On Sat, Jun 6, 2020, 11:34 AM other.arkitech <other.arkitech@protonmail.com> wrote:



Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, June 6, 2020 3:24 PM, Karl <gmkarl@gmail.com> wrote:

I missed some of your expressions.

On Sat, Jun 6, 2020, 10:59 AM other.arkitech <other.arkitech@protonmail.com> wrote:



what? any developer geting thousands of public IPv4 addresses by modifying software?
Nop. That's not true.
(Or I haven't understood well what you say)

People go to places on the internet to download things.  Others can upload things to those places to download.  You can upload something that lies about what it is doing, and gives you use of the ip address of the downloader's computer when run.  Do you understand?

It sounds like this is surprising to you?

so you refer to computers running malware, that case is contemplated in the design as an 'evil node'

it sounds like you haven't addressed a sybil attack from massively distributed malware, which is fine nobody can cover everything.  not sure where the design lives.

If the malware is distributed in a bigger scale than the honest software, indeed, the evil network becomes the 'honest' one to the eyes of the software, that's 51% attack.

Provided a world distribution of people that can be evil/honest of 80%-20%, the likeliness of an evil network overtaking the honest one is lower than the opposite.

The evil network wont work if many evil nodes run behind same IP, so the malware must meet the same distribution enforcement applied to the honest net. Nodes running malware must be geographically distributed, so local marketplaces spreading malware have less chances to spread worldwide in order to compromise the network.


I'm not sure you're hearing me when I say that one person is able to distribute malware to thousands (or more) of other people worldwide, producing a sybil attack from an individual.  Is this something you're able to repeat back to me?  It sounds like you have an expectation around handling this?

i though i gave a fair response.
i understand you say that many computers can be infected of malware by a single individual who is creating an attacking botnet.
An I said such botnet must be bigger than the network to succeed.

The security of USPS depends on the number of nodes, the bigger the best.

Thanks.  It is actually reasonable to create a botnet that covers an entire sector of the world (such as everybody running ubuntu 20 or windows 10 or the latest iOS) by finding, developing, or observing an unpatched exploit.  With more than one exploit a botnet developer could cover multiple such sectors.  I imagine this would usually produce more ip addresses than a specific network service like USPS uses.

This concern is one of the ones USPS hasn't been acknowledging.

51% attack is always a concern. My answer is to have a big honest network that makes it very difficult for a botnet to coordinate the attack. the attacking vector is a war on size.

Always a fan of assuming honesty, but it's good to have something to fall back on if honesty isn't upheld in some edge situation.  This is where cryptocurrency usually shines.

Given it doesn't take financial resources to acquire IP addresses, USPS could struggle to use the usual cryptocurrency avenue of it being more profitable to support the network than attack it.

But really hashpower is just plain much harder to acquire than ip addresses.  I'm not sure there are even any laws against botnets.

The use of hashpower, difficulty, and an append-only log also lets users of cryptocurrencies detect attacks by observing metrics.
 

In bitcoin the homologous attacking vector is a war on hashing power.

Even bitcoin has unaddressed security concerns.

The use of scarce ip address alotment to make it less worthwhile to perform some sybil attacks than to use other means to achieve an end is also used by IPFS, last I looked.

Interesting, will look at it. Thanks





I also see no reason a malware marketplace would not spread worldwide.

no technical reason, obviously it is flat internet.
But people operate in cultures, I mean that a malware disguised say for instance inside a pirate copy of photoshop will only be spread across those who use photoshop who are not caring about malware, not all possible computers.
sorry missed this.  hope i addressed it suitably.


Really struggling to communicate here.  I understand you need to know your software is given a fair trial to actually run, is that correct?


Sorry about that if that's my fault. I try to respond with what I think about the attack vector you describe.

I am try to honestly persuade you guys to try USPS if you're really interested in it as a next-gen cryptocurrency system.
My interest is to gain users that can explore every corner of it, in order to find gaps, failures, etc. Just helping me in its development.
Open source and utility are what I see as being needed.  I don't know this list well and am spamming it right now, but I see it as a list of developers, not users.

I don't know it well either, most of the topics I see with activity do not point me in a dev-oriented direction. Mosty are user-level comments, also paper-level comments.


Let's review the list history at https://lists.cpunks.org/mailman/listinfo a little to see what the mailing list is really about.  I've never looked there before myself, and it's pretty gratifying to have this opportunity to do so.