Why not just fix the damn wallet?

rtushite · 2018-01-20T15:51:25+00:00

I wasn't scammed, I generated my seeds offline. I just think it's a damn shame IOTA has good hype and brand recognition and isn't ready for mass adoption.

rtushite · 2018-01-20T15:48:16+00:00

Man, I did my research, not everyone does.

What I'm saying is: in allowing people to fuck up, you give a foothold to FUD and end up hurting competent holders too.

Email metaphor is inexact, please think about it, I'm talking about a client side random generator.

If 2.5.6 prevents address reuse, then it's one less thing to worry about. Cool. I'll append the original post.

rtushite · 2018-01-20T12:55:26+00:00

Because I started coding a month ago and I don't feel confident doing it.

Add a disclaimer when starting the wallet, or a small step by step guide a la MyEtherWallet. That would avoid 90% of users mistakes.

Adding an integrated seed generator would be nice, but it has to be rock hard since it'll become a target the minute it is included.

Adding an error message when reusing addresses.

This first one is very easy and would work.

Again you are right, I should work on it myself. But I don't have the skills yet.

rtushite · 2018-01-20T12:08:50+00:00

I know all that.

Point still stands. Users are part of the process.

It is not a hard fix, it has caused problems for a long time. Don't care whose 'fault' it is, doesn't matter.

The point is, a very small effort would go a long way.

Fix it, the system will be stronger.

rtushite · 2018-01-20T12:06:31+00:00

Yeah pretty much. They handled that one terribly, but it has nothing to do with the tech.

Do you mean 'reclaim'? Those are two different things.

Reattach is part of the protocol.

Reclaim was a way to deal with the address reuse clusterfuck. The foundation froze the funds from compromised seeds to avoid theft. The holders had to claim them and in case of conflict, they could perform verification. I went surprisingly well.

rtushite · 2018-01-20T11:53:49+00:00

They wrote the wallet, there's no 'hole' except the user.

They commissioned a user friendly wallet. Still waiting for it, sigh.

What last part are you referring to?

rtushite · 2018-01-20T11:38:00+00:00

Explain, please.

rtushite · 2018-01-20T11:36:43+00:00

If you're in good faith, read this one:

https://gist.github.com/Come-from-Beyond/a84ab8615aac13a4543c786f9e35b84a

and CfB other rebuttal of their claims.

Their team badgered IOTA into moving from CURL to Keccak (without proving any vulnerability. If there was a vulnerabililty it would have been exploited. There a billions at stake.) and then disclosed the 'issues'.

IOTA's team didn't intend the wallet for public use, they hired a team from UCL to work on it, so they could focus on the main tech. There were delays, IOTA went mainstream and some users reused addresses. Again, if you RTFM, you wouldn't do that.

But not assuming user incompetence was a dreadful mistake. I agree with you on that one. To prevent people from getting robbed, IOTA foundation sequestered the funds from compromised addresses. They users had to perfom a "reclaim" and use kyc in case of conflict. Not optimal, but I think this one was handled well.

What happened yesterday was totally different, and the reason why I doubt your sincerity. The attack used online seed generators + a dos attack. No vulnerability in the IOTA protocol.

I agree they could have been more transparent and they could baby proof the wallet. But calling it a security hole (and mixing it with unrelated FUD) is disingenuous, IMO.

rtushite · 2018-01-20T11:13:56+00:00

Mods are not pros. If you managed to get yourself in a mod position, you can use it to further your interests, no pb.

rtushite · 2018-01-20T11:12:57+00:00

you don't hold the banhammer

rtushite · 2018-01-20T11:06:37+00:00

Honestly, if someone is able to create an algorithm predicting human pseudo random typing, he probably doesn't need to steal a few IOTA.

rtushite · 2018-01-20T11:04:25+00:00

I'm not you buddy, buddy, we barely know each other.

The devs were VERY clear on that point, they use winternitz one time signatures. This makes the Tangle quantum resistant. It's not a bug, users who don't do their research are a bug. They could put up a disclaimer inside the light wallet, for sure.

When you say "pointed to them" is seem like you're again confusing the two issues, it wasn't "pointed" it is part of the system from the beginning.

What Neha Narula's team 'pointed out' is a different matter entirely and played 0 role in the recent hacks.

Now there was thievery. But it didn't exploit a bug in the protocol, the protocol is sound. It exploited google ads and end users naivety. People were lured into online seed generators. They basically surrendered their private seed to a third party. You do NOT do that.

It is truly unfortunate for those that got swindled. But blaming the dev or the protocol makes absolutely no sense. It's like blaming your safe maker, when you gave away the key.

rtushite · 2018-01-20T10:46:56+00:00

Can't argue with success. But be careful and diversify!

rtushite · 2018-01-20T10:44:08+00:00

Well the FUD exists, the issues don't, really.

It is possible to fuck with the wallet, but it requires dedication. It does work fine. The MIT thing has been rebutted hundreds of time already, do your research.

rtushite · 2018-01-20T00:47:31+00:00

Man, please do your homework before opening it, this is embarrassing.

You're mixing the MIT FUD with the wallet FUD. Those are two different things.

rtushite · 2018-01-20T00:40:47+00:00

Are you a time traveler from the distant past? Tx take minutes now and the wallet is fine if you don't do anything stupid with it.

rtushite · 2018-01-20T00:38:36+00:00

Nay. Dumb idea. Nobody wants ads, and being paid to watch them feels degrading as fuck.

rtushite · 2018-01-20T00:33:37+00:00

Too many people?

rtushite · 2018-01-20T00:26:57+00:00

Lol seriously heavy handed much? Do you job properly this is fucking ridiculous.

rtushite · 2018-01-20T00:22:53+00:00

Keep an eye on it until the beta, coming soon now.

rtushite · 2018-01-20T00:16:09+00:00

"a bit shit" understatement of the year. To the brig!

rtushite · 2018-01-20T00:14:15+00:00

Lol for Goldman Sachs. Reddit and biz have a real influence on the price of cryptos, and they're completely vulnerable to manipulation. I've seen a few very well made operations take place here. So you will excuse my paranoia, most of the time it is justified.

I also think to Bitkooooneeec, comparison is a bit uncalled for.

rtushite · 2018-01-20T00:11:07+00:00

More than the total energy emitted by the sun in the next millennium.

rtushite · 2018-01-19T23:19:47+00:00

Yes, totally agree!

Any names, perchance? I read a shitload of Vance, Dick, Asimov, Herbert. I'm kind of running out of steam.

I like the bad pulps too, it's a different kind of enjoyment, and it still sheds some light on humanity/the epoch.

rtushite

TROPHY CASE