You are viewing a single comment's thread from:

RE: @thesloth @thedumpster @thedelegator @steemservices @danknugs @nextgencrypto @berniesanders You can't flag me if I don't post anymore

in #steem7 years ago

I just want to keep this information in comments, and it may well be speculative, but you can see if you look at any user's profile:

Maybe I misunderstand the bandwidth allocation system. I understand that it allows a user to go to an excess beyond this level shown underneath the "Bandwidth Remaining" bar, that berniesanders has 123Mb of available bandwidth, using a 'fractional reserve' system.

I believe this means that it would be possible to launch a flood attack on the Steem blockchain, and make every RPC grind to a halt, ending trading permanently.


Free accounts have about 200kb of bandwidth allocation, and someone with several thousand such accounts under their control could probably put at least 40 if not 400 megabytes of data on the chain in one day.

Available bandwidth means how much the chain lets you dump on it before it starts getting cranky and refusing to accept new transactions. Unless I am mistaken, this means that berniesanders can put 123Mb onto the chain in a 24 hour period, but in practice, probably more like 512Mb

Also, I realised that Delegated Proof of Stake is a misnomer. The chain is permissioned, a variant of a Byzantine Fault Tolerant system that uses users, who socially interact, to vote on who should lead the chain (witness election). It shows how well read Dan Larimer is that he does not know that his chain is not a variant of PAXOS and Raft and PBFT (and distantly, Solidus). Note that no other permissioned distributed database system with fault tolerance in operation uses the block log.

This is another severe weakness in the platform, because if the previous attack I mentioned was performed, the RPC nodes would all go down, probably many of the witnesses would get blocked by a backlog of transaction processing, that stops them creating new blocks, at some point.


I am not saying anyone should do this, I simply worked this out because I was looking very closely at the anti-spam measures on the chain, because I don't intend to launch a fork that has this vulnerability to spammers.

I am putting this information out there because I believe that this is the best solution to the problem of Stinc, but I have got better things to do, like fix the problems, before I find myself the victim of their bad engineering.

Sort:  

I think you're totally correct here, and I also think this is the core problem with free sign-ups!

The whole bandwidth system is predicated on a set-up where the ability to wreck the system (through bandwidth spamming) is proportional to the vested stake. The disincentive (hopefully) keeps the system viable, at least until a wealthy investor decides to burn their money to blow it up.

But unrestricted free accounts (even with only delegated SP) contradict this so fundamentally that I think they are incompatible with a functional system.

I get the feeling this is the crux of the problem connecting bandwidth errors, bots and spam:

Within the model, they can't have both free anonymous accounts and bandwidth control!

Accounts with no SP should have no ability to spam the blockchain , but they give a little bit to each account which fundamentally distorts the formula in the name of pragmatism and short-term growth.

I hope with some careful consideration you can propose a different model that will permit this, but I think it's a very tricky problem to solve elegantly. I look forward to attempting to pull apart any suggestions you have, as that is what's needed ;)

I am simply going to study the activity of real, confirmed human users, and dial down the bandwidth limitation to human range. Then to add power to this, the reputation limits the capability of misbehaving large stake users by subjecting them to limiting caused by muting and flagging. I also have to look closely at the reputation scoring system, because it must be entirely biased towards stake, because otherwise, how is it that my 69.8 reputation account can't even put a 0.1 ding in trolls like Berniesanders?

They didn't assess the threat model fully, assumed a lot of things that cannot be substantiated once you examine it more broadly.

I think that part of their model works ok, as long as sign-ups are either paid for, or not anonymous.

What you're proposing with fixed limits is much less elegant, but quite possibly more practical.

The way I see it, and why I am emphasising collective social judgement as the solution, is because humans are the best at identifying patterns of byzantine behaviour. AI's can do it, but only after being fed a shit-ton of data, but humans have already got a shit-ton of data, about humans, and on a group basis, have the greatest chance of actually identifying, muting and flagging the offenders down so their bandwidth is so severely limited they cannot continue to operate the account, essentially neutering it.

I don't think there is any issue with free accounts at all. They just should not be powerful enough to do harm if gathered in the thousands, and, of course, extremely vulnerable to judgement by their peers. Well, if you can use the term 'peers' so loosely when talking about generally good people versus a scumbag.

Also, I think a simple mechanism that can limit account signup spam is simply binding an IP address to the signup, that cannot be reused for a period of time. It works reasonably well, and the constrained bandwidth of Tor, and the fact that there is a quite constrained number of nodes...

This is also a reason why perhaps referrals could be used, because referrals could create a chain of reputation effects that go back to the root of a tree of signups that appears to be malicious. This can let you close a whole bank of accounts instantly.

By 'byzantine behaviour' do you mean behaviour which encourages social stratification, and reduces social mobility within the network?

Well I think if AI/Machine Learning systems can detect it, there'd be plenty of such data from this experiment!

B's allocation is represented in mb (is this not a measure of speed rather than size? idk, not overly technically inclined beyond programming the clock on a VCR ;) ).
Here's the hammer that got me, represented as 3.6gb.


Thus, despite my lack of knowledge of who's who and what's what and how it all works, I got to see right off the bat what it's all about.
Sure I could buy my way up the food chain, still not worth the risk with these sharks floating around.

It is data size. It is clearly indexed on stake, and it clearly has no kind of reasonable ceiling. The bar represents a time period.

Also, why is anyone afraid of sharks in a virtual world? If they represent a tangible threat, then we have got bigger problems than a bunch of racketeers. No, I'm not afraid to simply point out the salient to people. I have already written off my investment in this platform, and I am glad that I was able to draw something out that let me finally break a cycle of poverty.

Believe me, I would rather be concentrating on improving my content and getting it some attention ~>



~> rather than trying to figure all this stuff out ~>



One is fun, the other like work.
;)

Eh... guess I'm not fooling anyone. If I had the hardware I'd be balls deep in happiness to the point it wouldn't be considered work. Le Sigh.


be lurking round reddit


nice. yes, I was serious when I said i am moving on. I can't help but be wanting to know how people receive the content of this post.

If I am right about the bandwidth issue, we are going to see it happen within a few weeks.

There was whitehat attack on steem chain with someone with a ton of bots and the chain didn't even hiccup. They did find and fix a bug in bandwidth allocation. Still with this sort off chain growth it might have different results.

I just don't see how it makes any sense that people can literally punch out 1440 posts a day per account when the SP goes over about 500. Who can do that, physically? Is this a social network or a weaponised bot network?

Coin Marketplace

STEEM 0.24
TRX 0.24
JST 0.039
BTC 103972.39
ETH 3297.02
SBD 5.89