Topic: [SKY] Skycoin Launch Announcement - page 116. (Read 381579 times)

I am sure your arrogance also plays a role.

Someone PM'ed me links to the OP and the following two posts:

https://bitcointalksearch.org/topic/sky-skycoin-launch-announcement-380441
https://bitcointalksearch.org/topic/m.10475089

I formerly posted under the usernames AnonyMint, TheFascistMind, and UnunoctiumTestacles (and a couple others I don't recall). I have particularly relevant post in the On the Longest Chain Rule thread.

The skycoin author appears to be possess considerable technical knowledge. And he writes clearly with high information density.

Many of his goals mirror mine. I am also an accomplished programmer.

However, it only took me a few seconds to see several issues that I believe ruin any chance of his success. I speak from experience in coding and marketing million user commercial software projects. I hope he takes this as constructive criticism and not as an attempt to hurt his project. I currently have no investments nor vested interest in any competing crypto-currency.

1. A non-PoW consensus is DOA, because there isn't enough time to thresh out the issues and trust it before the global economy begins to collapse in 2016. For example, the selfish mining attack wasn't discovered (or let's say widely proven and recognized) until years after Satoshi published PoW. Thus, the serious marketplace isn't going to trust a novel non-PoW consensus. Instead I have designed a PoW system which resolves many of the issues that plague Bitcoin, including ASIC economics. Some hints are in my linked post above.

Also I have some mathematical intuition that avoiding the 51% attack will always tradeoff security in another facet.

2. Afaics, he has absolutely no marketing acumen. He wants to go directly to replacing the internet infrastructure without a viable marketing scheme for ramping up.

3. He doesn't have the most essential quality of success in software, which is to ship something in high demand first. Instead he wants to tinker with every feature under the moon.

4. If I was improving Tor, I'd make it high latency and make is more secure, not less secure for higher bandwidth.

Time is of the essence. I am interested in working with highly talented authors, but unfortunately philosophical differences and differences in understanding how to succeed usually preclude such close working relationships.

This is interesting. Their website is down, so I cannot access the documents. Otherwise would want more information. This could be useful.

where can we buy this damned buttcoin already?? bittrx whats going on im getting scared again

That's because you can't have every factor under control. Even if you do a damn fine job, there will always be things like social engineering and targeted malware. This is unstoppable (ask the banks that has just lost 300M USD).

Yes. If the wallet was generated on a computer that is not compromised. Many people buy a $200 laptop and generate addresses from computer that has never been connected to the internet.

This used to be secure. You could keep the private keys on one computer, then create a transaction by hand on the computer not connected to the internet and then put it on a USB drive and carry it to computer connected to the internet, where it will be injected into the bitcoin network for execution (addition to a new block).

However, recent malware like Stuxnet and more advanced malware has been able to infect systems over USB and hop from system to system. We are worried about a USB 3.0 DMA exploit. USB is very dangerous for windows users because auto-execute. This makes these attacks possible for 95% of script kiddies. Attacking a linux to linux USB transfer will be more difficult but cannot be ruled out.

The trojans that did this, used to be files on the USB stick. It was a program that was automatically executed when the device was plugged in, that installed a backdoor to the computer and starts scanning for bitcoin wallets or connects to a botnet control center for additional instructions. It might install ad toolbars for ad money, scan for bitcoin wallets, fix security holes on your system so other hackers could not take over the system (king of the hill) or install a key logger and begin grabbing email passwords, credit card numbers and bank account details.

The new trojans are hidden in the firmware of the USB drive itself. They cannot be seen on the file system. You can pass out a USB stick at a Bitcoin conference, someone formats it, thinks its safe but there could be anything in the firmware. If your computer is infected and any USB device is plugged in, that device could potentially be infected itself and spread to any other computer it is plugged into.

Here is an article on USB security and BadUSD: http://www.forbes.com/fdc/welcome_mjx.shtml

Offline Wallets:

Skycoin will have some more features for doing offline wallets or wallets on computers not connected to a network. You for instance, may generate a wallet and seed on a computer not connected to any internet. Your "cold wallet". Then you send the coins to the first address in the code wallet. Then you load the unspent output hash by hand (typing it into the computer).

To send coins out of the code wallet, without connecting the computer to the internet,  the wallet generates a transaction on the computer not connected to the network and produces a QR code you scan with a cell phone to injection that transaction into the network.

There should be a way of doing this safer than USB. Maybe coupling a cell phone app to a laptop over speaker/microphone.

IPO Security

We ended up generating a wallet with a few thousand addresses, using a computer that has never been connected to the internet and then encrypting the addresses (lock the wallet). Then transferring that to the computer running the IPO bot. So even if the bot is hacked (very difficult but cannot be ruled out) the Bitcoin private keys are safe and locked. We have all incoming ports firewalled and the bot is in a memory safe language, so buffer overflow vulnerabilities are not possible (except through one c library dependency).

So the bot can receive coins and check balances, but cannot send coins and even if hacked, cannot loot the Bitcoin (unless they can unlock the wallet). The Skycoin can be looted, but there is a receipt system, so can handle it.

Bitcoin has several security problems. Bitcoind does not allow you to check address balances, unless the public/private keys are loaded into the wallet. You used to be able to just load the pubkey, but that is deprecated. It is designed to force you to do things in ways that increase the risk of theft or loss of coins.

The problem is that people can lose coins because of factors that are not under their control (software bugs, bad usability, bad design, unexpected behavior in the wallet with change addresses, wallets not really be deleted on SSD, buffer overflow attacks). Every factor has to be brought under control. Its exhausting.

Skycoin Exchange Proof of Concept

We think
1> All exchanges should have a common API
2> Exchanges should not be holding balances of coins. The coins should automatically be withdrawn back into the users wallet. The user should be holding the private keys, not the exchange.

In this type of exchange, an exchange is a publickey hash, you add exchanges you trust to a list. The wallet queries the exchanges on the list and looks for the best bid/ask on each coin. Then you do trades and settlement and clearing.

The problem is that Bitcoin takes 10 minutes for settlement, while a person may enter in ten trades per second. If Skycoin achieves 1 second transaction times, then you can do settlement but wont have the Bitcoin in your wallet for 10 minutes. However the Bitcoin will be stored locally and cannot be stolen if the exchange goes down.

It is possible to do instant settlement with Bitcoin without waiting 10 minutes or going through the blockchain at all
- You place your Bitcoin in a multisig transaction, where moving the coins requires your signature and requires the exchange's signature.
- To send the Bitcoin to the exchange, you merely disclose the private key for that Bitcoin address.
- Now the exchange can authorize transactions with the Bitcoin but you cannot
- The exchange cannot steal the coins without your permission
- If you exchange discloses the private-key to you, now you own the coins and you can move the coins but the exchange cannot

So it is possible to do "instant" settlement of Bitcoin off the blockchain. However
- exchanges can hold your coins hostage (sign this transaction giving us 50% of the coins you get nothing)
- if the exchange forgets or loses the private key then you cannot get access to the coins

To get around this, you set a timer and make the signature check short circuit after 30 days. So if the coins are not moved, within thirty days they return to the person who owns the privatekey for the first address. This prevents the coins from being held hostage or prevents coins from being lost if the exchange forgets the privatekey.

To implement that, you would need a bitcoin scripting language op code that can read the time in the blockchain header for the current block and compare it to a target value. Or which can compare block depth of current block to a target value.

Bitcoin/crypto Infrastructure

So the exchange problem has been solved for a while, but no one has implemented the solution. It requires a series of libraries, scaffolding and infrastructure that does not exist and which no one is building.

I see Bitcoin/crypto as a sort of "money operating system" and it a platform with missing core libraries and capacities. Just like the standard library for "open file", "read file", "write data to file", there are a set of standard operations for Bitcoin. Private key generation, signature verification, communication, settlement/clearing and dozens of others. Bitcoin only implements "check balance" and "send" and has a very crude implementation of a fraction of the capacities or libraries needed.

Some of these core operations overlap with the standard library for the operating system. Why you connect to an IP address, you have no idea if the traffic is being intercepted or man-in-the-middle attacked. Any router between you and the destination can intercept and redirect the traffic. The  IP addresses does not actually identify anything in the real world.

When you are on OkCoin or an exchange and you send an HTTP request for "withdraw my coins to this address", what stops someone from sitting in the middle and replacing the address you wanted the coins withdrawn to, with their own address? What prevents them from withdrawing all your coins to themselves? Nothing. HTTPS sometimes (but in practice not, depending on your browser, your ISP and the security of the exchanges HTTPS private keys). Instead of hacking OkCoin, you can hack a frontend server, bribe and employee, get the private key for HTTPS and then hack any router between the user and the exchange and then steal all their coins by intercepting their traffic and withdrawing the coins to your address once they have logged in. How many coins could one person steal with a single BGP hijack and the HTTPS privatekeys for one exchange, without even having to hack the exchange itself or grab the private keys for the Bitcoin.

When you replace IP addresses by a pubkey hash, then unless the person has the private key for that pubkey, they cannot even read the messages you are sending.

You can guarantee that the end-point, if it is able to respond, at-least knows the private key for the publickey. Once you have that, you would deprecate the use of UDP/TCP/IPv4/IPv6 for all Bitcoin applications, because there is no reason you would use those protocols because they only have relative disadvantages in every category for security and do not offer superior performance. Eventually, it moves up the protocol stack and the operating system itself deprecates UDP/TCP/IPv4/IPv6.

So I want Skywire to replace
- UDP
- TCP
- IPv4
- IPv6
- HTTPs
- SSH
- SSL/TLS
- BGB
- MPLS
- TOR
- IPsec
- VPN protocols
- ...

Ironically, Skycoin started as a universal token for traffic settlement in the Skywire protocol. However, Skycoin itself began to require Skywire itself to meet security guarantees for higher level protocols.

This is very boring to most users. Very difficult to sell. People take for granted infrastructure like water and electricity, until it goes out. I think people will eventually end up using it in a way that is invisible to the user. No one thinks or cares whether they are using IPv4 or TCP/IP or HTTPS  when they open a Facebook page.

Another thing to consider is that Facebook makes less than $2 per year on each user and that between cell phone service, cable television and internet each person easily spends $3000 per year.

The real world is like H.G. Wells The Time Machine. Except that the above ground is where Facebook and 98% of users live in comfort and luxury without any concern for where anything they consume comes from, but there is no money here. All the money in the world is in the lairs of the morlocks laboring underground running the tubes and broilers, everything the Facebook users take for granted.

Bitcoin's market cap right now, is 3 billion dollars. Three billion a year is like level of tax evasion by single person or a divorce settlement. A single sovereign wealth fund or dictator trying to stash money where it cannot be seized, is more than the whole Bitcoin market cap. That means everyone here is still early. Bitcoin is already up ten million times from five years ago, but to go to 2 trillion is merely another 600x increase. 1% of global assets in crypto.

However, the state of the technology and computing is not ready for that type of society. The thefts would go from 2 million to 2 billion per month, the mining costs would go from 1 million a day to 600 million a day and drain the money back out of the system. There are technological upper bounds on Bitcoin's market cap. The mining overhead and the overhead from theft, have equal contributions to deflating Bitcoin's marketcap.

I should be excited by the IPO, I should feel like its 1994 again and its the Netscape IPO again. However, I feel numb because I see how much work is left. A week passed and I did not even notice. I feel like there are two days left of work and its so near, but never seem to get closer because of billions of small details

In a race, the quickest runner can never overtake the slowest, since the pursuer must first reach the point whence the pursued started, so that the slower must always hold a lead. – Aristotle, Physics VI:9, 239b15

An open source, volunteer model does not work effectively. I am going to hire more developers, set priorities, then transitioning away from coding directly and will just be doing code review.

Thank you Skycoin for the post, one of the most interesting posts i have read this year

I am sure the dev will find solution.

But the dev is anon
If something bad happen to him or if he just disappear like satoshi
Who's gonna invest in this coin in the futur
It's 98% in his hands

Well at least I respect the fact that dev is working hard to get all that BTC for just 2% of coins.

At least he is working hard for the money, but the 98% IPO is still not a good idea just because dev posted an essay long post.

Holding 98% of all coins goes against the spirit of crypto coins and dev should know this better than anyone if he really intends to change the game.

A lot of us are here to help out projects and hopefully one of these projects will in turn help out the world's population economically, not just to hedge off profits.

Talking about a new CPU structure, I wonder if you are interested the Jinn project (a modern ternary general purpose processor) which CfB is working on -
https://nxtforum.org/news-and-announcements/(ann)-jinn/
https://nxtforum.org/jinn/

Then the skycoins in circulation become 50 times more valuable 

Yeah what if someone accidentally all the coins

Excuse me but what happen if something happen to you and the 98% coins

If you create a paper wallet being offline the whole time and just track the transactions to that address isn't that safe?

Thanks for the very interesting update! In one Skycoin dev post has more substance and novel idea than in the whitepapers of all altcoins/projects combined including NXT, DRK, Supernet and all other existing shit.
I been telling you all here for long this man, the Skycoin developer is exceptional. Based on his input in this thread over the last year he deserves the funding and the support of the community.

woah... I just hope I don't get a visit from the guvthugs just for reading that.

great post!

IPO didn't start AFAIK.
Wallets are not functional ATM (software is not finished yet).