00:27:27qwertyoruiop_:qwertyoruiop_ is now known as qwertyoruiop
00:28:51maaku:andytoshi: can you explain?
00:44:27tt_away:andytoshi: are you asking if you can you solve the two general's problem in the same way Bitcoin does using zkps for total obfuscation of tx inputs/outputs and instead using miner verification of zkps?
00:45:03tt_away:because that's what the zerocash alpha is supposed to be doing in may i guess
00:46:32tt_away:Green presented on how the system is supposed to work here: https://www.youtube.com/watch?v=Uh6erfE9HYE
00:47:29tt_away:The only thing I don't totally understand about that is how the new accumulator works
00:47:50tt_away:(well, and all the SNARK black magic)
00:49:53HobGoblin:HobGoblin is now known as Guest36983
00:49:56tt_away:I wonder if he'll publish the paper around the same time as the implementation
00:51:36jarpiain:jarpiain is now known as Guest13025
00:51:56tt_away:It's scary to me too because it's implementing something so new to the cryptography field -- I guess we'll see whether it sinks or swims. Alt chains are a good field for testing the stability/security of signature schemes and hash functions.
00:52:53tt_away:I mean, we once thought SHA1 was pretty secure. :P
00:58:38kinlo_:kinlo_ is now known as kinlo
01:00:05OneFixt_:OneFixt_ is now known as OneFixt
01:54:09Fistful_1f_Coins:Fistful_1f_Coins is now known as Fistful_of_Coins
02:32:58hno`:hno` is now known as hno
03:05:35justanotheruser:justanotheruser is now known as just[dead]
03:38:24just[dead]:just[dead] is now known as justanotheruser
04:35:18justanotheruser:If I made a quantum computer and mined 2014 blocks and they all had the same timestamp, would difficulty be infinity (or as high as it can be)?
04:51:41Luke-Jr:justanotheruser: no, the blocks would be invalid
04:51:48Luke-Jr:at least the majority of them
05:09:04justanotheruser:Isn't the allowed timestamp of a block based on the average of previous blocks Luke-Jr
05:09:21Luke-Jr:justanotheruser: it's GREATER THAN, not GREATER-OR-EQUAL
05:09:37Luke-Jr:so, after like 6 blocks, you MUST increment
05:11:02tt_away:also diff increases are capped at 400%
05:11:08justanotheruser:Luke-Jr: I see.
05:11:31justanotheruser:tt_away: oh really? So that's why quantum computers would take forever to increase diff
05:11:46justanotheruser:at least to the point that it takes 2 weeks
05:11:50gmaxwell:4x still gives you quartic convergence.
05:12:02tt_away:quantum computers don't crack sha256 i thought too, but ecdsa, unless i'm mistaken
05:12:22gmaxwell:quantum computers don't crack anything at all yet.
05:12:41gmaxwell:Though if you had a sutably large one it could potentially be used in an adventagious manner for mining.
05:12:47gmaxwell:perhaps.
05:13:05gmaxwell:you'd have to compare the throughput slowness to the fact that it has to do sqrt() the amount of operations.
05:13:20tt_away:sha256 has a weakness solvable with shore's algorithm? or is it something else?
05:13:51gmaxwell:has nothing to do with shors algorithim.
05:13:56tt_away:shors sorry
05:14:21gmaxwell:In theory QC gives you a tightly bounded sqrt() speedup on _all_ non-linear search.
05:14:22tt_away:derp, yeah, that's rsa
05:14:33gmaxwell:(via grovers algorithim)
05:14:57tt_away:oh, neat.
05:15:14gmaxwell:though, it requires your function be implemented as a special grover-oracle, and converting your problem to that has polynomial overhead.
05:15:55gmaxwell:and of course any QC that comes into existance will likely be much slower (ops/sec, ops in parallel) than classical computers built using compariable technology and cost... so unclear that it would ever be interesting for mining.
05:53:12maaku:or anything
05:54:36gmaxwell:indeed.
05:55:36gmaxwell:I certantly hope they are. There are important problems that QCs would make far more tractable which would contribute materially to our species odds of long term survival.
07:07:32Guest13025:Guest13025 is now known as jarpiain
07:31:42area_:area_ is now known as area
10:00:19justanotheruser:justanotheruser is now known as just[dead]
10:05:48Guest36983:Guest36983 is now known as UukGoblin
14:28:03helo_:helo_ is now known as helo
14:44:13andytoshi:maaku, tt_away: my earlier question was, "how can the p2p network function securely for a snarkchain?" it's nice to get txes out of the blockchain but if they have to be broadcast in order that miners see them, then an adversary can still record every one.
14:48:34stonecoldpat:what is a snarkchain? out of interest
14:48:57stonecoldpat:as snarks reminds me half-life
14:50:44andytoshi:stonecoldpat: an alt in which blocks were zero-knowledge proofs of chainstate diffs, rather than giant lists of transactions that everybody has to evaluate and verify
14:51:36andytoshi:zk-snark == zero-knowledge succinct noninteractive argument for knowledge, that is an efficient zero-knowledge proof which can be written down
14:53:44gmaxwell:andytoshi: because you could give transactions just to a couple single miners.
14:53:53gmaxwell:they don't have to be broadcast.
14:54:39gmaxwell:you could even do something wacky like write 20 versions of a transaction, all conflicting each other, each paying to a different output. give each miner a different one.. you're happy so long as any one of them makes it in.
14:54:50gmaxwell:all miners but the successful one don't learn the input-output mapping.
14:58:30stonecoldpat:i suppose the miner becomes a trusted party then? he essentially obsecures the transfer and based on some proof of work - tells people about a change that cannot be linked ?
14:58:39andytoshi:stonecoldpat: no!
14:59:13andytoshi:gmaxwell: oh, that's clever. my original concern was that anyone can claim to be a miner -- but if every miner receives a different output mapping this does not help them at all
15:01:50gmaxwell:andytoshi: yea, thats why they pay me the big bucks. ... I still have no clue if it's really remotely pratical. It's interesting to consider.
15:03:09andytoshi:one 'practical' idea is to have a miner directory like tor's hidden-service directory, and connect to miners in the same way.
15:03:29andytoshi:but this (a) means the directory is a single point of failure and (b) is susceptible to sybil attacks
15:03:42jtimon:I guess you could have an hybrid system with both public and blinded txs, with fees buing paid with public funds so miners can see them
15:04:12andytoshi:perhaps the miners could put their HS address in their actual blocks instead, that wouldh solve both problems
15:04:44jtimon:well, this snark approach is different but that's what I had in mind for "blinded tx" proposals
15:05:21andytoshi:jtimon: ah, ok. with snarks i think the person mining the tx has to see it, period. (i could be wrong about this). then there is no problem since this person is the fee recipient
15:05:59jtimon:I think blinded -tx can be processed with snark too, no?
15:07:13jtimon:but, yes, if everything is snark, I guess miners can just pay the fees to themselves "explictly"
15:07:39andytoshi:i'm not sure exactly what you mean..you cannot blind the inputs because then nobody can verify your txes. and if you blind the outputs, you have to unblind them upon spending for the same reason
15:07:53andytoshi:so again your miner (at least) can see everything
15:08:36jtimon:adam3us calls them "committed transactions" I think, petertodd also posted an inputs-only chain proposal
15:09:13jtimon:but they didn't solved how miners got rewarded, that's why I thought an hybrid system is necessary
15:09:51jtimon:the outputs are transmitted off-chain directly between the parties involved
15:10:10andytoshi:ok, i see what you're sayng
15:10:12jtimon:and the chain only validates that the inputs are not repeated
15:10:41jtimon:adam had more complex approaches using crypto
15:11:37jtimon:another problem with that is the evergrowing set of spent inputs, which could "perish" after certain time
15:12:47jtimon:then you may need a mechanism to turn the blind coins back into public coins so that you can "restart" the blinded history
15:14:27jtimon:but I guess the main purpose of using snark is bandwidth and computing scalability rather than privacy
15:15:27andytoshi:yeah, gmaxwell had a neat high-level comment a while back about how you get privacy 'accidentally' by minimizing bandwidth
15:15:38gmaxwell:jtimon: this is mostly something different.
15:16:08gmaxwell:and yea, was mostly a thought expirement about the fundimental linkage between privacy and efficiency.
15:17:04jtimon:I see
15:17:15comboy_:comboy_ is now known as comboy
15:38:05pigeons_:pigeons_ is now known as pigeons
16:18:17andytoshi:a great easy-to-read article about program obfuscation: http://blog.cryptographyengineering.com/2014/02/cryptographic-obfuscation-and.html
16:40:01gmaxwell:andytoshi: indeed, a much better article than the wired one.
16:42:40andytoshi:the link i posted yesterday about punctured programs also has some cool applications of obfuscated programs. i'm still reading it..would be cool if there was some application there toward my public fhe problem
16:43:15andytoshi:also btw re ecdsa malleability, i can show that an adversary without a signing oracle (that is, he has access to only one sig) has no more 'simple' malleability. he needs to use all of (r, s, H(m)) in his malleability formula. also he can't leave r alone, he has to create a malleated sig (r', s') where r' != r --- but while learning nothing about his own k'
16:43:47andytoshi:this is far from the general result, but it makes me think that malleating ecdsa is probably impossible
16:44:39gmaxwell:I think I'd gotten as far before as showing r and s both had to change.
16:45:40sipa:5~that's not strong enough
16:46:07sipa:knowing that it would be impossible given only one signature would already be very interesting, i think
16:50:50andytoshi:what you can do against a single-sig malleator is give him a completely random (r,s). for any message H you can compute a public key for which this is a valid signature (though you don't get the private key ofc, and you can't make any more signatures with this key)
16:51:41andytoshi:i thought, maybe if i set r = X(g^k) i'd be able to trick the malleator into finding k and solving discrete log. but that doesn't seem to work
16:53:15andytoshi:the general problem here is that the owner of the private key can make as many malleated sigs as he wants, just by changing k. so any proof technique has to detect doing this without the privkey somehow. but ECDSA has no numbers which can be convincingly be replaced with random numbers so it's hard to express this lack of information
17:33:56gmaxwell:so people keep showing up in #bitcoin-dev saying that they want to build some thing that will handle people's money.
17:34:12gmaxwell:And then they ask really scarry questions which suggest that they are likely to lose all the aformentioned money.
17:34:50gmaxwell:If we respond to these people OH CRAP. DO NOT DO THIS! YOU ARE NOT PREPARED FOR THIS! ... won't that just make them stop asking?
17:36:11andytoshi:yeah, perhaps i can write a faq which gives correct answers which are designed to be completely overwhelming
17:36:34andytoshi:i worry that that would seem like we're condoning that behaviour, and ofc no faq can fix muddy thinking
17:38:53Luke-Jr:gmaxwell: more likely they ask someone less competent
17:39:09gmaxwell:right.
17:39:24gmaxwell:well worse, the kind of people who would even read the instructions are the half more likely to get things right.
17:39:30gmaxwell:So if the instructions say "go away!" ...
17:40:56gmaxwell:maybe there does need to be an EL5 explination about why this is much harder than most any other business you could be in... because mistakes are irreversable, because attackers actually exist (vs elsewhere where targeted attacks at 95% theory), because the legal liabilities are unclear, etc.
17:41:17gmaxwell:and then covers some best practices.
17:50:22justanotheruser:justanotheruser is now known as just[dead]
17:50:52sipa:that's the biggest lesson people need to learn from cryptocurrencies: handling real money requires a ton of measures, and it's one of the things banks have learned to do (pretty wel) for us
17:57:40gmaxwell:banks have an easier time. For example, two months ago coinbase double paid all their ACHs from a one or two day period.
17:57:48gmaxwell:Probably hundreds of thousands of dollars.
17:57:56gmaxwell:Two days latter.. poof gone, all fixed.
17:58:02gmaxwell:didn't even make a headline.
17:58:22gmaxwell:virtually everything banks do is reversible.
18:01:03sipa:at least they know (probably by learning the hard way) how to protect physically valuable things (gold, cash, ...) in vaults
18:01:39gmaxwell:Thats true.
18:07:53gmaxwell:andytoshi: I can't bare to read this, but you might want to http://imgur.com/a/DNeAI
18:08:15eristisk:I think protecting physical assets in meatspace is an incomparable profession to cybersecurity and preservation of purely digital assets.
18:08:54eristisk:More apt to bring up that modern banks are also protecting virtual USD and are already forced to be adept at cybersecurity.
18:12:42andytoshi:gmaxwell: omg "it can be potentially much easier to memorize than a random 256-bit number"
18:13:01gmaxwell:andytoshi: please, I don't want to know
18:13:44andytoshi:oh, sorry :) i'll say no more. except that whatever you fear, it's probably worse than that
18:14:51gmaxwell:It's always worse than you think, even when you take into account maxwells law.
18:30:42maaku:gmaxwell: did you see the top news item on HN?
18:31:49helo:such famous
18:32:03maaku:somehow your nick has become a household name it seems, at least among techy crowds
18:36:20helo:gmaxwell: awesome idea btw
18:40:13helo:where do we sign up to collectively boycott all bitcoin holding services that don't do this?
18:41:42gmaxwell:anyone have the log of that conversation up already?
18:41:49gmaxwell:that was ultimately from a conversation here.
18:42:11gmaxwell:petertodd: mind if I post the log from March 1st 2013?
18:42:42just[dead]:just[dead] is now known as justanotheruser
18:52:48Luke-Jr:helo: ?
18:56:30antephialtic:gmaxwell: you mean this (http://download.wpsoftware.net/bitcoin/wizards/2013/0%23bitcoin-wizards.log) starting from 20:13
19:12:37andytoshi:antephialtic: the article's content start and ends at 20:13 :P
20:01:27midnightmagic:gmaxwell: Hey man. The proof of non-insolvency doesn't work if MT knows someone with lots of coins, correct?
20:03:16midnightmagic:(or includes his personal coin stash in the totals)
20:33:55maaku:midnightmagic: that would be fraud
20:39:04helo:3rd party auditing would be pretty potent
20:42:46maaku:midnightmagic: by which I mean MT could lie about gox's balance sheet only by means of incontrovertible fraud/incompetence
20:43:53maaku:either case would be probably be suffient to pierce the corporate veil and take those funds through bankruptsy
20:56:49gmaxwell:midnightmagic: and then when the shit goes to court you go after those coins.
20:58:01gmaxwell:midnightmagic: nothing in that space can be air tight— they could prove they have the coins then send them all to a gambling site a moment later.
21:07:25Luke-Jr:maaku: would it be fraud, or would it make him liable for that moneys? ;)
21:08:42sipa:gmaxwell: which would make it mismanagement, rather than fraud
21:09:06maaku:Luke-Jr: it would be either criminal fraud or gross negligence, in either case it'd probably be sufficient to pierce the corporate veil, which would make him liable
21:09:15maaku:but, one big fat IANAL
21:10:57midnightmagic:gmaxwell: I was thinking about the things people are saying about your method and I'm worried that this "proof" word they keep throwing around is dangerous. "Hey where are my 10kbtc?" "Prove you had it!" "Okay screenshot!" "Wow I'm an uneducated user who's gambling with money I can't afford to lose and that's proof enough for me. I believe you, Sir!"
21:12:09gmaxwell:midnightmagic: But is that worse? Some of this is growing pains, we need to become more sophicated— if not every single adult, at least a critical mass that can sniff out problems and alert others.
21:12:33gmaxwell:If too often we shy away from improvements because they'll be misapplied we won't get a chance to learn.
21:13:14gmaxwell:I did a number of goxbtc buys two weeks ago and escrowed for a bunch more last week and people's security practices were uniformly awful.
21:13:39midnightmagic:No it's not worse at all.
21:13:44gmaxwell:E.g. almost no one waited for even a single confirm when they should have... they were surprised when I suggested they do so in the future.
21:14:16midnightmagic:But from MtGox's perspective, why should I supply a proof that people (trolls especially) can game?
21:14:38gmaxwell:A bunch of people wanted screenshots. I changed my balance to say "right click; inspect element; edit text".
21:15:04midnightmagic:lol
21:15:57poggy:haha gmaxwell
21:16:30gmaxwell:Well I don't care if MTGox does this, they already have enough problems— I think their competition should. Plus setting up this sort of thing encourages good hygiene. I would not be surprised if— if ubiquitiously deployed— this prevented a bunch of bad practies like sites going temporarily fractional. In fact, if it didn't uncover at least 10,000 BTC in fraud if ubiquitiously deployed I would eat my hat.
21:16:52midnightmagic:i get that mtgox in order to falsify stuff might perhaps have to guess who isn't going to actualy verify their balances, or find someone who has a big balance to join with his. I saw comboy advocating it on bitcoinity.
21:17:15poggy:gmaxwell presumably exchanges would just refuse to do it before publishing their fraud?
21:17:32gmaxwell:poggy: Which is why we shouldn't do business with ones who won't.
21:17:56poggy:sure, I just meant it might not actually expose anything
21:18:09gmaxwell:well I said ubiquitiously for a reason. :)
21:18:31gmaxwell:midnightmagic: of course, if mtgox did turn out to lose a lot of funds, a system like this would have detected it even when their own controls failed.
21:19:15gmaxwell:so basically having a system like this guarantees a minimum level of controls, and at least requires any misconduct to be outright criminal.
21:19:17midnightmagic:lots of cooperating users.
21:19:20poggy:It would mean exchanges would need more start up capital though
21:19:38midnightmagic:poggy: What? Why?
21:20:21gmaxwell:They shouldn't, unless you're cynically saying they're already engaging in fraud.
21:20:31midnightmagic:that's how i interpreted it too
21:20:38poggy:oh haha
21:20:39poggy:I guess
21:20:39gmaxwell:Besides, if they really did want to run fractional— this wouldn't prohibit that, it would just make them disclose it.
21:21:05poggy:Do the big exchanges explicitly say they don't run fractional?
21:21:19gmaxwell:MTGox's terms of service are very explicit about this.
21:21:26midnightmagic:There's no reason for them to.
21:21:32midnightmagic:Also it's evil.
21:21:41poggy:is it?
21:21:51poggy:if you haven't said you wouldn't?
21:22:05midnightmagic:Yes because finite supply.
21:22:30midnightmagic:Also user expectations. Bank runs on a non-bank, etc.
21:22:34Luke-Jr:midnightmagic: there is reason for them to, for the immoral masses who practice usury..
21:23:00midnightmagic:Luke-Jr: :-)
21:23:22Luke-Jr:if you practice usury, it makes sense to do fractional reserve as you loan out funds
21:23:34gmaxwell:In any case, I can't stomp out evil, but at least people should be explicit about it so a discussion could be had.
21:24:02sipa:i wonder whether a totally explicitly and transparently fractional exchange could work
21:24:24Luke-Jr:sipa: I don't see why not
21:24:26sipa:like, publish graphs of which percentage of coins they hold
21:24:45Luke-Jr:frankly, MtGox should have a ton of abandoned bitcoins that unidentifiable users deposited before the 2011 fiasco
21:25:17jrmithdobbs:i can't think of a reason it wouldn't ... other than the obvious one of self-interest preventing those who benefit from gaming the fractional mechanics from being found out
21:26:03poggy:wait gmaxwell were you buying into mtgox?
21:26:14poggy:(didn't catch that on first skim)
21:26:22maaku:"buying into"?
21:26:41poggy:buying mt gox bitcoins
21:28:46poggy:nvm I read back
21:29:14poggy:Unrelated: the other day you were talking about how the low power requirement of scrypt could be a weakness in certain circumstances (e.g. long term attacks). I was trying to remember if there was a way that it applied to blockchains as well. Is there?
21:33:01gmaxwell:poggy: I think the same argument probably applies.
21:33:38gmaxwell:hardware costs are amortized, power cost is not. amortization may benefit attackers.
21:34:15gmaxwell:also hardware designs for sha256 appear to be thermally limited, so lowering the power density may help achieve better hardware usage.
21:36:30gmaxwell:hard to say— requires careful analysis from a very low level to really know how these tradeoffs play out.
21:43:15poggy:thanks
21:54:59tt_away:tt_away is now known as tacotime_
21:55:44tacotime_:can you do P2SH with requirements for m of n signers && one of these signers is mandatory?
21:56:07Luke-Jr:tacotime_: yes
21:56:07sipa:with P2SH you can do anything
21:56:19sipa:whether the script you need for that is standard, is something else
21:56:45tacotime_:If it's non-standard, will the network still communicate this?
21:56:57sipa:no
21:57:04sipa:at least, most nodes won't
21:57:06tacotime_:Hm.
21:57:09sipa:but you can send it to a miner directly
21:57:13sipa:if they accept it
21:57:26tacotime_:Are there pools you can pay to do this?
21:58:35tacotime_:I'm not looking to mangle the blockchain, just to use it as an escrow with one member signing mandatory.
21:59:50gmaxwell:I'm pretty sure that eligius will mine these, or it would at least somewhat recently.
22:00:01gmaxwell:it could be enabled pretty easily.
22:00:12tacotime_:Okay, thanks.
22:00:51gmaxwell:There have been other people who wanted {A&&B} || ( (A||B) && 2-of-3 {C,D,E} ) which sounds kinda similar to what you want.
22:03:28tacotime_:Yeah. I'm trying to figure out how to safely protect people wanting to donate to development for my project and keep it help in the blockchain as escrow/bank. Ideally I want the blockchain as an escrow and m of n to spend, but I want the original donator to have to sign.
22:03:46tacotime_:So they can be assured that me and the other people on the project just can't run off with it.
22:04:30tacotime_:That seemed like the easiest way.
22:04:36gmaxwell:why not just do 2 of 2, you and the donor?
22:04:55rastapopuloto:rastapopuloto has left #bitcoin-wizards
22:05:08tacotime_:Well, that works in all cases except if I were to die and the rest of the people on the project wanted it to continue. Or if I lost the keys somehow.
22:05:15tacotime_:Just for fault tolerance, I guess.
22:05:30gmaxwell:tacotime_: so you can split up your private key N ways and give it to all the other project people.
22:05:49jrmithdobbs:so why not 2 of 2 with an out-of-band split of your share with the other project members?
22:05:49tacotime_:This is true.
22:06:05jrmithdobbs:still can't hit ^x fast enough to beat gmaxwell ;p
22:06:15gmaxwell:I used more words too.
22:06:34tacotime_:Right, yeah, I suppose that's functionally equivalent except when we want to require the input of multiple people.
22:06:50tacotime_:In that case we have only one member of my group required to spend.
22:06:51jrmithdobbs:no it's functionally equivilent in that case too
22:07:04tacotime_:Oh, right
22:07:15tacotime_:derp
22:07:30tacotime_:Yeah, and then I don't have to bother with non-standard scripts.
22:07:39gmaxwell:yea, or special signing software
22:07:41jrmithdobbs:anyone involved that should be able to single-handedly approve/sign just gets their own m shares, eg
22:17:50tacotime_:Alright, thanks guys :)
22:19:31petertodd:gmaxwell: go for it
22:35:45poggy:looks like this exchange idea is gaining traction
22:35:59sipa:which exchange idea?
22:36:39poggy:oh sorry the verifying funds one
22:38:32gmaxwell:poggy: where?
22:39:15poggy:r/bitcoin has a thread where a few people claim to have pestered some exchanges
22:40:28poggy:and https://bitcointalk.org/index.php?topic=22929.msg5286474#msg5286474
22:42:12poggy:(I didn't mean actual reaction from exchanges, sorry if that was unclear)
22:43:09petertodd:poggy: at the may conference I approached a bunch of exchanges/funds/etc. and they were all interested too, of course, they themselves never initiated any work along those lines...
22:44:14gmaxwell:if any of you want work implementing this stuff, I'll be happy to pass on recommendations if people come to me looking for implementation work.
22:46:01petertodd:gmaxwell: the last thing I need is yet more work, but worst comes to worst send them my way
22:55:36petertodd:hey, initial implementation: https://github.com/ConceptPending/proveit
22:55:52petertodd:slightly worrying they included emacs backup files in their repo though...
22:56:43tacotime_:yay python heh
22:57:29petertodd:tacotime_: why write up a pseudocode description of your algorithm when you can write python instead? :P
22:59:05tacotime_:I guess they're pretty close to the same thing, and more easily testable.
23:00:00petertodd:tacotime_: only thing python really needs is optional types, and crazy enough they've added initial support for that in the syntax, so now there are third-party type-checking metaclasses out there
23:00:21sipa:i hate python
23:00:43gmaxwell:The dirac specification contains pseudocode ... but the pseudocode is really python, and if you extract all the code and cat them togeater you get a working (but REALLY slow!) decoder.
23:01:03petertodd:gmaxwell: lol!
23:01:20petertodd:gmaxwell: they could have written it in cython so you would get a working and reasonably fast decoder...
23:01:21tacotime_:petertodd: I think types would help but there are still efficiency issues with the compiler
23:01:46tacotime_:Yeah, you pretty much have to hook c for anything you need to execute quickly
23:01:48petertodd:tacotime_: compiler? what compiler? :P
23:02:02gmaxwell:petertodd: a video decoder that isn't stuffed with SIMD is usually pretty much unusable..
23:02:04petertodd:tacotime_: look up cython - basically a python + types that can be compiled to c
23:02:05sipa:the other day i had a unit test for some python code, and it referred to a non-existing class (!!!) and all tests succeeded
23:02:10jtimon:wow, a lot of log to read, but sipa hates python? only likes C?
23:02:18sipa:i'll let you all guess what was wrong
23:02:34gmaxwell:Python is dirty.
23:02:35petertodd:gmaxwell: IIRC cython can do SIMD actually
23:03:17gmaxwell:I use it, it's slow, and it encourages you to write underspecified code that mostly works.
23:03:20jtimon:python is readable
23:03:22tacotime_:petertodd: that sounds useful. when you execute the program doesn't it run some kind of compiler? pyc files?
23:03:44petertodd:jtimon: yes, one of the most important things in a language
23:03:55sipa:too much freedom
23:04:05jtimon:I'm loving python more each day
23:04:10petertodd:jtimon: I have my usual story of a bug that could have killed someone caused by how C doesn't have indentation as syntax
23:04:12sipa:readable until you realize what this small piece of code you didn't check is doing
23:04:31tacotime_:yeah i used to use it for anything scripting when i was doing protein modeling stuff, then hook things that were slow to c.
23:04:34petertodd:sipa: meh, like I said, python needs to add types to solve that problem
23:04:34sipa:yes, python is readable at the syntax level, and very much so
23:04:50gmaxwell:sipa: was the non-existing class call in a try block that ate the error?
23:04:53petertodd:sipa: it's not perfect, but it's a good deal closer than any other language IMO
23:04:56sipa:gmaxwell: nope
23:05:08gmaxwell:the syntax is readable but that doesn't mean you understand what its actually doing.
23:05:14sipa:^- that
23:05:23sipa:gmaxwell: it's using a framework where all test classes are automatically unit tests
23:05:24jtimon:sipa: I think you're confusing with ruby, python rule "there should be only one best way of doing each thing" well, IIRC
23:06:02petertodd:gmaxwell: hence, add some types. programming in cython is an eye-opener that way
23:07:13tacotime_:* tacotime_ reads about the magic of the python interpreter
23:07:18jtimon:gmaxwell, not only the syntax, the whole language is designed to be able to write extreamly readable code
23:07:32sipa:... and then you have metaclasses
23:07:39gmaxwell:jtimon: readable does not mean understandable, not when the fine details count.
23:07:51petertodd:sipa: and metaclasses are the most readable implementation of magic that I've ever seen
23:08:05petertodd:sipa: (lisp, )
23:08:11sipa:or the ability to overwrite class methods
23:08:15gmaxwell:often fine details don't matter but when they do, they do.
23:08:40sipa:if python was statically typed, compiled, and didn't have these runtime overrides... i'd probably love it
23:08:53jtimon:gmaxwell: the programmer hhas a responsability to write readable code, python enables that, of course it doesn't guarantee it
23:09:24petertodd:sipa: exactly, you'd love cython, modulo the fact that it's main userbase is scientists doing numeric stuff so it's just not at the level of, say, C++ gcc
23:10:14jtimon:sipa that sounds like "if vanilla tasted like chocolate I would love it"
23:10:22sipa:jtimon: i know
23:10:34sipa:but i'm not disagreeing about the syntax being very readable
23:10:44gmaxwell:jtimon: its not hard to write a few lines of python with a computational complexity or memory complexity that basically _no one on earth_ could tell you at a glance what it is— not without careful though or profiling, using only built in features of the language.
23:10:56tacotime_:I'll have to read up on metaclasses, I remember seeing about them a while back but not really ever using them.
23:10:57gmaxwell:and without it being terribly obfscuated.
23:11:01petertodd:jtimon: well considering people are trying to promote the wonders of lutefisk in comparison vanilla and chocolate are pretty similar...
23:11:18zooko:
23:11:30sipa:gmaxwell: not really a useful argument, even though it's probably true
23:11:40sipa:gmaxwell: we're in any case talking about at least apparently readable code
23:11:42zooko:tacotime_: metaclasses are one of the things that I've used quite a bit, but will probably avoid using in the future.
23:11:42jtimon:not starting a project in python is always early optimization ;)
23:12:22andytoshi:everyone whining about python's lack of types should check out rust if they haven't already
23:12:26petertodd:jtimon: heh, I was just saying to amir in another channel that if your decentralized consensus system can't be implemented fast enough with python, assuming enough cheap boxen, it's not scalable enough :P
23:12:28tacotime_:zooko: why is that?
23:12:42andytoshi:i'm on sipa's side, but that's the only thing i'll add to this language war..
23:12:49zooko:tacotime_: it's because of that Kernighan quip about being clever. You know that one?
23:13:02tacotime_:No, how's it go?
23:13:04petertodd:andytoshi: gah, curly braces
23:13:08antephialtic:andytoshi: rust is really cool, but not ready for production (they haven't nailed down the standard library, syntax changes from release to release, etc)
23:13:19zooko:It is twice as hard to debug code as to write it.
23:13:23tacotime_:It looks like I've hacked on metaclasses before from the description by didn't know it
23:13:28zooko:So, if you write code as cleverly as you can, then you're not smart enough to debug it.
23:13:36tacotime_:Heh.
23:13:39petertodd:zooko: ten times harder if it's firmware and you don't have a debugger
23:13:40jtimon:petertodd, yeah, a consensus language shouldn't have to be as powerful as python is
23:13:57zooko:Ooh, you folks were talking about a *consensus* language ‽
23:13:58jtimon:shouldn't be
23:14:03sipa:zooko: not really
23:14:15zooko:I thought this was just Bullshit About Your Favorite Programming Languages Hour.
23:14:19petertodd:jtimon: no, I just mean you should have good enough basic algorithms that even a slow interpreted language is good enough
23:14:19gmaxwell:it was.
23:14:26sipa:zooko: which on itself should be a very good reason for avoiding features that complicate debugging, even if they simplify writing some things
23:14:42gmaxwell:though the things I don't like about python are many of the the same things that make it a poor tool in consensus.
23:14:47jtimon:rpython is compilable to C
23:15:42petertodd:gmaxwell: what exactly don't you like about python and consensus?
23:16:31gmaxwell:petertodd: that the exact behavior in all cases is difficult to discern. Perhaps its a lot better if you slather it with types, I've never used typed python.
23:16:55jtimon:gmaxwell, your argument about the language obscuring the complexity of your algorithm doesn't seem very solid, you should know it independtly of the language implementing it
23:17:03petertodd:gmaxwell: yeah, straight python is kinda scary there, typed however I think is a different matter
23:17:51petertodd:gmaxwell: excellent example is how python-bitcoinlib (currently) makes it easy to stick a floating point into a CTxOut.nValue, which fails later at serialization - I'm going to add some type checking to things like that once I decide the best way to do it
23:17:59jtimon:I love using a class as parameter without importing that class
23:18:09gmaxwell:jtimon: python operations often have hidden computational or (esp) memory complexity which is not obvious from the algorithim, even still where the language avoids copying in a bunch of places where doing so would be intutive and the lack of copying causes severe bugs for inexpirenced developers.
23:18:32gmaxwell:petertodd: or easily lets you seralize something that is entirely non-portable.
23:18:59jtimon:I think python causes LESS bugs, performance is another matter
23:19:17sipa:less bugs for simple things, harder to maintain larger things
23:19:28gmaxwell:something surprisingly using 10GB ram is no less a bug. :P
23:19:36jtimon:but in my experience you tend to need to optimize a little part of your whole program, not all of it
23:20:17petertodd:gmaxwell: python-bitcoinlib's serialization code does check that actually
23:20:23jtimon:gmaxwell if you "suprinsingly" use 10 GB ram you're clearly doing something wrong
23:21:00petertodd:gmaxwell: but I'm a rather odd python programmer potentially - the bulk of my experience using it has been for embedded systems development where python code was used to support crazy low-level c, asm, and even vhdl code
23:21:10jtimon:it's not python, it's maybe a missing "raise" in your code
23:21:20gmaxwell:jtimon: it's not too hard to do things in python which break the GC. or things which cause copying behind the scenes...
23:21:53sipa:gmaxwell: well, copying behind the scenes is pretty common in C++ too
23:22:10jtimon:more work than needed behinf the scenes is a cost you can cleanup later
23:22:12gmaxwell:sipa: yea well, I am also not an enormous fan of C++ either. :)
23:22:20gmaxwell:(also for that reason!)
23:22:25petertodd:anything that has dynamic memory allocation and reference counting and/or gc can have that happen
23:22:50petertodd:if anything, I kinda like python's reference counting + cycle-detection rules there as being predictable
23:23:36jtimon:say you're running 1 function 90% of the time and 90 functions the rest of the 10%, write it all in python and then single out that function and write assembly if you want
23:24:23zooko:jtimon: yes, that's something that I love about Python, contrasted with Java and many other languages --
23:24:36zooko:that the culture and the tools have encouraged polyglotism all along.
23:24:50tacotime_:yeah, that's what i had mainly used python for before.
23:24:55zooko:If there was a good C lib, then the Python culture was for someone to write a wrapper and everyone else to use that wrapper.
23:25:14petertodd:jtimon: generally true, although sometimes you get into situations where you're, say, memory limited so it's tricky to figure out how to make that 10% into compiled code... which is why they came up with cython (and previously, the really solid C/C++ interfaces)
23:25:30sipa:gmaxwell: the reason my unit test didn't run, was because i had two classes with the same name
23:25:34petertodd:zooko: yup, writing C/C++ wrappers is remarkably easy, even usign the library directly
23:25:38sipa:gmaxwell: the second one just overwrote the first
23:26:03antephialtic:jtimon: that approach limits the usefulness of alternative runtimes like pypy that JIT the code for speed
23:26:29sipa:petertodd: it took me several hours to figure out how to pass a list of numbers in python to a vector in C++
23:26:49tacotime_:my alt coin i'm supposed to be coding in golang, i'm curious to see how i like that when i get into it.
23:27:02sipa:(with no experience with swig whatsoever beforehand)
23:27:07jtimon:antephialtic calling an external optimized tool for something you're running a lot? I don'tt see how
23:27:32Luke-Jr:needing a wrapper is lame <.<
23:27:56antephialtic:jtimon: pypy has issues running code that uses c-extensions
23:27:57jtimon:it's interessting that the fastest python implementation is written in python and not in C though
23:28:09tacotime_:the only thing so far i really like from golang from the documentation is ease of multithreading, but i haven't read through all of it yet.
23:28:21petertodd:tacotime_: what's your alt going to do?
23:28:28gmaxwell:the concurrency in rust is nicer. :P
23:28:53jtimon:tacotime not a new language _zeromq
23:29:22jtimon:I think I'm loving zmq even more than python
23:29:47tacotime_:I'm hearing about zmq a lot lately too
23:30:03tacotime_:My alt coin is implementing an alternative to PoS that's more like PoA
23:30:12sipa:proof of ...?
23:30:14petertodd:tacotime_: proof-of-asshole?
23:30:21tacotime_:activity, proposed by coblee
23:30:22petertodd:tacotime_: aardvark?
23:30:35gmaxwell:tacotime_: It has LDAP XML Synergy for advanced RDBMS LAMP stacks in the cloud at webscale.
23:30:37sipa:proof of altcoin?
23:30:59Luke-Jr:petertodd: hahah
23:31:10Luke-Jr:proof-of-attack is my serious guess
23:31:10tacotime_:But basically has per block verification of the chain by stakeholders.
23:31:11Luke-Jr:<.<
23:31:19tacotime_:Ouch luke-jr
23:31:21zooko:antephialtic: the right way forward is to use https://pypi.python.org/pypi/cffi to interface Python to native code, and then pypy (and also CPython) have no problems with it.
23:31:21sipa:gmaxwell: you'll love this: http://pic.dhe.ibm.com/infocenter/wsdatap/v6r0m0/index.jsp?topic=%2Fcom.ibm.dp.xm.doc%2Fjson_jsonx.html
23:31:38gmaxwell:LOLOL
23:31:51qwertyoruiop_:qwertyoruiop_ is now known as qwertyoruiop
23:31:53tacotime_:Then second it's implementing a fiat-like system using a public oracle system.
23:31:58zooko:* zooko laughs
23:31:59petertodd:ooh! an appliance! that sounds enterprisey
23:32:09tacotime_:That's most of what it does.
23:32:18petertodd:tacotime_: you still haven't told us what the 'A' stands for
23:32:22sipa:petertodd: actifity
23:32:25tacotime_:activity
23:32:28petertodd:ah!
23:32:29zooko:tacotime_: by "fiat-like", you mean the size of the monetary base can change in response to politics?
23:32:34tacotime_:sorry heh
23:32:35gmaxwell:JSON-enterprise-edition
23:32:44petertodd:tacotime_: ok, so it's proof-of-internal-sacrifice really
23:32:46sipa:gmaxwell: cloud JSON
23:32:51tacotime_:zooko: yes, according to the politics of the stakeholders and the PoW miners.
23:32:52antephialtic:zooko: cool, will look into that
23:33:02tacotime_:petertodd: yes
23:33:19sipa:gmaxwell: now with over 99.8% redundancy!
23:33:27petertodd:tacotime_: good luck - such schemes are probably on the threshold of being possible at best
23:33:41zooko:antephialtic: hope it helps! cffi is developed by the pypy devs (at least partly), and those folks are very good engineers, and you can find them on #pypy
23:33:59Luke-Jr:petertodd: are you on the altcoin panel in Texas?
23:34:07tacotime_:petertodd: At worst I'll end up with something that doesn't work very well and a lot of experience coding cryptos, which I'm okay with.
23:34:10petertodd:Luke-Jr: early march? no, at the financial crypto conf
23:34:12Luke-Jr:tacotime_: ^
23:34:34gmaxwell:"coding cryptos"
23:34:34petertodd:tacotime_: good attitude - I'd love to see such a thing get coded up if only to see how exactly they fail
23:34:36Luke-Jr:* Luke-Jr wonders who else is on it <.<
23:34:45gmaxwell:* gmaxwell gets out the staff of smiting.
23:35:03sipa:tacotime_: and you may spend a ton of time convincing yourself you're creating something safe
23:35:16petertodd:tacotime_: take sipa's advice and break it for us :)
23:35:21tacotime_:sipa: I'm not that delusional, heh
23:35:25gmaxwell:tacotime_: see andy's protopaper.
23:35:32tacotime_:andy's protopaper?
23:35:36andytoshi:one sec
23:35:38sipa:1
23:35:39sipa:over
23:35:41andytoshi:lol
23:35:50Luke-Jr:2
23:35:55gmaxwell:/exec -o sleep 1; echo how about now?
23:35:55jgarzik:he did not specify when the second would occur
23:35:56andytoshi:http://download.wpsoftware.net/bitcoin/alts.pdf
23:36:14antephialtic:andytoshi: a couple nights ago gmaxwell mentioned that you had proved that schnorr signatures were non-malleable. can you link the paper?
23:36:29andytoshi:sorry, i ran 'cat docs/scrap/bitcoin-links', but then it wasn't in there, so i had to find it and add it..
23:36:49andytoshi:antephialtic: sure, http://download.wpsoftware.net/bitcoin/wizardry/schnorr-mall.pdf
23:36:50zooko:tacotime_: aren't the incentives of currency holders always to minimize creation of new currency, and the incentives of miners always to maximize it?
23:37:00antephialtic:andytoshi: thanks
23:37:15zooko:full disclosure: I'm toying with related notions myself.
23:37:33zooko:Not that I expect you to be interested in my ideas, but I started feeling a bit guilty about pumping you for information without mentioning that.
23:37:43andytoshi:gmaxwell: regarding snarkcoin tx security, you said "just give different outputs to every miner" to minimize who can see the actual transactions
23:37:47tacotime_:Regardless of how much your cc breaks to you can usually make it continue running by switching to something that does work temporarily while you fix what was broken, eg just enforce pow for a while with a hardfork. So long as how it's broken not involving something like people spending other people's money (counterparty)
23:38:25tacotime_:zooko: Yes, so they should find common ground when you average them, no? ;)
23:38:28petertodd:zooko: you should think in terms of security against rational actors, and irrational ones - don't design systems that assume too much that attackers are economically rational
23:38:36gmaxwell:andytoshi: Yes.
23:38:36andytoshi:gmaxwell: how about, rather than signing outputs, you sign a pubkey (which the recipient provides) along with the inputs and change outputs, then pass this to the recipient. and the recipient adds and signs the outputs himself
23:38:36austinhill:@zooko the alt coin model is very broken and a new incentive mechanism for innovation is required
23:38:52petertodd:zooko: proof-of-work is good for that precisely because it's a huge barrier to the irrational ones, at least once the system is established
23:39:09andytoshi:gmaxwell: then the recipient is in charge of getting this to miners -- he can do the output-swapping thing, and set his own fee, and the sender doesn't get to find out the outputs
23:39:13zooko:petertodd: good point about irrational attackers.
23:39:29zooko:Hiya austinhill!
23:40:05zooko:austinhill: yes, I've been intending to ask you about that, in fact.
23:40:05gmaxwell:andytoshi: sounds great. I mean, it's an extra ecdsa validation under proof, but this wasn't an immediately pratical idea.
23:40:30petertodd:zooko: did you see my conversation a few weeks (?) ago on bitcoin-dev about merge-mining? that's exactly what I'm talking about - it's insecure against the irrational actors no matter how much you handwave about economic incentives
23:40:47zooko:petertodd: I'll look for it on the mailing list archiuves.
23:40:52tacotime_:petertodd: in practice too, see lukejr and coiledcoin.
23:41:01austinhill:the co-operation of a large part of blockchain miners / minning pools in allocating hasing power & infrastructure to an alt coin can be very beneficial or abused (pump&dump difficulty rate on a new SHA proof of work coin)
23:41:15gmaxwell:I think the CLC stuff was rational. FWIW.
23:41:18petertodd:tacotime_: I forget whether or not luke denies that, but certainely easy to see how it could happen
23:41:23Luke-Jr:(nevertheless, merged mining is the best system currently, and practically secure as long as you have rational actors on your side)
23:41:53gmaxwell:you certantly don't want to merge mine something that the existing miners might outright oppose though. Woe be it to you who do.
23:42:10tacotime_:gmaxwell: yes
23:42:14Luke-Jr:austinhill: the goal of any legit crypocurrency is to keep difficulty as high as possible
23:42:28Luke-Jr:austinhill: the pump&dump refers to valuation
23:42:45petertodd:Well, good case in point: Would existing miners want to merge-mine my tree-chains idea? It can be done as an economically neutral way to increase scalability... but it has the side effect of making pools much less relevant.
23:43:02gmaxwell:petertodd: I don't think thats a problem.
23:43:07tacotime_:Andrew's draft is rather damning
23:43:09petertodd:Existing miners might very well kill it off because those miners are pools and may not want it to exist.
23:43:26gmaxwell:Esp if any attack is provable, the goodwill loss would fix the incentive alignment.
23:43:28Luke-Jr:petertodd: does it make bitcoin (or whatever system) more valuable as a system?
23:43:33Luke-Jr:that is an incentive there
23:43:44tacotime_:I think anyone putting money into altcoins should more or less be aware that it could disappear at any time
23:43:48gmaxwell:and yea, I think virtually every pool is more aligned to bitcoin long term than their particular position as a pool.
23:43:52Luke-Jr:tacotime_: that's true of bitcoin
23:43:52petertodd:Luke-Jr: probably yes, but as I say, it makes pools unneeded
23:43:54austinhill:problem is when everyone starts merge minning different coins & the ecosystem starts to encourage more alt coins which frankly affects the perception of all cryptocurrencies as monopoly money
23:44:11sipa:so currency, many alt!
23:44:18gmaxwell:tacotime_: I'm not sure thats ever really all that useful advice to people. I mean people should give that advice, but lets not fool ourselves that it really is all that protective.
23:44:34jcrubino:how does one convert an address to the public key?
23:44:41Luke-Jr:jcrubino: you don't.
23:44:45sipa:jcrubino: not here, please
23:44:54Luke-Jr:jcrubino: you should be in #bitcoin-dev or something, this channel is for wizards <.<
23:45:01tacotime_:Yeah, I do feel kind of antsy about taking anyone's money to hack on my alt coin
23:45:13tacotime_:I'm not sure what the legal liabilities are
23:45:27gmaxwell:austinhill: yep, my long time worry is if there is every a switch where Foo coin replaces Bitcoin without any real migration then the whole thing will unravel when people say — wait, but when will Foo coin be replaced??!
23:45:27Luke-Jr:tacotime_: the bigger problem is the people who will pump your altcoin and rip off the fools they convince to invest in it
23:45:39tacotime_:I'm just saying it may or may not work and that you might end up with a leviathan of horrendously malformed code
23:45:41petertodd:tacotime_: fwiw the legal advice I got was to stick to consulting, not actually writing code too directly
23:45:47gmaxwell:er, s/every/ever/
23:45:50tacotime_:Luke-Jr: Yeah
23:45:58Luke-Jr:tacotime_: even legit altcoins have problems with scammers trying to take advantage of them
23:46:02jcrubino:#bitcoin-dev seems to be off limits except to devs and invited guests, #bitcoin is usually full of shit, so i came here
23:46:05austinhill:Spoke with vitalik yesterday about Ethereum and their doing a mastercoin type issuance through switzerland for millions of dollars - this I think is bad for the ecosystem
23:46:09petertodd:tacotime_: the legal advice also was that in reality basically anyone in a position of *social* influence in this space may be seen by the courts as being the "administrator" of these systems, and hence legally liable
23:46:22Luke-Jr:jcrubino: #bitcoin-dev is not restricted beyond topic
23:46:44tacotime_:petertodd: Hrm. If I write it myself without taking anyone's money and release it, am I still liable?
23:46:58petertodd:tacotime_: probably yes
23:46:58austinhill:Petertodd: you also face minimum qualified investor rules in Canada, US and Europe
23:47:09gmaxwell:tacotime_: you're always liable, hurray for civil liability. What advice do you want?
23:47:20Luke-Jr:lol
23:47:38sipa:austinhill: ethereum is a fully independent chain, no?
23:47:43sipa:austinhill: not embedded in bitcoin
23:47:55austinhill:you could always release it pseudonymously - worked for someone we know, no one to sue
23:47:56petertodd:gmaxwell: note the lawyers I talked to specifically spoke in terms of being liable for administering a financial system, more than just civil liability
23:49:00austinhill:sipa: ethereum is trying to bootstrap independent blockchain and using BTC to fund it with a crazy DAC model (mastercoin with a twist of trying to build turing complete scripting into system)
23:49:24sipa:austinhill: yeah, i've met with ethereum people
23:49:39petertodd:it's notable that ethereum has moved from talking about the fundraising as an investment to talking about it as people buying something in a standard exchange of goods for money
23:49:57sipa:didn't know about how they were going to bootstrap it
23:50:19gmaxwell:petertodd: IRC has had a bunch of people really confused about ethereum the last few days.
23:50:46petertodd:sipa: right now it's sell ethereum coins from the premine on the basis that people are buying a standard digital good, not on the basis that they are buying a right or any kind of share
23:50:53petertodd:gmaxwell: not surprised...
23:51:01gmaxwell:People are thinking that it will turn all the nodes into some ec2 instance and that the internet infrastructure will migrate into ethereum and other disconnected from anything proposed by anyone stuff.
23:51:02antephialtic:regarding legal issues, I wonder what impact Arista Records LLC v. Lime Group LLC could have on bitcoin developers. While the underlying crime in that case was copyright infringement, it's not hard to imagine a similar one for money laundering
23:51:12petertodd:gmaxwell: lolololol
23:51:29petertodd:antephialtic: ?
23:51:34gmaxwell:petertodd: I think people don't at all get what it actually does and are just pattern matching to the nearest thing they understand.
23:51:35sipa:gmaxwell: lolwut
23:51:59austinhill:gmaxwell: well when you breathe enough ether anything is possible lol
23:52:09gmaxwell:sipa: you didn't also see the person in #bitcoin-dev who was asking about us using OP_RETURN to give URLs to javascript for miners to run?
23:52:14gmaxwell:austinhill: hahahahahhaha
23:52:19sipa:gmaxwell: ugh, no
23:52:20petertodd:gmaxwell: probably quite true - it's notable how many people just didn't get my last post about proof-of-publication and decentralized markets when I was talking about it at the local meetup
23:52:32sipa:gmaxwell: i regularly quit -dev... i waste time being annoyed
23:52:33petertodd:austinhill: +1
23:52:41petertodd:sipa: +1
23:53:04sipa:* sipa invokes xkcd 386
23:53:25gmaxwell:19:25 < linagee> would it be possible to use the 80 extra bytes from bitcoin 0.9 to point to a URL with .js that nodes can run?
23:53:43sipa:ugh
23:53:43gmaxwell:19:28 < linagee> gmaxwell: adapt or die. I'm trying to adapt.
23:54:07sipa:someone should really try to explain bitcoin's consensus and trust model
23:54:09gmaxwell:I don't bring it up to make fun of linagee, that kind of helpful clueness seems to by common among people newly interested in ethereum.
23:54:10petertodd:gmaxwell: we should write a BIP for that to be published in just over a month...
23:54:28gmaxwell:We did need a bit that specified something really dumb.
23:54:31gmaxwell:er bip.
23:54:54gmaxwell:(As an example that the existance of a BIP is not itself proof that an idea is good)
23:55:30petertodd:We could get Eligius to implement it with a Javascript interpreter that always returns 42, and then make it Accepted on the basis of community acceptance.
23:55:48sipa:* sipa proposed OP_FORK: let's you create infinite amount of money - you can spend everything you had once for each separate node
23:56:03austinhill:I would love to build a proof-of-knowledge credentialing system based on web-of-trust & Dr. Stefan Brands blinded credential tokens to build a "k/n bitcoin-wizards think you are A) not an idiot, B) ask good questions & C) have the right to join this chat" …..nice credentialing system for decentralized authenticated chat
23:56:25petertodd:sipa: in highschool I actually worked out the economics for essentailly just that after reading the hashcash paper - was trying to figure out how to make it into a useful decentralized currency...
23:56:40petertodd:sipa: (I knew I was getting desperate...)
23:56:53sipa:i actually *used* hashcash
23:56:56sipa:does that count?
23:57:07petertodd:ha, yeah, me too
23:57:14gmaxwell:I believe I have some RPOW. Someplace.
23:57:20tacotime_:original gangster. i'd never heard of it before bitcoin.
23:57:32austinhill:sipa: petertodd: I actually went out & hired hashcash inventor to come work for me for 3 years trying to figure this shit out
23:57:34petertodd:though the only person who'se ever sent me a hashcash email is adam back
23:57:44petertodd:austinhill: adam?!
23:57:49sipa:austinhill: i'm aware you know the hashcash inventor, yes :p
23:57:58austinhill:Yeah, I hired Adam Back back in 2000
23:58:09petertodd:austinhill: lol, hilarious, did he figure that shit out? :P
23:58:28austinhill:Maybe this time, we recently co-founded a new company….more on this later :)
23:58:39petertodd:austinhill: interesting!
23:59:06gmaxwell:In any case, I think that mostly this stuff with random people being confused about ethereum is that the developers of it must be giving some clearly excited talks about it, and that kind of excitement is more contagious than the understanding is...
23:59:22petertodd:vitalik doesn't really explain it well either
23:59:37sipa:gmaxwell: some ethereum people recently visited the zurich bitcoin meetup
23:59:41gmaxwell:Explaining things is hard.
23:59:43austinhill:Company was ZeroKnowledge (we tried to buy Digicash from David Chaum, but bought the rights to Brands eCash system which was superior) think .tor + Bitcoin + Identity blinded credentials….$80million raised - 300 people
23:59:44sipa:interestingly, none were actually technical