SolidCoin v2.0 Public Beta | Bitcointalksearch.org

makomk

hero member

Activity: 686

Merit: 564

Quote from: Ten98 on October 08, 2011, 01:50:42 PM

Reading the source is a terribly inefficient way of checking for backdoors. Unless you *really* know what to look for, you could read source code 100 times and never realise that there was a backdoor in it.

You can learn a lot more far more quickly about how secure / full of trojans / likely to open up backdoors a program is by running it in a Virtual Machine and inspecting what it does while running.

Strictly speaking, it's nearly impossible to tell if a program is malicious just by running it in a virtual machine and inspecting what it does. For example, suppose the actual SolidCoin 2.0 client had a booby-trap "if block number is greater than 8000 and difficulty is greater than 100, find and upload all wallets for all Bitcoin variants to RealSolid and erase the hard disk". Easy to code, very difficult to detect because until the booby-trap is triggered it doesn't do anything suspicious - no unexpected network activity, no dodgy file accesses, nothing. It'd also be more or less impossible to meet the booby trap condition in testing before it triggered for real.

(The observant will notice that SolidCoin has actually crossed that threshold and nothing's happened - it's just a hypothetical example.)

Quote from: Ten98 on October 08, 2011, 02:16:38 PM

In any case, surely if I were that clever and nefarious to plant some advanced, remotely activated, undetectable trojan like that in the client, I wouldn't be so stupid as to leave it in the source code? So how exactly would the source code help you there?

If memory serves me correctly, Bitcoin's moved to having its binaries compiled by multiple trusted developers that check they all get the same binary as each other in order to make this kind of attack harder. It's a shame SolidCoin doesn't do the same thing.

Red

full member

Activity: 210

Merit: 115

Quote from: bulanula on October 09, 2011, 06:13:25 PM

It requires no trolling Grin

OK, then.

If you wouldn't mind PMing me when either the white paper or code is released. I would greatly appreciate it!

bulanula

hero member

Activity: 518

Merit: 500

It requires no trolling Grin

Red

full member

Activity: 210

Merit: 115

Quote from: ?? on ??

"Source code dependent upon the trolls" sounds like an excuse that will be used for not releasing it ever.

Yes, very odd language. I'd be happy with a white paper explanation for starters at least.

Does that require trolling or not trolling?

Red

full member

Activity: 210

Merit: 115

Quote from: ?? on ??

Only thing I care about is seeing the inflation algorithm and if the claim that the chain is invulnerable to 51% attacks is true (probably bullshit).

Has any description of the algorithm for preventing 51% attacks been posted anywhere? I can't seem to find anything but the claim in their forum. Am I looking in the wrong place?

If anyone has seen even a cursory description of that mechanism please post a link. I'm not expressing skepticism. I'm just genuinely interested.

sd

hero member

Activity: 730

Merit: 500

Quote from: Ten98 on October 09, 2011, 10:02:16 AM

I assume once the final client, the source code and RS' "white paper" (lol) on his encryption algo are released, everyone will be happy? Of course not, you're just looking for reasons to dislike / distrust SolidCoin because of the threat he poses to Bitcoin.

I don't care if you don't join the party though, just leaves more SolidCoins for me Wink

You misunderstand. People don't mistrust SolidCoin because of the threat it poses to BitCoin; they mistrust it because they have no faith in the lead developer, and the design as we understand it is no longer true peer to peer but a form of indirect central control.

CoinHunter has a proven history of introducing fixes with unintended side effects because he doesn't fully appreciate why BitCoin is designed the way it is. He may even be a good programmer but he is a bad designer.

film2240

legendary

Activity: 1022

Merit: 1000

Freelance videographer

I'm getting this error when solo mining:

Uploaded with ImageShack.us

can someone upload the right settings file,or upload right settings for me to put into a file? Does solo mining use GPU or CPU?If CPU how long with 10MHash/s to get a block? And how many SC do I get per block?

Thank you

Ten98

sr. member

Activity: 1008

Merit: 250

I assume once the final client, the source code and RS' "white paper" (lol) on his encryption algo are released, everyone will be happy? Of course not, you're just looking for reasons to dislike / distrust SolidCoin because of the threat he poses to Bitcoin.

I don't care if you don't join the party though, just leaves more SolidCoins for me Wink

FlipPro

legendary

Activity: 1764

Merit: 1015

GREAT RELEASE COINHUNTER!

coblee

donator

Activity: 1654

Merit: 1351

Creator of Litecoin. Cryptocurrency enthusiast.

Quote from: ?? on ??

What is it with CoinHunter that brings out the worst of people?

You see it's not CH/RS... he has posted all of a couple times out here but these tools swarm like white on rice. All I can guess is that they are bored at the very least.

But what I'm seeing is that somehow CoinHunter causes people to go towards extreme ends. You either hate him or you love him, there's no in between. This is a trait of some natural born leaders. I have to give him credit for that. He does manage to get very loyal followers.

Lolcust

member

Activity: 112

Merit: 11

Hillariously voracious

Quote from: Ten98 on October 08, 2011, 02:42:36 PM

However, I still believe that you do already know the answer to this question, despite your claims of ignorance.

A claim most peculiar.

I am not telepathic (so can't have any awareness of anyone's motives here beyond their written claims and third party evidence) and really do not see how (inherently unsustainable) ignorance of a beta version's internals could possibly benefit a project, assuming it is both technically sound and benign.

It is extremely odd.

Ten98

sr. member

Activity: 1008

Merit: 250

Quote from: Lolcust on October 08, 2011, 02:28:10 PM

Let's keep personal attitude toward RS at bay here.

The question of "why would a sane man who has produced benign, secure code for a free software product conceal the sources" is purely academic one.

The quest for academic knowledge is truly a noble one, and it heartens me to see someone so inspired by it. I do hope you publish a paper containing your findings. I would be more than happy to peer review it. However, I still believe that you do already know the answer to this question, despite your claims of ignorance.

I have been wrong before though, and am prepared to entertain the possibility that you could indeed be so naive as to not realise the true reason for the secrecy. Perhaps, once the client is released into the world and SolidCoin 2 is flourishing, RealSolid may yet explain his reasoning to you.

Lolcust

member

Activity: 112

Merit: 11

Hillariously voracious

Let's keep personal attitude toward RS at bay here.

The question of "why would a sane man who has produced benign, secure code for a free software product conceal the sources" is purely academic one.

Ten98

sr. member

Activity: 1008

Merit: 250

Quote from: ?? on ??

Quote from: Ten98 on October 08, 2011, 01:50:42 PM

Reading the source is a terribly inefficient way of checking for backdoors. Unless you *really* know what to look for, you could read source code 100 times and never realise that there was a backdoor in it.

That's the weakest excuse I've ever heard of for not releasing source code. Also who said anything about backdoors? I'm more interested in checking the reward algorithm, number of pre-mined coins, the fix for the 51% attack and the 5% tax that goes directly to Coinhunter.

It's not an excuse for witholding the source, it's a defence against the argument "We need the source to check for trojanz!!" I accept that there could indeed theoretically be a secret ticking time bomb in there somewhere waiting to be activated, but I trust RealSolid enough to believe that there isn't. I accept that many people don't, won't or can't reach that level of trust, but then nobody is forcing those people to be part of SolidCoin, in fact we'd prefer it if you weren't.

In any case, surely if I were that clever and nefarious to plant some advanced, remotely activated, undetectable trojan like that in the client, I wouldn't be so stupid as to leave it in the source code? So how exactly would the source code help you there?

I'm sure the SolidCoin community is breathing a sigh of relief knowing that you're on their side and ready to validate the various improvements RealSolid has made, and I'm sure RS is flattered at your interest in his little project, but I do have to ask why you're so keen to validate the good work RS has done when you've made it so perfectly clear you dispise him?

bulanula

hero member

Activity: 518

Merit: 500

Quote from: k9quaint on October 08, 2011, 02:09:05 PM

Quote from: Ten98 on October 08, 2011, 01:50:42 PM

Quote from: ?? on ??

I find it extremely disturbing how people jump in to mine without having the source or even knowing the generation algorithm. It's like an early adopter mental disorder or something.

Reading the source is a terribly inefficient way of checking for backdoors. Unless you *really* know what to look for, you could read source code 100 times and never realise that there was a backdoor in it.

You can learn a lot more far more quickly about how secure / full of trojans / likely to open up backdoors a program is by running it in a Virtual Machine and inspecting what it does while running.

But of course you know this. These accusations are simply FUD, anyone with half a brain can see that.

He may not know what to look for, but I do. If I were to find something, I could post the filename, the line number, and why it is a problem. Then others can validate what I posted. Then you would have a measure of confidence that there was a problem. I couldn't prove the code to be secure, but I would have the opportunity to prove the code to be insecure (if any flaws exist). It is the difference between "evidence of absence" and "absence of evidence". Security through obscurity mistakes one for the other.

Just as an aside, I wouldn't activate any trojans until after a cooling off period has expired. Gotta suck in the fish before you pull the net closed. Wink

REAL SMART MAN !!!

k9quaint

legendary

Activity: 1190

Merit: 1000

Quote from: Ten98 on October 08, 2011, 01:50:42 PM

Quote from: ?? on ??

I find it extremely disturbing how people jump in to mine without having the source or even knowing the generation algorithm. It's like an early adopter mental disorder or something.

Reading the source is a terribly inefficient way of checking for backdoors. Unless you *really* know what to look for, you could read source code 100 times and never realise that there was a backdoor in it.

You can learn a lot more far more quickly about how secure / full of trojans / likely to open up backdoors a program is by running it in a Virtual Machine and inspecting what it does while running.

But of course you know this. These accusations are simply FUD, anyone with half a brain can see that.

He may not know what to look for, but I do. If I were to find something, I could post the filename, the line number, and why it is a problem. Then others can validate what I posted. Then you would have a measure of confidence that there was a problem. I couldn't prove the code to be secure, but I would have the opportunity to prove the code to be insecure (if any flaws exist). It is the difference between "evidence of absence" and "absence of evidence". Security through obscurity mistakes one for the other.

Just as an aside, I wouldn't activate any trojans until after a cooling off period has expired. Gotta suck in the fish before you pull the net closed. Wink

Lolcust

member

Activity: 112

Merit: 11

Hillariously voracious

Quote from: Ten98 on October 08, 2011, 02:00:24 PM

I think you already know the reason for witholding the source prior to release, and I think we both know why you are the loudest voice demanding it.

To be honest - and I am being absolutely sincere - I can not imagine a legitimate reason to conceal sources.

If the PoW algorithm is sound, if the system is secure, and no nefarious components are being present, then availability of sources can not in any way harm SC2 and in fact can only benefit it, since everyone will be able to be personally impressed by the...ahem...solidness of the code.

I don't doubt that code is sound, so I am extremely perplexed by the fact that it is being withheld.

bulanula

hero member

Activity: 518

Merit: 500

Quote from: Ten98 on October 08, 2011, 02:00:24 PM

Quote from: Lolcust on October 08, 2011, 01:55:28 PM

bulanula, Ten wasn't even responding to me Cheesy

Or is John me now, too Roll Eyes

Like I said, I am quite sure that nothing foul is going on, but that makes concealment of sources even more pointless and perplexing...

I think you already know the reason for witholding the source prior to release, and I think we both know why you are the loudest voice demanding it.

Care to share that with us !? I honestly don't know the reason.

Ten98

sr. member

Activity: 1008

Merit: 250

Quote from: Lolcust on October 08, 2011, 01:55:28 PM

bulanula, Ten wasn't even responding to me Cheesy

Or is John me now, too Roll Eyes

Like I said, I am quite sure that nothing foul is going on, but that makes concealment of sources even more pointless and perplexing...

I think you already know the reason for witholding the source prior to release, and I think we both know why you are the loudest voice demanding it.

Lolcust

member

Activity: 112

Merit: 11

Hillariously voracious

bulanula, Ten wasn't even responding to me Cheesy

Or is John me now, too Roll Eyes

Like I said, I am quite sure that nothing foul is going on, but that makes concealment of sources even more pointless and perplexing...

Topic: SolidCoin v2.0 Public Beta (Read 6267 times)