Deepbit Approaching 50% Once Again

[KnuttyD]

Hey guys, just wanted to point out some (somewhat unsettling) stats again:
Deepbit is approaching 50% of the hashing power once again 

While I dont have any beef with the operator of Deepbit ([Tycho] I believe), I have a beef with the security of our beloved Bitcoin.
As most of us know, the blockchain is secure as long as nobody controls more than or equal to 50% of the total hashing power of the network.
Deepbit seems to be ~40 percent, and has been climbing due to the massive influx of new miners and hardware. I'm not OK with that (Nothing personal, Tycho).

I suggest that those on Deepbit should switch to other, smaller pools, or some of the more powerful miners at least divert some of their resources to other pools to maintain a good hashing distribution equilibrium.
<advertisement>Furthermore, I would like to put in a plug forhttp://www.Bitcoins.lc; they are a 0% fee pool supporting long polling. Check em out. </advertisement>

Here is a chart of the current distribution:


Thanks for reading and supporting the security of Bitcoin

[1713422786]

1713422786

[datguywhowanders]

I think Deepbit has a good thing going for it. Tycho has worked hard to give it features that the large user base of miners want. Until other pools offer at least as much as can be found at Deepbit, people aren't going to switch. Other pools need to focus on stealing what Deepbit already has. It's harsh to say it like that, but it's the truth. While collectively it is in Bitcoin's best interest to switch pools, individuals aren't going to make that choice until the market makes it enticing for them.

I've stayed with Slush's pool personally because I have no reason to move elsewhere. I like the system, and it's in no danger of approaching that 50% danger zone. I have to admit that I've been eyeballing BTC Guild due to the 0% fee and the option of having miner idle alerts.

[LegitBit]

simplecoin.us is pretty attractive at the moment, one of the smallest though.

[PabloW]

MUST feature that Deepbit has, and other pools dont:
- you dont need to wait for confirmed balance, since there is only one counter with the confirmed and unconfirmed balance together that you can payout
- very simple and straightforward design with gadgets and other crap that people like

Thats it!

until other pools dont include this, people wont move. because this is (and obviosuly the hash rate) what makes deepbit so stable and likable to be.
You just have to start mining and check the ONLY counter every hour to check how are you doing.
And you can easily know how you made in the last 24 hs (to the right "= X BTC in last 24 hs"

[jasonk]

I was at BTC Guild for a couple days but, I had a lot of stale shares and idle miners and they had some downtime, so I moved back to deepbit.

I'll give BTC Guild another shot in the future....

[tito13kfm]

I was at BTC Guild for a couple days but, I had a lot of stale shares and idle miners and they had some downtime, so I moved back to deepbit.

I'll give BTC Guild another shot in the future....

I switched to BTCGuild just about 24 hours ago.  I'm currently running 8723 (67) Shares (Stales).  I think they got the problems ironed out.

[error]

MUST feature that Deepbit has, and other pools dont:
- you dont need to wait for confirmed balance, since there is only one counter with the confirmed and unconfirmed balance together that you can payout
- very simple and straightforward design with gadgets and other crap that people like

Thats it!

until other pools dont include this, people wont move. because this is (and obviosuly the hash rate) what makes deepbit so stable and likable to be.
You just have to start mining and check the ONLY counter every hour to check how are you doing.
And you can easily know how you made in the last 24 hs (to the right "= X BTC in last 24 hs"

True, that's pretty nice, but you pay a hefty fee for that.

[supa]

I hope you know that the *real* way to secure the network is to set up permanent nodes...

... NOT switch pools, right?

I mentioned in the other thread you were in that these "weaknesses" are synthetic weaknesses created by end users.  You're perpetuating that weakness with a fancy graph.  Even if all of the pools were only 25% and each pool had only a handful of work nodes....

.... it's just as easy to DDoS 12 machines as it is to DDoS 1.....

[bcpokey]

I'm  not that familiar with other pools, so I can't speak to them, they may have awesome features, I just don't know about them which is why I'm not going to mention them:

BTCGuild has the same options as deepbit.net for .5% less fee. If you donate 2.5% (you get to choose how much to donate rather than it being decided for you) you get:

0.5%: The crying smiley face next to your donation percentage will be replaced with a happy smiley.
2.0%: You would be able to receive Miner Idle email warnings, which notify you if a miner has not submitted work in a certain timeframe.
2.5%: You would receive your rewards without waiting for 120 confirmations on the block. This includes receiving payouts for blocks which become invalid.

The only thing it doesn't have is a 24 hour average, which I agree is sucky, but is it really such a dealbreaker? You get free money for sacrificing it. And if you don't need instant payout you get even more free money. Neato.

They had some downtime while migrating to new servers, and seem to be back up and running now. I personally like deepbit, I think Tycho has done a great job, but 50% is 50%, and so BTCGuild looks attractive to me. I encourage people to solo mine and do smaller pools as well, but deepbit and btcguild are my experience for now so that's what I speak to.

I hope you know that the *real* way to secure the network is to set up permanent nodes...

... NOT switch pools, right?

I mentioned in the other thread you were in that these "weaknesses" are synthetic weaknesses created by end users.  You're perpetuating that weakness with a fancy graph.  Even if all of the pools were only 25% and each pool had only a handful of work nodes....

.... it's just as easy to DDoS 12 machines as it is to DDoS 1.....

Apples and oranges for this thread. He is speaking of double-spending attacks and the like rather than overall network security from outside DDoSing and whatever.

[gigabytecoin]

I am not worried...

I believe tycho has our best interests in mind.. and his own as well.

He stands to make much more money over the long run by running a successful pool than fucking us all over right now.

Within 1-2 months I would say that pool competition will have increased greatly and this will no longer be a problem.

Kudos to tycho for running such a top notch pool.

[smooth]

The whole pool model is part of the problem.  There is a natural economy of scale in that the biggest pool has the lowest payout variance. 

Until there is some kind of fix for that, this problem will come up again and again.  Today it is deepbit, in the future it might be some other pool (or it might still be deepbit), and even a small number of large pools isn't great, because a few pool operators could collude to reach 50%+.

[supa]

Apples and oranges for this thread. He is speaking of double-spending attacks and the like rather than overall network security from outside DDoSing and whatever.

I'm not sure you understand.  Knocking something offline doesn't actually accomplish anything.  Well, it shouldn't...

Security, including double spending, is enforced by the network itself.  Pools perform work ("hashing") to upkeep the network including verifying coins, coin transfers and generation.

If someone decided to take down the 4 largest pools (guaranteed to be over 50% of the network) then they could attempt to poison the chains for double spending and other fun stuff provided they could convince the leftover nodes their transactions were legitimate for some length of time.

If a majority of the network that is left over includes more private nodes than poison nodes.... the integrity can be maintained.

The security, both against double spending and other shennanigans as well as DDoS silliness, is built into the bitcoin network.  For the umpteeth time - pools create synthetic weakness.

What would be even more interesting......  Let's say an attacker could either spoof or otherwise redirect requests from a pool operators client.  Or perhaps manage to get that client to trust it as a node rather than the existing bitcoin network through the IRC mechanism.  Or the attacker was able to modify a bitcoin.conf to point to their poison nodes.  Not only could they contribute poison blocks but they could even just continuously send out unproductive (stale/corrupt) work.  The pools would appear up and working at 100%, but they wouldn't be performing the current work for network enforcement (or generation, of course).  Toss in a few poison nodes and double-spending would probably be achievable.  Even better - miners will think the pools simply aren't productive thanks to their misunderstanding of complexity and abandon the whole thing.

Even more interesting would be if the attack could intercept work from the clients and claim it.  Now there's no need to control the network for double spending - you've just made an attacker quite the rich individual and none of the pool's participants are the wiser until it's far too late.

Another factor is possibly crooked pool operators.  On the other hand, there is no contractual agreement - so really, there's no way to be crooked, now is there?  There are certainly no consequences.  There's a peer-trust faith that drives these pools with no governing body.  A pool operator could easily shut the whole payout operation down and walk away without any ramifications whatsoever.  The outcome becomes everyone hates bitcoins because the overclocker crowd is so vocal about "hackers" stealing their money.

So yes, for the umpteenth+1 time, pools create synthetic weakness.

tl;dr Hack hack hack, give me an easy target, pools create several synthetic weaknesses.

[Hawkix]

I was with Deepbit from its 50MH/s era (good old times).

But I switched a week ago. First, I do not want to increase its dangerous proportion of the total hashrate. Secondly, as I mine 24/7, I do not want to be "robbed" by pool hoppers. They can lower my income on deepbit, but not on pool with protection to this.

[supa]

EDIT: To make a little comparison, many of us came to bitcoin for avoiding central authorities operating only on trust (e.g. banks). With 51% DeepBit is a bitcoin bank.

Perfect way to put it.  Thank you.

One change -
s/DeepBit/any pool or all the pools or any single weak point you synthetically create/$

[leepfrog]

Most of you are totally missing the point. It is completely irrelevant if tycho can be trusted or not.
Simply the fact that a pool > 50% might exist is a huge security issue for the network.

Somebody has just (and I am saying "just" because no matter how much you pay attention to potential security risks, there is always a chance you get hacked, e.g. by undisclosed exploits) to take over the servers and then can be harmful to the network.

Another potential issue: Somebody with huge hashing power and the right knowledge could take down all major pools at once (e.g. via DDoS, there are kinds of ddos you can hardly mitigate, so this IS doable) which then would only leave the solo miners, according to the chart at about 400Ghash/s.
Then somebody could crank up his own mining equipment (at maybe 450ghash) and would have over 50% of hashing power under control.

[supa]

I want to state that I never intended to imply or otherwise question Tycho personally or otherwise.

I am questioning the majority of miner's intent and commitment to the project.

Then somebody could crank up his own mining equipment (at maybe 450ghash) and would have over 50% of hashing power under control.

Where do you happen to have 450GH "lying around" ?

[leepfrog]

Somebody who sees a danger in BTC to his own buisiness (which could be quite a few institutions, banks, paypal, governments) can easily raise that amount of hardware (If they do not already own it).
Assume for example that a 1,7ghash rig costs about 900€, that would be less than 250k Euro.

You have to recall the fact that it won't be the small miner who wants to harm the systems, but rather big organizations

[Lupus_Yonderboy]

I always find these threads amusing, especially from the 'free market' types. Unregulated markets naturally tend towards monopolies. At the end we will wind up with a single large pool and perhaps a few other minor ones that people are in for ideological reasons. At some point a less than ethical pool operator will appear and he will figure out that it is in his best interest to take out the other pools by any means available to him. As long as he kept his mouth shut it would be impossible for anyone else to know he was instigating trouble with the other pools. For a recent example, if btcex had not said anything, nobody would have known he was ddosing MtGox.

As the difficulty rate goes ever higher, you will see miners join toward the largest pools. After all, would you rather mine in a pool that finds blocks in hours or one that takes days or weeks to find one? There will come a point at which 100-300 Ghash/s pools just don't cut it anymore. These pools will in turn either dissolve or get absorbed by other, larger pools, thus increasing the larger pools' hashing power, and making it difficult for smaller pools to find blocks...all in a vicious circle.

There are reasons that every industrialized country in the world has anti-trust laws. Because they have already learned the hard way what happens when you let the market 'self regulate' itself. You get things like Standard Oil. If the US and EU did not have anti-trust laws, everybody reading my words would be doing so with IE on a Windows based computer.

If markets don't tend toward monopolies...then why has nobody made a successful competitor to MtGox?

[error]

I always find these threads amusing, especially from the 'free market' types. Unregulated markets naturally tend towards monopolies. At the end we will wind up with a single large pool and perhaps a few other minor ones that people are in for ideological reasons. At some point a less than ethical pool operator will appear and he will figure out that it is in his best interest to take out the other pools by any means available to him. As long as he kept his mouth shut it would be impossible for anyone else to know he was instigating trouble with the other pools. For a recent example, if btcex had not said anything, nobody would have known he was ddosing MtGox.

As the difficulty rate goes ever higher, you will see miners join toward the largest pools. After all, would you rather mine in a pool that finds blocks in hours or one that takes days or weeks to find one? There will come a point at which 100-300 Ghash/s pools just don't cut it anymore. These pools will in turn either dissolve or get absorbed by other, larger pools, thus increasing the larger pools' hashing power, and making it difficult for smaller pools to find blocks...all in a vicious circle.

There are reasons that every industrialized country in the world has anti-trust laws. Because they have already learned the hard way what happens when you let the market 'self regulate' itself. You get things like Standard Oil. If the US and EU did not have anti-trust laws, everybody reading my words would be doing so with IE on a Windows based computer.

If markets don't tend toward monopolies...then why has nobody made a successful competitor to MtGox?

This ridiculous crap again? Please go shit in someone else's thread.

[Kehaar]

I just like that [Tycho] gets ~60GH/s. Thats quite a good break if you ask me ;p

I wish I had made a pool.

I don't think my 700MH/s would be enough to attract people though ;p