Using a moving average with a box filter halves the work an attacker needs to perform in an isolation attack to get the chain down to a level where they can simulate the running network.  It also requires you to move the clamping functions much closer in to keep them equally effective, which means they become easy to hit and it's not really easy to reason about the incentive implications of a non-linear difficulty adjustment (e.g. you potentially make it more profitable to mine in bursts).

This has been discussed many many many times before.

When you do not use the search function you risk having an uninformed discussion because the more expert people have gotten tired of rehashing the same subjects over and over again for years.

All updates to the wallet single thread through a common lock, so yes, it's atomic.

Though no one should be using the accounts functionality for this sort of thing, as there is no safe way to back up that data (among other issues).

Changing to our own append only format has been the tentative plan for a long time.  BDB is not acceptable going forward for many reasons, and we've already eliminated it for non-wallet needs.  Breaking wallet compatibility is awkward though so no need to rush into it.

Your concerns about "unavailability" however are not interesting to me. The software is freely licensed, and we can just package and bundle it ourselves, and will likely have to as part of a wallet importing tool for the foreseeable future.

Mike was describing a case where a system watching google is trusted to perform faithfully, or is a member of a collection of such identified semi-trusted systems where it is trusted that no more than some threshold will behave dishonestly.  This is normally what we're talking about when we talk about oracle mediated contracts.

It is a hotly debated subject in theoretical cryptography if practically secure obfuscation is possible even in theory— even assuming many things which would make the effort insecure, impractical, or simply useless. It is not currently _practically_ possible in any case.

There isn't— but your question was unrelated to these points as far as I can tell.  There are actually secure ways to achieve the latter other than oracles, however, at least in theory (google coinwitness) but practice is another matter. (And, amusingly, not the former, because SSL doesn't provide non-repudiation)

I actually asked Andy to respond to you and point you to his paper because your post concerned me and I thought the caution and historical context his writeup provided was highly applicable.

What you're asking its not generally possible in an anonymous system.  A signature proves the knowledge of a secret. In an anonymous distributed system there can be no secret. (Ignoring the question of effective program obfuscation being possible— which is hotly debated, and is not currently practical in any case, and even assuming it is, it is if this task can be accomplished without trusted initialization in any case).

If your system was not anonymous but had predefined membership then you could have a distributed secret— but there is no known way to do an ECDSA threshold signature directly. You could however use multisig in an enumerated entity (non-anonymous) distributed (but not decenteralized) system, and you can find a lot of information on that.  Alternatively, in a non-anonymous system multiparty computation could be used to use a shared key which is known to no one— but again not practical at this time, and not really any better than just multisig for this sort of application.

(And I provide this advice in some fear that you'll continue heedlessly to the cautions provided here— but I also want to make it clear that the response to you is fully in good faith, and trying to be helpful)

Generally the questions you're asking indicate to me that you haven't done that basic reading just to understand what things in cryptography are hard/easy and/or dangerous vs safe and that you have a lot of learning left to do that goes beyond the scope of the limited questions you're asking here.

I think oracle work is pretty interesting, but talking about things that would be highly cutting edge cryptography (if possible at all) ... isn't necessary for basic oracle work and should only be done with heavy research and caution.

pseudo-scientific gibberish by people who have no clue what they're talking about.

Please don't waste our time with things like this unless you understand it thoroughly yourself.

I feel like I can't reasonably do that because I can't vet every complaint with high confidence. And I don't want to just sticky vendors who have screwed _me_, while vendors who have screwed other people don't get the sticky.

And even when a company has screwed up some— been a bit late, a bit underspec, shipped a few bad units, or blown off a reasonable customer complaint— shit happens in business, especially one as time crunched for mining hardware.  Sell enough products and some are sure to break, have enough crazy customers and one is sure to try to operate it under-water and demand a refund. Where exactly should I draw the line?

So I think the simpler thing for me to do is to express my own opinion and experience as clearly and earnestly as possible, without pomp and distractions and encourage other people to do the same.


One idea I had was for the community here to operate a secret-shopper program— like a group buy, but which endeavors to covertly purchase one of every device its contributors thinks is sufficiently non-scammy and then reviews the device and rolls the returns into running the program (or paying back the people who sponsored it, if possible)... but the problem is that the results of such a test would come far too late to actually help people in most cases. Maybe a year from now the market will have settled some and doing some more "consumer reports" work will actually work.

I'm speaking from my own experience. Sadly, I can't really afford to buy a couple units from every vendor that comes along.  You'll note that I'm not using any special moderator powers here, e.g. kicking Hashfast's ass for deleting my post in their self moderated thread. I'm here as a (well known) community member.

(Y'all wanna fund me to buy one of every other piece of hardware, I will— and then I'll be glad to blast the everlasting crap out of them when they don't deliver... kinda costly though)

I was in Germany at the time of their announcement and couldn't do my normal due diligence which probably would have saved me— and did from several other vendors before.

From now on I wouldn't agree to a preorder without using a multisig escrow or alike just to prevent the current situation.

I've heard from other people that they haven't spoken up on this because of HashFast's obscene NDA they added after Jan 1st for (some) customers to actually receive anything.  If you'd like to speak up and feel constrained by your agreement, please contact me. I may be able to help.

I'm currently looking for whomever owns hashfastscam.org (or similar domains) and I'm also interested in getting in contact with other hashfast customers in the SF bay area.

And if you are thinking of buying their new product after seeing the above, I think a lot of people here would be very interested in hearing why.

I posted this in the thread Hashfast has created promoting their "Yoli Evo Mining Board up to 800GH/s", advising you that in my expirence if you pay hashfast your funds will just vanish into a black hole of non-delivery and no communication.

Unfortunately, for some reason Hashfast does not want you to see this vital information about the integrity of their operations and the realities of their product non-delivery— so they deleted my post.  I think this is critical information for anyone considering doing business with Hashfast— and especially anyone considering buying in to another pre-order of theirs, so I've created a new thread for it. I can see no reason why these concerns wouldn't be equally applicable to their latest vaporware.

Tor is actually quite easy to bundle, and some other programs (like torchat) already do. I'd assume that someday there would be bitcoin clients offered with bundled tor.

I got five minutes of elevator music and then I bailed out. Didn't want to wait on hold for a half an hour to perhaps get someone who only speaks Japanese— I figure I'll try again once someone reports how it goes, potentially bringing in a translator if required.

Virtually all of those calculators are completely wrong.  You cannot simply calculate entropy of a human sourced password without a statistical model at least as powerful as a typical human mind. Advice like assuming uniform probability over the character set is provably bad (by virtue of people with ~60 character 'brainwallet' keys which have been compromised) and you should feel bad for suggesting it.

This is about the N-th time this bad idea has been brought up here. Please use the search.

I should direct you specific to my last rant on the subject: https://bitcointalk.org/index.php?topic=311000.msg3345309#msg3345309

It's very hard to advance the art here, even with awesome strengthening because there is no salt (and cannot be really effectively— if there were place to store the salt, forget the brain nonsense and just use the salt as a strong random key) and because the data is constantly available to attackers. This means that even if a cracking farm goes slowly— maybe only 1000 attempts per second— once you have a million users using it you're getting an effective rate of a billion attempts per second.  Then you run into the really strong resistance people have had in having effective strengthening: Strengthening enough to be more than the smallest speedbump is just not usable implemented in Javascript and this is constantly used as an excuse to do weak things...

and then you multiply it by the surprisingly unreliability qualities of human memory. It's just a bad idea all around, and it's irresponsible engineering to suggest anyone use this sort of scheme.

Running?

I'm my experience Hashfast's definition of "running" is "running with your money".   I paid 98 BTC to Hashfast and have received absolutely nothing for it. After months of delays, empty promises, and — what now seems to be— outright lies HF is now not responding to me. I have been civil and professional in my communication, and have made offers of compromises beyond what I was obligated to accept under the contract.  To all this hashfast has been about as responsive as a brick wall.

Cointerra OTOH isn't a bunch of thieves, in my experience: they actually shipped me a product, and while it was a bit late they offered me a refund of additional product. I think most buyers would prefer Cointerra to "running".

But this is just my personal experience, but I thought it would be better to point this out and thereby bring it back on topic.

It's real but that doesn't mean it's correct.

We morn and continue on, we've done releases without Gavin. There is no part of the process which is dead in the water without him. Access and records are shared among multiple people.
Anyone with the alert key can send a maximum sequence alert which overrides all other alerts and plays a hard-coded message that the alert key has been compromised... though it's not like anyone really notices or pays attention to alerts.

By this you mean miners, since they can exclude from the consensus votes which they do not like. Bitcoin like systems, at least, are not jamming proof networks.

Eligius won't mine transactions which appear to be abusing the system to store data.

Data in an OP_RETURN should be a hash in any case. Bitcoin is not a distributed data storage, and the cost and risk associated with the data is an externality which you are not paying for.

Few people are independently wealthy enough that they can contribute large amounts of productive time to efforts which have no prospect of putting food on the table for their families. Effort in complicated systems is not a linear process: One man hour from each of ten-thousand people does not bring the same benefits as as a thousand man hours from each of ten people.  One man hour probably doesn't even get a new person through compiling the code, much less understanding it.

The selection of interested and qualified contributors is already thin enough that further limiting it exclusively to monks and millionaires would probably not be healthy for the system.  I too share concerns about distortion from commercial interests (in particular, modern western businesses are often incredibly short sighted and indifferent to non-monetizable rewards like privacy, personal autonomy, or social-cohesion), but when someone profits considerably from a work they have the capability, rational justification, and— arguably— the moral obligation to fund some of it. Commercial interests are an essential and completely legitimate part of the ecosystem and it's good that they be represented too, reservations aside.

In any case: I look forward to your patches.

Directing money to some particular set of pre-ordaned developers (or developer choosing people, or pre-miners) as part of the system is a point of centralization of the sort that Bitcoin seeks to eliminate.  People choosing personally, individually, and autonomously to fund work, contributors, or funding schemes they consider valuable is— I believe— the only method which is in accordance with the implicit principles of the system, though it may not work very well.  Sure, paying people with everyone elses funds is more attractive, but that isn't what infrastructure like Bitcoin is about.

I don't believe this notion of developers having oodles of coin and being somehow selfishly motivated to contribute to preserve their value makes any sense. For one— it has the freeloading problem, assuming someone has oodles of coin they can just sit back and let someone else do the work, or they can contribute and feel that a lot of other people with a lot more coin are unfairly benefiting from their efforts. For another, I don't believe that many / _any_ of us actually have the aforementioned oodles: Being around "early" by no means guaranteed ever having a large amount, nor did it grant magical foresight to not sell most of it at $7, and it makes it much easier to have given away thousands and thousands of it in bounties (which some of us are known to have done), or to have lost it in scams/heists.

Beyond that, I'm not sure that directly profiting by Bitcoin's future value is the best motivational structure in any case: It favors bubble forming activity (why make a profit only on the up when you can take risky actions which create volatility and make money both up and down, over and over again?)

My own motivations are essentially political: I favor a world where people have the option to choose to use trustless systems, and geeky: cryptographic protocols and high-risk embedded software development are exceptionally enjoyable mental puzzles. I'm certain I could get paid to work full time on Bitcoin, but such arrangements unavoidably come with strings attached— even if they're silk strings— which may not be very compatible with my motivations. Things like the foundation may help cut through that, but I think that unless we have multiple such organizations we risk creating dangerous points of centralization.

Another reason that self-investment doesn't make sense as a development funding argument is that it currently appears to be a losing strategy when compared to some of these high profile altcoin efforts. Right now it appears that you can take a poorly substantiated bill of goods and sell the promise of future development to the market and receive thousands of Bitcoins and perhaps never create anything successful at all. The ideas don't even need to be technically sound, the applications don't need to be well defined, the whole thing can even be more or less completely redundant with Bitcoin...

In general I think we should do all the things: We should have developers on company payrolls, community and institution funded developers, freelance agents, academic researchers on grants, bounties for specific functionality, independently wealthy tinkerers, etc.  Though I doubt we'll have any self-investors: They'll chase altcoins and business schemes that have more near-term upside. Any one mechanism has its limitations, hopefully we can support many approaches and gain the advantages of all of them.