He put the limit in the source code.
It's up to you to find a quote of him suggesting it'd have to be removed.
This. Furthermore, I think this is the most interesting part of Oleg's post: If the miners hit the block limit, it would only mean one thing: there is a desire to process more transactions, but historical untested agreement does not allow it. Then miners and other full nodes will either raise the limit (the smaller the increment, the bigger support it will have), or transaction fees will go up as people compete for the space in blocks. As transaction fees go up, not only miners, but also regular users and service companies using the full blockchain would desire increment of the limit. So it will be even easier to achieve a consensus about raising the limit.
My prediction is that the block size limit will probably never be abolished, but will be constantly pushed up by a factor of two as amount of transactions approaches the limit.
In other words, there's no need to fix what is not broken. When and if the block size limit is hit and transactions start competing for block space, resulting in transaction fees going up, we can discuss about doubling the block size limit just because, probably, the market will ask for it. The key word here is *probably*: you need to hit such limit to see if the market prefers bigger blocks or higher fees. On that matter I agree with Oleg and I think the market will push for biggers blocks and more transactions, but anyhow it is something that has to be seen when such limit is hit. What is completely ridiculous is to arbitrarily decide to increase the block size limit by a factor of 20 (!!!!!) just because "production quotas do not work", as Gavin suggests in his last blog post. I'd really like to hear his position about the main "production quota" in bitcoin: the hard limit in the money supply (max. 21M Bitcoin). Maybe his next proposal is to increase it to 210 million bitcoin because, you know, "production quotas do not work". |
|
|
|
I'm really puzzled/shocked by Gavin's new blog post: People want to maximize the price paid to miners as fees when the block reward drops to zero-- or, at least, have some assurance that there is enough diverse mining to protect the chain against potential attackers.
And people believe the way to accomplish that is to artificially limit the number of transactions below the technical capabilities of the network.
But production quotas don't work. Limit the number of transactions that can happen on the Bitcoin blockchain, and instead of paying higher fees people will perform their transactions somewhere else. I have no idea whether that would be Western Union, an alt-coin, a sidechain, or good old fashioned SWIFT wire transfers, but I do know that nobody besides a central government can force people to use product with higher costs, if there is a lower-cost option available.
So how will blockchain security get paid for in the future?
I honestly don't know.
For the uneducated: a production quota is just a limit to production used to control the supply of a certain good. So, Gavin: isn't the hard limit to 21M bitcoins a production quota? YES IT IS. So now "production quotas" do not work? What's next, will you argue in the future that we should increase the Bitcoin supply to 210M simply because "production quotas don't work"? Wow. Just wow. |
|
|
|
|
My point on this matter hasn't change since the very beginning, and it is summed up in Garzik's words in my signature.
Block space scarcity is needed for a healthy fee market. If someone wants to make economic micro-transactions they can use an altcoin (such as "Bitcoin 2" proposed by Gavin) or just an off-chain solution.
|
|
|
|
Buenas,
Quiero vender unas BTC que tengo muertas de asco ya que necesito la pasta.
Creéis que puedo hacer una transferencia de Bitstamp a mi banco (España) por valor de 800€ cada 5 meses por ejemplo?
Hace tiempo hice una de 1000€ y nadie me preguntó nada.
Por esas cantidades nadie te va a decir absolutamente nada, puedes estar totalmente tranquilo. |
|
|
|
|
Wow: I just realized shroomsy turned ultra-bear. Fascinating.
If history repeats then we have a very strong "buy" indicator here.
|
|
|
|
Well done SNB, that EUR/CHF move was sweet  |
|
|
|
I'm buying, guys. Great times  |
|
|
|
many people forget that Bitstamp "reserve" it's the client's Bitcoin.
Pretty much this. People forget customer's money is NOT a Bitstamp asset. They have to cover up the losses from their income, which is based on trading fees. |
|
|
|
Si queréis info de calidad sobre cómo operar de forma correcta con un "warm wallet": http://homakov.blogspot.nl/2015/01/bitstamp-problem-and-warm-wallets.htmlDisclaimer: Egor Homakov es un experto en seguridad - ha descubierto bugs críticos en servicios masivos como Facebook o Github. Si lanzara un servicio como un exchange le encargaría a él el pentesting sin duda alguna. Alguna de las claves que señala (aunque la chicha sobre cómo operar está en su post, os recomiendo leerlo): Bitcoin exchangers must understand one simple thing: you're going to be hacked. That's the truth you have to accept and build your entire architecture around this axiom (think of Erlang's fault tolerance "let it fail") . And your business shouldn't collapse after it.
Most apps were written by "web developers" (read "amateurs"), not enterprise-level bank engineers (i'm not stating those are any better but they at least know what transaction is).
Do you know how to make a bitcoin exchanger's developer cry? Say "race condition".
The result of attackers' work is money. Not passwords, not l33t deface or private data on pastebin. Just cash. Awesome!
|
|
|
|
Egor is a boss - the solution he proposes is indeed a good one. The fact is that Bitstamp operation was not very sophisticated. They should improve now. |
|
|
|
An alternative theory to the above:
I am not sure what bistamp realised and when but regular withdrawals were blocked quite soon after things started. I.e. I submitted a withdrawal request only a couple of hours after the first hack transaction. It was about 4-5am UTC on 4 Jan. That withdrawal remained pending until that evening and was never processed. Usually it's quite quick to process.
So something stopped allowing withdrawals soon after the hack started. Unfortunately the thief was able to continue taking funds because he was presumably using some other vector that did not need the regular withdrawal. E.g. he had control of the private keys. He was (and is?) able to continue taking funds if he had private keys.
My theory is that some automated control system picked up mismatch with what balances should be vs what they actually had and stopped withdrawals. Bitstamp management then at some point figured out what was happening. The hacker is however not blocked by this as he is using another vector (e.g. control of the keys).
It's pretty clear what stopped withdrawals. As soon as money entered the hot wallet, the hacked emptied it. So there was NO money on the hot wallet to honor withdrawals since the very first moment the hack started. Yeah of course. I assumed that the hacker didn't have control of the full hot wallet. But if he did then that could be the simplest explanation... I guess I'm hoping they had a control system, that checked for mismatched balances (or unauthorised tx on their wallets). And locked down withdrawals in case of an issue. It should also move funds to safe cold storage. Occam Razor: it's much simpler to hack a full wallet just by stealing it and seizing the encryption key from the server's memory, that to discover a single private key by other means. |
|
|
|
I am not sure what bistamp realised and when but regular withdrawals were blocked quite soon after things started. I.e. I submitted a withdrawal request only a couple of hours after the first hack transaction. It was about 4-5am UTC on 4 Jan. That withdrawal remained pending until that evening and was never processed. Usually it's quite quick to process.
So something stopped allowing withdrawals soon after the hack started. Unfortunately the thief was able to continue taking funds because he was presumably using some other vector that did not need the regular withdrawal. E.g. he had control of the private keys. He was (and is?) able to continue taking funds if he had private keys.
My theory is that some automated control system picked up mismatch with what balances should be vs what they actually had and stopped withdrawals. Bitstamp management then at some point figured out what was happening. The hacker is however not blocked by this as he is using another vector (e.g. control of the keys).
It's pretty clear what stopped withdrawals. As soon as money entered the hot wallet, the hacker emptied it. So there was NO money on the hot wallet to honor withdrawals since the very first moment the hack started. Bitstamp did not realize this on time so the hacker kept emptying the hot wallet during 24 hours - money came in from deposits, money went out to hacker's address. As soon as Bitstamp told customers "DO NOT DEPOSIT TO OLD ADDRESSES" the amount of coins stolen went down dramatically. We still had some coins stolen after Bitstamp shut down, probably from people who did not realize Bitstamp was hacked and deposited directly from the address book of their client. If Bitstamp realized this immediately after the first 3.100 BTC theft, they would have probably saved +14k BTC. |
|
|
|
The above is also consistent with the crazy fees the hacker used: probably he shit his pants when he realized he controlled the wallet, so he started using CRAZY fees in the hope his transactions would have priority in case Bitstamp realized they were hacked and tried to sweep the funds to a secure wallet. In other words, he was preventively defending himself from a "double spend" from Bitstamp. The reality is he just wasted the coins, because Bitstamp did not realize anything until 24 hours later |
|
|
|
I agree. I am not sure if they have enough capital to swallow the 5.2 million $ value of the loss. It's all speculation anyway, but keep in mind: 10-12% of their total BTC holdings represents only about half of that percentage of their /total/ holdings, probably less if the last orderbook sums are to be taken as representative. Assuming the 19k btc loss is really the end of it, I'd be surprised if they lost more than 5% of their total assets. Pretty bad for a company, but not necessarily catastrophic. First of all: 19k cannot be 5% of "their assets" - customers deposits ARE NOT Bitstamp's assets, they cannot use customers money to cover the hole (Gox anyone?  ). Taking into account Bitstamp's average commission and volume, 19k is the income they would generate in 8/12 months - the commissions are basically the money with which they can operate, those are "their assets" and NOT customers money. For a company to lose one full year of income is indeed catastrophic in my book. I know by heart my company would have to file for bankruptcy almost immediately . Unless they were very wise with their money management (I really hope they were), saving a lot of BTC back in the day, etc. they will have a very rough year ahead. Let's hope that they are a healthy company and that Pantera and/or other investors are willing to help them out. Yes, I realized this after I posted: 'asset' isn't the right word. My bad. But I'm sure you got the point though: It does make a substantial difference whether they lost 80%, 40% or, as I claim, at most 5% of their total customers' funds, because: - their ability to cover the loss is based on their revenue (and their company assets) - their own revenue is based on their trading volume (and the market price, of course) - which in turn is related to total customers' funds So, the higher the share of customers' funds lost, the less likely is that a company will be able to refund it. That was the basic idea. I'm not defending them, by the way: No idea why they had 19k coins in a hot wallet. Seems absolutely excessive. And unless they provide some very good information explaining the hack, how it came to it, and how they're improving their internal security from now on, I will leave Bitstamp behind as a customer. That is, of course, assuming that I get my funds back. For all I know, this could still turn out to be another gox. I had a pretty high opinion of Bitstamp so far, and the fact that they have large outside investors is reassuring, but until I can log in again and trade or withdraw my funds, I remain extremely skeptic. They just had 3.100BTC in the hot wallet at the moment of the hack. But they did not realize they were hacked until 24 hours after the hack. Check the transactions. During that 24 hours the hacker kept stealing all the money that was deposited on bitstamp. This is what the transaction history tells us: - the first transaction is the bigger one: 3.100 BTC. Probably all that was on Bitstamp's hot wallet at that time. - after that, the hacker sweeps every coin that is deposited on Bitstamp during 24 hours. - after a full day, he managed to steal almost 19k. - after Bitstamp realizes is hacked, transactions slow down, but we still see some transactions going in to the hacker address. This is probably people that did not realize Bitstamp was hacked, so they are still depositing BTC from their clients address book. It could also be some ATM or automated service - anyhow after the announcement only peanuts coming in. |
|
|
|
no disponen de medidas de protección, motorización y auditoría adecuadas.
Esto parece claro. No se dieron cuenta de nada hasta 24 horas después de que el ataque empezara, y mientras tanto el ladrón estuvo vaciando todo el dinero que entraba a Bitstamp. Si se hubieran dado cuenta en el acto, probablemente se habrían ahorrado al menos 13/14k BTC - mucha plata. |
|
|
|
So, what's a good exchange to trade on nowdays?
Bitfinex? Honestly, I did quite a lot of trading back in the early to mid 2013, but I stopped as soon as Gox showed the first signs of insolvency (April/May 2013) and then I used Bitstamp just to cash out a bit in December 2013, but I never had any balance for more than 24 hours on it. I'd say that there is no "super-safe" exchange for bitcoin. Not controlling directly your private keys is inherently risky. Do not have on any exchange more than you can afford to lose. Sad but true. |
|
|
|
Bitstamp trading lower than Btc-e isn't very unusual, it used to happen several times a year, especially during panic sells.
There's no trading right now on Bitstamp. |
|
|
|
I agree. I am not sure if they have enough capital to swallow the 5.2 million $ value of the loss. It's all speculation anyway, but keep in mind: 10-12% of their total BTC holdings represents only about half of that percentage of their /total/ holdings, probably less if the last orderbook sums are to be taken as representative. Assuming the 19k btc loss is really the end of it, I'd be surprised if they lost more than 5% of their total assets. Pretty bad for a company, but not necessarily catastrophic. First of all: 19k cannot be 5% of "their assets" - customers deposits ARE NOT Bitstamp's assets, they cannot use customers money to cover the hole (Gox anyone? ). Taking into account Bitstamp's average commission and volume, 19k is the income they would generate in 8/12 months - the commissions are basically the money with which they can operate, those are "their assets" and NOT customers money. For a company to lose one full year of income is indeed catastrophic in my book. I know by heart my company would have to file for bankruptcy almost immediately . Unless they were very wise with their money management (I really hope they were), saving a lot of BTC back in the day, etc. they will have a very rough year ahead. Let's hope that they are a healthy company and that Pantera and/or other investors are willing to help them out. |
|
|
|
Si, esto más o menos me quedó claro, pero sin embargo, el hacker debe haber tenido acceso a varias claves privadas. Esto me confundió. No se como una entidad como Bitstamp administrará las claves de su hot wallet, si lo tiene en una wallet.dat única o en varias, en varios dispositivos, etc.
En realidad es irrelevante. Aunque tuviera varios wallet.dat, si son "hot wallet" serán los que usan para operar online, por lo que estarán en servidores conectados a internet y sus claves de cifrado tendrán que estar necesariamente en memoria. Penetrada la red de Bitstamp y obtenido el acceso de administrador, reventados todos los wallets que sean "hot". En todo caso, un wallet puede contener todas las claves privadas que quieras. Sin embargo, la teoría del ataque RNG viene de alguien que creó una criptomoneda y debería saber de lo que habla, si fuera mi teoría sería otra cosa Wink
Con todos los respetos: por mi como si esa teoría es del Papa. Es interesante discutir desde el punto de vista teórico, pero en la práctica o hay argumentos sólidos que sustenten esa teoría o le daré poca credibilidad. En este caso no hay argumentos sólidos que indiquen que es un ataque RNG y no un hackeo normal. Por los datos que hay yo diría que el tema fue así: - hacker revienta los servidores de Bistamp - roba hot wallet + clave de cifrado - se hace caquita encima de gusto y se pone a hacer transacciones con comisiones absurdas (0.5BTC, 1BTC, etc.) por miedo a que Bitstamp se de cuenta y haga un "sweep" del saldo a un wallet seguro. Probablemente pensó que con esas comisiones tan enormes sus transacciones tendrían prioridad a las de un posible "sweep" de Bitstamp. En pocas palabras, como si se estuviera protegiendo preventivamente de un intento de double spending por parte de Bitstamp (una manera de intentar "revertir" una transacción sin aún confirmaciones es transmitir otra, que utilice los mismos inputs pero con una comisión mucho mayor para que los mineros incluyan esa y no la que queremos "revertir"). - lo cierto es que Bitstamp es un despelote y no se dieron cuenta de que les estaban vaciando el wallet hasta casi 24 horas después, por lo que el hacker podía haberse ahorrado esas comisiones colosales y pudo haber trabajado con total tranquilidad. Creo que esto lo demuestra el hecho de que primero volcó 3.100BTC (la transacción más grande con diferencia), y luego siguió robando BTC durante todo un día con transacciones de diferente tamaño. Parece como si primero hubiera hecho una transacción con todo lo que había en el hot wallet en ese momento, pero como Bitstamp no se pispó siguió transfiriendose BTC a medida que la gente seguía depositando en sus cuentas de Bitstamp. Probablemente aún hay algún incauto que no se ha enterado de esto y está depositando a Bitstamp desde su "address book", por eso sigue habiendo transferencias consistentes (cada vez menos) a esa dirección. Repito: en mi opinión no hay nada que haga pensar que ocurrió algo diferente a lo que comento arriba, por lo menos hasta el momento. |
|
|
|
must be a joke..
a joke of 22,000 USD ? hacker moving those for fun or stealing more? Hardly stealing more. It's probably the same coins, being thrown around. I don't think Bitstamp would leave their hot wallet automation on after the hack. What automation? Bitstamp has a hot wallet and it gets compromised: that just means that the hacker gets full control of those addresses. There is no way for Bitstamp to "disable" them, the best they can do is to tell people to stop sending coins to those addresses because a hacer has the private keys. If a Bitstamp customer is not aware of the current situation and just sends BTC to an old deposit address he has in his address book there's nothing Bitstamo could do. Money would go to the hacker, especially if he is faster that Bitstamp and uses huge transactions fees to beat any double spending attempt by Bitstamp. |
|
|
|
|
Show Posts
