Topic: ripple: let's test it! - page 12. (Read 43853 times)

Thanks dchapes for the explaination. It looks i still dont get ripple fully.

What does a buyer need then? A ripple account of course right? But how secure is it that i get the payment? I have a shop where i only offer liberty reserve at the moment. I had paypal, alertpay and moneybookers once but the amount of scams where to high. Chargebacks, stolen accounts and so on. So how secure would such payment be? Can the buyer make a chargeback somehow? Or can the buyer create a new account and scam me with the trust somehow?

Most buyers come to me and ask me if they can pay with paypal. They only have paypal and so on... but the risk for me is too high to accept this. So when such a buyer has a paypal account can he pay me when he opens a ripple account? Could i tell them that they can pay with paypal when they have a ripple account?

It would be great if i could get paid through this without having to fear being scammed and when the buyers could use the system without trouble. I mean i tell them they can use liberty reserve but thats a problem for most. They have to create an account there and have to send money there. I wonder if ripple could help here.

How can i find exchanges to trust? For example is mtgox in ripple? Or Liberty reserve? I tried the trust-part but it wants a username, no search possible it seems.

Sure, one way would be to set the price of your items in the currency or currencies of your choice, USD, EUR, BTC, whatever. (e.g it'd be a lot easier for an American just to price items in USD rather than always looking up the daily or hourly BTC exchange rate). Generate a QR code and/or a Ripple URI something like https://ripple.com//send?to=r3kmLJN5D28dHuH8vZNUZpMC43pEHpaocV&dt=12345&label=Invoice23&amnt=15.23/USD on your checkout webpage or invoice or whatever.

Probably trust a well known gateway like Bitstamp for the currencies you want to accept. This will help ensure Ripple will be able to find a payment path to you.

When people go to pay on you via Ripple the system will see what payment paths are available and give them the option of which of their IOUs to use. E.g. you wanted $15.23 USD and Ripple says I can use $15.468 CAD to pay you. You don't care what currencies I use or if I'm borrowing from a trust line or whatever; you just get what you asked for from one of your trusted sources.

If you're using an automated checkout you'd add a destination field in the payment request URI and wait for payment(s) and adjust the "amount due" field on your customer's page as required until you get the full amount (perhaps I want to pay you $10 USD + 1 DYM + $3.28 CAD using several payments instead of one).

When you want your funds out of Ripple you transfer them to a gateway and have them added to your bank account (or sent to you via BTC).

Those are the only ways to get value out of or into Ripple.

The same way if you want to use Paypal or Google Wallet as a payment processor you need to trust them until you get the funds in your own account, you need to trust the gateway (or your trust lines) until you can get your money out. With Paypal and Google Wallet you pay high fees and have lots of restrictions, charge backs, limited currency support, etc.

Is it possible to use ripple to get paid by customers for shopitems? Or does it really only work with friends or trustworthy exchanges?
How about moneybooker, paypal and so on? Can they be traded with ripple when you dont have an account there? And is it safer this way?
I still dont find a case where its useful to use ripple.

Yes something like this is needed.  Like how on bitcoin you can download a p2p client to help the network.

Very interesting, thanks for the detailed reply!

Once the server source code has been publicly released, you pretty much just install it, run it, and then tell it to generate a validation key. Then you can publish your validation public key either manually (by telling it to other validators) or by associating it with your domain. (Check out https://ripple.com/ripple.txt or https://weexchange.co/ripple.txt to see how domain association works.)

Validators actually need less horsepower than servers that deal directly with clients. They don't need to keep any history. The don't need to find payment paths. They don't need to handle "expensive" queries for complex information. Theoretically, they only need the current ledger. Of course, they do have to process all transactions. They do have to negotiate with other validators. They do have to sign validations and proposals. They do have the check the signatures on proposals and validations from other validators. They do need to do this fast enough to not hold the consensus process up. If part of a cluster, they can distribute the ECDSA signature checking load.

Well, it seems difficult to host a validator node, or even a regular node for that matter.  How do you do that?

That's correct, though it doesn't protect against many kinds of attacks. For example, someone with sufficient hash power can alternately deposit and withdraw Bitcoins at a large exchange and then rewrite the block chain to turn his deposits into double spends. This might undo a large number of transactions made by other people who withdrew from that same exchange. So even though he can't touch Bitcoins that never moved, he could contaminate a huge fraction of Bitcoins that do move. (By invalidating prior transactions that they depend on.)

Strictly speaking, that's all they need. But a validator can demand whatever proof it wants. Of course, if it doesn't agree with the majority, it won't do much good. But validators can get together to instill any rules they wish for how to determine the valid ledger.

We don't think so. Should this ever be an issue, a validator can adopt a policy to defend. While your policy could be to accept any ledger that has the majority rule, your policy could also be to be the "valid minority" if the apparent majority can't prove the validity of the ledger it claims. It is the validator's job to, in consultation with the other validators, declare the valid ledger. If you don't like a validator's policy, you are free to ignore it.

All of these policies work. If some vulnerability were ever spotted in the policy, it can easily be changed with no need to get everyone to agree on the change. The current code goes with a strict majority and does not demand a chain of proof. We're investigating whether this is the ideal approach.

The advantage of the Bitcoin approach is that the result is unambiguous and (barring bugs like the one that caused the recent split) everyone with the same data should agree on the same result. This does guarantee that if you don't try to move your coins, they stay safe. The advantage of the Ripple approach is that validators can be flexible and you're immune to attacks based on people who gather hash power. If someone does cheat, a consensus can revert the ledger just as was done with the bug that create Bitcoins out of thin air. The disadvantage of the Ripple approach is that unless validators adopt a policy of always demanding proof, you can theoretically lose coins you never moved. Of course, validators could insist on such proof before allowing a rejoin after a split.

Ripple is much more flexible than Bitcoin in this regard. That is both an advantage and a disadvantage.

Right, that would be the type of attack you'd have to try to make work. It can be defeated by validators demanding proof of a valid chain. We do need to investigate what the right policy is. I think it's that you just go with the majority on startup but that if you see things change while you are running, you demand to see a proof chain and be the "correct minority" if you cannot get it. (Of course, while you remain in the minority among nodes you choose to trust, you have to pronounce the network "broken" this protects those who trust you from transacting on a split network. Failures should not be silent.)

Another possibility might be to demand proof if you've been down for less than a certain amount of time. If you shut down for ten minutes to reboot a server and all of a sudden a majority is claiming something completely different, you probably should try to build the minority. But things would already be fairly broken if it got to that point.

We have a "clustering" capability to declare nodes that you fully trust. This allows a group of servers under common administration to distribute the cost of ECDSA signature checking. If we're part of a cluster, we could go with other nodes in our own cluster on startup. That would get the node back in service faster.

As I explained earlier in this thread, Bitcoin could pretty easily adopt some of the same techniques Ripple uses to deal with disagreement. While you can't really change the rule that the most PoW is the valid chain, you can at least automatically detect when there's disagreement over the longest chain and stop transaction processing sooner, without requiring the manual intervention that was required in the 0.7/0.8 split.

To summarize: There are two types of ways a system can be attacked or fail. One is due to a bug or design flaw. Systems develop resistance to this type of attack by good design, many eyes looking over the design, and over time. But the other way is due to an understood weakness -- one that you defend against but ultimately must accept as fundamental to the design. For Bitcoin, this would be a Finney attack or a 51% attack. For Ripple, this would be some kind of consensus breaking attack. We believe Ripple is less vulnerable to this type of attack because consensus is more flexible. You can choose who to trust, rather than having to trust whoever has the most hashing power, and you can choose how you use that trust, rather than having to go with the longest chain. There can, however, be endless arguments over what the very best way is to use this flexibility, and we will continue to improve it to make these attacks even more unpossible.

I don't see an obstacle to such an attacker, for example, zeroing their debt with all their creditors, or causing somebody to trust them and owe them money (although there's no reason to believe that person would pay that debt), or transferring arbitrarily large amounts of XRP from other accounts, or even creating XRP (although if they broke the 100 billion XRP cap, I don't know if validators would consider it valid). As far as I can tell, they can rewrite the ledger at will, so long as it appears valid afterwards.

Wouldn't the total balance no longer be zero?

Unless they also faked origins for the newly appeared assets?

(That is, issuing accounts with negative balances equal in absolute value to the total positive balances of that asset?)

-MarkM-

JoelKatz:

In Bitcoin, because you can verify the validity of the entire blockchain and a valid transaction contains proof that the sender authorized it, you can in principle trace your coins back to their origin and have a proof of authorization for each step along the way. This means that if your coins ever end up disappearing, it must be because either a) they were double-spent at some point, and the current longest chain includes the other transaction or b) the block they originated in isn't part of the longest chain. This also means there's no way to end up controlling coins that you didn't control before except by receiving them or by mining a block, which puts limitations on the kinds of attacks possible. (An attacker must legitimately control coins in order to double spend them, for example – they can't just print money.)

In Ripple I understand that validators only needs the most recent ledger, meaning there isn't any guarantee that such a chain of proof exists. Are there any attacks that have the rough form


That is, is there some event like a massive power outage or a network split or colluding validators which somebody could exploit to update balances in their favor? Perhaps it might go like this: a power outage makes it so that a colluding set of validators is temporarily the majority, and they propose a ledger with malicious changes. Several ledger closes go by before the rest of the validators are up again, and when they look at the network they see that the current ledger includes the malicious changes. Because no record of a transaction needs to exist for a balance to be considered valid, there's no way to prove that the new balances are illegitimate, and the malicious ledger looks valid.

Am I understanding things correctly? What conditions could this happen under? What sort of resources would an attacker need to make this happen? Are there any limitations on what could be done in this type of attack? How could the community recognize and react to such an attack?

Your node tries to obtain a consensus with everyone you asked it to obtain a consensus with. If it can't, then it fails, and it knows it fails. So essentially, the same thing that happened with Bitcoin would happen except for two things:

1) Everyone would immediately know that the network was split because they wouldn't see the validations and consensus they expect. There would be no need to warn people to stop processing transactions.

2) If one chain was invalid, people could manually opt to drop validators that select the invalid chain. There would be no need to persuade 50% of the hashing power to move. However, this wouldn't help much if both chains were equally valid. (Without someone to make a decision, I could see some people moving from .7 to .8 and some moving from .8 to .7, not helping much until a community decision was made. That would be less of a problem if one chain had clearly invalid transactions in it. People would independently choose to leave the invalid chain.)

Like Bitcoin, it is designed to resist them. Like Bitcoin, bugs can cause systems to do things they were designed not to do. For this specific type of failure though, I believe Ripple's architecture is better able to resist it.

That said, I believe this type of resistance could be added to Bitcoin without too much difficulty. First, if you see blocks are being found way too slowly, stop processing transactions. (There's a risk that the hashing power has gone to another chain, maybe one you're partitioned from due to network issue.) Second, if you see several nodes, particularly nodes close to mining pools are on a different blockchain than you are, stop processing transactions. (Because that other chain might be better than yours for some reason your program can't see.)

Exactly. This is easier to do in Ripple than in Bitcoin because you see trusted validators validating a different ledger whereas in Bitcoin you can only be aware of a drop in hash rate later by statistical sampling. But it's not hard to add to Bitcoin.

Mining pools could even periodically broadcast a time-stamped signed hash of the tip of the blockchain just as Ripple validators do. Your node could then know if it was on the same block as each mining pool automatically. No central authority or manual intervention is needed -- pools and miners could include their signing key or its hash in blocks that they mine. So you'll know roughly what percent of the mining power each key represents.

Ripple currently has a problem where a few times a day, this logic trips and the Ripple network (more accurately, some client-handling servers) stops processing transactions. Part of it is due to the fact that the number of validators is so small that it's hard to tell if a validator just stopped processing or whether you're split from it. Fortunately, it only takes 20 seconds or so for a new consensus round to start and it all to sort out.

I believe Ripple would be more resistant to this problem with more validators, but testing in edge cases helps us to make sure the algorithm is robust and reliable. We'd prefer to not process a transaction for a few seconds than claim we had processed one when we didn't, of course. But the issue is more with ensuring we know the current state of the network for things like reporting validated transactions to others. Where, again, a 20 second delay is better than an incorrect report of confirmation.

Can someone explain how Ripple and the consensus approach would handle a fork (majority POW for bitcoin vs majority validators for ripple) like bitcoin experienced earlier this month?

One of the huge selling points of bitcoin is no double spends, once a transaction is confirmed there are no rollbacks.. quite clearly that was not the case earlier this month, could Ripple experience the same sort of problem?

I guess there is no way to avoid a splitting of versions of truth depending on what groups of users want.. thinking out loud, the trick is to be alerted to the fact that there is another fork out there and is it the one you want to be on..

 can someone explain briefly how to fund the client with Bitcoins? 

As I pointed out a few posts up, you could get enough XRP to try it out for just a few mBTC. You only need a few hundred XRP to get started, and they are going for something on the order of 100 XRP per mBTC.

I would like to try this, but my account was a few days under the date needed to recieve free XRP to start you off. To late to the party, again 

So, the wiki says you can set fees but how do you do that?

Also, XRP isn't meant to be an investment.  There are limits in place to stop spammers.

The thing is they have a big reserve value of XRP.  It's like a pre mined coin.  And it doesn't necessarily need to have value.  You could trade stuff without XRP.  XRP is something to stop people from spamming and for tx fees.

It does seem strange you can't start using ripple for anything until you get some xrp, but you can't even buy the xrp until you have an active account. There was the free xrp giveaway thread for people with bicointalk accounts created before the giveaway started.

The other thing you could do is have somebody lend you some xrp as a started loan. I have done this for at least one person in the past: I send you 300 xrp (that is enough to get started), after which you can buy some xrp by depositing btc through one of the gateways and using the ripple exchange, then send me back the xrp I lent you (plus whatever amount of interest).

Or you could directly buy some xrp from somebody on the forum, you send them btc and they send xrp to your ripple account. So if you send me 5 mBTC, I will send you 500 XRP so you can start using your ripple account.

rw75ru8M6oPCZrC7gDW8MuevqPrLxu8Xtn
I uh, have no idea. I created an account now what? I can enter other accounts as contacts? What happens if I add random people as contacts? oO

Edit: Uh ok, can´t add people need those rpx? How do i get them? Except trying this forum game thingy?

Hey guys,

I created a new Ripple account. My address is rzrQieowSLiDwjYDsXRKayPbb8uGzkV1D

Would be glad to test it out.