On Tue, 24 Mar 2015 02:28:32 -0400 grarpamp wrote:

On Tue, Mar 24, 2015 at 1:19 AM, Juan wrote:

...

...what's the deal? Is it a scam?

Define scam.

Well, tell me what the meaning of definition is, first? And how do you define meaning? Perhaps you can provide the definition of definition? I'm guessing I need to know the meaning of meaning as well.

The deal below is interesting regardless...

Thanks! That was really helpful because, since I don't have fingers, I can't type "maidsafe". So, in 2000 freenet and gnutella were created and since then there hasn't been any real innovation. Again, what's the deal?

https://www.youtube.com/results?search_query=maidsafe http://maidsafe.net/ https://github.com/maidsafe https://www.reddit.com/r/decentralisedinternet https://en.wikipedia.org/wiki/MaidSafe

On 3/24/15, Lodewijk andré de la porte wrote:

So far I think maidsafe is not the right approach.

at times may spend many years learning hard lessons; a public fail is a wider win of sorts, opportunity to learn via other. software development sustained over years is expensive in any form - no clear best path to watering the privacy commons. a collection of decentralized methods certainly more plentiful today than before, however, ... there is hope? :)

btw apparently maidsafe also patented some things. Not a fan of patents really (bit of an understatement - IMO they should be banned). Maidsafe took some flak for it and tried to claim they were defensive patents. I think the misunderstanding is that when startups fail, patents get sold to the highest bidder. Ie the entrepreneur who thinks its a useful thing to do creates 30 years of headache for an ecosystem from his 2 year time-horizon thinking. We've even seen it before in ecash specifically with the digicash patents that were sold at bankruptcy to infospace and so there was a period where no one could use basic blind sigs and various work arounds were tried (blinding agnostic server, Wagner's blind MAC/ZKP/Lucre, server-privacy/systemix/ricardian server). That sucked. I am not sure about Maidsafe. But there are a lot of scams in alt-coin space. Its very easy to take investors money and then fail to deliver. The investors are non-qualified investors, so the legality is also questionable. But even on an ethical basis, the investors are not having legal or professional review of the prospectus, and the "investment contract" is typically ridiculous such that a professional would ROFL about the proposal. You own nothing. Its a pattern repeated a few times in alt-coin space. The other fallacy in my view is that this is somehow plausible that a service (aka app-coin) with value could defend a floating valued alt-coin. Lets say maidsafe as an example - so far I guess its vaporware, or under research & development vs zooko's LAFS for example which has been running and incrementally improving for years. But lets say they manage to develop something useful with usable functionality and reliability etc which is no small task, lets say they get workably close to matching LAFS functionality after spending the $10m or whatever they raised. Now why would people use it over LAFS which is free? If maidsafe offered better functionality than LAFS (seems doubtful but hypothetically) its FOSS software. Why would someone not fork it and remove the maidsafe token. The resources that provide the service are after all not provided by maidsafe nor the holders of the maidsafe coins - so why would users and peers in the network choose to support the enrichment of maidsafe the company nor the naive people who put money into the "investment". You often hear people talking about these schemes as "donations" and thats probably closer to the truth - if you think the tech is interesting and you donate some money to it to see it get built, without expectations of getting your money back, you're going to get less of an unpleasant surprise when it fails to materialise or it simply gets forked if it even works. I can see that Zooko for example might look at this and go huh? WTF? He implemented LAFS with various modest funding models and has a working system - and yet some folks with hand wavy ideas that may or may not be mathematically possible even jump into the tech space paint an exciting hypothetical system picture and grab $10m+ of non-qualified investor money with an "investment contract" that says the investor owns nothing (other than sort of undefined value service tokens, that are not backed by control or ownership of the resources that might operate the to-be-implemented service). If nothing else these token sale contracts are fraught with moral hazard. Investment contracts are structured the way they are by mutual negotiation between investor and startup for reasons of interest alignment and incentive. Those structures were arrived at via 100+ years of experience of what works and what doesnt, and prior generations investment scams and bubbles. It seems like a bit of a rerun of some early last century investment scams that motivated the regulations we currently have to protect investors from scammers. (Someone did ask, thats my opinion anyway:) Adam On 25 March 2015 at 04:14, Steven Schear wrote:

MaidSafe (MS) is an inadvertent (apparently due to a lack of historical information) attempt to realize the experiment Jim McCoy, Bram Cohen, Zooko O'Hearn and I set out to perform with Mojo Nation. They are doing this with the advantage of the experience of bitcoin. MN was sort of Freenet + digital currency. Unlike the file sharing systems that came before Freenet is publication-based. Both file sharing (FS) and publication content distribution approaches have their pros and cons.

FS is simpler but offers little or no plausible deniability about the sharing activities. Publication offers much better deniabilty but more complex and requires more resource commitments on the part of its users. Both suffer from limitations based on popularity. MN tried to find a sweet spot by adding a resource-based currency to solve the persistence problem by paying user clients to offer storage and communication bandwidth.

Unfortunately, MN never really got off the ground, due to a lack of funding, but it got far enough to encourage Bram to create BitTorrent and Zooko to create Tahoe LAFS. I tried to get Bram (and some others through client add-ons) to include some sort of digital currency to BT but it never happened.

McCoy patented MN's content distribution systems with resource-based currency around 2001/2. Not sure if the patent is still in force, if Jim is even aware of MS or if he's even care if MS appears to be using MN's approach.

Steve

Seems to me that it's rather easy for terrorists to create simple hardware for at least secure text messaging (or more). The recipe goes something like this : 1) a microcontroller. 2) a keyboard 3) an 'old' lcd text display 4) eeprom memory - sd card 5) a bunch of discrete components for a noise generator. The idea is to mix all those ingredients plus code to get a system that can 1) generate random data to be used as key in 'one time pad' encryption 2) input text messages (and encrypt them of course) 3) decrypt text messages to the screen (if the microcontroller can act as an usb host it maybe possible to get data from devices like cameras and encrypt it) The thing is, distribution of the key material should be trivial for any 'terrist' worth his salt. So the only drawback of the allegedly secure one time pad isn't really an issue. I'm guessing that any real 'spies' out there have been using something like this for a while.

On 3/28/15, Juan wrote:

Seems to me that it's rather easy for terrorists to create simple hardware for at least secure text messaging (or more).

I agree that the idea is relatively straightforward in principle, for someone with enough soldering ability. For any group-buy, a trustworthy manufacturer/ lead persons, and some method of hand-to-hand distribution would be required for the paranoid (and todays paranoiacs have turned out to be tomorrow's wise-in-hindsight non-crackpots over the last few decades). But, as has been said many times before here, perhaps even by you Mr Juan :), is that some of us seriously doubt whether any 'disruptive' technology can ever solve a social structure, power imbalance, or power structure abuse problem. a) Can a small group unite behind a cause in a fundamentally egalitarian way, and b) is there such a cause that exists, for the small group to unite behind, which is a significant enough cause to engage the attention and will of the greater body of our society? The real problem IMEHO (in my extremely high opinion) is The People (TM) (GMBH) (C) (R) (PTY) (LTD) failing to grasp their own situation, failing to hold to principles beyond satisfying the human passions, and fundamentally failing to give a shit beyond themselves or possibly their family. Frankly, humans are a lost cause and will always sell their souls for not only temporary convenience, but for the avoidance of perceived short or medium term pain. Readers of this email excepted of course :D

The recipe goes something like this : ... I'm guessing that any real 'spies' out there have been using something like this for a while.

Your guess is the same as mine. Zenaan

A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ). It doesn't take a spy or terrorist to create something like this: TFC was a hobby of a CS-student. Distribution of key material isn't the big problem, keeping the keys secure from end-point exploitation is as TAO, ANT-implants, COMMONDEER, VALIDATOR, QUANTUM w/ UNITEDRAKE/SALVAGERABBIT etc. make it hard. But even these could be addressed in TFC - enforcing the need for close access operations, close proximity malware injection or retro reflectors and other HW implants is the only way to avoid untasked targeting from becoming the mass surveillance of next generation; It's the sweet spot of security, as the attack can not be automated, and the cost increases linearly with the number of targets. On 28.03.2015 03:02, Juan wrote:

Seems to me that it's rather easy for terrorists to create simple hardware for at least secure text messaging (or more).

The recipe goes something like this :

1) a microcontroller. 2) a keyboard 3) an 'old' lcd text display 4) eeprom memory - sd card 5) a bunch of discrete components for a noise generator.

The idea is to mix all those ingredients plus code to get a system that can

1) generate random data to be used as key in 'one time pad' encryption 2) input text messages (and encrypt them of course) 3) decrypt text messages to the screen

(if the microcontroller can act as an usb host it maybe possible to get data from devices like cameras and encrypt it)

The thing is, distribution of the key material should be trivial for any 'terrist' worth his salt. So the only drawback of the allegedly secure one time pad isn't really an issue.

I'm guessing that any real 'spies' out there have been using something like this for a while.

On Sun, 29 Mar 2015 00:46:08 +0200 Markus Ottela wrote:

A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ).

Splitting the application in two rx/tx physically isolated devices is clever...Although using two laptops or two raspberries seems a bit overkill? Now I'm wondering how easy it would be to hack a microcontroller through its serial link. Of course "a microcontroller" is horribly vague. For instance, what about a microcontroller that can't execute code from ram? J.

On Mon, 30 Mar 2015 23:20:47 -0700 coderman wrote:

On 3/30/15, Juan wrote:

...

... Splitting the application in two rx/tx physically isolated devices is clever...Although using two laptops or two raspberries seems a bit overkill?

two USB Armory not so large nor overkill. perhaps... :P http://www.inversepath.com/usbarmory.html

Interesting. 512mb of ram. But at $100 they don't seem too cheap...

On Mon, Mar 30, 2015 at 11:20:47PM -0700, coderman wrote:

two USB Armory not so large nor overkill. perhaps... :P http://www.inversepath.com/usbarmory.html

this device - if unmodified - has severe limitations regarding inputs. e.g. if the armory contains some key material, it's hard to have it stored in there in a ciphertext, the only way to unlock (provide a decryption key for the ciphertext inside) it currently is from the device you compartmentalize your keys from, the host. there's a thing that is however extremely cool in this device, the arm trustzone (cue the sad violinist while the TCM jamboree slides are shown). pity that this gets so far ignored. it's a neat but quite misunderstood device i think. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt

Now that I think of it, SW implementations with the CEV version that cascades symmetric ciphers are very very slow if SoCs such as RPi are used. OTP and one time MAC is naturally very fast but I'm not sure how large key storages can be added for micro controllers: users should probably use OTF-encrypted HDDs to protect key data and avoid wear levelling issues of flash memory. Anyway, I pushed out 0.5.4. of TFC out yesterday. Lot's of fixes for stability and usability, signed installer that checks SHA512 hashes of other files. Probably the most important feature is hiding 'when' and 'how much' communication takes place. This is done by sending a constant stream of noise messages and commands from the transmitter unit the receivers transparently discard. This exhausts OTP keyfiles very quickly so I'd recommend using the CEV version. -maqp On 31.03.2015 05:49, Juan wrote:

On Sun, 29 Mar 2015 00:46:08 +0200 Markus Ottela wrote:

...

A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ).

Splitting the application in two rx/tx physically isolated devices is clever...Although using two laptops or two raspberries seems a bit overkill?

Now I'm wondering how easy it would be to hack a microcontroller through its serial link. Of course "a microcontroller" is horribly vague. For instance, what about a microcontroller that can't execute code from ram?

J.