1 2012-04-05 00:14:20 <etotheipi_> sipa, you previously linked me to some code concerning key recovery, but I lost it
2 2012-04-05 00:16:07 <sipa> etotheipi_: https://github.com/bitcoin/bitcoin/blob/master/src/key.cpp#L47
3 2012-04-05 00:16:24 <etotheipi_> oh, I shouldn't known it was in the Bitcoin master branch
4 2012-04-05 00:16:32 <etotheipi_> for some reason I forgot it was already implemented
5 2012-04-05 00:16:36 <etotheipi_> thanks
6 2012-04-05 00:16:57 <sipa> though it may be easier to implement it yourself, be following the specification (SEC1 4.1.6, http://www.secg.org/index.php?action=secg,docs_secg)
7 2012-04-05 00:17:44 <etotheipi_> well I need to implement it myself -- but I have all the math already available
8 2012-04-05 00:17:57 <etotheipi_> I just never bothered to try to figure it out on my own
9 2012-04-05 00:18:18 <sipa> the algorithm in the SEC spec is quite readable
10 2012-04-05 00:20:12 <etotheipi_> is an "octet string" just a "byte string"?
11 2012-04-05 00:20:18 <sipa> yes
12 2012-04-05 00:20:20 <theorbtwo> etotheipi_: Yes.
13 2012-04-05 00:20:32 <theorbtwo> octet is standarise for byte.
14 2012-04-05 00:20:55 <sipa> there have been systems with non-8-bit bytes in the past
15 2012-04-05 00:22:27 <gmaxwell> There are ones currently!
16 2012-04-05 00:22:42 <gmaxwell> TMS320C55 has basically all types = 16 bits.
17 2012-04-05 00:22:47 <etotheipi_> how about negabinar?
18 2012-04-05 00:22:51 <etotheipi_> *negabinary
19 2012-04-05 00:22:57 <Diablo-D3> gmaxwell: loldsps
20 2012-04-05 00:23:05 <etotheipi_> those crazy polish bastards
21 2012-04-05 00:23:18 <gmaxwell> (well, there are 32 bit types too, but in any case sizeof(char)==sizeof(int)== 16 bits)
22 2012-04-05 00:24:09 <gmaxwell> (this actually makes all the C promotion rules behave in ways which are differently surprising then they do on most other systems)
23 2012-04-05 00:24:54 <sipa> at university we were taught computer systems by playing with a virtual machine that had 13.288 bit bytes
24 2012-04-05 00:25:40 <TuxBlackEdo> so that 1tx miner is gone now?
25 2012-04-05 00:25:42 <sipa> (it was called DRAMA, an acronym in dutch that translates to "decimal computing machine with multiple accumulators"
26 2012-04-05 00:25:58 <sipa> its smallest unit was an integer between 0 and 9999
27 2012-04-05 00:26:08 <gmaxwell> ah, now I know why all dutch computer people are crazy.
28 2012-04-05 00:26:54 <sipa> i understood the idea "we won't teach you real assemble, because that would mean you're focusing on the machine-specific details instead of the general idea"
29 2012-04-05 00:27:08 <sipa> but taking it as far as making it decimal was several bridges too far, imho
30 2012-04-05 00:27:34 <gmaxwell> ::nods:: thus MIX in knuth's books.
31 2012-04-05 00:27:52 <gmaxwell> (though at least MIX is like real machines)
32 2012-04-05 00:27:52 <sipa> i hear they switched to MIPS a few years ago
33 2012-04-05 00:30:12 <Diablo-D3> gmaxwell: hrrrrrm
34 2012-04-05 00:30:58 <sipa> gmaxwell: concerning the DNS leak/tor thing; would that "you may be leaking information!" warning go away if you use dotted-quad notation and hostname destinations in SOCKS4a or SOCKS5?
35 2012-04-05 00:31:06 <Diablo-D3> Verifying last 2500 blocks at level 1
36 2012-04-05 00:31:19 <Diablo-D3> sipa: no
37 2012-04-05 00:31:25 <Diablo-D3> sipa: infact, thats how it detects it
38 2012-04-05 00:31:36 <Diablo-D3> you feed it an IP it knows it didnt resolve
39 2012-04-05 00:31:43 <sipa> no, currently we send IPv4 adres
40 2012-04-05 00:31:48 <sipa> not a dotted quad hostname
41 2012-04-05 00:31:50 <gmaxwell> sipa: I think we're pretty screwed in this respect.. esp since _lots_ of socks5 apps send IP addresses after doing their own DNS.
42 2012-04-05 00:31:52 <Diablo-D3> sipa: oh
43 2012-04-05 00:31:57 <Diablo-D3> sipa: wait what?
44 2012-04-05 00:32:16 <gmaxwell> but I haven't tested, so I'm not sure. If it does pass its arguably a bug in tor.
45 2012-04-05 00:33:16 <sipa> why? you could be doing your own lookups and converting back to a hostname of course, but typically using a dotted quad sounds like the user typed in that as the intended hostname, which is fine
46 2012-04-05 00:33:17 <Diablo-D3> gmaxwell: we'll know tommorow if this fixed it
47 2012-04-05 00:33:48 <gmaxwell> sipa: or an app that just sends them as dotted quad all the time.
48 2012-04-05 00:33:55 <sipa> true
49 2012-04-05 00:36:47 <Diablo-D3> gmaxwell: but filtering it through dd should obliterate any fragmentation problem
50 2012-04-05 00:37:15 <gmaxwell> Diablo-D3: cp should too.
51 2012-04-05 00:37:23 <Diablo-D3> cp wont
52 2012-04-05 00:37:29 <gmaxwell> unless you're on some crazy fs that does reflink.
53 2012-04-05 00:37:29 <sipa> ?
54 2012-04-05 00:37:37 <gmaxwell> (like btrfs)
55 2012-04-05 00:37:54 <Diablo-D3> Im not on btrfs, but with dd I'm assured it will work
56 2012-04-05 00:38:02 <sipa> cp does exactly the same thing as dd for this
57 2012-04-05 00:38:32 <sipa> only you can't specify the block size and do fancy transformations
58 2012-04-05 00:41:06 <gmaxwell> sipa:
59 2012-04-05 00:41:40 <gmaxwell> sipa: looks like if you send dotted quad via socks4a it may work?
60 2012-04-05 00:42:33 <gmaxwell> also for socks5.. you might be right too
61 2012-04-05 00:44:26 <gmaxwell> Addr type 3 (fqdn) doesn't appear to be able to produce the warning.
62 2012-04-05 00:51:06 <phantomcircuit> gmaxwell, dotted quad via socks4a will work
63 2012-04-05 00:51:57 <gmaxwell> \0/
64 2012-04-05 00:52:13 <gmaxwell> now... how to make dnsseed useful over toor... :(
65 2012-04-05 00:52:25 <gmaxwell> the best I can come up with is including a tiny tcp dns resolver. :(
66 2012-04-05 00:53:51 <gmaxwell> perhaps better to include a set of hidden service seed nodes and disable DNSseed...
67 2012-04-05 00:54:05 <gmaxwell> yea.. thats actually a lot better than DNSseed frankly.
68 2012-04-05 00:54:34 <sipa> gmaxwell: what about just connecting to the dnsseed?
69 2012-04-05 00:54:42 <sipa> via FQDN
70 2012-04-05 00:55:04 <gmaxwell> sipa: works but you only get one connection.
71 2012-04-05 00:55:27 <sipa> doesn't matter, you'll get addresses from the seed you've connected to
72 2012-04-05 00:55:31 <gmaxwell> You also potentially get screwed with by tor exits that are doing dumb things with dns.. not much of a risk, except for the fact that you can only get one connection.
73 2012-04-05 00:55:53 <Perlboy> umm, i know it's not 'standard procedure' but i managed to dos bitcoind offline doing getaccountaddress 100 times in a for loop.
74 2012-04-05 00:56:03 <Perlboy> it didn't come back until i kill -9'd it
75 2012-04-05 00:56:24 <gmaxwell> Perlboy: what version?
76 2012-04-05 00:57:03 <Perlboy> gmaxwell: wow, don't worry...
77 2012-04-05 00:57:05 <Perlboy> 0.3.24
78 2012-04-05 00:57:08 <Perlboy> that's woeful
79 2012-04-05 00:57:13 <Perlboy> and it's also the latest debian package
80 2012-04-05 00:57:21 <sipa> :S
81 2012-04-05 00:57:31 <gmaxwell> oh... who the hell let debian package bitcoin?
82 2012-04-05 00:57:45 <Perlboy> ubuntu i should say
83 2012-04-05 00:57:46 <sipa> that's 9 months old
84 2012-04-05 00:57:51 <gmaxwell> Perlboy: welp, doesn't do it with current versions.
85 2012-04-05 00:57:51 <Perlboy> hmms actually
86 2012-04-05 00:57:54 <Perlboy> somethings borked.... :-\n3279298
87 2012-04-05 00:58:06 <gmaxwell> Perlboy: The ubuntu packages are current use the ppa.
88 2012-04-05 00:58:11 <Perlboy> yeah ignore me everyone, i'm being a nub which is kidna embarrasing :-\n3279301
89 2012-04-05 01:00:01 <gmaxwell> sipa: so� having a bunch of hidden-service seednodes is independantly a good idea (because what if zomg the internet blocks bitcoin!), so we should have that independantly.. so why bother writing code to connect to the DNS seeds?
90 2012-04-05 01:01:04 <midnightmagic> sipa:
91 2012-04-05 01:01:11 <midnightmagic> er.. sorry, ignore that
92 2012-04-05 01:01:23 <sipa> gmaxwell: good point
93 2012-04-05 01:01:41 <sipa> each "network" (ipv4, ipv6, tor, ...) should have its own way of seeding anyway
94 2012-04-05 01:01:59 <sipa> so those users are able to mainly find eachother
95 2012-04-05 01:04:03 <sipa> gmaxwell: -addnode and -connect are easy to switch to SOCKS5/FQDN
96 2012-04-05 01:04:10 <sipa> or SOCKS4a, possibly
97 2012-04-05 01:05:35 <gmaxwell> Anyone here know anything about I2P and what we need to do to support it as well as we're going to support tor?
98 2012-04-05 01:07:27 <sipa> well, there's garlicat which seems to be very much alike onioncat
99 2012-04-05 01:07:55 <doublec> gmaxwell: depends what you mean by 'support it'
100 2012-04-05 01:08:27 <sipa> is there are SOCKS5-like proxy for I2P?
101 2012-04-05 01:08:40 <sipa> that allows connecting to the I2P equivalent of hidden services
102 2012-04-05 01:09:00 <sipa> sorry, a SOCKS5 tor-like proxy for I2P
103 2012-04-05 01:09:33 <gmaxwell> doublec: we want to be able to run a full node that makes itself available via I2P, and can rumor I2P addresses (encoded in IPv6) with other nodes it connects to. Which is what we're going to be doing for tor.
104 2012-04-05 01:10:55 <sipa> well, if garlicat can do it, so can we
105 2012-04-05 01:11:27 <gmaxwell> Maybe.
106 2012-04-05 01:11:33 <doublec> sipa: http://www.i2p2.de/socks.html
107 2012-04-05 01:13:27 <sipa> looks like it has enough to support outgoing connections over SOCKS
108 2012-04-05 01:14:08 <sipa> but without the ability to run an I2P destinator (I2Pspeak for hidden service, it seems), it's quite pointless
109 2012-04-05 01:14:31 <sipa> as I2P is much more aimed at hidden services than tor
110 2012-04-05 01:15:36 <gmaxwell> yea, I don't think there is any point of even supporting exit-to-internet for i2p..
111 2012-04-05 01:15:38 <phantomcircuit> sipa, btw was addrman merged?
112 2012-04-05 01:15:53 <gmaxwell> phantomcircuit: yes.
113 2012-04-05 01:16:01 <phantomcircuit> ok
114 2012-04-05 01:16:12 <phantomcircuit> i'll finish tor hidden service support when i get a chance
115 2012-04-05 01:16:21 <phantomcircuit> unless someone else took the torch already
116 2012-04-05 01:16:26 <phantomcircuit> haven't been paying attention really
117 2012-04-05 01:17:00 <sipa> phantomcircuit: https://github.com/bitcoin/bitcoin/pull/1021
118 2012-04-05 01:17:19 <sipa> it has a commit already that makes onioncat and garlicat addresses routable
119 2012-04-05 01:19:16 <sipa> ewww I2P is Java?
120 2012-04-05 01:19:39 <sipa> i was hoping we could just link to some library to access its API
121 2012-04-05 01:22:21 <gmaxwell> sipa: if you want to use I2P I recommend just booting https://tails.boum.org/ in a VM.
122 2012-04-05 01:22:34 <gmaxwell> It already has tor and I2P setup and running at boottime.
123 2012-04-05 01:23:51 <sipa> i guess we better focus on Tor hidden service support first
124 2012-04-05 01:24:37 <sipa> and just make garlicat addresses routable for now
125 2012-04-05 01:35:29 <gmaxwell> Should probably invite some I2P people to help figure out exactly what should be done. But I agree, tor first. (as tor is already widely used with bitcoin)
126 2012-04-05 01:35:51 <doublec> sipa: they have some weird protocol instead of an api
127 2012-04-05 01:36:21 <doublec> sipa: SAM and BOB
128 2012-04-05 01:36:24 <midnightmagic> unfortunately i2p performance isn't so hot, it seems to suffer from the freenet effect..
129 2012-04-05 01:36:31 <doublec> sipa: http://www.i2p2.de/samv3.html
130 2012-04-05 01:37:27 <gmaxwell> midnightmagic: not like we need good performance.
131 2012-04-05 01:37:47 <gmaxwell> midnightmagic: actually the ideal thing for bitcoin doesn't exist: a non-realtime (high latency) mixnet.
132 2012-04-05 01:37:59 <midnightmagic> when the rusleaks site went into i2p, it basically destabilized everybody. i'm not convinced yet that they've corrected that. so actual services running in i2p are often very difficult to actuall configure, let alone reliably use.
133 2012-04-05 01:38:14 <midnightmagic> they have whole sites dedicated just to helping people figure out whether a site is up or not
134 2012-04-05 01:38:38 <gmaxwell> Tor is stupid vulnerable to traffic/timing analysis if you assume the attacker can watch both ends, double so if he's allowed to interrupt or shape the traffic at either end.
135 2012-04-05 01:38:56 <midnightmagic> gmaxwell: zooko was one of the designers of the mixmasters, he could do it. :-)
136 2012-04-05 01:39:20 <midnightmagic> same with everything else.
137 2012-04-05 01:41:56 <gmaxwell> midnightmagic: It would actually be pretty simple to make a batch mixer just for bitcoin transactions.
138 2012-04-05 01:41:58 <midnightmagic> advanced usage of i2p is also very, very obscure. to do low-level ping-like things requires special knowledge of i2p's innards.
139 2012-04-05 01:43:01 <midnightmagic> gmaxwell: After talking with zooko/warner I'm not convinced it's easy to do a mixnet anymore.
140 2012-04-05 01:43:16 <phantomcircuit> sipa, you might have forgotten but the base32 algorithm used in onioncat is wrong
141 2012-04-05 01:43:39 <phantomcircuit> so there are potentially 3 prefixes necessary
142 2012-04-05 01:43:50 <phantomcircuit> onioncat garliccat and proper base32
143 2012-04-05 01:44:38 <gmaxwell> midnightmagic: I assume it's easier for bitcoin where there is no email gatewaying problems and where there is no destination.. where you could probably get away with a prefab route which basically just includes all known reliable mixers.
144 2012-04-05 01:47:16 <phantomcircuit> mixnet?
145 2012-04-05 01:47:20 <phantomcircuit> gmaxwell, clue me in
146 2012-04-05 01:47:31 <gmaxwell> phantomcircuit: http://en.wikipedia.org/wiki/Mix_network
147 2012-04-05 01:47:57 <midnightmagic> also, look up mixminion too
148 2012-04-05 01:48:17 <midnightmagic> basically, it defends strongly against traffic analysis.
149 2012-04-05 01:48:36 <gmaxwell> In particular, the realtime 'mix' things like tor have serious vulnerabilties related to traffic analysis which are mostly elimanted in large-block mixers.
150 2012-04-05 01:50:45 <midnightmagic> e.g. it sends the same traffic to the destination whether there is real traffic or not..
151 2012-04-05 01:51:50 <midnightmagic> so timing input + output only helps if you have also compromised the endpoints themselves.
152 2012-04-05 01:51:58 <phantomcircuit> gmaxwell, is this fixed bandwidth?
153 2012-04-05 01:52:04 <gmaxwell> midnightmagic: traffic analysis resistance is one of the reasons I find codec2 interesting.. 1kbit/sec voice not so interesting.. except when you realize that it lets you send 24/7 to thwart traffic analysis without using too much bandwidth for a volunteer mixnet.
154 2012-04-05 01:54:34 <Joric> is it possible to put transaction into network using pure js (ie. ajax)? are there any services that accept transactions via http?
155 2012-04-05 01:55:54 <phantomcircuit> gmaxwell, this is interesting
156 2012-04-05 01:56:07 <phantomcircuit> seems like you would need a bunch of fairly high bandwidth servers to make it work though
157 2012-04-05 01:56:28 <gmaxwell> phantomcircuit: well, not if your normal messages and traffic load are very small (e.g. bitcoin transactions)
158 2012-04-05 01:56:52 <phantomcircuit> gmaxwell, right
159 2012-04-05 02:01:31 <Graet> lol well i defragmented my netbopoik overnight, didnt touch blk0001.dat its the only fragmented thing still 13,768fragments
160 2012-04-05 02:06:39 <midnightmagic> phantomcircuit: it is fixed bandwidth, and bandwidth must never rise above that, nor shrink below it except if it's not possible to send at max b/w. but the point is, b/w doesn't ever change based on the ratio between real:dummy data. and of course there's a pile of other stuff in the mixminion software too. it's available here: https://github.com/mixminion
161 2012-04-05 04:12:50 <paulo_> will bitcoin warn me if my client if out of date?
162 2012-04-05 04:15:35 <nanotube> paulo_: generally no, unless there is some critical issue, in which case an alert will be issued.
163 2012-04-05 04:17:24 <SomeoneWeird> hows that message distributed nameless| ?
164 2012-04-05 04:17:49 <nanotube> it gets distributed through the bitcoin network
165 2012-04-05 04:18:03 <nanotube> it must have a valid signature using a key that only the devs have.
166 2012-04-05 04:29:36 <SomeoneWeird> ahk
167 2012-04-05 04:30:08 <XMPPwocky> SomeoneWeird: ah, the rare TCP flag for "packet is choking"
168 2012-04-05 04:31:45 <SomeoneWeird> ahk
169 2012-04-05 04:40:44 <Diapolo> hello
170 2012-04-05 04:41:20 <gribble> New news from bitcoinrss: Diapolo opened pull request 1043 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/pull/1043>
171 2012-04-05 04:41:46 <Diapolo> yes I did, thanks bot ^^
172 2012-04-05 04:44:02 <nanotube> hehe
173 2012-04-05 07:08:24 <[Tycho]> http://a8.sphotos.ak.fbcdn.net/hphotos-ak-ash3/527872_10150657303332005_9225602004_9510512_390544359_n.jpg
174 2012-04-05 07:12:43 <Graet> lol
175 2012-04-05 07:12:56 <lh77> :P
176 2012-04-05 07:13:34 <SomeoneWeird> http://wheresmysammich.com/images/4742.jpg
177 2012-04-05 07:13:35 <SomeoneWeird> haha
178 2012-04-05 07:49:06 <Diablo-D3> ahah.
179 2012-04-05 07:54:44 <sipa> phantomcircuit: i'm not sure how the onioncat implementation is relevant... all we need is an encoding of ________.onion addresses into ipv6
180 2012-04-05 07:55:17 <sipa> wait... if onioncat has a bad base32, how can it be compatible with tor?
181 2012-04-05 08:54:45 <sipa> etotheipi_: i just realized that your nickname is "e to the i*pi", somehow i always read it as "eto the ipi", whatever an ipi was
182 2012-04-05 09:03:39 <SomeoneWeird> lol
183 2012-04-05 09:23:52 <etotheipi_> sipa, haha
184 2012-04-05 09:23:57 <etotheipi_> don't worry, you're not the first
185 2012-04-05 09:26:18 <sipa> etotheipi_: seen this? http://www.youtube.com/watch?v=GFLkou8NvJo
186 2012-04-05 09:33:11 <etotheipi_> sipa, never seen that before
187 2012-04-05 09:33:20 <etotheipi_> although I do like continued fractions...
188 2012-04-05 09:34:02 <etotheipi_> sipa, did you ever write up anything about the deterministic wallets? If so, was there ever an adoption plan for them?
189 2012-04-05 09:34:10 <etotheipi_> well... merge plan
190 2012-04-05 09:36:19 <sipa> etotheipi_: i hope to have them in 0.7
191 2012-04-05 09:40:26 <da2ce7> sipa: when generating the private keys for new bitcoin addresses would it be good to start using the Mini private key format, so the potential paper backups take up less space?
192 2012-04-05 09:41:31 <sipa> da2ce7: i hope key generation will somewhere in the future be done from a determinstic root, instead of randomly
193 2012-04-05 09:41:59 <sipa> but maybe that reasoning can be applied to the creation of a root (though i prefer to keep 256 bits of entropy in those...)
194 2012-04-05 09:44:18 <da2ce7> well a 256bit is safe even under a quantum world... 128 effective bit's is plenty.
195 2012-04-05 09:44:57 <sipa> secp256k1 only has 128-bit (well, a bit more) security anyway
196 2012-04-05 09:45:59 <da2ce7> sipa: however if we upgrade to some curve that has say 1024 of more, the hash same root will remain secure,
197 2012-04-05 09:46:30 <da2ce7> working out a private key shouldn't expose the root
198 2012-04-05 09:49:36 <sipa> etotheipi_: i should finish up my BIP about deterministic wallets first
199 2012-04-05 10:02:12 <etotheipi_> da2ce7, ECDSA is not secure at all in quantum world
200 2012-04-05 10:03:10 <da2ce7> etotheipi_: if you increase the bit-length, do you need a much larger quantum computer?
201 2012-04-05 10:03:24 <da2ce7> or is it linear...
202 2012-04-05 10:03:26 <etotheipi_> da2ce7, I believe it's linear
203 2012-04-05 10:03:53 <da2ce7> so 1024 will just take 4x longer than a 256 key.
204 2012-04-05 10:04:28 <sipa> Shor's algorithm is cubic in the size of the input, it seems
205 2012-04-05 10:04:40 <sipa> so 1024 will take 64 times longer than 256
206 2012-04-05 10:04:42 <etotheipi_> sipa, oh really?
207 2012-04-05 10:04:49 <sipa> yes, but still polynomial
208 2012-04-05 10:05:06 <etotheipi_> oh excuse me... I misspoke
209 2012-04-05 10:05:16 <etotheipi_> I'm mixing up compute efficiency and space efficiency
210 2012-04-05 10:05:32 <etotheipi_> to even solve the problem at all, the QC has to have a certain number of bits
211 2012-04-05 10:05:37 <etotheipi_> *qubits
212 2012-04-05 10:05:41 <etotheipi_> that's what I was talking about
213 2012-04-05 10:05:56 <etotheipi_> I believe that number of qubits is proportional to key size
214 2012-04-05 10:07:43 <etotheipi_> sipa, and the classical computer has the same cubic increase in time needed to decrypt wiht a 1024 key
215 2012-04-05 10:08:12 <etotheipi_> I believe classical decryption is O(n^3) and quantum breaking is O(n^3) where n is the number of bits
216 2012-04-05 10:08:43 <sipa> so, for q QC, factorizing a number is proportional in time to the time needed to verify a factorization?
217 2012-04-05 10:08:51 <sipa> that sounds completely broken indeed
218 2012-04-05 10:10:01 <etotheipi_> yeah...that's why no one really talks about increasing key-lengths to "slow down" quantum computers... but delay the amount of time before any QCs have enough qubits to even try the problem
219 2012-04-05 10:11:42 <sipa> how many qubits are necessary to factorize an n-bit number?
220 2012-04-05 10:12:14 <etotheipi_> http://arxiv.org/abs/quant-ph/0205095
221 2012-04-05 10:12:22 <etotheipi_> this paper claims to get it in 2n+3 qubits
222 2012-04-05 10:12:47 <sipa> ok, linear in the size of the input
223 2012-04-05 10:13:01 <etotheipi_> (and now back to my original point to da2ce7)
224 2012-04-05 10:13:52 <etotheipi_> I believe it's the same for the EC discrete-logarithm problem: num of qubits linear wrt to key length
225 2012-04-05 10:15:55 <etotheipi_> "A 160 bit elliptic curve cryptographic key could be broken on a quantum computer using around 1000 qubits while factoring the security-wise equivalent 1024 bit RSA modulus would require about 2000 qubits."
226 2012-04-05 10:16:10 <da2ce7> etotheipi_: making a computer with more qbits, is that exponentially more difficult?
227 2012-04-05 10:16:54 <sipa> etotheipi_: wow, so EC is easier relatively easier to crack using QC?
228 2012-04-05 10:17:08 <sipa> s/easier/even/
229 2012-04-05 10:20:10 <etotheipi_> da2ce7, it'll probably be just like regular computers which follows moore's law
230 2012-04-05 10:20:25 <etotheipi_> every X years the number of qbits will double as the technology improves
231 2012-04-05 10:21:56 <da2ce7> etotheipi_: with a normal computer you can build it with as many bit-length computations as you want... the question is how fast you can do them.
232 2012-04-05 10:22:36 <da2ce7> with a quantum computer, each qbit needs to share a state, so adding annother one makes the state of the others more unstable?
233 2012-04-05 10:33:01 <delt0r> da2ce7: yes
234 2012-04-05 10:33:22 <delt0r> ps i have colleagues working on this.
235 2012-04-05 10:34:09 <delt0r> da2ce7: a quantum computer is "exponential" in the engineering. Adding a qbit is really hard for a how set of reasons
236 2012-04-05 10:34:34 <delt0r> and a n qbit machine *cannot* simulate a n+1 qbit machine
237 2012-04-05 10:35:28 <delt0r> etotheipi_: The current qbit growth rate is linear. A number of people working in the field believe that it will always be linear
238 2012-04-05 10:36:28 <da2ce7> so using a greater keysize could be a very effective way to stop a quantum attack... as making a larger quantum computer will get harder and harder to make.
239 2012-04-05 10:37:02 <delt0r> da2ce7: yes.. well if we could make a 1000 qbit, then a 2000 qbit probably can be done as well
240 2012-04-05 10:37:18 <delt0r> since 1000 qbit is magic right now
241 2012-04-05 10:37:34 <delt0r> as in we are not even sure it is physically even possible...
242 2012-04-05 10:38:13 <delt0r> I know quite a few in the field don't believe that quantum computers will ever be faster than classical ones for factoring for example
243 2012-04-05 10:38:25 <sipa> but but but!
244 2012-04-05 10:38:33 <delt0r> but will still be very useful for simulating quantum systems
245 2012-04-05 10:38:49 <delt0r> a real 16 bit quantum computer is in fact really useful
246 2012-04-05 10:40:15 <delt0r> also note that nothing so far is really even close to what is needed. Its not just the qbit, its the ability to do millions and billions of operations on that qbit register
247 2012-04-05 10:40:45 <delt0r> esp for factoring/discrete logs
248 2012-04-05 10:41:56 <da2ce7> delt0r: has there been any work with using a super-fluid as a quantum analouge-computer equivalnat?
249 2012-04-05 10:42:09 <delt0r> not that i know of
250 2012-04-05 10:42:18 <delt0r> how would that work?
251 2012-04-05 10:43:29 <delt0r> what you need is something that is very isolated from the environment, so decoherence time is long
252 2012-04-05 10:43:48 <delt0r> but can be interacted with easily for logic operations...
253 2012-04-05 10:44:34 <delt0r> its hard to have both.. nothing i know about superfliuds would make then any better than say SQUIDs
254 2012-04-05 10:46:33 <da2ce7> you could track the physical flow of the super-fluid over a physical maze. with phyisal gates. (valves)
255 2012-04-05 10:47:07 <da2ce7> it's dencity at any point will repesent the calculation of that maze.
256 2012-04-05 10:47:42 <delt0r> da2ce7: that does not create qbits
257 2012-04-05 10:48:04 <delt0r> qbits is a very particular type of supperposstion... a "cat like state"
258 2012-04-05 10:48:17 <delt0r> whatever...
259 2012-04-05 10:48:35 <delt0r> modern transistors are quantum in how they work
260 2012-04-05 10:48:51 <delt0r> but that does not make them a quantum computer
261 2012-04-05 10:49:24 <da2ce7> you can make a computer out of valves and pipes and say waterpressure.... maybe you could do the quantum equivalant with a super-fluid.
262 2012-04-05 10:49:39 <delt0r> but that is not a quantum computer
263 2012-04-05 10:49:43 <delt0r> just a normal one
264 2012-04-05 10:50:16 <delt0r> a qbit can be 0 or 1 or 0 and 1
265 2012-04-05 10:50:50 <delt0r> 1 qbits can be 00, 01, 10,11 or 00 and 11 and 01 and 10 and 11 all at once
266 2012-04-05 10:50:57 <delt0r> 2 qbits ^
267 2012-04-05 10:51:12 <da2ce7> well a superfluid would flow 'over' the walls of the mase, where a normal one would be traped.
268 2012-04-05 10:51:30 <delt0r> da2ce7: you completely missunderstand
269 2012-04-05 10:51:51 <da2ce7> a super-fluid would be in the 'on' and 'off' box at the same time.
270 2012-04-05 10:52:02 <delt0r> the computer you are using right now is just as quantum as superflid
271 2012-04-05 10:52:07 <delt0r> superfluid
272 2012-04-05 10:52:17 <delt0r> but that is *not* a quantum computer
273 2012-04-05 10:53:16 <delt0r> da2ce7: how can super fluid flowing over a maze be both on and off?
274 2012-04-05 10:53:40 <delt0r> quantum mechanically speaking of course
275 2012-04-05 11:03:13 <da2ce7> super fluids act as a shared state. in many ways like a single atom state shared over many many. Since it 'explores' every part of it's enviroment at the same time. Maybe one could construct an enviroment that say, disctibes a problem, and the resulting dencity of the super-fluid would repesnt the answer.
276 2012-04-05 11:03:17 <da2ce7> where as normal fluid would only flow down the path it was placed in.
277 2012-04-05 11:04:22 <sipa> da2ce7 seems to have a lot of imagination
278 2012-04-05 11:06:36 <delt0r> da2ce7: you don't really have that right. A super fliud is much like super conductors with some important difference
279 2012-04-05 11:06:47 <delt0r> for one a super fluid is never 100% superfluid
280 2012-04-05 11:11:45 <TD> good afternoon
281 2012-04-05 11:19:37 <TD> MintChip is very interesting
282 2012-04-05 11:19:56 <helo> will it have a floating exchange rate with regard to CAD?
283 2012-04-05 11:20:09 <copumpkin> lol, http://blockchain.info/tx-index/3618498/4005d6bea3a93fb72f006d23e2685b85069d270cb57d15f0c057ef2d5e3f78d2
284 2012-04-05 11:20:36 <sipa> helo: i assume it is backed by whatever currency the issuer wants
285 2012-04-05 11:20:41 <sipa> but it's not a currency on its own
286 2012-04-05 11:22:07 <gmaxwell> td: have you found any actual technical details on it? I'm interested in what happens when someone does manage to pull all the private key material out of one... how is the double spending ultimately notices (and who will be left holding the bag)
287 2012-04-05 11:22:11 <TD> the core of it appears to be very simple
288 2012-04-05 11:22:22 <helo> sipa: so if it's backed, then its value is fixed, right?
289 2012-04-05 11:22:22 <TD> i'm going to research it more
290 2012-04-05 11:22:33 <TD> but from their website, it appears that they rely _entirely_ on the chips to keep balances consistent
291 2012-04-05 11:23:01 <TD> the sending chip just signs a message saying "i am giving chip X Y units of Z currency"
292 2012-04-05 11:23:03 <helo> it seems to be equivalent to a government-instituted debit card or bank account
293 2012-04-05 11:23:07 <TD> how that message gets to the receiving chip is open ended
294 2012-04-05 11:23:16 <TD> the sending chip is trusted to reduce its balance and not double spend
295 2012-04-05 11:23:28 <TD> in the case of a hardware compromise, they have planned ways to perform global revocation
296 2012-04-05 11:23:40 <TD> presumably the Mint would be left holding the bag in this case
297 2012-04-05 11:23:47 <gmaxwell> TD: yes, it's clearly an offline system, which precludes any kind of instant globally visible doublespending detection� but it doesn't preclude all doublespending detection.
298 2012-04-05 11:24:17 <gmaxwell> E.g. ultimately the issuer would notice more coming back than they sent out. (In which case, the issuer would be left holding the bag)
299 2012-04-05 11:24:33 <TD> i didn't see any discussion of collating transactions to detect double spends, but perhaps they plan to introduce one later. it's a bit tough to figure out how baked it is
300 2012-04-05 11:24:37 <TD> given that nobody is using it yet
301 2012-04-05 11:24:52 <TD> there is enough detail on the site that they seem to have thought through a lot of the issues and done all the custom hardware design
302 2012-04-05 11:25:13 <helo> oh offline... yeah that is something new (ignoring all of the previous (failed) smartchip exchange systems)
303 2012-04-05 11:25:25 <gmaxwell> or it's possible that "i am giving chip X Y units of Z currency" contains some mathmatical statement that allows earlier double spend detection, but it would have to be very clever to also meet their privacy comments.
304 2012-04-05 11:25:28 <TD> gmaxwell: AFAICT the issuer is just the Mint, and they produce it out of nothing then distribute the coins into circulation. i'm not sure if they'd act as an exchange in that regard or just grant balances to their "trusted brokers"
305 2012-04-05 11:25:49 <TD> gmaxwell: their site says the message just contains a nonce
306 2012-04-05 11:25:57 <TD> if there's advanced crypto involved, i didn't find it yet
307 2012-04-05 11:26:03 <TD> http://developer.mintchipchallenge.com/devguide/transactions.html
308 2012-04-05 11:26:09 <gmaxwell> TD: I know, I've looked at all that too.
309 2012-04-05 11:26:10 <TD> http://developer.mintchipchallenge.com/devguide/developing/common/mintchip-messages.html
310 2012-04-05 11:26:12 <TD> ah ok
311 2012-04-05 11:26:41 <TD> "The amount specified in cents. This value is a three octet unsigned integer value with a range of (0 - 16777215)."
312 2012-04-05 11:26:44 <TD> what a random format to choose
313 2012-04-05 11:27:03 <sipa> so, max amount is 167772.15 CAD?
314 2012-04-05 11:27:19 <sipa> i would have expected less
315 2012-04-05 11:27:31 <TD> it's not tied to CAD
316 2012-04-05 11:27:34 <TD> they have a currency code in the message
317 2012-04-05 11:27:37 <sipa> oh, nice
318 2012-04-05 11:27:41 <gmaxwell> of course, if it's cryptographically as simple as it looks, this means one person� with the aid of a borrowed particle accelerator or what have you, compromises one cheap little card... and creates a software emulator of one.. he then sets up a website (via tor) that allows you to buy mintchip refills for a small amount of btc ...
319 2012-04-05 11:28:05 <TD> "The ASN.1 DER message is Base-64 encoded."
320 2012-04-05 11:28:07 <TD> yikes
321 2012-04-05 11:28:14 <TD> somebody spent too much time with openssl :-)
322 2012-04-05 11:28:31 <sipa> clearly Satoshi was involved
323 2012-04-05 11:29:31 <TD> base64 encoded DER makes me grateful for Satoshis choice of encoding :) still, the messages look straightforward enough
324 2012-04-05 11:29:43 <TD> technicalities aside, this is still fantastic for bitcoin
325 2012-04-05 11:31:21 <helo> easy for CAD citizens to buy bitcoin?
326 2012-04-05 11:31:33 <gmaxwell> The 24 bit values are unfortunate for bitcoin. If you use base units of satoshis it could only handle txn of 0.0167 btc.
327 2012-04-05 11:31:34 <helo> CA heh
328 2012-04-05 11:31:34 <TD> no
329 2012-04-05 11:32:04 <TD> the RCM has basically just validated the entire concept of irrevocable e-cash with strong privacy
330 2012-04-05 11:32:19 <TD> if you look at mintchips design goals, they're basically very similar to bitcoins, modulo the trusted central bank
331 2012-04-05 11:32:55 <TD> the RCM chiefs talked about bitcoin and their main criticism of it is basically "it's small and lacks backing from a credible institution" which is hardly a criticism at all, given its background
332 2012-04-05 11:33:03 <TD> so they just lent the whole project a lot of credibility
333 2012-04-05 11:33:11 <gmaxwell> ::nods::
334 2012-04-05 11:33:37 <TD> credibility and controversy are some of bitcoins biggest weaknesses. the RCM has just helped out a lot. so i'm very happy about that.
335 2012-04-05 11:33:45 <gmaxwell> It will also be interesting when mintchipv1 gets compromised ... and bitcoin remains secure. (admittadly, they've picked a _much_ harder problem for themselves)
336 2012-04-05 11:34:00 <sipa> in belgium we have a system called Proton; it's a debit card that does not require an online transaction (though it only works locally, using a trusted device that holds the merchant's card)
337 2012-04-05 11:34:04 <helo> the #1 source of skepticism of bitcoin is that (rather big) misconception, that value has to be based on something other than confidence
338 2012-04-05 11:34:07 <TD> and i guess we'll see how it goes. i won't rule out a "traditional" PKI/hardware based solution. they clearly understand the risks and plan rolling revocations of old hardware
339 2012-04-05 11:34:22 <sipa> i wonder if this is similar, but with the two deviced allows to be connected via the internet
340 2012-04-05 11:34:36 <TD> if somebody DOES start creating mintchip value for BTC (or some other payment) then the damage is limited as presumably they'd just do arbitrage
341 2012-04-05 11:34:50 <TD> traditional currencies have forgery too
342 2012-04-05 11:35:11 <helo> the RCM is backing that misconception even more, so i don't think it's really going to be viewed by most people as positive about bitcoin
343 2012-04-05 11:35:23 <gmaxwell> TD: yea, I made that argument in #bitcoin � though people rightly pointed out the marginal forgery cost may be very different, and the risk of being caught may be very different.
344 2012-04-05 11:35:26 <TD> the dollar is technologically in the stone age. it hasn't caused the dollar to collapse yet. it just means the SS has to spend a lot of time hunting down forgers, and when forgery does occur the inflation is swallowed by the populace
345 2012-04-05 11:35:54 <TD> well. that's true. but i bet you can forge dollars with pretty low risk. i read that north korea does it on an industrial scale
346 2012-04-05 11:36:45 <TD> helo: i disagree. i see lots of sources of skepticism of which that is only one, and a fairly intellectual source at that. things like "zomg crime!" or "what's wrong with credit cards?" seem to come up more frequently
347 2012-04-05 11:37:17 <delt0r> I have seen some forged 10EUR notes
348 2012-04-05 11:37:52 <delt0r> they were perfect ... except for the UV ink and the raised writing
349 2012-04-05 11:38:01 <gmaxwell> still... my mintchip forge may be a wall-wart computer hidden in a restaurant in the dominican republic� accessible only over tor. :) and no one within 1000 miles of it knows it exists.
350 2012-04-05 11:38:02 <delt0r> but no one checks 10s
351 2012-04-05 11:38:52 <TD> i don't think it matters so much, actually
352 2012-04-05 11:38:59 <TD> forgery only becomes a problem if it gets scaled up
353 2012-04-05 11:39:10 <da2ce7> TD or becomes common place.
354 2012-04-05 11:39:11 <delt0r> Depends who is liable ...
355 2012-04-05 11:39:12 <TD> see: nigerians who forged so many south african $20 bills the entire bill had to be withdrawn and destroyed
356 2012-04-05 11:39:15 <TD> if you scale up
357 2012-04-05 11:39:28 <TD> then governments will start to ask questions about where you acquired your sudden wealth from
358 2012-04-05 11:39:40 <gmaxwell> what delt0r said.. if the issuer (or the whole mintchip using economy) is eating it.. then ... OKAY.
359 2012-04-05 11:39:44 <TD> if you don't scale up, then, the bleeding can be tolerated
360 2012-04-05 11:40:21 <TD> presumably if the mintchip using economy gets very large, the effect of forgery is inflation
361 2012-04-05 11:40:24 <delt0r> Someone like mintchip... they are going to have to be the ones liable for 2 reasons...
362 2012-04-05 11:40:35 <TD> if it doesn't, the effect is to pressure the exchanges profits, which turn into higher conversion fees and less overall usage.
363 2012-04-05 11:40:42 <delt0r> if they don't trust their own system why would anyone else
364 2012-04-05 11:40:58 <delt0r> and 2, they are the only ones that can fix the security...
365 2012-04-05 11:41:00 <TD> but the exchanges can (and presumably would) do the AML stuff to try and raise the bar for that
366 2012-04-05 11:41:15 <TD> delt0r: they can only be "liable" if the fraud can be detected
367 2012-04-05 11:41:28 <gmaxwell> TD: AML stuff won't help if the forgery can only be detected by imbalance.
368 2012-04-05 11:42:23 <TD> gmaxwell: AML rules (vague and problematic as they are) basically state that financial institutions are supposed to understand where their clients get their wealth from. it's as simple as that, in principle.
369 2012-04-05 11:42:50 <TD> gmaxwell: so if you turn up at an exchange with thousands of large value messages and ask to cash out into CAD, that would trigger AML checks. they'd ask you for business records, etc
370 2012-04-05 11:43:22 <TD> gmaxwell: the lingo the UK govt uses is "risk based checking" which is a fancy way of saying the rules on who and when you're supposed to investigate aren't well defined
371 2012-04-05 11:43:23 <gmaxwell> (e.g. setup bitcoin torsite to fill mintchips, then independant entrepreneurs use that to flood the retail market with $20 loaded chips (a $10 chip with some extra on it) which they sell for $20 instead of $25 or whatever.
372 2012-04-05 11:43:52 <delt0r> TD: true... part of the security triangle, prevention, detection, response
373 2012-04-05 11:44:05 <TD> yeah, if you set up a whole distribution hierarchy with yourself at the head, it gets harder because then the exchanges can't really do anything to stop people cashing out
374 2012-04-05 11:44:28 <TD> OTOH the top of the pyramid is still going to get extremely wealthy and unless you give it all away to charity or whatever, people are going to ask how this person without any obvious job suddenly owns 10 houses and 5 ferraris
375 2012-04-05 11:44:37 <gmaxwell> and no one will care much if they're buying possibly fraudlent mint if it can't be detected....
376 2012-04-05 11:44:46 <TD> the law has been handling this kind of thing for a long time
377 2012-04-05 11:44:48 <gmaxwell> TD: indeed, the classic laundering problem.
378 2012-04-05 11:45:06 <sipa> if the MintChip economy gets large enough, the top won't need to convert to CAD at all
379 2012-04-05 11:45:07 <TD> i don't think mintchip would collapse if a few enterprising individuals managed to extract private keys
380 2012-04-05 11:45:17 <TD> now, if it became possible with off the shelf hardware and software ..... that's something else
381 2012-04-05 11:45:29 <TD> the adventures DirecTV went through before switching off the HU keystream is an example of that
382 2012-04-05 11:45:40 <TD> sipa: but they'll still have a lot of unexplained wealth
383 2012-04-05 11:46:01 <TD> the only doomsday scenario i can see is if the system is broken hard and quickly enough that anyone can forge at home
384 2012-04-05 11:46:05 <gmaxwell> TD: well, you crack one.. but then you're foolish enough to give me a copy of its private keys and I post them on the internets.
385 2012-04-05 11:46:14 <gmaxwell> Then everyone can forge at home.
386 2012-04-05 11:46:25 <delt0r> a classic class break...
387 2012-04-05 11:46:25 <gmaxwell> (given someone writes the software)
388 2012-04-05 11:46:25 <TD> i think they could probably distribute blacklists of keys
389 2012-04-05 11:46:29 <TD> merchants certainly could
390 2012-04-05 11:46:39 <delt0r> but surly it would be designed to be resistant to that
391 2012-04-05 11:47:07 <gmaxwell> TD: stops being an offline system then.. and if it's as simple as they say that blacklist would be twarted by just indirecting through a card that hasn't yet heard the blacklist.
392 2012-04-05 11:47:18 <TD> smartcard security has been fairly extreme for a long time. i don't know how much of that is shared across the field or how much was proprietary to a few vendors
393 2012-04-05 11:47:26 <gmaxwell> (there are cryptographic protocols that could defend against all this, but I see no evidence that they're using them)
394 2012-04-05 11:47:37 <TD> but there are examples of chips that are apparently breakable only by {giant corporations, governments}
395 2012-04-05 11:47:53 <TD> gmaxwell: that's true
396 2012-04-05 11:48:16 <gmaxwell> TD: or, perhaps, people that work for {giant corporations, governments} and can borrow their resources if they think the risks are low enough..
397 2012-04-05 11:48:22 <TD> i wonder if they could incorporate chains of transactions into the sending messages
398 2012-04-05 11:48:24 <delt0r> I was under the impression that smart cards are still stuck in the 90s
399 2012-04-05 11:48:45 <TD> but yeah. it's true that you can effectively launder a stolen key through any other device
400 2012-04-05 11:48:50 <TD> hmm
401 2012-04-05 11:48:53 <TD> delt0r: in what way?
402 2012-04-05 11:49:10 <TD> delt0r: at least in the pay TV business i think cards stopped evolving around the early 2000s because the attacks went away
403 2012-04-05 11:49:20 <delt0r> well look at their processing power specs or memory... its really low and quite pathetic.
404 2012-04-05 11:49:20 <TD> not sure about other types of card.
405 2012-04-05 11:49:25 <gmaxwell> The risks here are pretty low.. take one totally anonymous card... extract its keys.. sell to a third party for $bigamount. No further interaction.
406 2012-04-05 11:49:26 <TD> they aren't designed for high end processing
407 2012-04-05 11:49:31 <TD> so that doesn't matter
408 2012-04-05 11:49:38 <gmaxwell> delt0r: They're what they need to be... no more, because its a tradeoff with security and cost.
409 2012-04-05 11:49:51 <delt0r> yea... but that is my point
410 2012-04-05 11:49:58 <TD> they're designed to be as secure as possible for their given application.
411 2012-04-05 11:49:59 <delt0r> they really struggle to do ecdsa
412 2012-04-05 11:50:09 <gmaxwell> TD: the pay tv stuff is a different beast because it's all online. ::shrugs::
413 2012-04-05 11:50:11 <TD> if there was demand for chips that could do ECDSA they'd be greated
414 2012-04-05 11:50:14 <TD> created
415 2012-04-05 11:50:15 <gmaxwell> offline is much harder.
416 2012-04-05 11:50:21 <TD> RSA works well enough that i guess there's not much demand
417 2012-04-05 11:50:52 <TD> gmaxwell: well, it's kind of online - it's broadcast so if you compromise a card it can't easily be blacklisted. or at least it couldn't be back then. i think subset difference trees hadn't been invented when all this was taking place.
418 2012-04-05 11:51:16 <TD> they played games for a while with software updates and such. eventually they phased out the old generation of cards with ones that could not be glitched.
419 2012-04-05 11:51:28 <delt0r> TD: that is like saying that if there is demand for high security on the pc we would have it... demand does not always follow needs are close as we are told in class
420 2012-04-05 11:51:34 <TD> that was the end of joe sixpack distributing hardware that could be used to grant full access to every pay tv channel (on directv ... not other networks)
421 2012-04-05 11:52:08 <TD> delt0r: for most system designers RSA vs ECDSA isn't a big deal. in fact RSA is better because it's been around longer and is more widely known. Satoshi chose ECDSA purely because he was worried about disk space/bandwidth
422 2012-04-05 11:52:14 <TD> which is a very unusual design constraint
423 2012-04-05 11:52:40 <gmaxwell> TD: one of the people around the #bitcoin channels is one of the very few people tho have gone to prison under the DMCA, for sat card hacking. I'm kinda surprised he hasn't commented on the mint stuff.
424 2012-04-05 11:52:49 <TD> really?
425 2012-04-05 11:52:54 <TD> do you know his name?
426 2012-04-05 11:53:03 <delt0r> I know that even RSA (the company) is moving to EC stuff now. RSA keys are too big
427 2012-04-05 11:53:06 <gmaxwell> I do, but I don't know if he wants it known. :)
428 2012-04-05 11:53:30 <delt0r> probably not
429 2012-04-05 11:54:49 <TD> well there aren't so many people who meet that criteria, as you say :)
430 2012-04-05 11:55:01 <TD> presumably forging mintchips would be considered worse than a DMCA violation, in the laws eyes
431 2012-04-05 11:55:45 <sipa> delt0r: if you need 256-bit security, ECC keys are 512 bit (a bit less, actually), while RSA keys are 15 kbit
432 2012-04-05 11:55:57 <delt0r> Well i am at a uni, quite a big one. Getting hold of some advanced equipment that could help would be pretty easy for a lot of people
433 2012-04-05 11:56:08 <TD> having the equipment isn't enough
434 2012-04-05 11:56:18 <TD> it's not like you just point an SEM at the chip and you're done
435 2012-04-05 11:56:55 <TD> you need time, skills. if you want a repeatable hack you need to find a software or some kind of glitching-type flaw, and there might not be any. or invent some totally new technique i guess.
436 2012-04-05 11:56:56 <delt0r> sipa: yea... that was the reason for moving to EC stuff. Since attacks on EC fields are still giant step baby step
437 2012-04-05 11:56:59 <TD> i think the real risk is as gmaxwell says
438 2012-04-05 11:57:15 <TD> if you're able to extract one key, once, you can then launder value messages through any other device to make the origin untraceable
439 2012-04-05 11:57:21 <TD> the chips appear to keep a transaction log
440 2012-04-05 11:57:51 <TD> but it has almost no data in it. or at least not exposed via the api
441 2012-04-05 11:57:55 <delt0r> TD: but if that is not much money... its a lot of effort
442 2012-04-05 11:58:11 <delt0r> SEM etc.. really are only worth it for a class break i would think
443 2012-04-05 11:58:21 <gmaxwell> well, and you can isolate these exchanges across the internet. So you have third parties who have no clue who you are, handling the other devices you're laundering through� paying you in some other way.
444 2012-04-05 11:58:23 <TD> the question is, if you extract one private key, is that a class break?
445 2012-04-05 11:58:31 <gmaxwell> delt0r: every break is a class break, I think.
446 2012-04-05 11:58:56 <gmaxwell> at least if they're (1) not doing super fancy crypto, (2) their privacy claims are true.
447 2012-04-05 11:58:59 <TD> with SEMs you can, at least theoretically, read the key right out of the atoms that make up the storage or RAM
448 2012-04-05 11:59:10 <delt0r> gmaxwell: my deffinition is that by breaking one card i can create my own mint.. rather than just steal the value of that card
449 2012-04-05 11:59:12 <TD> there are ways to protect against that but i'm not sure any of them are foolproof
450 2012-04-05 11:59:23 <TD> delt0r: so the card has no scarce resources inside it
451 2012-04-05 11:59:30 <TD> delt0r: it simply has an "int balance" field in it somewhere
452 2012-04-05 11:59:32 <gmaxwell> delt0r: you can remove scarcity.
453 2012-04-05 11:59:52 <TD> delt0r: if you can extract the private key from the card you can create as much money as you like until you are caught, pretty much
454 2012-04-05 12:00:01 <delt0r> TD: it is pretty easy with a SEM.. n type and p type etc look different.. and you can read flash ram quite easily as well
455 2012-04-05 12:00:01 <TD> yeah the more i think about this, the more risky it seems
456 2012-04-05 12:00:31 <delt0r> TD: not if its a key for "1000USD or less"
457 2012-04-05 12:00:36 <gmaxwell> delt0r: e.g. you can take what was a $1 card .... and produce as much money as you want from a computer program. That sounds like a class break to me.
458 2012-04-05 12:00:39 <TD> delt0r: yes, but it gets harder if the chips are shielded and have meshes on top, etc. what's more the key may itself be heavily obfuscated in storage (not in contiguous chunks, implemented as a whitebox, etc)
459 2012-04-05 12:00:51 <gmaxwell> delt0r: if they can limit it (1) they must use fance crypto, or (2) their privacy claims are bogus.
460 2012-04-05 12:00:56 <delt0r> or something like that... i am assuming that there is double spending checking happening
461 2012-04-05 12:00:58 <TD> but given that the system would collapse if only a single key got leaked ..... hmm indeed
462 2012-04-05 12:01:20 <gmaxwell> s/fance/fancy/
463 2012-04-05 12:01:38 <TD> delt0r: i think you can make key extraction _extremely_ difficult. that doesn't change the fact that the protocol, as described, would be rendered instantly obsolete if somebody managed it and then lost control of that key.
464 2012-04-05 12:01:42 <delt0r> gmaxwell: yea that is a class break... i would assume that such a system must fail in a fairly short time.. so that there must be some way of not having that
465 2012-04-05 12:01:46 <gmaxwell> and if they do limit, there is still a question of who is left holding the bag for doublespends.
466 2012-04-05 12:01:46 <TD> if the system is successful huge amounts of value would be at stake
467 2012-04-05 12:01:58 <delt0r> otherwise i can't see it as a viable system...
468 2012-04-05 12:02:21 <gmaxwell> delt0r: I mean cash has their property too.. though there is a higher marginal cost once broken.
469 2012-04-05 12:02:28 <delt0r> Yea... i generally aggress with your claims gmaxwell
470 2012-04-05 12:02:36 <delt0r> agree
471 2012-04-05 12:03:10 <gmaxwell> In cash we 'solve that' by simply not detecting sufficiently good forgeries and just letting it become inflation.
472 2012-04-05 12:03:48 <delt0r> gmaxwell: in fact i think the mint swallows it... don't they.. its detected typically i would think
473 2012-04-05 12:03:57 <delt0r> at least at the banks
474 2012-04-05 12:04:14 <gmaxwell> (in fact, cash forgery detection could be _greatly_ improved (e.g. include a machine readable digital signature on the serial number.. have banks keep inventories of the serials they've seen))
475 2012-04-05 12:04:20 <gmaxwell> (but we don't bother)
476 2012-04-05 12:04:31 <delt0r> yea... always wondered why
477 2012-04-05 12:04:38 <gmaxwell> because we don't want to know.
478 2012-04-05 12:04:57 <delt0r> my theory is that its ok as long as we all believe forgery is not a big deal
479 2012-04-05 12:05:02 <delt0r> heh yea
480 2012-04-05 12:05:28 <gmaxwell> Yep. .. the difficulty of hiding money-from-nowhere and the enormous startup costs keeps it under control.
481 2012-04-05 12:06:02 <gmaxwell> esp the fact that startup costs >> income most people can plausably hide. (though state actors don't have the income hiding problem :) )
482 2012-04-05 12:06:24 <delt0r> what i find as odd is the USD, seems that it is by far the easiest to fake...
483 2012-04-05 12:07:09 <delt0r> gmaxwell: startup cost would be hard to hide ... well its getting lower.. and offset printer is quite cheap these days
484 2012-04-05 12:07:17 <gmaxwell> Hm. Nasa should totally start printing their own cash. Budget problems solved! :)
485 2012-04-05 12:07:24 <delt0r> but that not even half what you need of course
486 2012-04-05 12:07:56 <delt0r> well back to mint chip... how do they prevent this problem...
487 2012-04-05 12:08:18 <delt0r> I don't believe that the chips can be made so good that you can't break into them
488 2012-04-05 12:08:46 <delt0r> and if you can then "print your own money" they initial costs and risks become worth it
489 2012-04-05 12:08:55 <sipa> they can probably make it very hard to break the chip
490 2012-04-05 12:09:13 <sipa> never impossible, but when the cost of breaking exceeds the potential gain...
491 2012-04-05 12:10:04 <delt0r> yea but if you only need to break one.... and if the system is around for a while
492 2012-04-05 12:10:19 <delt0r> the chance that one has been cracked tends tp P=1
493 2012-04-05 12:14:40 <helo> so bitcoin's corresponding criticism of mintchip is that it isn't secure
494 2012-04-05 12:17:37 <eps> mintchip is a trusted computing device?
495 2012-04-05 12:17:45 <delt0r> well I don't have a problem with a centrally managed currency (i know that others here don't agree, but meh).. my problem with their current system is too much security by obscurity
496 2012-04-05 12:17:48 <user_> etotheipi_: i'm writing things that doesn't make sense here: https://bitcointalk.org/index.php?topic=75481.0
497 2012-04-05 12:17:54 <eps> it would be good to put this stuff to the test
498 2012-04-05 12:17:56 <da2ce7> helo: mintchip: "bitcoin is not backed by anything" bitcoin: "mintchip is insecure"
499 2012-04-05 12:17:56 <delt0r> eps: that is the idea
500 2012-04-05 12:18:03 <helo> yep :)
501 2012-04-05 12:18:07 <TD> eps: yes, effectively
502 2012-04-05 12:18:11 <Joric_> minichip is just like bitcoins except all good things
503 2012-04-05 12:18:30 <delt0r> Joric_: not really... it could in fact be way more insecure
504 2012-04-05 12:18:42 <delt0r> as in trivial to double spend
505 2012-04-05 12:18:43 <TD> da2ce7: well, it's hard to make rational arguments about the security of a closed system, which mintchip is.
506 2012-04-05 12:19:02 <TD> da2ce7: RCM would just say "it is so" and how do you argue against that? the best argument is the systems brittleness
507 2012-04-05 12:19:03 <da2ce7> Joric_: https://twitter.com/#!/da2ce7/status/187907123445903360
508 2012-04-05 12:19:04 <gavinandresen> etotheipi_: RE: escrow: can we agree on whether Alice is sending bitcoins to Bob or Bob to Alice? Our two proposals have them in opposite roles....
509 2012-04-05 12:19:05 <da2ce7> thkx
510 2012-04-05 12:19:05 <Joric_> backed up by moose
511 2012-04-05 12:19:09 <delt0r> TD: in which case i refer to all other closed systems that have been broken
512 2012-04-05 12:19:10 <Diapolo> hi
513 2012-04-05 12:19:20 <TD> open doesn't mean secure :-)
514 2012-04-05 12:19:29 <TD> bitcoin had some pretty serious security flaws in the early days
515 2012-04-05 12:19:47 <delt0r> TD: no, but it means more people can vet it... you can find problems before final deplyment
516 2012-04-05 12:19:50 <gavinandresen> .... like the one that allowed anybody to spend anybody else's bitcoins....
517 2012-04-05 12:19:55 <TD> gavinandresen: indeed :)
518 2012-04-05 12:19:58 <Diapolo> but open means many eyes looked over it and not a closed circle, right?
519 2012-04-05 12:20:01 <eps> heh really?
520 2012-04-05 12:20:13 <sipa> TD: but there were remarkably few, it seems to be; yes there were very serious mistakes, but once those were fixed...
521 2012-04-05 12:20:15 <TD> at any rate
522 2012-04-05 12:20:22 <eps> can you guys re-introduce that one so I can make use of it
523 2012-04-05 12:20:25 <TD> i don't think we should see bitcoin and mintchip as cutthroat-competitors
524 2012-04-05 12:20:38 <da2ce7> gavinandresen: how many bitcoin's have been countified?
525 2012-04-05 12:20:42 <TD> the mintchip guys share our goals more or less, except for the controlled inflation
526 2012-04-05 12:20:45 <gavinandresen> da2ce7: zero
527 2012-04-05 12:20:48 <da2ce7> :)
528 2012-04-05 12:20:52 <TD> their system isn't even launched yet. they have plenty of time to upgrade it
529 2012-04-05 12:20:56 <TD> eg, with a global transaction log
530 2012-04-05 12:21:19 <gavinandresen> There have been smart-card-based cash systems before, and there ARE smart-card-based systems now, right?
531 2012-04-05 12:21:20 <helo> after it launches, no upgrading though :/
532 2012-04-05 12:21:23 <TD> their current setup is brittle in the extreme, but they could probably get it to the point where it's "good enough". and then issues like project management and branding can become more important
533 2012-04-05 12:21:29 <sipa> gavinandresen: you said you didn't like macro's... but you can't get rid of them if you want meaningful debug output from the deadlock detection
534 2012-04-05 12:21:33 <Diapolo> Starting a debug-session in Qt Creator is THAT damn slow ... argh.
535 2012-04-05 12:21:38 <TD> helo: actually they claim they can and will constantly revoke old hardware and upgrade to new hardware. i am skeptical but they could try
536 2012-04-05 12:21:47 <gavinandresen> sipa: good reason to keep them
537 2012-04-05 12:22:15 <helo> if it can be offline or online, presumably the extra cost of using it online will cause most people to use it offline... so how does revocation work in that case?
538 2012-04-05 12:22:24 <sipa> gavinandresen: a much simpler abstraction around them could be used if we hade a scoped_lock-like thing, instead of a code block condition, though
539 2012-04-05 12:22:54 <eps> making a system that works offline will give it a short shelflife
540 2012-04-05 12:22:58 <sipa> i don't think it's hard, but i'm not sure it's worth it if we have to keep the macros anyway
541 2012-04-05 12:23:09 <helo> you'll just periodically need to connect to the internet to sync up with the central servers
542 2012-04-05 12:23:10 <eps> cos online systems will always be more secure
543 2012-04-05 12:23:33 <Diapolo> sipa: did you try -fstack-protector-all, too or did you use Gitian with the removed workaround?
544 2012-04-05 12:23:46 <sipa> Diapolo: i just tested building your commit
545 2012-04-05 12:23:55 <Diapolo> okay
546 2012-04-05 12:24:17 <Diapolo> didn't want to open one for -fstack-protector-all as I don't have any Gitian knowledge ^^
547 2012-04-05 12:24:19 <Joric_> i've seen canadian money, no wonder they're trying to get rid of them :D
548 2012-04-05 12:24:20 <delt0r> There are ways to do offline ecash...with blind sigs.. but as i understand you can only spend once without getting the clearing house involved again
549 2012-04-05 12:25:32 <eps> the orderbook should be open, like bitcoin
550 2012-04-05 12:25:44 <eps> that's bitcoins real innovation if you ask me
551 2012-04-05 12:26:29 <delt0r> eps: i would agree.. but in fact the real innovation was to give incentives for participating in the network
552 2012-04-05 12:26:58 <TD> bitcoin could use smartcard technology to make offline trades easier
553 2012-04-05 12:27:25 <TD> well, easier/more trustable
554 2012-04-05 12:27:45 <TD> it'd be good to see a kind of hybrid of mintchip+bitcoin. i think there are strengths in both that could be combined.
555 2012-04-05 12:27:49 <Joric_> are mintchip transactions reversible by the way?
556 2012-04-05 12:28:42 <TD> the system is too simple to have any concept of "reversibility"
557 2012-04-05 12:29:01 <TD> you literally just exchange a signed message saying "i am subtracting X from my balance, you should add X to yours"
558 2012-04-05 12:31:52 <delt0r> TD: so your saying the the only security of the system is the chip
559 2012-04-05 12:31:55 <TD> yes
560 2012-04-05 12:32:52 <TD> there's a thing called the "TAC" too
561 2012-04-05 12:32:53 <TD> "The Transaction Authentication Code(TAC), is generated by a MintChip and used by the Royal Mint as a additional check of authenticity."
562 2012-04-05 12:32:58 <delt0r> seems too fragile to me
563 2012-04-05 12:33:00 <helo> identities will presumably be tied to the chips, and whenever a chip is used in a device with internet connectivity, all of the transactions between everyone will be uploaded and verified
564 2012-04-05 12:33:05 <TD> it's not clear to me what that is for or how it works. their system is not well documented on the site
565 2012-04-05 12:33:13 <TD> helo: well they claim that won't be the case
566 2012-04-05 12:33:26 <TD> presumably you could just buy them on the street for regular cash
567 2012-04-05 12:33:28 <helo> TD: the identity prat, or the transaction history part?
568 2012-04-05 12:33:36 <TD> identity part
569 2012-04-05 12:33:40 <TD> they're pretty big on privacy
570 2012-04-05 12:34:13 <delt0r> if they are serious about replacing real cash, they have to be
571 2012-04-05 12:35:30 <helo> without identities, i guess they could still use transaction histories to detect when something weird is going on
572 2012-04-05 12:35:55 <TD> assuming they have them. it's supposed to be an offline system
573 2012-04-05 12:36:30 <TD> http://ideas.mintchipchallenge.com/
574 2012-04-05 12:36:33 <TD> pretty weak
575 2012-04-05 12:36:37 <helo> i think it must be "can be used for offline transactions", but that online interaction is important. otherwise there is no way to enforce revocation
576 2012-04-05 12:36:43 <TD> "A digital currency can be used for buying things online without a credit card" is one of the ideas
577 2012-04-05 12:38:28 <TD> haha
578 2012-04-05 12:38:35 <TD> it doesn't seem like that kind of ideas board
579 2012-04-05 12:39:11 <Joric> i doubt 'Royal Mint' allows that
580 2012-04-05 12:40:56 <helo> without transaction histories being uploaded whenever possible, it would be pretty difficult for them to detect Bad Things
581 2012-04-05 12:42:25 <Joric> an inflationary bitcoin with a central authority... hmm... could work :D
582 2012-04-05 12:47:01 <helo> good luck convincing the deflationary bitcoin holders to buy any :)
583 2012-04-05 12:52:15 <nanotube> and 1 mintchip < 1 bitcoin atm anyway :)
584 2012-04-05 12:53:17 <sipa> a "mintchip" is a device, not a currency
585 2012-04-05 12:54:18 <Joric> on the other hand, 1 Canadian dollar = 1.00361 U.S. dollars
586 2012-04-05 12:55:20 <Joric> oops 1.0021 U.S. dollars it was better yesterday i swear
587 2012-04-05 12:56:37 <TD> http://blockchain.info/tx-index/3618498/4005d6bea3a93fb72f006d23e2685b85069d270cb57d15f0c057ef2d5e3f78d2
588 2012-04-05 12:56:38 <TD> eh?
589 2012-04-05 12:56:42 <TD> what's up with that? bug in blockchain.info?
590 2012-04-05 12:58:10 <gavinandresen> That's the 'poison' invalid BIP16 transaction
591 2012-04-05 12:58:29 <sipa> TD: it's included in all those blocks, but none of those blocks are in the main chain
592 2012-04-05 12:58:37 <TD> ah
593 2012-04-05 12:58:54 <TD> miners on 0.6.0rc1 keep trying to include it?
594 2012-04-05 12:59:08 <gavinandresen> miners on any non-BIP16-compatible release try to include it
595 2012-04-05 12:59:21 <TD> right, of course
596 2012-04-05 12:59:40 <TD> i guess it has caused the chain to slow down a bit
597 2012-04-05 12:59:48 <nanotube> ;;bc,diffchange
598 2012-04-05 12:59:50 <gribble> Estimated percent change in difficulty this period | -2.69474266073 % based on data since last change | -9.9320882586 % based on data for last three days
599 2012-04-05 12:59:55 <nanotube> yes it has. :)
600 2012-04-05 13:00:53 <TD> 10% drop in speed for a forking change. interesting.
601 2012-04-05 13:00:57 <TD> not as high as i'd feared :)
602 2012-04-05 13:01:03 <gmaxwell> Not RC1 but pre-RC1.
603 2012-04-05 13:01:33 <gmaxwell> It's lower than you feared in part becaues of the large hashrate not mining transactions :( they're only hurt by the secondary effects. (they extend bum chains)
604 2012-04-05 13:01:56 <TD> oh yes :(
605 2012-04-05 13:02:01 <Diablo-D3> well
606 2012-04-05 13:02:02 <TD> forgot about that
607 2012-04-05 13:02:06 <Diablo-D3> they'll figure it out soon enough
608 2012-04-05 13:02:09 <Diablo-D3> when they stop making money
609 2012-04-05 13:02:13 <gmaxwell> It's been almost a week.
610 2012-04-05 13:02:38 <gmaxwell> I expect that 50btc should be out of money now.
611 2012-04-05 13:03:13 <TD> assuming there's a single, somewhat competent "they" and it's not just a collection of skiddies using a tool
612 2012-04-05 13:03:35 <Diablo-D3> td: its the same thing
613 2012-04-05 13:03:41 <Diablo-D3> they look at their wallet
614 2012-04-05 13:03:45 <Diablo-D3> they realize it has no money in it
615 2012-04-05 13:03:46 <gmaxwell> anyone here a gpumax user want to tell me if 50btc is one of the prefab options you can mine on? It'll be interesting to see how the collapse caused by a few pools reniging on their obligations also blows up hopping/laundering/gambling proxy services.
616 2012-04-05 13:04:10 <Diablo-D3> gmaxwell: ITYM "lulz"
617 2012-04-05 13:05:03 <graingert> gmaxwell: http://blockchain.info/tx-index/3618498/4005d6bea3a93fb72f006d23e2685b85069d270cb57d15f0c057ef2d5e3f78d2
618 2012-04-05 13:05:20 <gmaxwell> graingert: yes? what about it?
619 2012-04-05 13:05:21 <graingert> ah I see that's already the topic
620 2012-04-05 13:05:26 <graingert> woops
621 2012-04-05 13:05:54 <gmaxwell> $ grep '4005d6bea3a' #bitcoin*.log | grep 'gmaxwell>' | wc -l
622 2012-04-05 13:06:03 <graingert> lol
623 2012-04-05 13:06:17 <TD> haha
624 2012-04-05 13:06:28 <TD> i guess i should get back to coding
625 2012-04-05 13:06:36 <sipa> gmaxwell obviously has a #bitcoin-gmaxwell channel in which he talks a lot to himself
626 2012-04-05 13:06:42 <Diablo-D3> er
627 2012-04-05 13:06:42 <graingert> so 3 designates a p2sh?
628 2012-04-05 13:06:46 <Diablo-D3> wtf is with that strange tx?
629 2012-04-05 13:06:48 <gmaxwell> (and in fact there are more� I didn't include #p2pool)
630 2012-04-05 13:06:54 <graingert> why was it accepted by anyone?
631 2012-04-05 13:07:13 <gmaxwell> graingert: because it's valid under the old rules. blockchain.info's decode is incorrect/misleading.
632 2012-04-05 13:07:21 <graingert> oh ofc
633 2012-04-05 13:07:24 <graingert> it doesn't have the 3
634 2012-04-05 13:07:29 <graingert> in the tx
635 2012-04-05 13:07:43 <graingert> nice
636 2012-04-05 13:07:47 <graingert> who made it?
637 2012-04-05 13:07:48 <gmaxwell> (they appearntly only show the packed script in a p2sh spend)
638 2012-04-05 13:07:51 <sipa> "the 3" is something that appears in the address, not in the transaction
639 2012-04-05 13:07:59 <gmaxwell> Who knows� it could have been an honest mistake.
640 2012-04-05 13:08:02 <sipa> an address is only a template for a transaction output
641 2012-04-05 13:08:07 <gmaxwell> It almost looks like a valid transaction.
642 2012-04-05 13:08:14 <Diablo-D3> so this is only valid on the broken chain?
643 2012-04-05 13:08:20 <gmaxwell> Diablo-D3: yes.
644 2012-04-05 13:08:31 <gmaxwell> Thats why it keeps getting mined and whoever mines it loses.
645 2012-04-05 13:08:50 <Diablo-D3> but why does it continue to keep... um
646 2012-04-05 13:08:59 <MasterChief> are 0 fees still being mined
647 2012-04-05 13:09:01 <gavinandresen> it passes the old IsStandard test
648 2012-04-05 13:09:07 <Diablo-D3> oh
649 2012-04-05 13:09:08 <Diablo-D3> I know why
650 2012-04-05 13:09:14 <Diablo-D3> all those included in blocks are orphans arent they
651 2012-04-05 13:09:21 <graingert> so who released the poison tx?
652 2012-04-05 13:09:24 <gmaxwell> MasterChief: sure. Assuming they meet the anti-dos rules.
653 2012-04-05 13:09:26 <graingert> released/unleashed
654 2012-04-05 13:09:40 <gmaxwell> < gmaxwell> Who knows� it could have been an honest mistake. < gmaxwell> It almost looks like a valid transaction.
655 2012-04-05 13:09:42 <MasterChief> just a normal low btc txn
656 2012-04-05 13:10:12 <Diablo-D3> [11:09:14] <Diablo-D3> all those included in blocks are orphans arent they
657 2012-04-05 13:10:19 <graingert> yes
658 2012-04-05 13:10:22 <gmaxwell> MasterChief: https://en.bitcoin.it/wiki/Transaction_fees
659 2012-04-05 13:10:24 <Diablo-D3> lawlz
660 2012-04-05 13:10:30 <Diablo-D3> you know
661 2012-04-05 13:10:31 <graingert> because they are all invalid to >50% of hash power
662 2012-04-05 13:10:36 <Diablo-D3> maybe we fixed the bot problem for awhile
663 2012-04-05 13:10:49 <Diablo-D3> if those are all botfags, then they're mining on a useless chain
664 2012-04-05 13:10:56 <MasterChief> i wonder how long the free minig can last
665 2012-04-05 13:11:03 <Diablo-D3> MasterChief: free?!
666 2012-04-05 13:11:10 <Diablo-D3> no one told me about free mining!
667 2012-04-05 13:11:15 <Diablo-D3> I have to _pay_ for mmine!
668 2012-04-05 13:11:32 <MasterChief> free for the sender
669 2012-04-05 13:11:50 <Diablo-D3> meh
670 2012-04-05 13:11:57 <Diablo-D3> all the major pools should reject feeless tx
671 2012-04-05 13:12:06 <gmaxwell> Diablo-D3: stop being silly.
672 2012-04-05 13:12:16 <Diablo-D3> s/silly/greedy/
673 2012-04-05 13:12:35 <gmaxwell> People spaz out about fees even when they're tiny. They have a disproportionally negative effect on adoption.
674 2012-04-05 13:13:12 <MasterChief> http://uk.gamespot.com/kinect-star-wars/videos/just-the-way-you-are-kinect-star-wars-gameplay-6369860/?contsessid=51647ed23803a8cca195456fd9b72fd0&prevBounce=6369707 youve gone too far this time xbox
675 2012-04-05 13:13:34 <Diablo-D3> MasterChief: I SAW THAT EARLIER
676 2012-04-05 13:13:37 <Diablo-D3> IT MAKES ME ANGRY
677 2012-04-05 13:13:43 <Diablo-D3> STAR WARS IS NOT A FUCKING DANCE CONTEST
678 2012-04-05 13:13:48 <MasterChief> share the pain brother
679 2012-04-05 13:14:08 <Diablo-D3> GEORGE LUCAS IS CONFIRMED GAY
680 2012-04-05 13:14:08 <sipa> star wars was a christmas holiday special tv thing, right? ;)
681 2012-04-05 13:14:15 <da2ce7> Starwars died when the character ja-ja binks was written.
682 2012-04-05 13:14:17 <Diablo-D3> sipa: I will beat you with a crowbar
683 2012-04-05 13:14:29 <sipa> Diablo-D3: i actually downloaded it
684 2012-04-05 13:14:34 <sipa> that was really unwatchable
685 2012-04-05 13:14:37 <MasterChief> you think if we raised funds we could buy the rights to star wars and lock them away in a vault forever and ever and ever and ever
686 2012-04-05 13:14:47 <Diablo-D3> I made it as far as the pink walking rug and bauled
687 2012-04-05 13:15:07 <Diablo-D3> MasterChief: over george lucas' dead fat body
688 2012-04-05 13:15:20 <Diablo-D3> remember, no vaporization
689 2012-04-05 13:15:31 <Diablo-D3> I want him alive
690 2012-04-05 13:15:43 <gavinandresen> i like the pelvic thrusts. needs more cowbell, though
691 2012-04-05 13:15:59 <MasterChief> oh god
692 2012-04-05 13:16:07 <MasterChief> and the words are right on the groin area
693 2012-04-05 13:16:08 <MasterChief> why
694 2012-04-05 13:16:19 <MasterChief> its a kids game
695 2012-04-05 13:16:28 <MasterChief> literally could not be more offensive
696 2012-04-05 13:16:59 <gavinandresen> that's so bad it makes me happy
697 2012-04-05 13:17:47 <Diablo-D3> IT MAKES ME ANGRY
698 2012-04-05 13:18:02 <Diablo-D3> seriously, star wars is a universe ABOUT DEATH
699 2012-04-05 13:18:02 <gmaxwell> Where is the quote bot when we need it? "gavinandresen> i like the pelvic thrusts. needs more cowbell, though"
700 2012-04-05 13:18:04 <Diablo-D3> EVERYONE DIES
701 2012-04-05 13:18:11 <Diablo-D3> _EVERYONE_ DIES
702 2012-04-05 13:18:19 <Diablo-D3> THEY DONT HAVE TIME TO PELVIC THRUST
703 2012-04-05 13:18:23 <Diablo-D3> THEY'RE _TOO BUSY DYING_
704 2012-04-05 13:18:29 <MasterChief> so anyway if i send a 0 fee txn will it mine before we find out if proton decay is real or not
705 2012-04-05 13:19:00 <gribble> Error: "quote" is not a valid command.
706 2012-04-05 13:19:00 <sipa> ;;quote
707 2012-04-05 13:19:32 <Diablo-D3> HAN SOLO DIES! CHEWBACCA DIES! LUKE SKYWALKER DIES!
708 2012-04-05 13:19:42 <Diablo-D3> DYKE SPIES!
709 2012-04-05 13:21:01 <Joric> try pressing the the Caps Lock key
710 2012-04-05 13:22:11 <riush_> http://bash.org/?835030
711 2012-04-05 13:22:38 <sipa> github mails me for every comment made on a pull request, but to find out one has been merged, i need to visit the site
712 2012-04-05 13:23:02 <Diablo-D3> sipa: ...
713 2012-04-05 13:29:01 <sipa> gavinandresen: is #883 0.6.1 material?
714 2012-04-05 13:29:39 <Diablo-D3> so how does one start a BIP?
715 2012-04-05 13:29:47 <sipa> Diablo-D3: read BIP 0001
716 2012-04-05 13:30:08 <Diablo-D3> because I think we need a bip that covers shitlisting old versions
717 2012-04-05 13:30:45 <sipa> define shitlisting
718 2012-04-05 13:31:13 <Diablo-D3> dont allow connecting to any version more than 5 minor versions behind
719 2012-04-05 13:31:43 <Diablo-D3> so 0.9.0 would be the first one to do it, it wouldn't allow connecting any 0.3.x
720 2012-04-05 13:31:57 <sipa> great way to create network partitions
721 2012-04-05 13:31:58 <gavinandresen> submit a pull for a command-line -minpeerversion=....
722 2012-04-05 13:33:21 <Diablo-D3> sipa: we already did
723 2012-04-05 13:33:26 <Diablo-D3> and we did it much earlier
724 2012-04-05 13:33:41 <gmaxwell> No we didn't.
725 2012-04-05 13:33:46 <Diablo-D3> we're only at 0.6.0, and anything below 0.2.x cant connect
726 2012-04-05 13:33:53 <sipa> 0.2.10
727 2012-04-05 13:33:57 <sipa> indeed
728 2012-04-05 13:34:05 <gmaxwell> (unless you mean the version flag)
729 2012-04-05 13:34:30 <sipa> Diablo-D3: also, since BIP14 nodes don't actually tell them their network version anymore
730 2012-04-05 13:34:31 <gmaxwell> 5 minor versions.. but two years. Two years is fine, five minor versions are not.
731 2012-04-05 13:34:35 <sipa> eh, their client version
732 2012-04-05 13:34:41 <gmaxwell> And that break wasn't gratitous, it was for a reason.
733 2012-04-05 13:34:56 <Diablo-D3> gmaxwell: around 5 minor versions is 2 years
734 2012-04-05 13:34:58 <sipa> yes, it allowed us to remove +- 10 lines of code 2 years later!
735 2012-04-05 13:35:12 <gmaxwell> (yea.. heh. well it was still a reason if a really weak one!)
736 2012-04-05 13:35:28 <sipa> well, 0.5->0.6 was 4 months, at that rate Diablo-D3 may be close :)
737 2012-04-05 13:35:36 <gmaxwell> Diablo-D3: you have no idea of that, we could potentially cut one minor version every two months from here on out.
738 2012-04-05 13:35:51 <Diablo-D3> yeah, but the BIP could have verbage to prevent that
739 2012-04-05 13:36:06 <Diablo-D3> 2 year minimum before you can issue a new minor
740 2012-04-05 13:36:15 <gmaxwell> That just makes no sense. Come on.
741 2012-04-05 13:36:23 <Diablo-D3> its just version numbers, it makes sense
742 2012-04-05 13:36:26 <gavinandresen> sipa: I think -loadblock counts as a new feature and should wait for 0.7
743 2012-04-05 13:36:28 <gmaxwell> There is no reason to intentionally disconnect old nodes for the sake of disconnecting them.
744 2012-04-05 13:36:31 <sipa> gavinandresen: ok
745 2012-04-05 13:36:34 <sipa> i don't think BIPs should concern client details
746 2012-04-05 13:36:47 <sipa> unless in an adversory way
747 2012-04-05 13:36:55 <sipa> *advisory
748 2012-04-05 13:37:02 <gmaxwell> If they're broken or harmful or whatever, then sure� disconnect them when thats discovered.
749 2012-04-05 13:55:43 <MasterChief> ive got unwanted recieve addresses in my btcoin-qt here but the delete button is greyed
750 2012-04-05 13:57:22 <Diapolo> hi
751 2012-04-05 14:09:00 <helo> MasterChief: bitcoin doesn't ever forget receiving addresses, because if funds were sent to deleted receiving addresses, they would be lost forever
752 2012-04-05 14:09:30 <MasterChief> whats the delete button for then
753 2012-04-05 14:09:47 <MasterChief> also i never sent them out to anyone so i doubt they will get coins
754 2012-04-05 14:10:03 <helo> it should probably be hidden instead of just greyed in that screen
755 2012-04-05 14:10:21 <MasterChief> oh bad ui lol
756 2012-04-05 14:10:33 <sipa> MasterChief: the button will be deleted in 0.6.1
757 2012-04-05 14:14:38 <MasterChief> so i should stop being an aspie and dont worry about unused addresses shitting up my screen?
758 2012-04-05 14:14:59 <Diapolo> create a new wallet and send your funds to it?
759 2012-04-05 14:15:01 <t7> MasterChief: worry dude
760 2012-04-05 14:17:21 <Diapolo> sipa: How long takes a normal testnet blockchain download?
761 2012-04-05 14:18:19 <Diapolo> sipa: with the current client of course
762 2012-04-05 14:19:03 <gmaxwell> Diablo-D3: that mostly depends on finding working and current testnet peers.
763 2012-04-05 14:19:23 <Diablo-D3> tabfail
764 2012-04-05 14:19:34 <Diablo-D3> Diapolo: and you really should look into getting a new nick
765 2012-04-05 14:19:42 <Diablo-D3> too many people confuse you with me.
766 2012-04-05 14:20:00 <Diapolo> That's my name since the release of Diablo, sorry dude.
767 2012-04-05 14:20:14 <Diablo-D3> My nick predates Blizzard Entertainment, co.
768 2012-04-05 14:20:57 <Diapolo> doesn't matter, no chance I will chose another one ;) sorry
769 2012-04-05 14:21:17 <gmaxwell> Fight to the death!
770 2012-04-05 14:21:37 <Diablo-D3> gmaxwell: well, as long as he doesnt pick kernel coding as his weapon he might have a chance of winning
771 2012-04-05 14:21:52 <Diapolo> gmaxwell: Any time-span I can work with during my tests for that testnet thing?
772 2012-04-05 14:22:02 <Diapolo> DiaKGCN is not that bad ^^
773 2012-04-05 14:22:19 <nanotube> Diapolo: your nicks look totally different. yours is green, and his is orange. no confusion whatsoever! :)
774 2012-04-05 14:22:28 <Diablo-D3> nanotube: argh!
775 2012-04-05 14:22:29 <nanotube> Diablo-D3: ^
776 2012-04-05 14:22:37 <Diapolo> LOL
777 2012-04-05 14:22:40 <nanotube> hehe
778 2012-04-05 14:22:56 <MasterChief> no Diapolo is red and Diablo-D3 is green
779 2012-04-05 14:23:08 <nanotube> MasterChief: yes, tabfail on my part :P
780 2012-04-05 14:23:24 <nanotube> sorry Diablo-D3, xchat default colors based on nick hash or something. if you don't like being green, tough life. :)
781 2012-04-05 14:24:01 <Diapolo> Diablo-D3: What's the progress with your kernel? Any great performance optimisations over the last weeks?
782 2012-04-05 14:24:11 <Diablo-D3> Diapolo: no
783 2012-04-05 14:24:19 <Diablo-D3> the GCN compiler is doing almost all the right shit
784 2012-04-05 14:24:55 <Diapolo> I can't count the hours I tried to squeeze something more out of it -_-.
785 2012-04-05 14:25:15 <Diablo-D3> does cgminer offer it yet?
786 2012-04-05 14:25:28 <Diapolo> Offer what?
787 2012-04-05 14:25:37 <Diablo-D3> diakgcn
788 2012-04-05 14:25:51 <Diapolo> Yes: -k diakgcn -v 2 -w 256
789 2012-04-05 14:26:19 <TD> hmm
790 2012-04-05 14:26:24 <Diapolo> I helped Con integrating it ... well it seems to lose in comparison with yours or his poclbm version ^^.
791 2012-04-05 14:26:25 <Diablo-D3> -v 2? wtf?
792 2012-04-05 14:26:26 <Diablo-D3> why?
793 2012-04-05 14:26:29 <Diapolo> try it
794 2012-04-05 14:26:34 <Diablo-D3> I dont use cgminer
795 2012-04-05 14:26:34 <Diapolo> it IS faster with diakgcn
796 2012-04-05 14:26:40 <Diablo-D3> thats fucked up if it is faster
797 2012-04-05 14:26:41 <Diapolo> dunno why
798 2012-04-05 14:26:41 <TD> bitcoin-qt isn't taking focus or responding to ui input for me, it's busy processing a giant new best chain
799 2012-04-05 14:26:43 <Diablo-D3> I should look at yours
800 2012-04-05 14:26:43 <TD> :(
801 2012-04-05 14:27:16 <sipa> Diablo-D3: you had your nick sincer you were 8?
802 2012-04-05 14:27:17 <Diapolo> I did that too ^^.
803 2012-04-05 14:27:23 <sipa> *since
804 2012-04-05 14:27:28 <sipa> TD: 0.6.0?
805 2012-04-05 14:27:44 <TD> ah yes
806 2012-04-05 14:27:46 <TD> i should upgrade
807 2012-04-05 14:27:49 <TD> i think it's rc2
808 2012-04-05 14:27:50 <Diapolo> ^^
809 2012-04-05 14:27:53 <Diapolo> imediately
810 2012-04-05 14:28:05 <sipa> TD: then you should certainly upgrade
811 2012-04-05 14:28:22 <Diablo-D3> sipa: no, 10
812 2012-04-05 14:28:30 <Diablo-D3> wait
813 2012-04-05 14:28:32 <Diablo-D3> I did the math wrong
814 2012-04-05 14:28:32 <Diapolo> it's so cool my work on the fu....ing progressbar got merged :)
815 2012-04-05 14:28:52 <Diablo-D3> sipa: blizzard entertainment was opened when I was 10
816 2012-04-05 14:29:06 <Diablo-D3> and Ive had my nick since 1992
817 2012-04-05 14:29:10 <Diablo-D3> so yeah, 8
818 2012-04-05 14:29:12 <Diablo-D3> you were right
819 2012-04-05 14:29:15 <Diapolo> <- 1996
820 2012-04-05 14:29:32 <Diapolo> You had a PC when you were 8?
821 2012-04-05 14:29:39 <Diapolo> holy shit ^^
822 2012-04-05 14:29:41 <sipa> i did
823 2012-04-05 14:29:44 <Diablo-D3> I had a pc when I was 6.
824 2012-04-05 14:29:56 <Diapolo> I was 16 ;)
825 2012-04-05 14:30:16 <sipa> i was 7, it was a 80386 DX with 2 MiB RAM and 40 MB harddisk
826 2012-04-05 14:30:31 <Diablo-D3> 8088, 6mhz, 640kb of memory after upgrade
827 2012-04-05 14:31:00 <Diapolo> 486 DX4 with a 1GB HDD and 1MB graphics card ... it had Win95 I remember
828 2012-04-05 14:31:24 <pjorrit> comparing shriveled old epeens again? ;D
829 2012-04-05 14:32:10 <Diapolo> are 16 minutes for a full blockchain download fast / slow / normal?
830 2012-04-05 14:32:36 <sipa> Diapolo: testnet or mainnet?
831 2012-04-05 14:32:41 <Diapolo> test
832 2012-04-05 14:33:01 <Diapolo> main would be insane ^^
833 2012-04-05 14:34:03 <TD> so why does 0.6.0 block for so long if you try and make a payment during chain download?
834 2012-04-05 14:34:47 <Diapolo> sipa: to my question, would you say that quicker or as fast as the current client would do it?
835 2012-04-05 14:34:49 <sipa> TD: 0.6.0rc2 still, or did you upgrade?
836 2012-04-05 14:35:08 <sipa> Diapolo: testnet is tiny, the only thing that matters is how fast a peer can give it to you?
837 2012-04-05 14:35:12 <TD> rc2 still
838 2012-04-05 14:35:19 <TD> i'll upgrade to head in a sec
839 2012-04-05 14:35:21 <sipa> TD: since 0.6.0rc3 has a bugfix specifically for that
840 2012-04-05 14:35:31 <Diapolo> sipa: will try main now
841 2012-04-05 14:35:47 <TD> ok
842 2012-04-05 14:36:14 <sipa> TD: 0.6.0rc2 and before saw a new block arriving in the new chain, and tried a (-1 block, +thousands_of_blocks) reorganisation
843 2012-04-05 14:36:28 <sipa> which happens in a single database transaction
844 2012-04-05 14:36:39 <TD> adding the blocks is pretty fast
845 2012-04-05 14:36:43 <TD> i can see it in the logs
846 2012-04-05 14:36:57 <sipa> yes, but bdb chokes on such a large transaction
847 2012-04-05 14:37:01 <Diapolo> sipa: have you access to the BDB stat tool? I can't find that for Windows ...
848 2012-04-05 14:37:11 <TD> ok
849 2012-04-05 14:37:26 <TD> i'll try rebuilding and see if it makes any difference
850 2012-04-05 14:37:27 <sipa> anyway, since rc3 it will do a (-1 block, +2 blocks) reorg, which suffices to switch to the new chain, and then connect the other blocks normally to it
851 2012-04-05 14:37:39 <sipa> one by one
852 2012-04-05 14:37:52 <TD> it was following the chain correctly.
853 2012-04-05 14:38:01 <TD> i think i encountered the rc1 problem before and fixed it
854 2012-04-05 14:38:04 <TD> this is a different issue
855 2012-04-05 14:38:23 <TD> when attempting to craft a transaction whilst the chain is being downloaded normally (no bdb errors visible), it takes forever until the "you need to attach a fee" window popsup
856 2012-04-05 14:38:39 <sipa> hmm, right, over-eager locking
857 2012-04-05 14:38:52 <Diapolo> first upgrade, second recheck, third bugreport ^^
858 2012-04-05 14:39:26 <TD> i had a similar issue in bitcoinj
859 2012-04-05 14:39:34 <sipa> yes, try 0.6.0 final first; there have been several changes in the database handling and block chain management
860 2012-04-05 14:39:41 <TD> attempting to touch the app whilst it was catching up with the block chain would result in an ANR kill
861 2012-04-05 14:39:46 <TD> finer grained locking fixed it
862 2012-04-05 14:54:51 <Diapolo_> I hate bluescreens -_-