Bitcoin Forum
March 28, 2024, 05:11:05 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Poll
Question: Will you support Gavin's new block size limit hard fork of 8MB by January 1, 2016 then doubling every 2 years?
1.  yes
2.  no

Pages: « 1 ... 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 [1001] 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 ... 1557 »
  Print  
Author Topic: Gold collapsing. Bitcoin UP.  (Read 2032126 times)
cypherdoc (OP)
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
January 12, 2015, 08:45:34 PM
 #20001

This is what sidechains mean to me.

Side chains are not even the slightest bit needed to use BTC as a reserve currency. It's nearly prefect the way it is. 7 tps is plenty for that. Probably an order of magnitude or two overkill in fact.




the problem here is that when the price doesn't conform to ppl's expectations, low level thinkers like tvbcof & even high level thinkers like Adam, begin to believe that there is something wrong and start thinking they're smarter than Satoshi and start proposing all sorts of hair brained "solutions".  this is just another of many repeated sufferings we all have to endure.
1711645865
Hero Member
*
Offline Offline

Posts: 1711645865

View Profile Personal Message (Offline)

Ignore
1711645865
Reply with quote  #2

1711645865
Report to moderator
The Bitcoin network protocol was designed to be extremely flexible. It can be used to create timed transactions, escrow transactions, multi-signature transactions, etc. The current features of the client only hint at what will be possible in the future.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
rocks
Legendary
*
Offline Offline

Activity: 1153
Merit: 1000


View Profile
January 12, 2015, 08:53:42 PM
 #20002

oil?  who the hell needs oil?  let alone natgas.  major storm brewing:

Didn't you get the memo, we are all going to live off of perfectly stable wind/solar power and unicorn farts for now on.

The energy sector still has a way to go down, but it will be time to reload energy stocks in a bit (after a round of bankruptcies and defaults). The current supply/demand imbalance will not knock out US energy which has more than enough of a capital base to ride this out, but will severely damage supply from dystopian basket cases such as Venezuela (the country of my birth) and Iran.
cypherdoc (OP)
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
January 12, 2015, 08:59:53 PM
 #20003

This is what sidechains mean to me.

Side chains are not even the slightest bit needed to use BTC as a reserve currency. It's nearly prefect the way it is. 7 tps is plenty for that. Probably an order of magnitude or two overkill in fact.

Unfortunately, the 7 tps is an old estimate, and the reality of large blocks is that 2400 tx is maximum, or 4 tps. However, even this is too large because some miners still turn out near empty blocks, and would do so even if the network had a severe backlog. So 3 tps is a more accurate working number.

i never heard of why the Mystery Miner of a coupla years ago failed mining 0 tx blocks.  any ideas?
tvbcof
Legendary
*
Offline Offline

Activity: 4564
Merit: 1276


View Profile
January 12, 2015, 09:11:52 PM
 #20004

This is what sidechains mean to me.

Side chains are not even the slightest bit needed to use BTC as a reserve currency.

They have absolute need for a reserve currency because it eliminates the need for such backing as POW or POS.

Now they still will need POW, but only to support Bitcoin.  Not (necessarily) to support their own core infrastructure needs though many probably will leverage this anyway.


It's nearly prefect the way it is. 7 tps is plenty for that. Probably an order of magnitude or two overkill in fact.

That is in no way clear to me.  With activity of the magnitude I'm visualizing individuals just exercising the peg to the backing store could be significant not to mention the various balancing that the multitude of sidechains will be wishing to perform on the actual backing store itself.  Also, of course, I see a role for individuals and organizations using native Bitcoin raw, but mostly just for critical or 'difficult' tasks.

One way or another, pushing up into where the transaction fees are a factor before trying to push a harmful and potentially devastating hard-fork makes a lot of sense to me.  If the 'new paradigm' that Bitcoin transactions are ever-subsidized for nearly free use by the masses is where people's heads are at, they should say so.  Piss or get off the pot.  It's disgusting and embarrassing to see these supposed 'principles' of Bitcoin be milked for marketing reasons long after they've exceeded their shelf-life and become absurd.


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 4158
Merit: 8343



View Profile WWW
January 12, 2015, 09:42:49 PM
 #20005

I think deterministic signatures are much more important than constant-time signatures (there's been a non-trivial amount of funds lost due to the repeat k-value problem but I doubt a single satoshi has ever been lost due to a genuine side-channel attack).  Someone like gmaxwell could comment better on the practical risks here…
There never has been a single 1e-8 btc lost due to reused/bad K ... in a competent implementation. The places we've seen lossage have been implementations which were horrific in other ways as well (like only having 32..48 bits of randomness total)... ultimately, if you can't generate strong random numbers you're going to be utterly screwed in any case, because your private keys themselves will be predictable. It's more important for embedded/hardware implementations which are more likely to suffer from randomness problems and are easier targets for attack. (e.g. tampering with the supply chain for all server hardware in order to backdoor Bitcoin Core is probably much less attractive than going after the supply chain for a hardware wallet). So while derandomized signing is a good practise because it aids auditability and _maybe_ reduces the space for incompetent implementations to screw up a bit, in someplace like Bitcoin Core I don't generally consider it very important (though, we did it in any case; in part to set a good example).  I had proposed the ecosystem switch to it, back around when BIP 32 was announced, but we hadn't switched to it in Bitcoin Core yet because derandomized signing basically requires replacing what OpenSSL does. (OpenSSL does have a non-standard quasi 6979 implementation in its source repository-- for a long time I'd hoped to pick that up-- but its never made it into production for some reason.)

With respect to the side-channel attacks. It seems to be impossible to convince people of the non-wisdom of running critical cryptographic software on commodity shared-hardware virtual machines; just like it's hard to convince them to stop reusing addresses. Especially when coupled with the fact that the parties doing this are usually handling third party funds, it seems like disaster waiting to happen in a number of respects. With flush+reload boosted side-channel attacks being successfully performed against OpenSSL for our curve with a surprisingly small number of queries, I did consider that fairly concerning.

The distinction is that getting the signing nonces right is a process that can be secured one time for all users by auditing the software; but making sure users don't deploy in a side-channel vulnerable way is something that must be done for each and every user and doesn't really scale. The possitiblity of side-channel attacks is very surprising to people so they don't tend to do much to secure against them. Better to just close the sidechannel.

(also, wtf is with this thread? it seems like five threads merged together. It's impossible to read; I never would have found this post except by pure chance.)
tvbcof
Legendary
*
Offline Offline

Activity: 4564
Merit: 1276


View Profile
January 12, 2015, 10:08:22 PM
 #20006

...
(also, wtf is with this thread? it seems like five threads merged together. It's impossible to read; I never would have found this post except by pure chance.)

The thread was created for trolling (notice the title and location) and that's often what happens, but it can be hard not to slip up sometimes.


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
Odalv
Legendary
*
Offline Offline

Activity: 1400
Merit: 1000



View Profile
January 12, 2015, 10:32:45 PM
 #20007

I think deterministic signatures are much more important than constant-time signatures (there's been a non-trivial amount of funds lost due to the repeat k-value problem but I doubt a single satoshi has ever been lost due to a genuine side-channel attack).  Someone like gmaxwell could comment better on the practical risks here…
There never has been a single 1e-8 btc lost due to reused/bad K ... in a competent implementation. The places we've seen lossage have been implementations which were horrific in other ways as well (like only having 32..48 bits of randomness total)... ultimately, if you can't generate strong random numbers you're going to be utterly screwed in any case, because your private keys themselves will be predictable. It's more important for embedded/hardware implementations which are more likely to suffer from randomness problems and are easier targets for attack. (e.g. tampering with the supply chain for all server hardware in order to backdoor Bitcoin Core is probably much less attractive than going after the supply chain for a hardware wallet). So while derandomized signing is a good practise because it aids auditability and _maybe_ reduces the space for incompetent implementations to screw up a bit, in someplace like Bitcoin Core I don't generally consider it very important (though, we did it in any case; in part to set a good example).  I had proposed the ecosystem switch to it, back around when BIP 32 was announced, but we hadn't switched to it in Bitcoin Core yet because derandomized signing basically requires replacing what OpenSSL does. (OpenSSL does have a non-standard quasi 6979 implementation in its source repository-- for a long time I'd hoped to pick that up-- but its never made it into production for some reason.)

With respect to the side-channel attacks. It seems to be impossible to convince people of the non-wisdom of running critical cryptographic software on commodity shared-hardware virtual machines; just like it's hard to convince them to stop reusing addresses.
 Especially when coupled with the fact that the parties doing this are usually handling third party funds, it seems like disaster waiting to happen in a number of respects. With flush+reload boosted side-channel attacks being successfully performed against OpenSSL for our curve with a surprisingly small number of queries, I did consider that fairly concerning.

The distinction is that getting the signing nonces right is a process that can be secured one time for all users by auditing the software; but making sure users don't deploy in a side-channel vulnerable way is something that must be done for each and every user and doesn't really scale. The possitiblity of side-channel attacks is very surprising to people so they don't tend to do much to secure against them. Better to just close the sidechannel.

(also, wtf is with this thread? it seems like five threads merged together. It's impossible to read; I never would have found this post except by pure chance.)

Bitstamp COLD wallet !!!
https://blockchain.info/address/1JoktQJhCzuCQkt3GnQ8Xddcq4mUgNyXEa

address reused endless 5 times ... and this address holds "Final Balance 125,056.91900661" BTC !!!
rocks
Legendary
*
Offline Offline

Activity: 1153
Merit: 1000


View Profile
January 12, 2015, 10:33:12 PM
Last edit: January 12, 2015, 10:44:50 PM by rocks
 #20008

I think deterministic signatures are much more important than constant-time signatures (there's been a non-trivial amount of funds lost due to the repeat k-value problem but I doubt a single satoshi has ever been lost due to a genuine side-channel attack).  Someone like gmaxwell could comment better on the practical risks here…
There never has been a single 1e-8 btc lost due to reused/bad K ... in a competent implementation.

I am completely shocked that you of all people are making this claim gmaxwell. Reusing a K value is against the DSA signing algorithm's specifications. Reusing a K value is an incompetent implementation by definition. There have been multiple instances where BTC were lost because bitcoin client software reused the same K value for different signatures on the same address. If you do so you're guaranteed to find that address emptied fairly quickly, based on past instances it seems there there network monitors actively watching for this exact situation.
tvbcof
Legendary
*
Offline Offline

Activity: 4564
Merit: 1276


View Profile
January 12, 2015, 10:41:11 PM
 #20009

...
address reused endless 5 times ... and this address holds "Final Balance 125,056.91900661" BTC !!!

Mother of God!  Any address controlling more than 100 BTC keeps me up at night.  And I only got lazy and bumped things up to that value because BTC got into the single digit $/BTC.  It's not the crypto that bothers me as much as other more course failure modes and the desirability of distribution.

 edits - slight adjustments.

sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
January 12, 2015, 11:11:09 PM
 #20010

I am completely shocked that you of all people are making this claim gmaxwell.

I understood "there has never been [a loss due to reused K value] in a proper implementation".

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
epilido
Jr. Member
*
Offline Offline

Activity: 34
Merit: 1


View Profile
January 12, 2015, 11:13:17 PM
 #20011

...
address reused endless 5 times ... and this address holds "Final Balance 125,056.91900661" BTC !!!

Mother of God!  Any address controlling more than 100 BTC keeps me up at night.  And I only got lazy and bumped things up to that value because BTC got into the single digit $/BTC.  It's not the crypto that bothers me as much as other more course failure modes and the desirability of distribution.

 edits - slight adjustments.

[/quote

So I guess my android tablet running http://wallet.schildbach.de  with around 50 btc would give you palpitations and drive you to drink?
tvbcof
Legendary
*
Offline Offline

Activity: 4564
Merit: 1276


View Profile
January 12, 2015, 11:14:31 PM
 #20012


Bitcoin has clearly failed in an 'exchange' role as evidenced by still not needing to fiddle with the 7 tps transaction rate (1MB block size) and not being on a trajectory to need to do so any time soon.  The reason for this is abundantly clear and I've been saying so for years:  Bitcoin is simply not competitive in this role.
...
The pipe-dream of using Bitcoin as an exchange currency has unsurprisingly sucked in a school of intellectual herring, but more surprisingly also a bunch of VC predator food-chain class who I would have not expected to be such dullards. ...

Lemme just follow up on that briefly for the benefit of those here who are not so mentally adroit (e.g., cypherdoc, justusranvier, etc.)

I wrote that after reading about the BitPay layoffs.  This is an indicator that it's starting to dawn on the VC types that they've been shucked by us geeks (and the last half year of charts indicates something similar.)  It's probably not monetary loss which stings as much as being ridiculed by their peers.

Anyway, I read this as a strong alignment of the tea leaves showing that we may be in for more hard times for a while.  The low hanging fruit has been plucked.  It was fun, but now it's time to knuckle down and let Bitcoin build on it's true strength as a solid reserve currency.  I just hope it's still possible.  If it is it will be a monster pay-day for us hodlers.  If it's not, oh well...it was a fun ride.


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
tvbcof
Legendary
*
Offline Offline

Activity: 4564
Merit: 1276


View Profile
January 12, 2015, 11:17:28 PM
 #20013

...
address reused endless 5 times ... and this address holds "Final Balance 125,056.91900661" BTC !!!

Mother of God!  Any address controlling more than 100 BTC keeps me up at night.  And I only got lazy and bumped things up to that value because BTC got into the single digit $/BTC.  It's not the crypto that bothers me as much as other more course failure modes and the desirability of distribution.

 edits - slight adjustments.


So I guess my android tablet running http://wallet.schildbach.de  with around 50 btc would give you palpitations and drive you to drink?

ofuckyeah!  My mail on an android tablet does this (which is why I don't even do real mail on Android or Windows.)


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
epilido
Jr. Member
*
Offline Offline

Activity: 34
Merit: 1


View Profile
January 12, 2015, 11:33:43 PM
 #20014

...
address reused endless 5 times ... and this address holds "Final Balance 125,056.91900661" BTC !!!

Mother of God!  Any address controlling more than 100 BTC keeps me up at night.  And I only got lazy and bumped things up to that value because BTC got into the single digit $/BTC.  It's not the crypto that bothers me as much as other more course failure modes and the desirability of distribution.

 edits - slight adjustments.


So I guess my android tablet running http://wallet.schildbach.de  with around 50 btc would give you palpitations and drive you to drink?

ofuckyeah!  My mail on an android tablet does this (which is why I don't even do real mail on Android or Windows.)



So it's confirmed,  your just crazy (or I am).  I have only ever lost coins when I was playing around with multiple wallets and trying to learn a little bash scripting when I should have been using the testnet. It's crazy to think about testing with a wallet with a few coins in it a few years ago when it was only 10 USD  total.  When I realized I had copied over the wallet file and had no backup I thought well that was a good lesson glad I didn't have more coins in that wallet.
tvbcof
Legendary
*
Offline Offline

Activity: 4564
Merit: 1276


View Profile
January 12, 2015, 11:42:03 PM
 #20015

...
the problem here is that when the price doesn't conform to ppl's expectations, low level thinkers like tvbcof & even high level thinkers like Adam ...

Say, I was just thinking, wasn't it about a year ago I was moving some of my position out of Bitcoin and into USD and gold if I could figure out an expedient and cheap way to do it and telling everyone about my plans?

Why don't you be a sport, cyph, and tell everyone here how my ass tastes?


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 4158
Merit: 8343



View Profile WWW
January 13, 2015, 12:10:56 AM
 #20016

I am completely shocked that you of all people are making this claim gmaxwell. Reusing a K value is against the DSA signing algorithm's specifications. Reusing a K value is an incompetent implementation by definition. There have been multiple instances where BTC were lost because bitcoin client software reused the same K value for different signatures on the same address. If you do so you're guaranteed to find that address emptied fairly quickly, based on past instances it seems there there network monitors actively watching for this exact situation.
Maybe when you find yourself shocked you should take that as a signal that perhaps you misunderstood and should read again.

"is an incompetent implementation by definition" Exactly. And if you are using an incompetent implementation you are in extreme peril no matter how many layers of cargo-cult buzzword security theatre it's author has dressed it up in.

Insecure nonce generation isn't something that happens by chance-- not for the size of the numbers involved here, it is not some random fault, not some cosmic ray event. (Okay, sure, anything can happen, but that isn't whats has actually happened).  The faults you're talking about are real but they are exclusively the result of dangerously incompetent software which would not (and in some cases did not) pass even the most straight forward review, if it were ever reviewed at all.  In most (though not quite all) cases _same_ software would still be insecure, even using derandomized DSA, because it also use the same faulty procedures to generate the private keys; which have just as strong of a requirement for randomness but have no way around it.

AFAIK, I was the first or at least one of the first persons to suggest that implementations in this space probably ought to be using derandomization, e.g. http://sourceforge.net/p/bitcoin/mailman/message/31306213/ (and many times previously on IRC and directly to implementers). I went and nagged several of the early hardware wallet vendors to go change their approach, etc.

Quote
because bitcoin client software
What you should say is dangerous, incompetent software, which likely would have (or actually did) lost the users funds in several different other ways as well.

The question I was responding to, if you can find the context in this huge thread, was on the relative priority of sidechannel resistance and derandomization in Bitcoin Core. The person I was responding to thought sidechannel attack resistance was unimportant and that randomization was important (or at least more important). I responded that relatively speaking I consider sidechannel resistance more important there: the signature randomness story isn't not a disaster in Bitcoin core, and if it were the private key generation would be just as broken or worse. This isn't the same for all applications, in some applications it matters more than others. And derandomization is prudent just out of principle, so we use it for Bitcoin Core... but comparatively speaking, given the above considerations of the two I don't consider it the more important one.
Adrian-x
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000



View Profile
January 13, 2015, 12:28:29 AM
 #20017

http://www.druva.com/blog/next-decade-storage/

Looks like storage isn't likely the biggest problem to overcome, seems there is room for innovation.

Quote from:  from the link above
Robin Harris, a.k.a. StorageMojo, peers into his crystal ball to predict what storage will be like in 2025. And, he says, the next 10 years will be the most exciting and explosive in the history of data storage.

Thank me in Bits 12MwnzxtprG2mHm3rKdgi7NmJKCypsMMQw
tvbcof
Legendary
*
Offline Offline

Activity: 4564
Merit: 1276


View Profile
January 13, 2015, 12:36:01 AM
Last edit: January 13, 2015, 01:53:48 AM by tvbcof
 #20018


So it's confirmed,  your just crazy (or I am).  I have only ever lost coins when I was playing around with multiple wallets and trying to learn a little bash scripting when I should have been using the testnet. It's crazy to think about testing with a wallet with a few coins in it a few years ago when it was only 10 USD  total.  When I realized I had copied over the wallet file and had no backup I thought well that was a good lesson glad I didn't have more coins in that wallet.


Way to insecure for us purists.

  I know not what path others may choose, but for me, give me bourne shell or give me death.*

(*) ok, ok.  Almquist shell.


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
tabnloz
Legendary
*
Offline Offline

Activity: 961
Merit: 1000


View Profile
January 13, 2015, 02:03:10 AM
 #20019

Just saw this RT'd on Twitter.

Bryce Weiner ‏@BryceWeiner  Jan 11
It hasn't been announced yet, but it's pretty clear that @Blockstream is going to take over core development from the @BTCFoundation

cypherdoc (OP)
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
January 13, 2015, 02:07:58 AM
 #20020

Just saw this RT'd on Twitter.

Bryce Weiner ‏@BryceWeiner  Jan 11
It hasn't been announced yet, but it's pretty clear that @Blockstream is going to take over core development from the @BTCFoundation



Yeah, i saw that bullshit earlier. 
Pages: « 1 ... 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 [1001] 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 ... 1557 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!