dansmith_btc: there have been attacks where browser plugin injected JS code to modify the receiving address for HTTP PSOT
POST even
dansmith_btc
yes,there have, moo-_- . Actually I spent some time yday with bc.i wallet and I see that they forgot to fix one hole which still allows JS injection. I notified them. But I dont expect a timely response.
"Your private financial details are encrypted with AES using a passphrase, which is then encrypted client-side in your browser with RSA keys before being saved on Tapekes servers. No one can read your data even if your password gets hacked, because the RSA keys are also needed. You can access your Tapeke account on additional devices by creating specific RSA key pairs for each one in your account settings.
This is the badass zero-knowledge option."
facepalm
i just noticed they have a nice three keyhold padlock image there :)
or keyhole even
dansmith_btc, did the assertion error occur on the very first run with the PR?
oakpacific
moo-_-: how secure is google authenticator I wonder, I only recently learned that they store the password seed in plaintext on user's phone
dansmith_btc
waxwing, no, it was the 3rd run. I also had gzip disabled in the .ini
waxwing
ah gzip ok. we can try to reproduce that
that's part of the problem, the dimensionality of the tests is exploding with all the options we have now
oakpacific
waxwing: vitalike would like it :)
waxwing
oakpacific, nice one :)
running gzip disabled now; not seeing an issue yet
btw 'Info: got a discarded...' is when multiple handshake messages get packed into a record. i should prob. remove that at some point. it's normal.
oakpacific, so you remember the chinese folks who were gonna set up a nash exchange. the had the word snowball in their name. how are they faring?
oakpacific
dansmith_btc: they hanged around for a while, and saw they can make no profit out of it, and switched to full-blown mining power trading last time i checked