Author

Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1438. (Read 4671575 times)

legendary
Activity: 3766
Merit: 5146
Note the unconventional cAPITALIZATION!
It is not as simple as a case where the white hats are easily identifiable.

I beg to differ.  That seems a false balance to me.  It takes a pretty bad lie detector to misplace those boundaries in this case. 

Anyhow, it doesn't matter:  Just release the exploit publicly.  The only reason I can comprehend not to do so is a plan to use it personally in future, for extortion or malice.  But I may be missing something.

I think you may be.  He may just be not interested and also have no desire to be involved.

If he is mistaken, then he is setting an annoying trap for bears.
If he is lying, well then... he is acting unethically.
If he is telling the truth he is giving a warning for devs and investors.

I hope he explains the exploit.
legendary
Activity: 1596
Merit: 1030
Sine secretum non libertas
It is not as simple as a case where the white hats are easily identifiable.

I beg to differ.  That seems a false balance to me.  It takes a pretty bad lie detector to misplace those boundaries in this case. 

Anyhow, it doesn't matter:  Just release the exploit publicly.  The only reason I can comprehend not to do so is a plan to use it personally in future, for extortion or malice.  But I may be missing something.

legendary
Activity: 2282
Merit: 1050
Monero Core Team
Hahem am I the only one that think BCX's findings are worrisome?

Claiming to have something and providing evidence thereof are two different things.

If you have an exploit for a (genuine, not-scammy) FOSS project, not releasing it *at least* to the developers is unconscionable - you aren't hurting a corporation or a bunch of fat cats, you're hurting a small group of developers who work - unpaid - on a software development project for the presumed betterment of everyone. You're hurting altruists who are giving of themselves for little or no reward, but I guess there are people who are so ethically imbalanced that they don't even consider this.

At a minimum some technical details about it would be nice.

The ethical question I see here is that there is fierce competition among the CN coins so who does he release it to without picking favourites. If he releases the technical information to all the CN coin developers he could be providing the exploit to the attacker (black hat) as well as the defender (white hat). It is not as simple as a case where the white hats are easily identifiable.
sr. member
Activity: 471
Merit: 250
Hahem am I the only one that think BCX's findings are worrisome?

Claiming to have something and providing evidence thereof are two different things.

If you have an exploit for a (genuine, not-scammy) FOSS project, not releasing it *at least* to the developers is unconscionable - you aren't hurting a corporation or a bunch of fat cats, you're hurting a small group of developers who work - unpaid - on a software development project for the presumed betterment of everyone. You're hurting altruists who are giving of themselves for little or no reward, but I guess there are people who are so ethically imbalanced that they don't even consider this.

At a minimum some technical details about it would be nice.

I fully agree that BCX's behavior in that situation is, at best, a bit clumsy, and I'm really sorry about the consequent FUD. I hope you guys will find a way to reason him and get some details. All the best.

legendary
Activity: 3766
Merit: 5146
Note the unconventional cAPITALIZATION!
Hahem am I the only one that think BCX's findings are worrisome?

Claiming to have something and providing evidence thereof are two different things.

If you have an exploit for a (genuine, not-scammy) FOSS project, not releasing it *at least* to the developers is unconscionable - you aren't hurting a corporation or a bunch of fat cats, you're hurting a small group of developers who work - unpaid - on a software development project for the presumed betterment of everyone. You're hurting altruists who are giving of themselves for little or no reward, but I guess there are people who are so ethically imbalanced that they don't even consider this.

At a minimum some technical details about it would be nice.

Well let's hope he provides this.
legendary
Activity: 1256
Merit: 1009
Regarding donations - we already have about 20% of the Monero owners joining MEW. If we get this number to about 50%, then it will be easier to fund development as a community effort because there is no free riding.

I don't have 2,000 - 5,000 XMR.  I'll get to the lower end of this eventually.  

Also I'm not a huge fan of good ole' boys clubs unless I'm an outsider interfacing with it / them.  

I don't think there's anything wrong with this effort - but trying to use ego to garner donations I fear will not be successful (hope I'm wrong).  I already have a Monero shill or two on ignore so I probably wouldn't get along well with this group.
donator
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
Hahem am I the only one that think BCX's findings are worrisome?

Claiming to have something and providing evidence thereof are two different things.

If you have an exploit for a (genuine, not-scammy) FOSS project, not releasing it *at least* to the developers is unconscionable - you aren't hurting a corporation or a bunch of fat cats, you're hurting a small group of developers who work - unpaid - on a software development project for the presumed betterment of everyone. You're hurting altruists who are giving of themselves for little or no reward, but I guess there are people who are so ethically imbalanced that they don't even consider this.

At a minimum some technical details about it would be nice.
hero member
Activity: 697
Merit: 500
Much hatred on Monero
legendary
Activity: 1246
Merit: 1000
103 days, 21 hours and 10 minutes.
Hahem am I the only one that think BCX's findings are worrisome?

What were the findings again?

https://bitcointalksearch.org/topic/delete-786201


[...]

* I have found very specific exploits in CN that have not been fixed that would be successful on XMR. Most are what I call annoyance attacks, that would be fixed and the coin would probably survive, but one is a coin killer. In XMR there exist a flaw involving the keyrings that under the right conditions will allow an attacker to steal your wallets and hijack your addresses. To fix this, anonymity will need to be sacrificed. These exploits are why two top exchanges who have asked for my opinion have not added XMR.

[...]


not a developer but he told about that flaw back in july, which worried me a that time. I think it is either very hard to find or non-existent in the way bitcoinexpress wants it to execute. but could be dead wrong here.

btw. he said he does not want to execute it

The door is opened up now (more so than ever before) because of his statement.  He has already hinted at the conditions, so at this point if a select few who were skilled at reading code the way BCX is is able to, they could possibly execute it as well.

Interesting to say the least.
sr. member
Activity: 471
Merit: 250

not a developer but he told about that flaw back in july, which worried me a that time. I think it is either very hard to find or non-existent in the way bitcoinexpress wants it to execute. but could be dead wrong here.

btw. he said he does not want to execute it

He does not want to execute it but as soon as he state that the flaw exist and can be exploited, people that want XMR to disappear (and we can suspect there are a few...) will try to find a way to use it.
He literally pointed his finger in the right direction on a public's forum.
hero member
Activity: 742
Merit: 500
Hahem am I the only one that think BCX's findings are worrisome?

What were the findings again?

https://bitcointalksearch.org/topic/delete-786201


[...]

* I have found very specific exploits in CN that have not been fixed that would be successful on XMR. Most are what I call annoyance attacks, that would be fixed and the coin would probably survive, but one is a coin killer. In XMR there exist a flaw involving the keyrings that under the right conditions will allow an attacker to steal your wallets and hijack your addresses. To fix this, anonymity will need to be sacrificed. These exploits are why two top exchanges who have asked for my opinion have not added XMR.

[...]


not a developer but he told about that flaw back in july, which worried me a that time. I think it is either very hard to find or non-existent in the way bitcoinexpress wants it to execute. but could be dead wrong here.

btw. he said he does not want to execute it
sr. member
Activity: 471
Merit: 250
Hahem am I the only one that think BCX's findings are worrisome?

What were the findings again?

https://bitcointalksearch.org/topic/delete-786201


[...]

* I have found very specific exploits in CN that have not been fixed that would be successful on XMR. Most are what I call annoyance attacks, that would be fixed and the coin would probably survive, but one is a coin killer. In XMR there exist a flaw involving the keyrings that under the right conditions will allow an attacker to steal your wallets and hijack your addresses. To fix this, anonymity will need to be sacrificed. These exploits are why two top exchanges who have asked for my opinion have not added XMR.

[...]

donator
Activity: 1722
Merit: 1036
Hahem am I the only one that think BCX's findings are worrisome?

What were the findings again?
sr. member
Activity: 471
Merit: 250
Hahem am I the only one that think BCX's findings are worrisome?
legendary
Activity: 2268
Merit: 1141
Regarding donations - we already have about 20% of the Monero owners joining MEW. If we get this number to about 50%, then it will be easier to fund development as a community effort because there is no free riding.

how to get in there?


a third idea and that is basically how mike hear financed his project is to convince very rich anarchists/libertarians that this project has a lot of value. finding these guys in the bitcoin environment should be easy Cheesy convincing them that there is place for a second major currency is hard. first because the person probably thinks it shoots its own leg, second because there needs to be an incentive for him. that said I think there are people who see besides their own profit, moral reasons to invest in a project like this.

Suit yourself: https://bitcointalksearch.org/topic/monero-economy-workgroup-the-mew-thread-776479
hero member
Activity: 742
Merit: 500
Regarding donations - we already have about 20% of the Monero owners joining MEW. If we get this number to about 50%, then it will be easier to fund development as a community effort because there is no free riding.

how to get in there?


a third idea and that is basically how mike hear financed his project is to convince very rich anarchists/libertarians that this project has a lot of value. finding these guys in the bitcoin environment should be easy Cheesy convincing them that there is place for a second major currency is hard. first because the person probably thinks it shoots its own leg, second because there needs to be an incentive for him. that said I think there are people who see besides their own profit, moral reasons to invest in a project like this.
donator
Activity: 1722
Merit: 1036
Regarding donations - we already have about 20% of the Monero owners joining MEW. If we get this number to about 50%, then it will be easier to fund development as a community effort because there is no free riding.
donator
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
Also obviously this would have to be temporary. The devs would need to commit to weaning off of such a system after given features are implemented or a given period of time.

I would suggest exhausting all possible external options for raising funds before building something into the software. I think going this other route would be more scandalized and trolled than you're considering.

I don't think that it's fundamentally bad to build something into the software. Not sure if you saw the Missive, but in the last wizard screenshot there's an idea for an auto-donation system we want to implement: https://i.imgur.com/ACDmOFJ.jpg

The basic idea is that it's completely user-selectable, based on a % of your tx fee (cumulative to avoid adding dust outputs) that is added on top of the tx fee, so it'll never have a major impact. In the GUI we'd most likely have it on at 50% by default.
sr. member
Activity: 471
Merit: 250
Did you see this? https://bitcointalksearch.org/topic/delete-786201


[...]

* I have found very specific exploits in CN that have not been fixed that would be successful on XMR. Most are what I call annoyance attacks, that would be fixed and the coin would probably survive, but one is a coin killer. In XMR there exist a flaw involving the keyrings that under the right conditions will allow an attacker to steal your wallets and hijack your addresses. To fix this, anonymity will need to be sacrificed. These exploits are why two top exchanges who have asked for my opinion have not added XMR.

[...]

hero member
Activity: 538
Merit: 500
I guess ill go ahead and bring up my idea of crowd funding again. Tell us how much it will cost to have the database finished. Tell us when it will be completed if you do raise the funds. Then I will hold peoples funds in escrow until enough is raised. The moment the funding goal is reached i will deliver the funds to the devs as per the arrangement. If the funding goal is not reached than I will refund everyone’s money.

See rep thread in signature if you are concerned about whether I am qualified for this task.

Wouldn't it be better to do it on kickstarter or the like?  Wider audience.  BTCT is a ghetto.


Yes, this is the way to go.

Anon136 idea of forking in order to give 1% of mining reward to dev team is bad and will only bring confusion. If that would to occur xmr would become worthless. Forking is violent way of doing things.

Kickstarter idea works in real world. Devs (or maybe MEW?) only need to create page where they or any other interested party could publish ideas for xmr changes/projects. Of course they will have to make a good arguments in layman terms why this changes would be beneficial and how much would it cost. Distinguished members or multisig wallet or donators vote will decide if job is finished.
Jump to: