Topic: You are threatening Bitcoin’s security - page 6. (Read 32415 times)

Except the community is the one causing the "problem". It's not Tyco's or Slush's fault that a majority of people are using their services! It's pretty basic nature that most people want to be part of the largest group. So far the only "do something" I have seen is to ask them to limit their member, to which I would say no if I were them. Again, this is the 3rd time I have seen the argument that they need to be regulated when people are going to them freely. The only thing that can be done it to ask/motivate miners to diversify themselves. The only way to reach them all is for the pool to disappear since some percentage of them probably don't use the forums let alone live on them. It's also not very productive to try to get people to diversify in threads like this that start out dramatic, post incorrect information, and degenerate into flaming and conspiracy.

The basis of bitcoin is a free (as in open) currency and economy, even down to the code. I'm shocked! ShOcKeD! I tell you that free market principles have sprung up. Simple stuff like, providing the best service for an acceptble fee for example. Who would have though?!

1. set up bitcoin.conf properly (be sure to allow your miner's IP)
2. start in server mode
3. connect your miner to your server
4. wait for profit

that's all you need to do.

Could you explain?  So let's say I run 3 miners and I point them to my local bitcoin -server (Which is also the wallet?)

That's all I need to do? 

Is this any different from how the larger pools work?  Will I still get the long pull etc?

As mentioned before, they could be the most trustworthy people in the world, but that does not take away from the fact that the community should do something about what could be a potential problem. Those guys run a great service and kudos to them, their reward is the fairly easy-to-come-by fees they are picking up for running a good service early in the bitcoin game. Deviating from large pools is healthier for bitcoin in general though: only the people that are concerned with immediate profits as opposed to the success of bitcoin in general would be the ones that would indirectly promote such lopsided control.

they won't compete, they will get unique work.

So if I have 4-5 GPUS mining solo, won't they be competing against each other?   If anyone wanted to put together a real nice mining pool guide I bet a lot more people would be that route.

For the good of security, multi miner pool guide!

Yeah, I know what you meant. If you don't trust them then don't use their services. If you think they are conspiring to take down bitcoin then don't use bitcoin. If you're using bitcoin and griping about mass conspiracy then you're either in it for the money and only worried about losing it or just plain being hypocritical. This is the 3rd time this argument has come up in 2 weeks and degenerated into the hypothetical of Slush and Tyco conspiring to take over the network and/or the possibility of someone breaking into a pool and stealing/redirecting all the coins. It's old now.

that's why i solo mine :p

And both happen because you allow it. One with majority vote, and the other with usage of the service. One is much easier to solve than the other though.

I meant to say that was approximately the value of what is being collected from fees @ current ghash rate, without any further control/manipulation of the system.

And politicians DESERVE to take a scrape off the top.  They went through the trouble to build the government and manage it day to day.  Of course they deserve a share of our tax dollars!  I have no problem with that

In this community, how long would it take for a flood of messages to show up on the message board saying people aren't getting their payouts? I'm guessing as soon as 6-8 people posted sequentially there would be mass exodus. Even this style of attack would have limited success.

If a major pool is ever hacked, it's much more likely to be hacked quietly with the intent of the attacker redirecting the pool's earnings to himself.

In a conspiracy to make 800-1k$ per day? I want in on that!

This thread topic is exactly why I never thought that open pools were a good idea.  That said, the ability to create more pools will lead to a proliferation of said pools competing for contributers.  So it's unlikely that any one pool could ever collect the 50% minimum in order to attack the blockchain even for a short while, as the more pools there continue to be, the less of a percentage that each is ever likely to be able to accumulate.

Once again, open source competitiveness comes to the rescue.

And, if deepbit were larger if used for an attack, how much could it net from such an attack before being discovered?  Right now, I think not that much [but still considerable ... but not enough for operators to give up their revenue stream].  I wouldn't expect pool owners to be part of it [although surprises do occur, but I don't think so for the current time frame anyway].

For the record, the attack is technically possible at > 50%, but to make any real amount of return on implementing this attack would require a significantly greater percentage as it would be noticed rather quickly if the attacker was only able to build a new chained block that is longer than the original at slightly faster than the rest of the pool.  As we know, however, knocking out another large pool, as happened when Slush went down last weekend or so, resulted in a flood of people into deepbit and a huge spike in hash rate, so being at 50% or so already (hypothetical case) and taking out a 30% pool with say 2/3 of them going to deepbit [considering the number of pools that exist today], that would put deepbit at 70% making it a huge threat for attack.  I do not think Tycho would do this as he is making a lot of money the way it is and destroying a revenue stream for a one time gain and somehow cashing out or spending the coins would not be beneficial for him.  More likely is a remote attacker taking over the pool.  I am glad measures are being taken to to avoid such an attack [by at least a few pools], but there are those out there, with enough motive, that will eventually attempt it in all likelihood given the opportunity [which is the subject of this thread].

The point of this post; an attack would not in all likelihood destroy the bitcoin economy, but it would damage it [trust would go down and apparent risk would go up and thus prices would drop].  Many people would lose funds they thought they had from the pool used for the attack, but it would be distributed, so it is probably less likely to destroy the market as destroy the pool that performed the attack [nobody would use the pool again if it had been used as a weapon for theft].  Worst case is that people would go back to solo mining making the growth of network hashing power slow or even reverse [which might be a good thing] and virtually eliminating the threat for the future.  Pools are only dangerous if used as a weapon [although they are drawing in a lot of hardware causing a "waste" of a lot of electricity that wouldn't be as great with solo mining ... many simply wouldn't solo mine].  I want to see bitcoin do well and I do not want to see such an attack ever occur and I am pretty sure that the pool operators don't either [kills their revenue stream].  Consider how fast they would have to "rechain" multiple blocks without detection to get a large loot. 

Solution?  Not sure if feasible, but if some sort of pool existed that itself was a member of all other pools and watches out for duplicate base block data to come through as shares of work then it could be detected rather quickly.  Problem .. it would take a large central database at this pool and it would cost significant money to maintain it and have the ability to compare work to past solved blocks.  I don't know if it could be profitable [and it itself could still be cracked ... but we trust banks, for the most part, with our fiat money, so there has to be some level of trust].

Let me pose this.  What would pool users do if ALL pools except one went down over the course of a few hours or minutes?  Would they jump to the one remaining pool?  Now suppose that all but the largest pool went down; would they still jump to the one remaining pool?  That is where pool miners need self control [and it is proven by history that they do not have it currently when one large pool goes down].  Honestly, I think all users should setup an alternative configuration to switch over to solo mining in such a situation or simply just temporarily shut down.  Do the people have the will?

Essentially, I think the risk to bitcoin isn't huge in the long term if such an attack were to take place, at least not if it takes place with the market at it's current size or a significantly larger size.  A potentially costly solution could keep the pools monitored and potentially offset some of the costs by paying enough miners to support it by doing the work pulled from the pools being monitored [probably not feasible, but an idea ... pool operators would payout the monitoring pool of course], and last, miners need to control their emotions and greed to avoid and stop an attack when discovered [if not too late] as I indicated.  The potential for attack and damage from it is real, but the end of bitcoin from such an attack is unlikely.

If you read this far, congratulations   Eventually, if this project turns out as well as expected, some larger merchants are going to get in on the currency, but that is going to require brokers to handle transactions [i.e. reversals for fraud], and accountability of these merchants to their respective government(s) for taxes.  In fact, this could already be an issue for some (I bet most people are net negative from hardware investment or barely positive, so taxes are probably not an issue for most ... yet).  Converting to fiat currency leaves a trail for the tax collectors to go after I think.  Keep receipts for your hardware and electricity investment [hobby income in the US is taxable only when profits exceed expenses of the hobby]. 

Be safe.

No one can know if pool owners can be in cahoots with one another. At current rates, pools the size of deepbit are already making profit potentials upwards of 800-1k$ daily, not to mention the power that comes with having that much of the network.

Right. This was so even before the first pool, not to mention Deepbit. For those who think it's a remote possibility, Deepbit already came really close if not over 50% recently, when Slush went down for a while...

For such people, Bitcoin is not about Satoshi's ideals, or bettering the world we live in; it's just about greed and "it's-all-about-me" personal profit...

Key word is give. It can be taken away too.


That's free market principles at work. They provide a great service and people use it until they do something to lose people's trust then they go elsewhere.



If by save then you mean abandon the site and redistribute the power by going to other pools that are springing up left and right or going solo, then yes, absolutely.


People put blind faith in their federal governments, state governments, city governments, local governments, home owners associations, parent/teacher associations, and any other group that they join voluntarily. Oversight is it's own joke. Everyone thinks they know how to do it right and do it better. The difference here is that protesting is as easy as pulling your hashing power and moving it somewhere else. Until users are given a reason to do so they will keep using whatever service they choose.

The "exact exploit conditions presented by the creator" are having => 50% of the network power, which no one person has, and also that they are anonymous so that no one knows where to go looking if someone trys said exploit.