A bounty for breaking the SAFE network


#1

Just a random idea but was wondering if there was some small percentage of the safecoin recycling ecosystem dedicated to a bounty which grows over time and is rewarded to successful hacks of the network by ‘friendly’ actors. Seems in my mind at least that this (or something similar) would build up a higher resistance to attack, and in a safer overall environment.


#2

Definitely and idea that keeps coming back and very worthwhile. I think though core dev safecoin should pay for this as these hacks should have a corresponding commit.

The harder questions is though, what if somebody just has a better idea but cannot code? IT sounds good and easy, but you end up with a flood of “I am a genius” stuff with very little foundation or proof, so arguments ensue. I do not know a good way to deal with “easy” potential improvements that cannot be proven.

We have, for instance, folk who thought, I can break this easy, write code and guess what it does not, the reason it does not is very very complex and hard to see. Writing the code does prove it one way or another.

If we had a solution which allowed folk to suggest fixes without code but forced deep thought or proof it would be great. I personally get exhausted with small not well thought out nitpicking from the side without knowledge of the whole system (always sounds very clever and “nearly” always is a waste of time), at least code proves it one way or another.


#3

If someone thought they could break it, maybe they could approach a POD with their approach…and if deemed worthy might receive an invite to join the effort.

I should imagine PODS would be keen to attract such coders…with the SAFEcoin payola on offer.


#4

Nice idea and encourages pods to ‘go deep’ as well. If the idea sounds good enough perhaps even put it on some website and attract a dev to implement the attack or improvement for a split of the bounty? That way it means core devs are not too distracted by all the ideas.

I like that because if there are too many distractions core devs may put down a valid attack, just because of time pressure.


#5

This is an out there idea, but would it be possible to build an isolated network within the SAFE network for hacking purposes, with it’s own API/Dashboard designed for purpose?

I guess the minimum way to encourage players, is to make it super easy to fire up a sizeable network on a gutsy machine to play around with…maybe a dockerfile.


#6

What I’d do is make a post/file of every question and idea posed to you and calmly write down the rebuttle/answer to each one so that when someone comes to you with a new thought you can point to the list and say “it’s already been done.” or “Did you see what user 334 did? THAT’S why your idea won’t work.” or “Did you see run through the code user 98 wrote? That’s why such and such code will not break. Try again.” or “Did you read Q and A number 1058? And watch the video? That’s why such and such works. Thank you have a nice day.” You go through every single question is it new? Yes/No if it’s new send it to a testing pod. If it’s not new send it to the giant FAQ. Has it been to the FAQ. Yes/No If it has did it understand? If yes did that solve the problem? If no time for elaboration and explaination, perhaps revisement of the FAQ, either personally or by proxie. If it didn’t solve the problem does the person have more questions? If yes answer and make notes for faq revisement. If no exit program.


#7

Yes we will probably run testnets for this purpose after launch. It makes sense.


#8

I have tried to point folks to info like that, but generally it’s
1: To formal
2: Not formal enough
3: To complex
4: Cannot read code (papers of all levels)
5: Too many papers (ditto)
6: Not enough papers
7: Not willing to read the info
etc.

The list is really long and generally includes a “this is a complete break to the system” or “system is crap and here is why” statement.

So it seems like mechanisms such as you suggest should work, but never seems to. I think the FAQ’s etc go a way to resolve it, but perhaps it needs hundreds of people with deep knowledge repeating themselves every so often or we do head towards a “code it and show us” approach?


#9

Yes, I dodged every single attack on the network - verbal of course… with “please can you write it up nicely, and perhaps make a test software to prove what you are saying”

Not because I doubt the problem, but rather because I know the doubtful level of understanding of the MaidSafe Technologies by such people. Therefore, I can trust a person, though not their limited knowledge about this particular system.

One time I got a nice write up, and I am still awaiting a software demonstration of the said problem.
I even offer to help though, same problems:


#10

I can’t help but think of “Romeo” and “Juliet” the newbie helping immortals from Achaea constantly tag teaming to help answer all those questions that keep getting asked over and over again. Perhaps we need a combination of the two methods. A team of people to “help” field questions and a “code it it and show us” place as well. Basically disgruntled user goes to the help desk first then, if he’s not made happy with their help, gets even more disgruntled and decides to code out his issues and either gets proved wrong or blows our minds by breaking maidsafe.


#11

Therefore the testnet should be available for that; and also I think disgruntled is not what would motivate the best results; even I imagine a security firm, more like a decentralized group with a guideline; sort of like pirates code; will emerge for stress testing safe network.