[ANN] Ethereum: Welcome to the Beginning

[arcke]

Has anyone addressed the security of having a Turing complete foundation? Turing complete means that Ethereum contracts will likely be absolutely loaded with common and proprietary viruses, keyloggers, malware, adware, and a slew of other bad things. I am willing to bet my bank account that in a few short months people will be crying about how they got all their wallets/currency stolen, or their computers are now running slow, or how they blue screen every few minutes after a reboot.

It's horse shit to believe keyloggers or viruses will be loaded onto ethereum. The running of a contract does not affect the local system except for the ethereum node.

[1714312362]

1714312362

[1714312362]

1714312362

[1714312362]

1714312362

[1714312362]

1714312362

[1714312362]

1714312362

[Lauda]

I'll keep watching this with a chunk of doubt.
All those names sound too random.
Why not give an inside look to a senior or VIP from here? 

[charleshoskinson]

Has anyone addressed the security of having a Turing complete foundation? Turing complete means that Ethereum contracts will likely be absolutely loaded with common and proprietary viruses, keyloggers, malware, adware, and a slew of other bad things. I am willing to bet my bank account that in a few short months people will be crying about how they got all their wallets/currency stolen, or their computers are now running slow, or how they blue screen every few minutes after a reboot.

If you want an example of how Turing complete works, load up a peer to peer sharing program and download a bunch of .MOV files and run them. I GUARANTEE that you will get a virus. That's because Quicktime movie files are Turing complete. This is why mkv, mpeg, mpg and avi, while not impervious, are much much safer to download. If you want to invest, mine, and run contracts at the risk of losing everything then go ahead. We will never know for sure how secure Ether is going to be until post release, so asking for money without proof of security is another red flag.

Also please be aware that LeoC sent this message to me via a PM:

10 BTC and I'll remove my posts even though they are factual and won't make any more. 15 and I will change my tune and promote.

eMunie have already lost hundreds of BTC and were forced to cancel their IPO when I called them out here https://bitcointalk.org/index.php?topic=411366.0

I was going to create a similar thread regarding Ethereum, unless you send the above amounts.

I'd suggest you think long and hard about this. Which would you prefer to lose, 10 BTC or 1000, your choice.

1C7MPUTTWQjinfbRcQtW6HAc4ips7wMuiJ

Please ignore the FUD. We are going to make every attempt to address all concerns. In many cases, with Vitalik and Me directly.

[Chang Hum]

alot of posts being deleted on this thread this post wont last long....eutherium!!!

[jl777]

I have heard that etherium might already have received investments. If this is true, What sort of preferential terms did they get? If it is not true, can you please confirm that there are no preexisting investors

The tech vision seems to be quite ambitious, does testnet release support all of what will be in the final release? If not, when will everything be completed? Is source code available?

Inflation concerns abound, ignoring preferential tems for early investors, wouldnt someone have to continue buying 40 percent more per year to maintain their stake?

Many more questions, but if the final product is many months away, or if preexisting investors get lions share of gains or if dilution cannot be avoided, then i am leery of ipo

James

[jl777]

alot of posts being deleted on this thread this post wont last long....eutherium!!!

You are not kidding!
Used to be 80 pages, now 45
That is why they didnt bother to respond

[Platonicgap]

http://platonicgap.wordpress.com/

[Eadeqa]

I can compare only Nxt and Ethereum:

1. Nxt is simple (for casual programmers), Ethereum is hardcore (for hardcore programmers). I think most of coders will choose Nxt if noone creates a simple Ethereum Contract Creation Kit.
2. Nxt can process 1000s transactions per second (coz of absence of scripts and Transparent Forging), Ethereum can't process too many transactions but they r much richer. I think these platforms would go on par if Nxt didn't have Transparent Forging. With TF Nxt will win.
3. Nxt has fixed supply of coins, Ethereum will be inflationary for a long period of time. Ordinary people prefer non-inflationary currencies.
4. Nxt is 100% PoS, Ethereum is PoW + PoS, so the latter is not so "green".

These r just a few points that came to my mind.

Please stop trying to talk up Nxt at every opportunity in this thread. You forgot to mention Nxt is vulnerable to nothing-at-stake attacks, poorly implemented in Java (known for security!), you can't store anything in an offline wallet, and the currency is owned by 71 people who sell it to everyone else. Just get real if you want to talk things up.

There is nothing wrong with Java as programing language. Don't confuse programing language with Java Applet that is a web browser plugin

It's much easier to write secure software in Java than C and C++

[ffssixtynine]

The dilution potential is huge. Set the cap at 5000 BTC and implement a max investment cap to allow many small investors.

+1

+1

At the moment it makes no sense. The risk is way too high. Besides, there are many ways they can make money once they launch, such as with their own exchange or other software.

A 5000-10000 BTC limit with 50 BTC limit per person (at least for the first month) is more sensible. Assuming BTC doesn't collapse, that's $4-8m even at current prices. In six months there is a fair chance that will have doubled. Appreciate that 'a person' is imprecise but it's a start. This way everyone knows what they are getting. This also allows people to share the coin pre-mine which I think is better pr and better for the market post launch. If month 1 goes by and the limit is not reached, then remove the coin limit for month 2.

To flip it round, any investor has to assume a 30,000 BTC valuation, making it already a valuable coin. The upside is immediately limited to the coin being a major success. Anything else and the money is lost. Factor in the minting model and the clones that will appear immediately, which may be a better gamble for those so inclined, and the investment is too high risk.

Note: The 50% pre-mine is not for the coin creators. That's for the coin investors, i.e. Potentially us. The rest is split between year 1 miners (not enough I would say), creators, and funding for dev. Correct me if I am wrong.

I want to support this and like some of those involved, but the fund raising model is wrong. That doesn't mean they won't manage to raise it, but it's raising too many eyebrows amongst investors I work with and it's a poor start to a good concept.

[Herp]

The dilution potential is huge. Set the cap at 5000 BTC and implement a max investment cap to allow many small investors.

+1

+1

At the moment it makes no sense. The risk is way too high. Besides, there are many ways they can make money once they launch, such as with their own exchange or other software.

A 5000-10000 BTC limit with 50 BTC limit per person (at least for the first month) is more sensible. Assuming BTC doesn't collapse, that's $4-8m even at current prices. In six months there is a fair chance that will have doubled. Appreciate that 'a person' is imprecise but it's a start. This way everyone knows what they are getting. This also allows people to share the coin pre-mine which I think is better pr and better for the market post launch. If month 1 goes by and the limit is not reached, then remove the coin limit for month 2.

To flip it round, any investor has to assume a 30,000 BTC valuation, making it already a valuable coin. The upside is immediately limited to the coin being a major success. Anything else and the money is lost. Factor in the minting model and the clones that will appear immediately, which may be a better gamble for those so inclined, and the investment is too high risk.

Note: The 50% pre-mine is not for the coin creators. That's for the coin investors, i.e. Potentially us. The rest is split between year 1 miners (not enough I would say), creators, and funding for dev. Correct me if I am wrong.

I want to support this and like some of those involved, but the fund raising model is wrong. That doesn't mean they won't manage to raise it, but it's raising too many eyebrows amongst investors I work with and it's a poor start to a good concept.

Which is why they've delayed the IPO. They've obviously got the pulse of the community and decided to make adjustments.

When they'll be out with this project, others like Mastercoin or Next will be well underway and have first adopter advantage which can be huge advantage.

In this crypto world 1 month = 1 year. Too little, too late.

[Level Coin]

Has anyone addressed the security of having a Turing complete foundation? Turing complete means that Ethereum contracts will likely be absolutely loaded with common and proprietary viruses, keyloggers, malware, adware, and a slew of other bad things. I am willing to bet my bank account that in a few short months people will be crying about how they got all their wallets/currency stolen, or their computers are now running slow, or how they blue screen every few minutes after a reboot.

If you want an example of how Turing complete works, load up a peer to peer sharing program and download a bunch of .MOV files and run them. I GUARANTEE that you will get a virus. That's because Quicktime movie files are Turing complete. This is why mkv, mpeg, mpg and avi, while not impervious, are much much safer to download. If you want to invest, mine, and run contracts at the risk of losing everything then go ahead. We will never know for sure how secure Ether is going to be until post release, so asking for money without proof of security is another red flag.

I too would like to know this. Turing complete is dangerous and highly insecure.

[arcke]

Has anyone addressed the security of having a Turing complete foundation? Turing complete means that Ethereum contracts will likely be absolutely loaded with common and proprietary viruses, keyloggers, malware, adware, and a slew of other bad things. I am willing to bet my bank account that in a few short months people will be crying about how they got all their wallets/currency stolen, or their computers are now running slow, or how they blue screen every few minutes after a reboot.

If you want an example of how Turing complete works, load up a peer to peer sharing program and download a bunch of .MOV files and run them. I GUARANTEE that you will get a virus. That's because Quicktime movie files are Turing complete. This is why mkv, mpeg, mpg and avi, while not impervious, are much much safer to download. If you want to invest, mine, and run contracts at the risk of losing everything then go ahead. We will never know for sure how secure Ether is going to be until post release, so asking for money without proof of security is another red flag.

I too would like to know this. Turing complete is dangerous and highly insecure.

You are calling every turing complete programming language out there dangerous and highly insecure. You do not seem to know what you are talking about.

[CoinHeavy]

For those disillusioned or turned off by the IPO but who are still interested in getting involved, I would recommend mining and developing.  Mining a new coin at launch is always a fun experience, especially for folks who haven't done it before.  Also, once high-level abstractions have been made (ruby gem, python port, etc.) hacking around with some easy code would be a worthwhile evaluation.

I'll be curious to see how the IPO goes once it arrives.  Someone should start a betting pool on what the final amount BTC raised will be (or the size of the initial Ether pool).

The forums on their site are pretty sparse at the moment http://forum.ethereum.org/ but meetups have already started to be organized so I would expect this to change rapidly.

[Level Coin]

Has anyone addressed the security of having a Turing complete foundation? Turing complete means that Ethereum contracts will likely be absolutely loaded with common and proprietary viruses, keyloggers, malware, adware, and a slew of other bad things. I am willing to bet my bank account that in a few short months people will be crying about how they got all their wallets/currency stolen, or their computers are now running slow, or how they blue screen every few minutes after a reboot.

If you want an example of how Turing complete works, load up a peer to peer sharing program and download a bunch of .MOV files and run them. I GUARANTEE that you will get a virus. That's because Quicktime movie files are Turing complete. This is why mkv, mpeg, mpg and avi, while not impervious, are much much safer to download. If you want to invest, mine, and run contracts at the risk of losing everything then go ahead. We will never know for sure how secure Ether is going to be until post release, so asking for money without proof of security is another red flag.

I too would like to know this. Turing complete is dangerous and highly insecure.

You are calling every turing complete programming language out there dangerous and highly insecure. You do not seem to know what you are talking about.

No I am not, I am talking within the context of a currency backed by people's hard earned money. Do not put words in my mouth. Hackers are already willing to inject malicious software into non monetary applications, I can only imagine what they would come up with if they found an application that is Turing complete, is used to handle millions of dollars, and thanks to the anonymity of crypto, have no chance of being caught. You are diffusing a valid question with irrelevant and illogical retorts. I'd like a short summary of the methods used to prevent people from doing this. What systems are in place to increase security for the end user?

[X68N]

Ethanolium,
a bunch of programmers got drunk of premining greed ;-)

[arcke]

Has anyone addressed the security of having a Turing complete foundation? Turing complete means that Ethereum contracts will likely be absolutely loaded with common and proprietary viruses, keyloggers, malware, adware, and a slew of other bad things. I am willing to bet my bank account that in a few short months people will be crying about how they got all their wallets/currency stolen, or their computers are now running slow, or how they blue screen every few minutes after a reboot.

If you want an example of how Turing complete works, load up a peer to peer sharing program and download a bunch of .MOV files and run them. I GUARANTEE that you will get a virus. That's because Quicktime movie files are Turing complete. This is why mkv, mpeg, mpg and avi, while not impervious, are much much safer to download. If you want to invest, mine, and run contracts at the risk of losing everything then go ahead. We will never know for sure how secure Ether is going to be until post release, so asking for money without proof of security is another red flag.

I too would like to know this. Turing complete is dangerous and highly insecure.

You are calling every turing complete programming language out there dangerous and highly insecure. You do not seem to know what you are talking about.

No I am not, I am talking within the context of a currency backed by people's hard earned money. Do not put words in my mouth. Hackers are already willing to inject malicious software into non monetary applications, I can only imagine what they would come up with if they found an application that is Turing complete, is used to handle millions of dollars, and thanks to the anonymity of crypto, have no chance of being caught. You are diffusing a valid question with irrelevant and illogical retorts. I'd like a short summary of the methods used to prevent people from doing this. What systems are in place to increase security for the end user?

So far as I can tell the security is based on the blockchain and the POW that will be used in roughly the same way bitcoin does this. The big difference is that ethereum scripts are more powerful. I dont see a reason why this introduces new security considerations, but it is certainly a valid point to consider. And still I say this based on my understanding of the model of ethereum and not on the implementation.

[ddink7]

The dilution potential is huge. Set the cap at 5000 BTC and implement a max investment cap to allow many small investors.

+1

+1

At the moment it makes no sense. The risk is way too high. Besides, there are many ways they can make money once they launch, such as with their own exchange or other software.

A 5000-10000 BTC limit with 50 BTC limit per person (at least for the first month) is more sensible. Assuming BTC doesn't collapse, that's $4-8m even at current prices. In six months there is a fair chance that will have doubled. Appreciate that 'a person' is imprecise but it's a start. This way everyone knows what they are getting. This also allows people to share the coin pre-mine which I think is better pr and better for the market post launch. If month 1 goes by and the limit is not reached, then remove the coin limit for month 2.

To flip it round, any investor has to assume a 30,000 BTC valuation, making it already a valuable coin. The upside is immediately limited to the coin being a major success. Anything else and the money is lost. Factor in the minting model and the clones that will appear immediately, which may be a better gamble for those so inclined, and the investment is too high risk.

Note: The 50% pre-mine is not for the coin creators. That's for the coin investors, i.e. Potentially us. The rest is split between year 1 miners (not enough I would say), creators, and funding for dev. Correct me if I am wrong.

I want to support this and like some of those involved, but the fund raising model is wrong. That doesn't mean they won't manage to raise it, but it's raising too many eyebrows amongst investors I work with and it's a poor start to a good concept.

I completely agree with per-person limits. But how would you enforce them? That's the problem with bitcoin--it's pseudo-anonymous. A person could just create 5 addresses and send the 50 from each address. The only real alternative I could see would be some form of identity verification a-la-coinbase...but I can only imagine how unpopular that would be!

A workaround might be to do like XCP and limit the number of coins that can come from one address. It would take a bit longer to create wallets, transfer coins to those wallets, and then transfer to the exodus address...although I fear someone could write a script to do just that.

[Herp]

Ethanolium,
a bunch of programmers got drunk of premining greed ;-)

It's what happens when you let ex Goldman Sucks viruses run the show.

[canth]

<snip>

Also please be aware that LeoC sent this message to me via a PM:

10 BTC and I'll remove my posts even though they are factual and won't make any more. 15 and I will change my tune and promote.

eMunie have already lost hundreds of BTC and were forced to cancel their IPO when I called them out here https://bitcointalk.org/index.php?topic=411366.0

I was going to create a similar thread regarding Ethereum, unless you send the above amounts.

I'd suggest you think long and hard about this. Which would you prefer to lose, 10 BTC or 1000, your choice.

1C7MPUTTWQjinfbRcQtW6HAc4ips7wMuiJ

Please ignore the FUD. We are going to make every attempt to address all concerns. In many cases, with Vitalik and Me directly.

Thanks for sharing this with us and I hope that you hit the report button on this scamster. It's like blackmail, only missing the threat of any actual dirty secrets.

[Level Coin]

So far as I can tell the security is based on the blockchain and the POW that will be used in roughly the same way bitcoin does this. The big difference is that ethereum scripts are more powerful. I dont see a reason why this introduces new security considerations, but it is certainly a valid point to consider. And still I say this based on my understanding of the model of ethereum and not on the implementation.

This does not answer the question. What does the blockchain and the PoW aspect have to do with the scripting portion (which is what I was referring to)? Vitalik himself has said that it is possible to create a contract within a contract, likely ad infinitum. This means that a malicious contract could be called by a non malicious contract. These non malicious contracts will essentially be used to masquerade the malicious one. And the layers could make identification much more difficult. The typical end user is highly unlikely to detect such a complex script and by the time someone with the knowhow to spot the malicious code calls them out it will likely have already claimed many victims.