TheFascistMind
Newbie
Offline
Activity: 42
Merit: 0
|
|
October 06, 2014, 05:06:16 AM |
|
so I answered you: 1. No fraudulent 82% premine or other scamminess; 2. Ongoing work since the fork by independent developers.
Perhaps not even claiming "no fraud" (because claiming it is a form of fraud) would be better because you've also implied that the lead developer of BBR was the developer of the original scam (do we even know if he was just the developer and not the one scheming). You XMR devs also made a somewhat dubious attack on BBR's compression feature and rpietila did a good job of saying BBR didn't have the qualifications people-wise. I happen to think the distinction and choice between the two is pretty clear
Instead tell us about features of XMR and what we can use it for to make ourselves "crap and ejaculate in our pants". This topic is not MSN chat dog Don't worry stutters, information is noise to the blissful.
|
|
|
|
|
|
|
"Bitcoin: the cutting edge of begging technology." -- Giraffe.BTC
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Spoetnik
Legendary
Offline
Activity: 1540
Merit: 1011
FUD Philanthropist™
|
|
October 06, 2014, 05:07:22 AM |
|
so I answered you: 1. No fraudulent 82% premine or other scamminess; 2. Ongoing work since the fork by independent developers.
Perhaps not even claiming "no fraud" (because claiming it is a form of fraud) would be better because you've also implied that the lead developer of BBR was the developer of the original scam (do we even know if he was just the developer and not the one scheming). You XMR devs also made a somewhat dubious attack on BBR's compression feature and rpietila did a good job of saying BBR didn't have the qualifications people-wise. I happen to think the distinction and choice between the two is pretty clear
Instead tell us about features of XMR and what we can use it for to make ourselves "crap and ejaculate in our pants". This topic is not MSN chat dog Don't worry man, information is noise to the blissful. You have been playing games on this topic for a long time now don't you think it's about enough ? edit: You might be smart but your NOT clever LOL
|
FUD first & ask questions later™
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
October 06, 2014, 05:13:45 AM |
|
so I answered you: 1. No fraudulent 82% premine or other scamminess; 2. Ongoing work since the fork by independent developers.
Perhaps not even claiming "no fraud" (because claiming it is a form of fraud) would be better You are misquoting me, but in any case, I'm capable of deciding what to claim or not claim on my own. because you've also implied that the lead developer of BBR was the developer of the original scam (do we even know if he was just the developer and not the one scheming) I don't even know if he had anything to do with it at all, and I've never claimed otherwise. I've just pointed out that some questions are there and anonymity plus red flags is not a healthy combination. I've also said on several occasions that Zoidberg is less anonymous than he once was since he now has a visible reputation and track record of at least several months on which he can be judged. I'd prefer not to comment further along that line of inquiry at this time. You XMR devs also made a somewhat dubious attack on BBR's compression feature Giving a different opinion on the merits of a design choice is not an attack. In his last reply, Zoidberg said something along the lines of "I see your point but I disagree." He was not attacking us for our opinion, nor us for his. and rpietila did a good job of saying BBR didn't have the qualifications people-wise. You will have to ask him about that opinion. I don't speak for him nor vice versa. Instead tell us about features of XMR and what we can use it for to make ourselves "crap and ejaculate in our pants".
Sorry, Monero has no shocking porn to offer you. Just some interesting privacy-enhancing technology and a team that isn't lying to you. Oh my dog, Sputnuts noise is back. Enjoy the walls of text.
|
|
|
|
|
TheFascistMind
Newbie
Offline
Activity: 42
Merit: 0
|
|
October 06, 2014, 05:25:38 AM |
|
|
|
|
|
TheFascistMind
Newbie
Offline
Activity: 42
Merit: 0
|
|
October 06, 2014, 05:30:37 AM |
|
so I answered you: 1. No fraudulent 82% premine or other scamminess; 2. Ongoing work since the fork by independent developers.
Perhaps not even claiming "no fraud" (because claiming it is a form of fraud) would be better You are misquoting me, but in any case, I'm capable of deciding what to claim or not claim on my own. ... I agree about freedom and not judging. I was trying to sincerely offer an interpretation of what is happening. I understandam empathetic to your predicamentcircumstances, so maybe it is best I say nothing. I am guessing you don't share my interpretation at this time, and I don't blame you for that, or even assume with certainty my interpretation is the correct one. P.S. my interpretation of the predicament is whether you like it or not, you've gotten yourself joined at the hip with the net effect of all the politics. My Dog, I hate politics. What an enormous clusterfuck blackhole on time it can be.
|
|
|
|
TheFascistMind
Newbie
Offline
Activity: 42
Merit: 0
|
|
October 06, 2014, 05:48:50 AM |
|
Isn't this what was happening to Auroracoin where it had declined from 16 ghps to 2.4 ghps Not necessarily. What happens on many coins, especially lesser Scrypt coins, and what KGW was designed to partially address, is that hash rate comes and goes very quickly as large multipools move their hash rate around. This causes very rapid changes in hash rate and block times until the difficulty adjusts. Adjusting too slowly can be as bad or worse than adjusting too quickly, because you can be stuck with extremely dysfunctional block times for a long period. If you adjust too quickly then even without any TW, the last few blocks of before the difficulty adjustment (to reduced difficulty) the attacker grabs with higher probability are a higher percentage of all the blocks. As I described previously the attacker can ramp up the hashrate for one period, then pull his hash rate from the next. So too quick is not an option. Period. BCX said this, so he shows he knows his shit. As I wrote before, this cycling of the hashrate higher drives away miners, combined with stealing blocks on the lower hashrate cycle drives away miners. BCX said this, so he shows he knows his shit. You are apparently not thinking deep enough on this yet. I don't really know whether it is true or not, but I've heard from some people who are not complete idiots
TT who claimed that BBR's compression is insecure in some grand degree? He was involved about Scrypt coins. that there was never a time warp exploit in KGW, and what as changed in AUR was window dressing serving as FUD repellant. And I'd add that ultimately didn't matter because all the "country coins" died anyway
As far as I know the only time wrap exploit that has ever been clearly identified and described is the original off-by-one bug identified by ArtForz in BTC and its clones.
I'm not ruling out that KGW might have an exploit or cryptonote difficulty adjustment might have an exploit, but big changes in hash rate or block times on AUR certainly don't demonstrate it at all.
KGW clearly has an exploit because it is thresholded at an exponentially declining well. So if you have enough hashrate, you can drive the hashrate adjustment at the time of your choosing. So you can ramp it up very high, then pull your hashrate slow enough to mine a secret fork while the hashrate doesn't adjust. And the real huge flaw is KGW will stop at the most recent block, if you hit the threshold. So you can shorten the difficulty adjustment intervals and take over the chain per what I wrote above. That is very obvious conceptually.
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
October 06, 2014, 06:02:52 AM |
|
TT who claimed that BBR's compression is insecure in some grand degree?
You are confusing trust model with being insecure, so you are misquoting, unless tacotime said something else I'm not aware of. In any case, no tacotime was not one of the people who has claimed no exploit in KGW (that I'm aware of, but indeed maybe he has, it wouldn't surprise me). KGW clearly has an exploit because it is thresholded at an exponentially declining well. So if you have enough hashrate, you can drive the hashrate adjustment at the time of your choosing. So you can ramp it up very high, then pull your hashrate slow enough to mine a secret fork while the hashrate doesn't adjust.
This needs to be quantified to be real. If the hash rate you are using to drive and then pulling is large enough, this adds little to the well known greedy mining or 51% attacks. If it can be done with less, then it would be significant. Anyway, I'm not particularly interested in KGW specifically, but it is a good example of an area where vague claims are made on both sides without specific proof (again on both sides), and it is impossible to tell who to believe without solid facts.
|
|
|
|
TheFascistMind
Newbie
Offline
Activity: 42
Merit: 0
|
|
October 06, 2014, 06:33:37 AM Last edit: October 06, 2014, 06:47:19 AM by TheFascistMind |
|
Here is a quadruple dose of FUD...
Wouldn't it be ideal if a coin's whitepaper has a mathematical proof that it isn't vulnerable to anything less than a 50% attack (other than the normal 6 confirmations type risk of double-spend)?
And wouldn't it be porn, if that proof showed that every other proof-of-work coin (including Bitcoin) is so vulnerable?
And wouldn't it triple sexy if that proof showed that all (untraceable block chain) anonymous coins can't be fixed to remove that vulnerability?
Excuse my drooling, I can't contain myself.
Edit: I have not withheld any quantification of TW attack on CN afaik. I shared all of my (limited) knowledge on that. I am referring to something different above.
|
|
|
|
TheFascistMind
Newbie
Offline
Activity: 42
Merit: 0
|
|
October 06, 2014, 06:48:46 AM Last edit: October 06, 2014, 06:58:51 AM by TheFascistMind |
|
This needs to be quantified to be real. If the hash rate you are using to drive and then pulling is large enough
On KGW, that should take you about 15 minutes if you are really interested. There is your 20% hashrate triggering at less than a day... http://bitcoin.stackexchange.com/a/22265/3441http://i.stack.imgur.com/I5HHI.png
|
|
|
|
TheFascistMind
Newbie
Offline
Activity: 42
Merit: 0
|
|
October 06, 2014, 07:12:09 AM |
|
The selfish mining paper shows that above 25%, the attackers % of the hashrate is amplified. That is assuming you have employed the γ = 0.5 fix suggested in the paper which afaik Bitcoin never did so I assume CN copied the Bitcoin flaw? Otherwise the amplification starts from 0%. See the chart on page 11 of the paper. So the attacker can selfish mine at the same time, to further amplify his hashrate. BCX mentioned 20%, so it appears if γ = 0, his would be amplified to 25% and that is not including the KGW exploit. Any way, it appears you only need enough to get the ball rolling downhill, because your hashrate grows over time as other miners drop off due to the drag on their profitability. I still agree you need to quantify how much the potential KGW exploit accelerates over the selfish mining by itself. It is already known that all PoW coins in existence can theoretically be destroyed with selfish mining and 25% of the hashrate, but it might take a heck of a long time (perhaps exhausting the attacker's hardware rental capital or the profit he earn from such an attack) depending on if γ = 0 or the hashrate is higher such as 33%.
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
October 06, 2014, 07:13:46 AM |
|
On KGW, that should take you about 15 minutes if you are really interested.
To start I said I wasn't interested in KGW. But nevertheless, that was interesting and after reviewing it I think I understand where the exploit in KGW lies (and no it isn't what you suggested, exactly, nor is it merely "adjusting too fast"). But in any case the same exploit doesn't exist in cryptonote coins. Of course that doesn't rule out a different one. If I have time I will write up what I think I found in KGW more carefully and see if it really holds up. Perhaps some of the coins using it will find that interesting.
|
|
|
|
TheFascistMind
Newbie
Offline
Activity: 42
Merit: 0
|
|
October 06, 2014, 07:14:29 AM |
|
If I have time I will write up what I think I found in KGW more carefully and see if it really holds up. Perhaps some of the coins using it will find that interesting.
Count me as interested. Edit: it might be the asymmetry of the threshold between increase and decrease (i.e. 100+20 is +20%, but 120-20 is -16.7%). Others had mentioned that already and it is obvious on the chart.
|
|
|
|
TheFascistMind
Newbie
Offline
Activity: 42
Merit: 0
|
|
October 06, 2014, 10:30:25 AM Last edit: October 06, 2014, 12:42:05 PM by TheFascistMind |
|
As far as I know the only time wrap exploit that has ever been clearly identified and described is the original off-by-one bug identified by ArtForz in BTC and its clones.
Evan claims a KGW exploit was deployed against DRK. The descriptions of the theory of such an exploit explain the difficulty can be reduced quickly by setting the timestamp of the latest block far into the future for the secret chain so the secret chain is mined with much lower difficulty, and then the secret chain can be brought back to the present time before publishing it, because timestamps that walk backwards in time aren't fully counted. To compute the relative PoW of a chain, sum the modular additive inverse of each hash (e.g. hash subtracted from 2256). The secret chain can't end up with more blocks thus has a lower sum and isn't chosen as the longest chain. Or what appears to be more correct (what that thread is alleging) is if the longest chain is chosen by the greater number of blocks, the secret chain can mine more blocks since it is at a lower difficulty. The key is being able to mine faster at a lower difficulty by being able to move forward and then backward in time asymmetrically. KGW offers other vulnerabilities because the secret chain can drop the difficulty, then mine faster without causing a rise of difficulty for up a day or so, by staying under the exponential well trigger threshold. Clearly you see now the potential problem in Cryptonote with the 20% discard rule. It enables the secret chain to hide a bunch of fast blocks (bunching them together in time) without causing a rise in difficulty. Thus the secret chain can end up the longest chain without needing 50% of the hashrate. I now change my opinion to very likely that BCX is building a secret chain nowRescinded. How many more days to the 22 day countdown?
|
|
|
|
sgk
Legendary
Offline
Activity: 1470
Merit: 1002
!! HODL !!
|
|
October 06, 2014, 10:52:21 AM |
|
When I look at numerous Monero threads on forum, all hailing this greatest masterpiece coin, one of Seth Godin's post always comes to my mind: You're right, they're wrong, but they won
Why is that? Is the world so unfair?
Actually, it might be because the other guys took the time and invested the effort to build a movement. They showed up, every time, again and again. They never contemplated that they might lose, even though they're wrong, sub-par or not as good as you are. Their operating system, corporate structure, political ideas or economic approach won.
Perhaps they told a story that resonated, one that resonated not with the better angels of our nature, but with our urgent desires. And most probably, they built a tribe, not one in their image, but in the image (and dreams) of those that wanted to belong.
But mostly, it's because they were prepared to spend a decade (or two or three) to change the culture of their part of the world in the direction that mattered to them. http://sethgodin.typepad.com/seths_blog/2014/10/youre-right-theyre-wrong-but-they-won.html
|
|
|
|
TheFascistMind
Newbie
Offline
Activity: 42
Merit: 0
|
|
October 06, 2014, 11:07:00 AM |
|
I said 22 days for it to come through, this is day 11.
ETA is Oct. 12, 5 days from now.
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
October 06, 2014, 11:10:05 AM |
|
As far as I know the only time wrap exploit that has ever been clearly identified and described is the original off-by-one bug identified by ArtForz in BTC and its clones.
Evan claims a KGW exploit was deployed against DRK. I see no evidence that anyone on that thread has any idea what they are talking about with the possible exception of Cryddit. Nevertheless KGW looks like kind of a train wreck to me, and probably DGW too (but I haven't really looked that closely). Clearly you see now the potential problem in Cryptonote with the 20% discard rule. It enables the secret chain to hide a bunch of blocks without causing a rise in difficulty.
No, it isn't clear. You can't really hide any blocks just by making them outliers because the outliers starting at the most recent end of the adjustment window (for example if you timestamped into the future) still have to slide through the middle before exiting the window on the other end. So you can only defer them from contributing to the adjustment for a little while, but eventually they do get counted (similar in effect to a window-based adjustment like Bitcoin). The outliers at the farthest-in-the-past end might be able to slide off without ever being counted, but even if you could figure out how to drop blocks there right away, that would only increase difficulty, not decrease it. There still might be a flaw, but we have to do better than that to graduate from FUD. Thus the secret chain can end up the longest chain without needing 50% of the hashrate.
This can never happen because the chain length is sum of difficulty not block count, although with some probability you might have a slightly lower hash rate and still get lucky and win more than half of the (weighted) blocks, as usual.
|
|
|
|
Cryptobro
Member
Offline
Activity: 84
Merit: 10
|
|
October 06, 2014, 11:12:03 AM |
|
I said 22 days for it to come through, this is day 11.
ETA is Oct. 12, 5 days from now. That's not long... I'll be happy when this saga is behind us. For better or worse. (If worse I'll be a little more angry than happy...but so be it)
|
|
|
|
OrientA
|
|
October 06, 2014, 11:19:24 AM |
|
If we increase the total hash power, will that elongate the judgement day?
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
October 06, 2014, 11:21:03 AM |
|
If we increase the total hash power, will that elongate the judgement day?
More honest hash power is always more secure for any coin. Beyond that everything is a matter of guesswork.
|
|
|
|
|