Bitcoin Blockchain Forked By Backward-Compatibility Issue

New submitter jhantin writes "The Bitcoin blockchain has forked due to a lurking backward-compatibility issue: versions older than 0.8 do not properly handle blocks larger than about 500k, and Slush's pool mined a 974k block today. The problem is that not all mining operations are on 0.8; blocks are being generated by a mix of several different versions of the daemon, each making its own decision as to which of the two forks is preferable to extend, and older versions refuse to honor or extend from a block of this size. The consensus on #bitcoin-dev is damage control: miners need to mine on pre-0.8 code so the backward-compatible fork will outgrow and thus dominate the compatibility-breaking one; merchants need to stop accepting transactions until the network re-converges on the backward-compatible fork of the chain; and average users can ignore the warning that they are out of sync and need to upgrade." Turns out there's an approximately 512K limit to atomic updates in Berkeley DB which were used by versions prior to 0.8. 0.8 uses a new database, allowing blockchains that old versions won't accept to be created.

Old news.

[NettiWelho]

640K would have been enough for everyone.

Re:Old news.

Dont use Bill Gate's lines

Re:Old news.

[therealkevinkretz]

I meant to mod this as "funny" but I clicked "overrated" by accident so I'm posting a reply to negate my mod.

Re:Old news.

[UnanimousCoward]

TMI :-)

Re:Old news.

You were right the first time, this comment hasn't been funny for about 20 years, and by many accounts Gates never even said it.

Re:Old news.

Dont use Bill Gate's lines

He didn't. Bill Gates never said that.

Re:Old news.

[ultrasawblade]

Beating a dead horse 640 times should be enough for everyone.

Re:Old news.

Dont use Bill Gate's lines

It's not Bill Gates' line.

Re:Old news.

You laugh, but some of the developers, the lead developer Gavin, and another core developer Mike Hearn, are pushing really hard to get the current 1MB limit (7 transactions/second) on blocks lifted so Bitcoin can directly scale to VISA-like volumes.

Never mind that Bitcoin is inherently an unscalable O(n^2) network - every transaction has to be broadcast to every node - and the issue they ran into was also a problem scaling. Mike's solution is to just throw thousands of dollars worth of hardware at the problem. Never mind that for Bitcoin *any* issue the means that some nodes can process a large block, and some can't, turns into the same hard-fork we just saw. Never mind that it will make Bitcoin centralized, and lead to perverse incentives for large miners to attack smaller ones.

You'd think they'd say "OK, hold on, how about we just use ways to transfer funds that don't have to go into this shared state ball of mess?" but no, they're desperate to take the easy way out at any cost.

I really wonder if my Bitcoins will be worth anything in a few years.

Re:Old news.

[TheRaven64]

I first heard that in the '80s, but the quote then was '64KB ought to be enough for anyone' and was a (somewhat tongue-in-cheek) comment by Gates about one of the hard limitations in Microsoft BASIC. So, I'm quite prepared to believe that he is entirely sincere when he claims not to have said '640KB ought to be enough for anyone'.

Re:Old news.

[DamnStupidElf]

Never mind that Bitcoin is inherently an unscalable O(n^2) network - every transaction has to be broadcast to every node

It may be possible to store the block chain as a distributed hash tree such that each node is responsible for maintaining its own transactions and a portion of the block chain. This would reduce the storage requirement to O(n*m) where n is the total number of transactions and m is the average number of addresses that appear in a transaction. Communication would also be reduced to O(n*m) because only nodes responsible for the addresses in a transaction would be responsible for checking and approving the transaction. The block chain itself would just be a merkle-tree of hashes of nodes' own block chains. Double-spending would be prevented by transactions incorporating the last hash of each responsible node's block chain so that an individual block chain exhibiting double spending would not be signed into the merkle tree. It would be possible for the history of particular coins to be lost but the overall hash tree would guarantee that at the time of a transaction all balances (including historically lost ones) were valid. Still, not being able to validate the entire economy could be a fairly large weakness. There wouldn't be a hard requirement that nodes could only store certain addresses, so it's entirely possible that some nodes would still try to collect and maintain the entire history. That would only add O(n*p) communication and storage where p is the number of full "archive" nodes. Of course then it wouldn't really be bitcoin anymore, but it might be possible to rebuild the existing block chain into such a structure while retaining the current mining payouts and total number of coins.

I really wonder if my Bitcoins will be worth anything in a few years.

Something, because there will always be some core of crazy people running miners and keeping the difficulty just high enough that it's not worth it to mine as many bitcoins as you want in the original chain. That value will probably be the cost of the electricity to run whatever the last ASIC miner produced is, at least before general purpose GPUs become more powerful than ASICs.

Re:Old news.

You obviously don't hang out on IRC with the developers. DHT's come up so often and are such a bad idea that the term coming up at all in a conversation is considered an inside joke. "Oh I know, lets add a DHT to it!"

Long story short, if you share the set of unspent transaction outputs in a DHT you have to trust every other computer in the network to actually return the DHT data when requested, or you suddenly you can't validate a block. This opens Bitcoin up to dangerous DoS attacks against miners, as well as network forks and other problems.

It's a total non-starter, although a common "newbie" idea.

Re:Old news.

[IamTheRealMike]

Is that you Peter? :) I don't know anyone else who would describe the system like that.

Bitcoin is not an O(n^2) network. The total work done by the core nodes is "number of nodes multipled by number of transactions" - that is two very different quantities. It doesn't help the argument to abuse formal notation like that.

Pieter reported today that his optimized secp256k1 implementation can reach 20,000 signature checks per second on a single core. That is a lot better than the generic OpenSSL code was able to manage. Bear in mind that although it sounds scary, all of VISA is only about 10,000 transactions per second. So even if we're generous about our assumptions on number of inputs, CPU load would barely stress a single core. Today. With existing hardware. Disk IO will be the bottleneck for the forseeable future, but we're talking about a working set of a few hundred megabytes today. Even with an order of magnitude growth the entire thing fits in RAM on my puny laptop. And with two orders of magnitude growth it still fits on a pretty average dedicated server.

But Bitcoin will not reach VISA traffic loads today, or this year, or even this decade. By the time it does, dedicating one single computer to being a node will seem a completely trivial investment in order to have full security on the worlds financial system, because let's face it, if Bitcoin is processing tens of thousands of transactions per second then it's well on its way to being exactly that.

Ultimately, Bitcoin is growing fast and will scale up. That is what Satoshi wanted it to be, that is what most of the people actually creating businesses and writing lots of code also want - so if you think that'll make your coins worthless in a few years, I will happily buy them off you.

-Mike Hearn

Re:Old news.

No, I'm a different guy, but yes it was retep's posts that convinced me that Bitcoin is an O(n^2) system. I am also convinced by his posts about the need to preserve anonymity which is why I reject the argument that having just a few validating nodes is OK.

Notice how I'm posting as an anonymous coward? I consider my finances to be private.

Re:Old news.

[IamTheRealMike]

Who said anything about having just a few validating nodes? If Bitcoin ever gets as big as the major card networks there will probably be tens of thousands of nodes, probably even more. The internet scaled to a billion people using backbone routers that use a floodfill network and a single global routing table. Maybe the guys who built the backbone should have just given up and said the masses can stick with AOL?

Re:Old news.

Um no. It would be n^2 if every node had to broadcast to every other node. This is not how bitcoin broadcasting works. You broadcast to your neighbors and they broadcast to their neighbors. It's actually constant time for each node (given a constant number of peers), although the total propagation time will increase logarithmically with the number of total nodes. Still, a far cry from n^2 behavior.

Re:Old news.

[Binestar]

Hint from an old fogey, no one needs to know you mis-moderated. Just post a relevant post later in the thread and pretend it never happened.

Re:Old news.

[retep]

Sigh, I was hoping that guy had remembered enough of my posts to quote my rebuttal to that argument - I guess I'll have to add the link myself.

Re:Old news.

[retep]

He's talking about O(n^2) space, not propagation time.

Re:Old news.

[DamnStupidElf]

Long story short, if you share the set of unspent transaction outputs in a DHT you have to trust every other computer in the network to actually return the DHT data when requested, or you suddenly you can't validate a block. This opens Bitcoin up to dangerous DoS attacks against miners, as well as network forks and other problems.

First, there have been fairly successful experiments preserving a DHT on a set of unreliable nodes using (n,m) error correcting codes to store multiple fragments of blocks on different nodes so that the DHT itself can survive a ratio of up to n-m out of n nodes leaving the network. Most likely the bitcoin block chain is too large and too fragile to do that effectively without choosing n so large that calculating the error correction codes would be too burdensome or m so low that you get nearly O(N^2) behavior anyway. Leaving the storage of transactions up to the nodes that care about them makes sense in this case.

Second, it's not necessary to keep the entire merkle hash chain in the DHT and in fact only the path from the current root down the branch to the original leaf is necessary to validate the entire tree with a proof of work at each level and can be stored by each node. It's just as easy to DoS miners by preventing them from receiving the latest blocks and pending transactions. Nodes that want to complete transactions have to do the work of getting their pending transactions to miners in the current protocol. It shouldn't be too much of a burden on those nodes to also provide their own transaction history to the miners.

Something I didn't think about long enough was the ability to prevent double spending; it's necessary to build an index of the most recent withdrawal from a given address (at least, although an index to the most recent transaction would work too) and each transaction must include the hash of the immediately prior transaction so that no transaction can be dropped from the hash tree. This can be accomplished by keeping a b-tree index of the hash blocks pointing to the most recent transaction ordered by address and only storing the newly required blocks of the b-tree in the hash block chain. Each b-tree block will be hashed into the merkle tree block chain to validate it. Addresses which don't appear in the index are assumed to have a zero balance. The b-tree index should take roughly O(n log n) in the number of addresses ever used, and lookups should be O(log n), and again the node that cares about an address will have an incentive to store the necessary index blocks or else risk having a zero-balance address. Because an address owner relies on the entire branch from the root of the index to its last-transaction pointer all nodes will care about and keep the root index entry, most will care about the second level, etc.

Re:Old news.

(Not the original AC here)
> Pieter reported today that his optimized secp256k1 implementation can reach 20,000 signature checks per second on a single core.

I have been following this some: https://github.com/bitcoin/bitcoin/pull/2061 It looks like Gavin is opposed to including it. Also, on average each transaction requires something like 8 signatures on average, since there is one signature per core.

It's already hard to have a single high power computer keep up on Bitcoin. I stopped running it and switched to a webwallet a few months ago. The comments here have me concerned.

Re:Old news.

[tolkienfan]

I just gave you a -1 overrated.

Damn!

Re:Old news.

I think it's a safe assumption that number of transactions 't' will always be less than number of nodes 'n' and that the network will scale like O(n^2). And no, this isn't Peter.

Re:Old news.

The total work done by the core nodes is "number of nodes multipled by number of transactions" - that is two very different quantities.

Both the number of nodes and the number of transactions are proportional to the number of users.

Re:Old news.

Long story short, if you share the set of unspent transaction outputs in a DHT you have to trust every other computer in the network to actually return the DHT data when requested, or you suddenly you can't validate a block.

Is "long story long" available somewhere? I'm not familiar enough with the problem domain to follow the reasoning here. What is it about block validation that is incompatible with techniques for fault-tolerant distributed hash tables?

Ooh, exciting!

[fuzzyfuzzyfungus]

Why achieve 'consensus' when we could let the fork fester, and have two virtual currencies floating wildly against one another as well as USD?

In fact, why not introduce Bitcoin-0 through Bitcoint-Aleph and let them fight it out? I'll bring popcorn!

Re:Ooh, exciting!

[0100010001010011]

The nice thing about standards is there are so many to choose from.

How much time did this take? How much electricity was spent 'mining' ~$150 worth of BTC?

Re:Ooh, exciting!

[BrokenHalo]

...and have two virtual currencies floating wildly against one another as well as USD?

Are you implying that the USD isn't a virtual currency after all?

Re:Ooh, exciting!

[fatphil]

What I don't understand (not that I researched it much) is how someone can do the work, get the reward, and then have people take the reward away from him. If they can kill this leaf node, they can kill any leaf node. This surely makes it the most fragile fiat currency ever invented?

Re:Ooh, exciting!

[fuzzyfuzzyfungus]

I tend to think of fiat currencies as being on the 'lead standard', with their reality largely measured by how many guys with guns are available to uphold them. USD, among others, passes the test.

Re:Ooh, exciting!

[Tridus]

Currencies are as real as your ability to spend them. By that standard, USD is very real and Bitcoin is not.

Re:Ooh, exciting!

Like all currencies, all it requires is consensus. If a large enough percentage of people stopped accepting the Euro tomorrow, it would be just as dead.

The operating difference here is that for a real currency, that would be infeasible. (In fact, you can go ahead and use that as a definition for "real currency" if you want: one in which it is infeasible to just decide not to believe in it). For Bitcoin, though, you can get a sizable percentage of the network together on one internet forum filled with paranoid libertarians.

Re:Ooh, exciting!

[bluefoxlucid]

The Lead Standard: Their value drops like a lead brick when inflation and interest happen.

Re:Ooh, exciting!

For what definition of "spend"? I thought Steam accepted bitcoins. Does that not count, or did they remove that ability?

Re:Ooh, exciting!

No, Steam never accepted BitCoin; I don't know where you got that from.

There was some reseller that would sell Steam codes for BitCoin; you would pay him and he would buy a Steam game with dollars and then gift it to your account. I don't really know what the point of that was supposed to be, or if it's still a thing.

Re:Ooh, exciting!

[DrXym]

Just to get the ball rolling...

Post 0.8 users - if you fuck over the people on the earlier bitcoin format, the value of your bitcoins effectively DOUBLES!

0.8 and prior users - if you fuck over the people on the later bitcoin format, the value of your bitcoins effectively DOUBLES!

Just ask yourself what Ayn Rand would do in the same situation.

Re:Ooh, exciting!

[bondsbw]

I don't see a problem with multiple virtual currencies. In fact, if virtual currencies ever come to dominate traditional currencies, I would not want a single virtual currency to exist.

Like anything that deals with economy, diversity brings strength. Relying completely on a currency that is a major exploit away from bringing down the global economy would be a disaster waiting to happen.

Re:Ooh, exciting!

[tompaulco]

How much electricity was spent 'mining' ~$150 worth of BTC?
At a guess, around $20.

Re:Ooh, exciting!

[Impy+the+Impiuos+Imp]

Probably a lot less energy than banks spend shlepping around wads of checks and bills.

Criss-cross!

Peter, that doesn't fit there.

It's just been what she's having...

Re:Ooh, exciting!

Do you fucking morons really not realize that some people did the math already? Mining is profitable, otherwise we wouldn't do it. It's getting harder and harder but now ASICs are coming out which mine a lot more BTC than you need to pay electricity with.

Re:Ooh, exciting!

[julesh]

Just ask yourself what Ayn Rand would do in the same situation.

Die in penniless poverty while dependent on the state to provide basic income and medical facilities that are necessary to maintain her life, all while maintaining that such a system is inherently evil? It's what I like to think of Ayn Rand doing in *any* situation.

Re:Ooh, exciting!

[cant_get_a_good_nick]

Bitcoin cash: $150

Electricity spent mining cash: $20

Breaking everyone's favorite geek currency: Priceless

Re:Ooh, exciting!

[DogDude]

It's called "society". Billions of us all have to live together, and to do so well, we need to agree on a common method of exchange. Your silly "men with guns" strawman is patently silly, and is the result of a serious lack of understanding about society at large.

Re:Ooh, exciting!

No, Steam never accepted BitCoin; I don't know where you got that from.

There was some reseller that would sell Steam codes for BitCoin; you would pay him and he would buy a Steam game with dollars and then gift it to your account. I don't really know what the point of that was supposed to be, or if it's still a thing.

interesting, can you post more details? I mean - how do I buy games with bitcoins?

Re:Ooh, exciting!

[LordLimecat]

If you look at the history of the USD vs the history of Bitcoin, I think you might learn something regarding which is actually more volatile.

Hint, the USD does a dip like this every couple of decades. Bitcoin seems to have a record of doing it every 9 months or so.

Re:Ooh, exciting!

The definition of spend is pretty simple. This is just trading a currency for something else. BitCoins don't work for that today. I can't go to McDonald's and spend them, I can't go to WalMart and spend them, I can't use Amazon and spend them - because they aren't a real currency yet.

Re:Ooh, exciting!

Whats inconsistent about that? The state takes a bunch of your wealth your entire life, you might as well get something out of it.

Re:Ooh, exciting!

[RMingin]

Actually, you didn't RTFA. Only one block is in dispute, all other blocks remain valid for both groups. Also, 0.8 is post behaviour, not pre.

So;

0.8 and later users - If you fuck over the people on the earlier bitcoin format, the value of your bitcoins effectively remains exactly the same!

Pre 0.8 users - if you fuck over the people on the later bitcoin format, the value of your bitcoins effectively increases by a very small amount, less than 1 percent!

Far less exciting. Sorry to burst your rant bubble.

Re:Ooh, exciting!

[Kichigai+Mentat]

Well, to be fair, it's not so much a strawman so much as it's a question of which society is dominating the other. Kind of like mob territories and "encouraged" purchases. Not that I'm saying anything you've said is wrong, but we have a pretty functional society today, and the mob still exists.

Re:Ooh, exciting!

[Kichigai+Mentat]

But the problem is that in this case diversity isn't bringing strength. There needs to be some kind of leader to prove the viability of the currency, otherwise no one will have faith in the idea of a cryptographically-backed currency.

Re:Ooh, exciting!

You are excessively lazy. You've clearly never even done research into this issue, and yet you spout off like you know the answer ahead of time. Here, I'll help you out:

https://en.bitcoin.it/wiki/Mining_hardware_comparison
http://www.bitcoinx.com/profit/

Re:Ooh, exciting!

Yeah, right. If it was profitable to mine BTC then the people making BTC mining hardware would operate it, not sell it.

Re:Ooh, exciting!

[sarysa]

Hi, paranoid Libertarian here. That said, I wouldn't touch bitcoins with a 10 foot virtual pole. Bad design, bad distribution method, no significant support, and doomed for endless cycles of instability.

You can be a pauliac and still think deflationary currencies are a bad idea. The true blue ones are investing in gold, not BTC. It has substance.

Re:Ooh, exciting!

[DogDude]

No men with guns are forcing anybody to pay anything in the US. Yes, you have to pay taxes with US dollars, but only if you own property, and thus would like to have all of the societal protections that government offers in order to preserve that property. If you'd like to live in a ditch and swap dead squirrels with other people, you're free to do so.

Re:Ooh, exciting!

[hash]

Where do you idiots come from? Ayn Rand didn't die in any sort of poverty, her books are STILL best-sellers on Amazon 60 years after they were first published. She never relied on the state for income (or remotely needed to) that's as much of an utter fabrication as the first ridiculous allegation. And given that she was forced to fork over hundreds of thousand of dollars in taxes to pay for (among other things, like wars) a public healthcare system, she had every right to then avail of it.

Re:Ooh, exciting!

[bluefoxlucid]

The USD isn't cyclical, except versus world currency. However, when you borrow money with interest, you need to pay back the interest. There simply isn't money to pay back the interest; we must issue new money, or more debt. Businesses borrow money, so the theory of "more labor to move money faster to pay off the debt" doesn't work--the creditors are concentrating ownership of the money, the businesses are raising prices and/or selling more product to obtain money to pay their debt, etc. Salaries increase to afford these new products and greater prices.

The value of what a $currency buys you goes down over time. Absolutely.

Re:Ooh, exciting!

[TheRaven64]

If you'd like to live in a ditch and swap dead squirrels with other people, you're free to do so.

If you do so in the USA, then the US government will still require that taxes be paid in US dollars on the transactions.

Re:Ooh, exciting!

You can spend any bitcoin in existence on both forks if they both continue. The protection against double spending only works if all clients agree which is the dominant fork. Otherwise you spend the same bitcoin at two different merchants if the merchants disagree about which fork is the right one.

Re:Ooh, exciting!

[tompaulco]

Yeah, right. If it was profitable to mine BTC then the people making BTC mining hardware would operate it, not sell it.

And yet the makers of oil, natural gas, coal, silver and gold mining equipment sell their equipment and don't operate it.

Re:Ooh, exciting!

[CodeHxr]

Currencies are as real as your ability to spend them. By that standard, USD is very real and Bitcoin is not.

I know of a couple of Mincraft server hosts that accept Bitcoins as payment.

Re:Ooh, exciting!

[osu-neko]

You can be a pauliac and still think deflationary currencies are a bad idea. The true blue ones are investing in gold, not BTC. It has substance.

Hopefully the people doing so understand that gold is a valuable commodity, not a magic metal of pure true value itself made physical. The ones who tend to think the latter are going to be hurting in a very bad way once asteroid mining becomes reality and it becomes clear to everyone that there's more gold at our fingertips than there is copper on Earth, and the price reacts accordingly. Kids born today have a good chance of seeing a world where gold wire is sold in hardware stores for household wiring. Spools of insulated gold wire, 2oz for $1.99...

Yeah, I pulling numbers out of thin air. The basic principle is right, though. Whether it's a good investment today or not depends on short term trends, but it's absolutely certain it's not a good investment in the sufficiently long term.

Re:Ooh, exciting!

[Impy+the+Impiuos+Imp]

Why is this modded down? The money or CO2 (your choice) running servers is probably several magnitudes less than shlepping around comparable financial transactions.

Or mining.

Or manufacturing.

Or printing dollar bills.

Or maybe you're the one Slashdotoid who hates Family Guy references. Stramge. I was certain that everybody had heard the word.

Re:Ooh, exciting!

I'm of the opinion that nuclear synthesis will be economically viable before asteroid mining, myself.

Of course, we have the technology right now to do both. They just aren't yet cheap enough.

Re:Ooh, exciting!

[VGPowerlord]

Probably a lot less energy than banks spend shlepping around wads of checks and bills.

Which is why banks use these things called "Electronic Funds Transfers" for most transactions. That way, no checks and bills have to be transferred.

Re:Ooh, exciting!

[Fnord666]

Your silly "men with guns" strawman is patently silly, and is the result of a serious lack of understanding about society at large.

Great, another silly patent troll.

Re:Ooh, exciting!

[0100010001010011]

> Hardware break even 5 days
> Net profit first time frame 24635.31 USD

Oh yeah, because I know a bunch of
You know what this reminds me of? All those ponzi schemes back in the 2005 time frame. You 'invested' money in various forms and then browsed only 10 websites a day and this money transformed magically on their servers into more! And you could roll it over or reinvest!

And then magically one day... they were all gone.

Re:Ooh, exciting!

[slew]

Yeah, right. If it was profitable to mine BTC then the people making BTC mining hardware would operate it, not sell it.

And yet the makers of oil, natural gas, coal, silver and gold mining equipment sell their equipment and don't operate it.

The reason that makers of traditional mining equipment sell them and don't operate them is that they don't own the rights to mining operations. Owning the rights to speculatively mine is a big-money investment game (sometimes it doesn't pan out, sometimes it does, so you need a really-big set to average that out). Every once and a while, you get a wild-cat hit, but that's the exception rather than the rule. Especially for oil, it costs $1B to build a platform, you can sell it to someone for $3B (making you a profit of $2B), or you could attempt to buy the rights to some oil field and hope for the best. If you have big-money, sure, if you only have $1B, that $2B looks pretty tempting...

On the flip-side, you can "mine" bitcoin w/o speculative investment in mining rights (just buy your equipment and attempt to figure out hashcodes). If you had to "bid" up front for exclusive rights to verify blocks of bit-coin transactions, and pay royalties back to the owner of those rights, it would be more like traditional mining. Now you can just plug in your server and hope for a few "wins" over a certain amount of time.

If traditional mining worked like bitcoin, you could just go mining for gold anywhere you felt like it and if you happened to get the gold out before the next guy, you'd win the lottery. I'm sure in that environment, you'd see people who made mining equipment think twice about selling it, but even then, it's likely they would conclude that it would be more profitable to sell the mining equipment.

As a silly historical example, it was kinda like that in the '49 gold rush (stakes or mining rights were cheap, and even if you paid for them, keeping other miners off your claim was nearly impossible, so mining rights were nearly free) the average rate of return was much better for the sellers of mining equimement than the average miner.

Re:Ooh, exciting!

[sjames]

Just what would happen if the great and powerful architect decides to go it alone? Well, the bricklayer, the carpenter, the plumber, and the electrician build some houses following the well developed rules of thumb and then go have some beers while laughing at the architect as he tries to figure out how to rivet....

Re:Ooh, exciting!

[ultranova]

Why achieve 'consensus' when we could let the fork fester, and have two virtual currencies floating wildly against one another as well as USD?

You joke, but... why not? Have multiple blockchains with different rules and some kind of mechanism to trade between them in-network - maybe some kind of auction system - and let people decide how much faith they have in various rulesets. Or better yet, have a single blockchain with multiple logical chains. Even if Bitcoin fails, it could prove interesting.

We could even build a distributed stock exchange atop Bitcoin: a company issues stocks as a generation event, paying the normal transaction fee to have it accepted into the blockchain, after which it generates dividend-transactions, which can then be redeemed by the current owners of the stock at any later time.

Re:Ooh, exciting!

[DamnStupidElf]

The people putting together the mining hardware didn't have enough capital to purchase all the units they have to build in order to get a reasonable economy of scale for the ASICs and other development costs. If the developers had enough capital I assume they wouldn't have bothered selling them (although there is also slightly more risk holding a few hundred Bitcoin miners instead of dollars...). It's more like a cooperative investment by lots of miners to fund what they all wish they could afford individually. You can't just buy a one-off ASIC.

Re:Ooh, exciting!

[Katmando911]

Hell, if you are a US citizen then the damn ditch doesn't even need to be in the USA for the US Government to demand taxes on the transaction.

Re:Ooh, exciting!

I pretty sure doubling the amount of crypto currency available halves the value, not doubles it.

Re:Ooh, exciting!

Because there is land acquisition involved in real mining, as well as labor, bad weather, danger, government forms, and a lot of risk. BTC mining is mostly guaranteed to hit - pump in enough electricity and out comes BTC. Setting up a bank of computers doesn't have anywhere near the safety issues running a dozer does. So I think it's a valid question; if the hardware could easily pay for itself, then why sell it? Sure, there is a small initial profit for the manufacturer, but isn't the mined BTC's worth so much more?

Re:Ooh, exciting!

If I go to McDonalds and try to pay in dollars, I'm sure they won't take them (I'm not in America). So dollars are not a real currency, right?

Re:Ooh, exciting!

[Darinbob]

Ok, when we go to Bitcoinistan, then Bitcoins will be a real currency. Meanwhile, real currencies are valid tender in their country of origin and are exchangeable at most legitimate banks. People can trade with pork bellies too if they like, and pork bellies have a market trade price, but pork bellies aren't currency either.

Re:Ooh, exciting!

[Darinbob]

The weird thing about bitcoins compared to other tradeable items, is that they're created from nothing. Sort of like printing money in a way. The USD at least is based on labor, mining, agriculture, trade goods, etc. The whole concept is designed so that some people get free bitcoins, minus some overenthusiastic spending on bigger computers of course. This is not the same as labor or mining.

A digital currency that really attempted to be a new type of currency would be based on something more substantial. Ie, gold backed perhaps, or temporarily indexed to an existing currency.

Re:Ooh, exciting!

[evilviper]

I tend to think of fiat currencies as being on the 'lead standard', with their reality largely measured by how many guys with guns are available to uphold them. USD, among others, passes the test.

You don't need to FORCE anyone to use your fiat money. A mild incentive (ie., a few other people will accept it from them as well) is good enough. In addition, you need at least some scarcity, so if the government stops printing it, and forgeries aren't that good, the currency will be just fine.

The same is true of any currency... If there is too much gold, nobody will accept it as payment, or it's easy to make fake gold that will fool people, your gold standard will become worthless, too.

Same applies to sheep, whiskey, or any other common currency. The exception is straight barter, where you'll only trade your goods for some other good you need or want, but that is a fairly cumbersome system.

Re:Ooh, exciting!

[stymy]

Besides, banks don't generally need to transfer that much money to each other. What they do is at the end of the day/week, they look at how much money other banks owe them (because they paid out on cheques issued by other banks, etc.), tell the other banks that, which do the same, and so they only transfer the difference to each other.

Re:Ooh, exciting!

[fatphil]

That's different - bitcoin isn't deciding whether its currency is valid - bitcoin was capriociously deciding that one single provably-valid token of its currency was invalid.

And anyway, people use illegal tender for transactions quite often. (See many countries just after joining the Euro, or Russia with its use of USD, or...)

Re:Ooh, exciting!

There are already a lot of bitcoin forks.
See https://en.bitcoin.it/wiki/List_of_alternative_cryptocurrencies
Exchange rates: https://vircurex.com/

Re:Ooh, exciting!

[DrXym]

The point (which was a joke) is that if you can effectively kill the other fork then their currency becomes worthless and the additional scarcity of coins on your fork doubles their value. I realise there are all kinds of things wrong with this statement.

Re:Ooh, exciting!

[peawormsworth]

I dont know if what your saying is true. But the bitcoin can be verified digitally. So counterfeiting is very difficult. The government will not insure your paper money against counterfeiting. And they do not provide tools for you to accurately detect and validate the cash money you accept. Instead they ofload the burden of protecting yourself to the individual and at the same time make it a law that you must accept it for all bebts and obligations. In this respect, paper currency is far more fragile then bitcoin.

Re:Ooh, exciting!

Ayn Rand would take any money from any source at any time. It's all she ever loved, other than power over her disciples.

I don't want to play into Jewish stereotypes, but good god, the woman would eventually have come up with ANY philosophical framework to justify her greed.

Re:Ooh, exciting!

Just ask yourself what Ayn Rand would do in the same situation.

Die in penniless poverty while dependent on the state to provide basic income and medical facilities that are necessary to maintain her life, all while maintaining that such a system is inherently evil? It's what I like to think of Ayn Rand doing in *any* situation.

Kind of how like that guy in 'Misery' was dependent on that crazy bitch for food, "facilities", etc., but he still thought she was inherently evil, because she was.

Re:Ooh, exciting!

I tend to think of fiat currencies as being on the 'lead standard', with their reality largely measured by how many guys with guns are available to uphold them. USD, among others, passes the test.

In other words, if I buy something from you in bitcoins and then say I won't pay, nobody is going to give a shit or back you up when you try to claim I "owe" you something.

Re:Ooh, exciting!

you can't buy groceries with gold coins. but gold is worth something.

you can't buy groceries with swiss francs in the US. but swiss francs are worth something.

bitcoins is currency. just not on real life. it's more of an intermediary, abstracted money. a sub-money for now. but it has worth as long as people think it has worth.

Re:Ooh, exciting!

[rayvellest]

Why would anyone would ever want to do such thing?

sorry, a bug eat your money!

OTOH, it was a really big bug

Gobble bobble wobblywob?

Three words in and you lost 99% of your readership. Can't you be arsed to make a proper summary??

Re:Gobble bobble wobblywob?

[armanox]

Actually I think most of Slashdot's readership understands it perfectly. And if they don't, they probably don't care about the article anyway. This isn't a newspaper.

Re:Gobble bobble wobblywob?

[ledow]

Bitcoin is a virtual currency that works by "doing work" (a complicated mathematical "puzzle") on your computer. It becomes a currency by the difficulty of the puzzle, and that when you have solved it you tell other BitCoin users about your success and it goes into a "chain".

That chain is the history of EVERY transaction performed on the BitCoin network and the integrity of the system is given by every user relying on the same chain - so trying to create some extra BitCoins or a fake transaction requires compromising a lot of machines around the globe to believe it happened.

Because of a stupid bug that nobody knew about related to the size of a transaction in this chain, a transaction that's too big for older clients to handle was (legitimately) created. Older clients can't handle it, so they have no idea what to do when it comes into their chain updates. Newer clients can handle it, but can't synchronise their chains with older clients because of it (they can accept the transaction whereas older clients don't).

Because the chain is now effectively split into two chains, and that all the integrity of the system comes from the fact that everyone is using, verifying and updating the same chain, BitCoin is now in an "emergency" (quoted from the forum post in the summary) situation. New clients are generating coins that old clients can't see and vice-versa, so BitCoins are being generated and lost or transacted and forgotten about.

The fix is to go back to the old code, ignore the over-size transaction, and hope to fix the code in a more backward-compatible way. Unfortunately, that requires some people on newer clients to lose coins, revert transactions, and for exchanges to shut down (temporarily) until the issue is resolved.

Basically, someone really messed up by not checking that the database could handle transactions that could pop up in the real-world.

Re:Gobble bobble wobblywob?

[Immerman]

Nice explanation. Now can you explain why exactly is the preferred solution to revert to the old, flawed, code rather than updating everything to the newer code that can properly handle the larger transactions?

Re:Gobble bobble wobblywob?

[ledow]

It's not the preferred solution.

The value of the currency is in the people who use it and most major exchanges have already reverted to 0.7, hence 0.7 blockchains are the de-facto standard at the moment. There was a bit of back-and-forth when the problem was discovered but all the large exchanges have settled on 0.7 as the standard for now.

It's like saying we're going to upgrade the dollar, and yet nobody moves to the "new dollar". The new dollar ends up valueless and everyone just stays on the old one.

The client fix is to accept large transactions but not create them - there's already code in a lot of BitCoin software to do that, but not all clients are running it - someone now has to force them to upgrade to a good version in order to stay compatible, and a lot of people might be generating coins that will later fail without knowing it.

Re:Gobble bobble wobblywob?

[Richard_at_work]

Complexity of moving the entire userbase to the new codebase? You are talking about mass migrating *everyone* as a reactionary measure, rather than doing a planned, tested migration through backward compatibility and progressive upgrade.

Its the same issue as IPv4 and IPv6.

Re:Gobble bobble wobblywob?

[gl4ss]

Nice explanation. Now can you explain why exactly is the preferred solution to revert to the old, flawed, code rather than updating everything to the newer code that can properly handle the larger transactions?

because then the guys suggesting that get a bigger share of the total bitcoins out there.

Re:Gobble bobble wobblywob?

Because it's the only way to get things stabilized in the short term. Once that happens, things will move forward and miners using 0.7 will continue to suffer losses for not updating (rightfully so). It's not the end of the world and ironically exemplifies how robust bitcoin actually is. This post from the thread linked in the article lays it out:

Mike Hearn
Re: Alert: chain fork caused by pre-0.8 clients dealing badly with large blocks
Today at 08:09:33 AM

  #345
To be accurate, it wasn't "the lead developer" who suggested raising the block size limit, it was me. I am a Bitcoin developer, but Gavin is the lead. So you can blame me if you like.

Along with raising the size limit, I have also been strongly urging people to upgrade to 0.8 for some time now. In fact, I'm the one who originally benchmarked and wrote the code to use LevelDB - the mysterious problems we've had with bdb being one of my motivations (the other was performance).

Ultimately, this problem is an old bug that has already been resolved through a large effort to get us off bdb. It's unfortunate that so many miners have NOT heeded the call to upgrade and we had to learn another one of bdbs inadequacies the hard way, along with rolling back to keep those slow miners online. Every miner will have to upgrade sooner or later, that is just inevitable.

Atlas's post was not prescient or insightful. We knew when we made the switch to LevelDB that it introduced the risk of a hard fork. This is not something that had to be pointed out by a banned forum poster. However - as you can see - there was no alternative. BDB has serious, fundamental problems that cannot be fixed. Upgrading to LevelDB is the solution.

Re:Gobble bobble wobblywob?

[fatphil]

> most major exchanges have already reverted to 0.7

Yet 0.7 is the version with the database bug.

These bitcoins certainly aren't a replacement for gold - they're far too irony.

Re:Gobble bobble wobblywob?

[bickerdyke]

That chain is the history of EVERY transaction performed on the BitCoin network and the integrity of the system is given by every user relying on the same chain

So every bitcoin user has a history list of every coin ever mined and EVERY TRANSACTION EVER DONE??!? So if I want to buy a chewing gum with BC, every BC user would neet to create a record of that transaction?

And now how is this supposed to scale into a real currency???

Re:Gobble bobble wobblywob?

[Hmmmnmnmnm]

It should be noted that nobody lost any coins, except for miners who lost their reward for mined blocks on the abandoned (v 0.8) chain.

Any transactions made on the 0.8 chain were automatically re-included on the 0.7 chain when it became the main chain.

Re:Gobble bobble wobblywob?

[characterZer0]

It's like saying we're going to upgrade the dollar, and yet nobody moves to the "new dollar". The new dollar ends up valueless and everyone just stays on the old one.

The dollar has one significant difference: the government requires that you use it to pay taxes. This forces nearly everybody to value the new dollar, which forces everybody to move to it.

Re:Gobble bobble wobblywob?

[ledow]

I'm not an advocate for BitCoin. I don't even use it myself.

But, yes, eventually every user ends up having to store every transaction in some way (there's shortcuts but pretty much that's true). A BitCoin client I just installed is synching 225,000 blocks of transaction history (more than one transaction in each block), the earliest generated a few years ago. It'll take about an hour to catch up from an empty wallet.

Once it's synched, you keep it running whenever is convenient and - after X amount of other BitCoin users have your transaction recorded - it's taken as verified that your transaction was successful. If you get out of sync, you have to wait for it to sync before you use it but - as I said - syncing from a new client only takes an hour to get all the BitCoin chain "history" from the first block created years ago.

Sure, that scales up if BitCoin becomes more popular but that's no different to anything else, and not EVERYONE has to sync to make the transactions verifiable. The current forum posts say that 11 confirmations from other clients is enough to ensure that a transaction was genuine and occurred, for example. That's 11 confirmations from ANYONE running BitCoin. Everyone else can catch up as time allows.

It's even better than, say, a worldwide torrent - the more people running it, the easier to pick up new transactions and confirm them. And torrents don't seem to suffer scalability issues. If anything, they are pushing hard on the ISP's to increase their capacities because they work so damn well.

Re:Gobble bobble wobblywob?

[xiando]

Its the same issue as IPv4 and IPv6.

Except that with Bitcoin the developers are telling users and specially miners to stay with the older 0.7 version until there is a "good" 0.8 versions. People aren't telling us to say with IPv4 until a good version of IPv6 is ready.

Re:Gobble bobble wobblywob?

[ledow]

"except for miners who lost their reward for mined blocks on the abandoned (v 0.8) chain."

Which currently amounts to about $25,000 of BitCoins, last I heard. That's $25,000 of BitCoins that might have been spent, sent, transferred, etc. but never existed in the chosen chain and the knock-on effects on your own wallet if you're dealt with someone who dealt with someone who dealt with someone.... (ad infinitum) ... who dealt with one of those mined blocks.

Sure, it'll "catch up", but saying nobody lost out is plainly false. And isn't the point of BitCoin that everyone is a miner in some small way?

Re:Gobble bobble wobblywob?

[IamTheRealMike]

Yes. At some point everyone will have to upgrade to 0.8 and people who don't will effectively be disconnected from the system. However that needs some kind of co-ordination. The fact that there was a chain split is not the emergency, the fact that it came unexpectedly was the problem.

Re:Gobble bobble wobblywob?

[IamTheRealMike]

No, they are not saying that. If you look at the announcements, people are being told to use 0.7 if they are miners, and for everyone else it doesn't matter what version they're on (so you might as well be on the latest version). At some point miners will need to switch to 0.8 too. It's a matter of co-ordination.

Re:Gobble bobble wobblywob?

[Hmmmnmnmnm]

What? This is "news for nerds." The story is about an interesting technical development world's first decentralized all-digital currency. This is fascinating stuff. Any nerd worthy of the name should know all about this.

Re:Gobble bobble wobblywob?

[Hmmmnmnmnm]

Miners don't have access to their reward for 120 blocks, so they never had them in the first place. The rewards will instead go to the miners in the new chain. Again, no coins are lost.

Re:Gobble bobble wobblywob?

so why not have everybody upgrade to 0.8 instead?

Re:Gobble bobble wobblywob?

[bickerdyke]

1 our synching time. With hardly anyone using it. And the number of transactions won't grow liear when the user base does so.

Sorry, but this system has severe scaling issues.

Re:Gobble bobble wobblywob?

[slashmydots]

So wouldn't forcing everyone to upgrade cause no loss of data? It sounds like old clients can handle 99% of blocks (all buy >= 500k) but the new clients can handle 100%. So forcing everyone to use the new client means no loss of data, right? Or did the older client seriously make an entirely new chain after the biggest block? Because I know blocks are formed based on the block before it but the majority of people are running the new version which means the old clients' chain would never get "approved."

Re:Gobble bobble wobblywob?

[Rogerborg]

Thanks for the explanation. Now, how about you ask your employer to pay me your last month's salary? It's OK, no money is lost.

Re:Gobble bobble wobblywob?

so, reading the comments above...

if everyone had upgraded to 0.8 then there would have been no problem. so the solution they chose was to punish the people that had actually upgraded by going with the previous version, and not to force the 0.7 people to update.

now tell me why anyone would ever have a incentive to upgrade their client?

Re:Gobble bobble wobblywob?

Nope. http://en.wikipedia.org/wiki/Merkle_tree

Re:Gobble bobble wobblywob?

[petermgreen]

At some point miners will need to switch to 0.8 too.

I don't think it's feasible to get everyone to upgrade at once and miners switching to 0.8 gradually would just cause a repeat of the problem we are having now.

What i'd think needs to happen is a new version be put out that says "big blocks are only valid after block x" and then all exchanges and a sufficient proportion of miners need to be persuaded to upgrade to that new version before block x hits.

Re:Gobble bobble wobblywob?

[thoth]

I guess being that there isn't a central authority, there isn't a way to force everyone to upgrade.

As far as I can tell, since bitcoin validity depends on a majority vote (essentially), and more people are using the 0.7 client that something newer, there is no incentive for people on 0.7 to upgrade until the bug is fixed. Why would ayn randian selfish liberterians upgrade and help out validating other people's newer bitcoins?

Re:Gobble bobble wobblywob?

[Richy_T]

Yes, the correct response to a problematic phased rollout is not to roll back but to accelerate the schedule to full-speed-ahead.

Not to mention that there's no "have everyone" in bitcoin anyway.

Re:Gobble bobble wobblywob?

[Richy_T]

Ug. Just remembered the vast hoards of sarcasm-impaired on this site. The first sentence above was sarcasm. SARCASM, PEOPLE!

Re:Gobble bobble wobblywob?

[julesh]

Now can you explain why exactly is the preferred solution to revert to the old, flawed, code rather than updating everything to the newer code that can properly handle the larger transactions?

Because updating everything is likely to be impossible. The system relies on a distributed network of data processors that perform very large numbers of difficult cryptographic operations in the hope of randomly hitting the right answer for a cash reward (this is what is referred to as 'mining' in the summary). Because of the high rewards offered, a lot of people have invested large amounts of money into these operations, with many of the larger players using hardware built around custom ICs (if you do google searches for 'bitcoin' and then 'asic' you'll start seeing adverts for them, even if you leave it months between the two searches...). These likely cannot be upgraded to the new version trivially, as it would rely on the developers of the chips providing updates to their support software -- that is, if it is even possible at all (they may have hard-coded that 512KB block size limit directly into their design).

Re:Gobble bobble wobblywob?

[julesh]

Yes, that sounds sensible. Or perhaps a little simpler is this scheme: miners will probably end up skipping 0.8 and going directly to 0.9, which should artificially limit the size of blocks it signs while accepting larger blocks from other sources. Then, a later version will start producing the larger blocks once the developers are happy that all miners are using code that is compatible with the 0.9 standard.

This likely will not happen quickly: a lot of miners use custom hardware processors whose support software will need to be updated, and that software is not likely to be the mainline bitcoin client but a reimplementation of the protocol from scratch. The hardware designers will need to update their software, which might take a while to organise, if it is even possible (some hardware may have been designed with a 512KB buffer for the block to sign... I'm not sure of the precise details of how these chips work, but that seems a plausible scenario).

Re:Gobble bobble wobblywob?

[makomk]

The problem is that there's no way to get 100% of the userbase to either upgrade to 0.8 or downgrade to 0.7 instantly. However, since the new version accepts everything that the old version does it was possible to mend the fork merely by getting enough people to move over to 0.7 and start mining on that fork. Eventually the 0.7 side of the fork became longer than the 0.8 side at which point all the clients running Bitcoin 0.8 recognised it as the correct version of the blockchain and everyone was working from the same version of history again, so it didn't matter if a few people were still using the wrong version of the client. Doing this the other way around wasn't possible because the 0.7 clients couldn't ever switch to the other side of the fork no matter what happened.

Re:Gobble bobble wobblywob?

[LordLimecat]

Its only fascinating in a train-wreck sort of way. Every 6 months we get a story about how the value of BTC has dropped 25% again and theres been a hacking incident at some exchange or something, but its OK because its mathematically proveable and thus a viable currency.

At some point bitcoin went from an interesting idea to an an example of pigheaded wishful thinking.

Re:Gobble bobble wobblywob?

[julesh]

So if I want to buy a chewing gum with BC, every BC user would neet to create a record of that transaction?

No, every user who wants to be able to check that transactions are valid needs to create a record of it. In the event of the network becoming too large, scaling would likely happen by service providers offering to validate transactions on behalf of customers for a small fee, thus relieving customers of the need to keep a copy of the transaction list. Anyone who wants to set up such a service provider could do so with relative ease.

If this becomes too hard to manage, a further simplification can be made: it would be entirely possible to use a system that summarises the block history list, so that you only have to hold (e.g.) the last few months worth of transactions. Of course, you'd have to trust your source of summaries, but at the moment we have to trust our banks and the credit card processing companies, so we're used to trusting people like this.

What makes bitcoin not scalable on the level of a real currency is the fact that the system is designed so that there can never be more than 21 million of them. OK, they can be subdivided, but even assuming you subdivide them to their technical limit, if the amount of money represented by BTC ever reaches the scale of the amount of USD that was in circulation as of 2008, that would be equivalent to the smallest possible unit of exchange being around 30c. Over time, this figure would increase. And as bitcoin can be lost (e.g. by data loss without backup, owners dying without a record of their passphrases, or simply by people forgetting they own them) and once lost can never be recovered (except by very expensive cryptographic key cracking exercises), the number in circulation is doomed to drop over time. This will merely exacerbate the problem.

Re:Gobble bobble wobblywob?

[Jeremi]

Three words in and you lost 99% of your readership. Can't you be arsed to make a proper summary??

"News for Nerds", AC. If you don't already know what a Bitcoin Blockchain is, then GTFO. ;)

Re:Gobble bobble wobblywob?

[julesh]

Imagine your employer operated on a scheme were instead of paying all of their employees every month they randomly picked an employee and gave them the entire month's pool every time. Now imagine the result of that random selection was ambiguous due to, say, nobody having noticed that two people had picked the same lottery numbers. They then decide arbitrarily in favour of one employee over the other. Does it sound as much like they've lost now?

Also: miners should be well aware that they aren't guaranteed to receive the bitcoins even if they do successfully produce a signed block. The system is designed to cope with the fact that such chain forks may occur and to resolve them automatically by checking which chain is longest. It's part of the protocol that they signed up for from the very beginning, so it's hard to argue they were in some way cheated.

Re:Gobble bobble wobblywob?

[gox]

All miners switched to the old version so that everyone, old and new, could handle the generated blocks. The opposite would render all the blocks that will be generated by the old version defunct.

At the time of discovery, branch using the new version was already longer, but developers recommended that we cut it off anyway and so the miners did.

By the way, exchanges have nothing to do with it, since both old and new version can handle the transactions themselves. This issue was strictly about miners, so it mostly involves mining pools.

Re:Gobble bobble wobblywob?

[gox]

It's like saying we're going to upgrade the dollar, and yet nobody moves to the "new dollar"

The analogy is almost true, but in this case it really doesn't matter which version exchanges use. Transactions generated by 0.8 can be mined by 0.7 and vice versa. I don't know where you got the impression that they were rendered incompatible, but it's wrong.

Re:Gobble bobble wobblywob?

check your math

Re:Gobble bobble wobblywob?

[petermgreen]

Or perhaps a little simpler is this scheme: miners will probably end up skipping 0.8 and going directly to 0.9, which should artificially limit the size of blocks it signs while accepting larger blocks from other sources.

The problem with that approach is that there is already a version in the wild (0.8) that can generate large blocks. Undoubtablly whatever the official advice is some subset of bitcoin miners are likely to stick with that version.

If most miners accept large blocks and a miner still on 0.8 generates a large block then the 0.7 users will get "forked off". So the goal of allowing people to upgrade while delaying the "forking off" of 0.7 users will not have been acheived.

Re:Gobble bobble wobblywob?

Bitcoin is a protocol - as should be obvious after reading this thread, the protocol can be updated with a consensus of the majority of the network nodes. It would be trivial to extend the protocol to support further subdivision than the current 8 significant digits. Your latter argument about lost coins sounds like an argument against deflation; I've seen much better arguments than yours about how deflation will doom any currency and I'm still not convinced.

Re:Gobble bobble wobblywob?

[YesIAmAScript]

That doesn't seem right to me. The hardware just brute forces hashes over and over. Once a hash collision is found, then any old CPU and software combo can go through the trouble of minting the coin from it (building the chain). You could even just hand the known solution as a "try this first hint" to the latest version of the bitcoin mining software whatever it is.

So I don't think there would be much problem upgrading these ASIC/FPGA mining systems.

Re:Gobble bobble wobblywob?

[compro01]

You are misunderstanding what a "confirmation" is. A confirmation is the transaction being included in a block (what the miners are generating), and then more blocks chaining off that block.

11 confirmations means the transaction was included in a block, and then 10 more blocks chained off that one.

The point of this is to ensure that your transaction isn't only on the short end of a fork.

Re:Gobble bobble wobblywob?

And isn't the point of BitCoin that everyone is a miner in some small way?

No, for everyday PCs it's now so cost-ineffective to mine that they took out the "generate coins" option in the GUI. Mining was never available on phones. It's a specialized effort using custom ASICs now, and a full-time job for some people.

Re:Gobble bobble wobblywob?

so, reading the comments above...

if everyone had upgraded to 0.8 then there would have been no problem. so the solution they chose was to punish the people that had actually upgraded by going with the previous version, and not to force the 0.7 people to update.

now tell me why anyone would ever have a incentive to upgrade their client?

Because most of the time upgrading is profitable, but those upgrades are not newsworthy and are thus not discussed here.

Re:Gobble bobble wobblywob?

[Chelloveck]

The problem is that there's no way to get 100% of the userbase to either upgrade to 0.8 or downgrade to 0.7 instantly.

Wait, so Bitcoin is decentralized and distributed but requires all clients to remain in lockstep with each other? Nope, can't foresee any problems with that model...

Re:Gobble bobble wobblywob?

[Fnord666]

It's like saying we're going to upgrade the dollar, and yet nobody moves to the "new dollar". The new dollar ends up valueless and everyone just stays on the old one.

Who else remembers "new Coke"?

Re:Gobble bobble wobblywob?

[DamnStupidElf]

The dollar has one significant difference: the government requires that you use it to pay taxes. This forces nearly everybody to value the new dollar, which forces everybody to move to it.

If the world economy switched to Euros or Yen or Canadian Dollars tomorrow there would be U.S. Dollars littering the streets that one could use to pay taxes with. Of course, there might be a bit of a question of the exchange rate that should apply for taxation of other currencies if no U.S. dollar was ever spent again, but presumably it would work for the current accounting year. There is an actual, real demand in the World market for U.S. dollars, and not just to pay taxes.

Re:Gobble bobble wobblywob?

[IamTheRealMike]

That explanation is nonsense. The hardware has no knowledge of what's in the blocks. It deals only with the headers.

Re:Gobble bobble wobblywob?

[DamnStupidElf]

In this case miners who worked on the ~20 blocks in the 8.0 chain won't see a reward for another 140 blocks. There was still a waste of cycles==electricity==money.

Re:Gobble bobble wobblywob?

[Troed]

Every 6 months we get a story about how the value of BTC has dropped 25%

http://bitcoincharts.com/charts/mtgoxUSD#tgSzm1g10zm2g25zl

Re:Gobble bobble wobblywob?

[LordLimecat]

Sure is a nice log scale youre using there, and it still looks crazy volatile.

Re:Gobble bobble wobblywob?

[AnonyMouseCowWard]

Uhm. Yes, yes it sounds like they've lost.

Nothing was _lost_ for BitCoin, or for the employer, or for the market as a whole. But you, the individual that had a winning number and got told "oops, sorry, not for you this time", you'll feel as if you lost something. Now you have to toil for another month to wait for a chance to win.

It may be a simple technical flaw that is easily fixed, but for the person impacted, it's not just that. It doesn't build confidence. Would you work for such an employer?

Re:Gobble bobble wobblywob?

[Darinbob]

Flawed code or fixed code, it doesn't matter which. The system of geeks trusting other geeks in their attempt to make money depends upon mutual agreement. They can mutually agree on the flawed code and that will fix the problem, or they can mutually agree on fixed code and that will also fix the problem.

Re:Gobble bobble wobblywob?

[Darinbob]

That's a minor difference. The US dollar was a legal currency before there was income tax.

Re:Gobble bobble wobblywob?

[Darinbob]

It's not like someone harvested 20 tons of watermelons and now has to let them rot in the trucks, or they have to fire 20 employees. What they actually "lost" was some CPU time.

Re:Gobble bobble wobblywob?

[Hes+Nikke]

you aren't required to keep all 6 GB of blockchain history unless you are mining. It just so happens that the official bitcoin client does keep the entire 6 GB blockchain history. You are welcome to use any non-official client since the protocol is 100% open source.

Re:Gobble bobble wobblywob?

The divisibility can be extended. And I think you need to check your math anyway. http://www.wolframalpha.com/input/?i=united+states+money+supply+%2F+2.1+quadrillion

Re:Gobble bobble wobblywob?

[hairyfish]

Bitcoin is a virtual currency that works by "doing work" (a complicated mathematical "puzzle") on your computer. It becomes a currency by the difficulty of the puzzle, and that when you have solved it you tell other BitCoin users about your success and it goes into a "chain".

That chain is the history of EVERY transaction performed on the BitCoin network and the integrity of the system is given by every user relying on the same chain - so trying to create some extra BitCoins or a fake transaction requires compromising a lot of machines around the globe to believe it happened.

Because of a stupid bug that nobody knew about related to the size of a transaction in this chain, a transaction that's too big for older clients to handle was (legitimately) created. Older clients can't handle it, so they have no idea what to do when it comes into their chain updates. Newer clients can handle it, but can't synchronise their chains with older clients because of it (they can accept the transaction whereas older clients don't).

Because the chain is now effectively split into two chains, and that all the integrity of the system comes from the fact that everyone is using, verifying and updating the same chain, BitCoin is now in an "emergency" (quoted from the forum post in the summary) situation. New clients are generating coins that old clients can't see and vice-versa, so BitCoins are being generated and lost or transacted and forgotten about.

The fix is to go back to the old code, ignore the over-size transaction, and hope to fix the code in a more backward-compatible way. Unfortunately, that requires some people on newer clients to lose coins, revert transactions, and for exchanges to shut down (temporarily) until the issue is resolved.

Basically, someone really messed up by not checking that the database could handle transactions that could pop up in the real-world.

Yeah this BTC sounds much better than real money...

Re:Gobble bobble wobblywob?

Because the different versions see the problem differently. 0.7 sees a longer but invalid fork. 0.8 sees a valid but shorter blockchain. Clients 0.7 would never accept the forked chain regardless of what would be done. So going by that chain would leave them all outside the main network and vulnerable to attacks. Going with the earlier chain means that all 0.8 clients will accept it as soon as it's the longest chain, and no one is left outside the main chain. From the 0.8 perspective it's just a standard reorganization, rather than a blockchain fork (albeit unusually long).

Re:Gobble bobble wobblywob?

Bitcoin wiki -> scalability -> pruning.

Read up before you state things as confidently as you do. You just seem arrogant otherwise.

Re:Gobble bobble wobblywob?

[petermgreen]

The key thing to understand is that there is no central authority "approving" blocks. It is up to each client (including but not limited to miners) to download a block, check is follows the rules and if it follows the rules and is stronger than the strongest chain they know about to accept it.

Blocks are based on the most recent block in the strongest chain the miner knows about. The existence of stronger chains that the miner does not know about will not stop it trying to extend the strongest chain it does know about.

0.7 miners couldn't import the large block and therefore couldn't import any of it's children. If a miner can't import something then it doesn't know it exists. So 0.7 miners kept looking for (and finding) blocks based on the block immediately before the large block and passing those blocks to each other forming a blockchain with no large blocks.

At the same time 0.8 miners continued looking for (and finding) blocks based on the large block. AIUI there were initially more 0.8 miners than 0.7 miners so the blockchain they produced remained stronger than the one the 0.7 miners produced. This left two substantial groups of users out of sync. The only way to fix this quickly was to downgrade miners so that the blockchain with no large blocks became the stronger blockchain.

I suspect the long term fix will involve declaring a particular block some time in the future as the point from which large blocks will be allowed and then convincing everyone who matters to upgrade by that block number.

consensus should be put into specification

[Chrisq]

The consensus on #bitcoin-dev is damage control: miners need to mine on pre-0.8 code so the backward-compatible fork will outgrow and thus dominate the compatibility-breaking one;

Either this should be put into the bitcoin specification or not accepting any size should be seen as a bug. There should not just be an unofficial consensus that "this is what should be done"

Re:consensus should be put into specification

[L4t3r4lu5]

Nobody said that anyone involved in Bitcoin actually knew what they were doing.

Re:consensus should be put into specification

Me: Sadly, you don't understand anarchism. There's no hierarchy, no "official", no gods or kings, only men.

You: Don't tell me what anarchism means!

Me: That's my boy.

So what now?

[goose-incarnated]

You need to stop buying stuff until the "currency" (and I use that term very loosely when talking about bitcoin) is valid again? Good thing it isn't used exclusively by anyone, else they'd now be starving.

Re:So what now?

[Richard_at_work]

I was wondering that - if there is now a fork in the blockchain, with some groups going in one direction and some in another, does that mean that if this isn't resolved very quickly then bitcoin holders now have twice the number of bitcoins, an initially identical set on each fork?

I guess one fork would become the accepted fork, and hte other one would wither - but until that point, people could conceivably spend both forks with whomever accepts either one?

Re:So what now?

[julesh]

No. The only problems concern miners, not currency use. Transfers, and transfer validation will all work as designed throughout, only those attempting to mine blocks using the newer version have any need to worry. The system was designed to account for the possibility of a chain fork, and to automatically reject one version once consensus is reached on which is "best", and the only reason any action is needed is to avoid miners being dissapointed by minimising the length of the fork (as anyone who mined a block in the rejected fork will not get a reward for it).

Re:So what now?

[gox]

Well, Bitcoin is experimental, so I guess risk averse people need to stay away from it until it's stable enough, or at least should not use it "exclusively".

I'm quite happy with Bitcoin being both a currency and a payment network. In time, this will probably change though, and people will use payment systems like PayPal implemented on top of Bitcoin.

Re:So what now?

[gox]

Yes.

Branches are a part of the protocol, they are mostly natural. That's why it's recommended to wait for confirmations for higher value transactions. However long branches should be very improbable and this software glitch broke this condition. Even so, since the protocol is built on this, all transactions from the orphaned chain are carried to to the one selected by the highest hashing power. Valid transactions are not lost and double spends are invalidated. However, as you said, a careful attacker can do a double spend far more easily during such a long fork.

Re:So what now?

[petermgreen]

In theory yes, in practice it would be nontrivial (but probablly not impossible) to pull off. If you just pushed the transaction out to the network in the normal way it would likely end up on both forks. So you'd either have to find a way to craft a transaction that was only valid on one fork or you'd have to find a way to feed your transaction into one blockchain without it ever getting out onto the transaction distribution system.

Oh look, my gamer rig has a monster GPU

That means I'm wealthy.

??

It's a Wonderful BitCoin!

[eldavojohn]

Why achieve 'consensus' when we could let the fork fester, and have two virtual currencies floating wildly against one another as well as USD?

In fact, why not introduce Bitcoin-0 through Bitcoint-Aleph and let them fight it out? I'll bring popcorn!

BitCoin Bailey: No, no, no, everybody remain calm. We'll get through this together. You're thinking of this virtual currency all wrong. As if I had the BitCoins back in a safe. The money's not here. Your money's on Bill's computer, and Fred's computer ...
Angry BitCoin User: Hey Fred, what the hell you doin' with my BitCoins?!
*a run on MtGox ensues*

That's just backward

The correct solution is for people to continue pushing the new version fork and for the people on .8 to update or lose all of their "money".

Re:That's just backward

Now that wouldn't make a very good pyramid scheme!

Re:That's just backward

So if a new dollar coin were to come out, and legacy vending machines did not accept it, then all the folks that can actually use the old vending machine with their old money should have the value of their old money reduced to nothing in order to force them to switch over and use the new coin?!?

WTF are you smoking?

Re:That's just backward

That is what happens with new notes. For a while the banks will accept both, then they stop and only the Bank of England accepts both, then it stops as well.

Re: Was an issue for about four hours yesterday

[qubezz]

The forking was fixed within a few hours. Mining pools were notified of the issue and alerted to the recommendation to revert mining activity back to 0.7.x, which was a simple fix to grow a blockchain compatible with all mining pool Bitcoin versions. The majority of miners ignoring the incompatible fork (which caused a "Lock table is out of available lock entries" database error on Bitcoins compiled against certain BerkeleyDB libraries), let the new fork grow longer and all is fixed.

Almost all transactions are expected to be included in the new chain, so there is little opportunity for malfeasance. If you sent someone money for goods, your transaction sending money will likely be in both the new chain and the old.

For those, like me, reading this and saying wtf?

[Looker_Device]

For those who don't know the first fucking thing about what this summary means (hint to summary writers, if you're going to use jargon, please explain it to those of us who don't follow bitcoin or whatever-the-fuck), here is a much better article on the subject (written in plain English):

Major Glitch in Bitcoin

Scaling

Makes you wonder how Bitcoin can scale when there are versions of the software which impose a limit of 500K limit on block size. The size of a block is driven by how many transactions are in in it, and 500K (or so) of transaction is not really a lot. A block can only be mined every 10 minutes, so this amounts to a maximum of 50K transactions per minute. These are the old versions, but how many transactions per minute can be verified (i.e. "mined") by the current version before another limit is reached?

Uh oh... Bitcoin is having growing pains

[leonbev]

It seems that good ol' Bitcoin is having problems scaling up to meet the new demand for cryptocurrency. Perhaps we should start looking into alternate cryptocurrencies like Litecoin instead?

Re:Uh oh... Bitcoin is having growing pains

[pipatron]

Actually it doesn't have a problem, since it's already solved.

Now, please tell me how some users switching to a completely different cryptocurrency would solve your perceived problem with forked bitcoins?

Re:Uh oh... Bitcoin is having growing pains

[Hmmmnmnmnm]

Litecoin will have the same problems. It's simply of fork of the reference bitcoin code with a few tweaks (more frequent block generation, use of scrypt instead of sha256).

Re:Uh oh... Bitcoin is having growing pains

[DogDude]

Perhaps we should start looking into alternate cryptocurrencies like Litecoin instead?

Perhaps you should. I, on the other hand, am perfectly fine using US dollars.

So much for being based on crypto

[betterunixthanunix]

So the currency that is supposedly based on crypto winds up forking into two different currencies because of a database update? Nice job guys.

Re:So much for being based on crypto

[h4rr4r]

No because the morons who created it did not understand what they were doing. If you don't know the limits of the DB you use why would I trust you to create a digital currency?

Re:So much for being based on crypto

[pipatron]

What the hell does this rambling even mean? Do you even know what "crypto" means? How is that in any way related to the database chosen in the implementation? Did you know that it's possible to base a program on both "crypto" and a database?

Re:So much for being based on crypto

[IamTheRealMike]

It's worth noting, that Berkeley DB (the one with the weird limits) was already replaced. The problem is that not enough users have upgraded to the replacement yet, and it's better to match their brokenness than diverge unexpectedly. They'll have to upgrade sooner or later though.

Re:So much for being based on crypto

[slashmydots]

They knew about the flaw and fixed it a long ass time ago. They just didn't realize the old clients wouldn't work 100% with the new database style, although it seems really obvious to me.

Re:So much for being based on crypto

Yes, they didn't know of this limit, but to be fair, this limit was a completely undocumented and unknown bug in the database software, a platform the developers have been keen to get away from for a very long time.

The newer version of Bitcoin Core was tested but not as thoroughly as one might hope. Fortunately, what the dev team lack in resources they more than make up for in dedication/cooperation.

Re:So much for being based on crypto

Yes, but you're missing the point. There was nothing wrong with having weird limits. The currency system could function perfectly fine with a weird limit. The problem arose when they removed the weird limit for only some of the clients. They either should have continued the weird limit for everyone or removed it for everyone.

The short term solution is to revert to the old client with the weird limit. This fixes the immediate problem, although they still have to figure out how to handle the side effects. Could they simply award the original miner two smaller chunks and move forward again from there? Or downsize the existing chunk to 500k?

The medium term solution in this case would be to make a new version of the client with the weird limit restored. Presumably they can simply add code to the mining algorithm that will enforce the limit rather than doing so at the database level. This would also allow them to write a meaningful unit test so that this doesn't get accidentally broken again. It seems possible that they could make it so that large mines automatically break themselves down into chunks small enough to fit under the limit, but I don't know if there is another weird limit that would prevent that.

A longer term solution would be to make a new currency without the weird limit. The Bitcoin system already understands the concept of multiple currencies. It should be trivial to have two Bitcoin currencies. Then upgrading would involve a currency switch.

Re:So much for being based on crypto

[betterunixthanunix]

Do you even know what "crypto" means? How is that in any way related to the database chosen in the implementation?

Usually, cryptosystems do not rely on things like the maximum size of atomic transactions in a database to work or to be secure in the abstract sense; it seems that in the case of Bitcoin, that is exactly what happened. This bug is not some kind of side channel attack (e.g. as you saw with Skype, where the cryptosystem was theoretically secure but where the implementation had an easily exploited side channel), it is not an implementation that leaves a secret key in some publicly accessible place, it is not a failure to properly implement the abstract cryptosystem. This is a cryptosystem whose security depends on specific implementation details.

To put it another way, imagine if instead of the database implementation, it was the CPU architecture that determined the security of the system. As long as everyone uses x86, it is fine, but if a few people start using ARM or PowerPC the system "forks." Would you trust such a system? What differentiates that hypothetical scenario from the database issue?

Re: So much for being based on crypto

[Urza9814]

It's not even 1.0; they're very clear that it is still _experimental_; and the only reason there was a problem was because people weren't bothering to update their clients.

In other words, if people run an outdated version of still alpha/beta-stage software as though it is production-ready...well, who's fault is that _really_?

It's not a currency; it's not advertised as a currency; it's an experiment in how to create a currency.

Re: So much for being based on crypto

[Urza9814]

...so they should have released an upgrade to solve a problem caused by people not upgrading?

Re:So much for being based on crypto

[betterunixthanunix]

The problem is that not enough users have upgraded to the replacement yet

This sounds like a horribly broken cryptosystem: your security depends on how many other users of the system have upgraded to a new version of some database?

They'll have to upgrade sooner or later though.

According to whom?

Re: So much for being based on crypto

[Urza9814]

The security was never broken and does not rely on the database specifics. Compatibility was broken. Security was not.

A better analogy would be like having a system that uses SHA-1 to hash passwords using a hardware chip....then they make a new version whose chip only does SHA-512. Everything is still as secure as it was, but you would no longer be able to transfer the output between devices.

Re:So much for being based on crypto

[betterunixthanunix]

I see a bigger issue: the fact that the abstract security of this system is dependent on specific implementation details like which database is used or what its maximum atomic update size is. A cryptographic currency system needs to be secure regardless of how it is implemented, how many implementations there are, or what underlying technologies are chosen for those implementations. Anything less renders the system insecure and open to attack.

Re: So much for being based on crypto

[betterunixthanunix]

The security was never broken

If the system "forked" the security against double spending is broken. Can I spend money I accumulated prior to the fork on both networks? If money is generated in one network, can I use it on both networks simultaneously?

In general, a digital cash system should not permit one unit of value to be spent by more than one party simultaneously.

Re:So much for being based on crypto

[makomk]

Apparently the exact limits varied depending on the exact OS and BDB version you were using, so some nodes running the old version accepted the blocks whilst others didn't. This isn't a sustainable situation.

Re: So much for being based on crypto

[makomk]

The security was broken. Suddenly, an attacker had the ability to easily spend the exact same set of coins twice, violating one of the key security properties Bitcoin was meant to have.

Re: So much for being based on crypto

[betterunixthanunix]

OK, but if the entire system's ability to securely process transactions (which is what this really boils down to) hinges on the clients all using the same version of the same software, Bitcoin is extremely vulnerable to attack. One can easily imagine some malware that goes around introducing this sort of bug into Bitcoin clients, and when enough machines are infected, the bug is triggered to create a fork and the attacker uses that fork to engage in large-scale double spending. One might not even require malware; the attacker only needs to find some subtle bug in future versions of the software, trigger it, and exploit the fork.

Basically, an attacker who can corrupt a sufficient number of Bitcoin participants can break the security model; that number may be even smaller than people thought. We already know that an attacker who controls more than half the computing power of the Bitcoin network could do that, so this is not really news. There is a reason modern cryptographers do not usually make such arguments:

https://en.wikipedia.org/wiki/Bombe

Re:So much for being based on crypto

[Jeremi]

A cryptographic currency system needs to be secure regardless of how it is implemented

That's kind of an impossible standard, don't you think?

Re:So much for being based on crypto

[LordLimecat]

So are there any databases out there which could scale to handling every transaction for the general population? USD has been running for 200+ years now with no issues. If BTC is hitting scaling issues now at ~5 years and 0.5% of the population, that doesnt bode terribly well.

Re:So much for being based on crypto

[betterunixthanunix]

Well there is a missing phrase there: secure in the abstract sense. ElGamal is secure in abstract terms (i.e. against a chosen plaintext attack); the only way for implementations of ElGamal to be insecure is by side channel attacks, and anything else would not be an implementation of ElGamal (e.g. a system that fails to use a random number generator is not an implementation of ElGamal, which requires a random number generator). Similarly, David Chaum's digital cash systems were secure in the abstract sense (for various notions of security), and so any vulnerabilities would either involve side channel attacks or incorrect implementations.

Bitcoin, on the other hand, seems to lack the property that it is secure in the abstract sense. If all it takes is a sufficiently large fraction of participants in the network to use an outdated implementation, then an adversary who can corrupt that many participants can successfully attack the network. Yes, security against adversaries who can corrupt more than a third of the participants in any multiparty system is hard to achieve, but given that the Bitcoin crowd expects people to trust Bitcoin with real-world monetary transactions, I think it is fair to demand something better (especially given all the work on digital cash in the 80s and 90s).

Re:So much for being based on crypto

[vux984]

This is a cryptosystem whose security depends on specific implementation details.

Not quite. This is a cryptosystem whose compatibility was limited by specific implementation details.

To put it another way, imagine if instead of the database implementation, it was the CPU architecture that determined the security of the system. As long as everyone uses x86, it is fine, but if a few people start using ARM or PowerPC the system "forks." What differentiates that hypothetical scenario from the database issue?

Lets say x86 uses 8bit bytes, while ARM uses 10bit bytes. The x86 version of my cryptosystem works, the spec is defined in terms of 'bytes' as the smallest chunk of data. Everything is fine.

Then someone ports it to ARM. The ARM version is also built to spec. They start it up. It syncronizes with x86 versions no problem, and then it passes the data onwards to other ARM and x86 systems, also no problem. On ARM systems, the upper 2 bits go unsused, and when data is passed to an x86 system they are stripped off.

Then someone creates some new data on the arm version, and houston, we have a problem. The new data created on ARM is using the upper 2 bits, and although the new data syncs fine with other ARM units, it fails when syncing back to x86 units.

The crypto-system isn't reliant on 8 bit bytes in the abstract. The system, in the abstract, will work with any size byte. But nobody actually specified the byte size when doing the implementation. And it worked well enough, even cross architecture for a while before anyone noticed the issue.

Clearly the fix is to either update the 8bit system to cope with 10bits, restrict the 10bit system to working with 8 bits, or add in some meta data to describe what byte size the data is, and some bit-packing standards for moving the data between architectures.

But there is nothing wrong with the crypto system in the abstract. Nor is there anything wrong with the 'security'.

The database issue is essentially the same thing.

Re: So much for being based on crypto

If the system "forked" the security against double spending is broken.

The security against double spending is not broken. It is not plausible to ever double spend when the system has forked. The system forks constantly, probably dozens of times per day. It's designed to do that. What was different about this case is that the fork survived for multiple blocks.

Can I spend money I accumulated prior to the fork on both networks?

No.

If money is generated in one network, can I use it on both networks simultaneously?

No.

In general, a digital cash system should not permit one unit of value to be spent by more than one party simultaneously.

Agreed.

To clarify what happens when the blockchain forks and you've made a transaction is that the transaction is picked up by both forks. Both sides believe that you've spent your money (there may be some discrepency on when you spent the money. One chain might think you spent it at 1:00pm and the other might think you spent it at 1:10pm, but there is never any disagreement on whether you spent it or not). If you tried to spend your money twice, once on each fork, both forks would believe that you had spent your money twice.

So the question is what happens when one of the forks dies out (as has happened). If you were a merchant on the wrong fork (the fork that got backed out and died), what would happen is that eventually you would notice that the other fork is longer and you'd switch over to, altering your view of the world in the process. Again, the switch of forks wouldn't change your view on whether someone had spent money or not, or how much money someone had spent. It may have some time-based changes (using the same example as before, you may have previously thought that someone spent money at 1:00pm and now believe that they spent money ot 1:10pm instead), but nothing very radical has changed in your view.

Re: So much for being based on crypto

[Fnord666]

The security was broken. Suddenly, an attacker had the ability to easily spend the exact same set of coins twice, violating one of the key security properties Bitcoin was meant to have.

How would an attacker do that and still have both chains validated?

Re:So much for being based on crypto

[Jeremi]

If all it takes is a sufficiently large fraction of participants in the network to use an outdated implementation, then an adversary who can corrupt that many participants can successfully attack the network.

I think that is an inevitable consequence of any p2p system, simply because the participants are the network. It's not like there is some central bitcoin server running on trusted hardware somewhere that can "withstand the attack".

I think it is fair to demand something better

Okay, how could it be improved? (Other than just never having any bugs starting from the very first release, of course... which would be nice but isn't terribly realistic)

Re:So much for being based on crypto

[betterunixthanunix]

that is an inevitable consequence of any p2p system, simply because the participants are the network

That is not true; see e.g.:

http://eprint.iacr.org/2012/441

Here is a layman's translation:

• It is a peer-to-peer system for computing a function over inputs from N parties
• The privacy of each party's input is protected i.e. no party will learn any other party's input beyond what the function's output reveals
• The privacy of each party's output is protect in the same fashion as the input
• The outputs are guaranteed to be correct if the protocol terminates (an attacker might just stop the protocol early, in which case there is no output)
• All of the above holds if the attacker can take over a majority of the participants (e.g. like the attack I described above)
• All of the above holds if the attacker can choose which parties to corrupt after observing some part of the protocol

In other words, this is a system that protects against an even more sophisticated version of the attack I described above.

Okay, how could it be improved?

Drop the idea of not having any banks, and then create the sort of system described in this line of research:

http://www.cs.ut.ee/~lipmaa/crypto/link/protocols/ecash.php

Re: So much for being based on crypto

[makomk]

I'm not exactly sure how it happened and the only person who's admitted to taking advantage of this isn't either: https://bitcointalk.org/index.php?topic=152348.0 As far as anyone can tell, enough mining nodes forgot their transaction history due to being shut down and restarted on 0.7 that some transactions only confirmed on the newer 0.8 side of the fork, allowing the attacker to submit a conflicting transaction that would replace their payment transaction after it had already been confirmed and after they'd already withdrawn the funds. (There were probably other ways of doing it, such as taking advantage of the rules on when fees are required on transactions.)

Re: So much for being based on crypto

Actually, the discarded .8 chain got up to 6 confirmations, which many websites consider 'valid'. So they could, for example, deposit their money into two different poker sites on the .7 chain and the .8 chain, then withdraw all of their funds from the one on the .8 chain. When the .8 chain is orphaned, all transactions listed in it are moved over to the .7 chain, where it is realized that the transaction is a double spend. Some retailers used 8 confirmations, some foolishly as low as 4, and certain sites like satoshidice don't check for confirmations at all. So it's up to the retailer to stay safe.

Oh, brilliant

Wasn't it obvious that anything that imposed limits on block size would break the chain once the blocksize limit was lifted (e.g. through using a different database engine, as v0.8 of the satoshi client did)?

Berkeley DB is a nuisance and a piece of shit, something that everyone has known for years - this is just an object lesson demonstrating it.

Re:Oh, brilliant

Wasn't it obvious that anything that imposed limits on block size would break the chain once the blocksize limit was lifted (e.g. through using a different database engine, as v0.8 of the satoshi client did)?

Berkeley DB is a nuisance and a piece of shit, something that everyone has known for years - this is just an object lesson demonstrating it.

Yet it was chosen by a four year old project by apparently not the brightest bunch of developers. Also give thanks to the Satoshi Dice crowd for their blockchain bloating site that enabled this to happen.

Re:Oh, brilliant

[tepples]

Berkeley DB is a nuisance and a piece of shit

Which key-value store would you recommend using instead?

Re:Oh, brilliant

[Richy_T]

Jeez, Notepad would be better than BDB.

Re:Oh, brilliant

Christ, just about anything. They switched to LevelDB, and that seems to work OK.

Re:Oh, brilliant

[julesh]

Which key-value store would you recommend using instead?

Depends on the type of keys and values, but if the keys are short and the values are typically larger than a few KB I've discovered that my operating system comes with this wonderful thing called a filesystem that seems to do the job quite nicely.

Re:For those, like me, reading this and saying wtf

[kaizendojo]

Well, I read the article and still don't understand Bitcoin, the concept or the need for it. Just seems like a product without a real need other than the idea of being subversive. But perhaps I don't understand it at all. Of course that's why I come here.... So if any /.ers can explain this, I'm sure others would appreciate it as much as I would.

The concensus should be...

[Viol8]

.... that bitcoin always was and always will be a toy currency - maybe of academic interest for the technical and economic theories behind it - but not something someone with any brains should ever invest in in a big way or rely on to purchase goods.

I think its fair to say that while forking code may be a good idea most of the time - when its code running a virtual currency its a very BAD idea. The fact that its been done demonstrates a complete lack of common sense amongst the people running this thing which should make any "investors" very VERY worried.

Re:The concensus should be...

[Chrisq]

I think its fair to say that while forking code may be a good idea most of the time - when its code running a virtual currency its a very BAD idea.

This isn't a code fork, it's a block chain fork" caused by an incompatible version update. That said, I agree with your assessment that it is not suitable for storing wealth unless you are prepared to take risks. To be fair bitcoin describes itself as ".. an experimental, decentralized digital currency".

Re:The concensus should be...

but not something someone with any brains should ever invest in in a big way or rely on to purchase goods.

I think its fair to say that while orking code may be a good idea most of the time - when its code running a virtual currency its a very BAD idea.

You should definitely rely on Bitcoin in a big way or rely on it to purchase goods as you do not appear to have any brains.

Re:The concensus should be...

[Viol8]

"orking code"?

I think you got lost of the way to WoW sonny.

Re:The concensus should be...

You wrote the post yourself, if you're not mentally challenged I'm sure you can find out what you originally wrote and fill the blank. I'm beginning to have doubts, though.

Re:The concensus should be...

"orking code"?

I think you got lost of the way to WoW sonny.

Wow, it's really worse than I thought. How do you even manage to survive?

Re:The concensus should be...

[micahraleigh]

Instead of saying what the consensus should be, what don't you say what your opinion is.

You are effectively downplaying your opinion.

Re:The concensus should be...

[Chrisq]

Instead of saying what the consensus should be, what don't you say what your opinion is. You are effectively downplaying your opinion.

Sorry, I think what you misunderstand what I'm saying. There is a consensus that all software should impose a 500k block size limit. I'm saying that unless they put this in the standard then supporting an arbitrary limit on size should be seen as a bug,

Re:For those, like me, reading this and saying wtf

[Looker_Device]

No one really understands bitcoin. I'm pretty sure that's part of its strange appeal (and, some would contend, an essential part of the scam).

Re: Was an issue for about four hours yesterday

[h4rr4r]

Even an outage of a few hours is not acceptable for a currency.

The issue is not the fix, the issue is the poor planning that lead to the error to begin with. It hints that these folks do not know what they are doing. Which considering the deflationary design of bitcoin seems like something we should have all just assumed.

Re:For those, like me, reading this and saying wtf

[Yebyen]

How can you deny that there is a value to having a Paypal with no 'central authority' or any 'One trusted third party'?

Do you use Paypal? Have you ever been robbed by Paypal? I guess you could deny it, if the answers to both of those questions are not both 'yes'. For many people though, I am sure, there needs to be a way to have your money 'on the wire' without putting it into the hands of someone who can seize it when their authority or government of favor decides it's time to do so.

For people who don't use Paypal every day, it will take 10 days to move money using Paypal. At that kind of break-neck speed, you might as well write a check and put a stamp on it.

Stonehenge

[PopeRatzo]

The Bitcoin blockchain has forked due to a lurking backward-compatibility issue: versions older than 0.8 do not properly handle blocks larger than about 500k, and Slush's pool mined a 974k block today.

Someday, someone in some future generation will read that sentence and think, "No wonder they almost caused the extinction of the species".

What does it mean when a currency "forks"?

I thought Bitcoins were a currency... what does it mean when a currency "forks"? As an average user of other currencies, I've never been given a warning I needed to ignore *about my money*...

Re: What does it mean when a currency "forks"?

[Urza9814]

It means it almost became multiple distinct currencies. Think about what happened when they created the euro...but in reverse.

Re:For those, like me, reading this and saying wtf

[pipatron]

The point with bitcoins is that in 30-40 years when anonymous payments are outlawed due to terrorists (read: control), there will be a reliable way to still do this on a global scale. These types of news are great, because it means that, as bitcoin grows, the bugs are ironed out before bitcoin is actually needed.

Best to figure this out now ...

[tgd]

Just wait until countries start pulling out of the EU.

Then we'll have a real currency backwards-compatibility problem!

Re:Best to figure this out now ...

[LordLimecat]

I think theres a substantial difference between having to trade your euros for drachmas, and being told that your euros dont actually exist anymore because the euro blockchain was forked and unfortunately everyone else agreed that you had less money and they had more.

Re:Best to figure this out now ...

[Thiarna]

That depends on whether there is a managed or unmanaged breakup of the euro. "Your euros don't actually exist anymore" may not be that far from what happens in some scenarios.

Re:For those, like me, reading this and saying wtf

[Hmmmnmnmnm]

Well, I read the article and still don't understand Bitcoin, the concept or the need for it. Just seems like a product without a real need other than the idea of being subversive. But perhaps I don't understand it at all. Of course that's why I come here.... So if any /.ers can explain this, I'm sure others would appreciate it as much as I would.

It's a decentralized, trustless value storage and transfer protocol that allows you to send or receive value to anyone on the internet without the need of a third party. It has the potential to do to banking what email did to the post office.

Re:For those, like me, reading this and saying wtf

You can still get robbed when the money transmission service has no central authority, it just works in the other direction. PayPal has the ability to reverse charges that it shouldn't reverse, whereas BitCoin does not have the ability to reverse charges that it should reverse.

Customers like the ability to reverse charges under appropriate circumstances.

Re:For those, like me, reading this and saying wtf

[theskipper]

Regarding the need, imvho it has the potential to solve the micropayments problem. At this point it's almost impossible to charge for anything less than a dollar unless you're processing a large number of transactions. The fees and discount rate of credit card transactions is simply too high. With bitcoins there can be a transaction fee, but the "friction" is essentially zero. Meaning that if you want to send the equivalent of a penny for access to an article, it's as simple as clicking a few buttons in the bitcoin client or sending an email (see coinapult).

Beyond that I don't see being used as a basis for large value transactions like mortgages. Even when adoption becomes widespread enough and the exchange rate stabilizes. But for sites that rely on advertising, it's a really interesting idea to try charging for content then converting to fiat cash at the end of the day (or simply paying for overhead costs directly in bitcoins, no dollars involved).

Re:For those, like me, reading this and saying wtf

[jimicus]

It's a new fiat currency (ie. it exists because someone says it exists).

There's no reason why you, I and a bunch of our friends can't get together and say "Right, we'll use this new currency called DollarPounds, we'll use a spreadsheet to keep track of who has how many and they're exchangeable for US$ at a rate of US$1 = $£1" but the only way a fiat currency can possibly work is if you have enough people who will use it.

The idea of Bitcoin is it's a currency that doesn't require a central bank to produce more money. Instead, Bitcoins are "mined" (ie. brought into existence) through means of a mathematical algorithm that generates a verifiable block of numbers. The algorithm is designed to get harder as more bitcoins are mined. Meaning that the rate at which Bitcoins can be mined slows down eventually reaching the point where no more can be mined.

On the one hand, this resolves the "Leaves as currency" inflation problem in the Restaurant at the End of the Universe by creating artificial scarcity. On the other, they've done too good a job - as soon as it becomes impossible - or even impractical - to mine further bitcoins, the currency is likely to become subject to massive deflation. We know what happens when a currency undergoes massive deflation - Germany in the 1930's or, more recently, Zimbabwe happens.

FWIW, my view is it's probably best viewed from a distance with an air of morbid curiosity.

Re: Was an issue for about four hours yesterday

[goose-incarnated]

The forking was fixed within a few hours. Mining pools were notified of the issue and alerted to the recommendation to revert mining activity back to 0.7.x, which was a simple fix to grow a blockchain compatible with all mining pool Bitcoin versions. The majority of miners ignoring the incompatible fork (which caused a "Lock table is out of available lock entries" database error on Bitcoins compiled against certain BerkeleyDB libraries), let the new fork grow longer and all is fixed.

Almost all transactions are expected to be included in the new chain, so there is little opportunity for malfeasance. If you sent someone money for goods, your transaction sending money will likely be in both the new chain and the old.

(Emphasis mine)

• "A few hours" outage fails the most basic test of a currency - ability to spend it. For a few hours, no merchant could accept bitcoins as payment.
• "Incompatible fork[s]" causes bitcoin to fail yet another basic test of currency. The population should never be able to fork their currency into "new dollars", "old dollars" and "something which is most likely, in almost all cases, a mixture of both".
• A technical error should not introduce "little opportunity" for malfeasance. When my bank has a glitch, the cash in my wallet does not turn worthless for "a few hours".
• If I have already completed a transaction, with cash in hand, that transaction must not be "most likely" legitimate. It must be legitimate from the very moment that I verify the currency that I received as legitimate. It must not pass verification, then "most likely" have to pass verification again.

Good thing that bitcoin isn't actually a currency; if it was anything other than a mere item of barter, the consequences of people suddenly not knowing which cash is good and which is not would indeed be severe.

Fiat money is backed by lame duck lead

[tepples]

If a large enough percentage of people stopped accepting the Euro tomorrow, it would be just as dead.

Tell that to governments that use firearms to compel payment of tax in euros in the days between when "a large enough percentage of people stopped accepting the Euro" and when the people have a chance to elect legislators who will amend the tax statutes to reflect this. See fuzzyfuzzyfungus's post about the "lead standard".

Re:Fiat money is backed by lame duck lead

That just raises the bar of "large enough percentage".

Fact is, most people are okay with it.

Re:Fiat money is backed by lame duck lead

What will they use to pay the guys with guns under these circumstances? I don't think they will want the tax money.

Re:Fiat money is backed by lame duck lead

[Kichigai+Mentat]

People would merely convert to EuroDollars as necessary. Kind of like how the US Dollar was far more useful in many markets than the local currencies. I think for a while there in East Europe (it may have been the Soviet Union at the time) it was preferable to do transactions in USD rather than, say, the Rouble. That doesn't mean that the Rouble didn't exist, but no one wanted to use it. It'd be the same situation: people would use EUR only when necessary, and keep the rest of their money in the preferred currency.

Re:For those, like me, reading this and saying wtf

[blockqoute] We know what happens when a currency undergoes massive deflation - Germany in the 1930's or, more recently, Zimbabwe happens.[/blockqoute]

What events is this referring to? Usually when those countries are mentioned together it is referring to inflation, not deflation. But you have the decade wrong for Germany.

There was deflation during the great depression and that was possibly related to hitler's rise to power. Perhaps that is what you are referring to? Bitcoin deflation will lead to the next hitler?

I'm not sure if any significant deflation has occurred in zimbabwe though. There is this story:

http://edition.cnn.com/2009/WORLD/africa/02/02/zimbabwe.dollars/index.html

Whence comes the power of the IRS?

[tepples]

In your hypothetical scenario, the government requires payment of tax in a new currency. Who elected the legislators who decided to have the taxing authority switch to the new currency?

Re:Whence comes the power of the IRS?

[characterZer0]

The same people who elected the same legislators who decided to start printing the new currency. You really think the legislation to start printing a new currency and the legislation to have the taxing authority accept the new currency would be independent?

Re:Whence comes the power of the IRS?

[Qzukk]

Who elected the legislators who decided to have the taxing authority switch to the new currency?

The people who voted for them because they promised to vote the Right Way on abortion.

This blockchain wasn't meant to take off

This is far from the first bug that was found. This version of bitcoin wasn't meant to take off and be used yet. You'll notice that they are at version 0.8 and not 1.0 yet. That is why there are a lot of lost coins, mined early on and the encryption keys deleted.

Re: Was an issue for about four hours yesterday

[Urza9814]

The very first words on their website state quite clearly that Bitcoin is an _experimental_ currency. If people choose to use it as more than that, that's their fault. Finding issues like this is exactly what Bitcoin's current purpose is.

Re: For those, like me, reading this and saying wt

[Urza9814]

I generally avoid bitcoin news, but if you have any knowledge of distributed crypto the summary here makes perfect sense. I got it and I haven't touched any of that sort of stuff since highschool.

Of course not everyone is familiar with every field, but this is Slashdot not the New York Times. I think the assumption is and should be that if you care you either already have some very basic knowledge of the field or can do your own research -- which I see you did, and I thank you for posting the link for others -- but I don't think it's the editor's job to make sure every article is explained so well it could be understood by a liberal arts major. I thought they actually did a damn good job on this one.

Also, remember that it's a one paragraph summary. They don't have room to explain everything.

BDB

[Richy_T]

Oh Berkley DB, is there any application you can't screw up?

Re:BDB

[slashmydots]

For the record, is that the original one that they already either did or were planning to move off of or is Berkley the new one?

Re:BDB

Oh Berkley DB, is there any application you can't screw up?

I know many people in the Subversion community also don't like backing their repositories with BDB. In fact the SVN folk are removing BDB support. I know it has issues but I keep all my SVN repositories backed with BDB and found it stable. But the BDB code could use some cleanup and modernization.

Re:BDB

[gox]

They moved from BerkeleyDB to LevelDB. Apparently it's the right call, though they should have done it far earlier.

Re:BDB

[Richy_T]

The Subversion use of BDB was actually what I was thinking of when I made that comment. Forever getting jammed up and locked and requiring me to jump in and fix things (while people were waiting to be able to update/checkout production files). So glad to switch over to the filesystem based repositories. Once I'd done that and set it up to use the web interface instead of the local filesystem, my life became a lot easier.

Re:For those, like me, reading this and saying wtf

Yep, as of right now you are forced to pay for it whether you need it or not though.

This type of problem was solved a long time ago

[ilsaloving]

This sort of thing was solved a long time ago, but because it's "old", people just dismiss it out of hand.

It's called versioning the protocol and having compatibility lists. When two clients connect, they exchange version numbers and if one is too old then the newer one performs additional checks to verify compatibility. If the issue is reconcilable then it aborts the connection with an error. Or programatically enforce that the older version is discontinued and that anyone who is using it can no longer participate in the chain.

I apologize if I sound exasperated and holier than thou... actually, no, I don't. How the hell do people design a system that they intend to be the backbone of a major financial system but fail to accommodate for such things? It is nothing short of stupidity and incompetence.

If a major bank tried to pull this sort of nonsense, they'd be bankrupt so fast that the stockholders would have whiplash.

Re:This type of problem was solved a long time ago

How the hell do people design a system that they intend to be the backbone of a major financial system but fail to accommodate for such things? It is nothing short of stupidity and incompetence.

If a major bank tried to pull this sort of nonsense, they'd be bankrupt so fast that the stockholders would have whiplash.

You would be surprised what major banks are able to get away with. Working with major bank clients I have seen far worse things, such as a fixed number of digits, letters in place of digits having secret meanings, and other abombinations are legio.

Banks gets away with mostly anything simply because they have a lot of money to keep everyone involved a fat and happy cat.

Re:This type of problem was solved a long time ago

[slashmydots]

It's not as simple as that. You release a notice saying versions prior to 0.8 have a flaw that lets them make invalid blocks and damage the chain, great, some people out there want to make invalid blocks and damage the chain on purpose. You know like all banks, some governments, and some individuals, and douche-trolls from 4-chan and anonymous. So they need a bit more protection than just a recommendation to not run older versions.

Re:This type of problem was solved a long time ago

[julesh]

It's called versioning the protocol and having compatibility lists. When two clients connect, they exchange version numbers and if one is too old then the newer one performs additional checks to verify compatibility. If the issue is reconcilable then it aborts the connection with an error. Or programatically enforce that the older version is discontinued and that anyone who is using it can no longer participate in the chain.

How do you securely arrange such a system in a distributed network with no central authority? I contend that it is impossible, although perhaps somebody smarter than me could propose a workable scheme...

Re:This type of problem was solved a long time ago

[ilsaloving]

No need to contend. It is. All you can do is provide tools so that the law-abiding majority can effectively ostracize the trouble-makers. It won't eliminate the problem but it will make it much harder.

One very easy way to do it is to version the protocols so that you don't allow connections to older versions. That will take care of a good chunk of the low hanging fruit. From there it becomes much harder, and you have to take more advanced steps to validate the clients you connect to such as checksums, certificates, etc.

Re:This type of problem was solved a long time ago

[gox]

I can't claim that the bug is not a stupid one, but I don't think your solution would have saved it. It was really an unknown problem at the database layer and it would be decided as reconcilable anyway. And it's at a specific level in the network architecture; clients were never incompatible and transactions were being relayed just fine.

Furthermore, you don't want any method to top-down enforce anything on a network like Bitcoin. Actually a wider variance of software increases network's resilience.

If a major bank tried to pull this sort of nonsense, they'd be bankrupt so fast that the stockholders would have whiplash.

Well, Bitcoin is not a major bank though. Bitcoin's market cap is probably much lower than a major bank's janitorial costs.

My wife is the manager of an operations branch of a major bank, and snickered at your comment though. What I gather is, this sort of nonsense happens all the time in major banks too, but they have several layers that keep it going even if some part is broken. Bitcoin, as a greater structure, isn't quite there yet.

Re:This type of problem was solved a long time ago

[DerekLyons]

How the hell do people design a system that they intend to be the backbone of a major financial system but fail to accommodate for such things?

You presume it was rationally designed and planned for that role in the first place.

Re:This type of problem was solved a long time ago

[BitZtream]

Uhm, when you throw a bunch of people into a room without any idea about what they are doing and they design something ... you get bit coin. Its not really complicated, its pretty clear for many obvious reasons that the people doing this don't actually understand what they are trying to create.

Re:This type of problem was solved a long time ago

[ilsaloving]

Too bad I can't mod in a discussion I've posted in. I would have totally given you a +1 "Informative.... And Scary."

Re:This type of problem was solved a long time ago

[thoth]

This sort of thing was solved a long time ago, but because it's "old", people just dismiss it out of hand.

It's called versioning the protocol and having compatibility lists.

Don't you need a central authority to maintain, push, and require the standard?

That's exactly what isn't part of BitCoin; ergo the "old" solution is no solution here.

Re:This type of problem was solved a long time ago

[IamTheRealMike]

You probably should apologize, because you haven't understood what happened at all.

Of course the Bitcoin protocol is versioned. Did you really think it wasn't? The issue that happened here is that there was a previously unknown bug in older versions that meant they failed to process data that they should have been able to process. The nature of Bitcoin is very unusual - everyone in the system has to independently perform complex calculations and arrive at exactly the same result. In this case, the newest version of the software arrived at the correct result and the older version puked and died, because of an issue with the Berkeley DB it used (the new version uses LevelDB).

If that problem had been known about before, then it would have been versioned away. However, it wasn't.

There isn't really anything directly comparable to Bitcoin in this regard, but I suppose your rant is a bit similar to saying, "stupid Opera developers, their crap doesn't render my web page. Don't they understand versioning?" when the problem is that it's not emulating a bug in Internet Explorer.

Re:This type of problem was solved a long time ago

[ilsaloving]

When real money is being lost as a result of their mistake, then they're the ones who need to apologize, not me. If people arn't supposed to be using the thing, then there shouldn't be real money being exchanged for it. If people are buying bitcoins with real money, and companies are performing transactions for real goods and services with bitcoins, then it doesn't matter what the version number is. It's at 1.0 whether they like it or not, and they are going to have to deal with the fallout when Something Bad(tm) happens.

I'm not familiar with how their development process goes, but the only way something like this can happen is that they failed to do their due diligence AND not perform sufficient testing before uploading the code to a public repository.

And no, your comparison is not even close to similar. This isn't about a piece of software trying to work with a rough spec that almost no one can properly agree on. This is about two versions of the same official bitcoin software, using the official bitcoin protocol, with data generated by said official software.

What this DOES compare to, is how Word 2003 and Word 2007 can mangle the output of each other's documents. People bitch and moan all the time about compatibility issues between different versions of Microsoft Office, and rightly so. But this problem is much worse, because as far as I know (and you're free to correct me on this), the stock market hasn't crashed because Word 2003 couldn't figure out what to do with a piece of bold text created by Word 2007.

Re:This type of problem was solved a long time ago

[hairyfish]

If a major bank tried to pull this sort of nonsense, they'd be bankrupt so fast that the stockholders would have whiplash.

Which is why in 10 years, we'll still all have bank accounts and no-one will have Flooz... er I meant Bitcoins.

Re:This type of problem was solved a long time ago

I apologize if I sound exasperated and holier than thou... actually, no, I don't. How the hell do people design a system that they intend to be the backbone of a major financial system but fail to accommodate for such things? It is nothing short of stupidity and incompetence.

If a major bank tried to pull this sort of nonsense, they'd be bankrupt so fast that the stockholders would have whiplash.

In hindsight it's always so easy to bitch and whine. You do sound somewhat funny. Have you considered the possibility that the people who designed BTC knew perhaps even more about economy and currency than software?

You obviously are the opposite as displayed your childish closing remark... I suggest you read the Wikipedia entry on "too big to fail" for starters and then maybe something on "derivatives". Banks fuck people over every single day, it's business as usual.

Re:For those, like me, reading this and saying wtf

[Richy_T]

And that is what escrow services are for. Pick one that has terms you like rather than being forced to use Paypal which is a law unto itself.

Re: SELL!!! SELL!!! SELL!!

[Urza9814]

Their website explicitly states, right in the first sentence, that bitcoin is an experiment. Anyone who actually uses it as though it is a stable, secure currency is an illiterate moron.

Re: This type of problem was solved a long time ag

[Urza9814]

Major banks don't claim to be experiments. Finding problems like this is bitcoin's exact stated purpose right now. Granted, this does seem like something they should have been able to see coming, but at the same time, anyone who had any significant losses from this that they weren't expecting is just an idiot. You don't sink a ton of money into something that explicitly describes itself as an experiment without anticipating that you may lose it. That seems like common sense...

Re:For those, like me, reading this and saying wtf

[dumael]

The Weimar republic and Zimbabwe suffered massive inflation, not deflation.

Re: Was an issue for about four hours yesterday

[makomk]

Malfeasance already happened. It looks like someone took advantage of this to have another shot at their losing Satoshi Dice bets: http://blockchain.info/double-spends

Re: Was an issue for about four hours yesterday

[shawn(at)fsu]

How is it experimental when anyone anywhere can use it? FOr that matter what's the experiment? What are the metrics being collected? Whats the control? How will you know if the experiment is a success? If it is a success do you go back and start the non experiment on its own with the lessons learned? I would say that when people are trying to convince everyone to embrace it it is no longer an experiment when it is being used outside of a controlled environment.

mess

Bitcoin is a total MESS.

Re: Was an issue for about four hours yesterday

[julesh]

You misunderstand the parent post. There was no outage -- transactions were processed as normal during the event. Only miners (i.e. people running the network for the random chance of being rewarded as recipient of newly created coins) may have lost out due to the error. Events like this were anticipated in the design, and the system has an automatic method of resolving it, which unfortunately leaves some miners out of pocket, but has no effect on general users.

Re:For those, like me, reading this and saying wtf

[jimicus]

Not sure about Zimbabwe, but with Germany the inflation came after a period of deflation.

Re: Was an issue for about four hours yesterday

[Urza9814]

If someone looks up patent information for an experimental drug, produces sine themselves and starts taking it, does that mean the drug is no longer experimental? The fact that people misuse it doesn't change what it is.

  And not all experiments are scientifically rigorous. They are collecting data -- like this exact incident. And I bet they'll be looking at steps that could be taken to prevent this sort of thing in the future. The hypothesis is that client X with these features is sufficient to create a secure, anonymous digital currency. The results so far have always been "no it's not, because...." at which point they take those results, refine the client, and try again.

Raises the question

[Coward+Anonymous]

Sounds like a currency fork. You could conceivably end up with two currencies. Which raises the question: what is to stop groups of people (say China) from creating parallel systems?

If the answer is nothing, BTC is wide open for undermining by fragmentation.

Re:Raises the question

[gox]

Current fork was not a big deal, it's an extraordinary branching but the protocol is very resilient to that. The chain recovered in a few hours and the transactions were automatically merged.

However, there have been many parallel systems almost since the beginning of Bitcoin: https://en.bitcoin.it/wiki/List_of_alternative_cryptocurrencies

What keeps Bitcoin on the top has always been the network effect. As long as there isn't a completely incompatible breakthrough in the technology, it is likely that it will remain dominant, since it can absorb development done on the alternatives. There hasn't been any such proven improvement yet though.

Also, check out Ripple: https://ripple.com/

Re:Raises the question

[thoth]

What keeps Bitcoin on the top has always been the network effect.

And therefore wouldn't the same network effect of BitCoin users on the 0.7 protocol keep the 0.7 version on top?

Re:Raises the question

[gox]

Certainly, but I'm not sure the same dynamics apply to technical failures. This last one was not really a big deal, but even if there were a fork that lasted long enough to be a real problem (e.g. 120 blocks, or 20 hours), I'm fairly certain it would be resolved at the developer level.

A more plausible scenario would be a political dispute between users/miners/developers/merchants/etc. Even if the core developers came up with a radical rule change despite the user base and intentionally forked the chain, the network effect "in theory" should cause that fork to wither away. This is obviously pure speculation though.

Re:Raises the question

Let me replace bitcoin with USD:

What stops groups of people (say internet cryptanarchists) from creating parallel currencies?

If the answer is nothing, USD is wide open for undermining by fragmentation.

IOW, it doesn't matter how many other people may use something similar or not-so-similar but incompatible -- what matters is whether enough people are using the same system you use, so that you can always find someone willing to exchange it to/from whatever goods/services/other currencies you want/have.

Re:Raises the question

[Rich0]

Sounds like a currency fork. You could conceivably end up with two currencies. Which raises the question: what is to stop groups of people (say China) from creating parallel systems?

If the answer is nothing, BTC is wide open for undermining by fragmentation.

Well, the whole system operates by consensus. The only reason that dollars work is because you and I can both look at a piece of paper and agree that it is a dollar. If you start dying your dollar bills purple and refuse to accept any bill that isn't dyed, then you can fork the dollar - well, to the degree that you can get anybody else to go along with it.

All it takes to deliberately fork bitcoin is for somebody to publish a new root block and say that it is the true bitcoin root. Since they'll be starting out at low difficulty they could even mine a fortune in bitcoins - well, assuming anybody is willing to trade them a fortune for them. Most bitcoin clients would reject these coins because they don't have the right root, but anybody who prefers the new coins to the old ones could feel free to join the new currency. The system lacks any central authority.

In fact, with this fork there was nothing to stop people from ignoring the wishes of the bitcoin creator and choosing the fork they are encouraging everybody to abandon. Newer clients would do that by default anyway. The only reason that the creators of bitcoin hold sway is because most people who do the mining listen to them.

Re: Was an issue for about four hours yesterday

[serviscope_minor]

A technical error should not introduce "little opportunity" for malfeasance. When my bank has a glitch, the cash in my wallet does not turn worthless for "a few hours".

Yeah but when your bank is the largest in the country and goes down for an entire week, you run out of money in your wallet way before the glitch has passed. But apparently that isn't enough to sink the government owning the bank (wasn't their fault anyway) or the currency.

In the real world, with banks with buggy software, credit card companies and paypal with dubious and opaque policies, in practice a short outage of bitcoin doesn't really register as a world ending thing.

Oh and, of course, you're forgetting about forged currency. Real hard to spot when you've been given it, until the next merchant won't accept it.

Re: Was an issue for about four hours yesterday

[julesh]

"A few hours" outage fails the most basic test of a currency - ability to spend it. For a few hours, no merchant could accept bitcoins as payment.

That is simply not true. Merchants could, and quite happily were, accepting bitcoin payments throughout the period of the failure.

"Incompatible fork[s]" causes bitcoin to fail yet another basic test of currency. The population should never be able to fork their currency into "new dollars", "old dollars" and "something which is most likely, in almost all cases, a mixture of both".

You misunderstand the basic concept of a fork in this situation. The currency was not forked -- the chain of signatures on the distributed transaction list used to validate ownership of the coins was. As the transaction lists should be basically the same between the two variants (and a manual effort can be made to ensure they are, which I presume somebody is now doing, and manual corrections inserted into the accepted fork if any transactions were omitted from it) there should be zero consequence of this for end users. The only issue is for those who signed the blocks in the rejected chain, who would have received a reward for doing so had it not been rejected.

A technical error should not introduce "little opportunity" for malfeasance. When my bank has a glitch, the cash in my wallet does not turn worthless for "a few hours".

Nobody's wallet turned worthless. The only potential opportunity for malfeasance works like this: if I owned BTC and attempted to make two transactions using the same coins simultaneously, there would have been a small but non-zero chance of both being accepted during the fork. One of the recipients, if they had dispatched goods immediately rather than waiting for a few hours, would have ended up out of pocket. On the other hand, those vendors are using a currency transfer system that has no per-transaction fee, and have likely saved more by not paying credit card handling charges over the years than they lost during the incident. And it's actually very unlikely that something like this would happen, anyway.

If I have already completed a transaction, with cash in hand, that transaction must not be "most likely" legitimate. It must be legitimate from the very moment that I verify the currency that I received as legitimate. It must not pass verification, then "most likely" have to pass verification again.

This is the only statement you make that's legitimate, although I would argue that it is no worse than current systems. As a vendor, I do not have access to any system other than physical cash that does not have this property -- money paid to me by credit card can be taken away if the bank is later convinced the transaction was fraudulent, for example. In most respects, bitcoin is an improvement over existing online payment systems.

Observations from blockchain.info

I can't read the article. Maybe the server is overloaded with people looking for news. Thanks for posting the summary though.

Here are my observations from blockchain.info
I haven't seen any blocks bigger thank 512 kilobytes. Most of the blocks that I have seen are smaller than 256 kilobytes. It will be interesting to see how the developers rectify the situation.

I think slept through most of this. so it seems that the fork happened after my bedtime in the United States of America. I checked my Electrum client. Two transactions from this morning .are pending and one is unknown. The Bitcoin network has confirmed the transactions from 3/11. My money seems to be safe; but, the transactions from the middle of the night took slightly longer than usual. This morning, at 11:25 Eastern Standard Time GMT -400, it seems that almost everything is back to normal. Yay.

I checked one of the transactions from Monday and saw this:

Size 601 (bytes)
Received Time 2013-03-12 00:56:54
Included In Blocks:
225,443 (2013-03-12 01:05:42 +9 minutes) - orphaned block
225,443 (2013-03-12 03:54:48 +178 minutes) - main, accepted block
Confirmations 59 Confirmations

Fees 0.0005 BTC

I saw lots of orphan blocks on November 3... err, March 11, 2013:
http://blockchain.info/blocks/1362980285566

I wonder what will happen to the coins in the orphan blocks. I think the miners won't confirm the transaction. Therefore, the coins will stay in their owners' accounts.

Private parallel currency

[tepples]

You really think the legislation to start printing a new currency and the legislation to have the taxing authority accept the new currency would be independent?

If the new currency arises independently of government, then yes. Bitcoin is such a currency.

Re:For those, like me, reading this and saying wtf

It's not fiat because fiat is actually 'backed' by its ability to relieve yourself of tax obligation (if you have any) toward the government issuing the currency. Also, while the bitcoin endgame is deflationary, Germany and Zimbabwe experienced hyperinflation, quite a different beast because those governments were in the position to freely print new currency to try to shore up revenue whereas no entity can do that with bitcoin.

Re:For those, like me, reading this and saying wtf

On the other, they've done too good a job - as soon as it becomes impossible - or even impractical - to mine further bitcoins, the currency is likely to become subject to massive deflation. We know what happens when a currency undergoes massive deflation - Germany in the 1930's or, more recently, Zimbabwe happens.

FWIW, my view is it's probably best viewed from a distance with an air of morbid curiosity.

Didn't they both undergo massive inflation?

Re:For those, like me, reading this and saying wtf

[omnichad]

Since "BitCoin" isn't the authority in charge of reversing a charge, that would be up to the individual service provider who accepted the payment. A much bigger risk for fraud from the consumer side, but less risk of fraud for the vendors.

Re:For those, like me, reading this and saying wtf

[omnichad]

It's not exactly fiat. The CPU/GPU power required to generate the bitcoins is the "gold standard" behind it. Someone decided once that gold had value, but it wasn't fiat currency either.

Re: This type of problem was solved a long time ag

[ilsaloving]

"That seems like common sense..."

I won't say it. It's too easy. :)

Re:For those, like me, reading this and saying wtf

Fiat means someone ELSE tells YOU that it's worth something to you. The term derives from royal fiat, the divine right of kings. Bitcoin is not a fiat currency because there's nobody with a closed fist telling you it's the coin of the realm.

Transactions, slack space

[tepples]

if the keys are short and the values are typically larger than a few KB I've discovered that my operating system comes with this wonderful thing called a filesystem that seems to do the job quite nicely.

How easily do PC file systems support atomic transactions to multiple keys? And "larger than a few KB" is a big one: most PC file systems have plenty of slack space at the end of each file that's never used.

Re:For those, like me, reading this and saying wtf

[tompaulco]

it has the potential to solve the micropayments problem.
At the moment, that is probably true, but there is still cost associated with BTC transactions, and there at least used to be some penalties in place for BTC transactions that were smaller than some fraction of a BTC which I have since forgotten.
The other problem is that the BTC is gaining ground against the dollar, and being a deflationary currency (and the USD an inflationary one), there could come a day when the smallest fraction of a BTC is more than .01 USD.
I don't know if there will have to be a fiat agreement to do a "stock split" type of deal, or if it is even possible, but something will have to happen in the eventuality that you can no longer buy a stick of gum because it is worth less than .000...001 BTC.

Re:For those, like me, reading this and saying wtf

[jimicus]

No it isn't.

The CPU/GPU power is just a means of regulating the number of bitcoins that can exist, same as the Bank of England is (among other things) a means of regulating the amount of £ Sterling that can exist.

You can't exchange bitcoins for an arbitrary amount of CPU power that you can hold in your hand and physically give to someone in lieu of bitcoins (which is pretty much the point of a currency that's backed by something like gold).

One of the benefits of a currency that's backed by something precious - such as gold - is it acts as a great stabiliser. The value of the currency is unlikely to drop far below the value of an equivalent amount of gold. Mind you, it also wouldn't rise far above the value of the gold. A currency that comes from a stable country and is widely accepted doesn't really need anything to back it, it's "big enough" if you like to stabilise itself.

None of these are true of Bitcoin, which means the value fluctuates wildly. But don't take my word for it - take a look at mtgox. There's a graph you can see shows how the value has fluctuated over a day, week or month - it's up and down like a yoyo.

Re:For those, like me, reading this and saying wtf

Sad as it is to say, you've come to the wrong place for an explanation. Most people here understand Bitcoin as little as you do, except instead of admitting it, they'll just feed you some scary dribble in a matter-of-fact tone of voice. I suggest reading up on it at a site like https://en.bitcoin.it/wiki/FAQ and also pay close attention to this event itself, where the initial panic subsided as people realized that Bitcoin is robust enough to come through something like this without crashing. The devil is in the details, which everyone here, or on fark, or where-ever, conveniently misses. You may not be able to make a ton of use out of Bitcoins (right now) but it is an interesting and clever concept, and not deserving of all the bashing it gets.

Can we stop bitcoin stories?

Bitcoins are used to buy drugs and illegal pornography. That is their primary application.

Let's not have Slashdot cater two of the most worthless communities to ever exist.

Re:Can we stop bitcoin stories?

[Cro+Magnon]

Bitcoins are used to buy drugs and illegal pornography. That is their primary application.

Let's not have Slashdot cater two of the most worthless communities to ever exist.

Slashdot caters to nerds. Some of whom buy drugs and illegal porn. Sometimes with bitcoins! I can see the relevance of these stories.

Re:Can we stop bitcoin stories?

BitCoin is an exercise in applied cryptography. It is exactly news for nerds.

What you believe it is used for is irrelevant.

Re:Can we stop bitcoin stories?

You're not a true nerd if you can't make the first yourself and get the second without paying for it(to give money to the latter is pretty terrible).

Re:For those, like me, reading this and saying wtf

[BitZtream]

How can you deny that there is a value to having a Paypal with no 'central authority' or any 'One trusted third party'?

Because I'm smart enough to understand why 'decentralized' as far as hackers go, universally fails.

Real people don't even use paypal, we have credit and debit cards tied to real bank accounts not to some scummy ass company known for ripping its customers off.

My bank will epay many things electronicly via their website, and anyone they can't do electronically they'll put a physical check in their mailbox within 3 weekdays of my request.

Perhaps you should grow up and get a bank account like normal people and stop dicking with paypal.

Paypal solves no problem that wasn't already solved before it existed, it serves no useful purpose. The only thing it does better is advertise on the Internet so people dont' realize how many other companies will process transactions for you just like any other CC transaction.

Paypal is for idiots, they deserve to wait 10 days for being stupid in the first place.

No central authority translates to chaos, you just haven't seen that with bitcoin yet as its not time for the scam to be drained out by its proprietors. Once they scam is called, your bitcoins will be worth the bits that make them up. The entire things is trivial to subvert, got its susceptible to just about all the same attacks that used to wreak havoc on IRC, 'trusting the majority' without universal and always on access to EVERYONE to get a FULL MAJORITY OPINION means the system is easily subverted with a net split. You don't have to run the scam long, just long enough to satisfy the seller that your transaction is legit.

I'm not so ignorant to think that 'the majority' is right. In my experience, the 'majority' is almost universally wrong about just about everything. The 'majority' is easy to sway and manipulate. This applies to people just the same as bitcoin nodes.

You simple fail to understand how bitcoin isn't anything like you think it is.

Except that the security was broken

[betterunixthanunix]

The problem with your argument is that an incompatibility between two cryptosystems should not render those systems insecure. In the case of Bitcoin, the "fork" allowed people to double spend, violating a key security property of any digital cash system.

Let's put it this way: an attacker might deliberately create incompatibilities between nodes in Bitcoin by using some kind of malware; trigger this when enough nodes are infected and you give yourself the perfect opportunity to double spend.

In general, a multiparty computation system (a category that includes all digital cash systems, Bitcoin included) needs to be able to maintain its security properties even when some parties are corrupted. Malicious parties in a system might deviate from the protocol in arbitrary ways, for arbitrary reasons. If Bitcoin cannot survive that sort of deviation, then Bitcoin is not secure enough for monetary transactions, even if you are talking about a third or even half the nodes in the network being malicious.

Re:Except that the security was broken

[vux984]

Let's put it this way: an attacker might deliberately create incompatibilities between nodes in Bitcoin by using some kind of malware; trigger this when enough nodes are infected and you give yourself the perfect opportunity to double spend.

So does anything that segregates the network. China flips a switch, and severs all links to the outside world permanently, and you essentially have 2 independent bitcoin networks going forwards.

My argument was simply that the issue that led to the fork isn't because the security system design inherently relied on some particular implementation detail.

It merely relied on the abstract concept of communication between nodes. If the network is bisected for any reason and one segment permanently can't sync with the other you run into this problem.

If Bitcoin cannot survive that sort of deviation, then Bitcoin is not secure enough for monetary transactions, even if you are talking about a third or even half the nodes in the network being malicious.

That's a bit over the top. I'm not sure any currency is secure enough for monetary transactions according to the standard you appear to demand. You do realize people counterfeit cash a lot easier than bitcoins, right?

And credit cards? They are just as reliant on being able to communicate. If the network goes down the payment method is either worthless, or merchants go back to taking imprints and waiting for the network to come back up to complete them. What if the network doesn't come back up... ?

What would happen to unposted VISA transactions authorized but not completed in a country that decided to go isolationist and sever phone and internet links to the outside world.

In general, a multiparty computation system (a category that includes all digital cash systems, Bitcoin included) needs to be able to maintain its security properties even when some parties are corrupted.

The problem isn't corruption or malice. The problem is communication. Corruption can be detected because any node can validate everything for itself. But if the network is bisected it's not corrupt, its merely divided into 2 independent networks that can't talk to eachother.

Re:Except that the security was broken

[betterunixthanunix]

That's a bit over the top. I'm not sure any currency is secure enough for monetary transactions according to the standard you appear to demand. You do realize people counterfeit cash a lot easier than bitcoins, right?

I keep saying this, and somehow the Bitcoin crowd never bothers: read Chaum's work. A lot of papers were published on digital cash, they are all easy to find online and can be read at no cost. Chaum's design was resilient to double spending, provided actual anonymity, allowed offline payments to be made (i.e. payments that do not require any Internet connection, only a point-to-point connection between the buyer and seller), and came at the cost of a central issuing authority (which could potentially be split into multiple authorities in a threshold system). In Chaum's system, the work required to successfully violate the security properties of the system is exponential in the security parameter, which can be arbitrarily scaled, while the users' work is polynomial in that parameter.

The problem isn't corruption or malice

"Corrupting" a node in a multiparty system is the equivalent of running malware on that node; it means that the party may deviate from the protocol in arbitrary ways.

That being said, yes, malice is the problem: an attacker is going to send bad messages, desynchronize messages, modify messages, and so forth. If an attacker can send malformed or dishonest messages into the network, and in doing so enable a double spending attack, then the system is not secure. If the attacker has to run malware on some number of nodes to pull off the attack, the system is not secure.

There are already reports of people taking advantage of the forked block chain to double spend their money. If this can be caused by an accident, then it might also be caused deliberately by a motivated attacker.

Re:Except that the security was broken

[vux984]

That being said, yes, malice is the problem: an attacker is going to send bad messages, desynchronize messages, modify messages, and so forth.

And none of that matters. Because the good nodes can still communicate with eachother, and sync directly with eachother, and validate everything for themselves.

The idea of 'bad nodes' aren't the problem here. The problem is that that one class of good nodes can't communicate with another class of good nodes. Both of them deemed good, both of them are using the official bitcoin software. That they can't sync is a real problem, but it's hard to see how a network of malicious nodes could replicate the issue.

A malicious node, or even a network of malicious nodes can't prevent to good nodes from communicating.

There are already reports of people taking advantage of the forked block chain to double spend their money.

That is precisely because the network was inadvertently forked, and you have good nodes on both forks, and the wallets exist on both.

This is essentially the same situation you would have if you had a bank account with a large multinational and suddenly all links between N.A and Eurasia were severed. Your account information was replicated between the multi-nationals redundant servers on both continents before the split and you'd be able to spend the money from your account on both continents because the transactions on one continent could not get synchronized with the other.

Presumably eventually they would sync, and your overdraft would be detected. But what if the break was permanent? Then the double-spend would go undetected permanently.

Now wrapping this up by addressing this:

read Chaum's work.

I've read some of it, perhaps I'm missing something you think is relevant, and if so please point it out. But my understanding of Chaum's double-spending protocol doesn't prevent doublespending, it just allows eventual identification of the party that did it. But that wouldn't help here, because the network is effectively bisected and something you doublespend on one side can't propagate to the other, so the doublespend will never be resolved.

If this can be caused by an accident, then it might also be caused deliberately by a motivated attacker.

Only if he can permanently bisect the network. Short of a nation severing the links, or the protocol goof that happened in this case. I don't see it happening. No amount of malicious nodes spouting garbage is going to prevent two good nodes from talking to each other.

All your malicious nodes can refuse to sync with me all they like. I'll sync with a good one.

*Note: I don't use bitcoin. I am not a proponent of bitcoin.*

Re:Except that the security was broken

[betterunixthanunix]

it's hard to see how a network of malicious nodes could replicate the issue.

Most successful attacks are "hard to see" until someone manages to pull them off. That is why cryptographers spend so much time proving that protocols and cryptosystems satisfy certain security definitions, and why so much research has been done on multiparty computation.

Presumably eventually they would sync, and your overdraft would be detected.

Right, and by that point you have cashed out, created a new Bitcoin address, and are prepared to start the attack again.

my understanding of Chaum's double-spending protocol doesn't prevent doublespending, it just allows eventual identification of the party that did it

There were two ideas that Chaum proposed for fighting double spending:

1. Online clearing, which preserves the anonymity of the buyer but not the anonymity of the seller. The seller connects to the bank, asks for a verification of the buyer's money, and the bank checks if it has seen the token's ID before. This makes double spending impossible, but requires an online protocol and allows the bank to blacklist certain sellers (e.g. the way Wikileaks was blacklisted).
2. De-anonymizing double spenders, which is what you are thinking of. The idea is that the bank eventually receives the double-spent money, identifies the cheater, and sends out a blacklist that prevents the cheater from spending anything. The bank might also inform the police of the fraud, although cutting the double-spender out of the system is probably enough punishment. Protections against malicious banks that lie about double-spenders are possible. The main advantage of this approach is that it allows offline payments, i.e. payments that are done peer-to-peer, and potentially long offline payment "chains." It is thus possible to live "off the grid" with such a system and still make electronic payments, by receiving all payments offline.

As for the relevance of Chaum's work, this is what you said originally:

I'm not sure any currency is secure enough for monetary transactions according to the standard you appear to demand.

The standard is not really beyond what Chaum's systems promise: even a party that can corrupt a majority of participants cannot double-spend. In the case of online clearing, this is obvious: the bank will just not make a deposit to the seller's account. In the case of an offline protocol (de-anonymizing), double spending is possible only as long as nobody brings their money to the bank; once the double-spending is identified, the attacker is removed from the system entirely. Violating these properties requires computational power that is exponential in a security parameter, whereas the work required to use the system is polynomial in that parameter.

Compare this to Bitcoin: successful double spending is possible when the attack controls more than half the computational power of the network, and even when the attack is stopped, the attacker can rejoin the system and repeat their attack over and over. The computational power needed to successfully attack Bitcoin is proportional to the computational power needed to use Bitcoin at all.

that wouldn't help here, because the network is effectively bisected and something you doublespend on one side can't propagate to the other, so the doublespend will never be resolved.

That is my entire point: Bitcoin does not even provide the security that other systems can provide, even for basic digital cash security notions like preventing double spending.

No amount of malicious nodes spouting garbage is going to prevent two good nodes from talking to each other.

It is not about "spounting garbage;" a node can lie about what messages it received from other nodes. Bitcoin is a consensus protocol; i

Re:Except that the security was broken

[vux984]

Most successful attacks are "hard to see" until someone manages to pull them off.

But this doesn't even suggest an attack vector, because a node can only send/receive information to other nodes. It can't prevent two other nodes from talking to eachother, and as long as it can do that it can't corrupt the system.

In the case of online clearing, this is obvious: the bank will just not make a deposit to the seller's account.

And if the bank cannot be reached because the network was bisected? An online clearing system only works if there is communication.

In the case of an offline protocol (de-anonymizing), double spending is possible only as long as nobody brings their money to the bank; once the double-spending is identified, the attacker is removed from the system entirely. Violating these properties requires computational power that is exponential in a security parameter, whereas the work required to use the system is polynomial in that parameter.

Again, if part of the system can't reach the bank for some reason, then double spending is possible.

If you can prevent communication between a party and 'the issuing bank' then you can double spend. I fail to see how this is any different?

How will you know which nodes are good and which are bad?

Presumably because you can verify the blockchain for yourself.

Violating these properties requires computational power that is exponential in a security parameter, whereas the work required to use the system is polynomial in that parameter.

I don't think so. You just need to corrupt/takedown 'the bank' and you can do all sorts of evil with all the coins it issued. Single point of failure, as opposed to needing to corrupt >50% of the network to overwhelm its consensus.

Re:Except that the security was broken

[betterunixthanunix]

if the bank cannot be reached because the network was bisected? An online clearing system only works if there is communication.

Here I was, thinking we were talking about double spending attacks and not denial of service attacks. If you cannot spend anything, you cannot double spend, and so you did not really violate the security of the digital cash system.

To put it another way, you could go to my street, cut my cable line, and disconnect me from the Internet and my email server. That would not be a successful attack on PGP.

Again, if part of the system can't reach the bank for some reason, then double spending is possible.

And again, you are no longer talking about an attack on the digital cash system, you are talking about a denial of service attack. In this case, you are talking about an even more extreme attack: you will prevent your victims from taking their smartcard or computer to the bank i.e. you can restrict their physical mobility (and there is nothing that a digital cash system can do to help there anyway).

It is also worth noting that these attacks are possible in Bitcoin. You can cut a person off from the Bitcoin network, and then they can either refuse to accept payments or they can risk unconfirmed payments. These sorts of attacks are really beyond the scope of what a cryptosystem can help with.

If you can prevent communication between a party and 'the issuing bank' then you can double spend. I fail to see how this is any different?

Here is the difference, since you need it spelled out for you:

1. In Chaum's system, you need to be able to prevent a party from communicating and restrict their ability to physically move in order to double spend. Lacking that, you need computer power that is exponentially large in a parameter that can be arbitrarily big.
2. In Bitcoin, you can double spend if you can accumulate computing resources proportional to the total computer power of all Bitcoin participants. You do not need to disconnect anyone from the network to do this. You can also double spend by "forking the block chain," which also does not involve disconnecting anyone from the network.

Does that help clarify things? Nobody but you is talking about disconnecting people from any network. Bitcoin is vulnerable to an attacker that can corrupt nodes in the network, which is not at all unrealistic -- worms that target specific software systems are already known.

I don't think so. You just need to corrupt/takedown 'the bank' and you can do all sorts of evil with all the coins it issued.

1. Corrupting the bank in a Chaumian system is the equivalent of inserting malicious code into the main Bitcoin client.
2. Taking down the bank would eventually shut the system down, since offline payments cannot scale without the bank occasionally "refreshing" the tokens. Chaum proved that in his work.
3. Shutting down the bank's Internet connection with a denial-of-service attack would not stop people from walking into the lobby and using the offline transaction protocol to deposit money with the bank. You would still be caught double spending once that happens.
4. Temporarily shutting down the bank would still result in you being caught and being ejected from the system.

Single point of failure

Also false, it is possible to create a threshold/MPC system where multiple banks cooperate in the issuing/refreshing/verification process.

as opposed to needing to corrupt >50% of the network to overwhelm its consensus.

You left out the "buying that much computing power." Sure, it is hard, but so was this:

https://en.wikipedia.org/wiki/Bombe

That is where the real difference lies: it is not infeasible to gather enough computing power to attack Bitcoin. Even in an ideal world where no computers could ever be corrupted by an attacker, Bitcoin would be insecure compared to Chaum's protocols, at least under the cryptographic notion of "security."

Re:Except that the security was broken

[vux984]

Does that help clarify things? Nobody but you is talking about disconnecting people from any network.

Except the issue here, the issue that this article was talking about is precisely that of a disconnected network. Due to what amounts to a compatibility problem between version 0.7 and 0.8 two networks have been created that can't synchronize. The 0.7 and 0.8 networks can't synchronize. The two networks can't talk to eachother.

And THAT is why double-spend became possible. Because the network was split. It was not a problem with the abstract design of bitcoin.

I'm not suggesting that there aren't any abstract theoretical vulnerabilities to bitcoin. I'm just arguing that THIS particular incident is not one of them.

Also false, it is possible to create a threshold/MPC system where multiple banks cooperate in the issuing/refreshing/verification process.

This sounds like it would run into the same issues as bitcoin just did if the multiple cooperating banks were for some reason unable to communicate. (e.g. some of them were upgraded, and others were not, and due to an oversight the two versions became unable to synchronize.) Then coins could be drawn from the same account at both banks, and the double spend would go undetected.

That is what happened with bitcoin.

That is where the real difference lies: it is not infeasible to gather enough computing power to attack Bitcoin

Is it economical though? If you can't steal more than it costs then feasibility isn't all that relevant.

Re:Except that the security was broken

[betterunixthanunix]

Except the issue here, the issue that this article was talking about is precisely that of a disconnected network

No, the nodes in the network were all still communicating with each other, the problem was that they were unable to form a global consensus on which transactions had occurred. A fragmented network would have experienced the same problem, but this was not a fragmented network.

And THAT is why double-spend became possible. Because the network was split. It was not a problem with the abstract design of bitcoin.

No, it was a problem with the abstract design, because the abstract design permits this sort of disagreement to happen regardless of whether the nodes can communicate with each other. This same problem could be caused deliberately by having nodes refuse to follow the block chain.

This sounds like it would run into the same issues as bitcoin just did if the multiple cooperating banks were for some reason unable to communicate

No, as long as the threshold number of banks can communicate, the protocol would complete just fine; if somehow all the banks could be split from one another, the protocol would not run at all. That is the point of a threshold system: it works as long as the threshold number of parties is working together.

Then coins could be drawn from the same account at both banks, and the double spend would go undetected.

1. Accounts are not what is distributed here, coin generation and online clearing is.
2. Withdrawal involves coin generation. If you withdraw two coins from two banks, you are not double spending.
3. If you were to double spend, even if the banks were partitioned into two networks, your double spending would be detected by both once the double spent coins were deposited or when the online clearing protocol is used.

You claim to have read Chaum's work, but you seem to have a lot of misconceptions about it...

Is it economical though? If you can't steal more than it costs then feasibility isn't all that relevant.

Even if we were to accept such an argument -- and it is a very dubious argument -- all that says is that if the value of Bitcoin rises enough, the known attack will be profitable. In other words, your security depends on a deflationary currency not increasing in value over time.

Re:Except that the security was broken

[vux984]

No, the nodes in the network were all still communicating with each other, the problem was that they were unable to form a global consensus on which transactions had occurred. A fragmented network would have experienced the same problem, but this was not a fragmented network.

That's semantics. The network was effectively cut into two partitions that could each sync amongst themselves but not with each other.

No, it was a problem with the abstract design, because the abstract design permits this sort of disagreement to happen regardless of whether the nodes can communicate with each other. This same problem could be caused deliberately by having nodes refuse to follow the block chain.

Only if the nodes that refused to follow the block chain all agreed to follow the same 'different block chain'. Which is what your proposed malicious attack with lots of computing power effectively entails, right?

No, as long as the threshold number of banks can communicate, the protocol would complete just fine; if somehow all the banks could be split from one another, the protocol would not run at all. That is the point of a threshold system: it works as long as the threshold number of parties is working together.

I misunderstood your threshold system as being a consensus system with a threshold for consensus to be reached. I didn't realize you meant a high availability cluster that shuts down when too many nodes aren't reachable.

I note also that the threshold would have to be greater than 50%, otherwise it would be possible for a cut network to theoretically continue to operate on both sides of the cut, which would be undesirable.

In any case, would the bank not still operate as a centralized authority? The whole network is down if a small number of 'bank' nodes are The bitcoin consensus system you point at as being attackable is only solvable by switching to a central authority?

You claim to have read Chaum's work, but you seem to have a lot of misconceptions about it...

I claim to have read some of it. And have been reading more as a result of this thread. I'm absolutely playing catch-up here. Thanks for clarifying points I've misunderstood.

Even if we were to accept such an argument -- and it is a very dubious argument -- all that says is that if the value of Bitcoin rises enough, the known attack will be profitable

But profitable and undetectable? Nonetheless I do concede that the attack vector is linear in difficulty relative to the size of the bitcoin network, not exponential. And its certainly at least theoretically possible gather that much computing power, vs say breaking 4096-RSA with what is available today.

The problem with Chaum's system is that it appears to rely on a central authority with respect to the banks, and is therefore at the whim of a "benevolent dictator for life".

Its also potentially fairly easy to disrupt and take down if a malicious / hostile group were to attempt to shut the 'bank' down. (thinking on the scale of the US government)

Re:Except that the security was broken

[betterunixthanunix]

The bitcoin consensus system you point at as being attackable is only solvable by switching to a central authority?

I will not rule out the possibility that a fully-decentralized system could be secure, at least not without some evidence of that. I would not be surprised, however, if that is indeed the case; it is possible that the digital currency problem cannot be solved securely without some kind of authority in the system. That is the situation with identity-based encryption (i.e. public key encryption where a person's email address is their public key): a decryption key issuing authority is needed for IBE. As I had proposed for digital cash, there are IBE schemes where the authority is really a group of authorities that use a threshold system, so that no single authority can decrypt messages on their own. It is also the case that many secure computation systems require authoritative IDs for each party (i.e. some authority must assign names) or common reference strings (i.e. somehow the parties must have a publicly known string that was not generated by the parties themselves), and such systems often solve very difficult problems (e.g. universal composability, which means that a protocol is secure even when arbitrarily composed with any other protocol, including itself).

The real question is this: is a central authority really a bad thing here? It is certainly the case that a central transaction processor is a bad thing; we should be able to spend money anonymously, and we should be able to do so securely. We also want to ensure that nobody can be attacked the way Wikileaks was attacked, so there must be a way for a party to continue to receive and spend money without relying on the authority and without sacrificing security. On the other hand, is it necessarily a bad thing to rely on an authority to *issue* fresh units of value in the system?

The only non-economic argument against an issuing authority is the possibility that the authority will disappear somehow. That is certainly possible; on the other hand, a threshold system would more or less solve that problem, basically creating a situation where *all* authorities would have to simultaneously vanish from the system to shut things down. I do not think it is unrealistic to assume that at least some banks would continue to operate even when others were failing.

Economic arguments are another matter. Bitcoin is predicated on the theory that money does not require a central authority or group of authorities; this is not universally accepted. At the very least, Bitcoin is a good chance to test that theory: if Bitcoin can become mainstream, it would be good evidence for that theory. My own view is that money has value as a result of the law (tax laws, debt laws, torts, etc.), and so Bitcoin will never be able to survive without the ability to exchange it for fiat currencies and that the use of exchanges is too risky and inconvenient for the majority of day-to-day transactions. Again, time will tell; if Bitcoin goes mainstream, my view of money would have to change.

Thanks for clarifying points I've misunderstood.

No problem, and sorry if I came off as rude there.

The problem with Chaum's system is that it appears to rely on a central authority with respect to the banks, and is therefore at the whim of a "benevolent dictator for life".

Sure, but in theory banks have an incentive to run transaction processing systems, and if its competitors participate in a digital cash system then the bank is compelled to do so as well. Bitcoin exchanges are in roughly the same position, at least as far as I can tell: most Bitcoin transactions would never happen if there were no exchanges available. If Bitcoin were to become mainstream, I think the most likely mode would be merchants immediately bringing Bitcoins they receive to a Bitcoin exchange, and trading for whatever currency is used in their nation. At the very least, a merchant with significant Bitcoin business would have to use the exchanges to get enough of their nation's currency to pay their taxes.

Re:Except that the security was broken

[vux984]

The real question is this: is a central authority really a bad thing here?

The really does crop up as the crux of the debate. The problem I see with a central-authority is that it pre-supposes that we can have the system in the first place, and that's not a question of the math and abstract theory it runs on.

"[...] we should be able to spend money anonymously, and we should be able to do so securely. We also want to ensure that nobody can be attacked the way Wikileaks was attacked, so there must be a way for a party to continue to receive and spend money without relying on the authority and without sacrificing security."

Yes, those are all things 'we' want. However it is not necessarily what the parties who would act as the central authority want, nor what the governments who would regulate the central authority want. Government is going to cite criminal activity, they are going to cite pedophiles, they are going to ponder the ease of tax collection, they are going to recall that they 'do' want to be able to cut the flow of cash to wikileaks if they wish.

Companies will weigh in on how anonymous cash enables fraud, prevents them from tracing or reimbursing stolen money. Advertisers will desperately pressure for the ability to know who is spending money on what. The commercial entities engaged in building and running the central authority infrastructure will want to insert themselves in the middle so they can sell that data to the advertisers, so that they can charge all kinds of rents and transaction fees for every transaction.

I think collectively they will inevitably find the temptation to implement a protocol with centralized identity tracking and central clearing to be virtually irresistible. It's much simpler to set up, and companies and governments are highly motivated to do it that way.

So while a central-authority based secure anonymous system could exist theoretically. I think the entrenched stakeholders would prevent us from having one. The old academic Internet was decentralized: usenet, email, IRC, and so forth. The current corporate internet is all about companies injecting themselves into the center of things - facebook, twitter, skype, google. They aren't interested in systems that aren't wholly dependent on them being at the center of everything.

The candidates to be a central authority don't want to build what Chaum is describing -- they want to be Paypal.

And to establish a central authority, in defiance of government and corporate interest? You better be decentralized because otherwise your fate will be that of Napster.

Re:For those, like me, reading this and saying wtf

[BitZtream]

Not even close.

You can send money now without a trusted 3rd party ... look, I'm transferring you a bajizzillion dollars right this instant in this message! Since you don't need anyone else to verify it, it must be true! Whats that? Bitcoin does require others to verify, it just doesn't have any way to confirm that those others should be trusted either ... my bad.

Email is in no way decentralized. Neither is anything else on the Internet that actually works.

Email DEPENDS on DNS, DNS is most certainly centralized. Both are then delegated to individual organizations to control, but they are in no way decentralized. You fail to understand how things you speak of work.

Email can not replace the post office either. Email can not provide me with a certified legal proof that the recipient received the message. Email'd scans of most objects aren't accepted, though we are getting to the point where we can scan checks and email them if you want to wait extra days for the bank to verify you aren't scamming them. You utterly fail to take into account all the services the USPS offers.

BitCoin solves no problem that were actual problems before BitCoin existed and introduces ones that everyone else in the world resolved via common sense thousands of years ago. You can't makeup a currency without anything backing it of value. Fiat currencies have governments. BitCoin's entire point as you put it is to not have anyone who can back it, brilliant plan.

You BitCoin guys live in a fantasy world. BitCoin is as likely to work properly as pure communism or socialism.

Re: For those, like me, reading this and saying wt

[BitZtream]

Considering the problem has absolutely nothing to do with encryption/digital signatures and everything to do with simply using the wrong database format. Technically its just a shitty database format with technical limitations they ran into due to poorly thinking things through when implementing.

I think its pretty awesome that the summary is clear due to your knowledge of distributed crypto.

My knowledge tends to say you're talking out your ass, but hey, when does reality matter or anything right?

More telling about BitCoin however is that ridiculously 'should have tested for that' bugs like this exist. Shows the level of forethought and insight that went into this protocol. They pulled the same ignorant mistake that we've been making fun of Microsoft over for ... what ... 30 years now?

Re:For those, like me, reading this and saying wtf

[compro01]

The maximum division (0.00000001 BTC, aka 10 nanobitcoins (nBTC) or a Satoshi) is only set by the current protocol. It can be changed in the future if necessary. Doing so would require a fork and would need to be planned and managed carefully by the community though.

But for that to happen, the value of 1 BTC would need to be 1 million US Dollars, and therefore it is unlikely to be a problem for the foreseeable future.

Re:For those, like me, reading this and saying wtf

A much bigger risk for fraud from the consumer side, but less risk of fraud for the vendors.

Yes, exactly, you're starting to get it. Now, whose demand is important to get a method of currency exchange to take off? Here's a hint: I just used the word "demand", c.f. "supply". A vendor generally has to use whatever system the consumers want; that's why you end up with credit card companies and PayPal in the first place. Consumers will only choose BitCoin when they perceive the risk of vendor fraud to be lower than the risk of using a traditional means of currency exchange, i.e. when buying contraband. The non-contraband market for BitCoin transactions is comprised more-or-less entirely of enthusiasts and speculators and as such is correspondingly small.

Re:For those, like me, reading this and saying wtf

But don't take my word for it - take a look at mtgox. There's a graph you can see shows how the value has fluctuated over a day, week or month - it's up and down like a yoyo.

It actually used to be even LESS stable! Back when gold first started it was unstable too, sometimes being turned into lead by its star. Give it a few billion years and bitcoin will be stable too.

Re: Was an issue for about four hours yesterday

Literally all these things have happened with UK banks several times in the past 12 months. Except it wasn't "a few hours" - it was "a few days".

Re: Was an issue for about four hours yesterday

[sexconker]

How is it experimental when anyone anywhere can use it? FOr that matter what's the experiment? What are the metrics being collected? Whats the control? How will you know if the experiment is a success? If it is a success do you go back and start the non experiment on its own with the lessons learned? I would say that when people are trying to convince everyone to embrace it it is no longer an experiment when it is being used outside of a controlled environment.

If it was named Google Coins Beta (TM) you never would have posted that.

Re:For those, like me, reading this and saying wtf

What is the scam that will unfold exactly?

Must agree...

The total carbon foot print of a bitcoin generated on hydroelectric power is probably hard to match in any other currency.

But math people always love the extremes. I think physical money has you beaten in a coal powered state, stacked against a $trillion coin. :)

Re: For those, like me, reading this and saying wt

[Urza9814]

Yes, they should have found this earlier. On the other hand, Microsoft making stupid mistakes like that is quite different, as they never advertised Windows as an experimental operating system the way the bitcoin site describes it as an experiment in digital currency. I'm also a bit more forgiving because it seems like it's not really their code that had the bug that caused this, but rather someone else's database engine.

  And yea, the bug isn't in the crypto, but understanding the implications of it requires some level of understanding of the crypto. And to be clear, I'm certainly not saying I'm an expert in this stuff in any way, just that I know enough to understand what the summary is talking about. The same way I'd say I generally understand how Tor works despite having never seen a single line of code from it. I know the basic concepts, and for reading a news article I figure that's good enough. I was pretty heavily into the Freenet project in highschool and contributed small bits of code to some related projects, so that's where my knowledge of this stuff comes from. Different goals, but the principles are similar enough.

Re:For those, like me, reading this and saying wtf

[omnichad]

The central authority (of which there is none) can't add more Bitcoins to the system. They have to be mined - just like real gold. It's getting harder and harder to find real gold in the ground, and the same holds for Bitcoin.

It's not backed by CPU power, it is a direct representation of that CPU power.

Is that fluctuation its value changing or its exchange rate changing?

Re: Was an issue for about four hours yesterday

[Fnord666]

If I have already completed a transaction, with cash in hand, that transaction must not be "most likely" legitimate. It must be legitimate from the very moment that I verify the currency that I received as legitimate. It must not pass verification, then "most likely" have to pass verification again.

I guess you've never deposited a check into a bank, only to have it come back on you for insufficient funds?

Ponzi

[flyingfsck]

How long will this Ponzi scheme be able to continue? It is interesting though that the original 'investors' get a fixed rate of return due to the increasing difficulty in 'mining' and a kind of Moore's Law of mining equipment, but once the Moore's Law breaks down, the returns will stop.

Re:For those, like me, reading this and saying wtf

[jimicus]

What value does Bitcoin have other than its exchange rate?

You can't pay for your groceries with Bitcoin. Nor can you pay your mortgage, and I can't imagine there are many landlords that will accept it as rent.

Re:For those, like me, reading this and saying wtf

About 90% of the BTC that has ever been mined remains unspent; it was created back when the mining cost was negligible and the "exchange rate" was a fraction of a cent. Eventually, the handful of people that own these accounts will want to cash out, but they will need to do it carefully enough that the exchange rate doesn't crash until they've finished converting their buttcoin into real money.

Re:For those, like me, reading this and saying wtf

BitCoin has ALREADY worked. More than a few people have used it for trade.

You insisting that it never will work just makes you look like an idiot.

It's longevity is debatable but that can be said of any currency.

Re: Was an issue for about four hours yesterday

[goose-incarnated]

If I have already completed a transaction, with cash in hand, that transaction must not be "most likely" legitimate. It must be legitimate from the very moment that I verify the currency that I received as legitimate. It must not pass verification, then "most likely" have to pass verification again.

I guess you've never deposited a check into a bank, only to have it come back on you for insufficient funds?

That's a good point you make - neither the cheque nor bitcoin are currencies. That's one more tick for the "bitcoin isn't a currency" argument. Thanks.

Re:For those, like me, reading this and saying wtf

[omnichad]

The same is generally true for gold.

Re:For those, like me, reading this and saying wtf

Thats not a scam. I also dont think thats what BitZream was talking about.

Re:For those, like me, reading this and saying wtf

Yet here it is, working. Despite a major fork, the community came together, agreed a solution and had the good fork back on top within hours. More so, that is reflected in the current price (a good measure of confidence in some respects) which tanked very briefly and has jumped right back up. This is, ultimately, an experiemnt and one that appears to be gradually gaining significant momentum - it's positives, relatively anonimity, lack of central control, security etc are proving increasingly popular.

How many years of success will it take before the nay-sayers are silenced? Of course when the world ends and the universe collapses into whatever quantum soup awaits humanity, there will surely be one /.'er triumphantly telling us that bitcoin was destined to fail...

Re:For those, like me, reading this and saying wtf

[maztuhblastah]

We know what happens when a currency undergoes massive deflation - Germany in the 1930's or, more recently, Zimbabwe happens.

Well... at least you were modded "Interesting" instead of "Informative".

Both of those were examples of hyper-*inflation*, not *deflation*

Re:For those, like me, reading this and saying wtf

BitCoin is as likely to work properly as pure communism or socialism.

I bolded your true scotsman for you. It's been working fine for years, and even this catastrophic sky-is-falling "omg bitcoin collapse" bug hasn't stopped it.

Re:For those, like me, reading this and saying wtf

It's not a true fiat currency. Bitcoin is backed by a (somewhat) scarce resource: brute-forcing SHA256 hashes of varying difficulty (that's how the payout changes over time). You could argue that brute-forced hashes don't have intrinsic value, certainly, but they are at least scarce.

That said, I have no bitcoins. I just find it an interesting experiment.

Re:For those, like me, reading this and saying wtf

[jimicus]

Germany suffered deflation before it suffered inflation.

Re: Was an issue for about four hours yesterday

[sjames]

Kinda like when everyone discovers that their ATM/credit card isn't working.

Ye Olde Bubble

[stoploss]

Every 6 months we get a story about how the value of BTC has dropped 25% again and theres been a hacking incident at some exchange or something, but its OK because its mathematically proveable and thus a viable currency.

True, but I think a better argument for you is the fact that despite these periodic "corrections" the price is still continuing to rise precipitously. The volatility is insane, but how viable is it that the price on 1 Jan 2013 was 1 BTC/~$15, and right before this latest glitch, it was pushing ~$50 per BTC?

Look at the chart. See the exponential growth? The value has more than tripled in the 71 days so far in 2013. If the present bubble is extrapolated that represents roughly a 49,000% APY; clearly, that growth is unsustainable even in the face of "pigheaded wishful thinking".

Want to buy some tulip bulbs? I hear they are a "can't lose" investment!

Re:Ye Olde Bubble

[LordLimecat]

True, but I think a better argument for you is the fact that despite these periodic "corrections" the price is still continuing to rise precipitously

Oh, I see, thats reassuring. Say, would you like a loan for 100BTC? You can just pay me back after the price has risen 500%.

See why volatility-- even when upwards-- is not terribly good for a currency?

Re:Ye Olde Bubble

[stoploss]

Please re-read my comment. I was suggesting what I perceive to be a better argument for your position, because the obvious (fallaciously simplistic) retort to a remark about a 25% drop in value is to cite the 200+% return so far in 2013. It saves effort to leapfrog the specious counterpoint by citing the obvious bubble that will inevitably crash soon.

Haha, not everyone who replies to you is a True Believer In The Inevitability Of Bitcoin.

Re:For those, like me, reading this and saying wtf

Nobody forces you to use PayPal (well, nobody except ebay, but I doubt they will change that policy due to Bitcoin).

Re:For those, like me, reading this and saying wtf

So there's no way the government could detect a bitcoin transaction going over your wire? I somehow doubt that.

Indeed, if anonymous payments are outlawed, even having a bitcoin client on your computer could be sufficient evidence to get you in trouble.

Re:For those, like me, reading this and saying wtf

You can buy stuff and pay for services online with it.

Re:For those, like me, reading this and saying wtf

Zimbabwe experienced hyperinflation to an absurd degree, not inflation.

Re:For those, like me, reading this and saying wtf

[Richy_T]

I was thinking of ebay. But you're right, they're the only ones who do. Still, Paypal could do with some competition whichever way you slice it.

Re: Was an issue for about four hours yesterday

[ais523]

If someone was very fast, and the people they were sending money to impatient, they might have been able to spend the same coins twice, one on the old version chain, one on the new version chain, and had both of the recipients believe that the transactions were confirmed. (Only one of them would actually get valid bitcoins as a result; in this case, the people on the older clients' chain).

I don't know if anyone actually did do that in this case, or (if they did) whether the recipients called them on it.

Could people purchase pre-0.8 bitcoins using their

Could people purchase pre-0.8 bitcoins using their post-0.8 bitcoins?
That way no one loses any money.

Re:For those, like me, reading this and saying wtf

[CraigoFL]

We know what happens when a currency undergoes massive deflation - Germany in the 1930's or, more recently, Zimbabwe happens.

FWIW, my view is it's probably best viewed from a distance with an air of morbid curiosity.

Um... those are examples of massive inflation, not deflation. You have that backwards. Inflation/deflation relates to the ratio of the amount of currency to the amount of valuable goods in an economy. In Germany and Zimbabwe, the respective governments printed masses of extra money. With more money chasing the same amount of goods, the nominal price of goods increases. (This doesn't really change how functionally wealthy you are... unless you're not the one receiving all this extra cash. If you're not, then you're screwed.) People need more Marks or Z$ in order to buy stuff. Deflation is just the opposite: the money supply decreases with respect to the supply of valuable goods. This can happen when the money supply stays constant while the supply of good increases (via more productivity, trade, etc). In Bitcoin's case, the money supply is ultimately finite, unlike any fiat currency like the US Dollar. It's growing now because the miners haven't mined all the possible BitCoins, but eventually they will, and mining becomes gradually harder over time. (BitCoin was explicitly designed this way.) If Bitcoins become a more accepted currency (ie: demand for them rises as they are exchanged for more valuable goods, including other currencies), and they do this faster than their supply increases, then they will experience a deflationary effect. Things will will cost fewer BitCoins over time. What happens when we have massive deflation? We're not really sure, because it doesn't happen very often (most economies are inflationary, and most rapid changes in money supply happen to be inflationary). The general fear is that, if the currency is increasing in value all on its own, that people will horde them rather than circulate them. This defeats the purpose of a currency (they're exchange vehicles, not investment vehicles). Here's what Wikipedia says on the topic.

Re:For those, like me, reading this and saying wtf

[hairyfish]

We know what happens when a currency undergoes massive deflation - Germany in the 1930's or, more recently, Zimbabwe happens.

Yes we all remember the global tragedy when Flooz was wiped out. Then again when Beenz hit the floor. Oh the humanity...

What you are wrtiting is so wrong factually

[nu1x]

and logically, I am thinking you do not respect other peoples reading time by just writing random stuff.

Re:For those, like me, reading this and saying wtf

[Yebyen]

No, you're wrong, the whole cartel of fees-collecting, tax-charging, interest-bearing rich get richer profit from the system of central authority where "mystery shopper" can put you on investigation status and have your funds held, or risk of your account being shut because they have a bone to pick.

Those are all barriers to a new business gaining traction, as to the large business who does hundreds of transactions per day these costs can be absorbed and insured, but for the seller who does three sales a week, a chargeback puts you out of business. That can be your mortgage payment on the line (more likely utility or rent), and if you drop-ship, you just forked over the whole amount of money for merchandise which may have been delivered, but now YOU are on the hook for the full amount again, with two merchants and possibly return shipping cost as well.

By the way, since the buyer filed a dispute, you won't have access to any of the money they sent in order to help with resolving the issues, and we're holding 50% of your other sales' for 45 days because you are on our shit-list.

They want you to think it's only for contraband because they want you to continue to pay the Visa tax.

Re:For those, like me, reading this and saying wtf

[Yebyen]

Real people don't even use paypal, we have credit and debit cards tied to real bank accounts not to some scummy ass company known for ripping its customers off.

Perhaps you should grow up and get a bank account like normal people and stop dicking with paypal.

Paypal solves no problem that wasn't already solved before it existed, it serves no useful purpose.

I have plenty of bank accounts, and I've paid my fair share of overdraft fees when I read my bank balance from the website and thought that was a decent substitute for keeping a check register.

You simple fail to understand how bitcoin isn't anything like you think it is.

How do you think I think Bitcoin is?

So "real people" drive where they need to be, which is the bank, and they don't use companies that do what Banks do unless they are banks. Or they use the US Postal Service and they order checks from a printer. Is that what you're saying?

I grew up using the Internet, I am loathe to "drop anything in the mail," and I'll tell you that my experience with Paypal has actually been great (when I accidentally overdraw my account, which has happened several times, they e-mail me a notice and don't threaten me with $38 per day in fees)

But I'm smart enough to realize that's not anything I've done, it's just Paypal's gracious favor since they like to have more customers, and they would like you to switch to using Paypal rather than a bank.

I'm tired of being a customer of crooked banks and I know what happens to merchants who accept Paypal. The Visa/MasterCard agreements are not any better. They cost.

I suppose you have one bank and one checking account and you're very happy with it. I want another option and the bank is not it. I believe in coming up with ideas rather than shooting them down. I'm open to you coming up with a better idea than Bitcoin for stored value transfer.

Waiting. OK, now. Go.

Re: Was an issue for about four hours yesterday

Which is exactly why it will never be adopted as a real currency.

Its fixed

[peawormsworth]

Apparently, the issue mentioned in the article has been fixed. "Blockchain forking event is over, all is well."

But I have a general bitcoin question. Since total bitcoin production is limited, what happens to all the bitcoins that are lost or destroyed? I mean it the wallet master key is lost of destroyed, wont the bitcoins be permanently stuck in that wallet forever? Say your computer harddrive breaks down or your laptop is stolen or you just delete the key file, etc