1 2013-12-07 00:04:17 <imton> sipa: gmaxwell: now, can someone explain me why I can't sign the tx? https://gist.github.com/imton/b5081e83a8f3b8dff373
  2 2013-12-07 00:04:24 <imton> it's at the end.
  3 2013-12-07 00:04:37 <imton> I'd like to understand what I am doing wrong
  4 2013-12-07 00:05:44 <gmaxwell> imton: are you sure you failed?
  5 2013-12-07 00:05:53 <imton>     "complete" => false
  6 2013-12-07 00:06:18 <gmaxwell> https://github.com/bitcoin/bitcoin/issues/2265
  7 2013-12-07 00:06:24 <imton> I am just trying to send btcs to multi sig address
  8 2013-12-07 00:06:48 <imton> gmaxwell: oh... really?
  9 2013-12-07 00:18:57 <imton> gmaxwell: well, after researching a little bit more I think that is not my case
 10 2013-12-07 00:19:26 <imton> would you mind checking https://gist.github.com/imton/b5081e83a8f3b8dff373
 11 2013-12-07 00:24:25 <gmaxwell> imton: your private key doesn't match the pubkey.
 12 2013-12-07 00:24:37 <imton> I see
 13 2013-12-07 00:24:45 <imton> should bitcoind alert me that?
 14 2013-12-07 00:25:04 <imton> gmaxwell: this one does 93KcqG9tWkXu9xsLE7hUxpwHjMwXaGeeTDkkqKNXctYskBEffg8 ?
 15 2013-12-07 00:25:11 <gmaxwell> it did, but not signing it. :P its setup so you can provide more than is needed.
 16 2013-12-07 00:25:41 <gmaxwell> No.
 17 2013-12-07 00:25:51 <gmaxwell> you want the key for address mzKDeYEUxWyayE1Migp3AgSxpcxtuGoxUe
 18 2013-12-07 00:25:51 <imton> oh
 19 2013-12-07 00:25:54 <imton> yeah
 20 2013-12-07 00:26:19 <imton> maybe I am converting it wrong
 21 2013-12-07 00:26:20 <imton> e4a7869c630550e4c677ef8a1e46af726e5436e604226b11869eb53b74c26a03
 22 2013-12-07 00:26:30 <imton> this is the original format I have in my program
 23 2013-12-07 00:27:31 <gmaxwell> I don't see how to get from that to mzKDeYEUxWyayE1Migp3AgSxpcxtuGoxUe
 24 2013-12-07 00:27:50 <imton> that was the priv hey
 25 2013-12-07 00:27:54 <imton> in hex I think
 26 2013-12-07 00:28:14 <imton> I don't know why it is not from that address....
 27 2013-12-07 00:28:29 <gmaxwell> well thats your problem. Good luck.
 28 2013-12-07 00:28:39 <imton> gmaxwell: thanks
 29 2013-12-07 01:24:51 <roconnor> what's the status of pay to script?
 30 2013-12-07 01:29:59 <gmaxwell> roconnor: do you mean pay to script hash?
 31 2013-12-07 01:31:12 <roconnor> no.  I'm wondering if there is, for example, a urlformat like bitcoin:somebase64encodingofascript that people can import into their client and send money to that script.
 32 2013-12-07 01:31:20 <gmaxwell> No.
 33 2013-12-07 01:31:49 <roconnor> oh wait, I guess arbitrary scripts are not being relayed yet.
 34 2013-12-07 01:31:56 <gmaxwell> The payment protocol can encode scriptpubkeys directly, I've never tested that.
 35 2013-12-07 01:32:18 <gmaxwell> roconnor: there are restrictions, but more than just the default form is relayed.
 36 2013-12-07 01:32:24 <roconnor> what about for just simple n-of-m scripts?
 37 2013-12-07 01:33:13 <gmaxwell> those are relayed, where M <= 3
 38 2013-12-07 01:33:24 <roconnor> I guess I'm trying to figure out how ... bitpay was it ... works.  The service that does 2-of-3 where you get two keys and it gets one and you are supposed to hide one of yours securely.
 39 2013-12-07 01:34:24 <roconnor> I mean, clearly I know how it works on the protocol level.
 40 2013-12-07 01:34:59 <roconnor> I'm just fuzzy on the medium in which various things are exchanged between me and the service is.
 41 2013-12-07 01:35:44 <copumpkin> why the M <= 3 restriction?
 42 2013-12-07 01:44:06 <gmaxwell> copumpkin: it's just a size restriction mostly. Basically the IsStandard rules attempt to inhibit stuff with abuse potential but no actual users yet.
 43 2013-12-07 01:44:14 <copumpkin> ah
 44 2013-12-07 01:44:27 <copumpkin> I've toyed with the idea of having larger M values
 45 2013-12-07 01:44:34 <copumpkin> never really bothered doing it though
 46 2013-12-07 01:44:46 <gmaxwell> yea, if you've got an application where it makes sense it could be lifted pretty easily.
 47 2013-12-07 01:45:04 <copumpkin> well, the only use case I had in mind was a safe "cold storage" thingy
 48 2013-12-07 01:46:50 <copumpkin> I'd put coins into a 3-of-5 thing, then send each of the 5 to different secure locations :P
 49 2013-12-07 01:46:56 <copumpkin> or some crap like that
 50 2013-12-07 01:47:16 <copumpkin> horcruxes of bitcoin
 51 2013-12-07 01:49:00 <copumpkin> that might be silly though
 52 2013-12-07 03:59:44 <gmaxwell> saracen: anyone offer to pay for a feed of the unique visitor rate to http://directory.io/ hoping it correlates with market activity?
 53 2013-12-07 04:00:19 <saracen> Nope
 54 2013-12-07 04:00:37 <saracen> I havent really looked too much into the traffic I'm getting. Cloudflare does some analytics, but, theyre having problems atm
 55 2013-12-07 04:00:56 <warren> yeah, I can;'t even login to their site
 56 2013-12-07 04:01:01 <warren> maybe they need ddos protection
 57 2013-12-07 04:01:04 <gmaxwell> lol
 58 2013-12-07 04:01:08 <saracen> haha
 59 2013-12-07 04:01:31 <saracen> It hasnt updated since the 4th. They say theyre working on it
 60 2013-12-07 04:01:43 <saracen> But, by the looks of it, I've had 6 million page views. But, people kept crawling...
 61 2013-12-07 04:01:50 <saracen> 30,000 unique
 62 2013-12-07 04:02:17 <saracen> Dont know how much I can trust any of that though. and I wasnt keeping my own logs to begin with.
 63 2013-12-07 04:02:24 <gmaxwell> oh wow, not much in fact if thats correct.
 64 2013-12-07 04:02:57 <saracen> Even when I started keeping logs, I forgot the IP address would all be cloudflares, until I corrected that. So... yeah. No diea.
 65 2013-12-07 04:03:00 <saracen> idea*
 66 2013-12-07 04:06:28 <saracen> I don't know how people jumped to the conclusion that it had something to do with the price crashing the other day...
 67 2013-12-07 04:07:07 <saracen> I don't think it got enough traffic for that. I wasn't in any bitcoin related channels, but I checked out pricetalk logs today, and nobody really mentioned/panicked over it.
 68 2013-12-07 04:16:24 <saracen> gmaxwell: http://directory.io/nginx_status
 69 2013-12-07 04:26:04 <pierce> is there a good place to grab the old bitcoin binaries?  http://sourceforge.net/projects/bitcoin/files/Bitcoin/ seems to only have the past few months
 70 2013-12-07 04:34:23 <gavinandresen> pierce: https://sourceforge.net/projects/bitcoin/files/Obsolete/
 71 2013-12-07 04:37:50 <pierce> gavinandresen: thank you sir
 72 2013-12-07 06:15:33 <fooledbyprimes> Q: I downloaded what I think is an official torrent of block-chain "snapshot" … it's like 1.5 Gigs or whatever… but I heard the block chain is 9gigs .  what am I missing?  thanks.
 73 2013-12-07 06:16:27 <fooledbyprimes> I don't care about an index.
 74 2013-12-07 06:16:38 <Belxjander> fooledbyprimes: last I heard the blockchain was trying for 20GB...
 75 2013-12-07 06:17:33 <fooledbyprimes> so confusing.  Is there any way to get a snapshot from, say, 2 months ago?  I don't care about being current.
 76 2013-12-07 06:19:18 <fooledbyprimes> also, what happens if the sppewks decide to flood the system with gazillion separate satoshi transations?  that would inflate the chain like a freakin dos atttak.
 77 2013-12-07 06:19:45 <fooledbyprimes> just curious
 78 2013-12-07 06:22:26 <Belxjander> all those transactions would get eaten by the miners and probably end up being trimmed down by the merkle tree options
 79 2013-12-07 06:23:32 <fooledbyprimes> not aware of mekle tree options
 80 2013-12-07 06:23:50 <fooledbyprimes> so bitcoin can absorb such attacks?
 81 2013-12-07 06:24:25 <fooledbyprimes> (note:i'm assuming fractional transactions are possible)
 82 2013-12-07 06:24:32 <fooledbyprimes> (im a total newbie)
 83 2013-12-07 06:25:11 <fooledbyprimes> thanks for the info
 84 2013-12-07 06:25:28 <Belxjander> I'm not exactly new but I am also not a developer...
 85 2013-12-07 06:25:35 <Belxjander> so I can only offer my personal opinion
 86 2013-12-07 06:26:37 <fooledbyprimes> I should just read satoshi's paper.
 87 2013-12-07 06:34:03 <gmaxwell> fooledbyprimes: extra transactions aren't really an issue, miners prioritize free txn by the age of the coins they spend times value, and non-free by fees.
 88 2013-12-07 06:34:14 <gmaxwell> so that kind of attack only works if they bleed themselves dry paying fees.
 89 2013-12-07 06:34:21 <gmaxwell> which makes it self-limiting.
 90 2013-12-07 06:55:59 <warren> Where is a good place in the code to detect if a peer opted out of sending you a version?
 91 2013-12-07 10:08:36 <go1111111> testing my ability to type in this channel...
 92 2013-12-07 11:42:35 <deego> https://bitcointalk.org/index.php?topic=359582.0;all  - heh, looks like this new and revolutionary 1-second proposal been submitted on slashdot as well. :)
 93 2013-12-07 11:46:42 <sipa> go1111111: success
 94 2013-12-07 11:58:56 <edcba> deego: i am not sure to understand that proposal
 95 2013-12-07 12:02:01 <deego> edcba: too vaguely written?
 96 2013-12-07 12:02:24 <edcba> nope i still didn't read the whole thing
 97 2013-12-07 12:03:15 <edcba> i mainly looked at comment thread on bitcointalk
 98 2013-12-07 12:04:03 <deego> edcba: ah, same. I haven't RTFA'd the paper. :)
 99 2013-12-07 12:39:01 <Eremes> anyone know how to use vanitygen on multiple gpus ?
100 2013-12-07 13:32:45 <deanclkclk> hello
101 2013-12-07 13:32:51 <deanclkclk> anyone around?
102 2013-12-07 13:33:05 <matjeh> depends. do you have sweets?
103 2013-12-07 13:42:55 <deego> or btc
104 2013-12-07 14:03:25 <deanclkclk> nope sorry
105 2013-12-07 14:03:40 <deanclkclk> I am trying to build an exchange for crypto currencies
106 2013-12-07 14:04:11 <deanclkclk> I found blockchain.info for API calls but, people are recommeding not to use it and use a node internally
107 2013-12-07 14:04:21 <deanclkclk> is this recommended and why?
108 2013-12-07 14:04:47 <Luke-Jr> if you have to ask, you're nowhere near qualified to build an exchange
109 2013-12-07 15:03:46 <matjeh> why was the version field in the header in block 199999 set to 1, and in block 200000 it was set to 2? what changed?
110 2013-12-07 15:17:38 <tholenst> matjeh: I guess this: https://github.com/bitcoin/bips/blob/master/bip-0034.mediawiki
111 2013-12-07 15:24:40 <matjeh> tholenst: ah, thanks
112 2013-12-07 15:27:02 <Emcy> v2 blox
113 2013-12-07 15:27:12 <sipa> indeed, bip35
114 2013-12-07 15:27:14 <sipa> eh, 34
115 2013-12-07 15:48:45 <rlifchitz> ;;gen
116 2013-12-07 15:48:46 <gribble> Error: "gen" is not a valid command.
117 2013-12-07 15:50:16 <sipa> ;;genrate 5000
118 2013-12-07 15:50:17 <gribble> The expected generation output, at 5000.0 Mhps, given difficulty of 707408283.051, is 0.00355457045443 BTC per day and 0.000148107102268 BTC per hour.
119 2013-12-07 15:50:24 <rlifchitz> ;;genrate 7500000
120 2013-12-07 15:50:26 <gribble> The expected generation output, at 7500000.0 Mhps, given difficulty of 707408283.051, is 5.33185568165 BTC per day and 0.222160653402 BTC per hour.
121 2013-12-07 16:12:42 <deanclkclk> so folks...to setup an exchange..I need to run a miner?
122 2013-12-07 16:14:45 <sipa> i think you don't understand anything about bitcoin if you have to ask that
123 2013-12-07 16:15:12 <sipa> please learn how the system works (read the paper, for starters) before thinking about setting up an exchange
124 2013-12-07 16:30:18 <deanclkclk> ok
125 2013-12-07 16:30:33 <deanclkclk> I am going through the wiki
126 2013-12-07 16:33:45 <Goonie> What's the right bugtracker for issues with the Seed DNS resolvers? (e.g. seed.bitcoin.sipa.be)
127 2013-12-07 16:35:04 <sipa> github.com/sipa/bitcoin-seeder
128 2013-12-07 16:35:21 <sipa> (that's the one petertodd, Luke-Jr and me are running)
129 2013-12-07 16:37:18 <Goonie> thanks, I'll file an issue there. Just one quick question, the case sensitivity bug I debugged several months ago is fixed in the versions you're using, right?
130 2013-12-07 16:38:00 <sipa> afaik, yes
131 2013-12-07 16:39:42 <CodeShark> could I run one, too? :)
132 2013-12-07 16:41:16 <CodeShark> alright, giving it a whirl
133 2013-12-07 16:43:33 <CodeShark> I'd like to find a good set of metrics for peer quality to use in heuristics for peer discovery
134 2013-12-07 16:48:03 <CodeShark> sipa: the output of dnsseed is a bit messed up for me - newlines and stjuff
135 2013-12-07 16:49:52 <sipa> pull requests welcome
136 2013-12-07 16:50:26 <pZombie> are you guys watching the huge manipulation going on?
137 2013-12-07 16:50:46 <sipa> #bitcoin-pricetalk or #bitcoin or #bitcoin-otc please
138 2013-12-07 16:50:58 <pZombie> if the exchanges don't communicate with each other and ban the great manipulators, btc won't survive this
139 2013-12-07 16:51:30 <sipa> offtopic here
140 2013-12-07 16:52:25 <CodeShark> at first I thought pZombie was talking about the brilliant ways that hands are used to type code that directs our CPUs - but now I realize pZombie is talking about fear and greed
141 2013-12-07 16:53:27 <pZombie> nope, i am talking about manipulation on such a grand scale, you wouldn't believe it if you have not seen what i have seen. It's someone trying to deliberately harm the coin
142 2013-12-07 16:53:55 <CodeShark> is that "someone" called the chinese government? :)
143 2013-12-07 16:54:09 <pZombie> and then you can forget about all your development, because you will be developing for a dead coin
144 2013-12-07 16:54:12 <CodeShark> anyhow, yes - offtopic here
145 2013-12-07 16:54:20 <pZombie> alright then
146 2013-12-07 16:54:27 <sipa> pZombie: if the bitcoin economy can't withstand that, then i doubt it would survive anyway
147 2013-12-07 16:54:30 <sipa> now take it elsewhere
148 2013-12-07 16:55:08 <CodeShark> this conversation is analogous to someone telling the wright brothers their invention is doomed because of price manipulation of the materials they used to build their landing gear
149 2013-12-07 16:55:46 <CodeShark> as if the laws of physics care
150 2013-12-07 16:55:48 <pZombie> i had more to say but i will respect the request to not discuss this here
151 2013-12-07 16:56:15 <sipa> Goonie: wait, what? you don't even parse address messages? does that mean you're *solely* connecting to IP addresses the DNS seeds give you??
152 2013-12-07 16:57:58 <Goonie> Yes, true.
153 2013-12-07 16:58:23 <sipa> i don't want that power
154 2013-12-07 16:59:02 <Goonie> I can understand.
155 2013-12-07 16:59:09 <Goonie> Its a long known issue with bitcoinj
156 2013-12-07 16:59:11 <sipa> i knew bitcoinj relied on dns seeds strongly
157 2013-12-07 16:59:14 <sipa> but this is horrible
158 2013-12-07 17:00:39 <sipa> find some DoS exploit in my code, and you've only 2 people in the world left you need to coerce to sybil every single bitcoinj node out there
159 2013-12-07 17:00:48 <CodeShark> sipa: https://github.com/sipa/bitcoin-seeder/pull/15
160 2013-12-07 17:01:00 <sipa> well, that's already the case, actually, even if you did parse address messages
161 2013-12-07 17:01:32 <Goonie> http://code.google.com/p/bitcoinj/source/browse/core/src/main/java/com/google/bitcoin/params/MainNetParams.java
162 2013-12-07 17:01:59 <Goonie> Guess we can take your seed out of there, if you want
163 2013-12-07 17:02:10 <sipa> that would only worsen the situation
164 2013-12-07 17:02:12 <Goonie> Although I think it would be backwards
165 2013-12-07 17:04:21 <Goonie> sipa: In your opinion, what would be the actions needed to be taken to improve the address handling in bitcoinj?
166 2013-12-07 17:05:17 <sipa> keep some known working IP addresses stored, and only use the DNS seeds for just a few of the outgoing connections, for example?
167 2013-12-07 17:06:07 <sipa> in general, diversifying how you find peers to connect to
168 2013-12-07 17:06:47 <CodeShark> what if the protocol were extended to provide a rating for different peers, which we could evaluate ourselves - and we could in turn give the peer that gave us these ratings a rating based on how accurate we deem them to be?
169 2013-12-07 17:07:09 <sipa> i think the first step would be adding host keys
170 2013-12-07 17:07:13 <Goonie> sipa: Yeah I had a patch for that in Bitcoin Wallet already over a year ago, but its missing a tiny bit of support in bitcoinj.
171 2013-12-07 17:07:15 <sipa> and authenticating the connection
172 2013-12-07 17:07:36 <Goonie> sipa: Generally, peer handling is a mess in bitcoinj imho.
173 2013-12-07 17:08:04 <CodeShark> sipa: yes. without host keys, this scheme cannot work
174 2013-12-07 17:08:23 <CodeShark> another added benefit of host keys - hosts could sign block and tx messages
175 2013-12-07 17:08:24 <Goonie> host keys == SSL?
176 2013-12-07 17:08:31 <sipa> not necessarily
177 2013-12-07 17:08:38 <CodeShark> so we could receive tx and block messages from trusted hosts indirectly
178 2013-12-07 17:08:44 <sipa> CodeShark: indeed
179 2013-12-07 17:09:06 <sipa> Goonie: we can easily do our own ECDSA based authentication
180 2013-12-07 17:09:19 <sipa> as bitcoin's security relies on those anyway already
181 2013-12-07 17:09:27 <Goonie> ok
182 2013-12-07 17:10:34 <Goonie> But I think SSL and ECDSA are not exclusive. Isn't SSL (and StartTLS in particular) just a protocol?
183 2013-12-07 17:10:50 <sipa> yes
184 2013-12-07 17:10:53 <sipa> we can do both
185 2013-12-07 17:11:57 <deanclkclk> quick question....in Bitcoin terms..what is a block?
186 2013-12-07 17:12:12 <CodeShark> quick? :)_
187 2013-12-07 17:12:29 <pZombie> would it be possible to have a "lock down coins for x days" slider, and autolock checkbox which has a slider that let's you set how many days it should take for the autolock to be released after issuing the command, and a box to lock transaction to only certain wallet addresses same as above, with all that being stored in the blockchain?
188 2013-12-07 17:12:36 <CodeShark> if you're asking this question, I'm guessing it isn't going to be so quick :)
189 2013-12-07 17:12:56 <deanclkclk> ok plz just tell me
190 2013-12-07 17:13:13 <sipa> deanclkclk: please start by reading the paper
191 2013-12-07 17:13:14 <pZombie> that way, even if a trojan invaded your pc, the coins could not be stolen
192 2013-12-07 17:13:40 <sipa> pZombie: why would the trojan care what the value of the slider is?
193 2013-12-07 17:13:41 <deanclkclk> is a block a miner or each PC that has Bitcoin QT running?
194 2013-12-07 17:13:41 <pZombie> if someone using a trojan tries to remove the autolock, you get notified by an alarm
195 2013-12-07 17:14:15 <sipa> deanclkclk: will you please first study this yourself?
196 2013-12-07 17:14:23 <pZombie> sipa - the coins would be locked and could be transferred only to certain wallets. Not sure i get your question
197 2013-12-07 17:14:36 <sipa> pZombie: who would enforce this?
198 2013-12-07 17:15:02 <deanclkclk> I'm reading the wiki but, something isn't making sense sipa that's why I'm asking
199 2013-12-07 17:15:09 <pZombie> that is why i asked if that info could be stored in the blockchain. The user would set it up in his wallet
200 2013-12-07 17:15:20 <sipa> deanclkclk: start here: http://bitcoin.org/bitcoin.odf
201 2013-12-07 17:15:22 <berndj> deanclkclk, #bitcoin is more suited to these sorts of questions
202 2013-12-07 17:15:25 <CodeShark> ideally, the blockchain should
203 2013-12-07 17:15:29 <sipa> pZombie: that would be a massive overhaul of the protocol
204 2013-12-07 17:15:32 <CodeShark> ideally, the blockchain should ONLY be used for timestamping purposes
205 2013-12-07 17:15:49 <pZombie> maybe, but it would be a massive security improvement. Making it impossible to steal coins
206 2013-12-07 17:15:51 <CodeShark> any additional data put in there needs good justification
207 2013-12-07 17:16:00 <pZombie> even on a compromised pc
208 2013-12-07 17:16:19 <sipa> pZombie: i think there are far more secure systems possible, which don't require this
209 2013-12-07 17:16:24 <sipa> pZombie: like multisig
210 2013-12-07 17:16:35 <pZombie> it cannot get more secure than what i just described
211 2013-12-07 17:16:48 <pZombie> it makes it completely impossible to steal coins
212 2013-12-07 17:16:58 <pZombie> even if the attacker has full control of your pc
213 2013-12-07 17:17:06 <sipa> until the time passes
214 2013-12-07 17:17:19 <pZombie> not, i explained why even then it would not be possible
215 2013-12-07 17:17:37 <CodeShark> seems m-of-n is a superior solution
216 2013-12-07 17:17:43 <sipa> i don't understand then
217 2013-12-07 17:17:44 <pZombie> the user could set the autolock, and the attacker would have to remove it, but the user set it to take X days for the lock to be removed
218 2013-12-07 17:18:15 <CodeShark> hmm
219 2013-12-07 17:18:18 <pZombie> so every time someone removes the autolock, including the user, the user gets notified X days before it is removed, depending on how many days he set
220 2013-12-07 17:18:22 <pZombie> it is perfect
221 2013-12-07 17:18:23 <CodeShark> I was actually thinking about something similar recently
222 2013-12-07 17:18:42 <CodeShark> for large movements of coins where you don't care if it takes a while
223 2013-12-07 17:19:02 <sipa> so, they'd hijact the software, issue the autolock, and hope not to be discovered?
224 2013-12-07 17:19:06 <CodeShark> however, I'm not sure that this problem isn't better solved by m-of-n
225 2013-12-07 17:19:12 <pZombie> the notification would be both through the wallet, but if the PC is fully compromised there also needs to be some third party service which alarms the user via an SMS. A service that checked the blockchain for when a lock has been removed
226 2013-12-07 17:19:29 <pZombie> sipa, you did not read or did not understand what i typed
227 2013-12-07 17:19:34 <pZombie> it is 100% secure
228 2013-12-07 17:19:43 <sipa> oh, you're relying on a third party
229 2013-12-07 17:19:46 <sipa> well, sure
230 2013-12-07 17:19:49 <pZombie> no...
231 2013-12-07 17:19:50 <pZombie> jesus
232 2013-12-07 17:20:10 <pZombie> the third party could be multiple third parties including yourself on another pc, scanning the blockchain
233 2013-12-07 17:20:16 <pZombie> to see if the lock has been removed
234 2013-12-07 17:20:20 <sipa> agree
235 2013-12-07 17:20:36 <sipa> but you're still relying on them
236 2013-12-07 17:20:47 <sipa> which has privacy implications
237 2013-12-07 17:20:48 <pZombie> _including_ yourself
238 2013-12-07 17:20:51 <pZombie> no
239 2013-12-07 17:20:58 <CodeShark> why not just use m-of-n?
240 2013-12-07 17:21:10 <pZombie> you could setup your own pc which scans the blockchain for if the lock has been removed
241 2013-12-07 17:21:10 <sipa> you're attempting to protect yourself against an attacker controlling your system
242 2013-12-07 17:21:22 <CodeShark> you can run 10 devices and require a signature from all of them, if you want
243 2013-12-07 17:21:22 <sipa> you should assume they prevent the alerting on your own system
244 2013-12-07 17:21:35 <CodeShark> a hacker would literally have to compromise them all to steal your coins
245 2013-12-07 17:21:41 <pZombie> also, noone needs to know who you are. I am sure you guys know how to code this so no private data is released about whose wallet is locked and who it belongs to
246 2013-12-07 17:21:52 <pZombie> sipa, i said other pc
247 2013-12-07 17:22:03 <pZombie> it could be your phone checking the blockchain for example
248 2013-12-07 17:22:04 <sipa> then why not use multisig in the first place?
249 2013-12-07 17:22:16 <sipa> it's far less hassle, and needs no protocol change
250 2013-12-07 17:22:36 <pZombie> because what i just described would be easiest even for the most PC illiterate to handle 100% security
251 2013-12-07 17:22:47 <pZombie> it would be 3 sliders a checkbox and a button
252 2013-12-07 17:23:01 <sipa> i don't believe in 100% security in the first place
253 2013-12-07 17:23:07 <pZombie> it is 100% secure
254 2013-12-07 17:24:17 <pZombie> some people are just nay sayers in their nature. Without providing any real argument how it would not be 100% secure he just keeps attacking it
255 2013-12-07 17:25:16 <pZombie> maybe i should say sorry for providing you with a 100% secure that on top would be very easy to use for newbies to secure their wallets
256 2013-12-07 17:25:40 <pZombie> +way*
257 2013-12-07 17:36:02 <CodeShark> the only way to ensure 100% that your coins can never be stolen is to send them to an unredeemable output
258 2013-12-07 17:36:34 <CodeShark> sure, you will never be able to use them again - but nobody else will either :)
259 2013-12-07 17:37:19 <pZombie> CodeShark - how would you steal coins if there is a security mechanism in place as i described it?
260 2013-12-07 17:37:31 <CodeShark> not even the rubber hose attack could steal coins sent to an unredeemable output
261 2013-12-07 17:37:45 <pZombie> even if the attacker has the wallet itself, all he can do is to send coins to the locked wallets, which can be offline wallets
262 2013-12-07 17:38:25 <pZombie> this security mechanism is also good for an exchange
263 2013-12-07 17:38:52 <pZombie> even if the attacker has the password, the user has password, and payout addresses, bank data all locked down
264 2013-12-07 17:39:00 <pZombie> for X amount of days
265 2013-12-07 17:39:20 <CodeShark> pZombie: have you looked at multisigs?
266 2013-12-07 17:40:40 <pZombie> CodeShark - not yet, but it is not part of the wallet
267 2013-12-07 17:41:00 <pZombie> i am looking for something which is easiest for users that have little knowledge about computers to use
268 2013-12-07 17:41:13 <pZombie> and that is secure even if the PC is fully compromised
269 2013-12-07 17:41:24 <CodeShark> what you're proposing is MUCH more difficult to add to existing clients
270 2013-12-07 17:41:36 <CodeShark> multisigs already have full protocol support
271 2013-12-07 17:41:55 <pZombie> ok, but how does multisigs help newbies?
272 2013-12-07 17:45:52 <berndj> by not DoSing developers who could be spending time making the client more newbie-friendly instead of changing the protocol
273 2013-12-07 17:51:23 <pZombie> berndj Sure, if you live in your own world. But the reality is that security that is easy to use for newbies to secure their wallets, is one of the main issues BTC is facing.
274 2013-12-07 17:52:09 <berndj> pZombie, i think that's better addressed by making existing mechanisms that can give you the security you want, more accessible
275 2013-12-07 17:52:21 <berndj> rather than adding new mechanisms
276 2013-12-07 17:52:54 <pZombie> berndj - would multisig work on a fully compromised PC?
277 2013-12-07 17:53:35 <pZombie> trojan with full control to the box
278 2013-12-07 17:53:39 <berndj> would anything work on a fully compromised pc?
279 2013-12-07 17:53:48 <pZombie> yes... what i just described would
280 2013-12-07 18:28:34 <pZombie> i will post compressed what i was thinking of. Something very similar can be used for an exchange to secure accounts. Do what you want with it
281 2013-12-07 18:28:39 <pZombie> Bitcoin-qt wallet -> security settings -> "lock bitcoins" x amount slider    |   "payout to following addresses only"  box to add addresses  |  "lock coins" slider to sex X amount of
282 2013-12-07 18:28:39 <pZombie> days for the coins to get locked  |   "autolock" checkbox, resulting in coins to get relocked automatically for another X amount of days if not unlocked   |   "unlock timeframe" slider
283 2013-12-07 18:28:39 <pZombie> The attacker could issue this too, but he cannot steal the coins into his own wallet.
284 2013-12-07 18:28:39 <pZombie> the user can keep checking with his phone or other computer for it and get notified/alarmed  |   "issue payout to safe wallet"  offline wallet user setup in case his wallet got stolen.
285 2013-12-07 18:28:39 <pZombie> to set X amount of days before coins get unlocked   | "unlock" button when pushed will unlock the coins in X amount of days set. The unlock command is stored in the blockchain, so
286 2013-12-07 18:28:40 <pZombie> Required the ability for the blockchain to store such locks.
287 2013-12-07 18:30:50 <pZombie> even on a trojan infested PC, provided the trojan got on it AFTER, this should ensure the user won't lose his coins
288 2013-12-07 20:15:18 <michagogo> cloud|03:44:49 <@gmaxwell> yea, if you've got an application where it makes sense it could be lifted pretty easily.
289 2013-12-07 20:15:18 <michagogo> cloud|um, it could? Wouldn't that be a har- oh, no, this is just for relaying.
290 2013-12-07 22:45:29 <phantomcircuit> ;;seen jgarzik
291 2013-12-07 22:45:30 <gribble> jgarzik was last seen in #bitcoin-dev 2 days, 7 hours, 5 minutes, and 16 seconds ago: <jgarzik> http://www.reddit.com/r/Bitcoin/comments/1s5hzl/my_human_translation_of_the_china_regulation/
292 2013-12-07 22:50:35 <justanotheruser> Does anyone know about how secure anonymous webs of trust are?
293 2013-12-07 22:52:25 <sipa> what is an anonymous web of trust, and secure against what?
294 2013-12-07 22:55:50 <phantomcircuit> justanotheruser, a truly anonymous web of trust? is completely insecure against sybil attacks
295 2013-12-07 22:56:07 <phantomcircuit> a web of trust is based on people who nominally trust each other
296 2013-12-07 22:56:12 <phantomcircuit> so you need at least pseudonyms
297 2013-12-07 22:57:36 <justanotheruser> sipa: secure against someone de-anonymizing it
298 2013-12-07 22:58:16 <justanotheruser> phantomcircuit: no, you only trust those who are trusted by those you trust
299 2013-12-07 22:58:16 <phantomcircuit> justanotheruser, truly anonymous, secure against sybil attack, pick one
300 2013-12-07 22:58:30 <Luke-Jr> justanotheruser: that is inherently non-anonymoous
301 2013-12-07 22:58:43 <Luke-Jr> if people are anonymous, there are no identities to express trust in
302 2013-12-07 23:00:02 <justanotheruser> Luke-Jr: they do have identities, which are their public keys
303 2013-12-07 23:00:49 <Luke-Jr> justanotheruser: then it isn't anonymous, by definition
304 2013-12-07 23:00:53 <Luke-Jr> anonymous means there are no identities
305 2013-12-07 23:01:37 <justanotheruser> Luke-Jr: not by all definitions. "This paper introduces the concept of anonymous webs of trust – an extension of webs of trust where users can authenticate messages and determine each other’s trust level without compromising their anonymity."
306 2013-12-07 23:01:42 <justanotheruser> http://www.sps.cs.uni-saarland.de/resources/anonymous-wot.pdf
307 2013-12-07 23:02:28 <justanotheruser> phantomcircuit: no, you only trust those who are trusted by those you trust, so sybil attacks are irrelevant
308 2013-12-07 23:02:32 <Luke-Jr> justanotheruser: just because some paper uses the term wrong doesn't really matter
309 2013-12-07 23:02:45 <phantomcircuit> justanotheruser, you fail to understand what anonymous means
310 2013-12-07 23:02:55 <phantomcircuit> what you're talking about is not anonymous
311 2013-12-07 23:02:58 <phantomcircuit> but pseudonyms
312 2013-12-07 23:03:26 <Luke-Jr> phantomcircuit: btw, I haven't heard from benten in a few days
313 2013-12-07 23:03:35 <Luke-Jr> phantomcircuit: any idea if he still wants me to go out to Austin next week?
314 2013-12-07 23:03:38 <phantomcircuit> Luke-Jr, he's right across from me
315 2013-12-07 23:03:41 <phantomcircuit> im sure he does
316 2013-12-07 23:03:50 <Luke-Jr> I think I can make it work
317 2013-12-07 23:04:05 <Luke-Jr> but we still need to make the details/arrangemnets :P
318 2013-12-07 23:04:31 <phantomcircuit> first off, when would you be avail to start
319 2013-12-07 23:04:48 <phantomcircuit> ie. step on a plane and show up here
320 2013-12-07 23:04:55 <justanotheruser> Luke-Jr: It isn't anonymous in that no one can see that you rated another user. All that a user can find out is if they trust you. Also I am calling it an anonymous web of trust because that is the established term for it. What do you want me to call it? If I came up with another name for it you wouldn't know what protocol I was referring to.
321 2013-12-07 23:05:39 <justanotheruser> phantomcircuit: I am only calling it what the research paper and guardian project website are calling it
322 2013-12-07 23:05:49 <Luke-Jr> phantomcircuit: Monday would work best; I need to move some money around (possibly in person) for my new house, then I can get right on a plane
323 2013-12-07 23:06:15 <Luke-Jr> justanotheruser: sounds like pseudonymous
324 2013-12-07 23:07:19 <Luke-Jr> phantomcircuit: I probably need to return by Thursday night
325 2013-12-07 23:07:32 <phantomcircuit> Luke-Jr would you want to fly out early mon morning or sun night?
326 2013-12-07 23:07:53 <justanotheruser> Luke-Jr: that may be. They may be naming it something wrong, but that is the name they call it. It is easier to establish the protocol I am referring to by calling it by it's name rather than coming up with a new name that better describes it.
327 2013-12-07 23:08:06 <Luke-Jr> phantomcircuit: I can't do the house stuff until Monday morning, so after that
328 2013-12-07 23:09:29 <Luke-Jr> justanotheruser: keep in mind this is #bitcoin-dev (where the distinction is important), not #anonymous-wot
329 2013-12-07 23:11:25 <justanotheruser> Does anyone know about how secure "anonymous webs of trust" (which should be called pseudonymous webs of trust) are?
330 2013-12-07 23:16:29 <jakov> secure against what?
331 2013-12-07 23:17:31 <justanotheruser> jakov: de-anonymizing. Being able to see who rated who.
332 2013-12-07 23:17:54 <jakov> that depends on details of the anonymisation
333 2013-12-07 23:18:18 <jakov> the web of trust part has nothing to do with it, if the anonymity is good yes, otherwise no
334 2013-12-07 23:18:36 <jakov> unless iv misunderstood
335 2013-12-07 23:20:45 <justanotheruser> jakov: Well anonymous web of trusts can tell you what your trust level is for a certain public key, but not who rated who, only how many people are between you two. For example if A trusts B, B trusts C, C trusts D and D trusts E, A will know to trust E and that there were 4 ratings between the two, but he won't know who rated who.
336 2013-12-07 23:21:13 <jakov> the only way you'd know is by knowing ABCD's public keys
337 2013-12-07 23:21:18 <jakov> so you can verify each signature
338 2013-12-07 23:21:24 <justanotheruser> jakov: not with anonymous webs of trust
339 2013-12-07 23:21:34 <jakov> ok
340 2013-12-07 23:21:40 <justanotheruser> "This paper introduces the concept of anonymous webs of trust – an extension of webs of trust where users can authenticate messages and determine each other’s trust level without compromising their anonymity."
341 2013-12-07 23:21:43 <justanotheruser> http://www.sps.cs.uni-saarland.de/resources/anonymous-wot.pdf