What if... someone DDOS'd the whitelisted BOINC servers for a while?
edit:
- Here is the whole chat: https://pastebin.com/raw/bxzT14zJ
- (Posted by someone else, I got the link by that user.)
- see also comments about this topic on reddit
- the next day I wrote this for better understanding: outreach: giving Wikimedia users Gridcoins for their activity?
In my series of criticizing and since I said it already aloud in chat:
[00:45:23] erkan: 28 years? There is no Gridcoin anymore in 10 years, perhaps earlier
[00:45:38] erkan: Gridcoin has so many weaknessess another competitor will claim the market
[00:46:47] erkan: curently Gridcoin is still lucky, since DrugDiscovery imploded
[00:46:52] erkan: Golem is still behind
[00:47:01] erkan: CureCoin is just a pump+dump scheme
[00:47:17] erkan: whom did I forget? FLDC
[00:48:56] erkan: user1, nah, the most basic weakness is its design
[00:49:10] erkan: and people just build stuff on top of that
[00:49:23] erkan: instead of searching for something else additionally than BOINC as the main system
[00:49:32] erkan: cut off BOINC -> boom
[00:51:07] user2: Gridcoin could be modified to run off of anything, though. The (former?) lead developer of BOINC just got a grant to basically create an improved distributed computing platform. There's absolutely no reason Gridcoin couldn't loop into that.
[00:49:54] user1: How would you cut off BOINC?
[00:56:29] erkan: the easiest stuff you can do is: DDOS the BOINC servers... I am not talking about shitty BOINC software, and BOINC software will exist forever
[00:56:47] user2: Yeah but why do that?
[00:56:50] erkan: and there is profit motivation enough to hold the DDOSes up for long
[00:57:09] erkan: in the easiest case: a competitor wants to make trust loss in GRC
[00:57:12] user1: DDDOs IBM cloud though?
[00:57:47] erkan: well, let then IBM be ok for a while and every GRC user flocks then in into WCG (and add here team requirement gone)
[00:58:28] erkan: and that is so easy thing to do without knowing any details of Gridcoin internals yet
[00:58:48] erkan: probably tomorrow someone from here does that :-)
[00:59:28] user1: It's a teething problem. We will overcome it :slightly_smiling_face:
[00:59:35] erkan: you think
[00:59:43] erkan: let that go on for a few months
[00:59:47] erkan: and then let's see
[01:00:57] user1: Yes, there are lots of solutions to that problem.
There are many options what to select additionally to BOINC, ...
Also, the PoS system will make sure Gridcoin works, but what differentiates Gridcoin from other coins?
- Its scientific nature...
edit 2017 July 10:
[01:28:22] erkan: it's an obvious flaw everyone sees
[01:28:34] erkan: but no one tackled it yet
[01:28:48] erkan: yes, we can change it... ok, so when will we change it then ?
[01:29:15] erkan: once GRC is worth enough so it is really doable by every 15-yr-old kiddies?
[01:29:38] erkan: if that is not protecting (y)our all investments, what could be ?
[01:29:55] user3: anti ddos tech is also advancing. yesterday's vulnerabilities aren't always the worst in a bit
[01:30:27] erkan: sure
[01:30:44] erkan: let's get the DDOS started and see how the BOINC admins fly around like chickens, besides all our users
[01:31:03] erkan: I mean wasn't like we could convince them to do SSL everywhere either
[01:31:16] erkan: now they will hear onto us to buy DDOS stuff?
[01:36:44] user3: cloudflare is free, and i meant we could do it for them.
[01:37:09] user3: we can start offering services instead of simply pointing flaws
[01:37:34] erkan: sure
[01:37:46] erkan: and someone could directly tomorrow start the DDOSes and influence the price
[01:38:13] erkan: no matter what we do, it will come too late once the DDOS starts
[01:38:25] erkan: and adding something else than BOINC will take its time
[01:39:38] user3: that's the spirit.
[01:40:08] erkan: it's the truth, and luck that no one did it yet ? well... not for all of the BOINC servers
[01:40:37] erkan: who knows if some of our past mag zero trouble was b/c someone did it ?
[01:40:53] user3: i assumed as much, actually.
[01:41:32] erkan: since it's money and easy to see, you should suspect anybody
[01:41:55] user3: who has the most to gain?
[01:42:05] erkan: it depends
[01:42:21] erkan: the competition must have a ready product, then it's them
[01:42:48] erkan: but when you do it also nicely combined with some other flaws of Gridcoins: it can be motivation enough for anybody
[01:43:02] user3: *anybody that's an asshole
[01:43:11] erkan: no, monetary motivation, user3
[01:43:22] user3: yeah. you still have to be a prick.
[01:43:25] user3: imo
[01:43:27] erkan: well, yes
[01:43:30] erkan: that is right
[01:43:38] erkan: but we are bloody open to this flaw
[01:43:42] erkan: right now
[01:51:48] erkan: we just need someone who does a good RISK ANALYSIS
[01:52:02] erkan: focussing on other stuff and leaving such things out?
[01:52:19] erkan: remember, I told some weeks ago: our most basic core functions do not work reliably
[01:53:27] erkan: press: we will be the laughing stock of every crypto community
@erkan, this is the kind of low quality content that nobody really likes and which gets you flagged in the end. Hoping not to see that happen, here is some friendly advice:
Do you see other Steemians copy-pasting their chat logs here? No? Let me tell you why - it's unintelligible, full of typos, coarse language and extremely difficult to follow. Literary value of such posts is zero or nearly so. Gridcoin needs better content here, even if it is criticism.
Do you have permission from other people to copy-paste their chat logs here? You have omitted their nicknames, but you realize that means nothing - anyone can join Slack, use search function there and will easily get the info you have omitted.
Calling another crypto a 'pump&dump scheme' without any proof whatsoever is FUD, plain and simple, and in very bad taste. Please, don't post such FUD under Gridcoin tag, because it certainly isn't my opinion, nor it is the opinion of the Gridcoin community.
Whole DDOS thing is also a FUD, because it's basically not related to Gridcoin. One could simply DDOS BOINC projects now and try to extort some money in return. All BOINC projects depend on Internet access and some have government funding, which is of course a nice bonus in the eyes of cyber-criminals. Suddenly making Gridcoin somehow responsible for their overall Internet security is FUD because it's clearly an almost impossible task. Internet security should be important to them in the first place, even without Gridcoin.
I think these analysis are good for a coin in the beginning or at a stage of great growth, you're absolutley right there erkan.
But I think posting these chat logs on Steemit, or any other forum or social media platform, isn't the way to go about it. You're giving people an insight of a discussion they where not in and don't know the context of. It scares people and isn't good on finding a solution.
Users may instead just run away and find another place to stay. It's not solving the problem you're trying to address however good your intentions are.
Talk, not scare
Try to describe the issues you feel in a more detailed post instead of these chats, to build up a constructive base of finding ways to tackle any possible obstacles the coin may have.
Make people join the bi-weekly Gridcoin Mumble hangouts to talk about them and bounce ideas about it.
Growth
The community around the coin has grown very much in just a few months and there are very good developers working on solutions to many new issues that have been more visible, but they haven't been life threatening to the coin itself.
Criticism is good but...
Finding a good platform for talking, discussing and making progress is even better
Solving missing projects and unfair distribution
A solution to the problem that if a project on the whitelist goes down is easy. Today when a project goes down the rewards are redistributed evenly over the remaining projects on the whitelist. I assume this is one of the things that you are reacting over.
A solution to this to never redistribute as long as the project is on the whitelist. This would mean that none would get an unfair advantage if they they where down temporarily or missing in the statistical superblock.
It's an easy solution to the problem and I know the very good developers we have are working on looking over the way the NN works.
Another solution is the 'grey-list', a project goes down for a couple days & it is provided a grace period before being removed from the whitelist, allowing users who are 'owed' GRC some additional time to stake whilst no further rewards are allocated during the downtime.
Pfffffff.... These posts sound more and more retarded... What's next? What happens to GRC in case of a nuclear Holocaust or what happens if a meteor strikes and humanity goes back to the stone age?
DDOSing BOINC project servers will not only harm Gridcoin but the entire BOINC community, project operators will find a way to overcome the DDOS quickly. Stopping research statistics gathering will not harm Gridcoin fundamentally as a currency and everyone will continue to receive rewards based on the last update until the DDOS runs out of energy/projects adapt. Mining a currency is only half of its value.
I wont say its a non-issue, but its a non-issue.
see also comments about this topic on reddit
Gridcoin should be more cautious about project whitelisting. Maybe there should be a good practice code obligatory for being whitelisting. In long term a DDOS simulacrum triggered by foundation voting would be the most accurate test.
But the problem is to determine an equilibrium point which improves security but also make the adaption process affordable for most BOINC projects.
We do have a sorts of whitelist criteria, some older projects still don't have SSL thus are breaking such criteria, but we could certainly increase the scrutiny that we place under potential projects. At any time, anyone can create a poll to remove a project from the whitelist though.