Topic: [SKY] Skycoin Launch Announcement - page 86. (Read 381579 times)

Update:

We have four new developers, each assigned to one task.

Meshnet:

Version one meshnet is almost done

https://github.com/skycoin/skycoin/commit/f959d0875baf990e43ca3f045a9cba82d4d8f24a

This is the sixth or eighth design iteration, so it is very clean conceptually. I was simulating the meshnet packet passing algorithms with punch cards and paper and it works well. You could implement it on a punch card sorting machine and telegraph lines if you wanted to.

Exchange:

Exchange is being refactored and fixed. We have a revolutionary exchange design, that simplifies the exchange, improves the security and enables easy support for multiple coins.

The exchange has a limited number of function
- deposit bitcoins
- withdrawal bitcoins
- deposit skycoin
- withdrawal skycoin
- bid/ask order
- very small number of simple API commands. Very small code base.

The exchange has a JSON RPC, tunneled over ChaCha20 + secp256k1 channel, running over the Skycoin meshnet/darknet.
- man in the middle attack is not possible

- The user has a local wallet, a json file that contains their private keys.
- The identity of the user is their public key
- user signs exchange requests with their public key
- The user has a local wallet and a remote wallet (coin balance on the exchange, coin balance on addresses for private keys held locally)
- the user can withdrawal all coins from the exchange to their local wallet
- the wallet can store the private keys for and sign transactions for all coins supported by the exchange (native multi-coin)

- there is a consistent wallet format and private key storage format for each coin type and it is modular
- other coins can be added easily (shellcoin, bitcoin, litecoin, dogecoin, zerocoin, ehtereum)
- the exchange queries unspent output balances and blockchain state over websocket RPC
- the external coin interface is running on a physically separate computer (not virtualized) and on a different network namespace
- the application running each coin blockchain is separated from the private key and transaction signing server

There is invariant checking on the wallets, so if coins disappear or a 51% attack occurs or some invariant is broken, it should detect it.
- the local user interface is a local web application

There are a number of very  specific things. I am glad they are finally getting done.

Wallet

We have a new build system and modernized our build scripts

- cross compilation is working now
- Windows builds are working
- OSX builds are not working
- Linux builds are working

We should release the wallet again, but we have to add UDNP firewall tunneling and have to fix peer-exchange.

Swiss Banker Protocol

We designed a simple two packet protocol for doing micro-transactions through a trusted third party (the exchange), without going through the blockchain.

R&D: CX

Before the blockchain there was a thing called tuple spaces
- there was a object store
- objects would be stored in the object store
- a process would check objects out of the object store
- a process would modify the object or perform transactions/operations on the object
- a process would check the object back into the object store

- a process could be internal or external (could be an external process, or could be a process running in the tuple store)
- a process could non-destructively read a tuple/object
- a process could destructively read a tuple/object (get copy of it and destroy original)
- a process could instantiate a new process on the object store
- a process that creates a new tuple/object and stores it in the object store

If the tuple store itself is an object, that admits transactions, then you get a blockchain type object
- there is a transaction that instantiates a process, which destructively reads a series of unspent outputs (spends them) and creates a new series of unspent outputs)

There is a class of mathematical objects that are "blockchain like". That are more general than the blockchain. There is an ontology on those objects, which is useful to think about them
- a transaction (an operation that is applied to the object state, mapping it to a new state. The state of the object, is a series of transactions applied in sequence upon the null object. For instance a wikipedia page starts blank, then a series of diff transactions are applied to it). A transaction is a "function on" the object. A transaction has a representation as a byte string and as an operator or the action of a computation being performed on an object.
- a "function of", these are functional type functions (such as the SHA256 hash of the serialization of the object). They do not change the state of the object and are properties, predicates and non-destructive reads and invariant checks
- A communication, an event, the emission of a length prefixed byte string.

Examples:
- a twitter feed starts empty (null object)
- a series of "create tweet actions" are applied to the feed object, to add each tweet

- a wikipedia page starts empty (null object)
- a series of diff operations are applied in sequence to create the head page

- a git repo starst empt (null object)
- a series of commit and add files operations are applied in sequence to create the current file

- a text file starts empty
- a series of edit, delete, insert operations are applied in sequence to create the current document

- a blockchain with all the coins allocated in the first block is created (a series of unspent outputs)
- a series of transactions or operations are applied, which consume (destroy) unspent outputs and create new unspent outputs (the unspent output set is the state, upon which the transactions/operations operate)

Bitcoin type blockchains are simple or one of the simplest types of this this kind of mathematical object
- they have one transaction
- each transaction has a validity invariant (to determine whether it can be applied to the current state)
- there is one type of operation/transaction on the object
- there is one type of object (the unspent output)
- the state is a list (of the one object type, the unspent output set)
- each transaction destructively reads the unspent outputs it consumes (outputs are destroyed) and new outputs are created
- the unspent outputs and the transactions that create and consume them, form a bipartite directed graph

We are planning a very simple scripting language (implemented in 2000 lines of go), called CX. It is a research language for implementing these types of objects.

It is also very good for blockchain business logic.

The problems are
- I proved mathematically that no language with the required properties can have a representation as a text file. The program is actually a program object, constructed by applying a series of operations upon a null program object. I am still trying to imagine what an interface would look like or how to interact with the program objects.
- It is turtles all the way down. It appears to be a self-implementing set of mathematical abstractions. There is a set of symmetries or invariants and set of operations, and the invariant are preserved for all objects in the transitive closure over the set of operations.
- There does not appear to be a difference between compilation and interpretation in the language
- There is a clear difference between "functions on" and object and "functions of" an object
- there is a sort of transitive closure under a type of reification operation on a program (what is the inverse of reification?).

Here is one thing you might do with this type of language or computer
- you take a program that can be represented as x1 as a byte string. x1 hashes to H1
- you take data whose byte string representation is x2 and which hashes to H2
- you apply program x1 to data x2 and get output x3, which hashes to H3

Assumptions
- computation is deterministic
- there is a program, which canonically represents each program or data as a byte string and back. If you serialize any program or object x, then serialize it, you get x back. x = f(g(x)) for all x, where f is serialization and g is deserialization.

You have a network of computers
- each computer runs a program and scans for tuples and grabs or replicates peer-to-peer tuples matching certain properties
- each computer stores a subset of the tuples
- a computer may introduce new tuples

example
- a computer or node stores (H1, H2, H3) (the tuple for program hashing to H1, applied to data hashing to H2, which returns output which hashes to H3)
- another computer scans and matches, then replicates (H1, H2, H3) and then triggers a process, creating another tuple pair, which consumes H3

This is a sort of distributed, fully functional, distributed computer in the Urbit style.

- each node has a key value store (Redis, to store data x1 which hashes to H1 as key -> value, h1 : H1)
- a list of tuples (H1, H2, H3)
- a program/script running on the node which curates, scans, communicates, replicates tuples and key/value pairs when asked

This is an interesting, but weird sort of distributed computer.
- it is fully functional or non-mutable (any two nodes with (H1,H2,H3) with same data , who perform same computation, will get same result)
- nodes can communicate by taking message and signing it with their public/private key and publishing tuple/message, which is then replicated by other nodes
- it is a very simple model of computation, with very few operations

The Skycoin consensus algorithm appears capable of running on this type of machine.

You could also build a file system on top of this type of computer
- a block of data or hash H1, could be a block of data from a movie, text file or MP3
- another block of data H2, could be the list of blocks of data composing a file whose byte string hashes to H3
- another block of data H4, could be the list of nodes replicating chunks of data mentioned in H3

"BitTorrent on DMT". This is some kind of content addressable distributed storage system.

Some of the modes of computations or systems are very general and I do not know what to use them for yet. There is a whole class of types of computation and data structures, besides the blockchain and they have not been implemented or classified yet.

I found one type of data structure, that can be used for syncing workspaces or operating on shared data objects in a peer-to-peer manner. It reminds me of this
- https://en.wikipedia.org/wiki/U-form

- https://en.wikipedia.org/wiki/Tuple_space
- https://en.wikipedia.org/wiki/Linda_(coordination_language)

One of them looks like the pi-calculus or some kind of distributed anti-aircraft defense system. Its a blackboard design pattern, which is primarily used for multiprocessors and aircraft defense systems.
- https://en.wikipedia.org/wiki/Blackboard_system
- https://en.wikipedia.org/wiki/Blackboard_(design_pattern)

The lambda-calculus is the algebra of procedural computation and the pi-calculus is the algebra of communication. There are some interesting implementations of this.





I found another type of data structure that can be used for transclusion in text files.
- https://en.wikipedia.org/wiki/Project_Xanadu

I am calling these "RMA datastructures" or "5GW data structures" because every time I google for them or try to find a name for them. I keep running into


When you generalize the blockchain data structure and you go back down from the generalization to reality, you end up with a set of data structures that has more to do with swarm robotics and distributed systems than anything else. If you have a system with three hundred nodes and processes, you need to be able to prove and verify properties of the system and treat the system itself, as the object you are performing operations on and whose properties you are computing.

If you have a property P of the system, and an operation f (such as destroying 20 of the 300 nodes at random) and the system is in state x, then you want to show that P(x) = P(f(x)), you want to show that it commutes. You want to prove that if two of your five data centers are bombed, that the property P still holds on the system.

You have the system at multiple levels of reification. You have
- processes
- CPUs/servers
- racks
- clusters
- data centers

You have multiple hierarchical layers or projections into "facets" and the programs or operations, must be designed to satisfy invariants or
commutation relationships at each level.

You have a system, which is trying to satisfy the invariant. It is not just passive, but actively reconfigures or attempts to maintain homeostasis. It is operating according to "behaviors" instead of procedures and linear lists of "do A, do B then do C". It is "try to satisfy X and use behavior A, B, or C to accomplish that".

It is the mathematics and ontology of simulation, prediction and action in "hybrid systems".
- The language of systems, computation and communication
- This is the language of biological warfare, of "strategic bombing" protein or genes to modify the behavior of individuals and populations. - The language of psychological operations pystrat and  choosing the information inputs to present to individuals based upon their characteristics to control their behavior and direct the crowd.
- This is the language of allocating cruise missiles and orbital strike weapons to power generation, sewage facilities and communication facilities to do the minimum damage necessary for a self sustaining civilization collapse.
- The language of identify the weak nodes in the networks, whose removal will cause the ability of the network to maintain homeostasis to collapse (at the biological, chemical, infrastructure level, psychological level, civilization level)
- The language of identify which leaders to kill and which to promote to take control of, subvert and infiltrate a social movement.
- The language of Alinsky, PROMIS, block level modeling for network analysis, Palantir, network deconstruction, the language of the CTW model.

interesting... up

IPO still open?

Update:

Too busy coding, to update.

Drama:

I am ignoring the drama.

Nothing matters but the software. There are people complaining, but they are not coding anything. I am ready to stab to anyone who is not contributing anything and wants to give advice.

I do not care how it gets done, as long as the software is finished.

Chinese Drama:

Summary:
- One group of Chinese investors is demanding that they take over marketing and project management for Skycoin, because it is taking too long and they have launched a coin previously and all of the technical parts of Skycoin are done
- Another group of people in BTC community does not want us involved with them, because of the previous coin

There is a Chinese group that
- bought a large chuck of Skycoin from the early ICO invesors
- is licensing our personal blockchain and scripting language to sell blockchain services to banks, financial services and retail
- who created a skycoin token on their blockchain and is selling them.
- they are paying for developers for us, to work on the skycoin multi asset wallet

They were selling the tokens for less than the ICO price, which upset the ICO investors, but I asked them and they said they were buying up the ICO Skycoin and selling the skycoin tokens and pegging the tokens to coins on the skycoin chain. They are selling to a different group of people than the bitcoin community. The shellcoins are in yuan and are not traded against Bitcoin.

Half the people left that company and formed a new company and we are working with both the people in the new company and the old company.

Shellcoin
- is closed source
- is not traded against BTC
- dose not have a cap on the number of coins

Shellcoin does not appear to be an altcoin, but is a yuan payment gateway, like ripple, but used to crowd fund money for companies and equity investments. It is more like Kickstarter than an altcoin.

No one asked us, before the sale or discussed the peg. We do not care either, as long as they are paying for developers.

They are
- using the skycoin multi-asset wallet infrastructure for providing services to businesses (blockchain traded gift cards and rewards points programs for large retail group)  (this has nothing to do with skycoin and is completely separate)
- using the skycoin person blockchain for developing applications targeted at businesses (this has nothing to do with skycoin and is completely separate)
- paying for developers, working on the above applications

The skycoin development team and asset on the blockchain is however completely separate. As long as they sell less than 1 million Skycoin on the shell coin chain, they can maintain the peg indefinitely. The amount is so small, that it will not affect Skycoin.

None of this affects Skycoin in anyway and is completely separate. This is for another project called CX.

We are also working with another six other companies and mostly on shared infrastructure and individual developers.

Development Update:

Some of the developers had problem with management style and were confused about what needed to be done. Now I am trying
- I assigned one thing to each developer
- I narrowed the task down to be very simple and self contained
- There is a group to recruit developers and staff developers to tasks now

We are trying to split everything up, into small manageable tasks.

Now they are saying everything will take two weeks.

We are building up a separate project management and marketing team, so the core developers can be left alone and focus.

Right now we are transitioning into a
- research/design/security team (researchers and core developers)
- marketing/PR group (completely separate and is actually composed of multiple overlapping groups of the skycoin investors, altcoin cartel members and other)
- project management group, who can handle miscellaneous tasks and find developers to do them (like putting the wallet on the website, frontend development, fixing bugs, hire developers to work on sub-projects etc...)

We have a problem, because we are not set up to manage the number of sub-projects and developers for the next stage of the coin.

Whole parts of the project are still unstaffed and we have several software components on the critical path, that are unstaffed. We also had no project management infrastructure setup for the first four years of the project, so many of the developers did not know what to do.

For instance, this is what getting the skycoin wallet builds looks like

- Person C communicated to person A had to put new version of the wallet on a website
- Person A reported CGO cross compilation error
- Person C communicated to person B to try to compile in the VM natively
- Person B accidentally deleted the VM for compilation
- Person C had to spent 2 months deprecating C crypto library to avoid CGO
- Person D had to fuzz crypto library and found bug
- Person D communicated back to person C about the bug
- Person C communicated to library author and had to wait two weeks for bug to be fixed
- Person C asked person D to fuzz library again and finds that we need to upset sipa's libsecp256k1 because the old version has different outputs for some rare private keys than the new version
- Person C updates repo with new software
- Person C gets gox cross compilation working
- Person C tells person A to cross compile
- Person A cannot cross compile because the build scripts are not documented and no one knows who to get them working
- Person C looks at it and finds out that gox compiles the exe but now packaging is broken
- Person C asks person E who wrote the build scripts to update them
- Person E finds that embedded npm package is bitrottened and does not want to maintain it and it is breaking the builds and needs to be deprecated for cross compilation. Three days are spent fixing "bug" because golang did not recompile library automatically when source code changed, because of bug in how cgo follows symlinks outside of the $GOPATH
- Person E starts deprecating nwging something library
- We have to wait until nwging something is deprecated and packaging is fixed for windows
- the go cross compilation fails for 32 bit because of a file in the cypto library with 4 megabytes of constants in arrays, that trigger and "out of registers" error.
- now we want to deprecate the secp256k1 library for another library, because we dont know what these 10,000 lines of constants in this file are and why we should trust them. Why do we need 10,000 lines of hard-coded constants to raise the base point to the power of a 256 bit integer in an elliptic curve mode some 256 bit prime? Where did these constants come from?
- Then we have to find the person who registered the skycoin domain and get DNS setup
- Then we have to ask person to start a server and put the website on the server, then login and upload the builds
- to get a system icon for skycoin wallet, we need a library that has not been ported to Windows yet

This is just to get the fucking wallet on the website. I want to stab someone.

This reminds me of the minute man missile tests, where if they had a nuclear war and actually tried to launch the missiles that 60% of the missiles would fail during launch because of software bugs.

Getting cross compilation working is literally a fifty step process, that entailed rewriting a secp256k1 elliptic curve cryptography library from golang.

Now we have to upgrade the wallet from Angular JS to Angular JS 2.0, so we can run the wallet on mobile. We have to get build scripts setup for typescript and whole toolchain working. There are still bugs in the original wallet from a year ago, that have not been fixed because we do not have person assigned to it yet.

We are trying to get project management infrastructure setup and project management team, so that they can assign developers to as much as possible, without involving the core team.

I am trying to focus on day to day, getting to the next thing.

CX:

The Skycoin white papers are two years out of date.

We are finishing
- wallet
- exchange
- meshnet

Those are only three things the core team is working on and there is one person assigned to each sub-part

After that, there are a number of projects and infrastructure we are building to promote adaption of Skycoin and which is also shared infrastructure.

CX is the planned base application layer for the Skycoin applications ecosystem.
- CX is similar to C and Golang
- it is very simple and easy to use
- it is deterministic
- it is designed to be embedded in personal blockchains, but also as an application language
- it is based upon the pi-calculus, communicating sequential processes and Combined Object-Lambda Architectures (COLA)

It is designed for implementing application business logic and protocols, where software objects on different personal blockchains need to communicate.

Will talk later about this. Want to get this done first.

what about Tay skycoin?

http://blogs.microsoft.com/next/2016/01/25/microsoft-releases-cntk-its-open-source-deep-learning-toolkit-on-github/

https://github.com/Microsoft/CNTK

I want to transfer some domains, PM me if you are interesting:

skycoin.cc
factom.cc
diamonds.ren
cryptocurrency.top
cryptocurrency.pub
cryptocurrencynews.cc
altcoin.cc

@skycoin
Ipo still open?

Update:

Very busy. Just meetings, meetings, meetings.

It is skycoin Chinese drama week. I am just going to wait it out.

Project Priorities:

Right now the priorities are
- improve project management
- have a place where everything that needs to be done, can be written down as a ticket so developers can find it
- get developers to implement the tickets

We not have a radical simplification of the consensus implementation and simplification of the meshnet/vpn/darknet and it is almost trivial. It should not be more than 2,000 lines for the core, but we need to make sure it gets implemented.

Finding good contractors and people to work on project has been very time consuming.

Development:

Right now
- wallet cross compilation was done months ago
- We need to get gulp script working that dumps angular js 2.0 example app, into "dist" directory we can serve from golang. This is amazingly frustrating.
- we need to port the skycoin webwallet to angular 2.0 eventually (not high priority)
- We are having meeting and trying to get SKY/BTC exchange up as next priority
- we figured out how to simplify consensus implementation

The meshnet/vpn/darknet has undergone radical simplification. It very clear what is needed at this stage and is almost a joke. I do not have an excuse for not finishing this or hiring someone to do it. I have a triangle of three components, which depend on the other two components and together it just works.

Security:

I do not even want to talk about this, because it is too depressing.

There was ANOTHER glibc remote code execution vulnerability in the DNS resolver.
- you open up a website
- your connection gets hijacked and they insert a URL into the webpage
- your computer resolves the URL, triggering buffer overflow and remote code execution
- they have control of your computer

Bitcoin Core, Bitcoin XT and Bitcoin Unlimited used the version of glibc, with the exploit.

Bitcoin Foundation (reference client) uses musl instead of glibc and was not affected by the exploit.

Many of the newly introduced Bitcoin forks, appear to be attempts to intentionally accelerate adaption of Bitcoin clients with inferior security policies.

Also see:
- https://libreboot.org/faq/#amd
- https://libreboot.org/faq/#intel
- https://muchweb.me/systemd-nsa-attempt/

Google Unveils Glibc DNS Client Vulnerability, Many Bitcoin Implementations Affected
http://qntra.net/2016/02/google-unveils-glibc-dns-client-vulnerability-many-bitcoin-implementations-affected/

https://www.reddit.com/r/linux/comments/47s8a8/new_amd_microcode_vulnerability_from_unprivileged/
- ring0, AMD microcode

The Memory Sinkhole: An x86 design flaw allowing ring -2 privilege escalation
- https://github.com/xoreaxeaxeax/sinkhole/blob/master/us-15-Domas-TheMemorySinkhole.pdf

https://www.reddit.com/r/linux/comments/485jp9/openssl_cve20160799_heap_corruption_via_bio_printf/

https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
- [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow
- The code that causes the vulnerability was introduced in May 2008 as part of glibc 2.9.

Malformed private keys lead to heap corruption in OpenSSL’s b2i_PVK_bio
https://wartalker.me/a/56d62d1aeff2a2688884a075

There was also a recent RSA conference, where a speaker hinted at a backdoor of the microcode for the new Intel SHA256 acceleration function.

Almost every Bitcoin service is using PHP, can say with 100% certainty, they are going to have their coins stolen.

This is the backdoor in torcoin and lucky coin that allowed Cryptsy to be hacked.
- https://github.com/alerj78/lucky7coin/issues/1



There are other security vulnerabilities I do not want to talk about.

Now, the exploits are being directly added to the operating system as "features". Computers are being force upgraded from Windows 7 to Window 10. Windows 10 can covertly uninstall your cypto apps and/or replace them with back doored versions of the same executable and you would not even know. The operating system has a built in key logger and

After going through information, the summary is
- all Intel/AMD CPUs are unsuitable for cryptographic applications or bitcoin. It is possible to hide backdoors both in the bios and in microcode.
- every system running SystemD is insecure. SystemD is a mega-project to subvert linux security and replace a range of modular applications, with an unsecure blob of code that cannot be removed, exposes the system to thousand of exploits and which is to tightly integrated with every part of the system, that no hardware can be initialized without it and few applications will run without it. It is a cancerous tumor, to destroy, what should be a bare minimum of well designed, loosely coupled components.
- glibc is unmaintained and too complicated to be secure. musl should be used instead
- openssl should not be used. All standards by NIST should be suspect.
- Redhat is a subsidiary of the NSA and exists to subvert linux enterprise security.
- Intel and Microsoft are subsidiaries of the NSA and exist to subvert enterprise security. AMD is now as bad as Intel, after the Saudi buyout.
- C/C++ must be deprecated for a memory safe language
- PCI/USB/SDA must be deprecated and new security architecture is needed.
- all binary blobs in the kernel must go. all drivers must be open source
- there is an attempt to tightly integrate the priority graphics drivers bootup process with systemD, so that secure or open source hardware or non-systemD distributions cannot even boot
- if you produce a secure linux distribution or hardware not subject to these vulnerabilities, then Redhat/NSA will buy your company and shut it down
- deletion, censorship, marginalization, redirection of wikipedia articles for secure VPN solutions, DNS encryption and non-backdoored linux distributions. Blog posts in popular media saying "You need to encrypt your traffic!" then telling people that OpenVPN is insecure and to use these "top three" compromised VPNs, or better yet, closed sourced VPNs created by what I assume to be front companies for shady oil equity firms, owned by families who were intensely involved in Iran-Contra, the Total Information Awareness Office and ....



I am slowly coming to the conclusion that
- software easily could be secure and safe in theory, but
- we are in the middle of a multi-decades cyber war entailing the intentional subversion and back dooring of every piece of hardware, software, operating system, library, application, and cryptography and network protocol for the past forty years.

During Skycoin development, we also found technology that is very interesting, but only useful for 1313 type systems and for things like drone swarms, machine tool virtualization and user interfaces for hybrid systems. The meshnet/darknet/vpn scripting language is based upon CSP and the pi-calculus and there are very interesting things you can do with this
- https://en.wikipedia.org/wiki/Pi-calculus
- https://en.wikipedia.org/wiki/Process-oriented_programming

still no ICO?

how to install wallet on windows?

Yeah, I was wondering what has happened to the Skycoin dev?

Still watching

Long time without post. Everything alright skycoin?

各位中国skycoin爱好者，

前几天我们中国的skycoin群被群主莫名解散，为方便大家讨论交流skycoin及类似新币，本人（微博：演闻先生）重新建一QQ群，群号538010045

个人建议：多做 技术前景 及 商业前景讨论，不要过度沉迷于价格涨跌

本人是长期虚拟货币爱好者，随时等待各位网友交流讨论（QQ：397660685）

I want in 

I guess it will take a long time to get on an exchange because this is unique technology. The exchange would have to build new custom code.

https://github.com/skycoin/skycoin

Can you remind me the link to latest client?

I recall the dev posted nice text UI's, but never got to testing it.

Yep, network is up and running. I've sent coins successfully from one wallet to another.

Yes.
Next phase- release of a command-line decentralized exchange: Skycoin / BTC