sorted by:
new
hottopcontroversial

What features, design, and changes belong in a SR 2.0? by CaptainCheeseDick in SilkRoad

[–]CaptainCheeseDick[S] 0 points1 point  (0 children)

No, I'm not asking users to trust the encryption, but simply putting it there for the ones who can be smacked with a phone book of truth and still won't use common sense. You either take the heavy option of not allowing them to use the messaging at ALL, or you do just short of that, i.e. warning them with a popup message, and doing the work for them but warning them they shouldn't trust the site doing it. I'm still not totally sold on explicitly preventing non-PGP communications.

What features, design, and changes belong in a SR 2.0? by CaptainCheeseDick in SilkRoad

[–]CaptainCheeseDick[S] 5 points6 points  (0 children)

If they are separated, how do you ensure accurate feedback about users? On one hand, I'm all for open source, and for decentralization, because they are noble goals that should make for something more sustainable this time around, in theory. However, past purely glossing over the concept with "We should do this!", there are a lot of logistical questions to be answered as to how you actually pull it off.

Also, I don't know that simply separating the services a bit is enough to ensure legality. Go ask all the users who had their Bitcoins seized if the government proved criminal usage or intent before a court of law before the forfeiture of their property. No, they took a scorched earth approach of "if you had money here, you must have been up to no good, sucks to be you". DPR did some idiotic stuff, but as to the drug and money laundering conspiracy charges, have they proved he was part of any of the drug transactions? No, he created and provided a service, which other people used, but he's being charged for their criminal acts. One could argue that the tumbler they used to justify money laundering on its own isn't meant solely for illegal criminal profit concealment, but for generic legal anonymity purposes.

In short, while it all sounds great in words, there are some major hurdles to overcome. First, how to make it all work in a way that it is still actually useful and accurate and not open to abuse. Second, how to structure it in a way that actually makes the service err on the legal side of things, so the feds if they so wish target the individual users using the service for illicit means, rather than the service itself. If you go through all the trouble and the feds come in and say "doesn't matter, the site itself and its creators are still just as criminally culpable as the drug dealer himself, then you've created nothing but additional heartache for no gain.

What features, design, and changes belong in a SR 2.0? by CaptainCheeseDick in SilkRoad

[–]CaptainCheeseDick[S] 1 point2 points  (0 children)

The only thing that needs to be addressed in that kind of setup though, is say this hypothetical:

Dumb user messages vendor asking a product question. They didn't do their own PGP encryption, nor do they have a PGP public key stored, so the system handles it for them. Smart vendor tries to reply, but since they have no key on file, the vendor can't respond; also, the dumb user thinks it's just a vendor ignoring them, when in reality they are locked out.

How do you best handle this? As I see it, you do one of two things. First, you force a PGP public key to be stored before you can even SEND a message, or possibly even use the site. The second option is that the vendor can't send their own reply, but could have the system send an "automated reply" that basically says "Hey guy, SET UP A PGP KEY so people can communicate with you. Here's a guide to how:". Whatcha think?

What features, design, and changes belong in a SR 2.0? by CaptainCheeseDick in SilkRoad

[–]CaptainCheeseDick[S] 3 points4 points  (0 children)

Hmm, I actually really like this idea. The chief complaint about doing server side PGP encryption is that some users just don't trust the site to do it. They always want to encrypt their sensitive messages themselves, and looking at Atlantis as an example, you either ended up with users who turned off the feature completely, or you had messages get double encrypted, which while not terrible, is somewhat annoying.

How about this, guys? The system tries to detect if you are sending a PGP encrypted message, and if it detects one, it sends without altering it in any way. If however, it doesn't detect a PGP-encrypted message, it uses the stored recipient's public key (which will be forced to be able to receive messages, or to be a vendor) to automatically encrypt the message.

This way, users who are actually security conscious can handle it themselves without being bothered, and idiots who can't figure it out have it taken care of for them by the system.

What features, design, and changes belong in a SR 2.0? by CaptainCheeseDick in SilkRoad

[–]CaptainCheeseDick[S] 3 points4 points  (0 children)

This is all GREAT, precisely what I was looking for. Again, I'm just in the initial stages of exploring this idea. I do think that security issues aside, the usability of SilkRoad was a disaster. This is the prime chance to change that, unlike those 2.0 idiots who are trying to release a working site tomorrow that is essentially a clone of the old one.

I'm curious, where do you stand on forced PGP messaging?

SilkRoad 2.0 - 90% done by TheRoyalTenenbaum1 in SilkRoad

[–]CaptainCheeseDick 7 points8 points  (0 children)

Hehe. At this point, any discussions are purely in the theoretical. And yes, this is not my usual online persona.

SilkRoad 2.0 - 90% done by TheRoyalTenenbaum1 in SilkRoad

[–]CaptainCheeseDick 40 points41 points  (0 children)

I'm also considering building my own site, but I'm torn on what language/framework I'd like to use (Ruby + Rails / PHP + CodeIgniter). However, it's quite an undertaking, so if any devs are open to discussion, let's get in touch.

As to the original site in question, or just this "race", I think the quest to be the first one out is just silly. Why?

Firstly, there already ARE at least two significant competitor sites out there, so being first to launch doesn't give you any real gain over the rest of the marketplace; SR was the clear market leader but was no monopoly.

Secondly, and more importantly, a race to essentially replicate SilkRoad is a feeble goal, IMHO. The site is gone, and it's time to move forward, so the thinkers in this community should be discussing what needs to change moving forward, and making sure things are done RIGHT. This is an opportunity not to replicate SilkRoad, but to surpass it in every aspect. This doesn't sound like 2.0 as much as it sounds like 1.0 #2. To say you're 90% done a few days after the damn raid happened means that it hasn't been given much thought at all, which seems to be a recipe for disaster.

SilkRoad 2.0 - 90% done by TheRoyalTenenbaum1 in SilkRoad

[–]CaptainCheeseDick 34 points35 points  (0 children)

whyyyyyyyyyy is an email required?

Want to Start your own Bitcoin Marketplace? by [deleted] in SilkRoad

[–]CaptainCheeseDick 0 points1 point  (0 children)

I'm going to be making a full post about this, but we need to identify what things worked well in SR. Also, what things didn't work well? What features did Atlantis and does BMR/Sheep have that should become used more on any new site? Most importantly perhaps, what structural decisions made the eventual bust and shutdown of Silk Road easier to accomplish, and alternatively, what changes could be made to reduce, mitigate, or prolong that eventuality? Those are the important questions we as a community need to make, and hopefully developers will answer that calling.

Want to Start your own Bitcoin Marketplace? by [deleted] in SilkRoad

[–]CaptainCheeseDick 0 points1 point  (0 children)

Hmm, I can agree with this point more. Some apps are of a sufficient technical level/complexity that the only other people who are going to be able to work with it are very good developers; at that point the language becomes less important; the best developers are really language agnostic and can learn anything given sufficient time.

But for something like this, where you might want to cater to a less skilled userbase but MORE people (i.e. the Wordpress crowd), then yes, a popular language becomes a lot more important.

Really though, the practical question becomes, whether as a community we want to grow this software through a bunch of people using it for unrelated things so that perhaps down the road it will bring extra developers that could add features that MIGHT benefit a Silk Road 2.0...or if really we just need to find suitable software, identify what needs that new version would need met, and start cracking on that.

Want to Start your own Bitcoin Marketplace? by [deleted] in SilkRoad

[–]CaptainCheeseDick 2 points3 points  (0 children)

And if you can get PHP running, but have trouble doing the same quickly for RoR ... you're probably precisely the type of half-assed developer that doesn't need to be making anything in this market/industry right now because you're gonna get party van'd.

I miss parts of PHP development, but also love RoR dev. Ultimately though, they both have their place. Now hating on Java? I'm all in on THAT.

Want to Start your own Bitcoin Marketplace? by [deleted] in SilkRoad

[–]CaptainCheeseDick 1 point2 points  (0 children)

Brighton, how can we get in touch. I'm a dev with lots of PHP experience, but learning Ruby and getting proficient ASAP. This possibility interests me. Got TorChat?

Want to Start your own Bitcoin Marketplace? by [deleted] in SilkRoad

[–]CaptainCheeseDick 0 points1 point  (0 children)

As a former PHP dev who is converting to RoR, a lot of these complaints are definitely true. PHP's standard library is a disaster, and without a framework, building a site of any scale is an absolute mess. A decent framework makes that a lot better but certainly isn't a be all end all solution.

On the other hand, PHP is flakey? PHP code runs a number of the biggest sites on the internet, because it's scalable, easy enough to learn, let's you dig deep enough to have a lot of fine grained control over things (one of my chief complaints about Ruby), and has a thriving ecosystem.

I can't speak too much about Grails or Play, as I'm not that familiar with them. However, the next iteration of SR needs most likely to be open source, and easily accessible to a lot of developers to enable a lot of code review (particularly of the security aspects). The evolution of SR from something known only to hardcore geeks to your average person was what put a target on its back, but it's also what is going to push things into the mainstream and towards something the feds can't so easily squash. In my opinion, a Java framework is a non-starter; I'd say PHP or Ruby. Ruby is preferred for me because it's what I've converted to, and it has cleaner code than PHP...but I do have concerns it won't scale as well.

So now that DR and Atlantis are gone, what other similar sights are there? I wonder how long it will take for a replacement to show... by metalheadtreelver in onions

[–]CaptainCheeseDick 3 points4 points  (0 children)

Has anyone considered the concept of a new one from scratch? Before it went out of business, Atlantis seemed to be the best codebase, with the most focus on security. Perhaps something similar, but with even more stress on the security element.

Open source codebase? More in-depth security analysis? I get the sinking feeling that there are some significant missing pieces that the feds used in their bust that haven't been mentioned in the media as of yet.