tf2addict
|
|
July 22, 2018, 06:53:23 PM |
|
Do you need the source code of your bank before you can have expectations of how it works? Ok comparing Dero to federal licensed and insured banks is bordering on stupidity.
|
|
|
|
tf2addict
|
|
July 22, 2018, 06:54:09 PM |
|
Still waiting on team info. It's never going to happen.
|
|
|
|
MagicSmoker
|
|
July 22, 2018, 08:28:08 PM |
|
The way I read this is that even given the source code you still wouldn't trust that the binaries it produced are the same as the existing compiled binaries* so I am forced to conclude that nothing will satisfy you.
* - because apparently the golang compiler does not create bit-identical output when run on different machines despite bit-identical sources.
That would be about the size of it, though I already wrote as much in my initial reply to you on this topic. It should be a fairly uncontroversial concept (not sure why b9ron felt the need to push back), though not perhaps an obvious one, so I mentioned it in order to help readers better understand exactly where they are putting their trust. It's not a controversial concept, I just wonder what is the point of arguing about all the ways the source code could be compromised when, by your own admission, you don't trust any code you didn't write yourself? It's a bit of an ontological conundrum, really.
|
|
|
|
jopari
Newbie
Offline
Activity: 15
Merit: 0
|
|
July 22, 2018, 08:50:20 PM |
|
This is all ludicrous (if you don't like Dero, don't buy it; let people make their own decisions and take responsibility for them; and stop repeating tired FUD tropes!), and I don't know why I'm feeding the trolls, but... Do you need the source code of your bank before you can have expectations of how it works? Ok comparing Dero to federal licensed and insured banks is bordering on stupidity. This misses the point. The point is that you don't need their source code in order to trust the system (decentralized or not). The thing you need is the protocol. Almost all of what you need to write your own node software is public (and with the recent leak, you could easily figure out the rest). CryptoNote guarantees that no unmined coins were created, or double-spent, and so if you can validate the blockchain, then you can be confident that none of this bizarre FUD holds water. There is absolutely no evidence that Dero is a "scam". It would be a truly bizarre kind of scam if there were.
|
|
|
|
pegos
Newbie
Offline
Activity: 45
Merit: 0
|
|
July 23, 2018, 12:39:00 AM |
|
There is absolutely no evidence that Dero is a "scam". It would be a truly bizarre kind of scam if there were.
Agatha Christie ?? Dero is the best detective movie 2018 ... I like to watch it
|
|
|
|
0x000090
Newbie
Offline
Activity: 33
Merit: 0
|
|
July 23, 2018, 12:52:55 AM |
|
The way I read this is that even given the source code you still wouldn't trust that the binaries it produced are the same as the existing compiled binaries* so I am forced to conclude that nothing will satisfy you.
* - because apparently the golang compiler does not create bit-identical output when run on different machines despite bit-identical sources.
That would be about the size of it, though I already wrote as much in my initial reply to you on this topic. It should be a fairly uncontroversial concept (not sure why b9ron felt the need to push back), though not perhaps an obvious one, so I mentioned it in order to help readers better understand exactly where they are putting their trust. It's not a controversial concept, I just wonder what is the point of arguing about all the ways the source code could be compromised when, by your own admission, you don't trust any code you didn't write yourself? It's a bit of an ontological conundrum, really. I just made a pretty simple point in response to you, and then tried to explain it to b9ron, when he took issue with it. And I never even came close to saying I only trust code I wrote myself, not sure where you pulled that from.
|
|
|
|
wangxiaoyan888666
|
|
July 23, 2018, 01:22:31 AM |
|
DERO this coin can be held for a long time. The technical content is still very high. However, the overall market of the encrypted money market is rather sluggish. Investors need to be patient and wait.
|
|
|
|
Hueristic
Legendary
Offline
Activity: 3962
Merit: 5379
Doomed to see the future and unable to prevent it
|
|
July 23, 2018, 01:27:42 AM |
|
No even if you have all the code with all history of commits, if Monero servers are compromised with binary with a tiny backdoor or an tiny exploit hidden in it, it will be hard to find out unless devs reveal their binary were compromised.
Because even you'll have a fork of project even with the same arch, you could compile and still get a binary code different from official binary.
The only way to check if your binary isn't compromised is to review the code and compile yourself. Until this time you have to trust official binary with the official checksum provided.
Once again you don't trust the binary provided fine, come back further.
You should not be in this conversation as you have no clue what your talking about and in reality you are embarrassing yourself. There is no fucking such thing as a tiny exploit, Either the code is sound or it is not, Period. It is Boolean, true or false. There are 10 types of people in this world, those who understand binary and those who don't
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
b9ron
Jr. Member
Offline
Activity: 111
Merit: 1
|
|
July 23, 2018, 04:46:19 AM Last edit: July 23, 2018, 05:33:49 AM by b9ron |
|
No even if you have all the code with all history of commits, if Monero servers are compromised with binary with a tiny backdoor or an tiny exploit hidden in it, it will be hard to find out unless devs reveal their binary were compromised.
Because even you'll have a fork of project even with the same arch, you could compile and still get a binary code different from official binary.
The only way to check if your binary isn't compromised is to review the code and compile yourself. Until this time you have to trust official binary with the official checksum provided.
Once again you don't trust the binary provided fine, come back further.
You should not be in this conversation as you have no clue what your talking about and in reality you are embarrassing yourself. There is no fucking such thing as a tiny exploit, Either the code is sound or it is not, Period. It is Boolean, true or false. There are 10 types of people in this world, those who understand binary and those who don't kek, I wonder who is embarrassing himself right now. They have been tiny exploit hidden in Linux Kernel code in plain view to tons of reviewers and they didn't see it, why ? Because one character was misplaced and worked after compilation, thanks to C. That character misplaced was identified further like an Elevation Privilege Exploit. It's like in C if you forget parenthesis in some Macro you gonna fuck the calculus logic : #define SQUARE_A(x) x*x #define SQUARE_B(x) (x)*(x)
Replace x by 2+3, SQUARE_A will fail, not SQUARE_B. Now try to take a simple project in Go and compile it on different architecture and computer with and without cross compiler, and check the result. Even if you have 1:1 code you will never get the 1:1 binary code. There was never better place than 127.0.0.1
|
|
|
|
Slimdev
Newbie
Offline
Activity: 237
Merit: 0
|
|
July 23, 2018, 05:03:16 AM |
|
Transparent Dero pool with 24/7 support Features: - Mining to exchange - Workers - Adjustable instant payout levels - Email and telegram notifications - SSL
|
|
|
|
Dr.Lecter
|
|
July 23, 2018, 09:51:28 AM Last edit: July 23, 2018, 10:04:56 AM by Dr.Lecter |
|
Hello, i have downloaded Dero atlantis. and input file Database (~6GB) to folder mainnet. but when i run derod-linux-amd64, it is syncing very slow after ~2 hour, it synced ~100k block.
|
|
|
|
MagicSmoker
|
|
July 23, 2018, 10:01:55 AM |
|
I just made a pretty simple point in response to you, and then tried to explain it to b9ron, when he took issue with it.
And I never even came close to saying I only trust code I wrote myself, not sure where you pulled that from.
I inferred you don't trust code you didn't write from this comment: ... And the only way to change that, is to verify all the code (which as I have also pointed out, does not even suffice entirely, as you are still trusting that the code you see is what was actually running).
You say you don't trust entirely the code that has been leaked/revealed is the same as what is currently running and since the only way to be truly sure of that - without having to trust anyone else - is to have written the code yourself.
|
|
|
|
b9ron
Jr. Member
Offline
Activity: 111
Merit: 1
|
|
July 23, 2018, 10:03:54 AM |
|
Dero Atlantis is intended to work with SSD.
You can still launch it with the --badgerdb flag on a HDD, but you have to sync it from the first block.
|
|
|
|
scott d
Newbie
Offline
Activity: 200
Merit: 0
|
|
July 23, 2018, 10:40:30 AM |
|
Hi, If possible, use ssd and fast connection Hello, i have downloaded Dero atlantis. and input file Database (~6GB) to folder mainnet. but when i run derod-linux-amd64, it is syncing very slow https://i.imgur.com/DmFuzC5.pngafter ~2 hour, it synced ~100k block.
|
|
|
|
0x000090
Newbie
Offline
Activity: 33
Merit: 0
|
|
July 23, 2018, 10:57:42 AM |
|
I just made a pretty simple point in response to you, and then tried to explain it to b9ron, when he took issue with it.
And I never even came close to saying I only trust code I wrote myself, not sure where you pulled that from.
I inferred you don't trust code you didn't write from this comment: ... And the only way to change that, is to verify all the code (which as I have also pointed out, does not even suffice entirely, as you are still trusting that the code you see is what was actually running).
You say you don't trust entirely the code that has been leaked/revealed is the same as what is currently running and since the only way to be truly sure of that - without having to trust anyone else - is to have written the code yourself. I never said that -- nowhere have I suggested that the leaked code is not what is currently running on the network. It does not even make sense to suggest so, given that my point was first made before the leak had even occurred. You wrote that you had been pushing for source release "for the version of Atlantis which has been out for ~1 month", and I responded by saying it would be a problem if the commit history going back to the last public derosuite commit were not included, and that even if it was, it would still be problematic, given that git is not immutable. Please read again the hypothetical I gave using monero, to better understand my point; we are not concerned here with any code prior to dero's going closed-source, nor with the code in the leak, but rather the fact that there is no way to know what has been running on the network in the interim.
|
|
|
|
MagicSmoker
|
|
July 23, 2018, 11:21:31 AM |
|
... You wrote that you had been pushing for source release "for the version of Atlantis which has been out for ~1 month", and I responded by saying it would be a problem if the commit history going back to the last public derosuite commit were not included, and that even if it was, it would still be problematic, given that git is not immutable. ...
Okay, there was a slight misunderstanding, but not a major one. After all, you once again said that even if you had the commit history going back to the last public release of DeroSuite that you still couldn't be sure that the history hadn't been "revised," let's say, because git itself is not immutable. That really seems like you are saying you won't trust any code release, even if it includes all the commit history, version control, etc.
|
|
|
|
0x000090
Newbie
Offline
Activity: 33
Merit: 0
|
|
July 23, 2018, 11:43:33 AM |
|
... You wrote that you had been pushing for source release "for the version of Atlantis which has been out for ~1 month", and I responded by saying it would be a problem if the commit history going back to the last public derosuite commit were not included, and that even if it was, it would still be problematic, given that git is not immutable. ...
Okay, there was a slight misunderstanding, but not a major one. After all, you once again said that even if you had the commit history going back to the last public release of DeroSuite that you still couldn't be sure that the history hadn't been "revised," let's say, because git itself is not immutable. That really seems like you are saying you won't trust any code release, even if it includes all the commit history, version control, etc. That is accurate, and is an unfortunate consequence of dero having taken the code closed-source, which was just shortsighted and unnecessary. That action irrevocably shifted things from a "trust in the code" situation to a "trust in the team" one. Which itself is fine, so long as a person has a clear understanding that this is what they are doing.
|
|
|
|
MagicSmoker
|
|
July 23, 2018, 12:06:27 PM |
|
That is accurate, and is an unfortunate consequence of dero having taken the code closed-source, which was just shortsighted and unnecessary. That action irrevocably shifted things from a "trust in the code" situation to a "trust in the team" one. Which itself is fine, so long as a person has a clear understanding that this is what they are doing.
Shockingly, we are in at least partial agreement. In an earlier post to this thread I basically said you can have anonymous devs or closed source but not both.
|
|
|
|
0x000090
Newbie
Offline
Activity: 33
Merit: 0
|
|
July 23, 2018, 01:40:05 PM |
|
That is accurate, and is an unfortunate consequence of dero having taken the code closed-source, which was just shortsighted and unnecessary. That action irrevocably shifted things from a "trust in the code" situation to a "trust in the team" one. Which itself is fine, so long as a person has a clear understanding that this is what they are doing.
Shockingly, we are in at least partial agreement. In an earlier post to this thread I basically said you can have anonymous devs or closed source but not both. Yes, we are in agreement on that, it's my initial litmus test for any new project; if asked to choose between the two, I'll take the anon dev + open source scenario, as it's pure do-it-yourself (neither cheap nor easy to successfully bring suit against legal entities, let alone internationally).
|
|
|
|
CryptoJohnSmith
Newbie
Offline
Activity: 14
Merit: 0
|
|
July 23, 2018, 05:54:31 PM |
|
|
|
|
|
|