1 2014-09-17 00:02:05 <earlz> Does the stratum protocol control the ntime mined for a block?
  2 2014-09-17 00:14:10 <Luke-Jr> earlz: no, it's left entirely undefined
  3 2014-09-17 00:15:14 <earlz> So, could a malicious miner mining at a pool possibly do timestamp manipulation?
  4 2014-09-17 00:15:22 <earlz> (assuming he actually mined the block, of course)
  5 2014-09-17 00:15:51 <earlz> Well, not just stratum, but also getblocktemplate
  6 2014-09-17 00:16:14 <earlz> I notice there is a capability for timestamp that appears to always be enabled. I wonder if pools would handle if that was not enabled
  7 2014-09-17 03:04:28 <gmaxwel> hmm
  8 2014-09-17 03:04:34 <gmaxwel> everyone drunk here?
  9 2014-09-17 03:04:35 <gmaxwel> :)
 10 2014-09-17 03:05:55 <lifeofcray> yes
 11 2014-09-17 03:17:00 <earlz> working on a glass of jack and coke, so yes
 12 2014-09-17 04:37:48 <lechuga_> sipa: any chance you're up?
 13 2014-09-17 07:00:24 <coryfields> wumpus: I'm retarded, my PR does the same thing as sipa's. just ignore.
 14 2014-09-17 07:01:13 <wumpus> well at least you agree with his approach then :)
 15 2014-09-17 07:01:31 <coryfields> sipa: ping. let me know what your next step is (re #4899) and I'll help out
 16 2014-09-17 07:01:52 <coryfields> heh yea, it's funny how similar they ended up being
 17 2014-09-17 07:02:27 <coryfields> i set out tonight to nuke that boost dependency and that was the result. should've checked the current PR's again first.
 18 2014-09-17 07:47:59 <sipa> lechuga_: this chance is nonzero
 19 2014-09-17 07:48:22 <sipa> gmaxwell: mildly
 20 2014-09-17 08:09:11 <sipa> coryfields: next step? getting it merged would be nice...
 21 2014-09-17 08:19:26 <coryfields> sipa: heh
 22 2014-09-17 08:19:59 <coryfields> sipa: i assumed your intent was to drop key.h from the script lib
 23 2014-09-17 08:20:26 <coryfields> that was what i was working on with #4934, anyway
 24 2014-09-17 08:32:19 <sipa> coryfields: right, that too
 25 2014-09-17 13:10:48 <jgarzik> saivann, https://bitcoin.org not working here
 26 2014-09-17 13:12:34 <michagogo> Hm, same here
 27 2014-09-17 13:12:54 <michagogo> 
ACTION checks http://isup.me/bitcoin.org

 28 2014-09-17 13:13:09 <michagogo> Not pinging, either
 29 2014-09-17 13:15:22 <saivann> Sigh, probably one of these strong DDoS attacks again, let me check..
 30 2014-09-17 13:19:06 <saivann> Yes, 10gbps DDoS attack,Black Lotus does not protect us against those, they nullroute the IP until the attack is under 10gbps and then automatically reenable the IP
 31 2014-09-17 13:23:41 <phantomcircuit> saivann, srsly?
 32 2014-09-17 13:23:56 <timothy> who is black lotus?
 33 2014-09-17 13:24:06 <saivann> phantomcircuit: We've had many of these recently
 34 2014-09-17 13:24:18 <phantomcircuit> no i mean the 10gbps limit
 35 2014-09-17 13:24:26 <saivann> timothy: https://www.blacklotus.net/
 36 2014-09-17 13:24:52 <saivann> phantomcircuit: Yes sure, otherwise you need to pay the 2500$ setup fee + 500$ / month for 20gpbs
 37 2014-09-17 13:25:11 <timothy> Global terabit-scale network with 480 Gbps of active DDoS mitigation capacity
 38 2014-09-17 13:26:23 <Eliel> ok, who benefits from dropping bitcoin.org? Sounds like simply a nuisance level attack.
 39 2014-09-17 13:38:16 <michagogo> Eliel: pretty much
 40 2014-09-17 13:38:26 <michagogo> Many attacks of the sort are.
 41 2014-09-17 13:38:36 <michagogo> Freenode's a good example...
 42 2014-09-17 13:40:07 <michagogo> (also, TIL BlackLotus takes bitcoins via BitPay)
 43 2014-09-17 13:42:54 <NewLiberty_> bitcoin short side investors may benefit.  Its a black eye, nothing fatal but may make some news.
 44 2014-09-17 13:53:08 <phantomcircuit> saivann, so you're not using one of their dedicated boxes?
 45 2014-09-17 13:53:14 <phantomcircuit> they bill for bandwidth differently for those
 46 2014-09-17 13:53:28 <phantomcircuit> afaict it's a much much better deal
 47 2014-09-17 13:53:38 <phantomcircuit> even if you just use it as a reverse proxy
 48 2014-09-17 13:54:08 <timothy> using cloudflare should help
 49 2014-09-17 13:54:17 <saivann> phantomcircuit, we are indeed using their dedicated server, I think that's what you're doing too
 50 2014-09-17 13:54:34 <saivann> timothy: AFAIK, Cloudflare 20gbps protection isn't cheap either
 51 2014-09-17 13:55:41 <timothy> well, but you have most than one ip (cdn)
 52 2014-09-17 13:55:45 <timothy> more(
 53 2014-09-17 13:56:02 <timothy> so it's not so easy to ddos multiple ips
 54 2014-09-17 14:00:52 <saivann> The attack just ended
 55 2014-09-17 14:01:31 <saivann> timothy, I'll check with Black Lotus but I'll surely be considering other options too at this point.
 56 2014-09-17 14:05:19 <saivann> For the record, I've just got more detailed data and what we're dealing with is strong UDP flood attacks that seems to be easily scaling at will.
 57 2014-09-17 14:09:18 <phantomcircuit> saivann, unfortunately generating a massive udp flood is pretty easy
 58 2014-09-17 14:10:33 <phantomcircuit> saivann, huh
 59 2014-09-17 14:10:43 <phantomcircuit> i wonder if they changed their pricing structure
 60 2014-09-17 14:11:38 <timothy> yes, botnet is a bad plague
 61 2014-09-17 14:11:47 <phantomcircuit> oh nvm i see
 62 2014-09-17 14:11:57 <phantomcircuit> at 20gbps you'd go over the clean traffic allotment in about an hour
 63 2014-09-17 14:12:06 <phantomcircuit> that's pretty lame
 64 2014-09-17 14:13:54 <saivann> I often hear people not recommending / trusting CloudFlare, is there some good arguments against using them?
 65 2014-09-17 14:14:20 <saivann> Ah, the attack started back again..
 66 2014-09-17 14:14:50 <timothy> we use cloudflare without many problems
 67 2014-09-17 14:14:58 <phantomcircuit> saivann, they have your private key for https for one
 68 2014-09-17 14:15:24 <timothy> forum login is not in plain text iirc
 69 2014-09-17 14:15:37 <phantomcircuit> and in general their "web 3.0" startup feel isn't a great security indicator
 70 2014-09-17 14:16:45 <phantomcircuit> and personally the fact that someone ddos'd intersango and then showed up on irc telling me to use cloudflare
 71 2014-09-17 14:16:46 <phantomcircuit> well
 72 2014-09-17 14:16:55 <phantomcircuit> that is quite possibly the biggest possible red flag
 73 2014-09-17 14:19:35 <saivann> phantomcircuit: On the other hand, do you know what DDoS service we could use that would deal with our current attacks at a decent price (I'm not sure Black Lotus would succeed at 1000S/month)
 74 2014-09-17 14:20:03 <phantomcircuit> saivann, not really no
 75 2014-09-17 14:20:15 <phantomcircuit> protecting against ddos attacks is mad expensive
 76 2014-09-17 14:20:27 <phantomcircuit> bandwidth is like $1/mbps
 77 2014-09-17 14:20:37 <phantomcircuit> so their 480gbps is at least 480k/month
 78 2014-09-17 14:20:44 <saivann> I don't want to waste the Foundation's money only on DDoS attack prevention
 79 2014-09-17 14:21:08 <phantomcircuit> saivann, it's kind of a catch 22
 80 2014-09-17 14:21:28 <phantomcircuit> the best protection tends to be limiting attackers information on how much bandwidth is available
 81 2014-09-17 14:21:41 <phantomcircuit> since they will usually give up pretty quickly if their attack fails
 82 2014-09-17 14:21:52 <phantomcircuit> but if they know you will run out of bandwidth quota after an hour
 83 2014-09-17 14:21:56 <phantomcircuit> they keep going
 84 2014-09-17 14:30:31 <bsm117532> Hi folks, I would like to use bitcoin with a newer libdb, in the interest of future maintenence.  libdb4.8 is not included in most distributions now, it's so old.  But compiling with newer libdb, bitcoin refuses to even create a new wallet.dat file.
 85 2014-09-17 14:34:08 <chichov> join ##mathematica
 86 2014-09-17 14:34:10 <chichov> ops
 87 2014-09-17 14:38:23 <michagogo> bsm117532: how new?
 88 2014-09-17 14:38:31 <michagogo> I think 5.1 works, at least
 89 2014-09-17 14:38:34 <bsm117532> Anything that's actually included on modern distributions.
 90 2014-09-17 14:39:04 <michagogo> Ubuntu precise ships 5.1, that works IIRC
 91 2014-09-17 14:39:22 <bsm117532> I get on startup: "Error initializing wallet database environment!"
 92 2014-09-17 14:39:30 <michagogo> I don't know about 5.3
 93 2014-09-17 14:39:37 <michagogo> bsm117532: well, what version are you using?
 94 2014-09-17 14:41:01 <gribble> Here's a bitcoin wiki page about gribble: http://en.bitcoin.it/wiki/Gribble
 95 2014-09-17 14:41:01 <michagogo> ;;gribble
 96 2014-09-17 14:43:02 <bsm117532> 
ACTION goes and pokes at his libraries, which are not what he thought they were.

 97 2014-09-17 14:43:16 <bsm117532> ;;avgprc
 98 2014-09-17 14:43:18 <gribble> (avgprc <currency> <timeframe>) -- Returns volume-weighted average price data from BitcoinCharts. <currency> is a three-letter currency code, <timeframe> is the time window for the average, and can be '24h', '7d', or '30d'.
 99 2014-09-17 14:43:29 <bsm117532> ;;avgprc BTC 24h
100 2014-09-17 14:43:29 <gribble> Error: Data not available. Available currencies are USD, IDR, ILS, GBP, DKK, CAD, MXN, RON, XRP, SEK, SGD, HKD, AUD, CHF, KRW, CNY, LTC, NZD, THB, EUR, SLL, ARS, NOK, RUB, INR, JPY, CZK, BRL, NMC, PLN, ZAR, and available timeframes are 24h, 7d, 30d.
101 2014-09-17 14:43:42 <bsm117532> ;;avgprc USD 24h
102 2014-09-17 14:43:42 <gribble> 462.73
103 2014-09-17 15:25:00 <skinnkavaj> hearn
104 2014-09-17 15:48:34 <coryfields> sipa: cool if i continue the work to get the core headers out of script? or you have more waiting to go in (other than #4890) ?
105 2014-09-17 16:10:51 <RJ2> anyone know of a client-side JS lib that can validate a wallet address? (checksum/whatever)
106 2014-09-17 16:11:46 <gmaxwell> sipa: that wasn't me, it was some imposter.
107 2014-09-17 16:32:44 <sipa> coryfields: jtimon had been working on that on than i did, but #4890 seemed like a neat thing that helped for that too
108 2014-09-17 16:34:56 <coryfields> ok
109 2014-09-17 18:10:56 <lifeofcray> #potatocoin now have a potatocoin tip bot
110 2014-09-17 18:11:15 <sipa> offtopic
111 2014-09-17 19:09:09 <aukaicue> what determines whether a rescan gets automatically run during bitcoin-qt start?  (with -rescan flag not being passed)
112 2014-09-17 19:10:34 <sipa> aukaicue: the wallet stores up to what point in the chain it is synchronized
113 2014-09-17 19:12:25 <aukaicue> sipa, im loading up older wallets, and Im noticing a case where a rescan is needed but its not automatically being run.
114 2014-09-17 19:13:02 <sipa> how old?
115 2014-09-17 19:13:24 <sipa> very old software did not correctly write this marker
116 2014-09-17 19:13:51 <aukaicue> not sure if this is normal behavior, or something to draw attention to. Im thinking it is caused by the wallet needing to be rebuilt, and then the app proceeding to load the new wallet without doing a rescan.
117 2014-09-17 19:14:50 <aukaicue> sipa, if its from an old version that doesnt have the market, wouldnt that be a case to trigger a rescan?
118 2014-09-17 19:15:07 <sipa> the market?
119 2014-09-17 19:15:18 <aukaicue> sorry, marker
120 2014-09-17 19:15:45 <sipa> there have been buggy versions that incorrectly wrote the marker
121 2014-09-17 19:19:34 <aukaicue> sipa, ok, thanks for helping me understand.
122 2014-09-17 19:37:46 <wallet42> anyone tried out toshi.io?
123 2014-09-17 19:47:45 <seangilligan> Hello
124 2014-09-17 19:50:55 <nullbyte> evening
125 2014-09-17 19:50:56 <seangilligan> I'm happy to see init scripts for upstart and systemd making their way into the repository
126 2014-09-17 19:50:57 <seangilligan> https://github.com/bitcoin/bitcoin/issues/4124
127 2014-09-17 19:51:13 <seangilligan> https://github.com/bitcoin/bitcoin/pull/4611
128 2014-09-17 19:51:59 <seangilligan> I've looked around a little and can't find anything very informative/definitive about efforts to create an Ubuntu (debian) package for bitcoind -- where should I go to look for information on this?
129 2014-09-17 19:52:28 <seangilligan> (There is an existing package in a PPA repo, but it doesn't have init scripts yet nor can I find the source to the package)
130 2014-09-17 19:53:33 <aukaicue> seangilligan, https://launchpad.net/~bitcoin/+archive/ubuntu/bitcoin
131 2014-09-17 19:55:15 <seangilligan> Thanks!
132 2014-09-17 19:56:05 <nullbyte> seangilligan, if you click through to view the package details, you'll be able to see they use a tarball of 0.9.2.1 to generate the package: https://launchpad.net/~bitcoin/+archive/ubuntu/bitcoin/+packages
133 2014-09-17 19:57:28 <seangilligan> Is there any known effort to update it with the upstart init scripts?
134 2014-09-17 20:04:19 <nullbyte> not sure, most probably not
135 2014-09-17 20:32:57 <seangilligan> Would it makes sense to create an Issue on Github for this?
136 2014-09-17 21:04:53 <nullbyte> Yes
137 2014-09-17 21:28:41 <Sapee> I have read about the attack to Bitcoin.org today, please try Cloudflare Pro plan (20$ monthly only)
138 2014-09-17 21:28:52 <Sapee> The actuall host has a ping of 170ms
139 2014-09-17 21:29:31 <Sapee> Cloudflare has stopped >300Gbps UDP attacks
140 2014-09-17 21:34:36 <gmaxwell> Sapee: There is no such attack. Traceroute... you're seeing some issue closer to your ISP.
141 2014-09-17 21:34:54 <gmaxwell> The internet is like that sometimes... intermediary links get clogged for unrelate reasons.
142 2014-09-17 21:35:23 <sipa> i can reach bitcoin.org with 29ms latency
143 2014-09-17 21:35:48 <michagogo> Minimum = 224ms, Maximum = 348ms, Average = 263ms
144 2014-09-17 21:36:05 <michagogo> It really depends on where you are
145 2014-09-17 21:37:12 <michagogo> Getting 150ms from a box in the uk, I think
146 2014-09-17 21:38:13 <yiffening> 13ms average here
147 2014-09-17 21:39:03 <l_l_l_l_l> if this channel was busier this could become a DDOS :P
148 2014-09-17 21:39:45 <kdomanski> funny, how often after DDoS on a Bitcoin site someone comes over and starts pitching Cloudflare
149 2014-09-17 21:40:29 <yiffening> but cloud!
150 2014-09-17 21:41:42 <gmaxwell> 'funny'
151 2014-09-17 21:49:07 <Sapee> Ah, i am not related with Cloudflare, I read this http://www.cryptocoinsnews.com/bitcoin-org-under-ddos-attack/
152 2014-09-17 21:49:31 <Sapee> I am a Bitcoin Core translator (Spanish), look in Transfinex
153 2014-09-17 21:49:55 <Sapee> Thanks for the time, thanks Gmaxwell and thanks Bitcoin
154 2014-09-17 22:10:55 <seangilligan> Thanks again, @aukaicue and @nullbyte
155 2014-09-17 22:11:16 <seangilligan> I created Issue #4935: https://github.com/bitcoin/bitcoin/issues/4935
156 2014-09-17 22:16:49 <droark> sipa: What's the maturity status of libsecp256k1? If I were to fold it into a project of mine, would I be crazy? :)
157 2014-09-17 22:17:13 <sipa> droark: i make no guarantees; use at your own risk
158 2014-09-17 22:18:35 <droark> Thanks, and understood. Was just curious where it's at since commits seem to have slowed down a bit.
159 2014-09-17 22:22:10 <Sapee> Cloudflare response to the SSL private key problem: "We're looking at a possible solution to this because we have had some corporations voice a similar concern (regulatory issues). Based on what I know at this point, however, it would be limited to domains on an Enterprise plan."
160 2014-09-17 22:23:32 <Azelphur> I have an idea for implementing a "Sign in with Bitcoin" type mechanism on websites, with integration into Bitcoin clients that utilises message signing, here's a rough draft of how it would work. http://pastebin.com/VLD0q8Cx does anyone have any feedback on that? :)
161 2014-09-17 22:46:16 <seangilligan> Azelphur, how does your idea compare to BitAuth? https://github.com/bitpay/bitauth
162 2014-09-17 22:46:41 <Azelphur> seangilligan: never seen it before, does it work like gribble?
163 2014-09-17 22:46:56 <seangilligan> I've never heard of gribble
164 2014-09-17 22:47:11 <seangilligan> And only read about BitAuth a little
165 2014-09-17 22:47:17 <seangilligan> But curious about the basic idea
166 2014-09-17 22:47:22 <Azelphur> seangilligan: does this store private keys in the browser, and then have the browser sign messages?
167 2014-09-17 22:48:17 <seangilligan> I think it's intended for web services
168 2014-09-17 22:48:20 <Azelphur> looks like it does
169 2014-09-17 22:48:29 <seangilligan> But if they're being used in the browser, yes
170 2014-09-17 22:48:41 <Azelphur> seangilligan: mine is slightly different then, this has the private key in the browser, which is an interesting approach
171 2014-09-17 22:48:56 <Azelphur> my way would actually request a message be signed by whatever wallet you have installed (eg electrum, bitcoin-qt)
172 2014-09-17 22:50:10 <seangilligan> Your method has some advantages
173 2014-09-17 22:50:24 <Azelphur> maybe so, I just found this actually, it seems to have been discussed at length a while ago, http://sourceforge.net/p/bitcoin/mailman/message/29076261/
174 2014-09-17 22:51:21 <Azelphur> just seems to have never been implemented