Sent with [ProtonMail](https://protonmail.com) Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, June 6, 2020 3:24 PM, Karl <[email protected]> wrote: > I missed some of your expressions. > > On Sat, Jun 6, 2020, 10:59 AM other.arkitech <[email protected]> > wrote: > >>>>>>>>>> what? any developer geting thousands of public IPv4 addresses by >>>>>>>>>> modifying software? >>>>>>>>>> Nop. That's not true. >>>>>>>>>> (Or I haven't understood well what you say) >>>>>>>>> >>>>>>>>> People go to places on the internet to download things. Others can >>>>>>>>> upload things to those places to download. You can upload something >>>>>>>>> that lies about what it is doing, and gives you use of the ip address >>>>>>>>> of the downloader's computer when run. Do you understand? >>>>>>>>> >>>>>>>>> It sounds like this is surprising to you? >>>>>>>> >>>>>>>> so you refer to computers running malware, that case is contemplated >>>>>>>> in the design as an 'evil node' >>>>>>> >>>>>>> it sounds like you haven't addressed a sybil attack from massively >>>>>>> distributed malware, which is fine nobody can cover everything. not >>>>>>> sure where the design lives. >>>>>> >>>>>> If the malware is distributed in a bigger scale than the honest >>>>>> software, indeed, the evil network becomes the 'honest' one to the eyes >>>>>> of the software, that's 51% attack. >>>>>> >>>>>> Provided a world distribution of people that can be evil/honest of >>>>>> 80%-20%, the likeliness of an evil network overtaking the honest one is >>>>>> lower than the opposite. >>>>>> >>>>>> The evil network wont work if many evil nodes run behind same IP, so the >>>>>> malware must meet the same distribution enforcement applied to the >>>>>> honest net. Nodes running malware must be geographically distributed, so >>>>>> local marketplaces spreading malware have less chances to spread >>>>>> worldwide in order to compromise the network. >>>>> >>>>> I'm not sure you're hearing me when I say that one person is able to >>>>> distribute malware to thousands (or more) of other people worldwide, >>>>> producing a sybil attack from an individual. Is this something you're >>>>> able to repeat back to me? It sounds like you have an expectation around >>>>> handling this? >>>> >>>> i though i gave a fair response. >>>> i understand you say that many computers can be infected of malware by a >>>> single individual who is creating an attacking botnet. >>>> An I said such botnet must be bigger than the network to succeed. >>>> >>>> The security of USPS depends on the number of nodes, the bigger the best. >>> >>> Thanks. It is actually reasonable to create a botnet that covers an entire >>> sector of the world (such as everybody running ubuntu 20 or windows 10 or >>> the latest iOS) by finding, developing, or observing an unpatched exploit. >>> With more than one exploit a botnet developer could cover multiple such >>> sectors. I imagine this would usually produce more ip addresses than a >>> specific network service like USPS uses. >>> >>> This concern is one of the ones USPS hasn't been acknowledging. >> >> 51% attack is always a concern. My answer is to have a big honest network >> that makes it very difficult for a botnet to coordinate the attack. the >> attacking vector is a war on size. > > Always a fan of assuming honesty, but it's good to have something to fall > back on if honesty isn't upheld in some edge situation. This is where > cryptocurrency usually shines. > > Given it doesn't take financial resources to acquire IP addresses, USPS could > struggle to use the usual cryptocurrency avenue of it being more profitable > to support the network than attack it. > > But really hashpower is just plain much harder to acquire than ip addresses. > I'm not sure there are even any laws against botnets. > > The use of hashpower, difficulty, and an append-only log also lets users of > cryptocurrencies detect attacks by observing metrics. > >> >> >> In bitcoin the homologous attacking vector is a war on hashing power. >> >>> Even bitcoin has unaddressed security concerns. >>> >>> The use of scarce ip address alotment to make it less worthwhile to perform >>> some sybil attacks than to use other means to achieve an end is also used >>> by IPFS, last I looked. >> >> Interesting, will look at it. Thanks >> >>>>> I also see no reason a malware marketplace would not spread worldwide. >>>> >>>> no technical reason, obviously it is flat internet. >>>> But people operate in cultures, I mean that a malware disguised say for >>>> instance inside a pirate copy of photoshop will only be spread across >>>> those who use photoshop who are not caring about malware, not all possible >>>> computers. > > sorry missed this. hope i addressed it suitably. > >>>>> Really struggling to communicate here. I understand you need to know >>>>> your software is given a fair trial to actually run, is that correct? >>>> >>>> Sorry about that if that's my fault. I try to respond with what I think >>>> about the attack vector you describe. >>>> >>>> I am try to honestly persuade you guys to try USPS if you're really >>>> interested in it as a next-gen cryptocurrency system. >>>> My interest is to gain users that can explore every corner of it, in order >>>> to find gaps, failures, etc. Just helping me in its development. > > Open source and utility are what I see as being needed. I don't know this > list well and am spamming it right now, but I see it as a list of developers, > not users. I don't know it well either, most of the topics I see with activity do not point me in a dev-oriented direction. Mosty are user-level comments, also paper-level comments.
