1 2013-10-10 00:07:48 <runeks> Are multi-sig transactions non-standard?
  2 2013-10-10 00:08:26 <gmaxwell> No.
  3 2013-10-10 00:09:51 <runeks> Cool.
  4 2013-10-10 00:09:58 <maaku> there are limits on size though, right?
  5 2013-10-10 00:10:00 <runeks> gmaxwell: When did they become standard?
  6 2013-10-10 03:28:14 <warren> I fixed the bitcoin-0.8.5 with secp256k1 win32 build, but that guy is gone.
  7 2013-10-10 05:10:04 <michagogo> cloud|If I remember correctly, a multisig transaction up to n-of-3 IsStandard()
  8 2013-10-10 05:10:33 <michagogo> cloud|(Yes, that was 5 hours ago)
  9 2013-10-10 05:32:00 <ThomasV> ping gmaxwell
 10 2013-10-10 05:34:01 <gmaxwell> ThomasV: pong
 11 2013-10-10 05:34:52 <ThomasV> gmaxwell: hi, I learned a few things about breaking ECC
 12 2013-10-10 05:35:48 <ThomasV> you were recommendind that I add iterations of key stretching to a 128 bit seed. is this really necessary?
 13 2013-10-10 05:36:05 <ThomasV> there's no key stretching mentioned in bip32
 14 2013-10-10 05:37:29 <ThomasV> the  way I understand it, breaking 256 bits ECC requires about 2^128 iterations with the rho method
 15 2013-10-10 05:37:50 <ThomasV> http://ecc-challenge.info/anon.pdf
 16 2013-10-10 05:38:28 <ThomasV> (although these iterations are certainly complicated and expensive)
 17 2013-10-10 05:38:38 <gmaxwell> Thats correct. It requires sqrt(keyspace), as its effectively a collision search.
 18 2013-10-10 05:38:59 <gmaxwell> Though its a little non-intutive because the probablity of success is not a simple linear product of the effort required.
 19 2013-10-10 05:40:12 <gmaxwell> Unless I am misremembering, you had the stretching before I ever commented on your scheme.  It is essential to use key streching if you ever have a key which may be not really random (provided by a user), otherwise— probably not, though its harmless in any case.
 20 2013-10-10 05:40:42 <ThomasV> oh ok
 21 2013-10-10 05:40:52 <ThomasV> I thought it was you :)
 22 2013-10-10 05:41:15 <ThomasV> jim (from multibit) recommends we do not add stretching
 23 2013-10-10 05:42:00 <gmaxwell> Last I had checked, many of your users are doing "recovery" on non-random strings.
 24 2013-10-10 05:43:24 <ThomasV> the software does not really allow them to do that
 25 2013-10-10 05:43:42 <gmaxwell> If thats still the case, then I would strongly urge you to retain the streching.
 26 2013-10-10 05:43:48 <ThomasV> they cannot use arbitrary words, the words must come from a dictionary
 27 2013-10-10 05:44:39 <ThomasV> so, they cannot use their favorite sentence, like on brainwallet.org
 28 2013-10-10 05:45:30 <warren> sipa: " dealing with non-confirming transactions"
 29 2013-10-10 05:45:36 <warren> how is that special to HD?
 30 2013-10-10 05:45:40 <gmaxwell> If you directly limit your keyspace to a direct 2^128 bit subset of the 2^256 space I'd be somewhat concerned that a modified rho-method could recover keys in 2^64 operations. I'd have to think about that some to convince myself that switching between G*n to get it back in the allowed range would actually reduce the operation count.
 31 2013-10-10 05:46:56 <gmaxwell> ThomasV: I'm pretty sure I tested this before, after someone in #bitcoin-otc was robbed using an electrum brainwallet, and "recovering"  'correct horse stapler battery' or some such string worked okay. Has this changed?
 32 2013-10-10 05:48:17 <ThomasV> gmaxwell: electrum never accepted "correct horse battery staple" as input. you must have tested that on the brainwallet website, not on the software
 33 2013-10-10 05:48:42 <ThomasV> the brainwallet website does indeed accept any set of words
 34 2013-10-10 05:49:11 <gmaxwell> I'm sure I tested electrum, but perhaps it was some other string.
 35 2013-10-10 05:49:28 <ThomasV> I suspect it first checks if it is an electrum encoding, then falls back onto another hashing
 36 2013-10-10 05:51:39 <Kireji> any eta on m-of-n transactions?
 37 2013-10-10 05:51:40 <ThomasV> it was certainly another string, because electrum needs multiple of 3 words, and because these words are not all in the dictionnary
 38 2013-10-10 05:52:25 <gmaxwell> ThomasV: so, I can "restore"   "apple apple apple"
 39 2013-10-10 05:52:31 <ThomasV> yes you can
 40 2013-10-10 05:54:07 <gmaxwell> Seems like a bug unless the idea actually is to enable but discourage brainwallets?
 41 2013-10-10 05:54:44 <ThomasV> gmaxwell: what do you mean by "a direct subset"? does direct mean "without stretching"?
 42 2013-10-10 05:55:06 <gmaxwell> As in without a hash operation at all.
 43 2013-10-10 05:55:54 <ThomasV> but there is a hash, as per bip32
 44 2013-10-10 05:57:02 <gmaxwell> < ThomasV> there's no key stretching mentioned in bip32  < your mention of BIP32 there made me think you were specifically not asking about bip32.
 45 2013-10-10 05:57:31 <ThomasV> oh no, sorry
 46 2013-10-10 05:58:01 <ThomasV> I have implemented bip32, and I am wondering if I need to add stretching
 47 2013-10-10 05:58:40 <ThomasV> slush wants to add stretching in bip39, and jim says it is not needed
 48 2013-10-10 06:00:11 <gmaxwell> It's not needed, if and only if you're quite confident that the user won't do something stupid there. Personally I'd prefer to have it under the observed behavior that users will do stupid things because they don't understand the risks, and a little streaching is basically costless.
 49 2013-10-10 06:00:31 <ThomasV> ok
 50 2013-10-10 06:00:43 <ThomasV> I agree
 51 2013-10-10 06:00:50 <gmaxwell> Sipa was working on a format for the BIP32 master seeds that implicitly had a kind of streaching built in... but I think he's dropped work on that for now.
 52 2013-10-10 06:01:26 <ThomasV> but.. bip32 is supposed to be final?
 53 2013-10-10 06:01:45 <gmaxwell> (also, putting it there means that if someone creates a stupid  website that converts random user provided strings to your seeds they will always get the benefit of the streaching)
 54 2013-10-10 06:01:54 <gmaxwell> ThomasV: this would have been another BIP.
 55 2013-10-10 06:02:50 <ThomasV> gmaxwell, sipa: that's what slush wants to do in bip39
 56 2013-10-10 06:04:09 <gmaxwell> I'm trying to find Sipa's post on bitcointalk describing his thinking there.
 57 2013-10-10 06:04:32 <gmaxwell> In any case, if you want to pull me into the conversation with Jim, I could try to convince him of this.
 58 2013-10-10 06:05:21 <Luke-Jr> surely "users are stupid" is convincing in and of itself? :P
 59 2013-10-10 06:05:23 <ThomasV> well, I don't think jim will really object. we were just talking about using a common scheme
 60 2013-10-10 06:07:26 <warren> src/util.h:213:57: error: ‘pid_t’ has not been declared
 61 2013-10-10 06:07:31 <warren> anyone ran into this after upgrading g++?
 62 2013-10-10 06:07:53 <gmaxwell> Luke-Jr: well not just stupid, but ... uh. adaptively stupid.  If you build a tall railing preventing them from falling down a cliff someone will come along and sell ladders to your users. :P
 63 2013-10-10 06:07:59 <ThomasV> but it looks like bip39 will not be ready soon, so I guess I will release a first bip32 version of electrum that does not use it
 64 2013-10-10 06:08:32 <gmaxwell> "Brain entallenator"!
 65 2013-10-10 06:10:23 <ThomasV> hmm, I guess that the ladders are given for free, in that case
 66 2013-10-10 06:10:35 <Luke-Jr> gmaxwell: suggest entallenator to the mnemonic dictionary?
 67 2013-10-10 06:10:45 <gmaxwell> ThomasV: hah indeed.
 68 2013-10-10 06:12:19 <gmaxwell> ThomasV: well you could still implement the strenghtening part without using the BIP39 dictionary.
 69 2013-10-10 06:12:35 <ThomasV> yes I guess that's what I will do
 70 2013-10-10 06:15:48 <gmaxwell> If you're looking to for a KDF function, I guess my first resort would be PBKDF2-HMAC-SHA512  (because BIP32 already uses HMAC-SHA512). I'd suggest Catena or scrypt, but compatiblity with hardware wallets that have barely any memory makes that not so useful.
 71 2013-10-10 06:23:12 <ThomasV> what's funny enough is that slush wants to have key stretching for a very different reason: he envisions an attack where the attacker knows a part of your seed words
 72 2013-10-10 06:25:39 <gmaxwell> ThomasV: thats not an entirely crazy concern... in some ways streaching there is even more effective than it is for brainwallets, since the attacker doesn't get a precomputation gain (E.g. cracking multiple ones at once, or building a rainbow table)
 73 2013-10-10 06:27:01 <gmaxwell> It's not a crazy security strategy to split up your key backup in two... though 64 bits isn't much security, unless the stretching is really agressive.
 74 2013-10-10 06:32:04 <swulf--> which encoding of ecdsa public keys are 120 bytes? I read that pubkeys can be as long as 120 bytes... how?
 75 2013-10-10 06:36:23 <ThomasV> gmaxwell: I'd rather use two keys and p2sh
 76 2013-10-10 06:37:06 <gmaxwell> ThomasV: increases the size of all your transactions, however.
 77 2013-10-10 06:37:15 <ThomasV> yeah
 78 2013-10-10 06:39:26 <ThomasV> but "agressive" stretching is probably not realistic to achieve in pure python
 79 2013-10-10 06:40:38 <sipa> gmaxwell: search for self-descriptive key strengthening
 80 2013-10-10 06:41:58 <gmaxwell> ThomasV: I know. It's very frustating the JS/python/php push down the security so much from such things. :(  (Small hardware wallets too, but I find it easier to forgive them)
 81 2013-10-10 06:42:50 <sipa> warren: multiwallet, dealing with non-confirming transactions, bip32, watch-only keys, phantomcircuit's optimizations, ... are all completely independent, it's just that there is a lot to be done regarding wallets, and i'd rather focus on just one thing at a time (which for now isn't any wallet stuff)
 82 2013-10-10 06:42:58 <warren> ooh
 83 2013-10-10 06:55:17 <sipa> gmaxwell, ThomasV: https://bitcointalk.org/index.php?topic=102349.0
 84 2013-10-10 06:56:02 <sipa> it could be a standard on top of bip32, as it's only about how the seed is obtained, which bip32 doesn't specify
 85 2013-10-10 06:58:33 <ThomasV> sipa: I was just reading it :)
 86 2013-10-10 07:00:27 <swulf--> does 1-of-1 multisig work like you'd expect it to?
 87 2013-10-10 07:01:02 <sipa> sure
 88 2013-10-10 07:01:39 <ThomasV> 1 of 1 exists?
 89 2013-10-10 07:01:51 <sipa> yes
 90 2013-10-10 07:02:13 <ThomasV> I mean, is it propagated by  nodes?
 91 2013-10-10 07:02:23 <swulf--> is it considered standard?
 92 2013-10-10 07:02:31 <sipa> i think so, yes
 93 2013-10-10 07:02:34 <swulf--> neat
 94 2013-10-10 07:03:05 <ThomasV> ok, bbl
 95 2013-10-10 07:05:16 <melvster> do any alt coins have URI schemes too?
 96 2013-10-10 07:05:26 <melvster> e.g. litecoin:
 97 2013-10-10 07:05:43 <melvster> is it at all standardized?
 98 2013-10-10 07:05:53 <gmaxwell> wrong channel
 99 2013-10-10 07:06:39 <melvster> perhaps I can rephrase
100 2013-10-10 07:06:52 <melvster> is the bitcoin URI scheme generic or specific
101 2013-10-10 07:07:11 <melvster> is there any kind of standardization
102 2013-10-10 07:08:10 <Luke-Jr> specific
103 2013-10-10 07:08:10 <warren> melvster: names are the result of collective delusion
104 2013-10-10 07:08:17 <melvster> gmaxwell: let me explain ... im trying to model a system that will link any web page to a bitcoin account
105 2013-10-10 07:08:46 <melvster> but I want to know how far I should abstract things, so that it could apply to any crypto currency or not ...
106 2013-10-10 07:09:45 <sipa> you should assume that different crypocurrencies use their own uri scheme, if any
107 2013-10-10 07:09:58 <melvster> so you will be able to do something like <meta rel="w3id.org/bitcoin#address" href="???" /> and in html5 it will automatically be able to tell you have a bitcoin account associated with apage
108 2013-10-10 07:10:31 <melvster> sipa: ok thanks ... what I'll do is make a simple hierarchy ... with crypto as the parent then bitcoin a subclass of that
109 2013-10-10 07:10:33 <sipa> what is address here?
110 2013-10-10 07:10:39 <sipa> can it be a payment url?
111 2013-10-10 07:11:21 <melvster> sipa: ive not uploaded it yet, but it's simply a rel element in a schema that will explain what it means
112 2013-10-10 07:12:00 <melvster> sipa: at first I just want to be able to model the most simple linkage ... payment urls can be added if they make sense (and when I understand them better :))
113 2013-10-10 07:12:39 <melvster> it's kind of just meta data for robots etc.
114 2013-10-10 07:12:58 <melvster> or maybe even a browser plugin can be smart and work it out without having to introspect on the URLs
115 2013-10-10 07:13:19 <melvster> ie in other words, integration with the semantic web
116 2013-10-10 07:13:35 <melvster> to make things both human and machine readable
117 2013-10-10 07:14:10 <sipa> i don't understand the purpose
118 2013-10-10 07:15:22 <melvster> for example: currently i have an href in my homepage that links to my bitcoin address, but normally it's a best practice to give HTML a *hint* so that it knows what kind of thing the href is, e.g. I might have a license for my page, and then id put rel="license" in there, and then other systems can have a better idea of what is being described
119 2013-10-10 07:17:21 <melvster> rel is used quite often on the web ... you might know rel="meta" and rel="canonical" ... they give machines hints as to what things mean
120 2013-10-10 07:18:23 <sipa> ok
121 2013-10-10 07:19:48 <melvster> my main use case is to model this for bitcoin ... but it occurred to me that it would not be a huge overhead to do all the cyrpto currencies together
122 2013-10-10 07:21:05 <melvster> 
ACTION has been meaning to do a semantic web integration for a few years ... only just got a bit of time freed up for it now, so hopefully want to try and get it semi optimal on the first attempt

123 2013-10-10 07:21:44 <swulf--> sipa: why isn't OP_CHECKMULTISIGVERIFY considered standard?
124 2013-10-10 07:22:15 <sipa> it isn't?
125 2013-10-10 07:22:19 <swulf--> as far as I can tell, no
126 2013-10-10 07:22:33 <swulf--> Solver() only returns TX_MULTISIG in the case of OP_CHECKMULTISIG
127 2013-10-10 07:22:42 <sipa> ok
128 2013-10-10 07:23:53 <swulf--> OP_xVERIFY as the last opcode of a script doesn't make it any different than OP_x (and the top of the stack having a true value), right?
129 2013-10-10 07:28:13 <michagogo> cloud|swulf--: right
130 2013-10-10 07:29:40 <michagogo> cloud|OP_VERIFY just inserts another "fail if false" check somewhere in the script
131 2013-10-10 07:29:46 <swulf--> OP_xVERIFY as the last opcode of a script doesn't make it any different than OP_x (and the top of the stack having a true value), right?
132 2013-10-10 07:29:53 <swulf--> arg oops sorry
133 2013-10-10 07:34:21 <michagogo> cloud|Huh. Just got an error I've never seen before: http://i.imgur.com/Td0ULW5.png
134 2013-10-10 07:36:02 <sipa> bitcoin is already running?
135 2013-10-10 07:36:24 <michagogo> cloud|I think mainnet starts at boot
136 2013-10-10 07:36:44 <michagogo> cloud|This was me trying to open a testnet node through the Run box
137 2013-10-10 07:37:16 <michagogo> cloud|Also, I just tried again and it seems to have worked
138 2013-10-10 11:24:19 <rdymac> which clients are implementing (or plan to) the Payment Protocol from 0.9?
139 2013-10-10 11:27:25 <jgarzik> TD, where is your post from years ago, that describes BOND<hash> trading?
140 2013-10-10 11:27:43 <jgarzik> TD, BOND<hash> OP_DROP etc.
141 2013-10-10 11:27:59 <jgarzik> TD, the design I half-implemented in pybond/smartcoins
142 2013-10-10 12:02:06 <Mqrius> It is said that downloading is not the bottleneck for the blockchain download. I just want to note that for me, it is. I'm not sure if it's peer upload speed or harddisk access, but my CPU is mostly idle, and I'm on gigabit network.
143 2013-10-10 12:05:02 <wumpus> Mqrius: do you have the listening port open and reachable? what's your number of connections?
144 2013-10-10 12:05:57 <Mqrius> wumpus: I can't open that on the network I'm currently on, so my number of connections is only 8 atm
145 2013-10-10 12:06:10 <wumpus> that's at least the explanation
146 2013-10-10 12:06:31 <sipa> Mqrius: network is not a bottleneck; the silly downloading mechanism is
147 2013-10-10 12:06:46 <sipa> and CPU is only expected to be a bottleneck after the last checkpoint
148 2013-10-10 12:07:36 <Mqrius> wumpus, sipa, so why not increase the number of outgoing connections? The reason I've heard against that is that it's not necessary, but clearly it is
149 2013-10-10 12:08:05 <sipa> the number of outgoing connections has nothing to do with it
150 2013-10-10 12:08:16 <sipa> we're only downloading from a single peer
151 2013-10-10 12:08:22 <sipa> (for now; being worked on)
152 2013-10-10 12:08:24 <Mqrius> (also, are there direct downloads available for the blockchain up to the last checkpoint?)
153 2013-10-10 12:08:32 <sipa> yes, bootstrap.dat
154 2013-10-10 12:08:34 <Mqrius> Oh. Right that would be a problem.
155 2013-10-10 12:08:34 <sipa> google it
156 2013-10-10 12:09:10 <sipa> i've benchmarked a local test version that syncs with the network in 45 minutes from random peers :p
157 2013-10-10 12:09:32 <sipa> (on a very fast machine, with very goog network connectivity, using experimental crypto code)
158 2013-10-10 12:10:07 <wumpus> increasing the number of outgoing connections would put a lot more load on the network
159 2013-10-10 12:10:09 <Mqrius> Now that sounds good :p except for the experimental part
160 2013-10-10 12:10:55 <Mqrius> wumpus: perhaps only do that when it's syncing, so it catches up faster. It will need to get the data anyway, so total data doesn't change, if it throttles down afterwards.
161 2013-10-10 12:11:06 <sipa> Mqrius: ...
162 2013-10-10 12:11:10 <wumpus> Mqrius: problem is not the amount of data, but the number of connection slots
163 2013-10-10 12:11:27 <sipa> Mqrius: as long as we're downloading from a single peer, having more outgoing connections during syncup will only slow you down
164 2013-10-10 12:11:47 <sipa> (and waste other's connection slots)
165 2013-10-10 12:12:02 <Mqrius> sipa: Yeah I got that, I was considering a hypothetical version that did download from multiple peers.
166 2013-10-10 12:12:23 <sipa> my headersfirst branch does download from multiple peers in parallel
167 2013-10-10 12:13:13 <sipa> still, doesn't make sense to have too many peers
168 2013-10-10 12:13:36 <sipa> the mechanism is limited by the speed variation between peers
169 2013-10-10 12:13:53 <sipa> because a single slow peer can hold the whole sync process
170 2013-10-10 12:15:56 <sipa> s/hold/stall/
171 2013-10-10 12:20:21 <Mqrius> sipa: it could still download blocks and store them in the queue for verification, but it wouldn't be optimal I guess.
172 2013-10-10 12:20:42 <sipa> Mqrius: the problem is that you can only process a block when you have its predecessors
173 2013-10-10 12:20:54 <sipa> so we use a moving window of downloadable blocks
174 2013-10-10 12:21:17 <sipa> which means you can download some blocks without having their parents, but not arbitrarily much
175 2013-10-10 12:21:52 <sipa> and the result of that is that if your oldest undownloaded block is requested from a slow peer, while all other blocks are already there, you're stalled
176 2013-10-10 12:30:02 <swulf--> sipa: but you have indeed saved time by preloading the next blocks while waiting on th slow one. once the slow one arrives, you can zip through a number of headers without any wait time at all
177 2013-10-10 12:30:15 <sipa> swulf--: of course
178 2013-10-10 12:30:21 <sipa> it's a huge improvement
179 2013-10-10 12:30:29 <sipa> but you can still be stalled by a single slow peer
180 2013-10-10 12:30:29 <swulf--> so it really boils down to what's slower, the network download or the header processing
181 2013-10-10 12:30:38 <sipa> block processing you mean
182 2013-10-10 12:30:47 <sipa> header processing is instant :)
183 2013-10-10 12:30:47 <swulf--> i was assuming we're talking about headersonly ?
184 2013-10-10 12:30:53 <sipa> no, headersfirst
185 2013-10-10 12:31:01 <swulf--> ah, well, another story
186 2013-10-10 12:31:12 <sipa> in headersonly you wouldn't download blocks at all :D
187 2013-10-10 12:31:47 <sipa> ah, you mean SPV i guess
188 2013-10-10 12:31:58 <swulf--> you can still verify the chain via the headers only
189 2013-10-10 12:32:11 <swulf--> as long as you ignore trust on the merkle root
190 2013-10-10 12:32:25 <swulf--> and some other assumptions..
191 2013-10-10 12:32:30 <sipa> as long as you assume no invalid transactions would be accepted by miners
192 2013-10-10 12:32:34 <swulf--> right
193 2013-10-10 12:33:55 <swulf--> in any case, even if you downloaded headers 2..262k but not #1, once you get #1 you're still in a better position than if you had waited in some window of 1+k headers
194 2013-10-10 12:34:26 <sipa> well, at least in my implementation, headers are not cached in any way, and just requested and processed serially
195 2013-10-10 12:34:35 <sipa> as they're so tiny it's hardly worth it
196 2013-10-10 12:34:50 <swulf--> the headers are a fixed size, so they could easily be stored in a flat file
197 2013-10-10 12:35:08 <sipa> and they're a few MiB total
198 2013-10-10 12:35:12 <sipa> you have them within seconds
199 2013-10-10 12:35:25 <swulf--> that's pretty cool
200 2013-10-10 12:35:32 <swulf--> i should try out your headersfirst branch
201 2013-10-10 12:35:36 <sipa> well, seconds are an exaggeration
202 2013-10-10 12:35:44 <sipa> but they're way way faster than the blocks
203 2013-10-10 12:35:47 <sipa> which is what matters
204 2013-10-10 12:35:54 <TD> eh
205 2013-10-10 12:35:59 <swulf--> if you're going to eventually download the full blockchain anyway, what advantages does headersfirst give?
206 2013-10-10 12:36:00 <TD> about 18mb today i would think
207 2013-10-10 12:36:04 <TD> it's 4mb of headers per year of operation right
208 2013-10-10 12:36:09 <sipa> yeah
209 2013-10-10 12:36:14 <sipa> swulf--: always knowing the best chain
210 2013-10-10 12:36:17 <sipa> not needing checkpoints
211 2013-10-10 12:36:19 <TD> the delay of downloading all headers in an SPV wallet is definitely noticeable
212 2013-10-10 12:36:34 <TD> well checkpoints are useful for skipping signature checks and other things
213 2013-10-10 12:36:35 <sipa> a ton of attacks are gone
214 2013-10-10 12:36:56 <sipa> TD: you can have a rule "if buried by N months worth of PoW, skip signature checks"
215 2013-10-10 12:37:09 <sipa> swulf--: parallel block download
216 2013-10-10 12:37:52 <sipa> swulf--: no dealing with orphan blocks at all (as we only request blocks after we know their connection to the tree)
217 2013-10-10 12:38:08 <swulf--> how is that even possible?
218 2013-10-10 12:38:22 <swulf--> the very end of the headers could be detached by the time you get the full chain
219 2013-10-10 12:38:41 <sipa> oh
220 2013-10-10 12:38:53 <sipa> by orphan blocks i mean "blocks whose parents aren't known"
221 2013-10-10 12:39:05 <sipa> not "reorganized blocks"
222 2013-10-10 12:39:33 <swulf--> so network broadcasts new block, first thing you do is request the header and stick it into the headers chain, and only after it fits into the chain do you request the full block?
223 2013-10-10 12:39:54 <sipa> swulf--: under some circumstances, we request the header + the block at the same time
224 2013-10-10 12:40:07 <swulf--> ah
225 2013-10-10 12:40:11 <sipa> swulf--: but if the headers doesn't connect, we do throw the block away (which shouldn't ever happen)
226 2013-10-10 12:40:28 <sipa> actually, it could happen in case of >500 block reorgs
227 2013-10-10 12:40:54 <swulf--> that's... unlikely though :)
228 2013-10-10 12:41:16 <sipa> i think in that case we'll have bigger problems than wasting 1 block worth of bandwidth
229 2013-10-10 12:41:23 <swulf--> yup
230 2013-10-10 12:41:29 <sipa> actually, >2000 block reorgs
231 2013-10-10 12:41:37 <sipa> getheaders fetches up to 2000 headers at once
232 2013-10-10 13:37:21 <skinnkavaj> Can I safely click on unknown links on irc and everywhere else if I have no scripts and java is not installed. Is there any other way to get virus? I have windows 8.
233 2013-10-10 13:37:40 <_dr> most certainly not
234 2013-10-10 13:38:15 <skinnkavaj> _dr: So even though i run chrome with no script activated, is it possible to get virus from a site?
235 2013-10-10 13:38:22 <TD> welll
236 2013-10-10 13:38:32 <TD> the whole point of the web is that you click random links
237 2013-10-10 13:38:42 <skinnkavaj> TD: True, but with bitcoin you are scared.
238 2013-10-10 13:38:45 <TD> it's meant to be safe. chrome is pretty secure
239 2013-10-10 13:38:46 <skinnkavaj> to lose them
240 2013-10-10 13:38:48 <TD> well encrypt your wallet
241 2013-10-10 13:38:59 <TD> so far i've never heard of anyone losing money out of an encrypted wallet just because they clicked on a link
242 2013-10-10 13:39:06 <TD> the thing where you have to be careful is downloading and running apps
243 2013-10-10 13:39:08 <_dr> yeah. chrome is pretty safe. i assumed you were running IE
244 2013-10-10 13:39:11 <TD> by all means visit whatever pages you like
245 2013-10-10 13:39:25 <skinnkavaj> TD: im talking about keylogger. i am afraid to get a keylogger installed by cliccking on some spam lins here or on reddit by some bot.
246 2013-10-10 13:39:26 <TD> if that page says, hey download my amazing bitcoin app! and you have no idea who the hell wrote that program ...... think twice
247 2013-10-10 13:39:38 <TD> if you're on chrome and it's up to date (which it nearly always is) then it should be safe
248 2013-10-10 13:39:42 <skinnkavaj> TD: Ofc i would not allow to download anything suscipious.
249 2013-10-10 13:39:56 <TD> then fear not
250 2013-10-10 13:40:00 <skinnkavaj> I am just like afriad of clicking a site like mtg0x.com
251 2013-10-10 13:40:11 <skinnkavaj> Thanks
252 2013-10-10 13:40:28 <TD> well phishing is something else
253 2013-10-10 13:41:21 <skinnkavaj> Pishing is if you are stupid enough to give out details to a scam site, right?
254 2013-10-10 13:41:41 <TD> it's if you think you're signing in or using one site, but are actually using an imposter site, yes
255 2013-10-10 13:41:45 <TD> you don't have to be stupid though
256 2013-10-10 13:41:47 <skinnkavaj> are there any other stuff then no script i should download to chrome to make it more secure?
257 2013-10-10 13:41:53 <TD> just careless for a moment. it's easy to screw up
258 2013-10-10 13:41:56 <TD> you shouldn't even need noscript
259 2013-10-10 13:42:00 <TD> chrome out of the box is fine
260 2013-10-10 13:42:09 <skinnkavaj> really?
261 2013-10-10 13:42:13 <skinnkavaj> why do people use noscript then?
262 2013-10-10 13:42:13 <TD> yes
263 2013-10-10 13:42:31 <TD> for security, it's more useful on firefox
264 2013-10-10 13:42:39 <TD> some people use it because they prefer a plain-jane web
265 2013-10-10 13:42:45 <skinnkavaj> ok so chrome more secure than firefox
266 2013-10-10 13:42:45 <TD> but not many people use noscript
267 2013-10-10 13:42:52 <TD> chrome sandboxes its rendering engine+javascript
268 2013-10-10 13:43:00 <TD> last i heard, firefox is working on that but not done yet
269 2013-10-10 13:43:06 <TD> i might be wrong. perhaps the latest firefoxes are also sandboxes
270 2013-10-10 14:35:40 <helo> ransomware bitcoin virus :/
271 2013-10-10 14:36:17 <TD> where's that?
272 2013-10-10 14:36:25 <helo> would be kind of nice to have balance information encrypted in a wallet to prevent such a virus from knowing how much ransom it should request...
273 2013-10-10 14:36:31 <helo> http://www.reddit.com/r/Bitcoin/comments/1o53hl/disturbing_bitcoin_virus_encrypts_instead_of/
274 2013-10-10 14:38:22 <helo> would be nice if people just kept good backups
275 2013-10-10 14:38:29 <helo> i.e. not a problem
276 2013-10-10 14:44:04 <TD> yeah. those people would have been out of luck if their hard disks had crashed too
277 2013-10-10 14:44:27 <TD> still, really could cause a PR problem for bitcoin if it becomes more widespread. a lot of people will say, "well you couldn't pull that off with credit cards, duh"
278 2013-10-10 14:44:58 <TD> also most backups aren't real time
279 2013-10-10 14:45:07 <TD> it's only asking for 2BTC. for a company that's easily less than a days work
280 2013-10-10 14:45:18 <TD> it can be faster to pay the ransom than do a restore from tape, even
281 2013-10-10 14:45:40 <Ry4an> I wanted to start small.
282 2013-10-10 14:45:50 <Ry4an> I mean _maybe_they_ wanted to start small. ;)
283 2013-10-10 14:46:12 <TD> this is the kind of reason i was mentally exploring the idea of bitcoin traitor tracing
284 2013-10-10 14:46:19 <TD> but the scheme i came up with was computationally infeasible
285 2013-10-10 14:46:39 <TD> Ry4an: best not to joke about that ....
286 2013-10-10 14:48:11 <Ry4an> I know, I regretted it as soon as I said it, but it's early and I've not had enough coffee to engage the joke-filter lobe.
287 2013-10-10 14:52:51 <TD> i think eventually coin tainting is inevitable for reasons like this
288 2013-10-10 14:53:12 <TD> some people won't like it, but the chances of it happening anyway seem really high to me.
289 2013-10-10 14:53:15 <helo> but decentralization :(
290 2013-10-10 14:53:16 <Ry4an> TD: I think people will do it, but I'm not convinced it's a good idea.
291 2013-10-10 14:53:26 <TD> you can have decentralised coin tainting
292 2013-10-10 14:53:44 <TD> think of it like spam filtering. email is decentralised. spam filters are decentralised. they can still share lists of bad IPs and domains
293 2013-10-10 14:54:12 <sipa> as in: you can choose whom to listen to as authority which defines what is tainted?
294 2013-10-10 14:54:12 <TD> the "tainting" means the wallet would show you a warning when receiving the coins. you can then do what you want with it
295 2013-10-10 14:54:22 <TD> i.e. ask the person who sent you the money for ID documents and then file a police report
296 2013-10-10 14:54:24 <TD> yes
297 2013-10-10 14:54:30 <TD> authority would be the wrong word
298 2013-10-10 14:54:34 <TD> vendor of lists
299 2013-10-10 14:54:37 <sipa> right
300 2013-10-10 14:54:52 <TD> consider cryptolocker/crilock
301 2013-10-10 14:54:57 <TD> the guy has to spend his bitcoins somehow
302 2013-10-10 14:54:59 <Ry4an> Currently, rightly or wrongly, people aren't worried about accepting small sums of cash as long as they're convinced it's not counterfit -- I might suspect my customer is a drug dealer, but I'm not worried about accepting his $2 for a soda.  But if I'm not online to run a taint check I would be affraid to accept his BTC.
303 2013-10-10 14:55:23 <TD> well accepting bitcoins if you're offline is dangerous anyway, you're trusting the sender at that point implicitly
304 2013-10-10 14:55:54 <TD> if you accept coins without checking some list, and then when you spend them, you're the one that shows up, no problem
305 2013-10-10 14:56:22 <TD> just say "it wasn't me, but here's my details and if the police want to get in touch with me, here's how they can do it". now both sides have done the best they can
306 2013-10-10 14:56:30 <TD> so they can just continue with their trade as before
307 2013-10-10 14:56:39 <Ry4an> I do agree something like this will come about but I think it will be abused more than it will help.
308 2013-10-10 14:56:42 <TD> if the underlying cause of being listed is bad enough, eventually someone will follow up
309 2013-10-10 14:57:03 <TD> abused how
310 2013-10-10 14:58:03 <Ry4an> but "bad enough" is in the eye of the beholder.  There will be people who won't accept BTC that were ever donated to and spent by planned parenthood to Church X.
311 2013-10-10 14:58:30 <Ry4an> It'll be like the current realtime-blackhole spam blocking shit-shit.  Where a lot of very well meaning people keep lists of dubious accuracy
312 2013-10-10 14:58:43 <Ry4an> and you never know which lists the smtp server to which you're sending is checking.
313 2013-10-10 14:59:10 <Ry4an> and when you get on a list wrongly or through varying standards you're guilty until proven innocent.
314 2013-10-10 14:59:12 <TD> yes. and guess what - postmasters *do* stop using overly abuse blacklists
315 2013-10-10 14:59:14 <petertodd> TD: < jgarzik> TD, where is your post from years ago, that describes BOND<hash> trading? <- want to cite you properly in a paper I'm writing
316 2013-10-10 14:59:36 <TD> that's why spamhaus rages against google so often. they want to block google sending IPs quite often but they know their users will abandon them if they are too aggresive
317 2013-10-10 14:59:49 <TD> petertodd: https://en.bitcoin.it/wiki/Distributed_markets
318 2013-10-10 14:59:57 <TD> petertodd:  that's basically it in wiki form
319 2013-10-10 15:00:00 <TD> petertodd: thanks for the cite
320 2013-10-10 15:00:20 <Ry4an> TD right: shit-show.  You think this will help?
321 2013-10-10 15:00:51 <phantomcircuit> TD, i suspect automated coinjoin with the stated purpose of saving on transaction fees will eventually become very widespread
322 2013-10-10 15:00:52 <TD> Ry4an: spam filters are a good analogy because the early lists were based on rules that were basically made up by some RBL operator, and modern filters rely on measuring group consensus, which pisses off mail senders who think they're "good" but are actually abusive
323 2013-10-10 15:01:00 <phantomcircuit> making the entire concept of taining irrelevant
324 2013-10-10 15:01:02 <phantomcircuit> tainint*
325 2013-10-10 15:01:07 <phantomcircuit> tainting*
326 2013-10-10 15:01:44 <Ry4an> TD or anyone who gets an IP address handed to them by someone who previuosly abused it.
327 2013-10-10 15:01:57 <TD> phantomcircuit: yeah, that could be, we'll see how things play out. but IMO stuff like cryptolocker is going to be a real pain point for the bitcoin community. right now it seems to be using a clearnet C&C server. you link that up with Tor and it becomes very painful to stop
328 2013-10-10 15:02:32 <phantomcircuit> TD, randomware?
329 2013-10-10 15:02:35 <phantomcircuit> for bitcoin?
330 2013-10-10 15:02:36 <TD> Ry4an: spam filters expire entries after a while. but yes, email anti-spam is far from perfect
331 2013-10-10 15:02:37 <TD> phantomcircuit: yeah
332 2013-10-10 15:02:40 <phantomcircuit> why not just steal the bitcoins
333 2013-10-10 15:02:46 <petertodd> TD: cool, I was asked to do an overview of all the colored coins and similar mechanisms; what term would you use for the general idea of the "embed a hash of some contract in the tx"?
334 2013-10-10 15:02:49 <TD> phantomcircuit: it attacks people who don't have any bitcoins
335 2013-10-10 15:02:58 <phantomcircuit> oh
336 2013-10-10 15:03:02 <TD> phantomcircuit: it forces them to buy some: http://www.reddit.com/r/Bitcoin/comments/1o53hl/disturbing_bitcoin_virus_encrypts_instead_of/
337 2013-10-10 15:03:10 <phantomcircuit> it's locking up all their personal documents and then demands bitcoins
338 2013-10-10 15:03:12 <phantomcircuit> that's uh
339 2013-10-10 15:03:21 <MC1984> coinjoin is the real deal right
340 2013-10-10 15:03:22 <TD> petertodd: not sure. attachment? reference? pointer?
341 2013-10-10 15:03:29 <phantomcircuit> well to be fair previous randomware allowed you to pay with a cc
342 2013-10-10 15:03:42 <TD> Ry4an: however consider the alternative ...... would you prefer a world without spam filters?
343 2013-10-10 15:03:50 <phantomcircuit> and you couldn't get the funds back because they were lying about how the card was charged and then disappearing with the funds
344 2013-10-10 15:04:00 <phantomcircuit> MC1984, yes
345 2013-10-10 15:04:22 <TD> phantomcircuit: that can't really have worked, you could just chargeback after decrypting the files. this virus uses bitcoin and moneypak
346 2013-10-10 15:04:28 <TD> it's been around for a while. using bitcoin is a new thing.
347 2013-10-10 15:04:32 <petertodd> TD: hmm... "contract commitment"? similar idea to what I proposed for machine-readable fidelity bonds
348 2013-10-10 15:04:36 <MC1984> tained seems pretty discredited anyway
349 2013-10-10 15:04:45 <MC1984> everyone someone brings it up people are like how about no
350 2013-10-10 15:04:54 <TD> petertodd: that works too. although you're not really committing to anything ahead of time. it's just a more efficient approach than embedding the actual data you care about into the tx
351 2013-10-10 15:05:30 <TD> MC1984: it's about as real as coin tainting is - there are forum threads and not much more. well, i say that, genjix wrote some code for it didn't he? so i guess it's a bit further along. perhaps it'll be a feature of "dark wallet"
352 2013-10-10 15:05:42 <TD> i don't know of any wallets today that do coinjoin type transactions
353 2013-10-10 15:05:44 <jgarzik> petertodd, https://bitcointalk.org/index.php?topic=308508.msg3312544#msg3312544
354 2013-10-10 15:05:49 <petertodd> TD: well, by commitment I mean how once you make the tx, you can't change what contract the tx committed too
355 2013-10-10 15:05:50 <jgarzik> petertodd, several links there
356 2013-10-10 15:06:00 <MC1984> by real i meant theoretically sound
357 2013-10-10 15:06:13 <petertodd> jgarzik: thanks!
358 2013-10-10 15:06:15 <TD> Ry4an: decentralised communities usually evolve some mechanisms to deal with bad actors eventually. email is a P2P network that evolved spam filters.
359 2013-10-10 15:06:17 <phantomcircuit> TD, if you're a scam artist cc's can be made very hard to chargeback, ie bs company which claims the cards were charged in person the funds will be available to them the next day and wontt be held
360 2013-10-10 15:06:21 <TD> Tor has exit policies, though they're not really a complete solution
361 2013-10-10 15:06:46 <phantomcircuit> TD, since the bank would actually lose money on this (they cant get the money back from the merchant) they dont just let you chargeback without a fight
362 2013-10-10 15:06:46 <TD> phantomcircuit: as the virus does not use credit cards, presumably the author found it does not work anymore
363 2013-10-10 15:07:03 <TD> perhaps it used to work a while ago. but the card networks can kick anyone out, and they do.
364 2013-10-10 15:07:05 <phantomcircuit> TD, probably just trying to increase their profit margin
365 2013-10-10 15:07:14 <TD> i really doubt that.
366 2013-10-10 15:08:16 <phantomcircuit> TD, shell companies and money mules have to be expensive
367 2013-10-10 15:08:35 <TD> oh, yes, once you take into account the costs of extracting and laundering the card payments, sure. then i can imagine bitcoin is cheaper.
368 2013-10-10 15:08:45 <TD> but the risks of being caught are also a lot lower
369 2013-10-10 15:08:47 <TD> (presumably)
370 2013-10-10 15:09:00 <phantomcircuit> TD, which is definitely part of the profit margin
371 2013-10-10 15:09:30 <phantomcircuit> 100k/year with a 50% chance of going to jail for 20 years is only 10k/yr
372 2013-10-10 15:09:52 <phantomcircuit> something a lot of criminals fail to take into account
373 2013-10-10 15:09:52 <TD> yes, alright
374 2013-10-10 15:09:58 <Belxjander> phantomcircuit: 100 -> 5 is divide by 20
375 2013-10-10 15:10:04 <petertodd> phantomcircuit: read freakonomics on how much drug dealers make... it's very illuminating
376 2013-10-10 15:10:05 <Belxjander> 100 -> 10 is 10s
377 2013-10-10 15:10:16 <phantomcircuit> petertodd, like 15k/yr
378 2013-10-10 15:10:28 <phantomcircuit> Belxjander, 100 / 10 years is 10k
379 2013-10-10 15:10:31 <petertodd> phantomcircuit: yup, minimum wage or less mostly, but with a small chance of big riches
380 2013-10-10 15:10:52 <Belxjander> phantomcircuit: but you did say 20 years not 10 years
381 2013-10-10 15:10:52 <TD> ulbricht being a textbook example of this kind of calculation
382 2013-10-10 15:11:02 <phantomcircuit> Belxjander, read the sentence again
383 2013-10-10 15:11:11 <phantomcircuit> petertodd, much better odds of getting shot than rich
384 2013-10-10 15:11:23 <Belxjander> phantomcircuit: well I don't get it then
385 2013-10-10 15:11:31 <phantomcircuit> most people would make more working at mcdonalds than being a criminal
386 2013-10-10 15:11:56 <phantomcircuit> Belxjander, 50% change of getting caught means average 10 years spent idle in jail, which means 100k/10 years which means 10k/year
387 2013-10-10 15:12:37 <petertodd> phantomcircuit: yup, granted, I'll be spending my weekend in a cave that I wound up rescuing someone from last time I was there, so I'm not about to say those dealers are making irrational life choices - excitement and risk are very rewarding to some
388 2013-10-10 15:12:42 <phantomcircuit> TD, yeah that's more of a textbook example of the insane difficulty that is keeping a huge secret
389 2013-10-10 15:13:01 <petertodd> phantomcircuit: wouldn't be at all surprised if ulbricht did it partially for the thrill of it
390 2013-10-10 15:13:07 <phantomcircuit> regardless of how damaging it is
391 2013-10-10 15:13:24 <phantomcircuit> petertodd, have you seen the video of him talking with someone
392 2013-10-10 15:13:31 <phantomcircuit> i didn't exactly get that vibe
393 2013-10-10 15:13:41 <petertodd> phantomcircuit: which video?
394 2013-10-10 15:14:00 <phantomcircuit> https://www.youtube.com/watch?v=Xh68DDUYVPM
395 2013-10-10 15:14:07 <Ry4an> TD: where the comparison (and I know it was mine originally) breaks down is that email filters (now that no one relays) only hurt the original bad actor (and their organization).  Where'as a BTC collaborative filter means that someone not using the filter can end up with coins they can't spend.
396 2013-10-10 15:15:18 <petertodd> phantomcircuit: see, I wouldn't read too much into his persona - people who seek thrills are often outwardly very normal, calm people. lots of accountants in caving and rock climbing
397 2013-10-10 15:15:42 <petertodd> phantomcircuit: (though I'm at work eating lunch and can't actually play the vid)
398 2013-10-10 15:16:15 <TD> Ry4an: i don't think "block spending of coins" is a reasonable action for someone to take, if they were to see a list hit
399 2013-10-10 15:16:31 <TD> Ry4an: even with spam filters it's often not "you can't send" but rather "you can send and your mail gets organised into a different folder"
400 2013-10-10 15:16:45 <MC1984> walter whist at the end "I did it for me"
401 2013-10-10 15:16:49 <TD> Ry4an: when spam filters do a hard block it's only because they have a very high confidence that the mail is bad.
402 2013-10-10 15:16:56 <MC1984> several creepy parallels
403 2013-10-10 15:18:03 <TD> Ry4an: a much more reasonable action is to double check who you're dealing with and then just say "hey, today I did a localbitcoins exchange and this warning came up, he said he knew nothing about it, so i asked to see the guys driving license and it said $STUFF. now i have the coins. please remove from the list"
404 2013-10-10 15:18:11 <TD> (most of which can be automated)
405 2013-10-10 15:18:12 <petertodd> http://grugq.github.io/blog/2013/10/09/it-was-dpr/ <- I really liked this blog post, pointing out how unhealthy ulbricht's social isolation was too.
406 2013-10-10 15:18:19 <Ry4an> TD: I see what you're getting at and I do agree it's probably envitable, but I still land in the more-harm-than-good camp for at least the first few years.
407 2013-10-10 15:18:50 <TD> i guess it depends on how much it's used. hopefully most people would never have to deal with such a thing, because if it existed and worked, it'd discourage CryptoLocker type guys from even trying
408 2013-10-10 15:19:10 <TD> but it's hard to say
409 2013-10-10 15:20:10 <_ingsoc> Can we verify any of his social isolation?
410 2013-10-10 15:20:17 <TD> spam filtering is painful largely because spam filters have rarely been good enough, so spammers are still really common
411 2013-10-10 15:20:47 <phantomcircuit> petertodd, i sort of wonder if they actually found him by trawling the internet for similar text
412 2013-10-10 15:21:00 <phantomcircuit> petertodd, DPR certainly had a unique writing style
413 2013-10-10 15:21:02 <petertodd> _ingsoc: we can't even verify he was actually behind the silk road yet :P the author is making reasonable assumptions
414 2013-10-10 15:21:08 <Ry4an> What about the politics example?  Populations are 50/50 split on a lot of things, so getting a goodly number of people to agree coins are tainted because they passed through a distained entity seems easy.
415 2013-10-10 15:21:17 <petertodd> phantomcircuit: quite possibly; that's why I'm learning russian in secret, oh shit...
416 2013-10-10 15:21:26 <phantomcircuit> hahah
417 2013-10-10 15:21:31 <TD> phantomcircuit: i found this analysis to be very interesting: http://shadowlife.cc/2013/10/tracking-the-silk-road-lessons-for-darknet-services/
418 2013-10-10 15:21:43 <_ingsoc> petertodd: That's fair enough. The authorities probably have enough evidence to link him. Contrary to beliefs around these parts, they don't want to waste their time either.
419 2013-10-10 15:21:53 <TD> phantomcircuit: it says they most likely found his server by turning an employee with admin access after they did  trade with an undercover agent, and used their home address
420 2013-10-10 15:21:57 <Ry4an> In the days after the manning-sourced wikileaks dump most americans and most world governments would've called any coins wikileaks had unspendable
421 2013-10-10 15:22:05 <TD> phantomcircuit: someone discovered that the site was leaking an IP, and mailed the admins about it ....
422 2013-10-10 15:22:36 <phantomcircuit> TD, it shouldn't even be possible to leak the real ip
423 2013-10-10 15:22:40 <phantomcircuit> amateur hour
424 2013-10-10 15:22:47 <Ry4an> bah, gotta run.  Enjoyed this, TD.
425 2013-10-10 15:22:59 <TD> Ry4an: so wikileaks would have traded with the rest of the world, and when Airbus or ARM or some other big european company turned up with coins used by wikileaks 3 hops ago, I think most American companies would have not given a shit
426 2013-10-10 15:23:05 <TD> Ry4an: later!
427 2013-10-10 15:23:11 <phantomcircuit> it took me less than an hour to setup a hidden service in a vm and iptables rules such that it's impossible for the vm to even know what it's real ip is
428 2013-10-10 15:23:22 <TD> phantomcircuit: well, i've never tried to run a complicated hidden service, so i won't comment on how hard it is. computers are hard. i know that.
429 2013-10-10 15:23:39 <phantomcircuit> i was pretty sure it was possible and sure enough
430 2013-10-10 15:23:42 <TD> phantomcircuit: yeah, but now you have to maintain that over a period of years whilst you move around hosts and upgrade capacity, etc
431 2013-10-10 15:23:54 <petertodd> phantomcircuit: I actually did an art project a few years back where I screen-scraped websites with user comments, then presented the comments together with usernames stripped - the viewers seemed to get the impression that the site had a more unique authorship "voice" than the individual users
432 2013-10-10 15:23:58 <phantomcircuit> :)
433 2013-10-10 15:23:58 <phantomcircuit> TD, well no i dont since im not running a huge drug operation
434 2013-10-10 15:23:58 <TD> also - limited to hosts that don't/weakly verify your ID, etc
435 2013-10-10 15:24:02 <TD> right :)
436 2013-10-10 15:25:23 <MC1984> Apparently the only source of social validation and ego gratification that Ross had was a group of bitcoin libertarians, drug seekers, drug dealers and undercover cops. This is not a healthy social environment conducive to a balanced state of mental health.
437 2013-10-10 15:25:28 <MC1984> lol you dont say
438 2013-10-10 15:25:51 <TD> the guy was a first class idiot. he was talking about finding a girlfriend, wife, etc
439 2013-10-10 15:26:01 <petertodd> phantomcircuit: IE, users on slashdot wrote comments that had a "slashdot" feel, and users of, say, reddit had a "reddit" feel, but individual authors were indistinguishable even though I went to some effort to over-represent people to the point where they should have been
440 2013-10-10 15:26:01 <TD> how would he plan to explain his income to such a woman?
441 2013-10-10 15:26:07 <MC1984> someone is going to take all this analysis and lessons learned from SR and do it again
442 2013-10-10 15:26:37 <MC1984> not being funyy and ive said this before, but from some of this shit im reading ive seen ebtter opsec from people running private torrent trackers
443 2013-10-10 15:26:49 <_ingsoc> petertodd: That's actually pretty interesting.
444 2013-10-10 15:26:59 <petertodd> MC1984: unless they arrest hundreds of people, the silk road will still prove to have been less risky that meatspace drug dealing
445 2013-10-10 15:27:15 <MC1984> the UK picked up 4 people apparently
446 2013-10-10 15:27:22 <TD> MC1984: i guess we'll have to see. it depends on what happens next with the existing set of competitors, i think
447 2013-10-10 15:27:25 <phantomcircuit> petertodd, s/arrest/shoot/
448 2013-10-10 15:27:28 <MC1984> with our brand new FBI clone agency
449 2013-10-10 15:27:31 <TD> MC1984: sheep market already faceplanted and leaked its real IP
450 2013-10-10 15:27:34 <petertodd> phantomcircuit: indeed...
451 2013-10-10 15:27:53 <petertodd> remind me to leak the IP of my competitors...
452 2013-10-10 15:28:03 <TD> if the message people take away from this is, "even physics PhDs can't do this and escape detection", i'm not so sure it'll become a huge thing
453 2013-10-10 15:28:22 <MC1984> anyone think its intereting that the one called atlantis shut shop 1 month before SR
454 2013-10-10 15:28:27 <MC1984> citing heat
455 2013-10-10 15:28:43 <TD> dealing on the street at least has very intuitive security properties, even to a meathead
456 2013-10-10 15:28:58 <petertodd> TD: that's never stopped dealers - the next generation learns from the mistakes of the previous, and culture absorbs the lessons
457 2013-10-10 15:29:40 <TD> do they learn the lessons so much? other than SR, what was the last major innovation in the black market drugs industry?
458 2013-10-10 15:29:49 <TD> i know they innovate in creating new kinds of chemicals pretty fast
459 2013-10-10 15:29:57 <TD> but in terms of distribution .... all the good stuff is the latam cartels
460 2013-10-10 15:29:59 <MC1984> i was kinda seeing eye to eye with taking the violence out of the drug trade thing, before the reports of hits......
461 2013-10-10 15:30:01 <jgarzik> burner phones   (my cousin is DEA)
462 2013-10-10 15:30:02 <TD> with their crazy custom submarines and stuff
463 2013-10-10 15:30:09 <MC1984> also someone said something about human trafficking on the site, fuck that
464 2013-10-10 15:30:16 <petertodd> TD: those subs are an excellent example of innovation
465 2013-10-10 15:30:16 <TD> chucking identities is hardly innovation.
466 2013-10-10 15:30:47 <TD> yeah but 99.9% of drug dealers aren't doing that
467 2013-10-10 15:30:52 <MC1984> taking violence out of hte trade, seeing as the authorities do the exact opposite. Either directly themselves or backstopping what goes on in mexico etc
468 2013-10-10 15:30:54 <TD> they're out on the streets just like they always were
469 2013-10-10 15:31:03 <jgarzik> That's hard tech.  Think telecomm practices and security.  Lincoln won the civil war through superior telecom tech.
470 2013-10-10 15:31:16 <petertodd> MC1984: I've personally gone to silk road and atlantis, and I never saw any human trafficking, or frankly, anything other than weapons that made me actually uncomfortable (and weapons are rare)
471 2013-10-10 15:31:42 <MC1984> thought they banned weapons trade ages ago
472 2013-10-10 15:31:52 <TD> MC1984: the idea that the drugs trade is violent because of governments is kind of screwball. it'd be much less violent if it were legal and regulated, sure. but i think the state of mexico shows what happens when  drug cartels get too big ..... hardly a flowering market of peaceful transactions
473 2013-10-10 15:32:02 <TD> jgarzik: he did?
474 2013-10-10 15:32:06 <petertodd> MC1984: yeah, on silk road, but not on all sites (though the weapons available are more along the lines of stun guns)
475 2013-10-10 15:32:12 <TD> jgarzik: that's new to me. how did he do that?
476 2013-10-10 15:32:32 <TD> petertodd: DPR kept that stuff out mostly. i remember when SR was brand new. like the first weeks
477 2013-10-10 15:32:43 <jgarzik> TD, e.g. http://www.amazon.com/Mr-Lincolns-T-Mails-Abraham-Telegraph/dp/0061129801
478 2013-10-10 15:32:44 <TD> petertodd: there were adverts for human slavery, nuclear material
479 2013-10-10 15:32:52 <MC1984> if the US decriminalised and taxed these substances, the cartels market would evaporate overnight
480 2013-10-10 15:32:53 <TD> truly insane shit got posted there. nobody was sure if it was trolling or for frea
481 2013-10-10 15:32:57 <TD> *real
482 2013-10-10 15:33:08 <TD> MC1984: no argument there
483 2013-10-10 15:33:12 <MC1984> no one wants drugs to be illegal as fuck more than drug kingpins
484 2013-10-10 15:33:12 <petertodd> TD: yeah, me too, took them some time to learn that they had to clamp down; though I've never seen anything convincing me that anything other than the weapons wasn't just trolling
485 2013-10-10 15:33:26 <jgarzik> MC1984, not necessarily
486 2013-10-10 15:33:38 <jgarzik> MC1984, cigarettes are still smuggled, even though they are taxed and legal
487 2013-10-10 15:33:46 <MC1984> ok fine
488 2013-10-10 15:34:06 <helo> taxation as a form of prohibition :/
489 2013-10-10 15:34:12 <TD> jgarzik: why did lincoln have some kind of advantage with telegraph tech? the south didn't know how to build telegraph lines or something?
490 2013-10-10 15:34:14 <phantomcircuit> jgarzik, yeah cause they're taxed like 800%, but how many people do you hear about getting killed over smuggled cigarettes?
491 2013-10-10 15:34:18 <MC1984> but i cant remembe the last time i heard about a decapitated body hung from an overpass with 50 packs of illegal cigs stuffed up its ass
492 2013-10-10 15:34:32 <TD> tobacco smuggling is a lot less violent than drug smuggling, that's for sure
493 2013-10-10 15:34:53 <TD> btw, the Economist ran an online debate on legalising cannabis
494 2013-10-10 15:35:00 <TD> 92% agreement with legalisation over the entire course of the debate
495 2013-10-10 15:35:11 <petertodd> phantomcircuit: heh, well... here in ontario the native tribes use speedboats and night-vision goggles to smuggle cigarettes from the states, and yes, the occasional death (but nothing like harder drugs)
496 2013-10-10 15:35:14 <MC1984> public opinion is clear tbh
497 2013-10-10 15:35:21 <MC1984> its just a matter of time
498 2013-10-10 15:35:24 <TD> yeah
499 2013-10-10 15:35:25 <jgarzik> TD, Lincoln used telegraph to (my language, not theirs) iterate more rapidly.  The north had much better, more complete telegraph comms for whatever reason.  Lincoln received troop reports more quickly and could turn around orders just as quickly.
500 2013-10-10 15:35:30 <TD> (on cannabis at least)
501 2013-10-10 15:35:37 <jgarzik> In prior wars, "orders" and troop movements took eons to coordinate
502 2013-10-10 15:35:37 <TD> (i don't think the polls are so decisive on other drugs)
503 2013-10-10 15:35:48 <TD> jgarzik: right
504 2013-10-10 15:36:12 <MC1984> for the more harmful stuff like meth etc, its time to treat it as a public health issue not criminality as such
505 2013-10-10 15:36:20 <MC1984> the users at least
506 2013-10-10 15:36:49 <TD> that already happens to some extent in switzerland. there are government run heroin clinics (as a trial)
507 2013-10-10 15:37:02 <TD> apparently bankers turn up in suits before the start of office hours to shoot up, under supervision of doctors
508 2013-10-10 15:37:14 <MC1984> well switzerland is pretty based in all regards so
509 2013-10-10 15:37:40 <TD> the biggest reason it's controversial is, i think, the obvious one - people wonder why their tax money is being used to fund heroin habits
510 2013-10-10 15:37:42 <petertodd> MC1984: addiction is not all it's cracked up to be anyway: turns out people with happy lives don't get addicted to hard drugs anywhere near as much as science used to think, and they're surprisingly able to kick the habit as well.
511 2013-10-10 15:37:56 <petertodd> MC1984: it's people trying to escape *something* that are vulnerable
512 2013-10-10 15:38:04 <TD> petertodd: got something i can read on that?
513 2013-10-10 15:38:12 <MC1984> of course
514 2013-10-10 15:38:28 <petertodd> TD: that's from a neuroscience friend of mine, she might be able to dig up papers
515 2013-10-10 15:38:40 <MC1984> addictive personalities
516 2013-10-10 15:38:59 <TD> it's ok. i'll look into it some time myself
517 2013-10-10 15:39:19 <petertodd> TD: I'm sure it's filtered out into the popular press by now
518 2013-10-10 15:40:08 <petertodd> anyway, all this stuff leads to bad science because of the pressure on researchers to get politically acceptable results; it's ugly on a lot of levels (and that also makes for bad contrarian research too)
519 2013-10-10 15:40:13 <TD> MC1984: programs like that are rather delicate and tricky. i learned recently (didn't know before) that back before about 1960 there was a similar program in the UK. but it failed. there was one big key difference
520 2013-10-10 15:40:34 <TD> MC1984: which was that the people getting govt subsidised drugs were able to take it home and shoot up there. of course, many of them took the drugs and sold them on for profits
521 2013-10-10 15:40:50 <TD> so it was found to actually be fueling crime by feeding addicts that weren't being treated for whatever reason
522 2013-10-10 15:40:58 <TD> i think that's why the swiss insist that the drugs are taken on-site
523 2013-10-10 15:41:06 <MC1984>  petertodd the uk govt fired the entire advisory committe of actual scientists that said hey cannabis shouldnt be class b along with benzos and stuff.....
524 2013-10-10 15:41:21 <petertodd> MC1984: exactly!
525 2013-10-10 15:43:10 <petertodd> MC1984: not just drugs too - I have a friend who's a pediatric psychiatric nurse, and she says the research on child sex abuse is awful because of the continual pressure to overstate the effects, as well as find "clearly evil" purpetrators like pimps rather than the more ugly fact that it's mostly done by parents (or kids themselves)
526 2013-10-10 15:43:40 <MC1984> blame the papers
527 2013-10-10 15:44:36 <petertodd> MC1984: poses real problems too: often when young kids are abused they don't really understand it, or see it as wrong, and as they grow up the expectations on them to "be a victim" are far more harmful than the abuse itself :(
528 2013-10-10 15:46:02 <petertodd> MC1984: meanwhile police pour enormous amounts of money into anti-trafficking teams that don't actually have much work because forced child prostitution is extremely rare (what does happen is usually 100% the kids themselves, which says the money would be much better spent improving social safety nets, group homes etc.)
529 2013-10-10 15:46:27 <petertodd> MC1984: but people want to catch criminals, not help homeless youth :(
530 2013-10-10 15:56:32 <TD> petertodd: the other interesting thing about paedophilia is the evidence that it can be caused by brain tumours
531 2013-10-10 15:57:11 <TD> petertodd: your neuroscience friend might know about that too
532 2013-10-10 15:58:00 <petertodd> TD: yes, actually, she did mention that re: violence, like the guy who IIRC shot up a university campus and was found to have a tumour
533 2013-10-10 15:58:20 <TD> oh, he did?
534 2013-10-10 15:58:47 <TD> the paper i'm thinking about is about a patient who started obsessively collected child porn
535 2013-10-10 15:58:52 <petertodd> https://en.wikipedia.org/wiki/Charles_Whitman
536 2013-10-10 15:59:06 <petertodd> yeah, I haven't heard about that one, but it doesn't surprise me
537 2013-10-10 15:59:10 <TD> for years. eventually he got discovered. the day before he was due to go to jail, he checked himself into hospital complaining of migraine
538 2013-10-10 15:59:24 <TD> they did an MRI and discovered a huge tumour. they operated and his desire to collect CP went away
539 2013-10-10 15:59:29 <TD> he still had to do the time of course
540 2013-10-10 15:59:52 <TD> he got out after some years and went back to rejoin his wife. after a while (a decade? i forgot) his wife discovered he'd started collecting the porn again
541 2013-10-10 15:59:55 <petertodd> the other thing is that far more often than not paedophiles have very "innocent" incentions, in the sense that it's very misdirected love rather than violence
542 2013-10-10 16:00:04 <TD> went back to hospital, sure enough, the tumour had returned. operated again, the problem went away
543 2013-10-10 16:00:08 <petertodd> sheesh
544 2013-10-10 16:00:25 <TD> pretty hard to escape the conclusion that in his case the problem had a medical cause.
545 2013-10-10 16:00:40 <TD> whether that's true in more cases, hard to say because they tend to end up in jail rather than a hospital
546 2013-10-10 16:00:47 <petertodd> yeah, like it or not we are what our brains are, and brains are flesh and blood
547 2013-10-10 16:02:30 <petertodd> anyway, lunch is over, later
548 2013-10-10 16:05:19 <TD> later
549 2013-10-10 16:05:23 <t7> anyone know of an up to date manual for box2d
550 2013-10-10 16:05:30 <t7> the one on the site is wrong
551 2013-10-10 16:05:32 <t7> ?
552 2013-10-10 16:06:32 <t7> ah ignore that
553 2013-10-10 16:06:35 <t7>  icant read
554 2013-10-10 16:07:11 <t7> wtf wrong channel
555 2013-10-10 16:44:59 <heeventuli> hm, i just got home and my testnet-bitcoin-client, that had been in sync for days, was suddenly about 65k~ blocks behind...has someone else expierenced the same?
556 2013-10-10 16:47:29 <heeventuli> i restarted the wallet, now i'm in sync again o_O
557 2013-10-10 17:30:22 <sphered> hi
558 2013-10-10 17:31:24 <sphered> im trying to send some money using this " pwalletMain->SendMoneyToDestination(myDest,100000,myTx,true);"   but i want to set the 100000 value to the block value. any ideas
559 2013-10-10 17:32:24 <sphered> im trying to send some money using this " pwalletMain->SendMoneyToDestination(myDest,100000,myTx,true);"   but i want to set the 100000 value to the block value. any ideas
560 2013-10-10 17:32:57 <sphered> anyone online/
561 2013-10-10 17:32:58 <sphered> ?
562 2013-10-10 18:06:32 <sphered> anyone online?
563 2013-10-10 18:07:10 <Ry4an> sure
564 2013-10-10 18:07:42 <Ry4an> it's an asynchronous medium.  You ask your question and wait.  Someone'll answer.
565 2013-10-10 18:08:07 <sipa> or not
566 2013-10-10 18:09:02 <Ry4an> also that, but the waiting is a required step.
567 2013-10-10 18:09:22 <gmaxwell> sphered: your question didn't make a lot of sense, and you left far far far too quickly.
568 2013-10-10 18:09:31 <sphered> ok i will wait
569 2013-10-10 18:11:36 <sphered> so i am trying to send coins in the line  "pwalletMain->SendMoneyToDestination(myDest,100000,myTx,true);" you set the amount you want set. in this case its 100000 but i want to change it to the GetBlockValue in main.cpp when i do this and attempt to compile is get an error telling me the integer is too large. So how can i set the amount to be the value of the block created
570 2013-10-10 18:12:27 <sipa> the value of which block?
571 2013-10-10 18:12:46 <sphered> the value of the block created during the mining process
572 2013-10-10 18:13:04 <gmaxwell> sphered: you cannot send mined funds for 100 blocks after the block is mined.
573 2013-10-10 18:13:21 <gmaxwell> if you want mined funds to go to another location, adjust it to mine to that location to begin with.
574 2013-10-10 18:13:44 <sphered> how ? i need to send 20% of the mined funds to be sent to an address
575 2013-10-10 18:13:49 <sphered> how can this be done?
576 2013-10-10 18:13:57 <sipa> oh, you again
577 2013-10-10 18:14:10 <gmaxwell> to answer the question you asked instead of the one you needed answered CWallet::SendMoneyToDestination takes an int64. Cast your constant.  ... though if I have to tell you this, you should under no circumstances be changing this code.
578 2013-10-10 18:15:07 <sphered> in the main.cpp?
579 2013-10-10 18:15:48 <sipa> iirc he was creating an altcoin that has some preset payout scheme to him, so he can guarantee a stable value
580 2013-10-10 18:16:11 <gmaxwell> yea, that guy.
581 2013-10-10 18:16:33 <sphered> why all the hate?
582 2013-10-10 18:16:51 <sipa> no hate; i just think you're wasting your time
583 2013-10-10 18:17:42 <sphered> cba ok anyone willing to give any advice on how to do pre-set tax idea? or shall i just go
584 2013-10-10 18:18:37 <sipa> if you really want that, you shouldn't be changing the payout code (very few actual mining is done inside bitcoin anyway); you should be adding block verification rules that enforce the tax
585 2013-10-10 18:19:38 <sphered> okay. how?
586 2013-10-10 18:19:39 <grau> if you are at that you can replace the POW with a signature of the IRS
587 2013-10-10 18:20:11 <sipa> i really don't think you should be coding this before you understand what is needed
588 2013-10-10 18:20:25 <Ry4an> sphered: it would be a significant development understaking.
589 2013-10-10 18:20:51 <sipa> if you're serious about it, find at least someone who understands the programming language
590 2013-10-10 18:21:58 <sphered> okay maybe you can help me with this. i have used the frei-coin source code since it already has this feature. i have mofied it to meet my requirments. i have generate the merkle hash but..
591 2013-10-10 18:22:35 <sphered> when i compile and run again i can't find the genesis block in the debug.log file why?
592 2013-10-10 18:22:44 <sphered> have i missed a step?
593 2013-10-10 18:24:13 <sphered> i have not done sha coins before so it is slightly different normally with a litecoin based coin it would be in the debug.log
594 2013-10-10 18:28:09 <grau> guys here have also not done lots of sha coins yet, their expertise is limited to one. I suggest you look out for a forum of real experts.
595 2013-10-10 18:28:53 <sphered> thanks. using scrypt coins are super easy. sha is a bit more complex
596 2013-10-10 19:31:47 <warren> 
ACTION facepalm.

597 2013-10-10 19:38:13 <gmaxwell> not sure how best to deal with that, he's N-layers of clueless down. There is basically nothing short of doing it for him that would help him.
598 2013-10-10 19:40:45 <warren> gmaxwell: ask to be paid up front
599 2013-10-10 19:41:04 <gmaxwell> yea, really thats how we should solve the guy, find someone who will do what he wants for a fee.
600 2013-10-10 19:41:31 <michagogo> cloud|The question is, will anyone step up?
601 2013-10-10 19:41:44 <warren> or down
602 2013-10-10 19:42:40 <sipa> i'm sure he'll offer payment in SphereCoins
603 2013-10-10 19:43:07 <gmaxwell> michagogo|cloud: the question is just the price, not if. There exists some price where lots of people would do it.
604 2013-10-10 19:43:20 <michagogo> cloud|I guess.
605 2013-10-10 19:48:47 <petertodd> I'd do it, but only for actual money.
606 2013-10-10 19:48:59 <petertodd> (I'm only saying this for the opportunity to call bitcoins real money)
607 2013-10-10 19:49:14 <warren> The ancient version of *coin had genesis creation code remaining it it.  That seems to have enabled a lot of dumb people to get past one hurdle.
608 2013-10-10 19:49:35 <gmaxwell> warren: there have been ones that just used other coins genesis...
609 2013-10-10 19:50:30 <petertodd> gmaxwell: too bad checkpoints were implemented so early...
610 2013-10-10 19:50:48 <petertodd> 
ACTION should start advertising "genesis services"

611 2013-10-10 19:51:09 <gmaxwell> petertodd: there have been other coins that bumped into a checkpoint after copying them from another coin.
612 2013-10-10 19:51:15 <grau> We will see a rise of *coins with difficulty rendering first generation of asics useless for Bitcoin
613 2013-10-10 19:51:53 <sipa> grau: i fail to parse your sentence
614 2013-10-10 19:52:02 <gmaxwell> grau: there are already hundreds of them, I'm not sure what a "rise" would mean.
615 2013-10-10 19:52:25 <grau> I mean that people will commit all used hardware to them
616 2013-10-10 19:52:27 <gmaxwell> (We will see a rise of *coins) as (difficulty render(s) first generation of asics useless for Bitcoin)
617 2013-10-10 19:52:42 <sipa> ah!
618 2013-10-10 19:52:47 <petertodd> gmaxwell: ah, right, so the checkpoint was there, but the blocks weren't until a month or two later...
619 2013-10-10 19:53:07 <gmaxwell> grau: that hasn't followed historically, if the old hardware works on the coin then the new hardware will too.. if the coin is more profitable to mine than bitcoin, people will mine it with new hardware too.
620 2013-10-10 19:53:37 <gmaxwell> grau: the net effect of this in the past is that sudden surges of hashrate when the coin bacame more profitable to mine than bitcoin destroyed it— this is why namecoin invented merged mining, to stop the oscillation.
621 2013-10-10 19:53:47 <gmaxwell> petertodd: yup.
622 2013-10-10 19:53:53 <gmaxwell> "Why'd it stop?"
623 2013-10-10 19:57:50 <grau> another argument that mining has to be unprofitable. I really like OP https://bitcointalk.org/index.php?topic=305781.0
624 2013-10-10 19:58:14 <sipa> UNprofitable? :o
625 2013-10-10 19:58:15 <sipa> 
ACTION reads

626 2013-10-10 19:59:47 <petertodd> grau: "The Bitcoin whitepaper sketches a consensus proof assuming 51% of the mining power is honest." <- bitcoin requires 51% to be economically rational in a specific way, not honest
627 2013-10-10 20:00:46 <sipa> petertodd: better discuss that with the author of the post i guess, amiller :)
628 2013-10-10 20:01:20 <amiller> 
ACTION apologizes both in advance and retraoctively

629 2013-10-10 20:01:36 <sipa> amiller: can you please remain causal?
630 2013-10-10 20:02:16 <amiller> petertodd, i agree that the point of bitcoin is for most users to be economically rational, not just honest, but there isn't a hint of a proof sketch for that in the whitepaper, nor anywhere else for that matter :o
631 2013-10-10 20:04:45 <amiller> also, thanks grau <3
632 2013-10-10 20:05:10 <gmaxwell> Honest is obviously sufficient. It's unclear if economically rational is sufficient, it may be sufficient so long as there is a small base of honest to "fix" the economically rational behavior.
633 2013-10-10 20:05:41 <gmaxwell> Proofs are kinda worthless since we care about things "outside of the system" too, when we talk about pratical security... and you can't subject the whole universe to your proof. :P
634 2013-10-10 20:06:53 <gmaxwell> e.g. optimal economically rational users might just go murder all the users that would inhibit their most greedy behavior. ... and so a holistic proof would need to start posing conditionals on how likely someone is to get away with murder. :P
635 2013-10-10 20:07:28 <amiller> i agree that a model/proof doesn't actually fix anything
636 2013-10-10 20:08:05 <amiller> on the other hand i think theory is an awesome way to make good progress and get insights on things that can't be directly tested just by banging out a prototype
637 2013-10-10 20:09:01 <gmaxwell> I am also a fan of theory, but I think that we're already far into diminishing returns on that particular question. MAYBE a theory suggests another pratically interesting question, but its more likely that all of theory is overwhelmed by practice on this stuff.
638 2013-10-10 20:10:07 <gmaxwell> Besides, I think it's not hard to show that miners do not meet any simple model of economically rational ... or even prospect theory. ... and I've not seen any models which explain the observed behavior beyond "reasoning poorly under ignorance"
639 2013-10-10 20:10:32 <amiller> now, sure, but we have to extrapolate way into the future to evaluate whether this is a good design
640 2013-10-10 20:10:50 <amiller> anyway the worst thing about my little theory is that i can't figure out what useful implications it has
641 2013-10-10 20:10:53 <gmaxwell> maybe, but even then you need to argue why now is a worse model for the future than your theory.
642 2013-10-10 20:11:28 <amiller> like if the reward had much less variation would it matter
643 2013-10-10 20:11:31 <gmaxwell> amiller: it's interesting that we have _multiple_ reasonable looking theories that fail to explain the observed behavior, I suppose.
644 2013-10-10 20:11:32 <amiller> as long as there's pools then maybe not
645 2013-10-10 20:13:16 <gmaxwell> amiller: nah, I don't think you can say that.. I mean, the variation difference bettween very large pools and small ones is ones is small enough that you really can't say people have a preference for the stability... and yet they'll pay several percent to use larger ones.  or even the pps stuff.. paying 10% to remove a couple percent of daily variation is basically unprecedented in business.
646 2013-10-10 20:16:33 <grau> People avoid variance by selecting big pools but seek the risk by betting to every new vendor announces a new ASIC. The bet is not on operation variance.
647 2013-10-10 20:20:17 <grau> Danger is that if there is not enough excitement mining centralizes at a profitability comparable to a utility company.
648 2013-10-10 20:20:46 <amiller> grau, you'd be interested in my anti-centralization mining puzzle
649 2013-10-10 20:22:09 <amiller> suppose that the trend is for hosted mining to threaten centralization
650 2013-10-10 20:22:28 <amiller> one of the things that makes hosted mining work is that the server can easily show you it's doing work that can only benefit you if it's successful
651 2013-10-10 20:23:03 <amiller> to prevent hosted mining, what you'd like to do is make it so whoever's actually *doing* the work can *take* the reward after the fact, *without even getting caught*
652 2013-10-10 20:23:53 <amiller> there's a simpleish way of doing this that's compatible with exactly the current mining operation and not really any overhead
653 2013-10-10 20:24:17 <amiller> right now, to claim a block reward, you reveal the entire nonce and merkleroot
654 2013-10-10 20:24:35 <amiller> to prevent hosted mining, the trick is to have an additional *zero knowledge* way of claiming the block reward
655 2013-10-10 20:25:01 <amiller> you do a zero knowledge proof that you know a nonce and merkleroot such that H(prev, nonce, merkleroot) < target
656 2013-10-10 20:25:46 <maaku> sipa: any thoughts about keeping old version of the utxo state available?
657 2013-10-10 20:25:48 <amiller> then you use that nonce as a private key to sign a new merkleroot with potentially a new coinbase transaction etc
658 2013-10-10 20:26:10 <maaku> i'm considering leveldb snapshots of the last few blocks
659 2013-10-10 20:26:33 <maaku> so that synchronization queries may persist across block updates
660 2013-10-10 20:26:44 <sipa> maaku: that's an option, but it's relatively hard to do currently
661 2013-10-10 20:26:56 <sipa> as not every block's state is pushed to leveldb
662 2013-10-10 20:28:15 <maaku> well you wouldn't need to keep every block