Slashdot Mirror

← Back to Stories (view on slashdot.org)

Surrogate Database Key, Not Bitcoin Protocol Flaw, To Blame For Mt Gox Problems

Posted by Unknown on from the third-normal-form-isn't-that-hard-people dept.

An anonymous reader writes "Bitcoin values dropped sharply over the weekend after the largest trading exchange, MtGox, revealed that an investigation into unusual trading activity turned up a flaw in the underlying Bitcoin software that allowed an attacker to double withdrawal a transaction" Not so fast according to database experts: the real problem is that Mt Gox (and other exchanges) are using a surrogate transaction id rather than a natural key in their databases: "The flaw isn't so much in Bitcoin as it is in exchange-systems. Many exchanges use the tx-id to uniquely identify transactions, but as it turns out, an attacker can change the tx-id without changing the actual transaction, rebroadcast the changed transaction (effectively creating a double-spend) and if his altered transaction gets accepted into a block instead of the legit transaction, the attacker receives his coins and can complain with the exchange that he didn't. The exchange will then check their db, fetch the tx-id from it, look it up in the blockchain and not find it. So they could conclude that the transaction indeed failed and credit the account with the coins. ... A simple workaround is to not use the tx-id to identify transactions on the exchange side, but the (amount, address, timestamp) instead."

81 comments

  1. Wait... by fuzzyfuzzyfungus · · Score: 5, Funny

    So a site with strong experience in trading Magic cards wasn't quite ready to handle the combined rigors of cryptography and finance?

    The world is just full of surprises....

    1. Re:Wait... by Ritz_Just_Ritz · · Score: 4, Interesting

      Indeed. MtGox has been tainted with (at best) incompetence or (at worst) fraud for quite some time now. It could potentially be both.

      In any case, bitcoin owners/miners have voted with their feet to the extent possible and MtGox has gone from the largest to one of the smaller players in the bitcoin exchange arena. There are still quite a few unfortunate folks with their funds trapped within MtGox. We'll see if those funds are eventually released or become part of an eventual bankruptcy proceeding. That might be great in the longer term since the courts will eventually sort out the role of BTC in the world of finance, but it might be bad for people who put their trust in one of the early exchanges.

      Time will tell.

    2. Re:Wait... by Anonymous Coward · · Score: 0

      MtGox has gone from the largest to one of the smaller players in the bitcoin exchange arena.

      How do you figure? As far as I'm aware, MtGox is still the largest. By a big margin. Others, such as Virwox, have high fees and so are not getting much attention.

    3. Re:Wait... by Ritz_Just_Ritz · · Score: 1

      Please....

      This is a few months ago, but they've been circling the drain for a while.

      Nice cameltoe on the portly Mark Karpeles (MtGox's owner)... :)

      http://www.wired.com/wiredente...

    4. Re:Wait... by edibobb · · Score: 1

      MtGox has dropped from number 1 to number 3, with 21% of bitcoin volume. http://bitcoincharts.com/chart...

    5. Re:Wait... by suso · · Score: 3, Funny

      You're posting this comment on a site that was once called "Chips and Dips".

    6. Re:Wait... by faedle · · Score: 1

      .. and that's still a pretty accurate description of the contents.

    7. Re:Wait... by suso · · Score: 1

      You think we'll still be doing this when we're 60?

    8. Re:Wait... by Wonko+the+Sane · · Score: 1

      Better link: http://data.bitcoinity.org/mar...

    9. Re:Wait... by Anonymous Coward · · Score: 1

      Yep, when you ask to withdraw large funds in $USD they just claim there is problems with the system, leave you hanging for months, but it is very easy to deposit money if one wishes. Mt Gox is a scam, i found that out first hand. However, bitcoin itself might be ok.. as long as bitcoins can be transferred and funds can easily be withdrawn from another exchange otherwise I feel the currency is largely valueless if one wants anything other than tech goods online.

    10. Re:Wait... by Anonymous Coward · · Score: 0

      I'm over 60.

      And it sucks.

      Worse than Slashdot Beta.

    11. Re:Wait... by Anonymous Coward · · Score: 0

      I already am.

    12. Re:Wait... by Anonymous Coward · · Score: 0

      Well, looks like I know when I'll be kicking the chair from beneath my legs then.

    13. Re:Wait... by telchine · · Score: 4, Funny

      You're posting this comment on a site that was once called "Chips and Dips".

      It's still called Chips and Dips for me. I hated the change, so I resisted it as part of the FuckSlashdot campaign. I set up a personal proxy to automatically rebrand each page load back to Chips and Dips and it's been like that ever since!

    14. Re:Wait... by fuzzyfuzzyfungus · · Score: 1

      You're posting this comment on a site that was once called "Chips and Dips".

      And, until Beta, I was pretty confident that they were up to the challenge of accepting and then displaying comments...

    15. Re:Wait... by agentgonzo · · Score: 1

      You have waaaaaaaaay too much free time

    16. Re:Wait... by Anonymous Coward · · Score: 0

      This sounds like a currency system the whole world should be involved in - where [one of] the largest exchanges can fuck you over for long periods of time, should you actually want to retrieve your money.

      Even the worst of the banks in the recent economic malady still honored deposits and gave you your money if you gave them a proper document for withdrawal.

    17. Re:Wait... by jythie · · Score: 1

      /thread

    18. Re:Wait... by tompaulco · · Score: 1

      Apparently you didn't bother to read the summary. The problem is not withdrawing other currencies, that is still the same as it was. The problem is withdrawing bitcoin.

      --
      If you are not allowed to question your government then the government has answered your question.
  2. Not for MtGox but kinda agree by JcMorin · · Score: 4, Insightful

    Many pro bitcoin will hate me for saying that, but the transaction ID should not be change and once published it's value should be considered safe to check if a transaction is part of the blockchain or not. All the crap related to 3rd party modifying Sign script is pretty idiot compare the power for having a single ID to track a transaction. That said, this give no excuse for Mt Gox to not release the funds, the problem is not new, not even to them, and probably hide a much bigger financial problem.

    1. Re:Not for MtGox but kinda agree by glenebob · · Score: 1

      Pretty much this. There should be no way to change an ID. It's called an ID for a f***king reason.

      And (amount, address, timestamp) as a key? That's funny sh*t right thar!

    2. Re:Not for MtGox but kinda agree by master_kaos · · Score: 1

      Can someone explain to me why a third part can channge an id? Is this a feature (if so what use would it have), or an exploit that wasn't found out about until recently and it is part of the core and too difficult to fix?
      I skimmed over the article and it said something abotu it being known since 2011.. which if that is the case then why not fixed and or publiciced better? as it seems like a major issue.

      I would always think using something like a transaction id to be safe to use to you know, IDENTIFY the transaction.

    3. Re:Not for MtGox but kinda agree by KnightMB · · Score: 0

      If they are sending out more funds for withdraws than bringing in for total sales and commission then yes they are now running a Ponzi scheme. They now have less funds to give back out than what was given to them, people at the top of the scheme cash out, people at the bottom are left holding the digital poo of bitcoin. To try and prevent a mass exodus or lawsuits, they delay all withdraws until they have enough to satisfy the loudest complainers first that had the most to lose. Everyone else with a small amount will never get their funds back unfortunately.

    4. Re:Not for MtGox but kinda agree by edibobb · · Score: 3, Informative

      Here's a good explanation:
      http://blog.blockchain.info/20...

      Slashdot is broken. It won't let me post because it thinks I just posted, and it won't tell me how long to wait. For the past 5 minutes it has said it's been 3 minutes since my last post. Maybe it's some kind of space-time warp.

    5. Re:Not for MtGox but kinda agree by TheRealMindChild · · Score: 1

      From what I understand, it goes like this: The concept of a double spend is to try and spend the same money in two transactions. The bitcoin protocol has its way of dealing with it, pretty much by only one of those transactions succeeding. In this case, some nefarious entity submits the same transaction with all of the same details, but a different transaction ID. IF luck is in their favor, the protocol will chose their block instead of the one from the exchange. The nefarious entity then says "My money never got here! Just look at the blockchain!" and the exchange does... by transaction ID. They don't find it, so they figure the transaction was unsuccessful and sends out another one.

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
    6. Re:Not for MtGox but kinda agree by MagicMerlin · · Score: 1

      It's called an ID for a f***king reason.

      And (amount, address, timestamp) as a key? That's funny sh*t right thar!

      I mostly agree, but only because of the timestamp. Timestamps make poor keys for various reasons. A little trivia: that's my blog post :-).

    7. Re:Not for MtGox but kinda agree by JesseMcDonald · · Score: 2

      The tx-id does, in fact, uniquely identify a particular transaction. It's basically just the hash of the completed transaction record. The problem is that it isn't the entire transaction record that you're signing when you send bitcoins, just the input you provided and the set of outputs. This is done so that multiple independent parties can all contribute to the same transaction, but it also means that someone can modify other fields to create a new, equally valid transaction with the same inputs and outputs but a different tx-id.

      Rather than the tx-id or the rather arbitrary (amount, address, timestamp) tuple recommended in the article, exchanges should be using the same data they signed to identify the transaction in the blockchain. The simplest way to do that would be to index the table on the signature itself. When a transaction shows up in the blockchain with that signature on one of the inputs you know the transfer went through, regardless of the eventual tx-id.

      --
      "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
  3. I'm sure glad they're working out all the bugs in by oscrivellodds · · Score: 3, Insightful

    Bitcoin with other people's money and not mine!

  4. Couldn't buy into.. by bkgoodman · · Score: 0

    I'd have a real hard time buying into, or putting any investment into a currency that could run into these types of problems - or even potentially vaporize overnight - due to some intricate techical problem that I didn't understand - and maybe STILL wouldn't even long after it was explained to me ...

  5. It is so cute when they don't understand by DaveV1.0 · · Score: 0

    The reason behind it doesn't matter anywhere near as much as that it happened and is high profile. It is like being arrested for a sex crime, especially child molestation. Even if one is proven innocent beyond a shadow of a doubt, one's life will be changed beyond recovery. Every time someone searches one's name online, that arrest will pop up and inject doubt.

    As the events happen, they eat away at the credibility of not just the individual people and companies involved but also BitCoin. It shows how easy it is to steal them, how sites thought safe are not.

    --
    There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
  6. History doomed to repeat itself by Anonymous Coward · · Score: 2, Insightful

    Funny how the currency is only as good as the institutions supporting it. (In this case the exchanges)

    Lets not kid around. Bitcoin was created with the intention of getting around existing laws and regulations regarding currency. The philosophy behind this idea suggests that these things are unnecessary and represent others stealing your money.

    Not saying the banks and money regulations are completely without flaws, but they do have some damn good reasons for being there.

    1. Re:History doomed to repeat itself by Anonymous Coward · · Score: 0

      Yeah, they have some pretty good reasons to be there. Control and power over the money supply - making sure you remain a slave, and the ones in control have in practice infinitely deep pockets as long as they play it smart.
      Plain and pure slavery, nothing more, nothing less.

    2. Re:History doomed to repeat itself by oscrivellodds · · Score: 1

      How does bank control over money supply translate into me being a slave? Can you elaborate?

    3. Re:History doomed to repeat itself by Anonymous Coward · · Score: 1

      How does bank control over money supply translate into me being a slave? Can you elaborate?

      They (the private banks that control the so-called "US" dollar) "print" money any time they or their powerful friends need it. They spend that money and get whatever they want to buy. You lose the value of any savings you had plus you lose some buying power. The slaves like you and me soak up the losses in the form of inflation. The masters have whatever money can buy.

      Plus: old-style slaves had to be fed, clothed, sheltered. Economic slaves will feed,clothe and shelter themselves. Low maintainence! Doesn't even need taskmasters. They don't care what you do for your dollars, so long as you keep producing wealth that circulates in an economy. The tick or mosquito doesn't really care which vein it bites, long as it has a good blood supply. It works until the tick sucks too much blood and the supply dries up, then economies crash.

      By having the power to control a money supply you also have the power to crash that currency. This can and has toppled nations. Now you have political power too.

      The old style Julius Caesar method of military takeover is rash and sloppy and much more error prone. Most of it that still goes on is encouraged in some way or another by those who profit from selling armaments so that too is all about the money. The same bankers profited from both sides during WWII for example.

      It's not that banking is inherently evil and cannot be done differently. It's that banking is centralized and a very small group of powerful men control it entirely. The private banks operate under the name of the governments that are supposed to be the only issuers of currency, lending an illusion of legitimacy and democratic process to the affair. The media casually talks about the Federal Reseve like it's a branch of the government. It's not.

      You have to inform yourself about this one and do your own research. There is no substitute for that. And no one running the show has any interest in announcing the way this actually works and what the implicatons are.

    4. Re:History doomed to repeat itself by Anonymous Coward · · Score: 0

      Yeah, damn, I sure am a slave to the banks that I hold ZERO debt with. They have complete control over me.

      But a bitcoin exchange that takes their sweet fucking time to actually give you your money should you have the audacity to cash out, well, if your bitcoin value didn't evaporate overnight because of yet another technical disaster; that's FREEDOM.

      Idiot.

    5. Re:History doomed to repeat itself by jythie · · Score: 1

      Well, yes and no. While it is hard to say what the original developer had in mind for sure, the user base has a variety of motivations behind it, some of which match up very well with what you said, others not so much.

      For instance, I am in the 'payment method' camp. Since BTC is a push rather then pull protocol where you transfer money to a merchant rather then giving a merchant your special numbers and they transfer it from your account, I believe that could really cut down on many of the problems with see in internet transactions. Every time you use a credit card or even the banking system there is a risk of someone grabbing those special numbers and being able to drain your accounts since both systems just take the recipient's word that the amount is correct and they are indeed owed that money.

    6. Re:History doomed to repeat itself by TheCarp · · Score: 1

      > Lets not kid around. Bitcoin was created with the intention of getting around existing laws and
      > regulations regarding currency. The philosophy behind this idea suggests that these things are
      > unnecessary and represent others stealing your money.

      Actually I believe it suggests far more distrust in a central authority and the Fed. You don't have to go too far into the anti-Fed conspiracy nutjob side of things to question whether it is too much power or too corrupting. I mean, even if you accept that inflation is a good thing (I do actually) and that you may want to create more money out of thin air....its not too hard to see that the distribution of that new money is surrounded by questionable practices in the extreme.

      Fed money creation is generally done by creating new money and then doling it out as low interest, no recourse loans. Rolling Stone did a great article "The Wives of Wall Street" exposing how many connected people set their wives up with shell companies just to apply for these sweet loans. It is wealth redistribution.... from everyone else, right to the top! The deals they talked about were sweet too, if you make a profit, you pay back the loan, if you don't, you don't have to pay it back. I want that loan too! Where do I sign up? Oh right, I don't qualify, I didn't marry a top level banker.

      In the end, this problem in the bitcoin market is a problem with an exchange. No different from bugs that caused real banks to lose money in real situations; some which became very public, some which didn't. Regulation wouldn't have fixed this; it was a procedural error in how they determined if a transaction failed.

      --
      "I opened my eyes, and everything went dark again"
  7. Time to buy by Billly+Gates · · Score: 1, Insightful

    When they go back up tomorrow I can make a weeks worth of money in 1 day :-)

    --
    http://saveie6.com/
    1. Re:Time to buy by Neo-Rio-101 · · Score: 1

      Well there's a nice fat pin candle on the daily chart, I'd say it'd be worth trying to get in.

      --
      READY.
      PRINT ""+-0
    2. Re:Time to buy by Bryan+Ischo · · Score: 1

      Why not go do something useful with your time, try to make money by creating actual value in the world, rather than surrounding yourself with get-rich-quick schemers, scammers, and thieves in the bitcoin world, hoping to score big?

    3. Re:Time to buy by Neo-Rio-101 · · Score: 1

      If trading things for profit is not valuable, then let's just close all our shops and businesses and head to your communist commune.
      Soldiers died so we can play forex.

      --
      READY.
      PRINT ""+-0
    4. Re:Time to buy by Bryan+Ischo · · Score: 1

      Understood, and of course people have a right to make money however they see fit.

      Won't stop me from trying to plant the seeds of thought though. I'd be happier if there were fewer people operating from greed and more people trying to enrich themselves and their surrounding in more creative ways, so I don't mind trying to make the point and see if it resonates.

    5. Re:Time to buy by Anonymous Coward · · Score: 0

      Why not go do something useful with your time, try to make money by creating actual value in the world, rather than surrounding yourself with get-rich-quick schemers, scammers, and thieves in the bitcoin world, hoping to score big?

      Regarding cold hard US dollars, have you heard of these things called money markets? Same concept. It just has the symbols ($$) you have accepted as pure and holy.

    6. Re:Time to buy by Anonymous Coward · · Score: 0

      People bitch about inflation and speculators in the commodity markets driving up prices on real things like oil, but at least it's a real thing. We're talking about speculating on imaginary currency in the form of arranged electrons on a spinning rusty platter.

      In no way could this be described as creating real world value. Even monopoly money has more value, as you can at least burn it for a very inefficient source of heat.

    7. Re:Time to buy by ultranova · · Score: 1

      Why not go do something useful with your time, try to make money by creating actual value in the world, rather than surrounding yourself with get-rich-quick schemers, scammers, and thieves in the bitcoin world, hoping to score big?

      Because you have to eat. If you aren't independently wealthy, the best you can hope is to be treated as a valuable asset in someone else's get-rich schemes. But even that severely limits your options - you'll end up inventing microsecond trading algorithms instead of medical molecule simulators, or writing propaganda instead of the next great American novel.

      A quaranteed unconditional minimum income sufficient to live on would solve the problem, but is unlikely to be politically viable.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    8. Re:Time to buy by causality · · Score: 1

      Understood, and of course people have a right to make money however they see fit.

      Won't stop me from trying to plant the seeds of thought though. I'd be happier if there were fewer people operating from greed and more people trying to enrich themselves and their surrounding in more creative ways, so I don't mind trying to make the point and see if it resonates.

      I don't think it's "greed" as much as it's the belief that you're a nobody and a loser if you aren't materialistic, if you don't work so many hours making money that you no longer have the time to enjoy the money you have made, if you don't have the wealth and status to control others. The old vice of greed is really only one component of the problem. A lot of the participants aren't strictly greedy, they just don't know any other way to "be somebody".

      --
      It is a miracle that curiosity survives formal education. - Einstein
  8. The reasons don't matter by roman_mir · · Score: 0

    it doesn't matter why this or that happened in case of Bitcoins, faith based money, the faith being that it will go up in price and that there always be somebody there, buying these off of you when you need it.

    mtgox doesn't accept Bitcoins or money transfers, if people can't get other currencies for Bitcoins easily, they just may turn to alternative ways of 'cashing in' their BTCs, I am talking about buying actual products with them on a much higher scale, which will prompt the sellers of the products to flood BTC exchanges to get their preferred currencies (because almost no seller actually keeps BTCs). This will put more downward pressure on the market, more exchanges may shut down not and for technical reasons at all. Meanwhile there are all these people that bought BTCs at a much higher price, there are still millions of those who hold BTCs that they got for almost free. Once BTCs fall below 200, many will rush in to sell, who otherwise wouldn't have.

    --
    You can't handle the truth.
    1. Re:The reasons don't matter by Anonymous Coward · · Score: 0

      Exchanges make money on trades, not on prices of bitcoin.

      More dumping = more trading = more money for the exchange.

  9. An obscure bug in the bitcoin protocol by Anonymous Coward · · Score: 5, Interesting

    A bitcoin transaction comprises 3 parts:
    Transaction data - Source, destination, amount and timestamp
    An ECDSA signature signed with the private key of the source
    A transaction ID.

    The transaction ID is generated as the cryptographic hash of the transaction data and signature.

    The problem comes with how ECDSA signatures are formatted. A signature is essentially a large integer of undefined length. Industry standards are that the signature should be written with no zero padding - i.e. the first byte should be non-zero. In practice, many software implementations would define a fixed length field and zero-pad signature.

    The signature would still be valid even if zero padded. However, the transaction ID which is a hash of the transaction data and signature would change.

    Early versions of the bitcoin daemon would accept padded signatures, but this bug was fixed a couple of years ago, and transactions submitted to the network with excessive signature padding would be rejected as invalid.

    Mt Gox used in-house bitcoin client software which for a long time continued to pad their transaction signatures, even after the bitcoin developers issued an alert to users, resulting in failed or delayed (if the first node to receive the transaction broadcast was running on old daemon which would accept the transaction, the transaction would be validated and accepted; therefore a semi-invalid transaction may succeed after a number of retries) withdrawal transactions.

    Finally, the thing that really screwed things up was that 3rd parties (possibly early adopters with large amounts of bitcoin at Mt Gox) recognised the bug, and provided a workaround for Gox's broken software. Their software acted as transaction relay nodes, and when it received a broken transaction from Gox would rewrite the signature in the correct form, and compute a new transaction ID, before re-broadcasting the transaction.

    The result was that Gox's withdrawral problems disappeared for a number of months - until Gox's client went out of sync with the bitcoin network, as it was trying to spend coins that had previously been spent by transactions that it thought had failed.

    Captcha: bugged

    1. Re:An obscure bug in the bitcoin protocol by master_kaos · · Score: 1

      Thank you very much that clears it up. I actually tried reading a few articles and none of them made any sense, or didn't explain what was wrong or what gox was doing wrong.

  10. Dropped sharply? Yes, but... by Anonymous Coward · · Score: 1

    ... it raised up again with the same speed, if not more. Less that 24h after the FUD announcement by MtGox, Bitcoin value is already recovered and rising. See: http://bitcoinwisdom.com/markets/bitstamp/btcusd

    1. Re:Dropped sharply? Yes, but... by mlw4428 · · Score: 2

      And? It highlights the real issue with the proposed "value" of this currency. It's not stable, it's not backed by any meaningful entity, and its value is an illusion created by Libertarians and gov't conspiracy nuts who love to circle-jerk each other that somehow currency can just appear out of thin air...like magic. You can argue a fiat currency system, but it means a lot more when a massive nation (or group of nations) back that currency and will use military force to ensure it stays around.

    2. Re:Dropped sharply? Yes, but... by Neo-Rio-101 · · Score: 1

      That sharp move down is known as a trap move. The sharp move down prompted price chasing idiots to sell it off at the lows of the day, which is a very very amateur move.

      Now they are trapped right down the bottom of the spike. Watch as the market gets the hell away from that price point.

      The BTC is set to rise... mark my words.

      --
      READY.
      PRINT ""+-0
  11. The Dollar by Anonymous Coward · · Score: 2, Insightful

    Then please don't read how the dollar works. You won't be able to sleep at night.

    1. Re:The Dollar by DrXym · · Score: 1

      The value of the US dollar doesn't crash in the space of hours to a fraction of its previous values because of extreme volatility caused by borderline legality, broken exchanges, mass thefts, and flighty investors who panic as every blow lands. So I expect people who use US dollars or other currencies sleep pretty well at night all things considered.

    2. Re:The Dollar by Anonymous Coward · · Score: 0

      And no one were able to hoard USD before people decided that they were worth something. They were created as a substitute to something that already had value.
      When I tested out bitcoin (and saw that it sucked) I got a bitcon for free! (Which I promptly lost.) How many other bitcoin has been mined and are just hoarded?

      Bitcoin should be deprecated and a new "digital" currency should be started... and started with a loud and clear "one two three, start mining!" ;-)

    3. Re:The Dollar by Dishevel · · Score: 1
      It would if the Fed did not prop it up.

      The U.S. Dollar is on no standard. They are printing it like mad right now and the smart people are watching this and just making bets on when the fraud that is the current US dollar will be found out and it will get dumped and inflation will turn it into a fucking peso.

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
  12. unbelievable by slashmydots · · Score: 2, Insightful

    I can't believe whoever wrote the original code didn't catch this. It seems pretty database 101 class to me. Even the non-programmers had to take that class at my college and it always taught that you don't base a primary key in a table (or use as a unique ID in code) a value which isn't necessarily unique or can change. It's almost the same thing as not using as the primary data table key a compound key of last name, first name, and middle initial. First of all, it can change. Secondly, it can be repeated. That's basics, people. This isn't too far from that.

    1. Re:unbelievable by Anonymous Coward · · Score: 0

      So you were aware that this thing called a transaction ID could change, were you? The issue is not that people don't know basic database theory, it's that people didn't necessarily know that this thing called a transaction ID was not sufficient to actually, you know, ID a transaction.

    2. Re:unbelievable by JcMorin · · Score: 1

      Having a transaction Id that changed after being produce from the original broadcast is not basic nor expected/standard. Call it what you want, and ID should be unique and permanent...

    3. Re:unbelievable by Troed · · Score: 2

      It's been known and well documented since 2011. It's in the wiki. What programmer does not study the API documentation when implementing a multi-million dollar service?

      https://bitcointalk.org/index....

      An incompetent one. The transaction id is an id of that specific transaction. If another transaction is created with the same inputs and outputs is a new transaction, thus a new transaction id.

      (A better id to use if you want to track actual transfers is a hash over the sorted input and output adresses)

      --
      it's in my head
  13. A Bitcoin transaction requires 1 hour to complete by onebeaumond · · Score: 1

    It's built into the protocol, and always will be. Everyone who uses Bitcoin needs to be aware of this limitation!

  14. An even easier work-around... by AudioEfex · · Score: 0

    ...is to not buy into the virtual currency fad to begin with.

    Bitcoins are the collectable of the moment - it's like the comic book bubble. Sure, really old comics (like 1940's) remain valuable as artistic artifacts (issues that only exist in single or double digits in known quantity in the world), but you can pretty much get any comic from 1990 on for cover price at this point with very few exceptions, and even 60's/70's stuff for $20-30 now that all used to go for $100's in the 90's during the boom.

    Once the "thrill of the chase" is over, and people start to realize that they have nothing of value to show for it, they still can't spend their Bitcoins on Amazon, or any brick and mortar environment, it all evaporates. Worse, in this case, is that with all of the issues and flaws in the system - it can happen much more quickly, as this weekend showed.

    It's human nature to want something for nothing (or very little) - people are playing the Bitcoin lottery right now, and they'd be better off buying scratch tickets. Sure, folks are making a few bucks here and there, and a select few are probably making a lot of money on folks just trying to get in on it, but like any bubble, it doesn't last forever. In five years we'll be looking back at this and laughing that anyone paid $700 (or whatever it gets up to before the jig is up) for a virtual coin that can't really be spent anywhere significant, and is just people buying/selling to each other. Kudos to those who are taking advantage of this and making what they can while they can - but most folks would be better off buying virtual items in Everquest or WOW because then they actually get to use the items to enjoy in the game, because 100 Bitcoins can't even buy you a cup of coffee in 99.99999999...% of the world.

    1. Re:An even easier work-around... by Anonymous Coward · · Score: 0

      I will bring you 100 pounds of coffee, ANYWHERE on Earth, for 30 BTC, I can get it there in a week.

    2. Re:An even easier work-around... by Anonymous Coward · · Score: 0

      Your ignorance is unsurprising and annoying to say the least because it's so common, it's also outdated my several years. Right now you can buy products from Overstock and Tigerdirect with bitcoins, you can also goto many different B&M businesses and pay with bitcoins, Amazon is rumored to accept bitcoins soon. I'm tired of people like you that don't actually bother to do their own research, they just shit their opinions onto the internet and expect people to agree with them. I expected better from a site that claims to be a paragon for discussion when it comes to "News for Nerds".

      http://www.overstock.com/bitcoin
      http://www.tigerdirect.com/bitcoin/
      http://www.csmonitor.com/Business/Saving-Money/2014/0115/Bitcoin-goes-mainstream-Digital-currency-now-accepted-at-major-retailers

  15. Why 'amount'? by Anonymous Coward · · Score: 0

    I'd say (address, timestamp). 'amount' adds nothing to the key.

  16. lol? by Anonymous Coward · · Score: 1

    "because 100 Bitcoins can't even buy you a cup of coffee in 99.99999999...% of the world."

    Sir, for 100 BTC I will deliver you personally a yearly supply of coffey, anywhere in the world (including active war zones etc)

  17. You are a debt serf by Anonymous Coward · · Score: 0

    You are either personally hugely in debt, or everyone round about you is hugely in debt, and even if neither of these are the case, the banks have kindly loaded up the government with debt on your behalf and you and your children have to pay it off...

    At the point of a gun.

    Reality == you are a debt serf.

    1. Re:You are a debt serf by hughbar · · Score: 1

      Agree, nearly everyone is a debt serf. If you have family, work for salary own a house, went to university and do most of the 'ordinary' things that people do in developed countries, you probably have substantial debt. People don't 'choose' to be unfree, the current arrangements compel them in the course of living their lives.

      I personally have very little debt and, as a result [apart from being quite old] don't work all year, every year. Now just IMAGINE if people started doing that [actually, apparently a serf had about 100 days holiday, religious festivals included, in the middle ages] the SYSTEM would break down and people would DO WHAT THEY WANTED. Of course, they've been taught to want Facebook, Caca-cola and expensive sneakers, so maybe it wouldn't be too bad, would it?

      Apologies for the sarcastic capitals in the post. We really need a 'new' financial system that serves the 'people' and not gov, large corporations, the banks and all these other layers-of-shit, to use the technical term. Meanwhile, people need to wake up to the fact that, every day, they're being gamed.

      --
      On y va, qui mal y pense!
  18. (amount, address, timestamp) by Eunuchswear · · Score: 1

    Better use a fucking high resolution timestamp.

    (The number of times I've seen systems fall over because some idiot thought two things can't happen in the same second/millisecond/microsecond....)

    --
    Watch this Heartland Institute video
    1. Re: (amount, address, timestamp) by Anonymous Coward · · Score: 0

      And then good luck syncing then across the system...

  19. WTF by Anonymous Coward · · Score: 0

    Shazbot! We ran into some trouble getting the comments.
    Try again... na-nu, na-nu!

    Fuck Beta!

  20. Amount, Address, Timestamp = Collision? by medv4380 · · Score: 1

    Really? Simple workaround? Using a unique ID is the only real option, and the problem has more to do with the ability of the "attacker" to change the transaction ID. If I write someone a check and the check numbers don't match my records then I know I have to examine the records. How do these Banking Anarchists think our mishmash of Bank databases with a Central Bank work?

    Oh that's how "Real" banking works. We can't be seen doing something that "Real" banks have to do. We're against the man, and bank databases are the man. /sarcasm

  21. Bitstamp Suspending Withdrawals As Well. by Anonymous Coward · · Score: 0

    3rd Largest Bitcoin exchange, Bitstamp has now suspended withdrawals as well.