Slashdot Mirror

Some time ago Gregory Maxwell proposed the idea of autonomous programs that maintain their own Bitcoin wallet. He gave the concrete example of StorJ, a program that provides encrypted file hosting capacity a la MEGA. By buying server time from VPS providers and re-selling services, purchasing advertising via ad networks that offer APIs, hiring humans to improve their code and spawning children that grow up and compete with the parents in the market, StorJ would be the first artificial life form truly worthy of the name. I enclose a copy of his proposal below for your perusal. I also wrote a wiki page on the concept where I explore the relevance of trusted computing and TPM chips to this use.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

StorJ (pronounced Storage)

Consider a simple drop-box style file service with pay per use via bitcoin.
(perhaps with naming provided via namecoin and/or tor hidden services)

Want to share a file? send at least enough coin to pay for 24 hours of
hosting and one download then send the file. Every day of storage
and every byte transferred counts against the balance and when the
balance becomes negative no downloads are allowed. If it stays negative
too long the file is deleted. Anyone can pay to keep a file online.

(additional services like escrow can also easily be offered, but thats
not the point of this document)

Well engineered, a simple site like this provides a service which requires
no maintenance and is always in demand.

Many hosting services are coming online that accept bitcoin, they
all have electronic interfaces to provision and pay for services. Some
even have nice APIs.

An instance of the site could be programmed to automatically
spawn another instance of itself on another hosting service, automatically
paid for out of its revenue. If the new site is successful it could
use its earnings to propagate further. Because instances adapt their
pricing models based on their operating costs, some would be more
competitive than others.

By reproducing it improves availability and expands capacity.

StorJ instances can purchase other resources that it needs:
it can use APIs to talk to namecoin exchanges in order to buy
namecoin for conversion into DNS names, or purchase graphic
design via bitcoin gateways to mechanical turk. (Through A/B testing
it can measure the effectiveness of a design without actually understanding
it itself).

StorJ instances could also purchase advertising for itself. (though
the limited number of bitcoin friendly ad networks makes this
hard right now)

StorJ is not able to find new hosting environments on its own, due to a
lack of sufficiently powerful AI— but it can purchase the knowledge from
humans: When an instance of StorJ is ready to reproduce it can announce
a request for proposal: Who will make the best offer for a script that
tells it how to load itself onto a new hosting environment and tells it
all the things it needs to know how to survive on its own there?
Each offer is a proposed investment: The offerer puts up the complete cost
of spawning a new instance and then some: StorJ isn't smart enough to judge
bad proposals on its own— instead it forms agreements that make it
unprofitable to cheat.

When a new instance is spawned on an untested service StorJ pays only the
minimum required to get it started and then runs a battery of tests to
make sure that its child is correctly operating.

Assuming that it passes it starts directing customers to the new instance
and the child pays a share of its profits: First it proxies them, so it can
observe the behavior, later it directs it outright. If the child fails to pay,
or the customers complain, StorJ-parent uses its access to terminate the child and
it keeps the funds for itself. When the child had operated enough to
prove itself, storj p

Lots of sites allow gambling with bitcoin. If anything this guy is late to the party. https://en.bitcoin.it/wiki/Trade#Gambling

I think you have value, transactions, and blocks a bit confused.

A typical transaction redeems the output of one or more prior transactions as its inputs, and generates one or more new outputs. Each output specifies the conditions required to redeem it; usually this condition is to sign the new transaction with a specific key. Any excess value from the inputs that is not directed to an output is deemed a transaction fee. Executing a transaction consists simply of specifying inputs and outputs, signing it, and sending it out to some Bitcoin peers.

A block is a data structure that contains a header including a proof of work, a reference to the preceding block it was based on (forming the block chain), a special "coinbase" transaction specified by the miner that disburses collected transaction fees and subsidies, and a collection of whatever additional transactions the miner sees fit to include in the block (subject to a few limits intended to prevent denial of service attacks).

While I agree that economic majority is a rather nebulous concept, it ultimately boils down to whether nodes agree on the validity of a transaction, and in this context, as Lessig so eloquently put it, code is law.

I think you have value, transactions, and blocks a bit confused.

A typical transaction redeems the output of one or more prior transactions as its inputs, and generates one or more new outputs. Each output specifies the conditions required to redeem it; usually this condition is to sign the new transaction with a specific key. Any excess value from the inputs that is not directed to an output is deemed a transaction fee. Executing a transaction consists simply of specifying inputs and outputs, signing it, and sending it out to some Bitcoin peers.

A block is a data structure that contains a header including a proof of work, a reference to the preceding block it was based on (forming the block chain), a special "coinbase" transaction specified by the miner that disburses collected transaction fees and subsidies, and a collection of whatever additional transactions the miner sees fit to include in the block (subject to a few limits intended to prevent denial of service attacks).

While I agree that economic majority is a rather nebulous concept, it ultimately boils down to whether nodes agree on the validity of a transaction, and in this context, as Lessig so eloquently put it, code is law.

You don't need a bank if you are using Bitcoin. However your existing money does and your existing trading partners do. Therefore you need a way to move between the Bitcoin and banking worlds. Hence, exchanges (which already exist, but a new one has launched).

Of course, with no banks, this leads to the question of how you can get credit from the Bitcoin economy. I explored these topics in a talk I gave at the London conference, the latter part covers distributed markets, ways to use modern cryptography in P2P networks to implement things like low overhead bond and stock markets. Consumer credit financed by individual bond issues isn't really practical today, but technology could make it so.

I think this wiki page says it best.

Normally, however, a change proposal is floated with the community, and if adoption seems likely but not certain, the course of action may be to take a poll by specifying a voting period in which miners are asked to include a vote in any blocks they find if they support the proposal. In this context, it is quite literally 'one block, one vote'. In the case of pooled mining, it's up to pool participants to work out how they want to vote with their combined power, with the default being to acquiesce to the pool operator's preference.

I think this wiki page says it best.

Normally, however, a change proposal is floated with the community, and if adoption seems likely but not certain, the course of action may be to take a poll by specifying a voting period in which miners are asked to include a vote in any blocks they find if they support the proposal. In this context, it is quite literally 'one block, one vote'. In the case of pooled mining, it's up to pool participants to work out how they want to vote with their combined power, with the default being to acquiesce to the pool operator's preference.

I think this wiki page says it best.

Normally, however, a change proposal is floated with the community, and if adoption seems likely but not certain, the course of action may be to take a poll by specifying a voting period in which miners are asked to include a vote in any blocks they find if they support the proposal. In this context, it is quite literally 'one block, one vote'. In the case of pooled mining, it's up to pool participants to work out how they want to vote with their combined power, with the default being to acquiesce to the pool operator's preference.

I think this wiki page says it best.

Normally, however, a change proposal is floated with the community, and if adoption seems likely but not certain, the course of action may be to take a poll by specifying a voting period in which miners are asked to include a vote in any blocks they find if they support the proposal. In this context, it is quite literally 'one block, one vote'. In the case of pooled mining, it's up to pool participants to work out how they want to vote with their combined power, with the default being to acquiesce to the pool operator's preference.

https://en.bitcoin.it/wiki/Bitcoins#How_does_the_proof-of-work_system_help_secure_Bitcoin.3F

also

https://en.bitcoin.it/wiki/Block

https://en.bitcoin.it/wiki/Bitcoins#How_does_the_proof-of-work_system_help_secure_Bitcoin.3F

also

https://en.bitcoin.it/wiki/Block

I'm no crypto expert; but it was my layman's understanding that the bitcoin setup is(barring presently unknown attacks) unforgeable; but that there is nothing particularly special about the "Genesis block" at the beginning of the bitcoin block chain, aside from mutual acceptance of it.

Given that, while it is not possible to forge a bitcoin or to produce more than 21,000,000 of them, it should be possible for anybody who feels like it to simply define a new Genesis block and go hashing merrily away. The products of this block chain will be distinguishable from the products of any other block chain; but user convention could assign them value in exactly the same way as it did the old ones(or, more probably, they would trade at a discount against the 'original' bitcoins).

Any speculation on whether the people-who-care-about-bitcoins of the world are sufficiently rabid about some sort of deflationary theory of currency to prevent that, or will we start seeing N different distinct block chains trading between one another as well as select real world commodities?

If you believe the mhash/s speeds of (yet to be released) ASIC hardware, as well as decentralized P2Pool mining, then you'll need to factor in the effect of disruptive technologies on "deflationary spirals". Bitcoin mining was something I was recently evaluating and decided against after researching and factoring in the effects of profitability decline per year on revenue, especially if ASIC hardware delivers as specced.

If you believe the mhash/s speeds of (yet to be released) ASIC hardware, as well as decentralized P2Pool mining, then you'll need to factor in the effect of disruptive technologies on "deflationary spirals". Bitcoin mining was something I was recently evaluating and decided against after researching and factoring in the effects of profitability decline per year on revenue, especially if ASIC hardware delivers as specced.

Actually bitcoin claims that they are not a good test case for a deflationary spiral. Have a look at what they have to say about it/a>.

The answer was cleverly hidden on their public wiki, the last place anyone would ever think to look!

https://en.bitcoin.it/wiki/Mining

"Deflation; It can only go up in value unsustainably" (I'm stunned this class of retard can type at all!)

Sir, I totally agree, it is an amazing feat you can type at all. Have you even read this?
Let me summarize it for you: they wholeheartedly admit that
- Deflation is inevitable
- Economists generally agree that a low level of inflation is a good thing for a currency
- Nobody is quite sure about what might happens (sic, and while this may be formally true in the sense that nobody is quite sure about anything except death, it is misleading; economists generally agree that deflation will inhibit spending and therefore hurts the economy)
- They have only a mechanism (infinite divisibility) in place to combat the obvious consequences of deflation. This is really important! The paragraph about the infinite divisibility is either criminally dishonest or mindbogglingly stupid. Infinite divisibility does not change the fact that the BC you keep in your wallet steadily increase in value, which is exactly what inhibits spending and hurts the economy.

Here's a more elaborate explanation on why deflation is inevitable

it will grow and grow

The number of bitcoins is capped. That part of the scam is to give the early adopters a huge advantage if there are a large number of people that join in the pyramid.

Doesn't mean it couldn't work as a currency - those two are entirely unrelated, apart from the fact that early adopters that believe in the "product" - as per usual in *any* venture - gets to reap more than the latecomers who only come on board after the fact. That's actually an interesting part of it all, it can both be a pyramid scheme (although I doubt that was the point, too far fetched) *and* a working currency.

Also: Bitcoin FAQ: Doesn't Bitcoin unfairly benefit early adopters?

If you are a software engineer I would suggest that you help in trying to review the source code for the reference client and try to understand the protocol for yourself. Since that software package is in an open source license and the protocol is somewhat documented, that is something you can realistically do and even recompile the source code yourself, and even create your own root block or use the test chain (a separate chain of blocks that don't have nearly so many miners working on them and is being used for testing the protocol and mining clients).

The proof is in that protocol and a competent software engineer can evaluate a great many of these claims including a solid review of the hash protocols. I've done that myself and for my own satisfaction... and even helped to write up a significant part of the current "official" specification document that I derived from the original source code that Satoshi wrote. If you really want to get into the specification, which by definition is no bull because it is the working document that engineers need to work from in order to implement the protocol, you can look here:

https://en.bitcoin.it/wiki/Protocol_specification

The rest of that website has several other documents that are extremely useful for learning about Bitcoins, and I would highly recommend reviewing it, although it is written by and for software developers and not mere mortals. The FAQ is especially useful: ahref=https://en.bitcoin.it/wiki/FAQrel=url2html-18813https://en.bitcoin.it/wiki/FAQ>

I wish that the Wikipedia page on Bitcoin was a bit more useful and could go into the technical issues related to how Bitcoin works, and there is the Bitcoin wiki that sort of explains some of the issues and be able to answer your question a little more completely. The problem with your request is that trying to put together such a no-nonsense paper on Bitcion with full references and done in a manner that could pass muster with a major scholarly journal takes a considerable amount of time... usually much more than those who really understand the protocol are willing to put forward into writing. Wikipedia should be such a page, but it really isn't up to speed on that...and I've tried to stay away from writing on Wikipedia about this topic because of potential conflict of interest issues and what would be considered "original research".

The "environmentally friendly" claim is something that is a huge stretch of the imagination, particularly in light of how bitcoin mining is performed, and the "no transaction fee" is a complete farce that simply isn't true.

Fast transfers is relative... as it can take up to a couple of hours for some transactions to get processed (although usually it happens in less than a half hour). I suppose that is "fast" in the sense that international bank transfers can sometimes take several days to clear and be completed. On the other hand, you can transfer via PayPal and take just a few minutes or make a "point of sale" purchase at Wal-Mart in just a few seconds. Of course unmentioned in that situation is that a store really is issuing you temporary credit until those transactions actually get processed.

Security is also somewhat dubious, but it is protected by a hash algorithm that the National Security Agency is using and at the moment is considered to be cryptographically sound on a mathematical basis. Then again, do you trust the NSA? I mean that seriously and not in a tinfoil hat way, but it is a question to legitimately ask.

Divisibility does have a limit, but that limit will likely not be exhausted for a great many years or decades, as the smallest "unit" is of such low value as to be laughable right now. I think it is a billionth of a bitcoin (I'd have to review my notes, but it is something like that) so the claim is still roughly true. If you are buying something of substance like even an old-fa

Don't be ridiculous. You don't have to modchip your motherboard. The TPM chip is, and always has been, something that provides services to the CPU on demand. It can't control your computer. The computer you're using now probably has one already and it may be used for such nefarious purposes as making disk encryption more secure.

Trusted computing has a needlessly bad rap because of kneejerk reactions like this one. In fact it's a flexible and general tool that can be used for many purposes. For example, you can use it to do sensitive operations on a computer compromised by malware. Games can use it to kick out cheaters. Things get especially interesting when you throw Bitcoin in the mix. It makes feasible autonomous agents, a form of evolutionary AI in which programs maintain their own wallets and rely on trusted computing technologies to protect them from potentially malicious humans who want to steal their money. You can also use it to make sensitive financial platforms like exchanges more secure against hackers. The actual cryptography needed to move money can be done inside the secure world with the root keys being held in the TPM chip. The secure code (PAL) verifies and sanity checks the requested operations. Even if the host machine is completely rooted and starts submitting false orders, it can only submit requests to the secure subsystem, it can't directly steal the money.

Remote attestation is useful any time somebody might want to trade or interact with you but have some assurances around how your computer may behave. DRM was one of the original driving motivations indeed, but even here the way the system works is not "evil" in any sense unless you have a truly warped idea of human relations. The technology lets you prove to some online store that you will follow the rules around using the stuff you're buying - like not simply uploading it to a file sharing network. But if you don't find the terms that store requires acceptable, you just don't shop there: they can't actually force you to run any software or put your computer into any particular state. In other words it lets you prove you are doing what you said you'd do, alternatively, it is designed to make it hard to lie - just a mechanical way to enforce contracts. Unless you're routinely in the habit of defrauding people you enter into contracts with, such a capability should not concern you. And the standards are completely open. You can run such an online store on your own Linux box in your bedroom if you like - there's nothing that tips the playing field in favor of Microsoft or other companies (which is why Bitcoin agents can use it).

I wonder how many of these were generated early on and are being hoarded by the early adopters.

Probably most of them. In the early days of Bitcoin, the amount of computation needed to generate a Bitcoin was orders of magnitude less than it is now, and the number of Bitcoins that could be generated per unit time was higher. More than half of the Bitcoins in existence were generated prior to the end of 2009. The system has a huge early-adopter bias built into it.

Bitcoin generation is competitive; the compute load required to generate a Bitcoin is automatically adjusted about once a month based on the number of Bitcoins generated in the last time period. The originator of Bitcoin is still anonymous, and being the first adopter, generating coins with no competition, probably holds many of those cheap-to-generate Bitcoins.

But they can't cash out without crashing the market. The total daily transaction volume in Bitcoins is roughly that of a big supermarket or two. Most of that volume is between traders; actual goods and services sales are tiny.

That's the real problem with Bitcoin. As a currency, it went nowhere. It was supposed to compete with PayPal. Instead, it's mostly a speculative vehicle. By now, one would think that there would be games, music stores, and app stores using Bitcoins, just as a convenience for small transactions. Didn't happen.

(Anyone remember CyberCoin? DigiCash? Beenz? Didn't think so.)

So if I were a producer or buyer of bitcoins, a solid futures market would be of great interest.

Who said that ICBIT is 'solid'? You cannot even find information about the company here: https://icbit.se/

Looking here: https://en.bitcoin.it/wiki/ICBIT, we see:

"Technically ICBIT is not an exchange since it does not act as a central counterparty. According to their website users are fully exposed to counterparty risk from other traders whose identities are concealed from them; the exchange does not pledge its own assets to back the other side of a customer's position. Traders are not allowed to conduct background or reputation checks of any kind on these anonymous counterparties."

So how "solid" is this, and who would use it?

ICBIT here: https://icbit.se/margincall says this:

"In the worst case scenario, your profit is always limited by ability to pay of counterparties to your contract. We do our best to resolve such situations before the particular user goes bankrupt, but if that happens, your profitable position will be closed (at a very good price for you!) and you would need to reopen it again."

...which I believe means that your return on investment is not guaranteed and instead of being paid fully on the result of a contract which is highly profitable in your favour, they will limit the profit to the ability of the other agent to pay. So there is a limit to the value on your contacts and if others take advantage of this, they can limit their risk while maintaining high risk for yourself. Im not a professional in this matter, but it seems to me that there is a serious flaw in this trading system.

Well, non-dividend paying stocks are pretty similar. If everyone tried to sell at once then the value would hit zero if investors are rat fleeing from a sinking ship. Conversely, if it's a computer glitch (e.g. a news site inadvertently posts that an airline went bankrupt), then the price falls by 15% or so and quickly shoots back up. Most often, when everyone sales, it's because it's a buyout and generally that's at a ~40% premium over market value.

I don't use BitCoins myself, but apparently many retailers and individuals accept them as payment. Taxes are paid in the standard currency of a specific government, so that's a unique case. I can't pay US taxes in yen, and I doubt Russia would accept taxes in pounds. Apparently you can buy food with bitcoins. I was rather surprised at what-all you can buy with bitcoin.

BTW, you can't tell something's a bubble until it pops. If you have a better method then I encourage you to test it on the stock market. Your keen insight will allow you to make a killing. Or at least that's what investors are doing on a somewhat consistent basis, hence why they have money to invest.

How is this [Open Transactions] different from bitcoin contracts? https://en.bitcoin.it/wiki/Contracts

I'm not quite sure where to start. They're completely different concepts. Bitcoin contracts, like the assurance contract or an escrow contract, are ways to use the Bitcoin protocol to create transactions which are only valid under certain conditions—when enough money has been collected from a variety of different inputs, or when two of three stakeholders (payer, payee, arbiter) sign off on a transfer, etc. All the data about the transfer is public, integrated into the block chain, and traceable to particular pseudonyms (public keys). Keeping track of how many bitcoins are associated with each key requires a complete record of the history dating back to the first block (gigabytes and growing).

Contracts in Open Transactions can be anything; they're basically human-readable text with semantic tags for computer parsing, identified by a cryptographic hash. Generally for currency contracts they would take the form of an agreement to pay a certain amount of BTC, USD, or some other commodity on demand. You could also have bond contracts, shares in a company, etc. A triple-entry accounting system ensures that all you need to prove who owns what is the receipt for the last transaction, signed by payer (authorizing payment and approving new balance), payee (accepting payment and approving new balance), and issuer (confirming sufficient payer funds and approving changes in balances). Payer and payee get different receipts from the issuer, of course, since they don't need to see each other's balances.

The system supports direct transfers (payer communicates with server), cheques (payer signs transfer and designates payee, payee submits transfer to the server), invoices ("negative cheques", requests for payment), and vouchers (like cashier's checks). All these forms of transfer leave a record of some sort.[1] OT also supports "cash", where you create a random token, "blind" it so that the server can't see the value, and have the server sign it (for a cost). You can then give that token to someone else, and they can deposit it with the server for credit in their own account. Once deposited, the server can see the value of the token to prevent double-spending, but can't connect the deposit with the previous withdrawal since didn't see the actual value until it was deposited. The token could have come from any previous withdrawal in that denomination (within a set time; the tokens do expire, and need to be periodically renewed).

OT also supports "smart contracts", which are programs which govern transfers. Assets can be transferred into the contract, and the program decides what happens to them after that. They can be used for implementing escrow and assurance contracts, enforcing company by-laws, or any number of other arrangements.

Because you only need to keep the most recent receipt, Open Transactions does not require anyone to store the complete history of every account, which implies much lower disk, RAM, and network requirements, and more effective pseudoanonymity compared to the Bitcoin block chain, even without dealing in cash tokens. In cash-only mode, given a reasonable amount of background noise to hide in, even the issuing server would have a hard time connecting payers with payees. Transfers are also instant, without the wait for confirmations required for Bitcoin. The downside, of course, is the requirement to trust the issuer.

[1] Vouchers need not record the payee if the voucher is open-ended (no designated payee) and the server supports converting the voucher directly into cash tokens without an account. It may also be possible to mask the payer by converting a cash deposit directly into a voucher. Either way, at least one side has to use cash to avoid associating both payer and payee with the voucher. The voucher could also be traded directly, but that exposes the recipient to considerable risk of double-spending.

How is this different from bitcoin contracts? https://en.bitcoin.it/wiki/Contracts

I'm not sure which story is more funny, to be honest

What this means, practically speaking, is if the currency were ever widely-adopted, due to limited supply, the price will become so high that most people won't be able to afford them in any quantity, if at all. It also means that microtransactions aren't possible: You can "break" a $20 bill. You can't break a bitcoin.

I believe you're mistaken about the divisibility of bitcoins, see here:
Bitcoin Myths

This article show a great deal of pro Bit Coin bias. Sever farms for generating coins may not be common yet, but bot nets are already an issue. However the real stickler point that the Legal Council is trying to get acknowledged in my opinion is the point of Exchange. In this case the point of Exchange from Bit Coin's to USD. (e.g https://en.bitcoin.it/wiki/MtGox )

For now you can stay anon as long as your jacked in the system and buying goods that people will exchange for Bit Coins (I've personally never been on a website that accepts them, but I may not be paying attention). But the moment you want to trade with someone outside the system you will have to report that exchange to the proper authorities. I think the acknowledgement that BitCoin does have an issue where legal entities can require all sorts of gating protocols at the boarder points is at least worth debate.

just like cash, the only way to trust a transaction is when you implicitly trust the other party.

Wait, that's not right. Most forms of payment today (credit cards, paypal, even ACH) are quite reversible. That means that if you are trying to sell something you have to trust the buyer not to take their money back. If you're a buyer it means you need less trust in the seller. However, this is a problem because typically sellers are well known and have developed a trusted brand, whereas buyers have not, so it's much easier for a buyer to judge the trustworthyness of a seller than the other way around. This fact is the foundation of an entire industry of risk analysis firms which simply aren't needed if you sell for cash. And it's not theoretical. My brother had a laptop stolen from him because he didn't understand how reversible PayPal is, and there are professional scammers who exploit that.

With Bitcoin, if you sell you don't need trust in the buyer. OK, so what about buyers? Well, if you trust the seller, you can just send them the money. For big, trusted brands that's nice and cheap - everyone wins. If you don't trust the seller then you can use escrow - except that as we've seen, big online wallets tend to become targets for hacking. The Bitcoin system anticipated this problem years ago and the protocol supports dispute mediation techniques that prevent the mediator from stealing the money, which obviously also means you don't have to worry about them being hacked either. It's not fully implemented today (no GUI), which is unfortunate, but these things will come with time.

Escrow involves trusting a third party. That adds risk.

Regular escrow with physical goods requires a fully-trusted third party, because someone has to hold the goods. Escrow with Bitcoin (or whatever you prefer to call it; it serves the same purpose) can use multisignature transactions for that purpose, preventing unilateral action on the part of the arbiter, and you can stick to pseudonyms if you wish. If you want third-party arbitration you'll obviously need to trust that the arbiter is impartial, and provide evidence to support your case, which may well reduce your anonymity.

Multisignature transactions are being implemented, but I don't see that N of M transactions are.

My understanding is the N-of-M transactions with independent private keys and signatures are supported by the protocol (via the CHECKMULTISIGVERIFY operation), but lack a convenient interface in the GUI of the official client. It is possible to generate them with other programs and upload the transactions manually. The system I described is detailed on the Contracts pages on the Bitcoin Wiki.

If all else fails, standard cryptographic techniques exist for splitting a private key into several parts, a subset of which are required to reconstitute the original key, and these techniques can be applied to Bitcoin private keys.

Especially if those geeks and survivalists are into buying black tar heroin!

I'll take that in the spirit of a joke, but if you don't realize it, you really can buy all sorts of things directly with BTC.

I've personally spend almost a grand (USD equivalent) in direct BTC transactions over the past year, and haven't bought a single illegal item. You can buy food, guns (despite all the media frenzy around guns, private otherwise-legal firearms sales don't break any federal laws, regardless of what currency you use - Though your state may have more offensive limits to your 2nd amendment rights), precious metals, register domains, web design services, contract coding, an assortment of hosted solutions, "fremium" in-game perks, "human"-powered search engines... And you can buy almost any physical-product used via a variety of CraigsList/eBay-like sites...

Check out the Trade section of the Bitcoin FAQ - And that list completely excludes illegal products.

Well, I'll slashvertize my game: Dragon's Tale is a gambling MMORPG where every physical object in the world is a different sort of novel gambling game. Some are skill based, some pure luck. It's like Disney World for gamblers, and it accepts *only* Bitcoin. I'm also the designer of A Tale in the Desert, a game that's been covered on Slashdot and pretty much every major gaming site (back in the day - it was released in 2003) and is pretty highly regarded.

So now you know of two places that use Bitcoins. Oh, and if you look here you'll find several thousand more. (But I suppose then you could no longer say "I've yet to read about...")

You would be paying 343 satoshi.

See the wiki:
https://en.bitcoin.it/wiki/Vocabulary

Satoshi
        The base unit of Bitcoin (0.00000001 BTC) is sometimes called a Satoshi, after Bitcoin's creator Satoshi Nakamoto.

Wasn't the whole point of Bitcoin for it to be anonymous, like cash?

No. The main points of Bitcoin are (from bitcoin wiki):

        Bitcoins are sent easily through the Internet, without needing to trust any third party.
        Transactions:
                Are irreversible by design
                Are fast. Funds received are available for spending within minutes.
                Cost very little, especially compared to other payment networks.
        The supply of bitcoins is regulated by software and the agreement of users of the system and cannot be manipulated by any government, bank, organization or individual. The limited inflation of the Bitcoin system's money supply is distributed evenly (by CPU power) to miners who help secure the network.

Irreversible transactions aren't necessarily a good thing. Put the wrong part in your cart and checked out? Too bad, it's irreversible. No canceling that order!

Well bitcoin doesn't support chargeback, but simmilar effect can be done using contracts. From https://en.bitcoin.it/wiki/Contracts:

Escrow and dispute mediation

A buyer wants to trade with somebody he doesn't know or trust. In the common case where the transaction goes well, the client doesn't want any third parties involved. If something goes wrong though, he'd like a third party to decide who gets the money - perhaps a professional dispute mediation service. Note that this concept can apply to either buyer or seller. The mediator might request proof of postage from the merchant, for example.

In other words, one wants to lock up some coins so a third party has to agree in order for them to be spent:

        Agree with the merchant on a dispute mediator (e.g., ClearCoin).
        Ask the merchant for a public key (K1). Ask the mediator for a public key (K2). Create a new key for yourself (K3).
        Send the merchant K2. The merchant challenges the mediator with a random nonce. The mediator signs the nonce with the private form of K2, thus proving it really belongs to merchant.
        Create a transaction (Tx1) with an output script as follows and broadcast it:

2 <K1> <K2> <K3> 3 CHECKMULTISIGVERIFY

Now the coins are locked in such a way that they can only be spent by the following methods:

        Client and the merchant agree (either a successful trade, or merchant agrees to reimburse client without mediation)
        Client and the mediator agree (failed trade, mediator sides with client, like a charge-back)
        The mediator and the merchant agree (goods delivered, merchant gets client's coins despite the dispute)

When signing an input, the contents are set to the connected output. Thus, to redeem this transaction, the client creates a scriptSig containing zeros where the other signature should be, signs it, and then sets one of the slots to his new signature. The partially-complete transaction can then be sent to the merchant or mediator for the second signature.

Western Union is not a dispute mediator. If they were, they wouldn't be the tool of choice for Nigerian scammers would they? They offer rapid international cash transfers with no questions asked, that's pretty much their business model.

You can have low-trust dispute mediation with Bitcoin, by the way. The way it works is you send coins to a 2-of-3 output. The keys are yours, the sellers and a mediators. If you and the seller agree the transaction was good, you both sign a transaction sending the coins to the seller. If there is a dispute the mediators key is used to break the tie. The mediator/escrow agency never has the ability to spend the coins so they aren't a particularly attractive target for hacking. Technical details are on the wiki, along with many other interesting possibilities the Bitcoin protocol makes possible. It isn't fully implemented today (it can be done with command line tools but isn't user friendly), but this will come with time.

Well, and other things too.

1. 1.Encrypt it using a super strong password that you'll never forget.
2. 2.Encode it inside the Bitcoin Blockchain

There was one major integer overflow in bitcoin that allowed a transaction to generate billions of new bitcoins. The network was resilient enough to abandon the original block number 74638. Assuming pool operators were notified soon enough a similar rollback would work in the future as well. It would have to be within a few blocks of the bad transaction or there would be a huge loss to people who performed legitimate transactions in the interim (or the client could just be patched to completely ignore the specific bad transactions and keep the original blockchain, but that would probably be less preferable in the long run).

Towards a point, perhaps. Time-wise, indefinitely. Bitcoin-wise, up to an unreachable limit of about 21 million.

I suspect you were trying to be funny, but you can actually do that.

https://en.bitcoin.it/wiki/Paper_wallet

https://en.bitcoin.it/wiki/Anonymity tl;dr Bitcoin transactions are not anonymous without substantial care in their execution. That being said it's unlikely the theif will be found unless they make a major slip-up.

this is the first time I remember bitcoins actually being used to purchase real world goods in an online shop/i>

Then you're an idiot. Or sadly ignorant.

https://en.bitcoin.it/wiki/Trade

2 Currency exchanges

2.1 Real-time Trading
2.2 Fixed rate
2.3 Gift/Debit Cards
2.4 Precious & Base Metals/Coins
2.5 Local/In-Hand Exchanges
2.6 SMS/Phone billing

3 Bitcoin eWallets

3.1 Bitcoin Banking and Ewallets

4 Bitcoin payment systems
5 Internet & Mobile services

5.1 Bitcoin-related
5.2 Connectivity
5.3 Design
5.3.1 Creative
5.3.2 Web
5.3.3 Art
5.4 Web Hosting
5.5 Dedicated/Virtual Server Hosting
5.6 Domain Name and DNS Hosting
5.7 E-Mail
5.8 VoIP/SMS
5.9 Security Services
5.10 Mobile App Development
5.11 Productivity
5.12 Other

6 Online products

6.1 Cloud Providers and Services
6.2 Software
6.3 Education-related Software
6.4 Games
6.5 Graphic design
6.6 File sharing
6.7 Music
6.8 Virtual Art
6.9 Digital Downloads
6.10 Entertainment/Books/Magazines
6.11 Social Media/Aggregators

7 Material / Physical Products

7.1 Superstores
7.2 Games
7.3 Classified
7.4 Marketplaces
7.5 Auction sites
7.6 Gift Cards
7.7 Toys, Games and Hobbies
7.8 Clothing and accessories
7.9 Home
7.10 Electronics
7.11 Consumable
7.12 Books
7.13 Music
7.14 Art and Artwork
7.14.1 Collage / Mixed Media
7.14.2 Comics
7.14.3 Paintings
7.14.4 Photography
7.14.5 Post cards
7.15 Art Production
7.15.1 Musical Instruments
7.15.2 Painting
7.16 Gift articles
7.17 Craftwork
7.18 Collectables
7.19 Car Accessories
7.20 Bitcoin promotional articles
7.21 Game accessories
7.22 Beauty products
7.23 Chemicals

the whole lot collapsed and really hasn't recovered

You have a very interesting definition of "collapsed", considering that the current market price and trading volume have both increased by a factor of five or more over the past year. Note that the price increased by this much despite the fact that the supply of bitcoins grew by over 40% during the same period. There was a brief speculative bubble which peaked around $30, followed by a sharp correction, but the overall trend remains overwhelmingly positive.

This growth isn't entirely due to speculation, either; the range of products and services you can buy directly with bitcoins is increasing steadily, and includes web hosting, virtual servers, electronics, food, clothing--even real estate. Have a look at the Trade page on the Bitcoin Wiki for a partial, but still extensive, list of participating merchants.

Bad decisions were made. If you have ever had to deal with PCI DSS certification then you know what the credit card processing companies expect of their merchant customers. Now imagine the standards the credit card companies themselves try to adhere to. Some developers using BitCoin need to think about the security Big Picture before creating infrastructure for their projects/businesses. Keeping a BitCoin wallet containing thousands of BTC on a little cloud server is not wise.

Having said that, there is a solution in the pipe to help with this problem. Gavin Andresen, lead BitCoin developer, had his Bitcoin Faucet Linode server hacked. While only a few Bitcoins were lost he now is using this incident to support his proposal for Multisignature Transactions.

Bad decisions were made. If you have ever had to deal with PCI DSS certification then you know what the credit card processing companies expect of their merchant customers. Now imagine the standards the credit card companies themselves try to adhere to. Some developers using BitCoin need to think about the security Big Picture before creating infrastructure for their projects/businesses. Keeping a BitCoin wallet containing thousands of BTC on a little cloud server is not wise.

Having said that, there is a solution in the pipe to help with this problem. Gavin Andresen, lead BitCoin developer, had his Bitcoin Faucet Linode server hacked. While only a few Bitcoins were lost he now is using this incident to support his proposal for Multisignature Transactions.

"If Bitcoin was used at anything close to the number of dollar transactions that happen every day, the technical limitations of Bitcoin would kill it off within a week's time."

This is not clear at all. First of all, there are already designs to deal with this situation for when (not if) this occurs - they have already begun by taking the mining out of the default client (they are moving to a thinner and thinner client, which will and has to some extent culumnated in credit-card like applications for mobile devices). There are proposals for securely pruning the existing block chain and for dealing with the higher load all the way up to the size of the world economy.

2) "...The demand for Bitcoin will never exceed the demand for national currencies..."

The black market already holds its own to the deman for national currency and the black market is growing with time - it is very likely that within the next decade or two it may outpace the regulated one. With half the world's population already employed in the black market it is not much of a stretch to think that you don't need a government to back a currency, if the incentives are right for the market to protect it itself.

3) "credit is a necessary component of any economy; "

And you could say by the same metric that trade in physical goods, whether coins or paper bills have been a 'necessary' component ...until the digital banking started to take over in the 80's or so. Just because something has always been part of the economy does not mean that it is necessary. That is a correlation vs. causation error in thinking.

Mt. Gox being the only other exchange

MtGox is the only exchange bigger than TradeHill, but there are lots of smaller exchanges: https://en.bitcoin.it/wiki/Category:Exchanges

Quite simply put, no BitCoin exchange -- neither Tradehill nor Mt. Gox -- is going to be able to comply with the Bank Secrecy Act.

First, Bitcoin is pseudonymous, not anonymous. Second, the important part: while it's very difficult to positively identify who sent you some Bitcoins, the exchanges know exactly who receives them, trades them back and forth to fiat currencies, and then sends them back out. They have names and bank account numbers, or they're using fiat payment services that have bank account numbers. Know Your Customer is not a problem for most exchanges.

A 40 TB corpus has approximately 4 x 10^16 substrings of less than 1K, or 4 x 10^15 if we assume strings start on word boundaries and an average word length of 10 or less. Even if you charitably assume the whole hash/decrypt/validate process can be done in 1 ms of compute time per candidate, thats 4 x 10^13 seconds (about 1M years) of compute time. Unless Amazon has drastically lowered their prices, I don't think you'll be getting that for $150...

And in ten years, it will only be a thousand years of compute time using your numbers. Ten years later, only a year. Do your secrets only need to last 20 years? I would also remind you of GPU password cracking where billions of cryptographic primitives per second per card is not unusual. Assuming a thousand salting/setup primitive operations per passphrase (a bit lower than my preference for LUKS, but I've seen plenty of software with fewer iterations) would drop your estimate to 1000 GPU-years for an attacker to mount an attack today. Just pay some down-and-out bitcoin miners to put their now-overpriced rigs to use.

I admit that I underestimated the dollar amount for a well designed cryptosystem with iterated salting during key setup for dramatic effect. Taking some basic numbers from the bitcoin folks, it looks like a GPU cryptographic primitive (sha256 or ripemd160) costs around 1e-6 Joules. 4e16 substrings times 1000 primitives costs 4e13 Joules, or about 11 megawatthours, or about <pinky>1 million dollars</pinky>. However, there are probably many redundancies in the 40 TB database and it could be ordered by those redundancies to search through the more common space of text with shorter substrings first making it more likely to find weak passphrases quickly. For a weak cryptosystem where a single cryptographic operation suffices to test a passphrase I was only an order of magnitude off.