Why would "the masses" even ever see the current Ripple client?

Surely they would simply have bank accounts and credit cards, just like now, and maybe not even realise that their bank and their credit card network happen to run on the Ripple network?

Even with bitcoin-derived coins we already see "the masses" not running "full clients", and see developers and those who advise / forum-troll developers posting that the whole way the clients work, how one secures one's wallet and so on all need a whole lot of dumbing-down in order to appeal to "the masses".

-MarkM-

Why should an android app mint coins? Simply an android app that gives away coins that have already been minted should suffice, shouldn't it?

-MarkM-

Apart from not needing to help global warming by consuming vast amounts of electricity to secure the blockchain (since by merged mining you can in effect re-use that same electricity that is already being expended anyway), the main argument for Proof of Stake had been that Proof of Work miners invest in hardware that can attack or defend any chain that uses that type of hashing as its proof of work, thus have no "stake" in any particular coin that they could choose to mine, whereas Proof of Stake miners do need a stake in the specific chain they wish to attack or defend.

All that really amounts to though is that in order to trash a Proof of Stake coin they need some way of shorting, or betting against, the chain, that can handle a short or wager large enough to cover the losses their stake in the coin will suffer when they do trash the coin.

So in a sense Proof of Stake coins depend upon the unavailability of means of wagering or shorting whereas Proof of Work coins depend upon unavailability of more-profitable chains to mine combined with inability of committed mining operations to muster enough hashing power to defend the chain. (They need enough committed hashing power, in other words. Because uncommitted hashing power will run off to any more profitable activity instead of continuing to secure the chain.)

Maybe though it can also be argued that "shorting" - in the sense of borrowing something - can also be used against proof of work chains: you simply borrow something to buy hashing power with instead of borrowing the coin itself or betting against it. Though you could also bet against it once you are confident you have enough hash power for an effective attack against it.

WIth Proof of Stake though you can get two bangs for your bucks: in addition to any crashing or falling of the coin's value due to your attack, you also can dump your stake too if the chain is still processing transactions after the attack and exchanges are still exchanging the coin after the attack, which could suppress the exchange-rate even more if your stake was a significant amount compared to the depth-at-each-price curve at the exchanges.

-MarkM-

A particularly cute aspect of the attack is that it seems the higher the difficulty of the legitimate blockchain the more leverage (effective multiplying of hash power) the attacker enjoys.

That is not to say that a higher difficulty blockchain is easier to attack, necessarily, but merely that the fraction of the main chain's hashpower the attacker needs seems likely to shrink as the difficulty of the main chain grows.

Just how much the attack can lower the effective difficulty the attacker can enjoy would also effect this ratio though. If the attacker cannot keep the difficulty on their attack chain really really low they would not get as much advantage as they could if they could keep it minimised/minimal.

The advantage seems to be due to the chance of a hash being lucky enough to get into the blockchain.

The attacker makes more blocks, of lower difficulty, than the main chain.

The lower difficulty means each hash has a higher chance of getting a block thus getting into the chain thus counting toward the total "work" of the chain.

The higher the difficulty of the main chain blocks, the less chance any particular individual hash anyone does on it will get a block thus get into the chain, so less of the hashes it does count as "work" for purposes of checking which chain has the most "work".

-MarkM-

Wow, I am amazed there are so many who voted "no".

My impression on seeing the thread title was the notion was so obviously utterly inanely stupid that it was a total non-starter, thus that only people who didn't think it was utterly silly would even bother to open the thread except for LOLs. (Which, as I saw the thread keep somehow popping back up instead fading into the oblivion of pages two and up of topics, I eventually did myself.)

I am surprised by how many people seeing such a stupid topic keep coming up actually bothered to look at it for the LOLs, as a lot of folk don't have all day every day to haunt such a silly forum as this one let alone read the silliest idiotic threads found herein.

-MarkM-

EDIT: Users Online:    5913

And that just at this one moment in time. Seems like hardly anyone voted yet even of those online right now this moment.

Far from it, in fact I made a profit from DOGE when it first came out by buying for a few satoshis and selling for a few hundred and never buying back in (as it has not yet gone down to few enough satoshis to be worth betting on a dead cat bounce or skyrocket).

DOGE did the GPU coin world a great favour by showing that a stupid meme can conjure up almost overnight way the HECK more hashing power than almost any GPU coin had, thus that both litecoin and DOGE are ridiculously vulnerable and all the other scrypt coins are insanely, fiduciary irresponsibility type vulnerable (so vulnerable it is irresponsible to use them for real world financial applications).

That is a great service, as previously people had imagined just a few tens of gigahashes to a couple of hundred gigahashes or so suffice to make an scrypt  blockchain reasonably secure.

Maybe an interesting experiment would be to place a huge wager on BitcoinBets or some such platform, or on many such platforms, that some particular GPU-mined coin would be double-spent by a certain date, then issue a memecoin with no proof of work mining but which can be mined via a pool that "mines other coins", and an exchange that offers a high price per memecoin, in targetted-victim-coin, for the meme-coins and use the pool, once it floods with lots of meme-susceptible miners, to do a doublespend on the target chain once fanbois of the target chain bet that the target coin will not be successfully doublespent...

-MarkM-

I don't really think of that as "the" network being forked. A fork exists, known to a scamsite that convinced someone to download a fake nodes-list and to the person or persons who downloaded that list and ran using it. That hardly seems a case of "the" network being forked, more just a case of one or more suckers falling for a fake network. Once the real network actually hears about it, would it in fact fork, or would it tell the suckers they are wrong and correct them?

Ripple's consensus supposedly would basically tell them they are wrong, ignore them, and I guess it would be up to them whether to trust the scamsite and their fellow scammed-people or all the nodes they just heard about on the other network they just heard about, wouldn't it?

-MarkM-

The big problem with GPU-mined coins is the number of GPUs controlled by people susceptible to memes.

Even litecoin's hashing-power was exceeded by some stupid meme out of the blue.

Luckily for litecoin, that particular meme happened to say "lets be yet another scamcoin!" instead of "lets trash all the scrypt blockchains!" but the next meme might not be so gentle...

-MarkM-

Most plans to profit on crashing the coin's value involve finding a sucker who is willing to loan you coins so you can "short" the coin, or bet against you that the coin will not crash.

Cunicula suggested that shorting is not a problem because any idiot who offers shorts will learn in ha ha pun coming up... short order... that offering such a short is stupid.

But in theory you buy up some number of the coins to get stake, and do a short on which you will profit by more than that stake.

If you can get some idiot to provide you an actual loan of coins you can stake the borrowed coins themselves in addition to any stake you also directly buy.

But probably a more usual method of "shorting" does not even involve anyone actually owning the coins to do it, since lots of sites that let people pseudo-short things let them simply wager that the thing will or will not go up or down in value.

With such a capability on hand, you could buy X number of coins and let them age enough to do your double-spend or whatever, then when ready to do the attack go make a wager worth more than the coins you have at stake that the value of the coins will go down. A lot of betting sites let you just do a binary wager, up or down, no need to even involve how much they go up or how much they go down.

So you then do your attack and, if it succeeds, make sure it gets as close to front page news as possible.

Using simple wagers it might not be as hard to find idiots willing to enable you to do in effect a "short" of the coin, since you do not need not obtain a short from a professional shorting agent but could simply place a wager on BitcoinBets that coin X will whatever by whenever and let any sucker fanboi bet against you that it will not, so I am not convinced Cunicula is correct that  even if you find a sucker once the industry will learn not to offer shorts in PoS coins a second time.

Also, isn't the ability to short considered kind of essential for currencies, assets, etc to go mainstream? If no one would be fool enough to offer shorts on a coin, wouldn't that severely limit the potential of that coin to ever be considered a serious currency or asset?

Also if offering loans at all, just in case the borrower uses them to do a short on the coin, is dangerous, doesn't the lack of ability to borrow a currency kind of limit the chance of that currency ever being taken seriously?

-MarkM-

Even with those, merchants presumably would calculate how many blocks of confirmation they feel they should wait based on how valuable the transaction is.

An info for merchants site could provide a ticker showing the maximum number of blocks in a row the largest most ancient wallets combined could expect with good certainty to generate in a row, and set the number of blocks they want to wait when selling a cup of coffee or an economy automobile or a fleet of cruise ships accordingly.

("Hmm, a fleet of cruise ships, that will put a big dent in their coin-age, and each day I wait before sending the ships those coins age in my wallet not theirs, how many days do I need to wait before I am safe if they own all the coins other than those they just sent to me? " )

(Plus also "I happen to know Mount Fox controls those coins over there, and I trust them, and I also know my rich grandpa owns those there, etc, so realistically the most my customer could own is X many...")

Still, unlimited coin age does sound like every few generations an almost broke family could double-spend a meal out of someone or something like that at least...

In real life though credit card fraud is so horrendously huge that banks and credit card companies try not to let the public find out jsut how huge it is, lest all confidence in their system be lost. So maybe Cunicula might say a few people getting a free rolls royce every few years by double-spending is trivial, and someone might add that repo corps would re-possess the cars anyway, so big deal not a problem?

-MarkM-

Also, 20% of coins being online might or might not be a reasonable guess.

If most people leave their coins in web wallets and exchanges and such, the vast majority of coins seem likely to be online at any given moment.

Whereas if everyone likes to keep their own coins at home on paper wallets and only fire up a client once every [max coin age for stake minus time it takes to use them as stake once fired up] maybe most will be offline at any given moment.

A lot of people in this forum mention that you only need to fire up your wallet occassionally for PPCoin-derived PoS coins for example, and even have sometimes written that once they do fire up a wallet that has aged a while like that it only takes half an hour or so to do the stake thing.

If those kinds of time apply then maybe that would mean coins only being online half an hour to an hour in each 30 days or so... Maybe worse if max coin age for stake is more than 30 days.

If max coin age for stake is 30 days presumably someone with 2/30ths of the coins (1/15th of the coins) should be able with high certainty to get two blocks in a row "on demand" each 30 days?

In the extensive discussions (of actually expected to work PoS systems, not of whatever Sunny made up out of his own head without - proudly without - even reading all that research and discussion), Cunicula calculated for one set of constants for his proposed system that a person with some percent (I forget the exact percent) could do a double-spend once a year but said that would not matter because the amount of wealth any one transaction of such low value that the merchant would not wait an extra number of blocks to confirm would be so trivial that the fraud perpetrate-able by that method would be trivially tiny compared to the normal amount of fraud merchants are long conditioned to expect by standard things like credit cards that they all already have no qualms about using.

-MarkM-

You need a percent of what is, at that moment, actually online doing PoS mining, I think?

Also, it is not coinage but Coin Age that you need. Not number of coins but number of coin-days, so to speak.

Two coins you have had for one day each is as good as one coin you have had for two days type of thing.

-MarkM-

Its a lot more than the ~1GH the (known) attacker is supposedly using, though. Can ~1GH beat ~5 using timewarp? I guess we will find out.

Agreed though that it is pathetically low. We know that just a stupid meme can conjure up 100+ gigahashes almost overnight, so any less is just asking for a "PWN the blockchain(s)!" meme to pop up and PWN it...

-MarkM-

If the money is escrowed they cannot use it to cover their expenses, which, they claim, will mean they won't be able to do the work, which presumably means everyone gets their money back from the escrower. Which all sounds like quite a waste of time unless there is some loophole/scam involved such as this "investor wallet that is not real" scam someone mentioned above...

-MarkM-

Oh also, that bit about marketing costs.

What the heck are they actually marketing? And how? Google Adwords or something? What the heck are they shipping to the customers (if any) who respond to the ads?

That they have marketing expenses already makes it seem even more like a scam. Unless they mean they want us to pay who-ever posts in the forums for them for the privilege of hearing about their more and more scammy-sounding scheme. Less posts about such schemes actually seems a better idea than that...

Is there anyone here who has actually tested their closed-source software and seen that it works, does not steal their othercoin wallets, does not cause their email account to spam all their friends and so on?

If not falling for their "IPO scam" means they won't bother to finish building the thing, that seems more and more like a good thing. Lets not fall for it thus not have to suffer its actual deployment at all.

If they really have the skills there are tons of similar scams they could write code for.

Or if they really really have the skills they could get jobs at Ripple or Mastercoin or somesuch that already got plenty of financing and now just need to actually get code written. (Or in Ripple's case, get more testing and debugging and feature-adding done.)

I would ask who they work for currently and who they developed what for in the past, but it'd be more polite to go read up on all that in the resume / curricula vitae section of their website and visiting their website isn't something I really want to do right now. I am pretty sure I already did once upon a time and was so unimpressed I have no recollection of it or am correctly recalling it as just another vapourware scam IPO.

-MarkM-

If the attack works the price might go down. How is their hashing power looking now? Does it seem like enough yet to counter such an attack? If not likely they'll be available cheap once the attack takes effect, if exchanges re-list them after some kind of damage control or recovery plan is done after the attack.

Realistically they ought not be listed on exchanges at all until they fix their hashing power, as being listed increases the number of people who will be hurt and the incentive for attackers to bother attacking.

-MarkM-

Just how much angel investor money have they burned through in reaching the IPO stage?

From the sound of it their angels were not very competent or they need another round of angel investing before considering an IPO.

That only incompetent angels financed their angel round(s) does not inspire confidence...

-MarkM-

The work is at least equal to the difficulty (well, actually, reciprocally equal; congruent, so to speak).

Adding up difficulty instead of work would make the lucky hashes that happen to be way the heck better than their target difficulty requires from counting as any better than would the worst possible hash that suffices to meet the target. If the attacker is getting way the heck more hashes into the blackchain (way the heck more blocks into the blockchain) thennot counting any work in excess of target on each block should statistically tend to lose the attacker more excess work than the defender, but if the attacker is using lower difficulty blocks then still more of the attacker's hashes will tend to meet the target so the attacker will be having more of their hashes count.

Maybe the attacker's advantage might be less but I suspect the attacker would still have the advantage.

-MarkM-

Oh there is code?

But you need a virtual machine or airgapped machine to run it because you cannot inspect the source code?

Who are they contracting out penetration/exploit/etc testing to?

-MarkM-

Does it even exist? I had the impression there is not even so much as a proof of concept you can download and test, look at the quality of the code of and so on...

For example I see no github nor sourceforge nor gitian nor google code etc URL among the URLs you posted...

-MarkM-