I liked the article.  Hopefully it will serve as a wake up call to the EFF.  It's hard to think of any project more worthy of their efforts than bitcoin and it will be unfortunate for them if they're sitting on the sidelines for this one.

This idea is appealing, especially for savings.  However I have to agree with jav that if you computer actually is compromised, then it's still not safe to trust it the addresses it presents to you.  It would be a more difficult attack (since it involves the clandestine altering of your key/address software rather than just sniffing data) and since there would likely be fewer people using this technique, it may not be worth the effort for an attacker.

It still seems to me that the most prudent advice is to only generate private keys and their corresponding addresses on a computer that you completely trust and that has never been and never will be connected to a network of any kind.  Software and perhaps a device (that doesn't have any way to physically connect directly to a network) that makes the whole process easy would be a good idea.  A bootable CD that only writes a PDF file of the paper wallet (with passcode encrypted private keys as QR codes) might be a good solution for people.  The ISO file could be signed by various people that attest to its safety.

What about a text friendly format that can be copy and pasted?  Like:

I really like this idea.  It's a nice and open way to enable people to send bitcoins via email.  If you also used asymmetric encryption for the bitcoin private key, you would only need to store some protocol/address and their public key (for communications) for any given person.  You could send bitcoins via email or any of a number of other protocols (a p2p file transfer protocol would be an interesting option to add and build into wallet software…the p2p nature of the transfer would serve to conceal the sender and recipient).  The sender can also monitor whether sent coins have been claimed and even set a deadline for them to be claimed or else they're recovered back into the sender's wallet.  In terms of the bitcoin block chain, the privacy aspects are fully preserved for the recipient (the recipient's wallet can generate a brand new bitcoin address(s) to sweep the coins into or they can reuse old addresses as they see fit).

P.S. The transaction that funds the private key used in the transfer need not include any transaction fee…the recipient can choose to add a fee to the sweep transaction depending on how important and transaction is (miners would include both transactions in order to claim the fee on the sweep transaction).  Assuming a private file transfer method is used, this enables the recipient of the funds to control both the privacy and the cost of the transaction.

There have been several similar services that have launched, but to my knowledge, none have been very widely adopted.  I've found this service and others lacking in a few respects.  Here's what I think such a service needs to be widely used:

1. it must protect anonymity…ideally it would have an email forwarding service…if there is someone near you that you would like to trade with, you should be able to send that person a message and if they are interested, they can reply back…the forwarded email must not reveal the sender's real email address…it should be possible to reply back using the service (to protect the email addresses in both directions)…then give guidelines about safely communicating with prospective trading partners

2. exact locations should not be recorded (it should not use browser location services…shouldn't even ask to)…instead, users will just provide a city or postal code to provide their approximate location

3. some guidelines and recommendations about conducting physical exchanges should be given on the site…for example, don't invite a stranger to meet you at your home; for smaller transactions, meet up at a coffee shop or similar; for larger transactions, meet at a secured facility (ironically, bank branches are good for this); and just to be extra precautions, leave at separate times so you're not followed, etc

4. allow people to state details about the transactions they'll consider…for example: buying or selling or both...your upper limit on the amount or value of the coins exchanged…the methods of payment you'll accept or offer (cash only, cashiers check, money order, precious metals, etc)…your buying or selling price expressed as a percentage relative to some market value (i.e. buying at 3% below national best bid, selling at 5% above national best offer…or relative to the 24hr VWAP across all exchanges, etc)

As bitcoin starts to become more widely used, a service like this will be valuable and in person exchanges much more common.  I think with a few improvements such as this, bitcoinlocator (or a similar service) could really become an important tool in the bitcoin economy.

It would have been ironic if no one replied to this thread.

It seems like liquidity in other (non USD) currencies should be a problem easily solved through arbitrage.

While Bit-Pay doesn't payout in CAD, we do let you set prices in CAD (as well as many other currencies listed here: https://bit-pay.com/accountingHelp.html).

I think automated trading is good, but what's not desirable is the arms race for better and better connectivity and hardware to enable an ever increasing frequency of trading.  When I think about the big trading companies pouring tons of money into high speed hardware co-located with the matching engines…and paying very high rental rates for colo space next to exchanges, all I think about is waste.  They are pouring a lot of money into gaining an advantage over the competitors simply because of a design decision in the matching engine (continuous matching).  With a discrete time matching engine, you can eliminate the advantage to be had from high speed, low latency connections to the matching engine.  Make the time period long enough (and I think 1 second is plenty long enough) and you level the playing field for trading bots.  They don't need to be co-located near the matching engine because it won't give them any special advantage.  Some people might say that this wouldn't work because the automated traders couldn't make as much money, however, when the average traders realize that it's better for them to trade in a pool where there's a more level field, all the people that the big HFT take advantage of to make their money will simply be gone.  The exchange offering discrete trading will have an advantage over continuous exchanges because they'll attract more traders interested in the better designed platform.

Also, one thing that might be beneficial is if the tools and algorithms for automated trading were more readily available.  This would allow more people to throw a little extra money they have into a bot that essentially helps bring stability to the price of bitcoin.

As far as I know, all of the bitcoin exchanges have continuous matching engines.  I do think a discrete matching engine would be a valuable service, though I think 30 seconds is overkill.  You could operate a discrete engine on a 1 second basis and all but eliminate any advantage that a trader with a low latency connection would have.  Maybe 5 seconds if you are concerned that people in rural Africa on dial up modems might be at a disadvantage.

However, a continuous matching engine shouldn't behave in the way that the OP described unless it's compromised in some way or you just got extremely unlucky.  The buy order should have matched against standing sell orders right away.  If those sell orders were removed ahead of your buy order reaching the matching engine, then either it was a stroke of bad luck, or someone is able to view the incoming orders before they are placed with the matching engine and place or remove other orders before yours (obviously not a good thing).

This is a pretty cool idea.  It could provide a cost effective and easy way for the average person to monetize bandwidth they provide.  The long run implications of that are pretty profound.  You are no longer penalized for sharing your bandwidth, but instead, it actually could earn you income.  Effectively, everyone becomes their own ISP.  That in turn may lead to less dependence on large, centrally managed ISPs.

The signature algorithm only affects the security of the addresses that use it.  I guess what I'm saying is: I'd rather see the structure put in place to support multiple signature algorithms sooner rather than later such that it can be well tested with no time pressure…as opposed to waiting until it's an urgent situation and a new algorithm is needed asap (haste makes waste).  Also, there's the consideration that it will take significant time for the network to be upgraded to recognize alternative algorithms.

Actually, it would probably be a good idea to go ahead and add support for one of these algorithms soon.  There's no reason the network couldn't recognize multiple algorithms concurrently.  The new algorithm would be disabled by default for creating new addresses, but people could enable it and experiment with the alternative algorithm.  This would lay the groundwork necessary to adopt an algorithm in the future once it was widely accepted to be resistant to quantum computing.

There are already asymmetric algorithms that are believed to be quantum resistant:
http://en.wikipedia.org/wiki/NTRU

My guess is that because such algorithms are relatively new and it does not appear there is an imminent threat to the existing, proven algorithms, they haven't yet seen more widespread adoption.

Well, first, no one should be concerned about reusing addresses…maybe 20 years from now, but by then, bitcoin would probably also have support for Shor's resistant algorithms for signatures.  But, it is more secure in the sense that to recover a private key to enable spending coins at a given address, one would first have to find the public key corresponding to the bitcoin address (reversing the hash function).  After that, you would then need to derive the private key from that public key.  If you've spent coins out of an address, you've revealed the public key, thereby eliminating the first step.  So, yes, it's technically more secure if you only spend coins out of an address once and never reuse it, but it's hardly something to be concerned about (now or in the foreseeable future).

The more I think about it, the more I believe it must have been a deliberate design goal of Satoshi's to allow the public key to remain private until it's actually used to spend bitcoins.  Even with shortened addresses, it's not hard to imagine inferior designs that might have required the revelation of public keys prior to spending.  Not revealing public keys prior to spending would seem to be the best defense against an attack based on Shor's algorithm.

For the sake of clarity (I think you know this, but others might not), when spending, you spend all of the coins in the input transaction, but the address may have other coins sent to it in other transactions.  You could still reuse addresses (i.e. your example of pool payouts), but once you spend out of that address the first time, to be completely safe you would want to spend all of the transactions to that address and then never send any coins to that address again.

This is cool, but seems a little bit dangerous for this application.  What happens if you lose your yubikey or drop it in the toilet?  Can you order a duplicate Yubikey as a backup?  With mtgox it's a bit different…if you lose your key, you can always verify your identity and get them to restore your access to your account.

Interesting!  From what I've read, I think you're correct.  Shor's algorithm is effective against asymmetric ciphers, not secure hash functions or symmetric ciphers (though Grover's algorithm promises somewhat improved performance in computing hashes and ciphers, but this isn't likely to result in any dramatic, overnight jumps in block computation).  It would be a bit of an inconvenience though…you would always want to spend all bitcoins out of an address exactly once (because you do have to reveal the public key when you spend coins) and then never use that address again.  After spending, since the public key has been revealed, any remaining coins at that address would be at risk (assuming a quantum computer could derive the private key in a timely fashion).

I'm guessing Satoshi was well aware of quantum based algorithms (Shor's has been known for a long time).  Reading up on the application of these algorithms, it doesn't take much to realize that the strategic application of a secure hash function may be effective in mitigating the risk that quantum computing would pose.  Using a hash of the public key has a practical benefit (shorter addresses), but I imagine Shor's was in the back of his mind as well.

There is a lot of good stuff in this post and I generally agree that over time bitcoin will work out well as a store of value.  However, that doesn't negate its utility as a medium of exchange at all.  You mention stock and flow…if you understand that, then you should understand that regardless of flow, you can rebalance stock as you see fit.  For example, you may wish to maintain a certain balance of assets in your wallet (for now, just pretend that we have coins of various kinds that can serve as contractual proxies for real underlying assets).  You might want 20% in bitcoin, 20% in gold, 20% in a broad stock market ETF, 20% in corporate bonds, and 20% in a real estate trust.  You can maintain that balance as you send or receive funds by automatically selecting which assets to transfer or rebalancing after transactions.  Notice that bitcoin is unique among these assets because it, unlike the others, does not carry counter party risk…all the other assets are contractual substitutes for the real thing and thus have counter party risk.  Due to the lack of such risk, bitcoin will likely always be the preferred medium of exchange (even though you could transfer any of those other assets as easily as bitcoin itself).

Also, given the scenario above, I really start to question whether there is any need at all for an artificially "stabilized" (stable against what exactly?) medium of exchange.  Instead, you can decide on an allocation as above and view your purchasing power relative to any sort of index you choose (i.e. relative to the price of a basket of goods at your local grocery store).  In a sense, all any fiat currency really is is an ETF that tracks the price of some basket of goods…just not very well.  Its utility as a medium of exchange is only relevant because until recently we haven't had computers and software that make it easy to set and view prices relative to anything else.

Just did some quick calculations on the inflation rate:

now: ~33%
end of 2012: 25% then drop to 12.5%
end of 2013: ~11.13%
end of 2014: ~10.01%
end of 2015: ~9.10%
end of 2016: ~8.34% then drop to ~4.17%

The good news is that by the end of 2012, the inflation rate will be in the ballpark of most fiat currencies (could even be less depending on what govt's do with the printing presses and how you measure inflation).  The drop at the end of 2016 is really going to pinch.

I think what is needed is something that provides the best of both worlds…easy to use and by default uses a service for the back end interface with the p2p network…but also having the option that people can easily setup their own back end and use it without needing the service.