12 weaknesses of Bitcoin & Ethereum !

[EternityMessage]

Hello,

I would like to start a discussion about some of the problems given in a video about main crypto-systems and their weaknesses (https://www.youtube.com/watch?v=3lYCqX0A8xo&feature=youtu.be)

Of the 12 problems there are 2 especially bad:

1st (and 2nd) point states that "almost everything depends on programmers". We must trust them! .. And what if they went rogue - someone threaten them (mafia, governmet, ...) or they lose their head - they can introduce all kind of problems - 1.1 exploits 1.2 different exe than given open source ...

3rd states that there were cases in which big pools had >50% compute power .. I do not think that we have any protection against that right now? Or not?

Is there other solution to these problems other than splitting your crypto money to as many wallets and currencies possible?

[bob123]

I am not going to watch your youtube video.
If you want a proper discussion, mention your points.

Of the 12 problems there are 2 especially bad:

1st (and 2nd) point states that "almost everything depends on programmers". We must trust them! .. And what if they went rogue - someone threaten them (mafia, governmet, ...) or they lose their head - they can introduce all kind of problems - 1.1 exploits 1.2 different exe than given open source ...

No, you don't have to trust them. You can check the code yourself. Everything is open source.
Further, you don't have to take any .exe, you can 1) verify that each release is signed by the developer and 2) if you don't trust the developer (because of mafia or whatever), compile from source.  No trust required.

3rd states that there were cases in which big pools had >50% compute power .. I do not think that we have any protection against that right now? Or not?

Protection from what?
From them double spending a transaction resulting in bitcoin getting worthless resulting in them losing their whole business model and making all their mining hardware worthless?
There are easier ways to commit financial suicide than that.

[Charles-Tim]

Some people do have have anything than criticising what works good, but I do not blame then than their ignorance, because of not for ignorance they wouldn't be critisizing Bitcoin which is 100% open source and 100% decentralized while it is deflationary. They do not have to buy bitcoin like those that critizied Bitcoin in some years past and missed out on the bullrun periods.

3rd states that there were cases in which big pools had >50% compute power .. I do not think that we have any protection against that right now? Or not?

That is a big lie, but China as a country still control 65% of the mining power which is a way more higher in 2019 around 75%, this computing rate is gradually reducing as some other countries are joining to mine and as some miners are leaving China for better place to mine. Also know that computing power are not even centralized in China because they have different mining pools that are computing, not one.

Is there other solution to these problems other than splitting your crypto money to as many wallets and currencies possible?

Which problem exactly?
Bitcoin and its blockchain has been working successfully without no 51% attack since the creation of bitcoin, so what are you implying when there are many more decentralized mining power. Bitcoin is just the perfect money and asset with perfect blockchain , all you need to do is to keep your bitcoin safe, because if you Bitcoin is not safe, the fault is from you not bitcoin source code or blockchain Orr anything about bitcoin.

[EternityMessage]

About compiling myself. I can compile mysef, but depending on compile tool type, version, libraries, setup tool version, setup dependencies... and such I can never get bit by bit same compilation.
Did anyone here tried to compile the code? Did anyone got same exe ?
Also even if exe how to be sure code is free of "unintentional" exploits or known "helpful" problems/bugs?

About >50% computing power. As I know there were times when biggest pools did more than 5 consequtive blocks - 6 blocks are enough to add transfers of money that did not initiate transactions (not talking about double spending, but about unauthourised transactions in system).

I am not going to watch your youtube video.
If you want a proper discussion, mention your points.

Of the 12 problems there are 2 especially bad:

1st (and 2nd) point states that "almost everything depends on programmers". We must trust them! .. And what if they went rogue - someone threaten them (mafia, governmet, ...) or they lose their head - they can introduce all kind of problems - 1.1 exploits 1.2 different exe than given open source ...

No, you don't have to trust them. You can check the code yourself. Everything is open source.
Further, you don't have to take any .exe, you can 1) verify that each release is signed by the developer and 2) if you don't trust the developer (because of mafia or whatever), compile from source.  No trust required.

3rd states that there were cases in which big pools had >50% compute power .. I do not think that we have any protection against that right now? Or not?

Protection from what?
From them double spending a transaction resulting in bitcoin getting worthless resulting in them losing their whole business model and making all their mining hardware worthless?
There are easier ways to commit financial suicide than that.

[Pmalek]

Also even if exe how to be sure code is free of "unintentional" exploits or known "helpful" problems/bugs?

You can't be unless you know how to check the code. You are stuck with two options: You can either check the whole codebase yourself or trust that those who have, or are claiming that they have, did a good job. There have been vulnerabilities that have been discovered and patched in the past. But thus far, Bitcoin hasn't been exploited intentionally by the development team in a way that has led to financial losses for users.

[20kevin20]

If you've cloned the GitHub repo, audited the code and verified the signature for all dependencies and programs needed to compile Bitcoin Core, how would it be possible to have an exploit coming out of nowhere after compiling it using audited and verified codes/depends/software? It's not like chemistry. If you audit everything and it's all open source, the only thing that I could see happening is being attacked directly by 3-letter agencies or having installed non-free software or packages that do malicious stuff.

51% attacks have solutions, and if that ever happens, whatever the attack has been caused by will be patched ASAP by the devs. This is the beauty of open-source stuff - if something malicious happens to the entire network (like what CZ from Binance wanted to do, which was rolling back blocks), we either fork off or patch it through coding.

If you don't know coding, you can use a version that has been audited and tested already before by multiple other devs/users... for example, you could use the version previous to the latest one.

[bitmover]

1st (and 2nd) point states that "almost everything depends on programmers". We must trust them! .. And what if they went rogue - someone threaten them (mafia, governmet, ...) or they lose their head - they can introduce all kind of problems - 1.1 exploits 1.2 different exe than given open source ...

I am not clicking in your  video as well. I will just answer here .
If the developers Juat go "rogue", there will be a fork and nobody will accept their rogue code.

3rd states that there were cases in which big pools had >50% compute power .. I do not think that we have any protection against that right now? Or not?

There are more than 30 pools mining blocks every day and each of them do not hold more than 20% hash power.

Even if they decide to join forces, a 51% attack would not be profitable for them as btc price would collapse and they  would at most revert one transaction and be kicked away from the network forever.

[pooya87]

1st (and 2nd) point states that "almost everything depends on programmers". We must trust them! .. And what if they went rogue - someone threaten them (mafia, governmet, ...) or they lose their head - they can introduce all kind of problems - 1.1 exploits 1.2 different exe than given open source ...

This is a centralized systems' problem which means it only affects ethereum and not bitcoin.
Bitcoin protocol is defined precisely and any change in it has to be approved by the entire bitcoin network which consists of hundreds of thousands of both miners and full nodes.
On the other hand any change in a centralized system such as ethereum only requires the owners decision and then it is forced on the system. Such as the roll back a couple of years ago so the forks they force sometimes without needing any consensus.

3rd states that there were cases in which big pools had >50% compute power .. I do not think that we have any protection against that right now? Or not?

We have, it is a "pool" not a "miner" that has X% hashrate. If the pool turns malicious or starts having high percentages the miners migrate to another pool.

Did anyone here tried to compile the code? Did anyone got same exe ?

Good projects such as bitcoin core, electrum, and some other are using reproducible builds which means anyone compiling the same source code will get a resulting binary that has the same hash.

Also even if exe how to be sure code is free of "unintentional" exploits or known "helpful" problems/bugs?

Again good projects are 100% open source and anyone can go through it line by line and many people have.

[slaman29]

Everything does NOT depend on programmers at least not for Bitcoin and Ethereum. You and I or anyone can self verify what they code as these are open source projects.

And if we think we can do better, we simply need to put our own proposal in there for everyone to look at and approve!

[davis196]

The moment BTC and ETH developers start exploiting the BTC and ETH blokchains for their own benefit will be the moment BTC and ETH prices crash to zero dollars.
So nothing depends on the programmers.The trust,which the users/traders/investors have in the concept/protocol/code is what makes Bitcoin and Ethereum valuable.If the trust is gone,the value will disappear as well,so there won't be any financial benefit for both the programmers and crypto traders/users.
There's no point of watching this Yotube video.I'm sure that it will be full of FUD and BS.

[Nice-Block]

While wandering in the realm of digital currency contributing, it's imperative to make those crucial contrasts. A ton of the tasks which are among the best ones in market cap have their own assignments and not every one of them are really monetary standards, despite the fact that clients regularly allude to them thusly.  Bitcoin and Ethereum are only two of the most notable ventures in the field however there are more than 2,000 unique ones and every last one of them has its own determinations. When considering cryptographic money contributing, it is totally basic to do intensive and inside and out due ingenuity to guarantee that you are very much aware of the details of the current task and its capability to develop and, thus, to legitimize your interest in it.

[bob123]

About >50% computing power. As I know there were times when biggest pools did more than 5 consequtive blocks - 6 blocks are enough to add transfers of money that did not initiate transactions (not talking about double spending, but about unauthourised transactions in system).

No, you can't simply spend coins unauthorized.
That's not possible.

Without providing the signature or more generally, the unlocking script together with its parameters, an output can not be spent.
I mean.. anyone could create a block which spends such an output without being authorized.. but this block would be invalid and therefore not accepted by every other node. Regardless of whether they have more than 50% hash power or not.

They would fork away from bitcoin and no one would care.

[EternityMessage]

The transaction from "Tempered bitcoin Core" would be signed right, because it would have all private keys of the user that runs the app. User would think that because he got BitcoinCore from official site and checked hashes it is OK, .. BUT it will not be OK!

All people that defend open source here claim that "The open source code given compiles to version given". That assumption could not be true. If (in worst case scenario) main ones or all proggrammers decide to sabotage they can get the given oipen source, than add the code for any exploit than give the .exe to public and cash the transactions for one day or one hour in Fiat and all that would be irreversable and ruin trust in btc.

I understand that most people here want to trust, but now the trust is blind trust. Trust that anyone else has checked all and all is fine.

In my oppinion giving so much power in the hands of so many few (programmers) is really unacceptable. There must be other way to insure reliability.

We do not want to trust a country or a government, but we trust 5-10 programmers. They are fine so far, ... but !!! We are working with billions dollars worth now! And people are corruptable! The temptation of billions $ is too strong for average person or group of people.

About >50% computing power. As I know there were times when biggest pools did more than 5 consequtive blocks - 6 blocks are enough to add transfers of money that did not initiate transactions (not talking about double spending, but about unauthourised transactions in system).

No, you can't simply spend coins unauthorized.
That's not possible.

Without providing the signature or more generally, the unlocking script together with its parameters, an output can not be spent.
I mean.. anyone could create a block which spends such an output without being authorized.. but this block would be invalid and therefore not accepted by every other node. Regardless of whether they have more than 50% hash power or not.

They would fork away from bitcoin and no one would care.

[hd49728]

I don't watch your video and I am not going to watch it.

If your title is different. "Weaknesses of bitcoin" or "Weaknesses of Ethereum", I might watch your video. Your title combine Bitcoin and Ethereum together that I don't like.

Ethereum is worse than bitcoin as their developers never mind to solve their problems with scam projects. They can not simply blame everything on scam developers on their blockchain. When you combine them together, it is bad and unfair to equalize Bitcoin with Ethereum.

[Sterbens]

Hello,

I would like to start a discussion about some of the problems given in a video about main crypto-systems and their weaknesses (https://www.youtube.com/watch?v=3lYCqX0A8xo&feature=youtu.be)

It is better if you mention all 12 points so that we ourselves judge first. Don't you conclude only 2 problems. maybe we are more interested in others than you have listed.
What's wrong with that? and what we saw to spend time. if in the end you yourself deduce 2 problem points.

confused?

[20kevin20]

~

If that is possible, then it might as well already exist in the network. Find an exploit yourself, as they are well incentivized. If you get to find a well-hidden exploit, expect good donations coming from many sources.

If we are talking about how paranoid we are about tech, then why don't you start from point zero? Hardware and OS. Do you trust that your hardware components do not have backdoors that could put your funds or personal information under risk? Do you really trust the entire OS you're using? Do you trust hardware wallets, especially since Ledger's have a closed source component?

The fact that you have written what you have written here is based on "blind trust" of your keyboard and operating system. When you open up Bitcoin Core, you blindly trust the OS that it doesn't take your .dat file and broadcast it to a number of 3-letter agencies.

But Bitcoin is different. You can read every single line of its code. If you cannot trust even that, then I guess tech isn't for you!

[bob123]

The transaction from "Tempered bitcoin Core" would be signed right, because it would have all private keys of the user that runs the app.

Do you believe bitcoin core is the only full node client around?
Do you believe everyone downloads malware? Do you really think that?

All people that defend open source here claim that "The open source code given compiles to version given". That assumption could not be true. If (in worst case scenario) main ones or all proggrammers decide to sabotage they can get the given oipen source, than add the code for any exploit than give the .exe to public and cash the transactions for one day or one hour in Fiat and all that would be irreversable and ruin trust in btc.

You are talking about "programming" as its something mysterious and magical.
I bet that at least 50% of all people answering here in your thread actually know how to program.

And you could too. Just spend the time you are talking bullshit with reading.

I understand that most people here want to trust, but now the trust is blind trust. Trust that anyone else has checked all and all is fine.

You are wrong. There is no trust.

In my oppinion giving so much power in the hands of so many few (programmers) is really unacceptable. There must be other way to insure reliability.
We do not want to trust a country or a government, but we trust 5-10 programmers. They are fine so far, ... but !!! We are working with billions dollars worth now! And people are corruptable! The temptation of billions $ is too strong for average person or group of people.

They don't have any power at all.
They are just programming a reference implementation. If you don't like it, choose another implementation. As easy as that.

You don't have to trust anyone. Stop talking nonsense, and learn how to read code. And all your problems (regarding trust issues) are gone. Not sure about your other problems tho..