Bitcoin is NOT ready for mainstream because of 4 major problems

[Serith]

In May bitcoin received a lot of publicity and many non tech people got involved, unfortunately, despite how brilliant the abstract idea, it was and it is still not ready for use by average consumer, someone using bitcoin at least have to know how NOT to trust a someone on the internet and have secure setup to store wallet. I think right now the next four problems stand on the way of wide bitcoin adoption, but it will take years to get established solutions

1.Creating a way to transfer funds into bitcoin system that would compete with credit card or PayPal in terms of convenience, e.g. you just need to sign up for credit card to start using it for payments.

2.Safe and secure e-wallet or lightweight bitcoin client for smartphone to use on the go, capable of making instant transfer to use in store or to buy something from vending machine, etc. Something like green address or MtGox QR voucher

3.Privacy and anonymity is important for long and short term survival of bitcoin. De-anonymizing process should be made not cost effective by implementing a method that would enforce use of one address per transaction and having sophisticated algorithm to select inputs and outputs for transaction to prevent consolidation. Enforce use of some form of proxy for bitcoin client to hide IP address.

4.Development of flexible software rather then all in one "take it or leave it" client, and eco system that would take advantage from it.

[1714875808]

1714875808

[1714875808]

1714875808

[1714875808]

1714875808

[FlipPro]

In May bitcoin received a lot of publicity and many non tech people got involved, unfortunately, despite how brilliant the abstract idea, it was and it is still not ready for use by average consumer, someone using bitcoin at least have to know how NOT to trust a someone on the internet and have secure setup to store wallet. I think right now the next four problems stand on the way of wide bitcoin adoption, but it will take years to get established solutions

1.Creating a way to transfer funds into bitcoin system that would compete with credit card or PayPal in terms of convenience, e.g. you just need to sign up for credit card to start using it for payments.

2.Safe and secure e-wallet or lightweight bitcoin client for smartphone to use on the go, capable of making instant transfer to use in store or to buy something from vending machine, etc. Something like green address or MtGox QR voucher

3.Privacy and anonymity is important for long and short term survival of bitcoin. De-anonymizing process should be made not cost effective by implementing a method that would enforce use of one address per transaction and having sophisticated algorithm to select inputs and outputs for transaction to prevent consolidation. Enforce use of some form of proxy for bitcoin client to hide IP address.

4.Development of flexible software rather then all in one "take it or leave it" client, and eco system that would take advantage from it.

1. This can be made by you or anyone else in the community. I actually own Bitwal.com so if you want to invest in a secure payment system lets do it...

2. Fixing problem one would automatically fix problem 2.

3. Bitcoin is only as anonymous as you make it. If you log in with a public computer on tor network it will be almost impossible for someone to find you...

4. A better/flexible wallet can once again be written by anyone in the community.

What part of OPEN SOURCE do people not understand? If we want something done we can't wait around for other people to do it, because once again it's OPEN SOURCE.

[Serith]

3. Bitcoin is only as anonymous as you make it. If you log in with a public computer on tor network it will be almost impossible for someone to find you...

not entirely true because negligence of someone from whom i received or send money to, would compromise me as well

4. A better/flexible wallet can once again be written by anyone in the community.

correct, but it will just take quite a lot of time to develop it

[Serith]

I think it will take a while for bitcoin to mature, but at least i know where to look to measure the progress

[cunicula]

The key problems are wallet security and exchange rate volatility. These are not among those you listed. What % of internet payments are made via smart phone now anyway? If that % is not large, the case for a lack of smart phone integration being a major issue is weak. I think tech geeks are focusing on the wrong set of problems to some degree.

[markm]

3. Bitcoin is only as anonymous as you make it. If you log in with a public computer on tor network it will be almost impossible for someone to find you...

not entirely true because negligence of someone from whom i received or send money to, would compromise me as well

4. A better/flexible wallet can once again be written by anyone in the community.

correct, but it will just take quite a lot time to develop it

Setting yourself up in such a way as to allow someone else's negligence to compromise you would be negligence on your part, wouldn't it?

Is your theory that it will take "quite a lot time" to develop it actually a misleading disguise for an actual meaning of "it would take quite a lot time to come up with the money it would take to get it done fast" ?

-MarkM-

[FlipPro]

I think it will take a while for bitcoin to mature, but at least i know where to look to measure the progress

The most obvious problem is functionality. If PayPal decided to start taking Bitcoins tomorrow the price would go up to $50, because they have the usability and functionality to facilitate to dummy's. If we had that no one could stop us... (BitWal). However after what just happened with Mybitcoin I highly doubt anyone in this community is in the mood to support a wallet website. Money talks like with everything else, we are all early adopters now... What does this mean? It means it's up to us to make shit happen and money can make a secure wallet site (identical to paypal in security/and customer service) happen. I have already seen a few more ewallets pop up, but none have impressed me yet and are probably all scams...

[markm]

The key problems are wallet security and exchange rate volatility. These are not among those you listed. What % of internet payments are made via smart phone now anyway? If that % is not large, the case for a lack of smart phone integration being a major issue is weak. I think tech geeks are focusing on the wrong set of problems to some degree.

This far into development, is the exchange rate volatility an indication that the developers are not actually in good faith developing a currency but, rather, are working a ponzi scheme or some other variety of "embezzling the system's reserves so more of what it brings in is getting frittered away than is being used to actually back the currency" technique (I guess that amounts to "fractional reserve" basically doesn't it? What percentage of the funds invested in coins are actually being held/used as reserves?)

-MarkM-

[Serith]

Setting yourself up in such a way as to allow someone else's negligence to compromise you would be negligence on your part, wouldn't it?

Take a look at how de-anonymizing methods work, just sending or receiving a payment from a compromised address would compromise you as well.
An Analysis of Anonymity in the Bitcoin System
Dan Kaminsky's presentation at Blackhat

[markm]

I guess negligence is relative.

Neglecting to use as many cutout puppet nodes as the opponent against whom you wish to defend your anonymity could be considered negligence by the opponent who considers such an array of puppets to be simply a standard tool of workers in the field of identity<->anonymity.

Admittedly if the opponent was not neglecting to honour your wish for anonymity... which could be regarded as negligence on their part I suppose if you thought their goals ethics etc were the same as your own. But from their perspective they are not neglecting to honour your wishes, they are honouring their own...

-MarkM-

[kjj]

Setting yourself up in such a way as to allow someone else's negligence to compromise you would be negligence on your part, wouldn't it?

Take a look at how de-anonymizing methods work, just sending or receiving a payment from a compromised address would compromise you as well.
An Analysis of Anonymity in the Bitcoin System
Dan Kaminsky's presentation at Blackhat

A decent mixer could sort this out, but those have been big targets historically (see anon.penet.fi).

Also, I don't think that real anonymity is a show stopper.  Most of us would like it if it were there, but very few applications have it as a hard requirement.

[markm]

Maybe part and parcel of being an undeniable asset is being undeniable. You wanna be a deniable asset you take the lumps deniability is designed for like all the other double-0 agents not associated with their nation's government nor royalty maybe?

On the other hand, rumour has it that deniable assets can get some really cool toys if they play their cards right.

-MarkM- (Do we know, even yet, who the real 007 is? )

[cunicula]

Setting yourself up in such a way as to allow someone else's negligence to compromise you would be negligence on your part, wouldn't it?

Take a look at how de-anonymizing methods work, just sending or receiving a payment from a compromised address would compromise you as well.
An Analysis of Anonymity in the Bitcoin System
Dan Kaminsky's presentation at Blackhat

A decent mixer could sort this out, but those have been big targets historically (see anon.penet.fi).

Also, I don't think that real anonymity is a show stopper.  Most of us would like it if it were there, but very few applications have it as a hard requirement.

+1, anonymity matters for criminals and nutters. If there is some costly way of achieving it that is very nearly as good as having some very easy way of achieving it. The criminals and nutters are willing to go to great lengths. If it can't be achieved at all, we lose some criminals and the nutjobs. Yes, drug sales are a nice source of demand. On the other hand, rampant theft (which anonymity greatly facilitates) has not been so helpful. I don't understand what the fixation with anonymity is all about.
 

[noedaRDH]

The issue with exchange rates and volatility and all that are growing pains that will may have to deal with for a long time.

It will take much time for every single portion of the centralized network that makes Bitcoins usable to be fully secured

For the AVERAGE PERSON, using Bitcoins is difficult because there's nothing important or of great value that ONLY be bought with Bitcoins, nothing at an exclusive or discounted level.

Right now many coins are just traded back and forth, for novelty, for speculation, or to support Bitcoins' philosophy or potential future, or perhaps to buy obscure items.

But as soon as Bitcoin's advantages are utilized at a major level like Amazon it will automatically be supported by more people and the troubles of certain websites like we're dealing with now will not affect Bitcoins as much.

We need merchants and other venues to make it so that if you're NOT gonna spend Bitcoins you will lose out (ie Major gambling sites that give more perks to Bitcoiners than non-Bitcoincers).

[wumpus]

1.Creating a way to transfer funds into bitcoin system that would compete with credit card or PayPal in terms of convenience, e.g. you just need to sign up for credit card to start using it for payments.

Agreed, the ways to get money into the system are severely limited at the moment. Especially with Gox and TH having suspended SEPA transfers. Different from the other points, there is a big profit opportunity here, so I'm sure it will be solved sooner than the rest

2.Safe and secure e-wallet or lightweight bitcoin client for smartphone to use on the go, capable of making instant transfer to use in store or to buy something from vending machine, etc. Something like green address or MtGox QR voucher

Agreed. Smartphone support is really important. You might want to look at the Bitcoin-android client (https://bitcointalk.org/index.php?topic=26684.80). It still has some issues to iron out but it is pretty nice (and works with QR codes).

In addition to QR codes, NFC support would also be really nice.

3.Privacy and anonymity is important for long and short term survival of bitcoin. De-anonymizing process should be made not cost effective by implementing a method that would enforce use of one address per transaction and having sophisticated algorithm to select inputs and outputs for transaction to prevent consolidation. Enforce use of some form of proxy for bitcoin client to hide IP address.

I don't think anonymity is very high up in the concerns, at least for the devs of the mainline client. There is certainly a place for  a stealth bitcoin client (someone is working on selling bootable USB sticks with Bitcoin+TOR preloaded), however. It is not needed for mainstream adoption. We have enough shady types as it stands

4.Development of flexible software rather then all in one "take it or leave it" client, and eco system that would take advantage from it.

Yes.

There are various initiatives like this under way. I think the google one BitcoinJ (also used by the bitcoin-android client) is the most promising at the moment, but I know of a few more in active development (a Python client, another C++ client, there are designs for a scalable C one, etc..).

[Serith]

The key problems are wallet security and exchange rate volatility.

You could be right about price volatility, as a computer geek i don't know much about ways to solve it. But I don't think securing wallet.dat file on a home computer is a big enough problem to have it on the same list, LinuxCoin A lightweight Debian based OS with everything ready to go

I don't think anonymity is very high up in the concerns, at least for the devs of the mainline client. There is certainly a place for  a stealth bitcoin client (someone is working on selling bootable USB sticks with Bitcoin+TOR preloaded), however. It is not needed for mainstream adoption. We have enough shady types as it stands

I think lack of anonymity would backfire very soon because it makes easier to identify valuable targets for all kinds of manipulations e.g. phishing and theft

[error]

The key problems are wallet security and exchange rate volatility. These are not among those you listed. What % of internet payments are made via smart phone now anyway? If that % is not large, the case for a lack of smart phone integration being a major issue is weak. I think tech geeks are focusing on the wrong set of problems to some degree.

The mobile phone carriers are planning a major push into this space with NFC in the next 6-18 months. You will see it everywhere. Bitcoin should already be there waiting for them to catch up.

[markm]

Plus the so called "internet" is just some Defense Advanced Research Project agency some old geezers built into some stupid chip inside smartphones anyway, so what's the big deal about the so called internet, think real world, real people buying real things by commanding those stupid genies or whatever that the old geezers claim to have trapped inside some magic etching inside the phone someplace.

-MarkM-

[Shinobi]

Setting yourself up in such a way as to allow someone else's negligence to compromise you would be negligence on your part, wouldn't it?

In your world, can fraud exist? Any detriment to oneself is a product of his or her own negligence, right?

[2112]

4.Development of flexible software rather then all in one "take it or leave it" client, and eco system that would take advantage from it.

I'll say simply reorder this list: give your fourth item number 0.

If and when the core software is properly modularized then everything else can build on top of it. Right now we have various proposals for restyling the body while the engine is barely working and in fact dropping its own bits along the road.

And the drivers are all saying "all is well, look at our shiny new rims".

[TeaRex]

What prevents a couple of the "big fish" (people with several thousand coins) from banding together and paying a real professional software development company for improving the official client, like, uh, you know, real fast and all?

It would seem that those people should have both the means (coins, some of which can be sold) and the motives (wider adaption, which a better client would massively facilitate, should increase the value of their holdings). Or am I missing something here?

[wumpus]

What prevents a couple of the "big fish" (people with several thousand coins) from banding together and paying a real professional software development company for improving the official client, like, uh, you know, real fast and all?

I'm not sure. From what I've noticed, the "big fish" are mainly concerned with exchanging and mining, and are not active with the development of the client.

(either that, or they are working on the client internally, for example to handle large numbers of users, but not contributing code back; after all, the license does not require this)

[markm]

Tah-dah! Enter DeVCoin!

The "big fish" of DeVCoin have millions of DeVCoins, they are developers, and the mining rewards are rigged in their(*) favour instead of in favour of miners(**)!

The thot plickens!

-MarkM-

(*) Them: "developers". Of open source software, hardware, literature, firmware, etc etc etc...

(**) "Miners": typically owners of closed-source capital equipment "means of production"?

[2112]

What prevents a couple of the "big fish" (people with several thousand coins) from banding together and paying a real professional software development company for improving the official client, like, uh, you know, real fast and all?

I can tell you this much: real professional software development compan(ies) took a look at the current source code and its history and gave estimates & quotes that were unacceptable to some "big fish(es)" in the finance industry.

Obviously, there are "real professional software developers" that will take on anything knowing upfront that they will go over the budget and behind the schedule, but I have no contact with those.

There's a number of serious problems under the hood. You have to dig into the C++ code to see them.

[wumpus]

There's a number of serious problems under the hood. You have to dig into the C++ code to see them.

If the problem is with the specific C++ code it could be better for them to work on BitcoinJ, then. The code is more modular, understandable and straightforward.

[2112]

If the problem is with the specific C++ code it could be better for them to work on BitcoinJ, then. The code is more modular, understandable and straightforward.

Except that the Java code is unofficial, incomplete implementation and is, well, in Java and not C/C++. Anyone seriously developing an "alternative client" must really develop a "replacement peer" which has a hope of getting accepted by majority of the current peers and miners. Anything else is just a hobby project.

My personal guess is that BitcoinJ is really BitcoinD(alvik) as far as motivation and genesis of it.

[TeaRex]

I can tell you this much: real professional software development compan(ies) took a look at the current source code and its history and gave estimates & quotes that were unacceptable to some "big fish(es)" in the finance industry.

Good to know it has been attempted at least... Usually when real money is involved you'd expect some people trying to be more professional about things than what the bitcoin client currently is like (i.e. more or less at the "Nullsoft Gnutella client" stage.)

There's a number of serious problems under the hood. You have to dig into the C++ code to see them.

Care to be more specific? What would those problems be? Or do they have to be "kept under the radar" at this time for security reasons?

[wumpus]

Except that the Java code is unofficial

What does "official" even mean in an open source project?

incomplete implementation and is

Now that is exactly why people need to work on it to complete it... It might be a better base to start from, that was my point.

Anyone seriously developing an "alternative client" must really develop a "replacement peer" which has a hope of getting accepted by majority of the current peers and miners

Why would it need to be accepted by the majority? Unless you plan on a takeover, being fully compatible with the current client is enough to be a good citizen of the network. More variation in clients would be good, not monoculture just with a new client.

[2112]

Care to be more specific? What would those problems be?

This isn't secret at all, they are in broad agreement with the goals of libbitcoin:
1) sensible modulatization and abstraction layers
2) make the engine embeddable in other projects, eg. PHP engines
3) byte-endian cleanness
4) sensible test harness
AFAIK the "core development team" only agrees that (4) is a valid goal.

I just wanted to add that I'm not representing any "big fish(es)", I'm just a "pilot fish".

[2112]

What does "official" even mean in an open source project?

Dude, are you nuts? What does "official block-chain", "official checkpoint" mean in this project? "Fully compatible" with what? With the bugs implemented in the "Satoshi client"?

I work with "professional software development compan(ies)" not with Polyannas and other people full of hope that everything will be all right.
 

[markm]

Care to be more specific? What would those problems be?

This isn't secret at all, they are in broad agreement with the goals of libbitcoin:
1) sensible modulatization and abstraction layers
2) make the engine embeddable in other projects, eg. PHP engines
3) byte-endian cleanness
4) sensible test harness
AFAIK the "core development team" only agrees that (4) is a valid goal.

I just wanted to add that I'm not representing any "big fish(es)", I'm just a "pilot fish".

1) I wasn't aware that JSON is not sensible. Thanks for the heads-up.(*)
2) C/C++ isn't embeddable in PHP engines? Holy something, thanks again for another major heads-up.(**)
3) Yeah I had just started to encounter mentions of that earlier this wakeperiod.
4) Far out, some other codemonkey gets stuck with that drudgery, nice.

(*) The other port? What other port? Hush, I don't want to think about that. Its not something PHP needs to know.
(**) When the heck did that happen? What the heck is PHP itself written in nowadays?

-MarkM-

[wumpus]

I work with "professional software development compan(ies)" not with Polyannas and other people full of hope that everything will be all right.

Then let me tell you something -- in my nearly a decade of being a professional software developer I've had to work with code bases much worse than the current bitcoin code. Internal projects edited by hundreds of programmers over the years, never refactored because of time constraints. Yes it can take some sweat to find out how things work in the Satoshi code, but once you get into it it isn't that bad anymore. If they are any good they should be able to figure it out pretty quickly.

Don't get me wrong though -- I agree that the code could use some serious refactoring.

[TeaRex]

Then let me tell you something -- in my nearly a decade of being a professional software developer I've had to work with code bases much worse than the current bitcoin code. Internal projects edited by hundreds of programmers over the years, never refactored because of time constraints.

Yeah, I've been "through the desert of #ifdefs on a thread with no name" too. Tens of thousands of lines of code with more preprocessor stuff than actual C code because it had to work on five different proprietary MS-DOS based compilers for embedded processors. My job was enabling this twisted mess (which was also its own operating system) to be built as a Linux application without breaking anything in the other builds... 

The current client code is certainly better than that by far. That still doesn't make it an ideal base for building more complex bitcoin enabled applications on it. And even if bitcoind itself isn't all that bad, the GUI is really in need of some serious professional attention by people who know a bunch about design and usability issues, not just about algorithms. Unfortunately most self confessed geeks, including myself, are far better at the latter...

[2112]

to work with code bases much worse than the current bitcoin code. Internal projects edited by hundreds of programmers over the years, never refactored because of time constraints.

But presumably when you were working on the "bad code" the "bad programmers" were already dismissed and had no commit access to the codebase, right?

Well, here the situation is different. The "core development team" has full access to the code base and is actively moving the target because they disagree with the "new brooms". Do you understand the difference?

[markm]

the GUI is really in need

This is the PHP GUI we're talking about, right? The one the big fishies from the financial sector want to plug an embeddable module into instead of using RPC to talk JSON in?

Have you seen the PHP one whoozit(*) was showing in some other thread?

So far "John Smith"(**)'s -qt GUI has been looking pretty good, what exactly do the way-awesome professional armchair^H^H^H^H^H^H^H^too busy doing real work to help out designers say is wrong with it, exactly?(***)

(*) Not their real forum-alias last time I checked.
(**) Their real forum-alias, last time I checked.
(***) Or are we talking about the guy designing the "safebit" GUI?

-MarkM-

[markm]

Well, here the situation is different. The "core development team" has full access to the code base and is actively moving the target because they disagree with the "new brooms". Do you understand the difference?

Until 'M' tells me different or 'Q' proves it in second degree predicate logic as a formal theorem I'll let them worry about why our 'Cousins' might prefer we move a little slower.(*)

(*) Heck Maybe I might even sleep, I hear one should do so at least once a week whether one needs to or not.

-MarkM-

[2112]

Yeah, I've been "through the desert of #ifdefs on a thread with no name" too.

I haven't seen the code you had to port & integrate. But from your description it was little-endian single-threaded C code not using exceptions. Here you have many more additional dimensions of complexity.

Satoshi bitcoin client is really a trailblazer in the annals of bad software design. Can you name any other software that uses public-key cryptography and stores both public and private keys in a single object? I presume most people got acquainted with asymmetric cryptography with PGP. Even then, about twenty years ago, there were two separate files: PUBRING.PGP and SECRING.PGP.

Now you have people saying single WALLET.DAT "isn't all that bad" design. I just checked, you think so too. Who erased your memory?

[wumpus]

The "core development team" has full access to the code base and is actively moving the target because they disagree with the "new brooms".

But the target is not moving that fast. The "core development team" has very much resistance against protocol and block chain rule changes. So if someone finally succeeded in turning one of the alternative clients into a fully functional node, it wouldn't be that hard to keep up with changes in the Satoshi client from there on.

Also, Gavin was talking in another thread about introducing some kind of PEP process for the Bitcoin protocol(s). This would make it less hassle to keep up.

[TeaRex]

I haven't seen the code you had to port & integrate. But from your description it was little-endian single-threaded C code not using exceptions.

It had its own built in preemptive scheduler and used lots of critical sections (many of them implemented ad-hoc rather than through a consistent API), but since all the target systems were single-core at least no more than one thread at a time would be scheduled. I survived it.

Now you have people saying single WALLET.DAT "isn't all that bad" design. I just checked, you think so too. Who erased your memory?

Maybe we're talking past each other. I was talking about usability of bitcoind for a low-volume bitcoin user (at least one tech savvy enough to run a command line tool) as being "not all that bad" in this particular sentence. I wasn't referring to back-end issues and I guess bitcoind in its current state might not scale well enough for a big site to use it unpatched. But really my whole point was about externally visible design features and usability, not about internal design which I can really comment on, never having extensively studied the code and being myself mostly a self taught tinkerer-coder with not all that much of a grip on more abstract software engineering issues.

EDIT: Also, since Bitcoin public keys can be easily derived from the private keys (not the case with RSA such as used in PGP), does it really help all that much to keep them in separate files? Granted, a file with only the public keys in them might be useful for receive-only situations.

[2112]

I was talking about usability of bitcoind for a low-volume bitcoin user (at least one tech savvy enough to run a command line tool) as being "not all that bad" in this particular sentence.

I understand your point and I disagree with you. Bitcoind is particularly bad for small-time users:

1) it cannot be used on shared or managed hosting plans
2) you have to trust you website manager with check-writing authority on your BTC account
3) the support infrastructure uses unsuitable protocols (JSON instead of FIX)

See my reply in other thread about the plight of small-time traders:

https://bitcointalk.org/index.php?topic=35357.msg439514#msg439514

Big-time users can afford dedicated servers, dedicated connections to the exchanges and dedicated accounting and infrastructure management teams.

[2112]

So if someone finally succeeded in turning one of the alternative clients into a fully functional node, it wouldn't be that hard to keep up with changes in the Satoshi client from there on.

This is probably true only for the professionals with unusually low lucrum cessans. For the fishes I swim with the opportunity cost seemed too big.