Author Topic: Main discussion thread (similar to BCT)  (Read 17127 times)

rhinomonkey

  • Jr. Member
  • **
  • Posts: 64
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #30 on: September 20, 2016, 05:31:11 pm »
Just dropping some small knowledge, ...

The Spreadwallet will come with 2FA, but it will only support hardware 2FA solutions:



So this means, either a TREZOR, or any encryptable USB drive, like the 2 examples that you see in the pic (each costing around 25$).

No, I don't plan on supporting any third party centralized 2FA solution (like google, etc)... those don't have any place in a decentralized wallet.

Stay tuned for more news...

I'm really glad you are empowering the community to keep their coins and investment secure. Thanks for looking out for us! :D

georgem

  • Tech Admin
  • ******
  • Posts: 880
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #31 on: September 20, 2016, 06:09:29 pm »
I'm really glad you are empowering the community to keep their coins and investment secure. Thanks for looking out for us! :D

I only have one boss: the principles of decentralization.

It's incredibly easy to always make the right decision if you follow good principles.

It's that simple.  8)

Thanks for your kind words.

minerpage

  • Admin
  • *****
  • Posts: 112
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #32 on: September 20, 2016, 08:24:56 pm »
No, I don't plan on supporting any third party centralized 2FA solution (like google, etc)... those don't have any place in a decentralized wallet.

Super happy about that, Google has no place in this "decentralized" world  8)

minerpage

  • Admin
  • *****
  • Posts: 112
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #33 on: September 20, 2016, 08:26:56 pm »
No, I don't plan on supporting any third party centralized 2FA solution (like google, etc)... those don't have any place in a decentralized wallet.

Super happy about that, Google has no place in this "decentralized" world... couldn't have said it any better  8)

rhinomonkey

  • Jr. Member
  • **
  • Posts: 64
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #34 on: September 20, 2016, 10:04:33 pm »
In the future, when running service nodes, how are private keys protected? Are collateral amounts safe from attack? Or at least highly unlikely to be hacked into?

I'm unfamiliar with how DASH has their collateral amounts stored. I would think if the keys have to be stored on the VPS, they would likely be less safe. In that instance is there any sort of additional protection measures that can be taken? Are service providers or customers liable for hacks?



georgem

  • Tech Admin
  • ******
  • Posts: 880
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #35 on: September 20, 2016, 10:56:12 pm »
In the future, when running service nodes, how are private keys protected? Are collateral amounts safe from attack? Or at least highly unlikely to be hacked into?

I'm unfamiliar with how DASH has their collateral amounts stored. I would think if the keys have to be stored on the VPS, they would likely be less safe. In that instance is there any sort of additional protection measures that can be taken? Are service providers or customers liable for hacks?

Private keys are only ever used to sign data (create signatures), or to create public keys.
Those signatures (in combination with public keys) are then used to authenticate stuff.

It should never be necessary to keep a privatekey on a server, that would be a horribly bad security design.

I'm not 100% familiar with DASH either, but I will take a closer look at it some time in the future as part of the altcoin taxonomy project.

rhinomonkey

  • Jr. Member
  • **
  • Posts: 64
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #36 on: September 20, 2016, 11:15:30 pm »
In the future, when running service nodes, how are private keys protected? Are collateral amounts safe from attack? Or at least highly unlikely to be hacked into?

I'm unfamiliar with how DASH has their collateral amounts stored. I would think if the keys have to be stored on the VPS, they would likely be less safe. In that instance is there any sort of additional protection measures that can be taken? Are service providers or customers liable for hacks?

Private keys are only ever used to sign data (create signatures), or to create public keys.
Those signatures (in combination with public keys) are then used to authenticate stuff.

It should never be necessary to keep a privatekey on a server, that would be a horribly bad security design.

I'm not 100% familiar with DASH either, but I will take a closer look at it some time in the future as part of the altcoin taxonomy project.

I just did a really quick search and it looks like they are going to make it so you can store collateral in Trezor wallets... or at least it was in development a few months ago.

https://www.dash.org/forum/threads/can-trezor-be-used-to-store-the-collateral-for-masternode.8402/

rhinomonkey

  • Jr. Member
  • **
  • Posts: 64
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #37 on: September 21, 2016, 04:32:41 pm »
And this tutorial gives instruction on how to run masternodes while the wallet is offline.

https://dashpay.atlassian.net/wiki/plugins/servlet/mobile?contentId=1867820#content/view/1867820

In short, I guess my worries that running SNs in the future would open one up to more risks were mostly unfounded :D

cptfisher

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #38 on: September 22, 2016, 08:03:40 pm »
Greetings everybody following you here as well as in btctalk. im interested in this masternode project and i have started to bring some hashrate to the network. so found found several blocks (around 200 NOM NOM NOM) few min ago i had the great idea to encrypt my wallet... i cant mine anymore.. i unlocked it with command walletpassphrase for 1000 days but is there a way to unlockit removing the crypting ? thx for the answer !

georgem

  • Tech Admin
  • ******
  • Posts: 880
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #39 on: September 22, 2016, 08:16:53 pm »
Greetings everybody following you here as well as in btctalk. im interested in this masternode project and i have started to bring some hashrate to the network. so found found several blocks (around 200 NOM NOM NOM) few min ago i had the great idea to encrypt my wallet... i cant mine anymore.. i unlocked it with command walletpassphrase for 1000 days but is there a way to unlockit removing the crypting ? thx for the answer !

Welcome here.

Once you lock your wallet for the first time, it will always ask you for the walletpassphrase.
There is no "unlock forever" function.

In fact, not many people know that there are 3 states a typical crypto wallet (berkely db style) can have:

1) The initial unencrypted state of the wallet (like a "virgin" so to speak)
2) Once you encrypt the wallet for the first time, the format of the wallet changes forever. It is now password "enabled".
3) You can decide to decrypt the password encrypted wallet for a finite amount of time. But this is not the same as 1). The format of the wallet is now a different one.

Once you initiated the encryption you can only ever switch between 2) and 3), but never return back to 1) ever.

What you would need to do is decrypt the wallet and dump all the private keys and move them to a new "virgin" wallet.

cptfisher

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #40 on: September 23, 2016, 01:51:46 am »
ok i think that i will keep it encrypted and unlock it every time is needed

georgem

  • Tech Admin
  • ******
  • Posts: 880
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #41 on: September 23, 2016, 04:46:44 pm »
A user named sugarfly has mentioned something important in the BCT thread that I want to paste here too:


The bandwidth traffic should directly relate to the amount of simultaneous connections your node has.
People who run a node on a server with >100 connections will use a lot of bandwidth.


Good point.

I've seen a few people report the rather problematic bandwidth usage of full nodes, and while they post all kinds of graphs and reports,
they always ommit to tell you how many connections the node has open on average.

Of course, when your full node has 150 connections, you will have to "pay the price for this" so to speak.

Also, from a decentralization standpoint, it is much better (and cheaper) to have 10000 guys run a raspberry node than a full server.

Wait... let me visualize this....

georgem

  • Tech Admin
  • ******
  • Posts: 880
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #42 on: September 23, 2016, 04:47:02 pm »
Let's visualize a "sea of raspberry pi nodes" (and desktop nodes run @ home) that just keep a minimum amount of connections to a few random nodes:



Ofcourse spatial proximity doesn't make sense in this visualization, but you get the idea, this is what beautiful decentralization looks like.

...

And here we have the same situation, but with 2 full nodes that open as many connections as possible:



That doesn't look very decentralized to me.  ;D

Not only is this much more centralized, but those 2 nodes also occupy way too many open ports of the smaller nodes.

Now, I do understand that a bitcoin MINER wants his new found block to be propagated to the rest of the network as fast as possible, this is a very good reason to run a node with that many connections.

Payment processors probably want to know as much about the network as possible too. (especially if they allow for zero confirmation payments)

And then there are actors who want to snoop on your activities and privacy.  >:(

I think the way to fight this is with a large amount of tiny full nodes, and that's why I want to make the implementation of raspberry pi's as easy as possible.  8)

I run my bitcoin node on a raspberry pi, ...

Awesome... you will love the new wallet.

georgem

  • Tech Admin
  • ******
  • Posts: 880
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #43 on: September 23, 2016, 04:48:30 pm »
Pieter Wuille had a beautiful comment about this in this thread here:

http://bitcoin.stackexchange.com/questions/8109/how-does-one-attain-1-000-connections-like-blockchain-info



Yep, many full node operators are way too "connection-happy" and then they complain about high bandwidth costs, LMAO!  ;D

It's another display of human greed and the negative unwanted effects this can have.

cptfisher

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: Main discussion thread (similar to BCT)
« Reply #44 on: September 23, 2016, 10:24:56 pm »
any eta on the new features ?