Re: Cryptocurrencies: alpha-11 US-Public System released
‐‐‐ Original Message ‐‐‐ On Tuesday, February 4, 2020 12:22 PM, grarpamp wrote: > On 1/31/20, other.arkitech other.arkit...@protonmail.com wrote: > > > coining the abbreviation USPS > > It seems like a coin, coins have tickers. > It's not much of a good one, sounds too much like > Postal Services, United Parcel, too much USA. > > > Important: SSH only applies to nodes I control because owners voluntarily > > allowed for development. > > > No one else but you enter the box. > > If past is right, it was enabled by default in the image and could login > to all the users machines, and required all users to register their > IP to you before they could run their nodes. > > > There is a reason for using IP4, see below. I have a ssh access to many of the existing nodes, as people who run them, (some I know, some I don't know who is behind), understands I need it for development purposes. This is ok for alpha status and is also low risk while the value is low. > > It's invalidated by both easy and inexpensive attack models. > Especially before masses supercede over Sybil. > So there is not point to this IPv4, early, or later. > Unless there is some whitepaper to show different. > The whitepaper is in the kitchen, but is a slow cook. Remember that this system is in late-development stage. It won't be officially released until the current alpha-11 evolve to 1.0 > > Users have a linux box with root access protecting their wallet. > > No, users have a closed source USPS box that they have > no idea what it is doing with their funds and their interaction > with it. There is zero protection there. Users would be insane > to put funds on closed source remotely accessible box that > some license and mandatory autoupdates further shove > centralized counterparty control risk down users throats. > > > Software updates are pulled like your OS pulls updates from repositories. > > Ask your local FinTech dayjob how scary that is no, no, no. I bet they all have their operating system automatic updates turned on as they ought to do to keep their systems updated. > > > You can find a number of devices at your home fitting this model: Router, > > TV, Windows. > > All of those closed devices are untrustable surveillance, attack, > and propaganda boxes that should be hit with a hammer. > USPS this node will be trustable and secure on 1.0 because the dev-tools that are present during alpha will be gone, an the software will be released open-source. > > It is not an irrelevant parallelism. USPS box is debian Linux where you can > > login as root. Most routers that run proprietary software inside don't let > > you in as root, but you still run it. > > An opensource BSD/linux router that users can hack > on is an irrelavant nonexample. > > Root access to USPS doesn't matter much when USPS users cannot > hack on and run USPS however they want due to closedsource and > license. That's a relavant distributed fintech security issue, > > > it is a system that cares about your private data. > > not only financial data, everithing fits, medical records, pics, ... > > Security is maxed in this project. > > Needs a whitepaper to evaluate this. This is a project aimed to maximize privacy, the whitepaper will tell the details. > > > The consensus algorithms do not exchange private data. > > redundancy of information makes its potential utility unneccesary, > > man-in-the-middle modifying traffic does not impact in the consensus. > > TLS comes important only in private P2P trades. > > Was a basic analyse the failure modes and breadth of possible attack even > done. > At minimum, every users transaction is spyable... srcIP, dstIP, content, > as it is broadcast across the network. > "Private P2P trades" are probably not private because they > too need to ripple information across the spy network to > register in consensus crunching pools, etc. > All the miners mempools or whatever you call them > will know exactly what IP hops the tx came from. > Using encrypted communication is impossible (provably impossible) to determine the originating node of a transaction. Using clear communication, is a not easy problem to deduce the originating address of a transaction. A transaction contains input and output addresses, which are already anonymized. So it offers pretty good privacy. The most you can know is that a particular IP address operates a node, difficult to breach privacy. Only "The Man" and your Internet Company could transform IP4 into your personna. > > TLS does little for security, > > That's why BTC does not need encryption. > > Also USPS doesn't need it > > Haha, that was the bad joke the NSA police politician propaganda > played on you :) I am connected to politics in no way. > Everything that traverses clearnet needs at least some basic TLS > mode... TOFU, PSK, oppurtunistic... or other good crypto. > TLS is free, to refuse to crypt every single connection today, looks even more > stupid than
Re: [OBORONA-SPAM] Re: Cryptocurrencies: alpha-11 US-Public System released
On 2/2/20, other.arkitech wrote: > The proposal is to replace current Governments with a low-cost > distributed machine that would collect inputs and produce outputs Sure, that is all good and interesting to try. > not apply filters in people's input. > The system would be able to let people decide whether if a 'road' is > convenient or not, and how to fund it. What if the people decide USPS is inconvenient due to license inability to hack and fork, or is being too centralized monetized premined controlled by all these "business investors" and "private invites". People will leave it with no adoption, and all USPS people names and funds die with it. Even from old age who going to enforce or care then. And when people simply reverse engineer or clone around and make a new better than USPS system. At least actual opensource distributed forkable as needed might survives with good reverence and actual freedom. How can peopel think trying to teach new voluntaryism model of "letting people decide" without force concerning "whatabout muh roads"... can be honestly taught using a software application students will eventually discover is based on non-voluntary license force. Did not some students rise to destroy this conflicting master. How to not apply filters to peoples tools. > Everything is better compared to our current model of participation in the > society based on ticking a box every 4 or 5 years. Then don't tick any box. And write code boxes to bypass them. Or tick the Libertarian box if you want to see Stasi boy go postal. Sure maybe there is no problem making private money in some ways, just that truth should be disclaimed in front. "spend years of my life learning to code improvements/modules to particular software platform, it might as bloody well be something I can continue to do if I leave my present corporation"
Re: Cryptocurrencies: alpha-11 US-Public System released
On 1/31/20, other.arkitech wrote: > coining the abbreviation USPS It seems like a coin, coins have tickers. It's not much of a good one, sounds too much like Postal Services, United Parcel, too much USA. > Important: SSH only applies to nodes I control because owners voluntarily > allowed for development. > No one else but you enter the box. If past is right, it was enabled by default in the image and could login to all the users machines, and required all users to register their IP to you before they could run their nodes. > There is a reason for using IP4, see below. It's invalidated by both easy and inexpensive attack models. Especially before masses supercede over Sybil. So there is not point to this IPv4, early, or later. Unless there is some whitepaper to show different. > Users have a linux box with root access protecting their wallet. No, users have a closed source USPS box that they have no idea what it is doing with their funds and their interaction with it. There is zero protection there. Users would be insane to put funds on closed source remotely accessible box that some license and mandatory autoupdates further shove centralized counterparty control risk down users throats. > Software updates are pulled like your OS pulls updates from repositories. Ask your local FinTech dayjob how scary that is no, no, no. > You can find a number of devices at your home fitting this model: Router, > TV, Windows. All of those closed devices are untrustable surveillance, attack, and propaganda boxes that should be hit with a hammer. > It is not an irrelevant parallelism. USPS box is debian Linux where you can > login as root. Most routers that run proprietary software inside don't let > you in as root, but you still run it. An opensource BSD/linux router that users can hack on is an irrelavant nonexample. Root access to USPS doesn't matter much when USPS users cannot hack on and run USPS however they want due to closedsource and license. That's a relavant distributed fintech security issue, > it is a system that cares about your private data. > not only financial data, everithing fits, medical records, pics, ... > Security is maxed in this project. Needs a whitepaper to evaluate this. > The consensus algorithms do not exchange private data. > redundancy of information makes its potential utility unneccesary, > man-in-the-middle modifying traffic does not impact in the consensus. > TLS comes important only in private P2P trades. Was a basic analyse the failure modes and breadth of possible attack even done. At minimum, every users transaction is spyable... srcIP, dstIP, content, as it is broadcast across the network. "Private P2P trades" are probably not private because they too need to ripple information across the spy network to register in consensus crunching pools, etc. All the miners mempools or whatever you call them will know exactly what IP hops the tx came from. > TLS does little for security, > That's why BTC does not need encryption. > Also USPS doesn't need it Haha, that was the bad joke the NSA police politician propaganda played on you :) Everything that traverses clearnet needs at least some basic TLS mode... TOFU, PSK, oppurtunistic... or other good crypto. TLS is free, to refuse to crypt every single connection today, looks even more stupid than it did in 2010 and 2000. Regardless even if it only make it tiny little harder for adversary, it is non optional today. >> But auto rolling updates to the users fintech without users >> permission risks wiping out the entire network, and peoples >> coins with it. > That's foolish reasoning because pulling and auto-pulling differs little. No, auto-pull auto-run is vastly different from manual-pull manual-run. > You voluntarily allow or disallow your binaries are in sync with the rest of > the network, one-time setting. Users should set it to OFF until they can eval and test and talk about it with others. > Only when the project gains user base an open source community will be > started, with reproducible builds of course and ALL code open. > Not before, there is no point to opensource it before time. > Honestly, what are you going to do with 40K lines of C++ code? without user > base you would not review a single file. Pointless at this stage to open > source. These ways is not how true opensource projects operate. > I do share the code with devs for specific patches under NDA. As before, how exactly are you going to enforce that NDA? How exactly are you going to enforce your nonfree License / Copyright? How exactly are you going to stop users plugging it into overlay networks? Do you think cryptoanarchy cares about those things? Are you going to beg and vote and pay for the State to go shoot people dead? > It is fully AGPL only of the software is executed on a licenced mainnet Then it seems not AGPL, it seems some proprietary license that cannot use the name AGPL. Good luck...
Re: [OBORONA-SPAM] Re: Cryptocurrencies: alpha-11 US-Public System released
[OBORONA-SPAM] ? this should be a false positive answer inline.. Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Sunday, February 2, 2020 12:20 AM, Zenaan Harkness wrote: > On Sat, Feb 01, 2020 at 10:24:33AM +, other.arkitech wrote: > > > > > I do share the code with devs for specific patches under NDA. > > > > > > NDA? LMAO! Frankly, at this point I should tell you to get lost. > > > > said who? > > There might be something lost in language barrier - or not, not sure > here. > > There are perhaps not many "hard core floss devs" willing to sign an > NDA with you. > > The question folks will want answered is "why should I sign an NDA, > just to look at code or to write some modules?" > > But again, perhaps we are missing something between the language > barriers... > > Knowing the following getting repetitive, I strongly suggest > beginning discussions on the real fundamentals - some are simply not > grasping that your "virtual/ collective/ public ledger taxation" > model is something we want to get on board with. > > It might be - but such a "might be" must live in the minds of those > you want to convince to join you, see? > > Such conversations might best be started with questions. > > Here's one such hypothetical beginning: > > Do we consider roads to be "public infrastructure"? > > In what ways can we pay for roads? > > Do we want more roads? > > What criteria should we use for deciding amongst the different ways > to pay for new roads? > > Good luck, Thanks for changing route Zen, As Punk-Stasi points out the Public System definition is vague at this point. what this USPS proposes is a bottom-up approach to a Public System, starting from the fundamentals. The proposal is to replace current Governments with a low-cost distributed machine that would collect inputs and produce outputs in infinite loop. A system that would have a real view of the 'common interest' because it would not apply filters in people's input. The system would be able to let people decide whether if a 'road' is convenient or not, and how to fund it. Everything is better compared to our current model of participation in the society based on ticking a box every 4 or 5 years.
Re: [OBORONA-SPAM] Re: Cryptocurrencies: alpha-11 US-Public System released
On Sat, Feb 01, 2020 at 10:24:33AM +, other.arkitech wrote: > > > > I do share the code with devs for specific patches under NDA. > > > > NDA? LMAO! Frankly, at this point I should tell you to get lost. > > said who? There might be something lost in language barrier - or not, not sure here. There are perhaps not many "hard core floss devs" willing to sign an NDA with you. The question folks will want answered is "why should I sign an NDA, just to look at code or to write some modules?" But again, perhaps we are missing something between the language barriers... Knowing the following getting repetitive, I strongly suggest beginning discussions on the real fundamentals - some are simply not grasping that your "virtual/ collective/ public ledger taxation" model is something we want to get on board with. It might be - but such a "might be" must live in the minds of those you want to convince to join you, see? Such conversations might best be started with questions. Here's one such hypothetical beginning: Do we consider roads to be "public infrastructure"? In what ways can we pay for roads? Do we want more roads? What criteria should we use for deciding amongst the different ways to pay for new roads? Good luck,
Re: Cryptocurrencies: alpha-11 US-Public System released
On Sat, Feb 01, 2020 at 04:46:35PM -0300, Punk-Stasi 2.0 wrote: > On Sat, 1 Feb 2020 21:27:27 +1100 > Zenaan Harkness wrote: > > > > Developing bug free software, is not so easy (and this is of course > > no reason to push proprietary software or advocate for broken update > > models). > > > > Exactly my point. "automatic updates" is a bad incentive that only > makes the problem worse. Have to agree with this - good point.
Re: Cryptocurrencies: alpha-11 US-Public System released
‐‐‐ Original Message ‐‐‐ On Saturday, February 1, 2020 10:27 AM, Zenaan Harkness wrote: > On Fri, Jan 31, 2020 at 06:44:27PM -0300, Punk-Stasi 2.0 wrote: > > > On Fri, 31 Jan 2020 13:24:02 + > > "other.arkitech" other.arkit...@protonmail.com wrote: > > > > > Software updates are pulled like your OS pulls updates from repositories. > > > You can find a number of devices at your home fitting this model: Router, > > > TV, Windows. > > > > people tolerate that 'model' because they are idiots. Especially idiots who > > buy a retard-TV and run windows. But the 'model' is also pushed on them, so > > they are not completely to blame. Conclusion : the two reasons the 'model' > > is used are stupidity and criminal intent. > > Ok. > > > Also, notice how piece of shit 'developers' can't write decent code so they > > keep updating their garbage to fix the endless stream of bugs they create. > > Useless assholes. And in the process, they end up having complete control > > over, and owning hardware that other idiots, known as 'users', paid for. > > Developing bug free software, is not so easy (and this is of course > no reason to push proprietary software or advocate for broken update > models). > > Analogy: > > Privacy is a sort of solved problem - PGP, TLS, SSL, NACL/ crypto > box. > > Anonymity of any sort on the other hand, is so far from solved it's > not funny, and the current $$$ regime is demanding greater and > greater submission to giving up of private data makes the target > look "sustainable manned base on Mars" levels of difficult. > > This reminds me of some years back, a vehement "defender of > developers" who literarily bashed "those useless furkin USERS!" to an > extreme - until someone gently asked which $EDITOR he used, and did > he not consider himself a -user- of that editor? > > So, bug free software? > > Have at it bro! And you will be showered with accolades in the order > of "shirt, if DJB ain't some kind o' genius, we'll just forgive his > social acerbic-ness and let him code and create in his ivory tower!" > > Of course, when looked at objectively, most of us are indeed idiots. > > Except of course "I, In My Extremely High Opinion". > > If you ain't got bug free software to push, > your "developers are useless bug creating arseholes" cry won't > land all too well with many folks. > > > > I do share the code with devs for specific patches under NDA. > > > > NDA? LMAO! Frankly, at this point I should tell you to get lost. > > The proprietary software horse has left the barn - and that's a good > thing - the consequence being that any thoughtful software developer > will not put his energy into proprietary - aka "someone else's" - > enterprise/ software/ company. > > FLOSS works for "lowly developers" because it is a fundamentally > fairer model than proprietary software. "If I spend years of my life > learning to code improvements/modules to particular software > platform, it might as bloody well be something I can continue to do > if I leave my present corporation" etc. I am between two lands. On one side I joined the Free Software movement mid90's, since then, all I have done require using/producing GPL software. I Fought Micro$oft evil empire of proprietary software and all I want is this model to die. On the other side, this particular project is a seed for something bigger that requires funding. While looking my way through investors I must not disclose the sources because having a 'secret' in my pocket sort of helps in accessing funds. Only when I am at good financial position that allows me continue with the project I'll make 1.- User base; 2.- dev community on GPL/AGPL os any other FOSS. You see. It is not about a war between proprietary/free sw. It is how to getting mainstream. My strategy is: 1st stage: privative - seed the project 2nd stage: Free - grow the fish I apologize to me and to you free software advocates all of us for using a privative model as a continuity solution for the project. I understand your complaints. Cheers OA
Re: Cryptocurrencies: alpha-11 US-Public System released
On Fri, Jan 31, 2020 at 06:44:27PM -0300, Punk-Stasi 2.0 wrote: > On Fri, 31 Jan 2020 13:24:02 + > "other.arkitech" wrote: > > > Software updates are pulled like your OS pulls updates from repositories. > > You can find a number of devices at your home fitting this model: Router, > > TV, Windows. > > people tolerate that 'model' because they are idiots. Especially idiots > who buy a retard-TV and run windows. But the 'model' is also pushed on them, > so they are not completely to blame. Conclusion : the two reasons the 'model' > is used are stupidity and criminal intent. Ok. > Also, notice how piece of shit 'developers' can't write decent code so > they keep updating their garbage to fix the endless stream of bugs they > create. Useless assholes. And in the process, they end up having complete > control over, and owning hardware that other idiots, known as 'users', paid > for. Developing bug free software, is not so easy (and this is of course no reason to push proprietary software or advocate for broken update models). Analogy: Privacy is a sort of solved problem - PGP, TLS, SSL, NACL/ crypto box. Anonymity of any sort on the other hand, is so far from solved it's not funny, and the current $$$ regime is demanding greater and greater submission to giving up of private data makes the target look "sustainable manned base on Mars" levels of difficult. This reminds me of some years back, a vehement "defender of developers" who literarily bashed "those useless furkin USERS!" to an extreme - until someone gently asked which $EDITOR he used, and did he not consider himself a -user- of that editor? So, bug free software? Have at it bro! And you will be showered with accolades in the order of "shirt, if DJB ain't some kind o' genius, we'll just forgive his social acerbic-ness and let him code and create in his ivory tower!" Of course, when looked at objectively, most of us are indeed idiots. Except of course "I, In My Extremely High Opinion". If you ain't got bug free software to push, your "developers are useless bug creating arseholes" cry won't land all too well with many folks. > > I do share the code with devs for specific patches under NDA. > > NDA? LMAO! Frankly, at this point I should tell you to get lost. The proprietary software horse has left the barn - and that's a good thing - the consequence being that any thoughtful software developer will not put his energy into proprietary - aka "someone else's" - enterprise/ software/ company. FLOSS works for "lowly developers" because it is a fundamentally fairer model than proprietary software. "If I spend years of my life learning to code improvements/modules to particular software platform, it might as bloody well be something I can continue to do if I leave my present corporation" etc.
Re: Cryptocurrencies: alpha-11 US-Public System released
>> closed sources running in a dedicated environment = no risk regarding >> security. >> For those concerned about running a node behind a firewall there is always >> the option to isolate it >> remote login ... ssh port 16671 >DMZ or not, the box is internet connected, and nobody >knows what it's doing or can do. Even if not connected, >you could be trojaning their flash / firmware / microcode. Yes I potentially could, and I assume you think I am evil. but still the unique point for raising concerns is the network activity, since who cares what is going on in the raspberry pi apart from how much electricity is taking or how much heat is dissipating. Think what do you know about the software running in your router, likely proprietary software, same thing. Regarding network activity all you'd see is around 15 connections to other nodes exchanging around 10kbps of encrypted packets. Particulrly you are able to verify the node is niether scanning the LAN not attempting to connect to any local computer. You can even run it in different vlan to prevent it. So, even when I am firmly an open-source advocate and the whole source code of the system will be released, this won't happen before I have enough user-base to justify the creation of a dev-community. >It's not your box, undisclaimed this would be unethical >positioning, especially for money environments, doubly >when it's not your money either. >If you need logins, run your own nodes, >and ask for $ if you need for buying them. >Sure people can be asked to accept the risks. >But missing the risks is not making crypto optics. >> But this is like disconnecting your OS from automatic updates. >If this is the reason, make sure people know >it's important for development that they pull >down their own updates. Besides, the ongoing >network will have so many old and hacked up attack >versions that now is good time to experience and >deal with that in protocol. Else the network will fall >apart on day one. Updates are pulled by an script on the node that retrieves signed binaries from other nodes. I do not need, as the one who is compiling the binaries, to have access to nodes. If I do during alpha development is only for development purposes and any possibility of anyone accessing your node including me is controlled exclusively by the node-owner. >> It is fully AGPL only of the software is executed on a licenced mainnet >> The restriction is that if you want to run a private system ot generate >> another public genesis you have to be licenced. >A rather anti-fork iron-fist approach :) Indeed, although I support nodes working for different forks, I don't want to lose the mainnet (I call it channel 0) In fact I have running two forks. There are nodes working in both channel 0 and channel 4348 which is a licensed private network, different blockchains. I'd like to see a big number of forks with different ledger structures running different local economies. All nodes securing other blockchain also secure channel 0 blockchain, this is the main licence restriction, it is not about paying money for acquiring licences, to make a big public system. >Real crypto money is by nature anti-statist, and must be >generally anon to survive long term, else just admit fiat >and go use that. And who are you that is going to >stand and sue the planet, with what money (tax?). >And how are you going to sue when users take it on darknet >and screw your license anyway. What about how top-secret >actors and govcorp lawmakers won't care about abusing even >the HESSLA license to abuse users, or try to shut it down. >What about clean reversing and cloning the protocols. >Are you hoping to sell product to govcorp, that will be funny. >A real cryptocurrency should stand on its own >such that forks are not tempting or relavant. I am not enforcing licences. Think microsoft, they dont pursue home piracy, they just make sure big corps are paying for their software. >>Users don't want to sign up (aka: leak info) to >>some central to run their money either. This is anonymous system as far as underlying tech allows (IP4 transport). > And they won't want to be seen hooked to clearnet IP > broadcasting their transactions and traffic patterns into > trivially network analyzed clearnet. They will want TLS and > compatibility with onion / i2p / cjdns / socks5 and whatever > else happens to give at least some cases better than clearnet. Information travels encrypted end2end, aka node2node >> Sybil / IPv4 >Sybil attacks are mostly a human problem with mostly a >human solution, some web of trust. People have no idea how >easy it is for agents to spin up IP nodes worldwide, IPv4 is not >an obstacle for them. >Even Tor can nuke 100 fakeass nodes a month. Roll human >solutions into the node culture, and or pump adoption numbers >so high that Sybil becomes negligible irrelavant ratio, then >Sybil gives up and goes home, to run its own legit node >so it doesn't
Cryptocurrencies: alpha-11 US-Public System released
I've released version alpha-11 of US-PUBLIC SYSTEM network. Feedback, testers, welcome http://otheravu4v6pitvw.onion/ Thank you. -- Other Arkitech
