In fact, the use as a currency (and ONLY as a currency) has amazingly little effect on market cap.  Bitcoin is WAY WAY WAY too high to be driven by "currency demand".
When using Fisher's formula, you essentially have that the market cap of a currency equals the yearly value transacted as currency (the size of its market), divided by the number of times a currency unit changed hands during a year as a currency.

For instance, if on average, a currency unit is kept 2 weeks between obtaining it (in a trade) and spending it (in another trade: pure currency use, no hodling, no speculation, just an intermediate good between the first and the second trade), then this is a factor of 24.

So if the market cap of that currency is, say 100 million $, then it supported a 2.4 billion dollar per year market.

If the trades are much faster, say, 1 day between obtaining the currency (say, on an exchange against fiat) and buying something with it on DM, then this factor rises to 365.  That means that with a 100 million $ market cap of the currency, you can handle a 36.5 billion dollar per year market.

In the extreme limit, if you think of bitcoin and you wait only 6 blocks between getting it, and spending it, that amounts to 1 hour of "keeping the coin", then our factor in Fisher's formula becomes 8760.  A currency market cap of 100 million $ can then sustain a market of 876 billion dollars a year.   That is more than the GDP of some of the smaller European countries.

So depending on the "hold time" of a currency, you do not need huge market caps to sustain a large market.

In principle, with bitcoin's market cap, you could sustain a 87 trillion $ market, which is of the order of the world GDP.... except that bitcoin can't because of the block size limit.

Brilliant 

Monero is an experiment in anonymity transactions.  It is part of monero culture to have regular hard forks.  So monero is not a true "block chain" yet, but tries out anon technology.  As a currency, that's more than good enough, because currencies have only to keep value relatively short term.  
The nice thing about monero evolution is that it are hard forks, so if you want to, you can always keep the old chain alive if you want to.
But yes, if one day, the monero team decided to quit, at that point, monero would become a genuine block chain with an immutable protocol.  For the moment, I guess that improving anon tech is more important than immutability in the long run.  This is also why I wouldn't like the market cap of monero to go too high, and the recent rise can be problematic.  Hopefully, monero's market cap goes down somewhat, for it not to interfere with the development and evolution.
On the other hand, in order to really be used as a currency, it needs to have SOME appreciable market cap, in order to support sufficient transactions of value.
Crypto has to be tested real-world.  Hopefully the FBI tries to crack it.  If it survives, that's good news for crypto.  If it breaks, better find out now and mitigate (or give up).

If anon coins depend on fiat gateways, then by definition they are not mainstream, because then fiat is mainstream.  That said, anon coins don't have to go "mainstream", but just big enough to be useful as a currency.

However, if anything, probably a right approach would be: fiat -> bitcoin.  Once you are in the crypto sphere, even with a transparent ledger, many more things are possible, such as distributed exchanges.  True distributed anonymous exchanges for fiat are not possible, because or you have to have physical contact with cash, or you have to have some bank account.  In both cases, it cannot be "distributed - anonymous".  But one could think of distributed smart contracts on networks like Tor where there is no anonymity rupture exchanging coins of different nature.  One could even do it on top of ethereum although ethereum is much too transparent as such ; I'm more thinking of something like Hawk. (the "monero" version, or better, the zcash version of ethereum).  So after fiat -> bitcoin, we can have bitcoin --(hawk)--> monero.

But it won't be bitcoin, nor monero of course.  It will be something newer, invented the next century.

So once, if ever, bitcoin-like transparent coins are "mainstream", one can easily go the anon side.

The point is that a specific block (and probably a specific transaction) caused such a significant memory leak that the software crashed.  Normal memory leaks do, as your quote says, but that would never get any "coherent effect" because nodes are started up with random times, and hence the crashing rate would be constant and small.  The simultaneous crashing by memory leaks on a specific block actually means something totally different: an exploit.  Mostly, probably, a kind of buffer overflow, the base of 95% of all exploits.
It means that special transactions can blow up your node... or maybe totally other things.  That means the code contains at least one buffer overflow or similar error, and hence most probably MANY.  This is no surprise, as the execution of the complex code means that your node is a small OS in a certain way.  Much, much more complicated to manage exploitless than bitcoin-like nodes.

This is the signature of ethereum: security was an afterthought, and the system they set up is just too complex.

Ethereum is a hacker's paradise.

I don't see the point of a hypothetical question, when reality just proved it.  A coin with ETH's market cap DID experience this. 
Your question is akin to "should the moon undergo earth's gravity ?" .

Or maybe you meant something else ?

Well, I find that the purest form of immutability, honestly.  The code is there, once and for all, implementing the white paper protocol.  One can of course always implement bug corrections, and efficiency improvements, but ideally, once the protocol is correctly implemented, that should be it, and there shouldn't be any "dev team" hanging around, having some moral high ground to break immutability by "improving" the protocol (and hence change it).

I would say that the only thing that is of any importance here, is multisig.  All the rest is not a coin's business.  The coin = the block chain protocol.  Whether you can chat, have graphical interfaces, an Apple implementation, commercial applications, network technology etc... ON TOP or NEXT to it is not the coin's business, and has nothing to do with the soundness of the protocol.

What matters for a coin is the protocol, and its privacy and economic consequences.  Can it be asic mined, can one track a succession of transactions on the block chain, are there ways to do more than simple transactions (multisig for instance), smart contracts, are there hard limits like block size, what is the coin emission model, ...

But chatting, networking, and other fancy stuff can always be done *independently* of the basic coin protocol.  So it doesn't matter.

But multisig is essential.

The argument is this one: a successful "attack" in crypto is not "criminal" but is "winning".  This is why there is nothing criminal about the DAO failure, except to strip the rightful winner of the lottery from his gains by changing the rules.

A successful breaking of AES wouldn't be "criminal" either, but a success of the one finding the trick, and a failure of AES.  In crypto, breaking crypto is the normal thing to attempt - otherwise there is no need for crypto.

So the only criminal coin, if any, is ETH, who didn't respect its own engagements, by stripping a winner from its bait.

Now, you can say, that the game is more complex, and that "being able to change the rules at will" is also part of the game.  In that case, ETH is not a criminal coin, but an even smarter attack.    As crypto is warfare, you can hardly call "the enemy trying to hit you" criminal.  But you could consider that "changing the rules of warfare" just as well a tactic.

So in the crypto scene, NOTHING is criminal.  It is a battlefield, and may the one that outsmarts and destroys the other best, win.

As such, neither ETC (where someone used the crypto according to the announced rules to make a surprise win), nor ETH (where the surprise attack was to break the block chain) is criminal.  Both are ways to rip off the other, which is the goal of this game in the first place.

So, in summary: the DAO hacker outsmarted ethereum/DAO, and was hence a winner (on ethereum/ETC).  But ETH outsmarted the DAO hacker, by breaking the block chain.  As such, ETH was an even greater winner in this war game, by inventing an even bigger weapon.

But that's the point !!
Suppose the disk died.  Not that this doesn't happen, right ?  So that means that you valued what was on that laptop less than the price of a hard disk and the pain of making a backup: less than, say, $100.  Then one could at most ask you 0.2 BTC as ransomware, no ?  You didn't care.  At least, with the ransomware, you can still pay, and get the files back.  If the disk scratches, or if someone by accident does a deep format, its gone forever.

Disks die all the time.  People make errors all the time.  Data is destroyed all the time.  But if it is "ransomware" then suddenly this is drama !   There's only one lesson: BACK UP or consider the data lost at any moment is not going to harm you.

I would even say that ransomware has a very good effect: it is (by paying) reversible in most cases.  Usually, people learn about data loss and the need for back ups the hard way: they don't consider it, until data is gone (computer stolen, disk scratched, human error, ...) for good.   Ransomware gives you a wake-up call with still the possibility to get your data back.

I would say that ransomware has only one extra problem: that is that you now also have to make air gapped backups.  Indeed, ransomware could encrypt everything that is easily network-mounted, like your online backup storage.  But then, human errors can ALSO format the backup disk.  So if your backup storage can be erased from the network, you should consider air-gapped copies of it too.  That's indeed a pain.  The other solution is to have a one-way backup storage, that can only ADD stuff to it.  This, you can leave on your network, as long as you make sure that that system is hardened (you don't use it for anything else).

The AMAZING thing is that price is hardly affected. 

Unstoppable Turing complete code LMAO 

This is maybe a trick by Vitalik to give him a root password to the chain ?  After PoW and PoS, we will also have PoV ?

Now, one has to be fair, bitcoin experienced similar things too, when its market cap was $100.

You are perfectly right.  A problem with ZCASH is that you can do also "normal transactions" like bitcoin transactions.  In fact, for a long time, I wasn't sure about it.  But ZCASH is essentially the realization of the old proposal of implementing zerocoin into the bitcoin protocol.  Because bitcoin doesn't move, the ZCASH team essentially decided to launch a new "bitcoin" with, this time, the zerocoin protocol (the improved version, zerocash) incorporated.  So you can have zcash "coins" which are like bitcoin, and which are transparent ; and then you can transform coins into notes, which are the anonymous version.  You can also redeem coins with notes.  The notes are anonymous because when you transact notes, you do this with a zero knowledge proof: you prove that you have been using a valid note in your transaction, but people don't know which one.   So the anonymity set is all the notes that have ever been created.  The ZK proof also indicates that this note was not yet "spend".  The next time you try to spend the same note, it won't work, you will not be able to make a new ZK proof of valid note.   But nobody apart you knows which note.

These notes ZK proofs are very computationally heavy to make (about a minute on a high end PC).

So essentially you have:

normal "bitcoin" transaction: (coins) -> (coins)

ZK proof: (coins + ev. notes) -> (notes)    OR (notes) -> (coins + ev. notes) OR (notes) -> (notes)

We're talking about *applications* that do this, not Apple itself.  It is very strange to limit customers in the kind of applications that they can run, based upon which specific things that application handles.  It is almost as if they would only allow PDF readers that can read English and Spanish texts, but PDF readers that can display Russian or French texts would be banned from the Apple store.  You can say that Apple only promotes languages that are growing, but why stop applications that can read French documents ?

IThat was not my point.  The Intel ME is seriously problematic.  However, I think it is not as dramatic as it seems at first sight.  My point was that one shouldn't buy hardware with windows-locked-up UEFI.  One should keep the UEFI but one that allows you to install free systems.  Up to now I never had a problem with that.  There are European laws that FORBID OEM to lock down an operating system, so there will always be manufacturers that allow Linux installs.

That said, there is (and I have to thank you for those links) a serious problem with that ME (bigger than I had realized) - but I consider that it is their good right.  The reason why - even though intel's secret key is essentially the back door in every computer that the NSA would like to impose so much - I'm not really so worried about it, is that foreign states use intel PC too, including their intelligence services.  Now, either these people are vastly incompetent and are putting their state's secrets open to read by the NSA, or they cracked the ME and then they are vastly incompetent by using intel machines in the US government because now THEIR machines are open to just any foreign cracker that broke the ME, if this were such a wide open back door.  Also, there are too many things that the US government *doesn't* get right if it were true that they can just enter every computer in the world without the slightest effort.
That said, this ME *is* a problem and it is one day going to blow in Intel's face.  When a totally unknown party will have hacked into the ME.

I think the trusted setup can be made more trustworthy, if there is an open participation, and if there are MANY participants.  I already suggested this.  Instead of 18 participants or so, you could provide for thousands of participants, essentially everybody who is interested.

A suggestion is this: consider, say, 20 000 participants in the setup (with the idea that less people will actually show up).  Ask people on bitcointalk to post their public parameters.  Up to 20 000 people can do so before a given date.  We can all see those contributions, and YOU can see YOURS. 
At the given date, include all the published public parameters in the final trusted setup parameters, and generate as many others to reach 20 000 in total.  The only thing YOU have to verify is that YOUR parameters are part of it.  Then you know if you can trust yourself.
It doesn't matter if 99% of the others are "Sybil" parameters: your parameter is sufficient to give you some trust in it.
You can also verify that all the published parameters are included.   It would be a good idea if people could sign their parameters with PGP signatures, so that we have an idea of the diversity of the number of people involved.

But again, if YOU are part of the trusted setup, YOU can trust it.  With, say, 20 000 participants, chances are that many people can trust the trusted setup, and in the end, even people that are not part of it (later) know maybe some people that are part of it, and which they can trust.

Of course, you can never take away the existential doubt of a trusted setup, unless you are part of it and you know it ; but if, say, 20 000 people are in that case, then I think the trusted setup can in practice be trusted.


You definitely should eliminate it.

You should also make anonymous transactions compulsory: ONLY notes after the coinbase creation. 

As someone said somewhere: if you use ZCASH, it is for its anonymity.  But then you should use anonymous transactions.  Even if they are "heavy".

We'll see that when the next exploit of a smart contract happens...

Indeed, if you are panicked about ransomware, then you should rather thank the guys doing that for doing a wake-up call.  At least, with ransomware, there IS a means to get your data back: pay up.  If your data are so badly protected and so badly backed up that ransomware can put you into (reversible) difficulty, then you have created a situation where you can easily, by material or software failure, be put in the same, but this time irreversible, difficulty.
You should have backups, and you should have air-gapped backups of everything important.

That said, having to restore from backup is a pain, and you will lose recent work.  But it shouldn't be more nuisance than this.  If it is, the ransomware just indicated you've put yourself in deep potential risk.

Again, I think you are confusing operational security with the coin protocol.  There are of course coin protocols that are easier to make secure in operation than others, but the way you encrypt your wallet, hide the data, or the human interface to enter one's pin code, the way the networking is done and so on, is NOT part of the coin protocol.  For instance, hiding your IP can be done in bitcoin by transmitting the transactions over TOR or the like.  You could send transactions by paper mail if you want.  These operational security and anonymity questions have nothing to do with the coin protocol itself.
For instance, you might use TOR and many other means to hide your identity, when you put your bitcoins on an exchange, the transparency of the block chain kills most of that effort.  On the other hand, you might use monero to obfuscate the transaction history, but if you do this on a compromised machine or a compromised network, it is of no use.

But the coin, and the opsec, cover different aspects of the security and anonymity question.  There's no point in trying to solve opsec questions with the coin protocol, and there's no point in trying to solve coin protocol questions with operational security tools.  Although one has to keep in mind one when dealing with the other, they are nevertheless different things.

The relationship is somewhat similar between cryptography and OPSEC.  Both address different problem domains, although one has to take into account the requirements of the other.

There's no point in using AES-256 if you have a key logger on your machine.  But you shouldn't use broken crypto for your password encryption either.

Well, real power is when you don't even have to tell your lackeys any more what your wishes are, but they fight amongst themselves to guess them and please you, and go and impose your wishes even before you have to say so, no ?


Without the violence stick behind it, we would all laugh our ass off DMCA.  Don't confuse the means and the goals.  They are not separated.  The means are the goals, and the goals are the means, in this vicious circle of power.

But I agree with you that "intellectual property rights" are incompatible with fundamental freedoms, and allow at the same time some elite to gather immense wealth and power.


This is a bad example, I'm afraid.  Nobody forces you to smoke.  With freedom also comes the freedom to scam.  It gets worse when, using DRM, these companies attack in justice *independent analysis*, but nobody can force you (in a free world) to tell the truth about your own data.  Even if I have huge labs that have examined in every detail the effect of radioactivity on human health, I consider it part of my fundamental freedoms to set up a publicity campaign to have people buy my plutonium sun tan cream "to boost the vitality of their immune system" or any other scam.  And if I'm successful, and I can kill 90% of human population that way, I would consider this as nothing else but the normal enjoyment of my personal fundamental freedoms.

However, if I send out thugs that force people to put that cream on, I'd be a criminal violator of people's freedoms.


This is because, again, goal and means are one and the same.  The government is partly multinational corporate world, and vice versa.  The official government is only the tip of the iceberg of what government is about.  But these multinational corporations couldn't exist without the violence of the state, and the politicians couldn't do their manipulative acts without those corporations (otherwise the politicians wouldn't do them any favours).  This is ONE AND THE SAME aristocracy, and the "democratic show" we see every so many years to get one or another straw man "winning a popular election" is nothing else but a façade for this aristocracy to keep the power.


I've heard about those locked boot loaders.  One should avoid buying such devices, but I think it must be possible to hack them open.  I don't think there is any legal procedure that can be used against you for REMOVING software or firmware from a device ; and if so, it would be the OEM that would have a strange hardware selling licence.  I've never had an intel machine on which I couldn't remove windows entirely (that's usually the first thing I do with a new computer).  It is true that UEFI is a pain, but I thought even (though I never bothered) that there are laws in some countries that force microsoft to pay back the windows license if you ask to remove it.

There could be manufacturers that lock down windows in the UEFI.  Then one mustn't buy stuff from them.  They can make life technically difficult, but I don't see how you could be legally annoyed by doing away with software.



I wouldn't, indeed, mess with a stock rom.  That's probably "illegal".  One should only buy devices that are listed on, say, cyanogenmod's list.  Again, I don't see how one could get raided because one installed cyanogenmod on one's device.


Well, I consider it "fair play" to want to deceive one's customers, as long as you don't use violence to impose it on them.