Phosphorous
|
|
September 27, 2014, 02:54:22 AM |
|
Looking for a few legit peers to review the Maieuticoin situation. PM me for more info if you have a rep for knowing what you are looking at, please. You'll also get a link to whatever you want on our site for your time
What do you mean the "Maieuticoin situation?" Are you talking about code?
|
|
|
|
MMXIV (OP)
|
|
September 27, 2014, 03:03:40 AM |
|
Looking for a few legit peers to review the Maieuticoin situation. PM me for more info if you have a rep for knowing what you are looking at, please. You'll also get a link to whatever you want on our site for your time
What do you mean the "Maieuticoin situation?" Are you talking about code? Well, the code is solid. That's for sure. The entire point is that over 60% of the network has put their coins into offline staking. I'm just looking for other opinions on where and how an attack could be successful since a vast majority of the network is on a legitimate staking schedule. This gives us a very high level of blockchain security I guess what we are concerned with is either an attack we are vulnerable to or third party peer validation that our blockchain is entirely secure
|
|
|
|
notsoshifty
|
|
September 27, 2014, 05:11:15 AM |
|
Well, the code is solid. That's for sure. The entire point is that over 60% of the network has put their coins into offline staking. I'm just looking for other opinions on where and how an attack could be successful since a vast majority of the network is on a legitimate staking schedule. This gives us a very high level of blockchain security
I guess what we are concerned with is either an attack we are vulnerable to or third party peer validation that our blockchain is entirely secure
"Offline Staking" is a centralised solution to the problem of people not wanting to run their clients 24x7, and it suffers from at least two clear issues: 1. The private keys of all accounts that are being offline staked are in the hands of one central body. The coins are therefore vulnerable to being stolen through external hacks, or the operator can simply run away with the funds. As such, this is similar to keeping them on an exchange. Exchanges have been hacked in the past (it's not possible to completely prevent this, no matter how secure people say their servers are), and exchange operators have run away with funds in the past. 2. Blockchain security in decentralised PoW/PoS systems is dependent upon no person (or group of people working together) having 50% of the hashing/staking power. If you have the private keys to 60% of the coins, you can execute a double spend attack whenever you like. Of course, it can be argued that if you performed double spend attacks regularly, or ran away with all the coins, they would suddenly become worthless. And with the market cap as low as it is now it's probably not worthwhile to do so. But if it were to increase to, say, $1million, then an offline staking operator could probably get away with a decent amount in a one-off sell, and wouldn't care about the coin's subsequent value. Virtual offline staking in its current form, requiring trust in a central body that operates the blockchain, is fundamentally against the point of crypto currencies. I think you'll have a hard time persuading people outside of the MMXIV world to take it seriously.
|
|
|
|
MMXIV (OP)
|
|
September 27, 2014, 05:37:05 AM |
|
Well, the code is solid. That's for sure. The entire point is that over 60% of the network has put their coins into offline staking. I'm just looking for other opinions on where and how an attack could be successful since a vast majority of the network is on a legitimate staking schedule. This gives us a very high level of blockchain security
I guess what we are concerned with is either an attack we are vulnerable to or third party peer validation that our blockchain is entirely secure
"Offline Staking" is a centralised solution to the problem of people not wanting to run their clients 24x7, and it suffers from at least two clear issues: 1. The private keys of all accounts that are being offline staked are in the hands of one central body. The coins are therefore vulnerable to being stolen through external hacks, or the operator can simply run away with the funds. As such, this is similar to keeping them on an exchange. Exchanges have been hacked in the past (it's not possible to completely prevent this, no matter how secure people say their servers are), and exchange operators have run away with funds in the past. 2. Blockchain security in decentralised PoW/PoS systems is dependent upon no person (or group of people working together) having 50% of the hashing/staking power. If you have the private keys to 60% of the coins, you can execute a double spend attack whenever you like. Of course, it can be argued that if you performed double spend attacks regularly, or ran away with all the coins, they would suddenly become worthless. And with the market cap as low as it is now it's probably not worthwhile to do so. But if it were to increase to, say, $1million, then an offline staking operator could probably get away with a decent amount in a one-off sell, and wouldn't care about the coin's subsequent value. Virtual offline staking in its current form, requiring trust in a central body that operates the blockchain, is fundamentally against the point of crypto currencies. I think you'll have a hard time persuading people outside of the MMXIV world to take it seriously. The private keys aren't stored or saved. Once the private keys are loaded they are never checked again. When you use an exchange, you use their Private Key. When you stake with us, you are using your Private Key, not your address. So yes, it requires trust in me to handle it from the submission to the entry, but after that it will be very, very hard to even figure out where they are held. I've proven I am trustworthy by sending out several thousand dollars worth of miners for our raffles Again, exchanges require you trust them without having the Private Key for yourself. You simply use a rented address. With us, you still have the Private Key, which means you could use that, combined with the address, for cold storage that continues to stake. Exchanges also do not stake if they are smart and using proper cold storage The staking clients are on nodes that only connect to the seednodes and reject untrusted nodes across the network. They are only visible to mainnet in a second tier of IPs. The peers of the peers is the only way they are even seen and you won't find the IP of any of the staking nodes in your peerlist. If they do try to connect, they will appear as rejected, much like if it was it was a node from another blockchain being kicked out. We do not control all of these nodes. They trust explorers, multipool, exchanges, and other trusted peers Over 60% of the network is now staking, spread across many, many nodes, which means you can't even buy enough on an exchange to attack it. There is no Proof of Work to utilize for an attack, either Using us requires less trust than sending your coins to an exchange. To opt out, all you have to do is move coins to a fresh address
|
|
|
|
iGotSpots
Legendary
Offline
Activity: 2548
Merit: 1054
CPU Web Mining 🕸️ on webmining.io
|
|
September 27, 2014, 06:03:35 AM |
|
Offline staking for me is just a side feature. I only put some in to see if it actually worked and I had no issues at all. I usually dislike PoS but what drew me in was the stable price with nearly 1% a week from staking
It's a pretty stable store of value that pays quick interest more than anything else
|
|
|
|
notsoshifty
|
|
September 27, 2014, 06:21:08 AM |
|
The private keys aren't stored or saved. Once the private keys are loaded they are never checked again. When you use an exchange, you use their Private Key. When you stake with us, you are using your Private Key, not your address. So yes, it requires trust in me to handle it from the submission to the entry, but after that it will be very, very hard to even figure out where they are held. I've proven I am trustworthy by sending out several thousand dollars worth of miners for our raffles
Again, exchanges require you trust them without having the Private Key for yourself. You simply use a rented address. With us, you still have the Private Key, which means you could use that, combined with the address, for cold storage that continues to stake. Exchanges also do not stake if they are smart and using proper cold storage
The staking clients are on nodes that only connect to the seednodes and reject untrusted nodes across the network. They are only visible to mainnet in a second tier of IPs. The peers of the peers is the only way they are even seen and you won't find the IP of any of the staking nodes in your peerlist. If they do try to connect, they will appear as rejected, much like if it was it was a node from another blockchain being kicked out. We do not control all of these nodes. They trust explorers, multipool, exchanges, and other trusted peers
Over 60% of the network is now staking, spread across many, many nodes, which means you can't even buy enough on an exchange to attack it. There is no Proof of Work to utilize for an attack, either
Using us requires less trust than sending your coins to an exchange. To opt out, all you have to do is move coins to a fresh address
On the storage of keys: If private keys are required to sign PoS blocks by the staking clients then they are clearly being stored/saved somewhere on those clients. In memory, on disk in a reversibly encrypted form, etc - they're still out there. (Not to mention being sent unencrypted in a web form over the Internet). Or am I missing something?? On trust issues: You've accepted that this system requires trust in you. No matter how trustworthy you've been in the past, requiring this much trust in any person should raise alarm bells. On network security: Putting a layer between virtual staking clients and public mainnet is a sensible approach, but you should accept that it isn't possible to 100% prevent unauthorised access. (And using phrases like "I assure you, though, our blockchain will now not ever be compromised", and wanting "third party peer validation that our blockchain is entirely secure" are clearly nonsense) On blockchain security: You haven't addressed the point about >50% of the staking power being controlled by a single group of people, and the implications of this on overall blockchain security?
|
|
|
|
MMXIV (OP)
|
|
September 27, 2014, 06:27:32 AM Last edit: September 27, 2014, 06:37:33 AM by MMXIV |
|
The private keys aren't stored or saved. Once the private keys are loaded they are never checked again. When you use an exchange, you use their Private Key. When you stake with us, you are using your Private Key, not your address. So yes, it requires trust in me to handle it from the submission to the entry, but after that it will be very, very hard to even figure out where they are held. I've proven I am trustworthy by sending out several thousand dollars worth of miners for our raffles
Again, exchanges require you trust them without having the Private Key for yourself. You simply use a rented address. With us, you still have the Private Key, which means you could use that, combined with the address, for cold storage that continues to stake. Exchanges also do not stake if they are smart and using proper cold storage
The staking clients are on nodes that only connect to the seednodes and reject untrusted nodes across the network. They are only visible to mainnet in a second tier of IPs. The peers of the peers is the only way they are even seen and you won't find the IP of any of the staking nodes in your peerlist. If they do try to connect, they will appear as rejected, much like if it was it was a node from another blockchain being kicked out. We do not control all of these nodes. They trust explorers, multipool, exchanges, and other trusted peers
Over 60% of the network is now staking, spread across many, many nodes, which means you can't even buy enough on an exchange to attack it. There is no Proof of Work to utilize for an attack, either
Using us requires less trust than sending your coins to an exchange. To opt out, all you have to do is move coins to a fresh address
On the storage of keys: If private keys are required to sign PoS blocks by the staking clients then they are clearly being stored/saved somewhere on those clients. In memory, on disk in a reversibly encrypted form, etc - they're still out there. (Not to mention being sent unencrypted in a web form over the Internet). Or am I missing something?? On trust issues: You've accepted that this system requires trust in you. No matter how trustworthy you've been in the past, requiring this much trust in any person should raise alarm bells. On network security: Putting a layer between virtual staking clients and public mainnet is a sensible approach, but you should accept that it isn't possible to 100% prevent unauthorised access. (And using phrases like "I assure you, though, our blockchain will now not ever be compromised", and wanting "third party peer validation that our blockchain is entirely secure" are clearly nonsense) On blockchain security: You haven't addressed the point about >50% of the staking power being controlled by a single group of people, and the implications of this on overall blockchain security? Understandable, but if there was nobody loading them in it would open one more line in which the keys could be intercepted in automation. We decided manual entry was the most secure way. Remember, this is still in testing, we are more than open to new suggestions That's why we are asking. If anyone can even find, let alone compromise these staking wallets, we would like to know how they are able to find them so any holes can be sealed tightly It's not controlled by anyone except the users themselves. Yes, I have access to the private keys, but once the node reaches the threshold we have set per node (in case one is compromised, there is very little on each node individually), it is never checked again. A new password is generated and the node is only monitored to be running, never checked for anything else. It is only monitored to ensure the client is staking, the balances are not recorded, verified, or anything else other than, yes, in the client that is staking. Unfortunately, that is the only way to stake right now Maybe I should have called it Cloud Staking instead
|
|
|
|
MMXIV (OP)
|
|
September 27, 2014, 06:34:10 AM |
|
Offline staking for me is just a side feature. I only put some in to see if it actually worked and I had no issues at all. I usually dislike PoS but what drew me in was the stable price with nearly 1% a week from staking
It's a pretty stable store of value that pays quick interest more than anything else
Yes, exactly. Offline Staking is just something we offer to those that want to ensure they are staking 24/7, it is in no way mandatory. It's just something we offer on the side The real point is, as posted above, a long term store of value that stakes regularly and reliably with a stable, or increasing, price. As interest grows, the Multipool will also be gaining hashrate, pushing the price even higher Speaking of the pool, we will have something very cool to show you guys very soon
|
|
|
|
iGotSpots
Legendary
Offline
Activity: 2548
Merit: 1054
CPU Web Mining 🕸️ on webmining.io
|
|
September 27, 2014, 08:20:24 AM Last edit: September 27, 2014, 08:39:52 AM by iGotSpots |
|
Unless it's an exchange I really trust, I would consider the staking being far less centralized than the same amount on an exchange. The staking allows you to still use that address im your computer's client without withdrawing them for a fee first
The staking isn't sending coins anywhere so there are still those nodes running clients locally worldwide
You can use a thousand small balance addresses if you want to. You can't do that on an exchange and they don't stake either
|
|
|
|
lakala
Member
Offline
Activity: 98
Merit: 10
|
|
September 27, 2014, 06:41:56 PM |
|
I don't think it would hurt if you wanted to announce raffles with email either, as long as those are once or twice a month at most. Just announce that the raffle has started, but provide a link to the thread for all subsequent announcements.
|
BitNet(VPNCOIN)第二论赠币:VikSbFcj3ogVByPajAYzvuAEoWir9shYNZ
|
|
|
Phosphorous
|
|
September 27, 2014, 06:46:58 PM |
|
Speaking of raffles, how about a raffle for an Ant S4?
|
|
|
|
MMXIV (OP)
|
|
September 27, 2014, 07:24:57 PM |
|
I don't think it would hurt if you wanted to announce raffles with email either, as long as those are once or twice a month at most. Just announce that the raffle has started, but provide a link to the thread for all subsequent announcements.
Yea, raffles I consider in the super important category. Hard forks, network updates, big promotions like raffles will use the mail list
|
|
|
|
MMXIV (OP)
|
|
September 27, 2014, 07:29:48 PM |
|
Speaking of raffles, how about a raffle for an Ant S4?
The price per ticket would have to be more than 1 M each for an S4. I was thinking an L1, but they aren't shipping until December. That's really the only thing stopping me from starting a new one. The last winner's order is already in, not sure if he got them yet, so that one's all wrapped up now
|
|
|
|
Phosphorous
|
|
September 27, 2014, 07:44:20 PM |
|
If you have to charge 2 M coin for a ticket that's probably OK as long as the value proposition is there. If you want to run some numbers by us we'll give our opinion on viability.
|
|
|
|
MMXIV (OP)
|
|
September 27, 2014, 07:46:06 PM |
|
If you have to charge 2 M coin for a ticket that's probably OK as long as the value proposition is there. If you want to run some numbers by us we'll give our opinion on viability.
Yea, it would be 2 per ticket. That's like 10% of the network, though, and doing a single unit means there is no way for me to break it in half if it doesn't sell out, like I could with the 2 x S3 raffles
|
|
|
|
MMXIV (OP)
|
|
September 27, 2014, 09:52:53 PM |
|
Should we do 2 M per ticket with 100 Tickets max, or 1 M per Ticket with no max, but a deadline of say...a month?
|
|
|
|
Phosphorous
|
|
September 27, 2014, 10:32:29 PM |
|
I'd say 2M with 100 max. Keep in mind the S4 price doesn't include shipping.
Other suggestions for raffles might be "luxury" mining accessories, such as Platinum 1000W+ power supplies. You could either geographically limit the raffle or offer a cash/coin equivalent for foreign buyers.
|
|
|
|
tripppn
|
|
September 27, 2014, 10:38:17 PM |
|
My vote is for 2M/ticket 100 tickets. A cut off number of tickets is best I think.
|
“You can't be a real country unless you have a beer and an airline - it helps if you have some kind of football team, or some nuclear weapons, but in the very least you need a beer.” ― Frank Zappa
|
|
|
apmapm12
|
|
September 27, 2014, 10:44:41 PM |
|
My vote is for 2M/ticket 100 tickets. A cut off number of tickets is best I think.
I agree with tripppn 2m/ticket for 100 totall. That way the idea are better for us all. Lol and maybe a limit of ten tickets per person.
|
|
|
|
MMXIV (OP)
|
|
September 27, 2014, 11:52:26 PM |
|
Ok, if we hit .05 I will open up the raffle tonight, even if it falls back down. We hit .09 last night, so this shouldn't be too hard of a challenge
|
|
|
|
|