At this difficulty, I'm not sure this pool is sustainable at this hash rate.

80 hours per block (average) is way too much variance.  I feel like I am losing money mining here and it is my own pool.

But the last thing I want to do is shut it down.  There are not enough pools and too much mining power is in too few.

It is entirely possible that I should look at bitcoin addresses beyond the first three characters and everyone should ignore this thread.

168JPchhq3U8GMj89ht21FYPV9eX3Xf3kp != 168hbE5b23GprdVS1xovBXfUhpXGVJyKhX

commands.py 260:

        for k, v in self.wallet.labels.items():
            if change_addr and v == change_addr:
                change_addr = k

This is probably it.  I think this is saying if one of the inputs is a change address, just use it as the output change address.

Offending bit seems to be:

wallet.py, line 1206:

change_addr = self.accounts[account].get_addresses(1)[-self.gap_limit_for_change]

Read that as, get address from chain 1 (change chain) and go 3 from the end of the list (gap_limit_for_change defaults to 3).

This seems fine, if a transaction is confirmed the list will be extended so -3 should generally be an unused change address.

However, this doesn't jive with my testing.  So I'm guessing that there is some code explicitly reusing a change address if all the funds come from a single change address.  I haven't found that yet.

Interesting.  If there is a time/confirmations component I don't mind as much but I'm not sure there is.

For example: https://blockchain.info/tx/6d97e06863799c1b868199a7a774a88a1e7c6a6c5e5a22b2959a9c50ef4ebe63

This one is using Electrum and nothing changed on that wallet for a long time before.

Can you tell which output is the payment and which is the change?

https://blockchain.info/tx/f0404453e61351cdec2e0ad849df4624536d1c0ef62ae5dcb2253a3bddca6013

Yes, of course you can.  Electrum is sending the change back to one of its change addresses (18hvXvux6gvDqWac2Lyi5vwp75fZK3jEUY).

I think this is a problem and Electrum should use a new change addresses rather than reusing one.

I guess I couldn't change it now.

The wallet in question.  The gap limit will be retained after setting it in 1.8 as far as I can tell.

Instructions:
Load wallet with 1.8.x and set the gap limit.  Exit.  Load in 1.9.x and you are fine.

hidden to well for me to find apparently.

So whatever this thread spam is aside, I've been thinking about that.

For example, if someone wanted to give me an electrum master public key, I could send payments for them to unused addresses on that chain.  I'd be glad to support any other deterministic schemes I could find software for.

Example (not implemented, stated as an example):
A person mines with a username of an electrum master public key.  In the suckers list and status pages HHTT would show something like HMAC(mpk, 'hhtt').substring(0, 20).  That way, no one would be able to see the who mpk.  Then when doing a payment, I would find an unused address on that mpk chain and send the payment to that.  I would also stop posting transaction IDs to make it harder to figure out who each miner was in the payment transactions.  Still possible, but hard after the fact.  The transactions would of course still be visible, but not how much each miner was paid and which miner is which.

Transaction is:
https://blockchain.info/tx/8e9adefd0608b4525d2d35e80247911516d2afcfee8d6bb121c63197ef275df0?show_adv=true

with 18.7908 BTC fee.

I wonder if it was a poorly constructed transaction by hand or a wonky fee calculator (that transaction is indeed huge).

Yes.  For what it is worth, I use it extensively.  I don't know of any security audit done but it has been around for a good amount of time without any major issues being discovered.

And the simplicity of being able to recover your wallet from your 12 word seed is very powerful in helping users avoid common mistakes.

I am mostly talking about windows and linux clients.  The android is somewhat more experimental.  I've used it but I wouldn't store a lot of bitcoin there.

Unless I am just not seeing it, the gap limit option seems to not be there anymore in electrum 1.9 on windows.

Due to some silly that I'd rather not get into I need to restore a wallet with a gap limit of around 25.

I managed to work around by loading the wallet in 1.8.1, setting the gap limit and then loading it in 1.9 just fine.

An attacker needs the seed.  If you are using a password their options are:

If they have physical access to your stuff:
- Read the piece of paper you probably have your seed words on

If they can run things on your computer (malware):
- Read the seed out of your computers RAM when you type in your password
- Read the electrum files off your drive and read your password when you type it
- Read the electrum files off your drive and brute force your password

Maybe we have broken numbers and they don't work correctly anymore.

us-central-1b is down for maintenance for a week.  Once that is back I'll remove us-central-2a since that is going to be deprecated in December.

I've added eu-west-1b to get us back up to four nodes.

Yeah, if you guys could go ahead and find some blocks that would be great.

Yeah.  I am not sure about the Trezor.  Can you load a seed onto it or is having it generate a new seed the only option?  Also, I have a bunch of wallets and wouldn't want to have to buy a trezor for each.

Supposing I have enough bitcoin to justify either expense in the name of security, which would be better:

A) A netbook running linux (probably debian) and electrum.  I would use it for nothing else and would use disk encryption.

B) My existing moderately secure computers running electrum and using Trezor devices for high value wallets?
(bitcointrezor.com)

Anyone have any arguments for either?  I am somewhat inclined towards netbook but that is mostly because I can get my hands on one now.