00:03:00justanotheruser:Hmm, it looks like mastercoin is planning on embedding listings in the blockchain...
00:08:27maaku_:justanotheruser1: listings?
00:12:23phantomcircuit:why cant people just do merged mining
00:12:27phantomcircuit:why oh why
01:03:05qwertyoruiop_:qwertyoruiop_ is now known as qwertyoruiop
01:10:36Sangheil-:Sangheil- is now known as Sangheili
02:52:43ghtdak_:ghtdak_ has left #bitcoin-wizards
04:21:13HobGoblin:HobGoblin is now known as Guest42572
07:03:10petertodd:dammit, had a hilarious twitter convo with some paranoid nutbar - seem to have managed to convince him that I was part of the group of cryptographers that was satoshi, but we're all kinda embarassed that we can't code for shit and lost our wallet so none of us want to fess up. But then he deleted it all saying that twitter isn't secure...
07:29:30michagogo|cloud:petertodd: heh, that's why you archive any good tweets
07:39:05antephialtic:petertodd: what are your current thoughts on the viability/usefulness of fidelity bonds?
07:51:47petertodd:antephialtic: I think using them correctly is a lot more difficult than people realize
07:52:36petertodd:antephialtic: gmaxwell was making a good point the other day too how it's easy for anti-spammer stuff to increase the ratio of spammers to good users by making things inconvenient, which makes one of the easier uses of them a lot less useful
07:52:58antephialtic:petertodd: I'm working on a site to make/rate/verify them in a user friendly way
07:53:22petertodd:antephialtic: what type of fidelity bond sacrifice method?
07:53:37petertodd:antephialtic: and rate for what type of application?
07:53:51antephialtic:current plan is an OP_RETURN script specified via the payment protocol
07:54:39antephialtic:right now it would be for say, arbitrators in an arbitration marketplace. The holder of one bond can sign a rating for another. The end goal is to make it useful for p2p applications.
07:54:42petertodd:good - I think my announce/commit sacrifice to mining fees was a bad idea
07:55:01antephialtic:announce/commit is nice, but it relies on locktime
07:55:21petertodd:be careful, gmaxwell makes a good point, it'd be easy to wind up jsut making it more convenient for scammers you know
07:55:30petertodd:locktime is supported by the current network you know
07:55:56petertodd:heck, I *did* do a real announce commit sacrifice a few months back
07:56:12antephialtic:ah, I thought it was in some kind of grey area where it wasn't guaranteed to stay enabled due to mempool ddos
07:57:01petertodd:yeah, they aren't accepted into the mempool until they can be mined, but that doesn't harm announce/commit in any meaningful way
07:57:31antephialtic:ok. probably going to stick with OP_RETURN for now due to simplicity, but I'm open to changing it.
07:58:06petertodd:see, the problem with sacrifice to fees is it enocurages mining centralization, because big miners can make sacrifices cheaper than anyone else, on average
07:58:11petertodd:so stick with op_return please!
07:58:26antephialtic:I also have some ideas for ratings. I was thinking about eventually doing some kind of trust score based on EigenTrust
07:59:16Luke-Jr:please don't.
07:59:49antephialtic:Luke-Jr: is that regarding EigenTrust or OP_RETURN? and can you explain
07:59:49petertodd:you know, I'd strongly suggest you implement all this for anti-spam first - that's an application that can handle a bit of bad actors
07:59:56Luke-Jr:sacrifice to OP_1 if you don't like fees.
08:00:14petertodd:Luke-Jr: announce/commit sacrifices require op_return you know
08:00:21petertodd:Luke-Jr: and sacrifice to op_1 is insecure
08:01:27Luke-Jr:fine, sacrifice to proof-of-redemption-in-a-later-block
08:01:54petertodd:Luke-Jr: which is what announce/commit does
08:02:17petertodd:Luke-Jr: but just bare anyone-can-spend will get spent in the same block once miners catch on, so it's unusable
08:04:22petertodd:antephialtic: and a word of advice: make the system also accept the P2SH encoding of OP_RETURN as a sacrifice to ensure no-one does anything stupid like disallowed op_return in the future...
08:05:39antephialtic:thanks. I may have further questions at some point - I'll followup with you via email if thats alright with you.
08:05:44petertodd:antephialtic: sure
08:06:48petertodd:antephialtic: btw, a truly awesome project would be to make a p2p usenet/irc chat based on flood fill using fidelity bonds for spam control
08:07:27antephialtic:yeah. I have a lot of ideas about applications. mostly involving sybil resistant DHTs
08:07:31Luke-Jr:in the future? OP_RETURN was never allowed in the first place.
08:07:49petertodd:Luke-Jr: 0.9rc1...
08:07:58Luke-Jr:petertodd: developers don't get to make that decision.
08:08:15antephialtic:petertodd: but also, chaum banks and the like.
08:08:16petertodd:antephialtic: get that dirty word "DHT" out of your mind :P
08:09:07petertodd:antephialtic: I mean, quite seriously, you don't really need DHT's for any of this stuff, at least for the simple implementations, I'd keep it bitmessage-level simple at first
08:09:15petertodd:Luke-Jr: BTCGuild mines op_ret now
08:09:34Luke-Jr:petertodd: how neglegent of them
08:10:05petertodd:Luke-Jr: yeah, and that other big pool, with what, 13% hashing power? just aweful of them
08:10:27antephialtic:yeah. well it's going to be even simpler than that for now. This is going to be a CRUD app that allows people to create, view and rate bonds.
08:11:18petertodd:antephialtic: well... that's probably downright *dangerous* you know, because it gives people mistaken ideas about what the tech can actually do
08:11:55petertodd:antephialtic: having invented the damn things, my name is kinda associated with them, so please don't make the first real-app using them be a disaster :P
08:12:58antephialtic:I understand and respect that, which is why I'll be in touch via email once I make some progress.
08:13:37petertodd:antephialtic: I get that, but again, a generic rating app *is* a dangerous idea!
08:14:57antephialtic:well I was thinking that a rating is a signed message from a holder of bond A containing a value in the range [0, 10] and an optional message about a dealing with the holder of Bond B
08:15:32petertodd:I get that - it *will* be misunderstood by users and applied badly
08:16:07petertodd:e.g. how does a user know how many people are relying on the fidelity bond? are you sure the total value of fraud possible doesn't exceed the cost of the bond? how do you know?
08:17:02petertodd:those are really, really hard questions - something often missed by people is my fidelity-bonded chuam bank stuff actually does require proof-of-publication mechanisms to be secure - a "pure" version would weirdly look kinda like a blockchain
08:17:40petertodd:applied to human mediated transactions without all that careful engineering... people will get scammed
08:18:08petertodd:spam on the other hand... if some spam gets through, it's not a big deal, so the flaws are acceptable
08:18:17antephialtic:hmm. this requires further thought. In the mean time I will limit the app to creation and verifying that a bond exists.
08:18:32petertodd:right, but really, you don't need an app for that!
08:19:10antephialtic:for non-saavy users. And to provide a blockchain.info-like REST api for verification.
08:19:37petertodd:yes, and non-saavy users really shouldn't be using fidelity bonds for the forseeable future, for anything really
08:20:31petertodd:tl;dr: I invented a very seductive, elegant, footgun
08:22:12antephialtic:agreed, but I think its also a powerful idea that's being underutilized.
08:22:40petertodd:I dunno about you, but I tend to think powerful footguns deserve to be underutilized, at least until we invent better footware.
08:25:12Luke-Jr:just point it at someone else's foot.
08:25:46antephialtic:well, I guess I have some thinking to do. But yeah, I don't want to give scammers a tool to give themselves a false veneer of trustworthiness
08:26:19petertodd:antephialtic: indeed, meanwhile an anti-spam use of them would be fine
08:26:29petertodd:antephialtic: besides, you'd be a hero for making irc p2p :P
08:47:20antephialtic:petertodd: going back to the ratings issue for a moment. What if there was some kind of 3-way handshake. Say Bondholder A wants to transact with Bondholder B. A requests a transaction with B valued at X btc. If B approves it, his bond value is temporarily decremented on the site. At the end of the transaction, A gets to submit a rating, and the bond value is restored
08:48:15antephialtic:obviously this kind of system is reasonable to implement when done in a centralized manner
08:49:02antephialtic:and by transaction, I don't mean bitcoin transaction, I mean some kind of transaction feature on the app
09:31:24_ingsoc:_ingsoc is now known as Guest75676
09:48:16Guest75676:Guest75676 is now known as _insoc
11:31:52Guest42572:Guest42572 is now known as UukGoblin
11:47:35_ingsoc:_ingsoc is now known as Guest58099
13:36:55_ingsoc:_ingsoc is now known as Guest90992
14:38:04michagogo|cloud:* michagogo|cloud hadn't heard that term before
14:45:23_ingsoc:_ingsoc is now known as Guest39713
15:54:27adam3us:andytoshi: yes emailed djb about the private key bits. it seems like they could be optional so long as the execution time is fixed by starting montgomery adder at bit 254. the lsb are i think relating to multiply by 8 which could be oved to the verification relation. i think; it'd be good to get it from djb. btw i noticed someone on openpgp ietf list talking about making an EdDSA rfc.
15:55:12adam3us:maaku_: yes the blind sig with ec schnorr should work. if i got the above right should work on eddsa also. i dont think there is a way to get a blind sig from ecdsa.
16:08:52sipa:adam3us: do you know whether batch verification is possible with schnorr?
16:13:46Guest70608:Guest70608 is now known as firepacket
16:46:52_ingsoc:_ingsoc is now known as Guest44377
16:51:23jgarzik:already posted here :)
16:51:32jgarzik:jtimon, they are learning some lessons
16:51:39jgarzik:note JMP changes, etc.
16:52:00jgarzik:v1 was chock full of algorithmic attacks (just like bitcoin!)
16:52:14jtimon:oh, sorry I must have been sleeping when posted
17:06:11Guest44377:Guest44377 is now known as _insoc
18:40:41adam3us:sipa: the eddsa page says http://ed25519.cr.yp.to/index.html 134000 cycles per signature in size 64 batches
18:48:09andytoshi:on page 10 of the ed25519 paper it describes the differences with schnorr: ed25519 uses double-size hashing (hashing the pubkey along with the ephemeral pubkey and message) instead of half-size hashing and no compression of the ephemeral pubkey
18:48:40andytoshi:my reading is that batch verification for regular schnorr should be possible with the same techniques
18:50:03BlueMatt:ok, anyone have the links to the ny bitcoin hearings?
18:50:13BlueMatt:* BlueMatt is on a deadline....need them like an hour ago
18:53:40BlueMatt:nevermind, found them somewhere
18:54:11gmaxwell:BlueMatt: http://www.totalwebcasting.com/view/?id=nysdfs
19:08:23michagogo|cloud:gmaxwell: Ah, they're available online too?
19:08:43michagogo|cloud:I just saw your captures
19:09:49michagogo|cloud:Wait, why am I seeing protobuf flash by in a tailf of build.log for boost?
19:13:50michagogo|cloud:2dc3b04d0bb03e1ad0c18dfe1c5635aa6e3741a7a6173203554d8345cd5b5a95 bitcoin-deps-linux64-gitian-r3.zip
19:16:09michagogo|cloud:Oops, wrong channel
19:56:53maaku:maaku is now known as Guest86895
21:16:16petertodd:michagogo|cloud: a footgun is a gun for your foot. usually guns are supposed to be for other things, but often we accidentally make guns that turn out to be best at blowing your foot off
21:16:47petertodd:michagogo|cloud: fidelity bonds is one such invention; lawn darts are another
21:18:51michagogo|cloud:petertodd: yes, I figured out what a footgun is
21:18:59michagogo|cloud:But as I mentioned, I'd never heard the phrase used
21:19:46petertodd:michagogo|cloud: hehe, don't mind me taking the opportunity to write some serious sillyness :P
21:19:56petertodd:I've heard gmaxwell use it mainly around here
21:21:47TD:most people use the more common abbrevation for it: c++
21:22:12petertodd:also, unix
21:22:30petertodd:* petertodd double checks what window he's typing in
21:22:33petertodd:rm -rf /
21:25:51michagogo|cloud:petertodd: just add an extra space
21:26:14michagogo|cloud:(In a path)
21:26:26michagogo|cloud:Also, hopefully you're not root
21:27:32petertodd:michagogo|cloud: that's why single-user unix is a footbazooka
21:29:47Guest86895:Guest86895 is now known as maaku
21:31:05helo:a good backup procedure makes it kinda moot
21:32:51petertodd:TD: update those release notes. I'm going to give out the rewards later tonight and give the answers to those three questions. (still never got a good answer for #2 though :( )
21:33:16TD:ok cool.
21:33:34TD:once you post about it i'll reply to the release notes with the full hash
21:33:39petertodd:and yeah, given no-one else has gotten it, first good answer for #2 from anyone wins :)
21:33:42petertodd:ha, sure
21:34:47petertodd:heck, 100mBTC if your answer comes with sourcecode to implement the attack; that'd be pretty cool to have lying around to show people.
21:35:41petertodd:(someone donated 75mBTC to cover the cost of the rewards last night)
21:57:50midnightmagic:michagogo|cloud: Here's a fun footgun quote that sticks with me a lot: http://www.stroustrup.com/bs_faq.html#really-say-that
23:24:47jgarzik:BitSat cubesat project update #1: http://www.reddit.com/r/Bitcoin/comments/1x4kvy/bitsat_bitcoin_cubesat_project_update_1_pdf/