You are threatening Bitcoin’s security

[minerX]

Hmm...

If this happened, couldn't I just pull my miners off of deepbit?  It's not like I sent him my GPUS or anything.  Once the "rogue code" was identified wouldn't it also be rejected by the community?

Or unless you are thinking they will DDOS for a week straight all over pools or something like that over the longterm.  But then, once again people could simply unplug from deepbit.

Honestly it sounds like the other pools want a bigger share, and thus more money.  Not necessarily for "security."

[1714253343]

1714253343

[1714253343]

1714253343

[MoonShadow]

Hmm...

If this happened, couldn't I just pull my miners off of deepbit?  It's not like I sent him my GPUS or anything.  Once the "rogue code" was identified wouldn't it also be rejected by the community?

Yes.

[Alex Beckenham]

i understood that part of the argument... but my point was, hiding your true operating power in multiple pools so it doesnt look like a single entity is coming ahead... is a danger.

It is already conceivable that slush and tycho are the same person.

[grndzero]

Eligius pays out instantly into your wallet via a generation transaction.

Well, you cannot spend those coins before at least 100 confirmations, so it is basically the same as many other pools. Deepbit isn't "instant" too, it takes one hour to show block on the account...

I don't mind the hour delay, It's those confirms that I do mind. It takes WELL over an hour to get 100-120 confirms. Like I said, If there was a pool that handled it almost exactly like deepbit does. I'd switch.

BTC Guild does payouts on demand (pay me now button) for confirmed transactions, and unconfirmed transactions if you voluntarily donate 2.5%+. They don't however have threshold payout yet (not sure if he plans on implementing that).

[BOARBEAR]

This thread demonstrates why bitcoin is a joke and always will be.

You people flock to bitcoin supposedly to reclaim public, distributed control over a currency, and then you just give away the power to the first pool operator who asks for it.

What a joke.

The fact that people are actually arguing here that "deepbit would never do such a thing" is unbelievable. Is he Jesus now? Is he your new guru? I thought the entire point of bitcoin was that no one would be the guru, no one would have control.

And then you have the incredibly naive and ignorant argument that if someone abused the network people would "rally" to save it. What fantasy world is this? That's not what would happen. People would abandon the currency because they don't want to sink more money into a flawed concept and flawed community.

Amateur hour. The fact that one man already actively controls enough cryptographic power to break the validity of the currency with NO OVERSIGHT and people put their BLIND FAITH in him..... no serious person is going to have confidence in the currency when they learn that the exact exploit conditions presented by the creator have already been fulfilled, and not through investing significant personal resources either, but fulfilled because bitcoin users VOLUNTARILY GAVE AWAY their cryptographic authority to him. Amazing!

 

I am here not to reclaim public, distributed control over a currency.  I am here simply to mine bitcoin and make a profit.  I don't really care if bitcoin fails.  There will be other cryto currency to replace bitcoin if bitcoin fails and that might be a good thing.

[N12]

I conclude that most of the miners are short-sighted people directly selling their Bitcoins for Dollars. They mine on deepbit because it’s too much of a hassle to switch or they don’t really know that a single entity (or even a few entities) in control of >50% of the network’s hashrate are dangerous, and even then, as long as they can convert their BTC into USD today, they won’t care.

If Bitcoin fails, the grashoppers just move on. Nice!

[OtaconEmmerich]

Eligius pays out instantly into your wallet via a generation transaction.

Well, you cannot spend those coins before at least 100 confirmations, so it is basically the same as many other pools. Deepbit isn't "instant" too, it takes one hour to show block on the account...

I don't mind the hour delay, It's those confirms that I do mind. It takes WELL over an hour to get 100-120 confirms. Like I said, If there was a pool that handled it almost exactly like deepbit does. I'd switch.

BTC Guild does payouts on demand (pay me now button) for confirmed transactions, and unconfirmed transactions if you voluntarily donate 2.5%+. They don't however have threshold payout yet (not sure if he plans on implementing that).

Figures, the only mining pool I haven't glanced at yet..I'll try them after testing out SWE Pool for a while. Which is another new pool that supports PPS.

[why]

As mentioned before, problem would easily be solved if there were more publicly-available pooling servers with usable web frontends. You'd see a lot smaller pools of 10-100 people and would make it viable to setup pools for friends/communities (with little to no fees).

[grndzero]

You people flock to bitcoin supposedly to reclaim public, distributed control over a currency, and then you just give away the power to the first pool operator who asks for it.

Key word is give. It can be taken away too.

The fact that people are actually arguing here that "deepbit would never do such a thing" is unbelievable. Is he Jesus now? Is he your new guru? I thought the entire point of bitcoin was that no one would be the guru, no one would have control.

That's free market principles at work. They provide a great service and people use it until they do something to lose people's trust then they go elsewhere.

And then you have the incredibly naive and ignorant argument that if someone abused the network people would "rally" to save it. What fantasy world is this? That's not what would happen. People would abandon the currency because they don't want to sink more money into a flawed concept and flawed community.

If by save then you mean abandon the site and redistribute the power by going to other pools that are springing up left and right or going solo, then yes, absolutely.

Amateur hour. The fact that one man already actively controls enough cryptographic power to break the validity of the currency with NO OVERSIGHT and people put their BLIND FAITH in him..... no serious person is going to have confidence in the currency when they learn that the exact exploit conditions presented by the creator have already been fulfilled, and not through investing significant personal resources either, but fulfilled because bitcoin users VOLUNTARILY GAVE AWAY their cryptographic authority to him. Amazing!

People put blind faith in their federal governments, state governments, city governments, local governments, home owners associations, parent/teacher associations, and any other group that they join voluntarily. Oversight is it's own joke. Everyone thinks they know how to do it right and do it better. The difference here is that protesting is as easy as pulling your hashing power and moving it somewhere else. Until users are given a reason to do so they will keep using whatever service they choose.

The "exact exploit conditions presented by the creator" are having => 50% of the network power, which no one person has, and also that they are anonymous so that no one knows where to go looking if someone trys said exploit.

[imanikin]

I conclude that most of the miners are short-sighted people directly selling their Bitcoins for Dollars. They mine on deepbit because it’s too much of a hassle to switch or they don’t really know that a single entity (or even a few entities) in control of >50% of the network’s hashrate are dangerous, and even then, as long as they can convert their BTC into USD today, they won’t care.

If Bitcoin fails, the grashoppers just move on. Nice!

Right. This was so even before the first pool, not to mention Deepbit. For those who think it's a remote possibility, Deepbit already came really close if not over 50% recently, when Slush went down for a while...

For such people, Bitcoin is not about Satoshi's ideals, or bettering the world we live in; it's just about greed and "it's-all-about-me" personal profit...

[why]

The "exact exploit conditions presented by the creator" are having => 50% of the network power, which no one person has, and also that they are anonymous so that no one knows where to go looking if someone trys said exploit.

No one can know if pool owners can be in cahoots with one another. At current rates, pools the size of deepbit are already making profit potentials upwards of 800-1k$ daily, not to mention the power that comes with having that much of the network.

[Veldy]

This thread demonstrates why bitcoin is a joke and always will be.

You people flock to bitcoin supposedly to reclaim public, distributed control over a currency, and then you just give away the power to the first pool operator who asks for it.

What a joke.

The fact that people are actually arguing here that "deepbit would never do such a thing" is unbelievable. Is he Jesus now? Is he your new guru? I thought the entire point of bitcoin was that no one would be the guru, no one would have control.

And then you have the incredibly naive and ignorant argument that if someone abused the network people would "rally" to save it. What fantasy world is this? That's not what would happen. People would abandon the currency because they don't want to sink more money into a flawed concept and flawed community.

Amateur hour. The fact that one man already actively controls enough cryptographic power to break the validity of the currency with NO OVERSIGHT and people put their BLIND FAITH in him..... no serious person is going to have confidence in the currency when they learn that the exact exploit conditions presented by the creator have already been fulfilled, and not through investing significant personal resources either, but fulfilled because bitcoin users VOLUNTARILY GAVE AWAY their cryptographic authority to him. Amazing!

 

For the record, the attack is technically possible at > 50%, but to make any real amount of return on implementing this attack would require a significantly greater percentage as it would be noticed rather quickly if the attacker was only able to build a new chained block that is longer than the original at slightly faster than the rest of the pool.  As we know, however, knocking out another large pool, as happened when Slush went down last weekend or so, resulted in a flood of people into deepbit and a huge spike in hash rate, so being at 50% or so already (hypothetical case) and taking out a 30% pool with say 2/3 of them going to deepbit [considering the number of pools that exist today], that would put deepbit at 70% making it a huge threat for attack.  I do not think Tycho would do this as he is making a lot of money the way it is and destroying a revenue stream for a one time gain and somehow cashing out or spending the coins would not be beneficial for him.  More likely is a remote attacker taking over the pool.  I am glad measures are being taken to to avoid such an attack [by at least a few pools], but there are those out there, with enough motive, that will eventually attempt it in all likelihood given the opportunity [which is the subject of this thread].

The point of this post; an attack would not in all likelihood destroy the bitcoin economy, but it would damage it [trust would go down and apparent risk would go up and thus prices would drop].  Many people would lose funds they thought they had from the pool used for the attack, but it would be distributed, so it is probably less likely to destroy the market as destroy the pool that performed the attack [nobody would use the pool again if it had been used as a weapon for theft].  Worst case is that people would go back to solo mining making the growth of network hashing power slow or even reverse [which might be a good thing] and virtually eliminating the threat for the future.  Pools are only dangerous if used as a weapon [although they are drawing in a lot of hardware causing a "waste" of a lot of electricity that wouldn't be as great with solo mining ... many simply wouldn't solo mine].  I want to see bitcoin do well and I do not want to see such an attack ever occur and I am pretty sure that the pool operators don't either [kills their revenue stream].  Consider how fast they would have to "rechain" multiple blocks without detection to get a large loot. 

Solution?  Not sure if feasible, but if some sort of pool existed that itself was a member of all other pools and watches out for duplicate base block data to come through as shares of work then it could be detected rather quickly.  Problem .. it would take a large central database at this pool and it would cost significant money to maintain it and have the ability to compare work to past solved blocks.  I don't know if it could be profitable [and it itself could still be cracked ... but we trust banks, for the most part, with our fiat money, so there has to be some level of trust].

Let me pose this.  What would pool users do if ALL pools except one went down over the course of a few hours or minutes?  Would they jump to the one remaining pool?  Now suppose that all but the largest pool went down; would they still jump to the one remaining pool?  That is where pool miners need self control [and it is proven by history that they do not have it currently when one large pool goes down].  Honestly, I think all users should setup an alternative configuration to switch over to solo mining in such a situation or simply just temporarily shut down.  Do the people have the will?

Essentially, I think the risk to bitcoin isn't huge in the long term if such an attack were to take place, at least not if it takes place with the market at it's current size or a significantly larger size.  A potentially costly solution could keep the pools monitored and potentially offset some of the costs by paying enough miners to support it by doing the work pulled from the pools being monitored [probably not feasible, but an idea ... pool operators would payout the monitoring pool of course], and last, miners need to control their emotions and greed to avoid and stop an attack when discovered [if not too late] as I indicated.  The potential for attack and damage from it is real, but the end of bitcoin from such an attack is unlikely.

If you read this far, congratulations   Eventually, if this project turns out as well as expected, some larger merchants are going to get in on the currency, but that is going to require brokers to handle transactions [i.e. reversals for fraud], and accountability of these merchants to their respective government(s) for taxes.  In fact, this could already be an issue for some (I bet most people are net negative from hardware investment or barely positive, so taxes are probably not an issue for most ... yet).  Converting to fiat currency leaves a trail for the tax collectors to go after I think.  Keep receipts for your hardware and electricity investment [hobby income in the US is taxable only when profits exceed expenses of the hobby]. 

Be safe.

[Veldy]

The "exact exploit conditions presented by the creator" are having => 50% of the network power, which no one person has, and also that they are anonymous so that no one knows where to go looking if someone trys said exploit.

No one can know if pool owners can be in cahoots with one another. At current rates, pools the size of deepbit are already making profit potentials upwards of 800-1k$ daily.

And, if deepbit were larger if used for an attack, how much could it net from such an attack before being discovered?  Right now, I think not that much [but still considerable ... but not enough for operators to give up their revenue stream].  I wouldn't expect pool owners to be part of it [although surprises do occur, but I don't think so for the current time frame anyway].

[MoonShadow]

This thread topic is exactly why I never thought that open pools were a good idea.  That said, the ability to create more pools will lead to a proliferation of said pools competing for contributers.  So it's unlikely that any one pool could ever collect the 50% minimum in order to attack the blockchain even for a short while, as the more pools there continue to be, the less of a percentage that each is ever likely to be able to accumulate.

Once again, open source competitiveness comes to the rescue.

[grndzero]

The "exact exploit conditions presented by the creator" are having => 50% of the network power, which no one person has, and also that they are anonymous so that no one knows where to go looking if someone trys said exploit.

No one can know if pool owners can be in cahoots with one another. At current rates, pools the size of deepbit are already making profit potentials upwards of 800-1k$ daily, not to mention the power that comes with having that much of the network.

In a conspiracy to make 800-1k$ per day? I want in on that!

[MoonShadow]

The "exact exploit conditions presented by the creator" are having => 50% of the network power, which no one person has, and also that they are anonymous so that no one knows where to go looking if someone trys said exploit.

No one can know if pool owners can be in cahoots with one another. At current rates, pools the size of deepbit are already making profit potentials upwards of 800-1k$ daily.

And, if deepbit were larger if used for an attack, how much could it net from such an attack before being discovered?  Right now, I think not that much [but still considerable ... but not enough for operators to give up their revenue stream].  I wouldn't expect pool owners to be part of it [although surprises do occur, but I don't think so for the current time frame anyway].

If a major pool is ever hacked, it's much more likely to be hacked quietly with the intent of the attacker redirecting the pool's earnings to himself.

[grndzero]

The "exact exploit conditions presented by the creator" are having => 50% of the network power, which no one person has, and also that they are anonymous so that no one knows where to go looking if someone trys said exploit.

No one can know if pool owners can be in cahoots with one another. At current rates, pools the size of deepbit are already making profit potentials upwards of 800-1k$ daily.

And, if deepbit were larger if used for an attack, how much could it net from such an attack before being discovered?  Right now, I think not that much [but still considerable ... but not enough for operators to give up their revenue stream].  I wouldn't expect pool owners to be part of it [although surprises do occur, but I don't think so for the current time frame anyway].

If a major pool is ever hacked, it's much more likely to be hacked quietly with the intent of the attacker redirecting the pool's earnings to himself.

In this community, how long would it take for a flood of messages to show up on the message board saying people aren't getting their payouts? I'm guessing as soon as 6-8 people posted sequentially there would be mass exodus. Even this style of attack would have limited success.

[grue]

And pool operators DESERVE to take a scrape off the top.  They went through the trouble to build the pool and manage it day to day.  Of course they deserve a share of the profits!  I have no problem with that.

And politicians DESERVE to take a scrape off the top.  They went through the trouble to build the government and manage it day to day.  Of course they deserve a share of our tax dollars!  I have no problem with that

[why]

In a conspiracy to make 800-1k$ per day? I want in on that!

I meant to say that was approximately the value of what is being collected from fees @ current ghash rate, without any further control/manipulation of the system.

[grndzero]

And pool operators DESERVE to take a scrape off the top.  They went through the trouble to build the pool and manage it day to day.  Of course they deserve a share of the profits!  I have no problem with that.

And politicians DESERVE to take a scrape off the top.  They went through the trouble to build the government and manage it day to day.  Of course they deserve a share of our tax dollars!  I have no problem with that

And both happen because you allow it. One with majority vote, and the other with usage of the service. One is much easier to solve than the other though.