1 2012-02-04 00:08:11 chrisb__ has quit (Remote host closed the connection)
2 2012-02-04 00:10:10 theorb has joined
3 2012-02-04 00:10:31 theorbtwo has quit (Ping timeout: 252 seconds)
4 2012-02-04 00:10:38 theorb is now known as theorbtwo
5 2012-02-04 00:11:08 splatster has quit (Quit: Linkinus - http://linkinus.com)
6 2012-02-04 00:11:34 splatster has joined
7 2012-02-04 00:12:13 scraches has quit (Quit: scraches)
8 2012-02-04 00:17:13 btc_novice has quit (Read error: Connection reset by peer)
9 2012-02-04 00:20:29 <shargs> cocaina
10 2012-02-04 00:22:32 booo has joined
11 2012-02-04 00:22:48 copumpkin has joined
12 2012-02-04 00:25:31 <BlueMatt> you mean cocaine?
13 2012-02-04 00:27:21 JRWR has joined
14 2012-02-04 00:34:54 <midnightmagic> is there another easy way aside from "cutter" to manually break a tcp connection?
15 2012-02-04 00:35:31 <midnightmagic> (without killing any processes)
16 2012-02-04 00:36:21 <BlueMatt> anything that can inject an rst
17 2012-02-04 00:36:27 <BlueMatt> or you could throw in a nice iptables rule
18 2012-02-04 00:37:00 <midnightmagic> hrm, someone suggested pfctl -k might do it too, at the router level.
19 2012-02-04 00:37:04 <XMPPwocky> midnightmagic: ettercap?
20 2012-02-04 00:37:27 <XMPPwocky> here's what I've got for bitkit so far:
21 2012-02-04 00:37:29 <XMPPwocky> http://xmppwocky.net/bitkit/.git
22 2012-02-04 00:37:41 <cjd> ngrep -K
23 2012-02-04 00:37:51 <XMPPwocky> can parse version, verack, inv, addr, getinfo, getblocks,
24 2012-02-04 00:38:04 <XMPPwocky> and with a few lines of code can build and manipulate them
25 2012-02-04 00:38:25 <XMPPwocky> and that's just the protocol module :P
26 2012-02-04 00:39:04 <midnightmagic> cjd: Ah! That's better, thanks. That manpage also suggests tcpkill. That's much closer to what I was looking for than the pfctl one. Perfect.
27 2012-02-04 00:40:23 <BlueMatt> what library does blockchain.info use again?
28 2012-02-04 00:43:08 cdecker has quit (Ping timeout: 240 seconds)
29 2012-02-04 00:48:35 splatster has quit (Quit: Be back in a half hour, I hope)
30 2012-02-04 00:51:54 <shargs> dunno
31 2012-02-04 00:51:59 <shargs> probably a hacked bitcoind
32 2012-02-04 00:58:38 <XMPPwocky> just added the builder
33 2012-02-04 00:58:57 b4epoche has quit (Read error: Operation timed out)
34 2012-02-04 00:59:11 b4epoche has joined
35 2012-02-04 01:02:28 RazielZ has quit (Quit: Leaving)
36 2012-02-04 01:05:27 denisx has quit (Quit: denisx)
37 2012-02-04 01:07:20 graingert has joined
38 2012-02-04 01:08:56 BurtyB has quit (Quit: Leaving)
39 2012-02-04 01:11:35 splatster has joined
40 2012-02-04 01:19:55 user__ has joined
41 2012-02-04 01:20:46 maqr has joined
42 2012-02-04 01:24:13 <Ferroh> There are checkpoints in the blockchain that prevent you from adding blocks before a certain point in time, correct?
43 2012-02-04 01:24:43 <Ferroh> How often do these checkpoints occur?
44 2012-02-04 01:25:44 <Ferroh> They are hardcoded iirc so how many checkpoints are there?
45 2012-02-04 01:25:53 <gmaxwell> Use the source, luke.
46 2012-02-04 01:26:11 <Ferroh> Well, are there more than 10?
47 2012-02-04 01:26:26 <Ferroh> yes i could use the source grumble grumble
48 2012-02-04 01:26:32 <gmaxwell> There are 9 now.
49 2012-02-04 01:26:38 <gmaxwell> I guess 10 if you count block 0.
50 2012-02-04 01:26:38 <Ferroh> ok thanks :)
51 2012-02-04 01:27:01 <shargs> https://github.com/bitcoin/bitcoin/blob/master/src/checkpoints.cpp
52 2012-02-04 01:27:03 <vsrinivas> Ferroh: its not difficult actually -- see checkpoints.cpp is src.
53 2012-02-04 01:27:55 <gmaxwell> freewil: they prevent some silly dos attacks and prevent a network isolated node (that got a good copy of the source) from being fed a fake chain.
54 2012-02-04 01:31:05 Zarutian has quit (Quit: Zarutian)
55 2012-02-04 01:31:33 paraipan has joined
56 2012-02-04 01:31:50 TD has joined
57 2012-02-04 01:32:57 graingert has quit (Read error: Connection reset by peer)
58 2012-02-04 01:34:43 SomeoneWeirdzzzz is now known as SomeoneWeird
59 2012-02-04 01:36:53 ForceMajeure has quit (Read error: Connection reset by peer)
60 2012-02-04 01:37:30 TD has quit (Quit: TD)
61 2012-02-04 01:40:03 graingert has joined
62 2012-02-04 01:42:25 Mqrius has joined
63 2012-02-04 01:43:28 Mqrius has left ()
64 2012-02-04 01:44:35 graingert has quit (Read error: Connection reset by peer)
65 2012-02-04 01:47:41 ForceMajeure has joined
66 2012-02-04 01:47:59 Mqrius has joined
67 2012-02-04 01:48:07 ForceMajeure is now known as Guest42036
68 2012-02-04 01:48:18 paraipan has quit (Quit: Saliendo)
69 2012-02-04 01:48:45 <Mqrius> Wtf? Is sending an RPC that doesn't exist supposed to crash bitcoin?
70 2012-02-04 01:50:04 graingert has joined
71 2012-02-04 01:50:27 <gmaxwell> Mqrius: what answer are you expecting there?
72 2012-02-04 01:50:40 <gmaxwell> "Oh, yes, Mqriusâ it's a security feature you see..."
73 2012-02-04 01:51:08 <gmaxwell> Doesn't crash it for meâ have a reproduction?
74 2012-02-04 01:51:21 <Mqrius> Well, I don't use RPC often, so I was wondering if this was normal. Personally I would expect it to just return an error or something, instead of crash.
75 2012-02-04 01:51:29 <Mqrius> So, I'm wondering if that's normal or not
76 2012-02-04 01:51:36 <gmaxwell> bitcoind dslfsdk
77 2012-02-04 01:51:36 <gmaxwell> error: {"code":-32601,"message":"Method not found"}
78 2012-02-04 01:52:19 <Mqrius> I'm using bitcoin client 0.5.0.1-beta on windows, with python as rpc, and tried the command service.getblocks()
79 2012-02-04 01:52:19 <copumpkin> Mqrius: perhaps you overflowed a nice buffer in your message ;)
80 2012-02-04 01:53:49 <gmaxwell> Mqrius: any idea what RPC getblocks calls?
81 2012-02-04 01:54:17 <Mqrius> It doesn't exist, or at least according to the wiki. (I was looking for the function getblockcount)
82 2012-02-04 01:54:26 paraipan has joined
83 2012-02-04 01:54:50 <gmaxwell> Mqrius: and bitcoin itself crashed?
84 2012-02-04 01:55:21 <Mqrius> Yeah. The GUI, but that has bitcoind integrated in it in windows if I understand it correctly.
85 2012-02-04 01:56:31 <gmaxwell> yes, if you enable it.
86 2012-02-04 01:56:49 <gmaxwell> can you try again and see if it happens every time?
87 2012-02-04 01:57:33 <Mqrius> gmaxwell: Yes, happens every time, also for different (nonexistant) commands
88 2012-02-04 01:59:14 Turingi has quit (Read error: Connection reset by peer)
89 2012-02-04 01:59:35 <gmaxwell> where is the python rpc library you're using?
90 2012-02-04 01:59:44 splatster has quit (Quit: Out for an hour or more)
91 2012-02-04 02:00:19 <Mqrius> It's the default, python-jsonrpc
92 2012-02-04 02:00:49 <Mqrius> It's built-in if I'm not mistaken.
93 2012-02-04 02:01:03 <Mqrius> (Python v2.7 btw)
94 2012-02-04 02:01:58 osmosis has quit (Ping timeout: 240 seconds)
95 2012-02-04 02:05:20 <gmaxwell> Mqrius: hmph. no crash here.
96 2012-02-04 02:05:29 <gmaxwell> In [4]: access.getblocks()
97 2012-02-04 02:05:29 <gmaxwell> ---------------------------------------------------------------------------
98 2012-02-04 02:05:29 <gmaxwell> JSONRPCException Traceback (most recent call last)
99 2012-02-04 02:05:39 <gmaxwell> In [5]: access.getinfo()
100 2012-02-04 02:05:39 <gmaxwell> Out[5]:
101 2012-02-04 02:05:39 <gmaxwell> {'balance':
102 2012-02-04 02:06:09 Nicksasa has quit (Ping timeout: 248 seconds)
103 2012-02-04 02:06:18 <Mqrius> Strange.
104 2012-02-04 02:06:20 <gmaxwell> perhaps its .5.0 specific, windows specific, or -qt specific. :-/
105 2012-02-04 02:06:27 <Mqrius> Yeah, I guess
106 2012-02-04 02:06:41 <Mqrius> I'll just not use non-existant commands then :)
107 2012-02-04 02:07:10 <gmaxwell> well... hopefully someone who is configured more like you than I am will test and wee which of those reasons it is.
108 2012-02-04 02:11:16 <Mqrius> Fair enough.
109 2012-02-04 02:17:08 <Mqrius> Nice, my new-block-beeper is working :)
110 2012-02-04 02:19:56 <Mqrius> *beep*
111 2012-02-04 02:23:47 <gmaxwell> hmp I would have just read the log file rather than the rpc.
112 2012-02-04 02:25:30 Cablesaurus has quit (Quit: On the other hand, you have different fingers.)
113 2012-02-04 02:26:06 user__ has quit (Quit: Leaving)
114 2012-02-04 02:28:20 <Mqrius> Hmm, it's just very simple and short to get the number of blocks directly. I'd have to look into what is logged etc otherwise, and also you can't monitor a file for changes on windows afaik
115 2012-02-04 02:30:14 echolabia has joined
116 2012-02-04 02:34:38 <roconnor> are orphan transactions relayed?
117 2012-02-04 02:34:44 <roconnor> in the standard client?
118 2012-02-04 02:35:44 booo has quit (Ping timeout: 252 seconds)
119 2012-02-04 02:36:23 <gmaxwell> No.
120 2012-02-04 02:39:16 <echolabia> I downloaded Bitcoin yesterday, and my internet unexpectedly cut out when I had almost completed "catching up" on the blockchain. Now I have "0 active connections to the bitcoin network," and the blockchain is still incomplete. Is it possible to restart my connection to the network?
121 2012-02-04 02:40:13 <gmaxwell> echolabia: sure. it'll reconnect on its own.
122 2012-02-04 02:40:31 <roconnor> gmaxwell: I think the bitcoin 0.4.0 client is relaying my transaction that tries to spend my unsendable duplicated coinbase.
123 2012-02-04 02:40:36 <gmaxwell> (and it will resume exactly where it was)
124 2012-02-04 02:40:59 <roconnor> gmaxwell: given that the long says it got a bunch of getdata requests for it.
125 2012-02-04 02:41:02 <roconnor> *log
126 2012-02-04 02:41:20 <echolabia> gmaxwell: that's what I thought: it's just been a while and still no active connections. Guess I'll be patient! Thanks for the help.
127 2012-02-04 02:42:10 <gmaxwell> echolabia: if you restart it it should connect again instantly. but if it's not doing it on its own it a bit .. sounds like a bug.
128 2012-02-04 02:42:23 <gmaxwell> roconnor: hm.
129 2012-02-04 02:42:24 <roconnor> gmaxwell: oh and it also appears in the old gui ... and it has one confirmation ??
130 2012-02-04 02:42:49 <roconnor> WTF
131 2012-02-04 02:43:28 <gmaxwell> I don't quite follow what you're testing. You have a duplicate coinbase. And you think you've spent it twice?
132 2012-02-04 02:43:50 <roconnor> I made a coin base
133 2012-02-04 02:43:52 <roconnor> spent it
134 2012-02-04 02:43:54 <roconnor> made it again
135 2012-02-04 02:44:05 <roconnor> and now I'm trying to spend the duplicated one
136 2012-02-04 02:44:33 <gmaxwell> the node will always relay its own transactions even if they are unspendable gibberish.
137 2012-02-04 02:45:31 <roconnor> my client is upto 45654 blocks ... now my transaction has 2 confirmations ... blockexporer is refusing to show block 45653
138 2012-02-04 02:45:40 <roconnor> but does show block 45654
139 2012-02-04 02:45:48 <roconnor> http://blockexplorer.com/testnet
140 2012-02-04 02:45:49 <roconnor> check it
141 2012-02-04 02:45:52 <roconnor> out
142 2012-02-04 02:46:06 <roconnor> ... I think the idea that you cannot spend a duplicate coinbase is a lie
143 2012-02-04 02:46:25 <roconnor> though blockexplorer is very unhappy about it
144 2012-02-04 02:46:35 <gmaxwell> So spend it again?
145 2012-02-04 02:46:42 <roconnor> gmaxwell: you want it?
146 2012-02-04 02:46:45 <gmaxwell> I mean, if you can spend it twice why not 200 times?
147 2012-02-04 02:47:01 <roconnor> gmaxwell: well presumably I will have to duplicate it again
148 2012-02-04 02:47:08 <roconnor> this is not a double spend
149 2012-02-04 02:47:30 <gmaxwell> I wonder which one it spent first.
150 2012-02-04 02:47:36 <roconnor> it is a ligitmate transaction that happens to have exactly the same has as a previous spent transaction.
151 2012-02-04 02:47:44 <roconnor> gmaxwell: I spent the original coinbase first
152 2012-02-04 02:47:58 <roconnor> before I mined the duplicate coinbase.
153 2012-02-04 02:48:02 <gmaxwell> ah.
154 2012-02-04 02:49:05 <roconnor> so I claim that mining a coinbase and spending it and remining it and spending it again is legal.
155 2012-02-04 02:49:07 <gmaxwell> I wonder what would happen if you duplicated a coinbase and in the duplicate block spent the first one?
156 2012-02-04 02:49:15 <roconnor> arguably the spend spend isn't spending it again.
157 2012-02-04 02:49:29 <roconnor> but spending a new coin that has an indentical name
158 2012-02-04 02:49:44 <roconnor> gmaxwell: that would be the next test
159 2012-02-04 02:50:08 hexTech has quit (Remote host closed the connection)
160 2012-02-04 02:50:26 <roconnor> but I guess it would be like doing a duplicate coinbase, there can only be one unspendable coin at a time; however ...
161 2012-02-04 02:51:11 <gmaxwell> or one after .. when it .. really would get killed by the maturity check.
162 2012-02-04 02:51:15 <roconnor> gmaxwell: still, I wonder if this can be turned into some sort of double spend attack involving an innocent block reorg.
163 2012-02-04 02:52:18 <roconnor> theymos: I broker the BBE on testnet!
164 2012-02-04 02:52:21 <roconnor> *broke
165 2012-02-04 02:52:29 <roconnor> where is theymos when you need him :P
166 2012-02-04 02:53:29 <gmaxwell> so.. yea.. mine, spend, dupemine, spenddupe .. reorg removing the dupemine.. will spend dupe get reinserted? I don't think so, remember how that works.
167 2012-02-04 02:54:17 <roconnor> gmaxwell: removing the dupemine is too hard ... at least I think
168 2012-02-04 02:54:27 <roconnor> I waited 100 blocks before trying to spenddupe
169 2012-02-04 02:54:33 <roconnor> I should have tried earlier
170 2012-02-04 02:55:32 <roconnor> gmaxwell: I was thinking mine spend spend2; dupemine, spenddupe, prepare spenddupe2 ??? profit
171 2012-02-04 02:58:48 <gmaxwell> oh.. so using it to bypass the maturity check
172 2012-02-04 02:59:00 <roconnor> ya
173 2012-02-04 02:59:09 <roconnor> but there are some details that need filling in
174 2012-02-04 02:59:14 <roconnor> around the ??? part
175 2012-02-04 02:59:45 Guest42036 is now known as ForceMajeure
176 2012-02-04 02:59:49 <gmaxwell> yea, though if so thats not too terrible at least..
177 2012-02-04 03:01:26 <roconnor> how do I leave a message for theymos that I blew up block 45653 on testnet?
178 2012-02-04 03:02:25 <roconnor> gmaxwell: ??? might involve non-merchant databases.
179 2012-02-04 03:02:44 <roconnor> that are assuming that transactions ID are unique.
180 2012-02-04 03:03:59 echolabia has quit (Quit: Page closed)
181 2012-02-04 03:05:46 <shargs> vuvuzela
182 2012-02-04 03:06:57 <roconnor> man, I put a 25 TBTC transaction fee on that since I didn't think the transaction was valid. :D
183 2012-02-04 03:08:56 Cablesaurus has joined
184 2012-02-04 03:09:00 Cablesaurus has quit (Changing host)
185 2012-02-04 03:09:00 Cablesaurus has joined
186 2012-02-04 03:12:45 <roconnor> gmaxwell: setup transactions 0A , AB, BC, 0A, AB, then place (CD, BC, CE) in a block, the reoginaize by replacing that block with (BC, CD) which makes CE supposedly unspendable.
187 2012-02-04 03:13:10 <roconnor> gmaxwell: XY is a transaction consuming coin X and producing coin Y.
188 2012-02-04 03:13:10 theymos has joined
189 2012-02-04 03:13:23 <theymos> roconnor: What'd you do to cause a block to go missing from BBE testnet?
190 2012-02-04 03:13:24 <roconnor> gmaxwell: 0X is a coinbase transaction producing a coin with hash X.
191 2012-02-04 03:13:53 <roconnor> theymos: I made a coinbase transaciton, spent it, remade a coinbase that has the same ID, and spent that.
192 2012-02-04 03:13:53 <gmaxwell> the bigger area of concern for me in this space is if you can make a sequence that nodes who see the reorg accept but nodes who just go from history reject.
193 2012-02-04 03:14:17 <roconnor> theymos: the block cointaing that last spend is missing.
194 2012-02-04 03:15:49 <roconnor> gmaxwell: it is things like this that make me wonder why anyone would put there life savings into bitcoin. :D
195 2012-02-04 03:16:46 <roconnor> on the bright side, I think my Haskell implementation isn't broken after all
196 2012-02-04 03:17:03 <gmaxwell> roconnor: if you look far enough you'll find people who put their life savings into beanybabies.
197 2012-02-04 03:17:24 <roconnor> gmaxwell: seems wiser than bitcoins :D
198 2012-02-04 03:17:52 jamescarr has joined
199 2012-02-04 03:18:30 <gmaxwell> roconnor: you're expressing a lot of confidence about all the non-technical reasons doing that would be a terribly stupid idea by suggesting possible brokenness here is a big factor! :)
200 2012-02-04 03:19:23 <roconnor> gmaxwell: not this specific issue, but I think it is representative of the general quality of the bitcoin core protocol. anyhow, I didn't mean to start an argument about this.
201 2012-02-04 03:19:57 <roconnor> there is a tricky issue in what happens with duplicate coinbase transactions that are mined within the 100 block vesting period.
202 2012-02-04 03:20:07 <roconnor> my haskell implemenation might get it wrong.
203 2012-02-04 03:20:15 <gmaxwell> roconnor: oh, I didn't intend to argue. Sorry!
204 2012-02-04 03:20:27 <roconnor> oh good
205 2012-02-04 03:20:33 Mango-chan has quit (Read error: Connection reset by peer)
206 2012-02-04 03:20:42 Mango-chan has joined
207 2012-02-04 03:20:42 Mango-chan has quit (Changing host)
208 2012-02-04 03:20:42 Mango-chan has joined
209 2012-02-04 03:21:01 <roconnor> for example I think my implementation my accept the follow:
210 2012-02-04 03:21:37 <roconnor> mine a coin base, 70 blocks later mine it again, 30 blocks later spend the first coinbase, 30 blocks later spend the second coinbase
211 2012-02-04 03:21:38 <theymos> Duplicate transactions should just be rejected IMO.
212 2012-02-04 03:22:20 <roconnor> theymos: that would require remembering the hash of every coinbase ... probably reasonable.
213 2012-02-04 03:22:26 <luke-jr> O.o
214 2012-02-04 03:22:36 <luke-jr> or just having a hash table of them
215 2012-02-04 03:22:51 <roconnor> luke-jr: how is that different?
216 2012-02-04 03:23:14 <luke-jr> hash table uses less RAM? :P
217 2012-02-04 03:23:31 <roconnor> hash tables solve everything!!
218 2012-02-04 03:23:54 <gmaxwell> ESPECIALLY IF DISTRIBUTED!?!?!!
219 2012-02-04 03:24:09 TheSeven has quit (Disconnected by services)
220 2012-02-04 03:24:24 [7] has joined
221 2012-02-04 03:26:31 <roconnor> gmaxwell: I don't suppose there is an easy way to figure out the details of what is and is not valid in this corner case?
222 2012-02-04 03:26:56 <roconnor> getting it wrong in my client could cause a chain fork.
223 2012-02-04 03:28:41 <graingert> !google hashdos
224 2012-02-04 03:28:41 <gribble> HashDoS - Twitter: <http://twitter.com/hashdos>; Large percentage of websites vulnerable to HashDoS denial of ...: <http://nakedsecurity.sophos.com/2011/12/28/large-percentage-of-websites-vulnerable-to-hashdos-denial-of-service-attack/>; Effective DoS attacks against Web Application Plattforms â #hashDoS: <http://cryptanalysis.eu/blog/2011/12/28/effective-dos-attacks-against-web- (1 more message)
225 2012-02-04 03:30:16 <graingert> luke-jr: if you're making a serious suggestion, a hash table of hashes
226 2012-02-04 03:30:40 <luke-jr> sounds good then
227 2012-02-04 03:30:43 <luke-jr> DHT of transaction ids
228 2012-02-04 03:31:41 splatster has joined
229 2012-02-04 03:34:28 <roconnor> I guess armory is broken too
230 2012-02-04 03:36:07 eoss has joined
231 2012-02-04 03:36:07 eoss has quit (Changing host)
232 2012-02-04 03:36:07 eoss has joined
233 2012-02-04 03:38:11 jamescarr has quit (Ping timeout: 252 seconds)
234 2012-02-04 03:39:57 <theymos> roconnor: I figured out how you broke BBE testnet. There is an SQL constraint preventing outputs from being spent twice, and your weird transaction failed the constraint. Did you actually spend a tx twice from some point of view, or is BBE totally imagining this?
235 2012-02-04 03:40:18 <roconnor> theymos: I did spend a tx twice from some point of view
236 2012-02-04 03:42:35 <theymos> Why did the network not reject the second transaction?
237 2012-02-04 03:43:13 <roconnor> theymos: because the first tx was already spend, and so when I made the same coinbase again it was spendable.
238 2012-02-04 03:45:14 Rabbit67890 has joined
239 2012-02-04 03:46:49 <roconnor> theymos: this is going to be a pain for you to fix I imagine.
240 2012-02-04 03:46:57 JRWR has quit (Remote host closed the connection)
241 2012-02-04 03:47:54 MrTiggr has joined
242 2012-02-04 03:48:42 <theymos> Probably I can just remove the constraint, but I want to understand why this was allowed. So you created a coinbase, spent it, created a duplicate coinbase, and spent that? My understanding was that Bitcoin would essentially ignore the second coinbase.
243 2012-02-04 03:48:58 <roconnor> theymos: That is what I did
244 2012-02-04 03:49:11 <roconnor> theymos: hey, what do you expect for an undocumented protcol.
245 2012-02-04 03:49:34 <roconnor> fine, ... losely documented protocol.
246 2012-02-04 03:49:39 <luke-jr> lol
247 2012-02-04 03:51:28 <theymos> Bitcoin marks outputs in the first transaction as unspent when it receives the duplicate coinbase?
248 2012-02-04 03:51:53 Rabbit67890 has quit (Remote host closed the connection)
249 2012-02-04 03:51:58 <luke-jr> theymos: my guess would be it replaces the first txn with the 2nd
250 2012-02-04 03:52:02 <roconnor> theymos: what do you mean by first transaction?
251 2012-02-04 03:52:12 <theymos> The first coinbase that is later duplicated.
252 2012-02-04 03:52:18 Rabbit67890 has joined
253 2012-02-04 03:53:36 <roconnor> in my example, I presume, the first coinbase output is marked as spent when it is spend and then from that point on it is as if the first coinbase never existed.
254 2012-02-04 03:53:52 Cablesaurus has quit (Quit: If you think nobody cares, try missing a few payments)
255 2012-02-04 03:54:00 <roconnor> oh god, what happens when I spend one of two coinbase outputs and then duplicate the coinbase.
256 2012-02-04 03:54:05 <roconnor> it boggles my mind.
257 2012-02-04 03:54:22 <roconnor> theymos: there are about a billion variations that I have no idea what happens.
258 2012-02-04 03:55:12 <luke-jr> I suspect the first coinbase txn simply become inaccessible
259 2012-02-04 03:55:12 <theymos> There were already known attacks due to duplicate coinbases, but I was unaware of this behavior and it's very worrying. Previously I thought that Bitcoin would treat the duplicate coinbase as just a "reference" to the original one. Overwriting it is much worse.
260 2012-02-04 03:55:48 <josephcp> i think only the first one gets spent, the second is ignored
261 2012-02-04 03:55:48 <josephcp> as if it never existed
262 2012-02-04 03:56:08 BLZNGPNGN has joined
263 2012-02-04 03:56:48 <roconnor> my implementation overwrites the old coinbase ... but I guess that doesn't really say much about the reference implementation.
264 2012-02-04 03:57:21 <roconnor> theymos: what were the known attacks and how were they fixed?
265 2012-02-04 03:57:31 <josephcp> hrmmm
266 2012-02-04 03:58:15 <josephcp> do you have the tx hash in testnet?
267 2012-02-04 03:58:59 <roconnor> josephcp: the coinbase is a1d7c19f72ce5b24a1001bf9c5452babed6734eaa478642379f8c702a46d5e27
268 2012-02-04 03:59:16 <roconnor> the first spend is 0018417e23c7ad94c62e3dbcd571df2fb23f29ba375ffb5709701e9812ee8286
269 2012-02-04 03:59:18 <josephcp> the second spend?
270 2012-02-04 03:59:34 <roconnor> the second spend is fae8bfd6a2d98294416d8d280d3637682e87ad71e0dfc6b8b20804263067c42d
271 2012-02-04 03:59:35 <josephcp> ok thnks
272 2012-02-04 04:00:45 <theymos> roconnor: It wasn't fixed. Gavin's message from bitcoin-security: http://pastebin.com/jYyzBcrz
273 2012-02-04 04:01:45 paul0 has joined
274 2012-02-04 04:01:49 Rabbit67890 has quit (Remote host closed the connection)
275 2012-02-04 04:01:56 <luke-jr> theymos: where is the subscribe for that?
276 2012-02-04 04:02:02 <theymos> It's private.
277 2012-02-04 04:02:03 <roconnor> theymos: this seems to indicate you don't need to do the attack on coinbases, and bipass the 100 transaction requirement there
278 2012-02-04 04:02:10 <luke-jr> theymos: I should be on it :p
279 2012-02-04 04:02:32 <roconnor> theymos: I'm not yet convinced it is any worse than a typical 1-confirmation attack.
280 2012-02-04 04:02:38 <roconnor> theymos: but it is very worrying
281 2012-02-04 04:02:43 <roconnor> I don't know the full implications.
282 2012-02-04 04:03:06 <josephcp> either way being able to spend it twice seems bad in and of itself
283 2012-02-04 04:03:15 <theymos> Yeah, I'm really bothered by this strange behavior. It'd be best to just reject duplicates and not worry about it.
284 2012-02-04 04:03:23 <luke-jr> theymos: that's more damaging that what you posted suggests
285 2012-02-04 04:03:25 <josephcp> because modeling the schema is wrong as hell
286 2012-02-04 04:03:35 <josephcp> you have duplicate primary keys
287 2012-02-04 04:03:36 Rabbit67890 has joined
288 2012-02-04 04:03:40 Rabbit67890 has quit (Remote host closed the connection)
289 2012-02-04 04:03:48 <luke-jr> theymos: ignore duplicates would be better IMO
290 2012-02-04 04:03:52 <roconnor> josephcp: ya, even if bitcoin is somehow still sound, it is hell for merchants
291 2012-02-04 04:04:14 <josephcp> yeah, it breaks things and "feels" like there might be other unexplored vulnerabilities
292 2012-02-04 04:04:26 <luke-jr> if someone pulls off the "cancel someone else's coinbase" attack, they can split the network with itâ¦
293 2012-02-04 04:04:30 <josephcp> can you try spending it a 3rd time? I know it's VERY VERY unlikley to work
294 2012-02-04 04:04:41 <luke-jr> will -rescan fix it, I wonder?
295 2012-02-04 04:04:46 <roconnor> huh?
296 2012-02-04 04:05:03 Rabbit67890 has joined
297 2012-02-04 04:05:12 <theymos> BBE testnet is fixed now.
298 2012-02-04 04:05:19 <theymos> (And I removed that constraint from mainnet.)
299 2012-02-04 04:05:22 Rabbit67890 has quit (Remote host closed the connection)
300 2012-02-04 04:05:29 <roconnor> theymos: that was fast
301 2012-02-04 04:05:51 <roconnor> theymos: ah
302 2012-02-04 04:05:57 <roconnor> theymos: arguably http://blockexplorer.com/testnet/block/0000000013aa9f67da178005f9ced61c7064dd6e8464b35f6a8ca8fabc1ca2cf should be fixed
303 2012-02-04 04:06:03 <roconnor> though perhaps it isn't urgent
304 2012-02-04 04:06:09 <theymos> It was very easy. Just ALTER TABLE inputs DROP CONSTRAINT x.
305 2012-02-04 04:06:13 <luke-jr> 1. mine Coinbase A-1
306 2012-02-04 04:06:23 <luke-jr> 2. mine Coinbase A-2, clone of A-1
307 2012-02-04 04:06:27 <luke-jr> 3. mine Coinbase B
308 2012-02-04 04:06:28 Karmaon has quit (Remote host closed the connection)
309 2012-02-04 04:06:43 <luke-jr> 4. release Coinbase A-2 and Coinbase B to opposite node sets
310 2012-02-04 04:06:54 <luke-jr> 5. mine & release Coinbase C based on Coinbase B
311 2012-02-04 04:06:59 Rabbit67890 has joined
312 2012-02-04 04:07:04 Rabbit67890 has quit (Remote host closed the connection)
313 2012-02-04 04:07:06 <luke-jr> now half of the nodes reorg, forgetting A-1 too
314 2012-02-04 04:07:12 Karmaon has joined
315 2012-02-04 04:07:12 <luke-jr> 6. Spend Coinbase A-1
316 2012-02-04 04:07:22 Rabbit67890 has joined
317 2012-02-04 04:07:25 <theymos> roconnor: Should I change the text to "This caused by a horrible, ugly bug in Bitcoin that should be fixed ASAP"? ;)
318 2012-02-04 04:07:27 Rabbit67890 has quit (Remote host closed the connection)
319 2012-02-04 04:07:28 <luke-jr> all the nodes that forgot A-1 will reject this
320 2012-02-04 04:07:32 <roconnor> luke-jr: oh right, if that happens then the client is really buggy.
321 2012-02-04 04:07:47 Rabbit67890 has joined
322 2012-02-04 04:07:51 <luke-jr> now you have two blockchains
323 2012-02-04 04:07:58 <roconnor> theymos: ideally you'd tell me how that transaction is spent, but maybe changing the text is a good first step.
324 2012-02-04 04:08:10 <luke-jr> and the perfect setup to double-spend until it's fixed
325 2012-02-04 04:08:18 <josephcp> theymos: but there can be situations where tracing transaction history will go to the wrong one when building the foreign keys :-/ you need to add a constraint to the select query to include unspent now
326 2012-02-04 04:08:54 <luke-jr> if it wasn't for the fact that Bitcoin goes up every time there's bad news, I'd be selling all mine about now
327 2012-02-04 04:08:56 <luke-jr> :P
328 2012-02-04 04:08:57 Rabbit67890 has quit (Remote host closed the connection)
329 2012-02-04 04:09:01 <roconnor> josephcp: the "correct" primary key is a the transaction and block id pair
330 2012-02-04 04:09:04 Cablesaurus has joined
331 2012-02-04 04:09:04 Cablesaurus has quit (Changing host)
332 2012-02-04 04:09:04 Cablesaurus has joined
333 2012-02-04 04:09:12 * luke-jr ponders how easy this theory is to test
334 2012-02-04 04:09:23 <roconnor> or maybe even (transcation, block id, and merkle tree location)
335 2012-02-04 04:09:34 <theymos> I'm not so concerned about correct display on BBE of these very strange transactions.
336 2012-02-04 04:09:41 Rabbit67890 has joined
337 2012-02-04 04:09:42 <roconnor> theymos: heh, okay
338 2012-02-04 04:09:58 <josephcp> roconnor: when spending txouts you're not including the block id though
339 2012-02-04 04:10:04 <roconnor> theymos: sorry for messin up your block explorer :P
340 2012-02-04 04:10:10 Rabbit67890 has quit (Remote host closed the connection)
341 2012-02-04 04:10:24 Rabbit67890 has joined
342 2012-02-04 04:10:37 <theymos> roconnor: Thanks for uncovering this interesting behavior! :)
343 2012-02-04 04:10:38 <josephcp> txin only has the hash, you need to select for unspent outs
344 2012-02-04 04:10:53 <luke-jr> theymos: you probably shouldn't have leaked that email :P
345 2012-02-04 04:11:08 <splatster> theymos: Are you going to split up the forum redesign into pieces or did you end up deciding against it?
346 2012-02-04 04:12:04 <theymos> luke-jr: It's a very old email. Security won't be harmed by releasing it -- security may be helped if more severe bugs are found than Gavin saw.
347 2012-02-04 04:12:51 jamescarr has joined
348 2012-02-04 04:13:20 Rabbit67890 has quit (Remote host closed the connection)
349 2012-02-04 04:13:57 Rabbit67890 has joined
350 2012-02-04 04:14:03 Rabbit67890 has quit (Remote host closed the connection)
351 2012-02-04 04:14:23 <josephcp> well if you do decide to reject duplicates, remember that there are duplicates in mainnet, so the checking has to start after a set number of blocks...
352 2012-02-04 04:14:32 <theymos> splatster: I haven't processed all of the bids yet. I got a few more at the end of January. At first glance none of them look great, though. Matthew N. Wright also said that he would submit a bid, which might be pretty good. (I gave him another week.) I've been working on building a BBcode parser in Boost.Spirit in case I do end up splitting it, which has been pretty interesting.
353 2012-02-04 04:15:05 Moron__ has quit ()
354 2012-02-04 04:15:15 Rabbit67890 has joined
355 2012-02-04 04:15:24 Rabbit67890 has quit (Remote host closed the connection)
356 2012-02-04 04:15:49 Rabbit67890 has joined
357 2012-02-04 04:18:37 <roconnor> josephcp: it would sufficent to require outputs from be spent only once
358 2012-02-04 04:18:47 <roconnor> josephcp: which is compatible with how main net is now
359 2012-02-04 04:19:20 <luke-jr> theymos: actually, that attack isn't super-expensive either
360 2012-02-04 04:19:29 <luke-jr> you can do it by mining 1 block
361 2012-02-04 04:19:31 <josephcp> oh yeah good point
362 2012-02-04 04:19:55 <roconnor> luke-jr: btw, you don't have to use duplicate coinbases, you can use duplicate outputs of coinbases, which get around any 100 block issues.
363 2012-02-04 04:20:00 <luke-jr> you just need to time your announcement of that 1 block well
364 2012-02-04 04:20:09 Rabbit67890 has quit (Ping timeout: 240 seconds)
365 2012-02-04 04:20:24 <luke-jr> ie, connect to every node, and when you hear of the competing block announce yours as well
366 2012-02-04 04:20:27 <roconnor> I mean duplicate transactions built on duplicate coinbases
367 2012-02-04 04:21:06 <luke-jr> roconnor: :o
368 2012-02-04 04:21:21 <luke-jr> I don't see how that would work
369 2012-02-04 04:22:22 <roconnor> luke-jr: mine a coinbase transaction A, spend it to B, spend it to C, mine coinbase A, spend it to B spend it to C
370 2012-02-04 04:22:33 Rabbit67890 has joined
371 2012-02-04 04:22:57 <roconnor> now the duplicate C's are analogus to duplicate coinbases, but well past any 100 block vetting period.
372 2012-02-04 04:25:42 riush has quit (Read error: Connection reset by peer)
373 2012-02-04 04:27:54 RobinPKR_ has joined
374 2012-02-04 04:28:49 paul0 has quit (Quit: paul0)
375 2012-02-04 04:30:40 RobinPKR has quit (Ping timeout: 272 seconds)
376 2012-02-04 04:30:40 RobinPKR_ is now known as RobinPKR
377 2012-02-04 04:30:52 riush has joined
378 2012-02-04 04:30:53 riush has quit (Changing host)
379 2012-02-04 04:30:53 riush has joined
380 2012-02-04 04:32:37 <jamescarr> ping
381 2012-02-04 04:36:09 <BTC_Bear> â pong
382 2012-02-04 04:45:48 sytse has quit (Read error: Operation timed out)
383 2012-02-04 04:49:33 sytse has joined
384 2012-02-04 04:54:02 mizerydearia has quit (Ping timeout: 255 seconds)
385 2012-02-04 04:55:20 mizerydearia has joined
386 2012-02-04 04:55:57 <egecko> how do you track down the transaction for a received bitcoin?
387 2012-02-04 04:57:04 <egecko> i.e. when you request the received by address, it returns all the bitcoins received, but it doesnt show much more beyond address, account, amount, and confirmations
388 2012-02-04 04:57:25 <theymos> listtransactions
389 2012-02-04 04:58:26 Rabbit67890 has quit (Remote host closed the connection)
390 2012-02-04 05:01:11 Rabbit67890_ has joined
391 2012-02-04 05:02:12 Ferroh has quit (Quit: *poof*)
392 2012-02-04 05:02:58 sytse has quit (Ping timeout: 272 seconds)
393 2012-02-04 05:03:16 sytse has joined
394 2012-02-04 05:07:09 <shargs> cool
395 2012-02-04 05:07:40 Rabbit67890 has joined
396 2012-02-04 05:10:02 Rabbit67890_ has quit (Ping timeout: 260 seconds)
397 2012-02-04 05:11:31 Rabbit67890_ has joined
398 2012-02-04 05:11:49 Rabbit67890 has quit (Ping timeout: 240 seconds)
399 2012-02-04 05:11:50 Rabbit67890_ is now known as Rabbit67890
400 2012-02-04 05:12:11 b4epoche_ has joined
401 2012-02-04 05:12:48 <shargs> The idea of checking whether a committed integer lies in a specific interval was¯first developed in [2].
402 2012-02-04 05:12:52 b4epoche has quit (Ping timeout: 244 seconds)
403 2012-02-04 05:12:52 b4epoche_ is now known as b4epoche
404 2012-02-04 05:15:10 splatster has quit (Quit: Leaving...)
405 2012-02-04 05:16:59 Rabbit67890 has quit (Ping timeout: 244 seconds)
406 2012-02-04 05:17:59 <roconnor> heh ``
407 2012-02-04 05:18:00 <roconnor> one of the reasons this keeps
408 2012-02-04 05:18:02 <roconnor> slipping down my TODO list is because I'm not sure it is worth making
409 2012-02-04 05:18:03 <roconnor> code changes for such an obscure potential attack that doesn't (as far
410 2012-02-04 05:18:05 <roconnor> as I can see) gain the attacker anything.
411 2012-02-04 05:18:20 Rabbit67890 has joined
412 2012-02-04 05:18:22 Rabbit67890 has quit (Remote host closed the connection)
413 2012-02-04 05:18:30 <roconnor> yep, it's totally better to wait until it is known that the attacker can gain something, and then fix it. :^)
414 2012-02-04 05:18:57 splatster has joined
415 2012-02-04 05:18:59 splatster has quit (Changing host)
416 2012-02-04 05:18:59 splatster has joined
417 2012-02-04 05:21:50 Rabbit67890 has joined
418 2012-02-04 05:23:24 <shargs> By using the indirect disclosure proof in the payment protocol, ZCash realizes revocable anonymity, which allows a trustee to trace the owner of the E-cash according to its payment transcript. ZCash is the first E-cash scheme which realizes both divisibility and revocable anonymity.
419 2012-02-04 05:24:59 <roconnor> shargs: link?
420 2012-02-04 05:25:59 <shargs> http://www.sciencedirect.com/science/article/pii/S1567422302000248
421 2012-02-04 05:26:33 Rabbit67890 has quit (Client Quit)
422 2012-02-04 05:26:44 <shargs> the application to bitcoin would be the ability to hide transaction amounts in the transcript, but still prove your accant balance lies within a particular interval
423 2012-02-04 05:27:02 JRWR has joined
424 2012-02-04 05:27:05 <roconnor> shargs: oh good, I was trying to figure out how to do that
425 2012-02-04 05:27:17 <roconnor> I though it would be possible with partial homomorphic encryption
426 2012-02-04 05:28:06 <shargs> if you want more privacy, you just increase the difference between input and output..
427 2012-02-04 05:29:21 <shargs> it seems to be horribly complex crypto stuff
428 2012-02-04 05:29:42 <roconnor> I'm not on campus so I cannot read the paper
429 2012-02-04 05:30:50 <shargs> http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.113.6247
430 2012-02-04 05:31:22 <shargs> we make a further step towards practicality of complete (i.e., divisible) anonymous e-cash by presenting a solution where all pre cedures (set-up, withdrawal, payment and deposit) are bounded by tens of exponentiations
431 2012-02-04 05:32:14 <shargs> theres a simple scheme which is analogous: each "transaction" would be represented by a source address, and a number that represents the upper limit of the amount, but not the exact amount which is encrypted
432 2012-02-04 05:32:39 <shargs> then you can prove to anyone that you have at least X coins left in your account, without revealing anything about previous transactions
433 2012-02-04 05:33:38 Rabbit67890 has joined
434 2012-02-04 05:34:03 <shargs> that is a lame way to do it.. the horribly complex crypto is supposed to make it more opaque
435 2012-02-04 05:37:33 <egecko> anyone have ideas on why a sendfrom request would be returning a not found error?
436 2012-02-04 05:39:45 etotheipi_ has joined
437 2012-02-04 05:40:34 <shargs> http://www.cs.ut.ee/~lipmaa/crypto/link/zeroknowledge/pok.php
438 2012-02-04 05:40:48 <shargs> search for "proofs tha the committed numbers belong to an interval (Range proof)"
439 2012-02-04 05:41:13 <roconnor> etotheipi_: there is a bug in armory in an extremely unlikely corner case of the bitcoin protocol (which its probably a bug in the protocol that will hopefully get fixed really soon).
440 2012-02-04 05:41:16 <shargs> theres like 20 papers on the problem
441 2012-02-04 05:41:34 <etotheipi_> what's the bug, roconnor?
442 2012-02-04 05:42:18 <roconnor> etotheipi_: say I mine a coinbase transaction with hash A
443 2012-02-04 05:42:33 <roconnor> etotheipi_: and then I spend it with transaction with hash AB
444 2012-02-04 05:43:20 <roconnor> etotheipi_: and then I mine a coinbase transaction again with hash A, then it doesn't appear again in armory
445 2012-02-04 05:43:35 <roconnor> etotheipi_: I've confirmed that it is spendable with transaction AC
446 2012-02-04 05:43:47 <roconnor> (which also doesn't appear in armory)
447 2012-02-04 05:44:19 <roconnor> etotheipi_: it probably isn't worth fixing
448 2012-02-04 05:44:19 <etotheipi_> you mean, Armory reports it as spendable?
449 2012-02-04 05:44:38 <roconnor> etotheipi_: no, I mean it is spendable, but Armory doesn't report its existence.
450 2012-02-04 05:45:00 graingert has quit (Read error: Connection reset by peer)
451 2012-02-04 05:45:22 <etotheipi_> I thought those duplicate tx's were not spendable?
452 2012-02-04 05:45:29 <roconnor> they are
453 2012-02-04 05:45:31 <etotheipi_> I mean, I thought the network wouldn't allow you to spend them
454 2012-02-04 05:45:34 <roconnor> in some cases
455 2012-02-04 05:45:38 <etotheipi_> or is that a "bug"?
456 2012-02-04 05:45:42 <roconnor> yes
457 2012-02-04 05:45:53 Rabbit67890 has quit (Quit: Rabbit67890)
458 2012-02-04 05:46:25 <roconnor> http://blockexplorer.com/testnet/tx/fae8bfd6a2d98294416d8d280d3637682e87ad71e0dfc6b8b20804263067c42d
459 2012-02-04 05:46:46 <roconnor> ^^ proof that it is spendable
460 2012-02-04 05:47:35 <etotheipi_> is that testnet?
461 2012-02-04 05:47:41 <roconnor> yes
462 2012-02-04 05:48:06 <etotheipi_> so you have found a way to spend them?
463 2012-02-04 05:48:13 <roconnor> yes
464 2012-02-04 05:48:22 <roconnor> so long as the first one is spent, the second one will be spendable.
465 2012-02-04 05:48:38 <roconnor> ... god only knows what happens if the first one is partially spent.
466 2012-02-04 05:48:41 <etotheipi_> hmmm.... that sounds like a bug
467 2012-02-04 05:50:02 <roconnor> etotheipi_: if you want, try to figure out how to double spend using duplicate transactions, or at least revoke transactions to screw someone.
468 2012-02-04 05:50:04 <etotheipi_> that sounds like something that could fork the blockchainj if there was a large variety of full-validation nodes
469 2012-02-04 05:50:31 <roconnor> etotheipi_: ya; there are a million possible ways this could be implemented
470 2012-02-04 05:50:51 <etotheipi_> interesting...
471 2012-02-04 05:50:55 <roconnor> luke-jr suggests because of the way reorgs are handled that the standard client could even fork itself.
472 2012-02-04 05:51:44 <etotheipi_> well I'm out of town, so I'm not doing any real dev until monday, so I can't even really look at it right now
473 2012-02-04 05:52:13 <etotheipi_> no doubt, that's quite a corner case...
474 2012-02-04 05:52:37 <roconnor> etotheipi_: ya, I don't think there is any point of even addressing it yet
475 2012-02-04 05:52:44 <roconnor> etotheipi_: but I thought I'd let you know.
476 2012-02-04 05:52:52 <etotheipi_> unless someone figures out how to leverage it maliciously
477 2012-02-04 05:53:08 <etotheipi_> would it be resolved by a rescan?
478 2012-02-04 05:53:25 <roconnor> etotheipi_: sure, it would be resolved by a rescan
479 2012-02-04 05:53:41 <etotheipi_> for instance, because of the way that I scan the blockchain, no matter how complicated of a reorg happens, when you rescan it will organize "correctly"
480 2012-02-04 05:53:47 <roconnor> but imagine how long the block fork could go on.
481 2012-02-04 05:53:59 <etotheipi_> (though, I've unit-tested the Armory code so it should work real-time, anyway)
482 2012-02-04 05:54:13 <roconnor> etotheipi_: you rescan the entire chain on every reorg?
483 2012-02-04 05:54:17 <etotheipi_> no
484 2012-02-04 05:54:28 <roconnor> well there you go
485 2012-02-04 05:54:46 <etotheipi_> although with full-ram.... I don't see why not :)
486 2012-02-04 05:54:51 <roconnor> in standard client, luke-jr suggest that it will get confused about which transaction is which during a reorg
487 2012-02-04 05:54:58 <roconnor> understandably
488 2012-02-04 05:54:59 <etotheipi_> it takes less than a sec to reorganize all the headers and invalidate a bad chain
489 2012-02-04 05:55:50 <roconnor> okay
490 2012-02-04 05:56:09 <roconnor> in my haskell code I don't even have a reorg :P
491 2012-02-04 05:56:30 <roconnor> I just have a priority queue, so if a new longest chain appears, then it is magically on top of the heap.
492 2012-02-04 05:56:33 <etotheipi_> I made sure that when a tx is invalidated via reorg, that it doesn't just disappear
493 2012-02-04 05:56:54 <etotheipi_> it's instead marked as invalidated... and then the user can be notified they just became a victim
494 2012-02-04 05:57:19 <roconnor> etotheipi_: nice
495 2012-02-04 05:57:42 eoss has quit (Quit: Leaving)
496 2012-02-04 05:57:53 <etotheipi_> although, I never save it, so I guess it would disappear after a restart.... maybe I'll make sure it's saved to disk
497 2012-02-04 05:58:41 <etotheipi_> okay, so really obscure memory question... https://github.com/bitcoin/bitcoin/blob/master/src/serialize.h#L25
498 2012-02-04 05:59:07 <etotheipi_> in the mlock function, it looks like it's finding the memory-page-floor
499 2012-02-04 06:00:45 <etotheipi_> but I can't figure out why there's such a complicated function for the size
500 2012-02-04 06:00:59 <etotheipi_> I would think it would be a simple multiple of the pagesize
501 2012-02-04 06:12:14 <shargs> monthly catacomb occupation fee
502 2012-02-04 06:17:43 enquirer has quit (Quit: back soon)
503 2012-02-04 06:22:16 theymos has quit (Remote host closed the connection)
504 2012-02-04 06:22:47 osmosis has joined
505 2012-02-04 06:25:57 roconnor has quit (Ping timeout: 272 seconds)
506 2012-02-04 06:30:07 etotheipi_ has quit (Ping timeout: 245 seconds)
507 2012-02-04 06:33:40 <shargs> catacomb
508 2012-02-04 06:47:16 jeewee has joined
509 2012-02-04 06:48:09 BTC_Bear is now known as BTC_Bear|hbrntng
510 2012-02-04 06:54:11 <shargs> ok
511 2012-02-04 07:01:04 <egecko> what is the base reference date/time for the "time" associated with a transaction?
512 2012-02-04 07:09:31 <egecko> 1/1/1900?
513 2012-02-04 07:10:22 <cjd> probably january 1970 but I'm not sure
514 2012-02-04 07:10:29 <cjd> ;;google unix time
515 2012-02-04 07:10:30 <gribble> Unix time - Wikipedia, the free encyclopedia: <http://en.wikipedia.org/wiki/Unix_time>; Online Conversion - Unix time conversion: <http://www.onlineconversion.com/unix_time.htm>; Unix Time Stamp . com: <http://www.unixtimestamp.com/>
516 2012-02-04 07:13:00 <shargs> ok
517 2012-02-04 07:13:04 <egecko> is it safe to presume that times are in UTC?
518 2012-02-04 07:13:25 <cjd> unix time doesn't care about time zone
519 2012-02-04 07:17:51 <shargs> cool
520 2012-02-04 07:24:25 jamescarr has quit (Ping timeout: 245 seconds)
521 2012-02-04 07:25:38 shargalarg has joined
522 2012-02-04 07:26:32 shargs has quit (Ping timeout: 260 seconds)
523 2012-02-04 07:49:54 RazielZ has joined
524 2012-02-04 07:59:37 osmosis has quit (Quit: Leaving)
525 2012-02-04 08:01:35 shargalarg has quit (Ping timeout: 272 seconds)
526 2012-02-04 08:02:21 Cablesaurus has quit (Quit: I cna ytpe 300 wrods pre mniuet!!!)
527 2012-02-04 08:02:23 Clown has joined
528 2012-02-04 08:02:50 Clown is now known as Guest96767
529 2012-02-04 08:03:38 helo_ has joined
530 2012-02-04 08:04:07 has quit (Clown|!Clown@static-87-79-93-140.netcologne.de|Ping timeout: 272 seconds)
531 2012-02-04 08:07:11 <helo_> would it be useful to have a p2sh op that causes the transaction to fail validation if a particular block hash hasn't occured recently?
532 2012-02-04 08:08:42 mizerydearia has quit (Ping timeout: 248 seconds)
533 2012-02-04 08:08:59 <gmaxwell> helo_: by useful do you mean "enabling an attack, such that I can revoke funds spent to someone by simply doing a fairly minor reorg and not even respending the input"?
534 2012-02-04 08:09:27 <helo_> definately not :)
535 2012-02-04 08:12:03 molecular has quit (Ping timeout: 255 seconds)
536 2012-02-04 08:12:04 <gmaxwell> There was a discussion about that sort of tying thing before but I can't find it. In the biggest usecase what you should simply endeavor to do is make the new txn dependant on the relevant input payment.
537 2012-02-04 08:12:28 <gmaxwell> (someone was asking about it with respect to a gambling site that he wanted to do fast&secure payment turnarounds for)
538 2012-02-04 08:12:46 <gmaxwell> If you can do that you can even work with zero confirms.
539 2012-02-04 08:12:55 molecular has joined
540 2012-02-04 08:12:58 <helo_> ahh makes sense
541 2012-02-04 08:14:21 <gmaxwell> I'd think that the kind of backwards matching you described would need to be protected by a maturity delay like we have for generation txnâ sort of the opposite of what people want in that situation (faster!)
542 2012-02-04 08:14:38 Cablesaurus has joined
543 2012-02-04 08:14:38 Cablesaurus has quit (Changing host)
544 2012-02-04 08:14:38 Cablesaurus has joined
545 2012-02-04 08:17:38 osmosis has joined
546 2012-02-04 08:20:47 assel____ has joined
547 2012-02-04 08:21:12 assel____ has quit (Remote host closed the connection)
548 2012-02-04 08:25:56 CaptainDDL has joined
549 2012-02-04 08:28:53 Guest96767 has quit ()
550 2012-02-04 08:31:20 osmosis has quit (Remote host closed the connection)
551 2012-02-04 08:36:44 osmosis has joined
552 2012-02-04 08:38:32 splatster has quit (Quit: Leaving...)
553 2012-02-04 09:21:27 osmosis has quit (Remote host closed the connection)
554 2012-02-04 09:22:26 MrTiggr has quit (Ping timeout: 245 seconds)
555 2012-02-04 09:22:47 b4epoche_ has joined
556 2012-02-04 09:22:54 iocor has joined
557 2012-02-04 09:24:30 marf_away has joined
558 2012-02-04 09:24:33 b4epoche has quit (Ping timeout: 272 seconds)
559 2012-02-04 09:24:33 b4epoche_ is now known as b4epoche
560 2012-02-04 09:24:56 TD has joined
561 2012-02-04 09:25:47 TD has quit (Client Quit)
562 2012-02-04 09:27:13 erle- has joined
563 2012-02-04 09:30:01 pusle has joined
564 2012-02-04 09:32:09 barmstrong has quit (Remote host closed the connection)
565 2012-02-04 09:33:17 iocor has quit (Ping timeout: 244 seconds)
566 2012-02-04 09:33:24 iocor has joined
567 2012-02-04 09:35:20 iocor has quit (Client Quit)
568 2012-02-04 09:40:16 barmstrong has joined
569 2012-02-04 09:50:23 Cherothald has quit (Ping timeout: 252 seconds)
570 2012-02-04 09:51:08 MrTiggr has joined
571 2012-02-04 09:55:07 cdecker has joined
572 2012-02-04 09:56:02 vsrinivas has quit (Quit: leaving)
573 2012-02-04 09:59:43 osmosis has joined
574 2012-02-04 10:10:56 iocor has joined
575 2012-02-04 10:12:15 FellowTraveler has joined
576 2012-02-04 10:12:19 <FellowTraveler> hi all.
577 2012-02-04 10:12:28 <pusle> hei :)
578 2012-02-04 10:13:07 <FellowTraveler> I heard yall were having some kind of problems with poisonous people?
579 2012-02-04 10:13:49 <FellowTraveler> Now, are these the kind of people who have poisonous fangs, or are we talking more about, say, poisonous skin?
580 2012-02-04 10:14:17 <pusle> I'm not really a developer but from observing the conversations I wouldn't say there is such a problem
581 2012-02-04 10:14:37 <FellowTraveler> that's not the word on the street
582 2012-02-04 10:14:43 <FellowTraveler> word on the street is, a house divided can't stand
583 2012-02-04 10:15:26 <FellowTraveler> FYI since I just designed it, here's the upcoming systray menu options for Open-Transactions: http://pastebin.com/i4C88ZWX
584 2012-02-04 10:15:37 <FellowTraveler> I guess I better get back to work. Good luck finding the antidote!
585 2012-02-04 10:15:54 FellowTraveler has left ()
586 2012-02-04 10:16:14 <pusle> O_o
587 2012-02-04 10:24:18 JRWR has quit (Ping timeout: 252 seconds)
588 2012-02-04 10:30:15 <makomk> By the way, thinking about it we already have an index of transactions that could've been used to prevent duplicate coinbases; right now it's used for looking up the outputs that a transaction spends.
589 2012-02-04 10:31:10 <makomk> (Another dropped item from the TODO BEFORE LAUNCH list for Coiledcoin, no surprises there.)
590 2012-02-04 10:41:12 booo has joined
591 2012-02-04 10:44:08 rdponticelli has quit (Read error: Connection reset by peer)
592 2012-02-04 10:48:07 Moron__ has joined
593 2012-02-04 10:49:54 rdponticelli has joined
594 2012-02-04 10:56:11 Insti has quit (Ping timeout: 240 seconds)
595 2012-02-04 10:57:59 Insti has joined
596 2012-02-04 11:00:10 <gribble> New news from bitcoinrss: dishwara opened issue 797 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/issues/797>
597 2012-02-04 11:01:26 osmosis has quit (Quit: Leaving)
598 2012-02-04 11:03:11 danbri has quit (Ping timeout: 245 seconds)
599 2012-02-04 11:08:08 copumpkin has quit (Ping timeout: 252 seconds)
600 2012-02-04 11:08:36 copumpkin has joined
601 2012-02-04 11:10:02 datagutt has joined
602 2012-02-04 11:11:57 Zarutian has joined
603 2012-02-04 11:15:24 danbri has joined
604 2012-02-04 11:15:45 rdponticelli has quit (Remote host closed the connection)
605 2012-02-04 11:18:29 Clipse has quit (Ping timeout: 256 seconds)
606 2012-02-04 11:22:48 rdponticelli has joined
607 2012-02-04 11:44:56 occulta has joined
608 2012-02-04 12:05:07 Cherothald has joined
609 2012-02-04 12:05:36 yorick has quit (Ping timeout: 252 seconds)
610 2012-02-04 12:07:05 yorick has joined
611 2012-02-04 12:21:07 JRWR has joined
612 2012-02-04 12:33:05 baz has joined
613 2012-02-04 12:37:31 mizerydearia has joined
614 2012-02-04 12:44:13 saspiron has joined
615 2012-02-04 12:44:43 TD has joined
616 2012-02-04 12:45:34 <saspiron> Could you have bitreceipts sorta a proof of purchase?
617 2012-02-04 12:46:06 <saspiron> where i buy something and i get a bitreceipt that then says i bought that item?
618 2012-02-04 12:47:46 has joined
619 2012-02-04 12:52:25 CaptainDDL has quit (Ping timeout: 248 seconds)
620 2012-02-04 12:56:17 gronager1 has joined
621 2012-02-04 12:58:36 marf_away has quit (Ping timeout: 245 seconds)
622 2012-02-04 12:58:38 gronager has quit (Ping timeout: 272 seconds)
623 2012-02-04 12:58:56 gronager1 has quit (Read error: Connection reset by peer)
624 2012-02-04 12:59:00 gronager has joined
625 2012-02-04 12:59:00 <Moron__> saspiron
626 2012-02-04 12:59:01 <Moron__> :P
627 2012-02-04 12:59:08 graingert has joined
628 2012-02-04 13:00:59 saspiron has quit (Ping timeout: 245 seconds)
629 2012-02-04 13:04:07 spq has quit (Quit: ChatZilla 0.9.87 [Firefox 7.0.1/20110928134238])
630 2012-02-04 13:13:13 Nicksasa has joined
631 2012-02-04 13:17:59 knotwork has joined
632 2012-02-04 13:18:06 knotwork has quit (Changing host)
633 2012-02-04 13:18:06 knotwork has joined
634 2012-02-04 13:21:00 att has joined
635 2012-02-04 13:26:46 bodom has joined
636 2012-02-04 13:29:00 baz has quit (Quit: Leaving)
637 2012-02-04 13:29:43 baz has joined
638 2012-02-04 13:34:33 <luke-jr> [23:16:02] <roconnor> luke-jr: mine a coinbase transaction A, spend it to B, spend it to C, mine coinbase A, spend it to B spend it to C
639 2012-02-04 13:34:38 <luke-jr> meh, he left
640 2012-02-04 13:34:49 <luke-jr> I don't think that can work, since the inputs will always be different
641 2012-02-04 13:35:20 b4epoche_ has joined
642 2012-02-04 13:36:11 b4epoche has quit (Ping timeout: 240 seconds)
643 2012-02-04 13:36:11 b4epoche_ is now known as b4epoche
644 2012-02-04 13:39:03 iocor has quit (Quit: Computer has gone to sleep.)
645 2012-02-04 13:41:59 iocor has joined
646 2012-02-04 13:42:51 Insti has quit (Ping timeout: 240 seconds)
647 2012-02-04 13:48:07 baz has quit (Remote host closed the connection)
648 2012-02-04 13:53:28 baz has joined
649 2012-02-04 13:54:17 Insti has joined
650 2012-02-04 13:57:59 edcba has joined
651 2012-02-04 13:58:06 shargs has joined
652 2012-02-04 14:02:29 shargs has quit (Ping timeout: 244 seconds)
653 2012-02-04 14:05:43 Nicksasa has quit (Read error: Connection reset by peer)
654 2012-02-04 14:06:16 Nicksasa has joined
655 2012-02-04 14:28:45 denisx has joined
656 2012-02-04 14:32:25 TD has quit (Quit: TD)
657 2012-02-04 14:35:04 Nicksasa has quit (Read error: Connection reset by peer)
658 2012-02-04 14:35:18 Nicksasa has joined
659 2012-02-04 14:36:04 baz has quit (Remote host closed the connection)
660 2012-02-04 14:38:15 baz has joined
661 2012-02-04 14:55:31 TD has joined
662 2012-02-04 14:57:16 baz has quit (Remote host closed the connection)
663 2012-02-04 14:57:27 jamescarr has joined
664 2012-02-04 14:57:44 <jamescarr> the bitcoin client for linux is buggy as hell
665 2012-02-04 14:59:23 baz has joined
666 2012-02-04 14:59:24 <pickett> works fine for me
667 2012-02-04 15:00:20 jamescarr has quit (Remote host closed the connection)
668 2012-02-04 15:00:54 iocor has quit (Quit: Computer has gone to sleep.)
669 2012-02-04 15:03:30 RazielZ has quit (Quit: Leaving)
670 2012-02-04 15:14:17 ThomasV has quit (Quit: Leaving)
671 2012-02-04 15:19:41 Nicksasa has quit (Ping timeout: 252 seconds)
672 2012-02-04 15:22:55 iocor has joined
673 2012-02-04 15:27:36 baz has quit (Ping timeout: 252 seconds)
674 2012-02-04 15:30:54 RazielZ has joined
675 2012-02-04 15:31:01 userhj has joined
676 2012-02-04 15:35:24 JRWR has quit (Read error: Connection reset by peer)
677 2012-02-04 15:36:51 Nicksasa has joined
678 2012-02-04 15:37:31 paul0 has joined
679 2012-02-04 15:45:26 iocor has quit (Quit: Computer has gone to sleep.)
680 2012-02-04 15:48:02 JRWR has joined
681 2012-02-04 16:02:40 marf_away has joined
682 2012-02-04 16:03:52 Dagger2 has quit (Ping timeout: 240 seconds)
683 2012-02-04 16:12:39 Dagger3 has joined
684 2012-02-04 16:13:26 iocor has joined
685 2012-02-04 16:14:43 iocor has quit (Client Quit)
686 2012-02-04 16:14:52 MrTiggr has quit (Ping timeout: 256 seconds)
687 2012-02-04 16:15:59 iocor has joined
688 2012-02-04 16:16:18 Nicksasa has quit (Read error: Connection reset by peer)
689 2012-02-04 16:17:27 ThomasV has joined
690 2012-02-04 16:17:40 genjix has joined
691 2012-02-04 16:17:47 genjix has left ()
692 2012-02-04 16:18:13 baz has joined
693 2012-02-04 16:18:29 Nicksasa has joined
694 2012-02-04 16:18:41 Nicksasa has quit (Read error: Connection reset by peer)
695 2012-02-04 16:18:45 Nick__ has joined
696 2012-02-04 16:24:52 Nick__ has quit (Quit: I'll be back nubs)
697 2012-02-04 16:24:52 Nicksasa has joined
698 2012-02-04 16:24:58 Nicksasa has quit (Read error: Connection reset by peer)
699 2012-02-04 16:25:01 Nick__ has joined
700 2012-02-04 16:25:13 Nick__ is now known as Nicksasa
701 2012-02-04 16:27:08 roconnor has joined
702 2012-02-04 16:31:17 ThomasV has quit (Ping timeout: 248 seconds)
703 2012-02-04 16:34:54 <roconnor> luke-jr: all the inputs will be the same.
704 2012-02-04 16:35:14 <Diablo-D3> http://www.anandtech.com/print/5503
705 2012-02-04 16:35:24 iocor has quit (Quit: Computer has gone to sleep.)
706 2012-02-04 16:40:54 BTC_Bear is now known as hbrntng!~BTC_Bear@unaffiliated/btc-bear/x-5233302|BTC_Bear
707 2012-02-04 16:49:26 splatster has joined
708 2012-02-04 16:50:29 userhj has quit (Ping timeout: 255 seconds)
709 2012-02-04 16:51:49 etotheipi_ has joined
710 2012-02-04 17:03:44 userhj has joined
711 2012-02-04 17:11:13 Turingi has joined
712 2012-02-04 17:11:13 Turingi has quit (Changing host)
713 2012-02-04 17:11:13 Turingi has joined
714 2012-02-04 17:12:32 <luke-jr> roconnor: only if they are coming from the same outputs
715 2012-02-04 17:12:47 <roconnor> which they will be
716 2012-02-04 17:12:53 p0s has joined
717 2012-02-04 17:12:54 <luke-jr> can't be
718 2012-02-04 17:13:25 <roconnor> say I mine transacion A, spend it with transaction B and that spend with transaction C.
719 2012-02-04 17:13:33 <roconnor> then say I mine a duplicate coinbase A
720 2012-02-04 17:13:46 <luke-jr> oh!
721 2012-02-04 17:13:48 <luke-jr> interesting
722 2012-02-04 17:13:48 <roconnor> by it's very definition the two A's have the same hash
723 2012-02-04 17:13:58 <roconnor> then I spend the duplicate A to duplicate B
724 2012-02-04 17:14:12 <roconnor> and since duplicate B is identical to duplicat A, it by definition has the same hash
725 2012-02-04 17:14:27 <luke-jr> yeah⦠if it wasn't for the fact that Bitcoin goes up with bad press, I might be selling now <.<
726 2012-02-04 17:14:55 <roconnor> luke-jr: this is all part of my due diligence before buying :P
727 2012-02-04 17:15:12 <luke-jr> ;)
728 2012-02-04 17:16:56 <TD> mining a duplicate coinbase means finding a hash without changing the extranonce, right
729 2012-02-04 17:17:17 roconnor has quit (Read error: Connection reset by peer)
730 2012-02-04 17:17:29 roconnor has joined
731 2012-02-04 17:17:52 <roconnor> oops, accidently turned off my wireless
732 2012-02-04 17:18:18 <roconnor> TD yes
733 2012-02-04 17:18:46 <TD> oh, never mind
734 2012-02-04 17:19:04 <TD> i was thinking that'd make it harder. but it doesn't. you just include your own tx that you use as an extranonce
735 2012-02-04 17:19:33 <TD> the non-uniqueness of coinbase transactions has bothered me for a while. i wish satoshi had required inclusion of the prevblockhash in it
736 2012-02-04 17:19:56 <roconnor> extranonce really isn't needed AFAIU; just change the time by 1 second after you run out of nonce.
737 2012-02-04 17:20:19 <TD> eventually you'll hit the drift checks, no
738 2012-02-04 17:20:25 <roconnor> TD: the rumour was that these duplicated coinbase transactions were unspendable.
739 2012-02-04 17:20:28 <TD> i never looked at whether that is a problem or not, really
740 2012-02-04 17:20:34 <roconnor> but I proved that this is false last night.
741 2012-02-04 17:20:39 <TD> oh dear
742 2012-02-04 17:21:00 <roconnor> if you mine A and spend it, and then mine a duplicate A, the duplicate A is spendable.
743 2012-02-04 17:21:11 <TD> ah yes
744 2012-02-04 17:21:21 <roconnor> I don't know what happens when you partially spend A
745 2012-02-04 17:21:37 <roconnor> and I don't know what happens if you throw a block reorg into the mix
746 2012-02-04 17:21:45 <roconnor> luke-jr suggests it will be very very bad.
747 2012-02-04 17:22:33 <TD> though, if you mine two coinbases and spend them twice
748 2012-02-04 17:22:38 <TD> it's not really a double spend?
749 2012-02-04 17:22:43 <roconnor> nope
750 2012-02-04 17:22:46 <TD> and yes. i'm sure there are some nasty edge cases around this behavior.
751 2012-02-04 17:22:54 <TD> every tx really should be unique :(
752 2012-02-04 17:23:40 <TD> probably a re-org across such blocks would lead to db corruption. if not in the satoshi client then for sure in random 3rd party software that handles the chain
753 2012-02-04 17:24:24 <TD> i wonder if a "discouraged blocks" type change could be introduced that requires the prevblockhash to appear in the coinbase scriptSig at some point
754 2012-02-04 17:24:48 <roconnor> ya, even if by some miracle the satoshi client is fine; it will be a nightmare for merchants.
755 2012-02-04 17:25:11 <TD> well. hopefully most merchants just use one of a small number of implementations
756 2012-02-04 17:25:14 <TD> like the satoshi client :)
757 2012-02-04 17:25:19 <TD> that said
758 2012-02-04 17:25:29 <TD> i still don't fully understand how to double spend like that
759 2012-02-04 17:25:39 <roconnor> one option I was avocating was that an outpoint can be only spent at most once, no matter what.
760 2012-02-04 17:25:43 <TD> you say, mine one, spend it, mine another, spend it. it doesn't get you anything?
761 2012-02-04 17:25:53 <luke-jr> I wonder if -rescan would fix it
762 2012-02-04 17:25:57 <roconnor> this would be compatible with the existing mainnet
763 2012-02-04 17:26:01 <pusle> this is a hash collision "attack" ?
764 2012-02-04 17:26:02 <luke-jr> I'm not sure it would
765 2012-02-04 17:26:04 <luke-jr> pusle: no
766 2012-02-04 17:26:22 shargs has joined
767 2012-02-04 17:26:26 <roconnor> TD: I think it would be easier to revoke a transaction you made to a merchent (and burin the coins) rather than double spend.
768 2012-02-04 17:26:26 <luke-jr> pusle: this is a SHA256(a) == SHA256(a)
769 2012-02-04 17:26:39 <roconnor> TD: so it would be more of a screw you than any advantage for the attacker
770 2012-02-04 17:26:48 <roconnor> TD: but even that I don't know how to pull off yet.
771 2012-02-04 17:26:52 <pusle> well that's exactly what I meant
772 2012-02-04 17:26:56 <TD> yeah so it's more theoretical for now
773 2012-02-04 17:27:04 <TD> the kind of thing best fixed with a gradual change of the rules
774 2012-02-04 17:27:12 <luke-jr> I think a rescan might fix it, actually
775 2012-02-04 17:27:44 <roconnor> luke-jr: I don't doubt it; but what havock can you do while some clients have rescaned and others have not?
776 2012-02-04 17:27:48 <luke-jr> true
777 2012-02-04 17:27:57 <TD> the alert system should be able to trigger re-scans
778 2012-02-04 17:27:59 <TD> imho
779 2012-02-04 17:28:04 <TD> the risk of abuse is very low
780 2012-02-04 17:28:12 <roconnor> TD: Ideally this would be fixed before someone turns this theoretical thing into a practical thing.
781 2012-02-04 17:28:22 <TD> open up a BIP?
782 2012-02-04 17:28:23 <roconnor> rather than after
783 2012-02-04 17:28:54 <roconnor> BIP 23 : outPoints can be only spent at most once.
784 2012-02-04 17:29:02 <TD> well, that is supposed to already be the rule
785 2012-02-04 17:29:06 <roconnor> ... outPoints should only be spent at most once in any valid chain
786 2012-02-04 17:29:10 <roconnor> TD: done.
787 2012-02-04 17:29:11 <TD> the problem is that if you mine the same tx twice, there are two identical outpoints
788 2012-02-04 17:29:36 <roconnor> BIP 23 : identical outPoints can be only spent at most once.
789 2012-02-04 17:29:38 <TD> i think requiring txns to be unique is a cleaner solution
790 2012-02-04 17:29:44 <TD> otherwise every software has to know about this bizarre edge case
791 2012-02-04 17:29:47 <roconnor> TD: that isn't compatible with the current mainnet.
792 2012-02-04 17:29:54 <TD> of transactions with the same hash at different parts of the block chain
793 2012-02-04 17:30:26 <luke-jr> *can* we make repeated coinbases invalid?
794 2012-02-04 17:30:38 <luke-jr> sure, light clients won't be able to check, but that's just 1 confirmationâ¦
795 2012-02-04 17:30:39 <TD> oh, right, i forgot somebody already did this
796 2012-02-04 17:30:41 <roconnor> luke-jr: that isn't compatible with the current mainnet
797 2012-02-04 17:30:49 <luke-jr> roconnor: it is if you set a starting block number
798 2012-02-04 17:30:54 <TD> maybe the rule change can be conditioned on a starting point
799 2012-02-04 17:30:55 <TD> indeed
800 2012-02-04 17:31:24 <roconnor> luke-jr: possible; if you like nightmare implemenations ...
801 2012-02-04 17:31:34 <pusle> or just say the oldest one "wins" ?
802 2012-02-04 17:31:38 <roconnor> maybe I'd just make the last duplicated coinbase a new genesis block for me :D
803 2012-02-04 17:31:51 <luke-jr> roconnor: I don't. But if BIP 16 goes in, might as well do less nightmare stuff
804 2012-02-04 17:32:03 <roconnor> TD: I'm sure we can come up with several BIPs to solve this problem :P
805 2012-02-04 17:32:24 <TD> i'd like to see one that helps reduce complexity for alt implementations, for obvious reasons :)
806 2012-02-04 17:32:39 <TD> i think as long as bitcoinj clients don't receive any coins from duped coinbases, and there's never a re-org across them, it won't care
807 2012-02-04 17:32:46 <TD> however, it's better to remove the edge case via a protocol fix
808 2012-02-04 17:33:59 <TD> a rule change that discourages blocks with non-unique coinbases, and then an implementation fix to auto uniquify, would resolve that
809 2012-02-04 17:34:13 <roconnor> TD: having a conditional starting point makes for complex code.
810 2012-02-04 17:34:21 <TD> only for implementations that mine
811 2012-02-04 17:34:27 <TD> which today means only satoshi client
812 2012-02-04 17:34:30 Cablesaurus has quit (Quit: We be chillin - IceChat style)
813 2012-02-04 17:34:37 <roconnor> TD: why only for miners?
814 2012-02-04 17:34:38 <luke-jr> TD: not entirely
815 2012-02-04 17:34:48 <luke-jr> TD: the Satoshi client is actually incapable of mining at this point
816 2012-02-04 17:35:01 <TD> alright, implementations that are used to generate work for miners
817 2012-02-04 17:35:08 <luke-jr> the other mining servers just hijack its block validation
818 2012-02-04 17:35:31 <luke-jr> TD: yes, the Satoshi client cannot generate work fast enough for mining on Bitcoin
819 2012-02-04 17:36:20 danbri has quit (Remote host closed the connection)
820 2012-02-04 17:36:22 <luke-jr> afaik, every miner is not using mainline-bitcoind work now
821 2012-02-04 17:36:58 <TD> roconnor: ok, let me think through every edge case
822 2012-02-04 17:37:00 <luke-jr> a few are using bitcoind derivatives
823 2012-02-04 17:37:16 <luke-jr> most make work in other servers
824 2012-02-04 17:37:17 pingdrive has joined
825 2012-02-04 17:37:23 <TD> yes, alright, you know what i meant
826 2012-02-04 17:37:40 etotheipi_ has quit (Ping timeout: 245 seconds)
827 2012-02-04 17:37:42 <TD> afaik nobody is mining on blocks validated by something other than satoshis code (or at least i hope they are not)
828 2012-02-04 17:37:53 <roconnor> TD: I do ... on test net
829 2012-02-04 17:38:00 <roconnor> and when I want to dry my socks
830 2012-02-04 17:38:10 <luke-jr> TD: ah, you mean for the parent block?
831 2012-02-04 17:38:23 <TD> yes
832 2012-02-04 17:38:32 <luke-jr> ok, I get it now. sorry for the indirection
833 2012-02-04 17:39:05 genjix has joined
834 2012-02-04 17:39:17 <TD> roconnor: i need to think about what happens in a majority loses case. i suppose even with discouraged dupe coinbases, lightweight implementations need to handle the case where they have received coins that are then overridden by a duped coinbase, that then vanishes via a re-org
835 2012-02-04 17:39:18 <TD> ugh
836 2012-02-04 17:40:06 pingdrive has quit (Client Quit)
837 2012-02-04 17:40:33 <TD> i suppose you can have a special case for coins received via a coinbase. if you find some in a block, check the wallet for a tx that already has that hash. if you find it, discard that new coinbase entirely and wait for a re-org to sort things out
838 2012-02-04 17:40:41 <genjix> i sent this to eligius pool http://blockchain.info/tx-index/15082100/f003f0c1193019db2497a675fd05d9f2edddf9b67c59e677c48d3dbd4ed5f00b
839 2012-02-04 17:40:52 theymos has joined
840 2012-02-04 17:41:17 <genjix> theymos: i think blockexplorer is down
841 2012-02-04 17:41:19 <TD> what is it? compressed pubkey or something?
842 2012-02-04 17:41:30 <theymos> genjix: Not for me.
843 2012-02-04 17:41:46 <TD> theymos: i was having issues with it hanging on searches earlier too
844 2012-02-04 17:41:56 danbri has joined
845 2012-02-04 17:42:16 <genjix> yep it's hanging now for me.
846 2012-02-04 17:42:21 <theymos> Yeah, searches are taking too long and are timing out. I might have to remove some of the things it searches for.
847 2012-02-04 17:42:37 <genjix> it doesnt normally hang so much
848 2012-02-04 17:43:09 <luke-jr> genjix: not on IM anymore?
849 2012-02-04 17:43:12 <genjix> TD: it's an old op_eval transaction lzsaver sent me
850 2012-02-04 17:43:20 <theymos> One of the BBE servers is down, so one server is handling all of the load.
851 2012-02-04 17:43:43 <genjix> luke-jr: i'm trying to avoid chat/forums for a while... too distracting
852 2012-02-04 17:43:54 <genjix> guess this is me breaking that :p
853 2012-02-04 17:43:59 <luke-jr> genjix: how do I get BIPs? :P
854 2012-02-04 17:44:10 <luke-jr> genjix: Eligius has not received your txn recently, FYI
855 2012-02-04 17:44:36 <genjix> i sent it 2 days ago and now it's in the blockchain
856 2012-02-04 17:44:38 BurtyB has joined
857 2012-02-04 17:44:45 <luke-jr> oh
858 2012-02-04 17:44:49 <luke-jr> missed that
859 2012-02-04 17:44:50 <luke-jr> :D
860 2012-02-04 17:44:55 <genjix> :D
861 2012-02-04 17:44:55 ahihi2 has quit (Read error: Connection reset by peer)
862 2012-02-04 17:45:15 <luke-jr> huh? ozcoin mines OP_EVAL?
863 2012-02-04 17:45:16 <roconnor> genjix: what's special about that f003f0 transaction?
864 2012-02-04 17:45:23 <genjix> also libbitcoin has python bindings now http://ideone.com/JNdOz
865 2012-02-04 17:45:54 <roconnor> oh, the OP_NOP1
866 2012-02-04 17:46:02 <luke-jr> roconnor: it's OP_EVAL
867 2012-02-04 17:47:18 b4epoche_ has joined
868 2012-02-04 17:47:20 egecko has quit (Quit: ~ Trillian Astra - www.trillian.im ~)
869 2012-02-04 17:47:54 storrgie has joined
870 2012-02-04 17:48:22 b4epoche has quit (Ping timeout: 256 seconds)
871 2012-02-04 17:48:23 b4epoche_ is now known as b4epoche
872 2012-02-04 17:49:30 egecko has joined
873 2012-02-04 17:50:06 SomeoneWeird is now known as SomeoneWeirdzzzz
874 2012-02-04 17:50:47 ahihi2 has joined
875 2012-02-04 17:52:27 sacarlson has joined
876 2012-02-04 18:00:51 JRWR has quit (Read error: Connection reset by peer)
877 2012-02-04 18:00:52 shargs has quit (Ping timeout: 240 seconds)
878 2012-02-04 18:01:54 storrgie has quit (Quit: Leaving)
879 2012-02-04 18:06:58 ThomasV has joined
880 2012-02-04 18:07:50 Habbie has quit (Quit: updates)
881 2012-02-04 18:08:39 egecko has quit (Quit: ~ Trillian Astra - www.trillian.im ~)
882 2012-02-04 18:09:30 Habbie has joined
883 2012-02-04 18:10:13 egecko has joined
884 2012-02-04 18:10:49 Insti has quit (Ping timeout: 252 seconds)
885 2012-02-04 18:11:00 <theymos> genjix: I added a "go" button to BBE that should be much faster than normal search.
886 2012-02-04 18:11:06 justmoon has joined
887 2012-02-04 18:11:07 justmoon has quit (Changing host)
888 2012-02-04 18:11:07 justmoon has joined
889 2012-02-04 18:11:20 <genjix> ok thanks theymos
890 2012-02-04 18:11:47 Insti has joined
891 2012-02-04 18:13:18 <genjix> theymos: still slow (searching a tx). if i go to a direct link though, it loads fast
892 2012-02-04 18:14:14 <genjix> i use blockexplorer.com/b/ /block/ /tx/ to navigate :)
893 2012-02-04 18:15:32 ThomasV has quit (Ping timeout: 240 seconds)
894 2012-02-04 18:17:48 <theymos> That's because the search feature searches for the input as any part of the hash (LIKE %input%), which is pretty slow. I could make it even faster if the input was known to be a prefix.
895 2012-02-04 18:19:01 gronager has quit (Quit: Leaving.)
896 2012-02-04 18:21:28 Joric has joined
897 2012-02-04 18:22:34 barmstro_ has joined
898 2012-02-04 18:23:50 TD has quit (Quit: TD)
899 2012-02-04 18:24:38 barmstrong has quit (Ping timeout: 256 seconds)
900 2012-02-04 18:30:49 Ken` has quit (Read error: Connection reset by peer)
901 2012-02-04 18:30:54 iocor has joined
902 2012-02-04 18:31:18 Ken` has joined
903 2012-02-04 18:31:31 <luke-jr> genjix: anyway, I need a BIP for Low-SigOp M-of-N txns: http://pastebin.com/cw59JfnU
904 2012-02-04 18:34:19 <genjix> this is pretty good.
905 2012-02-04 18:35:54 <genjix> luke-jr: can you add a list of what would need to be changed in the current protocol/clients? i get the idea that there could be some unexpected things in the script system which are found would need to be changed, so it's good to have a formal list there.
906 2012-02-04 18:36:47 <genjix> luke-jr: BIP 18
907 2012-02-04 18:44:31 baz has quit (Remote host closed the connection)
908 2012-02-04 18:46:39 egecko has quit (Quit: ~ Trillian Astra - www.trillian.im ~)
909 2012-02-04 18:46:52 booo has quit (Ping timeout: 252 seconds)
910 2012-02-04 18:48:19 egecko has joined
911 2012-02-04 18:48:32 Diablo-D3 has quit (Ping timeout: 240 seconds)
912 2012-02-04 18:48:55 <luke-jr> genjix: BIP 18 is something different
913 2012-02-04 18:49:47 <luke-jr> genjix: no clients need to be changed, besides the new std txn
914 2012-02-04 18:56:12 <genjix> thats one thing (new std tx)
915 2012-02-04 18:56:59 <genjix> also
916 2012-02-04 18:57:00 <genjix> The current Satoshi bitcoin client does not relay or mine transactions with scriptSigs larger than 200 bytes; to accomodate 3-signature transactions, this will be increased to 500 bytes.
917 2012-02-04 18:57:05 <genjix> 2 things
918 2012-02-04 19:00:11 <luke-jr> that's a standard txn thing.
919 2012-02-04 19:03:02 p0s has quit (Ping timeout: 240 seconds)
920 2012-02-04 19:03:24 <luke-jr> so ⦠23 is the next number I think? I guess 19 isn't used either�
921 2012-02-04 19:03:31 p0s has joined
922 2012-02-04 19:05:06 <genjix> what about that list of rule changes?
923 2012-02-04 19:06:10 <luke-jr> the entire Specification section is that
924 2012-02-04 19:09:08 <luke-jr> http://pastebin.com/Q1WA9MsK better?
925 2012-02-04 19:09:58 <luke-jr> or better yet, add significant contributors to Author list: http://pastebin.com/kq5AeXir
926 2012-02-04 19:10:22 <genjix> yeah it seems good. im just trying to understand. see if i missed anything
927 2012-02-04 19:10:54 Joric has quit (Ping timeout: 255 seconds)
928 2012-02-04 19:11:12 <genjix> i think better to put yourself only as the author
929 2012-02-04 19:11:31 <genjix> now what is BIP 18 for?
930 2012-02-04 19:12:33 <genjix> if BIP 18 depends on BIP 17 then it's best to not have a BIP that depends on another Draft
931 2012-02-04 19:12:48 <genjix> i.e to wait until the standard it depends on, actually becomes a standard.
932 2012-02-04 19:12:56 <luke-jr> BIP 18 is unfinished still, until BIP 16 vs 17 is decided
933 2012-02-04 19:13:14 <luke-jr> this new BIP is useless if BIP 16 goes through, actually
934 2012-02-04 19:13:26 <luke-jr> since BIP 16 changes the rules for OP_CHECKMULTISIG
935 2012-02-04 19:13:49 <genjix> ok but my point is that 16 or 17 would be a long time before they actually come,
936 2012-02-04 19:13:59 <genjix> maybe more than a month
937 2012-02-04 19:14:04 <luke-jr> maybe
938 2012-02-04 19:14:08 <genjix> so best to use up those slots now
939 2012-02-04 19:14:34 <luke-jr> well, BIP 18 is conceptually done, and applies to either P2SH solution
940 2012-02-04 19:14:43 <luke-jr> it's just a matter of technical details that it depends on 16/17
941 2012-02-04 19:14:47 <genjix> reserving spaces is best for only short periods of time. this is the 2nd time i reserved a slot and it went unused for more than a week
942 2012-02-04 19:15:02 <luke-jr> it's not unused. we talk about BIP 18 in discussion
943 2012-02-04 19:15:05 Joric has joined
944 2012-02-04 19:15:06 Joric has quit (Changing host)
945 2012-02-04 19:15:06 Joric has joined
946 2012-02-04 19:15:08 <genjix> ok
947 2012-02-04 19:15:17 <genjix> ok then use BIP 19
948 2012-02-04 19:15:20 <luke-jr> ok
949 2012-02-04 19:15:42 <genjix> call BIP 18 a reference BIP (the number could change in the future or something :p)
950 2012-02-04 19:15:43 <luke-jr> would you rather wait until 16/17 is done before a 17-based BIP though? I'm confused :p
951 2012-02-04 19:16:12 <luke-jr> I guess I could just Withdraw it if BIP 16 gets deployed
952 2012-02-04 19:16:21 <genjix> yeah it depends. gavin's BIPs were all submitted at once and they kinda depended on each other
953 2012-02-04 19:17:48 <genjix> i need to think more about whether that BIP 18 can be accepted or not.
954 2012-02-04 19:18:07 <genjix> i think it would be fair to personally
955 2012-02-04 19:18:13 <luke-jr> BIP 18 is the one that is valid for both 16/17â¦
956 2012-02-04 19:18:28 <genjix> oh ok
957 2012-02-04 19:18:43 <genjix> yeah but we still dont know if either will get accepted
958 2012-02-04 19:19:09 <luke-jr> I find it unlikely neither will
959 2012-02-04 19:19:13 <genjix> anyway this BIP 19. send me the final version.
960 2012-02-04 19:19:21 <luke-jr> https://en.bitcoin.it/wiki/BIP_0019
961 2012-02-04 19:20:42 <luke-jr> genjix: realistically, unless BIP 17 gets enabled, Gavin will likely force BIP 16 on the network by client deployment
962 2012-02-04 19:20:49 bill_stickers has joined
963 2012-02-04 19:20:58 <luke-jr> and the "no P2SH" position clearly has minority support IMO
964 2012-02-04 19:22:25 bodom has quit (Remote host closed the connection)
965 2012-02-04 19:22:31 <genjix> ic
966 2012-02-04 19:23:23 <genjix> i like the hard-fork idea
967 2012-02-04 19:23:29 eoss has joined
968 2012-02-04 19:23:29 eoss has quit (Changing host)
969 2012-02-04 19:23:29 eoss has joined
970 2012-02-04 19:23:38 <luke-jr> hard-fork is inevitable, but I think a few years off
971 2012-02-04 19:23:40 <theymos> The tx-version-2 BIP 16 solution seems like something almost everyone can agree on, though I think Gavin will not like having to roll out yet another change.
972 2012-02-04 19:23:48 <luke-jr> Satoshi's hardfork was timed 2 years later
973 2012-02-04 19:23:59 <luke-jr> theymos: indeed
974 2012-02-04 19:24:13 sacarlson has quit (Ping timeout: 240 seconds)
975 2012-02-04 19:25:43 <genjix> done
976 2012-02-04 19:25:49 <luke-jr> ty
977 2012-02-04 19:27:02 <genjix> k im on #bitcoinconsultancy ... focus now
978 2012-02-04 19:27:05 genjix has left ()
979 2012-02-04 19:30:53 <gmaxwell> theymos: it's such a trivial change though...
980 2012-02-04 19:32:06 <theymos> Did Gavin say anything about it yet?
981 2012-02-04 19:32:11 <Eliel> luke-jr: I have a suggestion about BIP 18. How about have it specify a hard fork change 2 years into the future with the extra bytes removed from the spec?
982 2012-02-04 19:32:58 <luke-jr> theymos: he said he was OK with it, IIRC
983 2012-02-04 19:33:45 <luke-jr> Eliel: then we can't change our mind without breaking the clients implementing that rule
984 2012-02-04 19:34:13 <luke-jr> Eliel: perhaps after a while
985 2012-02-04 19:34:29 <Eliel> then make it 3 years to allow for changing our mind? :P
986 2012-02-04 19:35:00 <luke-jr> if in a year, it seems sensible, a 2 year out proposal seems logical
987 2012-02-04 19:35:16 <luke-jr> no reason to decide things now
988 2012-02-04 19:37:40 <Eliel> I'm starting to think a rule change coordination protocol might be needed. :)
989 2012-02-04 19:39:47 sacarlson has joined
990 2012-02-04 19:48:06 <luke-jr> anyone know if git master still accepts OP_EVAL transactions into blocks?
991 2012-02-04 19:50:14 theymos has quit (Remote host closed the connection)
992 2012-02-04 19:52:48 Clipse has joined
993 2012-02-04 19:57:23 att has quit (Ping timeout: 245 seconds)
994 2012-02-04 20:03:16 occulta has quit (Read error: Connection reset by peer)
995 2012-02-04 20:03:46 occulta has joined
996 2012-02-04 20:06:23 merde has quit (Remote host closed the connection)
997 2012-02-04 20:06:46 merde has joined
998 2012-02-04 20:13:23 bill_stickers has quit (Quit: Lost terminal)
999 2012-02-04 20:20:15 RazielZ has quit (Ping timeout: 256 seconds)
1000 2012-02-04 20:23:23 RazielZ has joined
1001 2012-02-04 20:33:47 has quit (Clown|!Clown@static-87-79-93-140.netcologne.de|Ping timeout: 252 seconds)
1002 2012-02-04 20:34:52 ahbritto has quit (Quit: Ex-Chat)
1003 2012-02-04 20:39:10 <gmaxwell> https://bitcointalk.org/index.php?topic=62609.msg731238#msg731238 :-/
1004 2012-02-04 20:42:28 <BTC_Bear> lol, the negatives are back.
1005 2012-02-04 20:46:09 <gmaxwell> it must be something about python developers handling bitcoin amounts using radix-2 floating point.
1006 2012-02-04 20:53:35 occulta has quit (Quit: KVIrc 4.1.1 Equilibrium http://www.kvirc.net/)
1007 2012-02-04 20:58:45 chrisb__ has joined
1008 2012-02-04 20:59:26 etotheipi_ has joined
1009 2012-02-04 21:00:37 <etotheipi_> okay, really obscure memory question: serialize.h:42
1010 2012-02-04 21:01:26 <etotheipi_> mlock appears to redefine the pointer to round down to the nearest pagefloor, but what about the second parameter which is the size. Is there a reason it isn't just a multiple of the pagesize (it seems awfully complicated)
1011 2012-02-04 21:02:45 <gmaxwell> etotheipi_: say size is 8 bytes and the original pointer was 7 below the end of the page.
1012 2012-02-04 21:03:00 <gmaxwell> etotheipi_: you need to lock 2 pages to copletely cover the data.
1013 2012-02-04 21:03:09 <gmaxwell> etotheipi_: rounding up the size to 1 page wouldn't do it.
1014 2012-02-04 21:03:25 <tcatm> mlock() will take care of locking all affected pages
1015 2012-02-04 21:03:51 <gmaxwell> tcatm: alas, not portably. On some platforms mlock _must_ be called with page aligned arguments.
1016 2012-02-04 21:04:12 <tcatm> windows?
1017 2012-02-04 21:04:18 <gmaxwell> etotheipi_: none the less, bitcoin's usage of mlock is generally pretty stupid. You shouldn't mimic it. You should have a seperate pool of locked memory.
1018 2012-02-04 21:04:22 <gmaxwell> tcatm: mac.
1019 2012-02-04 21:06:08 <gmaxwell> etotheipi_: E.g. it's better to at startup mlock a few hundred K and use your own allocator against it.. and try damn hard to avoid calling malloc more... since mlock may not work in the future... best if you can make your mlocked memory requirements completely static.
1020 2012-02-04 21:06:43 <gmaxwell> tcatm: oh even the manpage on linux helpfully tells you this.
1021 2012-02-04 21:06:47 <gmaxwell> Linux Notes
1022 2012-02-04 21:06:47 <gmaxwell> Under Linux, mlock() and munlock() automatically round addr down to the nearest page boundary. Howâ
1023 2012-02-04 21:06:50 <gmaxwell> ever, POSIX.1-2001 allows an implementation to require that addr is page aligned, so portable appliâ
1024 2012-02-04 21:06:54 <gmaxwell> cations should ensure this.
1025 2012-02-04 21:09:55 <etotheipi_> gmaxwell: I recognize the need to potentially lock multple pages... but I'm asking you can't just use something like (int)((dataSz / pagesize) + 1) * pagesize
1026 2012-02-04 21:10:19 <etotheipi_> ehh... now htat I start to write it out, I see that it's not going to get any simpler than what's already there...
1027 2012-02-04 21:10:46 Joric has quit (Ping timeout: 248 seconds)
1028 2012-02-04 21:11:42 <etotheipi_> good recommendation on the static mlock'd pool
1029 2012-02-04 21:11:53 <gmaxwell> etotheipi_: right. Well, you could express it in some other ways.
1030 2012-02-04 21:12:25 <gmaxwell> etotheipi_: thats what one does when writing realtime software (make your damn memory behavior as static as possible because you don't know how long sbrk will take!)
1031 2012-02-04 21:14:42 <luke-jr> gmaxwell: do you know the OS won't context-switch, in a RTOS?
1032 2012-02-04 21:15:52 shargs has joined
1033 2012-02-04 21:16:20 occulta has joined
1034 2012-02-04 21:18:12 <gmaxwell> luke-jr: Yes but that doesn't have anything to do with sbrk not being O(1). (And plenty of people do realtime work on not-really-rtoses.. e.g. linux if you need only ms responses you can reliably get them from linux as long as you're careful about the kernel and hardware)
1035 2012-02-04 21:19:25 ras- has joined
1036 2012-02-04 21:20:33 <shargs> gmaxwell: http://www.cs.ut.ee/~lipmaa/crypto/link/zeroknowledge/pok.php search for "proofs that the committed numbers belong to an interval (Range proof)"
1037 2012-02-04 21:20:50 <shargs> how to keep transaction amounts private in bitcoin
1038 2012-02-04 21:21:43 danbri has quit (Remote host closed the connection)
1039 2012-02-04 21:21:56 danbri has joined
1040 2012-02-04 21:22:58 <gmaxwell> shargs: it would also need to be a non-interactive proof.
1041 2012-02-04 21:23:24 <gmaxwell> (since the transacting party is not going to go about proving it to every bitcoin node now and in the future. :) )
1042 2012-02-04 21:23:52 <shargs> yep theres a non-interactive proof
1043 2012-02-04 21:24:44 <gmaxwell> Interesting.
1044 2012-02-04 21:25:03 <gmaxwell> (and thanks for the pageâ I don't think I'd see that before, looks handy)
1045 2012-02-04 21:25:29 <shargs> yeah its a nice collection
1046 2012-02-04 21:26:09 <shargs> theres a simple way to do it: post the upper limit of the amount, but not the exact amount. that way you can still prove you have at least X coins without revealing the exact amount of your previous transactions
1047 2012-02-04 21:26:21 <shargs> that doesn't use the cool crypto tho
1048 2012-02-04 21:27:46 danbri has quit (Remote host closed the connection)
1049 2012-02-04 21:28:42 <luke-jr> gmaxwell: personally, I try to keep everything on the stack when possible :P
1050 2012-02-04 21:29:42 p0s has quit (Remote host closed the connection)
1051 2012-02-04 21:30:07 <shargs> now if only some crypto master will translate these papers into something that can be implemented practically
1052 2012-02-04 21:32:06 copumpkin has quit (Ping timeout: 245 seconds)
1053 2012-02-04 21:32:33 copumpkin has joined
1054 2012-02-04 21:36:20 <shargs> This can be seen as a variant of the socialist millionaires' problem [4] where two parties each with a secret input
1055 2012-02-04 21:36:20 <shargs> want to know if they happen to possess the same secret without disclosing their inputs in case they do not.
1056 2012-02-04 21:37:12 splatster has quit (Quit: Linkinus - http://linkinus.com)
1057 2012-02-04 21:38:01 <shargs> "This is the first divisible e-cash scheme that provides both full unlinkability and anonymity without requiring a trusted third party. " http://www.springerlink.com/content/w1600452652072r6/
1058 2012-02-04 21:38:25 <josephcp> i think this problem is very different because you have to know prior transactions to respend it, it makes me suspect it's less likely to be possible without some major tradeoff
1059 2012-02-04 21:39:37 <josephcp> (the tradeoff is probably massive transaction sizes)
1060 2012-02-04 21:39:59 <gmaxwell> shargs: appears to require binary binning.
1061 2012-02-04 21:41:28 <shargs> Alice wants to prove that she is young enough to borrow money from her bank, without revealing her age. She therefore needs a tool for proving that a committed number lies in a specific interval. Up to now, such tools were either inefficient (too many bits to compute and to transmit) or inexact (i.e. proved membership to a much larger interval). This paper presents a new proof, which is
1062 2012-02-04 21:41:28 <shargs> both efficient and exact.
1063 2012-02-04 21:42:12 <shargs> http://www.springerlink.com/content/yyb55d3tat49bc8g/
1064 2012-02-04 21:42:39 <shargs> im sure bitcoin III will have support for it
1065 2012-02-04 21:43:41 <gmaxwell> I'm doubtful. I'm still generally of the of the opinion that the clique anonymity stuff is basically worthless... But whatever, it's still interesting.
1066 2012-02-04 21:45:28 <k9quaint> hmmm, solidcoin 3.0, finally doing away with the blockchain where all the bugs and poor designs reside!
1067 2012-02-04 21:45:48 <gmaxwell> Yea, merging it with rexcoin.
1068 2012-02-04 21:46:07 <shargs> privacy is always good. and with a range proof you can essentially pay for the amount of security you want (add coins to epand the range you can prove your balance lies within)
1069 2012-02-04 21:47:28 <shargs> this post hints at it too: http://crypto.stackexchange.com/a/512
1070 2012-02-04 21:47:36 <cjd> I demand a pdf
1071 2012-02-04 21:47:50 <gmaxwell> shargs: I think you need to think a bit more carefully.
1072 2012-02-04 21:48:36 <gmaxwell> shargs: it's not as simple as that. If you _only_ implemented that then the recipent of your funds would have to fully disclose the outputs of the transaction which paid him in order to spend those funds in order to establish the new bounds.
1073 2012-02-04 21:49:17 <shargs> no you dont have to disclose the exact amount, since you can attach the previous non-interactive proof along with your own
1074 2012-02-04 21:49:38 <shargs> it takes extra coins to increase the amount of privacy you have, so people who dont need it can forego it
1075 2012-02-04 21:51:52 <josephcp> that's like saying I'm going to mail you a blank check, you can write anything between 1 and 1 million dollars, you can redeem it for whatever you want
1076 2012-02-04 21:52:17 <shargs> nah you should read the paper
1077 2012-02-04 21:52:25 <josephcp> everyone's going to force 1 million dollars to force you to acknowledge to everyone
1078 2012-02-04 21:52:37 <josephcp> what the real amount was
1079 2012-02-04 21:52:55 <gmaxwell> shargs: I think you're full of it, because you're not thinking carefully about the whole system, but I don't have 20 minutes to argue with you about it.
1080 2012-02-04 21:53:25 <josephcp> pick 3: fininte coins, cannot double-spend, no central authority, hidden transactions
1081 2012-02-04 21:53:27 <cjd> 17:00 < shargs> nah you should read the paper <-- IMO paper locked up in springerlink == nonexistant
1082 2012-02-04 21:53:52 <cjd> if they won't show me, I will assume scam until proven otherwise
1083 2012-02-04 21:53:55 <gmaxwell> cjd: you == lazy; http://www.iacr.org/archive/eurocrypt2007/45150482/45150482.pdf
1084 2012-02-04 21:54:00 <cjd> thx
1085 2012-02-04 21:54:17 <josephcp> haha i was lazy too thnx
1086 2012-02-04 21:55:20 osmosis has joined
1087 2012-02-04 21:55:50 <shargs> lazy non-rigorous objections to cutting-edge research
1088 2012-02-04 21:55:51 <shargs> interesting haha
1089 2012-02-04 21:56:10 <cjd> hahaha doesn't cite satoshi
1090 2012-02-04 21:56:22 <cjd> I'll read it, I just assumed that it was locked up
1091 2012-02-04 21:56:58 <josephcp> or "looked into this stuff enough to know where it is probably going" ;-)
1092 2012-02-04 21:57:25 <gmaxwell> shargs: Have you actually read that paper or just the abstract?
1093 2012-02-04 21:58:13 JRWR has joined
1094 2012-02-04 21:58:38 b4epoche_ has joined
1095 2012-02-04 21:59:36 b4epoche has quit (Ping timeout: 252 seconds)
1096 2012-02-04 21:59:36 b4epoche_ is now known as b4epoche
1097 2012-02-04 22:01:10 <shargs> that is not actually the crucial paper
1098 2012-02-04 22:01:11 <shargs> http://www.springerlink.com/content/yyb55d3tat49bc8g/
1099 2012-02-04 22:01:32 <cjd> ^^that isn't either
1100 2012-02-04 22:01:40 <shargs> have you read it?
1101 2012-02-04 22:01:59 <shargs> criticizing papers you haven't read is all well and good
1102 2012-02-04 22:02:22 <shargs> well if you want to be lazy that is
1103 2012-02-04 22:02:29 <cjd> yeap, just read it
1104 2012-02-04 22:02:38 <cjd> but being only one page, it doesn't prove anything :P
1105 2012-02-04 22:02:45 <gmaxwell> shargs: You're out of line.
1106 2012-02-04 22:03:08 <shargs> gmaxwell: have you been offended by something? tell it to your therapist
1107 2012-02-04 22:03:12 <gmaxwell> shargs: As I said before, range proofs simply added to bitcoin don't grant the properties you're claiming.
1108 2012-02-04 22:03:43 <gmaxwell> shargs: Stop wasting people's time with gibberish non-proposals.
1109 2012-02-04 22:03:58 <shargs> get back to me when you have a passing familiarity with the revelant crypto literature before spouting your unresearched theories at me
1110 2012-02-04 22:04:07 <Moron__> i like to critice papers on quantum chromodynamics
1111 2012-02-04 22:04:11 <Moron__> it makes me feel smart
1112 2012-02-04 22:04:14 <Moron__> :)
1113 2012-02-04 22:04:17 <gmaxwell> shargs: I'm not criticizing the paper.
1114 2012-02-04 22:04:23 <shargs> gmaxwell: a paper you havent read
1115 2012-02-04 22:04:23 iocor has quit (Quit: Computer has gone to sleep.)
1116 2012-02-04 22:04:34 <cjd> shargs: you're making claims but you've not linked to a single paper yet, just springerlink urls with front pages and more claims
1117 2012-02-04 22:04:37 <josephcp> Moron__: reddit.com/r/vxjunkies
1118 2012-02-04 22:04:53 <gmaxwell> shargs: the paper is not about adding the properties to bitcoin which you're talking about. It's about range proofs. I'll accept that it's solid and does what the abstract says.
1119 2012-02-04 22:05:01 <shargs> cjd: if you dont have access to the research thats not my fault.
1120 2012-02-04 22:05:11 <cjd> there is no research
1121 2012-02-04 22:05:14 <shargs> lol
1122 2012-02-04 22:05:20 <cjd> springerlink is not real
1123 2012-02-04 22:05:23 <cjd> prove me wrong
1124 2012-02-04 22:05:28 <shargs> ignored
1125 2012-02-04 22:05:28 has joined
1126 2012-02-04 22:05:42 <gmaxwell> shargs: please ignore me too.
1127 2012-02-04 22:05:52 <shargs> gmawell your objection is about as relevant as <cjd> springerlink is not real
1128 2012-02-04 22:05:56 <gmaxwell> ...
1129 2012-02-04 22:06:12 <amiller> oh man, we're spouting off about homomorphic encryption today! this is my favorite topic
1130 2012-02-04 22:06:15 <amiller> i'd recommend papers by jens groth
1131 2012-02-04 22:06:22 <gmaxwell> cjd: You can find the paper via google trivially.
1132 2012-02-04 22:06:24 <shargs> lol you expect a paper written prior to bitcoin's invention to reference bitcoin? cool trick
1133 2012-02-04 22:07:05 <gmaxwell> shargs: who are you talking to?
1134 2012-02-04 22:07:05 <cjd> I've never seen a real paper come from springerlink, therefor I have no evidence that it's anything but fraud --- And I wish links to "unavailable research" were generally regarded that way.
1135 2012-02-04 22:08:00 <amiller> http://www.cs.ucl.ac.uk/staff/J.Groth/
1136 2012-02-04 22:08:07 <amiller> none of THOSE papers are paywalled
1137 2012-02-04 22:08:28 <gmaxwell> shargs: You're claiming that range proofs would magically make bitcoin more anonymous. You are mistaken. I don't know _why_ you are mistaken, but I'm not your tutor so I don't care.
1138 2012-02-04 22:08:38 <shargs> that is a trove of good stuff amiller
1139 2012-02-04 22:08:41 <gmaxwell> shargs: none of that has anything to do with how excellent some range proof system is.
1140 2012-02-04 22:08:41 <Moron__> gmaxwell: range proofs?
1141 2012-02-04 22:08:43 <cjd> I know it's kinda playing the luke card but paywalled == dead to me
1142 2012-02-04 22:08:56 <Moron__> gmaxwell: that sounds interesting, are they what I think they are?
1143 2012-02-04 22:09:20 <shargs> gmaxwell: if you dont understand why disclosing a numerical range offers more privacy than disclosing an exact value then your input isnt valuable here
1144 2012-02-04 22:09:22 <gmaxwell> cjd: http://www.iacr.org/cryptodb/archive/2000/EUROCRYPT/18070431.pdf
1145 2012-02-04 22:09:23 <amiller> hey i know, anyone who wants to talk more about this stuff, join #homo
1146 2012-02-04 22:09:50 <gmaxwell> shargs: If you don't know how bitcoin works then you're in the wrong channel, my friend.
1147 2012-02-04 22:10:28 <Moron__> is range-proof = figuring out how far something is away by internet latencies or something?
1148 2012-02-04 22:10:54 <shargs> range proof in this contet is a proof that an encrypted number lies within a particular range, without disclosing the exact value
1149 2012-02-04 22:10:57 <cjd> thx for the link gmax, otoh part of my response is about discouraging people from dropping links which are not available to everyone
1150 2012-02-04 22:10:59 <gmaxwell> shargs: Disclosing a range doesn't actually drop into the system, because the public needs to break open those disclosures frequently. This is what I initially pointed out to you. All you've been able to do is wave your arms about litrature which is irrelevant to this.
1151 2012-02-04 22:11:05 <Moron__> oh right
1152 2012-02-04 22:11:33 <Moron__> is that something specail to ecdsa?
1153 2012-02-04 22:11:34 <amiller> it's easier to talk about 'private contracts' in terms of something like opentransactions
1154 2012-02-04 22:12:13 <gmaxwell> I think I'm going to start paying someone to have agents (which are unknown to me) come into channels I'm in and try to waste mytime with almost plausable jibberish.
1155 2012-02-04 22:12:31 <gmaxwell> Then there will be no doubt that this risk exists, and I'll be able to manage my time more effectively.
1156 2012-02-04 22:13:02 <sipa> anything i've missed here the past day?
1157 2012-02-04 22:13:29 <shargs> gmaxwell: no the public doesn't. you can choose who you transact with. when you're passing inequalities around, you don't need to tighten them until the transacted amount exceeds the possible range (in which case you can pay for more privacy by reloading your accounting)
1158 2012-02-04 22:13:39 Clipse has quit (Quit: Clipse)
1159 2012-02-04 22:13:51 <cjd> almost plausible jobberish :D
1160 2012-02-04 22:13:53 <shargs> in any case, its a significant increase in privacy (tho by no means perfect)
1161 2012-02-04 22:14:03 <gmaxwell> sipa: there was some discussion with respect to BIP16+txn version 2, some oddness with a pool mining what appears to be OP_EVAL transactions.
1162 2012-02-04 22:14:23 <sipa> ok
1163 2012-02-04 22:16:07 <gmaxwell> shargs: Go write proposal for a complete system. I'll gladly comment on itâ it's a waste of my time to comment incrementally as you add potentially interacting parts to address each criticism as I raise it.
1164 2012-02-04 22:17:16 <gmaxwell> (even better, actually code it and have it running too!)
1165 2012-02-04 22:17:56 <k9quaint> gmaxwell: I think the phrase you are looking for is "Patches are welcome!"
1166 2012-02-04 22:18:01 <gmaxwell> (double bonus if it's actually pratical and each transaction doesn't require carrying hunreds of 2kb proofs)
1167 2012-02-04 22:18:30 <gmaxwell> k9quaint: no, they're not welcomeâ this isn't bitcoin that he's advocating. It's not the sort of thing that could be just added to bitcoin.
1168 2012-02-04 22:19:11 <gmaxwell> k9quaint: it might form an interesting system to use along side, or instead of bitcoin though. If it were actually secure and pratical.
1169 2012-02-04 22:21:19 <roconnor> sipa: I proved that it is possible to spend a duplicate coinbase.
1170 2012-02-04 22:21:30 <roconnor> sipa: which opens a whole can of worms
1171 2012-02-04 22:21:55 <sipa> roconnor: which order of creating / spending it?
1172 2012-02-04 22:21:55 <k9quaint> gmaxwell: didn't you watch the gavin poison video?
1173 2012-02-04 22:22:08 <roconnor> sipa: create, spend, create duplicate, spend duplicate.
1174 2012-02-04 22:22:17 <luke-jr> gmaxwell: FWIW, ozcoin that mined the OP_EVAL is apparently running a recent git checkout
1175 2012-02-04 22:22:17 <sipa> roconnor: sounds exactly correct to me
1176 2012-02-04 22:22:30 <sipa> roconnor: imho, you should be able to spend that
1177 2012-02-04 22:25:08 <nathan7> Anyone here who is willing to paypal money to me in exchange for an mtgox euro code?
1178 2012-02-04 22:25:08 josephcp has quit (Read error: Connection reset by peer)
1179 2012-02-04 22:25:10 pusle has quit ()
1180 2012-02-04 22:25:38 <roconnor> sipa: if I mine A, wait 70 blocks duplicate mine A, wait 30 blocks spend A, wait 30 blocks, is the duplicate A spendable?
1181 2012-02-04 22:25:52 josephcp has joined
1182 2012-02-04 22:26:23 * nathan7 twiddles thumbs
1183 2012-02-04 22:27:05 <sipa> roconnor: shouldn't be
1184 2012-02-04 22:27:24 <roconnor> sipa: then my haskell client has a bug.
1185 2012-02-04 22:27:29 <luke-jr> sipa: there is an attack that can split the network in that case
1186 2012-02-04 22:28:03 <sipa> iirc, every tx overwrites the "spendable" vector of its id
1187 2012-02-04 22:29:08 <nathan7> Great. Now I have to figure out intl wire.
1188 2012-02-04 22:29:11 <roconnor> sipa: I don't include coinbases into my set of available coins until it matures. ... hence the bug
1189 2012-02-04 22:29:51 <roconnor> sipa: what are the odds that the standard client corrently manages block reorgs in the presence of duplicate transactions?
1190 2012-02-04 22:29:53 <sipa> the correct solution would be to disallow duplicate tx's, unless they are completely spent
1191 2012-02-04 22:30:04 <sipa> roconnor: i believe it will work correctly
1192 2012-02-04 22:30:26 iocor has joined
1193 2012-02-04 22:30:32 <sipa> no guarantees of course, there can be all kinds of strange behavior
1194 2012-02-04 22:31:29 <nathan7> ..well ffs, 15 USD of fees
1195 2012-02-04 22:31:33 eoss has quit (Ping timeout: 240 seconds)
1196 2012-02-04 22:31:48 BTC_Bear is now known as BTC_Bear|hbrntng
1197 2012-02-04 22:32:12 <roconnor> gmaxwell: ping
1198 2012-02-04 22:32:29 theymos has joined
1199 2012-02-04 22:32:51 <roconnor> sipa: sounds like you've read and understood the transaction chaining code.
1200 2012-02-04 22:33:59 <sipa> roconnor: well, processing a transaction (over)writes its TxIndex datastructure in the db
1201 2012-02-04 22:34:35 <roconnor> sipa: and during a block reorg?
1202 2012-02-04 22:34:51 <roconnor> does it unoverwrite it restoring the previous TxIndex?
1203 2012-02-04 22:35:13 <sipa> dang
1204 2012-02-04 22:35:18 <sipa> i think you're right
1205 2012-02-04 22:35:21 <roconnor> you guys and your mutable data structures :P
1206 2012-02-04 22:35:31 <roconnor> if only it was written in Haskell
1207 2012-02-04 22:35:56 <roconnor> sipa: after that who knows what happens, but it is certain to be bad.
1208 2012-02-04 22:36:05 <cjd> no mutibility? that must generate a lot of garbage
1209 2012-02-04 22:36:20 <roconnor> cjd: ya I guess.
1210 2012-02-04 22:36:35 Mqrius has left ()
1211 2012-02-04 22:36:39 <roconnor> cjd: sometimes it get optimized into mutation by the compiler.
1212 2012-02-04 22:36:42 * cjd <3 C
1213 2012-02-04 22:37:14 <cjd> in C you know exactly what you're doing because you have to do it explicitly
1214 2012-02-04 22:37:27 <roconnor> cjd: apparently satoshi didn't know what he was doing. :P
1215 2012-02-04 22:38:19 <sipa> i wonder if we can introduce a rule that says: overwriting a not-completely-spent tx is forbidden
1216 2012-02-04 22:38:33 denisx has quit (Quit: denisx)
1217 2012-02-04 22:38:34 <cjd> haha, I give him a lot of credit, but IMO bitcoin is hard to maintain partially because of the hidden complexity of C++
1218 2012-02-04 22:38:53 <roconnor> sipa: I'd avocate a rule that an outpoint can be spent at most once ever, no matter how many times it is duplicated.
1219 2012-02-04 22:38:55 <sipa> cjd: to be honest, this details would be equally hard to spot if it were C
1220 2012-02-04 22:39:05 <sipa> roconnor: NAK, that prevents pruning
1221 2012-02-04 22:39:17 <cjd> perhaps so
1222 2012-02-04 22:39:27 <roconnor> sipa: it's not so bad; you just need to maintain a list of coinbase hashes.
1223 2012-02-04 22:39:57 <roconnor> sipa: because the problem will never propogate past those.
1224 2012-02-04 22:40:03 <sipa> indeed
1225 2012-02-04 22:40:09 <roconnor> (unless you have a real hash collision)
1226 2012-02-04 22:42:34 <shargs> interesting paper to be presented next month at Financial Cryptography 2012: http://people.scs.carleton.ca/~clark/commitcoin/ CommitCoin harnesses the existing processing power of the Bitcoin network without trusting it, and is designed to leave the commitment value evident in the public Bitcoin transcript in a way that does not destroy currency
1227 2012-02-04 22:43:47 <lianj> what is "[20-byte-hash of {2 [pubkey1] [pubkey2] [pubkey3] 3 OP_CHECKMULTISIG} ]" in BIP 17? hash160(sha256) ?
1228 2012-02-04 22:44:02 <sipa> lianj: yes
1229 2012-02-04 22:44:25 <lianj> thanks, hm then i must overlook something else, damn :D
1230 2012-02-04 22:45:46 eoss has joined
1231 2012-02-04 22:46:46 <lianj> yay, got it :) thanks!
1232 2012-02-04 22:50:33 <gribble> New news from bitcoinrss: dishwara opened issue 797 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/issues/797>
1233 2012-02-04 22:51:00 <luke-jr> lianj: ?
1234 2012-02-04 22:51:16 <luke-jr> oh, I get it
1235 2012-02-04 22:51:32 <luke-jr> lianj: might note BIP 19 is designed to go hand-in-hand with BIP 17
1236 2012-02-04 22:51:45 splatster has joined
1237 2012-02-04 22:53:50 <shargs> gmaxwell is a brilliant guy. you may be right.. i certainly dont have the solution, but its an area worth investigating. no one has proven transaction amounts cant have more privacy
1238 2012-02-04 22:54:22 <sipa> sure they can; just move them to the txins?
1239 2012-02-04 22:54:37 <sipa> and keep the remaining balance per tx, instead of just a vector whether each txout is spent
1240 2012-02-04 22:54:40 * shargs reads Privacy-Preserving, Taxable Bank Accounts ZKPs
1241 2012-02-04 22:55:22 <shargs> hmm
1242 2012-02-04 22:55:26 <phantomcircuit> shargs, so their messages can be at most 256 bits per transaction
1243 2012-02-04 22:57:18 <shargs> phantomcircuit: you mean commitcoin?
1244 2012-02-04 22:58:16 theymos has quit (Remote host closed the connection)
1245 2012-02-04 23:00:17 Cablesaurus has joined
1246 2012-02-04 23:00:17 Cablesaurus has quit (Changing host)
1247 2012-02-04 23:00:17 Cablesaurus has joined
1248 2012-02-04 23:00:43 <lianj> man, i hate implementing bips though :D
1249 2012-02-04 23:01:39 <splatster> etotheipi_: I still have been unable to get Armory to run
1250 2012-02-04 23:02:07 Cablesaurus has quit (Client Quit)
1251 2012-02-04 23:02:30 <sipa> lianj: you're implementing a client?
1252 2012-02-04 23:03:04 <lianj> somewhat. a library
1253 2012-02-04 23:03:33 <shargs> libcoin
1254 2012-02-04 23:03:41 <roconnor> lianj: the ruby one right?
1255 2012-02-04 23:03:47 <lianj> roconnor: yes
1256 2012-02-04 23:03:49 ThomasV has joined
1257 2012-02-04 23:05:03 * roconnor is a little tempted to short bitcoin and then release an article on a "devistating flaw in bitcoin!!!", maybe even with four !'s.
1258 2012-02-04 23:05:17 <lianj> but just as a side interest, so following all the bip evolvement is kinda hard
1259 2012-02-04 23:06:24 <shargs> roconnor: what are the requirements fot he attacker? the ability to generate 2 blocks?
1260 2012-02-04 23:07:02 <sipa> roconnor: do it, including the typo
1261 2012-02-04 23:10:05 <splatster> Has anyone ever gotten Armory to run on OS X 10.7?
1262 2012-02-04 23:10:09 <roconnor> shargs: attacker needs to make a block reorg
1263 2012-02-04 23:10:11 <shargs> http://eprint.iacr.org/2007/376.pdf improvement to Boudot's range-bounded commitment scheme
1264 2012-02-04 23:10:22 <shargs> i see hmm
1265 2012-02-04 23:10:24 <roconnor> shargs: with some luck it could be done with 1 block.
1266 2012-02-04 23:10:25 barmstro_ has quit (Remote host closed the connection)
1267 2012-02-04 23:10:30 <roconnor> shargs: 3 blocks would be ideal.
1268 2012-02-04 23:10:43 <lianj> well, at least the signature verification for bip 17 txs works now in my code :D gotta review that though ^^
1269 2012-02-04 23:12:02 <lianj> is drop_signatures even needed with OP_CODESEPARATOR? it drops them anyway
1270 2012-02-04 23:12:51 JFK911_ has joined
1271 2012-02-04 23:14:42 JFK911 has quit (Read error: Connection reset by peer)
1272 2012-02-04 23:17:13 <shargs> We will need proofs that a committed integer satises an inequality such as x >= A. One way to accomplish this is to prove that x lies in an interval [A; B] for a large enough B. We now review the classic interval proof [4, 7, 6], based on bounding the bit length of an integer http://www.eecs.harvard.edu/~cat/papers/szydlo05risk.pdf
1273 2012-02-04 23:18:43 JFK911_ is now known as JFK911
1274 2012-02-04 23:20:06 chrisb__ has quit (Quit: Leaving)
1275 2012-02-04 23:28:07 Cablesaurus has joined
1276 2012-02-04 23:28:07 Cablesaurus has quit (Changing host)
1277 2012-02-04 23:28:07 Cablesaurus has joined
1278 2012-02-04 23:28:39 barmstrong has joined
1279 2012-02-04 23:32:38 MobiusL has quit (Ping timeout: 276 seconds)
1280 2012-02-04 23:38:28 Clipse has joined
1281 2012-02-04 23:45:01 <luke-jr> roconnor: Bitcoin has always gone up with news, positive or negative
1282 2012-02-04 23:45:28 <luke-jr> lianj: you need to drop signatures anyway, or else someone can fork you
1283 2012-02-04 23:45:45 <luke-jr> lianj: what impl do you write?
1284 2012-02-04 23:46:03 <roconnor> luke-jr: in that case I should buy some bitcoins and then release an article on a "devistating flaw in bitcoin!!!", maybe even with four !'s.
1285 2012-02-04 23:46:24 Clown has joined
1286 2012-02-04 23:46:33 <luke-jr> roconnor: it's tempting.
1287 2012-02-04 23:46:50 Clown is now known as Guest13384
1288 2012-02-04 23:47:02 <luke-jr> roconnor: did you confirm it actually works?
1289 2012-02-04 23:47:17 <sipa> i'm quite sure he's right
1290 2012-02-04 23:47:26 datagutt_ has joined
1291 2012-02-04 23:47:26 <roconnor> luke-jr: no; I don't know what will happen during a block reorg
1292 2012-02-04 23:47:36 <roconnor> sipa: it is really luke-jr's idea
1293 2012-02-04 23:47:41 <sipa> oh, ok
1294 2012-02-04 23:47:43 <luke-jr> sipa: yes, but how many other exploits seemed likely, but didn't work for some reason? :P
1295 2012-02-04 23:47:51 <roconnor> luke-jr: whatever happens it will almost certainly be bad.
1296 2012-02-04 23:48:13 <luke-jr> maybe we should try it on testnet
1297 2012-02-04 23:48:13 <sipa> during the disconnect of the old chain, the txout that chain created are removed
1298 2012-02-04 23:48:15 cjd_ has joined
1299 2012-02-04 23:48:16 Jamesz has joined
1300 2012-02-04 23:48:16 <roconnor> luke-jr: I don't need an actual exploit for FUD; in fact, not having one is better :D
1301 2012-02-04 23:48:34 <sipa> if one of those overwrote an older txout
1302 2012-02-04 23:48:37 <sipa> it is not restored
1303 2012-02-04 23:48:40 <gmaxwell> I'll gladly provide hashing to reorg testnet. But I've been quitely reading the code, and I think it wil work. It's also not that exciting but something should be done about it.
1304 2012-02-04 23:48:58 robblesz_ has joined
1305 2012-02-04 23:49:02 <gmaxwell> s/wil/will/
1306 2012-02-04 23:49:14 paul0 has quit (Quit: paul0)
1307 2012-02-04 23:49:19 <luke-jr> I guess Gavin could always send out an alert "You must rescan your blockchain" <.<
1308 2012-02-04 23:49:22 AAA_awright_ has joined
1309 2012-02-04 23:49:31 <roconnor> gmaxwell: I was wonder if you can generated blocks if I give you a header without inserting your own coin base and without putting it onto the network?
1310 2012-02-04 23:49:32 <sipa> a rescan won't do it
1311 2012-02-04 23:49:36 Hunner_ has joined
1312 2012-02-04 23:49:37 <gmaxwell> (I'm less confident that on its own it actually violates any of the advertised security propertiesâ the attack mostly looks like a reverse and respend, except there is no real respend)
1313 2012-02-04 23:49:39 <luke-jr> sipa: it won't?
1314 2012-02-04 23:49:54 <sipa> luke-jr: rescanning is a part of wallet handling, not the block chain handling
1315 2012-02-04 23:49:55 dirus- has joined
1316 2012-02-04 23:50:01 <luke-jr> sipa: oh
1317 2012-02-04 23:50:04 <luke-jr> well crap
1318 2012-02-04 23:50:15 <sipa> you need to disconnect and reconnect your entire blockchain
1319 2012-02-04 23:50:30 <sipa> (or some optimized fix that only touches coinbases)
1320 2012-02-04 23:50:32 <roconnor> devistating!!!!
1321 2012-02-04 23:50:33 <luke-jr> wait, is this data actually stored?
1322 2012-02-04 23:50:35 <gmaxwell> roconnor: If you have a node I can just point RPC miners at it.
1323 2012-02-04 23:50:38 <luke-jr> or loaded every startup?
1324 2012-02-04 23:50:49 <sipa> luke-jr: it's in blkindex.dat
1325 2012-02-04 23:50:52 <luke-jr> meh
1326 2012-02-04 23:50:52 <roconnor> gmaxwell: ya, but we need you make nonstandard coinbases
1327 2012-02-04 23:50:55 jercos_ has joined
1328 2012-02-04 23:51:14 <roconnor> AFAIU it really requires a hacked miner
1329 2012-02-04 23:51:14 <sipa> luke-jr: and rebuilding it == redownloading the block chain
1330 2012-02-04 23:51:16 doublec_ has joined
1331 2012-02-04 23:51:21 <luke-jr> roconnor: not likely
1332 2012-02-04 23:51:31 has quit (Clown|!~clown@static-87-79-93-140.netcologne.de|Ping timeout: 255 seconds)
1333 2012-02-04 23:51:31 datagutt has quit (Ping timeout: 255 seconds)
1334 2012-02-04 23:51:32 robblesz has quit (Ping timeout: 255 seconds)
1335 2012-02-04 23:51:32 welterde has quit (Ping timeout: 255 seconds)
1336 2012-02-04 23:51:32 datagutt_ is now known as datagutt
1337 2012-02-04 23:51:33 JZavala has quit (Ping timeout: 255 seconds)
1338 2012-02-04 23:51:33 dirus has quit (Ping timeout: 255 seconds)
1339 2012-02-04 23:51:33 ski_ has quit (Ping timeout: 255 seconds)
1340 2012-02-04 23:51:34 cjd has quit (Ping timeout: 255 seconds)
1341 2012-02-04 23:51:34 doublec has quit (Ping timeout: 255 seconds)
1342 2012-02-04 23:51:34 userhj has quit (Ping timeout: 255 seconds)
1343 2012-02-04 23:51:35 MBS has quit (Ping timeout: 255 seconds)
1344 2012-02-04 23:51:35 spaola has quit (Ping timeout: 255 seconds)
1345 2012-02-04 23:51:35 jercos has quit (Ping timeout: 255 seconds)
1346 2012-02-04 23:51:35 phantomcircuit has quit (Ping timeout: 255 seconds)
1347 2012-02-04 23:51:35 Hunner has quit (Ping timeout: 255 seconds)
1348 2012-02-04 23:51:35 userhj has joined
1349 2012-02-04 23:51:35 AAA_awright has quit (Ping timeout: 255 seconds)
1350 2012-02-04 23:51:35 robblesz_ is now known as robblesz
1351 2012-02-04 23:51:38 <gmaxwell> roconnor: the rpc miners just take a header. The code in bitcoind actually generates the block/coinbase/ec.
1352 2012-02-04 23:51:45 <roconnor> gmaxwell: oh good
1353 2012-02-04 23:51:52 spaola_out has joined
1354 2012-02-04 23:52:02 ski_ has joined
1355 2012-02-04 23:52:03 <gmaxwell> s/ec/etc/
1356 2012-02-04 23:52:06 <luke-jr> gmaxwell: at least for now ;)
1357 2012-02-04 23:52:08 Rabbit67890 has joined
1358 2012-02-04 23:52:16 cjd_ is now known as cjd
1359 2012-02-04 23:52:20 <luke-jr> gmaxwell: I wrote getmemorypool for Eligius
1360 2012-02-04 23:52:28 <luke-jr> not complete tho - it doesn't take submissions
1361 2012-02-04 23:53:01 <gmaxwell> luke-jr: well right. getmemorypool lets that be done externallyâ and p2pool and some other things use it. But yea, I can mine against an attack daemon easily.
1362 2012-02-04 23:53:21 <gmaxwell> (this is one of the reasons pools are a liability, their rpc clients can't do basically _any_ validation on the work they're asked to do)
1363 2012-02-04 23:53:38 MBS has joined
1364 2012-02-04 23:53:50 <shargs> hmm interesting
1365 2012-02-04 23:54:28 <luke-jr> gmaxwell: OTOH, you know no miners are likely to validate even if they could :/
1366 2012-02-04 23:54:34 <luke-jr> almost none anyhow
1367 2012-02-04 23:54:52 <gmaxwell> Yes. but it only takes a small number to sound alarms.â at least if the pool couldn't tell validators from non-validators.
1368 2012-02-04 23:55:20 <sipa> that's three backward-compatible fixes at least some people want now at the same time: BIP16/17, tx/block versions, duplicate coinbases
1369 2012-02-04 23:55:24 <gmaxwell> In any case, I think the value in reproducing this isn't in validating that its a problemâ its so we can test a fix. (Though I'm not really sure how to fix it that isn't messy)
1370 2012-02-04 23:56:07 <gmaxwell> well the dupe coinbase thing isn't urgent... but hey, this is an argument why we need good throughput. if P2SH was done already we wouldn't have an overlapping fix.
1371 2012-02-04 23:56:29 <gmaxwell> (at least, it's not urgent if I correctly understand it)
1372 2012-02-04 23:56:35 <sipa> gmaxwell: my suggestion: disallow a block that contains a tx whose id already exist in the db, and isn't completely spent
1373 2012-02-04 23:56:53 spaola_out is now known as spaola
1374 2012-02-04 23:57:04 <sipa> that's two lines of code
1375 2012-02-04 23:57:16 <roconnor> sipa: having duplicated tx ids at all will be a nightmare for merchants I imagine.
1376 2012-02-04 23:57:24 <gmaxwell> yea, and doesn't require unbounded state... it's no worse than olding open txns.
1377 2012-02-04 23:57:51 <gmaxwell> Perhaps the API should give the height of confirmed txns as part of the txn ID?
1378 2012-02-04 23:57:59 <roconnor> sipa: this might fix bitcoin but will keep open holes in everyone's infastructure
1379 2012-02-04 23:58:08 <roconnor> sipa: e.g. armory is broken.
1380 2012-02-04 23:58:13 <sipa> roconnor: people don't pay with coinbases
1381 2012-02-04 23:58:18 <gmaxwell> So then you're uniquely keyed even with collisions, so long as you're only working with confirmed txn.
1382 2012-02-04 23:58:34 <roconnor> sipa: I can make duplicate non-coinbase transactions from duplicate coinbase ones
1383 2012-02-04 23:58:50 <sipa> roconnor: nice one
1384 2012-02-04 23:59:25 <gmaxwell> roconnor: oh ho ho.
1385 2012-02-04 23:59:31 <roconnor> ya, that is what makes this problem much worse
1386 2012-02-04 23:59:36 <roconnor> than was thought before