I haven’t. But I have watched him talk about it for a few hours.
Why would anyone expose certain control actions other than for an open money? Seems like an assumption that they would is critical to his thesis, and it seemed like he was saying states would for some reason do that instead of what they do now.
Securing server requests by requiring them to be accompanied by a reusable proof-of-work is effectively saying the only way you can attack my server is with Bitcoin.
Military servers are ddosed on a regular basis by adversaries.
This can be greatly mitigated using the method mentioned above.
In this way militaries will stockpile BTC and view it as a cybersecurity paradigm shift and also a digital ammunition if you wanted to use it to attack an adversaries servers.
The attacking using BTC may prove to simply be too prohibitively costly however which would just cement the cybersecurity aspect of it.
At the moment simply competing over the special privilege of mining the next block for its monetary value is still a key aspect of softwar.
Specifically, the API request includes a Lightning payment? Since it’s the government, they can just re-use it after accepting, but if it’s an alien they would be losing money with each attempt?
Yeah.. lightning or something similar.
Gotcha. No need for large amounts in that case since it can be rapidly recycled, correct?
How much of the DDOS success comes from just getting the server to read your message to check for bitcoin? With lightning, the server may need to respond with an invoice - which probably is just as bad as whatever else they would have responded with i think. Does that sound right?
I'm not that technical.. his thesis is available online for free and the chapter that covers this specific aspect is Chapter 5.8 called Electro-Cyber Security Dome Concept.
Do you have a link to it?
Ok, so my reading of that section in Softwar is that basically he isn’t proposing a specific implementation on that section, just that interesting stuff might be doable.
I also think I know now what he means when he says “control actions”. Basically, database interactions, API request consideration, etc. Not what I originally thought, which was preventing access to restricted networks computers, though the lightning thing we mentioned could work..
Let me think through a specific idea based on that section for a moment:
All API requests need to come in with non-reusable proof of work to some threshold. Nothing we can do about DDoS here where the devices are infected, because the attacker is stealing the work via the infected devices.
Requests that have the required proof of work are then given a lightning invoice. The full lifecycle of the Lightning payment will add possibly several seconds of latency, making them a poor choice for any use cases that need high speed interactions.
So no dome for high speed API…
Low speed could definitely work..
Seems like we need a concrete why though. The big social media companies are using DoS protection measures, and it seems like they don’t NEED this. Who/what does? Nostr users basically use them as a signaling tool for what we like via zaps. What would a state want them for?
