Author Topic: Neither Dice nor Lottery are producing results  (Read 6550 times)

0 Members and 1 Guest are viewing this topic.

Offline toast

  • Hero Member
  • *****
  • Posts: 4002
    • View Profile
  • BitShares: nikolai
Re: Neither Dice nor Lottery are producing results
« Reply #60 on: October 10, 2014, 04:26:25 am »
lottoshares was an ameteur/hobby product, but that's ok. Who was expecting massive ROI and widespread adoption?


Part of the value of AGS is that it filters out winners and value producers. Don't feel "ripped off", feel vindicated.
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

merockstar

  • Guest
Re: Neither Dice nor Lottery are producing results
« Reply #61 on: October 10, 2014, 04:33:47 am »
lottoshares was an ameteur/hobby product, but that's ok. Who was expecting massive ROI and widespread adoption?


Part of the value of AGS is that it filters out winners and value producers. Don't feel "ripped off", feel vindicated.

I don't feel ripped off by any means. Had the project worked out it very well could have ROI'd and had wider adoption imo.

I was just concerned about my AGS private keys is all. But I'll feel a lot better if FreeTrade keeps responding to this thread.

Offline Brekyrself

  • Sr. Member
  • ****
  • Posts: 498
    • View Profile
Re: Neither Dice nor Lottery are producing results
« Reply #62 on: October 10, 2014, 04:36:20 am »
I am curious if the dev fund of lts was left alone or liquidated before this announcement, also the time seems odd as its right before ags/pts share's mature...

Care to comment on how much of the dev fund was cashed out before your announcement freetrade?

Sure. 0.

I was interested in building a successful project, not cashing out a few pennies. My view is that dev talent is scare and best redirected away from failed projects rather than throwing new effort at it.

I tried my best and ultimately failed. I can understand why participants might be disappointed, as am I, but personal attacks are unwarranted where hugely ambitious, hugely risky projects fail. I've risked more and lost more than anyone else with this project.



Better to try and fail then to never try in the first place, thanks for the fun.

Any insight into the next project?

Offline tonyk

  • Hero Member
  • *****
  • Posts: 3309
    • View Profile
Re: Neither Dice nor Lottery are producing results
« Reply #63 on: October 10, 2014, 04:56:43 am »

Better to try and fail then to never try in the first place, thanks for the fun.

Any insight into the next project?

That is very counter intuitive statement... read my posts in this sub-forum... how could this project be a success?

Now back to the priv keys of mine that I imported... they are forever in jeopardy of someone deciding that stealing/using them is the better way to go...

On that note - Is not this easy enough to transfer the AGS donations from the original 'donation from address' to a new address?
« Last Edit: October 10, 2014, 05:00:17 am by tonyk »
Lack of arbitrage is the problem, isn't it. And this 'should' solves it.

Offline Riverhead

Re: Neither Dice nor Lottery are producing results
« Reply #64 on: October 10, 2014, 05:02:30 am »

Better to try and fail then to never try in the first place, thanks for the fun.

Any insight into the next project?

That is very counter intuitive statement... read my posts in this sub-forum... how could this project be a success?

Now back to the priv keys of mine that I imported... they are forever in jeopardy of someone deciding that stealing/using them is the better way to go...

On that note - Is not this easy enough to transfer the AGS donations from the original 'donation from' to a new one?
Your keys aren't "out there" unless this client was compromised and I don't think it was. A malicious dev can't somehow get your private keys unless they release a compromised version and you open your wallet.dat with it and unlock it.

Offline tonyk

  • Hero Member
  • *****
  • Posts: 3309
    • View Profile
Re: Neither Dice nor Lottery are producing results
« Reply #65 on: October 10, 2014, 05:06:30 am »

Better to try and fail then to never try in the first place, thanks for the fun.

Any insight into the next project?

That is very counter intuitive statement... read my posts in this sub-forum... how could this project be a success?

Now back to the priv keys of mine that I imported... they are forever in jeopardy of someone deciding that stealing/using them is the better way to go...

On that note - Is not this easy enough to transfer the AGS donations from the original 'donation from' to a new one?
Your keys aren't "out there" unless this client was compromised and I don't think it was. A malicious dev can't somehow get your private keys unless they release a compromised version and you open your wallet.dat with it and unlock it.

Good to know Riverhead!
 I imported just a few keys but still prefer not to give my AGS to somebody for no reason at all...
Lack of arbitrage is the problem, isn't it. And this 'should' solves it.

Offline Riverhead

Re: Neither Dice nor Lottery are producing results
« Reply #66 on: October 10, 2014, 05:10:21 am »
Quote from: tonyk

Good to know Riverhead!
 I imported just a few keys but still prefer not to give my AGS to somebody for no reason at all...

Agreed. Unless that someone is me haha 8)
« Last Edit: October 10, 2014, 05:24:19 am by Riverhead »

merockstar

  • Guest
Re: Neither Dice nor Lottery are producing results
« Reply #67 on: October 10, 2014, 05:11:14 am »
Your keys aren't "out there" unless this client was compromised and I don't think it was. A malicious dev can't somehow get your private keys unless they release a compromised version and you open your wallet.dat with it and unlock it.

That makes perfect sense.

I forgot the wallet.dat itself is encrypted. The client still could have been compromised when the keys were actually imported though, right?

Offline Riverhead

Re: Neither Dice nor Lottery are producing results
« Reply #68 on: October 10, 2014, 05:29:33 am »
Your keys aren't "out there" unless this client was compromised and I don't think it was. A malicious dev can't somehow get your private keys unless they release a compromised version and you open your wallet.dat with it and unlock it.

That makes perfect sense.

I forgot the wallet.dat itself is encrypted. The client still could have been compromised when the keys were actually imported though, right?
Yes. The client knows your private key at import and could, in theory, encrypt the plain text key with a public key they own and send it to themselves. The destination would then have a script decrypt the private key, import it into a burner wallet and transfer the money. It would all be over in seconds.

Offline Gentso1

  • Hero Member
  • *****
  • Posts: 931
    • View Profile
  • BitShares: gentso
Re: Neither Dice nor Lottery are producing results
« Reply #69 on: October 10, 2014, 03:45:43 pm »

Better to try and fail then to never try in the first place, thanks for the fun.

Any insight into the next project?

That is very counter intuitive statement... read my posts in this sub-forum... how could this project be a success?

Now back to the priv keys of mine that I imported... they are forever in jeopardy of someone deciding that stealing/using them is the better way to go...

On that note - Is not this easy enough to transfer the AGS donations from the original 'donation from' to a new one?
Your keys aren't "out there" unless this client was compromised and I don't think it was. A malicious dev can't somehow get your private keys unless they release a compromised version and you open your wallet.dat with it and unlock it.

Good to know Riverhead!
 I imported just a few keys but still prefer not to give my AGS to somebody for no reason at all...
maybe I am wrong but when any of us input our private key (ags, pts, whatever) anyone who has that key can claim to be the owner of said address. Now in wallets anyone who has that private key has complete access to said wallet. So for a pts wallet for example  if you think your key is compromised you simply transfer your pts to a new wallet with a new addy and you have a new private key that you can use to claim your stake.

With ags it goes by the addy the donation came from. So their is no way to substitute another addy unless it is manually done in the genesis block of every new DAC(like what they did with some of the keyID addys).

I for one should have known better and just not imported my private ags key and just "passed" on what ever lts had to offer, its just to much risk if a dev is bad intentions. This isn't anything against FT but any dev.  We want a trust less system but the irony is with ags we have to trust every dev for every DAC as the only way to currently claim shares. keyID, LTS, what about the music one or vote, how about PLAY. We must have another option for ags holders to claim shares other then private keys or simply not support DACS that will not implement another method. As more devs start becoming interested in the bitshares toolkit we have more player's in the game and it only takes one to have bad intentions. Lets be pro active instead of reactive. 

Offline Riverhead

Re: Neither Dice nor Lottery are producing results
« Reply #70 on: October 10, 2014, 04:10:08 pm »
Keep in mind a non compromised wallet stores an ENCRYPTED copy of your private keys. That's why you need to unlock your wallet with a good passphrase. It's effectively 2-Factor Authentication. They need both the .dat file AND your pass phrase for it to be useful.

Naturally with a compromised wallet they get the plane text version. However if you imported your keys into a non compromised wallet a developer is no further ahead of anyone else who has just a locked .dat file. They'd still need to get you to install and unlock a compromised wallet to get the keys in plane text. Try dumping your private keys in a QT wallet with it locked. Doesn't work.

As far as needing a mechanism to claim AGS without a plane text key import it seems that's on each DAC developer to implement but from what Toast said the expensive part is getting it audited because otherwise you're still just trusting the developer.
« Last Edit: October 10, 2014, 04:11:50 pm by Riverhead »

Offline Gentso1

  • Hero Member
  • *****
  • Posts: 931
    • View Profile
  • BitShares: gentso
Re: Neither Dice nor Lottery are producing results
« Reply #71 on: October 10, 2014, 06:34:57 pm »
Keep in mind a non compromised wallet stores an ENCRYPTED copy of your private keys. That's why you need to unlock your wallet with a good passphrase. It's effectively 2-Factor Authentication. They need both the .dat file AND your pass phrase for it to be useful.

Naturally with a compromised wallet they get the plane text version. However if you imported your keys into a non compromised wallet a developer is no further ahead of anyone else who has just a locked .dat file. They'd still need to get you to install and unlock a compromised wallet to get the keys in plane text. Try dumping your private keys in a QT wallet with it locked. Doesn't work.

As far as needing a mechanism to claim AGS without a plane text key import it seems that's on each DAC developer to implement but from what Toast said the expensive part is getting it audited because otherwise you're still just trusting the developer.

I learned something new here.
So using lts as a example
I dumped my  un encrypted text based ags key from the wallet I made my donation from into the lts wallet.
In order to access  the ags donation wallet they would need the password for the ags donation wallet and the private key?



Offline biophil

  • Hero Member
  • *****
  • Posts: 837
  • Incentives run the world
    • View Profile
    • Sign up for a Bitshares account!
  • BitShares: zebulon
Re: Neither Dice nor Lottery are producing results
« Reply #72 on: October 10, 2014, 08:29:12 pm »
Keep in mind a non compromised wallet stores an ENCRYPTED copy of your private keys. That's why you need to unlock your wallet with a good passphrase. It's effectively 2-Factor Authentication. They need both the .dat file AND your pass phrase for it to be useful.

Naturally with a compromised wallet they get the plane text version. However if you imported your keys into a non compromised wallet a developer is no further ahead of anyone else who has just a locked .dat file. They'd still need to get you to install and unlock a compromised wallet to get the keys in plane text. Try dumping your private keys in a QT wallet with it locked. Doesn't work.

As far as needing a mechanism to claim AGS without a plane text key import it seems that's on each DAC developer to implement but from what Toast said the expensive part is getting it audited because otherwise you're still just trusting the developer.

I learned something new here.
So using lts as a example
I dumped my  un encrypted text based ags key from the wallet I made my donation from into the lts wallet.
In order to access  the ags donation wallet they would need the password for the ags donation wallet and the private key?

No, all they need is the private key. Your AGS key is now in two places: your AGS wallet.dat, and the LTS wallet.dat. If your LTS wallet is encrypted with a strong passphrase, then you're good. If you imported your AGS key into the LTS wallet without encrypting the LTS, then your AGS is wide open and exposed to anybody with access to your computer.

Offline biophil

  • Hero Member
  • *****
  • Posts: 837
  • Incentives run the world
    • View Profile
    • Sign up for a Bitshares account!
  • BitShares: zebulon
Re: Neither Dice nor Lottery are producing results
« Reply #73 on: October 10, 2014, 08:32:23 pm »
Has anybody made some kind of best-practices manual for claiming stakes in new DACs? There are a couple no-brainer things one could do, such as moving your PTS to a new address after every snapshot (and certainly before importing PTS keys), keeping your AGS donation wallets locked at all times (i.e., never use those wallets for BTC or PTS transactions), etc. Has anybody already written up such guidelines?

Oh, another thing: immediately after importing AGS, move your newly-claimed shares to a completely different wallet.dat file; that way your AGS key is not permanently in your LTS wallet.dat file.
« Last Edit: October 10, 2014, 08:36:06 pm by biophil »

Offline bitmeat

  • Hero Member
  • *****
  • Posts: 1116
    • View Profile
Re: Neither Dice nor Lottery are producing results
« Reply #74 on: October 11, 2014, 06:46:09 am »
Keep in mind a non compromised wallet stores an ENCRYPTED copy of your private keys. That's why you need to unlock your wallet with a good passphrase. It's effectively 2-Factor Authentication. They need both the .dat file AND your pass phrase for it to be useful.

Look, it's not a true 2-factor, unless it uses a separate device to decrypt. If there is a key-logger, it doesn't matter how strong your second password on top of the private key is. This is true for all crypto projects. It's scary full of amateur decisions.

Even the "non-hobby" projects like DNS and BTSX have that flaw. And as I mentioned a billion times, it is extremely easy to fix. Heck even Bytemaster mentioned somewhere he added it to the toolkit as method somewhere, but nobody is using it.

I don't think FT has stolen keys, if he did, he'd have more than just personal issues.

However in this day and age you can NEVER be sure what's running on your desktop. Given that it's a huge incentive, you know someone, somewhere will exploit the attack vector.

I would not import any keys until this issue is resolved. And I say that even for the existing DACs.

Sorry for the rant, but this is disaster in the makings. I hope I'm wrong, I really do.