1 2013-09-11 06:42:00 wumpus has joined
   2 2013-09-11 06:42:00 wumpus has joined
   3 2013-09-11 06:43:33 jaekwon has quit (Quit: Leaving.)
   4 2013-09-11 06:44:16 patcon has quit (Remote host closed the connection)
   5 2013-09-11 06:44:58 <Krellan> I rather like that idea talked about earlier, of "micropayments" that involve the client/customer doing a little Bitcoin mining instead of having to pay a monetary cost.
   6 2013-09-11 06:46:14 <Krellan> What's the minimum information that has to be transferred in order for miner to mine?  Is it just SHA256 midstate, or anything else additional?
   7 2013-09-11 06:46:51 <warren> you're talking hashcash
   8 2013-09-11 06:46:59 <Krellan> And how would miner be able to verify that their payout address (in order to share 50% of proceeds from mining) is contained in the block, if all they have is the SHA256 midstate?
   9 2013-09-11 06:47:11 <Krellan> Yep.
  10 2013-09-11 06:47:34 <warren> a problem with that is the value of ordinary hardware mining is declining from currently zero to .... zero.
  11 2013-09-11 06:48:07 <gmaxwell> Krellan: you send the header and the SPV tree fragments to connect the coinbase
  12 2013-09-11 06:48:11 <gmaxwell> and the coinbase.
  13 2013-09-11 06:48:28 <gmaxwell> so its log2(transaction in a block) plus 80 bytes.
  14 2013-09-11 06:48:45 normanrichards has quit ()
  15 2013-09-11 06:48:46 <gmaxwell> er log2()*32 bytes
  16 2013-09-11 06:49:13 <gmaxwell> Krellan: not really a big deal, fits in an IP packet.
  17 2013-09-11 06:49:29 <Krellan> Nice!
  18 2013-09-11 06:50:03 <Krellan> I was wondering if there was a way to avoid sending the entire block contents, but have the client/miner still verify that the coinbase will pay them.
  19 2013-09-11 06:50:03 <magbo> Let's say that a country with approximately two millions of citizens wants to implement a voting system based on bitcoin. How secure wrt 51% attack would it be to use testnet for that kind of a problem?
  20 2013-09-11 06:50:16 <Krellan> Democracy: the original 51% attack :)
  21 2013-09-11 06:50:23 hydromet has quit (Remote host closed the connection)
  22 2013-09-11 06:50:37 <magbo> Krellan: heh, that's another question :)
  23 2013-09-11 06:50:39 <gmaxwell> magbo: you _cannot_ implement voting with bitcoin, it is not secure for that application, and generally doesn't make a lot of sense for it.
  24 2013-09-11 06:50:54 <Krellan> magbo: We already have such a system deployed.  The rich get to influence all the votes already. :)
  25 2013-09-11 06:51:12 <magbo> gmaxwell: hm, but we have a model that looks promising.
  26 2013-09-11 06:51:30 <gmaxwell> I've seen several, they've been badly flawed. I am skeptical.
  27 2013-09-11 06:51:59 <gmaxwell> magbo: what problem are you using bitcoin to solve?
  28 2013-09-11 06:52:16 <gmaxwell> (there are several different approaches which have tried to use bitcoin for different subproblems)
  29 2013-09-11 06:52:22 <Krellan> gmaxwell: As Bitcoin gets more popular the odds of the typical internet user having hashrate will increase.  I think it's already possible to use "WebGL" or whatever to access the GPU from a webpage and mine there.
  30 2013-09-11 06:52:41 <magbo> gmaxwell: we're trying to solve the problem of voting commitee having the ultimate trust.
  31 2013-09-11 06:52:47 nsh has quit (Changing host)
  32 2013-09-11 06:52:47 nsh has joined
  33 2013-09-11 06:53:07 <Krellan> And most of the time the payout will be zero, but the random big win will make up for it, and hopefully push the system above breakeven.
  34 2013-09-11 06:53:15 <gmaxwell> Krellan: you're responding to warren. some later version of intel cpus (the next after haswell?) will have sha256 hardware.. looks like about 40MH/sec at 3GHz perhaps.
  35 2013-09-11 06:53:44 <gmaxwell> magbo: so you are trying to solve the problem of vote collection in direct democracy?
  36 2013-09-11 06:53:59 <Krellan> yes I heard about that, Intel SHA256 instructions built right into the CPU instruction set.  Surprised they wouldn't lay down a full double SHA256 in silicon, to get 1 hash per CPU clock, as ASIC's do.
  37 2013-09-11 06:54:11 <Krellan> 3 GHz chip = 3 GH/s, not too shabby
  38 2013-09-11 06:54:20 <gmaxwell> Krellan: that would be silly. it actually just implements a pair of sha256 rounds.
  39 2013-09-11 06:55:17 <Krellan> I wonder how many transistors it takes?  Considering all that a CPU has to do these days, adding a bitcoin miner would take very little.
  40 2013-09-11 06:55:39 <nsh> except in terms of "money" and "time"
  41 2013-09-11 06:56:23 <Krellan> Is there a hashcash example, with working code, already deployed anywhere?
  42 2013-09-11 06:56:38 <magbo> gmaxwell: our idea in a nutshell — now voting commitee only issues a publicly known challenge for a voter to subscribe with her an address private key. Then voter votes by sending coins. Involves dust spending of the hash of subscribed challenge now.
  43 2013-09-11 06:56:54 <Krellan> Probably could be made easier if it were to give the client a P2Pool share to solve, instead of asking the client to solo mine a block.
  44 2013-09-11 06:57:03 <magbo> yes, we're solving only this problem.
  45 2013-09-11 06:57:21 <gmaxwell> Krellan: huh?!
  46 2013-09-11 06:58:00 <Krellan> client visits website, something's offered, choice of paying by traditional means (credit card or whatever) or with hashcash, client chooses hashcash,
  47 2013-09-11 06:58:43 <Krellan> web browser plugin sends client's desired payout address to server, server sends down the "compressed" block, client verifies that address is in it, client gets to work mining,
  48 2013-09-11 06:58:48 <sipa> warren: do the unit tests run?
  49 2013-09-11 06:59:00 <gmaxwell> magbo: it's trivial for miners to deny whatever transactions they like though, and doesn't require a "51% attack".. you want jamming resistant communication, but bitcoin doesn't provide that.
  50 2013-09-11 06:59:30 <gmaxwell> magbo: and yet there are plenty of systems for jamming resistant communication which do not require a blockchain.
  51 2013-09-11 06:59:31 <Krellan> client uploads the solution once it meets the difficulty the server has asked for, server treats that as payment in full, server delivers desired content to client.
  52 2013-09-11 06:59:49 <warren> sipa: gitian doesn't output the unit tests
  53 2013-09-11 06:59:57 <Krellan> That it in a nutshell, or did I miss something?
  54 2013-09-11 07:00:15 <Krellan> Server sets difficulty to client, based on "price" it wants the client to pay.
  55 2013-09-11 07:00:37 <warren> the resulting win32 binary is working in my kvm windows 7 guest
  56 2013-09-11 07:00:39 <warren> in testnet
  57 2013-09-11 07:00:50 <gmaxwell> magbo: e.g. http://matt.singlethink.net/projects/mpotr/oldblue-draft.pdf
  58 2013-09-11 07:01:26 <warren> sipa: 32bit secp256k1 can't use the yasm stuff, how much slower is it? still much faster than openssl?
  59 2013-09-11 07:01:51 <gmaxwell> warren: the 32bit secp256k1 is much slower than the 64 bit secp256k1... still faster than openssl.
  60 2013-09-11 07:01:56 <cfields> warren: yea, don't configure with faketime
  61 2013-09-11 07:02:09 <sipa> warren: iirc the best 32-bit version is about 3 times faster than openssl 32 bit
  62 2013-09-11 07:02:39 <sipa> though that on itself is still 4 times slower than libsecp256k1 64-bit
  63 2013-09-11 07:02:39 <warren> great
  64 2013-09-11 07:02:50 <sipa> on the same i7 hardware
  65 2013-09-11 07:03:14 johnsoft has joined
  66 2013-09-11 07:03:17 <warren> on 0.9 I'll try to get gitian win64 builds
  67 2013-09-11 07:03:43 <magbo> gmaxwell: that's a very good point which we — honestly — didn't take into consideration. On the other hand we want to show that bitcoin isn't evil in a sense progress isn't evil and — pragmatically — use large distributed system that can be used as a “proof” of votes being counted.
  68 2013-09-11 07:03:43 wei_ has joined
  69 2013-09-11 07:03:49 <cfields> warren: master outputs unit tests
  70 2013-09-11 07:03:54 <warren> cfields: when you do the gitian cross compile to mac, can the binaries be fat with both 32bit and 64bit?
  71 2013-09-11 07:04:15 <sipa> magbo: i don't understand why you'd want to use bitcoin for voting
  72 2013-09-11 07:04:16 <gmaxwell> magbo: in any case, if you insist on this route, I would recommend you run your own merged mined blockchain with bitcoin.
  73 2013-09-11 07:04:55 <cfields> warren: unlikely
  74 2013-09-11 07:05:07 <sipa> warren: iirc, openssl was 1200/600, libsecp256k1 400/100
  75 2013-09-11 07:05:11 <cfields> cfields: fyi, i got as far as modding kernel drivers before i put that aside
  76 2013-09-11 07:05:19 <cfields> lol, talking to myself :)
  77 2013-09-11 07:05:19 <sipa> usec/verification
  78 2013-09-11 07:05:25 <cfields> that was for warren
  79 2013-09-11 07:05:44 <warren> huh? kernel drivers?
  80 2013-09-11 07:05:51 <warren> you trying to install a hackintosh?
  81 2013-09-11 07:05:51 <gmaxwell> magbo: though you would have something much stronger if you coupled something like the old blue protocol I linked, to prevent jamming.
  82 2013-09-11 07:06:13 <cfields> warren: no, messing with dmg creation. that part is going to be a bitch on linux
  83 2013-09-11 07:06:25 <warren> sipa: what are these units?
  84 2013-09-11 07:06:48 <gmaxwell> cfields: if we could instead do DMG _verification_ in gitian that might be enough.
  85 2013-09-11 07:06:53 <magbo> gmaxwell: thank you so much for your input, I can't allow myself to waste your time for a longer time, so I'll just go and think more. Thank you.
  86 2013-09-11 07:07:32 <gmaxwell> cfields: e.g. gitian calls out to osx to take binaries and dmg them, then it gives it back and it verifies that the dmg is right.
  87 2013-09-11 07:07:39 <cfields> gmaxwell: you mean verifying signature? or dmg's checksum/verify mechanisms?
  88 2013-09-11 07:08:13 <cfields> ah
  89 2013-09-11 07:08:15 <gmaxwell> e.g. if we have a good dmg decompressor (I have nooo clue what dmg is like, I thought it was just an iso image?) then decompressing it again and checking the binaries inside.
  90 2013-09-11 07:08:18 <sipa> warren: usec/verification for 32/64 bit
  91 2013-09-11 07:08:34 <cfields> gmaxwell: i'm unsure so far if there's any way to "verify", is the thing
  92 2013-09-11 07:08:49 <cfields> gmaxwell: sure, contents are easy. extract and check
  93 2013-09-11 07:09:11 <gmaxwell> but yea, can a dmg do something malicious that isn't obvious in the content... bleh.
  94 2013-09-11 07:09:35 <sipa> iirc it's indeed just a compressed disk image
  95 2013-09-11 07:09:38 <cfields> gmaxwell: dmg is basically a partition container. you can have partitions of exotic filesystems inside
  96 2013-09-11 07:09:49 <sipa> autorun?
  97 2013-09-11 07:09:49 <cfields> nack, much much more than that
  98 2013-09-11 07:09:55 <sipa> ok
  99 2013-09-11 07:10:08 * sipa is apple-oblivious
 100 2013-09-11 07:10:13 cads has quit (Ping timeout: 264 seconds)
 101 2013-09-11 07:10:23 <cfields> sipa: it's typically used that way, and in a very broad sense that's what it's for, but it can do some pretty crazy things
 102 2013-09-11 07:10:44 <cfields> problem is that most of those things are designed to be not only non-deterministic, but anti-deterministic it seems
 103 2013-09-11 07:10:44 <warren> https://github.com/litecoin-project/litecoin/commits/exp-0.8.4.1-ccsec   Don't facepalm too hard.  That's some brute force hacks to make win32 secp256k1 gitian build for the first time ever.
 104 2013-09-11 07:11:12 <cfields> eg filesystem fuzzing on format, random uuid generation, etc
 105 2013-09-11 07:11:34 btcbtc has quit (Quit: btcbtc)
 106 2013-09-11 07:12:25 <cfields> gmaxwell: contents verification would be the most straightforward, but as you mentioned, i'm not sure what doors that leaves open
 107 2013-09-11 07:12:30 <warren> sipa: https://github.com/litecoin-project/litecoin/commit/341eec611cd125dc3fd72d4edab7f7209cec61c7
 108 2013-09-11 07:12:49 <warren> scroll down to cat > src/secp256k1/config.mk <<'EOF' ... that's the only config I could get working for secp256k1 for win32
 109 2013-09-11 07:13:26 <sipa> can you link to the actual code?
 110 2013-09-11 07:13:48 <sipa> the mobile version doesn't allow me to click through to the commit it seems...
 111 2013-09-11 07:13:57 <warren> sipa: https://raw.github.com/litecoin-project/litecoin/341eec611cd125dc3fd72d4edab7f7209cec61c7/contrib/gitian-descriptors/gitian-win32.yml
 112 2013-09-11 07:14:04 wiretapped has quit (Remote host closed the connection)
 113 2013-09-11 07:14:07 <cfields> i was considering something like dropping a signature for the contents of the dmg (minus itself ofc) inside the image, then signing the dmg with the same key
 114 2013-09-11 07:14:08 <gmaxwell> cfields: fair enough, there is probably some dmg root exploit that consists of making a corrupted FS image.
 115 2013-09-11 07:14:23 <gmaxwell> cfields: root exploit .. for the gitan host. and then all your binaries are 0wned. :P
 116 2013-09-11 07:14:52 <warren> sed -i 's^libsecp256k1.so: obj/secp256k1.o $(OBJS)^^'  src/secp256k1/Makefile  <---- I couldn't get libsecp256k1.so to link using the mingw toolchain, but given the gitian win32 doesn't actually use it, I just turned it off.
 117 2013-09-11 07:14:52 wiretapped has joined
 118 2013-09-11 07:15:35 <warren> https://raw.github.com/litecoin-project/litecoin/341eec611cd125dc3fd72d4edab7f7209cec61c7/contrib/gitian-descriptors/deps-win32.yml
 119 2013-09-11 07:15:40 <warren> Here's the part I couldn't make deterministic.
 120 2013-09-11 07:16:17 <sipa> ok
 121 2013-09-11 07:16:23 <cfields> warren: you didn't set the random seed...
 122 2013-09-11 07:16:33 <sipa> warren: strange, it shouldn't build the .so at all
 123 2013-09-11 07:16:38 btcbtc has joined
 124 2013-09-11 07:16:52 <warren> oh? hm
 125 2013-09-11 07:17:14 <warren> cfields: where?
 126 2013-09-11 07:17:45 <cfields> also, if gmp is autotools, use the maintainer rules to fix some of the configure looping
 127 2013-09-11 07:18:16 <sipa> warren: in any case, looks like my adhoc config script doesn't work for mingw32
 128 2013-09-11 07:18:20 <warren> cfields: I'll try it, what are maintainer rules?
 129 2013-09-11 07:18:29 <sipa> as the config you generate manually looks very normal
 130 2013-09-11 07:18:30 <warren> sipa: yeah, that's why I bypassed it
 131 2013-09-11 07:19:30 <sipa> in any case, if it works, i'll inxorporate your changes for now in my secp256k1 bitcoin branch
 132 2013-09-11 07:19:54 <sipa> but something autotoolish sounds like a more generic solution
 133 2013-09-11 07:19:55 <warren> sipa: i'll fix the deterministic part and rename things to be bitcoin first
 134 2013-09-11 07:20:25 <warren> for autotools, I defer to cfields
 135 2013-09-11 07:20:41 <cfields> warren: ./configure <blah blah> --disable-maintainer-mode --disable-dependency-tracking CFLAGS="-frandom-seed=something" CXXFLAGS="-frandom-seed=something"
 136 2013-09-11 07:20:46 <sipa> same, though no need to push for that now :)
 137 2013-09-11 07:21:19 <warren> cfields: what's the ransom seed used for here?
 138 2013-09-11 07:21:29 btcbtc has quit (Ping timeout: 261 seconds)
 139 2013-09-11 07:21:30 <sipa> i believe i read somewhere that the random seed should be distinct for every object
 140 2013-09-11 07:21:39 <cfields> warren: gcc generates a random seed for each object
 141 2013-09-11 07:21:42 <sipa> though the current makefiles don't do that either
 142 2013-09-11 07:22:06 <cfields> specifying it removes said randomness
 143 2013-09-11 07:22:48 <cfields> note that it's possible to build a completely deterministic binary without faketime
 144 2013-09-11 07:22:55 <warren> sipa: hmm, rather than put gmp into bitcoin-deps-0.0.x.zip, want a separate gmp zip?  that way it will be separate and won't mess with the normal deps zip, at least until secp256k1 is incorporated into bitcoin proper
 145 2013-09-11 07:23:10 <sipa> warren: sounds better, indeed
 146 2013-09-11 07:23:15 <cfields> however, it's needed for mingw for .exe creation, due to the timestamp in the PE header
 147 2013-09-11 07:23:34 <sipa> ah!
 148 2013-09-11 07:23:34 <cfields> warren: why zips? that's been bothering me...
 149 2013-09-11 07:23:47 <sipa> cfields: what do you want?
 150 2013-09-11 07:23:56 <warren> cfields: I began dev in May 2013.  don't ask me. =P
 151 2013-09-11 07:23:56 <sipa> or suggest
 152 2013-09-11 07:24:16 <warren> lrzip? =)
 153 2013-09-11 07:24:37 <cfields> sipa: i'd suggest tar.gz, as support is universal and predictable...
 154 2013-09-11 07:24:45 <cfields> sipa: mainly it was just a curiosity as to why zips
 155 2013-09-11 07:24:59 <gmaxwell> windows users like zip files.
 156 2013-09-11 07:25:02 <sipa> to be honest, no idea, and tgz sounds perfectly fine to me
 157 2013-09-11 07:25:08 <sipa> this is for dependencies
 158 2013-09-11 07:25:15 <sipa> they never reach a windows system
 159 2013-09-11 07:25:21 <gmaxwell> ah. sorry, lifo.
 160 2013-09-11 07:25:51 <cfields> tgz is predictable when it comes to timestamps, attributes, case sensitivity, etc
 161 2013-09-11 07:25:54 <warren> given they are written once and used many times, why not .bz2 or .xz?
 162 2013-09-11 07:26:02 <cfields> so zip just seemed like a strange choice to me
 163 2013-09-11 07:26:18 <sipa> i agree, cfields; i never really thought about it
 164 2013-09-11 07:26:26 <cfields> warren: last i checked, bz2/xz timestamps can't be spoofed
 165 2013-09-11 07:26:38 <warren> huh
 166 2013-09-11 07:27:00 <warren> cfields: .tar has all the benefits you described.  gz/bz2/xz have no difference.
 167 2013-09-11 07:27:18 <sipa> gz has a timestamp in its header as well, afaik
 168 2013-09-11 07:27:28 <cfields> warren: tar is just a bunch of files cat'd together...
 169 2013-09-11 07:27:29 <sipa> or a filename
 170 2013-09-11 07:27:47 <cfields> and the compressors do differ. as sipa said, they have timestamps
 171 2013-09-11 07:27:54 <warren> hm
 172 2013-09-11 07:28:01 nowan has quit (Ping timeout: 240 seconds)
 173 2013-09-11 07:28:06 <sipa> gzip has a flag to disable that, iirc
 174 2013-09-11 07:28:11 <cfields> gzip has standard means to disable
 175 2013-09-11 07:28:12 <cfields> yep
 176 2013-09-11 07:28:14 nowan has joined
 177 2013-09-11 07:28:27 <warren> ok, didn't know that
 178 2013-09-11 07:28:37 <warren> I'm trying cfields suggestions to fix determinism...
 179 2013-09-11 07:28:40 <cfields> notice that in gitian, linux builds and source releases are all built without faketime
 180 2013-09-11 07:28:45 <warren> then I'll push changes to sipa
 181 2013-09-11 07:28:50 <gmaxwell> and iirc make dist even uses that option.
 182 2013-09-11 07:29:11 <cfields> gmaxwell: observant :)
 183 2013-09-11 07:29:11 <sipa> gzip -n
 184 2013-09-11 07:29:32 <cfields> https://github.com/bitcoin/bitcoin/blob/master/Makefile.am#L5
 185 2013-09-11 07:30:46 psychophoniac has quit (Quit: Verlassend)
 186 2013-09-11 07:30:51 <cfields> combine that with tar's --mtime, and you've got a deterministic .tar.gz
 187 2013-09-11 07:30:55 <gmaxwell> cfields: we had a debate about this on a issue sometime back, where I wasted far too much energy defending something I don't personally like much because the people complaining were exaggerating and using terrible arguments for my own side. It was miserable ... hopefully I learned my lesson.
 188 2013-09-11 07:32:21 HaltingState has joined
 189 2013-09-11 07:32:21 HaltingState has quit (Changing host)
 190 2013-09-11 07:32:21 HaltingState has joined
 191 2013-09-11 07:32:35 HaltingState has quit (Read error: Connection reset by peer)
 192 2013-09-11 07:32:49 <cfields> gmaxwell: haha. debate about which part?
 193 2013-09-11 07:33:08 HaltingState has joined
 194 2013-09-11 07:33:08 HaltingState has quit (Changing host)
 195 2013-09-11 07:33:08 HaltingState has joined
 196 2013-09-11 07:33:20 <sipa> providing source tsrballs
 197 2013-09-11 07:33:26 <sipa> *tarballs
 198 2013-09-11 07:33:51 <cfields> hmm, i suppose i've got a 50/50 shot here, then...
 199 2013-09-11 07:34:04 <warren> cfields: ./configure with or without faketime?
 200 2013-09-11 07:34:08 <cfields> gmaxwell: what was your position?
 201 2013-09-11 07:34:18 * warren tries with
 202 2013-09-11 07:34:19 <cfields> gmaxwell: not to rehash (i do realize that was your point above)...
 203 2013-09-11 07:34:21 <sipa> i think the whole discussion is moot now
 204 2013-09-11 07:34:36 <cfields> i'm just wondering if that means my 'make dist' effort was for null
 205 2013-09-11 07:34:46 <sipa> if we have source tarballs produced by gitian
 206 2013-09-11 07:34:47 <gmaxwell> cfields: I'm very have to have make dists available.
 207 2013-09-11 07:34:54 <gmaxwell> and we'll use them.
 208 2013-09-11 07:35:10 <sipa> s/have/happy?/ ?
 209 2013-09-11 07:35:19 <cfields> gmaxwell: ah, done deal then :)
 210 2013-09-11 07:35:40 <cfields> i went so far as to force gitian to 'make dist', extract, cd into it, and configure/make it
 211 2013-09-11 07:35:46 <cfields> to ensure that 'make dist' never breaks ;)
 212 2013-09-11 07:35:51 <gmaxwell> people were complaining that we didn't, and I said for now use github tars from tags, they're determinstic and just ducky ducky. And I was wasted a bunch of time with people claiming things like they weren't determinstic and such.
 213 2013-09-11 07:35:57 <gmaxwell> cfields: uh. you mean make distcheck?
 214 2013-09-11 07:36:08 Anduck has joined
 215 2013-09-11 07:36:08 Anduck has quit (Changing host)
 216 2013-09-11 07:36:08 Anduck has joined
 217 2013-09-11 07:36:13 toffoo has quit ()
 218 2013-09-11 07:36:36 <cfields> gmaxwell: no, it uses 'make dist' to create a tarball, then builds from that tarball
 219 2013-09-11 07:36:42 <gmaxwell> really make dist should go away. Always make distcheck.
 220 2013-09-11 07:36:44 <cfields> and as a side-effect, also outputs that tarball
 221 2013-09-11 07:36:48 <gmaxwell> cfields: thats what make distcheck does.
 222 2013-09-11 07:37:06 <gmaxwell> it makes the tarball expands it, builds in it. and if it fails it deletes the tarball and yells at you.
 223 2013-09-11 07:37:10 <cfields> gmaxwell: sure. but distcheck is a kludge for us because of leveldb
 224 2013-09-11 07:37:20 <gmaxwell> :-/
 225 2013-09-11 07:37:21 <cfields> gmaxwell: i'm aware, i hit it about 50x/day before merge :)
 226 2013-09-11 07:37:26 <gmaxwell> OKAY
 227 2013-09-11 07:37:47 <gmaxwell> in any case, I'm superhapp to have it. All is fun. Are all the gitian binaries actually built from the dist tarball?
 228 2013-09-11 07:37:59 <gmaxwell> e.g. build the dist tarball, then build the binaries from it?
 229 2013-09-11 07:37:59 <cfields> yes
 230 2013-09-11 07:38:03 <gmaxwell> <3
 231 2013-09-11 07:38:14 <cfields> that was done to ensure that our builds are building from the same source that will be distributed
 232 2013-09-11 07:38:15 wei__ has joined
 233 2013-09-11 07:38:37 <warren> 647776bd6f9590b17c4e2078a9249118d3f3183e3b7de0823f5de35ee4004ecc  gmp-deps-0.0.1.zip
 234 2013-09-11 07:38:55 * warren tries again
 235 2013-09-11 07:39:48 <cfields> gmaxwell: on 2nd thought, i actually can't remember why i didn't use distcheck for gitian builds
 236 2013-09-11 07:40:30 <cfields> ah right, custom configure options
 237 2013-09-11 07:40:34 wei_ has quit (Ping timeout: 256 seconds)
 238 2013-09-11 07:40:35 wei__ is now known as wei_
 239 2013-09-11 07:41:36 <gmaxwell> ah, yea I dunno how to pass those through.. but since we need to build multiple times perhaps it doesn't matter so much.
 240 2013-09-11 07:41:54 <warren> cfields: huzzah, deterministic
 241 2013-09-11 07:42:08 <cfields> :)
 242 2013-09-11 07:42:44 <gmaxwell> warren: never sure until you try another machine. :P
 243 2013-09-11 07:43:51 psychophoniac has joined
 244 2013-09-11 07:46:26 melvster has joined
 245 2013-09-11 07:46:50 <cfields> warren: afaik you can get away with just the 'make' under faketime. you only have to worry about the .exe link, and the old/busted ar/ranlib with the old mingw toolchain
 246 2013-09-11 07:47:28 Eiii has quit ()
 247 2013-09-11 07:48:11 phillsphinest has quit (Quit: Bye)
 248 2013-09-11 07:53:23 <sipa> gmaxwell: i wonder if we can reason about whih possible values can be obtained by doing a serialize+deserialize of negative ints?
 249 2013-09-11 07:53:48 Thepok has joined
 250 2013-09-11 07:56:34 t7 has joined
 251 2013-09-11 07:56:52 wei__ has joined
 252 2013-09-11 07:57:01 mappum has quit (Ping timeout: 264 seconds)
 253 2013-09-11 07:57:22 wei_ has quit (Ping timeout: 260 seconds)
 254 2013-09-11 07:57:23 wei__ is now known as wei_
 255 2013-09-11 07:57:44 <gmaxwell> sipa: I didn't check closely and perhaps I should since I'm surprised to hear you say that.
 256 2013-09-11 07:58:13 <gmaxwell> my belief without looking at the code is that it would hit the "I'm done" break and write out only one character.
 257 2013-09-11 07:58:27 <gmaxwell> and thus lose information.
 258 2013-09-11 07:58:34 * gmaxwell loads code
 259 2013-09-11 07:58:44 <sipa> if it's a very limited set of possibilities, we could just outlaw those as tx versions
 260 2013-09-11 07:58:51 <sipa> though that's an ugly solution
 261 2013-09-11 07:58:55 * gmaxwell stabs
 262 2013-09-11 07:59:26 <sipa> and if we need to enforce a rerun for the utxo pruning, it can indeed just be combined
 263 2013-09-11 08:00:53 <gmaxwell> it's easy to fix this. We make a 0.9 version which makes nversion unsigned... and also on its first boot it prunes the utxo and fixes it up. We have the blocks, so we can go fetch the transactions. hm darn actually. one problem is if any negative value can become a 1 we can't do this as cheaply as I thought we could.
 264 2013-09-11 08:01:12 <sipa> indeed
 265 2013-09-11 08:02:39 <sipa> when i wrote it, i think i considered nVersion a signed value that can only hold unsigned numbers, and iirc -1 is used in some places for "invalid"
 266 2013-09-11 08:02:43 ticean has quit (Remote host closed the connection)
 267 2013-09-11 08:03:38 <sipa> but i don't think there are problems with making it unsigned
 268 2013-09-11 08:03:39 macboz_ has quit (Quit: This computer has gone to sleep)
 269 2013-09-11 08:06:34 Anduck has quit (Ping timeout: 260 seconds)
 270 2013-09-11 08:06:48 <gmaxwell> darn. 16777216 codes map to 1.
 271 2013-09-11 08:08:01 <gmaxwell> I think we will actually need to reindex to fix it.
 272 2013-09-11 08:08:28 macboz has joined
 273 2013-09-11 08:08:35 <maaku> i haven't been following this closely - there are nVersion!=1 transactions?
 274 2013-09-11 08:08:45 <gmaxwell> there are now
 275 2013-09-11 08:08:52 <gmaxwell> you missed the minidoomsday?
 276 2013-09-11 08:09:37 <maaku> i knew it was going on but didn't pay attention to the details
 277 2013-09-11 08:09:44 <maaku> that's very bad
 278 2013-09-11 08:10:39 <gmaxwell> well its not bad that there are nVersion!=1 transactions, its bad that WriteVarInt seralized them wrong.
 279 2013-09-11 08:10:42 <maaku> i thought bip-34 outlawed them, but now i see it's just non-standard
 280 2013-09-11 08:11:16 <maaku> it's bad because if/when the transaction format needs to be extended, there's no clearly compatible way to do it
 281 2013-09-11 08:11:23 <maaku> that's what version is for
 282 2013-09-11 08:11:35 shesek has joined
 283 2013-09-11 08:11:43 <gmaxwell> They're even standard. (doh)
 284 2013-09-11 08:12:12 <gmaxwell> maaku: oh sure there is, it's just that you only read the version for heights greater than X. You must do that in any case for a safe transition.
 285 2013-09-11 08:12:19 awishformore has joined
 286 2013-09-11 08:12:47 <gmaxwell> Because at any moment up to the activation of new rules some smartalec could add some version=x transactions.
 287 2013-09-11 08:13:01 <sipa> indeed
 288 2013-09-11 08:13:10 <maaku> gmaxwell: but given a transaction out of its context, it would no longer be possible to deserialize it without knowing its height
 289 2013-09-11 08:13:16 <gmaxwell> It's just that if same said alecs start a popular practice of putting random crap in the version fields, then the change is unavailable to us.
 290 2013-09-11 08:13:37 <maaku> e.g, during the transition you receive a transaction out of protocol. what format is it?
 291 2013-09-11 08:13:45 <gmaxwell> maaku: sure there is, you just add a flag to the utxo to indicate if its post that point or not.
 292 2013-09-11 08:13:46 freaksh0 has joined
 293 2013-09-11 08:14:12 <maaku> in the utxo.. i'm talking about other infrastructure
 294 2013-09-11 08:14:13 <gmaxwell> maaku: the transistion has a hardcutoff and you use non-standardness to not worry about those transactions before the cutoff.
 295 2013-09-11 08:14:39 <sipa> maaku: without utxo set to fetch inputs from, interprrting lone transactions ivery hard anyway
 296 2013-09-11 08:14:44 <sipa> you can't calculate fees
 297 2013-09-11 08:14:45 sserrano44 has quit (Quit: Computer has gone to sleep.)
 298 2013-09-11 08:14:50 <sipa> or check signatures
 299 2013-09-11 08:15:07 <maaku> sipa: bip 10
 300 2013-09-11 08:16:19 <gmaxwell> maaku: indeed. welp nothing that can be done there. They _must_ be valid in the blockchain or the version is not available to us as a forward compatibility mechenism.
 301 2013-09-11 08:16:23 <sipa> i don't see the problem
 302 2013-09-11 08:16:40 <sipa> either you have code that does transaction verification, and then you need version + utxo set
 303 2013-09-11 08:16:53 <sipa> or your node doesn't (spv), and you need neither
 304 2013-09-11 08:18:22 <sipa> in any case, increasing a tx version number can only reduce possible spendings
 305 2013-09-11 08:18:43 <sipa> so not being able to use the nversion is exactly as bad as running old software that doesn't know about the change yet
 306 2013-09-11 08:19:30 maaku has quit (Ping timeout: 246 seconds)
 307 2013-09-11 08:20:26 <sipa> gmaxwell: anyway, enforcing a reindex for 0.9 is probably not too bad, though some speedups may be useful
 308 2013-09-11 08:21:04 gfawkes has quit (Quit: ~ Trillian Astra - www.trillian.im ~)
 309 2013-09-11 08:21:16 <sipa> i'll see if we can do sort of reindex without rthrowing away the block index
 310 2013-09-11 08:21:16 <sipa> which means we retain block validity info
 311 2013-09-11 08:21:21 <sipa> and sigchecks can ne skipped
 312 2013-09-11 08:21:56 egis has joined
 313 2013-09-11 08:21:56 egis_ has joined
 314 2013-09-11 08:22:10 egis__ has joined
 315 2013-09-11 08:22:22 <gmaxwell> sipa: alternatively we could just scan blocks after some height, (e.g. height at release - safty + exceptions for the existing negative ones at that time), and just fix utxo we find broken.
 316 2013-09-11 08:22:56 <gmaxwell> and make a pass through the set to remove OP_RETURN utxos. Thats perhaps more conservative?
 317 2013-09-11 08:26:10 maaku has joined
 318 2013-09-11 08:26:34 maaku is now known as Guest38954
 319 2013-09-11 08:29:08 TheXev has joined
 320 2013-09-11 08:29:17 TheXev has left ("Leaving")
 321 2013-09-11 08:30:20 gahang has joined
 322 2013-09-11 08:30:32 Guest38954 has left ()
 323 2013-09-11 08:30:55 maaku has joined
 324 2013-09-11 08:31:01 <sipa> gmaxwell: certainly faster
 325 2013-09-11 08:33:10 Dyaheon has quit (Ping timeout: 260 seconds)
 326 2013-09-11 08:37:26 <gmaxwell> sipa: so, as OT observation, I did some utxo analysis last weekend, there are 6955855 utxo, but only 1890963 unique scriptpubkeys (+ a few weird ones my tool ignored).  The selection of unique scriptpubkey has an entropy of <18 bits... I suppose it would be best if I forget this fact.
 327 2013-09-11 08:38:27 Coincidental has quit (Remote host closed the connection)
 328 2013-09-11 08:40:05 <maaku> ugh stupid internet
 329 2013-09-11 08:40:08 chrisberkhout has joined
 330 2013-09-11 08:40:12 <maaku> <maaku> sipa: bip 10
 331 2013-09-11 08:40:12 <maaku> <maaku> i mean it's not insolveable - if you have the length of the transaction you might be able to figure out what version it is (looking for extra bytes for the extra fields)
 332 2013-09-11 08:40:12 <maaku> <maaku> or trial and error
 333 2013-09-11 08:40:12 <maaku> <maaku> but then there's side issues like receiving blocks out of order around the transition point - how do you deserialize the transaction list?
 334 2013-09-11 08:40:12 <maaku> <maaku> just a mess is all i'm saying
 335 2013-09-11 08:40:14 <maaku> <maaku> non-version=1 should be non-standard in 0.9 imho
 336 2013-09-11 08:40:16 <maaku> <maaku> and made illegal in the next softfork
 337 2013-09-11 08:40:19 <maaku> and that's all i'll say
 338 2013-09-11 08:40:32 <warren> sorry back, my attorney called
 339 2013-09-11 08:40:42 <maaku> warren: hope that's not bad news
 340 2013-09-11 08:41:07 <warren> sipa: how relevant are my commits here given your secp256k1 is post-autotools now?
 341 2013-09-11 08:41:36 <gmaxwell> maaku: !@#!@
 342 2013-09-11 08:41:49 <gmaxwell> maaku: making the illegal in a softfork would make the field completely useless.
 343 2013-09-11 08:41:57 <gmaxwell> because then you could never use it again without a hardfork.
 344 2013-09-11 08:42:08 <gmaxwell> the whole point of even having it is so that it can be used without a soft fork.
 345 2013-09-11 08:42:32 <gmaxwell> maaku: and it was _intended_ to be non-standard, but the code was mistaken and didn't consider that the version could be negative.
 346 2013-09-11 08:42:54 <gmaxwell> the patch I committed for this issue, which we'll also back port in 0.8.5 fixes the nonstandardism.
 347 2013-09-11 08:43:13 <gmaxwell> er so that it can be used without a hardfork.
 348 2013-09-11 08:43:14 gahang_ has joined
 349 2013-09-11 08:44:39 <maaku> i guess i just don't see how it'd be useful to have soft-forking based on versions, but i'm sure you have use cases
 350 2013-09-11 08:44:59 <gmaxwell> 0_o
 351 2013-09-11 08:45:01 nx201 has quit (Ping timeout: 264 seconds)
 352 2013-09-11 08:45:10 <gmaxwell> softforking is how we add new features to the protocol.
 353 2013-09-11 08:45:50 <gmaxwell> E.g. you specify a version=2 transaction where some additional things are required, like scriptsigs have to contain the value of the inputs (say), and then the softforking change is to begin enforcing this.
 354 2013-09-11 08:46:28 <gmaxwell> and then after thats in place from then forward you can be confident there are correct input values in any transaction you sign.  (well, minus the whole not being covered by the signature thing, details…)
 355 2013-09-11 08:46:58 <maaku> gmaxwell: what if you want to add an entirely new field to the transaction format?
 356 2013-09-11 08:47:39 <sipa> maaku: it is non-standard
 357 2013-09-11 08:48:04 <gmaxwell> maaku: it _can_ be done but depending on what you want it for you may not like how it has to be done.
 358 2013-09-11 08:49:05 moarr has joined
 359 2013-09-11 08:49:25 <sipa> maaku: if you're adding a new field, it's either a hard fork, or it needs to be optional and droppable without affecting validity
 360 2013-09-11 08:49:28 <gahang> Hello,everyone,I have a question.I'm trying to write a mining software,just for fun. After I get work from the mining pool with the stratum protocol and calulate the coinbase hash,do I have to rotate the bytes of coinb1,coinb2,extranonce1 and extranonce2?
 361 2013-09-11 08:50:27 <sipa> ga	trial and error
 362 2013-09-11 08:50:33 melvster has quit (Ping timeout: 245 seconds)
 363 2013-09-11 08:50:42 <sipa> if you're talking about byteswapping
 364 2013-09-11 08:51:13 melvster has joined
 365 2013-09-11 08:53:00 gahang_ has quit (Quit: Page closed)
 366 2013-09-11 08:53:05 <gahang> so i just concatenate these params and do the hash and don't need a byteswapping?
 367 2013-09-11 08:53:51 <sipa> maybe
 368 2013-09-11 08:53:56 <sipa> byte order is a mess
 369 2013-09-11 08:54:04 <sipa> try until it works, sorry :)
 370 2013-09-11 08:54:06 <gmaxwell> swizzle until it works.
 371 2013-09-11 08:54:46 <sipa> warren: how do you mean secp256k1 is post autotools?
 372 2013-09-11 08:55:28 <sipa> libsecp256k1 is still adhoc, and needs some integration still with autotools, but should be very similar to leveldb
 373 2013-09-11 08:55:30 <warren> sipa: these commits are to make secp256k1 buildable on 0.8
 374 2013-09-11 08:55:58 <warren> i'm rather amazed how crappy 32bit is for litecoin ...
 375 2013-09-11 08:55:58 <gahang> ok,i got it , it's really disgusting.
 376 2013-09-11 08:56:30 <sipa> shouldn't be muxh difference afaik
 377 2013-09-11 08:56:30 <sipa> but i haven't tried
 378 2013-09-11 08:57:43 nx201 has joined
 379 2013-09-11 08:58:43 <sipa> latest bitcoin master i had on my laptop was still pre-autotools
 380 2013-09-11 08:59:02 <warren> ooh
 381 2013-09-11 08:59:02 <warren> ok
 382 2013-09-11 08:59:07 <sipa> rebasing was mostly necessary for bip32 derivation
 383 2013-09-11 08:59:17 <sipa> which now uses libsecp256k1 as well
 384 2013-09-11 08:59:17 <warren> sipa: I'll fix up these commits for bitcoin
 385 2013-09-11 08:59:32 <warren> i'm confirming the win32 output is deterministic now
 386 2013-09-11 08:59:38 banghouse has quit (Remote host closed the connection)
 387 2013-09-11 09:01:00 <sipa> \o/
 388 2013-09-11 09:02:43 <warren> two builds were identical
 389 2013-09-11 09:02:51 <warren> sample size of 2, good enough
 390 2013-09-11 09:02:52 <warren> ship it
 391 2013-09-11 09:04:15 <warren> sipa: ok, rebasing it on top of your latest branch
 392 2013-09-11 09:08:22 Guest59366 has quit (Ping timeout: 240 seconds)
 393 2013-09-11 09:08:26 moarr has quit ()
 394 2013-09-11 09:10:28 wiretapped has quit (Ping timeout: 240 seconds)
 395 2013-09-11 09:11:56 wiretapped has joined
 396 2013-09-11 09:13:03 Thepok has quit (Ping timeout: 246 seconds)
 397 2013-09-11 09:13:12 gahang has quit (Ping timeout: 250 seconds)
 398 2013-09-11 09:13:39 msvb-lab has joined
 399 2013-09-11 09:16:59 <sipa> warren: wait till i push my branch
 400 2013-09-11 09:17:19 <sipa> tomorrow i'll have a decent network connection again :)
 401 2013-09-11 09:18:19 CheckDavid has joined
 402 2013-09-11 09:18:55 Wren has joined
 403 2013-09-11 09:18:58 <warren> I already did it...
 404 2013-09-11 09:19:11 Wren is now known as Guest31055
 405 2013-09-11 09:20:56 <warren> sipa: sent you pull request, do whatever you want with it
 406 2013-09-11 09:21:22 <sipa> k
 407 2013-09-11 09:22:50 egis_ has quit (Quit: Leaving)
 408 2013-09-11 09:22:58 egis__ has quit (Quit: Leaving)
 409 2013-09-11 09:23:10 egis has quit (Quit: Leaving)
 410 2013-09-11 09:23:33 egis has joined
 411 2013-09-11 09:24:39 melvster has quit (Ping timeout: 240 seconds)
 412 2013-09-11 09:30:51 hnz has quit (Ping timeout: 264 seconds)
 413 2013-09-11 09:31:32 melvster has joined
 414 2013-09-11 09:34:22 hnz has joined
 415 2013-09-11 09:38:12 da2ce7 has joined
 416 2013-09-11 09:41:06 xeroc has quit (Ping timeout: 268 seconds)
 417 2013-09-11 09:42:23 xeroc has joined
 418 2013-09-11 09:54:01 mhanne has quit (Remote host closed the connection)
 419 2013-09-11 09:54:08 mhanne has joined
 420 2013-09-11 09:55:46 moarr has joined
 421 2013-09-11 09:56:10 jtimon has joined
 422 2013-09-11 09:56:12 moarr is now known as moarrr
 423 2013-09-11 09:59:21 c_k has quit (Quit: :))
 424 2013-09-11 10:02:05 darkee has joined
 425 2013-09-11 10:04:08 _ingsoc has joined
 426 2013-09-11 10:04:22 _ingsoc has quit (Client Quit)
 427 2013-09-11 10:12:53 debiantoruser has quit (Ping timeout: 264 seconds)
 428 2013-09-11 10:13:47 macboz has quit (Quit: This computer has gone to sleep)
 429 2013-09-11 10:14:27 debiantoruser has joined
 430 2013-09-11 10:14:54 paybitcoin has quit (Ping timeout: 260 seconds)
 431 2013-09-11 10:14:55 paybitcoin1 has joined
 432 2013-09-11 10:16:25 brocktice has quit (Ping timeout: 246 seconds)
 433 2013-09-11 10:17:07 brocktice has joined
 434 2013-09-11 10:17:28 MobiusL has quit (Ping timeout: 240 seconds)
 435 2013-09-11 10:19:15 lodse has joined
 436 2013-09-11 10:19:27 Guest11230 has quit (Ping timeout: 264 seconds)
 437 2013-09-11 10:21:41 MobiusL has joined
 438 2013-09-11 10:22:31 melvster has quit (Remote host closed the connection)
 439 2013-09-11 10:29:03 saulimus has joined
 440 2013-09-11 10:31:18 lodse has quit (Remote host closed the connection)
 441 2013-09-11 10:31:37 melvster has joined
 442 2013-09-11 10:33:27 Bjander has joined
 443 2013-09-11 10:39:05 Bjander has quit (Read error: Connection reset by peer)
 444 2013-09-11 10:43:08 BTCOxygen has joined
 445 2013-09-11 10:45:46 chrisberkhout has quit (Quit: chrisberkhout)
 446 2013-09-11 10:46:25 warren has quit (Ping timeout: 263 seconds)
 447 2013-09-11 10:49:37 warren has joined
 448 2013-09-11 10:51:56 Thepok has joined
 449 2013-09-11 10:54:14 moarrr has quit ()
 450 2013-09-11 10:56:28 Subo1977_ has quit (Ping timeout: 240 seconds)
 451 2013-09-11 10:56:30 Subo1977 has joined
 452 2013-09-11 11:01:09 michagogo has joined
 453 2013-09-11 11:03:48 random_cat has quit (Ping timeout: 240 seconds)
 454 2013-09-11 11:07:06 tmsk has joined
 455 2013-09-11 11:07:50 Dyaheon has joined
 456 2013-09-11 11:07:59 macboz has joined
 457 2013-09-11 11:11:10 <jouke> does 8.4 have payment request support?
 458 2013-09-11 11:11:19 <michagogo> 0.8.4 does not.
 459 2013-09-11 11:11:29 <jouke> ok
 460 2013-09-11 11:12:06 zer0def has quit (Quit: Quit:)
 461 2013-09-11 11:15:09 xeroc has quit (Ping timeout: 245 seconds)
 462 2013-09-11 11:17:24 xeroc has joined
 463 2013-09-11 11:17:25 one_zero has quit ()
 464 2013-09-11 11:18:43 shesek has quit (Ping timeout: 246 seconds)
 465 2013-09-11 11:18:59 zer0def has joined
 466 2013-09-11 11:22:46 yubrew has joined
 467 2013-09-11 11:23:02 random_cat has joined
 468 2013-09-11 11:27:23 zeddan81 has joined
 469 2013-09-11 11:27:48 justusranvier has quit (Ping timeout: 240 seconds)
 470 2013-09-11 11:34:42 rdymac has joined
 471 2013-09-11 11:34:42 rdymac has quit (Changing host)
 472 2013-09-11 11:34:42 rdymac has joined
 473 2013-09-11 11:35:28 CryptoBuck has quit (Ping timeout: 248 seconds)
 474 2013-09-11 11:36:02 paraipan has joined
 475 2013-09-11 11:36:08 CryptoBuck has joined
 476 2013-09-11 11:36:56 OPrime has joined
 477 2013-09-11 11:37:46 justusranvier has joined
 478 2013-09-11 11:41:23 MoALTz has joined
 479 2013-09-11 11:41:23 da2ce7 has quit (Read error: Connection reset by peer)
 480 2013-09-11 11:41:38 da2ce7 has joined
 481 2013-09-11 11:50:03 daybyter has joined
 482 2013-09-11 11:52:24 ThomasV has joined
 483 2013-09-11 11:53:53 elevatioN has joined
 484 2013-09-11 11:57:43 BTCOxygen has quit (Ping timeout: 240 seconds)
 485 2013-09-11 11:58:34 BTCOxygen has joined
 486 2013-09-11 12:04:16 shesek has joined
 487 2013-09-11 12:04:26 yubrew has quit (Remote host closed the connection)
 488 2013-09-11 12:05:58 Tom_Soft has joined
 489 2013-09-11 12:07:31 CheckDavid has quit (Quit: Leaving)
 490 2013-09-11 12:07:34 digitalmagus has quit (Remote host closed the connection)
 491 2013-09-11 12:07:51 digitalmagus has joined
 492 2013-09-11 12:07:51 digitalmagus has quit (Changing host)
 493 2013-09-11 12:07:51 digitalmagus has joined
 494 2013-09-11 12:09:40 rdymac has quit (Quit: This computer has gone to sleep)
 495 2013-09-11 12:10:15 thrasher`` has joined
 496 2013-09-11 12:10:18 shesek has quit (Ping timeout: 260 seconds)
 497 2013-09-11 12:10:20 thrasher` has quit (Ping timeout: 268 seconds)
 498 2013-09-11 12:10:43 cads has joined
 499 2013-09-11 12:13:05 yubrew has joined
 500 2013-09-11 12:14:59 elevatioN has quit (Ping timeout: 260 seconds)
 501 2013-09-11 12:15:04 agricocb has quit (Quit: Leaving.)
 502 2013-09-11 12:19:12 TD has joined
 503 2013-09-11 12:20:56 justusranvier has quit (Remote host closed the connection)
 504 2013-09-11 12:23:41 justusranvier has joined
 505 2013-09-11 12:24:10 cads has quit (Ping timeout: 260 seconds)
 506 2013-09-11 12:24:56 shesek has joined
 507 2013-09-11 12:26:18 michagogo has quit (Quit: michagogo)
 508 2013-09-11 12:33:49 arioBarzan has joined
 509 2013-09-11 12:36:04 qbasicer has quit (Ping timeout: 246 seconds)
 510 2013-09-11 12:36:47 an3k has joined
 511 2013-09-11 12:42:54 moarrr has joined
 512 2013-09-11 12:49:26 an3k has left ("http://quassel-irc.org - Chat comfortably. Anywhere.")
 513 2013-09-11 12:49:35 an3k has joined
 514 2013-09-11 12:50:38 arioBarzan has quit (Remote host closed the connection)
 515 2013-09-11 12:52:30 <an3k> does anything regarding UPnP got changed since 0.8.3?
 516 2013-09-11 12:52:55 <an3k> because 0.8.4 is running well on Ubuntu with UPnP enabled.
 517 2013-09-11 12:53:30 <an3k> remember? I'm the one with UPnP issues in 0.8.3 on windows 7 using a Cisco RV082 router
 518 2013-09-11 12:53:38 <gmaxwell> Nothing changed.
 519 2013-09-11 12:54:38 <an3k> sry, false alarm. same issues on here. not a Windows specific bug :(
 520 2013-09-11 12:55:07 agricocb has joined
 521 2013-09-11 12:55:14 <an3k> however, the client looks very nice on Ubuntu :)
 522 2013-09-11 12:57:40 Polyatomic has quit (Quit: Catcha Round)
 523 2013-09-11 13:04:29 <Luke-Jr> cfields: any idea how to reproduce the pulltester's failure?
 524 2013-09-11 13:06:38 an3k has quit (Read error: Connection reset by peer)
 525 2013-09-11 13:06:55 reizuki_ has joined
 526 2013-09-11 13:06:55 reizuki_ has quit (Changing host)
 527 2013-09-11 13:06:55 reizuki_ has joined
 528 2013-09-11 13:07:30 <sipa> jouke: 0.8.4 and 0.8.5 don't, 0.9.0 will
 529 2013-09-11 13:08:16 <jouke> ok
 530 2013-09-11 13:09:50 <jouke> Would I be able to generate requests with self signed certificates? I have tried that by adding the certificate to the locally trusted certificates, but I have not been able to get it working at the moment.
 531 2013-09-11 13:09:50 AndyOfiesh has joined
 532 2013-09-11 13:09:52 reizuki__ has quit (Ping timeout: 248 seconds)
 533 2013-09-11 13:10:03 yubrew has quit (Remote host closed the connection)
 534 2013-09-11 13:10:07 <_dr> heh! http://it.slashdot.org/story/13/09/11/1224252/are-the-nist-standard-elliptic-curves-back-doored
 535 2013-09-11 13:11:11 <jouke> "Bitcoin-Qt: PaymentRequest: empty certificate chain"
 536 2013-09-11 13:13:32 <_dr> who came up with the numbers for the bitcoin curve? was it nist?
 537 2013-09-11 13:15:26 rdymac has joined
 538 2013-09-11 13:15:26 rdymac has quit (Changing host)
 539 2013-09-11 13:15:26 rdymac has joined
 540 2013-09-11 13:15:31 <gmaxwell> _dr: secp256k1 is not a nist recommended curve it comes out of the secg. If you want to be concerservative you can assume it came from NSA.
 541 2013-09-11 13:16:04 <gmaxwell> Though because it's a curve specalized for high performance there is objectively less freedom in the parameters than te.g. the nist random curves.
 542 2013-09-11 13:16:19 <moarrr> gmaxwell: do you think its true what people think of the nsa, have they cracked ecdsa?
 543 2013-09-11 13:16:51 daybyter has quit (Quit: Konversation terminated!)
 544 2013-09-11 13:17:37 <gmaxwell> cracking _all_ ecdsa seems implausable. Some implementations, perhaps even some curves? maybe. if so they've been insanely good about not making it clear they have, and snowden was emphatic that strong encryption works.
 545 2013-09-11 13:18:15 <gmaxwell> hell I wouldn't be surprised if someone weren't engaging in psyops to actually try to convince people that crypto is worthless so they won't use it.
 546 2013-09-11 13:18:37 CheckDavid has joined
 547 2013-09-11 13:19:15 <sturles> NSA has probably cracked all known (to them) RSA keys up to and including 1024 bits.  Many protocols use RSA/DH for key negotiation, which means they get the keys and don't have to crack the rest of the crypto used.
 548 2013-09-11 13:19:24 <gmaxwell> moarrr: one problem with the concern about NSA influcing ECC curve selection is that it's predicated on unknown math... as soon as you assume that math unknown to the public exists, well maybe NSA only made the curves _stronger_? (as they've been proven to do that too)
 549 2013-09-11 13:19:25 <sturles> Perhaps even higher than 1024 bits.
 550 2013-09-11 13:19:26 <moarrr> i see
 551 2013-09-11 13:19:44 <_dr> yeah
 552 2013-09-11 13:19:58 <gmaxwell> sturles: I'd think things like get hacked copies of people's ssl private keys is way more likely, esp since almost nothing uses PFS.
 553 2013-09-11 13:20:06 <_dr> cracked 2^1024 keys... seems... like a lot :)
 554 2013-09-11 13:20:24 <_dr> ah you mean published keys
 555 2013-09-11 13:20:31 <gmaxwell> sturles: if they're cracking 1024 bit rsa its with .. more unknown math, since from an engineering perspective their energy consumption doesn't suggest that they're doing it at any scale with known methods.
 556 2013-09-11 13:21:27 chrisberkhout has joined
 557 2013-09-11 13:22:50 <sturles> Quantum computers (even Google has one, and I assume NSA has the best) and ASICs (IBM are known to make a _lot_ of them) may help at doing GCD on many keys at once.
 558 2013-09-11 13:22:53 grau has quit (Remote host closed the connection)
 559 2013-09-11 13:23:18 <sturles> They have specialiced hardware.  Or so the leaks claim.
 560 2013-09-11 13:24:14 <sturles> What is the current public record for RSA public key factorization?  768 bits, or was it higher?
 561 2013-09-11 13:24:44 <sturles> RSA pulled the factoring contest a few years ago.
 562 2013-09-11 13:25:08 <gmaxwell> sturles: what google has is not a quantum _computer_. it's a quantum annealer. it cannot be used to solve crypto faster than a classical computer. As far as the public knows, no quantum turing complete machine has been built yet, iirc.
 563 2013-09-11 13:25:46 <gmaxwell> sturles: 768 (I've cracked a good dozen 512 bit RSA keys myself)
 564 2013-09-11 13:26:07 <gmaxwell> sturles: I have not seen any leak claiming specialized hardware that allows cracking 1024 bit rsa, can you link?
 565 2013-09-11 13:27:02 <gmaxwell> sturles: doing a GCD on many keys doesn't help unless there is a common factor from a broken rng.. probablity of a common factor on a 1024 bit key otherwise is zero even if you have millions of keys.
 566 2013-09-11 13:27:09 <gmaxwell> The keyspace is just too big.
 567 2013-09-11 13:27:13 <sturles> No, the leaks have not been specific to which kind of crypto it is cracking.  RSA is just my guess.  It would be natural to focus on RSA.
 568 2013-09-11 13:28:39 <sturles> ASICs doing GNFS sieving, perhaps?  Yes, there are more steps as well.
 569 2013-09-11 13:30:36 <gmaxwell> sturles: yea, but go look at the estimates of the hardware required... without addtional breakthroughs (which may look nothing like gnfs) that seems unlikely.
 570 2013-09-11 13:31:12 <gmaxwell> plus the work for gnfs is per key .. deeply per key, like the factor base is optimized per key, which actually suggests that to be really ideal you would fab gnfs asics per key you want to collect relations on!
 571 2013-09-11 13:32:11 <gmaxwell> (this is one of the mixed advantages of attacking the DLP on hard EC groups, the best known attacks attack many keys more effectively than they attack one.)
 572 2013-09-11 13:35:51 <TD> i think some issue with RC4 is more likely
 573 2013-09-11 13:36:04 <TD> if we're discussing the mysterious "breakthrough" in 2010
 574 2013-09-11 13:36:28 <TD> work is being done on new TLS ciphersuites
 575 2013-09-11 13:36:57 <TD> but, it will take many years to repair this mess and phase out all the stuff that is known to be have chinks in the armor, that's even without a new set of revelations :(
 576 2013-09-11 13:37:03 <gmaxwell> TD: RC4 seems so stupidly likely yea...
 577 2013-09-11 13:37:27 <sturles> Who/what use RC4 today?  Except WEP..
 578 2013-09-11 13:37:36 <TD> SSL
 579 2013-09-11 13:37:42 <TD> switching to it was the "fix" for the BEAST attack
 580 2013-09-11 13:37:45 <gmaxwell> ... A lot of SSL does because of attacks on CBC specific to how SSL works.
 581 2013-09-11 13:38:24 <sturles> Hmm.
 582 2013-09-11 13:39:27 <TD> https://community.qualys.com/blogs/securitylabs/2013/09/10/is-beast-still-a-threat
 583 2013-09-11 13:39:31 <TD> tl;dr - "no"
 584 2013-09-11 13:39:49 <TD> unfortunately at this point TLS encryption has three methods, none of which rate as being very good
 585 2013-09-11 13:40:24 <TD> hence the new proposals to use, e.g. chacha20/poly1305  (this is google's hat in the ring)
 586 2013-09-11 13:41:06 <TD> TLS 1.2 + djb stream ciphers + djb curve25519 for key agreement + certificate transparency *might* start to repair TLS and make it trustworthy again, even against highly sophisticated attackers
 587 2013-09-11 13:41:28 <TD> (of course TLS is still very strong against less-than-amazing opponents)
 588 2013-09-11 13:41:38 AndyOfiesh has quit (Ping timeout: 276 seconds)
 589 2013-09-11 13:42:20 mrkent has joined
 590 2013-09-11 13:42:20 mrkent has quit (Changing host)
 591 2013-09-11 13:42:20 mrkent has joined
 592 2013-09-11 13:42:48 tmsk has quit (Quit: tmsk)
 593 2013-09-11 13:42:48 paraipan has quit (Ping timeout: 240 seconds)
 594 2013-09-11 13:43:01 <gmaxwell> OT, but may be of some interest to people around here: someone is setting up to do a run of ~2GH usbstick miners (using the bitfury asic, a 55nm part which had excellent hand layout and has at the wall power efficiency about 7x avalon and asicminer): https://bitcointalk.org/index.php?topic=291456
 595 2013-09-11 13:44:39 <gmaxwell> (I want to talk to them a bit but I was thinking of buying number to give away: the power efficiency should be good enough to keep them usefully mining for a while, unless the 28nm parts massively beat their proposed efficiency )
 596 2013-09-11 13:46:15 MobPhone has quit (Quit: -a- Android IRC 2.1.10 Just need to be Chiznillen)
 597 2013-09-11 13:47:08 i2pRelay has quit (Ping timeout: 240 seconds)
 598 2013-09-11 13:48:02 CodesInChaos_ has quit (Read error: Operation timed out)
 599 2013-09-11 13:49:28 AndyOfiesh has joined
 600 2013-09-11 13:51:54 patcon has joined
 601 2013-09-11 13:53:18 AusBitBank_ has quit (Ping timeout: 260 seconds)
 602 2013-09-11 13:54:22 sacrelege has joined
 603 2013-09-11 13:54:32 normanrichards has joined
 604 2013-09-11 13:55:15 wrk is now known as Scrat
 605 2013-09-11 13:55:43 <Scrat> have there been any other negative version transactions since the original ones?
 606 2013-09-11 13:57:21 <gmaxwell> Scrat: not as of 12 hours ago, but I'll look again.
 607 2013-09-11 13:57:40 <gmaxwell> my checking script is kinda slow.. onyl about 0.5 blocks per second. :P
 608 2013-09-11 13:58:28 qeb has joined
 609 2013-09-11 13:59:06 jcorgan has joined
 610 2013-09-11 14:00:24 rdymac has quit (Quit: Saliendo)
 611 2013-09-11 14:02:15 patcon has quit (Ping timeout: 245 seconds)
 612 2013-09-11 14:02:25 <Scrat> gmaxwell: stop doing pen&paper EC math
 613 2013-09-11 14:02:38 patcon has joined
 614 2013-09-11 14:02:42 <Scrat> so 0.8.5 is just #2982?
 615 2013-09-11 14:03:10 <t7> if it takes you less than a second todo all those bignum ops on paper you go far!
 616 2013-09-11 14:03:41 <gmaxwell> Scrat: none in the last 100 blocks.
 617 2013-09-11 14:03:48 <Scrat> ty
 618 2013-09-11 14:05:40 <Luke-Jr> Scrat: not just
 619 2013-09-11 14:06:59 <Luke-Jr> at least the git bugfix should go in
 620 2013-09-11 14:07:17 Vinnie_win has quit ()
 621 2013-09-11 14:08:11 macboz has quit (Ping timeout: 256 seconds)
 622 2013-09-11 14:09:43 SirDefaced has joined
 623 2013-09-11 14:10:31 <SirDefaced> I was just looking at the checkpoint.cpp file and was wondering how to calculate the number of tx's between block x and block y, is there an easy way to do this?
 624 2013-09-11 14:13:04 mrkent has quit (Ping timeout: 245 seconds)
 625 2013-09-11 14:16:34 <sipa> SirDefaced: it's written in debug.log
 626 2013-09-11 14:16:54 knotwork has quit (Read error: Connection reset by peer)
 627 2013-09-11 14:17:41 <SirDefaced> sipa that is where im looking, perhaps im missing it
 628 2013-09-11 14:17:42 <jgarzik> SirDefaced, sure, iterate through each block
 629 2013-09-11 14:18:01 <SirDefaced> jgarzik that is what i was going to do if i had to
 630 2013-09-11 14:18:12 knotwork has joined
 631 2013-09-11 14:18:55 fanquake has left ()
 632 2013-09-11 14:19:44 thelamest has quit (Quit: leaving)
 633 2013-09-11 14:22:35 Guest18498 is now known as abrkn\
 634 2013-09-11 14:23:47 <gmaxwell> SirDefaced: its written in the debug log, on the SetBest lines.
 635 2013-09-11 14:23:53 berndj has quit (Ping timeout: 276 seconds)
 636 2013-09-11 14:24:14 <SirDefaced> ty
 637 2013-09-11 14:25:22 berndj has joined
 638 2013-09-11 14:27:01 melvster has quit (Remote host closed the connection)
 639 2013-09-11 14:28:40 an3k has joined
 640 2013-09-11 14:31:12 saulimus has quit (Quit: saulimus)
 641 2013-09-11 14:31:13 berndj has quit (Ping timeout: 264 seconds)
 642 2013-09-11 14:31:27 saulimus has joined
 643 2013-09-11 14:31:46 <SirDefaced> got it :) ty again
 644 2013-09-11 14:32:39 normanrichards has quit ()
 645 2013-09-11 14:38:05 michagogo has joined
 646 2013-09-11 14:42:09 theorb has joined
 647 2013-09-11 14:42:45 imsaguy has quit (Remote host closed the connection)
 648 2013-09-11 14:43:47 arioBarzan has joined
 649 2013-09-11 14:44:28 jevin has joined
 650 2013-09-11 14:46:50 theorbtwo has quit (Ping timeout: 264 seconds)
 651 2013-09-11 14:46:59 theorb is now known as theorbtwo
 652 2013-09-11 14:49:41 Thepok has quit (Ping timeout: 264 seconds)
 653 2013-09-11 14:57:06 theorb has joined
 654 2013-09-11 14:58:08 jcorgan has quit (Quit: jcorgan)
 655 2013-09-11 15:01:23 jevin has quit (Quit: Textual IRC Client: www.textualapp.com)
 656 2013-09-11 15:01:41 theorbtwo has quit (Ping timeout: 264 seconds)
 657 2013-09-11 15:01:47 theorb is now known as theorbtwo
 658 2013-09-11 15:01:57 imsaguy has joined
 659 2013-09-11 15:03:22 rdymac has joined
 660 2013-09-11 15:05:19 shesek has quit (Ping timeout: 260 seconds)
 661 2013-09-11 15:09:23 handle has joined
 662 2013-09-11 15:09:57 abrkn\ has quit (Ping timeout: 256 seconds)
 663 2013-09-11 15:10:16 jcorgan has joined
 664 2013-09-11 15:11:01 theorb has joined
 665 2013-09-11 15:13:08 jevin has joined
 666 2013-09-11 15:14:51 rdymac has quit (Remote host closed the connection)
 667 2013-09-11 15:15:38 theorbtwo has quit (Ping timeout: 264 seconds)
 668 2013-09-11 15:15:47 theorb is now known as theorbtwo
 669 2013-09-11 15:17:30 paracyst has joined
 670 2013-09-11 15:18:29 arioBarzan has quit (Remote host closed the connection)
 671 2013-09-11 15:22:22 rdymac has joined
 672 2013-09-11 15:22:22 rdymac has quit (Changing host)
 673 2013-09-11 15:22:22 rdymac has joined
 674 2013-09-11 15:24:04 egis has quit (Remote host closed the connection)
 675 2013-09-11 15:24:13 btcbtc has joined
 676 2013-09-11 15:28:23 sacrelege has quit (Quit: Leaving)
 677 2013-09-11 15:29:08 Subo1977_ has joined
 678 2013-09-11 15:30:50 jonass has joined
 679 2013-09-11 15:31:34 <jonass> is there a chance to run the Qt-Creator on the master )after the autotools commit)?
 680 2013-09-11 15:31:48 Subo1977 has quit (Ping timeout: 240 seconds)
 681 2013-09-11 15:32:09 ticean has joined
 682 2013-09-11 15:41:49 <jgarzik> http://www.slate.com/blogs/future_tense/2013/09/09/shifting_shadow_stormbrew_flying_pig_new_snowden_documents_show_nsa_deemed.html
 683 2013-09-11 15:42:15 <jgarzik> Keywords: NSA, snowden, ssl snooping, fake certificates, SWIFT hacking, Google targetting
 684 2013-09-11 15:42:25 <jgarzik> so, a few new tidbits
 685 2013-09-11 15:45:12 <TD> ah
 686 2013-09-11 15:45:23 <TD> the freshest meat is here: http://www.theguardian.com/world/2013/sep/11/nsa-americans-personal-data-israel-documents
 687 2013-09-11 15:45:35 ThomasV has quit (Quit: Leaving)
 688 2013-09-11 15:46:19 <TD> also i put the ECC thing on slashdot: http://it.slashdot.org/story/13/09/11/1224252/are-the-nist-standard-elliptic-curves-back-doored
 689 2013-09-11 15:46:19 <TD> hopefully it'll get picked up further from there.
 690 2013-09-11 15:46:24 <jgarzik> Yeah, that one is long on juicy quotes and short on tech details :)
 691 2013-09-11 15:46:51 <TD> right. seems like they've moved on from the tech for now. perhaps they'll revisit it later
 692 2013-09-11 15:47:08 rdymac has quit (Quit: This computer has gone to sleep)
 693 2013-09-11 15:47:21 <TD> apparently, they don't know or can't find in their doc dump the details of which other standards are broken.
 694 2013-09-11 15:47:33 <jgarzik> TD, that's why I posted the first link -- it is new tech revelations AFAIK.  And somewhat on topic, too:  they are specifically hacking SWIFT
 695 2013-09-11 15:47:42 <TD> oh, we knew about SWIFT being hacked for years
 696 2013-09-11 15:47:56 <jgarzik> TD, thus, bitcoin is an obvious observation target (not saying anything new, of course)
 697 2013-09-11 15:47:59 <TD> there was a big stink about it some time ago. SWIFT were trying to build a second EU datacenter to get away from it and the US pressured the EU into making it formal
 698 2013-09-11 15:48:29 <TD> all international finance has been dumped into databases in (at least) the US Treasury, for some years already
 699 2013-09-11 15:48:35 <jgarzik> the first link also gives some specific techniques for how they would observe SSL traffic
 700 2013-09-11 15:48:37 <TD> of course if the Treasury have it the NSA/CIA/FBI do too
 701 2013-09-11 15:48:52 <TD> yeah
 702 2013-09-11 15:48:56 <jgarzik> facebook/google/etc. moving to SSL-by-default was a pain, it seems
 703 2013-09-11 15:48:58 <TD> the brazilian documentary is interesting
 704 2013-09-11 15:49:00 <TD> right
 705 2013-09-11 15:49:04 <TD> they didn't like that trend much
 706 2013-09-11 15:49:38 <TD> the MITM attacks are also a concern, though not a surprise. certificate transparency project will help a lot,if it takes off
 707 2013-09-11 15:49:45 <TD> right. i'm off to meet jon matonis in a pub :)
 708 2013-09-11 15:50:44 TD has quit (Quit: Leaving)
 709 2013-09-11 15:51:36 Gnaf has joined
 710 2013-09-11 15:51:47 <kjj> I'm normally the opposite of an alarmist, but the nonsense seed in our curve makes me think that it might actually be time to pick a new one
 711 2013-09-11 15:52:02 Gnaf has quit (Changing host)
 712 2013-09-11 15:52:02 Gnaf has joined
 713 2013-09-11 15:53:10 <kjj> the only thing that could save secp256k1 is if the seed is found to have been derived from some currently unknown constant
 714 2013-09-11 15:53:27 SirDefaced has quit ()
 715 2013-09-11 15:53:36 <jgarzik> who designed it, at certicom?  let's find the engineers and ask them...
 716 2013-09-11 15:53:47 normanrichards has joined
 717 2013-09-11 15:54:20 <gmaxwell> kjj: secp256k1 does not have a seed.  The xxxr curves do.
 718 2013-09-11 15:54:22 <kjj> actually, I take part of that back.  it is the standard p256 curve that has the nonsense seed.
 719 2013-09-11 15:54:43 ticean has quit (Remote host closed the connection)
 720 2013-09-11 15:54:49 <gmaxwell> secp256k1s parameters are even less described, but the designspace is smaller.
 721 2013-09-11 15:55:17 <gmaxwell> I went to try to reproduce it, but got stuck on the prime selection. I don't know how they selected the prime.
 722 2013-09-11 15:55:34 <gmaxwell> When sipa is back pehaps he could do it, but my ninja skills aren't strong enough.
 723 2013-09-11 15:55:42 <kjj> where is it described?
 724 2013-09-11 15:55:53 <sipa> gmaxwell: i'm back :)
 725 2013-09-11 15:56:27 <sipa> i haven't look at the generation process though
 726 2013-09-11 15:56:32 <kjj> hmm.  p is 2^256-2^32-2^9-2^8-2^7-2^6-2^4-1
 727 2013-09-11 15:57:08 <gmaxwell> kjj: yea, it has a special form so that operations can be composed up from small word aligned multiply+add
 728 2013-09-11 15:58:10 <sipa> http://crypto.stackexchange.com/a/10265
 729 2013-09-11 15:59:57 shesek has joined
 730 2013-09-11 16:00:13 <da2ce7> gmaxwell: what about using https://en.bitcoin.it/wiki/BIP_0039 for quoting a bitcoin address over the phone?
 731 2013-09-11 16:00:35 <da2ce7> if the client had 'auto-complete' for the words, it could be quite fast.
 732 2013-09-11 16:01:20 darkee has quit (Remote host closed the connection)
 733 2013-09-11 16:01:46 Tril has joined
 734 2013-09-11 16:01:57 <kjj> heh, I love that b in sec2-v2 is specified with 63 leading zeros instead of just as "7"
 735 2013-09-11 16:02:03 Squid_ has left ()
 736 2013-09-11 16:02:20 squidicuz has joined
 737 2013-09-11 16:03:12 jaekwon has joined
 738 2013-09-11 16:03:14 <sipa> kjj: took me a while to verify there were absolutely no 8's or 9's in there :p
 739 2013-09-11 16:03:48 <sipa> da2ce7: meh, maybe short-term; longer term i hope humans don't need to see bitcoin addresses at all
 740 2013-09-11 16:04:35 darkee has joined
 741 2013-09-11 16:04:55 <kjj> which of the constants are free (without breaking the optimizations) ?
 742 2013-09-11 16:05:00 <gmaxwell> sipa: well that doesn't get you secp256k1. that gets you the true characteristic-2 Koblitz.. but that thread is super helpful.
 743 2013-09-11 16:05:08 <gmaxwell> (uh and the OP is quoting me)
 744 2013-09-11 16:05:40 <sipa> gmaxwell: anyway, it boils down to: cooking is limited to weaknesses that occur in a large fraction of curves
 745 2013-09-11 16:06:20 <kjj> FIPS 186-3 says that any point can be used as the base point, but as far as I can tell, everyone just uses the one specified in the manuals.  could we, in theory, use a different base point for our keys?
 746 2013-09-11 16:06:39 <da2ce7> I see word-encoding of binary data as a very easy way to 'remember' a check a fingerprint.  It is much easier to reconise a set of words, than a random base64 string. Or quote over phone, or paper.
 747 2013-09-11 16:06:51 <sipa> kjj: shouldn't matter
 748 2013-09-11 16:07:02 shesek has quit (Read error: Operation timed out)
 749 2013-09-11 16:07:03 <gmaxwell> sipa: I didn't have any real concerns on secp256k1 and have said too, over and over and over again: it's far more constrained.
 750 2013-09-11 16:07:29 <maaku> da2ce7: the point is that people shouldn't be remembering or quoting random base64 strings
 751 2013-09-11 16:07:38 <sipa> kjj: if you use G' = G*(1/p) instead of G, you're just multiplying your private keys with p
 752 2013-09-11 16:07:57 <gmaxwell> I even quoted the weirdness that there were no export grade k curves provded. :P but that might just be they didn't want the extra couple bits of security loss for small curves.
 753 2013-09-11 16:09:14 <da2ce7> maaku: I agree, humans are not designed for that.  However, mitm attacks depend on this weakness.  (well outside a good WOT).
 754 2013-09-11 16:09:32 melvster has joined
 755 2013-09-11 16:10:01 johnsoft has quit (Ping timeout: 256 seconds)
 756 2013-09-11 16:10:11 <sipa> da2ce7: how do you digitally transfer an address (base64 or base58 or bip39 encoded) from one human to another?
 757 2013-09-11 16:10:37 Arnavion has quit (Quit: Arnavion)
 758 2013-09-11 16:11:27 <maaku> da2ce7: there are MITM-proof protocols for constructing shared secrets...
 759 2013-09-11 16:12:44 <maaku> MITM-secure
 760 2013-09-11 16:13:33 <da2ce7> maaku: I thought that you always need some shared secret knowledge, or out-of-band communication
 761 2013-09-11 16:13:36 MobiusL has quit (Quit: Ex-Chat)
 762 2013-09-11 16:14:03 <maaku> or a PKI infrastructure
 763 2013-09-11 16:14:08 johnsoft has joined
 764 2013-09-11 16:14:14 <maaku> one of those three usually applies
 765 2013-09-11 16:15:29 <da2ce7> I was proposing that maybe bip39 would be good for out-of-band... as it is usualy quite easy to reconise somebody's voice.  And over a phone call, it is quite easy to reference secret knowledge.
 766 2013-09-11 16:15:52 jcorgan has quit (Quit: jcorgan)
 767 2013-09-11 16:16:01 davex_ has quit (Ping timeout: 248 seconds)
 768 2013-09-11 16:16:09 <da2ce7> sipa: I'm not quite sure I understand your question.
 769 2013-09-11 16:16:26 <sipa> da2ce7: ok, so you propose using the human voice, gsm-encoded as a transfer mechanism
 770 2013-09-11 16:16:30 <sipa> da2ce7: good luck with that
 771 2013-09-11 16:17:23 <kjj> authentication, in general, is not possible with fully in-band systems
 772 2013-09-11 16:17:53 <da2ce7> hmm... human voice quote "12Bakf1am...."   is MUCH harder than quote:  "bip39..."
 773 2013-09-11 16:18:00 <sipa> absolutely
 774 2013-09-11 16:18:07 <sipa> but both are unacceptably inconvenient
 775 2013-09-11 16:18:07 saulimus has quit (Quit: saulimus)
 776 2013-09-11 16:18:16 <sipa> to the point that people will make compromises
 777 2013-09-11 16:18:29 <Belxjander> eh?
 778 2013-09-11 16:18:32 Arnavion has joined
 779 2013-09-11 16:18:40 <sipa> like emailing them, so it can be copy-pasted
 780 2013-09-11 16:18:45 <Belxjander> trying to *speak* a bitcoin address!?!?
 781 2013-09-11 16:18:59 <Belxjander> who is proposing THAT lunacy !?!?
 782 2013-09-11 16:19:15 <sipa> the person who came up with the idea of making them human-readable in the first place, i guess
 783 2013-09-11 16:19:34 <da2ce7> but having the client lookup "Bob" automaticly... then desplaying a fingerpring encoded in bip39... that you only check over the phone...
 784 2013-09-11 16:19:38 DBordello has quit (Excess Flood)
 785 2013-09-11 16:19:45 <da2ce7> that is much easier.
 786 2013-09-11 16:19:49 * Belxjander recently had to walk an american friend through "accent awareness" because of his NZ accent and the lack of clarity in comprehension alone both ways
 787 2013-09-11 16:20:11 <sipa> that's like saying that building a space shuttle is easier than building a plane
 788 2013-09-11 16:20:15 <sipa> eh, the other way around
 789 2013-09-11 16:20:27 <sipa> i think they're both ridiculous
 790 2013-09-11 16:21:01 outkzt has joined
 791 2013-09-11 16:21:01 <Belxjander> why not just have a nmumeric "1" bits count of the address?
 792 2013-09-11 16:21:17 <sipa> ... the address already has a checksum
 793 2013-09-11 16:21:20 <sipa> and that's not what it's about
 794 2013-09-11 16:21:26 <sipa> it's about securely transferring it
 795 2013-09-11 16:21:33 <sipa> without authenticated channel
 796 2013-09-11 16:21:43 <Belxjander> sipa: I know... but for transfer of the address,  can the checksum then be used for difference finding?
 797 2013-09-11 16:21:46 <da2ce7> the best is to have a web-of-trust, for 'Bob'.  however there are cases where the wot isn't going to be strong enough.... and a out-of-band fingerprint verification would be one way to gain confidence.
 798 2013-09-11 16:22:03 <sipa> or a CA *ducks*
 799 2013-09-11 16:22:09 * sipa afk
 800 2013-09-11 16:22:11 DBordello has joined
 801 2013-09-11 16:22:43 <Belxjander> da2ce7: susceptible to "grift" where a "grifter" gains trust and then infiltrates the "WoT" to apprise themselves of the "value" contained by members of a given "WoT" is still a particular weakness of WoT based mechanisms
 802 2013-09-11 16:23:17 <Belxjander> beware trojans...
 803 2013-09-11 16:23:37 <da2ce7> Belxjander: that is why diligant people who verfiy fingerprints out-of-band make the whole thing more secure.
 804 2013-09-11 16:23:58 <Belxjander> da2ce7: weakest link breaks the chain :)
 805 2013-09-11 16:24:11 <da2ce7> bip39, is see is a way to make the whole thing much more much more pleasant.
 806 2013-09-11 16:24:18 <da2ce7> *I see
 807 2013-09-11 16:25:01 shesek has joined
 808 2013-09-11 16:26:12 Subo1977_ is now known as Subo1977
 809 2013-09-11 16:26:54 shesek has quit (Max SendQ exceeded)
 810 2013-09-11 16:27:19 shesek has joined
 811 2013-09-11 16:33:16 qeb has quit (Ping timeout: 256 seconds)
 812 2013-09-11 16:36:44 qeb has joined
 813 2013-09-11 16:37:26 berndj has joined
 814 2013-09-11 16:39:15 _________ has joined
 815 2013-09-11 16:39:20 ticean has joined
 816 2013-09-11 16:40:16 CodesInChaos has joined
 817 2013-09-11 16:41:44 <gmaxwell> I did a read-an-address exchange not so long ago... it was hard than expected. Mixed case made it combersome and I made a couple mistakes. I think two case confusions and a dropped character.
 818 2013-09-11 16:42:28 an3k has quit (Remote host closed the connection)
 819 2013-09-11 16:42:41 Gnaf has quit (Ping timeout: 245 seconds)
 820 2013-09-11 16:43:03 AlexNagy has joined
 821 2013-09-11 16:43:03 AlexNagy has quit (Changing host)
 822 2013-09-11 16:43:03 AlexNagy has joined
 823 2013-09-11 16:44:05 Anduck has joined
 824 2013-09-11 16:44:13 Anduck has quit (Changing host)
 825 2013-09-11 16:44:13 Anduck has joined
 826 2013-09-11 16:45:23 an3k has joined
 827 2013-09-11 16:47:40 ThomasV has joined
 828 2013-09-11 16:48:21 <midnightmagic> I used to read programs from the back of magazines. With one specific person, I can still read out at high-speed, get nothing wrong, and when that person transcribes it, there are no errors. :)
 829 2013-09-11 16:48:33 <midnightmagic> nobody else though.
 830 2013-09-11 16:48:54 * midnightmagic drinks to a wasted childhood
 831 2013-09-11 16:52:02 <Belxjander> midnightmagic: thats because you and that person had sorted out error-correction for spoken material with regards the subject and could rely on each other to speak and transcribe the material correctly
 832 2013-09-11 16:53:13 i2pRelay has joined
 833 2013-09-11 16:54:21 _________ has quit (Quit: My MacBook has gone to sleep. ZZZzzz…)
 834 2013-09-11 16:56:06 qeb has quit (Quit: Computer has gone to sleep.)
 835 2013-09-11 16:57:38 Tom_Soft has quit (Ping timeout: 260 seconds)
 836 2013-09-11 16:57:46 fant2 has joined
 837 2013-09-11 16:57:47 AlexNagy has left ("Leaving")
 838 2013-09-11 17:01:44 <midnightmagic> Belxjander: more of a hyper-accurate spoken vocabulary
 839 2013-09-11 17:02:04 fant2 has quit (Client Quit)
 840 2013-09-11 17:04:04 <Belxjander> the pair of you have a larghe common vocabulary of understanding yes,  hyper-accurate?,  maybe,  more "reliable" in he lack of required error correction due to spoken meanings getting a pre-corrected output is what I would say
 841 2013-09-11 17:04:09 darkee has quit (Ping timeout: 240 seconds)
 842 2013-09-11 17:05:21 reizuki_ has quit (Quit: Konversation terminated!)
 843 2013-09-11 17:06:26 dparrish has quit (Ping timeout: 240 seconds)
 844 2013-09-11 17:06:36 <Eneerge> eh
 845 2013-09-11 17:07:11 chrisberkhout has quit (Quit: chrisberkhout)
 846 2013-09-11 17:08:31 dparrish has joined
 847 2013-09-11 17:09:29 wiretapped has quit (Ping timeout: 240 seconds)
 848 2013-09-11 17:09:33 da2ce7 has quit (Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/)
 849 2013-09-11 17:11:40 Gues_____ has joined
 850 2013-09-11 17:12:27 da2ce7 has joined
 851 2013-09-11 17:13:42 Bjander has joined
 852 2013-09-11 17:14:52 Bjander has quit (Client Quit)
 853 2013-09-11 17:17:43 OPrime has quit (Quit: OPrime)
 854 2013-09-11 17:18:33 n2dreams has quit (Quit: ZNC - http://znc.in)
 855 2013-09-11 17:20:14 banghouse has joined
 856 2013-09-11 17:20:51 Goonie has joined
 857 2013-09-11 17:20:59 mrkent has joined
 858 2013-09-11 17:20:59 mrkent has quit (Changing host)
 859 2013-09-11 17:20:59 mrkent has joined
 860 2013-09-11 17:23:21 Gues_____ has quit (Quit: My MacBook has gone to sleep. ZZZzzz…)
 861 2013-09-11 17:23:25 wiretapped has joined
 862 2013-09-11 17:28:01 an3k has quit (Ping timeout: 248 seconds)
 863 2013-09-11 17:28:42 Application has quit (Remote host closed the connection)
 864 2013-09-11 17:28:57 Vinnie_win has joined
 865 2013-09-11 17:29:38 an3k has joined
 866 2013-09-11 17:31:26 lordbunson has joined
 867 2013-09-11 17:32:59 normanrichards has quit ()
 868 2013-09-11 17:34:43 Andrevan has joined
 869 2013-09-11 17:36:20 ThomasV has quit (Read error: Operation timed out)
 870 2013-09-11 17:36:46 GingerGeek[Away] is now known as GingerGeek
 871 2013-09-11 17:39:15 datagutt has quit (Ping timeout: 264 seconds)
 872 2013-09-11 17:40:14 shesek has quit (Read error: No route to host)
 873 2013-09-11 17:44:44 lordbunson has quit (Ping timeout: 276 seconds)
 874 2013-09-11 17:45:36 johnsoft1 has joined
 875 2013-09-11 17:47:31 Gues_____ has joined
 876 2013-09-11 17:47:41 johnsoft has quit (Ping timeout: 245 seconds)
 877 2013-09-11 17:48:36 Guest18498 has joined
 878 2013-09-11 17:51:23 Tril has left ()
 879 2013-09-11 17:51:29 <midnightmagic> Belxjander: it's trivial to work out a nearly-perfectly accurate vocabulary when the symbols being transcribed are limited to C=64 BASIC and/or lines of MLX-compatible hex. I have no problem claiming it is hyper-accurate, and precise. :)
 880 2013-09-11 17:51:53 Guest18498 has quit (Client Quit)
 881 2013-09-11 17:52:09 abrkn has joined
 882 2013-09-11 17:56:11 sserrano44 has joined
 883 2013-09-11 17:57:25 bbrian has joined
 884 2013-09-11 17:58:25 johnsoft has joined
 885 2013-09-11 17:59:00 <abrkn> kind experts: how do you feel about this for cold storage: addr=´bitcoind getnewaddress´; lpr $addr ; bitcoind dumpprivkey $addr | openssl des3 -pass pass:extremelylongpassword | xxd -p | lpr
 886 2013-09-11 17:59:22 johnsoft has quit (Client Quit)
 887 2013-09-11 18:00:44 johnsoft has joined
 888 2013-09-11 18:01:34 johnsoft1 has quit (Ping timeout: 260 seconds)
 889 2013-09-11 18:04:51 Gues_____ has quit (Quit: My MacBook has gone to sleep. ZZZzzz…)
 890 2013-09-11 18:06:15 tgs3 has quit (Ping timeout: 240 seconds)
 891 2013-09-11 18:06:25 normanrichards has joined
 892 2013-09-11 18:06:49 tgs3 has joined
 893 2013-09-11 18:06:55 reizuki__ has joined
 894 2013-09-11 18:06:55 reizuki__ has quit (Changing host)
 895 2013-09-11 18:06:55 reizuki__ has joined
 896 2013-09-11 18:06:59 graingert_ has joined
 897 2013-09-11 18:06:59 graingert_ has quit (Changing host)
 898 2013-09-11 18:06:59 graingert_ has joined
 899 2013-09-11 18:07:27 <graingert_> is there a from address?
 900 2013-09-11 18:09:02 <gmaxwell> you have come here to end your life?
 901 2013-09-11 18:09:05 * Cusipzzz ducks
 902 2013-09-11 18:11:23 rdymac has joined
 903 2013-09-11 18:11:23 rdymac has quit (Changing host)
 904 2013-09-11 18:11:23 rdymac has joined
 905 2013-09-11 18:17:13 DBordello has quit (Excess Flood)
 906 2013-09-11 18:19:12 DBordello has joined
 907 2013-09-11 18:24:23 CheckDavid has quit (Quit: Leaving)
 908 2013-09-11 18:24:40 CheckDavid has joined
 909 2013-09-11 18:24:53 mappum has joined
 910 2013-09-11 18:27:29 CheckDavid has quit (Read error: Connection reset by peer)
 911 2013-09-11 18:29:29 johnsoft1 has joined
 912 2013-09-11 18:31:07 freaksh0 has quit (Ping timeout: 256 seconds)
 913 2013-09-11 18:31:08 johnsoft has quit (Ping timeout: 256 seconds)
 914 2013-09-11 18:34:27 owowo has joined
 915 2013-09-11 18:36:26 lordbunson has joined
 916 2013-09-11 18:36:49 CryptoBuck has quit (Ping timeout: 248 seconds)
 917 2013-09-11 18:37:30 CryptoBuck has joined
 918 2013-09-11 18:38:46 Gnaf has joined
 919 2013-09-11 18:39:13 Gnaf has quit (Changing host)
 920 2013-09-11 18:39:13 Gnaf has joined
 921 2013-09-11 18:40:08 johnsoft has joined
 922 2013-09-11 18:40:55 Goonie has quit (Remote host closed the connection)
 923 2013-09-11 18:41:26 johnsoft1 has quit (Ping timeout: 264 seconds)
 924 2013-09-11 18:41:39 santoscork has joined
 925 2013-09-11 18:43:50 Coincidental has joined
 926 2013-09-11 18:46:06 CheckDavid has joined
 927 2013-09-11 18:49:05 asuk has joined
 928 2013-09-11 18:49:27 Eneerge has quit (Ping timeout: 264 seconds)
 929 2013-09-11 18:50:33 Eneerge has joined
 930 2013-09-11 18:53:16 wiretapped has quit (Remote host closed the connection)
 931 2013-09-11 18:54:26 <midnightmagic> i wonder why he's using des3
 932 2013-09-11 18:54:47 <midnightmagic> abrkn: why are you using des3?
 933 2013-09-11 18:55:17 wiretapped has joined
 934 2013-09-11 18:58:54 normanrichards has quit (Read error: Connection reset by peer)
 935 2013-09-11 18:59:20 justusranvier has quit (Remote host closed the connection)
 936 2013-09-11 18:59:44 mrkent has quit (Ping timeout: 245 seconds)
 937 2013-09-11 19:02:12 Luke-Jr has quit (Read error: Connection reset by peer)
 938 2013-09-11 19:02:26 justusranvier has joined
 939 2013-09-11 19:03:39 cads has joined
 940 2013-09-11 19:06:10 Luke-Jr has joined
 941 2013-09-11 19:06:55 akrmn has joined
 942 2013-09-11 19:07:23 gst has quit (Remote host closed the connection)
 943 2013-09-11 19:09:47 robocoin_ has joined
 944 2013-09-11 19:13:05 robocoin has quit (Ping timeout: 264 seconds)
 945 2013-09-11 19:13:47 daybyter has joined
 946 2013-09-11 19:14:22 gst has joined
 947 2013-09-11 19:16:12 <jgarzik> abrkn, des4 is more secure
 948 2013-09-11 19:16:17 graingert_ has quit (Quit: Ex-Chat)
 949 2013-09-11 19:16:24 graingert_ has joined
 950 2013-09-11 19:16:44 <jgarzik> des4 is also less likely to have dedicated cracking hardware already built and deployed for it
 951 2013-09-11 19:16:48 graingert_ is now known as Guest85185
 952 2013-09-11 19:17:25 moarrr has quit ()
 953 2013-09-11 19:17:46 <gmaxwell> Personally I like DESπ.
 954 2013-09-11 19:18:22 Luke-Jr has quit (Read error: Connection reset by peer)
 955 2013-09-11 19:19:12 Luke-Jr has joined
 956 2013-09-11 19:19:13 Luke-Jr has quit (Changing host)
 957 2013-09-11 19:19:13 Luke-Jr has joined
 958 2013-09-11 19:19:30 debiantoruser has quit (Ping timeout: 264 seconds)
 959 2013-09-11 19:20:21 <warren> sipa: I later learned that the gitian recipe I gave you 2 months ago for secp256k1 fails to static link gmp on linux
 960 2013-09-11 19:21:13 <edcba> about secp256k1 from what i read they really *seem* to be more secure than non koblitz curve
 961 2013-09-11 19:21:28 <jgarzik> more seriously, what are good AES alternatives?  twofish?
 962 2013-09-11 19:22:08 <jgarzik> wikipedia seems like twofish is better than threefish, but it may be vulnerable to cache timing attacks due to use of S-boxes
 963 2013-09-11 19:22:23 michagogo has quit (Quit: goodnight)
 964 2013-09-11 19:22:29 <maaku> jgarzik: Serpent
 965 2013-09-11 19:23:31 <maaku> it's super conservative
 966 2013-09-11 19:23:44 <maaku> iirc Rijndael won out over Serpent only for performance reasons
 967 2013-09-11 19:24:31 msvb-lab has quit (Quit: msvb-lab)
 968 2013-09-11 19:24:49 <gmaxwell> serpent, yea.
 969 2013-09-11 19:24:56 <edcba> more economical for NSA !
 970 2013-09-11 19:25:00 <edcba> no wait
 971 2013-09-11 19:25:02 <gmaxwell> I personally like the construction of mars a lot, but serpent is the obvious alternative.
 972 2013-09-11 19:26:01 * edcba agrees as long as mtgox's last price is going up
 973 2013-09-11 19:26:14 <jgarzik> hah
 974 2013-09-11 19:26:39 TheLordOfTime has quit (Ping timeout: 256 seconds)
 975 2013-09-11 19:28:14 <gmaxwell> edcba: if you're talking about the stack exchange thing, it's not quite talking about secp256k1 it's talking about the binary characteristic k curves.
 976 2013-09-11 19:28:24 Animazing has joined
 977 2013-09-11 19:29:11 pierce has quit (Quit: leaving)
 978 2013-09-11 19:29:18 <gmaxwell> jgarzik: just use all the AES finalists with different keys. :P
 979 2013-09-11 19:29:21 pierce has joined
 980 2013-09-11 19:30:42 wei_ has quit (Quit: wei_)
 981 2013-09-11 19:32:42 debiantoruser has joined
 982 2013-09-11 19:36:05 <edcba> indeed talking about stack exchange
 983 2013-09-11 19:36:09 * edcba rereads it
 984 2013-09-11 19:36:20 <midnightmagic> jgarzik: why do we hate AES again?
 985 2013-09-11 19:36:36 <edcba> too much perfect
 986 2013-09-11 19:36:38 <gmaxwell> midnightmagic: Did NIST take all the AES finalists and pick the one the NSA could break?
 987 2013-09-11 19:36:46 <edcba> lol
 988 2013-09-11 19:36:54 <gmaxwell> (AES256 has those lame keyschedule bugs)
 989 2013-09-11 19:37:01 <midnightmagic> gmaxwell: the tahoe guys did some interesting work under the project moniker "100 year encryption"
 990 2013-09-11 19:37:11 <jgarzik> midnightmagic, Just mentally flossing.
 991 2013-09-11 19:37:27 <jgarzik> It has application in my sekrit "security robot" project.
 992 2013-09-11 19:37:37 <Diablo-D3> he only way to stop the NSA now is
 993 2013-09-11 19:37:41 <Diablo-D3> use all the AES finalists
 994 2013-09-11 19:37:46 <Diablo-D3> and then some other shit
 995 2013-09-11 19:37:52 <Diablo-D3> and figure out how to throw scrypt in there
 996 2013-09-11 19:40:39 btcbtc has quit (Quit: btcbtc)
 997 2013-09-11 19:40:41 <gmaxwell> Diablo-D3: you will like the poo flinging encryption that I suggested: https://bitcointalk.org/index.php?topic=291217.msg3129584#msg3129584
 998 2013-09-11 19:41:14 rzoom has joined
 999 2013-09-11 19:41:20 <jgarzik> Is there any encryption that varies the size of the output data?
1000 2013-09-11 19:41:30 <edcba> yes
1001 2013-09-11 19:41:38 runeks has joined
1002 2013-09-11 19:41:54 <gmaxwell> jgarzik: any block cipher does depending on your chaining mode, if your data isn't a multiple of the block size...
1003 2013-09-11 19:42:10 <Diablo-D3> assuming it is the multiple of block size, theres a few
1004 2013-09-11 19:42:11 <jgarzik> so tightly constrained variability is the norm
1005 2013-09-11 19:42:13 <edcba> jgarzik: why do you want that ?
1006 2013-09-11 19:42:19 <gmaxwell> most asymetric encryption massively changes the size.
1007 2013-09-11 19:42:24 <Diablo-D3> edcba: makes it VERY ahrd to decrypt
1008 2013-09-11 19:42:33 <Diablo-D3> providing the wrong key pulls the wrong data out of the block
1009 2013-09-11 19:42:39 <Diablo-D3> not merely the data out wrong, but the wrong data altogether
1010 2013-09-11 19:42:53 <edcba> very hard i doubt that is much harder
1011 2013-09-11 19:43:17 <edcba> but there is one cipher doing that, i don't remember which
1012 2013-09-11 19:43:22 * edcba googles again :/
1013 2013-09-11 19:43:42 <Diablo-D3> um lemme think
1014 2013-09-11 19:44:13 <edcba> "Many block ciphers, such as RC5, support a variable block size. The Luby-Rackoff construction and the Outerbridge construction can both increase the effective block size of a cipher."
1015 2013-09-11 19:44:18 <edcba> http://en.wikipedia.org/wiki/Block_size_(cryptography)
1016 2013-09-11 19:44:18 <warren> You folks are worrying about the this, when 99% of computer users will run anything they download.
1017 2013-09-11 19:44:26 <edcba> haha
1018 2013-09-11 19:44:37 <edcba> we don't care about them :)
1019 2013-09-11 19:44:37 <Diablo-D3> warren: uh, what does THAT have to do with anything
1020 2013-09-11 19:44:43 <Diablo-D3> its not about running
1021 2013-09-11 19:44:47 <gmaxwell> warren: why are you worrying about software when there are children starving in africa?
1022 2013-09-11 19:44:52 <Diablo-D3> its providing secure enterprise encryption
1023 2013-09-11 19:45:23 <warren> Diablo-D3: where the end points are already compromised
1024 2013-09-11 19:45:35 CodesInChaos has quit (Ping timeout: 245 seconds)
1025 2013-09-11 19:45:53 <Diablo-D3> warren: thats outside the scope of the project
1026 2013-09-11 19:45:59 <edcba> +1
1027 2013-09-11 19:46:18 <Diablo-D3> gmaxwell: actually, did McEliece ever become useful?
1028 2013-09-11 19:46:30 <gmaxwell> Diablo-D3: it's useful if you don't care about public key size.
1029 2013-09-11 19:46:38 <jgarzik> For a robot that does some sort of authenticated signing, ultimately /somewhere/ it must hold an unencrypted key.  What are the favorite practices for that?  store XOR'd versus randseed in mlock'd memory, decrypt to use, re-xor with new seed?
1030 2013-09-11 19:47:05 <gmaxwell> All the ones with public keys smaller than a few hundred K have been insecure. ... there is a MDPC based one proposed that might be secure with 32k keys. But at least it's fast.
1031 2013-09-11 19:47:06 <jgarzik> (trying to minimize plaintext attack surface)
1032 2013-09-11 19:47:24 <edcba> jgarzik: i'd say limiting money/signing
1033 2013-09-11 19:47:47 <edcba> ie strict limited interface to signing
1034 2013-09-11 19:47:56 <jgarzik> I'm looking lower level
1035 2013-09-11 19:48:01 <jgarzik> that's more at the policy level
1036 2013-09-11 19:48:09 <edcba> so you won't lose all your $ even if compromised
1037 2013-09-11 19:48:21 <edcba> unless you are clueless and didn't look at it for a really long time
1038 2013-09-11 19:48:58 <jgarzik> easily solved with multisig transactions or other known techniques.  again, that's a higher level :)
1039 2013-09-11 19:49:05 <edcba> now there are some stuff that performs encryption without leaking the key into memory
1040 2013-09-11 19:49:09 <gmaxwell> jgarzik: AES key schedules are basically error correcting codes, .. so if you leave your keyschedule laying around in ram it's not hard to recover after reboot.
1041 2013-09-11 19:49:16 <edcba> ie keeping into registers
1042 2013-09-11 19:49:30 <edcba> dunno if there are some for pki stuff
1043 2013-09-11 19:49:39 <Luke-Jr> hmm, would it be bad to use a HD derivation for signed messages?
1044 2013-09-11 19:49:43 Guest85185 has quit (Read error: Connection reset by peer)
1045 2013-09-11 19:49:58 Guest85185 has joined
1046 2013-09-11 19:50:40 <jgarzik> gmaxwell, I was hoping the policy of keeping it encrypted with some non-AES scheme, using a key generated on startup and moved around in memory + changed regularly, would minimize that
1047 2013-09-11 19:51:05 <jgarzik> gmaxwell, trying to think of techniques that would annoy people with access to a frozen snapshot of RAM
1048 2013-09-11 19:51:25 * nsh has been thinking about this recently
1049 2013-09-11 19:51:33 <jgarzik> keeping a few things in registers is an interesting thought
1050 2013-09-11 19:51:38 <nsh> probably worth studying malware PE techniques
1051 2013-09-11 19:51:40 <edcba> did i mention about keeping keys into regs ?
1052 2013-09-11 19:51:42 <jgarzik> seems difficult to do in an HLL
1053 2013-09-11 19:51:46 <jgarzik> yeah
1054 2013-09-11 19:51:51 Edward_Black has quit (Ping timeout: 260 seconds)
1055 2013-09-11 19:52:03 <edcba> so yes there is already some ppl implemented that
1056 2013-09-11 19:52:05 <jgarzik> you would have to tell the compiler to totally ignore one or more registers for a period of time
1057 2013-09-11 19:52:13 <jgarzik> but yeah, it's a decent idea
1058 2013-09-11 19:52:15 <gmaxwell> jgarzik: it's an argument against using AES... (and maybe some other ciphers)
1059 2013-09-11 19:52:22 <edcba> or there is you know "assembly" :)
1060 2013-09-11 19:52:29 <gmaxwell> e.g. you can lose 3/4 of the bits in your aes key schedule and still recover the key.
1061 2013-09-11 19:52:30 Edward_Black has joined
1062 2013-09-11 19:52:51 <nsh> could you not keep some kind of key or deobfuscation map in a non{cpu,ram} device buffer
1063 2013-09-11 19:53:01 <jgarzik> gmaxwell, <nod>  rewriting that, I see it as an argument for adding an additional layer of encryption to obfuscate the AES key in RAM
1064 2013-09-11 19:53:17 <jgarzik> then decrypt key, use key, re-encrypt key
1065 2013-09-11 19:53:43 <edcba> i doubt it's something we should think about here anyway
1066 2013-09-11 19:53:53 <jgarzik> edcba, bleh, assembly
1067 2013-09-11 19:53:54 <edcba> physical compromise for bitcoin is lost game
1068 2013-09-11 19:53:56 <gmaxwell> well I think there may exists slow aes implementations that do not use a pre-expanded key schedule and that would be useful there too.
1069 2013-09-11 19:54:19 <jgarzik> probably easier just to use SSE/XMM/whatever registers that the general compiler probably will avoid
1070 2013-09-11 19:54:28 <edcba> we don't really target bank-level bitcoin implementation are we ?
1071 2013-09-11 19:54:40 <edcba> "bank-level" as ideally :/
1072 2013-09-11 19:54:48 johnsoft1 has joined
1073 2013-09-11 19:55:12 <gmaxwell> edcba: you may have ... greater expectations for banks than reality would deliver... :P
1074 2013-09-11 19:55:21 <edcba> yeah i had to correct :)
1075 2013-09-11 19:55:48 <jgarzik> hmmm yeah, probably plenty of room for key storage in XMM registers
1076 2013-09-11 19:56:10 <jgarzik> just gotta make sure those register sets are not pushed onto the stack
1077 2013-09-11 19:56:18 <gmaxwell> I mean there are certantly bits of good hardware from bank applications, but banks don't make great use of them, e.g. http://www.ebay.com/itm/IBM-PCIe-CRYPTOGRAPHIC-COPROCESSOR-FC-4765-41U9987-45D6048-45D7948-/140914671809?pt=LH_DefaultDomain_0&hash=item20cf2b40c1
1078 2013-09-11 19:57:19 johnsoft has quit (Ping timeout: 260 seconds)
1079 2013-09-11 19:57:39 <jgarzik> I wonder if there is a "helpful" management co-processor or gizmo that stores register values in the event of a crash
1080 2013-09-11 19:58:49 <gmaxwell> jgarzik: in theory, getting into the right tpm sealed mode should defeat all that stuff. (you saw hal's stuff, right?)
1081 2013-09-11 19:59:07 TheLordOfTime has joined
1082 2013-09-11 19:59:37 GingerGeek is now known as GingerGeek[Away]
1083 2013-09-11 20:01:52 saivann has joined
1084 2013-09-11 20:03:31 <jgarzik> gmaxwell, yep.  would like a 100% software base solution, then you can add to it from there if you have special hardware.
1085 2013-09-11 20:04:14 * jgarzik wonders if there is a no-ptrace (don't debug me, ever) flag
1086 2013-09-11 20:04:25 <edcba> software shouldn't deal with hardware problems
1087 2013-09-11 20:05:28 normanrichards has joined
1088 2013-09-11 20:05:52 <maaku> jgarzik: meh, if you have that kind of access to the machine you're powned anyway
1089 2013-09-11 20:08:38 <jgarzik> not necessarily
1090 2013-09-11 20:09:32 <edcba> only creativity is keeping you from being pwned
1091 2013-09-11 20:10:11 <jgarzik> doing things a wee bit differently does wonders for your attack surface sometimes
1092 2013-09-11 20:10:31 <jgarzik> of course, it can also make you stick out, and bite you in the ass for using an under-tested process
1093 2013-09-11 20:10:50 <edcba> like keeping the signing computer in cememnt
1094 2013-09-11 20:11:56 <Luke-Jr> jgarzik: if you can ptrace yourself.. being ptraced is a one-master thing
1095 2013-09-11 20:12:10 <Luke-Jr> jgarzik: maybe spawn a dummy process that ptraces the main one
1096 2013-09-11 20:12:17 <jgarzik> heh
1097 2013-09-11 20:12:21 <jgarzik> inventive :)
1098 2013-09-11 20:12:46 * Luke-Jr learned that trying to attach strace and gdb to the same process <.<
1099 2013-09-11 20:12:49 MobPhone has joined
1100 2013-09-11 20:15:05 <Luke-Jr> extra bonus: if you start it inside strace/gdb already, the fork-and-ptrace can fail gracefully ;)
1101 2013-09-11 20:15:06 aa has joined
1102 2013-09-11 20:15:13 <Luke-Jr> maybe even trigger a warning dialog :p
1103 2013-09-11 20:15:29 aa is now known as Guest14285
1104 2013-09-11 20:19:20 Application has joined
1105 2013-09-11 20:23:26 ticean has quit (Remote host closed the connection)
1106 2013-09-11 20:23:55 Application has quit (Ping timeout: 256 seconds)
1107 2013-09-11 20:24:49 paybitcoin1 has quit (Read error: Connection reset by peer)
1108 2013-09-11 20:25:52 paybitcoin has joined
1109 2013-09-11 20:27:32 Application has joined
1110 2013-09-11 20:33:24 Guest14285 is now known as MobiusL
1111 2013-09-11 20:34:35 santoscork has quit (Quit: Quiet while I make like a cat)
1112 2013-09-11 20:37:49 justusranvier has quit (Ping timeout: 240 seconds)
1113 2013-09-11 20:39:23 <gmaxwell> sipa: you might want to review https://bitcointalk.org/index.php?topic=258678.0
1114 2013-09-11 20:39:39 Andrevan has quit (Read error: Connection reset by peer)
1115 2013-09-11 20:40:19 justusranvier has joined
1116 2013-09-11 20:41:41 Coincidental has quit (Remote host closed the connection)
1117 2013-09-11 20:44:07 Gnaf has quit (Quit: ChatZilla 0.9.90.1 [Firefox 23.0.1/20130814063812])
1118 2013-09-11 20:47:00 ThomasV has joined
1119 2013-09-11 20:51:04 <cfields> Luke-Jr: yes, you can run the pull-tester's scripts locally
1120 2013-09-11 20:52:23 <cfields> gavinandresen: ping
1121 2013-09-11 20:52:37 Coincidental has joined
1122 2013-09-11 21:00:12 ticean has joined
1123 2013-09-11 21:00:13 redeeman` has left ()
1124 2013-09-11 21:00:39 <gmaxwell> warren: I don't think automated is expected at all on that pull
1125 2013-09-11 21:01:08 <gmaxwell> warren: I think he literally wants a sequence of use cases and corner cases for someone to just walk through by hand.
1126 2013-09-11 21:02:33 <warren> gmaxwell: the corner cases are difficult to test because you need aged wallets with lots of dust
1127 2013-09-11 21:02:42 <warren> aged right on the edge
1128 2013-09-11 21:05:40 <warren> gmaxwell: unless you have any suggestion for making that artificially
1129 2013-09-11 21:06:35 n2dreams has joined
1130 2013-09-11 21:10:49 owowo has quit (Ping timeout: 240 seconds)
1131 2013-09-11 21:10:51 agricocb has quit (Remote host closed the connection)
1132 2013-09-11 21:12:16 daybyter has quit (Quit: Konversation terminated!)
1133 2013-09-11 21:15:16 r0sc0e has quit (Ping timeout: 264 seconds)
1134 2013-09-11 21:15:42 <cfields> gmaxwell: agh, I forgot to PR the -O2 change. Fine with me if you just want to commit it, unless you just want the PR for discussion
1135 2013-09-11 21:18:38 Guest85185 has quit (Quit: Ex-Chat)
1136 2013-09-11 21:18:48 Guest85185 has joined
1137 2013-09-11 21:20:47 ahbritto has quit (Quit: Ex-Chat)
1138 2013-09-11 21:21:34 jonass has quit (Quit: Leaving)
1139 2013-09-11 21:22:04 djcoin has quit (Quit: WeeChat 0.4.0)
1140 2013-09-11 21:24:54 owowo has joined
1141 2013-09-11 21:25:44 Gu_______ has joined
1142 2013-09-11 21:27:38 <gmaxwell> cfields: https://github.com/bitcoin/bitcoin/pull/2988
1143 2013-09-11 21:29:05 MobPhone has quit (Ping timeout: 256 seconds)
1144 2013-09-11 21:29:37 MobPhone has joined
1145 2013-09-11 21:29:45 abrkn has quit ()
1146 2013-09-11 21:30:30 ticean has quit (Remote host closed the connection)
1147 2013-09-11 21:32:34 shesek has joined
1148 2013-09-11 21:34:59 btcbtc has joined
1149 2013-09-11 21:35:47 CodesInChaos has joined
1150 2013-09-11 21:36:56 AtashiCon has quit (Quit: AtashiCon)
1151 2013-09-11 21:37:27 sserrano44 has quit (Ping timeout: 276 seconds)
1152 2013-09-11 21:38:42 cads has quit (Ping timeout: 240 seconds)
1153 2013-09-11 21:38:57 owowo has quit (Remote host closed the connection)
1154 2013-09-11 21:39:07 ticean has joined
1155 2013-09-11 21:39:10 cads has joined
1156 2013-09-11 21:40:22 owowo has joined
1157 2013-09-11 21:40:49 Anduck has quit (Ping timeout: 248 seconds)
1158 2013-09-11 21:41:32 Zoo has quit (Read error: Connection reset by peer)
1159 2013-09-11 21:41:47 Zoo has joined
1160 2013-09-11 21:44:33 ThomasV has quit (Ping timeout: 248 seconds)
1161 2013-09-11 21:46:47 Anduck has joined
1162 2013-09-11 21:46:47 Anduck has quit (Changing host)
1163 2013-09-11 21:46:47 Anduck has joined
1164 2013-09-11 21:46:50 AtashiCon has joined
1165 2013-09-11 21:47:11 AusBitBank_ has joined
1166 2013-09-11 21:49:45 rdymac has quit (Ping timeout: 245 seconds)
1167 2013-09-11 21:50:03 debiantoruser has quit (Ping timeout: 256 seconds)
1168 2013-09-11 21:50:27 Coincidental has quit (Remote host closed the connection)
1169 2013-09-11 21:50:44 debiantoruser has joined
1170 2013-09-11 21:52:08 sserrano44 has joined
1171 2013-09-11 21:52:20 enikanorov_ has joined
1172 2013-09-11 21:53:06 Coincide_ has joined
1173 2013-09-11 21:55:12 i2pRelay has quit (Quit: kytv)
1174 2013-09-11 21:55:14 enikanorov has quit (Ping timeout: 264 seconds)
1175 2013-09-11 21:55:53 i2pRelay has joined
1176 2013-09-11 21:56:02 debiantoruser has quit (Ping timeout: 240 seconds)
1177 2013-09-11 21:56:45 agricocb has joined
1178 2013-09-11 21:56:50 r0sc0e has joined
1179 2013-09-11 21:56:56 debiantoruser has joined
1180 2013-09-11 21:57:11 <warren> gitian is missing libboost-test1.40-dev in order to run the unit tests, would that be acceptable to add?
1181 2013-09-11 21:57:30 patcon has quit (Ping timeout: 264 seconds)
1182 2013-09-11 21:57:43 Pengoo has quit (Ping timeout: 260 seconds)
1183 2013-09-11 22:02:01 asuk has quit ()
1184 2013-09-11 22:02:40 r0sc0e has quit (Ping timeout: 264 seconds)
1185 2013-09-11 22:04:26 patcon has joined
1186 2013-09-11 22:05:06 realazthat has quit (Quit: realazthat)
1187 2013-09-11 22:05:28 realazthat has joined
1188 2013-09-11 22:07:53 r0sc0e has joined
1189 2013-09-11 22:13:16 digitalmagus has quit (Remote host closed the connection)
1190 2013-09-11 22:13:36 digitalmagus has joined
1191 2013-09-11 22:14:14 normanrichards has quit ()
1192 2013-09-11 22:15:38 realazthat has quit (Excess Flood)
1193 2013-09-11 22:16:09 sensorii has quit (Ping timeout: 240 seconds)
1194 2013-09-11 22:16:33 btsec has quit (Read error: Connection reset by peer)
1195 2013-09-11 22:16:42 EasyAt has quit (Ping timeout: 264 seconds)
1196 2013-09-11 22:16:49 MobiusL has quit (Ping timeout: 240 seconds)
1197 2013-09-11 22:16:49 Subo1977 has quit (Ping timeout: 240 seconds)
1198 2013-09-11 22:16:49 random_cat has quit (Ping timeout: 240 seconds)
1199 2013-09-11 22:17:09 Andrevan has joined
1200 2013-09-11 22:17:16 Subo1977 has joined
1201 2013-09-11 22:17:31 EasyAt has joined
1202 2013-09-11 22:17:32 <gavinandresen> cfields: good morning, what's up?
1203 2013-09-11 22:19:06 sserrano44 has quit (Quit: Computer has gone to sleep.)
1204 2013-09-11 22:19:50 sensorii has joined
1205 2013-09-11 22:19:53 Coincide_ has quit (Remote host closed the connection)
1206 2013-09-11 22:21:18 <warren> hmm, nevermind, seems to bein master
1207 2013-09-11 22:21:34 Anduck has quit (Remote host closed the connection)
1208 2013-09-11 22:22:50 AndyOfiesh has quit (Ping timeout: 264 seconds)
1209 2013-09-11 22:24:07 debiantoruser has quit (Remote host closed the connection)
1210 2013-09-11 22:24:25 debiantoruser has joined
1211 2013-09-11 22:25:50 chrisberkhout has joined
1212 2013-09-11 22:26:11 random_cat has joined
1213 2013-09-11 22:27:16 <cfields> gavinandresen: mind if i pm you?
1214 2013-09-11 22:27:23 <gavinandresen> cfields: go ahead
1215 2013-09-11 22:27:46 an3k has quit (Read error: Connection reset by peer)
1216 2013-09-11 22:28:12 Pengoo has joined
1217 2013-09-11 22:29:56 debiantoruser has quit (Remote host closed the connection)
1218 2013-09-11 22:30:11 debiantoruser has joined
1219 2013-09-11 22:30:26 Coincidental has joined
1220 2013-09-11 22:30:45 realazthat has joined
1221 2013-09-11 22:31:23 patcon has quit (Ping timeout: 240 seconds)
1222 2013-09-11 22:32:15 AusBitBank_ has quit (Ping timeout: 260 seconds)
1223 2013-09-11 22:33:40 mrkent has joined
1224 2013-09-11 22:34:27 Heimdall has joined
1225 2013-09-11 22:35:54 debiantoruser has quit (Ping timeout: 264 seconds)
1226 2013-09-11 22:36:40 debiantoruser has joined
1227 2013-09-11 22:38:42 phrog has quit (Read error: Connection reset by peer)
1228 2013-09-11 22:38:56 phrog has joined
1229 2013-09-11 22:39:18 saulimus has joined
1230 2013-09-11 22:40:40 MobiusL has joined
1231 2013-09-11 22:42:30 debiantoruser has quit (Ping timeout: 264 seconds)
1232 2013-09-11 22:42:56 debiantoruser has joined
1233 2013-09-11 22:43:43 johnsoft has joined
1234 2013-09-11 22:44:12 ThomasV has joined
1235 2013-09-11 22:46:08 mrkent has quit (Ping timeout: 268 seconds)
1236 2013-09-11 22:46:25 johnsoft1 has quit (Ping timeout: 245 seconds)
1237 2013-09-11 22:47:24 toffoo has joined
1238 2013-09-11 22:47:54 debiantoruser has quit (Ping timeout: 264 seconds)
1239 2013-09-11 22:48:44 debiantoruser has joined
1240 2013-09-11 22:49:05 yubrew has joined
1241 2013-09-11 22:51:20 ForceMajeure has joined
1242 2013-09-11 22:52:23 freaksh0 has joined
1243 2013-09-11 22:54:49 an3k has joined
1244 2013-09-11 22:55:12 debiantoruser has quit (Ping timeout: 256 seconds)
1245 2013-09-11 22:55:28 stretchwarren has quit (Ping timeout: 264 seconds)
1246 2013-09-11 22:55:39 debiantoruser has joined
1247 2013-09-11 22:56:00 ThomasV has quit (Ping timeout: 245 seconds)
1248 2013-09-11 22:56:51 zer0def has quit (Ping timeout: 245 seconds)
1249 2013-09-11 22:58:35 avantgeek has joined
1250 2013-09-11 22:58:52 <an3k> why do I always get "InvalidChainFound: Warning: Displayed transactions may not be correct! You may need to upgrade, or other nodes may need to upgrade." after a simple reboot?
1251 2013-09-11 22:59:59 <sipa> what os/hardware/version?
1252 2013-09-11 23:00:28 <an3k> ubuntu 13.04/intel pentium m 1,73 Ghz/0.8.4
1253 2013-09-11 23:00:35 debiantoruser has quit (Ping timeout: 245 seconds)
1254 2013-09-11 23:01:19 ThomasV has joined
1255 2013-09-11 23:01:20 <an3k> everything worked fine until i successfully shutdown bitcoin and restarted the notebook. after a restart i get connected to the network but not a single blockchain is processed
1256 2013-09-11 23:01:27 debiantoruser has joined
1257 2013-09-11 23:02:04 <jgarzik> an3k, start with "-checklevel=2"?
1258 2013-09-11 23:02:55 McKay has quit (Quit: No Ping reply in 180 seconds.)
1259 2013-09-11 23:03:10 Zoo has quit (Read error: Connection reset by peer)
1260 2013-09-11 23:03:19 Zoo has joined
1261 2013-09-11 23:03:25 McKay has joined
1262 2013-09-11 23:04:18 normanrichards has joined
1263 2013-09-11 23:05:09 johnsoft1 has joined
1264 2013-09-11 23:05:28 <an3k> same error
1265 2013-09-11 23:06:37 sserrano44 has joined
1266 2013-09-11 23:06:42 sserrano44 has quit (Client Quit)
1267 2013-09-11 23:06:53 Andrevan has quit (Quit: WeeChat 0.4.2-rc1)
1268 2013-09-11 23:07:23 Heimdallr has joined
1269 2013-09-11 23:07:42 johnsoft has quit (Ping timeout: 264 seconds)
1270 2013-09-11 23:07:53 chrisberkhout has quit (Quit: chrisberkhout)
1271 2013-09-11 23:08:03 <gmaxwell> an3k: you're stuck on a fork. It might be interesting if your debug log goes back to where you initially got stuck.
1272 2013-09-11 23:08:04 debiantoruser has quit (Ping timeout: 264 seconds)
1273 2013-09-11 23:08:08 <an3k> before getting the messages i got plenty of these
1274 2013-09-11 23:08:10 <an3k> received block 00000000000000015a0852dba7932485b4da5699025d221f5b063b73ae2bee61
1275 2013-09-11 23:08:10 <an3k> ERROR: ProcessBlock() : already have block 252950 00000000000000015a0852dba7932485b4da5699025d221f5b063b73ae2bee61
1276 2013-09-11 23:08:10 <an3k> Misbehaving: 216.150.114.28:8333 (0 -> 0)
1277 2013-09-11 23:08:11 sserrano44 has joined
1278 2013-09-11 23:08:19 <sipa> nah, that's normal
1279 2013-09-11 23:08:31 <an3k> typical hackers? :)
1280 2013-09-11 23:08:35 <gmaxwell> an3k: can you look for the first Invalid  in your debug.log?
1281 2013-09-11 23:08:35 debiantoruser has joined
1282 2013-09-11 23:09:11 Guest85185 has quit (Quit: Ex-Chat)
1283 2013-09-11 23:10:01 <an3k> received block 000000000000001c4689e29d9d6463acc82342c09b668cd857249edd27bbbba3
1284 2013-09-11 23:10:02 chrisberkhout has joined
1285 2013-09-11 23:10:18 chrisberkhout has quit (Client Quit)
1286 2013-09-11 23:10:34 <gmaxwell> and then?
1287 2013-09-11 23:11:03 Gu_______ has quit (Quit: My MacBook has gone to sleep. ZZZzzz…)
1288 2013-09-11 23:11:05 Heimdall has quit (Ping timeout: 256 seconds)
1289 2013-09-11 23:11:07 <an3k> InvalidChainFound: invalid block=000000000000001c4689e29d9d6463acc82342c09b668cd857249edd27bbbba3  height=252957  log2_work=71,302093  date=2013-08-19 06:00:09
1290 2013-09-11 23:11:08 <an3k> InvalidChainFound:  current best=000000000000000a4b02c4719898b559e4a00c34f331d4791910e6d6ba6a7a1f  height=252955  log2_work=71,301877  date=2013-08-19 05:42:20
1291 2013-09-11 23:11:32 <gmaxwell> ah, thats not the first invalid instance.
1292 2013-09-11 23:11:40 <gmaxwell> but your log might not go back far enough.
1293 2013-09-11 23:12:47 <an3k> it does. found it. sry
1294 2013-09-11 23:12:48 Gu_______ has joined
1295 2013-09-11 23:12:50 <an3k> received block 000000000000003c661e240a7724ede08c4b097c37f93fdda679ef20ccb906e8
1296 2013-09-11 23:12:50 <an3k> ERROR: CScriptCheck() : 6512cbe17420f56ce2b85bb3f093bf12de7098ce6dba360404b4a07a4e202ec2 VerifySignature failed
1297 2013-09-11 23:12:50 <an3k> InvalidChainFound: invalid block=000000000000003c661e240a7724ede08c4b097c37f93fdda679ef20ccb906e8  height=252956  log2_work=71,301985  date=2013-08-19 05:51:00
1298 2013-09-11 23:12:50 <an3k> InvalidChainFound:  current best=000000000000000a4b02c4719898b559e4a00c34f331d4791910e6d6ba6a7a1f  height=252955  log2_work=71,301877  date=2013-08-19 05:42:20
1299 2013-09-11 23:12:51 <an3k> InvalidChainFound: invalid block=000000000000003c661e240a7724ede08c4b097c37f93fdda679ef20ccb906e8  height=252956  log2_work=71,301985  date=2013-08-19 05:51:00
1300 2013-09-11 23:12:53 <an3k> InvalidChainFound:  current best=000000000000000a4b02c4719898b559e4a00c34f331d4791910e6d6ba6a7a1f  height=252955  log2_work=71,301877  date=2013-08-19 05:42:20
1301 2013-09-11 23:12:55 <an3k> ERROR: SetBestBlock() : ConnectBlock 000000000000003c661e240a7724ede08c4b097c37f93fdda679ef20ccb906e8 failed
1302 2013-09-11 23:12:58 <an3k> ERROR: AcceptBlock() : AddToBlockIndex failed
1303 2013-09-11 23:13:00 <an3k> ERROR: ProcessBlock() : AcceptBlock FAILED
1304 2013-09-11 23:13:02 <an3k> Misbehaving: 58.64.155.106:8333 (0 -> 100) DISCONNECTING
1305 2013-09-11 23:13:04 <an3k> disconnecting node 58.64.155.106:8333
1306 2013-09-11 23:13:05 bizoro has joined
1307 2013-09-11 23:13:05 bizoro has quit (Changing host)
1308 2013-09-11 23:13:05 bizoro has joined
1309 2013-09-11 23:13:06 <sipa> :o verifysignature failed
1310 2013-09-11 23:13:09 Gu_______ has quit (Client Quit)
1311 2013-09-11 23:13:15 * sipa suspects CPU/memory error
1312 2013-09-11 23:13:32 <gmaxwell> totally boring transaction.
1313 2013-09-11 23:13:37 debiantoruser has quit (Ping timeout: 248 seconds)
1314 2013-09-11 23:14:12 Edward_Black has quit (Quit: ow ow ow...)
1315 2013-09-11 23:14:14 sserrano44 has quit (Quit: Computer has gone to sleep.)
1316 2013-09-11 23:14:15 <gmaxwell> maybe we should have failures in blocks try twice on failure and if it passes the second time go into safe mode and warn "your cpu or memory is bad"
1317 2013-09-11 23:14:23 debiantoruser has joined
1318 2013-09-11 23:15:17 <an3k> so that means my cpu/ram just broke?
1319 2013-09-11 23:15:34 <sipa> that's the most likely explanation
1320 2013-09-11 23:16:15 <sipa> you can try rebuilding the database (start with -reindex), which will take a while
1321 2013-09-11 23:16:26 Gu_______ has joined
1322 2013-09-11 23:16:29 <sipa> and the same or similar problem may or may not happen again
1323 2013-09-11 23:16:36 <an3k> as long as downloading 52955 blocks?
1324 2013-09-11 23:16:45 <an3k> i mean252,955
1325 2013-09-11 23:17:01 <sipa> close to it yes, except it won't actually download them again
1326 2013-09-11 23:17:25 Edward_Black has joined
1327 2013-09-11 23:17:27 <sipa> you can try disabling multithreading, perhaps that reduces the chance of cpu problems, by starting with -par=1
1328 2013-09-11 23:17:31 <Neozonz> Discx2!~Neozonz@unaffiliated/neozonz|is there a way to increase testnet difficulty?
1329 2013-09-11 23:18:14 <an3k> I can't tell bitcoin to delete the verifysignature failure-block and load and check it again?
1330 2013-09-11 23:18:17 Gu_______ has quit (Client Quit)
1331 2013-09-11 23:18:29 <an3k> its a singlecore without hyperthreading :p
1332 2013-09-11 23:18:54 <sipa> an3k: no, you have to restart from scratch
1333 2013-09-11 23:19:15 <sipa> ok, does the log say something like "Using N threads for signature verification" at startup?
1334 2013-09-11 23:21:05 <an3k> nothing like that
1335 2013-09-11 23:21:51 G________ has joined
1336 2013-09-11 23:22:05 <sipa> Using 4 threads for script verification
1337 2013-09-11 23:22:07 <sipa> it says here
1338 2013-09-11 23:22:36 awishformore has quit (Read error: Connection reset by peer)
1339 2013-09-11 23:23:18 <an3k> "script verification" cannot be found in the whole log
1340 2013-09-11 23:23:44 <sipa> ok
1341 2013-09-11 23:23:53 theboos has joined
1342 2013-09-11 23:25:07 JZavala has quit ()
1343 2013-09-11 23:27:05 an3k has quit (Read error: Operation timed out)
1344 2013-09-11 23:27:34 testnode9 has joined
1345 2013-09-11 23:28:35 <theboos> Hi all, I'm using bitcoin-qt 8.3.0 - for some reason when I right click on transactions and click "Copy transaction ID" there are a few extra digits at the end
1346 2013-09-11 23:28:39 an3k has joined
1347 2013-09-11 23:28:45 <sipa> yes, the vout index
1348 2013-09-11 23:29:22 <sipa> what you see as a "transaction" in the client, is not actually a transaction at the blockchain level, just a single output of one
1349 2013-09-11 23:29:35 <sipa> so it lists both the transaction id, and the output index
1350 2013-09-11 23:31:21 <theboos> my typical use case is copying the transaction ID to send someone the corresponding blockchain.info link but I have to truncate it manually
1351 2013-09-11 23:31:28 <theboos> just curious which use case requires the vout index then?
1352 2013-09-11 23:32:18 <sipa> to know which output it is about
1353 2013-09-11 23:32:41 <sipa> technically you can have even have multiple outputs of one transaction, all paying to your wallet
1354 2013-09-11 23:33:01 <an3k> hmm, what was the last msgs you saw?
1355 2013-09-11 23:33:05 <theboos> ah I guess that is true
1356 2013-09-11 23:33:33 <sipa> 01:22:18 < an3k> "script verification" cannot be found in the whole log
1357 2013-09-11 23:33:34 <sipa> 01:22:44 < sipa> ok
1358 2013-09-11 23:33:47 sserrano44 has joined
1359 2013-09-11 23:33:52 <an3k> ok :)
1360 2013-09-11 23:33:59 <an3k> 01:26:08 <an3k> but if my cpu/ram is defective why i don't get any errors with earlier blocks?
1361 2013-09-11 23:34:25 <sipa> signature verification (the cpu intensive part) is only enabled in later blocks
1362 2013-09-11 23:34:27 sserrano44 has quit (Client Quit)
1363 2013-09-11 23:34:33 <sipa> in 0.8.4 iirc after 250000
1364 2013-09-11 23:34:43 <an3k> dammit :)
1365 2013-09-11 23:34:59 AusBitBank_ has joined
1366 2013-09-11 23:35:00 <an3k> could I use an older version? :p
1367 2013-09-11 23:35:13 <sipa> that will only mean you get the error sooner
1368 2013-09-11 23:35:23 <sipa> or not
1369 2013-09-11 23:35:28 <sipa> it's likely still random
1370 2013-09-11 23:35:45 viperhr1 has quit (Ping timeout: 276 seconds)
1371 2013-09-11 23:37:07 <an3k> ok, thanks. currently i'm reindexing the db. if the error doesn't occour again should I talk to you again or isn't that an important case?
1372 2013-09-11 23:37:44 JZavala has joined
1373 2013-09-11 23:38:34 rdymac has joined
1374 2013-09-11 23:38:35 mrkent has joined
1375 2013-09-11 23:40:21 one_zero has joined
1376 2013-09-11 23:40:28 saulimus has quit (Quit: saulimus)
1377 2013-09-11 23:42:05 Zoo has quit (Read error: Connection reset by peer)
1378 2013-09-11 23:42:42 Zoo has joined
1379 2013-09-11 23:46:01 Eiii has joined
1380 2013-09-11 23:46:01 Eiii has quit (Changing host)
1381 2013-09-11 23:46:01 Eiii has joined
1382 2013-09-11 23:48:21 banghouse has quit (Remote host closed the connection)
1383 2013-09-11 23:48:47 longcat has joined
1384 2013-09-11 23:49:34 Guest50737 has joined
1385 2013-09-11 23:49:35 patcon has joined
1386 2013-09-11 23:49:37 <longcat> hello......  the bitcoin block chain and shit is large...  a butt too large...  is there a way to get it to use a compressed database or something less large?
1387 2013-09-11 23:50:21 <longcat> anyone else bring up storing it compressed?  or maybe I missed the memo that it already is compressed?
1388 2013-09-11 23:55:28 patcon has quit (Ping timeout: 264 seconds)
1389 2013-09-11 23:55:39 i2pRelay has quit (Remote host closed the connection)
1390 2013-09-11 23:57:05 zer0def has joined
1391 2013-09-11 23:57:13 Jasmin68k has joined
1392 2013-09-11 23:57:29 Jasmin68k has quit (Client Quit)