Profile overview for MadCamel.
Submission statistics

This user made no submissions.

This user has so far shared a total of 0 links, started a total of 0 discussions and submitted a total of 9 comments.

Voting habits

Submissions: This user has upvoted 8 and downvoted 0 submissions.

Comments: This user has upvoted 13 and downvoted 0 comments.

Submission ratings

5 highest rated submissions:

This user made no submissions.

5 lowest rated submissions:

This user made no submissions.

Comment ratings

3 highest rated comments:

We're saying goodbye to global restrictions based on SCP and CCP submitted by Atko to announcements

MadCamel 1 points 9 points (+10|-1) ago

Using IPs is a very bad idea.

What will happen when the UK's IWF or Russia's ROSKOMNADZOR considers a page on voat obscene? These systems implement page-by-page blocking by routing all traffic to any site with a censored page through proxies. The end result is that you start to get entire COUNTRIES of users coming from only 20 or so IP addresses.

Also, I don't see how it's possible to securely store IP addresses given the tiny amount of entropy in an ipv4 address. You'd have to use something really heavy like pbkdf2 with a few thousand rounds. At this point it would take the server a few seconds at 100% CPU load to encode a single IP address. I doubt this is being done. Therefore it's VERY safe to assume that a malicious actor with access to voat's database could pull IP addresses from it. And voat's databases are kept on cloud servers...

Don't get me wrong, it's not a huge problem. There are plenty of easier ways for a malicious actor to get users IP addresses. But I don't like that Atko is promising something he can't feasibly deliver...

IP hashes, how to reverse. submitted by TheSoaringShite to voatdev

MadCamel 0 points 8 points (+8|-0) ago

This was my first thought when I saw "encrypted ip address". Yup, trivially reversed. False sense of security. Might as well not bother hashing them honestly. Save some cpu cycles and complexity.

To put it in perspective, ipv4 is only 32 bits. Cracking these hashes is equivalent to cracking a 4-character password. More like a 3 character password when obviously non-routed addresses are removed. This could be bruteforced on an etch-a-sketch.

Even salted to prevent rainbow tables, there just isn't enough entropy in an ipv4 address to make cracking the hashes challenging. The only solution that could increase the difficulty beyond trivial would be to use something heavy like pbkdf2 with 2k+ rounds. Even then this is still breakable, it'd just likely cost a little money. Also using such an intense algorithm wouldn't do well for voat's server load..

Watch serial downvoating in real-time! submitted by moe to whatever

MadCamel 0 points 4 points (+4|-0) ago

What if I upvote you then?

3 lowest rated comments:

How does Bitcoin work, and can I get rich by mining? submitted by sulami to TeachMeSomething

MadCamel 1 points 0 points (+1|-1) ago

This is one of those things it's easy to get rabbit-holed on. I'm going to try for a very simplified explanation, skipping the cryptography bits.

Essentially Bitcoin is just a way of placing value on computation. To mine a Bitcoin your computer must solve a complex calculation. As more Bitcoins are generated, the complexity of the calculation goes up.

Bitcoin is also a method of transferring this value. One of the big perks of Bitcoin is that it's decentralized - no one entity controls it. When you send Bitcoin to someone the transaction is recorded in the block chain. Think of it as a public ledger of transactions. This is all done in a rather complicated but hopefully secure manner.

No, you probably can't get rich by mining. As the mining complexity goes up it becomes harder and harder to mine. At this point companies are custom-fabricating special purpose mining processors and setting up large farms of them to run in parallel.


Would You Like to Know More?

We're saying goodbye to global restrictions based on SCP and CCP submitted by Atko to announcements

MadCamel 0 points 0 points (+0|-0) ago

Ah, thanks for the info. I'm more familiar with IWF. They do the same thing, sending blacklists to ISPs. The ISPs then route (not DNS jiggering, actual routing/traffic interception) IP addresses of sites with blocked pages through an ISP-owned transparent proxy farm.

deleted by user submitted by deleted to ideasforvoat

MadCamel 0 points 1 points (+1|-0) ago

eek! I get spookyd! thank mr skeltal!