Thank  you.

Would you agree, if it were possible (although it is not), that the blocksize limit should somehow be automatically tied to "the bandwidth and disk space an average enthusiast can afford"?

NewLiberty, I have a quick question for you which will hopefully clarify your position in my mind.

Excluding DOS flooding or other malicious actors, do you believe it would ever be a beneficial thing to have the blocksize limit hit?

Any such scheme would lead to exactly the same attacks mentioned above.

An attacker would only need to DOS the other servers such that the attacker's server is the only working server that remains (this is similar to what can happen with Electrum clients that don't do full SPV; the Electrum client does do full SPV but there's at least one client I'm aware of that uses Electrum servers but doesn't do SPV).

My thoughts exactly. My 3 year old GPU can generate SHA256 hashes at a rate of about 70M/s. 6 hex digits == 2^24 combinations. 70M / 2^23 (combinations on average to find a collision) equals about 0.1 seconds time to fake a paycode.

The signature doesn't seem to help, either. It only proves that an invoice is signed by someone. Of course if a paycode server were to fake an invoice, they would create a perfectly valid signature signed by themselves.

Maybe, if the invoice and the paycode both covered the exact same set of data, such an attack would be more difficult, but at first glance this doesn't seem very safe from MITM.

Except for that last clause perhaps, no arguments here.


More structure can cut both ways. If done well (big if), it can reduce centralization by better distributing "votes." But you're right that you can't convince everybody.


My first assignment after college (20ish years ago) was with a defense contractor maintaining a codebase written in... BASIC. In any case, point taken.

Fair enough.

Asside: did you preview your post at any point? It's in your draft history if so...

It does indeed look like the OS X download link in Armory is wrong.

You can view the download links Armory uses here: https://s3.amazonaws.com/bitcoinarmory-media/dllinks.txt
The link for OS X on that list points here: https://bitcoin.org/bin/0.9.3/bitcoin-0.9.3-osx.dmg
However the correct link is this: https://bitcoin.org/bin/0.9.3/bitcoin-0.9.3-macosx.dmg
Close, but no cigar.

In their defense, it looks like it used to be the correct link, but then the link was changed post launch: https://github.com/bitcoin/bitcoin.org/commit/5ebee77e56222d717ffc3606b8ed6c8c3687e384

Of course you can always download it yourself; other than that we'll need to wait for a kind Armory dev to fix this (which happily won't require a new version of Armory I believe).

There's nothing magical about the number 6, as I'm sure you're aware. 7-confirmation reorgs or attacks could happen, they're just less likely than 6 (and more likely than 8 ).

I don't think your idea is bad per-se, I just don't think that the advantages it confers outweigh the new vulnerabilities it introduces, but that's just my opinion.

Consensus does not imply unanimous appeal. Although threads such as these help to flesh out different ideas and opinions, they do very little towards determining where consensus lies. This thread could represent a vocal majority just as easily as it could a small but vocal minority (on either side).

This is exactly where a more formal governance model (as I mentioned) could help. It too would surely be imperfect, but just about anything would be better than determining consensus based on who writes the most posts, thoughtful though they may be.

A formal governance model could draw distinct conclusions: yes the BIP passed, or no it didn't. If it didn't, it can lead to compromise. If, for example, I knew that there was little support for gavin's version, I for one would be much more willing to compromise. But I simply don't know.... instead, I choose to assume that people who support Bitcoin do so because they support the ideals of a free market, but I could be wrong.


I'm having trouble imagining a use case where embedded hardware with difficult-to-update software would connect to the P2P network, much less having anything to do with handling the blockchain, but my imagination isn't all that great. I also have trouble in general with any device whose purpose is highly security related that isn't software upgradeable. (Such things do exist today, and they're equally ill-advised.)

It's a free attack for a miner, and can arbitrarily kick anyone off the network (even if temporarily) who doesn't have sufficient bandwidth or ultimately enough disk space.

I don't think that this completely eliminates casascius's attack.

Evil miner M finds a lucky block, and withholds it. During this period, evil miner M prepares double-spend attacks, and can point his mining power to his new (secret) chain.

Once good miner A publishes her new (but less lucky) block, M can take advantage of his double-spends (which now have only one confirmation), wait some short period of time and then announce his superior block.

M can therefore trick anyone who chooses to accept 1-conf transactions (which admittedly isn't all that smart, nor does M have that long to do so), plus they've also been able to mine on a secret chain while the rest of the network was wasting their time on A's shorter chain.

Not that I was asked, but I'll offer an opinion anyways.

At worst harder, but not impossible.

Today we have a sort of self-enforced (by the core devs) consensus system, plus of course the ultimate ability to vote with your node and with your mining capacity. I wouldn't expect the latter to ever change (indeed some blocksize limit is required to maintain this goal). For the former, however, I doubt that having this little governance around important changes to Bitcoin will last forever -- 20 years hence I would expect a much more regimented procedure, somewhat more akin to a standards organization than what we have today (perhaps with a combination of academic, miner, and corporate interests represented, but that'd be an argument for a different thread).

More governance is both bad and good-- in particular on the good side, bright lines can be drawn when it comes to voting in a way that doesn't happen so much today. If the ISO can finally manage to crank out C++11, despite the contentious issues and compromises that were ultimately required (and C++14 just two months ago too!), pretty much anything is possible IMO.

If you're that worried about a ossification, perhaps you'd prefer a dead man's switch: in 20 years, the blocksize reverts to its current 1 MB.

We all agree that the current max block size is too restricted.

What seems obvious to me is that different people have different opinions on the underlying purpose of any blocksize limit.

At the risk of putting words into his mouth (for which I apologize if I'm wrong), Gavin sees it as a technical anti-DOS measure: to prevent miners from DOSing voting enthusiasts out of the network. If this is true, the best solution would be for an automatically adjusting limit that tracked the speed of residential connections and of residential hard drive capacities (enthusiast residences). Since that seems impossible, gavin's limited-exponential growth seems like the best educated guess that can be made today.

Others see it as a as an economic issue, and would like to tie the limit to some economic aspect of Bitcoin to solve this perceived economic threat. I'm no economist, and I certainly don't know if they're right. But guess what: I personally don't care if they're right.

Any restriction on blocksize is an artificial one, a regulation determined by some authority who believes (perhaps correctly) they know better than I. I'm OK with technical restrictions, and those that improve the ability to vote, but I am completely against any restrictions whose purpose is to alter an otherwise free-market system.

To but it bluntly, I would rather see a restriction-free Bitcoin crash and burn in the hands of a free-market system, than I would participate in a regulated Bitcoin. To me, Bitcoin should be a free market experiment (as much as is technically feasible), even if this leads to its eventual failure. Of course, that's just my personal opinion, but it's the basis for my dislike of more-limited blocksizes.

I mean no disrespect to some of the clever alternatives presented in this thread-- but I personally wouldn't want any of these "regulations" in Bitcoin.

Let me ask a question: is there anyone here who both (a) favors additional blocksize restrictions (more strict than Gavin's), and also (b) believes such restrictions are not additional "regulations" that subtract from a otherwise more-free-market system?

You're proposing that the total work be based on the value of the individual hashes, instead of the hash targets, is that correct?

This could incentivize a miner who happens to find a hash with an unusually low value to refrain from immediately broadcasting it. See, for example, this attack proposed a few years ago by casascius, which becomes viable with this proposed change.

Nobody here denies that pretending-to-be-a-female-and-scamming is common. But gender is not irrelevant: if it were, it wouldn't bring with it the hostility we've seen in this thread.

Let's consider some IRL analogies. If a woman walks into my church, I don't think anything unusual about it. If a woman walks into my basement and wants to play WoW with me and my male nerdy buddies, that is unusual.^*

Now I could care less if the playership of WoW is mostly male, but substitute math club in for WoW, and suddenly I do start to care. A hostile environment for young women interested in math is something to be concerned about (and, for the record, back when I was in a math club in high school (yeah I was that kind of nerd), there were no women in it).

Bitcoin compares most closely to that last example. If it's ever going to be taken seriously, it has to have the same gender balance as, say, the USD. I don't think it's particularly relevant whether or not any single individual (e.g. fabiola) is male or female, but the existing gender imbalance of Bitcoin and the occasional hostility that goes along with it absolutely is relevant.

* Those were just examples, I'm neither religious nor a WoW player, nor do I live in my parents' basement

Great to hear, but don't thank me, thank jackjack!

You'll need to run bitcoin-qt with the -rescan option, e.g. close Bitcoin Core, then go to Start -> Run, and type "C:\Program Files\Bitcoin\bitcoin-qt.exe -rescan".

Hi, jackjack.

You may want to at some point consider adding the fix-wallet-creation-crypto patch from the original pywallet in -- it looks like new pywallet is affected by those same bugs. You'd also need to re-add append_PKCS7_padding().

https://github.com/jackjack-jj/pywallet/commit/b52c955f8c93a75745166ebf281448016e1f22e2

-Chris

Responded to you in the pywallet thread over here.

You should probably take it easy with posting to 4 different threads on the same issue... 2 threads (one in the Armory section, one in tech support) are plenty...