On Sat, Jun 6, 2020, 11:34 AM other.arkitech <[email protected]> wrote:
> > > > Sent with ProtonMail <https://protonmail.com> Secure Email. > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Saturday, June 6, 2020 3:24 PM, Karl <[email protected]> wrote: > > I missed some of your expressions. > > On Sat, Jun 6, 2020, 10:59 AM other.arkitech < > [email protected]> wrote: > >> >> >> >> what? any developer geting thousands of public IPv4 addresses by >>>>>> modifying software? >>>>>> Nop. That's not true. >>>>>> (Or I haven't understood well what you say) >>>>>> >>>>> >>>>> People go to places on the internet to download things. Others can >>>>> upload things to those places to download. You can upload something that >>>>> lies about what it is doing, and gives you use of the ip address of the >>>>> downloader's computer when run. Do you understand? >>>>> >>>>> It sounds like this is surprising to you? >>>>> >>>>> >>>>> so you refer to computers running malware, that case is contemplated >>>>> in the design as an 'evil node' >>>>> >>>> >>>> it sounds like you haven't addressed a sybil attack from massively >>>> distributed malware, which is fine nobody can cover everything. not sure >>>> where the design lives. >>>> >>>> >>>> If the malware is distributed in a bigger scale than the honest >>>> software, indeed, the evil network becomes the 'honest' one to the eyes of >>>> the software, that's 51% attack. >>>> >>>> Provided a world distribution of people that can be evil/honest of >>>> 80%-20%, the likeliness of an evil network overtaking the honest one is >>>> lower than the opposite. >>>> >>>> The evil network wont work if many evil nodes run behind same IP, so >>>> the malware must meet the same distribution enforcement applied to the >>>> honest net. Nodes running malware must be geographically distributed, so >>>> local marketplaces spreading malware have less chances to spread worldwide >>>> in order to compromise the network. >>>> >>> >>> >>> I'm not sure you're hearing me when I say that one person is able to >>> distribute malware to thousands (or more) of other people worldwide, >>> producing a sybil attack from an individual. Is this something you're able >>> to repeat back to me? It sounds like you have an expectation around >>> handling this? >>> >>> >>> i though i gave a fair response. >>> i understand you say that many computers can be infected of malware by a >>> single individual who is creating an attacking botnet. >>> An I said such botnet must be bigger than the network to succeed. >>> >>> The security of USPS depends on the number of nodes, the bigger the best. >>> >> >> Thanks. It is actually reasonable to create a botnet that covers an >> entire sector of the world (such as everybody running ubuntu 20 or windows >> 10 or the latest iOS) by finding, developing, or observing an unpatched >> exploit. With more than one exploit a botnet developer could cover >> multiple such sectors. I imagine this would usually produce more ip >> addresses than a specific network service like USPS uses. >> >> This concern is one of the ones USPS hasn't been acknowledging. >> >> >> 51% attack is always a concern. My answer is to have a big honest network >> that makes it very difficult for a botnet to coordinate the attack. the >> attacking vector is a war on size. >> > > Always a fan of assuming honesty, but it's good to have something to fall > back on if honesty isn't upheld in some edge situation. This is where > cryptocurrency usually shines. > > Given it doesn't take financial resources to acquire IP addresses, USPS > could struggle to use the usual cryptocurrency avenue of it being more > profitable to support the network than attack it. > > But really hashpower is just plain much harder to acquire than ip > addresses. I'm not sure there are even any laws against botnets. > > The use of hashpower, difficulty, and an append-only log also lets users > of cryptocurrencies detect attacks by observing metrics. > >> >> >> In bitcoin the homologous attacking vector is a war on hashing power. >> >> Even bitcoin has unaddressed security concerns. >> >> The use of scarce ip address alotment to make it less worthwhile to >> perform some sybil attacks than to use other means to achieve an end is >> also used by IPFS, last I looked. >> >> >> Interesting, will look at it. Thanks >> >> >> >>> >>> >>> I also see no reason a malware marketplace would not spread worldwide. >>> >>> >>> no technical reason, obviously it is flat internet. >>> But people operate in cultures, I mean that a malware disguised say for >>> instance inside a pirate copy of photoshop will only be spread across those >>> who use photoshop who are not caring about malware, not all possible >>> computers. >>> >> sorry missed this. hope i addressed it suitably. > >> >>> >>> Really struggling to communicate here. I understand you need to know >>> your software is given a fair trial to actually run, is that correct? >>> >>> >>> Sorry about that if that's my fault. I try to respond with what I think >>> about the attack vector you describe. >>> >>> I am try to honestly persuade you guys to try USPS if you're really >>> interested in it as a next-gen cryptocurrency system. >>> My interest is to gain users that can explore every corner of it, in >>> order to find gaps, failures, etc. Just helping me in its development. >>> >> Open source and utility are what I see as being needed. I don't know > this list well and am spamming it right now, but I see it as a list of > developers, not users. > > > I don't know it well either, most of the topics I see with activity do not > point me in a dev-oriented direction. Mosty are user-level comments, also > paper-level comments. > Let's review the list history at https://lists.cpunks.org/mailman/listinfo a little to see what the mailing list is really about. I've never looked there before myself, and it's pretty gratifying to have this opportunity to do so.
