1 2012-10-05 00:01:40 <jaxtr> sup broguana
  2 2012-10-05 00:42:08 <gmaxwell> http://swtch.com/r.tar.gz
  3 2012-10-05 01:09:16 <bcb> getting "code":-22,"message":"TX rejected"
  4 2012-10-05 01:09:40 <bcb> trying to send rawtranswaction after completing multisig escrow transaction
  5 2012-10-05 01:09:59 <bcb> sendrawtransaction
  6 2012-10-05 01:10:45 <gmaxwell> look in debug.log and see if you see why?
  7 2012-10-05 01:11:08 <gmaxwell> does it violate the fee rules? is it complete (fully signed) and locked?
  8 2012-10-05 01:12:27 <bcb> checking
  9 2012-10-05 01:14:55 <bcb> not enough fees
 10 2012-10-05 01:15:24 <bcb> gmaswell: is that set at time of transaction or in the client
 11 2012-10-05 01:16:25 <gmaxwell> it's part of the transaction??? fees are input coin you don't output.
 12 2012-10-05 01:16:46 <gmaxwell> any idea why it's insufficient fees? do you have an output less than 0.01?
 13 2012-10-05 01:16:59 <bcb> in .conf?
 14 2012-10-05 01:17:33 <gmaxwell> The fees are part of the transaction. Fees exist when the input value is greater than the sum of the output values.
 15 2012-10-05 01:17:50 <bcb> paytxfee=0.01
 16 2012-10-05 01:17:50 <gmaxwell> There is no setting when you're making transactions with the raw transaction API...
 17 2012-10-05 01:18:25 <gmaxwell> Since the transaction is exactly as you've specified it.
 18 2012-10-05 01:19:11 <bcb> output is 1
 19 2012-10-05 01:20:43 <gmaxwell> and the inputs are confirmed already?
 20 2012-10-05 01:21:34 <gmaxwell> How big is the transaction?
 21 2012-10-05 01:21:43 <gmaxwell> (how many characters is the raw hex?)
 22 2012-10-05 01:21:46 <bcb> gmaxwell: not sure this is only second attemp
 23 2012-10-05 01:21:49 <bcb> 1 btc
 24 2012-10-05 01:23:55 <bcb> gmaswell:170
 25 2012-10-05 01:23:56 <gmaxwell> echo HEX | wc
 26 2012-10-05 01:24:48 <bcb> 1 1 4
 27 2012-10-05 01:26:17 <gmaxwell> I didn't mean HEX litteraly but the hex txn.. but you say its 170? that sounds too small.
 28 2012-10-05 01:26:48 <bcb> 385
 29 2012-10-05 01:26:59 <bcb> 170 is strlen
 30 2012-10-05 01:27:48 <gmaxwell> 170 byte hex is 85 bytes of data. Thats too small to be a complete transaction.
 31 2012-10-05 01:28:26 <gmaxwell> (or at lest I think the smallest you can get is 90some bytes)
 32 2012-10-05 01:29:55 <bcb> this signrawtransaction hex output is the same as the input
 33 2012-10-05 01:30:25 <gmaxwell> can you share the hex with me?
 34 2012-10-05 01:30:45 <bcb> 010000000139f78ddc55c5c65656d917a598dcbfaafc60b39cd9b0c9f4d847d34a3392ad530000000000ffffffff0100e1f505000000001976a914550501c59f51ab5110f4636354d0dc7ced590cbf88ac00000000
 35 2012-10-05 01:31:36 <gmaxwell> it's not signed.
 36 2012-10-05 01:32:17 <lianj> right, https://pastee.org/jv7v
 37 2012-10-05 01:34:43 <lianj> also, "n":0 should be 1 if you want to redeem the 1btc output
 38 2012-10-05 01:42:12 <bcb> lianj: nice (incoming transaction!)
 39 2012-10-05 01:43:00 <lianj> so it works now?
 40 2012-10-05 01:44:05 <bcb> lianj: yes i recreated the rawtransaction changing vout:0 to vout:1
 41 2012-10-05 01:46:34 <bcb> so I guess I was trying to sign and empty transaction
 42 2012-10-05 01:46:39 <bcb> what exactly is vout
 43 2012-10-05 01:47:03 <doublec> doing a "bitcoind stop" I got a DB exception in debug.log of "what():  DbEnv::remove: Device or resource busy"
 44 2012-10-05 01:47:20 <doublec> which seems a  bit odd
 45 2012-10-05 01:49:47 <bcb> doublec: did you change your .conf params while is was running?
 46 2012-10-05 01:50:38 <doublec> bcb: no, I'd started it 20 minutes ago and then stopped it
 47 2012-10-05 01:50:48 <doublec> I just noticed it's an old bitcoind though (6.3) so I'll update
 48 2012-10-05 01:57:29 <bcb> lianj:how did you unpack that hex string
 49 2012-10-05 01:58:39 <lianj> first line in the paste
 50 2012-10-05 02:32:02 <jgarzik> gmaxwell: cute tarball
 51 2012-10-05 02:32:42 <jgarzik> ByteCoin mentions some security fun, https://bitcointalk.org/index.php?topic=8392.msg1246511#msg1246511
 52 2012-10-05 02:34:37 <gmaxwell> The malleability of transactions is well known and has been discussed many times. As far as I can tell there is absolutely nothing about the S flip vs any other kind of signature change.
 53 2012-10-05 02:42:58 <kjj_> the OpenSSL library isn't transparent enough for us to tell the different signatures apart, right?
 54 2012-10-05 02:44:00 <kjj_> as in, if we have X and Y, we have no way to know if it was (r,s) or (r,-s%N) ?
 55 2012-10-05 02:44:58 <gmaxwell> sipa pointed out that you can check the even/oddness of s.
 56 2012-10-05 02:45:33 <kjj_> next question is...  do we care enough?
 57 2012-10-05 02:46:25 <gmaxwell> kjj_: it's just another kind of malleability, we're currently in the process of closing those down. (first by making them non-standard; this is being slowed a little by the fact that programs that produced weird forms had been somewhat widely deployed)
 58 2012-10-05 02:46:46 <kjj_> yeah, that's where I was going with it
 59 2012-10-05 02:47:13 <gmaxwell> Though I think we have the guilty parties identified and fixed now.
 60 2012-10-05 02:47:25 <kjj_> oh?
 61 2012-10-05 02:48:54 <gmaxwell> blockchain.info and armory were the largest ones it appeared.
 62 2012-10-05 02:49:11 <kjj_> what were they doing that was wrong?
 63 2012-10-05 02:49:42 <kjj_> just emitting signatures differently from the ones that openssl generates?
 64 2012-10-05 02:51:32 <gmaxwell> too late to remember which was which. :P But yes, I think one of them just had a bunch of zeros stuffed on the end??? an invalid encoding, but one openssl took.
 65 2012-10-05 02:52:05 <kjj_> heh.  be generous in what you accept, and stingy with what you emit.
 66 2012-10-05 02:53:00 <gmaxwell> yea, this is now regarded as a bad idea in protocol design in many circles. Having resulted in a total @#$@#@ mess with the webbrowsers.
 67 2012-10-05 02:53:16 <kjj_> yeah, old habits die hard
 68 2012-10-05 02:53:21 <gmaxwell> And in cryptographic protocols these that kind of tolerance ends up turning into security holes and dos attacks.
 69 2012-10-05 02:54:37 <kjj_> what was the quote?  something about no standards prevent you from embedding a multi-gigabyte MPEG into most fields in X.509 certs...
 70 2012-10-05 02:58:57 <kjj_> but, are we sure that we can identify and bless one specific signature out of the many possible?
 71 2012-10-05 03:06:45 <jgarzik> no, it's just (a) age and/or (b) very busy
 72 2012-10-05 03:06:57 <jgarzik> we're all young and have plenty of time to waste on the intarweb
 73 2012-10-05 03:08:00 <jgarzik> er, oops.  wrong channel.
 74 2012-10-05 04:08:16 <jgarzik> ACTION looks around for luke-jr.  gone?  excess flood?  good.
 75 2012-10-05 04:08:38 <jgarzik> ACTION admits pondering pynode requiring python 3.3, well above its current 2.x
 76 2012-10-05 04:09:11 <jgarzik> python 3.3 supports os.sendfile natively, which would enable my optimization
 77 2012-10-05 04:09:25 <jgarzik> for sending wire-format block messages straight from disk
 78 2012-10-05 04:33:00 <jgarzik> amiller: BTW if leveldb turns out to be highly efficient, we can reduce the size of the block cache in pynode, which currently takes up many hundreds of megabytes
 79 2012-10-05 04:33:20 <jgarzik> just rely on OS pagecache
 80 2012-10-05 04:34:12 <jgarzik> amiller: it is also worth benchmarking storage of python objects directly, via cPickle
 81 2012-10-05 04:34:30 <jgarzik> rather than a custom serialization (network / wire format)
 82 2012-10-05 04:43:17 <jgarzik> quote,
 83 2012-10-05 04:43:19 <jgarzik> GLBSE is offline
 84 2012-10-05 06:43:03 <MC1984> wow i did not know that simply encrypting your wallet invalidates all your backups
 85 2012-10-05 06:43:14 <MC1984> what the fuck chaps
 86 2012-10-05 06:43:32 <MC1984> this shit is a minefield
 87 2012-10-05 06:43:51 <sipa> it doesn't invalidate your backups
 88 2012-10-05 06:44:16 <sipa> it simply makes sure that any new address never touched disk in unencrypted form afterwards
 89 2012-10-05 06:44:30 <sipa> so you need a new backup after encrypting, before you do new transactions
 90 2012-10-05 06:45:52 <MC1984> so it invalidates you backups
 91 2012-10-05 06:46:17 <MC1984> if you dare use the wallet once after encrypting
 92 2012-10-05 06:50:43 <MC1984> i suppose this is why its still very much beta software, and the devs have never claimed otherwise
 93 2012-10-05 07:10:20 <gribble> 3054627.5269486
 94 2012-10-05 07:10:20 <sipa> ;;bc,diff
 95 2012-10-05 07:21:29 <Eliel> MC1984: If the encryption dialog doesn't tell you about the need to make a new backup afterwards, that's a bug IMO. File a report.
 96 2012-10-05 07:23:33 <MC1984> there are many things the client does that it should alert to the user in huge red flashing letters with glitter.gif from 1996 on the side
 97 2012-10-05 07:24:37 <MC1984> i dont think it warned me shit when i crypted my wallet the day wallet encryption was released
 98 2012-10-05 07:29:04 <sipa> Eliel: already reported as a bug (by me), and fixed in 0.7.1 (unsure if it's already merged)
 99 2012-10-05 07:44:33 <freewil> why is it that a new backup is needed after an encryption?
100 2012-10-05 07:44:47 <freewil> are all the previously unused keys in the pool regenerated?
101 2012-10-05 07:48:26 <kinlo> good question, no idea
102 2012-10-05 07:48:46 <kinlo> sipa: do you know this?
103 2012-10-05 07:51:05 <freewil> https://en.bitcoin.it/wiki/Wallet_encryption "When wallet passphrase enrcyption becomes enabled, any unused keys from the keypool are flushed (marked as used) and new keys protected with encyption are added. For this reason, make a new backup of your wallet so that you will be able to recover the keys from the new key pool should access to your backups be necessary."
104 2012-10-05 07:52:00 <freewil> arent keys in the pool by definition unused?
105 2012-10-05 07:58:03 <sipa> kinlo: ^
106 2012-10-05 07:58:08 <kinlo> :)
107 2012-10-05 07:58:10 <kinlo> thx
108 2012-10-05 08:45:11 <Graet> I'm confused http://blockchain.info/block-index/311449/0000000000000412cb93f5cceceebdd6bec88d5db691a17a823287c47713d2cf   104BTC of txn fees with a 21.x btc fee for a 2BTC txn and 9.xxBTC fee for a 3.2xx btc txn
109 2012-10-05 08:45:27 <Graet> oops21btc fee for a 21btc txn
110 2012-10-05 08:59:03 <OneEyed> Graet: you mean http://blockchain.info/tx/f776cac4a61ed03a54fdf272d0e38f9a68824420aa5d2b8f1b7abf25543a0751 I guess. Indeed, looks funny.
111 2012-10-05 09:01:22 <Graet> that is one of the 3 funny looking txns
112 2012-10-05 09:23:22 <Graet> actually looks like change has been made fee
113 2012-10-05 09:23:37 <Graet> but it would be cool if some experts took interest :D
114 2012-10-05 09:41:54 <phantomcircuit> that's quite a lot of fees
115 2012-10-05 09:45:34 <Joric> http://blockchain.info/tx/c16b8666e9f0ed85532a158bd9659b0cb62cdd462a920300285cf21b9898b8f2 64 btc fee
116 2012-10-05 09:46:42 <Joric> it's not brainwallet i swear (bci'd display relayed by 127.0.0.1)
117 2012-10-05 09:47:51 <Joric> this is tx from kansas, who lives in kansas?
118 2012-10-05 09:48:32 <Graet> Dorothy?
119 2012-10-05 09:50:21 <phantomcircuit> Joric, im guessing those are just ips of nodes well connected to blockchain.info since they both show as being the first seen for a TON of transactions
120 2012-10-05 09:51:18 <phantomcircuit> Joric, one is softlayer and the other is
121 2012-10-05 09:51:25 <phantomcircuit> Joe's Datacenter, LLC
122 2012-10-05 09:51:26 <phantomcircuit> wat
123 2012-10-05 09:51:56 <phantomcircuit> lol it's an actual datacenter
124 2012-10-05 09:51:57 <phantomcircuit> that's hilarious
125 2012-10-05 09:52:26 <Joric> this is clearly a mistaken transaction who will sanely send 64 btc fee
126 2012-10-05 09:54:05 <Graet> there are 3 strange ones in that block
127 2012-10-05 09:54:06 <phantomcircuit> linkedin is more aggressive about getting you to pay than they used to be
128 2012-10-05 09:54:14 <phantomcircuit> i guess they finally decided the information they have gotten from people is valuable enough
129 2012-10-05 09:55:11 <phantomcircuit> lol this joes datacenter is apparently run by someone who used to be a weathermen
130 2012-10-05 09:55:18 <phantomcircuit> that's an odd carear switch
131 2012-10-05 10:00:58 <Joric> can anyone tell is msvc 2008 express any better than 2005 express? heard ms drastically improved debugger and whatnot
132 2012-10-05 10:21:25 <JFK911> im using 2k8
133 2012-10-05 10:21:41 <JFK911> ms improved a lot as the y2k decade progressed
134 2012-10-05 12:06:13 <Diablo-D3> lets see
135 2012-10-05 12:06:28 <Diablo-D3> ACTION moves .bitcoin to his zfs raid5 that can do 200mb/sec+ sequential reads
136 2012-10-05 12:06:51 <pierre`> if you have memory, use /dev/shm
137 2012-10-05 12:07:02 <Diablo-D3> pierre`: thats silly.
138 2012-10-05 12:07:47 <Graet> as silly as 104BTC in txn fees in one block?
139 2012-10-05 12:09:03 <Eliel> could well be... that is, if you forget to set up a periodic call to backupwallet.
140 2012-10-05 12:29:32 <Diablo-D3> pierre`, Eliel: no, the problem is the initial startup
141 2012-10-05 12:30:37 <Diablo-D3> like, lets say I did linux md swraid between a ram block device and a loopback image on a disk
142 2012-10-05 12:30:55 <Diablo-D3> and then fucked with the priorities to do reads on the ram disk
143 2012-10-05 12:31:01 <Diablo-D3> I _still_ have to load it off the disk the first time
144 2012-10-05 12:35:07 <t7> ACTION thinks there could be a time limit on unspent bitcoins, might limit the size of the blockchain...
145 2012-10-05 12:35:52 <kjj_> t7: there are a thousand threads about that on the forums
146 2012-10-05 12:36:17 <t7> that was a completely origin thought, and a bloody good one too. I am very clever
147 2012-10-05 12:36:51 <t7> if only i could spell
148 2012-10-05 12:37:00 <kjj_> Diablo-D3: disk caching should come close to that, but it doesn't actually seem to
149 2012-10-05 12:37:07 <gmaxwell> I've previously suggested that such a limit might be implementable should there be a hardforking crypto upgrade at some point.
150 2012-10-05 12:38:01 <Wikicoin> That's pretty authoritarian.
151 2012-10-05 12:38:04 <Luke-Jr> gmaxwell: doesn't make it a good idea? O.o
152 2012-10-05 12:38:12 <gmaxwell> E.g. you're going to upgrade from ecdsa to something else at some point; you'll want to make unmigrated ecdsa coins become unspendable so they don't get cracked and crash the economy.  Might as well make the expiration permanent.
153 2012-10-05 12:38:34 <gmaxwell> Wikicoin: the hell?
154 2012-10-05 12:39:29 <Wikicoin> misread that
155 2012-10-05 12:39:54 <gmaxwell> Luke-Jr: I think it's reasonable to assume that there will always need to be periodic crypto upgrade that make old crypto eventually unspendable (on a timeframe of decades) just to prevent total economic mayhem. Making that formal would be better than having it dealt with as an emergency case by case thing. But ::shrugs::
156 2012-10-05 12:39:58 <kjj_> gmaxwell: unless there was a sudden break in ECDSA, cracking old coins would be just like mining, but with different rewards
157 2012-10-05 12:40:06 <gmaxwell> kjj_: no sir.
158 2012-10-05 12:40:16 <gmaxwell> kjj_: the playout would be uncontrolled.
159 2012-10-05 12:40:34 <kjj_> well, it would be whatever belonged to that key.
160 2012-10-05 12:40:55 <gmaxwell> kjj_: Say bitcoin deflates to the point where 100 BTC buys you a nice planet. ... then the first crakers are hitting 9000 BTC at a time.
161 2012-10-05 12:41:57 <Eliel> gmaxwell: if you do implement a time limit like that, it'd be nice to have the time period depend on the transaction fee :)
162 2012-10-05 12:42:10 <kjj_> how would that be different from the rightful owner of that key starting to use them?
163 2012-10-05 12:42:15 <gmaxwell> Generally the growing uncertanty of treasure chest coin being discovered (crypto cracking or not) is economically hazardous.
164 2012-10-05 12:43:08 <gmaxwell> Eliel: meh, complexity is bad. Plus the scalability improvement needs the txouts to vanish.
165 2012-10-05 12:43:11 <kjj_> heh.  a lot of us think that theft is just as hazardous.  and just because they become totally dead doesn't make it any less of a theft from the owner's eyes
166 2012-10-05 12:43:19 <Eliel> kjj_: it wouldn't be different really.
167 2012-10-05 12:43:40 <gmaxwell> kjj_: there is a difference between personal risk and the destruction of your society that can come from throughly upsetting the economy.
168 2012-10-05 12:44:38 <Eliel> gmaxwell: how about a gradual decay of the old coins rather than a binary "now it exists, not it doesn't" kind of switch?
169 2012-10-05 12:44:42 <kjj_> I think your keyboard fell asleep, when you typed "potential", it didn't register.  :)
170 2012-10-05 12:45:41 <gmaxwell> Eliel: amiller wanted that??? basically paying for the txout storage. I think thats too economically tuning. Straight expiration follows naturally from a crypto upgrade.
171 2012-10-05 12:46:33 <gmaxwell> economically rational bitcoin do not want oodles of totally lost coins being reintroduced back into circulation as a result of expected crypto breaks.
172 2012-10-05 12:46:53 <kjj_> I just think that if we have a hard fork to change encryption methods, if people want to permanently kill old coins, it'll cause a three way fork, with most of the planet on the non-killing branch
173 2012-10-05 12:47:25 <Eliel> gmaxwell: for example, if txouts older than 10 years can be just dropped, it'd make sense to start decaying the amount at 5 years and reach zero at 10 years.
174 2012-10-05 12:48:07 <Eliel> it's actually more user friendly that way as they don't lose it all if it slips their mind for a minute too long.
175 2012-10-05 12:48:17 <amiller> i'm not in favor of 'tuning' anything at all, i don't have a way of bidding on storage fees but i still think it's the only thing that makes sense
176 2012-10-05 12:48:17 <kjj_> gmaxwell: yeah, but most people are here because we respect property rights, even when painful to do so.
177 2012-10-05 12:48:27 <gmaxwell> kjj_: then the people on the non-killing branches will die out when their economy is ruined by cracked coins and they all starve to death.
178 2012-10-05 12:48:32 <Wikicoin> It would limit people using a single address as a inheritance trust fund
179 2012-10-05 12:48:35 <amiller> also it means you would get the best deal by consolidating your coins, which is good for the network
180 2012-10-05 12:48:51 <kjj_> gmaxwell: or the people on the killing branch will all die out when their coins are worthless because no one else takes them
181 2012-10-05 12:49:07 <gmaxwell> kjj_: there isn't a property rights question??? you just require that coins be moved within a decade or two.
182 2012-10-05 12:49:20 <kjj_> gmaxwell: that IS a property right.
183 2012-10-05 12:49:24 <gmaxwell> otherwise they're going to be stolen by the crypto crakers in any case.
184 2012-10-05 12:50:00 <kjj_> gmaxwell: the current rules rely ONLY on math.  if the sig is valid, the coins are valid.
185 2012-10-05 12:50:26 <gmaxwell> kjj_: bullshit. As you point out the effective rules depend on the society of the users as well.
186 2012-10-05 12:50:47 <Eliel> kjj_: expiration would also rely on only math if you calculate it based on the block number difference between txout and txin.
187 2012-10-05 12:51:11 <kjj_> Eliel: that's weak dude, and you know it
188 2012-10-05 12:51:37 <kjj_> gmaxwell: so far, society has chosen that only the math is important
189 2012-10-05 12:51:55 <gmaxwell> kjj_: You're promoting a myopic autistic understanding of property rights. You're basically claiming that your right to behave in an economically irrational way??? for nearly no personal benefit, and at great personal risk??? throughly trumps everyone elses right to have a safe and functioning economy.
190 2012-10-05 12:52:03 <Eliel> kjj_: no, your argument was weak, so I crushed it.
191 2012-10-05 12:52:23 <gmaxwell> And indeed, this is all just math too as Eliel says.
192 2012-10-05 12:52:47 <kjj_> Eliel: ha.  ECDSA has no concept of time.  your argument is that any rules that can be expressed as math are valid
193 2012-10-05 12:53:11 <kjj_> that is essentially what got us into the fiat mess that we are struggling to get out of
194 2012-10-05 12:53:12 <gmaxwell> kjj_: thats what you seemed to be saying!
195 2012-10-05 12:53:16 <Eliel> 17:46 < kjj_> gmaxwell: the current rules rely ONLY on math.  if the sig is valid, the coins are valid.
196 2012-10-05 12:53:28 <amiller> signatures often have a concept of time, in pki for example
197 2012-10-05 12:54:06 <kjj_> amiller: no, they don't.  a cert may expire, but the signature is either from that key, or not from that key.  not sometimes
198 2012-10-05 12:54:26 <Eliel> kjj_: property rights are a social agreement at their core.
199 2012-10-05 12:54:27 <amiller> a signature from that key, after the cert has expired, is discarded as meaningless
200 2012-10-05 12:54:40 <gmaxwell> kjj_: sorry, I can't see you??? the smoke from your strawmen is producing quite a cloud.   Not accepting transactions with insecure signatures is simply not the same as "the fiat mess", it's not even compariable. You're appealing to emotion there, and it's hurting my respect for you.
201 2012-10-05 12:54:44 <kjj_> amiller: we may put social meaning on when the sig was done, but the sig is still valid mathematically
202 2012-10-05 12:54:53 <helo> only people with coin that they cannot unlock, that they hope to unlock in the future, would stick with the old crypto branch, right?
203 2012-10-05 12:54:57 <Eliel> kjj_: they don't need to be taken to extremes.
204 2012-10-05 12:55:16 <kjj_> gmaxwell: hang on, I'm trying to debate three of you all at once
205 2012-10-05 12:55:18 <helo> everyone else's coin would potentially become more valuable by switching to the new crypto and ditching permanently all old coin
206 2012-10-05 12:55:26 <kjj_> helo: that is theft
207 2012-10-05 12:55:33 <gmaxwell> helo: and don't believe they could unlock it within the next, say, ten years, but believe they could unlock it past that.
208 2012-10-05 12:56:38 <helo> kjj_: if someone has lost their ability to move their coin in a reasonable amount of time, presumably it is because of some poor decision making of their own
209 2012-10-05 12:56:41 <kjj_> gmaxwell: if it becomes possible for someone else to find my key and forge my signature on a transaction, that is my problem if I don't remedy it.
210 2012-10-05 12:56:49 <gmaxwell> kjj_: bitcoin is "theft". Why should all the coin be held by whatever people hold it, instead of all people equally.  Why is some kid in africa who wasn't even born when bitcoin was created less entitled to the world's wealth?  Come on, words like "theft" are so broad you can paint _anything_ with them.
211 2012-10-05 12:57:12 <kjj_> helo: you don't know that they lost the ability to move their coins.  YOU made it impossible for them to do it with an arbitrary, but possibly well intentioned, rule.
212 2012-10-05 12:57:26 <helo> it is easy enough to retain access to your wealth by making backups
213 2012-10-05 12:57:35 <gmaxwell> kjj_: it's _everyones_ problem when it can potentially inject many times the whole economy of formerly lost (sometimes intentionally so) coins back into circulation.. far more a problem than the one it created for you.
214 2012-10-05 12:57:49 <kjj_> gmaxwell: so, if we made a rule that transactions signed by a key, say, one of your keys, could violate the txout <= txin rule, you'd be ok with that?
215 2012-10-05 12:58:31 <Luke-Jr> gmaxwell: oh, I thought you meant a general expiration rule; old crypto expiring does make sense
216 2012-10-05 12:58:36 <gmaxwell> kjj_: all things are not equal. Shameful. Why are you not protesting every single commit to the codebase if you're going to think like that?
217 2012-10-05 12:58:39 <kjj_> I know that isn't the same thing
218 2012-10-05 12:59:27 <kjj_> gmaxwell: if there is ever a commit that makes the validity of transaction redemption depend on anything other than the correctness of the signature, I WILL protest it, loudly
219 2012-10-05 12:59:28 <Luke-Jr> gmaxwell: Wikicoin = Atlas (forum) = HowardStrong (guy trolling the wikipedia article)
220 2012-10-05 12:59:37 <gmaxwell> Luke-Jr: I dunno. The latter is the obvious and nearly mandatory thing to do. The former might make future instances of the latter less disruptive.
221 2012-10-05 12:59:44 <gmaxwell> Luke-Jr: ah that explains some things
222 2012-10-05 13:00:35 <Luke-Jr> gmaxwell: he's here because my presense in #bitcoin-dev is his evidence for my being "conflict of interest" now???
223 2012-10-05 13:01:13 <gmaxwell> Luke-Jr: e.g. indeed I agree it's rude and unfortunate to have to add any kind of expiration to the system for the crypto-upgrade. It would have been better if there was always a ten year rule, and then the upgrade could have just trusted it to take care of it.
224 2012-10-05 13:01:40 <stevep> What about paper wallets?
225 2012-10-05 13:01:54 <helo> kjj_: so someone with a brainwallet slipped into a coma, only to wake to find that their coin was lost due to a broken-crypto hard fork.
226 2012-10-05 13:01:57 <gmaxwell> stevep: print them again every ten years.
227 2012-10-05 13:02:25 <Luke-Jr> cute, apparently he changed his nick before he joined here, and changed it back after he left: [15:00:47] ??? Wikicoin is now known as ___Atlas___.
228 2012-10-05 13:02:45 <stevep> How does fiat currency handle this situation when for example old notes are no longer accepted?
229 2012-10-05 13:02:47 <kjj_> helo: good example.  if he loses the ability because someone cracked the crypto, that's unfortunate.  if he loses them because WE decide that his coins are invalid, that's shitty
230 2012-10-05 13:03:08 <gmaxwell> Luke-Jr: he quizzed me on the symbol the other day claiming to be a wikipedia administrator. And after I wouldn't agree with him he begain his latest railing against 'bitcoin developers' on the forums.
231 2012-10-05 13:03:22 <helo> kjj_: but in the case where old coin wasn't invalidated, he will likely find that his coin was stolen (due to the broken crypto).
232 2012-10-05 13:03:45 <kjj_> helo: again, unfortunate.  but not something that WE did to him
233 2012-10-05 13:03:57 <helo> so either way, he loses. but if old coin is invalidated, the rest of the economy is protected.
234 2012-10-05 13:04:03 <gmaxwell> helo: no, he'd never wake up. the economic term-oil due to the reintroduction of cracked coin would cause the hosipital to stop feeding him and he'd die. :P
235 2012-10-05 13:04:08 <Luke-Jr> on another note, is there a SVG of just the BTC symbol somewhere?
236 2012-10-05 13:04:14 <helo> hah no joke
237 2012-10-05 13:04:19 <kjj_> gmaxwell: now who is making straw men?
238 2012-10-05 13:04:27 <gmaxwell> kjj_: You want us to be murderers!
239 2012-10-05 13:04:32 <kjj_> gmaxwell: you are the one predicting absolute and total chaos
240 2012-10-05 13:04:58 <gmaxwell> kjj_: inaction in the fact of forces that you know require action is every bit an action; morally and legally. There is no neutral path.
241 2012-10-05 13:05:10 <gmaxwell> kjj_: Murderer.
242 2012-10-05 13:05:26 <stevep> According to the bank of england old style notes cease to be legal tender  once they are withdrawn. http://www.bankofengland.co.uk/banknotes/Pages/about/faqs.aspx#12
243 2012-10-05 13:05:55 <gmaxwell> kjj_: well what? I gave up on having a rational discussion because you kept refusing to have one with the non-stop stream of thought stopping emotional arguments. You murderer.
244 2012-10-05 13:05:56 <kjj_> ha!  I'm sure that there are tons of dead folks around for that very reason.  I bet Lenin and Stalin felt that they too were forced to act when they killed millions and millions
245 2012-10-05 13:06:36 <gmaxwell> kjj_: and the many thousands who could have trivially stopped them??? a single bullet from a private guard who _knew_ it was wrong.. but it wasn't their place.
246 2012-10-05 13:07:09 <kjj_> so, depriving people of their property is fine, as long as you do it on a big enough scale?
247 2012-10-05 13:08:21 <gmaxwell> kjj_: Why not? you're doing it right now. You're exploiting differential economic power to make use of high technology built from raw materials manufactured through exploitive labor in the third world.
248 2012-10-05 13:08:38 <amiller> do we agree that bitcoin has two (possibly contentious) goals, 1) to defend the interests of stakeholders/investors, people who have BTC and 2) to adapt technology as necessary to ensure stability of the system?
249 2012-10-05 13:08:39 <kjj_> gmaxwell: I call bullshit on that
250 2012-10-05 13:08:53 <amiller> the only reason imo to do something like expiration is if it becomes apparent that bitcoin will be unstable otherwise
251 2012-10-05 13:09:01 <gmaxwell> If you're going to invoke "theft" to justfiy your arguments you need to be prepared to deal with the idea that theft can be defined less than the myopic version which is most comfortable for you.
252 2012-10-05 13:09:07 <kjj_> amiller: apparent to WHO?
253 2012-10-05 13:09:12 <Eliel> kjj_: when the deprivation of property happens according to preset rules that were known to the owner before they acquired the property, yes, that's fine.
254 2012-10-05 13:09:15 <amiller> apparent to everyone who participates?
255 2012-10-05 13:09:19 <helo> amiller: they can be contentious, and they can be in accord
256 2012-10-05 13:09:32 <kjj_> amiller: everyone?  or is some fraction ok?
257 2012-10-05 13:09:40 <helo> isn't 2) a strict requirement for 1)?
258 2012-10-05 13:10:38 <gmaxwell> kjj_: No bullshit. The world is an unfair place. And just from the evidence that you're talking to me, you are almost currently enjoying wealth which is entirely undeserved relative to your contribution to the human species as a whole. I certantly am.
259 2012-10-05 13:10:42 <kjj_> Eliel: I disagree.  theft doesn't become right when you announce it in advance.  if your argument is correct, then you have no beef with congress for inflating your savings into dust
260 2012-10-05 13:10:58 <Graet> so no-one knows why there would be 104BTc of txn fees in a block?
261 2012-10-05 13:11:11 <Graet> https://bitcointalk.org/index.php?topic=115583.0
262 2012-10-05 13:11:14 <kjj_> gmaxwell: you are in debt?  that's unfortunate
263 2012-10-05 13:11:16 <gmaxwell> Graet: someone got stupid with the raw transaction api.
264 2012-10-05 13:11:22 <Graet> ahh cool
265 2012-10-05 13:11:23 <helo> kjj_: i think the objective is to preserve wealth for as many people as possible... some tough decisions that don't include saving 100% are inevitable
266 2012-10-05 13:11:32 <gmaxwell> kjj_: in debt? huh.
267 2012-10-05 13:11:43 <Graet> thanks gmaxwell
268 2012-10-05 13:11:53 <gmaxwell> Graet: I'm guessing there.
269 2012-10-05 13:12:03 <gmaxwell> No. I've never been in debt. I own a bunch of other people's debt, in fact.
270 2012-10-05 13:12:15 <Graet> hehe ok :) i thought it *might* be something like that - no-one screaming yet tho :P
271 2012-10-05 13:12:27 <kjj_> gmaxwell: money is just a way to split a barter through time and space.  the only way to have enjoyed more wealth than you deserve is to have debt
272 2012-10-05 13:12:51 <kjj_> if you don't have debt, then by definition, you have given to society at least as much as society has given to you
273 2012-10-05 13:13:00 <gmaxwell> kjj_: er, no. Reciving stolen goods is another way.
274 2012-10-05 13:13:17 <kjj_> heh, well, yeah, ok.  there are dishonest ways too
275 2012-10-05 13:13:21 <kjj_> have you stolen stuff?
276 2012-10-05 13:13:25 <amiller> lol
277 2012-10-05 13:13:39 <gmaxwell> kjj_: No, but my society does??? constantly in many different ways.
278 2012-10-05 13:13:48 <gmaxwell> And I benefit greatly from that.
279 2012-10-05 13:14:01 <kjj_> gmaxwell: meh.  I don't buy it when Chomsky says it either, and he is much more convincing than you are
280 2012-10-05 13:14:21 <Eliel> kjj_: Yes, the congress is free to inflate the currencies they control. My own stupidity if I trusted them for good savings value.
281 2012-10-05 13:14:25 <gmaxwell> kjj_: ::shrugs:: I don't feel (very) bad about it.
282 2012-10-05 13:14:41 <gmaxwell> The current situation is unstable in any case.
283 2012-10-05 13:15:41 <kjj_> gmaxwell: I hold the very unpopular opinion that the US is having economic woes because we made the decision to export our wealth around the world in order to try bootstrapping production and trade everywhere
284 2012-10-05 13:15:52 <gmaxwell> economic woes?
285 2012-10-05 13:15:56 <gmaxwell> oh god. what nonsense.
286 2012-10-05 13:16:03 <gavinandresen> wow, didn't take long for somebody to shoot themselves in the foot with raw transactions....
287 2012-10-05 13:16:05 <kjj_> heh, I told you it was unpopular
288 2012-10-05 13:16:27 <Graet> that is it then Gabit ?
289 2012-10-05 13:16:31 <Graet> oops gavinandresen
290 2012-10-05 13:16:52 <gavinandresen> kjj_: I'm with gmaxwell, there is zero evidence more trade is ever bad.
291 2012-10-05 13:16:57 <kjj_> gmaxwell: on the other hand, in 1945, there was exactly one intact industrial country on the planet.
292 2012-10-05 13:17:09 <gmaxwell> kjj_: no, the nonsense is that there are economic woes. Go into the homes of people living in povery in the US??? they are well fed (if not all that healthy so), they have TVs and video games, and access to more books than existed a hundred years ago. Most are not sick. We are impossibly wealthy.
293 2012-10-05 13:17:09 <Graet> 2
294 2012-10-05 13:17:30 <kjj_> gavinadresen: I'm not sure what you are referring to.  I don't think that more trade is bad either, and I can't think of anything that I might have possibly said to suggest otherwise
295 2012-10-05 13:17:31 <gavinandresen> Graet: most likely. If you're not careful and remember to include a change output in your raw transactions you'll create transactions with huge fees
296 2012-10-05 13:17:31 <helo> economic woes in 3...
297 2012-10-05 13:17:39 <gmaxwell> Our poorest people have richer lives than the median in many parts of the world.
298 2012-10-05 13:17:43 <helo> (years)
299 2012-10-05 13:17:59 <Graet> ahh ok, it looked like one of the txn the change was fee, but one txn had fee and change
300 2012-10-05 13:18:24 <gmaxwell> Graet: congrats on your windfall, I guess
301 2012-10-05 13:18:44 <kjj_> gmaxwell: grab a newspaper, see the stories on inflation, unemployment, etc, etc.  those economic woes
302 2012-10-05 13:18:45 <Graet> heh, thanks gmaxwell - the miners got the windfall though :D
303 2012-10-05 13:18:58 <helo> if someone can prove they were the ones that generated that transaction, will you refund them?
304 2012-10-05 13:19:11 <helo> oh, i though Graet mined it
305 2012-10-05 13:19:38 <gmaxwell> kjj_: if you allow things to be measured relatively, especially with a short term reference, then every downward change is a "woe". The word loses its meaning.
306 2012-10-05 13:19:43 <helo> wow english
307 2012-10-05 13:19:45 <Graet> bit hard to refund what has been paid out to miners :)
308 2012-10-05 13:19:51 <gmaxwell> Graet: well congrats to your miners!
309 2012-10-05 13:19:59 <Graet> cheers gmaxwell :D
310 2012-10-05 13:20:32 <Graet> they do sem pleased. i was stunned - and checked about 5 places before i believed it wa real :P
311 2012-10-05 13:20:35 <gmaxwell> weird. they all have two outputs.
312 2012-10-05 13:20:44 <gavinandresen> Should be a good incentive for pool ops to upgrade to the 0.7 "sort transactions by fee when deciding which to include" ....
313 2012-10-05 13:20:59 <gmaxwell> maybe this wasn't a raw transactions mistake.
314 2012-10-05 13:21:07 <gmaxwell> perhaps they set their fee per KB very high?
315 2012-10-05 13:21:34 <gavinandresen> I believe there's a check/warning for that
316 2012-10-05 13:21:41 <gmaxwell> Indeed.
317 2012-10-05 13:21:47 <gmaxwell> Graet: there have been some enormous fees in the past.
318 2012-10-05 13:21:52 <gavinandresen> not that people pay attention to warnings....
319 2012-10-05 13:21:58 <helo> they thought that was the fees they receive ;)
320 2012-10-05 13:21:58 <stevep> I'd hope the standard client would have that kind of sanity check
321 2012-10-05 13:22:01 <kjj_> also, I don't think the fee per KB kicks in if it still qualifies as free, and these don't look complicated enough to be not-free
322 2012-10-05 13:22:04 <gmaxwell> There was a block with something like 200 BTC, for examples.
323 2012-10-05 13:22:17 <Graet> i havent seen so many, but 64btc 21.xx and 9.xx BTc in one block
324 2012-10-05 13:22:40 <gavinandresen> well, I hope whoever it was steps forward and lets us know what happened.
325 2012-10-05 13:22:49 <Graet> oh ok, well i was hoping for the record, but well beaten already :P
326 2012-10-05 13:22:49 <kjj_> the one with the 21.5s looks like he was trying to do a three way split and forgot to add the third address
327 2012-10-05 13:23:12 <gmaxwell> kjj_: right, at least one of these should have been fee.
328 2012-10-05 13:23:13 <gmaxwell> er free
329 2012-10-05 13:23:34 <gmaxwell> e.g. spending a single 289 btc input with 500 confirmations.
330 2012-10-05 13:23:43 <gmaxwell> oh no, sub cent output.
331 2012-10-05 13:23:51 <Eliel> is there a good place in the rawtx process to add a warning if the transaction smells funny?
332 2012-10-05 13:23:54 <gmaxwell> http://blockchain.info/tx/c16b8666e9f0ed85532a158bd9659b0cb62cdd462a920300285cf21b9898b8f2 < not free.
333 2012-10-05 13:24:19 <gmaxwell> Eliel: well, it would help if decoderawtransaction showed the fees... but that requires looking up the inputs.
334 2012-10-05 13:25:06 <gmaxwell> I helped someone make a several thousand BTC transaction using the raw transactions API.  I manually summed the input six times and was still a bit nervous that I calculated it all right. (it went fine)
335 2012-10-05 13:25:07 <phantomcircuit> so
336 2012-10-05 13:25:17 <phantomcircuit> any guesses what happened there?
337 2012-10-05 13:25:47 <phantomcircuit> i expect it to be something mundane
338 2012-10-05 13:26:10 <stevep> gmaxwell: Just shows how much trust we all place in the client :)
339 2012-10-05 13:26:30 <gmaxwell> stevep: even crappy software is at lest pretty consistent! :P not so for humans.
340 2012-10-05 13:26:47 <phantomcircuit> gmaxwell, isn't that the truth
341 2012-10-05 13:26:53 <gmaxwell> Though I'm a bit alarmed by people creating 100kBTC TXouts... they're begging for a cosmic ray to make them broke.
342 2012-10-05 13:26:53 <Graet> ++
343 2012-10-05 13:27:02 <Eliel> gmaxwell: is there a good reason not to look up the input amounts by default to show the warning?
344 2012-10-05 13:27:15 <phantomcircuit> gmaxwell, lawl
345 2012-10-05 13:27:16 <gavinandresen> gmaxwell: an on-by-default fee sanity check in sendrawtransaction is probably the right thing to do.
346 2012-10-05 13:27:36 <phantomcircuit> hmm
347 2012-10-05 13:27:44 <phantomcircuit> wonder if it's an electrum bug
348 2012-10-05 13:27:52 <gavinandresen> gmaxwell: ... although there are enough other ways to hang yourself using raw transactions maybe that would just be a false sense of security
349 2012-10-05 13:27:55 <helo> or a "summarize wtf will happen with this raw transaction"
350 2012-10-05 13:29:09 <stevep> gavinandresen: I agree with helo somekind of summary to make it easier to write sanity checks seems like it would be helpful
351 2012-10-05 13:29:20 <kjj_> people using raw transactions have the option to run it through decoderawtransactions already
352 2012-10-05 13:29:51 <helo> the decode doesn't make it plain-as-day exactly what will happen though, does it?
353 2012-10-05 13:30:09 <kjj_> helo: pretty sure it does.  sec
354 2012-10-05 13:30:36 <gmaxwell> helo: the decode doesn't show the fees.
355 2012-10-05 13:30:52 <gmaxwell> it shows which txouts you're spending, and your new outputs.
356 2012-10-05 13:31:14 <gmaxwell> But if you don't know the values of those tx outs and do the summing, ... you don't know the fee.
357 2012-10-05 13:32:05 <gmaxwell> gavinandresen: there are other ways; indeed. But the fee one is a risk even if your outputs are totally boring and regular.
358 2012-10-05 13:32:24 <gmaxwell> a basic 'spend these particular input to this regular address output' transaction basically only has the fee risk.
359 2012-10-05 13:32:32 <kinlo> does anyone know the exact formula to calculate the supermajority on version 2 blocks?
360 2012-10-05 13:32:35 <gmaxwell> (well, you could get the address wrong; but thats the same for non-raw)
361 2012-10-05 13:32:51 <kinlo> ie: how many blocks need to be version 2 before the network starts rejecting version 1?
362 2012-10-05 13:33:00 <stevep> gmaxwell: and I guess the fee risk will be the one most often exercised
363 2012-10-05 13:33:01 <helo> implicit fee trapdoor :/
364 2012-10-05 13:33:24 <kjj_> kinlo: 95%  (950 of the last 1000)
365 2012-10-05 13:33:25 <gmaxwell> helo: yea, well, it's how the protocol worls.
366 2012-10-05 13:33:28 <gmaxwell> er works.
367 2012-10-05 13:33:35 <kinlo> kjj_: so the last 1000... interesting
368 2012-10-05 13:33:39 <gmaxwell> (actually a pretty elegant thing, IMO)
369 2012-10-05 13:34:05 <Diablo-D3> [10:37:01] <kjj_> Diablo-D3: disk caching should come close to that, but it doesn't actually seem to
370 2012-10-05 13:34:11 <Diablo-D3> it does if you have enough memory
371 2012-10-05 13:34:28 <helo> yeah, it is elegant... just spooky
372 2012-10-05 13:34:29 <Diablo-D3> I have 8gb of memory, I can reboot, start bitcoin, take forever, close bitcoin, and then start it again and its instant
373 2012-10-05 13:34:41 <helo> but the software can make it not spooky easily enough
374 2012-10-05 13:34:56 <kinlo> I've added block version numbers to blockorigin if someone is interested in tracking this information
375 2012-10-05 13:34:57 <gavinandresen> stevep: decoderawtransaction before sendrawtransaction gives you a summary... not of fees, though.
376 2012-10-05 13:35:09 <helo> when is the first foundation vote?
377 2012-10-05 13:35:15 <kinlo> I guess adding a percentage would make sense too
378 2012-10-05 13:36:08 <kjj_> Diablo-D3: IDB seems to be different.
379 2012-10-05 13:36:21 <gavinandresen> helo: vote for board members?  Not for at least a year.  There might be other things put to member votes before then, though.
380 2012-10-05 13:36:23 <stevep> gavinandresen: I think the fees is the major issue. I guess we should let one of the rawtransaction users who lost a lot submit the feature request. That way it will carry the required weight to consider making a new api ;)
381 2012-10-05 13:36:51 <gmaxwell> stevep: we've not had any reports of that yet.
382 2012-10-05 13:37:05 <helo> "summarizerawtransaction" -> "Starting wallet balance: ... Payments: ... Fees: ... Ending wallet balance: ..."
383 2012-10-05 13:37:05 <kjj_> Diablo-D3: as in, a box with 8 gigs of RAM and a disk takes MANY hours longer to do IBD than a box with just a ramdisk.  much more time and disk thrashing than you'd expect from merely writing 4 GB
384 2012-10-05 13:37:27 <gmaxwell> Though I don't think it needs a new api.. it should just be a decoderawtransaction field.. but since it requires looking up the inputs it will make decoderawtransaction slower. :(
385 2012-10-05 13:37:32 <Diablo-D3> kjj_: you mean let bitcoin load cold vs preload then bitcoin load cold? yeah, its fucktarded
386 2012-10-05 13:37:56 <gmaxwell> helo: ugh. that makes no sense. What happens when your raw transaction is spending funds you have in a different wallet?
387 2012-10-05 13:37:58 <gavinandresen> gmaxwell: could be a 'verbose' or 'slow' or 'lookupinputs' flag to decoderawtransaction
388 2012-10-05 13:38:37 <Diablo-D3> bitcoin would actually be better off if it tried to cache preload the db by dumb reading it
389 2012-10-05 13:38:38 <gmaxwell> (half of my raw transactions have been to spend inputs in nearline wallets)
390 2012-10-05 13:38:41 <kjj_> Diablo-D3: from the sounds my drive was making, it was spending a lot of time re-reading old blocks to verify new transactions
391 2012-10-05 13:38:56 <helo> gmaxwell: yeah, that is a pretty common use case... likely the most common :/
392 2012-10-05 13:38:58 <gavinandresen> And for sendrawtransaction to succeed it has to know the inputs, so it could enforce a "fail if fees are > X BTC" default rule.
393 2012-10-05 13:39:00 <Diablo-D3> kjj_: yeah which doesnt make sense
394 2012-10-05 13:39:11 <kjj_> Diablo-D3: but I don't have any way to be sure, that was just my impression from the amount of seeking I heard
395 2012-10-05 13:39:17 <gmaxwell> gavinandresen: node won't accept the txn if it doesn't know the inputs in any case.
396 2012-10-05 13:39:25 <Diablo-D3> kjj_: writing blocks kills my box
397 2012-10-05 13:39:26 <lianj> gmaxwell: or sendrawtransaction --dry-run
398 2012-10-05 13:39:28 <gmaxwell> just because it passes the txn through the regular transaction acceptance code.
399 2012-10-05 13:39:36 <lianj> with a summary printed on dry-run
400 2012-10-05 13:39:38 <gavinandresen> gmaxwell: right.  decoderawtransaction does need to be able to decode without inputs, though.
401 2012-10-05 13:39:58 <kjj_> Diablo-D3: I wonder if the BDB layer is somehow invalidating part of the disk cache when it syncs the writes.
402 2012-10-05 13:40:18 <gmaxwell> gavinandresen: agreed, a flag would work there I guess. Though perhaps the default should be to show the fee and there should be a flag to get the current behavior?
403 2012-10-05 13:40:41 <kjj_> Diablo-D3: or maybe I'm just wrong, and the shoe shining I heard was from it doing interleaved writes into two files (blocks and index)
404 2012-10-05 13:40:44 <gavinandresen> gmaxwell: probably-- decode is really for debugging most of the time
405 2012-10-05 13:40:48 <gmaxwell> Diablo-D3: test ultraprune+leveldb
406 2012-10-05 13:40:50 <gavinandresen> ... where speed doesn't matter
407 2012-10-05 13:41:40 <Eliel> perhaps require a parameter to sendrawtransaction that should be set to the expected fee size. If it's off, return an error.
408 2012-10-05 13:41:44 <helo> gavinandresen: i meant the first member vote... or if it has passed the next
409 2012-10-05 13:42:27 <gmaxwell> Eliel: bleh. No. I sometimes use sendrawtransaction to reannounce other people's transactions for them.
410 2012-10-05 13:42:47 <gavinandresen> helo: member vote for what?  as I said, the only definite thing members will vote on is board member elections, but there may be other things the board decides to put to member vote
411 2012-10-05 13:43:05 <stevep> gavinanresen: Is checking a transaction really that slow? If I were generating raw transaction I'd accept a performance hit for the benefit of sanity checks
412 2012-10-05 13:43:22 <Diablo-D3> [11:39:59] <kjj_> Diablo-D3: I wonder if the BDB layer is somehow invalidating part of the disk cache when it syncs the writes.
413 2012-10-05 13:43:36 <Diablo-D3> kjj_: technically it should because of the extra paranoid write checking
414 2012-10-05 13:43:38 <gavinandresen> stevep: what do you mean?  sendrawtransaction checks the transaction before broadcasting it....
415 2012-10-05 13:43:55 <Diablo-D3> kjj_: but it should also be maintaining its own goddamned lru just-written read cache
416 2012-10-05 13:44:04 <helo> oh, i misunderstood "vote for board members" to mean "the first time board members will be voting"
417 2012-10-05 13:44:07 <Diablo-D3> or just something thats just not so goddamned blaaaaaargh
418 2012-10-05 13:44:22 <Diablo-D3> gmaxwell: Ill test it when it ships in a stable releease
419 2012-10-05 13:44:47 <stevep> gavinandresen: I mean ina  "summarizetransaction" style api I'd accept the cost of checking the transaction and calculating the fee for the benfit of the sanity check I can put into my code
420 2012-10-05 13:45:15 <gavinandresen> stevep: sure, that is what we're saying decoderawtransaction might/should do
421 2012-10-05 13:45:38 <gavinandresen> ... if it actually knows enough about previous inputs to calculate fee/etc.
422 2012-10-05 13:45:51 <stevep> gavinandresen: I'm trying to say I'd gladly accept the performance hit
423 2012-10-05 13:46:12 <Eliel> how about having decoderawtx to fetch the inputs by default and make it possible to skip that by extra parameter?
424 2012-10-05 13:46:33 <gavinandresen> it's not  a question of performance if you're creating a chain of transactions to broadcast later-- bitcoind may simply not be able to calculate the fee for transactions it doesn't yet know about
425 2012-10-05 13:46:53 <gmaxwell> stevep: there are cases where it _can't_ be done, because the node doesn't know the inputs; and applications (e.g. block explorer sorts of things) where the performance hit is significant. So we do need to support the unknown inputs case too.
426 2012-10-05 13:47:16 <stevep> I see I didn't consider a chain of unbroadcast transactions.
427 2012-10-05 13:47:37 <gmaxwell> e.g. if you're precalculating a refund transaction; or building a transaction on an offline node.
428 2012-10-05 13:48:53 <stevep> gmaxwell: it seems there are more use cases than I was aware but I'd guess the most frequent case is calculatable it just a question of return on investment for the effort to implement it.
429 2012-10-05 13:49:08 <Eliel> you could also add support to decoderawtx to receive the input txouts with the request.
430 2012-10-05 13:50:00 <gmaxwell> Eliel: the way the json stuff works from the cli optional parameters make life suck. So.. bleh on adding more parameters.
431 2012-10-05 13:50:09 <gavinandresen> yeah... yuck.
432 2012-10-05 13:50:31 <gmaxwell> Besides, the refund txn case requires the person signing the refund actually not have the input.
433 2012-10-05 13:50:49 <gmaxwell> (because you make your counterparty sign the refund before you let him see the payment into the escrow)
434 2012-10-05 13:51:14 <TheSeven> BlueMatt: now that quantal is around the corner, when can we expect a bitcoin PPA update?
435 2012-10-05 13:52:25 <gmaxwell> e.g. you make a txn paying 100 BTC into escrow A, but don't announce it yet, then tell your party the txid and have them make a unlocked transaction refunding from that escrow in 6 months. They sign and give it to you. You sign and put the refund aside.. then you announce the payment into the escrow.
436 2012-10-05 13:52:52 <gmaxwell> if you gave them the input they could just announce it, locking you into the escrow without ever signing the refund.
437 2012-10-05 13:54:58 <lianj> gmaxwell: you need to give them your output script too, not only the txid
438 2012-10-05 13:55:06 <MC1984> is there more than one company doing ASICS now?
439 2012-10-05 13:55:26 <stevep> MC1984: Advertising or Shipping?
440 2012-10-05 13:55:36 <gmaxwell> lianj: well, not necessarily. You can write the transaction for them, they just need to look at it and then sign it.
441 2012-10-05 13:55:42 <Eliel> MC1984: we've got many companies advertising ASICs :)
442 2012-10-05 13:56:10 <lianj> gmaxwell: right, but only the txid is not enough for them to redeem/sign it
443 2012-10-05 13:56:31 <MC1984> deepbit are getting into the asic game wtf
444 2012-10-05 13:56:32 <TheSeven> BlueMatt: the packages from the precise packages depend on a couple of libs that seem to be gone in quantal
445 2012-10-05 13:57:35 <gmaxwell> I note that ngzhang's preorder still has some slots left after they punted the non-payers.
446 2012-10-05 13:59:44 <gmaxwell> lianj: the unsigned txn is technially enough; though I don't believe we're currently smart enough to find the relevant key from the scriptsig... though we could.
447 2012-10-05 14:17:18 <jgarzik> gmaxwell: woo!
448 2012-10-05 14:17:22 <jgarzik> ACTION goes to buy one
449 2012-10-05 14:18:46 <jgarzik> Trying to buy one of each.  At least one will not be a scam ;p
450 2012-10-05 14:18:58 <kjj_> heh
451 2012-10-05 14:19:07 <gmaxwell> For those who don't know what we're talking about: https://bitcointalk.org/index.php?topic=110090.0
452 2012-10-05 14:20:35 <jgarzik> Here's another one, that claimed tapeout on Sept 22: https://bitcointalk.org/index.php?topic=91173.0
453 2012-10-05 14:20:59 <jgarzik> ACTION has no money in asicminer or revolver (the icbit one)... yet
454 2012-10-05 14:21:22 <gavinandresen> I love competition.
455 2012-10-05 14:21:43 <kreal> same
456 2012-10-05 14:22:05 <kjj_> I'd probably pick up an avalon, but I hear Wayne's World every time I read ngzhang
457 2012-10-05 14:22:13 <gavinandresen> somebody PM'ed me concerned that the ASIC companies would be mining on the main network during burn-in, earning BTC....
458 2012-10-05 14:22:32 <kreal> gavinandresen, I bet they will.
459 2012-10-05 14:22:37 <kreal> gavinandresen, would only make sense.
460 2012-10-05 14:22:44 <kjj_> they'd be pretty dumb not to
461 2012-10-05 14:22:47 <gavinandresen> I said "Great!  That means they'll be able to sell to miners for less..."
462 2012-10-05 14:22:53 <kreal> :D
463 2012-10-05 14:23:02 <kreal> dream on haah
464 2012-10-05 14:23:19 <gavinandresen> no, that's what will happen, because they're competing on price against each other....
465 2012-10-05 14:23:53 <kreal> well I will cross my fingers
466 2012-10-05 14:24:03 <kreal> I like the upgrade to 60GH/s though
467 2012-10-05 14:26:22 <Graet> lol yeah great, the asic companies test on mainnet, make bitcoins and lift difficulty before shipping to thier customers.. most have said they will not test on m,ainnet. time will tell i guess
468 2012-10-05 14:28:52 <kjj_> Graet: yeah, I saw some of them say that they wouldn't test on main.  Seemed very silly, but people were clamoring for it in the threads.
469 2012-10-05 14:29:37 <gmaxwell> kjj_: hm? I don't think it's silly. It goofs up the economic planning their customers made if they crank the difficulty 'testing'.
470 2012-10-05 14:29:49 <gmaxwell> And its trivial to test on testnet or testnet in a box.
471 2012-10-05 14:30:06 <Graet> well none said in thier release they would mine on mainet keep the coins and raise diff before shipping, so it was a valid question, if they said they were and that they were factoring earning into cost a lot of ppl would have accepted it better :)
472 2012-10-05 14:30:27 <kreal> know what would be fun?, make them mine litecoin or what the others are called and fuck the diff up there :)
473 2012-10-05 14:30:29 <kjj_> gmaxwell: the difficulty will crank up.  if people aren't planning for 30x difficulty on more-or-less day 1, they deserve the failure they are getting
474 2012-10-05 14:30:45 <gmaxwell> kjj_: but they plan on being in on that windfall.
475 2012-10-05 14:30:45 <Graet> kreal, asic wont do scrypt
476 2012-10-05 14:30:52 <Graet> well these omnes wont
477 2012-10-05 14:31:05 <kjj_> gmaxwell: yeah, I know they are planning on that, but they are wrong
478 2012-10-05 14:31:15 <kreal> cannot remember what the fork of bitcoin blockchain was called.
479 2012-10-05 14:32:15 <gmaxwell> kreal: the? there are like 100 of them.
480 2012-10-05 14:32:47 <kreal> ok :) well choose one the ascis can computate and read my above statement.
481 2012-10-05 14:33:02 <kreal> could be fun
482 2012-10-05 14:33:44 <kjj_> kreal: none of the alt chains are worth poking
483 2012-10-05 14:34:15 <kreal> no but for burn-in
484 2012-10-05 14:34:22 <kreal> nevermind.
485 2012-10-05 14:34:49 <kreal> I'm tired today.
486 2012-10-05 14:34:54 <helo> hah, asic burn-in on namecoin
487 2012-10-05 14:35:22 <gmaxwell> kreal: testnet has the advantage of having the anti islanding logic.
488 2012-10-05 14:35:46 <kreal> no idea what that is sorry.
489 2012-10-05 14:36:19 <gmaxwell> kreal: testnet will accept a difficulty 1 block 20 minutes after the last block.
490 2012-10-05 14:36:20 <kreal> similar to http://udini.proquest.com/view/anti-islanding-methods-for-inverter-goid:845659817/ ?
491 2012-10-05 14:36:27 <helo> heh
492 2012-10-05 14:39:18 <Diablo-D3> man
493 2012-10-05 14:39:23 <Diablo-D3> theres something really wrong with bitcoin
494 2012-10-05 14:39:41 <kreal> indeed
495 2012-10-05 14:39:45 <kreal> and you know what it is.
496 2012-10-05 14:39:52 <Diablo-D3> I wonder how you can flood the linux network stack so badly that you cant even make LAN connections
497 2012-10-05 14:39:53 <kreal> not every store here in denmark are accepting them yet.
498 2012-10-05 14:43:11 <Diablo-D3> what the fuck is going on
499 2012-10-05 14:43:13 <Diablo-D3> I shut bitcoin off
500 2012-10-05 14:43:18 <Diablo-D3> I still cant make connections
501 2012-10-05 14:43:34 <kjj_> maybe it isn't bitcoin doing it?
502 2012-10-05 14:43:51 <Diablo-D3> kjj_: only thing running with network
503 2012-10-05 14:43:59 <Diablo-D3> other boxes on the network arent connected
504 2012-10-05 14:46:20 <kreal> install wireshark or similar and see whats happening? You know it could be solar flares...
505 2012-10-05 14:49:49 <Diablo-D3> kreal: heh.
506 2012-10-05 14:52:24 <gavinandresen> Anybody feel like joining my in procrastinating by thinking about brain wallets ?   https://gist.github.com/3840286
507 2012-10-05 14:55:43 <helo> ACTION o/
508 2012-10-05 14:57:04 <kjj_> gavinandresen: you have to make step 2 costly
509 2012-10-05 14:57:31 <gavinandresen> kjj_: did you read to the end?
510 2012-10-05 14:57:47 <kjj_> not yet, still going through it.
511 2012-10-05 14:58:03 <gmaxwell> gavinandresen: _meh_
512 2012-10-05 14:58:03 <kjj_> now that you say that, I'm sorta wondering if the part I'm reading is about step 1, with the part about step 2 coming later...
513 2012-10-05 14:58:31 <Diablo-D3> kreal: wait, did you imply I dont have wireshark installed?
514 2012-10-05 14:58:46 <gmaxwell> gavinandresen: just as people underestimate the entropy of their passwords greatly, they also overestimate their ability to remember things.
515 2012-10-05 14:59:33 <gavinandresen> gmaxwell: true. If I used a brainwallet I'd write it down and put it in my safe deposit box.
516 2012-10-05 14:59:34 <kreal> Diablo-D3, nope I would just be currious myself if that where to happend to me.
517 2012-10-05 15:00:06 <gavinandresen> gmaxwell: ... and the real danger is I type it in on a compromised system....
518 2012-10-05 15:00:06 <kjj_> gavinandresen: how do you force the attacker to guess your sentinel first?
519 2012-10-05 15:00:28 <gmaxwell> gavinandresen: it's better to just do what electrum is setup to do for that. It encodes a 128 bit value in 12 words. If you want to remember it you can, if you want to write it down, you can.. And because we know it was generated through a cryptographically strong random procedure we escape all doubt about its entropy.
520 2012-10-05 15:00:40 <gavinandresen> kjj_: you don't.  But if you put enough coin in the sentinels then everybody has an incentive to try to crack them....
521 2012-10-05 15:00:52 <kjj_> even worse.  if the attacker knows you, what stops him from using the sentinels as an oracle?
522 2012-10-05 15:01:03 <gavinandresen> kjj_: ?
523 2012-10-05 15:01:13 <gmaxwell> gavinandresen: crack each sentinel, now you have the whole.
524 2012-10-05 15:01:22 <gmaxwell> Thats the lanman password problem.
525 2012-10-05 15:01:27 <kjj_> if he DOESN'T take the sentinel coins, you are giving him an easier problem to solve
526 2012-10-05 15:01:42 <gmaxwell> (lanman confusingly splits passwords over 8ch in half and you can crack each half alone)
527 2012-10-05 15:02:30 <gmaxwell> As far as names go??? he doesn't need to try the 10 million most common names, he'll start with the 10,000 most common posters on bitcoin forums.
528 2012-10-05 15:02:44 <gavinandresen> gmaxwell: good point. I assume the attacker doesn't know which 3 transactions (sentinel1/2/secure) are together
529 2012-10-05 15:02:45 <gmaxwell> It's just really hard to reason about the attacker's statistical power.
530 2012-10-05 15:03:02 <gavinandresen> gmaxwell: mmm.   What's your middle name?
531 2012-10-05 15:03:43 <gmaxwell> gavinandresen: it's easily found at least. A script could be taking forum poster names and expanding them via google searches. (good for resolving pseudonyms too)
532 2012-10-05 15:04:27 <gmaxwell> plus it's in mtgox and bitcoinfoundation databases (I think).
533 2012-10-05 15:04:30 <gavinandresen> gmaxwell: True.  Previous versions of that gist I thought about combining other personal information, but attackers could pretty easily create huge databases that linked SS# / phone # / etc
534 2012-10-05 15:05:16 <gavinandresen> In any case, even if it is 10,000 names to be tried that's still a long time to crack.
535 2012-10-05 15:05:19 <gmaxwell> ::shrugs::  Right, it's just hard to reason about what they'll do and what statistical power they have. Especially since their effort is conserved. One unit of computation cracks all past and future usage.
536 2012-10-05 15:05:46 <gavinandresen> The piece I think is nifty is "put enough bitcoins in your sentinels and the incentive is for crackers to take them instead of trying to brute-force your full wallet"
537 2012-10-05 15:06:27 <gmaxwell> gavinandresen: at what speed?  A lot of people point at that 'correct horse stapler battery'  = zillion years xkcd thing. But thats assuming 1000/attempts a second. A GPU can do some insane billion attempts per second with MD5. At that speed xkcd's zillion years becomes just a few hours.
538 2012-10-05 15:06:30 <gavinandresen> ... and if everybody uses a similar scheme then, essentially, we're all constantly trying to guess and check each other's passphrases.
539 2012-10-05 15:07:34 <gavinandresen> Right. So say it costs X to break one passphrase.  Two independently chosen (maybe a bad assumption right there) would be X^2
540 2012-10-05 15:07:41 <kjj_> gavinandresen: I still think that by using portions of your security, you are giving the attacker hints.  you are replacing x effort with 2*sqrt(x)*y effort, where y is probably pretty small compared to sqrt(x)
541 2012-10-05 15:07:43 <gmaxwell> gavinandresen: seems wasteful??? we really don't want 'honest' people doing that, and sometimes they'll hit the jackpot even under that scheme. This seems like a really poor way around just using 12 machine specified words.
542 2012-10-05 15:07:51 <gavinandresen> ... add a constant factor by salting with some easily found personal information....
543 2012-10-05 15:08:22 <gmaxwell> plus people spaz about the personal information when you tell them to type it in...
544 2012-10-05 15:08:34 <gavinandresen> Asking people to memorize and write down two sentences they choose themselves is much friendlier than 12 random words.
545 2012-10-05 15:09:03 <gmaxwell> gavinandresen: only by the margin that they reduce the entropy.
546 2012-10-05 15:09:47 <gmaxwell> You might as well use six random words. and put the sentinel on five of them.
547 2012-10-05 15:10:10 <gmaxwell> And, any kind of brain wallet gives you a key management headache??? you can't rotate the keys easily, so if someone might have seen part of your key you have disincentives to change it and he can start attacking right away if he really did see it.
548 2012-10-05 15:10:52 <kjj_> gmaxwell: putting the sentinel on 5-of-6 is really bad.  it tells the attacker that they are VERY close
549 2012-10-05 15:10:56 <gavinandresen> gmaxwell: I knew you'd hate it.   I think brainwallets of some kind or another are bound to happen....
550 2012-10-05 15:11:29 <gmaxwell> gavinandresen: Yes, we've talked about it before.
551 2012-10-05 15:11:50 <gavinandresen> Getting back to the sentinels and incentives:  If I put square-root-of-main-wallet-balance+1 bitcoins in the 2 sentinel wallets, then the attacker is better off trying to steal the sentinels.
552 2012-10-05 15:12:16 <gavinandresen> ... and actually I can put much less than that, because attackers will be trying to compromise EVERYBODY's sentinels at once.
553 2012-10-05 15:12:53 <gmaxwell> They are irresponsible to promote under several different threat models: Attacker non-linear advantage (crack everyone at once); Underestimation of entropy; poor key management; overestimation of human memory.
554 2012-10-05 15:13:23 <gavinandresen> okey dokey.  I think people will use them anyway.
555 2012-10-05 15:13:32 <kjj_> yeah, that's the sad thing, they will
556 2012-10-05 15:14:11 <gmaxwell> And when you add sentinels you gain txout bloat and theoretical security that no one will actully leverage in practice. E.g. "people use this, so it must be safe" ignoring that they actually have to watch the sentinals and react to them. But they won't.
557 2012-10-05 15:14:18 <gavinandresen> DO NOT USE BRAIN WALLETS.  But if you do.....
558 2012-10-05 15:14:20 <gmaxwell> gavinandresen: They do already and they get robbed, in fact.
559 2012-10-05 15:14:24 <kjj_> how much responsibility do you take on?  is it enough to say "This is a terrible bad idea, you will lose all of your money and your hair will fall out.  Type your seed phrase:" ?
560 2012-10-05 15:14:33 <gmaxwell> The advice to use the machine generated keys appears to be very successful in practice.
561 2012-10-05 15:14:43 <helo> But if you do, you will get robbed and we will laugh at you.
562 2012-10-05 15:15:04 <gmaxwell> And sipa, etotheipi, and I came up with a scheme that makes it much more attractive to use machine generated ones.
563 2012-10-05 15:15:19 <gavinandresen> gmaxwell: where's that written up
564 2012-10-05 15:16:02 <gmaxwell> helo: thats actually one of the things that makes 'brainwallets' worse... the fact that the victims blame themselves make people underestimate the badness of the system. "It's his/(my) fault. He/I chose a stupid password."
565 2012-10-05 15:16:16 <gmaxwell> gavinandresen: sipa has a gist, looking.
566 2012-10-05 15:17:51 <gmaxwell> The general idea is that the keys are required to have some criteria e.g. H(H(key)) begins with zeros... with the number of acceptable keys increasing the more computation you do.
567 2012-10-05 15:19:40 <gavinandresen> ... where key is what?
568 2012-10-05 15:20:03 <gavinandresen> I'd propose key is:   Name:passphrase1:passphrase2  ....
569 2012-10-05 15:20:20 <gavinandresen> ... and you still do the sentinel thing with the passphrases so you know if you chose badly.
570 2012-10-05 15:20:58 <gavinandresen> ... and put enough bitcoins in the sentinels so it is in the attacker's financial interest to just take those instead of cracking your main wallet
571 2012-10-05 15:21:00 <gmaxwell> gavinandresen: the other complication is that any user provided key scheme is enormously improved by making the derivation computationally expensive... But also "what people will do" is use JS which is 1000-2000x slower than basic C code, so you can't get much advantage on the attacker with that.
572 2012-10-05 15:21:34 <gavinandresen> that's why I like the passphrase1:passphrase2 scheme:  you get O(N^2)
573 2012-10-05 15:21:41 <gmaxwell> gavinandresen: it's not like you're going to spend those sentinels??? would defeat the purpose. So he can wait.
574 2012-10-05 15:22:04 <gavinandresen> but he's competing against everybody else in the world who might like to spend the sentinels
575 2012-10-05 15:22:16 <gmaxwell> once he has cracked a bunch of sentinels he just does the N^2*names pairing, which is very fast.
576 2012-10-05 15:22:29 <gavinandresen> or ordinary people who, if they happen to choose the same passphrase as me, will take the coins "lying on the street"
577 2012-10-05 15:22:50 <gmaxwell> and again, this only has value if you'll notice the spends and abandon your keys.. otherwise it gives attacker a substantial speedup
578 2012-10-05 15:23:27 <gmaxwell> gavinandresen: even the race bit can be addresses by postponing and then trying to win in the network when you see one spend announced.
579 2012-10-05 15:23:28 <gavinandresen> There are already services that will send you email if an address is spent....
580 2012-10-05 15:23:34 <kjj_> I'm not sure that it is possible to come up with a correct value to store in the sentinel.  if the attacker finds one, he is reasonably safe to assume that it will take the next guy about as long to find it too
581 2012-10-05 15:24:20 <kjj_> the amount needs to be high enough that he isn't willing to take the risk, but not so high that it is prohibative for the user
582 2012-10-05 15:24:27 <gmaxwell> gavinandresen: ... and you're expecting people to sign up for all this? please. This is pretext so that when people get robbed you can sleep at night because they didn't follow the complicated scheme.  The alternative, remember, is just remembering 12 machine generated words.
583 2012-10-05 15:24:45 <gmaxwell> And god knows bitcoin doesn't need the reputation of having any part of the pratical security depending on people cracking things.
584 2012-10-05 15:25:20 <gmaxwell> gavinandresen: https://bitcointalk.org/index.php?topic=102349.0
585 2012-10-05 15:26:11 <kjj_> ooh.  and the attacker can prepare the transaction to spend the found sentinel, but not broadcast it until he sees another on the network.  that halves the value of the found money, and gives him roughly double the time to attack the real wallet
586 2012-10-05 15:27:20 <jgarzik> gmaxwell: has anyone done any testing, to see how long that algorithm takes on a modern computer, in JS or C++?
587 2012-10-05 15:27:38 <gmaxwell> jgarzik: sipa has implementations in both for benchmarking.
588 2012-10-05 15:28:35 <gavinandresen> gmaxwell: re: 12 machine generated words:  yeah, I'm not going to memorize 12 machine generated random words.
589 2012-10-05 15:28:43 <gmaxwell> I'm unhappy with the minimum level of strenghtening it uses??? it's not enough to slow insecure keys down against 'gpu grade' attackers, but any more is too slow to be usable in JS. :(
590 2012-10-05 15:29:22 <gavinandresen> re: security depending on cracking things:  think of it as intrusion detection
591 2012-10-05 15:30:00 <gmaxwell> gavinandresen: Many electrum users have, it's not hard... Perhaps you wont; but you're also not going to go sign up for a notice system on sentinal transactions or even create them in the first place, or respond when it does do something. Email==spam for a lot of people now.
592 2012-10-05 15:30:09 <gmaxwell> gavinandresen: yes, I use wallets on hosts as attack tripwires.
593 2012-10-05 15:30:22 <gmaxwell> All my firewalls have wallets with a bitcoin in them. I've talked about this here before.
594 2012-10-05 15:30:27 <gavinandresen> gmaxwell: I assume a client that does the brainwallet thing will take care of all of that for the user.
595 2012-10-05 15:31:09 <gavinandresen> gmaxwell: ... and as I said in the gist, I'm glossing over a gazillion details.
596 2012-10-05 15:31:56 <gavinandresen> (maybe it is a SMS when one of your passphrases gets tripped, and if you're serious about your funds being secure you'd combine your brainwallet with multisig/multidevice transaction authorization....)
597 2012-10-05 15:32:08 <gmaxwell> gavinandresen: I'm not sure tht it can... first when you create a wallet you don't have funds in it.. getting past that, people are going to spaz out when some of their funds are diverted to more easily stolen addresses and then you have to explain it.  And when the user gets one stolen the software can't respond without their help, and it has to be online for it to happen.
598 2012-10-05 15:32:42 <gmaxwell> so does that create some centeralized attack target which knows the sentinel pairing?
599 2012-10-05 15:33:39 <gavinandresen> all great concerns.
600 2012-10-05 15:33:40 <gmaxwell> gavinandresen: and, of course this whole sidebar ignores that users memory is _not_ reliable. And unlike _every_ other kind of password security they encounter forgetting is utterly unrecoverable.
601 2012-10-05 15:34:03 <gmaxwell> whereas writing things down solves that neatly, and 12 words are no biggie to write down.
602 2012-10-05 15:34:18 <gavinandresen> Meh.  Memory is fuzzy, brute-forcing a sentinel on the user's behalf might be a service
603 2012-10-05 15:34:40 <gavinandresen> (I've actually thought about creating a brute-force-my-wallet-dat service....)
604 2012-10-05 15:34:58 <gmaxwell> yea, great so you'll legitimize cracking infrastructure so it can happen on an industrial scale with 14nm cracking asic farms.
605 2012-10-05 15:35:09 <gmaxwell> just.. yuck.
606 2012-10-05 15:35:26 <gmaxwell> I don't think the activation energy to get people to write down actully random values instead is all that great.
607 2012-10-05 15:35:44 <gavinandresen> ummm, industrial scale password/passphrase cracking is happening anyway.
608 2012-10-05 15:35:59 <gmaxwell> And it certantly requires less development and risky points (e.g. centeralized data collectors) than what you're suggesting.
609 2012-10-05 15:36:02 <Diablo-D3> back
610 2012-10-05 15:36:04 <gavinandresen> e.g. LastPass subscribing to that password-hash-gathering service.....
611 2012-10-05 15:36:05 <gmaxwell> gavinandresen: It's not VC funded.
612 2012-10-05 15:36:20 <Diablo-D3> kreal: Im seriously not seeing anything out of the way
613 2012-10-05 15:36:45 <kreal> strange
614 2012-10-05 15:36:58 <gavinandresen> gmaxwell: you sure pwnedlist.com isn't VC funded?
615 2012-10-05 15:36:59 <kreal> which linux dis?
616 2012-10-05 15:37:04 <Diablo-D3> debian
617 2012-10-05 15:37:24 <gavinandresen> gmaxwell: if I was a VC I'd fund them....
618 2012-10-05 15:39:03 <gmaxwell> In any case, the academic thinking on password security is that the same markov property that makes password material easily predicted is what makes them easily remembered; you don't get one without the other. The sentinel idea is _cute_ but it lowers the workfactor for attackers a lot, and it providing a benefit
619 2012-10-05 15:39:39 <gmaxwell> requires that the attackers feel enough compeition to race to grab the values... and that the users take action before the attacker gets both and permutes.
620 2012-10-05 15:40:28 <Diablo-D3> kreal: debian
621 2012-10-05 15:41:38 <gavinandresen> sure...  boiling the idea down, if it is a million times easier to crack the sentinel then a rational attacker will "take the money and run" if they think you have less than 1 million times the fund in the ultra-secure wallet.
622 2012-10-05 15:42:41 <gavinandresen> ... assuming that there are multiple attackers all trying to steal the sentinels.
623 2012-10-05 15:42:58 <Diablo-D3> kreal: according to wireshark statistics, 85% of packets and bytes are tcp, 43%/56% packets/bytes are my ssh session to my laptop.
624 2012-10-05 15:43:06 <gavinandresen> I'm probably making the whole thing more complicated with multiple passphrases.
625 2012-10-05 15:43:29 <Diablo-D3> kreal: theres nothing else popping up
626 2012-10-05 15:44:17 <kjj_> gavinandresen: but multiple passphrases is probably crucial.  with just one, getting the master wallet is easy, once the sentinel has been found
627 2012-10-05 15:44:49 <kreal> Diablo-D3 solar flares then only suggestion is to purge wallet.dat with a new.
628 2012-10-05 15:44:58 <Diablo-D3> kreal: bitcoin isnt even running =P
629 2012-10-05 15:45:00 <kjj_> gavinandresen: with two partials, the effort is slightly more than the effort of the weakest passphrase, which is hopefully enough time to mitigate
630 2012-10-05 15:45:27 <maaku> kreal: atmospheric nuke detonation might do the trick too ;)
631 2012-10-05 15:45:30 <kreal> have you considered the hardware?