That's a bit harsh, but it's true that Amir wasn't very clear and coherent in this interview.  Maybe he didn't sleep well the night before.

Amir: perhaps you're trying to say too much all at once.  You need to break it down, and deal with one topic at a time.  Watch the interview again, listen closely to Max's questions, and address only those issues, rather than some random stock quote you have floating in your head at the moment.  Although most of what you said was true, it was usually a bit off-topic.  Max was totally on your side, and his questions were a silver platter compared to what other interviewers will ask you.  Review this tape, learn from it, and best of luck in future interviews.

Bitcoin segment starts at 15:09.

Already mentioned:

  http://www.ottawacitizen.com/business/Coin+cyber+realm/5121396/story.html

This article is notable because it is quite well-written, and is more reader-friendly than most.  It should be reviewed when looking for nice ways to explain the bitcoin concept to lay audiences.

One minor quibble is that it says there are 6.2 million bitcoins.  The current number is 6.854 (according to bitcoincharts.com), and of course the number grows steadily.  We should be saying "about 7 million" to the media so that it's reasonably accurate for a while (unless we want to timestamp the article by using the exact current number:).

Does not quite follow.  Python supports all three paradigms (although the functional aspect has been somewhat nerfed in recent versions).


Python is easy to learn, very clean (even pretty), has incredible libraries ("batteries included"), and is supported by an awesome community.  It plays well with others (e.g. you can use inline C for huge speed boosts in critical sections).  It is a terrific scripting language and glue language, and doesn't look like line noise (yes, I'm looking at you, Perl).

I've written programs in at least 22 languages.  When I have a choice, I now choose Python for quick coding, C / C++ for heavy lifting (i.e. computationally intensive stuff).  Scheme (a very clean dialect of Lisp) is beautiful and powerful, and I would use it more often if I had my druthers (plus, thinking in Scheme makes you smarter).

Web programming is a mess.  If you really need to do it, maybe try Javascript and HTML5, and just skip all the mistakes of the last 20 years.

Obviously, I have a strong bias toward "clean" (the concept, not the language:).

Theory versus practice.  In theory, you're bugged all the time, forever.  In practice, there is a notion of before and after.  Yes, if you caught my code when I sent it, then I'm no safer (and no worse off).  But if you came along *later* and started snooping around my computer, then I am safer.

More to the point, if you are in Bulgaria taking shots at my password (or if you got your hands on the password database and eventually cracked my hash), then you still can't log into my account.  (Unless you also crack my 260-symbol random passcard -- good luck with that).

I'm not sure why practical measures like this are given little or no weight by the security community.  They always seem to be seeking the perfect system, rather than looking for simple practical improvements.  However, I freely admit that I don't know all the issues, so maybe they have very good reasons for taking that approach (like, having been burnt so many times in the past).

Is there a somewhat standardized USD/BTC exchange rate, that is indexed over *all* of the exchange sites rather than just Mt.Gox?

As more merchants adopt bitcoin payments, it will be helpful to have a single reliable exchange rate that can be grabbed from a known location.

The 1-day weighted average for Mt.Gox is available from the Trade History tab at bitcoincharts:
 http://bitcoincharts.com/markets/mtgoxUSD_trades.html

That is a decent estimate, but we really need a weighted average over most or all exchanges (we need to decentralize this critical function).  The smaller volume sites won't have much impact on the weighted average right now, but implementing this now will allow a smooth transition as sites like TradeHill and Camp BX gain market share.

Wait, is the value reported on the front page of bitcoincharts.com and in
 http://bitcoincharts.com/t/weighted_prices.json
the indexed rate over all exchanges?  If so, that guy is totally awesome, and i'm totally hitting him with a big tip.

Okay, thanks for the clarification guys.

I have the same problem, with 0.3.21-beta for Mac OS X.  I haven't been able to send, even 0.01, because "This transaction is over the size limit".

Really?  A penny is so huge that it requires a 100% transaction fee?  This isn't a bug?  I thought bitcoin could be sent for free, but it might take longer (lower priority)?

I will upgrade, but I would still like to know how it's supposed to work.  Thanks.

If we zoom out to the big picture, we are undoubtedly looking at a "phase transition" type of graph -- a sigmoidal S-curve (https://secure.wikimedia.org/wikipedia/en/wiki/Sigmoid_function).

This is common and normal for the uptake of popular new technology -- the same basic graph is found if you plot the adoption rate of many things (e.g. cell phones, Twitter, whatever).  Once it hits the exponential growth phase, it rises very quickly (sometimes the graph can be nearly vertical), until it finally tapers off when it reaches the point of saturation.  For example, there are now around five billion cell phones in use, so you can understand why it no longer has explosive growth (the world's population is seven billion).

Even if the new thing is much less popular (say 0.001% of the population cares about it, so it peaks at a few million users), the graph looks much the same, and it tends to find its saturation point fairly quickly.  It is a power law, and fractal (i.e. similar across scales).  Even if two such processes are substantially different from each other, they tend to look pretty similar when plotted with our usual linear bias (we weren't built to see those differences clearly).

The short story is that it will probably grow fast, then level off (and stay there unless something else replaces it).

So the real question is whether bitcoin has reached its saturation point yet.

I don't think so.  I believe there are many big stories and broader markets yet to come.  There is even a chance that it becomes ubiquitous (i.e. the most common currency exchanged in the world).  The chance of that doesn't need to be very high to have windfall potential.  For example, a 1000-to-1 chance of increasing 100000-fold in value is still a fantastic wager, and a 10% chance of increasing 100-fold is still a good bet.  [Unlike other commodities, the price will go up because there is only a finite amount.  21 million is a small number, so we're really talking about 21 billion mBC, or 21 trillion uBC.  Imagining a market cap 1000 times bigger than now is very easy -- and that still wouldn't be as big as World of Warcraft, nevermind a Samsung, or a Norway.]

The whole bitcoin idea could also flop and go to zero, as we've seen with many new technologies that never caught on.  I don't think that's very likely though, given the passionate following of people who crave freedom.  (Not to mention the support of the black markets -- it can't go to zero if arms dealers start using it!).

I would look for the basic patterns that chodpaba has identified to repeat for at least a few more cycles before they taper off (not repeat exactly, mind you, that's not how fractals work).  And it will be good news for everyone once the adoption phase is complete, as the hoarding will stop, and the currency will start acting like a currency should.

On topic, csshih posted this to the Trading section:

  http://forum.bitcoin.org/index.php?topic=26385.0

Mt.Gox is introducing Yubikeys (a USB device for 2FA), currently in beta to ~50 users.  They will be making them available for purchase for $30 (BTC accepted, naturally).

The bashers can't bash that!

Sounds like a great idea.   This should be a category for

  http://spendbitcoins.com/

to add.  The main guy for that service is on these forums -- find him and point him here.

Right, or to put it another way, 96% of the script-kiddie hackzorz have no shot.

I'm dubious of offerings from big corporates like MacAfee -- they might be more show than go, because there is a PR aspect for both sides (PR = lies).

Nevertheless, kudos to Camp BX for getting *some* accreditation from an objective third party.  Sure, a top-drawer hacker might still be able to waltz right in, but at least there is a real barrier to entry.  That's a lot more than some exchanges can say, and it shows that they've made a commitment to doing it right.

Thanks for reading through the report, error.

Now we should ask them about their plans for two-factor authentication, because they might not have thought about that yet...  ;-)

Well, it seems your user base is speaking pretty loud and clear...

Your dev team will probably find that doing really good 2FA gets pretty complicated, and using third-party key fobs like RSA tokens is quite expensive.

FWIW, I suggested a "poor man's version" of second-channel confirmation in this thread:

  http://forum.bitcoin.org/index.php?topic=25982.0

This is very easy to implement, and would at least add an extra layer of security while you work on a more robust solution.

Other poasters have pointed to a number of alternatives.  For example, for customers with Android smartphones, there are probably a dozen Droid apps that could serve the purpose (and if there isn't, just whisper the idea into the wind, and it'll be in the Market tomorrow).  Even text messages sent to an ordinary cell phone might be workable.

You'll want to get *something* in place pretty quickly though, just to show that you're a serious player, and that you are responsive to your users.  Thanks for listening!

Oops, dsp sent me his link, but I didn't understand that he couldn't post it, due to his n00bie status.


Also, jaakkop (http://forum.bitcoin.org/index.php?topic=26124.msg326768#msg326768) mentions this tool from Google:

  http://code.google.com/p/google-authenticator/


Another passcard service I found, with an open source algorithm and mobile support is:

  https://www.passwordcard.org/en

dsp: your link was posted to the thread -- sorry I didn't understand your request in PM, but I did provide you with some detailed feedback.

jaakkop: thanks, I will add that to the discussion as well.

All: welcome to the bitcoin community!

Um, do you perhaps mean "libel"?

I know the US has degenerated a lot, but last time I checked, you were still allowed to have opinions.

That's what I thought at first, but I ended up using mybitcoin.com afterall.  They do provide a very useful service: instant irreversible transactions between accounts.

If I meet someone at a coffeeshop for a cash transaction, and the bitcoin have been placed in a mybitcoin account ahead of time, then the whole exchange takes only a few seconds.  The received bitcoin can be automatically forwarded to your home address for the hour-long transfer -- long after you've left the coffeeshop.  Both sides have only a small amount on mybitcoin, and only for a short time (a few hours).  And you get a timestamped email to remember the exact details.

That said, if the person you're dealing with doesn't look very shady, it's quite safe to only wait for the first confirmation.  Ten minutes or so isn't that big of a deal.

With mybitcoin.com, you should understand that you're not dealing with an established company with 1000 employees.  You're dealing with a guy.  Or at most a small group of guys.  Customer service probably isn't going to be a strength for quite some time (if ever).

My impression is that he knows a lot about computer security.  Clearly he is not a rank amateur -- read this statement on the Mt.Gox fiasco:
  https://www.mybitcoin.com/downloads/incident-report-2011-06-22.txt

He also knows something about protecting anonymity.  He's probably an American or Canadian who has set up shop offshore in order to protect himself against the coming government backlash.  I can respect that.

These are still early days for the bitcoin movement.  Perhaps mybitcoin.com will end up only serving those who really need anonymity, and other services will emerge to provide instant transactions with a friendlier (and probably less secure) interface.  Let's not jump to conclusions, either way.

Tom Williams:  Understand that your company's reputation is more important than the technical details you're busily working on right now.  Don't sacrifice one for the other.  Respond to this issue immediately, and resolve it to lettucebee's satisfaction.

That's pretty stupid and embarrassing...  Was any QA done?  Launching too soon?

I looked at one of the subpages yesterday, and my high-end laptop slowed to a crawl -- seems like there's some impressive bloatware on the back end.  Strike two.

CampBX:  Looking forward to your comments on two-factor authentication and other security measures.  You do understand that you're asking people to trust you with their monies, right?  You only get one shot at earning trust -- if you blow it, it's gone for good.

I do hope you guys come through though, and become a model for other exchanges.  Best of luck.

For future reference, you could have piped that through justfuckinggoogleit.com instead.

True, this does not provide a 100% secure alternative.  It is a quick-n-dirty alternative that provides a little less than 100% of the value, in exchange for a lot of practical benefits.

Maybe it shouldn't be called 2-factor authentication, to avoid any possible confusion.  Maybe it should just be called something generic, like "extra password protection", with no theoretical guarantees. (*)

I do think the benefits are significant though, since almost all break-in attempts will occur afterwards.  The fact that some 15-year old h4ckzorz in Minsk can't be taking pot-shots at your account password seems to be worth something...

(*) "In theory, there's no difference between theory and practice.  In practice, there is."