No, instead they prevent you from doing that in the first place.

E.g. in the blinded example: When you provide your inputs everyone sees your values, and you specify "this is a blinded X btc output" and they all sign that output with a key which corresponds to X btc, and obviously refuse to do so if your input isn't at least X.  Later you reveal your output, and they know its value by which keys signed it.

This isn't to say that implementing any of this is interesting. The state machine to achieve success in all cases ends up very complicated. (This is also why I think that blinded but quasi-centeralized e.g. where a semi trusted party coordinates are probably more interesting for initial deployment).

You are asserting it, (over and over again) but it doesn't make it true. It was explained in adequate detail previously enough for other people to understand it and implement tools that address it.

It's actually not, since it's not actually possible in the Bitcoin protocol to do what (it sounds like) you're describing, but more importantly performing the operation in that order defeats the anti-dos. If you lead with the inputs they provide a trivial anti-dos mechanism.

Because they fail to sign. There is no need to identify them beyond identifying their input coins to achieve rate limiting, and no need to identify the input/output correspondence.

I'll repeat it, since maybe other people are having problems following the link:

An example (using the blind signature approach, simplified for equal values) is that each participant cryptographically blinds their desired output, and then signs their blinded output using the keys from their intended inputs.  They then present to the group their inputs (and assuming those inputs are not black-listed) everyone in the group blind-signs each of the outputs. Then everyone connects again with new connections (e.g. a new circuit in tor) and presents their unblinded outputs and their signatures. Now everyone knows that all of the provided outputs were from authorized parties— but not the correspondence. The transaction is composed and— back on their original connections— they all sign. If someone doesn't sign, it means they're jamming the process, everyone blacklists theirs inputs and automatically restarts.  The network naturally rate limits them via the finite supply of available outputs.  (of course, if you want you can attack other valuable identities to the first step, like coin burning or what have you, if the natural network rate limit isn't enough).

This is just one example of a way to address this. There are several other ones possible— and discussed early on in this thread.  Other ones include publishing commitments and then if the process fails having everyone reveal their intended outputs (which they then discard and never use) in order to avoid being banned, or using an anonymous accumulator instead of blind signing to control access.

I boggle that they'd even sell a single unit.

Sold out?

While I am sad for the new bag holders, I'm happy because that means you'll be paying the refunds you owe people and shipping the months delayed products.

Right?

Sadly, XKCD's explanation is simple to the point of being deceptive— it's caused a lot of terrible misunderstanding.

True randomness is absolutely essential to password security. If there is enough, your key is secure— if there isn't it may not be.  It doesn't matter from a security perspective if that randomness is used to pick letters or whole words, so long as enough goes into it. If you'd find words easier to deal with— then great do that.

But there must be enough and, sadly, the example that XKCD gives is targeted around things like website passwords where very high speed attacks are infeasible, and where a multi-target speedup (e.g. from an unsalted password) is unavailable.  For an offline attack scenario where an attacker can have an effective attack speed of a billion attempts per second— or more— the strength discussed on XKCD would fail in a day or two.

A lot of people read the comic and completely miss the point of randomness being essential and just the form of its expression being irrelevant, and so they think any random human generated string is acceptable "'duck spatula stapler outlet', that's totally random!" when in fact it is in grave danger of being compromised by attackers with powerful statistical models for human generated passwords.

AnonMint, Every post you've made here has been error and confusion.

The very first post in the thread points out that decentralized versions take more work because of the anti-DOS proofing. A couple posts down I give some examples of how it can be done.

You're presuming a broken model that I don't believe anyone here has ever suggested. You'd always being the protocol by specifying the inputs in which you intend to sign. Signature authority over inputs is the principle scarcity that allows you to may the system dos-attack resistant. After the inputs are signed, outputs can be specified in a cheat proof way, and then the only avenue for disruption is refusing to sign which can be addressed by blacklisting your inputs (and other rate limiting tokens) and restarting.

Also keep in mind that when you post in the HF self-moderated thread it bumps it to the top again at least until they delete your post. Doing that keeps their distorted reality more visible than these other threads that are showing people whats missing.  If you're posting something critical in the HF thread: it _will_ be deleted, you might as well at least post it in parallel in the relevant other threads.

(Because of the high rate of deletions in that thread I recommend you post nothing in there at all— but if you feel you must, I don't see a reason to hold the duplication against you: most posts in that thread are deleted.. so just go ahead and simulpost when you post there.)

Also if you ignore hashfast-cl it will make their posts show up small and greyed out for you on the list, so it'll be less distracting. You can still click show to look at their posts at it if you want though... I recommend it if you find them irritating.

P2Pool is trivial to setup and just becomes solo mining if the pooling part doesn't work for some reason (like a broken escalator becomes stairs), and it's already what everyone should be using.

...Not that setting up solo mining is hard.

But really, if you're going to bump this discouragingly stupid thread, at least have a reason for it.

Just an update: HashFast has still not refunded the 97.95849881 they owe me after taking my funds and failing to deliver by the refund or die they which they chose, nor do I believe they've refunded or sent products to many other customers.

They have also still not responded to a single one of my certified letters. They have no confirmed with me if they will or won't make good on their explicit commitment to refund the full amount I paid— even though its now more than three months since they violated their agreement.

They also continue to aggressively delete all critical comments or concerned views from their self-moderated thread promoting their latest pre-order product. These deletions include deleting messages where they claim to have sent me a refund— which they have not— and where I respond pointing out that they have not done so.

You can use an ordinary computer PSU, with some care in selection for one that provides enough power on the pcie power connectors. Beyond that, they're basically self contained— a little embedded mips computer running linux and an ethernet port.

Bitmain is pretty great.  Their produces are delivered on time or faster (± normal noise that happens with international shipping), and their products are exactly as specified. Their products are industrial workhorses. They do not come in a sleek plastic case with useless decorative lights, instead— they actually work.

I don't get the impression that they have a bunch of fluent English speakers around, so communication is sometimes a bit spotty. Some people who've had packages get stuck in customs or received the odd defective part have reported it taking a while to get it resolved.

Like all current mining hardware companies their prices are so/so in that you're making a gamble on future difficulty, though they've been diligently lowering the prices as the expected future income goes away.  But the fact that they deliver on-time and to-spec— what really should be table stakes— makes them stand out in the business of Bitcoin mining.

Bitmain sent me a 90GH/s prototype unit before they started shipping, with the current firmware antiminers are awesome on P2Pool. Subsequently, I purchased a couple more on my own as a regular customer. 

I've recommended the antminer S1 to friends, and if you're thinking about getting into mining for fun and to support the network, I'd still recommend them. (Actually looking to turn a profit at it— well, thats a more complex question)

Thats not so. You can use clear terms and investment rather than pre-order nonsense. With transparency and equity in the business things would be much better off.

Right and I hope with this thread to advance people's understanding and thereby improve the whole market place. If miner hardware charlatans cannot exist without miner buyer rubes.  I've never bought mining hardware with grand plans of making a lot of money, I've bought hardware with the intention of supporting the network— and hopefully not losing (a bunch) on the process, maybe make enough to pay for the effort.  I'm a little irritated that it's become hard to do that and to sort out all the fraud because too many people are willing victims.

Generally all the continual update stuff comes with some messy costs: It greatly reduces the cost of isolation attacks, and it ends up making weird non-linear incentives likely (e.g. more profitable to mine in bursts) because the clamps become more significant.

For some fringe altcoin with no real usage perhaps it's necessary to prevent abandoning the chain— though to be honest I think merged mining is generally better— but I don't really see any applicability to Bitcoin.

I think it's more productive to speak concretely— People spent X coins, returned X*.8 coins or whatever, than to try to debate the fine details of "make good".

The hardware vendors have an enormous informational and control advantage over their customers: They know what the pre-order queue and delivery pacing will look like, they know and control how much of their own hardware they intend to buy with, they control how much hardware they sell to other people.  As such, I do think it's a little disingenuous to say "risk is yours to take". If it was pure uncertainty unknown the the buyer and seller then that would be the case, it's not so simple where the informational/control advantage exists.

Made good, but go compute the returns on their hardware—

At the moment the only ASIC hardware sales I know have broken even (or better) vs just sitting on your Bitcoin (or buying coin if you didn't already have it) are B1 Avalon, and  early Bitmain Antminers (jury is still out on ones being sold now).  There may be some of the bitfury devices included in that club depending on timing, but I'm not actually sure of that since the prices changed a bunch of times.

Might be interesting to build up a table of "device/when/cost in btc/yielded btc to date" to highlight how screwed up the situation is.

I don't know what you're saying I'm failing to acknowledge. The purpose of this thread is to raise awareness for other people about things I already know. I think that some of the problems will be diminished if the pool of potential victims is more savvy and refuses to accept the sketchy or outright dishonest behavior.

It's really quite annoying that HashFast posted on their thread making it sound like they're doing the write thing wrt me, and when I responded to point out that they weren't infact... they deleted it:

One possible way to address the head of line behavior is for us to put our funds in escrow (doesn't require risking the funds to a third party, see bitrated.com) only to be released if the product is delivered on-time, with clear pro-rating for late delivery.

The problem is that so long as there is an excess demand for mining hardware at any cost— including paying prices that can probably never make a profit— it will be harder for the community to get vendors to accept terms like that.  Why sell to the guy who armors himself against fraud when you can sell to a sucker?

I worry that the end result is that most sane people will sit back and not mine, most who do mine will lose their shirts and not continue, and more hashrate will end up consolidated with major private facilities that did have the leverage to secure preferential treatment to the ultimate detriment of Bitcoin.

Hello Hashfast, You're saying you've won the race to a 4U 2TH box in the lab, but why should I care about that when you've taken 97.95849881 and failed to live up to your contract to deliver goods by your self-specified deadline or return the funds.  Everyone here can verify for themselves that you have not refunded me: https://blockchain.info/address/1MWwwz9gpViE3u7o6Sx6huYNBrHyze8QrA

Why should anyone purchase more hardware on the basis of your lab-boasting when you haven't made good on your prior commitments?  What reason do people have to believe that you'll actually deliver these 2TH 4U devices when you have simply walked off with people's funds in the past?

What is the relevance of this product offering to the members of the forum? I'm struggling to see it.

I would remind people to not post identical things here again if they've been deleted, go bump the non-self-modderated thread instead. I know this can be hard when you can't see what has been previously deleted since such a substantial chunk of this thread has been deleted, but please make an effort to keep posts on-topic (primarily about HF's new product offering) and to not repeat posts.

Mining is the process of converting energy into proof-of-work
for the purpose of establishing a tamper-resistant historical
record in Bitcoin.

While mining rewards miners with transaction fees and freshly
created coins, mining is not a magical money making process.
In theory, Mining exists in perfect competition, so mining
profitably can be difficult or even impossible.

Currently the Bitcoin system releases ~3600 BTC per day and
these coins are shared proportionally by the miners according
to their relative hashpowers. As overall hashpower increases
the return per hashpower decreases. In recent times hashpower
has been doubling every month or so.

Many mining companies engage in a practice of selling
"pre-orders" thereby shifting the substantial risks of hardware
development entirely onto their customers. The practice of
preorders also exploits ignorance about the future income
mining will yield: People compute their income as if they
had the hardware today, when it's not scheduled for delivery
until months later...

And then almost every hardware maker has missed their
scheduled deadlines. Because of the rapid growth of hashrate
a weeks delay can mean the difference between a nice profit
and a loss. Many makers have also delivered devices substantially
under spec, many others have been outright scams which have
failed to deliver anything at all.

Some of the most experienced people in Bitcoin have lost out
in these offerings, don't just assume you won't be taken.

Companies which have cost people thousands of coins that
they'll never recover are still operating with impunity,
fueled by a seemingly never ending wave of people eager
to get involved who think that mining is a lower risk
way of obtaining coins.

Hosted mining companies with immediately available hashpower
often sell it at greater than it's expected value and themselves
represent enormous consolidation risks to the Bitcoin ecosystem.

In reality, mining is risky: It's riskier than holding
bitcoins because it's comparatively illiquid, and current
mining hardware is not really useful for any other applications.
These risks are multiplied by the unreliability of hardware companies
and the uncertainty of future mining income. Keep in mind: few
companies disclose how much hardware they are selling to other
people, and many of them roll their profits into buying their
own gear at cost and mining in competition with their investor-customers.

That said— I enjoy mining and I would not discourage people
joining in. Mining is essential to the security of Bitcoin.
It's important that mining be widely distributed and especially when people
mine using P2Pool it contributes to keeping Bitcoin decentralized and secure.

Just don't rush in thinking you are going to make a ton of riskless
money. At current retail prices I doubt most hardware available will
break even unless the growth rate slows substantially, which seems
unlikely in the near term. I think the exuberance of miners has
fueled the irresponsibility in hardware companies and driven more
competent and cautious parties out of the market.

It's all our our responsibility to behave sensibly if we want bitcoin
to flourish.

Nodes? why would they?

Miners— well maybe some already are. How could you tell?