Amoveo β™₯🧿
8 November 2018
AK
23:36
A K
but every user might have privacy problems
23:36
he/she might not even be aware about
Z
23:36
Zack
can you explain to me how to use fraud proofs to verify that your light node is synced with the correct blockchain?
23:37
Even I can't do that.
Our current light nodes just aren't as secure as they could be.
AK
23:37
A K
ok, this one is important
23:37
I can't (
23:37
but scalability at this point IMO is not a problem..
Z
23:39
Zack
In reply to this message
i don't know what you mean.
AK
23:41
A K
SEC Charges EtherDelta Founder With Operating an Unregistered Exchange
Z
23:42
Zack
they got him for running a website that gave people access to the smart contract?
AK
23:42
A K
yes
Z
23:42
Zack
I thought people use metamask to access it
AK
23:43
A K
just as we discussed today re Augur ((
Z
23:43
Zack
I haven't used etherdelta
M
23:43
Moon
In reply to this message
You need both parties to be online for Grin's transactions
23:44
that is very bad imo
23:44
it means CFTC will follow suit and might sue Augur
MF
23:44
Mr Flintstone
weren’t there centralized elements of etherdelta
M
23:44
Moon
Just hosting the order book makes you liable
Z
23:45
Zack
In reply to this message
I am not sure.
DV
23:45
Denis Voskvitsov
In reply to this message
actually not. https://github.com/mimblewimble/grin/blob/master/doc/grin4bitcoiners.md#wait-what-no-address
Β«This interaction does not require both parties to be online at the same timeΒ».
AK
23:45
A K
maybe Bisq works around it by just distributin software, but I doubt
M
23:45
Moon
In reply to this message
afaik you need 2 rounds for the rangeproof
Z
23:46
Zack
it looks like the SEC is just charging etherdelta a fee. they just want their cut.
I think they aren't shutting it down, they are just trying to tax it.
AK
23:46
A K
no it has to be shutdown ofc
23:46
you can't operate a securities exchange without a license
23:46
a fine is just a fine
M
23:47
Moon
In reply to this message
Why they are working on a trustless relay service
grinbox.io
Z
23:47
Zack
it is a smart contract through. even if they stick this guy in jail, it will still be there
M
23:47
Moon
He's not even the owner since late 2017
Deleted invited Deleted Account
AK
23:48
A K
yeah perhaps that's why... complaint references 2016 operations
Z
23:48
Zack 
Without admitting or denying the findings, Coburn consented to the order and agreed to pay $300,000 in disgorgement plus $13,000 in prejudgment interest and a $75,000 penalty. The Commission's order recognizes Coburn's cooperation, which the Commission considered in determining not to impose a greater penalty.
23:48
they say that they wont punish him more because he cooperated.
23:48
they just want a cut of the cash. it is like a tax.
AK
23:48
A K
yeah but he has to stop operating
M
23:49
Moon
Any data on how much he made ?
AK
23:49
A K
or has stopped, rather
Z
23:49
Zack
it sounds like he hasn't been operating in like a year
AK
23:49
A K
he did sell the exchange to chinese in 2017
23:49
and he couldn't operate after this fine, if he wanted to
23:49
without violating same laws
G
23:50
Gregory
he was trying to do an ico and then just sold it
23:51
Deleted Account
if etherdelta is a downloadable software like bisq then no one can track? he couldve been able to stay anonymous.
AK
23:52
A K
aaand here we're discussing privacy )
23:53
without tools like XMR he would have had a very hard time actually using the gains
Tv
23:54
Tarrence van As
Even with privacy, it seems centralized markets will be big targets for regulation/censorship. Curious to hear how we can address this…
Z
23:55
Zack
The pirate bay stays up somehow.
23:56
and they are just funded by donations.
23:56
An Amoveo market is profitable to run.
AK
23:57
A K
Etherdelta was also profitable to run, maybe the guy made money even after the fine. However he's now recorded on a SEC complaint forever.
Z
23:57
Zack
but etherdelta is still live today, right?
Tv
23:58
Tarrence van As
Sure, i agree with that. Although it has been marginalized. Also, financial markets are a different league. Much stronger enforcement than copyright.
AK
23:58
A K
In reply to this message
it is, it seems. founder hope to stay anonymous, i guess
Z
23:58
Zack
etherdelta is only trading cryptos.
Cash settled financial derivatives is a much bigger part of the economy.
23:59
If a project is decentralized, the founder does not matter.
9 November 2018
MF
00:02
Mr Flintstone
not sure something like amoveo is in SEC purview. probably more like CFTC
00:02
Deleted Account
In reply to this message
he used a domain so it's easy to track the domain owner.
00:03
the internet is centralized for now
00:05
in the future there will be decentralized hosting, not sure when that will work. it seems that is what shift is doing.
AK
00:05
A K
In reply to this message
well there's at least njal.la
00:05
but i agree
00:06
full privacy as in Monero or bust
00:06
Deleted Account
not enough
00:07
there should be a decentralized hosting solution?
00:08
satoshi is anonymous without monero
AK
00:09
A K
yeah but he can't spend his 1M BTC or so
00:09
zero chance
MF
00:12
Mr Flintstone
zap founder talking shit on twitter LOL
00:13
Deleted Account
im only aware of shift and skywire that solve the problem of internet centralization. but it's hard to tell now which one will work in the future
00:15
when that's ready, no government will be able to censor websites and fine etc
Z
00:20
Zack
This is a forum for putting financial derivatives type contracts onto blockchains. The tools we use are already censorship-proof and trust-free. The internet isn't centralized for us.
AK
00:24
A K
sooo amoveobook operator might be violating some CFTC regulations now...
00:27
OK on a positive side of things )
00:27
Deleted Account
there are software that cant be censored too. like emule utorrent bisq.
AK
00:27
A K
Etherdelta guy settled, he didn't go to court. We can't say he was "guilty"
MF
00:29
Mr Flintstone
they don’t let US people use amoveobook
00:29
or try to stop at least
00:30
they also aren’t US based
00:30
but noted that non US service providers do get in trouble with US law
00:30
if they are dealing with US customers
Tv
00:54
Tarrence van As
Zack is it possible for a market to be controlled by an m-of-n multisig? So it can be more robust to a party disappearing/being unable to participate?
MF
00:59
Mr Flintstone
if the other party disappears can’t you take all their money anyways?
00:59
the way it’s currently coded
Z
01:00
Zack
yeah, if the server disappears, then it loses all the money in all the channels.
I wonder what a censor would do if they took control of a server.
I guess they would want to extract as much money to confiscate as they could, so they probably won't shut it down. maybe they would just cancel any new trades.
AK
01:11
A K
There was a precedent with a EU based dark market last year
01:11
Dutch-German LE infiltrated it, arrested operators and continued to run for weeks to gather more evidence and bust more dealers
01:12
they also made more profits along the way ))
01:17
Deleted Account
ass.. market dark market already exist i learned recently when i visit a darknet website thru tor
01:21
ass... market in augur or amoveo will be banned i think . if someone try to do it. it can only exist on onion websites accessed thru tor
01:29
so i just realized there's decentralized censorship resistent internet already. it's tor. but to have mass adoption, amoveo have to be user friendly and use what every other app/website use it seems
M
01:30
Mike
In reply to this message
πŸ‘πŸ»πŸ‘πŸ»πŸ‘πŸ»
AK
01:34
A K
In reply to this message
tor and I2P yep
01:34
Monero moving to running everything through I2P by default
01:35
Deleted Account
maybe someone will build prediction market running on darkweb thru tor websites like: prediction.onion
02:29
Deleted Account
the market rn is irrational af
SB
02:36
Sylvinho Blanco
Is there a friendly API for developer ?
OK
02:36
O K
amoveopool.com has a great api
02:37
There's more on the getting started page
S
03:01
Sebsebzen
In reply to this message
that would be very cool, to increase privacy
03:02
Dandelion is also interesting
03:05
but mimble wimble is interactive, which is a bit cumbersome if you want to use it for private send. But like Zack said, it also increases default privacy by other ways
03:07
private addresses would be awesome
03:07
like where I can receive VEO but sender can't see my balance, bitcoin you have payment channels for that
Z
03:08
Zack
In reply to this message
full nodes have a JSON api with lots of data
03:09
In reply to this message
it might not be interactive if we don't use range proofs, I am not sure.
S
03:10
Sebsebzen
I heard the most advanced privacy scheme atm is Aurora
03:10
hasnt been implemented yet
Z
03:11
Zack
we aren't looking for "advanced". we just want something compatible with our oracles and channels.
S
03:12
Sebsebzen
just giving you an overview
03:14
03:15
this one might be biased though since its zooko talk
03:15
also doesnt include other schemes like MW
Z
03:20
Zack
it seems like onion broadcast is better than dandelion.

With dandelion you send an unencrypted tx to one person. that one person completely de-anonymizes you.
S
03:21
Sebsebzen
you mean ToR? You can combine both
03:22
MW also seems to be using it
Z
03:22
Zack
tor uses onion encryption, but I would rather not use tor.
onion encryption is super simple, we already have a great encryption library.
03:23
you mean grin is using it.
S
03:23
Sebsebzen
sorry yes
Z
03:23
Zack
I think grin isn't realizing mimble wimble's true intentions
S
03:24
Sebsebzen
seems better than beam
Z
03:24
Zack
beam, the virtual machine for erlang?
S
03:24
Sebsebzen
another MW implementation
03:24
but with founder's wallets
Z
03:24
Zack
cool, thanks for telling me
OK
03:25
O K
In reply to this message
What makes you say this?
S
03:26
Sebsebzen
They already sold their founders wallets, with 400 mil marketcap valuation
03:26
beam
03:29
"We operate according to a Treasury model (no ICO or pre-mining). For each newly mined block, 80% of the block reward goes to the miners and 20% to the Treasury. Investors get their returns from the Treasury over the period of 5 years, on a quarterly basis.
Currently we raised $4M and will open another round of $4M along with the testnet (September), the terms for that round are $4M = 5% of treasury (1% from total coins), with min investment of $100K and max investment is yet determine."
Z
03:29
Zack
In reply to this message
I think mimble wimble is only useful for privacy as a side thought.
The real reason for the development of this protocol was for scalability reasons, and to simplify light node operations.

In the original paper, he only mentions range proofs once, but spends paragraphs talking about how we can prune old data and sync blocks faster.
OK
03:30
O K
If a well funded adversary keeps stores every state of the chain, then is it even useful for privacy?
03:31
if you use range proofs it is secure for privacy yes, but the range proofs are so complicated.
Maybe I am just looking for excuses not to study range proofs more.
03:40
merkel trees are the original cryptographic database.
with a merkel tree you can easily make a proof that something does or does not exist in the database.

MW introduces a new kind of cryptographic database. While merkel trees are based on the hash function, this new database is based on Pedersen commitments. Maybe it should be a Pedersen database.
The Pedersen database makes it easy to prove that a set of UTXOs didn't create or destroy any tokens compared to the tx outputs that paid into them, and it is made so that when a new node syncs, it doesn't have to download any spent tx outputs. So the spent tx outputs can all be deleted.
Deleted joined group by link from Group
Sebsebzen invited riordant
S
03:57
Sebsebzen
@riordant what do you say to above?
Z
04:02
Zack
I guess I should make a fork of basic coin to use a pedersen database for balances, and then we can make decisions on whether this technology can be used in Amoveo.
Z
04:58
Zack
oh, aurora is another kind of range proof system.
It is a lot smaller than bullet proofs.
I wonder if it is compatible with the way MW transactions can be combined.
05:01
it looks like the range proof is a protocol. I wonder how you are supposed to put that into a block.
05:06
If Amoveo switched to MW style accounts, then we wouldn't have addresses, and we would use UTXO instead of accounts.
Im pretty sure we can make oracles and channels compatible with this.
05:07
Maybe this is a bad idea. How is a light node supposed to know your balance if we use UTXO?
There wouldn't be a simple merkle proof to show your balance.
OK
05:09
O K
In reply to this message
I don't know the technical answer but clearly it's not an issue as any block explorer or light wallet (electrum) with utxo chains has no issue with this
Z
05:09
Zack
if I combine accounts with MW, then I can preserve the usefulness of accounts, but we would sacrifice more privacy
05:09
In reply to this message
amoveo light nodes are more secure than bitcoin light nodes, and the point of this MW upgrade is to make light nodes more secure, not less.
OK
05:11
O K
How do you figure?
MF
05:11
Mr Flintstone
merkle proofs aren’t bundled with the transactions in btc right
Z
05:12
Zack
if the server can censor a utxo from you, they can make it look like someone was not paid, when actually they were.
05:12
In reply to this message
right. this is unique for Amoveo as far as I know.
05:13
the person who signs the txs doesn't also sign the merkle proofs.
M⛏
06:12
Moe ⛏
Does amoveo have a tesnet?
S
06:15
Sy
No
06:15
But i think we should start one...
Z
06:16
Zack
when you run integration tests, it creates 3 nodes on your computer
06:16
I want to try attacking nodes that run a testnet
06:16
we could have a competition to see who stays in sync with the testnet for the largest portion of time in an interval
MF
06:17
Mr Flintstone
we can easily make a test net right? we just need to change a version bit?
06:17
and start from genesis block
Z
06:17
Zack
we could use markets to bet on who will stay in sync best
MF
06:18
Mr Flintstone
maybe fix diff to be low or use poa or something
Z
06:18
Zack
you could even run it on the same servers with main net nodes. these programs very light
06:18
I guess you would have to change the port
06:19
maybe it is best to use make local-quick to turn on a testnet, since that setting has lower difficulty, and it starts out with all the hard forks already engaged
06:19
or maybe not, the block time could be too quick
06:20
I should add another command to start the node in testnet mode.
06:20
the retargetting is good enough. we should just do what mr flintstone said and change a single version bit.
Would could use a new branch on github for this.
06:23
I guess we should change the list of default nodes it tries to connect to.
06:23
whoever launches a node first, tell me the ip address and I will hard code it into the source
06:30
https://github.com/BumblebeeBat/pink_crypto/blob/master/src/elliptic.erl
I found this library I made to be an elliptic curve calculator.
This can be used to make pedersen commitments and build the new MW database.
Z
07:22
Zack
I think maybe I should expose basic ellipitc curve crypto operations to chalang. Then we could program stuff like pedersen databases in chalang.
Z
07:51
Zack
https://github.com/BumblebeeBat/pink_crypto/blob/master/src/elliptic.erl#L132
I got pedersen commitments working. Here is a passing test.
MF
08:04
Mr Flintstone
that was quick
Z
08:05
Zack
ive written some related stuff before
MF
12:41
Mr Flintstone
interesting situation in augur land
12:41
12:42
Greg (🐝, 🐝) - will not DM first invited Greg (🐝, 🐝) - will not DM first
Bullshakalaka invited Bullshakalaka
John invited John
GIM invited GIM
Dmitry invited Dmitry
老白 invited 老白
Z
21:41
Zack
you can edit messages on telegram.
J
21:42
John
Gotcha thanks
10 November 2018
Vitalii Bulychov invited Vitalii Bulychov
VB
00:58
Vitalii Bulychov
Hey, guys
It's on a search first page, but i've found no single word about this wallet here
http://amoveo.exan.tech/
Any ideas on it's credibility?
Z
00:59
Zack
@denis_voskvitsov is making that light node.
It is based on my software.
I haven't reviewed all the code in that server, but they are hosting an open source copy on github.
VB
00:59
Vitalii Bulychov
"here" - at reddit, sorry
DV
01:01
Denis Voskvitsov
it's mostly UI rework
underlying code is from original light node
VB
01:01
Vitalii Bulychov
In reply to this message
my mention, i guess? Thank you, i got it!
01:02
yep, thank you, guys!
Z
01:35
Zack
https://github.com/BumblebeeBat/pink_crypto/blob/master/src/elliptic.erl
now we can combine pedersen commits
MF
01:55
Mr Flintstone
nice
Z
02:27
Zack
https://github.com/BumblebeeBat/pink_crypto/blob/master/src/elliptic.erl#L54

I think this algorithm for the inverse is much slower than the optimal algorithm.
02:31
Does anyone know how to quickly calculate the inverse of an integer in a field modulo a prime?
S
03:25
Sebsebzen
In reply to this message
@riordant
S
04:06
Shaun
Does anyone know what might've triggered the sudden interest in amoveo?
04:08
What I like about it is people actually (hopefully) understand the potential and dont treat it like any random crypto project
[
04:08
[Riki]
binance rumors
04:08
jk
04:08
lots of good stuff being worked on by community members
B
04:51
Ben
binance lol, that was a nice one :P
04:51
laughed my ass off
AK
05:09
A K
In reply to this message
Are you seeing an uptake in regs?
S
05:14
Shaun
In reply to this message
Yes, also an increase in amounts of requests aswell.
T
05:15
Tromp
FOMO
06:21
Deleted Account
where do u check the reg rates
MF
06:33
Mr Flintstone
well they run the exchange haha
Deleted invited Deleted Account
Z
08:22
Zack
So many people abandoned VEO on my mining pool, there were too many.
So I ran a script to pay out everyone who had more than like 0.005 VEO, and it made over 200 txs.
Deleted invited Deleted Account
Z
09:41
Zack
https://github.com/BumblebeeBat/pink_crypto/blob/master/src/elliptic.erl#L44
I got the faster inverse function working.
Z
11:04
Zack
I think we can make signatures of all the channel txs collapse like spend txs in almost all cases.
And if both participants sign off on the outputs, it seems like we are safe to prune all the channel state, like it never existed.

If all the parties involved sign off in consensus about the outcome, then it doesn't really matter what they did.

There will probably be tens of thousands of channels for every oracle, so it is not so important if we can find a way to collapse the oracle state.
Deleted invited Deleted Account
11:12
Deleted Account
hi there, can anyone tell me how many public keys can a private key have in veo wallet?
Z
11:12
Zack
1
Z
12:31
Zack
One of the biggest benefits of mimble Wimble cryptographic databases is that it becomes completely impossible to counterfeit tokens.
If there is a bug in the code, it might destroy tokens and make them unspendable, but it would be impossible to have a bug that creates more tokens from nothing.

These are the very worst category of bugs.

Guarantees against counterfeiting would have short cryptographic proofs.
Deleted invited Deleted Account
J
14:18
John
In reply to this message
I am not 100% understanding this, could you explain a little deeper on how it is impossible? Is it because every input of transaction is from some outputs?
14:22
Deleted Account
whats the supply numbers for VEO?
A
14:24
Aries
Use google slick
14:25
Deleted Account
im a noob, been looking
14:27
34,821 circulating supply but cant find total or how what immission will look like
MF
14:28
Mr Flintstone
veoscan.io has total. circ is actually like 40k atm
AK
14:29
Alex K
In reply to this message
Where did you find this value?
14:37
Deleted Account
wait
14:37
jesus
14:41
Deleted Account
they recognise 1500 coins...I wouldnt make a thing of it.
A
14:50
Adrian
In reply to this message
So you mean that since mimblewimble require sum of input equal to the output, that's make impossible to create coin on one side?

What about the bug in the code may destroy coin? I don't understand, if mimblewimble doesn't allow coin create, how it allow destroy coin?
MF
14:52
Mr Flintstone
the coins aren’t really destroyed, just unspendable I would think
14:52
idk tho
S
16:11
Sy
height 40762 | market cap 48,292 VEO
17:19
Deleted Account
@zack we have a mod m = y. To find a value for a, simply choose any a = N * m + y? am i misunderstanding the question?
AK
17:41
A K
17:41
I like these offers. Optimistic!
Deleted invited Deleted Account
S
18:44
Sy
buy is still growing
18:44
so...maybe...hopefully...soon 😝
Z
18:55
Zack
In reply to this message
Right
18:56
In reply to this message
That's part of it I think.
I don't completely understand why the algorithm works.
19:09
In reply to this message
The inputs and outputs are all cryptographically linked.if you try to lie about a value, then you end up with an unspendable output.
πŸ‘‹ invited πŸ‘‹
20:45
Deleted Account
20:45
is amoveo using this?
Z
20:45
Zack
No.
20:47
Memory hard mining algorithms like this are bad. It is so difficult to make an asic, whoever manages to make an asic will have a huge advantage, and it will be so hard for a second person to make an asic.
Deleted invited Deleted Account
Z
20:48
Zack
Amoveo mining is designed so that Asics are as easy as possible to make. That way it is easy for more manufacturers to start making them.
20:57
Deleted Account
thanks!
Z
21:07
Zack
Maybe we should raise the block reward to 1 VEO soon
S
21:22
Shaun
1 $VEO = 1 $ETH πŸš€πŸš€πŸš€ https://t.co/bsrPNannNP
AK
21:23
Alex K
Wake me up when 1 VEO = 1 BTC
M
21:35
Minieep21
Close to ETH parity soon, I think it will hold for a little bit
11 November 2018
MF
00:31
Mr Flintstone
new pool?
Z
00:31
Zack
you saw that so fast
MF
00:32
Mr Flintstone
just luck haha
00:33
was looking at sys updated explorer
MF
01:49
Mr Flintstone
I think we should update wp to note that we changed the retargeting scheme
01:49
cuz it just references the btc style retargeting
Z
01:51
Zack
Good idea
B
02:00
Ben
and raising the Block reward is not a good idea yet.
02:00
Veo Just stabalized.
02:01
if there is real adoption and the user Base is exploding, then it is a good idea to raise the Block reward.
AK
02:10
A K
3 Blocks for the new pool already
Deleted invited Deleted Account
R
05:40
Ramzi
Inflation is never good, and futuarchy will confirm it πŸ™‚πŸ™‚
[
05:45
[Riki]
i see it more as game theory that being good or bad
Z
07:07
Zack
In reply to this message
if we grow faster, network effects will come into play.
Too low of a block reward can be bad for growth.
R
07:42
Ramzi
In reply to this message
Yep it's true, but with futuarchy, holders who got a big percentage of veo will bet against any increase of future supply, the low of the offer and demand on any market will push them to bet like that, we can try that on a gouvernance oracle, but we have to consider to minimise the Β«network effect of a growthΒ» as a second plan
MF
07:44
Mr Flintstone
people will want to increase the value of their veo
07:45
if increasing the block reward is positively correlated with an increase in veo price, a futarchy market can tell us this
R
07:50
Ramzi
Any veo holder want veo to be rare, that's why increasing the emission is against his interest
07:53
In reply to this message
Decreasing block reward is positively correlated with increase in price, the uptrend that we have has begunjust after the last gouvernance oracle
M
08:27
Mike
In reply to this message
It was sort of coincidental, definitely not entirely though
John invited John
MF
10:10
Mr Flintstone
kind of interesting tactic bch sv is trying to pull. if you use an opcode on abc that is invalid on sv, sv miners can claim those coins as fees
OK
10:11
O K
The block reward should go back up eventually.
10:12
In reply to this message
The whole thing seems like a marketing ploy to me
. invited .
CH
16:02
Chris Hortski
(Sorry if this is a repost)
There has been some talk about Mimblewimble here recently. This is an article from beam i thought might be useful for people who are unfamiliar.
https://medium.com/beam-mw/mimblewimble-explained-like-youre-12-d779a5bb483d
_T joined group by link from Group
Deleted invited Deleted Account
19:19
Deleted Account
☺️
AK
20:10
A K
16 blocks for the new pool
20:11
Perhaps it's just a new xdpool address
trumae da Ilha invited trumae da Ilha
Z
21:26
Zack
Yeah, xdpool disappeared at the same time it appeared. Xdpool probably just changed their address.
S
21:32
Sy
Again...
21:32
I'll adk, would be their 4th
Z
21:32
Zack
I recommended people change their addresses after the recent security bug we found
21:33
We need to decide how much is a good reward for the person who discovered the bug.

It seems like most full nodes were already secure, except for the full nodes that I was operating.
21:35
It was an issue with epmd, which is a program that erlang uses so you can run programs in the background.
If you didn't have a firewall set up, then it allowed an attacker to read the contents of the private key file.
M
21:35
Minieep21
Best to generate a new private key?
Z
21:35
Zack
I fixed this bug in 2 ways.
Now a full node generates a random password, so you cannot connect without the password, and also I added documentation for setting up a firewall in Ubuntu.
21:36
In reply to this message
There was no bug in key generation.
AK
21:40
A K
private key - for the full node address only?
21:40
If someone generated a privkey via a light node served from Zack's fullnode, it's safe?
Z
21:41
Zack
The light node code is secure, but your connection to my server is not.
A man in the middle might be giving you a fake version of the light node.
21:42
You should only put a private key into a light node that you downloaded from github.
AK
21:42
A K
yeah that's understood
AK
21:42
A K
with that specific bug though?
Z
21:43
Zack
This bug does not relate to address generation
MF
21:43
Mr Flintstone
light node doesn’t use erlang right
21:43
just js
21:43
?
Z
21:43
Zack
In reply to this message
Here you can read about the bug.
21:43
Light node does not use erlang or epmd.
MF
21:44
Mr Flintstone
right, so this specific exploit wouldn’t be applicable to a light node
AK
21:44
A K
cool
MF
21:46
Mr Flintstone
always a fun experience to go check if my coins are still there on veoscan, then have a heart attack when the page # changes
21:46
on holders
Z
21:46
Zack
Haha I know the feeling
Z
23:33
Zack
MichaΕ‚ Marek (ecneladis) of Patterns Dynamics found the bug.
23:34
even if you don't have VEO on your full node, it is still important to update. Otherwise an attacker can gain control of your node and cause it to join a botnet.
12 November 2018
Deleted invited Deleted Account
Z
00:54
Zack
You shouldn't use any private key from any full node that was compromised. It is best to make new addresses.
01:50
Another privacy feature applicable to amoveo
01:51
With some interesting tradeoffs
01:51
But no hardcore crypto is required at all
Z
01:53
Zack
In reply to this message
I think if we combine Paul's strategy with the mimble wimble database, it would be much more effective.
The main cost of Paul's strategy is that there are extra txs being processed, but with MW we can collapse all those extra txs into nothing.
AK
01:54
A K
Yeah makes sense
01:55
I'm not sure Paul is the author of this one, I heard many times before, but it's a great writeup
01:56
If txs cost next to nothing makes total sense to obfuscate by default
Z
01:57
Zack
I think it will work like the shopping carts where you have to leave a dollar to take the cart, and you get it back when you put the cart back.
So if you use up lots of UTXO and only create one new one, then your tx would have a negative fee.
AK
01:58
A K
Wow did you come up with it or is it from some MW idea?
01:58
Sure sounds nice
Z
01:59
Zack
I watched some videos of people talking about MW, someone mentioned that if fees worked differently, then there would be less UTXO's.
They didn't explicitly describe this fee system, but you can derive it pretty quickly from that.
02:00
I can't remember which video I saw it in
Yana Bulich invited Yana Bulich
Z
02:25
Zack
https://github.com/zack-bitcoin/amoveo/blob/master/docs/rewards.md
I am making a history of rewards that were paid for people who found bugs and responsibly disclosed them.
Deleted invited Deleted Account
03:57
Deleted Account
Why only 10 for Tallakt? Was it the proximity to Isaac's disclosure that made you concerned you'd be handing out VEO more frequently?
Z
03:58
Zack
I think both of those factors were involved
03:59
it has been a while, it is hard for me to remember exactly what reasoning we had.
04:53
Deleted Account
humf
04:53
its ok
04:54
actually i just discussed the possibility, zack did all the work. i could not find the validation code, but i was not entirely sure there would be a bug
Z
05:12
Zack
https://github.com/zack-bitcoin/amoveo/blob/master/docs/getting-started/turn_it_on.md

I added more details to this page.
I wrote a shell script to increase the security of your erlang cookie.
This is important if you choose to run a full node without a firewall.
Deleted invited Deleted Account
Z
05:57
Zack
I said some things about light nodes and Mimble Wimble that are not true.
You can only verify the pedersen commitments to know that no veo was counterfeited if you download the entire UTXO set.

So the list of advantages for MW cryptographic security is a little less:
* we can collapse history, so new full nodes have less to download while syncing.
* full nodes have cryptographic proof that no veo was counterfeited, which prevents a lot of the worst kinds of bugs.
* Transactions would be like 10x smaller. might not matter for Amoveo, because merkle proofs are already a bigger part of the block than the txs.
It means that a minimal archival node would take 10x less hard drive space.
T
06:10
Tromp
You plan on doing a more user friendly interface? Or you think in time people will contribute after the project is more developed?
06:11
I guess getting the project optimized beforr UI is more important right now. But in the future a UI that is friendly will get the mass adoption
Z
06:15
Zack
exan.tech made a new light node, and they released a beta of their android wallet
T
06:58
Tromp
In reply to this message
πŸ‘πŸ»πŸ‘πŸ»πŸΊ
N
12:06
NM$L
zack when binance
M
12:23
Minieep21
In reply to this message
Tweet Binance yourself
N
12:30
NM$L
In reply to this message
useful?
Deleted invited Deleted Account
Harmony is lifer β€’ $ONE πŸ¦„ invited Harmony is lifer β€’ $ONE πŸ¦„
GraeOne invited GraeOne
Π―
15:21
Ярослав
ΠžΡ‚ΠΊΡƒΠ΄Π° ΡΡ‚ΠΎΠ»ΡŒΠΊΠΎ русских появляСтся? Но всС ΠΌΠΎΠ»Ρ‡Π°Ρ‚ ΠΏΡ€ΠΈ этом )))
Π•ΡΡ‚ΡŒ русскоязычый Ρ‡Π°Ρ‚?
15:24
Deleted Account
вся ΠΌΠ°ΠΊΠΎΠ²ΠΊΠ° здСсь, Π½ΠΎ ΠΎΠ½ΠΎ слоТно для понимания, Ρ‚ΡƒΡ‚ ΡƒΠΌΠ½Ρ‹Π΅ Ρ‡ΡƒΠ²Π°ΠΊΠΈ Ρ‚Ρ€ΡƒΡ‚ свои Ρ‚Π΅ΠΌΡ‹)
M
15:35
Minieep21
In reply to this message
https://discord.gg/KPkTMP Π•ΡΡ‚ΡŒ.
Deleted invited Deleted Account
Archnomics invited Archnomics
MS
17:04
Matvii Sivoraksha
In reply to this message
Π•ΡΡ‚ΡŒ, Π½ΠΎ ΠΎΠ½ ΠΌΠ΅Ρ€Ρ‚Π²Ρ‹ΠΉ :(
17:04
@amoveoru
IP
17:30
I P
In reply to this message
When rivers reverse and mountains fall, when sun collapses
18:22
I published some details on recent vulnerability
Z
18:24
Zack
Michal marek is the one who found that recent vulnerability
AK
18:36
A K
wow actual keybase user , finally I found one ))
18:36
well done with disclosure!
Z
20:28
Zack
Security reminder:
Leaving money on an exchange is risky!
The vast majority of exchanges eventually die, and all the money that is left on them disappears.
Sometimes this is because of a hacker, sometimes it is because the people running the exchange really need the money.

Qtrade and amoveo.exchange have been doing a great job so far. But still, you should not leave more money on these exchanges than you need to.

For example, someone is trying to sell 100 VEO at a price of 5 bitcoin.
This trade will almost certainly not be executed, and this is a risk of almost $30k that could be lost if Qtrade fails.
m
21:17
mm
Exchanges are ultimate bug bounties.
21:19
Deleted Account
where to look dificulty?
MF
21:22
Mr Flintstone
amoveo.tools
21:26
Deleted Account
thx!
21:26
Deleted Account
@ecneladis the key generation seem very weak. Only need to guess the seed then the entire 20 char key may be generated. The seed is made of two values that seem to be related to the clock and not very random
21:27
I always read that epmd _must_ be firewalled. I guess the danger happens when sysops without much erlang experience spin up a server...
AK
21:47
A K
Deleted invited Deleted Account
AK
22:18
A K
if this growth happened after CMC listing, veo would've been at 1000 already
22:18
we need at least one exchange from CMC
22:19
let's create a market/DAC for listing on such an exchange?
22:19
i'd bet some veo
MF
22:19
Mr Flintstone
we can use a binary options market to speculate on this stuff. I feel like it is a good idea
22:20
almost like amoveo is bootstrapping its own exchange listings
AK
22:20
A K
yep
EW
22:20
Eli W
14-15m usd at top 270-300 of the cmc
MF
22:21
Mr Flintstone
we could also create a market for the cmc listing, which would cover all relevant exchanges
22:21
plus amoveo exchange and qtrade
22:21
if they get added
AK
22:22
A K
yep also fine
22:22
"Amoveo is listed on CMC before 31 Dec 2018"
MF
22:22
Mr Flintstone
maybe people will be reluctant to bet veo on a market with two months maturity
AK
22:22
A K
too short?
MF
22:22
Mr Flintstone
long I think
22:23
I was thinking like monthly rolled
22:23
maybe not tho
22:23
End of year predictions are popular
AK
22:23
Alex K
In reply to this message
+
MF
22:24
Mr Flintstone
who wants to make like 5% of all the veo bet in this market?
Z
22:24
Zack
In reply to this message
https://github.com/zack-bitcoin/amoveo/blob/master/docs/getting-started/turn_it_on.md
I added some directions to this page about how to make your key have 48 bytes of security.
22:25
In reply to this message
we would be in the top 300 by market cap on CMC.
22:25
In reply to this message
the exchange should work with me and we can do a dominant assurace contract. They will make a lot more money that way.
AK
22:25
A K
Zack nah, what I meant is: ppl would see veo appreciating and drive the price to $1000. 30% daily growth gets a lot of attention on CMC
MF
22:25
Mr Flintstone
yeah but we can’t speculate on it and make money with a DAC
22:25
directly
22:26
like we can with binary options market
22:26
there can be both DAC and speculative markets active
Z
22:27
Zack
In reply to this message
I think this type of market isn't efficient.
I am not against trying it out as an experiment, its just that it creates so little incentive for anyone to actually list.
22:28
In reply to this message
there is no way for us to know how much veo was bet in a market.
22:30
channels cost money based on how long they are open. so bets that take twice as long to resolve cost twice as much in tx fees.
Bets that resolve in a short time period are ideal.
MF
22:33
Mr Flintstone
β€œthe native token of the amoveo blockchain mainnet is listed on coinmarketcap.com after the end of December 31st 2018 UTC + 0”
22:34
trying to be explicit since there are some clusterfucks in augur markets atm with ambiguous language
Z
22:35
Zack
I think Amoveo community has more of a chill attitude. We don't worry about the precise definitions of words.
AK
22:35
A K
rather "before" not "after" )
MF
22:35
Mr Flintstone
before is harder to prove than right now
22:35
but if u guys don’t think we’ll be uptight about oracle reporting then w/e
AK
22:35
A K
In reply to this message
that's before real usage started... Augur has some markets which can't settle already due to amiguity.
Z
22:36
Zack
Isn't that half of all time?
MF
22:36
Mr Flintstone
Good point
22:36
β€œAnd before this oracle is finalized”
22:36
maybe that makes it invalid lol
Z
22:37
Zack
I'm pretty sure we all understand what you meant. Even if that isn't exactly how "after" is defined.

That is why english has so much redundancy.
22:39
Should I make aarket for the Oracle? What is the oid?
MF
22:42
Mr Flintstone
I don’t think it’s been launched yet
Z
22:42
Zack
it gives you the oid when you make the tx
22:42
should I make the oracle?
MF
22:43
Mr Flintstone
I’m happy to make it just not at a node
Z
22:43
Zack
ok, you can do it. Someone besides me should do some of them
AK
22:45
A K
eager to bet
22:45
so how would it work? each participant would need to establish a channel with Mr Flintsone node?
Z
22:46
Zack
the person who asks the oracle the question can be different from the person running the market.
22:46
we can even run multiple markets off of the same oracle question
22:47
the person who asks the oracle question has the honor of paying like $5 in fees.
Deleted invited Deleted Account
?
22:51
πŸ…°Ν’Ν’Ν’πŸ…½πŸ…³πŸ†πŸ…΄πŸ…Έ
Is it possible to make a qt wallet?
MF
22:51
Mr Flintstone
I won’t run a market for this
22:51
but I am going to deploy an oracle
AK
22:52
A K
In reply to this message
i don't see why not
Z
22:52
Zack
In reply to this message
the api that the javascript wallet uses is fairly simple.
You might even be able to put a qt front end on top of a javascript backend.
?
22:57
πŸ…°Ν’Ν’Ν’πŸ…½πŸ…³πŸ†πŸ…΄πŸ…Έ
In reply to this message
how safe is it?
Z
22:59
Zack
light nodes user merkle proofs to verify the data. it is almost as safe as using a full node.
?
23:02
πŸ…°Ν’Ν’Ν’πŸ…½πŸ…³πŸ†πŸ…΄πŸ…Έ
where to download and how to use,please.
OK
23:05
O K
In reply to this message
This is the javasscript wallet in question
http://159.89.106.253:8080/wallet.html

You can find the code on https://github.com/zack-bitcoin/light-node-amoveo
Z
23:09
Zack
In reply to this message
no, the light wallet has a different repository now.
23:09
It is set up to be easier to run by itself now.
OK
23:10
O K
Oh, nice, fixed.
Z
23:10
Zack
https://github.com/zack-bitcoin/light-node-amoveo/archive/master.zip
Here is a one-click link for the light node.
?
23:15
πŸ…°Ν’Ν’Ν’πŸ…½πŸ…³πŸ†πŸ…΄πŸ…Έ
well, and how to open it in Windows?
Z
23:16
Zack
the shell scripts are made for linux/mac

can you even run python on windows?
23:17
it is a small webpage, if you can't use the python server, maybe some other server will be easier for you.
23:18
maybe you can use software like gulp to make it into one page of html, then you could open it in a browser.
?
23:18
πŸ…°Ν’Ν’Ν’πŸ…½πŸ…³πŸ†πŸ…΄πŸ…Έ
That's why I talked about the qt wallet
Z
23:18
Zack
I don't do much javascript development
23:20
a web page says if you have python3 installed in windows, the exact same command works
23:20
python3 -m http.server 8080
23:22
I tried to rewrite the start scripts as bat files for windows. did it work? can you use it in windows now?
?
23:26
πŸ…°Ν’Ν’Ν’πŸ…½πŸ…³πŸ†πŸ…΄πŸ…Έ
Linux is probably all good, but I'm used to windows. Coin is smart, but the wallet is not very good, so think about creating an ordinary wallet, everything familiar, under Windows. If you have no time, I think you have those people who can be charged with it.
23:27
thank
DV
23:29
Denis Voskvitsov
you can just open wallet.html in browser.
it's pure js app and it doesn't need a server to work on.
Z
23:29
Zack
I just wrote a script for windows, did it work?
23:29
In reply to this message
didn't work on my mac, maybe I did something wrong.
23:29
I think there should be a way to do what you describe
23:30
I am not so great with javascript.
DV
23:30
Denis Voskvitsov
it worked that way within full node.
ok, I'll take a look, probably just issues with relative paths of scripts.
Z
23:30
Zack
I think it only partially worked that way for fullnode
23:30
some parts didn't work
?
23:49
πŸ…°Ν’Ν’Ν’πŸ…½πŸ…³πŸ†πŸ…΄πŸ…Έ
who knows about the largest pool VEO?
23:49
Comino
23:50
or is it just a fpga factory
OK
23:51
O K
It's private
?
23:51
πŸ…°Ν’Ν’Ν’πŸ…½πŸ…³πŸ†πŸ…΄πŸ…Έ
so many people and everyone is silent
23:52
and there is no data, such power!
23:53
attack 51?
Z
23:53
Zack
the price went up a lot more than the hashpower.
?
23:54
πŸ…°Ν’Ν’Ν’πŸ…½πŸ…³πŸ†πŸ…΄πŸ…Έ
This is bad?
Z
23:54
Zack
it is good for anyone who is mining right now
E
23:54
Eloi
more miners will come
13 November 2018
Deleted invited Deleted Account
MF
00:52
Mr Flintstone
ok
00:53
the cmc oracle has been included in a block
00:54
next we would need someone to run a binary option market. whoever likes money can probably make a good amount of money by hosting it
M
01:02
Marek
Can someone explain me what for are the buttons "print unsigned transaction to screen" and "sign tx" and "push tx" in the light wallet menu ? Is somewhere the manual so I can read about to get idea for what is it...dont understand ...thanks
Z
01:07
Zack
In reply to this message
The buttons do exactly what they say they will do.
The sign tx feature is for taking an unsigned tx and returning the same tx signed.
the push tx is for publishing a signed tx to the network so it can be included in a block.
01:08
There is such a thing as over-documentation.
If something is documented too many times, then it is more work to update anything because you have to change the documentation in so many places
DV
01:13
Denis Voskvitsov
In reply to this message
there is another UI available on http://amoveo.exan.tech using original light node behind it. you can find it a bit more understandable.
M
01:20
Marek
So if I understand it right those buttons do something what is not necessary to know or use in a case I want only to send veo from light wallet to anotherone... so I just fill private key check public key fill in the amount minus create tx fee and push send button ...
OK
01:20
O K
In reply to this message
You're not the first person to point out that these advanced features would be better off hidden
01:21
Load key
Check balance
Insert amount to sent
Inset public key of recipient
Click send
M
01:21
Marek
Thanks Denis and Zack
01:21
OK understand
OK
01:21
O K
:)
M
01:21
Marek
Sometimes the world is so easy...
M
01:44
Marek
It suprises me that sometimes transaction create fee was 0.001521 and sometimes 0.001512 ...
Z
01:46
Zack
for a long time the fee was programmed slightly different in full nodes and the light wallet.
01:46
mining pools accept any tx with a fee higher than their minimum.
M
02:09
Marek
Clear ;)
Z
02:40
Zack
try WTB on discord trading channel
Deleted invited Deleted Account
s invited s
Z
03:40
Zack
Block times have been so consistent.
MF
03:41
Mr Flintstone
it’s awesome
03:41
we can have fairly accurate predictions of when a block in the future will come
Yung Lean invited Yung Lean
Deleted invited Deleted Account
Alex invited Alex
S
06:02
Sy
I still think a simple timestamp would be easier for oracles
06:53
Deleted Account
where can we find an accurate hashrate, is the veopool.pw calculator the best?
06:53
mveo seems out of date
Z
06:53
Zack
https://amoveo.tools/
This one is fun
06:53
Deleted Account
thank you
Robot085 invited Robot085
Deleted invited Deleted Account
Deleted invited Deleted Account
10:18
Deleted Account
Hi i am having trouble with a transaction i made from amoveo.exchange to my wallet
10:18
Can someone help me with this
10:20
In reply to this message
Can you help me mr flintstone
A
10:22
Aries
Welcome New Members!
N
10:28
NM$L
1veo=1.5eth yesterday
10:43
Deleted Account
In reply to this message
Sy can you help me with my issue
OK
10:47
O K
@Rgkrobert ask here @AmoveoExchange
10:47
Deleted Account
In reply to this message
Thanks!
[
16:41
[Riki]
In reply to this message
I think it was mentioned once 600-800
AK
16:43
A K
prediction activity happens in channels though
16:43
offchain
16:43
so practically as fast as bitcoin lightning? haven't bothered to check exact figures
16:45
practically limited by network, some quote up to 1M TPS for 1-1 channel
Z
17:07
Zack
Off chain in channels can be infinitely fast.
On chain we can currently support like 450 txs in 10 minutes. But block size is small right now.
We can adjust block size and block time as governance values to increase the number of on-chain txs per second if we needed to.
17:21
https://veoscan.io/tx/oKTS8OULQw%252F%252F5I%252B9cx33m3YQU4O5I3C0Fpw1fLnnytY%253D/2

Any idea why this tx doesn't say an amount on veoscan?
Deleted invited Deleted Account
AK
18:40
A K
what’s cominopool.com lol ?
Z
18:40
Zack
looks like a domain for sale.
AK
18:41
A K
Z
18:41
Zack
I think veopool.pw is just assigning the wrong url to that pool.
18:42
veoscan calls it "comino" without any .com
AK
18:42
A K
looks so yep
Deleted invited Deleted Account
S
21:02
Sy
its the one they told me...
21:02
i dont make those names up and veoscan usually takes them from me 😁
Z
21:03
Zack
sounds like whoever is running cominopool doesn't understand URLs
S
21:03
Sy
because?
21:03
the pool is private anyway, he just wanted it named that way
Z
21:03
Zack
they don't own the URL, but they use it for advertising.
21:04
its like if I started advertising with amoveo.com, even though we don't own that url.
S
21:04
Sy
what makes you say its not his?
Z
21:05
Zack
if you try to go to cominopool.com, it says the url is for sale
S
21:05
Sy
no
21:05
it says 503
AK
21:05
A K
wow not anymore
21:05
redirects for me now
S
21:05
Sy
told ya...
AK
21:05
A K
it wasn't earlier )
S
21:05
Sy
just chillaxe a bit, always those accusations...
Z
21:05
Zack
oh, it says it is on namecheap. I guess I am the one who doesn't understand URLs
S
21:06
Sy
namecheap is just an anon registrator
AK
21:06
A K
redirects to comino.com for me now
21:06
πŸ€·πŸ»β€β™‚οΈ
m
21:47
mm
Damn, did you buy before me? πŸ˜‚
SS
22:15
Spike Spiegel
BTW how long until founder reward unlock?
Z
22:16
Zack
like 2.5 months.
EW
22:19
Eli W
Nice
22:20
Deleted Account
In reply to this message
It did not display correctly if spend tx amount = 0. I fixed it just now.
Z
22:20
Zack
cool. good job catweed
CryptorπŸ•‰ invited CryptorπŸ•‰
AK
22:21
A K
Why is it possible to spend 0 veo?
Z
22:22
Zack
they still have to pay the tx burn fee.
The burn fee covers the cost to the network of including the tx.
22:28
https://veoscan.io/ catweed are you restarting it or something?
22:29
Deleted Account
In reply to this message
Yes, it operates normally now
Z
22:29
Zack
all fixed. thanks catweed
S
22:45
Sy
i think im not showing 0 spends aswell, gotta check that
14 November 2018
Z
00:00
Zack
If you chose a random moment in time, on average how long it has been since the most recent block?
AK
00:01
A K
10 / 2?
Z
00:02
Zack
I can't remember how to solve this kind of probability problem
00:03
5 minutes or 10 minutes seem like good guesses.
MF
00:04
Mr Flintstone
isn’t it 10?
Z
00:05
Zack
I feel like time might be symmetric here.
So the amount of time until we find the next block is the same as the amount of time that has passed since we found the previous. both being 10 minutes on average.
AK
00:05
A K
consider interval 0;1 1;2 2;3 etc till say 9;10
00:06
throw a dot randomly evenly on the interval 0;10
00:06
how far on average will it be from the leftmost integer?
Z
00:06
Zack
you like riemann sum's better than integrals huh?
00:07
half the time it is below 10, and half above
00:07
I think...
00:07
the average is 10
MF
00:07
Mr Flintstone
Median is 7 minutes
00:07
since some blocks take a loooong time
Z
00:07
Zack
is the median of a poisson curve also 10?
MF
00:07
Mr Flintstone
no
AK
00:07
A K
do we have a poisson ? wrt block times?
MF
00:08
Mr Flintstone
only way for avg to be 10 when there are some blocks that are 100 is if median is less than 10
00:08
you cant have negative time blocks
Z
00:08
Zack
https://en.wikipedia.org/wiki/Poisson_distribution#Median

wikipedia says it has "bounds".
AK
00:09
A K
If buses arrive exactly every ten minutes, it's true that your average wait time will be half that interval: 5 minutes.
00:09
ok i was considering only this case )
00:09
perfect blocks
MF
00:10
Mr Flintstone
I’m pretty sure 50% of blocks are found within 7 minutes
AK
00:11
A K
observationally?
Z
00:11
Zack
the average block time is a little faster than 10 minutes historically as well
MF
00:11
Mr Flintstone
just from characteristics of Poisson distribution
Z
00:11
Zack
once a blockchain is using asics, it tends to just slowly increase in hashpower. and since bitcoin takes 2000 blocks to retarget, by the end of 2000 blocks the network has already grown.
MF
00:12
Mr Flintstone
right
00:12
but let’s just assume there is constant hash power
Z
00:12
Zack
What tool can I use to find this out from poisson curves? maybe I should just use random sampling and the power of modern computers.
MF
00:12
Mr Flintstone
yeah just random sample it, you’ll get the same result
00:13
I think I remember it being like 7 minutes 13 seconds
MF
00:14
Mr Flintstone
nice
00:14
A probability distribution with this property is called memoryless and it can be very counter intuitive. For example, since the time between blocks is 10 minutes on average, you might expect any random point in time to have on average 5 minutes since the last block and 5 minute until the next block. But in reality it's on average 10 minutes since the last block and 10 minutes until the next block. Yes, this means that a random point in time falls in an average gap of 20 minutes! This makes sense if you think that larger gaps are more likely to capture your randomly chosen point in time than smaller gaps.
Z
00:15
Zack
cool. thanks AK
00:16
so 6:55
Z
00:20
Zack
Cool. Thanks for plugging it in Mr flintstone
You guys are amazing. A research team has appeared.
DV
00:21
Denis Voskvitsov
median block time is 468 seconds btw, considering blocks from 28300
AK
00:21
A K
and when did the new retarget algo kick in?
MF
00:21
Mr Flintstone
weird
00:21
that was the new algo right?
Z
00:22
Zack
I'm seeing ln (2)/10 minutes a lot on the Internet as median of an exponential. I guess that is the same as 6:55
MF
00:22
Mr Flintstone
although our process isn’t exactly perfectly Poisson and may be less Poisson for block times than the btc retargeting algo
AK
00:22
A K
than the "real instanteneous" hashrate spent more time below the EWAH estimate
00:23
could be just a fluke, miners came and miners left
MF
00:23
Mr Flintstone
In reply to this message
do you have average block time too by chance?
DV
00:24
Denis Voskvitsov
In reply to this message
646 seconds
Z
00:24
Zack
Our difficulty is sometimes decreasing as more time passes while searching for the same block.
I think this could push our median block time up.
MF
00:24
Mr Flintstone
maybe it makes sense cuz our retargetting algo doesn’t like low block times even if random
00:24
but idk
AK
00:25
A K
so both mean and median are slightly higher
Z
00:25
Zack
It is a lot better than it used to be.

There is a balance between over-reacting to randomness, and quickly reacting to changes in hashpower.
00:27
If we are consistently off by 10 percent, we can change the governance variable to make up for it.
00:27
Or just be happy with 11 minute blocks
AK
00:28
A K
10 or 11 doesn't make a difference imo
MF
00:28
Mr Flintstone
don’t fix what isn’t broken imo. 11 minute is ok
[
00:28
[Riki]
For a large sample size (degrees of freedom) the poisson becomes alike to a normal distribution with average=median
00:28
I think
Z
00:29
Zack
Poisson is like doing repeated sampling from an exponential distribution, right?
[
00:31
[Riki]
Sounds logical
DV
00:45
Denis Voskvitsov
current block time histogram
00:45
block time is Ox, starting from block 30000 this time (retargeting was turned on)
AK
00:45
A K
what's that spike around 600 hmm
00:46
and I wonder if benford's law applies )
Z
00:47
Zack
Haha.
When a block is found, everyone generates a new problem to work on.
Then after so many minutes, they reset the problem.
That's why the distribution has periodic bumps at the same interval
DV
00:47
Denis Voskvitsov
yeah, there is interesting spike around 10 minutes block time, don't know how to explain it yet
Z
00:49
Zack
I guess sys pool only resets every 10 minutes.
00:49
It's actually surprising it isn't even more spiky on 10 minute intervals
00:52
I guess it only works if sy finds a block after the kind of pool that resets the timer more frequently finds a block.

Reseting the timer more frequently does lower the difficulty in some cases.
S
00:54
Shaun
In reply to this message
Further reading http://r6.ca/blog/20180225T160548Z.html
Z
00:58
Zack
Thanks Shaun
Stepan Panov invited Stepan Panov
SP
01:11
Stepan Panov
Is there a set date for the mainnet launch? Thanks
Z
01:11
Zack
March 2 2018.
SP
01:12
Stepan Panov
cheers
ninja invited ninja
[
01:55
[Riki]
It would be good to have a pinned message in this chat containing all useful links. We have at least 10 useful veo-related pages.
MF
01:58
Mr Flintstone
veoscan.io has most of these right?
01:58
but you need to look I guess
Z
02:01
Zack
I tried to put all the links on the github
02:02
There are lots of links about amoveo on the github.

https://github.com/zack-bitcoin/amoveo
Zack pinned this message
Z
02:14
Zack
I can't find the link to mveo
02:14
I don't see a typo?
02:14
oh, "way" not "wait"
[
02:15
[Riki]
Statistics page to see historic difficulty, blocktime, hashrate, and more. > This text cointains the mveo link
Z
02:18
Zack
got it. Thanks Riki
02:27
Deleted Account
hello @zack , i have a question about the off chain smart contracts
Z
02:28
Zack
great
02:28
Deleted Account
what would an ICO on top of off chain smart contract look like? you would have to rely on an oracle or trusted party to run it?
02:29
to trust them for the exchange? an ico is very important part of functionality so this is why I ask to understand
Z
02:29
Zack
channels are not a good place for subcurrencies. I recommend not doing this.

I think ICOs are bad, and I wont help you do one.
02:29
Deleted Account
im not trying to do one
02:29
im just trying ot understand if its practical to do one on amoveo, to understand how good the functionalities are in practice
Z
02:30
Zack
no, it is not practical to do an ico on Amoveo.
DV
02:30
Denis Voskvitsov
instead of Β«classicΒ» ICO you can consider using dominant assurance contract, Amoveo is better suitable for that than ICOs.
Z
02:30
Zack
Amoveo doesn't hold any on-chain state for smart contracts. This makes it very scalable.
But it also means it is practically impossible to have a sub-currency on Amoveo.
02:31
Yes, dominant assurance contracts are a great tool for raising funds for public goods.
02:36
Deleted Account
why is dominant assurance contract more practical to run on amoveo?
02:37
that's really disheartening to hear, i thought that amoveo could do everything ethereum could do and more
Z
02:38
Zack
Dominant assurance contracts don't require any on-chain state. They don't have any subcurrency.
They work a lot like binary market contracts.
02:39
Deleted Account
it seems like amoveo cannot have any state, and thus no subcurrencies, that is right?
02:39
it seems a bit weird since amoveo seem to have many different functionalities
02:40
maybe amoveo only allow for transaction without state stored after or before
Z
02:40
Zack
Amoveo smart contracts cannot store anything inside the blockchain consensus state.
02:41
Deleted Account
hm ok, and so they are more scalable for things like trading which mmay not require the state
Z
02:41
Zack
The smart contract is only known to the 2 participants.
02:41
Deleted Account
of other altcoins that already have state maybe
DV
02:43
Denis Voskvitsov
Amoveo doesn't offer smart contracts but smart _channels_, as Zack said.
though chalang (channel programming language) is turing-complete this adds some restrictions anyway and requires to rethink dapp architecture to be implemented on Amoveo.
Z
02:46
Zack
Derivatives are the biggest thing currency is used for.
In amoveo I wanted to create a cryptocurrency for derivatives.

I am not trying to build a one size fits all system like ethereum. I am trying to make an optimized blockchain focused on a single important purpose.
MF
03:06
Mr Flintstone
while amoveo may not allow for subcurrencies, can’t it help with atomic swaps?
03:06
since the issue with atomic swaps is that there is no trust minimized way to get a price
03:06
But amoveo cash settled markets can provide this
l
03:07
lyzer
In reply to this message
πŸ‘Œ
Z
03:07
Zack
Amoveo supports supports atomic swaps yes.
And you can use them together with amoveo markets to trade at a better price, it is true.
MF
03:09
Mr Flintstone
I wonder when we will see someone bundle ethereum with amoveo as a sidechain to bootstrap security. you don’t need to validate ethereum blocks if you know their checksum
03:10
maybe once amoveo has ASICs
Z
03:10
Zack
Ethereum uses Merkel trees too.
MF
03:11
Mr Flintstone
bitcoin doesn’t though ?
Z
03:11
Zack
Bitcoin has a Merkel tree of utxo. That is how light nodes are possible
03:12
I don't know what you meant by an amoveo sidechain.
MF
03:12
Mr Flintstone
part of the process of syncing ethereum uses amoveo
Z
03:13
Zack
Oh, you mean an amoveo fork that is merge mined to ethereum?
MF
03:16
Mr Flintstone
more like, instead of validating the ethereum blocks as you download them you just hash them, then check an amoveo oracle to make sure the hashes match
03:16
then you validate the blocks that the amoveo oracle doesn’t cover
Z
03:17
Zack
You want to use an Oracle on a fork of amoveo to bootstrap a checkpoint for ethereum.

Is that much better than just syncing headers like a normal light node?
MF
03:18
Mr Flintstone
amoveo mainnet, but now that I think about it I guess it really isn’t much different from just checking the headers
Deleted invited Deleted Account
DV
03:20
Denis Voskvitsov
btw, atomic swaps can be implemented only on top of channels, right?
so to swap veo/btc one needs to make a channel to selected full node first?
Z
03:21
Zack
In amoveo if you want to atomic swap you use a channel.
DV
03:25
Denis Voskvitsov
and to swap large amounts the node should have at least the same balance to open a channel?
Z
03:25
Zack
No. You can make channels with any ratio of Veo in them.
Z
05:28
Zack
https://twitter.com/kirlicemal/status/1061301706170998784?s=19
We made it onto Turkish twitter
S
05:49
Shaun
His attempt in explaining amoveo markets is quite poor but oh well, it's something πŸ™‚
Z
05:49
Zack
I can't read Turkish
05:49
I think translation software english-turkish is really bad
S
05:50
Shaun
Yeah it's pretty bad
Deleted joined group by link from Group
Deleted invited Deleted Account
06:31
Deleted Account
Can this coin be mined with AMD RX 4xx and 5xx GPU cards?
E
06:34
Enigma
In reply to this message
it can but it fav nvidia cards
06:35
Deleted Account
Oh. That sucks
B
06:48
Ben
actually the mining Result on AMD cards is not too bad.
06:49
compared with other CUDA Coins
06:49
you have still an edge with NVIDIA of course
07:53
I am planning this hard fork. Hopefully it wont be hard to get support from the community.
MF
08:11
Mr Flintstone
can’t imagine it will be a struggle
Deleted invited Deleted Account
08:44
Deleted Account
Ben do you happen to know hashrate per card. A 4gb or 8gb RX card?
08:45
Or some kind of calculator so I can see profitably of daily mining
OK
08:45
O K
I think it's in the low ones per card
08:46
Deleted Account
Low ones?
OK
08:46
O K
1.2gh? for RX
08:54
Deleted Account
πŸ‘ It'll be cool if someone using AMD rigs can help. I'm pretty curious about this project
Deleted invited Deleted Account
M⛏
09:40
Moe ⛏
In reply to this message
I get ~2gh per 580rx 8GB.
09:54
Deleted Account
In reply to this message
How much of the coin does that make hourly or daily if you don't mind me asking?
Z
09:55
Zack
It took bitcoin 2 years to get to $10 million market cap.
So we are growing faster than bitcoin so far.
M⛏
10:12
Moe ⛏
In reply to this message
http://stats.veopool.pw/calc.php
10:14
Deleted Account
Thanks @Moefarah . Last question, what's the power consumption like ij comparison to ethash and cryptonight algos?
M⛏
10:16
Moe ⛏
In reply to this message
I think Zack would want these questions in the mining channel on discord
OK
10:17
O K
In reply to this message
πŸ‘
Deleted invited Deleted Account
10:36
Deleted Account
Thanks @Moefarah
AS
10:42
Aizen Sou
Aizen who are u ?
10:48
Deleted Account
What do you mean?
Deleted invited Deleted Account
AS
10:55
Aizen Sou
First time i saw someone using my nick too. Want to make sure u ain't scammer or imposer
10:55
Aizen i suppose u should change ur nick too
kk573 invited kk573
11:11
Deleted Account
Lol ah I just saw that. Senju aizen though
Deleted invited Deleted Account
Deleted invited Deleted Account
Deleted invited Deleted Account
Deleted joined group by link from Group
Deleted invited Deleted Account
Deleted invited Deleted Account
Deleted invited Deleted Account
m
16:32
mm
Any people from Singapore here?
S
16:55
Sebsebzen
BKK
17:34
It should be simple to implement on Amoveo I guess?
17:38
Except metamask integration
Z
18:13
Zack
Amoveo uses dominant assurance contracts to pay for the creation of public goods.
Deleted invited Deleted Account
SS
18:42
Spike Spiegel
One can pay for CMC listing via prediction market
Z
18:43
Zack
it would be more efficient to pay with a dominant assurance contract.
It would cost like 10x or 20x less that way.
AK
18:51
A K
where does the math come from?
m
18:53
mm
What I meant specifically platform to create dominant assurance contracts
18:53
Something that normal people can use. Without much technical knowledge
AK
18:54
A K
amoveo would allow for a trustless centralized DAC platform, yep
Z
18:57
Zack
In reply to this message
in a normal binary market there are people speculating on the outcome in both directions, so the person who can create the good only has a little more information than the average person, so if they invest money they will only get moderate returns. So if they invest $1, they get like $1.30 out.

With a dominant assurance contract, one of the directions you can bet is limited to one person. So that one person will collect almost 100% of the money spent for creating the public good. Every $1 they invest will turn into $10 of profit.
18:58
In reply to this message
amoveo is a platform for this.
m
18:58
mm
But it’s not user friendly yet
S
20:56
Sy
In reply to this message
correct
20:58
once most miners run stratum and we got it running correctly again i will probably lower that number, you get alot of invalids via getwork otherwise
S
21:14
Sy
and i think most blocks are found earlier anyway
?
22:32
πŸ‘‹
In reply to this message
I generally limit epmd to the local nodes so that I can remsh with the running node and use partisan for distribution since it's faster than disterl anyway. the only downside of partisan is that it's badly documented
22:34
I'll leave it here just in case
Z
22:34
Zack
@u2733 the guy with a square for his name is u2733
22:35
what is partisan for? I don't know disterl.
?
22:35
πŸ‘‹
In reply to this message
plus I can have more than one tcp connection between each node pair
22:36
In reply to this message
disterl is what used by default in distributed erlang
Z
22:36
Zack
we use cowboy for sharing blocks between nodes
?
22:36
πŸ‘‹
so what's epmd for?
Z
22:36
Zack
that way javascript can request data from the api too
22:36
epmd is so it can run in the background, and you can attach to it when you need it.
?
22:37
πŸ‘‹
if it's just to be able to connect to the running node, it should probably be limited to localhost
22:37
not just firewalled -- you can make it *not* accept any connections from the outside
Z
22:37
Zack
when I start epmd on localhost, then it doesn't work for running anything.
So I made docs explaining how to put epmd behind a firewall
22:38
like, I can not attach to anything if I start epmd on localhost
?
22:40
πŸ‘‹
there is probably a fix for this, I haven't looked into the project well enough yet though
22:40
but using a firewall is just the perimeter defence
Z
22:40
Zack
we randomize the cookie now
22:41
and I added documentation on how to upgrade your cookie to have more entropy
?
22:41
πŸ‘‹
the disterl protocol is way too powerful to only rely on a TCP filter (firewall)
Z
22:41
Zack
I don't know about disterl
?
22:41
πŸ‘‹
when you connect to a running node you use disterl to communicate with it
Z
22:42
Zack
oh
22:42
and this is "more powerful than tcp"...
?
22:42
πŸ‘‹
not more powerful than tcp
22:43
but too powerful to only rely on a tcp filter for protection
22:43
once you are in the system, you can do anything, as the vulnerability showed
22:43
and cookies are not for protection, but for separating "node families"
22:44
so it doesn't really matter how long they are ...
22:46
In reply to this message
I meant "powerful" in a "bad" sense here
22:46
in that, it allows too much
22:46
practically making anyone who can talk to epmd into a "root" user of an erlang node
22:47
there are no logs when someone is trying to bruteforce a cookie, for example, either
22:47
so you might not even notice that someone's in
Z
22:47
Zack
first you say cookies don't matter, now you say people will brute force them.
If there is a security threat, please get to the point.
?
22:47
πŸ‘‹
cookies don't matter for security
Z
22:48
Zack
so what is the private key on one of my full nodes?
?
22:48
πŸ‘‹
the main usage of a cookie is to be able to separate an erlang cluster into node families
Z
22:48
Zack
what can an attacker do to compromise an Amoveo node today?
?
22:48
πŸ‘‹
I haven't read the source code, so I can't answer this
22:49
I'm only trying to help you pick safer defaults
22:49
there have been erlang nodes hacked this way
22:49
In reply to this message
of course I don't have neither time nor desire to exploit erlang's downsides right now
22:50
if you think I'm being rude / or dislike your project -- quite the opposite
22:50
I might appear rude since english is not my native language
22:50
sorry in that case
22:51
In reply to this message
anything, if they can connect to the running node, and there have been cases when it happend on erlang clusters which only used cookies for protection
Z
22:51
Zack
How do I attach to an erlang node using epmd if all the ports are blocked on the computer?
?
22:52
πŸ‘‹
not all ports need to be blocked, let me find an example vm.args configuration that only allows nodes from the local network to connect
Z
22:52
Zack
Well in Amoveo all the ports are blocked besides 8080 and 22.
Deleted invited Deleted Account
Z
22:53
Zack
We don't want any nodes from the local network to connect.
We only want someone to use the erlang interface to the node after sshing into the same computer.
?
22:54
πŸ‘‹
In reply to this message
so have you tried setting {inet_dist_use_interface, ip_address()}
22:54
to something like {inet_dist_use_interface, {127, 0, 0, 1}}
Z
22:55
Zack
yes, and then I couldn't attach to anything.
?
22:58
πŸ‘‹
well, ok then, it works for me though
22:59
the way I connect -- I first ssh to an instance
22:59
and then connect to the running node locally
23:01
In reply to this message
the shell you use to interact with a running erlang node is also a node, though
Z
23:01
Zack
if epmd is running on localhost, then I can't attach to a full node running on my laptop.
23:02
the scripts that rebar generates for connecting to a release expect epmd to be run on 0.0.0.0
?
23:03
πŸ‘‹
so, to solve that you'd only need to change 0.0.0.0 to 127.0.0.1, right?
23:03
I haven't used rebar
23:04
but you can connect to a running node with {inet_dist_use_interface, {127, 0, 0, 1}} just fine by starting a (usually) hidden node with the same cookie on the same machine where epmd is running
Z
23:04
Zack
Manually editing software that is automatically generated by rebar is not a good strategy for maintenance.

Who knows how rebar will change the structure of their releases in the future.
?
23:05
πŸ‘‹
a PR to rebar could be accepted for this
23:05
but I'm quite suprised to hear that there is no config option for setting the interace that epmd is bound to
Z
23:05
Zack
we are using rebar releases to easily launch multiple nodes with different settings for tests
23:05
and potentially we could use it in the future for making windows executables etc
23:07
I am no rebar expert, make a pull request if you want to do this.
?
23:07
πŸ‘‹
In reply to this message
ok
Z
23:08
Zack
Our current security strategy has no known vulnerabilities.
the guy with a square for his name is only making suggestions related to best-practices.
23:12
Deleted Account
It seems you will have to guess the secret cookie to connect to epmd. Even if you start amoveo without erlang distribution (no epmd) it is quite likely that epmd is started automatically in the background while testing. I suggest dropping erlang distribution alltogether for amoveo so there is no risk of going through this backdoor. In order to do that, the tests should be run by an erlang test suite/test runner
?
23:12
πŸ‘‹
In reply to this message
no, edpm accepts any connections
23:12
you can lookup any node's port thorugh it whiout using cookies
23:12
Deleted Account
Its logical for a system like amoveo where sucsessfull acces equals money
?
23:12
πŸ‘‹
and then send atoms to that node and it would memory overflow
23:13
and that's just the beginning, really ...
23:13
Deleted Account
Ok. But that will probably not be devastating to the server?
?
23:13
πŸ‘‹
yes, the node would be restarted if you use heart or systemd or something like that
23:14
you can also send functions
23:14
Deleted Account
what you describe is a epmd crash and possibly shutting down the server. we should remeber that most servers will have firewalls
Z
23:14
Zack
Amoveo install instructions tell you to put a firewall on all the ports besides 8080 and 22, so even if the attacker knew the cookie, it doesn't matter. they cannot connect.
?
23:14
πŸ‘‹
and there have been cases where a bug in decoding of erlang terms (functions) caused those functions to be executed
23:14
Deleted Account
I think we should not exagerate the severity. I might be wrong
23:15
I think without password you will not be able to send anything of interest
23:15
No handshake -> no erlang terms sent
?
23:16
πŸ‘‹
not really
23:16
the cookies are not for keeping bad actors out
23:16
they are not passwords
23:16
you can communicate with erlang nodes without a cookie
23:16
Deleted Account
I still think epmd is a bad idea because you can brute force an epmd password much more easily than a private key, and get the private key easily thereafter
?
23:17
πŸ‘‹
epmd doesn't have a notion of password, a cookie is not a password
23:17
it is only for disterl to decide who should connect to whom
23:17
Deleted Account
I did look at the code and I seem to remember a handshake before being exposed to the more useful interface
23:18
the cookie is the password
?
23:18
πŸ‘‹
my understanding of a password is that it's used to encrypt a communication session
23:18
that's not true in the case of epmd
23:18
you can use epmd to lookup a port
23:18
and then use gen_tcp to connect to it
23:18
Deleted Account
EPMD is not recommended to be facing the internet but its not really that leaky if you screw up
?
23:19
πŸ‘‹
there is nothing to stop you
23:19
cookies are not a security feature
23:19
they merely exist to separate clusters into subclusters
23:20
In reply to this message
and send something that looks like an erlang term
23:20
Deleted Account
I dont see the problem with finding the tcp port. the problem is how to get past the cookie handshake, unless you have access to the cookie
Z
23:20
Zack
Quit it with the scary spam.
Amoveo does not have any known vulnerabilities.
the guy with a square for his name is merely making suggestions to help us comply with industry best-practices. He has not found any vulnerability in Amoveo.
?
23:21
πŸ‘‹
scary spam ,ok
23:22
In reply to this message
cookie is an atom
23:22
you can decude it by sending atoms to an erlang node
23:22
it's a basic timing attock
23:22
Deleted Account
@u2733 I think you should review the EPMD handshake code and reconsider your understanding
?
23:24
πŸ‘‹
you don't need a cookie to send atoms to an erlang node
23:24
but ok, I see that you are not really interested in trying to understand me
Deleted invited Deleted Account
23:24
Deleted Account
How would you do that
?
23:25
πŸ‘‹
with gen_tcp, for example
Z
23:26
Zack
Since EPMD is behind a firewall, there is no way to send any cookies or log on.
Even if the cookie is publicly known, you are completely secure.
23:26
There is no known vulnerabilities in Amoveo
?
23:26
πŸ‘‹
In reply to this message
I will try to submit a PR to rebar3 though
Z
23:26
Zack
The current conversation is about security best-practices
S
23:26
Sy
do you have to connect to the official epmd port or the instance port?
?
23:27
πŸ‘‹
why do you keep repeating that? do you think I'm really just trying to make people doubt you?
23:27
In reply to this message
instance
S
23:27
Sy
k
23:27
but you have to know the servername aswell...i mean you have to bruteforce cookie and servername? good luck
?
23:27
πŸ‘‹
In reply to this message
no
23:28
and no, no need to know the cookie
S
23:28
Sy
thats what epmd doc says tho
?
23:29
πŸ‘‹
try running a node with -sname anything on you computer
23:29
then check epmd -names
23:29
pick the port that was assigned
23:29
then start a different session, no -sname
23:29
and just send the following to the port that epmd showed
Z
23:29
Zack
In reply to this message
This forum has over 1000 irregular users, many of which have invested a lot of money.
Cryptocurrency is a very risky investment due to security concerns.
If they see you talking about a vulnerability, and you are not clear, you could scare some people badly.
They might even dump-sell VEO at a loss, before they even completely understand what you are talking about.

This is a financial project, not your typical open source erlang project.

If you are talking about a vulnerability, you need to be extremely clear that the Amoveo blockchain is secure, that we do not suffer from this vulnerability.
?
23:32
πŸ‘‹
{ok, Sock} = gen_tcp:connect('localhost', Port, [binary, {packet, 2}, {active, false}]).

gen_tcp:send(Sock, <<110, 0, 5, 0, 7, 127, 255, 98, 111, 111, 109>>).
23:32
this will create a boom atom on your node
23:33
now, cookies are atoms
S
23:33
Sy
it isnt really interesting vs localhost i assume...can i do it remote?
?
23:33
πŸ‘‹
yes
23:33
just replace 'localhost' with the ip address of the remote node
S
23:33
Sy
what is the cookie for if you can just create stuff anyway?
?
23:34
πŸ‘‹
I've described what cookies are for several times in this conversation already
23:34
they are only used to get some control over cluster topology
23:35
In reply to this message
there have been attacks described that allowed to get the cookie without much effort using this approach
Z
23:35
Zack
this isn't a threat in Amoveo because these ports are hidden behind a firewall. Amoveo has no known security vulnerabilities.
?
23:37
πŸ‘‹
> If you are talking about a vulnerability, you need to be extremely clear that the Amoveo blockchain is secure, that we do not suffer from this vulnerability.

ok, I definetely don't want you to suffer, that's why I started this conversation in the first place
23:37
but just so that you are happy
23:37
Amoveo has no known security vulnerabilities.
OK
23:40
O K
In reply to this message
Thanks for being here with us.
DV
23:42
Denis Voskvitsov
I think we should place the docker image with Amoveo full node on dockerhub and make every node owner's life a bit easier.
we have some version, will clean it and publish.
Z
23:43
Zack
Isn't that a big security risk?
DV
23:44
Denis Voskvitsov
it's less risk than running server software which you're unfamiliar with (and I think this is case for most node operators)
Z
23:44
Zack
a docker image has already compiled bytecode. who knows what erlang was used to generate it
S
23:45
Sy
we know its working
DV
23:45
Denis Voskvitsov
docker image can be built on target machine, so it's like the same setup but in restricted container
S
23:45
Sy
im pro docker images
?
23:46
πŸ‘‹
In reply to this message
you can build your own erlang images as well
23:46
if you don't trust the official ones, or did I misunderstand you?
Z
23:46
Zack
rebar is already generating a release when it compiles Amoveo.
We just need to package the release up into a magnet torrent link
DV
23:47
Denis Voskvitsov
and you'll install torrent client on production server?
Z
23:47
Zack
In reply to this message
I am thinking the community should not trust Denis to compile their full nodes for them
?
23:47
πŸ‘‹
right
Z
23:47
Zack
In reply to this message
haha, I guess not
DV
23:48
Denis Voskvitsov
In reply to this message
but docker image will compile on target machine. we're not providing any compiled bytecode inside it.
?
23:48
πŸ‘‹
you can put the release in a docker image as well though
DV
23:48
Denis Voskvitsov
that's right, but this will lead to the trust issues
?
23:48
πŸ‘‹
and just use docker as a convinient wrapper
23:49
well, convinient to some
23:49
In reply to this message
the release that already includes erts
Z
23:49
Zack
so, the purpose of docker in this case is to save the user the effort of configuring their own firewall?
?
23:49
πŸ‘‹
more or less
23:49
at least that's how I understand it
S
23:50
Sy
with docker you define which docker port routes to which internal port
23:50
in this case, 8080 to docker:8080 and thats it
23:50
nothing else is reachable from the outside
DV
23:50
Denis Voskvitsov
this and to make the setup itself easier
we can feed just installed node with all needed commands, like sync/sync_mode/etc
S
23:50
Sy
i havent used docker that much yet but it is nice...
23:51
you can even put docker images into git and pull new versions, data is put outside the container into persistant storage
Z
23:51
Zack
so instead of typing this:
ufw default deny incoming
ufw default allow outgoing
ufw allow 22
ufw allow 8080
ufw enable
to configure a fire wall, they would type what? to configure docker?
S
23:51
Sy
no
23:51
you docker pull an image, start it up, done
23:51
or docker clone? ^^
DV
23:52
Denis Voskvitsov
sudo docker pull amoveo-fullnode
just like this

and you get secured container, which builds and runs the node, and makes all bootstrapping to sync with the network
?
23:52
πŸ‘‹
I'd still setup a firewall with ufw
Z
23:52
Zack
you don't need to install anything to use docker on ubuntu?
S
23:52
Sy
docker obviously
?
23:52
πŸ‘‹
depends on ubuntu version
DV
23:52
Denis Voskvitsov
just docker-engine, afair
S
23:52
Sy
but you can include erlang in that docker aswell
23:52
how do you reach 8081 for pools tho? ^^
?
23:52
πŸ‘‹
no need to include erlang
23:53
it's better to compile the release with erts in it
Z
23:53
Zack
In reply to this message
run the pool on the same computer as the full node.
?
23:53
πŸ‘‹
In reply to this message
I'd also limit the number of failed auth attempts to 22 (ufw limit ssh)
DV
23:54
Denis Voskvitsov
we can expose 8081 port too for local interface optionally
obviously dockerfile will be available, so instead of docker pull you'll be able to edit it and make custom local image
S
23:54
Sy
an docker image would be nice...makes it easier to run multiple nodes aswell
DV
23:54
Denis Voskvitsov
@Sy you can even wrap pool software in the docker image too and use docker network abilities :)
23:55
without exposing anything to host machine besides 8080
S
23:55
Sy
uhh :)
Z
23:58
Zack
I am against docker for these reasons:
* my programmer friends who have used docker ended up wasting excessive amounts of time setting it up and maintaining it.
* security of code distribution is critical, trusting Denis to compile Amoveo for you is not decentralized or trustless.
* the number of people who run full nodes is practically zero compared to how many users there are of Amoveo, it isn't good to waste time on the minority.
15 November 2018
DV
00:00
Denis Voskvitsov
1) can't comment, from my experience it doesn't take more time than maintaining any other distribution package
2) as I've said, Amoveo node will be compiled on the target machine and will be downloaded from repo before compilation
3) that's the way we can increase number of full node users, I can't see why it should be bad for the network
?
00:01
πŸ‘‹
the host would still need to follow basic security guidelines anyway
Deleted invited Deleted Account
DV
00:01
Denis Voskvitsov
very basic, at least host owner won't need to know details on running erlang software etc
?
00:01
πŸ‘‹
otherwise, it doesn't matter if the docker container published port 8080 or not, in case the docker daemon is compromised, that is
OK
00:02
O K
In reply to this message
I am quite certain they have saved more time than they have 'wasted' -- there is a reason so many developers love Docker.
Z
00:02
Zack
In reply to this message
if you are right, it will be easy to review the docker files and verify that they aren't using any pre-compiled code.
DV
00:03
Denis Voskvitsov
sure it will.
Z
00:03
Zack
In reply to this message
docker has strong advertising. Have you actually met developers who like docker, and who aren't also being paid by docker?
?
00:04
πŸ‘‹
docker is nice during development
00:04
not that hard to setup, actually -- the opposite is true
00:04
but during production all the orchestration stuff is a nightmare
00:04
but the developers rarely deal with it themselves
OK
00:05
O K
In reply to this message
Yes, I've worked with them.
00:05
Google ML people