If you cannot trust the CPU then no kernel change is going to improve the situation.
Which in turn makes it a reasonable explanation...
An intentionally flawed random generator is one thing; detecting and reverse engineering kernel code on the fly is another. What makes you think this sort of CPU doesn't actually run the whole system in this mode and report every suspicious activity steganographically through the system's network devices?
If Linus wants to debate this, let him address these issues. Linus needs to show the premises wrong, or that the conclusion doesn't follow from the premises.
If he can't, then he should abide by the recommendation.
This is why he is calling people ignorant.
If you want to debate this, address the responses he's made. Why do you think the random pool doesn't automatically destroy any potential back-doors?
We are not talking about nuclear weapons here. Manufacturing chemical weapons from scratch isn't hard. This move is more or less symbolic.
In all likelihood, the allies saw that this would turn into a huge disaster and decided to step back. Asking Syria to hand over the weapons and making them comply will make them look successful and mature, Russia's involvement as the "facilitator" puts it in a very advantageous position, while Assad establishes the right to continue doing what he was doing. All players are happy, rest is clueless.
This is exactly the intended result of terrorist acts, and you are falling for it. In a sense, if people didn't think the way you think, terrorism wouldn't even exist.
Bitcoin is perfectly pseudonymous and traceable. Which means, if you don't mix transactions between your different identities, you can preserve your anonymity.
Say, you made some coins by selling your coding skills (or naked pictures) online, without revealing any personal information (IP and personal e-mail addresses included). Then you went and spent those coins to pay someone to build your anonymous identity a website. This is perfectly doable.
However, if you then go and order some pizza to your home address with the rest of those coins, it is possible in theory for an entity with reach to associate your code (or naked pictures) to your home address.
It also works the other way. If you buy some coins with a bank transfer, it's possible that they can associate your expenditures with your ID. There is plausible deniability of course, but that won't prevent them from breaking into and searching your house when you are away. If you are perfectly sure that the people you are transacting with are not agents, you are likely safe.
Luckily, since there is very limited friction, it's fairly easy to figure out how to cover your tracks. Required learning is similar to what you have to do for WWW or e-mail (which everyone needs to know at this point anyway). If you are familiar with the innards of historical digital currencies, you already know.
America's over-reaction to 9/11 and the terrorism "threat" in general is doing far, far more damage than any terrorist could directly do in their wildest dreams.
10 years ago, I would have agreed with you. But looking back, I feel that you are being a bit naive.
If you were a detective wanting to solve a crime, the first question you'd ask would be "Who benefited?".
I agree that terror has been used plenty of times recently, that the elected governments never had a hand in it, and that there are organized groups around the world who have been hurt by the U.S. and want to take revenge at all cost. However, whenever I try to look from the perspective where "they got extremely lucky once", the picture begins to turn into a caricature of reality, like a badly written Hollywood movie.
We will never know why things happened how they happened, but trying to make sense of it the way we are supposed to doesn't work anymore. How long would Saddam's nuclear weapons remain a plausible threat if the citizen had no way of knowing about the evidence?
You already summarized the scheme. It's a general scheme that's been going on throughout the world.
What I am pondering about is how to react to these facts as a free person. Should we focus on our responsibilities to our community and use "democratic methods" to voice our concerns, maybe initiate protests and establish political groups? Should we focus on our responsibilities to our own family, move to the safest place we can find on Earth and then worry about when it will finally hit us? Should we adapt and do our best to educate our kids on how words change meaning over time?
My disagreement about the extent of power you ascribe to voting aside (i.e. by comparison, choosing another exchange over MtGox is practically easy, whereas succeeding in changing how the central bank is managed even if you dedicate your whole life to it is a daydream), keeping bitcoins on MtGox surely defeats the purpose of Bitcoin.
Having said that, the issue seems to be about the USD kept in MtGox, which is equivalent to any sort of exchange trading on any sort of regulated institution. The exchange rate difference between Bitcoin exchanges shows that people who want their USD out are currently buying Bitcoin on MtGox to subsequently sell them on other exchanges. Bitcoin side of the trust issue seems to be working fine.
Even if it was registered with that in mind, there was never a Magic the Gathering exchange on that domain, so your claim is unwarranted. Besides, the guy who registered the domain sold it long time ago. Granted though, it's a weird name for a Bitcoin exchange.
If something causes people to start to leave the network a little too quickly, and it slows down, causing a further exodus, then you have a runaway condition, and the entire thing is doomed for a "temporary" period long enough to kill it, effectively. No?
That's true.
Transactions are a chain.
none of those games are particularly resistant to analysis
I think we are discussing different things here. I agree that none of them are resistant to analysis. That's why I keep saying Bitcoin does in no way "provide" anonymity. There are other ways to achieve anonymity, and Bitcoin makes it easy to use these methods. Think about blind-sig DigiCash for a moment. It's almost perfectly anonymous, yet you have to trust some authority constantly. Bitcoin relieves/some/ of this burden; you can use DigiCash equivalent through Bitcoin (e.g. OpenTransactions), and you only need to keep the coins on the server for the brief amount of time you need to transmit the token data. In the end, you have very good anonymity with relatively small counterparty risk.
The P2P substrate is actually a terribly difficult design problem that is usually inseparable from the higher-level goals of the network
Agreed. Bitcoin is doing fine currently, and all problems you've mentioned are being actively handled, and I must say quite well. However it really isn't clear how it can scale. Either developers will attempt to scale it to a degree of thousands of transactions per second, or keep it almost as it is and have people implement other payment methods that use Bitcoin as a backbone. I'm currently undecided, as the thought of scaling up is quite scary.
It has to be easier if you isolate someone from the network. Imagine if all the computers but yours disappeared tomorrow. Are you saying your computer could not now win a race of 1? Or that there is any difference between a communications cutoff and lack of existence?
Yeah, of course a cutoff is equivalent to lack of existence.
Trying to generate a SHA-256 hash of some random data is what I would call a pure process. There is no race going on in the algorithm itself, or in other words, there is no information link between competing parties. The competition happens at a higher level. The complexity doesn't change with increasing competition within a 2016 block group.
For instance, currently it takes 3 * 10^16 hashes on average to find a block. This is the total number of hashes you need to get to find it, regardless of how many people you are.
The competition gets to have an influence on complexity every 2016 blocks. If this adjustment was completely dynamic and instant, you would be right. The required number of hashes would scale with the total mining power and you would be able to isolate a portion of the network and fake blocks. Guess, Satoshi already thought about that.:-)
Namecoin (a distributed name system based on Bitcoin) had a problem a few years ago that demonstrated an example to this. Majority mining power just disappeared from the network, and it took miners months to produce 2016 blocks after that, ultimately rendering the network useless (until they found a way to mine both currencies in parallel with 100% efficiency on both, which is very interesting in itself).
If I am intercepting your communications, it is less complex to intercept everything rather than some things. Confirmations will be quite speedy, since they will come from me as well.
Well, to discuss this, we'd first need to agree that faking blocks isn't practical at all.
Bitcoin's fault tolerance is remotely similar to Freenet. You can smuggle large disks through the border to keep an isolated region of Freenet connected. Even "instant message"s would work this way, in theory. With Bitcoin, you would need a much lower latency connection, and every time you leak the block chain, the segmentation should automatically disappear. Assuming you generate a far lower number of blocks within the isolated region, those blocks would get orphaned and the transactions would be carried to the main chain.
"Tracing a coin's history can be used to connect identities to addresses."
I don't think this conflicts with what I said. You need to break the chain of transactions in order to render the history useless.
I don't see how that follows yet. Rolling back transactions or double spending is more than enough
You can't roll back transactions or double spend without producing blocks, and producing valid blocks don't get easier by isolating the victim from the network. If you agree that brute force attacks on proof of work isn't impractical, this isn't very viable either (i.e. people will realize there's something wrong when confirmation takes hours to days instead of minutes).
it is more work to create segmentation with leakage than without?
I don't get what you mean here. Even if a little information is leaked between the segments, the network will be whole again. Of course you have to have a reasonable leak. For instance, you could send the data on a flash drive and I wouldn't consider it a valid leak because of the latency.
In such a case, the difficulty of the attack must be reducible, or how can the rest of the world, which we are not communicating with (for long enough for me to defraud you) still be a factor in the CPU spend for the attack? Shannon will wake from his grave to hear the explanation.
Shannon would think you are being silly.:-)
The problem doesn't get easier to solve because less people dedicate work to it. Difficulty adjustments happen every 2016 blocks, but you can't make it lower without massively increasing confirmation times first and even then it can't go down below a certain coefficient.
Bitcoin is the least anonymous, most transparent currency ever invented. Nothing else in existence is more law-enforcement-friendly.
Bitcoin is pseudonymous. Addresses can only be connected to your identity through deliberate transactions. I have wallets that I know are impossible to be connected to me. But because of how Bitcoin works, it's very difficult to reason about, that's for sure. There is no foolproof way to achieve reasonable anonymity. However it's also ridiculous to say that it is law-enforcement-friendly.
From there on out I can see every transaction you have ever made with Y.
How come? Even with naive mixing, I don't understand what kind of technique you are suggesting here. With blind signatures, even the trusted parties don't know what goes where.
With surveillance of your net connection
Why am I so privacy conscious and still don't use a damned https connection? Most privacy conscious people use https over tor, both of which my mom is able to use by herself on an Android tablet.
wallet Y will be empty and wallet X will be full
I don't follow. We were assuming your identity is somehow well known, and you are trying to break the chain of transactions. Each time I need to make a private transaction, I can bounce it through a bunch of such services established in diverse jurisdictions. In turn, I can use the same technique to transfer back to my well known identity.
You have all the same problems as a traditional money launderer
Like having to hide cash inside oil barrels?
Anyone who wishes to perform anonymous transactions (the right of every hard cash holder since the invention of money) should run screaming from Bitcoin.
And run to what? Cash in mail?
As I explained, Chaum's scheme (i.e. a central party that can't track transactions) makes transactions perfectly untraceable. However it isn't widely used. I agree that current techniques people find good enough are not good enough (or maybe they are and I'm too paranoid). Even with blind signatures, we would need a lot of traffic to render it unfeasible as a honeypot.
It will take some practical proof to make people switch to such advanced methods however. Regardless of how we think, their techniques seem to be working.
For instance, I can steal your coins if I can convince you of an incorrect chain being the longest.
Please keep in mind that convincing me isn't less difficult than convincing the whole network. You still need to produce hashes lower than the target, and even if I am only connected to you and perfectly believe you, every block you need to produce needs the same amount of work as the rest of the network. Maybe you misunderstood the difficulty logic?
Besides, you can't directly steal coins without private keys. However you could roll back transactions or double spend, if you have majority hashing power.
I don't believe the attacker can fool anyone with the methods you propose. What they could do is blatantly censor the protocol itself, e.g. cut the whole region out of the network, thereby causing a network split. I haven't seen any proposals to make it work in such a scenario. In practice, the cut-off region would not be able to continue functioning unless they have major mining facilities (because of the same difficulty logic that prevents you from faking blocks). If they have it (e.g. USA), then there would effectively be two Bitcoin networks. Therefore the arms race would probably focus on the effectiveness of censorship.
If I can hide my identity by changing addresses, then money can magically move from one identity to another without a transaction, and I can double-spend.
The protocol doesn't support anonymity, so this is a redundant discourse. Bitcoin is not anonymous. You need an external trusted entity to break the chain of transactions. This is pretty easy to do and there are numerous services that do that, which aren't shady at all.
In simplified form, let's say you want to send money to address X, but don't want to leave a trace in the blockchain. You send the sum to my address Y, and I send the same amount to address X from a completely unrelated wallet. As long as I don't include your transaction as an input, the transaction cannot be traced. In this case, the only link is the information I have (in my mind, on disk, etc.), which also makes me the weakest link.;)
why it is not entirely straightforward (if merely computationally intensive) to unravel all tumbling activity using the chain?
Because the transaction data you need isn't in the chain.
I must admit that I don't personally like the popular "mixer" services, as they themselves can track and record your activity, which makes it a requirement to use multiple unrelated ones. This is very backwards, as Chaum's blind-signature scheme already provides a perfectly untraceable way to do this (for the last 25 years), and there are Bitcoin-related services that make it possible (which people hardly use). In this scheme, the only available method the laundry has to track you is traffic analysis, which is very difficult if the tokens are of a set size.
To my knowledge, all such schemes depend on a centralized authority, which Bitcoin by its definition can't provide. It makes it very convenient to transact through such services however.
Yes, proof of work depends on the assumption that the attacker has to have more computational power than the all honest nodes combined. As of now, Bitcoin honest nodes have much more computational power than all the supercomputers combined. That doesn't mean that it can't be overcome with application specific hardware however.
On the other hand, I don't understand most of your description regarding your primary concern.
What is the potential difficulty you see in communication? What is the difficulty in measuring chain length? AFAIK having recent block headers is enough, and it's literally a few bytes of data per 10 minutes on average.
I think your concerns about botnets, etc. are a little late, since the network is about to be dominated by ASICs. Deep pockets could still spend millions of dollars and develop an advanced ASIC based farm, but this will become a lesser threat in the following years. I don't think this is a huge practical concern. With millions to billions dollars at your disposal, you can destroy many things. An attack based on application specific computational power would at most render the Bitcoin network unusable until the developers change the hashing algorithm. Besides, there are many Bitcoin clones out there anyway, so a totalitarian regime doesn't have anything to gain from such an attack.
I don't get what you mean by transparent proxies or eavesdropping. Bitcoin transactions are completely transparent.
Regarding anonymity; Bitcoin transactions are completely traceable and many types of analysis can be made to relate addresses to each other. They don't work very well in practice, but even so, you should never trust obscurity. Untraceable transactions can be and are easily implemented on top of the protocol, though I'm not sure (and don't care) how many SR purchasers use such solutions.
Someone responds, but something like bitcoin can allow anonymous transactions. Well, they don't need to track "you", just your habits. You're still no better off than where you were with ads, other than now you need to pay money and have the inconvenience of registering with each site to pay them, even if with an anonymous bitcoin key.
Wait, it gets better. They can just start tracking your keys, and now you give them the same info AND you pay them money. But you can create many more keys for free you say? But all transactions are public, so they can data-mine and link all of the fake-keys to the real person.
The fact that all transactions are public doesn't mean that data mining will work. Best case scenario, their heuristics might identify islands of suspected connections. The way common Bitcoin wallets work, it's not very likely that you will discover a decent way to track any person. You might be able to track some people because of their peculiar usage habits, but not the ordinary user.
I can imagine methods of secure login using automatically assigned keys to each site, but they will never be supported by, say, out of the box Windows. It's a pity because Bitcoin clients by default already have an endless supply of unused private keys which gpg software doesn't make easy.
One easy way out of this I have seen is sites that automatically create a login directly when you access the site. Besides the cookie you receive, you are given a URL so that you can access the site on multiple devices. If you use the site regularly and think you need to access it later on other devices, you can just bookmark; otherwise you don't need to care. The account has a deposit address attached where you can make micro-payments. The URL itself could even contain a hash of the said deposit address, so that you can recover it by checking your transactions even if you lose the bookmark.
The downside is, you need to keep this URL private if you don't plan to share the account, but I think the potential damage caused by such an exposure is very low for regular sites. Accounts with higher value could be protected by an optional password feature.
By the way, Bitcoin transactions are cheap, but not free. It's not a big issue currently, but the fees might become prohibitive for minuscule transactions in the future. However AFAIK there is development in the works to reduce the cost of making massive number of micro-transactions, and hopefully it will be available before fees become high enough to care about.
Certainly, but I'm not sure the same dynamics apply to technical failures. This last one was not really a big deal, but even if there were a fork that lasted long enough to be a real problem (e.g. 120 blocks, or 20 hours), I'm fairly certain it would be resolved at the developer level.
A more plausible scenario would be a political dispute between users/miners/developers/merchants/etc. Even if the core developers came up with a radical rule change despite the user base and intentionally forked the chain, the network effect "in theory" should cause that fork to wither away. This is obviously pure speculation though.
Current fork was not a big deal, it's an extraordinary branching but the protocol is very resilient to that. The chain recovered in a few hours and the transactions were automatically merged.
What keeps Bitcoin on the top has always been the network effect. As long as there isn't a completely incompatible breakthrough in the technology, it is likely that it will remain dominant, since it can absorb development done on the alternatives. There hasn't been any such proven improvement yet though.
I can't claim that the bug is not a stupid one, but I don't think your solution would have saved it. It was really an unknown problem at the database layer and it would be decided as reconcilable anyway. And it's at a specific level in the network architecture; clients were never incompatible and transactions were being relayed just fine.
Furthermore, you don't want any method to top-down enforce anything on a network like Bitcoin. Actually a wider variance of software increases network's resilience.
If a major bank tried to pull this sort of nonsense, they'd be bankrupt so fast that the stockholders would have whiplash.
Well, Bitcoin is not a major bank though. Bitcoin's market cap is probably much lower than a major bank's janitorial costs.
My wife is the manager of an operations branch of a major bank, and snickered at your comment though. What I gather is, this sort of nonsense happens all the time in major banks too, but they have several layers that keep it going even if some part is broken. Bitcoin, as a greater structure, isn't quite there yet.
Branches are a part of the protocol, they are mostly natural. That's why it's recommended to wait for confirmations for higher value transactions. However long branches should be very improbable and this software glitch broke this condition. Even so, since the protocol is built on this, all transactions from the orphaned chain are carried to to the one selected by the highest hashing power. Valid transactions are not lost and double spends are invalidated. However, as you said, a careful attacker can do a double spend far more easily during such a long fork.
Well, Bitcoin is experimental, so I guess risk averse people need to stay away from it until it's stable enough, or at least should not use it "exclusively".
I'm quite happy with Bitcoin being both a currency and a payment network. In time, this will probably change though, and people will use payment systems like PayPal implemented on top of Bitcoin.
It's like saying we're going to upgrade the dollar, and yet nobody moves to the "new dollar"
The analogy is almost true, but in this case it really doesn't matter which version exchanges use. Transactions generated by 0.8 can be mined by 0.7 and vice versa. I don't know where you got the impression that they were rendered incompatible, but it's wrong.
All miners switched to the old version so that everyone, old and new, could handle the generated blocks. The opposite would render all the blocks that will be generated by the old version defunct.
At the time of discovery, branch using the new version was already longer, but developers recommended that we cut it off anyway and so the miners did.
By the way, exchanges have nothing to do with it, since both old and new version can handle the transactions themselves. This issue was strictly about miners, so it mostly involves mining pools.
Arguably, it comes from foodstuffs that have their very own carbon footprint. I'm sure the representative didn't really think of this but since the carbon you exhale is a reasonable measure of your energy expenditure, and the fact that the energy comes from food that is produced using energy, it is actually a fact that an increased overall respiration rate could mean an increased carbon footprint.
It's just that the carbon atoms you're exhaling are not the same carbon atoms that are counted as an increased footprint.
Of course the point itself is stupid, not because it comes from nature anyways, but because you could sit all day and become obese while still causing the same carbon footprint, and then go get a liposuction and cause even more. Then again all that fat will become oil at one point.;-)
I want to invoke philosophy of science here. You won't "know". Almost everyone I know has taken ECON 200 (yeah unfortunate but everyone I know is either a physicist or an economist), and almost all are sympathetic to Bitcoin. I have discussed it with several academics too, and I don't remember them bringing up the deflation. Therefore I think your argument is a (mild) appeal to authority.
You instead need to describe why and how deflation is bad for the economy, then see if it applies to Bitcoin. While describing the mechanism, you will realize that completely open and fluid economies can't be hurt by deflation, nor the other way around.
If I create incentives for you to use my money (legal tender laws, accounting regulations, etc.), then deflation could at least has the potential to hurt the resulting economy. I don't know how you can say an increase in the price of, say, gold, hurts gold economy, or the entire economy though, as long as I am completely free about exchanging it with whatever currency I prefer.
Slashdot Mirror
If you cannot trust the CPU then no kernel change is going to improve the situation.
Which in turn makes it a reasonable explanation...
An intentionally flawed random generator is one thing; detecting and reverse engineering kernel code on the fly is another. What makes you think this sort of CPU doesn't actually run the whole system in this mode and report every suspicious activity steganographically through the system's network devices?
If Linus wants to debate this, let him address these issues. Linus needs to show the premises wrong, or that the conclusion doesn't follow from the premises.
If he can't, then he should abide by the recommendation.
This is why he is calling people ignorant.
If you want to debate this, address the responses he's made. Why do you think the random pool doesn't automatically destroy any potential back-doors?
We are not talking about nuclear weapons here. Manufacturing chemical weapons from scratch isn't hard. This move is more or less symbolic.
In all likelihood, the allies saw that this would turn into a huge disaster and decided to step back. Asking Syria to hand over the weapons and making them comply will make them look successful and mature, Russia's involvement as the "facilitator" puts it in a very advantageous position, while Assad establishes the right to continue doing what he was doing. All players are happy, rest is clueless.
This is exactly the intended result of terrorist acts, and you are falling for it. In a sense, if people didn't think the way you think, terrorism wouldn't even exist.
Bitcoin is perfectly pseudonymous and traceable. Which means, if you don't mix transactions between your different identities, you can preserve your anonymity.
Say, you made some coins by selling your coding skills (or naked pictures) online, without revealing any personal information (IP and personal e-mail addresses included). Then you went and spent those coins to pay someone to build your anonymous identity a website. This is perfectly doable.
However, if you then go and order some pizza to your home address with the rest of those coins, it is possible in theory for an entity with reach to associate your code (or naked pictures) to your home address.
It also works the other way. If you buy some coins with a bank transfer, it's possible that they can associate your expenditures with your ID. There is plausible deniability of course, but that won't prevent them from breaking into and searching your house when you are away. If you are perfectly sure that the people you are transacting with are not agents, you are likely safe.
Luckily, since there is very limited friction, it's fairly easy to figure out how to cover your tracks. Required learning is similar to what you have to do for WWW or e-mail (which everyone needs to know at this point anyway). If you are familiar with the innards of historical digital currencies, you already know.
America's over-reaction to 9/11 and the terrorism "threat" in general is doing far, far more damage than any terrorist could directly do in their wildest dreams.
10 years ago, I would have agreed with you. But looking back, I feel that you are being a bit naive.
If you were a detective wanting to solve a crime, the first question you'd ask would be "Who benefited?".
I agree that terror has been used plenty of times recently, that the elected governments never had a hand in it, and that there are organized groups around the world who have been hurt by the U.S. and want to take revenge at all cost. However, whenever I try to look from the perspective where "they got extremely lucky once", the picture begins to turn into a caricature of reality, like a badly written Hollywood movie.
We will never know why things happened how they happened, but trying to make sense of it the way we are supposed to doesn't work anymore. How long would Saddam's nuclear weapons remain a plausible threat if the citizen had no way of knowing about the evidence?
What's really going on here?
You already summarized the scheme. It's a general scheme that's been going on throughout the world.
What I am pondering about is how to react to these facts as a free person. Should we focus on our responsibilities to our community and use "democratic methods" to voice our concerns, maybe initiate protests and establish political groups? Should we focus on our responsibilities to our own family, move to the safest place we can find on Earth and then worry about when it will finally hit us? Should we adapt and do our best to educate our kids on how words change meaning over time?
My disagreement about the extent of power you ascribe to voting aside (i.e. by comparison, choosing another exchange over MtGox is practically easy, whereas succeeding in changing how the central bank is managed even if you dedicate your whole life to it is a daydream), keeping bitcoins on MtGox surely defeats the purpose of Bitcoin.
Having said that, the issue seems to be about the USD kept in MtGox, which is equivalent to any sort of exchange trading on any sort of regulated institution. The exchange rate difference between Bitcoin exchanges shows that people who want their USD out are currently buying Bitcoin on MtGox to subsequently sell them on other exchanges. Bitcoin side of the trust issue seems to be working fine.
Even if it was registered with that in mind, there was never a Magic the Gathering exchange on that domain, so your claim is unwarranted. Besides, the guy who registered the domain sold it long time ago. Granted though, it's a weird name for a Bitcoin exchange.
If something causes people to start to leave the network a little too quickly, and it slows down, causing a further exodus, then you have a runaway condition, and the entire thing is doomed for a "temporary" period long enough to kill it, effectively. No?
That's true.
Transactions are a chain.
none of those games are particularly resistant to analysis
I think we are discussing different things here. I agree that none of them are resistant to analysis. That's why I keep saying Bitcoin does in no way "provide" anonymity. There are other ways to achieve anonymity, and Bitcoin makes it easy to use these methods. Think about blind-sig DigiCash for a moment. It's almost perfectly anonymous, yet you have to trust some authority constantly. Bitcoin relieves /some/ of this burden; you can use DigiCash equivalent through Bitcoin (e.g. OpenTransactions), and you only need to keep the coins on the server for the brief amount of time you need to transmit the token data. In the end, you have very good anonymity with relatively small counterparty risk.
The P2P substrate is actually a terribly difficult design problem that is usually inseparable from the higher-level goals of the network
Agreed. Bitcoin is doing fine currently, and all problems you've mentioned are being actively handled, and I must say quite well. However it really isn't clear how it can scale. Either developers will attempt to scale it to a degree of thousands of transactions per second, or keep it almost as it is and have people implement other payment methods that use Bitcoin as a backbone. I'm currently undecided, as the thought of scaling up is quite scary.
It has to be easier if you isolate someone from the network. Imagine if all the computers but yours disappeared tomorrow. Are you saying your computer could not now win a race of 1? Or that there is any difference between a communications cutoff and lack of existence?
Yeah, of course a cutoff is equivalent to lack of existence.
Trying to generate a SHA-256 hash of some random data is what I would call a pure process. There is no race going on in the algorithm itself, or in other words, there is no information link between competing parties. The competition happens at a higher level. The complexity doesn't change with increasing competition within a 2016 block group.
For instance, currently it takes 3 * 10^16 hashes on average to find a block. This is the total number of hashes you need to get to find it, regardless of how many people you are.
The competition gets to have an influence on complexity every 2016 blocks. If this adjustment was completely dynamic and instant, you would be right. The required number of hashes would scale with the total mining power and you would be able to isolate a portion of the network and fake blocks. Guess, Satoshi already thought about that. :-)
Namecoin (a distributed name system based on Bitcoin) had a problem a few years ago that demonstrated an example to this. Majority mining power just disappeared from the network, and it took miners months to produce 2016 blocks after that, ultimately rendering the network useless (until they found a way to mine both currencies in parallel with 100% efficiency on both, which is very interesting in itself).
If I am intercepting your communications, it is less complex to intercept everything rather than some things. Confirmations will be quite speedy, since they will come from me as well.
Well, to discuss this, we'd first need to agree that faking blocks isn't practical at all.
Bitcoin's fault tolerance is remotely similar to Freenet. You can smuggle large disks through the border to keep an isolated region of Freenet connected. Even "instant message"s would work this way, in theory. With Bitcoin, you would need a much lower latency connection, and every time you leak the block chain, the segmentation should automatically disappear. Assuming you generate a far lower number of blocks within the isolated region, those blocks would get orphaned and the transactions would be carried to the main chain.
"Tracing a coin's history can be used to connect identities to addresses."
I don't think this conflicts with what I said. You need to break the chain of transactions in order to render the history useless.
I don't see how that follows yet. Rolling back transactions or double spending is more than enough
You can't roll back transactions or double spend without producing blocks, and producing valid blocks don't get easier by isolating the victim from the network. If you agree that brute force attacks on proof of work isn't impractical, this isn't very viable either (i.e. people will realize there's something wrong when confirmation takes hours to days instead of minutes).
it is more work to create segmentation with leakage than without?
I don't get what you mean here. Even if a little information is leaked between the segments, the network will be whole again. Of course you have to have a reasonable leak. For instance, you could send the data on a flash drive and I wouldn't consider it a valid leak because of the latency.
In such a case, the difficulty of the attack must be reducible, or how can the rest of the world, which we are not communicating with (for long enough for me to defraud you) still be a factor in the CPU spend for the attack? Shannon will wake from his grave to hear the explanation.
Shannon would think you are being silly. :-)
The problem doesn't get easier to solve because less people dedicate work to it. Difficulty adjustments happen every 2016 blocks, but you can't make it lower without massively increasing confirmation times first and even then it can't go down below a certain coefficient.
Bitcoin is the least anonymous, most transparent currency ever invented. Nothing else in existence is more law-enforcement-friendly.
Bitcoin is pseudonymous. Addresses can only be connected to your identity through deliberate transactions. I have wallets that I know are impossible to be connected to me. But because of how Bitcoin works, it's very difficult to reason about, that's for sure. There is no foolproof way to achieve reasonable anonymity. However it's also ridiculous to say that it is law-enforcement-friendly.
From there on out I can see every transaction you have ever made with Y.
How come? Even with naive mixing, I don't understand what kind of technique you are suggesting here. With blind signatures, even the trusted parties don't know what goes where.
With surveillance of your net connection
Why am I so privacy conscious and still don't use a damned https connection? Most privacy conscious people use https over tor, both of which my mom is able to use by herself on an Android tablet.
wallet Y will be empty and wallet X will be full
I don't follow. We were assuming your identity is somehow well known, and you are trying to break the chain of transactions. Each time I need to make a private transaction, I can bounce it through a bunch of such services established in diverse jurisdictions. In turn, I can use the same technique to transfer back to my well known identity.
You have all the same problems as a traditional money launderer
Like having to hide cash inside oil barrels?
Anyone who wishes to perform anonymous transactions (the right of every hard cash holder since the invention of money) should run screaming from Bitcoin.
And run to what? Cash in mail?
As I explained, Chaum's scheme (i.e. a central party that can't track transactions) makes transactions perfectly untraceable. However it isn't widely used. I agree that current techniques people find good enough are not good enough (or maybe they are and I'm too paranoid). Even with blind signatures, we would need a lot of traffic to render it unfeasible as a honeypot.
It will take some practical proof to make people switch to such advanced methods however. Regardless of how we think, their techniques seem to be working.
For instance, I can steal your coins if I can convince you of an incorrect chain being the longest.
Please keep in mind that convincing me isn't less difficult than convincing the whole network. You still need to produce hashes lower than the target, and even if I am only connected to you and perfectly believe you, every block you need to produce needs the same amount of work as the rest of the network. Maybe you misunderstood the difficulty logic?
Besides, you can't directly steal coins without private keys. However you could roll back transactions or double spend, if you have majority hashing power.
I don't believe the attacker can fool anyone with the methods you propose. What they could do is blatantly censor the protocol itself, e.g. cut the whole region out of the network, thereby causing a network split. I haven't seen any proposals to make it work in such a scenario. In practice, the cut-off region would not be able to continue functioning unless they have major mining facilities (because of the same difficulty logic that prevents you from faking blocks). If they have it (e.g. USA), then there would effectively be two Bitcoin networks. Therefore the arms race would probably focus on the effectiveness of censorship.
If I can hide my identity by changing addresses, then money can magically move from one identity to another without a transaction, and I can double-spend.
The protocol doesn't support anonymity, so this is a redundant discourse. Bitcoin is not anonymous. You need an external trusted entity to break the chain of transactions. This is pretty easy to do and there are numerous services that do that, which aren't shady at all.
In simplified form, let's say you want to send money to address X, but don't want to leave a trace in the blockchain. You send the sum to my address Y, and I send the same amount to address X from a completely unrelated wallet. As long as I don't include your transaction as an input, the transaction cannot be traced. In this case, the only link is the information I have (in my mind, on disk, etc.), which also makes me the weakest link. ;)
why it is not entirely straightforward (if merely computationally intensive) to unravel all tumbling activity using the chain?
Because the transaction data you need isn't in the chain.
I must admit that I don't personally like the popular "mixer" services, as they themselves can track and record your activity, which makes it a requirement to use multiple unrelated ones. This is very backwards, as Chaum's blind-signature scheme already provides a perfectly untraceable way to do this (for the last 25 years), and there are Bitcoin-related services that make it possible (which people hardly use). In this scheme, the only available method the laundry has to track you is traffic analysis, which is very difficult if the tokens are of a set size.
To my knowledge, all such schemes depend on a centralized authority, which Bitcoin by its definition can't provide. It makes it very convenient to transact through such services however.
Yes, proof of work depends on the assumption that the attacker has to have more computational power than the all honest nodes combined. As of now, Bitcoin honest nodes have much more computational power than all the supercomputers combined. That doesn't mean that it can't be overcome with application specific hardware however.
On the other hand, I don't understand most of your description regarding your primary concern.
What is the potential difficulty you see in communication? What is the difficulty in measuring chain length? AFAIK having recent block headers is enough, and it's literally a few bytes of data per 10 minutes on average.
I think your concerns about botnets, etc. are a little late, since the network is about to be dominated by ASICs. Deep pockets could still spend millions of dollars and develop an advanced ASIC based farm, but this will become a lesser threat in the following years. I don't think this is a huge practical concern. With millions to billions dollars at your disposal, you can destroy many things. An attack based on application specific computational power would at most render the Bitcoin network unusable until the developers change the hashing algorithm. Besides, there are many Bitcoin clones out there anyway, so a totalitarian regime doesn't have anything to gain from such an attack.
I don't get what you mean by transparent proxies or eavesdropping. Bitcoin transactions are completely transparent.
Regarding anonymity; Bitcoin transactions are completely traceable and many types of analysis can be made to relate addresses to each other. They don't work very well in practice, but even so, you should never trust obscurity. Untraceable transactions can be and are easily implemented on top of the protocol, though I'm not sure (and don't care) how many SR purchasers use such solutions.
Someone responds, but something like bitcoin can allow anonymous transactions. Well, they don't need to track "you", just your habits. You're still no better off than where you were with ads, other than now you need to pay money and have the inconvenience of registering with each site to pay them, even if with an anonymous bitcoin key.
Wait, it gets better. They can just start tracking your keys, and now you give them the same info AND you pay them money. But you can create many more keys for free you say? But all transactions are public, so they can data-mine and link all of the fake-keys to the real person.
The fact that all transactions are public doesn't mean that data mining will work. Best case scenario, their heuristics might identify islands of suspected connections. The way common Bitcoin wallets work, it's not very likely that you will discover a decent way to track any person. You might be able to track some people because of their peculiar usage habits, but not the ordinary user.
I can imagine methods of secure login using automatically assigned keys to each site, but they will never be supported by, say, out of the box Windows. It's a pity because Bitcoin clients by default already have an endless supply of unused private keys which gpg software doesn't make easy.
One easy way out of this I have seen is sites that automatically create a login directly when you access the site. Besides the cookie you receive, you are given a URL so that you can access the site on multiple devices. If you use the site regularly and think you need to access it later on other devices, you can just bookmark; otherwise you don't need to care. The account has a deposit address attached where you can make micro-payments. The URL itself could even contain a hash of the said deposit address, so that you can recover it by checking your transactions even if you lose the bookmark.
The downside is, you need to keep this URL private if you don't plan to share the account, but I think the potential damage caused by such an exposure is very low for regular sites. Accounts with higher value could be protected by an optional password feature.
By the way, Bitcoin transactions are cheap, but not free. It's not a big issue currently, but the fees might become prohibitive for minuscule transactions in the future. However AFAIK there is development in the works to reduce the cost of making massive number of micro-transactions, and hopefully it will be available before fees become high enough to care about.
Certainly, but I'm not sure the same dynamics apply to technical failures. This last one was not really a big deal, but even if there were a fork that lasted long enough to be a real problem (e.g. 120 blocks, or 20 hours), I'm fairly certain it would be resolved at the developer level.
A more plausible scenario would be a political dispute between users/miners/developers/merchants/etc. Even if the core developers came up with a radical rule change despite the user base and intentionally forked the chain, the network effect "in theory" should cause that fork to wither away. This is obviously pure speculation though.
Current fork was not a big deal, it's an extraordinary branching but the protocol is very resilient to that. The chain recovered in a few hours and the transactions were automatically merged.
However, there have been many parallel systems almost since the beginning of Bitcoin: https://en.bitcoin.it/wiki/List_of_alternative_cryptocurrencies
What keeps Bitcoin on the top has always been the network effect. As long as there isn't a completely incompatible breakthrough in the technology, it is likely that it will remain dominant, since it can absorb development done on the alternatives. There hasn't been any such proven improvement yet though.
Also, check out Ripple: https://ripple.com/
I can't claim that the bug is not a stupid one, but I don't think your solution would have saved it. It was really an unknown problem at the database layer and it would be decided as reconcilable anyway. And it's at a specific level in the network architecture; clients were never incompatible and transactions were being relayed just fine.
Furthermore, you don't want any method to top-down enforce anything on a network like Bitcoin. Actually a wider variance of software increases network's resilience.
If a major bank tried to pull this sort of nonsense, they'd be bankrupt so fast that the stockholders would have whiplash.
Well, Bitcoin is not a major bank though. Bitcoin's market cap is probably much lower than a major bank's janitorial costs.
My wife is the manager of an operations branch of a major bank, and snickered at your comment though. What I gather is, this sort of nonsense happens all the time in major banks too, but they have several layers that keep it going even if some part is broken. Bitcoin, as a greater structure, isn't quite there yet.
They moved from BerkeleyDB to LevelDB. Apparently it's the right call, though they should have done it far earlier.
Yes.
Branches are a part of the protocol, they are mostly natural. That's why it's recommended to wait for confirmations for higher value transactions. However long branches should be very improbable and this software glitch broke this condition. Even so, since the protocol is built on this, all transactions from the orphaned chain are carried to to the one selected by the highest hashing power. Valid transactions are not lost and double spends are invalidated. However, as you said, a careful attacker can do a double spend far more easily during such a long fork.
Well, Bitcoin is experimental, so I guess risk averse people need to stay away from it until it's stable enough, or at least should not use it "exclusively".
I'm quite happy with Bitcoin being both a currency and a payment network. In time, this will probably change though, and people will use payment systems like PayPal implemented on top of Bitcoin.
It's like saying we're going to upgrade the dollar, and yet nobody moves to the "new dollar"
The analogy is almost true, but in this case it really doesn't matter which version exchanges use. Transactions generated by 0.8 can be mined by 0.7 and vice versa. I don't know where you got the impression that they were rendered incompatible, but it's wrong.
All miners switched to the old version so that everyone, old and new, could handle the generated blocks. The opposite would render all the blocks that will be generated by the old version defunct.
At the time of discovery, branch using the new version was already longer, but developers recommended that we cut it off anyway and so the miners did.
By the way, exchanges have nothing to do with it, since both old and new version can handle the transactions themselves. This issue was strictly about miners, so it mostly involves mining pools.
Arguably, it comes from foodstuffs that have their very own carbon footprint. I'm sure the representative didn't really think of this but since the carbon you exhale is a reasonable measure of your energy expenditure, and the fact that the energy comes from food that is produced using energy, it is actually a fact that an increased overall respiration rate could mean an increased carbon footprint.
It's just that the carbon atoms you're exhaling are not the same carbon atoms that are counted as an increased footprint.
Of course the point itself is stupid, not because it comes from nature anyways, but because you could sit all day and become obese while still causing the same carbon footprint, and then go get a liposuction and cause even more. Then again all that fat will become oil at one point. ;-)
if you've taken ECON 200 you'll know
I want to invoke philosophy of science here. You won't "know". Almost everyone I know has taken ECON 200 (yeah unfortunate but everyone I know is either a physicist or an economist), and almost all are sympathetic to Bitcoin. I have discussed it with several academics too, and I don't remember them bringing up the deflation. Therefore I think your argument is a (mild) appeal to authority.
You instead need to describe why and how deflation is bad for the economy, then see if it applies to Bitcoin. While describing the mechanism, you will realize that completely open and fluid economies can't be hurt by deflation, nor the other way around.
If I create incentives for you to use my money (legal tender laws, accounting regulations, etc.), then deflation could at least has the potential to hurt the resulting economy. I don't know how you can say an increase in the price of, say, gold, hurts gold economy, or the entire economy though, as long as I am completely free about exchanging it with whatever currency I prefer.
Using Bitcoin is, and always will be, voluntary.