What is a Bitcoin and How Does Bitcoin Work? Complete Guide
What is Bitcoin Mining and How Does it Work? (2020 Updated)
How Does Bitcoin Mining Work? - Investopedia
How Does Bitcoin Mining Work? Here's How You Can Do It
Bitcoin Cash hashrate is at all time high. Miners are putting ideology before profit mining BCH at a relative loss to BTC. Does not matter what side you are rooting for: This is _exactly_ how its intended to work, and its beautiful!
How branches are created in block chain? If a fraud miner , luckily gets proof of work prior to others and broadcasts it , then what happens to correct block. Does every miner starts at same time with same set of transactions every 10 minutes? /r/Bitcoin
05-29 01:52 - 'Those few big miners have a strong economic incentive for bitcoin to succeed...that's a pillar of how bitcoin works. But in any case, good luck to you. Without an economic majority, which it does not appear you have (despite this ce...' by /u/Cmoz removed from /r/Bitcoin within 0-8min
''' Those few big miners have a strong economic incentive for bitcoin to succeed...that's a pillar of how bitcoin works. But in any case, good luck to you. Without an economic majority, which it does not appear you have (despite this censored echo chamber of a subreddit), you're doomed to failure. I'll be ready to dump my UASF coins. ''' Context Link Go1dfish undelete link unreddit undelete link Author: Cmoz
Coinbase's CEO Brian Armstrong is a hero for not making Bitcoin about race
It started back in June, amid the nationwide protests over the death of George Floyd, when Brian Armstrong, the company’s extremely introverted cofounder and CEO, was asked a question at an employee town hall about why Coinbase had not shown public support for the Black Lives Matter movement. Armstrong declined to give a clear answer, according to crypto news site The Block, and his avoidance resulted in a virtual walkout by “hundreds” of Coinbase’s 1,100 employees on June 3.
In response, Armstrong has made Coinbase's mission clear: it's not political. He has given severance packages to employees who disagree. And this, I believe, is how any business ought to be run. If you want to make *everything* political, you should join a political party. Corporations and businesses are not political. It's no different from the separation of Church and State. You ought to separate business from political, especially the feverish social-justice-warrior kind. I think Armstrong deserves some goddamn respect for having a spine. FYI- Bitcoin isn't about race. It isn't a "white supremacist" technology. Most Bitcoin miners are living in China. It's a global asset. Inventor Satoshi Nakamoto specifically designed Bitcoin to be able to process transactions on slow third-world internet connections (and it does work in Africa, and India, too). Bitcoin was always, first and foremost, a *human* technology, for everyone to use to avoid financial censorship. Insurgent employees trying to blackmail their own CEO into making everything about race IS NOT OK.
Hello, first time poster here. From what I can tell, there is significantly less entrenched orthodoxy applied to how monero does things compared to other cryptocurrency. Its the only one with ASIC resistance, has a dynamic block size, is willing to contemplate the concept of linear inflation rather than treating it as an unholy abomination, etc. In general you guys have done a lot better of a job keeping down transaction fees compared to bitcoin, and as a whole are more inclined to plan for monero as an actual medium of exchange rather than a perpetually deflationary get rich scheme. With that in mind, I have a few questions:
In the event adoption of this cryptocurrency gets large enough that it ends up putting strain on the current dynamic block size status quo, what's the precise point at which you'll change how things operate in order to prevent a centralization crisis from an excessively large blockchain? What sort of exact security issues/etc prevents things like the lightning network from currently being options for this scenario?
While to a large extent price stability comes from a sufficiently deepened pool of liquidity, as has been seen with recent trends in bitcoin's price, one thing I've got to wonder about is if things such as block rewards and transaction fees can be dynamically adjusted, akin to a more democratic central bank if you will, such that monetary tightening and loosening can be done?
A lack of commitment to permanent deflation would obviously hurt monero's market capitalization, but arguably that's not a particularly important metric compared to transaction volume. https://finance.yahoo.comyahoo-finance/watchlists/crypto-top-volume-24h Despite basically being a dubiously backed centralized "cryptocurrency", tether still sees a significant amount of transaction volume purely due to its utility as a unit of currency pegged to the US dollar. Now, while I'm sure precise information on monero's own true transaction volume is under-reported due to strong privacy protections in conjunction with low fees, tether does serve as a reminder for how much demand there is for stability. Obviously its significantly more difficult to do contractionary monetary policy than inflationary, but would something like say, a decentralized dynamic peg work, where holdings of bitcoin/etc are bought and sold by a digital entity controlled by the miners work in order to stabilize monero? I'm just spitballing thoughts here though and I know there might be potential issues related to chain analysis. If you have any other good reasons why this is a bad idea please feel free to let me know. Thanks!
”While some may prefer that Bitcoin ABC did not implement this improvement, this announcement is not an invitation for debate. The decision has been made and will be activated at the November upgrade.” ”The Coinbase Rule improvement is as follows: All newly mined blocks must contain an output assigning 8% of the newly mined coins to a specified address.” Full article: https://medium.com/bitcoin-abc/bitcoin-abcs-plan-for-the-november-2020-upgrade-65fb84c4348f
I find it funny how the article is a lengthy belaboring of the point, all the way until the very end where he at last forcibly “tells us” what’s going to happen whether we like it or not. This is not how you engage with the community. This reads more as an openly stated attempt at theft. Amaury just got done changing the DAA because of widespread community disagreement (albeit without admitting this was why). Now, his response is to repeat the same behavior of putting in a change that was previously widely disagreed with, an “8% payment to a specified address” (Infrastructure Funding Plan). Does he really think the community will allow this to pass when the community just banded together against his attempted forceful changes of the DAA, and previously banded together against the IFP? I believe this shows a desperate, last-ditch effort and my prediction is that Amaury will quit Bitcoin Cash development once this last ditch attempt fails to put in place the IFP (for the second time). With this level of desperate action, Amaury clearly won’t continue to work on ABC without the extra funding and so this is his last stand— to try to take it forcibly. It’s actually quite comical that he thinks he could get away with this. It’s like tacking on a bill at the end of another bill, in hopes that one will get passed and drag the other along with it. This might work in traditional politics, but the Bitcoin Cash community is not stupid and has clearly demonstrated it will stand up against such ridiculous developer behavior. I appreciate Amaury’s past, constructive contributions for Bitcoin Cash, but Bitcoin Cash is a team effort. And I believe the team of users, miners and developers is going to say ”Bye” to ABC. I think this will be the end of ABC, and Bitcoin Cash will be better for it.
BCH blocks needs to be able to process 6.7 GB blocks in order to collect the same fee as BTC on average while guaranteeing that 0-conf would function during the biggest shopping days
We assume that 0-conf is the method for fast transactions.
For 0-conf to function well transactions must be included in the next transaction almost always. If it doesn’t a fee market is developed making 0-conf to expensive.
In order for BCH to generate as much money to miners through fees as BTC the BCH blocks needs to be 850 times bigger than the BTC blocks, because BTC transactions are 850 times more expensive than BCH. This number was taken from coin.dance just now.
BTC blocks are 1.21MB in size. This number was also just taken from coin.dance just now.
Now we can make a few calculations. a. the average BCH block size needs to be 1.21MB * 850 = 1028 MB to collect the same fees that BTC is collecting today. b. In order for 0-conf to work reliably the max block size needs to be 6.5 times bigger than the average. This means that BCH blocks needs to be able to process 1028 * 6.5 = 6.7 GB blocks in order to collect the same fee as BTC on average while guaranteeing that 0-conf would function during the biggest shopping days. Please note, this is a reasoning about profitability and function. Not about how much transaction capacity that is needed.
Popcorn Time takes its inspiration from Netflix, boasting a clean outlook with thumbnails and categories - And streams pirated copies of movies and shows to your computer or smartphone
Editors note: There are many fake versions of Popcorn Time. This article primarily use Reddit as its source to recommend and link to the official, well regarded, version of the app. When you think of movie streaming, services like Hulu, Disney+, and Netflix usually come to mind. However, there is another streaming platform that is particularly popular for streaming pirated movies: Popcorn Time. This streaming platform allows you to watch torrented and pirated movies without paying anything. All you need to do is install it on your PC/smartphone/tablet, search for a film, and click play. However, there are piracy and safety concerns when it comes to using Popcorn Time. This is how it works.
What Exactly is Popcorn Time?
How it Works
How to Install Popcorn Time
Which version is legit?
Where does popcorn time store movies?
Popcorn Time APK for Android
Is Popcorn Time available on iOS?
Is it Illegal to Use Popcorn Time?
How does the developers make money?
Popcorn Time alternatives
What Exactly is Popcorn Time?
Popcorn Time is an open-source, multi-platform BitTorrent software application with a stylish and attractive media player. It was initially released in March 2014 by a team of developers in Argentina. They wanted to create a software that allows users to stream video content from torrent. Popcorn Time takes its inspiration from Netflix, boasting a clean outlook with thumbnails and categories. It uses sequential downloading and uploading to play movies, hence allowing you to stream pirated movies instantly. Popcorn Time on the Mac
How it Works
Popcorn Time is a torrent based streaming tool and the way it works is simple enough. Let’s say you want to watch Tenet (it's not out as of this writing). You use the interface provided by the platform to find and click that title, and the tool then navigates through existing BitTorrent titles automatically from come from two well known torrent sites. YTS for movies and eztv for tv-shows. Then, Tenet is streamed directly to your computer from that pre-existing BitTorrent source. So, while you watch the film, Popcorn Times acts as a torrent client and continues to leech and seed it from other people. That means you'll be forced to share the content you watch.
How to Install Popcorn Time?
In order to use Popcorn Time to stream pirated movies, you will need to download and install the software on your computer or smartphone. The app is available for variety of operating systems, including Android, Linux, Windows, Mac, etc.
Download Popcorn Time from popcorntime.app which hosts Mac, Windows and Android.
There are no specific installation requirements as it is installed just like any other app.
However, keep in mind that its usage has been banned in many regions. So, you cannot download it from Apple’s Apple Store or Google Play Store. In some countries popcorntime.app has been blocked and you need a VPN to hide your real IP. You might want to use VPN software to keep your own information private and anonymous when running the app as well.
Which version is legit, and real?
There are many clones out there, some of which will install other apps, using your computer as a bitcoin miner. The legit, and most supported version according to Reddit, is popcorntime.app (formerly known as popcorntime.sh)
Where does popcorn time store movies?
On your computer or device. Using torrents the app stream the files, while they are being downloaded. So it's just like when you download a torrent, except it starts the video during the download.
Yes. But it's not as easy as downloading an app from the App store.The iPhone version of Popcorn Time is unstable and requires a jailbroken iPhone. Since jailbreaking your iPhone in 2020 is difficult and time consuming, it isn't an option for most. If you still want to try, there is Antique's version. You can follow his updates and links on Twitter. There is also a version which allegedly works with the alternative, non-jailbreak required, but much debated, altstore. For more information, see its Github home.
Is it Illegal to Use Popcorn Time?
In most cases, yes. Most, if not all, TV shows and movies which appear on Popcorn Time are pirated, and you may be wondering about the legality of it all. First of all, downloading any copyrighted file is illegal in most countries. However, torrents themselves are a valid means to share and download files. So without sounding too confusing, it is typically not illegal to download Popcorn Time. It's when you stream or download the movies and tv-shows themselves it gets risky. But depending on where you live this might not be the case. Copyright infringement is illegal in Germany while in India, there are no restrictions of using Popcorn Time to steam movies as long as you don’t redistribute them. Of course, laws change. That’s why it is recommended that you do your research to understand the risks.
How does the developers make money?
The Popcorn time version we recommend has affiliate links to VPN services. How much money this actually is, or if its funding hardware costs, is unknown. But it proves that money is being generated from the app.
Are there any alternatives?
There are a lot of alternatives, most of which are unstable or shady. However, here are a few alternatives recommended on Reddit. Note that they all come with their own positive and negatives aspects when compared to Popcorn Time.
Stremio - Open source project which lets you add your own sources, such as 1337 or Pirate Bay. It also uses official streams from YouTube, HBO and more. Has been reported as unstable but still the best Popcorn alternative.
Media Box HD - A MacOS app with 4K streams. Is known to be unstable for some.
Leonfix - A Popcorn Time Windows app which doesn't use torrents. Currently in beta.
ShowBox - Android alternative which doesn't use torrents. Unstable and currently in beta.
Radarr - Which automatically downloads shows and films.
Despite the concerns about whether or not using Popcorn Time is illegal, there is no denying that the tool is very impressive. The ability to download and stream torrent content in a seamless and hassle-free way is quite brilliant. Not to mention the platform has a much larger library of content with no restrictions whatsoever. So, it’s not surprising why many consider it a better alternative to regular torrents or a Disney+ subscription. Feedback and corrections are more than welcome! Originally written for Where You Watch.
Reasons why NANO fails and will keep failing until some things change
Dear NANO community, This is going to be a long post where I will discuss why NANO under performed and will keep under performing in this bull run unless some things change. I'm going to start up with straight facts with the famous quote of Floyd Mayweather: "Men lie, women lie, numbers don't lie". If you feel offended by some of this, facts don't care about your feelings. Technical Analysis In the time where BTC Dominance fell from peak of 74% to 56% and keeps falling, NANO has moved from its low of 0.0000640 sats to a price of 0.0000950 sats. That is about 50% gain if you bought on the absolute low, but looking at the monthly chart, we can see that NANO has basically been in the range of 0.0001400 sats to 0.0000750 sats ever since July of 2019 (for more than 2 years). https://charts.cointrader.pro/snapshot/zaXzV The all time high of NANO was 0.0028, so this price is currently 96% down in terms of BTC . https://charts.cointrader.pro/snapshot/tTF4J With this price NANO is falling out of top 100 cryptocurrency based on market cap. My thoughts: Considering that entire altcoin market is moving and that it keeps reaching new highs, this is very concerning for NANO and one can only ask themselves why does NANO keep falling behind? Why does on every Bitcoin pump price falls hardest and on every day when other altcoins go up 30%, NANO only goes up 10%. Reasons why NANO is lagging on the market:
Reason 1. - Lack of adoption where NANO can be utilized to its fullest
We all know that NANO has near instantaneous transactions and is fee-less which is why most of us fell in love with this cryptocurrency. Problem is that it has little to no adoption. What does it matter if NANO is feeless, when you don't have an exchange that will make a NANO/USD conversion for 0%. Who cares if STR, XRP and other fast coins have like 0.01$ fee if either way, exchange will take 1% or more fees from you.? If XRP has better exchange, they can easily be more cost efficient than NANO because of this problem. Devs need to be much more proactive rather than sit and wait while entire market is eating you alive. Proposed solution: Nano needs to invest more in marketing and in making a deal with exchange that will be liquid enough and provide little to no fees on NANO.
Reason 2. - There is no reward for NANO holders
I am a NANO holder ever since 2018 and it's been a long ride with constant buying at the end of each month with average buy of 2$ when I look at it totally. This is not that bad considering NANO's massive fall and what some other holders had to go through. Let's remind ourselves again, NANO has 0% inflation. And yet NANO's price doesn't grow. Where as other cryptocurrencies have 5-10% inflation and they are over-performing NANO massively. NANO holders get no rewards from holding NANO which is a big problem. People call this an advantage and I somewhat agree, but NANO holders need to be rewarded with something, because crypto space doesn't care about inflation. Proposed solution: Introduce POS (Proof of Stake) with inflation of 5% where NANO holders will be able to stake their NANO and receive 5% more NANO each year. You can do this or make it 6% and after each 2 years, there is halving of inflation. Imagine how coins get hyped when their rewards per year get cut in half. NANO has 0% inflation and it doesn't get any hype. It's already scarce, but people fail to see it.
Reason 3. - NANO is refusing to adapt with the current market
Current bull run has been ignited with DEFI and because people see that they can earn up to 3-5% daily income just for holding ERC20 token like BAT, BAL, LINK etc. There's even been introudect WBTC (Wrapped Bitcoin) and WETH (Wrapped Ethereum), which means that people can hold their cryptocurrency which they would hold even if there weren't any rewards and they get 3-5% daily income + the chance of the DEFI coin actually pumping by 1000+% which many of them have done in the past month. Because of all of this people are massively buying ERC20 tokens just to get these gains daily. What has NANO do to interact with this entire DEFI space? Absolutely nothing. Did they try to introduce wNANO (wrapped NANO) like Ethereum and Bitcoin did? No. They just kept working on some other bullshit even-though protocol is in of itself 99% perfect and working. They keep focusing their energy on technology when technology is already better than anything else on the crypto market. NANO is currently the best fast cryptocurrency and it is not even close. Proposed solution: Devs need to start focusing energy on things that matter and which will help the price and not dump their stash and blindly look how everything else keeps growing.
Reason 4. - No one is making money of NANO market
This is similar to reason number 2 but it has to be said separately. Just ask yourself, who benefits of BTC markets? Miners. Who benefits of any other POS market? All of the holders. And then with this money you can finance devs which will work on the currency and will by this raise the price and the whole cycle repeats itself. So all of these things have in common that people are making money of doing something for the ecosystem. On one hand resources get paid, on the other people that are loyal to the project. NANO has one of the best and largest communities in cryptocurrency and numbers confirm this, yet there is no special way for any of us to benefit of of this. Everything is open source and people make everything for free. Proposed solution: Introduce mechanism so that community members can earn money of holding NANO. Conclusion: Nano is an amazing currency, but there are many things that need to fall in place in order for it to stop falling behind the market. It's sad that investing in what is called a "safest" altcoin Ethereum, would've made you much better gains than even buying NANO on the all time low would. This post is meant to be constructive criticism and to in the end open peoples mind on current problem NANO has in the space. Please share this post so more people and hopefully devs can see it and so that we all as a community can start working towards our goal of NANO becoming one of most utilized cryptocurrencies in the world.
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/ Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners? And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess. First, let's consider some principles of Bitcoin.
You the HODLer should be the one who controls where your money goes. Your keys, your coins.
You the HODLer should be able to coordinate and make contracts with other people regarding your funds.
You the HODLer should be able to do the above without anyone watching over your shoulder and judging you.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so). So, how does Taproot affect those principles?
Taproot and Your /Coins
Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash). (technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input). However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits! Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh? With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save! And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well! (P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1) Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service! So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win! (even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot) And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!
Taproot and Your Contracts
No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade. So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust. Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade. However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade. In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address. Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants). But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer). Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos). (technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).
Taproot and Your Contracts, Part 2: Cryptographic Boogaloo
Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code. This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded. And you can do that, with HTLCs, today. Of course, HTLCs do have problems:
Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them.
This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys).
Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred.
And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car!
Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid.
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar". Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you. Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige). (Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key). So:
Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain!
Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything!
Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair.
For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely.
For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want.
(pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.)
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script. (technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)
Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable?? Well, in theory yes. In practice, they probably are not. It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash. When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key. So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key. (public keys should be public, that's why they're called public keys, LOL) And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions. So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort. Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers. For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
Current quantum computers can barely crack prime factorization problem for primes of 5 bits.
The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes).
A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin.
Quantum computers capable of cracking Bitcoin are still far off.
Pay-to-public-key-hash is not as protective as you might think.
We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).
If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm!
If you use or intend to use multisig, Taproot will be a positive for you.
If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours.
If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you.
Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades!
I Wanna Be The Taprooter!
So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!
If you have developer experience especially in C, C++, or related languages
Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them!
But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille
That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow!
If you are running a mining pool/mining operation/exchange/custodial service/SPV server
Be prepared to upgrade!
One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much).
If you are running your own fullnode for fun or for your own wallet
Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be!
If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider)
Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want!
But I Hate Taproot!!
Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away!
Maybe you simply misunderstand something, and we can clarify it here!
Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it!
Taproot, CoinJoins, and Cross-Input Signature Aggregation
It is a very common misconception that the upcoming Taproot upgrade helps CoinJoin. TLDR: The upcoming Taproot upgrade does not help equal-valued CoinJoin at all, though it potentially increases the privacy of other protocols, such as the Lightning Network, and escrow contract schemes. If you want to learn more, read on!
Let's start with equal-valued CoinJoins, the type JoinMarket and Wasabi use. What happens is that some number of participants agree on some common value all of them use. With JoinMarket the taker defines this value and pays the makers to agree to it, with Wasabi the server defines a value approximately 0.1 BTC. Then, each participant provides inputs that they unilaterally control, totaling equal or greater than the common value. Typically since each input is unilaterally controlled, each input just requires a singlesig. Each participant also provides up to two addresses they control: one of these will be paid with the common value, while the other will be used for any extra value in the inputs they provided (i.e. the change output). The participants then make a single transaction that spends all the provided inputs and pays out to the appropriate outputs. The inputs and outputs are shuffled in some secure manner. Then the unsigned transaction is distributed back to all participants. Finally, each participant checks that the transaction spends the inputs it provided (and more importantly does not spend any other coins it might own that it did not provide for this CoinJoin!) and that the transaction pays out to the appropriate address(es) it controls. Once they have validated the transaction, they ratify it by signing for each of the inputs it provided. Once every participant has provided signatures for all inputs it registered, the transaction is now completely signed and the CoinJoin transaction is now validly confirmable. CoinJoin is a very simple and direct privacy boost, it requires no SCRIPTs, needs only singlesig, etc.
Let's say we have two participants who have agreed on a common amount of 0.1 BTC. One provides a 0.105 coin as input, the other provides a 0.114 coin as input. This results in a CoinJoin with a 0.105 coin and a 0.114 coin as input, and outputs with 0.1, 0.005, 0.014, and 0.1 BTC. Now obviously the 0.005 output came from the 0.105 input, and the 0.014 output came from the 0.114 input. But the two 0.1 BTC outputs cannot be correlated with either input! There is no correlating information, since either output could have come from either input. That is how common CoinJoin implementations like Wasabi and JoinMarket gain privacy.
Unfortunately, large-scale CoinJoins like that made by Wasabi and JoinMarket are very obvious. All you have to do is look for a transactions where, say, more than 3 outputs are the same equal value, and the number of inputs is equal or larger than the number of equal-valued outputs. Thus, it is trivial to identify equal-valued CoinJoins made by Wasabi and JoinMarket. You can even trivially differentiate them: Wasabi equal-valued CoinJoins are going to have a hundred or more inputs, with outputs that are in units of approximately 0.1 BTC, while JoinMarket CoinJoins have equal-valued outputs of less than a dozen (between 4 to 6 usually) and with the common value varying wildly from as low as 0.001 BTC to as high as a dozen BTC or more. This has led to a number of anti-privacy exchanges to refuse to credit custodially-held accounts if the incoming deposit is within a few hops of an equal-valued CoinJoin, usually citing concerns about regulations. Crucially, the exchange continues to hold private keys for those "banned" deposits, and can still spend them, thus this is effectively a theft. If your exchange does this to you, you should report that exchange as stealing money from its customers. Not your keys not your coins. Thus, CoinJoins represent a privacy tradeoff:
It's very hard for everyone else to determine which output belongs to which input.
It's obvious to everyone else that the output was involved in a mixing operation.
Let's now briefly discuss that nice new shiny thing called Taproot. Taproot includes two components:
The use of Schnorr-based signature scheme, with multisignature support. Spending from a Schnorr pubkey is called a "keypath spend".
The ability to secretly commit to a set of scripts, one of which can be revealed later and its inputs provided correctly in order to spend the coin. Spending via a hidden script is called a "scriptpath spend".
This has some nice properties:
Direct multisignature support means all multisignature uses look the same. In current Bitcoin, a 2-of-2 "multisignature" is really a script which demands that two signatures be provided, from 2 different pre-specified public keys. To a cryptographer, the strict definition of multisignature is that this is a single signature that is cooperatively created by multiple parties.
A typical minimal "multisig" setup would be a 2-of-3, because that lets you lose one signing device while still being able to keep access to your money, and still providing an increase in security relative to a singlesig, since a 2-of-3 requires that potential thieves abscond with at least two signing devices. In current Bitcoin, a 2-of-3 is a SCRIPT containing 3 public keys, requiring that two signatures from those three public keys be provided.
But a Lightning Network channel has exactly two participants. Thus, it uses a 2-of-2, and is a SCRIPT containing 2 public keys, requiring that two signatures from those public keys be provided. If you look for 2-of-2 spends on the blockchain after Lightning became cool, the chances are very good that a random 2-of-2 spend is a Lightning Network channel being closed, because there are hardly ever any other uses of 2-of-2.
Just from there, you can easily differentiate the most common HODLer multisig of 2-of-3 (SCRIPT contains 3 pubkeys) from the Lightning channel 2-of-2 (SCRIPT contains 2 pubkeys).
Fortunately, with Taproot, 2-of-3 and 2-of-2 (and any arbitrary k-of-n) can look exactly the same, because Schnorr allows for the cryptographer's strict definition of "multisignature": a single signature cooperatively created by multiple parties.
Complex SCRIPTs, like HTLCs, can be hidden in a Taproot output.
For example, the output can have a keyspend branch that is a n-of-n of all participants, with hidden SCRIPTs that encode the conditions under which the output can be spent
The hidden SCRIPTs ensure that the protocol is followed. If one of the participants drops from the protocol, the rest can reveal the hidden SCRIPTs and follow their conditions.
If everyone follows the protocol correctly, and agrees to the result, they can all cooperatively sign with the keyspend n-of-n. They can just all agree on what the result of the SCRIPTs would be, and sign a transaction that performs that, without revealing any SCRIPTs. Since all of them agreed on the result, nobody should complain (if one of them believes the result is not correct, they can just refuse to sign and force everyone else to publish the SCRIPTs onchain).
If everyone agrees, they get privacy: none of the SCRIPTs they were following ever get published onchain, and it looks like every other multisignature spend.
Taproot DOES NOT HELP CoinJoin
So let's review! CoinJoin:
CoinJoin inputs are singlesig
There are no SCRIPTs involved in CoinJoin.
Improves multisig privacy.
Improves SCRIPT privacy.
There is absolutely no overlap. Taproot helps things that CoinJoin does not use. CoinJoin uses things that Taproot does not improve.
B-but They Said!!
A lot of early reporting on Taproot claimed that Taproot benefits CoinJoin. What they are confusing is that earlier drafts of Taproot included a feature called cross-input signature aggregation. In current Bitcoin, every input, to be spent, has to be signed individually. With cross-input signature aggregation, all inputs that support this feature are signed with a single signature that covers all those inputs. So for example if you would spend two inputs, current Bitcoin requires a signature for each input, but with cross-input signature aggregation you can sign both of them with a single signature. This works even if the inputs have different public keys: two inputs with cross-input signature aggregation effectively define a 2-of-2 public key, and you can only sign for that input if you know the private keys for both inputs, or if you are cooperatively signing with somebody who knows the private key of the other input. This helps CoinJoin costs. Since CoinJoins will have lots of inputs (each participant will provide at least one, and probably will provide more, and larger participant sets are better for more privacy in CoinJoin), if all of them enabled cross-input signature aggregation, such large CoinJoins can have only a single signature. This complicates the signing process for CoinJoins (the signers now have to sign cooperatively) but it can be well worth it for the reduced signature size and onchain cost. But note that the while cross-input signature aggregation improves the cost of CoinJoins, it does not improve the privacy! Equal-valued CoinJoins are still obvious and still readily bannable by privacy-hating exchanges. It does not improve the privacy of CoinJoin. Instead, see https://old.reddit.com/Bitcoin/comments/gqb3udesign_for_a_coinswap_implementation_fo
Why isn't cross-input signature aggregation in?
There's some fairly complex technical reasons why cross-input signature aggregation isn't in right now in the current Taproot proposal. The primary reason was to reduce the technical complexity of Taproot, in the hope that it would be easier to convince users to activate (while support for Taproot is quite high, developers have become wary of being hopeful that new proposals will ever activate, given the previous difficulties with SegWit). The main technical complexity here is that it interacts with future ways to extend Bitcoin. The rest of this writeup assumes you already know about how Bitcoin SCRIPT works. If you don't understand how Bitcoin SCRIPT works at the low-level, then the TLDR is that cross-input signature aggregation complicates how to extend Bitcoin in the future, so it was deferred to let the develoeprs think more about it. (this is how I understand it; perhaps pwuille or ajtowns can give a better summary.) In detail, Taproot also introduces OP_SUCCESS opcodes. If you know about the OP_NOP opcodes already defined in current Bitcoin, well, OP_SUCCESS is basically "OP_NOP done right". Now, OP_NOP is a do-nothing operation. It can be replaced in future versions of Bitcoin by having that operation check some condition, and then fail if the condition is not satisfied. For example, both OP_CHECKLOCKTIMEVERIFY and OP_CHECKSEQUENCEVERIFY were previously OP_NOP opcodes. Older nodes will see an OP_CHECKLOCKTIMEVERIFY and think it does nothing, but newer nodes will check if the nLockTime field has a correct specified value, and fail if the condition is not satisfied. Since most of the nodes on the network are using much newer versions of the node software, older nodes are protected from miners who try to misspend any OP_CHECKLOCKTIMEVERIFY/OP_CHECKSEQUENCEVERIFY, and those older nodes will still remain capable of synching with the rest of the network: a dedication to strict backward-compatibility necessary for a consensus system. Softforks basically mean that a script that passes in the latest version must also be passing in all older versions. A script cannot be passing in newer versions but failing in older versions, because that would kick older nodes off the network (i.e. it would be a hardfork). But OP_NOP is a very restricted way of adding opcodes. Opcodes that replace OP_NOP can only do one thing: check if some condition is true. They can't push new data on the stack, they can't pop items off the stack. For example, suppose instead of OP_CHECKLOCKTIMEVERIFY, we had added a OP_GETBLOCKHEIGHT opcode. This opcode would push the height of the blockchain on the stack. If this command replaced an older OP_NOP opcode, then a script like OP_GETBLOCKHEIGHT 650000 OP_EQUAL might pass in some future Bitcoin version, but older versions would see OP_NOP 650000 OP_EQUAL, which would fail because OP_EQUAL expects two items on the stack. So older versions will fail a SCRIPT that newer versions will pass, which is a hardfork and thus a backwards incompatibility. OP_SUCCESS is different. Instead, old nodes, when parsing the SCRIPT, will see OP_SUCCESS, and, without executing the body, will consider the SCRIPT as passing. So, the OP_GETBLOCKHEIGHT 650000 OP_EQUAL example will now work: a future version of Bitcoin might pass it, and existing nodes that don't understand OP_GETBLOCKHEIGHT will se OP_SUCCESS 650000 OP_EQUAL, and will not execute the SCRIPT at all, instead passing it immediately. So a SCRIPT that might pass in newer versions will pass for older versions, which keeps the back-compatibility consensus that a softfork needs. So how does OP_SUCCESS make things difficult for cross-input signatur aggregation? Well, one of the ways to ask for a signature to be verified is via the opcodes OP_CHECKSIGVERIFY. With cross-input signature aggregation, if a public key indicates it can be used for cross-input signature aggregation, instead of OP_CHECKSIGVERIFY actually requiring the signature on the stack, the stack will contain a dummy 0 value for the signature, and the public key is instead added to a "sum" public key (i.e. an n-of-n that is dynamically extended by one more pubkey for each OP_CHECKSIGVERIFY operation that executes) for the single signature that is verified later by the cross-input signature aggregation validation algorithm00. The important part here is that the OP_CHECKSIGVERIFY has to execute, in order to add its public key to the set of public keys to be checked in the single signature. But remember that an OP_SUCCESS prevents execution! As soon as the SCRIPT is parsed, if any opcode is OP_SUCCESS, that is considered as passing, without actually executing the SCRIPT, because the OP_SUCCESS could mean something completely different in newer versions and current versions should assume nothing about what it means. If the SCRIPT contains some OP_CHECKSIGVERIFY command in addition to an OP_SUCCESS, that command is not executed by current versions, and thus they cannot add any public keys given by OP_CHECKSIGVERIFY. Future versions also have to accept that: if they parsed an OP_SUCCESS command that has a new meaning in the future, and then execute an OP_CHECKSIGVERIFY in that SCRIPT, they cannot add the public key into the same "sum" public key that older nodes use, because older nodes cannot see them. This means that you might need more than one signature in the future, in the presence of an opcode that replaces some OP_SUCCESS. Thus, because of the complexity of making cross-input signature aggregation work compatibly with future extensions to the protocol, cross-input signature aggregation was deferred.
Disclaimer: This is my editing, so there could be always some misunderstandings and exaggerations, plus many convos are from 'spec channel', so take it with a grain of salt, pls. + I added some recent convos afterward. -------------------------------------------------- 📷 Luigi Vigneri [IF]어제 오후 8:26 Giving the opportunity to everybody to set up/run nodes is one of IOTA's priority. A minimum amount of resources is obviously required to prevent easy attacks, but we are making sure that being active part of the IOTA network can be possible without crazy investments. we are building our solution in such a way that the protocol is fair and lightweight. 📷 Hans Moog [IF]어제 오후 11:24 IOTA is not "free to use" but it's - fee-less you have tokens? you can send them around for free 📷 Hans Moog [IF]어제 오후 11:25 you have no tokens? you have to pay to use the network 📷 lekanovic어제 오후 11:25 I think it is a smart way to avoid the spamming network problem 📷 Hans Moog [IF]어제 오후 11:26 owning tokens is essentially like owning a share of the actual network and the throughput it can process 📷 Hans Moog [IF]어제 오후 11:26**** if you don't need all of that yourself, you can rent it out to people and earn money 📷 Hans Moog [IF]어제 오후 11:27 mana = tokens * time since you own them simplified 📷 Hans Moog [IF]어제 오후 11:27 the longer you hold your tokens and the more you have, the more mana you have but every now and then you have to move them to "realize" that mana 📷 lekanovic어제 오후 11:28 Is there any other project that is using a Mana solution to the network fee problem ? 📷 Hans Moog [IF]어제 오후 11:28 nah the problem with current protocol is that they are leader based 📷 Hans Moog [IF]어제 오후 11:29 you need absolute consensus on who the current leaders are and what their influence in the network is that's how blockchains works 📷 Hans Moog [IF]어제 오후 11:29 if two block producers produce 2 blocks at the same time, then you have to choose which one wins and where everybody attaches their next block to IOTA works differently and doesn't need to choose a single leader we therefore have a much bigger flexibility of designing our sybil protection mechanisms in a way, mana is also supposed to solve the problem of "rewarding" the infrastructure instead of the validators in blockchain only the miners get all the money running a node and even if it's one that is used by a lot of people will only cost you won't get anything back no fees, nothing the miners get it all 📷 Hans Moog [IF]어제 오후 11:31 in IOTA, the node operators receive the mana which gives them a share of the network throughput 📷 Hans Moog [IF]어제 오후 11:32 because in blockchain you need to decide whose txs become part of the blocks and it's not really based on networking protocols like AIMD 📷 lekanovic어제 오후 11:33 And the more Mana your node have, the more trust your node has and you have more to say in the FPC, is that correct? 📷 Hans Moog [IF]어제 오후 11:33 yeah a node that has processed a lot of txs of its users will have more mana than other nodes and therefore a bigger say in deciding conflicts its a direct measure of "trust" by its users 📷 lekanovic어제 오후 11:34 And choosing committee for dRNG would be done on L1 protocol level? Everything regarding Mana will be L1 level, right? 📷 Hans Moog [IF]어제 오후 11:35 Yeah Mana is layer1, but will also be used as weight in L2 solutions like smart contracts 📷 lekanovic어제 오후 11:35 And you are not dependant on using SC to implement this 📷 Hans Moog [IF]어제 오후 11:35 No, you don't need smart contracts That's all the base layer 📷 Hans Moog [IF]어제 오후 11:37 'Time' actually takes into account things like decay So it doesn't just increase forever It's close to "Demurrage" in monetary theory 📷 lekanovic어제 오후 11:36 For projects to be able to connect to Polkadot or Cosmos, you need to get the state of the ledger. Will it be possible to get the Tangle state? If this would be possible, then I think it would be SUPER good for IOTA 📷 Hans Moog [IF]어제 오후 11:38 Yeah but polkadot is not connecting other dlts Just inhouse stuff 📷 Hyperware어제 오후 11:39 Is there still a cap on mana so that the rich don't get richer? 📷 Hans Moog [IF]어제 오후 11:39 Yes mana is capped 📷 TangleAccountant어제 오후 11:39 u/HansMoog [IF] My first thought is thatthe evolution of this renting system will lead to several big mana renting companies that pool together tons of token holders mana. That way businesses looking to rent mana just need to deal with a reliable mana renting company for years instead of a new individualevery couple of months (because life happens and you don't know if that individual will need to sell their IOTAs due to personal reasons). Any thoughts on this? 📷 Hans Moog [IF]어제 오후 11:41 u/TangleAccountantyes that is likely - but also not a bad thing - token holders will have a place to get their monthly payout and the companies that want to use the tangle without having tokens have a place to pay 📷 TangleAccountant어제 오후 11:42 Oh I completely agree.That's really cool. I'll take a stab at creating one of those companies in the US. 📷 Hans Moog [IF]어제 오후 11:42 And everybody who wants to run a node themselves or has tokens and wants use the tangle for free can do so But "leachers" that would want to use the network for free won't be able to do so I mean ultimately there will always be "fees", as there is no "free lunch". You have a certain amount of resources that a network can process and you have a certain demand. And that will naturally result in fees based on supply / demand what you can do however is to build a system where the actual users of that system that legitimately want to use it can do so for free, just because they already "invest" enough by having tokens or running infrastructure they are already contributing to the well-being of the network through these two aspects alone it would be stupid to ask those guys for additional fees and mana essentially tries to be such a measure of honesty among the users 📷 Hyperware어제 오후 11:47 It's interesting from an investment perspective that having tokens/mana is like owning a portion of the network. 📷 Hans Moog [IF]어제 오후 11:48 Yeah, you are owning a certain % of the throughput and whatever the price will ultimately be to execute on this network - you will earn proportionally but you have to keep in mind that we are trying to build the most efficient DLT that you could possibly ever build 📷 semibaron어제 오후 11:48 The whole mana (tokens) = share of network throuput sounds very much like EOS tbh Just that EOS uses DPoS 📷 Hans Moog [IF]어제 오후 11:50 yeah i mean there is really not too many new things under the sun - you can just tweak a few things here and there, when it comes to distributing resources DPoS is simply not very nice from a centralization aspect 📷 Hans Moog [IF]어제 오후 11:50 at least not the way EOS does it delegating weights is 1 thing but assuming that the weight will always be in a way that 21 "identities" run the whole network is bad in the current world you see a centralization of power but ultimately we want to build a future where the wealth is more evenly distributed and the same goes for voting power 📷 Hans Moog [IF]어제 오후 11:52 blockchain needs leader selection it only works with such a centralizing component IOTA doesn't need that it's delusional to say that IOTA wouldn't have any such centralization but maybe we get better than just a handselected nodes📷 📷 Phantom3D어제 오후 11:52 How would this affect a regular hodler without a node. Should i keep my tokens elsewere to generate mana and put the tokens to use? 📷 Hans Moog [IF]어제 오후 11:53 you can do whatever you want with your mana just make an account at a node you regularly use and use it to build up a reputation with that node to be able to use your funds for free or run a node yourself or rent it out to companies if you just hodl 📷 semibaron어제 오후 11:54 Will there be a build-in function into the node software / wallet to delegate ("sell") my mana? 📷 Hans Moog [IF]어제 오후 11:55 u/semibaronnot from the start - that would happen on a 2nd layer ------------------------------------------------------------------------------------------------------------ 📷 dom어제 오후 9:49
suddenly be incentive to hold iota?
to generate Mana 📷 Hyperware오늘 오전 4:21 The only thing I can really do, is believe that the IF have smart answers and are still building the best solutions they can for the sake of the vision 📷 dom오늘 오전 4:43 100% - which is why we're spending so much effort to communicate it more clearly now we'll do an AMA on this topic very soon 📷 M [s2]오늘 오전 4:54 u/dom please accept my question for the AMA: will IOTA remain a permissionless system and if so, how? 📷 dom오늘 오전 4:57 of course it remains permissionless 📷 dom오늘 오전 5:20 what is permissioned about it? is ETH or Bitcoin permissioned because you have to pay a transaction fee in their native token? 📷 Gerrit오늘 오전 5:24 How did your industry partners think about the mana solution and the fact they need to hold the token to ensure network throughput? 📷 dom오늘 오전 5:26 u/Gerritconsidering how the infrastructure, legal and regulatory frameworks are improving around the adoption and usage of crypto-currencies within large companies, I really think that we are introducing this concept exactly at the right time. It should make enterprise partners comfortable in using the permissionless network without much of a hurdle.They can always launch their own network if they want to ... 📷 Gerrit오늘 오전 5:27 Launching their own network can’t be what you want 📷 dom오늘 오전 5:27 exactly but that is what's happening with Ethereum and all the other networks they don't hold Ether tokens either. 📷 Gerrit오늘 오전 5:32 Will be very exciting to see if ongoing regulation will „allow“ companies to invest and hold the tokens. With upcoming custody solutions that would be a fantastic play. 📷 Hans Moog [IF]오늘 오전 5:34 It's still possible to send transactions even without mana - mana is only used in times of congestion to give the people that have more mana more priority there will still be sharding to keep the network free most of the time 📷 Hans Moog [IF]오늘 오전 5:35 but without a protection mechanism, somebody could just spam a lot of bullshit and you could break the network(수정됨) you need some form of protection from this 📷 M [s2]오늘 오전 5:36 u/HansMoog [IF]so when I have 0 Mana, I can still send transactions? This is actually the point where it got strange... 📷 Hans Moog [IF]오늘 오전 5:37 yes you can unless the network is close to its processing capabilities / being attacked by spammers then the nodes will favor the mana holders 📷 Hans Moog [IF]오늘 오전 5:37 but having mana is not a requirement for many years to come currently even people having fpgas can't spam that many tps and we will also have sharding implemented by then 📷 M [s2]오늘 오전 5:39 Thank youu/HansMoog [IF] ! This is the actually important piece of info! 📷 Basha오늘 오전 5:38 ok, i thought it was communicated that you need at least 1 mana to process a transaction. from the blogpost: "... a node with 0 mana can issue no transactions." maybe they meant during the congestion**, but if that's the case maybe you should add that** 📷 Hans Moog [IF]오늘 오전 5:42 its under the point "Congestion control:" yeah this only applies to spam attacks network not overloaded = no mana needed 📷 Hans Moog [IF]오늘 오전 5:43 if congested => favor txs from people who have the most skin in the game but sharding will try to keep the network non-congested most of the time - but there might be short periods of time where an attacker might bring the network close to its limits and of course its going to take a while to add this, so we need a protection mechanism till sharding is supported(수정됨) 📷 Hans Moog [IF]오늘 오전 6:36 I don't have a particular problem with EOS or their amount of validators - the reason why I think blockchain is inferior has really nothing to do with the way you do sybil protection and with validators I mean "voting nodes" I mean even bitcoin has less mining pools and you could compare mining pools to dpos in some sense where people assign their weight (in that case hashing power) to the corresponding mining pools so EOS is definitely not less decentralized than any other tech but having more identities having weight in the decision process definitely makes it harder to corrupt a reasonable fraction of the system and makes it easier to shard so its desirable to have this property(수정됨) ------------------------------------------------- 📷 Antonio Nardella [IF]오늘 오전 3:36
u/C3PO[92% Cooless]They could also add more git repos instead of the wallet one, and we would probably be #1 there too.. ---------------------------------------------------------------------------------- Disclaimer: I'm sorry, maybe I'm fueling some confusion through posting this mana-thing too soon, but, instead of erasing this posting, I'm adding recent convos. Certain things about mana seem to be not clear, yet. It would be better to wait for some official clarification. But, I hope the community gives its full support to IF, 'cause there could be always some bumps along the untouched, unchartered way. -------------------------------------------------------------------------------------- Recent Addition;
Billy Sanders [IF]오늘 오후 1:36
It's still possible to send transactions even without mana - mana is only used in times of congestion to give the people that have more mana more priority
u/HansMoog [IF] Im sorry Hans, but this is false in the current congestion control algorithm. No mana = no transactions. To be honest, we havent really tried to make it work so that you can sent transactions with no mana during ties with no congestion, but I dont see how you can enable this and still maintain the sybil protection required. u/LuigiVigneri [IF] What do you think?📷
Dave [EF]오늘 오후 2:19
Suggestion: Sidebar, then get back to us with the verdict.(수정됨)📷2📷
dom오늘 오후 2:27
No Mana no tx will definitely not be the case(수정됨)📷5📷7***[오후 2:28]***Billy probably means the previous rate control paper as it was written by Luigi. I'll clarify with them📷
Hans Moog [IF]오늘 오후 2:29
When was this decided u/BillySanders [IF] and by whom? Was this discussed at last resum when I wasnt there? The last info that I had was that the congestion control should only kick in when there is congestion?!?***[오후 2:29]***📷 📷 📷📷
Navin Ramachandran [IF]오늘 오후 2:30
Let's sidebar this discussion and return when we have agreement. Dave has the right idea
Taproot! Everybody wants to have it, somebody wants to make it, nobody knows how to get it! (If you are asking why everybody wants it, see: Technical: Taproot: Why Activate?) (Pedants: I mostly elide over lockin times) Briefly, Taproot is that neat new thing that gets us:
Multisignatures (n-of-n, k-of-n) that are just 1 signature (1-of-1) in length!! (MuSig/Schnorr)
Better privacy!! If all contract participants can agree, just use a multisignature. If there is a dispute, show the contract publicly and have the Bitcoin network resolve it (Taproot/MAST).
Activation lets devs work get back to work on the even newer stuff like!!!
Cross-input signature aggregation!! (transaction with multiple inputs can have a single signature for all inputs) --- needs Schnorr, but some more work needed to ensure that the interactions with SCRIPT are okay.
Block validation - Schnorr signatures for all taproot spends in a block can be validated in a single operation instead of for each transaction!! Speed up validation and maybe we can actually afford to increase block sizes (maybe)!!
SIGHASH_ANYPREVOUT - you know, for Decker-Russell-Osuntokun ("eltoo") magic!!!
OP_CHECKTEMPLATEVERIFY - vaulty vaults without requiring storing signatures, just transaction details!!
So yes, let's activate taproot!
The SegWit Wars
The biggest problem with activating Taproot is PTSD from the previous softfork, SegWit. Pieter Wuille, one of the authors of the current Taproot proposal, has consistently held the position that he will not discuss activation, and will accept whatever activation process is imposed on Taproot. Other developers have expressed similar opinions. So what happened with SegWit activation that was so traumatic? SegWit used the BIP9 activation method. Let's dive into BIP9!
bit - A field in the block header, the nVersion, has a number of bits. By setting a particular bit, the miner making the block indicates that it has upgraded its software to support a particular soft fork. The bit parameter for a BIP9 activation is which bit in this nVersion is used to indicate that the miner has upgraded software for a particular soft fork.
timeout - a time limit, expressed as an end date. If this timeout is reached without sufficient number of miners signaling that they upgraded, then the activation fails and Bitcoin Core goes back to the drawing board.
Now there are other parameters (name, starttime) but they are not anywhere near as important as the above two. A number that is not a parameter, is 95%. Basically, activation of a BIP9 softfork is considered as actually succeeding if at least 95% of blocks in the last 2 weeks had the specified bit in the nVersion set. If less than 95% had this bit set before the timeout, then the upgrade fails and never goes into the network. This is not a parameter: it is a constant defined by BIP9, and developers using BIP9 activation cannot change this. So, first some simple questions and their answers:
Why not just set a day when everyone starts imposing the new rules of the softfork?
This was done classically (in the days when Satoshi was still among us). But this might argued to put too much power to developers, since there would be no way to reject an upgrade without possible bad consequences. For example, developers might package an upgrade that the users do not want, together with vital security bugfixes. Either you live without vital security bugfixes and hire some other developers to fix it for you (which can be difficult, presumably the best developers are already the ones working on the codebase) or you get the vital security bugfixes and implicitly support the upgrade you might not want.
Sure, you could fork the code yourself (the ultimate threat in the FOSS world) and hire another set of developers who aren't assholes to do the dreary maintenance work of fixing security bugs, but Bitcoin needs strong bug-for-bug compatibility so everyone should really congregate around a single codebase.
Basically: even the devs do not want this power, because they fear being coerced into putting "upgrades" that are detrimental to users. Satoshi got a pass because nobody knew who he was and how to coerce him.
Suppose the threshold were lower, like 51%. If so, after activation, somebody can disrupt the Bitcoin network by creating a transaction that is valid under the pre-softfork rules, but are invalid under the post-softfork rules. Upgraded nodes would reject it, but 49% of miners would accept it and include it in a block (which makes the block invalid) And then the same 49% would accept the invalid block and build on top of that, possibly creating a short chain of doomed invalid blocks that confirm an invalid spend. This can confuse SPV wallets, who might see multiple confirmations of a transaction and accept the funds, but later find that in fact it is invalid under the now-activated softfork rules.
Thus, a very high threshold was imposed. 95% is considered safe. 50% is definitely not safe. Due to variance in the mining process, 80% could also be potentially unsafe (i.e. 80% of blocks signaling might have a good chance of coming from only 60% of miners), so a threshold of 95% was considered "safe enough for Bitcoin work".
Why have a timeout that disables the upgrade?
Before BIP9, what was used was either flag day or BIP34. BIP34 had no flag day of activation or a bit, instead, it was just a 95% threshold to signal an nVersion value greater than a specific value. Actually, it was two thresholds: at 75%, blocks with the new nVersion would have the new softfork rules imposed, but at 95% blocks with the old nVersion would be rejected (and only the new blocks, with the new softfork rules, were accepted). For one, between 75% and 95%, there was a situation where the softfork was only "partially imposed", only blocks signaling the new rules would actually have those rules, but blocks with the old rules were still valid. This was fine for BIP34, which only added rules for miners with negligible use for non-miners.
The reasons miners signalled support was because they felt they were being pressured to signal support. So they signalled support, with plans to actually upgrade later, but because of the widespread signalling, the new BIP66 version locked in before upgrade plans were finished. Thus, the timeout that disables the upgrade was added in BIP9 to allow miners an escape hatch.
The Great Battles of the SegWit Wars
SegWit not only fixed transaction malleability, it also created a practical softforkable blocksize increase that also rebalanced weights so that the cost of spending a UTXO is about the same as the cost of creating UTXOs (and spending UTXOs is "better" since it limits the size of the UTXO set that every fullnode has to maintain). So SegWit was written, the activation was decided to be BIP9, and then.... miner signalling stalled at below 75%. Thus were the Great SegWit Wars started.
BIP9 Feature Hostage
If you are a miner with at least 5% global hashpower, you can hold a BIP9-activated softfork hostage. You might even secretly want the softfork to actually push through. But you might want to extract concession from the users and the developers. Like removing the halvening. Or raising or even removing the block size caps (which helps larger miners more than smaller miners, making it easier to become a bigger fish that eats all the smaller fishes). Or whatever. With BIP9, you can hold the softfork hostage. You just hold out and refuse to signal. You tell everyone you will signal, if and only if certain concessions are given to you. This ability by miners to hold a feature hostage was enabled because of the miner-exit allowed by the timeout on BIP9. Prior to that, miners were considered little more than expendable security guards, paid for the risk they take to secure the network, but not special in the grand scheme of Bitcoin.
ASICBoost was a novel way of optimizing SHA256 mining, by taking advantage of the structure of the 80-byte header that is hashed in order to perform proof-of-work. The details of ASICBoost are out-of-scope here but you can read about it elsewhere Here is a short summary of the two types of ASICBoost, relevant to the activation discussion.
Overt ASICBoost - Manipulates the unused bits in nVersion to reduce power consumption in mining.
Covert ASICBoost - Manipulates the order of transactions in the block to reduce power consumption in mining.
Now, "overt" means "obvious", while "covert" means hidden. Overt ASICBoost is obvious because nVersion bits that are not currently in use for BIP9 activations are usually 0 by default, so setting those bits to 1 makes it obvious that you are doing something weird (namely, Overt ASICBoost). Covert ASICBoost is non-obvious because the order of transactions in a block are up to the miner anyway, so the miner rearranging the transactions in order to get lower power consumption is not going to be detected. Unfortunately, while Overt ASICBoost was compatible with SegWit, Covert ASICBoost was not. This is because, pre-SegWit, only the block header Merkle tree committed to the transaction ordering. However, with SegWit, another Merkle tree exists, which commits to transaction ordering as well. Covert ASICBoost would require more computation to manipulate two Merkle trees, obviating the power benefits of Covert ASICBoost anyway. Now, miners want to use ASICBoost (indeed, about 60->70% of current miners probably use the Overt ASICBoost nowadays; if you have a Bitcoin fullnode running you will see the logs with lots of "60 of last 100 blocks had unexpected versions" which is exactly what you would see with the nVersion manipulation that Overt ASICBoost does). But remember: ASICBoost was, at around the time, a novel improvement. Not all miners had ASICBoost hardware. Those who did, did not want it known that they had ASICBoost hardware, and wanted to do Covert ASICBoost! But Covert ASICBoost is incompatible with SegWit, because SegWit actually has two Merkle trees of transaction data, and Covert ASICBoost works by fudging around with transaction ordering in a block, and recomputing two Merkle Trees is more expensive than recomputing just one (and loses the ASICBoost advantage). Of course, those miners that wanted Covert ASICBoost did not want to openly admit that they had ASICBoost hardware, they wanted to keep their advantage secret because miners are strongly competitive in a very tight market. And doing ASICBoost Covertly was just the ticket, but they could not work post-SegWit. Fortunately, due to the BIP9 activation process, they could hold SegWit hostage while covertly taking advantage of Covert ASICBoost!
UASF: BIP148 and BIP8
When the incompatibility between Covert ASICBoost and SegWit was realized, still, activation of SegWit stalled, and miners were still not openly claiming that ASICBoost was related to non-activation of SegWit. Eventually, a new proposal was created: BIP148. With this rule, 3 months before the end of the SegWit timeout, nodes would reject blocks that did not signal SegWit. Thus, 3 months before SegWit timeout, BIP148 would force activation of SegWit. This proposal was not accepted by Bitcoin Core, due to the shortening of the timeout (it effectively times out 3 months before the initial SegWit timeout). Instead, a fork of Bitcoin Core was created which added the patch to comply with BIP148. This was claimed as a User Activated Soft Fork, UASF, since users could freely download the alternate fork rather than sticking with the developers of Bitcoin Core. Now, BIP148 effectively is just a BIP9 activation, except at its (earlier) timeout, the new rules would be activated anyway (instead of the BIP9-mandated behavior that the upgrade is cancelled at the end of the timeout). BIP148 was actually inspired by the BIP8 proposal (the link here is a historical version; BIP8 has been updated recently, precisely in preparation for Taproot activation). BIP8 is basically BIP9, but at the end of timeout, the softfork is activated anyway rather than cancelled. This removed the ability of miners to hold the softfork hostage. At best, they can delay the activation, but not stop it entirely by holding out as in BIP9. Of course, this implies risk that not all miners have upgraded before activation, leading to possible losses for SPV users, as well as again re-pressuring miners to signal activation, possibly without the miners actually upgrading their software to properly impose the new softfork rules.
BIP91, SegWit2X, and The Aftermath
BIP148 inspired countermeasures, possibly from the Covert ASiCBoost miners, possibly from concerned users who wanted to offer concessions to miners. To this day, the common name for BIP148 - UASF - remains an emotionally-charged rallying cry for parts of the Bitcoin community. One of these was SegWit2X. This was brokered in a deal between some Bitcoin personalities at a conference in New York, and thus part of the so-called "New York Agreement" or NYA, another emotionally-charged acronym. The text of the NYA was basically:
Set up a new activation threshold at 80% signalled at bit 4 (vs bit 1 for SegWit).
When this 80% signalling was reached, miners would require that bit 1 for SegWit be signalled to achive the 95% activation needed for SegWit.
If the bit 4 signalling reached 80%, increase the block weight limit from the SegWit 4000000 to the SegWit2X 8000000, 6 months after bit 1 activation.
The first item above was coded in BIP91. Unfortunately, if you read the BIP91, independently of NYA, you might come to the conclusion that BIP91 was only about lowering the threshold to 80%. In particular, BIP91 never mentions anything about the second point above, it never mentions that bit 4 80% threshold would also signal for a later hardfork increase in weight limit. Because of this, even though there are claims that NYA (SegWit2X) reached 80% dominance, a close reading of BIP91 shows that the 80% dominance was only for SegWit activation, without necessarily a later 2x capacity hardfork (SegWit2X). This ambiguity of bit 4 (NYA says it includes a 2x capacity hardfork, BIP91 says it does not) has continued to be a thorn in blocksize debates later. Economically speaking, Bitcoin futures between SegWit and SegWit2X showed strong economic dominance in favor of SegWit (SegWit2X futures were traded at a fraction in value of SegWit futures: I personally made a tidy but small amount of money betting against SegWit2X in the futures market), so suggesting that NYA achieved 80% dominance even in mining is laughable, but the NYA text that ties bit 4 to SegWit2X still exists. Historically, BIP91 triggered which caused SegWit to activate before the BIP148 shorter timeout. BIP148 proponents continue to hold this day that it was the BIP148 shorter timeout and no-compromises-activate-on-August-1 that made miners flock to BIP91 as a face-saving tactic that actually removed the second clause of NYA. NYA supporters keep pointing to the bit 4 text in the NYA and the historical activation of BIP91 as a failed promise by Bitcoin developers.
We have discussed BIP8: roughly, it has bit and timeout, if 95% of miners signal bit it activates, at the end of timeout it activates. (EDIT: BIP8 has had recent updates: at the end of timeout it can now activate or fail. For the most part, in the below text "BIP8", means BIP8-and-activate-at-timeout, and "BIP9" means BIP8-and-fail-at-timeout) So let's take a look at Modern Softfork Activation!
Modern Softfork Activation
This is a more complex activation method, composed of BIP9 and BIP8 as supcomponents.
First have a 12-month BIP9 (fail at timeout).
If the above fails to activate, have a 6-month discussion period during which users and developers and miners discuss whether to continue to step 3.
Have a 24-month BIP8 (activate at timeout).
The total above is 42 months, if you are counting: 3.5 years worst-case activation. The logic here is that if there are no problems, BIP9 will work just fine anyway. And if there are problems, the 6-month period should weed it out. Finally, miners cannot hold the feature hostage since the 24-month BIP8 period will exist anyway.
PSA: Being Resilient to Upgrades
Software is very birttle. Anyone who has been using software for a long time has experienced something like this:
You hear a new version of your favorite software has a nice new feature.
Excited, you install the new version.
You find that the new version has subtle incompatibilities with your current workflow.
You are sad and downgrade to the older version.
You find out that the new version has changed your files in incompatible ways that the old version cannot work with anymore.
You tearfully reinstall the newer version and figure out how to get your lost productivity now that you have to adapt to a new workflow
If you are a technically-competent user, you might codify your workflow into a bunch of programs. And then you upgrade one of the external pieces of software you are using, and find that it has a subtle incompatibility with your current workflow which is based on a bunch of simple programs you wrote yourself. And if those simple programs are used as the basis of some important production system, you hve just screwed up because you upgraded software on an important production system. And well, one of the issues with new softfork activation is that if not enough people (users and miners) upgrade to the newest Bitcoin software, the security of the new softfork rules are at risk. Upgrading software of any kind is always a risk, and the more software you build on top of the software-being-upgraded, the greater you risk your tower of software collapsing while you change its foundations. So if you have some complex Bitcoin-manipulating system with Bitcoin somewhere at the foundations, consider running two Bitcoin nodes:
One is a "stable-version" Bitcoin node. Once it has synced, set it up to connect=x.x.x.x to the second node below (so that your ISP bandwidth is only spent on the second node). Use this node to run all your software: it's a stable version that you don't change for long periods of time. Enable txiindex, disable pruning, whatever your software needs.
The other is an "always-up-to-date" Bitcoin Node. Keep its stoarge down with pruning (initially sync it off the "stable-version" node). You can't use blocksonly if your "stable-version" node needs to send transactions, but otherwise this "always-up-to-date" Bitcoin node can be kept as a low-resource node, so you can run both nodes in the same machine.
When a new Bitcoin version comes up, you just upgrade the "always-up-to-date" Bitcoin node. This protects you if a future softfork activates, you will only receive valid Bitcoin blocks and transactions. Since this node has nothing running on top of it, it is just a special peer of the "stable-version" node, any software incompatibilities with your system software do not exist. Your "stable-version" Bitcoin node remains the same version until you are ready to actually upgrade this node and are prepared to rewrite most of the software you have running on top of it due to version compatibility problems. When upgrading the "always-up-to-date", you can bring it down safely and then start it later. Your "stable-version" wil keep running, disconnected from the network, but otherwise still available for whatever queries. You do need some system to stop the "always-up-to-date" node if for any reason the "stable-version" goes down (otherwisee if the "always-up-to-date" advances its pruning window past what your "stable-version" has, the "stable-version" cannot sync afterwards), but if you are technically competent enough that you need to do this, you are technically competent enough to write such a trivial monitor program (EDIT: gmax notes you can adjust the pruning window by RPC commands to help with this as well). This recommendation is from gmaxwell on IRC, by the way.
[OWL WATCH] Waiting for "IOTA TIME" 20; Hans's re-defined directions for DLT
Disclaimer: This is my editing, so there could be some misunderstandings... -------------------------------------------- wellwho오늘 오후 4:50 u/BenRoyce****how far is society2 from having something clickable powered by IOTA? Ben Royce오늘 오후 4:51 demo of basic tech late sep/ early oct. MVP early 2021 --------------------------------------------------- HusQy Colored coins are the most misunderstood upcoming feature of the IOTA protocol. A lot of people see them just as a competitor to ERC-20 tokens on ETH and therefore a way of tokenizing things on IOTA, but they are much more important because they enable "consensus on data". Bob All this stuff already works on neblio but decentralized and scaling to 3500 tps HusQy Neblio has 8 mb blocks with 30 seconds blocktime.This is a throughput of 8 mb / 30 seconds = 267 kb per second.Transactions are 401+ bytes which means that throughput is 267 kb / 401 bytes = 665 TPS. IOTA is faster, feeless and will get even faster with the next update ... ----------------------------------------------------------------------------- HusQy Which DLT would be more secure? One that is collaboratively validated by the economic actors of the world (coporations, companies, foundations, states, people) or one that is validated by an anonymous group of wealthy crypto holders? HusQy The problem with current DLTs is that we use protection mechanisms like Proof of Work and Proof of Stake that are inherently hard to shard. The more shards you have, the more you have to distribute your hashing power and your stake and the less secure the system becomes. HusQy Real world identities (i.e. all the big economic actors) however could shard into as many shards as necessary without making the system less secure. Todays DLTs waste trust in the same way as PoW wastes energy. HusQy Is a secure money worth anything if you can't trust the economic actors that you would buy stuff from? If you buy a car from Volkswagen and they just beat you up and throw you out of the shop after you payed then a secure money won't be useful either :P HusQy **I believe that if you want to make DLT work and be successful then we need to ultimately incorporate things like trust in entities into the technology.**Examples likes wirecard show that trusting a single company is problematic buttrusting the economy as a whole should be at ... **... least as secure as todays DLTs.**And as soon as you add sharding it will be orders of magnitude more secure.DLT has failed to deliver because people have tried to build a system in vacuum that completely ignores things that already exist and that you can leverage on. ---------------------------------------------------------------------------------- HusQy Blockchain is a bit like people sitting in a room, trying to communicate through BINGO sheets. While they talk, they write down some of the things that have been said and as soon as one screams BINGO! he hands around his sheet to inform everybody about what has been said. HusQy If you think that this is the most efficient form of communication for people sitting in the same room and the answer to scalability is to make bigger BINGO sheets or to allow people to solve the puzzle faster then you will most probably never understand what IOTA is working on. -------------------------------------------------------------------------------- HusQy **Blockchain does not work with too many equally weighted validators.****If 400 validators produce a validating statement (block) at the same time then only one can survive as part of a longest chain.**IOTA is all about collaborative validation. **Another problem of blockchain is that every transaction gets sent twice through the network. Once from the nodes to the miners and a 2nd time from the miners as part of a block.**Blockchain will therefore always only be able to use 50% of the network throughput. And****the last problem is that you can not arbitrarily decrease the time between blocks as it breaks down if the time between blocks gets smaller than the average network delay. The idle time between blocks is precious time that could be used for processing transactions. ----------------------------------------------------------------------------- HusQy I am not talking about a system with a fixed number of validators but one that is completely open and permissionless where any new company can just spin up a node and take part in the network. ------------------------------------------------------------------------ HusQy Proof of Work and Proof of Stake are both centralizing sybil-protection mechanism. I don't think that Satoshi wanted 14 mining pools to run the network. And "economic clustering" was always the "end game" of IOTA. ----------------------------------------------------------------------------- HusQy **Using Proof of Stake is not trustless. Proof of Stake means you trust the richest people and hope that they approve your transactions. The rich are getting richer (through your fees) and you are getting more and more dependant on them.**Is that your vision of the future? ---------------------------------------------------------------------------- HusQy Please read again exactly what I wrote. I have not spoken of introducing governance by large companies, nor have I said that IOTA should be permissioned. We aim for a network with millions or even billions of nodes. HusQy That can't work at all with a permissioned ledger - who should then drop off all these devices or authorize them to participate in the network? My key message was the following: Proof of Work and Proof of Stake will always be if you split them up via sharding ... HusQy ... less secure because you simply need fewer coins or less hash power to have the majority of the votes in a shard. This is not the case with trust in society and the economy. When all companies in the world jointly secure a DLT ... HusQy ... then these companies could install any number of servers in any number of shards without compromising security, because "trust" does not become less just because they operate several servers. First of all, that is a fact and nothing else. HusQy Proof of Work and Proof of Stake are contrary to the assumption of many not "trustless" but follow the maxim: "In the greed of miners we trust!" The basic assumption that the miners do not destroy the system that generates income for them is fundamental here for the ... HusQy ... security of every DLT. I think a similar assumption would still be correct for the economy as a whole: The companies of the world (and not just the big ones) would not destroy the system with which their customers pay them. In this respect, a system would be ... HusQy ... which is validated by society and the economy as a whole probably just as "safely" as a system which is validated by a few anonymous miners. Why a small elite of miners should be better validators than any human and ... HusQy ... To be honest, companies in this world do not open up to me. As already written in my other thread, safe money does not bring you anything if you have to assume that Volkswagen will beat you up and throw you out of the store after you ... HusQy ... paid for a car. The thoughts I discussed say nothing about the immediate future of IOTA (we use for Coordicide mana) but rather speak of a world where DLT has already become an integral part of our lives and we ... HusQy ... a corresponding number of companies, non-profit organizations and people have used DLT and where such a system could be implemented. The point here is not to create a governance solution that in any way influences the development of technology ... HusQy ... or have to give nodes their OK first, but about developing a system that enables people to freely choose the validators they trust. For example, you can also declare your grandma to be a validator when you install your node or your ... HusQy ... local supermarket. Economic relationships in the real world usually form a close-knit network and it doesn't really matter who you follow as long as the majority is honest. I also don't understand your criticism of censorship, because something like that in IOTA ... HusQy ... is almost impossible. Each transaction confirms two other transactions which is growing exponentially. If someone wanted to ignore a transaction, he would have to ignore an exponential number of other transactions after a very short time. In contrast to blockchain ... HusQy ... validators in IOTA do not decide what is included in the ledger, but only decide which of several double spends should be confirmed. Honest transactions are confirmed simply by having other transactions reference them ... HusQy ... and the "validators" are not even asked. As for the "dust problem", this is indeed something that is a bigger problem for IOTA than for other DLTs because we have no fees, but it is also not an unsolvable problem. Bitcoin initially has a ... HusQy Solved similar problem by declaring outputs with a minimum amount of 5430 satoshis as invalid (github.com/Bitcoin/Bitcoi…). A similar solution where an address must contain a minimum amount is also conceivable for IOTA and we are discussing ... HusQy ... several possibilities (including compressing dust using cryptographic methods). Contrary to your assumption, checking such a minimum amount is not slow but just as fast as checking a normal transaction. And mine ... HusQy ... In my opinion this is no problem at all for IOTA's use case. The important thing is that you can send small amounts, but after IOTA is feeless it is also okay to expect the recipients to regularly send their payments on a ... HusQy ... merge address. The wallets already do this automatically (sweeping) and for machines it is no problem to automate this process. So far this was not a problem because the TPS were limited but with the increased TPS throughput of ... HusQy ... Chrysalis it becomes relevant and appropriate solutions are discussed and then implemented accordingly. I think that was the most important thing first and if you have further questions just write :) HusQy And to be very clear! I really appreciate you and your questions and don't see this as an attack at all! People who see such questions as inappropriate criticism should really ask whether they are still objective. I have little time at the moment because ... HusQy ... my girlfriend is on tour and has to take care of our daughter, but as soon as she is back we can discuss these things in a video. I think that the concept of including the "real world" in the concepts of DLT is really exciting and ... HusQy ... that would certainly be exciting to discuss in a joint video. But again, that's more of a vision than a specific plan for the immediate future. This would not work with blockchain anyway but IOTA would be compatible so why not think about such things. ----------------------------------------------------------------------- HusQy All good my big one :P But actually not that much has changed. There has always been the concept of "economic clustering" which is basically based on similar ideas. We are just now able to implement things like this for the first time. ---------------------------------------------------------------------------------- HusQy Exactly. It would mean that addresses "cost" something but I would rather pay a few cents than fees for each transaction. And you can "take" this minimum amount with you every time you change to a new address. HusQy All good my big one :P But actually not that much has changed. There has always been the concept of "economic clustering" which is basically based on similar ideas. We are just now able to implement things like this for the first time. ----------------------------------------------------------------------------------- Relax오늘 오전 1:17 Btw. Hans (sorry for interrupting this convo) but what make people say that IOTA is going the permissioned way because of your latest tweets? I don't get why some people are now forecasting that... Is it because of missing specs or do they just don't get the whole idea? Hans Moog [IF]오늘 오전 1:20 its bullshitu/Relaxanidentity based system would still be open and permissionless where everybody can choose the actors that they deem trustworthy themselves but thats anyway just sth that would be applicable with more adoption [오전 1:20] for now we use mana as a predecessor to an actual reputation system Sissors오늘 오전 1:31 If everybody has to choose actors they deem trustworthy, is it still permissionless? Probably will become a bit a semantic discussion, but still Hans Moog [IF]오늘 오전 1:34 Of course its permissionless you can follow your grandma if you want to :p Sissors오늘 오전 1:36 Well sure you can, but you will need to follow something which has a majority of the voting power in the network. Nice that you follow your grandma, but if others dont, her opinion (or well her nodes opinion) is completely irrelevant Hans Moog [IF]오늘 오전 1:37 You would ideally follow the people that are trustworthy rather than your local drug dealers yeah Sissors오늘 오전 1:38 And tbh, sure if you do it like that is easy. If you just make the users responsible for only connection to trustworthy nodes Hans Moog [IF]오늘 오전 1:38 And if your grandma follows her supermarket and some other people she deems trustworthy then thats fine as well [오전 1:38] + you dont have just 1 actor that you follow Sissors오늘 오전 1:38 No, you got a large list, since yo uwant to follow those which actually matter. So you jsut download a standard list from the internet Hans Moog [IF]오늘 오전 1:39 You can do that [오전 1:39] Is bitcoin permissionless? Should we both try to become miners? [오전 1:41] I mean miners that actually matter and not find a block every 10 trillion years 📷 [오전 1:42] If you would want to become a validator then you would need to build up trust among other people - but anybody can still run a node and issue transactions unlike in hashgraph where you are not able to run your own nodes(수정됨) [오전 1:48] Proof of Stake is also not trustless - it just has a builtin mechanism that downloads the trusted people from the blockchain itself (the richest dudes) Sissors오늘 오전 1:52 I think most agree it would be perfect if every person had one vote. Which is pr oblematic to implement of course. But I really wonder if the solution is to just let users decide who to trust. At the very least I expect a quite centralized network Hans Moog [IF]오늘 오전 1:53 of course even a trust based system would to a certain degree be centralized as not every person is equally trustworthy as for example a big cooperation [오전 1:53] but I think its gonna be less centralized than PoS or PoW [오전 1:53] but anyway its sth for "after coordicide" [오전 1:54] there are not enough trusted entities that are using DLT, yet to make such a system work reasonably well [오전 1:54] I think the reason why blockchain has not really started to look into these kind of concepts is because blockchain doesnt work with too many equally weighted validators [오전 1:56] I believe that DLT is only going to take over the world if it is actually "better" than existing systems and with better I mean cheaper, more secure and faster and PoS and PoW will have a very hard time to deliver that [오전 1:56] especially if you consider that its not only going to settle value transfers Relax오늘 오전 1:57 I like this clear statements, it makes it really clear that DLT is still in its infancy Hans Moog [IF]오늘 오전 1:57 currently bank transfers are order of magnitude cheaper than BTC or ETH transactions Hans Moog [IF]오늘 오전 1:57 and we you think that people will adopt it just because its crypto then I think we are mistaken [오전 1:57] The tech needs to actually solve a problem [오전 1:57] and tbh. currently people use PayPal and other companies to settle their payments [오전 1:58] having a group of the top 500 companies run such a service together is already much better(수정됨) [오전 1:58] especially if its fast and feeless [오전 2:02] and the more people use it, the more decentralized it actually becomes [오전 2:02] because you have more trustworthy entities to choose of Evaldas [IF]오늘 오전 2:08 "in the greed of miners we trust"
Maybe it's time to discuss bitcoin's history again. Credit to u/singularity87 for the original post over 3 years ago. People should get the full story of bitcoin because it is probably one of the strangest of all reddit subs. bitcoin, the main sub for the bitcoin community is held and run by a person who goes by the pseudonym u/theymos. Theymos not only controls bitcoin, but also bitcoin.org and bitcointalk.com. These are top three communication channels for the bitcoin community, all controlled by just one person. For most of bitcoin's history this did not create a problem (at least not an obvious one anyway) until around mid 2015. This happened to be around the time a new player appeared on the scene, a for-profit company called Blockstream. Blockstream was made up of/hired many (but not all) of the main bitcoin developers. (To be clear, Blockstream was founded before mid 2015 but did not become publicly active until then). A lot of people, including myself, tried to point out there we're some very serious potential conflicts of interest that could arise when one single company controls most of the main developers for the biggest decentralised and distributed cryptocurrency. There were a lot of unknowns but people seemed to give them the benefit of the doubt because they were apparently about to release some new software called "sidechains" that could offer some benefits to the network. Not long after Blockstream came on the scene the issue of bitcoin's scalability once again came to forefront of the community. This issue came within the community a number of times since bitcoins inception. Bitcoin, as dictated in the code, cannot handle any more than around 3 transactions per second at the moment. To put that in perspective Paypal handles around 15 transactions per second on average and VISA handles something like 2000 transactions per second. The discussion in the community has been around how best to allow bitcoin to scale to allow a higher number of transactions in a given amount of time. I suggest that if anyone is interested in learning more about this problem from a technical angle, they go to btc and do a search. It's a complex issue but for many who have followed bitcoin for many years, the possible solutions seem relatively obvious. Essentially, currently the limit is put in place in just a few lines of code. This was not originally present when bitcoin was first released. It was in fact put in place afterwards as a measure to stop a bloating attack on the network. Because all bitcoin transactions have to be stored forever on the bitcoin network, someone could theoretically simply transmit a large number of transactions which would have to be stored by the entire network forever. When bitcoin was released, transactions were actually for free as the only people running the network were enthusiasts. In fact a single bitcoin did not even have any specific value so it would be impossible set a fee value. This meant that a malicious person could make the size of the bitcoin ledger grow very rapidly without much/any cost which would stop people from wanting to join the network due to the resource requirements needed to store it, which at the time would have been for very little gain. Towards the end of the summer last year, this bitcoin scaling debate surfaced again as it was becoming clear that the transaction limit for bitcoin was semi regularly being reached and that it would not be long until it would be regularly hit and the network would become congested. This was a very serious issue for a currency. Bitcoin had made progress over the years to the point of retailers starting to offer it as a payment option. Bitcoin companies like, Microsoft, Paypal, Steam and many more had began to adopt it. If the transaction limit would be constantly maxed out, the network would become unreliable and slow for users. Users and businesses would not be able to make a reliable estimate when their transaction would be confirmed by the network. Users, developers and businesses (which at the time was pretty much the only real bitcoin subreddit) started to discuss how we should solve the problem bitcoin. There was significant support from the users and businesses behind a simple solution put forward by the developer Gavin Andreesen. Gavin was the lead developer after Satoshi Nakamoto left bitcoin and he left it in his hands. Gavin initially proposed a very simple solution of increasing the limit which was to change the few lines of code to increase the maximum number of transactions that are allowed. For most of bitcoin's history the transaction limit had been set far far higher than the number of transactions that could potentially happen on the network. The concept of increasing the limit one time was based on the fact that history had proven that no issue had been cause by this in the past. A certain group of bitcoin developers decided that increasing the limit by this amount was too much and that it was dangerous. They said that the increased use of resources that the network would use would create centralisation pressures which could destroy the network. The theory was that a miner of the network with more resources could publish many more transactions than a competing small miner could handle and therefore the network would tend towards few large miners rather than many small miners. The group of developers who supported this theory were all developers who worked for the company Blockstream. The argument from people in support of increasing the transaction capacity by this amount was that there are always inherent centralisation pressure with bitcoin mining. For example miners who can access the cheapest electricity will tend to succeed and that bigger miners will be able to find this cheaper electricity easier. Miners who have access to the most efficient computer chips will tend to succeed and that larger miners are more likely to be able to afford the development of them. The argument from Gavin and other who supported increasing the transaction capacity by this method are essentially there are economies of scale in mining and that these economies have far bigger centralisation pressures than increased resource cost for a larger number of transactions (up to the new limit proposed). For example, at the time the total size of the blockchain was around 50GB. Even for the cost of a 500GB SSD is only $150 and would last a number of years. This is in-comparison to the $100,000's in revenue per day a miner would be making. Various developers put forth various other proposals, including Gavin Andresen who put forth a more conservative increase that would then continue to increase over time inline with technological improvements. Some of the employees of blockstream also put forth some proposals, but all were so conservative, it would take bitcoin many decades before it could reach a scale of VISA. Even though there was significant support from the community behind Gavin's simple proposal of increasing the limit it was becoming clear certain members of the bitcoin community who were part of Blockstream were starting to become increasingly vitriolic and divisive. Gavin then teamed up with one of the other main bitcoin developers Mike Hearn and released a coded (i.e. working) version of the bitcoin software that would only activate if it was supported by a significant majority of the network. What happened next was where things really started to get weird. After this free and open source software was released, Theymos, the person who controls all the main communication channels for the bitcoin community implemented a new moderation policy that disallowed any discussion of this new software. Specifically, if people were to discuss this software, their comments would be deleted and ultimately they would be banned temporarily or permanently. This caused chaos within the community as there was very clear support for this software at the time and it seemed our best hope for finally solving the problem and moving on. Instead a censorship campaign was started. At first it 'all' they were doing was banning and removing discussions but after a while it turned into actively manipulating the discussion. For example, if a thread was created where there was positive sentiment for increasing the transaction capacity or being negative about the moderation policies or negative about the actions of certain bitcoin developers, the mods of bitcoin would selectively change the sorting order of threads to 'controversial' so that the most support opinions would be sorted to the bottom of the thread and the most vitriolic would be sorted to the top of the thread. This was initially very transparent as it was possible to see that the most downvoted comments were at the top and some of the most upvoted were at the bottom. So they then implemented hiding the voting scores next to the users name. This made impossible to work out the sentiment of the community and when combined with selectively setting the sorting order to controversial it was possible control what information users were seeing. Also, due to the very very large number of removed comments and users it was becoming obvious the scale of censorship going on. To hide this they implemented code in their CSS for the sub that completely hid comments that they had removed so that the censorship itself was hidden. Anyone in support of scaling bitcoin were removed from the main communication channels. Theymos even proudly announced that he didn't care if he had to remove 90% of the users. He also later acknowledged that he knew he had the ability to block support of this software using the control he had over the communication channels. While this was all going on, Blockstream and it's employees started lobbying the community by paying for conferences about scaling bitcoin, but with the very very strange rule that no decisions could be made and no complete solutions could be proposed. These conferences were likely strategically (and successfully) created to stunt support for the scaling software Gavin and Mike had released by forcing the community to take a "lets wait and see what comes from the conferences" kind of approach. Since no final solutions were allowed at these conferences, they only served to hinder and splinter the communities efforts to find a solution. As the software Gavin and Mike released called BitcoinXT gained support it started to be attacked. Users of the software were attack by DDOS. Employees of Blockstream were recommending attacks against the software, such as faking support for it, to only then drop support at the last moment to put the network in disarray. Blockstream employees were also publicly talking about suing Gavin and Mike from various different angles simply for releasing this open source software that no one was forced to run. In the end Mike Hearn decided to leave due to the way many members of the bitcoin community had treated him. This was due to the massive disinformation campaign against him on bitcoin. One of the many tactics that are used against anyone who does not support Blockstream and the bitcoin developers who work for them is that you will be targeted in a smear campaign. This has happened to a number of individuals and companies who showed support for scaling bitcoin. Theymos has threatened companies that he will ban any discussion of them on the communication channels he controls (i.e. all the main ones) for simply running software that he disagrees with (i.e. any software that scales bitcoin). As time passed, more and more proposals were offered, all against the backdrop of ever increasing censorship in the main bitcoin communication channels. It finally come down the smallest and most conservative solution. This solution was much smaller than even the employees of Blockstream had proposed months earlier. As usual there was enormous attacks from all sides and the most vocal opponents were the employees of Blockstream. These attacks still are ongoing today. As this software started to gain support, Blockstream organised more meetings, especially with the biggest bitcoin miners and made a pact with them. They promised that they would release code that would offer an on-chain scaling solution hardfork within about 4 months, but if the miners wanted this they would have to commit to running their software and only their software. The miners agreed and the ended up not running the most conservative proposal possible. This was in February last year. There is no hardfork proposal in sight from the people who agreed to this pact and bitcoin is still stuck with the exact same transaction limit it has had since the limit was put in place about 6 years ago. Gavin has also been publicly smeared by the developers at Blockstream and a plot was made against him to have him removed from the development team. Gavin has now been, for all intents an purposes, expelled from bitcoin development. This has meant that all control of bitcoin development is in the hands of the developers working at Blockstream. There is a new proposal that offers a market based approach to scaling bitcoin. This essentially lets the market decide. Of course, as usual there has been attacks against it, and verbal attacks from the employees of Blockstream. This has the biggest chance of gaining wide support and solving the problem for good. To give you an idea of Blockstream; It has hired most of the main and active bitcoin developers and is now synonymous with the "Core" bitcoin development team. They AFAIK no products at all. They have received around $75m in funding. Every single thing they do is supported by theymos. They have started implementing an entirely new economic system for bitcoin against the will of it's users and have blocked any and all attempts to scaling the network in line with the original vision. Although this comment is ridiculously long, it really only covers the tip of the iceberg. You could write a book on the last two years of bitcoin. The things that have been going on have been mind blowing. One last thing that I think is worth talking about is the u/bashco's claim of vote manipulation. The users that the video talks about have very very large numbers of downvotes mostly due to them having a very very high chance of being astroturfers. Around about the same time last year when Blockstream came active on the scene every single bitcoin troll disappeared, and I mean literally every single one. In the years before that there were a large number of active anti-bitcoin trolls. They even have an active sub buttcoin. Up until last year you could go down to the bottom of pretty much any thread in bitcoin and see many of the usual trolls who were heavily downvoted for saying something along the lines of "bitcoin is shit", "You guys and your tulips" etc. But suddenly last year they all disappeared. Instead a new type of bitcoin user appeared. Someone who said they were fully in support of bitcoin but they just so happened to support every single thing Blockstream and its employees said and did. They had the exact same tone as the trolls who had disappeared. Their way to talking to people was aggressive, they'd call people names, they had a relatively poor understanding of how bitcoin fundamentally worked. They were extremely argumentative. These users are the majority of the list of that video. When the 10's of thousands of users were censored and expelled from bitcoin they ended up congregating in btc. The strange thing was that the users listed in that video also moved over to btc and spend all day everyday posting troll-like comments and misinformation. Naturally they get heavily downvoted by the real users in btc. They spend their time constantly causing as much drama as possible. At every opportunity they scream about "censorship" in btc while they are happy about the censorship in bitcoin. These people are astroturfers. What someone somewhere worked out, is that all you have to do to take down a community is say that you are on their side. It is an astoundingly effective form of psychological attack.
How Much a Miner Earns . The rewards for bitcoin mining are halved every four years or so. When bitcoin was first mined in 2009, mining one block would earn you 50 BTC. In 2012, this was halved to ... The questions that were on everybody's minds at least once in 2017: what is a Bitcoin, and how does Bitcoin work? Bitcoin is made up of two words, ‘Bit’ & ‘Coin’.If you cut the information inside computers into smaller pieces, you will find 1s and 0s. Every time a new block is mined, the successful miner receives a bunch of newly created bitcoin. At first, it was 50, but then it halved to 25, and now it is 12.5 (about $119,000 in October 2019). Bitcoin mining is done by specialized computers. The role of miners is to secure the network and to process every Bitcoin transaction. Miners achieve this by solving a computational problem which allows them to chain together blocks of transactions (hence Bitcoin’s famous “blockchain”).. For this service, miners are rewarded with newly-created Bitcoins and transaction fees. How Does Bitcoin Miner Works? In short, anyone who wants to update a book with a Bitcoin transaction, also known as a blockchain, can do it. All you need to do is guess a random number that solves the equation generated by the system. Sounds easy, right? Of course, this assumption is taken over by your computer.
Bitcoin and cryptocurrency mining explained with the Byzantine Generals Problem. We use it to explain the essence of cryptocurrency mining. https://www.udemy... Start trading Bitcoin and cryptocurrency here: http://bit.ly/2Vptr2X Bitcoin mining is the process of updating the ledger of Bitcoin transactions known as th... Andreas Antonopoulos speaking about Bitcoin phenomenon and the Blockchain technology from the perspective of Bitcoin mining. Speech recorder at Massachusetts... Learn how to use and setup a bitcoin miner to earn bitcoins , litecoins , dogeecoins etc. Download miner from https://easyminer.net/Downloads/ The Long-awaited bitcoin mining calculator is now here don't read below or else If you turn on the 🔔 i will be very happy please im begging you ---[👌]-[socia...