There is a V2 already that doesn't need trusted setup: https://brqgoo.medium.com/introducing-brollup-v2-now-without-the-trusted-setup-fce9c0098177

Seems a bit unethical from CertiK. Oops, you got me, now, I'll disclose my findings and return the money. In any case I am waiting for the full write-up.

UX change that caused this, so basically shitcoins got double spent but Kraken did not notice that / wait for enough confirmations or is there some actual technical vulnerability on top of it?

I mean isn't git distributed anyway? Likely at least one developer (you) has the code locally or it was probably nothing really important. I'd be more worried if they tried to silently backdoor the code or something.

Important to mention that just PHP on Windows is vulnerable to this.

Bitcoin doesn't need Trump, Trump needs bitcoin.

Guess you shouldn't listen to friends but make your own decisions.

Generating an address with chosen prefix and/or suffix is done by randomly choosing a private key and checking what the outcome is. It's similar as mining: every character more is exponentially more expensive, you don't have any difficulty adjustments tho. According to https://github.com/kangaderoo/vanitygen vanity address generator it's like 45 seconds for 4 chars of course depending on your hardware.

The attack actually works in that way that a similar address as yours sends you some small amount and then when you next time try to send to yourself you mistakenly send to that address. Of course this address reuse is already a problem on itself. I doubt attackers use more than one hour to generate those.

There is a valid use case for having just xpubs for instance for your point of sale device. In that case a malicious wallet could indeed give out wrong addresses. But there is no reason to even mimic addresses similar to the correct ones.

Wow, very cool.

Didn't really know about:

before.

Play stupid games, win stupid prizes

I mean yeah, "all models are wrong, some are useful". There is little doubt stock to flow is a fundamental influencing price and we'll eventually hit 500k, but this prediction model is just wrong. By PlanB's own criteria. But instead of admitting it and saying oh well this didn't work out but my gut feeling is still this price tag, he's just falsifying evidence on how the model was always on track and that is what I don't like.

Don't get me wrong I am totally fine with some quality shitposting and price speculation / hopium posts :)

Also if you post bitties to 1 mil by 2025 or so is ok, what triggers me is the appeal to authority ala my infallible model shows the price is going to be XYZ. Subscribe for exact predictions. This is where the fun ends because noobs will use leverage and get rekt. I mean ok in the long run you could say it is a learning experience but still.

500k would sure mess up my stacking goal :)

PlanB said 100k by end of 2021, that's also the source of quite a lot of memes. 50k is half, but that doesn't work like this, he wasn't "half right" :) But I guess you can just delete the posts that don't feed the narrative. And either you're right or you're right next time.

Public service announcement, make sure to stop following those influencers that just speak about price and have no clue about bitcoin.

Which you can already do with sth like:

PasswordAuthentication no
Match address 10.0.0.0/8
    PasswordAuthentication yes
Match all

in sshd_config btw

Wasn't s2f model invalidated like in 2021 already? I mean who still pays attention to those scammers on social media.

Boring is good. Just lower your time preference.

I mean 25 years is not that bad. In my country you get that much for murder. Those 100+ year sentences are just ridiculous IMO, then the convicts are ok whatever I'm gonna die in prison. It's much worse if you still have hope to eventually come out.

Trick is Bob needs to provably "defuse" defense or else the blackmail won't work.

Which means just a tx with a new input from Alice and new output for Bob beside the original ones. Bob can prepare everything and just give it to Alice to add their 0.9 input and sign. So either he sees the thing confirmed in an hour or so or he broadcasts defense and everything goes boom.

Simple attack, Bob says hey Alice additionally to the 1 BTC you owe me give me 0.9 BTC off-chain or I will punish you and you will lose another bitcoin. A rational actor would go for that deal but even if not it hurts Alice more. And what can she do: defense always overrides status by definition.

Therefore the network soon runs out of Alices.

This is like coming to a business negotiation with a hand granade. "If I suspect you cheat we're both gonna die". I mean it could work in practice but it requires careful tuning of the blast radius so to say.

Always when there is an asymmetry there could be some DoS. Like lots of "Bobs" blackmailing Alice since she has more to lose.