1 2011-12-07 00:00:02 <roconnor> 0.00004096 BTC per 512 bytes times 4 kb is only about 0.00032768
2 2011-12-07 00:00:08 <roconnor> BTC
3 2011-12-07 00:00:25 <[Tycho]> Not so relative.
4 2011-12-07 00:00:33 <lianj> :>
5 2011-12-07 00:00:50 <roconnor> unless I am mistaken
6 2011-12-07 00:02:45 <roconnor> phantomcircuit: does that particular DOS even work? presumably the OP_CHECKSIG's would quickly exhast the stack in this particular case and quickly fail.
7 2011-12-07 00:03:00 <roconnor> (though clearly you could build a better DOS script)
8 2011-12-07 00:03:54 <phantomcircuit> roconnor, i think at the time it did work
9 2011-12-07 00:03:55 <roconnor> hmm
10 2011-12-07 00:04:06 <phantomcircuit> the script code has been simplified since then
11 2011-12-07 00:05:08 <roconnor> I guess that trascation hasn't been redeemed and can't be redeemed
12 2011-12-07 00:05:24 <roconnor> and it currently has no computational overhead at all
13 2011-12-07 00:06:15 <phantomcircuit> correct
14 2011-12-07 00:06:27 <phantomcircuit> well it does for people downloading the blockchain
15 2011-12-07 00:06:34 <phantomcircuit> but that's a one time cost
16 2011-12-07 00:06:40 <roconnor> right
17 2011-12-07 00:06:50 <roconnor> but at least none of the OP_CHECKSIGs are ever run
18 2011-12-07 00:06:58 <phantomcircuit> yeah
19 2011-12-07 00:07:38 <roconnor> poor lost 0.01 BTC
20 2011-12-07 00:08:35 <lianj> poor 4kb
21 2011-12-07 00:09:36 <phantomcircuit> i love how bit-pay.net is porn
22 2011-12-07 00:12:56 <phantomcircuit> bleh we need a futures market
23 2011-12-07 00:14:26 <BlueMatt> how is there still not one?
24 2011-12-07 00:14:39 <phantomcircuit> i have no idea
25 2011-12-07 00:14:57 <BlueMatt> how has mtgox not added one yet???
26 2011-12-07 00:15:12 <BlueMatt> it seems like they move (understandably) slower than the bitcoin client
27 2011-12-07 00:15:48 <phantomcircuit> im not sure their software can handle it
28 2011-12-07 00:15:53 <phantomcircuit> it might be able to now actually
29 2011-12-07 00:16:31 <phantomcircuit> yeah
30 2011-12-07 00:16:44 <phantomcircuit> although maybe im wrong and you can
31 2011-12-07 00:16:48 <phantomcircuit> i mean they can
32 2011-12-07 00:17:06 <phantomcircuit> i would do one actually thinking about it
33 2011-12-07 00:19:51 <phantomcircuit> maybe i'll do one that only deals in mtgox coupons
34 2011-12-07 00:19:52 <phantomcircuit> lol
35 2011-12-07 00:25:07 <graingert> http://www.reddit.com/r/Bitcoin/comments/n39ys/its_always_good_to_double_check/
36 2011-12-07 00:29:14 <upb> hum, thats from july
37 2011-12-07 00:44:29 <ageis> anyone here who is good with JSON? need some quick help accessing some JSON data which is formatted in a way i haven't seen before...
38 2011-12-07 00:45:48 <lianj> dont ask to ask
39 2011-12-07 00:46:02 <graingert> ageis: pastebin
40 2011-12-07 00:46:18 <ageis> graingert: its just here: https://btcex.com/ticker.json
41 2011-12-07 00:46:38 <ageis> so i have the json object in a perl hash
42 2011-12-07 00:46:51 <ageis> and i want just the bid/ask/last prices in USD
43 2011-12-07 00:46:55 <luke-jr> isn't btcex that bad exchange?
44 2011-12-07 00:47:01 <ageis> i'm used to $btcex->{ticker}->{ask}
45 2011-12-07 00:47:15 <ageis> that type of thing
46 2011-12-07 00:47:25 <ageis> but i dont understand this one
47 2011-12-07 00:47:30 <graingert> ageis: in what sense
48 2011-12-07 00:47:32 <luke-jr> ageis: looks like normal JSON to me
49 2011-12-07 00:47:37 <graingert> http://jsonlint.com/
50 2011-12-07 00:47:42 <graingert> will format it nicely
51 2011-12-07 00:47:56 <graingert> ageis: what information do you want from it?
52 2011-12-07 00:48:10 <luke-jr> try $btcex->[0]->{ask}
53 2011-12-07 00:48:15 <ageis> graingert: bid/ask/lasttradedprice
54 2011-12-07 00:48:21 <ageis> luke-jr: thanks, thats what i was looking for
55 2011-12-07 00:48:23 <luke-jr> ageis: but srsly, if btcex is what I think it is, avoid like the plague
56 2011-12-07 00:48:32 <graingert> ageis: you don't know how to arrays?
57 2011-12-07 00:48:33 <ageis> i was thrown off by the fact that each table didnt have a title
58 2011-12-07 00:48:46 <ageis> graingert: i said it would be quick
59 2011-12-07 00:49:03 <graingert> ageis: perl == bleaugh
60 2011-12-07 00:49:12 <luke-jr> anyhow, I think BtCex was the site that DDoS'd their competitor
61 2011-12-07 00:49:17 <luke-jr> graingert: FAIL
62 2011-12-07 00:49:26 <luke-jr> Perl = YES
63 2011-12-07 00:50:01 <graingert> no
64 2011-12-07 00:50:10 <ageis> luke-jr: no worries, this is all i'm doing http://ageispolis.net/cgi-bin/bitcoin.pl
65 2011-12-07 00:50:21 <ageis> completely harmless and for fun and unnecessary
66 2011-12-07 00:50:31 <graingert> t-t-tables?
67 2011-12-07 00:50:41 <graingert> naw it's fine
68 2011-12-07 00:50:43 <lianj> "SSL certificate problem, verify that the CA cert is OK."
69 2011-12-07 00:50:44 <ageis> graingert why dont you like perl?
70 2011-12-07 00:51:03 <graingert> ageis: it's not as nice as python
71 2011-12-07 00:51:10 <graingert> and python is installed everywhere perl is
72 2011-12-07 00:51:21 <luke-jr> graingert: FALSE
73 2011-12-07 00:51:26 <luke-jr> Python is garbage :D
74 2011-12-07 00:51:32 <graingert> sigh
75 2011-12-07 00:51:32 <luke-jr> and Perl is installed everywhere
76 2011-12-07 00:51:48 <ageis> it's just more user-friendly
77 2011-12-07 00:51:50 <BlueMatt> can we not discuss religion?
78 2011-12-07 00:51:56 <graingert> LAWL
79 2011-12-07 00:52:06 <graingert> keep it to the block-chain
80 2011-12-07 00:53:08 <graingert> http://search.cpan.org/dist/Inline-Python/Python.pod#Using_the_Inline::Python_Module
81 2011-12-07 00:54:31 <lianj> m(
82 2011-12-07 00:54:36 <graingert> )
83 2011-12-07 00:55:07 <luke-jr> rather use Inline::C :/
84 2011-12-07 00:55:44 <lianj> FFI
85 2011-12-07 00:56:31 <graingert> !google FFI
86 2011-12-07 00:56:32 <gribble> Home - Family Firm Institute (FFI) - The International Body for Family ...: <http://www.ffi.org/>; Foreign function interface - Wikipedia, the free encyclopedia: <http://en.wikipedia.org/wiki/Foreign_function_interface>; Fatal familial insomnia - Wikipedia, the free encyclopedia: <http://en.wikipedia.org/wiki/Fatal_familial_insomnia>
87 2011-12-07 00:58:19 <lianj> !g libffi wiki
88 2011-12-07 00:58:20 <gribble> Error: "g" is not a valid command.
89 2011-12-07 00:58:25 <lianj> !google libffi wiki
90 2011-12-07 00:58:26 <gribble> libffi - Wikipedia, the free encyclopedia: <http://en.wikipedia.org/wiki/Libffi>; Libffi 3.0.9 - MoxieWiki: <http://moxielogic.org/wiki/index.php?title=Libffi_3.0.9>; Libffi 3.0.10 - MoxieWiki: <http://www.moxielogic.org/wiki/index.php?title=Libffi_3.0.10>
91 2011-12-07 00:59:09 <ageis> here's my script to check if someone's coming from tor or not (exit list query) http://ageispolis.net/cgi-bin/torcheck.pl
92 2011-12-07 00:59:53 <graingert> ageis: it would be good if it used GET rather than post
93 2011-12-07 01:00:15 <lianj> why?
94 2011-12-07 01:00:32 <ageis> graingert: hmm, i just ran into that issue with the bitcoin charts..
95 2011-12-07 01:00:35 <ageis> but yes, why
96 2011-12-07 01:00:42 <ageis> oh
97 2011-12-07 01:00:47 <graingert> so I can link to it
98 2011-12-07 01:00:57 <ageis> it already has api and takes args :)
99 2011-12-07 01:01:00 <ageis> ?ip= or ?host=
100 2011-12-07 01:01:01 <graingert> because it doesn't edit a DB backend
101 2011-12-07 01:01:05 <ageis> and with api=1 it will return 0,1,2
102 2011-12-07 01:01:11 <ageis> 2 = error
103 2011-12-07 01:01:20 <graingert> I see well the form should use get then
104 2011-12-07 01:01:51 <ageis> ok
105 2011-12-07 01:02:01 <ageis> here's an example positive result
106 2011-12-07 01:03:26 <ageis> i'd love if you linked to it actually
107 2011-12-07 01:03:45 <ageis> i wrote it so we could exclude certain suspect clients from btcvps but its not getting used
108 2011-12-07 01:03:50 <graingert> I will if you get rid of the cgi-bin and the .pl
109 2011-12-07 01:04:42 <graingert> http://ageispolis.net/torcheck?q=<ip or host>
110 2011-12-07 01:05:02 <ageis> sure thing
111 2011-12-07 01:06:11 <ageis> just gotta enable scripts in my home dir
112 2011-12-07 01:07:49 <ageis> now it's just serving up the text without the extension
113 2011-12-07 01:07:50 <ageis> hrm
114 2011-12-07 01:08:00 <graingert> django!
115 2011-12-07 01:08:21 <graingert> I'll be honest django is a bit heavy for this :p
116 2011-12-07 01:08:33 <ageis> reinhardt?
117 2011-12-07 01:08:51 <ageis> graingert: would masquerading as .py be suitable to you?
118 2011-12-07 01:08:58 <graingert> no
119 2011-12-07 01:09:04 <graingert> that would be just as bad
120 2011-12-07 01:09:07 <lianj> hihi
121 2011-12-07 01:09:10 <ageis> lol
122 2011-12-07 01:09:31 <graingert> http://www.w3.org/Provider/Style/URI
123 2011-12-07 01:09:55 <ageis> i just need help config'ing apache to run this shit
124 2011-12-07 01:10:12 <ageis> i cant just addhandler so all extensionless shit is a script
125 2011-12-07 01:11:12 <ageis> why doesnt it dig my shebang
126 2011-12-07 01:11:49 <BlueMatt> chmod +x ?
127 2011-12-07 01:12:49 <ageis> oo i got dis
128 2011-12-07 01:12:50 <ageis> already tried
129 2011-12-07 01:12:50 <graingert> hang on
130 2011-12-07 01:12:51 <graingert> you can leave the file as a .pl
131 2011-12-07 01:12:53 <ageis> ScriptAliasMatch is the answer
132 2011-12-07 01:12:57 <ageis> oh, that too
133 2011-12-07 01:13:02 <ageis> i already use a rewrite rule for www.
134 2011-12-07 01:13:50 <ageis> ScriptAliasMatch ^(/[^/.]*)$ /var/www/htdocs$1
135 2011-12-07 01:14:35 <graingert> I'm glad you correct the right way
136 2011-12-07 01:14:38 <ageis> okay buddy
137 2011-12-07 01:14:41 <graingert> so many people add www. in
138 2011-12-07 01:14:50 <ageis> you're all set
139 2011-12-07 01:14:53 <ageis> http://ageispolis.net/torcheck
140 2011-12-07 01:15:19 <graingert> http://ageispolis.net/torcheck?host=google.com
141 2011-12-07 01:15:24 <ageis> www.no-www.org
142 2011-12-07 01:16:27 <ageis> i hope i've satisfied your purism
143 2011-12-07 01:18:09 <graingert> it would be nice if you could respond
144 2011-12-07 01:18:20 <graingert> ip (host) does not appear to be a Tor exit.
145 2011-12-07 01:18:28 <ageis> no problemo
146 2011-12-07 01:18:45 <ageis> only when a host is supplied?
147 2011-12-07 01:18:52 <ageis> or try to resolve ips as well
148 2011-12-07 01:18:57 <graingert> of course
149 2011-12-07 01:19:06 <ageis> alright
150 2011-12-07 01:19:10 <graingert> and you should detect if I enter a host for ip and an ip for host
151 2011-12-07 01:19:31 <graingert> and you're still sending me to http://ageispolis.net/cgi-bin/torcheck.pl
152 2011-12-07 01:19:41 <ageis> ah yes
153 2011-12-07 01:19:55 <graingert> and you should autofwd from the old standard to the new
154 2011-12-07 01:20:01 <ageis> fixed
155 2011-12-07 01:20:42 <ageis> you want method=get
156 2011-12-07 01:20:45 <graingert> Error: DNS query failed or an unexpected response was received.
157 2011-12-07 01:21:56 <graingert> http://ageispolis.net/torcheck?lookup=1&ip=google.com&submit=send the &submit=send isn't needed
158 2011-12-07 01:22:37 <ageis> just input name=submit ?
159 2011-12-07 01:22:46 <ageis> er nix the vale
160 2011-12-07 01:22:47 <ageis> value
161 2011-12-07 01:23:27 <graingert> no idea on this one
162 2011-12-07 01:23:33 <graingert> I've never had the issue
163 2011-12-07 01:23:50 <graingert> I've come up with an idea for a site
164 2011-12-07 01:24:09 <graingert> bitcoinforceit.com
165 2011-12-07 01:24:15 <graingert> similar to bitcoinfaucet
166 2011-12-07 01:24:32 <graingert> but it tries to send bitcoin via the IP method to anyone accessing the site
167 2011-12-07 01:25:02 <ageis> cool
168 2011-12-07 01:25:15 <BlueMatt> that sounds like way too much effort...
169 2011-12-07 01:25:33 <BlueMatt> set the bitcoin parameters, forward your ports, then go to site...or copy address paste address click go
170 2011-12-07 01:26:01 <graingert> OH GOD NO NAT
171 2011-12-07 01:26:05 <graingert> it ruins all my plans
172 2011-12-07 01:26:19 <BlueMatt> force everyone onto ipv6...oh wait bitocin doesnt support ipv6
173 2011-12-07 01:26:26 <graingert> nooa
174 2011-12-07 01:26:44 <graingert> which is worse NAT or Natzis?
175 2011-12-07 01:26:49 <BlueMatt> nat
176 2011-12-07 01:26:56 <BlueMatt> no question about it
177 2011-12-07 01:27:05 <graingert> yep
178 2011-12-07 01:27:07 <lianj> you can punch holes in both of them
179 2011-12-07 01:27:12 <graingert> ohh
180 2011-12-07 01:27:38 <graingert> packet rape vs statutory rape?
181 2011-12-07 01:27:49 <BlueMatt> funny thing is nat was invented to prevent isps from keeping us from putting multiple devices on one connection
182 2011-12-07 01:28:10 <graingert> in Birmingham Uni that have a tool to detect NAT
183 2011-12-07 01:28:14 <graingert> and perma ban you
184 2011-12-07 01:28:22 <graingert> they*
185 2011-12-07 01:28:43 <graingert> so I took my ???3k/y elsewhere
186 2011-12-07 01:28:55 <BlueMatt> heh, unc has support pages on how to set up a router, xbox, etc
187 2011-12-07 01:29:31 <graingert> wireless networks were against the room policy
188 2011-12-07 01:29:47 <graingert> but they "promised" not to worry you if it was secure
189 2011-12-07 01:29:54 <graingert> in my old halls
190 2011-12-07 01:30:03 <graingert> they changed the policy after I left
191 2011-12-07 01:30:14 <BlueMatt> heh, around here its like wireless bonanza...have fun finding your ap on the list, it goes on for fucking ever...
192 2011-12-07 01:30:31 <BlueMatt> though there are some clever ones on the list
193 2011-12-07 01:30:43 <graingert> if we make our AP name long enough you can't see it on my flat-mate's mac
194 2011-12-07 01:30:57 <BlueMatt> Bill WI the Science Fi is one of my favorites...
195 2011-12-07 01:31:09 <graingert> our AP name was randomly generated, we then prepend and append the wireless standard to the string
196 2011-12-07 01:33:07 <ageis> my parents house/verizon still using WEP
197 2011-12-07 01:33:17 <BlueMatt> heh
198 2011-12-07 01:33:23 <ageis> i had free internet for a while at my apt. due to WEP + backtrack
199 2011-12-07 01:33:42 <BlueMatt> nice
200 2011-12-07 01:33:53 <graingert> the trick is to change the admin PW of the router
201 2011-12-07 01:34:04 <ageis> yes
202 2011-12-07 01:34:17 <ageis> they locked me out man, and i regretted not ever going into the router
203 2011-12-07 01:34:24 <BlueMatt> heh, yep...ive done that a few times
204 2011-12-07 01:34:26 <ageis> and i couldnt crack the AP with the best signal
205 2011-12-07 01:34:40 <BlueMatt> well that and the dnstunnel trick for free wifi on those please pay for wifi aps...
206 2011-12-07 01:34:44 <ageis> sooo i had to buy comcast :(
207 2011-12-07 01:35:03 <ageis> although android usb tether held me for a while
208 2011-12-07 01:35:10 <SomeoneWeird> yeah that trick works a charm BlueMatt :)
209 2011-12-07 01:35:30 <BlueMatt> SomeoneWeird: used to use it all the time before the days of me having a 4g data connection to tether on :)
210 2011-12-07 01:35:43 <BlueMatt> but its still nice in airports sometimes
211 2011-12-07 01:35:57 <SomeoneWeird> heh
212 2011-12-07 01:40:39 <graingert> I didn't think 4g existed yet
213 2011-12-07 01:40:57 <BlueMatt> heh good point
214 2011-12-07 01:41:26 <BlueMatt> fine, unlimited 3.5G tethering
215 2011-12-07 01:41:35 <BlueMatt> well, Id argue 3.75G
216 2011-12-07 01:43:35 <SomeoneWeird> lol
217 2011-12-07 01:45:07 <BlueMatt> anyway, hitting 10mbps down outside is good enough for me
218 2011-12-07 01:46:23 <SomeoneWeird> thats bull
219 2011-12-07 01:46:27 <SomeoneWeird> i dont even get 8mpbs at home
220 2011-12-07 01:46:53 <BlueMatt> got it earlier today
221 2011-12-07 01:47:13 <BlueMatt> 20685kbps down
222 2011-12-07 01:47:14 <SomeoneWeird> $?
223 2011-12-07 01:47:18 <BlueMatt> sorry, 10685
224 2011-12-07 01:47:32 <BlueMatt> only 1482kbps up, but meh
225 2011-12-07 01:48:05 <BlueMatt> hey, when you are on sprint you are literally the only one on the network, so wimax is plenty fast ;)
226 2011-12-07 01:49:33 <SomeoneWeird> hahaha
227 2011-12-07 01:49:40 <SomeoneWeird> how much did it cost ya?
228 2011-12-07 01:50:07 <BlueMatt> I dont pay for my service, my parents do ;)
229 2011-12-07 01:51:53 <BlueMatt> anyway for unlimited 10mbps data, Id say 70/mo isnt too bad
230 2011-12-07 01:52:13 <BlueMatt> considering I use ~5G/mo
231 2011-12-07 01:53:28 <imsaguy> BlueMatt: have them call and say they have triple AAA
232 2011-12-07 01:53:33 <imsaguy> err, AAA*
233 2011-12-07 01:53:43 <imsaguy> you'll get 12% off
234 2011-12-07 01:53:45 <imsaguy> :-x
235 2011-12-07 01:54:07 <BlueMatt> na, we already get like 15% off of the 70 b/c my dad's company has a sprint contract
236 2011-12-07 01:54:39 <SomeoneWeird> hahaha
237 2011-12-07 01:54:46 <SomeoneWeird> how old are you BlueMatt ?
238 2011-12-07 01:55:01 <BlueMatt> 18
239 2011-12-07 01:55:09 <SomeoneWeird> i see i see
240 2011-12-07 01:55:14 <BlueMatt> (studying compsci obv)
241 2011-12-07 01:55:28 <SomeoneWeird> hard?
242 2011-12-07 01:55:49 <SomeoneWeird> im studying dimploma of computer systems engineering & network security
243 2011-12-07 01:55:55 <SomeoneWeird> fkin easy -.-
244 2011-12-07 01:56:08 <graingert> I have so much work to do :(
245 2011-12-07 01:56:11 <BlueMatt> easy as shit here too (though I am a freshman so of course it is)
246 2011-12-07 01:56:14 <graingert> 3rd year compsci soton
247 2011-12-07 01:56:29 <imsaguy> Freshman year is a joke
248 2011-12-07 01:56:33 <BlueMatt> yep
249 2011-12-07 01:56:42 <SomeoneWeird> cool
250 2011-12-07 01:56:54 <graingert> hence why you're doing gitian and actually doing work for the PPA. And my work for it has been embarrassingly low
251 2011-12-07 01:57:07 <graingert> next time I have spare time is summer
252 2011-12-07 01:57:11 <BlueMatt> heh, well no shame in having shit to do in the real world
253 2011-12-07 01:57:48 <BlueMatt> no christmas break time off?
254 2011-12-07 01:58:32 <SomeoneWeird> what exactly you learning about BlueMatt? trying to figure out whether i should do compscience or just try and get a job
255 2011-12-07 01:59:08 <graingert> nope
256 2011-12-07 01:59:19 <graingert> that's reserved for 3 courseworks
257 2011-12-07 01:59:38 <graingert> *cry*
258 2011-12-07 01:59:50 <BlueMatt> graingert: damn, that sucks...
259 2011-12-07 01:59:50 <graingert> graphics, 3yp and scripting group project
260 2011-12-07 02:00:05 <graingert> all would be totally fun on their own
261 2011-12-07 02:01:07 <BlueMatt> SomeoneWeird: afaik compsci is more programming and theory of programming whereas comp eng is more hardware
262 2011-12-07 02:01:30 <BlueMatt> ofc for compsci you need to understand the basics of how the hardware works and vica versa
263 2011-12-07 02:01:56 <SomeoneWeird> yeah
264 2011-12-07 02:02:38 <SomeoneWeird> and, ccna. yay or nay?
265 2011-12-07 02:03:18 <BlueMatt> ccna?
266 2011-12-07 02:03:39 <BlueMatt> cisco certified network ass-holes?
267 2011-12-07 02:03:51 <SomeoneWeird> lol
268 2011-12-07 02:03:59 <SomeoneWeird> sooo, thats a no..?
269 2011-12-07 02:04:33 <BlueMatt> what do you mean by ccna?
270 2011-12-07 02:04:40 <SomeoneWeird> should i get it
271 2011-12-07 02:04:46 <BlueMatt> meh
272 2011-12-07 02:04:52 <BlueMatt> not my place to make a decision
273 2011-12-07 02:04:58 <SomeoneWeird> true,
274 2011-12-07 02:05:02 <BlueMatt> nor do I know the job market for ccnas
275 2011-12-07 02:05:19 <BlueMatt> but hey, it can never hurt right?
276 2011-12-07 02:05:35 <graingert> ask potential employers
277 2011-12-07 02:05:45 <SomeoneWeird> i wanna get into security
278 2011-12-07 02:05:50 <graingert> SomeoneWeird: go to careerer events
279 2011-12-07 02:05:53 <SomeoneWeird> yeah graingert
280 2011-12-07 02:05:56 <graingert> SomeoneWeird: you in the UK?
281 2011-12-07 02:05:59 <SomeoneWeird> nah
282 2011-12-07 02:06:01 <SomeoneWeird> australia
283 2011-12-07 02:06:03 <graingert> dang
284 2011-12-07 02:06:10 <graingert> Soton has an awesome security course
285 2011-12-07 02:06:10 <SomeoneWeird> most people just laugh at me cuz of my age
286 2011-12-07 02:06:34 <gmaxwell> The various certs are useful for geting junior positions generally� but I would imagine that at the moment they don't do much because basically all job markets are flooded.
287 2011-12-07 02:07:00 <SomeoneWeird> yep
288 2011-12-07 02:07:03 <BlueMatt> my opinion - for now stay in school as long as possible
289 2011-12-07 02:07:15 <BlueMatt> (unless job market makes a 180)
290 2011-12-07 02:07:26 <gmaxwell> SomeoneWeird: careful wrt security jobs. Outside of contracting gigs (which are few and far between), IT security in many places is basically the designated fallguy. Site gets hacked? No proble� we have a security person to fire. :)
291 2011-12-07 02:07:41 <SomeoneWeird> true
292 2011-12-07 02:08:18 <SomeoneWeird> already dropped highschool BlueMatt - was a pain in the ass
293 2011-12-07 02:08:20 <graingert> Web Designers stay in school till IE8 hits EOL
294 2011-12-07 02:08:24 <SomeoneWeird> going to tafe (like uni here)
295 2011-12-07 02:08:28 <SomeoneWeird> lol
296 2011-12-07 02:09:03 <BlueMatt> graingert: heh
297 2011-12-07 02:09:13 <BlueMatt> SomeoneWeird: hey, it cant be worse than working
298 2011-12-07 02:09:34 <gmaxwell> dunno about that.. generally you pay to go to school, while you get paid to work.
299 2011-12-07 02:09:37 <gmaxwell> ;)
300 2011-12-07 02:10:45 <gmaxwell> (thus why I included the word 'generally')
301 2011-12-07 02:10:53 <gmaxwell> So long as thats true, excellent. :)
302 2011-12-07 02:11:52 <SomeoneWeird> yeah, parents paying for my education too :D
303 2011-12-07 02:11:53 <SomeoneWeird> lol
304 2011-12-07 02:12:22 <gmaxwell> BlueMatt: you're already doing the right thing anyways: you're involved in stuff outside of school that you can point to as expirence. This will be a significant competitive advantage vs most of your peers.
305 2011-12-07 02:12:59 <BlueMatt> gmaxwell: as long as you write me a recommendation, Im happy ;)
306 2011-12-07 02:13:24 <copumpkin> :O
307 2011-12-07 02:13:24 <gmaxwell> hah.
308 2011-12-07 02:13:49 <SomeoneWeird> haha
309 2011-12-07 02:14:18 <SomeoneWeird> yeah, mee too
310 2011-12-07 02:15:36 <BlueMatt> gmaxwell: darn, didnt think so...
311 2011-12-07 02:15:46 <gmaxwell> hah, you don't need one yet anyways!
312 2011-12-07 02:16:24 <copumpkin> they like good essays
313 2011-12-07 02:16:26 <BlueMatt> heh, anyway...
314 2011-12-07 02:16:40 <BlueMatt> copumpkin: what employer wants you to submit an essay?
315 2011-12-07 02:16:49 <copumpkin> oh I thought it was about school
316 2011-12-07 02:16:57 <BlueMatt> copumpkin: na, Im already in college
317 2011-12-07 02:17:01 <copumpkin> oh okay
318 2011-12-07 02:17:04 <gmaxwell> but yea, in general the job market across the board seems really screwy right now. My SO is unemployed, and has a pretty reasonable resume. We've looked at some of the folks getting hired over her, and � well crap, people with 15 years expirence doing exactly that job� taking a position at what was probably half their last pay. How do you compete with that?
319 2011-12-07 02:17:10 <copumpkin> BlueMatt: where?
320 2011-12-07 02:17:12 <BlueMatt> though I suppose the essay thing is true for grad school
321 2011-12-07 02:17:16 <BlueMatt> copumpkin: unc-ch
322 2011-12-07 02:17:20 <graingert> SO?
323 2011-12-07 02:17:22 <copumpkin> ah ok
324 2011-12-07 02:17:30 <gmaxwell> graingert: my long term girlfriend.
325 2011-12-07 02:17:43 <BlueMatt> heh, interesting way of putting it
326 2011-12-07 02:17:55 <SomeoneWeird> so?
327 2011-12-07 02:17:56 <copumpkin> significant other
328 2011-12-07 02:17:59 <SomeoneWeird> ah
329 2011-12-07 02:18:00 <BlueMatt> not wife?
330 2011-12-07 02:18:38 <copumpkin> some people don't care about marriage :P
331 2011-12-07 02:18:46 <gmaxwell> we reject the necessity of marriage. There are also economic reasons that make it inadvisable.
332 2011-12-07 02:18:52 <BlueMatt> anyway, back to the topic at hand...nat sucks
333 2011-12-07 02:19:02 <SomeoneWeird> lol
334 2011-12-07 02:19:03 <BlueMatt> gmaxwell: fair enough
335 2011-12-07 02:19:19 <BlueMatt> well it is how we got on the subject of education, and its marginally more related to bitcoin
336 2011-12-07 02:19:43 <BlueMatt> gmaxwell: in germany, its rare to get married pretty much until you have your first child because it means your taxes go up
337 2011-12-07 02:20:06 <gmaxwell> (if we were normal people we would be� we've lived together for .. er like 8 years or so)
338 2011-12-07 02:20:27 <copumpkin> gmaxwell: did anything ever come of the jstor business?
339 2011-12-07 02:20:29 <BlueMatt> meh, whats the fun in normality?
340 2011-12-07 02:20:39 <SomeoneWeird> wow, 8 years haha
341 2011-12-07 02:21:27 <copumpkin> how old?
342 2011-12-07 02:21:36 <copumpkin> SomeoneWeird: I think BlueMatt is pretty young?
343 2011-12-07 02:21:40 <BlueMatt> 18
344 2011-12-07 02:21:51 <copumpkin> oh ok
345 2011-12-07 02:22:02 <gmaxwell> copumpkin: yes, Jstor changed their policy and have made a should-be public domain documents available to everyone at no cost. (which they say wasn't due to me, but I'm pretty sure this is not completely true, not that it matters)
346 2011-12-07 02:22:07 <BlueMatt> heh after idling in #ICS-DEV-E4GT (android devs porting ics to e4gt) anything is old, they are all hs students
347 2011-12-07 02:22:10 <BlueMatt> some younger
348 2011-12-07 02:22:13 <gmaxwell> er s/made a/made all/
349 2011-12-07 02:22:26 <graingert> gmaxwell: jstor?
350 2011-12-07 02:22:31 <copumpkin> hey, I used to be involved in the iphone jailbreak community
351 2011-12-07 02:22:35 <copumpkin> most people there are 14
352 2011-12-07 02:22:44 <copumpkin> and "hack" their iphone by changing the theme on springboard
353 2011-12-07 02:22:59 <gmaxwell> graingert: manifesto here: https://thepiratebay.org/torrent/6554331
354 2011-12-07 02:23:22 <copumpkin> gmaxwell: that's good! I was afraid they might go after you with an army of lawyers
355 2011-12-07 02:23:41 <SomeoneWeird> hahah true that copumpkin
356 2011-12-07 02:24:29 <gmaxwell> copumpkin: Wikimedia UK (of all places) got some threating noises for hosting the resulting documents, but they went away after being laughed at.
357 2011-12-07 02:24:43 <gmaxwell> I never heard a _peep_ except via journalists.
358 2011-12-07 02:24:50 <gmaxwell> Which sincerely surprised me.
359 2011-12-07 02:24:51 <copumpkin> funny
360 2011-12-07 02:24:59 <copumpkin> I guess they realized how indefensible their position would have been?
361 2011-12-07 02:25:00 <gmaxwell> For one, they still haven't figured out how I got the documents.
362 2011-12-07 02:25:07 <copumpkin> it usually doesn't stop large companies
363 2011-12-07 02:25:13 <copumpkin> lots of lawyers > reason
364 2011-12-07 02:25:44 <gmaxwell> And the most concrete claim they could have possibly made was related to e.g. violating some TOS in the process of obtaining the documents (which is a major part of the claims against Aaron).
365 2011-12-07 02:26:30 <copumpkin> yeah
366 2011-12-07 02:26:34 <copumpkin> what's happening with him?
367 2011-12-07 02:29:16 <gmaxwell> copumpkin: case is still plodding along, :(
368 2011-12-07 02:30:02 <gmaxwell> I think he has a hearing in January.
369 2011-12-07 02:30:44 <SomeoneWeird> Aaron?
370 2011-12-07 02:32:27 <BlueMatt> ;;google "aaron jstor"
371 2011-12-07 02:32:28 <gribble> JSTOR Statement: Misuse Incident and Criminal Case | JSTOR: <http://about.jstor.org/news-events/news/jstor-statement-misuse-incident-and-criminal-case>; Aaron Swartz Indictment Leading People To... Upload JSTOR ...: <http://www.techdirt.com/articles/20110721/11122615195/aaron-swartz-indictment-leading-people-to-upload-jstor-research-to-file-sharing-sites.shtml>; Aaron Schwartz and� (1 more message)
372 2011-12-07 02:33:18 <SomeoneWeird> what he do?
373 2011-12-07 02:33:37 <SomeoneWeird> ah
374 2011-12-07 02:33:44 <gmaxwell> Downloaded too many scientific papers from a library. ;)
375 2011-12-07 02:34:20 <SomeoneWeird> 0_O
376 2011-12-07 02:34:37 <gmaxwell> (to be fair, he also too the required measures for downloading too many papers: changing mac addresses, opening new guest accounts, and generally sneaking around like a nogoodnick)
377 2011-12-07 02:35:07 <SomeoneWeird> ah
378 2011-12-07 02:35:37 <graingert> gmaxwell: you have no claim against you?
379 2011-12-07 02:36:54 <graingert> gmaxwell: this is a good one someone at my UNI spotted: https://thepiratebay.org/torrent/6523347/Christian_Union_-_Level_1_Pack_%28EXAMPLE%29.pdf
380 2011-12-07 02:38:21 <gmaxwell> graingert: If they had one, they don't know how to make it. I took a lot of precaution, including meeting with some experienced attorneys in order to basically leave trying to assert copyright over clearly PD documents as the only avenue open to them� something they'd lose on and embarass themselves in the process.
381 2011-12-07 02:38:51 <SomeoneWeird> so, whys he in trouble? seriously downloading to many papers?
382 2011-12-07 02:39:22 <gmaxwell> SomeoneWeird: the actual charges will be no doubt realted to the required steps, e.g. making up bogus accounts, or hiding a laptop in the library, and not the papers themselves.
383 2011-12-07 02:39:55 <SomeoneWeird> heh
384 2011-12-07 02:40:54 <BlueMatt> the funny part is both mit and jstor agreed that since the documents were not published, just delete them and they can all move on with their lives
385 2011-12-07 02:41:00 <BlueMatt> and then the doj got involved...
386 2011-12-07 02:41:31 <SomeoneWeird> fuck the government
387 2011-12-07 02:41:36 <SomeoneWeird> thats just way over the top
388 2011-12-07 02:41:37 <gmaxwell> I speculate that the DOJ thinks its important to send a message.
389 2011-12-07 02:41:54 <gmaxwell> They're probably missing the detail that the message they're sending is "don't get caught".
390 2011-12-07 02:41:57 <BlueMatt> I find it downright ridiculous
391 2011-12-07 02:42:00 <graingert> gmaxwell: well why are they trying to sue for message sending?
392 2011-12-07 02:42:27 <graingert> convict*
393 2011-12-07 02:42:33 <gmaxwell> graingert: e.g. they want to discourage other people from trying the same thing. But it's hopeless.
394 2011-12-07 02:43:00 <graingert> now it's all on the web
395 2011-12-07 02:43:51 <gmaxwell> Well, what aaron downloaded is not. Alas. What I posted was only a few tens of thousands of very old documents, carefully selected to try to bait them into a fight they couldn't win.
396 2011-12-07 02:44:34 <graingert> lol
397 2011-12-07 02:45:03 <gmaxwell> I got _thousands_ of emails of support though. The coolest ones e.g. a respected mathematician bragging to me about all the textbooks he shared on edonkey. And this is a kind of slow change in mindset that won't easily stop.
398 2011-12-07 02:46:02 <BlueMatt> well hopefully as some people switch to publishing royalty-free we move forward, but I dont see most unis doing that in the near future (not that they really make any serious $$ from royalties)
399 2011-12-07 02:47:00 <graingert> lol
400 2011-12-07 02:47:02 <graingert> I read that as
401 2011-12-07 02:47:04 <graingert> EdonKey
402 2011-12-07 02:47:14 <gmaxwell> BlueMatt: subscriptions are net negative for all unis in fact. many are spending millions per year on journal subscriptions that they don't see a cent from.
403 2011-12-07 02:47:30 <graingert> I have a similar problem with PubLickey
404 2011-12-07 02:47:44 <BlueMatt> mmm, well maybe we will see a change then...
405 2011-12-07 02:47:45 <gmaxwell> BlueMatt: it's mostly an intertia thing. People want to publish with the respected names. The respected names (in most fields) are not open access.
406 2011-12-07 02:48:02 <graingert> had a lecture on this on Monday
407 2011-12-07 02:48:05 <BlueMatt> well luckily compsci is moving away from that...
408 2011-12-07 02:48:12 <BlueMatt> (slowly...)
409 2011-12-07 02:48:27 <gmaxwell> ACM is getting battered for that reason.
410 2011-12-07 02:48:43 <roconnor> gmaxwell: did you read about what happened when I tried to publish my Public Domain article in an ACM publication?
411 2011-12-07 02:48:54 <roconnor> gmaxwell: they refused to print it. :O
412 2011-12-07 02:48:56 <BlueMatt> acm?
413 2011-12-07 02:49:08 <roconnor> Association for Computing Machinery
414 2011-12-07 02:49:09 <gmaxwell> ;;google acm
415 2011-12-07 02:49:10 <gribble> Welcome � Association for Computing Machinery: <http://www.acm.org/>; ACM Digital Library: <http://dl.acm.org/>; Academy of Country Music: <http://www.acmcountry.com/>
416 2011-12-07 02:49:13 <BlueMatt> roconnor: did they say specifically that it was because it was pubdom?
417 2011-12-07 02:49:31 <graingert> wait for them to pubblish it, then "loose" it on the bay
418 2011-12-07 02:49:45 <roconnor> BlueMatt: they specifically said since it was on the arXiv it was already published so they didn't need to print it.
419 2011-12-07 02:49:54 <BlueMatt> heh
420 2011-12-07 02:49:55 <gmaxwell> BlueMatt: but yes, changes are happening, e.g. https://www.freedom-to-tinker.com/blog/appel/open-access-scholarly-publications-princeton
421 2011-12-07 02:50:03 <roconnor> I said I couldn't transfer copyright to them since I had waived copyright.
422 2011-12-07 02:50:14 <roconnor> then they said since it was on the arXiv it was already published so they didn't need to print it.
423 2011-12-07 02:50:39 <BlueMatt> gmaxwell: yea I had read an article a while back (like 3-4 months ago) on the subject, not that Im an expert...
424 2011-12-07 02:50:42 <roconnor> Full story: http://r6.ca/blog/20110930T012533Z.html
425 2011-12-07 02:50:57 <gmaxwell> I enjoy the irony that I have to pay like $30/each to download papers I coauthored.
426 2011-12-07 02:51:10 <BlueMatt> heh
427 2011-12-07 02:51:41 <roconnor> It's true that the ACM relicencing terms are fairly permissive, but OTOH they are the most anal about getting an unammended copyright transfer.
428 2011-12-07 02:51:48 <gmaxwell> roconnor: from workshop proceedings!
429 2011-12-07 02:51:52 <roconnor> yes
430 2011-12-07 02:52:13 <gmaxwell> geeesh.
431 2011-12-07 02:52:16 <roconnor> gmaxwell: ACM gets to keep every proceeding in their digital archive by removing items from proceedings!
432 2011-12-07 02:53:00 <roconnor> Every other publisher I've delt with I've ammended their copyright transfer agreements and the publishers have never complained.
433 2011-12-07 02:53:09 <roconnor> (granted I suspect they never noticed either.)
434 2011-12-07 02:54:05 <gmaxwell> roconnor: You've seen Matt Blaze complaining about the ACM (and IEEE), right?
435 2011-12-07 02:54:19 <gmaxwell> you might want to point him to your adventure.
436 2011-12-07 02:54:50 <gmaxwell> http://www.crypto.com/blog/copywrongs/ (relevant page)
437 2011-12-07 02:56:21 <gmaxwell> oh... I don't read so well, last line of your page.. duur.
438 2011-12-07 02:56:40 <roconnor> :)
439 2011-12-07 02:56:49 <roconnor> maybe I should send this to him
440 2011-12-07 03:57:12 <BlueMatt> wumpus: ping
441 2011-12-07 04:30:27 <BitMark> running 0.5.0on AWS Linux
442 2011-12-07 04:30:56 <BitMark> getting a error: -rpcssl=1, but bitcoin compiled without full openssl libraries.
443 2011-12-07 04:31:40 <BitMark> anyone else get this error?
444 2011-12-07 04:55:54 <gmaxwell> Since people were talking about the general subject and I won't have time to work on it more anytime soon, I thought I'd publish this crazy idea ... that some here might find interesting: https://bitcointalk.org/index.php?topic=53855.msg642768#msg642768
445 2011-12-07 05:04:59 <copumpkin> I like it :)
446 2011-12-07 05:06:32 <theymos> That sounds amazingly cool. I hope someone creates it.
447 2011-12-07 05:07:11 <copumpkin> nice name ;)
448 2011-12-07 05:12:07 <GMP> i see one potential flaw, centralized file hosting isnt well suited for fast spreading of large files. It could be better for StorJ to operate like torrent tracker, allowing to use standart torrent clients , which passed 10s years of software evolution
449 2011-12-07 05:13:51 <gmaxwell> why 'operate like' � the code I wrote for it makes every file a torrent too� you can download either way.
450 2011-12-07 05:14:17 <GMP> :)
451 2011-12-07 05:14:26 <gmaxwell> It's basically free to do. The only problem I have with the torrents is that the files are all encrypted with a key stored in the URL that the StorJ instance doesn't see.
452 2011-12-07 05:14:57 <gmaxwell> (so it can't know the content of a file) .. I can't get the torrent client to decrypt the file, so you have to manually decrypt it after the tranfer finishes.. which is kinda ugly.
453 2011-12-07 05:16:12 <gmaxwell> My initial use case that inspired me is that I first contemplated releasing the Jstor files anonymously, but I couldn't figure out how to quickly get thirty some gigs of data seeded in an anonymous way.
454 2011-12-07 05:16:51 <gmaxwell> I spent a few hours but was basically frustrated at every turn. I couldn't get onto freenode via tor to even try to buy some hosting from someone on -otc.
455 2011-12-07 05:17:04 <gmaxwell> So I ended up going another route which turned out much better.
456 2011-12-07 05:18:56 <BitMark> what about free net?
457 2011-12-07 05:19:05 <gmaxwell> Ever used freenet?
458 2011-12-07 05:19:16 <BitMark> long ime ago
459 2011-12-07 05:19:19 <theymos> This kind of thing could change the world even more than Bitcoin. It creates a big economic incentive to move toward human-level AI, and it provides a great way of bypassing governments.
460 2011-12-07 05:19:44 <GMP> the whole human-compute, automated-human-assist idea is fantastic! i like it
461 2011-12-07 05:19:50 <gmaxwell> theymos: I think the key point here� though its not really my innovation� is that you can have a system like this _before_ you have human-like AI.
462 2011-12-07 05:20:25 <gmaxwell> (of course the smarter an storj instance is on its own the more profitable it would be)
463 2011-12-07 05:20:25 <theymos> Yeah. The system can be reasonably stupid, but it will keep getting smarter through economic magic.
464 2011-12-07 05:21:02 <BitMark> relevant http://xkcd.com/810/
465 2011-12-07 05:21:51 <gmaxwell> I also like my offhand point that legal-personhood could potentially make these instances legally autonomous.
466 2011-12-07 05:23:30 <theymos> It could even hire lawyers, spokespeople, etc.
467 2011-12-07 05:24:29 <theymos> I posted a 100 BTC bounty for this in the forum topic.
468 2011-12-07 05:25:49 <copumpkin> then you could host JStor files on StorJ
469 2011-12-07 05:25:57 <copumpkin> this is gmaxwell's true intention
470 2011-12-07 05:26:04 <gmaxwell> copumpkin: it was.
471 2011-12-07 05:26:24 <copumpkin> mind if I tweet it?
472 2011-12-07 05:26:30 <gmaxwell> Be my guest.
473 2011-12-07 05:26:54 <gmaxwell> Working on the idea quickly teaches you how brittle software systems are.
474 2011-12-07 05:27:40 <gmaxwell> I was really starting to feel like I had to invent whole new infrastructures to make it possible... it's really easy to scope this into impossibility.
475 2011-12-07 05:27:41 <GMP> the system can operate like huge RAID, where different files have different replication factors, down to 1.xxx and still be reliable, which potentially much more efficient than we have today
476 2011-12-07 05:28:27 <amiller> copumpkin, i spent a long time thinking about what the implications would be of secure program obfuscation
477 2011-12-07 05:28:33 <gmaxwell> GMP: right, you could take any good idea in network storage e.g. stuff from the Tahoe project, and just stick it right in.
478 2011-12-07 05:28:35 <amiller> (which turns out to be proven impossible in general)
479 2011-12-07 05:29:04 <amiller> but if it was you could hide the private keys inside a program and it would only spit out bitcoins when presented with good input
480 2011-12-07 05:29:09 <amiller> it would be like a digital sphynx
481 2011-12-07 05:29:55 <gmaxwell> If trusted boot were a commercial reality the system could have some trust of the host... but really I think I mostly solved that by making children independant entities.. if some end up on crooked hosts.. oh well. Good storj instances will get good reputation like good traders.
482 2011-12-07 05:30:10 <copumpkin> gmaxwell: just run it on an iphone ;)
483 2011-12-07 05:30:15 <gmaxwell> amiller: IBM cryptocard makes it reasonable (thats the 'time/availablity oracle' I mention :) )
484 2011-12-07 05:30:21 <amiller> but without that, the semi-autonomous thing is at best vulnerable to the services that run it
485 2011-12-07 05:30:32 <copumpkin> real trusted boot done right, except when it didn't work
486 2011-12-07 05:30:50 <copumpkin> amiller: proof-carrying code
487 2011-12-07 05:30:58 <copumpkin> type systems are your friend :)
488 2011-12-07 05:31:08 <jgarzik> gmaxwell: a fun read, storj is :)
489 2011-12-07 05:31:51 <gmaxwell> amiller: https://en.wikipedia.org/wiki/IBM_4758 < e.g. for running an oracle, it's a 486 thats tamper resistant which can attest to the code its running.
490 2011-12-07 05:31:59 <jgarzik> a narrowly scripted AI, with ability to pay for things via bitcoin, could be very powerful
491 2011-12-07 05:32:25 <copumpkin> gmaxwell: hah, one of my profs worked on that
492 2011-12-07 05:32:41 <gmaxwell> amiller: I'd have one to play with.. I'd like to run a simple oracle that does blockchain queries and solves hashes .. but they cost about $5k used.. a bit too much for a toy.
493 2011-12-07 05:32:51 <amiller> ahhh
494 2011-12-07 05:32:59 <jgarzik> _Daemon_ presents a greatly expanded version of storj, where humans are paid by the daemon to perform various tasks that may fail / be redundantly verified.
495 2011-12-07 05:33:43 <gmaxwell> amiller: e.g. you give it a program that says GENERATE_RANDOM_BASED_ON_THIS_PROGRAM=R, if txnX exists in blockchain at least 6 deep return R, otherwise returh SHA256(R). Then you can make one txn conditional on another TXN.
496 2011-12-07 05:34:48 <gmaxwell> amiller: the cryptocard wouldn't store the blockchain itself.. an external pc would also process the script and prove to the oracle all it needed to know. (e.g. by showing it tree fragments and block headers)
497 2011-12-07 05:35:21 <amiller> okay, i follow that
498 2011-12-07 05:35:33 <amiller> it only contains enough information to do the risky signing bit and show the info to the user to confirm it
499 2011-12-07 05:36:01 <gmaxwell> Then you just submit it once.. it fails.. gives you the hash.. now you can make a hash locked transactions which will only be redeemable once the oracle is willing to help.
500 2011-12-07 05:36:49 <gmaxwell> (and because you can pay the oracle for his services, the scripts could be fully turing complete with reasonably big time/space limits)
501 2011-12-07 05:39:04 <amiller> ok good someone already posted about fully homomorphic encryption in the thread
502 2011-12-07 05:40:17 <gmaxwell> amiller: yea, also some from the soup stuff � which I think is only moderately interesting, because I probably don't have 4 billion years to see it produce something neat. ;)
503 2011-12-07 05:40:46 <amiller> well what i'm really interested in is the boundary between obfusacation and homomorphic encryption
504 2011-12-07 05:40:52 <amiller> where homomorphic encryption is proven realizable, obfuscation is proven not
505 2011-12-07 05:40:53 <ThomasV> which thread are you talking about?
506 2011-12-07 05:40:58 <amiller> if you had obfuscation
507 2011-12-07 05:41:01 <amiller> ThomasV, https://bitcointalk.org/index.php?topic=53855.msg642768#msg642768
508 2011-12-07 05:41:10 <amiller> if you had obfuscation, then you could make the StorJ lifeform
509 2011-12-07 05:41:16 <amiller> completely unreliant on the servers that run it
510 2011-12-07 05:41:34 <amiller> for example if it offers bitcoins to someone
511 2011-12-07 05:41:41 <amiller> under specific conditions
512 2011-12-07 05:41:48 <amiller> well the private keys still have to be kept online
513 2011-12-07 05:42:03 <amiller> i guess your point is that they can be on the trusted card, the 'servers' hosting the rest of the code can be whatever
514 2011-12-07 05:42:17 <amiller> the card _would_ have to be online though in order to process events, is that right?
515 2011-12-07 05:42:23 <gmaxwell> amiller: (though, the storj entities could escrow all the crypto across multiple hosts� you could still trick it, but its harder)
516 2011-12-07 05:42:42 <amiller> right, you can do the N/M shared keys
517 2011-12-07 05:42:52 <gmaxwell> yea, if you use a piece of 'secure hardware' then it must be online.. upsides and downsides.
518 2011-12-07 05:43:07 <amiller> and you can't do better than that without implying program obfuscation
519 2011-12-07 05:43:10 <GMP> dynamic trusted boot can not be trusted, even relatively new core i7 with integrated memory controller had the same bug, running SMM code from (poisoned) cache, modifying SMRAM. and intel solution to this - hashing SMRAM as well - tells how flawed the whole idea is. static trusted boot can be compromised by hw/mod aw well
520 2011-12-07 05:43:29 <amiller> hmm
521 2011-12-07 05:43:44 <gmaxwell> GMP: there are no absolutes.. but it's like a safe: the safe doesn't stop theives, it slows them down until they can get caught via other means.
522 2011-12-07 05:44:32 <amiller> gmaxwell, do you know how opentransactions works
523 2011-12-07 05:45:13 <ThomasV> no, the first bitcoin-enabled digital lifeform will be a beggar robot
524 2011-12-07 05:45:20 <gmaxwell> amiller: no / yes, I mean I know it uses Chaum blinded signatures which I know all about as well as the proposals to use them for digital cash.
525 2011-12-07 05:45:51 <gmaxwell> botsnack
526 2011-12-07 05:45:56 <gmaxwell> gribble: botsnack
527 2011-12-07 05:45:58 <amiller> ah okay that's the kind of minor aspect of opentransactions, the more interesting part is that it has a special kind of limited host, really similar to this
528 2011-12-07 05:46:04 <gmaxwell> darning, I forget how to make it beg. :)
529 2011-12-07 05:46:08 <amiller> i'm going to try to explain how to reconcile these architectures
530 2011-12-07 05:46:12 <amiller> ,,feed
531 2011-12-07 05:46:13 <gribble> Feed me... Feed me bitcoins! 1MgD6rah5zUgEGYZnNmdpnXMaDR3itKYzU
532 2011-12-07 05:46:28 <gmaxwell> ThomasV: it was said and thus it is so.
533 2011-12-07 05:46:35 <ThomasV> lol
534 2011-12-07 05:46:46 <amiller> so in opentransactions the 'client' is basically the smart card, it holds the keys
535 2011-12-07 05:47:02 <amiller> but a certain kind of work is delegated to the 'verifier' server, which is equivalent to the host in this case
536 2011-12-07 05:47:12 <amiller> the really important quality of the host is that the stuff it runs is entirely auditable
537 2011-12-07 05:47:29 <amiller> it has to be relied on to do it correctly, to only sign correct messages, but it can do it publicly
538 2011-12-07 05:48:30 <amiller> if it did something wrong, it would be obvious to anyone watching the output feed
539 2011-12-07 05:48:59 <amiller> and if it only produces output by publishing to a DHT so it couldn't reasily give one view of the data to one client and a different view to another
540 2011-12-07 05:50:00 <amiller> in this context, it's about reducing the expectations of the storj host so that the necessary trust in the host is minimal
541 2011-12-07 05:50:43 <gmaxwell> Hm. It still needs something trusted to store its identity however.
542 2011-12-07 05:51:49 <amiller> yes
543 2011-12-07 05:51:55 <amiller> and there's no way to tell if it's spilled its keys
544 2011-12-07 05:51:59 <amiller> so that is something you have to trust it for
545 2011-12-07 05:52:36 <amiller> but double spending would be detectable
546 2011-12-07 05:52:59 <amiller> and forging incorrect output would also be impossible with the proof carrying code
547 2011-12-07 05:53:44 <amiller> oh and i wanted to mention
548 2011-12-07 05:54:02 <amiller> you brought up the n/m thing where you can delegate the duty not just to a single server but to a handful of separate parties with a shared key and a vote
549 2011-12-07 05:54:13 <gmaxwell> Right. Further trust could be had by using secure hardware modules from multiple sources.. Though my head hurts when I try to figure out how you fit acceptable malleability in
550 2011-12-07 05:54:18 <amiller> you could also delegate it to a bitcoin lottery
551 2011-12-07 05:54:35 <gmaxwell> oh?
552 2011-12-07 05:54:45 <amiller> the opentransactions server makes exactly the same claim bitcoin does
553 2011-12-07 05:54:54 <amiller> just it does it by identifying a server that guarantees it
554 2011-12-07 05:55:05 <amiller> if you drew servers at random based on a hash proof of work, then you'd have bitcion
555 2011-12-07 05:55:21 <amiller> the claim i'm talking about of course is that the scriptsig checks out and the input hasn't already been claimed
556 2011-12-07 05:55:35 <gmaxwell> Ah, got it.
557 2011-12-07 05:55:55 <amiller> which is publicly auditable, whether it's in bitcoin or from an opentransactions server
558 2011-12-07 05:56:43 <amiller> the threat model i think is 'greedy, lazy, but risk averse and under public scrutiny'
559 2011-12-07 05:57:30 <ThomasV> are there many opentransactions servers?
560 2011-12-07 05:57:32 <jgarzik> my own plans for such a bot were more simple, too: just make something, anything, self-sustaining and capable of communicating with humans via email/IM/SMS/other methods
561 2011-12-07 05:58:06 <jgarzik> I've long wanted a Personal Assistant bot (Siri) that was "difficult to intercept or kill"
562 2011-12-07 05:58:11 <ThomasV> jgarzik: begging is the most simple business model
563 2011-12-07 05:58:24 <gmaxwell> jgarzik: could just be something as simple as a pastebin that takes donations and pays it own hosting bills. Then you lose the credentials to access it. How long will it live?
564 2011-12-07 05:58:55 <jgarzik> yep
565 2011-12-07 05:59:06 <jgarzik> main problem is finding hosting in a non-illegal manner
566 2011-12-07 05:59:20 <jgarzik> APIs are still ad hoc and often site-specific
567 2011-12-07 05:59:36 <gmaxwell> yea... the more uniform api is to hack stuff. 0_o
568 2011-12-07 05:59:41 <jgarzik> ;)
569 2011-12-07 06:00:11 <ThomasV> ... although with email you could create a nigerian scambot
570 2011-12-07 06:00:15 <gmaxwell> (this hadn't escaped me.. but oy..)
571 2011-12-07 06:00:43 <gmaxwell> ThomasV: with the right hosting you could even send enough messages to perhaps tune your messages automatically.
572 2011-12-07 06:01:49 <ThomasV> right == spam complacent?
573 2011-12-07 06:02:07 <gmaxwell> (which is where a lot of the bio-inspired self adapting stuff fails down, people don't grasp the sheer scale of evolution. If you can't do billions of trials then randomized searching of high dimensional spaces just doesn't work)
574 2011-12-07 06:02:15 <gmaxwell> Yes. "bullet proof" I think they call it?
575 2011-12-07 06:02:54 <jgarzik> there are all sorts of ways to scatter small bits of data in odd places, difficult to detect or take down all of them. the problem is with code -- you need to execute code over the data, otherwise you don't have a digital entity at all. And, rightly so, it is difficult to get a remote server to trigger code on yet another remote server, in a way that endlessly continues
576 2011-12-07 06:03:48 <gmaxwell> I could easily make a sandbox .. give it bitcoin and a url and it runs code from the url until the bitcoin runs out.. but what would someone use that for?
577 2011-12-07 06:03:58 <amiller> what about couchapps
578 2011-12-07 06:04:05 <amiller> do you know couchapps
579 2011-12-07 06:04:08 <amiller> basically it's just a keyvalue store
580 2011-12-07 06:04:11 <amiller> you can host http and js off of it
581 2011-12-07 06:04:17 <amiller> but you can also include a .js that does get exeucted by the server
582 2011-12-07 06:04:35 <amiller> in response to certain events, they say its 'map reduce' but really it just means it calls back your code any time there's a PUT
583 2011-12-07 06:04:43 <gmaxwell> oh there you go.. the whole web is your computational matrix.
584 2011-12-07 06:04:49 <gmaxwell> you just need to sucker users into visiting it.
585 2011-12-07 06:04:50 <sneak_> hey everyone
586 2011-12-07 06:04:55 <sneak_> stop writing javascript
587 2011-12-07 06:04:57 <sneak_> seriously, just stop.
588 2011-12-07 06:05:09 <amiller> lol
589 2011-12-07 06:05:13 <jgarzik> if one were to go the illegal route... like with the biological world, there are viruses floating throughout cyberspace. In theory, a narrow AI could intercept and incorporate malware infection practices into itself, by running its own honeypot, and then propagate autonomous code execution platform from there (standard botnetter logic ensues)
590 2011-12-07 06:05:15 <sneak_> unless your code is a GUI, there is no reason for you to be writing it in javascript
591 2011-12-07 06:05:16 <amiller> sneak_, next stop, agda
592 2011-12-07 06:05:16 <sneak_> period
593 2011-12-07 06:05:19 <justmoon> sneak_: ...
594 2011-12-07 06:05:28 <ageis> enuf abstract theorizin
595 2011-12-07 06:05:31 <gmaxwell> sneak_: duh. yea, everyone should stop, instead you should write _java_ and use google web toolkit to conver that to javascript.
596 2011-12-07 06:05:45 <sneak_> gmaxwell: i'd sooner jam fireworks in my ass and squat over a hibachi
597 2011-12-07 06:05:58 <amiller> 5btc bounty.
598 2011-12-07 06:06:12 <gmaxwell> sneak_: okay, instead write in C� then use emscripten to convert to JS. Done!
599 2011-12-07 06:06:16 <jgarzik> yeah, if you can sucker people into visiting a web page, you've got worker bees aplenty
600 2011-12-07 06:06:30 <amiller> gmaxwell, what about something like heroku
601 2011-12-07 06:06:31 <sneak_> seriously, for serverside code, using javascript is misguided
602 2011-12-07 06:06:33 <amiller> or nodejitsu
603 2011-12-07 06:06:35 <gmaxwell> jgarzik: XSS protection limits that substantially.
604 2011-12-07 06:06:35 <sneak_> write it in a real language
605 2011-12-07 06:06:38 <amiller> i think heroku is all proprietary and closed
606 2011-12-07 06:06:43 <sneak_> use javascript for fucking about with the DOM, and leave it there
607 2011-12-07 06:06:44 <amiller> but that nodejitsu is a little more straightforward
608 2011-12-07 06:06:49 <amiller> basically it just runs on git
609 2011-12-07 06:06:49 <sneak_> node.js is cancer
610 2011-12-07 06:06:56 <amiller> if you have a git repo, the infrastructure can spool up and run the project
611 2011-12-07 06:07:02 <amiller> it's meant to be portable and ephemeral like that
612 2011-12-07 06:07:05 <ThomasV> perhaps the right "matrix" for such a lifeform would be a botnet
613 2011-12-07 06:07:08 <gmaxwell> sneak_: are you an anti-JS rant bot?
614 2011-12-07 06:07:08 <justmoon> sneak_: why? what don't you like about it?
615 2011-12-07 06:07:19 <sneak_> the same things i don't like about php
616 2011-12-07 06:07:31 <sneak_> idiot devs, shitty syntax, === operator
617 2011-12-07 06:07:43 <gmaxwell> ThomasV: so� I don't think so: here is why. Software, as we create it today is insanely brittle. It's not at all like biology. The slightest thing odd.. and it just fails. Usually completely.
618 2011-12-07 06:07:47 <sneak_> the thought that some syntactic straightjacket can somehow make idiot devs into good devs
619 2011-12-07 06:07:58 <sneak_> basically, "people under 22"
620 2011-12-07 06:08:07 <gmaxwell> ThomasV: so I don't think that adhoc substrates like botnets would support long survival.
621 2011-12-07 06:08:13 <gmaxwell> ThomasV: but commercial services generally do.
622 2011-12-07 06:08:21 <sneak_> maybe even 25
623 2011-12-07 06:08:24 <justmoon> sneak_, by shitty syntax you mean c-like syntax?
624 2011-12-07 06:08:32 <sneak_> no
625 2011-12-07 06:08:36 <ThomasV> gmaxwell: such as amazon aws?
626 2011-12-07 06:08:59 <sneak_> i mean the fact that you have to do if(typeof var !== "undefined" && var !== null)
627 2011-12-07 06:09:15 <sneak_> fac me cocleario vomere
628 2011-12-07 06:09:21 <justmoon> if you write that - you're doing it wrong :)
629 2011-12-07 06:09:33 <sneak_> justmoon: au contraire, if you _don't_ write that, you're doing it wrong.
630 2011-12-07 06:09:48 <gmaxwell> sneak_: many many moons ago, I was given an intern at my job. He didn't know anything about programming. We needed a new inventory management app. I taught him php (er, it was before the zend stuff, a long time ago) and SQL... because those were the easiest tools.
631 2011-12-07 06:09:49 <sneak_> if you don't understand why, you are part of the problem and should stop talking
632 2011-12-07 06:09:53 <justmoon> you're writing javascript as if it's a strongly typed language, it isn't, it's a prototypal language
633 2011-12-07 06:10:08 <sneak_> coffeescript is a step in the right direction
634 2011-12-07 06:10:15 <justmoon> it doesn't matter whether your variable is null or undefined or whatever, what you should care about is whether it's the object you want
635 2011-12-07 06:10:27 <sneak_> but again, if you are using js for anything other than DOM manipulation, you likely have a much better tool for the job available and should not be using javascript
636 2011-12-07 06:10:31 <gmaxwell> sneak_: about a decade later I bumped into him (he reconized me, I had no clue who is was) and he thanked me for teaching him php. He was working as a web developer. I .. still feel guilty about it now.
637 2011-12-07 06:10:34 <justmoon> if (myvar instanceof BlockChainManager) {
638 2011-12-07 06:10:39 <justmoon> ^ use that instead
639 2011-12-07 06:10:49 <gmaxwell> ThomasV: yes, such as AWS.
640 2011-12-07 06:11:08 <amiller> if you're not writing in a verified proof language like coq or agda, you might as well just not mention what syntax/language you're using
641 2011-12-07 06:11:18 <gmaxwell> amiller++
642 2011-12-07 06:11:27 <amiller> it's just personal style otherwiswe
643 2011-12-07 06:11:43 <gmaxwell> amiller: well, I dunno, the functional/pattern matching stuff is kind of a different beast from the procedural stuff.
644 2011-12-07 06:11:57 <SomeoneWeird> agda?
645 2011-12-07 06:12:05 <gmaxwell> But within the famlies its just window dressing.
646 2011-12-07 06:12:19 <amiller> gmaxwell, well it's not the functional part that matters
647 2011-12-07 06:12:23 <justmoon> speaking of javascript, I just wrote some: http://www.weusecoins.com/questions.php
648 2011-12-07 06:12:24 <amiller> you could doverified programmning in a procedural language
649 2011-12-07 06:12:28 <justmoon> feedback is very welcome :)
650 2011-12-07 06:12:29 <amiller> there just isn't such an implementation
651 2011-12-07 06:12:33 <amiller> it's easier to do that sort of research in functional
652 2011-12-07 06:12:46 <amiller> the thing that makes it verified programming is that you write your 'specification' in very clear easy to follow language
653 2011-12-07 06:12:54 <amiller> then you write your implementation using whatever shortcuts and hacks and algorithms as necessary
654 2011-12-07 06:12:54 <gmaxwell> amiller: I know. (I use ACSL for some of my own stuff
655 2011-12-07 06:12:56 <gmaxwell> )
656 2011-12-07 06:13:13 <amiller> but you make sure to include the proof (or a sketch of a proof and let the compiler do the rest)
657 2011-12-07 06:13:25 <amiller> but you get a machine checkable proof that your nasty spaghetti logic matches your pristine specification
658 2011-12-07 06:13:31 <amiller> so it matters what language you write your specification in, itdoesn't matter what the implementation is in
659 2011-12-07 06:13:57 <gmaxwell> Though I've found it to be quite challenging to make it work pratically for non-trivial programs. :( thats probably my shortcoming rather than that of the tools.
660 2011-12-07 06:14:02 <amiller> it's an open problem how to reaosnably go about building your implementation along with a proof sketch.
661 2011-12-07 06:14:08 <amiller> it's hard as hell for simple stuff with agda or coq
662 2011-12-07 06:14:35 <amiller> it requires a completely brainrewriting, verified programming is to functional programming what functional programming is to C
663 2011-12-07 06:14:40 <gmaxwell> I tried adding a feature to compcert and gave up.. right away basically.
664 2011-12-07 06:15:00 <amiller> gmaxwell, my friend got to take a course at UMD doing coq proofs for all sorts of things
665 2011-12-07 06:15:04 <amiller> there are some really good papers on it
666 2011-12-07 06:15:09 <gmaxwell> (it doesn't know how to multiply long long � I can store them, and I think it can add them. But I needed multiply too)
667 2011-12-07 06:16:01 <amiller> http://adam.chlipala.net/cpdt/html/Intro.html this being my favorite i think.
668 2011-12-07 06:16:24 <amiller> i need to find someone to talk to who has used coq in 'declarative mode'
669 2011-12-07 06:16:34 <amiller> it's an odd little package in the coq standard library
670 2011-12-07 06:16:43 <gmaxwell> This is the danger sign to most people: "There is no reason to give up the familiar comforts of functional programming when you start writing certified programs"
671 2011-12-07 06:16:48 <gmaxwell> heheh
672 2011-12-07 06:16:53 <amiller> rofl
673 2011-12-07 06:17:18 <amiller> buckle up.
674 2011-12-07 06:17:23 <copumpkin> :(
675 2011-12-07 06:17:24 <amiller> hold on to your lambdas
676 2011-12-07 06:18:03 <copumpkin> verified programming is to functional programming what functional programming is to C
677 2011-12-07 06:18:05 <copumpkin> I wouldn't say that
678 2011-12-07 06:18:21 <copumpkin> I'm also not a big fan of the coq approach to verified programming, but I don't think the field is all that mature yet
679 2011-12-07 06:18:37 <amiller> i mean that only in one aspect (a hurdle of new thought), not in any other generalizable way
680 2011-12-07 06:18:41 <copumpkin> of the coq approaches, I think cpdt's is the nicer one
681 2011-12-07 06:18:54 <gmaxwell> yea, I understood it as "hurdle of new thought".
682 2011-12-07 06:19:32 <copumpkin> I guess it depends on what kind of functional programming you're used to. If you're reasonably well versed in types in haskell and are already used to doing pure FP, moving to verified programming isn't a huge jump
683 2011-12-07 06:19:51 <copumpkin> you need to keep things like termination checks in mind and work out the details of proofs
684 2011-12-07 06:20:10 <copumpkin> and as you get better, develop a taste for representations that simplify proofs
685 2011-12-07 06:20:11 <amiller> i think you're right copumpkin actually
686 2011-12-07 06:20:31 <amiller> being good at haskell means using the type system to do a lot of the work.
687 2011-12-07 06:20:51 <amiller> which essentially is the same process
688 2011-12-07 06:20:52 <copumpkin> if you naively translate haskell to e.g., agda, you'll probably get a working program that looks almost identical (it might not pass the termination checker) but you probably won't be able to prove much about it very easily
689 2011-12-07 06:20:53 <amiller> hm.
690 2011-12-07 06:21:17 <copumpkin> I tried this early on when I was learning agda
691 2011-12-07 06:21:26 <gmaxwell> when using ACSL the biggest problem I have is that when it can't prove something sometimes I can help it� and sometimes I'm completely lost. "It knows this is 0-8 and that is 8-16.. why can't I make it prove that the sum is <=24= or even that the signed integer does not overflow!" or "fantastic, I can prove all the properties I already knew for sure and didn't care about!"
692 2011-12-07 06:22:01 <copumpkin> I took omega, which is a library that gives you a diagonalization procedure for flattening an infinite list of infinite lists in such a way that every element in every list will appear at some finite index in the output
693 2011-12-07 06:22:10 <copumpkin> and translated it more or less verbatim to agda
694 2011-12-07 06:22:21 <copumpkin> then I tried to prove that it behaved as advertised and my head exploded
695 2011-12-07 06:22:28 <gmaxwell> copumpkin: omg you disproved cantor!
696 2011-12-07 06:22:34 <amiller> yeah copumpkin
697 2011-12-07 06:22:40 <amiller> that is pretty similar to my experience with coq
698 2011-12-07 06:22:48 <amiller> i would write an elegant program that solves the problem adatped from another functional language
699 2011-12-07 06:22:54 <amiller> and then try to prove things about my program
700 2011-12-07 06:22:56 <amiller> and that is a dead end almost immediately
701 2011-12-07 06:23:00 <copumpkin> yeah
702 2011-12-07 06:23:15 <amiller> so i tried again, now i'm going to build my program out of proofs in the first places
703 2011-12-07 06:23:18 <copumpkin> coq does have a few more "brute force" tools in its tactic approach that let you do that a bit more than agda does
704 2011-12-07 06:23:19 <amiller> and then my head exploded
705 2011-12-07 06:23:31 <copumpkin> meaning that you can get away with bad definitions part of the way
706 2011-12-07 06:23:40 <copumpkin> but having good definitions is still pretty key
707 2011-12-07 06:24:05 <copumpkin> there's also the fact that really basic s
708 2011-12-07 06:24:07 <amiller> there's one paper i liked a lot
709 2011-12-07 06:24:10 <copumpkin> tuff takes quite a bit of work :)
710 2011-12-07 06:24:13 <amiller> it was a verified implementation of dikjstra's algorithm
711 2011-12-07 06:24:18 <amiller> but it went through a process
712 2011-12-07 06:24:29 <amiller> of building the proofs and the code simultaneously
713 2011-12-07 06:24:35 <midnightmagic> i was very sad when dijkstra died
714 2011-12-07 06:24:36 <copumpkin> for example, here's a "simple" proof that there are infinite primes, in agda: https://gist.github.com/1286093
715 2011-12-07 06:24:52 <copumpkin> it doesn't even generate all of them
716 2011-12-07 06:25:01 <copumpkin> :/
717 2011-12-07 06:26:16 <amiller> ugh i can't find it now
718 2011-12-07 06:26:53 <copumpkin> I mostly follow conor mcbride's school of thought when it comes to developing verified programs
719 2011-12-07 06:27:34 <copumpkin> that is, that programming is a conversation with the typechecker, and you want to write types that are expressive enough to help you write your algorithms
720 2011-12-07 06:27:55 <copumpkin> he has an example where he writes a sort algorithm that is correct by construction and he doesn't do any explicit "proof" about it
721 2011-12-07 06:28:15 <amiller> link?
722 2011-12-07 06:28:27 <gmaxwell> ... so now that this channel contains the highest density of people who know about verified software that I've ever seen on IRC... (2) where is the verified bitcoin blockchain validator?
723 2011-12-07 06:28:54 <copumpkin> gmaxwell: I think that was part of roconnor's goal in writing purecoin :) he's a big fan of coq
724 2011-12-07 06:28:55 <gmaxwell> (if doublec were around I could claim (3) � he programs in ATS)
725 2011-12-07 06:29:14 <copumpkin> roconnor's actually written real verified software
726 2011-12-07 06:29:18 <copumpkin> including a real number library for coq
727 2011-12-07 06:29:21 <copumpkin> "real"
728 2011-12-07 06:29:33 <amiller> ooh
729 2011-12-07 06:29:38 <copumpkin> (which is a possibly surprisingly difficult endeavor)
730 2011-12-07 06:30:08 <gmaxwell> ah, I knew roconnor was doing haskell, but I didn't know about it being verified... fine. (4)..
731 2011-12-07 06:30:20 <copumpkin> oh he hasn't done that yet, I don't think
732 2011-12-07 06:30:21 <gmaxwell> We should have a verified bitcoin library by now for sure!
733 2011-12-07 06:30:42 <copumpkin> he often writes a first iteration of verified software in haskell
734 2011-12-07 06:30:49 <copumpkin> (the real number library existed first in haskell)
735 2011-12-07 06:31:04 <copumpkin> (these are "real" real numbers, not like MPFR or arbitrary precision floats)
736 2011-12-07 06:31:09 <gmaxwell> right.
737 2011-12-07 06:31:18 <amiller> gmaxwell, what would be really useful is to have the little bitcoin scripting language replaced with a verifiable one
738 2011-12-07 06:31:22 <copumpkin> amiller: trying to find the slides
739 2011-12-07 06:31:23 <amiller> and also to put more of the bitcoin protocol in the script
740 2011-12-07 06:31:34 <amiller> like how to add up inputs and outputs and check they line up
741 2011-12-07 06:31:48 <amiller> that functionality is outside the script for now but it's obviously possible to put it in there
742 2011-12-07 06:32:09 <gmaxwell> er. you don't want the in the script� since it's of essential interest to everyone to prevent inflation.
743 2011-12-07 06:32:13 <copumpkin> many of his writings are at http://www.e-pig.org/epilogue/ and he's on twitter as @pigworker
744 2011-12-07 06:32:20 <copumpkin> http://www.e-pig.org/epilogue/?p=690 is a blog post about it in a language he's been working on
745 2011-12-07 06:32:27 <copumpkin> but there were also some slides that explained the technique
746 2011-12-07 06:33:02 <copumpkin> here we go: http://personal.cis.strath.ac.uk/~conor/Pivotal.pdf (the transparencies are "his style". he's a pretty good speaker)
747 2011-12-07 06:33:05 <amiller> gmaxwell, well maybe it's enough to just say there's a hash of the verifiable script in the block?
748 2011-12-07 06:33:19 <copumpkin> actually in this case they aren't even transparencies
749 2011-12-07 06:33:20 <jgarzik> speaking of self-sustaining... another thing I would like to see is a distributed GLBSE
750 2011-12-07 06:33:25 <copumpkin> but they usually are, and handwritten
751 2011-12-07 06:33:31 <amiller> he highlights his syntax with crayons
752 2011-12-07 06:33:31 <copumpkin> jgarzik: ooh, me too
753 2011-12-07 06:33:35 <amiller> that is most delightful
754 2011-12-07 06:33:49 <copumpkin> he also has cute pictures in a lot of them, and makes a lot of silly puns
755 2011-12-07 06:33:56 <copumpkin> he's very quirky :P
756 2011-12-07 06:34:10 <copumpkin> just the other day I was reading some code by him that had an infinite stream type
757 2011-12-07 06:34:15 <copumpkin> whose head was called "now"
758 2011-12-07 06:34:18 <copumpkin> and the tail was called "anon"
759 2011-12-07 06:34:24 <copumpkin> (not short for anonymous)
760 2011-12-07 06:34:50 <gmaxwell> amiller: in a parallel distributed system where there was more motiviation to be able to change the rules (and some defined criteria for doing it) you could basically put the whole of the system in the chain, and the software would just be a bootstrapper and interperter.
761 2011-12-07 06:34:55 <jgarzik> each company issuing shares would publish a signed ledger
762 2011-12-07 06:35:00 <amiller> "push views in, don't pull facts out"
763 2011-12-07 06:35:09 <amiller> i understand that!
764 2011-12-07 06:35:28 <amiller> gmaxwell, right on
765 2011-12-07 06:35:59 <copumpkin> amiller: the AVL tree in the agda standard library uses that approach to ensure it's ordered correctly without carrying around many explicit proofs in the structure
766 2011-12-07 06:36:11 <copumpkin> it's remarkably elegant
767 2011-12-07 06:36:21 <jgarzik> share transfers are submitted <somehow>. share transfers published in company ledger are canonical, and describe public keys of shareholders, who may then use said public keys to further transfer shares.
768 2011-12-07 06:36:32 <copumpkin> I say this having tried to implement a more explicit approach to safe AVL trees that did carry around proofs
769 2011-12-07 06:36:41 <copumpkin> and I succeeded but it was an absolute nightmare to maintain the proofs
770 2011-12-07 06:37:09 <copumpkin> jgarzik: do you think something like that could live on top of the existing bitcoin infrastructure?
771 2011-12-07 06:37:09 <jgarzik> in practice, I imagine trusted aggregators would maintain ledger on behalf of clients
772 2011-12-07 06:37:15 <jgarzik> copumpkin: definitely
773 2011-12-07 06:37:24 <jgarzik> copumpkin: well... bits of it, yes :)
774 2011-12-07 06:37:55 <copumpkin> mmm
775 2011-12-07 06:38:55 <copumpkin> gmaxwell: anyway, the only thing that worries me about verified implementations of crypto stuff is that I'm not really aware of a particularly good approach to proving facts about difficulty of operations and probabilities (for brute forcing, etc.)
776 2011-12-07 06:39:10 <copumpkin> it's remarkably difficult to talk about nondeterministic things like that
777 2011-12-07 06:39:43 <doublec> gmaxwell: I'm around :) I missed my chance to plug ATS, I'm too slow!
778 2011-12-07 06:39:53 <copumpkin> you'd obviously have to assume that for your notion of difficulty, that something like integer logarithm is difficult
779 2011-12-07 06:40:10 <amiller> this is the most focus i've ever needed to understand a crayon drawing
780 2011-12-07 06:40:11 <copumpkin> doublec: I missed a talk by hongwei xi a couple of days ago! I was sad
781 2011-12-07 06:40:11 <gmaxwell> copumpkin: so.. what do you do when verifying a program in the verification depends on something np hard. if (len(factor(bignum))>2){destroy_world();} ?
782 2011-12-07 06:40:17 <amiller> i think this could be very relevant to get through
783 2011-12-07 06:40:22 <amiller> proofs of ordering being essential to even a blockchain verifir
784 2011-12-07 06:40:29 <GMP> yeah, and proof of being NP doesnt mean that there are no 'weak' keys
785 2011-12-07 06:40:31 <gmaxwell> doublec: for some reason my client didn't tabcomplete you.
786 2011-12-07 06:41:18 <copumpkin> gmaxwell: I didn't quite understand that question. could you rephrase a bit?
787 2011-12-07 06:41:50 <doublec> copumpkin: I saw that talk announced - I'd have like to have seen it too
788 2011-12-07 06:41:53 <gmaxwell> copumpkin: I mean � you're not going to prove that on the spot, it's hard� so do you just take it as an axiom and confess later? :)
789 2011-12-07 06:42:21 <copumpkin> oh yeah, it's fairly common to assume things you don't want to or don't know how to prove, as long as you have a nice concise statement of what you're assuming
790 2011-12-07 06:42:30 <copumpkin> one common one in something like agda or coq is functional extensionality
791 2011-12-07 06:42:35 <gmaxwell> I think it would be perfectly fine to prove bitcoin taking some things as axioms, e.g. that the hash function is actually a random oracle.
792 2011-12-07 06:42:41 <copumpkin> that if two functions are pointwise equal, that they are actually equal
793 2011-12-07 06:43:03 <amiller> is it known how to work with random oracle model in a proof checker?
794 2011-12-07 06:43:09 <copumpkin> gmaxwell: I meant more that it's difficult to even come up with a statement of what "difficult" means, formally
795 2011-12-07 06:43:44 <jgarzik> has anyone yet created a bitcoin-based mechanical turk?
796 2011-12-07 06:43:46 <amiller> i can imagine claims i'd want to make about like sampling from statistical distributions
797 2011-12-07 06:43:53 <copumpkin> yeah
798 2011-12-07 06:44:00 <copumpkin> those are pretty difficult to talk about
799 2011-12-07 06:44:05 <amiller> i have no idea how i'd even begin expressing that
800 2011-12-07 06:44:19 <gmaxwell> amiller: it doesn't seem conceptually hard if you describe it as permuting an infite set or something like that.. I don't know if that would let you say anything useful about it though.
801 2011-12-07 06:44:40 <gmaxwell> er infinite.
802 2011-12-07 06:45:30 <gmaxwell> jgarzik: the nearest is http://forbitcoin.com/ I think.
803 2011-12-07 06:45:48 <copumpkin> StorJ can use it :D
804 2011-12-07 06:45:57 <gmaxwell> Though I'm surprised someone hasn't just setup a front end on actual mechnical turk that just exchanges and pays amazon.
805 2011-12-07 06:45:59 <justmoon> I just bought forbitcoin.com :D
806 2011-12-07 06:46:02 <amiller> hey if anyone likes to talk about mechanical turk
807 2011-12-07 06:46:12 <amiller> i just watched this talk today http://www.ted.com/talks/aaron_koblin.html
808 2011-12-07 06:46:36 <amiller> there are some clever games with mechanical turk in there
809 2011-12-07 06:46:43 <copumpkin> gmaxwell: saying things about the difficulty of finding hash collisions, for example
810 2011-12-07 06:47:02 <copumpkin> might want to appeal to the expected number of tries an attacker would have to make
811 2011-12-07 06:47:54 <copumpkin> but it's really quite difficult to build those out of first concepts, and there's also the issue that we're working in a logic that most people don't usually think in
812 2011-12-07 06:48:18 <copumpkin> (intuitionist logic, not classical, which means that some often intuitive facts from classical logic are no longer provable)
813 2011-12-07 06:48:43 <gmaxwell> yea... these are usually problems I think about for a minute to figure out if I know where to start on an analytic solution (using dreaded reals!) .. then I just write a simulation and approximate it.
814 2011-12-07 06:48:57 <copumpkin> yeah :)
815 2011-12-07 06:49:34 <copumpkin> but even apart from the cryptographic security of an implementation, I'd be quite happy to get a nice partially verified client that is verified to "be good" in more deterministic manners
816 2011-12-07 06:50:24 <gmaxwell> the cryptographic parts are easy to validate (not in a proof sense) via classic software techniques.. e.g. show they do what they are supposted to do, and nothing else.
817 2011-12-07 06:50:45 <copumpkin> yeah
818 2011-12-07 06:51:43 <gmaxwell> (or even use multi-computation, e.g. include three implementations and vote, and prove the judge. ;).. then only prove the crypto stuff can't crash the machine)
819 2011-12-07 06:52:57 <gmaxwell> justmoon: really?
820 2011-12-07 06:53:04 <gmaxwell> justmoon: going to do anything neat with it?
821 2011-12-07 06:55:19 <gmaxwell> justmoon: clicking on .. anything there bring up a "you were about to be ripped off" warning from http://www.fiverrscript.com
822 2011-12-07 06:55:34 <justmoon> lol
823 2011-12-07 06:55:35 <amiller> ah finally
824 2011-12-07 06:55:39 <justmoon> yeah, needs a bit of work
825 2011-12-07 06:55:47 <justmoon> payment doesn't work currently
826 2011-12-07 06:55:49 <amiller> www.mathematik.uni-muenchen.de/~schwicht/papers/mod97/fcp.ps
827 2011-12-07 06:56:01 <amiller> formal correctness proof of dijkstras algorithm a case study
828 2011-12-07 06:56:51 <justmoon> gmaxwell, suggestions for the site are very welcome - right now I'm just planning to fix the payment and clean it up a bit - will check out the fiverrscript thing
829 2011-12-07 06:57:30 <gmaxwell> justmoon: I'll be glad to send you my thoughts� it seems like a useful service we ought to have.
830 2011-12-07 06:57:56 <justmoon> exactly, that's why I bought it - it was killing me, such a nice site and the payment hasn't been working for months
831 2011-12-07 06:58:15 <justmoon> reason was the original developer dropped out
832 2011-12-07 06:58:55 <gmaxwell> I think thats a probably we'll continue to face... most of the bitcoin community is not big enough (except the exchanges and the biggest pools) to actually support people full time.
833 2011-12-07 06:59:08 <gmaxwell> So a lot of businesses will start and die from a lack of love.
834 2011-12-07 06:59:26 <justmoon> yeah - guess the core people will have to buy them all up :P
835 2011-12-07 06:59:29 <gmaxwell> at least they had the good sense to sell that one instead of just taking it down.
836 2011-12-07 07:01:06 <justmoon> gmaxwell, did you have a look at: http://www.weusecoins.com/questions.php
837 2011-12-07 07:01:19 <justmoon> I'm thinking of putting this instead of the privacy/security section
838 2011-12-07 07:03:11 <gmaxwell> the top questions ranking is a bit weird there.
839 2011-12-07 07:03:25 <gmaxwell> BDD is a bunch of navel gazing from the perspective of helping people learn to use bitcoin
840 2011-12-07 07:04:04 <justmoon> yeah, well, that's what you get with community generated content
841 2011-12-07 07:04:52 <justmoon> I like what it communicates on a meta level - this is what you would find for a community project - far from the polished FAQ you'd have on a corporate website
842 2011-12-07 07:05:01 <justmoon> do you know what I mean?
843 2011-12-07 07:05:11 <justmoon> but yeah the ranking is weird in some parts :/
844 2011-12-07 07:05:32 <gmaxwell> Yes, it's generally fairly good.
845 2011-12-07 07:06:08 <gmaxwell> I think the good business advice is to minimize places to click which don't result in the user giving you money.
846 2011-12-07 07:06:18 <justmoon> hehe
847 2011-12-07 07:06:27 <gmaxwell> It's not entirely insane to imagine the user as a monkey that clicks randomly and then pays you when asked. 0_o
848 2011-12-07 07:07:03 <justmoon> that statement resonates with my experience
849 2011-12-07 07:07:07 <justmoon> cynical as it may be
850 2011-12-07 07:07:58 <justmoon> at the same time, i've done well not to underestimate people's intelligence either, it's more a case of - not everybody is an expert at X, so they'll act like non-experts
851 2011-12-07 07:08:16 <justmoon> anyway, should I launch it like this?
852 2011-12-07 07:08:42 <gmaxwell> so closing my eyes moving my mouse randomly.. then clicking the nearest link it took me 14 click to get to a real place where I'd order if I clicked on amazon.
853 2011-12-07 07:09:05 <gmaxwell> That sounds like a lot.. but if the site had basically any external links at all I would have been likely to exit the site long before then.
854 2011-12-07 07:09:15 <gmaxwell> also, the 14 clicks managed to get me logged in.
855 2011-12-07 07:09:27 <justmoon> hang on, what site are we talking about now?
856 2011-12-07 07:09:31 <gmaxwell> amazon.com
857 2011-12-07 07:09:35 <justmoon> oh
858 2011-12-07 07:09:36 <justmoon> :)
859 2011-12-07 07:10:07 <gmaxwell> well, it's not really about intelligence.. peoples interest/patience runs out in finite time.. and even smart people get lost in unfamilar pages easily.
860 2011-12-07 07:10:17 <justmoon> are you saying amazon is something weusecoins should emulate?
861 2011-12-07 07:10:32 <justmoon> I've pretty much done the opposite and added as many external links as possible :D
862 2011-12-07 07:10:44 <gmaxwell> hah, no! but doing that has consequences.
863 2011-12-07 07:11:03 <gmaxwell> e.g. your might make people smarter with the external links.. but less interested in bitcoin.
864 2011-12-07 07:11:03 <justmoon> true
865 2011-12-07 07:11:32 <gmaxwell> (though I suppose they're mostly external links to bitcoin stuff)
866 2011-12-07 07:11:39 <justmoon> I could have the answers pop up in a lightbox instead
867 2011-12-07 07:11:42 <justmoon> for the top questions at least
868 2011-12-07 07:13:33 <justmoon> also, on the general point - decentralization and this kind of "only one big button" userfriendliness are at odds to some extent
869 2011-12-07 07:14:08 <justmoon> the most userfriendly thing would be to only tell people how to get a client and then have something built into the client where people can buy coins
870 2011-12-07 07:14:33 <justmoon> but it would be tough to have that be "fair" towards new startup exchanges
871 2011-12-07 07:36:51 <quellhorst> whats the best way to get the current bitcoin price so that i can put stuff on a website thats dynamic
872 2011-12-07 07:37:15 <SomeoneWeird> ;;ticker --last
873 2011-12-07 07:37:16 <gribble> 3
874 2011-12-07 07:37:22 <SomeoneWeird> :P
875 2011-12-07 07:37:28 <SomeoneWeird> scrape it from mtgox or something
876 2011-12-07 07:38:36 <quellhorst> gribble source is available right?
877 2011-12-07 07:38:44 <quellhorst> maybe i could look at his internals :P
878 2011-12-07 07:39:38 <justmoon> quellhorst: https://mtgox.com/api/0/data/ticker.php
879 2011-12-07 07:40:04 <quellhorst> thanks
880 2011-12-07 07:40:40 <justmoon> for multiple currencies: https://mtgox.com/api#Methods_API_version_1
881 2011-12-07 10:26:15 <sneak> what's this about verisons prior to 0.5 harming the network?
882 2011-12-07 10:49:36 <Eliel> sneak: well, old versions don't have the improvements.
883 2011-12-07 10:57:24 <tcatm> quellhorst: telnet bitcoincharts.com 27007 is what gribble uses in #bitcoin-market
884 2011-12-07 11:11:25 <mega_p2k> hello, I'm trying to implement my own mini block explorer. the getblocks message is troubling me: I got the genesis block + the first 10 blocks and send their hashes through the getblocks message last to first, however I keep getting the same 10 blocks at the beginning of the inv message as a return (do not want). what am I missing?
885 2011-12-07 11:21:51 <tcatm> mega_p2k: when using getblocks you should set hashstop to 0 and provide only one blocklocator with the latest hash you know of
886 2011-12-07 11:23:09 <mega_p2k> tcatm: the blocklocator is a list with a single entry? the specification tells something different, that's why I wonder.
887 2011-12-07 11:23:40 <tcatm> where's there specification? I don't know of any official one.
888 2011-12-07 11:23:46 <mega_p2k> https://en.bitcoin.it/wiki/Protocol_specification
889 2011-12-07 11:24:01 <mega_p2k> looked official enough for me
890 2011-12-07 11:24:48 <tcatm> it's a public editable wiki :)
891 2011-12-07 11:25:20 <mega_p2k> it's a bit sad, because it took me hours to figure out an algorithm to get that block locator list...
892 2011-12-07 11:25:50 <mega_p2k> so this is confirmed, the list should only contain one hash
893 2011-12-07 11:25:53 <tcatm> so you should edit the wiki once you get it working
894 2011-12-07 11:26:15 <tcatm> not confirmed, but that's what my implementation does to fetch the blockchain
895 2011-12-07 11:28:32 <mega_p2k> and what happens if I'm on a branch or an orphan block and send in that hash?
896 2011-12-07 11:30:53 <tcatm> try it :)
897 2011-12-07 11:31:22 <mega_p2k> it looks like there is no way for the peer to return an error message
898 2011-12-07 11:33:13 <tcatm> you'll probably get an inv for a new block within the next 20 minutes that you can use to find the correct chain
899 2011-12-07 11:34:41 <mega_p2k> but then, how to get to the right start hash?
900 2011-12-07 11:34:58 <mega_p2k> I don't want to load the whole blockchain again
901 2011-12-07 11:35:24 <mega_p2k> wasn't the idea of the block locator to deal with this problem?
902 2011-12-07 11:35:45 <mega_p2k> by sending in a list of known blocks and letting the peer decide where to start?
903 2011-12-07 11:37:04 <tcatm> the new block will know the hash of the previous block