Cryptocurrency:

[Karl]

On Sat, Jun 6, 2020, 9:48 AM other.arkitech <other.arkitech at protonmail.com>
wrote:

>
>
>
> Sent with ProtonMail <https://protonmail.com> Secure Email.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Saturday, June 6, 2020 1:28 PM, Karl <gmkarl at gmail.com> wrote:
>
>
>
> On Sat, Jun 6, 2020, 8:14 AM other.arkitech <other.arkitech at protonmail.com>
> wrote:
>
>>
>>
>>
>> Sent with ProtonMail <https://protonmail.com> Secure Email.
>>
>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>> On Saturday, June 6, 2020 12:00 PM, Karl <gmkarl at gmail.com> wrote:
>>
>>
>> On Sat, Jun 6, 2020, 7:49 AM other.arkitech <
>> other.arkitech at protonmail.com> wrote:
>>
>>>
>>>
>>>
>>> Sent with ProtonMail <https://protonmail.com> Secure Email.
>>>
>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>>> On Saturday, June 6, 2020 11:38 AM, Karl <gmkarl at gmail.com> wrote:
>>>
>>>
>>>
>>> On Sat, Jun 6, 2020, 7:18 AM other.arkitech <
>>> other.arkitech at protonmail.com> wrote:
>>>
>>>>
>>>>
>>>>
>>>> Sent with ProtonMail <https://protonmail.com> Secure Email.
>>>>
>>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>>>> On Saturday, June 6, 2020 10:17 AM, Karl <gmkarl at gmail.com> wrote:
>>>>
>>>>
>>>>
>>>> On Fri, Jun 5, 2020, 7:29 PM other.arkitech <
>>>> other.arkitech at protonmail.com> wrote:
>>>>
>>>>> > so your system doesn't have a bloated chain, which is nice. The
>>>>> 'consensus' is handled by voting...based one IP address one vote. But how
>>>>> robust is relying on IP addresses at the end of the day?
>>>>> >
>>>>>
>>>>> IPv4 provides unique features no other protocol has. address space is
>>>>> saturated (scarce) and addresses are not cheap. It is a a nice tool for
>>>>> Sybil control
>>>>>
>>>>
>>>> OA, when you say this people start disregarding what you say because it
>>>> is false.
>>>>
>>>> Any software developer can get thousands of IP addresses by altering a
>>>> piece of pirated software to include something new of their own design and
>>>> sharing it in a venue where it hasn't been shared on before.  There are
>>>> many many other ways and people _think_ of them, _use_ them, are _observed_
>>>> using them, and things spread and grow.
>>>>
>>>>
>>>> what? any developer geting thousands of public IPv4 addresses by
>>>> modifying software?
>>>> Nop. That's not true.
>>>> (Or I haven't understood well what you say)
>>>>
>>>
>>> People go to places on the internet to download things.  Others can
>>> upload things to those places to download.  You can upload something that
>>> lies about what it is doing, and gives you use of the ip address of the
>>> downloader's computer when run.  Do you understand?
>>>
>>> It sounds like this is surprising to you?
>>>
>>>
>>> so you refer to computers running malware, that case is contemplated in
>>> the design as an 'evil node'
>>>
>>
>> it sounds like you haven't addressed a sybil attack from massively
>> distributed malware, which is fine nobody can cover everything.  not sure
>> where the design lives.
>>
>>
>> If the malware is distributed in a bigger scale than the honest software,
>> indeed, the evil network becomes the 'honest' one to the eyes of the
>> software, that's 51% attack.
>>
>> Provided a world distribution of people that can be evil/honest of
>> 80%-20%, the likeliness of an evil network overtaking the honest one is
>> lower than the opposite.
>>
>> The evil network wont work if many evil nodes run behind same IP, so the
>> malware must meet the same distribution enforcement applied to the honest
>> net. Nodes running malware must be geographically distributed, so local
>> marketplaces spreading malware have less chances to spread worldwide in
>> order to compromise the network.
>>
>
>
> I'm not sure you're hearing me when I say that one person is able to
> distribute malware to thousands (or more) of other people worldwide,
> producing a sybil attack from an individual.  Is this something you're able
> to repeat back to me?  It sounds like you have an expectation around
> handling this?
>
>
> i though i gave a fair response.
> i understand you say that many computers can be infected of malware by a
> single individual who is creating an attacking botnet.
> An I said such botnet must be bigger than the network to succeed.
>
> The security of USPS depends on the number of nodes, the bigger the best.
>

Thanks.  It is actually reasonable to create a botnet that covers an entire
sector of the world (such as everybody running ubuntu 20 or windows 10 or
the latest iOS) by finding, developing, or observing an unpatched exploit.
With more than one exploit a botnet developer could cover multiple such
sectors.  I imagine this would usually produce more ip addresses than a
specific network service like USPS uses.

This concern is one of the ones USPS hasn't been acknowledging.

Even bitcoin has unaddressed security concerns.

The use of scarce ip address alotment to make it less worthwhile to perform
some sybil attacks than to use other means to achieve an end is also used
by IPFS, last I looked.


>
> I also see no reason a malware marketplace would not spread worldwide.
>
>
> no technical reason, obviously it is flat internet.
> But people operate in cultures, I mean that a malware disguised say for
> instance inside a pirate copy of photoshop will only be spread across those
> who use photoshop who are not caring about malware, not all possible
> computers.
>
> Really struggling to communicate here.  I understand you need to know your
> software is given a fair trial to actually run, is that correct?
>
>
> Sorry about that if that's my fault. I try to respond with what I think
> about the attack vector you describe.
>
> I am try to honestly persuade you guys to try USPS if you're really
> interested in it as a next-gen cryptocurrency system.
> My interest is to gain users that can explore every corner of it, in order
> to find gaps, failures, etc. Just helping me in its development.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 10180 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20200606/1a9e6f9d/attachment.txt>