887200+ entries in 0.63s
ThickAsThieves: is
this maybe one of
those
things where
they intend
to do it whether it passes or not
mircea_popescu: The
Trustee will
terminate and liquidate
the
Trust if one of
the following events occurs:
the SEC determines
that
the
Trust is an investment company ;
the CFTC determines
that
the
Trust is a commodity pool under
the Commodity Exchange Act of 1936 ;
the
Trust is determined
to be a “money
transmitter” under
the regulations promulgated by FinCEN
mircea_popescu: in exchange market (“Bitcoin Exchange Market”) from which prices are used
to determine
the Blended Bitcoin Price.
The
Trustee will determine
the NAV of
the
Trust on each day
the [EXCHANGE] is open for regular
trading, (“Evaluation Day”) as promptly as practicable after 4:00 p.m.
mircea_popescu: The NAV of
the
Trust is
the aggregate value of
the
Trust’s assets less its liabilities (which include estimated accrued but unpaid fees and expenses). In determining
the NAV of
the
Trust,
the
Trustee will value
the price of
the Bitcoins in
the
Trust Custody Account as determined by
the relevant Blended Bitcoin Price. See “Overview of
the Bitcoin Industry and Market” for a description of
the operation of
the Bitco
mircea_popescu: they'd buy
the coins with what,
their personal funds with a view
to sell
to
this ?
Bugpowder: I gotta go get dinner, looking forward
to discussion.
Bugpowder: I wonder if
those were
the huge 10k blocks going off last week
mircea_popescu: Winklevoss IP LLC is
the owner of and is licensing
to
the Sponsor such intellectual property.
Bugpowder: I guess
they did buy some coins...
mircea_popescu: The
Trust’s Sponsor is Math-Based Asset Services LLC.
The Sponsor is a Delaware limited liability company formed on May 9, 2013, and is wholly-owned by Winklevoss Capital Management LLC.
Stardust: "As filed with
the Securities and Exchange Commission on July 1, 2013"
Bugpowder: Winkelvoss Bitcoin
Trust files with
the SEC. Looks like a $20M share offering for Bitcoin exposure in your portfolio
davout: answer is "store it encrypted on
the app server, ancrypt and decrypt it client side with symmetric crypto using
the user's password"
davout: Stardust: you forgot one question
though
davout: it will continuously pull it somehow, but just
to check it does not change and
that no one is ever fucking with it
Bugpowder: mircea_popescu: Get
these guys
to list on MPEX
☟︎ Stardust: continuously pulling
the public key is what i meant...
davout: which in
turns signs
them off
davout: it's only after
that
they get replicated/copied
ti
the auditor
davout: withdrawal requests first hit
the app server DB
Stardust: i mean
the continously pulling mecanism isn't relevant for
the withdrawal process, it is as
to enforcing
Stardust: <davout> as part of
the rules
to enforce // nevermind, misses
that
davout: they simply look at
the main app server DB
davout: because
the auditors are never in contact with
the user
Stardust: i mean
to enforce
the data integrity maybe
Stardust: why just don't record it at
the user registration
davout: as part of
the rules
to enforce
davout: and check
that it never changes
davout: they can simply pull it from
the webserver
Stardust: the auditors would have
to keep
the public key of all users
davout: if you want
to have a sensible security scheme you need
to do some boring manual shit
too,
there's no avoiding it
Stardust: i just kinda missed
the "signed by user" part in my attack scheme, looks good
to me now except :
davout: the idea is
the only way
to win
the "my server is more secure
than yours game" is not
to play it at all but change your strategy
davout: bitcoind node polls
the queue, ends up with 4 messages signed by different auditors saying
the same
thing
davout: allow it, push a signed message on
the queue
davout: verify
the request against
the user's public key
davout: auditors get knowledge of
the information
davout: webservers records "user X wants
to withdraw Z BTC
to
the AAA address, signed by
the user"
davout: ok, i'll give
the way i see it fully implemented
Stardust: these messages will come from
the webserver, or some kind of entitiy linked
to it right ?
Stardust: so
that's
the node
that will make
the btc
transactions
davout: for which it has
the GPG keys
davout: it only pulls data, never gets pushed
to
davout: it would listen
to messages on a distributed queue, accessing it
through
Tor
Stardust: so how do you handle btc withdrawal in
that case ?
davout: there should not be, precisely for
the case you describe
davout: and even if you have a hot wallet it should sit
tight behind
tor getting its orders only from a consensus of auditors
davout: Stardust: if you don't have a wot wallet
there's nothing
to gain from a quick attack
Stardust: the
thing is
the offline auditor is useless in a case of a quick attack, since you have
to check manually
davout: he adds himself BTC, same
thing
davout: so first case (and I'll
take a BTC/EUR exchange for
the sake of
the discussion)
davout: second
thing you need
to look at
the reporting
davout: first
thing, you want
to run at least one auditor offline
Stardust: couldn't you arbitrarily control
the
taffic being sent
to all
these auditors ?
Stardust: but you don't play with any data yet, you just look at
the network
traffic
to identify all
the auditors
davout: and since you can run
the auditors behind
tor a distributed message queue or whatever it becomes very very hard
to compromise
Stardust: makes sense, now
there's just one
thing : let's suppose
the webserver is completly compromised
davout: compromise
the database server behind it, maaaaybe one auditor, but you sure won't be able
to hack into all of it at
the same
time before one of
the components alerts you
davout: the rationale behind
the scheme being
that you may be able
to compromise a web server
davout: basically it looks at your data
to make sure nobody is fucking with it,
that
the incoming bitcoin
transactions actually match your available addresses, and send you GPG-signed e-mails
to report on all
this
davout: Stardust: a system designed
to monitor a defined data-set in order
to : ensure data integrity, enforce arbitrary business rules on it, ensure data stability over
time, issue customizable alerts, generate customizable reporting and authenticate
to operators using public key cryptography
davout: they released
their magento plugin update
Namworld: Well no, if it happened on GLBSE... it's ought
to happen again elsewhere.
gribble: MtGox BTCUSD
ticker | Best bid: 88.80279, Best ask: 88.83000, Bid-ask spread: 0.02721, Last
trade: 88.83000, 24 hour volume: 47550.96313601, 24 hour low: 88.10000, 24 hour high: 98.18010, 24 hour vwap: 91.71002
Namworld: Bitfunder became
the new GLBSE.
mircea_popescu: aww i
thought
that amc
thing was supposed
to be 25 or some shit
davout: we're dropping
the hot wallet stuff for
the
time being and will only send funds if all auditors agree
davout: so I'm going
to scratch my own itch here first and see i
that works and if it's practical
davout: especially if one is on
the raspberry pi
that I hide in my dirty laundry
davout: it's however very very unlikely
that all be hacked simultaneously
mircea_popescu: davout may work, as lo9ng as
the auditors are
trustable.
davout: resulting in
the same "webserver hacked? zero fucks given" kind of result
davout: well,
the idea was
to have auditors generate
the confirmation codes
mircea_popescu: davout for instance
that you can't use websites for btc.
davout: what aren't
they smart enough
to figure out ? your model ? or how
to copy it ?
mircea_popescu: "the problem is
teh "bitcoin experts" aren't smart enough
to figure it out"
davout: i was
thinking of something different actually
davout: which kind of equates
to copying mpex in a sorta degenerated fashion
davout: but
that's just one of
the solutions
davout: yes, obviously you see
the flaws
too
davout: i enjoy delegating
to romanians