Bitcoin Blockchain Forked By Backward-Compatibility Issue

New submitter jhantin writes "The Bitcoin blockchain has forked due to a lurking backward-compatibility issue: versions older than 0.8 do not properly handle blocks larger than about 500k, and Slush's pool mined a 974k block today. The problem is that not all mining operations are on 0.8; blocks are being generated by a mix of several different versions of the daemon, each making its own decision as to which of the two forks is preferable to extend, and older versions refuse to honor or extend from a block of this size. The consensus on #bitcoin-dev is damage control: miners need to mine on pre-0.8 code so the backward-compatible fork will outgrow and thus dominate the compatibility-breaking one; merchants need to stop accepting transactions until the network re-converges on the backward-compatible fork of the chain; and average users can ignore the warning that they are out of sync and need to upgrade." Turns out there's an approximately 512K limit to atomic updates in Berkeley DB which were used by versions prior to 0.8. 0.8 uses a new database, allowing blockchains that old versions won't accept to be created.

Old news.

[NettiWelho]

640K would have been enough for everyone.

Re:Old news.

[UnanimousCoward]

TMI :-)

Re:Old news.

Dont use Bill Gate's lines

He didn't. Bill Gates never said that.

Re:Old news.

You laugh, but some of the developers, the lead developer Gavin, and another core developer Mike Hearn, are pushing really hard to get the current 1MB limit (7 transactions/second) on blocks lifted so Bitcoin can directly scale to VISA-like volumes.

Never mind that Bitcoin is inherently an unscalable O(n^2) network - every transaction has to be broadcast to every node - and the issue they ran into was also a problem scaling. Mike's solution is to just throw thousands of dollars worth of hardware at the problem. Never mind that for Bitcoin *any* issue the means that some nodes can process a large block, and some can't, turns into the same hard-fork we just saw. Never mind that it will make Bitcoin centralized, and lead to perverse incentives for large miners to attack smaller ones.

You'd think they'd say "OK, hold on, how about we just use ways to transfer funds that don't have to go into this shared state ball of mess?" but no, they're desperate to take the easy way out at any cost.

I really wonder if my Bitcoins will be worth anything in a few years.

Re:Old news.

[DamnStupidElf]

Never mind that Bitcoin is inherently an unscalable O(n^2) network - every transaction has to be broadcast to every node

It may be possible to store the block chain as a distributed hash tree such that each node is responsible for maintaining its own transactions and a portion of the block chain. This would reduce the storage requirement to O(n*m) where n is the total number of transactions and m is the average number of addresses that appear in a transaction. Communication would also be reduced to O(n*m) because only nodes responsible for the addresses in a transaction would be responsible for checking and approving the transaction. The block chain itself would just be a merkle-tree of hashes of nodes' own block chains. Double-spending would be prevented by transactions incorporating the last hash of each responsible node's block chain so that an individual block chain exhibiting double spending would not be signed into the merkle tree. It would be possible for the history of particular coins to be lost but the overall hash tree would guarantee that at the time of a transaction all balances (including historically lost ones) were valid. Still, not being able to validate the entire economy could be a fairly large weakness. There wouldn't be a hard requirement that nodes could only store certain addresses, so it's entirely possible that some nodes would still try to collect and maintain the entire history. That would only add O(n*p) communication and storage where p is the number of full "archive" nodes. Of course then it wouldn't really be bitcoin anymore, but it might be possible to rebuild the existing block chain into such a structure while retaining the current mining payouts and total number of coins.

I really wonder if my Bitcoins will be worth anything in a few years.

Something, because there will always be some core of crazy people running miners and keeping the difficulty just high enough that it's not worth it to mine as many bitcoins as you want in the original chain. That value will probably be the cost of the electricity to run whatever the last ASIC miner produced is, at least before general purpose GPUs become more powerful than ASICs.

Re:Old news.

You obviously don't hang out on IRC with the developers. DHT's come up so often and are such a bad idea that the term coming up at all in a conversation is considered an inside joke. "Oh I know, lets add a DHT to it!"

Long story short, if you share the set of unspent transaction outputs in a DHT you have to trust every other computer in the network to actually return the DHT data when requested, or you suddenly you can't validate a block. This opens Bitcoin up to dangerous DoS attacks against miners, as well as network forks and other problems.

It's a total non-starter, although a common "newbie" idea.

Re:Old news.

[IamTheRealMike]

Is that you Peter? :) I don't know anyone else who would describe the system like that.

Bitcoin is not an O(n^2) network. The total work done by the core nodes is "number of nodes multipled by number of transactions" - that is two very different quantities. It doesn't help the argument to abuse formal notation like that.

Pieter reported today that his optimized secp256k1 implementation can reach 20,000 signature checks per second on a single core. That is a lot better than the generic OpenSSL code was able to manage. Bear in mind that although it sounds scary, all of VISA is only about 10,000 transactions per second. So even if we're generous about our assumptions on number of inputs, CPU load would barely stress a single core. Today. With existing hardware. Disk IO will be the bottleneck for the forseeable future, but we're talking about a working set of a few hundred megabytes today. Even with an order of magnitude growth the entire thing fits in RAM on my puny laptop. And with two orders of magnitude growth it still fits on a pretty average dedicated server.

But Bitcoin will not reach VISA traffic loads today, or this year, or even this decade. By the time it does, dedicating one single computer to being a node will seem a completely trivial investment in order to have full security on the worlds financial system, because let's face it, if Bitcoin is processing tens of thousands of transactions per second then it's well on its way to being exactly that.

Ultimately, Bitcoin is growing fast and will scale up. That is what Satoshi wanted it to be, that is what most of the people actually creating businesses and writing lots of code also want - so if you think that'll make your coins worthless in a few years, I will happily buy them off you.

-Mike Hearn

Re:Old news.

[Binestar]

Hint from an old fogey, no one needs to know you mis-moderated. Just post a relevant post later in the thread and pretend it never happened.

Ooh, exciting!

[fuzzyfuzzyfungus]

Why achieve 'consensus' when we could let the fork fester, and have two virtual currencies floating wildly against one another as well as USD?

In fact, why not introduce Bitcoin-0 through Bitcoint-Aleph and let them fight it out? I'll bring popcorn!

Re:Ooh, exciting!

[0100010001010011]

The nice thing about standards is there are so many to choose from.

How much time did this take? How much electricity was spent 'mining' ~$150 worth of BTC?

Re:Ooh, exciting!

[fuzzyfuzzyfungus]

I tend to think of fiat currencies as being on the 'lead standard', with their reality largely measured by how many guys with guns are available to uphold them. USD, among others, passes the test.

Re:Ooh, exciting!

[Tridus]

Currencies are as real as your ability to spend them. By that standard, USD is very real and Bitcoin is not.

Re:Ooh, exciting!

[bluefoxlucid]

The Lead Standard: Their value drops like a lead brick when inflation and interest happen.

Re:Ooh, exciting!

No, Steam never accepted BitCoin; I don't know where you got that from.

There was some reseller that would sell Steam codes for BitCoin; you would pay him and he would buy a Steam game with dollars and then gift it to your account. I don't really know what the point of that was supposed to be, or if it's still a thing.

Re:Ooh, exciting!

[DrXym]

Just to get the ball rolling...

Post 0.8 users - if you fuck over the people on the earlier bitcoin format, the value of your bitcoins effectively DOUBLES!

0.8 and prior users - if you fuck over the people on the later bitcoin format, the value of your bitcoins effectively DOUBLES!

Just ask yourself what Ayn Rand would do in the same situation.

Re:Ooh, exciting!

[julesh]

Just ask yourself what Ayn Rand would do in the same situation.

Die in penniless poverty while dependent on the state to provide basic income and medical facilities that are necessary to maintain her life, all while maintaining that such a system is inherently evil? It's what I like to think of Ayn Rand doing in *any* situation.

Re:Ooh, exciting!

[cant_get_a_good_nick]

Bitcoin cash: $150

Electricity spent mining cash: $20

Breaking everyone's favorite geek currency: Priceless

Re:Ooh, exciting!

[DogDude]

It's called "society". Billions of us all have to live together, and to do so well, we need to agree on a common method of exchange. Your silly "men with guns" strawman is patently silly, and is the result of a serious lack of understanding about society at large.

Re:Ooh, exciting!

[RMingin]

Actually, you didn't RTFA. Only one block is in dispute, all other blocks remain valid for both groups. Also, 0.8 is post behaviour, not pre.

So;

0.8 and later users - If you fuck over the people on the earlier bitcoin format, the value of your bitcoins effectively remains exactly the same!

Pre 0.8 users - if you fuck over the people on the later bitcoin format, the value of your bitcoins effectively increases by a very small amount, less than 1 percent!

Far less exciting. Sorry to burst your rant bubble.

Re:Ooh, exciting!

[bluefoxlucid]

The USD isn't cyclical, except versus world currency. However, when you borrow money with interest, you need to pay back the interest. There simply isn't money to pay back the interest; we must issue new money, or more debt. Businesses borrow money, so the theory of "more labor to move money faster to pay off the debt" doesn't work--the creditors are concentrating ownership of the money, the businesses are raising prices and/or selling more product to obtain money to pay their debt, etc. Salaries increase to afford these new products and greater prices.

The value of what a $currency buys you goes down over time. Absolutely.

Re:Ooh, exciting!

[TheRaven64]

If you'd like to live in a ditch and swap dead squirrels with other people, you're free to do so.

If you do so in the USA, then the US government will still require that taxes be paid in US dollars on the transactions.

Re:Ooh, exciting!

[osu-neko]

You can be a pauliac and still think deflationary currencies are a bad idea. The true blue ones are investing in gold, not BTC. It has substance.

Hopefully the people doing so understand that gold is a valuable commodity, not a magic metal of pure true value itself made physical. The ones who tend to think the latter are going to be hurting in a very bad way once asteroid mining becomes reality and it becomes clear to everyone that there's more gold at our fingertips than there is copper on Earth, and the price reacts accordingly. Kids born today have a good chance of seeing a world where gold wire is sold in hardware stores for household wiring. Spools of insulated gold wire, 2oz for $1.99...

Yeah, I pulling numbers out of thin air. The basic principle is right, though. Whether it's a good investment today or not depends on short term trends, but it's absolutely certain it's not a good investment in the sufficiently long term.

Re:Ooh, exciting!

[VGPowerlord]

Probably a lot less energy than banks spend shlepping around wads of checks and bills.

Which is why banks use these things called "Electronic Funds Transfers" for most transactions. That way, no checks and bills have to be transferred.

Re:Ooh, exciting!

[0100010001010011]

> Hardware break even 5 days
> Net profit first time frame 24635.31 USD

Oh yeah, because I know a bunch of
You know what this reminds me of? All those ponzi schemes back in the 2005 time frame. You 'invested' money in various forms and then browsed only 10 websites a day and this money transformed magically on their servers into more! And you could roll it over or reinvest!

And then magically one day... they were all gone.

Re:Ooh, exciting!

[slew]

Yeah, right. If it was profitable to mine BTC then the people making BTC mining hardware would operate it, not sell it.

And yet the makers of oil, natural gas, coal, silver and gold mining equipment sell their equipment and don't operate it.

The reason that makers of traditional mining equipment sell them and don't operate them is that they don't own the rights to mining operations. Owning the rights to speculatively mine is a big-money investment game (sometimes it doesn't pan out, sometimes it does, so you need a really-big set to average that out). Every once and a while, you get a wild-cat hit, but that's the exception rather than the rule. Especially for oil, it costs $1B to build a platform, you can sell it to someone for $3B (making you a profit of $2B), or you could attempt to buy the rights to some oil field and hope for the best. If you have big-money, sure, if you only have $1B, that $2B looks pretty tempting...

On the flip-side, you can "mine" bitcoin w/o speculative investment in mining rights (just buy your equipment and attempt to figure out hashcodes). If you had to "bid" up front for exclusive rights to verify blocks of bit-coin transactions, and pay royalties back to the owner of those rights, it would be more like traditional mining. Now you can just plug in your server and hope for a few "wins" over a certain amount of time.

If traditional mining worked like bitcoin, you could just go mining for gold anywhere you felt like it and if you happened to get the gold out before the next guy, you'd win the lottery. I'm sure in that environment, you'd see people who made mining equipment think twice about selling it, but even then, it's likely they would conclude that it would be more profitable to sell the mining equipment.

As a silly historical example, it was kinda like that in the '49 gold rush (stakes or mining rights were cheap, and even if you paid for them, keeping other miners off your claim was nearly impossible, so mining rights were nearly free) the average rate of return was much better for the sellers of mining equimement than the average miner.

Re:Ooh, exciting!

[sjames]

Just what would happen if the great and powerful architect decides to go it alone? Well, the bricklayer, the carpenter, the plumber, and the electrician build some houses following the well developed rules of thumb and then go have some beers while laughing at the architect as he tries to figure out how to rivet....

Re:Ooh, exciting!

[DamnStupidElf]

The people putting together the mining hardware didn't have enough capital to purchase all the units they have to build in order to get a reasonable economy of scale for the ASICs and other development costs. If the developers had enough capital I assume they wouldn't have bothered selling them (although there is also slightly more risk holding a few hundred Bitcoin miners instead of dollars...). It's more like a cooperative investment by lots of miners to fund what they all wish they could afford individually. You can't just buy a one-off ASIC.

Re:Ooh, exciting!

[Katmando911]

Hell, if you are a US citizen then the damn ditch doesn't even need to be in the USA for the US Government to demand taxes on the transaction.

Re:Ooh, exciting!

[stymy]

Besides, banks don't generally need to transfer that much money to each other. What they do is at the end of the day/week, they look at how much money other banks owe them (because they paid out on cheques issued by other banks, etc.), tell the other banks that, which do the same, and so they only transfer the difference to each other.

sorry, a bug eat your money!

OTOH, it was a really big bug

consensus should be put into specification

[Chrisq]

The consensus on #bitcoin-dev is damage control: miners need to mine on pre-0.8 code so the backward-compatible fork will outgrow and thus dominate the compatibility-breaking one;

Either this should be put into the bitcoin specification or not accepting any size should be seen as a bug. There should not just be an unofficial consensus that "this is what should be done"

Re:consensus should be put into specification

[L4t3r4lu5]

Nobody said that anyone involved in Bitcoin actually knew what they were doing.

Re:consensus should be put into specification

Me: Sadly, you don't understand anarchism. There's no hierarchy, no "official", no gods or kings, only men.

You: Don't tell me what anarchism means!

Me: That's my boy.

It's a Wonderful BitCoin!

[eldavojohn]

Why achieve 'consensus' when we could let the fork fester, and have two virtual currencies floating wildly against one another as well as USD?

In fact, why not introduce Bitcoin-0 through Bitcoint-Aleph and let them fight it out? I'll bring popcorn!

BitCoin Bailey: No, no, no, everybody remain calm. We'll get through this together. You're thinking of this virtual currency all wrong. As if I had the BitCoins back in a safe. The money's not here. Your money's on Bill's computer, and Fred's computer ...
Angry BitCoin User: Hey Fred, what the hell you doin' with my BitCoins?!
*a run on MtGox ensues*

Re:So what now?

[Richard_at_work]

I was wondering that - if there is now a fork in the blockchain, with some groups going in one direction and some in another, does that mean that if this isn't resolved very quickly then bitcoin holders now have twice the number of bitcoins, an initially identical set on each fork?

I guess one fork would become the accepted fork, and hte other one would wither - but until that point, people could conceivably spend both forks with whomever accepts either one?

Re:Gobble bobble wobblywob?

[ledow]

Bitcoin is a virtual currency that works by "doing work" (a complicated mathematical "puzzle") on your computer. It becomes a currency by the difficulty of the puzzle, and that when you have solved it you tell other BitCoin users about your success and it goes into a "chain".

That chain is the history of EVERY transaction performed on the BitCoin network and the integrity of the system is given by every user relying on the same chain - so trying to create some extra BitCoins or a fake transaction requires compromising a lot of machines around the globe to believe it happened.

Because of a stupid bug that nobody knew about related to the size of a transaction in this chain, a transaction that's too big for older clients to handle was (legitimately) created. Older clients can't handle it, so they have no idea what to do when it comes into their chain updates. Newer clients can handle it, but can't synchronise their chains with older clients because of it (they can accept the transaction whereas older clients don't).

Because the chain is now effectively split into two chains, and that all the integrity of the system comes from the fact that everyone is using, verifying and updating the same chain, BitCoin is now in an "emergency" (quoted from the forum post in the summary) situation. New clients are generating coins that old clients can't see and vice-versa, so BitCoins are being generated and lost or transacted and forgotten about.

The fix is to go back to the old code, ignore the over-size transaction, and hope to fix the code in a more backward-compatible way. Unfortunately, that requires some people on newer clients to lose coins, revert transactions, and for exchanges to shut down (temporarily) until the issue is resolved.

Basically, someone really messed up by not checking that the database could handle transactions that could pop up in the real-world.

Re: Was an issue for about four hours yesterday

[qubezz]

The forking was fixed within a few hours. Mining pools were notified of the issue and alerted to the recommendation to revert mining activity back to 0.7.x, which was a simple fix to grow a blockchain compatible with all mining pool Bitcoin versions. The majority of miners ignoring the incompatible fork (which caused a "Lock table is out of available lock entries" database error on Bitcoins compiled against certain BerkeleyDB libraries), let the new fork grow longer and all is fixed.

Almost all transactions are expected to be included in the new chain, so there is little opportunity for malfeasance. If you sent someone money for goods, your transaction sending money will likely be in both the new chain and the old.

Re:Gobble bobble wobblywob?

[Immerman]

Nice explanation. Now can you explain why exactly is the preferred solution to revert to the old, flawed, code rather than updating everything to the newer code that can properly handle the larger transactions?

Re:Gobble bobble wobblywob?

[ledow]

It's not the preferred solution.

The value of the currency is in the people who use it and most major exchanges have already reverted to 0.7, hence 0.7 blockchains are the de-facto standard at the moment. There was a bit of back-and-forth when the problem was discovered but all the large exchanges have settled on 0.7 as the standard for now.

It's like saying we're going to upgrade the dollar, and yet nobody moves to the "new dollar". The new dollar ends up valueless and everyone just stays on the old one.

The client fix is to accept large transactions but not create them - there's already code in a lot of BitCoin software to do that, but not all clients are running it - someone now has to force them to upgrade to a good version in order to stay compatible, and a lot of people might be generating coins that will later fail without knowing it.

Re:So much for being based on crypto

[h4rr4r]

No because the morons who created it did not understand what they were doing. If you don't know the limits of the DB you use why would I trust you to create a digital currency?

Re:Gobble bobble wobblywob?

[fatphil]

> most major exchanges have already reverted to 0.7

Yet 0.7 is the version with the database bug.

These bitcoins certainly aren't a replacement for gold - they're far too irony.

Stonehenge

[PopeRatzo]

The Bitcoin blockchain has forked due to a lurking backward-compatibility issue: versions older than 0.8 do not properly handle blocks larger than about 500k, and Slush's pool mined a 974k block today.

Someday, someone in some future generation will read that sentence and think, "No wonder they almost caused the extinction of the species".

Re:Gobble bobble wobblywob?

[characterZer0]

It's like saying we're going to upgrade the dollar, and yet nobody moves to the "new dollar". The new dollar ends up valueless and everyone just stays on the old one.

The dollar has one significant difference: the government requires that you use it to pay taxes. This forces nearly everybody to value the new dollar, which forces everybody to move to it.

Re:For those, like me, reading this and saying wtf

[Hmmmnmnmnm]

Well, I read the article and still don't understand Bitcoin, the concept or the need for it. Just seems like a product without a real need other than the idea of being subversive. But perhaps I don't understand it at all. Of course that's why I come here.... So if any /.ers can explain this, I'm sure others would appreciate it as much as I would.

It's a decentralized, trustless value storage and transfer protocol that allows you to send or receive value to anyone on the internet without the need of a third party. It has the potential to do to banking what email did to the post office.

Re:Gobble bobble wobblywob?

[ledow]

"except for miners who lost their reward for mined blocks on the abandoned (v 0.8) chain."

Which currently amounts to about $25,000 of BitCoins, last I heard. That's $25,000 of BitCoins that might have been spent, sent, transferred, etc. but never existed in the chosen chain and the knock-on effects on your own wallet if you're dealt with someone who dealt with someone who dealt with someone.... (ad infinitum) ... who dealt with one of those mined blocks.

Sure, it'll "catch up", but saying nobody lost out is plainly false. And isn't the point of BitCoin that everyone is a miner in some small way?

Re:Gobble bobble wobblywob?

[IamTheRealMike]

Yes. At some point everyone will have to upgrade to 0.8 and people who don't will effectively be disconnected from the system. However that needs some kind of co-ordination. The fact that there was a chain split is not the emergency, the fact that it came unexpectedly was the problem.

Re:So much for being based on crypto

[IamTheRealMike]

It's worth noting, that Berkeley DB (the one with the weird limits) was already replaced. The problem is that not enough users have upgraded to the replacement yet, and it's better to match their brokenness than diverge unexpectedly. They'll have to upgrade sooner or later though.

Re:For those, like me, reading this and saying wtf

You can still get robbed when the money transmission service has no central authority, it just works in the other direction. PayPal has the ability to reverse charges that it shouldn't reverse, whereas BitCoin does not have the ability to reverse charges that it should reverse.

Customers like the ability to reverse charges under appropriate circumstances.

Re:Gobble bobble wobblywob?

[Hmmmnmnmnm]

Miners don't have access to their reward for 120 blocks, so they never had them in the first place. The rewards will instead go to the miners in the new chain. Again, no coins are lost.

Re:The concensus should be...

[Chrisq]

I think its fair to say that while forking code may be a good idea most of the time - when its code running a virtual currency its a very BAD idea.

This isn't a code fork, it's a block chain fork" caused by an incompatible version update. That said, I agree with your assessment that it is not suitable for storing wealth unless you are prepared to take risks. To be fair bitcoin describes itself as ".. an experimental, decentralized digital currency".

Re:Gobble bobble wobblywob?

[bickerdyke]

1 our synching time. With hardly anyone using it. And the number of transactions won't grow liear when the user base does so.

Sorry, but this system has severe scaling issues.

Re:For those, like me, reading this and saying wtf

[jimicus]

It's a new fiat currency (ie. it exists because someone says it exists).

There's no reason why you, I and a bunch of our friends can't get together and say "Right, we'll use this new currency called DollarPounds, we'll use a spreadsheet to keep track of who has how many and they're exchangeable for US$ at a rate of US$1 = $£1" but the only way a fiat currency can possibly work is if you have enough people who will use it.

The idea of Bitcoin is it's a currency that doesn't require a central bank to produce more money. Instead, Bitcoins are "mined" (ie. brought into existence) through means of a mathematical algorithm that generates a verifiable block of numbers. The algorithm is designed to get harder as more bitcoins are mined. Meaning that the rate at which Bitcoins can be mined slows down eventually reaching the point where no more can be mined.

On the one hand, this resolves the "Leaves as currency" inflation problem in the Restaurant at the End of the Universe by creating artificial scarcity. On the other, they've done too good a job - as soon as it becomes impossible - or even impractical - to mine further bitcoins, the currency is likely to become subject to massive deflation. We know what happens when a currency undergoes massive deflation - Germany in the 1930's or, more recently, Zimbabwe happens.

FWIW, my view is it's probably best viewed from a distance with an air of morbid curiosity.

Re: Was an issue for about four hours yesterday

[goose-incarnated]

The forking was fixed within a few hours. Mining pools were notified of the issue and alerted to the recommendation to revert mining activity back to 0.7.x, which was a simple fix to grow a blockchain compatible with all mining pool Bitcoin versions. The majority of miners ignoring the incompatible fork (which caused a "Lock table is out of available lock entries" database error on Bitcoins compiled against certain BerkeleyDB libraries), let the new fork grow longer and all is fixed.

Almost all transactions are expected to be included in the new chain, so there is little opportunity for malfeasance. If you sent someone money for goods, your transaction sending money will likely be in both the new chain and the old.

(Emphasis mine)

• "A few hours" outage fails the most basic test of a currency - ability to spend it. For a few hours, no merchant could accept bitcoins as payment.
• "Incompatible fork[s]" causes bitcoin to fail yet another basic test of currency. The population should never be able to fork their currency into "new dollars", "old dollars" and "something which is most likely, in almost all cases, a mixture of both".
• A technical error should not introduce "little opportunity" for malfeasance. When my bank has a glitch, the cash in my wallet does not turn worthless for "a few hours".
• If I have already completed a transaction, with cash in hand, that transaction must not be "most likely" legitimate. It must be legitimate from the very moment that I verify the currency that I received as legitimate. It must not pass verification, then "most likely" have to pass verification again.

Good thing that bitcoin isn't actually a currency; if it was anything other than a mere item of barter, the consequences of people suddenly not knowing which cash is good and which is not would indeed be severe.

Re:Gobble bobble wobblywob?

[Rogerborg]

Thanks for the explanation. Now, how about you ask your employer to pay me your last month's salary? It's OK, no money is lost.

Re:Gobble bobble wobblywob?

[petermgreen]

At some point miners will need to switch to 0.8 too.

I don't think it's feasible to get everyone to upgrade at once and miners switching to 0.8 gradually would just cause a repeat of the problem we are having now.

What i'd think needs to happen is a new version be put out that says "big blocks are only valid after block x" and then all exchanges and a sufficient proportion of miners need to be persuaded to upgrade to that new version before block x hits.

Re: Was an issue for about four hours yesterday

[Urza9814]

The very first words on their website state quite clearly that Bitcoin is an _experimental_ currency. If people choose to use it as more than that, that's their fault. Finding issues like this is exactly what Bitcoin's current purpose is.

BDB

[Richy_T]

Oh Berkley DB, is there any application you can't screw up?

This type of problem was solved a long time ago

[ilsaloving]

This sort of thing was solved a long time ago, but because it's "old", people just dismiss it out of hand.

It's called versioning the protocol and having compatibility lists. When two clients connect, they exchange version numbers and if one is too old then the newer one performs additional checks to verify compatibility. If the issue is reconcilable then it aborts the connection with an error. Or programatically enforce that the older version is discontinued and that anyone who is using it can no longer participate in the chain.

I apologize if I sound exasperated and holier than thou... actually, no, I don't. How the hell do people design a system that they intend to be the backbone of a major financial system but fail to accommodate for such things? It is nothing short of stupidity and incompetence.

If a major bank tried to pull this sort of nonsense, they'd be bankrupt so fast that the stockholders would have whiplash.

Re:This type of problem was solved a long time ago

[gox]

I can't claim that the bug is not a stupid one, but I don't think your solution would have saved it. It was really an unknown problem at the database layer and it would be decided as reconcilable anyway. And it's at a specific level in the network architecture; clients were never incompatible and transactions were being relayed just fine.

Furthermore, you don't want any method to top-down enforce anything on a network like Bitcoin. Actually a wider variance of software increases network's resilience.

If a major bank tried to pull this sort of nonsense, they'd be bankrupt so fast that the stockholders would have whiplash.

Well, Bitcoin is not a major bank though. Bitcoin's market cap is probably much lower than a major bank's janitorial costs.

My wife is the manager of an operations branch of a major bank, and snickered at your comment though. What I gather is, this sort of nonsense happens all the time in major banks too, but they have several layers that keep it going even if some part is broken. Bitcoin, as a greater structure, isn't quite there yet.

Re:So much for being based on crypto

[betterunixthanunix]

Do you even know what "crypto" means? How is that in any way related to the database chosen in the implementation?

Usually, cryptosystems do not rely on things like the maximum size of atomic transactions in a database to work or to be secure in the abstract sense; it seems that in the case of Bitcoin, that is exactly what happened. This bug is not some kind of side channel attack (e.g. as you saw with Skype, where the cryptosystem was theoretically secure but where the implementation had an easily exploited side channel), it is not an implementation that leaves a secret key in some publicly accessible place, it is not a failure to properly implement the abstract cryptosystem. This is a cryptosystem whose security depends on specific implementation details.

To put it another way, imagine if instead of the database implementation, it was the CPU architecture that determined the security of the system. As long as everyone uses x86, it is fine, but if a few people start using ARM or PowerPC the system "forks." Would you trust such a system? What differentiates that hypothetical scenario from the database issue?

Re:So much for being based on crypto

[betterunixthanunix]

The problem is that not enough users have upgraded to the replacement yet

This sounds like a horribly broken cryptosystem: your security depends on how many other users of the system have upgraded to a new version of some database?

They'll have to upgrade sooner or later though.

According to whom?

Re: So much for being based on crypto

[Urza9814]

The security was never broken and does not rely on the database specifics. Compatibility was broken. Security was not.

A better analogy would be like having a system that uses SHA-1 to hash passwords using a hardware chip....then they make a new version whose chip only does SHA-512. Everything is still as secure as it was, but you would no longer be able to transfer the output between devices.

Re:So much for being based on crypto

[betterunixthanunix]

I see a bigger issue: the fact that the abstract security of this system is dependent on specific implementation details like which database is used or what its maximum atomic update size is. A cryptographic currency system needs to be secure regardless of how it is implemented, how many implementations there are, or what underlying technologies are chosen for those implementations. Anything less renders the system insecure and open to attack.

Re:Gobble bobble wobblywob?

[julesh]

Now can you explain why exactly is the preferred solution to revert to the old, flawed, code rather than updating everything to the newer code that can properly handle the larger transactions?

Because updating everything is likely to be impossible. The system relies on a distributed network of data processors that perform very large numbers of difficult cryptographic operations in the hope of randomly hitting the right answer for a cash reward (this is what is referred to as 'mining' in the summary). Because of the high rewards offered, a lot of people have invested large amounts of money into these operations, with many of the larger players using hardware built around custom ICs (if you do google searches for 'bitcoin' and then 'asic' you'll start seeing adverts for them, even if you leave it months between the two searches...). These likely cannot be upgraded to the new version trivially, as it would rely on the developers of the chips providing updates to their support software -- that is, if it is even possible at all (they may have hard-coded that 512KB block size limit directly into their design).

Re: So much for being based on crypto

[betterunixthanunix]

The security was never broken

If the system "forked" the security against double spending is broken. Can I spend money I accumulated prior to the fork on both networks? If money is generated in one network, can I use it on both networks simultaneously?

In general, a digital cash system should not permit one unit of value to be spent by more than one party simultaneously.

Re:For those, like me, reading this and saying wtf

[dumael]

The Weimar republic and Zimbabwe suffered massive inflation, not deflation.

Re:Gobble bobble wobblywob?

[makomk]

The problem is that there's no way to get 100% of the userbase to either upgrade to 0.8 or downgrade to 0.7 instantly. However, since the new version accepts everything that the old version does it was possible to mend the fork merely by getting enough people to move over to 0.7 and start mining on that fork. Eventually the 0.7 side of the fork became longer than the 0.8 side at which point all the clients running Bitcoin 0.8 recognised it as the correct version of the blockchain and everyone was working from the same version of history again, so it didn't matter if a few people were still using the wrong version of the client. Doing this the other way around wasn't possible because the 0.7 clients couldn't ever switch to the other side of the fork no matter what happened.

Re: So much for being based on crypto

[makomk]

The security was broken. Suddenly, an attacker had the ability to easily spend the exact same set of coins twice, violating one of the key security properties Bitcoin was meant to have.

Re:So much for being based on crypto

[Jeremi]

A cryptographic currency system needs to be secure regardless of how it is implemented

That's kind of an impossible standard, don't you think?

Re:Gobble bobble wobblywob?

[julesh]

So if I want to buy a chewing gum with BC, every BC user would neet to create a record of that transaction?

No, every user who wants to be able to check that transactions are valid needs to create a record of it. In the event of the network becoming too large, scaling would likely happen by service providers offering to validate transactions on behalf of customers for a small fee, thus relieving customers of the need to keep a copy of the transaction list. Anyone who wants to set up such a service provider could do so with relative ease.

If this becomes too hard to manage, a further simplification can be made: it would be entirely possible to use a system that summarises the block history list, so that you only have to hold (e.g.) the last few months worth of transactions. Of course, you'd have to trust your source of summaries, but at the moment we have to trust our banks and the credit card processing companies, so we're used to trusting people like this.

What makes bitcoin not scalable on the level of a real currency is the fact that the system is designed so that there can never be more than 21 million of them. OK, they can be subdivided, but even assuming you subdivide them to their technical limit, if the amount of money represented by BTC ever reaches the scale of the amount of USD that was in circulation as of 2008, that would be equivalent to the smallest possible unit of exchange being around 30c. Over time, this figure would increase. And as bitcoin can be lost (e.g. by data loss without backup, owners dying without a record of their passphrases, or simply by people forgetting they own them) and once lost can never be recovered (except by very expensive cryptographic key cracking exercises), the number in circulation is doomed to drop over time. This will merely exacerbate the problem.

Re:Gobble bobble wobblywob?

[julesh]

Imagine your employer operated on a scheme were instead of paying all of their employees every month they randomly picked an employee and gave them the entire month's pool every time. Now imagine the result of that random selection was ambiguous due to, say, nobody having noticed that two people had picked the same lottery numbers. They then decide arbitrarily in favour of one employee over the other. Does it sound as much like they've lost now?

Also: miners should be well aware that they aren't guaranteed to receive the bitcoins even if they do successfully produce a signed block. The system is designed to cope with the fact that such chain forks may occur and to resolve them automatically by checking which chain is longest. It's part of the protocol that they signed up for from the very beginning, so it's hard to argue they were in some way cheated.

Re:Fiat money is backed by lame duck lead

[Kichigai+Mentat]

People would merely convert to EuroDollars as necessary. Kind of like how the US Dollar was far more useful in many markets than the local currencies. I think for a while there in East Europe (it may have been the Soviet Union at the time) it was preferable to do transactions in USD rather than, say, the Rouble. That doesn't mean that the Rouble didn't exist, but no one wanted to use it. It'd be the same situation: people would use EUR only when necessary, and keep the rest of their money in the preferred currency.

Re: Was an issue for about four hours yesterday

[julesh]

You misunderstand the parent post. There was no outage -- transactions were processed as normal during the event. Only miners (i.e. people running the network for the random chance of being rewarded as recipient of newly created coins) may have lost out due to the error. Events like this were anticipated in the design, and the system has an automatic method of resolving it, which unfortunately leaves some miners out of pocket, but has no effect on general users.

Raises the question

[Coward+Anonymous]

Sounds like a currency fork. You could conceivably end up with two currencies. Which raises the question: what is to stop groups of people (say China) from creating parallel systems?

If the answer is nothing, BTC is wide open for undermining by fragmentation.

Re: Was an issue for about four hours yesterday

[serviscope_minor]

A technical error should not introduce "little opportunity" for malfeasance. When my bank has a glitch, the cash in my wallet does not turn worthless for "a few hours".

Yeah but when your bank is the largest in the country and goes down for an entire week, you run out of money in your wallet way before the glitch has passed. But apparently that isn't enough to sink the government owning the bank (wasn't their fault anyway) or the currency.

In the real world, with banks with buggy software, credit card companies and paypal with dubious and opaque policies, in practice a short outage of bitcoin doesn't really register as a world ending thing.

Oh and, of course, you're forgetting about forged currency. Real hard to spot when you've been given it, until the next merchant won't accept it.

Re:So what now?

[gox]

Yes.

Branches are a part of the protocol, they are mostly natural. That's why it's recommended to wait for confirmations for higher value transactions. However long branches should be very improbable and this software glitch broke this condition. Even so, since the protocol is built on this, all transactions from the orphaned chain are carried to to the one selected by the highest hashing power. Valid transactions are not lost and double spends are invalidated. However, as you said, a careful attacker can do a double spend far more easily during such a long fork.

Re:For those, like me, reading this and saying wtf

[BitZtream]

Not even close.

You can send money now without a trusted 3rd party ... look, I'm transferring you a bajizzillion dollars right this instant in this message! Since you don't need anyone else to verify it, it must be true! Whats that? Bitcoin does require others to verify, it just doesn't have any way to confirm that those others should be trusted either ... my bad.

Email is in no way decentralized. Neither is anything else on the Internet that actually works.

Email DEPENDS on DNS, DNS is most certainly centralized. Both are then delegated to individual organizations to control, but they are in no way decentralized. You fail to understand how things you speak of work.

Email can not replace the post office either. Email can not provide me with a certified legal proof that the recipient received the message. Email'd scans of most objects aren't accepted, though we are getting to the point where we can scan checks and email them if you want to wait extra days for the bank to verify you aren't scamming them. You utterly fail to take into account all the services the USPS offers.

BitCoin solves no problem that were actual problems before BitCoin existed and introduces ones that everyone else in the world resolved via common sense thousands of years ago. You can't makeup a currency without anything backing it of value. Fiat currencies have governments. BitCoin's entire point as you put it is to not have anyone who can back it, brilliant plan.

You BitCoin guys live in a fantasy world. BitCoin is as likely to work properly as pure communism or socialism.

Re: Was an issue for about four hours yesterday

[sexconker]

How is it experimental when anyone anywhere can use it? FOr that matter what's the experiment? What are the metrics being collected? Whats the control? How will you know if the experiment is a success? If it is a success do you go back and start the non experiment on its own with the lessons learned? I would say that when people are trying to convince everyone to embrace it it is no longer an experiment when it is being used outside of a controlled environment.

If it was named Google Coins Beta (TM) you never would have posted that.

Re:Gobble bobble wobblywob?

[Chelloveck]

The problem is that there's no way to get 100% of the userbase to either upgrade to 0.8 or downgrade to 0.7 instantly.

Wait, so Bitcoin is decentralized and distributed but requires all clients to remain in lockstep with each other? Nope, can't foresee any problems with that model...

Re: Was an issue for about four hours yesterday

[Fnord666]

If I have already completed a transaction, with cash in hand, that transaction must not be "most likely" legitimate. It must be legitimate from the very moment that I verify the currency that I received as legitimate. It must not pass verification, then "most likely" have to pass verification again.

I guess you've never deposited a check into a bank, only to have it come back on you for insufficient funds?

Re: So much for being based on crypto

[Fnord666]

The security was broken. Suddenly, an attacker had the ability to easily spend the exact same set of coins twice, violating one of the key security properties Bitcoin was meant to have.

How would an attacker do that and still have both chains validated?

Re:Best to figure this out now ...

[Thiarna]

That depends on whether there is a managed or unmanaged breakup of the euro. "Your euros don't actually exist anymore" may not be that far from what happens in some scenarios.