  1 2012-05-30 08:22:43 <neofutur> new version of the mtgox ticker firefox addon, using api v1, https://github.com/joric/mtgox-ticker/pull/1 , xpi updated on http://gemelos.ww7.be/mtgox-ticker/mtgox-ticker.xpi
  2 2012-05-30 08:22:48 <neofutur> if you installed the old one and have weird multi-currency behaviour on mtgox.com, upgrade
  3 2012-05-30 10:55:35 <gigavps> are there any bitcoin security experts in this channel?
  4 2012-05-30 10:56:45 <Diablo-D3> probably.
  5 2012-05-30 11:00:19 <sipa> gigavps: how do you define security expert?
  6 2012-05-30 11:02:03 <drizztbsd> sipa: a security expert looks like a big nerd
  7 2012-05-30 11:03:28 <gigavps> sipa one who knows of all attack vectors against the bitcoin client and servers in general
  8 2012-05-30 11:04:15 <gigavps> and who wants to work on bitcoin related projects
  9 2012-05-30 11:05:17 <gigavps> i'm looking to start a project that will require someone with knowledge in this area
 10 2012-05-30 11:05:27 <gigavps> and i'm willing to pay.....
 11 2012-05-30 11:05:29 <egecko> !
 12 2012-05-30 11:06:30 <drizztbsd> pay in bitcoins? :P
 13 2012-05-30 11:07:04 <t7> bitcoins dont exist
 14 2012-05-30 11:07:06 <gigavps> bitcoins, $$$, whatever
 15 2012-05-30 11:07:07 <t7> only in your mind
 16 2012-05-30 11:16:15 <eps> security is a process, not a destination
 17 2012-05-30 11:16:31 <Diablo-D3> ^ this
 18 2012-05-30 11:16:51 <drizztbsd> most problems are already be fixed (penny spamming, etc)
 19 2012-05-30 12:17:00 <helo> EXCEPTION: 11DBexception Db::open: Invalid argument
 20 2012-05-30 12:17:22 <helo> ^ when i try to start bitcoin
 21 2012-05-30 12:17:34 <sipa> which version is that?
 22 2012-05-30 12:17:55 <helo> after running for about 13 days, it crashed with EXCEPTION: 22DbRunRecoveryException DbEnv::txn_checkpoint: DB_RUNRECOVERY: Fatal error, run database recovery bitcoin in ThreadMessageHandler()
 23 2012-05-30 12:17:56 <sipa> and more importantly, which bdb version is it linked against?
 24 2012-05-30 12:18:00 <helo> 0.6.2
 25 2012-05-30 12:18:44 <drizztbsd> 0.6.2 is not a bdb version
 26 2012-05-30 12:18:49 <helo> right... one sec
 27 2012-05-30 12:19:10 <helo> libdb_cxx-4.8.so => /usr/lib/x86_64-linux-gnu/libdb_cxx-4.8.so
 28 2012-05-30 12:19:46 <helo> it's directly from ppa:bitcoin/bitcoin
 29 2012-05-30 12:19:55 <drizztbsd> 4.8? old :)
 30 2012-05-30 12:21:39 <helo> that's what ppa:bitcoin/bitcoin is giving me
 31 2012-05-30 12:21:51 <drizztbsd> no, it's not
 32 2012-05-30 12:21:56 <drizztbsd> which version of ubuntu?
 33 2012-05-30 12:21:57 <helo> Get: 1 http://ppa.launchpad.net/bitcoin/bitcoin/ubuntu/ precise/main libdb4.8++ amd64 4.8.30-10precise1 [718 kB]
 34 2012-05-30 12:22:53 <BlueMatt> drizztbsd: the bitcoin ppa provides libdb4.8 so that wallets remain compatible with other versions of bitcoin and cross-platform
 35 2012-05-30 12:23:21 <BlueMatt> hopefully, wallets will be bdb-less eventually, and then we can link against the system default bdb
 36 2012-05-30 12:23:21 <drizztbsd> oh, ok
 37 2012-05-30 12:23:37 <drizztbsd> Archlinux uses system bdb
 38 2012-05-30 12:23:47 <BlueMatt> and I really wish they wouldnt
 39 2012-05-30 12:23:48 <helo> per the forums, i tried rm -rf db* database* .lock *.pid
 40 2012-05-30 12:24:02 <drizztbsd> BlueMatt: why?
 41 2012-05-30 12:24:32 <BlueMatt> use your wallet once on archlinux, and you cant switch to ubuntu/windows/mac or any other regular bitcoin builds
 42 2012-05-30 12:25:29 <drizztbsd> why are you using an old version of bdb?
 43 2012-05-30 12:25:35 <drizztbsd> it's the same question :P
 44 2012-05-30 12:26:07 <luke-jr> BlueMatt: different things
 45 2012-05-30 12:26:12 <luke-jr> system bdb could be 4.8
 46 2012-05-30 12:26:37 <luke-jr> using system bdb is the "right thing" - but it should be 4.8 for compat :p
 47 2012-05-30 12:26:58 <BlueMatt> because its what weve always used and upgrading would mean you lose backward compatibility with old versions of bdb, also, its the most-supported version on the list of os' we support
 48 2012-05-30 12:27:18 <BlueMatt> (only counting ubuntu, because we can chose what we want for win32/mac)
 49 2012-05-30 12:27:36 <drizztbsd> mumble
 50 2012-05-30 12:27:42 <luke-jr> drizztbsd: is it better to force old users to upgrade bdb, or new users to have old bdb alongside?
 51 2012-05-30 12:28:01 <drizztbsd> luke-jr: archlinux policy does not allow multiple version of the same package
 52 2012-05-30 12:28:09 <luke-jr> drizztbsd: well that's a stupid policy
 53 2012-05-30 12:28:14 <BlueMatt> archlinux policy sucks, then
 54 2012-05-30 12:28:21 <sipa> it's not the same package (or it shouldn't be)
 55 2012-05-30 12:28:24 <luke-jr> drizztbsd: Gentoo allows me to install pretty much every bdb
 56 2012-05-30 12:28:31 <luke-jr> sipa: yes it is&
 57 2012-05-30 12:28:34 <drizztbsd> so I have to link statically bitcoind / bitcoin-qt with bdb
 58 2012-05-30 12:28:47 <BlueMatt> hopefully not for too much longer
 59 2012-05-30 12:28:52 <BlueMatt> sipa: is working on bdb-less wallets
 60 2012-05-30 12:29:20 <drizztbsd> db 5.3.15-1
 61 2012-05-30 12:29:23 <luke-jr> drizztbsd: or just install db 4.8
 62 2012-05-30 12:29:36 <luke-jr> or link to db 5.3 and forget compat
 63 2012-05-30 12:29:41 <sipa> BlueMatt: works quite well already, but i need a rewrite system when too much junk has accumulated in the wallet
 64 2012-05-30 12:30:06 <BlueMatt> sipa: I didnt say it was ready, only that it was being worked on ;)
 65 2012-05-30 12:30:17 <helo> what kind of format is the bdb-less wallet?
 66 2012-05-30 12:30:17 <sipa> in particular, the best known block (a 320-byte data structure) gets added too frequently
 67 2012-05-30 12:30:27 <drizztbsd> archlinux uses 5.3, so any archlinux user uses 5.3 :P
 68 2012-05-30 12:30:45 <sipa> helo: custom binary, append-only, using sha checksums to prevent corruption
 69 2012-05-30 12:30:55 <BlueMatt> drizztbsd: there is a reason libs have version numbers in them
 70 2012-05-30 12:31:12 <BlueMatt> you dont link against libdb++, you link against libdb++X.Y
 71 2012-05-30 12:31:22 <luke-jr> sipa: can checksums really prevent corruption? I thought just detect?
 72 2012-05-30 12:31:40 <sipa> luke-jr: prevent, by ignoring the corrupted part :p
 73 2012-05-30 12:31:45 <BlueMatt> sorry, libdb_cxx-X.Y
 74 2012-05-30 12:32:03 <luke-jr> sipa: that doesn't work when it's a privkey
 75 2012-05-30 12:32:04 <sipa> there's no error correction, if that's your question
 76 2012-05-30 12:32:11 <sipa> luke-jr: ?
 77 2012-05-30 12:32:56 <helo> is this error a result of some particular problem with my (pretty standard) ubuntu 12.04 system?
 78 2012-05-30 12:33:07 <sipa> data loss is possible, but that is not corruption
 79 2012-05-30 12:34:13 <drizztbsd> BlueMatt: yes, but ldconfig will create a symlink using the last version of a package
 80 2012-05-30 12:34:16 <helo> i ran out of disk space just before i noticed it had crashed
 81 2012-05-30 12:34:20 <sipa> helo: did you use another bitcoind before? (not ppa)
 82 2012-05-30 12:34:21 <drizztbsd> /usr/lib/libdb_cxx.so -> libdb_cxx-5.3.so
 83 2012-05-30 12:34:24 <helo> sipa: nope
 84 2012-05-30 12:34:34 <sipa> ah, disk full?
 85 2012-05-30 12:34:49 <helo> just for a few seconds, but yes
 86 2012-05-30 12:34:54 <BlueMatt> drizztbsd: thats why you dont link against the unversioned one
 87 2012-05-30 12:35:46 <luke-jr> drizztbsd: not ldconfig, no
 88 2012-05-30 12:35:58 <helo> i suppose i need to download the entire blockchain again?
 89 2012-05-30 12:36:05 <luke-jr> drizztbsd: besides, you want that
 90 2012-05-30 12:36:43 <luke-jr> drizztbsd: make -f makefile.unix BDB_LIB_SUFFIX=-4.8
 91 2012-05-30 12:40:50 <helo> hmm... removing ~/.bitcoin/db*.dat was not enough
 92 2012-05-30 12:41:14 <drizztbsd> luke-jr: I was a Gentoo developer
 93 2012-05-30 12:41:23 <luke-jr> drizztbsd: yeah, that sucks bad
 94 2012-05-30 12:41:32 <drizztbsd> what?
 95 2012-05-30 12:41:33 <luke-jr> drizztbsd: nowadays, I just use Gentoo + overlays
 96 2012-05-30 12:41:39 <luke-jr> drizztbsd: being a Gentoo developer
 97 2012-05-30 12:41:45 <drizztbsd> oh lol
 98 2012-05-30 12:41:55 <luke-jr> I was a Gentoo developer years ago >_<
 99 2012-05-30 12:42:55 <drizztbsd> have you ever tried exherbo?
100 2012-05-30 12:45:15 <luke-jr> no
101 2012-05-30 12:47:16 <sipa> helo: likely
102 2012-05-30 12:50:42 <helo> hopefully whatever caused this apparent corruption couldn't have happened to wallet.dat
103 2012-05-30 12:51:11 <helo> *can't happen
104 2012-05-30 12:51:44 <TD> is there a way to get a raw public key via the command line interface?
105 2012-05-30 12:51:52 <TD> i'm not seeing an obvious rpc i can send to get that. it only seems to handle addresses
106 2012-05-30 12:51:55 <gmaxwell> TD: yes.
107 2012-05-30 12:52:11 <sipa> TD: validateaddresa
108 2012-05-30 12:52:12 <TD> i can get the private key and multiply :)
109 2012-05-30 12:52:13 <TD> ah
110 2012-05-30 12:52:14 <TD> thanks
111 2012-05-30 12:52:30 <sipa> it's more of a getaddressinfo these days
112 2012-05-30 12:52:34 <gmaxwell> TD: watcha want it for?
113 2012-05-30 12:52:48 <TD> i'm testing raw pubkey input/output for bitcoinj
114 2012-05-30 12:52:58 <TD> is there an RPC to send to a public key, also?
115 2012-05-30 12:54:13 <sipa> there were plans to add a to-pubkey address type, but it was never implemented
116 2012-05-30 12:54:24 <gmaxwell> I don't believe there is.
117 2012-05-30 12:54:27 <sipa> should be very simple now, though
118 2012-05-30 12:54:57 <TD> ok
119 2012-05-30 12:55:16 <gmaxwell> meh. Not a very interesting feature.
120 2012-05-30 12:55:22 <TD> it's no biggie. i can use a pubkey-only wallet with some keys i found off the block explorer.
121 2012-05-30 13:14:43 <TD> seems like bitcoinj can handle ipv6 no problem. just makes the debug lines a bit too long to be comfortable
122 2012-05-30 13:16:27 <gmaxwell> First world problems.
123 2012-05-30 14:22:08 <D34TH> imaging a new box specifically for building bitcoin
124 2012-05-30 14:22:09 <D34TH> :D
125 2012-05-30 14:35:02 <drizztbsd> "building"?
126 2012-05-30 14:44:09 <TimothyA> compiling
127 2012-05-30 15:47:33 <gribble> New news from bitcoinrss: luke-jr opened pull request 1398 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/pull/1398>
128 2012-05-30 15:56:39 <D34TH> heh luke-jr noob protection
129 2012-05-30 15:57:13 <D34TH> i found out the hard way this morning, apparently someone installed 5.0 on the box when i wasnt looking
130 2012-05-30 15:58:17 <D34TH> but might a suggest an addition to it
131 2012-05-30 15:58:56 <D34TH> add message(Non-Optimal BDB Detected) in the bitcoin-qt.pro
132 2012-05-30 16:00:41 <sipa> luke-jr: you eligius nodes advertize as protocol version 70000?
133 2012-05-30 16:01:18 <drizztbsd> D34TH: I'm using bdb 5.3
134 2012-05-30 16:01:33 <D34TH> mine wouldnt make
135 2012-05-30 16:01:40 <D34TH> but its probably me
136 2012-05-30 16:01:59 <D34TH> and my inability to compile anything bitcoin
137 2012-05-30 16:02:03 <luke-jr> sipa: probably
138 2012-05-30 16:02:15 <luke-jr> sipa: will be fixed when I rebase to 0.6.x someday
139 2012-05-30 16:02:21 <sipa> ok
140 2012-05-30 16:02:37 <luke-jr> sipa: they're based on an old next-test
141 2012-05-30 16:03:07 <luke-jr> (0.6.0.x series)
142 2012-05-30 16:26:52 <D34TH> drizztbsd attempting with libdb5.1
143 2012-05-30 16:32:36 <BlueMatt> and, iirc, so is jgarzik's
144 2012-05-30 16:34:57 <BlueMatt> in other words, if you dont mind always compiling your own bitcoind/-qt, feel free
145 2012-05-30 16:38:13 <sipa> i have no idea what bdb i use, and i don't care
146 2012-05-30 16:38:19 <sipa> 5.1 i think
147 2012-05-30 16:39:30 <D34TH> bluematt how did you fix that sha256 error
148 2012-05-30 16:39:43 <gmaxwell> BlueMatt: the big performance regressions jgarzik saw were fun.
149 2012-05-30 16:39:55 <BlueMatt> gmaxwell: well, yea...
150 2012-05-30 16:40:03 <BlueMatt> D34TH: what sha256 error?
151 2012-05-30 16:40:10 <D34TH> src/util.h:383: error: ??SHA256?? was not declared in this scope
152 2012-05-30 16:40:24 <TD> is it expected that p2pool won't have 100% "luck" over the long term?
153 2012-05-30 16:40:28 <Matt_von_Mises> Can anyone give a very quick explanation of how the main client serialises and deserialises messages? I just wanted to get a general idea of what happens but looking at the source code kills my brain.
154 2012-05-30 16:40:50 <BlueMatt> D34TH: I dont see how that would be bdb related?
155 2012-05-30 16:40:55 <D34TH> not
156 2012-05-30 16:41:11 <D34TH> i was asking about the sha256 error you were having with jenkins
157 2012-05-30 16:41:34 <TD> Matt_von_Mises: it's using C++ operator overloading on a stream class
158 2012-05-30 16:41:43 <TD> are you the guy writing the C implementation?
159 2012-05-30 16:41:52 <BlueMatt> D34TH: oh, openssl was upgraded in the makefile, I just had to build the new openssl
160 2012-05-30 16:42:06 <Matt_von_Mises> TD: Yes.
161 2012-05-30 16:42:25 <TD> i don't think it's possible to do a full / correct bitcoin implementation today unless you can read C++
162 2012-05-30 16:42:29 <TD> the docs aren't good enough for that
163 2012-05-30 16:42:45 <BlueMatt> what docs? ;)
164 2012-05-30 16:42:52 <TD> you can also look at  bitcoinj to see how serialization is done, if you find java easier
165 2012-05-30 16:43:26 <BlueMatt> oh, congrats on 0.5, TD
166 2012-05-30 16:43:40 <TD> thanks. it's not a big release. but there's a lot of good stuff being contributed for 0.6
167 2012-05-30 16:43:57 <Matt_von_Mises> Well so far it's been fine implementing it. I have no idea what "it's using C++ operator overloading on a stream class" actually is but I want to use pointers to the serialised byte data. Bitcoinj copies everything from the byte data and I don't want that.
168 2012-05-30 16:44:04 <gavinandresen> ... or BCDataStream.py in bitcointools if you like python
169 2012-05-30 16:44:05 <BlueMatt> still, its a new release, so still, congrats
170 2012-05-30 16:44:13 <TD> thanks :)
171 2012-05-30 16:44:40 <Matt_von_Mises> TD: THe bitcoinj serialisation is not good.
172 2012-05-30 16:44:56 <Matt_von_Mises> I was originally basing my code on bitcoinj but I've scrapped that idea.
173 2012-05-30 16:45:15 <Matt_von_Mises> I very much want to do as much as possible from scratch.
174 2012-05-30 16:45:22 <TD> what's not good about it? i don't think you want to use pointers into raw byte arrays
175 2012-05-30 16:45:30 <TD> afaik no implementation does that, and for good reasons
176 2012-05-30 16:45:34 <Matt_von_Mises> TD: Why not?
177 2012-05-30 16:45:51 <TD> because then you have no type safety. some fields in bitcoin structs are hashes, some are ints, some are strings, etc
178 2012-05-30 16:45:56 <gavinandresen> because security is way more important than performance?
179 2012-05-30 16:46:08 <TD> it's not even clear to me the performance is better
180 2012-05-30 16:46:19 <TD> it means converting to a native type on every read instead of once during deserialization
181 2012-05-30 16:46:28 <gavinandresen> performance won't be any better, you'll be IO bound, not CPU bound anyway
182 2012-05-30 16:46:36 <sipa> agree with TD here
183 2012-05-30 16:47:19 <Matt_von_Mises> TD: I do not see the type safety issue? Once the pointers are set-up correctly they can just be dereferenced or used as structure pointers.
184 2012-05-30 16:47:49 <TD> think about the command part of the message packets. it's a fixed length string
185 2012-05-30 16:47:55 <TD> what are you going to do with that, strcmp it?
186 2012-05-30 16:48:17 <sipa> strncmp would work, actually
187 2012-05-30 16:48:19 <Matt_von_Mises> In C, strings are char pointers.
188 2012-05-30 16:48:37 <TD> i know how C strings work
189 2012-05-30 16:48:42 <Matt_von_Mises> You must always use strncmp or strcmp (With termination character).
190 2012-05-30 16:48:47 <TD> my point is that they are normally null terminated
191 2012-05-30 16:48:48 <gmaxwell> sipa: memcmp is generally preferred for that sort of thing, lest you get the stops at \0 behavior which you don't want for that. :)
192 2012-05-30 16:48:58 <TD> anyway
193 2012-05-30 16:49:00 <sipa> gmaxwell: agree
194 2012-05-30 16:49:04 <Matt_von_Mises> TD: Well if they aren't then I'll use strncpy, so what?
195 2012-05-30 16:49:20 <TD> questions like "how does bitcoin serialize messages" are better asked on the forum, imho. this is not a channel for teaching you programming. if you can't read the bitcoin source and don't want to use codebases in other languages, then you are on your own
196 2012-05-30 16:49:37 <sipa> Matt_von_Mises: do you want your code to be neutral endian?
197 2012-05-30 16:49:43 <Matt_von_Mises> Indeed memcmp would be better.
198 2012-05-30 16:49:55 <Matt_von_Mises> Unless termination characters are indeed used.
199 2012-05-30 16:50:29 <sipa> how will you deal with variable-length integers?
200 2012-05-30 16:50:32 <Matt_von_Mises> sipa: What do you mean?
201 2012-05-30 16:51:18 <Matt_von_Mises> TD: I'm not asking information on a programming language.
202 2012-05-30 16:51:22 <sipa> immagoogle endianness
203 2012-05-30 16:51:24 <Matt_von_Mises> Or being taught programming.
204 2012-05-30 16:51:24 <sipa> eh
205 2012-05-30 16:51:44 <sipa> google endianness, or byte order
206 2012-05-30 16:52:00 <Matt_von_Mises> I have some functions and a structure for the variable length integers.
207 2012-05-30 16:52:33 <Matt_von_Mises> I know what endianness is.
208 2012-05-30 16:52:59 <Matt_von_Mises> But don't know what you mean by neutral endian. I only know of little and big endian.
209 2012-05-30 16:53:08 <TD> your structures will end up containing extra data that isn't on the wire anyway. at that point you can't simply point into data scraped off the wire, unless you want to have two structures for each logical concept
210 2012-05-30 16:53:27 <sipa> neutrial endian = works on all endiannesses
211 2012-05-30 16:53:30 <Matt_von_Mises> TD: Structures can mix pointers with other data.
212 2012-05-30 16:53:59 <sipa> but your serialization cannot
213 2012-05-30 16:54:23 <sipa> so you won't be able to just use a struct as serialized data
214 2012-05-30 16:57:01 <Matt_von_Mises> I'm trying to understand here. The code takes into account the endianness of different bitcoin data.
215 2012-05-30 16:57:46 <TD> the point is that your structure can't just be some pointers into serialized data because you need to track things like spent flags that aren't serialized.
216 2012-05-30 16:58:04 <TD> at that point you can't just have struct Block { struct Transaction *transactions; }
217 2012-05-30 16:58:10 <TD> right? because there's nowhere to put that extra data
218 2012-05-30 16:58:30 <TD> also, structure are variable length
219 2012-05-30 16:58:55 <TD> so you can't really do pointer arithmetic to find stuff. you have to parse a block byte by byte to figure out where things start and end
220 2012-05-30 16:59:11 <TD> if you're doing that, you may as well just copy the data into a structure of a format you control and can add things too. you're reading every byte anyway.
221 2012-05-30 17:00:52 <sipa> Matt_von_Mises: say you have an in in your transaction struct somewhere
222 2012-05-30 17:01:41 <sipa> you keep some pointer around to it, so you can easily access it as a serialized piece of data (for example to send it over the network)
223 2012-05-30 17:02:08 <sipa> however, th network protocol requires that serialization is done in little-endian for integers
224 2012-05-30 17:02:28 <sipa> so if you're running on an big-endian system, it will fail
225 2012-05-30 17:02:55 <sipa> as it would copy its big-endian in-memory integer to the network buffer
226 2012-05-30 17:03:41 <sipa> note that the current satoshi coinbase cannot deal with big-endian systems for the same reason, but at least that is fixable
227 2012-05-30 17:08:47 <luke-jr> s/coinbase/codebase/?
228 2012-05-30 17:09:40 <GTRsdk> sipa: have you got access to a big endian system yet, or do you still need that?
229 2012-05-30 17:09:57 <helo> different archs also have different alignment
230 2012-05-30 17:10:08 <helo> and padding
231 2012-05-30 17:12:08 <sipa> luke-jr: indeed!
232 2012-05-30 17:12:44 <sipa> GTRsdk: haven't sought further, but i won't have time for that too soon anyway
233 2012-05-30 17:13:17 <D34TH> hmm im thinking gitian ran into an error for me
234 2012-05-30 17:13:28 <D34TH> stuck on 15:12:40,480 INFO    : Calling hook: bootstrap
235 2012-05-30 17:14:01 <Matt_von_Mises> Almost done thinking& :P
236 2012-05-30 17:23:07 <Matt_von_Mises> I think I know what I'm doing now. It's hard to explain and my head hurts but it involves keeping the byte data for some objects and storing some converted integers.
237 2012-05-30 17:23:24 <Matt_von_Mises> Anyway I just realised I'm converting the integers wrong&
238 2012-05-30 17:23:46 <D34TH> sipa i finally got gitian to work its missing a file though
239 2012-05-30 17:23:52 <D34TH> ../bitcoin/contrib/gitian.yml
240 2012-05-30 17:23:56 <luke-jr> &
241 2012-05-30 17:24:19 <sipa> D34TH: you need to checkout bitcoin as well as gitian-builder
242 2012-05-30 17:24:24 <D34TH> it is
243 2012-05-30 17:24:26 <D34TH> its not there
244 2012-05-30 17:24:31 <D34TH> https://github.com/bitcoin/bitcoin/tree/master/contrib
245 2012-05-30 17:24:54 <D34TH> is it the descriptors directory?
246 2012-05-30 17:24:55 <sipa> Matt_von_Mises: i think you're making things harder for yourself that way, but carry on
247 2012-05-30 17:25:11 <sipa> D34TH: yes, you're probably using some old script?
248 2012-05-30 17:25:32 <Matt_von_Mises> sipa: THere is a lot of byte arrays and nested byte arrays. It's confusing copying them all the time. So I think this might be a less confusing way...
249 2012-05-30 17:25:33 <D34TH> 806265
250 2012-05-30 17:26:35 <D34TH> aww man the make-base-vm crashed
251 2012-05-30 17:29:07 <D34TH> INFO    : umount: /tmp/tmpdE4n71/dev: device is busy.
252 2012-05-30 17:29:12 <D34TH> damn
253 2012-05-30 17:36:11 <D34TH> sipa if you could pastebin the latest script id love you
254 2012-05-30 17:57:22 <sipa> D34TH: i remember that bug
255 2012-05-30 17:59:43 <sipa> D34TH: https://github.com/devrandom/gitian-builder/issues/12
256 2012-05-30 18:00:33 <D34TH> yes.
257 2012-05-30 18:00:34 <D34TH> :D
258 2012-05-30 18:04:24 <D34TH> no such fild or directory
259 2012-05-30 18:04:25 <D34TH> D:
260 2012-05-30 18:04:30 <D34TH> time to search
261 2012-05-30 18:04:32 <D34TH> locate ftw
262 2012-05-30 18:04:45 <Diapolo> Are there development or commit holidays or any RC-phase I missed? It seems a bit to quiet currently ...
263 2012-05-30 18:04:54 <Diapolo> +o
264 2012-05-30 18:05:20 <sipa> hmm, commit holidays... sounds good!
265 2012-05-30 18:05:32 <sipa> Diapolo: no, not really
266 2012-05-30 18:05:33 <TD> it's summer
267 2012-05-30 18:05:38 <TD> things always slow down over the summer
268 2012-05-30 18:06:05 <Diapolo> I miss wumpus, as he is the only one merging GUI patches ... haven't seen him for quite some time now.
269 2012-05-30 18:19:07 <sipa> luke-jr: my largest complaint was "it's too complex", but I liked it; now, it's become even more complex it seems, and I don't feel confident enough to comment about it anymore
270 2012-05-30 18:19:12 <Diapolo> So, has anyone heard of him or not ;)?
271 2012-05-30 18:19:16 <wladston> I'm trying to implement double-spend protection on django-bitcoin. I could not find any documentation of what happens when bitcoind detects a double spend attempt or when the local blockchain is forked. Help ?
272 2012-05-30 18:19:35 <sipa> wladston: you can't really know
273 2012-05-30 18:19:56 <sipa> wladston: nodes only forwards transactions and blocks that are correct - a double spend attempt will not get relayed
274 2012-05-30 18:20:12 <wladston> sipa: you can probably listen double spend transaction propagating on the network, now ?
275 2012-05-30 18:20:17 <wladston> *now == no
276 2012-05-30 18:20:27 <sipa> yes, but in all likelyhood, it will not reach you anyway
277 2012-05-30 18:20:34 <sipa> other nodes will stop it before you
278 2012-05-30 18:20:54 <wladston> sipa: what is the likehood of it reaching me ? maybe it's worthy to care about
279 2012-05-30 18:21:14 <sipa> wladston: if someone sends it directly to you, it will reach you
280 2012-05-30 18:21:25 <sipa> otherwise, it probably won't
281 2012-05-30 18:21:37 <wladston> sipa: then how is a double spend executed ?
282 2012-05-30 18:21:50 <wladston> you mine your own block with the double spend transaction in ?
283 2012-05-30 18:21:52 <D34TH> oh god sipa, its checking target is up
284 2012-05-30 18:22:07 <sipa> if you want active double-spend monitoring, you'll need custom nodes listening for blocks/txn on various places in the network
285 2012-05-30 18:22:12 <D34TH> damn, error
286 2012-05-30 18:22:26 <D34TH> dafuq ssh?
287 2012-05-30 18:22:34 <sipa> what error?
288 2012-05-30 18:22:42 <D34TH> ssh: connect to host localhost port 2223: Connection refused
289 2012-05-30 18:22:43 <D34TH> 
290 2012-05-30 18:22:45 <D34TH> 
291 2012-05-30 18:22:47 <D34TH> 
292 2012-05-30 18:22:52 <sipa> D34TH: please use a pasting site
293 2012-05-30 18:22:56 <D34TH> sorry
294 2012-05-30 18:23:01 <D34TH> didnt think it would spam
295 2012-05-30 18:23:16 <sipa> 3-5 lines is typically considered a maximum
296 2012-05-30 18:23:28 <sipa> that said, i don't know what causes your problem here
297 2012-05-30 18:23:33 <D34TH> http://pastebin.com/uetZvYnY
298 2012-05-30 18:23:33 <luke-jr> sipa: it's as complex as it needs to be
299 2012-05-30 18:23:35 <wladston> sipa: ok. If I get attacked by the double spend, the transaction will just be stuck at 0 confirmation forever ? How can I know it's actually a double spend and not that the transaction didn't get included in any block ?
300 2012-05-30 18:23:37 <sipa> wladston: it always boils down to reverting part of the chain
301 2012-05-30 18:24:08 <sipa> wladston: currently, you can't using the current client
302 2012-05-30 18:24:27 <luke-jr> sipa: it got more complex due to security issues without the complexity
303 2012-05-30 18:24:27 <sipa> though detection of transactions that conflict with the blockchain is on my todo list
304 2012-05-30 18:24:38 <wladston> sipa: I wanted to find out how to detect a double spend, so I can revert it
305 2012-05-30 18:24:59 <wladston> sipa: it's impossible to know you were victim of a double spend ?
306 2012-05-30 18:25:10 <sipa> wladston: if you are, it's too late
307 2012-05-30 18:25:13 <luke-jr> wladston: correct
308 2012-05-30 18:25:18 <luke-jr> sipa: not always
309 2012-05-30 18:25:51 <wladston> ok, what if I wait six blocks ? how to know that previous transaction with zero-confirmations is a double spend ?
310 2012-05-30 18:26:16 <sipa> wladston: if you wait six blocks, an attackers has to revert 6 blocks to do a double spend
311 2012-05-30 18:26:17 <luke-jr> wladston: your transaction can't be confirmed any more than the previous ones
312 2012-05-30 18:27:22 <gmaxwell> wladston: in the future the confirmation count will become negative.
313 2012-05-30 18:27:23 <sipa> luke-jr: i know there were reasons for the complexity, but i can't judge its necessity anymore
314 2012-05-30 18:27:29 <wladston> sipa, luke-jr: maybe I have to study more about bitcoind
315 2012-05-30 18:27:37 <wladston> I can't follow you
316 2012-05-30 18:27:58 <wladston> gmaxwell: in the future, not in the current client, right ?
317 2012-05-30 18:28:09 <sipa> wladston: in a future version of the client
318 2012-05-30 18:28:15 <gmaxwell> Correct. It will just show 0 forever, and you can't easily tell that it will never confirm.
319 2012-05-30 18:28:49 <sipa> wladston: if you accept a payment at 0 confirmations, someone just has to get a conflicting transaction at one confirmation to make sure your 0-conf never confirms
320 2012-05-30 18:29:09 <wladston> gmaxwell: isn't there a way to look for a transaction using the same inputs already in the blockchain ?
321 2012-05-30 18:29:24 <gmaxwell> Not exposed to the user.
322 2012-05-30 18:29:25 <TD> it can be done. bitcoinj has a concept of a "dead" transaction
323 2012-05-30 18:29:28 <sipa> wladston: if you accept a payment at 6 confirmations, someone has to create 7 blocks that conflict with the existing 5 blocks in the chain that confirm your transactions
324 2012-05-30 18:29:35 <TD> which is exposed to users in clients like Android Wallet (they go red, iirc)
325 2012-05-30 18:29:46 <TD> satoshis code doesn't try to separate it from the pending case
326 2012-05-30 18:29:57 <wladston> sipa:  I understand that. what I want is to detect a "dead" transaction
327 2012-05-30 18:30:02 <sipa> TD: good that BitcoinJ does that
328 2012-05-30 18:30:32 <gmaxwell> TD: I assume you also handle a reorg bringing it back?
329 2012-05-30 18:30:32 <sipa> i implemented that once for 0.3.23, but never completed it, and by now, it would be completely unmergable
330 2012-05-30 18:30:36 <TD> gmaxwell: yes
331 2012-05-30 18:30:37 <TD> indeed
332 2012-05-30 18:31:02 <wladston> sipa: git rebase ? :)
333 2012-05-30 18:31:19 <gmaxwell> What we'd talked about was using the height of the first conflict to make the confirms field go negative. Which the gui could display as red or whatever.
334 2012-05-30 18:31:25 <TD> wladston: what is the higher level goal you want to accomplish? could you use a separate library for it, or does it have to be bitcoin-qt?
335 2012-05-30 18:32:05 <wladston> TD: no, I'm using django-bitcoin directly with bitcoind. No need for bitcoin-qt
336 2012-05-30 18:32:25 <wladston> I just wanted to accept zero-confirmations
337 2012-05-30 18:32:36 <wladston> and know when to block double spends
338 2012-05-30 18:32:47 <wladston> as I can be sure it was really a double spend.
339 2012-05-30 18:32:56 <sipa> if you accept a double spend, it will be too late to revert it
340 2012-05-30 18:33:28 <sipa> sorry, if you accept a 0-conf transactions, it will be too late for you once someone reverts it
341 2012-05-30 18:33:40 <gmaxwell> You can't safely accept zero confirmations unless you have a way to capture the theif or reverse your acceptance.
342 2012-05-30 18:34:49 <wladston> sipa: Imagine a store delivering goods. You can confirm the payment at zero confirmations, but cancel the delivery (calling the truck and not letting he deliver the package) if you detect the transaction is a double spend.
343 2012-05-30 18:35:08 <wladston> what I need is that part, to detect the double spend
344 2012-05-30 18:35:46 <gmaxwell> wladston: just check the confirm count at some time after. if it's still zero, abort.
345 2012-05-30 18:36:30 <gmaxwell> wladston: the problem with what you're asking for is that the attacker can always delay the double spend until its too lat.e
346 2012-05-30 18:36:32 <wladston> gmaxwell: hummm interesting. how much time until I can be sure it's a double spend?
347 2012-05-30 18:37:01 <sipa> at once confirmation, it's hard to revert
348 2012-05-30 18:37:05 <gmaxwell> So you can't use the detection of it for what you want you can only use the detection of confirms on the good txn to know a double spend is no longer possible.
349 2012-05-30 18:37:13 <sipa> at 6 confirmations, it's assumed to be impossible
350 2012-05-30 18:37:20 <TD> wladston: you'd just check whenever the truck is about to leave
351 2012-05-30 18:37:28 <gmaxwell> And what sipa says.
352 2012-05-30 18:38:01 <sipa> i'm sure there are people in this channel with the ability to revert a 1-conf transaction with some reasonable but small probability
353 2012-05-30 18:38:16 <wladston> the thing is that the truck leaves immediately  as if it were a pizza delivery
354 2012-05-30 18:38:23 <gmaxwell> And once the first confirmation happens you'll have six confirmations in an hour. ... though for a delivery truck I propose a different approach: just tell the driver to go and beat them up or something. :)
355 2012-05-30 18:38:44 <gmaxwell> I mean, for something like that the risk of theft is low because your ability to go catch the theives is high.
356 2012-05-30 18:39:25 <wladston> in my specific case, I accept bitcoins and let people ask questions on my site using them.
357 2012-05-30 18:39:39 <sipa> and what can they win?
358 2012-05-30 18:39:44 <wladston> I want to detect double spends, and cancel the questions created with them
359 2012-05-30 18:40:11 <sipa> just block/delete their accounts if their balance goes negative
360 2012-05-30 18:40:28 <TD> yeah
361 2012-05-30 18:40:34 <TD> or temporarily hide any questions where the payments are at confirms=0
362 2012-05-30 18:40:54 <wladston> sipa: but the double spend transaction will still count on the guy's balance
363 2012-05-30 18:41:17 <wladston> TD: that would be an option
364 2012-05-30 18:41:36 <sipa> wladston: if you use bitcoind's accounts feature, you can keep track of every user's balance, and if incoming payments get reverted, their balances is decreased accordingly
365 2012-05-30 18:41:55 <wladston> sipa: humm, interesting
366 2012-05-30 18:42:26 <sipa> i has to learns english conjugations, it seems
367 2012-05-30 18:43:14 <wladston> don't say that to me :) I'm not a native language speaker
368 2012-05-30 18:43:29 <sipa> neither am i
369 2012-05-30 18:44:10 <wladston> ok, so I'll study django-bitcoin a bit more now ( I didn't write it, jeremias did)
370 2012-05-30 18:44:12 <TD> i am, and i routinely mangle english worse :)
371 2012-05-30 18:45:39 <wladston> thanks for all the help :)
372 2012-05-30 18:49:54 <luke-jr> gmaxwell: he might be willing to accept the risk of double spend, but still want to cancel orders if he finds out before they ship
373 2012-05-30 18:50:10 <gribble> New news from bitcoinrss: sipa opened pull request 1399 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/pull/1399>
374 2012-05-30 18:50:27 <gmaxwell> luke-jr: sure but just look for confirms before they ship
375 2012-05-30 18:50:43 <luke-jr> gmaxwell: and your delivery driver can't make a citizen's arrest without knowing for sure it's a double spend (and not just slow to confirm)
376 2012-05-30 18:50:57 <luke-jr> gmaxwell: they might be willing to take the risk, though!
377 2012-05-30 18:51:07 <gmaxwell> fair enough, but still the attacker will just delay the identification.
378 2012-05-30 18:51:23 <luke-jr> big difference between taking a risk, and shipping goods that you (can) know will never be paid for
379 2012-05-30 18:51:38 <wladston> luke-jr: exactly
380 2012-05-30 18:51:47 <wladston> gmaxwell: yes
381 2012-05-30 18:52:03 <luke-jr> especially if there's insurance involved
382 2012-05-30 18:52:15 <luke-jr> if you ship goods after it's double-spent, the insurance company isn't going to be too happy
383 2012-05-30 18:52:32 <wladston> the truck case was just a figurative way to explain my problem, btw :)
384 2012-05-30 18:52:38 <gmaxwell> meh. At the moment you can't tell. I agree the software should be smarter.
385 2012-05-30 18:54:41 <gmaxwell> luke-jr: there are just a lot of ways you can make a confirmation stay at zero confirms. E.g. use a output <0.01 and no fee.
386 2012-05-30 18:54:57 <luke-jr> gmaxwell: sure
387 2012-05-30 18:55:18 <luke-jr> gmaxwell: notably, bitcoind won't display those tho
388 2012-05-30 18:58:37 <wladston> I'll store the block number the moment I receive the transaction
389 2012-05-30 18:58:49 <wladston> then compare it to the current block
390 2012-05-30 18:59:18 <wladston> if the difference is > 3, that transaction can be confirmed as a double spend that will never confirm.
391 2012-05-30 18:59:21 <wladston> right guys ?
392 2012-05-30 18:59:38 <wladston> (considering the transaction got zero confirmations)
393 2012-05-30 19:00:17 <wladston> in this case I'll ban the user, and report his ip/email/whatever else to the community
394 2012-05-30 19:05:10 <gmaxwell> No.
395 2012-05-30 19:05:26 <gmaxwell> There is no promise that the next couple blocks will mine the transaction. Though they usually will.
396 2012-05-30 19:05:37 <gmaxwell> I said before there is no way to tell with the current stuff.
397 2012-05-30 19:09:27 <wladston> gmaxwell: well, how many blocks/time until we can be certain ?
398 2012-05-30 19:10:01 <wladston> I know the next couple blocks can just not include some transaction. but 3 in a row not including it would be too much, no ?
399 2012-05-30 19:10:33 <doublec> if three pools that don't accept transactions in blocks win three in a row then it'll happen for example
400 2012-05-30 19:11:00 <gmaxwell> No, you can never be sure of that. It becomes less likely but there are miners with oddball rules that only mine a block rarely.
401 2012-05-30 19:11:23 <wladston> doublec: what is the value of n, for the likehood of that happening for n blocks in a row be zero ?
402 2012-05-30 19:11:32 <sipa> wladston: infinity
403 2012-05-30 19:11:37 <wladston> :O
404 2012-05-30 19:11:49 <wladston> sipa, ok 10^-5
405 2012-05-30 19:12:04 <gmaxwell> Nodes don't all enforce the same rules.
406 2012-05-30 19:12:35 <doublec> can't you just monitor the transaction and if the confirmations ever are zero then hide/delete/stop the user in some way
407 2012-05-30 19:13:17 <wladston> doublec: yeah, that's what I want to do. But how much time do I have to wait ? 1 hour ? 1 day ?
408 2012-05-30 19:13:33 <gmaxwell> I mine a block about a block a week, if my rules were non-standard and more permissive than the defaults, then I might manage to mine a week old txn.
409 2012-05-30 19:13:46 <gmaxwell> wladston: just hide it whenever its zero.
410 2012-05-30 19:13:56 <doublec> right
411 2012-05-30 19:14:21 <doublec> polling every transaction to get the confirmation count could be a pain though so you might need to be smarter there
412 2012-05-30 19:14:29 <wladston> gmaxwell, doublec: providing instant availability to users is something I think has value &
413 2012-05-30 19:14:49 <gmaxwell> wladston: sure, make it appear available to the user but no one else.
414 2012-05-30 19:14:55 <doublec> wladston: think of the delay as 'anti spam'
415 2012-05-30 19:15:12 <doublec> wladston: it'll stop users from spamming tons of questions that appear for a while at zero conf
416 2012-05-30 19:15:50 <wladston> doublec, gmaxwell: considering the transaction is valid, it will still show after some time, so that would not control spam ....
417 2012-05-30 19:16:53 <doublec> wladston: isn't it easy to send a zero-conf transaction that'll never confirm though?
418 2012-05-30 19:17:42 <wladston> doublec: I have no idea if it's easy or not
419 2012-05-30 19:17:51 <doublec> wladston: eg, use an input that's from a transactoin i've never broadcast
420 2012-05-30 19:17:51 <wladston> I would not be able to pull that off
421 2012-05-30 19:18:08 <gmaxwell> doublec: Yes. Though I'm not sure if those show up in the wallet.
422 2012-05-30 19:18:23 <doublec> ah ok
423 2012-05-30 19:18:30 <sipa> they don't
424 2012-05-30 19:18:35 <sipa> those are orphan transactions
425 2012-05-30 19:19:44 <TD> wladston: for something like a questions site, you can assume a transaction is valid if you hear about it from several peers you randomly chose yourself
426 2012-05-30 19:19:58 <TD> wladston: there are still attacks on such a scheme but probably they aren't worth it for defrauding a Q&A site
427 2012-05-30 19:20:08 <TD> especially if the content gets hidden on completion of the attack
428 2012-05-30 19:21:31 <wladston> TD: the problem is if the attacker manages to withdraw the funds from other txs
429 2012-05-30 19:21:40 <wladston> whops, other inputs
430 2012-05-30 19:21:42 <wladston> that are valid
431 2012-05-30 19:21:45 <gmaxwell> I think thats generally bad advice, but for something like a QA site (where the cost of fraud is low) its fine.
432 2012-05-30 19:22:12 <TD> wladston: i don't see what you mean
433 2012-05-30 19:22:18 <gmaxwell> wladston: simply lock accounts against all withdraws until every payment they've ever made has 6+ confirms.
434 2012-05-30 19:22:35 <wladston> gmaxwell: that's one part.
435 2012-05-30 19:22:39 <gmaxwell> so even if they can rip you off for a QA posting, whoptie do.
436 2012-05-30 19:23:02 <wladston> gmaxwell: how to detect that there is a question with bad credit ?
437 2012-05-30 19:23:20 <wladston> I can avoid the money not going out by checking the confirmations, ok
438 2012-05-30 19:23:29 <wladston> but I can't "detect" the problem
439 2012-05-30 19:23:32 <sipa> keep a balance per question or per user?
440 2012-05-30 19:23:42 <wladston> sipa: per question and per user
441 2012-05-30 19:23:44 <sipa> as a separate account in bitcoin
442 2012-05-30 19:24:22 <TD> you mean without polling every account?
443 2012-05-30 19:24:25 <doublec> where does the coins to withdraw come from? Their own deposits, or other usres?
444 2012-05-30 19:24:28 <gmaxwell> TD: I don't know why you keep promoting the 'hear about it from several peers you randomly chose yourself' even after that approach was pretty completely devistated in that paper.
445 2012-05-30 19:24:49 <gmaxwell> (I mean, its fine here because nothing of value is lost by posting a QA question but generally its not good advice)
446 2012-05-30 19:25:08 <wladston> doublec: I don't know how bitcoind handles that &
447 2012-05-30 19:25:09 <TD> the paper assumed you could surround the node
448 2012-05-30 19:25:14 <TD> partially surround
449 2012-05-30 19:25:35 <sipa> wladston: coins are always shared
450 2012-05-30 19:26:00 <sipa> wladston: but you can keep a separate input balance per whatever you like, and assign each address to a balance
451 2012-05-30 19:26:00 <wladston> I want to make the whole system super safe, in the future I want to operate using credit cards
452 2012-05-30 19:26:04 <doublec> wladston: I mean on your site. How do users end up with a balance? Are they earning coins or is it stritly from their own deposits?
453 2012-05-30 19:26:19 <wladston> sipa: that's what I'm doing (afaik)
454 2012-05-30 19:26:21 <doublec> if the latter you can make the withdrawl's inputs be the initial deposit
455 2012-05-30 19:26:33 <gmaxwell> You can totally isolate nodes without doing anything too extraordinary.  I can spin up 40000 'nodes' via a botnet, and then you'll be overwhelmingly likely to connect to all me. For example.
456 2012-05-30 19:26:38 <doublec> so if the deposit is reversed, so is their withdraw
457 2012-05-30 19:26:42 <wladston> doublec: they earn coins from questions or external transactions.
458 2012-05-30 19:28:14 <gmaxwell> TD: someone used something like 100 distinct botnet IPs just to flood #bitcoin-otc for the lulz today.
459 2012-05-30 19:28:41 <wladston> the problem turned out to be way harder than I expected  detecting a double spend.
460 2012-05-30 19:29:08 <wladston> I wanted to do something like this : http://blockchain.info/double-spends
461 2012-05-30 19:29:17 <gmaxwell> They're not as detectable as you seem to expect. Before they're mined they're not even forwarded.
462 2012-05-30 19:30:42 <TD> ok, by "randomly chose" i mean "chose amongst a set of reasonable choices", ie, nodes that did not appear in the last 10 minutes. so raise the bar. open up some long lived connections to nodes that seem to stick around for a while. after a week or so, launch your site
463 2012-05-30 19:31:31 <TD> if somebody is willing to bring up lots of fake nodes, and keep them around for a long period of time (which isn't so trivial given you are fighting AV companies), in order to do a double spend, and nobody notices all these fake nodes and warns merchants
464 2012-05-30 19:31:35 <TD> then it's unsafe
465 2012-05-30 19:32:38 <TD> but with a 40k botnet why not just outrun the chain? there are other ways to double spend if you control a ton of machines
466 2012-05-30 19:34:12 <gmaxwell> because 40k random windows pcs don't outrun the chain.
467 2012-05-30 19:34:34 <TD> i "promote" this (ie have implemented it) because it was easy to do and provides better assurances than today at minimal cost, but sure, if you can force your target to connect to a separate network you can do all sorts of things. like DoS them into submission.
468 2012-05-30 19:35:21 <TD> depends on the machines, right. upload something to bittorrent that claims to be a crack for the latest game before a real one comes out and you can get a bunch of machines with high-end GPUs
469 2012-05-30 19:35:58 <gmaxwell> I don't mean "have implemented it" as promoting it, I mean you've kept updating FAQ pages on the wiki to instruct people that it was safe to accept unconfirmed transactions, you just advised wladston here as much too.
470 2012-05-30 19:36:10 <TD> i haven't touched the FAQ in months
471 2012-05-30 19:36:28 <TD> and wladston is looking for a solution that exists today, for a Q&A site.
472 2012-05-30 19:36:43 <TD> i think if you pick some nodes that were around for a while and see what proportion of them relay, that's plenty safe enough
473 2012-05-30 19:36:46 <gmaxwell> Which people can withdraw money from.
474 2012-05-30 19:36:47 <TD> for what he wants to do
475 2012-05-30 19:37:16 <wladston> It doesn't need to be complex  I just want to know when it happened, after some time has passed.
476 2012-05-30 19:37:24 <gmaxwell> YOU CANT
477 2012-05-30 19:37:28 <wladston> It's not the vending-machine case
478 2012-05-30 19:37:55 <gmaxwell> wladston: it is if you let people withdraw money.
479 2012-05-30 19:38:31 <TD> for withdrawls you could presumably just send back the same coins you originally received
480 2012-05-30 19:38:36 <wladston> gmaxwell: for the double spend, if you see the same txins in the blockchain, you can be 100% sure that your transaction is a dead double spend, no ?
481 2012-05-30 19:38:43 <TD> if the inbound coins got double-spent away that'd automatically invalidate the withdrawl
482 2012-05-30 19:38:45 <gmaxwell> I put 1000 BTC on my QA account. Oops I deposited too much, withdraw.  Opps looks like I just finny attacked the original payment, I ought to not keep multiple copies of my wallet.
483 2012-05-30 19:39:21 <sipa> wladston: not the same ones but conflicting ones - yes
484 2012-05-30 19:39:28 <gmaxwell> TD: yea, great, now you're asking a simple Q&A site to create complex machinery to track inputs and such.
485 2012-05-30 19:40:06 <sipa> wladston: and detecting that is not yet implemented, but it is planned
486 2012-05-30 19:40:31 <wladston> sipa: sure. I wanted to have a simple workaround while that feature isn't out
487 2012-05-30 19:40:32 <luke-jr> gmaxwell: care to merge gmp_bip? :p
488 2012-05-30 19:40:33 <TD> satoshidice does this. it's not as easy as it could be, but it's certainly do-able. i'm not sure what your proposed alternative is? don't use bitcoin? always wait for 6 blocks?
489 2012-05-30 19:41:15 <gmaxwell> TD: don't allow withdraws for six blocks after the last deposit.
490 2012-05-30 19:41:34 <wladston> my site would be secure, becase I could do what gmaxwell is saying
491 2012-05-30 19:42:01 <wladston> the problem now is to make it valid  I need to find and block double spenders and the questions they create
492 2012-05-30 19:42:13 <sipa> gmaxwell: in the future, i expect two classes of interfaces to the bitcoin network will appear - one using forever-accepted deposits when they confirm or insured by a third party, and a second more direcly interacting with bitcoin's intricacies(?)
493 2012-05-30 19:42:23 <gmaxwell> TD: do you know why satoshidice was producing chains of tens of thousands of orphans last week?
494 2012-05-30 19:42:34 <gmaxwell> (kind of a random question)
495 2012-05-30 19:42:39 <wladston> gmaxwell: why  ?
496 2012-05-30 19:43:16 <gmaxwell> wladston: why what?
497 2012-05-30 19:43:31 <wladston> """why satoshidice was producing chains of tens of thousands of orphans last week? """
498 2012-05-30 19:43:36 <gmaxwell> oh I don't know, seemed like he knows something about how that site operates.
499 2012-05-30 19:43:44 <gmaxwell> I thought it was a DOS attack on bitcoin.
500 2012-05-30 19:43:46 <luke-jr> isn't it open source?
501 2012-05-30 19:43:47 <wladston> ahm k
502 2012-05-30 19:44:14 <TD> gmaxwell: no clue. he uses my code but it's heavily, heavily forked
503 2012-05-30 19:44:29 <TD> it's open source yes
504 2012-05-30 19:44:31 <TD> well i mean some of it is
505 2012-05-30 19:44:36 <gmaxwell> luke-jr: ah, wasn't aware of that. Also not sure that I want to do code reviews for gambling sites anymore.
506 2012-05-30 19:44:37 <TD> not sure about the web ui and stuff
507 2012-05-30 19:44:38 <wladston> will need to drive home now & on the way back I'll try to think what I can do to find if a transaction is a dead one
508 2012-05-30 19:45:05 <luke-jr> gmaxwell: how is gmp_bip related to gambling sites? O.o
509 2012-05-30 19:45:18 <TD> wladston: as i said, bitcoinj + bitcoind can call an event handler in your code if a tx goes dead. if you want to do it purely in python, it might be tougher.
510 2012-05-30 19:45:43 <gmaxwell> luke-jr: I was responding to 'isn't it open source?
511 2012-05-30 19:45:46 <luke-jr> o
512 2012-05-30 19:46:12 <wladston> TD: bitcoinj can run as daemon ? interesting, let me check that
513 2012-05-30 19:46:14 <TD> http://code.google.com/r/fireduck-magicpony/source/browse
514 2012-05-30 19:46:20 <TD> wladston: it's a library. you can run it however you want.
515 2012-05-30 19:46:22 <luke-jr> wladston: it's a Java library&
516 2012-05-30 19:46:33 <wladston> oh
517 2012-05-30 19:46:36 <TD> the satoshidice fork of bitcoinj is there. the commit messages are not particularly descriptive
518 2012-05-30 19:47:02 <TD> he's added storage backends for amazon dynamo and stuff
519 2012-05-30 19:47:38 <wladston> it would take me months to integrate that with django, I think ...
520 2012-05-30 19:47:49 <wladston> maybe because It's been some years I don't do java
521 2012-05-30 19:48:02 <TD> he's also implemented a way to control the tx creation process such that only specific outputs are considered. it seems like a  good feature. you can do it today by creating multiple Wallet objects, but then you can *only* use the same outputs sent to you. it'd be nice to have the option of both.
522 2012-05-30 19:48:04 <Matt_von_Mises> I've definitely sorted out the serialisation. I'm using references of the byte array but don't worry since integers are converted. Example: https://github.com/MatthewLM/cbitcoin/blob/master/cbitcoin/src/structures/CBObject/CBMessage/CBTransactionInput/CBTransactionInput.c#L122
523 2012-05-30 19:49:03 <wladston> anyone here familiar with bitcoinj source ? maybe I can copy the specific dead transaction code
524 2012-05-30 19:49:10 <TD> i wrote it
525 2012-05-30 19:49:11 <wladston> into the python lib
526 2012-05-30 19:49:25 <wladston> TD: oh, that's awesome, congratulations :)
527 2012-05-30 19:49:34 <wladston> TD:  could you help my with this ?
528 2012-05-30 19:49:35 <TD> it's very intimately linked into tracking the block chain and the wallet code, for obvious reasons. it's not something you can just copy into something that RPCs to bitcoind
529 2012-05-30 19:49:50 <TD> i'd just go with checking if confirms == 0
530 2012-05-30 19:50:06 <wladston> TD: hmm, k & could you point me to the part of the code that does that ?
531 2012-05-30 19:50:29 <wladston> TD: confirms can get < 0 ??
532 2012-05-30 19:50:35 <TD> no
533 2012-05-30 19:51:02 <TD> as we told you, if a tx is double spent away it sits at confirms == 0 forever in satoshis code
534 2012-05-30 19:51:04 <TD> http://code.google.com/p/bitcoinj/source/browse/core/src/main/java/com/google/bitcoin/core/Wallet.java
535 2012-05-30 19:51:26 <TD> look in that file for dead. like i said, it's probably not going to help you
536 2012-05-30 19:51:45 <wladston> TD: ahn, ok. Then we're back to the issue of how much time it takes since we can be at last 99.9% sure it was a double spend...
537 2012-05-30 19:52:08 <wladston> TD:  thanks :)
538 2012-05-30 19:52:30 <gmaxwell> wladston: I want to stab you.
539 2012-05-30 19:52:33 <gmaxwell> Just so you know.
540 2012-05-30 19:52:38 <gmaxwell> :)
541 2012-05-30 19:53:03 <wladston> gmaxwell: why ??
542 2012-05-30 19:53:28 <gmaxwell> Becuase you're just looping the disucssion. You CAN NOT do what you want with the current bitcoin reference code.
543 2012-05-30 19:53:45 <gmaxwell> There is _NO_ amount of waiting when you know that something at zero is zero because it's double spent.
544 2012-05-30 19:53:45 <wladston> gmaxwell: I'm not doing it on purpose!
545 2012-05-30 19:54:10 <gmaxwell> It could just be some dimbulb with a modified client sent you a txn with inadequate fees and it's going to take a week to confirm.
546 2012-05-30 19:54:35 <wladston> gmaxwell: got it.
547 2012-05-30 19:55:01 <wladston> gmaxwell: the way out really is the dead transaction lookup as seen in bitcoinj code.
548 2012-05-30 19:55:22 <TD> that isn't implemented in bitcoind
549 2012-05-30 19:55:25 <sipa> yes, and that should be implemented in bitcoind too
550 2012-05-30 19:55:33 <sipa> but for now, it isn't
551 2012-05-30 19:55:54 <wladston> sipa: any idea on how much time it could that for that to be included there ?
552 2012-05-30 19:56:10 <wladston> maybe I can postpone zero-confirmation acceptance
553 2012-05-30 19:56:27 <sipa> i don't dare to make a promise for that
554 2012-05-30 19:56:32 <sipa> maybe 0.8
555 2012-05-30 19:56:51 <wladston> sipa:  so maybe like a year
556 2012-05-30 19:56:53 <gmaxwell> It shouldn't be too complicated.. though the simple way of doing it could create performance problems when you have lots of unconfirms.
557 2012-05-30 19:56:59 <TD> http://bitcoincard.org/product.php
558 2012-05-30 19:57:02 <TD> hmm interesting
559 2012-05-30 19:57:13 <gmaxwell> (simply every time you check the height of an unconfirmed txn, check the index for its parents being spent)
560 2012-05-30 19:57:18 <sipa> it's not hard, just keeping an extra few indexes to track wallet inputa
561 2012-05-30 19:57:23 <sipa> *inputs
562 2012-05-30 19:58:02 <sipa> wladston: hopefully not a year!
563 2012-05-30 19:58:28 <wladston> TD: really nice site
564 2012-05-30 19:58:30 <TD> assuming it's not vaporware
565 2012-05-30 19:58:49 <TD> except they provide a video and sample transactions ...
566 2012-05-30 19:59:53 <wladston> ok, so driving back home now &.
567 2012-05-30 20:00:05 <wladston> thanks for all the help, the problem is way clearer for me now
568 2012-05-30 20:00:35 <wladston> will study bitcoind and its api in further detail when I get home...
569 2012-05-30 20:01:28 <sipa> my crawler crashed :(
570 2012-05-30 20:01:36 <sipa> no... it just exited
571 2012-05-30 21:41:20 <luke-jr> wow
572 2012-05-30 21:41:32 <luke-jr> caching transaction sizes seems to have made a HUGE difference
573 2012-05-30 21:41:37 <luke-jr> this might even perform better than git master now
574 2012-05-30 21:50:12 <luke-jr> oh oops, forgot to disable the gmp cache
575 2012-05-30 22:19:07 <gribble> New news from bitcoinrss: dscotese opened issue 1400 on bitcoin/bitcoin <https://github.com/bitcoin/bitcoin/issues/1400>
576 2012-05-30 22:29:04 <Joric> lol, uploaded https://addons.mozilla.org/en-US/firefox/addon/mtgox-ticker/ they say 3 days
577 2012-05-30 22:29:16 <Joric> got 2 btc for it!