Seems to me like the main thing (besides section wallets) would be this:
Are there other reasons why a compromised section is a show stopper?
So far we’ve got:
It could with indirection, but the xor distance metric keeps primary data and all the primary copies in the same section. A single section is geographically distributed, but covers a contiguous region of xor.
Given the random way nodes relocate between sections, and the inability for an attacker to target a section, if a single section manages to get compromised it means there are likely many sections or the whole network is compromised. This is a brute force 51% type scenario. But it is easier than that because of statistics and normal distributions. @mav simulated this in the past to show the benefits of random relocation.The other edge case is public perception. Breaking a section would be similar to news that aes128 has been broken. Or BTC suffered a 51% attack. People would/may lose trust and seek an alternative.
Really great to see section backups in the pipeline! 
To add to your list I got:
One other holy grail is a way to ensure elders can’t be compromised in the first place. I really liked @mav’s secure random relocation because I think it helped meet that goal.
I think perhaps I was not asking the question in the right way, in hindsight. But some time ago I asked this question on the forum a couple of times as well as at a meet-up and the answer was generally: ‘the system will decide you idiot, what the hell are you talking about’. For my own sanity, pleased that that this conversation is taking place. Great to get lots of views on this.
This is likely OK if the metadata is also spread across main/backupsacrificail as well. So likely OK there (but needs noted, so cheers).
Again backup/sacrificial will still be OK (assuming not all of those sections are also taken over).
They do but we are looking at this as the client will connect to multiple sections. In fact we don’t really have clients any more, just keys and each key likely is a new section. So again we have moves we can make here.
Absolutely. A write up I did 2 years ago now looked at gsx/secure hardware. In the beginning only for keypairs for elders. So to be an elder you need to attest the code for key sis in hardware protected code. It’s still an option for us as well. In that way even users (node owners/earners) don’t get access to secret keys. This is to prevent key selling attacks, but we also have protection here by nodes being relocated with age/2 on going offline. (we can do more and fix IP range/netmask etc. to the key for the vault).
Yes thanks, we need to keep in mind this is likely not a single section attack, but a significant attack and possibly higher than 50% (as Adults etc. don’t get a vote and you need to go through that path to get to Elder).
Is there a way to provide people with the ability to get hardware like this by acquiring and holding MAID in the lead up to Network/SN launch? Particularly if ERC20 MAID becomes an option, acquisition and holding could be managed via smart contract. This would help to cover the cost of hardware and gauge interest too.
It’s really Intel/Amd and Arm processors that have some of these secure hardware. There are issues, MS actually have a project to cover them all and also a software impl, but I have not checked it for a while.
Is there any way that a node can prove, that it is running the source the network wants is to run? Even periodically, for example every time it’s age is incremented? Could the network give a node a special task that can be completed only by correct program?
How about the number of elders? With bigger group it gets more difficult to achieve majority. What are the drawbacks of bigger group? Could we have a elder group size of M and only N of them are randomly chosen to be in charge, changing after certain amount of events? Would it help?
IF it was all in a secure enclave like SGX, but they keep breaking at the moment. They can help and hold great promise. It means the end of probably any byzantine fault 
It’s actually interesting, the smaller Elder groups is more resistant to sybil attacks. This sounds wrong, but it’s down to node age, we did a load of simulations and models on this one. so a small group of elders in large groups of elders and adults is more secure than increasing elder group size. It sounds counter-intuitive but it’s obvious to me at least. If you need to tread through loads of events to get to voting then it’s hard to get there. If you increase the amount of folk contending for that then it gets even harder and so on.
Too true there are issues with these (not so) secure enclaves. For a while PoET ( Proof of Elapsed Time) looked very promising until the scary hardware issues became apparent.
. Our own project Scotcoin went big on PoET and it nearly sunk us entirely. Realists would say we are still afloat but only technically.
It would be fun if you could pack 1exabytes in 1SAFE, if you really want to give your investors some roi when it comes to storage. Remember Gmail’s 1000 megabytes, while the rest only offered 4mb.
I feel that if we miss this opportunity we really did nothing to nudge humanity towards dna storage, more livestreaming and insane data transfers.
The real fun part would be…
If us investors could say “Some of us fit it in a truck, while some of us get it in a buck”. 
compete in any other way with Amazon when it comes to storage and you’ll loose 
That may actually be the ratio in 2040! 
Just imagine giving the plebs the computing resources of today’s corporations, today not decades from now. The Facebook, Googol and OpenAI’s of the world would not be tackling machine learning etc alone.
Some data you just want to have on the SAFE Network asap and storage is a part of the puzzle, that decides how quick that happens.
Was really hoping that we would be donating to science instead of focusing on N…
Sure you can look at the existing world and try to mimic that to funnily extract a price for SAFE in fiat, but the reward of data coming quick onto the network is way more priceless imho.
I’m clueless to how the storage/SAFE relation works on the SAFE Network. But it would be different from other storage solutions, if you had a token that you can use to livestream whatever and not get storage anxiety. People who livestream stuff, usually have people who tip and they would probably want that in SAFE (compound interest).