Topic: delete - page 47. (Read 165521 times)

1. There is exceedingly little C except the crypto libraries (essentially copied from another existing crypto library project), which we aren't working on because existing crypto libraries are fine (other than verifying that the code has not been tampered with and tracks upstream fixes if any).  The bulk of the project is C++

2. Simulations, prototypes or other contributions can be in any language. Tacotime's simulation used Python. Prototypes have also been doing in Python and then converted to C++. Other work has been done with Matlab, and probably some others I don't remember. Scala or well-presented math or anything else is welcome and useful. Vague assertions of uncertainty and doubt are close to the definition of FUD. No one is trying to suppress that even (futile in practice to even try anyway), but I am pointing out that it isn't useful to Monero any other project.

The cultural stance is not significantly distinguished from the range of cultures I've seen on other open source projects on which and with which I've worked, which is quite a few.

Your characterization of it as a cathedral is straw man.

Perhaps it is a cathedral compared to your internal mental model of what constitutes bazzaar-style development, but by the standards of reality it is not.


No, I'm saying that any recipient of any coin is vulnerable to a chain fork that removes the transaction they received. This is mitigated by a judgement of the recipient that they have waited "long enough" for such a chain fork to become unlikely. I said nothing about 6 confirms. In practice recipients make their own judgement about number of confirms. In Bitcoin many use less, and in altcoins many require far more. In all cases there is likely some sort implicit or explicit fraud scoring, but that is really none of my business and is up to the recipients to sort out. Ring signatures do nothing to change this except what they are intended to do (inhibit tracing, and thus indirectly blacklisting), and nothing here is remotely specific to Monero.


Not exactly.I'm saying that useful contributions take the form of actual math or code. "There might be a flaw" is FUD almost by definition.

Agreed, except "a bounty" was paid and so far not "the bounty". Or at least last time I checked only 7.5 of 10 had been paid. Note smooth's group and jl777 paid instantly. It was explained to me that we have Christian leader who doesn't follow the Biblical instruction to pay wages daily upon agreed completion of work. A rich man floating on a poorer man's income is a sin according to the Bible. I used to do payables net 30 etc, until I became of aware of this Biblical verse and it shamed me.


Smooth is referring to the fact that I have not shown any proof that the private keys can be cracked, I only pointed to some simultaneous equations that are revealed when the spender of the ring is revealed per my (or their published) algorithm. One case of the simultaneous equations has been shown by their mathematicians to be equivalent to Diffie-Hellman exchange thus proven to be uncrackable by current assumptions. However, not all of the cases were disproven. Thus he is factually stating any relevance to BCX is unproven and not obvious. He is not saying there is no possible relevance, although I am assuming he thinks the probability is exceedingly small thus the onus on someone other than them to prove it is relevant.

Note afaics the mathematical point of Taleb's Antifragility is that many improbable long tail events accumulate.

Yet I think the algorithm they paid a bounty for may have an obvious relevance to BCX. If a BCX chain attack gets hopelessly wound in a Gordian knot, my algorithm may be able in some cases to untangle the anonymity so that it can be determined which transactions actually spent the stolen coin base rewards. I don't know how realistic it is until it is coded, tested, and characterized.


Agreed. But you are conflating apples (Linux) and quarks (crypto-currency) because Linux is an effort to copy an existing operating system (Unix) and concept which was already fleshed out in the real world. Whereas, crypto-currency is still very much in the formative, research, experimentative, conceptual stage.

I am 80% certain that this cultural stance is going to be why XMR is beaten by another effort that understands better how to spur innovation by not suppressing or expecting a Cathedral style of progression.


Shocking.  

You are equating the ability for a user to wait for say 6 confirmations to have a mathematically quantifiable probability of assurance, with the risk of a coin vulnerability allowing spends of any age to be double-spent (reverting a spend is double-spending).

Some Bitcoin devs thought selfish mining was FUD.

---

Irrational.

FUD (fear, uncertainty, doubt) is the reality because you don't know how vulnerable XMR is or is not. Thus it is healthy and should be priced in. Controlling information flow to prevent credible FUD dissemination is very unhealthy and prevents Antifragility. Note I am distinguishing credible and rational discussion of concepts from pure chicken little noise from n00bs.

http://unheresy.com/Information%20Is%20Alive.html#Knowledge_Anneals


If the XMR code wasn't a shitload of C and written in some higher-level language such as Scala, I would enjoy coding it. Sorry I don't use C any more except for the optimized smallish portion of a code base. I wrote 10s of 1000s of lines of assembly and C code in the 1980s. Enough of that.



I sat on the developer IRC for a while and I see mostly talk about the nitty gritty details about the source code. Sorry I am a high-level thinker. And thus I also like to code in high-level paradigms.

gotit - my bad

No that is a mischaracterization. What happened was that a bounty was offered for revealing an exploit that was shown to be stronger than what we had already published. The exploit turned out to have no obvious relevance to BCX, but nevertheless the requirements were met and the bounty was paid.

TFM is not "working for" the Monero project and has no obligation to us at all. He is welcome to contribute based on the project being open source as I discussed in my previous message. Useful contributions would likely take the form of code or well formed mathematical analysis. That is exceedingly rare here, but it does happen.

In case the issue of Linux comes up again, I will point out that I have personally made contributions to Linux. They took the form of recommended code changes coupled with test cases that clearly and explicitly demonstrated the benefit of the proposed code changes. If I simply posted about how this or that was a possible flaw without doing the work to support my claims, I would likely be ignored or ridiculed, as I have seen happen to many people in the Linux developer community.

TFM: "Entanglement" is no more an issue than reversal of the often-untraceable transfer of coins after a long (but ultimately temporary) chain fork, particularly through exchanges and other intermediaries. In both cases, when the fork is resolved one way or another, some transactions will be unwound, and those who accepted coins as valid on the wrong fork without a sufficient number of confirmations (always a judgement call) are out of luck. The only possible difference would be the ability to blacklist "bad" coins in traceable chains but not Monero, and this is a feature not a bug.

Expending my scarce time to for example explain why checkpoints are not a complete solution is not helping?

That some people think I am not helping means they are biting the hand that feeds them.

so there paying u to find flaws and ur just badmouthing them and saying tehy don't care?

bite the hand that feeds u much?

Most certainly. Congratulations on your successful triumph by the unassailable power of proof by assertion.

Oh wait, was there some other evidence of shills that I missed?

 

I'm waiting for that to happen even once. Then I will be convinced.

In this space the reasonable a priori belief is that FUD is just FUD. That does not mean it can't be reevaluated in light of new evidence, but without evidence, no, and without reevaluation the a priori remains rationally useful.

The code is open to all eyeballs, just as is Linux. Github, including developer's forks on github are open. Discussions on #monero-dev and other suitable channels are also open.

There is nothing being hidden, but we await actionable competently analyzed information. So far there has been none.

Monkeydiaperchanger, an empty chair symbolizes your relevance succinctly and completely.

Agreed.


Commendable.


Controlled information is never as efficient as an Inverse Commons. The reason is Linus's law, "given enough eyeballs, every bug is shallow".

One person's FUD is another person's eureka instigator.

Myself and others have many times tried to suggest that the culture of controlling information flow is what is causing such a big problem for XMR's public perception. I also have this private speculation (my pet theory) that it limits the technical innovation, diluting the impressive brain power in the group.

Information and truth want to be free(dom).

My time on planet earth is more valuable than this.

You lost the argument. Your coin is driven by shills - paid or unpaid - makes no difference.

Have fun counterarguing this point with an empty chair.

The extent of that vulnerability has not been quantified and thus nothing of substance is demonstated, we merely have a proof of concept and a supposition. By contrast, the MRL-0001 analysis that shows numerically that 82% control with low typical mixin usage on the network is clearly devastating.

FUD (aka repeatedly proclaiming "this might be a flaw/vulnerability" ) is easy. Proving something to be an actual practical vulnerability is much harder.

That is certainly not "not invented here." We've uncovered various potential issues that are also in need of in depth analysis. We consider both to be in the same category, except that we don't go around shouting about "possible flaw" before we actually know the validity and extent we are looking it.

And XMR paid me (7.5 BTC thus far, 2.5 BTC in arrears) for a supplement to that which is an idea for potential amplification and mitigation, where for example in some cases the attacker doesn't even need any of the outputs that are in the ring signature. Omitting my contribution (which y'all paid for, thank you) could possibly be construed as subconscious "not invented here bias" (hope not).

You got busted!!

too much drama, way too much drama.
more development needed not blabla! smooths et al. post history is 99% drama recently. We want to see advancement guys! Don't let this shitstorm get you down and continue developing please, or have you stopped?