Bitcoin Forum

Feathercoin 0.6.4.3 released with Advanced Checkpointing
ACP Press Release (https://docs.google.com/document/d/1bJsoP3758r19yOsUJeBd-g_WCrQm-CCer3NeDSSqbxU/edit)

Today we are proud to announce the release of Feathercoin with Advanced Checkpointing (ACP). Currently the checkpointing is set to be 5000 blocks behind the current block so it is effectively turned off. Checkpointing will be set to automatically checkpoint the latest block on September 2nd at 09:00UTC. This gives people a chance to update to the latest version before ACP is fully enabled.

Please download the latest client from the link below.
Feathercoin Software Downloads (https://www.feathercoin.com/about/index.php#downloads)

Advanced Checkpointing FAQ

What is checkpointing?
Checkpointing was originally built in to Bitcoin in order to prevent dishonest people reversing transactions and taking back the money they had sent. Imagine someone sends you money and you dispatch goods only to find that they have taken the money back out of your account.

The basic checkpointing feature in Bitcoin makes sure that the software only connects to the blockchain defined by the developers. This is a safety feature to stop malicious users from trying to force clients on to a different blockchain. The blockchain has all the Bitcoin transactions of Bitcoin written into it. Every block in the blockchain has a unique string of characters called a hash. In the client the checkpoints are defined by providing the block number and its hash, this is then compiled and distributed. Clients will only accept the blockchain that has the corresponding block number and hash defined in the code. Checkpointing offers some protection against attackers but only up to the last checkpoint. So malicious users could try to orphan blocks after the last checkpoint and reverse transactions with 51% attacks.

What is a 51% attack?
As the network is decentralised the blocks that make it into the blockchain need to be agreed upon by the majority of the miners. So if someone has 51% of the network mining power they are able to dictate which blocks get accepted. Typically a 51% attack is used to force the network to accept alternative blocks to ones that have already made it into the chain. The result of this is to make the transactions in the original blockchain disappear. Typical clients will broadcast the transaction again but the attacker will make sure that their transaction disappears. The aim of this sort of attack is typically to reverse transactions. As these attacks orphan the original blocks, pools and miners also find that the coins they mined disappear. The victims of these attacks are the recipient of the attacker's transaction and the miners whose mined coins from the original blocks will disappear.

What is Advanced Checkpointing?
Advanced Checkpointing allows us to send out checkpoints without having to redistribute the Feathercoin software. This works by having a 'master node' which checkpoints each block it sees on the network protecting it from the attacker. This checkpoint is then picked up by all the other clients on the network which will then ignore any blocks generated by a 51% attack. This protects merchants from transaction reversal and miners from losing their newly minted coins. With Advanced Checkpointing, Feathercoin becomes the most secure of all the Scrypt cryptographic currencies.

Why doesn't Bitcoin or Litecoin have this protection?
51% attacks have generally been theoretical and in the past they have only happened a handful of times to newly born coins. However it appears that the cryptocoin landscape is becoming increasingly hostile as people invest in larger and more expensive mining farms and have access to large mining pools. The attacks that were theoretical are now becoming commonplace to coins which do not have a large amount of hash power.

Bitcoin and Litecoin have never been subjected to successful 51% attacks as their hashpower has so far been too great for the attackers to target. It would seem that as they have not suffered from these attacks then it is not a problem for them but we believe this complacency is the biggest threat. It may be true that Bitcoin is safe for now but all crypto currencies should have some concern for this issue as hash power should never be taken for granted. Litecoin could well find itself subject to such attacks especially as Scrypt hash power is becoming increasingly mobile with the advent of multipools which switch their miner's hashpower to the most profitable coins at the time.

Feathercoin in the past has been subjected to 51% attacks and even though we have enough hash power at the moment to thwart these attacks, that does not mean that the attackers will not have the resources to attack us again in the future. In fact it could be seen as irresponsible if Feathercoin did not come up with some kind of protection against these attacks as our hash power may drop or the attackers may get greater resources.

Is this a centralised solution?
ACP is a form of centralisation that we have put in place because we believe security comes first. Attacks on this new breed of crypto currencies are on the rise with the attackers becoming more and more resourceful. We are the first Scrypt based coin to respond to this threat by recruiting the best minds in this domain to ensure everyone is protected even those who engage in speculative mining and to whom we owe a debt of gratitude for their patience and understanding.

How will Feathercoin continue to innovate to ensure security and decentralisation?
This is the hard work that needs to be done and we will continue to listen to our community and innovate on the design and implementation of the ACP. We believe that Feathercoin should be powered by the community.

This is a form of centralisation as the checkpoint master node is deployed and maintained by the lead developer Peter Bushnell. Currently no other person has access to this system but it is planned to make the checkpointing system distributed over time. Distributing this system would allow several stakeholders like mining pools to have a vote on which block gets checkpointed. The controls in the system are very limited and only allow the developer to change the depth at which the blocks are checkpointed. This is an automated process and there is no facility to pick and choose which blocks get checkpointed.

Great to hear it's released :)

Similar to ppc/nvc, I presume? If so, then there is no double-spend possibility in case of compromised private key.

If not, then how checkpoint conflicts will be resolved?

P.S. Please note that checkpointing can't protect against hashrate-based DoS attacks, due to nature of those attacks.

Balthazar, good to see you. If there is another checkpointing node seen on the network then checkpointing stops and an error shown to everyone.

Attackers are welcome to mine Feathercoin. The multipools seem to have more hash rate than the attackers do and no one considers that a hashrate based DoS attack.

Can you please expand on what you mean by hashrate based DoS attack so I can answer properly?

It's quite simple. If you able to generate blocks faster than remaining network users, you can apply this patch:


And then point your hashing powers to modified daemon. This will prevent all new transactions being confirmed.

... so you decides which blocks are valid and which is not?

Great! start mining at diff 1 and only make my blocks valid.

your solution is less secure then a 51%-attack.

This all reminds me of SolidCoin.

No, he didn't. He even can't reset own checkpoints.

There is nothing like SC, because there is no trusted nodes and checkpoints is not a necessary part of protocol.  Actually, you can disable processing of sync checkpoints by applying the following patch:


And you will operate on the main chain without any problem.

http://www.cryptocoinsnews.com/2013/08/27/feathercoin-advanced-checkpointing-released-today/

oh, so he can only controle 99% of the network that have not applied the patch. makes sense. perfectly secure.

Thanks for clarifying Balthazar. You are correct, there are still ways to run a DDOS with the majority of the hashpower.

It will be interesting to see if such attacks come about. Previous attacks orphaned blocks with the attackers longer chain, there always seemed to be an attempt at transaction reversal to exchanges. There seemed to be an immediate financial motivation behind the attacks which has now been removed.

What would happen if the 'master node' machine was compromised? Could checkpoints be forged or changed?

No. Even if you have corresponding private key, it's impossible to change checkpoints in the past. Clients will reject such attempts.

It looks like you have a serious problem with understanding the subject of current discussion.

Hint: Try searching on the wiki what does the term "checkpoint" mean.

By the way, BTC has checkpoints too... What a surprise  :D The only difference is that they are hard-coded and updated every few releases instead of every 6-10 blocks. But you can remove them from code too, there is no difference.

Maybe it's better to read ppcoin whitepaper or code before posting statements, which looks quite stupid? Just do your homework before coming back.

We spoke about this in the Trollbox, and while I'm not completely against centralization, as it will happen eventually due to a small number of people with a mass amount of hashing power for other coins, I don't like centralization on an Alt coin. While this might solve the problem for their many attacks, it comes with a price, and I, for one, do not trust Feathercoin at this moment with centralization.

They are simply trying to force this coin through the fast track of gaining natural mining support. FTC is very shady with it's massive amount of pumpers, and the coin seems to go on pumps during attacks, so they do not have my trust. They might have a community that is active, and that will be posting to dispel anything I type soon after, but centralization in FTC means even more loss of credibility to me.

If implemented, there should be some type of non-biased escrow that would give temporary monitored access to the central server only under specific circumstances. And no, I don't mean Koolio's escrow service.

That's not accurate, checkpoint can be broadcasted with immediate policy to defend against 51% transaction DoS. In XPM (also FTC now) if operator sets configuration checkpointdepth=0, blocks are immediately checkpointed. PPC and NVC can operate in this mode too by patching the daemon (in fact PPC v0.3 still has immediate policy running on PoW blocks). This is strongest protection mode against 51% attack but also the most centralized.

atomicchaos

Checkpoints is not a centralization as is. Users still voting with their hashing power, checkpointing changes nothing there. It's just a labels for the events which happened in the past.

By the way, that's why normally this solution doesn't provide a full protection against 51% attacks. It is still possible to perform DoS type of 51% attack without any limitations.

This is unacceptable solution, such policy has practically no differences with solidcoin (except for absence of the double-spend ability). Chain shold have a chance for normal reorganization. Otherwise it will be simpler to resurrect the solidcoin approach.

Incorrect, this is centralization, and has been admitted to completely, don't sugar coat it. It has a single point that everything passes through, so therefore, in every sense of the definition it is centralization. I find it amazing that developers would think that was a good idea, no matter what the issues are with security.

So if market cap gets big enough, someone will just kidnap Peter and have fun.

Again, I'm rather level headed on the idea of centralization, but I'd be shocked to see the majority of the community embracing this.

If so, then Litecoin is centralized too.

Just read again:


There is no way to "have fun", even if checkpointing server will be stolen from the DC. If you would try to change checkpoints in the past, such attempts will be rejected by network.

If checkpointing server can be stolen and it would not make any difference, then what is the point (pun not intended) of having a checkpointing server at all?

It contradicts itself - if this checkpointing server is so important for security, then how can the theft of this server not compromise security in any way?

Also, I can't help but wonder - who was behind this idea of AC? It almost seems as if someone decided to sabotage feathercoin, and came up with this ridiculous decision to do "Advanced Checkpointing". Who requested this? In http://feedback.feathercoin.com the Advanced Checkpointing is not even mentioned. But there are a lot of suggested ideas, like:

1. ZEROCOIN INTEGRATION!!! This has more votes than all other suggestions combined.
2. GUI miner.
3. Merged mining.
4. Integrate OT/Bitmessage.
5. Mobile wallet.
6. Import backed up encrypted wallet feature in feathercoin-qt.
7. Ability to install client anywhere (including USB stick).

...instead, we get Advanced Checkpointing (a.k.a. Advanced Centralization) which NOBODY asked for. I am not trolling, but I seriously don't understand the "logic" in this decision.

Existing checkpoints can't be replaced, so attacker can't perform double-spend or existing chain invalidation.

But there is another possibility still exist - thief able to mine his own chain and send checkpoints for own blocks only. This will be equal to the DoS attack scenario. But that's would be only a temporary problem, because the next client update will resolve this issue.

Anyway, I don't think that this feature is necessary, especially if nobody asked for this.

That doesn't answer my question - if theft of this server would not compromise security in any way, then why is this server needed at all and how does this server improve security?

If something improves security, then removing (stealing) that thing, would decrease security. Am I wrong?

It's quite simple, there are only a few rules:

1) you can create checkpoint, if it has no conflicts with existing checkpoints;
2) you can't replace existing checkpoint with the new one;
3) you can't create checkpoint for the block with height before existing checkpoint, if this block belongs to another chain;
4) you can't create checkpoint for non-existing block (actually you can submit checkpoint with the random block hash value, but this checkpoint will never mature).

This allows attacker to perform some scenarios:

1. Without checkpoints, or with patched (https://bitcointalk.org/index.php?topic=282314.msg3020717#msg3020717) client:

1) 7 blocks found on the main chain;
2) attacker generates 8 blocks in offline, and then publishes his block chain;
3) 7 blocks from the main chain are getting orphaned and replaced by the 8 blocks, which generated by attacker;
4) the miners or a scam victims are crashing their heads against the wall.

2. With checkpoints:

1) 7 blocks found on the main chain;
2) checkpointing node sends checkpoint for the 2nd block;
3) attacker generates 8 blocks in offline, and then publishes his chain;
4) attacker's block chain conflicts with the checkpoint and rejected by network, the main chain is unchanged.
5) attacker is crashing his head against the wall.

3. With compromised checkpointing key:

1) 7 blocks found on the main chain;
2) real checkpointing node sends checkpoint for the 2nd block;
3) attacker generates 8 blocks in offline, and then publishes his chain;
4) attacker's block chain conflicts with the checkpoint and rejected by network, the main chain is unchanged;
5) attacker uses compromised key and trying to submit checkpoint for the first block of his chain, in order to overtake existing checkpoint;
6) the new checkpoint has conflict with already existing checkpoint and as the result, it's rejected by the network;
7) attacker is crashing his head against the wall.

4. With compromised checkpointing key, stolen or DDoS'd server:

1) Users are getting message that existing checkpoint is too old. This message convinces them to use escrow, while this issue isn't resolved.

5. With compromised checkpointing key and stolen or DDoS'd server, which replaced with the new one, belongs to attacker (1st scenario):

1) 7 blocks found on the main chain;
2) attacker node sends checkpoint for the 2nd block;
3) attacker generates 8 blocks in offline, and then publishes his chain;
4) attacker uses compromised key and tries to submit checkpoint for the first block of his chain;
6) the new checkpoint has conflict with already existing checkpoint and as the result, it's rejected by the network;
7) attacker is crashing his head against the wall.

6. With compromised checkpointing key and stolen or DDoS'd server, which replaced with the new one, belongs to attacker (2nd scenario):

1) 7 blocks found on the main chain;
2) attacker ignores them, and generates own block instead;
3) attacker uses compromised key and tries to submit checkpoint for the first block of his own chain;
4) users are syncronizing with attacker's chain instead the original one, because original one conflicts with the checkpoint.

As the result, key holder has very restricted rights in the system. His abilities are limited with existing history protection, he can't alter network history if it was checkpointed before.

Maybe I missed something, haven't slept for 47h. %)

Anyway, I think that client must include an option, which allows user to bypass checkpoints without applying the custom patches.

a compromised checkpoint key can lead to a 1% attack, else the security that the checkpoints provide would be useless.

also if the checkpoints are unremovable in the client, multiple conflicting checkpoints created with a cmpromised key, will lead to a network split.


THIS SOLUTION IS _NOT_ SECURE.

Caps, underline, red color and another formatting proves nothing except your emotional condition. We are not monkeys, we shouldn't care about emotions while trying to talk about the IT related issues. Turn your emotions off, please.

It's the second attempt to post this bullshit, maybe you should try to do something with your erudition?


Dude, it's not funny. Don't be a preaching idiot, just read and try to understand how things really are. Otherwise there will be no differences between you and RealSolid.

P.S. Actually, I don't like FTC. But even more I don't like ignorant "preachers" like smoothie or CH/RS.

Yay, go Feathercoin and good job devs!

we have block 1,2a,2b,3a,3b.

we have checkpoint a which comfirms block 1, signed by uber master key.
we have now 2 more checkpoints b and c, checkpoint b confirms block 2a, and checkpoint c confirms 2b. both signed by the uber master key.
both checkpoints is then introduced to the network. half of the network gets ckp a, and the rest ckp b.

hmm but checkpoints can't be replaced you said, well then now 50% of the network is mining on top of block 2a, and the rest on 2b. and thus creating 3a and 3b, and the network is finally split.

sorry dude you lose.

and i will repeat my warning(now with big red warning letters):

THIS SOLUTION IS _NOT_ SECURE.

Thank you for your detailed illustration. I think I understand checkpointing better now but I'm confused about scenario 5. Why does the attacker fail with submitting checkpoint for the 1st block of his chain? There is an existing checkpoint for that 1st block done by some other server?

This attempt fails because checkpoint already sent by his node at step 2. It's just an example, real attacker wouldn't do that. Real attacker would act according to #4 (+ regular 51% attack) or #6.

1) 7 blocks found on the main chain;
2) checkpointing node, which is stolen by the attacker, does not send checkpoint for the 2nd block (because the attacker controls it);
3) attacker generates 8 blocks in offline, then sends checkpoint for the 2nd block in his chain, and then publishes his chain;
4) attacker's block chain does not conflict with anything, and is accepted as the main chain;
5) ???

Please explain to me, why is this not possible?

In the fantasy universe maybe. But in the real world developers are not stupid. Every client will switch into safe mode and "invalid checkpoint found" / "invalid chain found" warning will be displayed in such case before the big split will happen.

Compromised private key becomes completely useless and everyone waiting for the client update (with hardened checkpoint and the new master key or removed sync checkpoints support). It's the catastrophic event, but it happens sometimes even without checkpoints. Anyway, no double-spends / long forks possible in such situation.

By the way, that isn't quite right. Checkpoints are being confirmed by the corresponding block, but not otherwise. Checkpoint will never mature, if client has no suitable block in own copy of block chain.

1PFYcabWEwZFm2Ez5LGTx3ftz, it was just an example. Of course, real attacker wouldn't submit the first checkpoint.

Your scenario is possible if there will be no another checkpoints node (i.e. #6).

P.S. I think that it will be simpler to execute DDoS against checkpoint node in addition to usual 51% attack.

so you say solution is no better then any other solution... except you have control. good for you.


you seems to be so sure of that your solution is right(hint: it's not). so this will be my last reply.

and the warning again, with a little extra added:
THIS SOLUTION IS _NOT_ SECURE, AND IS MOST LIKELY A SCAM MADE BY THE CREATOR.

LOL.

It seems that something really serious happened with your eyes. Hint: see the OP's user name.

Is it possible to use 96pt? Not everyone can see this from Australia, letters are too small. :D

This is a misrepresentation of what the feature is for in Bitcoin.  Primarily, it prevents a newly installed node which is being subject to a isolation attack (e.g. by an ISP) from putting it on a fantasy network, it also inhibits a bunch of DOS attacks which could be better solved other ways but were more easily solved with the checkpoints way in the short term. It also triggers some performance optimizations, which, likewise could be done other ways. Bitcoin checkpoints are never placed with a couple thousand blocks of the tip, and thus are not useful against your typical double spend concerns at all.

In more recent times we've been talking about drastically reducing the static checkpoints role in Bitcoin and very likely will in the next major release. We may even remove them completely.

In Bitcoin we would _never_ deploy something that looked liked this advanced checkpointing feature, as doing so would be abandoning our security model. The user community wouldn't accept it, and if by some weird chance they did no sane developer would accept access to the keys lest their lives be put in danger.

Like many other "ways of preventing '51% attacks'" broadcast checkpointing prevents the attack by making the network constantly under the control of a perpetual "ultimate majority" "attacker", though hopefully a benevolent one. ... but thats a return to the old trusted model that runs under classical payment networks like visa... and if you're willing to trust you can construct systems far more efficient than blockchains.

Of course, things are— no doubt— different in the land of crazy altcoins.  Realsolid did a lot worse things in the day with users happily accepting it... so I do not say this to judge— this may be a good, even necessary step considering the environment that you're in... I'd just prefer that you not misrepresent Bitcoin while explaining your feature here.

(As an aside: I was one of the earliest miners on PPC and mined about 250k coins. I stopped when one of the broadcast checkpoints reorged out some of my blocks)

Actually I think that BC is nothing more than ugly workaround, sometimes that's required to function properly...

It's planned to drop syncronized checkpoints from NVC since 20 Nov 2013. Currently users are able to switch this option off manually, by using the command line parameters.

Great answer Balthazar -

this whole thread has been great , and well done on FTC for taking appropriate action for security.

this can only foster confidence , and perhaps try to leave the 2million taste behind , its still my opinion politically that FTC should have never teamed up with 2 other hugely damaged with regard to credibility currencies. but i think they panicked at the time and that was the result.

instead they should have taken action to implement this policy and continued development solo .

but hey , who's perfect, and that's just my opinion , who knows what goes on behind the scenes ; )

great work on this development anyhow.

But it IS possible now, right? Because there IS only one checkpointing node? Or did I misunderstand you?

And if there are more nodes, what's to stop the attacker from stealing them all?

Consider the example of Liberty Reserve - USA made a strike in 17 countries at once and shut it down. Why? Because there were some central-nodes/points-of-attack available.

"Solving" some security problems by using a centralized solution is not "solving" anything at all - it is returning to the old-fashioned model of PayPal, Liberty Reserve, and many other online financial systems.

I would like to point out that this was not implemented on a whim. There was a lot of discussions on how to prevent the 51% attacks, and this was the most widely accepted short term solution even though most were a bit uneasy about it. Once we find a better solution or FTC becomes big enough this will no longer be needed.

The current model of advance checkpointing is a temporary solution.

All those are in the works, especially 1 and 5.

There was no shortage of people (including me) asking for ways to prevent the repeated attacks. The advanced checkpointing system was mooted even before the last attack. We were all aware that this was in the works, and as I said there were quite some discussion in the main board (of FTC forum).

From feathercoin FAQ ( https://www.feathercoin.com/about/index.php ):

What is Advanced Checkpointing?

Advanced Checkpointing allows us to send out checkpoints without having to redistribute the Feathercoin software. This works by having a 'master node' which checkpoints each block it sees on the network protecting it from the attacker.

1. Who is "US"? What if "US" gets hacked/kidnapped/bribed/blackmailed/killed?
2. What if this "master node" gets hacked/stolen/nuked?

You are understanding me right. It's impossible to run more than one such node without a full redesign of concept, because otherwise there will be a constant synchronization conflicts.

But there is a serious difference from RealSolid's trusted nodes approach. Checkpointing node is not a critical part of network. If server would be destroyed by aliens or ddos'ed, this won't event affect the network directly. Network will continue operation without checkpoints.

If that is true, then why it is not even mentioned in feedback.feathercoin.com? Who were these people "asking for it"? Why did they not ask for it publicly, that is in feedback.feathercoin.com ?

Then why the f*ck are they needed at all???

This "feature" destroys the most fundamental part of any crypto-currency - decentralization. And now you are telling me, that it is not even necessary?

They prevents attacker from reorganize attempts, but only while function properly. I.e. 51% still could be executed, but this will require a ddos attack in addition to hashing power.

Yep. Network is able to work without checkpoints (scenarios #1 and #4 in my posts). Unlike trusted blocks, checkpoints are not a part of block chain. Actually, you can patch your client to remove this feature, and it will be compatible with the rest of network.

You contradict yourself.

I just now realized, that the one defending this "feature" is Balthazar - the person who created (?) THE scam coin #1 - NovaCoin.

It is very sad. I honestly expected Feathercoin to become the first currency to integrate Zerocoin, and it would have become the most used currency after BTC and LTC... Instead, the creators chose to "integrate" centralization...

You killed feathercoin today.

There is no contradiction, just read carefully.


Network will be able to function, but becomes vulnerable to 51% attack. .

Slowpoke? Congratulations. ::)


Again, read closely:


If you see any support or defence here, then you are an idiot.

NVC isn't more scamcoin than FTC or LTC. And you have nothing against this sentence.

This was one of the later threads https://forum.feathercoin.com/index.php?topic=1878.0

There were threads earlier than this around the time of the first attacks when the suggestions cropped up. The thread titles were differently named so you can do some digging to find out.

Thanks again for all the detailed explanations.  :)

It seems you are just trolling. Normally, if I get to learn something (and I learnt a lot from Balthazar's posts in this thread), I would be a bit respectful at the very least.

But I thought this was all done to protect against 51% attack? :)

No, I am not trolling. All new features are discussed and voted upon in feedback.feathercoin.com. It is the way to do it publicly. Discussing it in the forums is doing it privately. Besides, discussion doesn't mean that people want it. Voting for it in feedback section means that people want it. And how many votes did it get? ZERO. It didn't even get on the feedback ideas list.

I followed the ideas on feedback.feathercoin.com everyday, and there was no mention of any checkpointing, ever. This is completely out-of-the-blue for me (and I was the one who followed feathercoin progress), so what about people who were not following at all?

Was FTC premined? No.
Was LTC premined? No.
Was NVC premined? Yes. Not just premined, but half of the premined coins were given to an exchange so they would accept NVC into their exchange.

Fair enough.

I have never been to feedback.feathercoin.com, oddly enough. I usually stay in the main board and occasionally visit others. On why checkpointing is not there, my guess would be it was pretty much decided long back. As I said, the thread I posted earlier was one of the later ones, and there were quite a few discussions in the earlier ones. The decision to go with it was taken quite a long time back (during the first attack), and I recall by and large most were in favour of it as a short term solution.

If the attacked gained control of this "master node", then he could scam the network, without even doing the 51% attack. Is this true or false?

Again, if this is so important, why were people not given a chance to know about it and vote for it?

It could be true, but it looks like it was not there, because if it was put to vote, nobody would vote for it. If you are honest about your idea, and honestly expect people to like it, then you would not mind putting it to a vote. The mere fact, that this was done secretly, and never put to a vote (that's why feedback section exists), is a huge red flag for me.

It's a shame more people aren't voicing their concern about this. I would not put this level of control into any of the developers. They say it's a good solution, but yes, gaining control under the guise of security sounds vaguely familiar, doesn't it?

I held little trust for FTC, but this seals the deal.

Centralisation can only be temporary, for resisting attacks at the beginning. I have found no hint anywhere, how and when to temper this interim solution. This is a bad sign to me.

Quick note. You can enable and disable the checkpointing with enforcecheckpoint true and enforcecheckpoint false :)

Do you still believe in Santa? :D Like any 0-startup-diff coin (https://bitcointalk.org/index.php?topic=193974.msg2012945#msg2012945), it was instamined by early-adopters.

Sherlock, I don't need to bribe btc-e owner for anything.

By the way, I suggested him to add FTC & CNC. So, we made for FTC more than your "cocksuckers" (c) (https://bitcointalk.org/index.php?topic=217110.msg2298533#msg2298533) team ever would be able to do. It's humiliating for you, isn't it? :)

Is there any proof for that? It is easy to guess that you have none. I have published proofs of mined volume (~65500 coins), and also we have a proof of 110k coins destruction. On the other hand, your buddies has nothing except "AAA SCAM 200K PREMINED"... That's pretty mature behavior :) Especially funny it looks at the background of fact that 200,000 coins at that time simply didn't existed in the network. Yep, pre-mined 200+k coins from 160k, LOL. Oh well, trolls are using the own arithmetics. Thanks for the portion of pleasure, now I'll let you get back to your normal occupation. ;D

That isn't enough, command line option is still required.  ::)Because only a few users will run commands in the RPC console.

To do that people need to go into the debug console in the Qt GUI. Are you saying that an option needs to be made available in the GUI as that is very doable?

In fact we would welcome you to make a commit for such a thing if you are willing :)

Are you claiming to be Feathercoin now? I won't stand for this kind of centralisation  >:(

:P

Nope, I mean command line key. In NVC you are able to start client with the -nosynccheckpoints option, and this will disable checkpoints enforcement... User can add this option into shortcut or conf file and forget about checkpoints.

I'll make a patch soon, maybe.

He is the Avatar of Feathercoin.

http://andromeda.wikia.com/wiki/Celestial_Avatar

 :D

By whom? The developers and main holders? Of course this would be attractive to them. In the same reason the US implemented the Patriot Act under the guise of protecting the country.


And I love Feathercoin, although that gave me a slightly creepy cult vibe... Anything that keeps LTC difficulty down is great to me, plus the propping up of the market has been nice for mining.

That said, what is the formal plan to notify people when the central console is utilized? What can you provide besides "trust me", that the central console is not used or accessed for any other purpose?


You don't learn from those that agree with everything you do, you learn from those that don't.

Maybe it's better to use coinbase property values for voting, just like Bitcoin did with P2SH...

I know what you mean but I used to find the altcoin forum very useful but it is now very confined as there are so many 'alts' here and there is often a lot of hostility that is counter productive. I like to think that everyone on the Feathercoin forum wants to see it survive and succeed :)

I do not think that anyone was over joyed with this solution but eventually found that this was the most viable short term protection against the 51% attacks. What every crypto coin needs is protection from 51% attacks through decentralisation and that is where we hope to be. I believe alternative crypto currencies is where the real progress in cryptos will now be made. It has been said in this post that Bitcoin could never do ACP, that is correct, they have to maintain the status quo now and lack agility.  It is up to the 'alts' to do the work that no else wants to, we would hope that the end result is a solution for everyone to use.

Congratulations to Feathercoin for now adding extreme legal hazard to its already amazing record of technical failure.  By becoming a centralized virtual currency, Feathercoin has now become de facto controlled by a single entity and is thus at risk of government crackdown like what happened to Liberty Reserve.  The owner of the checkpoint key also puts themselves enormous personal risk.

The track record of technical incompetence of Feathercoin development is clear and quite humorous.

* Despite claiming that Feathercoin is about innovation, Feathercoin hasn't fixed ANY OF THE BUGS since copying the old Litecoin 0.6.3 source.  They have had months of opportunity to copy critical bug and security fixes from Litecoin 0.6 or to upgrade to 0.8.

* To add to this further, when Bushstar copied Litecoin, he failed to change the alert private key (which was seriously bad), but the way Bushstar responded made it even worse.  Instead of replacing the alert key with his own, he disabled alerts entirely making it impossible to alert all users that they need to upgrade in the event of a future emergency.

* Also the way that Feathercoin modified its difficulty formula without understanding what he is doing and without modifying the pool software created that breathtakingly awesome time-travelling exploit.
 
Feathercoin has managed to fix no bugs, added more bugs, make themselves a regulatory hazard that is highly likely illegal as a centralized virtual currency, and has failed to upgrade to 0.8 despite months of source code access to litecoin.  Amazing.

The excuse against centralization being bad where individual users can remove or disable checkpoint enforcement is a meaningless lie.  If the major pools enforce checkpoints, then it doesn't matter if the users are enforcing broadcast checkpoints.

The fact is that people against checkpoints can cry all you like , the community has decided , checkpoints are accepted politically because they secure the individual investors investment .

And the arguments against are vauge retarded like statments about hostile takeovers , and images of crack teams storming server complexes or possible drone attack .

Points for creativity , but the retarded statments against centralized checkpoints are vacant as the community clearly has decided , Nova is trading number 2 and PPC could be called a successful endeavor , so ...

Look at the scoreboard.

FTC has clawed back credibilty in my books , for protecting investors or taking action to do so at least .

if checkpoints secure ftc, it does not deserve to call it self a cryptocurrency, as its no longer decentralized.

also think of it this way: if checkpoints was secure there would be no need for a block chain. and the invention of satoshi would be a very very small one(and i think we agree thats its not.). if checkpointing was a good solution bitcoin and any other cryptocurency would have been possible for over 60 years.

that's essentially a distortion of the truth and you know it, i really don't care , you can talk to Anonymint about it if you like , I'll go tell him you want to chat about it ?

you are trying (and failing) to exaggerate the importance of checkpoints in the overall system and structure and its dumb.

of course this scam coin is dead and there are good reasons for it. so R.I.P  ;D

It's not dead, nor will be for a while, but if this doesn't scare people away, they deserve what they get.

There are talks of changing the difficulty algorithm once again because it is "unfair" that certain miners get to "abuse" the rules set forth.

To change the rules again shows that the first change was not well thought out and should not have happened at all. Sorry if this is off-topic but it is essentially in the same category as this thread as it is another change being spoken about currently.

I don't think there should be any other difficulty adjustment changes. Disclosure: I am not a miner and have not been for 2 years now.

Advanced Checkpoints  {Tick yes}

Diff adjustment changes  { No , generally bad}

The Reward insta-mine  {No , possible deal breaker for me} {See Goldcoin's "success"} {you can see they are trying very hard to memory hole this issue} 

And here in lies the problem of having a centralized master node.

Now it boils down to mainly physical security. Our current banking system already has that problem. Only difference is they have the status quo and resources to protect their systems and Peter doesn't.

QUESTION: What would happen if the master node were to crash? Would the network come to a halt? Who or what would decide the depth of checkpointing and validate the checkpoints?

Please read Balthazar's teachings in this thread , you guys need to learn , I'm not a particularly intelligent being and i can seem to understand it.

the other point is , that of course um,...well, just this:

A nations currency supply is "issued" and wait for it , its "issued" into debt, and has "interest" added to it, it is issued by a central authority.

now i know Bitcoin is very controlled and centralized , Bitcoin is really actually centralized because of the very few that hold so many, but that aside , not even Bitcoin as flawed as it is is a "central issuing authority"

so:

How do you even start to compare the two?   

{and i assume you are not stupid}

so to be very clear in my question:

How can you compare a National issuance of central currency INTO DEBT, though the creation of a Bond and then a shell game "open market operation" and then Currency issued/monetaized as a "loan" with "interest" added , for then that to be multiplied by the Fractional reserve system, with the only way of a human to get "currency" is the expend labor or energy or borrow it AGAIN , after it was borrowed into existence, with the double whammy , and wait for this ... the new borrowed money adding to the currency supply and essentially inflating the current actual supply thus meaning the existing human loses more standard of living?

to and with

Advanced Centralized Checkpoints?

Follow me carefully, the way I was comparing them is as follows:

Master Node -> Physical Machine -> Physical Security -> How Banks are secured mainly.

They enforce their PAPER by the status quo of having physical security in the form of Guns, Guards, Walls, Etc.

pool update done for FTC: http://www.guugll.eu:11327/static/

Sounds somewhat familiar to the implementation of ACP - not well thought out.

I am a miner that takes advantage of the Diff drop to 137, it would be wise to change it and get rid of ACP.

Where do you want me to send the holiday cards?

After lookin at "centralization" I first thought "well, that's the end of FeatherCoin".

But after studyin' a bit more, the only thing that's centralized is the checkpoints and because they are always inserted by hand,  it is centralized for every coin already.  Or does everybody here compile their client with their own checkpoints?

Difference now is that it's done more often, makin it safer.  So a lot of fuzz bout nothin.

I'll ask Dr. Kimoto to look into this.  Is it open source?

The 1st hard fork was necessary as it brought Feathercoin back in business. Many other altcoins have changed their difficulty adjustment settings. 3 months have passed, the situation is different now. It's better to evolve up to new reality than to ignore it.



If the checkpointing server(s) security is compromised, a new pair or keys is generated, and the client is updated and distributed to users after an appropriate announcement. If the checkpointing server(s) stop to function for some reason, the network continues to operate as usual and may be 51% attacked also as usual. Only the key owner can add new checkpoints, and even he cannot undo them.

on one point I will diverge they enforce the paper though ignorance,  and the control of information.

a time past.

So it was suggested on the FTC forum that a non-biased party review the code, but it was dismissed.. Very concerning.


Maybe it's my own many concerns with the coin coming up, but now I really think the community should see the code.

https://github.com/FeatherCoin/FeatherCoin/blob/master/src/checkpointsync.cpp

Sunny King made the ACP pull request on the 20th of August. Everyone interested could access and review the code on GitHub like I did. Verified on the testnet in the following days, no vulnerabilities were found. The patch was merged on the 25th of August and the updated client was released officially in 2 days. Those who were interested to participate, they did.

What happens if someone DDoS's the node?

If Bush's node does not work, the network will continue to function as it is doing now. The extra protection provided by ACP won't be there.

So, basically, if someone wants to attack feathercoin, they just need to take out that node first...

That's right. But it could be almost impossible, because he can start another one, even at home PC behind the NAT. It will be interesting to see how they would try to DDoS his ISP. ::)

Wouldn't the main node, be hardcoded into the client? How could he just make a new one? He'd have to upgrade every client on the network, would he not?

No, of course. There is no "main", "master" or "trusted" node. Checkpoints are working just like alerts (https://en.bitcoin.it/wiki/Alerts), using a broadcast protocol. Any node can send them, if it has corresponding private key. It's just a low-level notification messages, which interpreted by your client according to local policy and then relayed to another clients which also relays them. If bushstar's VPS becomes offline, he can send checkpoints from any other machine without problem.

Could you just read the source code? Sunny explained it well there. There are no domain names or IPs hardcoded, only the master public key. Any node may be configured into a checkpointer through its RPC interface.

All premined coins have been destroyed. I have looked over the blockchain and noted the graphs here:

http://www.cryptometer.org/novacoin_96_hour_charts.html

From the research I have done it appears it is as Balthazar has stated all along. All premined coins were destroyed.

There seems to be a lot of FUD going around about NVC at the moment.

Balthazar is a great developer. NVC has widened the gap between itself and PPC over time by balthazars continued development. Look at github. Its a endless field of updates all for the better

mullick, he already knows everything and has nothing to say. FUD (https://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt) is a normal LTC early-adopters behavior, they are trying to protect own investment, that's natural.

Typical of someone that speaks on behalf of FTC, you seem to have the incorrect perception that LTC and FTC are mutually exclusive. And that when someone says something bad about FTC, it must be because they support LTC and don't want competition. That's the stupidest thing around, and is stated usually out of a lack of a valid response to dismiss the issue brought up. While I understand FTC copied the code from LTC (like 90% of alts), I find it amusing that FTC supporters feel that LTC investors find it a threat.

As a decent sized miner, I hope FTC stays around for a very long time, as it steals hash rate from LTC. I also appreciate the link to the code on github, as I wasn't aware it was out there, but my overall feeling is that this is still a very, very bad move.

Feathercoin, as much as it has a close-knit community of supporters, which do work very well together, has a reputation issue outside of their world, and that is caused by numerous reasons:

• A lot of sloppy mistakes with copying the LTC code (leaving private key in?) - I'm not a coder, nor have the skills to create my own coin without more research (I can ctrl-C/ctrl-v with the best of them though), but I have read statements of those that have those skills, and trust their opinion on this. I think many updates LTC made have not been added to FTC yet either

• The trading community, and also the "marketing group" borders on the level of a used car dealership out of work salesforce. When you have your marketing pumping a coin when it is being attacked, and have orphaning miner blocks, and the coin nearly doubles in value with horrible things occurring, people lose trust in the coin. It was clear from reading the forums, that this wasn't being done by individual investors, but people with affiliation to the FTC team. Sure, we'll all trade it and make money as it's simple to read the pumps (and dumps). Obviously every coin gets pumped, but the manufactured "support" that is being directed by those in "official" positions does not earn trust by most. Telling the minions to go upvote any FTC article, and downvote the bad comments is lame.

• Centralization - The coin has not earned that trust as minor or major as the implementation might be. Like everything FTC does, they want to fast-track success, and take shortcuts. Sure, everyone wants their coin to be the best, but stop forcing it. You're trying to build an empire with cardboard cutouts of buildings. Most miners didn't ask for this solution and as I said, I lost a lot of blocks when FTC had the big attack a few months ago

• I won't even go into any rumor of instamine/premining, as I don't want to hear the defenders. Just let this die, we all know it happened, I'm willing to overlook this at this point in FTC's growth
  

Improve your reputation by getting the shadiness out of the coin. Stop trying to pit LTC vs FTC, as you'd find a lot more supporters willing to listen if you didn't act like the spoiled little brother that competes for attention with big brother. It was decided that you'd use the same "genes" to make the coin, and now supporters are trying to distance themselves from it in their aspirations to overtake LTC. It isn't going to happen. Frankly, I don't even know if LTC will succeed. Any form of officially supported centralization won't get you closer.

I wish the entire FTC team was behind a coin that was more unique in its offering, as with the right technology that brought a lot of new things to the table, people would flock to the coin, assuming the claims are truthful (please try and hold back marketing mode to try and tell me how unique FTC is).

It's good that this conversation is taking place here, because only mostly die hard supporters even venture to the FTC forums, so you're dealing with only people with vested interest, and very few non-biased opinions. This is a bad idea.. If you can't take the heat get out of the kitchen, and if the coin can't withstand scrutiny on the bitcointalk forums where the majority of people are, then maybe you should question your long term viability. Stop playing the victim as well. I'm easily won over by truth, I dislike any appearance of shadiness. I'm convinced the people behind this coin are brilliant (sadly, many of the pumpers/marketers are not), but I haven't been able to figure out yet if it's a Bernie Madoff brilliant, or a Richard Branson brilliant.

/rant off.

hard time for FTC even after update - i mean its still work - its not happening alone.
So people enough lessons and now back to work back to mining and supporting and no trolling.
This threat was full of interesting info but somehow the flames over run it and now again is very hard to read between the lines of flames.

anyway its a move so now be patiente and wait, I hope you will get some of the important updates aswell.
 ;)

What if an attacker (instead of DDoS'ing the masternode) steals the private key? Could he then become a masternode himself and generate fake checkpoints?

Yes, he can. But his checkpoints will cause conflict, all clients will switch into safe mode and "Invalid checkpoint found!" or "Invalid chain found!" warning message will be displayed. Stolen key becomes useless immediately after this and checkpoints chain reset would be required to resolve this situation. That's why he must DDoS existing node before, to prevent it from sending checkpoints.

Something does add up here...

Why would the attackers' checkpoint cause conflict? How would the network know that they were created by the attacker, if he used the same private key and/or same physical machine as the "real" masternode?

If the network had a way of knowing this, then this masternode would not be necessary at all. The masternode serves as a "trusted party" - the network trusts the masternode, so if the attacker gained control of the masternode, then how would the network know that the control of the masternode was overtaken?

Where could I read technical information about how exactly this "advanced checkpointing" works?

Hmmmmm......

Yawn, i hope you kids spend lots of energy on this ...

There is a checkpoints chain. All checkpoints MUST follow this chain without exceptions, and even key owner can't violate this rule.

P.S. How much times can you ask the same questions? Read the topic and commit description.

https://bitcointalk.org/index.php?topic=282314.msg3042252#msg3042252
https://bitcointalk.org/index.php?topic=282314.msg3022480#msg3022480

I've seen read some of your other posts, and they seem pretty well stated. Can you let me know what affiliation you have in FTC (if any)? I do appreciate your posts on the topic, and would love to believe they are not biased in any way, which I think might be the case.

No, I have no relations with FTC project.

Actually, I think he just care of the world of cryptocurrencies, and shares some part of his wisdom with those who needs help.
May be he has nervous relationships with trolls, and bad reputation in some people's mind, but you can see by yourself that he is helping many coin creators/developers, even if their coins are just copypasted modified NVC and actually compete with his own creation.
(P.S. I don't mean FTC itself, but many new pow/pos coins) 

He may be the only credible person that I've seen that thinks this move isn't bad.

I like hearing intelligent non-biased other points of view, however I still don't think this should have been implemented.

+1

From a merchant/trade perspective their needs to be confidence that a ORPHANed transaction can NEVER happen

Also FTC had a fork issue a while back ....so maybe that was a close call

This helps with that idea ....it is a mainstream approach but it does add centralization to a coin ...this is a dangerous slippery slope they are entering 

Let's see if this helps their rep with the exchanges and confirmations are decreased.

Congrats.