HackerTrans
TopNewTrendsCommentsPastAskShowJobs

srfilipek

no profile record

comments

srfilipek
·4 ปีที่แล้ว·discuss
Yes, in practice mining mostly follows price, but it's still not quite that cut and dry.

Miners also need to sell bitcoin to recoup operational costs. They influence the value of bitcoin by being an active trader and setting limits to their sale price.

Current price influences future mining. Past mining influences current price.
srfilipek
·4 ปีที่แล้ว·discuss
Well, theoretically the value of Bitcoin would be a function of energy costs and mining difficulty, but that hasn’t happened in practice, and would still be volatile anyway.
srfilipek
·4 ปีที่แล้ว·discuss
They are legally required to report it that way. The quarterly shareholder reports include revenue with and without Bitcoin.
srfilipek
·4 ปีที่แล้ว·discuss
It's an okay-ish alternative to a password, but if we're going to use cryptographic secrets for auth, I'd hope to see more of a handshake and challenge-response involved.

As it stands, anyone who has access to a private key momentarily can generate any number of tokens for use, practically indefinitely (just sign a timestamp for every second for the next N years). This system is open to replay attacks as well.

It also glosses over the entire problem of trust establishment, cert revocation, etc.
srfilipek
·5 ปีที่แล้ว·discuss
> Heartbleed (and all the other serious memory exploits) required a great deal of skill and a lot of luck to exploit, and in return you either don't get a remote execution, or you get a very tiny chance of a remote execution.

Heartbleed wasn't about RCE at all. It was about memory disclosure -- memory that contained secret signing keys. The fallout was that keys needed to be revoked and rotated.

Reading out memory and extracting the secret keys was actually pretty simple. There were multiple POCs available.
srfilipek
·5 ปีที่แล้ว·discuss
Any good implementation has fingerprint information stored locally, encrypted, and never transmitted off device.
srfilipek
·5 ปีที่แล้ว·discuss
> This software is maintained by Todd Miller, the well known OpenBSD developer

Ironic that OpenBSD dropped sudo in favor of a much simpler utility.