--- Log opened Sun Dec 15 00:00:56 2013 01:46 < Emcy> http://www.quora.com/Distributed-Systems/What-does-a-career-in-distributed-systems-feel-like-In-terms-of-the-kind-of-programming-you-have-to-do-nature-of-bugs-or-issues-work-life-rhythms-etc/answer/Bram-Cohen?srid=CW&share=1 interesting comments 01:46 < Emcy> "Then I run into... how to put this... barriers to commercialization which don't apply to most products. 01:46 < Emcy> " 01:46 < Emcy> I think he means lobby money....... 11:31 < gwern> hola. so I need to tell Gavin about a possibly-schizophrenic stalker that seems to be targeting him. does anyone have a real contact email for him they wouldn't mind giving me? (given the nature of the issue I'd prefer to tell him sooner rather than later) 11:55 < gwern> anyone? 11:55 < gwern> alright, whatever, I'll just use 11:55 < gwern> gavinandresen@gmail.com 11:55 < gwern> it *probably* isn't a real threat, after all 12:01 < michagogo|cloud> gweIs that somehow a non-real contact email? 12:01 < michagogo|cloud> :-/ 12:01 < michagogo|cloud> combination if the user leaving and lag eating keystrokes 14:38 < amincd> Hi guys, any feedback on this idea would be appreciated: https://bitcointalk.org/index.php?topic=365392.msg3900881#msg3900881 16:42 < gmaxwell> andytoshi: maaku: phillipsjk gave an attack on multiparty CJs that either I hadn't considered or I considered and forgot. https://bitcointalk.org/index.php?topic=279249.msg3982242#msg3982242 16:44 < warren> adam3us: good criticism on the 32bit keyid on card 16:51 < andytoshi> gmaxwell: thx, i'll check it out 16:52 < andytoshi> and agreed, i am not going to distinguish between fee and donation 16:52 < andytoshi> if people don't trust me, they can verify the transaction themself before signing 16:52 < andytoshi> unfortunately "andrew stole all the fees" and "somebody put a ton of inputs in without paying a corresponding donation" will look the same.. 16:53 < andytoshi> ah, that is essentially the phillipsjk attack 16:57 < gmaxwell> andytoshi: well it means that e.g. if two people pay extra fees because they want faster confirmation, you could be eating them anyways. 17:03 < andytoshi> right 17:03 < andytoshi> so i think, i'll do that always and be upfront about it :P 17:22 < gmaxwell> andytoshi: one somewhat annoying thing about the fee/donation stuff is that it makes it impossible to go from round inputs to round outputs. 17:23 < gmaxwell> andytoshi: hm. also, can you perhaps have some ajax reloader thing, and perhaps play a chime or popup an alert when its time to sign? 17:23 < andytoshi> oh, sure 17:23 < andytoshi> i guess i should whitelist my own domain on noscript.. :P 17:24 < gmaxwell> maybe just have it display a countdown... and when it hits zero. popup a window/play a beep. 17:24 < gmaxwell> I missed the testnet one I threw coins into earlier. :P 17:25 < andytoshi> i think, i'll have the "there are XYZ seconds until whatever" displays count down everywhere, and i'll see about playing a beep 17:25 < andytoshi> whenever i google for things like "how to play sound using javascript" the forum posts that come up are so sad... 17:26 < andytoshi> fwiw, these never expire, you can F5 the 'sign.php?session=whatever' page for ever and ever 17:26 < gmaxwell> "Sorry, but this session has been invalidated. Probably there were not enough transactions to do a merge." 17:26 < andytoshi> ah 17:27 < andytoshi> that'll happen regardless of how closely you follow it, unless you submit multiple transactions yourself 17:27 < andytoshi> maybe i should extend the window rather than invalidating transactions? 17:27 < andytoshi> i don't want it to happen that somebody submits a transaction, nobody else does for a day or two, and then when finally people use the coinjoiner, it's got some forgotten transaction poisoning the pot 17:28 < gmaxwell> just document.write a tag... 17:29 < gmaxwell> yea, you don't really want a old transaction jamming it. 17:30 < gmaxwell> What you could do is split off the old pot and start a new pot. The old pot can still get more txn added, but only if someone gets directed to it by ID. 17:30 < gmaxwell> e.g. I could add a txn to the pot, and email you a link directly to the pot. and it fails because no one else adds... and 24 hours later you can add a coin to it, then it'll go into signing X time after. 17:32 < andytoshi> yeah, that's a good idea, and it takes literally no code to implement.. 17:32 < andytoshi> i just have to commend out the "set status = invalid" line in the cronjob :P 17:32 < gmaxwell> you might want to have it check if the inputs are unspent and set it to invalid if any of them are spent. 17:34 < gmaxwell> e.g. if I put a coin in, send you a link. Then you don't notice the email, and I give up and join another session .. and my coin is spent.. later when you load the link it won't invite you to add more coins to a dead one. 17:34 < andytoshi> yeah, it should 17:35 < andytoshi> there is code which does that before it switches to signing mode 17:35 < gmaxwell> (or even just: if a coin is spent, you remove it from the mix, and if the count goes to zero the mix is invalidated) 17:37 < andytoshi> cool, done 17:38 < andytoshi> i should also add code so that if outputs are spent during the signing phase, that also invalidates things 17:38 < andytoshi> inputs* 17:41 < gmaxwell> just check on every load of the signing page, perhaps? 17:43 < andytoshi> nah, the pageloads are handled by PHP, i'm trying to avoid doing any real work in there.. 17:44 < andytoshi> i have a perl script which transitions to the next session, it does all the merging and validation checks 17:47 < andytoshi> well, that's not true, when you submit a transaction PHP does a spot check 17:50 < gmaxwell> not critical, but checking there would save some time signing a doomed transaction. 17:55 < andytoshi> i think i'll run the perl script every minute or two 17:56 < andytoshi> it should really know how long a session is supposed to be alive.. 18:46 < amincd> 20. 19:19 < andytoshi> gmaxwell: i think i've got the coinjoiner working, with the ding and the autorefresh and the frequent checking of transaction validity 19:19 < andytoshi> i still have not updated the tiebreaker code for most popular output to take into account roundness of numbers.. 19:21 < andytoshi> i'm really happy with how this is turning out, i do wish there was a nicer UI than "run these rawtx commands" 19:23 < michagogo|cloud> andytoshi: You could make a script or set of scripts for assorted languages to use the rpc interface to make a nicer UI 19:31 < gmaxwell> andytoshi: well, next step can be to write a client for it. :P 19:31 < nsh> use predicates 20:14 < maaku> gmaxwell: "The general idea is that the merging party can just make a list (blindly) mapping their inputs to outputs, give the list to all players, and commit to the list so that all players know they got the same list." <-- that's how I always understood the protocol, and what the one I'm working on does 20:14 < maaku> I guess I don't understand phillipsjk's attack? 20:16 < gmaxwell> e.g. you and I want to coinjoin and both of us want to pay 1 BTC to 1wikileaks (perhaps among several other outputs we want). 20:16 < maaku> ok 20:17 < gmaxwell> in the most straight forward construction the merging host could have just 1 1BTC output to 1wikileaks, and if you and I don't know about each other we'd inspect the transaction and each say "yep, 1btc payment to wikileaks, good to go" 20:18 < gmaxwell> meanwhile the merging host had just added in an extra 1btc payment to themselves. 20:19 < maaku> so in the version I'm working on, the merger (I call him the joiner) makes a proposal by referencing offers signed by each participant 20:19 < maaku> so we could, in principle, check that each others requirements were met and not double-count the donation 20:19 < maaku> but yes, I understand the problem now and I hadn't considered it 20:20 < maaku> my naive implementation would have just checked the user's own requirements and could fall victim to that 20:20 < gmaxwell> yea, it's perfectly solvable. 20:21 < maaku> hrm.. but this is maybe semantically ambiguous - what if I really only care that 1 btc was sent to 1wikileaks? 20:21 < gmaxwell> I give two ways to solve it— one constrains an output pubkey, the other requires an extra communications roundtrip. I dunno if there are better ways. The communications round trip might just be necessary for anti-dos reasons regardless. 20:22 < gmaxwell> maaku: then you could signal that, I suppose... one is a superset of the other. 20:22 < maaku> in freimarkets for example, we have private servers that condition transactions based on whether an output matching a certain template makes it on the block chain 20:23 < gmaxwell> for transaction fees (which you can think of as being a 'reused address') it might actually be the case that you only care that X amount goes to them and you don't give a darn regardless. 20:23 < maaku> in which case you're using it as a semaphore ... but it's not really a problem if more money ends up there, and I assume that requiring both outputs is the better default 20:23 < gmaxwell> maaku: right, and what I'm saying is that the ability to accept such a case is a subset of the ability to detect that you're in such a case. 20:24 < maaku> yeah 20:24 < maaku> sorry, just thinking outloud 20:24 < gmaxwell> I'd actually like it if CJ things could merge outputs, e.g. 1 WL, 1 WL -> 2 WL.. but because of the triggers you'd want to actually communicate your willingness to accept. 20:25 < gmaxwell> (merging matching outputs is always equal or better for privacy, and its more efficient) 20:27 < maaku> yeah 20:28 < gmaxwell> andytoshi: I assume when you put this up for real you put it behind ssl? 20:33 < andytoshi> gmaxwell: yeah, definitely 20:34 < andytoshi> actually, i have been meaning to put my entire site behind ssl for a long time.. is there such a thing as a good cheap cert provider? 20:34 < gmaxwell> startssl 20:34 < maaku> startssl 20:35 < gmaxwell> at least in one of your dimensions its infinitely good. 20:35 < andytoshi> thx guys :) 20:35 < adam3us> andytoshi: all certs are equal, buy the cheapest :) (its an openssl design side effect - weakest link in chain defines system security) 20:36 < gmaxwell> not quite equal, since there is some inequality in support in older browsers, but I think for your stuff you don't care. 20:36 < maaku> adam3us: well, you need to make sure it's a widely deployed root cert (e.g. built into mobile browsers) 20:36 < maaku> but startssl is, and it's free ... kinda hard to beat that :) 20:36 < andytoshi> well, i meant 'good' in a moral sense.. for example godaddy supported SIPA, they act like scammers, they look sleazy, etc 20:37 < gmaxwell> If you don't pay them it's less morally ambigious. :) 20:37 < adam3us> maaku: some of them have a chain file you have to use, because they are subcas, which works but makes the cert response over the wire larger 20:37 < andytoshi> yeah, i buy that :) 20:37 < adam3us> maaku: free eh? thats pretty good 20:38 < maaku> well for the lowest level of verification ... as if verification actually meant anything 20:39 < maaku> unfortunately they require verification if your domain gets flagged as high-risk (e.g. monetize.io :( ) 20:39 < andytoshi> lowest level is fine, at least people can't read your traffic with tcpdump.. 20:39 < maaku> but even then, it's still the cheapest 20:39 < adam3us> maaku: yeah thats a new one to me, used to be like $7 - $10 cheapest 20:41 < gmaxwell> andytoshi: so wrt output values. Maybe instead of just the most popular output, when there is more than one output with exactly equal values, you list all of them. E.g. If you have 10.1 1 5.3133 you list 1 (roundest most popular output), and if later you have 10.1 10.1 1 5.3133 you list 10.1. and if later you have 10.1 10.1 1 1 2 2 5.3133 you list 10.1, 1, 2. It makes the txn more identifyable but you'd almost certantly learn ... 20:42 < gmaxwell> ... the same stuff by just continually polling the most popular output as it changes. 20:53 < gmaxwell> andytoshi: I got 20:53 < gmaxwell> Your signed submission. 20:53 < gmaxwell> Success! If all signatures arrive, the transaction will be broadcast at the start of the next session. Thanks! 20:53 < gmaxwell> Your unsigned submission. 20:53 < gmaxwell> Thanks for submitting an unsigned transaction. 20:53 < gmaxwell> Sorry, this session was not found. 20:53 < gmaxwell> Thanks for helping bitcoin's privacy. 20:53 < gmaxwell> andytoshi: also, you should do something visually drastic when its ready to sign 20:53 < gmaxwell> andytoshi: like change the page background to blue. 20:54 < gmaxwell> I'm also now getting at the front index: 20:54 < gmaxwell> The current session is open for -1387158864 more seconds. There are currently 0 transactions in the pot. Note that if there are less than two transactions in the pot at the end of the session, this session will be invalidated. 20:54 < gmaxwell> and a constant rescroll to the top of the page. :P 20:54 < gmaxwell> heh 20:55 < gmaxwell> The way it works is as follows: every -1387158602 seconds, a new session opens. During each session, users submit transactions to be joined, and recieve a URL specific to that session. 20:55 < michagogo|cloud> gmaxwell: You're nullc, right? 20:57 < andytoshi> gmaxwell: sorry, this is a bad time for you to test :) 20:58 < andytoshi> it should be right in half an hour or so... 20:58 < andytoshi> when i changed the cronjob to run every minute, i broke the session management pretty badly 20:59 < typex> what are you working on andytoshi? 21:03 < andytoshi> typex: i am writing a web interface to handle coinjoining via rawtransactions 21:03 < typex> coo 21:03 < typex> cool 21:04 < andytoshi> :q 21:06 < gmaxwell> michagogo|cloud: yes 21:06 < typex> andytoshi, I'll gladly help to test if you want 21:07 < gmaxwell> typex: right now his service is running on testnet, so if you're not running testnet— get it running. :) 21:07 < gmaxwell> andytoshi: oh I don't mind, I'm just testing it periodically. 21:08 < gmaxwell> andytoshi: In my mind the deal is I keep testing it and don't mind that it doesn't work, and you— in return— don't mind that I keep reporting things for you to fix. :) 21:08 < typex> sure 21:08 < typex> hehe 21:10 < andytoshi> thx a ton for your time and suggestions, gmaxwell 21:10 < andytoshi> typex: yeah, that'd be great 21:10 < andytoshi> http://testing.wpsoftware.net/coinjoin/ 21:10 < gmaxwell> andytoshi: no problem, this sort of thing fits the time I actually have available, stolen moments as I get blocked (or wait for a compute job) on other projects I'm working on. 21:11 < typex> bitcoin-qt shouldn't get messed up in any way if I switch it to testnet right? 21:15 < michagogo|cloud> nope 21:15 < gmaxwell> typex: nah, perfectly fine to switch (or run both at once, in fact) 21:15 < michagogo|cloud> You can even run test and mainne- 21:15 < typex> great 21:15 < michagogo|cloud> what gmaxwell said 21:16 < gmaxwell> I run both at once— every once in a while I run the wrong one and I'm very confused. 21:17 < gmaxwell> "whooo! solo block!" ... "aww" 21:17 < typex> :-) 21:19 < michagogo|cloud> heh 21:30 < michagogo|cloud> andytoshi: getting a Failure: output value not equal to input value. Check the section on Donations and Fees below. 21:30 < michagogo|cloud> But as far as I can tell, inputs and outputs are equal 21:30 < andytoshi> can you msg me the raw transaction? 21:31 < michagogo|cloud> http://pastebin.com/4QNDyyqR 21:34 < andytoshi> sigh, effing php.. 21:34 < michagogo|cloud> Heh, overflowing the input field? 21:34 < andytoshi> nope, just saying 24.45 != 24.25 21:34 < michagogo|cloud> Well, that's true 21:34 < andytoshi> to be fair, this is probably not php's fault.. 21:34 < michagogo|cloud> But in this case, 24.45 == 24.45 21:34 < andytoshi> lol, i meant 25.45 == 25.45 21:35 < michagogo|cloud> Ruby calculates the total of the outputs as 25.450000000000095... 21:35 < michagogo|cloud> stupid floating points 21:35 < andytoshi> i guess, i'll put a 'within 1 satoshi' check and that should do it 21:36 < michagogo|cloud> heh 21:36 < andytoshi> can i get bitcoind to send me satoshis instead of floating-point numbers? 21:36 < michagogo|cloud> It actually sends you decimals 21:36 < michagogo|cloud> :-P 21:36 < andytoshi> :) 21:36 < michagogo|cloud> You just need to get php to not treat it as a float 21:37 < michagogo|cloud> (if that's possible...) 21:37 < andytoshi> cool, it accepted your transaction 21:37 < andytoshi> http://testing.wpsoftware.net/coinjoin/sign.php?session=cba2c4be86cdda9f6828baa4294dbff5e04d09413e6b15252d986679be6d1399 21:37 < andytoshi> i highly doubt it's possible 21:37 < michagogo|cloud> In Ruby, I might try multiplying by 100000000 and calling to_i 21:38 < andytoshi> yeah, i could do that actually 21:38 < michagogo|cloud> (if the inaccuracy is sub-satoshi) 21:40 < andytoshi> ok, so if you are idling on the link i sent you, in about 6 mins we should both hear a ding, which means that we can sign 21:41 < michagogo|cloud> BTW, probably you should include the fee/donation address on the sign page 21:41 < michagogo|cloud> Aww, you require a confirmation on inputs? 21:41 < michagogo|cloud> :-/ 21:42 < andytoshi> yeah, sorry 21:42 < michagogo|cloud> At least it didn't kick me back to the front page on a failed transaction 21:42 < andytoshi> yeah, i fixed that..very very annoying 21:42 < michagogo|cloud> Oops 21:42 < michagogo|cloud> Accidentally just sent 0.05 BTC to the fee/donation address 21:43 < andytoshi> the one-conf thing is to prevent double-spends, and it's kinda an antidos 21:43 < andytoshi> with sendtoaddress? 21:43 < michagogo|cloud> Nah 21:43 < michagogo|cloud> By signing and sending 0100000001a1188d6860b79fcd97d87d488cd8c86dbdd99c1139490f98cef42ffd939bd4a80100000000ffffffff0280fe210a000000001976a91443dc321b6600511fe0a96a97c2593a90542974d688ac404b4c00000000001976a9140332073851cbdfd5b4e6a18891963ea0c546d74688ac00000000 21:43 < andytoshi> ah 21:43 < andytoshi> damn 21:44 < michagogo|cloud> (that was the unconfirmed transaction I was trying to spend into the pool, sending most of the tBTC back to the faucet) 21:44 < andytoshi> maybe i can use vanitygen to get the privkey :P 21:44 < michagogo|cloud> Sure, as soon as you harness all the energy in the entire universe 21:44 < michagogo|cloud> times about a million? 21:44 < michagogo|cloud> (disclaimer: that last number is made up) 21:45 < michagogo|cloud> By the way, why do you start the timer on a session while it has 0 inputs? 21:45 < michagogo|cloud> You could just have it idle, and leave the session open for 20 mins or whatever from the first input 21:47 < andytoshi> i could, i might do that 21:48 < andytoshi> so, if you refresh your page we can sign now 21:49 < andytoshi> the ding didn't come, the timer went into negative territory and then it autorefreshed while perl had the database locked 21:51 < michagogo|cloud> Uh 21:51 < michagogo|cloud> There's 0.47 going to mforFeesAndDonationsSpendHerdYm2jT 21:51 < andytoshi> really? 21:51 < andytoshi> wtf 21:52 < michagogo|cloud> "n" : 100 21:52 < andytoshi> also my server is crashing.. 21:52 < midnightmagic> it take 45 TH to average one solo block per day right now 21:53 < midnightmagic> :-( 21:53 < midnightmagic> i don't think i'll ever be back on board with solo mining 21:53 < michagogo|cloud> Well, it does take ,,(calc [nethash] * 1000000000 * 600) hashes to find a block... 21:53 < michagogo|cloud> ;;help nethack 21:53 < gribble> Error: There is no command "nethack". 21:54 < michagogo|cloud> ;;help nethash 21:54 < gribble> (nethash takes no arguments) -- Shows the current estimate for total network hash rate, in Ghps. 21:54 < michagogo|cloud> ;;calc [nethash] * 1000000000 * 600 21:54 < gribble> 5063132752673999872 21:54 < michagogo|cloud> over 5 quintillion hashes 21:55 < andytoshi> michagogo|cloud: this is definitely a bug, i'll deal with it whenever i can get my server back 21:55 < andytoshi> for now i think we'll have to stop testing :( 21:56 < michagogo|cloud> Here's my signed version of that: http://pastebin.com/UNckGWLM 21:57 < andytoshi> thx, but if it's got money going to mforFeesAndDonationsSpendHerdYm2jT i won't use it 21:58 < michagogo|cloud> It's less than 1% of a block 21:58 < michagogo|cloud> (though I guess that's still an UTXO in the UTXO set forever...) 21:59 < michagogo|cloud> wait a minute 21:59 < michagogo|cloud> How did it get to be 5 am 22:00 < andytoshi> haha oops 22:00 < michagogo|cloud> o_O 22:00 < andytoshi> it's only 9pm over here 22:00 < michagogo|cloud> US Central? 22:01 < michagogo|cloud> Okay, I need to go to sleep 22:01 < michagogo|cloud> Fortunately there's no school tomorrow (well, technically today) because everyone's still recovering from the snowstorm 22:02 < andytoshi> alright, i'll let you go, whenever you wake up this should be fixed 22:45 < andytoshi> michagogo|cloud: whenever you get this, the url for signing is http://testing.wpsoftware.net/coinjoin/sign.php?session=b3b098642a36f1aa62a333f5a15a6e98a04dfb7622e4eb3dd74f3d706f149d7b --- Log closed Mon Dec 16 00:00:59 2013