Source
What is a typical day in your life like? I get up at 4:30. I watch some YouTube, do some email, work on my writing or similar. I head to the gym at 7, shower and start my day around 8. I work in my home office or shop/lab, code and work on stuff, throughout the day. I could be busy all the way through to 8-9PM if I'm wrapped up in something, but not usually that busy.
the below is a reply to the above
You get up at 4:30 AM? Wow. Have you always been a morning person? Are other people on your team morning people so you decided to start early? I’m asking this because it seems like a lot of successful people wake up very early and work out before starting their workday. No, I never was until my neck injury. While recovering I couldn't sleep more than about 4-5 hours max and just got into the habit. Since it was so productive for me, I just kept it up!
the below is a reply to the above
Thanks for sharing. I wish you good health. Thanks!
Did you create Robocopy, or know who did? I use that very regularly and much more efficient than using the GUI. The secret dirt is that Robocopy was first written by MS colleague Kevin Allen, and he started sharing copies around in 1994ish. From there, and after many iterations and heavy-duty real-world feedback, robocopy ended up in the Windows Resource Kit, and then later merged into the core Windows package. In the beginning, Kevin was a very experienced programmer, but new to the Win32 API; so robocopy was one of his projects to educate himself about Windows programming. Later on, ITG used robocopy to routinely transfer many gigabytes of data around MS global offices, every night; it became very robust and battle-hardened. It is a long time now since Kevin was involved in the robocopy source code at all; it is maintained by the Windows team.
Did you create Microsoft Clippy? Will Clippy ever make a come back? Noooo... but I was around at the time. We have Clippy now in the form of Siri and Google Assistant and Cortana, but there's no picture. That's all it was though, an early digital assistant.
I read on a Microsoft devblog that when windows got ported to 64bit pinball 3d was not ported because of bugs and the developers not being able to understand the code/not having enough time. It's a shame, because it was such an awesome game and I spent many hours playing it as a kid. Was the code messy due to being ported from Sam and do you think it could have been ported given enough time and expertise? Basically what I did when I ported it was to maintain the central code "logic" loop of the game unchanged so that it would play just as it did on other platforms, and then "hooked" functionality coming out of it and going into it. So I rewrote the drawing code that did the actual drawing, but not he original code that wanted to do the drawing, if that makes sense. I changed the how, not why.
That meant, though, that at the very core of the game was a big bunch of code that we didn't touch or monkey with, because it 'just worked'. Apparently sometime after Vista, in 64-bit, there was a collision detection bug in Pinball.
From what I read, Raymond Chen looked at it and got the general idea of what was wrong but didn't want to touch the fragile old code. Raymond's one of the best debuggers I've met, so it wasn't a question of expertise but of time and resources.
Anyone on the team could have trivially fixed it I'm sure, but it sounds like no one "owned" the game anymore after I left, and it was more than just a random little bug to fix, it would have required a dev to be assigned to it, and there likely was no one free.
What is your favourite colour please? Well, I have four cars with blue interiors and I'm wearing a blue shirt and a blue watch and blue jeans. So probably blue.
If my son expresses interest in serious computer programming, where is a good place to start? C for Dummies? (I'm joking and I know terribly little about the topic, only enough to know backend is where it's at) Python, then Javascript. Build a website!
Hi! Just wanted to say, I still use MS-DOS regularly, on many of my older machines in my collection. Also Win3.x, Win9x etc How do you feel about computers becoming extremely dependent on 'cloud' services? I can still set up an old machine, install an old OS, install old software and have it all up and running within an hour or so, while modern software essentially requires cloud services for literally everything. What happens to that software once some random person out there decides that they don't want to support it anymore? Those cloud services go away? Are you concerned that future generations will not be able to experience anything from this era of computing? Considering computers were designed to be able to continually run the same software over and over as necessary, how can that apply if the bulk of this is lost when the cloud disappears? Or maybe this isn't a concern at all, and I'm just crazy...? I already have hardware that refused to work because the cloud service that backs it has been abandoned or the company has gone out of business.
I worry that things become dependent on externals that aren't reliable long term, and I know what you mean... but fortunately Windows, once activated, runs perfectly well offline forever, really.
I'm a fresh graduate with some experience and reading the knowledge you all have in the comments has made me feel very inferior. I only started coding in my university and I don't do it in my past time. Am I doing something wrong? I do enjoy programming but I try to keep a work life balance. Is that a thing in software development? Also did you ever approve a pull request by Bill? No, as long as you DO enjoy it when you're doing it, you're fine. There's an entire "spectrum" of people in the world and some of us have "special interests" with which we're a little obsessed, and tend to "hyperfocus". I'm one of those people but it's by no means the only way to do it!
I knew many great programmers who (a) didn't program in their spare time at home and (b) didn't continue to program recreationally after leaving it as a job.
If you can work regular 40 hours a week as a productive programmer, you'll be set!
the below is a reply to the above
Thank you so much for this! Are there any tips you'd like to give to fresh graduates like me? If you get a job at a large company like Microsoft, and decide you're not happy, try moving INTERNALLY before looking for another job. You could work for 5 different companies over your career and they could all be Google, for example. Culture goes through and through, but every team has its own.
the following is a later reply If you can put in a 35-40 hour week of solid work, you'll be fine. There are three buckets: the obsessives, like myself, who work as much as they can. Then the solid pros, who can turn out a ton of quality stuff in 40 hours. And then you have the slackers who surf Facebook at work and read reddit when they should be coding. As long as you're not in that group you're fine, and a balance is important. It is indeed a thing the successful people achieve it. It's not about how much code you write, it's about how much MORE time you spend coding than you want to, and that should be zero!
Lots of people are in careers they don't practice in their free time, in fact most. So it's a bonus if you're that way, but most people are NOT, so don't despair! You're normal!
If you're still answering, how much of the original Task Manager still lives in the modern Task Manager? Anyway, thanks for the AMA! You're a legend! I don't know for sure, but from looking at the app, and not the code, I'd expect about 60-70% of it?
Hopefully you’re still taking questions. I get a lot of crap by my peers about command line. Power shell is badass but I’m a cmd guy myself. I know we can do pretty much everything that cmd does in powershell and more, but idk. I like what I like, you know? Where do you stand on this? Honestly I'd be a CMD guy as well, but I'm really starting to lean towards using bash under WSL.
Have you ever looked the help for SET and FOR under CMD? It's where we put every piece of extra functionality, since you can't add keywords that might collide with people's script names, etc...
I didn’t use windows after windows 7 for about 5 years. Back in august 2019 I finally rebuilt and upgraded my old PC and installed windows 10. The task manager in windows 10 is so amazing and powerful. I would imagine it’s something you wanted to implement in the 90s but didn’t have the tools or time. Right? Indeed, I'm a big fan of the current task manager and what they've done with it! I wish there was a Dark mode, I wish it handled file lock tracking, and I've always got wish lists, but they've done a great job with it!
CIA_grade_LSD: Why does the file transfer time remaining progress bar start at like 15 hours and then drop to two minutes and then stick at 99% for five minutes? (An exaggeration I admit. I know you and your colleagues do your best, but I am curious why this hasnt gotten much more accurate over the years.) androidethic: Yes, we need a justification as to why the windows file operation estimations are so random/inaccurate! They're the worst estimate out there, except for all the others.
Mac is just as bad. It's a hard problem. I worked on it briefly, and to help solve it I kept track of the average time it had taken for a whole range of operations, like creating, moving, deleting, renaming a file, or moving a block of N bytes, etc. Then multiply by the number of those operations that remain. But even that can be wildly off in degenerate cases.
Do you ever get laid? Not since your Mom kicked me out.
Why has windows task manager never had a true force quit? End Process is a true force quit.
What was your team's opinion on linux at the time? And what's yours opinion too? I like it a lot, I was an early adopter back in 1993-1994 and tried to contribute some code for parsing IIDs, though I don't know if it's still in there. I hope it is, becaue then I'd have code in Windows, Mac Office, and Linux. I'd be everywhere :-)
Now that we have WSL 2, though, I do most of my Linux work under Windows!
How much of the original DOS code is still in modern OSs? None whatsoever. In fact, the only commonality at all would likely be the PGM header on disk still traces its original layout to MS-DOS.
But rest assured there's NO code from MS-DOS inside NT, for example. It was a complete clean-slate design.
Was it you responsible for the atrocious naming conventions in WIN32? Your username is dhbt12 :-)
What current developments in the world of operating systems are you watching with eager anticipation? File systems and LLVM seem to be the rage right now, at least from where I sit. Containers are cool to me, like Docker! That's really the biggest development of recent years I think!
the below has been split into two
* What's your compensation? - Zero, since I'm retired and there's no pension.
* Have you met Bill Gates? - Yes, a number of times. When I was first hired he had me and a few other recent hires over to his house for burgers and beer and it was quite nice!
What's your opinion of free and open-source software? Broad, I know. I saw your response about WinRAR saying you like to license your software, but do you hold a similar sentiment in tossing a coin to the devs of foss software you might use? I love it, I just don't have any illusions that making a piece of code open-source somehow leads to higher quality. It makes it more available to me, which is great, but in reality, on a typical project there are going to be 1-5 people who really look at the code and then a dozen the sort of know it to make changes, and then consumers of the code who just call it. I don't see that those 1-5 people are any brighter than the people who'd be responsible for a product in a proprietary environment.
Now at a certain scale, like the Linux kernel maybe, you've got enough eyeballs looking at it that it makes a difference... that I could see!
What's the idea behind SYSKEY? As I understand it, its function is to encrypt something called the SAM (Security Account Manager) database. This database stores hashes of user passwords, and is used to authenticate users when they supply their password.
Hey Dave, what do you think the future of the windows OS will be? Is a cloud-based OS possible, potentially limiting computer hardware? As a total guess, I imagine our experience will eventually be just a UI device locally and everything else happens in the cloud on server hardware. So as you say, at some point your client hardware is "good enough" and then companies compete on the merits of their back-end services.
Do you know Mike Toutonghi? , he used to work at Microsoft, now he started a new blockchain project called The Verus project. By name and email but not well enough to recognize him at the mall today, I'd say!
If you had to redo windows, what would you most like to change? What do you regret most? What do you like most? The Format dialog needs to be redone! And Task Manager is likely my favorite...
Android or iPhone? Beer or wine? Ginger or Mary Ann? iPhone. Beer. Can't it be both? It's an island, after all.
the below is a reply to the above
I figured the iPhone since you have Mac's in the lab. I figured beer also since you can't shift a 4 speed with a glass off wine between your legs. Nice garage BTW. However i wasnt ready for both, it's an island after all. Touche. I tired to compile my first bit of code from GitHub today. I failed miserably. It would install but wouldn't run. I'll keep at it. Make sure you're in a clean empty folder. Try the code from Episode 11, I just used it so I know that works! Clone it and build it in PlatformIO with no changes, and that'll tell you if your dev environment is set up and working properly.
I cant connect to my cloud, can you download it for me? I'd love to, but I'm out of paper. Can you fax me some?
What amazes you the most when you compare technology from the 90's to now? GPUs!
Is it wrong of me to only ever end task manager with itself? Software Seppuku.
Probably too many comments and very late to the game, but here it goes! I teach Comp Sci at an international school. Would you be willing to give a small webinar talk to my students? They would just be so happy to hear from you as would I! Anyway, regardless, thanks for the many, many hours of enjoyment! Maybe after Covid, but I'm not a big fan of Zoom lectures! I just did one for the U of R, though, and if you check my channel there are two that I have done for the University of Regina that you might find useful for your students...
You can email me at [email protected] with info about the school and what topic you would like, etc, and I can see if it's a good fit for schedule and topic!
What computers do you personally at home? Windows? Linux? Mac? All three!
Why are processes able to hang to the point that task manager is unable to kill them? At that point there must be kernel corruption or something going on in a driver or well below the surface, I guess. If TM can't kill it, no one can, and it's truly hung.
Did you ever meet the genius who wrote the Space Cadet Pinball theme song? No, who wrote it? Matt Ridgeway?
Hi Dave, loved the videos on task manager Do you have any thoughts on modern C / C++ replacements like Zig and Rust (respectively)? I think its cool if memory access is indeed provably safe but you get code nearly as optimal as C, but I've got to learn more about them!
Did you like the windows phone? Never had one, started after I left, but I heard nice things about the very last one before it went away...
Hi Dave, Why doesn’t File Explorer automatically refresh to show new files in a folder, such as downloads? Seems such an obvious glitch! Also, how do I get the login screen on Windows 10? I push space, esc, mouse clicks, enters... and nothing happens. Then poof, it shows up. Why is this so unresponsive? It does.
In fact I know it does, because I have a patent on some of it!
Not sure why yours wound't be working, your system might have a third party piece of software that has broken File System Change notifications.
Was the time on Microsoft fun? It really was. I miss the people and the environment, and I especially miss lunch!
i’ve found 15+ 0-days in the shell32 API when doing a vuln analysis of explorer.exe. You can read my work at! What’s it like to write really buggy code :P? I sense that high school was hard for you socially.
I’m sure I remember owning the pinball game as a separate standalone title before it was in windows? Can you explain the deal with that? Or am I misremembering Plus Pack!
You're a legend, can't believe I missed this. I'll post this here, if you don't answer it I'll have a good copy/paste for later. What are your thoughts on the sethc.exe / accessibility exploit? It's worked as far back as XP, and still works today in Windows 10, last time I checked. Windows Server 2003 and 2008 as well. Is checking the integrity of OS files before they're executed just not a priority?
Why ctl+alt+delete? An IBM engineer (David Bradley, I think) picked that combination to serve as a hardware reset. You can't fake it, you can't get around it. The PC knows it's really C_A_D when you do it.
Why that particular combination, you'd have to ask him!
What's the furthest you've gotten into a project that ended up not panning out? Was it something you really wanted to get working or were you relieved to move on? I'm a student studying engineering right now and reading these answers is extremely motivational; your passion for computers is awesome! Thanks for doing this. I spent about a year on an early prototype of Media Center that I was attached to but got killed. They did do a Media Center later, of course, but I had started 2-3 years ahead, but couldn't get funding.
Why has the Windows she'll been so bad for so long? I don't know, but I'll see you in he'll.
Do you still work at Microsoft? Do you still use only Microsoft stuff? No retired in 2003. I use a lot of MS stuff, but my main laptop is a MacBook and I use a Mac for video.
Do you own any Apple products or use them for work? I own all the Apple products except the new headphones, pretty much! I'm retired now though!
Is the workculture of Microsoft at the time very different than now? How much does Bill Gates' leadership impact the company? What changes had his departure bring? It is indeed very different under Satya than Bill, and the changes are widespread. But I left before Satya started, so I'm not really qualified to speak on them!
What are your thoughts on the age old trick of "Opening Task Manager to stop programs from freezing or being slow", is there some merit to doing that or is it just a simple coincidence? Total coincidence, honest! Task Manager, at that level, is just a windows app with a message pump. It's existence doesn't do anything that solitaire or paint would not also!
No, but there's a great meme with the Star Wars general about how apps work better with Task Manager open because "fear will keep them in line".
It's purely psychological, though. TM doesn't do anything by running the calc or paint wouldn't also provide!
Did you work on Windows ME? If so.. What the hell happened to that OS that made it so terrible? I had kernal errors every week. Nope! My work on the shell would have been backported to it, but I didn't work directly on 98 or M3, other than they used our NT version of the shell code by then I think.
Did you make any contingency for when Task Manager stops responding? Yes, lots! Check the video the "Secret Life of Task Manager" for more dirt, but there are MANY things it does to help prevent you ever being stuck with no task manager:
If not asked yet If this is correct, as posted in Regina awhile ago iirc I saw a post saying you’re from Regina, Canada Is that true? If so that’s awesome to hear that someone from my local area made one of my favourite no internet game and the basic fundamentals of the most used OS for computers Yes indeed, that's me!
Why is the documentation for WPA so bad and scarce? I have to refer to Bruce Dawson's years old blog to decipher some of the columns names. Are there any plans to add a comprehensive manual for it? Windows Product Activation? Columns? Sorry, are you using WPA for something else?
Can I intern for you? If you know how to write a Material-themed admin-style Dashboard in React, can consume a REST api in doing so, and have some experience with iPhone apps an Unity, then maybe yes!
I was actually looking for an intern this past summer to write a phone and web app...
how did you assured code quality and readability? did you use static analyzers/ unit tests or what? Check out the "Secret History of Task Manager" video for a description of "NTStress" and how we nightly tested, but there were professional testers, every line of code was code-reviewed, and so on.
My understanding is it's quite different now, though!
When you say you worked on Windows activation, was it for more than a day? That's an odd question. Can I ask why you think it might have just been for a day? Clue me in to what you're hinting at and I'll fill you in on the rest!
Why do I need to press 3 buttons and 1 click to open task manager? Because you choose to fail!
You can do it with two clicks or one simultaneous multikey press!
Do you think WPA was a success? I think so! It helped stem casual piracy, wasn't "cracked" for at least 18 months after we released it, and didn't unduly inconvenience users too often, I hope.
We were really aiming for the 95% case. Trying to catch the 95% of piracy that is people sharing keys, reusing their own keys on too many machines, getting keys off the web, that sort of thing. I think it accomplished that.
How did you feel about windows 8? Same way you do.
Who invented the blue screen of death? John Vert. He said:
"Back in 1991 I wrote the original code for Windows NT 3.1 that put the video screen back into text mode and the routines to put text on it (and a truly gnarly bit of code it was!). I used the white on blue colors for two reasons.
* The MIPS workstations we were using for the MIPS port had firmware that presented a boot option screen in white on blue, so it made sense that the bugcheck screen would match.
* I (and many others) were using SlickEdit as our text editor and at the time its default color scheme was also white on blue.
I believe Mark Lucovsky wrote the original code that dumped a bunch of text to the screen. This was a bugcode and a stack dump, resulting in a bunch of useless hex numbers which product support would occasionally dutifully transcribe from the customers and include in the bug report.
There was no "typesetting" as we used standard VGA text mode on PCs.
I don't know the history of the Win3.1/Win9x blue screens, I think the fact they were the same color is just coincidence."
But can you make sick stick figure death match animations in QBASIC? No, but I do a mean Bill the Cat ascii art!
How could you? Sometimes you just gotta say WTF.
What are you working on these days? Mostly on programming tutorials and nostalgic "Windows War Stories" on my youtube channel:
[removed] That's me! Went to Miller high, worked at ISM and SaskTel during college, etc!
Here is my question. Im a cuban teenager (17) and my dream is work is be a developer. What kind of mini works i can do for learn programation before University? Do as many little program tasks as you can, and make sure you complete them, and SAVE them for the future so you can look back!
Try writing a little program to convert back and forth between roman numbers and regular numbers. Or fund the next highest multiple of 32, or count the number of it bits set in a byte. Or the real difference in seconds between two dates, that sort of thing. Real problems that you have to solve will help a great deal as they act as sort of a "forcing function" to make you get to the very end.
Do you like macaroni & cheese? Kraft Dinner all the way. And I eat with little packets of designer ketchup. didn't built paint? I'm out. Nope, sorry. But I owned calc for a while, back when we were adding infinite precision math to it!
Hi, If Microsoft wanted to, they could make it impossible to activate a pirated copy of windows using 3rd party software. So why aren't they making it impossible? Not sure what you meant by 3rd party software. Are you saying Windows can actually be activated even if pirated? That'd be news to me, but anything's possible.
What was the criteria for “tilt” on space cadet pinball? I played that game for hours as a kid. Spacebar would add a little "action" to the table, if I recall, and you could strike a balance of adding so much so often... but too much (ie: smash space too much) and it'll tilt.
Did you ever have to interview anybody at Microsoft? If so, what types of questions would you ask back then? What was your interview like going into Microsoft? Oh yeah, I've interviewed dozens or hundreds I'd bet. I'd like to ask "calibrating questons" like "Give me a funtion that takes a number and returns the next highest multiple of 32" or "count the number of bits that are set in it" to see how their basic coding skills were.
Then I usually liked to give a problem I was working on to see what it'd be like to actually work with the person.
I interviewed three times, once as an intern, once as full time, and then once to move to the Shell group. Each as an all-day affair, and very arduous. You have 2-3 hour long interviews in the AM, then a lunch interview, then 2-3 more hour long interviews in the PM, then a supper thing, etc... it's a long day!
ImRandyRU: What have you done for me lately? Edit: it was a joke... dabigchina: NT is the foundation that all modern windows OS's build on, so a lot. Zeusifer: I guarantee some of OP's code still exists in Windows 10. Most of it, to be honest. As a guess I'd say 75% still there.
Hey man, I had a wicked dump this morning and now my toilet is blocked. Any idea's? More roughage in your diet.
submitted by 500scnds to tabled
Happy Halloween - Updated Audit Status of Canadian Cryptocurrency Exchanges

Masks meant something different one year ago when I posted the highly popular “Happy Halloween - Audit Status of Canadian Cryptocurrency Exchanges”. Since then,
  1. We’ve had 20 more cryptocurrency exchange incidents globally.
  2. Canadian exchanges have seen massive progress - in at least a couple of exchanges.
  3. We’ve seen the collapse of Einstein which took millions of dollars more from Canadians. And we saw the OSC crackdown on the inflated trading volume on CoinSquare.

Blockchain provides the full ability for exchanges to prove asset backing, yet we continue to have to guess which platforms are backed. In an effort to help Canadians find the exchanges which are most transparent, we divide platforms into 5 categories:
If Proof of Reserve or another form of verification was standard on all exchanges, people like Gerald Cotten and Dave Smilie wouldn’t have been able to pull off massive fraud, and cases such as Einstein would have been known long before it resulted in insolvency. Supporting exchanges that don’t provide public validation or transparency is supporting fraud. Even if the platform is 100% honest, they are setting a dangerous standard that enables other fraudsters to hide in plain sight.

Dead Platforms/Incidents

FlexCoin - As “the world's first bitcoin bank” that’s “not a true bank”, FlexCoin provides “a central location for all of your bitcoins”. “Bitcoins deposited with flexcoin will be stored on [thei]r secure servers” so you can “send bitcoins to non-technical individual[s] via e-mail”. Unlike blockchain, “flexcoin to flexcoin transfers are free”.
MapleChange - “[S]wift, reliable and to-the-point!” “One of [their] primary concerns is security for [their] customers'' which is why “keys are cryptographically encrypted”. More Canadian than anyone! Excuse me while we hold the door open to our crypto! "[W]ithdraws(sic) are next to instantaneous", "rel[ying] solely on the aspect of swiftness"!
Canadian Bitcoins - Funds stored for convenience in a professional Rogers data center, which has the highest level of courtesy and customer service - always going above and beyond to provide expedient service whenever a request comes in!
CoinTradeNewNote - A “meticulously engineered Bitcoin Exchange” “focused on security and tak[ing] these risks seriously”. “[Y]ou don’t have to worry”, they have “90+% cold storage” and their “cold storage is fully insured by Xapo”. Plus, as “a registered Canadian corporation” they “leverage the good guys to fight the bad guys”.
Einstein - You can get “your money deposited and withdrawn faster than any other exchange”. As one customer said "With so many hacks and exit scams, it gives me confidence knowing Einstein is backed by hard-working people just like me." Just check the user experience on their subreddit from their "220,000+ satisfied customers".
EZ-BTC - As the world’s “most user-friendly and bespoke crypto currency management platform”, they have “strong security”. “All your coins are kept in cold storage. They’re safe.”. The presence of physical ATMs was one of the strategies to build customer confidence for their promised 9% annual return on stored funds.
QuadrigaCX - Operating since 2013, with “vast cryptocurrency reserves” right up to the end. "Bitcoins that are funded in QuadrigaCX are stored in cold storage, using some of the most secure cryptographic procedures possible." Even today some of the funds remain 100% secure in their cold storage!
If there are any others I missed, let me know!

No Verification Found

BitVo - Whether “Canada's premier cryptocurrency exchange” or merely “on a mission to become Canada’s premier cryptocurrency exchange”, we have to praise BitVo’s security for including “multiple signatures of a select group of trusted individuals” which are “not connected to the exchange platform or a network”. It is unfortunate that such common sense concepts are “proprietary” instead of the standard on all Canadian platforms. While assuring that they operate “on a full-reserve basis” and talking about “transparency”, the proof is lacking and nothing indicates it to have been verified externally or even internally. The withdrawal-based fee structure incentivizes users to keep funds “safe and secure” on the platform - which is “owned and operated by banking and security experts”. The “banking” side shows for sure in these hidden fine-print fees, which go well with transparency.
CoinField - Apparently no longer the "most secure trading platform in Canada" but now instead the “Best Bitcoin & Cryptocurrency Exchange In Canada” - based in Estonia and no longer having a Canadian office. They’re “fully regulated” in 193+ countries, except for the period between October 2019 and June 2020, when they weren’t even registered as an MSB. They offer a huge range of trading pairs except for the ones you need, with high liquidity except for the pairs that don’t have any, and you can withdraw and trade all of your funds as long as you leave a small amount behind at every stage.
CoinSmart - Not sure what "[i]ndustry leading cold storage" is, but luckily it’s “bank level”. No mention of multi-sig. They’re so "accountable to [their] clients, community and to each other" and "committed to being open and honest" that they don’t include any audit. Deposits are easy and withdrawals are fun - like a video game. Advance through each stage to prove your willpower, complete with warnings, SMS verification that doesn’t display errors (but luckily you can change the number to anything at all without further verification), and even an elaborate high-resolution selfie requirement you have to email in. If you can’t complete or don’t feel comfortable sending info via email, your money is held hostage - no big deal at all really.
Coinut - As "the most secure cryptocurrency exchange", they provide “a comprehensive cryptocurrency exchange platform for trading cryptocurrencies”. (Not to be confused with a cryptocurrency exchange platform for trading coconuts.) They’ve been “running securely for about three years” “by storing cryptocurrencies offline” in a single “offline computer”. In addition to not using multi-sig and "not us[ing] USB drives, as the online computer may be infected with virus", they also don’t appear to use audits or any form of public verification.
NDAX - “Canada’s most secure trading platform” to "set the standard for the Canadian cryptocurrency industry". While NDax promotes “segregated accounts” and “95-98% of user funds in an offline, multi-signature wallet”, there’s nothing to indicate backing of assets on the platform. While apparently partnered with a Canadian bank, the bank is not revealed. No audit found but at least there’s a full-page risk disclosure and disclaimer. You can sleep peacefully knowing that they’re legally protected, even “for losses suffer(sic) to you as a result of any defaults of by(sic) insolvency of other Users.” What does that even mean? Apparently, even with their industry-record withdrawal fees, they couldn’t afford a legal team with proper grammar.
Newton - Newton was one of the first to announce third party custody. You should give your funds to Newton, because they’ll give them to Balance, and they’ll do this for free! And “[m]ultinational companies trust” Balance. According to the Balance terms, “the digital assets you purchase via the Platform are not protected by any government or other insurance”. "Prospective clients...will hold the entire liability associated with purchasing a Digital Asset Cache™️ and using [Balance] services, potentially including partial or total loss of capital." "Balance does not represent or guarantee that the Balance Platform will be free from loss, corruption, attack, viruses, interference, hacking, or other security intrusion, and Balance disclaims any liability relating thereto." "No data transmission over the Internet can be guaranteed to be 100% secure, and as a result [they] cannot ensure or warrant the security of any information you transmit to [them]." "You are solely responsible for maintaining the confidentiality and security of your Account." If someone else should “[w]ithdraw the digital assets in your DAC to [thei]r external digital wallets as soon as within the same business day.” "Balance shall not be responsible for any losses arising out of the unauthorized or other improper use of your Account." The security of Balance custodianship comes down to (a) proprietary “HSMs” tested by their team of experts are more secure than hardware wallets tested by thousands of teams of experts around the globe, (b) a standardized and documented system of physical security in facilities accessible to a select number of people is superior to a combination of unique physical security, exclusive signing procedure, and complete locational secrecy that could be employed separately by multiple reasonably competent individuals, and (c) placing your trust in the team of Newton, the team of Balance, and the security of a website is more secure than simply trusting a single team to manage the private keys in an offline multi-sig fashion.
While Balance has an extensive page on security and internal controls, I was unable to locate any audit nor verification that the assets on Newton or custodian Balance are actually fully backed against deposits. From the demo page, we can see that Newton has visibility to see their balances on Balance, so at least Dustin and the team can check diligently and make sure they aren’t taken. Why not give some of that visibility to your customers? Why has Newton, which has been a leader in so many other areas (“commission-free”, working to get the best rates, etc…) not been a leader in putting together any level of public visibility to the backing of customer funds on their platform?

Apparent Verification

CoinBerry - CoinBerry uses the best practice of offline multi-sig for the storage of all customer funds, a set-up that, to date, has a breach-less record historically. Assuming the private keys are properly managed by separate trained people, CoinBerry client funds are thus stored in what’s essentially a giant cold storage wallet, with all withdrawals handled and verified by multiple people before being approved. However, this model is still subject to the platform being tricked into releasing funds as may have happened in August 2020. What they haven't done is transparently admitted and explained how the breach occurred, which can be an opportunity to highlight security improvements and help other platforms avoid similar issues. Instead, they've recently purchased insurance to cover future incidents. It's hard to judge from a few excerpts of what’s likely a multi-page (or even a multi-chapter) policy, but it would be the first time that insurance has ever paid out in the history of cryptocurrency. A multi-platform insurance strategy could be cheaper, more comprehensive, and more likely to pay out than third party insurance.
CoinBerry is “trusted by Canadian Municipalities”, a deal that enabled “the first payment of property taxes with Bitcoin in Canadian History”. They reportedly also “undergo annual 3rd party financial statement audits”. From records, these appear to be conducted by the firm MNP which is an accounting firm. CoinBerry has not, however, publicly declared themselves to be “fully-backed”, nor have they published any verification on the backing level of funds on the platform. Rather the audits are “secret”. This is concerning given the large referral bonuses paid out by the platform to new customers (including a popular $25 referral bonus for purchasing $50 of bitcoin), multiple issues with withdrawal delays, including one affecting hundreds of customers earlier this year, and the slow increase to their “fair pricing and industry-leading low fees.” Fees have gone from 0.5% to 1%, to a tiny sentence about “adding a margin, or spread, of between 0% and 2% to the rate offered by [thei]r liquidity sources”. Luckily, they “don’t hide fees across your trading experience.” In case you should sign up and find that (up to 2%) rate to be too high, “[a]ccounts requesting a withdrawal of Fiat or Crypto currency in original form, without conducting a trade will be...charged an account maintenance fee calculated as the larger of $25 or 5% of the total amount requested.” You will also need to pay additional “mining fees for crypto withdrawals”, which significantly exceed typical transaction costs and are only mentioned in the fine print of their fees page. CoinBerry has publicly expressed agreement that you should not store funds on cryptocurrency exchanges including their own. Neither their insurance nor world-class security will do anything whatsoever if their platform goes insolvent.
CoinSquare - CoinSquare has had a rough year, most notably with being publicly declared as having inflated trading volume and having to pay multi-million dollar fines. As usual, the Reddit community was already on top of this and apparently, some staff at the company were even open about it. Ironically, one could argue that their dishonest practice did more to stand up to Quadriga than regulators ever did, may have saved thousands of Canadians from losing their funds, and may even have been a key factor in bringing Quadriga down. It remains to be seen what will become of the shell of one of Canada's oldest exchanges. It would be the ultimate in poetic irony if the actions of the OSC to protect CoinSquare investors ultimately destroyed the full value of their investment. If that plays out, I'm sure they will heap praise on the OSC for so publicly and fragrantly shaming CoinSquare for a practice which was similarly employed on other exchanges globally and which they'd already voluntarily ceased months prior to the conclusion of the 6-figure investigation and 7-figure fines.
That said, CoinSquare already had a lack of visibility into their security practices, which they describe as “100% proprietary”. This would imply the team at CoinSquare is smarter than established security standards by experts all around the world at protecting your funds, contradicting previously reported incidents. They describe “SSL and 2FA”, which are more or less standard features of all exchanges. A “95% cold storage” policy is low compared to many other platforms, and it doesn’t appear to be mentioned whether multi-sig is being employed or not. And of course, their apparent regular audits are not public (allegedly by “a national accounting firm whose identity is protected under an NDA"). They’ve routinely described themselves as solvent rather than fully backed.
Kraken - A kraken is “an enormous mythical sea monster”, and likewise Kraken, the exchange, is enormous, the largest and oldest exchange platform in North America. Kraken recently achieved the momentous accomplishment of becoming the first cryptocurrency exchange to be a regulated bank by completing a charter in the state of Wyoming. Kraken calls itself the “most trusted cryptocurrency exchange” and apparently “provides world class financial stability by maintaining full reserves, healthy banking relationships and the highest standards of legal compliance”. While many individual Kraken customers have been hacked, the platform overall never has, which is an impressive record.
Similarities abound further. According to legend, kraken exist off the coast of Norway. According to alleged court papers, Kraken operated illegally in the state of New York. Should you encounter a kraken, you may be best to leave silently. If you should work at the counter for Kraken, you may be legally silenced. One of the former employees for Kraken alleges wrongful dismissal and that the bank accounts of Kraken are actually running millions of dollars short of where they should have been. But don't worry - Kraken’s website features a Proof of Reserve page, stating that “[o]ver the past several weeks, Kraken has successfully developed and completed an industry-leading, independent, cryptographically-verified audit.” But the page was written in 2014 and among the long list of limitations, the process does not enable any validation on the blockchain. Kraken hasn't done any validation or publishing of reserves in 6 years and counting.
NetCoins - Once upon a time, the cofounder of CoinTrader (sound familiar?) decided to found a new exchange - “Canada’s easiest, most trusted way to buy and sell crypto”. As they say on the FAQ, “[t]rading cryptocurrency is completely safe”. Having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” “Get verified in minutes!” While comforting to know that parent corporation BIGG Digital Assets is audited by Manning Elliott LLP and they have “[r]eal human beings you can get in touch with easily”, this doesn't make up for no visibility whatsoever into how funds are stored or what portions are backed.

Full Backing Report

There are only two exchanges in Canada meeting these criteria.
BitBuy - BitBuy has operated since 2016, and was the very first to get a “Proof of Reserve and Security Audit Report” from third party CipherBlade. Since that time, they’ve also established themselves as the first company to get two separate third party validations, with the second one from Blockchain Intelligence Group. The platform’s initial operation as a non-custodial “Express Trade” model lends additional credibility. Therefore, with now two independent third party reports, BitBuy maintains the title as the most transparent exchange in Canada.
However, “Bitbuy has moved its existing bitcoin holdings over to Knox”. You now have to trust both teams and platforms for the security of your funds. This is described by them as an “industry leading push for best practices”. Insurance is of course “subject to the full policy terms, conditions and exclusions”. And “Bitbuy will be Knox’s first platform partner”. Knox has never done this before for any other platform. Their security model is “a mouthful for most”, but let’s break down their pitch. They have “air-gapped specialized hardware”. So is a standard typical hardware wallet. It’s running “custom policy logic”, which could be a good or a bad thing depending on the logic. Their logic has probably been vetted by a single team of experts, which is a standard shy of most hardware wallet protocols vetted by thousands of experts globally. They use a “dual-control operational model”, which if you look up dual-control, it actually refers to the fact that the functionality of the module is simultaneously performing actions and being monitored”. It allows one to “experiment with the system so as to learn about its behavior and control it better in the future” which you can decide for yourself if that’s a good thing to have or not in the hardware that controls withdrawals of an active exchange platform. There is “offline transaction processing”, which again is a standard feature of a hardware wallet. “Geographically distinct facilities” is a good idea, though easily achieved by not storing all the private keys in the same place. Saying that the facilities “communicate in a closed network” is an interesting concept. How can you know that a network is closed? If the facilities are close together, they can be breached together. If far apart, someone can get in the middle. The network is no longer closed the moment any part of it is breached. I can go on and on and break down every one of their systems if I have to, but instead, I’ll quote their own security advice about “minimizing the attack surface of the entire key lifecycle”. The minimum attack surface for a private key is having an individual generate it secretly and securely using a process which is vetted by hundreds of security experts around the world, and not relying on a third party to have to control anything to do with that key. This is already available from most standard hardware wallets, with experts debating whether other advanced experts can find a way to extract the key with access to extremely sophisticated equipment and physical access to the hardware. The best and most efficient way to mitigate a weak or corruptible party is through multi-sig where all parties have to sign the transaction. Adding intermediary custodians instead means funds are lost when any one of them is breached, and when using the same in-house hardware as Knox does, any vulnerability on that hardware or supply chain can compromise multiple wallets at once.
Now, insurance. The policy isn’t public on its website. It gives high-level features only. What’s astounding is that “collusion” is considered a break-through, which says a lot about the state of third party insurance in the space. I requested an example policy from their team. Their response was that it was “proprietary” and that they only “go over it with serious buyers”. In other words, no one has visibility to the actual policy details of what’s really covered outside of BitBuy or Knox, and neither party has any incentive to present that information objectively. For now, until someone cares to prove me wrong, I’ll quote their own website, “[m]ost policies covering Bitcoin theft and loss fall short and provide a false sense of security”.
One of the issues with the BitBuy validation is that it offers no visibility whatsoever for customers to know if their balances were included in any of their third-party validations. As such, BitBuy could have excluded any number of customers and passed both verifications with flying colours. That's why it isn’t a full Proof of Reserve. Also, they stopped talking to me again. But I still believe that BitBuy is one of the least worst platforms, now with reserves verified by two separate third parties.
ShakePay - Firstly, congratulations. The formerly trustless raccoon has now got a third party validation - a key step forward. The ShakePay platform is incredibly good at marketing, with the most powerful “Shaking Sats” program to literally get thousands of Canadians to think about buying more cryptocurrency every single day, or at least to pay homage to their great raccoon mascot. More recently, ShakePay completed a security assessment provided by CipherTrace, and added further insurance. CipherTrace found that reserves appeared to be fully backed including extensive analysis of the transactions and provided data.
ShakePay could be upfront that they charge a market spread or list the buy and sell prices. Instead, they promote the service as “no fees” and list only one price for bitcoin or ethereum, the only coins they sell. To find the model you have to click through to a separate page. The spread and pricing information is only ever available from within a registered account. ShakePay does not offer any additional trading functionality or coins.
ShakePay states that the “majority of all digital currencies are stored securely offline”. The CipherBlade report found this ratio was at “93% of Bitcoin and 91% of Ethereum” in cold storage at the time of the report, though it “var[ies] periodically to some degree throughout the day”. The report refers to a “multi-signature wallet interface”, which they later call a “service to access its sending and receiving multi-signature wallets”, which apparently also “does not have control over cryptocurrency in the hot wallets”. This part doesn’t exactly make sense, as one would most likely consider “access” to a “sending” function as “control”. Apparently, this “not mentioned” service is “without any known security risks” and there are also “redundancy measures” in place as well. Whatever that means in the context of irreversible transactions is a mystery.
However, the majority of funds are no longer stored with ShakePay but have now been given to an undisclosed “trust company registered under the NYDFS”. The “variety of security protocols” in place here include “address whitelisting”, the only policy they are willing to disclose publicly “for security reasons”. While ShakePay won’t identify the third party, “CipherBlade can confidently conclude that Shakepay controls these cold wallets” even though “they are controlled by [the] cold storage provider” and “the cold storage provider ultimately holds the private keys”. ShakePay does receive “an account statement” “which includes applicable wallet addresses and balances held” and “[d]ata found on the blockchain was also in line with information found on these statements.” It will be interesting to see in one of many “quite unlikely” events what “the cold storage provider’s policy and Shakepay’s own policy” would cover, given that the details of both policies are completely secret. Luckily, “[t]he vast majority of Shakepay customers who purchase cryptocurrency on the Shakepay platform withdraw it promptly thereafter.”
It’s important to note that this report is not a Proof nor an Audit (as originally named). “The reviewer is not a professional accountant, and CipherBlade has not performed a professional financial audit or an audit of internal controls and expresses no assurance on the accounting records of Shakepay.” ShakePay was happy to remove “audit” but they still continue to insist on calling this a “proof”, when it’s not. They claim “Proof of Reserves can have a variety of setups” and they cited Nic Carter’s blog post, which also listed all the criteria for the proof, which they did not meet. In discussion with Nic (who is amazingly open to chat), he’s agreed “what they are doing is not a full PoR” and he “didn’t believe it would be a widely consulted thing - [he] was mostly doing it to encourage custodians to take PoR seriously”. The point of a “proof” and why it’s called a “proof” is because it leaves no doubt. A Proof of Reserve needs to prove the reserves - that funds exist on the blockchain, are spendable by the platform, and fully back the assets of any customer who bothers to check. ShakePay’s does not.

Proof of Reserves

Presently all platforms in Canada have refused to provide visibility to the public blockchain entries backing funds on their platform. They have refused to sign a proof of spendability for any funds they control. All claims and verifications have been against customer lists provided by the platform with no ability for any customers to validate they were included. This is a recipe for more Gerald Cottens and Dave Smillies.
I understand Proof of Reserve is not practical for all platforms. I was able to come up with an alternative that doesn’t require public blockchain visibility, could be implemented today using reputable third parties, and effectively validates all customers are included.

How We Could Have Safe Exchange Platforms In Canada

The first and largest issue has always been a lack of transparency. Far more funds have been lost to fraudulent platforms and wallet services than hacks. Honest platforms need to be giving greater visibility and certainty to their customers to make fraud obvious.
Secondly, no platform employing offline storage and multi-sig has ever been breached. We need to agree on the basic standards of what it takes to keep assets secure and create an environment where best practices are shared instead of hidden between platforms.
And thirdly, third party insurance incentivizes high fees, it limits coverage, and it does everything possible to avoid a payout. We need an organized insurance strategy that is run by platform operators and overseen with the full protection of Canadians in mind.

What’s possible is exciting, but not guaranteed. There are a lot of irreversibly horrible futures which are even more likely if we merely sit back and watch.
submitted by azoundria2 to QuadrigaInitiative [link] [comments]

Released Games

Released Games

Here are all the well-made platfighters that you can play RIGHT NOW!

Rivals of Aether - Choose a Rival to bring into the battlefield and manipulate the powers of the classical elements and animal movement. Unravel the mysterious conflicts of the planet Aether in Story Mode, band with friends to take on shadowy creatures in Abyss Mode, and bring your combat skills Online to challenge players across the world.
Link: (24,99€) 

Brawlhalla - Play locally with friends, fight in chaotic Free-For-All matches online and offline, team up for 2v2 battles, or climb the Ranked ladder to Platinum and beyond. There’s a little something for everyone.
Link: (free) 

Slap City - Slap City is a streamlined platform fighter with characters and locations from the Ludosity universe! Slap your way through multiplayer modes like Battle and Slap Ball either locally or online, or take on a bunch of single-player challenges!
Link: (16,79€) 

Rushdown Revolt - Move faster and strike more swiftly than you ever have before with the power of our signature Spark mechanic. Rushdown Revolt aspires to be the most electric, combo-centric and expressive Fighting Game.
Game graphics may not be final
Link: (slacker pack $19,99) 

Super Smash Flash 2 - Super Smash Flash is a series of fighting browser games published by inde company McLeodGaming, led by Gregory McLeod under the alias Cleod9. It is based on the Super Smash Bros series. The original Super Smash Flash is based specifically on Super Smash Bros. Melee.
Link: (free) 

Brawlout - Brawlout is the party fighting game, designed for couch play, online matches and competitive tournaments.
Link: (16,99€) 

Fight of Animals: Arena - Animal memes such as Power Hook Dog, Mighty Fox, Magic Squirrel and more are now become Fighters!! Simple Controls & Funny Animals & Exciting Battles!!!Choose your favorite animal and join the fight!! Players are able to fight through arcade mode become the King of Animals! Also allows players to challenge people around the globe online!
Link: (8,19€) 

Super Powered Battle Friends - Super Powered Battle Friends is a 2D indie platform fighter featuring hand crafted pixel art and a colourful cast of characters. Get ready for incredible local multiplayer modes with the gameplay depth for those intense competitive 1 vs 1 matches. Super Powered Battle Friends is great for competitive players and social players alike.
Game graphics may not be final
Link: ($12,9) 
yes, here are the Smash games.
Super Smash Bros. Ultimate - Super Smash Bros. Ultimate received universal acclaim from both critics and players, with some critics calling it the best installment in the series. It received praise for its large amount of content and fine-tuning of existing Smash gameplay elements, although its online mode was widely criticized. As of September 30, 2020, Ultimate had sold over 21.10 million copies worldwide, making it the best-selling Super Smash Bros. game and also the best-selling fighting game of all time, beating Super Smash Bros. Brawl and Street Fighter II, which previously held each title respectively. Its massive success has caused it to be nominated for, and win, multiple awards.
Link: ($59,99) 

Super Smash Bros. Melee - We all know Melee. We all love Melee. Visit for installation instructions and more. #FreeMelee

Project Plus - Project+ is a gameplay modification of the Brawl mod Project M (based on Legacy TE) with the aim to improve the balance among the cast by making small moveset changes to all or most characters. Project+'s development started in 2018 and version v1b was released in April 2019. On March 17, 2020, Project+ 2.0 was revealed with additional content, such as new modes, revamps to some characters movesets such as Bowser getting a new fireball attack and Charizard getting Thunder Punch, and the reveal of Knuckles the Echidna as the only new playable character beyond what Project M had.
submitted by AngryGeri to platformfightergames [link] [comments]

