Chainlink Security / Valuation

>Ignore this shithead senpai. Decent thread.

Thanks m8,
DESU I'm racking my brains trying to work out how to leverage my IT sec knowledge around these offerings. It is a risk on a number of levels but at the end of the day what worries me is the incumbents in Financial Services, The government, the constant volatility in price far more. sigh)

However all these companies seem to me to be at risk from concerted attack by Advanced Persistent Threats as follows: (not exhaustive)

1. architectural flaws in crypto (exposure of private keys / complete failure of the system / offering / coin) (think WEP back in the day - it seems a focus is on upping the speed from Bitcoin / Eth but this would necessarily mean the risk that you fucked up your crypto. I've been in infosec for ages and I know NO-ONE with a solid grasp of crypto - everyone has been using COTS solutions here for decades and there is a fucking abysmal skills gap)
2. Nation State / Surveillance state / Deep state / terrorist state meddling (.gov are now in more cabinets than Narnia and the Norks are pretty much a cyber crime family now AFAIK) as an eg - UK and Brexit. If UK took a favourable regulatory position on crypto strategically they would almost certainly be doing so to protect the approx 60% of GDP that comes from financial services, they will be biased against heavy disruption and their security services have an unwarranted level of power because 'muh scary muslims')
3. Infra security / ops security - which of these companies have nailed down their Op-sec / online presence against crime gangs. Think all the phishing for ransomware last year. Talent goes where the money is and there is great value in dropping a shell in one of these firms. Not least cos its unregulated and 'insider' info is a non-crime?
4. DDoS. Compute intensive tasks seem to me to be at elevated risk of Denial of Service? Think Zip bombs.

Running out of chars...

op bamping as I gotta run to the shops and threads die pretty quick here)

I think ark is a comptetitor to chainlink. besides that the current blockchain solution ethereum is using is outdated because everyone is building on 1 huge block (ethereum) thus congesting the network.

skycoin anticipated this already in 2013 and built a whole new system from scratch. skycoin is developed by hardcore btc OG's check out their github

is there any way I can contact you? twitter/telegram

dumb post DYOR you'll never make it

Sage

Dyor and read the whitepaper
We dont need kids here

I have worked nearly 40 years in cyber security and i can say you chainlink is the best investment right now.
Stop coming here wirh your filthy pajeet nazi jewface

How the fuck is ark a competitor pajeet?

>I think ark is a comptetitor to chainlink. besides that the current blockchain solution ethereum is using is outdated because everyone is building on 1 huge block (ethereum) thus congesting the network.
>skycoin anticipated this already in 2013 and built a whole new system from scratch. skycoin is developed by hardcore btc OG's check out their github

Thanks m8, appreciated, will check it out.

>Dyor and read the whitepaper

I did user, thats why I'm here.

>I think ark is a comptetitor to chainlink

This is hilarious. Honestly, OP, you might just want to do more reading than asking here. Some enthusiastic and even sincere people could totally fuck you over with faulty advice.

>Some enthusiastic and even sincere people could totally fuck you over with faulty advice.

you or him?

But thnx, there's fuck all worth reading here, I'm out.

I think part of the hype around CL is due to the fact that nobody else is as far - at least publically. Some cryptos (mobius, etc) claim oracles, but aren’t even in alpha and are more limited (chain-specific). People think Vitalik might/should add one to eth but - AFAIK - isn’t working on it.

I think oraclize is the solution in use (not that most or any cryptos are deivering on value prop).

There’s also a concern about intel sgx as a vulnerability.

Have you tried setting up a node to poke at?

Link will eventually be blockchain agnostic so it will work across all platforms. No need to compare it to a competitor that is just interested in its own ecosystem.

you sound rational unlike most anons here. Could you message me on telegram? we could help eachother out. @tonybtc2

>There’s also a concern about intel sgx as a vulnerability.
(SGX is golden m8, but it will be subject to a projected rape by sec researchers in mid term. SGX solves the bigger, URGENT, problem of trust in the cloud so I have no doubts about its adoption.)
>Have you tried setting up a node to poke at?
Nope. So far I've just looked at the overall maintenance / security of a couple of shit coins's web sites - out of date libraries, all the usual shit - sooo many fucking Pajeets lol. Also, LinkedIn is a very good guide to security. I'd be more likely to run some static code analysis against some of the githubs)

>you sound rational unlike most anons here. Could you message me on telegram? we could help eachother out. @tonybtc2

Yeah m8 no probs I'll ping you now.

>Vitalik might/should add one to eth but - AFAIK - isn’t working on it.

Has he mentioned them since his 2014 blog post?

ChainLink might have no future considering tech like r3Corda.

r3.com

strongly suggest you request an invite to the slack channel: support @ smartcontract.com
and check out the gitter.

>1. Who is the competition for middleware /oracles (I'm thinking Ethereum themselves could just deploy a similar service within short / mid term, or ?
Decentralized oracle network, no. They've been in development longest, established a community of potential node operators, and once that's online, a strong network effect will get established.
See pic related for why it's not a big deal to CL even if it's not the go-to oracle for ETH, BTC etc.
>2. Do they have a patent or similar in place for their oracles?
Not sure about this, and doubt they'd reveal that. Once mainnet is live, more announcements may be made.

What I will say is this: if actual legit concerns surrounding CL arise, you'll be sure it gets spammed here. There are accumulators and trolls that love seeing it FUD to death lol
Like look how pops up
>r3.com

Explain how this will solve the problem of centralized oracle services, that will have vulnerabilities at the external data inputs and payment outputs, when executing a smart-contract through that network?
If they don't solve that, that's where CL comes in and augments their solution.
Hence the meme that ChainLink is the spade and refinery, etc., in the gold-rush.
Look toward open banking APIs to understand why LINK is going to be huge:

reddit.com/r/LINKTrader/comments/7pqo5t/anyone_know_if_link_is_involved_in_the_europes/dsjn7vh/

If u say CL another time i ll find u and kill u with ur whole family . It s called LINK u stupid stinky linky and stop fud LINK every day for Satoshi's sake

1. Who is the competition for middleware/oracles (I'm thinking Ethereum themselves could just deploy a similar service within short / mid term, or ?

Honestly nobody. While there are ostensibly other Oracle projects there is nothing that is even attempting what ChainLink is proposing. The hardware requirements and knowledge community you have to recruit to create the ChainLink network is unprecedented. Its success relies on a large number of technically literate people committing themselves to running nodes. Thousands, potentially. But once the ChainLink network is established the incumbent power of the first mover advantage will be absolutely monstrous. Think about it, potentially thousands of node operators have gone through the entire process of training themselves specifically within the parameters of the ChainLink network in order to accrue the ChainLink token. Once that's established it will take incredible resources to deploy a meaningful competitor. This is really a space where FMA is absolutely massive.

2. Do they have a patent or similar in place for their oracles?

Not to my knowledge. But their repos are private and even so, I return to my first point about the scale of the infrastructure. ChainLink is so much more than the software, and is already so connected in the fields where it could be paradigm shifting (securities, for instance) that even if the code is open source someone could copy it and only be 2% of the way to an actual decentralised oracle network that has deep industry connections and a working mechanism.

1. None. You'll hear claims from legit projects like aeternity that they plan to have them for their blockchain does everything (they don't have jack). There are plethora of scamcoins like Mobius and Zap that claim to have them or one day having them but don't. The rest are unusable centralised oracles like Oracalised that no high value smart contract will ever be trusted with.

2. I'm not sure but the private nature of this project (keeping GitHub of alpha under wraps) means they are aware of banks and other projects stealing ideas and using it for themselves. I'll ask on the slack and find our. In any case, ChainLink has first mover advantage when it comes to decentralized oracles tech.

(continuing that napkin risk assessment I started above - just thinking out loud)

5. Sybil - this is the biggest threat to Tor as I understand it (Feds owning majority of the exit nodes, AND the telco cabinets and even then AFAIK Bruce Schneier still considers TOR safe) and from what I understood from the whitepaper and the positioning of all the parties this is a marginal / situational issue among bad actors / shady places with strong anti tampering at software and hardware level - also we can expect early adoption from FS and they won't be any more gameable / corrupt than they are now - basically trustworthy?)
6. Hardware / SGX / enclaves - I don't see the difference effectively between enclaved / non enclaved resources viz zero days etc. The risk here is Intrusion detection / incident response / upgradeability / patching being manageable by participants. This is always alot of work, seldom done to satisfaction, but again this risk is little different than the existing risk)

Hmm, I'll post more if I think of it, but here's my breakdown (long term qualitative assessment based on value erosion of CL through security failures)

(probability / impact)
1. Medium / High
2. High / High
3. Low / Low
4. Low / Low
5. High / Low)
6. High / Low)

I just pulled all that out my ass pretty much but I hope it helps a little... This is a back of the envelope approximation of work I've done before for clients, and it reflects the basic pillars / conventions of any qualitative security risk management / assessment done by the financial services entities viz their holdings)

>I spend twenty pounds sterling a day on cigarettes
>the state of /pol/
Fucking degenerate, neck yourself.

In regards to your point 2 and
>they will be biased against heavy disruption
I would say that that bias will disappear when they are handed something that will save them vast quantities of money and time. There is a reason Sergey is drawing analogies with SaaS. There is a reason he is already goading that the financial services sector "not hold on to power". And it will simply get to a point where the vastly superior reconciliation power of smart contracts will be unavoidable. The people using it will be hugely advantaged. The people who resist will risk getting left behind. The financial sector will not more fight ChainLink than it fights the development of the internet. It won't throw away a toolkit that confers obvious and massive advantages.

bumping cause interest, please keep posting op, for once we have a decent thread

>means they are aware of banks and other projects stealing ideas and using it for themselves.

m8, I'll bet you a dollar to a donut that these guys cant hide their source code for long. Shit, I assumed it was open source. But anyway, that source code is accessible through every project member and spear phishing (thats what I'd do to get to it - it'll be all over their personal systems - they are too small to ace opsec - anyway, it doesnt concern me overall. What concerns me more is...)

>2. Do they have a patent or similar in place for their oracles?
>Not to my knowledge. But their repos are private and even so, I return to my first point about the scale of the infrastructure. ChainLink is so much more than the software, and is already so connected in the fields where it could be paradigm shifting (securities, for instance) that even if the code is open source someone could copy it and only be 2% of the way to an actual decentralised oracle network that has deep industry connections and a working mechanism.
How can they not have this patented / protected? (actually not really a security issue but watevs. I disagree with your 2% estimate. It would take a decent team six months to prototype from the whitepaper and the links to business (SWIFT) mean nothing - or to me they mean Swift are copying someone elseshomework, nothing more)

You're totally entitled to that view, user, and I think it's healthy to be skeptical. I also think you should buy 10k LINK and put it aside for a couple of years, just in case, haha.

>It won't throw away a toolkit that confers obvious and massive advantages.

Good post but I'm not saying that. I'm saying they will either steal that toolset or build an analogue of it - fast. Also point 2 was .gov not fs?)

re the gov thing - I see them as an ally / they have a huge fucking hardon for smart cities / firing the sheboon / zombies that stick to the govs ass like winnets. But conversely you have the tax revenue from FS. If you think any threat to that won't literally be met with boots on the ground youre mistaken I fear... Take Brexit - if our FS industry suffers in any way we will end up starving in the streets - no fukn joke)

NB, most of the sec work ive done is in FS, I've spent about five years knocking around in Investment Banking.

>I also think you should buy 10k LINK and put it aside for a couple of years, just in case, haha.

I agree.

Adding to that, the network effect, regardless of being a first-mover is massive. One of the reasons BTC is so entrenched is because it has multiple reinforcing network effects.
In ChainLink's case, you're going to have:
>Multiple corporate parties that need to use secure end-to-end smart-contracts
>Node-operators
>Stakers / Pooling
>Developers
>Speculators, because of the potential value of the above.
Probably more, but I'm a brainlet today

>should buy 10k LINK and put it aside for a couple of years, just in case
This. Because of the above points.
Until someone finds something as ambitious and with this much potential to fulfil the vision, LINK should be the "high-risk" moonshot that everyone should have at least 5-10% of their portfolio

I wish 10k link would be 10% of my folio.
Reality is it's 80% of it...

>it took 3 hours for thread to filter out FUD and DYOR retards
>OP still here and thread still alive
You got literally iron hands, OP, keep it up!

>You got literally iron hands, OP, keep it up!
haha, yeah but not the first time ive tried talking about this on here. Got DYOR'd fucking hard - and you know what they were right! (then)

lads i gotta go out for an hour pls keep the lasagne flying, bitches. will check back in.

Good thread OP. ignore the trolls, we need more threads like this.

It's certainly possible. I'm not saying that ChainLink is so sophisticated that it can't be replicated by an entity with substantial resources.
But there's an ideological component too. People are legitimately excited about decentralisation. Developers are legitimately excited. Node operators are legitimately excited. ChainLink will have legs because it has a growing community of people who see its potential and want to see it succeed, and that have the technological nous to participate.

Sure, the government or FS could offer huge financial incentives to encourage people to participate in a parallel network, but I would be very surprised if the top talent would actually drop ChainLink to focus exclusively on a competitor that was borne from the very system that many decentralisation advocates see as being part of the problem in the first place.
Not ruling anything out, of course, but don't underestimate the ideological component underwriting a lot of this development.

This. It also reminds me of the early BTC days. You can't sway some of these devs and the community with money alone. First of all, there will be tons of money in CL, the way things are going, but you're right. The ideology what's going to keep the flame of decentralization burning bright, especially for data-sources, smart-contracts and payment outputs. This is basically a big fuck-you to the centralized components in the entire end-to-end process of a data-driven contract that could easily be converted to a smart contract now. If one day that it could expand to a broader range of social contracts, we're talking about changing society at a very fundamental level, which seems absurd. But this level of thinking is what got BTC off the ground in the early days

good thread op, keep it coming. If you're confident in your knowledge why not move aggressively into crypto security consulting? That's what I'd be doing if I wasn't a brainlet

So nice to read a fucking informative thread about LINK for once instead of some shit post either shilling or fudding it.

Watching some of sergeys talks too really helps as well, it seems like LINK (or some other Oracle) is pretty key to unlocking the full potential of smart contracts. Probably going to grab some LINK soon, thanks for all the info lads.

Hi user, take a look at this thread and telegram channel:

t.me/joinchat/AAAAAEY5x10qJrZEEQJmDw

Watchbro's opinion is respected in the Veeky Forums community and he is currently busy starting up a crypto hedgefund. As you are interested in the cryptospace we could help each other out

>oraclize

Thanks mate, had a look at it.

>r3.com

hmmm. 'partnership with banks'
doesn't list a single fucking bank?
And no they cant have my email addr for their whitepaper.

Their code will be open sourced. They are keeping it private during the development phase and gradually open sourcing bits and pieces of it.

Recently they made public the code for Link nodes:
github.com/smartcontractkit/chainlink

For me, the biggest potential in ChainLink is that they are the best crypto atm to leverage the upcoming PSD2 requirements (basically, banks will be forced to make their services available via APIs): reddit.com/r/LINKTrader/comments/7pqo5t/anyone_know_if_link_is_involved_in_the_europes/dsjn7vh/

>reddit.com/r/LINKTrader/comments/7pqo5t/anyone_know_if_link_is_involved_in_the_europes/dsjn7vh/

gr8 post user, I wasn't aware of the new EU directive re API's that's very handy. Very handy indeed...

>established a community of potential node operators
Thanks, will watch them going forwards.

>strongly suggest you request an invite to the slack channel: support @ smartcontract.com
>and check out the gitter.

Excellent suggestion user, jumping in...

lol. I'll admit that I'm ignorant about a lot of things on LINK, as someone who bought in. And I think a lot of other LINK holders are also quite ignorant. But what's ridiculous is how ignorant the FUD is. It's like they look for the first thing that slightly contradicts or competes with LINK and spew it. It's honestly mostly trolls who are probably holders and bored.
>For me, the biggest potential in ChainLink is that they are the best crypto atm to leverage the upcoming PSD2 requirements (basically, banks will be forced to make their services available via APIs)
Second this, this needs to be looked into more deeply.
>community of potential node operators
That's why definitely check the github as mentioned.
Definitely request access to slack channel and gitter for sure. I think the gitter you can access directly from /r/LINKTrader

>If you're confident in your knowledge why not move aggressively into crypto security consulting?

Thanks, yes, this penny dropped over the weekend, I'm training up now, should be in the mix by summer.

>Second this, this needs to be looked into more deeply.

I'm not offering much of an insight here but in my time in Inv Banking I saw EVERY regulation / compliance issue observed to the letter, often at great expense and to the annoyance of many projects. As a sec consultant I was the gateway between the projects and Compliance on a daily basis.
I would be shocked if the banks didn't treat this reg the same.

Hopefully we convinced you mate

You should go all in like I did

>1. Who is the competition for middleware /oracles (I'm thinking Ethereum themselves could just deploy a similar service within short / mid term, or ?
Please first learn what Ethereum is before asking these dumb questions.

>github.com/smartcontractkit/chainlink
bingo - Golang first? I like where he's going with that...
Holy fuck lads thnx.

>and he is currently busy starting up a crypto hedgefund.

Makes sense, thnx user, have dropped in to his TG.