thelonecrouton
Legendary
Offline
Activity: 966
Merit: 1000
|
|
September 19, 2014, 07:00:18 PM |
|
|
|
|
|
dihydrogenmonoxide
|
|
September 19, 2014, 07:04:13 PM |
|
http://blog.anonymousbitcoinbook.com/2014/09/darkcoin-code-review-results/Summary: I identified no significant security vulnerabilities in the closed source Darkcoin code. There are three privacy implementation issues that have been acknowledged by the Darkcoin development team and are being fixed; full disclosure of those issues will take place no later than 2014/10/18.
|
"The best way to convince a fool that he is wrong is to let him have his own way." - Josh Billings
|
|
|
coins101
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
September 19, 2014, 07:10:50 PM |
|
|
|
|
|
k0vic
Member
Offline
Activity: 113
Merit: 10
|
|
September 19, 2014, 07:12:24 PM |
|
Well that sucks.. "I have identified a few privacy-related issues in the code. For the time being, I recommend that users pause use of Darksend+ for privacy purposes, or bolster them with other blockchain privacy tactics as part of a privacy-in-depth strategy, until the issues can be fixed; these issues were reported to the Darkcoin dev team on 2014/09/18, and acknowledged by email by the dev team on the same day. All will be fully disclosed by 2014/10/18 as part of “responsible disclosure” practices. I expect that they will be addressed sooner than 2014/10/18; if corrected Release Candidate binaries are made available before then, I will disclose the issues at that point. For the time being, I’m reserving the following IDs for the issues so that their status can be tracked:" http://blog.anonymousbitcoinbook.com/2014/09/darkcoin-code-review-results/
|
LTC- LKNm2UVuBgMLJNPU7pV5cgQnGx6PWGk7Ju BTC- 1NHcECfk8oxJe83m9bPME2cdUCY72vuA2Y
|
|
|
eduffield (OP)
Legendary
Offline
Activity: 1176
Merit: 1036
Dash Developer
|
|
September 19, 2014, 07:14:32 PM |
|
Well that sucks.. "I have identified a few privacy-related issues in the code. For the time being, I recommend that users pause use of Darksend+ for privacy purposes, or bolster them with other blockchain privacy tactics as part of a privacy-in-depth strategy, until the issues can be fixed; these issues were reported to the Darkcoin dev team on 2014/09/18, and acknowledged by email by the dev team on the same day. All will be fully disclosed by 2014/10/18 as part of “responsible disclosure” practices. I expect that they will be addressed sooner than 2014/10/18; if corrected Release Candidate binaries are made available before then, I will disclose the issues at that point. For the time being, I’m reserving the following IDs for the issues so that their status can be tracked:" http://blog.anonymousbitcoinbook.com/2014/09/darkcoin-code-review-results/ I'll have everything he found fixed by Monday.
|
Dash - Digital Cash | dash.org | dashfoundation.io | dashgo.io
|
|
|
k0vic
Member
Offline
Activity: 113
Merit: 10
|
|
September 19, 2014, 07:15:13 PM |
|
Well that sucks.. "I have identified a few privacy-related issues in the code. For the time being, I recommend that users pause use of Darksend+ for privacy purposes, or bolster them with other blockchain privacy tactics as part of a privacy-in-depth strategy, until the issues can be fixed; these issues were reported to the Darkcoin dev team on 2014/09/18, and acknowledged by email by the dev team on the same day. All will be fully disclosed by 2014/10/18 as part of “responsible disclosure” practices. I expect that they will be addressed sooner than 2014/10/18; if corrected Release Candidate binaries are made available before then, I will disclose the issues at that point. For the time being, I’m reserving the following IDs for the issues so that their status can be tracked:" http://blog.anonymousbitcoinbook.com/2014/09/darkcoin-code-review-results/ I'll have everything he found fixed by Monday. You are the man.
|
LTC- LKNm2UVuBgMLJNPU7pV5cgQnGx6PWGk7Ju BTC- 1NHcECfk8oxJe83m9bPME2cdUCY72vuA2Y
|
|
|
stonehedge
Legendary
Offline
Activity: 1722
Merit: 1002
Decentralize Everything
|
|
September 19, 2014, 07:17:16 PM |
|
I would point a few CPUs to mine for wages. That is a really good idea. A paid team that would give a stake etc. Really good idea.
or better yet. Is it possible to mine Darkcoin with a raspberry pi? I know that you will probably only make a few duffs with it, but it would basically cost nothing to set up and run for eternity. Darkberry pi? The point is to utilise as many spare CPU cycles as we can find. No reason we can't use Pi! And if people want to direct their rigs to the pool for a few hours a month all the better. Or donate DRK indeed. I'll drop him a line. We'll have to decide whether we work together or I start a separate pool. Testing was successful on Tuesday. I'll go away and have a chat with Propulsion, Evan and a few others and if it fits into the bigger picture I'll announce something soon.
|
|
|
|
illodin
|
|
September 19, 2014, 07:23:13 PM |
|
"I have identified a few privacy-related issues in the code."
I'll have everything he found fixed by Monday. Looks like the review was a very good idea. Thank you Kristov!
|
|
|
|
TaoOfSaatoshi
Legendary
Offline
Activity: 2156
Merit: 1014
Dash Nation Founder | CATV Host
|
|
September 19, 2014, 07:23:59 PM |
|
I stole your pic for my latest tweet, I hope you don't mind... #getintothedark@TaoOfSatoshi
|
|
|
|
Walter_S
|
|
September 19, 2014, 07:26:13 PM |
|
Well that sucks.. "I have identified a few privacy-related issues in the code. For the time being, I recommend that users pause use of Darksend+ for privacy purposes, or bolster them with other blockchain privacy tactics as part of a privacy-in-depth strategy, until the issues can be fixed; these issues were reported to the Darkcoin dev team on 2014/09/18, and acknowledged by email by the dev team on the same day. All will be fully disclosed by 2014/10/18 as part of “responsible disclosure” practices. I expect that they will be addressed sooner than 2014/10/18; if corrected Release Candidate binaries are made available before then, I will disclose the issues at that point. For the time being, I’m reserving the following IDs for the issues so that their status can be tracked:" http://blog.anonymousbitcoinbook.com/2014/09/darkcoin-code-review-results/ I'll have everything he found fixed by Monday. So they are pretty minor tweaks to the code then?
|
|
|
|
thelonecrouton
Legendary
Offline
Activity: 966
Merit: 1000
|
|
September 19, 2014, 07:28:20 PM |
|
"I have identified a few privacy-related issues in the code."
I'll have everything he found fixed by Monday. Looks like the review was a very good idea. Thank you Kristov! Agreed. I think it was a very positive review overall, and Evan seems confident that whatever Kristov is alluding to is quickly fixable.
|
|
|
|
coins101
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
September 19, 2014, 07:30:52 PM |
|
http://blog.anonymousbitcoinbook.com/2014/09/darkcoin-code-review-results/Summary: I identified no significant security vulnerabilities in the closed source Darkcoin code. There are three privacy implementation issues that have been acknowledged by the Darkcoin development team and are being fixed; full disclosure of those issues will take place no later than 2014/10/18. I didn't know he has been reviewing professionally for 4+ years. That's even better news. No one who does this for a living would risk their reputation and future earning potential on being anything other than impartial and critical. Great review indeed.
|
|
|
|
georgem
Legendary
Offline
Activity: 1484
Merit: 1007
spreadcoin.info
|
|
September 19, 2014, 07:31:41 PM |
|
Darkberry pi?
The point is to utilise as many spare CPU cycles as we can find. No reason we can't use Pi! But is it even possible to mine DRK with Raspberry Pi? I don't think that the available CPU miners run on a raspberry. Can someone confirm this?
|
|
|
|
naxin
|
|
September 19, 2014, 07:37:46 PM |
|
I would point a few CPUs to mine for wages. That is a really good idea. A paid team that would give a stake etc. Really good idea.
or better yet. Is it possible to mine Darkcoin with a raspberry pi? I know that you will probably only make a few duffs with it, but it would basically cost nothing to set up and run for eternity. Darkberry pi? The point is to utilise as many spare CPU cycles as we can find. No reason we can't use Pi! And if people want to direct their rigs to the pool for a few hours a month all the better. Or donate DRK indeed. I'll drop him a line. We'll have to decide whether we work together or I start a separate pool. Testing was successful on Tuesday. I'll go away and have a chat with Propulsion, Evan and a few others and if it fits into the bigger picture I'll announce something soon. I mean go ahead and use your rasp pi, but you're not even going to generate a single penny if you ran it for an entire year. So it really is not worth your hassle to keep it running.
|
|
|
|
Freckleg
|
|
September 19, 2014, 07:52:15 PM |
|
"I have identified a few privacy-related issues in the code."
I'll have everything he found fixed by Monday. Looks like the review was a very good idea. Thank you Kristov! Indeed Dark is growing up big thanks to Kristov, and Evan for asking the impartial review
|
|
|
|
georgem
Legendary
Offline
Activity: 1484
Merit: 1007
spreadcoin.info
|
|
September 19, 2014, 07:55:15 PM |
|
I mean go ahead and use your rasp pi, but you're not even going to generate a single penny if you ran it for an entire year. So it really is not worth your hassle to keep it running.
I understand, but even an average multicore CPU doesn't create much more DRK per year. Difficulty is really high already. A raspberry pi could be hooked to your network 24/7 and additionaly provide a node to the network, helping spread the blockchain.
|
|
|
|
stonehedge
Legendary
Offline
Activity: 1722
Merit: 1002
Decentralize Everything
|
|
September 19, 2014, 07:55:32 PM |
|
I have sent Propulsion a message explaining my idea to mobilise the masses with a CPU miner that runs when idle.
I'm keen to either collaborate with Propulsion or if we can't find middle ground, I can put together a business case to do this separately.
I am thinking of setting the mining fee to be anything between 5-10% to make this useful to the dev team. If I use Nomp then (probably small) payments will be made directly to contributors wallets and to the ringfenced development fund.
If we collaborate with the official DCT pool then I think increased fees will drive serious miners away. There may be a way that we can use Propulsions platform but have two pools. One for serious miners and one for dust sweepers donating a larger sum of their payouts directly to the development fund.
There are two major possible issues:
1) Evan may already have this sorted as part of the Darkcoin Foundation 2) Even with a load of people donating their idle cpu time it might just not be worth it. Some maths to be done I think!
I think the principle is sound and the cause worthy. Now I just have to work out if it is practical and if I can collaborate with Propulsion or go with a separate NOMP.
|
|
|
|
georgem
Legendary
Offline
Activity: 1484
Merit: 1007
spreadcoin.info
|
|
September 19, 2014, 07:58:43 PM |
|
2) Even with a load of people cpu mining it might just not be worth it. Some maths to be done I think!
That is true... what I would wish for is to have a raspberry pi that has somekind of X11 USB ASIC miner attached to it. Then we could make this work. Hopefully by 2015 the first X11 USB ASIC miners will appear on the market.
|
|
|
|
coins101
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
September 19, 2014, 08:01:25 PM |
|
Well that sucks.. "I have identified a few privacy-related issues in the code. For the time being, I recommend that users pause use of Darksend+ for privacy purposes, or bolster them with other blockchain privacy tactics as part of a privacy-in-depth strategy, until the issues can be fixed; these issues were reported to the Darkcoin dev team on 2014/09/18, and acknowledged by email by the dev team on the same day. All will be fully disclosed by 2014/10/18 as part of “responsible disclosure” practices. I expect that they will be addressed sooner than 2014/10/18; if corrected Release Candidate binaries are made available before then, I will disclose the issues at that point. For the time being, I’m reserving the following IDs for the issues so that their status can be tracked:" http://blog.anonymousbitcoinbook.com/2014/09/darkcoin-code-review-results/ I'll have everything he found fixed by Monday. Tuesday's cool
|
|
|
|
georgem
Legendary
Offline
Activity: 1484
Merit: 1007
spreadcoin.info
|
|
September 19, 2014, 08:03:31 PM |
|
Well that sucks.. "I have identified a few privacy-related issues in the code. For the time being, I recommend that users pause use of Darksend+ for privacy purposes, or bolster them with other blockchain privacy tactics as part of a privacy-in-depth strategy, until the issues can be fixed; these issues were reported to the Darkcoin dev team on 2014/09/18, and acknowledged by email by the dev team on the same day. All will be fully disclosed by 2014/10/18 as part of “responsible disclosure” practices. I expect that they will be addressed sooner than 2014/10/18; if corrected Release Candidate binaries are made available before then, I will disclose the issues at that point. For the time being, I’m reserving the following IDs for the issues so that their status can be tracked:" http://blog.anonymousbitcoinbook.com/2014/09/darkcoin-code-review-results/ I'll have everything he found fixed by Monday. Tuesday's cool Sacrificing another weekend for darkcoin. What a fella!
|
|
|
|
|