>It is well known that the Genesis block...contains the message: 'The Times 03/Jan/2009 Chancellor on brink of second bailout for banks'. Presumably this is a political commentary
Actually, it was the way Satoshi showed that he hadn't pre-mined any bitcoins, by using the title of a headline on the same day that he started mining (as there was no way to fake that).
Surely it's both? Embedding a headline is a great way to prove it wasn't generated in advance, but there are thousands of headlines he could have used, and he picked that particular one.
There's a hidden surprise in store for people who think this is a neat trick to ensure their message lasts forever: there's no guarantee it will work.
In future some nodes, probably many, will become "pruning" nodes. That means they'll throw old blocks away and won't be able to serve them anymore. It's a popular misconception that it is technically necessary to store all blocks to run a fully functioning Bitcoin node. So long term storage and serving of the full chain will slowly start to migrate to more specialised archival nodes that have cheap bandwidth and storage to spare. At that point stuffing data into the block chain is not much different to just uploading it to a bunch of servers.
But even those nodes don't have to store your data forever, for two reasons.
Firstly, although being able to reconstruct today's ledger by replaying from day zero is a rather nice feature from an academic perspective, it's not actually necessary for Bitcoin to function. Even if every archival node deleted some old blocks, all that'd mean is you had to start your node from a snapshot of the database taken at the earliest block time and work from there. This means trusting the snapshot in some sense, but if many people have calculated that snapshot and attested to it (especially if they've done so in future blocks!), the practical security difference is quite small. Certainly it wouldn't mean Bitcoin stopped working or anything.
And secondly, as Satoshi described in his original white paper, the way blocks are structured means transactions can be deleted forever and yet the chain can still be replayed, if none of the outputs of those transactions were ever spent. Given that outputs which store only files cannot be spent, it's safe to both delete them from the UTXO set, and delete them from the archived blocks too (such a block would have to be sent using the partial merkle tree format already supported in the protocol). As long as identification of the outputs is reliable/conservative so there's no chance of misidentifying a spendable output as unspendable, you don't even need consensus to do this: just delete the guff from your local database and only serve blocks to nodes that understand partial block downloads, and you're done. Of course it's better if there is consensus, so perhaps some future version of Bitcoin will schedule certain transaction outputs for destruction as part of some other upgrade.
> Even if every archival node deleted some old blocks, all that'd mean is you had to start your node from a snapshot of the database taken at the earliest block time and work from there.
Why would every archival node delete the old blocks? Wouldn't it be prudent for at least a significant minority of nodes to keep copies of the entire blockchain in case there is ever any dispute about the provenance of the snapshot?
> Given that outputs which store only files cannot be spent
Is that a hard requirement? There is no feasible way to encode both a file and a legitimate transaction into the same block?
Bear in mind encoding data into the block chain is a pretty stupid thing to do, practically speaking. No mainstream Bitcoin software/wallets have a file extraction feature, so you end up needing to download a special app designed to download that specific file. At which point, you may as well have just downloaded the file as well. Absence of the special file-downloader-file is proof that you are not willingly engaged in illegal conduct of any kind.
Couldn't a bunch of folks severely interfere with the already-slow processing time for bitcoin transactions by sending large encoded bits in transactions back and forth between a few addresses, making the already-unwieldy bitcoin blockchain (24.1GB and counting in the Windows client) grow even more unwieldy?
According to [1] in the default client there's a fee of 0.0001 BTC per thousand bytes. That's US$0.05 so for a million dollars you could add 20 gigabytes to the blockchain.
Of course, in the default client will also only generate 750,000 bytes per block, and the block rate is about 6 per hour, so the blockchain shouldn't grow by more than 0.1 gigabytes a day. And if it takes 200 days to execute a denial of service attack, people might notice the attack and adjust fees or limits to make the attack more expensive.
With that said, presumably if bitcoin becomes widely used (and appreciates in value) there will be many more transactions (requiring larger block sizes) and the transactions will be much smaller (requiring smaller transaction fees). So if you think you might want to perform a denial of service attack in the future, invest now!
Each bitcoin transaction incurs a small, per-byte fee that makes this expensive. A typical 200-byte transaction fee is around $.01, depending on a variety of factors (coin age, network traffic, which miner finds the block, etc.)
I don't think it's a huge problem. You have to spend BTC to get your message saved.
As Dan Kaminsky once said (after using this technique to create a blockchain memorial for Len Sassaman[1]), "This is the cyber-equivalent of pouring one out for your homies."
Surely that means it effectively does go to the people who incur the cost? Burning some coins increases scarcity, thus increasing the value of all other coins, so it's effectively a donation to everyone who holds bitcoin?
Transaction fees are for miners, but every full node in the network has to store the whole blockchain forever. There are thin clients using SPV, but we need full nodes for the network to function properly and currently there is zero incentive for it.
Aside from helping the network, there is no incentive to run a full Bitcoin node. But it doesn't take much in the way of resources: a few tens of gigabytes of disk space and a few tens of kilobits/sec of bandwidth. (Don't forget to open a port on your router!) I do it for the same reason I give over an extra SSID to openwireless.org, or run a TOR exit node, or seed any file I got from BitTorrent for a while afterwards: it helps the network.
This comment seems to simultaneously assume that Bitcoin will last forever and that Bitcoin can be seriously harmed by a few individuals. These two ideas seem to me to be fundamentally incompatible.
Actually, it was the way Satoshi showed that he hadn't pre-mined any bitcoins, by using the title of a headline on the same day that he started mining (as there was no way to fake that).