| 00:03:00 | justanotheruser: | Hmm, it looks like mastercoin is planning on embedding listings in the blockchain... |
| 00:08:27 | maaku_: | justanotheruser1: listings? |
| 00:12:23 | phantomcircuit: | why cant people just do merged mining |
| 00:12:27 | phantomcircuit: | why oh why |
| 01:03:05 | qwertyoruiop_: | qwertyoruiop_ is now known as qwertyoruiop |
| 01:10:36 | Sangheil-: | Sangheil- is now known as Sangheili |
| 02:52:43 | ghtdak_: | ghtdak_ has left #bitcoin-wizards |
| 04:21:13 | HobGoblin: | HobGoblin is now known as Guest42572 |
| 07:03:10 | petertodd: | dammit, had a hilarious twitter convo with some paranoid nutbar - seem to have managed to convince him that I was part of the group of cryptographers that was satoshi, but we're all kinda embarassed that we can't code for shit and lost our wallet so none of us want to fess up. But then he deleted it all saying that twitter isn't secure... |
| 07:05:44 | petertodd: | |
| 07:29:30 | michagogo|cloud: | petertodd: heh, that's why you archive any good tweets |
| 07:39:05 | antephialtic: | petertodd: what are your current thoughts on the viability/usefulness of fidelity bonds? |
| 07:51:47 | petertodd: | antephialtic: I think using them correctly is a lot more difficult than people realize |
| 07:52:36 | petertodd: | antephialtic: gmaxwell was making a good point the other day too how it's easy for anti-spammer stuff to increase the ratio of spammers to good users by making things inconvenient, which makes one of the easier uses of them a lot less useful |
| 07:52:58 | antephialtic: | petertodd: I'm working on a site to make/rate/verify them in a user friendly way |
| 07:53:22 | petertodd: | antephialtic: what type of fidelity bond sacrifice method? |
| 07:53:37 | petertodd: | antephialtic: and rate for what type of application? |
| 07:53:51 | antephialtic: | current plan is an OP_RETURN script specified via the payment protocol |
| 07:54:39 | antephialtic: | right now it would be for say, arbitrators in an arbitration marketplace. The holder of one bond can sign a rating for another. The end goal is to make it useful for p2p applications. |
| 07:54:42 | petertodd: | good - I think my announce/commit sacrifice to mining fees was a bad idea |
| 07:55:01 | antephialtic: | announce/commit is nice, but it relies on locktime |
| 07:55:21 | petertodd: | be careful, gmaxwell makes a good point, it'd be easy to wind up jsut making it more convenient for scammers you know |
| 07:55:30 | petertodd: | locktime is supported by the current network you know |
| 07:55:56 | petertodd: | heck, I *did* do a real announce commit sacrifice a few months back |
| 07:56:12 | antephialtic: | ah, I thought it was in some kind of grey area where it wasn't guaranteed to stay enabled due to mempool ddos |
| 07:57:01 | petertodd: | yeah, they aren't accepted into the mempool until they can be mined, but that doesn't harm announce/commit in any meaningful way |
| 07:57:31 | antephialtic: | ok. probably going to stick with OP_RETURN for now due to simplicity, but I'm open to changing it. |
| 07:58:06 | petertodd: | see, the problem with sacrifice to fees is it enocurages mining centralization, because big miners can make sacrifices cheaper than anyone else, on average |
| 07:58:11 | petertodd: | so stick with op_return please! |
| 07:58:26 | antephialtic: | I also have some ideas for ratings. I was thinking about eventually doing some kind of trust score based on EigenTrust |
| 07:59:16 | Luke-Jr: | please don't. |
| 07:59:49 | antephialtic: | Luke-Jr: is that regarding EigenTrust or OP_RETURN? and can you explain |
| 07:59:49 | petertodd: | you know, I'd strongly suggest you implement all this for anti-spam first - that's an application that can handle a bit of bad actors |
| 07:59:56 | Luke-Jr: | sacrifice to OP_1 if you don't like fees. |
| 08:00:14 | petertodd: | Luke-Jr: announce/commit sacrifices require op_return you know |
| 08:00:21 | petertodd: | Luke-Jr: and sacrifice to op_1 is insecure |
| 08:01:27 | Luke-Jr: | fine, sacrifice to proof-of-redemption-in-a-later-block |
| 08:01:54 | petertodd: | Luke-Jr: which is what announce/commit does |
| 08:02:17 | petertodd: | Luke-Jr: but just bare anyone-can-spend will get spent in the same block once miners catch on, so it's unusable |
| 08:04:22 | petertodd: | antephialtic: and a word of advice: make the system also accept the P2SH encoding of OP_RETURN as a sacrifice to ensure no-one does anything stupid like disallowed op_return in the future... |
| 08:04:28 | petertodd: | *disallows |
| 08:05:39 | antephialtic: | thanks. I may have further questions at some point - I'll followup with you via email if thats alright with you. |
| 08:05:44 | petertodd: | antephialtic: sure |
| 08:06:48 | petertodd: | antephialtic: btw, a truly awesome project would be to make a p2p usenet/irc chat based on flood fill using fidelity bonds for spam control |
| 08:07:27 | antephialtic: | yeah. I have a lot of ideas about applications. mostly involving sybil resistant DHTs |
| 08:07:31 | Luke-Jr: | in the future? OP_RETURN was never allowed in the first place. |
| 08:07:49 | petertodd: | Luke-Jr: 0.9rc1... |
| 08:07:58 | Luke-Jr: | petertodd: developers don't get to make that decision. |
| 08:08:15 | antephialtic: | petertodd: but also, chaum banks and the like. |
| 08:08:16 | petertodd: | antephialtic: get that dirty word "DHT" out of your mind :P |
| 08:09:07 | petertodd: | antephialtic: I mean, quite seriously, you don't really need DHT's for any of this stuff, at least for the simple implementations, I'd keep it bitmessage-level simple at first |
| 08:09:15 | petertodd: | Luke-Jr: BTCGuild mines op_ret now |
| 08:09:34 | Luke-Jr: | petertodd: how neglegent of them |
| 08:10:05 | petertodd: | Luke-Jr: yeah, and that other big pool, with what, 13% hashing power? just aweful of them |
| 08:10:27 | antephialtic: | yeah. well it's going to be even simpler than that for now. This is going to be a CRUD app that allows people to create, view and rate bonds. |
| 08:11:18 | petertodd: | antephialtic: well... that's probably downright *dangerous* you know, because it gives people mistaken ideas about what the tech can actually do |
| 08:11:55 | petertodd: | antephialtic: having invented the damn things, my name is kinda associated with them, so please don't make the first real-app using them be a disaster :P |
| 08:12:58 | antephialtic: | I understand and respect that, which is why I'll be in touch via email once I make some progress. |
| 08:13:37 | petertodd: | antephialtic: I get that, but again, a generic rating app *is* a dangerous idea! |
| 08:14:57 | antephialtic: | well I was thinking that a rating is a signed message from a holder of bond A containing a value in the range [0, 10] and an optional message about a dealing with the holder of Bond B |
| 08:15:32 | petertodd: | I get that - it *will* be misunderstood by users and applied badly |
| 08:16:07 | petertodd: | e.g. how does a user know how many people are relying on the fidelity bond? are you sure the total value of fraud possible doesn't exceed the cost of the bond? how do you know? |
| 08:17:02 | petertodd: | those are really, really hard questions - something often missed by people is my fidelity-bonded chuam bank stuff actually does require proof-of-publication mechanisms to be secure - a "pure" version would weirdly look kinda like a blockchain |
| 08:17:40 | petertodd: | applied to human mediated transactions without all that careful engineering... people will get scammed |
| 08:18:08 | petertodd: | spam on the other hand... if some spam gets through, it's not a big deal, so the flaws are acceptable |
| 08:18:17 | antephialtic: | hmm. this requires further thought. In the mean time I will limit the app to creation and verifying that a bond exists. |
| 08:18:32 | petertodd: | right, but really, you don't need an app for that! |
| 08:19:10 | antephialtic: | for non-saavy users. And to provide a blockchain.info-like REST api for verification. |
| 08:19:37 | petertodd: | yes, and non-saavy users really shouldn't be using fidelity bonds for the forseeable future, for anything really |
| 08:20:31 | petertodd: | tl;dr: I invented a very seductive, elegant, footgun |
| 08:22:12 | antephialtic: | agreed, but I think its also a powerful idea that's being underutilized. |
| 08:22:40 | petertodd: | I dunno about you, but I tend to think powerful footguns deserve to be underutilized, at least until we invent better footware. |
| 08:25:12 | Luke-Jr: | just point it at someone else's foot. |
| 08:25:14 | Luke-Jr: | jk |
| 08:25:46 | antephialtic: | well, I guess I have some thinking to do. But yeah, I don't want to give scammers a tool to give themselves a false veneer of trustworthiness |
| 08:26:19 | petertodd: | antephialtic: indeed, meanwhile an anti-spam use of them would be fine |
| 08:26:29 | petertodd: | antephialtic: besides, you'd be a hero for making irc p2p :P |
| 08:47:20 | antephialtic: | petertodd: going back to the ratings issue for a moment. What if there was some kind of 3-way handshake. Say Bondholder A wants to transact with Bondholder B. A requests a transaction with B valued at X btc. If B approves it, his bond value is temporarily decremented on the site. At the end of the transaction, A gets to submit a rating, and the bond value is restored |
| 08:48:15 | antephialtic: | obviously this kind of system is reasonable to implement when done in a centralized manner |
| 08:49:02 | antephialtic: | and by transaction, I don't mean bitcoin transaction, I mean some kind of transaction feature on the app |
| 09:31:24 | _ingsoc: | _ingsoc is now known as Guest75676 |
| 09:48:16 | Guest75676: | Guest75676 is now known as _insoc |
| 11:31:52 | Guest42572: | Guest42572 is now known as UukGoblin |
| 11:47:35 | _ingsoc: | _ingsoc is now known as Guest58099 |
| 13:36:55 | _ingsoc: | _ingsoc is now known as Guest90992 |
| 14:37:57 | michagogo|cloud: | Footgun? |
| 14:38:04 | michagogo|cloud: | * michagogo|cloud hadn't heard that term before |
| 14:45:23 | _ingsoc: | _ingsoc is now known as Guest39713 |
| 15:54:27 | adam3us: | andytoshi: yes emailed djb about the private key bits. it seems like they could be optional so long as the execution time is fixed by starting montgomery adder at bit 254. the lsb are i think relating to multiply by 8 which could be oved to the verification relation. i think; it'd be good to get it from djb. btw i noticed someone on openpgp ietf list talking about making an EdDSA rfc. |
| 15:55:12 | adam3us: | maaku_: yes the blind sig with ec schnorr should work. if i got the above right should work on eddsa also. i dont think there is a way to get a blind sig from ecdsa. |
| 16:08:52 | sipa: | adam3us: do you know whether batch verification is possible with schnorr? |
| 16:13:46 | Guest70608: | Guest70608 is now known as firepacket |
| 16:46:52 | _ingsoc: | _ingsoc is now known as Guest44377 |
| 16:50:50 | jtimon: | http://blog.ethereum.org/2014/02/03/introducing-ethereum-script-2-0/ |
| 16:51:23 | jgarzik: | already posted here :) |
| 16:51:32 | jgarzik: | jtimon, they are learning some lessons |
| 16:51:39 | jgarzik: | note JMP changes, etc. |
| 16:52:00 | jgarzik: | v1 was chock full of algorithmic attacks (just like bitcoin!) |
| 16:52:14 | jtimon: | oh, sorry I must have been sleeping when posted |
| 17:06:11 | Guest44377: | Guest44377 is now known as _insoc |
| 18:40:41 | adam3us: | sipa: the eddsa page says http://ed25519.cr.yp.to/index.html 134000 cycles per signature in size 64 batches |
| 18:48:09 | andytoshi: | on page 10 of the ed25519 paper it describes the differences with schnorr: ed25519 uses double-size hashing (hashing the pubkey along with the ephemeral pubkey and message) instead of half-size hashing and no compression of the ephemeral pubkey |
| 18:48:40 | andytoshi: | my reading is that batch verification for regular schnorr should be possible with the same techniques |
| 18:50:03 | BlueMatt: | ok, anyone have the links to the ny bitcoin hearings? |
| 18:50:13 | BlueMatt: | * BlueMatt is on a deadline....need them like an hour ago |
| 18:53:40 | BlueMatt: | nevermind, found them somewhere |
| 18:54:11 | gmaxwell: | BlueMatt: http://www.totalwebcasting.com/view/?id=nysdfs |
| 18:54:27 | BlueMatt: | thanks |
| 19:08:23 | michagogo|cloud: | gmaxwell: Ah, they're available online too? |
| 19:08:43 | michagogo|cloud: | I just saw your captures |
| 19:09:49 | michagogo|cloud: | Wait, why am I seeing protobuf flash by in a tailf of build.log for boost? |
| 19:13:50 | michagogo|cloud: | 2dc3b04d0bb03e1ad0c18dfe1c5635aa6e3741a7a6173203554d8345cd5b5a95 bitcoin-deps-linux64-gitian-r3.zip |
| 19:16:09 | michagogo|cloud: | Oops, wrong channel |
| 19:56:53 | maaku: | maaku is now known as Guest86895 |
| 21:16:16 | petertodd: | michagogo|cloud: a footgun is a gun for your foot. usually guns are supposed to be for other things, but often we accidentally make guns that turn out to be best at blowing your foot off |
| 21:16:47 | petertodd: | michagogo|cloud: fidelity bonds is one such invention; lawn darts are another |
| 21:18:51 | michagogo|cloud: | petertodd: yes, I figured out what a footgun is |
| 21:18:59 | michagogo|cloud: | But as I mentioned, I'd never heard the phrase used |
| 21:19:46 | petertodd: | michagogo|cloud: hehe, don't mind me taking the opportunity to write some serious sillyness :P |
| 21:19:56 | petertodd: | I've heard gmaxwell use it mainly around here |
| 21:21:47 | TD: | most people use the more common abbrevation for it: c++ |
| 21:22:12 | petertodd: | also, unix |
| 21:22:30 | petertodd: | * petertodd double checks what window he's typing in |
| 21:22:33 | petertodd: | rm -rf / |
| 21:25:51 | michagogo|cloud: | petertodd: just add an extra space |
| 21:26:14 | michagogo|cloud: | (In a path) |
| 21:26:26 | michagogo|cloud: | Also, hopefully you're not root |
| 21:27:32 | petertodd: | michagogo|cloud: that's why single-user unix is a footbazooka |
| 21:29:47 | Guest86895: | Guest86895 is now known as maaku |
| 21:31:05 | helo: | a good backup procedure makes it kinda moot |
| 21:32:51 | petertodd: | TD: update those release notes. I'm going to give out the rewards later tonight and give the answers to those three questions. (still never got a good answer for #2 though :( ) |
| 21:33:16 | TD: | ok cool. |
| 21:33:34 | TD: | once you post about it i'll reply to the release notes with the full hash |
| 21:33:39 | petertodd: | and yeah, given no-one else has gotten it, first good answer for #2 from anyone wins :) |
| 21:33:42 | petertodd: | ha, sure |
| 21:34:47 | petertodd: | heck, 100mBTC if your answer comes with sourcecode to implement the attack; that'd be pretty cool to have lying around to show people. |
| 21:35:41 | petertodd: | (someone donated 75mBTC to cover the cost of the rewards last night) |
| 21:57:50 | midnightmagic: | michagogo|cloud: Here's a fun footgun quote that sticks with me a lot: http://www.stroustrup.com/bs_faq.html#really-say-that |
| 23:24:47 | jgarzik: | BitSat cubesat project update #1: http://www.reddit.com/r/Bitcoin/comments/1x4kvy/bitsat_bitcoin_cubesat_project_update_1_pdf/ |