@dirvine I hope you have a hard limit to the amount of time you spend on the forums.
Maybe MaidSafe could hire a hacker dedicated to breaking Safe, and part of their job would be to respond to forum posts describing hypothetical attack vectors.
@dirvine I hope you have a hard limit to the amount of time you spend on the forums.
Maybe MaidSafe could hire a hacker dedicated to breaking Safe, and part of their job would be to respond to forum posts describing hypothetical attack vectors.
You are kidding right? Whatâs your next claim, that SAFE has a hidden blockchain somewhere inside which you can easily fork to get someoneâs Safecoin?
This is how you join the network (and therefore your group). You canât pick your own group nor your address. You canât target an address whatever calculated prefix you use. Itâs like total nonsense. Same for empty groups. âHi there, we are a bunch of connected nodes on SAFE but we are in an empty group!â. You are part of a group or your not. Nothing in between.
I really like the idea, but itâs probably too early. Or a bounty program, would be good later on.
Oh yea, I think the community is very important so am prepared to spend a lot of time here and bounce info back to the team. There is a limit but a ton of great info comes form the forums so itâs a fine balance. We do not often have super long posts like this, but occasionally folk do appear and have a bunch of all over the place points to make. So the balance is a tenuous one at times, but the community awareness is well worth it.
We are hiring outreach people at the moment who will take up much of that work though as well as the dev forum where more of the Engineers will frequent for deeper technical discussions. So all shaping up well, I always feel a small company should hurt before it expands and that is cool. So expansion time is long overdue for us
The Engineers working on this are pretty good at attacking every line of code and idea as well, so there are hangouts that last many hours debating some of the finer points. These are tiring for sure, but again well worth it.
Bug and security bounties are 100% going to exist, but we need to be further along before they are helpful instead of a hinderance. That time is getting very close now though and most of the guys are looking forward to that AFAIK.
Are you saying that Proof-of-Work exists only on the context of blockchains? As far as I know it was invented as anti-spam measure for email, and email has nothing to do with blockchainsâŚ
Nope, it probably will be implemented in some SAFE Apps or protocols as well. But itâs definitly not part of Disjoint Groups. To say that POW is part of DG is like saying a Tesla does have a combustion engine. Itâs very far off.
Thanks very much for the links - I shall study them before commenting further.
Remember, this is still work and arguably important work. I know I get the same feeling when someone is pulling me away from some code, but sometimes you are the go to man on things and that canât be helped. I appreciate your time on this and I am sure others do too who want to be sure everything essential has been thought of.
Maybe a technical FAQ would help? A lot of what is in these threads is tremendously valuable, but it needs curating to stop the same things being asked repeatedly.
No worries, hope it all helps, there is a faq and wiki as well
Wow man, no need to go there ⌠Just returning to this thread, but to answer your questionâand to ignore your toneâI was reporting on a discussion I had with someone in the Trollbox. So probably FUD, but they didnât come across as ill-motivated. As I mentioned, the tech details are out of my wheelhouse. Just thought I should pass it along regardless, if another community felt the issue was âunresolved.â Totally free to ignore, but ⌠The MAID community should be strong enough not to lash out when another member tries to inform them of what seems to be going on in other circles.
Just returning to this thread, but ⌠I admit the details are really out of my wheelhouse. It didnât immediately strike me as intentional FUD, so thought Iâd mention it here just b/c it seemed like the opinion was taking place in a community / beyond one personâs personal viewpoint. Mostly I mentioned it as a âmarketing awarenessâ thing, not b/c I thought whatever claims were being made had any validity (again I canât judge on that level, and trust the team 100%), or necessarily required a response. My apologies, though, if this was an unnecessary side-track. I havenât heard anything more about the issue, so am assuming it ⌠wasnât one :).
Not a worry in any case, glad to know really when things are being said so we can check we donât miss anything we should have been looking at in terms of the tech. Better to know than be surprised.
Wasnât a lash out⌠sorry if you took it that way.
I donât think fanboy hand-waving helps our credibility or the cause so I have been resisting it for days, but I canât just stay quiet⌠this whole thing seems to come down to ego and nothing more (a forgiving interpretation of the facts at this point imo).
What should have been questions posed by a curious mind either in public here on the forums or direct to maidsafe were instead phrased as âserious issuesâ with the software described by an ex-employee. The problems were never in the code/design, they were in his understanding of it, but with an inflated ego (as can be clearly seen all through this) the issue becomes maidsafeâs problem rather than his own problem grasping it all. The lack of modesty throughout is a huge red flag to me. Lack of ego is one of the reasons I learned to trust David. Ego is as much the mindkiller as fear and many of us here know all too well from our own experience how easy it is for bright people to dig these holes when their judgement is clouded by arrogance.
It seems like all of the technical points are baseless, inaccurate or just ânothing newâ. He is either digging this hole because he is being paid to, or because he really believes he needs to save the 18 staff members and thousands of invested community members from their own ignorance with his great insight (despite not bothering to really check how things work before he gave his critique). Either way, the only way this discussion ever becomes really helpful is if the intentions behind it are to help, instead of trying to play the game of âwhoâs rightâ in order to win it rather than become enlightened. Given how this conversation has gone and how helpful the insights have been so far Iâd say it was ok to lash out a bit now ;).
Ok rant over⌠sorry, I know that we all need to stay objective and treat criticism and challenges seriously and with respect. Itâs tough to swallow when itâs presented this arrogantly and as facts/mistakes/problems rather than very simple questions though.
The fastest way to find information on the internet is not to ask a question, it is to make an incorrect statement and wait for someone to correct you
Speed would seem considerably less important than diplomacy for an ex-employee who impacts their own reputation and that of the project when they go flying off half-cocked.
As I say, no problem for anyone else to approach it like that. Irresponsible/daft for someone whoâs words carry some weight⌠until they are picked apart⌠their words donât carry weight for long like that, as evidenced here imo.
Proof-of-work schemes typically use a function whose output is a fixed range of numbers, evenly distributed, and thought to be unpredictable. Since the output is thought to be unpredictable based on the input, the difficulty depends on âfindingâ a value in a subset of its total output range (i.e. [0-10] using a function whose output ranges from [0-255]). A prefix implies an expected numerical range. The disjoint groups RFC does not specify how the group is being calculated, but mentions the network address is 256 bits. The current code is using SHA256 (which has the properties described above) for generating a network address, which generates a 256-bit value using a ed25519 public-key as its input. So generate a random point on the curve, then walk the curve for new public keys to pump into SHA256. This is trivial to parallelize. So this is nearly identical to how proof-of-work schemes are implemented, unless the ID will be calculated through some other fashion in this new RFC.
Assuming the above is true, the ideal situation is to force the node to accept a value to use in this function as its joining the network. A client would need a way to verify that this took place, which is a tricky problem I cannot remember seeing solved.
One solution I can think of is time-based. You could force every node to input a recent timestamp, and if clients on the network had clock values synced to within some delta it should be able to verify that the value was computed recently. One drawback with this scheme is that the difficulty is tied to the size of the network, and not computing power. The network would have to be pretty large from the start, and continue to grow with CPU power.
Again, assuming some function with an even distribution is being used, there is a chance that every node in the group splitting has an identical next bit in the prefix. When this occurs, the other group would be empty. The probability of decreases as the size of the group splitting increases. I thought it was an interesting edge case to consider.
Lots of assumption. Whats the saying again⌠assumption is the mother of all fcukups?
When you ass-u-me things you make an ass out of u and me. (Sorry folks I had to)
It seems many want to see some official response to these types of queries or critiques. As well, David would like to see them incoming as they may be valuable at some point. One way to manage them would be to dedicate a thread to these types of âconcernsâ and ask @dirvine to set aside one day every second week to review and respond. The OPâs and the observers would have no expectation of immediate response - why would it even be necessary? - and the forum could weigh in anytime.
Really - It is apparent, as you have made it clear - this is out of control. There is an old saying âDo you want to win the battle, or do you want to win the war?â You cannot, and will not win every battle and it appears you are trying.
Take control - manage the expectations - everyone wins.
Good Luck
Yeah looks like we keep asking for you to explain how you think SAFE works, before you critique it, have you done that part yet?
Can you please do that?
Looks like not doing that is causing lots of trouble here for everyone, @vtnerd