Ignoring game theory, it's easy to see how the model of mining being only paid by transaction fees doesn't make sense. After all, mining security is something that benefits all holders of Bitcoin, regardless of whether or not they perform transactions, so surely all Bitcoin holders should be contributing to that security.

How do you do that? Make everyone pay equally. Currently that is how Bitcoin works due to the inflation subsidy. (about ~10% per year right now, leading to a per transaction cost of about $50) Just keeping that subsidy indefinitely at some sane level, say 1%, is perfectly reasonable. There's other options too, but fundamentally people like a free lunch.

-Peter Todd, Bitcoin developer

Regarding binary and source code distribution, there's nothing to fix really - both source and binaries are already protected by X.509 certificates by virtue of being hosted on SSL-using websites: https://www.mail-archive.com/b... Secondly PGP keys are hosted on https://bitcoin.org/ which gives users a manual way to get them securely, verified by X.509. We should check that certificate pinning is being used, and it'd be good to have a second code repo beyond github, but we're in pretty good shape already. I'm willing to call a spade a spade: Mike's loud pronouncement about how this is proof that PGP sucks is trolling.

As for payment authentication, keep in mind I'm a consultant. I act as official Chief Scientist for Mastercoin, and unofficial "chief scientist" for a whole bunch of other projects. My job is to advise other people who are doing the actual work; if I tried to fix everything directly myself I'd be wasting my time. Heck, right now I'm writing an (private) email outlining some ideas on the specifics of OpenPGP/X.509 integration to one of my clients and I expect we'll start to see this stuff get actually implemented in the future. It won't be my code, but I'm happy to have done my part in guiding others building secure systems.

Agreed!

Personally I'm actually kind of excited to see the security requirements for Bitcoin usage and Bitcoin-related development push more developers and users to learn about and understand OpenPGP and the web-of-trust. It's been a real backwater for years now, but there's so much that can be done to improve UI's for understanding how the web-of-trust works and using it. That no-one has made even a simple "mass-and-springs" visualization tool for WoT signatures is sad, yet even something as simple as that would go a long way to helping developers use PGP properly.

Secondly, we have to remember our goal doesn't need to be "get grandma using PGP" - just "get developers using PGP" and "get professionals moving large amounts of money using PGP" is by itself a worthy and very attainable goal. It's totally OK if for low-security-applications like small value Bitcoin payments just outsource trust to centralized certificate authorities. What matters is that for the applications with high security requirements, like large Bitcoin payments and Bitcoin-related software development, have the tools to do the job right without blind single-point-of-failure reliance on any one authority.

Never mind that we don't need to switch to X.509, we can add X.509 certs to OpenPGP.

When you think about it, in the web-of-trust model centralized certificate authorities are just entities that a lot of people happen to trust; there's absolutely nothing stopping us from taking X.509 certs and adding them to OpenPGP keys as just another type of signature and the X.509 certificate providers have no (technical) means of stopping people from doing that.

I've argued before to the Bitcoin community that what we really want is a "best of both worlds" solution where we support centralized certificate authorities via X.509 and OpenPGP for applications with low security needs while maintaining the ability to use the WoT for those applications with higher needs. It's totally OK if average user just uses software that automatically checks the X.509 cert or OpenPGP signature issued by a certificate authority when they download some wallet software or make a payment to someone. Meanwhile advanced users, and particularly developers, can check all the signatures, WoT, certificate authority, whatever, to be sure they have the right software when they're downloading "clean" copies for their Bitcoin exchange, or making high-value payments.

What really amazes me is how people seem to think this is a binary decision, centralized PKI or WoT. It's not at all! Heck lots of organizations already apply the central certificate authority model with OpenPGP - just looks at all the Linux distributions that have master OpenPGP keys to sign packages. That's a certificate authority, but with OpenPGP technology.

Mike Hearn has been lately going on a bit of a war-path trying to push Bitcoin into a model of blind reliance on singular centralized PKI authorities and frankly it's just nuts. He's even gone as far as to strongly advocate that we don't even support multiple X.509 certs for applications, which would at least require an attacker to compromise more than one certificate authority. This is particularly crazy when at the same time he has advocated that websites, e.g. bitcointalk, reddit, slashdot, etc. sign cryptographic certificates linking usernames to identities. The idea here is if I want to pay "IamTheRealMike" my wallet software could have, say, slashdot's certificate pre-loaded and trusted, and then I'd tell it to give the funds to that username. But why would I do that? I want to pay Mike Hearn. I happen to know he's "IamTheRealMike" on slashdot.org, and "Mike Hearn" on bitcointalk, so obviously if it's a non-trivial sum of money I'd want to be able to check that both sites have stated that they're the same person, and maybe I'll check WoT too, and, say, his countries passport office. It just makes so much sense to give people options like that, but we're rather mysteriously seeing resistance. If anything, I think it's kinda insulting to the professionals in this space, both developers and finance people, to tell them "We're all too stupid to learn about anything more complex than trusting the magic green checkbox". If I was running a big Bitcoin-related business I sure as hell would want more assurance than that; when I'm writing software used by others I sure as hell want more assurance than that.

Anyway, in the OpenPGP world I'm really excited to see KeyBase pop up. It's not perfect - the functionality probably should have been just an add-on to OpenPGP rather than a website - but it's a great step in the right direction of giving flexibility and user-friendlyness to the WoT. It also works great as a local application, so if you choose to you aren't relying on their website/service for the guarantees it provides.

Provided that atmospheric pressure works the fact that helium leaks is irrelevant: helium leaks into the harddrive just as easily as it leaks out of the harddrive. All you have to do is make sure that the harddrive is leak-tight for everything but helium - fortunately this is pretty easy to do as helium is the only gas that leaks as easily as it.

If you don't practice manual landings you won't be able to manual land in severe weather.

He's talking about O(n^2) space, not propagation time.

Sigh, I was hoping that guy had remembered enough of my posts to quote my rebuttal to that argument - I guess I'll have to add the link myself.

Keep in mind that for Bitcoin the individuals like you running tiny little mining setups that might not be actually profitable as a fun hobby are a very good thing. Bitcoin needs mining power to be as well distributed as possible to make it difficult to co-opt, so the hundreds or maybe even thousands of individuals like you help that goal. However, it's helped best if you actually validate your blocks properly, and that means mining with P2Pool right now.

Bitcoin is lucky that the costs to mine for a small rig, on a $/hash/sec basis, are probably actually less than larger setups because on a small enough scale you can ignore cooling issues and often ignore power issues too. (heating in the winter or free power) There is overhead of course, you have to setup your mining rig, but that's often written off as a fun hobby.

How is the equipment that handles the FOUPs assembled? I assume in a cleanroom, or is in-situ cleaning good enough that you can still do maintenance in a class 10,000 room then after maintenance clean the tool to the required class 10 standards?

This article refers to a different incident where Google was explicitly blocked prior to a leadership change in China. The Pakistan routing screw up is completely different.

Case in point: Antarctica Journal of Mathematics.