Wow. That fraction actually worked! I'm like an ASCII-art king!

:-P

Considering BTC is at ¹/₅^th of its ATH they probably need better marketing more than we do;)

Seriously, though, adoption comes with maturity. We're a baby - just a year old - and there are many amazing projects by members of the community that are just getting going. From a core team perspective...we're not marketers, and we have no skill in that space, so you won't see us burning time and energy on an AdWords campaign. Of course, as the Forum Funding System draws closer to completion it's a good time to remember that marketing and all these other peripheral projects will soon be able to be pitched and funded through that.

Asse my friend! How is LHV? I'm going to be in Europe again next month, if you can you must definitely join us in Germany for the meetup on the 24th: http://forum.getmonero.org/14/events/237/monero-meetup-berlin-germany-may-24th-2015

On to your post. I think the idea of a human-driven PoW is interesting, although I suspect you'll end up with something more like Mechanical Turk to hit some lowest common denominator (although the the "work" would be much harder to independently verify, if not impossible for most jobs).

An educational PoW is interesting, but I'd imagine you'd have to have a fixed curriculum and a fixed set of multiple choice questions, in which case there's an easy Sybil attack vector (it being impossible to uniquely identify a child vs. a computer answering the questions from a list). I think the line of thinking is commendable, but I can't see a way to do it without specialist hardware (eg. vein readers) to identify individuals and reduce the Sybil attack vector.

It was in response to Jeff8247 who asked why there was so much "hate". I used an example to illustrate how those emotions could develop.

I have never claimed Duffield is a "newbie coin dev", I just think that he has demonstrated an incredibly poor grasp of very fundamental cryptography (eg. chaining hash functions leads to preimage attacks, which is why the winner of the sha3 standard wasn't "all of the hashes combined!!") and his actions subsequent to the instamine demonstrate either incredible ineptitude or outright deviousness.

What help do you suggest I seek in this matter?

You really don't want to be quoting gmaxwell to support your point, and you really have missed his.


So you don't have to trust that the MasterNodes that vote aren't colluding? You have a bizarre definition of trustless. You also haven't taken the time to understand where GreenAddress instant transactions have gone to subsequently, which is especially ironic as you accuse me of the same shortcoming. "I just read the description and thumbsucked everything else, but I can do that because I'm a DASH supporter and thus not a troll"


I stated the risk as I understood it, it was pointed out to me that it has been dealt with, and I acknowledged my error and dropped it from my very brief overview of fail points. That's literally the end of it, constantly bringing it up doesn't make me look bad, it makes you look like you're desperate to criticise me rather than acknowledge the clear evidence of a scam.

MRL-0002 goes into great detail as to how the attack occurred and what the net-effect was: https://lab.getmonero.org/pubs/MRL-0002.pdf

HTML5 responsive gooey!

Also to add, here's a log chart for all time:



You can see the onboarding of speculative miners and the improvements in hashing efficiency up till 2014-05-20, after which all changes were largely inconsequential. At that point 826k XMR had been mined, so we're talking about dga and others competing with our public improvements to the hash function that everyone used for a piece of 4.49% of the initial emission. It was a bit of an arms race, although the miners that were just pulling the changes that were committed to the repo were not at much of a disadvantage (in fact they were probably at an advantage, as they were able to expend more energy spinning up AWS instances since they weren't trying to optimise code:-P )

The "glitch" in the obfuscated miner was fixed extremely fast (by NoodleDoodle, one of the core team members), a lot faster than most people remember. At the time it was a pretty big deal.

Specifically, the change was commited May 7th, so ~19 days from launch = 2.58% of initial emission mined up to that point (we have infinite tail emission, but still use the 18.4 million initial emission as a reference point). This was roughly a 2.5x speed improvement over the original (sorry smooth, I was misremembering yesterday). There was an additional speed bump, once AES-NI support was added on May 18th, and that was an additional ~5x speed improvement, so by the time the first month had passed we'd improved the miner efficiency by more than 12x and made those changes publicly available.

A good exercise is to look at a logarithmic hashrate chart for the period:



You can see the initial spike as speculative miners start CPU mining, and then a continual ramp-up, with spikes on May 4th-8th and again on May 19th-20th, but neither of those spikes are orders of magnitude greater than the initial spike.

Remember, too, that at the time the core team that you know and love today didn't know each other. I knew othe a bit (online), but I'd never even had a passing pm with any of the others. Plus the community as a whole, largely spearheaded by those who would become the core team, were in the process of taking it over after things with thankful_for_today were...not working out;) So collusion on any level would have been unlikely, and if we did collude with the intent to scam you can bet we would have run with an improved miner for a lot longer than a couple of days. We would have mined for many months with only small improvements to the hashing function, and added lots of whiz-bang features to build the price up whilst we built up our stash.

Imagine, if you will, that you have a good friend who has been diagnosed with cancer. It's malignant, but operable, as it has been caught early enough.

Your friend tells you that he's decided to forego the operation, as he's heard about this Austrian guy, Dr. D Uffield, who has developed a cure for cancer. Plus it won't interfere with his lifestyle, all he has to do is eat 2 carrots a day, 1 African potato, and every month at full moon he must slaughter a chicken and dance around it. Surely you would be shocked to your very core that he's foregoing conventional treatment for what is clearly garbage with no basis in medical science?

To make matters worse, a cursory check reveals that Dr. D Uffield has no medical degree, and instead has a doctorate in theology. He isn't even licensed to practice any form of medicine, much less practice modern medicine as a medical doctor. You tell your friend, in the hopes of helping him avoid catastrophe, but he insists that this is going to cure him. In the face of all reason he ignores your advice and barrels ahead with this crazy treatment.

Months go by, and every time you try and remind your friend that there is no scientific basis for this treatment he screams at you, insulting you and telling you that you're just jealous that he has found this treatment and you haven't (you don't even have cancer!) To make matters worse he starts roping in all of the cancer patients at his support group, convincing them to quit their medical treatment and move to this alternate care regimen. Eventually you catch a break: Dr. Uffield moves his practice to America in an attempt to find legitimacy on the Dr. Oz show. In the mess of the move his chief aide, Nurse V. Ertoe, promptly resigns, and publicly calls out the sham.

This is it, you think, you finally have the piece of evidence to convince your friend! You print out all of the medical research you've collected over the months, and present it to him at his support group along with this clincher of a statement from the nurse. Instead of being convinced, he doubles down on his beliefs, and the cancer patients alongside him shout you out the room with cries of "FUD!" and "TROLL!" One of the more prominent members of the group has even left a pamphlet on your car explaining why Dr. Uffield's carrot/potato/chicken/dance regimen is "fit for purpose", and that modern medicine is just "weighed down with mountains of medical science" when all you really need is a visionary, regardless of where he got his doctorate and what field it's in.

At this point how would you feel about Dr. Uffield and his regimen? Irrational hate? Disgust at his abuse of power?

And would you just shut up indefinitely, or would you try and help newcomers that join the support group not get tricked into using medical care that has virtually no basis in medical science?

So it is for us when we observe snake oil and an obvious scam being punted by means of a cryptocurrency that has virtually no basis in cryptography.

If Bitcoin developed it that wouldn't help us (Monero) one bit, we don't share a single line of code with Bitcoin:)

It can, and we have time locks already. Multisig is harder, and we've been trying to work through the problem with the gracious assistance of gmaxwell and andytoshi (who have done a truckload of work on it already). That said, we need to tread carefully with it, and anything like Lightning's scheme is probably a couple of years away:)

           ,                  /\.__      _.-\
          /~\,      __       /~    \   ./    \
        ,/  /_\   _/  \    ,/~,_.~'"\ /_\_  /'\
       / \ /CR \ / YP\/\  /~TO  G RA VP  H\/Y \
     /~C'R"Y""PTOG R A PH\/Y C"RYP T" O\GR"AP" HY\
    /C RYPTO G"R\AP"Y CR/YPTO  G"RAPH Y " C"RYP"TO\


Mountains!

Also just in case anyone misses the easter egg in MoneroPulse:


[ ric->~ ]$ dig @d.ns.se NS checkpoints.moneropulse.se

; <<>> DiG 9.10.0-P2 <<>> @d.ns.se NS checkpoints.moneropulse.se
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27487
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;checkpoints.moneropulse.se.   IN   NS

;; AUTHORITY SECTION:
moneropulse.se.      86400   IN   NS   is-it-true.moneropulse.se.
moneropulse.se.      86400   IN   NS   timewarp-again.moneropulse.se.

;; ADDITIONAL SECTION:
is-it-true.moneropulse.se. 86400 IN   A   216.69.185.52
timewarp-again.moneropulse.se. 86400 IN   A   208.109.255.52

;; Query time: 226 msec
;; SERVER: 81.228.8.16#53(81.228.8.16)
;; WHEN: Mon Apr 20 16:14:18 SAST 2015
;; MSG SIZE  rcvd: 141

You can ignore that - the .co zone seems to have choked on the MoneroPulse records: http://dnssec-debugger.verisignlabs.com/checkpoints.moneropulse.co, and the code is taking that as a hard fail instead of ignoring it as a soft fail (and getting records from the other 3). The rest of the MoneroPulse records are fine:

http://dnssec-debugger.verisignlabs.com/checkpoints.moneropulse.org
http://dnssec-debugger.verisignlabs.com/checkpoints.moneropulse.net
http://dnssec-debugger.verisignlabs.com/checkpoints.moneropulse.se

Every transaction involves two keys: a public spend key, and a public view key. The destination for an output in a transaction is actually a one-time public key computed from these two keys. The formula used for calculating this is: P = H_s(rA)G + B (where H_s is a hash function, r is a random, G is a basepoint, A is the public view key, B is the public spend key).

When scanning incoming transactions every transaction is scanned to see if is for "you". To do this, your wallet computes P' = H_s(aR)G + B (following the same definitions as before, except that a is your private view key, and R = rG, which is packed elsewhere into the transaction). Notice that this only requires your private view key and your public spend key, and this check is immutable and cannot be faked. You cannot receive transactions and identify them without the corresponding private view key.

In order to spend the funds you have to compute a one-time private spend key for that output using H_s(aR) + b (where b is your private spend key), so it's impossible to spend the funds without it. Literally that's all the cryptography you need to understand, but I guess when your aim is to deflect attention from an instamined scam it helps to call it a "mountain of cryptography".

From this we can also determine that it is possible to enumerate all the view keys, but as the key space is 2²⁵⁶ it's not possible unless you have more processing power than all the energy in the universe, and more time than the universe has existed.

The upshot of this is that an auditor only needs your private view key to identify all of your transactions. On the other hand, with Bitcoin and its clones you would typically need to sign every address you own (or for something like Electrum you'd be able to provide your master public key). In some ways the private view key is like the Electrum master public key, in that with both you can view every transaction for that account, and there's no way to fake that data. As with any audit, though, you could always have a second wallet for your secret transactions, but typically auditors would uncover that through other mechanisms.

The claim that the auditor has to "see the balances in the sending addresses" is ludicrous - if I, as a company, receive a payment from Microsoft Inc. do my auditors go and ask Microsoft for their bank balance?

"Address already in use" - I can't tell if those are multiple consecutive starts, but it looks like it's already bound to the address. You need to make sure it's not already running before you start, or something weird is going on:)

Lightning is very cool, the whitepaper is a *little* difficult to parse if you're not switched on to that way of thinking. Thankfully, rusty has a series of posts he wrote explaining Lightning as he understands it:

http://rusty.ozlabs.org/?p=450
http://rusty.ozlabs.org/?p=462
http://rusty.ozlabs.org/?p=467
http://rusty.ozlabs.org/?p=477

It's imperative to understand *why* Lightning or something similar is important: it solves the scalability issue without sacrificing breaking Bitcoin's trustless model.

I was at the Bitcoin Africa conference over the past two days and I heard more than one speaker (Jonathan Levin from Chainalysis, in particular) say that in order to scale Bitcoin we need to add trust. Needless to say they earned my ire, and a good shafting of critical Tweets (such passive aggressive, much brave, wow;)