gmkarl at gmail.com
Sat Jun 6 08:24:36 PDT 2020
I missed some of your expressions.
On Sat, Jun 6, 2020, 10:59 AM other.arkitech <other.arkitech at protonmail.com>
> what? any developer geting thousands of public IPv4 addresses by modifying
>>>>> Nop. That's not true.
>>>>> (Or I haven't understood well what you say)
>>>> People go to places on the internet to download things. Others can
>>>> upload things to those places to download. You can upload something that
>>>> lies about what it is doing, and gives you use of the ip address of the
>>>> downloader's computer when run. Do you understand?
>>>> It sounds like this is surprising to you?
>>>> so you refer to computers running malware, that case is contemplated in
>>>> the design as an 'evil node'
>>> it sounds like you haven't addressed a sybil attack from massively
>>> distributed malware, which is fine nobody can cover everything. not sure
>>> where the design lives.
>>> If the malware is distributed in a bigger scale than the honest
>>> software, indeed, the evil network becomes the 'honest' one to the eyes of
>>> the software, that's 51% attack.
>>> Provided a world distribution of people that can be evil/honest of
>>> 80%-20%, the likeliness of an evil network overtaking the honest one is
>>> lower than the opposite.
>>> The evil network wont work if many evil nodes run behind same IP, so the
>>> malware must meet the same distribution enforcement applied to the honest
>>> net. Nodes running malware must be geographically distributed, so local
>>> marketplaces spreading malware have less chances to spread worldwide in
>>> order to compromise the network.
>> I'm not sure you're hearing me when I say that one person is able to
>> distribute malware to thousands (or more) of other people worldwide,
>> producing a sybil attack from an individual. Is this something you're able
>> to repeat back to me? It sounds like you have an expectation around
>> handling this?
>> i though i gave a fair response.
>> i understand you say that many computers can be infected of malware by a
>> single individual who is creating an attacking botnet.
>> An I said such botnet must be bigger than the network to succeed.
>> The security of USPS depends on the number of nodes, the bigger the best.
> Thanks. It is actually reasonable to create a botnet that covers an
> entire sector of the world (such as everybody running ubuntu 20 or windows
> 10 or the latest iOS) by finding, developing, or observing an unpatched
> exploit. With more than one exploit a botnet developer could cover
> multiple such sectors. I imagine this would usually produce more ip
> addresses than a specific network service like USPS uses.
> This concern is one of the ones USPS hasn't been acknowledging.
> 51% attack is always a concern. My answer is to have a big honest network
> that makes it very difficult for a botnet to coordinate the attack. the
> attacking vector is a war on size.
Always a fan of assuming honesty, but it's good to have something to fall
back on if honesty isn't upheld in some edge situation. This is where
cryptocurrency usually shines.
Given it doesn't take financial resources to acquire IP addresses, USPS
could struggle to use the usual cryptocurrency avenue of it being more
profitable to support the network than attack it.
But really hashpower is just plain much harder to acquire than ip
addresses. I'm not sure there are even any laws against botnets.
The use of hashpower, difficulty, and an append-only log also lets users of
cryptocurrencies detect attacks by observing metrics.
> In bitcoin the homologous attacking vector is a war on hashing power.
> Even bitcoin has unaddressed security concerns.
> The use of scarce ip address alotment to make it less worthwhile to
> perform some sybil attacks than to use other means to achieve an end is
> also used by IPFS, last I looked.
> Interesting, will look at it. Thanks
>> I also see no reason a malware marketplace would not spread worldwide.
>> no technical reason, obviously it is flat internet.
>> But people operate in cultures, I mean that a malware disguised say for
>> instance inside a pirate copy of photoshop will only be spread across those
>> who use photoshop who are not caring about malware, not all possible
> sorry missed this. hope i addressed it suitably.
>> Really struggling to communicate here. I understand you need to know
>> your software is given a fair trial to actually run, is that correct?
>> Sorry about that if that's my fault. I try to respond with what I think
>> about the attack vector you describe.
>> I am try to honestly persuade you guys to try USPS if you're really
>> interested in it as a next-gen cryptocurrency system.
>> My interest is to gain users that can explore every corner of it, in
>> order to find gaps, failures, etc. Just helping me in its development.
> Open source and utility are what I see as being needed. I don't know this
list well and am spamming it right now, but I see it as a list of
developers, not users.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 8773 bytes
Desc: not available
More information about the cypherpunks