Bitcoin Forum
December 12, 2024, 05:29:12 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 [84] 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 ... 200 »
  Print  
Author Topic: [SKY] Skycoin Launch Announcement  (Read 381589 times)
psybits
Legendary
*
Offline Offline

Activity: 1386
Merit: 1000



View Profile
February 12, 2015, 05:30:43 PM
 #1661

Can someone tell me in a few sentences where we are at?

How is the IPO being run and what is the status of accessible Windows and Linux wallets?
cryptrol
Hero Member
*****
Offline Offline

Activity: 637
Merit: 500


View Profile
February 12, 2015, 08:08:54 PM
 #1662

Can someone tell me in a few sentences where we are at?

How is the IPO being run and what is the status of accessible Windows and Linux wallets?

IPO didn't start AFAIK.
Wallets are not functional ATM (software is not finished yet).
reverse02
Member
**
Offline Offline

Activity: 86
Merit: 10


View Profile
February 13, 2015, 10:21:21 AM
 #1663

great post!
illodin
Hero Member
*****
Offline Offline

Activity: 966
Merit: 1003


View Profile
February 13, 2015, 10:28:58 AM
 #1664

woah... I just hope I don't get a visit from the guvthugs just for reading that.
altcoinUK
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
February 13, 2015, 10:56:21 AM
 #1665

Thanks for the very interesting update! In one Skycoin dev post has more substance and novel idea than in the whitepapers of all altcoins/projects combined including NXT, DRK, Supernet and all other existing shit.
I been telling you all here for long this man, the Skycoin developer is exceptional. Based on his input in this thread over the last year he deserves the funding and the support of the community.
illodin
Hero Member
*****
Offline Offline

Activity: 966
Merit: 1003


View Profile
February 13, 2015, 11:45:26 AM
 #1666

I cant rule out putting up the Skycoin bot and then five minute later someone looting all the coins with an exploit. It is impossible to rule out and it is almost certain that such an exploit exists. Instead of finding and fixing exploits like this, we need to determine the preconditions that rule them out. I do not believe that it is currently possible to store coins in an online wallet without them eventually being stolen.

If you create a paper wallet being offline the whole time and just track the transactions to that address isn't that safe?
BlackShibe1
Sr. Member
****
Offline Offline

Activity: 260
Merit: 250


View Profile
February 13, 2015, 01:38:19 PM
 #1667

Excuse me but what happen if something happen to you and the 98% coins

Lisk.
    Develop Decentralized Applications & Sidechains in JavaScript with Lisk!
    Website | Blog | BTT Thread | Chat - Be part of the decentralized application movement!
illodin
Hero Member
*****
Offline Offline

Activity: 966
Merit: 1003


View Profile
February 13, 2015, 01:50:47 PM
 #1668

Excuse me but what happen if something happen to you and the 98% coins

Yeah what if someone accidentally all the coins
Lordoftherigs
Sr. Member
****
Offline Offline

Activity: 313
Merit: 250


View Profile
February 13, 2015, 02:24:14 PM
 #1669

Excuse me but what happen if something happen to you and the 98% coins

Then the skycoins in circulation become 50 times more valuable  Grin
Tobo
Hero Member
*****
Offline Offline

Activity: 763
Merit: 500


View Profile
February 13, 2015, 03:22:56 PM
 #1670

- Choose a memory safe subset of LLVM IR. This should be the standard for executables and be flexible for compilation to a variety of new CPU/GPU architectures. Linux equivalent of Microsoft's CIL specification.
- Implement a virtual machine/emulator for a simplified x86/x64 instruction set that is memory safe.
- Prototyping new CPU architectures on FPGA, building simulators, testing framework and bench-marking (eventually, but first target is ARM, x64)
- Push as much out of the kernel as possible into user space.
- Create memory safe version of C and compile all of linux against it, with a new compiler. Must achieve deterministic builds.
- Achieve deterministic builds for all linux packages in debian with the above method. Without deterministic builds we cannot confirm that the build servers are not adding backdoors into packages.
- Moving away from monolithic computing architectures. CPU/RAM should be a unipro module. Sound card should be a unipro module. Networking card should be a unipro module. GPU should be unipro module. USB interface should be a unipro module. We need to compartmentalize hardware to avoid DMA and guarantee security of the platform even if individual chips or firmware is backdoored. The current CPU architecture allows firmware from the bios, hard disc, networking, graphics card or sound card or USB controller to overwrite the kernel with DMA access. this needs to end. This has added advantage of being able to just add more CPUs or GPU units by popping in more modules. The baseboards for unipro for ARA are almost here.
- the modules are also good because we can put them inside of block of aluminum to control tempest emissions and have immersion cooling.
The above is required for a secure computing platform. This is a two to four year project. Realistically fifteen years. I am not doing the coding, but know very good people who can staff some of the sub-projects. Writing C compiler and the LLVM virtual machine, I know someone who can do that very well.

Talking about a new CPU structure, I wonder if you are interested the Jinn project (a modern ternary general purpose processor) which CfB is working on -
https://nxtforum.org/news-and-announcements/(ann)-jinn/
https://nxtforum.org/jinn/


Quote
Jinn processor is a bunch of independent cores. A piece of code (entity) running on a core does some computations and can interact via messages with other entities running on other cores. A single task may require to send millions messages between thousands entities. In some cases the order of these messages doesn't matter, in some - does.

If we set a strict order of the interactions then we may lose concurrency and in the worst case a processor with 1000 cores will utilize only 1 core at a single moment of time. On the other hand, it's very hard (if possible at all) to split a task into pieces of code that can run in any order. Jinn provides a way to set the sequence of interactions within desirable limits. Some interactions may happen in random order, some may wait for special conditions. This is one of the main contracts of Jinn - to ensure a particular order of interactions within a single processor box and among several processors working in tandem all over the world.

There were math co-processors speeding up floating-point operations in the past. Now we have GPUs that are used to render 3D scenes. Jinn has its specific usage too, it's designed to lower interaction latency of distributed computations
LemonAndFries
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


View Profile
February 13, 2015, 05:12:29 PM
 #1671

Well at least I respect the fact that dev is working hard to get all that BTC for just 2% of coins.

At least he is working hard for the money, but the 98% IPO is still not a good idea just because dev posted an essay long post.

Holding 98% of all coins goes against the spirit of crypto coins and dev should know this better than anyone if he really intends to change the game.

A lot of us are here to help out projects and hopefully one of these projects will in turn help out the world's population economically, not just to hedge off profits.
Bitseed
Member
**
Offline Offline

Activity: 97
Merit: 10


View Profile WWW
February 13, 2015, 06:26:58 PM
 #1672

If people don't see this obvious scam, they deserve to lose money. What a joke "1000 BTC is nothing" my arse. Lets downplay how much we're ripping people off so we can buy a new sports car.

Things I don't like :

- Failure to communicate (this thread is the only source of information), opacity. No need for this.
- 1 anonymous dev : Despite the random use of "us" in the posts it seems clear that you are alone developing this coin.
- No roadmap (deadlines or however you want to name it)
- Too ambitious project (Meshnet, Darknet, Coin, Messaging, Skywire, ... ) All this things have already fallen.
- Reinventing the wheel over and over.
- Failure to innovate, the only real innovation of this coin was the consensus algorithm which has been postponed (cancelled ? who knows)
- Bill Clinton, Nuclear submarines and sport cars.

Things I like(d) :
- Focus on the simplicity of the code.
- Long term vision (darknet, skywire, meshnet).


Bitcoin is a toy. The marketcap of Bitcoin is 3 billion dollars and the total thefts in Bitcoin in last year was over 1.5 billion.

In Bitcoin, any one of thousands of things can happen that result in your Bitcoin being stolen. There was a thread in 2012 listing all the Bitcoin thefts and by 2012, they had to create a new thread because the theft list was so long that it exceeded the SQL database character limit.

When you say "not innovative" you mean "difficult to pump" features like "not having 50% of the coins stolen every year" which do not sound exiting to investors and people pumping coins, but it is a fundamental requirement for instructional investors and people using Bitcoin for commerce. 95% of the things in Skycoin are mundane, boring and tedious.

> Too ambitious project (Meshnet, Darknet, Coin, Messaging, Skywire, ... ) All this things have already fallen.

Bitcoin is insecure. Without a skywire type system, Bitcoin is dead. Period.

We had to invent a system for addressing nodes by public keys and this was not a choice. This was a requirement for protection against attacks that bitcoin is vulnerable to if an attacker controls the communication channel between Bitcoin nodes. All of the internet routers are backdoored.

The fact that it is a meshnet/darknet and messaging system, comes for free. Its just a very stripped down version of Multiprotocol Label Switching in a cryptographic namespace. It also replaces BGP and the whole thing is 2000 lines.

The government has been trying to push BGPSEC to replace BGP. The internet is currently a network of independent networks peered over BGP. BGPSEC replaces the peer-to-peer internet with a hierarchical central certificate authority. It allows the government to use court orders to shut off internet traffic for non-compliant hosts.

They can demand internet providers install stateful packet inspection hardware and blacklist transit for particular protocols such as Bitorrent and Bitcoin. They can also require IP block lists that drop packets going to particular IP ranges that transit through these networks. The internet has been resisting the transition from a peer-to-peer to a hierarchical system, however the government just seized the regulatory authority to force BGPSEC upon the world. If an internet host is hosting servers for the Piratebay, they will soon be able to blacklist all traffic to or from that host, until the host comes into compliance with whatever demands are made.

The government has subsidized installation of statefull packet inspection and interception hardware at the ISP trunks.

First they will court order the torrent sites out of search results, then they will IP block the servers and seize the domain names. Then they will begin blocking internet traffic by protocol, such as Bitorrent to traffic not using government approved encryption. That capacity is in place.

Skycoin Political Environment

This is what the economy looks like

Cellular Industry





As soon as the Bell monopoly was broken, up the companies continued to merge and force out smaller competitors using government regulation.

This is for media ownership



This is for internet companies.



Cable Industry



This is the freight industry



This is the Defense industry



Agriculture



Seed Industry



JPmorgan



Bank mergers.



There are two to four state granted monopolies in each industry. The companies are interlocked, interlocked ownership, interlocked supply dependencies to squeeze out companies outside of the network and interlocking ownership structures through financial sector. They use the government to squeeze out competitors and prevent entry of new firms into the market. Profits are increased, the consumer pays more and the combined percentage the corporations and government can extract from the public is increased. The competition in every industry has dropped, profits have increased. Everyone else is getting poorer who is not in the cartel.

Control of every major industry sector has been consolidated. None of these companies pay taxes. Workers are automatically taxed at +30% through withholding at every paycheck (through banking system) and then the money is given back to companies as tax rebates and government contracts. The companies do what the government says or the government threatens to pull the money and contracts, tanking the stock price. You give them money to create dependence and then threaten to withdrawal the money or offer more money to compel behavior.

In this model, people are resource like oil, where the objective is to maximum the resource extraction from the population
- maximize taxes, which are upward distributed
- print money or government debt and upward distribute
- drive down wages and use high unemployment to reduce worker leverage
- destroy small businesses with regulation, barriers to entry and disallow economic activity outside of the cartel
- use discontent over inequality the system creates to advocate for a bigger, more powerful government which can upward distribute more resources to the cartel, "for the benefit of the poor"

This cluster of companies is now 75% of US GDP and employs 8% of US work force. Its invisible, but in plain sight. They have an industry group that writes the laws and congress just passes them. Congress does not read the 12,000 page bills they are passing. If the law is controversial, they are not even allowed to read it before they vote on it. Its written and decided by the industry groups and then just rubber stamped.

There are price lists in congress for buying political appointees to the regulatory bodies. The industry is regulated for the benefit and profits of whoever buys seats at the regulator. The regulator is the industry group board, where the members of the industry decide how the industry should be structured to extract the most money out of public. The congress and budget determines the distribution of loot between industry sectors.

The farm interests dont have an industry group, but for instance decide that government should set aside this many billion dollars this year, to farmers to leave their farms fallow, in order to create scarcity and ensure a high degree of profit. To shake out the smaller farms, every few years they might decide that government should pay a price to each farmer for each bushel of crop grown, with a quota and most of the quota allotted to the large companies. They then over produce the crop, sending the price down very low and shaking out the independent farmers.  

The Emerging Internet Cartel



If you examine, how these companies operate, they use interlocking supply chains to lower the cost of goods, raw materials within the cartel companies and cut off supply of resources to companies outside of the cartel. They buy up every critical suppliers for an industry and then cut the non-cartel companies off.

Comcast and Time Warner, built nation wide fiber networks. They divided up the market, merged all the cable companies and split them up through merges and acquisitions until there was one company per market. There are two cable companies, but you do not have a choice of which cable company because each house is only served by a single company, so there is effectively a monopoly. They see people cutting the cords on cable television and switching to digital services and they need to maintain and grow revenue. They are seizing the core of the internet infrastructure and centralizing network transit. The internet is built upon reciprocal traffic agreements where two collocated networks agree to transit to each other for free.

They are replacing that, with a network where Comcast and Time Warner control the line to the user. They will allow free reciprocal transit between companies within the cartel, but will squeeze out every other network and force them pay Comcast/Time Warner for transit, to reach the customer. They will squeeze out the smaller network providers and consolidate the industry. This is happening right now. It is happening through corporate maneuvers and through hundred of small regulatory rule changes and government seizure of power.

Comcast is forcing, Youtube, Netflix and all the major content verticals to peer directly with them and pay for transit, to access customers, cutting out Layer 3 and the independent providers. Google is threatening to deploy fiber or a WISP, but the technology is merely a threat against Comcast to reduce their bargaining power, to prevent Comcast from move to metered pricing for service providers who want to access Comcast's user base if they gain a dominant position. So if Google cuts a deal to stop ISP expansion in Comcast's market, they will get preferential pricing but Comcast still will be in a position to extract metered pricing from everyone who wants to send data to users on Comcast's network.

This is a platform war.

The infrastructure is already in place to IP block servers like torrent sites and make websites disappear off the internet. The infrastructure is already in place to disconnect connections by application, such as disabling all torrent traffic, all peer-to-peer traffic or all traffic using non-government approved encryption. Stateful packet inspection hardware has already been installed.

>- 1 anonymous dev : Despite the random use of "us" in the posts it seems clear that you are alone developing this coin.

There are as many people working as Skycoin as there are people who want to work on it. If Skycoin only has three Satoshis instead of ten, then it reflects fault and laziness of the Bitcoin community. When people do not get windows builds, they complain and expect everything. They should find someone who can write a bash cross compilation script and have them do a pull request.

There are literally people who have never programmed before, who learned golang and contributed something. One person learned Golang from scratch and wrote a 6000 line wifi controller library. That is how I determined that I was only getting 1 MB/s inside of house, from a router that was 30 ft away.

There are a dozen of things people could do right now
- go into /src/gui/wallets.go and add optional address parameter for filtering outputs by address
- go into /cmd/ and add a command that dumps the transactions as json (from blocks on disc)
- create a blockdb module for storing the blocks (get block by index, get block by hash), storage blocks in dayfiles
-- go into visor, then make it use the block storage module
- add commands to /src/gui/wallets.go
- move commands json api for block state out of /src/daemon into /src/visor
- write a blockchain explorer that runs inside the wallet (/src/gui/ ), add api calls needed for the blockchain explorer
- write a advanced tab in wallet, that has deterministic key gen, getting addresses, transaction construction by hand, signing. a little jquery app
- help implement Skywire
- help implement merkle-DAG

If I try to do everything, the community will be dependent, because they will expect everything to magically materialize without doing anything, when I could be doing something else instead of googling for four hours about how to get golang cross compilation working with cgo. Different people on the project are working on different aspects, but I should not feel obligated to take on everything that no one else will do, just because it needs to be done.

>- Reinventing the wheel over and over.

If OpenSSL did not have a new remote code execution zero day every week or leak bits of the private key during ECDH into the timing channel or leave your private keys in the SSE registers so other people on your VPS can steal your Bitcoin, then we could have kept using that instead of spending three months so we did not need OpenSSL.

Read this.



If you patch or reveal a major bug in OpenSSL, you may be threatened because you removing a bug that other people are selling or exploiting for money. That is why I think there is so much resistance to removing the buffer overflows from OpenSSL, gutting the obsolete ciphers and that is why the memory allocator is wrapped so that valgrind is unable to detect overflows.

This is just one library. This is not even including hardware, the network, the operating system, the kernel, microcode.
The tower is built upon sand.

Rant

- OpenSSL is backdoored, timing channel attacks, buffer overflows, accepting improper inputs that leak bits of the privatekey (replace)
- OTR is "secure" however in pidgeon it sends plaintext over wire and saves messages to disc sometimes. usually at start of conversation (useful for timing channel, metadata). If a peer is authenticated and later changes their public key, there is no notification. man-in-middle attacks would not be detected and the user would not be alerted.
- the operating system is backdoored (gut and replace, push things to use space)
- multiple packages are backdoored at the build server (deterministic builds)
- the security auto-update mechanism is backdoored on almost every operating system (switch to linux, upgrade/replace system)
- almost every ASIC in every electronic device you have is backdoored.
- Your Apple wireless keyboard emits a 27 Mhz frequency and everything you type can be read from orbit. It may even be possible to root the computer over USB over radio. I am surprised no one has launched a satellite yet to steal Bitcoin deterministic wallet seeds.
- almost every device in your computer with firmware and DMA access has buffer overflows or backdoors (NIC card, GPU, sound card, bios, hard disc). If your hard disc firmware is backdoored you can replace the motherboard and you are still infected. If your bios is infected, data is exfiltrated even if you are running tails.
- Firewire and USB 3.0 allow DMA and allow you to overwrite the kernel (USB 3.0 exploit not confirmed yet). They allow ex filtration of disc encryption keys from ram. just plugging in firewire device is dangerous
- Many NIC controllers have backdoors and can suffer overflows from specifically crafted packets
- Every CPU (AMD and Intel) has microcode exploits. This allow sandbox breakout. If you run Bitcoin app on cloud computing where the computer is shared, they can break out of sandbox and loot your private keys. Some microcode exploit may be triggered by javascript or merely parsing a string.
- some intel CPUs can be rooted through CPU firmware updates over radio
- there is surveillance backdoors in every phone OS
- there back doors and surveillance software in many mobile analytic and advertising packages included in almost all mobile applications
- the baseboard of almost all cell phones is back doored and has several exploits
- California has mandated cell phone kill switches in all phones by law. These are implemented as on air firmware updates. During a protest police can ID all phones of people at the protest, root the phone, upload all the contact information and text messages from the phone, disable the cameras on the phone, delete audio, video and pictures on the phone from the protest, disable the internet on the phone and brick the phone or install surveillance software. They can do this sitting in a back office.
-- This system allows anyone's phone to be covertly backdoored at any time and is required by law in all phones globally as Apple/Google are located in CA. Police can stringray to collect phone IDs for persons at a protest and then later just install surveillance software on their phones in bulk. This is on top of the baseboard exploits and backdoors. FBI whining about disc encryption on iPhone crippling collection efforts is a lie.
-- the cell phone "kill switch" is really a remote firmware update and its in many laptops now also
- all consumer routers are backdoored.
- all routers are backdoored under CALEA and have additional backdoors or exploits
- HTTPS acceleration hardware used by companies like Facebook is backdoored to allow extraction of the privatekey. We should assume that under the FISA court, that all companies are required to secretly disclose their HTTPS/TLS private keys so that traffic can be decrypted.
- If your data is held by a third party (Facebook, Google, Twitter, Email) you have no expectation of privacy and a warrant is not required for collection. The data is public. Almost every communication service provider in the US has been ordered to give firehose access to the data, while the agencies pretend they dont have the data or only have metadata or need more data. The data is collected by government, managed by private companies and the worse programs are compartmentalized in contractors who are not bound by the procedures or restrictions of the government agencies.
- Courts are unable to perform enforcement on government employees. The laws do not apply to them. Courts cannot enforce the laws. A law saying a company does or does not need permission or a warrant is meaningless, because the laws cannot be enforced by courts. Assassination, BGB manipulation, bribing employees, threatening employees into implementing program at unwilling company without knowledge of management team, tapping fibers, hacking, jailing uncooperative CEOs for security fraud. There is nothing they are not allowed to do. If they can do it and get away with it, they are doing it.
- Congress does not appear to be aware of full scope of surveillance. The heads of the agencies involved do not appear to be aware. The programs are compartmentalized so no one has full oversight and everyone can individually deny they are doing it. The CEOs and management of the tech companies were not even away of the scope of participation of their companies in the programs.
- Your television, PS3 has microphones, is connected to the internet and is backdoored
- On-Star cars can have microphone turned on and car can also be hijacked remotely. Almost all fly by wire systems for automobiles are insecure and have local and remote hijack vulnerabilities.
- This list could go on for 3x longer.

There is a hierarchy of exploits. The less paper trail the better.

- passive automatically collected data (almost all of internet traffic) is first choice. this includes all emails, text messages, contact books, facebook posts, twitter posts, pictures, location data from cell phone. Websites visited, Google searchs. This is any non-encrypted communication, automatically collected. This is 99% of internet data.
- there are private databases for license plate readers, facial recognition, all credit cards transactions, finantial transactions. Account balances, websites visited. This is not-NSA. The non-NSA databases have more data and more useful data than the NSA intercept data. These are available to anyone with money.
- if private keys or SSH keys are needed to decrypt the data a publicly known exploit can automatically be run against target. There is a menu of exploits and its practically one click. This is deniable, does not need warrant. Attack can be launched from anywhere in world and will never be traced back to the private firm. "diodes". Each private firm has its own tool chain, their own software for probing the target, determining operating system, software packages and an exploitation framework like metasploit.
- There are law enforcement backdoors in everything. However, these leave paper trails, are not deniable and require warrants. That is why they also put in covert backdoors, software exploits and compromise protocols. These exploits work on foreign targets and no legal pretense is needed.
- rare, zero-day exploits are saved for high value targets with low technical ability. This is for high value military, technical and political targets. They lose value the more they are used. If an exploit is used against a honeypot server or technically advanced target, it might become useless.
- for some targets a warrant and then Apple remote firmware update is best.
- If the company can do this without talking to Apple (has private key for signing emergency updates and can impersonate update server, they will just do this automatically and dont need warrant or paper trail). Windows, OSX, iOS update signing keys, control of debian package build servers and signing keys, these are at a higher tier.
- highest tier are CPU microcode exploits, hardware level privilege escalation attacks that can be used to daisy chain through networks of hardened military targets.

The current situation in security, is that everything is privatized. The same firms that hack for the NSA or other government agencies, hack for the Fortune 500 and hack for third world dictators. They use the same methods, the same software, the same exploits. The NSA buys exploits in the same forums as everyone else. Almost everything is completely commodity.

The same firm who can deniably attack an organization for the NSA, will attack a Bitcoin exchange and loot 100 million in Bitcoin and it will never be detected or traced back to them. They will do anything that makes money that they wont be arrested for. Low level starts at target identifiers, network probing, metaploit. Attacking network without getting out of chair. Higher level includes infiltration, social engineering, competitive intelligence, tempest interception of wireless keyboards, bugging, bios rootkits. Example attack may include, spear fishing an employee, hacking their cell phone and then rooting computer when cell phone is plugged into laptop or computer on internal network to charge. Swapping out hardware for hardware with firmware back-doors.

The best exploits are in hardware. They are undetectable and can only be exploited by the person who created the exploit. For instance, if there is an integrated sound-card DSP on a motherboard and it has DMA access and a tiny coprocessor. Then you can backdoor it so that if a jingle plays on the sound card, then inject shell code or overwrite section of kernel. A sound could play on website (could be an ad from demand side platform targeted to you, that could appear on nearly any website on internet) and plays the sound and your computer is rooted. Your bitcoin wallet is gone.

You can ship motherboards with bios backdoors preinstalled. Graphics cards with firmware trojans that activate randomly after a month. Exploits on disc drive firmware. Network adapter firmware. Wifi cards, USB dongles. Apple's thunderbolt cable has twelve chips in it and has DMA.

Once a computer has been seized, you can install backdoors on all the firmware connected to the computer. Reinstalling the operating system, throwing out the disc drive and flashing the bios is not enough. You get reinfected because the GPU firmware is infected. Every USB thumb drive and cell phone that is plugged into the computer is also infected. This is possible today, but has not occurred yet.

This is the state of computer security. This is why over 1.5 billion in Bitcoin out of Bitcoin's current 3 billion dollar market cap has been stolen in the last year. This is why the theft will not end.

Bitcoin is only at 3 billion and has almost no users. If Bitcoin has 100 million users or was at a trillion dollars, with current computer security ... there would be people flying drones over cities rooting millions of cell phones, injecting shell commands over wireless keyboards, hihacking wifi sessions and injecting zero-day javscript exploits. People would be driving down the street in vans with antenna arrays to pick up EM emissions from SATA drives writing Bitcoin private keys to disc.

One of the people with the NSA key for signing windows updates, might hijack every windows computer in Europe to steal Bitcoin wallets. People would be putting remote execution exploits into every package, in every piece of software and keeping them instead of selling them.

So you can complain about Skycoin "reinventing the wheel" and "not being innovative", but I dont see how anything like Bitcoin can exist without being stolen in its current form. If you are a wallstreet HFT firm and you are trading a billion dollars a day in Bitcoin, how many days do you think you can keep the Bitcoin safe before they are stolen.

The future of the internet

The future of the internet is here and it is in China. China is ten years ahead of the rest of the world.
- every server requires a "real id" to register. You need a government ID number to rent a server.
- the government is shutting off the public address space. All ISPs have been ordered to NAT firewall users so that users cannot connect peer-to-peer. Users can only connect to government registered servers. Connects to non-government approved servers will automatically be dropped
- You cannot blog or chat without registering it to your government ID. Anonymous speech is dangerous.
- You must be registered with the government and receive a license to run an online service. The government can shut down the service if they withdrawal your license. Once your licence is revoked, users automatically become unable to connect to your servers.
- Domestic firms lobby the government to keep traffic and money inside the country. They begin slowing traffic down that leaves the country and charging users for traffic that leaves the country. You need a VPN to access content outside of the country. Services are required to keep all data for users in the country of the user and other laws that benefit large firms and hurt small companies who are unable to comply.
- encryption requires registration and government backdoors. You are not allowed any communication the government cannot read.
- the ISP has statefull packet inspection hardware and will IP block connections based upon what application you are running. Your not using government approved encryption. Blocked. You are not using a government approved protocol. Blocked. You are using VPN software. Blocked.
- when you say particular words on Skype that the government does not like, your call drops

I believe that ten years from now, China has a better prospect for internet freedom than the United States. It may be too late for the US, given the industry consolidation and absolute power the government and cartel wields.

Fighting Comcast/Time Warner, MPAA, RIAA, NSA and the cartel is like sticking your penis in a hornets nest. Its not worth being suicided over. Aaron Swartz would still be alive today if he had not challenged the government over its ridiculous paywall on court rulings. Michael Hastings was clearly warned multiple times and had it coming. It is very unrealistic to expect that once complete dominance of the financial system, all industry, government and all communications has been achieved, that this power would be given up willingly. Its not worth fighting for.

China is cracking down right now, but I believe in the long run the US internet will be more oppressive than the Chinese internet and the Chinese internet will be free.

The Road Forward

Just as I was about to start the IPO, there was a remote execution exploit for linux that was publicly released and affected almost every system. A person could send you an email or anything that triggered a DNS query (possibly even from javascript) and your computer tries to resolve a hostname and your computer is now hijacked.

MtGox was written in PHP, here is a tutorial on hijacking PHP and taking control of a PHP server, "Finally, CVE-2014-8142 was found and patched, but not patched correctly, which lead to CVE-2015-0231" http://www.inulledmyself.com/2015/02/exploiting-memory-corruption-bugs-in.html

This is exploit for taking over windows computer once remote execution is achieved. This allows you to flip one bit in the operating system in adobe and break out a sandbox (flash program, web browser) and hijack the machine. There are hundreds of exploits like this. The best exploits are sold and carefully hidden and exist for two to four years before they are fixed. http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/

Everyday there is another exploit that can hijack your computer and steal your Bitcoin. This exploit uses a regex in flash to get execution and potentially hijack your computer. Very little stops someone from taking an like this exploit and putting it into an advertisement and then run it on a website and hijack 40 million computers. If they targeted a site for Bitcoin users they could steal all the Bitcoin wallets or install software that patiently waits for users to unlock their wallets or put in their deterministic wallet seed http://googleprojectzero.blogspot.com/2015/02/exploitingscve-2015-0318sinsflash.html

I cant rule out putting up the Skycoin bot and then five minute later someone looting all the coins with an exploit. It is impossible to rule out and it is almost certain that such an exploit exists. Instead of finding and fixing exploits like this, we need to determine the preconditions that rule them out. I do not believe that it is currently possible to store coins in an online wallet without them eventually being stolen.


- Choose a memory safe subset of LLVM IR. This should be the standard for executables and be flexible for compilation to a variety of new CPU/GPU architectures. Linux equivalent of Microsoft's CIL specification.
- Implement a virtual machine/emulator for a simplified x86/x64 instruction set that is memory safe.
- Prototyping new CPU architectures on FPGA, building simulators, testing framework and bench-marking (eventually, but first target is ARM, x64)
- Push as much out of the kernel as possible into user space.
- Create memory safe version of C and compile all of linux against it, with a new compiler. Must achieve deterministic builds.
- Achieve deterministic builds for all linux packages in debian with the above method. Without deterministic builds we cannot confirm that the build servers are not adding backdoors into packages.
- Moving away from monolithic computing architectures. CPU/RAM should be a unipro module. Sound card should be a unipro module. Networking card should be a unipro module. GPU should be unipro module. USB interface should be a unipro module. We need to compartmentalize hardware to avoid DMA and guarantee security of the platform even if individual chips or firmware is backdoored. The current CPU architecture allows firmware from the bios, hard disc, networking, graphics card or sound card or USB controller to overwrite the kernel with DMA access. this needs to end. This has added advantage of being able to just add more CPUs or GPU units by popping in more modules. The baseboards for unipro for ARA are almost here.
- the modules are also good because we can put them inside of block of aluminum to control tempest emissions and have immersion cooling.

The above is required for a secure computing platform. This is a two to four year project. Realistically fifteen years. I am not doing the coding, but know very good people who can staff some of the sub-projects. Writing C compiler and the LLVM virtual machine, I know someone who can do that very well.



This is ARA. This is unipro baseboard. This is also the target architecture for the Skywire meshnet hardware. You can pop a CPU in or out. Add a storage module or swap out a camera. The cell phone, tablet, laptop, server and desktop will end up on a modular platform like this. It will start with cell phones and servers first as these are already running on ARM. This is essentially the next generation of the blade server.

There is a common bus (unipro) that goes up to 20 Gb/s. It sends fixed length ATM packets. There is an FPGA in each module that ferries the data off the bus.

That is roughly what the next generation computing and server architecture will look like.
- Modular RAM, memory, CPU units on bus with communication by message passing on common bus or switched network
- blurring difference between CPU and GPU
- thousands or millions of cores, probably ARM at lower clock rate
- need for common language framework (LLVM IR type intermediate form) that can be compiled down to whichever achitecture is used in a computing unit (computing unit for matix operations or graphics, or computing unit without floating point operations, units with FPGAs)
- memory safety
- compartmentalization for security

Compartmentalization and pushing the kernel function to userspace is important, because you might have 500 units with 4 cores each and 2 GB of per board. You will want to be able to rent them out by the minute or hour, but want isolation. This type of modular server, can have power densities of 500 kW per rack with immersion cooling.

At the kernel and operating system level
- IP addresses have been replaced with public key hashes (skywire)
- no difference between local and remote storage.
- Content addressable file systems for some systems packages and things that need to quickly peer-to-peer replicated (Merkle-DAG)
- microkernels, millisecond bootup of docker style containerized applications
- applications can be stopped and moved between computers
- applications have seperate configuration and data folders and are modular packages suitable for replication
- applications only have access to resources they need. Other applications cannot reach into your bitcoin wallet folder. Applications choose which resources to expose to network (resource push and pull). Strict compartmentalization.
- users have a "personal cloud" of hundreds of devices. processors, laptops, tablets, desktops. The personal cloud consists of the resources the user controls or has access to. Disc storage, speakers, light bulbs, cpus, monitors, cnc machines. If a user adds a laptop to their cloud and uses the laptop, their applications are available automatically and their data is available across all devices. If a user plays a song on the laptop, they will have a choice of sound output resources (the laptop, the television, a pair of bluetooth speakers) to play the song over. All resources will be exposed to the network.

The hardware is commodity, the ARM processors are commodity, the ram is commodity, the bus standard is commodity. We dont really have to do anything because this type of hardware architecture is happening by itself right now. The ARA as a test board will be available in a few months

Security Preconditions for Secure Online Coin Storage
- we have to make sure we have deterministic builds (compiler, possibly new C variant)
- we have to make sure we have memory safety at language level (C compiler, requires new language)
- we have to make sure there is no undefined behavior (avoid problems in Bitcoin/C/C++ standard)
- we should aim for running debian, but initial ARA will be some Java Android OS
- we need to ensure that there is isolation between the modules. That one module if compromised is unable to root the other modules. A compromised sound card or network card should not be able to write into the CPU address space and hijack the kernel.

If those pre-conditions are met, then I would feel safe storing 100 million dollars in Skycoin in a live wallet.  With power isolation and tempest shielding the security level becomes similar to physical gold. No future bug discoveries can loot the private keys or root the box over the network.

Until those conditions are met, hot wallets are wallets waiting to be stolen.

I was hesitant to do the pre-sale for such a low amount of equity for the investment, but given such a clear understanding by the developer of what is really going on and the threat it represents, I'll toss a few coins into it. It is very important that something like Skywire be implemented to put communications and data completely under the ownership and control of the users.

I want to avoid a future like Hunger Games and Elyssum.

Bitseed - dedicated full node hardware
BlackShibe1
Sr. Member
****
Offline Offline

Activity: 260
Merit: 250


View Profile
February 14, 2015, 03:39:26 AM
 #1673

Excuse me but what happen if something happen to you and the 98% coins

Then the skycoins in circulation become 50 times more valuable  Grin

But the dev is anon
If something bad happen to him or if he just disappear like satoshi
Who's gonna invest in this coin in the futur
It's 98% in his hands

Lisk.
    Develop Decentralized Applications & Sidechains in JavaScript with Lisk!
    Website | Blog | BTT Thread | Chat - Be part of the decentralized application movement!
Coinmin
Sr. Member
****
Offline Offline

Activity: 483
Merit: 250


View Profile
February 14, 2015, 03:46:59 AM
 #1674

Excuse me but what happen if something happen to you and the 98% coins

Then the skycoins in circulation become 50 times more valuable  Grin

But the dev is anon
If something bad happen to him or if he just disappear like satoshi
Who's gonna invest in this coin in the futur
It's 98% in his hands

I am sure the dev will find solution.
bitwhizz
Legendary
*
Offline Offline

Activity: 910
Merit: 1000



View Profile
February 14, 2015, 12:35:23 PM
 #1675

Thank you Skycoin for the post, one of the most interesting posts i have read this year
skycoin (OP)
Hero Member
*****
Offline Offline

Activity: 498
Merit: 500


View Profile WWW
February 16, 2015, 04:28:51 AM
 #1676

I cant rule out putting up the Skycoin bot and then five minute later someone looting all the coins with an exploit. It is impossible to rule out and it is almost certain that such an exploit exists. Instead of finding and fixing exploits like this, we need to determine the preconditions that rule them out. I do not believe that it is currently possible to store coins in an online wallet without them eventually being stolen.

If you create a paper wallet being offline the whole time and just track the transactions to that address isn't that safe?

Yes. If the wallet was generated on a computer that is not compromised. Many people buy a $200 laptop and generate addresses from computer that has never been connected to the internet.

This used to be secure. You could keep the private keys on one computer, then create a transaction by hand on the computer not connected to the internet and then put it on a USB drive and carry it to computer connected to the internet, where it will be injected into the bitcoin network for execution (addition to a new block).

However, recent malware like Stuxnet and more advanced malware has been able to infect systems over USB and hop from system to system. We are worried about a USB 3.0 DMA exploit. USB is very dangerous for windows users because auto-execute. This makes these attacks possible for 95% of script kiddies. Attacking a linux to linux USB transfer will be more difficult but cannot be ruled out.

The trojans that did this, used to be files on the USB stick. It was a program that was automatically executed when the device was plugged in, that installed a backdoor to the computer and starts scanning for bitcoin wallets or connects to a botnet control center for additional instructions. It might install ad toolbars for ad money, scan for bitcoin wallets, fix security holes on your system so other hackers could not take over the system (king of the hill) or install a key logger and begin grabbing email passwords, credit card numbers and bank account details.

The new trojans are hidden in the firmware of the USB drive itself. They cannot be seen on the file system. You can pass out a USB stick at a Bitcoin conference, someone formats it, thinks its safe but there could be anything in the firmware. If your computer is infected and any USB device is plugged in, that device could potentially be infected itself and spread to any other computer it is plugged into.

Here is an article on USB security and BadUSD: http://www.forbes.com/fdc/welcome_mjx.shtml

Offline Wallets:

Skycoin will have some more features for doing offline wallets or wallets on computers not connected to a network. You for instance, may generate a wallet and seed on a computer not connected to any internet. Your "cold wallet". Then you send the coins to the first address in the code wallet. Then you load the unspent output hash by hand (typing it into the computer).

To send coins out of the code wallet, without connecting the computer to the internet,  the wallet generates a transaction on the computer not connected to the network and produces a QR code you scan with a cell phone to injection that transaction into the network.

There should be a way of doing this safer than USB. Maybe coupling a cell phone app to a laptop over speaker/microphone.

IPO Security

We ended up generating a wallet with a few thousand addresses, using a computer that has never been connected to the internet and then encrypting the addresses (lock the wallet). Then transferring that to the computer running the IPO bot. So even if the bot is hacked (very difficult but cannot be ruled out) the Bitcoin private keys are safe and locked. We have all incoming ports firewalled and the bot is in a memory safe language, so buffer overflow vulnerabilities are not possible (except through one c library dependency).

So the bot can receive coins and check balances, but cannot send coins and even if hacked, cannot loot the Bitcoin (unless they can unlock the wallet). The Skycoin can be looted, but there is a receipt system, so can handle it.

Bitcoin has several security problems. Bitcoind does not allow you to check address balances, unless the public/private keys are loaded into the wallet. You used to be able to just load the pubkey, but that is deprecated. It is designed to force you to do things in ways that increase the risk of theft or loss of coins.

The problem is that people can lose coins because of factors that are not under their control (software bugs, bad usability, bad design, unexpected behavior in the wallet with change addresses, wallets not really be deleted on SSD, buffer overflow attacks). Every factor has to be brought under control. Its exhausting.

Skycoin Exchange Proof of Concept

We think
1> All exchanges should have a common API
2> Exchanges should not be holding balances of coins. The coins should automatically be withdrawn back into the users wallet. The user should be holding the private keys, not the exchange.

In this type of exchange, an exchange is a publickey hash, you add exchanges you trust to a list. The wallet queries the exchanges on the list and looks for the best bid/ask on each coin. Then you do trades and settlement and clearing.

The problem is that Bitcoin takes 10 minutes for settlement, while a person may enter in ten trades per second. If Skycoin achieves 1 second transaction times, then you can do settlement but wont have the Bitcoin in your wallet for 10 minutes. However the Bitcoin will be stored locally and cannot be stolen if the exchange goes down.

It is possible to do instant settlement with Bitcoin without waiting 10 minutes or going through the blockchain at all
- You place your Bitcoin in a multisig transaction, where moving the coins requires your signature and requires the exchange's signature.
- To send the Bitcoin to the exchange, you merely disclose the private key for that Bitcoin address.
- Now the exchange can authorize transactions with the Bitcoin but you cannot
- The exchange cannot steal the coins without your permission
- If you exchange discloses the private-key to you, now you own the coins and you can move the coins but the exchange cannot

So it is possible to do "instant" settlement of Bitcoin off the blockchain. However
- exchanges can hold your coins hostage (sign this transaction giving us 50% of the coins you get nothing)
- if the exchange forgets or loses the private key then you cannot get access to the coins

To get around this, you set a timer and make the signature check short circuit after 30 days. So if the coins are not moved, within thirty days they return to the person who owns the privatekey for the first address. This prevents the coins from being held hostage or prevents coins from being lost if the exchange forgets the privatekey.

To implement that, you would need a bitcoin scripting language op code that can read the time in the blockchain header for the current block and compare it to a target value. Or which can compare block depth of current block to a target value.

Bitcoin/crypto Infrastructure

So the exchange problem has been solved for a while, but no one has implemented the solution. It requires a series of libraries, scaffolding and infrastructure that does not exist and which no one is building.

I see Bitcoin/crypto as a sort of "money operating system" and it a platform with missing core libraries and capacities. Just like the standard library for "open file", "read file", "write data to file", there are a set of standard operations for Bitcoin. Private key generation, signature verification, communication, settlement/clearing and dozens of others. Bitcoin only implements "check balance" and "send" and has a very crude implementation of a fraction of the capacities or libraries needed.

Some of these core operations overlap with the standard library for the operating system. Why you connect to an IP address, you have no idea if the traffic is being intercepted or man-in-the-middle attacked. Any router between you and the destination can intercept and redirect the traffic. The  IP addresses does not actually identify anything in the real world.

When you are on OkCoin or an exchange and you send an HTTP request for "withdraw my coins to this address", what stops someone from sitting in the middle and replacing the address you wanted the coins withdrawn to, with their own address? What prevents them from withdrawing all your coins to themselves? Nothing. HTTPS sometimes (but in practice not, depending on your browser, your ISP and the security of the exchanges HTTPS private keys). Instead of hacking OkCoin, you can hack a frontend server, bribe and employee, get the private key for HTTPS and then hack any router between the user and the exchange and then steal all their coins by intercepting their traffic and withdrawing the coins to your address once they have logged in. How many coins could one person steal with a single BGP hijack and the HTTPS privatekeys for one exchange, without even having to hack the exchange itself or grab the private keys for the Bitcoin.

When you replace IP addresses by a pubkey hash, then unless the person has the private key for that pubkey, they cannot even read the messages you are sending.

You can guarantee that the end-point, if it is able to respond, at-least knows the private key for the publickey. Once you have that, you would deprecate the use of UDP/TCP/IPv4/IPv6 for all Bitcoin applications, because there is no reason you would use those protocols because they only have relative disadvantages in every category for security and do not offer superior performance. Eventually, it moves up the protocol stack and the operating system itself deprecates UDP/TCP/IPv4/IPv6.

So I want Skywire to replace
- UDP
- TCP
- IPv4
- IPv6
- HTTPs
- SSH
- SSL/TLS
- BGB
- MPLS
- TOR
- IPsec
- VPN protocols
- ...

Ironically, Skycoin started as a universal token for traffic settlement in the Skywire protocol. However, Skycoin itself began to require Skywire itself to meet security guarantees for higher level protocols.

This is very boring to most users. Very difficult to sell. People take for granted infrastructure like water and electricity, until it goes out. I think people will eventually end up using it in a way that is invisible to the user. No one thinks or cares whether they are using IPv4 or TCP/IP or HTTPS  when they open a Facebook page.

Another thing to consider is that Facebook makes less than $2 per year on each user and that between cell phone service, cable television and internet each person easily spends $3000 per year.

The real world is like H.G. Wells The Time Machine. Except that the above ground is where Facebook and 98% of users live in comfort and luxury without any concern for where anything they consume comes from, but there is no money here. All the money in the world is in the lairs of the morlocks laboring underground running the tubes and broilers, everything the Facebook users take for granted.

Bitcoin's market cap right now, is 3 billion dollars. Three billion a year is like level of tax evasion by single person or a divorce settlement. A single sovereign wealth fund or dictator trying to stash money where it cannot be seized, is more than the whole Bitcoin market cap. That means everyone here is still early. Bitcoin is already up ten million times from five years ago, but to go to 2 trillion is merely another 600x increase. 1% of global assets in crypto.

However, the state of the technology and computing is not ready for that type of society. The thefts would go from 2 million to 2 billion per month, the mining costs would go from 1 million a day to 600 million a day and drain the money back out of the system. There are technological upper bounds on Bitcoin's market cap. The mining overhead and the overhead from theft, have equal contributions to deflating Bitcoin's marketcap.

I should be excited by the IPO, I should feel like its 1994 again and its the Netscape IPO again. However, I feel numb because I see how much work is left. A week passed and I did not even notice. I feel like there are two days left of work and its so near, but never seem to get closer because of billions of small details

In a race, the quickest runner can never overtake the slowest, since the pursuer must first reach the point whence the pursued started, so that the slower must always hold a lead. – Aristotle, Physics VI:9, 239b15

An open source, volunteer model does not work effectively. I am going to hire more developers, set priorities, then transitioning away from coding directly and will just be doing code review.

cryptrol
Hero Member
*****
Offline Offline

Activity: 637
Merit: 500


View Profile
February 16, 2015, 08:11:17 AM
 #1677

... Every factor has to be brought under control. Its exhausting. ...
That's because you can't have every factor under control. Even if you do a damn fine job, there will always be things like social engineering and targeted malware. This is unstoppable (ask the banks that has just lost 300M USD).
monkeygang
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
February 16, 2015, 08:16:03 AM
 #1678

where can we buy this damned buttcoin already?? bittrx whats going on im getting scared again

monkeygang.. you cant join. your already a member
skycoin (OP)
Hero Member
*****
Offline Offline

Activity: 498
Merit: 500


View Profile WWW
February 16, 2015, 08:25:38 AM
 #1679

- Choose a memory safe subset of LLVM IR. This should be the standard for executables and be flexible for compilation to a variety of new CPU/GPU architectures. Linux equivalent of Microsoft's CIL specification.
- Implement a virtual machine/emulator for a simplified x86/x64 instruction set that is memory safe.
- Prototyping new CPU architectures on FPGA, building simulators, testing framework and bench-marking (eventually, but first target is ARM, x64)
- Push as much out of the kernel as possible into user space.
- Create memory safe version of C and compile all of linux against it, with a new compiler. Must achieve deterministic builds.
- Achieve deterministic builds for all linux packages in debian with the above method. Without deterministic builds we cannot confirm that the build servers are not adding backdoors into packages.
- Moving away from monolithic computing architectures. CPU/RAM should be a unipro module. Sound card should be a unipro module. Networking card should be a unipro module. GPU should be unipro module. USB interface should be a unipro module. We need to compartmentalize hardware to avoid DMA and guarantee security of the platform even if individual chips or firmware is backdoored. The current CPU architecture allows firmware from the bios, hard disc, networking, graphics card or sound card or USB controller to overwrite the kernel with DMA access. this needs to end. This has added advantage of being able to just add more CPUs or GPU units by popping in more modules. The baseboards for unipro for ARA are almost here.
- the modules are also good because we can put them inside of block of aluminum to control tempest emissions and have immersion cooling.
The above is required for a secure computing platform. This is a two to four year project. Realistically fifteen years. I am not doing the coding, but know very good people who can staff some of the sub-projects. Writing C compiler and the LLVM virtual machine, I know someone who can do that very well.

Talking about a new CPU structure, I wonder if you are interested the Jinn project (a modern ternary general purpose processor) which CfB is working on -
https://nxtforum.org/news-and-announcements/(ann)-jinn/
https://nxtforum.org/jinn/


Quote
Jinn processor is a bunch of independent cores. A piece of code (entity) running on a core does some computations and can interact via messages with other entities running on other cores. A single task may require to send millions messages between thousands entities. In some cases the order of these messages doesn't matter, in some - does.

If we set a strict order of the interactions then we may lose concurrency and in the worst case a processor with 1000 cores will utilize only 1 core at a single moment of time. On the other hand, it's very hard (if possible at all) to split a task into pieces of code that can run in any order. Jinn provides a way to set the sequence of interactions within desirable limits. Some interactions may happen in random order, some may wait for special conditions. This is one of the main contracts of Jinn - to ensure a particular order of interactions within a single processor box and among several processors working in tandem all over the world.

There were math co-processors speeding up floating-point operations in the past. Now we have GPUs that are used to render 3D scenes. Jinn has its specific usage too, it's designed to lower interaction latency of distributed computations

This is interesting. Their website is down, so I cannot access the documents. Otherwise would want more information. This could be useful.

iamback
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
February 16, 2015, 09:28:38 AM
Last edit: February 16, 2015, 10:17:22 PM by iamback
 #1680

Someone PM'ed me links to the OP and the following two posts:

https://bitcointalk.org/index.php?topic=380441.msg10445540#msg10445540
https://bitcointalk.org/index.php?topic=380441.msg10475089#msg10475089

I formerly posted under the usernames AnonyMint, TheFascistMind, and UnunoctiumTestacles (and a couple others I don't recall). I have particularly relevant post in the On the Longest Chain Rule thread.

The skycoin author appears to be possess considerable technical knowledge. And he writes clearly with high information density.

Many of his goals mirror mine. I am also an accomplished programmer.

However, it only took me a few seconds to see several issues that I believe ruin any chance of his success. I speak from experience in coding and marketing million user commercial software projects. I hope he takes this as constructive criticism and not as an attempt to hurt his project. I currently have no investments nor vested interest in any competing crypto-currency.

1. A non-PoW consensus is DOA, because there isn't enough time to thresh out the issues and trust it before the global economy begins to collapse in 2016. For example, the selfish mining attack wasn't discovered (or let's say widely proven and recognized) until years after Satoshi published PoW. Thus, the serious marketplace isn't going to trust a novel non-PoW consensus. Instead I have designed a PoW system which resolves many of the issues that plague Bitcoin, including ASIC economics. Some hints are in my linked post above.

Also I have some mathematical intuition that avoiding the 51% attack will always tradeoff security in another facet.

2. Afaics, he has absolutely no marketing acumen. He wants to go directly to replacing the internet infrastructure without a viable marketing scheme for ramping up.

3. He doesn't have the most essential quality of success in software, which is to ship something in high demand first. Instead he wants to tinker with every feature under the moon.

4. If I was improving Tor, I'd make it high latency and make is more secure, not less secure for higher bandwidth.

Time is of the essence. I am interested in working with highly talented authors, but unfortunately philosophical differences and differences in understanding how to succeed usually preclude such close working relationships.

Password scrambled, ACCOUNT IS NO LONGER ACTIVE. Formerly AnonyMint, TheFascistMind, contagion, UnunoctaniumTesticles.
Pages: « 1 ... 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 [84] 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 ... 200 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!