btcinfo  

Hic inserere motto

A patch for db4.8 on gcc8+

August 10, 2019 — shinohai

The march of "progress" sometimes brings about a lot of headaches, especially when I am forced to work on heathen systems such as Debian and Ubuntu. This became readily apparent while installing bitcoind (core) to a server equipped with gcc-9.1.0 this past week. While building the dependencies, db-4.8.30.NC promptly shat out this error:

definition of 'int __atomic_compare_exchange(db_atomic_t*, atomic_value_t, atomic_value_t)' ambiguates built-in declaration 'bool __atomic_compare_exchange(long unsigned int, volatile void*, void*, void*, int, int)' static inline int __atomic_compare_exchange

A relatively simple patch allowed me continue building error-free. I have included in the /library/ here for future reference. Place it in the root of the db-4.8.30.NC folder and apply manually as you would any other patch.

While impossible to completely rid the world of such fuckery, I consider this just another tool in the box to make things slightly less painful

Tags: Bitcoin, UNIX, Webshit

Facebook announces Libra

June 18, 2019 — shinohai

Mark Zuckerberg finally finds some webshits capable of badge-engineering a "cryptocurrency" to life, and calls it Libra

In ancient Rome, the Libra was equivalent to roughly 12 ounces. An inquiry to facebook offices as to whether Libra would be backed by 12 Oz of Mark Zuckerberg's shit spray-painted gold with a certificate of authenticity went unanswered.

Tags: News, Cryptocurrency, Lulz, Webshit

Binance Chief suggests bitcoin block reorg to undo hack

May 15, 2019 — shinohai

Binance CEO Changpeng Zhao actually suggested mimicking mEthereum and performing a block reorg to enable his exchange to recover from a 7`000 BTC SFYL earlier this month. Mr. Zhao apparently forgot that Bitcoin is immutable and many came out to mock his McAfee-level stupid suggestions. Blockstream CEO Adam Back was quoted as saying:

"You just have to accept that Bitcoin is final because a whole bunch of factors which we can get into, but it’s basically, you know, all of the infrastructure is set up to automatically just continue consuming and finalizing transactions. And there’s a lot of inertia and equipment that’s just running away, mining transactions, so it’s very hard. The software is not designed to undo things. The infrastructure isn’t designed to undo it. And there’s all kinds of side-effects if you did. And the side-effects are both technical and economic. "In game theory, if you can undo something, the attacker can do other things. And people who disagree with the reorg can do other things. People are very incentivized to see it not happen because they’ve seen other coins have this happen and suffer a great loss of credibility as a result. And there are also geopolitical issues that, you know, you would establish a precedent that would erode one of the major benefits of Bitcoin, being censorship-resistance, which ties back to this kind of finality of the network."

#btcinfo extends condolences to Binance and Mr. Zhao, and are so very sorry for your loss.

Tags: News, Bitcoin, Cryptocurrency, Lulz, Webshit

Cryptopia exchange makes exit scam official

May 15, 2019 — shinohai

New Zealand based cryptocurrency exchange Cryptopia is closing up shop and beginning "liquidation proceedings" a.k.a. SFYL. Trading is suspended (again!) and the website contains only a press release this morning, which reads:

15/05/2019 David Ruscoe and Russell Moore from Grant Thornton New Zealand were yesterday appointed liquidators of Cryptopia Despite the efforts of management to reduce cost and return the business to profitability, it was decided the appointment of liquidators was, in the best interests of customers, staff and other stakeholders. The liquidators are focused on securing the assets for the benefit of all stakeholders. While this process and investigations take place, trading on the exchange is suspended. "Given the complexities involved we expect the investigation to take months rather than weeks." The liquidators are also working with independent experts and the relevant authorities with regards to the company’s obligations. Grant Thornton will be contacting all customers and suppliers about its appointment in the next few days. Further enquiries, please email liquidation@cryptopia.co.nz

The final tally of the SFYL from this long-running shitcoin trade hub will be reported in a later post.

Tags: News, Bitcoin, Cryptocurrency, Lulz, Webshit

Microsoft "discovers" remote device management backdoor in Huawei laptops

April 24, 2019 — shinohai

The backdoors discovered in the device drivers were in no way a part of a Chinese government plot to spy on Westerners, and Huawei say it will take "legal action" for "misleading reports" in the media. (archived)

Tags: News, Lulz, Webshit

BlockCypher reveals mETHereum hard fork lulz

March 13, 2019 — shinohai

tl;dr: BlockCypher decides to continue to offer support for Ethereum despite services being non-operational for almost a month following the recent "upgrades" to the network.

After examining every which way we could think of to add the Trie state to our Ethereum state, we asked Vitalik for assistance. His first comment to us was "oh you’re one of the few running one of those big, scary nodes." We asked him if he knew of anyone else running a "big, scary node" to see if we could possibly sync with them. He knew of no one, not even the Ethereum Foundation keeps a full archival copy of the Ethereum chain.(Emphasis added) We were back to square 1: starting the Full sync again, this time including the Trie state.

This led to stunning results:

"Lesson Learned #3: In the event of a chain re-organization, we may be the only ones to know the entire history of Ethereum transactions."

This seems to mark a developing trend of aversions to a "foundation" model though running big, scary nodes will always remain the only method to ensure a complete and accurate history of the blockchain.

You can read the entire shitty medium post discussing these lulz here if you're so inclined.

Tags: News, Bitcoin, Cryptocurrency, Lulz, Webshit

Coinomi wallet sends user passwords in plaintext over Google API

February 28, 2019 — shinohai

Today's Lulz come courtesy of "Bitcoin Wallet" Coinomi, which handily sent user passwords over Google spell check in plain text using their Webshit framework. btcinfo sends condolonces to affected "users" and is very SFYL. (archived)

Tags: News, Bitcoin, Lulz, Webshit

Ledger adds bluetooth SFYL device to stable.

January 07, 2019 — shinohai

Deciding that not enough cracks are visible in their wallet design, Ledger announced a new device called "LedgerX" that eminently hackable bluetooth support, which will handily announce your candidacy for SFYL to anyone within 10-20 meters. The company already entered the New Year as a loss leader after the wallet.fail team reviewed the device and determining it to be covered in webshit.

Tags: News, Bitcoin, Webshit

Alabama police department blames Satan for recent spike in homicides

December 21, 2018 — shinohai

No, they really did. (archived)

The Facebook message is quoted in full below:

THIS PAST SUNDAY, A YOUNG MAN WAS SHOT AND KILLED IN KINSTON. MONDAY NIGHT, A MOTHER WAS SHOT AND KILLED IN NORTHERN COVINGTON COUNTY. THERE HAVE BEEN FIVE MURDERS IN COVINGTON COUNTY IN 2018. THESE MURDERS HAVE BEEN DONE BY OUR YOUNG PEOPLE. THIS IS HAPPENING BECAUSE WE HAVE TURNED AWAY FROM GOD AND EMBRACED SATAN. WE MAY HAVE NOT MEANT TO DO SO BUT, WE HAVE. IT IS TIME TO ASK FOR GOD?S HELP TO STOP THIS. IT IS TIME TO BE PARENTS AND RAISE OUR CHILDREN, NOT HAVE THEM RAISE US. IT IS TIME TO FULLY SUPPORT LAW ENFORCEMENT AND STAND BY THE OFFICERS AND DEPUTIES THAT ARE FAR TOO OFTEN HAVING TO WALK INTO THESE DANGEROUS SITUATIONS AND CLEAN UP THE MESS. FRIENDS, IT IS TIME TO STAND UP AND BE RESPONSIBLE, GROWN UP LEADERS IN OUR COMMUNITY. BOTTOM LINE, THERE ARE SHEEP; THERE ARE WOLVES AND THERE ARE SHEEP DOGS. WHICH GROUP DO YOU BELONG TO ?

The National Freedom From Religion Foundation says the department is "wrongly promoting religion with the social media message" seeing as it is illegal for a government entity to endorse or criticize religious belief.

Tags: News, Lulz, Murica, Webshit

Pennsylvania Porch Pirate Pilfers Poop.

December 16, 2018 — shinohai

A thief swipes a box from a man's porch that contained used cat litter instead of Amazon treasures she had expected. (archived)

Tags: News, RSS, Webshit

Twitter account of target.com hacked to promote giveaway scam.

November 13, 2018 — shinohai

Unknown individuals gained access to the official Target twitter account earlier today and attempted to promote a 5000 BTC giveaway scam. The tweet posted by the hacker(s), now deleted, asked users to send small amounts of Bitcoin to an address in order to participate in a chance to win the Bitcoin prize, which is worth around $30 Million USD at the time of writing. The incident is another example of the poor security used by the twitter platform and its unwillingness to stop the proliferation of scams that usually target "verified" accounts.

Tags: News, Bitcoin, Scams, Webshit

Eliminating malicious TLDs with regex

September 07, 2018 — shinohai

A discussion on Telegram this morning led to this post, I decided to preserve this handy list of regular expressions for filtering out mostly dumb and malicious TLD's. I am personally using an EdgeRouter Lite with dnsmasq for this purpose, so your mileage may vary - feel free to modify and make these better. Suggestions for changes may be sent to my email listed on the contact page, as usual non-encrypted content will be ignored.

^https?://([A-Za-z0-9.-]*\.)?.gq/ 
^https?://([A-Za-z0-9.-]*\.)?.cf/ 
^https?://([A-Za-z0-9.-]*\.)?.men/ 
^https?://([A-Za-z0-9.-]*\.)?.loan/ 
^https?://([A-Za-z0-9.-]*\.)?.ml/
^https?://([A-Za-z0-9.-]*\.)?.top/
^https?://([A-Za-z0-9.-]*\.)?.work/
^https?://([A-Za-z0-9.-]*\.)?.click/
^https?://([A-Za-z0-9.-]*\.)?.tk/
^https?://([A-Za-z0-9.-]*\.)?.country/
^https?://([A-Za-z0-9.-]*\.)?.pw/
^https?://([A-Za-z0-9.-]*\.)?.party/
^https?://([A-Za-z0-9.-]*\.)?.trade/ 
^https?://([A-Za-z0-9.-]*\.)?.review/ 
^https?://([A-Za-z0-9.-]*\.)?.club/ 
^https?://([A-Za-z0-9.-]*\.)?.bid/

YARA compatible regular expressions for detecting base64 encoded variable-case http:// and https:// URI prefixes:

HTTP:// ([\x2b\x2f-\x39A-Za-z][\x2b\x2f-\x39A-Za-z][\x31\x35\x39BFJNRVZdhlptx]
[Io][Vd][FH][R][Qw][O]i\x38v[\x2b\x2f-\x39A-Za-z]|[\x2b\x2f-\x39A-Za-z]
[\x30\x32EGUWkm][h][\x30U][Vd][FH][A]\x36Ly[\x2b\x2f\x38-\x39]|[Sa][FH][R][\x30U]
[Uc][D]ovL[\x2b\x2f-\x39w-z])

HTTPS:// ([\x2b\x2f-\x39A-Za-z][\x2b\x2f-\x39A-Za-z][\x31\x35\x39BFJNRVZdhlptx]
[Io][Vd][FH][R][Qw][Uc][z]ovL[\x2b\x2f-\x39w-z]|[\x2b\x2f-\x39A-Za-z]
[\x30\x32EGUWkm][h][\x30U][Vd][FH][B][Tz][O]i\x38v[\x2b\x2f-\x39A-Za-z]|[Sa][FH][R][\x30U]
[Uc][FH][M]\x36Ly[\x2b\x2f\x38-\x39])

Tags: Insecurity, Webshit

Static address bug discovered in Ledger app

August 03, 2018 — shinohai

The Ledger hardware wallet team announced a serious "bug" in the Ledger Wallet Ethereum Chrome application, telling lusers to avoid using it as it generates a static address for everyone. But "Engineering is working on it" so they recommend using more Webshit, like MyEtherWallet, in the meantime while the company tries to figure out why webpages generate static addresses and bikeshed a solution.

Tags: News, Cryptocurrency, Insecurity, Lulz, Webshit

Conbase Cucks Venezuelan Userbase.

August 03, 2018 — shinohai

Coinbase has reportedly cut off access to cryptocurrency withdrawls to citizens of Venezuela. Visitors to the site from Venezuelan IP's are reporting that the following message is being displayed in their browser:

This latest Conbase Cucking is one of a series of "LOL KYC/AML" mishaps that does not affect users of Actual Bitcoin

Tags: News, Bitcoin, Cryptocurrency, Webshit

Indy developers announce mETH clients capable of sharting.

August 01, 2018 — shinohai

status.im, a "company" that makes useless application for the Ethereum database, has announced the release of Nimbus, a client they claim is capable of sharting. Clients capable of sharting have until now only produced vaporous farts, but developers hope it will offer "scaling solutions" for a network currently choked by numerous apps that offer no substantial benefit to any actual thinking human beings. Armchair "developers" are invited to participate on the company Shithub repository.

Tags: News, Cryptocurrency, Webshit

AUR latest victim of repository rape

July 10, 2018 — shinohai

More poisoned repositories are found, this time on the Arch User Repository. This, combined with the recent lulz on the gentoo shithub further confirm that only the trinque model can prevent repository rape.

Tags: News, UNIX, Webshit, Lulz

Raleigh woman reports Roblox rape

July 04, 2018 — shinohai
A woman from Raleigh, N.C said she was left "traumatised and violated" after watching as her "sweet and innocent daughter's avatar was ... violently gang-raped on a playground by two males" in the alt-minecraft game Roblox. Screenshots of the event shared on social media showed a ms-paintesque girl lying face down in a dark playground, presumably with the electronic seed of her attackers spilling out of her virtual virgin vagina. The players responsible for these lulz were "permanently banned" from the platform, which boasts 64 million monthly players. (archived)

Tags: News, Lulz, Webshit

2017 Ethereum ICO's offered insecurity-as-a-service

June 25, 2018 — shinohai

Security researchers with positive.com, which specializes in auditing ICO's, found an average of 5 vulnerabilities in each of 2017's offerings according to a recent report. 71% contained at least one or more security flaw, and every ICO that offered an app was vulnerable. One third of all web apps contained common weaknesses such as code injection, disclosure of sensitive webserver info, or insecure data transfer. Most of the lulz were due to the copy/paste development culture which is common these days, as well as just building infrastructure on the already laughably insecure Ethereum platform, the pretend blockchain of choice for scammers worldwide.

Tags: News, Cryptocurrency, Webshit, Lulz

Defeating adblock detectors: popularmechanics.com

June 23, 2018 — shinohai

While viewing websites in a graphical web browser, occasionally I find a site that hates when one uses adblock plus and prevents viewing unless it is turned off or the user pays for an "ad-free" pass. popularmechanics.com is one such website, and the nag screen remained despite the fact I was also running NoScript. What do?

As it turns out, the solution was baby simple. PopularMechanics uses a 3rd-party site to detect users running adblock, so all I had to do was add the following to /etc/hosts:

127.0.0.1 hearstapps.com

I was then able to smugly continue my research without sharing the page with hundreds of crappy ads, or being forced to pay for a pass on a website that I visit at most twice a year.

Feliz Sabado, mis amigos.

Tags: Linux, Webshit