
mircea_popescu: if there's no code to process key updates then there's no way to hijack key updates.
OneEyed: (there is no risk in being fed invalid/bogus/attacker data, that's why people can trust keyservers, the only thing they can do is refuse to serve a key)
OneEyed: mircea_popescu: it gets fed the PGP signed orders in some way (serial link? private Ethernet connection? whatever), so the key updates could enter the same way. Anyway, I was just curious about it, I'm not requesting a change :)
mircea_popescu: also, the server that processes auth is not connected to the internet. it'd have to be processed by hand, the update.
mircea_popescu: if you change that you've pretty much lost the entire account.
mircea_popescu: OneEyed the way mpex works, you're identified by your key id.
OneEyed: mircea_popescu: the only risk is a DOS, since you cannot remove anything from a key, only add to it - and if someone manages to sign a revocation certificate for someone else, well, that someone else will be happy to have the revocation added to his key!
mircea_popescu: and the rest isn't either very large or doing too good.
mircea_popescu: do the math :)
Cylta: And what about glbse? They have about 1m btc too, I think
mircea_popescu: and yes, i am the most paranoic person you have ever seen.
mircea_popescu: month;y trade volume is 50-200-100 sort of thing
mircea_popescu: Cylta the market cap of companies listed is closing in on 1mn btc
mircea_popescu: OneEyed cause of the risk involved in the scenario where someone manages to update someone else's key
Cylta: What is the total amount of btc inside mpex? Approximately
Cylta: Oneeyed I did not tell it's bad :-)
Cylta: mircea_popescu: 1) you are the most paranoic person I ever seen 2) 20btc for registration?! Seriously?
OneEyed: mircea_popescu: out of curiosity, why don't you offer the possibility to update a key (expiration date, revocation)? It could be transferred the same way orders are, and that would make the system only more secure, wouldn't it?
mircea_popescu: and 0.2% sale only fee is kind of hard to beat.
Bugpowder: A low trade fee, high signup / monthly fee is better for liquidity (i.e. intrade's current model).
mircea_popescu: yes. i am not trying to entertain the masses.
OneEyed: mircea_popescu: television?
OneEyed: And that would probably increase the liquidity on the exchange to have more people.
mircea_popescu: OneEyed mpex is for investors. it's not television.
mircea_popescu: course you could just go through a broker etc.
OneEyed: I'm still wondering why you don't want to gain more on fees and less and registration.
mircea_popescu: nope, just an ever increasing cost to participate, prolly will be in the 10-50k usd range before it stops.
OneEyed: Yeah, I've read the FAQ, I was just wondering if there was going to be a promotion. Too bad then :)
mircea_popescu: still, it will happen in the future.
mircea_popescu: this was planned for when volume crosses 100k per minth, but i held back because btcusd went from 5 to 12
mircea_popescu: in the future i intend to raise it to 50 btc
OneEyed: Yeah, I was talking about the future, not about the past :)
mircea_popescu: OneEyed i have, this was a couple months in spring.
OneEyed: mircea_popescu: do you plan to have a promotional period where registration of a new PGP key is free by any chance?
mircea_popescu: Cylta mpex.us as to your list
Cylta: Mircea thanks!
Diablo-D3: isnt he the guy behind the print bitcoin magazine?
MrTiggr: so its simply graphing the latest txn's
Diablo-D3: so matthew ended up with a scammer tag? too bad
MrTiggr: thats based off the "unconfirmed txn" feed from blockchain.info
MrTiggr: and localstorage (if you choose to trak addresses)
MrTiggr: you guys might find a use for this ... blockchain in realtime http://worldzeitgeist.org/iseecoins.html
OneEyed: EskimoBob: and I think people managing FDBF do a wonderful reporting job compared to other assets (I once tried investing in YABIF, and quickly got out because of obscure management practices)
gribble: Best bid: 12.31801, Best ask: 12.39, Bid-ask spread: 0.07199, Last trade: 12.419, 24 hour volume: 10452, 24 hour low: 12.301, 24 hour high: 12.48443
OneEyed: usagi: what was that that you asked him to do for money exactly?
OneEyed: EskimoBob: I wondered, because of Otto de Voogd and you met, but he travels a lot from what I can read
Chaang-Noi: hows the land of bitcoin assets today? fun as ever i assume?
OneEyed: usagi: you are in the real world, why don't you sue him?
OneEyed: EskimoBob: unless he's the majority shareholder as welll
assbot: FDBF [1@0.14BTC] paid: 0.00605727 BTC. Last price: 0.149253 BTC. Capital gain: 0.009253 BTC. Total: 0.01531027 BTC. (10.9%)
assbot: Requesting data from GLBSE (might take a while, also might return fishy results as it does not account for splits etc).
OneEyed: If they didn't, that's a sign that they were not confident enough to bet on pirate, even though they "knew". If they did, we now know that they are gullible people :)
OneEyed: usagi: did those person who "knew" what pirate was doing put any investment in CPA?
pigeons: hmm i was talking about obsi
OneEyed: If someone wants to buy my last 44 shares of FDBF on GLBSE at 0.149253 per share, do it before dividend time tonight
pigeons: it doesn't look like anyone needs any paying for you to be discredited at this point
OneEyed: EskimoBob: thanks :)
OneEyed: But he is either AFK or not willing to answer that :)
OneEyed: If EskimoBob says he is not being paid by anyone to do that, well, I would have no reason not to believe him so far.
OneEyed: Diablo-D3: but he may not want to lie, and won't answer in this case :)
Diablo-D3: OneEyed: but if that contract has an NDA, he cant say yes
OneEyed: EskimoBob: I've seen that usagi accused you of being paid to spread FUD on him, but I've never seen anyone ask you if it was the case. So. Are you being paid by someone to damage usagi reputation in any way?
Diablo-D3: my trolling cant be _that_ subtle >_>
Diablo-D3: exactly, and after this legit blackmail (because maged said so), we'll be even
Diablo-D3: GIVE ME 5 BTC OR ILL TELL EVERYONE YOUR SECRET!
Diablo-D3: _theymos is tired of nefario's mismanagement_
Diablo-D3: lets try this again
Diablo-D3: theymos is tired of nefario's mismanagement
Diablo-D3: usagi: this is true, but thats not what I meant
OneEyed: I went to around 100 BTC worth of assets on GLBSE to 6 BTC in two weeks (with no loss, or even profit). I don't trust GLBSE with my coins anymore, since they may screw me if they don't like the issuer of the assets they let me invest in.
Diablo-D3: so if you know those two things, whats the obvious conclusion?
Diablo-D3: and you already know theymos is selling is stake in glbse
Diablo-D3: usagi: you cant read the staff forum.
Diablo-D3: he might still get one because of the goat shit, though
Diablo-D3: he almost did due to the dmc shit, but he backed down
Diablo-D3: nefario miiiiiiiight end up with one though
Diablo-D3: usagi: then whats the jist of the EskimoBob is a scammer thread
OneEyed: usagi: and the diagrams look professional
OneEyed: usagi: it makes your text look good though
OneEyed: (btw, usagi, at least one of the go books you pointed onto in the forum should be ran through LaTeX again, references are unresolved and appear like "page ???")