1. 4

    Very cool, is there an explanation anywhere for how node addresses get mapped to IP addresses and what happens if those change?

    1. 6

      Each node keeps a routing table of other nodes at varying “distances” from itself (distance being the XOR of their addresses). It’s more complicated, but basically, that table works like a hashmap mapping addresses to IP.

      Nodes are regularly announcing themselves to one another. When a node that you already have in your routing table announces itself to you, you update its IP.

      Edit: thanks for checking it out!

    1. 12

      Yes, Patchwork, built on top of Secure Scuttlebutt (SSB), is the best I’ve seen so far.

      Mastodon / GNU Social are so-so in terms of privacy, not very good, but better than Twitter.

      1. 4

        Patchwork still has to solve the problem of multi-device accounts and it would be nice to have it work inside the browser instead of requiring electron, but it’s definitely the coolest social network around.

        The multi-device stuff is being worked on and browser support might be coming soon, thanks to incoming firefox 59 ssb support in web extensions.

        1. 2

          There are other SSB clients that don’t require Electron, but none of them are really as polished as Patchwork is. Check out Minbay and Patchbay, among others.

      1. 2

        They didn’t bother to have an HTTPS download link? Not going to bother trying it.

        1. 11

          There’s a bunch of weird red flags here:

          • No way to download the installer over HTTPS
          • The installer itself isn’t signed on macOS
          • Upon launching the installer, I was prompted for my email
          • The 163MB (??) installer then proceeds to download Luna Studio, which is itself 1.2GB

          I’m messing around with it now and it seems really cool, but there’s a lot they could do to make that setup process better and more secure.

          Edit:

          It also replaced the atom command on my system with one that launched Luna Studio

          1. 2

            Those things you mention really seem quite bad. Hopefully, they’ll fix that soon. Especially the one with atom is baffling!

            1. 1

              Wow. Thanks for letting us know.

            1. 2

              Are there any browsers that don’t make bs excuses?

              1. 2

                What’s the excuse you think browsers are making?

                1. 3

                  What is the legitimate reason you seem to think exists in that post?

                  MITM attacks (which TLS is designed to prevent), are not a legitimate reason to block TLS improvements.

              1. 1

                Be sure to read his followup for why sharing leaked documents at all can harm the source’s safety.

                OTOH, if you don’t share the documents, few will believe you.

                1. 3

                  I’d recommend looking at LEDE instead of OpenWrt, it seems that’s where all development is going on.

                  1. 2

                    Aren’t they soon merging back together?

                    1. 1

                      That’s what I heard too.

                  1. 2

                    From HN:

                    “Still waiting for Red Lobster blockchain” (sxcurry)

                    “I’d buy into that Initial Crab Offering” (rev_null)

                    They might be onto something. Maybe Lobste.rs should have a blockchain [we don’t really use] to raise money for cool features or libraries [we’d like to use] that the blockchain will use so it’s not fraud. We can call it an Initial Claw Offering. We’ll take over the link aggregation and blockchain discussions markets by letting them buy their own customized forums hosted on our safe, secure, and future-proof blockchain. They can think of it as a hardened exoskeleton for their money and data.

                    1. 2

                      Maybe Lobste.rs should have a blockchain [we don’t really use]

                      Just a little nit pick, there is a very very big difference between “having” (and maintaining) your own blockchain/cryptocurrency, and building on top of an existing one with a smart contract / ERC20.

                    1. 8

                      There have been several different vulnerabilities reported, is this true for each and every one of them?

                      What about unreported vulnerabilities? Do you really have “nothing to worry about” when your freakin’ CPU is hardwired to listen for packets from the Internet?

                      1. 4

                        Amen.

                        Also, on the physical-access angle, how to know if you’re a high-value target or just that paranoid? Just how wide-scale are shipping shenanigans nowadays? Who else might be up to similar tricks? And don’t forget the evil maids… maybe put your laptop in a safe when you’re not using it? Hmm… and who might have access to your remote cloud-based resources? This whole thing looks like a really big mess to me.

                        1. 2

                          Especially if there is wide-spread malware in the future that makes use of ME vulns, hardly not-anyone’s-problem then.

                        1. 4

                          My stance is the same as it’s been with Bitcoin issues, if the Core devs of the platform (go-ethereum included) are able to reach rough consensus around the issue, then I support it, otherwise I do not.

                          EDIT: See also this tweet from Bob Summerwill:

                          Also EVERYBODY IN THE WORLD is welcome to be part of the process coming to consensus on how we move forward on this question of trapped funds.

                          See https://www.reddit.com/r/ethereum/comments/7d1szw/link_discussion_on_stuck_ether_recovery_options/?st=jb2js13y&sh=0b523e45

                          Join https://gitter.im/ethereum/ether-recovery

                          Nobody is going to be “bamboozled by Parity”. We all work in the open.

                          My personal stance on the issue is I’m split:

                          On one hand rescuing the funds doesn’t seem to hurt anyone. On the other hand, hard-forking every time devs screw up a smart contract sets an interventionist precedent that could lead to Bad Things™ down the road.

                          So, giving Parity Tech a figurative “get out of jail free” card on this, by hard forking, damages the long-term prospects of the whole to Parity’s benefit. It was their mistake, so IMO they should own up to it and at least cover some of the damages.

                          Take this situation to its logical extreme: if each time an Ethereum developer makes a smart contract mistake the system hard forks, well, it’s absolutely no different than a centrally managed financial system.

                          Do the people writing the software never take responsibility for their actions?

                          Is it always “no HF” when someone outside of the core dev group makes a mistake, and “HF” when people inside the core dev group make a mistake?

                          Selective enforcement like this leads to corruption.

                          1. 6

                            I don’t generally subscribe to slippery slope arguments. I do think that the prevalence of requests to do head forks suggests that the rhetoric around smart contacts is off the mark. It’s probably time for ethereum to confer up with some policy guidelines around smart contract error resolution as a matter of policy so the debate can be more focused.

                          1. 7

                            These arguments apply identically to gold.

                            1. 2

                              Your speech isn’t banned, it’s just impeded past reasonable bounds. You’re free to set up your own ISP and deliver your web sites on it, but you’re not going to. It’s like newspapers’ Letters to the Editor. “You didn’t print my letter! You are preventing my speech!” “Well, a) we don’t care, and b) you can just setup your own newspaper and print what you want.” You could go out and buy a printing press and make a zine and distribute it as far as you can, but you probably won’t.

                              I get the spirit of what the author is saying, but I don’t think it’s going to fly unless you believe internet access is a utility, rather than a medium. I think the majority of the public do see it as a utility, and being told how you should use your electricity is something we wouldn’t tolerate. But I think Pai and his cronies have convinced the old men on the Hill – that don’t care because they have their interns print out all their email anyway – that it’s a medium, and just like cable can choose channels, ISPs can choose web sites.

                              1. 5

                                You’re free to set up your own ISP and deliver your web sites on it, but you’re not going to

                                This just isn’t true.

                              1. 1

                                So, Jeffery Tucker may indeed be the sort of zealot who can blithely reduce all human values to the relative pricing of goods and services. He may even be wrong. But this little rant does a lousy job of presenting a counter-argument. If there’s ever really any evidence that ISPs are conspiring to censor or manipulate traffic content, won’t we just see increased consumer VPN use? And if they’re not conspiring, wouldn’t competition work against any individual would-be ISP censor? What exactly do we suppose they stand to gain by doing that, anyway?

                                If we want to get upset about censorship and manipulation, we should be talking about Facebook and Google, not Comcast and Verizon. In my world anyway, what sucks about the latter pair (both before and after 2015) is their shitty service, bandwidth caps, and too-high prices.

                                I probably shouldn’t fan the flames… but here are a couple of counter-counter-argument pieces I find much more convincing, despite their tinge of economic absolutism:

                                1. 5

                                  I agree that platform providers are more directly interfering with speech. (e.g., Google’s Content ID system interferes with fair use on YouTube.)

                                  However, we do have evidence of ISPs manipulating traffic in favor of their own preferred content and services, cf. https://www.freepress.net/blog/2017/04/25/net-neutrality-violations-brief-history

                                  From the perspective of the FCC, Net Neutrality is about classifying ISPs as common carriers. Currently, ISPs like Comcast provide a bundle of services and Title II prevents them from giving priority to, say, their own video-on-demand service over Netflix.

                                  1. 4

                                    And if they’re not conspiring, wouldn’t competition work against any individual would-be ISP censor?

                                    There is hardly competition. If you have two choices, consider yourself lucky because as of June 2015, only 24% had two broadband ISPs. As of June 2016, FCC reports showed three-quarters of the US still lacked high-speed broadband choice.

                                    1. 2

                                      we should be talking about Facebook and Google

                                      Huh, I never considered that angle. They do control the content we see in a much more obvious way.

                                      Also, this article tries to ignore the cost of providing the internet and make it on principle. An article with cold hard numbers (not airy ideals) is an interview with Ajit Pai at http://reason.com/blog/2017/11/21/ajit-pai-net-neutrality-podcast

                                      1. 3

                                        Those whose sensibilities are offended by “airy ideals” are welcome to dive down into the nitty gritty of why Ajit Pai is basically one of the most dishonest people there is in this “debate”.

                                        Here are a few links to support that statement:

                                        1. 2

                                          ignore the cost of providing the internet

                                          U-Haul charges you $n/day, which covers the cost of providing the truck. U-Haul doesn’t charge you more if you fill the truck with your massive MGM DVD collection than if you fill it with furniture. Once you pay for your 402 cubic feet, the capacity is yours to use as you please.

                                          ISPs charge you to access the internet, which covers their cost of providing the internet. ISPs charge Netflix to access the internet, which also covers their cost of providing the internet. Once you and Netflix pay for your GBs, the capacity should be yours to use as you please.

                                          However, the ISPs decided they wanted to charge Netflix for your wanting to access Netflix on the internet which you and Netflix had already paid for. Netflix didn’t want to, so ISPs blocked/throttled access to Netflix… until Netflix paid to stop the bleeding. Net Neutrality stops that bullshit.

                                      1. 5

                                        Ugh… terrible arguments.

                                        For those of us in the US (I’m going to ignore everyone else because I’m unfamiliar with the state of things in other countries) our First Amendment rights protect us from the government making any laws abridging freedom of speech. It’s a restraint on government, not on individuals or corporations. Individuals are free to discriminate based on speech.

                                        Suppose you write a book, in the book your have some things that I find offensive. I’m free to not read your book or write bad reviews about your book because of my dislike for it. Anything less would be an infringement on my First Amendment rights. Now suppose I’m also a bookseller. My store is small but I sell many books. It’s my shop and I decide what to sell. Since I do not like your book I do not carry it. You may be upset with my decision to not carry your book as it will cause you to sell fewer copies. But it’s my store and I may do as I please. You may think my customers would object to me not carry your book, but most do not as they prefer my store because of the selection of books they I know I carry. It’s part of my competitive advantage against larger book stores. I’m still an individual, and choosing what I sell in my store is my First Amendment right, even though it affects my customers.

                                        Net Neutrality is an important issue we need to talk about it. But Net Neutrality is not a free speech issue. It’s not. Period.

                                        Facebook, Google, and Twitter have done far more to manipulate information and censor views they disagree with. Facebook is constantly manipulating our news feeds so we only see a select portion of the posts our friends make. Every month we learn of someone who was banned from Twitter because @Jack and friends decided the users tweets were offensive or hateful. What have ISPs done? Inject a few ads into web pages? Throttle some Netflix? That’s nothing.

                                        1. 12

                                          What have ISPs done?

                                          1. 5

                                            First Amendment rights protect us from the government making any laws abridging freedom of speech. It’s a restraint on government, not on individuals or corporations. Individuals are free to discriminate based on speech.

                                            The First Amendment is a restraint on government AND any individual or business acting on behalf of the government.

                                            A private business that has a mutually beneficial commercial arrangement with the government is acting on behalf of the government.

                                            The federal government aims to provide all universal access to telecommunications and internet services. To this end, the Federal Government created the Universal Service Fund in 1996 to provide telecommunications and internet to all consumers (including schools, libraries, and individuals in rural, low-income, and high-cost regions) at reasonable non-discriminatory prices. This fund is paid for by individual consumers via the “Universal Service Fund” fee/tax on their monthly internet/phone bills. This fee/tax is then distributed from the Federal Government back to the ISPs through Lifeline and other programs.

                                            In other words, ISPs are collecting a tax on behalf of the government, and then using the funds from that tax to, on behalf of the government, provide a service. One can clearly argue this pulls ISPs under the authority of the First Amendment.

                                            1. 3

                                              Ill add to your excellent list my experience when Comcast et al were talking capped plans versus unlimited. The cap was originally way too small. The bigger problem was the system that counted usage was counting mine when nothing was connected. They were either glitching or forging usage data to attempt to force me into buying unlimited plan.

                                              That went into the FCC complaint.

                                              1. 4

                                                Comcast says their trackers were accurate…. but many others had similar complaints about wildly inaccurate readings (e.g. 300GB/day), and being offered the unlimited plan in lieu of an outrageous (inaccurate) bill.

                                              2. 1

                                                All of that predates the FCC’s net neutrality regulations of 2015, so presumably all of that would still be resolved as it was prior to 2015.

                                                1. 6

                                                  In the 90s and early 00s, internet went over the phone lines which were considered Title II common carriers. Nascent broadband was considered an “information service” with more lax rules.

                                                  In 2005, ISPs argued that DSL should be considered an “information service” like broadband, instead of “common carrier” like phone lines. The FCC reclassified DSL and simultaneously laid out four voluntary principles of net neutrality.

                                                  That gets us to the hypothetical you’re talking about:

                                                  presumably all of that would still be resolved as it was prior to 2015

                                                  From 2005-2010, the FCC attempted to enforce net neutrality on the ISPs, which were classified as “information services”.

                                                  Comcast had a drawn-out legal battle over suppressing the Bittorrent protocol, and in 2008 the FCC ruled that Comcast had illegally inhibited Bittorrent activity. Comcast appealed the decision, and the court of appeals struck down the FCC’s ruling, arguing that the rules of net neutrality were not formal enough.

                                                  In 2010, the FCC formalized net neutrality by creating the Open Internet Order of 2010. This was immediately challenged by the ISPs, and Verizon filed suit in 2011. In 2014, the courts ruled in favor of Verizon, stating that the OIO rules could only be applied to Title II common carriers. So the FCC did the next logical step and reclassified broadband ISPs as Title II common carriers in 2015.

                                                  Now Ajit Pai is rolling that back, reclassifying broadband as an information service and completely nullifying any guarantees of net neutrality.

                                                  We can’t just go back to the way things were in 2005, because of the legal precedents which have occurred since then. Since 2014, the FCC cannot enforce net neutrality unless ISPs are considered common carriers.

                                                  1. 2

                                                    Yes exactly. This all happened before FCC’s “Title II” vote in 2015, making it an example of what ISPs do without net neutrality.

                                                    (Perhaps I misunderstand your comment?)

                                                2. 6

                                                  What have ISPs done? Inject a few ads into web pages? Throttle some Netflix? That’s nothing.

                                                  Only because they haven’t been able to get away with much until now.

                                                  The thing is, I don’t want ISPs to be like a bookstore, with editorial discretion over what they allow you to connect to. ISPs ought to be dumb pipes. Especially with so little competition in a given region.

                                                  I do agree that mega-websites have more power than ISPs, and I’m all ears if you have suggestions on how to address that. But it doesn’t mean we should relent on net neutrality.

                                                  1. 2

                                                    I don’t think anybody is disagreeing that net neutrality is incredibly important. But it’s not a First Amendment issue. First Amendment-wise, ISPs are completely free to provide access to any selection of content they want.

                                                  2. 3

                                                    The book store is a good place to start thinking about this issue, as you’re absolutely right when talking about a small shop like that (because there are many other small shops), but that’s not what these ISPs are. These ISPs are giant mega-corporations whose customers number not in the hundreds but in the millions, whose customers often only have one ISP to choose from, and whose actions affect billions. The larger their influence, the greater the damage from them censoring speech, and the more government-like they become.

                                                    If you think killing free speech online is going to help your Facebook, Google and Twitter problems (and not make them 10 times worse), well, you are welcome to kill it and see what happens.

                                                    1. 4

                                                      You don’t foster competition with mega corporations by making the market harder to compete in. You foster competition by lowering the barrier to entry in the market. Primarily by reducing regulations since the overhead of complying with regulation disproportionately effects smaller businesses. With reduced regulations startups can easily differentiate themselves from the big players by offering novel services the big players don’t. Think about how cell phone plans have improved over the years. Data is cheaper than ever, even though it’s much more difficult to deliver data to mobile devices than homes. Carriers are free to differentiate their offerings by pitching things such as free data for music streaming from online services. It’s a net plus for the consumer.

                                                      I don’t like mega-corporations anymore than anyone else, but don’t forget Facebook, Google, and Twitter support Net Neutraility, and they control more of what we see online than any ISPs:

                                                      Largest ISPs by number of customers:

                                                      • Comcast: 25 million
                                                      • Charter: 23 million
                                                      • AT&T: 15 million

                                                      Web services by monthly US users:

                                                      • Facebook: 214 million
                                                      • Google: Wasn’t able to find stats online, Most likely higher than FB
                                                      • Twitter: 69 million

                                                      Now of course each ISP customer represents probably 3-4 users. Even with that factored in FB, Google, and Twitter still have more influence than the top three ISPs. And that’s excluding others like YouTube and Yahoo.

                                                      If you think killing free speech online is going to help your Facebook, Google and Twitter problems (and not make them 10 times worse), well, you are welcome to kill it and see what happens.

                                                      It doesn’t sound like you want to have an honest discussion about this important issue. I’m not going to be responding to any more comments on this thread. Good day.

                                                      sources:

                                                      1. 3

                                                        Data is cheaper than ever, even though it’s much more difficult to delivery data to mobile devices than homes.

                                                        Is it, though? Last-mile wire installation is notoriously problematic. In contrast a wireless tower can cover a large area.

                                                        I’m very excited for satellite internet. Should only be a few more years until it’s widely available…

                                                        1. 2

                                                          Satellite internet access has been sporadically available for decades. It’s super expensive to deploy or repair (hah!) the equipment. Lots of money burned up so far. The latency is awful, and there’s not much to do about it unless you can change the speed of light. Only makes sense in remote areas with low population density. Even there, you’re better off with point-to-point long-distance wifi.

                                                          1. 2

                                                            Yeah the latency with geosynchronous satellites is pretty awful. What I’m looking forward to is low-earth-orbit satellite internet by OneWeb and SpaceX. “OneWeb’s 50Mbps Internet with 30ms latency could hit remotest areas by 2019.”

                                                    1. 1

                                                      Kudos on the new username and post. Maybe consider a new domain too, just a thought.

                                                      1. 3

                                                        So… what’s the plan to deal with expensive transactions? Are they ever going to increase the block size limit, or should we all just switch to Bitcoin Cash?

                                                        1. 3

                                                          lightning.network. “If we all just switch to Bitcoin Cash” would not make anything better. “All switching” would result in high fees on Bitcoin Cash. If they raise the blocksize to handle “all” it would simply be a very expensive version of PayPal, which is silly.

                                                          1. 1

                                                            Isn’t the lightning sidechain not yet ready? Bitcoin fees are going hockey-stick as of 2017, and the blocksize limit appears to be the obvious culprit.

                                                            With 1MB blocks, and six blocks per hour, you can only achieve about half a million transactions per day. Maybe sidechains are the future, but we need a solution to high transaction fees soon. Every other coin’s fees are way lower.

                                                            1. 2

                                                              Your hockey stick plot is outdated. Currently it swings wildly: https://bitinfocharts.com/comparison/bitcoin-transactionfees.html

                                                              If the blocksize limit is the culprit why does it swing so much? It should stay high, no?

                                                              1. 2

                                                                Here’s a chart where you can also see the fee for BCH: https://fork.lol/tx/fee

                                                                Here’s the current fee percentage collected by miners: https://fork.lol/reward/feepct

                                                                The “problem”[1] is that fees are set in token (BTC, BCH, etc) terms. If the token’s value in fiat appreciates, fees get proportionally larger, in a way that’s not always beneficial. So the fee increase is both a reflection of greater network utilization (=more transactions are vying for inclusion in blocks) and that the price of the token has increased dramatically - at least for BTC.

                                                                Because the transaction size of moving $3 worth of BTC isn’t appreciably smaller than moving $3,000,000, small transactions get hit by proportionally larger fees. In a traditional fiat economy, small transactions (whether by cash or checking account or just sending via a mobile) is “subsidized” by the larger economy (or borne by merchants and priced into the products they sell).

                                                                [1] “problem” in quotes because the system is working just as designed. After seigniorage ends fees are going to be the only incentive for miners to keep adding transactions to blocks.

                                                                1. 1

                                                                  That is a better chart, thanks.

                                                                  Volatility aside, transactions are way more expensive than they used to be. One year ago, transactions cost $0.25 apiece. Today they they cost well over $2, often as high as $6, even $9 in August.

                                                                  I’d hypothesize that the average fee rises whenever there’s a backlog of transactions. Higher fees allow you to get higher priority in line. As the backlog diminishes, the fees go down again.

                                                                  A larger block size would have greater maximum throughput, keeping the backlog short. The only downside I see to increasing the block size is that it would require faster internet to keep up to date.

                                                                2. 2

                                                                  Isn’t the lightning sidechain not yet ready?

                                                                  What? Lightning doesn’t have a sidechain. You’re probably thinking of Elements, which … is where the Bitcoin devs play around and experiment with new ideas. Since SegWit’s adoption Lightning is now fully compatible with the main chain.

                                                                  1. 3

                                                                    Oh, lightning allows on-chain scaling? How does that work?

                                                                    1. 0

                                                                      Oh, lightning allows on-chain scaling? How does that work?

                                                                      No. Once you start trolling, I stop taking your questions seriously.

                                                                      1. 3

                                                                        I solemnly swear that I never intentionally troll, on this forum or otherwise. There’s a lot of conflicting information flying around, particularly with all the forks this year.

                                                                        Last year, there was only one Bitcoin chain, and fees were cheap. In 2017 the scaling debate intensified, and as far as I can tell there are basically two sides: “big-blockers” who want on-chain scaling, and those who want off-chain scaling with sidechains, which segwit is supposed to enable.

                                                                        Now, many of the big-blockers got fed up with Bitcoin development, and hard-forked to create Bitcoin Cash. In theory the 8MB blocks would allow it to support over 2 million transactions per day, but it’s hard to test that theory since BCH doesn’t have as many daily transactions as BTC.

                                                                        The canonical BTC project seems strongly against increasing the blocksize for reasons I don’t understand. I expected them to follow the “New York agreement” compromise: implement segwit now, and double the blocksize later. Apparently they’ve reneged on the blocksize doubling.

                                                                        What I don’t understand is, why would anyone want to cripple Bitcoin by limiting it to half a million transactions per day? It’s causing huge backlogs and fee spikes. What is so spooky about 2MB blocks? The paranoid answer is that the blocksize is intentionally being kept small in order to strangle BTC with high fees, or drive people into profiteering sidechains.

                                                                        I don’t know anything about Lightning except that it’s supposed to solve everything and doesn’t exist yet.

                                                                        Edit: I’m reading the link you posted in another comment, and I’m still left confused. The UI says “Lightning payments will be instant, while on-chain Bitcoin transactions will require at least one confirmation”. If lightning isn’t on-chain, doesn’t that mean it’s a sidechain?

                                                                        Edit2: Apparently this confusion (thinking Lightning is a sidechain) is common. https://bitcoin.stackexchange.com/questions/58064/does-a-segwit-based-side-chain-like-the-lightning-network-allow-for-fractional-r

                                                                        1. 0

                                                                          The main thing you are right about is “there’s a lot of conflicting information flying around”, and I can see it’s creating a lot of confusion.

                                                                          To help you understand what’s going on, I would have to spend like an hour with you, based on the reply you’ve just given. I’d be happy to do that … but I couldn’t justify the time given:

                                                                          • You’re probably not going to pay me for it
                                                                          • The core developers have answered your questions very clearly in multiple places across the web, and at this point it is not their fault for not being clear enough, but others fault for not putting in the effort to understand how Bitcoin (and decentralized consensus systems in general) work.

                                                                          So, if you want to pay for an hour of my time, send me a PM. Otherwise, I recommend spending a weekend on the subject.

                                                                          If it helps you get started, here’s what you’re confused about:

                                                                          • “off-chain scaling with sidechains” <- sidechains are on-chain (edit: on another chain)
                                                                          • “The canonical BTC project seems strongly against increasing the blocksize for reasons I don’t understand” <- at least you’re aware of what you don’t know, that’s better than many
                                                                          • “Apparently they’ve reneged on the blocksize doubling” <- they didn’t reneg on anything
                                                                          • “why would anyone want to cripple Bitcoin by limiting it to half a million transactions per day?” <- they are not crippling it, they are protecting it from attack
                                                                          • “The paranoid answer is that the blocksize is intentionally being kept small in order to strangle BTC with high fees, or drive people into profiteering sidechains.” <- just, no.
                                                                          • “I don’t know anything about Lightning except that it’s supposed to solve everything and doesn’t exist yet.” <- apparently you don’t know anything about Lightning, period. It doesn’t take much effort to READ
                                                                          1. 2

                                                                            I can work with a todo-list of topics, thanks :)

                                                                            1. 2

                                                                              Keeping up with blockchain news is harder than clearing out a Skyrim questlog.

                                                                              Here’s a collection of (hopefully correct) things I’ve learned today:

                                                                              • Increased blocksize is one way to scale, but comes with increased bandwidth and storage costs.
                                                                              • Increasing the blocksize above 1MB requires a hard-fork, whereas segwit was implementable with a safer soft-fork.
                                                                              • The terms “on-chain” and “off-chain” are muddled and there’s no real consensus on definitions.
                                                                              • A “sidechain” is a separate blockchain, attached to BTC using a 2-way peg to ensure no fraudulent coins are created, and the value remains stable across chains.
                                                                              • In a sense, sidechains allow off-chain transactions (not part of the main BTC chain), but they are settled on-chain.
                                                                              • Exchanges like Coinbase manage their own books. These are truly off-chain transactions and are not cryptographically secured.
                                                                              • Lightning attempts to provide scaling without using more bandwidth.
                                                                              • Lightning is not a sidechain. It uses conditional payments to tie-up BTC in hubs/channels which support cheap micropayments. It’s a pretty elegant hack.
                                                                              • Lightning does not support credit. You must deposit BTC into a hub before you can spend within that channel.
                                                                              • Lightning’s architecture benefits from large hubs. Too many hops between hubs will likely be prohibitively expensive.

                                                                              Still unclear:

                                                                              • How does limiting BTC’s transactions per day protect it against attack?
                                                                              • People say large blocks give more power to miners. How does that follow?
                                                                              • When will I be able to use Lightning?

                                                                              In short, there is more than one approach to scaling Bitcoin. Blocksize is the obvious approach but 1) requires a hard-fork to implement, and 2) isn’t a long-term solution to the scaling problem.

                                                                              1. 2

                                                                                Since you actually went out and researched stuff on your own (note: not endorsing all of your conclusions, but they’re considerably less problematic now), I will answer your remaining questions:

                                                                                How does limiting BTC’s transactions per day protect it against attack? People say large blocks give more power to miners. How does that follow?

                                                                                Read:

                                                                                When will I be able to use Lightning?

                                                                                Soon, hopefully. Since they’ve got software that they’re testing now on the test net (which you can download and test yourself), I assume it will be out sometime in 2018, but we’ll see.

                                                                                1. 2

                                                                                  For posterity, I found a comment which explains the point well.

                                                                                  [Big blockers] think all they have to do is plug a 10 tb hard drive into their miners and boom, problem solved right? The problem is that you would have to then be capable of validating more memory and it has to be done before the new block comes out. Eventually you will get to 1 gig blocks and for something to process 1 gig per block EVERY 10 minutes would need much more powerful hardware to validate the network. Making the network harder to validate reduces the network’s security and most importantly decentralization.

                                                                                  People are easily fooled because increasing block size instantly relieves congestion in the network and speeds are fast again and fees are low which is what I want too but increasing the block size is no different from a bail out. Its going in the wrong direction. If possible we want to make the 1 mb smaller so more and more devices can validate bitcoin’s network thus making bitcoin’s security indestructible and way more decentralized. Sure this doesn’t relieve pressure to the network but increasing block size is very risky hoping our hardware will keep up and even if it does, that means EVERYONE would have to keep up to reduce centralization, and again you cant just go to your local Best Buy and buy a hard drive, your hardware would have to process all that memory in under ten minutes. 24/7. Eventually this will lead to only a few players being able to validate blocks and boom there’s your 51% attack.

                                                                                  We have no choice to find another solution for the sake of decentralization. The network must become easier to run, not more demanding.

                                                                                  1. 2

                                                                                    Nice find, thanks for sharing that.

                                                                3. 3

                                                                  The “plan” is the Lightning Network, which is completely unlike Bitcoin. It’s presently a two-year-old white paper, a byte-level protocol spec in progress and some sample code.

                                                                  They don’t seem to have anything official documenting how the economics of it are supposed to work or feel from the user or merchant perspective. I’m still trying to make sense of the latter (the devs get very defensive when asked about it), but I’m pretty sure the hub nodes turn into something that’s functionally a bank, and you can get credit (the promise of money being approximately usable as money) out of the system, making it even more unlike Bitcoin. I have no idea why anyone will want to adopt this thing. But I eagerly await more details.

                                                                  1. 0

                                                                    but I’m pretty sure the hub nodes turn into something that’s functionally a bank, and you can get credit (the promise of money being approximately usable as money) out of the system, making it even more unlike Bitcoin.

                                                                    No no no no!

                                                                    Banks own your money.

                                                                    Lightning Network preserves the ownership aspect of Bitcoin. Hubs cannot steal your Bitcoins (without a lot of extreme collusion and very sophisticated network attacks going on).

                                                                    They don’t seem to have anything official documenting how the economics of it are supposed to work or feel from the user or merchant perspective.

                                                                    Yes they do!

                                                                    Here:

                                                                    1. 3

                                                                      Banks own your money.

                                                                      If you make a deposit at a bank, the bank owes you money.

                                                                      Deposits are liabilities, loans are assets from a bank’s perspective.

                                                                      1. 0

                                                                        Yeah, that’s what the banks say. What is said, what is written, what is promised, is quite different from real ownership.

                                                                        In the real world, accounts are frozen, assets are stolen by the custodian, and banks, along with hundreds of companies, track and approve your every purchase. Bitcoin demonstrates the difference between “ownership” and ownership.

                                                                  2. 1

                                                                    Bitcoin Cash for sure

                                                                    1. 2

                                                                      For a “cash” fork, BCH has put no apparent effort into merchant adoption, its supposed use case. Not even the drug market is interested in BCH.

                                                                      1. 1

                                                                        Why not both?

                                                                    1. 23

                                                                      Seems like a good argument against using BSD licenses.

                                                                      1. 7

                                                                        Why? I have more faith in management engine knowing it is minix than some shit that intel wrote themselves.

                                                                        1. 20

                                                                          I suppose the section “Powerful, Reliable Software Can Be Bad” of https://www.gnu.org/philosophy/open-source-misses-the-point.en.html is relevant here :)

                                                                          1. 10

                                                                            If anything, we’d be better off if we found that Intel’s ME was total garbage. It lets an alternative supplier differentiate on more secure software to get some sales. Then, Intel will either try to get people to ignore them with their other advantages, improve the security of their software, or buy the competitor to get their solution. Currently, as license allows, Intel just freeloaded off a bunch of work taxpayers in Europe paid for with some free labor by Tannenbaum et al to solve their problem. The ME stack is still garbage per recent threads.

                                                                            Alternatively, they could’ve just paid a RTOS vendor for a stack. The going rate for those targeting robustness with networking and filesystems was $50,000 OEM last I checked. After they acquired Wind River, they’d have access to highly-reliable OS that’s been used in all kinds of things. Also, a separation kernel (VxWorks MILS) with carefully-crafted networking plus NSA pentesting. So, they do have both paid and free alternatives that are better than Minix 3 if they didn’t prefer freeloading off others’ work to save fifty grand or so on a project that nets them billions. I’m starting to lean back toward GPLing or AGPLing everything with dual-licensing to reduce this. They can pay to remove the copyleft.

                                                                            Edited to change “ripping off” to “freeloading off” as dxtr noted.

                                                                            1. 4

                                                                              If I create something and then give it to you - no strings attached - are you then ripping me off?

                                                                              1. 5

                                                                                Not really. I should’ve said freeloading like parasites. I wonder, though, about what motivates people to freely work for companies under a license that insures mainly the companies benefit versus one where they contribute something back. I originally liked the BSD licenses to increase the amount of high-quality code the companies might be using to make stuff better in general. I’m not so sure we should do that now seeing how (a) that creates bad incentives for the companies to constantly freeload versus GPL/APGL projects and (b) they keep modifying that stuff into insecure or seemingly-malicious software like Intel did.

                                                                                The folks aren’t doing anything great by giving them the code. They’re just helping monopolists and oligopolists further ensure the status quo that damages users, developers, and hobbyists while minimizing their operational costs for benefit of owners or shareholders. They also use their fortunes to pay lobbyists to reduce our rights in areas such as copyright and patent law. That phrasing depicts what actually goes on versus the public good people sold me on long ago with BSD/MIT licenses. I wonder how many BSD/MIT contributors that wanted corporate uptake would stick to it if they saw that as the ultimate goal of their contributions. Also, were told the companies often change the code to defeat its flexibility, reliability, or security benefits.

                                                                                I’m sure plenty would stay in the game but I am curious how many would switch licenses. Also, which would they prefer switching to for balancing widespread uptake and maximizing contributions.

                                                                                1. 4

                                                                                  People use BSD-alikes because their goal isn’t to coerce people into opening their sources, their goal is to make using their software as easy a possible. They’re not working for rewards from future would-be customers, they’re working because they feel some software which does not exist, should.

                                                                                  1. 2

                                                                                    “they’re working because they feel some software which does not exist, should.”

                                                                                    I imagine most building open-source software fit that category. It can be done with copyleft licenses, though, with little impact to most users.

                                                                                    1. 3

                                                                                      Sure, and a subset of those people are interested in keeping their work from people who don’t “deserve it”, but not everybody is - and those who aren’t, usually choose a non-viral license because they want more people using their stuff.

                                                                                      1. 1

                                                                                        That’s true. A good point to make.

                                                                              2. 2

                                                                                If anything, we’d be better off if we found that Intel’s ME was total garbage.

                                                                                Are you implying it’s not?

                                                                                Don’t know about you, but I don’t need an unmodifiable, unremovable, totally compromised operating system running an HTTP server inside my CPU.

                                                                                Never asked for this, wasn’t told by Apple that they were selling me this, and have no plans to buy another computer with it.

                                                                                1. 2

                                                                                  Good luck finding one without it.

                                                                                  1. 1

                                                                                    Possibly can but will be performance hit:

                                                                                    https://news.ycombinator.com/item?id=15646175

                                                                                  2. 1

                                                                                    It’s definitely garbage. I’m setting up something broader than just Intel where I want them to show what their proprietary stuff is worth, users to find out, and a better alternative to potentially show up. Those can be vetted proprietary (eg shared-source) or FOSS.

                                                                                    I could be really wrong but I think AMD is missing a golden opportunity to differentiate on security or trustworthiness of CPU’s like Blackberry and then Apple tried to do in smartphones. Two lines of products, one without management and one with enterprise-controllable version, might push those losses back a little bit esp from foreign sales. They could let third parties of different jurisdictions inspect the management code or its loader since high-performance, legacy-compatible x86 is a patent minefield for competitors anyway. My hypothetical alternatives would have to make some kind of sacrifice in performance, cost, or both. AMD could charge right in.

                                                                                    1. 1

                                                                                      I could be really wrong but I think AMD is missing a golden opportunity to differentiate on security or trustworthiness of CPU

                                                                                      I doubt AMD has a choice in the matter. It really doesn’t make sense for Intel to have it in all their CPUs; in the consumer CPUs where no user will ever use the management engine, it’s just a bunch of extra hardware on the die, wasting space and increasing complexity and cost. The only reason I can think of would be that someone forced their hand, and I can imagine the NSA wouldn’t hate having a backdoor into every single Intel (or AMD) CPU in the world with ring -3 access.

                                                                                      1. 1

                                                                                        They have several, possible benefits to having that enterprise technology in their chips:

                                                                                        1. The functionality for providing security enhancements is the same in each. Enterprise and repair shops also wanted management benefits.

                                                                                        2. The DRM capabilities the entertainment industry wanted and might have paid for.

                                                                                        3. The backdoors the NSA might have demanded or paid for.

                                                                                        4. The common technique for saving on mask costs (millions) by merging I.P. from several use cases into fewer mask layers.

                                                                                        Ok. The original release on Intel’s side was vPro which had all kinds of benefits for enterprises, esp security. The Trusted Computing Group, of which Intel was part, also wanted to use that stuff for DRM for movies and MP3’s. They probably had financial incentives which might likewise be used to make them go more private again. The NSA is an unknown here where they might have promised them something for money or defense contracts. I know the ME’s weren’t mandatory because not all chip vendors that were in the U.S. were building management engines into their CPU’s. They could possibly put their foot down saying they’d take money to 0-day the firmware instead which would let us put in better firmware but NSA still hits most targets.

                                                                                        The last thing on my list is an industry practice to get development costs down. The best example was the hard disks which showed different amounts of storage but had same platters with same amount of space. The platters and components for writing them had a fixed cost. So, they used firmware deception to tier the pricing. Another example in an ASIC from a friend in hardware was him discovering a cellular radio in an embedded peripheral that wasn’t supposed to connect to anything. He said it wasn’t malicious: the company just reused a mobile SoC they sell for a different purpose with different packaging to squeeze more ROI out of existing chip. Aside from these oddities, the main form of reuse is just doing pre-proven blocks of hardware in a certain process node on new projects. Once they wire the first CPU instance to a ME, it was possibly cheaper to just reuse that on each iteration of that instance esp given ME’s were originally small (ARC cores).

                                                                                        So, there’s the overall analysis of what parties and concerns are involved. The amounts they’re currently losing are much bigger than anything Hollywood or NSA paid them. Highest payout I saw for NSA was around $100 million per telecom for access to their national networks. That was something they could use constantly whereas this they’d have to use sparingly. Couldn’t be much more. The trick is, like with Raptor Workstation, how many people would actually pay for a computer without the backdoor, how much extra, and what total revenues to project for AMD? I’m less confident in demand side than I am in supply side.

                                                                                2. 2

                                                                                  Technically, we don’t really know what is in it, since the final result is closed source. Maybe they added a bunch of “shit that Intel wrote themselves”.

                                                                                  1. 1

                                                                                    Just from a personal point of view. I don’t want my software to be used to spy on users without me even being asked about it.

                                                                                  2. 2

                                                                                    Then they would have just used a different OS. MacOS has slowly been ripping all the GPLv3 code out of their OS. That’s why they use an ancient version of GPLv2 bash and manually backport all the security fixes.

                                                                                    1. 1

                                                                                      On the contrary - it shows that anyone can use such software without all the bull$%^& which surrounds, i.e. the GPL. All that he is asking for is simple: Hi, We’re using your software. Cheers, Bye!

                                                                                      1. 11

                                                                                        He spends 1/3rd of the letter asking talking about the fact that someone benefitted from his hard work and he didn’t get any acknowledgement of it. Then he goes and says something like: “I don’t mind, of course, and was not expecting any kind of payment since that is not required.” The whole thing feels and reads regretful to me. I don’t know AST, so don’t really know his personality, or anything, but if I spent 1/3rd of the letter talking like that, I know it’d be because I felt I missed a big opportunity and I’m trying to convince myself that it was fine.

                                                                                        1. 1

                                                                                          If there’s anything that AST might regret is the fact that MINIX hasn’t been released under a permissive license earlier and the fact that Linux and the *BSDs got themselves firmly established.

                                                                                          Him regretting not getting anything back out of it after fighting with the publisher to get the code released under a permissive license? Seriously? ;^)

                                                                                          The way I read the letter is him setting the scene before mentioning that letting him know would have been a polite thing to have done - mentioning that without said background information would have looked a bit weird.

                                                                                          Anyway, if I were the author of said code, I’d merely like to know.

                                                                                        2. 1

                                                                                          Yes, and that’s what I wouldn’t want to happen to my software.

                                                                                      1. 5

                                                                                        I thought this was going to be about how Intel has destroyed world’s computational security, giving random hackers the ability to hack any computer running an Intel processor. Odd that’s not mentioned.

                                                                                        1. -5

                                                                                          about 9/11 conspiracies

                                                                                          I can’t take anyone seriously who doesn’t take physics [1] [2] [3.1] [3.2] [4] [5] [6] seriously, sorry.

                                                                                          Edit: but I definitely agree with the title of the piece!

                                                                                          1. 1

                                                                                            I also propose an “ethics” tag.

                                                                                            Lobsters doesn’t “do” ethics. And if someone upvotes an article about “ethics”, 9 times out of 10 it’s b.s. ethics, and real ethical dilemmas are downvoted.

                                                                                            Way more examples where that came from. This comment, for example, will likely be downvoted.

                                                                                            1. 2

                                                                                              It’s a damn shame. Every profession has ethics except ours. Makes you wonder if we even have a real profession? How many here are members of the ACM for example? I encourage everyone to join.

                                                                                              Computers are humanity’s greatest invention. Tech companies have real power. Ethics are inseparable from technology.

                                                                                              1. 5

                                                                                                I agree that ethics is a very important subject for anyone who works in technology. I don’t know whether discussions about it will be popular here, but I encourage continuing to try.

                                                                                                1. 1

                                                                                                  Recently, see this thread for an example of where that might go on Lobsters:

                                                                                                  https://lobste.rs/s/brudfx/geany_little_sweet_sexy_ide

                                                                                                  I thought I was going to learn about Geany IDE. Instead, the signal-to-noise ratio of Lobsters reverses full throttle to a discussion about whether “sexy” is appropriate with almost no comments about the tech itself. Ethics is closely tied to politics which will turn into these kinds of discussions with lower quality and technical depth than is norm for Lobsters. That’s why I’m for the stuff not being here. Didn’t downvote you since I don’t do that but I’d be fine with a rule about it.

                                                                                                  1. 4

                                                                                                    If I thought the community overwhelmingly wanted a rule that discussion of gender bias in the tech industry shouldn’t happen here… well, I’d probably resign. You’re entitled to that view, but it’s so incredibly disappointing how many people share it. I used to think more of people.

                                                                                                    I appreciate that the topic is highly controversial every time it comes up, but it’s an important topic.

                                                                                                    I don’t agree that it’s always a part of ethics-in-technology discussions, although it does relate.

                                                                                                    1. 2

                                                                                                      re censorship and Lobsters

                                                                                                      Ok. I’ve been quiet too long on this stuff which a lot on other side of politics are pushing their views since there’s no restrictions on them. Gotta get this out. That comment among others is hard to read given I’m already politically censored in practice based on a recent comment from our new admin @pushcx. I owned up to a probable mistake in the larger thread where counterpoints or downvotes made sense. I’m focusing on the still-debatable part where I claim people sometimes misattribute negative events to their minority status that were caused by other things or (rarer) deceptively do this for personal gain. It’s normally called a minority card but race card is a prevalent one.

                                                                                                      I was told the mere idea it exists was insulting and to not say anything like that again. He was at least clear. In that case, his belief seemed to be that nobody who was a minority would ever exaggerate or lie about effect of their minority status for any reason. The implications to that belief are astounding: minorities would be perfectly perceptive and honest in all situations if these subjects were discussed. Human nature’s problems cease to exist only for them. I’ve seen plenty of articles by people in his camp claiming it doesn’t exist or would have no value. “No value” is strange to me with all the lawsuits asking financial rewards, political bullying happening at universities, or people who get fired when a claim happens. It seems claiming minority status was causal is a tool to affect majority members in justified and unjustified ways.

                                                                                                      Down here in the South, the minorities don’t seem to deny it exists (esp older ones). They’re more concerned about what percentage of claims are true versus false, esp where latter claims are highlighted by whites or males to undermine true ones. Most I asked about it were very concerned with that. It happens a lot, too. They also get mad at the few that do it since they undermine the real claims similar to what happens with sexual assault or rape convictions. So, this is a real thing across many topics which we need more data on at a national level. Instead, I’m warned to never discuss it because those minorities’ views are inherently insulting to minorities like them and their experiences are fabricated. Mine, too, with many painful experiences at school or work entirely made up to prop up a myth. Quite a heavy-hitting and direct claim…

                                                                                                      It’s implied that any dissenting view on political topics that doesn’t represent what his political group thinks, which includes high-voted comments I’ve expressed here before, might also be deemed inherently offensive, hate speech, or whatever based on that belief system. What I warned you would happen in prior metas if moderation/admin changes with new politics happened as I predicted. Now, he said I could say something in private message but I’ve never seen anyone with those beliefs 180ing their position. Likely pointless. Should be a meta instead of behind closed doors anyway. I’ve just been quietly observing things since with all the unknowns surrounding what wouldn’t be allowed and with what response. People keep saying things I’d normally counter or qualify a bit but each might be deemed inherently wrong or offensive.

                                                                                                      So, you’re worried about a hypothetical, but plausible, situation where the gender biases you’re concerned about will be censored along with all political discussion. Whereas, mine are censored as any conversation will be a minefield for people like me with people on other side of spectrum allowed to push their views or activism at will with the illusion of consensus due to dissenter suppression. So, I’m done for now with those topics as @pushcx demanded or seemed to. It’s his site, I’m a guest here, and that’s the new rules. I got plenty of practice for it, too, in a black school and redneck areas that censored sometimes violently either white counterpoints about racism or “talking that nerd shit” respectively. Had to walk tight-rope or be silent. Although irritated, I’m not planning to leave a site with great tech submissions, comments, and people over it as my recurring submissions and tech comments show. I’m not all-or-nothing. Hell, I’d miss pushcx’s submissions, too, including some great ones recently like on symbolic execution. Barnacles is great work, too. Gotta try to stay fair and focused on greater good on principle even in this situation.

                                                                                                      re original topic w/ that backdrop

                                                                                                      Far as what you bring up, I was already avoiding it before the site hand-over due to the overall consensus of the site from the meta threads that we’re about low-noise, deep-thinking stuff esp in tech. There were dissenters ranging from those merely interested in people-oriented topics to subset personally affected by things like sexism to political activists that want it front-and-center in every sphere with moderators policing every comment along political dimensions. Based on votes there and on articles, not to mention quality/civility drop in such discussions, I reinforced encouraging that people avoid political stuff in favor of tech at least on this site. Got plenty of places with more readers, esp founders, managers, or politicians, to push solutions to political problems.

                                                                                                      That said, I don’t care either way since (a) a low-volume, link site not being political will have usually have low impact on society, (b) it going political might get me useful information for activism plus maybe impact (surprise me!), and (c) I’ll be censored either way only allowed to listen not speak on some topics or contribute to others in narrow ways. If you or others want, feel free to do another meta here to see if old plus new members want to do politically focused or activist threads. I’m just going to do one Nay on it with no comments unless someone else brings my comments into it. Hopefully keep myself focused on just those. If consensus is yes, someone can modify the Lobsters code to protect anything tagged politics from mob downvotes: it stays at one minimum with removal being manual after a flag. Given @pushcx’s political leanings, what survives will be biased in favor of those or maybe some of threads you want to see since there’s some overlap (eg eliminating bias against minorities). People not wanting to do politics can then filter the politics tag. I’ll read everything people say as usual just to learn if nothing else.

                                                                                                      If it’s a yes, I might also start submitting political stuff that fits Lobsters style and pushcx’s political rules. Might be research that proves the existence of structural biases against non-whites/males, shows advice from them on effectively mitigating or surviving problems, hiring strategies for boosting diversity with minimal impact on morale, research on stuff like blind auditions, well-run projects getting minorities into code/management/government, and so on. I’ll throw my Google Fu at posting good, political submissions with actionable value for readers versus the pile of comments on Geany thread that probably didn’t move more minority contributors into that project. One did take small action but probably not enough to change project’s culture or contributor demographics. As I indicated, I’d be focused on only topics where my views and the permitted views have overlap where the submissions are actionable aka might improve peoples’ lives in real world as opposed to gaining views on social media. Like I do as a unionized employee looking after coworkers daily in a mostly-minority workplace. I’m fine with doing a little more in a new place even with new restrictions. :)

                                                                                                    2. 3

                                                                                                      Ethics is critical to our practice as software engineers, and discussing how the project was presented is part of that. If you want to learn about Geany IDE, we could link the original project site and not one that presents it as “sweet and sexy.”