Topic: Lightning Network Observer - page 19. (Read 13809 times)

Lol. This is like "tell me you don't understand lightning without telling you don't understand lightning". 

Gossip doesn't have to do with privacy enhancement. First of all I can open a private channel with a partner, and make it invisible to gossip, but let's leave that out for a sec. The fact that the channels are visible by everyone doesn't mean the off-chain transactions are too. They are not. I can make a million transactions wherein I move sats back and fourth, and have the channels closed afterwards; you can't make some rational conclusion about to whom I sent, and how much I spent.

According to franky1, "the blockchain and peer to peer system" does it all.  I guess we can all disable our firewalls and uninstall our antivirus, then.  

Neither the blockchain nor the peer-to-peer aspect of Bitcoin can prevent nefarious people from distributing malicious software, cretin.  I hope you get every virus on the face of the internet, lose your stash and finally come to terms with how utterly gormless you are.



So your argument is that people can check multiple sources to look at transactions, but at the same time they're completely incapable of checking multiple sources to verify they're downloading legit software in the first place?  Yes, I'm sure that would make sense in your fractured mind.  

Any further golden nuggets of wisdom you'd care to share with us, numpty-boy?  

you think you are private?

1ml.com can find your channel.. yep thats how your network finds you. with "gossip"

if you want privacy vs security. then atleast dont pretend funds are secure. admit people should be aware of the risk that to attain more privacy they lose security

Correction: you trust a browser app that the address it shows has the corresponded balance.

You can trust multiple sources.

That's a feature, not a bug. What happens between two nodes stays between those two. Incidentally, it provides extra privacy.

You can't fix something you don't understand.

the blockchain and peer to peer system .. you absolute ignorant blindman

you can check multiple sources..
open a friggen browser app and check your address from soo many sources and you will see that you got paid or not the right amount
..
in LN you cannot check you commitment/state in the phone apps if all you can see is the gui. because the commitment is not on 10,000+ peers to view elsewhere

but with bitcoin you can see you got paid by checking with multiple sources.

..
as for a fix for LN.. if you cant work it out.. thats on you guys.

i can think of a few fixes. but you lot already said you dont care to fix it. so the shit is on you

..

consensus does fix it as thats the whole friggen point of it!! its what blockchains are designed for. getting paid on a blockchain network is more secure than a "stupid-contract" network invention from pre-blockchain era.. yep contract system networks is an older idea and more broke idea than bitcoin. it was bitcoin that solved the old contract system problem. not the other way round

lightning is a "smart contract" network.. nick szabo white papered "smart contracts" before satoshi white papered bitcoin..so its OLDER and frven faultier

yep szabos idea was not "perfect money" dues to flaws even he admits to. its why nick szabos networks and ideas didnt flourish into anything by themselves in the 90's-00'


it wasnt until consensus systems solved the smart contract problem in 2009.. IF you are using a consensus system such as the decentralised blockchain network called bitcoin to make payments within the bitcoin network value is more secured...

.. but moving away from consensus systems. makes your value less secured. the less features of bitcoin security are included, the less secure value is in the silly network you adore so much

"Many things".    
Yeah, that's about the level of clarity we've come to expect from you.  Typical franky1 evasive fuckery.

"Many things" like what?  What specifically would prevent someone from coding a Bitcoin wallet that displayed fake transaction amounts?  Malicious software could display any value.  The rest of the network would know what the real amount was, but the malicious client can display anything the attacker tells it to.  Consensus does not and cannot fix that.  Tell me how you fix that "flaw" or STFU.



It's still arguably more secure than accepting a zero-confirmation transaction on-chain.  Can't help but notice you always leave the timeframe out of the equation.  More franky1 evasive fuckery.  Just conveniently gloss over anything that doesn't suit the narrative right?  Disingenuous scum.  

Given the choice between receiving a 0-conf on-chain and receiving an off-chain transaction, yes, I would pick off-chain.  It does involve being careful, but there's less opportunity for scammer to rip me off.  Run a "scenario" on that, shitweasel.

blackhat:

dont even start by talking about key control. your just evading the subject

its about the security and trust that a PAYMENT SYSTEM actualy ensures the payee gets paid what it is promised

again with bitcoin when you see value confirmed. its done. settled. complete. you can then release goods for deliver.
in LN there are just too many ways to "appear" paid but find out you have been fractioned down to a smaller amount and not know about it until its time to "close out" days, weeks, months later

and yes there is a way the network can mitigate this risk but you folks refuse to even think that the lack of security is a problem in regards to ensuring people get paid what they deserve at the time of payment

again dont turn it into a "wife stole your keys and ran off with the kids" software scenario at home pc level problem.. concentrate on the payment value promise across users within the network who do not know each other and are not accessing someones home pc with their fingers

---

as for your question about a side/sub network of 1:1

use of other networks where people beleive they can move bitcoin out of the network.. yes a problem, because thats not the function of the bitcoin network bitcoin never leaves the bitcoin network so stop describing LN as "bitcoin"
instead call them backed btc or wrapped or LN-BTC but just dont pretend it is bitcoin (i already applauded you recently for calling it LN-btc instead of preview months/years where you tried to lomote LN as just bitcoin)

alyways even on another networl of backed/pegged units whether its 1:1 or 1:1000 rate

EG do you trust custodians/side chains, to the same extent as:
a proper bitcoin confirmed UTXO solely available on your key with no partner/middleman control
i doubt even you can say you trust other networks and systems that much

but taking it one step further of having a unit S to unit MS where that conversion rate is not network wide protected to stay at that network preferred rate, is another level of security risk of value. its not about the rate. its about the conversion process of the rate.
so dont make it about the numbers. its about the conversion security

after all if there was a 1:1 rate. which is not as bad as LN. still has issues as a few stable coins recently learned that their rate changed without notice and lost alot of people alot of value

so its not me moaning that bitcoin sat:msat LN of should should use 1:1  
it is the enforcement of X:X stays as X:X
                               or X:YYYY stays at x:yyyy where the network ensures the rate is locked and not variable as easy as LN can be abused

where the network has ways to ensure users always swap at the network fixed rate. and the rate cannot change to x:zwbd or just x:w

---

summary
flaw A:
if dave and clive had a channel capacity of 0.00100000 LN-btc
where doing payments daves GUI display shows

local: 50000000
remote: 50000000

where dave doesnt get a commitment of ln-btc 0.00050000
thus cant settle/be paid to the bitcoin network 0.00050000

flaw B:
the LN network as a whole suggest network capacity of 5000 ln-btc
yet software exists that can inflate that to more then 5000 ln-btc without even needing funding lock to 'reserve' that capacity.

you lot want to cal A a user fault and B a service feature

In Bitcoin, if you lose your keys, you lose access. In Lightning, including the previous risk, if you lose the channel states you lose access. It adds risks, but it's of the same level. If you lose a specific file, you're likely to lose access. The funds arrive in an off-chain manner, I won't repeat.

Can I ask you a question, and please answer honestly, 'cause I think I'll throw up if I see this "1:1000 peg" for one more time: if lightning did NOT have millisats, and everything happened in sats (1:1), would you find a problem in that?

you are not realising that the bitcoin network does many things to mitigate many "user software" attack vectors..

its funny how you only want to demonstrate bitcoin user problems that are about their local machine and their wife using the husbands computer.. and not addressing the many victors that are mitigated thanks to bitcoin network rules that stop abuse at the payment peer to peer process between users of the network

you wife or someone you know messing with data on your local machine is different to missing with the funds you thought you deserve/were getting which never actually arrived.. securely and guaranteed yours to keep as long as you have the key

..

now here a challenge for you.
put your confirmation bias aside for atleast one post reply
put your defend a buddy mantra aside while replying
put your ideolism and favour aside for one post

now imagine(stretch your mind)
ther was some side/sub network offering all the features you promote. where its unit of measure is the same promoted
    1:1000 peg rate
sat : subnetwork unit

but they said
"yea but um.. [scratches head] we cannot guarantee that when users want to convert their units back to bitcoins sats, um.. we cannot ensure that the peg is secure for users and if they find out they lost value. we want to just blame it on software..
..yea there is probably a network fix we can implement on our side to mitigate that risk. but we dont want to implement or discuss that, we will just say when it happens, that its the users fault or a malicious user."

now be honest.. would you trust that network

would you want to call that network secure enough to be a true good utility sidenetwork or stable coin for a mainnet asset or would you be questioning their ignorance of security

It doesn't have to be network level, though. In Lightning, your own machine checks that nobody is messing around.
Provided of course, that your machine is safe.
If you get a malicious client, you can be exploited 'through the network' on L2, yes.
But if you install a malicious client, you can be exploited on L1, too. Not through the network, but simply by stealing private keys.

The same level of access gives the attacker the same level of power (ability to steal everything), just through a different means.
Having network checking channel states or not, makes no difference, because when you get the private keys (L1 or L2), you have full power anyway.

Who said that? Franky nobody wants to replace Bitcoin L1 or anything.. Don't worry!

you are stuck in one delusion of trying to say a problem is the fault of something else or the problem is not what is being decribed by saying its something else..

when users make payments in any currency or any system.. a user wants security and assurance that what they get at the end of the payment is exactly what is owed to them

there are network level ways to fix a flaw where channel partners can mess around. but you are avoiding any discussion of such and instead say "its just a software issue and a fault of the user for downloading it"

in code everything is a software issue. but that does not mean there is no fix

but hey if you want to admit that funds can be abused and stolen. at the payment stage.. (and dont you dare suggest that this is the same as your wife stealing your wallet key.. you comparisons are wrong).. which is in this scenario only found out days/weeks/months later when a person finally wants to settle out and close. is a fault of the payment system

if you want to pretend that msats always convert to sats and people are guaranteed to get the msat/1000 rate of promised amount.. then ensure you have fixed the flaw which makes your guarantee false(breaks the promise)

and yes it can be fixed at network peer-2peer level. so dont just blame users software..

yes user software can trigger an abuse because there is no network security to stop it. because you fools dont wish to protect users from certain software abuses

if you cant work out the fix. then thats your problem too.. not your users

but until its fixed dont you dare pretend that LN is a network that offers a solution to bitcoin where you want to call it bitcoin 2.0 where you want to brand steal and suggest it has the same or better security level as bitcoin.. because all those claims you guys make are false

LN is not better then bitcoin

---

as for blackhats false narratives of trying to convince people that pruned is full
1. him trying to convince that "full node" does not require storing the block data
https://bitcointalksearch.org/topic/--5423213

2. here are 2 examples of 2 topics where they are both about wanting to be full nodes and asking about full nodes. and he comes along and promotes and advertises pruned while not really explaining why its not "full node" any longer
https://bitcointalksearch.org/topic/m.60980561
https://bitcointalksearch.org/topic/m.59800154

in second example he says being a full node(validate and archive) is a oxymoron where storing it is not essential or useful!! (facepalm)

3. here he is again muddying the waters by suggesting there is no real difference apart from storage space on someones pc.. totally ignoring the network effect of peer to peer security of a decentralised blockchain and also data sharing for IBD
https://bitcointalksearch.org/topic/m.58645297

he promotes pruning as if its the same as full node.. forgetting that not having the blockchain is no any different. even though the whole purpose of decentralised blockchains is to have a distributed supply of nodes that have the blockchain. and also the whole network service of being a seed for more users to download from.. something pruning does not offer.. yet he does not want to acknowledge the lesser network service offering a peer offers when they are a full compared to being blackhats version of "fool" node

you guys are incredibly ignorant to the point of being malicious by not caring about others on the network(s) you say you love

---

responding to below
by calling LN a bitcoin solution is suggesting LN is better.
calling LN bitcoin 2.0 is suggesting its the next gen better version of bitcoin..

both are LIES

When did he say that? You seem to be making stuff up sometimes..

Really? That's what you're getting from these threads?
We're admitting and discussing issues all the time; as long as they're valid. There is no way for Bitcoin - on any layer - with or without network consensus - to make sure the clients are safe. So there's no point arguing about attack vectors that assume a compromised software client == access to the signing keys. That's out of scope for any wallet of any crypto, on any layer, on the face of the planet.

I'll say it again: the blockchain / network cannot make sure your client is legitimate. It has no way to magically scan your computer and make sure you don't have a backdoored or otherwise modified client.

Please, franky: 1 question. How do you envision that Bitcoin L1 ('the blockchain') protects you from downloading a 'fresh new wallet software' which works normally, but in the background fetches ~/.bitcoin/wallet.dat and uploads it to my server?

Well, I don't find it paranoid wanting to make sure that your wallet isn't malicious. I believe that it's everyone's duty to make sure they trust (or check) the codebase - safest thing should be Bitcoin Core - then make sure they download from an official source (not from Google, ...) and verify checksum + signature, before executing.

Meanwhile: we've accepted and described the corresponded risks of doing off-chain transactions years now on every little shitty talk with franky.

Had we ever put pressure on you to use lightning? No. Pretty much the opposite. We're accomplishing change, without asking you; that's the genuineness of second layer. However, I can't say the same thing about you and your ideas on a protocol level.

Every "fix" you've ever proposed to Bitcoin seems to involve some downright draconian nonsense and is immediately disregarded by anyone who isn't a totalitarian wingnut.  I've no doubt the same would apply to anything you propose for LN.  Assuming you even understood LN well enough to propose fixes, that is.  Pretty sure you don't.  

It is widely known and accepted that off-chain has a different security model to on-chain.   However, that does not mean anyone will accept your hypocritical nonsense, resorting to lame fear-mongering about malicious software affecting off-chain transactions when exactly the same argument can be made for on-chain transactions.  No one would ever use anything if everyone had your level of paranoia.

Every time you argue that malicious software can cause Lightning users to lose funds, you are simultaneously making the argument that malicious software can cause regular Bitcoin users to lose funds.  If you're quite finished failing to convince anyone of anything, we'd like the topic restored to rational discussion now.


//EDIT:


No one said it was, you obnoxious, gaslighting piece of fucking shit.  LN is an optional add-on which may benefit you in some circumstances.  It isn't designed to replace Bitcoin, so shut the fuck up, you loathsome, pathetic, deceitful faecal blemish.  

oh angelo..
pruned node is not a full node. but ill leave you to cry and enjoy your fool node

as for LN's lack of consensus. its funny how there are ways on LN to fix issues but you lot dont even care to admit there is issues to even want to discuss fixes.. all you want is mass adoption of users to then have them lose value and you blame it on softwware

a good payment system has network security to reduce possible threats and if there are threats that can be removed via some network effect protocols. that network should use them to protect users.. by avoiding a security option says more about your lack of care than it does about people making you aware of issus.

anyways
ok the 4 lemmings want to play ignorant.. says alot about their care for their network

ill leave them to brush it under the carpet and leave them to live in their ignorance because all they want to do is shout loud how they think that bitcoin is broke and LN is the solution. yet its LN that has the major flaws and they are not even willing to discuss the problem or think of fixes, they just want to pretend they cannot understand what i am saying by avoiding the context just to troll about how im not using their preferred glossary of terms buzzwords they favour to describe their favoured system which they dont even fully know whats happening under the gui..

and thats why ill continue to call them the idiot fangirls of a broken network

have a good month. just stay on your network and stop trying to polute the bitcoin network with your subtly deceptive games to try getting people to stop supporting the bitcoin network

have fun

Thats so much more stupidly convoluted it was hard for me to tease of of his rantings...  Ah well.  I have returned to the peace of ignoring him. lol.

What the hell is a lightning receipt? Speak according to the glossary. Do you mean that C can alter the script A has signed (which says that it pays D an amount under that one condition) and steal money from D?

To fully comprehend franky's nonsense, you have to read one of his posts wherein he explains that running a pruned node is less secure, because an attacker can compromise your machine and alter the UTXO set. It doesn't even pass the laugh test:

Precisely.  His argument that malicious software is somehow a bigger threat because LN doesn't have a global consensus mechanism is deeply flawed.  Consensus can do a great many things, but it can't protect you from malware, viruses and other nefarious programs.  It's fair to say there's a steeper learning curve to use LN, so it might be a case where newer users are more susceptible to falling victim to scams in an environment they are likely less familiar with.  But then, that would have also been a valid argument for the earliest adopters of Bitcoin itself to avoid getting involved in the first place.  So it effectively amounts to fear-mongering.  "Don't try the scary new thing".  And it only looks more disingenuous when combined with his views on developers and freedom in general.  The bias is palpable.

If a narcissist isn't happy, they'll try to make everyone around them as unhappy as they are.  That's franky1 in a nutshell.  He's not happy, so he has to make everyone else's life an utter misery by acting like an obsessive-compulsive weirdo all the time.  Even if he had a valid point (and he doesn't), he wouldn't be able to make it without being completely obnoxious, alienating others and isolating himself. 

In a setting where security is achieved through mutual cooperation, you'd think he'd have a better appreciation for learning how to work with others.   

That's not his issue. He's talking about an attack that modifies the 1000 msat multiplier to e.g. 10 - so if I send you 2000 msat, your wallet thinks you got 2000sat instead of 2 - and the channel close would just give you 2 sat, of course.


Don't prevent the attack you're still talking about, though.
I'll say it again: if you can get a user to install your wallet, which has measures in place that help you steal their funds, you can do that on L1 just as well as on L2.

How exactly:
(1) On L1: Seed exfiltration. You send them a wallet to use, that sends their seed to your server. Whenever you feel like it, you can use that to steal all their money.
(2) On L2: Seed exfiltration or modified msat multiplier. You can do the same attack like (1) to steal their LN wallet's onchain funds, as well as modifying the msat multiplier and opening a channel with them, like you describe. One way they could notice though, is that any other (legitimate) channel partner's payments will look 10x higher or 100x higher (whatever multiplier you chose) than they should be.

The Electrum server can fake it; of course the user can verify with a blockchain explorer (which could also fake it, though).
And especially the client can fake it. Which is what we've been talking about here. If I give you a malicious LN client, I can also give you a malicious L1 client. Under the premise of 'simplicity', I could also code it in a way that it doesn't display transaction IDs; and there you have it - no way to check with a trusted blockchain explorer, either.

heres the thing...

in the digital world, made of code..
EVERY bug, flaw, attack vector could be blamed on "malicious software"
you know.. because its.. code


but in a network of users of software. where there is a broad network protocol each users follows to stay inline with each other. where there is a modecome of trust that the network secures value so that payments cant be faked, frauded, stolen..

if users across the planet are using a network where that network cannot guarantee someone is going to get paid right.. guess what. that is not a guaranteed payment network. its not a system that protects users

especially if there is ways to prevent it but idiots dont want to fix it at network level and just cry "blame the user" "blame software"

if at network level you do not have a rule to seek/avoid such, (which can punish or ban users that try to run malicious software).. its a no longer 'just' a software problem. its a network problem if that problem affects different users across the network

bitcoin. for people paying and receiving in bitcoin on the bitcoin network there are network rules.. that prevent many many payment attacks

EG
 if different people were to pay a user of 0.01btc (recipient uses say electrum)
an electrum server cant fake that to make the electrum user only get confirmed 0.0000001

however in LN of nodes where recipient of funds is d
      x    y
      |     |
      v     v
A->b->c->d

where abczx was to pay d.. C can abuse d's receipt and d ends up with loss

...
if the problem is about one users interaction, where the problem is not about the payment but the users storage. where the risk is his own wife using his client.. . then that is a local software problem

as for capslock

if users across the planet can abuse another user somewhere else, by fake paying them 1xx,xxx,zzz amount that
look as being paid 1,000sat at a network set rate of 1:1000 yet the user settling up only gets 1sat

its not a rounding error(remove the z)
its a conversion error(zx total is divided by more then 1000)
emphasis
1,xxx,xxx,zzz msat
dividing by more then 1000 = more than the z being cut off

oh and there is no network enforced rate. because the network is not enforcing it. instead its advising/suggesting software use that rate. but has no rules to enforce it. .. but could, but chooses not to have a sanity check mechanism