Feathercoin Advanced Checkpointing released today

[1PFYcabWEwZFm2Ez5LGTx3ftz]

"Solving" some security problems by using a centralized solution is not "solving" anything at all - it is returning to the old-fashioned model of PayPal, Liberty Reserve, and many other online financial systems.

I would like to point out that this was not implemented on a whim. There was a lot of discussions on how to prevent the 51% attacks, and this was the most widely accepted short term solution even though most were a bit uneasy about it. Once we find a better solution or FTC becomes big enough this will no longer be needed.

The current model of advance checkpointing is a temporary solution.

From feathercoin FAQ ( https://www.feathercoin.com/about/index.php ):

What is Advanced Checkpointing?

Advanced Checkpointing allows us to send out checkpoints without having to redistribute the Feathercoin software. This works by having a 'master node' which checkpoints each block it sees on the network protecting it from the attacker.

1. Who is "US"? What if "US" gets hacked/kidnapped/bribed/blackmailed/killed?
2. What if this "master node" gets hacked/stolen/nuked?

[1713873080]

1713873080

[1713873080]

1713873080

[1713873080]

1713873080

[1713873080]

1713873080

[Balthazar]

1PFYcabWEwZFm2Ez5LGTx3ftz, it was just an example. Of course, real attacker wouldn't submit the first checkpoint.
Your scenario is possible if there will be no another checkpoints node (i.e. #6).

But it IS possible now, right? Because there IS only one checkpointing node? Or did I misunderstand you?

And if there are more nodes, what's to stop the attacker from stealing them all?

Consider the example of Liberty Reserve - USA made a strike in 17 countries at once and shut it down. Why? Because there were some central-nodes/points-of-attack available.

"Solving" some security problems by using a centralized solution is not "solving" anything at all - it is returning to the old-fashioned model of PayPal, Liberty Reserve, and many other online financial systems.

You are understanding me right. It's impossible to run more than one such node without a full redesign of concept, because otherwise there will be a constant synchronization conflicts.

But there is a serious difference from RealSolid's trusted nodes approach. Checkpointing node is not a critical part of network. If server would be destroyed by aliens or ddos'ed, this won't event affect the network directly. Network will continue operation without checkpoints.

[1PFYcabWEwZFm2Ez5LGTx3ftz]

There was no shortage of people (including me) asking for ways to prevent the repeated attacks.

If that is true, then why it is not even mentioned in feedback.feathercoin.com? Who were these people "asking for it"? Why did they not ask for it publicly, that is in feedback.feathercoin.com ?

[1PFYcabWEwZFm2Ez5LGTx3ftz]

Network will continue operation without checkpoints.

Then why the f*ck are they needed at all???

This "feature" destroys the most fundamental part of any crypto-currency - decentralization. And now you are telling me, that it is not even necessary?

[Balthazar]

Then why the f*ck are they needed at all???

They prevents attacker from reorganize attempts, but only while function properly. I.e. 51% still could be executed, but this will require a ddos attack in addition to hashing power.

And now you are telling me, that it is not even necessary?

Yep. Network is able to work without checkpoints (scenarios #1 and #4 in my posts). Unlike trusted blocks, checkpoints are not a part of block chain. Actually, you can patch your client to remove this feature, and it will be compatible with the rest of network.

[1PFYcabWEwZFm2Ez5LGTx3ftz]

Yep. Network is able to work without checkpoints (scenarios #1 and #4 in my posts).

1. Without checkpoints, or with patched client:
1) 7 blocks found on the main chain;
2) attacker generates 8 blocks in offline, and then publishes his block chain;
3) 7 blocks from the main chain are getting orphaned and replaced by the 8 blocks, which generated by attacker;
4) the miners or a scam victims are crashing their heads against the wall.

You contradict yourself.

[1PFYcabWEwZFm2Ez5LGTx3ftz]

I just now realized, that the one defending this "feature" is Balthazar - the person who created (?) THE scam coin #1 - NovaCoin.

It is very sad. I honestly expected Feathercoin to become the first currency to integrate Zerocoin, and it would have become the most used currency after BTC and LTC... Instead, the creators chose to "integrate" centralization...

You killed feathercoin today.

[Balthazar]

Yep. Network is able to work without checkpoints (scenarios #1 and #4 in my posts).

1. Without checkpoints, or with patched client:
1) 7 blocks found on the main chain;
2) attacker generates 8 blocks in offline, and then publishes his block chain;
3) 7 blocks from the main chain are getting orphaned and replaced by the 8 blocks, which generated by attacker;
4) the miners or a scam victims are crashing their heads against the wall.

You contradict yourself.

There is no contradiction, just read carefully.

They prevents attacker from reorganize attempts, but only while function properly. I.e. 51% still could be executed, but this will require a ddos attack in addition to hashing power.

Network will be able to function, but becomes vulnerable to 51% attack. .

[Balthazar]

I just now realized

Slowpoke? Congratulations.

the one defending this "feature"

Again, read closely:

Actually I think that BC is nothing more than ugly workaround, sometimes that's required to function properly...

It's planned to drop synchronized checkpoints from NVC since 20 Nov 2013. Currently users are able to switch this option off manually, by using the command line parameters.

If you see any support or defence here, then you are an idiot.

THE scam coin #1 - NovaCoin.

NVC isn't more scamcoin than FTC or LTC. And you have nothing against this sentence.

[Magic8Ball]

There was no shortage of people (including me) asking for ways to prevent the repeated attacks.

If that is true, then why it is not even mentioned in feedback.feathercoin.com? Who were these people "asking for it"? Why did they not ask for it publicly, that is in feedback.feathercoin.com ?

This was one of the later threads https://forum.feathercoin.com/index.php?topic=1878.0

There were threads earlier than this around the time of the first attacks when the suggestions cropped up. The thread titles were differently named so you can do some digging to find out.

[ilostcoins]

Thanks again for all the detailed explanations.  

[Magic8Ball]

I just now realized, that the one defending this "feature" is Balthazar - the person who created (?) THE scam coin #1 - NovaCoin.

It is very sad. I honestly expected Feathercoin to become the first currency to integrate Zerocoin, and it would have become the most used currency after BTC and LTC... Instead, the creators chose to "integrate" centralization...

You killed feathercoin today.

It seems you are just trolling. Normally, if I get to learn something (and I learnt a lot from Balthazar's posts in this thread), I would be a bit respectful at the very least.

[1PFYcabWEwZFm2Ez5LGTx3ftz]

Network will be able to function, but becomes vulnerable to 51% attack. .

But I thought this was all done to protect against 51% attack?

[1PFYcabWEwZFm2Ez5LGTx3ftz]

It seems you are just trolling. Normally, if I get to learn something (and I learnt a lot from Balthazar's posts in this thread), I would be a bit respectful at the very least.

This was one of the later threads https://forum.feathercoin.com/index.php?topic=1878.0
There were threads earlier than this around the time of the first attacks when the suggestions cropped up. The thread titles were differently named so you can do some digging to find out.

No, I am not trolling. All new features are discussed and voted upon in feedback.feathercoin.com. It is the way to do it publicly. Discussing it in the forums is doing it privately. Besides, discussion doesn't mean that people want it. Voting for it in feedback section means that people want it. And how many votes did it get? ZERO. It didn't even get on the feedback ideas list.

I followed the ideas on feedback.feathercoin.com everyday, and there was no mention of any checkpointing, ever. This is completely out-of-the-blue for me (and I was the one who followed feathercoin progress), so what about people who were not following at all?

[1PFYcabWEwZFm2Ez5LGTx3ftz]

NVC isn't more scamcoin than FTC or LTC. And you have nothing against this sentence.

Was FTC premined? No.
Was LTC premined? No.
Was NVC premined? Yes. Not just premined, but half of the premined coins were given to an exchange so they would accept NVC into their exchange.

[Magic8Ball]

It seems you are just trolling. Normally, if I get to learn something (and I learnt a lot from Balthazar's posts in this thread), I would be a bit respectful at the very least.

This was one of the later threads https://forum.feathercoin.com/index.php?topic=1878.0
There were threads earlier than this around the time of the first attacks when the suggestions cropped up. The thread titles were differently named so you can do some digging to find out.

No, I am not trolling. All new features are discussed and voted upon in feedback.feathercoin.com. It is the way to do it publicly. Discussing it in the forums is doing it privately. Besides, discussion doesn't mean that people want it. Voting for it in feedback section means that people want it. And how many votes did it get? ZERO. It didn't even get on the feedback ideas list.

I followed the ideas on feedback.feathercoin.com everyday, and there was no mention of any checkpointing, ever. This is completely out-of-the-blue for me (and I was the one who followed feathercoin progress), so what about people who were not following at all?

Fair enough.

I have never been to feedback.feathercoin.com, oddly enough. I usually stay in the main board and occasionally visit others. On why checkpointing is not there, my guess would be it was pretty much decided long back. As I said, the thread I posted earlier was one of the later ones, and there were quite a few discussions in the earlier ones. The decision to go with it was taken quite a long time back (during the first attack), and I recall by and large most were in favour of it as a short term solution.

[1PFYcabWEwZFm2Ez5LGTx3ftz]

If the attacked gained control of this "master node", then he could scam the network, without even doing the 51% attack. Is this true or false?

Again, if this is so important, why were people not given a chance to know about it and vote for it?

[1PFYcabWEwZFm2Ez5LGTx3ftz]

On why checkpointing is not there, my guess would be it was pretty much decided long back.

It could be true, but it looks like it was not there, because if it was put to vote, nobody would vote for it. If you are honest about your idea, and honestly expect people to like it, then you would not mind putting it to a vote. The mere fact, that this was done secretly, and never put to a vote (that's why feedback section exists), is a huge red flag for me.

[atomicchaos]

It's a shame more people aren't voicing their concern about this. I would not put this level of control into any of the developers. They say it's a good solution, but yes, gaining control under the guise of security sounds vaguely familiar, doesn't it?

I held little trust for FTC, but this seals the deal.

[kneim]

Centralisation can only be temporary, for resisting attacks at the beginning. I have found no hint anywhere, how and when to temper this interim solution. This is a bad sign to me.