ArticMine
Legendary
 Offline
Activity: 2282
Merit: 1050
Monero Core Team
|
 |
September 17, 2014, 06:14:57 PM |
|
Hahem am I the only one that think BCX's findings are worrisome?
Claiming to have something and providing evidence thereof are two different things. If you have an exploit for a (genuine, not-scammy) FOSS project, not releasing it *at least* to the developers is unconscionable - you aren't hurting a corporation or a bunch of fat cats, you're hurting a small group of developers who work - unpaid - on a software development project for the presumed betterment of everyone. You're hurting altruists who are giving of themselves for little or no reward, but I guess there are people who are so ethically imbalanced that they don't even consider this. At a minimum some technical details about it would be nice. The ethical question I see here is that there is fierce competition among the CN coins so who does he release it to without picking favourites. If he releases the technical information to all the CN coin developers he could be providing the exploit to the attacker (black hat) as well as the defender (white hat). It is not as simple as a case where the white hats are easily identifiable. |
|
|
|
aminorex
Legendary
Offline
Activity: 1596
Merit: 1030
Sine secretum non libertas
|
|
September 17, 2014, 06:20:06 PM |
|
It is not as simple as a case where the white hats are easily identifiable.
I beg to differ. That seems a false balance to me. It takes a pretty bad lie detector to misplace those boundaries in this case. Anyhow, it doesn't matter: Just release the exploit publicly. The only reason I can comprehend not to do so is a plan to use it personally in future, for extortion or malice. But I may be missing something. |
Give a man a fish and he eats for a day. Give a man a Poisson distribution and he eats at random times independent of one another, at a constant known rate.
|
|
|
cAPSLOCK
Legendary
Offline
Activity: 3836
Merit: 5299
Note the unconventional cAPITALIZATION!
|
|
September 17, 2014, 06:26:06 PM |
|
It is not as simple as a case where the white hats are easily identifiable.
I beg to differ. That seems a false balance to me. It takes a pretty bad lie detector to misplace those boundaries in this case. Anyhow, it doesn't matter: Just release the exploit publicly. The only reason I can comprehend not to do so is a plan to use it personally in future, for extortion or malice. But I may be missing something. I think you may be. He may just be not interested and also have no desire to be involved. If he is mistaken, then he is setting an annoying trap for bears. If he is lying, well then... he is acting unethically. If he is telling the truth he is giving a warning for devs and investors. I hope he explains the exploit. |
|
|
|
|
|
Ultros
|
|
September 17, 2014, 06:29:07 PM |
|
It is not as simple as a case where the white hats are easily identifiable.
I beg to differ. That seems a false balance to me. It takes a pretty bad lie detector to misplace those boundaries in this case. Anyhow, it doesn't matter: Just release the exploit publicly. The only reason I can comprehend not to do so is a plan to use it personally in future, for extortion or malice. But I may be missing something. You might be missing the power of trolling. BCX have been taunted, he enraged and made some damaging move. Now he's just glad XMR's community took a nice FUD-bomb in the face. Sometimes the most obvious explanation can be the best. Anyway we can all applause our favorite fake-shill troll moneroman88 for his very well executed provocation. |
|
|
|
|
cAPSLOCK
Legendary
Offline
Activity: 3836
Merit: 5299
Note the unconventional cAPITALIZATION!
|
|
September 17, 2014, 06:29:19 PM |
|
Eek. I was about to say at least there has been no dump...
|
|
|
|
|
GreekBitcoin
Legendary
Offline
Activity: 1428
Merit: 1001
getmonero.org
|
|
September 17, 2014, 06:32:20 PM |
|
Eek. I was about to say at least there has been no dump...
too soon  |
|
|
|
|
Jshank
Member
Offline
Activity: 75
Merit: 10
|
|
September 17, 2014, 06:52:40 PM |
|
who is on damage control  |
|
|
|
|
krawallmining
Member
Offline
Activity: 65
Merit: 10
|
|
September 17, 2014, 06:54:48 PM |
|
Maybe BitcoinEXpress should code his own coin if he's of such skill?
|
|
|
|
|
fluffypony
Donator
Legendary
Offline
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
|
|
September 17, 2014, 06:56:25 PM |
|
who is on damage control What damage? Should we react every time someone claims something? At this stage, given that there are no technical details, we can only assume that it may be true or it may be false. And, thus, do nothing until something tips the evidence either way. |
|
|
|
macsga
Legendary
Offline
Activity: 1484
Merit: 1002
Strange, yet attractive.
|
|
September 17, 2014, 07:23:52 PM |
|
who is on damage control What damage? Should we react every time someone claims something? At this stage, given that there are no technical details, we can only assume that it may be true or it may be false. And, thus, do nothing until something tips the evidence either way. FUD is the most used drug within the cryptocoin world. This is not new; no evidence? Does not exist. |
Chaos could be a form of intelligence we cannot yet understand its complexity.
|
|
|
Globb0
Legendary
Offline
Activity: 2702
Merit: 2053
Free spirit
|
|
September 17, 2014, 07:31:55 PM |
|
|
|
|
|
|
mmortal03
Legendary
Offline
Activity: 1762
Merit: 1011
|
|
September 17, 2014, 07:35:56 PM |
|
Also obviously this would have to be temporary. The devs would need to commit to weaning off of such a system after given features are implemented or a given period of time.
I would suggest exhausting all possible external options for raising funds before building something into the software. I think going this other route would be more scandalized and trolled than you're considering. I don't think that it's fundamentally bad to build something into the software. Not sure if you saw the Missive, but in the last wizard screenshot there's an idea for an auto-donation system we want to implement: https://i.imgur.com/ACDmOFJ.jpgThe basic idea is that it's completely user-selectable, based on a % of your tx fee (cumulative to avoid adding dust outputs) that is added on top of the tx fee, so it'll never have a major impact. In the GUI we'd most likely have it on at 50% by default. Making it opt-in is definitely important. Look, one can argue that having good developers is just as important to a cryptocurrency's future as the security provided by the miners, and so, too, deserve compensation. The problem with open source projects is how to implement this compensation in such a way that it doesn't centralize the development funds to one particular individual or set of individuals. If there was some way to trustlessly and fairly direct funds to each individual developer based on their perceived contributions to the development work, using some sort of algorithm, that would be the ideal. This may be an intractable problem. It's no wonder that projects where there is no opposition to investment in a centralization of effort (say, closed source startups) at least don't have this problem. They do have other problems, of course. |
|
|
|
|
|
Bassica
|
|
September 17, 2014, 08:37:27 PM |
|
New day, new drama  gotta love the world of crypto |
|
|
|
|
wachtwoord
Legendary
Offline
Activity: 2338
Merit: 1136
|
|
September 17, 2014, 08:55:29 PM |
|
My virus scanner (F-secure) just reported that bitmonerod.exe contained a trojan. It's the version I downloaded on this site.
What's up? False positive?
|
|
|
|
|
blaaaaacksuit
Sr. Member
Offline
Activity: 280
Merit: 250
Who cares?
|
|
September 17, 2014, 08:59:33 PM |
|
My virus scanner (F-secure) just reported that bitmonerod.exe contained a trojan. It's the version I downloaded on this site.
What's up? False positive?
What happened to dev? Why is the price down? SCAM! |
|
|
|
|
|
Ultros
|
|
September 17, 2014, 08:59:45 PM |
|
My virus scanner (F-secure) just reported that bitmonerod.exe contained a trojan. It's the version I downloaded on this site.
What's up? False positive?
My scanner (Kaskpersky Pure) doesn't report anything special. Latest version, just downloaded from OP to be sure. |
|
|
|
|
cAPSLOCK
Legendary
Offline
Activity: 3836
Merit: 5299
Note the unconventional cAPITALIZATION!
|
|
September 17, 2014, 08:59:52 PM |
|
My virus scanner (F-secure) just reported that bitmonerod.exe contained a trojan. It's the version I downloaded on this site.
What's up? False positive?
Use your own common sense, but yes false positive, just like minerd.exe and other bitcoin executables. The reason is Monero has been a CPU minable coin from the beginning. So botnets distribute the daemon for mining via trojans. |
|
|
|
|
klee
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
September 17, 2014, 09:00:04 PM |
|
|
|
|
|
|
wachtwoord
Legendary
Offline
Activity: 2338
Merit: 1136
|
|
September 17, 2014, 09:02:35 PM |
|
I downloaded the newest version and it is no longer detected as a trojan. (it is incredibly slow though ) |
|
|
|
|
mmortal03
Legendary
Offline
Activity: 1762
Merit: 1011
|
|
September 17, 2014, 09:03:49 PM |
|
Regarding donations - we already have about 20% of the Monero owners joining MEW. If we get this number to about 50%, then it will be easier to fund development as a community effort because there is no free riding.
how to get in there? a third idea and that is basically how mike hear financed his project is to convince very rich anarchists/libertarians that this project has a lot of value. finding these guys in the bitcoin environment should be easy  convincing them that there is place for a second major currency is hard. first because the person probably thinks it shoots its own leg, second because there needs to be an incentive for him. that said I think there are people who see besides their own profit, moral reasons to invest in a project like this. I agree with this. There needs to be more moral arguments promoted in the direction of voluntary donation. |
|
|
|
|
|
