You have me confused now. Earlier in this thread, you state that you are not affiliated with the project and just helping out your friends, in post #397 you say you’ve been thinking about the validator for a long time. Which one is it ?
1 Like
Nemgun is a very close friend with Yanni. He flew yanni from France to his home so he can help with development. He is helping us with the project.
Why was this said?
This is spot on, right what I was talking about please. Our community has developed a very nice tone by now.
I know you are new to us, but please don’t bring these feelings here.
Btw the reddit thread was a short convo, and I have read it completely. Also could you please address his points about the 0-conf attack vectors within NVO
1 Like
I answered to this post and asked you to read carefully the reddit thread, because i know that it is long but a lot of questions are answered there and not on safeforum.
I am awaiting for your personal feedback with development questions.
The answer to 0-conf attack vector is in the reddit thread. Effectively when you validate a transaction without confirmations (0-conf), there is a risk for Double spending, or replace by fee, speed attack … but this can only happen in the case of a normal address, in the reddit thread he didn’t considered the specifications of a 2-OF-2. In the case of the validator, the trades will be handled using multisig 2-OF-2, which means that when you will trade using the validator, you will have a shared 2-OF-2 address with the validator, this will prevent this type of attacks as the validator’s won’t allow such transactions or manipulations.
Once the Validator allows a transaction and process it, you won’t be able to issue an attack as you will need the agreement of the Validator. Unless you corrupt the validator, which means breaking SafeNetwork, regroupoing the framents and then decrypting them, all of this, just to get at the validator and try to corrupt a single address. These steps are actually not feasable, maybe in 10 or 20 years using quantum computers or using a lazer computer with graphen components. Even if you do it, you won’t be able to corrupt more then a single address, the one you will share with the validator because the addresses will change randomly.
About the tone, i am not bringing “these feelings” here, i just answered someone who lowered me. It will be a pleasure to answer your next questions.
2 Likes
At this point I’m assuming there is some kind of language barrier that we don’t get?? I am not sure I have any other explanation that doesn’t soon regress into something I don’t want it to.
3 Likes
I think it’s a language barrier problem, because your english sounds like a switzern english 
with philosophy and poetry.
I took 5 minutes to try to figure if it was positive or negative.
But in the end, i think that understood
2 Likes
@nemgun There are language difficulties and also differences in expectations. Coming into a well established community you are bound to miss some of ours, and we are bound to miss yours too 
I apologise for where I do that and hope you will bear with me and our community, and we with you.
[I hope my language is understandable, but if not please ask me to reword anything that isn’t clear for you.]
I think you are also stretched - a small team trying to handle the many roles of a crowdsale - so as a community I would like us to remain polite and patient, and for you to find ways of answering us - here if you can - and try not to let yourselves be side tracked when you are not met with patience or politeness. I urge you to just answer the technical, ask for clarification when it isn’t clear, and ignore everything else. I urge myself to do the same and I struggle to do that, but I see from those who do that it works really well.
BTW We have good and effective moderation here so it will not stray far, and you can call on @ moderators if you feel they can help the discussion. Anyone can do that in a thread, by PM or by flagging a post. Just for information - for everyone - because there are always new people reading these threads!
Coming to the technical, the reddit was asking questions that I found helpful. I had similar concerns when I read the white paper about:
-
how you implement validator on SAFE when we have no idea when decentralised computation will be available (already answered here I think, but with more detail by you on the reddit)
-
how to avoid double spend when broadcasting the transactions simultaneously (answered by 2-of-2 multisig, though probably not clear to those who are not well up on this, including myself. Based on my hopefully intelligent guess work I believe that is answered though).
What I’m still not clear about is how you solve both the double spend issue, and the issue of keeping the valuator’s private key secure. I accept 2-of-2 multisig secures the broadcast transactions (can someone from the community confirm this as I’m not able to say this is in fact so myself?), but if you use a smart contract, can you please explain in more detail how it works with 2-of-2 multisig and how you ensure the validator’s public key is secure? For example, how is it hidden when the code (say on Ethereum) is public? How on Waves, Counterparty etc? Same or different in each case? I think RoboTeddy asked this too, but I didn’t see it answered on the reddit.
BTW I think it is always best to answer things where they are asked, because then anyone subsequently reading the question can see the answer, and has no need to ask it again. I say this because you were asking RT to go to Skype or Slack, and I can understand his reluctance, and also see that this is counter productive in the long run. I know you end up answering the same questions in multiple places, but I think overall it is more transparent, and creates much more awareness of the solidity of your team, your technical ability and the quality of the solution you have devised. If you had asked me to go to Slack, I would probably have refused because I prefer to have my question answered where I ask it, particularly when it may be of interest to others. When I see or experience “let’s take this discussion elsewhere”, it doesn’t instill confidence. It feels shifty! I don’t believe that’s the case here at all, I’m just saying that to let you know some of us tend to be a bit cynical and suspicious
I think it is best to work within each community as much as you can, get to know and use each platform. If things are answered elsewhere, it’s fine to link to them and refer people, but you can’t refer people to a Slack discussion or a Skype call, so when you move a discussion to there the answer gets lost for anyone else reading the question.
I think you are now doing that and I’m glad because I am keen to see you succeed and build something which could be very valuable on SAFEnetwork. Particularly after the disappearance of an earlier promising decentralised exchange crowdfunding. I see that your crowdfunding is going well, so hopefully that is a relief for you and the team and bodes well for NVO and SAFEnetwork.
13 Likes
I appreciate all that you have said, and I agree with you on many points. Compared to Roboteddy, he directly created a thread on reddit, and said that the project is not safe, without having sought to ask questions beforehand. Thank god, right now i sleep 1-2 hours a day and i keep an eye open. When Ton saw the post, he was panicked, I told him it was not serious, and I explained to him what he should answer and I gave him the BTCT link.
Ton told Roboteddy that the Devs are sleeping, and that once they awake they would come and answer, except that as he was animated by evil intentions, he began to put pressure on Ton, who panicked because he could not Answer him for the moment, suddenly he decided to remove the post while waiting for us to wake up. Once we got up, we apologized several times on slack for deleting the post, and it did not prevent him from threatening and insulting the team, somewhere I understand the gesture of Ton, it is a CEO He manages the Team, he does not have great notions in development so when we deal with a guy like Roboteddy, who speaks like it was a great developer with complex notions whereas in reality they are not applicable And which we do not have to do with the project, panic can come easily.
He could manipulate people with just lies.
A 2-OF-2 Multisig address means that in order to allow for funds transfers, both co-owners have to agree.
If you lock the possibility to issue new transactions, an attacker won’t be able to double spend, because the co-owner will be the validator. Unless you controle the validator and force him to sign transactions. In order to give more details here, i would have to reveal some key elements, one of them is the safelauncher. Please don’t force me to opne the code
I would not ignore bad tongues, as they can induce newcomers who arrive in the community in error with false ways of employment about the usage of cryptos, and when I developer A project, I develope the community with it.I also made a call to the developers of Hf and BTCT to come to evaluate my explanations and so that you have an idea of my skills
1 Like
I didn’t panick. I didn’t want people to spread rumours on false information while devs were asleep :).
You haven’t panicked 
?
You don’t want to deceive anybody, you are always behind us saying " Guys don’t mess up ! i puted my name here !" You act like a good guy, while you are really terrifying with me on background 
!
@nemgun Thanks for answering above, but this is the part I’m not clear about.
Are you saying you have a solution but can’t answer this at this time because it is novel? If so I’m troubled by this because, while I understand the need to keep an invention secret, doing so means that everyone has to trust that a black box component is not centralised. I’m not sure that this can be said to be an improvement over trusting a centralised exchange. Do you understand the difficulty?
2 Likes
The system is really simple, we will store informations on safeNet, different levels of information from layer 0 (open) to critical, once we finish the development of the validator, we will give the ability to every wallet to connect to safeNet using safeLauncher. Once it is done, and a user is connected to safeNet, he will grab the required code and the required information and run it from his side, it means that the validator will be a serie of instances, each one would be unique to the user. This solves both the computation problem and the decentralization, as there will be unique instances of the validator on each wallet, communicating using the informations stored on safeNet.
Now I do not want to praise maidsafe, I prefer to pressure maidsafe to finish their wonderful project so that I can put the validator there. It should be understood that safeNet is not just a storage system, you forget something very important, I will also have to speak a bit more of the code of the validator, the safeLauncher can be used to make available the power of Computation required.
SafeNet is like a decentralized SSD, and the safeLauncher is a decentralized CPU and RAM.
4 Likes
This does sound very interesting and could potentially open doors to many other kinds of apps reliant on some kind of basic decentralised computation too by the sounds of it. I look forward to learning more about how it will work and what the limits are for it 
1 Like
you back up one opinion with another … good try, but your sophistry needs work.
Dude, it is not an opinion, it is a security standard.
If you don’t know shit about the best practices, you should listen to those who are in the industry instead of playing with rhetoric.
really … and where is that standard written and who are the authorities that created this standard opinion as some sort of computer law … which you seem to be claiming it is.
Omfg, I am not even gonna entertain your trolling.
1 Like
To be fair, you have just asserted things & then say he should take your word for it because you’re more qualified than him in your view.
You may be right, but it’s better to provide detail / references instead of just telling people they should take your word for things & by not doing so they are trolling / displaying ignorance. Not just for the person you’re replying to, but other readers of the thread.
As someone who knows nothing about these things, here’s a Wikipedia introduction to security through obscurity that references a standards agency which advise against the practice:
4 Likes
@piluso’s statement has nothing to do with why the validator is closed source. It’s not about security. It’s about competitive advantages.
Thanks for supporting our project.
4 Likes
That’s a good explanation yanni and nemgun.
1 Like