thank you for the bytes and thanks for the explanation concerning the connections through TOR.
i will try to find out what exactly is send to google. or do you already know this.
I do not know, its difficult to find out since its TLS 443. You can also block it by saying in your /etc/hosts 127.1.2.3 plus.google.com google.com but that will block for all other programs too. To reveal what it is requesting is, if on Linux, run it with strace with filter on file/read/write and network system-calls. |
|
|
|
why does the OS X app try to connect to google?
plus.google.com TCP-Port 443 (https)
What makes you think so? There are no references to any sites (except the default hub) in the source code. because little snitch tells my that the app wants to connect. Seems to be nwjs, the component used by Byteball. Maybe it means NodeWebKit.js and is the browser-bundled up. Google is known for adding a bunch of shit in every source-code they touch to "resolve" something on their servers. This could be information leakage, especially when using it over Tor - who knows what it sends to Google even if it is the hostname and datetime its too much. @tonych, maybe see if there is a default option which has to be turned off when importing/using nwjs? edit: https://github.com/nwjs/nw.js/issues/5343 just one issue, expect 100 more "accidents" by google. edit2: if using the chromiu-args proxy workaround, make it something else than 127.0.0.1, like 127.6.6.6 to avoid more other problems. everyone how is happy that i posted this can send my some bytes. i still don't have any. ZLQAYBCCZT2DBBD6KSLXJYCYR6QMU2VK thank you very much. i am not sure if this is a security problem if you use a VPN. but with tor? if not every connections is torified then this could really leak your IP. i don't want to fud. i am just concerned about privacy. and i am not a hardcore techie. Sent you some as thanks for reporting this finding. If wallet is torified/socksify/proxychains-ng, the call to google will also go over Tor. Will not leak your public IP, but still not good. |
|
|
|
@tonych, concerning nwjs and google requests, the proxy-to 127.7.7.7 solution, to make it better, can the wallet listen on 127.7.7.7:9989 for example, and have the proxy-set to that, with a username+password which is random for each start (proxy http://rand:0m@127.7.7.7:9989 ) - then, the listener if it detects this username+password request on 9989 - log a warning/shutdown, huge fuckup is happpening? May be over-engineering though. |
|
|
|
From the Whitepaper: Reliance on witnesses is what makes Byteball rooted in the real world. Reading through the Whitepaper it seems that the devs took Bob McElrath's "Braiding Bitcoin" idea and solved the consensus problem by using trusted nodes (like Ripple) instead of an algorithm. So it's basically something like Ripple but using a DAG instead of sequential blocks. Kudos for starting somewhere, but this isn't a decentralized solution and is vulnerable to sybil attacks.in the parts 4. Double-spends / 5. The main chain / 6. Witnesses of the whitelist u can see reviews for these cases. Does this project have a double-spends problem? No. @davidovski, all gmen have to do to take down bitcoin is at gunpoint threaten a few people who are running the miners. See Namecoin pool had over 50% hashpower for a while before people even noticed. Bitcoin is useful even to gmen and bankers so they dont take it down. Ina year or so most taxoffices would like to run their own witnesses or hubs. Like they run bitcoin full nodes today to inspect and find who needs to pay taxes. We still have blackbytes though.  |
|
|
|
From the Whitepaper: Reliance on witnesses is what makes Byteball rooted in the real world. Reading through the Whitepaper it seems that the devs took Bob McElrath's "Braiding Bitcoin" idea and solved the consensus problem by using trusted nodes (like Ripple) instead of an algorithm. So it's basically something like Ripple but using a DAG instead of sequential blocks. Kudos for starting somewhere, but this isn't a decentralized solution and is vulnerable to sybil attacks. Hello Come-from-Beyonds sockpuppet. Nice trolling. To all reading except the troll: Byteball is decentralized, trustless between users/nodes, and each user/node must trust his selection of witnesses. This is no diffrent than trusting bitcoin miners will continue their operations and bitcoin node operators. The worst that could happen if witnesses misbehave is they are replaced. Byteball is sybil resistant, you cant do any damage by spawning millions of wallets or fake users. You can spawn a witness but it will only loose bytes as nobody has it as its selecion. You cant even replace all the 12 witnesses with fake ones. |
|
|
|
edit2: if using the chromiu-args proxy workaround, make it something else than 127.0.0.1, like 127.6.6.6 to avoid more other problems.
What other problems and how doing this would avoid them? people have other services bound to 127.0.0.1 listening and think theyre safe. Developers of those services think hey its unreachable. But if you set proxy to it, you allow any other exploits or mistakes in wallet to affect those services. There has been examples of webpages getting posibility to send requests to 127.0.0.1 exploiting all kinds of daemons listening there Defense in depth.. |
|
|
|
Haha, 3 and a half years development? Someone skipped kindergarten? Summer 2015 to winter 2017 is 1.5 years  And hahaha at you not understanding snapshots, yet you feel you are in the position of criticizing anything, hahah. Finally a creative troll again. Trolling lol. Answer Yes/No to following : 1> Is IOTA still broken and are you currently trying to fix it? Of course it's not broken, are there bugs? Of course, whenever you revolutionize an already revolutionizing technology there will be wrinkles to be ironed out, hence us insisting on not letting exchanges list until we are 100% certain all is good. Start to make sense now? 2> Did peoples balance disappear after the snapshot where you had to keep creating new addresses in your wallet until your existing balance eventually pops up?
Which client are you using? Didnt take Satoshi Nakamoto that much time to iron out wrinkles, it was pretty much up and go from 2009. Id say it was pretty revolutionary revolutionizing. |
|
|
|
why does the OS X app try to connect to google?
plus.google.com TCP-Port 443 (https)
What makes you think so? There are no references to any sites (except the default hub) in the source code. because little snitch tells my that the app wants to connect. Seems to be nwjs, the component used by Byteball. Maybe it means NodeWebKit.js and is the browser-bundled up. Google is known for adding a bunch of shit in every source-code they touch to "resolve" something on their servers. This could be information leakage, especially when using it over Tor - who knows what it sends to Google even if it is the hostname and datetime its too much. @tonych, maybe see if there is a default option which has to be turned off when importing/using nwjs? edit: https://github.com/nwjs/nw.js/issues/5343 just one issue, expect 100 more "accidents" by google. edit2: if using the chromiu-args proxy workaround, make it something else than 127.0.0.1, like 127.6.6.6 to avoid more other problems. |
|
|
|
geriatric alcoholic crackhead who regrets his life decisions
Another useless insult? Seriously. Yes 100% seriously, I'm not your nanny. I gave you the benefit of doubt that you could act like an adult and actually muster up a response to the question pertaining to what your actual arguments are, but it's clear that it was a waste of calories. You just wasted another few seconds of the universe's existence to the heat death by typing those retarded useless letters, feel ashamed on behalf of conscious existence. The hypothalamus part of the brain is responsible for the basic biological drives, the four 'F's; fighting, fleeing, feeding and fornicating. It looks like you are doing too much of the first, fighting, try doing more of the rest in general, and last one in particular. David is born to fight, he is a true viking. You cannot disregard the ancestry. Potential Einherjar, he is carefully preparing his honorable place in Valhalla, right next to Odin. P.S. Cannot resist, I have to recommend this: http://www.imdb.com/title/tt0862467/. If you can handle this, watch to the end, and actually enjoy, you would never mess with David again  Looks interesting, gonna watch it. Thanks Have you seen Chappie? Marvelous movie. At first half of movie I was like 'no you bastards why do you teach him bad things, to fight and be a gangsta' but then... |
|
|
|
Could a kind soul please tell me how to make a backup of the full wallet in linux?
And another one to be clear: if i link a btc address to the 2nd round of distribution and dont move the btc from it, will i automatically receive the next distributionīs rewards automatically in my byteball wallet?
To backup on Linux: tar -cvjf" ~/byteball.backup_$(date +%s).tar.bz2" ~/.config/byteball or when your Byteball process/wallet is off, cp -varp ~/.config/byteball ~/byteball_backup_$(date +%s) As long as you have bitcoins on your linked address, the link remain and you will receive in other rounds too. So link once, dont move bitcoins, profit. |
|
|
|
Try to get into IOTA before it hits exchanges. It's a Directed Acyclic Graph, so it solves a lot of Bitcoin's problems in scalability. The more people that use it, the faster the system becomes, and there are no transaction fees! Check out the announced foundation members: https://forum.iotatoken.com/t/current-revealed-foundation-members/1098This is a serious project that will explode once it's listed on exchanges. Is byteball a clone of iota? No. Byteball has declarative smart contracts, private untraceable assets etc. Iota is shit, see the IOTA Unmoderated thread. |
|
|
|
Byteball is as good if not better than Monero and Zcash. Check it out. A blackbyte transaction is not even stored anywhere public, only a spend-proof is transferred between wallets. Install Byteball wallet, go to cryptox.pl and buy some few bytes, go to the slack channel or here in marketing-department to buy some blackbytes, then setup tor, and use blackbytes over Tor and you are golden. Golden.  |
|
|
|
geriatric alcoholic crackhead who regrets his life decisions
Another useless insult? Seriously. Yes 100% seriously, I'm not your nanny. I gave you the benefit of doubt that you could act like an adult and actually muster up a response to the question pertaining to what your actual arguments are, but it's clear that it was a waste of calories. You just wasted another few seconds of the universe's existence to the heat death by typing those retarded useless letters, feel ashamed on behalf of conscious existence. The hypothalamus part of the brain is responsible for the basic biological drives, the four 'F's; fighting, fleeing, feeding and fornicating. It looks like you are doing too much of the first, fighting, try doing more of the rest in general, and last one in particular. |
|
|
|
geriatric alcoholic crackhead who regrets his life decisions
Another useless insult? Seriously. |
|
|
|
Me writing this here doesnt take much of my time or energy at all, Im a fast writer, basically all of this is a direct dump of what I think, which is why Im writing it here and not structuring it up on medium or blog posts. Its almost like talking, like this is bitcoin-talk you could say.
Oh, that makes sense . I forgot for native English speakers communication here is much less time-consuming than for me... Anyway, I was sent by my employer to pick a software library or existing application which can handle massive transactions/s with finality/confirmation times below 5min, non of this bitcoin wait for a whole day, for an IoT application we are building, naturally I found both Iota Byteball and some others, what I found out is what I shared here for others to read/digest this faster and not waste their time as I did with Iota. If you dont think its valuable you dont have to read it at all.
Ok, I get it now. That explains a lot. Should it be completely decentralized too? Not sure how big the required TX volume is, but for a real business aimed to be launched in a year or less, I would personally consider something less cutting-edge, but more time-proven like regular blockchain-based your own private alt-network. But well, thats me, I am a bit conservative. I am sure you considered all available options. Yes indeed we have been considering that as well, looks like there is a whole class of "Private blockchain" softwares. That idea is not out the window. But me personally would not recommend it, though they still talk about it, Im telling them we need permissionless free/open source otherwise its just gonna be another Enterprise shitware 5 years from now. If they want private/internal-only, and really can control access/authorization, just use OpenVPN/tinc with whatever software on it sending things in cleartext, even standard PostgreSQL/paxos application is then fine. Strongly doubt IoT devices out of our control wont be "modified" or studied, so. Which brings me to, And yes, I believe your input is valuable. Iota folks are the ones whom it should be most valuable to, but by some reason they do not appreciate it. There could be several reasons for that: (a) probably they had too many internal discussion on this during the last few years, and mostly came to some consensus already, so they don't want to listen critics from a newcomer who obviously didn't spend as much time and effort on the topic as they did; (b) your accusations (scam, etc) made them accept your views negatively. That's normal emotional reaction. I see at least one of them - Stiveo, strongly driven by emotions here; (c) they are scammers, they know the truth, but try to hide it from the public. Well, this might be the case, but based on the side-observations I believe this is unlikely. As to me, when I see people are not interested in my opinion, I prefer to save the efforts for the ones who appreciate it, and go to a more friendly environment Again, that is a matter of taste, so it is absolutely normal you are doing different way. Cheers. a) free open/source my expectations were that these discussions should be available for public, like Linux kernel or Firefox. its all in the open/available, so b) when I asked like a normal person they could have pointed me to it, a mailing-list, FAQs or Wiki or Issue-page, but was met with hostility, ridicule etc which led me to assume c) that they have something to hide. |
|
|
|
why there is no real exchange right now? is this coin a scam?
cryptox.pl ......... no this no scam or shit alt coin this is not a serious exchange yet where I would trade soory. why not on bittrex or polo? 10 million market cap now.... Give it a chance. Otherwise you can try the trading bot in the Byteball wallet. |
|
|
|
Hi tonych,
Shower thought (almost certainly a stupid one as always happens when you don't exert deep thinking, as I haven't finished reading the white paper, and have no time right now to research feasibility):
Would it be possible to optionally (because it changes somewhat the privacy/anonymity model) save assets (including blackbytes) in the public DAG as a compressed and encrypted payload (not much differently of what is saved locally today) paying due commissions?
Maybe we could now use a different seed for each asset to generate private keys for them and some hash of these to encrypt assets payload after each transaction.
Wallets would scan the DAG trying to decrypt asset payloads to get balance and history (some optimizations may apply).
Somehow old saved payloads in the DAG could be pruned as assets carry their own history.
Pro:
- Massive improvement in usability, no need to back-up local assets after each transaction (simplicity is beauty).
Cons:
- Privacy model changes (thus to use it optionally) as now assets history only remains private as long as no one discover a way to decrypt the payload which is now publicly available.
- Increased storage requisites for the DAG (but it'd be optional and has costs)
There is nothing stopping you from tar/zipping up, encrypting and storing your own blackbytes as data anywhere public, even on Byteball. But thats just reckless in my opinion, aside from increased costs. There is really no benefit to storing the whole thing in Byteball, if you actually are so certain of your encryption and passwords not getting compromised store it elsewhere were costs are lower. Compared to say storing the data in ipfs and instead paying lower fee by storing the hash to the ipfs data in Byteball. Well actually there is something to explore here. Like this, tar compress the blackbytes data, encrypt with AES passphrase, the sha256sum of the blackbytes.data.tar.bz2.enc is published to ipfs (you are seeding it now). The sha256sum+salt of your passhprase (or just bcrypt or whatever that thing is called) is published as ipns name pointing to the sha256sum of encrypted data. Now you can look up your blackbytes encrypted data if you know the passphrase and lookup in ipns what the hash to the encrypted data is. This ipns name is what you store in Byteball if you really want. IPNS, because if you want to update your data, when sending/receiving blackbytes, you publish that, and repoint ipns to the latest blackbytes-encrypted data which you now also seed. In this way you offload everything to ipfs/ipns and really you dont need to keep any new hashes in Byteball. If you want to help seed/share others encrypted data, and others to help you, well, thats easy if you want to just publish hashes and begin sharing things you dont know what it is, and if you want economical share only other people who also share/constribute, thats more tricky. I wouldnt do this though. Thank you for your reply. I think I could understand your suggestions and they are interesting and have their own merits, but the point of my post was to have all this integrated into Byteball. The goal was to make possible and automated that a mechanism like the one tonych offered today to recover all bytes balances and transactions of any wallet by just typing the seed would also work for assets (blackbytes included). The idea was to use a generated random seed (not a human password or passphrase) not only to generate keys for assets but, via extra hashes of those keys, to generate a random encryption key for each transaction in order to break traceability of saved payloads. Ah I see. That makes sense. The keys are smaller in size than the original payloads but still have to be stored privately and backed up, so the backup problem is not solved.
The best solution of the backup problem is imho multisig.
Sorry if this was addressed previously, but if the backup is a problem (and I believe it is actually), why won't the wallet create a backup automatically after each transaction, and save it to separate designated place (on the same device as a first step). What I am missing here? There was an idea by someone to just zip up the data folder, or even just the parts containing blackbytes, and use that as backup. Maybe that is low-priority feature because multi-device/multi-sig is easier way to backup? |
|
|
|
@NatoSatomato: man, I understand your admiration for Byteball, and I agree it is fantastic technology. But, with all the respect, what I really cannot understand is why you spend so much time and energy attacking IOTA? Let those guys do what they are doing, and lets see what they would achieve. There are problems with IOTA (I don't want to go into details, as I know nobody actually asks for them, and everyone sees them differently), there are issues to overcome, but as far as I understand its none of your (and mine too) business. There are people who work on that. and they sincerely try to make it succeed. Let them do their job. If you indeed like BB so much, why don't you join BB development team, and use your SW development talents to help Tonych and the BB to progress faster? That would be much more productive way to spend your time, than wasting it here basing IOTA, isn't it? And I would tell - it would be much more rewarding in all terms, as you will get much more appreciation, and enjoyment from what you are doing!
Part 2 (if the part 1 above seems reasonable to you, you could skip part 2 at all) One more, unrelated thought... What I really like in IOTA, and what I see as an undoubtful advantage of it over anything else - is the zero fees. You tell BB fees are small, and that (along with other benefits) allows BB to replace IOTA... Well, as per my observations in different areas, zero fees is something hugely more attractive than just small fees. Its like "FREE" software, its is always thousand times more popular than even extremely cheap one. Or look at the markets with zero fees - you see huge transaction volume there. Small fee is still a fee. Zero fee is something of completely different ligue. The fact of being "FREE" opens completely new doors, and usage cases. This is how I see it... I know you will disagree, that's is what you like doing the most . Thats ok, but as an intelligent person you could definitely would the point of what I wrote above Yes the zero fee transaction is very attractive and a huge benefit of IOTA, and basically any tech which has zero fee is tremendous. That idea, zero-fee transactions, is worthy to pursue. Me writing this here doesnt take much of my time or energy at all, Im a fast writer, basically all of this is a direct dump of what I think, which is why Im writing it here and not structuring it up on medium or blog posts. Its almost like talking, like this is bitcoin-talk you could say. Anyway, I was sent by my employer to pick a software library or existing application which can handle massive transactions/s with finality/confirmation times below 5min, non of this bitcoin wait for a whole day, for an IoT application we are building, naturally I found both Iota Byteball and some others, what I found out is what I shared here for others to read/digest this faster and not waste their time as I did with Iota. If you dont think its valuable you dont have to read it at all. |
|
|
|
Hi tonych,
Shower thought (almost certainly a stupid one as always happens when you don't exert deep thinking, as I haven't finished reading the white paper, and have no time right now to research feasibility):
Would it be possible to optionally (because it changes somewhat the privacy/anonymity model) save assets (including blackbytes) in the public DAG as a compressed and encrypted payload (not much differently of what is saved locally today) paying due commissions?
Maybe we could now use a different seed for each asset to generate private keys for them and some hash of these to encrypt assets payload after each transaction.
Wallets would scan the DAG trying to decrypt asset payloads to get balance and history (some optimizations may apply).
Somehow old saved payloads in the DAG could be pruned as assets carry their own history.
Pro:
- Massive improvement in usability, no need to back-up local assets after each transaction (simplicity is beauty).
Cons:
- Privacy model changes (thus to use it optionally) as now assets history only remains private as long as no one discover a way to decrypt the payload which is now publicly available.
- Increased storage requisites for the DAG (but it'd be optional and has costs)
There is nothing stopping you from tar/zipping up, encrypting and storing your own blackbytes as data anywhere public, even on Byteball. But thats just reckless in my opinion, aside from increased costs. There is really no benefit to storing the whole thing in Byteball, if you actually are so certain of your encryption and passwords not getting compromised store it elsewhere were costs are lower. Compared to say storing the data in ipfs and instead paying lower fee by storing the hash to the ipfs data in Byteball. Well actually there is something to explore here. Like this, tar compress the blackbytes data, encrypt with AES passphrase, the sha256sum of the blackbytes.data.tar.bz2.enc is published to ipfs (you are seeding it now). The sha256sum+salt of your passhprase (or just bcrypt or whatever that thing is called) is published as ipns name pointing to the sha256sum of encrypted data. Now you can look up your blackbytes encrypted data if you know the passphrase and lookup in ipns what the hash to the encrypted data is. This ipns name is what you store in Byteball if you really want. IPNS, because if you want to update your data, when sending/receiving blackbytes, you publish that, and repoint ipns to the latest blackbytes-encrypted data which you now also seed. In this way you offload everything to ipfs/ipns and really you dont need to keep any new hashes in Byteball. If you want to help seed/share others encrypted data, and others to help you, well, thats easy if you want to just publish hashes and begin sharing things you dont know what it is, and if you want economical share only other people who also share/constribute, thats more tricky. I wouldnt do this though. |
|
|
|
all I see is a bored chauvinist who has time to troll but no real interest in checking facts, which makes you a liar. I guess you heard that term before. the more people you meet, the more you trigger, it's your nature. you're a dick.
see ya, boring guy
Yeah thanks for the nice welcome to iota community bro.  Great arguments you have as well, "chauvinist troll liar dick", if you want Ill give you a dictionary of adjectives and insults which you can use to describe future critics of Iota. Iota community seems to be running out of insults for me so far. a little bit of self-reflection would help "bro". you don't even see your mistakes or insults. that's what a chauvi does. Why are you even so upset? Did I call you a chauvanistic dick liar or anything at all? Dont be upset at me, be upset at IOTA devs who fooled you. Im just the messenger dude, and if you still so strongly believe in IOTA you can just say "thats like your opinion man", and be done with it, no need for personal attacks. I'm not upset, I'm bored. Have a good life man. Do something about that persecution complex. If youre not upset, then check up your hostility/aggression centre of your brain, may be a tumor. |
|
|
|
|
Show Posts
