Obyte: Totally new consensus algorithm + private untraceable payments

[SatoNatomato]

edit2: if using the chromiu-args proxy workaround, make it something else than 127.0.0.1, like 127.6.6.6 to avoid more other problems.

What other problems and how doing this would avoid them?

people have other services bound to 127.0.0.1 listening and think theyre safe. Developers of those services think hey its unreachable. But if you set proxy to it, you allow any other exploits or mistakes in wallet to affect those services.

There has been examples of webpages getting posibility to send requests to 127.0.0.1 exploiting all kinds of daemons listening there

Defense in depth..

[SatoNatomato]

From the Whitepaper:
 

Reliance on witnesses is what makes Byteball rooted in the real world.

Reading through the Whitepaper it seems that the devs took Bob McElrath's "Braiding Bitcoin" idea and solved the consensus problem by using trusted nodes (like Ripple) instead of an algorithm.

So it's basically something like Ripple but using a DAG instead of sequential blocks.

Kudos for starting somewhere, but this isn't a decentralized solution and is vulnerable to sybil attacks.

Hello Come-from-Beyonds sockpuppet.

Nice trolling.

To all reading except the troll:

Byteball is decentralized, trustless between users/nodes, and each user/node must trust his selection of witnesses.

This is no diffrent than trusting bitcoin miners will continue their operations and bitcoin node operators. The worst that could happen if witnesses misbehave is they are replaced.

Byteball is sybil resistant, you cant do any damage by spawning millions of wallets or fake users. You can spawn a witness but it will only loose bytes as nobody has it as its selecion. You cant even replace all the 12 witnesses with fake ones.

[SatoNatomato]

From the Whitepaper:
 

Reliance on witnesses is what makes Byteball rooted in the real world.

Reading through the Whitepaper it seems that the devs took Bob McElrath's "Braiding Bitcoin" idea and solved the consensus problem by using trusted nodes (like Ripple) instead of an algorithm.

So it's basically something like Ripple but using a DAG instead of sequential blocks.

Kudos for starting somewhere, but this isn't a decentralized solution and is vulnerable to sybil attacks.

in the parts 4. Double-spends / 5. The main chain / 6. Witnesses of the whitelist u can see reviews for these cases.

Does this project have a double-spends problem?

No.

@davidovski, all gmen have to do to take down bitcoin is at gunpoint threaten a few people who are running the miners. See Namecoin pool had over 50% hashpower for a while before people even noticed. Bitcoin is useful even to gmen and bankers so they dont take it down. Ina year or so most taxoffices would like to run their own witnesses or hubs. Like they run bitcoin full nodes today to inspect and find who needs to pay taxes. We still have blackbytes though.

[kola-schaar]

In the second round, we'll distribute as much as is linked and calculated by the above rules, the exact % is not known in advance.

could it be 10% at second round ?

No

1. BTC -> Byte 
=> estimated ~100000 BTC linked (at 2. round) => 6250 GByte distributed

2. Byte -> Byte
=>  100000 GBytes (10% from the first round) => 10000 GBytes  distributed

3. Total
Total: 16250 GBytes distributed at 2. round => 16250/1000000 = 1,6 %

4. Total distributed 1. + 2. round
11.6 % or 100000 (1. round) + 16250 (2. round) = 116250 Gbytes

[tonych]

Hi
tonych

maybe you can ask poloniex list byteball, so we can spread byteball to more people, as an developer you request counter more weight than community members.

thank you

here is the link:

https://poloniex.com/coinRequest

Requested a couple of times, no response so far.  Maybe they wait for more votes?

[tonych]

I read those sections, but (the way I understand it at least) at some point the network still relies on trusted nodes to function, leaving it wide open to sybil attacks.

Could you be more specific please, how would you sybil attack?

[SatoNatomato]

@tonych, concerning nwjs and google requests, the proxy-to 127.7.7.7 solution, to make it better, can the wallet listen on 127.7.7.7:9989 for example, and have the proxy-set to that, with a username+password which is random for each start (proxy http://rand:0m@127.7.7.7:9989 ) - then, the listener if it detects this username+password request on 9989 - log a warning/shutdown, huge fuckup is happpening? May be over-engineering though.

[lizidev]

I read those sections, but (the way I understand it at least) at some point the network still relies on trusted nodes to function, leaving it wide open to sybil attacks.

Could you be more specific please, how would you sybil attack?

Dev:

Code:

Could not sent payment:know  bad

Why send is so unstable,It  have a  lot  of bugs.

[escapefrom3dom]

I read those sections, but (the way I understand it at least) at some point the network still relies on trusted nodes to function, leaving it wide open to sybil attacks.

Could you be more specific please, how would you sybil attack?

Dev:

Code:

Could not sent payment:know  bad

Why send is so unstable,It  have a  lot  of bugs.

specife the sendind issue.

[Meuh5598i]

Hi
tonych

maybe you can ask poloniex list byteball, so we can spread byteball to more people, as an developer you request counter more weight than community members.

thank you

here is the link:

https://poloniex.com/coinRequest

Requested a couple of times, no response so far.  Maybe they wait for more votes?

Now a days they're not adding any good coin,unless you pay their fees for instant listing.A lots of new coins were added in poloniex,but not all of them are legit and good.

[johhnyUA]

Hi
tonych

maybe you can ask poloniex list byteball, so we can spread byteball to more people, as an developer you request counter more weight than community members.

thank you

here is the link:

https://poloniex.com/coinRequest

Requested a couple of times, no response so far.  Maybe they wait for more votes?

Now a days they're not adding any good coin,unless you pay their fees for instant listing.A lots of new coins were added in poloniex,but not all of them are legit and good.

Poloniex it's very close to repeat the fate of Crypty (i mean exchanger) and MtGox. Very, very close.
Day after day this exchanger became more and more trustless. For me it's not good to spend our time to trying to add byteball to this excahnger.

[escapefrom3dom]

Hi
tonych

maybe you can ask poloniex list byteball, so we can spread byteball to more people, as an developer you request counter more weight than community members.

thank you

here is the link:

https://poloniex.com/coinRequest

Requested a couple of times, no response so far.  Maybe they wait for more votes?

Now a days they're not adding any good coin,unless you pay their fees for instant listing.A lots of new coins were added in poloniex,but not all of them are legit and good.

Poloniex it's very close to repeat the fate of Crypty (i mean exchanger) and MtGox. Very, very close.
Day after day this exchanger became more and more trustless. For me it's not good to spend our time to trying to add byteball to this excahnger.

why is that?

[vlom]

why does the OS X app try to connect to google?

plus.google.com TCP-Port 443 (https)

What makes you think so?
There are no references to any sites (except the default hub) in the source code.

because little snitch tells my that the app wants to connect.

Seems to be nwjs, the component used by Byteball. Maybe it means NodeWebKit.js and is the browser-bundled up.

Google is known for adding a bunch of shit in every source-code they touch to "resolve" something on their servers. This could be information leakage, especially when using it over Tor - who knows what it sends to Google even if it is the hostname and datetime its too much.

@tonych, maybe see if there is a default option which has to be turned off when importing/using nwjs?

edit: https://github.com/nwjs/nw.js/issues/5343 just one issue, expect 100 more "accidents" by google. edit2: if using the chromiu-args proxy workaround, make it something else than 127.0.0.1, like 127.6.6.6 to avoid more other problems.

everyone how is happy that i posted this can send my some bytes. i still don't have any.

ZLQAYBCCZT2DBBD6KSLXJYCYR6QMU2VK

thank you very much.

i am not sure if this is a security problem if you use a VPN.
but with tor? if not every connections is torified then this could really leak your IP.

i don't want to fud. i am just concerned about privacy. and i am not a hardcore techie.

[freezal]

Hi tonych,

Please, let us known if the following reasoning is correct.

Say there are N wallets running on the byteball network at a given time.
All of them have the same list of 12 witnesses, all them being the 12 witnesses services you currently run to bootstrap the network securely.
Now, imagine that each one of those N wallets change 1 of their witnesses to another one, but that every one change to a different one (I know that is not the way it's meant to occur in practice, but this is a theoretical reasoning).  I mean, now there are N different witnesses plus the 12 you run.
After this, is it possible for any wallet to change its list of 12 witnesses, at the same time, by any subset of 12 witnesses from the N witnesses set there are now at the network (not your 12 ones)?

[SatoNatomato]

why does the OS X app try to connect to google?

plus.google.com TCP-Port 443 (https)

What makes you think so?
There are no references to any sites (except the default hub) in the source code.

because little snitch tells my that the app wants to connect.

Seems to be nwjs, the component used by Byteball. Maybe it means NodeWebKit.js and is the browser-bundled up.

Google is known for adding a bunch of shit in every source-code they touch to "resolve" something on their servers. This could be information leakage, especially when using it over Tor - who knows what it sends to Google even if it is the hostname and datetime its too much.

@tonych, maybe see if there is a default option which has to be turned off when importing/using nwjs?

edit: https://github.com/nwjs/nw.js/issues/5343 just one issue, expect 100 more "accidents" by google. edit2: if using the chromiu-args proxy workaround, make it something else than 127.0.0.1, like 127.6.6.6 to avoid more other problems.

everyone how is happy that i posted this can send my some bytes. i still don't have any.

ZLQAYBCCZT2DBBD6KSLXJYCYR6QMU2VK

thank you very much.

i am not sure if this is a security problem if you use a VPN.
but with tor? if not every connections is torified then this could really leak your IP.

i don't want to fud. i am just concerned about privacy. and i am not a hardcore techie.

Sent you some as thanks for reporting this finding.

If wallet is torified/socksify/proxychains-ng, the call to google will also go over Tor. Will not leak your public IP, but still not good.

[vlom]

thank you for the bytes and thanks for the explanation concerning the connections through TOR.

i will try to find out what exactly is send to google. or do you already know this.

[freezal]

why does the OS X app try to connect to google?

plus.google.com TCP-Port 443 (https)

What makes you think so?
There are no references to any sites (except the default hub) in the source code.

because little snitch tells my that the app wants to connect.

Seems to be nwjs, the component used by Byteball. Maybe it means NodeWebKit.js and is the browser-bundled up.

Google is known for adding a bunch of shit in every source-code they touch to "resolve" something on their servers. This could be information leakage, especially when using it over Tor - who knows what it sends to Google even if it is the hostname and datetime its too much.

@tonych, maybe see if there is a default option which has to be turned off when importing/using nwjs?

edit: https://github.com/nwjs/nw.js/issues/5343 just one issue, expect 100 more "accidents" by google. edit2: if using the chromiu-args proxy workaround, make it something else than 127.0.0.1, like 127.6.6.6 to avoid more other problems.

everyone how is happy that i posted this can send my some bytes. i still don't have any.

ZLQAYBCCZT2DBBD6KSLXJYCYR6QMU2VK

thank you very much.

i am not sure if this is a security problem if you use a VPN.
but with tor? if not every connections is torified then this could really leak your IP.

i don't want to fud. i am just concerned about privacy. and i am not a hardcore techie.

Sent you some as thanks for reporting this finding.

If wallet is torified/socksify/proxychains-ng, the call to google will also go over Tor. Will not leak your public IP, but still not good.

Let me add, and even more so if you use whonix.
I can attest it works.

[SatoNatomato]

thank you for the bytes and thanks for the explanation concerning the connections through TOR.

i will try to find out what exactly is send to google. or do you already know this.

I do not know, its difficult to find out since its TLS 443.

You can also block it by saying in your /etc/hosts 127.1.2.3 plus.google.com google.com but that will block for all other programs too.

To reveal what it is requesting is, if on Linux, run it with strace with filter on file/read/write and network system-calls.  

[vlom]

an other connection. this one if funny a tiny picture.

i.ytimg.com

wants to connect to i.ytimg.com on TCP port 443 (https)

   IP Address   172.217.22.174
   Reverse DNS Name   arn09s11-in-f14.1e100.net
   Established by   /Applications/Byteball.app/Contents/MacOS/nwjs
   Process ID   3668

something googelish according the IP

i will no stop reporting. because i think it is clear that nwjs thing is the reason. dev will know what to do.

[escapefrom3dom]

an other connection. this one if funny a tiny picture.

i.ytimg.com

wants to connect to i.ytimg.com on TCP port 443 (https)

   IP Address   172.217.22.174
   Reverse DNS Name   arn09s11-in-f14.1e100.net
   Established by   /Applications/Byteball.app/Contents/MacOS/nwjs
   Process ID   3668

something googelish according the IP

i will no stop reporting. because i think it is clear that nwjs thing is the reason. dev will no what to do.

good job but don't go paranoid.

just collect the all issues and make gathered report, it would be better than separate posts.