Topic: "John Dillon" We can leak things too you trolling piece of shit (Read 10241 times)

Thanks for the explanation. Good to know it never happened.


Very much agreed. I'm not sure what this "leak" is trying to prove.

...and you know, while we're on ethics, trying to sneak web-bugs into forums is bad, but hacking into someone's private, personal, encrypted, email as well as their computer is disgusting.

Mike's partly mistaken anyway, as I said on reddit the attack on SPV nodes was in that they give very little privacy and can easily wind up revealing the contents of your wallet. jdillon and I eventually decided it'd be worthwhile, and most ethical, to put up a fake website claiming to be a company running many different Bitcoin nodes and explaining how that would let them get data to track who owned what coins - something blockchain.info already does to an extent. It would have been a good warning to the community about what privacy their wallets actually have; we need better privacy protections in Bitcoin wallets given that someone probably will do this for real sooner or later. We did discuss actually doing the attack, but decided against for ethical reasons.

In the end we never even went that far for a few reasons, including that progress was being made, and public knowledge of the privacy issues seemed to be improving; even a simple website has ethical concerns too.

As for the DoS vulnerabilities, jdillon wanted to demonstrate how SPV is fundamentally flawed right now in that there is no way to distinguish "real" users from a DDoS attacker and the resource consumption is asymmetric; no amount of scheduling that fix that issue although it helps related issues and would help in conjunction with design changes. At the time we were having a very hard time convincing some people, Mike included, that the issue was real, and solutions that could have fixed the design were getting a lot of push-back. But on top of that there were other vulnerabilities too that affected everyone and made other types of attacks possible. So I told jdillon to hold off so the easily fixable problems that he wasn't aware of could be fixed first, and the decision about whether or not the problem needed to be demonstrated to be reconsidered at a later time.

Myself I spent a lot of time on the issue with a small group of devs, and while it's far from perfect, the 0.8.5 release is significantly improved by those efforts. And yes, I did do a type of attack on Bitcoin mainnet. After seeing mainnet nodes begin to be affected after a few minutes I stopped.

What you think of the ethics of all this is up to you, but it seems that the desired end result of getting the people involved to change their minds is being achieved. I'm not going to claim either myself or jdillon have always gotten the balance right between disclosure, demonstration, and delay, but he never made me question his sense of underlying ethics and end-goal of achieving a more secure Bitcoin in a responsible way.

He's track record is right there isn't it?

I got the impression he got hes ideals intact

In my observation, all of his 'attacks' have been to prove some point or another, and have been relatively effective at doing so.

I wish he would have pulled off a semi-effective DoS attack.  It would perhaps have produced several useful outcomes:

 - Re-focused priorities from bells/whistles and 'grow fast at all costs' mentality toward a more full 'harden first' one.

 - Demonstrated that Bitcoin has a robust enough structure that it can go down for periods of time without necessarily meaning that there is full value loss to Bitcoin holders.  I am afraid that many people don't recognize this since the solution is marketed as a pure exchange currency.

I've vastly rather have someone like Dillon be the driving force behind a successful attack since he clearly feels strongly about the importance of Bitcoin and has it's best interests in mind.  To be fair, though, I say that because his interests and my own seem to align.

It's disappointing to read that Dillon and others were thinking about actually doing a real DoS attack on the Bitcoin network, rather than write code to improve bitcoind's resource scheduling and DoS handling. That's fantastically irresponsible, but also entirely unsurprising given his track record.

Not fixed yet, but it's fast enough to be usable (for certain values of "usable")

It took over 10 hours to synchronize with the blockchain, downloading from a bitcoind node on 127.0.0.1 on a storage setup that was not IO bound. It looked like it was only utilizing 2 out of 8 cores during the process. Now that it's caught up it takes about a minute to verify a block.

I remember they had severe performance problems early, maybe they have been fixed.  If they have a way to query about the block chain, relay and hold the blockchain, that's good enough for a full node IMO.  Glad to see it's working.  I liked their talk.

They don't have a wallet or GUI code finished yet, but what they do have will download the blockchain and relay transactions and blocks, which as far as I'm concerned is all that a full node should do anyway.

I'm running an instance of btcd right now and it's doing a fine job of achieving consensus with the rest of the network.

When btcd presented, it sounded like they aren't quite complete yet.  Maybe they have finished it in the last month.  It sounds promising, I liked their architecture quite a bit.  I'm not as familiar with Go, so I didn't dig into the source, but the Conformal guys definitely get it and I wish their project could get more traction.

I've also looked into Bits Of Proof, not super close, but close enough, and like that a lot too.  I need to get more up to speed on JMS to really play with it more, but it has promise.  That's the stack I am planning on looking at most closely going forward.

http://en.wikipedia.org/wiki/Web_bug

Well... who hacked the bitcointalk forum? inputs.io? etc. etc. etc. Lots of unknowns, and that's on both sides of the we are or aren't being played thing.

nothing to see here but played out bullshit.

Exactly the same feeling on this side... Hopefully we're not being played. Who the hell could the hacker/leaker be?

Bits of Proof was first, I think, but I'm not as familiar with it.

Also the Conformal guys live in the same city as I and show up at the local Bitcoin Meetups sometimes, so that's probably biasing me in their favour since I never met Grau in person.

One thing that I think would be extremely useful is if one of the teams that has done a reimplementation would start pushing code upstream to the Satoshi client, adding unit tests and documenting all the quirks they had to replicate to reduce the possible scope of an undocumented incompatibility that could cause a fork.

Maybe we could even pay for their time via a crowdfunding campaign.

I hope that you are right and the text is accurate.  I mused about the probability of demoralization in spook-land a while ago on this forum (pre-Snowden), and I hold out a fair amount of hope that the actions of some of them will have a strongly positive effect on our society.

I am an unhealthily open person for the most part, but I would never commit something like the Dillon comment to media and send it outside of my control.  The reasons for this should be rapidly becoming clear.  I've met you in person and have studied much of your work and have no reason to believe that you are anything but the real McCoy, but I cannot know this.  And even if you are, and are obviously well capable of performing data security, everyone slips up and certain people are much more likely to be under attack.

See, my exposure has been that like the rest of us, they're humans too.

One of the more interesting comments about the downfall of the Silk Road was that the social environment of being DPR is incredibly unhealthy - who could DPR have as a friend to talk too after work? jdillon and I often talked on OTR real-time chat - AFAIK the only person he did that with - and it's certainly easy to imagine wanting to open up a bit about who you are. Just human nature to want to connect with like-minded people and communicate.

You could be right of course, but I don't see anything suspicious about it myself.

The fact that Dillon would write something like that makes me kind of suspicious that it is not true to be honest.  I figure that such guys are better trained about releasing information than that.  In my admittedly limited exposure to the spook types this is not something I would expect.

I don't think it is excessively paranoid to believe that Bitcoin and related developments are important enough that there will be a lot of subterfuge and targeted interest in the primary players.  I figure that a smallish group of people involved in the U.S. intelligence apparatus took a significant interest in Bitcoin about the time that it proved useful to Wikileaks.  My basis for believing that is that the null hypothesis seems unlikely.

Further, a lot of the early interest in Bitcoin was from people who had some problems that it solves, and not always for especially pure reasons.

And that there has been a growing interest from curious geeks, intelligent criminals, bored financial services types, etc.

All of these groups of people are likely to have had the potential to see where Bitcoin could go in 'favorable' scenario, and it seems like it might be starting to happen.

I do not think it is a bad idea to expend some effort thinking about possible unpleasant scenarios and how they might be dealt with.  If the Winklevoss guys and other speculators are even close to being right about certain things then the stakes in the game could get quite high.  That is, I think, more a sober analysis than some form of hysteria.

Thank you for the clarification. I haven't felt comfortable supporting the BF so I never signed up. I guess I have to now...



Yes, keeping a close eye on that. You mentioned Bits of Proof earlier, I support that effort as well. Seems to have a strong(er) code base, although don't take my word for it. Modular nodes ftw.

That's a releif, I thought I was lazy/incompetent