drazvan's comments

It's actually quite simple - an offline solution is technically incapable of reporting your spending patterns because ... well ... it doesn't connect to any network. It's the same as physical cash really, your banknote cannot report where it's been since it does not connect to anything.

The fact that it's technically possible doesn't mean the banks will enforce it. The reverse is also true, if we do not offer the flexibility, someone else will (since it is technically feasible). However, most of the central banks we've talked to are looking at negative interest rates above a certain amount, not for all digital cash holdings, to discourage people from hoarding it.

We do - https://www.whisper.cash/whispercash.pdf . WhisperCash is completely P2P and offline and bank policies are enforced by an on-card component (the "policy enforcer") that can require certain transactions to be performed online.

Ah, those were the days... few people really cared about web security back then and Perl allowed you to get really creative :). https://seclists.org/bugtraq/1997/Jun/67 or my favorite https://insecure.org/sploits/glimps.http.badchars.html .

Applications for S20 ended on March 16th, haven't they? I wanted to apply but definitely could not travel, this change makes it interesting/possible again but I'm not sure it's not already too late to apply.

http://geola.com/ in Lithuania have a "hologram printing as a service" that works quite well, check them out.

What secure element chipset are you using? This could be very interesting for a project I am working on. Does it run JavaCard / GlobalPlatform and are the access keys available?

An old KickStarter-backed project that does the same thing is currently available at http://www.soundlazer.com/ . The physics behind it are explained at http://www.soundlazer.com/what-is-a-parametric-speaker/ .

Sent an email, no reply yet, I guess you're flooded with applications.

http://www.leia3d.com for instance. I have one of their early dev kit displays and it's quite impressive (but very small).

On my wife's iPhone, it asked her to enter her password again and the weird thing is that it now shows as a new device, called "iPhone" instead of "Cristina's iPhone" as it was before. A few hours later it happened on my Galaxy S7 as well but re-entering passwords fixed it.

I'm actually working on something based on this idea - I've created a SIM card for the Internet of Things - basically a smartcard (microSD form factor) that offers a persistent crypto-secure identity for Internet-connected objects.

It works by holding the TOR hidden service private key inside a tamper-resistant smartcard and generating/signing hidden service descriptors with it (plus an entire mechanism to prevent you from signing future descriptors - meaning that the identity is closely tied to the physical SIM card, just like in the GSM world - whoever has the SIM has the identity, once you've removed the SIM the identity goes with it).

Discussion at https://lists.torproject.org/pipermail/tor-dev/2016-June/011... - I've made progress since that post, it's now fully operational and tested, just need to figure out a way to turn it into a product and get some funding for it.

I've actually used the "attack" in the article to design a P2P Bitcoin exchange based on the idea of using someone else's contactless card (with permission) in exchange for Bitcoin. This would solve one of the big issues in exchanges today - that is the fiat escrow handling.

There's a demo for a quick PoC here https://www.youtube.com/watch?v=ZsOzeELdjxM . It makes me sad that they're closing this, the fraud potential was really small (as the article implies).

I'm also in Romania, making about $95k/year. I'm running it through my company, an LLC (SRL in Romanian). Starting in 2016, you can classify yourself as a micro-enterprise if you make less than EUR 100k ($112k) and you pay 3% in tax if you have no employees or 1% if you employ at least 2 people (could be you and your spouse for instance - that's what I do), then an additional 5% in dividend tax if you want to get cash in your pocket and don't expense anything. An accountant will cost you about 100 EUR (probably less in your case if you have just one monthly invoice to your client).

I'm not sure why you'd want to stay below $55k, depending on where you live you may just get additional projects and outsource them yourself to a junior dev you can monitor. That would give you your two employees to qualify for the 1% tax and you could move more of your workload to the additional dev as he/she learns stuff.

BTW, the two major manufacturers they're talking about are NXP (http://www.nxp.com/) and Infineon (http://www.infineon.com/). STMicroelectonics (http://www.st.com/) is also a player here and Feitian has also started doing it (http://www.ftsafe.com/product/epass/eJavaToken). NXP and Infineon are notoriously hard to get started with for small companies and independent developers but they have some very clever proprietary stuff in their chips.

Feitian has a similar product with known keys and running JavaCard in the form of an USB token - http://www.ftsafe.com/product/epass/eJavaToken . Also much cheaper than the Yubikey, see http://javacardos.com/store/smartcard_eJavaToken.php . No NXP proprietary stuff on it and no NDA required either.

How is this different from let's say Swissbit ( http://www.swissbit.com/index.php?option=com_content&view=ar... ) or DeviceFidelity (http://www.credense.com/) or GoTrust ( http://www.go-trust.com/ ) or any generic ASSD card ( https://www.sdcard.org/developers/overview/ASSD/ )? Those are all programmable using JavaCard and contain secure tamper-resistant chips.

What if they actually planned this and fine tuned their ASICs so that they would never be able to actually generate enough satoshis to go above the dust limit? They could tell their users: you've generated 1 satoshi this month, just 5459 more to go ... that's only 454 years :). "Honestly, we want to pay you your share, but the Bitcoin network won't allow it because it's below the dust limit ... trust us, you'll get paid in 454 years".

So they can make them mine fast enough to make a difference in terms of hash rate but slow enough to never actually reach the payout limit - so they could constantly owe their users very small (unpayable) amounts.

If the idea is to mine slowly, it can be done on a CPU. Most smartphones also have a GPU on board, so they could mine faster than a CPU. And the chips are already in there, you wouldn't have to buy a new phone/chip for this.

Finally, people seem to misunderstand how mining works ... you can't mine a single satoshi, you either find a block or you don't, so you either get the 25 BTC (currently) reward + transaction fees or you don't. The pool distributes the load and the reward, so there would still be a "funding" transaction from the pool to the user - it's not like their ASIC can generate 1 satoshi on board, it can lend its hashing power to the pool and receive 1 satoshi (actually 5460+ satoshis, see above) for their effort from the pool.

Well, the Opgal device has a resolution of 384 x 288 while the E4 lists 80x60. It's probably worth the asking price.

Like this? http://therm-app.com/