Bitcoin Forum
December 11, 2016, 02:12:30 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Poll
Question: Will you support Gavin's new block size limit hard fork of 8MB by January 1, 2016 then doubling every 2 years?
1.  yes
2.  no

Pages: « 1 ... 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 [1003] 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 ... 1560 »
  Print  
Author Topic: Gold collapsing. Bitcoin UP.  (Read 1808719 times)
jmw74
Full Member
***
Offline Offline

Activity: 236


View Profile
January 12, 2015, 08:44:51 PM
 #20041

Bitcoin has clearly failed in an 'exchange' role as evidenced by still not needing to fiddle with the 7 tps transaction rate (1MB block size) and not being on a trajectory to need to do so any time soon.  The reason for this is abundantly clear and I've been saying so for years:  Bitcoin is simply not competitive in this role.

Bitcoin is not very competitive for buying coffee, but that isn't the only thing people do with money.

It's quite competitive for international remittance, black market activity, and micropayments. In some cases, bitcoin is the only method that works at all. Those markets alone are absolutely massive expansion territory for bitcoin.

The reason bitcoin hasn't hit the 1mb limit has little to do with the network itself, and much more to do with the shitty state of personal computing.  Keeping high-value secrets was not what any of it was designed to do. Everything bitcoin needs for that has to be built now. A lot of progress has already been made. There's no reason it won't become easy enough for anyone to do.

However many transactions per second fit in a commodity internet connection, that's how many it will have, certainly much more than 7tps.

If you think bitcoin can succeed as a bank settlement network, you might as well sell now, because it's never going to work. The whole point of bitcoin is censorship resistance, do you really think banks and governments and payment processors see that as a valuable feature? They're the censors! If individuals don't have access to bitcoin, it will die, they're the only ones who could possibly care about it.
1481465550
Hero Member
*
Offline Offline

Posts: 1481465550

View Profile Personal Message (Offline)

Ignore
1481465550
Reply with quote  #2

1481465550
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
January 12, 2015, 08:45:34 PM
 #20042

This is what sidechains mean to me.

Side chains are not even the slightest bit needed to use BTC as a reserve currency. It's nearly prefect the way it is. 7 tps is plenty for that. Probably an order of magnitude or two overkill in fact.




the problem here is that when the price doesn't conform to ppl's expectations, low level thinkers like tvbcof & even high level thinkers like Adam, begin to believe that there is something wrong and start thinking they're smarter than Satoshi and start proposing all sorts of hair brained "solutions".  this is just another of many repeated sufferings we all have to endure.
rocks
Legendary
*
Offline Offline

Activity: 1153


View Profile
January 12, 2015, 08:53:42 PM
 #20043

oil?  who the hell needs oil?  let alone natgas.  major storm brewing:

Didn't you get the memo, we are all going to live off of perfectly stable wind/solar power and unicorn farts for now on.

The energy sector still has a way to go down, but it will be time to reload energy stocks in a bit (after a round of bankruptcies and defaults). The current supply/demand imbalance will not knock out US energy which has more than enough of a capital base to ride this out, but will severely damage supply from dystopian basket cases such as Venezuela (the country of my birth) and Iran.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
January 12, 2015, 08:59:53 PM
 #20044

This is what sidechains mean to me.

Side chains are not even the slightest bit needed to use BTC as a reserve currency. It's nearly prefect the way it is. 7 tps is plenty for that. Probably an order of magnitude or two overkill in fact.

Unfortunately, the 7 tps is an old estimate, and the reality of large blocks is that 2400 tx is maximum, or 4 tps. However, even this is too large because some miners still turn out near empty blocks, and would do so even if the network had a severe backlog. So 3 tps is a more accurate working number.

i never heard of why the Mystery Miner of a coupla years ago failed mining 0 tx blocks.  any ideas?
tvbcof
Legendary
*
Offline Offline

Activity: 1988


View Profile
January 12, 2015, 09:11:52 PM
 #20045

This is what sidechains mean to me.

Side chains are not even the slightest bit needed to use BTC as a reserve currency.

They have absolute need for a reserve currency because it eliminates the need for such backing as POW or POS.

Now they still will need POW, but only to support Bitcoin.  Not (necessarily) to support their own core infrastructure needs though many probably will leverage this anyway.


It's nearly prefect the way it is. 7 tps is plenty for that. Probably an order of magnitude or two overkill in fact.

That is in no way clear to me.  With activity of the magnitude I'm visualizing individuals just exercising the peg to the backing store could be significant not to mention the various balancing that the multitude of sidechains will be wishing to perform on the actual backing store itself.  Also, of course, I see a role for individuals and organizations using native Bitcoin raw, but mostly just for critical or 'difficult' tasks.

One way or another, pushing up into where the transaction fees are a factor before trying to push a harmful and potentially devastating hard-fork makes a lot of sense to me.  If the 'new paradigm' that Bitcoin transactions are ever-subsidized for nearly free use by the masses is where people's heads are at, they should say so.  Piss or get off the pot.  It's disgusting and embarrassing to see these supposed 'principles' of Bitcoin be milked for marketing reasons long after they've exceeded their shelf-life and become absurd.


gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 2030



View Profile
January 12, 2015, 09:42:49 PM
 #20046

I think deterministic signatures are much more important than constant-time signatures (there's been a non-trivial amount of funds lost due to the repeat k-value problem but I doubt a single satoshi has ever been lost due to a genuine side-channel attack).  Someone like gmaxwell could comment better on the practical risks here…
There never has been a single 1e-8 btc lost due to reused/bad K ... in a competent implementation. The places we've seen lossage have been implementations which were horrific in other ways as well (like only having 32..48 bits of randomness total)... ultimately, if you can't generate strong random numbers you're going to be utterly screwed in any case, because your private keys themselves will be predictable. It's more important for embedded/hardware implementations which are more likely to suffer from randomness problems and are easier targets for attack. (e.g. tampering with the supply chain for all server hardware in order to backdoor Bitcoin Core is probably much less attractive than going after the supply chain for a hardware wallet). So while derandomized signing is a good practise because it aids auditability and _maybe_ reduces the space for incompetent implementations to screw up a bit, in someplace like Bitcoin Core I don't generally consider it very important (though, we did it in any case; in part to set a good example).  I had proposed the ecosystem switch to it, back around when BIP 32 was announced, but we hadn't switched to it in Bitcoin Core yet because derandomized signing basically requires replacing what OpenSSL does. (OpenSSL does have a non-standard quasi 6979 implementation in its source repository-- for a long time I'd hoped to pick that up-- but its never made it into production for some reason.)

With respect to the side-channel attacks. It seems to be impossible to convince people of the non-wisdom of running critical cryptographic software on commodity shared-hardware virtual machines; just like it's hard to convince them to stop reusing addresses. Especially when coupled with the fact that the parties doing this are usually handling third party funds, it seems like disaster waiting to happen in a number of respects. With flush+reload boosted side-channel attacks being successfully performed against OpenSSL for our curve with a surprisingly small number of queries, I did consider that fairly concerning.

The distinction is that getting the signing nonces right is a process that can be secured one time for all users by auditing the software; but making sure users don't deploy in a side-channel vulnerable way is something that must be done for each and every user and doesn't really scale. The possitiblity of side-channel attacks is very surprising to people so they don't tend to do much to secure against them. Better to just close the sidechannel.

(also, wtf is with this thread? it seems like five threads merged together. It's impossible to read; I never would have found this post except by pure chance.)
tvbcof
Legendary
*
Offline Offline

Activity: 1988


View Profile
January 12, 2015, 10:08:22 PM
 #20047

...
(also, wtf is with this thread? it seems like five threads merged together. It's impossible to read; I never would have found this post except by pure chance.)

The thread was created for trolling (notice the title and location) and that's often what happens, but it can be hard not to slip up sometimes.


Odalv
Legendary
*
Offline Offline

Activity: 1064



View Profile
January 12, 2015, 10:32:45 PM
 #20048

I think deterministic signatures are much more important than constant-time signatures (there's been a non-trivial amount of funds lost due to the repeat k-value problem but I doubt a single satoshi has ever been lost due to a genuine side-channel attack).  Someone like gmaxwell could comment better on the practical risks here…
There never has been a single 1e-8 btc lost due to reused/bad K ... in a competent implementation. The places we've seen lossage have been implementations which were horrific in other ways as well (like only having 32..48 bits of randomness total)... ultimately, if you can't generate strong random numbers you're going to be utterly screwed in any case, because your private keys themselves will be predictable. It's more important for embedded/hardware implementations which are more likely to suffer from randomness problems and are easier targets for attack. (e.g. tampering with the supply chain for all server hardware in order to backdoor Bitcoin Core is probably much less attractive than going after the supply chain for a hardware wallet). So while derandomized signing is a good practise because it aids auditability and _maybe_ reduces the space for incompetent implementations to screw up a bit, in someplace like Bitcoin Core I don't generally consider it very important (though, we did it in any case; in part to set a good example).  I had proposed the ecosystem switch to it, back around when BIP 32 was announced, but we hadn't switched to it in Bitcoin Core yet because derandomized signing basically requires replacing what OpenSSL does. (OpenSSL does have a non-standard quasi 6979 implementation in its source repository-- for a long time I'd hoped to pick that up-- but its never made it into production for some reason.)

With respect to the side-channel attacks. It seems to be impossible to convince people of the non-wisdom of running critical cryptographic software on commodity shared-hardware virtual machines; just like it's hard to convince them to stop reusing addresses.
 Especially when coupled with the fact that the parties doing this are usually handling third party funds, it seems like disaster waiting to happen in a number of respects. With flush+reload boosted side-channel attacks being successfully performed against OpenSSL for our curve with a surprisingly small number of queries, I did consider that fairly concerning.

The distinction is that getting the signing nonces right is a process that can be secured one time for all users by auditing the software; but making sure users don't deploy in a side-channel vulnerable way is something that must be done for each and every user and doesn't really scale. The possitiblity of side-channel attacks is very surprising to people so they don't tend to do much to secure against them. Better to just close the sidechannel.

(also, wtf is with this thread? it seems like five threads merged together. It's impossible to read; I never would have found this post except by pure chance.)

Bitstamp COLD wallet !!!
https://blockchain.info/address/1JoktQJhCzuCQkt3GnQ8Xddcq4mUgNyXEa

address reused endless 5 times ... and this address holds "Final Balance 125,056.91900661" BTC !!!
rocks
Legendary
*
Offline Offline

Activity: 1153


View Profile
January 12, 2015, 10:33:12 PM
 #20049

I think deterministic signatures are much more important than constant-time signatures (there's been a non-trivial amount of funds lost due to the repeat k-value problem but I doubt a single satoshi has ever been lost due to a genuine side-channel attack).  Someone like gmaxwell could comment better on the practical risks here…
There never has been a single 1e-8 btc lost due to reused/bad K ... in a competent implementation.

I am completely shocked that you of all people are making this claim gmaxwell. Reusing a K value is against the DSA signing algorithm's specifications. Reusing a K value is an incompetent implementation by definition. There have been multiple instances where BTC were lost because bitcoin client software reused the same K value for different signatures on the same address. If you do so you're guaranteed to find that address emptied fairly quickly, based on past instances it seems there there network monitors actively watching for this exact situation.
tvbcof
Legendary
*
Offline Offline

Activity: 1988


View Profile
January 12, 2015, 10:41:11 PM
 #20050

...
address reused endless 5 times ... and this address holds "Final Balance 125,056.91900661" BTC !!!

Mother of God!  Any address controlling more than 100 BTC keeps me up at night.  And I only got lazy and bumped things up to that value because BTC got into the single digit $/BTC.  It's not the crypto that bothers me as much as other more course failure modes and the desirability of distribution.

 edits - slight adjustments.

JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 868



View Profile
January 12, 2015, 11:11:09 PM
 #20051

I am completely shocked that you of all people are making this claim gmaxwell.

I understood "there has never been [a loss due to reused K value] in a proper implementation".

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
epilido
Jr. Member
*
Offline Offline

Activity: 30


View Profile
January 12, 2015, 11:13:17 PM
 #20052

...
address reused endless 5 times ... and this address holds "Final Balance 125,056.91900661" BTC !!!

Mother of God!  Any address controlling more than 100 BTC keeps me up at night.  And I only got lazy and bumped things up to that value because BTC got into the single digit $/BTC.  It's not the crypto that bothers me as much as other more course failure modes and the desirability of distribution.

 edits - slight adjustments.

[/quote

So I guess my android tablet running http://wallet.schildbach.de  with around 50 btc would give you palpitations and drive you to drink?
tvbcof
Legendary
*
Offline Offline

Activity: 1988


View Profile
January 12, 2015, 11:14:31 PM
 #20053


Bitcoin has clearly failed in an 'exchange' role as evidenced by still not needing to fiddle with the 7 tps transaction rate (1MB block size) and not being on a trajectory to need to do so any time soon.  The reason for this is abundantly clear and I've been saying so for years:  Bitcoin is simply not competitive in this role.
...
The pipe-dream of using Bitcoin as an exchange currency has unsurprisingly sucked in a school of intellectual herring, but more surprisingly also a bunch of VC predator food-chain class who I would have not expected to be such dullards. ...

Lemme just follow up on that briefly for the benefit of those here who are not so mentally adroit (e.g., cypherdoc, justusranvier, etc.)

I wrote that after reading about the BitPay layoffs.  This is an indicator that it's starting to dawn on the VC types that they've been shucked by us geeks (and the last half year of charts indicates something similar.)  It's probably not monetary loss which stings as much as being ridiculed by their peers.

Anyway, I read this as a strong alignment of the tea leaves showing that we may be in for more hard times for a while.  The low hanging fruit has been plucked.  It was fun, but now it's time to knuckle down and let Bitcoin build on it's true strength as a solid reserve currency.  I just hope it's still possible.  If it is it will be a monster pay-day for us hodlers.  If it's not, oh well...it was a fun ride.


tvbcof
Legendary
*
Offline Offline

Activity: 1988


View Profile
January 12, 2015, 11:17:28 PM
 #20054

...
address reused endless 5 times ... and this address holds "Final Balance 125,056.91900661" BTC !!!

Mother of God!  Any address controlling more than 100 BTC keeps me up at night.  And I only got lazy and bumped things up to that value because BTC got into the single digit $/BTC.  It's not the crypto that bothers me as much as other more course failure modes and the desirability of distribution.

 edits - slight adjustments.


So I guess my android tablet running http://wallet.schildbach.de  with around 50 btc would give you palpitations and drive you to drink?

ofuckyeah!  My mail on an android tablet does this (which is why I don't even do real mail on Android or Windows.)


epilido
Jr. Member
*
Offline Offline

Activity: 30


View Profile
January 12, 2015, 11:33:43 PM
 #20055

...
address reused endless 5 times ... and this address holds "Final Balance 125,056.91900661" BTC !!!

Mother of God!  Any address controlling more than 100 BTC keeps me up at night.  And I only got lazy and bumped things up to that value because BTC got into the single digit $/BTC.  It's not the crypto that bothers me as much as other more course failure modes and the desirability of distribution.

 edits - slight adjustments.


So I guess my android tablet running http://wallet.schildbach.de  with around 50 btc would give you palpitations and drive you to drink?

ofuckyeah!  My mail on an android tablet does this (which is why I don't even do real mail on Android or Windows.)



So it's confirmed,  your just crazy (or I am).  I have only ever lost coins when I was playing around with multiple wallets and trying to learn a little bash scripting when I should have been using the testnet. It's crazy to think about testing with a wallet with a few coins in it a few years ago when it was only 10 USD  total.  When I realized I had copied over the wallet file and had no backup I thought well that was a good lesson glad I didn't have more coins in that wallet.
tvbcof
Legendary
*
Offline Offline

Activity: 1988


View Profile
January 12, 2015, 11:42:03 PM
 #20056

...
the problem here is that when the price doesn't conform to ppl's expectations, low level thinkers like tvbcof & even high level thinkers like Adam ...

Say, I was just thinking, wasn't it about a year ago I was moving some of my position out of Bitcoin and into USD and gold if I could figure out an expedient and cheap way to do it and telling everyone about my plans?

Why don't you be a sport, cyph, and tell everyone here how my ass tastes?


gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 2030



View Profile
January 13, 2015, 12:10:56 AM
 #20057

I am completely shocked that you of all people are making this claim gmaxwell. Reusing a K value is against the DSA signing algorithm's specifications. Reusing a K value is an incompetent implementation by definition. There have been multiple instances where BTC were lost because bitcoin client software reused the same K value for different signatures on the same address. If you do so you're guaranteed to find that address emptied fairly quickly, based on past instances it seems there there network monitors actively watching for this exact situation.
Maybe when you find yourself shocked you should take that as a signal that perhaps you misunderstood and should read again.

"is an incompetent implementation by definition" Exactly. And if you are using an incompetent implementation you are in extreme peril no matter how many layers of cargo-cult buzzword security theatre it's author has dressed it up in.

Insecure nonce generation isn't something that happens by chance-- not for the size of the numbers involved here, it is not some random fault, not some cosmic ray event. (Okay, sure, anything can happen, but that isn't whats has actually happened).  The faults you're talking about are real but they are exclusively the result of dangerously incompetent software which would not (and in some cases did not) pass even the most straight forward review, if it were ever reviewed at all.  In most (though not quite all) cases _same_ software would still be insecure, even using derandomized DSA, because it also use the same faulty procedures to generate the private keys; which have just as strong of a requirement for randomness but have no way around it.

AFAIK, I was the first or at least one of the first persons to suggest that implementations in this space probably ought to be using derandomization, e.g. http://sourceforge.net/p/bitcoin/mailman/message/31306213/ (and many times previously on IRC and directly to implementers). I went and nagged several of the early hardware wallet vendors to go change their approach, etc.

Quote
because bitcoin client software
What you should say is dangerous, incompetent software, which likely would have (or actually did) lost the users funds in several different other ways as well.

The question I was responding to, if you can find the context in this huge thread, was on the relative priority of sidechannel resistance and derandomization in Bitcoin Core. The person I was responding to thought sidechannel attack resistance was unimportant and that randomization was important (or at least more important). I responded that relatively speaking I consider sidechannel resistance more important there: the signature randomness story isn't not a disaster in Bitcoin core, and if it were the private key generation would be just as broken or worse. This isn't the same for all applications, in some applications it matters more than others. And derandomization is prudent just out of principle, so we use it for Bitcoin Core... but comparatively speaking, given the above considerations of the two I don't consider it the more important one.
Adrian-x
Legendary
*
Offline Offline

Activity: 1330



View Profile
January 13, 2015, 12:28:29 AM
 #20058

http://www.druva.com/blog/next-decade-storage/

Looks like storage isn't likely the biggest problem to overcome, seems there is room for innovation.

Quote from:  from the link above
Robin Harris, a.k.a. StorageMojo, peers into his crystal ball to predict what storage will be like in 2025. And, he says, the next 10 years will be the most exciting and explosive in the history of data storage.

Thank me in Bits 12MwnzxtprG2mHm3rKdgi7NmJKCypsMMQw
tvbcof
Legendary
*
Offline Offline

Activity: 1988


View Profile
January 13, 2015, 12:36:01 AM
 #20059


So it's confirmed,  your just crazy (or I am).  I have only ever lost coins when I was playing around with multiple wallets and trying to learn a little bash scripting when I should have been using the testnet. It's crazy to think about testing with a wallet with a few coins in it a few years ago when it was only 10 USD  total.  When I realized I had copied over the wallet file and had no backup I thought well that was a good lesson glad I didn't have more coins in that wallet.


Way to insecure for us purists.

  I know not what path others may choose, but for me, give me bourne shell or give me death.*

(*) ok, ok.  Almquist shell.


tabnloz
Hero Member
*****
Offline Offline

Activity: 793


View Profile
January 13, 2015, 02:03:10 AM
 #20060

Just saw this RT'd on Twitter.

Bryce Weiner ‏@BryceWeiner  Jan 11
It hasn't been announced yet, but it's pretty clear that @Blockstream is going to take over core development from the @BTCFoundation

Pages: « 1 ... 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 [1003] 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 ... 1560 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!