Then there are two branches.

One has 90% of the hashpower and has blocks every 11 minutes.

The other has 10% of the hashpower and has blocks every 100 minutes.

The slow chain has only 10% of the transaction processing capacity that it had before the fork. 1 MB every 100 minutes. It quickly becomes unusable.

Checkmate.

You're darn tootin'.

When you're got more than 90% of the hashpower, it's not really contentious any more.

I apologize for misrepresenting you. I was trying to be laconic.

I think there's universal agreement that everybody is free to submit.

It's the authority to accept or reject that Chinese miners could conceivably wrest from Core.

It's possible that overwhelming hashpower could allow them to succeed.

Maybe the Chinese miners think they are able to judge merit by themselves.

I realize now that I've made a mistake. Chinese miners will sponsor a "core" dev but not a Core dev.

That is, not one of the existing Core devs.

I think the important question is what will happen if and when the dev sponsored by the Chinese miners tries to bring the code in a direction contrary to Core's.

Either the Chinese miners plus dev would start a new fork (with majority hashpower) or they would suffer loss and humiliation as their pull requests were rejected.

So you're either a contender for the throne or a servant to the powerful.

Choose wisely, Chinese miners.

I disagree. There's nothing fun about this.

It's a disgrace.

We in the West are coming to the same conclusion.


My bet is that Chinese miners will sponsor Luke-jr so that he can change the PoW to put all the Chinese miners out of business.

It really seems that Chinese miners kowtow to those who show contempt for them, and they show contempt for anybody who listens to them and tries to take their concerns into account.

Do they know that in the West that's considered shameful behavior?

This is a bit that I don't fully understand: If you can execute contracts or scripts on the blockchain trustlessly, then why don't you get these trustless scripts to do the signing, instead of choosing 15 people to trust?

The people just turn on some software and then go away, and we trust them not to modify the software maliciously. So why not have the code to be executed be the trustless type, like the code that checks the signatures in bitcoin transactions?

The latter wouldn't need the trusted signers. That would remove the need for a lot of B&C's infrastructure. There'd be no nominations or voting and you wouldn't even need shares or dividends. It could be done without a fee, apart from the coin transaction fees. There'd be no exchange operators, so there'd be no opportunity to make a business out of creating and running it.


Somebody correct me if I'm wrong, but I think that bitcoin and its clones won't allow you to have messages longer than a certain size when you want to spend a coin. If the coin is in a multisig address, you need lots of signatures to be able to spend it but then you hit the size limit. I think 8 out of 15 is pretty much as large as you can get.



Not using Tor would do the trick.

Thanks for the informative answers.

I can't think of any remaining weaknesses.

I'm quite looking forward to seeing it up and running!

Thanks; that makes a lot of sense.


You're right; Tor would solve the problem. If someone takes down the exit node you can just switch to another one.

I think more humble organizations than the NSA could discover a signer's static ip, though. Here's a half dozen ways to do it off the top of my head:

1. Go to the signer's house and apply a rubber hose to the signer until the ip address (or even the private key) is volunteered.
2. Various other methods of coercion / blackmail / deception, including court orders, dating the signer, pretending to be the cable guy or whatever.
3. Hire a hacker / private detective to get the information (or hack into his computer yourself).
4. Own the company who leases the signer's VPS. How many will run their nodes on Amazon? If they keep the identity of their VPS providers secret from each other, how will they ever know if they're using the same one?
5. Ask the signer what VPS services he's tried and which ones he thinks are good. Compare the ip address ranges these VPS services provide to the ip addresses of persistent nodes.
6. Connect to 100 nodes. When a message from the target signer arrives, measure the time at which each node publishes the message. Drop the slowest 50 and connect to 50 different random nodes. Repeat. The probability that you're connected to the target signer increases with each iteration.

If you have a powerful ddos ability, you might need only a 20% chance of guessing correctly, and even if you can only narrow it down to a group of nodes, it doesn't do you any harm to take out the whole group.




Well yes and no. Market cap > Revenue only implies Market cap > Deposits if Revenue > Deposits.

But would, say, 8 years of revenue really always exceed the value of the total deposits?

Let's say the total amount deposited on average is D. Let V be the number of times per day that money is traded. I might be wrong, but I think most of the money on the exchanges doesn't trade every day. Most of it stays in balances or in orders that don't get executed, I think. So I think V is less than 1, probably about 0.1. I might be way off.

And let F be the fee that you charge. Let's say it's 0.5%. That might be an overestimate, but maybe I underestimated the velocity of money on the exchange.

Then revenue over 8 years = D * V * F * 8 * 365  = D * 0.1 * 0.005 * 8 * 365 = D * 1.46.

So if the total value of deposited funds ever exceeded 1.46 times the average value of deposited funds, then the shareholders would get more money by stealing the deposits than by accumulating 8 years of revenue.

Let's say I way underestimated V. So suppose it's bigger by a factor of ten. Then the condition for rational (but evil) shareholders to decide to steal the deposits would be if the total amount currently deposited exceeds the average amount on deposit by a factor of 14.6. Could we be confident that that would never happen?


I certainly agree that it's unlikely; I was just asking about their powers.

Presumably they could also do things like freeze or confiscate Jed McCaleb's XRP if they thought there was a good non-fraudulent reason to.

Do we know that no single person will ever accumulate more than half of the shares?

Is there any way to prevent an enterprising gang of thieves from buying a majority of the shares?

This is quite exciting after Mercury because it's a completely different approach.

One way or another, it looks like decentralized exchanges are about to become a reality.

A few questions:


If none of the currently most trusted signers have cheated, I think it's inevitable that they will, as incumbents, be likely to retain their positions as most trusted. So wouldn't you have the three most trusted people permanently capable of colluding and stealing all of the funds on the exchange secured by 3-of-5 multisigs?

Also, no offense intended, but wouldn't the most trusted signers be Jordan and the devs?

So aren't we, in effect, being asked to trust a few known people with our money?

Also, I would guess that the signers, being always online, could easily learn one another's ip addresses if they were so inclined. Suppose the scheme is 8-of-15 and an attacker has control of 4 pseudonymous signers. He would need to successfully ddos any 4 of the remaining 11 signers in order to block withdrawals and extort the depositors.

An attacker would try to ddos them all. Let the probability of successfully ddosing a signer be p.

Then the probability of knocking out 4 of 11 is:

Sum from i = 4 to 11:   B(11, i) * (p ** i) (1-p)**(11-i)

where B is the binomial coefficient.

With a 20% chance of a successful ddos, that's a 16% chance of successfully blocking withdrawals. At a 50% ddos success rate, the probability of crippling the exchange is 88%.

Actually, an attacker with no signers and a 50% ddos success rate has a 50% chance of succeeding at such an attack.


Yikes! If the shareholders feel so inclined, can they pass a motion requiring all the depositors' funds to be distributed among themselves?

If A has to do that before B puts up any money, then doesn't that give B a chance to blackmail him?

That is, instead of proceeding with the transaction, B says, "Your coins are now inaccessible without my co-operation. You can get half back and give half to me, or get none back. Your choice."

Re: malleability, I think there are still a few parts of BIP62 that aren't implemented yet and there might be sources of malleability still undiscovered. It'll take time to become confident, but it'll happen eventually.

This looks great!

A decentralized exchange is tantalizingly close.

At first glance, it looks like it's vulnerable to transaction malleability, though. Do you have a way to defend against the following attack?

In this context:


A broadcasts an equally valid TX3' with a different hash, which eventually gets into the blockchain instead of TX3. (A has deliberately made connections to many more nodes than B, so A will receive TX3 quickly and can then send TX3' to many nodes in one hop.)

Now TX4 is useless. A waits until his timelock expires and gets his coins back. B's coins are stuck.

A watches the Mercury community's public discussions to see if anybody complains that their coins are stuck.

If so, A creates TX5: "Pay 0.5*v alt-coins from TX3' to A and 0.5*v alt-coins to B", signs it, and sends B a private message saying,
"Hello B,

I'm scamming you. You can sign TX5 and get half of your coins back. Or not. It's up to you.

Don't bother replying. I won't read it.

Your friendly scammer,
A"

Here's my experience with the service:

On 4/17 I filled in the form; I wanted to exchange some bitcoins for a prepaid card. I got a reply saying send the bitcoins to a specific address and I'd get the card number within 24 hours. I sent the coins.

On the 20th I sent an email asking if there was something wrong. I got a reply from the website operator saying that he was travelling and would send me the card as soon as he made a stop somewhere that sold one. I replied and said I'd appreciate it if he could send it as soon as possible.

On the 25th I sent an email asking him if he could refund the bitcoins if he couldn't get me a card within the next few days.

No reply so far.

I'll post a follow-up here if I get the card or a refund.

I installed version 0.6 and it does seem to be much better!

Saudi Arabia and Qatar accept dollars for oil. No need for regime change there.

Actually, it was said that the kitchen was the one place where people could speak freely. It was in public where you had to keep your opinions completely quiet.

About religions, it's true that they are the cause of much suffering, but they were often an improvement on what came before. The prophets brought new laws, new ways for humans to regard their relationships to one another. If the people saw that the new laws were better than what they had, they converted.

Sometimes conversions were forced, but those were not genuine conversions; the victims just pretended to convert to keep the threatening maniacs happy. Religions can only spread far and wide if there are many genuine converts, who really do see something better than what they had before.

And the prophets who brought the new laws marked significant points in human development. The transitions from human sacrifice to no human sacrifice and from eye-for-an-eye to forgiveness of sin and love-thy-neighbor, as well as the prohibitions of slavery and usury were religious developments that improved humanity.

You might say that it was religion which put the human sacrifice, eye-for-an-eye and slavery there to begin with. True, but there was nothing else available. Early modern humans who had to find a way to understand what was happening did the best they could, and produced the religions to represent their understanding of humanity and its relationship to consciousness, death and the material world. If you took away their religion, there wouldn't be a better alternative for them to default to. There wasn't a better law that came before. The state of humanity before was worse; humans were more lawless and cruel.

I'm an atheist but I can see that religion isn't just an evil monstrosity which humanity would be better off without. It's a part of human culture, a process through which humans consider their relationship to the cosmos and conceive of moral and legal principles which can elevate them above their failings as selfish and finite beings.

I joined this forum almost a year ago and read it frequently but post rarely so I'm still a newbie.

It reminds me of fraternity hazing and the way that gangs make new members kill people to prove their loyalty, but a much more gentle form.

I can see that something is needed to keep out the trolls and spam. This doesn't seem unreasonable.

Thanks to everyone for the replies.

I do mostly just turn it on when I need to perform a transaction now. The slowness is a problem even for the time that it needs to do that. An online wallet would solve the problem all right but that defeats a lot of the things that made bitcoin attractive to me.

For the moment electrum looks good. I might dig out an old HD to dedicate to bitcoin. Maybe an SD card will do. A transplant for long-term health after the emergency CPR!

I imagine the problem will only get worse as bitcoin becomes more popular. It's a bit worrying for the future of bitcoin. Will the cumulative burden eventually overwhelm even hi-spec dedicated bitcoin servers?

More people that I talk to now already know about bitcoin, and it's getting to the point where I can basically assume that anybody I meet that knows about Linux also knows about bitcoin. I hope the system doesn't get overwhelmed.