[ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency

[chaeplin]

Amazone EC2 Security

p17


http://d36cz9buwru1tt.cloudfront.net/pdf/AWS_Security_Whitepaper.pdf
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html

Instance Isolation
Different instances running on the same physical machine are isolated from each other via the Xen hypervisor. Amazon
is active in the Xen community, which provides awareness of the latest developments. In addition, the AWS firewall
resides within the hypervisor layer, between the physical network interface and the instance's virtual interface. All
packets must pass through this layer, thus an instance’s neighbors have no more access to that instance than any other
host on the Internet and can be treated as if they are on separate physical hosts. The physical RAM is separated using
similar mechanisms.

[1715033620]

1715033620

[1715033620]

1715033620

[innergy]

Evan, what about of adding a PoS functionality for paying only the masternodes instead 20% block reward?
Is it possible?

[Kai Proctor]

Maybe all the FUD, attacks, etc. in the last month have left me skittish -- but I wonder even in the short term what might happen to the coin if there is an organized effort to hurt DRK based around pools cheating.   If Evan does go through with this then I hope I am just worrying over nothing.  

If? It is a given that at least half the pools and big farms (a lot of them nowadays) won't be paying. So the 20% will be more like 10% for the masternodes, =what they were expecting anyway. But it will be a disproportionate weight to the "fair" pools.

The whole thing to appease investors with "ok guys no hard forks" and bagholders of masternodes with "ok guys you'll get 20%" is sketchy. I know I'm harsh but I like things to go right

Price is price. It'll go up, down, sideways etc. Let it be. All the price attention is having an impact in development.

Development must proceed as planned so we can have the final product, nice and polished - no matter if it takes 1-2-3 or 5 hardforks and no matter if investors are bitching that they are losing masternode income because the implementation is late. Do they want to have masternodes of a coin that is GOOD or do they want to have a masternode of a coin that is doing hack-arounds?

The masternode protocol works, the masternode payments work (we saw them - it's not vapor), it's just that there is something introducing instability which has to be debugged and sorted out. If the origin is difficult to trace, then perhaps a different mechanism can be used for doing the payments (not voluntarily)

We also need improvements in DarkSend. The competition (MRO) is integrating I2P (as we've said) and XC will be using encrypted communication between nodes (as it has been said of DRK's future plans as well).

I know this sounds like a mom's "to-do list" to the child until she gets back home, but priorities are priorities, and price or reaching litecoin immediately are not a priority. If the code is sorted out and the product delivered in final form, LTC will start rolling down. Too fast of a price rise with a half-baked product is problematic.

LTC can't compete anyway in fundamentals like inflation (10x the BTCs to absorb LTC production compared to DRK) or innovation so they will be dead anyway by debasement. #2 is a given. Preserving #2 is not due to the competition. Who is gonna buy 300k USD of LTCs per day? It'll go 0.019 -> 18 -> 17 over time. It doesn't look that "hot" of a property. Only buys will be for cost-averaging buys at 0.025+.

Having said that about the #2 competition, the anonymity competition actually looks pretty lame (BCN and clones too many issues, XC mostly vapor for now but that could change a few months ahead as they seem to have the prospects of delivering a product similar to what Evan has at like 70-80% completion). But we can't base our strategy on others failing or being pumps & dumps that are "threatening" us due to pumps => we must excel and take the market. Then bring V2 for "fatality". Otherwise the risk is there for more serious contenders appearing.

My 2 duffs.

Apparently I have more faith in humanity than anyone else around here   I'll implement the masternode payments via hardfork, who knows, maybe all of you are right.

By the way, I'm not talking about the price now or even in a year. It's about the security of the network when it's large enough to support a decent amount of transactions. Giving a higher reward simply doubles or triples the cost of such an attack, 10% was just too low.

+1 for a hardfork, it's a tough decision now to be at ease later. Why ? 2 words : free riders.

[splawik21]

If you really want to run a masternode although you aren't too much into the security stuff (which I advise against!) then you at least might wanna use 2-FA for your SSH access.

Here's a fool-proof (well, there's always a greater fool!) tutorial on how to do that on Ubuntu. http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/


edit: btw, the Android Google Authenticator isn't open source anymore! You can download "OTP Authenticator" which is a fork of the last Google Authenticator version that was open source. There's the binaries on the play store, the source is hosted on sourceforge iirc.

tried this, but apparently it doesn't work together with pubkey authentification
pubkey Auth just skips the 2FA. Does anyone know how to get this working together?

I suppose that pubkey is as secure as goole authenticator.
I keep my pubkey on usb stick so when need I insert it for 5sec and go forward...

[AlexGR]

Maybe all the FUD, attacks, etc. in the last month have left me skittish -- but I wonder even in the short term what might happen to the coin if there is an organized effort to hurt DRK based around pools cheating.   If Evan does go through with this then I hope I am just worrying over nothing.  

If? It is a given that at least half the pools and big farms (a lot of them nowadays) won't be paying. So the 20% will be more like 10% for the masternodes, =what they were expecting anyway. But it will be a disproportionate weight to the "fair" pools.

The whole thing to appease investors with "ok guys no hard forks" and bagholders of masternodes with "ok guys you'll get 20%" is sketchy. I know I'm harsh but I like things to go right

Price is price. It'll go up, down, sideways etc. Let it be. All the price attention is having an impact in development.

Development must proceed as planned so we can have the final product, nice and polished - no matter if it takes 1-2-3 or 5 hardforks and no matter if investors are bitching that they are losing masternode income because the implementation is late. Do they want to have masternodes of a coin that is GOOD or do they want to have a masternode of a coin that is doing hack-arounds?

The masternode protocol works, the masternode payments work (we saw them - it's not vapor), it's just that there is something introducing instability which has to be debugged and sorted out. If the origin is difficult to trace, then perhaps a different mechanism can be used for doing the payments (not voluntarily)

We also need improvements in DarkSend. The competition (MRO) is integrating I2P (as we've said) and XC will be using encrypted communication between nodes (as it has been said of DRK's future plans as well).

I know this sounds like a mom's "to-do list" to the child until she gets back home, but priorities are priorities, and price or reaching litecoin immediately are not a priority. If the code is sorted out and the product delivered in final form, LTC will start rolling down. Too fast of a price rise with a half-baked product is problematic.

LTC can't compete anyway in fundamentals like inflation (10x the BTCs to absorb LTC production compared to DRK) or innovation so they will be dead anyway by debasement. #2 is a given. Preserving #2 is not due to the competition. Who is gonna buy 300k USD of LTCs per day? It'll go 0.019 -> 18 -> 17 over time. It doesn't look that "hot" of a property. Only buys will be for cost-averaging buys at 0.025+.

Having said that about the #2 competition, the anonymity competition actually looks pretty lame (BCN and clones too many issues, XC mostly vapor for now but that could change a few months ahead as they seem to have the prospects of delivering a product similar to what Evan has at like 70-80% completion). But we can't base our strategy on others failing or being pumps & dumps that are "threatening" us due to pumps => we must excel and take the market. Then bring V2 for "fatality". Otherwise the risk is there for more serious contenders appearing.

My 2 duffs.

Apparently I have more faith in humanity than anyone else around here   I'll implement the masternode payments via hardfork, who knows, maybe all of you are right.

By the way, I'm not talking about the price now or even in a year. It's about the security of the network when it's large enough to support a decent amount of transactions. Giving a higher reward simply doubles or triples the cost of such an attack, 10% was just too low.

Yeah regarding faith in humanity, mining is a greedy business - not necessarily because people are greedy, but because it barely breaks even as it is right now for most coins (especially if electricity is high).

Implement the solution when you believe it solves the problem, or use some other system that is not going to cause network instability. If in doubt, make a call for people to flock into testnet and experiment with bad behavior.

Regarding 20%, there was a question asked like a week ago "what happens when mining rewards are too low?"... So futureproofing is critical. If 10% doesn't cut it in 3-5-10 years, there will be no masternodes running if they have to deal with 10-100-1000gbps attacks that cost more to handle than the mining income.

[DEO]

I have 9(well 10, but blew a psu so only running 9 right now) r9 280x toxic. I havent mined anything in the past month(due to lack of profits/heat) and trying to set-up for darkcoin.
Tried 4x different miners at 4 pools with multipler miners created. Everytime it says "waiting for work to be available form pools". I am running WIN 8 64bit and a bat file.

setx GPU_MAX_ALLOC_PERCENT 100
setx GPU_USE_SYNC_OBJECTS 1
sgminer.exe -k darkcoin -o stratum+tcp://drkpool.com:3333 -u myusername -p mypass --thread-concurrency 8192 -I 13 -g 2

I tried 2x p2pools using 2 different darkcoin wallets and two different regular pools
Miners I have tried are regular sgminer, x11mod minder,sgminer mar 22 2014(there was one more, but i forget). With the same result "waiting for work to be available form pools".. I can mine scrypt and scrypt-n coins just fine. I have no firewall set-up, no UAC, sdk 2.9 13.11 drivers.

Now If soneone can figure this out i'll mine to your account for 48 hours with all 9 cards. or send what I can mine in two days worth of darkcoins to an address of your choice

[eltito]

If you really want to run a masternode although you aren't too much into the security stuff (which I advise against!) then you at least might wanna use 2-FA for your SSH access.

Here's a fool-proof (well, there's always a greater fool!) tutorial on how to do that on Ubuntu. http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/

edit: btw, the Android Google Authenticator isn't open source anymore! You can download "OTP Authenticator" which is a fork of the last Google Authenticator version that was open source. There's the binaries on the play store, the source is hosted on sourceforge iirc.

tried this, but apparently it doesn't work together with pubkey authentification
pubkey Auth just skips the 2FA. Does anyone know how to get this working together?

got it kind of working. If you have pubkeys auth already enabled and follow this simple guide posted by hartvercoint and add "AuthenticationMethods publickey,keyboard-interactive" to the sshd_config you need the pubkey then the password and then the 2FA code
Super secure!

But I kind of want to eliminate the password and just have pubkey and 2FA
If Anyone knows how. Shoot it!

find the PasswordAuthentication line and change it to no #you might need to uncomment it as well

Does this require opening any new ports?  Haven't had time to RTFA yet (I'm at work).

[lohveh]

Evan, what about of adding a PoS functionality for paying only the masternodes instead 20% block reward?
Is it possible?

Inflation

[MasterMined710]

Watch out who you listen to in these boards guys.

just FYI, your DRK is losing momentum... time to abandon the ship.

People here aren't as weak handed and short sighted as you.

I am buying DRK , mining is not profitable anymore.

Dumped all my DRK, mining is not profitable and the current prices makes no sense.

You will regret this in a few months. Never dump DRK, you could have just stopped mining.

I might buy back when the price makes sense, right now its incredibly overvalued.

Keep enjoying your circlejerk guys, I'll buy DRK after the whales dumped.

Unfortunately for vertcoin boy the whales never dumped.

They called me troll for saying price didn't make sense @ 0.006.

They called me troll for saying that I would buy after it made sense. Right now it's @ 0.0047 and I still think it's high.

Watch out who you listen to in these boards guys.

Looks like somebody sold early and never got to buy back in and is now very very butthurt.

[Nthelight]

I have 9(well 10, but blew a psu so only running 9 right now) r9 280x toxic. I havent mined anything in the past month(due to lack of profits/heat) and trying to set-up for darkcoin.
Tried 4x different miners at 4 pools with multipler miners created. Everytime it says "waiting for work to be available form pools". I am running WIN 8 64bit and a bat file.
Now If soneone can figure this out i'll mine to your account for 48 hours with all 9 cards. or send what I can mine in two days worth of darkcoins to an address of your choice

Feel free to connect to 'chat.freenode.net' and join #darkcoin and #darkcoin-mining for any help you may need with mining.

[dylanchang]

I have 9(well 10, but blew a psu so only running 9 right now) r9 280x toxic. I havent mined anything in the past month(due to lack of profits/heat) and trying to set-up for darkcoin.
Tried 4x different miners at 4 pools with multipler miners created. Everytime it says "waiting for work to be available form pools". I am running WIN 8 64bit and a bat file.

setx GPU_MAX_ALLOC_PERCENT 100
setx GPU_USE_SYNC_OBJECTS 1
sgminer.exe -k darkcoin -o stratum+tcp://drkpool.com:3333 -u myusername -p mypass --thread-concurrency 8192 -I 13 -g 2

I tried 2x p2pools using 2 different darkcoin wallets and two different regular pools
Miners I have tried are regular sgminer, x11mod minder,sgminer mar 22 2014(there was one more, but i forget). With the same result "waiting for work to be available form pools".. I can mine scrypt and scrypt-n coins just fine. I have no firewall set-up, no UAC, sdk 2.9 13.11 drivers.

Now If soneone can figure this out i'll mine to your account for 48 hours with all 9 cards. or send what I can mine in two days worth of darkcoins to an address of your choice

Install teamviewer then PM the ID & password

[JGCMiner]

Apparently I have more faith in humanity than anyone else around here   I'll implement the masternode payments via hardfork, who knows, maybe all of you are right.

By the way, I'm not talking about the price now or even in a year. It's about the security of the network when it's large enough to support a decent amount of transactions. Giving a higher reward simply doubles or triples the cost of such an attack, 10% was just too low.

Thanks. This really puts me at ease. The motto of all crypto... you are required to trust NO ONE.

As for 20%, I have no problem with this especially since you seemed to consider how the network will be years down the road when coming up with this number.  

[AlexGR]

poloniex froze drk market?

I noticed that too. What is wrong?

Unfrozen... no explanation though.

[Donho]

If you really want to run a masternode although you aren't too much into the security stuff (which I advise against!) then you at least might wanna use 2-FA for your SSH access.

Here's a fool-proof (well, there's always a greater fool!) tutorial on how to do that on Ubuntu. http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/


edit: btw, the Android Google Authenticator isn't open source anymore! You can download "OTP Authenticator" which is a fork of the last Google Authenticator version that was open source. There's the binaries on the play store, the source is hosted on sourceforge iirc.

tried this, but apparently it doesn't work together with pubkey authentification
pubkey Auth just skips the 2FA. Does anyone know how to get this working together?

I suppose that pubkey is as secure as goole authenticator.
I keep my pubkey on usb stick so when need I insert it for 5sec and go forward...

But BOTH combined is an extra level of security! I figured out how (see my post here or https://darkcointalk.org/threads/best-ways-to-secure-your-masternode.838/#post-5731)

[thefrog]

I have 9(well 10, but blew a psu so only running 9 right now) r9 280x toxic. I havent mined anything in the past month(due to lack of profits/heat) and trying to set-up for darkcoin.
Tried 4x different miners at 4 pools with multipler miners created. Everytime it says "waiting for work to be available form pools". I am running WIN 8 64bit and a bat file.

setx GPU_MAX_ALLOC_PERCENT 100
setx GPU_USE_SYNC_OBJECTS 1
sgminer.exe -k darkcoin -o stratum+tcp://drkpool.com:3333 -u myusername -p mypass --thread-concurrency 8192 -I 13 -g 2

I tried 2x p2pools using 2 different darkcoin wallets and two different regular pools
Miners I have tried are regular sgminer, x11mod minder,sgminer mar 22 2014(there was one more, but i forget). With the same result "waiting for work to be available form pools".. I can mine scrypt and scrypt-n coins just fine. I have no firewall set-up, no UAC, sdk 2.9 13.11 drivers.

Now If soneone can figure this out i'll mine to your account for 48 hours with all 9 cards. or send what I can mine in two days worth of darkcoins to an address of your choice

for p2pool, did you try using -u yourwalletaddress -p whatever ?
and maybe when you use sph-sgminer_x11mod, the kernel -k x11mod

try to connect to my pool, stratum+tcp://ca.p2pool.sk:7903.

[drawingthesun]

Just want to say that the cold-storage method would really be appreciated by most of us. Keeping my wallet on a server makes me nervous all the time. I also read Amazon has now a free service of encryption for EBS volumes: http://aws.amazon.com/de/blogs/aws/protect-your-data-with-new-ebs-encryption/

So that might help to prevent an attack from an amazon employee?

No, it would only stop an Amazon employee stealing your instance when it's powered down and not being accessed. (Whilst it is not running).

If it's running it's possible to access.

I would think that Amazon's cloud security is really high. Lot's of intellectual property runs on top of Amazon cloud. Engineering solutions worth hundreds of millions, simulations by banks when they don't have enough computing power, even competitors have used Amazon cloud for their own cloud hosting.

If a wallet was to be stolen via an Amazon employee, they would compensate you for the entire amount or face losing far more money due to bad press. (They aim for their cloud services to pull in $20,000,000,000 per year, or more money than all Cryptocurrencies combined. They have a lot at stake.

[TanteStefana2]

If you have your masternode on a vps, one of your weakest points (and that's what you need to think about, weakest points, your as safe as your weakest point) is logging into their system.  Like Amazon.  It's hooked up with my regular amazon account which used to be for buying stuff, now it's holding everything I got.  Get an excellent password and double authentication.  Have only your computer able to access the account, then secure your computer with an excellent password. (almost like double auth, as someone has to break into your house, then break your password)

Do NOT have your wallet.dat files all laying around everywhere with different versions and especially any that may not have a passphrase protection.  Throw those away and make sure they're really deleted completely.

It's a pain in the butt, but if you have a lot of coin, but they don't need to be online in a wallet all the time, zip up your wallet.dat files with a password protection when in storage.

Be paranoid, it's good for you!

[TsuyokuNaritai]

It's a pretty organised effort by other coin supporters and traders. No sense of reality.

More of the trolls trying to manipulate the price

Where is this copied from?

Curious about this as well

looks like twitter? i am not shure though

Couldn't find it on twitter, google or trollboxarchive.

[luigi1111]

Just want to say that the cold-storage method would really be appreciated by most of us. Keeping my wallet on a server makes me nervous all the time. I also read Amazon has now a free service of encryption for EBS volumes: http://aws.amazon.com/de/blogs/aws/protect-your-data-with-new-ebs-encryption/

So that might help to prevent an attack from an amazon employee?

I've been thinking through various scenarios about the cold storage method via using a signed message. I even considered whether we need authentication at all (as in, if you'd just let the MN start with "Here's my pub key", what motivation would someone have to run your MN for you? But it would be an attack vector with malicious nodes misbehaving, etc., so I concluded that's not a wise idea). A simple one-time signed (random) message wouldn't work either for authentication (for a cold wallet) because someone else could just present the same signed message as their own, putting us back to not having authentication at all (as described above).

But what about this?:

A 1,000 DRK address wants to create a masternode, so he:

1. Signs a message "I want to create a masternode. I have 1,000 DRK, as you can see. Oh, BTW, my desired Masternode public key is *newly generated DRK address*" This message would get stored, *permanently* in a "potential" Masternode list.
2. Exports the private key corresponding to the newly created MN public key above.
3. Takes his 1,000 DRK wallet offline.
4. Imports the newly generated private key to his Masternode candidate.
5. Starts Masternode as normal, with no real worry about someone discovering his private key, as that would just take us back to the (undesirable) no authentication described above.

There would be little reason (that I can think of) to do garbage collection on a list as described above, as you could only add to it with a 1,000 DRK address. So in my view, an entry should stay until either:
1. The originating private key requests it be removed.
2. The originating private key requests it be updated to a new address (if someone managed to hack your Masternode and you wanted to return to a valid authenticated state).
3. The network detects that any of the 1,000 DRK have been transferred.

If any of the above were to occur, the network would immediately reject the validity of any Masternode using the public key defined in the message.

This seems pretty simple and elegant to me. (or is this what has been planned all along and I'm just stupid?)

[fernando]

Just want to say that the cold-storage method would really be appreciated by most of us. Keeping my wallet on a server makes me nervous all the time. I also read Amazon has now a free service of encryption for EBS volumes: http://aws.amazon.com/de/blogs/aws/protect-your-data-with-new-ebs-encryption/

So that might help to prevent an attack from an amazon employee?

No, it would only stop an Amazon employee stealing your instance when it's powered down and not being accessed. (Whilst it is not running).

If it's running it's possible to access.

I would think that Amazon's cloud security is really high. Lot's of intellectual property runs on top of Amazon cloud. Engineering solutions worth hundreds of millions, simulations by banks when they don't have enough computing power, even competitors have used Amazon cloud for their own cloud hosting.

If a wallet was to be stolen via an Amazon employee, they would compensate you for the entire amount or face losing far more money due to bad press. (They aim for their cloud services to pull in $20,000,000,000 per year, or more money than all Cryptocurrencies combined. They have a lot at stake.

I agree, thats why i switched from digitalOcean to Amazon. But digitalOcean would be cheaper and has much more power

I'd say that DigitalOcean is probably about as secure. They are smaller, but they have investors like Andreessen Horowitz. Pretty serious people.