smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
December 12, 2014, 11:14:30 AM |
|
Compromises for both MyMonero and running simplewallet connected to an open daemon:
- You have to trust that both aren't feeding you bad blocks / skipping blocks / withholding blocks - You have to trust that both aren't logging your sent tx's against your IP address - You have to trust that both are keeping their daemon up-to-date so that tx's are valid and are actually rebroadcast
I'd add you have to trust that both aren't logging your mixes. I guess given that simplewallet at least caches the blockchain it could come up with its own mixes and not rely on a remote daemon for them, but currently that is not the case. Compromises specific to connecting to open daemons:
- You'll be pulling full blocks down from quite low on the blockchain during a restore (ie. basically downloading the full blockchain) - You've got to do that from scratch if you have a messed up wallet cache or a dead tx in the mempool - Once a block is scanned for a tx it is discarded by simplewallet, so you can't "cache" those blocks and run a second wallet on your machine - every additional wallet will pull the same data in all over again
Also no encryption currently exists with a remote daemon. So your interaction is exposed to network-level snooping (especially on WiFi, but its always possible).
|
|
|
|
Atrides
|
|
December 12, 2014, 11:33:21 AM |
|
Atrides tweet something so that we can all retweet! So node.moneroclub.com:8880 means that one can only use simplewallet! Though it also means that we have to trust the node, right? I just tried it and it works fine I havent send XMR in the wallet though. Yes, "node" is just a tool for those, who constantly had problems with deamon. You can use MyMonero, or only Simplewallet with Moneroclub-Node, or install both Wallet and Daemon. Currently node has only one daemon-node, in beta-test. Getting of blocks works and sending of transactions as well. Similar to mymonero with just using common wallet. Additional nodes will be added soon on other dedicated servers for failover. Regarding security - I added Moneroclub node to ForkGuard. In addition, node doesn't known your private keys, so that is impossible to do something with your balances. Your simplewallet sends already signed transactions. Other thoughts already written by fluffypony and smooth
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
December 12, 2014, 11:40:44 AM Last edit: December 12, 2014, 12:17:12 PM by smooth |
|
Atrides tweet something so that we can all retweet! So node.moneroclub.com:8880 means that one can only use simplewallet! Though it also means that we have to trust the node, right? I just tried it and it works fine I havent send XMR in the wallet though. To be clear, you don't need to trust that the node won't steal your coins. It can't do that. Nor can anyone snooping your connection. EDIT: credit to Atrides who already explained this in the previous message, which I hadn't seen. The node could theoretically take part in some kind of elaborate ruse, feeding you fake blocks to trick you into thinking you received coins when you really didn't, allowing a double spend against you, but barring such exotic attacks, the risks are limited to some loss of privacy.
|
|
|
|
myagui
Legendary
Offline
Activity: 1154
Merit: 1001
|
|
December 12, 2014, 12:21:24 PM |
|
@Atrides, A couple of odd elements I just noticed trying out the platform: - there's no edit/cancel feature yet for one's existing offers. - the % relative to MoneroIndex is always positive, ignoring if the offer is a sell or a buy. I created a couple of test entries, but I want to edit them, not interested in going broke just yet All in all, great initiative. It's all baby steps forward as they say.
|
|
|
|
GreekBitcoin
Legendary
Offline
Activity: 1428
Merit: 1001
getmonero.org
|
|
December 12, 2014, 12:31:38 PM |
|
@Atrides, A couple of odd elements I just noticed trying out the platform: - there's no edit/cancel feature yet for one's existing offers. - the % relative to MoneroIndex is always positive, ignoring if the offer is a sell or a buy. I created a couple of test entries, but I want to edit them, not interested in going broke just yet All in all, great initiative. It's all baby steps forward as they say. for negative % you use -
|
|
|
|
fluffypony
Donator
Legendary
Offline
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
|
|
December 12, 2014, 12:40:09 PM |
|
I'd add you have to trust that both aren't logging your mixes. I guess given that simplewallet at least caches the blockchain it could come up with its own mixes and not rely on a remote daemon for them, but currently that is not the case.
I'm intuiting here, but I suspect that a malicious open node to which you connect to all the time can build up a history of outputs from your broadcast tx's, and couple that with a determination of your "true" signature on inputs, to effectively deduce as much information as knowing your view key would reveal. The only useful advantage then would be that you can stop using a remote daemon and it won't know your transactions in perpetuity.
|
|
|
|
e-coinomist
Legendary
Offline
Activity: 2380
Merit: 1085
Money often costs too much.
|
|
December 12, 2014, 12:44:33 PM |
|
The Monero Research Lab is working through the academic and research portion of this. There's literally no point in implementing multisig without full ring signature support, and ...
I would seriously recommend keeping this closed source if possible when implemented. Maybe 2 versions where the paranoid can use wallets without multi-sig. The first that gets here and can keep it to themselves will be the clear winner. closed source == dead coin
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
December 12, 2014, 12:49:36 PM Last edit: December 12, 2014, 01:30:02 PM by smooth |
|
I'd add you have to trust that both aren't logging your mixes. I guess given that simplewallet at least caches the blockchain it could come up with its own mixes and not rely on a remote daemon for them, but currently that is not the case.
I'm intuiting here, but I suspect that a malicious open node to which you connect to all the time can build up a history of outputs from your broadcast tx's, and couple that with a determination of your "true" signature on inputs, to effectively deduce as much information as knowing your view key would reveal. The only useful advantage then would be that you can stop using a remote daemon and it won't know your transactions in perpetuity. Knowing your true outputs is as simple as looking at the inputs to transactions you broadcast and excluding the mixins it gave you. The difference between that and view key is the former does not reveal outputs that haven't been spent yet (nor future outputs as you said) Some of this could be avoided by the wallet connecting to multiple nodes. If you obtain a bunch of mixins from each of several nodes (which can be cached and used later to avoid correlating the timing) and only use some of them, I don't think any of the nodes can ever be sure which are your true outputs, although I haven't analyzed that carefully. A wallet would have to be coded to work this way (simplewallet doesn't).
|
|
|
|
myagui
Legendary
Offline
Activity: 1154
Merit: 1001
|
|
December 12, 2014, 01:22:22 PM |
|
for negative % you use - Absolutely. Now if only I had figured that out before I created a couple of non-editable offers
|
|
|
|
Hueristic
Legendary
Offline
Activity: 3962
Merit: 5384
Doomed to see the future and unable to prevent it
|
|
December 12, 2014, 02:26:14 PM |
|
Very nice, where you have "all currencies" please replace with "all supported currencies", this is far from a complete list. Lol
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
Hueristic
Legendary
Offline
Activity: 3962
Merit: 5384
Doomed to see the future and unable to prevent it
|
|
December 12, 2014, 02:30:59 PM |
|
...A possible middle ground, of sorts, for "full" devices would be to run your own remote daemon. This should help you make a more informed choice:)
I was thinking this as I was reading your post. There should be a DIY in the OP and FAQ on how to set this up.
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
Hueristic
Legendary
Offline
Activity: 3962
Merit: 5384
Doomed to see the future and unable to prevent it
|
|
December 12, 2014, 02:34:47 PM |
|
The Monero Research Lab is working through the academic and research portion of this. There's literally no point in implementing multisig without full ring signature support, and ...
I would seriously recommend keeping this closed source if possible when implemented. Maybe 2 versions where the paranoid can use wallets without multi-sig. The first that gets here and can keep it to themselves will be the clear winner. closed source == dead coin Not if there is an open source that accomplishes the same thing just with less functionality. Or as I recommended, A closed source wrapper. Think about the ramifications. Do you have any clue how many shit coins will pop up and stuff this into their inferior code thereby diluting the waters and monero devs will have done the work and the coin will not reap the rewards.
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
Quicken
|
|
December 12, 2014, 02:35:41 PM |
|
MoneroClub is a great idea and should be an important part of the growing Monero infrastructure going forward. Thus far, I have obtained over 90% of my XMR by buying BTC from localbitcoins, transferring to Poloniex and trading for XMR. If I need some fiat for a big purchase in the future (e.g. house/business), cutting one step out in the reverse process would be excellent. Cheers, Q
|
|
|
|
Hueristic
Legendary
Offline
Activity: 3962
Merit: 5384
Doomed to see the future and unable to prevent it
|
|
December 12, 2014, 02:40:06 PM |
|
MoneroClub is a great idea and should be an important part of the growing Monero infrastructure going forward. Thus far, I have obtained over 90% of my XMR by buying BTC from localbitcoins, transferring to Poloniex and trading for XMR. If I need some fiat for a big purchase in the future (e.g. house/business), cutting one step out in the reverse process would be excellent. Cheers, Q Speaking of which, is there anyway to get on coinbase?
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
GreekBitcoin
Legendary
Offline
Activity: 1428
Merit: 1001
getmonero.org
|
|
December 12, 2014, 02:42:06 PM |
|
Hueristic dont worry. Noone is diluting anything. There were 10 other CN coins that used open source pool software that was created for Monero (+Bytecoin). Where are those coins now?
Cryptography needs to be open source. If it isnt you cant know that it really works. Serious investors know who does the job and where to invest. That shit with using closed source software on coins is being used mostly from scammers that actually dont have something legit or something at all and postpone the inevitable.
|
|
|
|
Hueristic
Legendary
Offline
Activity: 3962
Merit: 5384
Doomed to see the future and unable to prevent it
|
|
December 12, 2014, 02:46:49 PM |
|
Hueristic dont worry. Noone is diluting anything. There were 10 other CN coins that used open source pool software that was created for Monero (+Bytecoin). Where are those coins now?
Cryptography needs to be open source. If it isnt you cant know that it really works. Serious investors know who does the job and where to invest. That shit with using closed source software on coins is being used mostly from scammers that actually dont have something legit or something at all and postpone the inevitable.
When retards throw 3k BTC on vaporware you should see that is the holy grail. You Don't think those scammers won't ICO a fork as soon as it's released? They are just sitting back drooling waiting to swoop in and reap the rewards of this teams hard work. MARK my words. I have a penchant for foresight.
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
GreekBitcoin
Legendary
Offline
Activity: 1428
Merit: 1001
getmonero.org
|
|
December 12, 2014, 02:49:03 PM |
|
Hueristic dont worry. Noone is diluting anything. There were 10 other CN coins that used open source pool software that was created for Monero (+Bytecoin). Where are those coins now?
Cryptography needs to be open source. If it isnt you cant know that it really works. Serious investors know who does the job and where to invest. That shit with using closed source software on coins is being used mostly from scammers that actually dont have something legit or something at all and postpone the inevitable.
When retards throw 3k BTC on vaporware you should see that is the holy grail. You Don't think those scammers won't ICO a fork as soon as it's released? They are just sitting back drooling waiting to swoop in and reap the rewards of this teams hard work. MARK my words. I have a penchant for foresight. Do people still waste money on ICO? That is so 1-2 years ago...
|
|
|
|
Hueristic
Legendary
Offline
Activity: 3962
Merit: 5384
Doomed to see the future and unable to prevent it
|
|
December 12, 2014, 03:02:23 PM |
|
Hueristic dont worry. Noone is diluting anything. There were 10 other CN coins that used open source pool software that was created for Monero (+Bytecoin). Where are those coins now?
Cryptography needs to be open source. If it isnt you cant know that it really works. Serious investors know who does the job and where to invest. That shit with using closed source software on coins is being used mostly from scammers that actually dont have something legit or something at all and postpone the inevitable.
When retards throw 3k BTC on vaporware you should see that is the holy grail. You Don't think those scammers won't ICO a fork as soon as it's released? They are just sitting back drooling waiting to swoop in and reap the rewards of this teams hard work. MARK my words. I have a penchant for foresight. Do people still waste money on ICO? That is so 1-2 years ago... https://bitcointalk.org/index.php?topic=857457.0https://bitcointalk.org/index.php?topic=890221.0;topicseen
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
|
saddambitcoin
Legendary
Offline
Activity: 1610
Merit: 1004
|
|
December 12, 2014, 03:37:36 PM |
|
voted
|
|
|
|
|