1 2012-10-11 00:16:34 <gmaxwell> slush1: Luke's position is a bit overstated, but relative to using GMP other mining protocols are rather opaque and don't provide the same degree of informed consent. (though they save bandwidth!)
  2 2012-10-11 00:17:45 <slush1> gmaxwell: his one-sided view is exactly what is irritating me
  3 2012-10-11 00:17:53 <gmaxwell> Development time sure isn't free, but it would be nice if pools offered both??? and people in the community can work on conving miners that they should be sanity checking the work being issued to them.
  4 2012-10-11 00:18:35 <gmaxwell> slush1: Luke tends to take extreme positions in arguments; sometimes he successfully 'moves the middle' in his direction, other times it makes everyone want to die. :(
  5 2012-10-11 00:19:25 <slush1> gmaxwell: nobody gave me a real argument why is not possible to "sanity check" blocks produced by pool, instead of bloating mining protocol
  6 2012-10-11 00:20:09 <slush1> there's really not more information then can be found in block explorer hour later
  7 2012-10-11 00:20:12 <gmaxwell> slush1: Because the non-GMP protocols don't allow much in the way of sanity checking except prevout reversion (e.g. cutting back the chain to mine a fork)
  8 2012-10-11 00:20:37 <slush1> that's not true
  9 2012-10-11 00:20:42 <gmaxwell> an hour later is after the fact and can't reasonably be used to retarget miners to other pools; and some large pools hide their blocks.
 10 2012-10-11 00:20:42 <slush1> coinbase is visible in stratum
 11 2012-10-11 00:20:52 <gmaxwell> slush1: the coinbase but not the transactions.
 12 2012-10-11 00:21:12 <gmaxwell> Checking the coinbase doesn't do much unless you do coinbase epayments.
 13 2012-10-11 00:21:14 <slush1> how can pool mine fork when coinbase is visible in mining jobs?
 14 2012-10-11 00:21:54 <slush1> I still don't see any possible, "useful" and real attack vector by hiding transaction hashes from miners
 15 2012-10-11 00:21:59 <gmaxwell> local work generation was a good oppturnity to get more miners and pools using a more transparent mining protocol as a side effect... and luke is rightly frustrated that the hopes there are frustrated by stratum.
 16 2012-10-11 00:22:17 <gmaxwell> slush1: er. ... What the heck does seeing the coinbase have to do with mining a fork.
 17 2012-10-11 00:22:30 <slush1> gmaxwell: hm, blockheight in coinbase?
 18 2012-10-11 00:22:52 <slush1> well, it is still not enforced now, but it will be most likely in few months
 19 2012-10-11 00:22:58 <gmaxwell> slush1: you don't need to see the blockhight for that, you can track the prevhash. BFGminer does this already in fact.
 20 2012-10-11 00:23:13 <slush1> that's another argument, yes
 21 2012-10-11 00:23:27 <slush1> please, I'm asking for real, what attack vector is possible?
 22 2012-10-11 00:23:39 <slush1> Except delaying transaction processing, maybe
 23 2012-10-11 00:24:11 <slush1> fact that pool is mining fork is already visible in all existing protocols
 24 2012-10-11 00:24:15 <gmaxwell> slush1: Oh simple, people can continue to mining at height X while the network is on height X+n in order to mine blocks that reverse the main networks transactions.
 25 2012-10-11 00:24:54 <gmaxwell> You can also mine a bound to losing fork at any height without cutting back.
 26 2012-10-11 00:24:56 <slush1> ok, but how visibility of transactions in job definition help this?
 27 2012-10-11 00:25:34 <slush1> the *real* difference between gbt and stratum is that stratum provide only merkle branch, not full transaction list
 28 2012-10-11 00:25:35 <gmaxwell> Say I'm McCracker and I've linnode and managed to seize a big pool there completely, as well as network isolate mtgox.
 29 2012-10-11 00:25:50 <slush1> gmaxwell: ok. how gbt help in this?
 30 2012-10-11 00:25:54 <slush1> if pool is compromised?
 31 2012-10-11 00:25:57 <gmaxwell> I'll explain.
 32 2012-10-11 00:27:05 <gmaxwell> I can then make that pool mine 6 blocks of conflicted transactions to make a bogus fork to get mtgox to accept my funds.. etc. okay. So what GBT allows here is for the miner to consult independant sources of the current network state (local bitcoind, random bitcoin peers, other pools they mine with in parallel) to find out if the work they're given is conflicted by the view of the rest of the network.
 33 2012-10-11 00:27:29 <gmaxwell> Then they could switch their mining to some other place (another pool, solo, etc) until it clears up.
 34 2012-10-11 00:27:50 <slush1> gmaxwell: isn't comparing prevhash and block height enough?
 35 2012-10-11 00:27:54 <gmaxwell> And Luke is actually implementing features like this, so it's not just pure theory masterbation.
 36 2012-10-11 00:28:03 <slush1> how can pool mine "secret" blocks with correct prevhash?
 37 2012-10-11 00:28:40 <slush1> 6 block of conflicted transactions means that prevhas in current mining job is different than last prevhash in every other source
 38 2012-10-11 00:28:43 <gmaxwell> slush1: no, because you don't have to cut back.  E.g. you are mining normally, and then instead of following the network you branch off on a fork. This happens naturally sometimes, and it's not a sign of misconduct.
 39 2012-10-11 00:29:17 <gmaxwell> Its only a sign of misconduct when its reversing transactions in other forks (esp if they're longer)
 40 2012-10-11 00:29:22 <slush1> that's normal orphan block, I know
 41 2012-10-11 00:29:53 <slush1> s/I know/I think/
 42 2012-10-11 00:29:58 <gmaxwell> Right.
 43 2012-10-11 00:30:46 <gmaxwell> And sometimes orphan races can be several blocks long. We've had four deep, though that was weird and due to a difference in enforced rules (P2SH). I think the larges totally normal one I've seen is 2. (maybe 3? I don't recall)
 44 2012-10-11 00:31:11 <slush1> ok, I need to re-read this again
 45 2012-10-11 00:32:05 <MC1984> wobulation is a word
 46 2012-10-11 00:32:40 <gmaxwell> Now??? GBT isn't a magic bullet; without matching detection software, and using it ... it only makes it easier to collect data after the fact. E.g. if a pool issues some weird work that never make it into a block you can't do that block explorer after the fact check of what was going on.. but GBT with logging would make it possible.
 47 2012-10-11 00:32:50 <gmaxwell> But thats a narrower improvement.
 48 2012-10-11 00:33:00 <slush1> " if the work they're given is conflicted by the view of the rest of the network." - I don't know about specific algorithm, but you're generally saying that miner need complete list of hashes to do this, correct?
 49 2012-10-11 00:34:02 <slush1> well, "mining on the block that never make it into a block" is another story, but it is not an attack, right?
 50 2012-10-11 00:34:57 <gmaxwell> slush1: they need the hashes (and connecting fragments) for any transactions they're going to check. This might not be all of them. But sure, to completely check you need all (up to about 4000 maximum).  But for example, I could see miners actually only checking that transactions they're personally interested in are included and switching pools based on which ones are including their own txns.
 51 2012-10-11 00:35:30 <slush1> yes, it is *possible*, of course
 52 2012-10-11 00:35:36 <slush1> but it is not a prevention for attack
 53 2012-10-11 00:35:39 <gmaxwell> slush1: It could be an attempted attack. For example. If a pool is hopping a proportional pool as a proxy it would throw out a wad of the other pools work right when that pool began a round and stop.
 54 2012-10-11 00:35:52 <gmaxwell> (thats wrt not a successful block)
 55 2012-10-11 00:36:13 <gmaxwell> I think thats an attack but it only rarely produces blocks.. finny attacks can also only rarely produce blocks.
 56 2012-10-11 00:37:02 <gmaxwell> E.g. you attempt to reverse a transaction for just a brief time??? in the window of it being accepted by a vendor and the network extending the vendors payment twice (when you probably won't get longer anymore)
 57 2012-10-11 00:37:39 <gmaxwell> so this is something that could go on for months an only rarely be successful; it would be much more obvious from auditing GBT data.
 58 2012-10-11 00:38:07 <slush1> i probably don't get it. maybe I'm stupid or tired. or both
 59 2012-10-11 00:38:12 <gmaxwell> Though I admit I'm getting into a corner case there.. The normal "whats in this block, and is it reversing transactions which I think belong in the chain" is the more important thing.
 60 2012-10-11 00:38:29 <gmaxwell> slush1: We can talk tomorrow if you like. This stuff is subtle in any case.
 61 2012-10-11 00:39:14 <slush1> let me sumarize what you said, I need something to think about:
 62 2012-10-11 00:41:26 <slush1> a) some of corner cases will rarely be mined, because of some condition. Well, if the attack is based on coinbase, prevhash or whatever, it is still visible. If it is based on transaction list (which is hidden in stratum), then miners will see these broadcasted, but failed blocks as orphans in the network, so they can check that this block has been produced, but it is invalid in some way.
 63 2012-10-11 00:42:09 <slush1> b) there are some standard cases where pool can produce fork and revert transactions, but it is based on prevhash, which is visible in source data
 64 2012-10-11 00:42:34 <slush1> where I did mistake?
 65 2012-10-11 00:44:00 <slush1> I'm pragmatic man and I need real example, where miners need to see transaction list NOW while mining, otherwise it will destroy bitcoin network.
 66 2012-10-11 00:44:06 <gmaxwell> Couple points: Orphans don't propagate. Nodes only forward their best block. The only time a node hears an orphan is when its peers thought it best. and thats even assuming that you send them to the network at all: if you're going after mtgox or whatever you'll only give them to them.
 67 2012-10-11 00:44:53 <gmaxwell> And the attack is over, and the coins are all stolen before people see them after the fact. Especially since if it wasn't their node that found the block there is no reason they have to be able to reconize it.
 68 2012-10-11 00:45:09 <slush1> gmaxwell: why not implement notification feature to miners that they'll report block parameters which meet target difficulty?
 69 2012-10-11 00:45:21 <slush1> then every miner, but not propagated block will be visible
 70 2012-10-11 00:45:27 <gmaxwell> E.g. you could have the coinbase paying a different pubkey for every miner. Good luck identifying a block you worked on, but someone else solved.
 71 2012-10-11 00:46:38 <gmaxwell> Thats been discussed for detecting pool op payout cheating.  I don't see how, in this case, it would work: because you can't tell if someone is lying and saying they have slush work and it's really btcguild work.
 72 2012-10-11 00:46:49 <gmaxwell> 19:42 < slush1> b) there are some standard cases where pool can produce fork and revert transactions, but it is based on prevhash, which is visible in
 73 2012-10-11 00:46:49 <slush1> there are up to 10 miners which keeps 99% of mining stuff. If people are so concerned about not propagated blocks (blocks kept by pool, which is waiting to some block with special parameters), this is quite easy to achieve even without native support in mining protocol
 74 2012-10-11 00:47:28 <gmaxwell> No you don't have to do anything weird with prevhash to make a fork, you have to do weird things with prevhash to cut back on the chain.. But if the fork starts _now_ it looks like a normal block race.
 75 2012-10-11 00:48:33 <gmaxwell> slush1: the attacker who has compromised the pool is just redirecting the work to their own poolserver daemon which is only feeding the isolated victim nodes. There is no way to make those blocks visible except if the miners demand them from the pool.
 76 2012-10-11 00:49:58 <slush1> as well as miners are going to check their transactions against some external (not provided by the pool) interface, they can report to that external service that they found block candidate
 77 2012-10-11 00:50:09 <slush1> well, we're talking about really corner cases.
 78 2012-10-11 00:51:11 <gmaxwell> This doesn't help them _stop_ attacking. Hours later we might have enough data to know your pool was compromised and used to rip off hundreds of merchants.  But then the attacks are done, you're out of business but the damage is done ??? to the merchants and to bitcoin's reputation.
 79 2012-10-11 00:51:20 <slush1> afaik no merchant should rely on single block confirmation, so most of these corner cases won't work in real world, unless more pools will be hijacked in same time
 80 2012-10-11 00:51:32 <gmaxwell> Except they do.
 81 2012-10-11 00:52:00 <slush1> well, we should compute the cost of such prevention and potential damage
 82 2012-10-11 00:52:01 <gmaxwell> And you can do more than single block confirmations if the attacker can isolate the merchant, via exploiting their network or using a botnet to run a zillion sybil nodes.
 83 2012-10-11 00:52:12 <slush1> there's still a chance that earth will be destroyed tomorrow
 84 2012-10-11 00:52:34 <gmaxwell> slush1: I think an interesting point is that you don't have to have all miners doing this stuff to get a degree of protection.
 85 2012-10-11 00:53:03 <slush1> I'm sure some miners will be using GBT. For example these on p2pool :)
 86 2012-10-11 00:53:05 <gmaxwell> E.g. some random couple percent doing it become watchdogs. enabling responses that might cut the attack short enough to mitigate the damage.
 87 2012-10-11 00:53:22 <gmaxwell> slush1: sure, but that doesn't help when the crackers get your pool.
 88 2012-10-11 00:53:26 <slush1> I know
 89 2012-10-11 00:53:40 <slush1> because I really don't think there's *real* risk in all cases you mention
 90 2012-10-11 00:53:44 <gmaxwell> It would need to be some miners on every large pool to have a protective effect.
 91 2012-10-11 00:54:10 <gmaxwell> slush1: fine, let me control the transaction set for your pool for a week. I will sucessfully, with consense, rob a site.
 92 2012-10-11 00:54:16 <gmaxwell> er, consent.
 93 2012-10-11 00:54:43 <gmaxwell> hm. need to figure out how to do that without causing you orphans.
 94 2012-10-11 00:54:46 <slush1> this is interesting. Can you describe for me how?
 95 2012-10-11 00:54:50 <gmaxwell> (an attacker doesn't care)
 96 2012-10-11 00:54:51 <slush1> hehe
 97 2012-10-11 00:55:15 <slush1> an attacker doesn't care, but I have quite sophisticated monitoring
 98 2012-10-11 00:55:30 <slush1> and users definitely care!
 99 2012-10-11 00:55:31 <gmaxwell> slush1: I'd just do 1 confirm reversals on sites that accept 1 confirm transactions, there are a bunch of them.
100 2012-10-11 00:55:42 <slush1> they will see lot of orphans or very long round
101 2012-10-11 00:55:47 <slush1> (as orphans will be filtered out)
102 2012-10-11 00:55:54 <gmaxwell> right I'm just pointing out that if it were a test it would need to be without orphans but an attacker isn't so constrained.
103 2012-10-11 00:56:16 <slush1> honestly, accepting 1 confirmation transactions is not recommended, it is mentioned on many places.
104 2012-10-11 00:56:23 <gmaxwell> and yea, perhaps it'll trip your monitoring; but thats like assuming you can't be hacked: it might be true, but we shouldn't have the system's security depend at all on your security.
105 2012-10-11 00:56:57 <slush1> I think *now* we're talking about real things. It is really no easy to "hijack the pool" unless operator or users are completely blind
106 2012-10-11 00:57:10 <gmaxwell> slush1: TD goes around recommending it ::shrugs:: I agree but people do it.  of course, if I get you and btcguld and deepbit I have a majority and can fork without falling behind.
107 2012-10-11 00:58:08 <gmaxwell> Keep in mind that the bitcoin economy is many millions of dollars now. 'easy' is relative.  The major complication is that attacks that steal bitcoins destroy those bitcoin's value.
108 2012-10-11 00:58:46 <slush1> I understand that and I'm taking poolop job very seriously.
109 2012-10-11 00:58:53 <gmaxwell> But this consolidation does make it harder to reason about bitcoin's security: bitcoin is secure if single attackers don't control lots of hashpower (the attacks are very powerful if they have a super majority)
110 2012-10-11 00:59:16 <gmaxwell> Well can the attacker get a super majority?  Well. He can if he wants to hold three people at gunpoint.
111 2012-10-11 00:59:46 <gmaxwell> And I believe you take it seriously, or we wouldn't be having this conversation? Is that universally true? will it be true a year from now?
112 2012-10-11 00:59:58 <gmaxwell> (I mean not you??? but some other pool a year from now?)
113 2012-10-11 01:01:23 <gmaxwell> ;;ticker
114 2012-10-11 01:01:24 <gribble> Best bid: 12.00467, Best ask: 12.07999, Bid-ask spread: 0.07532, Last trade: 12.05001, 24 hour volume: 25377, 24 hour low: 11.80686, 24 hour high: 12.19
115 2012-10-11 01:01:27 <gmaxwell> ;;bc,blocks
116 2012-10-11 01:01:28 <gribble> 202755
117 2012-10-11 01:02:08 <Graet> i think it would be as easy for an attacker to hold devs at gunpoint as it would pool operators in different countries - is this a really valid or an extreme corner case?
118 2012-10-11 01:02:22 <gmaxwell> Blowing up a 121 million dollar system by taking four computer geeks at gunpoint sounds pretty vulnerable, even though I agree that it's a little bit of a movie-plot threat. :P
119 2012-10-11 01:02:30 <gmaxwell> s/four/three or for/
120 2012-10-11 01:02:48 <gmaxwell> Graet: holding the devs at gunpoint doesn't do much, unless you can do it for weeks.
121 2012-10-11 01:03:07 <slush1> gmaxwell: can we calculate real cost of such attack?
122 2012-10-11 01:03:10 <gmaxwell> Graet: and we've discussed this and intentionally avoided creating a situation where it would do anything: we don't want to be held at gunpoint!
123 2012-10-11 01:03:13 <Graet> but about as likely (outside of cinema)
124 2012-10-11 01:03:13 <slush1> I mean - gun attack to pool op?
125 2012-10-11 01:03:27 <MC1984> im slightly asspained youre all in the same juristiction
126 2012-10-11 01:03:27 <slush1> How quick bitcoin network repair from it? I think pretty quickly
127 2012-10-11 01:04:08 <Graet> for my pool you would need to locate at least 5 people some in au, some in us some in eu
128 2012-10-11 01:04:18 <gmaxwell> slush1: these attacks don't cause anything to 'repair' technically, I mean the network is perfectly happy to reorg and erase a ton of transactions and blow away peoples wallets and leave vendors bankrupt. It wouldn't blink an eye.
129 2012-10-11 01:04:38 <slush1> even if there'll be an attack and me, Graet, Eleuthria and Tycho will be dead, it will take few hours to people realize that something is wrong
130 2012-10-11 01:04:45 <gmaxwell> But _trust_ in the network that did that? that might be irreparable.
131 2012-10-11 01:05:30 <gmaxwell> slush1: but if doing crazy things with pools make miners _turn off_ or switch to non crazy pools then the attack is less likely to happen in the first place.
132 2012-10-11 01:05:40 <slush1> actually ponzi schemes like pirateat40 are much bigger threat to the bitcoin project
133 2012-10-11 01:05:53 <slush1> but well - there's no cryptographical defense, so let's ignore it :)
134 2012-10-11 01:06:11 <gmaxwell> slush1: All threats are threats. But that there is some other one??? which I fought against to the extent I was able!??? doesn't excuse ignoring other ones.
135 2012-10-11 01:07:12 <gmaxwell> and I'm less sure of the overall risk of pirateat40: the victims mostly blame themselves, and as wrong as that is, it diverts the negative attention from bitcoin itself somewhat.
136 2012-10-11 01:07:40 <gmaxwell> Plus those things happen outside of bitcoin: it's likely pirateat40 was just another front for a much larger non-bitcoin ponzi scheme that got shut down at the same time.
137 2012-10-11 01:07:46 <slush1> well, I think that I get your point now. But I'm still not convinced that the difference in "sanity checks" between GBT and Stratum is so big that it excuse higher running cost of GBT
138 2012-10-11 01:07:49 <gmaxwell> While these technical attacks are 'unique' to bitcoin.
139 2012-10-11 01:08:49 <gmaxwell> slush1: Well I think thats the core of the debate really. Luke has already invested significant time eating development costs for GBT... so the only question left there is bandwidth... which can be mitigated greatly through client side rolling.
140 2012-10-11 01:08:49 <slush1> that "business" of pirateat40 affected all of us, at least because price bumping heavily between 15$-8$
141 2012-10-11 01:09:30 <slush1> that's also about trust - "well, you see, that crypto stuff is volatile as hell, don't put money into it!"
142 2012-10-11 01:10:31 <gmaxwell> slush1: it's not clear to me what role he had in the exchange rate fluctuations. (people were arguing for months that he was creating stability!) And we have had significant volitility absent him in any case. ::shrugs:: I don't intend to argue this though, I agree he was bad.
143 2012-10-11 01:10:49 <gmaxwell> But right now when someone looks at bitcoin they can ask??? ignoring the speculative economics??? is it technically sound.
144 2012-10-11 01:11:14 <slush1> same people who give him hundreds of thousands bitcoins? :)
145 2012-10-11 01:11:36 <gmaxwell> And the answer to this is that bitcoin is based on a byzantine consensus algorithim which provides security so long as attackers can't locally overpower the network. And the consolidation of hashing power in pools makes it really hard to say we can be sure that an attacker can't.
146 2012-10-11 01:12:11 <gmaxwell> someone argued to me once, for example, that all major pools could be run by one person and we wouldn't know.
147 2012-10-11 01:12:36 <gmaxwell> I'd like to be able to point to totally distributed sanity checking in most of the contributing miners and say "this is why pools themselves _can't_ be a threat"
148 2012-10-11 01:12:54 <gmaxwell> slush1: no.. hah _not_ the same people.
149 2012-10-11 01:13:49 <gmaxwell> I'd also take a bet against him having 'hundreds of thousands of bitcoin' the figures people used on the forums came from _guessing_ which addresses were his based on activity time and then assuming all their activity was payouts and multiplying it by 14.
150 2012-10-11 01:14:06 <gmaxwell> (but thats another aside)
151 2012-10-11 01:15:31 <gmaxwell> I've got to run. Good talking!
152 2012-10-11 01:22:54 <MC1984> That, and because of the bailiffs who have bought title to your other self's business debts. They are waiting for you in Jupiter system with warrants and headsuckers to extract your private keys."
153 2012-10-11 01:23:15 <MC1984> the future of bitcoin
154 2012-10-11 01:27:24 <slush1> gmaxwell: thanks for the talk, I was AFK and I have to go sleep now
155 2012-10-11 01:30:51 <slush1> although I don't think that pure technical attacks are somewhat real, the concern that pool ops can become a target of some attack to overtake the network *is* real.
156 2012-10-11 01:31:18 <slush1> I don't think that it is so much real and not now, because network is still pretty small.
157 2012-10-11 01:31:34 <slush1> But as far as there'll be few bilions $$$ in market cap...
158 2012-10-11 01:31:46 <slush1> gn
159 2012-10-11 02:10:01 <Evilmax> c'? qualche italiano? mi contatti in pvt per favore
160 2012-10-11 04:37:29 <jeremias> is there an easy way to get unpsent transactions related to certain bitcoin address
161 2012-10-11 04:37:36 <jeremias> with bitcoind
162 2012-10-11 05:03:21 <sipa> jeremias: listunspent
163 2012-10-11 05:04:01 <jeremias> sipa: thanks, but how do I know which transactions belong to that particular address?
164 2012-10-11 05:04:56 <jeremias> just iterate through all the unspent transactions, and check if the transaction is there?
165 2012-10-11 05:09:45 <jeremias> err address
166 2012-10-11 05:27:30 <finway> sipa, i remember you said ultraprune has some issue dealing with large scale of reorg ?
167 2012-10-11 05:30:08 <sipa> gmaxwell, slush1: i'm not sure stratum and electrum should serve the same purpose
168 2012-10-11 05:31:33 <sipa> the mining industry is an economy, it will find its own solutions for dealing with scalability, and i don't think "we" need to do it for them
169 2012-10-11 05:32:49 <sipa> with GBT, there is a rich interface for block creation, to the point that we really don't need to expose anything further for special cases
170 2012-10-11 05:33:50 <sipa> that said, i'd like to see more miners move to decentralized block creation (which may, but doesn't have to be something like p2pool)
171 2012-10-11 05:35:26 <sipa> finway: if you pruned a block away that later gets reorgd, you are stuck
172 2012-10-11 05:35:58 <sipa> or rather the client should pop up a big box, and reset from scratch
173 2012-10-11 05:38:26 <finway> sipa, if i'm stuck, can i rest and start again without a full copy of blockchain ?
174 2012-10-11 05:38:57 <sipa> jeremias: i thought there was an improvement that allows specifying the output address in listunpent - not sure if it got in for 0.7.1
175 2012-10-11 05:39:00 <sipa> finway: no
176 2012-10-11 05:39:46 <finway> sipa, i mean ,locally
177 2012-10-11 05:40:09 <sipa> how do you mean?
178 2012-10-11 05:40:24 <finway> can i rest and start again with the help of bitcoin network?
179 2012-10-11 05:40:32 <sipa> yes, sure
180 2012-10-11 05:40:46 <sipa> just download all blocks again
181 2012-10-11 05:40:54 <sipa> but that isn't cheao
182 2012-10-11 05:41:39 <finway> oh, i see
183 2012-10-11 05:41:43 <finway> thanks
184 2012-10-11 05:41:44 <sipa> if many people continuously needed to do thst, there'd be a problem for the network
185 2012-10-11 05:43:49 <UukGoblin> is there a live distro that works with bitcoind?
186 2012-10-11 05:44:03 <UukGoblin> I'm getting libstdc++.so.6: version `GLIBCXX_3.4.11' not found on slax
187 2012-10-11 05:45:17 <finway> sipa, do you have a copy of ultraprune binaries on windows ?
188 2012-10-11 05:45:55 <finway> sipa, does ultraprune got stuck with every reorg ?
189 2012-10-11 05:49:59 <sipa> finway: only if you don't have the data for the block being reorgd
190 2012-10-11 05:50:30 <finway> that's much better.
191 2012-10-11 05:50:51 <wumpus> UukGoblin: Ubuntu (any version) should work
192 2012-10-11 05:51:06 <sipa> and as pruning isn't implemented right now, tgat should never happen...
193 2012-10-11 05:51:26 <sipa> wumpus: any version >=lucid
194 2012-10-11 05:51:35 <Evilmax> c'? qualche italiano? mi contatti in pvt per favore
195 2012-10-11 05:51:40 <wumpus> sipa: lol, yes
196 2012-10-11 05:51:47 <wumpus> any *somewhat recent* version
197 2012-10-11 05:51:55 <sipa> Evilmax: sorry, english here
198 2012-10-11 05:52:42 <Evilmax> hi sipa
199 2012-10-11 05:52:49 <sipa> i think he asks someone who speaks italian to contact him in private
200 2012-10-11 05:52:54 <Evilmax> i have to ask for arbitrage mothods
201 2012-10-11 05:52:57 <Evilmax> methods
202 2012-10-11 05:53:06 <Evilmax> i don't know them
203 2012-10-11 05:53:31 <Evilmax> yes...it would be very hard to explain that in english
204 2012-10-11 05:53:35 <Evilmax> about arbitrage i mean
205 2012-10-11 05:53:42 <Evilmax> for me
206 2012-10-11 05:54:00 <Evilmax> and than it is different arbitrage methods from italia
207 2012-10-11 05:54:11 <Evilmax> because banks
208 2012-10-11 05:54:14 <Evilmax> card etc
209 2012-10-11 05:54:32 <Evilmax> i have to move money fast
210 2012-10-11 05:54:34 <wumpus> this is the development channel, trading is off-topic here
211 2012-10-11 05:54:38 <Evilmax> for that, as i move btc
212 2012-10-11 05:54:43 <Evilmax> ah ok
213 2012-10-11 05:54:45 <Evilmax> sorry
214 2012-10-11 05:54:51 <Evilmax> development?
215 2012-10-11 05:55:00 <wumpus> yes, code and stuff, you know...
216 2012-10-11 05:55:04 <Evilmax> i have many questions on development too
217 2012-10-11 05:55:12 <sipa> shoot
218 2012-10-11 05:55:25 <Evilmax> i need a software, free, for trade on sites in automatic
219 2012-10-11 05:55:30 <Evilmax> as i do in forex
220 2012-10-11 05:55:34 <Evilmax> a platform
221 2012-10-11 05:55:39 <sipa> still trading
222 2012-10-11 05:55:42 <wumpus> sigh...
223 2012-10-11 05:56:20 <sipa> here we discuss the development of bitcoin as a currency and network node implementations
224 2012-10-11 05:56:26 <wumpus> I may not have been clear, but I mean development of the bitcoin client and network
225 2012-10-11 05:57:18 <Evilmax> yes
226 2012-10-11 05:57:20 <Evilmax> client
227 2012-10-11 05:57:24 <Evilmax> that i mean
228 2012-10-11 05:57:29 <wumpus> and actual technical discussion about the code and design, not "I need xxx"
229 2012-10-11 05:57:51 <Evilmax> if exist a client that connect trade sites for place automatic orders
230 2012-10-11 05:58:27 <sipa> if it wasn't ckear before: it is not about trading here
231 2012-10-11 05:58:48 <Evilmax> ok, sorry again
232 2012-10-11 06:06:11 <Evilmax> why my btc client (qt) on opening give me a balance of  123 btc and then it disappared?
233 2012-10-11 06:06:18 <Evilmax> it is a bug of client?
234 2012-10-11 06:06:41 <sipa> yes
235 2012-10-11 06:06:52 <sipa> fixed in 0.7 iirc
236 2012-10-11 06:09:39 <wumpus> yes, was fixed already
237 2012-10-11 10:20:57 <gmaxwell> https://github.com/bitcoin/bitcoin/pull/1872  < would anyone like any other specific tests on this?
238 2012-10-11 10:43:11 <t7> isnt it time to use C++11 yet?
239 2012-10-11 10:43:19 <t7> BOOST_FOREACH is nasty
240 2012-10-11 10:54:38 <sipa> t7: as soon as we can switch to recent compilers for every support platform, maybe
241 2012-10-11 10:54:58 <sipa> gitian mingw32 is still on gcc 4.2, for example
242 2012-10-11 10:55:02 <t7> well you can only target compilers that can use boost
243 2012-10-11 10:55:18 <t7> oh i use a newer mingw than that
244 2012-10-11 10:55:45 <t7> 
ACTION has another look at gitian

245 2012-10-11 10:56:04 <t7> 
ACTION thought you meant embedded compilers or something

246 2012-10-11 11:11:27 <UukGoblin> http://www.judge.me/
247 2012-10-11 11:11:34 <UukGoblin> pretty cool if only they accepted bitcoins
248 2012-10-11 11:11:59 <UukGoblin> OH NOES
249 2012-10-11 11:12:02 <UukGoblin> THEY DO ACCEPT BITCOIN
250 2012-10-11 11:13:48 <wumpus> t7: the problem is that we use a ubuntu lucid image to build in, which doesn't have newer (usable) mingw available. The reason that we use such an old ubuntu is that the linux binaries that are built need to be compatible with a wide range as possible linux distributions...
251 2012-10-11 11:14:38 <t7> ah I see
252 2012-10-11 11:14:40 <wumpus> t7: of course, building the windows executables could be done in a newer ubuntu virtual image, however, I don't think lucid has any c++11 compilers available even for native linux :)
253 2012-10-11 11:15:11 <UukGoblin> sorry, that's probably not the best channel to post that
254 2012-10-11 11:15:21 <gmaxwell> C++ binary compatiblity (well, heck, source level too) is a sad sad story.
255 2012-10-11 11:15:53 <wumpus> so, yes, switching to C++11 would be nice, but isn't a priority right now (it's in the same boat as switching to qt 5...)
256 2012-10-11 11:16:20 <wumpus> C++ is a sad story, period
257 2012-10-11 11:18:23 <edcba> UukGoblin: what is it for ?
258 2012-10-11 11:18:51 <UukGoblin> edcba, it's an online court for small claims arbitration
259 2012-10-11 11:18:58 <UukGoblin> edcba, legally binding in 146 countries
260 2012-10-11 11:24:10 <wumpus> just as compilers were starting to stabilize a bit, some joker adds even more features, making the language even more complex and giving new reasons to break the ABIs all over again
261 2012-10-11 11:24:50 <edcba> so i want to sue you for the socks you didn't send me i go to that site and that will enforce you to send me the socks ?
262 2012-10-11 11:25:44 <wumpus> by the time people have defined what a C++11 ABI should be, it's time for C++20 :-)
263 2012-10-11 11:26:52 <UukGoblin> edcba, sort of... if both parties agreed to use judge.me for that, then yes
264 2012-10-11 11:27:11 <UukGoblin> edcba, they have a free clause that you can include in your contracts
265 2012-10-11 11:27:33 <UukGoblin> I guess if you're buying socks, it might be awkward for the seller to sign your contract
266 2012-10-11 11:28:10 <edcba> ok so you have to agree using a third party to resolve that
267 2012-10-11 11:28:24 <wumpus> well replace "socks" with "ASIC miner" and you have a good use case
268 2012-10-11 11:28:53 <UukGoblin> http://www.judge.me/online_arbitration#clause
269 2012-10-11 11:28:55 <edcba> i don't see why it requires special legislation
270 2012-10-11 11:29:08 <edcba> only electionic signature
271 2012-10-11 11:30:11 <UukGoblin> edcba, what, for an arbitrator's decision to be legally binding?
272 2012-10-11 11:30:43 <edcba> dunno but anyway if a site can makes a contract with the two parties...
273 2012-10-11 11:31:40 <UukGoblin> edcba, I'm lost, what's your argument again? that anyone could arbitrate like that?
274 2012-10-11 11:31:51 <edcba> yes ?
275 2012-10-11 11:32:55 <edcba> now i wonder if arbitration is a legal term or not at all
276 2012-10-11 11:33:12 <UukGoblin> but their decision wouldn't be legally binding
277 2012-10-11 11:33:23 <edcba> by contract
278 2012-10-11 11:33:38 <UukGoblin> I don't know IANAL
279 2012-10-11 11:34:27 <edcba> neither do i
280 2012-10-11 11:34:38 <edcba> anyway that looks like a nice service
281 2012-10-11 11:34:56 <edcba> but i wonder if it wouldn't skew over big companies
282 2012-10-11 11:35:15 <UukGoblin> it certainly shouldn't
283 2012-10-11 11:35:44 <edcba> it shouldn't but big company C has choice between arbitrator A and B...
284 2012-10-11 11:37:10 <edcba> even if both plaintiff and defendant pays, total share of money spent by companies will influence arbitrators
285 2012-10-11 11:38:24 <UukGoblin> you only pay $149.5 per case per side
286 2012-10-11 11:39:01 <TD> UukGoblin: interesting
287 2012-10-11 11:39:04 <TD> UukGoblin: thanks for the link
288 2012-10-11 11:39:18 <TD> now if only we had 2-of-3 dispute mediation framework
289 2012-10-11 11:39:41 <edcba> if C has 1M customers and tells them they need to arbitrate on A
290 2012-10-11 11:39:50 <UukGoblin> TD, they have an API ;-]
291 2012-10-11 11:39:56 <helo> ARRR! BIT RAGE!
292 2012-10-11 11:40:03 <helo> 
ACTION casually walks away

293 2012-10-11 11:40:11 <edcba> but then B has better "rate" it will just tell newer customers to arbitrate on B
294 2012-10-11 11:40:27 <edcba> and a lot of revenue will so go to A from B
295 2012-10-11 11:41:02 <UukGoblin> A and B being arbitration providers?
296 2012-10-11 11:41:04 <edcba> ie A & B may be incenticived? to give a better arbitration to C
297 2012-10-11 11:41:07 <edcba> yes
298 2012-10-11 11:41:22 <UukGoblin> well
299 2012-10-11 11:41:33 <UukGoblin> I don't know, I guess it might happen
300 2012-10-11 11:41:52 <UukGoblin> both should be fair arbitrators though
301 2012-10-11 11:42:23 <edcba> but it's skewed to bad arbitrators
302 2012-10-11 11:42:33 <edcba> since they will end up with more arbitrations
303 2012-10-11 11:43:12 <edcba> so more money...
304 2012-10-11 11:44:46 <UukGoblin> I'm sure to be legally binding, they must maintain a level of unbiasness (?)
305 2012-10-11 11:45:19 <UukGoblin> I guess if you're selling a large enough item, these guys might be better than ebay
306 2012-10-11 11:45:51 <UukGoblin> ebay fees will be like 3% or sth, if you're selling something worth $10k or more and already have a buyer...
307 2012-10-11 12:05:03 <UukGoblin> I've sent an email to butterflylabs asking if they'd sign a judge.me clause
308 2012-10-11 12:05:07 <UukGoblin> :->
309 2012-10-11 12:20:11 <sipa> gavinandresen: pushed my linux sigs
310 2012-10-11 12:20:49 <gavinandresen> sipa: thanks, I'll announce 0.7.1rc1 in a bit (about to start a meeting)
311 2012-10-11 12:21:18 <UukGoblin> I saw 0.7.1rc1 yesterday! ;-]
312 2012-10-11 12:46:03 <Luke-Jr> [13:12:00] <UukGoblin> THEY DO ACCEPT BITCOIN
313 2012-10-11 12:46:08 <Luke-Jr> UukGoblin: I see no evidence of that on their site
314 2012-10-11 12:46:51 <gmaxwell> Luke-Jr: I wonder about a PoS system that did something like "every transaction includes the hash of the best block when the transaction was written; when a miner creates a block the target is diff / f(sum coin days destroyed from transactions whos commited value is within N blocks on this chain); perhaps that only moves the rational attack behavior back a level though (produce txn for every fork you see)
315 2012-10-11 12:47:30 <UukGoblin> Luke-Jr, "We accept Visa, MasterCard, American Express, Discover, Paypal and Bitcoin." on http://www.judge.me
316 2012-10-11 12:47:47 <Luke-Jr> 
ACTION wonders how he missed that XD

317 2012-10-11 12:47:55 <Luke-Jr> still, doesn't price in Bitcoin :x
318 2012-10-11 13:19:46 <slavik03292> Hey, I'm a PHP dev available for work. I can build pretty much everything and have experience making bitcoin applications
319 2012-10-11 13:28:49 <imisor> slavik03292, im interested.. not much of php mut hc-code mostly :)
320 2012-10-11 13:28:59 <imisor> i kinda hate php ;)
321 2012-10-11 13:30:42 <slavik03292> imisor: why hate PHP?
322 2012-10-11 13:31:53 <UukGoblin> slavik03292, http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/
323 2012-10-11 13:32:41 <slavik03292> i love PHP
324 2012-10-11 13:34:33 <imisor> slavik03292, boring scripting language but maybe its just good :D
325 2012-10-11 13:34:43 <imisor> i cando but dont wanna do
326 2012-10-11 13:34:57 <slavik03292> boring? how so?
327 2012-10-11 13:34:58 <imisor> i like more of breaking code etc
328 2012-10-11 13:35:06 <imisor> slavik03292, how? ,-)
329 2012-10-11 13:35:06 <slavik03292> i've been coding PHP for 10 years
330 2012-10-11 13:35:16 <imisor> slavik03292, u r a monster
331 2012-10-11 13:35:22 <imisor> or masokist
332 2012-10-11 13:35:53 <slavik03292> not at all, never had any issues
333 2012-10-11 13:39:34 <UukGoblin> slavik03292, are you looking to volunteer for the good of bitcoin, or are you looking for a paid job?
334 2012-10-11 13:41:16 <slavik03292> UukGoblin: either. I am just as excited about bitcoins as I am about coding :)
335 2012-10-11 13:45:38 <UukGoblin> slavik03292, I have some high-level ideas of p2p projects that could work well with bitcoins
336 2012-10-11 13:46:01 <slavik03292> UukGoblin: tell me more
337 2012-10-11 13:46:02 <UukGoblin> not sure how compatible the ideas are with PHP though... they're more backendy
338 2012-10-11 13:46:14 <slavik03292> PHP is a scripting language
339 2012-10-11 13:46:16 <slavik03292> you can do anything
340 2012-10-11 13:46:18 <UukGoblin> there's a p2p poker idea, there's a p2p social network idea
341 2012-10-11 13:46:40 <UukGoblin> well yeah, but it's sort of mostly-good for websites
342 2012-10-11 13:47:17 <UukGoblin> I had a quite wide idea of a p2p web-of-trust thingy
343 2012-10-11 13:47:33 <UukGoblin> damn I should starting writing all this stuff down in some more consistent way
344 2012-10-11 13:47:41 <slavik03292> heh
345 2012-10-11 13:48:40 <slavik03292> UukGoblin: why not just have a poker site on TOR
346 2012-10-11 13:49:08 <UukGoblin> slavik03292, because of scalability
347 2012-10-11 13:49:24 <UukGoblin> and because a single site is prone to charging rake
348 2012-10-11 13:49:28 <sipa> in most cases a centralized approach scales more easily than a decentralized
349 2012-10-11 13:49:39 <sipa> decentralized is not the same thing as distributed
350 2012-10-11 13:49:53 <UukGoblin> nice distinction
351 2012-10-11 13:50:17 <UukGoblin> I'm all for decentralized AND distributed, I guess
352 2012-10-11 13:50:27 <slavik03292> I don't know how secure a decentralized poker system would be
353 2012-10-11 13:50:42 <slavik03292> who seeds the randomizer?
354 2012-10-11 13:50:54 <UukGoblin> if implemented properly, for 2 persons, it can be pretty goddamn secure
355 2012-10-11 13:50:58 <gmaxwell> slavik03292: thats the easiest thing to solve.
356 2012-10-11 13:51:17 <fiesh> how do you secure the payout?
357 2012-10-11 13:51:23 <gmaxwell> slavik03292: everyone precommmits to a contributing random value, then everyone discloses their random values and you hash them all.
358 2012-10-11 13:51:23 <UukGoblin> more than 2 players start to have problems with collusion, and that's were a web-of-trust is needed
359 2012-10-11 13:51:33 <slavik03292> if the seed is known, you can see the whole deck
360 2012-10-11 13:51:37 <fiesh> how can the winner be sure to get their winnigs?
361 2012-10-11 13:51:40 <gmaxwell> web-of-vomit.
362 2012-10-11 13:51:46 <UukGoblin> slavik03292, see LibTMCG
363 2012-10-11 13:52:20 <UukGoblin> fiesh, through an arbitrator / oracle
364 2012-10-11 13:52:45 <fiesh> UukGoblin: where rake comes in...
365 2012-10-11 13:52:46 <gmaxwell> slavik03292: sure, I was just pointing out that a secure random value is the easiest problem. 'mental poker' has a fair amount of research.
366 2012-10-11 13:53:06 <UukGoblin> fiesh, yes, but that rake would only be charged when there's a conflict, not during normal honest game
367 2012-10-11 13:53:16 <slavik03292> someone has to handle the entire deck
368 2012-10-11 13:53:33 <UukGoblin> slavik03292, no, it can all be distributed. Check out LibTMCG.
369 2012-10-11 13:53:35 <fiesh> UukGoblin: agreed, that's an advantage
370 2012-10-11 13:54:02 <helo> if i haven't generated any new transactions, or received any coin, why is wallet.dat's modification time updated when i close bitcoin-qt?
371 2012-10-11 13:54:16 <sipa> helo: it remembers which part of the blockchain it has seen
372 2012-10-11 13:54:27 <sipa> helo: so it knows where to start rescanning, if the blockchain gets updated
373 2012-10-11 13:54:29 <slavik03292> interesting, will play
374 2012-10-11 13:54:32 <helo> ahhh, ty
375 2012-10-11 13:54:32 <slavik03292> with it
376 2012-10-11 13:54:58 <UukGoblin> gmaxwell, vomit-shmomit. And how are you, anyway? ;-)
377 2012-10-11 13:56:15 <UukGoblin> slavik03292, I've written a small proof of concept to see how much processing power would be needed for a 10-player game.
378 2012-10-11 13:57:40 <UukGoblin> shuffling a deck among 10 players takes 90 seconds on a modern AMD processor, and transfers 80MB of data in total.
379 2012-10-11 13:58:08 <UukGoblin> (plenty of room for optimisations there, of course, but that's the rough estimate)
380 2012-10-11 13:59:45 <slavik03292> wow
381 2012-10-11 13:59:57 <slavik03292> im looking at the spec and algorithms
382 2012-10-11 14:00:12 <slavik03292> 90 seconds is quite some time
383 2012-10-11 14:00:16 <gmaxwell> UukGoblin: Hi! Doing well, and you?  Sorry for mocking your web of treachery :P I just find it laughable, in particular, because collusion is not really reliably detectable.
384 2012-10-11 14:00:49 <UukGoblin> gmaxwell, I'm good, yeah, got a nice job
385 2012-10-11 14:01:02 <UukGoblin> no worries, I totally agree and always welcome a good mockery or 2
386 2012-10-11 14:01:17 <fiesh> but collusion is never reliably detectable?
387 2012-10-11 14:01:28 <UukGoblin> it's not even reliably detectable on centralized poker sites
388 2012-10-11 14:01:50 <helo> you can find some statistical evidence that it is likely, but you can't rely on it being true
389 2012-10-11 14:01:50 <UukGoblin> that's why I'm mostly hoping for a 1v1 game.
390 2012-10-11 14:02:06 <gmaxwell> UukGoblin: why's it so slow? The way I'd implement it is by homomorphic (composable) encryption of the deck by every player, then cycle all the cards through the players as a mix network.. then have them draw by decrypting cards one by one.
391 2012-10-11 14:02:15 <UukGoblin> shuffling a deck between 2 players only takes 3 seconds and transfers 2MB
392 2012-10-11 14:02:30 <gmaxwell> helo: right statistical evidence isn't really good enough to de-trust a 'friend'.
393 2012-10-11 14:02:50 <gmaxwell> UukGoblin: how does what you're doing work?
394 2012-10-11 14:03:19 <UukGoblin> gmaxwell, yup, that's pretty much how it's implemented. It's just there's a lot of encryption, and the way libTMCG works is that only 1 player at a time encrypts the deck, then transfers to every other.
395 2012-10-11 14:04:04 <gmaxwell> I guess the encryption is as slow as RSA signing, too. hm.
396 2012-10-11 14:04:38 <UukGoblin> gmaxwell, re de-trusting a "Friend", I was more thinking of an automated objective web of trust, with statements like "I've played this many games with this guy and my collusion detection rating showed 2%" - all done automatically and without users' input
397 2012-10-11 14:04:47 <slavik03292> it's nto good for real-time play
398 2012-10-11 14:04:52 <slavik03292> with more than 2 players
399 2012-10-11 14:05:03 <helo> what kind of pruning does ultraprune currently do?
400 2012-10-11 14:05:04 <UukGoblin> gmaxwell, my proof-of-concept stub is at https://github.com/goblin/mental_poker_poc
401 2012-10-11 14:05:08 <gmaxwell> UukGoblin: past performance doesn't indicate future results, _especially_ if identity is cheap
402 2012-10-11 14:05:22 <UukGoblin> that's why identity shouldn't be cheap
403 2012-10-11 14:05:42 <UukGoblin> one of the important rules of poker is "don't play if you can't afford to lose the entire investment"
404 2012-10-11 14:06:00 <UukGoblin> so it does allow a little slack of trust to cover for the fun
405 2012-10-11 14:06:05 <gmaxwell> of course, if you play under that rule you might as well have a trusted party run the game, enh?
406 2012-10-11 14:06:21 <UukGoblin> kind of, yeah ;-]
407 2012-10-11 14:06:37 <UukGoblin> but still, 1v1 games can be pretty trustable.
408 2012-10-11 14:06:54 <UukGoblin> anything above 1v1 unless you know the players well is a risk
409 2012-10-11 14:06:59 <UukGoblin> can't see any other way to do it
410 2012-10-11 14:07:01 <Luke-Jr> games? O.o
411 2012-10-11 14:07:37 <UukGoblin> yes, games
412 2012-10-11 14:07:47 <gmaxwell> Luke-Jr: talking about mental poker.  While I don't really get excited by card games, it does make an excellent example of creating trustless algorithims.
413 2012-10-11 14:08:17 <gmaxwell> And the techniques used for mental poker can be used to create cryptographically secure voting, which may someday be very socially important.
414 2012-10-11 14:09:57 <gmaxwell> UukGoblin: oh I guess it also does the ZKPs to prove the shuffle is fair? that would use a lot of bandwidth and make it much slower. :P
415 2012-10-11 14:10:45 <gmaxwell> (love how elegant and simple ZKP for random shuffles can be)
416 2012-10-11 14:13:41 <UukGoblin> gmaxwell, ah yes, correct, forgot about that
417 2012-10-11 14:14:58 <UukGoblin> and me too, much as I like poker as a game, I'm much more interested in algorithms and maths behind doing it in a distributed way
418 2012-10-11 14:15:04 <UukGoblin> many other games could use similar techniques
419 2012-10-11 14:15:50 <gmaxwell> well lots of games don't need it.  1v1 go, checkers, chess, connect-6, etc  are naturally safe. It's only a challenge for games where there is secret randomness.
420 2012-10-11 14:16:00 <UukGoblin> and there's other services that can be built in a decentralized manner using this stuff
421 2012-10-11 14:16:28 <gmaxwell> hm dominoes would be fun.
422 2012-10-11 14:16:57 <UukGoblin> well, for oracles to work, even 1v1 games that you mentioned require stuff like secure timestamping and signing of moves
423 2012-10-11 14:17:12 <UukGoblin> that's why I started chronobit
424 2012-10-11 14:17:57 <gmaxwell> UukGoblin: yes, though you can do signed hash chaining of moves; though pretty different techniques!
425 2012-10-11 14:18:04 <UukGoblin> yup
426 2012-10-11 14:18:12 <UukGoblin> it's much simpler than ZKPs and random shuffles
427 2012-10-11 14:19:11 <UukGoblin> (ah, and the time to shuffle can be decreased easily by modifying a 'security' parameter)
428 2012-10-11 14:19:20 <gmaxwell> sure and bandwidth.
429 2012-10-11 14:19:30 <gmaxwell> the zkp is probablistic.
430 2012-10-11 14:19:33 <UukGoblin> yup
431 2012-10-11 14:23:57 <UukGoblin> also curious how feasible it is for decentralised stats collection... i.e. currently google can easily tell how many users searched for 'bitcoin' in the last week. But if the searches were done over something like Gnutella, is there still a way to calculate such statistics?
432 2012-10-11 14:24:21 <UukGoblin> multi-party computation gets increasingly (exponentially, perhaps?) expensive with the number of parties involved
433 2012-10-11 14:25:14 <gmaxwell> UukGoblin: you can still sample it, which is (I assume) what google does too.. though it can be harder to get a representative sample.
434 2012-10-11 14:25:18 <UukGoblin> and fabricating stats would probably be pretty easy... unless you wanted to include a Hashcash with each search request
435 2012-10-11 14:25:34 <gmaxwell> UukGoblin: same for google.
436 2012-10-11 14:25:51 <gmaxwell> your problem is that you don't really want to measure the number of searches for bitcoin.
437 2012-10-11 14:25:51 <UukGoblin> mhm
438 2012-10-11 14:26:31 <gmaxwell> You want to measure the number of 'organic' or 'honest' or whatever searches, which is a different question and is perhaps unsolvable regardless of the centeralization context.
439 2012-10-11 14:26:34 <UukGoblin> no? my problem is how to collect aggregate statistics of various data in decentralized networks
440 2012-10-11 14:27:00 <UukGoblin> without actually exposing individual searches
441 2012-10-11 14:27:12 <UukGoblin> (as in, keeping them pseudonymous)
442 2012-10-11 14:27:34 <UukGoblin> trying to solve too many problems at once, again, I guess.
443 2012-10-11 14:27:37 <gmaxwell> UukGoblin: then just have people report stats; of course they could fake them, but they could also just as easily fake search traffic.
444 2012-10-11 14:28:25 <gmaxwell> kjj_: am I sensing the possiblity of defeating trolls on the internet? Convince them that they can make money by getting people to pay them to troll... and so then they won't sell themselves out by trolling for free?
445 2012-10-11 14:28:49 <UukGoblin> lol, nice idea
446 2012-10-11 14:28:55 <UukGoblin> problem with me is I just like to talk ;-)
447 2012-10-11 14:29:20 <gmaxwell> heh, I was on a tangent, kjj_ pissed off someone promoting PoS on the forum and he demanded payment to continue the discussion.
448 2012-10-11 14:29:25 <UukGoblin> (who's paying for trolling)
449 2012-10-11 14:29:33 <UukGoblin> LOL
450 2012-10-11 14:29:46 <UukGoblin> Point-of-Sale?
451 2012-10-11 14:30:09 <gmaxwell> Proof-of-Stake. An alternative to POW for hash change consensus.
452 2012-10-11 14:30:22 <gmaxwell> But so far all the proposals have been flawed. :(
453 2012-10-11 14:30:28 <jgarzik> that would be fun.  pay to reopen a locked thread ;p
454 2012-10-11 14:30:29 <UukGoblin> oh, that altcoin's still alive?
455 2012-10-11 14:30:52 <gmaxwell> UukGoblin: well discussion it in the abstract.
456 2012-10-11 14:31:36 <gmaxwell> jgarzik: tuxblack paid (a donation to gribble) to have someone banned in #bitcoin once. :P  (the banned party agreed to the terms so..)
457 2012-10-11 14:31:41 <kjj_> gmaxwell: cunicula pisses me off.  reminds me of Feynman's anecdotes with the orthodox jews
458 2012-10-11 14:33:41 <gmaxwell> kjj_: I don't really see why there but I'm probably missing context.  Though defense via laundry list enumeration of erroneous argument techniques is itself something of an eronious argument technique, which is a little ironic. :P
459 2012-10-11 14:34:54 <kjj_> If you talk to academics much, you'll see it.  they have their own peculiar definitions that don't match yours, and they only accept proof via peer reviewed journal articles
460 2012-10-11 14:36:36 <gmaxwell> kjj_: I think in that last part of that discussion the disagreement is that basically under _some_ threat models his PoW/PoS is more secure, under others its not??? so it ultimately boils down to a threat model preference and neither of you even bothered discussing threat models.
461 2012-10-11 14:37:03 <UukGoblin> gmaxwell, you clearly got tired of typing 'erroneous' properly in the second part of the previous sentence ;-]
462 2012-10-11 14:37:24 <gmaxwell> Spread spectrum spelling.
463 2012-10-11 14:37:52 <UukGoblin> lulz
464 2012-10-11 14:38:22 <kjj_> I don't think he sees the network as a dynamic thing.  he sees that if the world is held constant except that one party gains sufficient hashing power, there is a singularity in their reward
465 2012-10-11 14:39:34 <kjj_> as in, the reward function switches from X*Y when X is <= 0.5, and just Y when X is > 0.5
466 2012-10-11 14:39:53 <UukGoblin> solidcoin!
467 2012-10-11 14:40:26 <kjj_> in my view, if X >= 0.5, we have MUCH bigger problems than that.  so much more that there isn't any point in even thinking about solutions
468 2012-10-11 14:40:42 <gmaxwell> kjj_: thats basically my thinking too.
469 2012-10-11 14:40:56 <kjj_> and it isn't like I haven't told him that very thing a hundred times in all of the other threads he's created or crapped up
470 2012-10-11 14:42:26 <gmaxwell> kjj_: there are some interesting questions though... assmuming the bitcoin community is stupid and decaps the maximum block size, what prevents the difficulty from tending to zero as the subsidy goes away?
471 2012-10-11 14:43:16 <kjj_> gmaxwell: heh.  that's just a game of chicken.  someone always blinks first
472 2012-10-11 14:44:28 <kjj_> assuming that you were trying to imply what I think you are trying to imply, with there being more reward for trying to overturn the current block so that you can get all of those fees, plus the new fees
473 2012-10-11 14:44:29 <jgarzik> gmaxwell: you know I agree with that line of reasoning
474 2012-10-11 14:44:34 <jgarzik> gmaxwell: but there are counter-incentives
475 2012-10-11 14:44:37 <gmaxwell> kjj_: one though I had was that a system that switched to a PoS mode at low difficulty (even a crappy attack prone version of PoS), would create an incentive to PoW mine more because your PoW mining hardware becomes useless if you go under that threshold. But I don't know how to set the threshold securely.
476 2012-10-11 14:44:51 <jgarzik> gmaxwell: investment in current infrastructure and desire to not see bitcoins lose their value
477 2012-10-11 14:45:14 <gmaxwell> jgarzik: the obvious ones are collusion to impose a cartel maximum size, which is ... an ugly prospect.
478 2012-10-11 14:45:29 <kjj_> in a month or three, the ASICs will rise up and make most of these theories moot
479 2012-10-11 14:45:30 <gmaxwell> jgarzik: its true, but as kjj_ said??? game of chicken.
480 2012-10-11 14:45:40 <gmaxwell> kjj_: huh? no they won't!
481 2012-10-11 14:45:41 <UukGoblin> ah, block cap
482 2012-10-11 14:45:47 <Eliel_> gmaxwell: why threshold? Why not smooth curve of declining usefulness?
483 2012-10-11 14:45:54 <gmaxwell> kjj_: the asics make most attackers more powerful too!
484 2012-10-11 14:45:55 <UukGoblin> block size cap, even
485 2012-10-11 14:46:13 <UukGoblin> I still don't know what to think of it
486 2012-10-11 14:46:21 <kjj_> gmaxwell: the threat before now-ish is an attacker with the resources to make an ASIC and outmine the honest network
487 2012-10-11 14:46:36 <jgarzik> gmaxwell: Just consider the distance future when IBR==0, and the network lives or dies by fees alone.  Is the block size terribly important?  I'd argue not, given future network speeds and storage sizes.
488 2012-10-11 14:46:38 <kjj_> now, the best that a powerful attacker can do is attempt to catch up to our level
489 2012-10-11 14:46:50 <jgarzik> the limited resource aspect matters more now, than later
490 2012-10-11 14:46:53 <gmaxwell> Eliel_: well cunicula's PoW/(PoS) if a ^difficulty term was added could give you that, though I'm not sure that it would be better.
491 2012-10-11 14:47:10 <jgarzik> it helps encourage efficiency in programmers
492 2012-10-11 14:47:11 <UukGoblin> ah, actually, 1MB should be enough for everyone
493 2012-10-11 14:47:16 <gmaxwell> Eliel_: you actually want the PoW miners to become _worthless_
494 2012-10-11 14:47:26 <kjj_> UukGoblin: I prefer 640k
495 2012-10-11 14:47:34 <UukGoblin> kjj_, too late now
496 2012-10-11 14:47:57 <slavik03292> is there any interest for a browser based gpg message encryptor?
497 2012-10-11 14:48:15 <kjj_> slavik03292: I hope not, at least not from people that understand key security
498 2012-10-11 14:48:28 <gmaxwell> jgarzik: I don't really follow your thinking there. Say I'm a miner in the future, wouldn't I be better off to accept lower fees, and the just reduce my power usage so that I'm making a greater total profit than my competition who ignores those transactions?
499 2012-10-11 14:48:37 <UukGoblin> slavik03292, I believe the relevant javascript libraries should exist already?
500 2012-10-11 14:48:44 <slavik03292> kjj_: Encryption would happen in the browser, with JS. Nothing transfered to server
501 2012-10-11 14:48:54 <slavik03292> UukGoblin: I already built the site
502 2012-10-11 14:48:56 <kjj_> I don't think UukGoblin got the 640k reference
503 2012-10-11 14:49:08 <slavik03292> UukGoblin: using said libraries
504 2012-10-11 14:49:13 <jgarzik> assuming average transaction size of 256 bytes, the block size would seem to limit us to ~6.5 transactions-per-second
505 2012-10-11 14:49:14 <UukGoblin> kjj_, I sure as hell got the Gates reference
506 2012-10-11 14:49:34 <kjj_> ok, just checking.  your response suggested that you thought I was serious