No I hadn't seen that. It looks like it is not directly applicable because it assumes a programming cable using a different MCU.

I spent my first 3 hour block of time taking notes on the current state of the project.

The project appears to be using the Xilinx Spartan 6 XC6SLX150-3FGG484C Source, and the Texas Instruments MSP430F5529 , QFP80 package Source. I have not dug out all of the relevant documentation yet, but when I do, I will post a list.

Does the new part resolve questions  Olaf.Mandel raised about the need to multiplex SPI?

ngzhang's post about bitstream sizes concerns me as well. The chosen part has a bitstream weighing in at just over 4MiB. Where do we want to store it? I think the feeling is "on the host". However, this is supposed to be a modular miner with possibly different modules loaded on the same board. I feel we need to do one of:

• Store the bitstream(s) on a flash chip as ngzhang suggested; bitstream updates would be written to the fash by the MCU.
• Work out some way to uniquely indentify each module (model/revison), such that the host knows which image to load. Edit: I suppose the USB ID could be used for that.

I am not sure what the link looked like before editing, but I fail to see how a "no links in e-mail" policy helps anything. If your users don't remember the exact characters making up your website's URL, they may stumble accross a scam site using a similar name. The naive user method of typing the website name in a search engine can actually help in that case.

What you need is a "Plain-text e-mail only" policy: no URLs with one label, with the link going someplace completely different. You should also consider signing all e-mail with the OpenPGP standard; though you would have to educate your users not to trust a PGP signature until they actually verify it.

You may want to skim the  "List of Legal and Illegal Nations." thread in the newbies section. I feel that it is not so black&white. First, you have to decide what Bitcoin is. Is it a currency, commodity, or something else like barter?

I have not yet drafted that letter to Fintrac. Currently, my opinion on the issue remains the same.

40 years is not a long time. There was about 400 years between the industrial revolution and the printing press. The printing press allowed ideas to be widely disseminated cheaply. Copyright law was invented to curtail 'piracy'. I suspect the agricultural revolution took a similar amount of time to convert society from groups of nomads to people with permanent settlements. We are barely scratching the surface of what computers can do: for the most part, they are still emulating the older analog technologies.

The reason I think a secure computer system will take so long is that it is turtles all the way down. There exists a version of the L4 Microkernel that has been verified by an automated proof checker that it implements its advertised interface. To build a secure, proven correct system, you need to do the same for the proof-checker, compiler and any hardware the system will run on. Unless you are buying a mainframe, no computer system is guaranteed to operate as advertised. Mainframes do every calculation twice because the hardware can fail at any time.

My point bringing up copyright law is that modern consumer computers can't be proven correct. Not only are they not guaranteed to work properly, they often have undocumented features built into the hardware and firmware. We have to trust that these features will only be used for censorship and not subverting any popular crypto-currency.

Bitcoin is in its infancy. It is an experiment that will be a lot harder to interpret if the 'protocol' is tweaked too much before even the first drop in block-reward happens. If miners start dropping like flies, there is a solution: pay higher transaction fees. If enough people pay enough transaction fees, mining will become profitable again.

The protocol taking time to adjust to changes in network performance is a good thing. It allows miners to respond to problems on human time scales. It guards against network take-overs during localized outages. The 10 minute block interval reduces the number of stale blocks processed, while still allowing transaction to happen within a reasonable ammount of time.

Put another way: you are thinking in the extreme short term. In my opinion any crypto-currency, no matter how good, will fail in the next 20-50 years. Modern computers are simply too insecure to handle a cryptocurrency. I predict that secure, proven correct on pain of liability, computers of equivalent complexity will take generations (or about 150 years) to develop. IMO, due to the 1996 WIPO 'Copyright' and 'Performances and Phonographs' treaties*, computer security has been regressing for the past 15 years.

* Articles 11 (Copyright)  and 18 (P&P) may be a symptom, rather than a cause of corruption. The fundamental issue is who controls the computer: the user or the manufacturer?
PS: I realize the 'state of the art' has advanced over the past 15 years; but people are still installing insecure sofware (like adobe flash player) as the administrative user. You can't install software making use of DRM as a limited user unless it plays nice in a virtual machine.

My situation has not changed since my PM. What timeline were you thinking of?

Back in June I decided I was not interested in buying mining hardware this year: getting a stable Internet connection with IPv6 support is more important for me. I don't have any bitcoins to my name, and am not mining, so the current low prices are not really bothering me. However, I want this project to succeed, and I know enough to to know you can't ship the prototypes without the software for the microcontroller.

I also know the software will take time to write. It is tedious and safety-critical: just the type of programming I feel I need to learn how to do (Insert rant about inherently insecure computers here). The code is safety critical, because even if it does not burn your house down when a temperature sensor fails, apparently flashing the wrong image can damage the expensive FPGA.

TL;DR: I think I can commit about 3 hours a week almost immediately. I suppose a good first step would be to manually review all of the pin-outs on the proposed PCB.

I will just leave this here:
Topic: Don't forget to rotate your logs...

Ebay only endorses one Escrow service, Escrow.com. You can read eBay's Escrow Policy here. They only recommend an escrow service for vehicle pruchases, but it is allowed for any purchase. There are escrow fees, so you won't be able to under-cut credit card and paypal users (Fee Schedule $25 minimum).

Ecrow.com does not seem to be adverse to an irreversible payment method like bitcoin. Maybe somebody should ask them if they are willing to make bitcoin an official payment method. That should save on bank fees, but may be a regulatory headache. Edit: I decided to use the site feedback/suggestion form.

I suspected it was something like that. eBay does not require PayPal, but you are required to use one of their approved payment methods. See eBay's acceped payments policy for details.

On potential problem with Bitcoin is that it is irreversible. The buyer must trust the seller to ship what was promised. Most the other allowed payment methods can be reversed in the event of a dispute. In their choosing payment methods page, eBay emphasises that every payment method is traceable. Bitcoin is traceable to a point: those that put effort into it may be difficult to associate with their annonymised addresses.

You may want to consider selling your goods in auction sites or forums that allow the use of bitcoin as a payment. Because of the irrevesibility of payment, you may want to consider a forum that allows you to build reputation. Since I don't have any Bitcoin myseft yet, I have not tried any of the sites listed here: trade: Material / Physical Products.

If you keep receiving money in PayPal funds, but don't trust PayPal: why not ask whomever is paying you if they are willing to use bitcoin?

My bank charges about $40/year for a small (5x1.5x24) safe-deposit box. It is my responsiblity to move the coins in and out securely. I think charging a percentage rather than a flat rate may be problematic.

The advantage of a local safe-deposit box is that I can finally get around to having verified off-site back-ups.

The disadvantage is that I may raise all kinds of red flags and get reported as a money launderer. Suspicious activity may include: frequent visits, visits with a backpack large enough to hide currency, visiting ATM after visiting safe-deposit box, renting safe-deposit box not at your nearest branch, etc.

I don't really trust any protocol that relies on "burning" bitcoins. How do I know that the "burner" address really is an invalid address? It is possible to have an address made up of a human-readable string just by chance.

Edit: I know it is unlikely, but it would make deliberate address collisions much worse if they ever become computationally feasable.

It is sad how little the world wide web has advanced over the past 15 years. With all the complaints about not being able to zoom, I was wondering why you weren't using VRML.

The odds of processing the next block: (your (or your pool's) hash rate)/(everybody's hash rate)

One block is supposed to be generated every 10 minutes on average. At the moment, each block mints 50 coins. Within 2 years, that will drop to 25 coins.

If you are solo mining, the any "BTC/day" formula is fairly pointless. You can get lucky and process a block right away, or you can get unlucky and never process a block as the network hash rate outpaces your hash rate.

With pooled mining, people pool thier hash rate to get a more reliable, but smaller pay-out. This has some risk, as the mining pools must be trusted not to tamper with the network.

You can't do a security audit of the type you ask for on with modern computers. They are simply too complex. If your attacker has enough resources, they may be able to embed secret code in you network adapter that phones home for instructions upon seeing a specific 128 bit number. A second number immediately following can encode the address of the server to contact. Black-box testing is useless in this case because the search space is too large.

Some software, such as the L4 Microkernel has been formally proven to be correct (assuming the machine checker and compiler are correct).

For usable software, you may want to investigate OpenBSD. While not formally proven correct, they regularly audit the code for known security vulnerabilities. Be sure to read their Security Page for more information.

If you insist on using Windows/Linux/MacOS, be sure to use your computer as a limited user. I would avoid logging in as the administrative user even to install software. In windows, most software refuses to install under a limited user. The only time the administrative user should install software is if you want all users on the machine to use the same software.

For some software like Adobe Flash I have found the easiest way to install it is install it as the Administrative user, then manually disable the browser extensions as the administrative user. This is an error-prone process. For untrusted software that you don't know what it does, you should definitely install it as a limited user. If the software requires administrative access, you can install it on a test machine; virtual or not. At the risk of multiple personality disorder, you may want to create separate user accounts for different high-risk activities. One for playing flash videos/games, one for bitcoin, one for business, and one for personal use. This only improves security if all of those accounts are limited users. This implies that your "gaming" machine should be separate from your bitcoin machine: most games have DRM that requires administrative access to install (and sometimes even play).

That is not exactly true. Most bitcoin software, including bitcoincharts.com does some incidental Floating-point calculations for display purposes.

Nobody seems to implement The OpenPGP standard.

Of course, even if a signed e-mail is needed to reset a password, you still have the compromised computer problem. You can mitigate this my having your "very secure" key on one computer, then signing keys for your less secure computers stating you trust those computers almost as much as the secure one (you would do this for web-mail as well). Every time your keys expire, you have to use them to sign your new keys as well. Presumably, you have to hold onto your expired keys indefinitely so that you can read any encrypted e-mails at a later date.

I don't think computers will be mature until the mid 22nd century anyway.

Edit: The way to avoid being bound to a signing authority is to publish your own keys. Your recipients then have to know enough to confirm the public key fingerprint using out-of-band communication. I tried to do this for a local bank and was told that the actual server would be different in different regions of the country.

It has nothing to do with "know your customer". When you log into the site you have to provide your credentials. I think it is more likely that they try to use IP addresses to detect fraud. With IPv4 addresses running out in the next 2 years, more and more users are going to be using shared IP addresses until they make the leap to IPv6. I don't see how they are going to distinguish between ISP-level NAT and an annonymising proxy.

If I set up my router to tunnel all HTTP traffic, I would have to take  specific steps to avoid using my "proxy." I suppose the easiest way of doing it would be to leave HTTPS traffic alone (since it is supposed to be encrypted and authenticated anyway). Paxum appears to use HTTPS by default.

Haven't you heard of externalities? Corporations can hurt you even if you are not a customer or employee.

Right now the entertainment industry is dictating terms to the computer/electronic industry: even though the latter is a much larger industry. It means that since 2006, it is much harder to find a general-purpose computer. If you think your computer is general-purpose, take a second look at any paper work or EULAs that came with it.

The free market relies on the price system. Unless everybody switched to bitcoin, there is a lot of government intervention there. Even if the world adopts bitcoin, government intervention is going to be needed for contract enforcement.

I was under the impression the card was open to all customers, but denominated in US funds.