The alert key posed problems because it was part of the protocol. Dev GPG key verification can be done wholly client side and could even be set to trust only developers X and Y or what have you. Set the sites you want to check for updates, set the keys you need to verify a binary. Probably have some simple protocol that allows for a high priority message to be sent to the user. No one has much control over this situation except the user and who owns what keys are irrelevant as long as they aren't all compromised.

I agree with the first part, but as far as 'update available' notifications, is it any worse than relying on GPG verification of binaries in the first place? Update notifications could also automate the GPG verification which few people aside from very serious users probably do. Of course that means relying on the key baked into the software, but it is always possible to compromise something somewhere. Having to read the news to find out there is a critical vulnerability in the software you are using does not seem to be ideal, imo.

COBOL was never designed as a general purpose language. Part of the problem with C/C++ is that we are absolutely, irrevocably stuck with it because it is so integral in so many things. It means that newer and potentially better-designed languages have slim chances of succeeding because of C++'s dominance. It isn't going anywhere anytime soon.

With that said, it might be beneficial to move the core to some high level language/script that is then interpreted by a C++ or any other compiler.

There are many subtle differences between different types of POS coin. The "original" POS style, exemplified by NXT and PPCoin, involves currency holders having a pseudo-random chance at being able to create a block based on how much currency they own. This is "permissionless" like POW - there are no designated nodes. But there are many other ways to do POS - Tendermint uses a 2/3rd majority of a set validators to create new blocks. Directed Acyclic Graph (DAG) coins like Byteball and Iota use a majority of witnesses/validators to move the graph along.

POS's primary advantage is that very little energy is required to secure the network. This eventually means transactions on POS coins will be much cheaper. However, large currency holders (or permissioned validators) may be able to attack the network the way computing power can attack POW. Because these currencies are secured by signatures instead of work, it may even be possible to attack the network after "cashing out". This is called the "nothing at stake" attack, but it is much more complicated to pull off than a POW attack.

Sharding is the idea of splitting up a blockchain into multiple smaller parts so that the bandwidth required is dramatically reduced. For POW, this would require splitting POW up into multiple chains making all shards weak as the weakest shard - in theory, there may be ways to improve that security. For POS, assuming a random, uncoordinated distribution of stake/validators among each shard, attacking one shard would be as almost difficult as attacking the whole network. The probability of gaining a controlling stake over one shard would be correlated to how much total stake an attacker controls.

One thing to note about most POW coins is that they are pretty weak to attack from competitors. Bitcoin Gold was successfully attacked and an exchange lost $18m recently. Unless you have an overwhelming marketshare like Bitcoin, POW coins are quite vulnerable whereas POS are usually not.

Austrian economists typically have espoused the direct opposite view - certainly the more famous ones at least. A false statement in calling out false statements?

These holes need digging!!


Contradiction between two neighboring sentences.


I made no argument for marginal utility, only that utility is not marginal utility.


I don't understand the vehement denials nor the completely unnecessary ad homs. I am willing to entertain Marx's LTV. I don't think it fits well, but that doesn't mean I am impossible to persuade. But as I suspected from the beginning, you don't appear willing to have a reasonable discussion, so I will exit the thread.

But I will say again that if you want any of your arguments to hold water, you must explain the value of non-PoW currencies. Unscientifically comparing them to fiat with a false equivalence is not an argument.

Marginalism posits that the cost to produce an item is roughly what you can sell it for, barring a monopoly. It separates the labor from the price which explains why a bitcoin could cost both $0 and $5k to produce. Distorting the issue, however, is that bitcoin (crypto in general) is unique in that it is akin to a decentralized monopoly.

The code is the monopolistic owner of a resource and the code delegates how that resource is produced. Because bitcoin is decentralized, the code must introduce inefficiency (difficulty) to combat the duplication of infrastructure (mining rigs) from pulverizing the price to zero. It is therefore apt to say that bitcoin is "paying people to dig holes and then fill them up" because any miners beyond the first one are completely unnecessary in the economic sense. Ideally, if we could somehow ensure that a single miner would function identically to a decentralized group of miners to the consumer, the single miner is the far superior scenario as the duplicate and wasteful infrastructure is avoided and total profit realized is far greater. (Although this may be undesirable if you are a communist.)

Ironically, arguing for the usefulness of mining (economically) is in a way arguing a Keynesian idea (digging holes).


The utility of bitcoin is clearly not the same as always. In 2009 I could not buy alpaca socks; in 2011 I could. Therefore in 2011 the utility of bitcoin was higher than in 2009. I think here you are trying to avoid any association with marginal utility so as to make your case, but utility is not the same as marginal utility. If you deny the utility of bitcoin has changed over time, then there is no hope of a productive discussion.

It also appears to me that you are conflating supply and demand with "changes in social situation", if not please clarify because I don't understand this argument. Perhaps you mean subjectivity, but that would be arguing against LTV. As far as the value changing because of it - this can't be correct under LTV because the labor is the value.

Again it is somewhat difficult to peg Bitcoin in here because it is designed solely as a currency and thus has no value in use, and it is a decentralized monopoly which distorts many of the inputs and outputs of the situation. If you are going to make a strong case that bitcoin satisfies LTV, your arguments need work, imo.


A false equivalence. No argument has been presented.

For the bolded text, I believe this is incorrect as it is heavily implied the author is a bitcoin supporter in the very last line of the article: "Long may [Bitcoin] remain desirable."


Your tone seems to imply that you aren't willing to honestly discuss this topic, but I will take a shot anyway.

On at least two points, I don't believe your association of mining costs to value aligns well with Marx's LTV. Firstly, Marx's LTV is not simply about labor being the defining aspect of a product's price - it is "socially necessary" labor. If the socially necessary constraint were not in place, then by that argument all products' prices would be a function of their labor cost, even when there is zero utility (or socially necessary labor). Secondly, the cost to produce any given bitcoin has varied between roughly $0.00 and $5,000.00 even though they are absolutely identical. The cost to produce a new bitcoin (loosely) follows the price. I don't believe that this can be explained by Marx's LTV. It can, however, be explained by marginalism.

Additionally, there are currencies that do not use PoW and yet still have value. Significant amounts of value. A strong case must be made as to why this value is illusory, but you have not broached it. One could make the counter argument that the existence of these "labor free" currencies invalidates your argument as it appears to prove that there is no socially necessary labor cost. i.e. PoW's popularity is only a preference.


This also seems a bit off-topic for D&TD and should probably be in the economics forum.

Bitcoin doesn't eliminate banks. Banks are the ultimate liquidity providers to enable capitalism. FRB evolved because the demand for money exceeded the supply of gold. Should Bitcoin become the dominant currency of the world, banks would need to apply FRB to it as well to help control the price or risk massive waves of bankruptcy in a deflationary event. The alternative is banks won't touch bitcoin. Without demand for bitcoin investment capital, it will likely always remain niche.


While true, there is nothing special about PoW in this regard. Any decentralized currency combats these problems.


Historical savings interest beats inflation. It is only in the last decade or two that basic savings interest has not kept up with or exceeded inflation. The stock market will generally always meet or beat inflation as long as an economy grows as it is automatically indexed to inflation by the investment of inflated currency thereof. The "theft" via inflation is highly dramatized. It is government spending (and other interference) that causes a misallocation of resources, not inflation. In the case of the 2008 crisis, it started as pressure from the US government to the banks to issue more mortgages to less qualified people, distorting the checks and balances of the system.


You mean anyone with custom, production monopoly-prone specialized hardware.

This is misleading. It isn't possible to just hit the sell button on a "dominant share" of a coin. The market will likely collapse on the way to the exit which may already accomplish what you wanted to do anyway as a dominant shareholder. It is a criticism of lopsided distribution, not PoS. If distribution were not lopsided, then to achieve a dominant share there was a significant cost associated, and exiting that market will absolutely not be free.

Deride weak subjectivity all you want, but software checkpoints have zero actual cost and very low social and philosophical costs to anyone that isn't beating the PoW drum (which costs billions of actual dollars every year). Transactions will be dramatically cheaper on PoS and that will ultimately decide what people use - at least as an actual currency.

That is the propaganda you have to deal with on bitcointalk.org. You don't typically get unbiased opinions here.


More or less. But discussing the crazier "what ifs" helps to design better protocols.

Not necessarily. Or not a necessarily large one. Someone could buy up a large amount of the currency when it was worth less than pennies, or even the currency creator could be a threat if a significant amount were distributed to them at the start. This is different from bitcoin because the cost to attack the network is always relative to how popular the network currently is. There is no early stage adopter threat to the network itself. (Although I have argued in the past that Satoshi is a significant threat to bitcoin economically because he can wipe out the market.)


I believe the only responses about how easy the attack is is in regards to your example about timestamps. Forging the chain itself is easy, having the signatures to do it is is where the difficulty lies - but there are many obscure factors that can make it easier.


There are also a number of attacks that do not create multiple chains but create chaos in more insidious ways. A 3rd party can't prove to you that a chain is being censored, for example. I agree that the general essence of the "nothing at stake" argument is pretty weak with improbable scenarios required to effect it, but it is better to be aware than to be blissful.

It is easy to fake timestamps, you just have your software write in a number into a block of the fake chain it is creating. It is difficult/impossible to fool existing nodes into believing the network is valid. However, an independent node (of the network) sees two equally valid histories based on the rules of the network. There is no way it can independently verify whether a timestamp was forged, it's just an integer in a block. This is also the case for Bitcoin, but the cost of creating that timestamp is governed by the PoW difficulty rather than a free digital signature given an attacker with ~50% of the network stake. And the attack can continue free of charge, whereas with Bitcoin you must keep expending resources to keep up with PoW because the most difficult chain wins.

It's a difficult attack to be sure because owning that much stake in a network is unlikely - but it is absolutely not impossible because many PoS systems especially have very lopsided distributions. Losing the ability for new nodes to know what is the "one, true chain" without needing outside information is a problem. How big of a problem is a matter for debate, but it can't just be brushed off as so unlikely as to be impossible.

The core argument is that there is no objectively determined network. A node that was not around during the time the "honest network" progressed has no basis of knowledge for which fork to choose when presented with equally valid options. In this case, "making up 3 months" is as simple as creating the blocks near instantly with only a signature as proof and no immediate cost. With PoW this immediate cost is very high for bitcoin, but can drop dramatically for many altcoins.

However, the argument started as a criticism of NXT and Peercoin where there is literally no downside to staking several competing forks. It has been reformulated several times over to apply to any proof of stake system (including ones that punish bad behavior)--somewhat successfully in my opinion, but only given some highly implausible (but not impossible) conditions. There is *a lot* of manipulation in the cryptocurrency sphere, so discounting implausible scenarios as impossible seems like a logical mistake. However, I think the future of cryptocurrency security will be in currencies that are more PoS-like than PoW-like.

I would just like to point out that in 2011 the account "etlase" was squelched (not banned, but unable to post) and had roughly 30 posts deleted for being overly opinionated and anti-bitcoin. You can see in the posting history here, where the account was accused of being a professional troll by a global moderator, although there is a distinct lack of context available. Apparently russians later hacked the account after posting privileges had been restored.

My point is in addition to the seemingly valid claim that the rules can be arbitrarily enforced. That is of course at the discretion of the moderators, but keeping this up as an appearance of a technicality of breaking rules seems deceptive. I agree that anonymint goes too far on subjects that don't seem to have much merit, but there are many, many other situations where he has keen insight and those posts vastly outweigh the negatives in intellectual merit. He can be a loud, obnoxious, and negative voice so he gets the ban grease while 75% of the forum fills up with copypasta post spam (a rule violation) for signature campaigns.

I don't know what warnings he has received or what was the real original reason for his ban, but if subsequent bans are merely because of "ban evasion" maybe it's time to just drop it and let him post? If he is really mucking up individual threads, maybe allow the thread creators to turn them into moderated threads and moderate the discussion themselves?

I agree that there are a lot of moving parts. I disagree that attacking the network is the most efficient way to profit. It is unlikely that you can prove your argument one way or another, and vast generalizations are not convincing.


Why do you react so strongly to such mild characterizations? Take a chill pill, for once.


Bitcoin BFT requires the safety of the consensus result, regardless of adversary. The Decrits design (and presumably others that you've reviewed) eschews this requirement in favor of a non-automatic consensus in the face of adversaries. Since lack of safety can be proven (by a lack of validators' signatures), a node can't be convinced by an adversary that the network is correct and can therefore refrain from making decisions. With BFT, the network can never be proven safe or unsafe.


BFT assumes network synchrony. Every usable consensus system has to, to some degree. The FLP theorem can not apply. This is inviolable.

The attacker loses if 1% of the economic weight of the network chooses not to use their fork, as I already stated. If both forks continue to exist, the value of the network is split and the attacker loses some amount of value. It is distributed back to the users of the network who have increased power at the attacker's expense.


I've seen you mention 33% stalling, but I don't know what the rationale is. Could you expand on it? At least under Decrits, each validator has control of the world for his window of time. The evil validators could ignore an honest validator, but they would have to be all of the validators immediately after that validator to do so and win undisputed. If there is any honest node, he accepts it and the honest chain continues, and it distills back to grandma again - which you erroneously presume requires 50% of something, but it only requires any amount of economic weight to be behind a fork.


This was an error in my original design that I have since rectified. Non-responding validators are only mildly punished.


Still not clear on how.


Just because you wrote something doesn't make it true. You dismissed my point that the attackers lose, at least on network, no matter what, and presumed this fell back to some 50%+ majority when no such majority is required. The attackers *always lose*.


Finality can be achieved without using the entire stake, or even a majority of it. There will just be multiple versions of finality, or voluntary hard forks. This gives the live observers the choice to choose which fork most closely resembles their own view of the network.


In the case that the attacker can somehow manipulate public opinion in the face of grandma's trust. You can't fool all of the people all of the time, ergo the attacker is guaranteed to lose something. Network connectivity can be a thornier issue, but we will eventually have uninterruptable internet satellites and mesh networks everywhere. Unless Russia uses a space nuke or something. But there are always scenarios that you can degrade to the end of civilization to prove your point. All currencies fail there.


Yeah but Vitalik released his landmark blog on weak subjectivity mere weeks after the Decrits whitepaper. Surely that means a melding of minds to a common conclusion.


And even then arguing until you were blue in the face that every other design was massively flawed and that your way was the only way. Forgive my eternal skepticism of you.

I am presuming that you have to ascribe game theory. Regardless of whether or not objectivity exists, there will be a loss to those attacking the network (and to those actively defending if the attacking network persists). Unless 100% of all economic value goes to their fork, they suffer a loss. Even if they convince 90% of the economic value to move, they lose the 10% which remains on the other fork where their stake is destroyed. Only the non-staking users of the network do not lose any value.


See above.


If that is the case, the objectively better fork is obvious.


But to do so they have to invest in the network itself, unlike with PoW. They must hedge that not only can they destroy your network, but that they can get you to believe it is destroyed.


But I trust my grandmother more than I trust CNN, or Coinbase, or the government. She runs a full node. Plus, the decentralization of currency should at its core help decentralize society as a whole and reduce the power of governments and megacorps. Maybe. But if it doesn't do that, it's probably not the fault of crypto but people. However, it'll help once cryptos start appearing that decentralize the creation and distribution of new money so that there is far less competition for stupid one-feature wonders promising $$$billions$$$ as you mentioned elsewhere.

"The “attacker” doesn’t need to cause harm to the majority (only to whom ever is the victim of the double-spending), so why wouldn’t the majority want to recognize their ownership of their free airdrop?"

How is this any different from what anyone can do without attacking the network? Create a copy of the software with some divergent property to create two chains. If the diverging property is seen as valid by some percentage of users, the divergent chain has some value. Do you have some solution to this as well?

There is little to no risk to creating a fork out of thin air such as in the case of Bitcoin Cash and whatnot, but there is a huge risk to creating an on-network fork - namely nobody cares about your fork and the value of your money from the main chain is destroyed. From there you must devolve your argument into what amounts to mind control. Do you really believe some nameless, faceless identity has a chance to sway users over the people they interact with daily on which chain is honest? And all this over trying to get their side of a double spend to complete?

I don't think the 2016 blocks and difficulty adjustments matter for trying to rewrite the history as the attacker will just mimic the existing history. The amount of hashes you calculated would still stand the same to beat the cumulative difficulty of the existing chain. But really, all they need to do is rewrite recent history to perform double spends at will, and the developer checkpoints will prevent very deep history rewriting.

But this line of arguing is pretty pedantic if they can just steal all unprotected funds and funds as they are spent from scripts. (anonymint is very good at sending discussions off course.)