darkcoin exploit found in 2 hours by amateur (why open source matters for anon)

[Spoetnik]

this is why although i have *some coding skill i never made a coin.
and why i encouraged people to try and avoid anon devs who are often kids buying pre-made coins etc.
or younger people who are dumb and shouldn't be making coins because they are over their head skill wise.

this shows you all why picking what coin to invest in is important.

[h4xx0r]

WOW -11 trade trust what did you do?  

I refused to bow down to the posters who control the default trust. and use their position to create arbitrary pseudo rules. they spent the last two days trying to convince me i was wrong and was trying to "buy trust". you should see the threads, i totally own them time and time again intellectually, the whole time pointing out the fact that they are behaving like holier than thou faggots. it was hilarious.

[iCEBREAKER]

The good intentions of the dev? the intentions were probably not good at this point. If they were, they would have hired a professional. instead they created hype they couldn't live up to and probably profited nicely in doing so.

I was alluding to the fact that given the salubrious effect of many eyes/brains on FOSS, we may assume a dev has good intentions regardless of their actual motivation.

It works in reverse too; if a dev refuses to release the code, we may (IE must) assume he has bad intentions.

[robinwilliams]

How many times have you been told it is being open sourced in the next 2 months?

Darkcoin was closed source for over 8 months? Not one post on their thread about closed source? Yes... you are so unbiased.

dude - xc was closed source for six months ... so by the time it comes out = 8 months.  just like big bro darkcoin

and I'm not the individual you claim  

my opinion is dark sucks, xc sucks more.

dude... you obviously missed my point. I am asking why you posted over 70X that XC is blah, blah, blah... when you didn't post one comment on the Darkcoin thread about their project? Where are all the posts about Darkcoin? They are the top Anon coin as far as market cap is concerned, and not one post about their closed source? Lol!

XC sucks? Then explain why you have dedicated 20% of your posts to it?

XC doesnt spam the forum like Monero... your invesntment btw. So why the hate?

Right... you are just concerned for your fellow cryptobros. How original. Appeal to sympathy has to be the most overused fallacy on this forum.

MoneroMan is not BM. His post was meant to deceive you guys into thinking that. MoneroMan is a shill, but he isn't BM's shill.

I think MoneroMan is Come-from-Above

Yes, I posted that to make the NXT retards think I am BM. Of course I am not BM. I've admitted to be  Come-from-Above earlier. This entire community is ridiculous.

I noticed you made an effort to change C-f-A's posting statistics after I outed you as C-f-A.

It's too late bruh.

Coinhoarder,

Yes you got me.  I was trying to hide it but you were able to successfully connect the dots. robinwilliams, TinEye and a bunch of other sockpuppets are also me C-f-A. I confess.

What is your name in BitShares and which position do you hold? Are you mentioned on the official page?

ps. hats off!

I just love how you always say... "I'm not trying to start any drama here guys, but..."

Now its JL777 fault? Curious... how do really feel? Lmao!

did you get dropped on your head as a child?  

i posted in the MAIN FORUM about darkcoins problems.  with you guys i just posted in your chat thread vs humiliating you in public - however now that you wanna cry about it.  i will spend some time coming up with an APPORPRIATE response for this wanna be copy cat of a near scam closed source anonominity, web 3.0 "solution" who has copied the original algo name, the masternode idea, the closed source route ... ALL from darkcoin (except with a 100 day premine i would say XC is more of a scam)

i actually have some inside information that one of your devs is about to get his ass sued off in court.  trust me - there is more dirt on XC than even that dude who posted all that shit about the ex dev and was crying his ass off brought up.

To be clear = I came to YOU GUYS with my issues etc etc and explained things and got kicked out of your thread.  I made a DARKCOIN THREAD outlining some issues and now you are saying "wa wa ... you aren't as mean to darkcoin as you are XC"

Boy you are a special one aren't you HAHA  

[h4xx0r]

The good intentions of the dev? the intentions were probably not good at this point. If they were, they would have hired a professional. instead they created hype they couldn't live up to and probably profited nicely in doing so.

I was alluding to the fact that given the salubrious effect of many eyes/brains on FOSS, we may assume a dev has good intentions regardless of their actual motivation.

It works in reverse too; if a dev refuses to release the code, we may (IE must) assume he has bad intentions.

True, but i think the combination of our posts shows the whole picture. We can't prove for certain whether the dev had good intentions, but lets face it. if you're releasing coins you're probably trying to make money, gain notoriety, or in very rare cases, you did for the challenge of pushing the envelope. we don't really know the motivational factor(s) for this dev, but we do know that in terms of C++ coding, the developer is an amateur. It's not much of  a stretch to speculate either way on his intentions at this point.

PS: you have a salubrious vocabulary. learned a new word

[illodin]

but we do know that in terms of C++ coding, the developer is an amateur.

First, define amateur, and then, how do we know exactly that he is one?

[h4xx0r]

but we do know that in terms of C++ coding, the developer is an amateur.

First, define amateur, and then, how do we know exactly that he is one?

assume


"bro we need a prng for darksend. any ideas? i don't know much about RNG's admittedly"

"fuck it, just use std::rand()"

Code:

randomizeList (int i) { return std::rand()%i;}

coins are lost if main() terminates unexpectedly before lockedCoins.clear(), which should have a reference in the main scope so it can be called referenced during shutdown.

Code:

void CDarkSendPool::UnlockCoins(){
    BOOST_FOREACH(CTxIn v, lockedCoins)
    pwalletMain->UnlockCoin(v.prevout);
    lockedCoins.clear();
}

we know that session ids are used to identify with the network because of the following code. maybe this should be examine the protocol for this connection more closely.

Code:

RelayDarkSendCompletedTransaction(sessionID, false, "Transaction Created Successfully");

This doesn't mean he is an amateur. judging by the coding style, and what i've seen through half tired eyes its a group.

[Cloakko]

By your logic, as soon as you have people running their clients behind firewalls blocking incoming ports, you are not in a P2P network anymore.

I don't see the logic .... why are you talking about firewall and incoming ports ?

Have you any network knowledge ? I mean, strong one, not like just configuring an adsl router...

[illodin]

By your logic, as soon as you have people running their clients behind firewalls blocking incoming ports, you are not in a P2P network anymore.

I don't see the logic .... why are you talking about firewall and incoming ports ?

In a bitcoin network, there are two types of citizens: full nodes with the whole blockchain and with open incoming ports to which other nodes can connect to, and nodes behind a firewall which you can't connect to or without the whole blockchain.

Compare this to darkcoin network, where you could think of existing also two types of citizens: masternodes and nodes.

You can't say the other isn't P2P while the other is.

[btcxyzzz]

Its time for NEOS coin

Just like that!

[FiniteRed]

Its time for NEOS coin

Yes. It is

[HunterMinerCrafter]

I was alluding to the fact that given the salubrious effect of many eyes/brains on FOSS, we may assume a dev has good intentions regardless of their actual motivation.

It works in reverse too; if a dev refuses to release the code, we may (IE must) assume he has bad intentions.

AMEN.

It has nothing to do with anon or not, on or off chain.

It has nothing to do with centralized or decentralized or anything in-between.

It has nothing to do with paid code reviews, marketing shill hype, or mudslinging between coin cult fanbois.

It has everything to do with the fact that these are "proof coordination networks" and without open source you have no reasonable way to know the structure of the proofs, or what they prove over, and in turn have no way to verify the usefulness of the proofs and function of the network as being sound, let alone altruistic.  As such, you can have no alternative but to assume the coin does not function.

The whole "big idea" of crypto-currency is that, by the combination of the details of the implementation of proof coordination and Satoshi's social contract, no-one need explicitly trust any other singular entity.  These closed source coins not only break the assumed social contract, but also explicitly obscure the implementation detail in doing so.

A closed source coin requests of you nothing short of 100% blind faith in the developers.  In this case this is not just faith that their implementation is both as they claim and free of defect, but also faith that they will not malware your computer, steal all of your coins, monitor all of your activities, spam your address book with v1agra ads, impersonate your mother on facebook, etc.

We have to assume that any breach of the social contract is done explicitly to break the trust-free function of the network, as it accomplishes no other thing. The assumptions that have to be drawn in turn, as following from this, are all not very pretty.  In other words, *any* reason to break the social contract is inherently a scary bad reason.

If a crypto coin does not offer up it's proof structures for review then it cannot be said to function correctly as a proof coordination network, and as such it must be assumed not to function correctly as a crypto coin.

If a crypto coin violates Satoshi's social contract then it cannot be said to function correctly as a trust-free network, and as such it must be assumed not to function correctly as a crypto coin.

Closed source coins are just simply not able to be rationally considered coins at all, no two ways about it.

You'd unquestionably be better off with Paypal, WoW gold, or the U.S. Fed minting your coins as at least then you have another open code and social contract to fall back on, called tort law.

Closed source coins are downright dangerous.  You have no way to know what they can/will do, and no recourse if what they end up doing is harmful to you.

[robinwilliams]

It has everything to do with the fact that these are "proof coordination networks" and without open source you have no reasonable way to know the structure of the proofs, or what they prove over, and in turn have no way to verify the usefulness of the proofs and function of the network as being sound, let alone altruistic.  As such, you can have no alternative but to assume the coin does not function.

The whole "big idea" of crypto-currency is that, by the combination of the details of the implementation of proof coordination and Satoshi's social contract, no-one need explicitly trust any other singular entity. 

YES!  THANK YOU!

closed source "cryptocurrency" is worse than nothing at all

[evok3d]

None of these coins would have existed without the great work of Satoshi and his willingness to keep the entire project open source. I find it weird that some developers use that very technology and somehow think their work is too important to be open source. If you cannot keep the moral code of what allowed you to even have a coin then please find another approach that keeps this integrity in place.

[toknormal]

Oops.

A thread full of squabbling rats in a sewer.

I must've dropped through an undocumented manhole on bitcointalk 

[PoS]

Oops.

A thread full of squabbling rats in a sewer.

I must've dropped through an undocumented manhole on bitcointalk 

https://bitcointalk.org/index.php?topic=421615.msg9116360#msg9116360
Crypto community are cockroaches and rats because they dont buy into that instamine crap as they would wish. Now they want to try to sell it to some uninformed granny's instead.

First the Linux guys slave away for over a decade to have a open project going then Satoshi does his bit, than this scam of the earth comes along and things he can fuck everyone.
I'm so glad there are real anon coins about.

[h4xx0r]

Oops.

A thread full of squabbling rats in a sewer.

I must've dropped through an undocumented manhole on bitcointalk 

https://bitcointalk.org/index.php?topic=421615.msg9116360#msg9116360
Crypto community are cockroaches and rats because they dont buy into that instamine crap as they would wish. Now they want to try to sell it to some uninformed granny's instead.

First the Linux guys slave away for over a decade to have a open project going then Satoshi does his bit, than this scam of the earth comes along and things he can fuck everyone.
I'm so glad there are real anon coins about.

what about SSD coin? do you think it is legitimate? I went into their thread ragging them but they almost have me sold they are legit. i still not buy into it though until they deliver on all promises.

[toknormal]

Crypto community are cockroaches and rats because they dont buy into that instamine crap...than this scam of the earth comes along and things he can fuck everyone.
I'm so glad there are real anon coins about.

I think if a cryptocoin had knocked my nose out of joint as far as it seems to have done yours I'd try a less stressful pastime.

At least you're stuffed in the same clueless thread with some of the all star charlatans of Bitcointalk. Enjoy the company  

[UnunoctiumTesticles]

Operation ShitCODE Cleanout.

Enough of these C++ coins.

All coins not coded in Brainfuck are hereby on notice of their imminent demise.

[patrolman]

This is also why you should be open sourced from the beginning

anonymity should always be trusted to open sourced solutions

This is all true.  To be on my Legitimate Altcoin Whitelist, a coin must follow Bitcoin's example and be 100% open source.  Not some half-assed delayed version.

All the nooblings losing their shitcoins to Madoff Node exploits are being taught a valuable (and therefore expensive) lesson: DON'T TRUST CLOSED SOURCE!

The good intentions of the devs aren't the point and don't matter; the of point open source is to verify the code's security with as many eyes and brains as possible.

This is really clutching at straws here.

I condone using open-source software as much as possible. I would be lying if I said that I would have been interested in Bitcoin initally if it were not open source. But the cryptocurrency landscape is very different now to Bitcoin's early days. Manipulation is rife. Crypto traders are fickle. Coin cloning with a changed parameter or two and a different name is the norm. A clone coin offering no technical innovation but some tiresome catchphrases and marketing tactics once made it to 3rd place in terms of market cap. It's back in the top 5 again now.

I initially dismissed Darkcoin's chances of success because of the name but after reading some of Evan's posts I became interested in the project. I didn't like the idea of closed source at all, but it was always said that the DarkSend source code would eventually be released. I weighed up risk vs. reward and put my trust In Evan and his claim that the source code would be released further ahead. This trust was due to my assessment of his character based on reading his posts. It turns out the character assessment was quite good - he kept his word and the DarkSend source was released last Monday :https://darkcointalk.org/threads/open-source-announcement-and-future-plans.2528/.

The code's security can now be verified with as many eyes and brains as possible. Evan does not hide behind a handle - his reputation is on the line if anything nefarious is found in the code.

I'm going to write this in a larger, more colourful font, because it seems that some posting in this thread are mere shills or for some reason haven't realised this yet:
 Darkcoin is 100% open source