So how would y'all feel about a coin that launched with nothing but a daemon and a GUI client that knows how to mine?  And a dev that really and truly doesn't give a shit about making money?  Seriously, consider a dev who doesn't give a shit about exchanges, market valuation, reddit channels, social media, promotion, getting the credit, and doesn't even have any apparent interest in making money?  What if he also didn't give a shit about GPU miners, block chain explorers, etc, except to politely thank anyone who created one?

'Cause I think that's what Bitcoin was around 2009.   Sure, Satoshi mined the hell out of it - probably owns about a million coins or a little more.  But he didn't give a shit about selling them for money.  He cared about securing the blockchain. It's six years later, and not only did Satoshi never pump and dump, he never sold a single coin as far as anyone can tell.

The difference between that kind of launch and a typical altcoin launch is absolutely stunning.

Oh wait.  I realize I used jargon above.

"export mode" encryption refers to the kind of crypto US companies were allowed to export to other countries for a couple of decades before the restriction was lifted more than 15 years ago now (Gods I feel old).

It allows symmetric ciphers with keys no more than 40-bits long and asymmetric ciphers with equivalent resistance (ie, no significant resistance for today's machines) to brute-force attacks.
 

Seriously?  If that's the case, they're headed for a major crash, and not too far in the future.  That kind of thing only happens in a major bubble, or in the presence of incredibly stupid monetary policy.  That's a sign as strong as no-income, no-assets, zero-down-payment low interest loans in the US mortgage market was.  

Not really.  Connectivity really sucks up there.  It costs huge money to get good Internet and electrical service installed once you go north of the Arctic Circle. 

I don't know if anybody else has made this point yet, but Bitcoin has not been banned as such in China. 

What they have done is banned banks, exchanges, and money transmitters from dealing in it.  But if individuals use it to pay for things, or accept it as payment, or use state-sponsored electricity to run hashing farms, that's still okay under their laws.

What this tells us is that there are whales who are acquiring bitcoin  but are willing to pay a 30% premium on coins they buy offmarket just to keep the public market at a low price.  

This is also a good explanation for the hard price support we've seen in the $250 range -- whenever the price drops to about there, trade volume goes up dramatically, and this is happening while the smaller holders are getting scared of the market being low and cashing out.  These whales have already been quietly buying in large volume, but in small amounts and at price lows, so as to not junkstart the market.

They're afraid that if they moved on the public market, they'd set off another bubble and wouldn't be able to continue acquiring coins there cheaply.

And they clearly have the wealth to move on the public market, set off another bubble, and then sell the coins they've bought at market lows or offmarket, after another huge price spike and runup.  Long story short, it looks like they're preparing to run the big-money version of a pump-and-dump.

This is what I call "Interesting."  

I know that I've got a script running in the background on my own computer that will text message me the instant any of Satoshi's identified coins move.  

I expect major market movements (I wouldn't call it a "panic" but yes, major movements) because right now the assumption (with various degrees of confidence) that Satoshi will continue to not move those coins is built into the pricing structure.  In fact I bet the Winklevii and their sort, who cannot possibly conceive of someone being uninterested in spending any of his vast wealth, have assumed that because he hasn't, he can't.  

I have assumed that either he has burned his keys along with the "Satoshi" identity (if you don't want to be outed, you leave no clues, including keys.) or has refrained from using them, partly because moving any of his wealth would risk disclosing his identity, partly because he knows it would cause major movements in Bitcoin, and partly because I think he's genuinely uninterested in personal wealth.  He was talking about what Bitcoin could do for everybody, not what it could do for himself.

He is not the kind of person who would ever "lose" keys, I don't think.  But yes, there is a distinct possibility that he has deleted them, on purpose, when he walked away.

I've heard people say that several times.  I have not yet understood the reasoning behind it.  It's not as though Silk Road was operating to raise money for charities.

Sergio Lerner has spent more time and effort than is really healthy tracking down which Bitcoin addresses belong to Satoshi.  You can read his opinions, and his reasoning/methodology, here. 

https://bitslog.wordpress.com/2013/04/17/the-well-deserved-fortune-of-satoshi-nakamoto/

As best he can make out, Satoshi has something 1.14M bitcoins. 

As such, Satoshi has already made history, back when Bitcoin was poking its nose above $1000 per coin, as the first anonymous billionaire of the 21st Century.

But as far as I could tell, he only mined to secure the blockchain.  I don't think he has any interest in those coins.

What goes through the heads of altcoiners is scads of coins with 30-second blocks -- which, if you do the math, means they're already doing up to 20MBytes worth of transactions in Bitcoin's nominal block generation time. 

At least they could be, if anybody actually used them.

IIRC they're selling two lots of 20K bitcoins and one lot of 10K bitcoins.  At market prices, nobody with less than $2.8M needs to worry about not getting in on the action.

Does the script you're using allow people without the private key for the txOut, to identify which txOuts in the spin-off chain correspond to which txOuts in the original bitcoin chain? 

IOW, can you publicly prove that you *did* include all the P2PkH transactions, short of someone producing the private key and spending them?  Can people who are running your client prove it? 

Blockchain pruning is entirely do-able.

We've already had several altcoins launch (most recently Clams) with an enormous genesis block that contained a "snapshot" of current bitcoin txouts as of the time the genesis block was composed. 

Bitcoin could also switch to a new genesis block.  Here is how it would work.

1. New client is created and starts publishing a new block version, indicating a "hard fork" is coming.

2. New client waits for 95% majority on its block version, then starts publishing a new block format, which contains a hash of the current set of unspent txouts.  This TxOut set is "stripped" of contextual information including its block height and the transaction in which it originated, just as the "spin-off chains" among altcoins are made. Essentially it's just amount and key hash. 

3. Everybody can check that the new blocks are descended from the original genesis block (continuity hash) *and* that the entire set of unspent txouts is one that agrees with their current image of the universe.

4. One thousand blocks later (so well after any possibility of an orphaned chain), a special "MegaBlock" goes into the block chain.  It contains the set of unspent TxOuts that corresponds to the hash that was created for the first new-format block.  Thereafter, TxOuts created before that snapshot may not be used in transactions; however, a wallet containing the key that would have spent such a TxOut can now use the same key to spend a corresponding unspent TxOut that's published in the MegaBlock. 

5. After the MegaBlock everybody can still use the existing continuity hash to ensure that the block is descended from the first of the new-format blocks, and use the MegaBlock itself to verify unspent txOuts.  And it's up to them whether they keep the block chain back to the original Genesis block or not.

6. With the new block format containing a hash of the current unspent TxOut set, everybody who's following along can check that their TxOut set matches the hash that's published in every block.  Additionally, a new MegaBlock can be published every few years, allowing the block chain previous to it to be dropped.

This could be done differently:  Instead of having a Megablock the new block format could just reserve some space in every block to publish replacements for the oldest unreplaced txOuts, enabling the blocks prior to the block containing the last replaced txOut to be dropped (a "rolling root").  That would be more efficient if the blocks containing the txOuts are uniformly more than 2 years old.  But, all at once and nothing first is a heck of a lot easier to check and be sure you've got it right.

Anyway, my point is that blockchain pruning is not a technological risk; it's something that there are known and implementable ways to do.  I've outlined one such way, and as protocol, it checks.  It's not terribly efficient, but heck, we've been broadcasting every transaction twice for years now so efficiency is probably not a showstopper.

It would really help if, instead of just mentioning a name or linking a website, you actually say, you know, using sentences and so on, what you think is innovative about the thing you're talking about. 

Cause a bunch of names and links isn't talking about innovation.

The miners are hashing the block header, which is always the same size regardless of how many tx are in a block.

The block header contains a hash of all the transactions, but it doesn't contain the transactions.

somebody's sure as heck making a move. 

Okay, I unkinked it.  I finally know the RIGHT way to do a PoW/PoS hybrid coin.  I haven't made the blog post yet, but my thoughts drifted back to it in the context of another discussion and I thought about how to get the people who provide security paid in proportion to the security they provide, and I sat down and did math and eventually came up with something that will definitely work.  The coin remains a PoW/PoS hybrid forever - but proof-of-stake becomes more important (because the coin supply is increasing) so proof-of-work becomes proportionally less important as time goes on.

First of all, there's a mining subsidy for hashing.  It could decline over time - that's up to whoever sets the coin parameters - but it need not.  For purposes of the example, I'm going to say the miner gets one 'dirt' every time he mines a block, forever, but this becomes less important as time goes on because the stake portion of the system starts dominating security - and eventually provides the bulk of the awards generated by the coin. 

When a transaction is made, it has to be 'staked' - that is, it has to commit to a past block and can be included only in block chains generated from that block.  This means that if an attacker is mining a chain that he has not revealed, transactions made by other people cannot be included in his attack chain.  Transactions once staked, have become a finite resource that can be counted in support of one side of a fork and CANNOT be used to support the other.  So the only txIns that can count for both chains are the ones that are explicitly double spent by their owners.  If you stake your transaction on the losing side of a block chain fork, the transaction 'Never Happened' and cannot be replayed into the new block chain.

The owner of each txIn gets "Head Stake" (calculating as compounding interest) for the interval between the generation of the txOut and the block where it gets staked as a txIn.  The miner gets "Tail Stake" - the same rate of interest, but for the interval between the block the transaction is staked and the block the miner puts the transaction in. 

Where "Split Stake Awards" is defined as the amount of stake interest awarded for a single block for all txouts created before the fork and used as txIns in transactions staked after the fork, and the Mining Subsidy is the subsidy for a single block, the priority of any chain as compared to another is calculated as

(Hashes since fork) X (Split Stake Awards + Mining Subsidy)

Which is to say, the miners and the stakers are counted as amplifying the security of the total hashes by exactly the same proportion in which they get paid on a single block when they commit resources that can be used only once to one chain and not the other.

This starts out as straight proof-of-work, because there is NO split stake award for the first block, but after a while, depending on the staking interest rate, split stake awards get bigger than mining subsidies.  By the time we're talking about a block chain that carries a significant transaction volume, split stake awards would be the main reason why one fork is accepted over the other given remotely comparable amounts of hashing.  The odds of forking the chain with a block chain that you've prepared in secret would rapidly approach nil unless you have more than half of the (dirt X hashing power), and the importance of the dirt would far exceed the importance of hashing power.

Mining remains permissionless, and even if somebody with more wealth might be able to produce a higher-priority block because they stake their own coins, it won't matter if their block comes out more than a few seconds after yours.

Cryddit

Okay, I unkinked it.  I finally know the RIGHT way to do a PoW/PoS hybrid coin.  I haven't made the blog post yet, but my thoughts drifted back to it in the context of another discussion and I thought about how to get the people who provide security paid in proportion to the security they provide, and I sat down and did math and eventually came up with something that will definitely work.  The coin remains a PoW/PoS hybrid forever - but proof-of-stake becomes more important (because the coin supply is increasing) so proof-of-work becomes proportionally less important as time goes on.

First of all, there's a mining subsidy for hashing.  It could decline over time - that's up to whoever sets the coin parameters - but it need not.  For purposes of the example, I'm going to say the miner gets one 'dirt' every time he mines a block, forever, but this becomes less important as time goes on because the stake portion of the system starts dominating security - and eventually provides the bulk of the awards generated by the coin.  

When a transaction is made, it has to be 'staked' - that is, it has to commit to a past block and can be included only in block chains generated from that block.  This means that if an attacker is mining a chain that he has not revealed, transactions made by other people cannot be included in his attack chain.  Transactions once staked, have become a finite resource that can be counted in support of one side of a fork and CANNOT be used to support the other.  So the only txIns that can count for both chains are the ones that are explicitly double spent by their owners.  If you stake your transaction on the losing side of a block chain fork, the transaction 'Never Happened' and cannot be replayed into the new block chain.

The owner of each txIn gets "Head Stake" (calculating as compounding interest) for the interval between the generation of the txOut and the block where it gets staked as a txIn.  The miner gets "Tail Stake" - the same rate of interest, but for the interval between the block the transaction is staked and the block the miner puts the transaction in.  

Where "Split Stake Awards" is defined as the amount of stake interest awarded for a single block for all txouts created before the fork and used as txIns in transactions staked after the fork, and the Mining Subsidy is the subsidy for a single block, the priority of any chain as compared to another is calculated as

(Hashes since fork) X (Split Stake Awards + Mining Subsidy)

Which is to say, the miners and the stakers are counted as amplifying the security of the total hashes by exactly the same proportion in which they get paid on a single block when they commit resources that can be used only once to one chain and not the other.

This starts out as straight proof-of-work, because there is NO split stake award for the first block, but after a while, depending on the staking interest rate, split stake awards get bigger than mining subsidies.  By the time we're talking about a block chain that carries a significant transaction volume, split stake awards would be the main reason why one fork is accepted over the other given remotely comparable amounts of hashing.  The odds of forking the chain with a block chain that you've prepared in secret would rapidly approach nil unless you have more than half of the (dirt X hashing power), and the importance of the dirt would far exceed the importance of hashing power.

Cryddit

I could be wrong about this but I'm actually thinking that this is an event that has already been priced into the market.  People with deep enough pockets to move the market won't be surprised by this. 

On the contrary, I wonder if some of them may have been trying to deliberately keep the price from rising until after this auction.  We've been seeing market dumps strategically timed for the hours on weekends when the markets are thinnest and the dumps will move the price by the greatest amount possible. 

We will see if people trying to have disproportionate effect on the market by moving when it's thin start buying on the thin hours after the sale.  It will be interesting. 

Cryddit