--- Log opened Wed Apr 24 00:00:01 2013 --- Log opened Wed Apr 24 10:04:23 2013 19:11 < amiller> i've been working on a couple new thoughts 19:11 < amiller> about incentive modeling 19:11 < amiller> i think the coinbase maturity time is hamrful 19:11 < amiller> i'll explain why 19:11 < amiller> lets say for now my model is some mix of attacker / honest / rational miners 19:12 < amiller> where all of the miners have to pay their mining costs, and the key thing about the rational ones is that they have to earn at least enough profit to pay off their costs otherwise they don't participate 19:13 < amiller> what we want, and what seems to generally be the case, is that it's rational to act like the honest nodes, in other words building on the longest valid chain you know about 19:14 < amiller> and basically the reason why that's rational is because if you mine on any smaller chain, it's more likely that someone else will extend the other block rather than yours so it will be wasted 19:14 < amiller> this breaks down under some conditions. 19:14 < amiller> the particular scenario i want to focus on is when there is an enormous anomalous fee paid in a single block 19:15 < amiller> think of a million dollar transaction fee 19:15 < amiller> suppose someone mines that block and claims that whole fee 19:16 < amiller> you have a choice of either trying to mine your own block and claim the fee for yourself or building top of that other guy's claim 19:18 < amiller> if you assume everyone else is honest, then you stand a lot more to gain by working on your own block 19:18 < amiller> that means it is not a nash equilibrium to work on someone else's block. 19:18 < amiller> ok so 19:19 < amiller> on the other extreme, you have to consider that even if you succeed at mining the block, it's possible other people won't extend yours anyway 19:19 < amiller> so! 19:20 < amiller> what's the optimal behavior/ 19:20 < amiller> you try to mine on the other block 19:20 < amiller> but if you succeed 19:20 < amiller> you take only a tiny bit of the fee for yourself! 19:20 < amiller> you broadcast a new transaction that puts most of the enormous fee back into the mempool! 19:21 < realazthat> hehe 19:21 < realazthat> or, 19:21 < amiller> now everyone would be fighting over that block more than yours 19:21 < amiller> so the nash equilibrium is when you take exactly what the cost of the work is 19:22 < amiller> because that's when no one has any incentive to remove your work for only a marginally higher rewards 19:22 < realazthat> you "make a deal" with a bunch of mining coops to fork at that very block, giving rogues a chance at that fee 19:22 < realazthat> or is that one of your suggestions 19:22 < realazthat> mm nvm 19:22 < realazthat> I think its the same thing 19:23 < amiller> now notice how the coinbase maturity prevents the nash equilibrium strategy from being reached 19:24 < amiller> because the only way someone could create that offshoot transaction to keep progress going forward 19:24 < amiller> is if you have unbounded budget in reserve 19:24 < amiller> because you can't use your coinbase transaction that earns the huge fee to create a transaction for them to include in the next block 19:25 < amiller> therefore the coinbase maturity actually *encourages* anti-consensus behavior 19:25 < amiller> it makes it impossible to take anything less than the whole damn rfee 19:25 < amiller> thus greatly increasing the value in quibbling over a big fee 20:20 <@gmaxwell> amiller: for some time I've wished that half the fee paid out in this block, and half of the rest paid out in the next block and so on. 20:21 <@gmaxwell> amiller: but this creates incentives to pay fees externally. 20:21 < amiller> i think my solution is great 20:21 < amiller> it means it's an auction 20:21 < amiller> you should take as much of the fee for yourself as you can except to the extent it makes it more likely for someone else just to outmine you 20:21 < amiller> actually i can be a litlte more specific than that 20:22 < amiller> nvm no i can't 20:25 <@gmaxwell> amiller: I don't think that actually matters, you'd just force people to pay you out of band instead of via direct fees. 20:26 < amiller> gmaxwell, i don't see what you mean 20:27 <@gmaxwell> amiller: the equlibrium state is that there are no fees in transactions at all, and people are just paying miners via some other means. 20:29 < amiller> i don't see why that's an equilibrium either 20:30 < sipa> i think the equilibrium state is that people who care about security, run a miner themself 20:30 < sipa> to get their own transactions mined 20:31 < amiller> i don't see how that helps security either 20:32 < amiller> anyway there's at least two different types of roles here, the miners and the users, and for the sake of the discussion i originally meant to hold the users constant 20:32 < amiller> where they pay whatever the fees are worth and the only way to do it is via transaction fee 20:33 < amiller> i don't understand how the ability to pay people out of band changes it or why that's cheaper/preferable 20:33 < amiller> or why mining your own transactions helps anything 20:36 < sipa> 'equilibrium' != 'helps' 20:37 < sipa> (but i'm not very knowledgeable about this, so if you don't agree, assume i'm wrong) 20:40 <@gmaxwell> amiller: because in my example there are no 'fees', and so incentive to orphan transactions. 20:42 < amiller> gmaxwell, i don't understand how this side payment mechanism works, so i don't really understand what you mean 20:43 <@gmaxwell> amiller: E.g. you send me shares and I pay you with regular bitcoin transactions just for virtue of trying to mine my transaction. 20:44 < amiller> and that's more cost effective than attaching a fee to a transaction 20:44 <@gmaxwell> it removes any orphaning incentive. 20:47 < amiller> sorry what's an orphaning incentive 20:48 < amiller> the only reason to pay tx fees is to be included in the next block as opposed to some later block right 20:55 <@gmaxwell> 16:14 < amiller> this breaks down under some conditions. 20:55 <@gmaxwell> 16:14 < amiller> the particular scenario i want to focus on is when there is an enormous anomalous fee paid in a single block 20:55 <@gmaxwell> 16:15 < amiller> think of a million dollar transaction fee 20:55 <@gmaxwell> 16:15 < amiller> suppose someone mines that block and claims that whole fee 20:55 <@gmaxwell> 16:16 < amiller> you have a choice of either trying to mine your own block and claim the fee for yourself or building top of that other guy's claim 20:55 < amiller> oh i see 20:57 <@gmaxwell> also on that subject petertodd has suggested that all users should nlocktime their transaction at the earliest height they think they could be reasonably mined at... so the chain must move forward to gobble up those fees. 20:57 < amiller> so my solution is for the miner who mines to put the rest back as a fee for the next miner to take 20:57 < petertodd> keep in mind, the worst case scenario only happens with optimal miners who have actually implemented code to do all this magic stuff. If you make it nearly always not worthwhile that code won't exist. 20:58 <@gmaxwell> I also have a related proposal, which needs a new transaction format, that I call checkpoint-transactions where users specify checkpoints in their transactions and the fees can only be recovered (completely?) in chains where the checkpoint matches. 20:58 < amiller> petertodd, fair enough but i think that's not interesting and/or not a reason to try to understand the behavior of optimal miners better 20:59 <@gmaxwell> amiller: I don't think your solution is stable. There will just be an incentive to reduce that fee via whatever other means are available. External fees, promoting locked/checkpointed txn/ etc. 20:59 < amiller> so you are saying that i acn do it cheaper 20:59 < amiller> by paying someone out of band 21:00 <@gmaxwell> I think so. 21:00 < petertodd> amiller: sure, and this is -wizards, but remember there is value in fixing the problem for 95% of the cases 21:00 < amiller> i don't see why that's any chaeper or more effective than broadcasting the remainder as af ee 21:01 <@gmaxwell> amiller: because unless the fee you take is zero there still exists some orphaning incentive. 21:01 <@gmaxwell> and unless the fee you give away is zero there is some incentive to take fee move to another way. 21:01 < amiller> i think the optimal amount to take is exactly the fair cost of the work 21:02 < amiller> like that would an equilibrium point because anyone else would be indifferent to mine above or below you 21:02 < amiller> which would be good, like it would be good if such a stable equilibrium existed 21:02 <@gmaxwell> But I want moar. and I can get moar if I just arrange to pay in a way other than fees. 21:03 < amiller> what other ways are there and how do i include them in this model so i can argue about under what conditions they're cheaper 21:03 < amiller> pay per shares? 21:03 < amiller> i just claimed that the equilibrium is taking eactly the cost of thew ork 21:03 < amiller> meaning exactly the same as what it would take to purchase mining shares 21:04 < amiller> so those are the same equilibriums 21:04 <@gmaxwell> I'm not talking about purchasing mining shares. 21:04 <@gmaxwell> okay, we're not communicating and I have work to do. 21:06 < amiller> "you send me shares and I pay you with regular bitcoin transactions" 21:07 < amiller> that's why i assumed that's what you were talking about 21:10 <@gmaxwell> amiller: Ah, I see how I wasn't clear. I mean that I pay you for proof that you're attempting to work on my transactions, I dont give a hoot for the rest of the block, I'm not paying you for that, just the fees for mine. 21:10 <@gmaxwell> I'm not running the mining infrastructure or anything else. 21:10 <@gmaxwell> you could do the same work and send proof to hundreds of parties. 21:13 < amiller> ok well i still don't see why that would be a cheaper way to get mining power to work on your transactions 21:13 < amiller> i have to afk a bit so i'll try to work out what you might mean and you can work :o 21:34 <@gmaxwell> amiller: it's cheaper simply because the parties you pay don't have to give any of it away to avoid the risk of being orphaned to steal it. 22:31 < amiller> ah ok so yeah my premise that this begins with someone paying extraordinary fees is silly because there's no good reason for anyone to pay such a fee 22:33 < petertodd> amiller: fidelity bonds 22:33 < amiller> oh yeah hm 22:33 < petertodd> amiller: although if the fidelity bond fee is high enough to create weird incentives, it's not working correct 22:34 < amiller> if there was a time that there were more rational miners that were prepared to take advantage of opportunities like that 22:34 <@gmaxwell> you can make the fidelity bond into a transaction chain easily enough. 22:34 < amiller> then i think it would be better to remove the coinbase maturity limit 22:34 < amiller> i think i don't understand what it's there for anyway 22:35 < petertodd> gmaxwell: yeah, my protocol is designed to make that easy 22:35 <@gmaxwell> It prevents a reorg for making honest people into thieves. 22:35 < petertodd> gmaxwell: in part for that reason 22:36 < petertodd> yup, like imagine no maturity, someone spreads a coinbase tx to hundreds of people, and then it gets reorged 22:36 < petertodd> even on a technical level that's ugly 22:36 <@gmaxwell> It also reduces the boom-and-bust incentive— where you get a bunch of hashpower to majority attack the chain for a bit then quickly sell the coin before anyone notices you've been attacking. Though I think this is just a side benefit. 22:37 < amiller> i don't see how that is unique to coinbase as opposed to any other transaction 22:37 < petertodd> amiller: any other transaction can be put in another block 22:38 < petertodd> (modulo tx mutability) 22:40 < amiller> i see, so it's like a double spend, except a) it's easier to pull off because it will definitely work because it can't be spent in another block (that's the important part) and b) the attacker doesn't get his coins back 22:41 < amiller> that doesn't seem compelling to me because it's still caveat emptor as far as waiting for 6 blocks before believe you own the coin 22:41 < petertodd> yeah, that's one way of looking at it. I mean the main thing is just that it creates horridly ugly accounting problems 22:41 < petertodd> I doubt satoshi thought too hard about nash equilibriums for weirdly high fees - heck, I found an email from him dated nov 2008 where he wasn't even sure if bitcoin would have tx fees at all 22:42 < amiller> (tbh it's not really that i'm so concerned with high tx fees but i'm trying to get a good grasp of this and it's a toehold, and i have so few others!) 22:43 < petertodd> it'd be good to understand it better before people start making crazy fidelity bond sacrifices... 22:48 < amiller> it's possible that a weird high-tx fee attempt could make a double-spend attack cheaper 22:49 < amiller> my new fantasy prediction is that a stylized "rational mining pool" will eventually become predominate and shortly nearly everyone else will follow 22:50 < amiller> you know, that and the 'auto-double spend' feature gets built into every client so that in the case of a huge fork, no one wants to be the guy with the hot potato that gives up a windfall to the scumbag after you who has it enabled 22:51 < petertodd> heh, you'd like my mempool rewrite... 22:52 < amiller> i'm afraid i'm going to dislike it only because it will make this network-mapping project i'm about to try not work so well 22:52 < petertodd> lol, what's this project? 22:52 < amiller> i want to probe the network to see which peers are actually connected with sockets 22:52 < amiller> the simple case is i want to see if node A and node B share a connection 22:53 < petertodd> ah, I better develop some alt-p2p info distribution systems quick... 22:53 < amiller> i create two conflicting txs Tx0 and Tx1, I send Tx0 to both A and B, and simultaneously send Tx1 to everyone else i can connect to 22:53 < petertodd> interesting 22:53 < amiller> now A and B are logically isolated from everyone else 22:53 < amiller> I can send Tx0' to A and see if B relays it 22:53 < amiller> if so, i know they're connected, or at most they're connected via a dark pool dude 22:54 < amiller> because no one else will relay Tx0' because it conflicts with Tx0 22:54 < amiller> this can be improved in pretty straightforward ways to do a lot of mapping in fewer passes 22:54 < petertodd> and you can use that to trace back connections to individual mining pool nodes 22:54 < amiller> it breaks if people relay conflicting transactions or use different rules for mempool 22:55 < petertodd> yeah, replace-by-fee isn't a problem, but the totally different mempool behavior could be 22:55 < petertodd> still, just pay a reasonably high fee to get high priority, and make the profitability equal for both txs 22:55 < amiller> yeah 22:55 < amiller> well lmk if you start to propose something that would braek this 22:56 < amiller> because i think it's probably better for everyone if they obscure their connections but it would defeat my attempt at glory 22:56 < amiller> also petertodd tell me what you think of this 22:56 < amiller> a major thing that is lacking is the ability to get realtime measurements of mining power 22:56 < amiller> this would be solved if mining pools would release some of their shares, as realtime streams of proof of work 22:56 < petertodd> heh, I think you are a bad person, incapable of love, for trying to defeat anonymity, but at the same time, I'd much, much rather see you do it, so you should do this 22:57 < petertodd> well, just ask them nicely... 22:57 < amiller> well asking them is one thing 22:57 < amiller> but i'd rather everyone demand it because they acknowledge its better for the network to do so 22:57 < amiller> anyone who's doing mining should be able to produce concise summaries of their work 22:57 < amiller> just a sample of their shares, like their nearest misses 22:58 < amiller> i could measure p2pool this way of course 22:58 < amiller> but "ethical" pools like slush or btcguild or whatever should adopt this too because it would make it easier to respond to changes 22:58 < amiller> for example during the 0.7/0.8 fork it would make it easier/quicker to estimate just how much of the hashpower has switched behaviors or something 22:58 < petertodd> sounds like central authority... 22:59 < amiller> no it's inherently distributed 22:59 < petertodd> if you need that information, I think it'd be better to ask how can you *not* need it 22:59 < amiller> do you grok what i mean by concise samples of proof of work 22:59 < amiller> oh i see what you mean 23:00 < amiller> the realtime information could be used to amplify movements like that? 23:00 < petertodd> see, I think we're better off accempting that in the short term mining is this crazy random process, and you just have to wait until consensus emerges 23:00 < petertodd> systems designed for that assumption are far more robust when something goes wrong 23:00 < amiller> eh well i'm intrigued in either case.... in that case the point to make is that this is possible 23:01 < amiller> it's easy to provide a high resolution realtime _lower-bound_ for proof of work 23:01 < amiller> whether it's good or bad to do so... i don't now 23:01 < petertodd> well keep in mind that the fast internet connections we take for granted between nodes may not always be possible 23:02 < petertodd> bitcoin users may be forced to tor, and worse, tor can certainely get more unreliable/need totally different alternatives 23:02 < amiller> yeah no kidding. 23:02 < amiller> to be clear i live in fantazy wizard land where about half the bitcoin mining power is on mars 23:03 < petertodd> I guess part of your fantasy is FTL comms... :P 23:03 < amiller> no i'm hard sci-fi, special relativity is the crucial limitation that makes things weird 23:04 < amiller> and ascii bernanke was put in the blockchain as a warning against relying on mysterious leaders correctly setting global parameters... 23:04 < amiller> anyway yeah the normal block rate determines like the maximum coarseness bound for proof of work samples 23:04 < petertodd> heh, well, so mars has a second chain I hope? 23:04 < amiller> hehehe well since you asked... 23:05 < amiller> mars and earth participate in a largest global coin that is shared between them 23:05 < amiller> but pretty much most of the volumes of their economies are conducted on smaller planet-localized chains 23:05 < petertodd> amiller: https://bitcointalk.org/index.php?topic=158756.msg1786069#msg1786069 (bottom) 23:05 < amiller> that run so much faster that it's hard for people on mars to get much profit from running on the earth local chain 23:06 < amiller> people tend to shift more of their mining power to the earth-mars joint chain when mars's orbit brings it closer to earth 23:06 < petertodd> LOL! 23:06 < amiller> and of course when it's solar eclipsed they might as well be isolated 23:06 < amiller> also sometimes a colony gets knocked out of orbit and no one knows whether we'll ever hear from them again 23:06 < amiller> in that case their chains diverge 23:07 < amiller> if they sometimes come back, eitehr there is a remarkably painful reorg process or they just agree to have separate histories 23:07 < amiller> s/sometimes/somehow 23:07 < petertodd> we're gonna need #bitcoin-scifi at this rate 23:07 < petertodd> and #bitcoin-steampunk 23:09 < amiller> i think blockchains will follow the 4 F's of evolutionary biology 23:09 < petertodd> ? 23:09 < amiller> feed, fight, flee, and mate 23:09 < petertodd> ah 'mate' 23:10 < amiller> i meant fuck 23:10 < petertodd> don't tell me you've been working on making merkle AST's have sex 23:13 < BlueMatt> petertodd: sadly, thats a fairly easy process.... 23:13 < BlueMatt> well, mate maybe, sex not so much 23:13 < amiller> i think bitcoiners need simultaneously more imagination and more formal modeling, we've seen absolutely nothing yet as far as 'bitcoins final form' or w/e goes 23:13 < amiller> the value of the fantasies is when it puts theoretical limits / invariants in focus 23:14 < petertodd> changing bitcoin is so difficult Bitcoin may well be in it's final form... 23:14 < amiller> or to put it another way, bitcoin is an intergalactically brilliant idea :D 23:14 < amiller> i couldn't possibly disagree more 23:15 < amiller> the whole 21million coins thing is like a teenager getting a tattoo of his first girlfriend on his forehead 23:15 * BlueMatt picks the middle 23:15 < amiller> i guess i menat first girlfriend's name but w/e 23:15 < BlueMatt> actually, limited supply (pick your number, doesnt matter) is quite a brilliant solution 23:16 < BlueMatt> imnsho 23:16 < amiller> the BTC is limited, but the alternate cryptocurrencies with identical design are ridiculously abundant 23:16 < BlueMatt> and do you see them with long-term adoption? 23:17 < amiller> i see them as growing to the point that they threaten and reveal the emperor's nakedness of bitcoin's scarcity 23:17 < petertodd> cryptocurrencies have ridiculous first mover advantage issues 23:18 < amiller> how plausible is it that there will eventually be a consensus among 'newcomers' to dismiss that first mover advantage 23:18 < amiller> class of 2013 rules!@!! 23:18 < BlueMatt> let me rephrase, do you see bitcoin having gotten the kind of adoption it has (and thus providing more for the altcoins) without it? 23:19 < amiller> i think it was a good choice for the time 23:19 < amiller> everything else about bitcoin is so foreign and unexpected that making it like 'gold' which everyone has a shared understanding about helps. 23:19 < amiller> also i don't think this is a bad thing because i think bitcoin will happily gobble up new technology/ideas as they catch on 23:19 < amiller> as long as the first mover advantage is respected 23:20 < amiller> their value can always be grandfathered in 23:21 < amiller> i don't think bitcoins' current financial model comes even close to resembling what will come shortly after though 23:21 < amiller> ripple trust is more scarce than cryptogold 23:24 < amiller> ripple trust is also the only financial model with any sound theoretical footing, e.g. http://www.econ.wisc.edu/workshop/trust_and_social_collateral.pdf 23:27 < amiller> or to put it another way, _where we're going, we don't need gold_ 23:29 < amiller> on the other hand we definitely _will_ still need a magic irreversible ledger in the sky 23:33 <@gmaxwell> amiller: nah, I think ripple is unlikely to survive. You'll at a minimum need to get a new name for it. 23:34 < amiller> yeah mb i meant "credit network trust" 23:34 < amiller> or social collateral 23:34 < amiller> social collateral is what i meant 23:34 <@gmaxwell> (as an aside ... forum users are now getting flooded with offers of $20-$30 for their accounts, because people want in on the XRP goldrush.) 23:34 < petertodd> gmaxwell: still?! 23:35 <@gmaxwell> I haven't checked where it is now, but the complaints from users only started about a week ago. 23:35 <@gmaxwell> but they might be about older messages. 23:35 < petertodd> well, regardless that's just silly 23:35 < amiller> i'm so pissed at ripple and ryan fugger selling out the trademark to idiots i can't see straight 23:36 < amiller> and yet i'm also glad they're doing so much work on their api and interface 23:36 < petertodd> yeah, it's a very nice name, hard to come up with good names 23:36 <@gmaxwell> perhaps I'll suggest to theymos that he make 100 old accounts appear out of SQL INSERT magic and go cash in. :P 23:36 < amiller> petertodd, beyond that it has like 10+ years of heritage 23:36 < petertodd> amiller: yup 23:36 < petertodd> amiller: the sort of heritage where it would have been totally ok to use the ripple name for even a few implementations 23:37 < petertodd> and actually get it right 23:37 < amiller> ripple.com has a shitty new video out that includes the phrase "80% is the threshold for mathematical certainty" 23:37 < amiller> i'm so mad and yet maybe it will be net positive, the work they're doing 23:37 < petertodd> oh dear 23:37 < amiller> i can actually withdraw bitcoins 23:37 < amiller> against my social trust lines. 23:38 < petertodd> honestly, ripple to me smells of engineers not getting how complex social trust relationships are 23:38 < amiller> via bitstamp the first operating "gateway" (where gateway means illegally operating msb) 23:38 < amiller> see the social trust part is the part that works. 23:38 < petertodd> although, I do want to see the fincen guidance on ripple, that could be hilarious 23:38 < amiller> they got all of that right 23:38 < amiller> the part that looks craziest and awfulest about them i think is actually the part that's fine. 23:39 < petertodd> heck no, the social trust bit is where it falls falt on its face because it's too complex and time consuming 23:39 < amiller> i couldn't disagree more 23:39 < petertodd> can it work? sure, but it's a lot of work 23:39 < petertodd> it's why I see ripple as making sense b2b, not p2p 23:39 < amiller> what they fail at is not understanding anything about byzantine/decentralized consensus 23:39 < amiller> not b2b 23:39 <@gmaxwell> amiller: yea, thats the annoying part to me, people are obsessing over the ripple-ish parts and ignoring the sketchy XRP stuff, the decenteralized part, etc. 23:39 < amiller> b2b is inherently about government regulation 23:39 < amiller> p2p also maybe is too much work 23:40 < amiller> what else would you call it c2c? community to community? tiny faction to tiny faction? 23:40 < petertodd> no, business to business just means betwen entities big enough that accounting is an accepted activity 23:40 <@gmaxwell> unfortunately the regulatory enviroment will make us P2P some stuff that really ought not to be P2P. 23:40 < petertodd> which if they're smart will be their goal... 23:41 < amiller> petertodd, you should read a little about the theory of self enforcing contracts and credit networks 23:41 < petertodd> man I gotta make some computational oracles happen 23:41 <@gmaxwell> And there is even some indicators that some regulatory bodies are actually willing to go "p2p? oh. Well we give up" — note fincen offering guidence which is different for decenteralized and non-decenteralized cryptocurrency! blew my mind. 23:41 < petertodd> amiller: that's my whole point, the fact that you need to read anything is why it's a bad idea for person to person 23:41 < amiller> gmaxwell, yeah omg! 23:41 < amiller> i shat myself when fincen provided a "definition" for "decentralized currency" 23:42 < petertodd> I'm not going to believe for a second the initial guidance actually means anything 23:42 <@gmaxwell> I think that the decenteralization actually takes away some of the distractions that makes regulatory meddling seem more justified. 23:42 < amiller> i think it's justified 23:42 < amiller> the thing is businesses benefit from this social awareness that all businesses are safe because they're regulated 23:42 <@gmaxwell> E.g. for a centeralized system you can point at all these RISKS that the regulations stop, ... and that there are reasons that the regulation is inexpensive. 23:42 < amiller> it's like a license to cater to stupid consumers 23:43 < amiller> decentralized means you're really on your own and don't expect a court to sort out your problems 23:43 < petertodd> depends on the model, the silk road benifits from the awareness that it isn't and isn't going to get shutdown on a whim 23:43 <@gmaxwell> petertodd: It means something, not in and of itself, but it means that people we might have expected to do otherwise didn't. 23:43 < amiller> ripple.com seems to be advocating the worst of all possible worlds 23:43 < petertodd> gmaxwell: FinCEN trying to fight bitcoin head on, and early, would have been *better* imo. 23:43 < amiller> by recommending that you join the system by "HIRING" a gateway "BUSINESS" to "trust" you 23:44 <@gmaxwell> amiller: in general this plays into the thinking I've been having lately about how our systems should try to minimize the best case and the worst case, regardless of their average case. 23:44 <@gmaxwell> E.g. if we can't prevent an attack almost completely—— we should make it trivial and automatic. No surprises. 23:44 < amiller> where you trust in the gateway is predicated on their contracts being enforceable by STATE LAWS which by the way no one expects to pay for because w/e 23:44 < amiller> gmaxwell, yeah better encourage the smaller attacks to happen right away 23:44 < amiller> fail fast fail early fail often? 23:44 < amiller> fail small 23:44 < petertodd> gmaxwell: indeed that's actually a big failing of the idea of fidelity bonded banking running on secure hardware you know 23:45 < petertodd> gmaxwell: fidelity bonds are going to be very, very, very tricky to get right, and the hardware lets you punt an issue that you probably shouldn't 23:45 < amiller> social collateral isn't free 23:45 <@gmaxwell> Not just right now— but it's a line of thinking about how people relate to each other. I think there is evidence that people can prosper under many kinds of system for making agreements— but whats important is that you can know what you're actually buying into. 23:45 < amiller> the fact that it seems scary and unusual to make formal relationships with friends where relationships can get hurt and damaged... that fear / discomfort you feel is how you know it's working 23:46 < petertodd> The rate of huge hacks hasn't changed much, yet the community seems to panic less on each one... 23:46 <@gmaxwell> E.g. if a kind of transaction is only 90% safe, I think people are better off if it's 0% safe. Because the 10% oh-fuck-I-got-ripped-off is 110% of the cost of it being completely unsafe. 23:47 <@gmaxwell> I boggle at the hash, ozcoin has been throughly hacked three times now. Slush 2.5 times. I don't see any evidence of either changing their business practices or the users really caring much. 23:48 < petertodd> but what exactly have their users lost anyway? 23:48 < petertodd> specifically, how much compared to the profits? 23:48 <@gmaxwell> In the case of ozcoin people are actually out money now. But indeed "easy come, easy go" 23:48 <@gmaxwell> I think the ops don't care much because they're mostly gambling with other people's money and what money of their own they lose was too easily won, and perhaps that applies to the users too. 23:49 < petertodd> no-one is getting sued for being a negligent op 23:49 < amiller> something that's funny to me is just how little of the ecommerce problem that bitcoin solves 23:49 < amiller> the silk road is a perfect example 23:49 < petertodd> which is sad when better software, multisig, multiple implementations etc. can make attacks orders of magnitude harder 23:50 < petertodd> what do you see as flawed in the silk road? 23:50 < amiller> it's a centralized script kiddie php/mysql database 23:50 <@gmaxwell> Seems like zero interest. The only pool security innovation that I'm aware of is eligius' coinbase payments, which were not created for security purposes initally (Luke's goal was to avoid running afoul of regulations by not handling third parties money) 23:50 < amiller> its' the weak link in a chain of two properly (sorta) decentralized miracle systems 23:50 < petertodd> amiller: with a damn good record in practice, and the central wallet is essential to privacy 23:51 <@gmaxwell> Well, I think SR does okay considering that people with high competence have many reasons to avoid it. 23:51 < amiller> essential - no.... damn good record... sure, and of course it gets first mover advantage and a ton of novelty 23:51 <@gmaxwell> petertodd: they have managed to disclose their IP .. twice. 23:51 < amiller> there's no better alternative i guess 23:51 < amiller> also bitcoin-otc is awesome and yet decentralized 23:51 < petertodd> gmaxwell: are you sure they actually disclosed their IP? with sites like that misdirect is good 23:51 < amiller> i want to see the real black market in my lifetime!!! 23:51 <@gmaxwell> well lemon market in any case. 23:52 < petertodd> silk road and it's ilk have the unique problem where competitors might be LEA honeypots 23:52 < amiller> ripple/^H^H^H^ excuse me social collateral solves a much larger problem than just bitcoin too 23:52 <@gmaxwell> petertodd: it's possible but I think pretty unlikely that it was a misdirection. (in particular, in one case the site was also accepting connections from the public internet ... and based on latency... it wasn't just a tor gateway to it) 23:52 < amiller> the quantities you formally transact with don't just have to be about currency trades it can be about shipments etc 23:53 < petertodd> amiller: thinking social collateral solves problems usually discounts the very real cost of thinking about social collateral 23:53 < amiller> thus it generalizes bitcoin, bitcoin-otc, and yes the silk road 23:53 < amiller> shit changes yo 23:53 < amiller> i thought i'd never see an irc room full of people checking each other's gpg keys 23:53 < amiller> gmaxwell informed me at one point that they still get scmamed constantly on bitcoin-otc because of... well not checking each others gpg keys 23:54 < petertodd> gmaxwell: absent evidence that they've actually been caught it may not mean much. Anyway, their IP is just as likely a VPS under a fake name. 23:54 < amiller> so maybe i have rose colored or purple-green trippy glasses or w/e but still 23:54 < petertodd> amiller: bitcoin-otc has a central database with no way to avoid trusting it - ugly 23:54 < petertodd> amiller: it's a nice hack, but it's so far from a good solution 23:54 <@gmaxwell> nanotube wants to fix the database issue, there is a whole irc channel for people nattering about that. 23:55 < amiller> totally that's why the future-bitcoin-that's-not-just-silly-gold will be largely about maintaining a decentralized reputation ledger! 23:55 < petertodd> good, -otc needs to be passing around actual bits of signed data, which sadly probably means a pile of custom software 23:55 < amiller> that's the sort of thing we should be figuring out how to encode in some kind of scripting language and figure out how to pay for with fees that make sense 23:55 <@gmaxwell> The data in that database is pairwise in any case, the way I recommend people use it is that they use it as a directory to find people they know that know the potential trader. 23:55 <@gmaxwell> so all the database could really do is DOS. 23:55 < amiller> the point is people are using it - it's a proof of concept that the social / too-hard-to-think-about problems can be overcome 23:56 < amiller> there's interest, people adapt 23:56 < petertodd> yes, which really gets down to how -otc is more about just bringing people together in a chat room, the ratings system isn't as important as you'd think 23:56 <@gmaxwell> The ratings system actually turns out to be .. well more useful than I expected and I am generally a dyed-in-the-wool reputation system hater. 23:57 <@gmaxwell> Though I guess that also means my expectations were low. :) 23:57 < amiller> the magic-database-in-the-sky is the revolutionary new technology of the decade :3 23:57 < petertodd> well, I've used -otc mainly to co-ordinate local trades, so there's a lot more going on than some PGP-based rating there 23:58 < amiller> i gave a guy a 2 when i should have given him a -1 23:58 < amiller> i feel really bad about it 23:58 <@gmaxwell> 0_o 23:59 <@gmaxwell> I'm pretty stingy with ratings, also the rating system has been good for me to consider my operational practices. E.g. I realized there were people that I was not willing to rate highly but I'd run code from them they'd given to me without auditing it. (and vice versa) --- Log closed Thu Apr 25 00:00:11 2013