Bitcoin Forum

Okay okay, before you rush and say "To prevent spam attacks!!", please wait and read this whole thread.

^The above argument is what I hear all the time. However, there is something not quite right about that reasoning. It doesn't make sense.

Let's start with a little background info...

Satoshi implemented the 1 MB blocksize limit without telling anyone; He just did it randomly. There was no discussion beforehand and after he did it, he did not mention it anywhere. People had to look at the code/use it to see the change. The mannerism in which the 1 MB blocksize limit was added is already strange in itself and as soon as it was done, debates/arguments among the community started happening.

Satoshi never told people that the 1 MB limit was to prevent spam - its just what everyone inferred.

Okay... history lesson over.

Now here is why it doesnt make sense:

The process of a transaction getting confirmed and added to the blockchain goes like this:

1) Tx. is broadcast with a custom fee
2) Tx. is added to the mempool
3) Miner collects tx. from the mempool (usually they will pic tx. based on which has the highest fee and work their way down from there)
4) Miner adds tx. to their block
5) Miner calculates the proof of work
6) Miner publishes block to the blockchain

Okay now we have the process outlined we can analyse the miners incentives/behaviour. I'll be using game theory to explain this and here is where it gets interesting.

The miners main goal is to make profit. This is why he adds tx. to his block in the first place (it allows for more fees and thus, more profits). So we can assume that without the blocksize limit, the miners would add infinite tx. to their block right? WRONG!

Allow me to explain:

Look at step 3.. Collecting the tx. from the mempool and adding it to their block takes a set amount of time and the longer that the miner spends collecting the tx. and adding it to their block, the less time they can spend calculating the proof of work - thereby giving their competition (other miners) the edge. The miners would naturally (based on game theory) find a nash equilibrium between collecting as many tx. as possible and finding enough time to calculate the proof of work in order to give them the maximum profitability. Thus, we can assume, that without a blocksize limit (infinite), the block size would stay relatively the same.

This is why an infinite block size limit is not an issue. I honestly cannot understand why he added the 1 MB limit.
Can someone please, please explain? I have been pondering this for over a month now. Thanks.

Because he does what he want, he's a grown man leave him alone! And have some respect boy!!
He's the godfather of the new world

Yes new world alright where we now have CPU-Wars between miners, all 20,000 of them here
on Bitcoin and a system that was known from day one would not scale and no one knows who
Satoshi is because the chances are he was working for the CIA or MOSSAD

Please feel free to join me and defend the block-chain and insist Lightning Network does not take
transactions "off-block" to defend his name because other systems like Neo and Ripple can scale the block-chain and do
1000 time more than seven transactions a second.

Learn to think for yourself instead of praying to the fruit machine

I make a good living writing software and it would had been obvious to anyone that has worked
on scaleable system that as implemented Bitcoin could never scale and ETH has played around
with block sizes and timing has manged to speed the BC up from seven transactions per second
to fifteen but you won't get much more than that.

Distributed computer systems break the work down (200gb of files) across servers with redundancy
built in so what we have left is Micky Mouse software and not only is it falling over but the lightning
network is fixing the problem at the wrong level and these hub things ! Well they are mini banks and
you can run one yourself if you have lots of BTC and hardware just like the miners have already and
hope you won't be locked out by the cartel

Don't worry if you get attacked because most people here have a vested interest in papering
over the cracks and making out that everything is fine when its not

As Satoshi never told anyone why he did this, I certainly don't know the reason either.  But I do have experience designing and implementing software systems.  When you initially design a new system, regardless how much you calculate, model or simulate, you just have to decide some parameters and move on.  I think the block size could be one of those items where he needed to pick something and move on to finish the system.

@OP, I agree with your argument. As per game theory and the assumptions you have made, I don't see a reason why the block size limit has to stay at 1 MB.

Newbie question here, is there any way to change the block size limit? How feasible it is to do? Would it require a hard fork?

Great question !


There are three possible answers:

1) Satoshi didn't completely understand the implications of his random choice, which seemed reasonable at the time to him.  

2) Satoshi knew very well what he was doing, was an evil mind, and he was lying through his teeth all the time, to trick us into his nonsense.

3) Satoshi was a true god and genius, and even though we think he might have made a mistake, he was absolutely right in everything he ever did and we are simply too dumb to see it.

There have been a lot of discussions over that issue, and people warned Satoshi that his random decision was recipe to disaster.

The truth is maybe in the 3 things at once.  It is obvious that the spam limit is a joke.  In fact, it makes spam worse.  The excuse was that if a fool mined a single block of 10 GB full of nonsense, the blockchain would be spammed to an incredible size in no time.  That was clearly wrong, because in order for that block to be incorporated into the chain, other miners would have to agree with it.  There's no reason why honest miners would mine on top of a crazy block.  In other words, implicitly, there would be a gross maximum size set by miners and that would grow dynamically.

By putting a hard limit on block size, you actually increase drastically the effect of spam, as we saw.  Once the block is full of spam, transactions are hindered.  This is an efficient DDOS of bitcoin.  If the blocks are elastic, you can spam a lot, that will increase the size to some point, but transactions can go through unhampered, and you'd have to spam like crazy in order to have an efficient DDOS.  Hard limits make DDOSsing of bitcoin in fact much easier.

Satoshi was clearly in favour of very large blocks if useful, and he explains that in the beginning, where he tells us that most normal users shouldn't run a full node, "left to specialists with farms of specialized hardware".  That was in November 2008.

People explained him that putting a hard limit in the protocol would require a hard fork at a point, which might be problematic.  He wavered that away: just changing a constant in the code.

Maybe Satoshi did put a "time bomb" in his bitcoin system because he considered it an experiment from which we have to learn, and it should self-destroy at a certain point in order for us to make a new system with better properties.  Maybe Satoshi wanted to put in a trap, so that only if his heirs were smart enough to have good governance, and if they cannot even change a simple parameter, then it is better that this system dies.  Maybe Satoshi wanted to develop a whole crypto market, and needed to put something nasty in bitcoin, in order to make it lose its first mover advantage and open up the market.

Maybe Satoshi was designing a reserve currency for big, dark, deep state players, and only needed Joe Sixpack to ramp it up, but needed him to be pushed out of bitcoin once the system was up and running, to leave it to the big boys.  Claiming it to be a currency of the people, but at the same time, making its use too expensive for the people, and only allow the big boys on it, was maybe his hidden plan.

But I think that Satoshi simply made a mistake.  He made many.  Bitcoin is quite ill designed.  That doesn't take away the fact that he was a bright mind.  We have hindsight he didn't have.  But he was wrong on this one, as he was wrong on many choices.

You said infinite chain size is not an issue and you are also of the opinion that limiting the size had no effect. I think you already answered your question... He added a neutral protocol that is not imprescindible but useful

I don't know why people are answering full of nonsense things in relation to the question.!!

I believe the secret of 1MB blockchain lies within  Mr. Nakamoto unacknowledged which he doesn't want to share with the world.

The Block size limit was never meant to be fixed. Satoshi knew that transactions would increase over time, but he had to implement a starting point. He did talk with other people like Gavin / Hall / Nick and others, but a increase in the Block size would have been overkill at the time.

Bigger Block sizes could also lead to more spam and it might have been percieved as a possible attack vector. <It was still very experimental back then>

technical progress go faster then Mr. Nakomoto think.
Big block size in 2009 have issues with network speed

Wow! This response gave me lot of possible scenarios which I didn't think of! Thanks for the great insight/thoughts @dinofelis

Among all the possible scenarios listed, my personal favorite is:

On the contrary.  Satoshi knew very well how to do it, and explained it here:

http://satoshi.nakamotoinstitute.org/emails/cryptography/2/

His idea was that there would be a few (100 - 1000 ?) full nodes/miners "with specialized hardware", who are the "Facebook servers" of the block chain, and all users simply connect with light SPV wallets.  He considered 100 GB/day block chain growth not a problem, because only these "nodes with specialized hardware" had to keep them.  So, grossly, he was considering 100MB blocks.

The narrative that every Joe needed a copy of the full block chain in his basement is Core narrative, not Satoshi narrative.

Satoshi never seemed to have publicly seen the difficulty of "hard forks".  In as much as he understood immutability of the past ledger, he didn't seem to have bothered about the same immutability mechanism for the rules (the protocol).  So changing a parameter didn't seem like a lot of troubles, even though people pointed out the danger of it "locking in".

There are a lot of things that can be with Satoshi's mind at that moment which in his/her mind can be good with that 1mb limit per block. Satoshi did not even think that this would came on what we do have not and the demand for Bitcoins could come as far as this. That's why soft forks and hard forks came to the network just to get what the community want and need for the betterment of Bitcoin.

I don't run a mining pool nor do I have access to their code. However, I'm under the impression that the construction of the merkle root should not take that much of a time. While the miner focuses on the fees aspect, the miner should be able to just grab the transaction with the highest fee immediately after they verify the block and remove the relevant transactions. Either way, I feel that the block size would serve as a gauge for a controlled growth such that people would still be able to run a full node and have an estimate on its storage in the future.
I agree with you on the 1GB part. But it isn't if the miner would agree with it but its with the fact that the propagation would be so slow, such that the chances of it being orphaned is incredibly high.

---

---

I feel that the main motivation behind this is that big blocks wouldn't be able to be handled by the internet for most of the nodes at that time.

Use Bitcoin Cash



Use Bitcoin Cash



Use Bitcoin Unlimited (and maybe you should troll more consistently, you were arguing for months about how 1MB would be the blocksize forever. Until it was replaced by the 4MB blockweight, and now you're not Mr. 1MB, you're Mr. Infinite. Riiiiiiiiight)

I said: bitcoin will not undergo a fork until it has lost its total market dominance, because bitcoin only has its brand name to go for.  Once the brand monopoly will be gone, they will finally maybe move their asses and do something that works.  Right now, bitcoin doesn't work well.  Pseudo-4MB or not.
Well, that's more or less what happened: bitcoin is now at 1/3 of the market cap, the forking fear is gone, bitcoin now has two viable clones in the top 20 and as far as I know, bitcoin is still at its 1 MB block limit after the segwitx2 failure, no ?  Given the competition of bitcoin cash, and the fact that bitcoin, finally, did fork, rendered the power monopoly of Core moot.  When it will have become a moot point, I guess suddenly for core, the holy 1 MB block limit will not be a problem any more, they will invent another narrative.... and it won't matter any more, because they overplayed their hand, split bitcoin over their pet story, and removed bitcoin as the market monopolist.  Which is a very good thing.  Brand monopoly is a bad thing, and competition improves everyone.

Nope. Since the Segwit's activation, its theoretical size would be about 2MB (if everyone uses Segwit). The size concept is now based on the transaction weight which doesn't require a hard fork. Isn't the prices affected mostly by the problem with the regulations?
I'm not particularly fond of hard forks for Bitcoin. It's a lot harder to do than a soft fork. Lightning network could help with the issue.

I would say that the fact that the prices of the other coins are so high could be because of Bitcoin's name. Afterall, they do contain "Bitcoin". Would be safe to say that their trading volume is due to miners and those coins being brought over with the fork.

Why did Satan never get the chance to walk the earth ? Perhaps the old man decided to spare one son. How should i know what Satoshi thought was right ?

For now you can call satoshi a corporation including Toshiba.

Segwit has advantages, but the trick of only counting half of the real data and claiming it makes a difference is very cheap.  A transaction, whether segwit or legacy, takes about the same amount of data, except that you don't count everything in the main block with Segwit. But for storage and transmission, that's the same burden.

In reality, Segwit didn't do zilch to the actual amount of bitcoin transactions per block:

https://blockchain.info/charts/n-transactions-per-block?daysAverageString=7

No big increase has been seen when segwit got activated end of August 2017.

People don't really use it, even given the high fees:

http://segwit.party/charts/

Segwit is good, but for a totally different reason: atomic swaps.  


I think that hard forks are good things :they are THE way to have decentralized "governance".  Instead of voting and killing of the "smart minority", it acts like biological evolution.  The mutant is maybe in minority, but it can fill its ecological niche, and maybe even exterminate the parent species if it is superior.  Most mutants die immediately.  But some survive, and some may even exterminate the parent.  Hard forks are nature's way to improve biology, and they are the free market equivalent as compared to state-planned economies based upon a parliament voting.

In any case, the whole block size debate was full of deception and disinformation, and the hard block limit in bitcoin was/is a bad thing for the strain of bitcoin that contains it.  Hence the good OP question.  Satoshi made a mistake, or wanted to put a bomb in bitcoin by doing so, or thought it would be no issue to change it.  There's absolutely no sense in hard-limiting block size without limiting the system's utility at the same time.  If bitcoin is at 1/3 market cap right now, it is because of this block limit (and the very bad way of handling it by Satoshi's heirs).

I would even say that a massive LN on top of a hard-limited block chain is suicide, because of the danger of massive settlement.  With flexible blocks, settlements will always be possible.  On a block-limited chain, settlements are also restricted, making the "settlement run" instead of a "bank run" a genuine possibility.  A well-targetted spamming campaign combined with a settlement panic could be fun to watch.

In summary, no argument holds for hard block limits, and the final argument "my goodness, it is a hard fork" is now done too, because, hey, hard forks happened already.

Well said but it can make processing the data a little bit faster if I fully understand what they are doing
but it makes the code more complicated to understand and it's been over engineered as it is at every
possible opportunity as it is from what I have seen

Distributed systems are not designed to work by filling up a node until the 200gb file grows to
a terabyte and the development team knew this for day one so it's problem-reaction-solution
and the solution is the lightning network, miners are begging for it because the hubs are banks
which will need hardware and BTC to fund the private ledgers which is just what the miners have
by some strange stroke of luck.

Number one rule is broken now because if the hub/bank goes down then you have a single point
of failure but lets be honest the development team pushed "On the block-chain" for eight years
and now we are being sold that "Of-Block" is the best thing since sliced bread and we also know that
since Segwit was turned on the fees have continued to climb

See https://bitcointalk.org/index.php?topic=2776719.new#new for the real deal when
it comes to Lightning Network because I am openly calling it a scam and no one has been able to
debunk me yet

still it doesn't make you an expert, au contraire, mon ami, it just lets you look a bit poor in predicting the future. Why do you insist on this so hardly? Are you a person who has the duty to protect others, or were you hit by the limitations of the current bitcoin network? Or even better,  were you forced to use this bitcoin system, which has at every end so many flaws?
Or are you just not competent enough, to bring the millions of bitcoin users to the shitcoin world, and gain your advantage?

Reading all the fud in this thread and the other posts in the forum here, it is more like you are licking wounds. SegWit is overly complex designed, LN a scam. And yes, you stated, that you have fully grasped the idea of this.  ;D
I see, big blocks and flex blocks are the only solution...

We have now several hardforks, people are free to use it. Why don't you do as well, and let "us" play with Bitcoin and Lightning?
There is the gigantic december proof, that the shitcoins don't have any value next to bitcoin. They entirly depend on the "root" - the single one and only root, which is bitcoin. If bitcoin rises, they rise, if bitcoin falls, they fall even deeper. And the most funny part is, not even "THE developpers" (as if this was a well defined group of individuals in a company) are guilty for this - or maybe yes, cause they didn't protect you (and your "us") from these shitcoins?

ridicoulous ...

ridicoulous and I don't even think you can get your head around whats being said here to follow the
conversation because you don't program computers or even know how Ripple, IOTA and Neo works
or you would not make such a statement.

To me, Segwit is another layer of cryptographic data abstraction.  In bitcoin's original block chain, you have essentially 3 levels of cryptographic data abstraction: the header list, the Merkle tree, and finally, the real stuff, the transaction.  Segwit adds another layer of abstraction: the node in the Merkle tree is an abstraction for whatever the transaction is, of which the details are now in the witness.

These different layers of abstraction allow for different levels of cryptographic verification of authenticity, and use different cryptographic mechanisms.  The top layer, the headers list, is a linked list of hashes, containing the proof of work (which is bitcoin's conventional signature of authenticity at the highest level).  The second layer, the block, has a Merkle tree, which is a linked binary tree of hashes, of which the head is in the block header.  You only need to descend into that tree if there is specific information you want to verify within a block: ideally, you'd only need the Merkle tree "path" down to the location where the node information resides.  With a legacy node, that node is the transaction information you're looking for.   As all this stuff are linked hashes, from the single node, through the Merkle tree, up to the block header, to the header chain, the authenticity of all these elements is secured, because they are linked together with hashes.  Within the node information itself, however, the authentication is done by digital signature.  All the signed information used to be in the node in the legacy protocol ; with segwit, this can refer also to "witness data", which is outside.  This is somewhat similar to locking up the hash of a big book in a bitcoin transaction: you can transmit the book data outside of the chain, and verify that it is the book that has the right hash that was in the chain.  So what Segwit essentially does, is to allow the node (the former transaction) to be itself an abstracted form of cryptographic data link to the rest of the system.

So in a way, bitcoin is built to be a growing "data base" of stuff of which each element can be verified to be indeed included, without, that's the whole point, having to download the entire database.  I can prove to you that a certain node Y is part of the block chain at block X, by providing you only with:

- the full header list
- the part of the Merkle tree of block X that goes to node Y
- the full data of node Y

You can verify all that, and you can verify that there's no way that I'm faking you if you can find out whether the current block header "on the net" is the block header at the end of what I gave you.  You don't need to download the full block chain for that.

This is exactly what a light wallet does, where the only nodes Y it is interested in, are the transactions to and from the addresses of the wallet.

With Segwit, there's now, "next to the block chain", also data that is related to node Y, which is called its witness.  With legacy transactions, the witness is empty, with segwit transactions, that witness contains the actual transaction data.

So now we have that in order to be sure that I have all I need to know concerning Y:

- the full header list
- the part of the Merkle tree of block X that goes to node Y
- the full data of node Y
- the witness of node Y

If there is a single, accepted, block chain out there, then these elements are all I need to be cryptographically certain that this information is authentic in that chain.  So as a user, I don't need anything else, apart from the "actual head of the chain that is accepted".  I don't need the full block chain.  I can do with the minimum, but I can use somewhat more if I like:
I could download the full block Merkle tree, instead of just the path to the node I'm interested in.
I could also download the full transaction data of the block containing my node data Y.
I could also download ALL blocks.
And I could, or not, download all the witness data.

But all this doesn't change a thing for me, namely, to know whether my data Y are authentically accepted in the sole agreed-upon block chain out there. This is why, for a normal user, there's no "data burden", and that's what Satoshi explained in his mail of November 2008.

So who could want to download all of the block chain information ?  (non-mining full node)
Who is, by doing so, exposed to the full burden of data ?

Well, there's of course more to bitcoin than just having a correct set of nodes: the essence of bitcoin is that these nodes correspond to "correct transactions".  In order to be able to verify whether a transaction is correct, one needs two things: one needs information about the previous transactions referred in the to-be-verified transaction ; but one also needs to verify that some information is NOT PRESENT in the WHOLE of previous data blocks, to avoid double spending.  So, in order to verify the correctness of a transaction, one needs the whole chain.

So if you want to be able to say whether a transaction IS ALLOWED TO BE included in a block or not, you do need the full chain (and with segwit, ALSO the witness data).  However, who is to decide ?  The answer to this question is: the mining nodes, and ONLY the mining nodes.  Indeed, bitcoin's solution to the Byzantine General's problem is based upon a vote by proof of work.  Nothing stops a mining node, technically, from including erroneous node data (or even erroneous Merkle trees, or erroneous headers).  But his block will be voted away by the other mining nodes, that will not build upon it.  As mining is economically costly (proof of work), for a mining node, there's no reason to make blocks his peer mining nodes will not vote for.  He will be wasting resources for nothing.  So the sole, consensual, block chain that is going to be built is a consensus of mining nodes.  As long as more than 50% or so of the hash power of mining nodes plays by the rules, the block chain will  be constructed by the rules.  But in order to do so, in order to be able to make correct blocks, mining nodes need the full data burden of the full block chain.  There's no way they could verify the correctness of a new block if they didn't have the full data set.  On the other hand, if ever mining nodes came to the agreement to include non-conform blocks, and continue building on it, as a user, there's nothing that you can do about it.  There is no alternative chain.  If node Y within block X contains a transaction that is not correct, but it is deeply buried inside the chain and the mining nodes continue to build upon that chain, there's nothing you, as a user, can do about it.  Even if you download all that data.  Even if you see that it is wrong.  Because there's no other chain out there.

If you have big stakes in bitcoin, however, it might be a good idea, to be aware of it, even if you cannot do anything about it.  So if you have big stakes in bitcoin, it might be a good idea to download all of the data, with all of the burden it represents, just to know whether the miners did include funny things or not.   But by far most users don't need the full data burden.  


The fundamental error is to think that every user needs the full data burden.  That's not feasible.  But not all users of Wikepedia download all of the Wikipedia data.  They only look at those pages they want to read.  As a normal bitcoin user, you don't need the full data burden.  You only need to do the cryptographic verification that the information you download, is corresponding to what's in the sole block chain out there.  

The big mistake in this whole debate is to confuse two aspects of bitcoin's cryptography:

1) verify that the transaction data you have, is the correct data that is in the consensual, single block chain out there

2) verify that the mining nodes that have the consensus power in bitcoin, followed the rules they are supposed to follow in building the sole consensual chain out there.

The normal user only needs to be concerned with 1).  Even if he found out in 2) that the sole chain out there is not built according to the rules he thought were in effect, there's nothing he can do about.

However, big players may want to look at 2).  Big exchanges for instance.   But it is sufficient that some look.  There will be a whistle-blower.  If you think it is fun, you can do it.  It comes with a data burden.

The "hard" consensus is the one of the mining nodes, with their vote by proof of work.  If mining nodes decided collectively to come to consensus A, then that's what's out there, and nothing else.  If mining nodes don't come to a consensus, we have a fork, but a fork without bidirectional incompatibility is very dangerous (can be overtaken).  So usually, a fork with the same protocol will not last, which means, that for the normal user, there is only one chain out there.

But there is also "soft power" in this game.  Suppose the mining pools come to the consensus that they increase the block reward.  They can, of course.  If they come to that consensus, and the sole block chain out there has now bigger block rewards, there's *technically* nothing a non-mining node can do about it, apart from seeing that that is what is happening.  So why don't mining nodes decide to do so ?  Of course, for them to do so, they would have to collude.  There's the "tragedy of the commons" effect (Nash equilibrium) that stops an individual mining node to take the initiative to give himself more rewards: his block would not find consensus by his peers.  But suppose that the Nash equilibrium of honest mining node breaks down and that all of them collude over larger mining rewards.  The chain out there now prints more bitcoin per block.  
As mining nodes are rewarded in coins, they are also sensitive to the market.  They can print themselves as many bitcoin as they want, if bitcoins aren't worth zilch in the market, they have been spending a lot of economic cost for nothing.  Printing more bitcoins is something the market would be highly negative about.  So if there is one set of entities that are kept by soft power, it are the mining nodes.  Even if they are not decentralized enough for the Nash equilibrium to be secure, they are simply kept by the "soft power" of the market. This is why the total centralization of mining nodes didn't bring a disaster: they need the market to like bitcoin. If they do crazy things, the market will blow their investment to oblivion.  Even if there was only one single mining node out there, it most probably would still play by the rules, because if it didn't, the market would crash and his entire investment would be dead.

So essentially, those suffering from the data burden, are the mining nodes themselves: they need it technically.  It is also very probable that those with big stakes in bitcoin, have an incentive to be "nice to the bitcoin users" and allow them to use their datacenter as a proxy for the block chain (to allow users to connect their light wallets).  

Normal users only need to verify the cryptographic soundness of that the data they have, is the real data of the real block chain, and a light wallet is enough for that.  They rarely *need* to verify the work of the mining node consensus.  They might be the whistleblower of a problem, but they cannot do anything about it.  As mining nodes are kept by the market sentiment to finance their huge economic spendings in proof of work, the very last ones to want to crash the market are the mining nodes.  So even if they are highly centralized, they most probably will continue to play by the rules.

So the "data problem" is not real.  And that's what Satoshi already explained in November 2008.  Satoshi made many mistakes, but on this one, he was right.

There is still one potential issue: who is going to provide normal users with enough network infrastructure so that they can download the data for their light wallet verification ?  The answer to this one is actually very simple: the bitcoin industry, of course !  The bitcoin industry are all those people making profit over the existence of bitcoin: the mining nodes in the first place, and also, the big exchanges, and if it ever happens, other entities in the ecosystem that have benefit from users using bitcoin.   These are the entities that have an incentive to put at the disposal of their bitcoin users/customers, a "full node data centre" that can connect to the light wallets.  Mining nodes may be incentivised to build a geographically distributed net of data centers "serving the block chain and capturing transactions".  These are the entities that are exposed to the "data burden", but for such entities, this databurden is ridiculously small as compared to the data burden of other data centres. Compared to say, TV over internet, bitcoin's data burden is ridiculously SMALL.

CBank has learned his lessons finally?

 ;D

Use Steem instead of bitcoin, they have a very progressive technology which makes transactions cheap and very fast.

I highly doubt this. If you read the original paper, Satoshi's plan was to create a system that would become universal and used by many. Why the block was so small I am not sure but the answers given by dinofelis on page one are the most plausible to me.

If we return back to 2009, 1MB block size was enough. (They were mining 50 BTC at once time).
Until mid-2017 there was no problem with the size of the block.
On Dec. 14, the number of unconfirmed transactions rose to 480,000 Hence the problem.
On the other hand, the size of 1 MB promotes decentralization.

---

---

I agree with you this 1 MB is a random number

My understanding was that having a blocksize limit was Hal Finney's idea and he talked Satoshi into it after quite a bit of discussion between Satoshi, Hal Finney, Ray Dillinger and possibly others as well.  Although I'm not entirely sure if setting that limit at 1MB was Hal's decision too, or if that was someone else's input.  But suffice to say it wasn't just Satoshi acting alone.  In the early days, it's likely quite a few conversations were had via email, so we don't have reliable records of exactly what happened.

go back to school kiddo!

the most ridiculous thread ever

 all the genius here make your own coin, do it , i want to see your retard faces in the team pictures

Yes. And it happened at a time, where there was absolutely 0 fees and only a few txs.
The idea was coming from excluding a sheer brute zero cost spam attack, bloating the blockchain for free and crashing / eliminating bitcoin before it could take off. Very reasonable for an open blockchain in a open hacker world that time, handwaving the no-brainer to lift it as 'needed'.

It doesn't matter what "Satoshi" intended. On-chain transactions are scarce because the Bitcoin blockchain is designed to be deterministic (this is self evident) and to be highly distributed (this is also self evident). Miners mint coins and process transactions, non-miner "full nodes" verify the integrity of the network (they are the only 'clients' that don't have to trust that the nodes they are talking to are behaving properly, using the desired protocol).

Increasing block size increases network bandwidth requirements (higher cost & quality required), compute/memory requirements and storage cost & complexity (UTXOs). Larger blocks increase the cost of running nodes. It is not known exactly how increasing block size affects the composition of the network, but the general argument that increasing block size reduces the number of possible participants in the network is obvious. Given that on-chain transactions carry a high cost (relative to suitable off-chain solutions), it is obvious that not all transactions warrant on-chain settlement. Therefore, an off-chain (L2) architecture and implementation are needed in order to 'complete' the Bitcoin architecture so that it can reasonably support real-time, lowest-cost payments. Bitcoin is still in 'beta', in with regard to low-value payments. Lightning is the spearhead for implementing a payments layer for bitcoin. You can check the status of Lightning on mainnet here: http://lnstat.ideoflux.com:3000/dashboard/db/lightning-network?refresh=5m&orgId=1

Enlarging blocks (pricing more participants out of the network) purely in the interest of lowering fees in the short term so we can lure more people onto a Beta network doesn't seem productive. It is better to start by (1) optimizing blocks so bits are used more effectively (SegWit), then (2) maturing a layer 2 implementation, then (3) reviewing block size increase requirements once the actual demand for on-chain transactions becomes clear (after all the low-value transactions have been moved off-chain and usage patterns with the L2 settle into patterns we can use for planning purposes).

i mean relatively, Satoshi probably didn't expect it to scale as fast and as large as Bitcoin has today

As I pointed out earlier, there is no reason why "the consensus of mining nodes" would build upon a crazy large block, which implies an implicit block size limit every mining node, individually, decides for himself.  We are forgetting here the consensus role and the voting power that mining nodes have: they DECIDE on which block to mine.  They DECIDE what the consensus will be.  As such, if there is block 50 005 which is still normal, and someone propagates a 5 GB block on top of 50 005 as candidate 50 006 block, it is upon the rest of the mining nodes to decide whether or not they will orphan this block, and make their own 50 006 block, or whether they will mine on top of that 5 GB block.  If a consensus of miners decides to mine on top of that 5 GB block, then it means that bitcoin's consensus is that such a block is "good".  If they decide to orphan it, then it means that even if that 5 GB block is "legal", miners don't like it (essentially because it is spam).  Moreover, those mining on smaller blocks have a network burden advantage.  By the time you've downloaded that 5 GB block, you've lost a lot of precious hashing time - unless the network is so swift that 5 GB blocks are not an issue.  

So you can think that every mining node has his own "limit of block size on top of which he will not mine", for reasons of principle, for reasons of network efficiency, and for reasons of cost.  Of course, if he sets that limit too low, he will never mine.  If he sets it higher than his peers, no problem.  There will hence be a kind of unspoken "market size" of blocks that miners in general accept.  That automatic self-control mechanism would in any case have prevented that the blockchain would be entirely stupidly be filled with GB of nonsense per day.

There was strictly no reason to put in a hard limit.  Most probably, Satoshi thought that it would be a formalization of this "unspoken limit" on which miners would decide.  Maybe Satoshi only saw this as a "mining strategy" as he was also writing the sole mining software out there.

The real long term problem bitcoin was facing is that no block limit would lead to very low fees.  Very low fees would start to be a problem when bitcoin's issuance would start to dwindle, and wouldn't pay enough for the mining security. The finite amount of bitcoin issuance, which is its main publicity and selling point, is in fact a huge monetary design mistake which makes bitcoin unsuited as a currency ; but on top of that, it forces a delicate fee market that has the potential to kill the usability of the system as a whole.

But the finite block size never played a useful role, and its use as a "spam protection" is obviously wrong.  It has only negative effects.

This is absolutely not self evident.  It is a narrative that is repeated over and over, but it is entirely wrong, as I explained already many, many times.  

The number of different, identical copies of a cryptographically signed document that are stored world-wide, from the moment there are several (say, a few 10 or so) doesn't increase its cryptographic certainty.  

Suppose that 10 people are each in possession of a cryptographic secret key of which we all know the public key, and suppose that these 10 people sign documents.  We can all verify the signatures of these documents.  How many independent copies do there have to be in the world on public repositories, in order for you to feel secure that you are able to access some of them when you want and are able to verify their authenticity ?   Do we need thousands of repositories ?  Is it useful that Joe and Jack put up a server in their basement with those documents ?  Or can we live with a few tens of independent servers (for instance, of these people themselves) ?

It is clear that the cryptographic verification of these documents is independent of the number of independent servers there are in the world.  If my neighbour Joe cannot afford to set up a home server of these documents, that's not going to stop me from being able to verify their authenticity if I download them from one or other big data center, right ?

Now, we have essentially 10 big mining pools that are the sole authors of the bitcoin block chain.  How many copies of that chain do we need to serve, all over the world, in order for me to be able to verify the authenticity (that a piece of it I download, is of the real block chain out there made by these 10 mining pools) ?  I would think that a few tens of copies that are publicly available are good enough.  That my neighbour cannot have a server in his basement, is, just like before, no problem.

I can easily check, from the moment that I have access to any public repository of the entire block chain, that the small piece I need, is authentic, that is, belongs to the sole and unique chain that is out there, made by these 10 mining pools, like I could verify that the document I downloaded was cryptographically signed by one of the 10 authors of these documents.

And when there needs to be a few tens, or a few hundreds, of public repositories of blockchain in the world, then there is no "data burden".  Your average datacentre handles WAY WAY more data than the bitcoin block chain, even in your wildest dreams.  Compared to an IPTV data center with VOD, the bitcoin block chain, even with VISA-like transaction rates, is extremely small.  That's what Satoshi already told us in November 2008.  It was obviously right.

And nothing is gained by having thousands and thousands of identical copies ; if, in order to have those thousands and thousands of identical copies everywhere, we cripple the system, we're totally out of our minds.  That is similar to not wanting to broadcast TV shows over the internet at more than a 250x125 pixel resolution, because if every poor dude in the world has to keep all the TV shows on his basement server, we have to limit internet TV.  

I will ask something else if you want to put that in doubt: how many independent repositories are there, publicly available, of the bitcoin core software ?  There is essentially only one, as far as I know, that is on github.  I don't know of other servers of the git repository that are public.  At best there are the Torrent seeders, but that is not a genuine git repository.  How many are there ?  So if only a few software repositories are available, why should there be thousands of block chain repositories ?
The single github repository is enough, as long as it is working, because we have the cryptographic signatures of the few authors (think of my 10 people on the top of this post).  If github breaks down, I'm sure that each of these authors can set up another repository somewhere else, and by verifying their signatures, we know it is authentic.   Replace "github bitcoin repository" by "block chain repository", and replace "signing author of Core" by "mining pool", and "signature" by "proof of work", and you see the analogy.

I vaguely, sort of, kinda see your point, but the simple fact remains that thousands of copies is more resistant to regulatory shutdown than 10.  Thousands of copies is more resistant to bribery and corruption than 10.  Thousands of copies is more resistant to any other kind of collusion, manipulation or attack than 10.  Strength in numbers and such.  The more distributed it is, the stronger it is.  We'd be totally out of our minds if we trusted such a small number of people to remain honest when the incentives to be dishonest become inexorably more profitable over time.

The point is that you cannot lie.  You cannot present a FAKE block chain.  The only thing needed for that, is checking the chain of block headers.  There's no way you can invent a fake chain of block headers.  Of course, every participant (as Satoshi said) should download the full chain of block headers.  That chain is, well, a chain, and it contains the proof of work. It is very small.  You can also find the most up-to-date block header the mining pools are working on, so you can verify that this is the genuine chain they are working on.

That is not a lot of data, and independent of the block size.  

Once you have the header chain, and hence, the proof of work, you can verify the authenticity of every single transaction if one gives you:

1) the transaction
2) in what block it is
3) the path of the Merkle tree in that block to that transaction

That is what a light wallet does.  If you want to know whether someone paid you (which is the ONLY thing you want to know: do you possess a coin ? and did your transaction to someone else is part of the chain ?), you only need the proof that the transaction to your address is incorporated in the chain.  You don't care about all the rest.  You want the cryptographic proof that the few transactions that you are concerned with, are in the sole chain out there.  That's all.


That's another matter.  If you want to *find out* whether the mining pools are following the rules, you need indeed, to check everything.  But the only thing you can do is to find that out.  You can't do anything about it: they came to consensus, they decided what the block chain is.

I'm repeating what I wrote in an earlier post: https://bitcointalk.org/index.php?topic=2786690.msg28591086#msg28591086
somewhat higher up in this thread.

TL;DR: the miner pools are kept in check, not because thousands of Joe's verify independently in their basement their "signature", but rather by the market, and by one another.  The miners invested a lot in their mining equipment, and are rewarded in coins, from which they have to get economic value in the market to pay their bills with.   They want to play by the rules, because the market would crash if they didn't.  Even if there was only one single miner out there, making the block chain all by himself.  He would still apply the rules.  Or his coins wouldn't be worth zilch.

Of course, some people have to check.  There needs to be a whistleblower to find out that the entire miner consensus decided to fail on the rules.  But only one whistleblower is enough.  

Not every Joe is reading the Core code in his bed, to verify independently whether the Core code implements what is said about Bitcoin's rules.  In the same way, not every Joe needs to check the validity of the mining consensus (.... with the Core code he didn't read, and got from a single repository !).

The contrast is here in the high amount of centralization of the code, and the relatively high amount of centralization of the proof of work (mining pools), which are the TRUE power elements in bitcoin's system; but one insists on the "decentralization of holding a copy of the sole document" in such a way that it becomes a technical burden.   This is a contradiction.  There's no more reason to have thousands of copies of the block chain, but only a few repositories of the code ; there's no reason to require thousands of independent verifications of the block chain by that code, but not thousands of people verifying the code itself.  All this is hugely contradictory in its requirements.
If you can trust a single, centralized code depository (github) and the few signatures of the contributors ; if you know that the entire block chain is produced by just 10 mining pools with such an amount of proof of work that nobody can do anything else, but then you introduce technical limitations because of the "need" to keep thousands of copies in all basements, that doesn't make much sense to me.

I agree it's a bizarre contradiction, but I'd make the opposite argument (even though it seems to be heresy around these parts), that there should be more than one dev team and repository precisely because decentralisation is more resilient to attack.  Many seem to take the stance that other dev teams are the attack, but I suppose that's what indoctrination does to the narrow minded.  Plus I'm still all for small adjustments to the blockweight (https://bitcointalk.org/index.php?topic=1911288.0).

Also, you appear to have glossed over the part about regulatory shutdown.  The fewer nodes Bitcoin has, the easier it would be for governments hostile to Bitcoin to either coordinate law-enforcement raids, or simply arrange shutting off the power, or otherwise targetting the remaining few mega-nodes to get rid of them.  If everything was done in 10 big datacenters, I'd bet there are a few governments out there who would happily justify the cost of trading 10 ballistic missiles for seeing the end of the greatest tool of monetary freedom available in the world today.  It's simply not worth risking.

You're perfectly right.  The "code" situation is far, far more centralized than the "mining" situation, and, as with the "mining" situation, that is NOT the fault of the central power in code.  The few people that have pushing rights on the Core repository are the oligarchy of bitcoin's code power structure, even though nothing stops others from forking the code, or from developing independent code that implements the protocol too.  You can say that bitcoin's code WAS forked a lot, within bitcoin's community, and in order to make alt chains.  In a certain way, this is probably where we have to look for real decentralisation: alt coins.  
Anyways, whatever the causes, the code situation is highly centralized, and that's what the community, or the game theory if you want, has brought us.  It is not the fault of the Core people, but it is the actual situation.  


I didn't miss this, but I think it is somewhat delusional.  Right at this moment, there ARE 10 "data centres" that are making the block chain: the 10 most important mining pools.  Now, if I talk about data centre, they can be geographically distributed: they can have many "nodes" all over the world, but they are under the single control of a single mining pool.  So, "hitting them with a strategic thermonuclear weapon" is going to be difficult.  However, bitcoin has now literally industrial proportions.  I don't know how accurate the estimations are, but bitcoin is said to consume about as much electricity as Denmark.  If there was a concerted effort to pull the plug, literally, of bitcoin's mining industry by all governments, in any case you wouldn't be able to do anything with your full copy of the blockchain.  You can easily spot bitcoin mining activity: look at a correlation of electricity consumption and infrared heat pictures !  You can't hide Denmark's electricity consumption !  

I would think that if "war with world governments" rises to the point that the *DATA* is not safe on a few 10 of data centers, then, first, the liberties of people in this world are very, very much eroded to the point of not even be allowed to have data on a data center ; second, how do you think the market would react if governments start bombing bitcoin infrastructure ?  Who is going to "store his wealth" in a thing governments bomb ?  Before governments bomb blockchains, they will have shut down all forms of *commercial activity* of course, and the market will crash to 2010 levels.  And before they bomb blockchains, they will of course first bomb the code repository with a cease-and-desist order to github, imprison all the core code writers, and will pull the plug of all mining equipment.  

So, again, even in this somewhat delusionary scenario of an all-out war against bitcoin on this planet by a concerted effort of governments, there are easier points of failure to attack before one will bomb the blockchain file repositories.  If putting the blockchain at disposal becomes illegal and opened to being bombed everywhere in the world, we have a bigger problem than bitcoin, and in any case, bitcoin's commercial value would be dead. "store of value" in something all governments bomb is not going to be very attractive.

Moreover, bitcoin is now 1/3 of crypto.  Governments could bomb blockchain centres, but then they would only promote another crypto.

This is why I think that the true decentralisation comes from the alt coin crypto market, which is in fact, breaking just as well the code monopoly, as the mining monopoly, as the block chain monopoly, but not as we expected.  "life finds its way".

So, again, if, for a defence against the IMO illusionary case of a massive world-wide government crackdown on *blockchain repositories*, we cripple the technical capacities of the system, that's madness.

answer is simple. unnecessary block size is unnecessary :)

As a protocol / consensus relevant param :  YESS!!!

Maybe we could try this

public static money MaxFees=1.50 // 20,000 miners is 19,000 too many

Far to many miners doing CPU-Wars with each other and if we had 1000 then $1.50 would be enough to keep
Bitcoin running and this proposal has the "consensus" of the community using Bitcoin but not the ears of the developers
because the miners and bankers have them.

We could even get complicated as a short term fix and add

if (Mempool>10000 && Amount<$10) Return Error.AmountToLow

Seven transactions a second and 20,000 full nodes ! We are being take for twats


 

Simple answer:

Satoshi never knew crypto will be this important.

Proof that NSA or CIA never created Bitcoin. They probabaly created Paypal or want Palpal like digital currencies?

Last time i checked there were a few 2mb blocks got mined.

Where the fuck that 1mb is coming from?

If you want to pay less fees, use segwit. It has big blocks.

It's several times I read the same answer on this topic, why would Satoshi Nakamoto create something that is not meant to be used worldwide by the mass? It's not like in today's economy Bitcoin has a big place anyway. Please read the original paper of Satoshi posted on page one.

Yep, there's one (https://blockchain.info/block-height/505593).  2070.925 KB.  I don't think anyone's claiming that we still have a 1MB cap (or at least I hope not, because I'll be questioning their reading comprehension).  This thread is asking why the old 1MB cap was implemented to begin with, but now that's been answered, we seem to be drifting off course slightly.  

So yeah, to sum up, it was Hal Finney's idea, but you can't ask him what the long-term plan was since he sadly passed away.  Satoshi was obviously part of the decision making process, but good luck figuring out who, exactly, to ask there.  Ray Dillinger is still around and you can read some of their thoughts about the early days and where things subsequently ended up here (https://www.linkedin.com/pulse/id-known-what-we-were-starting-ray-dillinger).  But we're now past all that and moving forward.  Not necessarily all in the same direction, so we'll see which chain gets it right in the long run, but moving forward.

I have some reasons why i think he didn't.

One of them is the use of ASICs for mining.  I bet he didn't anticipate that too.

Segwit not save money unless all outputs are Segwit

Why should people pay $30 to convert to new address in extortion fees to miners
because development team broke existing client code and few exchanges use Segwit ?

You must be using it so even if you know someone that can receive these payments
then was the saving 50% or more like 20% like I am hearing ?

Since Swegwit came out in August 2017 fees continue to go up and that mempool
using queuing theory is always just out of reach so why do you think that is ?

Satoshi wanted bigger blocks eventually, as big as needed actually, and he didn't want most people running nodes but SPV wallets:


So in a way, BCash would be closer to what he was trying to accomplish, which would make the conspiracy of trying to get full nodes away from users and into the hands of governments/corporations and therefore Satoshi being part of this program more feasible.

But he also predicted how people would be against it:


So... we will never understand what his true intentions were. As far as I know, what we know is having full nodes in the hands of a few corporations only would centralize the system at layer 0 (BCash). If LN centralizes or not, it's yet to be seen. I trust no one.

I think it is just his choice or just first version of realization of blockchain technology, another blockchain has other sizes.

dinofelis continues to understimate the risk of having "10 datacenters running full validating nodes". It's easy to sit there and say everything would be fine, but that's in theory. Do you really want to risk it to find out what would happen if only 10 places in the world were validating for you what is and isn't a correct bitcoin transaction? Im not willing to find out. The higher number of nodes coming from different parties the more robust the network is against global attackers, this is rather obvious. If you aren't validating your own transactions, you are someone else's cuck.

Best answer ever!XD

Maybe he knew altcoins would follow Bitcoin and didn't want to give Bitcoin a bigger edge.

How did you come up with that number? Are you dumb enough to pay $30 while everybody else paying $5? (current fee for a max. 1 hour tx is 100sat/b)

If yes (it seems like a yes), then you are not clever enough for this shit. Stay with credit cards.

The dispersed network theory where even if everyone kept open two channels instead of just one because these things
are expensive in miner fees has been blown out the water and it would be like trying to use the Tor network with 300 relay nodes
and that's if you could workout the routing.

I contend that having banking hubs is centralization and was a bank to go down then people would broadcast a message
on the Bitcoin network en-mass and the BTC block-chain at just 7 transactions per second could not cope with demand and unless all
the LN internal channels are able to close down gracefully then chaos would ensue.

In the lighting Network white paper they even talk about "Spending accounts" and "Saving Accounts" to be used for security
and reading whats shown below I can even image insurance brokers being built into the network to reduce risk


Yes sure, here you go miners have another $30 on me and just where is that button in my
wallet to contest transaction since it is built into the protocol or will the banking nodes all
be running much more sophisticated software which put paid to the saying "Anyone can be a bank"


 

I like a man with attitude so wait a few seconds and I will check the charts and be right back to you

Nope it's $15 according to this https://bitinfocharts.com/comparison/bitcoin-transactionfees.html
and was about $30 a week ago when I last looked but I will reduce it to $25 to take in to account
the $55 it was at. Ripple fees are so low that they don't show up on most charts so if $5.00 makes you feel smart then jobs
a good one.

Nope.  Read his e-mail of November 2008:

http://satoshi.nakamotoinstitute.org/emails/cryptography/2/

He understood perfectly how it would go.

The only thing he missed, was the collaboration of mining into pools.  He didn't realize that people could pool together, and sell part of their hashing effort into a fraction of a block reward, so in his opinion, there would have been more individual miner nodes.

That said, mining itself is automatically limited to a finite number of sensible participants.  It wouldn't make sense to be 1 million independent mining nodes (the only nodes Satoshi considered, were mining nodes: he never considered non-mining full nodes as meaningful - and he was right).   The reason that it doesn't make much sense to have 1 million mining nodes, is the fact that there are only 52 600 blocks mined per year.  

Even if there were 1 million mining nodes with all having exactly the same hash rate, that would mean that *on average* a mining node would win ONE SINGLE BLOCK every 20 years.  But given statistical fluctuations, you might as well mine for 50 years and never have a block.  Or you might mine for 3 years and be lucky and find a block.

Given that all capital has a power law distribution, and never a uniform distribution, even if you would only have 5000 mining nodes, where, with a uniform distribution, each node would, on average, mine 10 blocks per year, the power law distribution would give most blocks to the 1000 upper class miners, and almost never a block to each of the 4000 others.  

So it would, in any case, in Satoshi's mind, not have been meaningful, statistically, to have many thousands of nodes.

The strategy of pooling together has of course strongly amplified this effect, and he wasn't aware of that.  In a certain way, mining pools add a small sniff of decentralization to the, in any case, obvious centralization that the economies of scale would induce in the competition for mining.  If mining pools weren't possible, we would quite possibly simply have 5 or 10 mining nodes, period.  Who can, effectively, still compete in *solo mining* as Satoshi saw it ?  The industrial proportions of mining make solo mining only available to a big company.  You'd have Intel vs Motorola vs Nvidia vs AMD or something.  Now, with mining pools, even with a modest mining investment, you can still contribute.  However, the "voting power" of a mining-subcontractor is very small: he can just go to another mining pool.  But it is better than nothing.

Here is your chance, use segwit and fees instantly reduced to $1-2

Well that would cost me $15 to convert, won't work with my Jaxx or Exodus wallet that I like or
shapeshift or most of the exchanges and why should I pay for the because the developers decides
to break backwards compatibility without asking us first

Man why you defending the bankers and the $1-2 is bull even if sending to Segwit address 
not that I know any

You are clearly sent here to do some concern trolling. Nobody is paying $15. Pay your $5 and get on with it. If you don't like it go use whatever the fuck you want.

I gave you the link, it says $15 so get your nose out of the miners bum because it's gone brown

Lets see a link that has them at $5

45 sat/b
https://blockchain.info/tx/8c189782b4eeb4074674b1c009b12edfde8ef4264733485c7627cfc8b75106f4

Explain this 1$ transaction.

http://satoshi.nakamotoinstitute.org/emails/cryptography/2/p
What mail was he responding to here?  http://satoshi.nakamotoinstitute.org/emails/cryptography/2/
 
Can I get a link.

You only get Satoshi's replies, not the emails that were sent to him/them/whatever.  Keep in mind these are emails, which aren't usually publicly accessible at all.  The email Satoshi replied to on that link is quoted in the body, though.  You have to pay attention to the > and >> marks to see who said what.  You might find more details on the early cryptography mailing lists, but that's down to you and your "googe-fu".

This is the first time this year I see an interesting thread/post, thanks for that.
1MB can be considered for preventing spam. Maybe he didn't think if bitcoin could become so popular and also there aren't some things considered like what will happen after mining of last block.
Also if you say that it's because of miners to get much profit, then we can proudly say that satoshi's idea was being a miner and he may be owner of one of the biggest mining companies and that may be the reason of his quiet.
And if his aim was much profit by mining, then why did he decided to give a try to reward halving? Maybe for price rising and he decided to cover that loss by filling it with high tx fees. I have no other idea...

Mining using CPU-Wars was and is a total joke and others have proved it and transactions on other coins like ETH don't cost
a tenth of what we are forced to pay today and competition is good but not good by the time you have 20,000 and if you plot the
fees against the mempool then before now when it was at 130,000 we have paid fees of $40 and now we are down to about $15

Clearly something does not add up and something is very wrong if more than 1,000 miners are needed for Bitcoin when it's not
even hosting "Smart Contracts" for other coins and they also say "Lightning Network" bring smart contracts to Bitcoin so where
do I publish my scripts to then if this is indeed the case

No amount of miners are needed for Bitcoin. Difficulty scales with the hashrate. The amount of miners is a result of people thinking Bitcoin has value.

45 sat/b
https://blockchain.info/tx/8c189782b4eeb4074674b1c009b12edfde8ef4264733485c7627cfc8b75106f4

Explain this 1$ transaction.

The "amount of miners" are simply the number of decentralized participants in the consensus decision.  Today, that number is something like 3 or 4.  There are 3 or 4 deciders on the consensus decision: the 3 or 4 mining pools that have majority hash power under their decision.  About 10 deciders, even though they cannot go against the tacit agreement of the 3 or 4 majority deciders, make up the essence of bitcoin's consensus deciding power.

To illustrate what this means: suppose that you are the owner of coins in an address that the 3 or 4 mining deciders are angry about.  If these 3 or 4 deciders really don't want you to transact, they can refuse your transaction (no matter what fee you pay).  If these 3 or 4 deciders also decide that they won't mine on top of another block that contains your transaction, mined by a smaller pool, then they will orphan these blocks.  By the time that the other significant mining pools, not understanding why their earlier block is orphaned, get the message, they will also avoid putting your transaction in their block (even if they don't have anything against you), in order for them not to waste their blocks: they can't win against the majority hash rate that will always orphan their blocks faster than they can construct on it.

The actual miners selling their hash rate will never know.  The block chain that is built is perfectly OK.  Your transaction remains in the pool.  No miner decides to include it, because 3 or 4 entities decided that your coins were excluded from the system.  Their consensus decision is in agreement with bitcoin's protocol.  No "full node in Joe's basement" will alert Joe that something is fishy.

The power of consensus is in the hands of 3 or 4 entities.

Let us see what this means.  Suppose 3 or 4 entities collude and are pissed against a single exchange.  They know that exchange's hot and cold wallets.  They decide that no transaction from one of these wallets is going to make it in the block chain.  If they are serious about it, they will never include one of these transactions, and will orphan every block that does.   People will realize that they cannot withdraw from that exchange.  They will think there's something quite fishy with that exchange.  The transactions will never be confirmed.  They will see the transactions in the mem pool, and never in the chain. 

You can think whatever you want about the lightning network, what is clear is that "nodes-as-big-as-needed" (in other words, BCH's approach, as admitted by Roger Ver) is not a real long term solution, and it will end badly, and it will end badly at layer 0.

Whoever is drinking the koolaid that the system would remain as decentralized with a handful of nodes can't be giving lectures on the supposed centralization of the lightning network.

Right, so when Bitcoin advocates say things like:


You're saying that's actually false because these "3 or 4 entities" can block whatever they want and the rest of the network is powerless to prevent it?  In my view, the miners would only get away with that if the rest of the network agrees with that action.  If the majority of non-mining nodes disagree - and there's an incredibly strong likelihood they would disagree, because blocking transactions is categorically not part of Bitcoin's ethos or underlying principles - you can expect that a change of algorithm would be promptly forthcoming and there would be many expensive bricks that used to do something profitable left to rot on a shelf somewhere.  Not to mention that the users of that exchange would be innocent bystanders and wouldn't deserve to have their withdrawals blocked like that.  There would be uproar if miners pulled a stunt like that.  So no, "3 or 4 entities" do not have "consensus deciding power".  Miners might decide what transactions go in their blocks, but users decide which blockchain they freely choose to follow.  If the users aren't accepting those blocks, no one cares who they did or didn't include.

Whoever says miners have all the power is wrong; whoever says users have all the power is wrong; whoever says developers have all the power is wrong.  It should be more than self-evident by now that's not how this shit works.  It all exists in equilibrium.  No one group can act unilaterally if the others don't agree, unless one of them is prepared to fork off or be forked off.

I love how people think they are smarter then Satoshi

Point is, bitcoin isn't decentralized.  It is centralized in the code, it is centralized in the mining, if we understand by centralized: a small oligarchy has most of the decision power.  As I pointed out several times in this thread, one should have several copies of the unique block chain out there.  However, there is no need to have thousands of them.  If there are sufficient copies around so that there's always one that is accessible, that's good enough for the cryptographic verification of *authenticity*.   The data burden is large in the hypothesis that every user needs a full copy, but the data burden is in fact very small as compared to other public data repositories.   The availability of thousands of identical copies only plays a very minor role in the so-called decentralization of bitcoin, because the actual decision power is in the hands of a small oligarchy of coders on a single repository (Github), and the few deciders who run the most important mining pools (less than you have fingers).  The true "verification" of the whole system needs to be done by those who want to convince themselves, but here, we have a contradiction.  What value has the fact that a piece of software that you didn't even READ tells you that some unique data set of which you can verify the cryptographic authenticity (that is, this is not a fake copy of the "original", it is the sole original), has not been constructed "correctly" according to rules in a piece of software you didn't check yourself ?  Software you got from a much more centralized entity than the system you're trying to verify ?

Needing thousands of identical verifications by a piece of centralized software, of a big piece of data of which, in any case, there's no other version around, is not what I'd call "decentralisation".  It is waste of resources.  Now, as long as one can afford waste of resources, why not ?  It doesn't hurt.  But if this waste of resources is taken as an argument to tell us that the system cannot scale, that's ridiculous.

In fact, bitcoin is not truly decentralized, but that's not needed.  From the moment that bitcoin is working correctly, that's good enough.  Decentralization is a method, not a goal.  Given that bitcoin is now a speculative asset that is in any case highly sensitive to belief, it has in any case lost the robustness for which true, weaponized decentralization would make a difference.  From the moment that bitcoin would be so much under attack (by governments for instance) that it would NEED true decentralization, in any case its market value would plummet so hard that it would break down as a store of value.  Most of its market value now comes from trading it on centralized exchanges.  The very rumour of a government cracking down on centralized exchanges somewhere, makes its value plummet.  

So, in reality, if a few mining pools keep one another in check, and if there are a few tens of independent repositories around the world, and if a few people read the code on the centralized monopoly of its code, and if some geeks check the validity of the block chain, that's good enough for bitcoin to work correctly.   And that's all its users actually need: that it works correctly.  It can be nice to have the illusion that you have an unbreakable ledger, with a totally decentralized piece of software, so that even if the First Order cracks down on bitcoin, there will be the Resistance that has still a few copies of the block chain left, with a piece of authentic code.  But by that time, a bitcoin trades for half a hamburger of yesterday.    All this are nice illusions.  They are not true.  But even if they are not true, bitcoin works.  There are no double spendings.  You can do transactions.  That's good enough.  

Another point is that bitcoin has been compared, already by Satoshi, to VISA.  However, bitcoin is not a currency, and never will be.  Its monetary theory behind it makes it fail as a currency.  Bitcoin is a highly speculative asset.  Of course, it has some liquidity which permits you to transact ; but its volatility (which is part of its design) makes that it is not suited as a currency.   So, no, bitcoin will not need VISA-like transaction volumes.  Because almost nobody will use it as a day-to-day currency, like we use VISA.  Simply because it is so volatile.  Bitcoin is a financial asset with high volatility.   Like risky financial products (say, Apple options).    There's no need to go to very high volumes.

All this makes that we are putting technical limits to achieve fake goals.  We don't need every Joe to have his copy of the block chain.  A few tens of copies that are publicly available is good enough - in any case, the true power structure of bitcoin is already so much centralized, that this essentially useless form of "decentralization" doesn't add much.  And we don't need to aim for true currency applications, because in any case the asset is ill-designed to become a true currency: its domain of application is in the speculative finance sector.

Yes, by design.  They can.  They won't mostly.


Ha. Another algorithm.  If core writes it quickly.  Core, the other oligarchy.  And if exchanges list that new version as "bitcoin" and unlists the original.  The third oligarchy.  If core doesn't move its ass, and if exchanges continue to list the original coin with the original algorithm, as the thing they call "bitcoin", you can always dream of a change.  What are you, "decentralized user with your node that is happy", going to do ?    After all, miners are free to build the blocks they want.  They are free to build upon the blocks they want.  That's the consensus mechanism in bitcoin.  They even played by bitcoin's rules.  Your expensive non-mining node wouldn't see anything fishy. It simply turns out that the 4 most important mining pools decide not to include transactions from user X or exchange X, and decide not to mine on blocks that do so.  That's the consensus by proof of work.  Changing algorithm is not evident, because suddenly, there wouldn't be an army of miners, ready to provide enough PoW with the new algorithm.  From one day to another, there wouldn't be enough different hardware available.  What algorithm ?  Etherhash ?  Scrypt ?  Cryptonight ? ...  How to sell this in the bitcoin narrative ?  What if different forks appear ?

The *real* reason why this won't happen, is simply the market.  This is why strong decentralisation is not very important.   Most of these oligarchs are in bitcoin and need the market to appreciate it.  So they most probably wouldn't do something that breaks the market entirely.  Although, with the recent possibility to short bitcoin naked with futures in cash, things may be less evident.


In an industrial proof of work system, that blockchain needs to be made first, before you can decide to follow it.  For that, you need someone to code it (if it isn't Core, it most probably will not be called "bitcoin") ; if it remains a PoW coin, you still need an industrial amount of mining hardware to mine it ; and you need exchanges to list it.  

My point is that if these power structures, which are oligarchies simply because there are only a few deciders in each of them, keep one another in check, that's good enough, and that's what will keep bitcoin running.  But it has not much to do with decentralization.  And if these entities collude over certain aspects, they will dictate their will.  But in the end, they are kept in check by the market, as long as they are looking for gains.


Absolutely.  But this is why this talk about decentralisation is bogus.  You have a few oligarchies that keep one another in check.  Like everywhere else.  You have the miners (the industry).  They are essentially 3 or 4 to decide.   You have Core.  They are a handful to decide.  You have the important exchanges.  They are a few tens to decide.  And then you have all the users that gamble on its tokens.  They are the market that finance the whole circus.  And that's the power structure of bitcoin.  Like most other financial ecosystems.  Not much "decentralized".  Samsung is also depending on its customers.  Apple also.  Bitcoin's industry also.  That's what keeps this up and running.  Not "decentralization".  Because it isn't.

So, like Apple could prevent you from having an iphone, but won't, the mining pools could prevent you from transacting, but won't.  Most of the time.  Unless they have a good reason to.  There's not much of a difference.

If Facebook pisses off most of its users because it behaves "unethically" towards some of them, or if the mining oligarchy pisses off most bitcoin users because they behave "unethically" towards some of them, that will have grave consequences in the market for both of them, and that's why Facebook is nice to its users, and the miner oligarchy is nice to bitcoin users.  In general.  That's why it works.  Not because of the myth of decentralization.  Even though it makes for a good story to tell at the camp fire.

I think many would argue that 3 or 4 entities making all the decisions was definitely not part of the design.  You seem to be advocating that it would be better if miners were in full control of consensus, but clearly most people aren't going to buy into that vision.  Any suggestion that implies a central controlling oligarchy is preferable will be met with resistance.  Which is precisely why the overwhelming consensus shows that maintaining a large number of non-mining full nodes is still the plan going forward.  

I'd concede that having thousands of non-mining nodes clearly wasn't part the original design either.  But there was no way to foresee the advent of ASICs and the way mining in general became as centralised as it did, at the rapid pace as it did.  So the compromise is the thousands of volunteers validating what has been put into the blocks by the centralised miners.  You might claim they aren't needed to keep the miners honest, but that's not something that can be proven empirically unless everyone is prepared to take a risk and start trusting our new supposed overlords, which, again, runs wholly contrary to the ethos and underlying principles of Bitcoin.  Ain't happening.



Yeah, I'm not saying it's like you get a popup alert or anything, but people do have eyes.  When lots of people notice their withdrawals haven't confirmed and it becomes one of those big issues where everyone piles in with an opinion, as customarily happens on the internet, someone's going to notice and figure it out.  The more people who can instantly check and see that the transactions weren't included, the faster the community can react.  Hence why more nodes are better than fewer.



I'm not suggesting it would be clean, but it's an option.  A somewhat nuclear option, granted.  But even if there was a period where the network had to suffer with a lack of hashrate, that's what difficulty adjustments are for.  And the more nodes who have a full copy of the blockchain, the stronger that nuclear option looks.  Hence why more nodes are better than fewer.



Yes, but the general idea is you don't want to make it easier for entities to collude and that's what people argue will happen with fewer nodes.  The greatest level of transparency, neutrality, trustlessness and permissionlessness is achieved through the blockchain being shared and updated in real time between as many users on the network as possible.  Hence why more nodes are better than fewer.



And the reason most users are prepared to gamble on its tokens is because it is decentralised.  If you take that away and 3 or 4 entities can make unilateral decisions without consequence, the vast majority of participants lose faith and the entire experiment fails.  I'm not prepared to gamble on Ripple's or Stellar's tokens because I don't think they're decentralised enough, although I do have to say even they sound more decentralised than your vision for Bitcoin.  So the "market" you keep talking about wouldn't be as strong as it is if we didn't believe the mere presence of this ever watchful eye of the thousands of nodes was keeping miners in check.  Hence (you guessed it) why more nodes are better than fewer.

I agree that is was not part of the *indicated purpose* of the design, but it *was part* of the design, as we see it experimentally confirmed, and game-theoretically explained.  PoW always will evolve into an oligarchy, like any market does, but in this particular case, with no "product differentiation" and open, anonymous competition, it is evident that this would happen.  I'm not expressing any advocacy.  I'm just telling you what was the logical consequence of the actual design, confirmed in reality by the experiment. I think that Satoshi had more in mind "a few hundred" rather than "four".  That's the only difference between his vision and the outcome of the experiment. But obviously, he clearly stated that it wouldn't be decentralized in the way you think it is: that is, over a large portion of its participants.  Was Satoshi lying, was he simply wrong, or didn't it matter in his mind, we don't know of course.  But that's the design that he proposed, and that's what came out of it, with the caveat of less deciders than anticipated, because of the unanticipated formation of pools.



As I indicated many times, this is a joke, because non-mining nodes have no power.  Decentralization is about power, not about technical distribution over a geographical area.  And Satoshi explained from the start why non-mining nodes *shouldn't* have any power: because they are easily sybilled.  And that part of his design works well.  If it were possible for non-mining nodes to weight upon any decision, for no cost (as compared to mining costs), tomorrow, you swamp the network with hundreds of thousands of non-mining nodes and impose whatever you impose.  So it is fairly obvious that non-mining nodes have no power, bitcoin was designed for them to have no power, and bitcoin works correctly in that respect.  This is why this whole point is moot and such an obvious joke.  If non-mining nodes were to have power, Satoshi wouldn't have had to include proof of work.  He explains in his paper why you cannot base anything on "node count" because it is so simple to sybil it.  All the difficulty in the design of bitcoin was how to make it such that non-mining nodes DIDN'T have power.  


How do you explain Satoshi's November 2008 phrase "farms of specialized hardware" then ?  How do you explain his use of the phrase "left to specialists" then ?  Of course it was evident to him.  He simply thought they would be somewhat more numerous than 3 or 4.  As I showed, you cannot reasonably expect many 1000 as the statistical lottery of winning a block becomes too fluctuating then.    If you introduce a power law distribution, like in any market, you'd arrive at best at a few 10 or 100.


They are not "validating".  They are only "checking".  That's the whole point. A full node only gives information to his owner whether the centralized miners did what he thought they were supposed to do.  If ever they didn't, his full node, nor an army of full nodes, is going to stop these miners from doing what they are doing.  And, to repeat myself, that's exactly how bitcoin was designed, to protect from a sybil attack on full nodes.  And Satoshi explains it in his paper.  

You only get information out of a full node, you don't do anything about the building of the block chain.  


It happened already.  The whole story about full nodes is simply to obfuscate that hard-to-swallow fact.  This is what I'm explaining here: bitcoin IS centralized.  Bitcoin HAS a new oligarchy of overlords.  There is the oligarchy of miner pools ; there is the monopoly of code with the oligarchy of pushers on the github repository.  And there is the handful of exchanges.  These ARE the overlords of bitcoin.  And they keep one another in check, and they care about the market, like Tim Cooke cares about Apple customers.  Because that's where their power and money comes from, in the end.


What you are talking about, are the news feeds.    Coindesk, this forum, other centralized places of news.  That's the "eyes of the market".  That's where people get informed (or misinformed).  No "full node runners" would pay attention to it, because, as you say, there won't be pop-ups.   If you would like to *demonstrate* it here, you'd link to things on blockchain.info.  You wouldn't use your own full node for that.  The few geeks who are able to look at that using their full node wouldn't be believed as much as a link to blockchain.info.  

This is what really keeps those oligarchs, our overlords of bitcoin, in check: the buzz on internet, the market sentiment, their business.  Not the full nodes.  Most full node runners wouldn't even know where to look or what to do to see this.

Guess what ?  Exactly such an intermediate system is what Dash put in place: the master nodes.  The master nodes are a PoS layer between the user and the miners.  They will make a pre-confirmed mem-pool which the miners have to include.  But it is proof of stake.  There, it are the master node owners which are the overlords, but they are more of them.


This is one of those make-believe stories again.  There is absolutely no strength in holding thousands of identical copies, because whatever that nuclear option is, it will be decided by a monopolist: Core, the overlord of bitcoin, because he has the brand name.  If not, there will be many forks.  And if that happens, how much time would it take ?  I cannot believe that they can do this in a few weeks time.  Hell, they cannot even roll out their pet LN in two years' time.  And the suspicion would be that they planned this in advance, with tons of specific hardware ready to do the new algo.  This story is of the type "I hide a big nasty dog in my basement, and if you rob me, I will release him".  "Our system is decentralized and robust against attacks, and if you dare, our Good Overlord in the basement will change the system the next week so that your attack fails."


As I have now outlined many different times, it doesn't make much of a difference, especially because bitcoin was designed not to leave power to non-mining nodes that are easily sybilled.  More nodes are very slightly better than fewer, if one doesn't introduce system limitations in order to have more of them.  Because the very very small added decentralization by having thousands of copies is not offset by the huge performance hit you introduce by taking the requirements for this into account, like limiting the amount of transactions that can be done.


No, the reason why most users are prepared to gamble on its token is because they BELIEVE it is decentralized.  In fact, not even.  They believe that others believe that it is decentralized. Bitcoin is a Keynesian beauty contest.  It doesn't matter what you find best, it matters what you think others believe will find best.

This is  why this make-believe story of many nodes is necessary, to maintain that erroneous belief.  This is exactly like one needs to do human sacrifice for the Great God Dodo, simply to maintain the belief in the power of the Great God Dodo.  If the Great God Dodo wouldn't be able to require human sacrifice, the Great God Dodo wouldn't be powerful, wouldn't he ?

In the same way, if there's no necessity to have "many full nodes", it would be fairly obvious that bitcoin is centralized.  So one needs to propagate the myth that bitcoin is decentralized, and that Joe, with his node in his basement, is "contributing to the decentralization of bitcoin".  So that you can show that there are 11 000 Joes that all copy the same data set made by 10 pools out there, and tell people "look how decentralized our system is: there are 11 000 identical copies out there, and all of them have checked that everything is OK.  Power to the people !  Bitcoiners of the world, unite !".   While the fundamental design of bitcoin was exactly to avoid any power of these cheap nodes.

From Satoshi's white paper, third page:
"The proof-of-work also solves the problem of determining representation in majority decision
making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone
able to allocate many IPs."

This is where Satoshi says that full nodes shouldn't have power.


I have no "vision for bitcoin", I'm telling you the factual, actual state of bitcoin's power structure, and how that actual state of bitcoin was already foreseen by Satoshi in November 2008, and why this is a simple logical consequence of his design.  Apart from having only 3-4 pools instead of a few hundreds of solo miners.  Yes, this goes against the narrative of bitcoin.  Satoshi wanted to make a system that works, for all practical purposes.  The decentralization narrative was good propaganda to make it going, but it doesn't correspond to reality.  When one is going to cripple the system in order to feed the narrative, one is making a big mistake.

You are expressing your "belief".  And that's what all these "decentralization stories" are about: make believe.  The Great God Dodo doesn't exist.

He did express his desire to both intentionally combat micro-tx spamming and to keep the blocks as low as possible in order to get adoption going.

...

Satoshi cared about the wellbeing of bitcoin and he tried to avoid damaging circumstances, whether it was spamming, large blocks, or even ...wikileaks funding.


As you can see he knew that bitcoin wasn't 100% resilient against all kinds of attack vectors from the get-go, and acted accordingly.


Now regarding your other point:


Your game theory calculations only deal with actors that are inside the system. They are also projections of our time period to 8 years ago, when money generated from fees were non-serious. I mean even the bitcoins generated were non-serious money.

Actors from outside the system that want bitcoin to die, can spam it to death - AND include the blocks on their own / at their own expense, because the cost of bitcoin back in 2010 was peanuts.

Why would Satoshi allow that? He'd be an idiot if he saw a vulnerability and left it there waiting to be exploited.

The point is that by PoW consensus, every previous block is voted over by PoW by the peer miners.  So if the PoW consensus is working, you might think that even if a crazy attacker makes a 10 GB block that is correct according to the bitcoin protocol, the next miner should most probably decide NOT to build upon it because he estimates this not to be the good consensus of the bitcoin state.

I think that Satoshi, who also made the *mining software*, built in this 1 MB as a MINING directive, not as a PROTOCOL specification - because bitcoin miners were also taking Satoshi's software to MINE.  In fact, in those days, a node was a mining node (one CPU/one vote).  So the 1MB limit was probably seen, by Satoshi, as the "no-go" for a honest miner to not build upon a crazy block.  Not as a protocol specification.

He couldn't of course, protect bitcoin against any serious outside attack, because bitcoin was proof of work and the proof of work in those days was peanuts.  If it would have been a PoS coin, it would have been protected (especially given the big stash that Satoshi had himself) as the attacks would be limited to insiders.  Nobody attacked bitcoin at that time, because it was considered a joke by those that would now most probably curse themselves from not having done it !

But another miner might see that another block was issued as #xxxxx instead of the 10gb block and then reject that one for not building upon the 10gb one. So it's a gamble that others will do the same...

This is why this is a consensus decision.  If a majority of hash rate thinks that the 10GB block is a good thing, then it will be included (as you say).  If the majority of hash rate thinks that it is a spam block that shouldn't be part of the consensus, they will mine on top of the smaller block.

A miner can put a lot of considerations in his decision ; in as much as other miners agree with it, his decisions are confirmed, in as much as other miners disagree with it, his decisions are rejected.

Note that the risk for the second miner is also on his side if he mines on top of the 10 GB block.  After all, the third miner may be of the same opinion as the first one, and think that such a large 10 GB block is not reasonable, and orphan the 10 GB block plus the second miner's block.  So the second miner has to try to guess what is the most likely consensus decision that will be taken by the third miner.  And so on.

Most probably, it was with this in mind that Satoshi introduced his 1 MB block size.  When he introduced it, 1 MB was way larger than any reasonable block at that time, so it was a good "miner directive" to say that blocks larger than 1 MB should be considered as spam (given we measured blocks in KB at that time).  It was a "good miners' directive" not a "protocol standard".  The idea was most probably, in Satoshi's mind, to give a clear rule to the miners as what was to be considered "prohibitive spamming".  It could systematically be put a factor of 100 or so above the "usual block size".   It was a trivial formalization of the good practice "don't accept obvious spam in the consensus decision".

But then it became part of the "protocol of bitcoin" by some crazy narrative.

It is important to realize that in mining, there's no "accumulation of success".  At the point that the second miner receives the small block from his peer, even if he was already mining (without success) on top of the 10 GB block, he doesn't lose any opportunity from switching to his peer's smaller block.  It is not because he has been mining for 5 minutes on the 10 GB block that his chances are bigger when he continues to do so.

But on top of that, chances are that he has faster the full small block of his peer rather than the 10 GB block, if his network connection is of limited capacity.  So from the moment that 10 GB is a network issue, *in any case* it will arrive late at the miner's place.

So there are enough arguments to say that there's no reason to expect that the block chain could have been spammed by gigantic blocks: miners would sensibly reject them in their consensus decision, and those blocks pay already a penalty because they lose time in network transmission.

That's the soft limit... which could be set as a parameter, like 250k, 750k, etc... the 1mb was a consensus rule - and obviously he told garzik that this would make him incompatible with the network if he changed it => https://bitcointalk.org/index.php?topic=1347.msg15139#msg15139

You're right.  Satoshi is very unclear here.  This is food for conspiracy theory  ;D  He's obviously hiding an agenda here.  It simply doesn't make sense and in complete contradiction to what he said before.  This could mean that "Satoshi" was different people, with different opinions.

Without knowing, I repeated cavenden's argument against such a limit.   Re-reading this thread, I think Satoshi had a hidden agenda, and was lying through his teeth here.  He put in a time bomb, that's clear to me now.  And some saw it immediately, but the "Great God Satoshi" was not to be contradicted if you read the priests.

I remember having read that thread, but in my memory, it was like Satoshi said it could be changed and was no big deal, while others told him it was recipe for disaster.  But now I read it again, it's obvious: he clearly knows this, that it is recipe for disaster.  Maybe the Satoshi of November 2008 is not the same person as the satoshi here...

"Don't use this patch, it'll make you incompatible with the network, to your own detriment."

It would be meaningless.  Clearly, Satoshi is dead afraid that his bomb would be removed.  Of course this is bullshit because jgarzik would, in practice, never mine a block above 1 MB.  So he wouldn't be "to his own detriment", be "incompatible with the network" most of the time.

very short answer... because it is cool to see those spikes 

To continue: Satoshi's narrative of "let's keep small blocks as long as we can, later we'll switch to big blocks, but first we have to trick people in this thing while it is small", and his code example, would have prompted, if he were honest, to indeed, include this if statement:
"small blocks until block number X".  The fact of not having included this, even while he was saying that one COULD do it that way, and given all comments, indicates he wasn't being serious here.  You can say: "hey, but Satoshi couldn't know how bitcoin would evolve, at what pace, so he didn't want to commit anything" ; but then, he didn't back away from programming an emission curve over 140 years, without knowing how it would evolve either.  If you feel secure enough to program an emission curve, you for sure can program a block size limit.  In any case, it doesn't hold water:  "a constant in the protocol one should change later" is not easier to change than "an if statement one could change later".  Both are protocol changes.  In as much as you claim that you put in the constant "only temporarily, and you guys should remove it later", you can just as well commit that "temporary" aspect in an if statement right away ("and if deemed still to early, you guys should modify it later"), putting your code where your mouth is.  He didn't.

So the Satoshi in 2010 clearly wanted it to be a permanent thing, knowing that it would give huge problems at a certain point in time, totally contradicting his November 2008 statements, but claiming otherwise, that it is only temporarily and doing lip service to his 2008 statements at the same time.  Because the OBVIOUS response, in agreement with his own statements, and with all premonitory remarks, would have been to put an if statement in the code.  He even says so, and he doesn't.  He only shouts at the guy that wanted to remove it, he tells us that one should put an if statement, and he keeps a constant "to be modified by an if statement later".

As discussed above, you can always use a more severe soft limit during mining, than the hard limit in the protocol.  But you can't remove a hard limit in the protocol without "breaking compatibility with the network".  So if you're honest about admitting larger blocks later, you should foresee in the code to remove the protocol limit "later" already NOW.  If you don't, you're simply lying.  Especially if you explain it.

Also, in as much as hard protocol constants "could be changed on the fly", nothing stops you from modifying the constants that determine the emission curve, the difficulty adjustments, and so on.  It is totally incoherent to claim that a constant in the protocol can be modified at will later and think that you are going to make a system that is going to be accepted as immutable.  If you can modify the protocol parameter of hard block limit, you can just as well change the protocol parameter that gives the block rewards, or the halving blocks or anything of that kind.

So, yes, after re-reading that 2010 thread, it is now clear to me that Satoshi didn't "make a mistake".  He put a bomb in his system.  I only realized this now, but it seems evident after all.

One can say: maybe he realized that his 2008 scaling solution was going to "centralize" is system, so he simply put in something that would push people to invent an off-chain way of using it.  In other words, he put in this limit because he understood that block chain tech doesn't scale, contrary to his 2008 explanation, and considered that people should invent something that solves it in another way.  In other words, he did this to push people to invent the LN.

But that doesn't hold water either.  Given that he didn't know whether something like the LN could even be invented, and given that he didn't know when it would be invented, and what would have been its needs, crippling the only solution you have, of which you've explained how it would scale, would have been extremely dangerous.  If the LN would only have been invented in 2025, bitcoin would have been dead already by the time it could have been invented.  That's akin to jumping out of an air plane, and hoping you'll invent a parachute while falling.

The impression I got from that little exchange is that Satoshi thought Jeff didn't realise he'd be forking himself off the network unless everyone else used the patch as well and thought it would be a good idea to point that out.  It was probably a fairly sensible idea to avoid a situation where half the network would obliviously run the patch and half didn't run it, thereby splitting the network and making a complete mess.



Again, the "narrative" of keeping blocks small wasn't Satoshi's (https://bitcointalk.org/index.php?topic=946236.msg10388435#msg10388435).  Satoshi merely went along with the idea after hearing what must have been some pretty convincing arguments.  In many ways, it's a shame we'll never get to see all the communications exchanged between Satoshi and Hal Finney, given their historical significance and the tremendous impact those conversations had on how this has all unfolded over time.  It's also likely Satoshi didn't envision themselves withdrawing from the community when they did, effectively exiling themselves and going into hiding.  There's no way they could foresee the WikiLeaks donations thing in advance, which was clearly a catalyst in prompting Satoshi's decision to leave.  So it's entirely possible Satoshi did have plans to alter it later, when it became the contentious issue it eventually did.  When Satoshi left, blocks were still nowhere near their full capacity, so it could well have been something "on the back burner".  But sadly we'll probably never know for sure.

I certainly don't get the impression it was anything malicious on Satoshi's part, though.  That's a bit of a stretch.

That's obviously not the case, as I tried to point out.  First of all, Satoshi couldn't know what would be the fraction of the network that would apply the patch.  So by applying the patch, Jeff might just as well get the majority behind him, and it would be to the detriment, not of Jeff, but of those that didn't apply the patch.  The fact that Satoshi assumes that Jeff would automatically be in minority - or at least, wants Jeff to be afraid to be in the minority - is telling.

But secondly, assuming that Jeff himself wouldn't mine, himself, a lot of big blocks (one can hardly think of Jeff wanting to spam the network himself), and assuming that the rest of the network WOULD filter out the big blocks, and only make a small block chain, Jeff wouldn't, at all, "make himself incompatible with the network".  Jeff would accept ALL the small blocks made by the network.  Most probably, Jeff would mine, himself, also only small blocks and get them accepted by the others.  The only difference between Jeff's code and the rest of the network, under the assumption that they don't follow Jeff's patch, is that Jeff's node is more permissive.  So he won't be incompatible with the network.

Satoshi is telling bullshit here. And I can't imagine that he doesn't know.  At no point, his phrase, that it would be "detrimental to Jeff", is true. It would ONLY be true in those rare circumstances that Jeff wants to mine a big spam block, and the majority of the network doesn't follow him.  And it would only be detrimental for Jeff's PoW on that sole block. Jeff's node would accept the fact that his block was orphaned, and that another chain with smaller blocks took over.  From then onward, Jeff wouldn't be "incompatible with the network" any more.

So this is simply utterly wrong.

The only "dangerous" situation is when Jeff is in majority !  When Jeff-like majority miner nodes mine a chain with big blocks, and the minority Satoshi-like nodes don't accept this, and mine their own prong - or adapt.  At no point, anything is "detrimental to Jeff".


I have a hard time imagining that Satoshi didn't understand what he was saying, but nevertheless said it.  I have a hard time thinking that Satoshi:
1) didn't understand the arguments of the danger in the long term of locking in the 1MB limit
2) didn't understand that not applying this limit didn't exclude you from the network at all
3) was capable of suggesting how it could be done safely with an if (blocknumber < ...) {limit} but didn't do so
4) but nevertheless said that it was dangerous to remove his constant as it would exclude you !

except of course if Satoshi was just a sock puppet of Hal Finney and didn't understand zilch himself of this stuff.

It simply doesn't fit together.

You cannot talk about our great leader like that because without him we would not have mining coins using CPU-Wars
so that "Big oil" sells more to big electric corporations and where would Intel and AMD be today with out all that
wasted processing power.

I mean Satoshi developed a system so unemployed miners could become full nodes and provide transactions
services so they could pretend the current "Block" is so valuable that people are willing to pay $20 or more just
to have 250 bytes of data written to it.

No sir you fail to understand Satoshi contribution to the world where 20,000 miners do PoW (Waste more CPU power)
and seek to put men out of jobs (Like 95% of miners) and should seek redemption and "Buy on the dip" because your
blasphemy endangers the maga-carter or was that the word word here  :D

More than just me and you have started to work it out and if you take an objective look at the lighting Network
then the long term goal become obvious that bankers own the Bitcoin network and want a bigger cut of the profit
 

To sum up, :

1) The wisdom of keeping block size at 1MB has yet to be realized.
2) It currently sucks though.
3) There are several strange and plausible theories as to why it could
be genius/intentional, and if any of them turn out to be true we are
probably all going to go a little bit crazy.

I think that sums it up quite well  ;D

In fact, Intel and AMD didn't profit a lot in this.  If there's one company that even has production problems because of PoW, it is Nvidia, and not for bitcoin, but for ethereum and a few others !  Also, I don't think it is Big Oil that profits, it are the Chinese charcoal mines.  Mining is to be seen quite more literally  :D

What is startling in this story, is that one almost has the impression that Satoshi's intellect is waning.  His premonitory views in November 2008 were much more to the point than his "incomprehension" in 2010.  Is this because Satoshi was bright, but easily influenced by a dumb ass big mouth that talked him into nonsense ?  Is it because the Satoshi of 2008 was not the Satoshi of 2010 ?  Was Satoshi ill ?  Was he consuming drugs ? Did he get hit on the head ? Or is this the obvious impression that you get from someone trying to trick you into something (a set of lies always look less smart and coherent than a truly brilliant idea) ?

You can't be smart to a point of foreseeing, without one single working system in nature, how thing would evolve in 2008, and be obtuse to the point of failing to see the obvious when it is even spelled out for you by other people in 2010, unless you are someone else, or you were hit on the head, are ill, or are lying.

This is what occurred to me recently ; until now, I simply thought: "well, a big mistake in 2010, but everyone makes mistakes, Satoshi was a bright guy but not a genius".  But now, as I said, the pieces just don't fit together.

What is remarkable, even though nobody ever said it, is that bitcoins' system itself has an indicator of the necessity of the block size: the difficulty !  The difficulty measures the market value, the size of the user community, the technological advances, and the investment mining nodes make in PoW (and the rewards in value they get).    It is quite obvious that things like storage costs and network burden, and their economic cost, are going to be proportional to this.  So it would have been rather obvious to scale block size with difficulty.
The bigger and more valuable the network gets, the more NEED there will be for transaction room, and the more MEANS there are to afford storage and network capacity.  It would also solve the "end problem" of no coin emission, to a point: if fees are too low, and finance PoW, difficulty falls, the blocks shrink to a point where the fee market kicks in, until an equilibrium is reached where the block size allows for a reasonable fee, paying for a reasonable amount of PoW, giving rise to a reasonable difficulty, as a function of demand for transactions, and market price of BTC.

How could satoshi nakamoto have known this maasive scalability might hit bitcoin? Dont forget that bitcoin was the first and foremost cryptocurrency, and other coins have only tried to perfect themselves only based on limitations of bitcoin and learning from it. If bitcoin had not been there,  there would not be these better solutions we are seeing now either

Because he wrote it in November 2008 maybe ?  http://satoshi.nakamotoinstitute.org/emails/cryptography/2/

He kind of expected time to solve the bandwidth/storage issue, and he was correct: In this issue it's time that makes the impossible => possible. Because over time, network and computing technology evolves. The impact of 100gb/day will be different on the networks and PCs of 2008 compared to those of ....2028 or ....2038.

He could fast-forward scaling by changing the network topology from p2p to client-server, but that's not a novelty. Visa does that, Swift does that, etc etc. The novelty is doing it on a peer-to-peer basis, because as he pointed elsewhere in his writings, governments are pretty efficient in shutting down alternative payment systems that operate in a centralized manner.


Garzik would fork off and mine orphans... you can call that detrimental.


When I first tried to download the bitcoin client and set it up on my linux box, it started downloading... and I waited, and waited, and waited, and was hearing my hard disk going crrrrr-crrrrr-crrrr from all the seeking and writing, etc etc... after waiting for quite a while and seeing no usable program that I can play with, I got angry. I said "what the fuck is this doing for so long? what the hell is this?".... And I erased the entire folder condemning bitcoin for the bullshit that it was.

In other words I was prevented from even trying it out by the problematic user experience of having to download a lot, and the associated problems of hard-disk seeking which was making my system crawl.

Big blocks, spamming, etc, definitely had a real potential to significantly reduce user adoption. I speak from experience (it prevented me at an earlier stage compared to when I eventually got in).

If a genius mind invented such a game-changing technology, it doesn't mean it was part of the CIA or any other government entity.

Bitcoin was probably just an experiment, Satoshi probably never thought it'll get this far and maybe it was not even what he wanted. If BTC would've NOT been an experiment but a cryptocurrency meant for the everyday use, I think he would have written a completely different code. On the other hand, even genius minds sometimes make mistakes. Genius doesn't mean 100% perfect. Look what Satoshi said in early 2009 regarding the scaling of Bitcoin (source https://pastebin.com/Na5FwkQ4):


My question to everyone saying it was not just an experiment is: if that's true, why did he ask coders for help? I understand BTC is open-source and all that stuff, but if he would've considered it perfect, there would've been no need for help from his side.

However, this is only a kind of speculative thing. Unless he comes back and answers every single question, we will only predict the answers but nobody will ever know which one is true and which isn't. But I do not think he'll ever come back again. He left us alone with a reason. Remember what he said regarding WikiLeaks (source https://bitcointalk.org/index.php?topic=2216.msg29280#msg29280):


He was afraid of something, or hiding from somebody. I wouldn't deny the fact that he is most likely still around here on our forums, maybe even reading this thread though.

His solution of November 2008 was perfectly alright:  there would be a class of "specialist mining nodes with farms of specialized hardware", and these nodes would be keeping the block chain in full.  They would also act as SPV servers for the light wallets of the millions of users.

Given the investment that "specialist mining nodes" make in their mining hardware, the extra cost of storage and bandwidth, to serve the normal, non-mining users and their SPV wallets, is relatively small.  The "specialist mining nodes" would be small (or big) data centres.  They could serve of course all the normal, non-mining users.

The network and storage load of an SPV wallet is much, much lighter, as Satoshi explains.  So normal users are not concerned with big block chains. It is good enough to autonomously verify that one isn't telling you jokes, and that the transactions you see ARE part of the block chain.  For Satoshi, you only run a full node (with all the data and network burden) if you also "try to make coins" (that is, mine).   A full non-mining node was an absurdity for Satoshi.

As such, even today, his solution can perfectly scale to VISA levels.  The only caveat is that it shows the de-facto centralization in bitcoin.  Satoshi was thinking of hundreds or thousands of "mining nodes".  In reality, we have a handful of mining pools.  



Of course he wouldn't, most of the time.  At that time, there weren't enough transactions to fill a block near to 1 MB, and even if he did, he would only make an orphan, not "fork off".  There's nothing dramatic by having an orphaned block.  Until the middle of last year, miners regularly had blocks orphaned.  It is only when bitcoin mining centralization was complete, that no orphans are made any more (since June 2017 more or less).

The limit was way way higher than the size of needed blocks back then, so there wouldn't be any sensible reason to make such blocks.  So limit or no limit, a normal, well-behaving miner (I count Garzik amongst them) wouldn't, ever, make a block larger than 1 MB.  And if you don't make such blocks, you are going to make blocks that are compatible with the others.  And you accept all blocks by the others.  

Again, the only problem would have been if Garzik's patch were majority adopted, and the problem would then be for those that kept their minority hard limit.  At no point it would have been detrimental TO GARZIK:

- Garzik in minority: accepts still all blocks by others ; will normally only make blocks also accepted by others if reasonable ; if not reasonable, will only make a single orphan monster block.  --> not really detrimental to Garzik

- Garzik in majority: everybody is making big blocks and having fun, except for a minority that keeps the hard limit: they will make a small minority chain that has forked off the rest.  --> also not detrimental to Garzik and his majority.



That's because you should have used a light wallet like electrum.  Electrum is a SPV wallet, like Satoshi proposed for normal users in November 2008.  If your idea was not to mine, there's no reason you download that huge block chain (unless, like me, if you want to look at it with a hex editor...)

I started out in bitcoin with electrum for my own coins.  I only installed, for fun, a full node during a few years, but I never used it for anything else but to look at the blockchain.  As a wallet, it wasn't great.  I didn't want to use a non-HD wallet.  Using a non-HD wallet is very dangerous, because there's a point in time, when you do a transaction, that the very single only place where your private key resides, is in the wallet.dat file.  If at that moment, your disk scratches, you've lost potentially all your funds.  Even if you made a backup 4 minutes earlier.  Very dangerous. 


I could also say: Youtube is bullshit.  I wanted to download the entire datacenter serving Youtube, and it took me a month and a truckload of hard disks.  And I only wanted to look at a single video.  What bullshit, Youtube.  But people don't download all of Youtube to look at a single video.  They connect to a Youtube server, and take what they need.  

As a bitcoin user, you are only interested in a very small part of the block chain: those transactions that you are concerned with (to you, and from you).  That's what a light wallet downloads, together with the cryptographic proof that it is indeed, part of the block chain.  That's what Satoshi already said in that November 2008 mail.

The master of deception brought us the block-chain but also CPU-Wars for mining and then the development team spent years
making everything complicated and now we are at a stage where we have 20,000 miners trying to synchronize 200gb of data and fees
hitting silly levels as a way to deal with scaling of the block that they knew from day one would not scale.

"would not be these better solutions we are seeing now either"

We are seeing much better solutions and they are gaining ground on Bitcoin and will do 25,000 per second on-block apparently
without introducing banking hubs like is happening with the Lightning network.

Mr satoshi nakamoto solved one problem and gave us ten more and he forgot the missing link
that I believe that I have found but here is not the place to go into detail or any tom, dick or harry
will say that they came up with it first.

The mans a legend because it is a legend and he looks like double crossing CIA agent to me for the reasons
that I have listed.

Satoshi can't decide the implications of his random choice. Maybe happiness and luckiness come with him!

The real danger of this thing is actually that bitcoin really becomes secure with PoW only when its proof of work consumes demonstrably more than half of the world's electricity supply.  Maybe bitcoin is the first
https://wiki.lesswrong.com/wiki/Paperclip_maximizer

It turns essentially everything into mining equipment.  First, it enslaved humanity's greed as its work horse.  Now it wants them to make mining equipment.  Maybe between 2008 and 2010, Satoshi realized this, and wanted to stop that madness with a finite block size ?    ;D

One can estimate (I did it elsewhere) that if all world financial investment put 1% of their holdings in bitcoin, we will be forced to consume 1/3 of world electricity production for mining.  Give or take a rough factor of a few.   Maybe between 2008 and 2010, Satoshi did this simple math too.  I'm surprised nobody else did.  It's quite simple.  Here is the outline.

The state of the art mining is the S9 antminer, consuming 0.1J/GH.  (Joule per Giga Hash).
The current hash rate of bitcoin is of the order of 20 billion GH/s right now (that is proved proof of work).  So the very minimal energy consumption of bitcoin right now is 2 GW.  
But right now:
 - bitcoin's miners are most probably a mix of newer and older technologies, consuming more
 - with the very recent price increase, right now mining is very, very profitable (cost of mining much lower than block rewards+fees in the market).  One roughly estimates this a factor of 5.  This is why hash rate is strongly rising, even if price is dropping: hardware installation hasn't caught up yet.

==> at about $10 000 / BTC, we can roughly estimate the equilibrium power consumption at 10 GW (5 times the lowest possible one right now).

Now, what is bitcoin's maximum "success" market cap ?

If bitcoin is a currency, it will eat away the fiat market, which is several tens of trillions of dollars.  ==> factor of several x100 from now.

If bitcoin is a speculative asset (most likely), it will eat away at the speculation finance market.  That's 2 quadrillion world wide (the derivatives market).  ==> factor of 10 000.  If bitcoin represents 1% of all investment in this market, ==> factor of x100 from now.

So everything points to a factor x100 if bitcoin is a total success story: "most of currency" or "1% of speculative assets".  Personally, I think everything points to speculative asset, but that doesn't matter here.

If x100 in market cap, also x100 in mining power consumption.  Not 10 GW, but 1 TW.  World electricity production: 2.8 TW.

QED.

Very funny to see discussions about scaling whine about *disk space* if you realize this.

I don't think so.  I've been pondering such, but there are too many things that indicate that he wasn't a 3-lettre agent.  I rather think of the following.  "When an honest man realizes he made a mistake, there are two possibilities: he stops making the mistake, or he stops being honest".

I think Satoshi was "real and honest" in 2008.  Maybe he realized there were severe mistakes in the principles of his system later, but didn't want to stop it openly.  Maybe his 1MB block limit sneaked in was his last attempt to save the world from his Frankenstein paperclip maximizer.

I think 1MB is arbitrary, and just happens to be the status quo.

As I understand it, the people who want to keep blocksize as is want to maximise the odds of someone from a developing/under-developed country being able to eventually afford running a full node. Bitcoin is not just meant for us in developed nations, but the world.

Ironically, right now, transaction fees are such that these very people won't be able to use bitcoin. So that is a bit sad.

However, there are supposed to be scaling solutions in the works that don't require increasing the block size.

Personally, I'd rather have these scaling solutions put in place before we exclude a whole bunch of unbanked individuals just because we're impatient and want to play with our new toy.

As Satoshi explained in November 2008, and as I outlined here and on several other occasions, there's strictly no need "for poor people to run a full non-mining node".  You run a full node only if you're a mining pool (you have to), or if you have a very large vested interest in bitcoin and in the ability for a lot of people to connect their light wallets to you.  Also if you're a geek, and want to analyse aspects of bitcoin's system on your own.  But running a full node doesn't add much to the power decentralization aspect of bitcoin.   To be a bitcoin user, and to be secure, you only need a SPV wallet (like electrum).   An SPV wallet proves that all transactions you're looking at, are part of the one and only block chain out there, produced for you by an industry of miners.  You cannot screw someone with an SPV wallet in thinking that a transaction was part of the block chain while it isn't.  That's all you need, and Satoshi explained that already in November 2008.

Given the stakes of the bitcoin system, big players can afford big blocks and big block chains.  Small players have in any case nothing to say concerning the actual block chain, they can only VERIFY that they are using the "right" one.  An SPV wallet does that perfectly for them.


Yes, but that is the idea.  Bitcoin is a very highly speculative asset, and a dangerous unstoppable paperclip maximizer.  It is not a currency at all.  So poor people have nothing to do in bitcoin in any case.  This is deadly finance, not "money on the internet" in any case.

There was a very lucid analysis posted here long ago: https://bitcointalk.org/index.php?topic=57.msg390#msg390

However, what that person failed to see is that bitcoin continues to bubble.   It doesn't die.  It goes from one bubble to the next, bigger and bigger ones: 2011, 2013, 2017.  Bubble -crash - bubble -crash - bubble - crash.  Of course, this will run out of greater fools and once all potential greater fools have been in the game, it is over, as the poster suggested.  What he didn't realize is that if there's a multitude of such systems in competition, you don't have a single greater fool game, but a "speculative market".  A speculative market can continue to bubble and burst indefinitely.  That's called "finance".

The 1 MB limit in bitcoin, that harmed it sufficiently last year to lose its monopoly position it held until then (rarely less than 80% of whole of crypto), opened up the market.  If bitcoin would have been on its own, it would have ended in a big final bubble as that poster explained, once we've run out of greater fools.  But if there's a market, where one asset rises while the other falls, the game can be played indefinitely.

So the 1MB limit, destroying bitcoin's monopoly, has also made this giant paper-clip maximizer indestructible, by turning it into a highly speculative market no big player will be able to resist.


Bitcoin has nothing to do with the "unbanked".  It's not money.  It could have been, if the suggestions in the post I quoted, had been followed.

Ask yourself the question: suppose that I was an evil genie wanting to destroy the world with a paperclip maximizer, but I only have myself and my  computer, how could I possibly do it ?  

I could spend my modest savings into trying to build a robot doing so, but I would be ruined, the army would come in, and bomb it.  Game over.  No.  I have to invent something that will trick people into putting themselves a lot of resources in making paperclips.  How ?  I could try to make people make "paperclips" (that is, something totally useless that eats up economic resources), and reward them for it.  But I don't have the world's finances to reward them for it.  I'd be ruined before doing any bit of damage.    I can't ask them to sell there useless stuff to ME.  But if I can trick them in selling their useless stuff BETWEEN THEM, it might work.  

However, how to trick people into thinking they can sell useless stuff to their neighbour ?  By letting them think it is going to grow in value !  If I can trick people in using more and more resources to make something that is useless, but which they can sell to their neighbour for a higher price than the cost of what they made, I'm done !  Now, what could that useless thing be ?  It can't be something physical.  This has already happened, gold rushes did happen, and did a lot of damage, but not enough.  Something virtual then.  How can I have people use a lot of resources to make something virtual ?  It must be the result of a difficult calculation.  If I could trick people in selling one another results of a difficult calculation, in such a way that people need more and more resources to do those calculations, and can sell these results for a higher and higher price, I'm done. But how can I get people to get to think that the results of there difficult calculation will be worth more than the price of the resources they put into it ?  If I could present those results of difficult calculations as a kind of rare jewel that, for the moment, is still a bargain, that might work.  I can bootstrap people's greed into using more and more resources, to make less and less of these rare jewels.  I only have to find a regulating mechanism so that people will always get rewarded sufficiently for the resources they use up.  How can this be done ?  By organizing a competition of difficulty of calculation of course.  If I can have people compete, and bid up in resources, to solve more and more difficult calculations, using more and more resources, their competition will always be such that they spend almost as much value on the calculations as they expect to obtain by selling them.  In return, if they use more and more resources to make less and less of these jewels, the first holders of these jewels that got it against very little expenses, will now be rich.  That will inspire more and more people to join the rat race, because they also want to be rich.  This will only stop if we're running out of resources to make these rarer and rarer jewels.  I'm done.

Now let's invent a story that sells this to idealists that will do the honest mouth-to-mouth service in the beginning and who are above all suspicion.  Mmm.  We could say that we want a "freedom money".  Ok, here we go:
  
"I've been working on a new electronic cash system that's fully peer-to-peer, with no trusted third party..."

Well, that's why there is a current "civil war" within the Bitcoin community because of this. There are groups that want to scale Bitcoin and others just want to stay in place. Again, that's why the forks of Bitcoin Cash and Bitcoin Gold happened and I believe there are more to come or happened already.

BCH has an 8MB block size limit if you're looking for one with a bigger block size.

Wow. I didn't expect this thread to get so many replies. glad I could spark up a discussion  :)

Some great points raised.

Makes Satoshi sound like John Kramer!

Mmm.  Makes me think.  How about a future vision of a "cryptofatwa" ?  Remember Salman Rushdi, who had to hide because he had written a book that was to the disliking of some Islamic leaders in Iran, who pronounced a fatwa over him ?  There was a call to kill Salman, and the "reward" must have been something akin to virgins in paradise or some other thing.  Now, in as much as virgins in paradise sound like an attractive reward, you still have to be convinced in it before you think that going to kill a guy because someone said so, is a reasonable thing to do.  Nevertheless, it scared the hell out of Salman Rushdi and the British government that tried to protect him.  But one could still go and ask, with "convincing arguments" that the pronunciation of the fatwa be undone.

Let us fast-forward to our crypto paradise in a few decades, when crypto rules finance.  Of course, an obvious application will be life insurance.  if someone dies, automatically, smart contracts are put into work to pay the beneficiaries.  There's no reason why this big part of finance should not be crypto-ized, right ?  Now, consider the following: if, by sufficient atomic swaps, I can put together a fatwa contract on one or other crypto smart contract chain, so that a large amount of another crypto currency (say, bitcoin) will be given to the guy or girl that goes and kills a specified person ?  The contract will be triggered by a minor life insurance contract on his real-world identity, to indicate that the target was killed.  The potential murderer has to stake some amount of coins, together with a payment address to him, somewhere else on another smart contract, before he kills the victim, within a given time slot.  If the victim's death is not acted through the oracle of the life insurance contract, the potential murderer has lost his funds, and these are added to the reward of the next candidate-murderer.   So, there's a smart contract that runs a cryptofatwa on Joe Schmoe, and offers, say, 1000 BTC to his killer.  If Jack proposes himself to the contract as the candidate murderer, he has to put, say, 100 BTC stake.  This locks the contract (no other murderer can apply) for, say, 3 weeks.  Jack submits in his payment also an address for his reward (his mother's address).  If the contract observes that Joe Schmoe is dead before 3 weeks, it verses 1100 BTC to the address Jack provided ; if not, Jack lost his 100 BTC, and now the contract is open again, and the reward is now 1100 BTC. Maybe Jack simply needed more time: he can stake again.  Or, Joe Schmoe may stake himself, to win 3 weeks of his life.  And stake again, and again, and again.  But for each 3 weeks he buys himself for 100 BTC, he augments the attractiveness of his killing !  Of course, it is maybe wiser to use ZCASH or monero or the like.  The LN technology makes this possible once atomic swaps are implemented.  Note that the contract remains valid, even if the police traces me, tortures me, hangs me, and burns me publicly on a stack in the middle of town.  I launched it, but I cannot stop it.  Even if I'm dead, it will keep running.

Once we have such crypto fatwa, the door is open to unlimited bribery.   What if I ask a politician to vote against a crypto-limiting law, or a crypto fatwa will be launched against his daughter ?  Ok, I can go to jail.  Would the judge dare to convict me BTW ?  Ok, I may even regret what I did.  There's no stopping this thing.

Let us up the stakes a bit more: let us now have a self-propagating contract over all descendants of the victim.  The crypto equivalent of what the Knights Templar did when he cursed the French king until the 13th generation.   But with earthly rewards for the killer, or his family, not promises of virgins, paradise or whatever religious smoke and mirrors....

Is that good enough as a John Kramer story before bed time ?   ;D

Yes it's getting a bit like that around here too if you offend members of the bitcoin faith, they attack you and
spew out all kinds of bullshit.

My understanding of contracts on ETH is you can write one to move money from A-B and take a commission fee
but have code within the deployed contract that says on the 1st June 2020 send all payments to my account.

Bitcoin is only pretending to use smart contracts because no one has told me how to upload "Smart contracts" or
even what the scripting language will be so maybe it's some values on the Lightning Network where the banking
hubs can set the transaction fee or something.

EVO seems to have the best "Smart Contracts" and windows developers can write them in C# or even use Java-script
 

I just fell on this gem by Satoshi.  It makes me think that Satoshi didn't fully understand his own system.

http://satoshi.nakamotoinstitute.org/posts/bitcointalk/188/

"I anticipate there will never be more than 100K nodes, probably less."

Unless Satoshi has a sense of humour and of understatement, and given that he previously wrote:

http://satoshi.nakamotoinstitute.org/emails/cryptography/2/#selection-67.0-75.14

"Long before the network gets anywhere near as large as that, it would be safe
for users to use Simplified Payment Verification (section 8) to check for
double spending, which only requires having the chain of block headers, or
about 12KB per day. Only people trying to create new coins would need to run
network nodes."

he's anticipating there would be less than 100K mining nodes.

Let us think through what that would mean if there were 100K nodes, each having, in the best of cases, exactly the same hash rate.  Given that there will be generated 52000 blocks per year, it means that each node will on average win one block every two years.

Now let us see what that would mean.  Given that finding a block is a Poisson process, the probability of not finding a single block in time T will be:

P(T) = exp(-T/(2 years).

It means that the probability that you have been mining for 4 years is 13% ; it means that the probability that you have been mining for 6 years and not one single block, is 5%.

Who could support the costs of mining without revenue over such periods ?  Most probably your hardware is obsolete before you had anything!
Can you imagine having started mining in 2013, and still not have a single block ?  Not one cent of revenue ?

In reality of course, not all miners will be equal, which makes it even much, much worse for the smaller ones.  In reality, one could at most expect a few hundred solo miners.  We observed that the market decided upon 10 or something.

Hal Finney predicted "more or less" LN back in the day:




But LN is much better than what he envisioned.

And this post is very old, but they already knew it wouldn't scale on-chain. People buying coffees on-chain all over the world fast and cheap was always delusional, but LN can save the day.

Satoshi also predicted people going against blocksize increases:



I don't believe in conspiracy theories, everyone was trying to do what was seen as best at the time. Satoshi didn't predict big centralization in mining, so we can't have huge blocksizes, it will need to scale off-chain. LN is the best technology out there to scale a coin worldwide. If it fails, we can always go back to layer 0 and still have decentralized enough network and use it as a store of value only (yes, Bitcoin IS decentralized, when was the last time you saw a miner selecting a transaction he didn't like and blocking it? because that is what decentralization is, being able to donate to Wikileaks freely, and same goes for the protocol, no one can change it in a centralized fashion; sure the mining could be better, but the power distribution is spread across different parties enough to be called decentralized, as for the initial specs of Bitcoin (that is, 21 million limit coin, the blocksize, and so on).. well, it had to start somewhere, I don't know what you suggest there.

Ah, that's interesting.  When you contrast that with Satoshi's November 2008 e-mail, where he clearly explained how 100 MB blocks were no problem, and how users would use SPV clients ; and when you see that Hal Finey was the one pushing for the 1 MB limit according to some, we now see that Hal Finey finally took power over Satoshi.  Hal Finey is writing here exactly the same objection that Satoshi already replied to in November 2008: "of course we don't send all transactions to all users".

Satoshi never had any doubts about the scaling non-problem from the beginning. Most users simply didn't need the block chain, and that's exactly why he introduced the SPV possibility with the Merkle tree - otherwise there's no need for a Merkle tree structure in Bitcoin ! The very single only reason Satoshi invented the ordering of the blocks in a Merkle tree, is that this allows SPV.  If blocks are to be used as a whole, you can simply calculate a single hash of the entire block.  Nowhere else do you need any Merkle tree.  The Merkle tree is a way to have a minimal number of steps of verification of presence of a piece of data in a block, and really becomes useful only when blocks are very large.
Otherwise you could even resort to a sub-list, that is, a block is a linear list of transactions, and to each transaction corresponds a hash, that can itself be included in a hashed linked list of "hash blocks" all the way to the block header, containing the hash of the last "hash header".  The problem is that this list goes as N, when N is the number of transactions in a block.  A Merkle tree does the same, but the depth goes as log2(N).  This becomes a significant thing when N becomes very large, that is, when blocks become very big.  For 1MB blocks, with some 2000 transactions in it, this is not yet very significant.  If, in order to check that a given transaction T is in a given block, you need to get that famous "linked list" with 2000 entries, to see that your transaction T was indeed, in the K-th entry of those 2000 entries, that's still very feasible.  However, for a block of 100 MB, looking in the list of 200 000 entries, or looking in a path of the Merkle tree, only 18 steps deep, is a hell of a difference.

So from the very start, Satoshi designed bitcoin as a very big block system, of which only mining nodes need to have the full data burden, and of which all other users use SPV and connect to one of these nodes.


Nope, it wasn't in Satoshi's vision.  But clearly Hal Finey didn't understand Satoshi's vision, or didn't agree with it.


That's very funny, because Satoshi takes here the entirely opposite stance than when he laconically wavered Jeff Garzik's opposition to him introducing this limit in the first place, away, for exactly the same reasons.


If mining is centralized, bitcoin is of course centralized, and everything you build on it just as well.  The problem is that people see decentralization as a goal, while it was a tool.  Decentralization was a tool to make bitcoin work correctly.  After all, the ONLY thing you want from bitcoin, is that you can do transactions, and verify transactions.  Exactly how that comes about, doesn't really matter (unless it becomes a kind of sales argument in itself of course).  Whether it is the impossibility to leave a Nash equilibrium because of "massive collusion needed too difficult and too impractical to be plausible", which is the decentralization method, or by market forces ("if I do stupid things as a miner, my entire investment in hardware will become an expensive doorstep"), it doesn't matter.  What one simply wants, is that one can do transactions, that's all bitcoin is good at.  Even if bitcoin were entirely centralized in one big data centre, but because of its investment and market forces, it kept on running bitcoin as it should, that's just as good.


Well, as I just said, decentralization is a tool to obtain a result ; but other tools can work just as well.  So it is not because you see that the system works well, that you can conclude that decentralization is at work.  In fact, if you think about it, you see that it isn't the case, because it is very easy, TECHNICALLY, for this to fail.

You know very well that there are 3 or at best 4 mining pools that make a good majority of the blocks. If these 3 or 4 entities sit together and decide NOT to include a given transaction, and NOT to mine on a block that includes this transaction, then, I hope you agree with me, that technically this transaction will not be included.  Simply because with the hash rate they command, the longest chain rule will never include this transaction.  Other mining pools including this transaction will make orphaned blocks ; or they can be informed that they shouldn't even try.  You know just as well as I do, that *purely technically*, according to bitcoin's rules, that is perfectly possible, and nobody violated any rule in doing so.

A decentralized system would not permit such thing to happen, because 2000 people would have to agree to do so, and the hypothesis of decentralization is exactly that such a collusion is not going to happen because too massive, too difficult, and internally too inconsistent.  That's the core idea of decentralization: a super-Nash equilibrium that can only be broken by such massive collusion, that that collusion in itself, is not realistic.

Well, in bitcoin's mining landscape today, this kind of collusion is theoretically extremely possible.  I use to joke that bitcoin is more centralized than the Euro.  In order to decide something for the Euro, 15 finance ministers have to agree ; in bitcoin, 3 or 4 mining pool owners have to agree.

But, I agree with you, this is not happening (yet).  Why is this not happening ?  Because of the market. Because these mining pools and their miner subcontractors have a lot of investment in bitcoin mining, and if ever this would get known, their mining equipment might become an expensive doorstep.  But if that argument holds, then a totally centralized miner will be just as sensitive to this, and will just as well let through all transactions.

So, bitcoin can work, even though its functioning is not any more guaranteed by a decentralized game theoretical argument ; now it is a market sensitivity argument.  Miners are in the business for money, they don't want to risk their investment.  Whether they are 1, 2, 3 or 200.

But let us now think of something else.  Let us now think of bitcoin being legally accepted everywhere, and is legally framed, and recognized as a form of legal tender.  Let us also suppose that you get legal permits to be a bitcoin miner.  Given the huge amounts of energy that go into bitcoin mining, it is not a "do it in your basement" kind of activity, and you cannot do that underground.  We're talking about industrial installations, and these can very well be legally framed.  You might even get preferential electricity prices on the condition that you are registered.  Nothing tells you that this legal frame may include a clause that puts you in a legal difficulty if ever your mining contributes to forbidden transactions.  As such, as a miner, you better connect to a mining pool that respects those engagements.  You can set up a contract, and the mining pool engages in only using your hash rate if it doesn't approve transactions given by an international committee (say, linked to Interpol or the likes). Your mining pool is now legally bond to not include such transactions, and not mine on top of blocks that do include such a transaction. But if you respect that, you're not only legally OK, you even have advantages like cheap power.  You pay taxes on your benefits, and you can enjoy your rich life of a miner in all legality.
If there is enough international collaboration over this, a majority of hash rate can fall in the hands of such legalized mining pools.  If they reject a transaction, they have a good legal reason to do so.   If the 4 or 5 most important mining pools are legalized that way, they will also be very attractive for industrial miners (they have contractually to do so).

Where's your decentralization now ?  You know that technically, the 4 or 5 majority mining pools can do so.  Now, they have a legal incentive.  Do you think your LN will save you from this ?  What idiot is going to lock in his coins with an entity that might get all further transactions blocked ?

This Gedanken Experiment shows you that if the bitcoin layer is centralized and potentially censored, the LN on top cannot be less censored. You cannot "win in decentralization" on top of a centralized system.   That's the equivalent of thinking you can run safely some code on a compromised computer.

The SPV system that satoshi described involves fraud proofs, which are proofs that miners did not commit fraud. However we have no such thing today. From the paper (emphasis mine):

Satoshi realizes that SPV is not secure, and that some method must be implemented in order for SPV nodes to know that they are not being defrauded, e.g. by full nodes giving them some alert. But the Bitcoin network does not support such a thing, so Satoshi's "SPV vision" does not work until such proofs can be made and be provably sound (i.e. you can't fake a proof).

I never understood that SPV was a check on the correctness of miners.  After all, without having all transactions explicitly you can never know whether or not these transactions were valid.  You cannot know whether there was a double spend or not.  You cannot know whether the signatures were valid or not.  You need to download the entire block to be able to verify that.
You cannot even begin to consider an SPV system that verifies the correctness of miners' verification work of a block.  So that could never be part of it.

The SPV system is not something that "keeps miners in check". The SPV system is a cryptographically secure way to know that a given transaction is part of a given block chain.  In that respect, it is working, and it is working correctly.  Wallets like electrum work that way as far as I understand.

In an SPV system, if one is given a transaction T, a leg in a Merkle tree M(T) leading to T, and the entire header chain, of which the top of the leg M(T) is included in the header chain, you know for sure that:

- this transaction T is part of the block B with the Merkle Tree M of which you have the leg M(T).
- this block B is part of the block chain of which you have the header list H.

From the header list, you can check the amount of proof of work.  In fact, one cannot give you a fake SPV result without at least having spent the proof of work leading up to the block block B ; but if you have the header list H, one cannot give you a fake SPV result with less than the proof of work in the entire list H.

It is sufficient to check that the list H is part of the actual block chain that is being produced by the mining pools, to know that you are having a genuine transaction in the currently accepted consensus block chain.   So the only things you need for SPV to be absolutely foolproof is:
- that the header list H is sufficiently recent
- that the current mining pools are working on top of this header list.

As such, you simply need to request the last part of the header list H' from a few of the principal mining pools (or from a few full nodes of which you think they are up to date) and you know cryptographically that the transaction T that has been shown to you, is included in the currently accepted consensus block chain.   Note that it is essentially impossible that the currently active mining pools would be lying to you, because in order to lie to you, they would have to spend a lot of proof of work to give you a fake block header list ; moreover, it would be very difficult for them to do this in a simultaneous way.  They would need to spend as much hashes on the top list of, say, 10 blocks, than to mine 10 new blocks.  

So, if you can obtain from the top mining pools:
- the last few block headers mined H'
- the SPV data (T, M(T), H)

in such a way that the end of H overlaps with H', you know 100% cryptographically for sure that T is part of the actual block chain.


No, what Satoshi refers here to, is that it could in principle be possible that your SPV provider is providing you with a fork of lesser PoW, that is not the main chain.  This is possible in a situation (as Satoshi saw things) where you have a very broad network of mining nodes, and one mining node decided to continue mining on his orphaned fork, and gives you the SPV results of that orphaned fork.  If you are not part of the full network, you might believe that this fork is the actual consensus, because you are not up to date to the actual chain. He might, while he's working on his false prong, include transactions that do not exist and that were never broadcast.

Note, however, that in order to do so, one has nevertheless to waste mining resources to make this false prong, in order to mislead you.

In order for this cheating to work, apart from having to mine the useless prong, he must also be sure that you are not contacting another node that might have the true currenc consensus block chain. In the current bitcoin structure, with much less different mining sources, even the price to make a fork is so large, that this is not a problem.  Miners don't waste time continuing on their fork.

Imagine that your "SPV provider" were a mining node that has somewhat less than 10% of the total hash rate, and is making hence a block two hours or so.  He might, if he wanted to, put this hash rate in a fork, instead of putting it in the consensus chain (I don't see why but OK).  That fork grows slower, but it is a correct chain, and he can give you the SPV elements of that chain.  You may be tricked in believing a recent transaction on his prong, that is not part of the general consensus.

But from the moment that you know the real chain head, this won't work.  And the real chain head is given to you by the major mining pools.  Note that the danger Satoshi pointed out, is also a danger for a full node.  If a full node is kept apart from the rest of the network, and is only fed with a false prong, that full node will be just as gullible as your SPV client.

I never said that SPV was to "keep miners in check". You are completely misunderstanding me.

Fraud proofs are necessary to have a cryptogrpahically secure way to know that a transaction is part of a given blockchain AND that the transaction is valid. Yes, merkle trees ensure that a transaction is part of the blockchain. But nothing currently exist to prove that a transaction is valid without having to have the full transaction history. The only way that a transaction can be fully validated is to know the transactions that it spends from, and then the transactions those spend from, etc.

No, it does not currently work, and it is not how Electrum works at all.

All that Electrum can do is know for certain that a transaction is included in a block. It must trust that the Electrum servers that it has connected to have actually verified the transaction. However if your Electrum wallet were to be connected to malicious Electrum servers, they could serve you invalid transactions which you would not know are invalid. Said transaction can be included as part of a block; the merkle root would be correct and the PoW of the block would be valid. BUT the block would contain an invalid transaction. For full nodes, this block would be entirely invalid and discarded. But we are talking about malicious Electrum servers here. So those malicious servers TELL YOU that the invalid transaction is actually valid, and so you accept it. There is no way for you to prove that the transaction is valid or invalid, Electrum simply does not have the data to fully verify the transaction. But we still have met all of the criteria that you wanted: the transaction is included in the merkle root and the block's PoW is valid. The big thing that you are missing is that the block includes an invalid transaction, and SPV wallets have no way of knowing whether the transaction is valid or not. Fraud proofs are required to prove that all of the transactions in a block are valid, and currently they do not exist nor is there a known way to make such proofs.

Just because a block has a valid PoW does not mean that all transactions in the block are valid. Just because they are included in the merkle root does not mean that all transactions in the block are valid. There is more to a valid block than just the merkle root and the PoW.

---

Edit: It's not worth my time to argue this with you. You clearly don't understand how Bitcoin or SPV wallets work. To my ignore list you go.

Nobody cares whether the transaction is valid, if it is included in the block chain of course !  The hypothesis of having to check whether transactions that are part of the SOLE current collective consensus might be "wrong" somehow, is making the hypothesis that bitcoin is entirely broken and that nobody gives a shit.

It would mean that miners have made a false block, that all other miners agreed to mine on top of that false block and then on top of that other block and so on.  If a false transaction is deeply burried within the block chain, and miners are still mining on it, and no "clean prong" exists that doesn't include that block, then bitcoin is entirely broken.  Because if that can happen, miners can just include ANYTHING.  They can include erroneously signed transactions, they can include transactions of which the sum of the outputs is 500 times the sum of the inputs, they can include a coin base transaction that gives them 2000 BTC, they can include headers that don't correspond to the Merkle tree, they could include a porn movie, anything.

Moreover, there's not even another block chain in this world that is made correctly, because the massive amount of PoW that goes in this butched-up block chain cannot be re-done elsewhere.  If the massive PoW voting power of the bitcoin miners collectively decide to make a butched-up block chain with false transactions in it, that's all there is to bitcoin, there is no clean version any more.

But even then, SPV is still working, in the following way: it is up to the payer to give you (by e-mail/ftp or other form of communication) the full history of his payment: that is, he has to give you the backward tree of all coinbase transactions and all successive transactions up to his payment to you.  That's quite some data, but unless all coins are mixed up with all other coins, still much, much less than the block chain.  For each transaction in this "pedigree", he needs to specify the block and Merkle tree leg.

With simply the block header list, you can verify the exactitude of his e-mail.  You don't even need an SPV server for that.  You can check the mini-block chain of the pedigree, from the coinbase of each origin at the leaves, all the way up to his last transaction to you.  You don't depend on any form of bitcoin network for that, except that you need to know the head of the current header list.  One single hash you need to know from bitcoin's system, and you can verify all the rest by yourself.

Of course, the payer needs to have all his previous transactions that way.  In other words, if you pay someone, you make a new transaction, you have to watch the bitcoin network in one way or another, and catch your transaction once it is included in a block.  From that, you can extract its SPV data (block header, Merkle leg, transaction).  And you don't care any more about the system.  No need for an extended P2P network.  Only the miner pool servers, or some derived servers from that.

It is true that this way, you cannot be sure that there are no double spends included in the block chain.  But this hassle is only necessary if we take it for granted that bitcoin is already entirely broken, and that miners collectively decide to continue to build a totally broken chain... Indeed, imagine that in the same block, the same coin is spent 500 times to different addresses.  Normally, this cannot happen, but our working hypothesis is that miners make false blocks.  So which one of the 500 transactions is the real one ?  Or is this coin dead now ?

Moreover, in what way would a full node be helpful here ?  A full node would have stopped for good when the first false block was mined.  All full nodes would have come to a grinding halt since a long time, because no miner made a correct block.  They wouldn't be able to tell you anything about recent "valid" transactions on a broken block chain.

No, that block header would not be included in the block header list that ends in the last currently published block.  There's no way a malicious electrum server can tell me that a given transaction is in the block chain that ends in the known recent block on which miners are working now.

As I said before, there's no way to make me another block header list than the correct one, that ends in the recent block headers.  I only need to know ONE SINGLE number from the miners: the recent block header hash.  That single hash proves to me that any block header list that ends in that hash, is the actual, right one.  And nobody can lie to me as to any included transaction.  Not even with 90% of all hash rate.  Because there's only ONE SINGLE BLOCK CHAIN that can end in this hash, if the hash function is not broken.

This doesn't even have anything to do with proof of work.  You give me the last header hash, and nobody can lie to me as to anything included in the block chain. Because you cannot lie in a linked list of hashes, you cannot lie in a Merkle tree, and you cannot lie about the hash of a transaction.

Mathematically: even without PoW: if you have two block chains, B and B', build of a chain of headers which contain each the top of a Merkle tree of "data segments", and the top hash of the header list of B is equal to the top hash of the header list of B', then B is identical to B'.

If two tops of header lists are identical, the two lists are identical (up to same length, you could append BEFORE the genesis block, true...).  If the header lists are identical, the roots of the Merkle trees are identical.  And if two Merkle trees are identical, the data segments they hash are identical..

Anonymous Kid wrote:  “Why the fuck did Satoshi implement the 1 MB blocksize limit?”

To mess with your head, you vulgar retard, because he hates you personally.  To let us know who the quality posters aren’t, by inciting the creation of trashy megathreads such as this one; he trolled you!  Most of all, to divide the wheat from the tares in the realm of Bitcoin engineering:  People’s blocksize opinions rapidly expose their true (mis)understanding of scaling issues.  Scaling is always a hard engineering problem; and he wanted for it to be easy to spot those who are innately incapable of ever grasping it.

But mostly just to mess with your head, personally, and laugh at you.

(Giving the answer which the question is worth.  I did not need to read more than the subject line to know that this was a stupid thread, which I studiously ignored until it refused to die.  @#$@)

---

---

WRONG.  Invalid transactions do not exist in the blockchain, because they cause the containing block to be rejected as invalid.

Thus highlighting the flaw in premise underlying this ramble of a disorganized thinker:


Yes, miner could fill a block with the output of /dev/random, if he wanted.  However, he would only waste electricity on his own bill; for “Joes [] running nodes in their basement” (as you like to deride nodes (https://bitcointalk.org/index.php?topic=2852931.msg29464107#msg29464107)) would treat the block as if it were /dev/null.

There is no voting on the Bitcoin network (https://bitcointalk.org/index.php?topic=2852931.msg29499988#msg29499988), not “PoW voting” and not otherwise.  Nodes do not blindly follow the chain with highest POW; rather, they follow the chain which is fully valid and independently validated by each of them and has the highest total POW.


Wrong.  The node will ignore the “false block” as if it had never existed.

Such is the power of nodes.

(Now, how’s that for conciseness (https://bitcointalk.org/index.php?topic=2852931.msg29636571#msg29636571)?)

The problem is that you didn't even understand the logic of the arguments here.

Achow101 argued that a risk of using SPV is that one could be tricked in accepting a transaction that was present in the correct block chain that was at the same time a double spend.  In order for that to be a risk, you have to accept already that there HAS BEEN a double spend somewhere in a past block that is included in the current block chain on which everyone is building.  It means hence, that there was a past block (say, block number 506072) that contains a double spend, and that miners are still happily building on top of that.  Otherwise, the SPV user cannot be tricked in believing such a double spend, because it is not present in the block chain.  So one needs to reason as if that were the case.

Achow101's argument is that if such were the block chain, that my SPV client could be tricked in accepting that double spend as true.  That is correct.  My SPV client could indeed simply be convinced that, as it stands, a given transaction was indeed, in the actual block chain and I wouldn't know that it was a double spend that miners had simply accepted.  

MY argument, like yours BTW, if you could think somewhat logically, is that if ever that were the case, then bitcoin is broken.  It means that already for a week or so, there is an invalid block in the chain, and miners don't mind, exchanges don't mind, nobody minds.

Now, if ever that were true, that is, if miners did include a double spend in block 506072 and continued to mine on top of that, then every full node would come to a full stop at block 506071, because they would reject block 506072 as invalid (containing a double spend).  However, as miners have been mining on top of that invalid block 506072 by hypothesis, and are now at block 507762 or so, there is, nowhere in this world, a successor prong to block 506071 that full nodes would accept.  The only blocks that have been made are 506072,506073.... 507762 and are ALL INVALID according to the full node, and no other blocks have ever been made.  So it comes to a full stop, for good.  Because no "good blocks" 506072, 506073,... have ever been mined.

The difficulty with  this kind of argument for a limited mind is that it contains too difficult a form of argument which is called "reductio ad absurdum".  So it is quite normal for some not to be able to follow.   ;D  https://en.wikipedia.org/wiki/Reductio_ad_absurdum

I claim that SPV is secure.
Achow101 argues that there is a case where it is insecure.

My argument is: if ever your argument were true, then.... (absurdities) ; which you confirm (!).

Hence, Achow101's argument cannot be valid, and hence my claim that SPV is secure, stands.

Nope, you've misconstrued what they've said.  They're saying that SPV users rely on someone to give them a correct copy of the blockchain because SPV clients are not checking the history to validate if what they've received is correct.  The theoretical double spend wouldn't be in the actual blockchain that everyone else can see, it would be in the fraudulent copy being given to the SPV user.  Read what achow101 said again:


You could think you had received some BTC from a transaction, but when you tried to spend it, the rest of the network wouldn't validate it because you didn't actually have the funds, despite the copy of the blockchain you received saying you do have the funds.  SPV users have to rely on honest nodes.

No, that is cryptographically impossible.  You cannot give a "fraudulent copy of the block chain headers" to an SPV user, if that user knows the currently actual block chain headers, in exactly the same way full nodes do.  In as much as full nodes can know the latest few block headers, an SPV user can know them too, and in as much as you can trick an SPV user into believing the last few block headers are different from what is actually mined on right now, you can just as well trick a full node into that.

Moreover, "tricking someone into a false block chain header list" requires you in any case to spend PoW on that block chain header list of the same order of magnitude than the prong you want your SPV victim to believe.  If you do that, you can just as well trick a full node into your prong.


No, as I outlined, that is not possible.  In order to trick me into believing that, you have to provide me with of course the fake transaction, but you also have to provide me with the leg of the Merkle tree that connects its root to the transaction.  That Merkle root is included in the block chain header list I have.

If that header list is ending on the block chain headers that mining pools are currently mining on, then I know that that transaction is a part of the very block chain miners are mining on right now.  That is exactly the same block chain that full nodes have right now also.

Again: if, of two block chains, the leading heads of the header blocks are the same, both the ENTIRE BLOCK CHAINS are identical.

So there's no such thing as a rogue SPV server, IF I can have access to the latest block headers being mined right now.  And even if I cannot have access to the latest blocks being mined (and then, my full node wouldn't get access either), that "rogue SPV server" still has to spend a lot of PoW to make the false prong.  He will have to spend as much PoW grossly as attacking the real chain, and for this attack to succeed, he must also ensure himself to avoid me of learning about the real chain (that may have somewhat more PoW).   A full node is just as "vulnerable" to such an attack.

There is no more a rogue SPV server, than there can be another rogue document server of a document of which I know the hash.  If I know the hash of a given piece of software, then no server can trick me in installing another piece of software.  As the last block header mined is equivalent to a kind of hash of the entire block chain, no-one is going to be able to serve me anything else and make me believe it.  
However, the structure of the block chain makes it possible to "chop up" the document in small pieces: the transactions.  That's exactly why Satoshi did so.

If I can know the latest headers, I cannot be tricked into accepting anything in the block chain that a full node that is accepting these latest headers, wouldn't have accepted either.

The argument that achow101 put forward, was another situation, namely where in the actual chain, there were double spends included.  Indeed, as an SPV node, I can be made aware of an existing transaction in the actual chain, but I cannot know that that actual chain also includes a double spend, while a full node can.  But then, as I said, bitcoin is broken already.


Just to be absolutely clear: in the SPV system, the SPV user has the full block header chain of course, from the genesis block up to the current blocks.
He simply doesn't have the block bodies.  But he has all the headers.

That isn't what he said, and you know it.


dinofelis, your only discernible input on this forum is misrepresenting facts in a (kind of) subtle way. Well, you're also good at avoiding direct debunking of the things you say which aren't true.

You ought really to be banned, as it's too obvious that you're not interested in any kind of constructive debate, and never have been (unfortunately, dinofelis is likely the owner of many accounts that have been created with a suspiciously similar style of debate, only adding to the perception that the owner is very intent on wasting everyone's time on Bitcointalk.org)

I just realized you missed a crucial point of SPV here: the SPV user has the full list of block headers, but not of the block bodies.  As such, for this user to believe the Electrum server, the root of the given Merkle tree needs to be in one of the elements of the full list of block headers, which means it is part of the block chain "up to now".  I explained that earlier:


Here, H is the full list of block headers.

Edit:
see for instance: http://docs.electrum.org/en/latest/spv.html#spv

Sigh.  Go back and read everything.  

SPV clients cannot validate the rules of the network and will hence be able to be tricked into a block with valid PoW but with differing rules from the reference clients. They are hence invalid as per full nodes which validates the full block. (I'm not talking about the merkel root part but the part which you said that nobody cares about the validity of a transaction.)

Since SPV clients blindly follow the chain with the longest valid PoW, it isn't that hard to cheat a SPV client.

No disagreements here.
Your client assumes the chain with the longest PoW as the correct chain. If this happens, isn't your SPV client vulnerable?
A full node is vulnerable to a 51% attack definitely. But isn't your point about a block which violates the protocol rules? If anything, that block isn't valid.

And that begs the question: How do you get the latest headers, with a certainty that it is valid.

:)

That isn't going to be happening, the best strategy with your posts is to skim-read them until one finds the deliberate errors you try to promote as facts

OK, great.


No, it is not a 51% attack.  It is "isolating a full node network-wise, and have him swallow a (correctly mined) side prong of the actual chain".  Then you can make believe that full node that this is the correct chain - and it is A correct chain - but it is not the current consensus "out there".

However, in order to pull that feat, you have:
1) to isolate your victim network-wise
2) still to make that side prong with all the PoW that goes into it

which makes this attack highly improbable.


The same way a full node does.  In order to provide me, SPV user, with a "false prong of block chain headers" you have to do exactly as I previously indicated:
1) isolate me network-wise so that I cannot talk to the majority miners
2) still you'd have to MAKE that false chain of headers with all the PoW that goes into it.

The ONLY difference between me, SPV client, and a full node, is that I'm not going to download the block bodies, and check the block body validity.  I take it that if miners are willing to spend a lot of PoW building on top of such blocks, that they've verified them, or that bitcoin is, as I said, broken, because the actual consensus block chain out there contains, deep down, false blocks, and miners still continue to put MAJORITY HASH RATE on top of it.

If there's a block, 6 or more blocks deep, and with majority hash rate (in fact, with no other prong around) still mining on top of it, I take it that that block is correct, or that bitcoin is broken.  In order for me to know that, I simply have to find 6 block headers on top of the block I'm considering, and I know that that hash rate has been spent on it.  If ever that block were false, it would be utmost amazing that miners are putting full hash rate on it, and are NOT mining on the "correct" side prong.

If a rogue SPV server cannot succeed in  isolating me from the network, then in order to trick me, he has to pull a full 51% attack to convince me to take his, majority POW prong, over the "real" one.  But in as much as he can pull that, he could actually attack the real block chain just as well.  And in as much as he's pulling that on top of a false block, why wouldn't he attack the real chain ?

This is why I enacted a policy of not arguing with him.  I directly debunk a few pieces of his worst misinformation for the benefit of others who may not know.  Then, I try to redirect the thread to its proper course—or just hurl around insults, if (as this thread) it has no proper course.

---

achow101 has more knowledge of Bitcoin in his toenail clippings than you do in your head.  The only thing he missed was a crucial point about that old aphorism against wrestling with pigs (you get muddy, and the pig enjoys it).  Show some respect, you blockhead.

---

The best strategy is to skim for the select pieces of deliberate misinformation which are most likely to mislead newbies and learners.  That plus the anti-nodes agenda, and the parts who demonstrate craziness in the sense of severe mental defect.

That would be a good thing to do.  You do not contribute anything useful in this technical discussion, which is about the security of the SPV protocol,  which in itself is a crucial element in the scalability of block chain systems, and which is related to the subject of this thread.

Your few interactions were not of any utility in the advancement of the subject, and essentially ad hominem.

As it stands, the SPV protocol is a cryptographically secure way to know whether a transaction is part of the actual consensus block chain with a very light network overhead.  The counter arguments given by achow101 and by a few others necessitates that the current bitcoin block chain contains deep down, double spends, or necessitates an attack that would also trick a full node, and that in any case, would require a huge PoW effort on the part of the attacker.

Ooh, you cribbed some Latin words from the Interwebs!  Fancy!  Too bad you know nothing of logic or rhetoric.

Like “appeal to authority”, argumentum ad hominem is only an informal fallacy; unlike formal fallacies, there are situations in which these are not fallacious at all.  For example, whereas you have repeatedly shown yourself to be willfully ignorant and ineducable, it is not a fallacy to point out that achow101 is an expert (he is) and you are a doofus (you are).  He is right.  You are wrong.  Quod erat demonstrandum.

That’s not the most rigorous proof I’ve ever made, but it’s more than you deserve.  So, get lost.

Appeal to authority over a cryptographic reasoning in a trustless system  ;D

Do you have any technically and cryptographically sound arguments that may contribute anything to the discussion too ?  Up to now, you sound somewhat like the cardinals telling Galileo that he could get lost (or could get burned) because the authority, Aristotle, said that the earth didn't turn and the Pope too said that he was wrong.  That's not how science, or any rational reasoning, is done.

Do you have an argument against my essentially mathematical demonstration that the SPV system can only be fooled in those circumstances where:
1) a full node would be fooled too
or
2) the currently ongoing block chain with the highest PoW contains blocks that are false, ie. contain double spendings, but a large majority of miners nevertheless continues to build upon it ?

I indicated where achow101's answer went wrong, namely that the SPV has the block header chain, just as well as a full node has it.  He somehow thought that the SPV protocol consisted in just giving one correctly mined block independent of the block header list.  But that's not correct.  Even an SPV client gets all block HEADERS.  If one would only mine one stand alone block, yes that wouldn't be cryptographically secure, and that's essentially what achow101 tells me.  But that's not SPV.

The only thing that an SPV node doesn't do, and a full node does, is to see whether the block bodies are correct.  Miners are supposed to do that. But an SPV node cannot be tricked in believing a correctly mined block is part of the chain while it isn't, because it wouldn't fit with the header list.  
So only two possibilities remain:
1) the header list I obtained is wrong to trick me
or
2) the block is wrong (contains a double spend)

Well, if it is 1), a full  node is just as vulnerable ; and this attack is hugely expensive in PoW.
If it is 2) it means that the chain with most PoW has been mining on top of a false block since quite a while.

Hence my statement is proven.  

Are you the one they send in to abuse people and if they answer back they get banned because many of you're posts seem to be picking a fight with people not
quite seeing things your way.


I wonder why you have not been banned or are you in with the owners ?

Gentlemen!  >:(

This is not a forum to through with mud. This behavior shows a certain level of infancy. Please respect each other. There are enough trolls in the Reddit’s, but we shouldn‘t come down to the same level here.

I fully understand that this is tough times for bitcoin and I see, that some people are really disappointed.
This doesn‘t give anyone the right to start insulting others...

There are those here in the forum, who have a high level of reputation AND KNOWLEDGE, and those who are challenging the actual view. Yes, why not? It now became a religious fight about who is wrong, and who is right. Does this make sense?

Those who got it, have left, those who are touched by the provocation are reacting angry, and only support the continuation of the nonsense.

I want to reply with Aretha:
Think !
(Before you reply)

Definitely agreeing with you here RNC, these guys are the aggressive ones... I feel like we're all reading a different conversation, or there is some joke I'm just not getting?

I read this entire discussion, followed the links and sources cited by everyone, did more research on my own to understand the conversation a little better as it's quite meaningful.

All I see is these guys bashing on dinofelis when he/she is the only one keeping their cool, while engaging in discussion, rebuking their points, and them occasionally rebuking his, but after they do, and he replies to their point with more validation, they seem to disappear or get defensive/aggressive and bark about something different.

So, yeah, you all raised different points of which I can't comprehend all of it, but, for the most part, I learned a lot from this discussion, and seeing the negativity towards dinofelis seems pretty unfounded and unfair and completely pointless to the discussion.

As an outsider, learning about this more technical stuff, he/she is the only one that doesn't seem like an asshole. If he/she is wrong, just cite your sources and outsiders like me will side with you, not  your shitty aggressiveness.

Can any other experts please weigh in, as dino has been carrying this thread with good and meaningful discussion, not only on the technology front but the whole different perspectives/philosophies surrounding BTC.

Spurred by a good question from Anyonmous_kid that just sent me down the rabbit hole for 2 hours of reading/researching.

Now please, thank each other for allowing less technically inclined people like me to view/understand a more nuanced technology, still in it's infancy, so that we plebs can better conceptualize/visualize the whole eco-system surrounding block-chain technology/btc. 

Anyway, I literally created this account to say this because I feel that this forum is very useful and much better than reddit, and then I see assholes on here that have "legendary" status that just get away with shit-talking others but not getting modded or actually providing empirical evidence, or any research/sources other than hearsay to refute, what feels like a good discussion.

Bah, whatever, thank you, stop being mean, I really enjoy the discussion and the debate is good for us plebs, make us feel better knowing even you smarter folk have varying perspectives on this whole crypto-movement thing, just drop the attitude, it's quite pathetic and makes things confusing for us less-technically inclined people trying to decipher fact from anecdotal points of view.

This thread has devolved into a lot of trolling, mudslinging, and flaming. Thus it shall be locked.