Topic: [XCT] C-Bit - Elegantly Solving Bitcoin's Blocksize Problem [SHA256][POW] - page 29. (Read 66786 times)

Just to reiterate on everything..

Yes, I was hired by C-Bit to do the review. Although this tends to say "oh, well they were trying to do the right thing", a clear exploit coin Pharma also did this.. So that doesn't mean you should trust anything.

Their claims to me (which I have no way to neither confirm nor deny, but sound believable to me) is that they had an adwords campaign etc, and had an email list that people signed up to. When they launched C-Bit, they announced it to this list 1 hour early, and then announced it elsewhere (like Bitcointalk.. No a bitcointalk thread should not be mandatory to be considered "public", but there is no announcement on Twitter, Reddit, or anywhere else, OTHER than their website). This can be taken two ways. Either they were on the good side, and just trying to give a small benefit to their first loyal followers that signed up to the email list. Or on the other side, they were trying to keep the launch purposely obscure to prevent people from finding out before they had a big stash of coins. Both scenarios are possible. Everything about the project sounds legit to me, but with the way my reviews are intended to work, I can't really express opinions in them. I'd say it's up to you (the public) to decide which way things went.

Either way, there is no proof at all that the developers did any premining, nor that they were the early miner (the first 6500 blocks went primarily to a single address, though that's probably a pool) that benefited from the slow difficulty ramp up in the beginning. 6500 blocks in one hour is instamining, no matter who actually did it.

Also, I'd like to also reaffirm that the 6500 blocks mined are not significant in the long run. As time marches on this amount will become less and less noteworthy. And finally, I'd like to point out that even now the difficulty of C-Bit is still behind. Blocks are still being minted faster than the 10-minute target time, and will continue to for some time I imagine because of the long 2-week targeting window.

Ultimately, it's not really my place to express if I think a coin's team is legit or not. All of my interactions have been honest and fair, but I can't just vouch and say "I know this coin will succeed". That's not what my coin reviews are intended to do. I check the code, make sure no exploits exist, and check for blockchain abnormalities such as undisclosed pre-mining. Beyond that, it becomes a big matter of opinion that I don't want to be involved with, because everyone's opinion will be different.

P.S. That Pharma coin review at the time was spotless. I could find no errors in the code, and upon community request and continuing abnormalities ended up double checking the code, and then triple-checking and finally finding the exploit. It was a very well hidden exploit and I'm only human. I didn't think to update that post, but my github repository where I keep my list of coin reviews marks that review as invalidated, as well as providing a full write up about what happened here: https://gist.github.com/Earlz/41c5c18113210d3c36f9

I don't judge his knowlage. For sure he's good IT guy
BUT many times his grades mislead people. Yes for example Pharmacoin
Tell me what people start to think in pharmacoin thread when earlz stamp grade A ? That must be very good coin
So for some time I don't care his grades that's it.

Keep up the good work, love where this going.

I promised myself I will stay out of the CBit thread but since my post is not about CBit itself per se (although indirectly) and referring to general principles as it was applied to CBit I will post it.

I dont think it is fair of you to criticize earlz in the general way you are doing. You must remember that there are three relevant categories in general in the IT world - people, process and technology. Applied to a coin this would be people (dev team characteristics), process (launch procedures and other general procedures) and technology (code). He is only really required to give his view on the technology part which is the actual code. If he picks up stuff more than just the code in any of the categories people, process and technology he will post it. It is difficult to pick up things in the people and process categories but he always at least gives a view on the code. It is a bonus if he picks up other stuff.

A project can have A-grade code and nothing material popping up in the people or process of the coin at the time of review - just like normal auditing procedures from an auditor. You can compare this with an audit of financial statements of a company which can be unqualified, even if there are well hidden issues. However it is possible for something to pop up later non-code wise like a dev that hid scam intentions very well early on that decided to disappear later. You cannot blame earlz for that. To take my analogy further, such a company with unqualified financial statements could have a management team that decides later to defraud the shareholders but their intentions were not clear at the time of the audit. You will probably see that where there were A-grade reviews of a coin that turned out to be a scam it was on the code only and he did not vouch for the dev or processes because they were hid well by the dev team. You should rather be glad if earlz picks up some people/process or potential scam issues with a coin.

I also have to add that in itself it is not an issue if a dev team holds a significant portion of a coin in general. It comes down to how trustworthy they are and how responsible thy are with it and their purpose for holding it eg. to dump later (bad) or to use for development and funding (good).

************************************************
************************************************

First off, let's get into this review before everyone freaks out.

As anyone in the community knows, I am a straight shooter,
I tell the truth, even when it gets me in trouble, so here goes.

Let dispel any thoughts  anyone might have.



I HIRED EARLZ....... AS A CODE REVIWER for the C-bit Code.



I'll repeat that again.


I HIRED EARLZ. The very same individual who has made the
comments immediately above. So, I have nothing to hide, or
I wouldn't have hired him. Think about that.



As for his comments, they are mostly benign.

His definition of a public release and our team's definition of a public
release are different. We had done a Googleads ad program
for several weeks before the launch of our coin on multiple Bitcoin
platforms. The BitcoinTalk platform had refused our coin advertisement
as too risky for its members. Bitcoin enthusiasts had migrated to
our website and signed up for our newsletter. On February 23,
the day of the launch, we sent out a PUBLIC notification to these
public individuals stating that sometime during the day the pools would
go live and the launch of the coin would begin. Now, this was a PUBLIC
notification; but, within the confines of our private website, but to PUBLIC
individuals gained from a PUBLIC advertised source. Any miners interested
were advised to have their miners ready.

At 17:03 on Feb 23 we opened the pools to these PUBLIC individuals.
This allowed us to begin a metered flow of miners onto the source
code without overwhelming the source code. The power of modern
machines dictated that we couldn't just have hundreds of machines
dropping on C-bit all at once, which we were afraid would happen if
we opened up to BitcoinTalk first.  At 17:55 we opened up BitcoinTalk
and, as feared, a flood of PUBLIC miners came on board with powerful
mining machines.

This was our method of opening up the C-bit source code to mining,
and it somewhat worked as planned.

Even with this method, the source code was overwhelmed and
we went from 0 - 15 Million in difficulty in about 4 hours. It was
a rough 4 hours. In that 4 hours we blew thru about 9 million coins.

Earlz is correct that the period of time of about 45 minutes before
BitcoinTalk came on board saw about 3.5 million coins mined. However,
we now have 15 Million coins. Cryptopia has traded about 1 Million
coins since it started trading, which is less than 1/3 of the amount Earlz
is talking about in his first 45 minute period. The richest 2 individuals on
the Block explorer have more coins than Earlz is talking about; and that's
just two people.

More or less, We consider the newsletter that we put out to the 75
or so people that were gathered thru PUBLIC googleads on our website
as PUBLIC people. This was considered a PUBLIC release in our minds.
Earlz seems to think that only a notification on BitcoinTalk is a PUBLIC
notification and is legitimate. We disagree. We then did a second
PUBLIC release with BitcoinTalk.

Next, the mining during this 45 minute period was done for the express
reason to gradually bring the source code up to speed because of the
modern power of mining machines, and before more powerful machines
could hit because of BitcoinTalk. Third, we rather believe that in the
scheme of things, the number of coins in the hands of the initial PUBLIC
hands in not a big deal. These coins are the hands of the PUBLIC, not
in the hands of C-bit.

I know that Earlz is reading this, or would least hear of this, so the
very fact that I am saying that I hired him could be verified or challenged
by him. This in itself relates to my straight-forwardness. I believe that what
we did was correct, and was done with no ill-intent or malice, and was only
done with the best intentions for C-bit.

Other than that, everything else he seems to be saying is that C-bit is fine.
He states in the end that the code and the wallets are all fine. The only
disagreement we have is the definition of what a "PUBLIC" announcement
is. We will "agree" to "Disagree".

Now, everyone one here can review what I have said, think about my
history of statements on this board, then make up their own minds
about whether or not you believe me.

*************************************************************
*************************************************************

For me personally your grades are worth shit .Good remember when you gave "your grades A" to scams and shitcoins. No offense but for me and some other your grades are worthless.
If somebody don't belive it's just a sample (Pharmacoin fucking scam) and there are many another
https://bitcointalk.org/index.php?topic=1082835.msg11562051;topicseen#msg11562051    Yes that how you mislead people. And they invest in a bad coins.

why?



not considered public the way you instamined

that's incorrect, we had/have a public website, along with a Google Adwords campaign, and a page was set up for people to add their email to a list, and they were notified at launch. we consider that to be public. BitcoinTalk is not the only means of announcing a coin launch. We immediately started creating the OP here, after the email blast was sent out to interested people.

So 6,500 blocks x 500 = 3,250,000 coin instamined before public announcement.

C+ ?    haha

we changed the alert key to 0 (for now), and also that typo, amusing, was in the bitcoin source code at the time

https://github.com/bitcoin/bitcoin/commit/0830552673e37142599de897e87510f2f9866e1e#diff-1a8b9d1ad0a6fda5e751286c73102fc2

thanks!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

C-BIT https://bitcointalksearch.org/topic/xct-c-bit-elegantly-solving-bitcoins-blocksize-problem-sha256pow-1374770

Code Quality Grade: C
This coin might have some serious problems that should be fixed, but is probably safe to use and not serious enough to be a viable attack vector.

Heritage: Directly from Bitcoin 0.12.0 (self reported and confirmed)

Problems:

* MINOR: Alert key has not been changed
** This could allow for the developer of the coin whcih this was forked from to broadcast a malicious network alert
** If the intention is to disable the alert system, the alert key should be set to "0"
* MAJOR: The coin was announced first on an email list and an hour later was announced on Bitcointalk
** Although the email list was freely available for sign up, this is not what I would consider a "public" release
** This uses the naive Bitcoin difficulty adjustment, and thus did not compensate well for the initial early difficulty spike
** The end result is that about 6500 blocks were mined before the "public" announcement on Bitcointalk and elsewhere

Notes:

Weird search-replace error?
- -            return "node misbehaving";
+            return "node misbehabing";

Watermarks: pow, bitcoin, sha256

Interested in getting a coin reviewed?
Find more details about Earlz's reviews at http://earlz.net/static/reviews.html

This coin review is PGP signed. You can verify this signature at https://keybase.io/earlz
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.0.51
Comment: https://keybase.io/crypto

wsFcBAABCgAGBQJW6K/BAAoJEAKXMK2l7Ra+u1cP/ih6tPYmcjHtIdkdMCzg5oW5
sqrAzWAhzd5K5FoifRZs99wo05SBH06t+hbxD3gOq/8Z4UkzvQgtAsC1x/j4oa6s
VR4iYE/VW7RirzhXzjuIF40IhAgbFsULl+d6rKbjLIcjylyHwdwH14uWEFg+ZZjx
lvEE/srfortOBuiZWqZ09qyiduu7PAq0y7BOh+GmvkmVinlemT6+6Wqe74Z+MA36
rM1LCPFsaRAGygu/IStIAeIvGdEuf2uoiqfcPqix5O97Mphs44J5ePBi6hMnxcoe
xGchwlc7FDp1fXYR70k9IBxOcZyXB92I9HG3gkd6jLIr8nvBnIHBaYjZRgDfZLMf
bpsjZIlyoJNG9H8GTxtuhx+iEKv3iAbRfcsbsIG1BLg8k0gKMG1dXTIVVqkNlh9l
P6Jcja7qNL89Q32DOJl1e2UyTC/R5kgProfNZyZZvScopk/Zb8I+Q+DqpJ5I5AyW
qkX+kITKopKr8zJSHTLLUdoARWGPpZ3aMR5ILXM4X6pY5tVRDKW9kWlzhbTCT6ZP
+sKKzNRQWUppMY0HW8TomdjZldNdfPo6AX9+Pyo9a6gYIhQQGdxDeriFCk1qLQnj
1D1274LLgUyhIQoLfBJXMNXwa55TFPnocXlZEF1cOveTUVOkxuyHavj+xTvijczy
TMxl+rhqBqz51rTHVvMR
=JThA
-----END PGP SIGNATURE-----


Kinda sucks I had to give this a C, but the announcement problem is definitely a major issue, and if any major issue is found it's at least a C. The code and wallet itself is all good.

Yea I like the graphics also give me your XCT address ill send a donation

Up over 40 Million on the Difficulty now.

Well you are talented. This looks really really good.

Don't worry brotha those of us who believe in what you and the developers behind this project are doing will stick with you through the bullshit.

We are a community after all.

Idk what's going down tomorrow but I am sure stoked to find out.

See y'all in tahiti.

Cheers-
Rekt

Understand it but bitcoin 2.0 is the evolution of the technology as every technology is destined to evolve and C-BIT is built from .12 bitcoin source code.
starting from Bitcoin 2.0 I can say C-BIT represent the evolution of it to 2.1  

PS: I like your madara avatar 

everything is so solid .... except the main purpose i never like the bitcoin 2.0 thing

It's good to see a good community developing around C-bit.
Thanks a lot guys. It's so much better than the bitching on
other coins. Just remember that starting tomorrow, look
around here and don't be confused who the new and old
guys are and were. There will be a lot of confusion and
misinformation being spewed about C-bit.

yup but I think satoshi is out of the project from a long time with a bunch of good BTC wallets to chill on and a new identity 
Martens can be the new nakamoto with an american name!!!