Cryptocurrencies: alpha-11 US-Public System released

other.arkitech other.arkitech at protonmail.com
Fri Jan 31 05:24:02 PST 2020


grarpamp, thanks for coining the abbreviation USPS, your answers inline..


Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday, January 31, 2020 10:28 AM, grarpamp <grarpamp at gmail.com> wrote:

> On 1/30/20, other.arkitech other.arkitech at protonmail.com wrote:
>
> > > > closed sources running in a dedicated environment = no risk regarding
> > > > security.
> > > > For those concerned about running a node behind a firewall there is
> > > > always the option to isolate it
> > > > different vlan
> > >
> > > > remote login ... ssh port 16671
>
> Port is irrelavant, and any good internet scan can find
> them all in under one day.
> And VLAN etc is best practice for everything, but moot here...
>

I know, nondefault ssh port is not a security measure, just info I give.
Important: SSH only applies to nodes I control because owners voluntarily allowed for development.

> The issue is an unknown party with access to users outbound, and
> inbound, IP address. Even if you are not evil, you and or your machines
> could be killed, raided, coerced, compromised, coldboot, BadUSB,
> BadHDD, keylog, camera, copied, stolen... or simply become evil later.
> Now the users get all their USPS remotely stolen, and jailed for
> their IP distributing kiddie pr0n.
>
> Users need to be able to run USPS, and every other thing,
> over i2p, tor, cjdns, vpn, packet radio, etc if they want.

There is a reason for using IP4, see below.

>
> Users can let you log into them over i2p, tor onion, cjdns.
>
> The can even register some anti-sybil verify flag picture of
> node hash ping-pong to you over USPS protocol, or over those
> private anonymity networks, instead of exposing their ass to IPv4.
>
> Or you can do this debugging login or whatever on your own
> nodes, and ask for crypto donation to buy them if you need to.
>
> > > DMZ or not, the box is internet connected, and nobody
> > > knows what it's doing or can do. Even if not connected,
> > > you could be trojaning their flash / firmware / microcode.
> >
> > Yes I potentially could ... who cares
> > what is going on in the raspberry pi apart from how much electricity is
> > taking or how much heat is dissipating.
>
> The users are dropping ~$50 on a closed source, remotely
> accessible, critical service box potentially holding and managing
> their $BIG. The users are going to be very much caring about
> what's going on there. That's a questionable model for such
> a project to ask them to do.


Users have a linux box with root access protecting their wallet.
No one else but you enter the box.
Software updates are pulled like your OS pulls updates from repositories.
You can find a number of devices at your home fitting this model: Router, TV, Windows.


>
> > I assume you think I am evil
>
> Analying weaknesses and adversary threat models
> treats everything as evil, the process is not personal :)

I know, this is a trustless project.

>
> > the unique point for raising concerns is the network activity
>
> Yes forcing users down to IPv4 and IPv6 is a huge traffic
> analysis risk for them. Search the thread "Tor Stinks" on
> this list... applies to fintech same as packettech.
> Everytime user hit send or receive on a transaction, N different
> adversary wiretaps and rogue nodes and payees and payors
> are going to correlate their ass in the clear, without
> even a thin protection like tor to help them.
>
> > Think what do you know about the
> > software running in your router, likely proprietary software, same thing.
>
> Lots of routers these days use Linux or BSD inside, but that
> is irrelavant topic.

It is not an irrelevant parallelism. USPS box is debian Linux where you can login as root. Most routers that run proprietary software inside don't let you in as root, but you still run it.


>
> USPS is not an internet access router, it's a users Financial Box.

USPS is more than a coin, it is a system that cares about your private data. not only financial data,
everithing fits, medical records, pics, ...
Security is maxed in this project.

> Users do not want Fiat hands inside their Financial Box anymore.
> That's why real cryptocurrency is taking off, and Libra is dead.
>
> > This is anonymous system as far as underlying tech allows (IP4 transport).
>
> Not if they have to sign up to you, or expose their clicks and
> usage and obvious protocol traffic signture of just using USPS
> to the IPv4 spies.
>
> > Regarding network activity all you'd see is around 15 connections to other
> > nodes exchanging around 10kbps of encrypted packets.
>
> Well hopefully everything is encrypted since day one
> and has some things like pinned TOFU warnings,
> and expiring session keys, at least something...
> because BTC was stupid to not use even basic TLS
> crypto and destroyed that advantage for 10+ years already.

The consensus algorithms do not exchange private data, TLS does little for security,
redundancy of information makes its potential utility unneccesary, man-in-the-middle modifying traffic does not impact in the consensus.

TLS comes important only in private P2P trades.

That's why BTC does not need encryption. Also USPS doesn't need it, although I run the public protocol encrypted mostly for verifying it works as well as unencrypted public traffic.

>
> > > > But this is like disconnecting your OS from automatic updates.
>
> > Updates are pulled by an script on the node that retrieves signed binaries
> > from other nodes.
> > I do not need, as the one who is compiling the binaries, to have access to
> > nodes.
>
> A project compiling and distributing, users pulling... that's all fine.
> But auto rolling updates to the users fintech without users
> permission risks wiping out the entire network, and peoples
> coins with it.
>

That's foolish reasoning because pulling and auto-pulling differs little.
You voluntarily allow or disallow your binaries are in sync with the rest of the network, one-time setting.


> And the signed source code must be available,
> and reproducible builds must work.
>
> https://reproducible-builds.org/

Only when the project gains user base an open source community will be started, with reproducible builds of course and ALL code open.
Not before, there is no point to opensource it before time.
Honestly, what are you going to do with 40K lines of C++ code? without user base you would not review a single file. Pointless at this stage to open source.
I do share the code with devs for specific patches under NDA.

>
> Else USPS would be like the not famous GoldBug project on this list :)

Not sure what you mean, but might be performing bit of FUD with this project.


>
> > > > It is fully AGPL only of the software is executed on a licenced mainnet
> > > > The restriction is that if you want to run a private system ot generate
> > > > another public genesis you have to be licenced.
> >
> > I don't want to lose the mainnet (I call it channel 0)
> > ...
> > I am not enforcing licences.
>
> Just realise that no license did ever stop drugs, bittorrent,
> government thugs, or cryptocurrency. And won't stop
> users or adversaries from doing things, even on mainnet.
>
> And these days old license/copyright model is overshadowed
> by first to market speed of innovation and best of ideas
> being taken up by millions of users. That, and mutual
> interest in not doing and not accepting devaluating things
> (like FED printing $$$, or mining over 51%) is what self
> enforces the top cryptocurrencies, not some license.
>
> Boring more freedom of BSD-2clause-like copyright is winning.
> Boring no control over real cryptocurrency is winning.
> First #OpenFabs printing #OpenHW will be huge winning.
> StormArea51 will get you some cool teleporter scooters :)
>
> > Think microsoft, they dont pursue home piracy,
> > they just make sure big corps are paying for their software.
>
> If you start sending out Windows and Office and Clippy CD's
> for free from your home without protection they will :)

>
> > > > Sybil / IPv4
>
> > My algorithm just enforces there are no more than 6 nodes per IP4.
>
> There are more 1:1 personal nodes than that behind the NAT of
> the living commune and the workplace of some people on this list.
>
> > Enough measure to safely grow to million nodes from the perspective of 51%
> > attack.
> > Once reached millions, more nodes can be allowed per IP or even IP6 can
> > gradually be enabled.
> > ...
> > But this would be happening only while the network grows in size.
>
> BTC, ETH, cryptos... never needed those restrictions.
> And what fraction of other coins claim or try to enforce that?
> It does not seem to be a thing that is required for success.
> Their users either recognize the coin has a quality coin model
> worth mutually self-enforcing and adopting, or they abandon it
> to fall prey to the attacks of nature and fail like it should.
>
> > The system doesn't care whether there are many people running a single node,
> > or there is one person running multiple nodes.
> > The global economy is run on the basis of nodes/addresses for the shake of
> > anonymity.
>
> > It can be assumed the network would stabilise on a node-human
> > ratio distinct of 1:1.
>
> Only if the users profit from more nodes is less than cost of buying
> or abusing more IPs to put them on. And USPS already allows 6:1.
>



The point is that to perform Sybil carries a considerable cost. That's the fundamental law sustaining hashcash (BTC's PoW)




> > Innocent people could be prevented from running a node given the IP4
> > restriction mentioned above.
> > But this would be happening only while the network grows in size.
> > Reached a point, preventive countermeaures could be relaxed allowing the
> > participation of more people.
>
> > I first solve the system assuming IP4 disclosure is OK for 80% of the
> > people.
> > If the demand goes big enough a separate work on how to hide IP4 addresses
> > can be undertaken without invalidating any of the work done so far.
>
> More than 80% of the people are going to click away from
> USPS onion and new USPS thing.
> Adoption rarely happens with the 80% first.
>
> Maybe USPS has some new "democratization" theories for the paper.


I don't know what you mean. How democracy enters into this?. There are IP4 endpoints, that's all.
And this is to allow a resiliency model based on number of nodes (as oposed to CPU power), which is much more aligned with democracy, as every node benefits from the profit generated by the system evenly.



>
> > > So what is the launch mechanism...
> > > Beta is a premine, no new genesis, leadtime till genesis, etc?
> >
> > The program is:
> > genesis block, Node #1 - Nov-2018
> > invited
> > Apx Feb-2019
> > Told everyone to not spread the word
>
> These days, due to many past problems, a premine tends to be
> viewed as a coin that is not widely, publicly, freely announced and
> released, to and for anyone and everyone around the world to use,
> posted over same day or few, among and out to the major cryptocurrency,
> anonymity, privacy, fintech, trading, related community, etc forums.
>
> From the above... USPS seems to be a premine.
>

It is not premine, everything 'mined' so far has done in the clear.
It is easy to verify how many 'satoshis' should be a in circulation since genesis.
And easy to verify the theoretical number matches the actual amount in circulation.
Proving that no alterations to cryptoeconomics has been done since then.

You ask me to shutdown mainnet to start another. Like if I ask to restart bitcoin because I joined later.
How this action would be taken by people who are running a node since long ago?

Still I advised to keep the size of the network small during alpha, where we are still.
Although discrete announcements was made on public forums like reddit,
see - https://www.reddit.com/r/cryptodevs/comments/abs2yj/low_cost_public_system/

So, from your perspective this could be a premine, from the perspective of current running nodes the network is going on.

Premine means reserving a share of tokens before launch. USPS didn't do this.
What USPS did was to grow slow in the open.

Anyway, Satoshi Nakamoto accumulated million bitcoins, you accuse me of pre-mining and if I did, Satoshi did.
None of us did. So your comment could be FUD again.




> USPS claims to be a privacy coin? How?
>
> If so, then there is a very big problem to combine
> privacy, premine, and no new genesis...

USPS is not a coin. You can create your own coin in it though.
I don't know what you nmean by privacy coin.
USPS is a systems that negotiates your private data efficiently using P2P protocols in your behald for the unique interest of defending your interest. (monetization, trading, visiting a Dr. ,.. anything)

Nothing to do with the fact that the platform already started in the past.

>
> Then people rightly refuse to use and adopt any privacy premines
> exactly because no user can openly evaluate how deep some
> bagholding devs, partners, and earlies have already premined thus
> washing out proper public release launch users future efforts and positions.


You can always join to be earlier than the rest, everyone is invited to join the earliers.
Obviously there are people who are already running nodes, they all deserve every penny they earnt since they joined.


> And no statement or signed lie from that premine group can disprove
> or audit their own premine of a truly private coinbase blockchain.
> The BTC coinbase mining inputs to the blockchain are public, so
> everyone has the same fair knowledge and audit since block 0.
>



> The USPS coin should:

Dont call it coin please. It is not a coin.

>
> 1.  Opensource, and at least some general overview paper.

When user base is big enough a dev-community will be started. GPL

> 2.  Get the code release ready, and running on testnet.

Running on mainnet

> 3.  Set and widely announce a future date at least say 30-60-90-180 days out.
> 4.  Release new genesis key as the mainnet on that date.

I could not do this announcements because there wasn't resources to do so.
I needed nodes development and people supported me, I cannot let them down restarting the blockchain.



>     Else you will have everyone publicly declaring you and
>     these 60 nodes of 1+ year worth of premine as frauds,

This would be real FUD in an excercise of twisting the reality.


>     and you have no way to ever prove otherwise.
>     Or if you do, then the coin is not private.
>
>     Premining just seems despised regardless of whatever
>     coin in the world does it.
>
>     And if the coin is successful, the team will have plenty
>     of time in the early adoption curve after a fair new Genesis
>     launch to still mine from that new day, and invest buying at $0.01,
>     and retire from the profit, if that is their motivation.
>
>     Is USPS saying that USPS coinbase generated is somehow
>     verifiable public knowledge, but that its transactions are private?

You can do basic macroeconomic math as explained above.
Anyway who cares about how much crypto has been generated so far, we're still in alpha, there's plenty of time and little amount has been pumped in comparison with the max. [int64 space]

Basically the number every node has earned are directly proportional to the time they've been in.
Fair.


>
>
> > FFF
>
> What does this string mean?

startup jargon, see e.g. this coming from ggogling it : https://businessangelinstitute.org/blog/2013/07/31/fff-family-friends-fools/


>
> > more nodes, I invite more people, YOU?
>
> As a node on an onion / i2p / cjdns, or behind a tor exit, and
> without registering disclosing communicating linking their identities,
> yes maybe some people on list would be easy to say yes to that.
>
> Hack on :)









More information about the cypherpunks mailing list