--- Log opened Sat Nov 30 00:00:20 2013
05:12 < gmaxwell> erp. So either someone has a secret ltc asic farm, or LTC mining is consuming .5x - 2.5x the electrical energy of Bitcoin mining.
05:13 < gmaxwell> (range due to the huge spread of bitcoin asic efficiencies and me not knowing what the builk of the hashrate is)
06:09 < Ryan52> gmaxwell: interesting! I heard from somebody, who is way less technical, that all attempts at ASICs for that, were at laughable hashrates currently.
08:00 < Luke-Jr> gmaxwell: I'd suspect the former
08:51 < Emcy> i still dont know what ltc actual utility is
08:51 < Emcy> it might have had a reasonable one, it it had managed to stay an x86 coin given the momentum of that architecture
08:53 < _ingsoc> People don't want to be locked into a monoculture.
08:54 < Emcy> what does that actually mean
08:54 < _ingsoc> We could argue about the technical justification for something all day. Fact of the matter is, if it can be forked, it will be forked.
08:55 < _ingsoc> If Bitcoin is the only crypto-currency with any swing, we're screwed.
08:55 < wumpus> it's useful for experimentation
08:56 < _ingsoc> If Bitcoin is supposed to be our God, then you might as well just worship the dollar. Push out as many crypto-currencies as technically possible and let the market decide - that's one form of reasoning.
08:56 < _ingsoc> But then markets aren't always "right".
08:56 < Emcy> i dont think  ltc does much experimentation, it jsut seems to be a place to go for people who are asspained about not buying btc when it was $10, and who have gpu farms that are now useless for btc
08:57 < Emcy> do you know how many ltc pump threads are on /g/ these days
08:57 < _ingsoc> Rectal pain is the most powerful force in capitalism.
08:57 < _ingsoc> It literally fuels innovation.
08:57 < wumpus> I mean, if people want to find out for themselves why a block per 10 seconds is a bad idea, let them
08:58 < _ingsoc> Sure.
08:59 < _ingsoc> Dare to experiment!
08:59 < _ingsoc> With real-world data.
08:59 < Emcy> so is 2.5m
08:59 < Emcy> it doesnt really add anything apart from giving people fuzzies when they dont understand how confirmations work
09:00 < _ingsoc> How do you know you know?
09:00 < Emcy> eh?
09:00 < _ingsoc> How do you know you know how it works?
09:01 < Emcy> um
09:01 < Emcy> osmosis from my intellectual superiors?
09:01 < _ingsoc> Well that's a tyranny!
09:02 < Emcy> ive been meaning to ask if a block that took 20 minutes is statistically more secure than one that took 2, actually
09:02 < Emcy> btc block that is, or in the same chain atleast
09:04 < Emcy> _ingsoc i dont beleive everything i read, but theres only so much critical thought one is qualified of doing on a subject. There will always be knowledge brokers in this world.
09:05 < Emcy> we all have people we generally trust to be talking sense, the trick is to watch out for the ones trying to feed you bilge for one reason or another
09:07 < _ingsoc> I agree. I just don't want to crap on things all day.
09:07 < _ingsoc> The LTC devs aren't stupid.
09:08 < Emcy> whos crapping on anything?
09:08 < Emcy> i dont begrudge litecoins existence or anything
09:08 < Luke-Jr> _ingsoc: LTC provides nothing beyond Bitcoi
09:08 < Luke-Jr> at all
09:09 < _ingsoc> I completely understand why you feel that way.
09:09 < _ingsoc> Someone obviously thought it was interesting enough to explore to do it.
09:09 < _ingsoc> And I respect that decision.
09:10 < Emcy> Luke-Jr do you think a super secret ltc asic farm is really likely at this point?
09:10 < Luke-Jr> or FPGA at least
09:11 < Emcy> yeah i never understood why it would be so hard to join a cpouple of gb of dram to an fpga on a board
09:11 < Luke-Jr> LTC scrypt doesn't really even need RAM
09:11 < Emcy> gfx cards are up to like 12gb now
09:12 < Emcy> just for me, it spoke volumes when the first ltc gpu miner came out and the scrypt WASNT tweaked via community consensus to stop it
09:13 < Emcy> i mean if it was billed as something to do with your bitcoin gpus then fine
09:13 < Emcy> makes me wonder if bitcoin could ever break one of its core and fundamental promises and get away with it
09:14 < Luke-Jr> probably by that time people had accepted the fact that CPU-only is a bad thing
09:14 < Emcy> i think the answer would be yes as long as everyone was still getting paper rich
09:14 < Luke-Jr> Emcy: not likely
09:14 < Luke-Jr> Bitcoin isn't Litecoin
09:14 < Luke-Jr> Litecoin is just a get-rich-quick scheme
09:15 < Luke-Jr> while there's no doubt GRQers using Bitcoin, there's a lot more non-GRQ too
09:15 < Emcy> if they accepted the loss of cpu mining then why the fuck are they even there? I feel the same way about some of what people want to do to bitcoin too
09:16 < Emcy> grq?
09:17 < Luke-Jr> get-rich-quick
09:18 < Luke-Jr> Bitcoin has value to non-miners
09:18 < Emcy> like i said, so many ltc pump threads on /g/ now that OPs are actually starting to get banned
09:18 < Emcy> ive even seen feathercoin and peercoin (whatever that is) threads
09:20 < Emcy> damn you know youre poor when you have to learn to mouse left handed cos thats the side the heat vent is on your laptop and you can really afford as much heating as you need anymore......
09:20 < Luke-Jr> sure, my point is there's nothing left once the pump goes away
09:21 < Emcy> i gather ltc bubbled and popped this week. Again gathering from various butthurt on /g/ from people who just did what /g/ told them to.
10:47 < skinnkavaj> Dear wizards, how can I protect my site from being ddosed to death without giving up all control to a company to Cloudflare? It's impossible right? Would it work better if everyone used namecoin instead of the current dns system?
10:48 < Luke-Jr> namecoin does not improve the situation at all
10:48 < pigeons> namecoin wouldn't stop idiots from saturating the pipes to your ipv4 endpoints ior the servers using those addresses
10:49 < skinnkavaj> So it's not possible to do what cloudflare does in a p2p decentralized way?
10:50 < Luke-Jr> p2p does not help against DDoS
10:51 < skinnkavaj> Right now it's not good that so many big exchanges use cloudflare. Really serious problem I think.
10:51 < Luke-Jr> they're just exchanges *shrug*
10:51 < Luke-Jr> it's not like Cloudflare controls the bitcoins or fiat
10:52 < skinnkavaj> But hack Cloudflare and peope LOSE millions.. Of course it's not like everyone would stop using bitcoin. But it could lower the confidence in bitcoin for a longer period.
10:57 < Emcy> cloudflare is just caching or somthing
11:04 < Emcy> "I know you devs are busy selling coins, but you owe the community solving this problem at least, before buying your ferrari."
11:04 < Emcy> check out this fucker
11:04 < Emcy> this will kill bitcoin. Ignorance = entropy
12:48 < nOg4nOo> Good morning, bears.
16:00 < MoALTz> question: does it really matter what the PoW function is (as long as it's a valid PoW one)? counter-point to answering "no": the ASICs already invested in and running on the network
16:05 < HM2> I think it should be calculating pi to 5000 trillion decimal places
16:06 < HM2> where's sipa? I need to his wisdom on serialising public keys
16:14 < maaku> MoALTz: yes, proof-of-work needs to be fast to compute
16:15 < Luke-Jr> s/fast/easy/
16:15 < Luke-Jr> where "easy" can be defined multiple ways
16:16 < Luke-Jr> eg, a memory-hard PoW would need to use less memory to verify
16:18 < phantomcircuit> Luke-Jr, it would be at least vaguely interesting to use a variable memory scrypt
16:18 < Luke-Jr> phantomcircuit: AFAIK scrypt always requires the same memory to verify than to find
16:18 < Luke-Jr> which is why it doesn't work as a proof-of-work
16:19 < phantomcircuit> Luke-Jr, iirc there is a "hardness" factor which can be changed
16:19 < phantomcircuit> it changes the number of prng's used
16:19 < phantomcircuit> maybe that's bcrypt
16:20 < maaku> phantomcircuit: yes, but that's symmetrical
16:20 < phantomcircuit> right but it would make developing ASICS for it very expensive
16:21 < maaku> i think Luke-Jr is talking about a hypothetical situation where a miner uses GBs of RAM in the search, but only kilobytes are required to verify
16:21 < phantomcircuit> yeah i know im talking about something different
16:21 < phantomcircuit> you would have to build them with extra prng pipelines that would go unused right up until the chip became useless
16:25 < jtimon> phantomcircuit to justify anyting different from merge-mineable SHA-256 first you have to explain why AISCs are bad for "you" as a network
16:26 < phantomcircuit> jtimon, ASICs necessarily lead to semi centralized mining efforts
16:26 < jtimon> defining ASIC as an artifact specifically created to be only able to serve you as a security provider
16:26 < maaku> phantomcircuit: not in practice...
16:26 < phantomcircuit> capital costs and non recurring engineering costs dominate
16:27 < maaku> we've gone from very centralized botnets to very distributed asics
16:27 < phantomcircuit> electricity is basically just a foot note
16:27 < jtimon> it is now, let's wait until asics are really optimized
16:28 < jtimon> profits tend to zero no matter the pow
16:28 < Luke-Jr> [21:25:26] <nwoolls> https://github.com/nwoolls/bfgminer/blob/feature/updating-windows-build/windows-build.txt
16:28 < Luke-Jr> [21:26:51] <Anixs> my Avast said that was a malicious text file
16:28 < Luke-Jr> lol
16:28 < jtimon> and in the end electricity is what makes the difference
16:28 < jtimon> paradoxically, taxes/subsidies on energy
16:30 < jtimon> Anixs stop using malware and you won't need to install avast or update it
16:31 < jtimon> that's my generic answer when my relatives asks me about viruses "I'm sorry, I don't use viruses so I don't know much about antiviruses"
16:32 < Luke-Jr> :D
16:32 < jtimon> then people ask "what do you mean you don't use viruses"
16:32 < jtimon> -you know, malware is software that does things you don't want it to do
16:33 < jtimon> do you have windons installed?
16:33 < jtimon> -yes
16:33 < jtimon> -that's what I mean, I don't use viruses
16:34 < jtimon> I guess you could adapt it to mac in the us ;)
16:35 < jtimon> as said, the best thing an asic can do you serve you as network, GPUs can do many things and leave you in the dark
16:36 < jtimon> if litecoin dropped to 1 usd cent tomorrow
16:37 < jtimon> miners would go to a more profitable scryptcoin fairly soon
16:38 < jtimon> how long would it take for the next "faster than bitcoin confirmation"?
16:39 < jtimon> on the other hand, asics that are not mining namecoin are just rejecting cheap income
16:40 < jtimon> namecoin is far more secure than litecoin
16:41 < jtimon> people often forget the limitations of the attack 51
16:42 < jtimon> you cannot change the rules no matter how much hashing power do you have
16:42 < jtimon> your orphan invalid chain contains more pow? good for you, you can eat it
16:43 < jtimon> we users are looking to the blocks that follow the rules, period
16:44 < jtimon> you can do bad things with 90% of the pow, sure
16:45 < jtimon> but the machines (capital) want to yield as much as they possibly can
16:46 < jtimon> and that's mining
16:47 < MoALTz> good heating if you live somewhere cold
16:47 < jtimon> not reorging
16:48 < jtimon> yeah but you will get the heat either properly mining or trying to disturbe the network
16:50 < jtimon> so if all asics end up in iceland and alaska
16:50 < jtimon> and two meteorites hit those places at the same time
16:50 < jgarzik> iceland is ideal, for energy as well as cooling
16:50 < jtimon> it's not such a big deal
16:51 < gmaxwell> MoALTz: there are certian requirements which are met by secure cryptographic hashes and are maybe met by other things. In general its useful— for consensus sake— that the work have no value outside of getting into the longest chain, though even for PoW merged mining breaks this a bit.
16:51 < jtimon> you just need to make a hard fork reducing diff deus ex machine and take the opportunity to change to maaku's diff filter ;)
16:53 < jtimon> gmaxwell what do you think about a snark-based pow in which you do "voluntary" (it would start to be paid) computing instead of sha-256?
16:54 < jtimon> that would be GPU friendly so "less secure" in that respect
16:55 < jtimon> I heard that "specialized is better" argument first from jgarzik, and it really convinced me
16:55 < gmaxwell> the only space and validation compact snarks I'm aware of let the chooser of the validation key (e.g. the circut) bypass the proving time.
16:56 < gmaxwell> jtimon: also, it would sort of be dishonest, e.g. snark prover time is a huge multiple of program execution time. so this wouldn't usefully be a way of getting work computed for you in the real world, regardless of the fact that theoreticians like to talk about outsourced computation as though it were a real application of their work. :P
16:58 < jtimon> yeah, wouldn't it be magical? trust-less boinc?
16:58 < gmaxwell> also, as a side effect of their zero knoweldgeness, all the compact snarks I'm aware of are trivally rerandomizable. E.g. you do execution once and then you can trivially generate an infinite number of distinct proofs from your first proof.
16:58 < jtimon> yeah, but with snark you don't need repetitions anymore do you?
16:59 < jtimon> boinc send the same work unit to many clients to prevent them from lying
16:59 < gmaxwell> oh sure, but if its 1000x slower... the repetitions are cheaper.
17:00 < maaku> jtimon: yes, but the cost of making the snark proof probably dwarfs the inefficiency by orders of magnitude -- what gmaxwell said
17:00 < gmaxwell> (and actually I think 1000x is really small as things are today, but perhaps with specialized hardware you could start to get it down to numbers like 1000x slower)
17:00 < jtimon> I understand, I just don't want to believe I guess
17:01 < gmaxwell> It's magic in any case, but all real magic has limits. :)
17:01 < gmaxwell> I think it's silly to promote this stuff with general delegated computation, but I think thats just what some of the research groups have found that gets them funded.
17:01 < gmaxwell> since if that actually was efficient, e.g. overhead < 2x it would be commercially interesting.
17:02 < jtimon> I don't know how many repetitions boinc does, but 2000 is still "unsecure" the way they do it, so maybe they use the 1000x thing
17:03 < jtimon> mhumm, I'm just speculating but I would say boinc does 100 repetitions or so
17:03 < gmaxwell> jtimon: at some point it becomes "look, just donate a @#$@ dollar to us, as it'll let us do 1000x more computation than we could do if we used you"
17:03 < maaku> jtimon: no it's only in the range of 3-5 repititions, max
17:03 < jtimon> I see
17:04 < gmaxwell> since users do many jobs if they assume users will cheat consistently I assume they don't need many reps to actually be reasonably confident that a user isn't cheating.
17:04 < jtimon> it was maaku who made me believe in that curecoin dream first, so shame on you ;)
17:05 < gmaxwell> It's good to dream.
17:05 < maaku> well snark proved useless for that, but curecoin is easily adopted onto colored coins
17:05 < jtimon> yeah, gmaxwell I was asuming they were "overconfident on their users" but that was 100x
17:05 < maaku> especially with the new boinc point system
17:06 < jtimon> have you heard about gridcoin?
17:06 < gmaxwell> I'm not yet sure how important it is that the work be worthless, but I'll point out that the difficulty adjustment in bitcoin at least drives the system so that the profit from mining tends to 0. So if 99% of your mining profit comes from the side effect work, the incentive to not use your hashpower to attack (or rent it to someone else who _might_ use it to attack) isn't terribly great…
17:06 < gmaxwell> I think for something like boinc remote attestation is probably more useful than SNARKs.
17:07 < jtimon> my friends like grindcore, but that's a diffeent topic
17:07 < jtimon> gmaxwell the problem is not really profits but the value destroyed
17:08 < jtimon> in bitcoin the problem is only in the initial issuance, but in freicoin is perpetual
17:08 < gmaxwell> jtimon: it's no more "value destroyed" than the cost of building a safe or the guy who sits guarding it instead of writing the great american novel.
17:09 < jtimon> what bitcoin does is maximizing production costs to minimize seignoriage
17:09 < jtimon> no, gmaxwell, that's when the 21 M are issued
17:09 < gmaxwell> jtimon: hm? we need high hashpower forever to have acceptable security. Worse we don't have a control loop to set it. maybe less bad than freicoin though since 5% may turn out to be way out of wack if freicoin is widely adopted.
17:10 < jtimon> yeah our concern is 5% being to much security
17:11 < jtimon> if it's too little tx fees are supposed to cover the rest, arent they?
17:11 < gmaxwell> jtimon: yea but there is no control loop to make sure it does.
17:11 < gmaxwell> Since the system can't detect insecure.
17:12 < jtimon> can we, humans?
17:12 < gmaxwell> If everyone was still cpu mining you could have a difficulty floor that nodes imposed based on how fast they personally could hash... but in the current enviroment we have no way to achieve a decenteralized control loop on the minimum difficulty.
17:13 < gmaxwell> Even humans are bad at detecting insecure until its too late, the system doesn't fail especially softly.
17:13 < jtimon> my point is that in this case is directly impossible for the machine
17:14 < gmaxwell> and I expect that if bitcoin is a big thing in the future and if it does fall too low that will be the excuse states need to step in and say "this decenteralized thing failed, obviously we need centeral bank signed blocks from now on"
17:14 < jtimon> the algorithm cannot be based on something exterior
17:14 < gmaxwell> well I dunno, for example, I do have some interesting ideas, but I think they're too weak.
17:14 < maaku> gmaxwell: i think what jtimon is alluding to is freicoin's plan to use proof-of-stake voting process to determin what percent-of-the-5% is given to the miners (vs. distributed through other means)
17:14 < gmaxwell> maaku: most of those schemes reduce to "miners control" because miners can censor the vote.
17:15 < maaku> so humans through proof-of-stake voting determine the amount of perpetual demurrage adjustment paid towards security, and therefore the break-even difficulty
17:15 < maaku> gmaxwell: hence my recurring interest in this channel in a voting scheme that avoids that, through committed/encrypted votes or some other mechanism
17:15 < jtimon> butthe security needed is always proportional to the value transacted, no?
17:15 < gmaxwell> RE: other interesting ideas, here is my best— but it only works retrospectively—  if you show the network a long fork, any node you show it could could impose a minimum difficulty of some multiple of that in the fork.
17:16 < jtimon> mhmm
17:16 < jtimon> yeah, as you annoounced it, weak, but interrrsting
17:16 < gmaxwell> jtimon: no, in a consensus ledger system the value transacted isn't in a simple relationship with security, because the invalidation of your $0.01 transaction could invalidate a $100000 transaction.
17:18 < gmaxwell> I just don't know how to make that fork-minimum difficulty scheme work prior to a devistating attack, except via altruists that use it to peg up the difficulty.
17:18 < jtimon> gmaxwell, yeah, because inputs/outputs are not accounts, I never though it that way
17:19 < jtimon> so it is completely impossible to have an appropriate security regulated from within, again, that's not a fatal flaw
17:19 < gmaxwell> I am no longer so quick. I used to say a secure decenteralized consensus system was impossible.
17:19 < jtimon> you just need to soft-fork minimum fees...wait I don't want ot go that route
17:20 < gmaxwell> miner collusion breaks a lot of other assumptions in the system.
17:20 < gmaxwell> Maybe it would be tolerable in something where everything was encryted and anonymous and collusion couldn't usefully be used to do other things.
17:20 < jtimon> hehe, yeah, I think many of us knew bitcoin like that "look, this impossible thing turned out to be possible"
17:20 < gmaxwell> but even then, thats not a security control loop.
17:21 < jtimon> you want feedback
17:22 < jtimon> and I'm telling you you can't hear anything from the outside because the outside is real and you're not
17:22 < jtimon> "you" are the network
17:23 < gmaxwell> jtimon: for example, we can happily prevent miners from advancing the network clock far into the future and mining up all the coins.
17:23 < jtimon> "because the outside is real and you're not" wasnt very appropriate
17:23 < gmaxwell> if security were detectable by single nodes, we could enforce security the same way.
17:23 < gmaxwell> E.g. if the best you could do was cpu mining and cpus were relatively consistent, then every node could enforce a minimum reasonable difficulty based on their own speed.
17:30 < midnightmagic> whoah. no route to host?!
17:33 < midnightmagic> jtimon: Are you on dialup or something?
17:34 < jtimon> sorry, my laptop died
17:37 < jtimon> and I have to dinner...
17:37 < jtimon> minimum difficulty intuitively sounds bad though
19:17 < jgarzik> This is fun: http://www.foreignpolicy.com/articles/2013/11/19/stuxnets_secret_twin_iran_nukes_cyber_attack?page=full
19:18 < jgarzik> Iranians compensated for unreliable centrifuges with volume, just like we compensate for unreliable P2P nodes with volume
20:06 < maaku> Iran's cyber security gurus: "we keep building you secure facilities, and you total newbs keep plugging in usb drives you found in the f@*&ing street"
--- Log closed Sun Dec 01 00:00:22 2013