2281
|
Bitcoin / Development & Technical Discussion / Re: Funding network security in the future
|
on: October 30, 2014, 10:26:42 PM
|
I believe a good proxy for this is the total number of coins transferred in the tx.
Probably not, due to all the non-bitcoin overlay things people are interested in. (E.g. the altcoins, colored coins, etc). I disagree with the claim that its unrelated. Scarcity of block space is what enables a market for it; absent complete miner collusion, with unlimited block sizes there is a defection problem (the rational move for the miner is to take very low fee paying transactions instead of turning their nose up at them in order to drive the market price for fees above zero).
|
|
|
2282
|
Bitcoin / Development & Technical Discussion / Re: A(nother) downside to Proof-of-Stake?
|
on: October 30, 2014, 09:46:31 PM
|
A workaround would be for each output to have 2 keys, a spending key and a POS key. This would allow users to upload their POS key(s) to a mining pool without that pool being able to spend their money.
Yup, But doing that also eliminates some of the incentive alignment arguments in the first place: E.g. that you'll take care of your keys, and not delegate (or do so only cautiously), not leak them, etc.. because your funds depend on them. Sort of moot because the whole approach seems fundamentally unsound (or at least none of its advocates have stated a clear set of reasonable assumptions under which their system is secure (and where a centralized ledger wouldn't be)). https://download.wpsoftware.net/bitcoin/pos.pdf
|
|
|
2283
|
Bitcoin / Development & Technical Discussion / Re: Funding network security in the future
|
on: October 29, 2014, 09:27:19 PM
|
Hm. I'll think about this more before I answer, I don't want to waste anyone's time. I don't think that refutes what I'm saying though, basically because the point I'm making is that the higher hash-power node have lower-overhead per transaction due to the very fact that they are getting blocks faster. It's a kind of positive-feedback loop for the best miners.
I agree with that argument in general, and I think many other people have made it somewhat different forms as well... But so long as the node operating cost is insignificant, I think it doesn't apply.
|
|
|
2284
|
Bitcoin / Development & Technical Discussion / Re: Funding network security in the future
|
on: October 29, 2014, 08:52:01 PM
|
I would expect that once inflation stops, transaction fees will not be enough for the vast majority of nodes to stay in operation
Are you missing that the transaction load (and thus cost) is limited by the hard rules of the network, just as the supply of coins is... under the current rules there is no risk of nodes becoming too expensive to run. (I just ask because you used such absolute language in you message).
|
|
|
2285
|
Bitcoin / Development & Technical Discussion / Re: Funding network security in the future
|
on: October 29, 2014, 05:42:47 AM
|
the P2P node network could configure itself as a giant parallel processor,
This cannot be done with the design of Bitcoin today. I've previously (incompletely) sketched out what would be required, but we're a fair ways away from that. And so far there has been virtually no interest in moving things in a direction to support things like that inside Bitcoin. With the rest of your post you seem to be describing a closed cartel system for mining-- if we have that, why not dispense with the mining, trust it to keep the ledger... (and call it paypal?). Centralized systems are much more efficient and easier to make reliable. I think Bitcoin's (unique) value derives almost exclusively from not being centralized.
|
|
|
2286
|
Bitcoin / Bitcoin Discussion / Re: Why blockchains might want to consider using AT "Turing complete" txs
|
on: October 28, 2014, 08:49:48 PM
|
Doesn't splitting every operation into micro-operations and feeding the result to the VM solve the issue?
For simplistic implementations, yes (though you have to get it right). High performance ones... not really. For high performance you really want to hoist the boundary checking. I'm not sure what advantage this system really offers over Moxie... as moxie is deployed and has toolchain support. In general, I worry that this kind of system is too low level for a consensus system-- e.g. getting high performance will require dangerous complex execution enviroments; but it's an interesting domain. It also has no facility for dead code elimination, or other facilities which are more obvious when you understand the difference between with script does in a consensus system... that it's not really performing computation, but verification of computation.
|
|
|
2287
|
Bitcoin / Development & Technical Discussion / Re: Miner accepting non-standard txs required!
|
on: October 28, 2014, 08:21:00 PM
|
I feel sorry to see the referral code disclosed outside of the intended community. This pushtx is experimental only for our partner and our weibo followers. We do not currently replace conflicting transactions to prevent potential double spend. Don't worry. Thanks.
Is the source code available to see exactly what transactions f2pool will accept under this interface? (Eligius' node code is available). We do not currently replace conflicting transactions to prevent potential double spend. Don't worry. Thanks If you accept transactions other nodes will not accept it still facilitates double spending, somewhat. The attacker sends a non-relaying transaction to you first, then floods the network with another transaction.
|
|
|
2291
|
Bitcoin / Bitcoin Technical Support / Re: Missing params desc. in wiki + selective binding ports to ip adresses not work.
|
on: October 25, 2014, 08:27:02 PM
|
They are not yet in a released version of the software. they also seem to be missing from the help output in --bitcoind Yes they are, $ ./bitcoind -help | grep white -whitebind=<addr> Bind to given address and whitelist peers connecting to it. Use [host]:port notation for IPv6 -whitelist=<netmask> Whitelist peers connecting from the given netmask or ip. Can be specified multiple times.
It's however not present in "bitcoind --help" output of Bitcoin Core Daemon version v0.9.3.0-g40d2041-beta. Because it isn't in that version of the software. In addition, I notice that the bitcoin core daemon by default binds to all interfaces? Would it be possible to bind only to one interface. For example, if you have a machine with several interfaces, you might want bitcoind only to bind to one or two of them.
Yes, ./bitcoind -help | grep bind -bind=<addr> Bind to given address and always listen on it. Use [host]:port notation for IPv6 -whitebind=<addr> Bind to given address and whitelist peers connecting to it. Use [host]:port notation for IPv6 -rpcbind=<addr> Bind to given address to listen for JSON-RPC connections. Use [host]:port notation for IPv6. This option can be specified multiple times (default: bind to all interfaces)
For example, if you have lo,venet0:0 and venet0:1, you might only want to bind to lo and venet0:0, for example 127.0.0.1 and 222.222.222.222. I've played around with -bind and -externalip, but still the daemon is binding its port 8333 to all interfaces. I'd like to be able to control that behaviour. Is that possible as of yet? Works for me, what are you setting, precisely? And lastly from bitcoind -testnet getinfo on Bitcoin Core Daemon version v0.9.3.0-g40d2041-beta: "errors" : "Warning: This version is obsolete, upgrade required!" Is there no point in running a testnet node with this version number?
This is just caused because of people using weird version numbers on blocks in testnet, it's harmless. Also, regarding the version number v0.9.3.0-g40d2041-beta, what does the g40d2041 part mean? And how is it decided what this value should be, is there any logical meaning to it?
The value there is the git commit id of the code being used.
|
|
|
2292
|
Bitcoin / Development & Technical Discussion / Re: Pegged Sidechains [PDF Whitepaper]
|
on: October 25, 2014, 04:47:15 PM
|
It's trivial to prove an absence in a ordered data-structure (like the linked list of blocks): You just reveal whatever is at the position the missing data would have to be at. It's only the revealing of absent data in an unordered datastructure which is space infeasible.
WRT limiting in the implementation route of an opcode, ... you already see one reason it's less important: the ability to nest sidechains, the other reason is that the verifier only needs to understand the transaction releasing coins back, everything else in the other blocks that isn't on the hash-tree path can be formated differently.
|
|
|
2293
|
Bitcoin / Development & Technical Discussion / Re: New Powerful Attacks On ECDSA In Bitcoin Systems
|
on: October 25, 2014, 03:58:51 PM
|
Weird and not new. It's complaining about a combination of things; one is that BIP32 non-hardened keys effectively share the same private key (as far as someone who has the master public key is concerned). This is documented in the BIP and is the reason for the hardened keys existing. The other is that ECDSA implementations with broken RNGs can compromise users private keys. This is also well known. Community concern about that (see my own post http://permalink.gmane.org/gmane.comp.bitcoin.devel/2734 and https://bitcointalk.org/index.php?topic=285142.0) is why limited entropy devices like trezor use derandomization already. Incidents like bc.i's compromise in the past are largely unrelated (broken JS code that could just fail to use randomization at all), or just toy implementations which which were seemingly intentionally insecure. In the case of Bitcoin Core the system has a strong CSPRNG seeded by strong system randomness and other inputs. There have never been any incidents there, and if there were any they would also compromise the ordinary private keys regardless of derandomization of the ECDSA. Support for derandomization exists only in pre-release openssl (and has for more than a year), though the new library Pieter wrote has support for it (and resolves a number of other issues with OpenSSL). But since the private keys depend on the same randomness, and the randomness is strong everywhere Bitcoin core is supported, I haven't considered it a major priority. Many of the author's other complaints are just strange, e.g. arguing Bitcoin "lacks a cryptographer to tell us elementary truths about which elliptic curves are mainstream (P-256 and not many more!) and which ones are dodgy, with a collapse of bitcoin looming if bitcoin cryptography is broken some day", which is just weird as there are a great many cryptographers working on Bitcoin (including ones carrying PHDs), so I can only assume what thats really complaining is that no one is paying him, in particular, to give us bad advice like using curves with suspicious fake-random unexplainable NSA sourced parameters. Also I find it weird that after saying that he complains about widely deployed standards compliant randomized DSA to the favor of more recently developed standard-violating derandomized DSA. (As seen in the posts, I'm also in favor of using derandomized DSA, it's just odd to fault Bitcoin for being non-mainstream in not using NIST curves, while at the same time faulting it for not violating the DSA standards). I see that his latest writing has toned down the ransom-note-esq random modulation into ALLCAPS, but it still succeeds in being chuckle worthy with gems such as "In August 2013 we found on the Internet another file posted anonymously by a certain Greg, which contained 131 bad randoms".
|
|
|
2294
|
Bitcoin / Development & Technical Discussion / Re: What is the purpose of this transaction?
|
on: October 18, 2014, 05:37:55 AM
|
P2pool used to store its sharechain commitments (which is how it achieves trustless, serverless pooled mining) in a zero value anyone can spend output. To clean up the utxo set some people spent all those outputs at some point. (that might have even been me making that txn, dunno).
It now uses a op_return... now that bitcoin core knows it doesn't need to track those, so there is no useless utxo to clean up.
|
|
|
2295
|
Bitcoin / Pools / Re: Whatever happened to Bitcoin Affiliate Network?
|
on: October 16, 2014, 07:51:43 PM
|
One of the people seemingly involved (fire000) who was attacking everyone negative is now flooding my mailbox with demands that I remove the negative rating I left on him (after encountering him crap-flooding random unrelated threads just to harass people who raised an alarm on this stuff.
(apparently I'm supposed to be scared that he and his sketchy cronies will negative rate me on the forum, oh noes)
|
|
|
2296
|
Bitcoin / Development & Technical Discussion / Re: Message to devs from merchant
|
on: October 16, 2014, 06:24:15 AM
|
Spv could work, but youd want to be connected to a few nodes at a time to be confident. Just randomly hop around servers in the electrum server list. You can subscribe to callbacks for events from stratum servers if I recall correctly..
Be careful with assumptions like these. All (reachable) peers are malicious peers if an attacker controls your network connection. (E.g. compromised your ISP or router, or they are your ISP)
|
|
|
2299
|
Other / Off-topic / Re: bitXOR - A generic file encryption method originally designed for my bitcoin wallet
|
on: October 14, 2014, 12:45:50 AM
|
cyclically xor-ed with the pass key.
This sounds like dangerously crackable snake oil cryptography. If there is plaintext with a known xor relationship then reuse of the pass key bits allows their recovery, Please don't make up novel cryptosystems and encourage other people to use them unless its strictly necessary. There are many existing, mature, well reviewed systems for symmetric encryption. This also appears to be offtopic.
|
|
|
2300
|
Bitcoin / Development & Technical Discussion / Re: How are the bitcoin block hash generated?
|
on: October 12, 2014, 09:20:01 PM
|
Are they trully 100% random (generated by hardware) or is it pseudo-random (generated by software)?
They aren't random. They're a pure function of the data in the block. They are not (believed to be) predictable in advance, but miners can influence them by changing the data in the blocks to get different results. This is how mining works. Can i rely on it or any other blockchain data to make a 100% trustable raffle?
The security of doing that is limited. If you entire raffle process is known in advance miners can cheat your raffle at some cost by throwing away otherwise valid blocks that would go a direction they don't like in your raffle. There are ways to avoid this (e.g. first publishing a commitment to a secret which is combined in the selection) but really, to be frank, if you're asking very simple questions like this you likely have a long way to go before you're ready to design a cryptographic protocol for other people to use. You probably need to spend some more time reading.
|
|
|
|