Pages:
Author

Topic: There was no DAO hack (Read 11675 times)

legendary
Activity: 1267
Merit: 1000
June 29, 2016, 02:43:48 AM
legendary
Activity: 994
Merit: 1035
June 28, 2016, 01:24:46 PM
legendary
Activity: 3836
Merit: 4969
Doomed to see the future and unable to prevent it
June 28, 2016, 11:23:25 AM

Well from what I've been able to gather the flaw is built into the "Gas", IOW the ETH language for the contracts is inherently flawed so it matters not if it's DAO or some other contract there will be a (multiple?) flaw/s inherited. Is this a correct assumption?

Yes and no, but mostly no (imo).

A lot of the complexity in the design of Ethereum and in the correct coding of contracts comes as a consequences of the requirement to abruptly terminate execution when gas runs out.

But aside from being complex and perhaps a bad design or even a bad idea from the very beginning, there are no flaws of which I'm aware in how the gas mechanism works. It working as designed.

Whether that constitutes 'inherently flawed' is a matter of opinion.

Always glad your around to clear up misconceptions and cut through all the noise. Smiley

So the Ethereum itself is quite safe, or not buggy. The problem is in the writing or the coding of the contract.

Incorrect.

If that is incorrect, is that a fundamental flaw that cannot be reparied by removing the loopholes? If so, why the price is not below $5?

Well the answer to that is simple, the entire coin is speculator fueled.
hero member
Activity: 532
Merit: 500
June 28, 2016, 10:24:10 AM

Well from what I've been able to gather the flaw is built into the "Gas", IOW the ETH language for the contracts is inherently flawed so it matters not if it's DAO or some other contract there will be a (multiple?) flaw/s inherited. Is this a correct assumption?

Yes and no, but mostly no (imo).

A lot of the complexity in the design of Ethereum and in the correct coding of contracts comes as a consequences of the requirement to abruptly terminate execution when gas runs out.

But aside from being complex and perhaps a bad design or even a bad idea from the very beginning, there are no flaws of which I'm aware in how the gas mechanism works. It working as designed.

Whether that constitutes 'inherently flawed' is a matter of opinion.

Always glad your around to clear up misconceptions and cut through all the noise. Smiley

So the Ethereum itself is quite safe, or not buggy. The problem is in the writing or the coding of the contract.

Incorrect.

If that is incorrect, is that a fundamental flaw that cannot be reparied by removing the loopholes? If so, why the price is not below $5?
sr. member
Activity: 336
Merit: 265
June 28, 2016, 03:53:33 AM

Well from what I've been able to gather the flaw is built into the "Gas", IOW the ETH language for the contracts is inherently flawed so it matters not if it's DAO or some other contract there will be a (multiple?) flaw/s inherited. Is this a correct assumption?

Yes and no, but mostly no (imo).

A lot of the complexity in the design of Ethereum and in the correct coding of contracts comes as a consequences of the requirement to abruptly terminate execution when gas runs out.

But aside from being complex and perhaps a bad design or even a bad idea from the very beginning, there are no flaws of which I'm aware in how the gas mechanism works. It working as designed.

Whether that constitutes 'inherently flawed' is a matter of opinion.

Always glad your around to clear up misconceptions and cut through all the noise. Smiley

So the Ethereum itself is quite safe, or not buggy. The problem is in the writing or the coding of the contract.

Incorrect.
sr. member
Activity: 446
Merit: 250
Unpaid signature.
June 28, 2016, 03:26:21 AM

Well from what I've been able to gather the flaw is built into the "Gas", IOW the ETH language for the contracts is inherently flawed so it matters not if it's DAO or some other contract there will be a (multiple?) flaw/s inherited. Is this a correct assumption?

Yes and no, but mostly no (imo).

A lot of the complexity in the design of Ethereum and in the correct coding of contracts comes as a consequences of the requirement to abruptly terminate execution when gas runs out.

But aside from being complex and perhaps a bad design or even a bad idea from the very beginning, there are no flaws of which I'm aware in how the gas mechanism works. It working as designed.

Whether that constitutes 'inherently flawed' is a matter of opinion.

Always glad your around to clear up misconceptions and cut through all the noise. Smiley

So the Ethereum itself is quite safe, or not buggy. The problem is in the writing or the coding of the contract.
legendary
Activity: 3836
Merit: 4969
Doomed to see the future and unable to prevent it
June 27, 2016, 03:43:05 PM

Well from what I've been able to gather the flaw is built into the "Gas", IOW the ETH language for the contracts is inherently flawed so it matters not if it's DAO or some other contract there will be a (multiple?) flaw/s inherited. Is this a correct assumption?

Yes and no, but mostly no (imo).

A lot of the complexity in the design of Ethereum and in the correct coding of contracts comes as a consequences of the requirement to abruptly terminate execution when gas runs out.

But aside from being complex and perhaps a bad design or even a bad idea from the very beginning, there are no flaws of which I'm aware in how the gas mechanism works. It working as designed.

Whether that constitutes 'inherently flawed' is a matter of opinion.

Always glad your around to clear up misconceptions and cut through all the noise. Smiley
legendary
Activity: 2968
Merit: 1198
June 27, 2016, 03:41:45 PM
He was suggesting a fork that would block some or all transactions unless they have ID attached, a form of whitelisting. It is the method of 51% attacking the coin to hold it hostage to demand design changes. It might work, but waiting out the attacker is another option. The more of a backlog of fee-paying transactions develop that the attacker won't process, the more incentive there is for other miners to join.

IC, thx for clarifying that for me.

smooth thank you for the honest re-summary of my statement.

smooth actually including the viewkey, not necessary an ID.

smooth I am thinking of 10X hashrate attack as well, not just a 51% attack, which I had explained in the other thread is much more brutal on the other miners. In either case, the attacker can change the protocol to award his miners the fees from "incorrect transactions", while refusing to process the other outputs. So sorry your logic is refuted. The payer's input becomes spent/confiscated and the Cryptonote rings can do nothing to stop this.

Miners, including attacking miners, can not 'change the protocol'. They can hold the chain hostage by blocking transactions which may work as a sort of leverage to push through protocol changes, but that depends a lot on the wider context.
legendary
Activity: 2968
Merit: 1198
June 27, 2016, 03:39:44 PM

Well from what I've been able to gather the flaw is built into the "Gas", IOW the ETH language for the contracts is inherently flawed so it matters not if it's DAO or some other contract there will be a (multiple?) flaw/s inherited. Is this a correct assumption?

Yes and no, but mostly no (imo).

A lot of the complexity in the design of Ethereum and in the correct coding of contracts comes as a consequences of the requirement to abruptly terminate execution when gas runs out.

But aside from being complex and perhaps a bad design or even a bad idea from the very beginning, there are no flaws of which I'm aware in how the gas mechanism works. It working as designed.

Whether that constitutes 'inherently flawed' is a matter of opinion.
full member
Activity: 236
Merit: 100
June 27, 2016, 02:38:08 PM

Well from what I've been able to gather the flaw is built into the "Gas", IOW the ETH language for the contracts is inherently flawed so it matters not if it's DAO or some other contract there will be a (multiple?) flaw/s inherited. Is this a correct assumption?

If that is the case, you can attack any contracts now. Why just the DAO was attacked?
legendary
Activity: 3836
Merit: 4969
Doomed to see the future and unable to prevent it
June 27, 2016, 10:20:26 AM

Well from what I've been able to gather the flaw is built into the "Gas", IOW the ETH language for the contracts is inherently flawed so it matters not if it's DAO or some other contract there will be a (multiple?) flaw/s inherited. Is this a correct assumption?
sr. member
Activity: 336
Merit: 265
June 27, 2016, 08:28:25 AM
Sorry, smooth, for getting this off-topic.

That anonymity discussion continues here.
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
June 27, 2016, 08:23:12 AM
When you have one global corporation (a group of companies beholden to their collective oligarchy) charging fees, this is equivalent to taxation. They will charge their failures to the collective and keep the profits. It is just a world government by another name.

And I agree they will want privacy, except they will demand to have the masterkey to see everything.

I totally agree with making privacy technology for corporations. I was emphasizing that months ago in the Thoughts on Zcash thread.

Individual focused anonymity technology has no market and no future.

Note we are threadjacking the DAO hack theme. So if we want to discuss the tangent further, it would be best to start a new thread or move discussion to an appropriate existing thread.

Fair enough. I think the only sticking point we would have is over the new corporate system's need to see people's private information as they would get their money upfront, while traditional governments have used taxation to get their money after the fact--so if you started a new thread, my point would be that you don't need an IRS if you have a national sales tax, and if the companies are collecting the fees for themselves, you don't need much, if any, oversight at all.

Sorry, smooth, for getting this off-topic.
sr. member
Activity: 336
Merit: 265
June 27, 2016, 08:15:06 AM
When you have one global corporation (a group of companies beholden to their collective oligarchy) charging fees, this is equivalent to taxation. They will charge their failures to the collective and keep the profits. It is just a world government by another name.

And I agree they will want privacy, except they will demand to have the masterkey to see everything.

I totally agree with making privacy technology for corporations. I was emphasizing that months ago in the Thoughts on Zcash thread.

Individual focused anonymity technology (i.e. resisting the "State" or collective outcome) has no market and no future (whereas privacy controlled by corporations does). I don't like this realization. I am ready to retire to some obscure place and ignore the world. (but first I'll try to make my technology contribution, health willing)

Note we are threadjacking the DAO hack theme. So if we want to discuss the tangent further, it would be best to start a new thread or move discussion to an appropriate existing thread.
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
June 27, 2016, 08:03:22 AM
The corporation will still charge the costs to the collective and keep the profits for themselves. And it will still be a power vacuum of winner takes all. So it doesn't change my argument.

Corporate-fascism is just the State by another name. It will be multi-national, i.e. a world governance.

But that doesn't change my point about taxation--it's more efficient to just charge fees onto purchases, and the corporate algorithm machine will figure this out, which means anonymous coins aren't a threat and actually give them better ways to secure the information associated with their finances. I can't imagine any company who would want their payroll or research and development funds tracked on an a clear blockchain or a traditional bank. My inkling is that banks adopt means to keep these records safe from human eyes or the corporate world does it for them.
sr. member
Activity: 336
Merit: 265
June 27, 2016, 07:56:06 AM
The corporation will still charge the costs to the collective and keep the profits for themselves. And it will still be a power vacuum of winner takes all. So it doesn't change my argument.

Corporate-fascism is just the State by another name. It will be multi-national, i.e. a world governance.

I agree corporations will want privacy features, and months ago I urged Monero to look more in that direction. I explained that Zcash might have a better technology for that, c.f. the Thoughts on Zcash thread for that. Unfortunately that might not support the current valuation of the current individual focused ecosystem. I don't know. Someone would need to think that out.

And again, I like my recent discovery of how to do more efficient and non-simultaneity off chain anonymity, as perhaps better than both Zcash and RingCT, but I can't be sure yet because so far that is only a rough sketch in my mind and some private discussions.
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
June 27, 2016, 07:50:00 AM
He was suggesting a fork that would block some or all transactions unless they have ID attached, a form of whitelisting. It is the method of 51% attacking the coin to hold it hostage to demand design changes. It might work, but waiting out the attacker is another option. The more of a backlog of fee-paying transactions develop that the attacker won't process, the more incentive there is for other miners to join.

IC, thx for clarifying that for me.

smooth thank you for the honest re-summary of my statement.

smooth actually including the viewkey, not necessary an ID.

smooth I am thinking of 10X hashrate attack as well, not just a 51% attack, which I had explained in the other thread is much more brutal on the other miners. In either case, the attacker can change the protocol to award his miners the fees from "incorrect transactions", while refusing to process the other outputs. So sorry your logic is refuted. The payer's input becomes spent/confiscated and the Cryptonote rings can do nothing to stop this.

Mea culpa. I got some sleep, then upon awakening, I realized smooth is correct. If the 51% (or 10X) attacker adds the transaction to the block chain, even if it interprets that only the fee UXTO is spendable, then when the other outputs are spent, it must add those transactions in order to take their fees.

So indeed as the transaction fees excluded from the block chain accumulate to be greater in value than the excess hashrate possessed by the attacker, then honest miners are economically incentivized to process the blacklisted transactions.

However, the attacker may drive the exchange value of the token so low by attacking it, that the transaction fees might have to accumulate over very long periods of time. Perhaps the excessive delays (a year?) would spiral the exchange value downwards and/or many users would capitulate and provide the viewkey required.

So actually smooth is only correct if the number of users of the token who don't capitulate is greater than those who do (presuming the attacker has an externally funded incentive to attack providing the excess hashrate in the first place), otherwise the attacker will have more funding than the honest miners. Because even if the honest miners include the capitulated transaction, the attacker can blacklist those blocks due to the attacker's higher level of base hashrate aforementioned.

In other words, the success of the defense smooth advocates is quite slim, because if the token ecosystem is only composed of diehards, then it is likely won't have a very high base hashrate, thus an attacker with a higher base hashrate is more likely. Whereas, if the token ecosystem is composed of the masses, then most are likely to capitulate.

Even if the token's protocol made anonymity mandatory on every transaction, such that users' clients would choose the minority hashrate fork which enforced the ban against capitulating users, the problem is it is possible to capitulate external to the block chain data, thus there would be no means by which the users' clients could discern which transactions capitulated.

It seems that it is impossible to make a minority block chain protocol that defies the desires of the majority and their collectively funded State (which can charge the cost of attacking a minority block chain to the collective, even surreptitiously). Ironically, AnonyMint had written about this in 2013.

This is why I became less focused on the anonymity feature over time. I always wanted it and was trying to find a way to perfect it, but really what we need is to make decentralized money popular. And hope that some good comes from that. We can't actually succeed by fighting the majority, unless our minority is very significant in size. I am hoping that microtransactions are so numerous and tiny, that the State can't afford to enforce some form of taxation on all of them. But I admit that eventually the global State will get organized and perfect the systems of digital control. It just seems inevitable. Only the will of the people at-large will decide if the State's power is curtailed.

Privacy on block chains could be a popular feature. But preventing the State from tracking criminals will not be popular. Thus the State must be given a viewkey. This is why I am more focused on scaling block chains, not only absolute anonymity. Privacy can be added with much less costly technology than the very heavy RingCT. That is why I was excited last month when I discovered a way to fix off chain anonymity and scale it.

The state is corporate (or becoming obviously so with every passing day--everything from prisons to schools becoming privatized), so assuming the state is the power who will bring down crypto is a no go for me. Rehash your analysis using corporate interest and you might see anonymous digital money as a great tool in their arsenal--the bigger the threat, the more likely it will be adopted. This would be obvipus if you took the time to read Delueze and understand old world discipline systems are being replaced by more efficient new world control systems. Now, will the new corporate state be afraid of anonymous cash? Probably not as it doesn't matter to them if people spend their money morally and they are being paid for services and not tax based in any traditional sense.
sr. member
Activity: 336
Merit: 265
June 27, 2016, 06:55:39 AM
He was suggesting a fork that would block some or all transactions unless they have ID attached, a form of whitelisting. It is the method of 51% attacking the coin to hold it hostage to demand design changes. It might work, but waiting out the attacker is another option. The more of a backlog of fee-paying transactions develop that the attacker won't process, the more incentive there is for other miners to join.

IC, thx for clarifying that for me.

smooth thank you for the honest re-summary of my statement.

smooth actually including the viewkey, not necessary an ID.

smooth I am thinking of 10X hashrate attack as well, not just a 51% attack, which I had explained in the other thread is much more brutal on the other miners. In either case, the attacker can change the protocol to award his miners the fees from "incorrect transactions", while refusing to process the other outputs. So sorry your logic is refuted. The payer's input becomes spent/confiscated and the Cryptonote rings can do nothing to stop this.

Mea culpa. I got some sleep, then upon awakening, I realized smooth is correct. If the 51% (or 10X) attacker adds the transaction to the block chain, even if it interprets that only the fee UXTO is spendable, then when the other outputs are spent, it must add those transactions in order to take their fees.

So indeed as the transaction fees excluded from the block chain accumulate to be greater in value than the excess hashrate possessed by the attacker, then honest miners are economically incentivized to process the blacklisted transactions.

However, the attacker may drive the exchange value of the token so low by attacking it, that the transaction fees might have to accumulate over very long periods of time. Perhaps the excessive delays (a year?) would spiral the exchange value downwards and/or many users would capitulate and provide the viewkey required.

So actually smooth is only correct if the number of users of the token who don't capitulate is greater than those who do (presuming the attacker has an externally funded incentive to attack providing the excess hashrate in the first place), otherwise the attacker will have more funding than the honest miners. Because even if the honest miners include the capitulated transaction, the attacker can blacklist those blocks due to the attacker's higher level of base hashrate aforementioned.

In other words, the success of the defense smooth advocates is quite slim, because if the token ecosystem is only composed of diehards, then it is likely won't have a very high base hashrate, thus an attacker with a higher base hashrate is more likely. Whereas, if the token ecosystem is composed of the masses, then most are likely to capitulate.

Even if the token's protocol made anonymity mandatory on every transaction, such that users' clients would choose the minority hashrate fork which enforced the ban against capitulating users, the problem is it is possible to capitulate external to the block chain data, thus there would be no means by which the users' clients could discern which transactions capitulated.

It seems that it is impossible to make a minority block chain protocol that defies the desires of the majority and their collectively funded State (which can charge the cost of attacking a minority block chain to the collective, even surreptitiously). Ironically, AnonyMint had written about this in 2013.

This is why I became less focused on the anonymity feature over time. I always wanted it and was trying to find a way to perfect it, but really what we need is to make decentralized money popular. And hope that some good comes from that. We can't actually succeed by fighting the majority, unless our minority is very significant in size. I am hoping that microtransactions are so numerous and tiny, that the State can't afford to enforce some form of taxation on all of them. But I admit that eventually the global State will get organized and perfect the systems of digital control. It just seems inevitable. Only the will of the people at-large will decide if the State's power is curtailed.

Privacy on block chains could be a popular feature. But preventing the State from tracking criminals will not be popular. Thus the State must be given a viewkey. This is why I am more focused on scaling block chains, not only absolute anonymity. Privacy can be added with much less costly technology than the very heavy RingCT. That is why I was excited last month when I discovered a way to fix off chain anonymity and scale it.
sr. member
Activity: 409
Merit: 252
June 27, 2016, 04:09:04 AM
Are inside jobs considered hacks?  :p
sr. member
Activity: 336
Merit: 265
June 26, 2016, 11:11:56 PM
He was suggesting a fork that would block some or all transactions unless they have ID attached, a form of whitelisting. It is the method of 51% attacking the coin to hold it hostage to demand design changes. It might work, but waiting out the attacker is another option. The more of a backlog of fee-paying transactions develop that the attacker won't process, the more incentive there is for other miners to join.

IC, thx for clarifying that for me.

smooth thank you for the honest re-summary of my statement.

smooth actually including the viewkey, not necessary an ID.

smooth I am thinking of 10X hashrate attack as well, not just a 51% attack, which I had explained in the other thread is much more brutal on the other miners. In either case, the attacker can change the protocol to award his miners the fees from "incorrect transactions", while refusing to process the other outputs. So sorry your logic is refuted. The payer's input becomes spent/confiscated and the Cryptonote rings can do nothing to stop this.
Pages:
Jump to: