Topic: Steem pyramid scheme revealed - page 62. (Read 107058 times)

https://steemit.com/steemit/@derekareith/how-steemit-scammed-me-out-of-usd0

Ok...

edit: I just noticed BTC @ 630something... SDs just got cheaper, lol...

No, the curation reward is a pool. It has to be paid to someone.

Some strategies might be more profitable than others. I don't understand the last round of changes to the reward algorithm well enough to say whether number of votes is completely irrelevant or not (it should be imo, but they don't ask me). But either way, someone will be getting rewarded.

Also, there is no such thing as a "fake" upvote bot. If a vote transaction makes it to the blockchain, it is real.

Can the curation rewards be diminished through fake upvote bots so as to render curation unprofitable?

My theoretical attack scenario, which may or may not work (I don't know what the code does), is the following:

An article is posted. One launches 500 upvotes through a bot of theirs after 15m, and another 500 after 30m. These upvotes are minimal value and even with very low voting power (because they are bots and do the same all over the place in other posts). So when rewards are calculated, and a guy is now the 1030th voter, his weight (due to being 1030) is very very low - thus when his reward is multiplied with his weight, he gets almost nothing. But the bots get nothing either due to no SP and very low voting power - it's just done to disrupt curation rewards.

Is it possible?

I haven't studied the recently open sourced Steemit.com (the UI) source code in great detail yet, but I presume it is for example downloading the entire blog content again even when it has not been edited, i.e. caching might be fairly unsophisticated. This could be another reason to open source it, so that others can try to optimize so that massive scaling of usership can be accomodated. Note that users have a bandwidth limit according to their stake, but I don't know how fine-grained this accounted. There are lots of details like this lurking, so naive investors should not just assume they can scale technically (not to mention the economic and feature hurdles that I think may limit adoption).

In short, the devil is in the details and you can't extrapolate from 1000 simultaneous users to millions. You don't just add servers. There are complex issues.

But that doesn't entirely answer my question. How can any other non-witness nodes communicate with the witnesses if they don't know the IP addresses of the witnesses?

Had you seen my edit:


It seems to me the way to do this is the witnesses will expose disposable IP addresses to the non-witness nodes, which I presume can be obtained from cloud hosting services. And those of these disposable IP addresses which are DDoS attacked, are then discarded and replaced with new IP addresses. Some cloud services can bring up a new node in less than a minute. So these cloud nodes are operated by the witnesses and thus they know the secret IP addresses of the witness. Am I correct this is how it is done? And if a hacker breaks into the cloud service, then the witness will need to replace its secret IP addresses (and also physical locations) with the backup ones?

And those IPs can be dynamic because clients can be seeded via DNS:

https://en.bitcoin.it/wiki/Satoshi_Client_Node_Discovery#DNS_Addresses
http://bitcoin.stackexchange.com/questions/3536/how-do-bitcoin-clients-find-each-other#answer-11273

The IP addresses and physical locations of the witnesses are well-guarded secrets. The witnesses use different, mostly undisclosed, measures to protect their nodes. Most if not all witnesses have dedicated backup nodes at different locations. An attacker would need to identify and bring down a majority of the existing witnesses simultaneously, including backups, to prevent block production. If the attack only succeeds in bringing down a minority, then then those successfully attacked can easily be voted out and replaced by backup witnesses.

I'm not going to say this is an impossible scenario but it doesn't really seem to rank highly on the list of realistic concerns.

He took it down to remove the login feature. It is back up now.

smooth can you help me understand how the 19 witnesses on the Steem blockchain can avoid a flood bandwidth DDoS attack?

I read a claim that the worst of such attacks have exceeded 1 Tbps. Since the P2P network has to know the IP addresses of these 19 witnesses, then these IP addresses are public. So doesn't the DDoS attack need only to flood the incoming bandwidth of those 19 witnesses in order to stall the blockchain?

Filtering by IP address won't protect against a bandwidth flood attack that overwhelms the incoming bandwidth, e.g. the cost of 10 Gbps unmetered port is $2000+ per month. Afaics, each witness would need to spend $200,000 monthly to be able to absorb the maximum attack (presuming some DDoS protection service doesn't charge less for sharing the infrastructure since attacks may not be continuous).

In Bitcoin where any node is fungible with any other node, the DDoS any one (or 19) node(s) doesn't stall the network.

Am I missing something?

Btw, I glanced at the Graphene source code on Github and its seems the graphene/app and graphene/witness folders are missing? These are referenced in the source code but I don't see them in repository.



Edit: do each of these witnesses own multiple IP addresses and then carefully select their first level peers and give each one a different IP address and then discover which peer has given any IP address to an attacker?

Those first level peers then need to remain reasonably permanent, so then the DDoS problem shifts to them, but perhaps they can be more numerous say a couple hundred (if each witness selects a different set and each witness has say 10+ IP addresses), so each one only needs say on unmetered 10 Gbps connectivity.

As I noted on reddit:


I would if I ran it myself.

Personally I wouldn't trust a "replica" site...

Now that is down as well.

I would upvote that if the site wasn't down.

Another example of reasonably creative content that is only receiving a paltry reward. Much better if he had hired a sexy, throwback hippie babe to sing it on video.

Steemit is down right now, but Steemlt.com is available now:

https://www.reddit.com/r/steemit/comments/4vevdt/this_is_a_clone_of_steemitcom_fully_functionnal/

Just replace i with l in your urls.

Hilarious and predictable - politically correct woman tries teaching in "the hood".  Students assault her and destroy her car.  She's told to discriminate against white people to make the students happy, then after she leaves the school in fear, says it was a great and wonderful experience!

https://steemit.com/introduceyourself/@melek/punish-a-white-kid-first-the-rule-i-didn-t-follow

There are reports of girls and alien invasions on Steemit.  Cryptocurrency is now mainstream:

https://steemit.com/science/@envi.sage/mass-ufo-sighting-over-multiple-us-states-you-need-to-check-this-out

Have no idea--right now it seems like a bunch of zombies with game-addled brains mumbling, "Whales" as they wade through a morass of tits, bad poetry, and travel blogs--the one saving grace is the tech and finance sections, let's hope the rest catch up.

I still spend more time here as there's at least a chance of an interesting discussion.

Agreed if they amass a large enough ecosystem. Otherwise there aren't the economies-of-scale to make it more convenient often enough to make it worth the proliferation of ways to pay.

As I said, when they approach 100 million users, yes indeed! But IMO I don't think they can get there.

This is a good read:

https://steemit.com/steemit/@coinfund/perspective-customer-acquisition-and-retention-on-steemit
https://blog.coinfund.io/perspective-customer-acquisition-and-retention-on-steemit-327a7f21cd8e

Also this:

https://medium.com/@jbrukh/disruptive-technologies-speculative-capital-and-thinking-big-about-steemit-30426141347c

I see huge potential in the concept. My point is Steem messed up the rewards algorithm, the distribution at launch, and the ongoing investment demand. Difficult to compete (even with a first mover timing advantage) against a project which fixes those issues which afaics are insoluble in Steem (assuming I am correct that those key attributes are not solvable for Steem and that they are critically important).

• They can't fix the distribution (far worse than a normal power-law distribution) even by giving away the 59 million SP tokens to free signups, if the attrition/abandonment rate remains 80%.
• I don't see any way they can fix the voting algorithm without also verifying every account to prevent Sybil attacks and also radically changing the way STEEM vs. STEEM POWER (SP) are structured, which I just don't see them able to do due to the vested interests in SP already.
• They can't fix the medium-term investment demand case (to provide increasing liquidity) without radically changing the way STEEM vs. STEEM POWER (SP) are structured, which I just don't see them able to do due to the vested interests in SP already.

It may provide some improvement, but...

That doesn't entirely fix rankings within a tag (whales will still drive the top rankings in the tags they vote in) nor entirely rewards for content (since even though I may see more of the content I am interested in, my minnow vote still won't be worth much). Meritorious rewards are necessary to drive serious blogger effort and vestment in the site (since paid content is their main claim of differentiation from Medium, Reddit, and other similar sites, and the blockchain isn't decentralized any way so the idealism sales pitch isn't defensible). That still doesn't provide a medium-term investment demand to sustain the price and market cap (especially when competition arrives that does provide such).

If Bitcointalk.org is any indication, users are head-headed and will create numerous duplicate tags (as threads they do here). Do I ignore those other threads just because there are more popular threads? Not entirely. Thus there is an incentive to proliferate tags.

I suppose the author can attach numerous tags to his post, but that becomes a pita for the author to keep track of all the various ones, and new tags may need to be added to his post over time to keep his post in all relevant tags.

It would be much better if I could (either automatically or by some manual action) subscribe to like-minded interests and have all those posts come to me, regardless of how the author has tagged them. However, I might share some interests with another person but not all their interests, so merely following another person's sharings will spam me with content I am not interested in.

Another reason to proliferate tags is that others are dumping shit into a tag that I think isn't applicable to that tag. Or some author wants to differentiate her content from other content in a tag. Diversity and degrees-of-freedom will dictate that master tags won't dominate.

I have a design idea of how to get the best of both.