 Show Posts
|
|
Pages: [1]
|
Exciting month ahead. Time to show what we have built. Imagine being bearish on BSV 4th of February: Genesis Update 9th-16th of Feb: CambrianSV Camp 20th & 21th of Feb: Coingeek Conference London $BSV - Government compliant - Aims to work with existing establishments - Closest protocol to the Original Bitcoin - Scales - Apps can be built on top of it - Videos and images, on chain forever - Actually utilized - Works within law https://www.bsvdevs.com/An article of Favorite Apps on the BSV Chain that work NOW and TODAY: https://bryandaugherty.net/my-favorite-metanet-applications-tools-and-ways-to-earn-use-bitcoin/https://twetch.app is an example of on-chain scaling at $BSV. Not on $BTC. Imagine an ad free environment in Apps. The power of pre-payments also shifts to the buyer instead of the vendor simultaneously lowering costs and improving the content. Twetch App is approaching 10,000 users. Twetch describes itself as a decentralized social network that lets you own your data & earn money for your content. DM their twitter account for access to private beta & sign up at http://twetch.comhttps://twitter.com/twetchappUptimeSV is Distributed, crowdsourced network intelligence. The first network intelligence service to collect real, verifiable user data and pay nodes for doing so, in realtime. https://uptimesv.com/Tokenized is the easiest and safest way to issue, manage and trade security and utility tokens on the Bitcoin SV network. Money Button is a wallet that grants you access to the BSV blockchain of the bitcoin network. It is completely non-custodial, so you are in charge of your keys, coins and financial sovereignty! Money Button works wonderfully as a peer-to-peer payments tool with a simple, functional interface, and a very easy-to-learn interface: Enter an address and slide to pay. Simple. Human-readable addresses and handles! https://www.moneybutton.comBuild your City on Chain! https://cityonchain.com/An example of low fees on BSV: PS how crazy is this: $10 between 200 people, fee of approx 3c (at 1sat/byte) 391 outputs. Nuts. Just crazy, And.... it is going to get WAYYY cheaper. https://twitter.com/riverish333/status/1220824688366059523 Why build on Bitcoin SV? Bitcoin SV is Bitcoin with the original protocol. It can be used for money, but also as a development platform. Creative developers and entrepreneurs are taking advantage of Bitcoin SV's unique capabilities to build amazing businesses and products. They're choosing BSV because: A stable protocol decentralizes power and enables builders to focus on long-term goals, like creating better customer experiences Large blocks allow Bitcoin to scale to handle the world's traffic Microtransactions enable entirely new classes of business models Bitcoin SV is ready for what you want to build—the only limit is your imagination. I think in hindsight BSV will be the obvious winner of the protocol wars. So what are Bitcoin SV’s key differentiators?
UTXO vs Account-Based Global State
Bitcoin uses the “unspent transaction output” (UTXO) model of accounting for the ledger, while blockchains like Ethereum utilize an account-based model. In short, the Bitcoin UTXO model is very simple to account for, and it allows massive parallelization of processing across the network. Complex functions can be pushed to the stack of available scripts which allow various types of virtual machines to function on top of transactions, but the base protocol layer is very simple and clean to settle—especially when transactions are malleable and unconfirmed transactions can be trusted to settle without being double spent.
This is crucial: the bitcoin UTXO model allows reorganization of blocks to have little to no weight in the settlement of unconfirmed transactions or the state of applications running in script.
Therefore, a closely connected, UTXO-based, small world network like Bitcoin SV, never hits a scaling ceiling. Speed and reliability will improve indefinitely as miners cooperate more closely with shared mempool management standards and increased containerization of node functions.
On the other hand, Ethereum (and many other blockchains like it) utilize an account-based system that is far less flexible, less scalable, and more prone to breakdown. Every new block must be settled on every single node to confirm the consensus of the entire global state. Rather than utilizing script atop a simple protocol, the entire Ethereum network is one big computer. It was designed from the ground up to utilize a non-standardized programming language called “Solidity” in order to deploy a largely untested Turing-complete state machine to the world.
The global state model creates many problems
Poorly written smart contracts can cause breakdown of the entire network because of the interconnectedness of all states of the machine. Bugs in smart contracts, multisignature wallets, dapps and other parts of the Ethereum ecosystem have made for large scale theft, permanent hard fork splits of the network and a host of other catastrophes. The exponential complexity of Ethereum compared to bitcoin has also allowed talented hackers to work their way across dapps and steal staked ETH from smart contracts by moving laterally across the network.
On top of the security and complexity issues for deployment, the biggest burden on Ethereum is that complex computations take time, and therefore Ethereum has a very low ceiling of scalability. As such, the introduction of proposals for “sharding” “proof of stake” “Ethereum 2.0” and “Plasma Network” have been floating around for years, but there is little evidence that any of these proposals are anything more than vaporware.
In short, the UTXO model is nimble and secure, while the account or global state model is cumbersome and prone to multiple vulnerabilities.
So Ethereum can’t scale, but why is Bitcoin SV better than other UTXO chains?
This is going to sound tragically simple, but Bitcoin SV is the only project in the history of UTXO blockchains to be brave enough to take the training wheels off. While every other blockchain is ruled by developers endlessly debating theories, the BSV Genesis protocol removed nearly every single limitation of the software to facilitate boundless scale as a data carrier and payments network with more superlatives than any other chain.
The Superlatives
• No Block Size Limit: The only limit to the number of transactions per block is the ingenuity of miners to attempt to mine and propagate blocks to the network.
• Higher Data Limits: Data per block is unbounded, and the data per transaction is best-in-class too!
• Network Topology: Nodes are miners, and any node that is not contributing more than it is taking from the network will get kicked off eventually. Incentives choose which nodes thrive, and the only nodes that thrive are those that cooperate best with the network by bringing the hardest competition. Every other network has an altruistic view of nodes, and that altruism signals their doom.
• World Class Development: Rather than giving the code to everyone on earth to tinker with on GitHub, Bitcoin SV is developed professionally by the Bitcoin SV Node Team in coordination with nChain and CoinGeek Mining. Furthermore, code audits are not mired by years of low-value debate, but handed from the Bitcoin SV Node Team to professionals like Trail of Bits to do paid security audits. The code is published as open source for transparency, but the development and testing phase is purely professional.
• The nChain Patent Portfolio: nChain owns over 200 granted, 800 filed and 1400+ patents in the pipeline; making them the #1 intellectual property owner in the blockchain space. These patents can be used in court against infringing competitors in the future.
• Legal Compliance: Bitcoin SV is the only chain in compliance with the protocols of the bitcoin white paper without encumbrances or compliance issues in regard to laws pertaining to digital signatures, currency issuance, securities/equities and other regulations around token issuance and proof of work.
Meanwhile, there are fewer than ten other actively developed UTXO blockchains in the top 50 coins by market cap. The other projects have either cultural problems or technical problems (most have both) that have led to roadblocks which have knocked them out of the running for use as a world class payments or data carrier tool.
Best examples of ‘competitors’
• BTC Core only allows about six megabytes of data per hour across the network. The scripting language has been truncated and transaction malleability has been removed. As such, BTC is not even attempting to compete in this arena, so it is not a consideration for data or payment usage at a useful scale. By default, Litecoin also fails on this front as it is a very closely developed sister project to Bitcoin Core. It is a common axiom for people to refer to BTC as “gold” and LTC as “silver,” and as such, the economies around both projects are not interested in much more than the speculative asset price.
• The Lightning Network is hailed as the solution du jour to all of BTC and LTC’s scaling woes, but there are so many problems that they are hard to parse down. In short, Lightning Network reintroduces multiple sybil attack surfaces and the Byzantine Generals Problem. It also has multiple game theory issues as there is no profit motive to run a node. Participation in the Lightning Network either requires an unusual amount of trust or a high water mark of technical prowess and infrastructural investment – again without profit motive. Furthermore, all Lightning nodes are likely money transmitters which require licensing and insurance to operate legally which is unfeasible because – for the third time – there is no profit motive inherent in participating in Lightning Network. As such, Lightning Network is not really a competitor to Bitcoin SV and introduces no competitive advantages to BTC or LTC.
• BCH was a promising project for about a year, but the introduction of Canonical Transaction Ordering (CTOR) and Schnorr Signatures has removed its functionality as a reliable timestamp server and bitcoin-style chain of digital signatures. With the further loss of malleability, many of its capabilities in higher level deployment of applications is also reduced. The developers replaced some of those functions with new Op_codes that work differently, but the use-cases have been very specifically targeted at payment functions, and the Bitcoin Cash community has eschewed anything to do with data services. The developers from Bitcoin ABC (the de facto reference implementation of Bitcoin Cash) have also ceased nearly all research into parallelized processing and block size scaling, and instead have created a rift with Bitcoin Unlimited and Bitcoin.com. This has led to little more than Bitcoin Cash’s culture being defined primarily by discord and bickering, so it is hard to estimate where the project is even attempting to move long term.
• The other UTXO-based blockchains in the top 100 by market cap are probably not worth mentioning—so I won’t.
What about EOS, Tron or the other smart contract platforms?
The best way to describe any of the other smart contract platforms is that they are just variations on Ethereum. Rather than proof of work, most utilize a proof of stake or delegated proof of stake model. Some may utilize slight variations of “gas” for contract deployment or have faster block times. They typically have centralized validator node ownership and protocol governance. While some of them have quality virtual machine tools or allow development with simpler language like JavaScript, they all have gaping imperfections.
The superlatives inherent in these platforms must most often be tempered against the fact that consensus is chosen by an oligarchy that printed their token out of thin air. Tron, for example, is almost completely centralized in the hands of their controversial CEO Justin Sun. Meanwhile, EOS has reversible transactions because of their DPoS governance model and use of a sort of “supreme court” that can go back and choose new rules by decree. IOTA introduces ternary (instead of binary) code, and pushes all transactions through a central validator node called “the coordinator,” and there are a million things to lambaste about Ripple and Stellar’s emission and consensus models controlled almost entirely by their internal corporate “validators.”
So who is competing with Bitcoin SV?
This is going to be a hard, red pill for “ThE bLoCkChAiN cOmMuNiTy” to insert, but the only real competitors for Bitcoin SV are a mix of the global payment networks, data carriers and cloud computing platforms. It’s true: Bitcoin SV has leveled up to the point where its only competitors are the big players competing alongside Visa, Mastercard, Verizon, Comcast, Microsoft Azure and Amazon AWS.
Every other blockchain is mired in a scaling war, governance fiasco or has some other deep, fundamental flaw with its culture or technical architecture. As such, Bitcoin SV should not be grouped in as a “blockchain project” in perpetual beta mode. Rather, Bitcoin SV should be analyzed uniquely as a world-class, emergent business tool on the cusp of revolutionizing data and money transfer for the global economy.
Any other key differentiators?
Of course! Bitcoin SV has some of the most unique and insightful tools being built atop it by talented developers utilizing the unique properties of the blockchain.
Planaria Corp, Twetch, HandCash, Moneybutton, UNISOT and many others have flocked to the first blockchain that rewards them for their tenacity! Long dead are the days of debating who is allowed to transact on-chain because Bitcoin SV is designed to handle everything that can be thrown at it.
But, the most important differentiator, and the thing that enables all of this grandeur, is the fixed protocol. Bitcoin SV is set in stone with unlimited scaling abilities. What that means for businesses is that they can rely on the blockchain not to break or shift beneath them. This is why we have seen a mass exodus of entrepreneurs come to Bitcoin SV from Ethereum, EOS, Tron and elsewhere. It is also why global businesses seeking reduced transaction friction and increased data integrity are taking a look at the first “finished” blockchain as a commodity ledger and enterprise business tool.
You might not know it yet, but we have already won. |
|
|
|
https://twetch.appTwetch is transforming the use of social media. Take back your data today!
|
|
|
|
Just Discovered COTI Browsing and digging for new gems off CoinMarketCap I ran into COTI COTI is a fintech platform that aims to solve the challenges of traditional payment systems by building an ecosystem that enables cheap, fast and fair payments to everyone. Ran into the Blockfyre Report on it which scored 55/63 and did some sentiment check on Twitter and a lot of people are bullish on COTI! Check it out and decide for yourselves https://drive.google.com/file/d/1SR5qDuKejcBNygOf-EI-GZfK88j0jdXd/view |
|
|
|
Browsing and digging for new gems off CoinMarketCap I ran into COTI COTI is a fintech platform that aims to solve the challenges of traditional payment systems by building an ecosystem that enables cheap, fast and fair payments to everyone. Ran into the Blockfyre Report on it which scored 55/63 and did some sentiment check on Twitter and a lot of people are bullish on COTI! Check it out and decide for yourselves https://drive.google.com/file/d/1SR5qDuKejcBNygOf-EI-GZfK88j0jdXd/view |
|
|
|
https://unboundedcapital.com/blog/why-we-think-craig-wright-is-satoshi-and-why-that-mattersWhat are your thoughts? Incase you weren't paying attention.... https://www.courtlistener.com/recap/gov.uscourts.flsd.521536/gov.uscourts.flsd.521536.376.0_1.pdfJoin the discussion over at https://twetch.app In my opinion it does not even matter that CSW is Satoshi because of the innovation on Bitcoin SV. Because Craig Wright doesn't matter one bit in a PERMISSIONLESS OPEN FINANCE SYSTEM Bitcoin SV (BSV) has returned to Bitcoin's original design with a hard fork called Genesis, expected to release on 4th February 2020. ... It restores Bitcoin's original protocol unlike Bitcoin Core for BTC and the Bitcoin ABC for BCH who “changed Satoshi's design and refused to massively scale”.
In addition to Genesis, Teranode is what most people should watch out for
CoinGeek announces it will partner with nChain, the blockchain research & development firm, on the Teranode project to create an enterprise-class full node implementation for Bitcoin (BCH-SV). nChain announced Teranode at the May 2018 CoinGeek conference in Hong Kong, and CoinGeek will now provide additional funding and business support for the project. Teranode takes the original Satoshi Vision to the next level. It will enable the true Bitcoin, now represented by BCH-SV (Bitcoin SV), to massively scale to terabyte (1 million megabyte) size blocks, 7 million transactions per second, and global enterprise usage.
CoinGeek and nChain believe terabyte-size blocks are viable and necessary for the Bitcoin BCH-SV blockchain to become the global public ledger of the future. A single terabyte block (added every 10 minutes) can contain about 4 billion Bitcoin transactions, and provide capacity of 7 million transactions per second. The scale of a network with 1 TB blocks would be immense, and enable BCH to power not just monetary transactions but token, smart contract, enterprise application, and machine-to-machine data transactions of many types.
Teranode is the next evolution of Bitcoin SV, the new full node implementation for Bitcoin Cash (BCH). Bitcoin SV is currently competing with Bitcoin ABC in a miners hash vote to become the ruleset for BCH. Developed by nChain at CoinGeek Mining's request and owned by the Antigua-based bComm Association, Bitcoin SV seeks to fulfil the original Satoshi Vision for Bitcoin. It will restore the original Bitcoin protocol, keep it stable and allow it to massively scale. This path is critical to give major enterprises confidence to build their projects on top of the Bitcoin BCH-SV blockchain. Having Teranode planned for the future is another reason why miners and businesses should now choose Bitcoin SV.
Teranode is unique because it will not be a monolithic 'one size fits all' implementation. Instead, the project separates four core functions into a modular microservices architecture approach - making a separate Business (RPC) Layer, Network (P2P) Layer, Process Layer and Storage Layer. This microservices architecture allows a business to customize for its needs, and provides several advantages:
Each component may have multiple implementations that can be easily swapped out for a particular company and its industry needs.
Components can be written using different computing languages, tools and hardware that are best suited to their particular purpose, rather than having to make a single choice for the entire node.
It enables massive on-chain scaling capability. A network aware interface like zeroMQ means components can, but do not necessarily need to run on the same machines. As scaling requirements grow, the components can be further broken down and clusterized to match any foreseeable load requirement.
In addition, the Teranode project will seek to solve a technical issue that arises with a massively scaled Bitcoin network with TB size blocks: how to optimize the unspent transaction output (UTXO) database maintained by nodes to prevent double-spending of Bitcoins. Determining the correct amount of coins associated with each output is an essential set in the validation of a new block. With massive transaction volume possible in 1TB blocks, the UTXO database would also grow immensely. Teranode will seek to deliver a microservice API and software implementations that can support the throughput required for gigabyte (1000 MB) and then TB size blocks. ____________________________ Reasons to be bullish about BitcoinSV $BSV - Government compliant - Aims to work with existing establishments - Closest protocol to the Original Bitcoin - Scales - Apps can be built on top of it - Videos and images, on chain forever - Actually utilized - Works within law https://www.bsvdevs.com/An article of Favorite Apps on the BSV Chain that work NOW and TODAY: https://bryandaugherty.net/my-favorite-metanet-applications-tools-and-ways-to-earn-use-bitcoin/https://twetch.app is an example of on-chain scaling at $BSV. Not on $BTC. Imagine an ad free environment in Apps. The power of pre-payments also shifts to the buyer instead of the vendor simultaneously lowering costs and improving the content. Twetch App is approaching 10,000 users. Twetch describes itself as a decentralized social network that lets you own your data & earn money for your content. DM their twitter account for access to private beta & sign up at http://twetch.comhttps://twitter.com/twetchappUptimeSV is Distributed, crowdsourced network intelligence. The first network intelligence service to collect real, verifiable user data and pay nodes for doing so, in realtime. https://uptimesv.com/Tokenized is the easiest and safest way to issue, manage and trade security and utility tokens on the Bitcoin SV network. Money Button is a wallet that grants you access to the BSV blockchain of the bitcoin network. It is completely non-custodial, so you are in charge of your keys, coins and financial sovereignty! Money Button works wonderfully as a peer-to-peer payments tool with a simple, functional interface, and a very easy-to-learn interface: Enter an address and slide to pay. Simple. Human-readable addresses and handles! https://www.moneybutton.comBuild your City on Chain! https://cityonchain.com/An example of low fees on BSV: PS how crazy is this: $10 between 200 people, fee of approx 3c (at 1sat/byte) 391 outputs. Nuts. Just crazy, And.... it is going to get WAYYY cheaper. https://twitter.com/riverish333/status/1220824688366059523https://pbs.twimg.com/media/EPE9lJYW4AI8A2O?format=jpg&name=largeWhy build on Bitcoin SV? Bitcoin SV is Bitcoin with the original protocol. It can be used for money, but also as a development platform. Creative developers and entrepreneurs are taking advantage of Bitcoin SV's unique capabilities to build amazing businesses and products. They're choosing BSV because: A stable protocol decentralizes power and enables builders to focus on long-term goals, like creating better customer experiences Large blocks allow Bitcoin to scale to handle the world's traffic Microtransactions enable entirely new classes of business models Bitcoin SV is ready for what you want to build—the only limit is your imagination. I think in hindsight BSV will be the obvious winner of the protocol wars.
|
|
|
|
https://twetch.app/Great project, could see this being very big! Essentially a Twitter onchain!
|
|
|
|
Very good article written by 3rd Party Source https://twitter.com/ShitcoinSherpa/status/1102990949674827776Take a deep dive into Sentivate & the Universal web, compare code, and address security & privacy concerns with developer Thomas Marchi. https://medium.com/@ShitcoinSherpa_14974/arity-sentivate-viat-and-a-developer-q-a-with-thomas-marchi-9f5fd8441a00What is it?
In their own words, “Sentivate is a hybrid web built to be a viable & realistic replacement for the modern web.Designed to be faster, safer, & more scalable than any centralized web or decentralized web.”
On to the token…
SNTVT is an ERC-20 token that has been released as a placeholder for their eventual mainnet coin, VIAT. Once Viat launches, SNTVT tokens will be swapped for Viat in what is essentially a 1:1000 reverse-split , except in the fact that coin possession in no way implies ownership. This does change the token economics significantly, though, so I’ll try to break it down as best I can.
The max supply of SNTVT is 4.2 billion tokens. So the total supply of Viat will be 4.2 million. Of course, everything else will also drop in relation to that — meaning Team & Adviser funds, currently totalling 1,050,000,000 SNTVT will then be 1,050,000 Viat.
All team & adviser funds are currently locked, and in all likelihood will not be released until after the Viat swap. I believe a vesting schedule is being discussed, although the current tax climate can complicate matters when you’re discussing a vesting cliff & long-term holding of a cryptocurrency. In addition, one of the advisers didn’t want to receive compensation, and so the team is looking to donate his portion to charity.
On to dev activity…
This review is a bit different from my previous ones. As my writing & review style gradually evolve, I try to think of new things that might add depth to these reviews. For this review, I’m examining dev activity versus another project in the space that claims to be solving some of the same problems, but in completely different ways. I also got a chance to address some of my initial concerns with dev/co-founder, Thomas Marchi. But we’ll get to that a bit later on.
For this comparison, I picked Nexus Earth because it’s a project I had glanced at before, and knew had been active in the space for quite a while. I also had a suspicion that it was either the overly-ambitious fantasy of a potential lunatic, or possibly something shadier. Regardless, I wanted to let the work speak for itself.
Now, if you’re looking strictly at commits, it almost seems like Nexus is really banging it out when compared to Sentivate. But Sentivate generally pushes out a handful of big commits at one time, while Nexus releases a flurry of small commits pretty regularly.
And this gets to why I really like it when projects are listed on Santiment . They make it easy to visualize dev activity, but unlike other Github analyzers, they remove worthless & forked commits from the equation — giving you a much clearer picture of actual work done.
A visual on dev activity is sometimes really helpful. Ask me about their social engagement trendline, sometime
I’d really like to see Sentivate added to their charted assets, but this time I have an actual developer (Sentivate’s Tom) I can consult on commits & code, and I’ll try to include links to resources backing up his statements. So that should give us a much clearer picture of what’s going on in the Github. Here’s a few of the problems he found, as he reviewed Nexus’ code.
Tom:
The developer clearly is still in the early stages.
Why is he still using var instead of const or let, still has empty spaces, still not using classes, poorly-structured project files, doesn’t use eslint with a robust style guide and rule set, doesn’t use async/await, uses new language feature words like async as variable names, not using spread, not using rest, over use of _ as starting character in variable, doesn’t use default parameters, uses the arguments object, no arrow functions, no async functions, doesn’t use Reflect, doesn’t properly loop through object properties, doesn’t make use of any short hand, doesn’t understand the event loop, some variables are named poorly, has race conditions, and doesn’t use template strings. That’s just to name a few issues that pop out at me.
Tom was also kind enough to provide a side-by-side comparison of code style & quality, shown below:
The left side is a sample from Sentivate, while the right is a sample from Nexus.
At this point I realized that there wasn’t enough time left before the sun burns out for Tom to tell me every problem that existed in Nexus’ code. Though, I’d wager he’ll be more than happy to try, if you ask him to. I still think it helps paint a pretty clear picture about the nature of “web 3.0” projects in cryptocurrency.
People paid an unconscionable amount of money for a project that is still delivering terrible code after previous valuation at a $100+mil market cap. This is one of the biggest issues in cryptocurrency, and one of the main reasons I’m trying to up my game as it pertains to reviewing fundamentals.
Special thanks to Tom for taking the time to go over that with me, a bit. It was very enlightening.
On to the team…
A relatively minor pet peeve of mine is team pages not having team members’ LinkedIn pages linked, along with a short bio, but that’s more a matter of making things convenient for traders attempting due diligence than anything else.
That being said, I think one of the quickest ways to demonstrate transparency is by making due diligence easier to perform. Moving on…
Thomas Marchi (Co-founder & Developer)
Tom has been building websites, designs, and mobile apps for local businesses since the eighth grade. In his senior year of high school, he started building an experimental social network (LNKit). He went to college for a short time at NJIT, but quickly realized that the courses were aimed at pumping out entry-level developers, and he already had working apps & paying clients.
Which, honestly, makes perfect sense. You don’t have the patience to train at Arby’s when you already cook like Gordon Ramsay. I’ll let his Github repos speak for themselves as a reference to his education.
Matt Karasiewicz (Co-founder/Finance)
Matt has earned a Bachelor of Finance in Entrepreneurship & Entrepreneurial Studies from Rider University. After University he was a managing partner at Menrvah , and the president of KMA Satellite Inc. , in addition to helping found & secure finance for Arity.
Lew Knopp (Co-founder)
Lew seems like a really interesting guy. Former Navy Seal, founder of Templar Titan Inc. , and Co-founder of the Center for Online Justice. His story is told best on his profile at TT’s website, so click the previous link if you’d like to dig deeper.
For the sake of brevity & review length considerations, I’ll say that they have some highly qualified advisers, and the focus on development is abundantly clear when you examine the makeup of their relatively small team.
When a team is creating something this substantial, I absolutely expect to see this many devs.
At this point I’ll move on to my newest endeavor, a Q&A session with Thomas Marchi. I really enjoyed having the opportunity to (hopefully) improve my reviews by directly addressing my biggest concerns with the developer. I hope that you find that it adds depth to my review, and please let me know in the comments or on Twitter (@ShitcoinSherpa) if you have any thoughts about it.
Q&A with Thomas Marchi, (Co-founder & Developer)
Sherpa: “What security challenges is your team having to address with extending UDP, and protecting from replay attacks, amplification attacks, and other potential vulnerabilities with UDP & 0-RTT?”
Tom: “Excellent question. Most of these issues are actually answered in part by the research done by Minimalt . As we have noted in the many comments on Twitter and our BTC Talk thread, we took our basic inspiration for the protocol and additional DNS functionality from Minimalt.
Packet security & integrity is solved with an AEAD encryption algorithm called xChaCha20. This ensures non-encrypted data in the packet is authentic while keeping the important bits
Private. To setup the initial handshake we used this specific Libsodium API.
This is basically the current standard for setting up an encrypted connection. If a quantum computer implemented Shor’s algorithm, (which solves the discrete logarithm problem in polynomial time), it could brute force widely used elliptical curve cryptography like RSA. We will address quantum computing when it’s realistic to do so. We’ll most likely opt for pushing Supersingular Elliptic Curve Isogeny cryptography into the stack, when it’s reasonable to do so.
We have our eyes on SIDH in particular. It shows fantastic potential for small keys which is a huge concern, as if you can’t get that key into a single packet it’s worthless for data transport protocols. Since packets are only encrypted with xChaCha20 (specific version we use), Shor’s algorithm doesn’t play a part there.
Many attacks are negated by the design of the protocol and of our Domain Information System; Sentivate’s version of DNS. Our DIS utilizes UDSP which is encrypted by default and is mandatory. Think of this as DNSSec built-in.
Replay attacks
In this context it would need to be a man in the middle attack where a person has access to said individuals’ network and can see packets.
TLDR — encryption process, xChaCha20, nonce, timestamps, puzzles, padding, identity certificates, and reactive security.
Replay attacks are automatically negated by the connection encryption process & xChaCha; each message has a unique nonce in which the old one could not be used again & any attempt to do so would automatically result in a red flag. The nonce is factored into the actual encryption process, and thus is mandatory.
During connection handshake it expects this from a single IP, preferably IPv6. In order for someone to send a request from a new IP address (if it’s a remote man in the middle) they would have to have control of the victims keypair(s). Although this security is optional, one could also take advantage of the time stamp data sent with the initial handshake packet. When this time stamp is received it can estimate response time between packets. This in and of itself is useful for spotting a man in the middle attack of sorts.
Amplification attacks
Oddly enough, this is a relatively simple solution, well-documented in both Minimalt, QUIC, and other modern protocols. The trick here is always to raise the cost of an attack or make it nearly impossible to pull off. I view it all from a resource or monetary perspective.
An easy way to handle an amplification attack is to ensure the first packet for the handshake is more than the amount of data sent back. For example, you can introduce padding to be mandatory on the first packet for a service like our DIS. Which means that it’s more expensive to send out the requests on their part than it is on our part to respond to it.
Another way to combat this from our DIS, is from the use of puzzles. For us, a puzzle can be as simple as a hashcash, Dynamic Proof of work, or humanitarian computational work (protein folding) that could yield Viat for both the solver and the DIS. So, if the DIS receives an insane amount of requests from an IP, it can respond with a puzzle.
There are multiple designs that will be up to the DIS/Service to implement or utilize. Since this entire process costs more time, resources, and requires a puzzle to be included for the resending of the handshake, amplification attacks are severally minimized.
Minimalt puts it elegantly:
“Amplification attacks against third parties: At tunnel establishment, MinimaLT may respond to packets from clients which spoof another host’s IP address. This is always the case with the directory service, which initially must react to a request from an unknown party before transitioning to PFS-safe authorization.
A MitM could spoof the source of packets, even while completing a puzzle interrogation. A weaker attacker could elicit a response to the first packet sent to a server. Given this, MinimaLT is designed to minimize amplification attacks, in which a request is smaller than its reply (to a spoofed source address). A connection request causes a connection acknowledgment or puzzle interrogation; both responses are smaller than the request.”
0-RTT
0-RTT on the Sentivate network functions differently than how it’s works on TLS 1.3. In TLS 1.3, a user has to have visited a site prior to even be able to do a 0-RTT handshake. Sentivate doesn’t have this fault; instead everything starts with the DIS.
0-RTT for us starts with our Domain Information System. The DIS returns a solid chunk of information. In addition to routing information, it also includes the certificates for the origin domain, among other optional details. Fun fact: we incorporate geo-location based routing support for our DIS — great for folks in different locations and essentially a front-line load balancer for services.
Reactive Security Identity certificates can be logged and shared by the services on the network. Imagine a network wide naughty list, so other services can automatically block known bad actors.
Sherpa: “What improvements have been made to UDSP over UDP?”
Tom: “UDSP is a reliable, low-latency, adaptable, bi-directional, real-time stream that’s encrypted by default. It’s inspired by Minimalt and Websockets. Although QUIC provided some research-based insight, UDSP took no inspiration from it.
The whole idea of shoving HTTP into QUIC packets I fear may have drastically killed the potential that QUIC could have had. From what I can tell, it looks like QUIC developers may have taken a thing or two from Minimalt, but that could just be coincidence. I used websockets to prototype the initial designs years ago, without even knowing it at the time.
UDSP can stream as many assets as required, out of order, at different times, and from different locations, while receiving real-time app data, and all over the same UDSP instance. A server and client can send messages back and forth and keep the connection open for as long as they like, or close right after the needed assets have been transferred. UDSP was specifically designed with the modern web, modern features, machine-to-machine communication, and the age of IoT in mind.
For example, if you loaded up Binance, first off all its static assets would be streamed to you over a single UDSP connection, and only the assets you required at that specific moment. The UDSP stream remains open and real-time trading data would be sent over it.
Let’s say you click the trading tab. Assets specifically for that view are streamed on the fly to you, and the GUI is built on the fly. Similar to single page web apps; but on a TAAR1 agonist with a slight hint of a 5HT2A/1A agonist. Everything is done over the same UDSP stream; there is no need to spin up additional for the same origin. We are experimenting with multiple tabs also being able to utilize one UDSP stream with specific optimizations enabled.”
Sherpa: “How do you protect against spoofing? Is it a more traditional handshake between two clients, or is there room for middleman attacks that you’re having to anticipate & protect against?”
Tom: “You would require the other user’s ephemeral certificates, and possibly the master signing certificate to spoof another user. However, like I stated before, there are additional counter-measures for that.
Sentivate’s Identity Certificates are actually two keypairs by default. A master certificate, which contains a keypair only used for signing and is signed by the Identity Registrar. The other default certificate is ephemeral and is used for the UDSP handshake. Your ephemeral certificate is signed by the Master and a print is given by the Identity Registrar.
There are also additional experimental time-based signing we have been prototyping that would force certificates that are ephemeral to be signed often. This would allow services to also treat identity certificates like tickets for network access.
What’s great about Identity Certificates is that they can always be changed and you can always upgrade your cryptographic settings. For the layman, Identity Certificates are presented like profiles in the browser and the setup process is painless and largely automatic.
The security measures you can take with ICs are very interesting. First off, say goodbye to ever needing to remember a username or password again. Say goodbye to password brute forcing, and hello to strong cryptographic primitives that keep you and your data safe. Leave your master certificate at home while you take your ephemeral certificates on the go.
You can even get more specific: leave your banking profile at home while you take your social media profiles on the go. To most folks, Identity Certificates will simply look like profiles. You can have multiple ephemeral certificates/profiles signed by the same master certificate. The security on Sentivate is extremely robust and goes well beyond anything the modern web could offer.
Sentivate can do all of this while being faster and lighter. Imagine all the data that’s associated with a typical login for the modern web to Twitter. First you have to establish an encrypted connection over HTTP via TLS. Then you need to input your username and password, and then send a request with those credentials. Then the back-end service has to validate them and respond to you with cookies. These cookies are constant credentials you carry and have to send over for each request.
Now Imagine this: You have this ephemeral certificate that establishes a 0-RTT connection and at the same time logs you into Twitter. Welcome to the future of web technology, Sentivate; the Universal Web.
What is used to identify you is a unique random ID that allows the service to manage your connection and assign credentials to the stream. For those wondering; yes, that means you can send real-time messages to the same user that’s on multiple devices even if you have the connections on different servers or locations.
Those familiar with the back-end of RethinkDBs change feeds and websockets will feel like they walked into the gates of Heaven.
Hardware-Based Security
We would like to combat IP fraud and hacking with hardware specific solutions, dubbed, “NID & PSBs”. It would be the only true way to bring law, order, and accountability to the wild wild west we call the interwebs. However, that will remain proprietary for now. Network/Internet Service providers: hit us up if you want to fix the web. Yes, they sit on the network. No, they are not local or accessible to clients. Think of police for web traffic.”
Sherpa: “If adoption did happen, what possible limitations does the domain name system have? It seems like the rules would eventually lead to a clowpenis.fart scenario.”
Tom: “Actually, we have totally different domain rules and are extremely annoyed with things like domain-squatting and the lack of domain categorization. We have a long list of regulations that protect against this type of downright predatory behavior. There is no “parking” allowed, blatant misuse, or pretending to utilize a domain like GoDaddy and others do.
There are always exceptions but that is only related to trademark usage and personal legal names. We hate this domain abuse practice because it destroys the market and limits growth.
Without going into too much detail, any such attempts would result in a Viat-based fine, the loss of the domain, and potentially the loss of other owned domains. There will be an entire report process for this. The only time where holding is acceptable is during our Shopkeeper expansion, with exceptions. During the network launch, these rules and regulations will be made available to al,l and a grace period will follow.
We fully recognize US Trademark law, but we also recognize that there are predatory trademark practices that go on against the little guy.
Another concern is proper categorization of the web. We hate ICANN. We hate their clear lack of evolutionary concern for the web, and we hate that the US signed its control of it over to chaos.
On Sentivate, if you want to run an e-commerce store, well you have to get a .store domain. If you want to run a legit news source, you best be using .news — if you want to run a social network, it best be on a .social domain extension. There is no .com, but if it is used the Sentivate browser will treat it as a shorthand for .company, and then send it to the DIS to process your request.
Examples:
Google.search
Facebook.social
Newegg.store
Fox.news
UnitedStates.government (Reserved for Gov)
government.us (Reserved for Gov bodies of US)
naughty.porn
IBM.company
NTT.network
bitcoin.cryptocurrency
ethereum.decentralized
libsodium.cryptography
Dota.game
LeagueOfLegends.game
The domain system for us is all about equal opportunity, preventing abuse, providing startups with a variety of naming conventions, anti-domain squatting, organizing the web, eliminating spam, and protecting trademarks while at the same time protecting the little guy.
This will also have an effect on search engines’ practices that prioritize certain extensions. A very silly practice in terms of the web, but it’s done to filter out potential spam on the current web. However, on Sentivate that’s no longer a problem because domains are to be organized according to their service and information.”
Sherpa: “Do you have any concerns about privacy? How are you protecting users’ privacy with a static, undeniable identity? That feels like it could be a problem; almost an extension of the Chinese social reputation system.”
Tom: “Oh, it’s actually the exact opposite of a problem; it’s the solution. Here’s how:
Identity certificates are ephemeral in nature and consist of a keypair and additional typical data, some of which is optional. This ephemeral certificate is signed by a master certificate which isn’t shared unless explicitly asked for and permission is given to the service or wallet transaction.
This identity certificate is your cryptographic Identity which can be changed at any time of your choosing, hence them being ephemeral. Only you know the person behind that certificate and anyone else you tell it to. As far as anyone else knows it’s just a unique cryptographic keypair.
However, if you provide personal details to a service then you are asserting that yes, that is you.
We will accept legal names on certificates to allow for things like democratic voting. There is a procedure for that which we plan on first implementing in the United States. Users would initially
require manual review and processing to have their IRL identity cryptographically linked to an identity certificate and in effect linked to a certificate blockchain. This would be useful for businesses or sellers looking to authenticate to services and buyers that their IRL identity is linked to an Identity Certificate which acts as a wallet address for Viat.”
Sherpa: “How is this project different from other crypto ‘web 3.0’ plays?”
Tom: “I love this one. Web 3.0 is nothing more than a bunch of scam projects with lofty, unreachable, unrealistic goals. A solely decentralized web will never replace the web we have today. It’s downright ludicrous and deceitful to ever suggest such a thing, if the only goal is to replace the existing web.
All of the projects who think they are going to replace the web we have today with a solely decentralized network need to put down the peace pipe, stop taking hard-earned money from folks, and for some — stop pushing your ideology on others in the process.
All this “web 3.0” and “blockchain 4.0” talk is nothing short of buzzwords and hot topic marketing jazz. Anyone with a background in network topologies and protocol development knows that such projects are utterly unrealistic.
Our view for Sentivate is to make a web that is realistic and viable, which can replace the web we have today. Sentivate in every sense of the word has to be faster, more reliable, more secure, more private, cheaper, and do a whole lot more with a whole lot less. It can’t perform just as good. It has to be better in every way, and then some. Sentivate’s web is centralized-focused, but enhanced by its decentralized systems. This is why it has a hybrid topology; so it can actually do what we set out to do.
Developers are concerned with ‘How can I get my users these static assets in less than 300ms?’
Not seconds, not minutes, and not hours.
Decentralized networks create slower apps that offset costs to users. Users have no business paying for the cost associated with Facebook’s infrastructure.
Users like those on Binance need to be able to send real-time instant trades to Binance’s servers, which are instantly verified and matched if there is such an order. All of that happens in ms, not seconds.
Adopting a fully decentralized web would bring our economy to a dramatic halt. It would crash the world economy, it would crash industries, and it will end up killing people in the process. It’s not just a pipe dream; it’s an absurd network design for the web.
I get a kick out of it any time I see these “web 3.0” projects saying they offer real-time updates.
What an absolute joke. Yeah, you pay for a transaction. Then it has to get verified, and then it has to be accepted into the blockchain, and then it propagates to nodes, and that’s when they start ‘counting’ the time in their ‘real-time’.
In the reality where we live, real-time starts when the user clicks the mouse. It shoots directly to the service, users are instantly notified over a websocket connection, and all of that is done in milliseconds.
We don’t see “web 3.0” networks as competitors because they are nothing short of charlatans, weekend developers, or at worst ideologues. We typically see projects sponsored by or led by folks who say things that are either communistic, socialistic, or the usual line “post capitalist system” “reasons” to have the web solely decentralized.
When you try to play god with networks, and inject morality and ethics into them, the result is a poor design and a slow network. When you try to enforce things like that idealistically with blinders on, you end up with people dying. Folks typically don’t realize that the whole decentralization push and open source push was typically involved with a political movement.
Bitcoin and Ethereum were so successful because they focused on implementation and realistic goals, and within a context.
Viat
Now here’s where we take a different approach to network topology when considering Viat.
Viat is the cryptocurrency we are building on top of Sentivate. Viat is decentralized-focused, but enhanced by centralized components. Again, this is the opposite balance to Sentivate’s web, and for good reason. In the realm of cryptocurrency, a decentralized topology is the most rational.
Centralized systems can supercharge aspects of Viat like wallet security, instant transactions, and dedicated transaction verification for the network. The opt-in centralized features, like wallet security allow your funds to be frozen in case of attempted theft. For us it’s all opt-in. You are free to choose your own path, how you wish. Forge your own way on Sentivate and Viat and operate the free market just like in capitalism.
You are free to make your own mistakes or bowl with the bumpers turned on.”
Sherpa: “Do you see UDSP as eventually becoming the standard, or are you more interested in smaller, permissioned spaces — I know the whitepaper specifically mentioned elections & gov’t applications.”
Tom: “UDSP is just an aspect of Sentivate. The entire network as a whole is what we are pushing for the adoption of, as it’s a full package.
We have actually seen changes like this happen in secret already. QUIC has been quietly installed in Google browsers and Google services. Every time Chrome contacts a Google service it makes use of QUIC. IETF saw the efficiency of QUIC, and now they have adopted it into HTTP3. Which only further proves that what we are building isn’t just viable and logical but highly required for the future state of the web.
The point is, moves like this can happen and it can be very easy for the user. Chrome could also support the Universal Web and then users could access both the old World Wide Web and the new Universal Web. That’s exactly what we will be doing with our browser. It’s a stripped down version of the Chrome browser with several front and back-end enhancements. The Viat wallet and profiles can all be done from what everyone would see as a well-designed ordinary beautiful browser.
Let’s talk numbers…
From a business standpoint, stats from Amazon highlight the issue. Every 100ms of delay, Amazon loses 1% of profit, which is in the millions. Every 1 second of page delay for the year costs over 1 billion. Companies have too much to gain not to push for such a switch. The longer they use outdated web technologies like DNS, HTTP, TLS, and yes that still includes HTTP3.”
Sherpa: “I see that this iteration of your whitepaper came out five or six months ago. I know it references the puzzles being explained more in version 2.0 of the wp. Is this essentially a captcha, or more an algorithmic thing that is done ‘under the hood’?”
Tom: “Yes and no. By default it actually ties into Viat’s Dynamic Proof of work system. However, the service can choose how it distributes puzzles and in what form. It would be in the service’s interest and be far more efficient to use Viat’s dynamic proof of work centralized system to serve them out.”
Sherpa: “I didn’t see a whole lot of talk about revenue models. How well is the project funded now, in terms of runway? And how will the project fund itself moving forward?”
Tom: “We are focused more on securing long-term clients utilizing this technology. It’s important to stress Sentivate is a product and Arity (Arity.company) is the parent company. Arity is perusing contracts which incorporate Sentivate in some way, shape, or form. However, we can’t officially comment on that at this time.
Sentivate will always be directly funded by Arity. We have been filed since 2014 and we have a long history of all sorts of activity. We will also be bringing in our profitable apps which have already experienced success, like Hermes (a social media automation tool) onto the Sentivate Network.
Viat has a very interesting economy attached to it inspired by Ayn Rand, Milton Friedman, and Yaron Brook. A topic for another day, though for the sake of time, we can discuss this more in depth in a follow up.”
Sherpa: “Who do you see yourself needing to market to most? End-users, developers, or businesses? Do you have anyone specifically tasked with B2B sales & developer relations?”
Tom: “This is in large part already handled. We don’t expect to be having any issues in that regard. If every single thing fell through from funding, to B2B contracts; you name it. We still have apps that we’ve already tested in markets which have vast holes that only new technology can solve. These apps will only be released and capable of running efficiently on the Sentivate network. Matt has shown great interest in building a crypto-focused exchange using the technology. Nonetheless, that would require a lot of legal guidance at its current state.
In terms of a marketing team, we have been growing that out. We are here to BUIDL just like we have been doing for years. Longer than a majority of crypto projects, and focusing on business sustainability outside of token economics.
We understand longevity and what it means to look 5 to 10 years down the road. In this space, many of these players are looking to be out in 6–12 months. Blockchain has disrupted many industries in the financial sector. It’s about time we disrupt blockchain and decentralization with some cold, hard reality.”
Summary: In conclusion, I think the Q&A really helped me answer some concerns I had, as someone lacking any experience with coding & some of the more technical aspects of this project.
I’m honestly having trouble finding any glaring issues, other than a few small critiques about making their team page & profiles more accessible. The team & advisers’ share of tokens is a bit higher than I’d suggest, but already a portion of that is being earmarked for charity.
All said, I couldn’t be more interested to see how this project develops, and if they can find adoption. They’re looking to solve myriad problems our outdated Internet infrastructure has, and in some unique & potentially brilliant ways. |
|
|
|
|
