|
MySQL injection is not "bad", it is a deliberate excuse for people to lose their money.
It is deliberate because only by deliberately refusing to address the simplest most basic aspects of web app programming can it even become at all possible.
It is pretty much impossible to study how secure financial apps on the web are built without learning how NOT to make SQL injection possible, thus the only way to make it possible is to deliberately refuse to actually do secure web app development, instead opting to just spam out any garbage that looks pretty enough to sucker people into putting money into it so you can steal it and pretend it was someone else not yourself who stole it.
Any research at all into how to actually not steal people's money in web apps would cover MySQL injection.
So obviously the programmer knew full well what it was and how to prevent it and chose instead to make it possible.
It is not a "mistake", it is one of the first things anyone researching MySQL + Web apps is told to prevent and how to prevent.
Thus there is probably no point even trying to "help" the perpetrator make a secure system since it is already more than obvious that they WANT there to be a way to hack, because they WANT something to point to as an "explanation" of how it could theoretically not have been an inside job.
No matter how many exploits you explain how to prevent, they will find another one, or will pretend to have made a silly error in implementing what you explained, or whatever they can do to create a loophole they can point to so as to pretend it is not them who is stealing people's coins.
Remember too this is a serial scammer/thief, gosh knows how many times over already.
-MarkM-
|
|
|
|
|
What is stage one, what is stage two, and what is stage three?
Is there a stage at which actual technical specifications of a coin will happen, or does that depend on how many further stages these first three stages turn out to determine to be needed before details such as what type of coin platform or technology to use and so on can reasonably be discussed?
(e.g. is stage one the determination of what technologies eixst that have a chance of being able to secure a ledger? Or is that magically pre-decided so that your so called stage one is details that already assume a certain type of technology, such as a proof of work blockchain or whatever, so that one discusses things like the minting schedule or the hashing algorithm rather than what base tech to even use to being with?)
-MarkM-
|
|
|
|
Understanding the actual issue with 51% attacks of PoW: The problem/solution is not "how much hash power the network has"... But rather it is "how decentralized is the hash power". Even if a network had 100 Th/s nethash.. if that's all controlled by 1 body/pool.. you are screwed anyways.
So this has nothing to do with one algo or another, but rather how many independent solo mining operations are happening around the world that has adopted one protocol over another. Bitcoins history itself was close at one point to having all the hash power centralized. And through self moderation eliminated the risk.
The reason why people like GPU/and Scrypt (at least before these next round of ASICs is coming out) for the last year, is that it seemed harder to centralize Scrypt, than SHA256 ASIC farms. Because of the decentralized nature of GPUs distributions.. and that theory is absolutely still true today..(ahead of ASICs that are just about to come out for Scrypt).
GPUs have limited supply, and more more distributed than any other type of processing available, whether it be ASIC or CPUs...
Please do not mistaken total nethash rate with distributed nethash rate. Those are related, but different issues.
PoW part of bitcoin is just a lottery system.. so the question of security is not how much hash power any protocol can do.. but rather how decentralized a particular a PoW technology/algo. In that sense GPUs will always win out (at least today), in terms of decentralization.
How many GPUs do you need to make solo mining of e.g. litecoin or DOGE worthwhile? As everyone who has not enough tends to join a centralised pool. So thousands of people who all have too few GPUs to feel solo mining to be worthwhile end up all flocking to a very few pools, often not even seeming to care that the pool they chose has dangerously high percentage of the hash power. Do more GPU miners solo mine than ASIC miners who solo mine? Maybe another way to compare would be how many litecoin p2pool nodes are there and how many bitcoin p2pool nodes are there? -MarkM- |
|
|
|
|
Any CPU, GPU or even FPGA coin is insanely vulnerable.
Even with scrypt ASICs the mentality of scrypt miners might be such that no scrypt coin will be secure, since scrypt miners seem mostly to be scammers looking not to secure any blockchains but, rather, to jump around in a kind of bait-and-switch scam, fooling investors into imagining this that or the other scrypt coin is secure (due to its seeming to have hashing power securing it) while really none of that hashing power actually intends to secure the chain at all, rather it is basically eliciting bribes "how much will you pay me to abandon this chain and go mine your latest scam" kind of thing...
Maybe though if litecoin and DOGE adapt so as to be able to be merged together, one or both might manage to retain enough of the scrypt hashing power to eventually become secure?
-MarkM-
|
|
|
|
|
Just start merging coins alongside bitcoin and litecoin. That way you get more bang from your existing hashing gear and don't have to abandon litecoin nor bitcoin to mine more things.
Particularly good right now for small miners are CoiLedCoin and GeistGeld, as even block eruptors can merged mine them alongside bitcoin very nicely (using, for example, p2pool).
-MarkM-
|
|
|
|
|
Start adding to all the coins the ability to be child chains in merged mining.
That way all miners can chose for themselves which coins to support and which one of them to pick as primary chain in the merge, and as many chains as can effectively be merged can all be equally secure, plus we will get to find out what the limit actually is of the number of chains that can effectively be merged.
So far there are only eight working merged mined coins one can merge at once, and that works fine, but it has been only eight a long long time so we still do not know how many more we can effectively merge because we lack coins to add to our merges.
-MarkM-
|
|
|
|
It is not an important experiment, it is a total scam from the get-go.
There's a difference between "scam" which implies intent vs. being irresponsible. It maybe not the best choice/design decision made at the get-go.. but rarely is anything is launched perfectly: you learn as you go. This is evident even in bitcoins own history. So, I would not consider that, "scam from the get-go". You are not familiar with the history then. It was known long ago that scrypt was not secure. Better approaches have long been known. The ONLY reason to deliberately create yet another scamcoin is as a scam. Pretending not to know you are creating a scam is bullshit, it merely is deliberate ignorance pretended by scammers so as to pretend their scamming is not deliberate. They knew well ahead of time that such chains are basically scams, that even the highest hashrate examples are not really secure, that just some stupid meme conjured up more hashpower than Litecoin had almost overnight thus showing even litecoin, far and away the highest hashrate of the lot, was a long long way from having enough hashing power to be secure. -MarkM- |
|
|
|
Cloning a scamcoin is so totally far from that that it is a totally insanely irresponsible thing to do.
-MarkM-
Considering most of all these coins are clones of Litecoin can we safely call Litecoin a scamcoin then? Basically, yes. It was a scam conceived to try to keep buggy-whip makers in business when automobiles were on the horizon. Even if we get scrypt ASICs out in quantity fast it still might never be secure unless it and DOGE adapt so as to be able to be merged mined together. Otherwise one of the two will almost always have less than half of the scrypt hash-power. -Markm- |
|
|
|
|
It is not an important experiment, it is a total scam from the get-go.
A currency needs a secure ledger, so the very first step is to determine whether any ledgers at all can ever be secured and if so how, then having determined the most secure form of ledger start using it to account whatever currency you wish to account.
Cloning a scamcoin is so totally far from that that it is a totally insanely irresponsible thing to do.
-MarkM-
|
|
|
|
So, better some blackhats fuck you up and force you to fix your weak spots than some gov does it when it really thinks it has to.
Sorry but I don't believe in this logic. You can't go before a court of law and declare, "Your honor, I am entitled to this stolen property because John Doe left their front door unlocked", it doesn't excuse the criminal behavior in itself. The whole point of the proof of work system is precisely to prevent judges arbitrating who owns what. That who-ever has the most hash power aribtrates is exactly the entire point. If you want judges in charge just use Open Transactions or MySQL or whatever for your ledger. Then it can be changed by court order no problem. -MarkM- |
|
|
|
If you design a better coin, merged mining pools will happily add it to their merge, granting it the same massive security enjoyed by all the merged coins, to the extent that they have enough valid useful improvements to get added to the merge.
I do agree that new PoW coins are especially vulnerable to be targeted for a variety of attacks. KGW itself was an attempt at closing one of those issues. For any new coins, and even for existing coins, I'm thinking of moving over to PoS personally.. i just don't feel safe with PoW @ low hashing powers. Merging mining is another great idea, which any new coin needs to consider. However, I also wouldn't consider it an impossibility to fix this in SW with existing PoW. It may be a workaround upon a workaround, but gut feel anything is solvable in software.. nothing is impossible to fix. You can simply make a proof of stake coin or a Ripple clone or a NXT clone or whatever and issue in its first block(s) all the coins the Aurora chain shows the ownership of, or issue the coins onto Ripple or other "issue custom tokens" system similarly. So yes it is fixable, but in fixing it you might as well only issue to Icelanders, the whole garbage of having 50% go to foreigners is pointless wastefulness. -MarkM- |
|
|
|
|
Mining should not be profitable except for industries located where electricity is cheap, and even then only if they use the best most efficient mining gear.
Hashing is a commodity, it is designed to find the lowest possible price, the lowest possible wages for its workers, the cheapest most efficient circuits and electrical generators.
Working for a mining corporation is unlikely to be more profitable than working for an automobile manufacturer or any other large scale mass production industry.
For individuals there is likely better opportunity in becoming a unique individual with unique skills and/or services to offer than in becoming yet another generic replaceable unskilled plugger in of machines-that-make-stuff.
-MarkM-
|
|
|
|
Bullshit.
If you design a better coin, merged mining pools will happily add it to their merge, granting it the same massive security enjoyed by all the merged coins, to the extent that they have enough valid useful improvements to get added to the merge.
Look this all goes over my head, I'm not a miner, nor am I a programmer, I barely understand the technological basics of Bitcoin as it is. But as an INVESTOR, stuff like this does not give me confidence in crypto in general. Knowing I could make an investment in a coin that could be wiped out overnight by petulant man children is scary to me, at least with the shitcoins I recognize the risk, can research the origins and make an educated decision on whether I want to put my money there. But stuff like this, all it takes is a day or two of some tribal conflict to make things go sour within hours. Your crew says I should go invest in Bitcoin or LTC because they are "the first" and "the best", well sorry but if the future of Bitcoin is going to be run by you guys, i'll take the Jamie Dimons of the world over this sociopathic behavior. The bitcoin developers are not sociopathic. They added merged mining to bitcoin fergoshsakes, so that altcoins can benefit from the security that bitcoin's massive hashing power can provide. So far only Namecoin, Devcoin, Groupcoin, I0Coin, IXCoin, CoiLedCoin and GeistGeld have working implementations to actually take advantage of that extremely generous capability provided by the bitcoin developers but that seems mostly to do with scammers preferring not to make secure blockchains. Be aware though that some bitcoin miners and pools are sociopathic to the extent of not actually merging all the merge-able coins, so even the highest hashrate merged coin (Namecoin) does not have the full hashing power that bitcoin has. This seems to be partly because some bitcoiners think any co-operating coin is in some way actually a competing coin; somehow a detraction rather than an addition to the family and ecosystem. -MarkM- |
|
|
|
|
Remember bitcoin is just one of a family of eight coins that all can be secured using the same hashing power.
If speed of transactions was a useful/valuable feature, I0Coin's 1.5 minutes or GeistGeld's what, ten seconds, fifteen seconds, or whatever, would surely be fast enough? Many claimed that GeistGeld is in fact TOO fast.
There is no need to sacrifice security for speed. If you think speed is important, how fast do you need? If 1.5 minutes is enough, use I0Coin. If you need almost-too-fast, use GeistGeld.
The main reason fewer merged mining pools merge I0Coin and/or GeistGeld than merge the slower-blocks coins is that consumers have not actually shown enough preference for higher speed, as indicated by the transaction fee volumes of the higher speed coins.
-MarkM-
|
|
|
|
If your argument is that proof of work is a broken system, arguing in favour of more proof of work blockchains is idiotic.
-MarkM-
But yet you want people to only invest in Bitcoin & Litecoin, just because it has more miners on it to protect their broken system, that makes no sense. This is nothing else but a turf war, end of story. Bullshit. If you design a better coin, merged mining pools will happily add it to their merge, granting it the same massive security enjoyed by all the merged coins, to the extent that they have enough valid useful improvements to get added to the merge. Even with only 8 coins so far merged, two of them have not yet convinced most miners to add them to their merge. If Aurora was a good idea it likely could have gotten a whole lot more hashing behind it than the two "least popular" of the current eight merged mined coins. BCX already stated long ago that most of those coins have too much hashing for the propose time travel exploit planned for deployment against Aurora to work against them. So even only getting as few pools as e.g. IXCoin has merging it, it could have been strong enough to resist that one potential attacker (who is maybe not really much of a threat really except to insanely pathetically weak blockchains that don't even bother to implement merged mining). -MarkM- |
|
|
|
Talk about drinking the Kool-aid, if you have a broken front door and the only way to keep people from breaking in is to form a human chain around it, guess what, the front door is still broken.
Proof of work is broken, yes. It relies on brute force computation in order to trust raw brute force computation over human legal systems judges courts etc as arbiters of who owns how much of what. Building more broken doors, even more broken, without anyone to protect them at all, is even worse, it is not helpful at all. If your argument is that proof of work is a broken system, arguing in favour of more proof of work blockchains is idiotic. Why use a brute force compution secured/arbitrated system if you do not find brute force computation to be a legitimate arbiter? The whole point of the proof of work blockchain approach is that no one on the planet can muster more brute force computation of the required type than the people who are invested in the family of chains that all are secured by that one same mass of brute force computation. -MarkM- |
|
|
|
If a cartel of a few people can systematically destroy a coin, then crypto is NOT as secure as we think it is and all the good reason to consider getting your money out, now.
The coin that is so pathetically insecure that such can happen is not secure, and if you thought it was you were an idiot. Bitcoin has more SHA256 hashing power than the whole rest of the world all put together, that is why bitcoin hopes maybe to be secure. All these garbage crapcoins which have so little hashing power that just a stupid meme can drum up as much or more hashing power almost overnight were never secure, and by letting people imagine they were they were scamming. It is insanely expensive to secure a proof of work blockchain. Even bitcoin might not have spent enough / be spending enough, spending any less is just stupid, a total scam, just a deliberate criminal irresponsibility scam to scam money out of people because the scammers know most people do not understand the need for massive massive massive hashpower thus do not realise that even bitcoin might not manage to secure itself if the SHA256 hash power of the world fragments and that scrypt is already so fragmented even the highest hash power scrypt coins are pathetically vulnerable still. -MarkM- |
|
|
|
It was expected that bitcoin would always be more valuable than e.g. CDN, UKB, MBC, GMC, GRF, UNS, and especially NKL (since NKL issued twenty times as many coins instead of the same old 21 million coins), but the failure of bitcoin minters to honour the coins they minted seems to have massively suppressed bitcoin's value.
could you expand this thought some more? for auroracoin specifically, the preminers aren't honouring the minted coins. However, we all knew the market valuation for auroracoin was inaccurate due to the premine volume. However, for If a bitcoin miner mints a blockchain currency and holds it, where do they fail to honour the coins they've minted? If a miner trades his currency for fiat or cryptocurrency, hasn't utility and liquidity been increased? Until you issue it to someone else it is not yet issued. Once you issue it, honour it. For example if someone buys one from you using a car, and within a reasonable 90 day or 30 day or 120 day or one year or whatever warranty period comes back complaining that the coin you sold him is not satisfactory, he wants his money (the car) back, refund with a smile. Basically you are a coin dealer. If you believe in your goods you should be happy to refund, albeit maybe with some token little cost to cover your trouble, such as a re-stocking fee. Or, whenever you sell some on an exchange, put 99% or 98% or whatever of what someone bought it with back onto the order books at a slight little change in price, again to cover your time and trouble. That way they can always get back most of what they paid for the thing if they decide it does not afterall suit their purposes. -MarkM- |
|
|
|
|
Scandinavians write better English than most Americans and such.
-MarkM-
|
|
|
|
The problem here, is that Operation Shitcoin Cleanup is targeting new coins who did not have the time to gather enough interest from miners to be secure, but who might in the future. Imagine if they had attacked Dogecoin at its beginning, when there was only a handful of miners. It might never have recovered and become the sucessful crypto it is now.
What I propose as a solution, is to defend the new coins unjustly attacked, until BitcoinExpress and other thugs abandon. Then we'll move to another coin. If the once protected coin fail to gather enough interest from independant miners, we won't protect it again and it will be left to die by the law of the free market, in a fair way.
DOGE is not a successful cryptocurrency, it is a still-dying scam. The value it did bring though was that it showed how pathetically vulnerable litecoin was, and thus how vulnerable any coin is that lacks specialised hardware to secure it thus can be out-hashed by commodity hardware thus can be trashed by whatever stupid meme happens along enticing people to use their commodity hardware for hashing. It might not only be a garbage failure itself but also have proven that litecoin is too. We will see though when scrypt ASICs become the vast majority of scrypt hashing power. Will litecoin plus its merged mined friends prevail or will DOGE and its merged mined friends prevail, or will litecoin and DOGE adapt to be merged mined together so that they both, along with their friends, can all be secured by all that scrypt hashing power? Or will they continue to fragment the scrypt space, continuing to make both of them constantly in danger of having less than half of the world's scrypt hashing power? -MarkM- |
|
|
|
|
Show Posts
