this thread needs more violin and cutting one's self. my comments on this familiar lament inline,... On Sat, Mar 22, 2014 at 6:14 PM, Lodewijk andré de la porte <l@odewijk.nl> wrote:
... The sad part is that I got scared away from [storing value on-line] ...
I spent days feeling sick because I couldn't figure out a way to do exchanges distributed over sufficiently geographically disperse points to avoid trouble with a single government going mad. Then I realized the Megaupload situation means that any US-ally country is susceptible to a planned US-exercise.
Once I found that I cannot trust maybe 150 countries in the world with the rest being mostly unsuitable, that turned into a bit of a problem...
Then you realize you're still not physically secure. The server itself is a hotbox of 100% exposure...
If you let the box call homes first (homes is the list of other servers) it can use it's already present crypto to prevent any possible MITM or listening in. So that's good. Problem is a little liquid nitrogen, connection on a bus or firewire port, etc. is enough to make the server bleed information faster than the Titanic ate water. So you have to cut the firefire connections (USB is okay and convenient AFAIC) and heat-conductive epoxy the motherboard, RAM and a good margin around the CPU too (use a taller and wider cooler than usual). Maybe even run some wires through it to measure breach.
Then you find out Intel's chips have all sorts of hyperintelligence on it to allow "remote administration" which just blew my fucking mind halfway across the galaxy. [ED:. yes, it really is this bad!]
Once you have your physical platform you have to make sure the software is okay. I found that it's entirely impossible to not trust your compiler. And the likelihood of cutting yourself is way too high with low level languages. ... But you have to, because you can't do better. ...
By now I'm a week further in worrying and researching, I'm sweating more at night, I don't feel comfortable using my own computer anymore, I don't understand why the world isn't a chaotic place where no computer ever is not hacked out of it's guts. I realize it's probably because nobody is motivated and smart enough to go through the effort, and then also doesn't get caught except for those that'd pay a high price to hide their capabilities, which is why you'd never notice.
it's like a pair of glasses you put on, and can't take off! " i see vulns, everywhere! " ;P
Knowing all this I quite damn well decided I couldn't make a secure and reliable centralized exchange. No distributed exchange would earn me a profit, which I'd need to produce more software to help other people's life better, so that wouldn't really help either. Aside from the fact that it would not be popular because it'd be slower and less easy than a "central" exchange.
see also stealthy dopant level trojans, beam-steering TEMPEST, and you've seen much the same as i on my excursion down what it takes to build "secure anonymous decentralized systems". ( decentralized meaning that every node potentially equal, which means that every threat model a node might experience must be defended, which means you're building to the absolute hardest target, which means you've adopted multiple nation state attackers into scope, which means you're building something entirely unlike what we currently have or know how to build, and absolutely a long way from here...) wanna help? just working on the pieces is useful! [see also, not getting discouraged and giving up. *grin*]
Overall I decided I respect greatly the people that take on this challenge. This was over a year ago.
have you gone through the NSA TAO and SSO catalog? this is a great resource for putting some technical capability around the threat models above, and building test systems able to carry out attacks like those above. (for testing. in a test environment. of course :)
Looking at the hacks that happen I'm mostly shocked to find the level of stupidity. Shocked as much to see how long things just go on without significant trouble.
and you wonder why USGov is trying to beat miscreants into submission with CFAA life destruction. everyone is passing the security buck, DA gotta do something... [this is just one of many poor trends.]
MtGox failing because money dissapeared over the years... That was shocking at an unbelievable level.
you must be new to interwebs? see also, every blackhat doxing crew since ever.
... The list goes on.
see also, every blackhat doxing crew since ever.
So I think I'm capable of making an exchange platform that's far better than what's out there right now. And I will once I have time (I really don't have it right now, life is such a fuzz).
I still question if it'd be used by anyone. But at least I can try.
don't do it. instead, build software secure and usable enough that every average user can be their own exchange and bank without falling prey to haxxors or stupidity. oh, someone told me that i'm depressing the hackers with my realism and please try to make the self hurt less desirable, so here, my real world cover is goat farmer: https://peertech.org/files/totes-coders-goats.jpg </shameless_plagiarism> [ i hope that didn't reduce my anonymity set too much! ]
