1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
Return-Path: <matthieu@blockcypher.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 4B3B0B8B
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 15 Jul 2015 18:25:19 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ig0-f173.google.com (mail-ig0-f173.google.com
[209.85.213.173])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B3005277
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 15 Jul 2015 18:25:18 +0000 (UTC)
Received: by igbij6 with SMTP id ij6so78243261igb.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 15 Jul 2015 11:25:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:date
:message-id:subject:from:to:content-type;
bh=2iGLsgE/YLlBHy03emv5s+sDvsPUKlwOPTf6WrLqep8=;
b=dgRovIhw/XPm8CtowLCit3CRfOtk1PUSaotIWwB3LbRXIscl5lifaXHT3RqLuFzHIp
NryyFzuk6HxOgkLpllrN5t2I3fECeJvTJoC10INyo7bu6JKRUVAyFH25vu6TJSy1yZNm
XEKckWOht1joL1EvGjoww3R1iyL+mxufLRtAe8pbKV3trHNnUrGUpF74fGAaOtCFsryX
4XgNJ+9wPeF1tKEA/VkY0/Ocwj2RLQQ+1kP4EzuzMisS4KIlRc8fAlD4AsjAnNIGCI8Q
dWW/vF6BgoBzXb+GcpH8TiFtXIC2ukspVuBmI2ldPhwA3SInvACVrMSimbIyu6dN00ge
/ddQ==
X-Gm-Message-State: ALoCoQlkr4b4yY5Ng0M7qRwTCCAAEgM/y7JfcUwyrJCV3eZJyv+kBFUJKIkdVf9+AmjEh5lhPaRJ
MIME-Version: 1.0
X-Received: by 10.50.143.43 with SMTP id sb11mr18731894igb.69.1436984718061;
Wed, 15 Jul 2015 11:25:18 -0700 (PDT)
Received: by 10.107.176.208 with HTTP; Wed, 15 Jul 2015 11:25:17 -0700 (PDT)
In-Reply-To: <55A68668.6@bitcoins.info>
References: <24662b038abc45da7f3990e12a649b8a@airmail.cc>
<55A66FA9.4010506@thinlink.com>
<20150715151825.GB20029@savin.petertodd.org>
<CDB5FC27-F3F0-44F7-BBC6-670ACAE740D2@gmail.com>
<20150715155903.GC20029@savin.petertodd.org>
<55A68668.6@bitcoins.info>
Date: Wed, 15 Jul 2015 11:25:17 -0700
Message-ID: <CAHUNwMp3-jNc9g0shCUCR76WEA5Qp+JpxZGPmAuK5wuy4p1yEw@mail.gmail.com>
From: Matthieu Riou <matthieu@blockcypher.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: multipart/alternative; boundary=001a1135e91aab1673051aee1368
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,HTML_MESSAGE,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Significant losses by double-spending unconfirmed
transactions
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 18:25:19 -0000
--001a1135e91aab1673051aee1368
Content-Type: text/plain; charset=UTF-8
Hi,
Thanks for the bug report Simon, "responsible" disclosure on public forums
is always appreciated. We're working with ShapeShift to make sure we can
protect them appropriately against this specific attack in the future. As
"Me" and Adrian advised, I would also encourage you return the funds.
Regarding Peter's accusations on Twitter/Reddit/listserve, we have no idea
why we are his target. He has never met with our CEO, has no idea of our
business model, nor our company objectives. All his comments about us are
his speculations. I'm sure Peter knows what a Sybil attack actually is and
making such claims on a public forum is completely unfounded and uncalled
for. Stretching definitions beyond the point where they make sense is a
common rhetoric and political tool, not necessarily appropriate in a
professional or technical context.
We offer useful services for many startups like ourselves. We are good
actors in this space. As a startup we are also constrained by limited
resources (we're funded but far from larger companies resources). Companies
aren't built in a single day and we hope to do more to help
decentralization in the future as well. We're trying to further the
ecosystem with our small team, so the pot shots are puzzling.
Thanks,
Matthieu
On Wed, Jul 15, 2015 at 9:12 AM, Milly Bitcoin via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Below are 2 examples why a systematic risk analysis needs to be used. The
> current situation is that you have developers making hyperbolic, demonizing
> statements that users are "spammers" and engaged in Sybil "attacks."
> Characterizing these activities as spam and Sybil attacks is not a
> systematic analysis, it is closer to the process used at the Salem Witch
> trials.
>
> If this process of demonetization is to take its natural course then these
> statements are "developer attacks" from a developer system that lacks
> proper incentives and is rife with conflicts of interest.
>
> Russ
>
>
> ... they need to
>> connect to a large % of nodes on the network; that right there is a
>> sybil attack. It's an approach that uses up connection slots for the
>> entire network and isn't scalable; if more than a few services were
>> doing that the Bitcoin network would become significantly less reliable,
>> at some point collapsing entirely.
>>
>
> ...
>
> > Spammers out there are being very disrepectful of my fullnode resources
>
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--001a1135e91aab1673051aee1368
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Hi,</div><div><br></div>Thanks for the bug report Sim=
on, "responsible" disclosure on public forums is always appreciat=
ed. We're working with ShapeShift to make sure we can protect them appr=
opriately against this specific attack in the future. As "Me" and=
Adrian advised, I would also encourage you return the funds.<div><br></div=
><div>Regarding Peter's accusations on Twitter/Reddit/listserve, we hav=
e no idea why we are his target. He has never met with our CEO, has no idea=
of our business model, nor our company objectives. All his comments about =
us are his speculations. I'm sure Peter knows what a Sybil attack actua=
lly is and making such claims on a public forum is completely unfounded and=
uncalled for. Stretching definitions beyond the point where they make sens=
e is a common rhetoric and political tool, not necessarily appropriate in a=
professional or technical context.</div><div><br></div><div>We offer usefu=
l services for many startups like ourselves. We are good actors in this spa=
ce. As a startup we are also constrained by limited resources (we're fu=
nded but far from larger companies resources). Companies aren't built i=
n a single day and we hope to do more to help decentralization in the futur=
e as well. We're trying to further the ecosystem with our small team, s=
o the pot shots are puzzling.</div><div><br></div><div>Thanks,</div><div>Ma=
tthieu<br><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Wed,=
Jul 15, 2015 at 9:12 AM, Milly Bitcoin via bitcoin-dev <span dir=3D"ltr">&=
lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blan=
k">bitcoin-dev@lists.linuxfoundation.org</a>></span> wrote:<br><blockquo=
te class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc so=
lid;padding-left:1ex">Below are 2 examples why a systematic risk analysis n=
eeds to be used. The current situation is that you have developers making h=
yperbolic, demonizing statements that users are "spammers" and en=
gaged in Sybil "attacks."=C2=A0 Characterizing these activities a=
s spam and Sybil attacks is not a systematic analysis, it is closer to the =
process used at the Salem Witch trials.<br>
<br>
If this process of demonetization is to take its natural course then these =
statements are "developer attacks" from a developer system that l=
acks proper incentives and is rife with conflicts of interest.<br>
<br>
Russ<br>
<br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
... they need to<span><br>
connect to a large % of nodes on the network; that right there is a<br>
sybil attack. It's an approach that uses up connection slots for the<br=
>
entire network and isn't scalable; if more than a few services were<br>
doing that the Bitcoin network would become significantly less reliable,<br=
>
at some point collapsing entirely.<br>
</span></blockquote>
<br>
...<br>
<br>
> Spammers out there are being very disrepectful of my fullnode resource=
s<div><div><br>
<br>
<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</div></div></blockquote></div><br></div></div></div>
--001a1135e91aab1673051aee1368--
|