NVO Decentralized Exchange - Crowdsale

@nemgun There are language difficulties and also differences in expectations. Coming into a well established community you are bound to miss some of ours, and we are bound to miss yours too I apologise for where I do that and hope you will bear with me and our community, and we with you.

[I hope my language is understandable, but if not please ask me to reword anything that isn’t clear for you.]

I think you are also stretched - a small team trying to handle the many roles of a crowdsale - so as a community I would like us to remain polite and patient, and for you to find ways of answering us - here if you can - and try not to let yourselves be side tracked when you are not met with patience or politeness. I urge you to just answer the technical, ask for clarification when it isn’t clear, and ignore everything else. I urge myself to do the same and I struggle to do that, but I see from those who do that it works really well.

BTW We have good and effective moderation here so it will not stray far, and you can call on @ moderators if you feel they can help the discussion. Anyone can do that in a thread, by PM or by flagging a post. Just for information - for everyone - because there are always new people reading these threads!

Coming to the technical, the reddit was asking questions that I found helpful. I had similar concerns when I read the white paper about:

• how you implement validator on SAFE when we have no idea when decentralised computation will be available (already answered here I think, but with more detail by you on the reddit)

• how to avoid double spend when broadcasting the transactions simultaneously (answered by 2-of-2 multisig, though probably not clear to those who are not well up on this, including myself. Based on my hopefully intelligent guess work I believe that is answered though).

What I’m still not clear about is how you solve both the double spend issue, and the issue of keeping the valuator’s private key secure. I accept 2-of-2 multisig secures the broadcast transactions (can someone from the community confirm this as I’m not able to say this is in fact so myself?), but if you use a smart contract, can you please explain in more detail how it works with 2-of-2 multisig and how you ensure the validator’s public key is secure? For example, how is it hidden when the code (say on Ethereum) is public? How on Waves, Counterparty etc? Same or different in each case? I think RoboTeddy asked this too, but I didn’t see it answered on the reddit.

BTW I think it is always best to answer things where they are asked, because then anyone subsequently reading the question can see the answer, and has no need to ask it again. I say this because you were asking RT to go to Skype or Slack, and I can understand his reluctance, and also see that this is counter productive in the long run. I know you end up answering the same questions in multiple places, but I think overall it is more transparent, and creates much more awareness of the solidity of your team, your technical ability and the quality of the solution you have devised. If you had asked me to go to Slack, I would probably have refused because I prefer to have my question answered where I ask it, particularly when it may be of interest to others. When I see or experience “let’s take this discussion elsewhere”, it doesn’t instill confidence. It feels shifty! I don’t believe that’s the case here at all, I’m just saying that to let you know some of us tend to be a bit cynical and suspicious

I think it is best to work within each community as much as you can, get to know and use each platform. If things are answered elsewhere, it’s fine to link to them and refer people, but you can’t refer people to a Slack discussion or a Skype call, so when you move a discussion to there the answer gets lost for anyone else reading the question.

I think you are now doing that and I’m glad because I am keen to see you succeed and build something which could be very valuable on SAFEnetwork. Particularly after the disappearance of an earlier promising decentralised exchange crowdfunding. I see that your crowdfunding is going well, so hopefully that is a relief for you and the team and bodes well for NVO and SAFEnetwork.

I appreciate all that you have said, and I agree with you on many points. Compared to Roboteddy, he directly created a thread on reddit, and said that the project is not safe, without having sought to ask questions beforehand. Thank god, right now i sleep 1-2 hours a day and i keep an eye open. When Ton saw the post, he was panicked, I told him it was not serious, and I explained to him what he should answer and I gave him the BTCT link.
Ton told Roboteddy that the Devs are sleeping, and that once they awake they would come and answer, except that as he was animated by evil intentions, he began to put pressure on Ton, who panicked because he could not Answer him for the moment, suddenly he decided to remove the post while waiting for us to wake up. Once we got up, we apologized several times on slack for deleting the post, and it did not prevent him from threatening and insulting the team, somewhere I understand the gesture of Ton, it is a CEO He manages the Team, he does not have great notions in development so when we deal with a guy like Roboteddy, who speaks like it was a great developer with complex notions whereas in reality they are not applicable And which we do not have to do with the project, panic can come easily.

He could manipulate people with just lies.

A 2-OF-2 Multisig address means that in order to allow for funds transfers, both co-owners have to agree.
If you lock the possibility to issue new transactions, an attacker won’t be able to double spend, because the co-owner will be the validator. Unless you controle the validator and force him to sign transactions. In order to give more details here, i would have to reveal some key elements, one of them is the safelauncher. Please don’t force me to opne the code

I would not ignore bad tongues, as they can induce newcomers who arrive in the community in error with false ways of employment about the usage of cryptos, and when I developer A project, I develope the community with it.I also made a call to the developers of Hf and BTCT to come to evaluate my explanations and so that you have an idea of my skills

I didn’t panick. I didn’t want people to spread rumours on false information while devs were asleep :).

You haven’t panicked ?
You don’t want to deceive anybody, you are always behind us saying " Guys don’t mess up ! i puted my name here !" You act like a good guy, while you are really terrifying with me on background !

@nemgun Thanks for answering above, but this is the part I’m not clear about.

Are you saying you have a solution but can’t answer this at this time because it is novel? If so I’m troubled by this because, while I understand the need to keep an invention secret, doing so means that everyone has to trust that a black box component is not centralised. I’m not sure that this can be said to be an improvement over trusting a centralised exchange. Do you understand the difficulty?

The system is really simple, we will store informations on safeNet, different levels of information from layer 0 (open) to critical, once we finish the development of the validator, we will give the ability to every wallet to connect to safeNet using safeLauncher. Once it is done, and a user is connected to safeNet, he will grab the required code and the required information and run it from his side, it means that the validator will be a serie of instances, each one would be unique to the user. This solves both the computation problem and the decentralization, as there will be unique instances of the validator on each wallet, communicating using the informations stored on safeNet.

Now I do not want to praise maidsafe, I prefer to pressure maidsafe to finish their wonderful project so that I can put the validator there. It should be understood that safeNet is not just a storage system, you forget something very important, I will also have to speak a bit more of the code of the validator, the safeLauncher can be used to make available the power of Computation required.
SafeNet is like a decentralized SSD, and the safeLauncher is a decentralized CPU and RAM.

This does sound very interesting and could potentially open doors to many other kinds of apps reliant on some kind of basic decentralised computation too by the sounds of it. I look forward to learning more about how it will work and what the limits are for it

you back up one opinion with another … good try, but your sophistry needs work.

Dude, it is not an opinion, it is a security standard.
If you don’t know shit about the best practices, you should listen to those who are in the industry instead of playing with rhetoric.

really … and where is that standard written and who are the authorities that created this standard opinion as some sort of computer law … which you seem to be claiming it is.

Omfg, I am not even gonna entertain your trolling.

To be fair, you have just asserted things & then say he should take your word for it because you’re more qualified than him in your view.

You may be right, but it’s better to provide detail / references instead of just telling people they should take your word for things & by not doing so they are trolling / displaying ignorance. Not just for the person you’re replying to, but other readers of the thread.

As someone who knows nothing about these things, here’s a Wikipedia introduction to security through obscurity that references a standards agency which advise against the practice:

@piluso’s statement has nothing to do with why the validator is closed source. It’s not about security. It’s about competitive advantages.

Thanks for supporting our project.

That’s a good explanation yanni and nemgun.

@tonbi wasn’t my first comment clear enough about this already?

This guy is hijacking your thread with a nonsensical debate that is absolutely irrelevant to this thread, with subjects that are way over his head.

But since we are already in this subject, what is your personal philosophy @tonbi regarding to security through obscurity.
Do you think it reasonable to have some exceptions to the rule, or that it should always be open security/security by design without exception?

I don’t believe in black or white approach to any problem or solution. There’s an exception to every rule and everything gets hacked at some point. A false sense of security can be effective hence why centralized exchanges can still mess up and people will still trust them.

However, transparency and openness are much more effective in an active development environment, and I prefer that much better.

Do you know what actually encompasses the concept of “security through obscurity”? This is one of the very few topics that there is an almost unanimous consensus in security engineering, this concept has been rejected since 1850, way before the computers existed.

This is one of the very few subjects out there that it is pretty much white and black.

So, now I am concerned with that answer.
How hands on are you in the development of the system, or are you fully delegating this to your partner Yannick Bragui?

Does your partner share the same opinion of relying sometimes on the obscurity of the design as the only security measure rather than relying on a system designed to be secure?

But since we are already in this subject, what is your personal philosophy

You asked for my opinion then try to take that personal opinion to reflect it on NVO. It’s no different then asking for my opinion on socialism then calling me a communist for not answering in black or white. You are very narrow-minded if you think anything is black and white. By comparing my answer with the answer of the already established crowd, you don’t bring up any personal opinion or demonstrate any critical thinking skill.

This is exactly what I said:

I don’t believe in black or white approach to any problem or solution. There’s an exception to every rule and everything gets hacked at some point. A false sense of security can be effective hence why centralized exchanges can still mess up and people will still trust them.

However, transparency and openness is much more effective in an active development environment, and I prefer that much better.

Please reflect on your attitude if you are going to attack people after asking for their personal opinion. Anyway please get back on topic. We don’t need people bragging about their philosophies on our crowdsale post like on Good will hunting.

Going to put this here so we can stay back on topic.

I wish you guys would stop, really stop, bickering, be it about “security through obscurity”, which I was the first to mention, or endorsements or whatever. It makes no sense to first call somebody a troll and promise not to reply to him anymore, and then reply anyway. I’m thinking about investing in this thing and I need facts. I don’t care the least about hurt feelings, insults, pride and what not. I don’t think the people doing the actual work developing, marketing, answering questions should care either. Please focus on the code and forget about feelings. There is money involved here, and possibly even a new Internet.

Please don’t reply to this post. Focus on the project.