Posts

Showing posts from 2017

"Air gapped" is not good enough to protect your Bitcoin

Your bank notes under your mattress are air gapped - there is an air between them and the burglars. Is this air stopping them from just taking your money and spend it? If you are worried that you may forget the password you can still keep unencrypted copies hidden somewhere safe (or your passphrase), but you can also make encrypted ( with good key stretching ) copies on cloud services (DropBox, Mega, Google Drive, Gmail, etc.). If you keep your seed in a safe deposit box (at the bank), the bank employees can open it and steal your coins. Also, the government can demand opening of your safe deposit box and steal your gold and crypto. Archiving private keys - TLDR version

Why prices on different Bitcoin exchanges are not the same?

There is a big difference because arbitrage between exchanges is slow and dangerous due to the legacy financial system's defects. It's a high risk of regulatory problems because banks see this as money laundering. They are obligated by law to play the security theater and will cause problems to arbitrage traders moving fiat funds between exchanges. If you know how to move funds between exchanges fast and with less fees – there is a profitable (but risky) business opportunity. If our current financial system allowed for immediate transfers between participants, arbitrage would eliminate these price spreads on different exchanges. Also, there is a big difference between the futures contracts and the real Bitcoin prices. This is because there is a risk something will go wrong with the exchanges (they may not work when the futures contract expires or there will be too much volatility and low liquidity).

US dollars are backed by...

US dollars are backed by the fact that the government will put you in jail if you don't buy US dollars to pay your taxes. You can use only US dollars to pay taxes in US and other countries. This way the government is supporting the price of US dollar.

Bitcoin is drawing the interest of tax authorities in many countries

Image
One of the things that many people don't realize is that Bitcoin is drawing the interest of tax authorities in many, many different countries all over the world. What is quite clear is that Bitcoin trading is jumping right to the front of the queue of priority tax investigations. This is easy to note by having a look at the official web pages of assorted European tax authorities, and also at the US IRS. What this article is hinting at is that tax authority cooperation across many different national jurisdictions is converging. Bitcoin proponents really aren't paying enough attention to what happens when you actually try to monetize your gains. Forget the Blockchain. Look at the final result (house, fancy new car, fancy boat, hefty bank account) instead. Because that is what the authorities will do.

Keep your cryptocurrency keys securely!

Image
Don't forget to make backup of your keys even if you use hardware wallet. Hardware wallets use flash memory (like SSD disks, USB flash drives) and this type of memory is prone to failure, especially when it's not powered for weeks or more. Hardware wallets are great for making secure transactions, however it's irresponsible to keep your private keys only on them (without backup). I have a habit to write multiple copies of my important files when I use floppy disks, USB flash drives and optical disks (CD, DVD). I not only use multiple mediums, but also write the file several times on every medium. DVDs are more reliable than CDs, I prefer DVD+R (instead of DVD-R). Here is my short guide: Archiving private keys - TLDR version

Bitcoin Vault for a paper wallet?

Image
"Fun Place to store your Bitcoin Paper Wallet" - at least they are honest - they do not claim that the place is safe, they said it's fun. Who needs "fun" place for such purposes? Link to product page on Amazon. Archiving private keys - TLDR version

Bitching about Lightning Network won't help you stop it

Image
All of you who keep bitching about Lightning Network, you need to realize that Lightning Network is a layer 2 technology, which by definition layer 1 doesn't know about and isn't affected by. Just like TCP doesn't know about the contents of the encapsulated SSH and HTTPS that it's transporting. Furthermore, the development of Lightning Network is permissionless, and anything that's permissionless and useful will inevitably come into existence due to market forces. There is literally nothing at this point that can stop it. Moaning about it, spreading lies and fud etc won't stop it. You are wasting your energy. Give it a rest already. Go do something useful with your life.

Forking of Bitcoin is good

Image
Forking is good. Because THIS IS D-E-M-O-C-R-A-C-Y ! You can vote with your wallet what to use as money. Also, there are hundreds of altcoins... This is good. Let's users decide which coin to use. Some cryptocurrencies have interesting features (not available by default on Bitcoin), like Monero (privacy). Some have very little transaction fees - they are good for permissionless micropayments (no need to rely on 2-nd layer like AdvCash, Payeer with free/cheap internal transactions).

It's happening! People are putting Bitcoins in ther IRA account!

Image

Dealing with the anxiety related to the volatility of your porfolio

Follow the Nassim Taleb's advice - don't listen to noise. (The price changes you see every day are just noise (just like the "news" on the TV). Don't look at prices every day. Or even every month. Look at them once per year. And your life will be better.) I highly recommend Taleb's books. It change the way you perceive things (not only finance-related). (I also have hard time following this advice, but I accept this noise more calmly after I read the Taleb's books. Also,"The Antidote" by Oliver Burkeman might help with your anxiety.)

MaidSafe vs Storj vs Sia

Are small transactions not economically feasible?

You can make small transactions using "banks" like Coinbase, Xapo and most cryptocurrency exchanges (they have account-to-account free transfer feature). You should trust these "banks" only for amounts you can afford to loss. Don't store most of your assets in "banks", be your own bank. It is similar to how the legacy financial system works - if you make bank-to-bank transfer you pay a fee. If you transfer between accounts within the same bank - this usually is free.

SMS is not a proper form of 2FA - use Google Authenticator instead

SMS text messages sent to your phone are not a valid form of 2FA since the hackers will just call your phone company claiming to be you and your phone was damaged. They get a replacement SIM, access everything linked to your phone.

There is no need to smash your computer after generating your Bitcoin keys/seeds

Image
No need of smashing, burning or even formatting if you are using some "Live" operating system like Ubuntu or Tails run from DVD (on computer with disconnected hard drive, SSD, flash drive).

Bitcoin exchange without KYC verification

Image
Many exchanges require KYC verification only if wire transfers are involved. If only crypto is traded (i.e. Litecoin => Bitcoin) there is no requirement for verification. Some exchanges also don't require KYC verification if e-money are used (like PerfectMoney, PaySafeCard, SolidTrust Pay). Also, there are many "e-money exchanges" that do not require verification if you use their services to trade e-money and/or cryptocurrency. Verification is usually required only when using insecure payment methods like PayPal or SWIFT/SEPA wire transfers (because banks require KYC verification). If you want reliable provider of debit card for withdrawing your Bitcoins at any ATM:

Do not use default options for the scrypt utility and keepass2!

Image
Here is example with more secure options: $ sudo apt-get install scrypt $ scrypt enc -M 1073741824 -t 200 secret.txt encrypted.scrypt If you have several GB of free memory you can increase the memory usage several times. My tests confirm that the "-t" parameter is not working correctly - it takes less than 200 seconds to derive the key from your password. Archiving private keys - TLDR version Learn more about key stretching . Keepass2 have the option to specify how slow should be the KDF. Click on "1 second" and then add one zero at the end of the number (10 seconds). This will slow down the opening of the database. However, it will also slow down the saving. After I tried to open the database made by Keepass2 with KeepassX I noticed that KeepassX is opening the database much faster than Keepass2 (it takes part of the second compared to 10 seconds with KeePass2). This means that you get false sense of security when your KDF hardness is set to 10 seco

Archiving private keys - TLDR version

0. Make multiple encrypted copies. On DVDs (they are better than CDs and Blu-Ray discs; DVD+R are better than DVD-R), paper, cloud services like DropBox, OneDrive, Google Drive, e-mail it to yourself and to your friends, use P2P storage services like MaidSafe, Storj and Sia , etc. 1. Use proper font when printing PGP encrypted keys on paper. 2. Flash memory (SSD, USB flash drives, hardware wallets) is less reliable when not powered regularly (i.e. every week). 3. Use error correction methods like Parchive and ZFS. 4. Print on paper or store on digital media only encrypted data. 5. Your encryption software should use CPU/RAM-intensive KDF (i.e. scrypt with secure options - do not use defaults! ). First, encrypt with scrypt and then encrypt it again with PGP (using different password!) in ASCII armor mode before print it (other methods like QR codes may not be reliable as multiple copies of the PGP ASCII armor). Do not use the same password for the PGP because it's easy to brute

The 'regulated' exchange Bitstamp would not return your money if you raise red flags for being a terrorist and/or money launderer

I have done transfers before and everything went smooth until 15 days back, right after i did the transfer they sent me requesting details for the KYC process, they take one or two days to reply to me and within 6 days I have sent everything they requested. Now after they have everything, they do not reply to my inquiries, they did not provide any timeline or clarity on the process and why they did not mention it before. I did the transfer 2 weeks ago and today I have no clue what is the status. I find it fishy that they are doing this and is concerned about my money. What can I do? I have been through KYC before with a bank but it was very different, they simply send me a list of mandatory documents that I have to send, for bitstamp i am their customer for almost a year now and i did transfers before. I am not a day trader and do not have that big volume. They kept the KYC running for 14 days back and forth, there was a statement needed from a bank in my home country which i could n

Do not use (only) flash memory (SSD drives, hardware wallets, USB flash drives) for your precious private keys!

Image
Flash memory is not a reliable medium for archives. Especially when there is no regular power. I have personal experience with usb flash drive not powered for weeks - one file became corrupted . (Read more here: Archiving private keys - TLDR version. ) You should always back up on paper and other mediums. Flash memory is prone to failure if it is not powered for weeks or more and if there are ionizing radiation When you write your precious private keys you should use technologies like Parchive and ZFS . And make several copies of your files. It's OK if you use your USB flash drive for another backup, but don't rely on it! Always back up on DVDs (even small files!), paper and online (after encryption with CPU and RAM intensive key derivative function like scrypt). Here is example of using the scrypt utility: $ sudo apt-get install scrypt $ scrypt enc -M 1073741824 -t 200 secret.txt encrypted.scrypt Do not use default values of "-M" and "-t", they

FBI has your BTC-e password hash, 2FA codes and your public cryptocurrency addresses!

Image
FBI or another three-letter-agency can use this hash to find out your password and crack your account at another exchanges and websites! Also they have your e-mail address. You may consider changing it or securing it!They may try to crack it! Do not reuse your password! They may try to find your password using dictionary attack. This is why you should not use words from a dictionary. If BTC-e become operational again you have some chance to withdraw funds before FBI to crack the new BTC-e website! American three-letter-agencies cannot be trusted! Maybe NSA will try to steal from you. Or another American agency will three letters. Or another American agency (with less or more than 3 letters in their name). Also corrupt agents may sell the database. Like the agent that stole coins from Silk Road. They have access to list of your public cryptocurrency addresses. Do not reuse addresses! You should be scared now! It will be very hard for BTC-e to verify that genuine users are tryi

You will lose your BCC if you try to withdraw BCC to a BCH address!

Image
Before trying to withdraw read carefully information provided by your exchange. Some symbols might be misleading. BCC is not Bitcoin Cash in some exchanges! Some exchanges use BCH for Bitcoin Cash, not BCC! I predict that there will be losses associated with this misunderstanding. Think before to deposit/withdraw! On YObit.net exchange BCC is used for two different cryptocurrencies!

Do you trust your hardware?

Image
Do you believe that your hard drive does not contain malware? I mean not what you maybe think. Malware can be installed on the hard drive's microcomputer. All hard drives contain another computer inside them - with his own processor, RAM, flash memory, etc. This computer have access to the main computer's RAM. Also your BIOS/UEFI may contain malware. Also your CPU contains entire computer (like hard drives). Search for "intel amt rootkit" for more info. Rootkit in your laptop: Hidden code in your chipset and how to discover what exactly it does [PDF] All anti-virus programs can not access and verify the memory of these separate computers, hidden inside your computer. Key phrases you may want to type into Google: hard drive firmware rootkit NSA hard drive firmware Intel AMT rootkit Intel ME rootkit BIOS UEFI malware BIOS UEFI rootkit Here is somewhat safe alternative, but this does not solve the problem with the CPU and the hard

Bitstamp pretends I never verified my corporate account and my account is personal

Image

The new Bitstamp's KYC (Know Your Customer) questionnaire is intrusive and out of control

Image
They asked: "What is the purpose and destination of your bitcoins withdrawals made from your Bitstamp account? I replied: "To my personal wallet for storage" Then they send this follow up question: "Would it be possible to clarify which bitcoin address do you use for cold storage and possibly provide us with some screenshots of your wallet/address where most of your bitcoins are currently being stored ?" zantafio

How to verify SHA256 ssh fingerprint

Image
When you see something like this when you try to login to your server you probably want to be sure there is no Man in the middle attach. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:7KMZvJiI5AeC5As2GSZES5baxTZ+HbOyqjNPVy1NIe4. Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/user/.ssh/known_hosts:20 remove with: ssh-keygen -f "/home/user/.ssh/known_hosts" -R [example.org]:2548 RSA host key for [example.org]:2548 has changed and you have requested strict checking. Host key verification fai

Exchange e-currrencies, Bitcoin, wire transfers...

Image
Use this debit card as an interface to the legacy financial system! This service is great for cryptocurrency ho dl ers that want to pay their bills with banknotes or MasterCard.

[fixed] "Evolution is currently offline due to a network outage."

Evolution is currently offline due to a network outage. Evolution will return to online mode once a network connection is established. If you have this error when updating your system (for example, from Ubuntu 14 to Ubuntu 16), the solution is to run Evolution with this command: evolution --force-online That is usually related to a combination of evolution, dbus, and NetworkManager. With all three installed the idea was that NM would say whether it had a working network or not over dbus. Tools like evolution would ask on dbus about the state of the network and switch to online or offline as networks were hotplugged. This breaks down when the network isn't managed by NM but NM is still running. Such as when /etc/network/interfaces is configured to use ifupdown instead. If NM is running then it won't have any networks under its control and it fails to recognize that the system does actually have a network running outside of its control. It will respond to evolution

"The Uncensored Hidden Wiki" fake replica!

Image
I found out that there is a fake version of "The Uncensored Hidden Wiki". On the fake version some links are changed with fake websites. I suppose they are trying to steal your login credentials. I compared the "Financial services" pages on both wikis and found out that they changed the URL of the "Hidden Answers". However, the fake replica of "Hidden Answers" don't work at the moment.   Genuine (supposedly): http://gxamjbnu7uknahng.*****/wiki/index.php/Financial_Services Fake: http://uhwiki36pbooodfj.*****/wiki/index.php/Financial_Services   Please note that I do not guarantee which of the above URLs is "genuine" and don't assume that any of them are "safe". Maybe both of them are "fake", I don't know. Here are some examples of differences: Screenshots are from Meld . Visit "The Uncensored Hidden Wiki" or any other *.onion website at your own risk. I do not endorse and do not reco

Bitcoin price analysis

Every bitcoin sold at the moment is a trader consolidating the current $1250+ price position. In an ideal world we would have a slow decrease in value prior to the ETF decision, and a big redistribution of bitcoin away from people who bought at a much lower price(and are thus happy to sell them in a dropping market) to people who are more likely to hold if it falls and reduce the downwards volatility that has been present in the last couple of months.

Bitcoin conspiracy

What if a few people like Ver or Gavin realized that if Bitcoin ever actually looked like it was going to succeed the banking industry would spend billions of dollars to stamp it out or that rapid adoption could actually be very bad for society and mankind as a whole? In either of these cases, Bitcoin would have to constantly look like it was on the brink of failure even though adoption was increasing. This would serve to slow adoption to a manageable rate as well as keep the corrupt banking and fiat system from bothering to get involved until too late. How would I do this? First, you have to keep the actual conspiracy small otherwise the jig is up. But then how do you get co-conspirators who aren't actually co-conspirators? Make it about something else, a competing client. OK, great. But you really need to stop people from actually wanting the client. How do I do that? Easy, I will make it complete shit and a totally obvious guarantee of failure to anyone technical. Uh oh, they

Quantum computers are threat to Bitcoin?

What to do if Bitcoin's cryptography seemed like it would be broken in a few years because of quantum computers? Some people said we should upgrade to a quantum proof encryption algorithm but do nothing else, and once the crypto eventually gets broken, anyone with money in non-quantum proof addresses will simply have it stolen, leaving potentially millions of bitcoin in the hands of one thief. Theymos argued that this would be a systemic risk to Bitcoin, and it would be better to give people a few years to send coins to a quantum proof address, and then freeze all unprotected coins assuming they were lost. From the victims perspective this is about the same as having the coins stolen, but it would be far safer for the ecosystem as a whole.

Your money is already just numbers in somebody's computer, the only question you have to ask yourself, whosе computer?

Image
A lot of people struggle to understand bitcoin, because it's "digital", without recognizing the simple fact that nearly all money today is digital. Virtually all of our money today is just numbers stored in a database on someone else's computer. However, there are important distinctions between having your money represented on a computer owned by a bank or stored on a tens of thousands of computers worldwide in a cryptographically secured peer-to-peer network. Your digital money at a bank can be frozen, stolen, blocked, hacked, and devalued. You cannot do anything with your digital money stored at a bank without permission from the bank that controls it and under the scrutiny and whim of the state. Your funds can be blocked, confiscated and, most certainly, tracked and reported to the government. Your digital funds on the blockchain suffer from none of these issues, with the only legitimate concern being that the value can fluctuate substantially on a
[ad removed]