1 2012-02-05 02:28:06 <sipa> hmm, currently 582644 addresses with non-zero balance
2 2012-02-05 02:29:35 <pingdrive> one of them is MEEEEEEEE!
3 2012-02-05 02:30:36 <FROTUSCI> cool
4 2012-02-05 02:31:13 <copumpkin> sipa: what's the largest balance at a single address?
5 2012-02-05 02:32:34 <gmaxwell> copumpkin: mtgox has like 450k btc at a single address.
6 2012-02-05 02:33:02 <copumpkin> yeah, I know about that one
7 2012-02-05 02:33:06 <copumpkin> I think it's a little less than that now isn't it?
8 2012-02-05 02:33:14 <copumpkin> (and I'm still not 100% positive that it is mtgox :P)
9 2012-02-05 02:33:43 <copumpkin> it'd be nice to get a real confirmation from MagicalTux that it is or isn't
10 2012-02-05 02:35:34 <gmaxwell> copumpkin: we got confirmation before.
11 2012-02-05 02:35:49 <copumpkin> oh? how?
12 2012-02-05 02:36:00 <gmaxwell> (MagicalTux moved an amount of coin specified by someone on IRC)
13 2012-02-05 02:36:33 <FROTUSCI> the amount had 1337 in it
14 2012-02-05 02:36:39 <sipa> copumpkin: looking
15 2012-02-05 02:36:50 <sipa> damn, bitcoind is fast when ran from a tmpfs
16 2012-02-05 02:37:00 <sipa> from disk it would have taken hours to calculate this
17 2012-02-05 02:39:52 <sipa> largest i find is 105k BTC
18 2012-02-05 03:06:58 <MagicalTux> [12:33:43] <copumpkin> it'd be nice to get a real confirmation from MagicalTux that it is or isn't <- we are not storing more than 5k btc per address anymore
19 2012-02-05 03:07:08 <copumpkin> ah
20 2012-02-05 03:07:22 <copumpkin> but those huge 500k movements a while back were you?
21 2012-02-05 03:07:48 <BTC_Bear> MagicalTux: Did Theymos get ahold of you? He couldn't ssh into the forum.
22 2012-02-05 03:08:27 <MagicalTux> BTC_Bear: that's fixed
23 2012-02-05 03:32:07 <luke-jr> what OS does gitian need? -.-
24 2012-02-05 03:32:19 <luke-jr> I assumed Ubuntu, but it doesn't have python-vm-builder or apt-cacher
25 2012-02-05 03:33:41 <sipa> it has here
26 2012-02-05 03:33:57 <sipa> Ubuntu 11.10
27 2012-02-05 03:35:13 <luke-jr> O.o
28 2012-02-05 03:35:17 <luke-jr> same version too
29 2012-02-05 03:35:38 <luke-jr> do I need some non-default repo?
30 2012-02-05 03:37:32 <sipa> not that i know
31 2012-02-05 03:37:43 <sipa> it may be in universe or multiverse, though
32 2012-02-05 03:38:22 <sipa> universe, apparently
33 2012-02-05 03:39:51 <FROTUSCI> cool
34 2012-02-05 03:40:03 <luke-jr> looks like I need to upgrade my host-KVM first anyway& one I had installed doesn't support nesting
35 2012-02-05 03:40:38 <sipa> it does now?
36 2012-02-05 03:40:47 <luke-jr> it should O.o
37 2012-02-05 03:40:49 <sipa> nice
38 2012-02-05 03:41:10 <luke-jr> I know I saw it in kernel changelog :p
39 2012-02-05 03:42:27 <gmaxwell> hm. inability to nest is one reason I haven't moved my entire system into kvm... pretty cool.
40 2012-02-05 03:45:21 <luke-jr> it's not working <.<
41 2012-02-05 03:45:35 <luke-jr> latest kvm got rid of --enable-nested and I can't figure out the cmdline option that replaced it yet
42 2012-02-05 03:46:20 <sipa> i read this somewhere: modprobe kvm_amd nested=1
43 2012-02-05 03:47:04 <graingert> *GGGGGGGGGGGGGGGGGGGGGGGGG
44 2012-02-05 03:47:21 <gmaxwell> graingert: you don't say?
45 2012-02-05 03:47:40 <graingert> gmaxwell: it's very odd char
46 2012-02-05 03:48:45 <luke-jr> sipa: I use Intel
47 2012-02-05 03:48:46 <luke-jr> :p
48 2012-02-05 03:48:56 <luke-jr> but it's the KVM cmd line that's the problme
49 2012-02-05 03:48:59 <FROTUSCI> downton abbey
50 2012-02-05 03:51:19 <luke-jr> k, got it
51 2012-02-05 03:51:31 <luke-jr> I had disabled nested=1 on the kernel module for some reason; now it just works
52 2012-02-05 03:51:49 <luke-jr> let's see if 2 GB RAM is enough to do this all on LiveCD
53 2012-02-05 03:52:19 <luke-jr> since qemu apparently can't do more
54 2012-02-05 03:53:40 <luke-jr> I'm impressed with how Ubuntu boots fairly fast, and autodetects qemu :D
55 2012-02-05 03:54:24 <luke-jr> hmm, gitian requires 64-bit? -.-
56 2012-02-05 03:54:29 <luke-jr> Ubuntu recommended 32-bit
57 2012-02-05 03:55:07 <sipa> and gitian uses a 64-bit guest to do the 64-bit builds
58 2012-02-05 03:57:30 <luke-jr> what if I only want 32-bit builds? <.<
59 2012-02-05 03:57:39 <sipa> hack the script, i guess
60 2012-02-05 03:57:51 <luke-jr> didn't think we supported win64
61 2012-02-05 03:58:18 <sipa> we don't
62 2012-02-05 04:18:44 <graingert> sipa: you can in some cases
63 2012-02-05 04:18:50 <graingert> 64 on 32
64 2012-02-05 04:19:01 <sipa> ?
65 2012-02-05 04:19:05 <sipa> ah
66 2012-02-05 04:19:06 <graingert> Virtualbox
67 2012-02-05 04:19:21 <sipa> without cpu emulation?
68 2012-02-05 04:19:29 <graingert> yup
69 2012-02-05 04:20:06 <sipa> even when the host cpu doesn't support 64 bit?
70 2012-02-05 04:20:30 <graingert> not sure, only used it when the host cpu supports
71 2012-02-05 04:20:34 <graingert> but os does not
72 2012-02-05 04:21:15 <graingert> http://geekswithblogs.net/twickers/archive/2009/02/06/129243.aspx
73 2012-02-05 04:21:22 <graingert> "requires additional overhead"
74 2012-02-05 05:17:48 <devrandom> mmmmmm... nested kvm
75 2012-02-05 05:18:10 <luke-jr> devrandom: is gitian intentionally Ubuntu-only? :/
76 2012-02-05 05:18:24 <luke-jr> for host OS
77 2012-02-05 05:21:47 <gmaxwell> sad: ozco.in (mining pool) was being robbed by that same RPC bruteforcer that there was a thread about on the forum recently.
78 2012-02-05 05:22:07 <gmaxwell> Several hundred BTC stolen... actively siphoned as the blocks matured.
79 2012-02-05 05:22:34 <sipa> maybe time to have a delay before disconnecting if an RPC client gives a wrong password
80 2012-02-05 05:23:15 <gmaxwell> sipa: we have one which does little more than tell you that the password is worth bruitforcing or not. :(
81 2012-02-05 05:23:37 <luke-jr> wtf, another one?
82 2012-02-05 05:23:45 <gmaxwell> (there is a delay which depends on the length of your rpcpassword)
83 2012-02-05 05:23:53 <luke-jr> how are they even getting to the RPC port?
84 2012-02-05 05:24:12 <gmaxwell> I don't know for sure if ozco.in was via rpc.. thats what the same attacker did to m3ta though.
85 2012-02-05 05:24:32 <gmaxwell> so I think it's likely.
86 2012-02-05 05:24:56 <gmaxwell> ozco.in appears to have left it running while they were getting robbed... kinda freaky.
87 2012-02-05 05:25:56 <gmaxwell> sipa: in any case, while rpc is single threaded any delay means that it's a dos attack vector.
88 2012-02-05 05:26:48 <sipa> well you shouldn't expose the RPC port in the first place
89 2012-02-05 05:26:54 <sipa> but why do we have a password then
90 2012-02-05 05:26:56 <gmaxwell> sipa: I think I prefer instead to take N attempts in M interval from an IP and then start returning 'nope' to every RPC call for a few minutes... this way it's only a DOS if they can attempt from your own systems.
91 2012-02-05 05:26:56 <luke-jr> any bad effects if I enable wallet encryption on Eligius?
92 2012-02-05 05:27:20 <gmaxwell> sipa: well yea, you shouldn't.. but people make mistakes.
93 2012-02-05 05:27:36 <luke-jr> besides being permanently unable to unlock it?
94 2012-02-05 05:27:47 <gmaxwell> sipa: one thing we should do is autogenerate a rpcuser/rpcpassword when we create a config file.. and hopefully people will leave the auto ones in.
95 2012-02-05 05:28:03 <gmaxwell> luke-jr: it can't add to the keypool without the encryption key.
96 2012-02-05 05:28:18 <gmaxwell> luke-jr: but that may not matter for your usage.
97 2012-02-05 05:28:19 <luke-jr> gmaxwell: I use a static address for mining now
98 2012-02-05 05:28:41 <gmaxwell> great. then there should be no harm. (a backup is always advised first, of course)
99 2012-02-05 05:30:40 <gmaxwell> I kinda wonder if there shouldn't be code with wallet encryption to limit the unlock to the IP address that called the unlock rpc.
100 2012-02-05 05:30:56 <sipa> gmaxwell: one other advantage of determinstic wallets... you can add keys while locked
101 2012-02-05 05:31:11 <gmaxwell> because even if ozco.in had been using encrpytion, the attacker could just poll like crazy and then outrace the unlock.
102 2012-02-05 05:31:36 <gmaxwell> I guess if your rpc is insecure you've already lost.
103 2012-02-05 05:31:42 <gmaxwell> sipa: Indeed.
104 2012-02-05 05:32:26 <sipa> this would be so much easier to implement if i could throw the old wallet's key handling stuff out
105 2012-02-05 06:25:56 <Diablo-D3> gmaxwell, sipa: what happened to -server on gui?
106 2012-02-05 06:26:03 <sipa> nothing?
107 2012-02-05 06:26:08 <gmaxwell> it's still there.
108 2012-02-05 06:26:17 <gmaxwell> Just not in help (was it ever?)
109 2012-02-05 06:26:20 <Diablo-D3> so why does it not start it up?
110 2012-02-05 06:26:28 <sipa> anything in debug.log?
111 2012-02-05 06:26:32 <gmaxwell> you're not setting a user/password?
112 2012-02-05 06:26:53 <Diablo-D3> gmaxwell: yes I am
113 2012-02-05 06:27:01 <Diablo-D3> I see nothing useful in debug.log
114 2012-02-05 06:27:19 <Diablo-D3> oh wait, wtf
115 2012-02-05 06:27:21 <Diablo-D3> now its working
116 2012-02-05 06:27:25 <Diablo-D3> I havent touched a thing
117 2012-02-05 06:27:35 <sipa> was it still loading the block chain index?
118 2012-02-05 06:28:29 <Diablo-D3> no, its been awake for days
119 2012-02-05 06:37:00 <helo_> txparam = "txdata=" *pchar
120 2012-02-05 06:38:36 <helo_> ^ add to bip 21 okplzthx
121 2012-02-05 06:40:03 <sipa> ?
122 2012-02-05 06:40:23 <sipa> what would it mean?
123 2012-02-05 06:42:12 <helo_> probably bs, but it could allow people to embed entire transaction payloads in a URI to make it easy for others to send/verify a transaction
124 2012-02-05 06:43:02 <sipa> the entire serialized transaction?
125 2012-02-05 06:43:46 <helo_> this isn't a very practical application, but if you wanted to give someone bitcoin for their birthday, or allow them to withdraw bitcoin at their leisure, you could send them an email with the transaction for them to click and broadcast themselves
126 2012-02-05 06:43:50 <helo_> yeah
127 2012-02-05 06:45:07 <sipa> it'd probably have to be req-txdata
128 2012-02-05 06:46:25 <helo_> or i want to be sure i have access to enough money to fly me home should something bad happen, but dodn't want to have the balance on any address that i'm in possesion of... or something
129 2012-02-05 06:46:55 <helo_> or my dad wants me to have access to money while i'm away at college should the need arise
130 2012-02-05 06:47:47 <helo_> but doesn't want a virus to be able to steal it from my wallet (passphrase sniffing) when i decrypt it to pay rent each month
131 2012-02-05 06:50:03 <helo_> i'm betting there is a better way to achieve those aims, but there are other applications too, and it would be kind of a different mechanism to be commonly accessible
132 2012-02-05 06:50:38 <helo_> (if it was officially supported by the main client)
133 2012-02-05 06:51:11 <helo_> could also have, instead of sending directly, a checkbox for "generate url containing transaction payload for sending later"
134 2012-02-05 06:51:19 <gribble> New news from bitcoinrss: gmaxwell opened pull request 798 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/pull/798>
135 2012-02-05 06:51:55 <helo_> ahh good gmax is awake... i'm sure he'll take the opportunity to shoot this idea down properly :)
136 2012-02-05 06:53:59 <helo_> could also allow other applications to send bitcoin transactions without implementing the networking side of actually sending a transaction into the network
137 2012-02-05 06:54:35 <sipa> just sending a transaction is quite trivial, though
138 2012-02-05 06:54:49 <helo_> but a web browser can't do it by itself
139 2012-02-05 06:55:11 <sipa> true
140 2012-02-05 06:55:12 <gmaxwell> helo_: I saw it, but thought it was kinda silly.
141 2012-02-05 06:55:13 <helo_> javascript app or whatever
142 2012-02-05 06:55:20 <helo_> it is...
143 2012-02-05 06:55:39 <gmaxwell> But it's not my place to shoot down ideas that are merely silly.
144 2012-02-05 06:55:58 <helo_> as long as it's not dangerous like most of my ideas :)
145 2012-02-05 06:57:41 <helo_> hmm... you could generate a transaction, and completely destroy the wallet the funds belong to
146 2012-02-05 06:58:01 <Graet> ^^ right now i like this idea
147 2012-02-05 06:58:09 <Graet> qucik tell me how!!
148 2012-02-05 06:58:42 <helo_> save transaction data transferring all of the funds (currently known) to exist at an address
149 2012-02-05 06:58:49 <helo_> instead of sending it
150 2012-02-05 06:59:27 <helo_> then destroy the wallet, and put the transaction into a safety deposit box
151 2012-02-05 06:59:34 <helo_> if you want...
152 2012-02-05 06:59:56 <helo_> kind of once-removed offline storage
153 2012-02-05 07:00:29 <helo_> you could create a transaction moving an amount of bitcoin that doesn't currently reside at an address
154 2012-02-05 07:00:42 <gmaxwell> Darnit how the hell do I update a pull request.
155 2012-02-05 07:00:49 <helo_> to be able to used in the future when it does
156 2012-02-05 07:01:00 <sipa> gmaxwell: just push to the branch the pull request uses
157 2012-02-05 07:01:34 <bd_> helo_: why not just send to a special, one-time-use address and keep the private key in a secure location?
158 2012-02-05 07:02:29 <helo_> that is the normal way to do things, yes
159 2012-02-05 07:02:37 <gmaxwell> sipa: okay, I did that but the pull request didn't update.
160 2012-02-05 07:02:50 <sipa> is it closed?
161 2012-02-05 07:03:04 <gmaxwell> No.
162 2012-02-05 07:03:28 <gmaxwell> https://github.com/gmaxwell/bitcoin/commit/b04f301c8edb0d062864af58e20a65079f9624b7 is the head of the branch
163 2012-02-05 07:03:49 <gmaxwell> (I screwed up and missed commiting part of my change because I did --amend without -a and only updated the commit message)
164 2012-02-05 07:04:02 <gmaxwell> pull request still shows https://github.com/gmaxwell/bitcoin/commit/9d33dc71cfbfc89e89284338c691d1e104c60665
165 2012-02-05 07:04:10 <gmaxwell> (the difference is that its missing the logging part of the change)
166 2012-02-05 07:04:10 <sipa> you updated rpcpassword, but the pullreq uses advertise0fixes
167 2012-02-05 07:04:12 <helo_> maybe it is true that multiple weird newish kinds of arrangements/scenarios could be made accessible if transaction payload could be encoded into a URI
168 2012-02-05 07:04:21 <gmaxwell> bleh.
169 2012-02-05 07:04:27 <helo_> and maybe some of these would be useful in some situations :)
170 2012-02-05 07:06:11 <gmaxwell> sipa: thanks. I fail at github. (fixing)
171 2012-02-05 07:06:52 <helo_> or maybe if you were to die, nobody would know your passphrase, and all of your money would be gone
172 2012-02-05 07:08:47 <helo_> so you create a transaction sending your savings to your lawyer to be used in the event that you die
173 2012-02-05 07:09:51 <sipa> i think this is useful, but i think it's more appropriate to have a file format for it, and the ability to export/import it
174 2012-02-05 07:10:39 <helo_> yeah, possibly
175 2012-02-05 07:11:37 <sipa> or an RPC call
176 2012-02-05 07:11:39 <gribble> New news from bitcoinrss: gmaxwell opened pull request 799 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/pull/799>
177 2012-02-05 07:12:53 <gmaxwell> helo_: if you were going to create such a recovery thing... why not just have the password in it?
178 2012-02-05 07:14:26 <helo_> maybe your house burns down with you and your private key backups in it
179 2012-02-05 07:15:55 <helo_> would URI support cover any ground that a file format would not?
180 2012-02-05 07:21:55 <helo_> a bitcoin transaction is kind of like a check you have written
181 2012-02-05 07:23:19 <sipa> how would you store the URL?
182 2012-02-05 07:25:05 <helo_> in an html file with javascript to load the URI when it is opened ;)
183 2012-02-05 07:27:30 <helo_> URI would apparently just be a method to store a transaction in a very awkward way Oo
184 2012-02-05 08:57:22 <Eliel> helo: there's a few factors that make the transaction approach somewhat inconvenient. 1) the recipient has to have a wallet 2) If you want the transaction to include a whole wallet, the transaction would need to be remade every time money is added to the wallet.
185 2012-02-05 08:57:46 <Eliel> helo: oh and 3) you have to know the recipient address well in advance.
186 2012-02-05 08:58:12 <Eliel> ... and 4) you have to have the bitcoins in advance.
187 2012-02-05 09:47:49 <diki> A few months ago I wrote a...php proxy for bitcoin, the miner connected to the proxy but sadly, even though I was sending the correct json headers...nothing happened
188 2012-02-05 09:47:58 <diki> my question is, was it Apache's fault?
189 2012-02-05 09:48:47 <diki> Since a miner has only a few specified headers which curl reports, where apache has a few more
190 2012-02-05 10:07:13 <gribble> New news from bitcoinrss: laanwj opened pull request 800 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/pull/800>
191 2012-02-05 10:08:46 <makomk> luke-jr: you can run gitian on Gentoo too - I do - but it's pretty much undocumented and a bit fiddly.
192 2012-02-05 12:16:33 <osmosis> it would be nice if bitcoin-qt showed and allowed a sort by creation datetime on the list of addresses
193 2012-02-05 12:20:55 <osmosis> whenever I create a new address, i got back to look for it and its lost in alphabetical order
194 2012-02-05 12:47:13 <luke-jr> makomk: how? python-vm-builder looks liek an Ubuntu-specific thing
195 2012-02-05 12:51:54 <finway> Is libcoin's initial downloading really that fast ? 3.5 times faster ?
196 2012-02-05 12:52:06 <finway> we should import that feature.
197 2012-02-05 12:53:04 <luke-jr> finway: slower IIRC
198 2012-02-05 12:53:26 <finway> luke-jr: i guess you're right! java can't be faster...
199 2012-02-05 12:54:53 <finway> And what do you guys think about this: http://marc.info/?l=full-disclosure&m=132810929830371&w=2
200 2012-02-05 12:55:06 <finway> Is this really dangerous ?
201 2012-02-05 12:55:30 <finway> Skip verifying transaction signatures during initial block-chain down& &load
202 2012-02-05 12:55:31 <Diablo-D3> if thats the url Im thinking of, go read the replies
203 2012-02-05 12:55:38 <cjd> biggest risk is realsolid's goons spamming it around causing fud
204 2012-02-05 12:57:29 <finway> Oh shit, Dan Kaminsky replied to this.
205 2012-02-05 12:57:42 <cjd> it's "unexploitable"
206 2012-02-05 13:00:17 <finway> I think _exploiting_bitcoin_network _get_all_money are all hackers' wet dream...
207 2012-02-05 13:01:13 <cjd> I find that cleverness and morals come together
208 2012-02-05 13:03:29 <finway> So we get Initial downloading faster by skiping ECDSA checking before the CHECKPOINT ?