Update:

Exchange:

Exchange is done
- https://github.com/skycoin/skycoin-exchange
- bitcoin deposits
- bitcoin withdrawls
- skycoin deposits
- skycoin withdrawls
- order book

The Angular 2.0 gui for the client JSON API is being integrated right now.

This is not just an "exchange", but
- has "local" wallet (private keys and local wallets) and remote wallet (coins deposited in the exchange)
- has a thin client, API, so that you can get unspent outputs and inject transactions
- is multi-coin (the coin handling is pluggable, so that we can add new coins over time)
- does not use HTTPS or even IP addresses. Is designed to identify the server by public key and to run over meshnet/darknet eventually. Crypto is secp256k1 with ECDH and chacha20. Will have first level of crypto at meshnet and identification of server by public key, then ephemeral transport layer encryption.
- accounts with the exchange are 33 byte secp256k1 public keys
- eventually you will be able to disable the order book and most of the coins and use the "exchange" server as a thin client API for querying unspent output balances and injecting transactions from thin clients (this is the API the multi-coin mobile wallet is being built on)

Still a lot of work on this

The idea is that you do not hold the coins in the exchange. So if the exchange is attacked and coins are stolen, you will not care.

You can move skycoin into the exchange in 2 to 10 seconds, perform your trades and then withdrawal the coins back to your local wallet. There is a "local wallet" for each coin, where you can withdrawal your litecoin, dogecoin, ethereum to and where you control the private key for each address. Without having to run the blockchain for each coin.

This solves the problem, that people are trading on dozens of coins and never withdrawing the coins to their wallets, because they cannot have the blockchains installed for twenty seperate coins.
- therefore the users never withdraw the coins
- therefore the exchanges sell coins that do not exist and that they do not have, knowing that the user will never withdraw them.
- this avoids the problem of where the exchanges are running on fractional reserve and where when a large user attempts a withdrawal, the exchange has to go and buy up the coins from other exchanges (who may not have them and in term has to buy them from another exchange).

Meshnet

Meshnet is in version 12 and is passing unit and integration testing.
- https://github.com/skycoin/skycoin/blob/master/src/mesh2/examples/integration2/integration2.go
- https://github.com/skycoin/skycoin/tree/master/src/mesh2
- https://github.com/skycoin/skycoin/tree/master/src/mesh3

Pluggable transport is working.

The mesh network is being heavily refactored.

You can currently
- spawn nodes (identified by public key)
- create a pluggable transport and attach it to the node
- create "routes" or source-routed multiple hop paths, that allow communication between nodes
- run a tun/tap VPN on linux/OSX over a route

The meshnet should be ready for general use by version 14 or 15.

Things that are not done
- analytics (one way latency, round trip latency, transport throughput, reporting)
- multi-homing
- network topology reporting/route finding service
- everything

Dev Priorities

Development is chaotic because we are currently developing five separate applications.
- exchange
- wallet
- transaction database/explorer API backend
- consensus
- meshnet
- CX
- mobile wallet
- multi-coin API
- etc...

Development Priorities
- get website up for wallet/exchange client downloads (build process is fixed now)
- exchange (skycoin/bitcon liquidity)
- get first consumer version of meshnet out
- get first applications out

Once the exchange is working, we should have the wallet download on the website and available for non-developers.

We have two applications now (soon four; wallet, exchange, mesh node, vpn). We have to decide if these should be packaged separately or as one unit with an electron menu for application selection.

Build Status

The builds work on OSX, Linux, Window and ARM.
- The 32 bit windows problem in the crypto library has not been fixed
- All skycoin applications are using a local webserver, which exposes a JSON data API and then an Angular 2.0 web application served statically from local host (which calls the JSON API)

All of the CGO dependencies have been removed from all Skycoin applications and libraries and so automatic cross platform builds are working now.

For GUI we are using Electron, which embeds chrome with the wallet. Instead of using the system web-browser. This increased the executable size from 10 MB to 60 MB.

Wallet Improvements:

New tabs are being added to the wallet, to make data more accessible.





- There is now a tab for seeing the unspent output balances.
- There is another tab for modifying default node connection lists.

We now have the libraries working, for multi-coin support, but it has not been added to the wallet yet.

Applications:

We are doing corporate stuff and dealing with CentOS deployment. I think we will have a suite of self-hosted applications, after the network is running.

Update:

The first packet over the VPN, connected through the meshnet worked yesterday.
- this is a major project milestone.
- We have a multi-hop VPN client running over the Skycoin meshnet namespace. This is the first multi-hop VPN that I know of.

The port of the wallet from Angular 1.0 to Angular 2.0 is in progress and almost done. This means the design firm can start on the mobile wallet and multi-coin wallet.

Cross compilation is working on all platforms now (except for 32 bit windows, because of compiler bug when compiling the secp256k1 library, which causes an "out of registers" error). There are still many Windows XP users in China, so we need to replace the crypto library, to get rid of this bug.

We hired the 4th person to attempt to write the library for getting the unspent outputs for a Bitcoin address (using a local node, not blockchain.info) and they failed. This has been a saga. We will have to iterate the blockchain for each coin, block by block, transaction by transaction, creating a database of the unspent output and transaction set apparently. This is milestone for getting multiple coins supported in the Skycoin wallet.

We switched to Electron from Atom text editor for creating taskbar icons and managing the Skycoin application process startup, because of problems packaging on OSX.

The meshnet/vpn still has no GUI, need json configuration file written by hand and does not have a command-line REPL loop.

Skycoin setup instructions do not work in china because gvm pulls the golang repository from a Google server, that is blocked by the firewall. The installation also often fails even when using a VPN client. We are not sure what to do about this.

The CX design specification is done. We will start on this soon and then begin development of more applications inside the Skycoin networking address namespace.

--- mesh network

There is still a lot to do here
- encryption
- pluggable transport
- asymmetric connection topology support
- multi-homing
- GUI / user interface
- default deployment for wireless setups
- applications
- clean, easy to use application API

We have a lot of interest from multi-national corporations, operating across different jurisdictions who want to use this as an easy MPLS setup for machine-to-machine communication between their application servers.

--- CX

We are getting this working and doing some pilot applications for large financial services firms.

The core technology, is probably better suited for distributed anti-aircraft defense radar and missile systems.

The financial service firms do not know what they want and most of them, just want to replace their SQL databases with a blockchain, but leave everything else the same. The buzz word "blockchain" in financial services, just acts as a distributed database that is good for financial transaction ledgers.

The technology is very banal. Blockchains are just a type of decentralized database. It is not any more exciting than an SQL database.

I think many banks are looking at blockchain technology for dual purposes. I think they are looking at it as a means to decentralize their payment and settlement operations and get out from under SWIFT and the Office of Foreign Asset Control as NATO falls apart.

--- misc news

What is very exciting, is watching US/UN/CIA/NATO try to overthrow the Ecuador government, to stop them from launching a central bank backed digital currency. The new digital currencies are issued by the government central bank, rather than the private banks.

Currently,
- private banks issue the money in the United States and across NATO
- then the banks charge the government interest on the money they create (all money created is debt owed at interest to a private banking cartel)
- then the government taxes the citizens to pay the interest on the money (debt) created by the private banking cartel. Every dollar in taxes, the government collects goes directly back to the private banking cartel. The debt payments consume all tax revenues and the governments are funded by the private banking cartel, issuing even more debt in an infinite debt ponzi bubble (which mathematically can never be paid off and which can only end in default).

If the central banks issue their own money digitally, then there is no pretense for charging interest on money creation through private banking cartel debt bonds. So the existing financial system for extracting all the money from the third world would disintegrate.

The blockchain and digital currency in general, will have dramatic geopolitical implications.

If the money is held in digital accounts at the central bank, then there is no longer a need for deposits at third party private banks. The government can print money into existence, for fixed infrastructure investment and remove the money from circulation gradually over time through taxation. Rather than paying a dozen time the project's cost over its lifetime, in interest to the private banking cartels.

Alternatively the government can withdrawal money from circulation, by "negative interest" or by reducing the account holdings of all currency holders by 5% per year. This eliminates the need for income taxation.

The current international banking system appears to be a ponzi designed to allow trillion of dollars to be created in secret under various methods of accounting fraud and then use it to consolidate control of all the real assets in the world (which is the purpose of the current banking system). The recent response, has been to consolidate control of the banking systm and limit the fraud of infinite free money creation to a small group of only the most powerful families.



I am interested to see if Ecuador is going to succeed or if we are going to see another Operation Condor in Latin America.

In general the oligarchy seems to trying to "lead the change" and ensure that blockchain technology become a new tool for human enslavement. The original purpose of blockchains was to disintermediate the third parties (who no longer have a purpose for existence). The banks appear to be attempting to turn blockchain in a new way of tracking the microchiped human cattle population.

Update:

We have four new developers, each assigned to one task.

Meshnet:

Version one meshnet is almost done

https://github.com/skycoin/skycoin/commit/f959d0875baf990e43ca3f045a9cba82d4d8f24a

This is the sixth or eighth design iteration, so it is very clean conceptually. I was simulating the meshnet packet passing algorithms with punch cards and paper and it works well. You could implement it on a punch card sorting machine and telegraph lines if you wanted to.

Exchange:

Exchange is being refactored and fixed. We have a revolutionary exchange design, that simplifies the exchange, improves the security and enables easy support for multiple coins.

The exchange has a limited number of function
- deposit bitcoins
- withdrawal bitcoins
- deposit skycoin
- withdrawal skycoin
- bid/ask order
- very small number of simple API commands. Very small code base.

The exchange has a JSON RPC, tunneled over ChaCha20 + secp256k1 channel, running over the Skycoin meshnet/darknet.
- man in the middle attack is not possible

- The user has a local wallet, a json file that contains their private keys.
- The identity of the user is their public key
- user signs exchange requests with their public key
- The user has a local wallet and a remote wallet (coin balance on the exchange, coin balance on addresses for private keys held locally)
- the user can withdrawal all coins from the exchange to their local wallet
- the wallet can store the private keys for and sign transactions for all coins supported by the exchange (native multi-coin)

- there is a consistent wallet format and private key storage format for each coin type and it is modular
- other coins can be added easily (shellcoin, bitcoin, litecoin, dogecoin, zerocoin, ehtereum)
- the exchange queries unspent output balances and blockchain state over websocket RPC
- the external coin interface is running on a physically separate computer (not virtualized) and on a different network namespace
- the application running each coin blockchain is separated from the private key and transaction signing server

There is invariant checking on the wallets, so if coins disappear or a 51% attack occurs or some invariant is broken, it should detect it.
- the local user interface is a local web application

There are a number of very  specific things. I am glad they are finally getting done.

Wallet

We have a new build system and modernized our build scripts

- cross compilation is working now
- Windows builds are working
- OSX builds are not working
- Linux builds are working

We should release the wallet again, but we have to add UDNP firewall tunneling and have to fix peer-exchange.

Swiss Banker Protocol

We designed a simple two packet protocol for doing micro-transactions through a trusted third party (the exchange), without going through the blockchain.

R&D: CX

Before the blockchain there was a thing called tuple spaces
- there was a object store
- objects would be stored in the object store
- a process would check objects out of the object store
- a process would modify the object or perform transactions/operations on the object
- a process would check the object back into the object store

- a process could be internal or external (could be an external process, or could be a process running in the tuple store)
- a process could non-destructively read a tuple/object
- a process could destructively read a tuple/object (get copy of it and destroy original)
- a process could instantiate a new process on the object store
- a process that creates a new tuple/object and stores it in the object store

If the tuple store itself is an object, that admits transactions, then you get a blockchain type object
- there is a transaction that instantiates a process, which destructively reads a series of unspent outputs (spends them) and creates a new series of unspent outputs)

There is a class of mathematical objects that are "blockchain like". That are more general than the blockchain. There is an ontology on those objects, which is useful to think about them
- a transaction (an operation that is applied to the object state, mapping it to a new state. The state of the object, is a series of transactions applied in sequence upon the null object. For instance a wikipedia page starts blank, then a series of diff transactions are applied to it). A transaction is a "function on" the object. A transaction has a representation as a byte string and as an operator or the action of a computation being performed on an object.
- a "function of", these are functional type functions (such as the SHA256 hash of the serialization of the object). They do not change the state of the object and are properties, predicates and non-destructive reads and invariant checks
- A communication, an event, the emission of a length prefixed byte string.

Examples:
- a twitter feed starts empty (null object)
- a series of "create tweet actions" are applied to the feed object, to add each tweet

- a wikipedia page starts empty (null object)
- a series of diff operations are applied in sequence to create the head page

- a git repo starst empt (null object)
- a series of commit and add files operations are applied in sequence to create the current file

- a text file starts empty
- a series of edit, delete, insert operations are applied in sequence to create the current document

- a blockchain with all the coins allocated in the first block is created (a series of unspent outputs)
- a series of transactions or operations are applied, which consume (destroy) unspent outputs and create new unspent outputs (the unspent output set is the state, upon which the transactions/operations operate)

Bitcoin type blockchains are simple or one of the simplest types of this this kind of mathematical object
- they have one transaction
- each transaction has a validity invariant (to determine whether it can be applied to the current state)
- there is one type of operation/transaction on the object
- there is one type of object (the unspent output)
- the state is a list (of the one object type, the unspent output set)
- each transaction destructively reads the unspent outputs it consumes (outputs are destroyed) and new outputs are created
- the unspent outputs and the transactions that create and consume them, form a bipartite directed graph

We are planning a very simple scripting language (implemented in 2000 lines of go), called CX. It is a research language for implementing these types of objects.

It is also very good for blockchain business logic.

The problems are
- I proved mathematically that no language with the required properties can have a representation as a text file. The program is actually a program object, constructed by applying a series of operations upon a null program object. I am still trying to imagine what an interface would look like or how to interact with the program objects.
- It is turtles all the way down. It appears to be a self-implementing set of mathematical abstractions. There is a set of symmetries or invariants and set of operations, and the invariant are preserved for all objects in the transitive closure over the set of operations.
- There does not appear to be a difference between compilation and interpretation in the language
- There is a clear difference between "functions on" and object and "functions of" an object
- there is a sort of transitive closure under a type of reification operation on a program (what is the inverse of reification?).

Here is one thing you might do with this type of language or computer
- you take a program that can be represented as x1 as a byte string. x1 hashes to H1
- you take data whose byte string representation is x2 and which hashes to H2
- you apply program x1 to data x2 and get output x3, which hashes to H3

Assumptions
- computation is deterministic
- there is a program, which canonically represents each program or data as a byte string and back. If you serialize any program or object x, then serialize it, you get x back. x = f(g(x)) for all x, where f is serialization and g is deserialization.

You have a network of computers
- each computer runs a program and scans for tuples and grabs or replicates peer-to-peer tuples matching certain properties
- each computer stores a subset of the tuples
- a computer may introduce new tuples

example
- a computer or node stores (H1, H2, H3) (the tuple for program hashing to H1, applied to data hashing to H2, which returns output which hashes to H3)
- another computer scans and matches, then replicates (H1, H2, H3) and then triggers a process, creating another tuple pair, which consumes H3

This is a sort of distributed, fully functional, distributed computer in the Urbit style.

- each node has a key value store (Redis, to store data x1 which hashes to H1 as key -> value, h1 : H1)
- a list of tuples (H1, H2, H3)
- a program/script running on the node which curates, scans, communicates, replicates tuples and key/value pairs when asked

This is an interesting, but weird sort of distributed computer.
- it is fully functional or non-mutable (any two nodes with (H1,H2,H3) with same data , who perform same computation, will get same result)
- nodes can communicate by taking message and signing it with their public/private key and publishing tuple/message, which is then replicated by other nodes
- it is a very simple model of computation, with very few operations

The Skycoin consensus algorithm appears capable of running on this type of machine.

You could also build a file system on top of this type of computer
- a block of data or hash H1, could be a block of data from a movie, text file or MP3
- another block of data H2, could be the list of blocks of data composing a file whose byte string hashes to H3
- another block of data H4, could be the list of nodes replicating chunks of data mentioned in H3

"BitTorrent on DMT". This is some kind of content addressable distributed storage system.

Some of the modes of computations or systems are very general and I do not know what to use them for yet. There is a whole class of types of computation and data structures, besides the blockchain and they have not been implemented or classified yet.

I found one type of data structure, that can be used for syncing workspaces or operating on shared data objects in a peer-to-peer manner. It reminds me of this
- https://en.wikipedia.org/wiki/U-form

- https://en.wikipedia.org/wiki/Tuple_space
- https://en.wikipedia.org/wiki/Linda_(coordination_language)

One of them looks like the pi-calculus or some kind of distributed anti-aircraft defense system. Its a blackboard design pattern, which is primarily used for multiprocessors and aircraft defense systems.
- https://en.wikipedia.org/wiki/Blackboard_system
- https://en.wikipedia.org/wiki/Blackboard_(design_pattern)

The lambda-calculus is the algebra of procedural computation and the pi-calculus is the algebra of communication. There are some interesting implementations of this.





I found another type of data structure that can be used for transclusion in text files.
- https://en.wikipedia.org/wiki/Project_Xanadu

I am calling these "RMA datastructures" or "5GW data structures" because every time I google for them or try to find a name for them. I keep running into


When you generalize the blockchain data structure and you go back down from the generalization to reality, you end up with a set of data structures that has more to do with swarm robotics and distributed systems than anything else. If you have a system with three hundred nodes and processes, you need to be able to prove and verify properties of the system and treat the system itself, as the object you are performing operations on and whose properties you are computing.

If you have a property P of the system, and an operation f (such as destroying 20 of the 300 nodes at random) and the system is in state x, then you want to show that P(x) = P(f(x)), you want to show that it commutes. You want to prove that if two of your five data centers are bombed, that the property P still holds on the system.

You have the system at multiple levels of reification. You have
- processes
- CPUs/servers
- racks
- clusters
- data centers

You have multiple hierarchical layers or projections into "facets" and the programs or operations, must be designed to satisfy invariants or
commutation relationships at each level.

You have a system, which is trying to satisfy the invariant. It is not just passive, but actively reconfigures or attempts to maintain homeostasis. It is operating according to "behaviors" instead of procedures and linear lists of "do A, do B then do C". It is "try to satisfy X and use behavior A, B, or C to accomplish that".

It is the mathematics and ontology of simulation, prediction and action in "hybrid systems".
- The language of systems, computation and communication
- This is the language of biological warfare, of "strategic bombing" protein or genes to modify the behavior of individuals and populations. - The language of psychological operations pystrat and  choosing the information inputs to present to individuals based upon their characteristics to control their behavior and direct the crowd.
- This is the language of allocating cruise missiles and orbital strike weapons to power generation, sewage facilities and communication facilities to do the minimum damage necessary for a self sustaining civilization collapse.
- The language of identify the weak nodes in the networks, whose removal will cause the ability of the network to maintain homeostasis to collapse (at the biological, chemical, infrastructure level, psychological level, civilization level)
- The language of identify which leaders to kill and which to promote to take control of, subvert and infiltrate a social movement.
- The language of Alinsky, PROMIS, block level modeling for network analysis, Palantir, network deconstruction, the language of the CTW model.

Update:

Too busy coding, to update.

Drama:

I am ignoring the drama.

Nothing matters but the software. There are people complaining, but they are not coding anything. I am ready to stab to anyone who is not contributing anything and wants to give advice.

I do not care how it gets done, as long as the software is finished.

Chinese Drama:

Summary:
- One group of Chinese investors is demanding that they take over marketing and project management for Skycoin, because it is taking too long and they have launched a coin previously and all of the technical parts of Skycoin are done
- Another group of people in BTC community does not want us involved with them, because of the previous coin

There is a Chinese group that
- bought a large chuck of Skycoin from the early ICO invesors
- is licensing our personal blockchain and scripting language to sell blockchain services to banks, financial services and retail
- who created a skycoin token on their blockchain and is selling them.
- they are paying for developers for us, to work on the skycoin multi asset wallet

They were selling the tokens for less than the ICO price, which upset the ICO investors, but I asked them and they said they were buying up the ICO Skycoin and selling the skycoin tokens and pegging the tokens to coins on the skycoin chain. They are selling to a different group of people than the bitcoin community. The shellcoins are in yuan and are not traded against Bitcoin.

Half the people left that company and formed a new company and we are working with both the people in the new company and the old company.

Shellcoin
- is closed source
- is not traded against BTC
- dose not have a cap on the number of coins

Shellcoin does not appear to be an altcoin, but is a yuan payment gateway, like ripple, but used to crowd fund money for companies and equity investments. It is more like Kickstarter than an altcoin.

No one asked us, before the sale or discussed the peg. We do not care either, as long as they are paying for developers.

They are
- using the skycoin multi-asset wallet infrastructure for providing services to businesses (blockchain traded gift cards and rewards points programs for large retail group)  (this has nothing to do with skycoin and is completely separate)
- using the skycoin person blockchain for developing applications targeted at businesses (this has nothing to do with skycoin and is completely separate)
- paying for developers, working on the above applications

The skycoin development team and asset on the blockchain is however completely separate. As long as they sell less than 1 million Skycoin on the shell coin chain, they can maintain the peg indefinitely. The amount is so small, that it will not affect Skycoin.

None of this affects Skycoin in anyway and is completely separate. This is for another project called CX.

We are also working with another six other companies and mostly on shared infrastructure and individual developers.

Development Update:

Some of the developers had problem with management style and were confused about what needed to be done. Now I am trying
- I assigned one thing to each developer
- I narrowed the task down to be very simple and self contained
- There is a group to recruit developers and staff developers to tasks now

We are trying to split everything up, into small manageable tasks.

Now they are saying everything will take two weeks.

We are building up a separate project management and marketing team, so the core developers can be left alone and focus.

Right now we are transitioning into a
- research/design/security team (researchers and core developers)
- marketing/PR group (completely separate and is actually composed of multiple overlapping groups of the skycoin investors, altcoin cartel members and other)
- project management group, who can handle miscellaneous tasks and find developers to do them (like putting the wallet on the website, frontend development, fixing bugs, hire developers to work on sub-projects etc...)

We have a problem, because we are not set up to manage the number of sub-projects and developers for the next stage of the coin.

Whole parts of the project are still unstaffed and we have several software components on the critical path, that are unstaffed. We also had no project management infrastructure setup for the first four years of the project, so many of the developers did not know what to do.

For instance, this is what getting the skycoin wallet builds looks like

- Person C communicated to person A had to put new version of the wallet on a website
- Person A reported CGO cross compilation error
- Person C communicated to person B to try to compile in the VM natively
- Person B accidentally deleted the VM for compilation
- Person C had to spent 2 months deprecating C crypto library to avoid CGO
- Person D had to fuzz crypto library and found bug
- Person D communicated back to person C about the bug
- Person C communicated to library author and had to wait two weeks for bug to be fixed
- Person C asked person D to fuzz library again and finds that we need to upset sipa's libsecp256k1 because the old version has different outputs for some rare private keys than the new version
- Person C updates repo with new software
- Person C gets gox cross compilation working
- Person C tells person A to cross compile
- Person A cannot cross compile because the build scripts are not documented and no one knows who to get them working
- Person C looks at it and finds out that gox compiles the exe but now packaging is broken
- Person C asks person E who wrote the build scripts to update them
- Person E finds that embedded npm package is bitrottened and does not want to maintain it and it is breaking the builds and needs to be deprecated for cross compilation. Three days are spent fixing "bug" because golang did not recompile library automatically when source code changed, because of bug in how cgo follows symlinks outside of the $GOPATH
- Person E starts deprecating nwging something library
- We have to wait until nwging something is deprecated and packaging is fixed for windows
- the go cross compilation fails for 32 bit because of a file in the cypto library with 4 megabytes of constants in arrays, that trigger and "out of registers" error.
- now we want to deprecate the secp256k1 library for another library, because we dont know what these 10,000 lines of constants in this file are and why we should trust them. Why do we need 10,000 lines of hard-coded constants to raise the base point to the power of a 256 bit integer in an elliptic curve mode some 256 bit prime? Where did these constants come from?
- Then we have to find the person who registered the skycoin domain and get DNS setup
- Then we have to ask person to start a server and put the website on the server, then login and upload the builds
- to get a system icon for skycoin wallet, we need a library that has not been ported to Windows yet

This is just to get the fucking wallet on the website. I want to stab someone.

This reminds me of the minute man missile tests, where if they had a nuclear war and actually tried to launch the missiles that 60% of the missiles would fail during launch because of software bugs.

Getting cross compilation working is literally a fifty step process, that entailed rewriting a secp256k1 elliptic curve cryptography library from golang.

Now we have to upgrade the wallet from Angular JS to Angular JS 2.0, so we can run the wallet on mobile. We have to get build scripts setup for typescript and whole toolchain working. There are still bugs in the original wallet from a year ago, that have not been fixed because we do not have person assigned to it yet.

We are trying to get project management infrastructure setup and project management team, so that they can assign developers to as much as possible, without involving the core team.

I am trying to focus on day to day, getting to the next thing.

CX:

The Skycoin white papers are two years out of date.

We are finishing
- wallet
- exchange
- meshnet

Those are only three things the core team is working on and there is one person assigned to each sub-part

After that, there are a number of projects and infrastructure we are building to promote adaption of Skycoin and which is also shared infrastructure.

CX is the planned base application layer for the Skycoin applications ecosystem.
- CX is similar to C and Golang
- it is very simple and easy to use
- it is deterministic
- it is designed to be embedded in personal blockchains, but also as an application language
- it is based upon the pi-calculus, communicating sequential processes and Combined Object-Lambda Architectures (COLA)

It is designed for implementing application business logic and protocols, where software objects on different personal blockchains need to communicate.

Will talk later about this. Want to get this done first.

Update:

Very busy. Just meetings, meetings, meetings.

It is skycoin Chinese drama week. I am just going to wait it out.

Project Priorities:

Right now the priorities are
- improve project management
- have a place where everything that needs to be done, can be written down as a ticket so developers can find it
- get developers to implement the tickets

We not have a radical simplification of the consensus implementation and simplification of the meshnet/vpn/darknet and it is almost trivial. It should not be more than 2,000 lines for the core, but we need to make sure it gets implemented.

Finding good contractors and people to work on project has been very time consuming.

Development:

Right now
- wallet cross compilation was done months ago
- We need to get gulp script working that dumps angular js 2.0 example app, into "dist" directory we can serve from golang. This is amazingly frustrating.
- we need to port the skycoin webwallet to angular 2.0 eventually (not high priority)
- We are having meeting and trying to get SKY/BTC exchange up as next priority
- we figured out how to simplify consensus implementation

The meshnet/vpn/darknet has undergone radical simplification. It very clear what is needed at this stage and is almost a joke. I do not have an excuse for not finishing this or hiring someone to do it. I have a triangle of three components, which depend on the other two components and together it just works.

Security:

I do not even want to talk about this, because it is too depressing.

There was ANOTHER glibc remote code execution vulnerability in the DNS resolver.
- you open up a website
- your connection gets hijacked and they insert a URL into the webpage
- your computer resolves the URL, triggering buffer overflow and remote code execution
- they have control of your computer

Bitcoin Core, Bitcoin XT and Bitcoin Unlimited used the version of glibc, with the exploit.

Bitcoin Foundation (reference client) uses musl instead of glibc and was not affected by the exploit.

Many of the newly introduced Bitcoin forks, appear to be attempts to intentionally accelerate adaption of Bitcoin clients with inferior security policies.

Also see:
- https://libreboot.org/faq/#amd
- https://libreboot.org/faq/#intel
- https://muchweb.me/systemd-nsa-attempt/

Google Unveils Glibc DNS Client Vulnerability, Many Bitcoin Implementations Affected
http://qntra.net/2016/02/google-unveils-glibc-dns-client-vulnerability-many-bitcoin-implementations-affected/

https://www.reddit.com/r/linux/comments/47s8a8/new_amd_microcode_vulnerability_from_unprivileged/
- ring0, AMD microcode

The Memory Sinkhole: An x86 design flaw allowing ring -2 privilege escalation
- https://github.com/xoreaxeaxeax/sinkhole/blob/master/us-15-Domas-TheMemorySinkhole.pdf

https://www.reddit.com/r/linux/comments/485jp9/openssl_cve20160799_heap_corruption_via_bio_printf/

https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
- [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow
- The code that causes the vulnerability was introduced in May 2008 as part of glibc 2.9.

Malformed private keys lead to heap corruption in OpenSSL’s b2i_PVK_bio
https://wartalker.me/a/56d62d1aeff2a2688884a075

There was also a recent RSA conference, where a speaker hinted at a backdoor of the microcode for the new Intel SHA256 acceleration function.

Almost every Bitcoin service is using PHP, can say with 100% certainty, they are going to have their coins stolen.

This is the backdoor in torcoin and lucky coin that allowed Cryptsy to be hacked.
- https://github.com/alerj78/lucky7coin/issues/1



There are other security vulnerabilities I do not want to talk about.

Now, the exploits are being directly added to the operating system as "features". Computers are being force upgraded from Windows 7 to Window 10. Windows 10 can covertly uninstall your cypto apps and/or replace them with back doored versions of the same executable and you would not even know. The operating system has a built in key logger and

After going through information, the summary is
- all Intel/AMD CPUs are unsuitable for cryptographic applications or bitcoin. It is possible to hide backdoors both in the bios and in microcode.
- every system running SystemD is insecure. SystemD is a mega-project to subvert linux security and replace a range of modular applications, with an unsecure blob of code that cannot be removed, exposes the system to thousand of exploits and which is to tightly integrated with every part of the system, that no hardware can be initialized without it and few applications will run without it. It is a cancerous tumor, to destroy, what should be a bare minimum of well designed, loosely coupled components.
- glibc is unmaintained and too complicated to be secure. musl should be used instead
- openssl should not be used. All standards by NIST should be suspect.
- Redhat is a subsidiary of the NSA and exists to subvert linux enterprise security.
- Intel and Microsoft are subsidiaries of the NSA and exist to subvert enterprise security. AMD is now as bad as Intel, after the Saudi buyout.
- C/C++ must be deprecated for a memory safe language
- PCI/USB/SDA must be deprecated and new security architecture is needed.
- all binary blobs in the kernel must go. all drivers must be open source
- there is an attempt to tightly integrate the priority graphics drivers bootup process with systemD, so that secure or open source hardware or non-systemD distributions cannot even boot
- if you produce a secure linux distribution or hardware not subject to these vulnerabilities, then Redhat/NSA will buy your company and shut it down
- deletion, censorship, marginalization, redirection of wikipedia articles for secure VPN solutions, DNS encryption and non-backdoored linux distributions. Blog posts in popular media saying "You need to encrypt your traffic!" then telling people that OpenVPN is insecure and to use these "top three" compromised VPNs, or better yet, closed sourced VPNs created by what I assume to be front companies for shady oil equity firms, owned by families who were intensely involved in Iran-Contra, the Total Information Awareness Office and ....



I am slowly coming to the conclusion that
- software easily could be secure and safe in theory, but
- we are in the middle of a multi-decades cyber war entailing the intentional subversion and back dooring of every piece of hardware, software, operating system, library, application, and cryptography and network protocol for the past forty years.

During Skycoin development, we also found technology that is very interesting, but only useful for 1313 type systems and for things like drone swarms, machine tool virtualization and user interfaces for hybrid systems. The meshnet/darknet/vpn scripting language is based upon CSP and the pi-calculus and there are very interesting things you can do with this
- https://en.wikipedia.org/wiki/Pi-calculus
- https://en.wikipedia.org/wiki/Process-oriented_programming

Update:

Meshnet adaption is growing. The hardware problems are solved.

https://i.imgur.com/FI0EnT6.png

https://motherboard.vice.com/read/how-a-diy-network-plans-to-subvert-time-warner-cables-nyc-internet-monopoly
http://www.shareable.net/blog/sarantaporo-residents-create-commons-in-rural-greece-through-a-diy-wireless-mesh-network

For Skycoin
- finish exchange architecture (mostly boiler plate)
- get meshnet routing algorithm working (there is some R&D here)
- wrap a VPN frontend and then get it working on OSX and Windows

The angular 2.0 compilation/gulp setup is done and will use this as a pseudo terminal for now. I think this will be satisfactory for the interface.

Update:

The interface is just being done in angular for now. The new angular is much cleaner.

However, npm is dumping the compiled javascript files in the same directory as the type script files, which is ugly and frustrating. I have not found the setting for setting the output directory yet.

Math Update:

I found a simple message passing algorithm that finds all nodes in the network that are not in consensus with the current node, with ~log N messages in the size of the network).

This is VERY important and a major breakthrough for verifying consensus.

- Nodes currently broadcast their state, to nodes that they are connected to (information about a single node's state)
- It is possible to publish meta-information that summarizes state state of the nodes that a particular node is connected to ("surveys")
- It is possible to do gradient decent on the surveys, for some types of messages to find the nodes that have forked blocks or to verify that no such nodes exists

A simple gossip protocol works as follows
- when a nodes gets a new message, it hashes it and announces the hash of the message to every peer it is connected to
- if a piece receives a hash announcement, it checks if it has the data for that hash and if not, it downloads that data from a peer that has announced the hash

This simple protocol guarantees replication of every message across every node on the network

"Gossip with counting" is as follows
- a node announces a data item, which has a counter
- the data item is re-announced periodically
- each node sets a "count" value that it attaches to the data item, the count value is the minimum of the count values of the nodes it is connected to, plus one
- the node that announced the message has count 0

If you get a count value of 7, it means the minimum path between you and the announcer is 7 hops.

In this "gossip with counting", if the nodes are honest, you can do gradient decent
- you look at all the nodes you are connected to
- you "Decent" by asking the node announcing the lowest count value and then ask him, who his peer with the lowest counter value is
- you keep doing this recursively until you reach the sender
- if you fail at a certain step, you backtrack with depth first on the next lowest count for the current node, etc
- if you see a node whose does not have a node whose announced, count value which is lower than the account value that node has announced, then the node is lying/cheating

It is even better, if the data in the gossip with counting, session is in a public broadcast file like IPFS, so that it has replication and peer-to-peer verification and does not depend on direct communication with the node for verification and replication.

There are several places for these algorithms
- there is an algorithm, that can find any node that is not in consensus in the network by starting a "gossip with counting" session
- another use is it may be an alternative to mining for consensus.

We previously showed that mining can be eliminated if there was a trusted time stamp authority (a single trusted node, that time stamps blocks). We also showed that consensus is more generally, the problem of assigning a total ordering to the blocks (if there is a split, or two options, the problem of resolving the two choices deterministicly).

You can simulate a shared clock between the nodes as follows
- when each node receives a block, it timestamps it (64 bit time) and signs HASH(timestamp+block)
- each node stores for each of its connections
-- the timestamp (and signature) that the node claims to have first received the block
-- the timestamp the current node, first heard the announcement of the time that the node claimed to have first received the time stamp

IF the clocks are synchronized, then the time another node claims to have first receive the block, will always be less than the time the notification of receipt was time-stamped by its peers.

What happens if someone injects a block 5 minutes later, that did not exist 5 minutes ago and attempts to fork the chain? What operations can your node to show that the block did not exist and should be rejected?

There are more complicated versions
- two stage time stamp commit protocols, where you announce a candidate time stamp (or range which narrows each round)
- then you must choose a time stamp, that is not less than 30% of the lowests time stamps of the people you are following

Mathematical Representations of Distributed Systems

I finally have a good mathematical model, that is very simple, which has simple algebraic properties that can be reasoned about and which is executable for simulation.

- C like (functions, structs)
- two data types (int32, char[])
- all operations are deterministic
- the operation of running the program or one line is f (so f*f*f would be stepping forward three lines)
- if program state S is idempotent under f (if f*S = S, then the program is stalled or there is nothing for it to do)
- there is an operator, that applies f on the context (the state of the program S), until it is idempotent
- all communication between the programs is length prefixed messages (program receives and emits length prefixed byte arrays, CSP)
- there is an operator s that injects a "Signal" (a length prefixed message)
- structs have a canonical serialization and reflection (so that they can be used for data apis)
- there is a "universe" which is just a struct/data object containing other computers. So you can spawn five computers, then top level computer can read out the length prefixed messages and pass them between the computers. A program run looks like f*f*f*f*s(...)*f*f*f*... and you can derive partial orderings on the program state, across different delivery orders for the signals..
- a computer, its state is called a "Context" and can be serialized/deserialized
- there are functions OF a struct and functions ON a struct (or operators).  A function of a struct is functional but does not change its state and is a property, or descriptive, while a function on a struct, entails a state change. (this is not very important, except for keeping track of algebraic properties of function application)
- there is a meta-operator for creating new operators
- the program is itself a software object (this is most important thing from mathematical perspective and simplicity, but means the program is no longer a text file, but a program object that operations are applied to)

This sounds very boring and would not seem to have any avantages over C or golang, however it simplies
- the skycoin blockchain
- the consensus algorithm
- the meshnet
- the exchange
- simulating interacting components
- unit testing algebraic properties and behaviors of systems of interacting components

Especially for simulation.

For unit testings, I have to
- spawn N computers under one universe (a context running a universe)
- setup initial state (give them program)
- each at the top level, shuffle the order of the packets and choose one packet (length prefixed message to deliver)
- run until each computer in the universe is in an idempotent state (until it halts)
- serialize state of top level computer to a []char and hash it, also write down how many packets/cycles it took

Now
- run this for 1024 runs
- show that the end state is the same for all orderings of the packets (that the hashes match)

- graph the number of packets, bandwidth, linear time required, under different network topologies and a function of number of nodes

I need to be able to spawn a whole network, run it and then crunch it down to a few numbers or a graph.

Both Bitcoin and Skycoin and the meshnet are cooperative multi-agent systems.
- P2P like bitorrent and Bitcoin is the boring case where every agent is the same, passing same messages
- the Skycoin meshnet has to deal with computers, controlling computers and networks of computers engaging in cooperative, competitive and coordinated action to solve optimization tasks across the network and accomplish goal.

The meshnet nodes are not just calling data APIs on each each, but need to communicate in both data and programs.



If you have a metric that you can measure or a goal, and you have multiple programs or methods for accomplishing that goal, the program will be able to evaluate the scripts and choose the best or most effective one. It will also be able to do this at the system level and the system of system of level because the description of the programming language is closed under reification.

Update:

Finished some small things, but mostly design work

There are some minor changes
- UPNP support for Skycoin networking is done. Can tunnel through firewalls now.
- Networking will probably be switched from TCP/IP to UDP

Exchange:

This is ready to go almost, but have to finish

Other:

The GUI for interaction with networking and meshnet configuration is extremely frustrating. I am trying to find some way to take a shortcut or make this easier.

- I need a cross platform pseudo terminal and a metacircular evaluator for golang. Very frustrating. There is nothing like ncurses that is cross platform.
- I feel like this will require writing an application in opengl on top of SDL. This is annoying because the code base currently cross-compiles 100% and this will break that

I feel like I am rewriting a bunch of software from the 70s and 80s, such as ncurses and pseudo terminal multiplexing... I think if I just keep coding, that it will work out.

There is a new programming technique called CODA that is extremely powerful. TCP/ip implementation is about 20,000 lines in C. In Alan Kay's CODA type environment, TCP/ip type flow control can be implemented in 150 lines.

He was able to implement a full operating system from scratch, with document editor, email and a webbrowser, in 20,000 lines of code

The mesh network requires something like this and may have to implement a simple scripting language for this.







After two weeks, I figured out how to implement it in very few lines but still has to be implemented and debugged.

This is extremely occult tier mathematics.
- The programs in this language, do not have a representation as a text file
- The syntax looks exactly like golang
- All programs are deterministic
- The programs have a very elegant algebraic representation
- there does not appear to be a difference between local program objects and program objects on a remote machine
- the programs accept only length prefixed bytes as input and emit length prefixed bytes
-  it is recursive (turtles all the way down), in that you can instantiate a "world" or program context and within that context, instantiate three "worlds" or program contexts (own computers) and network them (top level passing messages between them) and run them. The top level programming context appears to be recursive.
- the programs are constructed by applying a series of operators on an object starting in a null state
- the programs themselves are program objects
- the meaning of the program or action of a statement upon the program state is not fixed, but defined in terms of another program object
- it is impossible to write software that is not open source in this language

When we use the computer, we do not interact with software objects. We interact mediated through the computer but not on "computer objects", but rather interact with twitter, facebook, youtube mediated by the computer

object, tool, interaction



There is a triangle like this, with
- the object on the left (representation, visual thing, object)
- the interaction/goal or outcome on the right  (pragmatics, what you are doing, the operation or action)
- the tool or action at the top (the intermediating thing, the tool that immediate between the object, the reification of the action)

An object starts as a null state, then a finite series of actions are applied to it
- a twitter feed starts empty and then "create tweet" actions are applied in series
- a coin starts with an unspent output set, then transaction actions are applied, that destroy unspent outputs and create new unspent outputs
- a text file is opened and begins empty, then a series of key press or "insert characters", "remove characters" actions are applied
- a wikipedia page starts as a blank text file and then a series of "apply diff" actions are carried out upon the state

The state of the object and the sequence of reifed of the actions to the current states are dual. They are isomorphic and equivalent.
- starting with the null object and applying the actions in series to the state will yield the same result as transmitting the current state itself

This may seem abstract, but the reason it is important is that the nodes act like agents
- they have a goal (such as multiplexing packets across multiple connections)
- they have multiple things or actions they can attempt in order to possibly achieve the goal
- they have to choose a sequence of actions to accomplish the goal

- There are procedural or pragmatic aspects of actions (what an action does) (the result of applying the action to the program state)
- There are declarative aspects of actions (when actions ca be applied, serialization for transmission over network)

This is needed for constructing a program, which can be set with a goal and which can attempt a series of actions to accomplish that goal.
- "retransmit messages from a list of messages, until a receipt confirmation has been received from the destination"
- "find a list of peer who each have data item that hashes to H" (DHT lookup)

Downloading a file is
- "find a list of peers who each have data item that hashes to H"
- "from the list of peers make download requests for chunks of file, until all chunks are received"

- there is a series of attempts to retrieve peers for the hash (DHT or super node)
- for each peer, there is attempt to connect to them (may fail)
-- for each connection attempt, there is an attempt to find a path to the peer (may fail)
- for each connection, there is an attempt to make the chunk download request (may fail)

This type of program is not procedural or declarative, but uses both and is defined in terms of behaviors.

- if file is not downloaded, find peers to who have the file which hashes to X
- if peer is known, but are not connected, then attempt to connect to the peer
- if connected to peer, requests chunks which have not been downloaded
- if file is done downloading, terminate

The language actually looks identical to golang, except that there is a meta-syntactic operator for creating higher order structures like behaviors, attributes, goals and higher order concepts for implementing things like this.

The language has everything stripped out, so I may be able to implement it in a few thousand lines. I am trying to figure out
- should I do this later
- should I do prototype first before writing this

The largest problem is that I dont have a pseudo-terminal that is cross platform and I need a meta-circular interpreter for driving the terminal gui widgets and the best way to do that is an early version of the scripting language.

The scripting language has added security benefit of being memory safe. In theory, you can strip out the whole operating system and just have a program for the networking drivers and another program for disc.

I should stop thinking about it and just code.

Pseudo Terminal:





I want to be able to quickly open a box, type text into into, hit enter, run a command. Write a program, select a data object, apply operations to the data object, drag boxes around the screen, connect to foreign server, implement a chat program in a few lines that connects to a server and has a chat room, display graphs etc...

I find it frustrating that it takes more than five minutes to do any of those things. I have data and program state and I just need a quick prototype gui for displaying it and letting the user interact with it. Nothing does that well. It is very frustrating especially cross platform. Just getting a cross platform eval loop, for a Bitcoin exchange on the command line, is hell.

I tried to use golang as the scripting language, but golang does not have a metacircular evaluator yet. I cannot do something like iPython Notebook in golang yet and embed it in the terminal.
 
For the meshnet gui you end up
- writing an opengl application usind SDL to abstract mouse wheel, clicking, key presses and API for events like setting characters and window resizing
- writing a scripting language in golang
- rewriting the gui front end to use the scripting language and the application backend
- writing a terminal multi-plexer and full environment
- writing a framework for making meteor/Angular.js type terminal applications and layout
- rewriting most of unix as it existed in the 70/80s

However, what this gives you, is a very clean, very self contained environment that can be dropped anywhere and is security sandboxed.
- an environment that can be compiled down and run in the browser
- an environment that can run on bare metal on a Raspberry PI
- an environment that can be run on Windows, OSX, Linux and has the same interface and feel
- less than 20,000 lines of code and no room for backdoors

I think for IoT there is an argument towards standardization and stripping out everything. Getting rid of groups, users, permissions, rings, ... and just reducing linux down to nothing and minimizing the number of concepts or things that exist. Pushing everything into user space. Replacing files with software objects and enforcing everything as being a software object.

Containerization, L4, COLA, cloud computing, IoT, Golang, Urbit, docker, Tox, etc.... These are all part of a cycle where we go back and reevaluate the pile of crap we are building upon.

This may be necessary in the long term, especially given the aggressiveness of the exploits being placed into Java, PHP, OpenSSL, SystemD.  The governments have decided that they are going to ruthlessly attack the open source community and drag everything down into the mud they can.

This is especially, frustrating, because if you are using crypto or applications for secure communication, that is detected and then your computer can automatically be flagged for automated root-kitting. The attack cycle is being automated end-to-end, with automated targeting and data ex-filtration.

- start from day 1 with memory safety
- start from day 1 with completely open source drivers and no binary blobs
- start from day 1 with deterministic builds
- start from day 1 with containerization and application sand boxing
- start from day 1 with everything in user space

The whole internet is in the process of being refactored and rewritten. Many of the existing protocols and encryption methods will just be abandoned by necessity, as soon as alternatives become available.
- IP addresses replaced by public key hashes
- static files referenced by hash (content addressable memory)
- alternatives to domain and CA that do not require centralized third parties
- all software in memory safe language, that is not backdoored
- software defined networking, making interception and censorship impossible
- default encryption end-to-end for all applications
- compartmentalization of application data and sandboxing (app store type installation, uninstallation, data synchronization between devices)
- improved process management (a single well defined hierarchy of processes in memory)
- abstraction of file system to eliminate differences between remote and local files
- self-describing data APIs (reflection upon APIs exposed by a processes and hardware) with single standard for data exchange between processes
- elimination of difference of difference between local and remote software objects and resources
- containerization, no need for super-users, ability to do everything in user space, recursive encapsulation of workspaces, sandboxes and processes ("turtles all the way down")
- one language for both client side and server side (arbitrarily, or something that looks more like golang and is not javascript).
- new method of GUI layout, inspired by DOM/CSS (simplification) but which is not DOM/CSS, that is used for both the operating system UI, applications and web-applications (no distinction between desktop applications and remote applications).
- elimination of difference between desktop applications, mobile applications and web-applications
- universal platform between mobile, tablet and desktop (and there is something above desktop that does not exist yet, corresponding to large scale ubiquitous, ambient and volumetric compute surfaces)

All of the recent software projects are moving in this direction, incrementally and piecemeal. So there is an emerging platform, that aspires to universality and simplifies or eliminates everything complex or varied about the existing computer. There are simplifications required and then new programming abstractions required, to deal with systems where a single person has 300 devices, including light bulbs, speakers, microphones, thermostats, tablets, coffee makers, drones, robots, servers, cell phones, laptops, storage drives, networking nodes, etc...

You have systems of systems, that need to be able to interact cooperatively, to achieve goals or maintain states or take autonomous action to optimize criteria. The Skycoin meshnet is one of the first system of this type (aside from mega-projects like the global information grid, internet and military, manufacturing prototype systems).

I am still trying to figure out how, I can avoid needing to write a pseudo terminal or metacircular evaluator and a new scripting language for what I need. Or if I can get away with a bare minimum and only minimum amount of work to implement it.

- i need a pseudo terminal that is cross platform and can handle mouse scroll
- I need a meta-circular evaluator
- I need ability to embed a compute context in a another computing context (the context is a first class object)
- need to be able to construct the program as a series of operations applied on a program object
- I need abstraction of the inputs the program responds to, restricted to length prefixed messages (simple, algebraic universal CSP construct)
- I need golang like procedural functions, structs, module structure (works very well, very simple, easy to implement)
- I need "behavior" type programming like in CODA (easily implemented with meta-syntactic construct on top of base language) (helps for networking operations and drastically reduces lines of code required)
- library for Meteor type object synchronization (helps for exchange and writing chat programs)
- Ability to call remote API/RPC on remote objects in syntax similar to local
- small library for simple pseudo-terminal GUIs

I am trying to find the minimum set of what needs to be implemented for very basic application, such as the meshnet gui. There is a basic application, that can be grown or extended later.

For Skycoin, there are groups that want to setup HAM radios and have automatic message forwarding and routing. A few hundred nodes with 50 to 200 mile range can cover whole country and allow for messaging like SMS. They think the fiber lines will be cut and the power will cut.

There are many groups that want an emergency communications networks that can operate independent of internet. They want to be able to communicate with the other pockets of people who prepared and who survived and be able to move between locations.

Asymmetric data path is important, because a large, powerful transmitter can transmit very far, but your weak handset cannot send and expect it to reach, but you can still receive messages. You also need this for rural internet and "ring" type connections.

If you have a directional antenna, you may be able to transmit to a remote location, but they wont be be able to send you a powerful enough return signal to be picked up (for wifi).

Someone else created proxy ham and the hardware is done. I just have to do software and routing and interface.

---

The "exchange" has a full thin client
- you can send message to get your unspent outputs and return message is ~200 bytes
- from the unspent outputs you can sign a transaction and inject it and its about ~150 bytes

So you can still do transactions, even over SMS or HAM radio if needed.

The wallet is deterministic, so if you flee from a war zone, as long as you remember the password, you can regenerate the wallet and still get at the coins later.

Update:

We have contractor working on high security exchange.
- the existing exchanges are in PHP. There are zero days in PHP, so many companies can easily gain access. Even darknet websites in PHP on tor are not safe
- we are getting a special golang abstract, that is an event channel for coin balances, transactions, unspent outputs. Once a coin meets the interface, it can be plugged in.
- this "exchange" is a bit different than anything before. it is more like a thin client abstraction layer.

Distributed Applications:

Building these systems requires
- a binary serialization of golang objects (we did this)
- metadata extraction/exchange for structs/methods exposed (still need this)
- something like a native version of DCOM or CORBA

- The exchange exposes and "Account Object" and you can make requests on the object, such as creating bid/ask order or generating new deposit address.
- There is a feed of 'events' such as state changes, bid order canceled, new bitcoin deposited, withdrawal competed. These are mirrored locally
- this is a "distributed object framework"

For each coin, there is an object where you can
- get unspent outputs for addresses
- inject locally signed transaction
- event feed for pending transaction related to your watched addresses

This means
- you can check balances of your addresses
- you can get the unspent outputs for the addresses
- you can sign transactions and inject them into the network without having the coin installed
- the private keys are local

There is a communication channel
- it is abstracted and can be over Email, instant messaging, text messaging, bitmessage, TCP or other
- the communication endpoints and transports are arbitrary and swapable (this will become important later, as governments destroy the internet)
- the endpoints are authenticated by the public key cryptography

I am going to do this later (after the other things). I want a clean framework for building these services.

Cross Compilation

To cross compile skycoin, do

Install Gox:
go get https://github.com/mitchellh/gox
gox -build-toolchain

Compile:
cd $GOPATH/src/github.com/skycoin/skycoin
$G = skycoin-0.3
gox -output="$HOME/builds/$G-{{.OS}}-{{.Arch}}/$G/address_gen" ./address_gen/
gox -output="$HOME/builds/$G-{{.OS}}-{{.Arch}}/$G/skycoin" ./skycoin/

It will even output NaCl (native client) for ARM.
- native client is an execution sandbox by Google for memory safety and running applications in the browser and phone
- it abstracts the networking and directory access
- it is likely next standard for Android apps and replacement for flash
- there is portable native client, which is like LLVM IR for native client

Right now, most exchanges are using PHP and software libraries that have XML parses with remote code execution exploits. New exploits are being added everyday and others being patched. bitcoind has them too.

Achieving security in the long term, requires going as close to the metal as possible. Getting rid of reliance on excess dependencies we cant control which  are in non-memory safe languages and have exploits and reducing the number of lines of code.
- Raspberry Pi or ARM hardware (no microcode exploits; eventually ideally MIPS or RISC-V)
- L4 kernel (35,000 lines, instead of +2 million lines, formally verified, all actions and drivers in user space)
- Libre linux drivers (open source drivers instead of binary blobs)
- deterministic builds

Those are the minimum requires for acceptable security against a nation state actor.

The State of Security:

New back doors being installed daily, such as the ability to send a binary package to any instance of chrome (even the open source one). They just lock onto your metadata and can hit you with the binary package through a man-in-the-middle attack when Chrome phones home.

Today on windows 10
- the government can remotely backdoor your computer with a one click auto update
- microsoft scans all your files and sends the hashs to the NSA
- microsoft may download copies of files it is interested from your computer, like your bitcoin wallet
- there is a key logger installed by default that uploads every key stroke to microsoft and the NSA (your passwords for banking, shopping, credit card numbers, name, address, everything)
- it records your voice and image through webcam for 30 seconds and uploads it to NSA
- the operating system will automatically uninstall programs Microsoft, the NSA or government does not like
- every application you run and every connection it makes, the duration, ip address and amount of data set is uploaded

Update:

Too many things. Will try to keep it brief.

New Build:

The new build for windows is almost ready. A few small changes left.

Cross Compilation:

Cross compilation is now working flawlessly! We have builds for Windows, OSX, Linux, BSD, Plan9, Arm, NaCL. It is completely automated.



Deterministic Builds:

Deterministic builds and pulling all the dependencies inside of the library will be done by about Go 1.6!

Deterministic builds, means that if two people compile the source, they will receive binary identical outputs. This means that the binaries cannot be back doored and can be verified.

You take the source code for the golang binary and compile it, with itself and should get the same binary output as the original executable. Then you compile the binary, to get the output.

This is a major milestone for security.

Elimination of external dependencies:

Bitcoin has had several bugs introduced (intentionally or not) by external dependencies, that would have allowed every node on the network to be taken our or a quarter of the total bitcoin stolen.

See:
- http://www.talosintel.com/reports/TALOS-2015-0035/
- https://bitcoin.org/en/alert/2015-10-12-upnp-vulnerability

For instance
- heartbleed in the bitcoin merchant protocol from OpenSSL
- the remote execution UPNP vulnerability introduced into bitcoind and enabled by default
- the glibc DNS resolution remote code execution vulnerability

If a developer can introduce one of these bugs, they can sell it for hundreds of thousands of dollars to the NSA, private companies, FSB or others. They can also use it to loot millions of dollars from exchanges and users. We are in the middle of a cyber war.

Skycoin has removed all external dependencies. Everything is in golang. Everything is memory safe. Everything will eventually be moved into the repo once golang support for vendored dependencies is worked out.

We are not even dependent upon the system DNS resolver.

We are moving towards being able to run skycoin on an seL4 kernel (34,000 lines of code) on a raspberry pi. This eliminates everything (systemd, the operating system, just everything cut out). You can run it over a serial cable, if there is not a USB driver. The exchange, wallet and other infrastructure will be able to take advantage of this also.

MtGox and Silk Road was running with a PHP front end, but there are numerous PHP zero days. Even running Silk Road over tor, governments can root the server or get remote execution very easily.

Attacks on Bitcoin

There will be severe, state directed attacked on Bitcoin soon.

Gmaxwell was harassed off the development team by a mob.
- https://www.reddit.com/r/Bitcoin/comments/3x7mrr/gmaxwell_unullc_no_longer_a_bitcoin_committer_on/

They create a wedge issue, the split community and then fund a lynch mob targeting particular people. They target the immune system and people who cannot be subverted through bribery or influence. They attack the immune system and people who are stubborn at refusing unreasonable additions and "Compromising" by doing something 50%, that should not be done at all.

Gmaxwell opposed the addition of the bitcoin merchant protocol, that later introduced vulnerability to heart bleed. This bug allowed private keys to be read out from wallets, on any bitcoind node attached to the network.

The depressions, creation of debt and harvesting of assets is a completely monetary phenomenon. Banks load the economy up with money (Debt, printed out of thin air) during the boom, then do a harvest cycle where they pull money back creating a depression and causing defaults and seizing the asset.

Bitcoin and Gold limit the ability of central bankers to send economies into depressions and loot assets, so they will be banned, restricted, attacked. The powers, do not have a response to Bitcoin or feasible methods of shutting it down and so have not made the community aware that it is targeted for destruction (as an external enemy, creates group cohesion and resistance). They will attack bitcoin through third parties, hacks, media, "terrorism", buffer overflows, infiltration of community, security vulnerabilities and so on. They will split the community, try to make it non-effective at achieving group goals or coordinating and try to create group in-fighting and attack leadership. In other words Psychological Operations.

A simple mathematical model, shows that the price of Bitcoin is held up by capital flows. This means that when Bitcoin is destroyed, the market cap will not be destroyed, but will just move into the other coins.

Meshnet Routing Algorithm

I have a simple DHT algorithm now that embeds the node public key hashes onto a chord and can find nodes by address.

This is one of the most difficult parts.

This is another algorithm that is similar. This part of the meshnet can be swapped out and its an area that will take years of research and testing and something that will need to be updated as better algorithms are developed.

Multi Named VDHT Routing
- https://www.newtolife.net/multi-named-vdht-routing.html
- https://www.newtolife.net/experimenting-with-virtual-dht-routing.html



We have a few graduate students, who are only interested in this problem and bench marking and trying different algorithms and writing papers.

There is an efficient algorithm using ant colony optimization and a version using particle swarm optimization that approximates a path integral for electron diffusion on a graph that has a name like "quantum electron something" that someone wanted to implement.

Meshnet Adaption

On the ground, people are creating their own ISPs and communication networks.
- http://arstechnica.com/information-technology/2015/11/how-a-group-of-neighbors-created-their-own-internet-service/

Global Survey of Free Networks
- http://p2pfoundation.net/Global_Survey_of_Free_Networks

I have researched all the tools and hardware they are using.

Not that meshnets are becoming viable, the government/FCC is trying to ban the ability to flash the firmware or use open source firmware for wifi routers. "Hackaday reports that the FCC is introducing new rules which ban firmware modifications for the radio systems in WiFi routers and other wireless devices". "The PDF explicitly mentions DD-WRT as an example of what should not be permitted".

Radios

There is new radio equipment and software being released monthly now. We do not have to worry about this

- https://github.com/srslte/srsue
- http://spectrum.ieee.org/telecom/wireless/softwaredefined-radio-will-let-communities-build-their-own-4g-networks
- http://spectrum.ieee.org/geek-life/hands-on/softwaredefined-radio-part-ii

Proxygambit
https://hackaday.com/2015/07/16/proxygambit-better-than-proxyham-takes-coffee-shop-wifi-global/
https://hackaday.com/tag/proxyham/

https://github.com/samyk/proxygambit
- 150 Mbps+
- +10 km range, line of sight

Security Summary:

Surveillance Update:

And likewise all of your smartphone keystrokes are broadcasted over the air to the mobile carrier as well via CarrierIQ. Which comes enabled on most Android phones.
- https://boingboing.net/2015/12/29/windows-10-covertly-sends-your.html
- https://www.youtube.com/watch?v=T17XQI_AYNo

Windows 10:
- https://boingboing.net/2015/12/29/windows-10-covertly-sends-your.html
- Windows 10 covertly sends your disk-encryption keys to Microsoft
- a remote killswitch that lets it disable your hardware
- keyloggingt, by default, sends it all to Microsoft
- browser-history logging that, by default, sends it all to Microsoft

These backdoors are severe. Bitcoin can be stolen both on Android and on Windows 10, by the government anyone who knows one of hundreds of exploits. The data they are collecting is handled by private companies who use the data for profit.

The data is first collected by a private company, which then goes to another private company owned by a cartel member, then goes into NSA/govt and then leaves NSA for DHS/FBI local police and various compartmentalized programs. Most of the surveillance was implemented illegally and outside of the law, using threat of force or bribery.

Police are going to get the ability to one click root kit your phone and steal your bitcoin, steal your pictures, contact book, track your location and especially to harass people. The government will be using a range of "effects based operations" against anyone opposing the police state from harassment, to emptying people's bank accounts.

Cryptography and an open internet is the only thing stopping it. Until land ownership, defense, food production, manufacturing, transportation and communications are open source and under control of the local community, humanity will not be safe from the threat of the emerging cybernetic enslavement state.

Update



The crypto port is done. Major milestone done!

I was almost ready to give up on getting it working, from frustration.

The actual bug was fixed nine days ago and the problem was in the test environment.

The test suite was failing in the test environment, but turns out is passed if the tests are run when the working directory is within the $GOPATH, but fails when the tests are run outside of the $GOPATH. This has something to do with how golang handles symbolic links (which do not exist in Plan 9...).  When the tests are run from outside of $GOPATH it was using a cached, older version of a package in a sub-directory of the original package and was not recompiling the library, when changes were made...

We also recently found another pure golang secp256k1 implementation
- https://godoc.org/github.com/btcsuite/btcd/btcec

Next:

I am trying to get cross compilation for OSX, Linux, Windows working now.

Then will post new version of the Skycoin client.

Next:

I am writing small library to get bitcoin unspent outputs for an address and to sign bitcoin transaction.

Then will make small test website, where
- you put in skycoin address
- server generates a deterministic bitcoin address to send coins to.
- server waits for transaction to clear and then sends Skycoin

That will make sure that bitcoin/skycoin transactions are working. (There is minor issue with transaction injection and transaction status in the skycoin client that has to be fixed, where transaction takes too long to propagate if transaction was created before the node is connected to any nodes in the network). We also need improved transaction tracking and status for users and for exchanges.

Then can do order book and will have a full exchange and liquidity.

---

Then can finally do the meshnet/darknet/vpn prototype first version. I want to get something working very quickly, but it may not be mature for a year or even two years, before there is nothing left to do in terms of architecture and scope.

- There is no cross platform implementation of ncurses for terminal applications and other hassles.
- There is no cross platform VPN frontend and it will only run on linux initially.
- Applications like Bitorrent will have to be ported to run directly/natively in the name space (like they do in Tox and I2P)
- Decentralized versions of applications like instant messaging, email, twitter, facebook, youtube will eventually have to be written for the network namespace
- a go like scripting language may be needed for application development, networking
- we may need something like "angular.js for terminal applications" and a cross platform OpenGL terminal with standardized interface for controlling the terminal over the network
- there are open problems with how payments should be settled, pricing, preventing artificially induced scarcity in the coin economy that would restrict network expansion (applied economics, multi-agents simulations, cybernetics, economy design)
- etc..

Over the next decade, the whole internet is being rewritten from scratch to address the current challenges it is facing. There are dozens of protocols under development, such as
- IPFS
- tox
- bitcoin
- cjdns
- aether
- telehash
- bitmessage
- namecoin
- bittorent-sync
- dozens upon dozens of others

We are in the middle of an internet reformation and second wave of decentralizatoin.

- We are seeing the first community meshnets being built in Athens right now, using crude software and duct tape.
- The first radios and networking equipment for practical meshnets are being released or have been released in the past six months. Small local ISPs, bridging the last mile are proliferating
- the existing generation of privacy tools and VPNs will soon be rendered useless by government blocking technology now being installed and a new wave of patriot act bills being passed passed in nearly every country globally (and even being pushed at the UN level)
- We are seeing global cyberwar, with governments and corporations block or degrading access to blocks and content they do not like and trying to weaponize the internet as an instrument for thought control, surveillance and oppression
- The TPP will completely destroy the public internet.
- The existing internet is susceptible to balkanization because it was not designed to be immune to politics. Companies like Google and multi-nationals see what is happening with the public internet and are already using their own MPLS installations and dumping money into Software Defined Networking infrastructure.
- The UN and communist run organizations funded by third world dictators are trying to take over the standards committees and seize control of the internet. They are proposing taxes on international internet traffic (so that a country's regime can exercise monopolistic control over all content/knowledge/severs/information/books/movies/television/content in the country). The existing internet will not survive in its current form for another decade. We are seeing each country building their own North Korean like internet, so that dictators, corporations and bureaucrats can dominate and control it.
- Internet kill switches, biometrics, DNA databases, backdoors in everything, mass surveillance built into every television, internet enabled light bulb, laptop, computer and cell phone. Building blocks for a new dystopian totalitarian police state. The western governments will not stop the mass shootings and terrorist attacks, until there is not a single right left to take away.



I cannot exaggerate what politicians are attempting to do is.
- tax international internet traffic
- ban encryption
- ban anonymous speech
- ban anything governments/politicians/corporations/bureaucrats cannot control
- global internet tax to fund UN internet occupation force and UN internet police
- make criticizing corporations illegal. Make users liable for any speech that hurts corporate profits (TPP treaty)
- Hillary Clinton's "Manhattan Project" to stop internet encryption

So I think this will do well. We are heading towards a world, where the surface internet is becoming a corporate shit net for stupid people and anything worth knowing is being pushed underground by governments and corporations.

Economically, we are passing the inflection point, where it is cheaper for communities to build their own internet infrastructure and own the infrastructure, rather than having monopolistic ISPs with poor service and 98% profit margins.

The practical problem, is that no one has ever built anything like his before. Enough of the pieces have been solved by different project, that most of the risk has been removed, but integrating them into a new piece of software will still be work. Especially for the UI components and what cannot be automated completely by machine.

Yes.

The exchange will be Bitcoin to SKY, so its just fixed rate and then will go up from there as it floats. Pegging to USD is unfair to early investors, if Bitcoin is going up.

The ICO will still be open until it floats. I want to get exchange done ASAP because lack of liquidity is driving me insane. It is too frustrating to trade right now.

---

In the longer term, what is happening, is that the internet is being balkanized by the UN, ICANN, US, Canadian, Australian, Chinese and European governments. The internet in its current form wont exist. This is not so much a VPN/darknet/meshnet as an independent space, that cannot be balkanized by regulation. Corporations and governments are already putting routers in place to drop traffic to particular websites, or interfere with DNS requests and to actively harass/disrupt users of particular websites. It is beyond surveillance and descending into a full scale cyber war.

It is not just affecting internet traffic in that country now either, it is affecting all traffic going through that country from any destination to any other destination. It is a full scale cyberwar on independent media and against bloggers and bitorrent, under the TPP and the new patriot acts that Canada, Australia, Europe and the United States have passed.

It is very important that the skycoin node and software defined networking primitives get implemented.

Update:

I am going insane.

There are three major goals/milestones right now
- get crypto port to golang finished (so we can do cross platform builds)
- get liquidity (exchange platform)
- VPN/meshnet/darknet prototype or version 1 release

Crypto:
- someone else (two other people using the library) is working on the crypto bug (which only affect 1 in a few thousand keys). When they finish it, we will test it again.
- then we will set this up https://dzone.com/articles/releasing-cross-platform-go-binaries-using-goxc-an
- we will have automatic cross platform builds

Exchange:

I need a command line environment for doing particular things and testing. Then can expose the data and commands as JSON over local host and someone can do a web interface.

There are many small, very frustrating tasks that need to be done in order to get this working.

There are major changes to software ideology, architecture, simplification and how the user interacts with software. Skycoin is stuck in between the generational changes, in that particular things are needed, that do not yet exist. Most of the time is spent building tools and scaffolding, that later things are built on.

Meshnet/Darknet/VPN:

The version one is designed. The simplest thing is just wrapping and forwarding packets. Then tagging on a VPN frontend or the networking interface (which we already have).

This part is actually a set of small infrastructure pieces including a terminal environment (interface standard), a scripting language, a virtual machine (machine/node standard).

This is something completely new and may not make any sense. It is a framework for dealing with the problems of building a type of application that currently does not exist and has never existed yet.

- The first generation was single user mainframes (single processor,running single program)
- The second generation was single user mainframes, with ability to switch between programs (single processor, time sharing)
- The third generation was multi-user mainframes (single processor, multi-user, time sharing between programs)
- The fourth generation was personal computers (individual computer per person)
- The fifth generation was networked personal computers (individual computer, per person, multiple applications per computer, inter-computer communication)

In the next generation a person will have a "personal cloud"
- will have six tablets
- will have two laptops
- will have six block storage devices on their personal network
- will have half a dozen routers/access points
- will have appliances
- will have networked microprocessors in their shoes and clothing
- will have thirty speakers, each connected to network, with individual CPUs
- will have a fleet of robots, Roomba or other self-mobile devices attached to network
- ...

You end up with a network, where each device in the network has
- processing
- memory
- networking/communication
- storage

Where an individual may have control or at least read access to several hundred devices, which expose heterogeneous capacities.
- tablets/laptops/screens run GUI/display driven applications
- block storage devices read and write files over the network
- speakers play sound over the network
- thermostats and light-bulbs export data and expose an interface
- etc...

In the current generation, where someone plays an mp3 on a tablet or laptop
- the interface is on the tablet
- the song being played is stored on the tablet
- the song is played outputted from the tablet

In the next generation
- a person selects a song on a tablet (interface)
- the song itself is stored on a disc drive (which has its own CPU and is networked) (not on the tablet)
- the song is played on six speakers in the room they are in (which has own CPUs and are networked)

The interface/command node is different from the node where the file is stored and is different from the action (playing mp3 through speaker).

When a television plays a movie, the movie will be streamed from a disc over the network. There is a unified view of the data, that is accessible everywhere. There is no distinction between local storage and capacities and remote capacities over the network.

These types of applications are beyond "Peer-to-peer" and are "Decentralized" or "IoT" type.

The Skycoin Meshnet/Darknet/VPN/Software Define Networking/Node is one of these applications. There is a minimum framework required, to write an application of this type, which currently does not exist.

....

The most horrible part about this, is that the time consuming parts do not matter. All of the time is wasted in debugging, fixing small things. The important things are done quickly and the trivial, takes 20x as much time.

For the exchange, I have to get gocoin working for checking address balances, signing transactions and injecting the transactions to the network. I need to add more URLs/functions for checking if a transaction has executed, to the skycoin daemon.

I need an eval/repl loop for the exchange client which is frustrating. The libraries are shit. I almost thinking of writing an opengl program for displaying grids of characters, then a whole library supporting it if I want scrolling with mouse wheel or refocusable widgets (but do not want to write anything if possible).

Just something as simple as a cross platform console or equivalent of ncurses, does not exist. It is very frustrating and maddening.

I am considering an interface in javascript/html, just to finish it quickly.

Ideally I would just like an embedded golang/REPL library that works well. That would solve my problem.

https://github.com/sbinet/go-eval
https://github.com/sbinet/igo
https://github.com/vito/go-repl
https://github.com/motemen/gore

For javascript/html interface, it polls with get/post, but need way to send an event back from the application to the web-browser. This is called "push notifications' or WebRTC.

I have to decide whether the interface should be Angular.JS or just use jQuery or application specific/terminal.

I still have not idea

Writing this interface is a horrible nightmare. It is 5x more work than the exchange back end. This is pure insanity. I cannot believe I have spent two days on this already.

Update:

Skycoin is pegged to Bitcoin, so it is up about 2x. From 10 cents per coin to 20 cents per coin.

Exchange GUI is in progress.



- The exchange client is a very light weight terminal application.
- When exchange app starts, you put in your pass phrase for deterministic wallet generation
- It communicates with exchange over encrypted channel.
- You can transfer between local wallet and the exchange very easily

- As long as you remember you wallet password (the phrase that generates the wallet), then you can access the coins from anywhere.
- There is no physical wallet, on disc that can be confiscated or even proven to exist

Example 1:
- start exchange
- put in key for deterministic wallet generation
- send Skycoin to exchange from local wallet
- sell Skycoin for Bitcoin
- Send Exchange Bitcoin to remote address
- Pull remaining skycoin back to local wallet

Example 2:
- start exchange client
- put in wallet generation pass phrase
- check bitcoin balance for local wallet
- send bitcoin from local wallet to an address (sign transaction, inject transaction)
- close exchange client

This is not really an "exchange" or a client. It is more like a bloomberg terminal for Bitcoin/Skycoin.

You do not need to "login" to the exchange with a user name or password
- your public key authenticates your identity

Cell Phones, Windows 10 and all operating systems are backdoored.
- This will eventually run on a MIPs or ARM processor, that is not even running an operating system.

There is an RPC between the client and exchange server. There are a small number of actions on the command channel.
- Check BTC balance [address list]
- Check SKY balance [address list]
- Withdrawal Bitcoin (pull coins from local wallet)
- Deposit Bitcoin (push coins form local wallet)
- Withdraw Skycoin (pull coins from local wallet)
- Deposit Skycoin (push coin from local wallet)
- Place Bid/Ask (update order book)
- Cancel Bid/Ask

Then there are events such as
- order book updates
- coins received into address
- pending withdraw completed (transaction executed on blockchain)
- bid/ask order executed

The command and event channel are asynchronous and will run over anything that can send bytes. In this case I am running over uTP.
- Bitmessage
- IRC
- TOX
- Torchat, etc
- email
- SMS
- tor

Eventually it should be possible to have multiple transports and go hop to hop from nodes to communicate with a destination designated by a public key hash (purpose of the darknet/meshnet/vpn).

This is moving away from
- no dependence upon the operating system
- no dependence upon a web browser
- no dependence upon DNS
- no dependence upon HTTPS
- no C code that can be buffer overflowed (memory safe)
- no external library dependencies (4,000 lines of code)
- easy to extend or modify

Maybe will have a command line for getting the unspent outputs for an address or creating transactions by hand.

Right now, the exchange just has to replace bitmessage for buying/selling, because it is too slow and frustrating.

This is also a test, to see if this is the right interface type for darknet/vpn/routing administration.

Update:

The cryptography port problems are taking too much time. I am getting sick of trying to figure this out and want to move on to next thing. I need to take break from this and do something else for a while.

This requires going line by line comparing against the SIPA implementation and figuring out why there are different outputs for certain inputs.

The exchange is done, except for gui and the crypto library port for cross compilation for windows/osx.

Update:


Crypto Library:

Bad news, the crypto library problem is severe. In the new upgrade the public key for 1 in 1200 private keys will be different. To standardize it to Bitcoin. Only one or two people should be affected and we will replace the coins if they are unable to get them out of the wallet and send us the private key.

Every single crypto library outputs different values for the same inputs for a subset of the keys and it is extremely frustrating.

We had fixed signature malleability before MtGox went down or anyone had heard of signature malleability, but we did not expect that raising the base point to a given power, would give different public keys between implementations, which would pass validation.

There are unit tests, that you do not write because there is no way they can fail, but if you try them for random inputs they often fail. Some of the bugs are incredible, such as implementations returning the same public key for a private key, but the public key fails validation and signing a message succeeds for that private/public key pair, but validating it fails, but the signature operation returned without error.

This is extremely frustrating, because we assumed that these operations were deterministic, standardized and mathematically sound. The equations used, give no room or latitude between implementations, so we have no idea how this happens.

This is also an immense time sink and extremely demoralizing. I fixed sixteen things and then thought I was on last one, but then find two more.

One of the bugs was so severe, that if the library was used in the exchange, then 1 in 16,000 Bitcoin addresses generated, would have resulted in addresses where the coins could not have been recovered from the address. Each Bitcoin project is using slightly different crypto libraries, with different versions and there are some bizarre edge cases.

Also, for EDCH key exchange, raising the power of a public key (a point on a curve) by a private key (multiplication), often givens different outputs. p*Q != q*P for some implementations or some private/public key inputs! This is insane.

There was a Snowden slide where the NSA bragged they could break any crypto currently in use and I believe it is because, if you input shit data, every implementation is currently bugged and spits out bits of the private keys. OpenSSH had bugs such as heart bleed, where you could just buffer overflow the library and read out the private keys or even do remote code execution. So every single HTTPS server with openssh, they can just buffer overflow it and root the box and steal whatever they want.

Each one of these bugs takes six to ten hours to find/fix and the last bug we are dealing with is so bizarre, that I have no idea how it is even possible. Many of these bugs, are similar to
- function does not return error, but the output is invalid
- function does not return error, output is valid, signature using output fails validation but succeeds without error
- ...

Exchange:

I am working on the terminal application for the exchange. This will be like a bloomberg terminal for Bitcoin/Skycoin. You can just put in passphrase and will load the deterministic wallet and can do operations.

NSA:

There are new types of cyber attacks appearing. DNS injection attacks. HTTPS websites being timed out. So if you try to access certain blogs, they will degrade service. You will be frustrated and have to reload page several times. The server ping will be 10 ms, but page wont load or will take 30 seconds.

There appear to be servers on the internet now, that are designed to fuck with people's traffic.

Twitter/Facebook are being locked down. If you tweet about leaked NSA documents, the tweet disappears on the line.
- http://members.efn.org/~paulmd/OwnWork/AdventuresinCensorship.pdf

Many people have noticed how bad the censorship filtering is getting.
- there is filtering at the cache/CDN level
- there is filtering at the Twitter level, where advertisers can pay to make bad things about them disappear and good things to appear, to "manage their brand". And allow governments/corporations to control people's minds by out spending truth.
- there appears to be on the line filtering, where content is being removed or modified between the webserver and the browser. If the government does not like a particular post or link to a website, they can just make it disappear.

DNS requests are unencrypted and encrypted DNS is being suppressed (the NSA and military relies upon it for a lot of metadata and military programs. they had wikipedia admins go in and delete/redirect the pages on encrypted DNS alternatives). Since the request is unencrypyed, it tells anyone listening exactly what websites you are visiting. Now, those requests are being modified, so accessing certain websites ends up getting you redirected to a server that just times out. It gets toggled on and off randomly, so it looks like the website is down, but it is not.

The whole internet is being turned into a corporate shit net. The governments are
- trying to rig the elections (destroy independent political parties, censor criticism of corrupt politicians)
- trying to censor the pedophile leaks from going viral
- trying to gain ability to control what their populations believe (psychological warfare)
- trying to protect corporations against being held accountable by public (mind control, thought control)
- trying to shut down Russia Today and Alternative Media
- building the capacity to stop information that the FSB or wikileaks may release later from going viral on social media platforms (ability to enforce media black out, links and posts will just disappear from other people's feeds, the posters -accounts will be silenced or isolated)
- building out spamming capacity, to attack and destroy online social groups they dont like, by flooding them with shill bots and diluting the content to level where users flee the platform. For instance, by flooding a blog with hundreds of shit or low quality comments to dilute out the good comments. They are just going to keep "churning" the platforms and scattering the user communities, to prevent another anon from forming and to keep people separated into small manageable groups that spend all their time fighting with each other. Dozens of techniques like this are being developed and used (capacities), by governments, political organizations and corporations.
- building out router/infrastructure capacity to shut down or control applications such as BitTorrent, Tor, Bitcoin, messaging applications, VPNs

The internet is being weaponized in a fascist corporate/government takeover. Every single protocol they can subvert, they are doing that or testing the capacity. Every single meter of control or power control over the internet they can take, they are seizing it.

This is article by one of the pirate bay founders. There is civilization collapse level nihilism here.
- http://motherboard.vice.com/read/pirate-bay-founder-peter-sunde-i-have-given-up

The good news, is that the next generation internet protocols will be immune to these problems. They are in progress.

Update:

I want to kill someone. Fixed dozens of bugs with the crypto library port.

The sipa and gocoin libsecp256k1 implementation differ slightly and output different public keys for the same private key for some inputs (every few thousand keys).

Slightly different public keys are outputted for the same secret key.

seckey  = 8ba2269ad9d5090c891043dcbda618802d50bbfd7aa548173a9ecb5d2107ffbc
pubkey1 = 02ec9b470f72b4a28d1ae507d7c8ddfa5c5385db96e905400175093e48ef5ace0d
pubkey2 = 02ec9b470f72b4a28d1ae507d7c8ddfa5c5385db96e905800175093e48ef5ace0d

seckey  = e329e5d4f6224566c3464dbe16bdae499566504d7cbca6b77274f835e4838c7e
pubkey1 = 022c3166ffaed91846653d0179b2daf467d0a736e94ca1c0020cd165881aeee572
pubkey2 = 022c3166ffaed91846653d0179b2daf467d0a736e94ca200020cd165881aeee572

seckey  = 27fa25141c11169208c822e8bb6a1dcd3f991dfd20f393a184498434695e0e14
pubkey1 = 03bd957a507e3f7fdeeb7487613acfbd931a600f9d0806000042fc54bc548a2e05
pubkey2 = 03bd957a507e3f7fdeeb7487613acfbd931a600f9d0806400042fc54bc548a2e05

seckey  = 7ab1d121b0884002b583dec1a48d7dec5f8677836b1bbb77701b1a581a6f2398
pubkey1 = 02532980c1d8c8f2989a31e4b412705da65c60ab6f6b6ac0018ed87f3d080d77c3
pubkey2 = 02532980c1d8c8f2989a31e4b412705da65c60ab6f6b6b00018ed87f3d080d77c3

seckey  = e56e99ebef0383058765e780dd1f7f5b3dfa6dffe47e545cf4c2a0d908b9c06d
pubkey1 = 021e41e0ad1778ad20aaa2d4c3780973f330f002b292a54001da80e4e467c4f742
pubkey2 = 021e41e0ad1778ad20aaa2d4c3780973f330f002b292a58001da80e4e467c4f742

The only contractor who knows what library is doing, cant/wont help because it is too time consuming. It took about 6000 lines of unit tests (almost larger than skycoin), just to find all the bugs. I cannot release it until the unit tests for deterministic wallet generation pass.

If you raise the same base point to the same power, you should get the same public key. It should not differ between implementations, for some small subset of keys.

I cannot describe how time consuming this is.

Update:

The crypto library is not deterministic. It is failing for every one in twelve thousand keys.
- A private key should be a 32 byte integer, that is not zero and which is less than the order of the curve.
- The base point is raised to the power of the private key, to generate a public key

If you use the same private key, you should get the same public key. Between two different secp256k1 implementations.

This is not happening! It is failing. We wrote 80 unit tests putting random examples in and they do not match up. We have to go line by line, figuring out where it fails and why.

- It is absolutely exhausting
- It is extremely time consuming
- When it is done, the program will do exactly the same thing it does now (it is just replacing a library in C, with a library in Go that does exactly the same thing)

An example, is that a square root operation may fail for some input in library 1, but in library 2 the square root operation does not fail and the program gives a different output.

Getting the cryptography to be deterministic has been a nightmare.

Every single crypto library we have tested has had a few bugs. Sipa's library was perfrect, except for small crash for certain inputs, which he fixed. We put redundant error checking everywhere
- check that same private key generates same pubic key for same implementation (across large number of random keys)
- check that same private key generates same public key for different implementations
- check that signatures/recovery works for large set of random keys
- check that invalid keys are rejected (negative tests)
- test that randomly generated invalid signatures are rejected (negative tests)
- ... 80 other tests

Most of the library succeed on the positives (they work), but they often fail the negative tests.

...

I will be happy when this is over.

We are working with two other companies now, who have similar infrastructure/needs and they are sharing developers.

Research

In past four months, we have made some research advances.
- architecture for how meshnet/darknet needs to be implemented (no fixed program will work in long term, so collection of small specialized programs and method of chaining them together into useful system)
- primitives for network node (how to structure it so there are as few primitives as possible and they are easy to understand and implement)
- interface for how user will interact with software. Bitorrent is P2P, but it is still a single application running on a single machine. This type of network requires user to interact with +300 nodes, each independently running their own software and communicating together. Allowing users to interact with system and have introspection into what is going on, is difficult. If the user cannot see into the software and see what it is doing, they cannot fix it when it breaks or gets blocked. We decided console/terminal interface is best.
- we decided that users need to be able to perform introspection and monkey patch software if necessary. If it is not working, it cannot just show red circle like VPN GUI. They have to be able to see what is working or not working, then be able to take actions to fix or mitigate it. It is impossible to automate completely, handling many network situations.

Some of these issues, are issues I have with other software. Such as Bitmessage getting blocked if traffic goes through certain countries. Governments are beginning to block bitorrent. They will not just block bitorrent, but any traffic transiting through that country will be blocked also. The internet will fragment into hundreds of pieces and whether you can connect to an IP address will depend on where you are trying to connect from, the destination and multiple harassment, degradation and connection throttling way points the data has to travel through.

You wont have a single IP address. Application A will tunnel through to node B on protocol B1 and then from node B to node C using protocol B2 to country C. Application B will be running on a different pathway.

There are scripts for tying the paths together, or multiplexing multiple paths for higher bandwidth. Each hop on a path is a route.

Another major innovation (which is very significant), is that we figured out mathematically how to use one way asymmetric data links in the network as the basic primitive. This means that Node A can only send data to Node B, but node B cannot communicate back directly.
- military and intelligence applications will benefit from this, but does not affect most users
- This means for rural areas, you can take a wifi transceiver and an amplifier and boost the signal to illegal power levels. You can send data over 50 km and receive it on other side, but the weaker receiving antenna wont necessarily be able to send a signal back that can be picked up.
- A powerful HAM setup may be able to transmit long range and get picked up by a handset, but the handset does not have enough power to transmit back to the mega antenna

Military and intelligence often use systems like this
- A large radio receiver transmits a numbers station over a whole country
- The signal can be received by innocuous civilian radio and the message transcribed and decrypted
- a dead drop or another message channel is used to confirm message receipt, which eventually get routed to the station chief

The transmit and receive channel are not the same.

Satellite internet also uses an asymmetrical channel
- the satellite beams data to the local user at an extremely high rate
- the user communicates back to the satellite over a telephone line

Asymmetric connections are too complicated for normal users, but some organization have a use for them. For instance, if operating in country with blocking and extensive traffic analysis, messages or data feeds can be embedded in Youtube video. The access pattern looks normal and wont get someone tortured or flagged for interrogation.

Another thing is protocol tunneling. The encryption and encryption is very general. There is a just a script that the length prefixed messages get encoded by and then passed on.
- for an internal corporate network, you can have private keys and what application opened connection from what computer  and have deterministic private key generation so that the traffic can be read by exit point for policy enforcement
- you can swap out encryption algorithm just by changing script

An example of script chaining is
- a script that outputs binary packets as markov chain text (make it look like email/chat conversation)
- a script that tunnels the connection over AIM/XMPP/Skype from username/password to destination account

Another concept is called "idiotypic selection".
- You choose a metric/goal
- You choose a set of methods of solving problem
- the software chooses the best method for the current situation

For example;
- You are in Virginia piloting a drone in Afghanistan
- There are multiple satellites and ground stations you can bounce through
- The drone may be in range of a military base with ground radio connection and the drone also has lower speed direct satellite communication
- You want software to choose path that has lowest latency, but lowest jittter. So 100 ms latency may be better, than 50 ms latency with plus minus 50 ms on each packet.
- The software will make multiple paths and dynamically try to minimize target by changing traffic flow and opportunistically using connections as they become available or go out of range

If the software performs badly, you can still go in and set a route by hand or set multiple routes by hand. For instance, if a transceiver becomes congested and stops sending packets for seconds at a time, you might explicitly blacklist that path. Changing the network policy, should be a few key strokes in an environment that looks like Dwarf Fortress.

There is a feedback loop between the human/computer system
- user can set policy script that will behave automatically (default automatic behavior)
- user can see results and introspect operations graphically (introspection and feedback)
- user can make strategic action inputs into system if needed (actions, policy changes)

For a VOIP call, you want low latency, but you do not want network cutting out every four seconds for one second. The delay/latency should not change from 1 second to 4 seconds and go back and forth, but should be constant.

"idiotypic selection" is important not at the single node level, but for the system as a whole. A communication system may have dozens of users and consist of hundreds of radios, fiber optic links, free space communication paths, satellites, aircraft and ground installations.
- The communication network will have multiple users with competing uses
- A user cannot manual configure or control hundreds of nodes, so default and automatic policy is important

"idiotypic selection" reifies the "system of systems", into a single system that can be acted upon. Each node sends state and performance information to other nodes, who can aggregate that information and then make changes to nodes lower in the network to achieve performance objectives.

The simpliest idioypic selection algorithm, might be (one armed bandit)
- if there are 12 wifi channels
- flip through different frequency channels to find the one that works best

For instance, some Ghz frequencies work very well, except when it rains and then they are useless. Or 700 Mhz penetrates very well if you are inside in concrete building, but if you have line of sight then you will use other frequencies.

A frequency for wifi may work very well, except at certain times of the day or when it is congested. Going over 50% channel capacity utilization, can cause Ethernet frame collisions with other devices, causing endless cycle of retransmission attempts and collisions, or bursts of network outage or competitive transmission power dynamics that are pathological (such as wifi connection working very well, but dropping every 20 seconds or sporadically).

At a basic level the "Do random things until it works" strategy can be automated. So a soldier or cell phone user is not sitting there, fiddling with settings and hitting buttons or connecting and reconnecting to the VPN until it works. This works when you have a finite, enumerated lists of actions and the software measure whether its working.

Look at the military requirements and systems the DoD has used and naval communication systems has helped a lot.





They want
- horizontal links between devices at each layer
- vertical links between layers
- dynamic network reconfiguration

This type of networking, is impossible in the existing paradigm. You cannot achieve this with IP addresses and BGP. IPv6 did not solve multihoming. It requires new types of routing and address space, I proved that a year ago.

When different types of networking were being chosen in the early internet, the NSA must have looked at CISCO's packet switching technology and said "We can do this, then route all the traffic through the US and intercept everything". Certain companies were bought out, shutdown. Certain protocols like end-to-end opportunistic encryption were stifled from being standardized. Certain protocols like IPSEC were compromised.

Centralizing control of information, surveillance was a means of obtaining and maintaining power and hierarchy. The technologies were carefully steered and other technologies prevented from development. The groups that exploited or benefited from this, where clandestine and outside or above the state. The "NSA" was just pretense to put the capacities in, but they were left wide open (which is reason for current OPSEC and cyber-security problems, they were by design).

The next generation internet for IoT, has particular properties and there are few ways to meet the requirements. You can enumerate the properties/structures of all possible networking systems and protocols at an abstract level, using category theory.

There is not a choice. You end up with a very simple form of  software defined networking. You end up throwing out all the crap the existing network is built on and get two or three primitives. Even if you use IPv6, you are only tunneling the native protocol over it.

The governments will try to "pass laws" or backdoor the devices, ban encryption or monitor all the traffic somehow, but from a mathematical perspective, there is a futility to it. They might as well try to pass a law banning odd integers or changing the value of pi and then try to force that on people at gun point. Despite the futility, they will try anyways and will get laughed at.

"We flooded the country with 3rd world immigrants and had them stage terrorist attacks to get this bill passed and what do you mean its 'not enforceable'!?".  We have seen this before.

Meshnet/VPN/Darknet

I have a simple scripting language, that you can write on a napkin, with three types (uint64, uint32 and []byte) and structs. C like, very similar/identical to golang but may simply syntax.

The routing is very simple.

I want to get to this soon.

Update

One of the three major project milestones is almost done. The crypto library port is nearly finished.

I am excited about checking this off list, because it is one of the most critical and time consuming things.

Boring Details

This is the fourth crypto library we have gone through. After first, we had to do testing and write fuzzing library and test suite, to make sure that the new library behaves as it should and do not not have strange edge cases. We found problems or bugs with every library so far.

It is very tedious, because the results needs to be exactly the same down to the bit, or deterministic wallets are screwed up or a weak key can be generated, or if invalid input is allowed it can leak bits of your private key. There are also issues with little endian vs big endian for data inputs and enforcing signature malleability.

For instance, nearly every single implementation of RSA is screwed up. If you input random data or weird/invalid edge cases, you get different outputs for each implementation and you can often get them to leak bits of the private key.

We are using gocoin's goloang port of SIPA's implementation of SIPA's implementation of secp256k1, that he wrote to replace OpenSSL. We found some problems, such as allowing public key generation from a private key with an order greater than the order of the curve. Public key generation from the private key succeeds without error, but the public key fails validation or cannot be used.

I wrote 80 unit tests, generating random instances and checking the implementations against each other on billions of inputs and am going through and fixing up last bugs.

Meshnet/Darknet

Will have update on this soon.

Major progress. There was no GUI to allow it to do what was needed, so decided on terminal interface and small scripting language. The terminal and shell interface type is very powerful.

You can generate things like this in a few lines. Its a lot better than HTML or gui interface.



The idea is to have a small scripting language like C/Go and have shell, where users can patch together scripts. If HTTPS is unblocked out of country, you might run script to tunnel out going connection over HTTPS or embed the data stream in another protocol, like email.



A node has "severlets" which are these small scripts, that communicate by sending length prefixed messages to each other (simple format). A node will be running multiple scripts at once. A script might expose an API, so other scripts can grab data from it (like a webserver) and then another script locally might render an animated graph. Or you can sub-divide the terminal into panes or sub-windows, with a script that has scripts running in the sub-windows.

The most difficult part of the meshnet, is that you may have three hundred nodes and you need status reports, data, need to be able to rapidly modify them and get information. So you have to have scripts, running scripts on the remote nodes and pulling data into a "command center" where you can see what is going on.

The simplest script and the core backbone, takes in a packet over a "channel", then reads the header and then forwards the packet to the next node on a path.

I want something that a 12 or 14 year old can monkey patch or improve. The kind of internet blocking we will see in the future may be extreme and there is no configure that works best in all situations.

This is technically a "multi-agent system", which is one step beyond "peer to peer". It is "cybernetic" instead of peer to peer. You have multiple agents with their own state, resources and set of actions they can do. They exchanging messages with each other and try to cooperatively achieve a goal, but each agent only has its local view of what is going on and needs to communicate with the other agents to coordinate.



This is a new research area, but there are very simple algorithms that appear to work pretty well.