00:46:26andytoshi:BlueMatt: you are "everything that is wrong with cryptos" :)
01:03:52gmaxwell:* gmaxwell claws his eyes out at "cryptos"
01:06:00gmaxwell:if someone has ethical concerns on BM's tool, BM could just add a warning that says "poor selection of the parameters here can result in a trivially insecure coin, the site makes no promises that the settings are good"
01:06:47gmaxwell:"make heavily demanded features are believed by experts in the Bitcoin world to be terrible for security in subtle or even vulgar ways, sometimes thats why Bitcoin doesn't do them. Buyer Beware."
01:06:50andytoshi:the ethical concern from earlier is that i suggested 'secretly' adding wizarding experiments
01:07:19gmaxwell:oh well I don't think there is anything secret needed. You can just add them and make people _pay_ for them.
01:07:37sipa:indeed, just make them extra features
01:08:01gmaxwell:or make turning them off an extra (pay for) feature if you like.
01:09:41Luke-Jr:maybe BlueMatt would donate the site to -wizards ;)
01:10:03Luke-Jr:it'd be neat to make it list all mergable pull requests as options..
01:11:14Luke-Jr:perhaps unmergable ones too, and give a warning about "There is an additional charge for this feature which cannot be calculated automatically. You will receive a quote within 3 business days if you choose it."
01:11:16Luke-Jr::D
01:11:30Luke-Jr:and then let anyone competent bid on it
01:11:41sipa:it probably needs some deterministic seed
01:11:55sipa:so that new versions of existing coins created with it can be generated
01:12:00sipa:if the upstream source is updated
01:12:09sipa:(which determines magic bytes etc)
01:13:03Luke-Jr:sipa: that would break the merging features a bit
01:14:16Luke-Jr:"I have a magic node which keeps track of peers for each coin and forwards them on in addr messages, but if no one else is running a node, youre sol."
01:14:20Luke-Jr:wow, that probably took some effort
01:15:17gmaxwell:nah, if you get an inbound connection you're silent, the connector sends the network version
01:15:37gmaxwell:so then its just like one of those 100 line python "node" implenmentations with a dict of addresses per network.
01:16:20Luke-Jr:<.<
01:24:00Luke-Jr:wow, BlueMatt's thing has made over $500 already :P
01:25:21warren:it has no disclaimer of warranty
01:27:31Luke-Jr:I suppose sipa's auto-upgrader could bill you
01:28:08sipa:why what?
01:28:11sipa:my what?
01:32:00Luke-Jr:sipa: the idea to let people come back for upgraded builds of the same coin
01:32:36Luke-Jr:sipa: my objection was that it would break merges - but it could work if you get billed for any conflicts ;)
01:33:06warren:Luke-Jr: why do you care about the maintainability of scam coins?
01:33:29sipa:well, my concern about them is pretty much irrelevant, as i have no interest in using the tool
01:33:50sipa:but if the users were serious to any extent about the coins they are creating, they should demand it
01:33:51Luke-Jr:warren: I'm just thinking financing development and testing this way, ignoring how the end products are used ;)
01:34:38warren:Luke-Jr: I think this current tool renames everything to make merges impossible
01:40:08Luke-Jr:warren: maybe.
01:40:26Luke-Jr:warren: I was thinking more of merging before s&r
01:40:53Luke-Jr:ie, rebuild the scamcoin from scratch
01:41:24warren:Luke-Jr: you would have done well as a litecoin dev =)
01:42:06Luke-Jr:well, arguably litecoin *is* using my code.. :P
03:14:25Luke-Jr:too bad Script is neutered
03:14:39Luke-Jr:could make a transaction-fee-for-only-future-blocks..
03:14:50Luke-Jr:sPK: "" OP_SWAP OP_CAT OP_HASH256 OP_DEPTH 1 OP_SUBTRACT OP_FOR OP_CAT OP_HASH256 OP_ENDFOR OP_SWAP OP_CAT OP_CAT OP_HASH256 OP_LE
03:14:59Luke-Jr:sS: "" "" ""
03:15:12Luke-Jr:petertodd: ^
03:16:39gmaxwell:looping in scrypt is yuck though. e.g. while(true)OP_HASH256.
03:17:02gmaxwell:if you just want to burn coins OP_RETURN them, poof gone and trivially provable they were burned.
03:25:57Luke-Jr:but then they're "too" burned :P
03:26:07Luke-Jr:OP_FOR isn't the same as OP_WHILE :p
03:26:18Luke-Jr:OP_FOR would inherently be non-forever
03:38:13andytoshi:in an alt where fees were tied to runtime, you could do cool things like this
03:38:31andytoshi:it seems to me that even "non-forever" is not sufficient to prevent DoS attacks
03:39:00andytoshi:if you can loop for tens of thousands of iterations, that can cause bad problems .. if you can nest loops, etc
03:39:07andytoshi:otoh, if you -can't- do those things then that sucks
03:43:58gmaxwell:Luke-Jr: yea, 4 billion SHA256 ... big improvement over forever.
03:44:10Luke-Jr:[03:38:09] in an alt where fees were tied to runtime, you could do cool things like this <-- there is no reason this would be an alt
03:44:20gmaxwell:tying things to runtime is really really likely to cause hardforking bugs.
03:44:30Luke-Jr:gmaxwell: only if they are hard rules
03:44:33gmaxwell:since you need a precise instruction counter.
03:44:42gmaxwell:Luke-Jr: they must, because non-miners must evaluate script too
03:45:13gmaxwell:otherwise you have mining pools incentivized to put in fast hardware script execution engines and no one else can keep up validating the coin
03:45:35Luke-Jr:gmaxwell: I'm okay with letting miners decide on the upper runtime limits, within reason.
03:47:11gmaxwell:within reason is the problem there == hardforks. :P
03:48:48Luke-Jr:nah, within reason is vague enough to use opcode counters
03:48:49andytoshi:gmaxwell: sorry, i meant 'instruction count' which could be defined very precisely in a forth-like script
03:50:32gmaxwell:andytoshi: yes, it can be. What OP_CHECKMULTISIG does is also very precisely defined and that didn't stop several alt implementers from getting it wrong.
03:50:50andytoshi:ah, this is true
03:51:53gmaxwell:this may ultimately be an argument for replacing script with verficiation for some proof of execution, since it may actually be easier to get it right.
03:52:13gmaxwell:or at least alt implementors are less likely to try to reinvent crypto constructs.
03:53:27gmaxwell:it's nuts. SCRIPT is actually a public key signature system itself. People writing their own ECDSA code as a my-first-project would be super frowned on, and yet they re-write script. though somewhat annoying in that at least there are libraries for ecdsa.
03:55:43andytoshi:i think i will start pushing the meme on #bitcoin that cryptography is serious business and that only morons try to roll their own or work with it without understanding it
03:55:56andytoshi:...which appeared to be common knowledge until altcoins became a thing
03:55:56gmaxwell:Okay, I think I'm going to give up on bitcoin, jesus christ: http://blockchain-link.com/#future
03:57:15andytoshi:gmaxwell: agreed on "this is an argument for snarks", aside from the usual novel crypto warnings it seems to me they'd be way easier from a blockchain engineering perspective
03:57:49andytoshi:and i'd be really jacked to see a turing complete script (and maybe one which could do things like read the past blockchain)
03:58:42andytoshi:gmaxwell: where did you get that URL?
03:59:06gmaxwell:#bitcoin
03:59:13gmaxwell:oh thank god those are fethercoin amounts
03:59:24gmaxwell:I was thinking this person had recieved over 600 btc in donations
03:59:25andytoshi:ahhh wtf
03:59:48gmaxwell:I think if that was true I would probably just never do anything with bitcoin again. I'm getting seriously depressed about all the money flowing into fucking things up.
04:00:37gmaxwell:I am not a very coin operated guy myself, but the funds flowing specifically to _bad_ things is especially demotivating.
04:01:30andytoshi:gmaxwell: as personal advice i'd say you do way too much to correct misinformation and engage with these idiots ... but otoh it does a massive amount of good for the bitcoin communitiy, so i dunno what to say
04:02:20gmaxwell:well I certantly know that I have the option of ignoring everything I don't like.
04:02:42gmaxwell:And I actually consciously ignore enormous swaths of stuff (though I know it doesn't seem like it)
04:03:32andytoshi:maybe i will write a "why alts are retarded" FAQ which discusses cryptography and the horrors of using it blindly or stupidly ... and reminding people that crypcocurrencies are a novel cryptographic concept and these lessons apply -even more so- because of that, and then -even more so- because there is monetary value involved
04:04:23andytoshi:because it appears that people think this shit is magic, people talk as though "cryptos" are a thing , a collection of magical systems that are all on equal footing
04:05:34gmaxwell:you can probably pull up some of the old sci.crypt faqs
04:05:44gmaxwell:things like "anyone can make a cryptosystem that they themselves can't break"
04:06:16gmaxwell:it all applies to the _entire_ altcoin. The whole thing— minus some frills around the edges, but everything that actually makes it an alt— is a cryptosystem
04:06:37gmaxwell:e.g. the decision to go with 10 minutes vs 5 minute block times is a cryptographic decision, and one that isn't very completely understood!
04:06:48gmaxwell:(though more understood than some other things)
04:07:01andytoshi:good call on sci.crypt -- i was a young child when it crossed into mostly-insanity so i forgot all about it :P
04:07:30andytoshi:i'll hack something up this week and post it here, maybe just github the latex and give you all push access
04:07:33gmaxwell:it was pretty much always insanity, but the boundary of sane and not is what produced some of the arguments you need.
04:07:55andytoshi:or rather, git.wpsoftware.net it ... i don't think github likes direct pushing
04:08:33gmaxwell:I think making a concrete argument the whole of the interior rules are a cryptosystem is important. It's a bit sad that OP_CAT is off and that we don't havea OP_PUSH_TXN_HASH as you could implement lamport signatures in script with that.
04:09:30gmaxwell:bluematt's think will help, in a couple of months you'll be able to claim that many alts are created by people who can't use a compiler.
04:09:48gmaxwell:so there will be no illusion that there is some latent stock of cryptographic genuises putting out these things.
04:09:50andytoshi:yeah, that's excellent
04:11:11andytoshi:i might even describe this as a "social experiment which Matt Corallo proposed to the bitcoin developers to illustrate this point"
04:11:30andytoshi:because people on the btct thread seem to think he is some random guy..
04:12:25andytoshi:though i really don't want to give the impression that the bitcoin developers are holy people directing the currency somehow
04:12:42andytoshi:because that kind of thinking causes alts with convergence issues
04:12:45Luke-Jr:Matt Corallo is a bitcoin developer O.o
04:12:52gmaxwell:well, also, while not a secret emphasizing that the tool is intentionally cynical may lower matts income from it.
04:13:18andytoshi:Luke-Jr: i know, i guess i phrased that badly
04:13:23gmaxwell:andytoshi: and fwiw, I do think I was the first person to suggest it. :P (though perhaps matt had been thinking about it independantly)
04:13:44andytoshi:oh, sorry :}
04:13:49gmaxwell:(I spent a while in #bitcoin-mining trying to convince Luke-Jr and/or petertodd to do it. (luke has the nice ability to tie in merged mining))
04:13:57gmaxwell:like ... N months ago.
04:14:24andytoshi:my intention in saying that was exactly to claim it is cynical .. but you are right that i'd be just taking money from Matt
04:15:47gmaxwell:well I think its cyncism is not secret, but emphasizing it now might reduce his income from it, and given the two choices I'd rather have the latter.
04:16:01gmaxwell:the cynical aspect of it is super obvious (it even was one of the first comments in the altcoin thread about it)
04:16:40andytoshi:okay, that's good then .. one of my concerns was that having Matt involved publically might make alts seem legitimate
04:19:27grau:I assume you talk about coingen.io: I think it greatly damages alts, showing how pointless they are, unless there is a network of people supporting one.
04:22:08gmaxwell:grau: thats the idea.
04:22:37gmaxwell:Were you in the #bitcoin-mining discussion where it was proposed eons ago? for some reason I had the impresion you were. :P
04:23:08grau:I never joined #bitcoin-mining
04:23:13gmaxwell:hm! okay!
04:23:28gmaxwell:well as I just said: super obvious.
04:23:31gmaxwell::P
04:23:56gmaxwell:Part of it is a network effect thing, dillution hurts smaller coins more than bigger ones.
04:24:07grau:but is it good in your opinion, or should we rather embrace alts?
04:24:48gmaxwell:I think it's good to dillute "worthless" alts. I don't think coingen.io does anything harmful at all to ones that have a solid reason for existing (which currently is .. not very many)
04:26:14gmaxwell:it highlights the worthlessness of things that are clearly worthless, and somewhat undermines the efforts of people who use the internet version of boilerroom techniques to promote worthless things trying to get a quick buck.
04:26:40justanotheruser:I think altcoins are an interesting phenomenon. Normally people wouldn't flock to a new version of software with a new logo and a few variables changed. For example, if I made altfirefox where the scroll bar was half the size and the logo was a dog, it wouldn't get any downloads let alone a thread with hundreds of replies.
04:26:44gmaxwell:though I still have no real answer to altcoins which have good _sounding_ reasons to exist but which are without substance when you pull back the technical covers.
04:27:13gmaxwell:justanotheruser: yea, you're not promoting the altfirefox with an investment ... scheme.
04:27:50warren:protoshares!
04:27:53justanotheruser:exactly, people buy into a purposeless piece of software because they think they will make money off it
04:28:26gmaxwell:right and coingen.io probably dashes those hopes for "YAAC" (yet another altcoin) though not for something with an elaborate vaporware story.
04:28:51gmaxwell:obviously then next thing to do is a coingen2.io that makes whitepapers for non-existing altcoins using a hidden-markov-model
04:29:02grau:those get rich schemes depend on being able to convert to BTC (since direct to fiat is absent) and this keeps me wondering why someone is selling BTC for some alt.
04:29:10andytoshi:gmaxwell: my hope is that i can write a faq which talks about smart-sounding alts
04:29:50justanotheruser:andytoshi: You should. There are only a handful you would have to cover
04:29:52grau:assuming there is no get rich, then motivation might really be the need for cheap tokens
04:29:58andytoshi:e.g. litecrypt and it's goofy scrypt implementation, feathercoin and its super fast alts
04:30:04andytoshi:blocks*
04:30:16grau:there could be applications for near worthless tokesns e.g. for games.
04:30:19justanotheruser:grau: if you want a cheap token, you should buy uBTC
04:30:40andytoshi:realsolid's difficulty algo
04:30:43gmaxwell:grau: my guesses include things like (1) people with large amounts of illicitly gained btc which can't easily be spent other ways, (2) exchanges buying them with fake BTC to pump prices for their own profits, (3) ... just people trying to repeat bitcoins rise in value a second time
04:30:47justanotheruser:I suppose you are talking about small transaction fees though
04:31:09gmaxwell:grau: sure, but we've got plenty of altcoins already, we don't need public exchanges for cheap tokens either.
04:31:26andytoshi:for that matter, solidcoin's seemingly solid reputation, and the character who turned out to be behind it
04:32:23justanotheruser:Is there going to be a point where most of the transactions are off-chain? I mean if we keep the block size at 1mb, people will eventually be competing with higher transaction fees to get their transaction into a block.
04:34:19andytoshi:my feeling is that some sort of {snark+agressive pruning}coin will be released before bitcoin is seriously strained by the tx load
04:34:20petertodd:justanotheruser: nah, hopefully we'll just uncap the blocksize and gmaxwell and I will get the smug satisfaction of being proven right
04:34:47petertodd:andytoshi: snark's don't help with scalability the way I think you think they do
04:35:11justanotheruser:petertodd: how do we deal with the massive blockchain and bandwidth?
04:35:20andytoshi:petertodd: i'm not suggesting they can be used for pruning, but for quicker transaction validation
04:35:24grau:gmaxwell: (4) maybe a also scheme of anonymizing with recourse to BTC
04:35:30andytoshi:(and i'm aware that in 2014 even that is not true)
04:35:48gmaxwell:andytoshi: they're not quicker than trivial txn today. even the fastest stuff is .. well see that tinyram paper you linked to.
04:36:01petertodd:justanotheruser: by sharding the blockchain so that no individual node has to deal with all of it, but that's very tricky
04:36:19gmaxwell:But to the extent that they allow binding offchain systems they do improve scaling.
04:36:44andytoshi:could petertodd's MMR stuff be implemented in an alt today and enable massive block pruning?
04:37:02petertodd:andytoshi: yes, but not in the way you think so :P
04:37:20justanotheruser:petertodd: Is that in development at all? Is there anywhere I can read about that?
04:37:22andytoshi:petertodd: ok, this time you're right that i believe unjustified things :)
04:37:25petertodd:andytoshi: MMR TXO commitments actually make scalability a lot worse
04:37:29andytoshi:really?
04:38:04petertodd:andytoshi: yes, the bandwidth required to prove txin existence is about an order of magnitude more than what it is now
04:38:08gmaxwell:they make the blocks really big, but they allow a bandwidth/storage tradeoff if you can optionally send them when a node already has the data.
04:38:30BlueMatt:andytoshi: yea, I love that comment
04:38:35andytoshi:i thought with TXO commitments we could get away with only storing the last $small_time of actual blocks
04:38:41gmaxwell:bandwidth does tend to be more scarce than storage. though the ratio is kinda hard to reason about
04:38:42petertodd:andytoshi: where they can make things better is in conjunction with sharding techniques that allow that much worse bandwidth to be spread out over multiple nodes
04:38:57BlueMatt:Luke-Jr: I'm not a "bitcoin developer"?
04:39:03Luke-Jr:BlueMatt: you're not?
04:39:05BlueMatt:not a core dev sure, but I think everyone here is...
04:39:09gmaxwell:andytoshi: you can but you made the blocks much bigger because they're carring around kilobyte proofs per txin instead of 32 byte hashes.
04:39:29andytoshi:gmaxwell: ah, i see, that's what i was missing
04:39:36petertodd:BlueMatt: heh, people are starting to call even me a core dev, which you have a much better claim to :)
04:39:40gmaxwell:of course if you have the txo set you don't need the proof, so it could be made optional.
04:39:44andytoshi:i thought this MMR business was basically a smart version of "add a hash of chainstate/ to the blocks"
04:40:16gmaxwell:andytoshi: sure but when a tx spends coins committed in that state the tx has to include a proof that its inputs are in it.
04:40:16andytoshi:and you'd request a copy of the chainstate dir instead of IBD'ing
04:40:36andytoshi:gmaxwell: oh, okay, so my understanding was not wildly far off
04:40:46gmaxwell:andytoshi: oh no, that just SPV security for full nodes you're talking about. sort of orthorgonal
04:40:52petertodd:andytoshi: that's completely right, but bandwidth, esp. anonymous bandwidth is the importatn thing
04:41:11petertodd:andytoshi: also the real importance of chainstate is being able to product compact proofs that rules were violated
04:42:03gmaxwell:andytoshi: if the chainstate is commited then you could have a full validating node without even storing the chainstate, but at the cost of txns having to carry chainstate proofs. (just hashtree fragments)
04:42:51andytoshi:ok, i see, did not realize that bandwidth would be hit so hard -- i was looking at "download 20gb of old transactions and validate them" as being much more overwhelming
04:43:06gmaxwell:and its orthorgonal to if you hot-started or not. If you hotstart without something like a snark proving chainstate faithfulness you reduce full nodes to SPV security— e.g. miners could potentially inflate the coin.
04:43:48andytoshi:well, you might keep the last few weeks of actual blocks so that miners would need to outcompute the network for a long time to do that
04:43:59gmaxwell:and using a snark to prove a full chainstate fidelity isn't technically feasable yet, I think. though perhaps we're close if you skip the script evaluation.
04:45:07gmaxwell:andytoshi: but keep in mind in doing that you change the incentives completely. so the analysis isn't simple. E.g. if non-miner full nodes didn't check the generated amount, would miners just all set their generated coins to 100 and leave them there?
04:45:09grau:checkpoints skip script evaluation
04:45:46gmaxwell:grau: we're going to remove that in bitcoin-qt almost certantly after headers first, and even there there is a commandline switch to reenable.
04:46:05gmaxwell:and miners don't set checkpoints.
04:46:48andytoshi:gmaxwell: presumably at all times non-miner full nodes have the past ten days or so of blocks (and they'd be dropping them), so there'd never be a window when people weren't validating the latest blocks
04:46:54gmaxwell:Basically the point there is that if miners can get themselves a blank cheque its a very different set of incentives than we currently have.
04:48:07grau:I think it will be miner keeping check on each other not user
04:48:27gmaxwell:andytoshi: sure, you just have eluria and ghash.io and slush (>>50% of the network) agree to do a 10 day reorg that harms nothing but gives them 10x the coins. Why not? it's tricky. And then why would people keep 10 days? 0 days is enough until the attack actually happens. Let someone _else_ take the cost of preventing the attack.
04:48:32gmaxwell:BlueMatt [~BlueMatt@unaffiliated/bluematt] has quit [Ping timeout: 260 seconds]
04:48:33grau:user will move to SPV, even merchants may
04:48:35gmaxwell:oops missate there.
04:48:41andytoshi:grau: then there's an incentive to conspire/collaborate and this leads to pool centralization
04:49:04andytoshi:ah, now i see the incentive problem with what i suggested
04:49:05gmaxwell:grau: there are only two or three people in the world required to achieve >50% control of hashrate.
04:49:34gmaxwell:(and one of them (the cex.io guy) has physical control of most of his hashrate directly)
04:50:05andytoshi:ugh, this is so frustrating, i had this massive blind spot in my analysis of pruning schemes
04:50:14andytoshi:if only i could convey that feeling to the alt-chasers..
04:50:50gmaxwell:grau: trusting miners is a pretty terrible idea, far worse than trusting the fed— at least the fed has a sea of regulations and public identity regulating its behavior. Miners are anonymousish, fully self selecting, unregulated, etc.
04:50:50grau:gmaxwell: assuming 2-3 would and use it to inflate coins. This could be surfaced by anyone and would destroy trust in the currency and that possibility would keep them from doing that.
04:51:05gmaxwell:and if you regulate them, the you just undermine the system in a differnet way.
04:51:24gmaxwell:Instead they can be regulated _naturally_ by the system how it was designed: but not trusting them any more than the absolute minimum needed.
04:51:31gmaxwell:(by having full nodes that impose the rules)
04:51:35Luke-Jr:BlueMatt: anyhow, maybe you misread what I said. I said you *are* a bitcoin dev..
04:51:44BlueMatt:ahh, ok
04:53:34grau:collaborating between miner to change rules is the same dilemma as in "selfish mining", whort term incentives against long
04:54:02grau:*short
04:54:31petertodd:grau: relying on incentives of a small number of quite-possibly non-rational people is crazy
04:54:49grau:if you have an other choice
04:55:10gmaxwell:* gmaxwell out
04:55:35petertodd:grau: well we do: design crypto-currencies where pools aren't possible, and be ready to deploy them if it becomes an issue (as an example)
04:56:20Luke-Jr:petertodd: if pools aren't possible, then you get worse alternatives (hosted mining)
04:56:26grau:design a migration policy of welth also if you are that
04:56:47petertodd:grau: that's the easy part actually
04:56:54gmaxwell:Luke-Jr: hosted mining is made insecure by the same things that break pools (though perhaps no one cares, which was the argument I gave before: easier to break pools than hosted mining)
04:57:08petertodd:Luke-Jr: basic physics fortunately encourages decentralization of hashing power
04:57:25gmaxwell:oh yea I'm not here
04:57:29Luke-Jr:that's why it's better to make decentralised pooling as cheap as possible, cheaper than hosted mining
04:57:56grau:petertodd: why that? bigger plants should have better ratios of energy/hash
04:58:25Luke-Jr:^ + bulk orders of hardware get better prices
04:59:04petertodd:grau: nope, the basic unit of production is the chip + power supply, and for that your economy of scale is making them. otoh your costs to run the hardware has a huge component of getting rid of waste heat, which incentivizes decentralization
04:59:25petertodd:grau: e.g. "a bitcoin miner in every water heater"
05:02:02grau:petertodd: thereby you would raise production cost of e.g. water heater. Competition in water heater would eliminate that.
05:02:50petertodd:grau: if crypto-coin mining has a value, and heating water has a value, then you're cost for doing both at once is less than separating the two activities
05:04:58grau:You assume that water-heater mining is profitable to the extent that it ever amortizes the added production cost. That is not given.
05:06:24petertodd:grau: my point is if bitcoin mining is profitable, it'll be more profitable if you can use the waste heat for something useful. using waste heat for something useful is easier with more decentralization than less
05:08:51grau:There are places where getting rid of heat is not a big issue. I think you engage a bit in wishful thinking. We should rather think hard of how to deal with centralized mining.
05:09:56petertodd:grau: yes, and those places are always decentralized! it's just the basic physics of heat: surface area scales by x^2 and volume x^3
05:10:13grau:iceland
05:10:24petertodd:grau: obviously bitcoin mining will tend towards more northern places, but there's a whole lot of those around
05:11:13gmaxwell:21:07 < NomZ> You all will love this one. The dogecoin blockchain split after someone submittted a 500M transaction.
05:11:35petertodd:grau: my parents live in a place significantly colder than iceland...
05:12:13grau:petertodd: wow, send them some boxes to mine :)
05:13:18petertodd:grau: yeah, I've done the math on that, it actually makes quite a lot of sense. furthermore in communities north of them the high cost of electricity is *not* a factor because the electricity generation is all diesel anyway, and diesel's more expensive (slightly) than fuel oil
05:13:29grau:gmaxwell: tomorrow you'll have lots of journalists asking if this could happen to BTC
05:15:10brisque:grau: not having scrollback to refer to, can you give me a one line summery of what you're referencing?
05:15:18gmaxwell:http://www.reddit.com/r/dogecoin/comments/1ufl1e/much_concern_dogecoin_block_chain_has_split/cehm0yw
05:16:34brisque:gmaxwell: ouch. I suppose that's what you get when you have inexperienced developers managing a bitcoin clone.
05:16:46petertodd:gmaxwell: heh, yeah warren noticed that awhile back
05:17:11andytoshi:petertodd, warren: oh? what is special about this 500m tx?
05:17:37Luke-Jr:lolwut @ font
05:17:38petertodd:andytoshi: it triggers some sanity limits that they recently removed
05:17:39brisque:andytoshi: the title of the thread has the details. some clients accept larger amounts in blocks than others.
05:17:41warren:andytoshi: competence
05:18:08brisque:"Ten days ago, the developers made a change to the Dogecoin client that raised the limit of coins in a block from 500 million to 10 billion. So now some folks are running Dogecoin clients without that change, because they are older, and some folks are running newer clients. In block 42279, a transaction that broke the rule -- containing more than 500 million DOGE -- has prevented these older clients from advancin
05:18:30warren:did the pools upgrade?
05:18:43gmaxwell:.... wtf they didn't stage the change?!@#
05:18:51andytoshi:holy shit, this is so incompetent i can't believe it, even from doge
05:19:02brisque:presumably one pool updated, then the big TX made it into a block and the chain forked
05:19:07gmaxwell:well we learned nothing then, as we've succesfully made a number of changes that would have been forking if not staged.
05:20:16brisque:warren: from looking, there's some on one fork and some on another. presumably anybody on the old client has been left behind and that's the majority at this point.
05:20:21andytoshi:it appears they just pushed a forking change in a routine update? what the fuck?
05:20:47nsh:my hilarity sense is tingling...
05:20:48warren:three forks exist?
05:20:49warren:not sure how
05:20:54warren:but it's hilarious
05:21:06nsh:oldyellercoin....
05:21:17justanotheruser1:justanotheruser1 is now known as justanotheruser
05:21:20brisque:they might have changed the TX limit previously without making it a staged change.
05:21:23andytoshi:well, i'm going to move to #bitcoin..
05:21:48warren:andytoshi: that update was to stop a massive dust attack. they had a mintxfee of 0.0001 when coins were very plentiful ... much hilarity
05:22:04gmaxwell:andytoshi: yea, it'll keep creating more forks if the non-acceptable-to-all-nodes chain has a majority hashpower.
05:22:28andytoshi:oh man, such wow
05:22:30gmaxwell:er "acceptable-to-all-nodes"
05:22:32gmaxwell:not non-.
05:22:48gmaxwell:if the non-acceptable has a majority then you'll get exactly two.
05:23:00warren:how do I format a mocking doge message to post in litecoin dev news
05:23:05petertodd:warren: heh, I wish I had the time to add really easy multi-currency support to python-bitcoinlib to make writing attacks for non-btc crypto-coins easier...
05:23:07grau:gmaxwell: there could be a lesson for us in this. Let's see how the worst case unwinds.
05:23:08gmaxwell:if the acceptable to a majority has a majority you'll get constant reorgs and more forks but most will be short.
05:23:24Luke-Jr:gmaxwell: I thought you left? :P
05:23:48warren:petertodd: you're sitting on a lot of unearned funding...
05:23:49gmaxwell:grau: things like this have happened with smaller alts before, they just release another version and tell everyone to hurry up and upgrade. And because there is no major economic activity no one cares and its forgotten.
05:24:13brisque:presumably they aren't using the alerts system to notify clients because they didn't change the key from Litecoins.
05:24:54petertodd:warren: one of the reasons I'm not working on python-bitcoinlib...
05:25:13petertodd:warren: and for that matter, why I quit the day job (mastercoin was just good luck)
05:25:14andytoshi:i like how this happened less than a hour after i decided to write an alt faq
05:25:22andytoshi:brisque: classic
05:25:29warren:I need a doge speak primer to format the mocking message properly.
05:26:35grau:I regularly write doge, without intent :)
05:27:08petertodd:warren: verb noun, verb noun, verb noun etc. (all lowercase) make the layout alternate sides, but not symmetrical.
05:27:09brisque:https://github.com/dogecoin/dogecoin/commit/2ee5cb3396df66c10fef34480a183d00e3bec635
05:27:18brisque:^ that's the forking change, if anybody was curious
05:27:55petertodd:specifically the change to the definition of MAX_MONEY
05:28:04brisque:https://github.com/dogecoin/dogecoin/blob/94b99f5cc7d997d9c656b9d08ce5f74caa6a3ec3/release/dogecoin.conf
05:28:08gmaxwell:wtf they totally did just change max_money, halarious.
05:28:12brisque:what's with the hardcoded RPC password?
05:28:28warren:prior to making that change they e-mailed me asking for help
05:28:29brisque:default rather, not hardcoded.
05:28:35gmaxwell:worse than I guessed, initially I thought perhaps not all instances of max money were made into the define and they only got one right.
05:28:54gmaxwell:"Fix dust issue" misleading commit message too
05:28:57warren:I didn't intentionally not respond, I was sleeping the entire time including that commit.
05:29:19petertodd:lol "
05:29:19petertodd:wallet_bgcoin.png should not be modified on every release, as it would increase the size of the repository time by time...
05:29:37gmaxwell:and the commit was by " dogecoin " no actual attribution.
05:30:03warren:I didn't verify this, I was told one of the dogecoin devs is an engineer at IBM.
05:30:47brisque:oh, so Dogecoin is a fork of "Linkcoin" rather than Litecoin?
05:30:51petertodd:ha, and dogecoin doesn't sign their commits
05:30:56petertodd:or even tags
05:31:43petertodd:warren: they do have an android client on the front page though
05:32:10brisque:petertodd: and a web wallet.
05:32:40warren:brisque: not all that different from most coins. people mine directly into an exchange wallet.
05:32:42petertodd:brisque: with twitter bootstrap like the big boys!
05:35:11grau:Alt holdings could wash to BTC now en masse.
05:37:30warren:https://plus.google.com/+LitecoinOrg/posts/3iVBu7bC1h6 <--- this is the best I could do
05:37:53petertodd:warren: lol
05:37:57grau::)
05:38:13pigeons:pigeons is now known as Guest41495
05:41:47brisque:there's a comment in that reddit thread asking the developer to use the alerts system to notify people, the response is "in good time"- they definitely can't because they don't have litecoin's alert private key.
05:42:48warren:they actually copied our alert key?
05:43:12andytoshi:i bet "in good time" means "when a litecoin dev names his price to sign an alert for us"
05:43:22brisque:warren: https://github.com/dogecoin/dogecoin/blob/2ee5cb3396df66c10fef34480a183d00e3bec635/src/main.h#L1589
05:43:28warren:andytoshi: can't do that. that alert would be on our network too.
05:43:53brisque:andytoshi: http://www.reddit.com/r/dogecoin/comments/1ufl1e/much_concern_dogecoin_block_chain_has_split/cehkh91?context=1 (I misremembered, that quote wasn't verbatim)
05:44:00warren:andytoshi: litecoin's alerts already jumped onto 20+ clone networks
05:44:01petertodd:warren: isn't dogecoin on 0.6? could limit display to just 0.6
05:44:07andytoshi:warren: oh, i thought because the nodes won't talk to each other litecoin would be isolated
05:44:39brisque:andytoshi: they would be isolated until someone just manually transported the alert to litecoin and made a mess.
05:45:16andytoshi:brisque: yeah, i realized that as soon as i typed that
05:45:33brisque:andytoshi: if I've read right, some people on bitcointalk have designed their systems to go into a safe mode when they see an alert on the network too
05:46:36warren:litecoin does regular alerts for color changes, so they shouldn't be surprised.
05:46:44warren:* warren is exaggerating, a little.
05:48:29petertodd:I like how in the reddit thread about the dogecoin split, specifically warning people not to send dogecoin during the split, people are tipping each other like crazy...
05:50:05brisque:petertodd: it's fairly obvious that the community has no clue what they're doing. the "co-founder" is saying everything is fine and they had 10 days to update (not realising that as soon as they made the commit the network could have been split {if anybody actually builds from master and runs it behind something})
05:51:15petertodd:brisque: and with their fast block rate and fast diff adjustment we can see first-hand what forks look like when coinbase payouts are destroyed!
05:51:17andytoshi:brisque: where are these claims being made?
05:52:04brisque:andytoshi: http://www.reddit.com/r/dogecoin/comments/1ufl1e/much_concern_dogecoin_block_chain_has_split/cehkbm8 and there's other bits scattered about the thread
05:53:29andytoshi:i love the talk in that thread about the "real chain" and "bad chains"
05:53:53andytoshi:apparently they have a reddit-based consensus system now..
05:54:30petertodd:BlueMatt: ^ there's an option for the coingen!
05:54:59petertodd:"So, now what do we do? Is there someone who is in charge of maintaining the blockchain?" <- lol
05:55:59brisque:petertodd: I would absolutely love to have a real time visualisation. connect to multiple nodes on different forks and watch them race. the short block time for make for an incredibly interesting display.
05:56:41petertodd:brisque: it'd be extra fun if someone decided to DoS attack the network right now
05:58:17warren:petertodd: coingen.io is for sale
05:58:20brisque:petertodd: I doubt they need it really. the network is so fragmented and so little actually relies on Dogecoin that the entire system will likely just collapse.
05:59:13petertodd:brisque: I sure hope so, but good luck on that...
05:59:43petertodd:brisque: communities of people around a technology that doesn't actually need to work for the community to exist can be surprisingly durable
06:01:00brisque:petertodd: I suppose, if they don't understand as a whole how bad this situation is then it won't collapse. strange situation. it's a bit like NXT supporters still being optimistic when their closed source currency posted it's source.
06:02:22petertodd:brisque: well remember the "situation" is they have a fun meme and a community built around that meme. if anything the problem is just as likely to get *more* people interested in dogecoin
06:04:51andytoshi:well, as fun as this is to watch, i've got an early flight tomorrow
06:04:56andytoshi:have a good night guys
06:05:03brisque:petertodd: like all "memes" the velocity will die off (if it isn't already).
06:05:13andytoshi:petertodd: i'm going back to austin, vancouver is freezing !!
06:05:27petertodd:brisque: sure, but that die-off may have little to do with tech
06:05:40petertodd:andytoshi: ha
06:05:46petertodd:andytoshi: pretty though :)
06:06:50andytoshi:that's true, i'll miss it
06:06:52brisque:petertodd: the meme is already losing staying power, it could just be that massive incompetence and forks is enough to destroy the coin as well. http://www.google.com/trends/explore#q=doge%2Cdogecoin
06:07:55brisque:http://www.google.com/trends/explore#q=doge%2C%20dogecoin&date=today%2012-m&cmpt=q
06:08:02brisque:that's a much better graph.
06:16:27warren:this fork didn't seem to affect its exchange rate
06:17:28brisque:logically exchanges would have closed their doors temporarily when they saw the network wide alert about the chain fork (haha). they risk double spends if they don't.
06:18:03warren:I'm just pointing out that networks being reliable has nothing to do with alt value.
06:19:14brisque:alright, I agree.
06:27:14nessence:it is near ~midnight throughout most of US on a saturday
06:46:21justanotheruser1:justanotheruser1 is now known as justanotheruser
08:04:05Sangheil-:Sangheil- is now known as Sangheili_afk
08:06:18warren:petertodd: ooh... with the dust spam attack, I wonder if their massive reorg triggered the BIP50
08:19:33brisque:brisque is now known as Guest75151
09:47:17Sangheili_afk:Sangheili_afk is now known as Sangheili
10:08:10brisque:looks like dogecoin released another update that adds check pointing to try and get around their hardforks issue.
10:08:31brisque:confusingly in two commits "checkpoint" and "checkpoints".
10:09:47gmaxwell:brisque: oh boy, did they back out the change?
10:10:18brisque:they did not.
10:10:31gmaxwell:if not they may be for a helluva ride as the hashrate majority when I looked _appeared_ to be on the acceptable-to-all fork
10:11:26gmaxwell:who the heck knows what happens if you upgrade to code that imposes a checkpoint you've long since violated and you don't reindex.
10:12:08brisque:the commit only checkpoints two very late blocks, but I'm not really sure how the behaviour works
10:12:11brisque:https://github.com/dogecoin/dogecoin/commit/dab72582b657395a25e25f4ea367b8b8990db460
10:13:00brisque:in the first commit they only checkpoint the later block *after* the fork, but wisely added a checkpoint for the forking block later on.
10:13:59gmaxwell:this sounds like a bad idea, if the hashrate majority is on the old stuff, they'll keep on trucking. If its on the new stuff, they didn't need the checkpoint at all.
10:15:34brisque:from their IRC (signal to noise was off the chart, it was hard to tell) the older branch had the majority and was overtaking the newer clients with the forking change. as the original instructions from the developer were to upgrade at all costs, I guess they just went with it.
10:15:41gmaxwell:also if you upgrade a node already past the checkpoint on the non-checkpointed chain, it's not going to reorg on its own unless you do a reindex.
10:16:08gmaxwell:seems like a really bad plan to me, since they won't know for sure if they'll actually get the majority to switch fast.
10:16:17gmaxwell:so it might make a huge reorg days later...
10:19:33brisque:I'm not sure it was thought through that much, from talking to the developer before he was certainly trying to grapple with what was going on, but doesn't have that much experience with the finer points.
10:20:47gmaxwell:my strategy would have been to revert the change, set the change to trigger in the future, checkpoint the chain everyone can accept. release and nag everyone to upgrade to that.
10:21:18brisque:sounds familiar.
10:21:22gmaxwell:that would avoid any (further) reorgs assuming the hashpower majority was already on the generally acceptable chain.
10:21:41gmaxwell:it's even _better_ than when we did it in bitcoin, if the hashpower majority is on the generally acceptable chain most of the time.
10:22:09gmaxwell:(bitcoin was screwed because there was a decisive hashpower majority on a chain the majority of nodes would reject)
10:24:59brisque:handled with relative grace given the circumstances. it would have been harder with a majority p2pool, but significantly easier now that we have two pools with a majority hashrate.
10:26:39gmaxwell:well it wouldn't have happened at all really with p2pool. majority of nodes were not on the fork creating version we would have just gotten a _single_ orphan block out of it and probably not noticed the event. :( (if thats good or bad it's unclear!)
10:27:53gmaxwell:it's actually an interesting question if the BIP50 fork actually happened earlier and we missed it because the old chain got ahead fast enough.
10:28:51brisque:the 0.8 chain was from a single pool wasn't it?
10:29:10brisque:wouldn't they have notice the sudden increase in orphaned blocks?
10:29:16gmaxwell:no, its was from two primarily.
10:29:35brisque:BTCGuild and Slush, got it.
10:29:42gmaxwell:brisque: I mean in a hypothetical world where hashpower wasn't consoldated at a big pool...
10:30:05gmaxwell:the trigger was pretty hard to hit, we went for months before triggering it again after the large blocks were allowed again.
10:30:37gmaxwell:I think we've triggered large numbers of unpatched 0.7 nodes to misbehave only twice since.
10:30:39brisque:so 0.7 clients without a modified database configuration are permanently orphaned now?
10:30:48gmaxwell:no because its non-determinstic.
10:30:58gmaxwell:the last time apparently got a lot of them though.
10:31:14gmaxwell:I'd bet you could sync a new one from start successfully now though.
10:32:39gmaxwell:if instead the <0.8 nodes solved two blocks before the 0.8 only chain got a second, it would have just been orphaned and probably no one would have noticed, since that orphan producing 0.8 node would likely have not triggered it again with its next block.
10:32:55gmaxwell:(as some portion of its txn would have been included on the <0.8 chain.)
10:33:15brisque:I've a few 0.7.99 clients at the current highest block, so you're likely right with that.
10:34:52gmaxwell:0.7.99 = 0.8 for this purpose.
10:35:59michagogo|cloud:12:26:40 well it wouldn't have happened at all really with p2pool. majority of nodes were not on the fork creating version we would have just gotten a _single_ orphan block out of it and probably not noticed the event. :( (if thats good or bad it's unclear!)
10:36:44michagogo|cloud:Bוא 'םוךגמ,א איק ארדשמדשבאןםמד ישהק קמגקג ופ ןמ איק צקצפםםךד םכ איק ופערשגקג מםגקדת עקאאןמע רקצןמקג שעשןמ שא קשבי נךםבל אישא שמ ופערשגקג מםגק צןמקג?
10:37:00michagogo|cloud:Gah, I hate when that happens
10:39:53michagogo|cloud:But wouldn't the transactions have ended up in the mempools of the upgraded nodes, getting remined again at each block that an upgraded node mined?
10:41:42gmaxwell:michagogo|cloud: yes, creating single height forks which wouldn't continue (far) if they were in the minority, and would stop if they restarted, and would stop if they switched to the latest build. and since they were already running the latest code, there is a prior probablity that they're likely to upgrade.
10:45:54michagogo|cloud:gmaxwell: Sure, but it wouldn't just be a single block, it would be a bunch of 1-deep forks, and I think "oh, I stopped getting doges for my mining" would have lead to it being noticed
10:50:31gmaxwell:michagogo|cloud: I think you're splicing two discussion now.
10:50:41gmaxwell:not being noticed was a comment on the bitcoin pre-0.8 vs 0.8 hardfork
10:50:47michagogo|cloud:oh
10:50:47gmaxwell:which wouldn't have likely retriggered.
10:50:52michagogo|cloud:...right, sorry
10:51:01michagogo|cloud:* michagogo|cloud rereads
10:51:22michagogo|cloud:* michagogo|cloud goes back into his corner
11:08:09nsh_:nsh_ is now known as nsh
12:47:50adam3us:i liked jtimon's use of the word scamcoin to cover param-tweaks. i do think we need a clear tone setting term for param-tweaks vs actual alts, the scam coins are unduly dirtying even the concept of alts; alts with actual innovation could be useful things; as we've discussed btc pegged side-chains are good for some types of things, but actualy experiments in proof of work, economics may not be possible fit into that model
12:49:09brisque:adam3us: what do you call things like Primecoin and NXT? they're not parameter tweaks, but still not sane things to be promoting. as soon as you create differentiation you end up encouraging one over the other.
12:49:15adam3us:(and btc pegged side-chains have some technical and game-theory open questions, though its' an idea I find interesting and perhaps of great value to bitcoin ecosystem so eg we can run bitcoin 0.x and bitcoin 1.x in parallel, or competing bitcoin 1a.x and bitcoin 1b.x
12:50:54adam3us:brisque: yes i do wonder about that. as i said on a private chat prime coin is pretty close to another scam coin. the paper talking about the scientific method is not credible. it doesnt benefit the world to search for pairs of mid-sized priimes any more thn searching for hashcash stamps for the bitcoin stamp-collection
12:51:43sipa:i also believe not all "silly" altcoins are intended as scams
12:51:49brisque:I'd have to check, but I'm sceptical that their prime searching thing is reliable as a hash too.
12:52:40adam3us:you know i think momentum PoW might actual have some utility, the paper describing it is undefined/ambiguous on most of the critical issues; but i think reverse engineering it it might actually be an interestingly step towards a memory hard pow that doesnt require memory to verify (despite failing multiple other features he set himself)
12:53:27brisque:sipa: it might not be intended that way, but anybody looking at the Alternate Cryptocurrencies subforum should certainly be able to work out what's going on.
12:53:32adam3us:sipa: yeah scam might be the wrong word. i just think we owe like jtimon & maaku credit for having a non scamcoin, and just ranting against alts unfairly taints their freicoin economic experiement
12:54:48sipa:there are really many cases
12:55:12sipa:of coutse, a ton of silly alts (just tweaking some parameters)
12:55:14adam3us:brisque: there can be a difference between ooh make-money-fast, missed the bitcoin bubble, maybe i too can get some small early-adopter mining/premine mentality which isnt exactly a scam (otehr than egregious premine) but an attempt to get rich now that the proof has been given over 3 years of high uncertaint with bitcoin bootstrap that crypto currencies can bootstrap
12:55:32sipa:there are some that try to address a different problem (namecoin, datacoin)
12:56:01sipa:some are failed experiments on their own (litecoin as gpu-resistant pow perhaps)
12:56:17sipa:ppcoin was interesting, but flawed imho
12:56:36adam3us:and it can be somewhat hard to untangle. like if coingen succeeds in squelching param tweak,s maybe the people who can use a compiler enough to not need a hosted compiler will then just try harder to make a story
12:56:48brisque:adam3us: yes, but that said you don't want to be promoting NXT. it isn't a parameter swap but it's ridiculously insecure.
12:56:53adam3us:sipa: that probably becomes the new min-bar for "innovation"
12:57:10adam3us:brisque: very true.
12:57:37sipa:i've long been thinking about creating my own altcoin
12:57:45adam3us:see we have like "moron coins" and "good coder but crypto/distrbitued system incompetent" coins and usually a lot of greed and a bit of scam mixed in
12:57:50sipa:to fix all things that are wtong in bitcoin :)
12:58:03sipa:but time...
12:58:10adam3us:sipa: yep, everyone thinks about it, i thought about it also
12:58:13brisque:I take the primecoin comment back, it seems to be semi-sane but the "work" it's producing is just as useless as anything else.
12:58:21sipa:yeah
12:58:55adam3us:brisque: no there is something wrong with primecoin, algorithmically; its not exactly progress free and the probability distribution is slightly wrong i think
12:58:57sipa:adam3us: i'd probably implement most of it from scratch, though
12:59:42brisque:adam3us: on my first read I thought the work was based on a 32bit hash, but it's not. I haven't looked any further than that.
13:00:09brisque:sipa: why wouldn't you? there's lots of little niggles in Bitcoin that could be fixed with a complete rewrite.
13:00:41adam3us:sipa: yes that is actually what got me to thinking about 1-way pegged side-chain and i presume BlueMatt/gmaxwell about 2-way peg was that it makes more sense to respect the initial bootstrap as a one-off event, the it becomes possible to do significant innovation, overhauls, re-writes without having the barrier to actual adoption of a new digital scarcity
13:01:38sipa:brisque: not following, i'm saying i prefer to total rewrite over patching
13:01:48brisque:sipa: I'm agreeing with you.
13:01:52sipa:ok
13:02:24adam3us:the only other people i saw who even tried to tone down the "make money fast" motivation (which is actually a smart thing to tone down for adoption) were jtimon & maaku, there was like a charitable donation, and a temporary but modest (i think?) development fund, plus the new economic bit about demurrage
13:03:01sipa:maybe ironically, i just don't care about economics much
13:03:04adam3us:sipa: yeah the thing that i find awesome about 1-way or 2-way pegged side-chain (if we can figure out the details) is that it fully allows major feature experiments, securely
13:03:20sipa:adam3us: link?
13:04:09adam3us:ohh i am not sure there was a 1-way peg write up on bitcoin-dev, one sec for link; 2-way was a thread on here, been meaning to update the email thread with that discussion
13:04:45sipa:one way pegging through burning bitcoins to create coins in another system seems simple enough
13:04:55sipa:being able to go back... i don't see how
13:05:42adam3us:https://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg02945.html
13:05:46adam3us:thats the 1-way
13:06:48adam3us:sipa: so the 2-way works if you make changes to bitcoin 0.9x to honor transfers back. but only once for previous transfers out. in that way the security is limited to damange ONLY the current holders of transferred out bitcoins (if security issues appear on bitcoin 1a.x)
13:07:52brisque:adam3us: so you would have coinbase TXs without a block, sorta?
13:08:34sipa:i don't understand
13:08:52sipa:you send a coin to a dead address to instantiate it in betacoin
13:09:02sipa:how do you turn it back into a bitcoin coin?
13:14:43adam3us:sipa: sorry about that free airport wifi expired… onto the next laptop
13:15:24adam3us:sipa: the reason i thought 1-way peg is interesting is i was frustrated about adoption rate of simple (but soft/hard-forking) clear improvements to bitcoin (of which i think there are many)
13:15:59adam3us:sipa: so i though 1-way peg servers as a security insulator and doesnt require bitcoin 0.9x changes (which was the bottleneck i was trying to think of a way to unblock)
13:16:41sipa:i'm not following what you're talking about now
13:17:39adam3us:brisque: "coinbase tx without a block" no the pegged side-chain would have no reward mining (that would be done via transfer/destruction on bitcoin main) but it would have tx reward (denominated in btc)
13:18:11adam3us:sipa: did u skim the url about bitcoin-staging? which bit of the above?
13:18:24sipa:adam3us: sorry, your mails are too long :)
13:18:44adam3us:sipa: yeah i tend to write tldr stuff oops.
13:19:29adam3us:sipa: so i guess we agree that there are a number of things that could be simply fixed, but arent worth the security/value risk of soft/hard forks, and interesting features to enable
13:20:15sipa:it depends whether it's about things that could reasonably once be enabled in bitcoin itself
13:20:17adam3us:sipa: (eg enable some more scripting, or change it so the value is signed - which bites trezor & offline armory)
13:20:25sipa:yeah
13:20:33sipa:that stuff is fine
13:21:26sipa:but things like utxo-walking pow, or transactions committing to a particular chain, or tx fees that are spread over multiple blocks
13:21:38sipa:i doubt those can be considered "bitcoin"
13:21:58adam3us:sipa: so its not exclusive right, there can be a bitcoin 1a.x bitcoin 1b.x etc which are competing pegged side-chains … if maaku & jtimon want to go implement the freimarket script extensions on one thats cool. another one can focus on shorter term fixes like the above. maybe bitcoin might merge some of them later or switch over bitcoin to 1c.x if users demand it and move everything to 2.x
13:23:19adam3us:sipa: well i think the interesting thing to preserve if people are genuine about wanting to move the tech forward is the digital scarcity definition. eg one can preserve bitcoin 0.9x as the only reward miner, that way it respects the 21 mil coin limit, and people can innovate on an existing currency base (which i do not think its reasonable to attempt to restart)
13:23:51sipa:i don't want 1-way pegging, as it means you have to burn (valuable) bitcoin to obtain a potentially worthless successor coin
13:24:05sipa:if you kbow a way to do actual two way pegging, i like to hear it
13:24:09adam3us:sipa: so whether its a rewrite or just enabling queued simple/nice things or some script/market experiment… that can all be done on competing pegged side-chains. they can interoperate if you can move coins back (via main)
13:25:18sipa:(in a way that doesn't force the side chain to be very compatible with bitcoin, as that would limit the degree of innovation there)
13:25:18adam3us:sipa: i think the main limitation is you have to enforce security so that security/value bugs in the side-chains can not leak back into bitcoin main. for more adventurous things (utxo walking pow)) you'd probably have to make do with a 1-way peg
13:25:36sipa:right, of course
13:26:08adam3us:sipa: yes. 2-way peg is far nicer as nothing is destroyed, just moved. just pointing out the limits with 2-way tieing back to the more adventurous changes that cant easily say preserve a security/value firewall because the value definition is too redefined
13:26:21sipa:right
13:27:26sipa:there is of course the centralized approach using an exodus address which has an actual private key known to some people
13:27:35sipa:but that already smells way too scammy
13:28:27brisque:smells like mastercoin to me.
13:28:31adam3us:sipa: so gmaxwell & BlueMatt were exploring using SPV security from the merge mined 1:1 pegged side-chain (with a long conf time like 100blocks) . even that is pretty complex. i guess we'd have to explore that first before figuring out if you can go further and two-way peg something with quite different value semantics
13:30:41adam3us:sipa: maybe you can do something, the main point being that nothign must be possible to move back from the side-chain twice. ie it must be tied back to the demonstrable ownership (in SPV model say) of a previous bitcoin that was destroyed, and then allowed (once) to be recreated (though the cycle could repeat, it must be allowed once in each cycle)
13:31:01gmaxwell:the key observation in that discussion that I came to was that it doesn't really matter if the value transfer mechenism is very slow (e.g. taking many blocks), because you could just do regular atomic coinswaps so long as the liquidity on each side was reasonably balanced, you only need the direct chain moves to move funds without a counterparty.
13:32:00adam3us:gmaxwell: yes i agree with that. its the expectation of later fairly certain settlment, market can do the rest (pay day loan for the impatient)
13:33:10adam3us:gmaxwell: sipa was wondering if more esoteric/bigger value definition/ownership changes could be two-way pegged "sipa: if you kbow a way to do actual two way pegging, i like to hear it
13:33:11adam3us:(in a way that doesn't force the side chain to be very compatible with bitcoin, as that would limit the degree of innovation there)"
13:34:32adam3us:sipa: even if it were not (significantly) possible, just a two-way peg could allow quite a lot of new parallel development flexibility and innovation on existing value base. that alone is a big project.
13:35:08brisque:if a two way peg were possible namecoin would be a lot more interesting.
13:36:44gmaxwell:brisque: no thats not possible.
13:36:54sipa:souns like that requires every utxo in the beta currency to be backed by a bitcoin utxo
13:36:55gmaxwell:namecoin already exist.
13:36:56adam3us:sipa: (another change would be like the tagging of additional meanings directly on the side chain rather than coloring; freimarkets proposes tagging, and its better than coloring as coloring is i think inherently SPV incompatible, and tends to spam the bitcoin network)
13:37:18gmaxwell:sipa: not quite, perhaps someone should go extract that conversation from logs.
13:37:25brisque:gmaxwell: well yes, unfortunately.
13:38:02brisque:gmaxwell: not sure anybody would argue that the project isn't stale though.
13:38:17sipa:well if you can create a bitcoin output script that requires a proof of transfer through betacoin and back... ok
13:38:24gmaxwell:sipa: in any case, basically you add a softforking change to bitcoin that lets you write txouts which can be spent according to terms that come with SPV-like proofs from the other chain.
13:38:28gmaxwell:right.
13:38:56sipa:but SPV proofs cannot prevent double spending
13:39:36sipa:and it is limiting in the sense that it requires encoding some basic form of betacoin's transfer rules in bitcoin
13:39:43gmaxwell:no no,
13:40:05adam3us:for my part i think 1-way (and more practically 2-way) pegged side-chain is the best new bitcoin idea of 2013. i hope its possible.
13:41:48gmaxwell:sipa: the script is a proof "Betacoin say 2 btc can come back to bitcoin to scriptpubkey 1234 + a bunch of betacoin headers". I'd also come up with an idea that required the txout scriptpubkey in such a transaction could be such that it had a minimum time it could be spent from, and before that the transfer canceled with a longer chain of headers.
13:42:27gmaxwell:so then bitcoin is totally blind to betacoin's rules, except for how betacoin headers works, how how betacoin communicates moves back to bitcoin.
13:42:58gmaxwell:from the betacoin side the transfer from bitcoin could be similar or betacoin could watch the bitcoin chain, the latter is probably better.
13:43:53gmaxwell:if the whole transfer is slow and cumbersome and requires a 8 kbyte transaction it doesn't really matter, since if you have two parties you can just to an atomic coin swap.
13:44:16gmaxwell:the cross chain teleports are only needed to balance liquidity.
13:44:59gmaxwell:(so if there are more coins wanted on the betacoin chain than exist there there is a way to satisify the demand)
13:45:58gmaxwell:also means that if you can fake out the teleport method e.g. with a huge betacoin reorg, you can make betacoin fractional reserve, but you never inflate bitcoin.
13:47:41gmaxwell:presumably this could be stronger in practice than in theory because if bitcoin miners were all betacoin miners they could generally refuse to mine suspect betacoin proofs, or themselves be prompt about providing contradiction-proofs that aborted the trasnfer in a soft-security fashion.
13:48:33gmaxwell:"no no, there is a compeating betacoin fork as good/better than this one, abort this transfer until someone can show an even better betacoin proof"
13:49:36adam3us:sipa: the 1-way peg also could consider a longer term version of the market providing liquidity based on later settlement, eg if the network bootstraps to become credible, or if multiple sensible people and orgs make an approximate indication that they plan to switch over with in 18-mo - 2yrs to a hyopthetical sipa-led rewrite
13:50:07adam3us:sipa: as after the switch over the rest of the bitcoins are moved over to the new network and the liquidity providers can earn the arbitrage profit they were aiming for
13:50:29adam3us:sipa: (wrote about somewhere on the tldr 1-way peg thread)
13:51:27adam3us:(what a choice… pay gbp 5 to extend free airport wifi or type a password into a *windows* machine. yup i paid)
13:51:35gmaxwell:plus imagine all the great drama we'll get in two way pegs. people creating altcoins that can two-way-peg with bitcoin (because why not make the facility completely generic so anyone can hook up a new chain to it?) just with the intention of leaving it insecure so they can steal all the coins that move over.
13:52:02gmaxwell:LHR 45 minute wifi is robbery.
13:52:15brisque:adam3us: just spoof your MAC.
13:52:25adam3us:gmaxwell: i could tumble the mac i guess, but too late
13:53:05adam3us:gmaxwell: i was thinking really should ptu a script to tumble th emac on network connect anyway - privacy principle. probably nsa is tracking mac s somewhere in utah
13:54:14brisque:adam3us: changing your MAC doesn't stop that, you can just look for wifi cards announcing what networks they're looking for and then compare that to the google skyhook database to find their home address.
13:54:18adam3us:gmaxwell: also it a rather nice argument against scamcoins (still need a better word to describe param-tweak/get-rich-quick from genuine innovation) … and why did you start a new digital scarcity race? we were discussing that above in relation to coingen.
13:55:08adam3us:gmaxwell: and it seems likely the min-bar will just go up slightly to things like primecoin, or other artificial uninteresting or stupid changes that are just above the param-tweak and come with a semi-plausible to novice argument and white paper. (Like NXT … that is nuts)
13:55:25brisque:adam3us: out of my own curiosity I set up a wifi dongle looking out onto the street that did something like that. incredibly effective when people walk around with phones in their pockets.
13:56:27adam3us:brisque: i think bitcoin has a problem. once a competent grey-hate gets too tempted the base band phone p0wning will harvest $ms of coins in automated attacks. we need hardware fast.
13:57:07adam3us:someone who shall remain nameless to protect their own stupidity showed me a phone with 500btc on it ('doh!)
13:57:45adam3us:(an otherwise i guess reasonably competent CS degree programmer type of person)
13:58:02brisque:adam3us: I was more talking about privacy violations by phones announcing people's home addresses every few seconds. I'd really like to see sensible hardware too though, the Trezor looks quite nice.
13:59:32brisque:adam3us: I personally predict a piece of commodity hardware will be hacked to create a secure but cheap USB based wallet. there's quite a number of children's toys that have been turned into RF analysers and other tools.
13:59:35adam3us:brisque: not sure if 2014 will be the year, but a year RSN we will surely see baseband and targetted DSL IP# hacks from bitcoin big change identified IP# from bitcoin users who dont use tor to spend from large coins; the only hope is air-gaps IMO, or TPM (arm trustzone, intel TPM etc)
14:00:02gmaxwell:adam3us: someone with a typo squat on a popular bitcoin service domain and a java exploit for IE that I was seeing get investigated recently had stolen several hundred btcs in a few days time.
14:00:26gmaxwell:so the bar is still pretty low
14:01:09brisque:adam3us: doesn't really have to be a specifically designed hardware. anything would do. I saw photos of a childrens toy that would make an excellent Trezor type device with a lot more features (full keyboard) than the real thing.
14:01:17adam3us:gmaxwell: the stupidity factor never ceases to amaze. its scarcy that people are not being hacked way more.
14:01:36brisque:adam3us: there's some constraints, but the hardware doesn't have to be complex. you don't even need to have a hardware RNG on board.
14:02:26adam3us:brisque: you said about wifi network advertising networks it wants. it works that way? no waiting for announce, requesting ssid ? the client broadcasts all the wifi ssid it knows??
14:03:07brisque:adam3us: a wifi client announces sequentially every wifi network it knows, every 10 seconds it ruins "hidden" SSID by sending out the name and MAC of the routers it knows.
14:03:32adam3us:sipa: so are you getting the 2-way peg bug yet? ;)
14:03:51sipa:adam3us: let's call them "silly alts", "delusional alts" and "flawed alts" :)
14:03:54brisque:adam3us: this is the childrens toy I was talking about. you could certainly port a hardware wallet to this. http://d4c027c89b30561298bd-484902fe60e1615dc83faa972a248000.r12.cf3.rackcdn.com/imagepicker/4494/thumbs/IM.jpg
14:04:16adam3us:brisque: on noes! i guess the mac-tumbler script i need to write needs to flush the ssid cache also
14:05:03adam3us:brisque: i like the QR code as optical isolation connection that "visual btc" setup
14:05:51adam3us:brisque: of course it helps if the value could be signed so the input tx history doesnt need to be sent to work around that bug
14:06:21brisque:the IM-me is missing a camera so a QR code is out of the question. the sticking point is that you can't use sound because of the must-see-every-input issue of transactions.
14:06:51brisque:a device like this with more IO (a camera mainly) would be able to replace trezor with cheap commodity hardware.
14:07:48brisque:if the must-see-every-input bug was fixed in 0.9, you could almost push a TX via sound, it's just too heavy as it stands.
14:07:59adam3us:sipa: i guess someone could do a zoo-ology catalog of them. the variety of stupidity and greed in involved is hilarious. some of them even bootstrapped to semi-respectability by first-mover advantage. i think one test maybe zero real-transactions (non speculator), lack of clients, lack of any development, lack of any plan to obtain real-tx
14:09:25gmaxwell:people would never believe the zooology wasn't all made up
14:09:31adam3us:brisque: as i recall gmaxwell guestimated 2 years to fix the sig malleability bug; not sure what the guestimate would be on the no signed values bug. depressing. hence enthusiasm for 2-way peg. in the old thread on 2-way peg gmaxwell said (in relation to my question if this itself could get implemented given the other bugs) was that yes but this (2-way peg) is the one change to rule them all
14:10:04adam3us:gmaxwell: crypto-zoology :)
14:10:52gmaxwell:adam3us: also— why bother with baseband hacks and zero days, when you can just ask people to give you their money: https://bitcointalk.org/index.php?topic=393593.msg4274997#msg4274997
14:11:49gmaxwell:adam3us: yea, a two way pegging facility is fully general. I mean its a way you could completely replace the protocol in a totally consentual way, start up mergemined two-way-peg and move all the funds to the new chain over time.
14:11:50brisque:adam3us: if dogecoin can do a hard fork in 10 days, I'm sure gmaxwell can come up with some crypto-magic to get bitcoin's done in 20.
14:12:12gmaxwell:having a hard fork is not a problem, avoiding one is.
14:12:45gmaxwell:suggested two way peg stuff doesn't actually need a hardfork, might not even be any easier with one.. it's just new scriptpubkey features, at least if it stays at the quasi spv security level.
14:12:45adam3us:the other annoying thing about airport wifi is i have a pay as you go 3g sim with 3GB/month data allowance for gbp 2/day for UK on any day used, but the wretched thing never works, and i think i grabbed the wrong replacement sim when i was leaving.
14:13:20brisque:gmaxwell: that story is terrible.
14:16:12adam3us:is there anyway to get above SPV security i wonder in a sensible level of bitcoin main changes that doesnt just have both protocols in the client (or a link to a beta validator running in parallel)
14:17:12gmaxwell:well spv security can mean multiple things there is communicationless spv which is what you get when someone hands you a proof and you're happy, and normal spv when you can go out and seek more evidence.
14:17:21gmaxwell:I think we can get it the latter of those two.
14:17:26gmaxwell:More than that implies validating the rules
14:17:33gmaxwell:which implies embeding the rules in bitcoin
14:17:46gmaxwell:and all of the data needed to check the rules
14:18:04gmaxwell:and short of snarks or something, I think thats probably not realistic. (well and not realistic with snarks today regardless but maybe in a few years)
14:19:25adam3us:brb
14:28:24Guest41495:Guest41495 is now known as pigeons
14:30:06adam3us:gmaxwell: well say hypothetically a client that speaks both bitcoin v1 and bticoin v2 protocol with a pegged side-chain connecting them
14:31:22adam3us:gmaxwell: eg less of a general competition between 2a, 2b 2c etc side-chains but more the next version of bitcoin with fork requiring bug fixes on it, running in parallel with real-value transferred via the 1:1 peg by those who need the 2.x features, eg 1.x for value storage and 2.x for anything other than basic tx (say)
14:36:38adam3us:adding insult to injury this gbp 5/hr wifi is failing I think because of the web injection urls timing out. grr
15:21:35brisque:regarding hardware wallets.
15:22:14brisque:I was looking into various bits of hackable hardware, looking at the specs and everything. realised it's a little pointless when you can get a 6" laptop from Alibaba for 30 pounds or so.
15:23:19brisque:that's all you'd need for a super effective offline device really, and it's cheaper than the Trezor ever was.
15:25:47gmaxwell:brisque: but bulky.
15:26:07brisque:gmaxwell: one of these would work too http://en.qi-hardware.com/wiki/Ben_NanoNote
15:26:10gmaxwell:(also: thats why I didn't order a trezor)
15:26:15gmaxwell:yea, but stupidly expensive.
15:26:24gmaxwell:I actually looked at getting a nanonote for wallet use.
15:26:46gmaxwell:it's not true of trezor but in theory a hardware wallet could be tamper resistant too.
15:27:00gmaxwell:your cheap laptop will suck when the evil made pops the keyboard and adds a keylogger chip.
15:27:07gmaxwell:s/made/maid/
15:28:38brisque:that's why I was thinking of consumer hardware that can be hacked. the childrens toy I mentioned has almost everything you need, including a wireless pink USB dongle. the issue is that you have to open it to get to the serial ports to flash it. not something you can convince everybody to do. http://d4c027c89b30561298bd-484902fe60e1615dc83faa972a248000.r12.cf3.rackcdn.com/imagepicker/4494/thumbs/IM.jpg
15:29:05gmaxwell:wow neat
15:29:07gmaxwell:what cpu?
15:29:33brisque:that's the other sticking point, it's CPU is a little short on memory.
15:29:43gmaxwell:though wireless usb dongle may mean a rather large attack surface area.
15:30:31brisque:the low memory is ultimately what makes it useless sadly.
15:30:54brisque:works as a RF spectrum analyser though.
15:31:25gmaxwell:why would it make it useless as a signing device?
15:31:29gmaxwell:surely it has enough for that.
15:31:49brisque:http://www.ti.com/product/cc1110f32
15:32:06brisque:32kB flash, 4kb of RAM
15:32:59gmaxwell:could be used as a signer no problemo.
15:33:12gmaxwell:though uh, perhaps not with wireless.
15:34:19brisque:yeah. my thinking is that there's got to be another dirt cheap childrens toy with an LCD, keyboard and some decent IO that can be hacked into a deterministic wallet.
15:34:51gmaxwell:but, of course, that also makes it easier to tamper with
15:34:57brisque:camera for QR codes, or audio, or even USB pretending to be a HID would work perfectly for this.
15:35:10brisque:isn't the assumption that with a hardware token, your coins are compromised anyway?
15:35:51gmaxwell:hm?
15:36:07brisque:any KDF on an embedded device would make it useless, and no matter what you do the seed is going to be extracted.
15:36:30brisque:I've seen hardware that's meant to destroy keys before, it's not all it's cracked up to be.
15:36:36gmaxwell:nah, you can make successful extraction of the seed pretty hard and make it be destructive.
15:37:05gmaxwell:(be destrutive meaning an intruder couldn't tamper and put it back)
15:37:42gmaxwell:and yea, sure concerted 'offline' effort by an expert you can't be safe from, but certantly it's better if your curious teenager couldn't extract the keys easily.
15:38:00gmaxwell:not saying mandatory: trezor fails this too as I understand it, but it would be preferrable.
15:38:26brisque:there was a game console that did something like that. had a chip with the ROM, and a battery backed RAM chip with a secret key. on boot it XORed the two to get the executable. any screwup meant you lost the RAM chip and had to pay a pile of money for a new one.
15:39:21gmaxwell:yea there are all kinds of interesting things you can do, and then also embed the stuff in epoxy with embeded tripwires that cut power to the ram if cut.
15:40:14brisque:that's all doable, but that wasn't my aim with this concept. a dirt cheap hardware device holding a seed is preferable to a computer running windows and java.
15:40:54gmaxwell:fair enough. probably more interesting to reduce the interface exposure.
15:41:59brisque:QR codes would be ideal, then audio, then you're back to pretending to be a USB HID. are there any other "airgapped" ways of getting TX data to a device?
15:43:18gmaxwell:hid doesn't get you bidirecitional, does it?
15:43:41brisque:it does. the device can pretend to type, and the host can flash the caps lock key.
15:43:49gmaxwell:lol!
15:43:57gmaxwell:thats going to be rather slow
15:44:00brisque:doesn't the trezor pretend to be HID?
15:44:07gmaxwell:no clue
15:44:13gmaxwell:you need to transfer several kb.
15:44:23brisque:yes, the Trezor pretends to be HID too.
15:44:37gmaxwell:man the things you need to do to make windows happy
15:44:49gmaxwell:I would have just made it a usb serial device, but I guess those need drivers in window
15:44:51brisque:being driverless was probably the aim.
15:45:38brisque:10kB/s using the caps lock light..
15:46:12gmaxwell:crazy, still a bit slow
15:46:34gmaxwell:how about usb storage... plug unplug plug. :P
15:46:48gmaxwell:and sign and enter your pin on the device itself while unplugged.
15:46:55jgarzik:caps lock light - ha, creative!
15:47:17brisque:well for me wanting to hack something, that's probably going to let the host flash the device which is undesirable. I'm really just throwing ideas around.
15:47:20jgarzik:jumping airgaps is all the rage, these days. NSA or private community alike.
15:49:02brisque:doing it usefully is the issue though. I don't want to have to listen to my CPU buzz with a parabolic microphone to get Bitcoin TX data to an embedded device.
15:49:04gmaxwell:obviously why having a device with a minimized surface area matters.
15:49:41gmaxwell:* gmaxwell looks at gox and hurrays
15:50:28brisque:gmaxwell: I wanted a Ben NanoNote just to play with, doesn't look like anybody sells them anymore.
15:51:19brisque:by the looks of things, the easiest and cheapest airgap transmission is audio. if people hated dialup modems they're going to hate me screaching 200kB of previous outputs at them.
15:51:37gmaxwell:brisque: harder to setup bidirectional.
15:52:08gmaxwell:how about a usb device immitating a sound device?
15:52:41brisque:USB sound cards are cheap as chips, you can get one that works on any linux device for a few dollars.
15:52:54gmaxwell:and then you can easily just get 192kbit/sec in each direction using two bits per sample, and it would be completely inaudable if addressed to the wrong device.
15:52:57brisque:bonus, you can do transfer over audio to a phone.
15:54:08brisque:imitating a USB sound device would be doable though. matching a generic driver on the host would mean no attack surface.
15:54:43brisque:could also have audio output, then connecting to a cellphone would work.
15:55:10brisque:bonus mode, make adaptors so that transactions can be signed over phones, 56k style
15:57:26jgarzik:I continue to be stunned that mtgoxUSD receives the trading action that it does
18:33:07justonegy:hello
18:33:17justonegy:anywhere here who can help with ubuntu build?
18:33:50justonegy:or rather wants to..
18:39:46michagogo|cloud:justonegy: What about it?
18:39:58michagogo|cloud:(though this is most likely off-topic for this channel...)
18:40:17justonegy:I'm trying to build and its difficult to find information
18:40:20justonegy:EXCEPTION: N5boost12interprocess22interprocess_exceptionE
18:40:32sipa:#bitcoin or perhaps maybe #bitcoin-dev
18:41:01justonegy:checking for Berkeley DB C++ headers... default
19:06:56justonegy:no one want to help?
19:07:15justonegy:trying to fix this issue and there is just no information and the debug info is non existent
19:08:07sipa:please, not here
19:08:26jcorgan:#bitcoin-dev is better, and, you need to provide a bit more info
19:09:08justonegy:justonegy has left #bitcoin-wizards
19:19:21Sangheili:Sangheili is now known as Sangheili_afk
19:25:11midnightmagic:lol, one more reason why having a maid is crazy.
19:25:33midnightmagic:if yer in a house and can't vacuum your own floors, you're in the wrong damn house.
20:06:537CBAANUJO:7CBAANUJO is now known as kinlo
20:22:30mist:[Global Notice] Sorry about the network split noise, folk. Unfortunately, yet another bunch of idiots has decided to DOS us. Yes, very funny guys. I guess your mummy and daddy bought you a botnet for christmas. Anyway, hopefully they'll get bored soon, until then, sorry again for the network noise, and thanks to all our sponsors who generously provide the bandwidth that this idiots fill with garbage.
22:22:01EasyAt_:EasyAt_ is now known as EasyAt
23:37:40petertodd:1CounterpartyXXXXXXXXXXXXXXXUWLpVr <- crazy, 107BTC sacrificed for some "protocol for the creation and use of decentralised financial instruments such as asset exchanges, contracts for difference and dividend payments"
23:37:49petertodd:https://bitcointalk.org/index.php?topic=395761.0;all
23:38:43petertodd:hilariously the scheme seems to be using OP_RETURN "CNTRPRTY
23:39:50petertodd:though that's not very surprising when you consider the psychology of it: a standard address for the burn lets people easily see how much has been invested, fueling additional investment...
23:41:32nsh:* nsh blinks
23:42:41nsh:* nsh reads harder
23:43:23nsh:nope. can you explain in more simple terms, petertodd?
23:43:33nsh:* nsh looks at the thread
23:45:04petertodd:nsh: OGG CAVEMAN BURN TASTY MEAT IN FIRE BECAUSE NOG CAVEMAN SAID MUCH MORE MEAT IN FUTURE IF OGG BURN MEAT NOW
23:45:18petertodd:nsh: OGG STUPID CAVEMAN, NOG CAVEMAN HAVE NO PLAN FOR MORE MEAT
23:45:24nsh:right, i'm basically at that stage
23:45:39nsh:but the bit where it actually makes sense to someone (and how) is beyond me
23:46:14petertodd:nsh: well I'm basically saying the intelligence of the people who throw away six figures is similar to that of a caveman
23:46:25nsh:sure
23:46:42sipa:what does 'OGG' refer t?
23:46:44sipa:to?
23:47:03nsh:but pretending this guy is actually some satoshi-level genius. what are people gaining by burning these coins? stake in some future system
23:47:04nsh:but how?
23:47:05petertodd:sipa: ogg is a standard caveman name in western english culture
23:47:29petertodd:nsh: basically, by the definition of the system, much like mastercoin was done, only with (arguably) even less chance of future success
23:47:55sipa:at least it sounds less scammy, as the exodus address is an actual burn here...
23:48:34petertodd:sipa: indeed, OTOH that can also mean less chance of success, as who'se paying for development?
23:48:44sipa:agree
23:48:57nsh:you'd want to be really really confident of everything working out to actually boot-strap the thing with real sacrifice from early-adopters...
23:49:37petertodd:nsh: yup, in this case actually it doesn't look like the creator of the scheme has any ill-intent, more that the investment community around it are idiots and will jump to throw money at anything
23:50:12nsh:well, i suppose you can take an ecological view: at the worst, something nontrivial will have been tried and lessons can be learnt, and those people who threw money in probably could afford it
23:51:01nsh:(and everyone who has btc gets slightly richer from the deflation)
23:52:10petertodd:nsh: quite likely true, although I'm going to let someone else pay to learn those lessons for me :P
23:52:20nsh:* nsh smiles