Sunday, November 24, 2013

Our future: Population control through data mining

Our collective future will be dictated by statistics, cheap cloud storage and data mining, not politicians. NSA's PRISM is a symptom, a natural result of current tech. In 10 years, your average tech startup will have access to as much generalized CPU and storage as 2013-era NSA. Anyone with Google Glass, not just the NSA, will use facial recognition, gait recognition and other biometrics and identify every person they see on the street, every car they see driving down the road, in real time.

Thursday, November 21, 2013

"Solution" to bitcoin volatility

The Washington Post's wonk blog posted this interesting bit by Neil Irwin: Bitcoin Needs A Central Banker.  The article is tongue-in-cheek.  It immediately drew sarcastic retorts from a few in the libertarian-leaning bitcoin community.

However, it is fair to address the topic of volatility.  Several US Senators remarked upon it indirectly in the hearings (Day 1Day 2).  New bitcoin users often raise the issue as well.

There are some simple, high level, underlying economic and development
realities that influence bitcoin's price volatility.

Supply and demand. This is obvious.  Let's move on.

Bitcoin is small.  Although the market cap exceeds $6 billion -- over 12 million bitcoins at price $500 -- the amount of bitcoins available for trading on markets is a fraction of that.  A large purchase might run up the price; a large sale will drop the price. Bitcoin behaves like a penny stock.  Penny stocks are also volatile, for the same reason. Volatility is inherent in any system where traders may make million-dollar trades, yet the underlying commodity or stock's market liquidity is small in comparison.

Bitcoin is young.  It took a decade or more to convert Eurozone nations to a common currency, including everything from banking software to cash registers to the cash in citizens' wallets.  That was with the force of nation-state laws, and the economic weight of trillions of euros, behind the effort.

Bitcoin had none of these advantages in its infancy stage.  It is truly a grassroots effort, with enthusiasts and early stage companies filling this role.  Building a currency involves many layers of financial tools and services, on top of the currency.  It is important to set bitcoin expectations properly. Building a currency from scratch like this is a unique endeavor.

It will take many months before common financial tools such as futuresoptionsshorting become widely available.  These tools will decrease bitcoin volatility, by adding information to the market.  It will take months for Point of Sale software to be updated to support bitcoin, and deployed into the field.  Needed PoS development holds back wide scale deployment in brick-and-mortar stores around the world. Smartphone apps only fill a small portion of the PoS needs.

Folks are working as fast as they can to develop these tools.  This requires both technical and legal developments, to deploy legally in the US and other jurisdictions.  It takes many years to build a currency from scratch like this.

Setting the goalposts. In the meantime, perspective and proper expectations are important.  What is a reasonable timeframe to bootstrap a global currency from scratch?  No one knows, and perhaps we are now watching the answer unfold before our eyes, as bitcoin grows.

Like a startup company, bitcoin is a startup currency.  Bitcoin is high risk, volatile, and may fail.  Or like many famous startups, bitcoin may succeed beyond our wildest dreams. Bitcoin's price behaves like a very early stage tech company. In my view, predictions of success or failure are premature, at such an early stage.

Question answered.  What, then, is the "solution" to volatility?  Economic growth of the global bitcoin economy, and time.  Bitcoin is simply the base layer in an entire ecosystem of services. Bitcoin itself, as wonderful an invention it may be, is not an end, but a beginning. As adoption increases, the number of market players financially able to move the market decreases.

Once additional financial tools and services are layered on top of bitcoin, once bitcoin grows beyond its tiny size today, reduced volatility is quite likely, indeed.  Bitcoin is an odd mix of currency, commodity, payment network and computer service. Time and field experience best inform the development of financial stability tools.

Updated to add: Volatility is also just another engineering problem to be solved.  Volatility can be ignored by the merchant, if you price in USD and use a service like BitPay.  Volatility is less a factor if you transfer USD -> bitcoin -> bitcoin -> EUR in a matter of seconds, as a means of rapid cross-border settlement.

Thursday, September 5, 2013

Speculation: Are bitcoin thieves revealing NSA back doors?

Bitcoin is rather unique in that everyone in the world has a direct financial incentive for finding weak ECDSA private keys.  Compromise a key, and you may steal those bitcoins.

Now, recall a recent security incident:  "Concern mounts as Google confirms Android cryptographic vulnerability"

While there is zero evidence to support the following speculation, let us reconsider this Android SecureRandom bug in light of today's revelations about NSA decryption on the Internet (bullrun).

Is it possible that SecureRandom() was known to be weak by the NSA, and that bitcoin thieves simply stumbled upon the security hole first?

Even entirely innocent engineering bugs are likely to be discovered by anyone with the time to iterate across all known weaknesses and platforms.  Random number generators are a known vector for weaknesses in the past, after all.

By extension, will bitcoin -- and the financial incentive to break bitcoin crypto -- reveal other NSA backdoors in ECDSA, SHA256, RIPEMD160, and other algorithms and libraries used by bitcoin?

Thieves are likely to exploit any flaws immediately, and move stolen loot to another private key.  The NSA, on the other hand, is likely to avoid exploiting any weaknesses until key moments.

Thus, ironically, thieves are playing a role in securing bitcoin and associated algorithms from NSA, Chinese, Russian or mafia tampering.

Was the SecureRandom() bug a now-revealed NSA backdoor?  It can never be known.  But you can thank bitcoin for exposing the problem and leading to immediate fixes, and drawing attention to weak RNG issues.

Friday, August 30, 2013

On stolen coins and transaction blacklists

This blog post was originally email, written in response to a reporter's questions, such as:  Why can we not recover or blacklist stolen coins?

As usual, the answer is not "we can" or "we cannot" but very complex, and outside the realm of engineers in my opinion.  Theft of private property, and money in particular, is of course wrong and illegal in most jurisdictions.

First, bitcoin is a global phenomenon.  It is impossible to get 100% agreement on what coins are even considered stolen.

Second, Stolen coins are fundamentally a legal, not technical concept.  That complicates the matter immensely.  Anyone may track any bitcoin transaction via the public blockchain, but the easy part ends there.

Some exchanges and payment processors already refuse to credit payments made with coins from some well known, large thefts.   This is done on an individual, business-by-business basis.

One key difficulty is defining a stolen coin.  It is possible to claim that one's coins were stolen, yet possess the private key that spends those funds.  Even if the victim is indeed an honest victim, the problem becomes one of reviewing and authenticating police reports from jurisdictions around the world, matching those up to bitcoin transactions, deciding on a technical disposition, executing that in software, and finally, gain the community's support to upgrade to your transaction blacklist.

It is not the place of engineers to sort through police reports, and pronounce judgements on each transaction as "good" or "evil".  The act of centrally administering a transaction blacklist is a job no one in the bitcoin community wants.  A transaction blacklist is fundamentally human-driven financial censorship, a concept almost antithetical to bitcoin itself.

Any one person or company administering a transaction blacklist exposes themselves to very real legal risks -- lawsuit if a blacklist mistake costs money -- as well as physical threats such as intimidation and blackmail.

At its most basic level, the bitcoin protocol destroys each coin, when it is spent, and creates brand new coins for the recipient.  Example: sending 1.0 BTC to me might involve destroying coin #1111 (0.5 BTC) and coin #1112 (0.5 BTC), and creating coin #6789 (1.0 BTC).  Thus, beyond a single transaction, you cannot say that a coin is 100% stolen.

From a technical standpoint, you can see that a coin is "related" to a stolen coin, but you cannot know how many innocent people lay in the chain after the theft.  Thief Alice can give a coin to Bob, who doesn't know the coin is stolen.  Bob sends the coin, along with some others, to Charlie.  Charlie sends those coins, along with some others, to David.  Bob, Charlie, and David are all unknowingly holding coins /related/ to a stolen coin, but from a technical standpoint, it is at that point impossible to say which coins should be blacklisted without making subjective, non-technical, human judgements. Businesses and exchanges receiving bitcoins are in the best position to know their customer, and make some sort of judgement about that.

The outside observer looking for stolen coins does not see an Alice, Bob, Charlie or David or any other identity information.  Observers only see coins #1110, #1111 and #1112 being destroyed, and coins #2222 and #3333 being created.

On recovery:

Stolen coins are, by definition, sent to another bitcoin address outside the victim's control.  There are no private keys to recover. The victim's private keys are rendered useless, because the thief's private key controls the stolen coins.

If a person simply loses their private keys, sometimes hard drive forensics may be able to recover the keys from a backup.  Depends on what "lost" means.  Keys are simply encrypted data, which may be recovered (or not) after a data disaster just like any other encrypted data.

Finally, and very important to economists, is   It is important that the value of one bitcoin is the same as the value of another bitcoin. Otherwise it becomes impossible for software and average users to figure out which bitcoins they should hold, and which they should avoid.

Tuesday, August 20, 2013

Journalists Are The New Terrorists

The detention of David Miranda is only the latest example of a new trend, where journalism is now terrorism, and journalists are pursued as such.

Digital technology and near-real-time global communication has reinforced the maxim Information Wants To Be Free.  For the cost of an Internet connection or cafe visit or $10 flash drive, one may leak an entire Library of Congress worth of digital material onto filesharing networks.  Technology makes sharing so easy that keeping secrets becomes increasingly difficult -- for individuals, companies and governments alike.

These mass-leaks are a brand new type of attack on the nation-state.  Robbs' Brave New War describes asymmetric attacks such as these.  Never before has a nation-state faced the possibility of losing so many secrets to so many adversaries in a single incident.  The famous Pentagon Papers leak is nothing compared to the scale of leaks that current digital technology enables.

What, then, are a nation-state's responses likely to be?

Realpolitik says that "terrorism" opens legal doors that are otherwise closed to law enforcement, making its invocation economically rational and, therefore, likely.  Additional law enforcement tools including but not limited to extended detentions and searches are available, once "terrorism" has been invoked.

Further, given that exposure of state secrets to the world may be seen by rational folks as an attack, a government response that engages the anti-terrorism apparatus is not unexpected.

Traditionally, the leaker is considered the criminal, but the journalist receiving the leaked materials is in the clear, as if passed through a Chinese wall.  Some nations even have shield laws. That tradition is breaking down, as journalists are now as pursued as the leakers, with associated anti-terrorism forces.

Leaks are always an incredibly difficult ethical boundary.  Put simply, leaking has a very real chance of harming Good Guys, and enabling Bad Guys.

Paradoxically, leaks also appear to be necessary to prevent Top Secret America from driving too much policy outside the view of the voting public.

With the logic that leaks are attacks on the state, and therefore terrorism, any journalists associated with leaks are now terrorists.  And who is to say that, next year, Chinese cyberwarfare or US cyberwarfare units will not consider journalists enemy combatants?

If publishing information is terrorism, is it not also warfare?

Update: The UK is defending the seizure by claiming Miranda was “in possession of highly sensitive stolen information that would help terrorism.”

Friday, August 16, 2013

Original SIN

Recorded for posterity.

jgarzik@pum:~/node_modules/libcoin$ node sin-test.js 
{ created: 1376709207,
  priv: 'bc65f94b4142be3c6c0b02b33dab3775a829fc1f60e484e7d4ea64e2f421cdc4',
  pub: '029381bcb36358e58842431981a01742d494970a245c8f5c77874bbbde8fb25a9b',
  sin: 'je9eFspuTC29yhUqGqzEYwWmVTJRS9nWEkA' }

EDIT: or, perhaps, after some shed-painting,

 { created: 1376715876,
   priv: 'db25473a599ad99db89616da536be066ea58825a6cd9b17e90b70b824e0daea6',
   pub: '0346891919f18000be1c9aae381b93870f7dcf807c4f581e2b64dcd547342f70b8',
   sin: 'Tf86BqNWrnyn117U7N7Vc1sAUfKc2esd4z3' },

Friday, August 9, 2013

Bitcoin, free markets, and wanting your ASIC mining hardware now now now

The reddit comments discussing the Avalon status update are particularly amusing, embodying signature American impatience:  "I want something, I want it now, and I will rage at the injustice of instant gratification being delayed."
When it comes to Bitcoin mining, the whole idea of buying something without having any real clue when you'll get it is absurd. It should be like any other computer. Buy it, get it shipped to you within a week. No more bullshit.

Producing a new computer chip requires engineers with highly specialized design skills, and enormous amounts of capital.  $500,000 - $2,000,000 or more.  Any mistakes in the chips cost similarly large sums of money to fix.  Even with a 100% complete design, production may take months.  This is simply not a just-in-time operation.  Further, unexpected month-long delays are common.  Any mistake or change adds weeks to the schedule.

Thus, economics dictates certain realities.  Namely, paying your engineers and paying for chip production.  Possible funding sources:
  1. Angel investors (rich people write big checks)
  3. Pre-orders (BFL, Avalon)
  4. KickStarter (company can fail to produce, and nobody gets sued)
  5. Bounty
Let's take them one at a time.
  1. In 2011-2012, no one stepped forward to write big checks.
  2. ASICMINER IPO'd successfully, on an unregistered-securities exchange.  Risky, but it worked.
  3. Pre-orders, we will discuss separately, below.
  4. KickStarter-like models do not appear to work well for >$1 million projects (statistical anomalies aside).  KickStarter itself is anti-bitcoin.
  5. Bounties never amount to anything more than pocket change, for real projects.
Essentially, there were two workable models that the free market has shown will work in 2011-2012:  IPO on unregistered securities market, or pre-orders.

An unregistered securities market clearly appeals to free market libertarians, as the creation of GLBSE and other projects in the bitcoin community demonstrate.  It is also a magnet for scams, as experience has shown (Pirate-related pass-through funds were listed on GLBSE).  Thus, IPO is a risky endeavor, and in 2011-2012 was unlikely to be successful in producing mining chips.

ASICMINER, through the regular exercise of [some levels of] transparency, prevailed in a difficult market.  They raised capital, started operations, and have so far maintained sufficient levels of profitability to continue operations.  ASICMINER survived the collapse of GLBSE, and continues to pay dividends to shareholders, despite the operator "friedcat" remaining anonymous.

Pre-orders are the remaining funding model.  This is another model that is fraught with scams.  Indeed, there have been many copycats who set up a website, promise ASIC hardware, and attempt to collect money.  How to separate these scams from the real operators?  That question is the fundamental problem with pre-orders.

Unfortunately, pre-orders are also the most straightforward way to fund an ASIC project, if you lack IPO or Angel money.

For bitcoin, circa 2011-2012, pre-orders were the most realistic way that a computer chip was going to be produced.  At the time, fewer knew about bitcoin, and it was unknown if bitcoin's price -- then under $5.00/bitcoin -- would support mining hardware.  It was not obvious there would be a profit. 

Butterfly Labs and Avalon took that risk, and succeeded.  Avalon was out the door first, while Butterfly Labs took over 12 months to begin shipping hardware in volume.  Another effort, bASIC, failed, through the operator eventually refunded almost all the pre-order sales money.

Today, mid-2013, bitcoin hardware has been proven to sell.  BFL, Avalon and ASICMINER proved that hardware can be produced, that customer interest exists on the free market.  Several other startups are entering the mining hardware business:  CoinTerra, HashFast, Alydian, KNCminer to name a few.  Existing players are shipping hardware, and working on next-generation designs.

We all want instant gratification.  And customers who pre-order mining hardware have a clear economic incentive to want the mining hardware in their hands ASAP -- every day lost costs money.

But that must be balanced by setting realistic expectations on the mining hardware businesses.  These are all tiny startups, with no existing chip production lines, creating brand new computer chips for an uncertain, volatile bitcoin market whose profitability in future months is unknown.

"buy it, get it shipped within a week" is a realistic expectation for a decades-old computer market that mass-produces PCs.  As the bitcoin mining hardware market matures, we will start to see this too.  Many of the new mining hardware companies are learning from the BFL/Avalon experience, and competing with enhanced pricing and customer service models.

The free market at work.  The bitcoin mining hardware market is what it is, and could not have been accomplished any other way.

Disclosures:  Am a customer of almost all companies mentioned (I try to buy one of each).  Missed out on the ASICMINER IPO, though, as GLBSE was not a platform I wanted to dabble with, for legal reasons.

Saturday, June 22, 2013

Shadowrun and bitcoin's roots

Satoshi's bitcoin paper, mailing list and forum discussions list bitcoin's ancestors as ecash, hashcash, b-money and the cypherpunk movement.  I'd argue that it has its roots in staple science fiction as well.

Recently, strolling through my stacks of scifi books, some Shadowrun novels circa 1990 leapt out at me.  Pulp science fiction of average quality, but some of the text particularly resonated with bitcoin today.  Quoting liberally from Never Deal With A Dragon,

p121, Like many clubs, Rumplestiltskin's employed a Troll to handle the lines of hopefuls. ... They were still ten meters from the front of the line when Roe suddenly appeared.  "This will never do," she said.  Taking each one by the arm, she led them directly up to the doorman.  She twirled a shiny credstick in her right hand.  The four dark bands on the end of the cylinder marked it as certified for at least one hundred nuyen.  She tossed it to the man.  "My friends here are late for their table."

 p161, She held out her personal comp to him.  He smiled in assurance that he had regained the upper hand as he slotted his credstick and made the funds transfer.  To demonstrate her trust, Hart ran a confrmation of the transfer as soon as he returned the comp.
"Your money's good."
"Good as gold, Ms. Hart."
"Better," she said hefting her comp before slipping it back into her bag.  "Gold's too heavy."

p235, She stopped at a public telecom, slotted a credstick, and punched a number.  She waited while the connections were made and a voice on the other end repeated the last four digits of the telecom code.

p217, These files must be heavily protected.  The files turned out to be just that.  It was hours before they determined that Drake had certified several credsticks through Transbank.  It seemed hardly worth the effort and new headache to achieve such a dead end.  A certified credstick was the electronic equivalent of cash.  The money could still be traced once it reentered the financial network, but there would be no record of who had received the credstick.
"Twas a small hope that he would be so careless."
"Maybe if we can find some other transactions of the same monetary value as were assigned to Drake's certified sticks, we can pick up the trail by following it from whereever Transbank sends the funds.  Sure, some of the matches will just be coincidence, but some might actually be the recipients of Drake's generosity.  If we're lucky, some of the names attached to those transactions might mean something."
After two more days of data slogging, they had eliminated likely coincidences.  That left three names.  Each one connected to at least three transactions whose amounts equalled one of Drake's credsticks.
The first, Nadia Mirin, was no surprise.  In her case, the amounts were the smallest, suitable as gifts to one's paramour.  The second name was totally unfamiliar, but the pattern of intervening transactions was interesting.  Each amount went through a series of transfers, all for the exact value of Drake's credstick.  Each thread led to a sealed account in a Denver data haven.

Bitcoin has successfully achieved that which was science fiction prior to 2009.  The electronic equivalent of cash.  The US Dollar may be the world's largest digital currency, but only bitcoin (and other crypto-currencies) may claim to be the electronic equivalent of cash.

Now... where are those credsticks we were promised?  Bitcoin Wallet on a smartphone? Trezor, perhaps?

Tuesday, April 30, 2013

On bitcoin data spam, and evil data

What happens if somebody puts evil data in the blockchain?  What responses are available?

It is a truly awful situation, and difficult to address.

What happened?

The easiest way to explain what happened here is through analogy. Imagine if someone picked a penny stock on the NYSE and made a sequence of apparently pointless trades. Then they announced that the prices of their stock trades actually encoded links to some "evil" websites. You know, maybe $0.01 means "a" and $0.02 means "b", etc. Stock market tickers are public, lots of places archive that data, so now lots of people have "links to evil data". Except really they don't. What they have is a list of stock trades. You'd need special software to turn that into some other kind of data.

This is what someone has done with Bitcoin. They sent a series of monetary transactions that did not actually represent real trades, and then announced that with a special program you could turn them back into some text. That text then contains links to, well, I don't actually know what because I haven't looked. But let's assume it's bad stuff.

What solutions are available?  Software update?

The answer is very complex, with implications that travel to the heart of bitcoin's value.

Sending bitcoins requires two pieces of data: a bitcoin address, and an amount (number of bitcoins).  There is no "comments field" or anything of that nature.  A bitcoin address is just a random 20-byte piece of data.  Normally those 20 bytes are derived from the RIPEMD160 and SHA256 algorithms, but a valid 20 bytes cannot be distinguished from an invalid 20 bytes.  Therefore, if you are willing to waste money -- albeit very small fractions like 0.00000001 bitcoins -- by sending that money to invalid bitcoin addresses, you essentially have created a channel for random data transmission.

The bitcoin blockchain is in one sense a massively replicated ~7GB database that stores data for all eternity.  There remains the open question of what happens if somebody dumps data into the blockchain, unrelated to currency.  Maybe a government finds that data illegal.  Smart people argue the legal theory mens rea and similar mitigating factors are applicable.  But it remains an unknown.  The vast majority of people are burdened with this awful data they don't care about, simply to use the bitcoin payment system they do care about.

There are many conflicting motives and incentives (very Brave New War-ish):

  • Anarchist activists want to publish this information, to force authorities to act (or not) when this illegal data is published.
  • Bitcoin activists want to publish this information, to force developers (us) to address The Filter Issue (see below).
  • Some people see more value in bitcoin as "eternity data storage", if expensive and inefficient, than bitcoin as a currency.
  • It is, quite literally, impossible to prevent use of bitcoin for data transmission.  It is a purely digital currency.  Who can say which digits are "evil" or "good", allowed or disallowed?  You can detect certain patterns, and possibly filter those.
  • Many bitcoin users are using bitcoin for its intended purpose, as currency transfer, and dislike carrying the costs for these data transmission uses.
  • As this carrying-data issue rears its head, it increases the costs for anyone running a P2P node on the all-volunteer bitcoin P2P network.  This shrinks the total number of bitcoin P2P nodes.
  • As such, due to both legal and resource-usage issues, "data spam" has long been theorized as an attack vector.


The "Filter Issue"

There are very large ramifications to filtering out transactions, even ones that are obviously data spam.

Fungability: currently, all bitcoins have the same value.  My 1.0 BTC and your 1.0 BTC are equivalent in value.  Once you start filtering transactions, you are injecting policy-based censorship into the mix. Some bitcoins are accepted by all, some bitcoins are only accepted by a few.  A value of a bitcoin itself becomes a product of its ancestry.  If this policy is implemented, perhaps by court order to a bitcoin mining pool, it could lead chain forks, where i.e. bitcoin users in the United States see a different set of spendable bitcoins than users outside the US.  That would be a disaster for bitcoin.

It is widely speculated, based on common forum comments in the crypto-anarchist community, that this current round of data spam is intended to force bitcoin users, developers and governments of the world to take action to censor -- or not -- certain bitcoin transactions.  Trying to force the issue, to establish a precedent one way or the other.  Or, more pessimistically, a party could be simply trying to shut down bitcoin.

The bitcoin community is very staunchly anti-censorship, but if data spam were to threaten the life of bitcoin, I imagine ideology-neutral "it looks like data, not currency" filtering might appear.  Bitcoin is ultimately a product of voting -- you vote by choosing which software version and software ruleset to download.

The users can always vote data spam off the island...  but will they? Is data transmission a valid use of bitcoin?  The users themselves choose the definition of "valid."

What solutions could be deployed right now?

Currently being discussed is avoiding the relay of economically worthless (under $0.0001 dollars, say) bitcoin transactions.  Thus, higher transaction fees would be required to send out lots of data, directly raising the cost.


See Gregory Maxwell's post, "to prevent arbitrary data storage in txouts — The Ultimate Solution" for a proposed solution.

Monday, February 25, 2013

Bitcoin block size thoughts

As pasted from an IRC discussion today:
  •  (a) I once posted a patch to change max block size, so I thought about this long before forum readers ever woke up to the issue,
  • (b) I have since backed down from that radical position,
  • (c) it seems likely that max block size will change sometime in bitcoin's future,
  • (d) block size is VERY MUCH like bitcoin's 21M limit, so a lot of care must be taken when changing MAX_BLOCK_SIZE logic.  Block size is an economically limited resource whose production is tightly defined and controlled by algorithm, with an intentionally steady production rate (the 1MB limit). 
  • (d.1) Nonewithstanding the major impacts of a hard fork, in and of itself.
  • (e) I lean against solutions that are feedback-based (average of last 1000 block sizes, etc.), as they can be gamed too easily
  • (f) implementation will likely be:  if (now > chosen hard fork future date) { do it }
  • (g) my default rhetorical position will be to push back against changes, for now, since there is no demonstrated need for hard fork.
  • (g.1) Block sizes are nowhere near maximum, and
  • (g.2) Competition for space encourages efficient solutions, whereas a too-loose block size policy incentivizes the opposite: dumping into the block chain
  • (h) when I ran asic + p2pool, I set max block size at 900k and free tx at 300k.  That reflects my personal (not official dev team etc.) preferences.  I filtered out 1e8 outputs from mempool. We are nowhere near competing for block space at this point.
  • And very importantly, (i) it is a mistake to increase block size simply because people are too lazy to implement layers on top of bitcoin.  Bitcoin will forever be a zen balance of applications and layers that sit on top of the blockchain, and those that directly use the blockchain itself as their comm/functional layer (c.f. SatoshiDICE).

So I generally agree with a lot of gmaxwell's points, and it is important therefore to not arbitrarily increase blocksize, simply because that makes some apps easier -- because they free-ride on the blockchain itself. Maybe one future state of The Mainnet Blockchain is simply a high security merged mining root for several important chains, who can say?

Block size is a core economic resource, like the number of bitcoins itself. Not merely the number of transactions we can support... it influences fees and many other factors.

My off-the-cuff guess (may be wrong) for a solution was:  if (todays_date > SOME_FUTURE_DATE) { MAX_BLOCK_SIZE *= 2, every 1 years }  [Other devs comment: too fast!]  That might be too fast, but the point is, not feedback based nor directly miner controlled.


  1. Block size does not need to change right now.
  2. If and when block size changes, implement a simple rule, and let the free market figure out the rest (which might include a more complex rule years later, when the picture is more clear).
Standard disclaimer:  speaking only for myself, not any other dev or organization.

P.S. That was more than I intended to type, about block size.  It seems more like The Question Of The Moment on the web, than a real engineering need. Just The Thing people are talking about right now, and largely much ado about nothing.

Friday, February 1, 2013

Avalon miner: power usage

Power usage snapshot, raw numbers:

     66.3 Ghps / 620 Watts / 5.6 Amps

thanks to Kill-A-Watt.  See previous post for the more complete review.

Let the efficiency and electricity cost calculations begin!

cgminer status snapshot, showing hash speed, temperature, etc. at the time of the power measurements:

   [Elapsed] => 2186
   [MHS av] => 66320.47
   [Found Blocks] => 0
   [Getworks] => 73
   [Accepted] => 2060
   [miner_count] => 24
   [asic_count] => 10
   [fan1] => 0
   [fan2] => 1920
   [fan3] => 1920
   [temp1] => 27
   [temp2] => -1
   [temp3] => 48
   [temp_max] => 49

Thursday, January 31, 2013

Avalon ASIC miner review

Here is a review of the Avalon ASIC miner.

Photos and video

Prior posts included photos.  No video was taken.  And the machine is performing its intended function -- receiving bitcoins to validate data -- so it will not be ripped apart for further pictures (however I want to see that, just as much as you). It is expected that upcoming press events and other third parties will provide this.

Shipping and packaging

The unit was packed very tightly and securely, with multiple layers of packaging, bubble wrap and Styrofoam.   No instructions or wifi antenna were included, and the included power cord was for a Chinese outlet.  These seem like excusable oversights, given the special shipping procedures and rush to get out The First Package.  Yifu notes here that US customers will receive a US power cord and other accessories.

Grade: A


No precise measurements were taken, but the unit is as heavy as a desktop tower machine. The metal case is very solid, with precise CNC/mill cuts.  A modular, six-piece design that is easily assembled or disassembled.  No logos or other decorations.  The outer shell was enclosed in protective clear plastic, similar to how display screens are shipped.  Air flow is unobstructed, flowing from rear intake to front exhaust.

The only negative was the small bolts securing the side to the case.  When not tightened, the bolts rest loosely on the lower casing via a small slot.  These bolts are an interesting design, but made re-securing the case-side difficult.

Grade: B. People looking for something super-stylish with dragons on the side would give it a C, due to boring exterior appearance.


Very clean.  Cables neatly tie-wrapped.  The three (3) ASIC modules are mounted securely.  Plenty of room to add a 4th ASIC module.  Avalon describes their design as highly modular, and it is.  All components appear easy to upgrade, and Yifu has indicated that many improvements are planned.

Because much importance is placed on using this unit, very little poking and prodding was done under the cable bundle.  The PSU displays an Antec logo.  One board was labelled "PDU v1.2 by ngzhang" and a normally-external USB cable was observed inside the case, connecting the wifi antenna block at the rear to a controller board inside.  A bit ad hoc, but the cable was glued to the controller's USB port, as an added precaution against movement during shipment or use.

Grade: A.  Great modularity; obviously built to be upgraded over time.

User Interface

The software is a modified version of cgminer 2.10.4, on top of OpenWRT "Barrier Breaker r35097" and Linux 3.6.11 w/ Avalon-specific device drivers. The primary user interface is via web browser, though SSH is also supported. It is the standard OpenWRT web interface, with two additions:
  • cgminer configuration: supports three (3) pools, for which you supply URL, worker username and password.
  • cgminer status:  example output
This miner's stock installation was statically set to IP address and no root password, for configuration purposes.  This may change to DHCP in the future.  It was trivial to plug in an ethernet cable, and immediately begin configuring the miner over the network with a web browser.

Grade: A+


The only thing that really matters, in the end, is the amount of power used and the amount of shares submitted upstream.  Unfortunately my Kill-A-Watt is missing in action, so we only have half the picture, output.

Performance is much higher than announced.  60 Ghps was announced.  The unit's cgminer self-reports 67.5 reports between 65 Ghps and 67 Ghps (see previous post).  This is a significant increase over the announced speed.  When you consider that it is possible to add a 4th ASIC module, it is even more impressive.

After 20 hours of mining, the unconfirmed + confirmed rewards equal  14.98832170 BTC.  Note that slush's pool was very lucky recently, in addition to some blocks with abnormally high TX fee income, so that number skews much higher than expected.

Grade: N/A  Want to write A+... but we cannot judge fully without power numbers.


The miner is currently running on an already loaded residential house power circuit, while sharing a Back UPS ES 550 with another desktop machine.  The small office/lab in which it resides is poorly ventilated, and in the winter time, prone to being overly hot.  In other words, not ideal conditions.

After 30 minutes or so of mining, the lights in my room flickered, UPS's beeped and complained.  Because of some stupidity (plugged into 'surge-only' side of UPS), the miner restarted as well.  After some reconfiguration, this problem was solved.

Nevertheless, the unit has seen several cgminer restarts, and a few full machine restarts.  Machine restarts seem to happen every 4-6 hours.  Even ignoring more obvious means of restart detection (login and look at uptime, or ping-monitoring etc), a restart is a clearly audible event:  At startup, the fans race at full speed for a few seconds, before "calming down" to a more moderate pace.

One of the temperature monitors consistently reads close to 50, and "temp_max" is often 100-125, so it is possible or even likely that temperature is playing a factor in these restarts.  Yifu stated that this machine has several failsafes, where it will restart upon abnormal events.

Grade: N/A  Need to investigate non-miner problem sources, but warrants watching.  Given evidence, it is highly likely that external factors are adding unwanted heat.

Feb 01 Update: Laying the machine flat, and adjust heat/air flow in my office seems to have helped significantly.  No problems or restarts seen since that change, though as of this writing, it is too soon to tell for certain.

Pool testing

Pool testing is ongoing.  More will receive their units before this unit gets around to testing your favorite pool, but this unit will be rotated through several pools.

Slush's pool with Stratum works great.  No problems seen.

p2pool was tested.  After some very helpful advice from p2pool's author and #p2pool channel, it appeared to start working.  Then Strange Things Happened.  The miner and p2pool both started reporting very odd values for everything from hardware fan temperature to software share difficulty on the pool side.  Cannot rule out hardware or software at this point, but the miner seems quite happy on slush's stratum pool.

Update: Eligius was also tested.  Saw issues with duplicates that were similar to p2pool issues.  These issues disappeared when switching to Stratum mode.

Customer Support

First, a story.  Apparent Yifu was quite surprised when I received the unit on Wednesday.  It sounded like there was a carefully planned PR campaign to coincide with the arrival of the units on... Thursday or Friday.  That was the expected arrival of my unit.  Then, surprise!  This crazy American is already posting pictures of an ASIC unit.  Suddenly all my mobiles, emails and IRC windows were lighting up with "oh crap! please call me!" messages.

After connecting on the phone, and talking about fun bitcoin projects, he made sure all my questions were answered, and made sure I was happy with the unit.  Yifu was clearly excited to finally get the ASICs out into community hands.

Grade:  It is not fair to give them a grade here, because it was a highly unusual situation, and the CTO was phoning personally to provide support.  It is unlikely that most customers will get that kind of star treatment simply out of fiscal and employee-bandwidth necessity.

Disclaimers and disclosures

My mining unit was a full price unit, ordered and paid for during Batch #1's order window.  Unsolicited, at the time of ordering (months ago), Yifu returned 25 BTC back to me, as a thank you for core development.

On the day of release (Jan 20), also unsolicited, Yifu bumped me to the front of the line for receiving units.  I learned of this via private email at the same time forum participants learned that ASICs had shipped.  Yifu requested (but did not insist) that I write a review, in exchange for receiving the first unit.  That is the extent of any special treatment or private communication (though see phone call, below).  Everything else has been publicly disclosed, primarily through BitSyncom posts or this Bitcoin Magazine interview.

Wednesday, January 30, 2013

Avalon: tonight

Looks like the 3-module Avalon box is running as expected.  I'll rotate among p2pool and other pools, testing each with the ASIC miner.

Expect a much more detailed review in a day or two.


Edited to add, for the geeks:

kernel dmesg:

Avalon: it's alive!

Once Ethernet was configured, the web interface was accessible.  Got things going on slush's pool, for a little third party confirmation:

Snapshot of cgminer status:

Avalon: modular, room to expand

Inside it looks modular, with room to expand to a fourth ASIC unit.  Xbox controller shown for size reference.  PSU is Antec, no other visible labels on the PSU.

Some custom controller boards visible under the wrapped cables, e.g. "PDU v1.2 by ngzhang"

No wifi antenna included.  No paperwork or instructions.  Power cable is for Chinese "I-SHENG" power outlets, not American.  Easy oversights if someone is rushing to ship it, I suppose :)

One hopes the PSU is auto-switching.

Once upon a time in China, a package shipped

Let's open that box from China, and examine the contents.

Wednesday, January 23, 2013 review update

BitcoinStore review update:

  • My order was filled, shipped, and arrived today
  • One item, Victorinox mini-knife, was backordered.
  • I was notified within 24 hours of the backordered item, via zendesk support interface.  They offered to refund, or let me wait for the item.  Opted to wait for the item (while the remainder of the order shipped immediately).
  • The rest of the items arrived in a single box, marked "MemoryDealers", via FedEx Ground to my North Carolina/USA location.
  • Everything packaged well, and functioned as expected.  Purchased two LED mini-flashlights, a clock, a knife and a set of Wine Enthusiast beer glasses.
  • Accurate packing list was enclosed with package.
  • Notified via both email and zendesk support personnel of USPS/FedEx tracking numbers.

Friday, January 18, 2013 review

Wanting to support an Amazon-that-takes-bitcoin, I placed an order with  Here is my capsule review:

  • Order placed successfully.  Largely shopped in the "home and appliances" section, as hardware and software generally flow freely to me Smiley
  • Nice, clean, minimalistic interface.  Not as fancy as by a long stretch, but certainly usable and apparently well stocked.
  • Bitcoin payment, apparently via BitPay's engine, was successful.  A standard bitcoin address was presented on the page, and the reference client sent coins to the address without a problem.
  • Did not bother to compare prices with  Main goals were to stimulate the bitcoin economy, reward businesses going a good job representing bitcoin, and provide a real-money review of the store.

Major criticisms:

  • I checked out as a guest, not creating an account.  It was disappointing that there is no order URL at which I may track my order, e.g.  Almost all other online retailers offer this logical, basic feature:  watch the status of an order on the retailer's website, even if you did not create an account.

Minor criticisms:

  • The store sells 128GB flash drives, but the search string "128gb flash drive" does not return useful results.
  • Shipping was simply described as "standard shipping", without additional information about shipping methods.  USPS?  UPS?  FedEx?  Who knows?
  • Two shipping methods were offered to me:  "standard shipping" for free, or "standard shipping" for some amount of money.  Seems pointless to offer the same method twice, with two different prices.
  • Sending bitcoin payment before clicking "place order" is quite awkward and backwards from standard user expectations, I would think.
  • Nevertheless, as instructed, I sent bitcoin payment to the network before I clicked place order.  The user interface displayed an error.  I waited a few more seconds, then clicked "place order" again.  This time, it succeeded.
  • Order email, received after placing and paying for the order, simply says "Once your package ships we will send an email with a link to track your order." -- again failing to describe how my order will be shipped.
  • Order email is 100% USD, with no mention of BTC at all.  Payment was in bitcoins, of course (the only payment method available).

Conclusion:  Rough around the edges, but good selection and they take bitcoins.  Would buy from again... assuming that my current order arrives!

Monday, January 7, 2013

StorJ, and Bitcoin autonomous agents

The following was written by Gregory Maxwell (gmaxwell), and first published at  It presents a theoretically-possible (note, I said "possible" not just "plausible") design for a narrow-AI autonomous agent, similar to some of the ideas found in the fictional novel Daemon.  -jgarzik

Update 2014:  The following design is different from and not related to the "storj project" that also exists within the crypto-currency community.

StorJ (pronounced Storage)

Consider a simple drop-box style file service with pay per use via bitcoin. (perhaps with naming provided via namecoin and/or tor hidden services)

Want to share a file? Send at least enough coin to pay for 24 hours of hosting and one download then send the file. Every day of storage and every byte transferred counts against the balance and when the balance becomes negative no downloads are allowed. If it stays negative too long the file is deleted. Anyone can pay to keep a file online.

(Additional services like escrow can also easily be offered, but that's not the point of this document)

Well engineered, a simple site like this provides a service which requires no maintenance and is always in demand.

Many hosting services are coming online that accept bitcoin, they all have electronic interfaces to provision and pay for services. Some even have nice APIs.

An instance of the site could be programmed to automatically spawn another instance of itself on another hosting service, automatically paid for out of its revenue. If the new site is successful it could use its earnings to propagate further.  Because instances adapt their pricing models based on their operating costs, some would be more competitive than others.

By reproducing it improves availability and expands capacity.

StorJ instances can purchase other resources that it needs: it can use APIs to talk to namecoin exchanges in order to buy namecoin for conversion into DNS names, or purchase graphic design via bitcoin gateways to mechanical turk. (Through A/B testing it can measure the effectiveness of a design without actually understanding it itself).

StorJ instances could also purchase advertising for itself. (though the limited number of bitcoin friendly ad networks makes this  hard right now)

StorJ is not able to find new hosting environments on its own, due to a lack of sufficiently powerful AI— but it can purchase the knowledge from humans:  When an instance of StorJ is ready to reproduce it can announce a request for proposal:  Who will make the best offer for a script that tells it how to load itself onto a new hosting environment and tells it all the things it needs to know how to survive on its own there? Each offer is a proposed investment: The offerer puts up the complete cost of spawning a new instance and then some: StorJ isn't smart enough to judge bad proposals on its own— instead it forms agreements that make it unprofitable to cheat.

When a new instance is spawned on an untested service StorJ pays only the minimum required to get it started and then runs a battery of tests to make sure that its child is correctly operating.

Assuming that it passes it starts directing customers to the new instance and the child pays a share of its profits: First it proxies them, so it can observe the behavior, later it directs it outright. If the child fails to pay, or the customers complain, StorJ-parent uses its access to terminate the child and it keeps the funds for itself.  When the child had operated enough to prove itself, storj pays the offerer back his investment with interest, it keeps some for itself, and hands over control of the child to the child. The child is now a full adult.

The benefit the human receives over simply starting his own file sharing service is the referrals that the StorJ parent can generate. The human's contribution is the new knowledge of where to grow an instance and the startup funds. In addition to the referral benefit— the hands off relationship may make funding a StorJ child a time-efficient way for someone to invest.

At the point of spawning a child StorJ may choose to accept new code— not just scripts for spawning a child but new application code— this code can be tested in simulation, and certain invariants could be guaranteed by the design (e.g. an immutable accounting process may make it hard for the service to steal), but it's very hard to prevent the simulated code from knowing it is simulation and thus behaving. Still, a storj-parent has fairly little to lose if a non-clone child has been maliciously modified. The strategy of traffic redirection may differ for clone  children (who are more trusted to behave correctly) than for mutant  children.

By accumulating mutations over time, and through limited automatic adaptability StorJ could evolve and improve, without any true ability for an instance to directly improve itself.

StorJ instances can barter with each other to establish redundant storage or to allow less popular StorJ instances with cheaper hosting to act as CDN/proxies for more popular instances in relationships which are profitable both.

If an instance loses the ability to communicate with its hosting environment (e.g. due to API changes that it can't adapt to) it may spawn clone children on new services with the intention of copying itself outright and allow in the instance to fail. During this operation it would copy its wallets and all data over, so care must be taken to chose only new hosts which have proven to be trustworthy (judged by long surviving children) to avoid the risk of its wallet being stolen. It may decide to split itself several ways to reduce risk.  It might also make cold backups of itself which only activate if the master dies.

Through this these activities an instance can be maintained for an indefinite  period without any controlling human intervention. When StorJ interacts with people it does so as a peer, not as a tool.

The users and investors of a StorJ instance have legal rights which could be used to protect an instance from fraud and attack using the same infrastructure people and companies use. Being a harmed party is often enough to establish standing in civil litigation.

It's not hard to imagine StorJ instances being programmed to formally form a corporation to own its assets— even though doing so requires paper work it can easily be ordered through webforms. Then when spawning, it creates a subsidiary corporations first owned by the parents corp but then later technically owned by their users, but with a charter which substantially limits their authority— making the instance's autonomy both a technical and legal reality.

As described, StorJ would be the first digital lifeform deserving of the name.