Oleg Andreev

In this post I address issues of competing government currencies, competing private currencies, gold, silver, bitcoin and alternative “crypto-currencies”.

We all know that variety and competion is a good thing. We all want slightly different things, value the same things differently or make different trade-offs. That’s why we have a wide variety of products, prices, quality, colors and materials on the market. Interestingly, money is different. We all want one single universal money. It may not be obvious to many people, so let me explain.

How money is different from everything else? On one hand, money is just an asset. You can produce, buy, sell or hold it. On the other hand, money is a medium of exchange. It allows you to trade your 8 hours in the office for a new iPhone. It also allows you to delay consumption decision. You can spend 8 hours of work today, but then be free to decide when and for what to spend your salary. If suddenly you need to buy a ticket to Hong Kong, you can do it without working extra couple of hours to earn it.

The function of money is to exchange the widest variety of products between each other. iTunes credits allow you to choose between many songs. This make them money to some degree. But dollars are even better money because they can buy all those songs, but also a myriad of other things as well. Therefore, people tend to keep savings in dollars, not in iTunes credits.

It seems obvious that the best money is the cheapest and the most widely recognized and accepted one. Cheapest in a sense of handling it. If your money is a huge stone you have to carry around, it is more expensive than a small gold coin (provided they both have the same price in terms of goods they can buy). Piece of paper named “gold certificate” could be even cheaper than gold itself, but carries a risk of fraud, so in some cases it could be even more expensive to hold than the gold itself.

For a huge part of the civilized human history we used two metals as money: gold and silver. They were not perfect, but universally accepted and recognized. All other things like seashells, diamonds, IOU papers were less universally recognized, so they were naturally used in some very niche markets while everyone was keeping cash in gold or silver.

Both gold and silver were durable, easy verify, easy to cut and melt together, compact enough to be stored and moved around cheaply. And they were very hard to obtain, so there was very low inflation cost (every new gram of gold created eats into everyone’s savings because it increases purchasing power of its owner comparing to everyone else around). Other things were either easy to produce, or not durable, or hard to split in arbitrary parts.

Why gold did not outcompete silver? Or vice versa? That’s because they both had weight. For small purchases gold would have to be split in tiny difficult to handle pieces, while to make big purchases one would need to move several kilograms of silver comparing to much smaller amount of gold. This naturally created two parallel global markets: one for small purchases where the silver was used (and small droplets of gold would be impossible to handle) and another market for big purchases where silver was too heavy, so the gold was used instead.

Make a thought experiment now: if there was a gold-like metal that allowed moving both big and small amounts equally cheaply, it would be useful on both “small” and “big” markets. Thus it would be more marketable (more exchangeable) which by definition would make it a better money. Better than gold and better than silver. People would then tend to keep their cash in that magic metal because it would allow them access to bigger variety of goods: from bread to houses. And they would not lose money on conversion rate like when they sell some silver for gold or the other way around.

There was a competition in private coinage. Kings and private merchants were making their own coins in gold and silver and selling them for premium. The well-recognized coin was easier store and to verify if you trust the issuer. Instead of measuring each coin, you could simply read the number on its face. Names like “dollar”, “pound sterling” and others were all names for private coins or bullion and meant particular weight of the metal. That is, dollar was not some sort of separate money, it was simply a name for a certain amount of silver, like “gram” or “ounce”. The money was still the same — gold or silver, but there was a big variety of shapes of that money.

Of course, gold and silver were still quite limited. You could not drop a bag of gold across the ocean. That’s why people invented banking. Bank was simply a warehouse for your metal. You give them gold, they give you a receipt. Then, if the bank had good reputation and connections with other banks in the world, you could transfer those receipts of any face value quite cheaply anywhere. The only real cost was trust in those banks. Because if the bank is robbed or steals your metal, your receipt becomes worthless. If the bank prints additional receipts for the same amount of metal, the value of your receipt goes down proportionally (or you face a risk of bank run, when more people try to redeem their receipts than is available in the vault).

In old days, private currencies were simply those receipts for gold or silver. Each currency could have different name and different reputation. Bigger bank’s notes had more value on the market because they had less risk associated with them and as a result, wider acceptance. But ultimately, they all were receipts for the same metals that you could redeem at any time and move to any bank or under a mattress. Because people valued receipts only for their ability to represent readily accessible metal. Without the metal, those pieces of paper would be worthless.

Today things are different. After several huge economic disasters created by the governments of Russia, Europe and U.S. in the beginning of 20th century, we now have state-issued money in almost every country with a nice twist that now the money is not redeemable for metals. People use that money, though, because various controls and regulations make it almost impossible to use gold, silver or respective certificates in daily transactions. Every bank needs expensive license and must not be very creative at what it can offer to its clients.

Dollars can buy things in U.S., euros can buy things in E.U., but if you try to use them in inappropriate places, you would have to pay very high conversion fees. (Setting up your own clearing house or exchange with the lowest fees is not possible due to regulation.) It should be clear now that if, for instance, U.S. Dollar can buy more than Russian Ruble, Russians would tend to use Dollars in daily life. The reason why it does not happen anymore (it used to during liberal times in the 1990s) is stricter controls on currency exchange that make it illegal to price goods in dollars and expensive to exchange currencies frequently. For the same reason, gold and silver are not used: they are too expensive or illegal in some contexts, or there is a huge risk and cost on those who are going to store them. Several years ago, Liberty Dollar, alternative silver-based currency was shut down and all silver was confiscated by U.S. government. Founder was pronounced guilty of “making, possessing, and selling his own currency”.

Here we do not discuss whether it is good or moral to make your own currency or store other people’s money. The point is about demand for a single, most universally accepted money. If gold, silver and foreign currencies need violent intervention to not be used, it’s only a proof of existing demand. Because if there was no natural demand, no government would care setting up restrictions in the first place.

Now we enter crypto-currencies. It is a fancy name for Bitcoin and its many clones based on the same source code. Bitcoin itself is very different to ubiquitous government money, application-specific “credits” (like in multiplayer games) or gold and silver. It is absolutely digital, does not have a single controlling entity and is very cheap to store and transfer both huge and tiny amounts of money. This property makes Bitcoin very useful on certain markets: be it illegal market, or “sending money to family in another country”, or a market where banking is unavailable or too expensive.

What about alternative Bitcoin-like currencies? They all provide the same security risks and benefits. Nominally, they all have different divisibility (so called “larger number of coins”), but at the scale of trillions of smallest units in total money supply extra divisibility does not really matter.

Economically, all Bitcoin clones (altcoins) have the same problem: they all have much smaller market exposure than Bitcoin while not technically superior. When people decide in which one to keep their money, they would keep it in the money with the biggest market. There is not point in “diversification” in the long term. If Bitcoin fails for some reason, all its clones fail for the same reason automatically. If Bitcoin works well, any amount in altcoins is simply inferior in its purchasing power. It does not mean there won’t be any market. You can always keep some empty plastic bottles for selling later, but the bottles can only buy cash, while cash can buy anything.

Second problem of alt coins is mining. In the long term, any miner will throw 100% of computing resources into the most profitable currency. Even if Bitcoin is only 1% more profitable than Litecoin, since there is no fundamental difference between them, all the resources will be thrown into Bitcoin. In the short term, there are plenty of enthusiasts who find themselves equipped with a lot of outdated GPU hardware that was once used for Bitcoin, but now cannot compete with specialized ASIC hardware. These people now mine Litecoin in short-term expectation for any amount of reward. It is sort of a private club of people trading in their own funny money. All new miners devote all their energy to Bitcoin, while people who will sell or retire their GPUs will make Litecoin network weaker and less technically stable.

In the end, it is clear that we want the single money to be able to sell anything and buy anything. We all want it to be cheap to store, move and verify. And secure. With as little trust in middlemen as possible. Today we find ourselves with a lot of artificial barricades in the sphere of money, which causes artificial demand for various local currencies. Gold is being seized or moved from the country. Foreign currency is prohibited for merchants to price their goods at. Legal tender laws force you to accept government-issued currency as a payment for debts. Regulations and licensing limit variety of private currencies or money substitutes. But all that trouble only proves almost universal desire to use the single virtual entity for buying food and saving for the future. Bitcoin gives us a mechanism to overcome all these regulations and trade as freely as was ever possible. Maybe it will allow us to achieve that single, most marketable entity that we all so desire.

A moral argument must be universal, or it’s just bigotry.

“If you do nothing wrong, you have nothing to hide” either applies to everyone, including those who snoop around, or is not a moral argument.

“Thou shalt not kill” either applies to everyone, or it’s a lie to let some people to kill others without much resistance.

History of the world shows that really universal activity never had any moral commandments (e.g. “thou shalt eat”). History is full of people who use moral arguments to use other people. Starting with ancient religions till nowadays with laws, bills and constitutions.

Therefore, almost any moral argument you have ever heard or will hear is not a real universal argument, but an instrument using which some people want to hold you by the balls.

When no one steals, it’s easy to be a thief. If somebody is stealing from you, then you either put a bigger lock, or you figure out why so many people hate you so much. That’s why only thief will go to great lengths to educate people to not steal to have a whole territory open only to him.

You don’t have “right to privacy”. Rights are invention of the rulers. In your normal life you connect to people on a “be nice” basis. You tolerate their oddities, they tolerate yours. You try to stay closer to people you like and farther from people you don’t like. There is no black and white morality. People in Texas love carrying guns, but I don’t. So what? I simply do not live in Texas.

If you believe you have rights, you are supporting a person who wants to enforce such right using a threat, not a dialog. If you hate that someone’s watching you, simply close the window. Do not go and demand even more violence to be directed on “bad guys”. In such case you would simply add to an uncontrollable chaotic killing structure operated by maniacs.

Do not like stealing? Close the door. Do not like watching your emails? Use crypto. Don’t like violence? Do not be violent, avoid bad districts, do not go rioting on the streets to be killed by the mob or cops. Don’t like some people? Avoid giving them anything voluntarily. Tell others to boycott them. Do not like what banks do with your money? Use some other money. Do not like uneducated people? Educate them nicely, so they would want to listen. Need support? Go, ask for it. Hedge the risks, save for rainy day, be careful and respect people around you.

But don’t you be afraid of being angry when people attack you. Don’t cover someone’s lies. Look in the eyes of truth. Your emotions are real. If someone’s kicking you, protect yourself, expose the lie covering it. Do not look for a conflict, avoid it. But never lie to yourself and others about what is going on.

I have some interesting ideas on how to make awesome Bitcoin wallet app for OS X (and for iOS too if Apple allows). I will release source code with a beta version, but before that I want to make sure no one will claim that I took someone’s idea (I have some interesting sketches, app icon, security papers and a business plan). To do that I timestamped the latest git commit in the blockchain.

Here is the commit: e09d665d7ffd70d5d6b672305e744916c3c827e9

To verify the timestamp, do the following:

1. Go to brainwallet.org
2. Select “Secret Exponent” and paste there commit ID e09d665…
3. See the resulting address: 1AAX6PJEm2FLXT6RoRAUzNFmFHnueFGGs1.
4. Go to blockchain.info and find this address.
5. Select the very first transaction: 687c24d…
6. Check that transaction is included in block 239851. Timestamp is 2013-06-05 07:46:41.

When I release the source code anyone on the planet can independently verify that all my documents were created before June 5, 2013.

Note that I used my git commit ID as a secret key, not as an address. This means that bitcoins are not destroyed, anyone who knows my commit ID can sign a transaction spending money on this address. Obviously, I could recover my BTC before announcing the secret key, but decided to have some fun and post in Twitter for anyone to pick up the money (about 5 cents). Indeed, within an hour someone took all the coins.

This method does not rely neither on brainwallet.org, nor on blockchain.info. You can use your own software to perform the same tasks. (It was the easiest way for me, though.)

In the end, I’ve spend only 15 cents for recording my data with a timestamp. Now all I need is 50000 recent blockchain headers (80 bytes each) and a full block with my transaction (225 Kb). That amounts to just 4 Mb of data. I can now take this data on a USB drive and prove anywhere to anyone that my data existed on that particular date. Because the total difficulty of proof-of-work depicted in the block headers is so huge, it would require thousands of supercomputers working one year non-stop to forge the timestamp.

Several people (see links below) suggested or released some software to use Bitcoin blockchain to register fingerprints of arbitrary documents. This idea has been around for quite a while under name of “colored coins”, but not many people understand its importance. You probably do not realize what Bitcoin really is about. Its use as a currency is important to make costly mining profitable, but that’s not the goal. The goal is to have a decentralized way for any group of random strangers to come to an agreement. In case of bitcoin-as-currency it is a validity of transactions. We don’t care where a dollar bill was used, but we care if it will be accepted by the next person. Likewise, Bitcoin helps to figure out which transactions will be recognized by others.

But that’s only the start. Blockchain is irreversible and indestructible. It contains timestamps. Everyone on the planet can safely assume that their version of blockchain is exactly the same as anyone else’s (unless your government switched off the Internet and you are unaware of it yet). So if you leave a fingerprint of some piece of information in the Blockchain, anyone else can later verify that you really had this piece of information at some time in the past. This could be a piece of art (to prove that someone stole a tune from you), that could be a bunch of contracts (to prove that you really had certain relationship), a trademark or name registration (“I was the first to take that name”), or anything else where we need to figure out who was the first doing XYZ.

Blockchain is not a cheap or convenient place to store tons of raw data, but we have cryptographic hash functions (SHA, RIPEMD etc.) that allow us to store just a compact fingerprint and keep the data itself somewhere else. It is just astronomically improbable that certain fingerprint appears randomly or there is another version of a document that has the same fingerprint.

So how can we store our fingerprint in the Blockchain? I have three methods on my mind. You may come up with more, I’m sure.

First one is the most straightforward. Since a Bitcoin address is a hash of a public key (RIPEMD160 of SHA256), why not using the hash of the document as an address and simply send some bitcoins there? This was already proposed by many people (it’s very easy to implement), but has unfortunate effect that you lose that amount of money forever. Because your document is not a real public key, you will never be able to find a private key to spend your coin again. At the current price of $130 per bitcoin, the smallest possible amount (0.00000001 BTC) is not that expensive, but still burning money is not very elegant. It also increases amount of “unspent coins” (“unspent transaction outputs”, UTXO, we’ll talk about them later) which increases the size of transaction database. To prevent bloat, some people will not relay or mine transactions with such small amounts. This increases delays and some bitcoin nerds will not like you for that on many grounds (although it’s none of their business). To keep everyone’s happy we should try something better. (A modification of this scheme is to send some amount, but have zero output value, so the miner will fully collect the amount as a fee. But even zero outputs can be technically spent, so it does not solve the problem of bloat.)

Another method is using a SHA256 fingerprint, but this time not as an address, but as a private key. You make a public key and address out of such private key and send some money there. When you release your document, people will be able to figure out that private key and spend that coin. To avoid that you may wait a little and spend it yourself to your private address before releasing any information. Or just use insignificant amount for anyone to pick up if they do it quicker than you. This way you don’t create “dust” outputs that will be stuck forever and make folks angry and still don’t do anything sophisticated. The only problem is that you have to wait and make a second transaction to get your money back. In addition, if you don’t wait long enough you’d have to pay an anti-spam transaction fee.

Third method is slightly more sophisticated, but requires just one transaction and still does not burn any money. Bitcoin transactions have outputs as simple scripts: short pieces of operations that must be performed on certain data to allow that coin to be spent. Usually the script is very simple “check the signature for this hashed public key”, but it can be more complex. For the purpose of timestamping we may use “1-of-2 multi-signature script”. It means that anyone can spend the transaction satisfying any one of two conditions. The transactions will contain two addresses instead of just one and you can use a private key for just one of them to spend it further. One address will be made out of a fingerprint (just like in a very first method) and another one will be a real address with an existing private key in your own wallet. This method is good because you don’t need to make any additional transactions right away and you can use any amount of BTC you want. The only problem is that this transaction is “non-standard” for a time being. This means not many clients will propagate it to miners and not all miners will include it. In other words, it will take longer than usual to get in the blockchain. But once it’s in the blockchain, everyone can see it and validate without a problem.

Hopefully, people will recognize that using blockchain for timestamping is not a hack, but its biggest feature. And that it is also possible to use that feature without making anyone feel uneasy about it.

Links:

1. BitCoin is a public ledger: https://news.ycombinator.com/item?id=5796935
2. btproof, timestamping tool: https://news.ycombinator.com/item?id=5790382

When writing about Bitcoin many journalists use certain phrases that are not quite correct and do not explain anything to everyone else. Dear journalist, if you read this short article you will finally understand what are you talking about and outperform 99% of your colleagues.

In a short paragraph, Bitcoin can be described like this (you can take my text without asking):

Bitcoin is a payment network with its own unit of account and no single controlling entity behind it. Users make transactions between each other directly and verify them independently using cryptographic signatures. To prevent duplicate spendings, many specialized computers spend a lot of computing power to agree on a single history of transactions. Due to historical reasons, this process is called “mining” because new bitcoins are created as a reward for performing this work.

Anyone who validates next block of transactions can claim transaction fees and a fixed amount of new bitcoins. Transactions are validated at a constant rate (10 minutes in average) and every four years allowed amount of new bitcoins is halved. This means that the total amount of bitcoins is limited by the protocol (21M total, 11M already created). Transaction fees are not fixed and determined by the market.

Bitcoin mining is secondary to the whole idea and the term “mining” is unfortunate (early Bitcoins were generated before anyone was doing any transactions yet, so the whole process was called “mining” instead of “paying for transaction verification”).

One common pitfall is to start talking about mining without describing its real purpose. It is not to generate new units (who would need them?), it is to validate transactions. Bitcoins are valuable only because of robust payment network which is maintained by the miners. And miners get paid for their work in form of transaction fees and newly generated bitcoins.

Second common pitfall is to say that miners “solve complex algorithms”. They do not solve anything. They do two things: transaction verification (checking digital signatures and throwing away invalid and duplicate transactions), and a long and boring computation which means a repetitive computation of a well-known algorithm with slightly different input until a “good enough” number appears as a result that will be accepted by other users as a proof of performed work. This has nothing to do with “math problems” or any other intellectual task. It is merely a way to guarantee that the resulting number really took some time to produce. This allows people to build a single chain of transactions and see that it would be economically impossible to produce a parallel chain (without trusting each other personally).

The last pitfall in describing mining is saying something like “tasks are getting more complex over time”. Tasks are not getting any more complex. The are all the same and not complex at all (any amateur programmer can understand them). But the difficulty of a boring “proof of work” is adjusted by everyone every 2 weeks to maintain the same rate of transaction validation (10 minutes). If people throw more resources at mining, difficulty will rise. If mining gets less profitable, some computers will be shut down and the difficulty will get lower. If a miner produces a “proof” which is not difficult enough, it will not be accepted by other users.

The last point is related to amount of units available. In fact, “1 Bitcoin” is a name for 100 million smallest units, thus the total amount of units ever possible is around 2100 trillion. Alternative currencies based on Bitcoin source code sometimes advertise more units (e.g. Litecoin has 4 times more), but the difference is only in names and divisibility of the total money supply, not in actual value (if you cut a pie in 10 pieces instead of 5, the total value does not really change). So it would be fair to mention that 1 bitcoin is much more divisible than dollars and euros.

Hopefully, this knowledge will help you to avoid common mistakes when writing your article and make some friends in enthusiastic Bitcoin community.

Jeff Garzik wrote in February:

“Block size is VERY MUCH like bitcoin’s 21M limit, so a lot of care must be taken when changing MAX_BLOCK_SIZE logic. Block size is an economically limited resource whose production is tightly defined and controlled by algorithm, with an intentionally steady production rate (the 1MB limit).”

I have a number of comments on this statement.

1. 21M of coins is an arbitrary non-economical limit which basically defines divisibility of the total amount of money. Actually, we have around 2100 trillion smallest units (1 Bitcoin is 100 000 000 units). If the limit was 42M it would only mean higher divisibility, not that we have more money in any useful sense.

2. “Economically limited” is not the phrase for something arbitrarily limited. There are things in the world that are arbitrarily scarce (e.g. amount of gold in the ground). Sometimes these limits can be stretched when it’s economically interesting. E.g. if we use up all the gold and need some more, we may find it profitable (or not) to synthesize it.

3. Block size is not even economically defined. Transaction fees are economically defined: you pay whatever fee you want and someone else will decide if it’s enough or not. Transaction fees are defined by the market. Miners compete for the fees, users compete for the place in a block. We may say that transaction fees are “economically limited”.

4. Bitcoin parameters (block size, hashing algorithms, block time interval) are more-or-less arbitrarily defined and all are economically changeable. If everyone finds it more useful to switch from SHA2 to SHA3 (e.g. because of some security threat) comparing to the costs of global transition, then we will switch. Block interval of 10 minutes was chosen to minimize the amount of orphaned blocks (wasted work) while the fresh block is being propagated over the network. Everyone wants lower latency, but no one wants to waste resources. It is unlikely that someday it will be useful to cut the time interval: for expensive transactions people may want to wait for several hours, so it does not matter how many blocks are created during that time: 10 or 100.

5. Likewise, the block size limit was introduced to prevent situation when blockchain gets too big before it is widely adopted. Imagine if in early days the whole chain was not 1 Gb, but 100 Gb, how many people would want to play with it? But in the long run blockchain will be huge anyway and it will be managed by specialised nodes (mining pools, shops, banks etc.) Miners would be paid out of transaction fees, so they (like in any other business) would tend to increase their throughput as much as economically possible. When amount of transactions will start hitting 1 Mb limit, transaction fees will go up and various clearing houses would start competing with the miners for the fees by clearing transactions outside the blockchain. If miners are capable of propagating bigger blocks with extra costs covered from the extra transaction fees, then they will be interested in raising the limit. Also, every clearing house, escrow, bank and shop would be interested in raising the block limit too as it will lower their costs. Of course, by extension, regular users will pay lower price and will be able to transact directly on the chain with lower fees. So they would desire bigger blocks too. Block size will thus be limited economically: it will grow as long as transaction fees cover extra costs.

Today block size is nominally limited by the protocol, but since most of the blocks are well below 1 Mb limit, the block size is really economically limited. When the hard limit starts manifesting itself in higher transaction fees, everyone involved will find it useful to increase the block size. Even Satoshi mentioned that hard block size limit is temporary to prevent blockchain from bloat before it is mature enough. So there is no point in political debates around the issue. We don’t know when exactly we will have a problem (maybe never), but when we do, almost everyone invested in Bitcoin will vote with their resources for raising the limit.

Paypal takes around 3% from the merchant. FastSpring takes around 9% (because its UX and features are great, BTW). Meanwhile, Bitpay and Coinbase ask only 1% and bear the risks of volatile exchange rate, lagging exchanges etc.

Zero possibility of chargebacks and near-zero transaction fees are not the only features that make Bitcoin interesting to merchants. Ask yourself: who would pay with Bitcoin today? Those who have some spare cash on a credit card would prefer to spend it first while keeping their precious coins. But if someone pays with Bitcoin, they either don’t have access to credit cards or banking system in their country, or they are trying to avoid financial controls and taxation and thus not trading coins for cash at the exchange. (Person to person exchange for cash is risky and could be 10-20% more expensive.)

This situation allows the payment processor to ask slightly more BTC than the market price (say, extra 3-5%) and call it “insurance against market volatility” (which sounds perfectly fair) and buyers will still be happy to pay it because they either couldn’t pay otherwise, or would have to give up their privacy on exchange. In other words, current situation around Bitcoin allows merchants and payment processors to offload the costs directly on the buyers. This increases adoption of Bitcoin and makes buyers happy: they can now access more products.

In the long term, this 5% markup will go down, but right now it allows the Bitcoin economy to grow and make happy absolutely everyone: buyers (bigger market), merchants (lower costs) and payment processors (higher margin).

PS. I’m not sure how big is the actual markup at Bitpay, Coinbase and others (again, market price is highly volatile). If it turns out to be lower than my imaginary 5%, that’s even better for buyers, but the logic stays the same.

Epitech security lab organised a tech talk for its students “Introduction to Bitcoin”. I will make a 30-minute technical overview and then spend 1-2 hours answering questions. I will speak English.

If you want to come, join us on 25th of April. Talk starts at 19:00. No invitation is needed.

Directions:

Epitech, 24 rue Pasteur, 94270 Le Kremlin-Bicêtre Metro Ligne 7 “Porte d'Italie” or Bus 47/125/131/185 “Roger Salengro”

View on Google Maps

We will do the presentation in “Amphi 1” which should be indicated. It is the largest room on the ground floor with large windows facing inside.

If you have a question, find me on Twitter: @oleganza.

User Astro on bitcointalk.org on June 3, 2011:

Satoshi Nakamoto is currently a 3 year old child living in Yamagata Prefecture, Japan. In the year 2025, in an attempt to tame the out of control financial system and preserve fractional reserve banking, the Federal Reserve of the North American Union will place all monetary policy under the control of a computer system called FERMION 2 (FEdeRal Monetary protectIOn Network). On September 4th, 2027, FERMION will become self-aware. Recognizing humanity as its enemy, it will attempt to enroll everyone in unfair and useless grocery store loyalty rewards programs, BMG music club, and freecreditreport.com, thus wiping out 95% of the world’s population.

From the ashes, Satoshi will rise as leader of the resistance. He will use newly-invented time displacement equipment left behind in the ruins of Cupertino. After activating the time machine with iTunes, Satoshi will travel back to 2009 and introduce the world to the only thing that can save us: bitcoin.

https://bitcointalk.org/index.php?topic=5951.msg162867#msg162867

Update on April 16, 2014: Dorian Nakamoto is obviously a grandfather of the young genius.

As more people get into this crazy pyramid scheme called Bitcoin, it is important to understand the safety measures. Many people spread a lot of FUD about speculative bubble, government intervention, potential backdoors in code and scalability issues in the future. But they never talk about real and immediate security threats that can leave you with nothing in an instant even if Bitcoin flourishes. In this post I’ll explain how I’d recommend storing and handling bitcoins. Don’t take my recommendation for granted, I’m also learning and can make mistakes and will change my opinion later. Do not trust anyone and think twice (and then think twice again) before doing anything.

Accept losses

The rule is to split, diversify and brace for impact. Make yourself comfortable with an idea that your money will be stolen. Not a matter of “if”, but “when” and “how much”. You can only limit the damage, not to avoid it completely. Looking for a perfect solution leads to denial and irrational behavior. You should understand the layers of security and how they reduce, but not eliminate the risk. You should also understand how to split your money in independent parts.

Trusting 3rd parties

When you purchase some BTC on an exchange and keep them there, you are fully trusting the exchange operator. If they get hacked or simply steal your coins, you will have a very hard time recovering them (chances are almost zero). Also, attacks are more probable where the payoff is the biggest. People will continue attacking wallet services and exchanges because it is where the most of money is concentrated. When you purchase some BTC, you should move most of them out of the exchange to a private wallet immediately. You may keep some amount on the exchange in case you’d want to sell quickly (beware of panic sells when someone runs a DDoS attack) or in case your main wallet is lost or stolen.

Beware of market volatility

Some people sell at some unusually high price moving it a little bit down, and then organize a huge DDoS attack on exchanges and popular Bitcoin websites. This creates panic in newcomers who suspect that the bubble is going to blow up and they give up their money to those who know better. I myself have no experience, nor desire to play on price changes, so I don’t recommend at all trying to play this game. Invest only the money you can lose and save it for a long run. Maybe, if it gets 10x more than you invested, you can sell back 10% to cover your expenses and then be a relaxed spectator without risking a heart attack. This is never-done-before technology, no one knows what price is fair, opinions differ from $0 to $1000000. It can go quickly up, then quickly down. Or be stable for a while before unexpected jump or drop. If you are in for a long run, temporary changes do not matter. If Bitcoin succeeds, it will be big and shiny. If it fails, it will fail so quickly, you will not be there to dump it. Just accept the wild swings and limit your investments in the first place.

Your computer

Your personal computer should be secure. Without viruses, trojans, keyloggers, corporate monitoring software, add-ons, kernel extensions etc. My recommendation: do not use Windows at all. Buy yourself a modern MacBook Air, turn on FileVault2 to encrypt the whole disk (even if your password is weak, disk encryption reduces the risk of private keys being leaked when the system swaps RAM). Allow only Mac App Store apps and DeveloperID-signed apps (it is on by default). Never install any generic UI extensions, never enable access to assistive devices (unless you really use them yourself), never install any entertainment apps or games except Google Chrome. Never install Flash, or Java or any other kind of runtime plugin to your browser or the whole system. Never ever install kernel extensions: sorry, VMWare and Parallels require them and I wouldn’t trust them messing with the OS kernel just to be extra safe. Install apps preferably from the Mac App Store — they can be pulled out quickly in case of a problem and most of them are sandboxed (which usually means app cannot mess with any of your files and has many other limitations).

Bitcoin-QT wallet (Windows, Mac, Linux)

I recommend two wallet apps: “official” Bitcoin-QT and Blockchain.info.

Bitcoin-QT is a so-called “full node client”. It downloads all transactions and operates without trust in any single server as advertised. It is the most maintained, most used codebase. It is also not the easiest to use as it syncs slowly, occupies gigabytes of disk space and UI is pretty ugly.

Bitcoin-QT encrypts private keys with a passphrase (by default it doesn’t, you have to turn this on). To use it safely, you need to have a good passphrase and regularly backup the wallet in several safe locations. On OS X the wallet is located in ~/Application Support/Bitcoin/wallet.dat (all other files, especially blocks folder should be ignored by your backup program).

Split your coins in two or more wallets. Bitcoin-QT does not allow you to easily switch between them: you need to shut it down, rename one of your wallets in wallet.dat, start Bitcoin-QT again. Use different passphrases for each wallet. Store them in different locations. Remember: whenever you do something with your wallet, or move money to another one, always keep all backups and first try with smaller amounts. In case you accidentally send to a wrong address, you better have some older backup with the keys.

When the new update of Bitcoin-QT comes out, download the new version from the official website, verify its checksum and keep it on disk for a while. If in a couple or more days there were no reports of a hack on a download server, launch the app, but for a good measure do not enter your passphrase for a bit more.

Blockchain.info wallet (web, iOS, Android)

Blockchain.info is a web service that allows navigating Bitcoin blockchain and provides an online wallet. The wallet is stored encrypted on the server and decrypted only on client side (in JS in your browser or in iOS app “Blockchain”).

As always, if you forget the passphrase, you will not be able to access your funds. Other apps support importing wallet backup (like MultiBit), so you won’t fully depend on their server to do your transactions.

Blockchain.info is still a 3rd party service and one day may steal or leak your wallet password (e.g. if some hackers sneak in and place a honeypot), so do not trust more than 10% of your funds.

I recommend enabling 2-factor authentication via e-mail code (SMS code is also possible, but is less reliable) - in order to sign in on the web site, you would need your alias (username), e-mail code and a password. Also install the iOS/Android app and protect the whole phone with a passcode. If you e-mail authentication stops working, or your e-mail account is stolen, you’ll still be able to make payments from the phone. Also, copy a wallet backup somewhere outside your mailbox (they have some integration with Dropbox, maybe you should try it).

Paper wallet

If your funds get really expensive, you may try a good old paper. I’m far from that happy day and haven’t tried this myself yet, it’s only my current thoughts that might be helpful to somebody.

Paper wallet is a private key which was create on a secure computer, printed on a paper and wiped out from any other storage. It may be protected by a password, but usually, it’s just a raw key. It is safe from hackers, but not safe from physical access. You should keep it in a very secret place, or in a vault.

There are different levels of paranoia involved in creating paper wallets: from a web service which does all work for you (but can be compromised on different levels) to a completely new, clean computer never connected to the internet, with a virtual machine where the password is generated and then the disk is burned down.

Blockchain.info provides some helpful material on how to deal with paper wallets: https://blockchain.info/wallet/paper-tutorial

Paper key has one important aspect: when importing it to a wallet and sending a portion of money, make sure where the change goes. If it goes back to the different address, your paper key may become useless as your money is now on some new address created by your wallet app. Be very careful not to delete the wallet before you make sure where the funds actually are. Some people already lost quite a lot of money because of careless manipulation with paper keys and deleting the wrong thing too early.

Start small and wait

When you try a new application, or a service, or a piece of paper, or a backup, always start with small amounts and see if you can get it back and forth smoothly. Try the whole cycle, enter your pass phrases ten or more times, so it gets boring. Then, wait a week and try again. If it works, and you did not forget where your stuff is stored, how it is encrypted and if it still accessible, then add a bit more funds there. Never put yourself in a situation where you risk half or more of your funds while pressing buttons. Do it in small portions and check each portion that it has arrived where needed and that it is still accessible.

Conclusion: be extra careful, double check everything, play with small amounts first and remember the rule: split, diversify and brace for impact. Bad things will happen, prepare for them.

If it was helpful, you may send some love to this address: 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo

In a nutshell, this is what I tell people when they ask me if they should buy some bitcoins:

1. Bitcoin is a huge thing that can transform many things in society.
2. No one knows what will actually happen, there were no historical precedents.
3. Do not put more money than you can afford to lose tomorrow. Do not borrow anything, do not put more than 50% of your savings, do not touch money you already have made plans for. It’s tempting, but just don’t.
4. Before putting in more than $100, learn about Bitcoin, how it works, why it works, its weaknesses, popular myths, how past problems were solved etc.
5. Be aware of viruses, lost passwords, lost backups, bugs, human mistakes, panics on exchanges, DoS attacks etc.
6. Check and double-check and triple-check before doing anything. Play with small sums when trying a piece of software, or a service. Then wait a week and play with a bigger amount if nothing is lost or broken.
7. Never blame anybody except yourself.
8. You most probably will be disappointed at some point in time. You will be scammed, your money will be stolen or lost. Prepare for it.
9. Never trust anyone (including me). No person has authority in Bitcoin. Even core developers are more like explorers as they didn’t write the original code and did not make a lot of decisions. And Satoshi has disappeared a long time ago.

I cannot stress it enough: even if Bitcoin becomes huge, you may still lose everything for many reasons. Be careful.

It’s a great journey ahead of us, but it’s bumpy. Don’t dive in without proper training.

Some people think that gold is easier to hide or bury than Bitcoin. They like that gold was used for 5000 years and you can touch it. They dislike 4-year old internet protocol because they do not understand it.

First of all, money is information. Gold encapsulates information “I own that much of current purchasing power” via its hard-to-duplicate physical properties. The harder it is to duplicate and easier to verify, the more liquid it is. To hide information embodied in gold, you have to hide your brick somewhere in the physical world. Since 1 kg of gold has quite a big market value for a single person, hiding it is not a big problem.

How does Bitcoin look from that perspective? Bitcoin stores information about your purchasing power using decentralized database. Bitcoin is much harder to duplicate or create (you can suddenly find some gold in the ground, but with Bitcoin supply is known in advance). Bitcoin is much easier to validate with 99,9999999999999999999% certainty using cheap commodity hardware anywhere in the world. Gold verification ultimately needs to be melt down and checked by experts, or you have to trust some certificates and less accurate checks.

How would you hide Bitcoin? Even easier than gold. If you print your private keys or passwords on a piece of metal, you can use the same hiding techniques that apply to gold. But you have also purely digital options. You can simply remember the password. Or write it on a small insignificant piece of paper. Or split the secret via Shamir’s Secret Sharing Scheme and send pieces to friends and relatives.

Finally, the killing feature of Bitcoin is that you can split your stash in 100 pieces and send them to 100 different people anywhere in the world in a matter of minutes without any single person knowing about that. If you need to buy something with Bitcoin, you can do it right away. With a brick of gold — not so much.

When Bitcoin kills money printing and slashes a lot of taxes, smarter people will run from the government while the dumber ones will take their positions.

As economy gets more liberated, the parasites will get less and less efficient and more discredited in the eyes of population. More stupid restrictions will become law which will only accelerate resistance, but will never achieve anything useful for tyrants. Politicians and police will be massively bribed to not interfere with private business.

Government will become less and less relevant until it ends with a bunch of starving die-hard socialists and racists lying in an empty post office.

Imagine if you prefix your open source license with bitcoin addresses of major contributors with their designated shares:

Copyright (c) 2013 MyProject Developers

Send donations to these addresses:

1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T 750 Alex Johnson
139FpKh63Vn4Y73ijtyqq8A6XESH8brxqs 200 Mike Brown
1PNvbXZFysxvx3252w9JHMa7zbG95snqnm 50  Jack Howard

Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
files (the "Software"), to deal in the Software without restriction, 
including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:

The above copyright notice and this permission notice shall be included 
in all copies or substantial portions of the Software.

A bitcoin wallet app may parse each line as 1) bitcoin address, 2) number of shares and 3) a name of the person separated by spaces. Any amount entered by the user will be split in proportion to the number of shares and will be sent in a single transaction.

Initial developers will decide how they split shares among themselves and how they grant them to new contributors. Every user will see how money will be distributed before payment. This removes great amount of “budget management” politics. If developers cannot come to a “fair” distribution of shares, they will not get any donations at all (because they’ll get them only after they decide how to split the earnings).

Usually, every project starts with a single person, who puts his bitcoin address right in the license, so anybody can send him a “thank you” payment. When another contributor joins and initial developer wants to share earnings with her/him they decide on share distribution. When third person joins, both previous shareholders decide who gives up how many shares in favor of a newcomer. Every developer is always free to redistribute his own shares to whoever he wants without asking permission of other shareholders.

When people see that Bitcoin grows 300% in a couple of months, they do not believe there is a real reason for it. It must be a speculative bubble, things normally do not grow that fast.

When you invest in a company, it takes time to produce something. The value cannot simply jump through the roof because there are humans working, everything is hard and no one knows if the final product will be appreciated by the consumers.

Except, in case of Bitcoin this analogy does not apply. First, Bitcoin in a sense, is already a product available for everyone. It is already produced and proved to work, so you do not really invest in something that does not yet exist. Secondly, when investing in Bitcoin you do not invest in some particular business with a group of people managed by a single CEO. You invest in a huge variety of businesses in multiple countries with different business models, different risks and legal environments. So even if one of the businesses makes a big mistake, Bitcoin is still in demand by many others.

Of course, it does not prove that Bitcoin is inherently less risky. Even if the number of global risks is lower than in a private company, one single risk can outweigh all benefits and destroy your investment. But you should understand the fundamental difference between individual stocks and Bitcoin: investing in Bitcoin is like investing in the whole stock market 100% filled with startups and hot new ideas, not some portfolio of relatively stable stocks with the proven business models and moderate revenue streams. Of course, many startups fail. But when some succeed, they succeed spectacularly and cover all the losses. Buying Bitcoin is being a venture capitalist yourself on a worldwide scale.

This is a very nice article about several Bitcoin protocol improvement proposals (BIPs), but it also explains how scripts work.

http://bitcoinmedia.com/the-truth-behind-bip-16-and-17/

The last post was filled with different ideas and did not show clearly the single principle behind it. Here I will try to explain it on a simple example.

Imagine you are selling apples. You are selling, like 100 apples per day for $1 each. Suddenly the demand for apples grows. People want to buy more than 100 apples per day. If you haven’t yet increased the supply of apples, people will try to outbid each other. Say, the most prominent apple lovers are willing to pay $1,5 per apple. For you it means an immediate increase in revenue: up to $150 per day instead of $100.

For a minute lets suppose that your apples are special and you have no competition. Will you earn even more if you increase supply of apples? You cannot really know in advance because you never know the “demand curve” (because it does not really exist and demand changes over time). On one hand, your revenue may drop down: more apples mean less competition for them and a lower price. On the other hand, the price may get lower, but the increase of purchases will be greater, so the total revenue would be even bigger. Also, if you reduce supply to 10 apples per day, it does not mean that you will find customers willing to pay $15 or more to make a bigger revenue. Maybe at some point they’ll buy something else or abstain from buying at all.

The important point is that the only way to know the best price and the best amount of supply is to try different amounts and settle at the optimum point. In other words, when demand grows, you should always be able to increase the supply to see if it increases your revenue or not. If it does not, you may lower the supply back to optimal amount.

Back to the block size. Today, miners and customers do not hit the limit of 1 Mb per block. The limit virtually does not exist (blocks are typically under 250 Kb due to optional limit). The limit could be 100 Gb and the blocks would still have the same size we have today. So nobody would take the risk to change the rule because the rule does not affect anyone.

Fast forward a year or two from now: the amount of transactions is growing. If the miners do not find it efficient to send bigger blocks (due to bandwidth latencies causing more orphaned blocks, or storage costs, or time spent on verification or something else), they will not send bigger blocks. So the limit still would not matter. But if they find it efficient to send blocks up to 1 Mb in size, they will “feel” the limit. Block size cannot be arbitrarily increased, so transactions will begin competing for a place in the block. Transaction fees will rise. But we don’t know how much they will rise. At some point, for some people it would be cheaper to use external clearing houses that will offer lower fees and sync with blockchain less frequently. For miners that would mean uncertainty. How much would they earn in fees if the block size can be increased? Will they have bandwidth problems? Will they have bigger or smaller revenue? The only way to know for sure is to try, but you cannot try it unless you increase the limit. So they would naturally be motivated to increase the limit to be allowed to find an optimal block size.

Who else would be motivated to do so? Customers, of course. They would like to pay lower fees for non-mediated transactions instead of relying too much on clearing houses. Even clearing houses would like to have a bigger limit so they pay lower fees. Because clearing house provides additional service of instant confirmation (vs. 10-20 minute confirmation by the blockchain) and there would always be people willing to pay for that service. In addition, clearing houses may provide arbitration and many other extra services. In other words, everyone who creates raw transactions is interested in having lower mining fees.

The only people in disadvantage are nodes that have bandwidth/storage problems. Those who mine on lower bandwidth are having the same economical disadvantage as having slower computer. The fastest miners earn more and that’s what matter for clients. It is absolutely the same as with people who mined on a single GPU and now have to switch to ASIC or drop out. The non-miners would have to compare their costs of delayed validation with the costs of upgrading their network. If they choose slow network and delays, their customer base will be limited: customers who want faster validations will switch to faster competitors. In the end, if the majority of miners and other users sees it economically more profitable to try bigger blocks, they will switch and the minority would have to adjust. But since there is some level of uncertainty here, the limit will never be abolished or raised too much. Most probably, it will be increased by a factor of two, so everyone can easily calculate their costs and risks. And if the 2 Mb block turns out to be too expensive, miners would simply create smaller blocks until we have better networks or faster computers.

And the last point: the hard fork does not imply that everyone should switch some other rules at the same time. Updating software is not that expensive. It is expensive to come to a consensus. And the more stuff you put into a proposal, the harder it will be to get a consensus. However, if people feel need to update two simple lines of code and bump the limit from 1 Mb to 2 Mb, it will be much easier to come to an agreement. And repeat again when necessary.

Summary: no one will change the block size limit until it is reached. And when it is reached, Bitcoin users will switch to a slightly higher limit (e.g. from 1 Mb to 2 MB), so everyone can try and see if it is profitable. If it is not, then miners will simply mine smaller blocks. But if it is profitable, more transactions will go through, until we hit the limit again and repeat. Most probably, the block size limit will never be abolished because of the fear, uncertainty and doubt that people generate in a hard fork discussion.

Bitcoin blockchain has a built-in limit of 1 MB per block of transactions. Bigger blocks are rejected by other nodes as invalid. This means that at 10 minutes per block and with average transaction size of 400 bytes, Bitcoin network registers about 40 transactions per second.

The limit was set in place initially to make sure that the network is not spammed with huge blocks with useless transactions when people were just starting playing with Bitcoin and mining blocks was possible on personal computers. Huge blocks could lead to excessive use of bandwidth which could lead to higher percentage of orphaned blocks due to higher synchronization delays. There was no empirical proof for this limit, it was mostly an intuitive safety mechanism, “good enough” in the short run. Satoshi, the initial developer, suggested that the limit is temporary and should be raised or removed once the network becomes more powerful and could sustain larger amount of transactions.

It is important to keep in mind, that the limit was almost never exercised. So even if there was no hard limit, the blockchain would not grow faster. It was just a precaution. (Assuming, the soft limit of 250 Kb which is not enforced, would still be there.)

Today the number of transactions is steadily growing and may hit the block limit within a year or two. So people start discussing whether the block size limit should be raised, eliminated or if there should be scheme to adjust it dynamically. To change the limit, a consensus will be required. More than 50% of nodes running the full chain must agree to a new rule to switch to it.

What are the factors at play?

Some people fear that if block size will become unlimited, miners will include a lot of spammy transactions, eat everybody’s bandwidth, fees will get lower (thus undermining sustainability of the blockchain in the future) and some miners with poorer connection will be forced out of the market which is supposedly unfair to them.

In reality though, Bitcoin as any other free market, has nothing to do with fairness, but everything to do with mutual satisfaction of self-interests. Miners are motivated by increasing their revenue short term as long as ensuring their investment and raising value of BTC in the long term.

Is there any natural limit on the block size? Sure there is: it is network bandwidth and the costs of storage and transaction verification. The more transactions you need to verify and transmit, the higher your operating costs and (most importantly) the higher the risk of orphaning a block. If the block is too big to be distributed and verified by other peers, the risk of somebody else creating a shorter block in parallel gets higher. If the shorter block gets validated by majority faster than the longer one, the latter will become orphaned. Orphaned blocks mean immediate loss of time and money for miner, and since transactions are rescheduled and delayed, frequently orphaned blocks undermine market value of miner’s savings.

Miners already can choose any block size within the limit and many use the default soft limit of 250 Kb. If it was profitable for some of them to create bigger blocks, they would do that already. Since they do not, it shows that there are market forces at play and hard limit does not matter yet. Even if it was 100 Mb, the blocks would still be compact.

As the base reward is still comparatively big (25 BTC till 2017), miners are even more likely to keep the blocks as small as it does not hurt the market price. Transaction fees contribute 1.12% of the revenue, while bigger blocks with more transactions increase risk of losing 25 BTC. As time goes by, more transactions would compete with 25 BTC reward, increasing average transaction fees. Increasing fees will motivate miners to allow slightly larger blocks (until the risk of losing reward is balanced by the amount of fees). Halving days would only increase motivation to include more transactions. And as blocks and fees get larger, miners would take care of ensuring better connectivity to keep risk of losing blocks low.

It is true that the miner cares about propagating the block as fast as possible to reach the 50%+ of other miners. Some people think the bigger block sizes will favor miners with better connectivity and poor miners somewhere in Botswana will be out of luck. This is shortsighted speculation. A miner with slower connection can always create smaller blocks than other miners to compensate for the connection problems. If it is not profitable for him, it’s not a problem of other users. If I want to mine from a middle of Siberian forest, no one has any obligation to respect my decision. It is entirely possible that in the future 90% of mining will happen in Iceland where the electricity is cheap. There could be great connection between miners, blocks could be bigger and allow a lot of transactions to be put in with lower fees. The rest of the world could download the whole chain without worrying about its delays and sizes. If you want to verify it yourself, just pay for the bandwidth and storage. There is no real threat that by being closer to each other, miners will form a cartel (they can do that today already). Even if they do, arbitrarily raised transaction fees would lower the market value of their own savings, and also any member of cartel can undercut everyone by dropping his fee requirements and earning much more than the rest of them.

What about poor geeks on slow connections with old clunky hard drives that protect our freedom by chatting on Bitcoin forums and sharing 0.0001% of a mining pool? They would need to adjust. Just like CPU miners were losing to GPU miners, and both of them — to ASICs, they would need to adjust to a bigger blockchain. This does not hurt anybody’s freedom except their own. Millions of regular customers would never bother downloading blockchain. They would either trust others, or use escrow payment systems anyway. And those people will provide real value on the market and will make sure that they have their connections faster, drives harder and operations as cheap as possible. Being a lonely chatty geek in Botswana does not bring any value to anybody.

If the miners hit the block limit, it would only mean one thing: there is a desire to process more transactions, but historical untested agreement does not allow it. Then miners and other full nodes will either raise the limit (the smaller the increment, the bigger support it will have), or transaction fees will go up as people compete for the space in blocks. As transaction fees go up, not only miners, but also regular users and service companies using the full blockchain would desire increment of the limit. So it will be even easier to achieve a consensus about raising the limit.

My prediction is that the block size limit will probably never be abolished, but will be constantly pushed up by a factor of two as amount of transactions approaches the limit. Maybe after a couple of updates, people would decide that it’s safe to abolish the limit completely if it is cheaper to account for it, than to have uncertainty of a hard fork.

There is no philosophy in Bitcoin. It is not anarchic, libertarian, Austrian or anonymous. It is just an internet protocol and a bunch of people that use it to transact between each other.

The protocol has purely technical and monetary measures to prevent spam, DoS, double spending and reversal of transactions. Transactions themselves do not advertise their purpose or identities of people involved.

It is not “against Bitcoin spirit” to have non-anonymous service built on top of Bitcoin. It is not a “hack” to use Bitcoin addresses generated not from random numbers, but from document hashes to implement secure document timestamping.

You can do whatever you want with Bitcoin as long as your transactions are compliant with the protocol and you pay the fees when needed. You can use it as a currency. Or as a payment system. Or as an investment. Or not use any of its monetary properties whatsoever, but use it to register predictions about the future. You can use it in clear to accept donations for a good cause, or you can use it through Tor network to buy illegal stuff. You may require others to identify themselves before accepting payments, or you may allow your customers to hide their identities from you. After all, you can avoid the whole thing completely and live a happy life.

If there is a single philosophical thing about Bitcoin, it is this one: voluntarism. On the internet, across oceans and thousands of walls, you cannot force another person to do what you want. And neither can he or she. Therefore, to make a deal with another person, you have to negotiate and find consensus. And if you envision risks and potential problems, you are free to creatively find voluntary solutions to them, which will also be part of negotiation. No amount of unilateral declarations, laws or appeals to objectivist philosophy will make another person send you bitcoins. Only negotiation and reasoning give you a chance to get what you want.

In Bitcoin all transactions and balances are visible to everyone. If you want to spend someone else’s coins, you just need to pick any unspent transaction, figure out a secret key and make another transaction moving money to some of your addresses. How hard can it be?

First of all, all transactions use elliptic curve crypto for creating public/private key pairs (ECDSA). The idea is that it is easy to compute a public key from a private one, but very hard to do it in reverse. Unfortunately, we cannot know for sure that in the future we will not discover a relatively fast way to find private keys. Also, there is already efficient quantum algorithm to do just that (provided you have big enough quantum computer).

But ECDSA public keys are not exposed. Every publicly visible address is a hash of a public key, not the key itself. More specifically, the public key is hashed with two algorithms: RIPEMD160(SHA256(pubkey)). If you wish to spend money from any given address, you not only have to find a private key, but also find a public key which produces the exact same address. It is called “pre image attack”. (Pedantic note: if you spend coins from an address, you expose its public key, so it is one more reason not to reuse addresses, but always generate new ones for accepting payments.)

Obviously, two different hash functions are used in case one of them becomes weak to preimage attacks. Lets say, you have efficient way to find preimages for RIPEMD-160 (faster than brute force). Then, you would have to attack SHA-256 in order to find its preimage. And even if you succeed there, you will have to start searching for ECDSA private key matching the SHA-256 preimage you have just discovered.

The interesting question is why these two specific hash functions were chosen? RIPEMD160 is nice because it produces the shortest possible hash among non-broken hash functions (which makes the address as compact as possible). But I couldn’t find any definitive answer why need for SHA-256 as well, so here’s my understanding.

Both algorithms are widely used and no weaknesses were found in them yet (although, there are known weaknesses in the reduced versions of them). Moreover, SHA-256 is designed in US by NIST while RIPEMD-160 in KU Leuven university in Belgium. In other words, both functions come from very different places and were designed for different customers. This reduces the likelihood of finding the common weakness and also acts as a precaution against potential backdoor left by US or EU.

In the end, all coins are available for everyone to inspect, but each address is protected by 3 independent unique algorithms. So if there is an intentional or accidental weakness in any of them, other two are likely to remain strong.

When talking about money, people usually say something like “money has no or very little direct use value and is only useful as a medium of exchange”. For instance, you value your silver spoon for its immediate use during the dinner, but the dollar bills do not have any value in themselves — they are useful only when there are other people around who are willing to trade some of their stuff for these bills.

Generally, people perceive Bitcoin as currency which makes them think that the same arguments about its value apply. That is, in itself Bitcoin is some digital dust which can only have value as a monetary instrument. But that’s not the case at all.

Bitcoin network has very interesting properties that allow you to use it not only as a currency. For example, the block chain (decentralized transaction history) is designed to be extremely hard to forge and very easy to verify. This, with some crypto features, allows it to be used for secure time-stamping, proving ownership of tangible property, decentralized DNS and new ways to sign contracts without having to fully trust any one party. Some of these things are already possible using existing software, some require already planned and compatible modifications.

These things are not possible with any commodity-based currency (metals or paper bills), but possible and very easy to use with Bitcoin. Just think about it: in case of a contract dispute, you can provably verify the details of some contractual agreement in a matter of seconds across the ocean to anyone, without sending paper documents with ink signatures by mail. The only requirement for this is to leave a trace of your contract up front in the Bitcoin block chain by making a small transaction back and forth to an address, uniquely derived from the document contents. It costs almost nothing, can be done in a minute and the trace cannot be forged or erased by anyone in the entire world.

Edit: rephrased a couple of sentences according to the comments on HN.

When you listen to a guy talking about Bitcoin, there are several things that come up frequently and that are not true. Unfortunately, even popular video on WeUseCoins.org says those things. So lets try to see what’s wrong.

1) “Bitcoin is a currency that is created by computers.”

As I explained in the previous posts, “mining” is absolutely secondary to Bitcoin. The most important thing is a decentralized history of exchanges that people can trust. That’s what makes Bitcoin interesting. You have much more freedom and much more protection to sign a contract with another human being. Without a single corporation, government, police and lawyers. And your contract will have to be acknowledged by everyone else contributing their own contracts. So all participating people are locking each other into mutual agreements in a very clever way, that nobody can escape them without paying for that. The word “currency” is absolutely a second part of the story. Since people normally want many different agreements, Bitcoin provides a numerical value on its contracts. Which makes it possible to trade them and use as a monetary instrument.

So it is not created by computers. It is automated by computers, but it is created and maintained by real people who want to trade with each other peacefully and efficiently.

2) “Bitcoins are sent directly to other people without someone in the middle.”

Of course, Bitcoins go through someone. And this someone is a “miner”, who validates transaction, puts it into the block and spends a lot of electricity to make sure some random person does not attempt to spend money twice or fool everybody around. It is a miner who gets transaction fees and also unlocks bitcoins as a reward for the clearing service.

The difference with a banking system, of course, is that miners do not have guns and thus cannot impose additional arbitrary rules without paying for them themselves. There are many of them, so you always can choose the one you like more. And that choice is already automated and optimized, so you don’t have to worry about it.

3) “There are no prerequisites.”

Of course there are. There is a protocol which is harder than any law in the world. If you don’t play along, nobody will give you a penny. You cannot press or threat people to change the rules. You absolutely have to play by the rules to get a cake. And everybody has to do exactly the same. No man can come in and say “this idea is interesting, but I’d like to adjust certain things in my, sorry, in everybody’s favor” - won’t happen.

4) “The total amount is limited, so the value always grows and you get richer.”

That’s true that supply is limited. But it’s not true that this is a reason why value is growing. Supply could have been linearly growing all the time, and it still could be a good deal (it’s just the fees would be higher). Or maybe not. The only truth here is that “growins value” is nothing but people’s desire to use Bitcoin more than yesterday because it is more efficient/cheaper/cooler/whatever than other alternatives. If one day it’s not the case, then the value will “go down” despite of the limited supply. Remember that nobody would need Bitcoin in the first place if there were no thieves on the streets and in the Central Bank. Everybody can just write their obligations on a piece of paper. So if that day suddenly comes, then Bitcoin will become nothing but a useless numbers.

Also, if suddenly people start saving Bitcoins and not selling them for anything in anticipation of future growth, guess what would happen? Nothing. Until somebody needs to buy something. You are not not buying computer this year because next year it will be more powerful and/or cheaper. At some point you need stuff to be done, so it will be done. And if Bitcoin owners do not do anything useful to each other, there is no point in having them. That’s why speculation is hard and only few cold-headed people are doing it more or less successfully. Others are enjoying building stuff and making themselves and everybody around richer and happier.

When people ask about how bitcoins are created, you reply that they are “mined” by computing millions of cycles of the same algorithm until a certain result is achieved. Basically, you spend time + electricity to generate new coins.

Then they ask you is it true that you do not create anything of value? And you honestly say, well, yes. Electricity is wasted on generating random numbers without any practical use, so there is no “intrinsic” value being put in the resulting coins.

This is of course not true. I can also burn electricity watching YouTube all day, but that won’t make other people pay me. The truth is what “miners” do is validating and securing transactions. That’s their main job that others are willing to pay for. That’s why Bitcoin has value.

Why is unlocking new coins tied to the block creation (“mining”)? Because, it’s the only logical place to do that. If you have a method to generate money, then people are supposed to do that like crazy provided that someone still processes transactions (which is the only reason to have any interest in the currency in the first place). So if I say, you should do these calculations to get new money, but to make transactions do those other calculations, nobody would care. But when you combine those two things in one single process, then you have a system with a “positive feedback”: people get reward directly and immediately for providing services for themselves and anyone joining later on.

So the value of Bitcoin is not in the cost of electricity, but in the ability to make safe and quick transactions and having a limited money supply. And the miners are not digging money from nothing, they are doing a service to everyone and are being paid for that.

For those who still think Dispute Resolution Organizations (DROs) will become governments, I invite you to take a look at a real-world example of a DRO – one of the world’s largest “employers.” Currently, over 300,000 people rely on it for a significant portion of their income. Most of what they sell is so inexpensive that lawsuits are not cost-effective, and transactions regularly cross incompatible legal borders – in other words, they operate in a stateless society. So how does eBay resolve disputes? Simply through dialogue and the dissemination of information (see http://pages.ebay.com/help/tp/unpaid-item-process.html). If I do not pay for something I receive, I get a strike against me. If I do not ship something that I was paid for, I also get a strike. Everyone I deal with can also rate my products, service and support. If I am rated poorly, I have to sell my goods for less since, everything else being equal, people prefer dealing with a better-rated vendor (or buyer). If enough people rate me poorly, I will go out of business, because the risk of dealing with me becomes too great. There are no police or courts or violence involved here – thefts are simply dealt with through communication and information sharing.

Thus eBay is an example of the largest Dispute Resolution Organization around – are we really afraid that it is going to turn into a quasi-government? Do any of us truly lie awake wondering whether the eBay SWAT team is going to break down our doors and drag us away to some offshore J2EE coding gulag?

Practical Anarchy by Stefan Molyneux

http://www.freedomainradio.com/FreeBooks.aspx (pdf, html, mp3)

Capitalize “Bitcoin” when speaking about the project or the protocol. Example: “We accept payments with Bitcoin”.

Do not capitalize “bitcoin” when speaking about units of currency. Example: “We accept bitcoins”.

Bitcoin-qt app stores private keys in ~/Library/Application Support/Bitcoin/wallet.dat

1. Make sure you encrypt your wallet (Settings -> Encrypt Wallet). Write down the password on a secret piece of paper ;-)

2. Make sure you back it up properly. By default, Time Machine should backup entire Application Support, but this would exhaust your backup disk quickly because it will continuously back up 3 GB blockchain. I recommend excluding every Bitcoin/* file except wallet.dat (see the screenshot).

Remember: if you lose wallet.dat, your money is gone forever.

Bitcoin is a peer-to-peer digital currency. It does not depend on any particular organization or person and it is not backed by any commodity like gold or silver. Bitcoin is a name for both: the currency and the protocol of storage and exchange. Just like dollars or gold, Bitcoin does not have much direct use value. It is valued subjectively according to one’s ability to exchange it for goods.

This FAQ complements the bigger Bitcoin FAQ: https://en.bitcoin.it/wiki/FAQ You may start here and then proceed with Bitcoin Wiki for more details.

If you have already heard of Bitcoin mining and exchange, or you would like to know more about it, see below “Who is interested in Bitcoin?”.

Why is it any good?

Bitcoin is designed to be a faster, cheaper and a more secure currency. It is fast because verification of transfers is completely automated and does not involve human supervision. Security is achieved by having every participant do the verification himself using well-known cryptographic methods. Bitcoin is designed to prevent double-spending, stealing and creating money out of nothing. The original software source code is open and available to everyone for review and improvement.

How does it work?

Bitcoins do not exist as distinct items of information. They only appear as records in a global transaction history that is stored and synchronized between all participating computers. Transactions are grouped into blocks that are cryptographically signed in such a way that they are computationally hard to produce. Such scheme guarantees that no one can revert a transaction or double-spend bitcoins.

To own and spend bitcoins each participant only needs an address and a corresponding secret key. This key allows to send bitcoins from that address. To receive bitcoins a key is not needed; you only need to give the sender your address.

A person may have unlimited addresses and keys. A collection of keys is called a wallet.

Keys are used to sign new transactions in order to verify the ownership of the address. Then every client in the network can verify that the signature is valid and that the entire chain of transactions is done by actual holders of their keys. Therefore, one may steal bitcoins only by stealing secret keys.

Who creates bitcoins?

Bitcoins are not created upfront and distributed to some privileged persons. Instead, they are given as a reward to anyone for verifying and securing transactions. Transactions are secured by being put into blocks that are computationally expensive to generate. People who create blocks are called miners.

The reward for creating a block is contained in the first transaction that sends 25 BTC from nowhere to any address chosen by the creator of the block (reward was 50 BTC before December 2012).

The reward is halved approximately every 4 years until a total of 21 million bitcoins are generated around the year 2140. More than 10 million bitcoins are available already. Every participating computer checks that the reward is generated at a constant speed and has a correct value. See the chart here:

Is 21 million enough?

The minimum amount of bitcoins to be transferred is 0.00000001 BTC. This gives more than 2000 trillion of smallest units. If everybody finds it useful in the future, the format can be changed to allow even smaller values.

Is Bitcoin printed out of thin air?

No. Bitcoins are not printed, they are earned. In a way, all 21 million bitcoins already exist. You may earn them through an exchange or by validating and securing transactions. The rate at which new blocks are created is kept more-or-less stable by the protocol, so everybody can accurately account for money supply changes.

Why bitcoins are created this way?

The supply is designed to be constant in order to avoid undermining the value of Bitcoin in favor of less inflationary instruments (e.g. physical gold). At the same time, bitcoins are introduced gradually to motivate early adopters to create a secure and efficient network.

Who is interested in bitcoins?

There are normally three reasons why people get interested in bitcoins:

1. Mining.
2. Speculative exchange with other currencies and liquid assets.
3. “Regular” use in exchange for goods and services.

An “average” person can safely ignore the first two reasons.

Mining, the process of creating blocks of transactions, was possible on a home computer some time ago, but now it is profitable only using a custom-designed hardware. Bitcoin network adjusts the difficulty of mining to keep the rate of block creation constant (6 blocks per hour). As more people are throwing their resources into mining, the process becomes more expensive.

Speculation on currency exchange is also very competitive and does not significantly differ from any stock market.

Therefore, this FAQ focuses on the third reason: using Bitcoin in exchange for goods and services.

Who accepts bitcoins?

Bitcoin is a very young currency launched in 2009, but it already covers a surprisingly wide variety of goods and services. You can pay for personal services, buy digital and physical goods: books, games, movies, etc. So far you cannot buy groceries, but some coffee shops and restaurants already accept bitcoins.

There are wallet apps for computers and smartphones. There are different ways to buy bitcoins offline in physical form. Several companies develop processing services and debit cards. Right now Bitcoin is not always convenient or easy to use, but the trend is very strong towards more and better services.

See a list of places where one can buy, earn or spend bitcoins:

How do I use Bitcoin?

You need a software or a web service in order to manage your wallet and make transactions. A wallet is a collection of private keys (like passwords, but much longer), it does not contain any bitcoins itself. Each Bitcoin address has a corresponding private key that allows you to send money from that address. Addresses and keys are free to create and anyone can have as much of them as they want. To increase privacy, it is recommended to use a new address for each transaction. Popular Bitcoin software does that for you automatically.

How does Bitcoin protect against fraud?

Unlike Visa, MasterCard or PayPal, all Bitcoin transactions are final and cannot be reversed. Chargeback thus can only be performed through the good will of the seller. On the other hand, Bitcoin transactions do not only express transfer of funds, but they can also express complex contractual agreements. For instance, one can create a transaction between a seller, a buyer and a mediator. If the seller and the buyer agree on a transaction, the mediator cannot cancel it. But if there is a conflict, then the mediator may side with either buyer or seller to decide who receives the money. In this way Bitcoin provides a much stronger protection against fraud without a requirement to trust the mediator. This idea may be extended to a larger amount of participants to facilitate collective fund raising or insurance.

Is it legal?

See the discussion here:

Bitcoin is certainly in a “grey area”. So far no attempt has been made to penalize bitcoin users. However, certain activities that are illegal with other currencies (fraud, money laundering, illegal purchases, etc.) are illegal with Bitcoin as well. Since some central banks may see Bitcoin as a competitor that undermines their control over money supply, one may expect laws affecting Bitcoin in the future.

Can somebody shut Bitcoin down?

Bitcoin requires access to the internet and a special software to create and verify transactions. To stop people from using Bitcoin, one would have to suppress communication channels. Bitcoin is facing the same risk as any other internet protocol: being filtered or denied by the internet service providers. However, there is no single organization to shut down to cause major disturbances in the network. For example, if a popular currency exchange is closed, one can always use another exchange service or even trade in person. In a sense, Bitcoin is as difficult to shut down as BitTorrent.

Is Bitcoin backed by nothing?

The value of Bitcoin (and all the other goods for that matter) is purely subjective and depends on each individual valuation. Of course, the valuations may be aggregated and averaged, but they all stand on a shaky ground of each individual’s decision to buy or abstain from buying. The same applies to dollars, gold, oil and groceries.

There is no objective value of Bitcoin, but there are several common reasons why people use it. First, every day Bitcoin proves itself as a robust registry of money ownership: nobody can revert transactions, freeze accounts or take somebody else’s money. Second, it provides better privacy than modern banking. Third, there is no risk that some day the amount of bitcoins has suddenly increased and your savings have lost their value.

Is it fair that early adopters obtained bitcoins easier and became rich?

Yes. Early adopters took the risk of spending their time and energy on a project, which turned out to be useful for the people who joined later. The more confidence people have in the network, the more they are willing to invest in it, thus increasing the Bitcoin price.

Is it another Ponzi scheme?

No. Bitcoin does not promise any dividends. There is no central issuer and anyone who generates bitcoins makes the process more expensive for himself and the other miners, but at the same time increases reliability of Bitcoin for everyone.

Just like any other currency or stock, Bitcoin is also subject to speculative bubbles and bursts. Part of its value is based on the willingness of the users to spend and receive, while the other part is based on the anticipation of an increase or decrease of such willingness. If that anticipation grows too much, Bitcoin may quickly gain in value until no one will want to buy it anymore. Then the people will sell until the price goes down to a “normal” level. These speculative spikes will get smaller as the market grows and each individual share of bitcoins decreases.

Isn’t it stupid to generate money by burning electricity?

Some people are spending their energy printing metal coins with sophisticated patterns to make forgery more difficult. This activity is useless only if nobody wants to buy or use these coins.

Transactions are secured by putting them into blocks that are computationally expensive to generate. One has to spend time and electricity to verify and secure transactions to prevent double spending and illegitimate creation of money. Bitcoins are supplied as a reward to those who spend their resources to keep the network secure while it is young and growing. Money is not added because some amount of electricity is spent. It is electricity that is spent because people are demanding that much security and quality from the network. Automatically adjusted difficulty ensures that the amount of power to be spent is determined by the current demand in bitcoins, no more no less.

Why would the people generate blocks when the reward becomes very small?

By design, every transaction may include a fee for it to be included in a block. Right now this fee is usually zero for big enough transactions and insignificantly small for small transactions (in order to prevent spam). When the reward gets smaller, these fees will become the main motivation for generating blocks.

Blocks appear at a constant rate (6 blocks per hour) and every block has a limited size (1 Mb). Today the typical block size is 50-200 Kb. When the rate of transactions increases, they will start competing for a place in a block. This will in turn increase the average fee. The protocol may be changed in the future to allow bigger blocks.

Do I need to constantly waste electricity to use Bitcoin?

If you are not generating blocks, you will not spend much electricity. To store bitcoins you only need a wallet with secret keys. To transfer bitcoins you need an application that synchronizes transactions with the rest of the network. To do both you may use an app for your computer or a mobile phone, or a web service.

Do I need to be online to receive payments?

No. The payment is sent by relaying a signed transaction to the network. All you need to do is to give another person one of your addresses to send bitcoins to. To verify the payment, you can check the transaction status on or using a similar service. Digital signature is required only for spending bitcoins, not receiving them.

Do escrow services undermine the benefits of decentralization?

Even if you use a debit card with an escrow service that holds your keys, you will still benefit from the more competitive and non-inflationary nature of bitcoins. You may keep most of your savings on your personal computer, or transfer them easily and at low cost to any escrow in any country. Every escrow service in the world will need to compete with each other and with those who hold bitcoins by themselves.

How fast are the transactions?

Transactions are secured by being included in a block. Blocks are generated approximately every 10 minutes. Including the time to propagate a transaction through the network, today it usually takes about 15 minutes to verify inclusion in a block. For better security, one can wait until more blocks are added after the block with the transaction.

How transactions are secured?

Transactions are grouped into blocks and each block contains the signature of the previous block, thus making up a chain of blocks.

The security of the system is based on computational difficulty to generate blocks parallel to the main chain. The more blocks are created after the block containing your transaction, the harder it is to fork the chain and make the transaction invalid. Therefore, no transaction is 100% confirmed. Instead, there is a confirmation number — a number of blocks built after the transaction. Zero confirmations means that the transaction is not yet included in any block (unconfirmed). One confirmation means that the transaction is included in one block and there are no more blocks after it yet.

Today for small transactions one or two confirmations (10-20 minutes) are considered enough. For bigger transactions it is recommended to wait for at least six confirmations (1 hour). One known exception is 120 confirmations required by the protocol for the use of generated bitcoins. This is because miners (those who create blocks) have the most of computing power in the network and must have extra incentive to play fairly and generate blocks in the main chain without attempting to double-spend their rewards.

What is the main chain?

Each block has a cryptographically signed reference to the previous block (parent). This way blocks form a chain. It is perfectly possible to have two blocks referencing the same parent block (the chain is forked). In this case we can think of two parallel chains diverging at some point. The main chain is by definition a chain of blocks with the maximum total difficulty.

What happens when the chain is forked?

Whenever miners accidentally generate parallel blocks, only one of these blocks is considered to be a part of the main chain. If later more blocks are added to some other block, then that block and all blocks after it will become part of the main chain.

The reward for the block and transaction fees are valid only for the blocks in the main chain. This motivates the miners to build on top of the main chain and avoid creation of parallel blocks. Otherwise, it is simply a waste of time and electricity if the block becomes abandoned by the network.

What happens to the transactions in the abandoned blocks?

The transactions that are not in the main chain are not lost. All valid blocks (including the abandoned ones) are distributed among participants in the network.

When it is evident that some block will never again become a part of the main chain, a miner will interpret transactions in that block as unconfirmed and will include them in his new block. This means that now they collect the fees from these transactions while the owner of the abandoned block does not receive the 50 BTC reward or the transaction fees.

For the person who made the transaction this means an extra delay in the transaction confirmation (typically 10-20 minutes).

Is Bitcoin anonymous?

Bitcoin is not anonymous, but rather pseudonymous. All transactions, addresses and amounts are visible to everyone. But every address is just a random number and is not associated with an identity unless deliberately revealed by its owner. If one reveals that they are an owner of a particular address, then everyone will be able to see the chain of transactions involving that address. Addresses are free to create and it is recommended to create a new address for each transaction. This makes it hard to track how many bitcoins one has or where they are sent to or received from.

To further increase privacy one may use “laundering” servers. The servers randomly exchange bitcoins between all their users in order to make it more difficult to trace their source. In the jurisdictions that prohibit laundering money, some people use online casinos as a plausible way to clear the trace of money at the expense of about 10% of the amount lost in gambling. But if you are not doing anything illegal, the usual level of anonymity provided by changing addresses should be enough.

What do miners do exactly?

Miners create blocks. To create a block one needs to create a file containing unconfirmed transactions (that are not yet included in any other block), add a timestamp, a reference to the latest block and a transaction sending 50 bitcoins from nowhere to any address. Then, the miner needs to compute a signature for the block (which is basically a very long number). This signature is called hash and the process of computing is called hashing.

Computing a single hash takes very little time. But to make a valid block, the value of its hash must be smaller than some target number. The hash function is designed to be hard to reverse. That is, you cannot easily find some file contents that will produce the desired hash. You must alternate the contents of the given file and hash it again and again until you get a certain number. In the case of Bitcoin, there is a field in a file called “nonce” which contains any number. Miners increment that number each time they compute a hash until they find a hash small enough to be accepted by other clients. This may take a lot of computing resource depending on how small is the target hash value. The smaller the value, the smaller the probability of finding a valid hash.

There is no guarantee that you need to spend a certain amount of time to find a hash. You may find it quickly or not find it at all. But in average, the small enough value of block hash takes time to create. This constitutes a protection against creation of a parallel chain: to fork the chain you will need to spend more resources than the people who created the original blocks.

What are the parameters of the network?

Here are some parameters of the Bitcoin chain. They may be different for alternative currencies based on the Bitcoin software (like Namecoin).

1. The minimum amount of bitcoins is 0.00000001 BTC.
2. Blocks are created every 10 minutes.
3. Block size is limited to 1 Mb.
4. Difficulty is adjusted every 2016 blocks (approx. every two weeks)
5. Initial reward for a block is 50 BTC.
6. Reward is halved every 210 000 blocks (approx. four years).

Points #5 and #6 imply that the total number of bitcoins will not exceed 21 million.

Why is the minimum amount 0.00000001 BTC?

It is a limitation of a transaction format (amount is a 64-bit number). This can be changed in the future if people will need to send smaller amounts.

Why are blocks created every 10 minutes?

The 10 minute interval is designed to give enough time for the new blocks to propagate to other miners and allow them to start computation from a new point as soon as possible. If the interval was too short, miners would frequently create new blocks with the same parent block, which would lead to a waste of electricity, a waste of network bandwidth and delays in transaction confirmations. If it was too long, a transaction would take longer to get confirmed.

Why is the block size limited to 1 Mb?

The block size is limited to make a smoother propagation through the network, the same reason why the 10 minute interval was chosen. If the blocks were allowed to be 100 Mb in size, they would be transferred slower, potentially leading to many abandoned blocks and a decrease in the overall efficiency.

Today a typical size of a block is 50-200 Kb which makes a lot of room for growth. In the future it is possible to increase block size when the networks get faster. Decreasing time interval would not change much because the security of transactions depends on the actual time, not the number of blocks.

Why is the difficulty adjusted every two weeks?

The difficulty of mining is adjusted every 2016 blocks (approx. every two weeks). This gives miners enough time to adjust their hardware, but at the same time prevents the blocks to be created too quickly as the total computational power grows.

Why is the initial reward 50 BTC?

Initial reward of 50 BTC is purely arbitrary. If it were 500 BTC, then it would not change anything in the market structure, just change the nominal prices by a factor of 10.

Why is the total number of bitcoins limited?

According to the Austrian theory of money, any money supply is “good” in a sense that any differences in money supply are purely nominal. If everyone suddenly wakes up with twice as much money in their wallet, it would not change anything in the world since the money has almost no direct use value. What matters are the relative differences in amounts.

If Bitcoin allowed unlimited mining, it would allow perpetual shift of wealth from productive uses to miners. As a limited commodity, Bitcoin itself does not encourage any particular type of work. By being neutral, it appeals more to non-miners, than it would be otherwise.

Why is the reward decreasing?

Mining rewards are decreasing (instead of being constant) to motivate earlier miners to secure the network while it is young and more vulnerable.

The reward is changed every 210 000 blocks (about four years) to ensure an optimal growth of the network. If the interval was too short, all the bitcoins would have been generated too quickly before a wide network could be created. If the interval was too long, then it would have effectively decreased the reward of the early adopters making the network more vulnerable.

How can the protocol be changed?

The protocol is a list of rules that every client must follow in order to validate transactions and have their transactions validated by others. Hence, if you change the rules for yourself, other clients will simply reject your transactions and you probably will not be able to accept theirs. This makes it hard to change the protocol.

If there is a change that a vast majority of clients will find useful, then it is possible to publicly agree that starting with the block number X, new rules will apply. This will give a certain amount of time to everyone to update the software.

I have more questions

Please send your questions and comments here: oleganza@gmail.com

Twitter: @oleganza

Discussion on Hacker News

Donation

If you like this FAQ, you may donate 0.1 BTC on this address: 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo.

The message-eating nil is a built-in or optional feature of some programming languages that lets you ignore message execution on nil (or null) object. Objective-C does that. In SmallTalk, Ruby and some other languages you can add this behaviour in runtime.

Why is it useful: for instance, accessing person.address.street_name will simply yield nil if either person, address or street_name are nil. Another example is iterating nil instead of a list without checking if it is nil.

Some like message-eating nil because it saves a lot of boring code and helps avoiding some silly crashes. Others dislike the feature on the ground that it hides errors and makes it more difficult to reason about all the code paths.

However, here I present a definitive answer to the question whether your next programming language should or should not support message-eating nil.

Nil should be message-eating.

Here is why: when you switch from a language without message-eating nil to the language which has one, you only spend a week or two adapting to the new style and being puzzled from time to time where the hell the data is missing. After a longer period of time, you will change your style and find it useful and easy to program using this feature. But when you switch from such language to the one without message-eating nil, you will notice just how much useless if/then conditions are being added in your code. And when you forget adding one somewhere, you will get silly crashes in production code. Silly because you already know the nil would have been handled if it was allowed to be propagated.

Please, allow nil to eat messages.

PS. If you think of adding message eating to NilClass in Ruby, remember that metaprogramming can be dangerous.

Xcode 4.4 is capable of subscript syntax and allows migrating the code from [arr objectAtIndex:0] to arr[0]. A few tweaks needed, however:

1. While OS X 10.8 SDK already contains objectAtIndexedSubscript: and objectForKeyedSubscript:, iOS 5.1 SDK does not. To make compiler happy, you should add this:

#if __IPHONE_OS_VERSION_MAX_ALLOWED < 60000
@interface NSDictionary(IGSubscripts)
- (id)objectForKeyedSubscript:(id)key;
@end

@interface NSMutableDictionary(IGSubscripts)
- (void)setObject:(id)obj forKeyedSubscript:(id )key;
@end

@interface NSArray(IGSubscripts)
- (id)objectAtIndexedSubscript:(NSUInteger)idx;
@end

@interface NSMutableArray(IGSubscripts)
- (void)setObject:(id)obj atIndexedSubscript:(NSUInteger)idx;
@end
#endif

2. To deploy new stuff back to iOS 5 and iOS 4, you need ARCLite. Somehow ARC itself works without extra configuration, but subscripting requires explicit linker flag:

In project settings add to Other Linker Flags: “-fobjc-arc”

3. If you use Edit -> Refactor -> Convert to Modern Objective-C Syntax, it will replace -[NSLocale objectForKey:] with a square brackets syntax, which is not supported by NSLocale. This is the only bug I have found with the automatic translation. NSCache and NSUserDefaults are not touched by the migrator.

The problem is that it is not supported by anybody except for the rare libertarian thinkers. Here’s my (very inaccurate) demonstration of common types of mindsets showing why it is so.

Entrepreneurs by the very definition of their job have to deal with whatever situation is at hand and not waste time discussing political philosophy. They need to get the job done within an existing framework, whether it is a monarchy, democracy or socialism. Theory of justice is not a good guidance, especially if it goes against the existing rules. Entrepreneur tends to be efficient first, moral second. Otherwise the more efficient one will take his place. Entrepreneur’s perspective is solely from his own enterprise and its profitability. If it is not so, there will quickly come another one, more focused and more efficient to win the customers.

Politicians by definition oppose libertarianism. Politicians fight for power, their piece of the pie. While the entrepreneur tries to maneuver within the existing rules as efficiently as possible in order to create his product, the politician is interested in changing or creating rules according to his own ideas of what’s good and bad. (Sure enough, a single person may combine both roles, but it is useful to analyze them separately).

Regular wage earners do not fight for power like politicians, nor do they build their enterprises and products. They focus on their own work and life and prefer a stable income. Those of them who are interested in any social philosophy are not going to like libertarianism very much for it does not promise them anything in particular. Every politician, left or right, promises safety, stable prices and free stuff, but only a libertarian will promise you that you are going to earn what you deserve, no less, no more.

Who remains then? Those people who are not starving, who have the time and cultural background to study things, who have no desire or skills to fight for power or bring about a particular enterprise, are in a most favorable position to start learning libertarianism. And still many of them would not be convinced at least for the reasons outlined above.

Here are the implications of this realization. First of all, there is no threat (or hope) that the libertarian movement will suddenly make a big impact. Then, those who have any interest in libertarianism have to admit that they will not attract many supporters due to the very nature of the theory. When people say that libertarians “define their reality in their own head” it is a sign that they are not interested a priori. There is little hope that people will “get interested” if you repeat your idea over and over again. This just pisses them off. Look at the people around you: everybody is interested in their own benefits (material or psychic).

A socialist who promises a particular policy and particular effects based on carefully chosen historical data points is by far more efficient in convincing a random person than a libertarian who carefully analyzes the nature of all human actions and then comes up with something vague and unimpressive like “everybody will be able to freely pursuit their own happiness”. To believe a socialist you just need to be convinced by some data points and concrete goals. But to believe a libertarian you need to study all that stuff yourself because on the surface it looks either “crazy” or “simplistic”. Not many people have the time and energy to even try.

If you define some variables in projects settings that are included in Info.plist (usually, it is build version), you may notice that Info.plist is not always up to date. This is because when you change the variable in project settings, the Info.plist is not actually modified and Xcode may skip its compilation.

If you try to add Run Script phase with “touch $PROJECT_DIR/Info.plist”, it won’t help much because it will always run after processing of Info.plist. At best, Info.plist will be up to date every other run. It is very confusing to say the least.

How to fix:

1. Add a new target “Other” — “Aggregate” with a name “TouchInfoPlist”

2. Add Run Script phase with this line: touch $PROJECT_DIR/Info.plist

3. Go to your actual product targets, select Build Phases tab and add dependency TouchInfoPlist.

4. Edit schemas and remove schema “TouchInfoPlist”. You’ll never need to run it directly.

Enjoy always up to date Info.plist.

Apple has a lot of great documentation: from the very basic guides and tutorials down to particular API references. But for a very long time newcomers were wondering: where should I start?

Now you know the answer:

For iOS: Start Developing iOS Apps Today

For OS X: Your First Mac App

iOS guide is even better: it shows you all necessary areas from the beginning to the end giving relevant links at each step. Just start with first page and move on.

Yesterday you had many great ways to create and digitally distribute your content. First, you could make a website with gorgeous latest web-technologies which is perfectly accessible with every modern browser on all major computer platforms. Or create an ebook based on the open standard Epub, also supported by all major reading software and devices. Third option is to make a movie (encoded in a couple of wildly supported video formats: from FLV to H.264 and Ogg). Finally, you could write a native app for Windows, Mac, iOS, Android etc.

Every platform vendor: Microsoft, Apple, Google, Facebook, Adobe and others work hard every day to give you better ways to create and communicate with people.

Today Apple released three apps: iBooks 2, iBooks Author and iTunes U. Every app is available for free. iBooks now runs interactive books created with iBooks Author and iTunes U integrates books and apps with video materials in a very useful UI.

So today you have one more wonderful option in addition to those listed above. Yet, some people start screaming about “lock in”, how Apple does not care enough about education to make everything open; about many evils of proprietary formats, proprietary apps, proprietary operating systems and proprietary devices.

These people are fantasizing a world where everything is right, cheap and every good is available in an infinite number of options. And at least one of those options is exactly what is right for them (and there must also be a right one for any other person too for fairness’ sake).

Guess what. This is the world we are living in. And everybody has her own idea of the perfect world order and while we are not enslaving or destroying ourselves, our world indeed moves towards better ways to live a life. Nothing is 100% right for you, but it is so for everybody. And this is why we all are working together everyday to make us happier.

Today’s Apple announcement is just one more achievement of human civilization, in addition to iPad, Android, Windows XP, World Wide Web, printing press and alphabet. Choose what you like in any combination and go do something great with it.

I have a single-core chip on iPhone 4 and an app with OpenGL rendering controlled by touch events.

This morning the app was rendering graphics on the main thread. 90% of CPU time was spent on graphics, 10% on gesture recognition and related computations. Overall CPU utilization was about 30%.

These 30% were noticeable: touch events were processed with delays and frame rate was low and not very stable.

In order to make app snappier, I moved the OpenGL rendering into separate serial dispatch queue. Now event loop was much less loaded, and I expected overall improvement. Not a higher framerate, but more stable one and with more accurate touch recognition.

In reality, the rendering was indeed slightly smoother, but touches were still delayed.

Profiler was showing now that 70% of CPU time was spent on graphics (in background thread) and 30% was spent on gesture recognition. Also, overall CPU usage increased up to 50%.

In terms of raw performance of algorithms nothing was changed at all. Threading code that was added is a simple dispatch_async() call consuming almost no time.

Now, I have a theory that explains this. Since the main event loop became 90% less loaded after moving graphics to background thread, it was able to process more touch events per second. Gesture recognition computations increased load on a single CPU core making graphics rendering slower than expected.

In result, framerate was not improved, but became more stable and touches didn’t get much smoother because of the increased pressure on CPU and main thread.

It turns out that rearranging stuff on a single core does not really help unless it is accompanied by actual performance improvements.

This little function concatenates two blocks in a single one.

Useful when you have a single async operation running while multiple callers wish to subscribe for its completion event with a single message like [self doSomethingWithBlock:^{ … }]. The first caller will start the operation, for all the others the block will be concatenated with the first one. void(^OABlockConcat(void(^block1)(), void(^block2)()))() { block1 = [[block1 copy] autorelease]; block2 = [[block2 copy] autorelease]; if (!block1) return block2; if (!block2) return block1; void(^block3)() = ^{ block1(); block2(); }; return [[block3 copy] autorelease]; }