...what's the deal? Is it a scam? "David Irvine began work on MaidSafe in 2006. He raised $5 million for the project" april 2014 "It raised over $7 million in Mastercoins and Bitcoins." They've been working on it for almost 10 years and still...nothing?
On Tue, Mar 24, 2015 at 1:19 AM, Juan <juan.g71@gmail.com> wrote:
...what's the deal? Is it a scam?
Define scam. The deal below is interesting regardless... https://www.youtube.com/results?search_query=maidsafe http://maidsafe.net/ https://github.com/maidsafe https://www.reddit.com/r/decentralisedinternet https://en.wikipedia.org/wiki/MaidSafe
On Tue, 24 Mar 2015 02:28:32 -0400 grarpamp <grarpamp@gmail.com> wrote:
On Tue, Mar 24, 2015 at 1:19 AM, Juan <juan.g71@gmail.com> wrote:
...what's the deal? Is it a scam?
Define scam.
Well, tell me what the meaning of definition is, first? And how do you define meaning? Perhaps you can provide the definition of definition? I'm guessing I need to know the meaning of meaning as well.
The deal below is interesting regardless...
Thanks! That was really helpful because, since I don't have fingers, I can't type "maidsafe". So, in 2000 freenet and gnutella were created and since then there hasn't been any real innovation. Again, what's the deal?
https://www.youtube.com/results?search_query=maidsafe http://maidsafe.net/ https://github.com/maidsafe https://www.reddit.com/r/decentralisedinternet https://en.wikipedia.org/wiki/MaidSafe
So far I think maidsafe is not the right approach. The mix between central and decentral is not inherent to the problem that's being solved.
On 3/24/15, Lodewijk andré de la porte <l@odewijk.nl> wrote:
So far I think maidsafe is not the right approach.
at times may spend many years learning hard lessons; a public fail is a wider win of sorts, opportunity to learn via other. software development sustained over years is expensive in any form - no clear best path to watering the privacy commons. a collection of decentralized methods certainly more plentiful today than before, however, ... there is hope? :)
MaidSafe (MS) is an inadvertent (apparently due to a lack of historical information) attempt to realize the experiment Jim McCoy, Bram Cohen, Zooko O'Hearn and I set out to perform with Mojo Nation. They are doing this with the advantage of the experience of bitcoin. MN was sort of Freenet + digital currency. Unlike the file sharing systems that came before Freenet is publication-based. Both file sharing (FS) and publication content distribution approaches have their pros and cons. FS is simpler but offers little or no plausible deniability about the sharing activities. Publication offers much better deniabilty but more complex and requires more resource commitments on the part of its users. Both suffer from limitations based on popularity. MN tried to find a sweet spot by adding a resource-based currency to solve the persistence problem by paying user clients to offer storage and communication bandwidth. Unfortunately, MN never really got off the ground, due to a lack of funding, but it got far enough to encourage Bram to create BitTorrent and Zooko to create Tahoe LAFS. I tried to get Bram (and some others through client add-ons) to include some sort of digital currency to BT but it never happened. McCoy patented MN's content distribution systems with resource-based currency around 2001/2. Not sure if the patent is still in force, if Jim is even aware of MS or if he's even care if MS appears to be using MN's approach. Steve
btw apparently maidsafe also patented some things. Not a fan of patents really (bit of an understatement - IMO they should be banned). Maidsafe took some flak for it and tried to claim they were defensive patents. I think the misunderstanding is that when startups fail, patents get sold to the highest bidder. Ie the entrepreneur who thinks its a useful thing to do creates 30 years of headache for an ecosystem from his 2 year time-horizon thinking. We've even seen it before in ecash specifically with the digicash patents that were sold at bankruptcy to infospace and so there was a period where no one could use basic blind sigs and various work arounds were tried (blinding agnostic server, Wagner's blind MAC/ZKP/Lucre, server-privacy/systemix/ricardian server). That sucked. I am not sure about Maidsafe. But there are a lot of scams in alt-coin space. Its very easy to take investors money and then fail to deliver. The investors are non-qualified investors, so the legality is also questionable. But even on an ethical basis, the investors are not having legal or professional review of the prospectus, and the "investment contract" is typically ridiculous such that a professional would ROFL about the proposal. You own nothing. Its a pattern repeated a few times in alt-coin space. The other fallacy in my view is that this is somehow plausible that a service (aka app-coin) with value could defend a floating valued alt-coin. Lets say maidsafe as an example - so far I guess its vaporware, or under research & development vs zooko's LAFS for example which has been running and incrementally improving for years. But lets say they manage to develop something useful with usable functionality and reliability etc which is no small task, lets say they get workably close to matching LAFS functionality after spending the $10m or whatever they raised. Now why would people use it over LAFS which is free? If maidsafe offered better functionality than LAFS (seems doubtful but hypothetically) its FOSS software. Why would someone not fork it and remove the maidsafe token. The resources that provide the service are after all not provided by maidsafe nor the holders of the maidsafe coins - so why would users and peers in the network choose to support the enrichment of maidsafe the company nor the naive people who put money into the "investment". You often hear people talking about these schemes as "donations" and thats probably closer to the truth - if you think the tech is interesting and you donate some money to it to see it get built, without expectations of getting your money back, you're going to get less of an unpleasant surprise when it fails to materialise or it simply gets forked if it even works. I can see that Zooko for example might look at this and go huh? WTF? He implemented LAFS with various modest funding models and has a working system - and yet some folks with hand wavy ideas that may or may not be mathematically possible even jump into the tech space paint an exciting hypothetical system picture and grab $10m+ of non-qualified investor money with an "investment contract" that says the investor owns nothing (other than sort of undefined value service tokens, that are not backed by control or ownership of the resources that might operate the to-be-implemented service). If nothing else these token sale contracts are fraught with moral hazard. Investment contracts are structured the way they are by mutual negotiation between investor and startup for reasons of interest alignment and incentive. Those structures were arrived at via 100+ years of experience of what works and what doesnt, and prior generations investment scams and bubbles. It seems like a bit of a rerun of some early last century investment scams that motivated the regulations we currently have to protect investors from scammers. (Someone did ask, thats my opinion anyway:) Adam On 25 March 2015 at 04:14, Steven Schear <schear.steve@gmail.com> wrote:
MaidSafe (MS) is an inadvertent (apparently due to a lack of historical information) attempt to realize the experiment Jim McCoy, Bram Cohen, Zooko O'Hearn and I set out to perform with Mojo Nation. They are doing this with the advantage of the experience of bitcoin. MN was sort of Freenet + digital currency. Unlike the file sharing systems that came before Freenet is publication-based. Both file sharing (FS) and publication content distribution approaches have their pros and cons.
FS is simpler but offers little or no plausible deniability about the sharing activities. Publication offers much better deniabilty but more complex and requires more resource commitments on the part of its users. Both suffer from limitations based on popularity. MN tried to find a sweet spot by adding a resource-based currency to solve the persistence problem by paying user clients to offer storage and communication bandwidth.
Unfortunately, MN never really got off the ground, due to a lack of funding, but it got far enough to encourage Bram to create BitTorrent and Zooko to create Tahoe LAFS. I tried to get Bram (and some others through client add-ons) to include some sort of digital currency to BT but it never happened.
McCoy patented MN's content distribution systems with resource-based currency around 2001/2. Not sure if the patent is still in force, if Jim is even aware of MS or if he's even care if MS appears to be using MN's approach.
Steve
Seems to me that it's rather easy for terrorists to create simple hardware for at least secure text messaging (or more). The recipe goes something like this : 1) a microcontroller. 2) a keyboard 3) an 'old' lcd text display 4) eeprom memory - sd card 5) a bunch of discrete components for a noise generator. The idea is to mix all those ingredients plus code to get a system that can 1) generate random data to be used as key in 'one time pad' encryption 2) input text messages (and encrypt them of course) 3) decrypt text messages to the screen (if the microcontroller can act as an usb host it maybe possible to get data from devices like cameras and encrypt it) The thing is, distribution of the key material should be trivial for any 'terrist' worth his salt. So the only drawback of the allegedly secure one time pad isn't really an issue. I'm guessing that any real 'spies' out there have been using something like this for a while.
On 03/27/2015 09:02 PM, Juan wrote:
Seems to me that it's rather easy for terrorists to create simple hardware for at least secure text messaging (or more).
The recipe goes something like this :
1) a microcontroller. 2) a keyboard 3) an 'old' lcd text display 4) eeprom memory - sd card 5) a bunch of discrete components for a noise generator.
The idea is to mix all those ingredients plus code to get a system that can
1) generate random data to be used as key in 'one time pad' encryption 2) input text messages (and encrypt them of course) 3) decrypt text messages to the screen
(if the microcontroller can act as an usb host it maybe possible to get data from devices like cameras and encrypt it)
The thing is, distribution of the key material should be trivial for any 'terrist' worth his salt. So the only drawback of the allegedly secure one time pad isn't really an issue.
I'm guessing that any real 'spies' out there have been using something like this for a while.
It took Red Teamers to clean up the US Armies act. They were also interspersed with Special Ops teams to disrupt the enemy communications in battle. So, yes, in a way.
On 3/28/15, Juan <juan.g71@gmail.com> wrote:
Seems to me that it's rather easy for terrorists to create simple hardware for at least secure text messaging (or more).
I agree that the idea is relatively straightforward in principle, for someone with enough soldering ability. For any group-buy, a trustworthy manufacturer/ lead persons, and some method of hand-to-hand distribution would be required for the paranoid (and todays paranoiacs have turned out to be tomorrow's wise-in-hindsight non-crackpots over the last few decades). But, as has been said many times before here, perhaps even by you Mr Juan :), is that some of us seriously doubt whether any 'disruptive' technology can ever solve a social structure, power imbalance, or power structure abuse problem. a) Can a small group unite behind a cause in a fundamentally egalitarian way, and b) is there such a cause that exists, for the small group to unite behind, which is a significant enough cause to engage the attention and will of the greater body of our society? The real problem IMEHO (in my extremely high opinion) is The People (TM) (GMBH) (C) (R) (PTY) (LTD) failing to grasp their own situation, failing to hold to principles beyond satisfying the human passions, and fundamentally failing to give a shit beyond themselves or possibly their family. Frankly, humans are a lost cause and will always sell their souls for not only temporary convenience, but for the avoidance of perceived short or medium term pain. Readers of this email excepted of course :D
The recipe goes something like this : ... I'm guessing that any real 'spies' out there have been using something like this for a while.
Your guess is the same as mine. Zenaan
On Sat, 28 Mar 2015 13:21:45 +1100 Zenaan Harkness <zen@freedbms.net> wrote:
But, as has been said many times before here, perhaps even by you Mr Juan :), is that some of us seriously doubt whether any 'disruptive' technology can ever solve a social structure, power imbalance, or power structure abuse problem.
Heh. Indeed =) I didn't mean to suggest that there was any disruptive technology that could solve the basic political problem (I guess in that regard I'm just not a cypherpunk) What I was getting at is that if there were real 'terrorists' out there, they could easily communicate using an apparently unbreakable cypher. So, all the resources that governments spend trying to read 'terrorist mail' are wasted. Furthermore, I'm assuming that any organization ('legal' or 'ilegal') that want allegedly secure communications use OTPs. So, it seems to me that at some ('high' or 'very high') level all cryptoanalysis is basically bullshit.
a) Can a small group unite behind a cause in a fundamentally egalitarian way, and b) is there such a cause that exists, for the small group to unite behind, which is a significant enough cause to engage the attention and will of the greater body of our society?
The real problem IMEHO (in my extremely high opinion) is The People (TM) (GMBH) (C) (R) (PTY) (LTD) failing to grasp their own situation, failing to hold to principles beyond satisfying the human passions, and fundamentally failing to give a shit beyond themselves or possibly their family.
Yes, and in the short run they might argue that things are not so bad, but they seem unable to understand long term trends...or as you note above...and below...they just don't care. I guess we are not feeling too optimistic today =P
Frankly, humans are a lost cause and will always sell their souls for not only temporary convenience, but for the avoidance of perceived short or medium term pain. Readers of this email excepted of course :D
The recipe goes something like this : ... I'm guessing that any real 'spies' out there have been using something like this for a while.
Your guess is the same as mine.
Zenaan
A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ). It doesn't take a spy or terrorist to create something like this: TFC was a hobby of a CS-student. Distribution of key material isn't the big problem, keeping the keys secure from end-point exploitation is as TAO, ANT-implants, COMMONDEER, VALIDATOR, QUANTUM w/ UNITEDRAKE/SALVAGERABBIT etc. make it hard. But even these could be addressed in TFC - enforcing the need for close access operations, close proximity malware injection or retro reflectors and other HW implants is the only way to avoid untasked targeting from becoming the mass surveillance of next generation; It's the sweet spot of security, as the attack can not be automated, and the cost increases linearly with the number of targets. On 28.03.2015 03:02, Juan wrote:
Seems to me that it's rather easy for terrorists to create simple hardware for at least secure text messaging (or more).
The recipe goes something like this :
1) a microcontroller. 2) a keyboard 3) an 'old' lcd text display 4) eeprom memory - sd card 5) a bunch of discrete components for a noise generator.
The idea is to mix all those ingredients plus code to get a system that can
1) generate random data to be used as key in 'one time pad' encryption 2) input text messages (and encrypt them of course) 3) decrypt text messages to the screen
(if the microcontroller can act as an usb host it maybe possible to get data from devices like cameras and encrypt it)
The thing is, distribution of the key material should be trivial for any 'terrist' worth his salt. So the only drawback of the allegedly secure one time pad isn't really an issue.
I'm guessing that any real 'spies' out there have been using something like this for a while.
On Sun, 29 Mar 2015 00:46:08 +0200 Markus Ottela <oottela@cs.helsinki.fi> wrote:
A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ).
Thanks! Checking it out.
It doesn't take a spy or terrorist to create something like this: TFC was a hobby of a CS-student.
Yeah, that was one of my not-explicitly-stated points. Since such a device is almost 'trivial' to build, rendering a lot of fancy cryptoanalisis (and hacking) useless seems easy. So we arrive at the surprising and unheard-of conclusion that governments are a very big scam...
Distribution of key material isn't the big problem, keeping the keys secure from end-point exploitation is as TAO, ANT-implants, COMMONDEER, VALIDATOR, QUANTUM w/ UNITEDRAKE/SALVAGERABBIT etc. make it hard.
I'm not sure what exactly those things do, but they seem to be attacks against 'cosumer grade' hardware and software. Not likely to work against a $2 microcontroller with no radio and no network connection.
But even these could be addressed in TFC - enforcing the need for close access operations, close proximity malware injection or retro reflectors and other HW implants is the only way to avoid untasked targeting from becoming the mass surveillance of next generation; It's the sweet spot of security, as the attack can not be automated, and the cost increases linearly with the number of targets.
On 28.03.2015 03:02, Juan wrote:
Seems to me that it's rather easy for terrorists to create simple hardware for at least secure text messaging (or more).
The recipe goes something like this :
1) a microcontroller. 2) a keyboard 3) an 'old' lcd text display 4) eeprom memory - sd card 5) a bunch of discrete components for a noise generator.
The idea is to mix all those ingredients plus code to get a system that can
1) generate random data to be used as key in 'one time pad' encryption 2) input text messages (and encrypt them of course) 3) decrypt text messages to the screen
(if the microcontroller can act as an usb host it maybe possible to get data from devices like cameras and encrypt it)
The thing is, distribution of the key material should be trivial for any 'terrist' worth his salt. So the only drawback of the allegedly secure one time pad isn't really an issue.
I'm guessing that any real 'spies' out there have been using something like this for a while.
On Sun, 29 Mar 2015 00:46:08 +0200 Markus Ottela <oottela@cs.helsinki.fi> wrote:
A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ).
Splitting the application in two rx/tx physically isolated devices is clever...Although using two laptops or two raspberries seems a bit overkill? Now I'm wondering how easy it would be to hack a microcontroller through its serial link. Of course "a microcontroller" is horribly vague. For instance, what about a microcontroller that can't execute code from ram? J.
On 3/30/15, Juan <juan.g71@gmail.com> wrote:
... Splitting the application in two rx/tx physically isolated devices is clever...Although using two laptops or two raspberries seems a bit overkill?
two USB Armory not so large nor overkill. perhaps... :P http://www.inversepath.com/usbarmory.html
On Mon, 30 Mar 2015 23:20:47 -0700 coderman <coderman@gmail.com> wrote:
On 3/30/15, Juan <juan.g71@gmail.com> wrote:
... Splitting the application in two rx/tx physically isolated devices is clever...Although using two laptops or two raspberries seems a bit overkill?
two USB Armory not so large nor overkill. perhaps... :P http://www.inversepath.com/usbarmory.html
Interesting. 512mb of ram. But at $100 they don't seem too cheap...
On Mon, 30 Mar 2015 23:20:47 -0700 coderman <coderman@gmail.com> wrote:
On 3/30/15, Juan <juan.g71@gmail.com> wrote:
... Splitting the application in two rx/tx physically isolated devices is clever...Although using two laptops or two raspberries seems a bit overkill?
two USB Armory not so large nor overkill. perhaps... :P http://www.inversepath.com/usbarmory.html
by the way, I wouldn't trust arm's "trustzone" at all, just like I wouldn't trust a complex SoC from motorola http://genode.org/documentation/articles/trustzone
On Mon, Mar 30, 2015 at 11:20:47PM -0700, coderman wrote:
two USB Armory not so large nor overkill. perhaps... :P http://www.inversepath.com/usbarmory.html
this device - if unmodified - has severe limitations regarding inputs. e.g. if the armory contains some key material, it's hard to have it stored in there in a ciphertext, the only way to unlock (provide a decryption key for the ciphertext inside) it currently is from the device you compartmentalize your keys from, the host. there's a thing that is however extremely cool in this device, the arm trustzone (cue the sad violinist while the TCM jamboree slides are shown). pity that this gets so far ignored. it's a neat but quite misunderstood device i think. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt
On 31.03.2015 09:20, coderman wrote:
On 3/30/15, Juan <juan.g71@gmail.com> wrote:
... Splitting the application in two rx/tx physically isolated devices is clever...Although using two laptops or two raspberries seems a bit overkill?
Feel free to choose your own devices / micro controllers as long as it supports the data diode and doesn't have wireless / audio devices that provide covert channels to HSAs. Wide range of platforms makes compromise of COTS hardware much more difficult. Netbooks are not significantly more expensive than if one were to buy separate batteries, chargers, displays, cables and peripherals -- It's also more convenient. Two netbooks pushes the system price around that of a Blackphone.
Now that I think of it, SW implementations with the CEV version that cascades symmetric ciphers are very very slow if SoCs such as RPi are used. OTP and one time MAC is naturally very fast but I'm not sure how large key storages can be added for micro controllers: users should probably use OTF-encrypted HDDs to protect key data and avoid wear levelling issues of flash memory. Anyway, I pushed out 0.5.4. of TFC out yesterday. Lot's of fixes for stability and usability, signed installer that checks SHA512 hashes of other files. Probably the most important feature is hiding 'when' and 'how much' communication takes place. This is done by sending a constant stream of noise messages and commands from the transmitter unit the receivers transparently discard. This exhausts OTP keyfiles very quickly so I'd recommend using the CEV version. -maqp On 31.03.2015 05:49, Juan wrote:
On Sun, 29 Mar 2015 00:46:08 +0200 Markus Ottela <oottela@cs.helsinki.fi> wrote:
A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ).
Splitting the application in two rx/tx physically isolated devices is clever...Although using two laptops or two raspberries seems a bit overkill?
Now I'm wondering how easy it would be to hack a microcontroller through its serial link. Of course "a microcontroller" is horribly vague. For instance, what about a microcontroller that can't execute code from ram?
J.
participants (10)
-
Adam Back -
coderman -
grarpamp -
Juan -
Lodewijk andré de la porte -
Markus Ottela -
scott -
stef -
Steven Schear -
Zenaan Harkness