"Hash alternation" doesn't do anything interesting except if no one cares about the coin in question... a single part can be made that does N functions, and you even can get some density advantages since part of the circuit will be power gated half the time.

Most of these "51% problem" posts and their laughable "solutions" seem to stem from really having no concept of what Bitcoin is actually doing.  Bitcoin decides virtually everything trustlessly, but there is no way to have a autonomous, decentralized, and universally consistent view of ordering— it's physically impossible because your view of what order events happen depends on your relative positions— so in Bitcoin we compromise autonomy and use an election to determine transaction ordering (and only ordering!).

Elections online aren't secure— especially not if they're anonymous—, someone will just adopt N identities and stuff the ballot. So instead we give up the pretext of being "fair" and instead require the voter to sacrifice something scarce and valuable (electrical power) to build a cheaply verified proof in order to participate in the election... then hope than an economic alignment is created: people spend their valuable power only on the one chain that is most likely to be the surviving consensus.  Of course, any time you have an election you permit the majority to overrule the minority— the alternative is that the minority overrules the majority.

PoS, sadly, doesn't appear to be workable for providing the scarcity in such a system. The problem with proof of stake is that, ironically, there is nothing at stake: if your stake mining doesn't make it into the longest chain you've lost nothing. So you get attacks like stake miners considering all possible forking histories in order to computationally search out histories where their stake is selected every block (how lucky!) and these attacks have actually been performed against deployed systems. You can try to patch around this (e.g. by bringing PoW back and using PoW to do the stake election) but it's really just disguising a far more fundamental shortfall that in PoS because you lose nothing in mining forks (or at least any possible fork that doesn't reverse payments to you and yours) thats the overwhelmingly best rational way to mine... so in a hypothetical world where users were short-term-rational PoS would instantly fail, and even in the real world there turn out to be ugly attacks.

Sure, if you want to do things like having a developer broadcasting block signatures you can get something that is hard for an anonymous party to attack— of course it's then at the whim of the developer to trigger a huge reorg, partition the network, etc... and if you want that kind of centralization you can create a far far more efficient system than a blockchain.

Nah. They control the equipment, so at any instant they could be using the same hashpower to solo mine it with the same effect. It's absolutely equivalent in terms of ability to double spend an unconfirmed transaction. (And highlights that cex.io having physical control of the hashpower is actually the root concern, not what 'pool' their hashpower was showing up on 12 hours ago).

If you step back and think about it, you'll realize the argument there is somewhat incoherent. Basically you're saying GBT gives the actual miner control of what their hashpower does and so perhaps they could misuse it. But since the hashpower is physically in their hands— they already have that control going forward no matter what.

It's also the case that GBT itself is sort of neutral on the question of miner control, with stratum a pool couldn't implement miners choosing their own transactions, with GBT they could allow it or not (and at the moment, I don't think that any centralized GBT using pools actually allow it: it complicates pooling for the transaction fees). Even not allowing the mutation at least the miner can be aware of what they're being asked to mine, though thats sort of useless without smarter miner software that does something useful with that knoweldge.

They're up now.

I hope no one minds, but I tweaked the subject to reflect the current prices.

I also notice the website claims "in stock" ... this seems a bit deceptive to me.

Please be specific or it's just spreading FUD:

I can personally attest P2Pool works great on Avalon, it also works great on Bitmain Antminer (w/ firmware update, the original firmware is buggy).

I know from others that it works fine on BFL and it works on Asicminer blades so long as the +1 option is added to the username.

Pooling can't be limited or banned because there is no admissions control on mining. Everyone can mine without asking permission, and if it were otherwise it would be a point of centralization.
There is, P2Pool, which is a fully decentralized mining pool based on the same technology as Bitcoin. Unfortunately a lot of miners operated under an incorrect understanding of mining where they believe their income is proportional to the size of the pool that they are on based under a misunderstanding of mining as a race instead of as a poisson process and so they try to mine at the biggest pool. As a result we've seen a continual churn where a large pool gets a lucky run and appears larger than it is on some charts and then people flock over and it bloats up, then people freak out.

The fact of the matter is that "51%" is hardly more concerning than 40%. If a party controlling 40% hashpower tries, they'll successfully reverse 6 confirms 50% of the time. That someone could control so much hashpower by compromising a single party or system is thoroughly outside of our security model, even if it isn't quite "51%".

In any case P2Pool suffers for four reasons: (0) It's moderately small, so none of the people who misunderstand mining as a race will use it. (1) It's poorly misunderstood and frequently hit with FUD: people saying it has poor income (actually no, its all time income is 107% of expectation) or high orphans (actually, in the last several months it has had something like 0.1% orphans, an order of magnitude below other pools) (2) it takes more effort to setup, you have to run a Bitcoin node with it, (3) it takes more resources to run—  there are people with tens of thousands of dollars of mining gear running it off a crappy flaky raspberry pi— it makes no sense, but thats how it is P2pool needs a reasonably competent (e.g. strong laptop or a desktop machine) hosting the miners to really work well.

Related to (3) is that P2Pool has no snazzy marketing or slick webpage. There are other pools with pool-fee income over half a million dollars per month that can afford some snazzy UI work, but P2Pool is a volunteer open source work funded by donations when its funded at all.

There are _other_ ways to to do more decentralized mining.  The GBT protocol offered by Eligius and a few other pools was intended as a start for making the classical centralized pooling models more decentralized but it has not been widely adopted. If it were you could have things like miners generating their own work and only using a centralized (and potentially distributed) pool to coordinate sharing payouts... but there is basically no active work on that right now.

Seems I spoke too soon, USPS made another attempt (After saying they were returning it!) and it went through, and I also received an email confirmation that they received it.

Cheers.

(also, as an aside, can the 'doxing'-ish stuff go someplace else unless it's really obviously interesting and relevant? it's making it hard to track actual news in the thread. If you find out one of HF's executives was convicted of fraud or something, thats news— but the rest of the details are only useful in so far as they may help people track them down in future lawsuits if needed... it doesn't rise to the level of news.)

Since this is the _hardware_ subforum, perhaps it would be useful to discus how hardware purchases create or prevent this outcome?

My understanding is that a substantial portion of ghash.io's hashpower is a result of income from bitfury sales being reinvested by the manufacturer into building hardware for their own business.

It's always been my view that you should never buy hardware from someone who is making hardware to mine for themselves (or the same via some multi-company shell game)— you're effectively paying someone to compete with you, bad business.  It's a hard position to take when the party in question has some of the better hardware available though.
 

So it appears the certified letter I sent to
Has failed:
The San Jose one is still in route, but I had lower expectations of that one being successful.

Time for a process server I guess.

It's because their payout is higher than the actual expectation once you consider orphans. It ends up being a transfer of value from those with the most weighed hash-power when the pool is unlucky those with the most weighed hashpower when its lucky. Fortunately thats still not hoppable since you don't know in advance which group you'll be in, but it's clearly unoptimal.  I'd tried to talk wizkid into paying 99% of PPS to the regular share queue and have the remaining 1% set aside and moved to a queue which is only paid after all the pay before it was paid out, but he was worried that other pools would claim that it was a fee. (Ideally the fraction would be determined by the true expected reward, but thats hard to estimate and it looks like eligius has a ~1% orphan rate, and indeed P2Pools' appears to be much lower)

I'm glad p2pool uses a pay-per last-n derived method where you don't have to worry about that kind of open loop mismatch.

Bitcoin can provide the "escrow" part itself, which eliminates the risk of the escrow running with the funds.  You just need to supply the arbitration.

See: https://www.bitrated.com/

I've see a few complaints and personally experienced BC.i apparently randomly switching from Bitcoin to "USD" when I follow links there. Anyone know whats up with that?

You also have to promise to disparage them.

Mining bitcoins on gpus is a waste of power, and probably your time.

That wasn't either of the two addresses I had for them. The two I had were:

and

Morici v Hashfast Technologies
Case5:14-cv-00087

http://198.27.67.106/hashfast.pdf

[quote author=dogjunior link=topic=392860.msg4370599#msg4370599 date=1389119660
It's called game theory. The more you can convince people not to buy miners with the genesis block the slower difficulty goes up. Those that have miners make more BTC and they tell you to buy BTC instead which then drives prices up.
[/quote]Thats certainly not my motivation, enough to the point that I put my money where my mouth is offering to sell the income stream from some of the overpriced hardware: https://bitcointalk.org/index.php?topic=395243.0

I might be willing to sell the income of an antminer for 3 BTC, though the ships-now is more attractive.

Making it expensive to create identities directly undermines the goal of having mining not controlled by particular parties. Moreover, any such scheme has some optimal strategy where the cost of identities vs exclusion are counter balanced, and in general complicated strategy favors larger parties (who can afford to figure out and implement the strategy). Also even if you had a perfect identity scheme (which could trivially be used to impose external control by ordering the identity holders to do things, but we'll ignore that) it wouldn't work because parties could permit others to use their identity.  (E.g. to mine at this pool you must obtain an identity and allow the pool to use it).

In any case, it's hard to comment with more than these sorts of arm-waving generalities against a proposal which is itself an arm-waving generality.

Please take the time to concretely work out how to intend to issue and manage these identities, and what effect(s) you have them to have before asking other people to spend time considering your idea. Otherwise any reviewers time investment is unboudned as you can continually reveal previously undisclosed features which patch over their concerns one by one.
 

Many people have spent large amounts of time looking at far more mining data than you have available. (e.g. hundreds of gigabytes of shares) and have not found anything terribly useful.

Because the distribution of input data is not believed to matter miners do all sorts of things which bias their inputs e.g. increment starting at zero or only sweep part of the nonce range, etc. which can serve to create apparent after the fact biases which aren't real and can be hard to sort out.

The fact early termination winnowing would be useful if available isn't lost on anyone— its an oft cited reason why $otherfunction wouldn't make a good POW. (E.g. you can rapidly tell trivial 3sat problems from potentially hard ones, so you grind the problem generator and then use a fast solver for trivial problems). Many (most?) miners make use of the fact that you can terminate sha256 a couple rounds early with the h==0 constraint.

If you've found something that lets you mine faster— congrats. I look forward to hearing about your major mining income or reading your paper.

Good luck.

Please don't bump many months old threads with new posts that are only partially related. The prior post was about using the fact that (rarely, sadly) the public key is not known, but only its hash to provide some recovery in the event of a serious advance in ECDSA.

You're asking how a Guy Fawkes signature would work generally.

By itself, this kind of scheme has significant problems with denial of service attacks. Potentially you could invoke POW to help, but doing so likely just shifts around the denial of service problems.

If you're actually just looking for hash based alternatives for signing, what you want is a lamport signature. Also note that if you mine a lamport signature but tree-structure the transaction so that you can prune the bulk of the signature the long term result left in the chain is the same as a Guy Fawkes signature... but you have instant verifiability, greatly simplifying the DOS situation.

Separately, it's possible to instead use a zero knoweldge signature of knowledge to prove you know the pre-image of a hash without revealing it. But all the schemes for this that I know of which have proof size competitive with a lamport signature also require asymmetric cryptographic constructs which might fall based on the same compromise as ECDSA.

The criteria to include a transaction?  It has to satisfy the rules specified in the scriptPubKeys in the coins that it is spending. There is no way for a past scriptpubkey to impose constraints on future script pubkeys (doing so can have some pretty negative results if used poorly), so I don't believe there is any straightforward way to implement a Guy Fawkes signature in Bitcoin without at least soft-forking changes to the protocol... but that no loss without a way to prevent DOS.