Why Ripple™ is against everything Bitcoin

[oakpacific]

It's equally possible that I am indeed being framed, and by ostracizing me, you effectively choose to trust the evil guy.

so the worst thing that could happen to me is that my validator needs to run with a smaller list of trusted nodes. As long as the list is sufficiently diverse that doesn't hurt.

I can employ this(and other) tactic to eliminate enough validators from your UNL to push my percentage to over 51%, so your "as long as" becomes invalid, consensus should work when I, a malicious guy, controls only 30%(I am sure not going to tell you) of your trusted nodes, gaining 21% more control by eliminating somehow "more susceptible" non-colluding nodes doesn't sound too impractical.


Besides, when a Ripple network is at its beginning, how do you decide which nodes are more trustworthy? A botnet may flood the whole network with its sockpuppets which obtain their XRPs through a variety of means, and stay as cooperative and helpful as possible, but after they start gaining people's trust they may start abusing it without even getting noticed, heck, they don't even need to be 51%, just big enough to have a significant number of trustworthy nodes. I suspect maybe Opencoin is now putting a tightened grasp on XRP control just because of this.

[1713972249]

1713972249

[1713972249]

1713972249

[1713972249]

1713972249

[🏰 TradeFortress 🏰]

It's equally possible that I am indeed being framed, and by ostracizing me, you effectively choose to trust the evil guy.

so the worst thing that could happen to me is that my validator needs to run with a smaller list of trusted nodes. As long as the list is sufficiently diverse that doesn't hurt.

I can employ this(and other) tactic to eliminate enough validators from your UNL to push my percentage to over 51%, so your "as long as" becomes invalid, consensus should work when I, a malicious guy, controls only 30%(I am sure not going to tell you) of your trusted nodes, gaining 21% more control by eliminating somehow "more susceptible" non-colluding nodes doesn't sound too impractical.


Besides, when a Ripple network is at its beginning, how do you decide which nodes are more trustworthy? A botnet may flood the whole network with its sockpuppets which obtain their XRPs through a variety of means, and stay as cooperative and helpful as possible, but after they start gaining people's trust they may start abusing it without even getting noticed, heck, they don't even need to be 51%, just big enough to have a significant number of trustworthy nodes. I suspect maybe Opencoin is now putting a tightened grasp on XRP control just because of this.

Don't forget that an OpenCoin Inc employee stated that if BTC gets 51% attacked, you lose all your bitcoins (you don't), but if Ripple gets attacked, you still have your XRPs (that's correct). I hope he's incompetent rather than purposefully misleading.

[oakpacific]

It's equally possible that I am indeed being framed, and by ostracizing me, you effectively choose to trust the evil guy.

so the worst thing that could happen to me is that my validator needs to run with a smaller list of trusted nodes. As long as the list is sufficiently diverse that doesn't hurt.

I can employ this(and other) tactic to eliminate enough validators from your UNL to push my percentage to over 51%, so your "as long as" becomes invalid, consensus should work when I, a malicious guy, controls only 30%(I am sure not going to tell you) of your trusted nodes, gaining 21% more control by eliminating somehow "more susceptible" non-colluding nodes doesn't sound too impractical.


Besides, when a Ripple network is at its beginning, how do you decide which nodes are more trustworthy? A botnet may flood the whole network with its sockpuppets which obtain their XRPs through a variety of means, and stay as cooperative and helpful as possible, but after they start gaining people's trust they may start abusing it without even getting noticed, heck, they don't even need to be 51%, just big enough to have a significant number of trustworthy nodes. I suspect maybe Opencoin is now putting a tightened grasp on XRP control just because of this.

Don't forget that an OpenCoin Inc employee stated that if BTC gets 51% attacked, you lose all your bitcoins (you don't), but if Ripple gets attacked, you still have your XRPs (that's correct). I hope he's incompetent rather than purposefully misleading.

And nobody will still use Bitcoin if it gets perpetually 51% attacked, the attacker will mine 100% of the blocks and it's pointless to mine anymore, while if 51% of the Ripple trusted nodes are controlled by a single entity, it's theoretically possible for the guy to hide the truth for years and abuse his power without being discovered. Not to say that the advantage an early Bitcoin miner builds up when it comes to validating transactions will mean nothing if he can't keep up with his mining infrastructure investment, which will cost him, while the early Ripple trusted nodes can perhaps enjoy their advantage for a long time, as people are inherently distrustful with newcomers.

[HurtK]

Don't forget that an OpenCoin Inc employee stated that if BTC gets 51% attacked, you lose all your bitcoins (you don't), but if Ripple gets attacked, you still have your XRPs (that's correct). I hope he's incompetent rather than purposefully misleading.

dont listen to this guy, he offered up to 5BTC to some people to post on this forum that Ripple is scam. Nobody is gonna give away thousands of dolars just because he is good guy and he thinks ripple is scam a people should know it, he has got some side interest and wants Ripple to fail.

see
https://bitcointalk.org/index.php?topic=145506.msg1544079#msg1544079

and here you can see he already payed more than 20+ BTC to spread his message
https://bitcointalk.org/index.php?topic=145506.0

[misterbigg]

...

Are you going to the Bitcoin conference? I hear that some of the Ripple developers will be there and they can address your concerns. Also, me and you can formally meet at last.

[Lauda]

I don't think it's a scam but who knows..

[Cryptoman]

My speculation:  Ripple is going to save Bitcoin from itself.  Ripple is that avenue that will allow Bitcoin to reach it's true value potential.  While many stand against Ripple (and there is much to be proven by OpenCoin) I think if all goes as planned, these same people will be thanking Ripple when they look at the new worth of their Bitcoin stashes.  IMO of course.   

This is my view as well.  Ripple brings to Bitcoin a way to improve transaction speed and liquidity.  Bitcoin brings to Ripple a way to store value that's been proven secure in the real world (the core protocol, at least), can be traded offline, requires zero trust and which has a democratic distribution mechanism.

[cdog]

Don't forget that an OpenCoin Inc employee stated that if BTC gets 51% attacked, you lose all your bitcoins (you don't), but if Ripple gets attacked, you still have your XRPs (that's correct). I hope he's incompetent rather than purposefully misleading.

dont listen to this guy, he offered up to 5BTC to some people to post on this forum that Ripple is scam. Nobody is gonna give away thousands of dolars just because he is good guy and he thinks ripple is scam a people should know it, he has got some side interest and wants Ripple to fail.

see
https://bitcointalk.org/index.php?topic=145506.msg1544079#msg1544079

and here you can see he already payed more than 20+ BTC to spread his message
https://bitcointalk.org/index.php?topic=145506.0

Ive read some outrageous things on here, but thats ridiculous and if someone is paying 5BTC to slander Ripple, then I should get like 50BTC.

Im as outspoken as ANYONE on BTCT about how Ripple is destined to fail, and I was never offered a nickel. If I was offered money to do so I absolutely WOULD ACCEPT IT because I truly believe Ripple is CRAP, and I LIKE MONEY, but I dont need to be paid to express my opinion forcefully.

Also, why would someone pay hundreds of USD in BTC per person when for probably 10 BTC total they could have 100+ people mega spam the board with Ripple-hate? It makes no sense, whatsoever... If poker taught me anything its that if you are going to make up lies, at least make up believable ones.

The truth is, a lot of really smart people just see right through Ripple. We see it for what it is. A con to separate suckers from their money.

[FreedomCoin]

from what i remember ripple is centralized and at any point authority can be changed... aka the Federal government can take control of Ripple... do not want

[ihsotas]

from what i remember ripple is centralized and at any point authority can be changed... aka the Federal government can take control of Ripple... do not want

You remember wrong.

[nameface]

from what i remember ripple is centralized and at any point authority can be changed... aka the Federal government can take control of Ripple... do not want

You remember wrong.

+1

[cypherdoc]

validators in the Ripple system sound like miners in the Bitcoin system.  they are both required to validate tx's in a ledger.  we'll call miners validators for the sake of this argument.

in Bitcoin, the 3 entities that are full node and carry the complete blockchain ledger are:

1.  mining pools
2.  individual miners
3.  users with full copy of blockchain ledger

in Bitcoin, the reason #1 and #2 are willing to act as validators/hashers are b/c they are paid; the coinbase reward and tx fees.  #3 validates out of altruism/philosophy and a desire to help the network via relaying tx's and decentralizing the network.

the problem i see in Ripple is that validators are not getting paid.  no one is going to let their computer cpu time get consumed w/o being paid.  Joel said new ledgers will need validating every 20 seconds.  that's a tremendous amount of work that Ripple will need to get done.  if most actors in Ripple refuse to be validators, as i believe they will, then that responsibility will fall on OpenCoin.  that is a huge problem right there due to centralization.

the other problem with validating every 20 sec is that the validator will need his private key available every 20 sec to digitally sign every ledger they deem accurate.  sounds to me like this private key needs to be in RAM constantly and will then be publicly exposed undermining security.

Ripple seems to ignore the fact that "work" needs to be done and paid for to sustain/build a robust p2p system which is what Bitcoin has.

[ihsotas]

Ive read some outrageous things on here, but thats ridiculous and if someone is paying 5BTC to slander Ripple, then I should get like 50BTC.

I totally agree with you, cdog. You're the undisputed king of slandering Ripple.

Wait...you do realize that "slander" means to make false statements about a person/entity, right?

[nameface]

Ive read some outrageous things on here, but thats ridiculous and if someone is paying 5BTC to slander Ripple, then I should get like 50BTC.

I totally agree with you, cdog. You're the undisputed king of slandering Ripple.

Wait...you do realize that "slander" means to make false statements about a person/entity, right?

Oh he's a slanderer for sure, but he also brings up decent points.

[JoelKatz]

The problem is how can you prove I am trying to be two validators?

I don't care. If you're being two solid, reliable validators, then that's great. That's twice as great. If at least one of them is crappy and unreliable, then why do I care that they're both you?

Say I only give one guy a false key, and if he's trying to accuse me then I can say everything including the supposedly signed ledger is made up by him, I can say I never produced such a thing, and the guy trying to accuse me is a fraudster himself.

This is actually a theoretically plausible attack currently. Thanks for noticing it. It's not difficult to fix -- we can either check the key with others (so we have others to establish he gave out the key) or we can force him to sign the key with a key traceable to him (say, issued by a CA).

It's not really relevant, you have to either trust a authoritative third-party or the people who transmitted this information to you, like the digital certificate of the website(PKI), forum on which your website address is published, or other Ripplers who told you where the validator's website is(web of trust). Most importantly, you can't prove I am cheating if I try to frame someone by claiming I received a copy of ledger signed with a different key from him, especially if I control more nodes than him(nowhere near 51%), which are not known to collude.

You're correct. We need an undeniable way to associate keys with the identities you trust. It's not difficult to do, it just needs to be done.

[JoelKatz]

the problem i see in Ripple is that validators are not getting paid.  no one is going to let their computer cpu time get consumed w/o being paid.  Joel said new ledgers will need validating every 20 seconds.  that's a tremendous amount of work that Ripple will need to get done.  if most actors in Ripple refuse to be validators, as i believe they will, then that responsibility will fall on OpenCoin.  that is a huge problem right there due to centralization.

The load difference of being a validator over a tracking server is negligible, it's at most one ECDSA signature per second and typically much less. People will run tracking servers because there's no other reliable way to get a high-speed pathway into the Ripple network. That will mean gateways and arbitragers will be validators too. Also, being a trusted validator gives you a say in the process by which new features are added to the network.

the other problem with validating every 20 sec is that the validator will need his private key available every 20 sec to digitally sign every ledger they deem accurate.  sounds to me like this private key needs to be in RAM constantly and will then be publicly exposed undermining security.

That's true. It's akin to running a Bitcoin hot wallet. Validators can easily rotate their keys. Once the network is more distributed, you'll have to compromise an awful lot of keys to do any real harm.

Ripple seems to ignore the fact that "work" needs to be done and paid for to sustain/build a robust p2p system which is what Bitcoin has.

People will do that work because they want to use the system. Miners have to mine, but they don't have to provide blockchain downloads. But they still do.

[nameface]

...well this thread has certainly been derailed 

I kinda miss the FUD and slander TBH.

[misterbigg]

validators in the Ripple system sound like miners in the Bitcoin system.

Not exactly. Validators don't get compensated directly. The XRPs used to pay for transactions are simply destroyed.

the problem i see in Ripple is that validators are not getting paid.  no one is going to let their computer cpu time get consumed w/o being paid.

Yes and no. Tor exit nodes don't get paid and yet, there are lots of them. Commercial interests have an incentive to make sure that there are plenty of independent validators, since having them secures the Ripple network.

Joel said new ledgers will need validating every 20 seconds.  that's a tremendous amount of work that Ripple will need to get done.

20 seconds if there's no transaction activity. Even more often otherwise!

responsibility will fall on OpenCoin.  that is a huge problem right there due to centralization.

Right. We don't want this.

the other problem with validating every 20 sec is that the validator will need his private key available every 20 sec to digitally sign every ledger they deem accurate.  sounds to me like this private key needs to be in RAM constantly and will then be publicly exposed undermining security.

A validator doesn't have to connect to the public network. It can sit on a private network, connected to a second rippled instance that is connected to the public network. Validators can publish their validations into the network from any access point, it is not necessary for nodes to be directly connected to a validator to receive the validations.

Ripple seems to ignore the fact that "work" needs to be done and paid for to sustain/build a robust p2p system which is what Bitcoin has.

There's no "law of the universe" that says CPU cycles must spin for useful computation to occur. Bitcoin's proof of work is a novel and brilliant solution to the problem of coin distribution and securing the block chain. But I think it would be naive to assume that it's the only method. Bitcoin showed that it was possible. Inspired by this, expect this wave of cryptocurrency evolution to surprise us with even more unexpected innovations.

[oakpacific]

The problem is how can you prove I am trying to be two validators?

I don't care. If you're being two solid, reliable validators, then that's great. That's twice as great. If at least one of them is crappy and unreliable, then why do I care that they're both you?

Say I only give one guy a false key, and if he's trying to accuse me then I can say everything including the supposedly signed ledger is made up by him, I can say I never produced such a thing, and the guy trying to accuse me is a fraudster himself.

This is actually a theoretically plausible attack currently. Thanks for noticing it. It's not difficult to fix -- we can either check the key with others (so we have others to establish he gave out the key) or we can force him to sign the key with a key traceable to him (say, issued by a CA).

It's not really relevant, you have to either trust a authoritative third-party or the people who transmitted this information to you, like the digital certificate of the website(PKI), forum on which your website address is published, or other Ripplers who told you where the validator's website is(web of trust). Most importantly, you can't prove I am cheating if I try to frame someone by claiming I received a copy of ledger signed with a different key from him, especially if I control more nodes than him(nowhere near 51%), which are not known to collude.

You're correct. We need an undeniable way to associate keys with the identities you trust. It's not difficult to do, it just needs to be done.

Actually, I would not suggest to use more than two identification tokens (a ripple account string, hotwallet address, and a validation key), at least the validation key(or the hash of it) should somehow be made a validating node's unquestionable first identity.

[JoelKatz]

Actually, I would not suggest to use more than two identification tokens (a ripple account string, hotwallet address, and a validation key), at least the validation key(or the hash of it) should somehow be made a validating node's unquestionable first identity.

I agree. That's a better solution. We have provable association between accounts and domains already. Thanks again. (We had discussed proof of stake for validators in the past, but we kind of forgot about it.)