I can't speak for the person you're replying to, but I see this card being played a lot recently, and it gives me pause. Who is Isidor Zeuner, and what qualifies him to evaluate the cryptographic soundness of the proposed scheme as well as the merits and security of the code? I Google'd around to try figure it out, but to no avail.

According to his LinkedIn profile he is an "IT Consultant" whose "mission is to provide quality software solutions to demanding small and medium sized businesses."

His work history details that he has been involved in projects such as "custom functionality for embedded linux devices", "crawling, indexing and retrieval of content", and "web development".

I can find no mention of him on any publication available on arXiv, so given this body of evidence it's safe to say that he is not a recognised cryptographer (or a cryptographer at all).

I'm also not sure if the ShadowCoin team are paying him, but the top review on hie Freelancer profile is quite disturbing.

Don't get me wrong, in today's day and age nearly everyone has had something "controversial" splashed across the Internet, and invariably there are multiple sides to the story etc. etc., but nevertheless I think the term "renowned cryptographer" or whatever should not be bandied about without clarification thereof.

Let the raging debate begin: https://forum.getmonero.org/12/off-topic/186/is-this-logo-blue-and-black-or-white-and-gold

Amir has been in #monero-dev before - when we were trying to decide on an embedded database for our initial blockchaindb implementation, and were leaning towards LMDB, him and I got chatting about it in another channel and took it back to -dev. He basically sold us on LMDB. Beyond that I gather that he has no particular interest in Monero at this point, although he's at least aware of it.

There was no insult from my side - I said you would have a hard time proving you're not a scam given the situation, that is not incorrect. I further said that someone with greater familiarity with the dynamic would need to look at the code, and that is also not incorrect. I'm not suggesting you open-source your code, but you could definitely open-source or privately distribute the investment / betting algorithms responsible for this behaviour.

I don't want an answer from smooth, I want to be treated by the company owner like I am a sizeable investor. Because I am, even after this 90% loss. Continuing to dodge around semantics and my word choices just makes you look guilty

124 896 XMR, all recovered:)

The removal of dust is unrelated to fees - if you have dust it is still going to cost you to sweep it. Two things will change once we have implemented the MRL 4 recommendations:

1. No new dust will be created ever. This is part of the hard-fork changes, as it will mean that on a protocol level nodes will reject transactions that attempt to create unique outputs with no peers in the txoset (although, as a sidenote, new outputs without any txoset peers can be created in expectation of peers existing soon-ish, as long as it is complies with the ^10 / order of magnitude rule and thus isn't unmixable)

2. Existing dust can be spent at mixin 0, as long as the outputs the transaction creates comply with rule 1.

Important update for those that had funds on MintPal

We worked with the former MintPal developers who managed to get the wallet from the server, and we're happy to confirm that we have assisted them in recovering the *full* balance that was on MintPal. If you had Monero on it, you will have received an email from them, and you will be able to withdraw it. Not a single Monero was lost, which really is very fortunate.

Honestly, your attitude here towards investors is terrible. I can forego miscommunications due to the language barrier, but it is clearly insulting to say that investors are "making scandal on the site" and that we're "irresponsible". We're investors in *your* business, we're providing the very foundation your site builds on. We don't mind making a loss, but we want to understand why we incurred a loss, and the explanation is critical as it explains why us or anyone else should continue to invest. If there's something we're misunderstanding then the onus is on you to take the time to explain it to us.

Thus far you've not contacted me (or wpalczynski, I imagine) to walk us through things so we understand why we've made a 90% loss on our investment. Insulting us because we don't have magical insight into what your (closed) source is doing is really not doing you any favours.

Bobbax, I'm starting to feel inclined to label this either an outright scam or something that has been seriously compromised.

"House edge" in gambling means that the house always wins, even if it takes a little bit of time to play out. With CryptoCoins-Dice I'm not seeing that. I've got a reasonably sized portion of your Dogecoin bank invested, and thus far the site profit on Dogecoin is around -832 352 Dogecoin, despite there being a significantly greater number of wins than losses (2.295 million wins vs. 3.268 million losses).

My initial investment in CCD was 3 321 652 Dogecoin. Right now my investment has gone down to 377 475 Dogecoin.

There is no way a casino with a house edge loses its investors 88.6% of their investment, no matter how leveraged they are or how unlucky the casino is.

You're going to have a hard time proving this isn't a scam. Someone far more familiar with martingale and gambling dynamics will have to look at your code to see where you screwed up.

Or maybe this is just the unluckiest casino on the planet?

I would say that Bitcoin is even more at risk due to the ongoing centralisation of mining.

Where Monero is in direct contrast is that the PoW algorithm closes the performance gap between CPU, GPU, and ASIC mining, so even if ASIC miners are eventually created they will not be so significantly more efficient than CPU mining so as to make CPU mining pointless. Thus, in practicality, Monero could operate completely and entirely on solo miners with no pools operating.

I've already pointed out that 1. is nonsensical and not possible, and 2. makes the assumption that deobfuscation is the aim.

The third option that you're missing is: continuously attack Darkcoin masternodes in order to increase the profit of my masternode. Malice doesn't need to come from law enforcement, nor does it have to care about the longevity of the network.

No, you're misunderstanding what a DDoS attack is. DDoS attacks are tangential to the software running on the server.

I can DDoS a server that has every port closed off to the outside world; the minute I send enough multi-packet traffic bound for that IP that the server / router / bordergate / network appliance has to reassemble packets I'm going to cause devastating congestion, forcing the datacenter to block packets bound for that IP at their upstream data provider.

This has nothing to do with the very excellent Bitcoin software or any cryptocurrency cloned from it, it is merely the nature of IP traffic routing. No amount of "bug fixing" in the software can prevent these attacks since the attack doesn't even require the software to be running.

You are incorrect for several reasons.

Firstly, when a server is DDoS'd the reaction of the data centre is almost always to block all data destined for the server's IP at the upstream data provider. Normally this is done on a BGP level. The thing with these BGP requests is that they cannot happen on a minute-by-minute basis, because massive routing changes are potentially dangerous and normally go through a change control process. Typically speaking, a dedicated server would be blackholed upstream on a BGP-level for ~4 hours. A VPS maybe longer by virtue of how cheap it is.

Thus if a sustained attack of 10 minutes is required to shut down a server for 4 hours, how much simultaneous bandwidth is required to kill your proverbial 1 240 masternodes? Well, basically it means you have to attack ~52 servers simultaneously. Now bear in mind that there are plenty of VPS and dedicated hosts that have 100mbps limits, I'd hazard less than 40% have 1gbps on tap, and fewer still with unmetered ports. In the VPS space especially bandwidth is shared between all guests on the host machine, so the actual available bandwidth is far from promised. Thus we can't take your 1gbps theoretical as being valid for all but a handful of masternodes. But let's be generous and pretend that 50% have unmetered 1gbps ports, and 50% have unmetered 100mbps ports, which means the total bandwidth required to knock the 52 servers off the grid is 28.6gbps.

Assuming you're Joe Scriptkiddie and don't have access to a botnet, how much would it cost to launch such an attack? Well I used Str3ssed (one of the many so-called "booter" or "stresser", basically a DDoS-on-demand service pretending to be a network stress tester) to price it out. With their 250gbps of "stresser" capacity a 28.6gbps requirement is trivial. So if we just wanted to attack the network once we'd need to use their "1 Month Ultimate" package, which allows us to attack 1 target at a time for a total of 60 minutes within the month (of course you can change targets and start/stop attacks whenever you want, it's just a total of 60 minutes in the month). Because of that restriction we have to attack 207 masternodes simultaneously for 10 minutes, and then switch to the next group of 207 masternodes, and so on for an hour. After an hour we will have knocked the masternode network offline at least for the following 3 hours, some for even longer. The total cost of doing this once-off attack would be 207 x $50 = $10 350. Not cheap, but certainly not out of reach.

The larger problem is that an attacker only slightly more sophisticated or enabled than Joe Scriptkiddie can pull off a sustained attack without spending a cent. SNMP amplification attacks, for instance, are no longer uncommon. Since SNMP provides a ~650x amplification, it means that a savvy attacker can turn a 1gbps VPS into a 650gbps DDoS device.

Literally the only reason that ludicrous amateur cryptography like this survives is because of the vast technical incompetence of many altcoin proponents. The time will come when someone more proficient sees an opportunity to short a coin or stands to benefit from a downturn, and they will decimate the house-of-cards infrastructure that has been built up.

Oh and your last point is, unfortunately, also not true: if you DDoS all the pools difficulty would not retarget quickly enough for you to have 51% of the hashing power, as the majority of miners have a fallback, sometimes to private pools etc. Also, things like p2pool and solo miners make an attack like this unreliable.

Good question - basically we're still at negative donations:-P

There's a finance report at the beginning of our 2014 Year in Review Missive, not much has changed situationally, but it will in future.

Hah hah - more like South Africanised; we say "ja" instead of "yeah"

Monday's Missive Transcript has been completed and added to the blog post.

Lots of VPS's will terminate mining tasks or processor intensive tasks, but it could also be the host OS taking the task down with an OOMkiller (out of memory killer). Typically speaking a VPS isn't well suited to processor intensive tasks.

Yes -

When a daddy meanbeam loves a mommy moonbeam, then they have a special moment of blockchaintimacy, and they create little baby moonbeam warps. For details see the whitepaper at moonbeam://warp.all.of.the.things.www.com.internet

I Googled for "moon beam warp" and found this:



Coincidence? I think not!

D'oh, I forgot it takes a few minutes to warm up. Using 2 threads (there are 4 processors available due to HT) I hit 65h/s total, upping to 3 threads reduces that slightly, upping to 4 has an even greater downwards impact. So 65h/s is pretty much it.

This is solo mining on the daemon, though...