On 1/30/20, other.arkitech <other.arkitech@protonmail.com> wrote:
closed sources running in a dedicated environment = no risk regarding security. For those concerned about running a node behind a firewall there is always the option to isolate it different vlan remote login ... ssh port 16671
Port is irrelavant, and any good internet scan can find them all in under one day. And VLAN etc is best practice for everything, but moot here... The issue is an unknown party with access to users outbound, and inbound, IP address. Even if you are not evil, you and or your machines could be killed, raided, coerced, compromised, coldboot, BadUSB, BadHDD, keylog, camera, copied, stolen... or simply become evil later. Now the users get all their USPS remotely stolen, and jailed for their IP distributing kiddie pr0n. Users need to be able to run USPS, and every other thing, over i2p, tor, cjdns, vpn, packet radio, etc if they want. Users can let you log into them over i2p, tor onion, cjdns. The can even register some anti-sybil verify flag picture of node hash ping-pong to you over USPS protocol, or over those private anonymity networks, instead of exposing their ass to IPv4. Or you can do this debugging login or whatever on your own nodes, and ask for crypto donation to buy them if you need to.
DMZ or not, the box is internet connected, and nobody knows what it's doing or can do. Even if not connected, you could be trojaning their flash / firmware / microcode.
Yes I potentially could ... who cares what is going on in the raspberry pi apart from how much electricity is taking or how much heat is dissipating.
The users are dropping ~$50 on a closed source, remotely accessible, critical service box potentially holding and managing their $BIG. The users are going to be very much caring about what's going on there. That's a questionable model for such a project to ask them to do.
I assume you think I am evil
Analying weaknesses and adversary threat models treats everything as evil, the process is not personal :)
the unique point for raising concerns is the network activity
Yes forcing users down to IPv4 and IPv6 is a huge traffic analysis risk for them. Search the thread "Tor Stinks" on this list... applies to fintech same as packettech. Everytime user hit send or receive on a transaction, N different adversary wiretaps and rogue nodes and payees and payors are going to correlate their ass in the clear, without even a thin protection like tor to help them.
Think what do you know about the software running in your router, likely proprietary software, same thing.
Lots of routers these days use Linux or BSD inside, but that is irrelavant topic. USPS is not an internet access router, it's a users Financial Box. Users do not want Fiat hands inside their Financial Box anymore. That's why real cryptocurrency is taking off, and Libra is dead.
This is anonymous system as far as underlying tech allows (IP4 transport).
Not if they have to sign up to you, or expose their clicks and usage and obvious protocol traffic signture of just using USPS to the IPv4 spies.
Regarding network activity all you'd see is around 15 connections to other nodes exchanging around 10kbps of encrypted packets.
Well hopefully everything is encrypted since day one and has some things like pinned TOFU warnings, and expiring session keys, at least something... because BTC was stupid to not use even basic TLS crypto and destroyed that advantage for 10+ years already.
But this is like disconnecting your OS from automatic updates.
Updates are pulled by an script on the node that retrieves signed binaries from other nodes. I do not need, as the one who is compiling the binaries, to have access to nodes.
A project compiling and distributing, users pulling... that's all fine. But auto rolling updates to the users fintech without users permission risks wiping out the entire network, and peoples coins with it. And the signed source code must be available, and reproducible builds must work. https://reproducible-builds.org/ Else USPS would be like the not famous GoldBug project on this list :)
It is fully AGPL only of the software is executed on a licenced mainnet The restriction is that if you want to run a private system ot generate another public genesis you have to be licenced.
I don't want to lose the mainnet (I call it channel 0) ... I am not enforcing licences.
Just realise that no license did ever stop drugs, bittorrent, government thugs, or cryptocurrency. And won't stop users or adversaries from doing things, even on mainnet. And these days old license/copyright model is overshadowed by first to market speed of innovation and best of ideas being taken up by millions of users. That, and mutual interest in not doing and not accepting devaluating things (like FED printing $$$, or mining over 51%) is what self enforces the top cryptocurrencies, not some license. Boring more freedom of BSD-2clause-like copyright is winning. Boring no control over real cryptocurrency is winning. First #OpenFabs printing #OpenHW will be huge winning. StormArea51 will get you some cool teleporter scooters :)
Think microsoft, they dont pursue home piracy, they just make sure big corps are paying for their software.
If you start sending out Windows and Office and Clippy CD's for free from your home without protection they will :)
Sybil / IPv4
My algorithm just enforces there are no more than 6 nodes per IP4.
There are more 1:1 personal nodes than that behind the NAT of the living commune and the workplace of some people on this list.
Enough measure to safely grow to million nodes from the perspective of 51% attack. Once reached millions, more nodes can be allowed per IP or even IP6 can gradually be enabled. ... But this would be happening only while the network grows in size.
BTC, ETH, cryptos... never needed those restrictions. And what fraction of other coins claim or try to enforce that? It does not seem to be a thing that is required for success. Their users either recognize the coin has a quality coin model worth mutually self-enforcing and adopting, or they abandon it to fall prey to the attacks of nature and fail like it should.
The system doesn't care whether there are many people running a single node, or there is one person running multiple nodes. The global economy is run on the basis of nodes/addresses for the shake of anonymity.
It can be assumed the network would stabilise on a node-human ratio distinct of 1:1.
Only if the users profit from more nodes is less than cost of buying or abusing more IPs to put them on. And USPS already allows 6:1.
Innocent people could be prevented from running a node given the IP4 restriction mentioned above. But this would be happening only while the network grows in size. Reached a point, preventive countermeaures could be relaxed allowing the participation of more people.
I first solve the system assuming IP4 disclosure is OK for 80% of the people. If the demand goes big enough a separate work on how to hide IP4 addresses can be undertaken without invalidating any of the work done so far.
More than 80% of the people are going to click away from USPS onion and new USPS thing. Adoption rarely happens with the 80% first. Maybe USPS has some new "democratization" theories for the paper.
So what is the launch mechanism... Beta is a premine, no new genesis, leadtime till genesis, etc?
The program is: genesis block, Node #1 - Nov-2018 invited Apx Feb-2019 Told everyone to not spread the word
These days, due to many past problems, a premine tends to be viewed as a coin that is not widely, publicly, freely announced and released, to and for anyone and everyone around the world to use, posted over same day or few, among and out to the major cryptocurrency, anonymity, privacy, fintech, trading, related community, etc forums.
From the above... USPS seems to be a premine.
USPS claims to be a privacy coin? How? If so, then there is a very big problem to combine privacy, premine, and no new genesis... Then people rightly refuse to use and adopt any privacy premines exactly because no user can openly evaluate how deep some bagholding devs, partners, and earlies have already premined thus washing out proper public release launch users future efforts and positions. And no statement or signed lie from that premine group can disprove or audit their own premine of a truly private coinbase blockchain. The BTC coinbase mining inputs to the blockchain are public, so everyone has the same fair knowledge and audit since block 0. The USPS coin should: 1) Opensource, and at least some general overview paper. 2) Get the code release ready, and running on testnet. 3) Set and widely announce a future date at least say 30-60-90-180 days out. 4) Release new genesis key as the mainnet on that date. Else you will have everyone publicly declaring you and these 60 nodes of 1+ year worth of premine as frauds, and you have no way to ever prove otherwise. Or if you do, then the coin is not private. Premining just seems despised regardless of whatever coin in the world does it. And if the coin is successful, the team will have plenty of time in the early adoption curve after a fair new Genesis launch to still mine from that new day, and invest buying at $0.01, and retire from the profit, if that is their motivation. Is USPS saying that USPS coinbase generated is somehow verifiable public knowledge, but that its transactions are private?
FFF
What does this string mean?
more nodes, I invite more people, YOU?
As a node on an onion / i2p / cjdns, or behind a tor exit, and without registering disclosing communicating linking their identities, yes maybe some people on list would be easy to say yes to that. Hack on :)