  1 2014-04-11 00:42:52 <hello> hello
  2 2014-04-11 00:43:16 <hello> forks cause by orphans is what people call reorgs?
  3 2014-04-11 00:44:32 <sipa> a fork is just a block with two child blocks
  4 2014-04-11 00:44:47 <sipa> a reorganization is switching from one side of a fork to another
  5 2014-04-11 00:45:20 <sipa> the result of that reorganization is that the old chain becomes 'orphaned' (because its generation transactions lose the parent they originated in)
  6 2014-04-11 00:45:39 <hello> sipa so normally fork can only last till next block right? as nodes will rejoin longest chain each block :)
  7 2014-04-11 00:45:53 <sipa> reorgs can be arbitrarily deep
  8 2014-04-11 00:46:06 <sipa> transactions from the old chain are reinserted in the new one
  9 2014-04-11 00:46:12 <sipa> but the chains are not 'merged'
 10 2014-04-11 00:46:38 <sipa> the chances go down very rapidly, though
 11 2014-04-11 00:46:54 <sipa> i don't think more than 2-3 blocks deep has occurred except in the case of bugs
 12 2014-04-11 00:46:59 <sipa> maybe 4
 13 2014-04-11 00:48:06 <hello> sipa so say 51% of chain accepts solution and 49% not, then on next update both chains try to build on top of that
 14 2014-04-11 00:48:07 <hello> hehe
 15 2014-04-11 00:48:25 <sipa> what if both chains get a successor block at the same time?
 16 2014-04-11 00:48:34 <sipa> (that's how a 2-deep fork occurs)
 17 2014-04-11 00:49:48 <hello> sipa: yes I see two chains got block same time - then chain with larger hashpower likely to build next block faster
 18 2014-04-11 00:49:56 <hello> so eventually some blocks are oprhaned
 19 2014-04-11 00:50:03 <hello> and its normal again
 20 2014-04-11 00:52:54 <blitzlightnin> I read a paper ..  anyone here knows the sidechain idea
 21 2014-04-11 00:53:21 <blitzlightnin> http://www.cryptocoinsnews.com/news/adam-back-sidechains-can-replace-altcoins-bitcoin-2-0-platforms/2014/04/10
 22 2014-04-11 01:51:58 <__ns__> Hey anybody got acouple testnet BTC? I am working on an application.
 23 2014-04-11 01:53:03 <__ns__> Leave hobo change here: mhRL6jiMwM36831mcgo1B1Q1vrCsAiGgcT
 24 2014-04-11 02:01:00 <hello> blitzlightnin: looks like bs :D
 25 2014-04-11 02:02:21 <BCB> hello there is an investor involved.
 26 2014-04-11 02:03:13 <hello> yes twitter also got plenty of investors
 27 2014-04-11 02:03:14 <hello> :))
 28 2014-04-11 02:03:27 <hello> but they can `sell` users data
 29 2014-04-11 02:03:43 <BCB> if you are not buying a product you are the product
 30 2014-04-11 02:07:22 <hello> sounds about as logical as the aforementioned bs product :D
 31 2014-04-11 02:07:23 <hello> lol
 32 2014-04-11 02:10:08 <PRab> What are peoples thoughts on UTXO commitments? I enjoyed the discussion on the mailing list, but whats the chances of it actually getting implemented.
 33 2014-04-11 02:10:52 <PRab> If someone writes the code would it get merged, or would it get rejected from bitcoin core because it is a weaker security model?
 34 2014-04-11 02:11:13 <gmaxwell> I think you misunderstood the mailing list.
 35 2014-04-11 02:11:13 <PRab> I guess there is always the 3rd option of it being included as an option.
 36 2014-04-11 02:12:15 <gmaxwell> Its useful to have more authenticated data. The question about including it isn't the weaker security model, it's the concern of adding another normative data structure to full nodes that takes space and cpu to maintain and what its costs are.
 37 2014-04-11 02:12:19 <PRab> Oh? I saw the replies to my post and completely understand the additional weakness now.
 38 2014-04-11 02:12:32 <gmaxwell> Actually using it in Bitcoin Core is completely off the table.
 39 2014-04-11 02:12:42 <gmaxwell> (at least while acting as a full node!)
 40 2014-04-11 02:13:04 <PRab> Ok, so that was my question.
 41 2014-04-11 02:13:09 <gmaxwell> But as a fast bootstrap mechenism and tool to make litenodes and other external systems more secure, sure.
 42 2014-04-11 02:13:58 <PRab> As an end user, I have never liked the hard split between being a full node and a lite node.
 43 2014-04-11 02:14:13 <PRab> Full nodes help the network while lite nodes are a burden.
 44 2014-04-11 02:14:31 <PRab> I want to be somewhere in the middle and just carry my own weight, but no more.
 45 2014-04-11 02:14:46 <PRab> UTXO commitments seemed like a good way to get there.
 46 2014-04-11 02:14:55 <gmaxwell> PRab: well it's possible to do that too without any commitments at all.
 47 2014-04-11 02:15:32 <PRab> I guess in reality is still cheap enough to run a full node that I actually run 2 on one box.
 48 2014-04-11 02:15:38 <PRab> gmaxwell: How so?
 49 2014-04-11 02:15:44 <gmaxwell> PRab: there is no need on a full node to _store_ more than the utxo and enough blocks to handle reorgs...
 50 2014-04-11 02:16:29 <gmaxwell> in bitcoin core we never access the block data except during reorgs (and then only recent blocks), peers pulling the historic chains from us, and in response to user requested rpcs or rescans.
 51 2014-04-11 02:16:35 <PRab> I saw that, but then you still have all of the startup cost. (Bandwidth + disk IO)
 52 2014-04-11 02:16:51 <gmaxwell> PRab: sure, but that could be spread out over months in the background.. it's a one time thing.
 53 2014-04-11 02:17:32 <PRab> Agreed, but for myself, my system was almost unusable for almost 2 days while I was catching up.
 54 2014-04-11 02:17:55 <PRab> (I think my HD doesn't like leveldb)
 55 2014-04-11 02:18:03 <hello> lol
 56 2014-04-11 02:18:49 <PRab> If I could start at a UTXO commitment, then sever blocks from that point on, I believe that would be an easier pill to swallow.
 57 2014-04-11 02:19:39 <gmaxwell> PRab: It would be interesting to know whyâ but I think I answered that point. If the concern there is that the high usage is making your system unusable the answer is to just do the process slowly in the backround with very low idle priority, spreading it out so its unnoticable to you and stays out of your way.
 58 2014-04-11 02:20:09 <gmaxwell> and doing that doesn't require a reduction in the security model or additional complexity to think about incentives.
 59 2014-04-11 02:20:34 <PRab> Using both btcd and bitcoin-qt, I use process explorer to set the process priority and IO priority to "background". That made it much more bearable.
 60 2014-04-11 02:21:01 <PRab> The only problem with that was that I needed to wait even longer to get Armory (my end goal) up and running.
 61 2014-04-11 02:22:06 <gmaxwell> PRab: is this on windows?
 62 2014-04-11 02:22:48 <PRab> I ensured that they weren't thrashing the disk or fighting over IO by putting their data dir's on separate HDs.
 63 2014-04-11 02:22:53 <PRab> Yep, windows.
 64 2014-04-11 02:23:01 <PRab> Windows 7 64bit.
 65 2014-04-11 02:23:11 <gmaxwell> it's odd though, bitcoin core does relatively little IO
 66 2014-04-11 02:23:20 <gmaxwell> validation is all out of memory during the syncup.
 67 2014-04-11 02:23:46 <PRab> nope, it does a painful lot of IO, especially during startup.
 68 2014-04-11 02:24:00 <hello>  buy SSD :D
 69 2014-04-11 02:24:10 <codice> I'm kinda curious as to what kind of system you have
 70 2014-04-11 02:24:14 <PRab> hello: One of the 2 disks was an SSD.
 71 2014-04-11 02:24:19 <gmaxwell> during the process startup? yes it does a database integrity check that rolls back the last 100 blocks and reapplies them, this results in reading a fair bit and heating up the caches.
 72 2014-04-11 02:24:40 <gmaxwell> though its completely unnoticable on my laptop, other than the disk light is on for 4 seconds or so.
 73 2014-04-11 02:24:49 <gmaxwell> (but ... linux not windows)
 74 2014-04-11 02:24:56 <hello> yes windows qt is very light
 75 2014-04-11 02:25:08 <hello> and I use older laptop
 76 2014-04-11 02:25:20 <PRab> gmaxwell: I would have to run a trace, but the splash screen stays up for ~5 minutes and my system is significantly less responsive while that is happening.
 77 2014-04-11 02:25:26 <gmaxwell> PRab: you're not the only person I've seen report this, so I don't disbelieve you. But it would be interesting to find out why expirences differ.
 78 2014-04-11 02:25:28 <hello> 5 min LOL
 79 2014-04-11 02:25:29 <hello> :))
 80 2014-04-11 02:25:34 <gmaxwell> 5 minutes?! wtf.
 81 2014-04-11 02:25:35 <codice> I think there may be other issues
 82 2014-04-11 02:25:50 <gmaxwell> what version of bitcoin is this?
 83 2014-04-11 02:25:52 <gmaxwell> what hardware?
 84 2014-04-11 02:25:52 <hello> well if u use 386 cpu :P
 85 2014-04-11 02:26:00 <hello> but it does not run on win 7 lol
 86 2014-04-11 02:26:01 <codice> I run armory on win7 x64 and it never takes more than maybe a minute to sync up
 87 2014-04-11 02:26:01 <PRab> Yep, I agree. I told you my system doesn't like leveldb.
 88 2014-04-11 02:26:17 <hello> PRab: u system is %%%%
 89 2014-04-11 02:26:18 <hello> :)
 90 2014-04-11 02:26:35 <PRab> Core I5, 4GB memory, 1TB HD, 128 GB SSD.
 91 2014-04-11 02:26:55 <codice> you need more memory
 92 2014-04-11 02:27:07 <gmaxwell> The entire startup on my laptop, cold cache is to fully running is apparently 18 seconds.
 93 2014-04-11 02:27:14 <PRab> I have the same problem with btcd, the devs tried to hunt it down, but never came up with anything conclusive.
 94 2014-04-11 02:27:16 <gmaxwell> shouldn't need more memory unless he's out.
 95 2014-04-11 02:27:21 <PRab> gmaxwell: how much memory?
 96 2014-04-11 02:27:45 <codice> I don't think he needs it for armory/btc-qt or whatever, but he may need it for everything else
 97 2014-04-11 02:27:51 <gmaxwell> 8gb, but it shouldn't matter... the whole process is using 200mb at that point and the caches are cold.
 98 2014-04-11 02:27:54 <PRab> Current Memory Commit = %49.83
 99 2014-04-11 02:28:07 <codice> even sync'ing the entire block chain on my ultrabook took only about 9 hours
100 2014-04-11 02:28:10 <hello> perhaps u running a virus :D
101 2014-04-11 02:28:14 <gmaxwell> PRab: maybe some issue with your SATA controller. Might be interesting to run some IO benchmarks.
102 2014-04-11 02:28:14 <PRab> bitcoin-qt is currently taking 439MB memory.
103 2014-04-11 02:28:18 <codice> rather than the 2 days some folks mention
104 2014-04-11 02:28:26 <gmaxwell> hello: or anti-virus.
105 2014-04-11 02:28:31 <hello> also that
106 2014-04-11 02:28:38 <codice> also check your SSD firmware, if you can
107 2014-04-11 02:28:50 <PRab> Trust me, I'm clean for viruses.
108 2014-04-11 02:28:58 <PRab> SSD is fast, HD is slow.
109 2014-04-11 02:28:59 <gmaxwell> but yea, thats busted and thats a local issue, though if there is some change we could make to not trigger it I'd love to know.
110 2014-04-11 02:29:01 <codice> some older sandforce and intel chipsets had interesting bugs
111 2014-04-11 02:29:14 <gmaxwell> PRab: but are you clean of anti-viruses?
112 2014-04-11 02:29:15 <PRab> They are on the same sata controller, so I think the controller firmware/driver is ok.
113 2014-04-11 02:29:34 <PRab> gmaxwell: They only one I have is the built in windows defender.
114 2014-04-11 02:29:45 <gmaxwell> PRab: I suggest benchmarking startup with that disabled.
115 2014-04-11 02:29:50 <PRab> (The one that comes pre-installed)
116 2014-04-11 02:29:57 <PRab> Will do.
117 2014-04-11 02:30:22 <gmaxwell> but yea, interesting. Maybe we should publish benchmarks of bitcoin core so people know better whats expected.
118 2014-04-11 02:30:36 <gmaxwell> 5 minutes. Man. I'm sorry for you, that stinks. :)
119 2014-04-11 02:30:37 <PRab> Ok, Windows defender off. Restarting bitcoin-qt now.
120 2014-04-11 02:31:01 <PRab> Ok, qt is dead.
121 2014-04-11 02:31:24 <PRab> Splashscreen up.
122 2014-04-11 02:31:26 <gmaxwell> I wonder how many of these acrimonious performance discussions are with people who its running 20x slower for than it runs for me. :)
123 2014-04-11 02:31:50 <PRab> Verifying blocks...
124 2014-04-11 02:32:26 <PRab> IO Delta average = ~700
125 2014-04-11 02:32:44 <PRab> (according to Process Explorer
126 2014-04-11 02:33:06 <gmaxwell> still? :-/
127 2014-04-11 02:33:15 <PRab> Still Verifying Blocks...
128 2014-04-11 02:34:11 <PRab> IO Delta still very high (~1000)
129 2014-04-11 02:35:00 <PRab> ACTION whistles quietly and waits.
130 2014-04-11 02:35:19 <PRab> IO Delta up to 2000
131 2014-04-11 02:35:43 <gmaxwell> okay, so much for the AV theory.
132 2014-04-11 02:36:09 <codice> prab: do you have a column in PE called "I/O Delta Total Bytes"?
133 2014-04-11 02:36:15 <PRab> DONE!
134 2014-04-11 02:37:29 <PRab> I do now. ~100KB, but bouncing around.
135 2014-04-11 02:37:49 <PRab> Like I said, ~5 minutes looking at the IRC Log.
136 2014-04-11 02:38:32 <codice> ok, click on the top of the column header to sort it until the bigger ones are at the top
137 2014-04-11 02:38:51 <codice> repeat the process, then see what's doing the most I/O a
138 2014-04-11 02:39:06 <gmaxwell> and this is on the SSD?
139 2014-04-11 02:39:20 <PRab> bitcoin-qt has quieted down.
140 2014-04-11 02:39:25 <PRab> gmaxwell: No, HD.
141 2014-04-11 02:39:40 <PRab> btcd is on the SSD, bitcoin-qt is on the HD.
142 2014-04-11 02:42:17 <PRab> When I benchmark the HD, it comes out ok, but in general anything that runs level DB that I try to run on it ends up being slow. Games, Windows, Pictures all work reasonably fast off it.
143 2014-04-11 02:43:16 <PRab> Also, fyi the HD is a ST1000DM003 (http://www.newegg.com/Product/Product.aspx?Item=N82E16822148840)
144 2014-04-11 02:44:40 <codice> those are not very good drives, PRab
145 2014-04-11 02:45:06 <PRab> codice: Compared to?
146 2014-04-11 02:45:13 <codice> there were a few batches that had a number of issues due to buggy firmware
147 2014-04-11 02:45:50 <PRab> I know its not a WD Black or Velociraptor, but it should do for day to day.
148 2014-04-11 02:46:10 <codice> I have 6 of the 2TB model at home on a NAS, had to swap 3 of them due to very poor random i/o performance
149 2014-04-11 02:46:25 <PRab> I tried to update its firmware, but that failed... I wonder...
150 2014-04-11 02:46:48 <codice> had about 4000 here at work, about 5% have been replaced after a year
151 2014-04-11 02:47:52 <PRab> Mine is ~9 months old and hasn't shown any signs of dieing. I still take daily backup to an external HD every night.
152 2014-04-11 02:47:53 <codice> if you're running windows, I believe you can use Seagate's tools to check the SMART data on the drive, and see if there's anything out of the ordinary
153 2014-04-11 02:48:19 <PRab> Done and it came back clean. (about 2-3 weeks ago)
154 2014-04-11 02:54:04 <web-12345> bitcoin ppa ia on version 9.0    is this safe?
155 2014-04-11 03:02:47 <PRab> Sorry about that. Computer crashed when I tried to open Seagate Tools...
156 2014-04-11 03:03:17 <PRab> Of course that happens just as I am mentioning that my computer has been stable.
157 2014-04-11 03:03:56 <web-12345> damn spinny disks keep breaking
158 2014-04-11 03:10:26 <PRab> So I've established a pattern. Seagate Tools = Windows crash. :p
159 2014-04-11 03:11:37 <Luke-Jr> Seagate is crap. I have 2 hard drives that just run insane hot
160 2014-04-11 03:16:39 <aynstein> I purchased 24 Seagate's once, within 4 months 18 dead. Never again.
161 2014-04-11 03:20:15 <HectorJ> Hi! Does someone know an existing implementation of BIP39 in C/C++ ? My mnemonic_to_seed function doesn't match the test vectors and I can't find out why...
162 2014-04-11 05:25:53 <extor> I've just started scraping with the IE subsystem in Autoit and I was wondering if there's a better framework out there for wrb scraping that's noob(where I can just jump in and fiddle with the post/get logic) friendly? Maybe csharp perhaps with a scraping class. Or Python for windows or something else?
163 2014-04-11 05:37:08 <Alchemy> hey all I am interested in writing my own client, is there any protocol specific documentation anywhere
164 2014-04-11 05:37:33 <Luke-Jr> Alchemy: if you have to ask, then you're not competent to do it..
165 2014-04-11 05:38:02 <Alchemy> Luke-Jr, Will be by the time im finished :)
166 2014-04-11 05:38:28 <Luke-Jr> Alchemy: I wouldn't bet on it.
167 2014-04-11 05:38:53 <Luke-Jr> Alchemy: the first thing you should learn is what Bitcoin is
168 2014-04-11 05:38:57 <Luke-Jr> it's a consensus system.
169 2014-04-11 05:39:27 <Luke-Jr> consensus systems are inherently averse to specifications
170 2014-04-11 05:39:44 <Alchemy> there must be a common protocol spoken between all clients though
171 2014-04-11 05:39:44 <Luke-Jr> so, if you implement the documentation, you're almost guaranteed to have a broken implementation
172 2014-04-11 05:39:57 <Luke-Jr> there must. it must be the exact same logic.
173 2014-04-11 05:39:59 <Luke-Jr> ie, the same code.
174 2014-04-11 05:40:26 <Luke-Jr> you *could* translate the code to another language, but you'd have to be insanely careful to get the translation perfect
175 2014-04-11 05:40:45 <Luke-Jr> and there's really no benefit to doing so
176 2014-04-11 05:40:51 <Alchemy> well that makes it a little more fun, suppose I should go break apart bitcoind/-QT's source and get converting
177 2014-04-11 05:41:14 <Luke-Jr> Alchemy: why not do something useful? <.<
178 2014-04-11 05:41:27 <Alchemy> This is how I learn
179 2014-04-11 05:41:47 <Alchemy> I set my self a goal that is outside my reach in a language I wish to learn
180 2014-04-11 05:41:54 <Luke-Jr> I see.
181 2014-04-11 05:41:59 <Alchemy> ok most of the time I enver get to the end of the project but I learn along the way the naunces of the language
182 2014-04-11 05:42:01 <Arnavion> As long as you don't get other people to use it, it's fine
183 2014-04-11 05:42:02 <Alchemy> in this case erlang
184 2014-04-11 05:42:03 <Luke-Jr> what language is that?
185 2014-04-11 05:42:12 <Luke-Jr> hm
186 2014-04-11 05:43:23 <Alchemy> the theory goes along the lines of making a library in erlang that basically creates an interacatable wallet for websites to use, that can process JSON requests, the web server wants to check the state of the wallet it sends s JSON request to the erlang server which then does the relevent lookupsd and returns the information
187 2014-04-11 05:43:30 <Alchemy> the same applies for creating new deposit addresses etc.. etc..
188 2014-04-11 05:44:22 <Luke-Jr> Alchemy: well, if you just want a wallet, no need to mess with the protocol..
189 2014-04-11 05:44:30 <Luke-Jr> totally different things
190 2014-04-11 05:45:07 <Alchemy> Luke-Jr, indeed but I wanted it so that the website would be able to send money as well, I was under the impression that would require the erlangized subserver to be able to send requests on the bitcoin network its self
191 2014-04-11 05:45:52 <Alchemy> I invision it as two seperate libraries [Wallet] & [Client]
192 2014-04-11 05:46:08 <Luke-Jr> Alchemy: oh, so you mean the *network* protocol, not the *bitcoin* protocol
193 2014-04-11 05:46:18 <Luke-Jr> https://en.bitcoin.it/wiki/Protocol_specification
194 2014-04-11 05:46:22 <Alchemy> Luke-Jr, yes sorry that was my bad phrasing
195 2014-04-11 05:46:31 <Alchemy> thank you
196 2014-04-11 05:46:36 <Luke-Jr> now your project makes sense XD
197 2014-04-11 05:46:39 <Alchemy> :)
198 2014-04-11 05:46:48 <Luke-Jr> Alchemy: also be sure to read over the HD wallet spec
199 2014-04-11 05:46:59 <Luke-Jr> BIP 32
200 2014-04-11 05:47:01 <Alchemy> absolutely
201 2014-04-11 05:47:03 <Luke-Jr> https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
202 2014-04-11 05:48:29 <Alchemy> its going to be a fun few months, wonder how far I will get this time.... its kind of a running joke, I have used this method of learning for perl, python, c & C# and succeeded to a reasonable degree with all of them, erlang however has been a kick in the teeth the last two attempts
203 2014-04-11 05:48:46 <Alchemy> my brain seems to have some issue with it for some reason
204 2014-04-11 05:49:08 <Luke-Jr> Perl, Python, C, and C# are all procedural-oriented languages
205 2014-04-11 05:49:15 <Luke-Jr> Erlang is fundamentally different IIRC
206 2014-04-11 05:50:30 <prism> * Disconnected (Connection reset by peer).
207 2014-04-11 05:50:30 <prism> ok that was interesting
208 2014-04-11 05:50:32 <prism> (alchemy)
209 2014-04-11 05:50:52 <SomeoneWeird> somebody has registered the nick Alchemy :)
210 2014-04-11 05:51:01 <Alchemy> yes me ;)
211 2014-04-11 05:51:31 <Luke-Jr> [05:49:04] <Luke-Jr> Perl, Python, C, and C# are all procedural-oriented languages
212 2014-04-11 05:51:32 <Luke-Jr> [05:49:11] <Luke-Jr> Erlang is fundamentally different IIRC
213 2014-04-11 05:51:37 <Alchemy> <Alchemy> oh absolutely, that is why I picked it :)
214 2014-04-11 05:51:59 <SomeoneWeird> erlang is very different :)
215 2014-04-11 05:52:04 <SomeoneWeird> as are most functional langs
216 2014-04-11 05:52:44 <Luke-Jr> personally, when/if I get around to functional, I'd probably be trying out Haskell
217 2014-04-11 05:52:48 <Luke-Jr> it has darcs <.<
218 2014-04-11 05:53:18 <gmaxwell> ACTION coughs
219 2014-04-11 05:54:10 <SomeoneWeird> Luke-Jr, learning a functional language will affect the way you program
220 2014-04-11 05:54:12 <SomeoneWeird> in a good way
221 2014-04-11 05:54:53 <Luke-Jr> I think gmaxwell is choking at the off-topicness? :/
222 2014-04-11 06:01:43 <olalonde> hola
223 2014-04-11 06:48:26 <warren> Anyone interested in doing nightly gitian builds of master?
224 2014-04-11 07:00:25 <fanquake> ;;blocks
225 2014-04-11 07:00:26 <gribble> 295211
226 2014-04-11 07:01:07 <fanquake> Who's getting the cake when we reach 300'000?
227 2014-04-11 07:12:19 <warren> I'm working on a draft release roadmap for Bitcoin Core 0.10.  PM me if you want to help edit it.
228 2014-04-11 07:24:53 <wumpus> 0.10?
229 2014-04-11 07:25:12 <wumpus> I thought you wanted to propose a 0.9.2?
230 2014-04-11 07:25:49 <warren> oh
231 2014-04-11 07:27:02 <wumpus> it's to soon to call it a new major release
232 2014-04-11 07:27:26 <warren> ok
233 2014-04-11 07:27:55 <wumpus> (but that's purely version-number-technical, we could still fork it from the current master as that is convenient)
234 2014-04-11 07:28:22 <warren> PM
235 2014-04-11 07:31:55 <warren> wumpus: should "Feature freeze" be the same day as the "String freeze"?
236 2014-04-11 07:32:04 <warren> normally a feature freeze would be before a string freeze
237 2014-04-11 07:32:10 <warren> but there isn't much time
238 2014-04-11 07:32:50 <wumpus> the feature freeze at the time of the RC makes sense, it's what we always do already
239 2014-04-11 07:33:01 <wumpus> RCs only contain fixes
240 2014-04-11 07:33:58 <warren> I'll setup nightly gitian builds, GPG signed with a throwaway key on the build server, uploaded to S3 or something.
241 2014-04-11 07:34:11 <wumpus> ok, great
242 2014-04-11 07:35:07 <warren> wumpus: your builds that you posted, where did the partial hash in the filename come fro?
243 2014-04-11 07:35:24 <wumpus> the commit id
244 2014-04-11 07:35:35 <wumpus> it's the only hash that makes sense to include in the file name :-)
245 2014-04-11 07:36:12 <warren> I'll probably make it something like bitcoin-20140415-hash.tar.xz
246 2014-04-11 07:36:33 <wumpus> good idea
247 2014-04-11 07:36:50 <wumpus> date is better for sorting and the hash better for bug reporting
248 2014-04-11 07:36:59 <wumpus> so let's include both
249 2014-04-11 07:37:03 <warren> yup
250 2014-04-11 07:38:07 <warren> hmm... where to upload the nightly builds to
251 2014-04-11 07:38:47 <warren> wumpus: oh... instead of nightly build, a build after every PR merge?
252 2014-04-11 07:39:13 <wumpus> meh, I'd do a nightly build if I were you
253 2014-04-11 07:39:19 <warren> ok
254 2014-04-11 07:39:27 <wumpus> pulltester should take care of the build-this-pull eventually
255 2014-04-11 07:39:46 <warren> nightlys will easily be identical to a previous nightly though
256 2014-04-11 07:39:55 <wumpus> then only generate a nightly if it changed
257 2014-04-11 07:40:00 <warren> ok
258 2014-04-11 07:40:05 <wumpus> or rename it
259 2014-04-11 07:40:10 <warren> haha
260 2014-04-11 07:40:12 <warren> deterministic
261 2014-04-11 07:40:54 <warren> 2 May 2014: Feature freeze.  Source string freeze.  Release candidate.
262 2014-04-11 07:40:54 <warren> 9 May 2014: Release of Bitcoin Core 0.9.2.
263 2014-04-11 07:41:04 <warren> any other goal we can mention?
264 2014-04-11 07:41:58 <wumpus> well I'd personally say that mentioning a specific day is too precise
265 2014-04-11 07:42:08 <wumpus> time between rc and release depends on what problems are found
266 2014-04-11 07:42:31 <warren> The "schedule can slip" part, setting a goal is a good thing.
267 2014-04-11 07:42:51 <wumpus> setting a goal is good, but 'beginning of may' is a goal too
268 2014-04-11 07:43:39 <wumpus> I'd say waiting a week between rc and release is fine as long as there are no problems that require fixing (and thus a new rc)
269 2014-04-11 07:43:59 <warren> conditional week ... with allowance for additional rc's
270 2014-04-11 07:44:05 <wumpus> maybe 'a week after the last rc'
271 2014-04-11 09:14:17 <__david__> Hi Fellas, I am trying to write an extention to a bitcoin client for windows and I am getting something weird
272 2014-04-11 09:14:44 <__david__> When i issue Writefile, i get access denierd error (I am the one who created the file in the first place)
273 2014-04-11 09:42:43 <Luke-Jr> __david__: this is not ##windows
274 2014-04-11 09:43:18 <__david__> Luke-Jr: no problem i solved it, I did "GENERIC_READ || GENERIC_WRITE "  the error was the || insted of |
275 2014-04-11 09:43:33 <__david__> I was reading the block chain, i thought something fishy was up, but it was my bug
276 2014-04-11 09:44:12 <sipa> it's also not #programming101 :)
277 2014-04-11 09:44:23 <Luke-Jr> __david__: if you're learning to program, it would probably be a good idea to learn an actual programming language instead of Windows APIs
278 2014-04-11 09:45:15 <__david__> hahahhaha)))
279 2014-04-11 09:45:25 <__david__> ok
280 2014-04-11 09:46:13 <__david__> I am always learning to program Luke-Jr ,.., winapis are evil,,,.., very combersome to work with sure
281 2014-04-11 09:46:14 <gribble> Error: "," is not a valid command.
282 2014-04-11 09:48:04 <olalonde> anyone understands what txin sequences are for? apparently it's related to nLockTime but I'm not sure I understand why they are needed
283 2014-04-11 09:48:31 <airbreather> olalonde: for replacement transactions like the kinds of things that would enable contracts
284 2014-04-11 09:49:03 <airbreather> olalonde: see https://en.bitcoin.it/wiki/Contracts
285 2014-04-11 09:49:34 <Luke-Jr> olalonde: it isn't really needed AFAIK, just a quirk
286 2014-04-11 09:49:59 <Luke-Jr> something that should have been out-of-band
287 2014-04-11 09:51:27 <olalonde> ok
288 2014-04-11 09:53:49 <olalonde> do the actual sequence number influence lock time other then activate it if one of them is not 0xffffffff?
289 2014-04-11 09:55:30 <airbreather> Not directly, I don't think.  It's mainly the fact that without being able to set a lock time in the future, I don't think you can actually do anything useful with sequence numbers
290 2014-04-11 10:44:14 <sipa> olalonde: the only meaning for sequence numbers right now, is that if they're int_max, the transaction is always final
291 2014-04-11 10:44:31 <sipa> olalonde: satoshi envisioned transaction replacement policy to be influenced by it
292 2014-04-11 11:00:40 <Luke-Jr> sipa: good catch; we might just have to downgrade the VM :<
293 2014-04-11 11:09:55 <aynstein> sipa mind a quick pm regarding the wiki?
294 2014-04-11 11:11:36 <sipa> better ask it in here
295 2014-04-11 11:11:49 <sipa> Luke-Jr: downgrade the vm?
296 2014-04-11 11:12:46 <Luke-Jr> sipa: to an OS with an older libc
297 2014-04-11 11:12:55 <Luke-Jr> aynstein: #bitcoin-wiki ? :P
298 2014-04-11 11:12:58 <wumpus> I'd prefer just to go with static executables, then
299 2014-04-11 11:13:27 <aynstein> Luke-Jr: good idea, thanks !
300 2014-04-11 11:13:36 <wumpus> downgrading gcc and libc is not desirable
301 2014-04-11 11:13:53 <Luke-Jr> wumpus: sounds okay to me, if the libc can handle that
302 2014-04-11 11:14:02 <Luke-Jr> maybe we should consider a "light" libc in that case
303 2014-04-11 11:14:05 <wumpus> Luke-Jr: the static builds work fine
304 2014-04-11 11:14:15 <wumpus> Luke-Jr: many people are using them and I haven't had one complaint
305 2014-04-11 11:14:19 <Luke-Jr> otoh, if people really want small downloads, they can build themselves
306 2014-04-11 11:14:32 <wumpus> it's not that much bigger
307 2014-04-11 11:14:42 <wumpus> we already statically link most libraries
308 2014-04-11 11:14:45 <Luke-Jr> then might as well
309 2014-04-11 11:15:21 <wumpus> the only thing that's not (sanely) possible is to statically link qt on linux, but the stable linux distributions are mostly used on headless servers to that is no big loss
310 2014-04-11 11:16:16 <wumpus> then again, coryfields's solution is used succsfully in other projects, even firefox
311 2014-04-11 11:16:17 <Luke-Jr> er
312 2014-04-11 11:16:29 <Luke-Jr> can we static link libc/libstdc++ safely and NOT static link Qt? O.o
313 2014-04-11 11:16:37 <sipa> yeah, i like cory's solution- i just want to understand the risks
314 2014-04-11 11:16:39 <wumpus> Luke-Jr: no... just make bitcoin-qt dynamically linked
315 2014-04-11 11:16:45 <Luke-Jr> wumpus: a bug in firefox is no big deal, it has plenty already
316 2014-04-11 11:16:46 <wumpus> Luke-Jr: keep it like it is now
317 2014-04-11 11:17:05 <Luke-Jr> wumpus: so B-Qt doesn't work on <most OS>â
318 2014-04-11 11:17:15 <wumpus> Luke-Jr: it does work on most OS
319 2014-04-11 11:17:17 <Luke-Jr> it's mainly GUI users who need the binaries at all
320 2014-04-11 11:17:22 <Luke-Jr> wumpus: eh, no?
321 2014-04-11 11:17:24 <wumpus> just not a few old, stable distributions
322 2014-04-11 11:17:31 <wumpus> which as said, are mainly used on servers
323 2014-04-11 11:17:34 <Luke-Jr> it doesn't work on Fedora, RedHat, Debian, Ubuntu LTS..
324 2014-04-11 11:17:46 <wumpus> it *does* work on Ubuntu LTS 12.04
325 2014-04-11 11:17:57 <Luke-Jr> oh, still
326 2014-04-11 11:18:03 <wumpus> (that's what we built on)
327 2014-04-11 11:18:18 <wumpus> would be a bit strange if it didn't work on the OS that we use as build environment...
328 2014-04-11 11:18:42 <Luke-Jr> Ubuntu users don't *need* these anyway
329 2014-04-11 11:18:45 <Luke-Jr> they have the PPA
330 2014-04-11 11:19:01 <wumpus> I haven't heard one person request a staticaly linked bitcoin-qt
331 2014-04-11 11:19:19 <Luke-Jr> wumpus: I've heard many complain it's PIE :P
332 2014-04-11 11:19:22 <wumpus> everyone that approached me about stable-distribution problems was using it headless, on a server
333 2014-04-11 11:19:25 <Luke-Jr> (without understanding why of course)
334 2014-04-11 11:19:42 <Luke-Jr> weird
335 2014-04-11 11:19:59 <wumpus> Luke-Jr: because 'file' shows pie executables as shared library, which makes the (broken) gnome file manager think it is non-executable
336 2014-04-11 11:20:13 <Luke-Jr> right
337 2014-04-11 11:20:18 <wumpus> Luke-Jr: should be fixed on that side, though
338 2014-04-11 11:20:25 <Luke-Jr> ?
339 2014-04-11 11:20:39 <Luke-Jr> oh, I agree. but it won't help us deal with the complaints :P
340 2014-04-11 11:20:39 <wumpus> it must be fixed in gnome's file manager
341 2014-04-11 11:20:50 <Luke-Jr> err, I'd say it's "file" that's broken here, but ok
342 2014-04-11 11:21:05 <wumpus> if it has the +x bit it's executable for dummy's sake
343 2014-04-11 11:21:33 <Luke-Jr> most libraries have +x :x
344 2014-04-11 11:22:14 <wumpus> not on my system, checking /lib and /usr/lib
345 2014-04-11 11:22:33 <Luke-Jr> virtually all mine do
346 2014-04-11 11:22:45 <Luke-Jr> and segfault if executed <.<
347 2014-04-11 11:22:49 <wumpus> the only one executable is the dynamic linker itself, which makes sense
348 2014-04-11 11:23:26 <wumpus> (as it's executed as 'interpreter' for dynamically linked executables)
349 2014-04-11 11:24:21 <wumpus> in any case it'd be possible to add a .sh script that does nothing but launch the executable with passed-through arguments
350 2014-04-11 11:24:51 <wumpus> ... at least if gnome is 'smart enough' to see .sh files with +x as executables, if not, it's a lost cause
351 2014-04-11 11:54:13 <RocketNuts> is it correct that my Bitcoin Core 0.9 is not being updated to 0.9.1 when using "sudo apt-get update" ?
352 2014-04-11 11:54:59 <sipa> RocketNuts: depends on whether the source you are updating from has already been updated
353 2014-04-11 11:55:00 <RocketNuts> (I originally installed Bitcoin Core using sudo apt-get install bitcoin-qt and sudo apt-get install bitcoind)
354 2014-04-11 11:55:28 <RocketNuts> before first time installing I did sudo apt-add-repository ppa:bitcoin/bitcoin
355 2014-04-11 11:55:43 <RocketNuts> are there multiple sources I can get it from..?
356 2014-04-11 11:56:01 <sipa> that PPA is not yet updated to 0.9.1: https://launchpad.net/~bitcoin/+archive/bitcoin
357 2014-04-11 11:56:14 <sipa> but they are built using dynamically-linked openssl, i think
358 2014-04-11 11:56:21 <sipa> so updating wouldn't do anything
359 2014-04-11 11:56:36 <sipa> you just need to update your system openssl library
360 2014-04-11 11:57:11 <RocketNuts> yeah already did that
361 2014-04-11 11:57:28 <RocketNuts> but are there more PPA's with Bitcoin Core? (I'm kinda new to this PPA system)
362 2014-04-11 11:59:23 <arubi> RocketNuts, use `sudo apt-get upgrade` to upgrade packages
363 2014-04-11 12:00:23 <RocketNuts> arubi: is that something else than `sudo apt-get update` (already did that before), just tried upgrade and it says "0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded"
364 2014-04-11 12:00:33 <RocketNuts> so I guess my libssl is up-todate
365 2014-04-11 12:01:04 <arubi> use `apt-cache policy openssl` to look at _your_ openssl version
366 2014-04-11 12:01:30 <arubi> but if you're using a pre-compiled bitcoin core, then it was compiled against a different library version (the new one)
367 2014-04-11 12:02:18 <arubi> btw, `update` is to update cache for sources. `upgrade` is to actually perform the updates, and `dist-upgrade` is for lower level packages
368 2014-04-11 12:04:33 <RocketNuts> `apt-cache policy openssl` says: "Installed: 1.0.1-4ubuntu5.12"
369 2014-04-11 12:04:44 <RocketNuts> arubi: ah, thanks!
370 2014-04-11 12:05:00 <arubi> np RocketNuts
371 2014-04-11 12:05:33 <RocketNuts> I never compiled anything in ubuntu, so I guess I'm using a precompiled Bitcoin Core 0.9
372 2014-04-11 12:05:50 <arubi> which ubuntu version are you using?
373 2014-04-11 12:06:08 <shadders> !seen genjix
374 2014-04-11 12:06:09 <gribble> genjix was last seen in #bitcoin-dev 1 year, 32 weeks, 3 days, 9 hours, 35 minutes, and 30 seconds ago: <genjix> https://www.youtube.com/watch?v=zh8W4ZglOlw
375 2014-04-11 12:11:17 <Luke-Jr> RocketNuts: that libssl version should be good
376 2014-04-11 12:11:19 <Luke-Jr> http://www.ubuntu.com/usn/usn-2165-1/
377 2014-04-11 12:11:35 <SomeoneWeird> 5.12 is the patched version
378 2014-04-11 12:11:45 <SomeoneWeird> .11 isn't :)
379 2014-04-11 12:11:58 <RocketNuts> great :)
380 2014-04-11 12:12:03 <RocketNuts> my bitcoins are safe! :D
381 2014-04-11 12:12:44 <SomeoneWeird> lol
382 2014-04-11 12:12:44 <SomeoneWeird> well....
383 2014-04-11 12:13:06 <RocketNuts> Another question: how do payment processors like Bitpay and  Coinbase accept transactions so fast, I mean without waiting for a confirmation (literally in a matter of seconds). How do they avoid the risk of getting ripped off through double spend attempts etc?
384 2014-04-11 12:13:14 <SomeoneWeird> that is not entirely dependant on heartbleed being patched :)
385 2014-04-11 12:13:26 <SomeoneWeird> they don't
386 2014-04-11 12:24:45 <hno> Still fighting with my testnet nodes, now they are inconsistent in current difficulty. getdifficulty returns 1, but getblocktemplate gives a much target (bits).
387 2014-04-11 12:25:10 <hno> apart from loosing network connectivity from time to time due to a networking problem.
388 2014-04-11 12:25:57 <Luke-Jr> hno: getdifficulty isn't current difficulty.
389 2014-04-11 12:26:47 <Luke-Jr> it's the difficulty of the last block
390 2014-04-11 12:27:24 <hno> ah
391 2014-04-11 12:27:26 <Luke-Jr> otherwise someone could potentially make you think their blockchain had a high difficulty, but never actually get more than 1/4th of the difficulty there
392 2014-04-11 12:27:40 <Luke-Jr> (1/4 seems like nothing today, but back when Bitcoin was new..)
393 2014-04-11 12:29:29 <hno> thanks
394 2014-04-11 12:37:04 <hno> What is the 1/4 criteria?
395 2014-04-11 12:43:52 <Luke-Jr> hno: difficulty never adjusts more than 4x
396 2014-04-11 12:49:41 <vetch> Luke-Jr: what's the motivation for that particular value?
397 2014-04-11 12:50:18 <Luke-Jr> vetch: virtually all the values in bitcoin are arbitrary
398 2014-04-11 12:50:57 <vetch> Luke-Jr: I know, but I can't work out why a limit on the upper bound would be necessary
399 2014-04-11 12:59:40 <kjj> I view it as a sanity check.  I haven't ever seen a specific reason for it, other than that limits are usually a good idea.
400 2014-04-11 13:06:59 <__david__> does bitcoin use openssl, what about that bug?
401 2014-04-11 13:07:26 <Apocalyptic> where is the latest checkpoint in terms of blocks ?
402 2014-04-11 13:07:28 <kjj> upgrade to 0.9.1
403 2014-04-11 13:08:14 <kjj> Apocalyptic: https://github.com/bitcoin/bitcoin/blob/master/src/checkpoints.cpp
404 2014-04-11 13:08:35 <Apocalyptic> thank you
405 2014-04-11 13:16:47 <gavinandresen> Has anybody else looked for heartbleed payment protocol vulnerabilities in 0.9.0 ?  https://bitcointalk.org/index.php?topic=563048.msg6163077#msg6163077
406 2014-04-11 13:18:15 <gavinandresen> I haven't taken the time to figure out why the OSX 0.9.0 seems to be not vulnerable, but it would be nice to get a definitive yes or no (and if we're not vulnerable, to know why)
407 2014-04-11 13:25:45 <wumpus> gavinandresen: going to give it a try with the linux and windows 0.9.0
408 2014-04-11 13:26:17 <gavinandresen> wumpus: spiffy
409 2014-04-11 13:27:14 <gavinandresen> wumpus: RE: 0.9.1 : I think SOMETHING needs to change in 0.9.1 with transaction fees; either auto fee estimation (almost done, I promise!)  or just increasing defaults to match reality
410 2014-04-11 13:27:21 <gavinandresen> wumpus: err, I mean 0.9.3
411 2014-04-11 13:27:23 <gavinandresen> .2
412 2014-04-11 13:27:28 <gavinandresen> (can't type this morning)(
413 2014-04-11 13:31:19 <EagleTM> gavinandresen: I'm not in a position to give a definitive answer, but to my knowledge even the latest mac osx still uses 0.9.x openssl, that may be why it's not vuln when build on that platform
414 2014-04-11 13:31:49 <vetch> yep, apple still ships 0.9.8
415 2014-04-11 13:33:58 <gavinandresen> EagleTM: that could be it. although the Help->Advanced box said Qt was using openssl 1.0.1f.  Could be the QT fetching code was using a different openssl, though
416 2014-04-11 13:37:19 <wumpus> bitcoin:?r=https://192.168.1.10:4433/test
417 2014-04-11 13:37:23 <wumpus> eh, wrong window
418 2014-04-11 13:38:10 <wumpus> pacemaker.py, on connection from linux client says: "Possibly not vulnerable"
419 2014-04-11 13:38:29 <gavinandresen> wumpus: that's good news!
420 2014-04-11 13:39:12 <gavinandresen> wumpus: I wonder if the QT fetch-a-https-url code turns off heartbeats or something
421 2014-04-11 13:41:09 <sipa> gavinandresen: if the connection is short enough, there will never be a heartbeat, i guess
422 2014-04-11 13:41:13 <wumpus> ... doh, of course the linux one is not vulnerable, it dynamically links Qt, so uses the system Qt and OpenSSL (which were patched)
423 2014-04-11 13:41:24 <sipa> gavinandresen: doesn't mean that an attacker service can't send one
424 2014-04-11 13:41:48 <wumpus> pacemaker.py is supposed to send an hardbeat immediately
425 2014-04-11 13:41:52 <sipa> ok
426 2014-04-11 13:42:07 <gavinandresen> yes, during handshake I believe
427 2014-04-11 13:42:23 <GAit> have you seen BRIT?
428 2014-04-11 13:42:29 <wumpus> bad news, the windows one is vulnerable
429 2014-04-11 13:42:37 <wumpus> I get a 64k dump of memory
430 2014-04-11 13:43:40 <gavinandresen> wumpus: ok.
431 2014-04-11 13:47:17 <wumpus> though it's hard to say if it contains keys...
432 2014-04-11 13:47:52 <wumpus> I can try a few times and upload the data if anyone wants to look at it
433 2014-04-11 13:48:11 <wumpus> (yes, it's regtest, so I'll gladly upload the wallet.dat too)
434 2014-04-11 13:55:35 <wumpus> must of the data seems to have to do with qt and openssl certificates
435 2014-04-11 13:55:49 <_2_katelyn123> what you doing
436 2014-04-11 13:57:04 <wumpus> I'm looking into the memory of my 0.9.0 bitcoin-qt.exe process (running in wine) w/ heartbleed vulnerability
437 2014-04-11 13:58:32 <_2_katelyn123> on what
438 2014-04-11 13:58:48 <gavinandresen> wumpus: immediately after startup, when the wallet is loaded into memory, is probably the most likely time to find private keys on the heap. Although they'll be encrypted if the wallet is encrypted...
439 2014-04-11 13:59:32 <_2_katelyn123> go away
440 2014-04-11 13:59:44 <wumpus> gavinandresen: yes, encrypting your wallet would help here
441 2014-04-11 13:59:49 <sipa> _2_katelyn123: ?
442 2014-04-11 13:59:56 <Apocalyptic> sipa, probably a troll
443 2014-04-11 14:00:09 <gavinandresen> wumpus: although I suppose if memory gets freed wallet data could be exposed at any point in time.
444 2014-04-11 14:00:14 <wumpus> gavinandresen: at the time the payment request is requested, the wallet will still be locked
445 2014-04-11 14:00:26 <_2_katelyn123> get Skype
446 2014-04-11 14:00:36 <wumpus> gavinandresen: but keys are zeroed when freed
447 2014-04-11 14:00:40 <gavinandresen> wumpus: yes. And we're pretty careful about using the secure_allocator (which wipes memory on delete) for private keys
448 2014-04-11 14:00:50 <wumpus> right
449 2014-04-11 14:02:29 <gavinandresen> what do you think about sending out an alert?  Since windows is vulnerable, seems to me like we should (with a "don't panic, you're almost certainly fineâ¦ but upgrade"  tone)
450 2014-04-11 14:03:32 <wumpus> an alert targeted specifically at 0.9.0 makes sense
451 2014-04-11 14:03:50 <gavinandresen> yes.  Unfortunately we can't send out OS-specific alerts...
452 2014-04-11 14:04:28 <vetch> that's luckily easily implemented and backwards compatible
453 2014-04-11 14:05:17 <wumpus> linux and macosx users still have to make sure that their system's openssl version is upgraded, but indeed, they do not strictly need to upgrade to 0.9.1
454 2014-04-11 14:05:39 <vetch> wumpus: OSX users were never at risk, the system has never gone above 0.9.8
455 2014-04-11 14:05:45 <wumpus> vetch: right
456 2014-04-11 14:08:01 <wumpus> and yes, OS specific alerts would be nice
457 2014-04-11 14:11:12 <gavinandresen> wumpus: proposed bitcoin.org alert page: https://gist.github.com/gavinandresen/10183248
458 2014-04-11 14:13:09 <kinlo> altough it is perhaps not very "professional", a quick link to xkcd really explains very good what heartbleed is and why it's so dangerous
459 2014-04-11 14:13:38 <vetch> gavinandresen: the second paragraph seems a little awkward, specifically the first sentence.
460 2014-04-11 14:14:09 <gavinandresen> vetch: suggest rewording?
461 2014-04-11 14:14:15 <Luke-Jr> gavinandresen: "a website controlled by an attacker" is not quite accurate; MITM is a risk
462 2014-04-11 14:14:23 <vetch> gavinandresen: trying.
463 2014-04-11 14:14:43 <kinlo> gavinandresen: shouldn the first , just be "and" in that sentence?
464 2014-04-11 14:15:05 <gavinandresen> Luke-Jr: is it a risk worth mentioning?  MITM a TCP connection is non-trivial unless you're an ISP
465 2014-04-11 14:15:27 <vetch> kinlo: no, it's a list of three requirements. having two "and" in a row is awkward
466 2014-04-11 14:15:32 <Luke-Jr> gavinandresen: it's not especially difficult if you can get in the same datacenter, which isn't itself usually very hard for criminals
467 2014-04-11 14:15:47 <sipa> gavinandresen: or you set up some public wifi, or own an internet cafe
468 2014-04-11 14:15:49 <kinlo> vetch: it's unclear now
469 2014-04-11 14:16:01 <kinlo> Luke-Jr: mitm is not the way I would attack the bug
470 2014-04-11 14:16:13 <Luke-Jr> "You can verify the version of OpenSSL being used from the Bitcoin Core GUI's Debug window (accessed from the Help menu)." <-- some distros don't bump the version, so this will show a "vulnerable" version :/
471 2014-04-11 14:16:30 <kinlo> hmmmz, at least not for the server side, but indeed, the client initiated connection makes sense to do mitm, ignore my last comment )
472 2014-04-11 14:16:44 <Luke-Jr> "Linux users should upgrade their system's version of OpenSSL." <-- unless they use the Linux binaries, which need updating to 0.9.1..
473 2014-04-11 14:17:44 <gavinandresen> I'll simplify the "What you should do" to :  1) Upgrade to 0.9.1.   2) If you are Linux, upgrade your openssl.
474 2014-04-11 14:17:53 <gavinandresen> Linux users should do both.
475 2014-04-11 14:18:13 <Luke-Jr> makes sense
476 2014-04-11 14:18:20 <vetch> gavinandresen: i'm struggling with how to make that first sentence more readable. it almost needs to be a list of bullet points
477 2014-04-11 14:18:39 <gavinandresen> â¦ and I'll remove the "from a website controlled by an attacker"
478 2014-04-11 14:18:40 <kinlo> so, isn't the linux / -qt version affected?
479 2014-04-11 14:18:54 <Luke-Jr> gavinandresen: might make sense to put "What you should do" above "How serious is the risk", maybe
480 2014-04-11 14:18:56 <kinlo> the payment protocol is cross platform right, or does only the windows build support it?
481 2014-04-11 14:19:13 <Luke-Jr> kinlo: if you compiled yourself, it uses the system's OpenSSL
482 2014-04-11 14:19:14 <gavinandresen> wumpus: were you testing the 0.9.0 release binaries?  or binaries you compiled yourself?
483 2014-04-11 14:19:24 <kinlo> Luke-Jr: if, but we're advocating not to do so
484 2014-04-11 14:19:34 <Luke-Jr> kinlo: who is?
485 2014-04-11 14:19:59 <kinlo> Luke-Jr: I still refer to the open letter you guys wrote last year :)
486 2014-04-11 14:20:14 <Luke-Jr> kinlo: that was to distro package managers, not to end users who might compile the code
487 2014-04-11 14:20:46 <Luke-Jr> and it was about messing with non-standard patches without thinking it through; which is also not merely compiling the code as-is
488 2014-04-11 14:20:47 <kinlo> Luke-Jr: perhaps, I Still advocate nobody to recompile anything
489 2014-04-11 14:20:54 <Luke-Jr> well that's silly
490 2014-04-11 14:21:06 <kinlo> except for those who know what they are doing
491 2014-04-11 14:21:06 <Luke-Jr> the ideal is each user compile it themselves
492 2014-04-11 14:21:22 <kinlo> and when they use gitian, so their lib versions are correct
493 2014-04-11 14:21:23 <Luke-Jr> an unrealistic ideal obviously, but still an ideal
494 2014-04-11 14:21:52 <gavinandresen> Updated gist: https://gist.github.com/gavinandresen/10183248
495 2014-04-11 14:22:39 <kinlo> so again, aren't non-linux versions affected?
496 2014-04-11 14:22:42 <vetch> gavinandresen: I think kinlo is more correct
497 2014-04-11 14:22:59 <Luke-Jr> gavinandresen: "You can verify the version of OpenSSL being used â¦" is going to invite panicing on Ubuntu and Debian (at least)
498 2014-04-11 14:23:00 <vetch> line 19 needs an "and"
499 2014-04-11 14:23:07 <gavinandresen> kinlo vetch: please stop speculating, grab the 0.9.0 linux binaries, and test.
500 2014-04-11 14:23:36 <kinlo> gavinandresen: I was actually more referring to the mac version
501 2014-04-11 14:23:42 <vetch> gavinandresen: I was correcting the message, not speculating on wether or not it was vulnerable
502 2014-04-11 14:23:55 <kinlo> but I don't know how to test client-side
503 2014-04-11 14:24:00 <gavinandresen> kinlo: according to my testing the OSX 0.9.0 is NOT vulnerable.
504 2014-04-11 14:24:12 <kinlo> ic
505 2014-04-11 14:24:40 <gavinandresen> kinlo: see https://bitcointalk.org/index.php?topic=563048.msg6163077#msg6163077    more testers very welcome
506 2014-04-11 14:25:13 <Luke-Jr> gavinandresen: are Mac builds static OpenSSL btw?
507 2014-04-11 14:25:33 <gavinandresen> Luke-Jr: RE: panicing on Ubuntu and Debian:  we should tell them to beat up the Ubuntu/Debian maintainers when they panic
508 2014-04-11 14:26:30 <gavinandresen> Luke-Jr: I thought soâ¦
509 2014-04-11 14:26:35 <Luke-Jr> still takes time to explain that. >_<
510 2014-04-11 14:27:33 <gavinandresen> Luke-Jr: suggested wording for the alert page RE: Debian/Ubuntu mess up version numbers?
511 2014-04-11 14:29:03 <gavinandresen> vetch: My English teacher taught me that it is ok to create a list as:  This, this, and that.   Instead of This and this and that.
512 2014-04-11 14:29:17 <franco> dear all
513 2014-04-11 14:29:21 <franco> I'm franco
514 2014-04-11 14:29:33 <Luke-Jr> maybe "If you use the official binaries, you can verify the version of OpenSSL being used from the Bitcoin Core GUI's Debug window (accessed from the Help menu). If you compiled Bitcoin Core yourself, ensure your operating system's OpenSSL is up to date and not vulnerable."
515 2014-04-11 14:29:35 <franco> I'm an italian student
516 2014-04-11 14:29:55 <vetch> gavinandresen: I was taught that too, but for in this case it seems that it's saying "this" OR "this" AND "this"
517 2014-04-11 14:29:56 <gavinandresen> Luke-Jr: ENOCARE for anybody who compiled themselves
518 2014-04-11 14:29:56 <Luke-Jr> franco: we're discussing English now, not Latin
519 2014-04-11 14:30:14 <franco> I vould to build a simple system for my university exam
520 2014-04-11 14:30:45 <Luke-Jr> "If you use the official binaries, you can verify the version of OpenSSL being used from the Bitcoin Core GUI's Debug window (accessed from the Help menu). If you compiled Bitcoin Core yourself or use the Ubuntu PPA, ensure your operating system's OpenSSL is up to date and not vulnerable."
521 2014-04-11 14:31:04 <franco> and I vould to create a simple bit coin bank application
522 2014-04-11 14:31:17 <franco> some one could help me to start
523 2014-04-11 14:31:27 <Luke-Jr> franco: off-topic
524 2014-04-11 14:32:10 <franco> why it's off-topic
525 2014-04-11 14:32:13 <vetch> gavinandresen: I've tried putting into a dot point list, but then it's back to it being OR, I think it's just going to be one of those things that's ridiculously hard to phrase.
526 2014-04-11 14:32:28 <sipa> franco: this channel is about development of the bitcoin protocol and clients using it
527 2014-04-11 14:32:53 <franco> where can I talk about my problems
528 2014-04-11 14:33:15 <gavinandresen> Luke-Jr vetch: updated
529 2014-04-11 14:33:47 <gavinandresen> Has anybody tested the 0.9.0 Linux binaries to see if they're vulnerable?
530 2014-04-11 14:34:15 <vetch> gavinandresen: I believe that reads better.
531 2014-04-11 14:34:34 <kinlo> if you are using the Windows version of the Bitcoin Core GUI with an unencrypted wallet, it is possible that one or more of your private keys could be sent to an attacker as soon as you click on a bitcoin: link.
532 2014-04-11 14:34:36 <wumpus> gavinandresen: release binaries, ofc
533 2014-04-11 14:35:29 <gavinandresen> wumpus: so release Linux binaries weren't vulnerableâ¦ weird, I wonder why.
534 2014-04-11 14:35:35 <kinlo> the comma's are full stops that make the sentence harder.  My version is a too long sentence, but I believe it is easier to read
535 2014-04-11 14:35:45 <vetch> kinlo, gavinandresen: if you are using the Windows version of the Bitcoin Core GUI with an unencrypted wallet, it is possible that your wallet could be compromised by clicking on a bitcoin: payment request link.
536 2014-04-11 14:35:51 <wumpus> gavinandresen: as I said, the linux binaries link Qt dynamically
537 2014-04-11 14:36:05 <wumpus> gavinandresen: Qt, in turn, links OpenSSL dynamically
538 2014-04-11 14:36:13 <vetch> kinlo, gavinandresen: if you are using the Windows version of the Bitcoin Core GUI without encryption, it is possible that your wallet could be compromised by clicking on a bitcoin: payment request link.
539 2014-04-11 14:36:17 <wumpus> gavinandresen: so you end up with the system's openssl being used
540 2014-04-11 14:36:35 <gavinandresen> wumpus: got it. So static openssl is just used for core functionality, QT dynamically loads system openssl and uses it....
541 2014-04-11 14:36:39 <wumpus> gavinandresen: (in the case of payment requests, rpcssl would use the statically linked internal openssl)
542 2014-04-11 14:36:43 <wumpus> gavinandresen: yep
543 2014-04-11 14:37:34 <vetch> kinlo: (I'm operating under the assumption that users don't need to know what private keys are, and probably don't care)
544 2014-04-11 14:37:38 <kinlo> vetch: not your last version, it's unencrypted wallet, everybody beliefs that bitcoin works with encryption everywhere, so they will be put off by not specifying what is encrypted)
545 2014-04-11 14:37:57 <vetch> I follow.
546 2014-04-11 14:38:15 <vetch> I just wanted to avoid using "wallet" twice in one sentence.
547 2014-04-11 14:38:49 <kinlo> also I would drop the "then" in line 28
548 2014-04-11 14:38:51 <gavinandresen> vetch: ACK, updated
549 2014-04-11 14:40:39 <vetch> kinlo: "If you are using the Windows version of the Bitcoin Core GUI without an encryption password, it is possible that your wallet could be compromised by clicking on a bitcoin: payment request link." < better?
550 2014-04-11 14:41:07 <kinlo> vetch: dunno, what's the menu item called to encrypt the wallet?
551 2014-04-11 14:41:25 <vetch> not sure, I've never used the GUI
552 2014-04-11 14:41:25 <wumpus>  'with encryption' sounds a bit vague to me, I'd leave 'wallet' in there
553 2014-04-11 14:41:27 <kinlo> it needs to be worded exactly the same so people will know where to look wether they enabled it
554 2014-04-11 14:41:38 <wumpus> or 'with wallet passphrasse'
555 2014-04-11 14:41:42 <kinlo> I don't even have bitcoin core installed on this laptop
556 2014-04-11 14:41:59 <vetch> "If you are using the Windows version of the Bitcoin Core GUI without a wallet passphrase, it is possible that your wallet could be compromised by clicking on a bitcoin: payment request link."
557 2014-04-11 14:43:17 <vetch> I agree with wumpus once I think about it, it makes more sense than the term "encryption" if users aren't used to it
558 2014-04-11 14:44:13 <Luke-Jr> warren: maybe the double OpenSSL is why Bitcoin Core used to use more memory on Fedora?
559 2014-04-11 14:44:25 <sipa> i hope not
560 2014-04-11 14:44:55 <Luke-Jr> "no-password wallet"
561 2014-04-11 14:45:13 <Luke-Jr> users know what passwords are (maybe passphrases too)
562 2014-04-11 14:45:58 <gavinandresen> vetch: ACK, updated
563 2014-04-11 14:46:47 <kinlo> looks good to me now
564 2014-04-11 14:47:19 <wumpus> Luke-Jr: only in the case of the gui though, bitcoind won't have a 'double openssl'
565 2014-04-11 14:47:20 <Luke-Jr> sipa: ?
566 2014-04-11 14:53:39 <sipa> Luke-Jr: that would be some ridiculous amount of memory for openssl
567 2014-04-11 14:53:51 <sipa> (the difference was in the order of 100 MB, no?)
568 2014-04-11 14:55:58 <michagogo> cloud|"Norton blocked an attack by: Attack: OpenSSL Hearbleed CVE-2014-0160 3"
569 2014-04-11 14:56:12 <michagogo> cloud|Over Tor, it looks like
570 2014-04-11 14:56:23 <michagogo> cloud|(through Vidalia, that is)
571 2014-04-11 15:06:43 <gavinandresen> https://github.com/bitcoin/bitcoin.org/pull/375   <-- pull request for alert page on bitcoin.org
572 2014-04-11 15:07:29 <vetch> gavinandresen: should the url on L11 be.. urlified?
573 2014-04-11 15:08:25 <gavinandresen> vetch: meh. I suppose...
574 2014-04-11 15:09:58 <kinlo> it's ok like this I think
575 2014-04-11 15:11:05 <vetch> gavinandresen: passes a pre-flight check for me.
576 2014-04-11 15:12:19 <shesek> I wonder how efficient is heardbleed for DDOS amplification, relative to NTP and DNS
577 2014-04-11 15:12:47 <kinlo> shesek: totally not efficient, you need a full tcp session to do anything
578 2014-04-11 15:12:54 <kinlo> so no spoofing so no ddos
579 2014-04-11 15:13:18 <kinlo> both ntp and dns are udp, very easy to spoof, no session to build up
580 2014-04-11 15:13:43 <vetch> shesek: amplification requires something you only need to do a half handshake for, as it relies on spoofing the source IP to send a substantially large response to the victim.
581 2014-04-11 15:14:16 <shesek> isn't the heartbeat primarily meant to be used on top of udp?
582 2014-04-11 15:14:52 <shesek> with DTLS
583 2014-04-11 15:15:03 <kinlo> tls is tcp only
584 2014-04-11 15:15:20 <kinlo> also most tcp protocols have a heatbeat system
585 2014-04-11 15:15:28 <kinlo> even irc does :)
586 2014-04-11 15:16:06 <shesek> yeah... its ping/pong
587 2014-04-11 15:16:10 <vetch> shesek: from a quick look at the RFC, it looks like you have to have already done a handshake
588 2014-04-11 15:16:22 <vetch> https://tools.ietf.org/html/rfc6520#section-3
589 2014-04-11 15:16:24 <kinlo> not just ping pong, it also sends arbitrary data and returns that
590 2014-04-11 15:16:26 <shesek> vetch, you mean for TLS or for DLTS?
591 2014-04-11 15:16:30 <kinlo> just like tls does
592 2014-04-11 15:16:31 <kenrestivo> is there a guide/technique for cross-compiling bitcoind for windows?
593 2014-04-11 15:16:41 <shesek> * DTLS
594 2014-04-11 15:16:52 <kinlo> kenrestivo: there is a good document that explains gitian, you want to look at that
595 2014-04-11 15:17:24 <vetch> shesek: that section seems to mention both
596 2014-04-11 15:17:53 <kinlo> kenrestivo: read https://github.com/bitcoin/bitcoin/blob/master/doc/gitian-building.md
597 2014-04-11 15:18:11 <vetch> "However, a HeartbeatRequest message SHOULD NOT be sent during handshakes." ... "The receiving peer SHOULD discard the message silently, if it arrives during the handshake. "
598 2014-04-11 15:19:06 <olalonde> anyone knows how big is the testnet blockchain?
599 2014-04-11 15:19:30 <kenrestivo> kinlo: thx
600 2014-04-11 15:19:57 <vetch> olalonde: sec.
601 2014-04-11 15:20:24 <shesek> mine is about 0.8gb
602 2014-04-11 15:20:24 <vetch> 1.22GB
603 2014-04-11 15:20:30 <shesek> from a week or two ago
604 2014-04-11 15:20:36 <olalonde> makes sense , thanks :)
605 2014-04-11 15:20:51 <vetch> shesek: yeah, since then someone spammed an absolute tonne of 1MB blocks filled with crap
606 2014-04-11 15:21:16 <olalonde> is there any light/web wallet that works with testnet?
607 2014-04-11 15:21:41 <vetch> olalonde: https://tpfaucet.appspot.com/
608 2014-04-11 15:21:43 <vetch> bottom of the page.
609 2014-04-11 15:21:59 <olalonde> thx
610 2014-04-11 15:23:13 <vetch> I'm sorely tempted to fork testnet3 from a few weeks back and remove the hundreds of megabytes of useless blocks.
611 2014-04-11 15:23:41 <vetch> I tried and failed at that, actually.
612 2014-04-11 15:23:58 <shesek> if you can get a few ASICs to mine on testnet, you can probably undo that mess
613 2014-04-11 15:24:54 <vetch> I was prepared with that actually, I was ready to go back to block 200,000 but had trouble getting my client to properly blacklist and reorganise back that far.
614 2014-04-11 15:26:22 <gavinandresen> https://bitcoin.org/heartbleed   is up
615 2014-04-11 15:27:09 <aschildbach_> gavinandresen: can we include information for other wallets?
616 2014-04-11 15:30:20 <michagogo> cloud|18:16:40 <kenrestivo> is there a guide/technique for cross-compiling bitcoind for windows? <-- if you can read bash, read the contrib/gitian-descriptors/*win.yml files
617 2014-04-11 15:30:58 <michagogo> cloud|gavinandresen: btw, is there something somewhere detailing how alerts are created and sent into the network?