What is the ideal hardware configuration to become a B&C reputed signer?

Sabreiib 2016-03-12 15:34:57 UTC #15

jooize 2016-03-12 15:45:21 UTC #16

Minting isn’t very CPU intensive according to what I hear (more pressure on RAM?), but a problem with iOS (iPhone) has been that apps are not allowed to run longer than 10 minutes in the background. Apple gives exceptions for audio code (Spotify etc.) and some other uses. I wonder if apps can be programmed to run any code indefinitely when not going via the App Store. It seems it should be possible. I feel like it might reduce battery life to an unacceptable degree, unfortunately.

Wait, is this even about minting?

Sabreiib 2016-03-12 15:54:10 UTC #17

In 2017, a second hand iphone6s may become cheap and with its 1.8Ghz sky lake level performance and low power consumption, connected with wired lightning charger. It should be a safe device for B&C signers as long as our app can run indefinitely.

Raspberrypi3 is Cortex A53@1.2Gh, single thread performance is around 1/6 of A9 (iPhone 6S), such a rubbish hardware with same power consumption with the phone.

jooize 2016-03-12 16:02:41 UTC #18

I like the idea of using an iPhone, but any Raspberry Pi is likely to be way cheaper than an iPhone 6s in many years, and I think people won’t be super excited to buy a modern phone only to have it sit on a table. If profitability is high, then maybe! The app would have to be written as well.

Sabreiib 2016-03-12 16:10:44 UTC #19

Agree. But I guess most B&C signers can afford an old iPhone. Is 350$ a lot of money? For me, I am trying to find an excuse to replace my iPhone 6.

Xcode can handle C/C++ code, so the most time consuming part of making this app should be the GUI design.

masterOfDisaster 2016-03-12 16:59:11 UTC #20

Especially if you take redundancy into consideration and ease of full system backup/restore!
Just dump the SD card via dd to a backup file and restore it within minutes!

Right! On a RaPi you can just compile the source code.

JordanLee 2016-03-12 17:57:36 UTC #21

I expect we will see some experimentation and over time our concept of best practices for providing signer security and availability will evolve.

I will just outline what I had envisioned with the expectation that the community may be able improve upon it.

First, remember that no one needs to know signer IP addresses at any time. Communication to signers and from signers is exclusively by general network broadcast among all peers. Allowing anyone to know the IP address of a signer client is an unnecessary security risk.

With that in mind, signers can open a single use email account and purchase their Linux VPS or dedicated server using NuBits or Bitcoin. They then install the clients they need (such as Nu, B&C and Bitcoin) and the Tor Browser Bundle. The clients are all easily configured to use Tor as a proxy using the graphical interfaces.

The B&C network is unable to distinguish a signer node from other nodes that are minting or just broadcasting messages. Even if you could identify a signer node, you would only know the IP address of its Tor exit node.

Though this setup brings some risk of compromise from the VPS service provider, it seems quite small because there is no reason they would understand the VPS is being used for B&C Exchange signing. VPS providers compete on providing computing that can’t be tampered with by employees with administrative rights. All the VPS provider can observe from the network traffic is that the server is communicating over Tor.

It is possible to increase the security of the design by using multiple servers, failover nodes and so forth, but the above configuration is quite simple to set up and should suffice to begin with.

A signer server set up this way is likely harder to locate than a Tor hidden service.

Cybnate 2016-03-13 01:53:02 UTC #22

Just had an example of the availability risk with just a single VPS. I had this message from support:

We’ve had to reboot your VPS as a result of an issue with the physical node that hosts your VPS. We will continue to investigate the health of this physical node to determine if this was an isolated or systemic issue.

No action is required on your part at this time and we apologize for any troubles this may have caused.

It was a brief outage, however it surfaced some issues with autostart processes which further delayed the availability of services on this VPS. Just as an illustration.

Sabreiib 2016-03-13 02:59:06 UTC #23

The key question is how many signers do we need in future?

In 2009, Satoshi was minting BTC but that’s fine & indispensable because seldom people noticed and participated in it then, so is @tomjoad applying for the first signer today. If B&C become successful in future, any VIP on forum, any important signer is the target of governments or criminals, there is no 100% safe technology to hide ourselves, plz refer to silk road behind Tor.

Server-client mode is not future, the best way is peer to peer, decentralized network. Any customer of B&C is potential signer of B&C exchange, as long as he/she has some BKS. How many customer are familiar with VPS setup or linux? And how many customer can use phone? In this initial stage, we need specialists on IT field putting up Tor/VPS, but I guess the future is a phone app for millions of people, in this app, customers can be complete node or SPV node for various blockchains, they trade cryptos with it, apply for signer and get voted in it, this app automatically handles communication between different chains. Protect the data by Touch ID and erasing content if 10 wrong passwords are attempted. The app can store complete blockchain files via wifi NAS at home, and trade with SPV mode when going out. If there are thousands of signers in signer pools, the availability of single signer is not important when wifi and wired charger not available.

In future, if B&C escrow system developed, the instant micropayment between B&C accounts becomes true, e.g. one customer wanna spend 0.05$ to read one webpage and (automatically, randomly) authorize 4 or 12 lower reputed signers among thousands signers to complete the transaction, he/she doesn’t care of the signer reputation at all because losing 0.05$ is small case, and lower reputed signers often charge lower fee.

Hope B&C has one million customers and half of them are signers, full time or part time. So, the ball is kicked to governments or hackers, can they find our weakness points?

mhps 2016-03-13 03:38:38 UTC #24

@peerchemist might be able to come up a solution based on his peerbox experience.

peerchemist 2016-03-13 10:10:27 UTC #25

@mhps
I might. Firewall rules are just a tip of the iceberg though. Something like more specialized and even more hardened Peerbox it is what I suggested back then while B&C was just an idea and I was one of first reviewers. Such setup would make network more geographically distributed and would have avoided data leakage via 3rd party service providers (VPS, etc…). Naturally all boxes would be routed through I2P or Tor.

However I have no time or desire to volunteer for what I consider a failed project.

masterOfDisaster 2016-03-13 10:56:16 UTC #26

I agree there are some challenges, but I can’t recognize why it’s necessarily failed.
Then again I’m no developer with no in-depth knowledge about all that.
I can try to grasp the basic concept, though, which I still consider worth exploring.

If you’d like to contribute to such a project by creating a “BCEbox”, although you doubt the success of the project, I bet you have a good chance getting a motion or a grant for a payed contract passed.
I’d favour an approach that splits the signing environment from the wallets of the assets for which the signer is processing transactions.

I’m interested to hear your reasoning for the purported failure of BCE and what others think about a “BCEbox”.

tomjoad 2016-03-14 00:56:46 UTC #27

I would be interested in using a BCEBox too.

I don’t think it’s accurate to characterize B&C Exchange as failed; a more accurate description would be temporarily delayed. Momentum is building again with the hiring of @Eleven as well as other developers putting in more time. I’ve seen more signs of development activity in the past two weeks than I saw in the second half of 2015, which is exciting to see.

I think we’re on the right track again for releasing a decentralized exchange that can capture significant market share among cryptocurrency traders.

Sabreiib 2016-03-14 02:16:26 UTC #28

Is there a signer pool? How many signers shall we design for? If there are only a dozen of signers, how can we call it decentralized? Those traditional exchanges are also using multisignature.

masterOfDisaster 2016-03-14 03:11:39 UTC #29

My answer would be (I translate a dozen to 12)

numSigners=12
if $numSigners > 1; then
	echo "call it decentralized"
else
	echo "call it centralized"
fi

If those 12 are on different places, it’s not only decentralized, but distributed as well

tomjoad 2016-03-14 04:09:41 UTC #30

There is a difference between decentralization and distribution, as @masterOfDisaster points out. B&C Exchange is decentralized by virtue of its operation in many different countries.

I would feel very comfortable with 6 signers if it was @JordanLee, @sigmike, @Coingame, @Cybnate and @cryptog signing alongside me, but less comfortable if it was brand-new community members I wasn’t familiar with. BlockShareholders will likely vote for higher numbers of signers if established community members don’t step forward.

I think it would be very difficult to coordinate a theft with 6 or more signers. It would require a dishonest signer to establish sufficient reputation, for 3 other signers to be dishonest (in a 4-of-6 setup), and for someone to correctly identify and scheme with the other 3 dishonest signers without accidentally notifying an honest signer who would sound the alarm to shareholders. It’s possible if a group of dishonest people coordinated in secret to become elected as signers, but that will be increasingly unlikely if BlockShareholders vote for a few signers (like myself) who would never commit a theft. I think the majority of people are honest and trustworthy, and it is unlikely that a majority of signers would become corrupt.

masterOfDisaster 2016-03-14 04:18:37 UTC #31

What about making it 7?
I’m toying with the idea of applying for a signer role as well, although I need to know the amount and type of collateral required for that (I hope not only BKS is accepted, but e.g. PPC as well), before I want to waste mine and BKS holders’ time with a proposal.
Plus I want to find out what hardware requirements are really there to become a signer.

Renting a dedicated server would be beyond what I’d like to do.
Renting a VPS has other drawbacks I already explained.
If a RaspberryPi that runs the signing environment can be used together with machines that run the wallets, of the coins for which is signed, I might be in - technincal wise; the collateral still is an issue.

Life taught me not to rely on what I consider an in general respectable stance on people’s honesty and trustworthiness.

…as long as the collateral is sufficiently high the economical incentive of not risking the collateral adds up to the integrity created by honesty.

Sabreiib 2016-03-14 05:21:21 UTC #32

Although I personally trust you six, the public outside our comumity may not think so, some will declare that B&C is semi-decentralzied. E.g. when a dozen of BTC mining pool owners gathered in one room in HK, some said the BTC decentralization is in danger.

I suggest for different tiers of signers in one big signer pool. Build it up step by step.

top signers(get voted, less than 12), something like members of the board of directors

Is responsible for new BKS/BKC issuing, develope foundation(a portion of profit, if any) holding. Being a top signer is not comfortable, although he/she may earn a lot of profit, they are the targets of government or criminals(hackers), especially he/she exposes private information on various social media.

middle signers (e.g. pledge 10-100BKS), hundreds of them
Perform payment value from 1$ to 100$.
lowest signers(eg. pledge 1-10 BKS), thousands even millions of them

Can perform micropayment below 1$. In fact any B&C customer can apply this kind of signers if he/she pledge 1BKS to the protocol. They can earn a little BKS to compensate the BKC fee when they need other people to confirm transaction. One for all, and all for one. In the end, we may build up a free/exteremey low fee micropayment system with great transaction ability such as 1,000,000 tx per second.

dysconnect 2016-03-17 16:18:23 UTC #33

I am still not fully aware of the required setup. Presumably I need to make RPC calls to the VPS. Do I need to send the calls via HTTPS? Is BCE going to handle this for us natively?

tomjoad 2016-03-21 02:53:51 UTC #34

@JordanLee Do you have an opinion on the safety of operating Bitcoin wallets over Tor? At least one researcher indicates that it makes the transactions less safe and more prone to theft: https://news.ycombinator.com/item?id=8497303