ToominCoin aka "Bitcoin_Classic" #R3KT

[gmaxwell]

Latest "Classic" move,   https://www.reddit.com/r/btc/comments/4nkmzp/the_ultimate_defence_against_the_alleged/   "The ultimate defence against the alleged xthinblock attack is header-first mining"

So "unlimited" (and proposed for "classic" but classic, seems mostly dead) has an efficient block relay scheme (their homegrown analog of BIP152) with a design flaw.

The way it works is this: When I relay a block to you, I give you a list of the transaction IDs in the block so you can match them out of your mempool instead of getting them from me.  To save bandwidth instead of sending the whole ID I send only the first couple digits of it.  They reasoned that they sent enough digits that it would be really unlikely for two txn in your mempool to have the same truncated IDs by chance.

What they didn't account for is the well known result, often called the "birthday paradox", that it is _much_ easier to compute two messages sharing the same short hash than you'd expect.  Because of this, with the scheme in unlimited it's very easy for people to make pairs of transactions with matching short IDs and send them to the network. Any block that includes one of these TXN will propagate more slowly (because the reconstruction will fail, and it will have to take a round trip and retry with more data.).

This flaw is something I spotted back in 2014 while working on some of the design work which later became part of BIP152, and I came up with a simple solution: Instead of truncating the txid, you hash it with a keyed value that isn't known to the attacker (we just have the sender pick one).

It's not the biggest deal in the world, but that fix shuts down some easily perpetrated vandalism (which could also potentially performed for profit reasons) at basically no cost.

The "classic" response?  If miners don't verify anything at all, well then it doesn't matter to the miners how long it takes for block data to reach them. And since big miners and companies are all that are classically important, and SPV wallets (which make a strong security assumption that miners validate) are not... why bother fixing the flawed protocol?

Never-mind the fact that classic's attempt at this was already aborted.

[Carlton Banks]

Never-mind the fact that classic's attempt at this was already aborted.

In addition, let's not forget that the expression "xthin" itself was invoked as a propaganda tool, every Classic shill was using it to heap scorn on Core for "lack of xthin". If only they put as much effort into the code design as they did into their brand naming, lol.

[Lauda]

In addition, let's not forget that the expression "xthin" itself was invoked as a propaganda tool, every Classic shill was using it to heap scorn on Core for "lack of xthin". If only they put as much effort into the code design as they did into their brand naming, lol.

Hey, Core does not have a 5 - part post with shiny pictures and gifs, so their proposals must be lacking in comparison to BU and Classic. At least the BU folks are not actively trying to pull in people with their campaigns (they don't have much support anyways). I've just read the following on reddit:

"I invite Mr. Maxwell to make his 'Xthin Collision Tool' public"--Bitcoin Unlimited Team refutes

after which an explanation was posted which proved the flaw.
Update: Ops, I've made a mistake in the last part of the post (the tool was not posted, it was a post/explanation by someone else). I've sent a PM to Adrian and corrected the post (with the added link).

[Adrian-x]

In addition, let's not forget that the expression "xthin" itself was invoked as a propaganda tool, every Classic shill was using it to heap scorn on Core for "lack of xthin". If only they put as much effort into the code design as they did into their brand naming, lol.

Hey, Core does not have a 5 - part post with shiny pictures and gifs, so their proposals must be lacking in comparison to BU and Classic. At least the BU folks are not actively trying to pull in people with their campaigns (they don't have much support anyways). I've just read the following on reddit:

"I invite Mr. Maxwell to make his 'Xthin Collision Tool' public"--Bitcoin Unlimited Team refutes

after which the tool was posted which proved the  flaw.

I haven't seen the proofs yet, could you point me to the results?

[iCEBREAKER]

Latest "Classic" move,   https://www.reddit.com/r/btc/comments/4nkmzp/the_ultimate_defence_against_the_alleged/   "The ultimate defence against the alleged xthinblock attack is header-first mining"

So "unlimited" (and proposed for "classic" but classic, seems mostly dead) has an efficient block relay scheme (their homegrown analog of BIP152) with a design flaw.

The way it works is this: When I relay a block to you, I give you a list of the transaction IDs in the block so you can match them out of your mempool instead of getting them from me.  To save bandwidth instead of sending the whole ID I send only the first couple digits of it.  They reasoned that they sent enough digits that it would be really unlikely for two txn in your mempool to have the same truncated IDs by chance.

What they didn't account for is the well known result, often called the "birthday paradox", that it is _much_ easier to compute two messages sharing the same short hash than you'd expect.  Because of this, with the scheme in unlimited it's very easy for people to make pairs of transactions with matching short IDs and send them to the network. Any block that includes one of these TXN will propagate more slowly (because the reconstruction will fail, and it will have to take a round trip and retry with more data.).

This flaw is something I spotted back in 2014 while working on some of the design work which later became part of BIP152, and I came up with a simple solution: Instead of truncating the txid, you hash it with a keyed value that isn't known to the attacker (we just have the sender pick one).

It's not the biggest deal in the world, but that fix shuts down some easily perpetrated vandalism (which could also potentially performed for profit reasons) at basically no cost.

The "classic" response?  If miners don't verify anything at all, well then it doesn't matter to the miners how long it takes for block data to reach them. And since big miners and companies are all that are classically important, and SPV wallets (which make a strong security assumption that miners validate) are not... why bother fixing the flawed protocol?

Never-mind the fact that classic's attempt at this was already aborted.

OMG, report GMAX to FBI for publishing Evil Hax0ring tools!

/S

How could Team Unlimiturd be so ignorant and negligent?

Even a filthy casual like me is aware of 'the well known result, often called the "birthday paradox".'

Are they just trying to blow our circuits by making up nonsense faster than we (IE, you) can refute it?  That's a classic TLA movement/community disruption tactic (look what it did to Occupy for example).

Such baffling, remarkably unconvincing displays of incompetence are becoming suspiciously common, as some of the same members of Team Gavinista are now scraping the bottom of the FUD barrel by spreading the rumor that public keys are not safe to be made public.

Perhaps there is no malice afoot, or perhaps the Deep State having an existential crisis over the issue, which Bitcoin has forced, of public key encryption.

Regardless, let's all take a moment to give thanks for the everyday miracle of public key cryptography and wish it a Happy Birthday!

https://www.linkedin.com/pulse/five-simple-ideas-heart-cryptography-warren-mcpherson

On Saturday, June 11 2016, the Turing Award is being presented to Whitfield Diffie and Martin Hellman whose 1976 paper "New Directions in Cryptography" showed how people who had not made previous arrangements could communicate privately over an open channel.

Describing the accomplishment, Professor Jonathan Katz says

"The invention of public-key encryption was a revolution in cryptography."

 

Death to the counter-revolutionaries!

[gmaxwell]

BIP-68 and friends, the new sequence lock feature that allows for relative locktimes, are getting close to activation on the network with 99.31% of the last 144 blocks signaling they are ready to activate.

As we've discussed a few times, Bitcoin Classic has still taken no move to support this-- Zander is suggesting they won't (with a rather confusing argument that this feature is not useful without segwit).  Meanwhile, /r/btc noticed the adoption and there was this gem of a post, after someone suggested that the rapid increase from 50% hashpower to 99% meant classic's 75% threshold were fine:

But I've been told it takes some people a YEAR to upgrade (really slow typists, I guess).......

I responded, pointing out that yes indeed, in professional operations upgrades can and should take a long time... and also pointed out that this softfork has been released in Bitcoin Core for months (BIP-68 itself is a year old proposal, there is nothing surprising or hasty here), and even though Classic need only forward port their "trivial" single point of departure hardfork to the 0.12.1 codebase-- Classic has taken no action to do so at all. Meaning that if CSV were a 75% hardfork, every classic user (however many there actually are) would _now_ be forked off the network.

We saw this same kind of absentee maintenance with Bitcoin XT. -- and, withholding judgement, the freedom to be absentee in this manner is one of the major reasons many people in the community prefer the conservative soft-fork process. Without it, running any implementation but the most popular would be a lot less wise. (Ignoring for the moment the lack of wisdom in running something with an intentionally programmed consensus inconsistency-- it's perfectly possible to make alternative implementations that are consensus consistent.)

It was only after I finished my reply did I realize that the author of the post was Gavin from Bitcoin Classic.  So, what, do the classiccoin supporters here need to pool their funds to spring for a copy of Mavis Beacon teaches typing?

The standard /r/btc response is to bot-vote my replies to invisibility, so, sadly, the people who would most benefit from seeing my response won't see it... but perhaps it will bring some amusement to people here.

[chopstick]

LOL @ maxwell complaining about r/btc when r/bitcoin has subscribed to outright censorship of all competing viewpoints as its ruling doctrine.

[gmaxwell]

LOL @ maxwell complaining about r/btc when r/bitcoin has subscribed to outright censorship of all competing viewpoints as its ruling doctrine.

Hasn't been what I've seen, promote classic get removed as offtopic altcoin promotion (minor eyerolll)  but if you wanted to point out that Bitcoin Core just ripped out warnings about hash-power behaving inconsistently with your node's rules that would be fine.  I don't endorse all of /r/bitcoin's moderation practices, but false equivalences like this are rubbish.

It also shows that many of the arguments being used to advance "Classic" are convenient lies. If 75% hashpower "decides" what the network is and node software failing to fully validate all txn the same as the hashpower are such significant concerns then why is it okay for Classic to ignore CSV (>98% hashpower supporting now) and rip out all the warnings?

[Cryddit]

I don’t envy your timing.

In retrospect, especially, the timing looks really bad, and sure that is what happens when folks overinvest, and also decide to make rash moves, rather than investing and disinvesting in increments...

Y'know what?  I'm up.  A lot.  And there's no way it was the wrong move, if the alternative is placing my faith in a community that is STILL not able to resolve this stupid argument.

Okay, it went up further.  But, a year later, Y'all still haven't got your damn act together, major players (like Microsoft, which once accepted Bitcoin) are now adopting alts (like Factom) for real business, and I don't know when you're going to implode.  

They wouldn't have switched to an alt unless they, like me, had a look into the dysfunctional community and said "there's no way this can succeed."

[Carlton Banks]

Y'know what?  I'm up.  A lot.  And there's no way it was the wrong move, if the alternative is placing my faith in a community that is STILL not able to resolve this stupid argument.

Okay, it went up further.  But, a year later, Y'all still haven't got your damn act together, major players are now adopting alts for real business, and I don't know when you're going to implode.  

Ray, your market manipulation attempts are staggeringly arrogant (not to mention transparent). You always turn up, right at crucial turning points in market dynamics, spouting over-exaggerated rhetoric. What makes you think anyone is listening to your opinion, or that you have any credibility? Especially considering your suspicious behaviour in the past.

[Cryddit]

Yeah, you like keeping the argument going, don't you?  You'd be one of the reasons then. 

I'm a pessimist.  That's why I didn't get in *way* early.  Sometimes my pessimism is misplaced. 

But sometimes it's not. 

Incidentally, I think you're mistaking a mirror for a window.

[Carlton Banks]

You're saying I'm always popping up at salient market turning points, espousing extreme points of view?

[QuestionAuthority]

I never realized what a bunch of silly bitches techies are. It's like reading a verbatim dialog transcript from a high school prom.

[Cryddit]

Carlton, I'm just admiring the way you resort to ad hominems when you can't refute a point.  It's a nice little acknowledgement that I said something you KNOW you'd look silly denying. 

[Carlton Banks]

Ray, are you high? Put the pipe down son, you've been busted, and you're suitably and palpably pissed. And I don't care.

[hv_]

I never realized what a bunch of silly bitches techies are. It's like reading a verbatim dialog transcript from a high school prom.

Dont know what you mean. Real techies do not fear crystal clear changes by inventing minimal codeings. They'd just DO and not fill up blogs.

[JayJuanGee]

I don’t envy your timing.

In retrospect, especially, the timing looks really bad, and sure that is what happens when folks overinvest, and also decide to make rash moves, rather than investing and disinvesting in increments...

Y'know what?  I'm up.  A lot.  And there's no way it was the wrong move, if the alternative is placing my faith in a community that is STILL not able to resolve this stupid argument.

Okay, it went up further.  But, a year later, Y'all still haven't got your damn act together, major players (like Microsoft, which once accepted Bitcoin) are now adopting alts (like Factom) for real business, and I don't know when you're going to implode.  

They wouldn't have switched to an alt unless they, like me, had a look into the dysfunctional community and said "there's no way this can succeed."

You are really talking nonsense in this above post.

Bitcoin has succeeded and is succeeding because there is ongoing developments  (a lot of it) in spite a lot of bullshit negative hype attempting to propagandize various aspects of the bitcoin community, but even with the extensive disinformation, BTC price pressures are continuing upwards. 

Bitcoin is not a company... You ever heard of decentralized immutable and permissionless.. ?   hahahahaha.. bitcoin is the only coin, so far, that has meaningfully achieved such.  You cannot really change it easily, and that is a feature rather than the purported bug that many of the loud naysayers are repeating and repeating and hoping that if they repeat it more then either people will believe it or it will become true.


So, under current conditions, bitcoin remains successful even if it stagnates in a $400 to $690 price range for several months, and even that stagnation scenario seems to very unlikely under the current price dynamics, because many folks are catching on to the disinformation and continuing to buy bitcoin, and they are likely to profit from such decisions in the long run, as long as they are not dumb enough to buy into your bullshit nonsense and put their money in various pump and dump - mostly centralized schemes that attempt to appear to be something similar to bitcoin (such as decentralize) when they are not... or maybe some of them achieve decentralized chaos, but then may not be immutable nor permissionless.. which in essence establishes that they were not decentralized as they had purported to be.

[beastmodeBiscuitGravy]

Keccak candidate code is ready, eh?

[BlindMayorBitcorn]

Y'know what?  I'm up.  A lot.  And there's no way it was the wrong move, if the alternative is placing my faith in a community that is STILL not able to resolve this stupid argument.

Okay, it went up further.  But, a year later, Y'all still haven't got your damn act together, major players are now adopting alts for real business, and I don't know when you're going to implode.  

Ray, your market manipulation attempts are staggeringly arrogant (not to mention transparent). You always turn up, right at crucial turning points in market dynamics, spouting over-exaggerated rhetoric. What makes you think anyone is listening to your opinion, or that you have any credibility? Especially considering your suspicious behaviour in the past.

Tsk, tsk. Raymond!

[jbreher]

You ever heard of decentralized immutable and permissionless.. ? 

Yup. With respect to bitcoin:

A) Mining is:
    a) centralized;
    b) mutable; and
    c) permissionless

B) Noding is:
    a) decentralized;
    b) mutable; and
    c) permissionless

C) Using is:
    a) decentralized;
    b) immutable (at least not by the user); and
    c) permissionless

D) Core Dev-ing is:
    a) centralized;
    b) mutable; and
    c) permissioned

E) Other Dev-ing is:
    a) decentralized;
    b) mutable; and
    c) permissionless

Whatcherpoint?