It was probably an old BTC scam: Look for any BTC addresses in the content and replace them with your own. There was similar malware a while back that did the same thing using the copy-paste buffer on Windows.

That is almost never, if not actually never, possible to prove until after the scam has collapsed, at best (meaning some scammers get away with scamming, i.e. it is never proven).

Evidence suggestive of a scam is not FUD. When Madoff's ROI numbers were pointed out as suspicious, that was not proof, nor was it even possible to prove it with facts available (because the only one with all the facts was Madoff himself, and he wasn't about to reveal them until forced to do so). What it was is evidence strongly suggestive of a scam.

Likewise, misleading statements from Evan about the launch time and then the early launch, withholding development plans until after the instamine, Otoh getting a large number of coins directly from an instaminer, repeated renames, inconsistent self-contradictory statements from Evan as to the nature of the project (hobby vs. for-profit venture), etc. are all evidence strongly suggestive of a scam, but no, not conclusive proof.

I never implied it does't matter. If you want to be able to go back to the land, then it certainly does matter. Very few people will ever want to do that, but very few is not none. I just said that you can't argue starvation and population reduction at the same time that you argue for widely-available synthetic food. Being more tightly integrated into society is another matter, and technology does tend to do that, with some exceptions.

Anyway, I'd suggest that technology makes it less likely (similar to TPTB's comments about less farm land being used). Synthetic fish will reduce demand for real fish, because it will be cheaper to grow fish meat in a vat using genetically engineered yeast or whatever (I have no idea how synthetic fish works). Real fish will become a luxury good that are sold in smaller quantities and higher prices (the latter including people who choose to devote large quantities of their scarce labor to catching it in a self-sufficient manner, via the "opt out" luxury good channel).

Please do

Some information was leaked last year about Paybee which is being developed by fluffypony. I don't remember the details but it includes such a service for Monero.

I'm of course not claiming there are no devices that are simple enough to analyze in that manner, but it is a small subset of consensus systems today.

And what we are seeing in the real world more and more is that even safety-critical systems are relying on increasingly-intractable mountains of code, with testing, process certification, redundancy and fault tolerance used to reduce failures to an "acceptable" level.

Anyway, I think we agree for the most part, largely disagreeing on matters of terminology and (in the case of Bitcoin) probability of future failure.

And the discussion has become repetitive.

So, I'll bow out of this thread for now, especially if you are ignoring monsterer who is largely correct (though also may have a slightly different perspective)

Good thing we do not have any such confusion then!

It seems no one is interested in spending money to create confusion about attacks they aren't performing.


A Finley "attack" does not exist in the system as defined by the white paper, where PoW defines ordering (as opposed to mint timestamps as described in section 2). If people want to be dumb and rely on zero conf in Bitcoin, they are attacking themselves.

I agree, and when I talk to Bittrex i will bring that up if it hasn't already been done.

I also just updated the OP.

Well they are indication, just not conclusive evidence, since they can be natural or faked (at a cost)

But lack of ephemeral forks is conclusive evidence of lack of an attack, subject to the (reasonable) conditions I stated above.

You are still getting the logic backwards. No one is trying to prove a minority chain did anything. They can't because they don't exist (with significant frequency).

As a necessary condition for someone to be 51% attacking to censor transactions is that those minority chains exist at all. If those minority chains don't exist at all, then no one is attacking.

If someone creates fake minority chains (at significant cost), then it could be inconclusive evidence of an attack. We would have to look closer to try to determine if an attack is taking place, which could include keeping a node online, even if you didn't do so normally.

Possibly, you could be fooled (and be unable to determine otherwise) into thinking an attack took place when one really did not. But you can't be fooled into thinking an attack did not take place when one actually did take place, unless someone hides all evidence of the minority chain. That is implausible.

I therefore conclude at present, there is no attack taking place.

Mempools only prove nothing if nodes are also conspiring. Someday when (maybe) there are only mining nodes, that might be plausible. Today it is not.

It comes down to

Where's the fork

Show me the fork

If we don't see forks, then there is no majority of CPU power colluding to censor transactions. It doesn't exist. (Unless all miners are part of the collusion, which they are not.)

Also, if there are no forks, then there is no question about "which chain is the 'honest' one" because there is only one chain.

Deviations from this are (at present) easily explainable by propagation.

Wow, such horrible logic.

You can not know an attack did take place, because the forks could be a ruse, yes.

But you can know that an attack did not take place because there is no such fork anywhere in existence.

Unless you believe that all miners are colluding. I don't believe that. Even then, censorship would leave the censored transactions in the mempool.

@TPTB you are falling into the same logic trap as CfB. Proving an attack is not the same as proving the lack of an attack.

But...we certainly can't know there won't be an attack tomorrow, or the day after, or any other time. That is not only true, but clearly implied by the wording of the white paper.

People need to decide whether they can live with that risk or not.

I didn't read that but the point is that you can't engage in an attack without creating forks, as monsterer said. The forks are visible. They would exceed those explainable by propagation delays, and would be selective against miners who include the banned transactions.

Collusion, in fact, doesn't even matter. It could be one large miner or a collusion. Either way it will be visible unless the collusion is total (maybe that is what your link states).

You would also, even in the case of total collusion, see transactions staying in the mempool forever despite having higher fees than transactions being mined. We don't see that either. There is no attack taking place. For the moment.

To censor, he has to orphan other miners' blocks that do include the transactions. That is visible. Delaying is possible without creating forks. Censorship is not.

Collusion to do what?

You can collude to attack, but that would be visible.

If you collude with a bunch of other miners to pick each other's noses, okay, maybe we can't see that, but I don't care. That isn't an attack.


To censor, he has to orphan other miner's blocks that do include the transactions. That is visible.

A web site would be appropriate, but the budget is limited. Even though the number of coins in there is decent, the market value is still not much, and the liquidity is very weak (i.e. dumping coins would trash the value even more).

If some community member wants to take on web and be included in the coin team for purpose of being eligible for a share of the donation coins later once they might be worth something, then I'm all for it, but not in favor of dumping to pay for stuff in the current market, or paying them out to someone who is likely to dump them. BTW, I consider the logo development work in that category as well, especially if the logo ends up being successful and long-lived.

Another option would be a crowd fund. In that case I'd suggest raising funds using a bigger coin like XMR or BTC to avoid the dumping issue. A web development budget is a much smaller deal even for XMR's market (obviously BTC too).

The examples in the paper are toy examples. Now consider a real system with many interconnected computers each running million or billions of lines of code. Passing along a lie does not create a new traitor, but responding incorrectly to an unexpected input does create new traitors. So it is very difficult to ever know how many Manchurian Candidate traitors exist, ready to be triggered. Byzantine fault tolerance is used because it allows robustness against complex failures to a greater degree than simple majority voting, even when the components are not simple bits of hardware with an easily-quantifiable MTBF (which are often bullshit, BTW).

Anyway, it turns out that monsterer is actually correct, and failures are observable in Bitcoin after all. You can't censor transactions without controlling either all the miners or creating forks. As long as neither condition is observed we know it hasn't failed.

We covered this earlier monsterer, but I don't agree that observers can necessarily see the fault. If mining is centralized and no one outside of the collusion mines (because it is not economically viable to do so), then there will be no forks.

However, it is accurate to say that if we know there are miners who aren't part of a collusion and we don't see forks that exceed those accounted for by natural propagation, then there is no attack.

I believe the bolded condition is a near certainty today, and the italic condition is very likely true.

Therefore Bitcoin is solving (something like) BGP for the moment.

Analyzing the present based on available evidence is the only objective statement anyone can make on the matter. Speculations about the future are just that.

That is true even if you can estimate probabilities. There will still be some probability of faults (which may different from your possibly-incorrect estimate, but even if not) that exceed the tolerance and those are not detectable. Generals then charge off to their deaths.

And in reality, in the case of Bitcoin, you do estimate a probability (as being close to 1) and so does everyone else (a range, not all close to 1). That is at the root of why you think it is not a solution. It has nothing to do with the solution to the BGP, which is a mathematical construction that may or may not apply to Bitcoin (I still don't know).

The entire construction is an exercise in theoretical computer science, i.e. mathematics. You state a problem and you solve it. In this case (as in many others), the solution has necessary conditions.

It also happens to have some practical applications. Some of those involve measuring or estimating probabilities, some may not. An example of the latter would be comparing two available solutions to the same problem, where the input probability is unknown, but one solution or the other must be chosen. In that case you would very likely choose the solution with the weaker necessary condition (or at least you would consider that against cost).

I'm not going to respond to the rest of your message because I think it basically comes down to you being convinced that economics will certainly cause a permanent centralization of Bitcoin (which is effectively >1/3 or 50% collusion), and it will therefore fail. That's a fair belief, and I consider it a very significant probability, but I don't share your belief in the certainty of it.