Topic: XMR vs DRK - page 56. (Read 69755 times)

Because the more honest MasterNodes there are the harder it is for a sophisticated attacker to gain a foothold. If MN operators don't have a failover it gives our sophisticated attacker an easy in - break into the colo cage, and since the operator can't just abandon the infrastructure and failover to a new (and unknown to the attacker) location, he either opens himself up by going to the DC (and getting arrested / strong-armed into assisting LEA) or he abandons the infrastructure and then spends days / weeks setting up anew, during which time there's 1 less MasterNode. Perform this against multiple operators simultaneously and they'll strike gold (especially since there will be many MNs clustered at datacenters like Ecatel).

Remember: literally every key differentiating factor for Darkcoin (Darksend, InstantX) requires the MasterNode network. For it to be safe, successful, and robust, you have to have all MasterNodes acting like ultra-paranoid DNM operators. Anything less than absolute operational perfection for the entire MN network puts people at risk and degrades functionality, to a greater or lesser degree.

This interviewer is ssssllllllooooowwww. Good lord how hard is it to understand the concept of running one node and multiple wallets. It probably makes him a good interviewer since a lot of the listeners aren't particularly technically inclined but man that was hard to listen to.

Anyway thanks for the link. 4hours of conversation with the devs. Very glad you linked this.

no i didn't say that at all. i'm saying that you'd be surprised at some of the code that goes into production finance systems that run people's money. big money.

why is questioning an enterprise-grade list of opsec measures for masternodes silly....the design does not require these measures....explain why I'm wrong instead of posting silly memes...

I posted a silly meme in response to the silliness of your response to a technical dissection of the operational security that truly is necessary in the real world that we live in.

Re-read your own post. You basically said "I know devs. All that stuff is not really necessary because it is hard to do."

not at all, you've completely missed the point and posted a silly meme....

Why is it all-or-nothing?

Why does a masternode need to failover? If my masternode fails today, nothing happens to the network other than masternode count is reduced by 1. Please explain this point before we move on...

So, basically, your response is:

"C'mon man! All that technical stuff is hard!"

"Like, I just use DRKSH 'cuz it's like, so easy and stuff!"

an intermediary who knows/records where lots of XMR is being spent? doesn't sound ideal

They don't need replication or clustering; the beauty of the blockchain is that the DR infrastructure never needs to know the main infrastructure exists. It merely has to exist as a fallback for a compromise of the main infrastructure.

The reason I list all that is because it's a "all-or-nothing" problem, there's no in-between. If every MasterNode operator practices the requisite level of opsec and builds out secure infrastructure for his MasterNode with a secure failover then we can say that the entire group of MasterNodes is true-ly secure. If we relax those requirements then the whole network has to be assumed to be insecure.

Put differently: there is a fine line between malice and mistake, but those screwed during the Evolution exit scam are no more or less affected than those screwed during the original SilkRoad bust (individual circumstances notwithstanding). Thus the net-effect of a malicious operator is the same as the net-effect of an operator that makes mistakes, which means they all have to behave perfectly, or else we have to assume that none of them are secure / not malicious.

haha, I work in the finance sector, I know lots of devs....you'd be surprised...

I'm not sure why you list out all those enterprise security measures as necessary for Masternodes....DR infrsastructure! Come on give me a break....you seriously think masternodes need replication/clustering and a DR runbook? It's a distributed p2p network not MS SQL!

Your list of measures assumes that gaining control over a minimal count of nodes presents a problem. To justify this reasoning you need to explain how this compromises the network. You've already said you're not prepared to do that, but apply logic that expects you to have done so. Play fair

As for companies doing due-dil, again I think you'd be surprised...

You can use xmr.to to send them to any Bitcoin address, and they do so without compromising privacy by providing a temporal association to your XMR transaction to them.

Unless a person is mixing after every transaction they perform I'd say it's no more private than Bitcoin. If the level of privacy is solely dependent on the user acting in a sane and self-serving manner then they may as well use Bitcoin. For example: Bob has 100 DRK. He uses Darksend to pre-mix these. Now he takes these 100 DRK that are in address drkaaaa0001 and goes and buys something on SilkEvolutionReloaded3 for 20 DRK. The remaining 80 DRK come back into his wallet to address drkbbbb0002. A few days later he goes and buys a coffee at StarBucks for 1 DRK. Because LEA receive feeds from our proverbial StarBucks in this thought experiment they are immediately able to see that change from an illicit transaction has been used at StarBucks, and now they have video footage and the guy's car registration number.

Thus there is a dependency on the user exercising sufficient opsec, else they will compromise themselves as they are lulled into a false sense of privacy.

fluffypony comes off like a guru trying to express wisdom to a caffeinated preteen when he expounds on the technical in an attempt to honestly reply to BlockaFett.

Monero +1

1) Yes theres even a Psychiatrists in New York that takes Monero *hint*; You can also use xmr.to to spend your XMR to shops that support Bitcoin. So what awesome exclusive stuff can i buy with DRK atm? Not much either.
2) That doesn't provide real privacy, if you send the coins out again you combine your input again leaving a link...And then you have to resend them to darksend again before every new transaction, and oh how do that on your mobile phone on the go? Totally impracticle to do that stuff.
3) Yes seriously, Bitcoin has Darkwallet which unlike Darkcoin even supports Stealth Addressen + Bitcoin has a lot more mixing parties you can mix with (number of users and transactions) and thus  would provide you better anonymity.


TL;DR You either can't or you simply refuse to understand the problems.

Kinda. We're applying the level of rigour that is generally accepted as necessary when every line of code can mean the wiping out of someone's saving or the end of a person's means of income. Beyond that, our focus is on expanding Monero's capabilities in a way that never sacrifices decentralisation, scalability, privacy, or robustness. Our research goals detail some of those efforts:




At this stage I've seen no evidence that there anything close to adequate security measures are in place or can be expected in the future. At a bare minimum every MasterNode operator would need to:

1. Own their own hardware hosted in a cage in a colocated rack with their own locks on, at non-USA datacenters that have demonstrated prior resistance to requests from LEA.

2. Practice the ongoing opsec required to completely protect their identity from being discovered.

3. Run OpenBSD or FreeBSD or a very hardened Linux setup, don't use packages for anything, build every dependency from source disabling any functionality not strictly required, run no exposed services beyond darkcoind and sshd, limit access via a VPN through routers you've purchased and reflashed and are under your control.

4. Have separate appliances to at least firewall that box off, having an IDPS appliance would be beneficial.

5. Regularly monitor the logs for suspicious activity and act accordingly.

6. Regularly visit the site to verify physical security.

7. Have appropriate offsite DR infrastructure to match the above.

It won't be perfect, but it would make it difficult, to the point of impossible, for any significant portion of the MasterNode network to be compromised.


I know what you mean, but any large company / MNC that performs due diligence on Darkcoin will choose not to use it because of the risks outlined earlier (I mean actual companies that can afford to conduct a due diligence study), which leads me to echo a quote from the Bible, of all places: "I returned to see under the sun that the swift do not have the race, nor the mighty ones the battle, nor do the wise also have the food, nor do the understanding ones also have the riches, nor do even those having knowledge have the favor" - King Solomon

ok, you've formed your view, such as it is....good luck

Send them where? Poloniex? Other XMR holders?

Does anyone accept XMR for goods/services? Can you place bets with XMR? I'm not being disingenuous, I honestly don't know.


eh? you mix the funds in advance and then can send them instantly whenever you need to...please explain the 'mix again' part of your statement?


Seriously? Bitcoin doesn't have any privacy features and bankwire/visa are corporate trusted payment methods, obviously...

I have read all 14 pages of this thread to give those conclusions. I hold neither monero or dash/darkcoin. Face reality, I don't give 2 "fucks" about altcoins, but if I had absolutely had to I would probably choose just monero out of the sea of garbage that is altcoins. Darkcoin got the shit instamined out of it during it's release. There's no excuses for that crap to happen and then its passed off as "no big deal", not even the infamous auroracoin scam had that happen. Its so funny seeing "darkcoiners" rallying behind a coin with a fricking Instamine. That crap isn't going anywhere. Stick to bitcoin kids.

Again,
what are you talking about? You can use XMR today to send anonymous transactions which get confirmed within minutes even on your mobile phone.


You cannot and prolly will never be able to send fast transactions through darksend for a variety of reasons. Mixing with 2 lousy rounds of darkcoin takes half a day and after every transaction you have to mix again to at least gain a bit of privacy.


How will you ever fix this giant usability flaw? Oh and in the last step where the Drk have been forwarded after "darksending" the whole privacy has been destroyed again; pretty damn easy to link those transactions.



Why not ask for which real world case is Bitcoin not secure enough or a Bankwire or a VISA payment?

haha yes, obviously a fair and unbiased appraisal of the debate....