[ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency

[coins101]

First image shows the balance of 2052.6784971 with all but 2.6784971 being anonymized.

Second image shows that it took roughly 34 minutes to anonymize the whole balance after original inputs. Good stuff!

+101

Very nice. thanks for posting.

[Ozziecoin]

i wonder what's the percentage of masternode owners capable of upgrading their node themselves..
They might need to find someone who can help them, before big updates are coming (?)

Maybe it's nothing to be afraid of, but it must be kept in mind running a masternode is not a fire-and-forget kind of thing, it needs maintenance once in a while.

It's an incredibly easy process, even for a linux n00b like me.

• Stop MN Service
• Copy in new software
• Start MN Service
• Clear History

You might want to check your firewall for good measure.

The whole process takes no longer than 5-10 minutes.

Don't forget OS updates...

Not cool bro.

[coins101]

Really staggering that there are sellers when testnet shows functioning wallet working.

Shitcoiners don't read.

.....can't read

[Ozziecoin]

This is correct.
darkcoind and SSH with ALL his dependencies need frequent updates if thats the only running services reachable from the internet  

SSH is shutdown, end of story.

[coins101]

I think Charlie Lee basically killed Dogecoin. The merge mine campaign of terror seems to have worked.

That's so mean to all those little kids.

I think we need to repay the favour.

[Ozziecoin]

I think Charlie Lee basically killed Dogecoin. The merge mine campaign of terror seems to have worked.

That's so mean to all those little kids.

I think we need to repay the favour.

yeah, horrible death. slow and draggy. Though maybe Palmer should take share of blame due to coin inflation.

[Ignition75]

Don't forget OS updates...

I'm sick to death of Microsoft OS updates on my farm, don't spoil the MN experience for me by telling me I need to do OS updates on that as well  

How often does Ubuntu need to be updated?

and this sounds like you got the ms office suite installed on your rigs? I got two win8.1 machines and they only need a update once a month or even less

Why would I run Office on my mining rigs?  You're talking about Microsoft Application updates which is different to OS updates.

Windows FailWall wants an update twice a week and there always seems to be critical app updates.

I don't have automatic updates switched on either, I like to have control over what get's updated.

[GhostPlayer]

I think Charlie Lee basically killed Dogecoin. The merge mine campaign of terror seems to have worked.

That's so mean to all those little kids.

I think we need to repay the favour.

Charlie Lee killed his own LTC when he openly said on reddit he never believed the coin would pick up and sold most of his at 0.02 !!  

Now with ASICs raping the crap out of it, without even deploying to customers who have long lost their pre-order ROI even before getting them... what a shitstorm that will be.

[BrainShutdown]

<snip>

<snip>

Don't forget OS updates...

Not cool bro.

Why  

This is correct.
darkcoind and SSH with ALL his dependencies need frequent updates if thats the only running services reachable from the internet  

SSH is shutdown, end of story.

What do you think is the percentage of MN operators that know enough to maintain the nodes security wise (Windows, Linux, VPS, dedicated....)? Honest question  

[Equate]

I think Charlie Lee basically killed Dogecoin. The merge mine campaign of terror seems to have worked.

That's so mean to all those little kids.

I think we need to repay the favour.

Charlie Lee killed his own LTC when he openly said on reddit he never believed the coin would pick up and sold most of his at 0.02 !! 

Now with ASICs raping the crap out of it, without even deploying to customers who have long lost their pre-order ROI even before getting them... what a shitstorm that will be.

Lee expected ASICS will do same to LTC as they did to BTC , but turned out to be facepalm.

[Ozziecoin]

<snip>

<snip>

Don't forget OS updates...

Not cool bro.

Why  

This is correct.
darkcoind and SSH with ALL his dependencies need frequent updates if thats the only running services reachable from the internet  

SSH is shutdown, end of story.

What do you think is the percentage of MN operators that know enough to maintain the nodes security wise (Windows, Linux, VPS, dedicated....)? Honest question  

At first I thought you were being a troll but now I realise you're maybe not familiar with Linux. New versions of Linux are often less secure because they require new dependencies which may not have been fully developed. So old versions of Linux that are stable don't generally require updates. They are stable and secure, unlike windows. (Except where there are documented vulnerabilities like heartbleed).

Also, if you do unnecessary updates regularly you may break a perfectly functioning MN.

I think almost all MN owners know how to update. Security wise, most MNs have firewalls built in with ports shut, even ssh. SSH is a huge vulnerability. If we shut them down, no updates will be needed.

[tifozi]

All the coins that can't be named are about to go bye bye. 

If I'm a Shale (A ShitCoin Whale), by now I've accumulated a bit of DRK and I'm ready to try and counter any fresh demand from RC4 by attempting to keep the price down for as long as possible.

It will go down a little something like this:

ROFL 

Shale has to be one of the most ingenious neologism in the entire thread. Still laughing as I type this ....

[salmion]

Lee expected ASICS will do same to LTC as they did to BTC , but turned out to be facepalm.

You think if they had their time again they would have forked to x11?

No. Too set in their ways. They always saw themselves as above what anyone else was doing.

I tried really hard to get doge to change to X11. Trouble is too many people up top were putting in asic orders. I still really like Doge it brought a LOT of people into crypto. So now they are merge minable with LTC? More than any other coin they should have tried to preserve people mining at home for as long as possible.

[tungfa]

Reedit !:
http://www.forexminute.com/litecoin/darkcoin-can-scam-40995

after emailing the editors regarding the repulsive DRK Story, they reedited it and gave it a different title !!
Read the reply (to my email bellow)

Hi …..

I hope you are well. My name is Samuel, I am the business development manager here at ForexMinute. First of all I would like to say thanks for your support and readership to this point - we work very hard to get high quality, relevant content to our users every day and your loyalty shows us we are doing something right.

I have seen your comment regarding Yashu's recent piece "Darkcoin – How It Can Be Manipulated?". While you make a good point, I can assure you that Yashu was in no way trying to spread FUD. He is a well respected writer in his field and is highly knowledgeable in the cryptocurrency-sphere. He was merely outlining the fact that digital currencies can be manipulated in the early phases of their growth, and using Darkcoin to illustrate how this might be done. He has edited the article to remove any suggestion that he was trying to defame Darkcoin and the Darkcoin community, and will be more vigilant in expressing his views on this exciting market in the future.

I hope we will not lose you as a user as your correspondence suggests. Feel free to respond to this address if you have any questions or suggestions.

Warm regards,
Samuel Rae

Business Development Manager
ForexMinute

And another reply just came in:
No problem and thanks for highlighting. Yashu has said he will do a follow piece in the coming few days to counter any bias the piece may have (mistakenly) portrayed.

Warm regards,
Samuel Rae

Business Development Manager
ForexMinute

Good on them for the fast action !!!!

[eduffield]

Unless I have to register on the forums of DRK and ask there, I would like to get some input from Evan or some developer on this.

There are two things that concern me:

1. Outputs can still be linked to addresses. If you send 20 DRK and it sends all these other outputs along with it to obfuscate, the 20 DRK still ends up in someone's address. That this can be observed on the blockchain means that analysis is easy, and we all know how often people leak addresses associated with their wallet (eg. posting it up for giveaways etc. etc.) This is an immutable problem in any Bitcoin-forked cryptocurrency that exists, as the solution (stealth addresses computed w/random data) has to be enforced for every transaction from the genesis block. If you enforce it halfway through you're stuck with old outputs that don't use stealth addresses, which makes it exceedingly complex to ensure the anonymityset is not at-risk.

2. Masternodes are an Achilles' heel. Let us say that there are 10 000 masternodes on the network. Their IP addresses and the port they operate on is, by necessity, known to the network. Let's assume that an attacker controls 5 masternodes of the 10 000. Let's also assume that each of the masternodes on the network is on a dedicated server (none of them use a VPS, because a VPS could be trivially owned by the host operating system) and each of these servers is on a 1gbps unmetered, dedicated port (clearly not the case right now, but I'm talking about a future time). How hard would it be for an attacker to knock the other 9995 masternodes off the network, leaving theirs as the only accessible masternodes (and thus not only earning them all the fees, but giving them perfect insight into transactions moving within their controlled group)? Well, NTP amplification attacks have let attackers launch 400Gbps attacks against a single machine from a sole 2mbps connection. SNMP has a theoretical 650x amplification factor. All an attacker needs to do is max out the unmetered port in an obvious attack, and the datacenter will have to react. Even straight up LOIC-style / botnet SYN floods to the port that the masternode has open will lead to the the DC null-routing traffic to that box, typically for 6 hours whilst they wait for the attack to stop. Mitigating this is an extremely difficult and expensive operation for each masternode to individually undertake, and not all DCs will even be able to provide DDoS mitigation at this level. An unsophisticated attacker using extremely traditional tools can knock all of the masternodes off the network except those they control. This is a threat to anonymity.

Incidentally, the other problem with masternodes that nobody seems to have thought of is that the limited number of them will mean they're in direct competition with each other. It is in a masternode operator's financial interests to make life difficult for the rest of them - DDoS attacks, reporting the box to the datacenter, anything that can knock a single competitor off the masternode network means more fees for the remaining masternodes. This is different to PoW mining where, for instance, knocking the pools offline doesn't mean you'll get more transaction fees, as miners always have backup pools. I'm not sure how sustainable this is as a system if it unmistakably pitches operators against each other to fight for fees. Given the cost and capital required to own a masternode, it's appreciable that this will happen as a natural result of wanting to maximise masternode profits.

Anyone considering this FUD or something is an ignorant idiot. This is just objective input from another developer who obviously has high knowledge.

Very good questions. I'm excited that we're starting to see some higher level questions again.

1.) Payee addresses are arguably the less important aspect of privacy. As the sender, it's more important to protect your identity. The other side can simply be addressed by generating a new change address per payment. Between the two of these the system would be completely anonymous. Also, after receiving payment, your client will prepare the funds again, increasing their anonymity.

2.) There's not a perfect solution to this yet, but Masternode operators have an interest in getting more darkcoin and keeping their existing inventment as valuable as possible. By attacking the network, they would cause harm to their investment. Also, the client is resistant to DDOS attack currently and masternode operators are instructed to close all other ports and have some kind of DDOS protection.

As a longer term solution, we could not broadcast the IPs of masternodes, but an identifier. Users could then say they want to broadcast to that masternode, but not actually connect to it. This would hide the identities and create a much more robust system.

[ExpedientSlush]

Evan, was wondering if the new UI design is going to be rolled out with RC4 or will that be a separate release?

[Phillis]

Evan, was wondering if the new UI design is going to be rolled out with RC4 or will that be a separate release?

this will be a separate release, as the UI is changing a bit for rc4, anyways

[luigi1111]

Don't forget OS updates...

I'm sick to death of Microsoft OS updates on my farm, don't spoil the MN experience for me by telling me I need to do OS updates on that as well  

How often does Ubuntu need to be updated?

If you want your MN to get hacked then don't ever update it. Install the release version of Win 7 and disable updates, have fun. 
Linux is safer, almost any version of it and I'm pretty sure that Ubuntu has less/less frequent updates.

It's crazy running 30 rigs on Windows 8.1, every week I spend half a day on OS updates... They always say "critical" updates and give fuck all info on what's contained.

I'm having a play with PiMP at the moment, it seems nice, I'm close to making the switch.

I've got the Ubuntu 12.04.4 x64 distro on my nodes.

Dude, they're mining rigs...why update them at all? I'd leave them going for months on end untouched (assuming you can monitor that the cards are still outputting fully).

[r-ando]

Unless I have to register on the forums of DRK and ask there, I would like to get some input from Evan or some developer on this.

There are two things that concern me:

1. Outputs can still be linked to addresses. If you send 20 DRK and it sends all these other outputs along with it to obfuscate, the 20 DRK still ends up in someone's address. That this can be observed on the blockchain means that analysis is easy, and we all know how often people leak addresses associated with their wallet (eg. posting it up for giveaways etc. etc.) This is an immutable problem in any Bitcoin-forked cryptocurrency that exists, as the solution (stealth addresses computed w/random data) has to be enforced for every transaction from the genesis block. If you enforce it halfway through you're stuck with old outputs that don't use stealth addresses, which makes it exceedingly complex to ensure the anonymityset is not at-risk.

2. Masternodes are an Achilles' heel. Let us say that there are 10 000 masternodes on the network. Their IP addresses and the port they operate on is, by necessity, known to the network. Let's assume that an attacker controls 5 masternodes of the 10 000. Let's also assume that each of the masternodes on the network is on a dedicated server (none of them use a VPS, because a VPS could be trivially owned by the host operating system) and each of these servers is on a 1gbps unmetered, dedicated port (clearly not the case right now, but I'm talking about a future time). How hard would it be for an attacker to knock the other 9995 masternodes off the network, leaving theirs as the only accessible masternodes (and thus not only earning them all the fees, but giving them perfect insight into transactions moving within their controlled group)? Well, NTP amplification attacks have let attackers launch 400Gbps attacks against a single machine from a sole 2mbps connection. SNMP has a theoretical 650x amplification factor. All an attacker needs to do is max out the unmetered port in an obvious attack, and the datacenter will have to react. Even straight up LOIC-style / botnet SYN floods to the port that the masternode has open will lead to the the DC null-routing traffic to that box, typically for 6 hours whilst they wait for the attack to stop. Mitigating this is an extremely difficult and expensive operation for each masternode to individually undertake, and not all DCs will even be able to provide DDoS mitigation at this level. An unsophisticated attacker using extremely traditional tools can knock all of the masternodes off the network except those they control. This is a threat to anonymity.

Incidentally, the other problem with masternodes that nobody seems to have thought of is that the limited number of them will mean they're in direct competition with each other. It is in a masternode operator's financial interests to make life difficult for the rest of them - DDoS attacks, reporting the box to the datacenter, anything that can knock a single competitor off the masternode network means more fees for the remaining masternodes. This is different to PoW mining where, for instance, knocking the pools offline doesn't mean you'll get more transaction fees, as miners always have backup pools. I'm not sure how sustainable this is as a system if it unmistakably pitches operators against each other to fight for fees. Given the cost and capital required to own a masternode, it's appreciable that this will happen as a natural result of wanting to maximise masternode profits.

Anyone considering this FUD or something is an ignorant idiot. This is just objective input from another developer who obviously has high knowledge.

Very good questions. I'm excited that we're starting to see some higher level questions again.

1.) Payee addresses are arguably the less important aspect of privacy. As the sender, it's more important to protect your identity. The other side can simply be addressed by generating a new change address per payment. Between the two of these the system would be completely anonymous. Also, after receiving payment, your client will prepare the funds again, increasing their anonymity.

2.) There's not a perfect solution to this yet, but Masternode operators have an interest in getting more darkcoin and keeping their existing inventment as valuable as possible. By attacking the network, they would cause harm to their investment. Also, the client is resistant to DDOS attack currently and masternode operators are instructed to close all other ports and have some kind of DDOS protection.

As a longer term solution, we could not broadcast the IPs of masternodes, but an identifier. Users could then say they want to broadcast to that masternode, but not actually connect to it. This would hide the identities and create a much more robust system.

+1  Great idea for the identifiers. We should expect more attacks and prepare for all possible eventualities. I had to fend off a hacking attempt already right after announcing the plans for the charity and have switched to cold storage for now. They also announced it is now illegal to create a charity to eliminate or prevent poverty in Canada around that time and after consultation with a few lawyers it looks like we are going non profit at least for now. The website is completed and we are just waiting on legal protection before hosting it. Thanks for your understanding and patience.

For 2): could a periodic shifting proxy be incorporated and automatically assigned into the client, that way the identifier could stay the same and the IP address vulnerability could be virtually eliminated by switching it regularly to another one. This could also protect from physical attacks on locations hosting master nodes by confusing anyone looking for them? Also, it would probably be confusing tring to attack masternodes who's IP addresses are shifting every few minutes at randfom intervals.

 Maybe eventually for clients a permission could also be granted to automatically modify parameters on machines hosting the clients to maximize and assure security or the system since what is needed is quite standard, even possibly automatically setting up a proxy system based on the masternodes system, for example when a masternode shifts to a new proxy it shares that proxy setup with the clients that are connected, that way clients could also randomly shift IP of the systems they are connected to.... musing thoughts... Thanks!

[Ignition75]

Dude, they're mining rigs...why update them at all? I'd leave them going for months on end untouched (assuming you can monitor that the cards are still outputting fully).

Ya I have monitoring programs, CG Remote etc...

I don't want any weak entry points on my network, so I keep all PC's fully updated at all times...