Bitcoin Forum>Alternate cryptocurrencies>Altcoin Discussion
Pages:
Author

Topic: Steemit how can this thing be workable long term? - page 6. (Read 32319 times)

iamnotback
sr. member
Activity: 336
Merit: 265
Re: Steemit how can this thing be workable long term?
July 22, 2016, 10:09:03 PM
#759
Quote from: iamnotback on July 22, 2016, 05:22:59 PM
@bacchist spreading misinformation!

https://steemit.com/interest/@bacchist/steem-power-interest-is-not-compound-interest#@anonymint/re-bacchist-steem-power-interest-is-not-compound-interest-20160722t210825416z

There are dumb motherfuckers over at Steemit.
generalizethis
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
Re: Steemit how can this thing be workable long term?
July 22, 2016, 10:07:56 PM
#758
https://steemit.com/news/@generalizethis/smooth-discusses-future-security-of-steemit

smooth
legendary
Activity: 2968
Merit: 1198
Re: Steemit how can this thing be workable long term?
July 22, 2016, 09:55:44 PM
#757
Quote from: generalizethis on July 22, 2016, 09:45:22 PM
Quote from: smooth on July 22, 2016, 09:41:05 PM
Quote from: generalizethis on July 22, 2016, 09:39:55 PM
Quote from: smooth on July 22, 2016, 09:26:38 PM
Quote from: generalizethis on July 22, 2016, 09:09:14 PM
Quote from: smooth on July 22, 2016, 09:02:55 PM
Quote from: illyiller on July 22, 2016, 08:52:27 PM
I recently read that Steem's JavaScript wallet system stores the hash of a user's password on the blockchain. This would essentially reduce security to the level of brain wallets. Doesn't this open the possibility of brute force attacks to compromise many of those wallets? All it would take is cheap cracking software and some hundreds of low-hanging fruit wallets with weak passwords.

Recently it was changed to generate exclusively high entropy passwords.






Building on that--what are the plans for further security upgrades? I read a bit on the witness security, but it's been a few days and can't remember the details....

I don't know the witness security thing but the main direction on security seems to be account recovery. This approach accepts that keys will be compromised but makes it less costly. Already there is a system where a compromised account can be returned to its original owner. Next up will be time locked access controls so if an account is compromised, limits apply to the amount of funds that can be removed from the account before it is recovered (this already applied to Steem Power and will be added to the other asset times). The final form of recovery that is planned is being able to designate a group of friends and family (essentially a form of multisig) who can approve recovery from lost keys (including death of the owner without leaving access to the keys to anyone).

Is there a write-up of those features?

https://steemit.com/blockchain/@dan/does-blockchain-security-need-to-be-completely-reworked
https://steemit.com/blockchain/@dan/steemit-releases-groundbreaking-account-recovery-solution

Permission to quote you?/

Sure
generalizethis
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
Re: Steemit how can this thing be workable long term?
July 22, 2016, 09:45:22 PM
#756
Quote from: smooth on July 22, 2016, 09:41:05 PM
Quote from: generalizethis on July 22, 2016, 09:39:55 PM
Quote from: smooth on July 22, 2016, 09:26:38 PM
Quote from: generalizethis on July 22, 2016, 09:09:14 PM
Quote from: smooth on July 22, 2016, 09:02:55 PM
Quote from: illyiller on July 22, 2016, 08:52:27 PM
I recently read that Steem's JavaScript wallet system stores the hash of a user's password on the blockchain. This would essentially reduce security to the level of brain wallets. Doesn't this open the possibility of brute force attacks to compromise many of those wallets? All it would take is cheap cracking software and some hundreds of low-hanging fruit wallets with weak passwords.

Recently it was changed to generate exclusively high entropy passwords.






Building on that--what are the plans for further security upgrades? I read a bit on the witness security, but it's been a few days and can't remember the details....

I don't know the witness security thing but the main direction on security seems to be account recovery. This approach accepts that keys will be compromised but makes it less costly. Already there is a system where a compromised account can be returned to its original owner. Next up will be time locked access controls so if an account is compromised, limits apply to the amount of funds that can be removed from the account before it is recovered (this already applied to Steem Power and will be added to the other asset times). The final form of recovery that is planned is being able to designate a group of friends and family (essentially a form of multisig) who can approve recovery from lost keys (including death of the owner without leaving access to the keys to anyone).

Is there a write-up of those features?

https://steemit.com/blockchain/@dan/does-blockchain-security-need-to-be-completely-reworked
https://steemit.com/blockchain/@dan/steemit-releases-groundbreaking-account-recovery-solution

Permission to quote you?/

I think the security was the lightbulb for me--acknowledge the problem and solve it.
smooth
legendary
Activity: 2968
Merit: 1198
Re: Steemit how can this thing be workable long term?
July 22, 2016, 09:41:05 PM
#755
Quote from: generalizethis on July 22, 2016, 09:39:55 PM
Quote from: smooth on July 22, 2016, 09:26:38 PM
Quote from: generalizethis on July 22, 2016, 09:09:14 PM
Quote from: smooth on July 22, 2016, 09:02:55 PM
Quote from: illyiller on July 22, 2016, 08:52:27 PM
I recently read that Steem's JavaScript wallet system stores the hash of a user's password on the blockchain. This would essentially reduce security to the level of brain wallets. Doesn't this open the possibility of brute force attacks to compromise many of those wallets? All it would take is cheap cracking software and some hundreds of low-hanging fruit wallets with weak passwords.

Recently it was changed to generate exclusively high entropy passwords.






Building on that--what are the plans for further security upgrades? I read a bit on the witness security, but it's been a few days and can't remember the details....

I don't know the witness security thing but the main direction on security seems to be account recovery. This approach accepts that keys will be compromised but makes it less costly. Already there is a system where a compromised account can be returned to its original owner. Next up will be time locked access controls so if an account is compromised, limits apply to the amount of funds that can be removed from the account before it is recovered (this already applied to Steem Power and will be added to the other asset times). The final form of recovery that is planned is being able to designate a group of friends and family (essentially a form of multisig) who can approve recovery from lost keys (including death of the owner without leaving access to the keys to anyone).

Is there a write-up of those features?

https://steemit.com/blockchain/@dan/does-blockchain-security-need-to-be-completely-reworked
https://steemit.com/blockchain/@dan/steemit-releases-groundbreaking-account-recovery-solution
generalizethis
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
Re: Steemit how can this thing be workable long term?
July 22, 2016, 09:39:55 PM
#754
Quote from: smooth on July 22, 2016, 09:26:38 PM
Quote from: generalizethis on July 22, 2016, 09:09:14 PM
Quote from: smooth on July 22, 2016, 09:02:55 PM
Quote from: illyiller on July 22, 2016, 08:52:27 PM
I recently read that Steem's JavaScript wallet system stores the hash of a user's password on the blockchain. This would essentially reduce security to the level of brain wallets. Doesn't this open the possibility of brute force attacks to compromise many of those wallets? All it would take is cheap cracking software and some hundreds of low-hanging fruit wallets with weak passwords.

Recently it was changed to generate exclusively high entropy passwords.






Building on that--what are the plans for further security upgrades? I read a bit on the witness security, but it's been a few days and can't remember the details....

I don't know the witness security thing but the main direction on security seems to be account recovery. This approach accepts that keys will be compromised but makes it less costly. Already there is a system where a compromised account can be returned to its original owner. Next up will be time locked access controls so if an account is compromised, limits apply to the amount of funds that can be removed from the account before it is recovered (this already applied to Steem Power and will be added to the other asset times). The final form of recovery that is planned is being able to designate a group of friends and family (essentially a form of multisig) who can approve recovery from lost keys (including death of the owner without leaving access to the keys to anyone).

Is there a write-up of those features?
BlindMayorBitcorn
legendary
Activity: 1260
Merit: 1115
Re: Steemit how can this thing be workable long term?
July 22, 2016, 09:32:17 PM
#753
Quote from: iCEBREAKER on July 22, 2016, 09:22:40 PM
Quote from: BlindMayorBitcorn on July 22, 2016, 07:33:42 PM


Quote from: iCEBREAKER on June 30, 2016, 05:31:46 PM

Good work.   Using shitcoin pumps to help is great.


I hope (lifestyle-altering amounts of) scamshilling doesn't change smooth.

It would suck if he spent all his time on beaches with his fingers around rum-soaked bollocks, instead of slumming around the altcoin ghetto with us.   Cheesy

It really is that easy.
smooth
legendary
Activity: 2968
Merit: 1198
Re: Steemit how can this thing be workable long term?
July 22, 2016, 09:26:38 PM
#752
Quote from: generalizethis on July 22, 2016, 09:09:14 PM
Quote from: smooth on July 22, 2016, 09:02:55 PM
Quote from: illyiller on July 22, 2016, 08:52:27 PM
I recently read that Steem's JavaScript wallet system stores the hash of a user's password on the blockchain. This would essentially reduce security to the level of brain wallets. Doesn't this open the possibility of brute force attacks to compromise many of those wallets? All it would take is cheap cracking software and some hundreds of low-hanging fruit wallets with weak passwords.

Recently it was changed to generate exclusively high entropy passwords.




Building on that--what are the plans for further security upgrades? I read a bit on the witness security, but it's been a few days and can't remember the details....

I don't know the witness security thing but the main direction on security seems to be account recovery. This approach accepts that keys will be compromised but makes it less costly. Already there is a system where a compromised account can be returned to its original owner. Next up will be time locked access controls so if an account is compromised, limits apply to the amount of funds that can be removed from the account before it is recovered (this already applies to Steem Power and will be added to the other asset times). The final form of recovery that is planned is being able to designate a group of friends and family (essentially a form of multisig) who can approve recovery from lost keys (including death of the owner without leaving access to the keys to anyone).

iCEBREAKER
legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
Re: Steemit how can this thing be workable long term?
July 22, 2016, 09:22:40 PM
#751
Quote from: BlindMayorBitcorn on July 22, 2016, 07:33:42 PM


Quote from: iCEBREAKER on June 30, 2016, 05:31:46 PM

Good work.  Keep stealing ch33p XMR from the market and hloding them in your strong hands.  Using shitcoin pumps to help is some great jujutsu.


I hope (lifestyle-altering amounts of) money doesn't change smooth.

It would suck if he spent all his time on beaches in hammocks with rum-heavy tropical drinks, instead of slumming around the altcoin ghetto with us.   Cheesy
generalizethis
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
Re: Steemit how can this thing be workable long term?
July 22, 2016, 09:09:14 PM
#750
Quote from: smooth on July 22, 2016, 09:02:55 PM
Quote from: illyiller on July 22, 2016, 08:52:27 PM
I recently read that Steem's JavaScript wallet system stores the hash of a user's password on the blockchain. This would essentially reduce security to the level of brain wallets. Doesn't this open the possibility of brute force attacks to compromise many of those wallets? All it would take is cheap cracking software and some hundreds of low-hanging fruit wallets with weak passwords.

Recently it was changed to generate exclusively high entropy passwords.




Building on that--what are the plans for further security upgrades? I read a bit on the witness security, but it's been a few days and can't remember the details....
smooth
legendary
Activity: 2968
Merit: 1198
Re: Steemit how can this thing be workable long term?
July 22, 2016, 09:02:55 PM
#749
Quote from: illyiller on July 22, 2016, 08:52:27 PM
I recently read that Steem's JavaScript wallet system stores the hash of a user's password on the blockchain. This would essentially reduce security to the level of brain wallets. Doesn't this open the possibility of brute force attacks to compromise many of those wallets? All it would take is cheap cracking software and some hundreds of low-hanging fruit wallets with weak passwords.

Recently it was changed to generate exclusively high entropy passwords.


illyiller
hero member
Activity: 697
Merit: 520
Re: Steemit how can this thing be workable long term?
July 22, 2016, 08:52:27 PM
#748
I recently read that Steem's JavaScript wallet system stores the hash of a user's password on the blockchain. This would essentially reduce security to the level of brain wallets. Doesn't this open the possibility of brute force attacks to compromise many of those wallets? All it would take is cheap cracking software and some hundreds of low-hanging fruit wallets with weak passwords.
smooth
legendary
Activity: 2968
Merit: 1198
Re: Steemit how can this thing be workable long term?
July 22, 2016, 08:36:05 PM
#747
Quote from: AlexGR on July 22, 2016, 07:23:58 PM
Quote from: smooth on July 22, 2016, 02:52:05 PM
Quote from: iamnotback on July 22, 2016, 02:44:23 PM
Quote from: smooth on July 22, 2016, 02:38:23 PM
Whales will become totally irrelevant when the user base and posting volume increases by 10x or 100x or even 1000x. There just aren't that many whales and whales have the same voting power restrictions as anyone else. A rare whale sighting will be a big deal.

You presume all whales are benevolent. Stake will eventually end up in a power-law distribution, because perpetual 100% debasement is not sustainable (even the transactions fees of the entire earth could not support it).

Also it is incorrect to say they play by the same rules. 3 x 3 = 9 is not 1/2 of 6 x 6 = 36.

Any way, I have proposed a partial solution.

By voting power I was referring to the declining weight according to frequency of votes placed. Just like anyone else, whales can only make about 40 votes per day without depleting their voting power. So with millions of posts and comments and a handful of whales making at most 40 votes per day each, do the math.

Seems there'll* be a fix for that:

https://steemit.com/crypto-news/@dana-edwards/attention-based-stigmergic-distributed-collaborative-organizations#@alexgr/re-dana-edwards-re-pino-re-dana-edwards-attention-based-stigmergic-distributed-collaborative-organizations-20160722t201600593z

* (already is, but not in the UI)

Yes you can voluntarily reduce your power per vote (I do this occasionally in the CLI) but then you are effectively transformed into a to a group of smaller stakeholders (using 1/10 the vote power as your base vote weight, you can vote as if you were 10 stakeholders each at 1/10 size).
Pheonike
newbie
Activity: 46
Merit: 0
Re: Steemit how can this thing be workable long term?
July 22, 2016, 08:01:47 PM
#746
The point of the stopping sign-ups was to revamp the security.  Users must use a strong password generated for them by browser now. The passwords that some people were using were easy to brute force. Some much FUD on this site. This place is the definition of crabs in a barrel.
AlexGR
legendary
Activity: 1708
Merit: 1045
Re: Steemit how can this thing be workable long term?
July 22, 2016, 07:44:16 PM
#745
If they are selling: "Oh they are dumping! They are cashing out"

If they aren't selling: "Oh they are pumping the price through artificial liquidity shortage because they control all the coins! Bastards!"

...so no matter what they do they will get criticism.

iamnotback
sr. member
Activity: 336
Merit: 265
Re: Steemit how can this thing be workable long term?
July 22, 2016, 07:39:29 PM
#744
Quote from: BlindMayorBitcorn on July 22, 2016, 07:33:42 PM
Quote from: smooth on July 22, 2016, 04:18:13 PM
Quote from: magicalacademy on July 22, 2016, 04:16:19 PM
To me everything points to the former, closing registration + extending payout time in a last ditch effort to retain value of the hyper-inflated currency...

Registration is open.

Furthermore closing registration is pretty much the very last thing a Ponzi scheme would ever want to do.

I think it's great to see the big fish of monero debone his own reputation for this. You get hundreds of thousands of dollars, I get something to point at and laugh. So this is win-win. Almost...

He is the big winner if he can cash out. Good guys finish last.

Someone wrote today that Ned is raking in $700K per week.
BlindMayorBitcorn
legendary
Activity: 1260
Merit: 1115
Re: Steemit how can this thing be workable long term?
July 22, 2016, 07:33:42 PM
#743
Quote from: smooth on July 22, 2016, 04:18:13 PM
Quote from: magicalacademy on July 22, 2016, 04:16:19 PM
To me everything points to the former, closing registration + extending payout time in a last ditch effort to retain value of the hyper-inflated currency...

Registration is open.

Furthermore closing registration is pretty much the very last thing a Ponzi scheme would ever want to do.

I think it's great to see the big fish of monero debone his own reputation for this. You get hundreds of thousands of dollars, I get something to point at and laugh. So this is win-win. Almost...
AlexGR
legendary
Activity: 1708
Merit: 1045
Re: Steemit how can this thing be workable long term?
July 22, 2016, 07:23:58 PM
#742
Quote from: smooth on July 22, 2016, 02:52:05 PM
Quote from: iamnotback on July 22, 2016, 02:44:23 PM
Quote from: smooth on July 22, 2016, 02:38:23 PM
Whales will become totally irrelevant when the user base and posting volume increases by 10x or 100x or even 1000x. There just aren't that many whales and whales have the same voting power restrictions as anyone else. A rare whale sighting will be a big deal.

You presume all whales are benevolent. Stake will eventually end up in a power-law distribution, because perpetual 100% debasement is not sustainable (even the transactions fees of the entire earth could not support it).

Also it is incorrect to say they play by the same rules. 3 x 3 = 9 is not 1/2 of 6 x 6 = 36.

Any way, I have proposed a partial solution.

By voting power I was referring to the declining weight according to frequency of votes placed. Just like anyone else, whales can only make about 40 votes per day without depleting their voting power. So with millions of posts and comments and a handful of whales making at most 40 votes per day each, do the math.

Seems there'll* be a fix for that:

https://steemit.com/crypto-news/@dana-edwards/attention-based-stigmergic-distributed-collaborative-organizations#@alexgr/re-dana-edwards-re-pino-re-dana-edwards-attention-based-stigmergic-distributed-collaborative-organizations-20160722t201600593z

* (already is, but not in the UI)
iamnotback
sr. member
Activity: 336
Merit: 265
Re: Steemit how can this thing be workable long term?
July 22, 2016, 05:22:59 PM
#741
@bacchist spreading misinformation!

https://steemit.com/interest/@bacchist/steem-power-interest-is-not-compound-interest#@anonymint/re-bacchist-steem-power-interest-is-not-compound-interest-20160722t210825416z
smooth
legendary
Activity: 2968
Merit: 1198
Re: Steemit how can this thing be workable long term?
July 22, 2016, 04:18:13 PM
#740
Quote from: magicalacademy on July 22, 2016, 04:16:19 PM
To me everything points to the former, closing registration + extending payout time in a last ditch effort to retain value of the hyper-inflated currency...

Registration is open.

Furthermore closing registration is pretty much the very last thing a Ponzi scheme would ever want to do.
Pages:
Bitcoin Forum>Alternate cryptocurrencies>Altcoin Discussion
Jump to: