Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Badges

Third Anniversary5 AnswersFirst AnswerSecond Anniversary1000 Comments500 CommentsFirst Anniversary100 CommentsPhotogenicName Dropper10 CommentsFirst Comment

Badges

Third Anniversary5 AnswersFirst AnswerSecond Anniversary1000 Comments500 CommentsFirst Anniversary100 CommentsPhotogenicName Dropper10 CommentsFirst Comment

o0ragman0o mod

About

Username
o0ragman0o
Joined
Visits
2,240
Last Active
Roles
Member, Moderator
Points
407
Posts
1,254
Badges
12
Badges
12
  • Re: I WILL NOT MINE ON ANY POOLS THAT HOST ETC MINING.

    @G416G You've been here for 11 months now. That's 11 months that we've all have to put up with your constantly abusive and insulting behaviour. That's 11 months of leniency shown to you by the "two bit promoters and scammers that run this forum". You've been warned plenty of times to cool it but you've continued to show complete disdain for the community in spite of the 'Forum Rules' of which the ones pertaining to your behaviour are as follow:
    • No adhominem (personal insults)
    • No derailing threads
    • No flooding forums many threads when one would have sufficed
    • Off topic goes to the watercooler, rules above still apply there (it's a watercooler, not a bin)
    So how about you show cause as to why you should still be allowed to stay....without being abusive.
  • Re: Rig porn - post your pics!

    @ciprianpt What are you're clocks?
  • Re: Reward for tracking the hackers

    @ChrisEsq. And was the first exercise for all you novice programmers to review the code and discover the vulnerability for yourselves? Did you then have to work out how to write an attack wallet to take advantage of your new found vulnerability? Did they actually explain the sophistication of the hack at all, or did they just hand you a script kiddies remote control to press?
    C'mon dude, obviously not. Read NOVICE
    @ChrisEsq. Right. I raise the point that much of what you are saying is factually wrong because you don't understand how the DAO is coded or the details of how the attack was enacted or even the events that have followed.
    As expected as it is, it's pretty sickening watching all this criticism from clueless post disaster experts who had absolutely nothing to say or offer when the DAO was being developed, when the DAO was being tested, when the DAO was being professionally audited, when the DOA was being community reviewed or and when the DAO was raising $150m! It certainly wasn't for lack of opportunity. It was only the highest profile, most transparent, most audited and reviewed development effort on top of Ethereum so far. And it's not even a DAO specific vulnerability! It's been found in some 70% of contracts already out there.
    Yes, it is always easier to play Monday morning quarterback. Everything else you're saying, I firmly disagree with.

    For sure, this was the highest profile project on ethereum to date. I am certainly not an expert, but why is the wild wild world of sports should it be those experts' obligation to vet the code of one business? The smartest people working with solidity, were, idk this may sound crazy, but busy with their own solidity projects. Most audited? Maybe in ethereum smart k land but that does mean that it was "properly vetted".
    The code was professionally audited by one of the highest regarded code security auditors in the US. It cost the slock.it team a 5 figure amount which they paid for out of their own pockets. The only bug that was reported was an insignificant rounding error. So do you think this attack vector might just have been just a tad bit harder to realise than all your Monday morning quatersbacks' would claim?

    How much does it cost to get people to really look for a bug. $150m evidently.
    Questions

    What's different about those 30% of contracts where this vulnerability wasn't a problem?
    I believe the audit was looking for re-entry and unchecked send vulnerability. I have no idea what those other contracts are or do.
    What made this process so transparent? Slock.it may have not owned many DAO tokens but they refused to provide disclosures of how many DAO tokens they owned personally, which runs afoul of two different regimes of US conflict of interest rules. VB recently posted how many DAO tokens he owned, but have we heard a similar response from the folks at slock.it?
    I don't care at all who owns how much in what, it's completely irrelevant because the transparency I was talking was regarding the real world Open Source development effort and not some abstract financial legalism.
    And who is a novice programmer to comment on 'code quality'? Oh, your Consensus guy, right. You're just going to take him on faith just as $150m worth of investors took Slock.it's skills on faith.
    I actually don't understand your argument here.
    In your inexperience, you have defaulted to the first seemingly qualified option regarding the quality of the DAO coding. That then framed your entire opinion of the DAO, it's code, Slock.it and it's developers. From there you exercised that opinion and made quite a number of false and unsubstantiated statements and personal attacks.

    I compared that to the 10's of 1000's of investors who also took on faith to the tune of $150m the professional and expert opinions regarding the security of the DAO's code before the exploit was discovered.

    A novice in anything always has to be cautious of first impressions and opinions.
    And who is a novice to say that Slock.it 'did nothing'? Should I just counter-call you all stupid or should I try and be nice and explain the security in the DAO code that actually prevents code updates without holder consensus, after the 2 week proposal period closes? Did your Consensus guy actually explain anything about how the DAO works?
    Incorrect, and here is where I think you're being disingenuous On June 11, the folks at maker found an potential exploit of the same style that was used to attack TheDAO within the code of their decentralized exchange (Maker OTC) that could have allowed an attacker to steal funds from the users of the exchange, but their developers reacted quickly and fixed the problem before it became an issue.
    No, I've spoken the facts of the DAO code which explicitly prevents code updates for a minimum of 2 weeks and then only after a successful vote by DAO token holders.

    This ironic security feature, which was explicitly designed to prevent malicious updates is what prevented them, and still prevents them from fixing the bug in the DAO.

    The DAO code has absolutely nothing to do with MakerDAO's code and there are entirely different governance mechanisms and purposes behind the two.
    What was slock.it's response to all of this? "No DAO funds at risk following the Ethereum smart contract ‘recursive call’ bug discovery" LOL. They made a "representation" that everything was ok, when it certainly was not. Their hubris got in the way. These are the same guys who wanted who wanted 125k eth to handle DAO security. See https://blog.slock.it/dao-security-a-proposal-to-guarantee-the-integrity-of-the-dao-3473899ace9d#.43f382gmf (Double LOL)
    The attack vector into the DAO was still not known at the time of that release. The re-entry vulnerability had only been realised as a programatic anti-pattern in general. The guys who published it couldn't even find any way to apply it to the DAO and so that was the basis of the representation. At the time the DAO was still believed to be secure. It had absolutely nothing to do with hubris or any other ad hominem which you've cast upon their characters.
    And who are you to say that Slock.it 'did nothing' when they've done absolutely everything in their power, including getting Foundation support for a hard fork, including trashing their dreams, in order to get everyone's money back. How many others of the 70% of vulnerable contract writers have you heard of or seen trying to fix their code?
    Disagree. See response above about them doing nothing in response to the vulnerability Maker highlight and then to go out to markets and reassure DAO token holders everything is ok.
    Consider your information corrected and all your arguments here invalidated. These people have been working their asses off to get everyone's money back, at their own expense. Or perhaps you've not kept up with the very heated DAO hacker war that still continuing. The Slock.it team have been on the charge ever since the attack and will likely be charging for many months to come just to save some 'no hard forks please' ideal of a minority of mostly Bitcoin trolls.
    So who are you to claim Slock.it are malfeasance
    Just one guy, making an argument on a forum. Your point on malfeasance is fair. I use a different definition of malfeasance however.
    The wrongful or unjust doing of some act which the doer has no right to perform, or which he has stipulated by contract not to do. It differs from "mis- feasance" and "non-feasance," (which titles see.) See 1 Chit. Pr. 9; 1 Chit. PI. 134; Dudley v. Flemingsburg, 115 Ky. 5, 72 S. W. 327, 00 L. R. A. 575, 103 Am. St. Rep. 253; Coite v. Lynes, 33 Conn. 115; Bell v. Josse- lyn, 3 Gray (Mass.) 311, 63 Am. Dec. 741..
    Reassuring markets that everything is a-ok when it is certainly not the case is what I would argue that slock.it had absolutely no right(read unjustly) to do. It's an argument, not black letter and I have more arguments! If you want to talk about negligence or "fraud on the market", we can dance! :)
    Again completely invalidated by the facts.
    ... and say absolutely fuck all about the actions of the thief!
    The thief is just being a thief. He should be punished. I agree with you. I just don't think there is really anything interesting about it.
    Apart from the fact that he's still out there. Apart from the fact he holds 3.7eth to ransom. Apart from the fact that his team broke the DAO when no one else could. Apart from the fact that he's still hacking DAO's because he infiltrated the White Hat's own salvage DAO. Apart from the fact he's the most central player in all this. Maybe you're right, maybe he just not that interesting....
    please don't scare away the lawyer yet.
    Lol, "I ain't never scared"..... except when businesses fail to "fight for the users" and are too wrapped up in self-interest
    Again, they haven't stopped fighting. You're just too clueless to realise how much of a novice your really are in all this and would prefer to just assume a superior intellectual opinion of derision.
    Post edited by o0ragman0o on
  • Re: Reward for tracking the hackers

    I had some criticism about the DAO and the managment of the foundation. the post was removed.

    anyway they seem to be mounting a counter attack as evident by the 21% jump ..

    go V go !!

    please don't scare away the lawyer yet.
    @G416G Yes but unfortunately you criticise a great deal of stuff which does you a greater dis-service when people don't take you seriously any more.

    As one of the community code reviewers, I also had enough to be critical about I wrote an entire white paper outlining are far more intrinsically secure DAO architecture and began coding up that architecture. I was also invited in on the DAO2.0 channel to discuss such matters. I gave Slock.it a draft before they even went live. As for coding, a bug in Mix-IDE wiped my entire project directory (talking about code quality, QT mainly to blame!) and I lost the lot apart from a PDF of the draft.

    But unfortunately skilled Solidity coders are still pretty rare to come by and it was my own inexperience showing through when I also failed to see the vulnerability. So I could only properly critique at the architectural level. It's certainly a hard failure to face, but I offered what I could and I'm still working (independently) to create a better DAO, and the underlying framework it will require.
  • Re: Reward for tracking the hackers

    Keep dancing boys.... Midnight's past and your coach is now a mouse infested pumpkin.

    DAO had no asset backing so how can tokens be considered a security? What was being secured? Slock.it was not soliciting money and are entirely independent from the DAO. The only securities that I see as relating to the DAO would be the Reward Tokens 'after' a proposal has been successfully voted upon, which obviously never happened. Until then, Tokens are just an account balance.