The alert key posed problems because it was part of the protocol. Dev GPG key verification can be done wholly client side and could even be set to trust only developers X and Y or what have you. Set the sites you want to check for updates, set the keys you need to verify a binary. Probably have some simple protocol that allows for a high priority message to be sent to the user. No one has much control over this situation except the user and who owns what keys are irrelevant as long as they aren't all compromised.

I agree with the first part, but as far as 'update available' notifications, is it any worse than relying on GPG verification of binaries in the first place? Update notifications could also automate the GPG verification which few people aside from very serious users probably do. Of course that means relying on the key baked into the software, but it is always possible to compromise something somewhere. Having to read the news to find out there is a critical vulnerability in the software you are using does not seem to be ideal, imo.

COBOL was never designed as a general purpose language. Part of the problem with C/C++ is that we are absolutely, irrevocably stuck with it because it is so integral in so many things. It means that newer and potentially better-designed languages have slim chances of succeeding because of C++'s dominance. It isn't going anywhere anytime soon.

With that said, it might be beneficial to move the core to some high level language/script that is then interpreted by a C++ or any other compiler.

There are many subtle differences between different types of POS coin. The "original" POS style, exemplified by NXT and PPCoin, involves currency holders having a pseudo-random chance at being able to create a block based on how much currency they own. This is "permissionless" like POW - there are no designated nodes. But there are many other ways to do POS - Tendermint uses a 2/3rd majority of a set validators to create new blocks. Directed Acyclic Graph (DAG) coins like Byteball and Iota use a majority of witnesses/validators to move the graph along.

POS's primary advantage is that very little energy is required to secure the network. This eventually means transactions on POS coins will be much cheaper. However, large currency holders (or permissioned validators) may be able to attack the network the way computing power can attack POW. Because these currencies are secured by signatures instead of work, it may even be possible to attack the network after "cashing out". This is called the "nothing at stake" attack, but it is much more complicated to pull off than a POW attack.

Sharding is the idea of splitting up a blockchain into multiple smaller parts so that the bandwidth required is dramatically reduced. For POW, this would require splitting POW up into multiple chains making all shards weak as the weakest shard - in theory, there may be ways to improve that security. For POS, assuming a random, uncoordinated distribution of stake/validators among each shard, attacking one shard would be as almost difficult as attacking the whole network. The probability of gaining a controlling stake over one shard would be correlated to how much total stake an attacker controls.

One thing to note about most POW coins is that they are pretty weak to attack from competitors. Bitcoin Gold was successfully attacked and an exchange lost $18m recently. Unless you have an overwhelming marketshare like Bitcoin, POW coins are quite vulnerable whereas POS are usually not.

Austrian economists typically have espoused the direct opposite view - certainly the more famous ones at least. A false statement in calling out false statements?

These holes need digging!!


Contradiction between two neighboring sentences.


I made no argument for marginal utility, only that utility is not marginal utility.


I don't understand the vehement denials nor the completely unnecessary ad homs. I am willing to entertain Marx's LTV. I don't think it fits well, but that doesn't mean I am impossible to persuade. But as I suspected from the beginning, you don't appear willing to have a reasonable discussion, so I will exit the thread.

But I will say again that if you want any of your arguments to hold water, you must explain the value of non-PoW currencies. Unscientifically comparing them to fiat with a false equivalence is not an argument.

Marginalism posits that the cost to produce an item is roughly what you can sell it for, barring a monopoly. It separates the labor from the price which explains why a bitcoin could cost both $0 and $5k to produce. Distorting the issue, however, is that bitcoin (crypto in general) is unique in that it is akin to a decentralized monopoly.

The code is the monopolistic owner of a resource and the code delegates how that resource is produced. Because bitcoin is decentralized, the code must introduce inefficiency (difficulty) to combat the duplication of infrastructure (mining rigs) from pulverizing the price to zero. It is therefore apt to say that bitcoin is "paying people to dig holes and then fill them up" because any miners beyond the first one are completely unnecessary in the economic sense. Ideally, if we could somehow ensure that a single miner would function identically to a decentralized group of miners to the consumer, the single miner is the far superior scenario as the duplicate and wasteful infrastructure is avoided and total profit realized is far greater. (Although this may be undesirable if you are a communist.)

Ironically, arguing for the usefulness of mining (economically) is in a way arguing a Keynesian idea (digging holes).


The utility of bitcoin is clearly not the same as always. In 2009 I could not buy alpaca socks; in 2011 I could. Therefore in 2011 the utility of bitcoin was higher than in 2009. I think here you are trying to avoid any association with marginal utility so as to make your case, but utility is not the same as marginal utility. If you deny the utility of bitcoin has changed over time, then there is no hope of a productive discussion.

It also appears to me that you are conflating supply and demand with "changes in social situation", if not please clarify because I don't understand this argument. Perhaps you mean subjectivity, but that would be arguing against LTV. As far as the value changing because of it - this can't be correct under LTV because the labor is the value.

Again it is somewhat difficult to peg Bitcoin in here because it is designed solely as a currency and thus has no value in use, and it is a decentralized monopoly which distorts many of the inputs and outputs of the situation. If you are going to make a strong case that bitcoin satisfies LTV, your arguments need work, imo.


A false equivalence. No argument has been presented.

For the bolded text, I believe this is incorrect as it is heavily implied the author is a bitcoin supporter in the very last line of the article: "Long may [Bitcoin] remain desirable."


Your tone seems to imply that you aren't willing to honestly discuss this topic, but I will take a shot anyway.

On at least two points, I don't believe your association of mining costs to value aligns well with Marx's LTV. Firstly, Marx's LTV is not simply about labor being the defining aspect of a product's price - it is "socially necessary" labor. If the socially necessary constraint were not in place, then by that argument all products' prices would be a function of their labor cost, even when there is zero utility (or socially necessary labor). Secondly, the cost to produce any given bitcoin has varied between roughly $0.00 and $5,000.00 even though they are absolutely identical. The cost to produce a new bitcoin (loosely) follows the price. I don't believe that this can be explained by Marx's LTV. It can, however, be explained by marginalism.

Additionally, there are currencies that do not use PoW and yet still have value. Significant amounts of value. A strong case must be made as to why this value is illusory, but you have not broached it. One could make the counter argument that the existence of these "labor free" currencies invalidates your argument as it appears to prove that there is no socially necessary labor cost. i.e. PoW's popularity is only a preference.


This also seems a bit off-topic for D&TD and should probably be in the economics forum.

Bitcoin doesn't eliminate banks. Banks are the ultimate liquidity providers to enable capitalism. FRB evolved because the demand for money exceeded the supply of gold. Should Bitcoin become the dominant currency of the world, banks would need to apply FRB to it as well to help control the price or risk massive waves of bankruptcy in a deflationary event. The alternative is banks won't touch bitcoin. Without demand for bitcoin investment capital, it will likely always remain niche.


While true, there is nothing special about PoW in this regard. Any decentralized currency combats these problems.


Historical savings interest beats inflation. It is only in the last decade or two that basic savings interest has not kept up with or exceeded inflation. The stock market will generally always meet or beat inflation as long as an economy grows as it is automatically indexed to inflation by the investment of inflated currency thereof. The "theft" via inflation is highly dramatized. It is government spending (and other interference) that causes a misallocation of resources, not inflation. In the case of the 2008 crisis, it started as pressure from the US government to the banks to issue more mortgages to less qualified people, distorting the checks and balances of the system.


You mean anyone with custom, production monopoly-prone specialized hardware.

This is misleading. It isn't possible to just hit the sell button on a "dominant share" of a coin. The market will likely collapse on the way to the exit which may already accomplish what you wanted to do anyway as a dominant shareholder. It is a criticism of lopsided distribution, not PoS. If distribution were not lopsided, then to achieve a dominant share there was a significant cost associated, and exiting that market will absolutely not be free.

Deride weak subjectivity all you want, but software checkpoints have zero actual cost and very low social and philosophical costs to anyone that isn't beating the PoW drum (which costs billions of actual dollars every year). Transactions will be dramatically cheaper on PoS and that will ultimately decide what people use - at least as an actual currency.

That is the propaganda you have to deal with on bitcointalk.org. You don't typically get unbiased opinions here.


More or less. But discussing the crazier "what ifs" helps to design better protocols.

Not necessarily. Or not a necessarily large one. Someone could buy up a large amount of the currency when it was worth less than pennies, or even the currency creator could be a threat if a significant amount were distributed to them at the start. This is different from bitcoin because the cost to attack the network is always relative to how popular the network currently is. There is no early stage adopter threat to the network itself. (Although I have argued in the past that Satoshi is a significant threat to bitcoin economically because he can wipe out the market.)


I believe the only responses about how easy the attack is is in regards to your example about timestamps. Forging the chain itself is easy, having the signatures to do it is is where the difficulty lies - but there are many obscure factors that can make it easier.


There are also a number of attacks that do not create multiple chains but create chaos in more insidious ways. A 3rd party can't prove to you that a chain is being censored, for example. I agree that the general essence of the "nothing at stake" argument is pretty weak with improbable scenarios required to effect it, but it is better to be aware than to be blissful.

It is easy to fake timestamps, you just have your software write in a number into a block of the fake chain it is creating. It is difficult/impossible to fool existing nodes into believing the network is valid. However, an independent node (of the network) sees two equally valid histories based on the rules of the network. There is no way it can independently verify whether a timestamp was forged, it's just an integer in a block. This is also the case for Bitcoin, but the cost of creating that timestamp is governed by the PoW difficulty rather than a free digital signature given an attacker with ~50% of the network stake. And the attack can continue free of charge, whereas with Bitcoin you must keep expending resources to keep up with PoW because the most difficult chain wins.

It's a difficult attack to be sure because owning that much stake in a network is unlikely - but it is absolutely not impossible because many PoS systems especially have very lopsided distributions. Losing the ability for new nodes to know what is the "one, true chain" without needing outside information is a problem. How big of a problem is a matter for debate, but it can't just be brushed off as so unlikely as to be impossible.

The core argument is that there is no objectively determined network. A node that was not around during the time the "honest network" progressed has no basis of knowledge for which fork to choose when presented with equally valid options. In this case, "making up 3 months" is as simple as creating the blocks near instantly with only a signature as proof and no immediate cost. With PoW this immediate cost is very high for bitcoin, but can drop dramatically for many altcoins.

However, the argument started as a criticism of NXT and Peercoin where there is literally no downside to staking several competing forks. It has been reformulated several times over to apply to any proof of stake system (including ones that punish bad behavior)--somewhat successfully in my opinion, but only given some highly implausible (but not impossible) conditions. There is *a lot* of manipulation in the cryptocurrency sphere, so discounting implausible scenarios as impossible seems like a logical mistake. However, I think the future of cryptocurrency security will be in currencies that are more PoS-like than PoW-like.

I would just like to point out that in 2011 the account "etlase" was squelched (not banned, but unable to post) and had roughly 30 posts deleted for being overly opinionated and anti-bitcoin. You can see in the posting history here, where the account was accused of being a professional troll by a global moderator, although there is a distinct lack of context available. Apparently russians later hacked the account after posting privileges had been restored.

My point is in addition to the seemingly valid claim that the rules can be arbitrarily enforced. That is of course at the discretion of the moderators, but keeping this up as an appearance of a technicality of breaking rules seems deceptive. I agree that anonymint goes too far on subjects that don't seem to have much merit, but there are many, many other situations where he has keen insight and those posts vastly outweigh the negatives in intellectual merit. He can be a loud, obnoxious, and negative voice so he gets the ban grease while 75% of the forum fills up with copypasta post spam (a rule violation) for signature campaigns.

I don't know what warnings he has received or what was the real original reason for his ban, but if subsequent bans are merely because of "ban evasion" maybe it's time to just drop it and let him post? If he is really mucking up individual threads, maybe allow the thread creators to turn them into moderated threads and moderate the discussion themselves?

Because btctalk management is petty beyond belief. Banning is one thing, but deleting posts is a whole other order of extremism reserved for the most petulant (and deleting RESPONSES!). Especially in thoughtful discussions.

I may be in a minority opinion here, but the solution is simple: destroy unspent currency after X amount of time. X can be on the order of 10-20 years, but it should not be infinite. This notion that you pay nothing for security for all time is inane. Asking people to ping the network once a decade is hardly an onerous task.

A bond implies the money is not transferable, so I'm not sure how this attack could work.

I've been considering a couple of ideas based on stuff I've mostly found through your links. This is all regarding an opt-in stake. 1) is a very fresh idea for me that might have interesting implications.

1) Set a maximum number of opt-in stakes (probably based on total currency supply which would monotonically increase under my system). If stakes are full and there is still demand to stake, put the stakes in a queue that freezes the money (no idea for how long yet). When new stakes open up (currency supply increase, stakers leave, or stakers may be randomly booted after serving some amount of time or are unresponsive), use a VRF to select new stakes from the queue. All other queued stakes are booted from the queue but the money won't be available until their unfreezing time (presumably at least after the next queue).
edit: To avoid discouraging people from queuing by spamming right away and making the queue huge, the queue should start with an open queue that doesn't automatically freeze, then only some of those are chosen to be frozen - probably a fixed number based on the max stake, not a % of the total queued
(this, I believe, would also solve the "everything comes down to PoW" MC=MR problem)

2) Stake PK changes would be very limited or not possible, making transfer of stakes an incredibly risky proposition for the buyer. Even with PK changes, it's still a hugely risky proposition because you would have to wait until the new pk is accepted by the network with a long delay, in the meantime the previous owner can get the stake destroyed. - You might be able to get around this with a contract, so perhaps no PK changes allowed.

3) Tx fees are fixed or only changeable with a hard fork or significant vote. This works better under a system that aims for some kind of price stability, but you'd have to imagine some kind of market competition as well that could keep fees reasonable. If tx fees are too low, stake participation simply drops until it is acceptable. If they are too high, people switch to other networks or use off-chain transactions.


1 & 2 both help against but do not prevent an oligarchy, malicious or cartel-based. But it adds quite a lot of randomness, and a decent amount of punishment for trying to spam the opt-in stake. The cartel takeover attempt would have to out-queue the honest users 2 to 1, consistently across time. Depending on how long the queue freeze penalty is, this could result in the cartel needing significantly more money frozen than it would take to take over the network.

Since there is also a maximum stake, the cartel can't push everyone else into unprofitability by simply overwhelming the stake. If the cartel starts gaining a significant portion of the stake, if stakers are randomly booted, they would still need to keep overwhelming the queue or risk losing their foothold.

Just some thoughts.

To clarify: the security of my idea is derived from the fact that if *any* of the stakes are honest at the start of a long-range attack, the attacker can't "sign them out" (the same process for leaving as joining) so the client can detect that one network has 100% availability and the malicious would have 99% or whatever. It doesn't matter what they do with their own stakes or how many fake stakes they create. However, if they were to buy the now-defunct private keys of stakeholders that have since signed out they could achieve this attack, but they would have to buy every single one. But it is possible to thwart this attack with very simple checkpoints long in the past. At some point after network ubiquity, it would be highly improbable to ever be able to execute such an attack even if the checkpoint is never updated again (presuming the signature scheme remains unbroken).