2101
|
Bitcoin / Bitcoin Discussion / Re: The "Bounty Swarm"
|
on: August 11, 2010, 12:02:33 AM
|
The micro transaction fee only applies to the the 'out' side.
Right, but every TxIn has to have a corresponding TxOut (except for GENERATE/coinbase transactions, but those have their own rules). So if you want a 0 BTC TxIn, you've gotta first pay yourself with a 0BTC TxOut and that'll trigger the fee. TxIns don't contain a value, the value is in the corresponding TxOut... Anyone who is accepting 'bad' transactions and returning good coins deserves to give their money away.
But you agree that it wouldn't be OK for a 'refundtransaction' API call to make it easy to do that, right?
|
|
|
2102
|
Bitcoin / Bitcoin Discussion / Re: The "Bounty Swarm"
|
on: August 10, 2010, 10:31:23 PM
|
Are transactions allowed to have input addresses with a zero balance?
If they are (I didn't see anything preventing them after a quick reading of the code), then they trigger the 0.01BTC micro-transaction fee. I'll be doing a lot of experimenting (on the TEST network, of course) with refunding transactions over the next few weeks. I think the UI issue can be resolved (it should be pretty straightforward to teach the UI to recognize refund transactions and show them as "refund from BLAH", where BLAH is either a BC address or a label from your address book. I've already implemented a "refundtransaction" api call, but it still needs work before it would be ready for standard bitcoin. In particular, it shouldn't be possible to create infinite 'refundtransaction' loops (where you accidentally or purposely refundtransaction a refunded transaction, probably triggering another refund, etc). And refunding a transaction should, ideally, use the same "coins" (... should have the same ancestor transactions, for anybody who's going to get all pedantic on me) as the original transaction, if possible, so if that original transaction is exactly as valid as the original transaction. Otherwise it might be possible to generate a bad transaction, send it somewhere you know it will get refunded immediately with different, valid transactions, and so "launder" your bad bitcoins for good.
|
|
|
2103
|
Bitcoin / Bitcoin Discussion / Re: How do we prevent Bitcoin forks (or should we)?
|
on: August 10, 2010, 09:49:26 PM
|
I very much doubt that any one entity will ever have 50% of the computational power. The botnet operators will bow to the whims of the community because it's the community that ultimately gives bitcoins value. What good is a giant load of bitcoins if you don't have anyone willing to give you something in exchange for them?
Eventually the largest merchants and money exchangers will control what is "standard" bitcoin. Take the "50-coiners" scenario, and imagine that they manage to get 75% of the CPU power on their side. But imagine that the biggest merchants and money exchangers are more conservative, and are in the 25% minority. I think they will be-- I don't think they'll be the ones in the business of generating coins (they'll be busy selling products or doing the exchange thing). What happens? Well, the block chain splits. Transactions using coins minted before the split will get added to both block chains, and accepted by everybody. Transactions involving "50-coins" (generated after the split) will be accepted on the 50-coin chain, rejected on the 25-coin chain. And vice-versa. "50-coiners" would quickly find out that they couldn't get rid of their newly minted money because who wants bitcoins that are rejected by the biggest money exchangers or merchants? If the big merchants and money exchangers disagreed, I bet you'd see Bitcoin clients that ONLY accepted pre-split coins and did no coin generation (since those transactions would be accepted by everybody). If it was never resolved, I think the number of Bitcoins at the time of the split would become "the number of Bitcoins, period," because most people will not want to use money that is accepted some places and not others.
|
|
|
2104
|
Bitcoin / Bitcoin Discussion / Re: Bitcoin minting is thermodynamically perverse
|
on: August 10, 2010, 09:26:14 PM
|
So, Bitcoin motivates behavior of stealing computing power from innocent computer owners.
Sure, in exactly the same way the existence of credit cards motivates behavior of stealing credit card numbers from innocent credit card users. Or the existence of bank accounts motivates hackers to try to break into your system to find out your bank account number. Or the existence of cars motivates some people to steal gasoline from innocent service station owners. I believe the benefits of Bitcoin will outweigh the harm, and I further believe that I am capable of making that moral judgment. I might be wrong, and I might regret I ever got involved, but if I only ever did things that I was 100% certain were going to work out for the best I would never accomplish anything new and interesting.
|
|
|
2105
|
Bitcoin / Bitcoin Discussion / Re: latency and locality
|
on: August 07, 2010, 11:52:14 AM
|
Is the main thrust and incredulity in your argument because you think there CANNOT be a better solution than burning 100,000 CPU at 100% 24/7 and sending 100,000+ redundant messages per transaction?
No, not at all. Like I said when I jumped into this thread, I think using a DHT network to somehow distribute the work is a very interesting idea, it just seems to me any solution that partitions the network will be more vulnerable to attacks that insert malicious nodes. I think it would be fantastic to come up with less resource-intensive solution that actually works. How does Freenet generate node IDs? The only info I see in the latest Freenet paper is: When joining, nodes choose an identity at random, and then connect to those peers with whom they have a pre-established trusted relationship. .... and: The perhaps largest advantage that the trusted-connection model offers over traditional anonymity networks is protection against the Sybil attack [13], where a single attacker infiltrates the network by pretending to have many identities. Since the network depends on out of band trust relationships, an attacker gains strength only through the number of people he can fool into trusting him, and gains nothing by presenting multiple identities online. ...which doesn't sound like it would work very well for Bitcoin.
|
|
|
2106
|
Bitcoin / Bitcoin Discussion / Re: latency and locality
|
on: August 07, 2010, 01:20:01 AM
|
So which one is valid? Who cares. Flip a coin. That is exactly what bitcoin does in this situation. If my node is working on a block with on transaction, and your node is working on a block with a conflicting transaction, whoever solves the block first wins.
Now I'm confused again. I thought your scheme didn't have blocks, just transactions. What do you mean, whoever solves "the block" first? By the way, standard DHTs already address preserving data when nodes leave, and spreading the data when nodes join. But standard DHTs are typically used to store chunks of MP3s or movies, indexed by a torrent file that has the hash for every piece. So it is easy for me to tell whether or not I'm getting bad data from any particular DHT node. I don't have to trust them. Nodes would generate node addresses based upon private keys, exactly as is being done for bitcoin addresses. This makes node spoofing implausible.
Huh? Lets say the network has 10,000 nodes in it. I query the network to find the network node closest to a transaction that I want to double-spend. So I generate a private key. It has about a 1 in 10,000 chance of being closer than the current closest node. So I keep generating private keys until I have 5 that are closer. It's too late for me to figure out the odds, but lets say I generate 100,000 private keys, I'm pretty darn likely to find 5. My wimpy laptop can generate at LEAST 100 ECC keys/second, so in under 20 minutes it could generate 100,000. I create 5 nodes with those keys (telling the rest of the network "honest, folks, I chose those keys RANDOMLY...") and I've won. All of the inputs to the out-point hash are fixed except the payee, which is pre-specified. The only flexibility I can think of would be in the payment amount. If you want to iterate through all possible amounts and try to create a simultaneous 5 way hash collision, knock yourself out. I'm not trying to generate a transaction with a particular hash, I'm trying to generate node ids that are "closer" to that transaction's hash than any other node currently on the network. That's much easier.
|
|
|
2107
|
Bitcoin / Bitcoin Discussion / Re: latency and locality
|
on: August 06, 2010, 11:32:05 PM
|
So for any new transaction, to verify it, you send it to the five closest nodes to each in-point on the transaction. They record the transaction and immediately tell you if they've seen a double spend. If any have, it's a bogus transaction, which gets broadcast to the other close nodes.
What happens when they disagree about which transaction happened first? Majority rule? Who decides what the majority is, and can it change if 4 of the five nodes leave the network and are replaced by another 5 nodes? And if I know that I'm going to create a large transaction, can I do some work precomputing node IDs such that the transaction (which I haven't yet sent out) will hash to nodes that I control? If I control all the nodes storing the transaction, then I can just answer "yes, absolutely, that transaction is valid and hasn't been double-spent..." The brilliant insight behind bitcoin is the distributed timestamping mechanism; everybody agrees on an order of transactions. I don't see how your scheme solves that problem.
|
|
|
2108
|
Bitcoin / Development & Technical Discussion / Printing bitcoins : could it work?
|
on: August 06, 2010, 10:12:44 PM
|
Some random Friday afternoon brainstorming: could you print out bitcoins to function as user-created paper money? QR code could be used to encode a transaction hash and a transaction signature on a piece of paper (along with a human-readable amount). A bitcoin client could print out coins that are in your wallet and marks them as "PRINTED" (so you don't accidentally spend them-- there would probably be a way of recovering them in case the paper versions were lost or stolen, and they'd automatically get removed when the paper versions were spent). Give that piece of paper to a merchant connected to the Bitcoin network and they can scan it and transfer the coins into their wallet. They should then destroy the paper, because that transaction is spent. Double-spending would be nearly impossible, because once you give the paper to the merchant you lose control over exactly when they submit it to the network to be verified. The only problem I see is how the merchant gives you your change. The merchant could print out the change, but you'd have to trust that they were giving you valid, unspent coins, unless you have a device connected to the network that could verify them (but that's dumb, because if you do have such a device why bother with paper bitcoins?). We trust merchants not to give us counterfeit dollars... I wonder if fear of loss of reputation would be enough to keep them honest when giving paper bitcoins as change...
|
|
|
2109
|
Bitcoin / Bitcoin Discussion / Re: latency and locality
|
on: August 06, 2010, 07:36:12 PM
|
Bitcoin could be made into a truly distributed system by storing the transaction graph in a distributed hash table. This is the kind of magic that is behind most other P2P systems. In effect, each bitcoin address would be arbitrarily mapped to a smaller set of nodes that checked its transactions. In such a system, there is no need to broadcast global state to every machine. This takes huge amount of latency out without needing to change any of the desired behavior.
Interesting idea. So, lets see, I create a transaction to pay you (say) 100 of my newly minted bitcoins. That'll be a transaction with two 50BTC TxIns (signed by me, pointing to two mature GENERATE transactions somewhere in the block chain) and one 100BTC TxOuts. You want to make sure I haven't double-spent those TxIns, so instead of flooding the network with that transaction you find the hash of the two GENERATE transactions and send two queries down into the DHT network: "Hey, here's a transaction, tell me if it is valid." They say "yup", and then... what? Include it in any blocks they're lucky enough to generate? Broadcast it to everybody (which'd be no better than the current scheme) or some subset of the DHT network (what subset?)? How do you know that you won't get a different answer to "is this transaction valid" if you ask again in 10 minutes when the network topology might have changed? I don't know much about DHT networks and how they manage to keep reliable information when nodes may be coming and going (or buggy or malicious). How would it work?
|
|
|
2110
|
Bitcoin / Bitcoin Discussion / Re: Flood attack 0.00000001 BC
|
on: August 06, 2010, 12:32:49 AM
|
So I send a transaction of .001 BTC from me to Fred and .000001 BTC from me to A. I send a different one to B and C.
Now A, B, and C cannot make a profit by sending that transaction for anyone else to crunch on so if they want to collect they have to process it.
The trick is enforcing the rule that 0.001 only flows from me to fred once and not in each block.
I'm thoroughly confused on what, exactly, you're proposing. I want to make a 100 Bitcoin transaction to you. You're proposing that I need to pay a "transmit fee" ... which is paid to who and does what, exactly? If I pay it to A, B, and C, does that mean they rebroadcast the transaction to everybody they're connected to? Do they, in turn, pay transmit fees to the nodes they're rebroadcast it to? What stops them from saying "Thank you very much for the transmit fee" and cheating (drop my transaction on the floor)? Satoshi's proposal that all transaction carry a minimum fee to cover network overhead makes sense; whoever generates the block with the transaction gets the fee.
|
|
|
2112
|
Economy / Economics / Re: On Hoarding
|
on: August 05, 2010, 02:19:50 AM
|
In a market based society there is only relative wealth. Bill Gate is not rich because he has 40 billion dollars. He is rich because we all don't have 40 billion dollars. If we did all did the "average" house would cost 100 billion dollars and we'd all still have mortgages.
Hah! While I was typing this, Kiba said essentially the same thing... We are all rich because we have computers and the Internet and Wikipedia and other wonders the world has never seen before. There is absolute wealth. We are healthier and wealthier and live longer than any previous generation, and that's a wonderful thing.
|
|
|
2113
|
Bitcoin / Bitcoin Discussion / Re: Who's the Spanish jerk draining the Faucet?
|
on: August 05, 2010, 02:11:34 AM
|
This is a nice exercise in what happens when you give free stuff away. Hint: People try to get the free stuff. I do think it's a nice idea, I'm not saying you shouldn't do it.
Yeah, I shoulda anticipated problems when Bitcoins went from 0.005 USD each to 0.06 each. If it takes somebody two minutes to go through the "get a new IP, get a new BC address, solve the captcha" process then they'd make 5*30=150 bitcoins an hour, which is $9 USD an hour, which, if you're unemployed, bored, and/or 13 years old is easy money.
|
|
|
2114
|
Bitcoin / Bitcoin Discussion / Re: Who's the Spanish jerk draining the Faucet?
|
on: August 05, 2010, 02:06:54 AM
|
Thanks for all the ideas!
First: I'm definitely going to drop from 5 BTC; I think I'll go all the way down to 0.50 BTC (rather than do 1 or 2). Giving away a percentage of how much the faucet has is an interesting idea, but I want it to be as simple as possible.
Second: I really don't want to make getting coins from the Faucet a whole heavy-weight "register and check your email and yada yada yada."
But I do like the idea of adding an extra hurdle for 'suspicious-looking' behavior. So I'm leaning towards doing some fuzzy browser fingerprinting combined with rate-limiting and, if you look suspicious or the fountain has been giving away a larger-than-usual number of coins, require that you login with your google account before getting any coins. No google account: no coins.
It is hard to create lots of google accounts; they're requiring either phone or SMS account verification these days...
|
|
|
2115
|
Bitcoin / Bitcoin Discussion / Who's the Spanish jerk draining the Faucet?
|
on: August 04, 2010, 08:40:55 PM
|
I just shut down freebitcoins.appspot.com; it looks like somebody in Spain is being a jerk and getting a new IP address, bitcoin address, and solving the captcha. Over and over and over again: 79.154.133.217 - - [04/Aug/2010:12:46:55 -0700] "POST / HTTP/1.1" 200 1294 "https://freebitcoins.appspot.com/" "Opera/9.80 (Windows NT 6.0; U; es-LA) Presto/2.6.30 Version/10.60,gzip(gfe)"
79.146.112.13 - - [04/Aug/2010:12:45:20 -0700] "POST / HTTP/1.1" 200 1294 "https://freebitcoins.appspot.com/" "Opera/9.80 (Windows NT 6.0; U; es-LA) Presto/2.6.30 Version/10.60,gzip(gfe)"
81.44.159.81 - - [04/Aug/2010:12:42:20 -0700] "POST / HTTP/1.1" 200 1294 "https://freebitcoins.appspot.com/" "Opera/9.80 (Windows NT 6.0; U; es-LA) Presto/2.6.30 Version/10.60,gzip(gfe)" Those IP addresses all map to Telefonica de Espana. If it was you: give them back, please: 15VjRaDX9zpbA8LVnbrCAFzrVzN7ixHNsC Now that 5 bitcoins is worth a fair bit, I'm thinking I need more cheating countermeasures. I can think of four things to try: 1. Rate limit based on the first byte of the IP address (79. or 81. in this case). 2. Rate limit based on the USER-AGENT string ("Opera/9.8..." in this case). 3. Rate limit based on last two domains of reverse DNS lookup of the IP address (rima-tde.net in this case). 4. Make the standard amount given away 0.5 Bitcoins (Bitcoins have gone up 10 times in value since I started the Faucet). If you get rate limited, you'll get a message that asks you to try again tomorrow. BitcoinFX: thanks again for the donation to the faucet; I'm going to drain the Faucet below 500 coins temporarily, and will refill it with your donation after the new cheating countermeasures are in place.
|
|
|
2116
|
Bitcoin / Bitcoin Discussion / Re: Flood attack 0.00000001 BC
|
on: August 04, 2010, 12:55:59 PM
|
The 1 BTC transaction is a transaction with 1 input and 2 outputs, but it's still only 1 transaction.
The rule is "if any TxOut (output) has a value of less than 0.01 bitcoins, charge a 0.01 fee": main.h: foreach(const CTxOut& txout, vout) if (txout.nValue < CENT) nMinFee = CENT;
|
|
|
2117
|
Bitcoin / Bitcoin Discussion / Re: Flood attack 0.00000001 BC
|
on: August 04, 2010, 11:58:58 AM
|
Well, right now nothing stops someone from creating a system where:
A sends 1.00000001 to B B sends 1.00000000 back to A
Net result is a micro-payment and no processing fee.
... unless B started with zero bitcoins. Then B is stuck; she can't send 1.0 back, because doing that would cause a 0.00000001 bitcoin 'change' transaction, which would trigger the 0.01BTC fee, which they can't pay (because they only have 1.0000000001).
|
|
|
2118
|
Bitcoin / Development & Technical Discussion / Re: Content-Length header and 500 (was Re: Authentication, JSON RPC and Python)
|
on: August 03, 2010, 10:52:10 PM
|
The two JSON RPC libs available at CPAN (Perl), and a compliant C lib that I wrote locally to verify the behavior.
Perl's LWP module definitely sets the Content-Length header. I would've been surprised if it didn't, since it is required by HTTP 1.0 and the HTTP 1.1 spec says clients 'SHOULD' set it. After some struggle, I got the first JSON::RPC library at CPAN to work: use JSON::RPC::Client; use Data::Dumper; my $client = new JSON::RPC::Client;
$client->ua->credentials( 'localhost:8332', 'jsonrpc', 'my rpcusername' => 'my rpcpassword' # Replace with real user/pass ); my @foo = $client->ua->credentials('localhost:8332', 'jsonrpc'); print "@foo\n";
my $uri = 'http://localhost:8332/'; my $obj = { method => 'getinfo', params => [], }; my $res = $client->call( $uri, $obj ); if($res){ if ($res->is_error) { print "Error : ", $res->error_message; } else { print Dumper($res->result); } } else { print $client->status_line; }
The struggle was setting the realm to 'jsonrpc' (it is fussy about that). I'll document that on the wiki.
|
|
|
2120
|
Bitcoin / Bitcoin Discussion / Re: What happens when network is split for prolonged time and reconnected?
|
on: August 03, 2010, 06:38:44 PM
|
I am also not saying it is a good thing. having a single split for a fairly long period of time lets people come up with a solution, having many splits that each last for a few hours means that transactions randomly disappear and that hurts confidence in the system.
Transactions won't disappear if they're valid. They'll just move to the longer block chain. Invalid transactions would be somebody trying to double-spend across the split chains (which would be tricky-- you'd have to run a modified client, or copy your wallet to a machine working on the other block chain). Or if the split lasted long enough (more than 100 blocks), transactions that involve generated coins on the shorter chain would be invalid at the merge. For shorter splits, immature generated coins on the shorter chain will disappear when the chains merge, but that would be about the worst consequences for honest users (unless you were unlucky enough to get an invalid coin from somebody trying to cheat).
|
|
|
|