This isn't clear at all. Is the ciphertext known only to the file owner? If so, does this mean that only the owner can verify? And even if everyone can verify, again - what incentive do they have to do this? I don't want a system where the owner needs to continuously operate a node to keep everyone honest. He should be able to upload, pay for storage for X period with Y redundancy, forget about it, let the system keep itself in check, and connect at a later time to download the file as needed. Is that really not a challenge?
Sorry if I wasn't clear. Only a verify-cap can verify - neither being the files "owner" nor possessing the ciphertext is sufficient. The original uploader (or, "owner") has a verify-cap if she decides to keep it, and anyone she shares it with also has it. But you're right that the only users with incentive to verify a file are those that care about its integrity, Tahoe-LAFS isn't designed to "keep itself in check". If it was, you'd have to rely on some subset of the storage servers for integrity. If I understand this correctly, it's worse than I thought. Let's say I'm the original uploader. I'm keeping the verify-cap (and may or may not keep the file), and at some later time I want to verify that node A is storing the file as he's supposed to. Do I need A to send the entire file to me? Bandwidth is expensive, and this means each verification is expensive. So I can't do it very often, let's be generous and say once a month. So I upload the file to A and pay him. He chooses not to store it, and one month later he fails the verification. What penalty does he have? What recourse do I have? If I pay after the fact, what makes sure I pay? Since it's to a large extent about redundancy, I can choose to pay only in the contingency that I require the download. Also, what stops A from not storing the file, but rather redownload it from another node on each verification? If downloading each time is cheaper than storing it, A can cut costs and I lose the redundancy I paid for. If it's expensive, it also means I pay for the verification more than for the storage. For the system to make any sense at all verification needs to be cheap. I was thinking some sort of probabilistic test where I quiz on X random bits, if I have a copy that's cheap, and the probability to pass the test without the file (or at least so large a portion of it that he may as well keep the whole thing) is slim. Then I can do verifications more rapidly which limit the room for manipulations. But unless there's some fancy cryptographic way to conduct the test without the entire copy, it still means I need to rely on other nodes to verify each other, and they also need to be incentivized to do that. And there needs to be some sort of conflict resolution (based on a probabilistic model) for times that I'm not around (even if I normally operate a trusted node, it could be down for maintenance or something). I'll say again - a volunteer platform is entirely different than a monetized platform. When money is involved people will do everything they can to manipulate the system, steal and obtain pay for no work done. There needs to be a system resistant to manipulations, and I'm still not at all convinced Tahoe-LAFS is at that level. |
|
|
|
Spam, for a lot of people, is a solved problem at this point. The stats from Gmail users look very good and are stable over long periods. The last time I got a spam to my personal account it was from the hacked account of somebody I knew, and it was still classified correctly.
The general trend towards messaging on social networks like Facebook instead of email just solidifies this state of affairs.
I'm all for improving spam filtering for non-big-3 users. I think it has a lot more to do with making a better SpamAssassin rather than trying to get people to change how they send mail. The two types of project aren't really related.
I'm happy for you, but I get spam to my Gmail accounts. |
|
|
|
I suppose the verifying node will itself need a copy of the file (or the part of the file it's verifying)? Then either the owner of the file will need his own node to store the files and verify (which somewhat defeats the purpose), or he will need to rely on other nodes to quiz each other. What incentive do they have for this, and in case of a conflict, who should be believed? What are the penalties for failure to verify?
The verifying node only needs a secure hash of the original (shares+ciphertext) for a file - a verify-cap is exactly this. To actually verify that whatever the other nodes are storing matches the original, all shares must be downloaded, hashed and the result compared with the verify-cap. There's no need for the sort of majority consensus protocol that I think you're suggesting. This isn't clear at all. Is the ciphertext known only to the file owner? If so, does this mean that only the owner can verify? And even if everyone can verify, again - what incentive do they have to do this? I don't want a system where the owner needs to continuously operate a node to keep everyone honest. He should be able to upload, pay for storage for X period with Y redundancy, forget about it, let the system keep itself in check, and connect at a later time to download the file as needed. Is that really not a challenge? |
|
|
|
it would only unblock incoming mail instead of rejecting stuff that didn't use it.
These are two sides of the same coin, surely? If you have an overly aggressive spam filter that regularly has false positives and you want to use Bitcoins/PoW as a whitelisting signal, it boils down to the same thing as rejecting mail that doesn't provide those PoWs. In practice there will still be FPs that don't provide Bitcoins, so you still have to review the contents of your spam folder, therefore you gain nothing. Not "overly aggressive". Slightly more aggressive than it could otherwise be. It is a general rule of machine learning that if you have another feature whose information content outweighs the added model complexity, you can improve your precision and recall. This may be less relevant if spam filters generally deal with black-or-white situations. The system will only be relevant for unsolicited mail from someone that isn't whitelisted. Ideally, wherever the sender got your email address from, he can also see a note "this receiver uses Mailcoin" (complete with links to easy-to-use instructions for the uninitiated). If the message is important, and he sends it once without getting a reply (or with an indication that the message was spam-filtered), he can try sending again with payment. This can significantly increase how aggressive the spam filter can afford to be without missing out on anything. You speak of spam as if it's a solved problem. I get spam, I get legitimate mail into my spam folder, and I have some of my own messages classified as spam. The problem is real, and I believe this can go a long way towards fixing it. |
|
|
|
I don't know much about Tahoe-LAFS, but if there's no built-in incentive to provide storage, I'm guessing there's also no built in verification that you're actually storing what you say you are.
In Tahoe-LAFS there's a verify-capability associated with each file that lets you do an integrity check over the ciphertext and erasure coded shares for that file. A server can only lie about storing a file until another node attempts to verify it, and this can easily be scheduled to happen periodically. I suppose the verifying node will itself need a copy of the file (or the part of the file it's verifying)? Then either the owner of the file will need his own node to store the files and verify (which somewhat defeats the purpose), or he will need to rely on other nodes to quiz each other. What incentive do they have for this, and in case of a conflict, who should be believed? What are the penalties for failure to verify? Maybe there are already solutions for all of this, and if so it's great. But again, a fully monetized platform is a league of its own in the requirements for a comprehensive verification protocol. As I understand Tahoe-LAFS is not currently a fully monetized platform, so I have my doubts that such a verification protocol has been developed. |
|
|
|
I will have a period of unavailability between Apr 12 around 14:00 UTC to Apr 14 around 18:00 UTC. Because of this, it is likely that the coupon payment for block 175391 will be delayed. Looking forward to the prediction market, I went ahead and created a bet on betsofbitco.in for a block difficulty ( http://betsofbitco.in/item?id=333 as soon as it is approved) in may - but a more automated way of doing these kinds of bets is really needed and would be an easy way to get money in. Automation is not the problem with betsofbitcoin, it's that it's not a market, it just distributes funds in an arbitrary way. Even someone who knows exactly the probability of an event when the market doesn't can't reliably make a bet with a positive expectation. About "only 1 block per week": that's why I suggested Eligius + P2Pool, as these pools pay out via coinbase transactions, so you could even prove that you own a single GH/s quite well, as these pools solve blocks much faster.
I'm not going anywhere near Eligius, I'll think about P2Pool. |
|
|
|
Since it takes 1 year+ to make profits on such bonds as you (and others) sell them, there is still a lot of room for frauds, I guess we can agree on that at least. Also, your bond already pays out quite often and has a longer averaging time for buybacks than other bonds which (as you correctly said) makes it harder for you to IPO and run. Still it can be run like a ponzi scheme, if you add "new machines" every 2-3 months you can run this bond for quite some time and even let early adopters go into the profit zone until everything breaks down. If you still live at the same place 2 years later and are still known under the same name?! Who knows?  Sure. But for the current purpose I would like to know in what way can blockchain verification make less room for fraud. Everything won't "break down" without malicious intent on my part, and if I had such intention I could exercise it even with a demonstration of hashing power. I can understand that it can show that I have less incentive to run, but this doesn't seem like a strong enough case to me. I'm a very sceptical person and most likely there is everything fine and in order with all of the "mining bonds" that are currently popping up - but I'll just like to remind that for example other mining operations like SIN also started out with a "invest ~1 BTC now and in 1 year you'll break even and we'll all be RICH BABY!" and it went downhill after some difficulty increases. Especially with Vladimir's planned ASIC farm, mining botnets/mystery miners, the reward split and potential other ASICs/more FPGAs on the horizon betting now that the hashrate will stagnate is a ballsy move for any investor...
A difficulty increase would be beneficial to a hypothetical naked issuer and make it easier for him to fulfill his obligations. It would of course be detrimental to investors. It's no secret that there is a very real risk that such a bond will not pay out as well as hoped. I want potential investors to have the power to decide for themselves how good is the bond for them. I also have put a lot of thought and effort into issuing this and there are many risks involved, and would like to profit from it. If there's demand, I'll offer at a higher price than what I would have been willing to pay myself. The "bets" mentioned above could be done for example like this btw.:
"I am certain that mining for the next 15 000 blocks with 10 MH/s will yield less than 5 Bitcents - there is a certain chance however (if the network grows slower/shrinks) that this does yield more than 5 Bitcents. I create MININGBET.10MHIN15KBLKS and pay out pure PPS of the next 15k blocks after the current block (#123456). These shares get sold for 5 bitcents each. If I have to pay out less than 5 bitcents per share during the runtime, I win - if not, they win." (numbers are completely guessed and probably off by magnitudes!)
We're going to have a Bitcoin prediction market, either in GLBSE or elsewhere, with all kinds of bets on difficulty, block timestamps and so on (a prediction market on the time of block 210000 would be cool). I planned to experiment with making a prediction asset on top of the current GLBSE platform, but was talked out of it. But none of these has the same purity and alignment with real-world conditions as a perpetual asset tied to a given hashrate, which I believe will be the main form in which mining-related speculation and hedging will be done. |
|
|
|
Not sure if should be saying this, but I am making more money using PPS then the DGS method. (I just added a couple more 5830s to my mix, so my numbers will be slightly off.)I estimated I make about 30,000 shares in 24 hours. So that's about 0.85 BTC a day. I was only making 0.1 per block using DGS. So unless we mine 8+ blocks a day, I will be making a tiny bit more with PPS. I figure if a block takes any longer then 3-4 hours, it's not worth it. And since it's hardly under 3 hours, and most of the time over 3 hours, I can make more using PPS. Which I have. Assuming everyone does this, I'd imagine you (Inaba) will be losing out on money rather then cutting even. Which is strange, because other pools seem to be able to pay at the same rate per share, and sometimes even more. I'm not really sure what to make of this observation, but just something I've noticed over the past week. So unless we hit lucky streaks of less then 3 hours per block, I think users will be making more using PPS. Maybe it varies depending on what you hash rate is... I don't know...  It is impossible for PPS payout with a fee to make more than DGM without a fee on average. If you've recently added new hardware, it means your score hasn't built up yet, so your payment is deferred. If you're 1.5 GH/s and the pool is 413 GH/s, you're really making 0.18 BTC per block, but the 0.08 BTC is delayed a bit. EDIT: There is always the possibility of an implementation bug that will cause a change in the paid values. I thought about saying this before, but it seemed pretty banal. In light of Inaba's following comment (and the earlier comment I didn't read), I guess I should have. But if your stated PPS payments are calculated rather than observed, the above is the correct explanation after all. |
|
|
|
I thought number 2 would be of interest because knowing that for example one can expect 300 rounds out of the first 1000 to have a negative buffer of 10 rounds or worse, a miner might not decide to mine at an SMPPS pool, since for 30% of the time the average maturity time will be of the order of the amount of time it takes to solve ten blocks or longer.
I guess. Still doesn't seem like a very intuitive quantity to look at. If I haven't made a wrong assumption there in 2, it also occurs to me that there will be an expected and non-zero maturity time, since an increasing positive buffer doesn't reduce the maturity time as an increasing negative buffer increases it.
Right, the maturity time for future rounds is nonnegative and can be positive, so it has a positive expectation. And that - the average maturity time over the next N rounds - may be of interest to some people. For an optimal miner it is inconsequential, because he can just leave when the buffer is low. But for a miner that wants to sign up for an extended period of time, it is a useful quantity that can be compared to the maturity time of other pools. The pmf of this average can fairly easily be simulated, and is more useful than the current graphs and IMO can replace them (as long as it is very clear what they represent). I can't think of a closed form for the pmf, but maybe it can be approximated by modeling it as Brownian motion. |
|
|
|
It is VERY easy to let such a contract/bond run like a Ponzi scheme (selling bonds for a high price, pay the payouts from the IPO initially and after half a year or so "disappear", have "hardware errors", "a medical condition" or more or less anything else that could make people panic-sell. After 15 days pay 105% of the lower-than-IPO price + keep the remaining BTC.
It takes far more than 1 year until something like the above becomes unprofitable for you as the issuer...
I'm quoting something you wrote in another thread, because I still have a hard time grasping your suggested failure mode. If I'm going to lie, cheat and steal, I can do this even if I proved that I control the hashrate. If I "disappear" then I've already failed the contract. If I have hardware errors I will still pay on schedule. If I have a medical condition my family will pick up the handling of the bond. If I do anything that indicates I'm going to call the bond, if anything it will create a panic buy since this increases its value. If I somehow do manage to create a panic sell, I'll need the panic to continue during the month it takes to affect the call price. During which there are 13 coupons payments. If I pay them then I don't see why people would continue panicking, if not then I may as well not pay the calling price at all. Anything I would do along the lines you suggest would be a massive hit on my reputation. And again, I can do this even if I provably have the hardware. tl; dr: If you trust that I will fulfill the contract, you should believe me when I say I have hardware, or at least trust that I will not pull any blatant dirty tricks. All that said, I think that with the first batch of hardware I'll average about 1 block per week. This means that it will take months to demonstrate a given hashrate with any accuracy, during which my mining is suboptimal. Also, since I don't personally have physical access to the hardware, it may be harder to supply the desired proof. I can see what I can do, if I can be made to understand what good that will do, or at least see there is sufficient demand for this that understanding is not required. PS The first batch of hardware hasn't arrived yet, but it should happen really soon. |
|
|
|
It should also be possible to tie the mailcoins to a specific sender (decided when the bitcoins are destroyed to generate the mailcoins), so they will have no trade value and the spammer can't gain anything by directly stealing them.
Except the ability to send spam. Yes, that's what I said, if he compromises the mail account and the coins he can send spam (less than with a payless system), but he can't steal the coins, which are useless for anything except sending mail from this account. If they get access to the bitcoins and take them, it means the payment system just made things worse. Why? 1 victim is better than 2 victims. Stolen rescources is better than stolen resources + spam. And if it were my account or computer that was hacked I would prefer if the hacker only got away with a miniscule amount of bitcoins, rather than using my computer/account to spam others. The payment per mail should be less than the value of a legitimate mail, but more than the compute resources required to send mail, and more than the value of a spam mail. This means that if users keep enough coins in their account to comfortably suffice for day-to-day mail usage, hackers suddenly have a greater incentive to compromise accounts. Or not, depending on the numbers. I guess maybe it can work with direct bitcoin payments after all. |
|
|
|
Currently, cost per txn is about US$4-5.
That's the amortized cost. I hope nobody mistakes that for the marginal cost (which is close to 0). |
|
|
|
Thanks for chiming in, Meni. If you see anything wrong with my reasoning/math here (or zvs'), please let me know.
Settings were changed from f=-0.125, c=0.1, o=0.8 in round 86 to f=-0.17647, c=0.15, o=0.85 in the rounds zvs is referring to.
If DGM is implemented as described in the forum or in AoBPMRS, it requires score rescaling if the average fee is changed. If no rescaling is done, it means that people who mine shortly before the change will get on average less than a 1.25% bonus, rather than 1.25% as they were promised. This has no effect on people who mine after the change. I don't think that has any relation with zvs's observations, though. Another effect, which is normal, is that changing the timescale means that miners have a new equilibrium score, which takes some time to build up to. This can cause a reduction in immediate payments, which is compensated by a higher later payment. Edit: On second thought, this effect doesn't happen on the global level. It happens per miner when the overall hashrate changes. But from a casual examination, it looks like what zvs refers to as "messed up payments" is not related at all to the parameter change. The total reward of a block depends on the luck of several previous blocks. (This is the result of cashing out previous score, it has no affect on the profitability of mining new shares). It's possible that there were a few lucky rounds before block 87, causing a reduced total payout which slowly builds up back to the equilibrium. |
|
|
|
Maybe this makes clear what I'm recording in the simulation (if not the why to which I'll give some more thought).
The what has been clear for some time. As for the why - you only need to provide a clear, verbal, unambiguous description of what you are trying to find. In the second part that is fairly clear and as far as I can tell you have a simulation that serves the purpose (you get the cmf of M, from which you can obtain the pmf if you want). In the first part it looks like you just took a bunch of numbers and mashed them together for no reason. The solution as far as I can see is to just remove the first part. EDIT: It's actually easy to give a verbal description of the first graphs. The one with the cusp is a graph of "the average % of rounds that end with a balance of exactly X", and the accumulated area under it is "the average % of rounds that end with a balance of at most X". (eg, if there are 1000 rounds and 300 of them end with a balance less than -1000 BTC, the value of the variable will be 0.3 - and the graph lists the average of this over all instantiations). Note that as described these are not a pmf and cmf, though they can be looked at as the pmf of cmf of the mixture variable earlier discussed. And again, what you're looking for is not the average % of rounds that end with at most X, but rather the probability that at least one round ends with at most X. I've noticed that for larger probabilities the simulation always diverges slightly from the limit theorem result. If you repeated the simulation with fewer rounds or for a less probable -50, the simulation results will agree with the limit theorem error function much more closely. Cool, huh?
If I had to take a wild guess, I'd say it's because the tail of the exponential distribution (corresponding to bad luck) is more similar to normal than the head. If that's true, your observation will be different if you take the negative of each shifted geometric variable (so effectively, instead of looking at hitting a low value, you're looking at the probability to hit a high value). |
|
|
|
OR will there still be rewards for hasing? Such as the transaction fees being distributed?
Yes, miners receive transaction fees in addition to the new coins being minted. As cunicula points out, there are doubts that transaction fees alone will be enough in the current system. |
|
|
|
Depending on how this is implemented, it may not be the case that being able to compromise an email account will also mean having access to the bitcoins used to pay for messages. So this may make it much harder for spammers to steal the resources required to send messages. Even if they do get access to the bitcoins, why should they mail them to others rather than themself? If they get access to the bitcoins and take them, it means the payment system just made things worse. Maybe this can be more robust if we give up on the idea that anyone should receive the coins. For example, there could be an alt "Mailcoin" which has a built in mechanism to convert bitcoins -> mailcoins, and the mailcoins need to be destroyed to send mails. It should also be possible to tie the mailcoins to a specific sender (decided when the bitcoins are destroyed to generate the mailcoins), so they will have no trade value and the spammer can't gain anything by directly stealing them. |
|
|
|
We can always add the option to short shares, and offer your own shares to be lent out for shorting, and get a small payment.
If you are going to implement the shorting of shares on the exchange, please allow asset issuers enough time to raise funds in order to combat short attacks by traders looking to profit from crashing assets. Any asset without a healthy amount of buy orders would be open to an immediate plunge in value by manipulators looking to make a quick Bitcoin. I would also like to see high fees on open shorts (at least in the beginning, of something like 0.5% per 24 hours) to encourage shorts to cover their positions at some point & balance the market. In addition to that, I would like to see a limit on the short % of an asset's floating shares and healthy margin requirements. *Being an asset issuer, my opinion is obviously biased. My goal is to protect shareholders on the GLBSE and lend my opinion to be taken into consideration in molding the exchange for everyone's benefit. Please do not attack me for this.Being an asset issuer, I look forward for the day short selling on GLBSE is possible and easy. The possibility to short is a large part of my long-term vision for this asset. I certainly won't be adding this functionality this week. Maybe next week but no guarantee.
What I was actually thinking is users who have shares would be allowed to lend them out for shorting, and they would be able to specify the rate they want to charge for this service. People who want to short would then be able to take their pick from whats available.
What you think?
I don't like this at all. Not because there's anything wrong with it, but because you have much better things to do, and because whatever you can do along these lines will not have the same flexibility as direct negotiations between lenders and borrowers. Just make it possible to buy and sell on margin (and as great as that would be, I don't expect it to happen next week, or next month). It would be a fee, % of the average (over 5 days) trade price of an asset.
Fees should apply only to transfers between users, not between accounts of the same user. |
|
|
|
It is a joke. And old, old, old joke. You were supposed to laugh.
Oh, I get it. I get jokes  The problem with spam, as pointed out by others before me, is that spammers are already not paying the cost of sending mail. What makes you think they will start paying for it when you make it more expensive? Why wouldn't they just keep using stolen resources like they do now?
Depending on how this is implemented, it may not be the case that being able to compromise an email account will also mean having access to the bitcoins used to pay for messages. So this may make it much harder for spammers to steal the resources required to send messages. * Who should get the money from emails anyways? The recipient? The mail hoster (gmail, hotmail, your own mailserver...)?
* How do you attach 1 Bitcent to an email if you don't know a payout address beforehand?
* How do you know a mail was properly paid for if you only get a transaction of 1 Bitcent from a Bitcoin address and 2 mails at the same time from different senders, both claiming to be from this payment? Do you then require to have a signed message in the header of the mail or so from the sending address?
* The recipient. * There will be some sort of DNS system that resolves email addresses to Bitcoin addresses. This will be handled automatically by the mail client. * The transaction will embed a hash of the message. |
|
|
|
It looks like https://www.coindl.com/ beat you to it. There are/were other similar services but CoinDL seems to be the best so far. |
|
|
|
@organ: I don't really speak R, but as far as I can see, your simulation matches the mean pmf because you simulated the mixture variable I talked about rather than your target quantity. That's also evident in your verbal description of the simulation. But I think I finally understand the source of your confusion.
The variable we are interested in is M="the minimum balance over the next n rounds". Its cmf at point X is the probability that the minimum is at most X, which means that the balance reaches X or lower at some point. So once we find the pmf of M, we can calculate the chance of hitting any X by the area under the curve. "the minimum balance over the next n rounds" is what I derived in the second part of the section using Erdos and Kac's probability limit theorem I. What I wanted to do as a first step was find the probability of any given balance or less before n rounds (after finding the area under the density curve), so that after the second derivation I could compare it to the probability of a given minimum occurring. Is this the mixture variable? You should probably think about it some more. "Reaching a balance of X or less at any point" is equivalent to "the minimum balance is at most X", which is the cmf of M. If you find the pmf of M, you can use it to find the cmf. In any case I'm talking about balance rather than debt, but that's only a matter of flipping the sign. where I've made the share-debit a (non intuitively) positive number. I'm subtracting 1/p (or D) each round. What did you mean by the +1 or +1/n? I think there's a step I'm missing.
It's just the tallying of the empirical pmf. If I wanted to simulate the probabilities of the results 1-6 on a die roll, I'd have variables num1,... , num6, and I'd add +1 to num1 whenever I roll the die and get a 1. Likewise, you need to tally the number of times each value of M appears. Unless you have a different approach to this? Using the probability limits theorem, I find the probability of going below -1000 BTC in 1000 rounds as 52.71%, and not until 1000 BTC at 1050 rounds did it reach 50.66%. Do you think this an acceptable variation given the different methods used, or a problem for me?
It's within reason, the model solved with this recursion is not very accurate (and I'm guessing the application of the general theorem also has some error). Maybe a better estimation can be found with a simulation after all, with 100000 iterations of 1000 rounds I get about 50.8% chance of going below -1000 BTC. My code for this is: M[] := Min[Accumulate[1 - RandomReal[ExponentialDistribution[1], {1000}]]];
N[Mean[Table[If[M[] <= -20, 1, 0], {1000000}]]]
|
|
|
|
|
Show Posts
