Topic: [XMR] Monero Speculation - page 1348. (Read 3313576 times)

https://support.apple.com/en-ca/HT204060

Edit: I stand corrected Apple's default is a 6 digit numeric number as the password also trivial to crack.

ArticMine thank you. I learned something new and important. Do you have any citation to backup your claim of Apple's recommend policy of using an insecure password and their DRM?

The recent price drop was surprising but it just goes to show why you should understand what you are invested in (whether it be through time, hashing power, or financially).  You should believe in it and understand why it has long-term value independent of the whims of the crowd. 
 
Who knows where the bottom is, but I am sure Monero will eventually go back up.  Then one day it will go down.  Then up again.
 
No free rides on the Monero rocket.

Apple was very disingenuous here.

The iPhone in question used a combination of real encryption and DRM. If the user uses a secure password then the real encryption kicks in and cracking the DRM will not let the investigators in; however if the user follows Apple's recommendation and uses a 4 digit number, as the password, then the real encryption is effectively neutered and only the DRM remains. The user's password controls the key of the real encryption. Apple controls the keys to the DRM.

Apple relied on its proprietary iOS, and keeping the source code of iOS secret (private key 1) to frustrate the investigation. Apple  also has a private key (private key 2) that controls what operating system software in installed on an iPhone. It also enforces what software can be installed on an iPhone. The FBI would have been perfectly content with the source code of iOS (private key number 1) and the installation key (private key number 2). This would have made the situation equivalent to someone using GNU PG (Licensed under GPL v3) the very software Edward Snowden used for his leaks. Use GNU PG with a 4 digit number as the password and it can also be trivially cracked. Use it with a secure password and it becomes impossible to crack.  The FBI had reason to believe that the terrorist had used a 4 digit number for the password.

Technically one can argue that Apple did not lie, since Apple did not know the 4 digit number that controlled the user key; however since the real encryption was already neutered the only keys that mattered were firmly under the control of Apple.  

Edit: This is not a complex system. Apple went out of its way to make it seem complex, in order to make the debate about real encryption rather than what was the real issue namely DRM.  Richard Stallman identified the issue of malicious features in proprietary software back in 2002. https://www.gnu.org/philosophy/can-you-trust.en.html In this case they were used to frustrate a perfectly legal anti terrorism investigation .

Damnit wrong username.

Yeah so I don't really care about the moral flaws.  But they will be reflected in the economic flaws.  A single individual who can make more mining with his own botnet will choose to do so rather than dealing with multiple individuals to rent it out.

In the end the governance of this coin will reflect the difference between ASICs (Chinese who aren't paying for their own electricity - it is being subsidized by the government) and GPU miners.  My point is that that

A - in large part botnet miners won't lease out their mining to others which means they control the network.
B - they won't take an active role in choosing any type of direction for the network security in the same way Chinese miners haven't for bitcoin because they aren't paying the electric bill.

Person A is paying for what Person B is taking and selling.  There's less incentive for Person B (who IS controlling the network) to put forth active effort in governing (which is what he's doing) than there is a Person C who chooses to use his equipment and electricity to obtain something or participate in something he believes to be profitable.

It's not a moral argument in right vs wrong.  It's an argument that botnets won't be healthy from a governance perspective.


Again.  I couldn't disagree more.  Moral arguments aside (right, wrong etc doesn't matter) as long as you can be handcuffed and tossed in jail for doing something it is not part of a free market.  It's an underground market that threatens serious life altering consequences ... this is not free market

I think you've misread me arguing from some moral basis.  

From a practical standpoint there's very little different from me walking to my electric meter and plugging a wire into the supply side instead of the demand side & botnet mining.  Both will get me thrown in jail.  Both are exploiting the resources that others have not properly secured.  And neither are a free market.

Again you are making an moral argument that has no relevance on the economic argument. Don't you realize I get tired of repeating myself. Do Not Repeat Yourself is a fundamental tenet or goal of functional programming.

The demand for botnets will rise to the profit arbitrage compared to renting hardware, because there are a sufficient supply of people and capital that don't see a moral problem with it. Personally I wish viruses didn't exist, just like I wish cancer didn't exist. But living in a delusion is not my concept of rationality.

If the people being stolen from were significantly harmed, they'd be doing something about it. Obviously they don't care enough. Whose responsibility and culpability is it to not secure their belongings?

I suppose you can make the argument that those who rent a botnet will only do so if there is some profit compared to renting hardware legally, but I am not even sure if renting a botnet is illegal in every jurisdiction. And I am not convinced that someone couldn't rent out "mining services" and not tell the renters that a botnet is being employed.

If you argue that a botnet farmer will want to do all the mining himself instead of renting out to the highest bidder, the fact is that there is a price where it is more attractive to rent out than to incur the risk of mining yourself, e.g. guaranteed and faster cash flow, etc.. Why do ASIC manufacturers rent out versus mining with their own hardware. Demand rises to meet supply at rational price. This and competition insures it won't be a centralized outcome.

The point is that botnets are much more free market than electricity. This seems to be beyond the grasp of someone here who is now on Ignore at his own request.

Edit: and this same person can't seem to grasp that unenforceable laws have virtually no impact on the economics and thus free market. He conflates "free market" with his decision that he personally won't choose to rent a botnet. He also can't seem to comprehend that the cheapest electricity goes to those with the most capital and huge economies-of-scale (usually bankster loans and probably also corrupt political favors as well). Whereas, the competition for botnet farming includes any Eastern European or Russian geek who wants to spend a few months learning the art. I mean I really can't waste my time arguing with someone who can't grasp Economics 101. I estimate he didn't even take this course at the university. I aced it. Not a personal attack, just explaining why I am sometimes going to be terse and not explain ad nauseum because I don't want to expend all my time on explaining especially to those who won't get the point any way.

Kind of like a private cryptocurrency created in the "darknet"  

Moreover my economic point (for the slow minded who didn't get it the first time), is that we rent or purchase hardware to mine with if we are doing any serious mining. So what is the difference if we rent or purchase a botnet. It is a free market. The demand for botnets should increase to where price of a botnet and thus the profit from mining from a botnet is the same as from renting the hardware.

I mean common on. This is just Economics 101 that price meets demand at supply.

So the real question of importance is does large economies-of-scale of capital have an advantage with botnets which can lead to centralization? No! Whereas with ASICs and orthogonally (and mainly!) electricity, large capital does have an advantage over us, thus centralizes.

Probably not lying, but these systems are complex, always under development to implement the complex, possibly conflicting, and often shifting demands of DRM, and therefore very unlikely to actually ever be very secure.

Also, it is well known that intelligence agencies have infiltrated tech companies in the past and no reason to think this doesn't continue so there may well be back doors (facilitated by complexity in which they can hide) that "Apple" as an entity doesn't even know about even though someone working for Apple or an Apple vendor put it there.

The unknown risk I raised is not whether these things are wanted, but to what degree and in what form will society allow and prefer and how will scalability impact the choice, will crypto-currency even be widely adopted, etc..

I was not implying a simple binary consideration where we are questioning whether privacy is desirable or not.

P.S. implied by my continued posting in this thread, it means I am satisfied with the final resolution of smooth's recent moderation.

Are you saying that Apple is lying when it says the user has the private keys and not Apple?

If I were senior manager of a company, particularly one in the R&D side of things, would I want all of my competitors to know what I'm spending on?

I am sure monero as a conflict resource https://en.wikipedia.org/wiki/Conflict_resource moral dilemma with this botnet mining discussion someone brought up for some strange reason is the least of our worries.
Unless monero $1000 materializes - but who knows and it is just around the corner exactly as true cryptonnaire in his better days has suggested and we should consider the implications already.
Until then, botnet mining will make us stronger.
Is there some way to advertise? We need decentralized consensus, competing skynets is good.

The Panama Papers example is very relevant. In fact for most people an agency such as the NSA is an insignificant risk at best. The real risk comes fromr large corporations after marketing data and attempting to protect their "intellectual property". Remember Superfish? https://en.wikipedia.org/wiki/Superfish This malware was installed on computers sold to consumers by Lenovo. What this malware did was to break SSL encryption by using a bogus root certificate that was trusted by the installed Windows operating system. Lenovo has not learned its lesson and they are still at it.  https://thehackernews.com/2015/09/lenovo-laptop-virus.html. Then there is DRM which is as big or bigger threat to privacy. Remember the Sony rootkit 11 years ago? https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal

One simply cannot rely on any product that is mass marketed to consumers by large corporations such as Microsoft or Apple for privacy or security. In fact I will go as far as to say that if a computer or device has a proprietary operating system and supports DRM, one should not have an expectation of privacy with respect to any data on the computer or device.

Edit 1: In the recent Apple vs FBI dispute it is actually the FBI that was the good guy. Why because what the FBI wanted to do was break Apple's DRM (Jailbreak an iPhone) in order to pursue a legitimate and lawful anti terrorism investigation. The reason the FBI could get a third party to access the iPhone is because DRM, unlike real encryption such as what is used in Monero, is based on snake oil rather than sound mathematics.

Edit 2: The same or similar Apple DRM that the FBI broke, was used from 2009 to 2014 to censor Bitcoin and is currently used to censor Monero

Personally I think GPU vs. botnet is going to become an irrelevant distinction as more and more botnet nodes will be sufficiently GPU-capable to mine effectively. TPTB posted link to a story like a year and a half ago about a large botnet that was made up of higher end gaming computers, but even lower end computers are showing rapid technological progress in terms of integrated GPU capabilities.

On a current AMD APU, you can effectively mine Monero on both the CPU and the GPU. I don't know if more GPU-focused algorithms like ethhash are effectively mineable there, but if not then clearly that is just a generation or two away.

Ultimately even ASICs will be captured by botnets if network security continues to suck and such ASICs are widespread enough. There have been a few attacks on ASIC mining already that involved redirecting the miners, but if ASICs did somehow become more widely dispersed in the future (as some suggest might happen if and when the chips become commoditized) this would explode.

As long as security is crap, botnets will infect everything.

But at the same time, they seem very self-limiting for specifically mining in practice for now. It is very unlikely there is anything close to the million+ botnet nodes it would take to mine most of Monero, so they are just a small-ish part of the network. If Monero continues to grow their share will probably continue to decrease.

Technically a monohull, although the keel is probably not providing counterbalance in space.

More off topic back and forth deleted. Guys, get a room (and not this room).

I'm just adding another perspective. I don't disagree there are trade offs to be made.

It could be an incorrect diagnosis (and very likely unqualified anyway). I do not assume that anything anyone posts is correct (good advice to investors as well, BTW). It was certainly a personal attack as well, which is why it was deleted

I was not arguing for the superiority of centralized trust. But I framed my statement in the holistic context (scalability, what society will allow, etc), not pigeon-holed to this one consideration you are highlighting.