1 2012-04-05 00:00:49 <sipa> aha, found it!
2 2012-04-05 00:01:00 <sipa> my patch reduced the chance to 1 in 65536
3 2012-04-05 00:01:09 <sipa> which i couldn't detect anymore
4 2012-04-05 00:09:32 <gavinandresen> glad you found it, now I don't have to write a brute force try-to-unlock-wallet test...
5 2012-04-05 00:10:35 <gmaxwell> for i in {1..10000}; do bitcoind walletpassphrase $i ; done
6 2012-04-05 00:10:47 <gmaxwell> but this didn't trigger the bug for me when I tried it before.
7 2012-04-05 00:11:00 <Perlboy> hi there, is sendmany implemented in stock bitcoind?
8 2012-04-05 00:11:02 <gmaxwell> Might have just been dumb (non-)luck.
9 2012-04-05 00:11:16 <gmaxwell> Perlboy: sure. It's called sendmany
10 2012-04-05 00:12:16 <Perlboy> gmaxwell: it does not appear to be mentioned in the man page?
11 2012-04-05 00:13:12 <gmaxwell> "We have a man page?"
12 2012-04-05 00:13:34 <gribble> New news from bitcoinrss: sipa opened pull request 1039 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/pull/1039>
13 2012-04-05 00:13:51 <gmaxwell> (I see it in the repositoryâ ./contrib/debian/manpages/bitcoind.1 the name sort of explains why I was only dimly aware of it)
14 2012-04-05 00:14:15 <gmaxwell> Perlboy: bitcoind help
15 2012-04-05 00:14:27 <gmaxwell> Perlboy: the man page is horribly out of date it seems.
16 2012-04-05 00:14:37 <gmaxwell> _horribly_ like .. years. out of date.
17 2012-04-05 00:14:52 <brokenwallet> sipa #1024 and one in the 700's are also the same bug probably
18 2012-04-05 00:16:23 copumpkin has joined
19 2012-04-05 00:17:33 <gavinandresen> updating the man page is definitely something that could go into 0.6.1
20 2012-04-05 00:17:46 <Perlboy> gmaxwell: ahh thank you kind sir :)
21 2012-04-05 00:18:35 <gribble> New news from bitcoinrss: gmaxwell opened issue 1040 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/issues/1040>
22 2012-04-05 00:18:36 <gmaxwell> Perlboy: https://github.com/bitcoin/bitcoin/issues/1040 FWIW, I opened an issue on it, and I'll hopefully remember to work on it soon. (and if not, at least we have an issue open to track it)
23 2012-04-05 00:18:43 <brokenwallet> sipa found it, #1024 #955 and #711 if you want to post there to explain anything
24 2012-04-05 00:19:22 <Perlboy> gmaxwell: awesome, ta!
25 2012-04-05 00:20:06 <brokenwallet> gmaxwell would you consider this a bug; the "pay to" input box allows 35 chars when all bitcoin addresses i've seen are 34
26 2012-04-05 00:20:57 <gmaxwell> brokenwallet: P2SH addresses on testnet can apparently be 35 characters.
27 2012-04-05 00:21:10 <brokenwallet> ah nm then
28 2012-04-05 00:21:15 <gmaxwell> (gavin(?) mentioned this earlier in the backscroll)
29 2012-04-05 00:22:18 <brokenwallet> missed it, sorry
30 2012-04-05 00:24:10 coingenuity has joined
31 2012-04-05 00:24:30 coingenuity is now known as Guest49594
32 2012-04-05 00:25:57 Guest49594 is now known as coingenuity
33 2012-04-05 00:25:59 coingenuity has quit (Changing host)
34 2012-04-05 00:26:00 coingenuity has joined
35 2012-04-05 00:26:30 rebroad has quit (Quit: Leaving)
36 2012-04-05 00:32:33 MobiusL_ has joined
37 2012-04-05 00:32:53 MobiusL has quit (Ping timeout: 276 seconds)
38 2012-04-05 00:35:43 Fnar has quit (Changing host)
39 2012-04-05 00:35:43 Fnar has joined
40 2012-04-05 00:39:45 <sipa> gmaxwell: it can't be that old, it mentions getwork
41 2012-04-05 00:39:58 <sipa> which was added in 0.3.18 or so
42 2012-04-05 00:40:21 dvide has quit ()
43 2012-04-05 00:42:21 <sipa> ok, still 1.5 years it seems
44 2012-04-05 00:43:38 <Joric> what's mintchip in short
45 2012-04-05 00:44:30 <Joric> something like mtgox codes? )
46 2012-04-05 00:51:28 coingenuity has quit (Ping timeout: 252 seconds)
47 2012-04-05 01:04:34 <gribble> New news from bitcoinrss: gavinandresen opened pull request 1041 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/pull/1041>
48 2012-04-05 01:12:34 da2ce7 has joined
49 2012-04-05 01:22:07 pavel__ has joined
50 2012-04-05 01:26:56 scottj_ has joined
51 2012-04-05 01:28:40 graingert has quit (Remote host closed the connection)
52 2012-04-05 01:28:48 scottj__ has joined
53 2012-04-05 01:29:33 <scottj__> question - do the inputs to a transaction all have to be transactions sent to the same public key?
54 2012-04-05 01:30:08 <lianj> no
55 2012-04-05 01:30:09 <gribble> New news from bitcoinrss: gavinandresen opened pull request 1042 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/pull/1042>
56 2012-04-05 01:30:23 minimoose has quit (Quit: minimoose)
57 2012-04-05 01:30:57 <scottj__> then how is the transaction signed?
58 2012-04-05 01:31:05 scottj_ has quit (Ping timeout: 245 seconds)
59 2012-04-05 01:32:31 <lianj> you remove your all your input script, take their output scripts in that place instead and then generate the transaction hash. this hash is signed
60 2012-04-05 01:33:00 <sipa> scottj__: each input contains the signature necessary to spend the previous output it references
61 2012-04-05 01:33:37 <scottj__> okay thanks!
62 2012-04-05 01:34:04 <etotheipi_> scottj__, https://bitcointalk.org/index.php?topic=29416.0
63 2012-04-05 01:34:22 <etotheipi_> that example transaction (in the first post) has 3 inputs and 2 outputs
64 2012-04-05 01:35:11 <etotheipi_> each input references a unspent output in the chain... you sign *those*... the outputs don't get signed
65 2012-04-05 01:36:19 <scottj__> gotcha
66 2012-04-05 01:37:20 <scottj__> I was under the impression that the entire transaction gets signed, but this makes more sense
67 2012-04-05 01:38:23 <sipa> the data being signed is the entire transaction (well, not always, and not exactly everything, but close enough)
68 2012-04-05 01:38:33 <sipa> but each inputs gets its own signature
69 2012-04-05 01:38:53 <etotheipi_> scottj__, I misspoke... the outputs (recipients) of the transaction are part of what is signed... but the keys/addresses in the outputs are not used in anyway for the signing
70 2012-04-05 01:40:11 <lianj> why not, the hash over the (modified, what i wrote above) entire transaction, for each input is signed
71 2012-04-05 01:41:22 chk has joined
72 2012-04-05 01:44:00 chk has quit (Client Quit)
73 2012-04-05 01:44:33 chk2 has quit (Ping timeout: 245 seconds)
74 2012-04-05 01:46:52 gavinandresen has quit (Quit: gavinandresen)
75 2012-04-05 01:49:11 Keefe has quit (Remote host closed the connection)
76 2012-04-05 01:51:40 pavel__ has quit (Ping timeout: 272 seconds)
77 2012-04-05 01:59:35 denisx has joined
78 2012-04-05 01:59:43 JZavala has joined
79 2012-04-05 02:02:15 Zarutian has quit (Quit: Zarutian)
80 2012-04-05 02:04:22 Diablo-D3 has joined
81 2012-04-05 02:05:21 pavel__ has joined
82 2012-04-05 02:05:33 Joric_ has joined
83 2012-04-05 02:05:33 Joric_ has quit (Changing host)
84 2012-04-05 02:05:33 Joric_ has joined
85 2012-04-05 02:06:01 Joric has quit (Ping timeout: 252 seconds)
86 2012-04-05 02:07:43 enquirer has joined
87 2012-04-05 02:08:54 underscor has quit (Ping timeout: 248 seconds)
88 2012-04-05 02:10:51 Guest41079 has joined
89 2012-04-05 02:10:53 brwyatt is now known as brwyatt|Away
90 2012-04-05 02:11:41 Clipse has quit (Ping timeout: 276 seconds)
91 2012-04-05 02:12:35 djoot has quit (Quit: leaving)
92 2012-04-05 02:15:25 <etotheipi_> sipa, you previously linked me to some code concerning key recovery, but I lost it
93 2012-04-05 02:16:13 Guest41079 is now known as coingenuity
94 2012-04-05 02:16:15 coingenuity has quit (Changing host)
95 2012-04-05 02:16:15 coingenuity has joined
96 2012-04-05 02:17:11 <sipa> etotheipi_: https://github.com/bitcoin/bitcoin/blob/master/src/key.cpp#L47
97 2012-04-05 02:17:28 <etotheipi_> oh, I shouldn't known it was in the Bitcoin master branch
98 2012-04-05 02:17:36 <etotheipi_> for some reason I forgot it was already implemented
99 2012-04-05 02:17:41 <etotheipi_> thanks
100 2012-04-05 02:18:01 <sipa> though it may be easier to implement it yourself, be following the specification (SEC1 4.1.6, http://www.secg.org/index.php?action=secg,docs_secg)
101 2012-04-05 02:18:36 barmstro_ has quit (Remote host closed the connection)
102 2012-04-05 02:18:49 <etotheipi_> well I need to implement it myself -- but I have all the math already available
103 2012-04-05 02:19:01 <etotheipi_> I just never bothered to try to figure it out on my own
104 2012-04-05 02:19:22 <sipa> the algorithm in the SEC spec is quite readable
105 2012-04-05 02:20:12 Joric has joined
106 2012-04-05 02:20:12 Joric has quit (Changing host)
107 2012-04-05 02:20:12 Joric has joined
108 2012-04-05 02:21:17 <etotheipi_> is an "octet string" just a "byte string"?
109 2012-04-05 02:21:22 <sipa> yes
110 2012-04-05 02:21:25 <theorbtwo> etotheipi_: Yes.
111 2012-04-05 02:21:36 <theorbtwo> octet is standarise for byte.
112 2012-04-05 02:21:47 underscor has joined
113 2012-04-05 02:22:00 <sipa> there have been systems with non-8-bit bytes in the past
114 2012-04-05 02:22:03 Joric_ has quit (Ping timeout: 252 seconds)
115 2012-04-05 02:23:31 <gmaxwell> There are ones currently!
116 2012-04-05 02:23:47 <gmaxwell> TMS320C55 has basically all types = 16 bits.
117 2012-04-05 02:23:51 <etotheipi_> how about negabinar?
118 2012-04-05 02:23:56 <etotheipi_> *negabinary
119 2012-04-05 02:24:01 <Diablo-D3> gmaxwell: loldsps
120 2012-04-05 02:24:10 <etotheipi_> those crazy polish bastards
121 2012-04-05 02:24:22 <gmaxwell> (well, there are 32 bit types too, but in any case sizeof(char)==sizeof(int)== 16 bits)
122 2012-04-05 02:25:13 <gmaxwell> (this actually makes all the C promotion rules behave in ways which are differently surprising then they do on most other systems)
123 2012-04-05 02:25:58 <sipa> at university we were taught computer systems by playing with a virtual machine that had 13.288 bit bytes
124 2012-04-05 02:26:44 <TuxBlackEdo> so that 1tx miner is gone now?
125 2012-04-05 02:26:46 <sipa> (it was called DRAMA, an acronym in dutch that translates to "decimal computing machine with multiple accumulators"
126 2012-04-05 02:26:49 pavel__ has quit (Ping timeout: 252 seconds)
127 2012-04-05 02:27:02 <sipa> its smallest unit was an integer between 0 and 9999
128 2012-04-05 02:27:13 <gmaxwell> ah, now I know why all dutch computer people are crazy.
129 2012-04-05 02:27:42 enquirer has quit (Quit: back soon)
130 2012-04-05 02:27:58 <sipa> i understood the idea "we won't teach you real assemble, because that would mean you're focusing on the machine-specific details instead of the general idea"
131 2012-04-05 02:27:59 enquirer has joined
132 2012-04-05 02:28:12 <sipa> but taking it as far as making it decimal was several bridges too far, imho
133 2012-04-05 02:28:38 <gmaxwell> ::nods:: thus MIX in knuth's books.
134 2012-04-05 02:28:55 barmstrong has joined
135 2012-04-05 02:28:56 <sipa> i hear they switched to MIPS a few years ago
136 2012-04-05 02:28:56 <gmaxwell> (though at least MIX is like real machines)
137 2012-04-05 02:29:27 mmoya has quit (Ping timeout: 245 seconds)
138 2012-04-05 02:31:16 <Diablo-D3> gmaxwell: hrrrrrm
139 2012-04-05 02:31:23 djoot has joined
140 2012-04-05 02:31:23 djoot has quit (Changing host)
141 2012-04-05 02:31:23 djoot has joined
142 2012-04-05 02:32:03 <sipa> gmaxwell: concerning the DNS leak/tor thing; would that "you may be leaking information!" warning go away if you use dotted-quad notation and hostname destinations in SOCKS4a or SOCKS5?
143 2012-04-05 02:32:10 <Diablo-D3> Verifying last 2500 blocks at level 1
144 2012-04-05 02:32:11 <Diablo-D3> block index 3006ms
145 2012-04-05 02:32:22 Joric_ has joined
146 2012-04-05 02:32:23 <Diablo-D3> sipa: no
147 2012-04-05 02:32:29 <Diablo-D3> sipa: infact, thats how it detects it
148 2012-04-05 02:32:40 <Diablo-D3> you feed it an IP it knows it didnt resolve
149 2012-04-05 02:32:47 <sipa> no, currently we send IPv4 adres
150 2012-04-05 02:32:52 <sipa> not a dotted quad hostname
151 2012-04-05 02:32:54 <gmaxwell> sipa: I think we're pretty screwed in this respect.. esp since _lots_ of socks5 apps send IP addresses after doing their own DNS.
152 2012-04-05 02:32:57 <Diablo-D3> sipa: oh
153 2012-04-05 02:33:01 <Diablo-D3> sipa: wait what?
154 2012-04-05 02:33:20 <gmaxwell> but I haven't tested, so I'm not sure. If it does pass its arguably a bug in tor.
155 2012-04-05 02:33:25 Cablesaurus has joined
156 2012-04-05 02:33:25 Cablesaurus has quit (Changing host)
157 2012-04-05 02:33:25 Cablesaurus has joined
158 2012-04-05 02:34:20 <sipa> why? you could be doing your own lookups and converting back to a hostname of course, but typically using a dotted quad sounds like the user typed in that as the intended hostname, which is fine
159 2012-04-05 02:34:21 <Diablo-D3> gmaxwell: we'll know tommorow if this fixed it
160 2012-04-05 02:34:24 Joric has quit (Ping timeout: 265 seconds)
161 2012-04-05 02:34:53 <gmaxwell> sipa: or an app that just sends them as dotted quad all the time.
162 2012-04-05 02:34:59 <sipa> true
163 2012-04-05 02:36:04 Joric has joined
164 2012-04-05 02:36:23 brwyatt is now known as Away!~brwyatt@pool-71-252-154-11.dllstx.fios.verizon.net|brwyatt
165 2012-04-05 02:36:31 Joric_ has quit (Ping timeout: 246 seconds)
166 2012-04-05 02:37:51 <Diablo-D3> gmaxwell: but filtering it through dd should obliterate any fragmentation problem
167 2012-04-05 02:38:20 <gmaxwell> Diablo-D3: cp should too.
168 2012-04-05 02:38:27 <Diablo-D3> cp wont
169 2012-04-05 02:38:33 <sipa> ?
170 2012-04-05 02:38:34 <gmaxwell> unless you're on some crazy fs that does reflink.
171 2012-04-05 02:38:41 <gmaxwell> (like btrfs)
172 2012-04-05 02:38:59 <Diablo-D3> Im not on btrfs, but with dd I'm assured it will work
173 2012-04-05 02:39:06 <sipa> cp does exactly the same thing as dd for this
174 2012-04-05 02:39:16 * Diablo-D3 shrugs
175 2012-04-05 02:39:36 <sipa> only you can't specify the block size and do fancy transformations
176 2012-04-05 02:42:10 <gmaxwell> sipa:
177 2012-04-05 02:42:10 <gmaxwell> if (socks4_prot != socks4a &&
178 2012-04-05 02:42:10 <gmaxwell> !addressmap_have_mapping(tmpbuf,0)) {
179 2012-04-05 02:42:11 <gmaxwell> log_unsafe_socks_warning(4, tmpbuf, req->port, safe_socks);
180 2012-04-05 02:42:15 [7] has quit (Disconnected by services)
181 2012-04-05 02:42:22 TheSeven has joined
182 2012-04-05 02:42:44 <gmaxwell> sipa: looks like if you send dotted quad via socks4a it may work?
183 2012-04-05 02:42:50 Joric has quit ()
184 2012-04-05 02:43:30 pavel__ has joined
185 2012-04-05 02:43:37 <gmaxwell> also for socks5.. you might be right too
186 2012-04-05 02:45:31 <gmaxwell> Addr type 3 (fqdn) doesn't appear to be able to produce the warning.
187 2012-04-05 02:51:45 osmosis has joined
188 2012-04-05 02:51:49 osmosis has quit (Read error: Connection reset by peer)
189 2012-04-05 02:52:10 <phantomcircuit> gmaxwell, dotted quad via socks4a will work
190 2012-04-05 02:53:01 <gmaxwell> \0/
191 2012-04-05 02:53:17 <gmaxwell> now... how to make dnsseed useful over toor... :(
192 2012-04-05 02:53:30 <gmaxwell> the best I can come up with is including a tiny tcp dns resolver. :(
193 2012-04-05 02:54:56 <gmaxwell> perhaps better to include a set of hidden service seed nodes and disable DNSseed...
194 2012-04-05 02:55:10 <gmaxwell> yea.. thats actually a lot better than DNSseed frankly.
195 2012-04-05 02:55:38 <sipa> gmaxwell: what about just connecting to the dnsseed?
196 2012-04-05 02:55:46 <sipa> via FQDN
197 2012-04-05 02:56:09 <gmaxwell> sipa: works but you only get one connection.
198 2012-04-05 02:56:32 <sipa> doesn't matter, you'll get addresses from the seed you've connected to
199 2012-04-05 02:56:35 <gmaxwell> You also potentially get screwed with by tor exits that are doing dumb things with dns.. not much of a risk, except for the fact that you can only get one connection.
200 2012-04-05 02:56:58 <Perlboy> umm, i know it's not 'standard procedure' but i managed to dos bitcoind offline doing getaccountaddress 100 times in a for loop.
201 2012-04-05 02:57:07 <Perlboy> it didn't come back until i kill -9'd it
202 2012-04-05 02:57:28 <gmaxwell> Perlboy: what version?
203 2012-04-05 02:58:07 <Perlboy> gmaxwell: wow, don't worry...
204 2012-04-05 02:58:10 <Perlboy> 0.3.24
205 2012-04-05 02:58:12 <Perlboy> that's woeful
206 2012-04-05 02:58:17 <Perlboy> and it's also the latest debian package
207 2012-04-05 02:58:25 <sipa> :S
208 2012-04-05 02:58:36 <gmaxwell> oh... who the hell let debian package bitcoin?
209 2012-04-05 02:58:49 <Perlboy> ubuntu i should say
210 2012-04-05 02:58:50 <sipa> that's 9 months old
211 2012-04-05 02:58:55 <gmaxwell> Perlboy: welp, doesn't do it with current versions.
212 2012-04-05 02:58:55 <Perlboy> hmms actually
213 2012-04-05 02:58:59 <Perlboy> somethings borked.... :-\
214 2012-04-05 02:58:59 <sipa> Perlboy: there's a PPA for ubuntu
215 2012-04-05 02:59:10 <gmaxwell> Perlboy: The ubuntu packages are current use the ppa.
216 2012-04-05 02:59:16 <Perlboy> yeah ignore me everyone, i'm being a nub which is kidna embarrasing :-\
217 2012-04-05 02:59:16 sacarlson has joined
218 2012-04-05 03:01:05 <gmaxwell> sipa: soâ having a bunch of hidden-service seednodes is independantly a good idea (because what if zomg the internet blocks bitcoin!), so we should have that independantly.. so why bother writing code to connect to the DNS seeds?
219 2012-04-05 03:02:09 <midnightmagic> sipa:
220 2012-04-05 03:02:15 <midnightmagic> er.. sorry, ignore that
221 2012-04-05 03:02:22 * sipa ignores midnightmagic
222 2012-04-05 03:02:27 <sipa> gmaxwell: good point
223 2012-04-05 03:02:45 <sipa> each "network" (ipv4, ipv6, tor, ...) should have its own way of seeding anyway
224 2012-04-05 03:03:04 <sipa> so those users are able to mainly find eachother
225 2012-04-05 03:05:08 <sipa> gmaxwell: -addnode and -connect are easy to switch to SOCKS5/FQDN
226 2012-04-05 03:05:14 <sipa> or SOCKS4a, possibly
227 2012-04-05 03:06:20 RainbowDashh has quit (Quit: RainbowDashh)
228 2012-04-05 03:06:39 <gmaxwell> Anyone here know anything about I2P and what we need to do to support it as well as we're going to support tor?
229 2012-04-05 03:07:56 mortikia has quit (Remote host closed the connection)
230 2012-04-05 03:08:21 mortikia has joined
231 2012-04-05 03:08:31 <sipa> well, there's garlicat which seems to be very much alike onioncat
232 2012-04-05 03:08:59 <doublec> gmaxwell: depends what you mean by 'support it'
233 2012-04-05 03:09:31 <sipa> is there are SOCKS5-like proxy for I2P?
234 2012-04-05 03:09:44 <sipa> that allows connecting to the I2P equivalent of hidden services
235 2012-04-05 03:10:04 <sipa> sorry, a SOCKS5 tor-like proxy for I2P
236 2012-04-05 03:10:37 <gmaxwell> doublec: we want to be able to run a full node that makes itself available via I2P, and can rumor I2P addresses (encoded in IPv6) with other nodes it connects to. Which is what we're going to be doing for tor.
237 2012-04-05 03:11:20 spawn-504 has joined
238 2012-04-05 03:11:24 spawn-504 has quit (Excess Flood)
239 2012-04-05 03:11:43 djoot has quit (Quit: leaving)
240 2012-04-05 03:11:58 djoot has joined
241 2012-04-05 03:11:59 <sipa> well, if garlicat can do it, so can we
242 2012-04-05 03:12:01 djoot has quit (Changing host)
243 2012-04-05 03:12:01 djoot has joined
244 2012-04-05 03:12:18 enquirer_ has joined
245 2012-04-05 03:12:32 <gmaxwell> Maybe.
246 2012-04-05 03:12:37 <doublec> sipa: http://www.i2p2.de/socks.html
247 2012-04-05 03:14:04 djoot has quit (Client Quit)
248 2012-04-05 03:14:31 <sipa> looks like it has enough to support outgoing connections over SOCKS
249 2012-04-05 03:14:32 djoot has joined
250 2012-04-05 03:14:32 djoot has quit (Changing host)
251 2012-04-05 03:14:32 djoot has joined
252 2012-04-05 03:15:12 <sipa> but without the ability to run an I2P destinator (I2Pspeak for hidden service, it seems), it's quite pointless
253 2012-04-05 03:15:23 enquirer has quit (Ping timeout: 276 seconds)
254 2012-04-05 03:15:25 enquirer_ is now known as enquirer
255 2012-04-05 03:15:35 <sipa> as I2P is much more aimed at hidden services than tor
256 2012-04-05 03:16:40 <gmaxwell> yea, I don't think there is any point of even supporting exit-to-internet for i2p..
257 2012-04-05 03:16:43 <phantomcircuit> sipa, btw was addrman merged?
258 2012-04-05 03:16:58 <gmaxwell> phantomcircuit: yes.
259 2012-04-05 03:17:05 <phantomcircuit> ok
260 2012-04-05 03:17:17 <phantomcircuit> i'll finish tor hidden service support when i get a chance
261 2012-04-05 03:17:25 <phantomcircuit> unless someone else took the torch already
262 2012-04-05 03:17:30 <phantomcircuit> haven't been paying attention really
263 2012-04-05 03:18:04 <sipa> phantomcircuit: https://github.com/bitcoin/bitcoin/pull/1021
264 2012-04-05 03:18:23 <sipa> it has a commit already that makes onioncat and garlicat addresses routable
265 2012-04-05 03:20:20 <sipa> ewww I2P is Java?
266 2012-04-05 03:20:43 <sipa> i was hoping we could just link to some library to access its API
267 2012-04-05 03:23:25 <gmaxwell> sipa: if you want to use I2P I recommend just booting https://tails.boum.org/ in a VM.
268 2012-04-05 03:23:38 <gmaxwell> It already has tor and I2P setup and running at boottime.
269 2012-04-05 03:24:56 <sipa> i guess we better focus on Tor hidden service support first
270 2012-04-05 03:25:30 RainbowDashh has joined
271 2012-04-05 03:25:41 <sipa> and just make garlicat addresses routable for now
272 2012-04-05 03:35:46 osmosis has joined
273 2012-04-05 03:36:34 <gmaxwell> Should probably invite some I2P people to help figure out exactly what should be done. But I agree, tor first. (as tor is already widely used with bitcoin)
274 2012-04-05 03:36:56 <doublec> sipa: they have some weird protocol instead of an api
275 2012-04-05 03:37:25 <doublec> sipa: SAM and BOB
276 2012-04-05 03:37:28 <midnightmagic> unfortunately i2p performance isn't so hot, it seems to suffer from the freenet effect..
277 2012-04-05 03:37:35 <doublec> sipa: http://www.i2p2.de/samv3.html
278 2012-04-05 03:38:32 <gmaxwell> midnightmagic: not like we need good performance.
279 2012-04-05 03:38:51 <gmaxwell> midnightmagic: actually the ideal thing for bitcoin doesn't exist: a non-realtime (high latency) mixnet.
280 2012-04-05 03:39:03 <midnightmagic> when the rusleaks site went into i2p, it basically destabilized everybody. i'm not convinced yet that they've corrected that. so actual services running in i2p are often very difficult to actuall configure, let alone reliably use.
281 2012-04-05 03:39:18 <midnightmagic> they have whole sites dedicated just to helping people figure out whether a site is up or not
282 2012-04-05 03:39:43 <gmaxwell> Tor is stupid vulnerable to traffic/timing analysis if you assume the attacker can watch both ends, double so if he's allowed to interrupt or shape the traffic at either end.
283 2012-04-05 03:40:00 <midnightmagic> gmaxwell: zooko was one of the designers of the mixmasters, he could do it. :-)
284 2012-04-05 03:40:25 <midnightmagic> same with everything else.
285 2012-04-05 03:43:00 <gmaxwell> midnightmagic: It would actually be pretty simple to make a batch mixer just for bitcoin transactions.
286 2012-04-05 03:43:02 <midnightmagic> advanced usage of i2p is also very, very obscure. to do low-level ping-like things requires special knowledge of i2p's innards.
287 2012-04-05 03:43:07 dwon has joined
288 2012-04-05 03:44:05 <midnightmagic> gmaxwell: After talking with zooko/warner I'm not convinced it's easy to do a mixnet anymore.
289 2012-04-05 03:44:20 <phantomcircuit> sipa, you might have forgotten but the base32 algorithm used in onioncat is wrong
290 2012-04-05 03:44:43 <phantomcircuit> so there are potentially 3 prefixes necessary
291 2012-04-05 03:44:54 <phantomcircuit> onioncat garliccat and proper base32
292 2012-04-05 03:45:42 <gmaxwell> midnightmagic: I assume it's easier for bitcoin where there is no email gatewaying problems and where there is no destination.. where you could probably get away with a prefab route which basically just includes all known reliable mixers.
293 2012-04-05 03:48:19 enquirer_ has joined
294 2012-04-05 03:48:20 <phantomcircuit> mixnet?
295 2012-04-05 03:48:24 <phantomcircuit> gmaxwell, clue me in
296 2012-04-05 03:48:35 <gmaxwell> phantomcircuit: http://en.wikipedia.org/wiki/Mix_network
297 2012-04-05 03:48:39 toffoo has joined
298 2012-04-05 03:49:01 <midnightmagic> also, look up mixminion too
299 2012-04-05 03:49:22 <midnightmagic> basically, it defends strongly against traffic analysis.
300 2012-04-05 03:49:41 <gmaxwell> In particular, the realtime 'mix' things like tor have serious vulnerabilties related to traffic analysis which are mostly elimanted in large-block mixers.
301 2012-04-05 03:51:09 enquirer has quit (Ping timeout: 252 seconds)
302 2012-04-05 03:51:10 enquirer_ is now known as enquirer
303 2012-04-05 03:51:50 <midnightmagic> e.g. it sends the same traffic to the destination whether there is real traffic or not..
304 2012-04-05 03:52:43 RainbowDashh has quit (Ping timeout: 244 seconds)
305 2012-04-05 03:52:55 <midnightmagic> so timing input + output only helps if you have also compromised the endpoints themselves.
306 2012-04-05 03:53:02 <phantomcircuit> gmaxwell, is this fixed bandwidth?
307 2012-04-05 03:53:08 <gmaxwell> midnightmagic: traffic analysis resistance is one of the reasons I find codec2 interesting.. 1kbit/sec voice not so interesting.. except when you realize that it lets you send 24/7 to thwart traffic analysis without using too much bandwidth for a volunteer mixnet.
308 2012-04-05 03:53:50 Joric has joined
309 2012-04-05 03:54:02 Joric has quit (Changing host)
310 2012-04-05 03:54:02 Joric has joined
311 2012-04-05 03:55:39 <Joric> is it possible to put transaction into network using pure js (ie. ajax)? are there any services that accept transactions via http?
312 2012-04-05 03:56:09 RainbowDashh has joined
313 2012-04-05 03:56:58 <phantomcircuit> gmaxwell, this is interesting
314 2012-04-05 03:57:11 <phantomcircuit> seems like you would need a bunch of fairly high bandwidth servers to make it work though
315 2012-04-05 03:57:32 <gmaxwell> phantomcircuit: well, not if your normal messages and traffic load are very small (e.g. bitcoin transactions)
316 2012-04-05 03:57:56 <phantomcircuit> gmaxwell, right
317 2012-04-05 03:57:57 RainbowDashh is now known as Fluttashy
318 2012-04-05 03:58:51 Fluttashy is now known as RainbowDashh
319 2012-04-05 04:02:35 <Graet> lol well i defragmented my netbopoik overnight, didnt touch blk0001.dat its the only fragmented thing still 13,768fragments
320 2012-04-05 04:05:16 scottj__ has quit (Ping timeout: 245 seconds)
321 2012-04-05 04:07:44 <midnightmagic> phantomcircuit: it is fixed bandwidth, and bandwidth must never rise above that, nor shrink below it except if it's not possible to send at max b/w. but the point is, b/w doesn't ever change based on the ratio between real:dummy data. and of course there's a pile of other stuff in the mixminion software too. it's available here: https://github.com/mixminion
322 2012-04-05 04:10:40 superjames has quit (Ping timeout: 246 seconds)
323 2012-04-05 04:14:13 enquirer_ has joined
324 2012-04-05 04:14:46 denisx has quit (Remote host closed the connection)
325 2012-04-05 04:15:02 barmstrong has quit (Read error: Connection reset by peer)
326 2012-04-05 04:15:05 denisx has joined
327 2012-04-05 04:15:27 barmstrong has joined
328 2012-04-05 04:16:34 Phoebus has quit (Read error: Operation timed out)
329 2012-04-05 04:17:30 enquirer has quit (Ping timeout: 260 seconds)
330 2012-04-05 04:17:33 enquirer_ is now known as enquirer
331 2012-04-05 04:20:51 Hasbro has quit (Ping timeout: 252 seconds)
332 2012-04-05 04:21:03 Phoebus has joined
333 2012-04-05 04:22:53 Hasbro has joined
334 2012-04-05 04:23:33 superjames has joined
335 2012-04-05 04:30:15 localhost has quit (Remote host closed the connection)
336 2012-04-05 04:37:16 paulo_ has quit (Ping timeout: 246 seconds)
337 2012-04-05 04:38:07 paulo_ has joined
338 2012-04-05 04:42:57 JZavala has quit (Ping timeout: 244 seconds)
339 2012-04-05 04:43:13 XMPPwocky has quit (Ping timeout: 246 seconds)
340 2012-04-05 04:47:04 superjames has quit (Ping timeout: 246 seconds)
341 2012-04-05 04:50:24 Tril has left ()
342 2012-04-05 04:56:56 forsetifox has quit (Ping timeout: 245 seconds)
343 2012-04-05 04:59:49 Keefe has joined
344 2012-04-05 04:59:58 superjames has joined
345 2012-04-05 05:00:16 Keefe is now known as Guest3988
346 2012-04-05 05:00:16 Guest3988 has quit (Changing host)
347 2012-04-05 05:00:16 Guest3988 has joined
348 2012-04-05 05:00:46 Guest3988 is now known as Keefe
349 2012-04-05 05:07:09 dwon has quit (Quit: Leaving)
350 2012-04-05 05:15:11 RainbowDashh has quit (Quit: RainbowDashh)
351 2012-04-05 05:15:45 Joric_ has joined
352 2012-04-05 05:15:45 Joric_ has quit (Changing host)
353 2012-04-05 05:15:45 Joric_ has joined
354 2012-04-05 05:17:42 Joric has quit (Ping timeout: 250 seconds)
355 2012-04-05 05:22:33 RainbowDashh has joined
356 2012-04-05 05:26:20 phungus has quit (Remote host closed the connection)
357 2012-04-05 05:27:29 ageis has quit (Ping timeout: 246 seconds)
358 2012-04-05 05:31:57 XMPPwocky has joined
359 2012-04-05 05:33:33 Joric_ has quit ()
360 2012-04-05 05:35:12 sacarlson has quit (Read error: Connection reset by peer)
361 2012-04-05 05:36:30 ageis has joined
362 2012-04-05 05:36:44 MasterChief has joined
363 2012-04-05 05:37:41 MC1984 has quit (Read error: Connection reset by peer)
364 2012-04-05 05:44:20 Slix` has quit (Remote host closed the connection)
365 2012-04-05 05:53:43 sacarlson has joined
366 2012-04-05 05:54:54 osmosis has quit (Quit: Leaving)
367 2012-04-05 05:57:47 sacarlson has quit (Ping timeout: 245 seconds)
368 2012-04-05 06:13:55 <paulo_> will bitcoin warn me if my client if out of date?
369 2012-04-05 06:14:57 sacarlson has joined
370 2012-04-05 06:16:39 <nanotube> paulo_: generally no, unless there is some critical issue, in which case an alert will be issued.
371 2012-04-05 06:16:57 forsetifox has joined
372 2012-04-05 06:18:28 <SomeoneWeird> hows that message distributed nameless| ?
373 2012-04-05 06:18:53 <nanotube> it gets distributed through the bitcoin network
374 2012-04-05 06:19:08 <nanotube> it must have a valid signature using a key that only the devs have.
375 2012-04-05 06:30:14 denisx_ has joined
376 2012-04-05 06:30:40 <SomeoneWeird> ahk
377 2012-04-05 06:31:13 <XMPPwocky> SomeoneWeird: ah, the rare TCP flag for "packet is choking"
378 2012-04-05 06:32:50 <SomeoneWeird> ahk
379 2012-04-05 06:33:12 denisx has quit (Ping timeout: 245 seconds)
380 2012-04-05 06:33:18 denisx__ has joined
381 2012-04-05 06:33:28 fiddur has joined
382 2012-04-05 06:36:07 denisx_ has quit (Ping timeout: 245 seconds)
383 2012-04-05 06:41:44 Diapolo has joined
384 2012-04-05 06:41:49 <Diapolo> hello
385 2012-04-05 06:42:24 <gribble> New news from bitcoinrss: Diapolo opened pull request 1043 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/pull/1043>
386 2012-04-05 06:42:51 <Diapolo> yes I did, thanks bot ^^
387 2012-04-05 06:45:06 <nanotube> hehe
388 2012-04-05 06:48:22 paulo_ has quit (Ping timeout: 248 seconds)
389 2012-04-05 06:51:13 Rabbit67890 has joined
390 2012-04-05 06:54:58 RainbowDashh has quit (Ping timeout: 252 seconds)
391 2012-04-05 07:01:38 mmoya has joined
392 2012-04-05 07:03:46 RazielZ has joined
393 2012-04-05 07:07:54 brwyatt is now known as brwyatt|Away
394 2012-04-05 07:09:07 RainbowDashh has joined
395 2012-04-05 07:10:30 gjs278 has quit (Remote host closed the connection)
396 2012-04-05 07:11:55 Rabbit67890 has quit (Ping timeout: 260 seconds)
397 2012-04-05 07:26:05 Someguy123 is now known as Someguy123[afk]
398 2012-04-05 07:26:49 mmoya has quit (Ping timeout: 250 seconds)
399 2012-04-05 07:28:43 Someguy123[afk] is now known as Someguy123
400 2012-04-05 07:40:20 ahbritto_ has joined
401 2012-04-05 07:40:20 ahbritto_ has quit (Changing host)
402 2012-04-05 07:40:20 ahbritto_ has joined
403 2012-04-05 07:53:20 Turingi has joined
404 2012-04-05 07:54:31 forsetifox has quit (Quit: Page closed)
405 2012-04-05 08:01:17 ovidiusoft has joined
406 2012-04-05 08:03:00 denisx has joined
407 2012-04-05 08:05:46 denisx__ has quit (Ping timeout: 260 seconds)
408 2012-04-05 08:05:57 cande has joined
409 2012-04-05 08:08:49 TD has joined
410 2012-04-05 08:10:02 denisx has quit (Quit: denisx)
411 2012-04-05 08:14:41 Edward_B- has joined
412 2012-04-05 08:14:52 Edward_B- has left ("Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is")
413 2012-04-05 08:18:00 Keefe has quit (Quit: leaving)
414 2012-04-05 08:19:14 slush1 has quit (Quit: Leaving.)
415 2012-04-05 08:19:31 t7 has joined
416 2012-04-05 08:20:44 copumpkin has quit (Remote host closed the connection)
417 2012-04-05 08:21:07 copumpkin has joined
418 2012-04-05 08:47:35 Keefe has joined
419 2012-04-05 09:06:58 erle- has joined
420 2012-04-05 09:09:29 <[Tycho]> http://a8.sphotos.ak.fbcdn.net/hphotos-ak-ash3/527872_10150657303332005_9225602004_9510512_390544359_n.jpg
421 2012-04-05 09:09:38 maqr has quit (Quit: rebooting :()
422 2012-04-05 09:12:31 slush has joined
423 2012-04-05 09:13:48 <Graet> lol
424 2012-04-05 09:14:01 <lh77> :P
425 2012-04-05 09:14:39 <SomeoneWeird> http://wheresmysammich.com/images/4742.jpg
426 2012-04-05 09:14:40 <SomeoneWeird> haha
427 2012-04-05 09:20:55 gjs278 has joined
428 2012-04-05 09:23:19 Z0rZ0rZ0r1 has quit (Quit: Wheeeee)
429 2012-04-05 09:40:25 datagutt has joined
430 2012-04-05 09:41:42 TD has quit (Quit: TD)
431 2012-04-05 09:44:03 vigilyn has quit (Ping timeout: 244 seconds)
432 2012-04-05 09:44:05 TD has joined
433 2012-04-05 09:50:10 <Diablo-D3> ahah.
434 2012-04-05 09:52:46 Diapolo has quit (Ping timeout: 245 seconds)
435 2012-04-05 09:55:23 gjs278 has quit (Remote host closed the connection)
436 2012-04-05 09:55:49 <sipa> phantomcircuit: i'm not sure how the onioncat implementation is relevant... all we need is an encoding of ________.onion addresses into ipv6
437 2012-04-05 09:55:49 Turingi has quit (Read error: Connection reset by peer)
438 2012-04-05 09:56:22 <sipa> wait... if onioncat has a bad base32, how can it be compatible with tor?
439 2012-04-05 09:57:24 gjs278 has joined
440 2012-04-05 09:58:21 gjs278 has quit (Remote host closed the connection)
441 2012-04-05 10:00:07 gjs278 has joined
442 2012-04-05 10:01:35 occulta has joined
443 2012-04-05 10:02:06 TD has quit (Quit: TD)
444 2012-04-05 10:21:13 Clipse has joined
445 2012-04-05 10:41:58 cande has quit (Ping timeout: 248 seconds)
446 2012-04-05 10:44:48 sje has joined
447 2012-04-05 10:46:06 djoot has quit (Quit: leaving)
448 2012-04-05 10:46:19 djoot has joined
449 2012-04-05 10:46:19 djoot has quit (Changing host)
450 2012-04-05 10:46:19 djoot has joined
451 2012-04-05 10:55:04 cande has joined
452 2012-04-05 10:55:49 <sipa> etotheipi_: i just realized that your nickname is "e to the i*pi", somehow i always read it as "eto the ipi", whatever an ipi was
453 2012-04-05 10:56:44 RainbowDashh has quit (Quit: RainbowDashh)
454 2012-04-05 10:57:19 Joric has joined
455 2012-04-05 10:58:21 toffoo has quit ()
456 2012-04-05 11:04:44 <SomeoneWeird> lol
457 2012-04-05 11:05:09 erle- has quit (Quit: erle-)
458 2012-04-05 11:14:35 peper has quit (Read error: Operation timed out)
459 2012-04-05 11:17:11 coderrr has quit (Ping timeout: 248 seconds)
460 2012-04-05 11:17:23 asoltys has quit (Ping timeout: 265 seconds)
461 2012-04-05 11:17:42 Aexoden has quit (Ping timeout: 276 seconds)
462 2012-04-05 11:17:53 bd_ has quit (Ping timeout: 272 seconds)
463 2012-04-05 11:19:09 Optimo has quit (Ping timeout: 245 seconds)
464 2012-04-05 11:20:25 dub has quit (Ping timeout: 272 seconds)
465 2012-04-05 11:21:53 dub has joined
466 2012-04-05 11:23:34 asoltys has joined
467 2012-04-05 11:24:57 <etotheipi_> sipa, haha
468 2012-04-05 11:25:02 <etotheipi_> don't worry, you're not the first
469 2012-04-05 11:27:23 <sipa> etotheipi_: seen this? http://www.youtube.com/watch?v=GFLkou8NvJo
470 2012-04-05 11:28:35 asoltys has quit (Ping timeout: 260 seconds)
471 2012-04-05 11:29:59 dub has quit (Ping timeout: 260 seconds)
472 2012-04-05 11:31:09 dvide has joined
473 2012-04-05 11:33:45 Aexoden has joined
474 2012-04-05 11:34:02 peper has joined
475 2012-04-05 11:34:16 <etotheipi_> sipa, never seen that before
476 2012-04-05 11:34:25 <etotheipi_> although I do like continued fractions...
477 2012-04-05 11:35:07 <etotheipi_> sipa, did you ever write up anything about the deterministic wallets? If so, was there ever an adoption plan for them?
478 2012-04-05 11:35:15 <etotheipi_> well... merge plan
479 2012-04-05 11:36:28 dub has joined
480 2012-04-05 11:36:57 coderrr has joined
481 2012-04-05 11:37:20 bd_ has joined
482 2012-04-05 11:37:24 <sipa> etotheipi_: i hope to have them in 0.7
483 2012-04-05 11:38:01 Optimo has joined
484 2012-04-05 11:40:41 asoltys has joined
485 2012-04-05 11:41:31 <da2ce7> sipa: when generating the private keys for new bitcoin addresses would it be good to start using the Mini private key format, so the potential paper backups take up less space?
486 2012-04-05 11:42:36 <sipa> da2ce7: i hope key generation will somewhere in the future be done from a determinstic root, instead of randomly
487 2012-04-05 11:43:04 <sipa> but maybe that reasoning can be applied to the creation of a root (though i prefer to keep 256 bits of entropy in those...)
488 2012-04-05 11:45:23 <da2ce7> well a 256bit is safe even under a quantum world... 128 effective bit's is plenty.
489 2012-04-05 11:46:01 <sipa> secp256k1 only has 128-bit (well, a bit more) security anyway
490 2012-04-05 11:47:04 <da2ce7> sipa: however if we upgrade to some curve that has say 1024 of more, the hash same root will remain secure,
491 2012-04-05 11:47:35 <da2ce7> working out a private key shouldn't expose the root
492 2012-04-05 11:50:41 <sipa> etotheipi_: i should finish up my BIP about deterministic wallets first
493 2012-04-05 11:51:23 gfinn has quit (Remote host closed the connection)
494 2012-04-05 11:53:00 cdecker has joined
495 2012-04-05 11:56:33 doublec has quit (Ping timeout: 245 seconds)
496 2012-04-05 12:03:17 <etotheipi_> da2ce7, ECDSA is not secure at all in quantum world
497 2012-04-05 12:03:48 gfinn has joined
498 2012-04-05 12:04:15 <da2ce7> etotheipi_: if you increase the bit-length, do you need a much larger quantum computer?
499 2012-04-05 12:04:29 <da2ce7> or is it linear...
500 2012-04-05 12:04:31 <etotheipi_> da2ce7, I believe it's linear
501 2012-04-05 12:04:45 dub has quit (Ping timeout: 272 seconds)
502 2012-04-05 12:04:58 <da2ce7> so 1024 will just take 4x longer than a 256 key.
503 2012-04-05 12:05:33 <sipa> Shor's algorithm is cubic in the size of the input, it seems
504 2012-04-05 12:05:45 <sipa> so 1024 will take 64 times longer than 256
505 2012-04-05 12:05:47 <etotheipi_> sipa, oh really?
506 2012-04-05 12:05:54 <sipa> yes, but still polynomial
507 2012-04-05 12:06:11 <etotheipi_> oh excuse me... I misspoke
508 2012-04-05 12:06:21 <etotheipi_> I'm mixing up compute efficiency and space efficiency
509 2012-04-05 12:06:37 <etotheipi_> to even solve the problem at all, the QC has to have a certain number of bits
510 2012-04-05 12:06:42 <etotheipi_> *qubits
511 2012-04-05 12:06:44 danbri has quit (Read error: No route to host)
512 2012-04-05 12:06:46 <etotheipi_> that's what I was talking about
513 2012-04-05 12:07:01 <etotheipi_> I believe that number of qubits is proportional to key size
514 2012-04-05 12:08:48 <etotheipi_> sipa, and the classical computer has the same cubic increase in time needed to decrypt wiht a 1024 key
515 2012-04-05 12:09:17 <etotheipi_> I believe classical decryption is O(n^3) and quantum breaking is O(n^3) where n is the number of bits
516 2012-04-05 12:09:27 agricocb has quit (Quit: Leaving.)
517 2012-04-05 12:09:44 erle- has joined
518 2012-04-05 12:09:48 <sipa> so, for q QC, factorizing a number is proportional in time to the time needed to verify a factorization?
519 2012-04-05 12:09:56 <sipa> that sounds completely broken indeed
520 2012-04-05 12:11:06 <etotheipi_> yeah...that's why no one really talks about increasing key-lengths to "slow down" quantum computers... but delay the amount of time before any QCs have enough qubits to even try the problem
521 2012-04-05 12:12:47 <sipa> how many qubits are necessary to factorize an n-bit number?
522 2012-04-05 12:13:19 <etotheipi_> http://arxiv.org/abs/quant-ph/0205095
523 2012-04-05 12:13:27 <etotheipi_> this paper claims to get it in 2n+3 qubits
524 2012-04-05 12:13:44 splatster has quit (Ping timeout: 260 seconds)
525 2012-04-05 12:13:52 <sipa> ok, linear in the size of the input
526 2012-04-05 12:14:06 <etotheipi_> (and now back to my original point to da2ce7)
527 2012-04-05 12:14:57 <etotheipi_> I believe it's the same for the EC discrete-logarithm problem: num of qubits linear wrt to key length
528 2012-04-05 12:16:11 dub has joined
529 2012-04-05 12:17:00 <etotheipi_> "A 160 bit elliptic curve cryptographic key could be broken on a quantum computer using around 1000 qubits while factoring the security-wise equivalent 1024 bit RSA modulus would require about 2000 qubits."
530 2012-04-05 12:17:14 <da2ce7> etotheipi_: making a computer with more qbits, is that exponentially more difficult?
531 2012-04-05 12:17:59 <sipa> etotheipi_: wow, so EC is easier relatively easier to crack using QC?
532 2012-04-05 12:18:03 danbri has joined
533 2012-04-05 12:18:13 <sipa> s/easier/even/
534 2012-04-05 12:21:13 Hasbro has quit (Ping timeout: 272 seconds)
535 2012-04-05 12:21:15 <etotheipi_> da2ce7, it'll probably be just like regular computers which follows moore's law
536 2012-04-05 12:21:30 <etotheipi_> every X years the number of qbits will double as the technology improves
537 2012-04-05 12:23:01 <da2ce7> etotheipi_: with a normal computer you can build it with as many bit-length computations as you want... the question is how fast you can do them.
538 2012-04-05 12:23:30 brokenwallet has left ("Leaving")
539 2012-04-05 12:23:41 <da2ce7> with a quantum computer, each qbit needs to share a state, so adding annother one makes the state of the others more unstable?
540 2012-04-05 12:34:06 <delt0r> da2ce7: yes
541 2012-04-05 12:34:26 <delt0r> ps i have colleagues working on this.
542 2012-04-05 12:35:14 <delt0r> da2ce7: a quantum computer is "exponential" in the engineering. Adding a qbit is really hard for a how set of reasons
543 2012-04-05 12:35:39 <delt0r> and a n qbit machine *cannot* simulate a n+1 qbit machine
544 2012-04-05 12:36:33 <delt0r> etotheipi_: The current qbit growth rate is linear. A number of people working in the field believe that it will always be linear
545 2012-04-05 12:37:33 <da2ce7> so using a greater keysize could be a very effective way to stop a quantum attack... as making a larger quantum computer will get harder and harder to make.
546 2012-04-05 12:38:07 <delt0r> da2ce7: yes.. well if we could make a 1000 qbit, then a 2000 qbit probably can be done as well
547 2012-04-05 12:38:22 <delt0r> since 1000 qbit is magic right now
548 2012-04-05 12:38:39 <delt0r> as in we are not even sure it is physically even possible...
549 2012-04-05 12:39:18 <delt0r> I know quite a few in the field don't believe that quantum computers will ever be faster than classical ones for factoring for example
550 2012-04-05 12:39:30 <sipa> but but but!
551 2012-04-05 12:39:38 <delt0r> but will still be very useful for simulating quantum systems
552 2012-04-05 12:39:54 <delt0r> a real 16 bit quantum computer is in fact really useful
553 2012-04-05 12:41:20 <delt0r> also note that nothing so far is really even close to what is needed. Its not just the qbit, its the ability to do millions and billions of operations on that qbit register
554 2012-04-05 12:41:50 <delt0r> esp for factoring/discrete logs
555 2012-04-05 12:43:01 <da2ce7> delt0r: has there been any work with using a super-fluid as a quantum analouge-computer equivalnat?
556 2012-04-05 12:43:14 <delt0r> not that i know of
557 2012-04-05 12:43:23 <delt0r> how would that work?
558 2012-04-05 12:44:34 <delt0r> what you need is something that is very isolated from the environment, so decoherence time is long
559 2012-04-05 12:44:50 agricocb has joined
560 2012-04-05 12:44:53 <delt0r> but can be interacted with easily for logic operations...
561 2012-04-05 12:45:39 <delt0r> its hard to have both.. nothing i know about superfliuds would make then any better than say SQUIDs
562 2012-04-05 12:47:38 <da2ce7> you could track the physical flow of the super-fluid over a physical maze. with phyisal gates. (valves)
563 2012-04-05 12:48:11 <da2ce7> it's dencity at any point will repesent the calculation of that maze.
564 2012-04-05 12:48:47 <delt0r> da2ce7: that does not create qbits
565 2012-04-05 12:49:09 <delt0r> qbits is a very particular type of supperposstion... a "cat like state"
566 2012-04-05 12:49:22 <delt0r> whatever...
567 2012-04-05 12:49:40 <delt0r> modern transistors are quantum in how they work
568 2012-04-05 12:49:56 <delt0r> but that does not make them a quantum computer
569 2012-04-05 12:50:29 <da2ce7> you can make a computer out of valves and pipes and say waterpressure.... maybe you could do the quantum equivalant with a super-fluid.
570 2012-04-05 12:50:44 <delt0r> but that is not a quantum computer
571 2012-04-05 12:50:48 <delt0r> just a normal one
572 2012-04-05 12:51:21 <delt0r> a qbit can be 0 or 1 or 0 and 1
573 2012-04-05 12:51:55 <delt0r> 1 qbits can be 00, 01, 10,11 or 00 and 11 and 01 and 10 and 11 all at once
574 2012-04-05 12:52:02 <delt0r> 2 qbits ^
575 2012-04-05 12:52:17 <da2ce7> well a superfluid would flow 'over' the walls of the mase, where a normal one would be traped.
576 2012-04-05 12:52:35 <delt0r> da2ce7: you completely missunderstand
577 2012-04-05 12:52:56 <da2ce7> a super-fluid would be in the 'on' and 'off' box at the same time.
578 2012-04-05 12:53:06 <delt0r> the computer you are using right now is just as quantum as superflid
579 2012-04-05 12:53:12 <delt0r> superfluid
580 2012-04-05 12:53:22 <delt0r> but that is *not* a quantum computer
581 2012-04-05 12:54:21 <delt0r> da2ce7: how can super fluid flowing over a maze be both on and off?
582 2012-04-05 12:54:45 <delt0r> quantum mechanically speaking of course
583 2012-04-05 13:04:18 <da2ce7> super fluids act as a shared state. in many ways like a single atom state shared over many many. Since it 'explores' every part of it's enviroment at the same time. Maybe one could construct an enviroment that say, disctibes a problem, and the resulting dencity of the super-fluid would repesnt the answer.
584 2012-04-05 13:04:22 <da2ce7> where as normal fluid would only flow down the path it was placed in.
585 2012-04-05 13:05:27 <sipa> da2ce7 seems to have a lot of imagination
586 2012-04-05 13:07:41 <delt0r> da2ce7: you don't really have that right. A super fliud is much like super conductors with some important difference
587 2012-04-05 13:07:52 <delt0r> for one a super fluid is never 100% superfluid
588 2012-04-05 13:08:15 user_ has joined
589 2012-04-05 13:10:55 occulta has quit (Quit: KVIrc 4.1.1 Equilibrium http://www.kvirc.net/)
590 2012-04-05 13:12:45 TD has joined
591 2012-04-05 13:12:50 <TD> good afternoon
592 2012-04-05 13:15:32 coderrr has quit (Changing host)
593 2012-04-05 13:15:33 coderrr has joined
594 2012-04-05 13:20:42 <TD> MintChip is very interesting
595 2012-04-05 13:21:01 <helo> will it have a floating exchange rate with regard to CAD?
596 2012-04-05 13:21:14 <copumpkin> lol, http://blockchain.info/tx-index/3618498/4005d6bea3a93fb72f006d23e2685b85069d270cb57d15f0c057ef2d5e3f78d2
597 2012-04-05 13:21:41 <sipa> helo: i assume it is backed by whatever currency the issuer wants
598 2012-04-05 13:21:46 <sipa> but it's not a currency on its own
599 2012-04-05 13:23:12 <gmaxwell> td: have you found any actual technical details on it? I'm interested in what happens when someone does manage to pull all the private key material out of one... how is the double spending ultimately notices (and who will be left holding the bag)
600 2012-04-05 13:23:16 <TD> the core of it appears to be very simple
601 2012-04-05 13:23:27 <TD> i'm going to research it more
602 2012-04-05 13:23:27 <helo> sipa: so if it's backed, then its value is fixed, right?
603 2012-04-05 13:23:38 <TD> but from their website, it appears that they rely _entirely_ on the chips to keep balances consistent
604 2012-04-05 13:24:06 <TD> the sending chip just signs a message saying "i am giving chip X Y units of Z currency"
605 2012-04-05 13:24:08 <helo> it seems to be equivalent to a government-instituted debit card or bank account
606 2012-04-05 13:24:12 <TD> how that message gets to the receiving chip is open ended
607 2012-04-05 13:24:21 <TD> the sending chip is trusted to reduce its balance and not double spend
608 2012-04-05 13:24:33 <TD> in the case of a hardware compromise, they have planned ways to perform global revocation
609 2012-04-05 13:24:40 paulo_ has joined
610 2012-04-05 13:24:45 <TD> presumably the Mint would be left holding the bag in this case
611 2012-04-05 13:24:52 <gmaxwell> TD: yes, it's clearly an offline system, which precludes any kind of instant globally visible doublespending detectionâ but it doesn't preclude all doublespending detection.
612 2012-04-05 13:25:22 <gmaxwell> E.g. ultimately the issuer would notice more coming back than they sent out. (In which case, the issuer would be left holding the bag)
613 2012-04-05 13:25:38 <TD> i didn't see any discussion of collating transactions to detect double spends, but perhaps they plan to introduce one later. it's a bit tough to figure out how baked it is
614 2012-04-05 13:25:42 <TD> given that nobody is using it yet
615 2012-04-05 13:25:57 <TD> there is enough detail on the site that they seem to have thought through a lot of the issues and done all the custom hardware design
616 2012-04-05 13:26:18 <helo> oh offline... yeah that is something new (ignoring all of the previous (failed) smartchip exchange systems)
617 2012-04-05 13:26:30 <gmaxwell> or it's possible that "i am giving chip X Y units of Z currency" contains some mathmatical statement that allows earlier double spend detection, but it would have to be very clever to also meet their privacy comments.
618 2012-04-05 13:26:33 <TD> gmaxwell: AFAICT the issuer is just the Mint, and they produce it out of nothing then distribute the coins into circulation. i'm not sure if they'd act as an exchange in that regard or just grant balances to their "trusted brokers"
619 2012-04-05 13:26:54 <TD> gmaxwell: their site says the message just contains a nonce
620 2012-04-05 13:27:03 <TD> if there's advanced crypto involved, i didn't find it yet
621 2012-04-05 13:27:08 <TD> http://developer.mintchipchallenge.com/devguide/transactions.html
622 2012-04-05 13:27:14 <gmaxwell> TD: I know, I've looked at all that too.
623 2012-04-05 13:27:15 <TD> http://developer.mintchipchallenge.com/devguide/developing/common/mintchip-messages.html
624 2012-04-05 13:27:17 <TD> ah ok
625 2012-04-05 13:27:46 <TD> "The amount specified in cents. This value is a three octet unsigned integer value with a range of (0 - 16777215)."
626 2012-04-05 13:27:49 <TD> what a random format to choose
627 2012-04-05 13:28:09 <sipa> so, max amount is 167772.15 CAD?
628 2012-04-05 13:28:24 <sipa> i would have expected less
629 2012-04-05 13:28:36 <TD> it's not tied to CAD
630 2012-04-05 13:28:39 <TD> they have a currency code in the message
631 2012-04-05 13:28:43 <sipa> oh, nice
632 2012-04-05 13:28:46 <gmaxwell> of course, if it's cryptographically as simple as it looks, this means one personâ with the aid of a borrowed particle accelerator or what have you, compromises one cheap little card... and creates a software emulator of one.. he then sets up a website (via tor) that allows you to buy mintchip refills for a small amount of btc ...
633 2012-04-05 13:29:10 <TD> "The ASN.1 DER message is Base-64 encoded."
634 2012-04-05 13:29:12 <TD> yikes
635 2012-04-05 13:29:19 <TD> somebody spent too much time with openssl :-)
636 2012-04-05 13:29:36 <sipa> clearly Satoshi was involved
637 2012-04-05 13:30:31 danbri has quit (Read error: Connection reset by peer)
638 2012-04-05 13:30:36 <TD> base64 encoded DER makes me grateful for Satoshis choice of encoding :) still, the messages look straightforward enough
639 2012-04-05 13:30:48 <TD> technicalities aside, this is still fantastic for bitcoin
640 2012-04-05 13:32:26 <helo> easy for CAD citizens to buy bitcoin?
641 2012-04-05 13:32:38 <gmaxwell> The 24 bit values are unfortunate for bitcoin. If you use base units of satoshis it could only handle txn of 0.0167 btc.
642 2012-04-05 13:32:39 <helo> CA heh
643 2012-04-05 13:32:39 <TD> no
644 2012-04-05 13:32:40 phma has quit (Remote host closed the connection)
645 2012-04-05 13:33:09 <TD> the RCM has basically just validated the entire concept of irrevocable e-cash with strong privacy
646 2012-04-05 13:33:24 <TD> if you look at mintchips design goals, they're basically very similar to bitcoins, modulo the trusted central bank
647 2012-04-05 13:34:00 <TD> the RCM chiefs talked about bitcoin and their main criticism of it is basically "it's small and lacks backing from a credible institution" which is hardly a criticism at all, given its background
648 2012-04-05 13:34:08 <TD> so they just lent the whole project a lot of credibility
649 2012-04-05 13:34:16 <gmaxwell> ::nods::
650 2012-04-05 13:34:42 <TD> credibility and controversy are some of bitcoins biggest weaknesses. the RCM has just helped out a lot. so i'm very happy about that.
651 2012-04-05 13:34:50 <gmaxwell> It will also be interesting when mintchipv1 gets compromised ... and bitcoin remains secure. (admittadly, they've picked a _much_ harder problem for themselves)
652 2012-04-05 13:35:05 <sipa> in belgium we have a system called Proton; it's a debit card that does not require an online transaction (though it only works locally, using a trusted device that holds the merchant's card)
653 2012-04-05 13:35:09 <helo> the #1 source of skepticism of bitcoin is that (rather big) misconception, that value has to be based on something other than confidence
654 2012-04-05 13:35:12 <TD> and i guess we'll see how it goes. i won't rule out a "traditional" PKI/hardware based solution. they clearly understand the risks and plan rolling revocations of old hardware
655 2012-04-05 13:35:27 <sipa> i wonder if this is similar, but with the two deviced allows to be connected via the internet
656 2012-04-05 13:35:41 <TD> if somebody DOES start creating mintchip value for BTC (or some other payment) then the damage is limited as presumably they'd just do arbitrage
657 2012-04-05 13:35:55 <TD> traditional currencies have forgery too
658 2012-04-05 13:36:16 <helo> the RCM is backing that misconception even more, so i don't think it's really going to be viewed by most people as positive about bitcoin
659 2012-04-05 13:36:28 <gmaxwell> TD: yea, I made that argument in #bitcoin â though people rightly pointed out the marginal forgery cost may be very different, and the risk of being caught may be very different.
660 2012-04-05 13:36:31 <TD> the dollar is technologically in the stone age. it hasn't caused the dollar to collapse yet. it just means the SS has to spend a lot of time hunting down forgers, and when forgery does occur the inflation is swallowed by the populace
661 2012-04-05 13:36:59 <TD> well. that's true. but i bet you can forge dollars with pretty low risk. i read that north korea does it on an industrial scale
662 2012-04-05 13:37:50 <TD> helo: i disagree. i see lots of sources of skepticism of which that is only one, and a fairly intellectual source at that. things like "zomg crime!" or "what's wrong with credit cards?" seem to come up more frequently
663 2012-04-05 13:38:22 <delt0r> I have seen some forged 10EUR notes
664 2012-04-05 13:38:57 <delt0r> they were perfect ... except for the UV ink and the raised writing
665 2012-04-05 13:39:06 <gmaxwell> still... my mintchip forge may be a wall-wart computer hidden in a restaurant in the dominican republicâ accessible only over tor. :) and no one within 1000 miles of it knows it exists.
666 2012-04-05 13:39:07 <delt0r> but no one checks 10s
667 2012-04-05 13:39:57 <TD> i don't think it matters so much, actually
668 2012-04-05 13:40:04 <TD> forgery only becomes a problem if it gets scaled up
669 2012-04-05 13:40:15 <da2ce7> TD or becomes common place.
670 2012-04-05 13:40:16 <delt0r> Depends who is liable ...
671 2012-04-05 13:40:17 <TD> see: nigerians who forged so many south african $20 bills the entire bill had to be withdrawn and destroyed
672 2012-04-05 13:40:20 <TD> if you scale up
673 2012-04-05 13:40:33 <TD> then governments will start to ask questions about where you acquired your sudden wealth from
674 2012-04-05 13:40:45 <gmaxwell> what delt0r said.. if the issuer (or the whole mintchip using economy) is eating it.. then ... OKAY.
675 2012-04-05 13:40:49 <TD> if you don't scale up, then, the bleeding can be tolerated
676 2012-04-05 13:41:26 <TD> presumably if the mintchip using economy gets very large, the effect of forgery is inflation
677 2012-04-05 13:41:29 <delt0r> Someone like mintchip... they are going to have to be the ones liable for 2 reasons...
678 2012-04-05 13:41:40 <TD> if it doesn't, the effect is to pressure the exchanges profits, which turn into higher conversion fees and less overall usage.
679 2012-04-05 13:41:47 <delt0r> if they don't trust their own system why would anyone else
680 2012-04-05 13:41:55 danbri has joined
681 2012-04-05 13:42:03 <delt0r> and 2, they are the only ones that can fix the security...
682 2012-04-05 13:42:05 <TD> but the exchanges can (and presumably would) do the AML stuff to try and raise the bar for that
683 2012-04-05 13:42:20 <TD> delt0r: they can only be "liable" if the fraud can be detected
684 2012-04-05 13:42:33 <gmaxwell> TD: AML stuff won't help if the forgery can only be detected by imbalance.
685 2012-04-05 13:43:28 <TD> gmaxwell: AML rules (vague and problematic as they are) basically state that financial institutions are supposed to understand where their clients get their wealth from. it's as simple as that, in principle.
686 2012-04-05 13:43:55 <TD> gmaxwell: so if you turn up at an exchange with thousands of large value messages and ask to cash out into CAD, that would trigger AML checks. they'd ask you for business records, etc
687 2012-04-05 13:44:27 <TD> gmaxwell: the lingo the UK govt uses is "risk based checking" which is a fancy way of saying the rules on who and when you're supposed to investigate aren't well defined
688 2012-04-05 13:44:28 <gmaxwell> (e.g. setup bitcoin torsite to fill mintchips, then independant entrepreneurs use that to flood the retail market with $20 loaded chips (a $10 chip with some extra on it) which they sell for $20 instead of $25 or whatever.
689 2012-04-05 13:44:57 <delt0r> TD: true... part of the security triangle, prevention, detection, response
690 2012-04-05 13:45:10 <TD> yeah, if you set up a whole distribution hierarchy with yourself at the head, it gets harder because then the exchanges can't really do anything to stop people cashing out
691 2012-04-05 13:45:33 <TD> OTOH the top of the pyramid is still going to get extremely wealthy and unless you give it all away to charity or whatever, people are going to ask how this person without any obvious job suddenly owns 10 houses and 5 ferraris
692 2012-04-05 13:45:42 <gmaxwell> and no one will care much if they're buying possibly fraudlent mint if it can't be detected....
693 2012-04-05 13:45:51 <TD> the law has been handling this kind of thing for a long time
694 2012-04-05 13:45:52 ThomasV has joined
695 2012-04-05 13:45:53 <gmaxwell> TD: indeed, the classic laundering problem.
696 2012-04-05 13:46:11 <sipa> if the MintChip economy gets large enough, the top won't need to convert to CAD at all
697 2012-04-05 13:46:12 <TD> i don't think mintchip would collapse if a few enterprising individuals managed to extract private keys
698 2012-04-05 13:46:22 <TD> now, if it became possible with off the shelf hardware and software ..... that's something else
699 2012-04-05 13:46:28 graingert has joined
700 2012-04-05 13:46:34 <TD> the adventures DirecTV went through before switching off the HU keystream is an example of that
701 2012-04-05 13:46:45 <TD> sipa: but they'll still have a lot of unexplained wealth
702 2012-04-05 13:47:06 <TD> the only doomsday scenario i can see is if the system is broken hard and quickly enough that anyone can forge at home
703 2012-04-05 13:47:10 <gmaxwell> TD: well, you crack one.. but then you're foolish enough to give me a copy of its private keys and I post them on the internets.
704 2012-04-05 13:47:19 <gmaxwell> Then everyone can forge at home.
705 2012-04-05 13:47:24 zeiris has quit (Ping timeout: 264 seconds)
706 2012-04-05 13:47:30 <gmaxwell> (given someone writes the software)
707 2012-04-05 13:47:30 <TD> i think they could probably distribute blacklists of keys
708 2012-04-05 13:47:30 <delt0r> a classic class break...
709 2012-04-05 13:47:34 <TD> merchants certainly could
710 2012-04-05 13:47:44 <delt0r> but surly it would be designed to be resistant to that
711 2012-04-05 13:48:12 <gmaxwell> TD: stops being an offline system then.. and if it's as simple as they say that blacklist would be twarted by just indirecting through a card that hasn't yet heard the blacklist.
712 2012-04-05 13:48:23 <TD> smartcard security has been fairly extreme for a long time. i don't know how much of that is shared across the field or how much was proprietary to a few vendors
713 2012-04-05 13:48:31 <gmaxwell> (there are cryptographic protocols that could defend against all this, but I see no evidence that they're using them)
714 2012-04-05 13:48:42 <TD> but there are examples of chips that are apparently breakable only by {giant corporations, governments}
715 2012-04-05 13:48:58 <TD> gmaxwell: that's true
716 2012-04-05 13:49:21 <gmaxwell> TD: or, perhaps, people that work for {giant corporations, governments} and can borrow their resources if they think the risks are low enough..
717 2012-04-05 13:49:27 <TD> i wonder if they could incorporate chains of transactions into the sending messages
718 2012-04-05 13:49:29 <delt0r> I was under the impression that smart cards are still stuck in the 90s
719 2012-04-05 13:49:50 <TD> but yeah. it's true that you can effectively launder a stolen key through any other device
720 2012-04-05 13:49:55 <TD> hmm
721 2012-04-05 13:49:58 <TD> delt0r: in what way?
722 2012-04-05 13:50:15 <TD> delt0r: at least in the pay TV business i think cards stopped evolving around the early 2000s because the attacks went away
723 2012-04-05 13:50:25 <TD> not sure about other types of card.
724 2012-04-05 13:50:25 <delt0r> well look at their processing power specs or memory... its really low and quite pathetic.
725 2012-04-05 13:50:30 <gmaxwell> The risks here are pretty low.. take one totally anonymous card... extract its keys.. sell to a third party for $bigamount. No further interaction.
726 2012-04-05 13:50:31 <TD> they aren't designed for high end processing
727 2012-04-05 13:50:36 <TD> so that doesn't matter
728 2012-04-05 13:50:43 <gmaxwell> delt0r: They're what they need to be... no more, because its a tradeoff with security and cost.
729 2012-04-05 13:50:56 <delt0r> yea... but that is my point
730 2012-04-05 13:51:03 <TD> they're designed to be as secure as possible for their given application.
731 2012-04-05 13:51:04 <delt0r> they really struggle to do ecdsa
732 2012-04-05 13:51:09 * TD shrugs
733 2012-04-05 13:51:14 <gmaxwell> TD: the pay tv stuff is a different beast because it's all online. ::shrugs::
734 2012-04-05 13:51:16 <TD> if there was demand for chips that could do ECDSA they'd be greated
735 2012-04-05 13:51:19 <TD> created
736 2012-04-05 13:51:20 <gmaxwell> offline is much harder.
737 2012-04-05 13:51:26 <TD> RSA works well enough that i guess there's not much demand
738 2012-04-05 13:51:57 <TD> gmaxwell: well, it's kind of online - it's broadcast so if you compromise a card it can't easily be blacklisted. or at least it couldn't be back then. i think subset difference trees hadn't been invented when all this was taking place.
739 2012-04-05 13:52:21 <TD> they played games for a while with software updates and such. eventually they phased out the old generation of cards with ones that could not be glitched.
740 2012-04-05 13:52:33 <delt0r> TD: that is like saying that if there is demand for high security on the pc we would have it... demand does not always follow needs are close as we are told in class
741 2012-04-05 13:52:39 <TD> that was the end of joe sixpack distributing hardware that could be used to grant full access to every pay tv channel (on directv ... not other networks)
742 2012-04-05 13:53:13 <TD> delt0r: for most system designers RSA vs ECDSA isn't a big deal. in fact RSA is better because it's been around longer and is more widely known. Satoshi chose ECDSA purely because he was worried about disk space/bandwidth
743 2012-04-05 13:53:19 <TD> which is a very unusual design constraint
744 2012-04-05 13:53:31 copumpkin has quit (Quit: Computer has gone to sleep.)
745 2012-04-05 13:53:45 <gmaxwell> TD: one of the people around the #bitcoin channels is one of the very few people tho have gone to prison under the DMCA, for sat card hacking. I'm kinda surprised he hasn't commented on the mint stuff.
746 2012-04-05 13:53:54 <TD> really?
747 2012-04-05 13:53:57 pavel__ has quit (Ping timeout: 252 seconds)
748 2012-04-05 13:53:59 <TD> do you know his name?
749 2012-04-05 13:54:08 <delt0r> I know that even RSA (the company) is moving to EC stuff now. RSA keys are too big
750 2012-04-05 13:54:11 <gmaxwell> I do, but I don't know if he wants it known. :)
751 2012-04-05 13:54:35 <delt0r> probably not
752 2012-04-05 13:55:24 zeiris has joined
753 2012-04-05 13:55:54 <TD> well there aren't so many people who meet that criteria, as you say :)
754 2012-04-05 13:56:06 <TD> presumably forging mintchips would be considered worse than a DMCA violation, in the laws eyes
755 2012-04-05 13:56:50 <sipa> delt0r: if you need 256-bit security, ECC keys are 512 bit (a bit less, actually), while RSA keys are 15 kbit
756 2012-04-05 13:57:02 <delt0r> Well i am at a uni, quite a big one. Getting hold of some advanced equipment that could help would be pretty easy for a lot of people
757 2012-04-05 13:57:13 <TD> having the equipment isn't enough
758 2012-04-05 13:57:23 <TD> it's not like you just point an SEM at the chip and you're done
759 2012-04-05 13:58:00 <TD> you need time, skills. if you want a repeatable hack you need to find a software or some kind of glitching-type flaw, and there might not be any. or invent some totally new technique i guess.
760 2012-04-05 13:58:01 <delt0r> sipa: yea... that was the reason for moving to EC stuff. Since attacks on EC fields are still giant step baby step
761 2012-04-05 13:58:04 <TD> i think the real risk is as gmaxwell says
762 2012-04-05 13:58:20 <TD> if you're able to extract one key, once, you can then launder value messages through any other device to make the origin untraceable
763 2012-04-05 13:58:26 <TD> the chips appear to keep a transaction log
764 2012-04-05 13:58:56 <TD> but it has almost no data in it. or at least not exposed via the api
765 2012-04-05 13:59:01 <delt0r> TD: but if that is not much money... its a lot of effort
766 2012-04-05 13:59:16 <delt0r> SEM etc.. really are only worth it for a class break i would think
767 2012-04-05 13:59:26 <gmaxwell> well, and you can isolate these exchanges across the internet. So you have third parties who have no clue who you are, handling the other devices you're laundering throughâ paying you in some other way.
768 2012-04-05 13:59:28 <TD> the question is, if you extract one private key, is that a class break?
769 2012-04-05 13:59:36 <gmaxwell> delt0r: every break is a class break, I think.
770 2012-04-05 14:00:01 <gmaxwell> at least if they're (1) not doing super fancy crypto, (2) their privacy claims are true.
771 2012-04-05 14:00:04 <TD> with SEMs you can, at least theoretically, read the key right out of the atoms that make up the storage or RAM
772 2012-04-05 14:00:15 <delt0r> gmaxwell: my deffinition is that by breaking one card i can create my own mint.. rather than just steal the value of that card
773 2012-04-05 14:00:17 <TD> there are ways to protect against that but i'm not sure any of them are foolproof
774 2012-04-05 14:00:18 cdecker has quit (Ping timeout: 245 seconds)
775 2012-04-05 14:00:28 <TD> delt0r: so the card has no scarce resources inside it
776 2012-04-05 14:00:36 <TD> delt0r: it simply has an "int balance" field in it somewhere
777 2012-04-05 14:00:37 <gmaxwell> delt0r: you can remove scarcity.
778 2012-04-05 14:00:57 <TD> delt0r: if you can extract the private key from the card you can create as much money as you like until you are caught, pretty much
779 2012-04-05 14:01:06 <TD> yeah the more i think about this, the more risky it seems
780 2012-04-05 14:01:06 <delt0r> TD: it is pretty easy with a SEM.. n type and p type etc look different.. and you can read flash ram quite easily as well
781 2012-04-05 14:01:36 <delt0r> TD: not if its a key for "1000USD or less"
782 2012-04-05 14:01:42 <gmaxwell> delt0r: e.g. you can take what was a $1 card .... and produce as much money as you want from a computer program. That sounds like a class break to me.
783 2012-04-05 14:01:44 <TD> delt0r: yes, but it gets harder if the chips are shielded and have meshes on top, etc. what's more the key may itself be heavily obfuscated in storage (not in contiguous chunks, implemented as a whitebox, etc)
784 2012-04-05 14:01:57 <gmaxwell> delt0r: if they can limit it (1) they must use fance crypto, or (2) their privacy claims are bogus.
785 2012-04-05 14:02:01 <delt0r> or something like that... i am assuming that there is double spending checking happening
786 2012-04-05 14:02:03 <TD> but given that the system would collapse if only a single key got leaked ..... hmm indeed
787 2012-04-05 14:02:25 <gmaxwell> s/fance/fancy/
788 2012-04-05 14:02:43 <TD> delt0r: i think you can make key extraction _extremely_ difficult. that doesn't change the fact that the protocol, as described, would be rendered instantly obsolete if somebody managed it and then lost control of that key.
789 2012-04-05 14:02:47 <delt0r> gmaxwell: yea that is a class break... i would assume that such a system must fail in a fairly short time.. so that there must be some way of not having that
790 2012-04-05 14:02:51 <gmaxwell> and if they do limit, there is still a question of who is left holding the bag for doublespends.
791 2012-04-05 14:02:51 <TD> if the system is successful huge amounts of value would be at stake
792 2012-04-05 14:03:03 <delt0r> otherwise i can't see it as a viable system...
793 2012-04-05 14:03:26 <gmaxwell> delt0r: I mean cash has their property too.. though there is a higher marginal cost once broken.
794 2012-04-05 14:03:33 <delt0r> Yea... i generally aggress with your claims gmaxwell
795 2012-04-05 14:03:41 <delt0r> agree
796 2012-04-05 14:03:52 has quit (Clown|!Clown@static-87-79-93-140.netcologne.de|Ping timeout: 265 seconds)
797 2012-04-05 14:04:15 <gmaxwell> In cash we 'solve that' by simply not detecting sufficiently good forgeries and just letting it become inflation.
798 2012-04-05 14:04:27 zeiris has quit (Ping timeout: 272 seconds)
799 2012-04-05 14:04:53 <delt0r> gmaxwell: in fact i think the mint swallows it... don't they.. its detected typically i would think
800 2012-04-05 14:05:02 <delt0r> at least at the banks
801 2012-04-05 14:05:19 <gmaxwell> (in fact, cash forgery detection could be _greatly_ improved (e.g. include a machine readable digital signature on the serial number.. have banks keep inventories of the serials they've seen))
802 2012-04-05 14:05:25 <gmaxwell> (but we don't bother)
803 2012-04-05 14:05:36 <delt0r> yea... always wondered why
804 2012-04-05 14:05:44 <gmaxwell> because we don't want to know.
805 2012-04-05 14:06:01 <delt0r> my theory is that its ok as long as we all believe forgery is not a big deal
806 2012-04-05 14:06:07 <delt0r> heh yea
807 2012-04-05 14:06:33 <gmaxwell> Yep. .. the difficulty of hiding money-from-nowhere and the enormous startup costs keeps it under control.
808 2012-04-05 14:07:04 gavinandresen has joined
809 2012-04-05 14:07:08 <gmaxwell> esp the fact that startup costs >> income most people can plausably hide. (though state actors don't have the income hiding problem :) )
810 2012-04-05 14:07:29 <delt0r> what i find as odd is the USD, seems that it is by far the easiest to fake...
811 2012-04-05 14:08:14 <delt0r> gmaxwell: startup cost would be hard to hide ... well its getting lower.. and offset printer is quite cheap these days
812 2012-04-05 14:08:22 <gmaxwell> Hm. Nasa should totally start printing their own cash. Budget problems solved! :)
813 2012-04-05 14:08:29 <delt0r> but that not even half what you need of course
814 2012-04-05 14:09:01 <delt0r> well back to mint chip... how do they prevent this problem...
815 2012-04-05 14:09:23 <delt0r> I don't believe that the chips can be made so good that you can't break into them
816 2012-04-05 14:09:51 <delt0r> and if you can then "print your own money" they initial costs and risks become worth it
817 2012-04-05 14:10:00 <sipa> they can probably make it very hard to break the chip
818 2012-04-05 14:10:18 Joric_ has joined
819 2012-04-05 14:10:18 Joric_ has quit (Changing host)
820 2012-04-05 14:10:18 Joric_ has joined
821 2012-04-05 14:10:18 <sipa> never impossible, but when the cost of breaking exceeds the potential gain...
822 2012-04-05 14:11:09 <delt0r> yea but if you only need to break one.... and if the system is around for a while
823 2012-04-05 14:11:24 <delt0r> the chance that one has been cracked tends tp P=1
824 2012-04-05 14:11:34 Joric has quit (Ping timeout: 260 seconds)
825 2012-04-05 14:14:51 cdecker has joined
826 2012-04-05 14:15:45 <helo> so bitcoin's corresponding criticism of mintchip is that it isn't secure
827 2012-04-05 14:16:46 james_asd has joined
828 2012-04-05 14:16:53 james_asd is now known as james
829 2012-04-05 14:17:23 james is now known as Guest84435
830 2012-04-05 14:17:35 superjames has quit (Ping timeout: 246 seconds)
831 2012-04-05 14:18:42 <eps> mintchip is a trusted computing device?
832 2012-04-05 14:18:51 <delt0r> well I don't have a problem with a centrally managed currency (i know that others here don't agree, but meh).. my problem with their current system is too much security by obscurity
833 2012-04-05 14:18:52 bitvampire has joined
834 2012-04-05 14:18:53 <user_> etotheipi_: i'm writing things that doesn't make sense here: https://bitcointalk.org/index.php?topic=75481.0
835 2012-04-05 14:19:00 <eps> it would be good to put this stuff to the test
836 2012-04-05 14:19:01 <delt0r> eps: that is the idea
837 2012-04-05 14:19:01 <da2ce7> helo: mintchip: "bitcoin is not backed by anything" bitcoin: "mintchip is insecure"
838 2012-04-05 14:19:08 <helo> yep :)
839 2012-04-05 14:19:12 <TD> eps: yes, effectively
840 2012-04-05 14:19:16 <Joric_> minichip is just like bitcoins except all good things
841 2012-04-05 14:19:35 <delt0r> Joric_: not really... it could in fact be way more insecure
842 2012-04-05 14:19:47 <delt0r> as in trivial to double spend
843 2012-04-05 14:19:48 <TD> da2ce7: well, it's hard to make rational arguments about the security of a closed system, which mintchip is.
844 2012-04-05 14:20:07 <TD> da2ce7: RCM would just say "it is so" and how do you argue against that? the best argument is the systems brittleness
845 2012-04-05 14:20:08 <da2ce7> Joric_: https://twitter.com/#!/da2ce7/status/187907123445903360
846 2012-04-05 14:20:09 <gavinandresen> etotheipi_: RE: escrow: can we agree on whether Alice is sending bitcoins to Bob or Bob to Alice? Our two proposals have them in opposite roles....
847 2012-04-05 14:20:10 <Joric_> backed up by moose
848 2012-04-05 14:20:10 <da2ce7> thkx
849 2012-04-05 14:20:12 Diapolo has joined
850 2012-04-05 14:20:14 <delt0r> TD: in which case i refer to all other closed systems that have been broken
851 2012-04-05 14:20:15 <Diapolo> hi
852 2012-04-05 14:20:25 <TD> open doesn't mean secure :-)
853 2012-04-05 14:20:29 cdecker has quit (Ping timeout: 244 seconds)
854 2012-04-05 14:20:35 <TD> bitcoin had some pretty serious security flaws in the early days
855 2012-04-05 14:20:52 <delt0r> TD: no, but it means more people can vet it... you can find problems before final deplyment
856 2012-04-05 14:20:55 <gavinandresen> .... like the one that allowed anybody to spend anybody else's bitcoins....
857 2012-04-05 14:21:00 <TD> gavinandresen: indeed :)
858 2012-04-05 14:21:03 <Diapolo> but open means many eyes looked over it and not a closed circle, right?
859 2012-04-05 14:21:06 <eps> heh really?
860 2012-04-05 14:21:10 bitvampire has quit (Remote host closed the connection)
861 2012-04-05 14:21:19 <sipa> TD: but there were remarkably few, it seems to be; yes there were very serious mistakes, but once those were fixed...
862 2012-04-05 14:21:20 <TD> at any rate
863 2012-04-05 14:21:27 <eps> can you guys re-introduce that one so I can make use of it
864 2012-04-05 14:21:30 <TD> i don't think we should see bitcoin and mintchip as cutthroat-competitors
865 2012-04-05 14:21:43 <da2ce7> gavinandresen: how many bitcoin's have been countified?
866 2012-04-05 14:21:47 <TD> the mintchip guys share our goals more or less, except for the controlled inflation
867 2012-04-05 14:21:51 <gavinandresen> da2ce7: zero
868 2012-04-05 14:21:54 <da2ce7> :)
869 2012-04-05 14:21:57 <TD> their system isn't even launched yet. they have plenty of time to upgrade it
870 2012-04-05 14:22:01 <TD> eg, with a global transaction log
871 2012-04-05 14:22:24 <gavinandresen> There have been smart-card-based cash systems before, and there ARE smart-card-based systems now, right?
872 2012-04-05 14:22:25 <helo> after it launches, no upgrading though :/
873 2012-04-05 14:22:28 <TD> their current setup is brittle in the extreme, but they could probably get it to the point where it's "good enough". and then issues like project management and branding can become more important
874 2012-04-05 14:22:34 <sipa> gavinandresen: you said you didn't like macro's... but you can't get rid of them if you want meaningful debug output from the deadlock detection
875 2012-04-05 14:22:38 <Diapolo> Starting a debug-session in Qt Creator is THAT damn slow ... argh.
876 2012-04-05 14:22:44 <TD> helo: actually they claim they can and will constantly revoke old hardware and upgrade to new hardware. i am skeptical but they could try
877 2012-04-05 14:22:52 <gavinandresen> sipa: good reason to keep them
878 2012-04-05 14:23:08 has joined
879 2012-04-05 14:23:20 <helo> if it can be offline or online, presumably the extra cost of using it online will cause most people to use it offline... so how does revocation work in that case?
880 2012-04-05 14:23:29 <sipa> gavinandresen: a much simpler abstraction around them could be used if we hade a scoped_lock-like thing, instead of a code block condition, though
881 2012-04-05 14:23:59 <eps> making a system that works offline will give it a short shelflife
882 2012-04-05 14:24:03 <sipa> i don't think it's hard, but i'm not sure it's worth it if we have to keep the macros anyway
883 2012-04-05 14:24:14 Turingi has joined
884 2012-04-05 14:24:14 <helo> you'll just periodically need to connect to the internet to sync up with the central servers
885 2012-04-05 14:24:15 <eps> cos online systems will always be more secure
886 2012-04-05 14:24:38 <Diapolo> sipa: did you try -fstack-protector-all, too or did you use Gitian with the removed workaround?
887 2012-04-05 14:24:51 <sipa> Diapolo: i just tested building your commit
888 2012-04-05 14:25:00 <Diapolo> okay
889 2012-04-05 14:25:22 <Diapolo> didn't want to open one for -fstack-protector-all as I don't have any Gitian knowledge ^^
890 2012-04-05 14:25:24 <Joric_> i've seen canadian money, no wonder they're trying to get rid of them :D
891 2012-04-05 14:25:25 <delt0r> There are ways to do offline ecash...with blind sigs.. but as i understand you can only spend once without getting the clearing house involved again
892 2012-04-05 14:26:37 <eps> the orderbook should be open, like bitcoin
893 2012-04-05 14:26:49 <eps> that's bitcoins real innovation if you ask me
894 2012-04-05 14:26:59 suriv has joined
895 2012-04-05 14:27:25 erle- has quit (Quit: erle-)
896 2012-04-05 14:27:34 copumpkin has joined
897 2012-04-05 14:27:34 <delt0r> eps: i would agree.. but in fact the real innovation was to give incentives for participating in the network
898 2012-04-05 14:28:03 <TD> bitcoin could use smartcard technology to make offline trades easier
899 2012-04-05 14:28:30 <TD> well, easier/more trustable
900 2012-04-05 14:28:50 <TD> it'd be good to see a kind of hybrid of mintchip+bitcoin. i think there are strengths in both that could be combined.
901 2012-04-05 14:28:54 <Joric_> are mintchip transactions reversible by the way?
902 2012-04-05 14:29:02 Joric_ is now known as Joric
903 2012-04-05 14:29:47 <TD> the system is too simple to have any concept of "reversibility"
904 2012-04-05 14:30:07 <TD> you literally just exchange a signed message saying "i am subtracting X from my balance, you should add X to yours"
905 2012-04-05 14:30:33 gp5st has joined
906 2012-04-05 14:30:38 gp5st has left ()
907 2012-04-05 14:30:52 Diapolo has quit (Quit: Page closed)
908 2012-04-05 14:32:57 <delt0r> TD: so your saying the the only security of the system is the chip
909 2012-04-05 14:33:00 <TD> yes
910 2012-04-05 14:33:43 cdecker has joined
911 2012-04-05 14:33:57 <TD> there's a thing called the "TAC" too
912 2012-04-05 14:33:58 <TD> "The Transaction Authentication Code(TAC), is generated by a MintChip and used by the Royal Mint as a additional check of authenticity."
913 2012-04-05 14:34:04 <delt0r> seems too fragile to me
914 2012-04-05 14:34:05 <helo> identities will presumably be tied to the chips, and whenever a chip is used in a device with internet connectivity, all of the transactions between everyone will be uploaded and verified
915 2012-04-05 14:34:10 <TD> it's not clear to me what that is for or how it works. their system is not well documented on the site
916 2012-04-05 14:34:18 <TD> helo: well they claim that won't be the case
917 2012-04-05 14:34:31 <TD> presumably you could just buy them on the street for regular cash
918 2012-04-05 14:34:33 <helo> TD: the identity prat, or the transaction history part?
919 2012-04-05 14:34:42 <TD> identity part
920 2012-04-05 14:34:45 <TD> they're pretty big on privacy
921 2012-04-05 14:35:18 <delt0r> if they are serious about replacing real cash, they have to be
922 2012-04-05 14:35:40 Nicksasa has joined
923 2012-04-05 14:35:40 Nicksasa has quit (Changing host)
924 2012-04-05 14:35:40 Nicksasa has joined
925 2012-04-05 14:36:35 <helo> without identities, i guess they could still use transaction histories to detect when something weird is going on
926 2012-04-05 14:36:47 zeiris has joined
927 2012-04-05 14:37:00 <TD> assuming they have them. it's supposed to be an offline system
928 2012-04-05 14:37:36 <TD> http://ideas.mintchipchallenge.com/
929 2012-04-05 14:37:38 <TD> pretty weak
930 2012-04-05 14:37:42 <helo> i think it must be "can be used for offline transactions", but that online interaction is important. otherwise there is no way to enforce revocation
931 2012-04-05 14:37:48 <TD> "A digital currency can be used for buying things online without a credit card" is one of the ideas
932 2012-04-05 14:39:24 * helo submits "Human, drug, and weapons trafficking."
933 2012-04-05 14:39:33 <TD> haha
934 2012-04-05 14:39:40 <TD> it doesn't seem like that kind of ideas board
935 2012-04-05 14:40:16 <Joric> i doubt 'Royal Mint' allows that
936 2012-04-05 14:42:01 <helo> without transaction histories being uploaded whenever possible, it would be pretty difficult for them to detect Bad Things
937 2012-04-05 14:43:16 vigilyn has joined
938 2012-04-05 14:43:30 <Joric> an inflationary bitcoin with a central authority... hmm... could work :D
939 2012-04-05 14:48:06 <helo> good luck convincing the deflationary bitcoin holders to buy any :)
940 2012-04-05 14:49:02 fiddur has quit (Quit: Leaving.)
941 2012-04-05 14:53:20 <nanotube> and 1 mintchip < 1 bitcoin atm anyway :)
942 2012-04-05 14:54:23 <sipa> a "mintchip" is a device, not a currency
943 2012-04-05 14:55:23 <Joric> on the other hand, 1 Canadian dollar = 1.00361 U.S. dollars
944 2012-04-05 14:56:25 <Joric> oops 1.0021 U.S. dollars it was better yesterday i swear
945 2012-04-05 14:57:42 <TD> http://blockchain.info/tx-index/3618498/4005d6bea3a93fb72f006d23e2685b85069d270cb57d15f0c057ef2d5e3f78d2
946 2012-04-05 14:57:43 <TD> eh?
947 2012-04-05 14:57:47 <TD> what's up with that? bug in blockchain.info?
948 2012-04-05 14:59:15 <gavinandresen> That's the 'poison' invalid BIP16 transaction
949 2012-04-05 14:59:33 suriv has left ()
950 2012-04-05 14:59:34 <sipa> TD: it's included in all those blocks, but none of those blocks are in the main chain
951 2012-04-05 14:59:43 <TD> ah
952 2012-04-05 14:59:59 <TD> miners on 0.6.0rc1 keep trying to include it?
953 2012-04-05 15:00:13 <gavinandresen> miners on any non-BIP16-compatible release try to include it
954 2012-04-05 15:00:19 lh77 has quit ()
955 2012-04-05 15:00:26 <TD> right, of course
956 2012-04-05 15:00:45 <TD> i guess it has caused the chain to slow down a bit
957 2012-04-05 15:00:54 <nanotube> ;;bc,diffchange
958 2012-04-05 15:00:55 <gribble> Estimated percent change in difficulty this period | -2.69474266073 % based on data since last change | -9.9320882586 % based on data for last three days
959 2012-04-05 15:01:00 <nanotube> yes it has. :)
960 2012-04-05 15:01:10 blinkbat has joined
961 2012-04-05 15:01:58 <TD> 10% drop in speed for a forking change. interesting.
962 2012-04-05 15:02:03 <TD> not as high as i'd feared :)
963 2012-04-05 15:02:08 <gmaxwell> Not RC1 but pre-RC1.
964 2012-04-05 15:02:38 <gmaxwell> It's lower than you feared in part becaues of the large hashrate not mining transactions :( they're only hurt by the secondary effects. (they extend bum chains)
965 2012-04-05 15:03:01 <TD> oh yes :(
966 2012-04-05 15:03:06 <Diablo-D3> well
967 2012-04-05 15:03:07 <TD> forgot about that
968 2012-04-05 15:03:11 <Diablo-D3> they'll figure it out soon enough
969 2012-04-05 15:03:14 <Diablo-D3> when they stop making money
970 2012-04-05 15:03:18 <gmaxwell> It's been almost a week.
971 2012-04-05 15:03:43 <gmaxwell> I expect that 50btc should be out of money now.
972 2012-04-05 15:04:18 <TD> assuming there's a single, somewhat competent "they" and it's not just a collection of skiddies using a tool
973 2012-04-05 15:04:40 <Diablo-D3> td: its the same thing
974 2012-04-05 15:04:46 <Diablo-D3> they look at their wallet
975 2012-04-05 15:04:50 <Diablo-D3> they realize it has no money in it
976 2012-04-05 15:04:51 <gmaxwell> anyone here a gpumax user want to tell me if 50btc is one of the prefab options you can mine on? It'll be interesting to see how the collapse caused by a few pools reniging on their obligations also blows up hopping/laundering/gambling proxy services.
977 2012-04-05 15:05:15 <Diablo-D3> gmaxwell: ITYM "lulz"
978 2012-04-05 15:06:08 <graingert> gmaxwell: http://blockchain.info/tx-index/3618498/4005d6bea3a93fb72f006d23e2685b85069d270cb57d15f0c057ef2d5e3f78d2
979 2012-04-05 15:06:25 <gmaxwell> graingert: yes? what about it?
980 2012-04-05 15:06:26 <graingert> ah I see that's already the topic
981 2012-04-05 15:06:31 <graingert> woops
982 2012-04-05 15:06:59 <gmaxwell> $ grep '4005d6bea3a' \#bitcoin*.log | grep 'gmaxwell>' | wc -l
983 2012-04-05 15:06:59 <gmaxwell> 12
984 2012-04-05 15:07:08 <graingert> lol
985 2012-04-05 15:07:22 <TD> haha
986 2012-04-05 15:07:31 paulo_ has quit (Ping timeout: 260 seconds)
987 2012-04-05 15:07:33 <TD> i guess i should get back to coding
988 2012-04-05 15:07:41 <sipa> gmaxwell obviously has a #bitcoin-gmaxwell channel in which he talks a lot to himself
989 2012-04-05 15:07:47 <graingert> so 3 designates a p2sh?
990 2012-04-05 15:07:47 cande has quit (Ping timeout: 272 seconds)
991 2012-04-05 15:07:47 <Diablo-D3> er
992 2012-04-05 15:07:51 <Diablo-D3> wtf is with that strange tx?
993 2012-04-05 15:07:53 <gmaxwell> (and in fact there are moreâ I didn't include #p2pool)
994 2012-04-05 15:07:59 <graingert> why was it accepted by anyone?
995 2012-04-05 15:08:18 <gmaxwell> graingert: because it's valid under the old rules. blockchain.info's decode is incorrect/misleading.
996 2012-04-05 15:08:26 <graingert> oh ofc
997 2012-04-05 15:08:29 <graingert> it doesn't have the 3
998 2012-04-05 15:08:34 <graingert> in the tx
999 2012-04-05 15:08:48 <graingert> nice
1000 2012-04-05 15:08:52 <graingert> who made it?
1001 2012-04-05 15:08:53 <gmaxwell> (they appearntly only show the packed script in a p2sh spend)
1002 2012-04-05 15:08:56 <sipa> "the 3" is something that appears in the address, not in the transaction
1003 2012-04-05 15:09:04 <gmaxwell> Who knowsâ it could have been an honest mistake.
1004 2012-04-05 15:09:07 <sipa> an address is only a template for a transaction output
1005 2012-04-05 15:09:12 <gmaxwell> It almost looks like a valid transaction.
1006 2012-04-05 15:09:19 <Diablo-D3> so this is only valid on the broken chain?
1007 2012-04-05 15:09:25 <gmaxwell> Diablo-D3: yes.
1008 2012-04-05 15:09:36 <gmaxwell> Thats why it keeps getting mined and whoever mines it loses.
1009 2012-04-05 15:09:55 <Diablo-D3> but why does it continue to keep... um
1010 2012-04-05 15:10:04 <MasterChief> are 0 fees still being mined
1011 2012-04-05 15:10:07 <gavinandresen> it passes the old IsStandard test
1012 2012-04-05 15:10:12 <Diablo-D3> oh
1013 2012-04-05 15:10:14 <Diablo-D3> I know why
1014 2012-04-05 15:10:19 <Diablo-D3> all those included in blocks are orphans arent they
1015 2012-04-05 15:10:26 <graingert> so who released the poison tx?
1016 2012-04-05 15:10:29 <gmaxwell> MasterChief: sure. Assuming they meet the anti-dos rules.
1017 2012-04-05 15:10:31 <graingert> released/unleashed
1018 2012-04-05 15:10:45 <gmaxwell> < gmaxwell> Who knowsâ it could have been an honest mistake. < gmaxwell> It almost looks like a valid transaction.
1019 2012-04-05 15:10:47 <MasterChief> just a normal low btc txn
1020 2012-04-05 15:11:17 <Diablo-D3> [11:09:14] <Diablo-D3> all those included in blocks are orphans arent they
1021 2012-04-05 15:11:24 <graingert> yes
1022 2012-04-05 15:11:27 <gmaxwell> MasterChief: https://en.bitcoin.it/wiki/Transaction_fees
1023 2012-04-05 15:11:29 <Diablo-D3> lawlz
1024 2012-04-05 15:11:36 <Diablo-D3> you know
1025 2012-04-05 15:11:36 <graingert> because they are all invalid to >50% of hash power
1026 2012-04-05 15:11:41 <Diablo-D3> maybe we fixed the bot problem for awhile
1027 2012-04-05 15:11:55 <Diablo-D3> if those are all botfags, then they're mining on a useless chain
1028 2012-04-05 15:12:01 <MasterChief> i wonder how long the free minig can last
1029 2012-04-05 15:12:08 <Diablo-D3> MasterChief: free?!
1030 2012-04-05 15:12:15 <Diablo-D3> no one told me about free mining!
1031 2012-04-05 15:12:20 <Diablo-D3> I have to _pay_ for mmine!
1032 2012-04-05 15:12:37 <MasterChief> free for the sender
1033 2012-04-05 15:12:55 <Diablo-D3> meh
1034 2012-04-05 15:13:02 <Diablo-D3> all the major pools should reject feeless tx
1035 2012-04-05 15:13:12 <gmaxwell> Diablo-D3: stop being silly.
1036 2012-04-05 15:13:21 <Diablo-D3> s/silly/greedy/
1037 2012-04-05 15:13:40 <gmaxwell> People spaz out about fees even when they're tiny. They have a disproportionally negative effect on adoption.
1038 2012-04-05 15:14:17 <MasterChief> http://uk.gamespot.com/kinect-star-wars/videos/just-the-way-you-are-kinect-star-wars-gameplay-6369860/?contsessid=51647ed23803a8cca195456fd9b72fd0&prevBounce=6369707 youve gone too far this time xbox
1039 2012-04-05 15:14:39 <Diablo-D3> MasterChief: I SAW THAT EARLIER
1040 2012-04-05 15:14:42 <Diablo-D3> IT MAKES ME ANGRY
1041 2012-04-05 15:14:49 <Diablo-D3> STAR WARS IS NOT A FUCKING DANCE CONTEST
1042 2012-04-05 15:14:53 <MasterChief> share the pain brother
1043 2012-04-05 15:15:13 <sipa> star wars was a christmas holiday special tv thing, right? ;)
1044 2012-04-05 15:15:13 <Diablo-D3> GEORGE LUCAS IS CONFIRMED GAY
1045 2012-04-05 15:15:20 <da2ce7> Starwars died when the character ja-ja binks was written.
1046 2012-04-05 15:15:22 <Diablo-D3> sipa: I will beat you with a crowbar
1047 2012-04-05 15:15:34 <sipa> Diablo-D3: i actually downloaded it
1048 2012-04-05 15:15:39 <sipa> that was really unwatchable
1049 2012-04-05 15:15:42 <MasterChief> you think if we raised funds we could buy the rights to star wars and lock them away in a vault forever and ever and ever and ever
1050 2012-04-05 15:15:52 <Diablo-D3> I made it as far as the pink walking rug and bauled
1051 2012-04-05 15:16:12 <Diablo-D3> MasterChief: over george lucas' dead fat body
1052 2012-04-05 15:16:25 <Diablo-D3> remember, no vaporization
1053 2012-04-05 15:16:36 <Diablo-D3> I want him alive
1054 2012-04-05 15:16:48 <gavinandresen> i like the pelvic thrusts. needs more cowbell, though
1055 2012-04-05 15:17:04 <MasterChief> oh god
1056 2012-04-05 15:17:09 paulo_ has joined
1057 2012-04-05 15:17:12 <MasterChief> and the words are right on the groin area
1058 2012-04-05 15:17:13 <MasterChief> why
1059 2012-04-05 15:17:24 <MasterChief> its a kids game
1060 2012-04-05 15:17:33 <MasterChief> literally could not be more offensive
1061 2012-04-05 15:18:04 <gavinandresen> that's so bad it makes me happy
1062 2012-04-05 15:18:52 <Diablo-D3> IT MAKES ME ANGRY
1063 2012-04-05 15:19:07 <Diablo-D3> seriously, star wars is a universe ABOUT DEATH
1064 2012-04-05 15:19:08 <gmaxwell> Where is the quote bot when we need it? "gavinandresen> i like the pelvic thrusts. needs more cowbell, though"
1065 2012-04-05 15:19:10 <Diablo-D3> EVERYONE DIES
1066 2012-04-05 15:19:17 <Diablo-D3> _EVERYONE_ DIES
1067 2012-04-05 15:19:25 <Diablo-D3> THEY DONT HAVE TIME TO PELVIC THRUST
1068 2012-04-05 15:19:28 <Diablo-D3> THEY'RE _TOO BUSY DYING_
1069 2012-04-05 15:19:34 <MasterChief> so anyway if i send a 0 fee txn will it mine before we find out if proton decay is real or not
1070 2012-04-05 15:20:05 <sipa> ;;quote
1071 2012-04-05 15:20:05 <gribble> Error: "quote" is not a valid command.
1072 2012-04-05 15:20:37 <Diablo-D3> HAN SOLO DIES! CHEWBACCA DIES! LUKE SKYWALKER DIES!
1073 2012-04-05 15:20:47 <Diablo-D3> DYKE SPIES!
1074 2012-04-05 15:21:39 * sipa finds Diablo-D3's lack of lowercase... disturbing
1075 2012-04-05 15:22:06 <Joric> try pressing the the Caps Lock key
1076 2012-04-05 15:23:01 * da2ce7 gives Diablo-D3 a Starwars Luke Dole, so he can hold it and calm down.
1077 2012-04-05 15:23:16 <riush_> http://bash.org/?835030
1078 2012-04-05 15:23:43 <sipa> github mails me for every comment made on a pull request, but to find out one has been merged, i need to visit the site
1079 2012-04-05 15:24:07 <Diablo-D3> sipa: ...
1080 2012-04-05 15:30:06 <sipa> gavinandresen: is #883 0.6.1 material?
1081 2012-04-05 15:30:44 <Diablo-D3> so how does one start a BIP?
1082 2012-04-05 15:30:52 <sipa> Diablo-D3: read BIP 0001
1083 2012-04-05 15:31:13 <Diablo-D3> because I think we need a bip that covers shitlisting old versions
1084 2012-04-05 15:31:50 <sipa> define shitlisting
1085 2012-04-05 15:32:18 <Diablo-D3> dont allow connecting to any version more than 5 minor versions behind
1086 2012-04-05 15:32:48 <Diablo-D3> so 0.9.0 would be the first one to do it, it wouldn't allow connecting any 0.3.x
1087 2012-04-05 15:33:02 <sipa> great way to create network partitions
1088 2012-04-05 15:33:03 <gavinandresen> submit a pull for a command-line -minpeerversion=....
1089 2012-04-05 15:34:27 <Diablo-D3> sipa: we already did
1090 2012-04-05 15:34:31 <Diablo-D3> and we did it much earlier
1091 2012-04-05 15:34:46 <gmaxwell> No we didn't.
1092 2012-04-05 15:34:51 <Diablo-D3> we're only at 0.6.0, and anything below 0.2.x cant connect
1093 2012-04-05 15:34:58 <sipa> 0.2.10
1094 2012-04-05 15:35:02 <sipa> indeed
1095 2012-04-05 15:35:10 <gmaxwell> (unless you mean the version flag)
1096 2012-04-05 15:35:35 <sipa> Diablo-D3: also, since BIP14 nodes don't actually tell them their network version anymore
1097 2012-04-05 15:35:36 <gmaxwell> 5 minor versions.. but two years. Two years is fine, five minor versions are not.
1098 2012-04-05 15:35:40 <sipa> eh, their client version
1099 2012-04-05 15:35:46 <gmaxwell> And that break wasn't gratitous, it was for a reason.
1100 2012-04-05 15:36:01 <Diablo-D3> gmaxwell: around 5 minor versions is 2 years
1101 2012-04-05 15:36:04 <sipa> yes, it allowed us to remove +- 10 lines of code 2 years later!
1102 2012-04-05 15:36:17 <gmaxwell> (yea.. heh. well it was still a reason if a really weak one!)
1103 2012-04-05 15:36:33 <sipa> well, 0.5->0.6 was 4 months, at that rate Diablo-D3 may be close :)
1104 2012-04-05 15:36:41 <gmaxwell> Diablo-D3: you have no idea of that, we could potentially cut one minor version every two months from here on out.
1105 2012-04-05 15:36:56 <Diablo-D3> yeah, but the BIP could have verbage to prevent that
1106 2012-04-05 15:37:11 <Diablo-D3> 2 year minimum before you can issue a new minor
1107 2012-04-05 15:37:20 <gmaxwell> That just makes no sense. Come on.
1108 2012-04-05 15:37:28 <Diablo-D3> its just version numbers, it makes sense
1109 2012-04-05 15:37:31 <gavinandresen> sipa: I think -loadblock counts as a new feature and should wait for 0.7
1110 2012-04-05 15:37:34 <gmaxwell> There is no reason to intentionally disconnect old nodes for the sake of disconnecting them.
1111 2012-04-05 15:37:36 <sipa> gavinandresen: ok
1112 2012-04-05 15:37:39 <sipa> i don't think BIPs should concern client details
1113 2012-04-05 15:37:52 <sipa> unless in an adversory way
1114 2012-04-05 15:38:00 <sipa> *advisory
1115 2012-04-05 15:38:07 <gmaxwell> If they're broken or harmful or whatever, then sureâ disconnect them when thats discovered.
1116 2012-04-05 15:38:10 phma has joined
1117 2012-04-05 15:38:16 * Diablo-D3 shrugs.
1118 2012-04-05 15:40:02 MobiusL_ has quit (Remote host closed the connection)
1119 2012-04-05 15:40:58 MobiusL_ has joined
1120 2012-04-05 15:43:47 ovidiusoft has quit (Quit: Ex-Chat)
1121 2012-04-05 15:53:19 t7 has quit (Quit: ChatZilla 0.9.88.1 [Firefox 12.0/20120328051619])
1122 2012-04-05 15:56:00 barmstrong has quit (Remote host closed the connection)
1123 2012-04-05 15:56:49 <MasterChief> ive got unwanted recieve addresses in my btcoin-qt here but the delete button is greyed
1124 2012-04-05 15:57:44 Diapolo has joined
1125 2012-04-05 15:58:23 sje has quit (Remote host closed the connection)
1126 2012-04-05 15:58:28 <Diapolo> hi
1127 2012-04-05 16:10:05 <helo> MasterChief: bitcoin doesn't ever forget receiving addresses, because if funds were sent to deleted receiving addresses, they would be lost forever
1128 2012-04-05 16:10:35 <MasterChief> whats the delete button for then
1129 2012-04-05 16:10:52 <MasterChief> also i never sent them out to anyone so i doubt they will get coins
1130 2012-04-05 16:11:08 <helo> it should probably be hidden instead of just greyed in that screen
1131 2012-04-05 16:11:26 <MasterChief> oh bad ui lol
1132 2012-04-05 16:11:38 <sipa> MasterChief: the button will be deleted in 0.6.1
1133 2012-04-05 16:12:51 da2ce7 has quit (Ping timeout: 260 seconds)
1134 2012-04-05 16:15:31 t7 has joined
1135 2012-04-05 16:15:43 <MasterChief> so i should stop being an aspie and dont worry about unused addresses shitting up my screen?
1136 2012-04-05 16:16:02 Joric_ has joined
1137 2012-04-05 16:16:02 Joric_ has quit (Changing host)
1138 2012-04-05 16:16:02 Joric_ has joined
1139 2012-04-05 16:16:04 <Diapolo> create a new wallet and send your funds to it?
1140 2012-04-05 16:16:06 <t7> MasterChief: worry dude
1141 2012-04-05 16:17:21 Joric has quit (Ping timeout: 276 seconds)
1142 2012-04-05 16:18:26 <Diapolo> sipa: How long takes a normal testnet blockchain download?
1143 2012-04-05 16:18:28 Joric has joined
1144 2012-04-05 16:19:24 <Diapolo> sipa: with the current client of course
1145 2012-04-05 16:20:09 <gmaxwell> Diablo-D3: that mostly depends on finding working and current testnet peers.
1146 2012-04-05 16:20:28 <Diablo-D3> tabfail
1147 2012-04-05 16:20:37 Joric_ has quit (Ping timeout: 272 seconds)
1148 2012-04-05 16:20:40 <Diablo-D3> Diapolo: and you really should look into getting a new nick
1149 2012-04-05 16:20:47 <Diablo-D3> too many people confuse you with me.
1150 2012-04-05 16:21:05 <Diapolo> That's my name since the release of Diablo, sorry dude.
1151 2012-04-05 16:21:19 <Diablo-D3> My nick predates Blizzard Entertainment, co.
1152 2012-04-05 16:22:02 <Diapolo> doesn't matter, no chance I will chose another one ;) sorry
1153 2012-04-05 16:22:22 <gmaxwell> Fight to the death!
1154 2012-04-05 16:22:42 <Diablo-D3> gmaxwell: well, as long as he doesnt pick kernel coding as his weapon he might have a chance of winning
1155 2012-04-05 16:22:57 <Diapolo> gmaxwell: Any time-span I can work with during my tests for that testnet thing?
1156 2012-04-05 16:23:07 <Diapolo> DiaKGCN is not that bad ^^
1157 2012-04-05 16:23:19 underscor has quit (Ping timeout: 248 seconds)
1158 2012-04-05 16:23:24 <nanotube> Diapolo: your nicks look totally different. yours is green, and his is orange. no confusion whatsoever! :)
1159 2012-04-05 16:23:33 <Diablo-D3> nanotube: argh!
1160 2012-04-05 16:23:34 <nanotube> Diablo-D3: ^
1161 2012-04-05 16:23:42 <Diapolo> LOL
1162 2012-04-05 16:23:46 <nanotube> hehe
1163 2012-04-05 16:24:02 <MasterChief> no Diapolo is red and Diablo-D3 is green
1164 2012-04-05 16:24:13 <nanotube> MasterChief: yes, tabfail on my part :P
1165 2012-04-05 16:24:29 <nanotube> sorry Diablo-D3, xchat default colors based on nick hash or something. if you don't like being green, tough life. :)
1166 2012-04-05 16:24:51 Cablesaurus has quit (Quit: Make it idiot proof and someone will make a better idiot.)
1167 2012-04-05 16:25:07 <Diapolo> Diablo-D3: What's the progress with your kernel? Any great performance optimisations over the last weeks?
1168 2012-04-05 16:25:17 <Diablo-D3> Diapolo: no
1169 2012-04-05 16:25:24 <Diablo-D3> the GCN compiler is doing almost all the right shit
1170 2012-04-05 16:25:45 Guest84435 is now known as superjames
1171 2012-04-05 16:26:00 <Diapolo> I can't count the hours I tried to squeeze something more out of it -_-.
1172 2012-04-05 16:26:20 <Diablo-D3> does cgminer offer it yet?
1173 2012-04-05 16:26:33 <Diapolo> Offer what?
1174 2012-04-05 16:26:42 <Diablo-D3> diakgcn
1175 2012-04-05 16:26:56 <Diapolo> Yes: -k diakgcn -v 2 -w 256
1176 2012-04-05 16:27:24 <TD> hmm
1177 2012-04-05 16:27:30 <Diapolo> I helped Con integrating it ... well it seems to lose in comparison with yours or his poclbm version ^^.
1178 2012-04-05 16:27:30 <Diablo-D3> -v 2? wtf?
1179 2012-04-05 16:27:31 <Diablo-D3> why?
1180 2012-04-05 16:27:34 <Diapolo> try it
1181 2012-04-05 16:27:39 <Diablo-D3> I dont use cgminer
1182 2012-04-05 16:27:39 <Diapolo> it IS faster with diakgcn
1183 2012-04-05 16:27:45 <Diablo-D3> thats fucked up if it is faster
1184 2012-04-05 16:27:46 <TD> bitcoin-qt isn't taking focus or responding to ui input for me, it's busy processing a giant new best chain
1185 2012-04-05 16:27:46 <Diapolo> dunno why
1186 2012-04-05 16:27:48 <TD> :(
1187 2012-04-05 16:27:49 <Diablo-D3> I should look at yours
1188 2012-04-05 16:28:22 <sipa> Diablo-D3: you had your nick sincer you were 8?
1189 2012-04-05 16:28:22 <Diapolo> I did that too ^^.
1190 2012-04-05 16:28:29 <sipa> *since
1191 2012-04-05 16:28:33 <sipa> TD: 0.6.0?
1192 2012-04-05 16:28:49 <TD> ah yes
1193 2012-04-05 16:28:52 <TD> i should upgrade
1194 2012-04-05 16:28:55 <TD> i think it's rc2
1195 2012-04-05 16:28:56 <Diapolo> ^^
1196 2012-04-05 16:28:58 <Diapolo> imediately
1197 2012-04-05 16:29:11 <sipa> TD: then you should certainly upgrade
1198 2012-04-05 16:29:27 <Diablo-D3> sipa: no, 10
1199 2012-04-05 16:29:35 <Diablo-D3> wait
1200 2012-04-05 16:29:37 <Diapolo> it's so cool my work on the fu....ing progressbar got merged :)
1201 2012-04-05 16:29:37 <Diablo-D3> I did the math wrong
1202 2012-04-05 16:29:57 <Diablo-D3> sipa: blizzard entertainment was opened when I was 10
1203 2012-04-05 16:30:11 <Diablo-D3> and Ive had my nick since 1992
1204 2012-04-05 16:30:16 <Diablo-D3> so yeah, 8
1205 2012-04-05 16:30:18 <Diablo-D3> you were right
1206 2012-04-05 16:30:21 <Diapolo> <- 1996
1207 2012-04-05 16:30:37 <Diapolo> You had a PC when you were 8?
1208 2012-04-05 16:30:44 <Diapolo> holy shit ^^
1209 2012-04-05 16:30:47 <sipa> i did
1210 2012-04-05 16:30:49 <Diablo-D3> I had a pc when I was 6.
1211 2012-04-05 16:31:02 <Diapolo> I was 16 ;)
1212 2012-04-05 16:31:21 <sipa> i was 7, it was a 80386 DX with 2 MiB RAM and 40 MB harddisk
1213 2012-04-05 16:31:36 <Diablo-D3> 8088, 6mhz, 640kb of memory after upgrade
1214 2012-04-05 16:32:06 <Diapolo> 486 DX4 with a 1GB HDD and 1MB graphics card ... it had Win95 I remember
1215 2012-04-05 16:32:29 <pjorrit> comparing shriveled old epeens again? ;D
1216 2012-04-05 16:33:15 <Diapolo> are 16 minutes for a full blockchain download fast / slow / normal?
1217 2012-04-05 16:33:23 agricocb has quit (Ping timeout: 246 seconds)
1218 2012-04-05 16:33:42 <sipa> Diapolo: testnet or mainnet?
1219 2012-04-05 16:33:46 <Diapolo> test
1220 2012-04-05 16:34:07 <Diapolo> main would be insane ^^
1221 2012-04-05 16:35:08 <TD> so why does 0.6.0 block for so long if you try and make a payment during chain download?
1222 2012-04-05 16:35:52 <Diapolo> sipa: to my question, would you say that quicker or as fast as the current client would do it?
1223 2012-04-05 16:35:54 <sipa> TD: 0.6.0rc2 still, or did you upgrade?
1224 2012-04-05 16:36:13 <sipa> Diapolo: testnet is tiny, the only thing that matters is how fast a peer can give it to you?
1225 2012-04-05 16:36:18 <TD> rc2 still
1226 2012-04-05 16:36:24 <TD> i'll upgrade to head in a sec
1227 2012-04-05 16:36:26 <sipa> TD: since 0.6.0rc3 has a bugfix specifically for that
1228 2012-04-05 16:36:36 <Diapolo> sipa: will try main now
1229 2012-04-05 16:36:52 <TD> ok
1230 2012-04-05 16:37:19 <sipa> TD: 0.6.0rc2 and before saw a new block arriving in the new chain, and tried a (-1 block, +thousands_of_blocks) reorganisation
1231 2012-04-05 16:37:33 <sipa> which happens in a single database transaction
1232 2012-04-05 16:37:44 <TD> adding the blocks is pretty fast
1233 2012-04-05 16:37:48 <TD> i can see it in the logs
1234 2012-04-05 16:38:02 <sipa> yes, but bdb chokes on such a large transaction
1235 2012-04-05 16:38:06 <Diapolo> sipa: have you access to the BDB stat tool? I can't find that for Windows ...
1236 2012-04-05 16:38:16 <TD> ok
1237 2012-04-05 16:38:31 <TD> i'll try rebuilding and see if it makes any difference
1238 2012-04-05 16:38:33 <sipa> anyway, since rc3 it will do a (-1 block, +2 blocks) reorg, which suffices to switch to the new chain, and then connect the other blocks normally to it
1239 2012-04-05 16:38:45 <sipa> one by one
1240 2012-04-05 16:38:57 <TD> it was following the chain correctly.
1241 2012-04-05 16:39:06 <TD> i think i encountered the rc1 problem before and fixed it
1242 2012-04-05 16:39:10 <TD> this is a different issue
1243 2012-04-05 16:39:28 <TD> when attempting to craft a transaction whilst the chain is being downloaded normally (no bdb errors visible), it takes forever until the "you need to attach a fee" window popsup
1244 2012-04-05 16:39:44 <sipa> hmm, right, over-eager locking
1245 2012-04-05 16:39:58 <Diapolo> first upgrade, second recheck, third bugreport ^^
1246 2012-04-05 16:40:31 <TD> i had a similar issue in bitcoinj
1247 2012-04-05 16:40:39 <sipa> yes, try 0.6.0 final first; there have been several changes in the database handling and block chain management
1248 2012-04-05 16:40:46 <TD> attempting to touch the app whilst it was catching up with the block chain would result in an ANR kill
1249 2012-04-05 16:40:51 <TD> finer grained locking fixed it
1250 2012-04-05 16:55:54 Diapolo_ has joined
1251 2012-04-05 16:55:57 <Diapolo_> I hate bluescreens -_-
1252 2012-04-05 16:56:42 agricocb has joined
1253 2012-04-05 16:56:56 Diapolo has quit (Ping timeout: 245 seconds)
1254 2012-04-05 16:57:07 Cablesaurus has joined
1255 2012-04-05 16:57:08 Cablesaurus has quit (Changing host)
1256 2012-04-05 16:57:08 Cablesaurus has joined
1257 2012-04-05 16:58:21 ThomasV has quit (Read error: Operation timed out)
1258 2012-04-05 16:58:34 <Diapolo_> Did I say I hate Bluescreens -_-,
1259 2012-04-05 17:00:35 bitvampire has joined
1260 2012-04-05 17:03:08 Diapolo_ has quit (Quit: Page closed)
1261 2012-04-05 17:04:56 <phantomcircuit> sipa, onioncat encoding/decoding correctly goes from onioncat to tor
1262 2012-04-05 17:05:00 <phantomcircuit> but it is not base32
1263 2012-04-05 17:05:10 <phantomcircuit> it's off by 1 bit
1264 2012-04-05 17:05:15 <sipa> heh?
1265 2012-04-05 17:06:09 <jgarzik> sorry for the FAQ... is there a P2SH tx in a mainnet block yet?
1266 2012-04-05 17:07:44 <[Tycho]> jgarzik: sending or redeeming ?
1267 2012-04-05 17:08:02 <Diablo-D3> your mothers.
1268 2012-04-05 17:10:31 <gmaxwell> https://blockexplorer.com/tx/b0539a45de13b3e0403909b8bd1a555b8cbe45fd4e3f3fda76f3a5f52835c29d#i4765799
1269 2012-04-05 17:10:49 <gmaxwell> The second output there is a send to P2SH.
1270 2012-04-05 17:11:14 <gmaxwell> (this is the parent transaction of the p2sh redemption that is blowing up old nodes)
1271 2012-04-05 17:11:28 <blinkbat> blowing up old nodes?!
1272 2012-04-05 17:11:59 <gmaxwell> blinkbat: Relax. It's fine.
1273 2012-04-05 17:12:47 <gmaxwell> It just prevents them from successfully mining, because they don't impose the rule against invalid p2sh redemption.
1274 2012-04-05 17:13:19 <gmaxwell> amusingly that txn is pretty directly tractable to a pool payout transaction. We can probably find out who made it.
1275 2012-04-05 17:14:08 <[Tycho]> gmaxwell: which pool ?
1276 2012-04-05 17:14:18 <gmaxwell> ah, p2pool actually.
1277 2012-04-05 17:14:24 <gmaxwell> so I guess not! :)
1278 2012-04-05 17:14:31 <blinkbat> im really worried about this p2sh system
1279 2012-04-05 17:14:38 <blinkbat> is there any chance it can currupt bitcoin and make it unusable?
1280 2012-04-05 17:14:41 <gmaxwell> blinkbat: No.
1281 2012-04-05 17:15:06 <gmaxwell> blinkbat: Everything is fine and working as expected.
1282 2012-04-05 17:15:40 <blinkbat> :)
1283 2012-04-05 17:17:54 <gmaxwell> it was expected that a small minority of mining nodes wouldn't upgrade by the switchover time (we intentionally required a large supermajority before activating it) and that they'd lose the ability to make valid blocks as a result once someone made a trouble making transaction.
1284 2012-04-05 17:18:00 <gmaxwell> And thats panning out exactly as expected.
1285 2012-04-05 17:19:37 <gmaxwell> (well, I suppose I would have guessed more people to fix their stuff by now)
1286 2012-04-05 17:21:00 Zarutian has joined
1287 2012-04-05 17:23:33 andytoshi has joined
1288 2012-04-05 17:29:19 paulo_ has quit (Ping timeout: 252 seconds)
1289 2012-04-05 17:34:54 andytoshi has quit (Remote host closed the connection)
1290 2012-04-05 17:35:21 andytoshi has joined
1291 2012-04-05 17:37:12 <TD> is there a way to force 0.6 to re-announce its pending transactions?
1292 2012-04-05 17:37:38 <Diablo-D3> wait 24 hours.
1293 2012-04-05 17:37:51 <user_> etotheipi_: what do you think https://bitcointalk.org/index.php?topic=75481.msg836935#msg836935
1294 2012-04-05 17:38:03 Joric has quit ()
1295 2012-04-05 17:38:20 <sipa> TD: unaccepted wallet transactions are reannounced randomly once per 10-30 minutes
1296 2012-04-05 17:38:26 <TD> yeah
1297 2012-04-05 17:38:33 <TD> that's what i thought. ok, no matter.
1298 2012-04-05 17:38:54 agricocb has quit (Quit: Leaving.)
1299 2012-04-05 17:39:12 denisx has joined
1300 2012-04-05 17:40:26 ovidiusoft has joined
1301 2012-04-05 17:41:07 <gmaxwell> I thought we got some fast reannounce option.. Did that never get merged?
1302 2012-04-05 17:41:37 <TD> that's what i was thinking
1303 2012-04-05 17:41:41 <TD> i don't recall
1304 2012-04-05 17:44:37 darkskiez has quit (Remote host closed the connection)
1305 2012-04-05 17:45:16 slush has quit (Read error: Operation timed out)
1306 2012-04-05 17:45:22 user_ has quit (Quit: Leaving)
1307 2012-04-05 17:49:57 user_ has joined
1308 2012-04-05 17:51:23 <phantomcircuit> Diablo-D3, btw loading the block index is cpu bound
1309 2012-04-05 17:51:36 <phantomcircuit> if you put it on a tmpfs you'll notice it's still slow
1310 2012-04-05 17:52:23 <phantomcircuit> block index 50914ms
1311 2012-04-05 17:52:24 <sipa> gmaxwell: i don't think so
1312 2012-04-05 17:52:34 <phantomcircuit> core i3-2100 with the blockchain on a tmpfs
1313 2012-04-05 17:53:21 <gmaxwell> phantomcircuit: but it's not.
1314 2012-04-05 17:53:23 <gmaxwell> something weird is up.
1315 2012-04-05 17:53:42 <phantomcircuit> well yes obviously something is going wrong
1316 2012-04-05 17:53:48 <phantomcircuit> but it is clearly cpu bound
1317 2012-04-05 17:53:57 <gmaxwell> For you.
1318 2012-04-05 17:54:12 <gmaxwell> 03/28/12 03:35:20 Verifying last 2500 blocks at level 1
1319 2012-04-05 17:54:12 <gmaxwell> 03/28/12 03:35:20 block index 2197ms
1320 2012-04-05 17:54:13 <phantomcircuit> well yeah i did put it on a tmpfs
1321 2012-04-05 17:54:23 <gmaxwell> on tmpfs also.
1322 2012-04-05 17:54:41 <phantomcircuit> 0.5.1-beta
1323 2012-04-05 17:54:45 <phantomcircuit> known regression?
1324 2012-04-05 17:54:54 <phantomcircuit> actually i think that version number is wrong
1325 2012-04-05 17:54:55 <gmaxwell> dude. why you run that old slow stuff.
1326 2012-04-05 17:55:27 <phantomcircuit> my mouse just disappeared
1327 2012-04-05 17:55:27 <gmaxwell> At least 0.5.x prior to the mlock fix will be much slower for that. IIRC.
1328 2012-04-05 17:55:29 <phantomcircuit> :/
1329 2012-04-05 17:56:01 <sipa> 04/05/12 17:54:50 block index 2620ms
1330 2012-04-05 17:56:07 <sipa> from an encrypted laptop hard drive
1331 2012-04-05 17:57:20 <Diablo-D3> phantomcircuit: its a c2d e8500 @ 3.16ghz
1332 2012-04-05 17:57:45 <gmaxwell> phantomcircuit: in any case, you're hitting the mlock bug. Upgrade, fool.
1333 2012-04-05 17:58:19 <phantomcircuit> lol
1334 2012-04-05 17:58:29 <phantomcircuit> i have origin set to my github repo
1335 2012-04-05 17:58:40 <phantomcircuit> wasn't doing git fetch upstream
1336 2012-04-05 17:58:46 * Diablo-D3 facepalms
1337 2012-04-05 17:58:49 <sipa> haha
1338 2012-04-05 18:00:55 <gmaxwell> I made that mistake too.. but noticed pretty quickly. :)
1339 2012-04-05 18:04:27 bitvampi_ has joined
1340 2012-04-05 18:06:39 bitvampire has quit (Ping timeout: 245 seconds)
1341 2012-04-05 18:07:59 <phantomcircuit> 6097ms
1342 2012-04-05 18:08:02 <phantomcircuit> ok
1343 2012-04-05 18:08:03 <phantomcircuit> not bad
1344 2012-04-05 18:08:08 forsetifox has joined
1345 2012-04-05 18:09:18 <gmaxwell> well.. it's bad but at least expected.
1346 2012-04-05 18:09:34 <gmaxwell> I'd like to see subsecond startups.
1347 2012-04-05 18:13:10 <sipa> put the blockchain index into a single blob
1348 2012-04-05 18:13:57 * Diablo-D3 is slowly turning vim into an ide
1349 2012-04-05 18:14:01 * Diablo-D3 wonders where he went wrong
1350 2012-04-05 18:15:45 <gribble> New news from bitcoinrss: laanwj opened issue 1044 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/issues/1044>
1351 2012-04-05 18:16:03 Nick_ has joined
1352 2012-04-05 18:16:17 Nick_ is now known as Guest4672
1353 2012-04-05 18:16:26 ThomasV has joined
1354 2012-04-05 18:17:52 bitvampi_ has quit (Remote host closed the connection)
1355 2012-04-05 18:18:23 bitvampire has joined
1356 2012-04-05 18:18:27 <gmaxwell> sipa: I'd be fine with loading it in the background. But the loading code initilizes a bunch of stuff. So it's not quite that tricky.
1357 2012-04-05 18:18:31 <gmaxwell> er easy.
1358 2012-04-05 18:18:38 <user_> question: i have an address with 10btc. is it possible extract for example 0.0001 of this address and send by a friend by email
1359 2012-04-05 18:18:41 <user_> ?
1360 2012-04-05 18:18:50 <user_> to avoid fee
1361 2012-04-05 18:19:26 Nicksasa has quit (Ping timeout: 246 seconds)
1362 2012-04-05 18:19:47 <user_> divide my bitcoins in many other private keys
1363 2012-04-05 18:19:53 <gmaxwell> No. almost certantly not. (not unless your 10btc comes in part from someone paying you 0.0001 btc)
1364 2012-04-05 18:19:57 <user_> in the way i want
1365 2012-04-05 18:20:27 <copumpkin> there won't necessarily be a fee
1366 2012-04-05 18:20:35 <gmaxwell> you could send 0.0001 to another address, sure, but the anti-spam fee would be required there. If you increase to 0.01 btc you can send without a fee.
1367 2012-04-05 18:20:39 <gmaxwell> copumpkin: yes there will
1368 2012-04-05 18:20:43 <copumpkin> oh?
1369 2012-04-05 18:20:52 <copumpkin> nevermind then :)
1370 2012-04-05 18:20:55 <gmaxwell> Or if you use sendmany you can send multiple transactions with one fee.
1371 2012-04-05 18:21:26 <gmaxwell> copumpkin: txn with outputs smaller than 0.01 always need to pay the base fee. (0.0005 btc)
1372 2012-04-05 18:21:39 <copumpkin> oh, okay
1373 2012-04-05 18:22:06 <user_> i think will be good have an option to divide the coins of an address in many other address
1374 2012-04-05 18:22:20 <user_> in the way we want
1375 2012-04-05 18:22:33 <user_> just a suggestion
1376 2012-04-05 18:22:40 bitvampire has quit (Remote host closed the connection)
1377 2012-04-05 18:22:45 <gmaxwell> It's not possible without a transaction, alas.
1378 2012-04-05 18:22:59 <user_> bad to know
1379 2012-04-05 18:26:21 <sipa> user_: bitcoin does not send coins from addresses, it just sends coins from coins
1380 2012-04-05 18:26:46 <sipa> it's quite irrelevant to the system which address those were previously sent to, except that you of course need the corresponding private key(s)
1381 2012-04-05 18:27:13 <sipa> transactions split coins, join coins, and change ownership of coins
1382 2012-04-05 18:27:26 <sipa> at that layer, no addresses nor balances are involved
1383 2012-04-05 18:27:44 <user_> i mean divide coins between private keys
1384 2012-04-05 18:28:02 <sipa> equally irrelevant
1385 2012-04-05 18:28:07 <sipa> you send coins, nothing else
1386 2012-04-05 18:28:10 Guest4672 is now known as Nicksasa
1387 2012-04-05 18:28:17 Nicksasa has quit (Changing host)
1388 2012-04-05 18:28:17 Nicksasa has joined
1389 2012-04-05 18:28:34 <sipa> addresses and public keys and private keys are just part of the authentication system on top
1390 2012-04-05 18:28:56 <sipa> if you send two coins, you need two inputs, whether those were previously sent to the same address or to a different one
1391 2012-04-05 18:29:30 <user_> ok sipa. thanks
1392 2012-04-05 18:29:49 <sipa> bitcoin internally has no concept of addresses or address balances, only coins (="unredeemed transaction outputs")
1393 2012-04-05 18:30:33 <user_> so it's not possible offline transaction on bitcoin?
1394 2012-04-05 18:31:22 <user_> and later go to bitcoin network to see if is valid
1395 2012-04-05 18:31:29 <sipa> sure that's possible
1396 2012-04-05 18:31:46 <sipa> you just need the coins you want to use as inputs on your offline device
1397 2012-04-05 18:32:04 <user_> so i could divide my coins offline
1398 2012-04-05 18:32:12 <user_> without pay fee
1399 2012-04-05 18:33:05 <user_> just sending my coins to other addresses in offline
1400 2012-04-05 18:33:49 <user_> and later i transfer it to a friend by email
1401 2012-04-05 18:33:50 <sipa> i think you're misunderstanding some things
1402 2012-04-05 18:34:09 <sipa> it makes no difference whether you create transactions offline or not
1403 2012-04-05 18:34:22 <sipa> your wallet is just a collection of coins (hidden from the user)
1404 2012-04-05 18:34:24 <user_> my english iss bad sorry
1405 2012-04-05 18:35:16 <sipa> if you want to spend money, bitcoin will create a transaction that consumes somes of your coins, and creates new ones; one or more of those new ones will be destined for the payee, the rest go back to your own wallet
1406 2012-04-05 18:35:16 forsetifox has quit (Ping timeout: 245 seconds)
1407 2012-04-05 18:36:40 <gribble> New news from bitcoinrss: sipa opened pull request 1045 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/pull/1045>
1408 2012-04-05 18:38:18 forsetifox has joined
1409 2012-04-05 18:38:47 bitvampire has joined
1410 2012-04-05 18:40:00 <user_> sipa: i have a mobile with a bitcoin wallet. my brother too. i can send him coins even me and him with no internet connection. right?
1411 2012-04-05 18:40:17 <user_> theorically
1412 2012-04-05 18:40:36 <sipa> you could create the transaction, yes
1413 2012-04-05 18:40:45 <sipa> you may even get the transaction to his device
1414 2012-04-05 18:40:54 <sipa> but he will need an internet connection to get confirms on it
1415 2012-04-05 18:42:30 <user_> sipa: so when he connect to internet. if i sent him 20btc, he will not see 20btc but maybe 19..... right?
1416 2012-04-05 18:42:56 <sipa> why not 20?
1417 2012-04-05 18:43:10 <user_> the fee
1418 2012-04-05 18:43:17 merde has quit (Read error: Connection reset by peer)
1419 2012-04-05 18:43:17 <sipa> you pay the fee
1420 2012-04-05 18:43:25 <sipa> you decide it when creating the transaction
1421 2012-04-05 18:43:33 <sipa> if you send 20 to him, he will get 20
1422 2012-04-05 18:43:40 <user_> ok
1423 2012-04-05 18:44:38 t7 has quit (Ping timeout: 246 seconds)
1424 2012-04-05 18:45:02 <user_> just wanted to know if was possibe avoid fee with offline transaction
1425 2012-04-05 18:45:22 <twmz> anyone know much RAM bitcoind uses at peak? or in other words, anyone know what it the smallest VPS size that can successfully run a node?
1426 2012-04-05 18:45:23 <user_> but as i can see is impossible
1427 2012-04-05 18:45:44 <sipa> fees are first and foremost voluntary; miners may require them to get your transaction accepted, but you (and/or your wallet software) decide the fee
1428 2012-04-05 18:45:50 <sipa> the protocol does not
1429 2012-04-05 18:45:51 <user_> only possible if i send my private key
1430 2012-04-05 18:46:12 <helo> user_: an important think to keep in mind is that he could give you the transaction that signs money over to you, but also create another transaction that gives the same coin to someone else (or his other wallet). whichever one gets accepted by the bitcoin network first will be the one that goes through, the other will fail.
1431 2012-04-05 18:46:17 <helo> thing*
1432 2012-04-05 18:46:34 <sipa> user_: however, there are a few measures for spam protection on the network, that require a minimum fee if the transaction looks spammy
1433 2012-04-05 18:47:40 <gmaxwell> twmz: depends on the number of connections you have. running with no inbound would be helpful.
1434 2012-04-05 18:48:08 <twmz> that would be fine for my purposes (which is monitoring the block chain)
1435 2012-04-05 18:48:24 <helo> user_: it is possible to send someone bitcoin private keys (via email if they're encrypted) without any fee. if you trust the person sending you 100% to not send the coin somewhere else before you use it, it will work
1436 2012-04-05 18:49:29 <twmz> helo: keep in mind that by doing that, you're transfering control of the address and not just the current balance of that address. they would receive any future bitcoins sent to that address as well.
1437 2012-04-05 18:49:38 <helo> yeah...
1438 2012-04-05 18:49:47 <user_> right. so if today we have a service to do micropayments like 0.00001 we will pay fee higher than the payment
1439 2012-04-05 18:50:01 <sipa> user_: maybe
1440 2012-04-05 18:50:10 <sipa> who knows what the future economy around bitcoin will be
1441 2012-04-05 18:50:27 <sipa> but micropayments as transaction via the blockchain is indeed unlikely to be cost-effective imho
1442 2012-04-05 18:50:45 traviscj has joined
1443 2012-04-05 18:50:47 merde has joined
1444 2012-04-05 18:51:16 <helo> it has been said that bitcoin is designed to *not* work well for micropayments
1445 2012-04-05 18:51:55 <gribble> New news from bitcoinrss: laanwj opened pull request 1046 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/pull/1046>
1446 2012-04-05 18:52:47 <twmz> whether or not it was *designed* that way, the fact is that at this moment in time, it doesn't work well for micropayments. You'd have to batch up micropayments and transfer them periodically. This is essentally how PPS pools work. I earn a tiny amount per share, but I don't get each payment in real time. I get paid periodically in larger amounts.
1447 2012-04-05 18:53:48 <wumpus> batching up micropayments seems to be the only way they can work, with any transaction system I've seen so far... "real" transactions are just too expensive to make it effective for small amounts
1448 2012-04-05 18:54:06 <gmaxwell> twmz: depends on what you mean by micropayments.
1449 2012-04-05 18:54:25 <luke-jr> twmz: I thought you used p2pool
1450 2012-04-05 18:54:35 <twmz> twmz: I do. it was hypothetical.
1451 2012-04-05 18:54:41 <twmz> luke-jr: ^
1452 2012-04-05 18:55:03 <twmz> gmaxwell: I mean any payment that is small enough that I need to get severl hundred of them to even buy a stick of gum.
1453 2012-04-05 18:55:13 <gmaxwell> Some people consider, e.g. $1 payments micropayments â and it does .. okayish for those. Other people mean 1ct transactions.. and no, it doesn't work well for those, and perhaps fundimentally _can't_ because it has worldwide visiblity.
1454 2012-04-05 18:55:42 <gmaxwell> But at least bitcoin makes it fairly easy to start alternative payment systems denominated in bitcoin that provide hiding at the expense of trust/security.
1455 2012-04-05 18:55:49 <gmaxwell> And example of this was the illfated witcoin.
1456 2012-04-05 18:56:13 <gmaxwell> (Reddit like forum where every action involved paying/recieving very tiny payments)
1457 2012-04-05 18:56:31 <wumpus> I really mean the <10ct with micro in my case
1458 2012-04-05 18:57:24 <gmaxwell> You deposit bicoin, 1 bitcoin = 1 witcoin â do a bunch of transactions and then withdraw bitcoin in a big chunk.. Sure, if the site operators vanish (like they did) you might be out some coin, but whatever, we're talking about small amounts.. it doesn't need the kind of globally visible full distribution you need for the foundation currency.
1459 2012-04-05 18:58:13 <wumpus> right, bitcoin is no different from bank systems in that regard
1460 2012-04-05 18:58:47 imsaguy has quit (Ping timeout: 252 seconds)
1461 2012-04-05 18:59:27 <user_> i was thinking: maybe we could have an option on client that automaticaly will send micropayments to other addresses when no fee is suggested
1462 2012-04-05 18:59:45 <user_> so i could configure:
1463 2012-04-05 19:00:32 <user_> i want 10 addresses with 0.00001, 20 with 0.0003 ...
1464 2012-04-05 19:00:43 <sipa> why would you want that?
1465 2012-04-05 19:00:47 denisx has quit (Quit: denisx)
1466 2012-04-05 19:00:52 <wumpus> huh
1467 2012-04-05 19:00:58 <sipa> unless you're going to create physical bitcoins with them
1468 2012-04-05 19:01:14 bitvampire has quit (Remote host closed the connection)
1469 2012-04-05 19:02:32 <user_> question: is it possible without third party service have somethink like:
1470 2012-04-05 19:05:23 <user_> i read an interesting article on internet. i would like to donate to it, but my donation only will be realised if the total donated didn't exceded a specific amount of bitcoins
1471 2012-04-05 19:05:46 <graingert> oh so automatically collate tx
1472 2012-04-05 19:05:53 <graingert> automatically bundle them into one tx
1473 2012-04-05 19:05:56 <graingert> yes that would be handy
1474 2012-04-05 19:06:27 <graingert> user_: write up an issue on gh
1475 2012-04-05 19:06:51 <helo> user_: do you mean "i will give you $1 only if you make less than $200 from other people."?
1476 2012-04-05 19:07:07 <user_> yes
1477 2012-04-05 19:07:21 <graingert> oh that's something else
1478 2012-04-05 19:07:49 RazielZ has quit (Ping timeout: 272 seconds)
1479 2012-04-05 19:08:01 <helo> it's not possible in advance to know how much someone could receive in the future, or to create a transaction predicated on conditions like that
1480 2012-04-05 19:08:24 <graingert> what would be good is a tool to enter a max fee percentage, then queue up all tx until the fee percentage is below the max set
1481 2012-04-05 19:08:33 <wumpus> you want to only give a donation if the total donated *did not* exceed a specific amount of bitcoins?
1482 2012-04-05 19:08:46 <user_> yes
1483 2012-04-05 19:08:54 <graingert> sadly programs don't know about the blockchain
1484 2012-04-05 19:09:02 <helo> i.e. i will pay $50 for this awesome indie game, but not if the indie developer is already a millionaire from it
1485 2012-04-05 19:09:15 <user_> hehe
1486 2012-04-05 19:09:25 <wumpus> I can understand a kickstarter-like system were you want to donate only *if* the total is larger or equal to a certain sum , but the other way around is ...weird
1487 2012-04-05 19:09:29 Clipse has quit (Ping timeout: 246 seconds)
1488 2012-04-05 19:09:41 <graingert> yeah otherwise you'll need to give a timeout
1489 2012-04-05 19:09:57 <wumpus> you'd certainly need a timeout
1490 2012-04-05 19:10:11 <graingert> because if each address has a finite non-zero probability of getting money
1491 2012-04-05 19:10:20 <graingert> then each address will tend to have infinite money
1492 2012-04-05 19:10:20 <helo> just set a calendar reminder in a month for you to go check the balance of the donation address, and go check it and donate at that time
1493 2012-04-05 19:10:24 <graingert> >.>
1494 2012-04-05 19:10:48 <helo> although donations could be accepted at other addresses, and it would be impossible to know all of them with certainty
1495 2012-04-05 19:11:24 barmstrong has joined
1496 2012-04-05 19:11:48 <graingert> yeah if the address owner noticed the conditional TX
1497 2012-04-05 19:11:51 <user_> ok, just thinking about possibilities and asking if make sense
1498 2012-04-05 19:11:59 <graingert> they can just switch out the address they take donations on
1499 2012-04-05 19:12:20 <user_> understand
1500 2012-04-05 19:12:37 <wumpus> and.. what if everyone sends a conditional tx :-)
1501 2012-04-05 19:18:17 <graingert> do you count them or not
1502 2012-04-05 19:18:49 <graingert> it's something that can be done out of band with a mutlisig escrow
1503 2012-04-05 19:20:43 <user_> it's like: all possible donators sign it and specify the limit amount to your transaction be released
1504 2012-04-05 19:22:28 <user_> if the limit specified by you it's already done, your transaction is not released
1505 2012-04-05 19:22:52 <user_> more and less this
1506 2012-04-05 19:23:04 <user_> my english is horrible
1507 2012-04-05 19:24:56 <helo> it is at least comprehensible :)
1508 2012-04-05 19:26:08 amiller`1240 has quit (Excess Flood)
1509 2012-04-05 19:26:36 amiller has joined
1510 2012-04-05 19:28:06 amiller has quit (Excess Flood)
1511 2012-04-05 19:29:04 TD has quit (Quit: TD)
1512 2012-04-05 19:30:36 amiller has joined
1513 2012-04-05 19:43:20 Cablesaurus has quit (Quit: Man who run behind car get exhausted)
1514 2012-04-05 19:47:07 pavel__ has joined
1515 2012-04-05 19:56:38 <sipa> everytime CWallet::CloseDb() is called after a modification, it causes a full checkpoint in the database, for the entire environment?
1516 2012-04-05 19:57:21 pavel__ has quit (Read error: Operation timed out)
1517 2012-04-05 19:58:46 toffoo has joined
1518 2012-04-05 20:06:11 sacarlson has quit (Ping timeout: 246 seconds)
1519 2012-04-05 20:06:53 traviscj has quit (Remote host closed the connection)
1520 2012-04-05 20:07:23 sacarlson has joined
1521 2012-04-05 20:11:39 area has joined
1522 2012-04-05 20:11:53 <etotheipi_> gavinandresen, ping
1523 2012-04-05 20:14:43 RazielZ has joined
1524 2012-04-05 20:17:30 <gavinandresen> pong
1525 2012-04-05 20:17:50 <etotheipi_> gavinandresen, I will switch Alice and Bob in my example, that's fine...
1526 2012-04-05 20:18:06 <etotheipi_> gavinandresen, but I think we need to establish, or try, whether any of this time-locking stuff is useful
1527 2012-04-05 20:18:14 <etotheipi_> s/useful/possible
1528 2012-04-05 20:18:54 <etotheipi_> I'm not convinced that it is until tx replacement is enabled... which means we have to rule it out entirely
1529 2012-04-05 20:18:56 <gribble> New news from bitcoinrss: nanotube opened pull request 31 on bitcoin/bitcoin.org <https://github.com/bitcoin/bitcoin.org/pull/31>
1530 2012-04-05 20:21:24 <gavinandresen> etotheipi_: I'm not sure I agree, but I have to think more about it. Even if there was no lock time, giving each party a pre-signed "nuclear option" transaction might work.
1531 2012-04-05 20:22:12 <etotheipi_> gavinandresen, one issue with that is that you can't create such a transaction until the 2-of-3 is fully signed (so you can reference it by hash)
1532 2012-04-05 20:22:14 <gavinandresen> In other words: we both have a dispute transaction that sends the coins to a random miner or maybe an arbitrator. We just agree not to broadcast it unless we hear the other person has been hit by a bus
1533 2012-04-05 20:22:59 <etotheipi_> gavinandresen, strictly speaking... inactivity *is* the nuclear options: those coins are "destroyed" :)
1534 2012-04-05 20:23:10 <etotheipi_> but I agree it would be nice not to irrevocably destroy coins
1535 2012-04-05 20:23:16 <gavinandresen> Right, and I want to avoid that if at all possible.
1536 2012-04-05 20:23:43 <gavinandresen> I'd like to optimize for the common, no-dispute case, too
1537 2012-04-05 20:23:44 <etotheipi_> but I still don't like the asymmetry of the situation
1538 2012-04-05 20:24:15 <etotheipi_> if there is no risk deposits, then one person can just destroy the other person by getting them to commit money to an unrecoverable tx
1539 2012-04-05 20:24:29 <etotheipi_> with risk deposits, there is financial incentive for both parties, but one is always greater
1540 2012-04-05 20:24:58 <gavinandresen> so go implement risk deposits and prove I'm wrong that it will be too confusing for people
1541 2012-04-05 20:25:18 <etotheipi_> one person may be more inclined to invoke the "nuclear" option because they have so little invested
1542 2012-04-05 20:25:20 <gavinandresen> there doesn't have to be one right answer
1543 2012-04-05 20:25:22 <etotheipi_> use it as a bargaining chip
1544 2012-04-05 20:25:50 <gavinandresen> (and I actually don't think we'll know the right answer until people start trying to use it)
1545 2012-04-05 20:26:24 <etotheipi_> gavinandresen, I agree that it's tough to tell: I think the risk deposit stuff will fit the bill for a certain segment of the user base
1546 2012-04-05 20:26:45 <etotheipi_> I agree, it may not work for the "simpler" half the of the user-base
1547 2012-04-05 20:27:01 <etotheipi_> but I think it's elegant and acceptable for plenty of others who understand it
1548 2012-04-05 20:27:26 <etotheipi_> unfortunately, at the moment i'm not seeing any way to do it without
1549 2012-04-05 20:27:54 <gavinandresen> Somebody should look into how escrows work in China, I hear a large percentage of their transactions go through an escrow service
1550 2012-04-05 20:27:57 traviscj has joined
1551 2012-04-05 20:27:59 <gavinandresen> (because credit cards aren't common)
1552 2012-04-05 20:28:04 <etotheipi_> let's say we forget about non-third-party tx
1553 2012-04-05 20:28:22 <etotheipi_> all tx we talk about here include third-parties
1554 2012-04-05 20:28:33 <etotheipi_> what do you think would be the standard payment scheme?
1555 2012-04-05 20:29:00 <gavinandresen> I think the standard scheme would be for the transaction to be arranged through the third party's website
1556 2012-04-05 20:29:38 <gavinandresen> with some new type of bitcoin: URIs or bitcoin-payment MIME type driving the bitcoin clients
1557 2012-04-05 20:30:43 <etotheipi_> I see a lot of good possibilities there: you can register with the third party, and give them a watching-only wallet which they will use to construct all the 2-of-3 tx
1558 2012-04-05 20:30:45 <gavinandresen> (to gather required signatures and release the escrowed txn)
1559 2012-04-05 20:31:42 <etotheipi_> they can handle a lot of the complexity -- it's up to us to make sure that the software isn't fooled into signing pure-escrow tx that don't even use multi-sig
1560 2012-04-05 20:32:21 <etotheipi_> well take a step back: have we really added anything with 2-of-3 transactions here?
1561 2012-04-05 20:32:28 <etotheipi_> the user doesn't know the difference
1562 2012-04-05 20:32:37 <etotheipi_> the transactions all look the same
1563 2012-04-05 20:32:53 <gavinandresen> If the escrow company goes away then the users should still be able to complete the transaction.
1564 2012-04-05 20:32:56 <etotheipi_> everyone trusts the third-party and they might as well just hold the money and charge fees like they normally do
1565 2012-04-05 20:34:44 <gavinandresen> It is also much safer for the escrow company if they don't hold all the keys to the funds tied up in escrow
1566 2012-04-05 20:34:54 <gavinandresen> (that was the primary reason I shut down ClearCoin)
1567 2012-04-05 20:34:56 <etotheipi_> legally?
1568 2012-04-05 20:35:19 <gavinandresen> Yes, I would imagine so-- there's a legal notion of "signature authority" over funds
1569 2012-04-05 20:35:32 <etotheipi_> ugh, that stuff is over my head...
1570 2012-04-05 20:35:47 <gavinandresen> ... and if you don't hold all the keys you don't have signature authority. But I am not a lawyer....
1571 2012-04-05 20:36:10 <etotheipi_> I'm just concerned that the process is so transparent to the user at this point (that they're doing everything through the third-party website), that it offers no real value over using fiat at ebay
1572 2012-04-05 20:36:15 <gavinandresen> ... and the legal system needs to catch up to 1970's technology still.
1573 2012-04-05 20:37:24 <etotheipi_> sure... the escrow goes away and they can't steal your money... but the average user will spend more money hiring professionals to figure out how to recover their own money than they probably have tied up
1574 2012-04-05 20:38:24 <gavinandresen> There still could be a tab in the client showing the escrow transactions you're involved in. Probably aught to be.
1575 2012-04-05 20:39:06 <etotheipi_> I plan to have that in Armory -- but I was also planning to figure out how to make Armory the base of operations, not the third-party website
1576 2012-04-05 20:39:16 <gavinandresen> ... and buttons there to release funds. If it is arranged through a third party website you might not have any way other than that website of contacting the person you're dealing with, though
1577 2012-04-05 20:39:28 <etotheipi_> I like the idea that the third-party can be secondary to the process, especially because it's so rare they need to get involved
1578 2012-04-05 20:40:06 <gavinandresen> Third parties aren't necessarily going to want to agree to arbitrate ANY random transaction between ANY two people, though
1579 2012-04-05 20:40:36 sacarlson has quit (Ping timeout: 276 seconds)
1580 2012-04-05 20:42:37 <etotheipi_> well I envisioned they would have terms & conditions & fee schedules that guarantee, if you are registered with them, and you include enough risk deposit for them to take if necessary, they will
1581 2012-04-05 20:42:59 <etotheipi_> but yes, there's a lot of dragons there
1582 2012-04-05 20:43:50 <etotheipi_> I envisioned the third-party saying "For tx less than 100 BTC, 25% deposit required, for less than 1000 BTC, 15% req'd, etc" and it would be programmed into the client to validate inputs appropriately
1583 2012-04-05 20:46:47 <gavinandresen> RE: nLockTime: experimenting on testnet should be done. If I'm reading IsFinal correctly, a transaction with an input with a sequence number < INT_MAX and a locktime in the future isn't final until block time > nLockTIme
1584 2012-04-05 20:49:02 <etotheipi_> gavinandresen, I'm looking into it now, but I'm not so familiar with the satoshi code so it'll take me a bit of digging
1585 2012-04-05 20:49:21 <etotheipi_> but I don't think non 0xffffffff sequence numbers are accepted
1586 2012-04-05 20:51:11 maqr has joined
1587 2012-04-05 20:51:22 <gavinandresen> hmm, I don't see any restrictions in the code on nSequence....
1588 2012-04-05 20:51:57 <etotheipi_> well for sure, replacement is diabled (main.cpp:495)
1589 2012-04-05 20:52:12 <etotheipi_> although that's only acceptance to memory pool
1590 2012-04-05 20:52:16 <gavinandresen> yup
1591 2012-04-05 20:54:09 <etotheipi_> AcceptBlock() is the validity check, right?
1592 2012-04-05 20:54:44 <etotheipi_> I mean, if a new block is received, that function is the gatekeeper of whether the node accepts it as valid, right?
1593 2012-04-05 20:55:01 <gavinandresen> That and CheckBlock()
1594 2012-04-05 20:55:39 sacarlson has joined
1595 2012-04-05 20:56:40 <sipa> and ConnectBlock
1596 2012-04-05 20:56:42 pasky has left ()
1597 2012-04-05 20:57:21 <etotheipi_> it looks to me that CTx::IsFinal() labels a tx as not-final if the locktime isn't reached... which would suggest based on main.cpp::1690 that it wouldn't be accepted in blocks
1598 2012-04-05 20:57:39 <sipa> non-final transactions are not allowed in blocks
1599 2012-04-05 20:58:42 <gavinandresen> ... but they are allowed into the memory pool.
1600 2012-04-05 20:58:42 <etotheipi_> oh my bad, I misread the conditional in CTx::IsFinal... it looks like it can still be "final" even if locktime isn't reached yet
1601 2012-04-05 20:59:54 <etotheipi_> it seems that seq=0xffffffff is the only condition for being final (that's the only place "return false" can occur in IsFinal
1602 2012-04-05 21:01:00 <etotheipi_> so that means that time-locked transactions *will* end up in the blockchain right away as if they were regular tx... they just can't be spent for a certain amt of time
1603 2012-04-05 21:01:26 <gavinandresen> ... not if they have lockTime == future and seq < 0xfffffff
1604 2012-04-05 21:01:36 <gavinandresen> ... which is what I'll propose
1605 2012-04-05 21:01:55 <etotheipi_> gavinandresen, but it won't be accepted as valid block with seq!=0xfffffffff
1606 2012-04-05 21:02:35 <etotheipi_> if any txin has non-maxInt sequence number, isFinal fails, and AcceptBlock fails
1607 2012-04-05 21:02:35 <gavinandresen> etotheipi_: right, they can't be put into blocks until after the lock time
1608 2012-04-05 21:02:45 gp5st has joined
1609 2012-04-05 21:02:53 <etotheipi_> negative... I believe it won't *ever* be included in a block
1610 2012-04-05 21:03:04 <gavinandresen> etotheipi_: no, the if ((int64)nLockTime < (nLockTime < LOCKTIME_THRESHOLD ? (int64)nBlockHeight : nBlockTime))
1611 2012-04-05 21:03:17 gp5st has left ()
1612 2012-04-05 21:03:17 <gavinandresen> ... in CtX::IsFinal happens before checking the sequence number
1613 2012-04-05 21:03:20 <etotheipi_> ooh, I see it
1614 2012-04-05 21:03:55 <etotheipi_> right, if locktime is passed, then seq isn't even checked
1615 2012-04-05 21:04:26 agricocb has joined
1616 2012-04-05 21:05:13 <etotheipi_> so you can hand someone that signed tx and they can't get included into a block until after locktime... and you could move the money out of the input side before that time
1617 2012-04-05 21:05:18 <gavinandresen> yep. So the transaction can hang out in the memory pool until lockTime. It will never get replaced (replacement is disabled), but if the escrow goes through normally via some other miner/node then it will get discarded as a double-spend.
1618 2012-04-05 21:06:17 <gavinandresen> If all of the miners on the network had the lockTime version in their memory pools then the 'normal escrow' transaction would never get confirmed; broadcasting the lockTime before the lockTime should be considered Bad Form
1619 2012-04-05 21:06:24 <gavinandresen> (the lockTime transaction)
1620 2012-04-05 21:06:24 <sipa> if i understand things correctly, replacement can easily be re-enabled once we agree on how
1621 2012-04-05 21:06:39 <gavinandresen> ... and write some DoS prevention so it isn't abused
1622 2012-04-05 21:06:39 <sipa> it's purely memory pool stuff, so no protocol rules or miner agreement necessary
1623 2012-04-05 21:08:21 <gavinandresen> thinking out loud... if you're replacing a transaction 10 times then perhaps each version should have to have "minimum fee" added to whatever fees the previous version had for replacement/relaying to happen
1624 2012-04-05 21:08:33 andytoshi has quit (Ping timeout: 276 seconds)
1625 2012-04-05 21:08:40 <gavinandresen> In other words: replacement costs the network something, you must be willing to pay for it
1626 2012-04-05 21:08:45 <etotheipi_> hold on, I must be slow
1627 2012-04-05 21:09:05 <etotheipi_> it sounds like your idea works as a almost-but-not-really-hack-y form of replacement
1628 2012-04-05 21:09:15 <gavinandresen> yes
1629 2012-04-05 21:09:38 <gavinandresen> instead of replacement it's an intentional double-spend
1630 2012-04-05 21:09:47 <etotheipi_> the network won't even accept the transaction though, at all ... not until after lock time... so the network never even sees it
1631 2012-04-05 21:10:21 <gavinandresen> I think non-final transactions are relayed and put into the memory pool-- am I wrong?
1632 2012-04-05 21:10:25 sacarlson has quit (Ping timeout: 252 seconds)
1633 2012-04-05 21:10:50 <etotheipi_> I think you're wrong, I don't think they're allowed in the memory pool, or in blocks
1634 2012-04-05 21:11:02 <gavinandresen> Should do some testing on testnet.....
1635 2012-04-05 21:11:25 <etotheipi_> at least, AcceptToMemoryPool says they will be rejected if not final
1636 2012-04-05 21:11:44 <etotheipi_> and accept block fails if not final
1637 2012-04-05 21:11:58 <gavinandresen> What line in AcceptToMemoryPool?
1638 2012-04-05 21:13:38 <etotheipi_> damnit! that's in the "replacement disabled" block, sorry
1639 2012-04-05 21:13:46 <etotheipi_> I should just stop trying to read this code before I'm familiar with it
1640 2012-04-05 21:13:56 Clipse has joined
1641 2012-04-05 21:13:57 <etotheipi_> *err.. make statements about what the code does
1642 2012-04-05 21:15:28 <etotheipi_> okay... so nodes will have the tx in their memory pool and will not accept conflicting tx?
1643 2012-04-05 21:16:10 <etotheipi_> the buyer could pre-spend its inputs before locktime to pull the money out from under the seller
1644 2012-04-05 21:16:21 <etotheipi_> but only if they talk to a miner to include it directly
1645 2012-04-05 21:17:22 <etotheipi_> is that a fair assessment? it's "replaceable" but only if you inject it directly into the blockchain (it won't propagate or be mined by any nodes that saw the original tx)
1646 2012-04-05 21:18:33 <sipa> etotheipi_: sounds correct
1647 2012-04-05 21:18:48 <sipa> i believe that mechanism was in fact intended to be combined with transaction replacement
1648 2012-04-05 21:18:57 <etotheipi_> sipa, understood
1649 2012-04-05 21:18:57 <luke-jr> ;;bc,stats
1650 2012-04-05 21:18:58 <gribble> Current Blocks: 174434 | Current Difficulty: 1626553.4813289 | Next Difficulty At Block: 175391 | Next Difficulty In: 957 blocks | Next Difficulty In About: 6 days, 21 hours, 52 minutes, and 48 seconds | Next Difficulty Estimate: 1566390.40495548 | Estimated Percent Change: -3.69880714435
1651 2012-04-05 21:19:05 <luke-jr> hmm
1652 2012-04-05 21:19:40 <etotheipi_> sipa, we're exploring how possible build in a trigger that the buyer could recover their money if the seller disappears from a 2-of-2 tx before it's disbursed
1653 2012-04-05 21:20:11 <etotheipi_> or at least turn it into a large tx fee, so it at least gets recycled
1654 2012-04-05 21:21:43 <gavinandresen> afk for a while. I think it could work "good enough" in practice, but I also think getting transaction replacement working over the next year would be a good goal.
1655 2012-04-05 21:21:57 <etotheipi_> unfortunately replacement-via-blockchain-injection is not a very "usable" feature
1656 2012-04-05 21:22:07 <gavinandresen> why not?
1657 2012-04-05 21:22:09 <helo> will transaction replacement make double spending easier?
1658 2012-04-05 21:22:24 Turingi has quit (Read error: Connection reset by peer)
1659 2012-04-05 21:22:48 <etotheipi_> gavinandresen, it means you have to bring in more parties (miners) to come in and agree to remove the original tx from their memory pool and accept the replacement
1660 2012-04-05 21:23:27 <helo> well, at least prevent relatively safe 0-confirm acceptance
1661 2012-04-05 21:23:46 <etotheipi_> helo, it's complicated -- but no, it doesn't make double-spends easier
1662 2012-04-05 21:24:12 <etotheipi_> however, you can do some crazy confusing things with it to make the other party have a mental breakdown and then you can just steal their computer
1663 2012-04-05 21:24:41 sacarlson has joined
1664 2012-04-05 21:24:59 <helo> ah, only transactions that have been broadcast as being replaceable can be replaced... so a 0-confirm vendor wouldn't accept such transactions
1665 2012-04-05 21:25:02 <etotheipi_> more importantly though... if all parties understand what's going on, you can enable some useful contracts
1666 2012-04-05 21:25:40 <etotheipi_> helo, all clients should be designed so that a tx that can be replaced, does *not* show up as belonging to the user
1667 2012-04-05 21:26:12 <etotheipi_> if someone creates a replaceable transaction and has the ability to replace it, it's possible for the other party to know -- as long as their software tells them
1668 2012-04-05 21:27:09 <etotheipi_> gavinandresen, is my blockchain-injection statement valid?
1669 2012-04-05 21:27:25 <etotheipi_> I guess it depends on the memory pool behavior of other nodes
1670 2012-04-05 21:27:38 <helo> if 'tx.sequence' is set to its maximum value, then it would be irreplacable?
1671 2012-04-05 21:27:51 <sipa> etotheipi_: quite sure non-final transactions are not counted in balances
1672 2012-04-05 21:28:11 * luke-jr supports relaying double-spends :p
1673 2012-04-05 21:28:30 <etotheipi_> sipa, understood: I'm just pointing out that an irresponsible client developer might make the mistake of overlooking that and report it incorrectly
1674 2012-04-05 21:30:49 <sipa> etotheipi_: you do indeed need a consenting miner if you want to replace such a non-final transaction via the blockchain
1675 2012-04-05 21:31:05 <sipa> but that is essentially the same as re-enabling tx replacement on an adhoc basis
1676 2012-04-05 21:31:51 <etotheipi_> sipa, it's not "essentially" the same if it involves manually contacting another party to do it for you... plus: should they do it for you?
1677 2012-04-05 21:31:57 <etotheipi_> how do they know you're not trying to scam someone else?
1678 2012-04-05 21:32:45 <etotheipi_> in a blockchain where replacement is "essentially" disabled, should miners just let anyone submit tx to be replaced?
1679 2012-04-05 21:33:22 elombrozo has joined
1680 2012-04-05 21:33:24 <sipa> the point is that replacement is not a property of the blockchain, but of the miners already
1681 2012-04-05 21:33:31 ovidiusoft has quit (Quit: Ex-Chat)
1682 2012-04-05 21:33:43 <sipa> you need to get them to accept to replace a memory transaction under certain conditions
1683 2012-04-05 21:34:02 <sipa> either that's a policy built into the miner node they are running, implicitly agreeing to its rules
1684 2012-04-05 21:34:03 <etotheipi_> I guess the distinction is "part of the default protocol" or "workaround"
1685 2012-04-05 21:34:05 <sipa> or you pay them for it
1686 2012-04-05 21:34:29 <sipa> yes, indeed
1687 2012-04-05 21:34:46 <sipa> and having it as part of the protocol sounds much saner
1688 2012-04-05 21:35:13 <etotheipi_> then the question is: is it acceptable to build this "replacement" into the escrow exchange? the user has safety built in only if they can find a consenting miner and arrange it
1689 2012-04-05 21:36:00 <etotheipi_> sipa, I think the "should replacement be enabled on the network?
1690 2012-04-05 21:36:13 <etotheipi_> is a great discussion to have, but I also want to find a solution that works *now*
1691 2012-04-05 21:36:28 word_ is now known as word
1692 2012-04-05 21:36:37 word has quit (Changing host)
1693 2012-04-05 21:36:37 word has joined
1694 2012-04-05 21:37:46 datagutt has quit (Quit: Computer has gone to sleep.)
1695 2012-04-05 21:39:53 <etotheipi_> I'm most interested in a solution that can "safely" avoid third-parties entirely
1696 2012-04-05 21:42:14 <user_> impossible?
1697 2012-04-05 21:44:40 <etotheipi_> I mean, it's okay if it's "better" to have a third party: but I think that two untrusted parties should be able to execute transactions together without getting others involved and without tremendous risk
1698 2012-04-05 21:46:00 <user_> i'm interested in a solution that give all kind of options. use third party services. or both deposit risk and both pay fee or dho win is refunded
1699 2012-04-05 21:46:21 <user_> or the fee goes to miner
1700 2012-04-05 21:46:35 <user_> or client developer team
1701 2012-04-05 21:46:40 <user_> ....
1702 2012-04-05 21:47:22 <luke-jr> sipa: this is a bugfix, right? e5c027b Verify status of encrypt/decrypt calls to detect failed padding
1703 2012-04-05 21:47:25 <user_> let users decide how to escrow
1704 2012-04-05 21:48:07 <etotheipi_> user_, did you see the part about replacement-by-injection? how do you feel about "banking" on that capability as a part of such escrow transactions?
1705 2012-04-05 21:48:26 elombrozo has quit ()
1706 2012-04-05 21:48:32 <user_> etotheipi
1707 2012-04-05 21:49:14 <sipa> luke-jr: yes
1708 2012-04-05 21:49:18 <user_> etotheipi_: i'm just a simple user. not able to argue
1709 2012-04-05 21:49:40 <etotheipi_> user_, haha doesn't mean your opinion is worthless
1710 2012-04-05 21:50:54 <user_> etotheipi_: but my english is terrible too. i even did't understand your question
1711 2012-04-05 21:51:30 <etotheipi_> okay then... I'll go back to building dialogs warning users they are about to destroy their own life savings
1712 2012-04-05 21:51:43 <user_> ok
1713 2012-04-05 21:51:47 <user_> thanks
1714 2012-04-05 21:52:14 <sipa> etotheipi_: ?
1715 2012-04-05 21:53:01 <etotheipi_> sipa, I mean, checking all the corner cases and making sure users can't shoot themselves in the foot too easily
1716 2012-04-05 21:54:18 traviscj has quit (Ping timeout: 250 seconds)
1717 2012-04-05 21:56:37 ThomasV has quit (Ping timeout: 252 seconds)
1718 2012-04-05 21:57:14 <etotheipi_> uhhh... this is never good: "GPU0: 66C | GPU1: 74C | GPU2: 4294839C | GPU3: 4294839C"
1719 2012-04-05 21:57:49 <BlueMatt> yay, your gpu is about to spontaneously combust
1720 2012-04-05 21:57:52 <sipa> you seem to have created a fusion reactor out of a GPU
1721 2012-04-05 21:58:01 <sipa> this is a goldmine!
1722 2012-04-05 21:58:04 <etotheipi_> maybe I better go check on it
1723 2012-04-05 21:58:30 XMPPwock1 has joined
1724 2012-04-05 21:58:35 XMPPwock1 has quit (Client Quit)
1725 2012-04-05 21:58:53 <luke-jr> lol
1726 2012-04-05 22:01:30 <gmaxwell> hm. as hot as that is, it's not hot enough that we have to worry about etotheipi_ undergoing spontanious fusion when he checks on it.
1727 2012-04-05 22:02:38 <etotheipi_> sorry to report that no fusion has occurred
1728 2012-04-05 22:02:58 <BlueMatt> aww, and here we were thinking you had made an important scientific discovery mining bitcoins
1729 2012-04-05 22:03:34 Clipse has quit (Read error: Connection reset by peer)
1730 2012-04-05 22:03:37 <luke-jr> sipa: any reason to think e5c027b requires compressed key code changes?
1731 2012-04-05 22:04:26 <sipa> luke-jr: no, should be unrelated
1732 2012-04-05 22:05:24 eoss has joined
1733 2012-04-05 22:05:25 eoss has quit (Changing host)
1734 2012-04-05 22:05:25 eoss has joined
1735 2012-04-05 22:07:01 <luke-jr> Can #1042 be reverted plz? :/
1736 2012-04-05 22:07:30 <luke-jr> not everyone has/wants OpenSSL, especially linked to Bitcoinâ¦
1737 2012-04-05 22:07:58 <sipa> you already link to part of it anyway (libcrypto.so)
1738 2012-04-05 22:08:23 <luke-jr> hmm
1739 2012-04-05 22:08:37 <sipa> the ecdsa implementation comes from OpenSSL
1740 2012-04-05 22:08:44 <luke-jr> how did it work without it before, then? :/
1741 2012-04-05 22:08:53 <sipa> openssl is two libraries
1742 2012-04-05 22:08:57 <sipa> libcrypto and libssl
1743 2012-04-05 22:09:03 <luke-jr> oooo
1744 2012-04-05 22:09:10 <luke-jr> both parts have the same licensing problems?
1745 2012-04-05 22:09:23 <sipa> i assume so, but i don't know the details
1746 2012-04-05 22:09:40 <BlueMatt> you mean ecdsa problems or ossl linking against other licenses problems?
1747 2012-04-05 22:10:23 <BlueMatt> ...oh, ignore me
1748 2012-04-05 22:10:30 <luke-jr> BlueMatt: OSSL combining with GPL
1749 2012-04-05 22:10:51 blinkbat has quit ()
1750 2012-04-05 22:10:54 <luke-jr> looks like the whole of openssl has the same issue tho
1751 2012-04-05 22:11:09 <luke-jr> I guess it can be reverted in the future, when/if someone ports the libcrypto bits to something else
1752 2012-04-05 22:12:16 <sipa> that should not be too hard, actually
1753 2012-04-05 22:12:37 <sipa> sha256, aes, ripemd160 all have nice public domain implementations
1754 2012-04-05 22:12:56 <sipa> ecdsa... not sure
1755 2012-04-05 22:14:27 ThomasV has joined
1756 2012-04-05 22:16:10 RainbowDashh has joined
1757 2012-04-05 22:16:49 pickett has quit (Remote host closed the connection)
1758 2012-04-05 22:17:26 JRWR has joined
1759 2012-04-05 22:17:31 <Eliel> sipa: what license is the implementation bitcoind runs?
1760 2012-04-05 22:17:58 pickett has joined
1761 2012-04-05 22:18:23 <sipa> Eliel: OpenSSL license
1762 2012-04-05 22:19:24 gfinn has quit (Ping timeout: 276 seconds)
1763 2012-04-05 22:19:26 RainbowDashh has quit (Client Quit)
1764 2012-04-05 22:20:37 <luke-jr> Eliel: OpenSSL is basically MIT plus an advertising clause that's incompatible with GPL
1765 2012-04-05 22:20:55 <luke-jr> it has no purpose except to make everyone's lives harder imo -.-
1766 2012-04-05 22:21:39 <luke-jr> BlueMatt: sipa: if I run 0.5.4rc3 tonight, are you available for builds?
1767 2012-04-05 22:22:49 <BlueMatt> depends on a lot of things
1768 2012-04-05 22:22:58 <luke-jr> ?
1769 2012-04-05 22:23:03 barmstrong has quit (Remote host closed the connection)
1770 2012-04-05 22:23:36 barmstrong has joined
1771 2012-04-05 22:23:46 <BlueMatt> probably not?
1772 2012-04-05 22:23:52 <BlueMatt> maybe tomorrow
1773 2012-04-05 22:24:20 <luke-jr> sipa: tomorrow work for you?
1774 2012-04-05 22:28:10 forsetifox has quit (Quit: Page closed)
1775 2012-04-05 22:28:35 agricocb has quit (Remote host closed the connection)
1776 2012-04-05 22:29:08 eoss has quit (Quit: Leaving)
1777 2012-04-05 22:31:06 forsetifox has joined
1778 2012-04-05 22:33:17 Clipse has joined
1779 2012-04-05 22:34:05 RazielZ has quit (Quit: Leaving)
1780 2012-04-05 22:40:44 <sipa> luke-jr: i can build
1781 2012-04-05 22:40:55 JRWR has quit (Ping timeout: 248 seconds)
1782 2012-04-05 22:41:24 <luke-jr> sipa: tonight/tomorrow/either? :p
1783 2012-04-05 22:43:11 <sipa> just ask, most of the time i'm available
1784 2012-04-05 22:44:14 <luke-jr> k
1785 2012-04-05 22:44:44 <luke-jr> I'll put off tagging until there's a 3rd person (tomorrow, if nobody shows up before BlueMatt)
1786 2012-04-05 22:44:56 <luke-jr> just in case there's any more bugfixes before then
1787 2012-04-05 22:45:55 <user_> sipa: you said i could realize an offline transaction and who is sending will pay the fee. what happens if i send 10btc and the address only have 10btc. will my account be negative?
1788 2012-04-05 22:46:37 c00w has joined
1789 2012-04-05 22:46:44 <luke-jr> O.o
1790 2012-04-05 22:47:18 <user_> i know can't be negative
1791 2012-04-05 22:47:26 <luke-jr> user_: I don't know what you mean, but negative balances are impossible
1792 2012-04-05 22:48:07 <sipa> user_: bitcoin does not have balances
1793 2012-04-05 22:48:10 <sipa> it has coins
1794 2012-04-05 22:48:16 <sipa> if you don't have a coin, you can't send it
1795 2012-04-05 22:48:18 <sipa> period
1796 2012-04-05 22:48:25 <user_> ok
1797 2012-04-05 22:48:29 egecko has quit (Quit: ~ Trillian Astra - www.trillian.im ~)
1798 2012-04-05 22:50:40 barmstrong has quit (Remote host closed the connection)
1799 2012-04-05 22:51:06 copumpkin has quit (Quit: Computer has gone to sleep.)
1800 2012-04-05 22:51:34 barmstrong has joined
1801 2012-04-05 22:52:47 Hasbro has joined
1802 2012-04-05 22:53:12 gfinn has joined
1803 2012-04-05 22:54:55 <phantomcircuit> gmaxwell, so i took a minute or so to read the mininion (sp?) paper
1804 2012-04-05 22:55:12 <phantomcircuit> seems like they have engineered a system in which you have single use replies
1805 2012-04-05 22:55:20 <phantomcircuit> which is something bitcoin doesn't actually need
1806 2012-04-05 22:55:34 <phantomcircuit> so potentially it's a far more complex system than necessary for bitcoin
1807 2012-04-05 22:57:06 <gmaxwell> I mentioned that it could be a lot simpler for bitcoin (in serveral regards, not just the lack of need for reply tickets)
1808 2012-04-05 23:00:45 <luke-jr> does https://github.com/bitcoin/bitcoin/pull/1047 seem appropriate? everything else in that file is icons so far
1809 2012-04-05 23:01:34 <BlueMatt> luke-jr: add it to contrib/debian/copyright
1810 2012-04-05 23:01:47 gjs278 has quit (Remote host closed the connection)
1811 2012-04-05 23:01:48 <gribble> New news from bitcoinrss: luke-jr opened pull request 1047 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/pull/1047>
1812 2012-04-05 23:03:01 <luke-jr> BlueMatt: it's already in there
1813 2012-04-05 23:03:25 <BlueMatt> oh
1814 2012-04-05 23:04:14 * luke-jr ponders why it didn't show up when he was grepping
1815 2012-04-05 23:07:07 c00w has quit (Remote host closed the connection)
1816 2012-04-05 23:09:20 <user_> hi, any link of what is Deterministic wallet?
1817 2012-04-05 23:09:41 colin_ has joined
1818 2012-04-05 23:09:49 <luke-jr> user_: a wallet you only need to backup once
1819 2012-04-05 23:10:09 <luke-jr> user_: you can also make encrypted copies for public servers, which then can't spend
1820 2012-04-05 23:10:13 <luke-jr> and only spend the funds from another computer
1821 2012-04-05 23:10:15 colin_ is now known as c00w
1822 2012-04-05 23:10:54 <user_> hum, i thought was i write a phrase and could recover private key
1823 2012-04-05 23:12:02 <etotheipi_> luke-jr, they're not "encrypted copies"... they're copies of the address data without the private keys
1824 2012-04-05 23:13:46 <luke-jr> etotheipi_: at least bitcoind demands having the private keys, even if they're encrypted
1825 2012-04-05 23:14:00 <etotheipi_> luke-jr, why is that a good thing?
1826 2012-04-05 23:14:10 <luke-jr> user_: you *can* do that, but I think it unlikely to be supported, considering users' tendancies to use crap passphrases.
1827 2012-04-05 23:14:20 <luke-jr> etotheipi_: I'm not sure.
1828 2012-04-05 23:14:23 Karmaon has quit (Read error: Connection reset by peer)
1829 2012-04-05 23:14:27 <user_> ha ok
1830 2012-04-05 23:14:44 <etotheipi_> luke-jr, I don't want my private key data touching any internet-connected system, regardless of whether it's encrypted
1831 2012-04-05 23:14:47 copumpkin has joined
1832 2012-04-05 23:15:06 <luke-jr> etotheipi_: I suppose if you don't enter the passphrase, bitcoind might never know the difference :D
1833 2012-04-05 23:15:15 <etotheipi_> but an attacker knows the difference
1834 2012-04-05 23:15:30 <etotheipi_> he can take my wallet and start brute-forcing it, or figure out my passphrase some other way...
1835 2012-04-05 23:15:44 <luke-jr> true
1836 2012-04-05 23:16:00 <luke-jr> I hope when we get det. wallets, the Backup Wallet option will have some more settings ;)
1837 2012-04-05 23:16:34 <etotheipi_> well Armory's deterministic wallets have a "Make watching-only copy" which rewrites the wallet with 0x00s in the private key locations
1838 2012-04-05 23:16:36 <luke-jr> like "Encrypt backup" (even if master isn't), "Encrypt personal data" (ie, accounting/comments), "Remove private keys"
1839 2012-04-05 23:16:46 <luke-jr> sounds cool
1840 2012-04-05 23:17:13 <etotheipi_> though, not that many options
1841 2012-04-05 23:17:21 <gmaxwell> We'll support 'generateaddress/watch only' chains... But yea, I certantly wouldn't support password based wallets.
1842 2012-04-05 23:18:37 <luke-jr> gmaxwell: any idea if it's possible/likely to do multidimensional det keys?
1843 2012-04-05 23:18:38 <etotheipi_> though I'm thinking about an "encrypt everything" option
1844 2012-04-05 23:18:59 <etotheipi_> if I'm holding 300k BTC on an offline computer and "watching" from my online computer...
1845 2012-04-05 23:19:11 <gmaxwell> luke-jr: you're .. like.. behind the times there. Sipa and I discussed that extensively.
1846 2012-04-05 23:19:13 <etotheipi_> I don't necessarily want an attacker to know that I have 300k sitting around
1847 2012-04-05 23:19:19 <luke-jr> gmaxwell: oh, cool
1848 2012-04-05 23:19:46 <gmaxwell> luke-jr: one issue with multidimensional is that enumerating the branches to find txn you don't know about takes exponentially more work with the more possible branches.
1849 2012-04-05 23:19:53 <gmaxwell> luke-jr: have you seen sipa's proposal?
1850 2012-04-05 23:20:05 <luke-jr> gmaxwell: I'm assuming you only predict one branch at a time.
1851 2012-04-05 23:20:06 <etotheipi_> gmaxwell, sipa, I'm going to be reworking my wallet format soon, for a whole variety of reasons... and that's one of them... soo the sooner you get it ironed out the easier it will be for me to support
1852 2012-04-05 23:20:07 <luke-jr> no
1853 2012-04-05 23:20:16 <luke-jr> ie, until you see branch 5, you don't check branch 6
1854 2012-04-05 23:20:56 <etotheipi_> gmaxwell, Armory saves the key data in the wallet file, so you don't have to go in completely blind every time
1855 2012-04-05 23:21:02 <gmaxwell> luke-jr: but what happens when you create branch 5 .. give it to someone .. but they never use the first address?
1856 2012-04-05 23:21:15 <luke-jr> gmaxwell: use it yourself? :D
1857 2012-04-05 23:21:21 <gmaxwell> etotheipi_: yes, but if its actually important, you'll want it to work right from a backup.
1858 2012-04-05 23:21:26 <etotheipi_> gmaxwell, nevermind... you're talking about other people using your wallet and you have to figure out what's been used
1859 2012-04-05 23:21:52 <etotheipi_> gmaxwell, I agree it should work with a backup, but I don't care if restoring a backup takes 3 minutes... I do care if loading Armory takes 3 min every time though
1860 2012-04-05 23:22:18 <gmaxwell> Yea, sure.
1861 2012-04-05 23:22:45 <etotheipi_> I had fun figuring out how to detect chain usage...
1862 2012-04-05 23:23:06 imsaguy has joined
1863 2012-04-05 23:23:08 <etotheipi_> for the purposes of restoring... it requires lots of scans and an assumption about the biggest possible gap between used-addresses
1864 2012-04-05 23:23:47 <user_> i was thinking if the seed code could be guessed
1865 2012-04-05 23:24:20 <user_> why not seed code plus something
1866 2012-04-05 23:24:23 <etotheipi_> user_, that's why we (the developers of various clients) pretty much refuse to use a seed that is less than 32-bytes of randomness
1867 2012-04-05 23:24:35 <gmaxwell> user_: Its irresponsible to use user provided passwords to secure things which will be subject to uncontrolled offline attack if it can be avoided.
1868 2012-04-05 23:25:22 <luke-jr> a client that maintains balances for every possible address could potentially "notice" stuff later on :p
1869 2012-04-05 23:25:23 <gmaxwell> user_: so yes you could use e.g. 32 bytes of good random plus a password... but then you could never change the password, which is a bad security practice..
1870 2012-04-05 23:25:50 <luke-jr> OR, the slave wallets could be configured to know "don't give out addresses N after the last-used one"
1871 2012-04-05 23:25:52 <gmaxwell> Better to just have 32 bytes of random seed data and encrypt it using their password.
1872 2012-04-05 23:26:07 brwyatt is now known as Away!~brwyatt@pool-71-252-154-11.dllstx.fios.verizon.net|brwyatt
1873 2012-04-05 23:26:15 <user_> hum
1874 2012-04-05 23:26:42 <gmaxwell> (then you can change the password)
1875 2012-04-05 23:26:46 gjs278 has joined
1876 2012-04-05 23:26:57 <user_> understand
1877 2012-04-05 23:27:14 Slix` has joined
1878 2012-04-05 23:27:14 <etotheipi_> luke-jr, interesting if you don't mind the risk that a key gets reused for something
1879 2012-04-05 23:27:24 <gmaxwell> And if the user wants to they can actually memorize the random data... since it's actually random it will still be secure.
1880 2012-04-05 23:27:24 <etotheipi_> if they have that enabled, and they hit that limit... what do you do?
1881 2012-04-05 23:27:48 <gmaxwell> etotheipi_: one before the limit you do a blockchain bloating txn to self. :)
1882 2012-04-05 23:28:09 <etotheipi_> gmaxwell, brilliant
1883 2012-04-05 23:28:39 <luke-jr> gmaxwell: not if you don't have private keys ;)
1884 2012-04-05 23:28:56 <gmaxwell> If the limit is something like 1000 or 10000 thats not actually _that_ crazy. And it's not really that costly to enumerate out 1000 extra addresses.
1885 2012-04-05 23:29:07 <gmaxwell> oh indeed, right you might not have any keys to coins from that wallet.
1886 2012-04-05 23:29:34 <luke-jr> actually
1887 2012-04-05 23:29:38 barmstrong has quit (Remote host closed the connection)
1888 2012-04-05 23:29:43 <luke-jr> you could use a dummy address for that purpose with 0 amounts
1889 2012-04-05 23:29:56 <gmaxwell> still need an input and a private key.
1890 2012-04-05 23:29:59 <luke-jr> ie, input=dummy(0) output=dummy(0),magic(0)
1891 2012-04-05 23:30:11 <luke-jr> where magic is the key to trigger an advance-the-key
1892 2012-04-05 23:30:30 <luke-jr> yeah, you'd need someone to send the dummy(0) initially
1893 2012-04-05 23:30:39 <luke-jr> could be part of the slave-creation process
1894 2012-04-05 23:30:48 <gmaxwell> meh, that would indeed work.. but bloat and complexity ... in any case, if the search is high enough and you _still_ lose funds.. no biggie.. you take your wallet to a geek and he turns up the maximum search amount.. and tada.
1895 2012-04-05 23:32:02 <luke-jr> :p
1896 2012-04-05 23:33:38 <user_> I think the best thing to do is: have two different mobile wallet app and all transactions requirr
1897 2012-04-05 23:33:45 <gmaxwell> you could even have some special interface when recovering a backup... where it says "okay I've found N transactions, and M remaining btc [OK] [Look for more]" and you can hit the second button until you're bored.
1898 2012-04-05 23:33:50 <user_> require approval
1899 2012-04-05 23:34:15 <luke-jr> gmaxwell: it'd be bad press if bitcoind couldn't handle it by default tho
1900 2012-04-05 23:34:26 <luke-jr> at least throw an error "Ran out of unused addresses"
1901 2012-04-05 23:35:17 <user_> so when i go to spend bitcoins, i'll need a ok of the other wallet
1902 2012-04-05 23:35:30 <user_> in other app
1903 2012-04-05 23:35:48 <luke-jr> hmm, det. wallets does simplify multisig
1904 2012-04-05 23:35:50 barmstrong has joined
1905 2012-04-05 23:36:29 barmstrong has quit (Remote host closed the connection)
1906 2012-04-05 23:37:12 <etotheipi_> gmaxwell, that's awesome
1907 2012-04-05 23:38:16 <etotheipi_> luke-jr, absolutely! I'll be implementing them by having hybrid wallets ... you create a 2-of-2 wallet which captures wallets A and B and spits out A' and B' (the watch-only equivs)
1908 2012-04-05 23:38:27 <etotheipi_> then one device has A+B', the other has A'+B
1909 2012-04-05 23:38:51 <etotheipi_> and all tx are just 2-of-2(PubkeyA[i], PubkeyB[i])
1910 2012-04-05 23:40:16 <etotheipi_> both devices can produce a deterministic sequence of unique 2-of-2 addresses and both wallets can observe and identify
1911 2012-04-05 23:40:18 c00w has quit (Quit: Ex-Chat)
1912 2012-04-05 23:40:48 pavel__ has joined
1913 2012-04-05 23:41:38 barmstrong has joined
1914 2012-04-05 23:42:47 egecko has joined
1915 2012-04-05 23:49:16 <user_> etotheipi_: could you explaing in a easy way what a newbie user will be able to do
1916 2012-04-05 23:50:05 <etotheipi_> user_, you have two special wallets that each produce special addresses
1917 2012-04-05 23:50:17 <etotheipi_> user_, you put one wallet on your computer, one on your phone
1918 2012-04-05 23:50:17 <user_> right
1919 2012-04-05 23:50:25 <user_> ok
1920 2012-04-05 23:50:28 <etotheipi_> user_, they produce the *same* addresses
1921 2012-04-05 23:50:41 <user_> ok
1922 2012-04-05 23:50:49 <etotheipi_> user_, any money at those addresses: you need both phone *and* computer in order to spend it
1923 2012-04-05 23:51:00 <user_> wow
1924 2012-04-05 23:51:02 <etotheipi_> for someone to steal your money, they need to get to both devices
1925 2012-04-05 23:51:13 <user_> this is great
1926 2012-04-05 23:51:26 <user_> amazing
1927 2012-04-05 23:52:22 <etotheipi_> user_, but it hasn't always been clear how it would work... how do both devices know what addresses to use? how do they detect the tx they didn't create? I think we have it figured out, now
1928 2012-04-05 23:53:20 <user_> but tell me: if someone discover my seed. the seed is the same for the two wallets? of course no
1929 2012-04-05 23:53:22 <gribble> New news from bitcoinrss: efiniti opened issue 1048 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/issues/1048>
1930 2012-04-05 23:53:54 <etotheipi_> user_, someone can gain 100% control of your computer and your computer's wallet, and they won't be able to spend your money (unless you stupidly kept a backup of your phone wallet on the same computer)
1931 2012-04-05 23:54:58 <user_> etotheipi_: so it's different seed for the computer wallet and phonne
1932 2012-04-05 23:56:20 <user_> etotheipi_: thanks for explain me. great idea
1933 2012-04-05 23:58:29 word_ has joined
1934 2012-04-05 23:58:49 word has quit (Disconnected by services)
1935 2012-04-05 23:58:53 word_ is now known as word
1936 2012-04-05 23:59:02 word has quit (Changing host)
1937 2012-04-05 23:59:03 word has joined
1938 2012-04-05 23:59:34 da2ce7 has joined