There's government regulations, and then there's market self-regulation.  Assets issued by randoms have random value, heavily weighted toward the negative range.  Assets that can get the approval of a government, or in a non-governed situation get the approval of a reputable marketplace, because they meet certain basic standards of conduct, openness, and audit, inspire a lot more confidence.  

What I'm saying is, if the SEC didn't regulate the market and require audits to be performed and disclosure documents to be filed, NASDAQ (or whatever the marketplace in your venue is) would still have to.  In fact every marketplace has standards above and beyond those required by the government regulators.  If your company or your conduct fall too far below them, they'll delist your issue.  People can still trade it on their own, of course, but the market will have nothing more to do with it, and people will regard anything that can't meet the market's standards with justifiable suspicion.  

What NXT is doing, if I understand it correctly, is letting anybody issue tokens, and providing a platform for trading them, but not enabling anyone, nor any group, to designate or facilitate trading in only those that meet some minimum set of criteria.  

In other words, they've (temporarily) escaped the SEC/etc regulation that so many find onerous, but they've provided no way for voluntary marketplace self-regulation to work either. While I don't really give a rip which, you've really got to have at least one of those or your market will be dominated by scammers, because everybody who can stand any scrutiny, or have  an audit that doesn't declare them to be crooks,  can make a more profitable issue (ie, an IPO which, having withstood the examination of the regulators or market or both, will sell for more money) elsewhere.  

"Okay, I know this alt is a pump-n-dump scam,  but all these other guys are dumber than me, and they'll fall for it.  I'll get in on the ground floor and get out before the dump, yeah!" 

I have a little list....  

Pool mining resistance.  I want cryptographic proof that nobody can efficiently find hashes unless they have the key that can be used to spend the coinbase; this would insure that whoever finds the nonce has the power to spend the coinbase tx.  Pools would no longer be able to rely on cryptographic security to get their block payouts.  The easiest way to do it would be to add a required signature by the private key on the block header including nonce, and hash on the whole block header including the signature.  So without the key it would be impossible to evaluate the hash and see whether it falls below a target.

Fix the nonstandard implementation of Merkle trees.  The one we're using now could, in some very contrived circumstances, hash two non-identical blocks, with one containing duplicates of some transactions giving them the same Merkle root.  Nobody's figured out any way to make an attack using this property, but it's still a stupid property for a crypto primitive to have. Given the possibility of new combinations of bugs to combine it with in the future, eventually somebody might.

Change from secp256k1 to curve25519.  Secp256k1 is not subject to any attacks - yet - but has properties that suggest possibly poor resistance to some types of analysis.  Curve25519 is better studied and so far has shown no signs that a weakness might exist.

Fix the bug that makes all m-of-n signatures consume an extra value off the stack when evaluating scripts.

Bigger nonce space in the block header.  This business with 'extranonce' in the first transaction is stupid.  

The wire protocol should consistently use network byte ordering.  

I bought in, sold half my coins after a %1500 runup, watched the remaining half lose about %1000 of their initial value, bought a few more, and I'm patiently waiting for the next runup.   

Sure, I was lucky.  I called the market irrationally low when it crashed earlier and bought in, then called it irrationally high when WillyBot was doing its thing and sold before WillyBot crashed crashed it.

I didn't know how soon the runup was going to happen; I just considered it undervalued after a crash.  I didn't know empty-gox was running WillyBot.  I just saw the market going way over what I thought the sustainable valuation at that time should be.  So I got lucky a couple times. 

For what it's worth, I consider Bitcoin undervalued again at this time.  I'm reasonably confident there'll eventually be another runup as it seeks a fair price - and it'll probably overshoot and crash again. But I expect neither the overshoot nor the crash to be as extreme as it's been the last couple of times, because we're looking at more sophisticated investors now so the bigger money will be a little smarter, and more SEC/FBI involvement than before so the scammers will be getting arrested a lot and make off with a smaller bezzle.

I'm not going to claim NXT is a scam -- only that the people who spend most of their time on this forum claiming it's the greatest thing ever, sound a whole lot like scammers.

In fact my negative reaction to the posts has been so strong that I don't really give a crap whether NXT is really a scam anymore -- it's a bunch of slimy-sounding people I want nothing to do with.  

The posting personalities of the people involved do not inspire confidence. 

Of all the alts out there, these are some of the ones that would inspire more confidence if their devs or designers stopped posting. 

Eh.  Doesn't happen all that often, and reasonably easily contained at least the last couple of times. Nothing you all need to worry about.

The miners are not UL listed, but they don't need to be. 

The power supplies that people hook up to them?  THOSE have to be UL listed. 

What it takes to get really stupid volatility is  two or more robots, all trying to be faster than the others and programmed in a way that, taken together, generates positive feedback. 

You see smaller versions of this on Amazon sometimes.  A while back two different people came out with 'how to write a compiler' books, and unbeknownst to each other, they both used dynamic-pricing bots.  One guy had one that kept setting his price $4 below the other guy's, and the other guy had one that kept setting his price $6 over the first guy's.  Before the end of the first day, they were (both) priced a bit over US$14000.     Not generating many sales at that price, but hey, at that price a few would be enough!

Anyway, the guys with the robot-traders fiddle their algorithms six times a day, always trying to outguess each other, and they like to buy as soon as something shows an uptick - which drives the price up so others buy because, hey, uptick, etc.  Same thing with selling "at the top" -- if everybody does it, it creates the crash that defines what went before as the "top."  They've gotten some experience with what's likely to cause explosions and gotten better at not doing that, but multi-bot interactions with dozens or hundreds of bots will usually contain at least a few sets that generate positive feedback.  Depending on how much money the bots in those sets control, you still get things going boom - or crash - every so often. 

Not too unusual for USA.  Homeowners can do whatever they like to the house, because if it catches fire that's their own damn fault and their own damn life.  But it has to be verifiably up to code or he cannot legally sell it, because that would be endangering *other* citizens with his job of wiring, and he doesn't have the right to do that.  There's usually a county or city ordinance (or even a "neighborhood association" covenant that you signed as part of a contract enabling you to buy a house there) in major metropolitan areas where your house catching fire would endanger anybody who *isn't* you, but the state codes as opposed to city or county codes don't usually require anything more than up-to-code before sale.

In the same way most states have helmet laws for motorcyclists but some only have laws that say you have to use goggles or equivalent to protect your eyes.  The idea is that if you go face first into the pavement while not wearing a helmet, that's your own damn fault and your own damn life.  The helmet makes no difference to how much of a hazard you present other drivers.  But if you get blinded, that makes you *MORE* of a hazard to the other drivers than you'd be without the goggles and while you have the right to endanger yourself you haven't the right to endanger others.   Helmet laws are universal in states where the public picks up much of the bill for emergency medical services though.  In that case your lack of a helmet is costing other citizens tax money and while they don't give a rat's ass if you die of your *own* stupidity, you don't have a right to be irresponsible at others' expense.

Heh.  Sub-second trading with opportunities to settle only at unpredictable intervals when the blocks come out?  

Dang, I need to cook some popcorn!  This is going to be fun to watch!

I trust myself to manage my own keys, but I acknowledge that I am a VERY exceptional case. 

Unless the security of desktop operating systems (*cough* windows *cough*) gets a hell of a lot better, I don't think most people can.

Nobody who looks into this problem seriously can possibly be unaware of Nothing-At-Stake.  If they pretended not to know about it, then they were not actually looking into the problem.  Instead, you may conclude, as I did, that they are doing "research" about as valid as that of climate change deniers and creation-science shills.

In other words, that was "motivated" research, with the agenda of convincing people of something untrue.  Ask yourself whose motives it aligns with, and you will find the man behind the curtain.

What makes you believe that "Dark Markets" are something other than real world, entrenched, organized crime? 

Resources committed exclusively to a _single_branch_ of the block chain in any fork are the key to any block chain security (including proof-of-stake) that doesn't immediately fail. 

The 0@S problem is basically exploiting the lack of that property in the PoS systems so far implemented. 

The only thing I can come up with that is limited in the way that committing it to a single branch would be meaningful, is transactions.  And that's why I advocate transactions-as-proof-of-stake.  A transaction would have to be committed to some particular block of the recent block chain, and would not be valid in any branch not including that block.  In resolving conflicts between branches of a fork, you'd look at the relative fractions of the money supply used in transactions committed to each branch.  That is, unspent txOuts that existed before the fork, spent in transactions committed to blocks after the fork.   The result is that in a normally circulating economy, where txOuts are spent in combinations,  will rapidly have stake representing close to the whole money supply.  Whereas the guy who had 51% of the money supply at some point six years ago, can never make on his own a block chain in which more than 51% of the money supply has been spent since the fork. 

It's not without its problems;  While secure against the Nothing-at-Stake problem in the long run, it's very sensitive to big spends in the short run.  Second, transactions committed to a losing branch of the fork, disappear instead of getting added into the winning branch.  That combination opens up all kinds of games an attacker can play trying to get people to accept his spends and then make a big spend in a branch forked before the block the tx are committed to, 'unspending' his txOuts.  Not too much unlike the double-spend attempts in a PoW system, but much more reliable if the attacker controls any significant fraction of the money supply. 

In order to "smooth out" the unevenness of spending volume at least somewhat, you'd need long block times, to gather a bigger sample of transactions (smaller standard deviation in spending volume) into each block.   And you need it to be pretty hard or pretty unlikely to be able to form a valid block whenever you want to, in order to limit short-term opportunities to make forks to play attack games with.  Finally, ou'd need to have it very widely distributed among a group of people actively using it to make transactions instead of just holding.  Getting to that point could take years and years.

Distribution, in particular, is key.  Having a small group of initial holders and no way for anyone else to get any other than by buying it from them, would not set up a scenario in which any kind of PoS, including TaPoS, would be likely to be successful.  So, if you're doing an initial Proof-of-Work mining phase, it should last for years, not days.  And you shouldn't make initial distribution via sale or IPO; if you do that you're not going to get anybody other than speculators who will NOT be using it for daily transactions, and who therefore won't be contributing to the security of the leading chain. 

TL:DR; Proof-of-Stake can work if you do it in a way that isn't a blatant scam.

I am Satoshi.

I am also Spartacus.

Come on guys,say it with me.

Say it every time some idiot asks.

Absolutely true.  And thereby hangs the crux of the problem of motivating people to keep nodes up.

It's far more important that they be reachable via separate network paths, don't all go up and down at the same time like dozens of virtual machines on one server, and don't actively collude to subvert network security.  In fact, it might even be as problematic for security as pool mining. 

For what it's worth, I have a woolly idea.  Like most of my ideas though, it's got its security issues and it's pretty firmly in Altcoin territory.

Suppose node operators "advertise" their nodes in the block chain (a maximum of once a month) with a tx that has data attached giving their node's unique IP address.  This would be a good thing anyway as a way to help do node discovery when a client comes back on line.

Suppose we have a semi-random number every round - one that's hard to predict far in advance, but which no single miner or reasonably small coalition of miners can determine or choose with any significant degree of freedom.  Maybe we pick a particular 3-bit range of the block ID's provided by each of the last n miners to determine one-third of a bit each - first guy's input determines whether the second guy faces a 75% bias toward 1 or a 75% bias toward zero, second guy's input determines whether the third guy faces an 87% bias toward 1 or an 87% bias toward zero, third guy's input determines whether the bit turns into a definite 1 or definite zero.  Three other miners pick the next bit, rinse repeat.  When it comes down to the last miner, they get to pick a one or zero in the last bit only - but in order to choose against the bias if it didn't just happen that way by accident, they'd have to discard an average of three potentially winning hashes.  

And based on that semi-random number (and simple transformations of it such as by using it as a starting point for an LCG) we pick fifty of the nodes advertised in the most recent month, query them, and if they can show that they've been doing at least *some* mining - six or so orders of magnitude less mining than required for the block target, but some - then they get a small share of the block award for running a node.  

Because it isn't *just* miners who secure the network, it's node operators too.  And it isn't *just* the miners who bear the bandwidth and storage costs, it's node operators too.  And it'd be a good thing (reduce pool influence and the accompanying 51% attack vulnerability) to provide a good incentive for node opeators to do solo mining that didn't require centralization with million-dollar investments, even if the million-dollar investments are going to do the block formation effectively all of the time.  

There are a lot of sybil attacks you'd like to try and avoid here, and DoS attacks related to most means of trying to avoid them.  But if the 'sybil attack' means each sockpuppet runs a node reachable via a different network route, then 'sybil' may not be such a bad thing.

You have to factor in Argentinian inflation, which is pretty serious.  Not as quickly as you'd think.

OTOH, Argentinian inflation is a good reason for Argentinians to put their savings somewhere else besides their rapidly-sinking national currency - even if Bitcoin is volatile and unreliable in value, it's a good deal relative to that.

If you're willing to hire people, and you have the money, you get to decide whom to hire.  If you were to hire another full-time dev, I'm quite sure the ones hired by the Bitcoin foundation would welcome his or her contributions, the same way they welcome volunteers.