Your argument is based on the attacker being able to change TXID of every anon transaction?
Can you do that? Is it that easy? or you just saying that some genius hacker can if he really tries?
It's trivially easy. Maybe 20 lines of python code that use libbitcoin bindings - all I have to do is watch for transactions broadcast that match a certain spec, and then I can rebroadcast hundreds of the same transaction with just the slightest thing changed so that each of those transactions has a different tx id, and voila: the transaction will be included in a block, but with a different transaction ID from the one expected by the automated system. Last time I checked, even Bitcoin is vulnerable if an attacker spends enough money/time to do it. So that's bad also? We both do not know what securities supercoindev has put in place nor how easy it is to change txid-reliance in code. Code isn't finished & public beta test hasn't started. So just wait until it's released before making further accusations.  I hate people attacking each other with mostly assumptions and with a completely biased view. It's not productive. Yes, Bitcoin has its own special set of vulnerabilities all with various levels of likelihood or ease of attack. One would hope that a system based on Bitcoin would at least try to not introduce more vulnerabilities than Bitcoin already has. I'm not making accusations, I'm pointing out where the design is fundamentally flawed. The tx id malleability is the least of my concerns, so don't conflate the two. The system is fundamentally flawed, and it should be dropped in favour of a system that has provable and verifiable cryptography and mathematics behind it. In fact, the coin itself is not flawed, all the developer needs to do is dump the flawed system, come up with a new one that isn't broken, publish a whitepaper on it that express (mathematically) the underpinnings of the system, and then open it up for debate and discussion. But he won't. Just like every other altcoin "developer", he'll push out diagrams and walls of text meant to demonstrate technical ability, and then write and release shoddy code that embodies a broken design. No mathematics. No cryptography (who needs that in a cryptocurrency, after all). No research. No discussion among clever people that can make a good design even better. Because who needs all that stuff when you can have a diagram hastily shoved together in PowerPoint! /rant |
|
|
|
Don't pay too much attention to the user roles on this forum. The names are much like the titles used in business mostly self-glorifying. Legendary simply means my activity is above a certain number (the same goes for hero members). If anything, that shows I have too much time on my hands.
So you're saying you're not the CEO of Bitcoin?  |
|
|
|
Ok I personally had to disturbed our dev during this hardworking time and he took time to answer me. I don't really get the XC/Supercoin "war" (from both sides) and I won't go any further than posting this because my specialty is finance, not tech. the malleability issue is fixed in bitcoin 0.9.0, this is not an issue. The worst scenario is that the p2p trustless transaction will not go through, no one will lose any coins.
btw, strasboug replied the questions. I think overall his views are correct. This is not an issue, and even txid can change in very rare cases (supposely already fixed in bitcoin 0.9), the only consequence it will cause the anonymous send to fail, and coins return to everyone's original accts. It's like a failed tx in p2p marketplace, that's nothing strange to it. Also there are several ways the tx verification can be done (not always need txid) as pointed out by strasboug.
We are a small team, we don't have time to go all over the places. We don't act aggressively. So don't expect all opinions in favor of us. But fact is fact, it will not change, and people ultimately will understand.
Thanks.
/closethread BEEEEEP, wrong! Firstly, not all possible malleability vectors are "fixed" in 0.9, so transactions are still quite malleable and the transaction ID can still change. The other thing is that they've made the changes to isStandard(), which is a function that checks for standardness and not for validity. In other words, very new nodes won't relay or mine tx's that already exist but have been modified and rebroadcast, but most of the network (like 90%) will. Furthermore, there are pools like Eligius that mine non-standard transactions (ie. transactions that would fail these new isStandard() malleability checks but are still perfectly valid transactions). Anything relying on a transaction ID in an automated system is fundamentally broken, and harping on "0.9.0 fixes malleability!" is nothing more than an act of desperation. Oh, and lastly - "the only consequence it will cause the anonymous send to fail" - why would anyone touch a system where an attacker can trivially prevent all anonymous transactions from working? |
|
|
|
But Monero is not truly anonymous, merely pseudo-anonymous. Doesn't that bother you?
Bitcoin is pseudonymous. Monero is on a whole different level. Reducing the anonymity set requires you to forcibly (rubberhose cryptanalysis or some sort of extremely exotic brute force attack) reveal one or both of the user's public keys, and THEN to use some sort of exotic attack to weed out and isolate the true signatures in the ring groups of every output the user has ever created. It is practically improbable, barring some extremely powerful and extremely exotic attack on the cryptographic primitives used in Monero. |
|
|
|
When would you consider it mined out? It seems you have better information than I do!
mined to EQ - sorry i'll refine that : first halving to EQ likely - Monero doesn't have halving, check the "block reward" or "generated coins" graphs on http://chainradar.com/xmr/chartI'm also quite unsure what you mean by "EQ". Perhaps you could use terminology that is commonly known? |
|
|
|
Agree 100%. Design for grandma, and all will be well.
Really nice job overall with the product direction.
One question about the database work. Wasn't that supposed to have started about two months ago? Any progress?
Nioc linked you in, but just to reiterate - the initial abstraction effort was here: https://github.com/tewinget/bitmonero/tree/blockchain, and then about a month ago we moved from abstraction to refactoring and further abstraction, which is here: https://github.com/tewinget/bitmonero/tree/bc2. It's a lot of work that requires an incredible amount of discussion before something is done so that we cater for edge-cases. Incredibly painful, but we're getting there:) |
|
|
|
how can i make the GUI work on OSX? i just installed Qt libraries but i get this error message. /Users/***/Downloads/Monero.app/Contents/MacOS/bitmonero ; exit;
Systems-MacBook-Pro:~ ***$ /Users/***/Downloads/Monero.app/Contents/MacOS/bitmonero ; exit;
dyld: Library not loaded: /Users/ric/Qt5.3.1/5.3/clang_64/lib/QtQuick.framework/Versions/5/QtQuick
Referenced from: /Users/***/Downloads/Monero.app/Contents/MacOS/bitmonero
Reason: image not found
Trace/BPT trap: 5
logout Try download it again - the OS X build with the static libs has been uploaded. Now I'm fighting through the Windows equivalent...and then on to Linux! |
|
|
|
Perhaps people are seeing Litecoin and Dark for what they really are and are either moving into Bitcoin or perhaps taking a position in Monero before the GUI and blockchain db fixes are released?
Once the Monero GUI is released and Monero becomes as easy to use as Bitcoin, we might finally see the end of the shitcoin era.
yeah but i called the Monero "tech insider" gimmick - after its mined out everything will look beautiful and perfect , then a few months will go by , no one will buy it and the few that own it will dump to get the best price ... after all that happens - the free market starts to work. When would you consider it mined out? It seems you have better information than I do! |
|
|
|
Have you read the rest of the Zerocash paper and process? The crypto is seriously cutting edge. I'm educated quite highly in related areas and I can only understand at a higher abstraction level what they are doing. Zero-knowledge proof is very impressive. I'm sure they'll be able to leverage something similar to solve this issue.
This is the essence of the problem - it's TOO cutting edge. Even if you can get past the accumulator problem (which seems, at this stage, quite difficult if not improbable) you have an interesting issue: because the blockchain reveals absolutely nothing, a bug in the extremely new and untested cryptography could allow an attacker to create new coins out of the blue (which is not impossible, it already happened with Bitcoin and they had to rollback the chain pretty much). The difference is that with Zerocash you'd be completely unable to tell this had occurred because of the zero-knowledge blockchain. To steal a phrase from that CryptoNote busting post the other day, Zerocash is a "one trick pony" (pun not intended) - it offers a single, terribly amazing, terribly dangerous, and terribly unproven feature. If, by some chance, Monero is the dominant private cryptocurrency by the time ZeroCash is ready, will that feature be compelling enough to make ordinary users switch? Or will they be just fine with the privacy Monero provides? Monero will have a hard enough time catching up to Bitcoin, and I honestly can't imagine Zerocash's single feature being sufficiently better than Monero's to provide tangible value to the general populace. |
|
|
|
Why monero.cc website is offline. Works for me. The website was offline 18 minutes. Website offline with cloudflare error using google chrome. But I can access it normally using Tor browser. Too bad i cannot download the blockchain. What country are you connecting from? |
|
|
|
Dark and Cloak embrace an obsolete technology: CoinJoin Bytecoin, which is known as one of biggest scam in the cryptocurrency history (premined 83% before launch) gets zero chance to succeed Are you willing to put your money where your mouth is? If coinjoin is obsolete, would you be willing to make a bet ( with escrow) to trace a Darksend transaction? digicoin, you are wrong,especially with the point of view on Bytecoin https://forum.cryptonote.org/viewtopic.php?f=5&t=11&start=10 - CN developers confirms that there were about a dozen of mining group with 10-30 miners in each group. The CN developers have already been irrevocably proven to have purposely faked the dates on their whitepapers (among other things) and are, by default, untrustworthy. It would be unconscionable of us to take this claim at face value, we must, unfortunately, assume that they are lying about this as they lied about many other things. |
|
|
|
Hi!
i didnt read all in here but some questions..
Does snycing always take so much Time? Anything considered to improve that in future?
Is the wallet Safe? Read posts where People Lost coins... Is it true? Otherwise are you all keeping the coins online?
Regards
We are looking at ways of improving this - it's very bandwidth intensive (not so much CPU intensive). It's related to this github issue: https://github.com/monero-project/bitmonero/issues/89 which is pending analysis. Nobody has lost coins just by using Monero; the only time they lose coins is if they lose access to their wallet. People sometimes think they've lost coins because they've used an old version of the CLI wallet with incorrect tx fees, and their transaction falls out the mempool after 24 hours. In this event they need to rebuild their wallet cache, else the funds will appear to be "gone". |
|
|
|
Why monero.cc website is offline. I need to download blockchain. Is there any other site where I can download the monero blockchain?
Nope, it's up - http://isup.me/monero.cc concurs. |
|
|
|
Has anyone suggest "Monero Cache" as wallet title?
Yes - we had a discussion, on IRC if I recall, where everyone misunderstood and thought that "account" was off the table, and spent 4 or 5 hours going through every possible word (made up, non-English, or dictionary words) that we could use. It was kinda funny when we realised that I'd said that "account" was on the table, but the exercise was good. We played around with variations of "vault" or "piggy bank", which have mostly positive connotations but don't convey the sense of being able to transact with it. We also played around with variations of "wallet" (obviously), "cabinet", and "keychain" or "keyring". In the end, the most suitable term we could find was "account", which ticks all of the boxes, and only has the slight downside of implying centralisation. The thing about that slight downside is that the target audience ("ordinary" users) don't care about decentralisation, as long as it works and they have a vague idea that the government can't swipe their funds. After all, it's the same people who regularly sell their soul to Zuckerberg in exchange for another round of Farmville:-P |
|
|
|
"I want to recover my account from my 24 work seed" ?!
You read the line above that image where I said "Perhaps it'll make more sense if I show you a mockup of the second step in the first-start wizard ( please ignore grammar/spelling faux pas) -" right? |
|
|
|
Yes, although Satoshi's white paper didn't have too much algebra...or did it? But I think you're right but I don't really have a grasp of the maths...so...hard for me to say much  The day I see something comparable to this (excerpt from the Bitcoin whitepaper) in an altcoin whitepaper is the day I will do a little dance around the room;)  ok that seems a fair call...but maybe more will be apparent if and when XC is open? Thanks again for your reply, its appreciated Absolutely - once things are fully open and there's a whitepaper then there can be a discussion around the validity and correctness of the mathematics and cryptography presented in the whitepaper, as well as a discussion as to whether the code correctly adheres to the principles in the whitepaper. |
|
|
|
Yesterday I watched the Fireside Chat, patiently waiting user-friendly GUI. Account term is more reasonable. You know Andreas Antonopoulos also don't like wallet term because it's confusing, he sees Bitcoin Core is like key-chain with all the private keys on it. I support "account", non-crypto environment can understand it better.
Right, wallet is pretty confusing for ordinary ppl, as they expect some physical form of it. On the other hand, account sounds more centralized. That's an education thing that we'll have to battle through - getting people to understand that there's no central money control or anything. However, I think the conversation is going to be a lot easier. "You just create a new account, which is completely secure and free, and you can create as many different accounts as you need for you, your wife, your business, whatever. And the great thing is that there's no government or company that controls your money, just like with Bitcoin, so you are in control of your money." vs. "You know how in Bitcoin you have a wallet, and in that wallet you have lots of addresses? Well it's like that, but your wallet only has one address. No no, it's not a physical wallet. No you can't keep your Starbucks loyalty card in it. Ah no, the iPhone app merely connects you to this decentralised network, but that's not the wallet, the wallet is a separate file that has your private key in it. No no, your private key is like a secret password that is in your wallet and that is used to generate your address. Now don't get frustrated with me, it's really quite simple, you generate a private key - I mean the client app generates a private key - and then that's stored in a wallet file that you can backup, and then your wallet has an address. You'll understand it in no time!" |
|
|
|
Exactly right, it's all about BTC, no other coin comes near.
I have a fair amount of litecoin at the moment, but it is to buy bitcoin with when and if the exchange rate improves.
DRK will survive as a minor coin. Most of the Xs are finished, especially XMR.
We're especially finished? Based on what? Facts, please, not supposition. |
|
|
|
I thought you had something worth following until I read this comment. Don't understand, why so uncivil ??
It taints your point of view.
Typical ivory tower complex - when clever people know they're clever and know what they're saying is (mostly) factual they tend to present it from the top of their ivory tower. Often they forget that there are other clever people also sitting in ivory towers, and all they do is shout loudly over each other;) That having been said, if you can wade past the douchebag behaviour there are many things I can't fault OP on or outrightly disprove. Edit: except for his date format. We use year/month/day (South Africa), and Americans use month/day/year, so to see it day/month/year is extremely confusing for me. |
|
|
|
This is a little unclear. You made a very clear and concise explanation of why you thought Supercoin had problems.
Now, however, it seems that you were not aware of how XC's trustless system works, and may have dismissed it prematurely.. Though I am happy to be corrected, but I can't see how you could have if you thought the previous poster meant "every node on the network".
I would be very interested to hear your thoughts on XC as you have a good understanding of these issues, and are fairly measured, and if Cloak and Super do indeed have problems then it may be that XC is the coin which could provide a better solution than Crypto Note coins.
Thanks in advance
Contextually the conversation was around trustless systems - my comment was meant to demonstrate that you can't have a trustless system unless "everyone" is or could be involved. If you require an N-sized subset of the network to validate, then it means you are trusting that nobody in the subset group are malicious. It was quite late and was an unclear comment, unfortunately. Incidentally, I keep coming back to a simple premise: we need to see valid mathematics behind things in order to understand them. These discussions wouldn't happen if whitepapers had more algebra and fewer "diagrams" (such as they are). The knee-jerk reaction here seems to be "just look at the blockchain!" or similar, when looking at the blockchain created by a closed-source application won't reveal the size of the anonymity set. Bitcoin assumes that all (bar 1) connected peers are malicious (it can do nothing about complete isolation), and that should be the basis from which all good cryptography starts. A lot of the "solutions" I see lately start from the assumption that "every peer is basically ok/trustworthy and has no incentive to be malicious", which is patently wrong. |
|
|
|
|
Show Posts
