Okay so lets step through this, pretending I am a normal retail customer type person who walks around some town somewhere ready to spend some bitcoin at some shop or other in town that turns out to accept bitcoin.

Lets assume further that I did not know ahead of time that this particular shop accepts bitcoin so I did not bring any "bitcoins that can only spent there and that they will only accept from me not from some mugger who mugged me on the way to the store".

So I am faced with being unable to buy anything at this newly-bitcoin-accepting shop unless I somehow managed to bring with me some non-earmarked bitcoins (that is, bitcoins that are not secured against being spent at this new shop) OR this newly bitcoin accepting shop has some technology itself that I can trust to use to go grab myself some bitcoins I have stashed in some encrypted stash someplace that can be reached by me with the right magic words and so on via the internet.

Fine. So I look through my printed traveller's coin certificates I printed to see which denominations haven't been printed in a "spend only to these whitelisted recipients" mode, and wonder whether to deposit them in this newfangled online wallet this shop's sales clerk is suggesting I use...

Hmm, why do they want me to buy credit on some online wallet instead of buy a sandwich or whatever tangible good the shop purportedly sells?

-MarkM-

However one of the few things purportedly known about MyBitCoin is that it is a bitcoin millionaire early adopter.

The fact that having become a bitcoin millionaire by virtue of adopting early caused it to be rich enough to not only be perceived as trustable (being in possession of so many bitcoins) but also to actually register itself as a "real company" is now supposedly to be taken as a red flag instead of a green flag???

Hype is such bullshit. A real company is to be trusted because real means absolutely untrustworthy because real means no liability?

Of course we also discovered that one of the main public relations arms of MyBitCoin, Bruce, is nowadays claiming not to know the guy/company/whatever at all, despite having run around way back when seeming to be trying to give the impression he and MyBitCoin are buddies from way back and both trustable (again part of that trust being based on the sheer number of bitcoins they have).

So now part of the propaganda machine known as MyBitCoin, specifically the public media broadcasting part aka the propaganda department, is claiming to have lost a fortune to the other part of that same propaganda machine?

Handy thing about Nevis I guess is it won't tell us what percentage of the "real legal incorporated company" is Bruce and what part is someone else. How many people are needed in order to become incorporated in Nevis? (But presumably the stooges there who for whatever reason do actually create such a company for you in return for the $2000 or so they charge for doing so instead of saying "ha sucker thanks for the $2000 good luck sue-ing us we are in Nevis like you wanted to be and for the same reason hahahahah" can provide enough stooges to fill the quota...)

-MarkM-

P.S. they even named it clearly as being their bitcoin, so even if you are correct that their bitcoin is not the same as their biological lifeform(s) all that does is free the lifeform from liability not the lifeform's bitcoin which are what actually constitute the corporation...

Did the language 'e' ever lead on to something else, or was it a dead end?

I do not even know yet whether for example Erlang might be today's derivative or equivalent of 'e'.

There are various things offering distributed processing but what caused me to try to follow 'e' was its claim of being able to operate trusted (and distributed) computing on untrusted systems...

-MarkM-

AttractSoft's price list doesn't show dedicated servers, it only goes up to VPS: http://hosting.knotwork.com/vps-hosting.html

I could enquire directly about dedicated server possibilities but I think I'd rather actually try their VPS first before considering dedicated, and also price getting a "real" connection at home because if I cannot know who might have walked physically up to the thing and done who knows what to it right at the hardware level any concept of "security" of the server seems to me pretty much blown right out of the starting-gate...

AttractSoft doesn't accept *coins themselves but I could as reseller.

-MarkM-

Edit: twobits: I recall reading somewhere something about merged mining getting onto the bounty list somewhere along the line of foreseeable bounties, it is not in yet so far we haven't finished testing devcoin itself so trying to merge it with other chains is an effort that hasn't even been started yet. sacarlson has been testing merging with his multicoin-based chains so if he really does have that working now that might be a good place to look to see how exactly he did it. I believe I owe you 100,000 DVC bounty for having posted about installing, but I don't have your devcoin receiving address to send it to. I am so rusty in the inner details of a.out and make and so on that I wasn't sure how the name of the executable is decided, I thought maybe it was based on the name of the .o that turns out to contain the function "main" when linking so thought it might involve having to change the name of the .c in order to result in the new name for that .o ... if not hey great what simple change exactly would accomplish the feat?

I got i2p running, then got sidetracked, then lately started to realise i2p hasn't been running since several reboots ago and I'm not even sure anymore where I was when I ran it. Then happily came across your post, reminding me that i2p wasn't an end in itself but a dependency of dark exchange...

Likely to be some days before I actually end up having it running though I think. Thanks for the reminder.

-MarkM-

It sounded more like a case of a teller asking how much you want to deposit, saying okay let me go write that down for you, meanwhile you go over to the withdrawals teller and withdraw, the first teller gets back from writing down your deposit and prepares to do confirmation number one: counting the actual money you deposited. Oh but wait... wait... wait... hmmm, you left, eh? So much for waiting for confirmation number one. I wonder if the teller then goes back to the ledger and un-writes-down the amount you deposited?

-MarkM-

Sure give it a try, it would be nice maybe to imaine there could be more and more currencies that all use basically the same API, gosh knows how many *coind daemons some sites might run to enable exchange between many different currencies.

sacarlson has some kind of web front end he uses to do his WEED and BEER exchange, based on one of the european open source exchanges but adapted to be able to exchange more than one blockchain-based currency.

Your friend's mining rig is probably not co-hosted at a datacentre, so probably the slowness is part of the way home internet tends to be set up, companies want to spam home users, broadcasting stuff at them without particularly wanting large volume of fast uploading back from them, so not ideal for webserving.

Here is the hosting I use: http://hosting.knotwork.com/

If people buy using that link I get some kind of commission as I am basically an affiliate as well as a customer.

So far I basically only use it for http://galaxies.mygamesonline.org which has so far only needed the cheapest non-free option.

The free offer is actually pretty good as free hosting goes, very good in fact, but I ended up having to upgrade as soon as the galaxies game actually started being played.

I would like to upgrade to whatever level would allow me to run *coind daemons as I already have shell scripts for doing exchange among a whole bunch of blockchain currencies as my IRC bots and my Crossfire RPG trader-bot both use them. ALso I want to deploy an Open Transactions server so we can at least check it out even if it is true that for "real" use we should increase the number of bits it uses for hashes or crypto or whatever.

I guess it is getting toward time to figure out how many devcoins would have to be sold to buy what level of hosting... probably at least a virtual machine would be needed maybe a dedicated machine.

-MarkM-

Don't bother coming to the table with dollars from scratch.

Simply be an early adopter, mine enough to buy two imperishable pizzas, and forever after you can always offer to buy bitcoin for two 1/21000000ths of an imperishable pizza.

Con someone into buying some for a dollar, and forever after you can always offer to buy bitcoin for two 1/21000000ths of an imperishable pizza plus 1/21000000 of a dollar.

Sell a few at $30 and forever after you can always offer to buy bitcoin for two 1/21000000 of an imperishable pizza plus few/21000000 of $30.

Rinse and continue.

Oh wait, also daytrade between $8 and $30 until obscenely rich so that ever after you can always offer to buy for at least $30...

-MarkM-

If hosting that accepts devcoins happens along before (an exchange that exchanges devcoins for bitcoins plus hosting that accepts bitcoins) or (an exchange that exchanges devcoins for fiat plus hosting that accepts fiat) then maybe devcoins could go toward hosting. I wonder how many devcoins we can sell for how many bitcoins and how many bitcoins your friend would need to upgrade the hosting?

Very nice post jackjack, colours even, cool. So it seems that it will be 200,000 DVC I'll be sending you...

-MarkM-

It turns out that one of the currencies someone had me help develop is "devcoin", specifically aimed at funding open source development and with development of bitcoin relatively high up on the list of open source things to develop.

I do not see multiple currencies as competing, rather they are enriching the landscape.

Obviously trading between various currencies is osmething various people find appealing, fun, interesting, for some maybe even profitable. But dealing with fiat is a massive pain. So having a whole bunch of currencies that use the same API could open up the currency exchange field wonderfully by letting people do it without having to deal with fiat at all unless for some reason they like to, wish to, feel compelled to, or are compelled to.

I put Nemo in scare-quotes to indicate I didn't literally mean the character Nemo from the Jules Verne novel but, rather, more generically no-one (or was it sexist back then, no man?)

-MarkM- (As in no one would use...)

If I understand correctly, what I will be sending you if you agree is 100,000 DVC bounty for basic "I installed devcoind or devcoin-qt" post.

I don't seem to be clear as to whether you did in fact install both, but maybe your more detailed post will clarify that. Possibly Unthinkingbit can clarify whether that will end up adding up to 300,000, 100k each for being one of the first to post that you installed devcoind, for being one of the first to post that you installed devcoin-qt, and for posting a detailed post; plus I am not clear on whether the detailed post one is available for each of the two programs. (I should sleep one of these days...) So that could come to 300,000 or 400,000, I am not clear which, of you agree.

-MarkM-

The INSTALL file mentions some files that need to be in the program's "current directory" aka "present working directory" when the program is run.

As you mention needing Qt, it sounds like you made devcoin-qt as well as devcoind?

The INSTALL for devcoind mentions one typically strips it (to make it smaller) and renames it as devcoind.

I forgot to mention the idea of stripping it for size in devcoin-qt's INSTALL file.

Devcoin-qt cannot mine. So if you want to mine it is devcoind you will want to run, at least while mining.

With some routers, if you compile with USE_UPNP active, it might be able to open the port it needs for networking automagically. If not, you will probably need to tell your router to route that port number, tcp protocol, to that port on that machine.

Having the port open lets others connect to you, if you don't open the port you might experience for yourself what you would be helping cause others to experience: difficulty in finding someone to connect to.

Whether you mine or not is up to you. But we need people with the port (port 52333) open as lack of such people is why others have trouble at this early stage in finding people to connect to. Basically we need to establish a bunch of 24/7 nodes, and even, once we know who they are, put their static IP address if they have one, or their no-ip.org dynamic name or equivalent, right into the program as seed nodes to help make sure people find others to connect to swiftly and easily.

As we have switched over from the Groupcoin thread to a specifically Devcoin thread now I have started a #devcoin channel on freenode IRC so we don't have to use the #groupcoin channel there for chats about devcoin.

-MarkM-

P.S. I am going to go investigate importing of keys now so that hopefully shortly after you are able to tell us your devcoin receiving address I will be able to send you some bounty...

That merely means you are not currently the entrepeneur or developer currently most likely to bring a killer solution to market.

It might well be technologically feasible to construct a nice big gaudy pair of rings which "mate" with each other so that they act like one of those password dongles MtGox is issuing on the one hand and one's own private personal thing-that-the-password-activates on the other.

You could maybe even use them as wedding rings, so only when you and your spouse are togther and plug your rings into each other will the combination work as a voice-recogniser that parses your voice commands - or, okay, maybe initially your morse code commands or your personal private code you make up commands, or becomes able to read the bar-codes on your cufflinks and shirtbuttons, or whatever, so as to sign a transaction proposed to you for signing by the blockchain-and-transaction-services provider.

In principle it is not particularly complicated unless the user wants to make it complicated.

You could have resin or silicone or whatever personal to you refillable/rewritable cents, dimes, quarters, you could have your own personal paper money in your physical wallet you rub your ring over, you could even have a crucifix you have to say a certain private prayer to, whatever. That can get very personal. You could have entire lego sets that kids can use to build family money-machines that can charge any brick or construct of bricks with any amount up to the family balance.

You could even have a laptop or somesuch - a portable device, miniaturised to whatever extent you personally feel the expense of such miniaturisation justifies, that runs your own personal Open Transactions server.

Probably best would be to do ergonomics studies, finding out specific handwaves or finger-motions or verbal or nonverbal utterances or manipulations of fetishes such as pieces of paper or disks of metal, various people think they would like to use to convey to sensors of some kind how much if anything to pay to who or what.

Some people might not worry about lead pipe attacks some might not worry about wireless digital intrusion attacks some might not care much what happens to the trivial amounts of funds they actually move about with during a single daytrip. So solutions will have to vary according to the user's perceptions and preferences.

-MarkM-

(The best solution might simply be to create so much affluence, for all, that no-one will care about a few grand here and there being purloined by kids or the street-performers known as pickpockets who enliven some interesting tourist spots and so on, figuring hey, its purpose is to maximise the forward creature-days of healthy life for all living things on spaceship earth...)

So don't trust it, "Nemo". Set up a cron job that will sell back to it any of its coins that manage to somehow come into it's reach that will sell them back to the politburo or developer or promoter or cult or whatever that claims they are worth something.

You can tell how much they think they're worth by how much they'll buy them for, that is how markets work, isn't it?

Do you believe World of Warcraft (or Diablo 3 or whatever) actually plans to buy back WoW-Gold (Or diabloons or whatever) for anywhere near the number of dollars people (or even they themselves) sell it for?

If not, then how close to the amount they sell it for will they buy it for? (What is their "spread"?)

Does anyone trust them to buy it back?

Does anyone buy it at all? Even at less than a dollar for a million coins?

Do you trust Berspank / the Fed? If no, then you won't be buying or accepting any federal reserve notes, hmm?

Etc.

I thought I read somewhere once upon a time about trust having to be,,, uh,,, something... uh... uhn... uhn'd?

I wonder if that was anywhere near the place where I read something about the predictive power of the past...

-MarkM- (Do you people trust pyramid schemes to pay off for them? Do they buy into them?)

P.S. Notice that many of the "new" blockchains are not yet open to the public, specifically due to concerns about the expense of mining compared to the relative strength of potential "enemy miners". Once all their coins are minted, or maybe before, more access to the blockchain might well seem more economically viable than it does during startup periods in which they might feel relatively vulnerable to predatory miners.

Carry a private-key keyring.

I think the term wallet is becoming misleading, because the wallet.dat file does not actually contain any coins. To do it's job it needs to contain your public keys so it can 24/7 monotor your balance so as to send you any email alerts you might want based on transactions or balance, and so as you limit how long you need wait for it to re-balance in the event it somehow got out of touch with the live blockchain, and so it can show correctly all your transactions and balances with a minimum of delay when you un-minimise it / choose to view it.

If it loses its live connection it starts to get out of date, and build up a larger and larger backlog of how long it will take it to catch up.

But, at least if it is not on hardware you control and secure yourself, it should not have your private keys. Those should be on a private keyring that you and and it does not have and never gets.

Conceivably you might give it a private key occassionally, for it to expend and destroy, but to minimise the number of private keys you need to lug around or remember how to generate or carry a generation/memory tool for, it might be better that it never sees your private keys, instead it hands to you any transactions that need to be signed with a private key and you sign them, by counting on your fingers or rubbing your asic coder/decoder ring or whatever. So all it seems is that you validly signed, not they key you used to sign.

Maybe check-book (not cheque-book) might maybe work, in the sense of a book-keeping record in which you record transactions so as to "balance the check-book". Ultimately what you balance it against is the block-chain, which is partly a kind of p2p "distributed wallet", or a huge "communal wallet" in which every "locks" their own coins so that other users of that vast distributed wallet cannot spend each other's coins without somehow getting hold of a key from someone else's private-key keyring.

-MarkM-

You could make multiple copies, whatever the media.

Cheap easy media would be useful for that, so you could in effect make yourself a bunch of cards (whether paper or cardboard or plastic or engraved platinum is partly a matter of taste), in various denominations, and duplicate them.

Maybe have an app that asks not only how much you want in your hand but also in what denominations and media and how many copies of each.

So you could click icons or whatever to tell it gimme twenty ones, only one copy of each, twenty twos, two copies of each of those will do, ten fives, just two copies of those is fine too, ten twenties, better gimme three copies of each of those, and twenty hundreds, gimme five copies of each of those, one printed on the secure printer in the secure room in the possibly offsite place...

-MarkM-

Apparently there are people who do not want their home accessible from the net / do not want at-home to actually be really on the net, for whatever reasons, it doesn't matter what their reasons are, they are their reasons.

Thus we basically have to be able to provide a way they can store data on third party servers and we should do it without those third parties being trustable. It is mind-boggling how many employees of how many huge corporations seemingly do not succumb to amazing amounts of temptation but relying upon an apparent rarity of villains is pretty much just a variety of "security by obscurity" thus should probably be avoided.

So we need something where the user's own hand-held device (or possibly their actual hand itself by some kind of clever counting on their fingers if they cannot rely upon some kind of glorified pocket-calculator to do it) can sign things in a way the third parties cannot fake or duplicate or counterfeit etc.

The wallet should therefore probably be thought of as totally separate from the "keyring" of "private keys". It should present to the user a transaction ready to be signed but be totally unable to sign it itself in lieu of the user or as an agent of the user. It can hold the transaction records maybe if privacy of those is not a concern. The actual coins reside on many many computers all over the world, the p2p network, so all the user (and NOT some other user such as a "wallet provider") should need is one or more private keys, or a way of re-creating (from mnemonics or algorithmically) a sufficient collection of private keys to sign transactions proposed by the "online wallet".

We shouldn't even call it a wallet, that leads to bad thinking. We should think of it as a transaction ledger and/or transaction processing tool. The blockchain is the real wallet, as in, the container in which the actual money resides. The thing the user uses should be keyring, and maybe the "online wallet" service could be regarded as at least partly a "public-key ring".

Open transactions could so nearly do this if only it used the math it claims it should be using instead of some apparently kiddie mockup version or "insufficient for real use" version of the math it claims it should be using. Darn, so close...

-MarkM-

And right about there/here is where I end up going back to check whether Open Transactions has yet gotten around to fixing its self-admitted problem of not using secure enough crypto/hash.

It looks to me more and more the case that until Open Transactions actually uses the level of crypto it claims to need for real use it would be crazy to attempt to go much farther than games and/or trivial amounts of bitcoin in developing open source financial software intended to handle huge amounts of money. Meanwhile tell the billionaires, millionaires, probably even those throwing around only a few hundred thousand - even in the aggregate, such as a very small numberof  customers each throwing around only a few thousands or tens of thousands - to please simply use bitcoin itself, directly, to do their trading person to person, "heck it *is* a person to person currency, y'know".

There (is? was?) a wild west element to the potential for a rags to riches story rich enough to put together enough capitol to simply throw money at the problem(s), and maybe MtGox might even be such a story or close to such a story. Two more recent entries to the niche seem to at least be giving an appearance of being "old money" (maybe even so old that it predates the "early adopter windfall new-rich"? Not sure).

Have we learned enough yet that a project could be started with the goal of making a reference implementation "secure" exchange and/or trading and/or minting and/or banking site?

Maybe if devcoins take off it might become possible to throw money at getting Open Transactions to use the math it apparently believes it should be using, which I keep seeming to end up coming back to as about the only serious way forward that seems to be in reasonably plain sight...

-MarkM-


 

Supposedly security was high in at least some cases of hacks.

How then can one prevent being hacked?

If even MyBitCoin, supoosedly having most of its coins completely off the net, lost so many they have to go into receivership how the heck can anyone manage to do business?

I am very cautious about any kind of scaling up because so many that have attempted it have supposedly found even their best efforts at security are not secure enough.

I would hate to lose a large amount of someone else's bitcoins. Is there a way other than only operating on trivial scales to avoid it though?

An adult site operator posted in the past about the need in their industry for expensive software in order to process payments in niches prone to attack by hackers. Maybe she had a point? Or if not then at least maybe it would be useful to find out what high value target websites that have never successfully been hacked actually do that might be instrumental in their not having gotten hacked yet?

How many of the supposed "security solutions" various sites' marketing mentions are actually effective or are most mostly more a marketing spiel than an really useful security?

It will help a lot hopefully to find out exactly what measures were actaully in place at MyBitcoin and how exactly they failed...

-MarkM-

Ah, great, this looks like a nice thread to hijack instead of starting a whole thread just about the implementation of my own exchanges (which currently is by means of "eggdrop" IRC bots and a perl bot for the Crossfire RPG game).

Is there, in fact, any reasonable alternative to simply coming right out and telling you from the get-go that my exchanges are, of course, going to get hacked, and that that, in fact, is part of why I have implemented them in a do it oneself from home manner?

A kind of "standard open source response", as it were: "hey, if you think my {bots|exchanges} might get hacked, run your own fergoshsakes, heck, gimme the patches if you want even!"



-MarkM- (Operator of, for example, "NickelBot", which haunts various Freenode #bitcoin* IRC channels...)