00:08:57phantomcircuit:gmaxwell, did bc.i fix the xss in coinbase data?
00:12:08phantomcircuit:gmaxwell, too bad
00:12:20phantomcircuit:i have enough room for an element
00:12:30comboy:whoa, fun, how was it found? it seems pretty expensive to test
00:12:52phantomcircuit:comboy, < randomly appears in the coinbase anyways
00:13:01phantomcircuit:so im guessing the page rendering was messed up
00:15:42gmaxwell:comboy: it's not hard to get pools to put in custom coinbase text for you, eligius will for example.
00:16:10gmaxwell:and if you're p2pool mining you control your own coinbase text— requires you to find a block however. :)
00:17:28comboy:interesting about eligius, I would imagine it's still expensive though? ;)
00:18:16gmaxwell:comboy: at least at one point they did it for free per request by any miner.
00:19:04comboy:oh, that's cool, it would work nicely as my backup solution
00:19:05sipa:"free per request" is still "just free", no?
00:19:16comboy:I'd need extremely good compression and very long time though ;)
00:22:28comboy:btw was there somewhere a chart of avg fee pr kb?
00:26:11rdymac_:rdymac_ is now known as rdymac
00:26:22gmaxwell:I just mean that you had to ask, and presumably if you started trying to backup data that way you'd be told no.
00:29:27comboy:jk, but that's a pretty cool feature
00:30:10comboy:I mean that they are/were letting people do this, not the backup part
00:30:21DBordello:DBordello is now known as Guest55492
00:42:38just[dead]:just[dead] is now known as justanotheruser
01:04:58execut3:execut3 is now known as shesek
01:31:39maaku_:"Handling clients money in Assembly for dummies"
02:11:36phantomcircuit:gmaxwell, dear god this is so much data
02:29:03justanotheruser:justanotheruser is now known as just[dead]
02:33:57wallet42:wallet42 has left #bitcoin-wizards
03:18:16just[dead]:just[dead] is now known as justanotheruser
03:32:30justanotheruser:justanotheruser is now known as just[dead]
03:37:10just[dead]:just[dead] is now known as justanotheruser
04:06:14justanotheruser:justanotheruser is now known as just[dead]
04:06:29tacotime:gmaxwell: wow https://bitcointalk.org/index.php?topic=497737.0
04:06:38tacotime:i wanted to say it too but
04:06:47tacotime:i signed their dumb nda
04:07:03warren:maaku_: assembly might be an improvement for some
04:07:19tacotime:and although i think it might not be legally binding i still err on the side of caution
04:08:33gmaxwell:tacotime: I offered them an alterntive NDA, but alas they chose to not respond to me instead. It's almost certantly no binding in any way shape or form, but yea, wouldn't encourage you to encourage them to give you trouble.
04:10:06gmaxwell:tacotime: you may like the revised NDA I had proposed to them: http://0bin.net/paste/pVUtGcHihaoCLrlu#RpeIps564F55dbWRz1U28blAHreBM2yhuth2TKqX/Ls=
04:12:22tacotime:gmaxwell: that's not really that bad, though i imagine they'll struggle with (d)
04:12:57tacotime:my favourite thing was when they put, "customers must disparage and criticize HashFast products in a public space" in the refund contract.
04:13:03gmaxwell:yea.. lol
04:13:07gmaxwell:disparagement agreement.
04:13:45gmaxwell:I think it's reprehensible to threaten people who you've truly and honestly ripped off for complaining about your ripping. I don't feel like I could agree to any NDA with a company that would do that.
04:15:07gmaxwell:in any case, I was debating on when I should start really hitting back against them with some force, their belief that they can get away with promoting a new product while many people are out completely was sort of a last straw for me.
04:15:17tacotime:it is. the whole situation has been a mess since october.
04:16:18tacotime:yeah, i thought it was obscene when i saw that. i'm glad i at least got my asics but i feel awful for the people who haven't gotten anything yet or are waiting on upgrades.
04:18:24tacotime:they don't seem super interested in helping the pending legal cases against them.
04:18:33tacotime:which is baffling.
04:19:22BlueMatt:who's in barbados?
04:20:09tacotime:i wish. i'm just going to texas this week.
04:40:23jtimon:warren maaku_ what's with assembly? I kind of enjoyed reading the SSE2 manual to optimize my neural networks on the co-processor
04:45:13jtimon:or were you talking void...I mean...ether?
04:55:54just[dead]:just[dead] is now known as justanotheruser
06:17:53Luke-Jr:gmaxwell: really? they wouldn't even look up another airline for me :/
06:18:21gmaxwell:Luke-Jr: they're supposted to under normal contracts. They don't offer it though, dunno if you asked what was going on there.
06:18:54Luke-Jr:at this point, I don't think they even refunded me :/
08:10:10gmaxwell:if any php wizards want to check mtgox's code— you can actually see the spending code takes an array for 'forced inputs'
08:10:42gmaxwell:but I think it has a bug where it won't actually force any intputs that were used in another transaction, because it checks if they're in an unspent list and skips them.
08:12:20adam3us:gmaxwell: interesting if they got the tx db too
08:14:07adam3us:gmaxwell: implications of what you said ^^ for abuse of tx malleability + their coding sending diff inputs being responsible for theft of funds?
08:15:07gmaxwell:I knew from magicaltux that their code would 'sometimes but not always' conflict inputs when reissuing, well the code responsible for that appears to be there.
08:15:59gmaxwell:http://pastebin.com/W8B3CGiN line 162
08:16:28davvblack:is there any code that automatically reissues?
08:18:41gmaxwell:kinda, thats the code that the reissue would (presumably) use
08:19:00gmaxwell:the interesting thing is I can't square it with their recent behavior of doublespending inputs
08:19:10gmaxwell:so I think there may have been a change.
08:19:28gmaxwell:Basically their forced input logic is broken in that it won't force any inputs if it doesn't think they're available
08:20:22adam3us:gmaxwell: but its concept of availability is the tx db?
08:20:44gmaxwell:But at line 876 it seems to synchronize its claims with the blockchain.
08:21:30gmaxwell:so thats compatible with the idea that the transaction they were trying to conflict with being successful would cause them to fail to conflict (doh!)
08:21:34azariah4:damn, so much rounding, type casts to int and magic numbers
08:21:43gmaxwell:but not compatible with their observed self-doublespending at all.
08:22:24gmaxwell:so now I'm wondering if they didn't— a couple months ago— comment out that synchronization with the blockchain on 876 in order to try to make it not fail to conflict with itself when it needed to
08:22:26davvblack:maybe there's something wrong with the queries including and just after 177
08:22:38gmaxwell:but by doing that made it constantly doublespend itself.
08:23:08gmaxwell:well thats why I think someone php clueful needs to look at this, my last php expirence was over 5 years ago and in a much cleanear and abstracted codebase (mediawiki)
08:23:41davvblack:there are also syntax errors
08:23:44davvblack:like line 91
08:24:58davvblack:you cant [] for array literal
08:33:22azariah4:if this code leak is real, I suddenly feel much better about the payment backend code I'm working on @ work
08:33:43davvblack:I mean, look how many order by RAND() are in there
08:36:55davvblack:I like that it uses variables like $block_size to mean blocks per block reward amount.
08:38:44gmaxwell:davvblack: well coin selection... not so awful there.
08:39:01davvblack:erm, i mean it's still bad from a dba standpoint
08:39:11davvblack:it needs to assign a rand() to each row
08:39:16gmaxwell:I give this code 99.9% chance of being real, though it might be moderately old.
08:41:29davvblack:and as per our previous conversation, no ===
08:47:44gmaxwell:this code seems to have no ability to handle reorgs.
08:48:36jcorgan:he'd probably say he didn't know about reorgs, and that reorgs are a "bitcoin bug"
09:58:58gmaxwell:::sigh:: I posted on reddit about how MTGox green addresses might have massively amplified these problems (inspired by someone elses ranty thing that was arguing that systemic risk can't exist in bitcoin)
09:59:41gmaxwell:and one of the responses is from https://greenaddress.it/ who seems themselves to be confused and think I'm talking about their service.
10:12:00airbreather:"Unlike other systems our implementation allows users to login in watch-only mode, meaning that their private keys are not in the browser at all." -- except bc.i offers this same functionality
10:14:03gmaxwell:airbreather: I don't think there is any way to _sign_ if you're using bc.i that way.
10:15:57airbreather:ahh, I see what I missed -- you can have them still be in charge of your bitcoins, but log in in a way that makes it so you can't spend them. so, doesn't solve the fundamental problem
10:18:59airbreather:and of course, 100% beside the point of actual green addresses
10:19:37gmaxwell:yea, mind blown at the otness of it all
10:40:59justanotheruser:justanotheruser is now known as just[dead]
10:52:59airbreather:So the "Hardfork Wishlist" wiki page lists the following: "coinbases must be parseable." <-- wouldn't that be possible with a BIP0034-style valid-under-old/invalid-under-new softfork?
10:54:32airbreather:assuming I'm using the term "softfork" correctly... if I'm not, pretend I didn't say that, and I really just mean the upgrade process BIP0034 implemented
11:44:05aksyn:aksyn has left #bitcoin-wizards
12:23:03oooooo_m:oooooo_m is now known as oooooo
14:17:15maaku:maaku is now known as Guest46684
14:54:22realazthat:gmaxwell: ping
15:32:48just[dead]:just[dead] is now known as justanotheruser
15:56:02jgarzik:So, on MtGox customer info... anybody have additional data? does this mean a bunch of high profile bitcoiners, including myself, have their MtGox high res passport scans floating around?
15:56:13jgarzik:That would be disappointing, but not entirely unexpected.
16:01:23nanotube:there's no confirmation of the data being in the wild. just some guy saying 'we have the db dump'
16:02:03nanotube:and vaguely promising to post a torrent
16:02:39comboy:worst part is that afair I tried submitting scan with watermark saying it's for their use only and date and it was not accepted :/
16:03:32nanotube:i submitted notarized paper. dunno if they scanned it into their db, or if it's still safely in a file cabinet somewhere
16:07:46comboy:nanotube: given this code source leak which looks sadly legit, I'd assume they really have the db
16:08:20nanotube:comboy: i'm not making bets one way or the other. code could be sitting around on various dev machines
16:08:42nanotube:or copies floating around in emails or usb sticks
16:08:58nanotube:db is less likely to be hanging around in bits and pieces all over the place
16:09:22comboy:well, maybe, hopefully
16:09:51nanotube:but certainly Pr(db is leaked | code is leaked) is greater than the prior of Pr(db is leaked)
16:11:20jtimon:I only coded php on a small project at college, but 1719 lines in a single file, the mentioned castings, not using constants for constant values...
16:18:29TD:the whole passport scan+utility bill thing is a horrible standard anyway
16:18:56TD:if the whole thing does leak, i guess exchanges will have to go to doing video chats to confirm id
16:19:05TD:as simple posession won't mean anything any more
16:20:45nanotube:but until they do, expect plenty of fake jgarzik's on the various exchanges. >_>
16:21:19jtimon:yeah interesting thought
16:21:43kinlo:their code does indeed look lik a big mess
16:21:55kinlo:not to mention that php is not the language to write an exchange in
16:21:59jtimon:passports should have a private key for digital signatures like some countries id cards
16:22:28kinlo:jtimon: several passports do have a chip....
16:22:55TD:all new passports have chips. unfortunately, chips that sign with private keys are ... optional
16:22:58jtimon:yeah, a chip, but can you sign legal documents with that chip?
16:23:08TD:it's not designed for that
16:23:13jtimon:TD oh, so it's possible
16:23:23TD:for most passports it's not possible. the chip is just a data repository
16:23:26kinlo:is a scan legal?
16:23:37kinlo:can I order stuff with just a scan?
16:23:38TD:well banks take photocopies of passports, in my experience
16:23:40jtimon:well, some countries id cards (spain) are designed for that
16:23:42TD:so a scan is i guess normal
16:23:55TD:jtimon: yes sure. some countries operate their own citizen PKI's
16:24:12kinlo:TD: It's so sad you are correct... it opens so many ways to get abused for us
16:24:34kinlo:they have email, id, name, address, everything :(
16:24:34TD:for any institution that needs strong ID verification
16:24:43TD:it's not just a bitcoin specific problem
16:24:53kinlo:TD: I've opened my latest bank account online, without much verification....
16:24:55TD:id theft is a huge issue, especially in the usa where so much is keyed off social security numbers
16:25:04TD:how did you do that?
16:25:32kinlo:I just went to my banks website, filled in a form, pasted a copy of my id card and they mailed me my bank-card back
16:25:43TD:"pasted a copy"?
16:25:44kinlo:debet card AND credit card :)
16:25:53kinlo:photocopy of my id card
16:26:28TD:so they don't actually use crypto, even though your id card supports it?
16:26:45kinlo:well, for the credit card I had to give them a copy of my salary card (how to translate that word:P)
16:26:56kinlo:TD: exactly.
16:27:04jtimon:that's scary, so anyone could just create an account in your name if the id cards/passports are leaked?
16:27:12TD:probably not worth the complexity
16:27:16nanotube:even if there was crypto... that'd just mean people will try to steal the privkeys
16:27:19TD:i guess you'd need a smartcard reader and most people don't have one
16:27:29kinlo:TD: however, it might have been possible they contacted the governement to get my address - they did had to send my info somewhere
16:27:45kinlo:in the end, a bank with an official licence has access to certain governement databases
16:27:49TD:i don't have an ID card, but swapped a photocopy of my passport + some money for a USB smartcard dongle thing that i can use to log in to a bunch of swiss websites
16:28:04TD:but most people won't do that
16:28:25TD:thinking about it though, i think the passport copy mt gox has for me is actually expired. plus the utility bill has to be fresher than 3 months
16:28:26kinlo:TD: so you can login to any swiss site that requires an id card?
16:28:39kinlo:TD: are you swiss?
16:28:52TD:i live here
16:29:01kinlo:you sound american (no offence)
16:29:22TD:i'm british
16:29:27jtimon:I don't think I ever send a utility bill, but it's been a while since last time I used that exchange
16:29:29TD:nearly the same thing :)
16:29:30kinlo:close 'nuff :p
16:29:59kinlo:well, I didn't even got confirmed yet
16:30:03kinlo:I was in the queue
16:30:21kinlo:so I'm definatly going to be in a "hot database", if such a thing exists
16:30:29jtimon:I think at some point the id card was enough
17:13:58jgarzik:(scrolling back)
17:14:07jgarzik:TD, I'm surprised people have not already moved to video chat security
17:14:17jgarzik:TD, maybe it's too obvious and "dumb"
17:18:27phantomcircuit:jgarzik, que
17:21:00jgarzik:phantomcircuit, a wealth of biometrics can be easily captured by a video chat
17:21:13jgarzik:phantomcircuit, and easily measured against future video chats
17:21:30jgarzik:OpenBiometrics has some fun tools
17:25:52pigeons:“The new generation of Kinect technology in Xbox One can distinguish up to six voices in a room, respond to voice commands, read skeletal movement, muscle force, whether people are looking at or away from the TV and even their heart rates.
17:26:33pigeons:so yeah
17:33:25spin123456:spin123456 is now known as spinza
17:47:52zooko:Hm. I wonder under what conditions open("/dev/urandom", O_RDONLY | O_CLOEXEC) can return a negative return value.
17:48:53Guest46684:zooko: out of file handles?
17:49:25zooko:Guest46684: yeah, I was wondering about that too.
17:50:01Guest46684:Guest46684 is now known as maaku
17:50:12zooko:maaku: hi there! ☺
17:52:44zooko:I wonder if there are other cases.
17:53:35zooko:In particular, I'm wondering whether I can deliberately trigger a process on your linux machine to get -1 from open("/dev/urandom").
17:53:56zooko:And I'm also wondering if open() will ever return any other negative number than -1.
18:00:45TD:phantomcircuit: for exchange KYC verification
18:00:56TD:it seems exchanges spend a lot of time trying to divine whether a scanned passport/bill is forged or not
18:01:07TD:seems doing a 20 second video chat with support staff could resolve the question reliably
18:06:38michagogo|cloud:18:23:56 jtimon: yes sure. some countries operate their own citizen PKI's
18:06:38michagogo|cloud:Including Israel, sort of
18:06:54TD:perhaps in future more localised exchanges can use these
18:07:16michagogo|cloud:We're in the 2-year trial phase of a program for new, smart ID cards and e-passports
18:08:24michagogo|cloud:They embed biometric data (photo and two index fingerprints), and the ID card has a smartcard contact on it. With the card, they give you a USB reader, which will allow you to connect the card to your computer and use it for authentication and signing
18:08:58michagogo|cloud:At the moment, though, I don't think there's anything you can do with it -- Windows detects and auto-installs a driver for the reader
18:09:13TD:normally you can sign PDFs with it, and that's legally binding. also mine lets you log into websites using SSL client certs
18:09:23TD:i don't have an ID card though. my "card" is a SIM form factor
18:09:34TD:seems like swiss identity cards let you choose whether you have a chipped one or not
18:09:34michagogo|cloud:And when you insert the card, it's recognized as a smart card, but AFAICT there's nothing that you can do with it
18:10:00TD:you can probably use it with anything that supports PKCS #11 tokens, i think
18:10:04TD:there's a standard for crypto smartcards
18:10:08michagogo|cloud:Eventually, they say they'll release the software for it
18:10:19phantomcircuit:TD, i've actually dont KYC over skype for intersango
18:10:22phantomcircuit:it was a lot easier
18:10:30phantomcircuit:but it took about 10 minutes
18:10:35TD:like, i installed the SuisseID software, and when I plug my usb stick in Mail.app it automatically starts signing mail
18:10:54TD:PDFs is harder. Adobe and other apps like to use the term "electronic signature" to mean "image of a hand-drawn pen signature"
18:11:09TD:phantomcircuit: i guess you could optimise it by having custom stuff on your website using webrtc
18:11:35phantomcircuit:TD, in the us the adobe/docusign things are legally binding contracts
18:11:40michagogo|cloud:TD: Do you know of anything generic that I might be able to use to find out what's on there, what it's currently capable of doing?
18:11:44phantomcircuit:E-SIGN act
18:11:53TD:ah that's good. i didn't know if it was the case in the USA. i think those are legally binding in most countries by now
18:12:21phantomcircuit:TD, http://en.wikipedia.org/wiki/Electronic_Signatures_in_Global_and_National_Commerce_Act
18:12:29TD:michagogo|cloud: do you know any technical data at all? model name etc?
18:12:38TD:michagogo|cloud: is it the "SmartID" system?
18:12:40TD:phantomcircuit: thanks
18:13:03TD:that's going to make contracts and invoicing a lot more convenient
18:13:30TD:* TD blinks
18:13:50TD:did the bitstamp price really go up by $100 in just a few hours?
18:14:15tacotime:TD: this is bitcoin
18:14:31michagogo|cloud:TD: I don't remember off the top of my head
18:14:36michagogo|cloud:Give me a sec, I'll go get it
18:15:13tacotime:stability is only on a logarithmic axis ;)
18:16:12phantomcircuit:TD, sure except the real world security there is terrible
18:16:26phantomcircuit:like im pretty sure i could forge something to appear like you signed it
18:16:33phantomcircuit:.... and it would be legally binding
18:17:12TD:well, if you hacked my computer and i had the usb stick plugged in and also entered the PIN then probably you could
18:17:24TD:it's not like a trezor, there's no display to confirm what's happenng
18:17:42c0rw1n:why can't that be hacked otherwise?
18:18:03c0rw1n:i don't trust any gov in the world to get security right enough on anything they do, ever
18:18:16michagogo|cloud:TD: The reader is an ASEDrive V3C
18:19:00TD:michagogo|cloud: i don't know how to do it on windows, but on MacOS there's a keychain app that lets you see if it was recognised
18:19:45michagogo|cloud:TD: The card appears in Device Manager as "Israel eID Minidriver for Smart Card"
18:20:50TD:do you have something like Outlook installed?
18:20:51michagogo|cloud:Hardware ID is SCFILTER\CID_54454c454d10211010
18:21:07zooko:zooko has left #bitcoin-wizards
18:21:19michagogo|cloud:TD: I don't think so
18:23:26TD:hmm. well, i guess you could also grab Acrobat and try signing a PDF with it
18:23:40TD:or chrome/IE would possibly let you use it, if you tried to log on to a site that was expecting it
18:23:44TD:but i don't know if there are any
18:23:54michagogo|cloud:Yeah, I don't think there are any
18:24:20TD:ah ha
18:24:20michagogo|cloud:Like I said, they've said that they expect the software that uses it to be available at some point in the future
18:24:34TD:apparently there's an app called "certificate manager"
18:24:38TD:try http://windows.microsoft.com/en-us/windows-vista/view-or-manage-your-certificates
18:24:47TD:see if you can spot your eID cert using that app
18:25:12TD:well, SuisseID also gave me a pile of custom software, but as far as I can tell it was only needed for enrollment. it wasn't needed for anything else. it's all natively integrated
18:27:05michagogo|cloud:TD: nope
18:27:13TD:nope to which part?
18:28:36TD:seems like you need to toggle an option in certmgr to make it show smartcard certs for some reason
18:29:29michagogo|cloud:I toggled that option
18:30:01TD:ok. then i dunno what the issue is. it's one of those annoying things where 95% of it is standardised, but somehow you still end up needing custom stuff
18:30:08TD:so i guess you have to wait for israel to get its act together
18:31:04michagogo|cloud:I mean, the program is still in a 2-year trial period, and the decision won't be made for a year and a half or so on whether to make it permanent, extend the trial for 2 more years, or cancel it
18:31:13michagogo|cloud:It's not clear what will happen if the program is cancelled
18:35:56justanotheruser:justanotheruser is now known as just[dead]
18:51:51jtimon:michagogo|cloud in spain you have to buy the reader yourself, so I haven't used it, but my sisters are lawyers and they've saved quite a few trips to the courts by using it
18:52:30jtimon:it's a little bit complicated for most people to use anyway
18:57:32just[dead]:just[dead] is now known as justanotheruser
19:08:58HM:any know of any existing generic code for generating hash trees iteratively?
19:09:46HM:as you insert elements in a vector
19:09:54HM:to amortize the cost of computing the root hash
19:10:02HM:just a thought
19:10:58tacotime:HM: I was going to try to merkelise a B+ tree and implement that, but I haven't had time
19:11:27HM:hmm, why a B+ tree?
19:12:12tacotime:was going to use it for a uxto set that i'd store in memory for very fast block and tx verification and propagation
19:12:53HM:sounds cool
19:14:20tacotime:i'm hoping so, when i get around to it. it looks like it'll be a lot of coding and debugging, so it'll have to wait until my other projects are done.
19:14:56tacotime:it's similar to what maako did in his python implementation, but with slightly different data structures.
19:15:14tacotime:*maaku, sorry
19:16:27HM:i was thinking of a memory efficient append-only list of leaf nodes (left to right). if you set a prediction for the size of the tree (n leaves), then at (n/2) population you can discard (n/2 - 1) flush nodes from memory
19:16:42HM:of course if you need to grow beyond that size you need to recompute
19:17:03HM:*flush -> inner
19:18:37HM:and you can still insert in O(log n) time
19:19:34HM:well to the unflushed half anyway hmm
19:29:10justanotheruser:justanotheruser is now known as just[dead]
19:42:34gmaxwell:HM: you don't have to predict you can resize as you grow, you just have these little tree fragments when you haven't yet filled a whole new level.
19:47:37TD2:adobe reader sucks even more than i remember
19:48:03TD2:jtimon: i'm not sure if it's complicated per se, but my experience has been it's all very flaky
19:48:27TD2:jtimon: sometimes my card just randomly fails to work. unplugging it and replugging it makes it happy .... sometimes. the software is a bit dubious too sometimes.
19:49:06TD2:not obviously well tested, at least not for macs
19:49:23TD2:still, i managed to digitally sign a pdf. probably easier and better than printing/signing with a pen/rescanning
19:49:57TD2:for my next trick .... signed payment request
19:59:14gmaxwell:is td2 td? I know too many tds on IRC
20:01:19nsh:it was Mike, aye
20:08:25jtimon:TD2 that's the swiss id, right? I haven't heard my systers complaining about the spanish systems and they're definitely non technical people
20:09:15jtimon:I may borrow them the reader or buy one myself to test the stuff better, I think they're like 10 or 20 eur
20:09:54jtimon:not many companies are using them though, mostly for dealing with the administration more efficiently
20:10:05jtimon:for now at least
21:26:17imsaguy:imsaguy is now known as supatube
21:27:15supatube:supatube is now known as imsaguy
22:19:50andytoshi:i have been thinking about writing a software which mirrors the bills drifting across parl.gc.ca into a git repo. then i can read things like '20. Subsection 4(2) of the Canada Evidence Act is amended by replacing “170” with “163.1, 170”.' (which has no context at all in the bill's text) as a diff, and also see historic info like eg bill sponsors with git log. does anyone know of existing
22:19:53andytoshi:similar projects?
22:20:27gmaxwell:let me ask someone who would know
22:20:38nsh:* nsh blinks
22:24:10antephialtic:anytoshi: I just got around to reading your paper on schnorr sigs being non-malleable. Forgive me for my lack of experience with this style of proof, but is the essential point of the proof that malleating the sig is as hard as predicting the output of the random oracle?
22:24:47nsh:(mutating is usual verb)
22:25:27nsh:((closest etymologically in english would be malleting, which is kinda funny))
22:26:20andytoshi:antephialtic: yeah, basically.
22:26:27andytoshi:nsh: i used 'malleating' several times in the paper :P
22:26:48antephialtic:nsh: seems to be a word :) http://dictionary.reference.com/browse/malleating
22:28:00andytoshi:antephialtic: more specifically, if the random oracle is unpredictable (i.e. it is actually a random oracle) then malleating is just as hard as forging
22:28:13andytoshi:it can be shown that in the random oracle model, forging is impossible, but that's out of scope of that paper
22:28:30TD:andytoshi: surely the right word is mutating?
22:28:59andytoshi:s/impossible/cannot be done with nonnegligible probability/
22:29:13nsh:* nsh stands corrected :)
22:29:28andytoshi:TD: i dunno, i like malleating because it's clear that this is the problem that i'm addressing and that word never appears in any other context
22:29:38andytoshi:but i'm sure it's not correct
22:29:43TD:usually words not being used anywhere else is not a good thing :
22:29:46antephialtic:andytoshi: so if the oracle is unpredictable, (advantage) epsilon ~ 1/(x-1) ?
22:30:45antephialtic:assuming the output of the random oracle is uniform (not sure if that is a valid assumption)
22:30:55andytoshi:fwiw O(1/(x-1)) is O(1/N), where N is the group size. also it might be some polynomial in t rather than 1
22:31:12andytoshi:antephialtic: yeah, that is part of the random oracle assumption. one sec, matt green has a good article on this..
22:32:30antephialtic:andytoshi: cool, my crypto knowledge is a bit elementary, so this is all interesting stuff for me, thanks
22:34:23nsh:andytoshi, some time when you get the chance please write up a blog post or something detailing the ideas behind the time-asymmetry/random-oracle idea you were telling me about yesterday
22:34:42nsh:i think it's worthy of some meditation
22:35:03andytoshi:nsh: yeah, sure, i'll think about that tonight and hopefully write it up tomorrow. agreed, i think there is something there because it suggests the impossiblitiy of my public-fhe dream
22:35:29nsh:* nsh nods
22:37:33gmaxwell:andytoshi: 14:36 < jgay> gmaxwell, i was working on a system to do that around 2005 but stopped for a few reasons. There have been a few people doing work on this. See https://github.com/divegeek/uscode and google "gitlaw" for a popular blog posts and follow-up discussions on opencongress.org and elsewhere
22:37:38realazthat:gmaxwell: hey
22:38:02gmaxwell:realazthat: hay is for horses.
22:38:16realazthat:gmaxwell: I been polishing up the interpreter
22:38:34realazthat:some minor issues to note
22:38:46realazthat:first, memory can't be freed
22:39:00realazthat:I allocate it in pages, on demand
22:39:14realazthat:but it doesn't know when you aren't using it anymore, and doesn't check for all-zero
22:39:18realazthat:I assume this doesn't matter
22:39:27realazthat:for your purposes
22:41:16nsh:(the horizontality of punctuation matters, for my purposes :)
22:42:45realazthat:are you making fun of me :P
22:43:13nsh:mebbes :)
22:43:15andytoshi:gmaxwell: thx, i'll check those links out. hopefully i can adapt some of that stuff to the canadian side (and learn more about US law too -- i don't have any RSS feeds for congress/senate :( )
23:11:57gmaxwell:years ago
23:11:57gmaxwell:14:45 < jgay> gmaxwell, yeah, here it is http://okfnlabs.org/blog/2012/12/13/bundesgit-german-laws-on-github.html .. there are also links to the OKFN legislative
23:12:00gmaxwell:mailing list at the bottom of that
23:12:32gmaxwell:oops seems to have cutoff the first line, well it was just saying that there was a lot of progress in germany.
23:22:09andytoshi:great, that's really encouraging
23:22:53andytoshi:btw what channel are you pasting from
23:24:06nsh:direct from XKEYSCORE
23:55:25gmaxwell:yea, stupid packet filters sometimes cut of the beginning of messages.