Bitcoin Forum
August 18, 2018, 01:15:26 PM *
News: Latest stable version of Bitcoin Core: 0.16.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Bad Code Has Lost $500M of Cryptocurrency in Under a Year  (Read 817 times)
BenOnceAgain
Member
**
Offline Offline

Activity: 210
Merit: 72

🌐 www.btric.org 🌐


View Profile WWW
February 26, 2018, 02:42:29 AM
Merited by nullius (5), DooMAD (2), achow101 (2)
 #41


One of the people who broke IOTA had some damning words for it, in “Cryptographic vulnerabilities in IOTA”:

Quote from: Neha Narula (2017-09-07)
You might think that IOTA, a cryptocurrency worth over a billion dollars, and working with organizations like Microsoft, University College London, Innogy, and Bosch, BNY Mellon, Cisco, and Foxconn (through the Trusted IOT Alliance) would not have fairly obvious vulnerabilities, but unfortunately, that’s not the case. When we took a look at their system, we found a serious vulnerability and textbook insecure code.

“In 2017, leaving your crypto algorithm vulnerable to differential cryptanalysis is a rookie mistake. It says that no one of any calibre analyzed their system, and that the odds that their fix makes the system secure is low,” states Bruce Schneier, renowned security technologist, about IOTA when we shared our attack.

Anybody who buys into such ill-conceived crypto-junk as IOTA deserves to lose their money, on grounds of foolishness.

My view: I am far from an expert on cryptography but I will say this, cryptocurrency depends on rock-solid, secure cryptography.  It is exactly where the trust is placed in an electronic money system. By removing it from governments/banks (who don't deserve it regardless), and instead trusting the software and the network it defines (not individual nodes, per se), you must have an extremely robust cryptographic algorithm and you also must be prepared to change it quickly should it ever prove to have a previously unknown weakness.  As far as I'm concerned that should be common sense.  I don't know precisely what happened with IOTA but I have read a little bit about it and I'm not sure why the currency continues to circulate given what I do know.  I guess too many people had invested into it by that point, which is more a political reason for continuing to exist rather than anything based on technical merit or the capability of the system.  I'm not sure why the IOTA people thought it was a good idea to throw in some untested cryptography, but that seems like a very amateur thing to do.

I agree that when people make a bad investment they deserve to lose their capital provided it wasn't outright fraud and that it is absolutely crucial to do your own research.  I do think that the bar should be lower than having to be a cryptographer, especially as crypto assets are more widely adopted.  Governments will seek to "protect" consumers to the extent they are able to.  I use quotes around the word protect because I disagree with a few things concerning the current direction that regulation of crypto assets seems to be taking.  I believe, in general, that cryptocurrencies should be treated as a currency, not as an investment asset class.  I think eventually that will shake out, but governments have a habit of doing all of the wrong things before finally doing the right one, so it does concern me.


As these events occur again and again we get to reflect on code developers and their skills.  Should they even be allow to release these coins?

Who’s going to stop me from releasing code?  You?  Some government?

N.b. that anybody who could forcibly stop code monkeys from releasing bad code would also have the practical power to ban Bitcoin.

...

Well, next time somebody tries to argue with my statement that 99.9% of altcoins an 100% of ICOs are pure make-money-fast scams—may I refer to your above statement?

I agree that many, most, of ICO/ITO projects just seem to be a money grab.  I think that's reflected in the high rate of failure and fraud.  I believe it has a potential for a  promising future method of raising funds for legitimate projects, but I believe the market should really be discerning about what projects people choose to invest in and that there should be some standard way to evaluate these projects.  Not mandated by some government but instead expected by the market.


It’s all about the right tool for the job.  Simplicity is domain-specific, with very particular requirements.  The code used for creating Simplicity will inherit some second-order version of the same requirements.

Whereas for general-purpose programming, my own point was that there is no magic bullet.  If some Haskell experts think that Haskell is the right tool for their job, then they will probably get good results.  But their results will not necessarily be superior to those of C++ experts writing C++.  More to the point, Haskell would not be a magic bullet for fixing the trash code churned out by idiots; and on the flipside, there is no sound reason for, say, Core to switch to Haskell.

I observe, Simplicity will not be able to prevent people from writing insecure smart contracts.  Again:  No magic bullet!  Its purpose is to let smart people formally verify their contracts.

Thank you for the link to that white paper.  Simplicity looks to be a substantial improvement over Solidity in terms of being able to implement a smart contract that is secure.  I agree that an individual contract is only as secure as the contract code.  But as far as Solidity goes, it has a funny name now that I think of it, because it seems anything but solid.  I really wanted it to be everything I thought it could when I first read about it, but it really "feels" fragile.  Maybe it's because of all the horror stories I've read about it.  But I don't think so.  I don't know how to describe it except to say it just doesn't have the rock-solid stability that one would expect from a scripting language that controls billions of dollars of underlying value.  I could be wrong, but usually when I am using a piece of tech and it doesn't have the right feel to it (that's really the only way I can succinctly describe it), it ends up being a dud.


Most of the Bad code is a result of companies using proprietary software. In the Open source environment, proper Peer review are done, before the code is submitted and applied. Some of these companies are in such a rush to be "first to market" that they skip beta testing and review. They want to be "first to market" and then patch like cowboys in a live environment.  Angry

This is why Bitcoin is so secure. Nothing is rushed, proper testing is done on a TestNet and submitted for Peer review.

Open source is not a magic bullet, either.  You didn’t say as such—but many people do.  Thus why I added boldface to the important parts, which are facilitated and enabled by open source.

We saw what happened with rush implementation with Bitcoin XT.  Roll Eyes

XT had severe bugs in its wetware layer.


On the other hand, I could say that people/users can be blame too for this inexplicable continuous hacking & bad news. Why?
Simply because most of them don't want projects that are slow on production. They only think about the "hype" without realizing that there is a proper flow for conducting new features. They passively pushes the developers/coders to do an early releases that have greater chances for bugs and errors. This is a very common thing on some projects here in bctalk  Wink

This is what RISKS-subscriber types used to call “dancing pigs”.  People will not pay for correct, reliable, secure things.  People will not wait for them, either.  They want their dancing pigs, and they want them now!


And in crypto pretty much every bit of code is critical while most devs still seem to be in happy-go-lucky start-up land, instead of in finance.

Your post gave me an inspirational idea.  Would having programmers who previously worked for banks be preferred since they'll be particularly aware and sensitive to the nature of finance?

Banks’ code quality is oftentimes abysmal.  Of course, it depends on the institution—and such questions as, consumer banking vesus institutional investment.  But overall, I think that much banking code is “WTF”-riddled stuff which ultimately relies on transactions being revocable.  At best, you can’t rely on code being good just because it’s from a bank!

Moreover, persons from banks have been immersed in an institutional culture which is inimical and antithetical to the culture of Bitcoin.  Individuals will differ, of course; but I’d start out wary of anybody who had worked for a bank.

Ultimately, with people as with languages, there is no magic bullet.  If you look to the backgrounds of the best (non-anonymous) Core developers, I think you’ll find some vast differences.  So as for past history.  The common factor in the present is that they are smart, serious, responsible people who are devoted to Bitcoin.  In some cases, zealously.

I agree that proprietary code quality is often horrible, especially banking.  My experience with banking code, like many other internal systems, is that it has been adapted and hacked and made to "work" with the digital equivalent of duct tape and bubble gum.  And that's on a good day.  More recently, there are banking systems that have resulted from merger after merger after merger of smaller banks into the large behemoths we have today that are reliant on code that has been in place for at least a decade.  No one dares to touch that code because if they do, they will break 500 things that you'd never expect have some dependency on this swiss-cheese like construct.  Most of my experience in this comes from commercial banking as opposed to investment banking, perhaps it's more cohesive over there?  But I doubt it.  Like any business, banks do not upgrade their systems and proprietary systems are among the worst from a "wtf how is this even working" perspective.  I mean, I am sure there are great coders in the banking business.  But they are the exception, not the rule.

Open source is NOT a magic bullet, as you said, it is more the peer-review and intensive testing process that creates quality code.  If I was writing code, especially something that represented money, or votes, or peoples health, I would want it to be widely tested.  Hack it, find the flaws, let's really make sure this code is resilient.  The best open source projects have this.  Too many, however, are missing crucial parts of the team or infrastructure to carry this out, or sometimes even the knowledge and understanding that this is a must for any code to be used in production.  People thinking they can just throw something together and hope for the best, when you're dealing with something like digital money, is highly irresponsible.

I also admire the zealousness of many of the Bitcoin Core team, those that I know of.  They are a big reason, to me, as to why Bitcoin is something I know deserves more trust than any of the altcoins.  Personally, I am a person that is passionate about the projects I take on and when I see that passion emanating from other people about their projects, it resonates with me.  Bitcoin is not perfect and certainly, it has evolved over time and will continue to do so.  But everything I have observed about the people that are part of Core, their writings on the listserv and discussions on GitHub, etc., shows me that they take their responsibility very seriously.  At least to me, that is a very important and crucial distinction between Bitcoin and 99.9% of the altcoins.


Also regarding the "wild west", regulations will be happening.  They already are in some legal jurisdictions.

Good luck regulating me.  Or discerning which jurisdiction I am in.

Bitcoin is cypherpunk money.  Though I am sensitive to needs by others to comply with legal régimes, I am fundamentally opposed to any Bitcoin “regulation” of any kind.  Also, I myself will always ignore it in my personal affairs.

Moreover, regulations don’t work.  Highly regulated fields such as (cough) government and military contract work do tend to be bug-riddled abominations.  Banking code in many cases, as aforesaid.  Healthcare-related code, quite often.  And transportation...  Everything is broken.  Regulations don’t fix it.

Another area that needs a close look is the way that KYC is conducted in ICO/ITO offerings.

I have an easier solution:  Don’t ever do “KYC”.  Avoid anything and everything which requires it.

For Bitcoin-related purposes, I have never submitted to any “KYC” identity-rapeNo, really.  Nobody’s records show I own even a single satoshi—“nobody’s”, as in “nullius”.

Oh—you said “ICO”.  Well, those are scams which should be avoided, regardless.

I agree that staying under the radar of regulations is an ideal scenario when that can be done.  However, that is not possible in all circumstances.  Fiat/crypto exchange (besides P2P cash) is very difficult, for example, without a relationship with an entity subject to KYC regs (at least in the US).  And for the foreseeable future, fiat/crypto conversion will be necessary for adoption.  

Regulations rarely do anything useful, I agree with that.  The thing about regulations that I know from a lot of experience with regulators is that it is much better to work with them than to ignore them and/or fight them completely.  Regulators often will defer to industry when they come together with a reasonable and workable solution to whatever the issue at hand is.  When this doesn't happen, the regulators decide on their own how best to handle the situation.  Or even worse, other interests chime in with their view and that becomes the model adopted by the regulators.  Right now crypto is around $450 billion USD in total market capitalization.  That's just a little under the market capitalization of Facebook, one company.  We know this is going to grow, and in my view, market capitalization isn't really a good metric to measure currencies, but it's quick on Google.  However, once crypto assets really start to bite into bank profitability, you better believe that they will be whining to the regulators to tighten the screws.  I believe that businesses in the cryptocurrency field need to be paying close attention and be prepared to work with regulators instead of letting them run the tables.

As far as ICOs go with KYC, I don't blame you for not giving out your information.  It's dangerous.  Losing the money you'd invest is bad enough, but having your identity stolen is just as bad, if not worse in many cases.  If ICOs are ever going to get away from the fraud aura, they need a way to be conducted legally without the extensive KYC information disclosed.  I can go on eBay and buy something right now from a stranger and, yes, they do get my address, but that's only because they're shipping me something.  I think there can be a better way to do KYC in the crypto realm.  The set of circumstances are very different between me going into a bank to open a bank account or opening an investment account online and deciding to invest in an ICO.  I can buy shares of stock without giving them a picture of the front and back of my passport and a selfie holding it up next to my face.  Why should it be any different from that?  I have some ideas to make KYC more safe and secure, ticking them around in my mind at this point.

Anyway, thanks for good things to think about.  I appreciate it.

Best regards,
Ben

1534598126
Hero Member
*
Offline Offline

Posts: 1534598126

View Profile Personal Message (Offline)

Ignore
1534598126
Reply with quote  #2

1534598126
Report to moderator
1534598126
Hero Member
*
Offline Offline

Posts: 1534598126

View Profile Personal Message (Offline)

Ignore
1534598126
Reply with quote  #2

1534598126
Report to moderator
BOUNTY PORTALS
BLOG
WHERE BOUNTY MANAGEMENT
MEETS AUTOMATION
SIGNATURE CAMPAIGNS
TWITTER
FACEBOOK
MEDIA CAMPAIGNS
AND MORE!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1534598126
Hero Member
*
Offline Offline

Posts: 1534598126

View Profile Personal Message (Offline)

Ignore
1534598126
Reply with quote  #2

1534598126
Report to moderator
nullius
Copper Member
Full Member
***
Offline Offline

Activity: 168
Merit: 743


Help! I’ve got the Pleurodelinaemia! @nym.zone


View Profile WWW
February 26, 2018, 05:49:52 AM
Merited by TMAN (10), achow101 (2), LoyceV (1)
 #42

My view: I am far from an expert on cryptography but I will say this, cryptocurrency depends on rock-solid, secure cryptography.  It is exactly where the trust is placed in an electronic money system.

It’s sad how few people understand this.  Bitcoin is not merely a new mechanism of transmitting money:  It is a radically (from radix = [at the] root) new and different kind of money.

This misundersanding also explains why so many people parrot “vires in numeris” who neither speak Latin, nor use PGP, OTR, etc., etc. to secure their communications.  Uptake of crypto in the cypherpunk sense is abysmal amongst people who talk about “cryptos” all day.

And apropos the topic, I think you’re right:  This lack of fundamental comprehension has serious consequences when people who do not get it set their hands to “cryptos”, whilst neither undersanding nor caring much for the crypto.  Bitcoin requires a new mindset.  To handle it, you must understand on a very deep level that mathematical algorithms rule as by divine right.  There is no higher court of appeal, no chargeback, no kill switch—nothing to help you if you muss the maths, lose your secret keys, etc.

If you get that, then you will pay careful attention to the quality of your code.  Also, you will much respect Core—because they get it, too.  And if you dare to make your own currency, you will not start by designing your own hash function as IOTA did!  That really wrecks any credibility they ever had.

I don't know precisely what happened with IOTA but I have read a little bit about it and I'm not sure why the currency continues to circulate given what I do know.  I guess too many people had invested into it by that point, which is more a political reason for continuing to exist rather than anything based on technical merit or the capability of the system.  I'm not sure why the IOTA people thought it was a good idea to throw in some untested cryptography, but that seems like a very amateur thing to do.

As for the latter bolded part:  I don’t see “amateur”.  I see PHB + NIH.

Come on.  We’re the big boys.  Microsoft is involved—you know, the company which does \ instead of / as a directory delimiter.  For our billion-dollar cryptocurrency, we will do innovation!  We don’t just use a commercial off-the-shelf hash which everybody else has.  We have our own hash!  The boss says so.

Ben, you speak of some experience in that world.  Did I approximately describe an amplified version of a scene you’ve seen play out a thousand times?

...also above:  The former bolded part hit the nail on the head—perhaps (?) more than you intended.  “political reason... rather than anything based on technical merit”  Cf. later in your post:

...once crypto assets really start to bite into bank profitability, you better believe that they will be whining to the regulators to tighten the screws.

With due apologies to some folks here, there is more than one way to skin a cat.  The “problem” you state is addressed not only by potential regulation, but also by misappropriation (plus other means).

Strictly speaking, I am on a topical tangent from this thread.  But this issue is on-topic anywhere Bitcoin is discussed; and it does pertain to the crypto-fail in IOTA.  Why would the PHB demand a NIH hash, presumably for marketing purposes, without even a slight standard of care about the potential consequences?  Because the purpose of IOTA is not to make a real cryptocurrency.

A truly great idea which could change the world can only be stopped by twisting and distorting it.  This has happened repeatedly in history.  Bitcoin is an idea of such historic magnitude.  I here sketch a multi-pronged distortionary attack on Bitcoin:

  • Misappropriate and dilute the Bitcoin brand.  Scamforks.  Btrash is the biggest right now.  See also a long list from “BIP 100” to XT to S2X to Bitcoin Super Plutonium With Ponies.  The long-term fork wars with repeated coup attempts.
  • Misappropriate and dilute the concept of a “cryptocurrency”, level 0.  IOTA, Ripple, and other attempts to make “cryptocurrency” mean a centrally controlled Visa/Paypal 2.0.  Distort, dilute, and thus destroy.  Some have the magic pixie dust of “blockchain” sprinked on them.  Others (such as IOTA and Ripple) are “better than blockchain”.  All are only means to the same end:  Attack the radical concept of Bitcoin at its root; and meanwhile, shear the sheep for lots of money.
  • Misappropriate and dilute the concept of a “cryptocurrency”, level 1.  Not done by the “big boys” themselves, but certainly beneficial to them.  Scammers pumping low-quality altcoins and ICOs are tarnishing the public name and image of a “cryptocurrency”.  Let them run amuck for awhile.  Wait for people to cry out for some “consumer protection” after they got swindled by the same scum who have spammed this forum to near-uselessness.  Paint Bitcoin with guilt-by-association in the media—how often do you see “Bitcoin” and “ICO” mentioned in the same breath, discussed in the same article, when they are not even remotely related?  Then ride in as a knight in shining armour to protect Da Peephole from the Wild West of “Cryptos”.

I could probably list more, even draw a full taxonomy.  But that will suffice for the here and now.

There is only one Bitcoin.  Out of close to a thousand active altcoins, the alts which are even interesting (let alone viable) can be counted on the fingers of one hand.  Even for the good ones, most of them will probably wind up with their best concepts integrated into sidechains whenever Bitcoin finally gets a viable decentralized/trustless pegged sidechain/drivechain implementation on mainnet.  That is, if their innovations aren’t simply copied (and improved) into Bitcoin directly.  (The only things I think couldn’t be handled that way would be either a viable replacement for the Hashcash-style PoW system for BFT transaction ordering, or something which radically changes the economics of the currency.  Thus far, all such ideas on both points are either half-baked, or actively harmful.)


(Addressing same post; but using a divider between major concepts.)


Thank you for the link to that white paper.  Simplicity looks to be a substantial improvement over Solidity in terms of being able to implement a smart contract that is secure.  I agree that an individual contract is only as secure as the contract code.  But as far as Solidity goes, it has a funny name now that I think of it, because it seems anything but solid.  I really wanted it to be everything I thought it could when I first read about it, but it really "feels" fragile.  Maybe it's because of all the horror stories I've read about it.  But I don't think so.  I don't know how to describe it except to say it just doesn't have the rock-solid stability that one would expect from a scripting language that controls billions of dollars of underlying value.  I could be wrong, but usually when I am using a piece of tech and it doesn't have the right feel to it (that's really the only way I can succinctly describe it), it ends up being a dud.

Ethereum has a deeper problem:  Bolting a Turing-complete VM onto a blockchain and painting it over with a Javascript-style language is manifestly irresponsible as anything other than a research project (i.e. not as “money”).

Satoshi was extremely conservative in his design of Bitcoin script:  A simple stack language with no loops, etc.  Even so, a bunch of opcodes had to be hurriedly disabled in early versions—and we got the notion of “standard scripts” tacked on for extra protection against footguns (and to some degree, malice by anybody who isn’t a miner).  For money-handling on a blockchain, this is responsible behaviour.  Rome wasn’t built in a day; and if we want more powerful smart contracts, we need to let the maths wizards grind the problem for awhile.

But Vitalik knows better:  Give us a system wherein we can prove neither the correctness of the VM, nor the correctness of the compiler which emits VM opcodes, nor the correctness of the code fed to the compiler.  We don’t really know what it does in all possible cases; but, who cares what it really does?  Then, etch the results into a blockchain forever—or until Vitalik commands otherwise.

(I keep hitting only that one issue, because ETH is so disastrous I started tuning out its news awhile ago.  Yes, I heard about that mountain of money lost to a deleted library, etc.)

Wetware problem:  Try explaining this problem in non-technical terms to a non-engineer.  I know of intelligent people who do ETH.  I don’t really blame them.  They never even heard of most of the jargon I used above.  I myself barely know enough about computer science concepts to grasp why Ethereum is a very bad idea.  And ETH has some slick marketing, plus a big boost from the pathogenic viral marketing of “token”-pushing spammers who need it hyped so they can run their P&D scams on this forum.



Banks’ code quality is oftentimes abysmal.  Of course, it depends on the institution—and such questions as, consumer banking vesus institutional investment.  But overall, I think that much banking code is “WTF”-riddled stuff which ultimately relies on transactions being revocable.  At best, you can’t rely on code being good just because it’s from a bank!

Moreover, persons from banks have been immersed in an institutional culture which is inimical and antithetical to the culture of Bitcoin.  Individuals will differ, of course; but I’d start out wary of anybody who had worked for a bank.

Ultimately, with people as with languages, there is no magic bullet.  If you look to the backgrounds of the best (non-anonymous) Core developers, I think you’ll find some vast differences.  So as for past history.  The common factor in the present is that they are smart, serious, responsible people who are devoted to Bitcoin.  In some cases, zealously.

I agree that proprietary code quality is often horrible, especially banking.  My experience with banking code, like many other internal systems, is that it has been adapted and hacked and made to "work" with the digital equivalent of duct tape and bubble gum.  And that's on a good day.  More recently, there are banking systems that have resulted from merger after merger after merger of smaller banks into the large behemoths we have today that are reliant on code that has been in place for at least a decade.  No one dares to touch that code because if they do, they will break 500 things that you'd never expect have some dependency on this swiss-cheese like construct.  Most of my experience in this comes from commercial banking as opposed to investment banking, perhaps it's more cohesive over there?  But I doubt it.  Like any business, banks do not upgrade their systems and proprietary systems are among the worst from a "wtf how is this even working" perspective.  I mean, I am sure there are great coders in the banking business.  But they are the exception, not the rule.

I want to quote more of your post.  I urge others to read this post carefully.

What most people do not realize is that “the digital equivalent of duct tape and bubble gum” is holding together most of the modern world.  I’ve long held that anybody who actually understands computers, will refuse to use today’s existing computers (unless slightly crazy—which I guess includes me).  Unplug, drop out, and go live in the middle of the woods somewhere.

Human beings know how to build correct, reliable computing machines.  I’ve read of fully redundant systems which could lose a CPU any time without blinking, capability-based research systems, etc., etc....  But all that is too expensive, plus too slow to bring to market.  People want their Dancing Pigs and their Cryptokitties.  Thus, we get everywhere the computing equivalent of Ethereum.  Who wants to wait for research like Simplicity before running a hot new ICO?

It’s the same with buildings.  Once upon a time, a cathedral would have its foundations laid by workers who cherished the faith that their grandchildren may live to see spires rise to the sky.  Nowadays, having forsaken cathedrals to please gods, all the world’s a goddamn bazaar:  A pile of cheap shacks and stalls thrown up in a hurry so that idiot masses and idiot plutocrats alike can hawk their baubles to their fellow idiots.  Shiny!  Needs a bounty ANN thread.  As the wetware degenerates itself in a negative feedback loop, we soon find empirical proof for a principle well-known to philosophers since the beginning of time:  Ochlocracy equals kakocracy.  —  Ergo, “regulations”.

Oh, by the way:  In case nobody noticed, if I support Core, that means something.  (In the long term, I would like to see some old, Satoshi-era design flaws fixed—most of all, the marriage of the wallet to the node, which makes it impossible to separately sandbox the two functions in different processes with different capabilities.  But even meanwhile, I am more comfortable trusting Core with the world’s new money than I am with 99.9% of the broken computer stuff I am forced to use if I don’t want to unplug as I said above.)

I also admire the zealousness of many of the Bitcoin Core team, those that I know of.  They are a big reason, to me, as to why Bitcoin is something I know deserves more trust than any of the altcoins.  Personally, I am a person that is passionate about the projects I take on and when I see that passion emanating from other people about their projects, it resonates with me.  Bitcoin is not perfect and certainly, it has evolved over time and will continue to do so.  But everything I have observed about the people that are part of Core, their writings on the listserv and discussions on GitHub, etc., shows me that they take their responsibility very seriously.  At least to me, that is a very important and crucial distinction between Bitcoin and 99.9% of the altcoins.



I agree that staying under the radar of regulations is an ideal scenario when that can be done.  However, that is not possible in all circumstances.  Fiat/crypto exchange (besides P2P cash) is very difficult, for example, without a relationship with an entity subject to KYC regs (at least in the US).  And for the foreseeable future, fiat/crypto conversion will be necessary for adoption.

Moreover—I will admit that overall, I have lost more money than I still have due to my demand for adequate privacy.  That’s neither practical nor sustainable for anybody.

Improvements are certainly necessary.

Regulations rarely do anything useful, I agree with that.  The thing about regulations that I know from a lot of experience with regulators is that it is much better to work with them than to ignore them and/or fight them completely.  Regulators often will defer to industry when they come together with a reasonable and workable solution to whatever the issue at hand is.  When this doesn't happen, the regulators decide on their own how best to handle the situation.  Or even worse, other interests chime in with their view and that becomes the model adopted by the regulators.  Right now crypto is around $450 billion USD in total market capitalization.  That's just a little under the market capitalization of Facebook, one company.  We know this is going to grow, and in my view, market capitalization isn't really a good metric to measure currencies, but it's quick on Google.  However, once crypto assets really start to bite into bank profitability, you better believe that they will be whining to the regulators to tighten the screws.  I believe that businesses in the cryptocurrency field need to be paying close attention and be prepared to work with regulators instead of letting them run the tables.

It is this generalized wetware bug which Bitcoin could solve in the long term, in matters of money.  The question is whether wetware will run Bitcoin, or demand instead its Dancing Pigs and Cryptokitties.



There is much more in your post to which I wish to reply.

Thanks for writing.  Cheers.

[Although I can’t very well add major substance which few people would see, this post may be occasionally edited.  It’s rather rough.  if (error && errno == ENOTIME) { post_now(); return; }]

zonezICO
Newbie
*
Offline Offline

Activity: 13
Merit: 1

Trying to help independent musicians and artists


View Profile WWW
March 03, 2018, 02:13:53 PM
 #43

@nullius @BenOnceAgain

Thanks for opening up my eyes to the pitfalls of KYC for investors.  With that being said, for any company looking to do business in the US, it would be extremely RISKY to NOT do KYC as you're basically just asking for trouble from the SEC as they want to prevent money laundering.  Please dont shoot the messenger here but until there are more defined rules, KYC imo is a must for anybody doing an ICO and planning on doing business in America unless you'd like to have a morning wakeup knock on the door. 

Now, if a company wants to try and do some offshore type structure to get around the SEC, I think you're still asking for trouble if you're ultimately going to be doing biz in US.  Much better to upfront and transparent about it.

I'd be interested to learn what technologies/safeguards could be used to make KYC more secure though as you all brought up very good points and valid concerns that I haven't heard anybody else discuss online.

Startup helping indie musicians/artists
yg10
Jr. Member
*
Offline Offline

Activity: 80
Merit: 0


View Profile
March 04, 2018, 07:39:15 AM
 #44


Bitcoin Core is the gold bitcoin standard for reliable Bitcoin software.  It is written (primarily) in C++.  Programmers such as gmaxwell, sipa, and others who write excellent code for this project have no need to switch to another language, unless they find technical reasons which would make another language a better tool for the job.  Also, they have no need to be taught “certain practices”—whatever they do, it is evidently working.


Yes this is a great code (not speaking about underlying mathematics).
Funny that  on this board exists the thread https://bitcointalk.org/index.php?topic=2990217.0 started by the person who could not read the code of bitcoind.
 
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!