...
I guess I should have made it clear that I was talking to the tool that started the thread and thinks that his opinion should be binding on everyone else, not whichever random person posted just before me. |
|
|
|
|
If you send the change back to one of the input addresses, you end up being a tiny bit less secure, and quite a bit less semi-anonymous. And you really gain nothing by doing it that way. Keys are small, and tracking many of them is not hard.
What people really should be asking is how they can make the client look for inputs that allow the spend and the change to be roughly the same size, to make it harder for a snooper to tell which was which.
|
|
|
|
lol! how am I supposed to calculate 51 * 58^33 ??
Use BC. root@inana:~# bc
bc 1.06
Copyright 1991-1994, 1997, 1998, 2000 Free Software Foundation, Inc.
This is free software with ABSOLUTELY NO WARRANTY.
For details type `warranty'.
51 * 58^33
795598514708271371396201516761468809858422083444006597951488
It is in POSIX, so libraries can be found for just about any language or platform. Here is a PHP example: root@inana:~# cat b58.php
<?php
echo bcmul("51",bcpow("58","33"))."\n";
?>
root@inana:~# php -q b58.php
795598514708271371396201516761468809858422083444006597951488
root@inana:~#
|
|
|
|
|
Can you just shut the fuck up already?
They created the exchange, they own it, they operate it, they get to make the decisions for it, not you. If you don't like that, you can go make your own exchange and set whatever policies you want for it. If you are right that bots are bad, people will flock to your botless exchange.
|
|
|
|
|
You are making the very common mistake of thinking in terms of addresses.
Addresses do not have balances. Spends do not come from addresses.
Spends come from transaction outputs. Transaction outputs must be redeemed all at once, never partially.
In your example, if you have a balance of 10 btc and you send 1, your client will look through the list of transaction outputs that it has the keys for and it will select a subset of those outputs that adds up to at least 1 (the amount you want to send). It then makes a new transaction using that entire subset as the input, and with 2 outputs*: one for the recipient, and the other for the change. In the client as it is today, the change always goes to a fresh key (address). If the client can't find a spare key in the wallet file, it creates a new one. If it can't write that new key to the file, you just lost whatever the change would have been. If your 10 btc balance had been from a single transaction, you just lost 9 btc. Forever. If the client crashes too, that was just a bonus.
Come up with a better way to track your balance.
* I'm ignoring two special cases that don't really change the process much. The first is if the client just happens through random luck to find exactly the right amount so that it doesn't need to make any change. The other is if transaction fees are needed.
|
|
|
|
|
The idea that 90% of the mining power would disappear at once is pretty silly. The literal end of the world would be more likely.
But, if it ever did happen, the remaining 10% would have plenty of time to agree to a change of algorithm and update their clients.
And yes, this have been discussed many, many times before, in dozens if not hundreds of threads.
|
|
|
|
all considered i will go for the BitcoinNotify.com system
but i will handle it in a way that i can't get burnt
BitcoinNotify.com will send me a notification that a payment was sent.
with that information i can tell the customer that his order has went through and is now being processed
i can then check my wallet b4 i ship the item. (i think i would do this even if BitcoinNotify.com was 100% secure)
99.9% of the customer will have infact sent me the moeny
0.01% of the time i will e-mail the hacker explaining that he has to actually send me the funds b4 i send the item.
i can prove that the payment was not send by looking the block chain.
People need to understand that this step is very important, and should not be delegated lightly. |
|
|
|
|
You need to narrow your quoting window. You really should automate your trades on the exchanges too.
With the wild swings in the market, you really should be quoting live rates, or use a 15 minute window. Maybe an hour, tops. If your quoted price is different from the live prices on the exchanges, people will use you for arbitrage. Since your operation is a way to go from bitcoins (liquid) to physical goods (not liquid), you won't have big operators cycling through you over and over again, but people that want to use your service will do it when it favors them, and wait when it doesn't. Not absolutely, of course, but there will be a bias, and that bias is already big enough to make your site unprofitable.
Automated trading will limit your exchange losses. Just sell them the instant that you get them, for the best price that you can get. The exchanges have APIs that make this pretty easy.
Resist the temptation to speculate with them. Either you don't know what you are doing and will take unnecessary losses, or you do know what you are doing and really should keep that activity separate.
|
|
|
|
|
The nice part about EVE is that the main method for sending money around is a "Donate" button. That might be a nice feature in the bitcoin client.
|
|
|
|
But you are forgetting two things:
1. Bitcoin and USD are opposites. The USD is a fiat currency while Bitcoin is a voluntary currency.
2. You are misrepresenting the position of the people criticizing fiat currencies. There has not been a paper fiat currency that has lasted more than a 100 years in history. And paper fiat currency is a very old concept, it has been tried for centuries. That means something. 1. I'm well aware of the difference. 2. No, I haven't misrepresented anything of the sort, mostly because I haven't said anything about people criticizing anything. I'm also well aware of the history of paper money. Generally speaking, people that know enough about our monetary system to criticize it don't need me to explain basic concepts like what "backs" the dollar. |
|
|
|
Exactly.
Every private key is just a 32-byte hex number. Every 32-byte hex number can be used as a private key. And hence, every 32-byte hex number has a corresponding Bitcoin address.
Just by coincidence (or perhaps not), the SHA256 hash algorithm can produce a 32-byte hex number from any text input. And while the output isn't predictable, it always produces the same output given the same input text.
So the idea is just to pair these two ideas. Pick a passphrase, compute the SHA256 of it, use that as a private key.
All the Casascius Bitcoin Utility does, is calculate the Bitcoin address that corresponds to your 32 bytes as the matching private key.
You aren't remembering the private key itself, you're merely remembering the text that will produce your private key when plugged back into the SHA256 hash algorithm. Which is good enough.
(When using Casascius Bitcoin Utility / SHA256, the passphrases ARE case sensitive by the way)
Did you run that past a cryptographer first? I haven't read FIPS 186-3 in detail, but I seem to recall that ECDSA keypair generation involved more than tossing a bunch of bits together. Also, did you test this? |
|
|
|
A decent mixer could sort this out, but those have been big targets historically (see anon.penet.fi). Also, I don't think that real anonymity is a show stopper. Most of us would like it if it were there, but very few applications have it as a hard requirement. |
|
|
|
Ok just now I started it and CTxDB::LoadBlockIndex took 30 seconds to complete.
It seems to take longer if I haven't been doing anything with bitcoin for a while, perhaps because the disk data is not cached by the OS.
Don't most profiling tools have options to explicitly flush read caches before runs, for just this reason? |
|
|
|
I set up a sample spreadsheet of a insurance association pool. This will be a cooperative. If there isn't enough money in the pool to cover the highest possible single claim you can't do that transaction...... unless you get sureties or yourself to make up the difference into an excess risk account. That basically means the more risk you put on the pool the more risk you also assume on yourself.
Problem number 1 is highlighted. Problem number 2 is that this will enable bigger scams, for the low, low price of whatever your joining fee is. |
|
|
|
If you wish to create complex order situations, then you should have access to an API and build a bot with the functionality and algorithms you desire.
Latency. It always adds. |
|
|
|
|
While we are at it, there is no requirement that the price of the last execution be bounded by the current ask/bid spread.
|
|
|
|
FOREX trades are required to settle by day T+2. Bitcoin "exchanges" should be held to the same standard. If the money hasn't shown up on day 3, assume they're crooks.
Well, since you know what T+2 means, I guess I'm sorta wondering why you don't also know what "settle" means. |
|
|
|
|
Wow, you screwed up ordering something for free, and it triggered a nasty case of nerd rage. Go get yourself a beer or something.
|
|
|
|
|
My first thought was an alert message. Presumably Satoshi had the exact same idea years ago.
The maintainers could generate a key pair for each release, with the public key embedded in each client. If a critical bug is found in some client, the maintainer signs a message telling the node to notify the operator. If the message is informational only, and has some anti-spam provisions (embed the message in a transaction sig?), it should be pretty widely accepted by the community. Each node operator then has the choice of how they want to handle the message.
If I was running a store, and the devs found a critical bug that made my client unreliable, I would set up a handler that disabled my store first, and paged me second. Operators that ignored the messages would do so at their peril. Having a deep reorg trigger the same exception handler would be good too.
Theymos is right that having a higher barrier for deep reorgs would allow an attacker to maintain control over some nodes for a longer time (or forever), but under my scenario, those are the nodes with careless operators, which is their own fault. I'm all in favor of protecting all nodes, even those with careless operators, when it happens for free. But I'd throw half of the network under the bus if it made the remaining half twice as secure. Hell, I'm almost at the point where I'd be willing to do it just to stop all of the "51%" threads here.
|
|
|
|
|
Show Posts
