00:59:39maaku:maaku is now known as Guest66151
05:05:04lecook:man vitalik made a huge payday
05:09:29justanotheruser:for nothing working :O
05:11:50lecook:whoah whoah the ethereum people are under the impression it is
05:12:04lecook:proof of concepts get you millions
05:12:12lecook:even though people don't understand it.
05:12:38justanotheruser:To my understanding they have a testnet running with sha3 PoW
05:13:40lecook:and they are planning on launching next quarter
05:14:18justanotheruser:oh, "in two weeks" X 6 then?
05:15:10lecook:in my opinion ethereum has the potential to surpass bitcoin
05:15:45lecook:in the end marketing always wins.
05:16:41Luke-Jr:lol
05:17:22justanotheruser:lecook: dogecoin is a counterexample of that
05:17:48lecook:dogecoin is pure marketing, we are talking about competent developers + marketing here
05:17:52justanotheruser:ethereum marketers may be able to convince you that marketing always wins though :)
05:18:13lecook:vitalik is a marketing genius. i'm gonna start writing too.
05:18:14justanotheruser:lecook: I don't care about competent developers if their product doesn't do anything bitcoin can't do
05:21:53Luke-Jr:give it time
05:22:01Luke-Jr:people will go back to Bitcoin after the Nth exploit
05:29:18wumpus:people are always arguing that their specific altcoin will do well because of marketing, but there are so many of them, it goes up against a rabble of marketeers driving people crazy and possible away from cryptocurrencies completely...
05:29:47gmaxwell:wumpus: yes, that concerns me greatly. Also the self defeating infighting.
05:30:07wumpus:it's like walking through a street and all shopkeepers try to violently make you enter their shop, the next time you'd avoid the street completely
05:30:16gmaxwell:If you were to setup a strategy to undermine cryptocurrency you could hardly do better than to create a bunch of infighting.
05:30:18lecook:https://github.com/orisi/wiki/wiki/Orisi-White-Paper this is a very interesting project on top of ethereum
05:30:45gmaxwell:lecook: it's on top of bitcoin...
05:30:47dgenr8:ethereum, bah. i'm waiting for taligent, if not that, transmeta
05:31:12lecook:ah yes sorry, wrote it w/o thinking lol
05:31:16gmaxwell:(and it's an example of why ethereum isn't all that interestin)
05:31:20gmaxwell:er interesting.
05:31:53gmaxwell:lecook: as much as I love cool script capabilities we have a ton which are almost never used in bitcoin. This complicates selling having even more of them.
05:31:57wumpus:gmaxwell: right; too many people doing their own thing, fighting others instead of working together
05:32:38gmaxwell:(I suspect there are opcodes where I'm the only person whos ever used them in a transaction… (and if not me then petertodd))
05:32:57lecook:i think it's about 100 opcodes?
05:33:35wumpus:woohoo, your own opcode :)
05:33:44gmaxwell:OP_GMAXWELL what would OP_GMAXWELL do?
05:34:59wumpus:that's hard to describe without a phd in math :)
05:35:45jcorgan:OP_GMAXWELL: six novel cryptographic constructs per minute, requiring hours of reading obscure papers to understand <= "proof of hard work"
05:37:19gmaxwell:One issue is, I think, that testnet seems to not be successful. There seems to be a gap where if a cryptocurrency is worthless it's too boring to mess with, but if its too valuable it becomes too valuable to toy around with.
05:37:36copumpkin:OP_GMAXWELL goes and makes up a new opcode on the fly and binary patches it into your bitcoin executable
05:39:49gmaxwell:I'm not sure how to span that gap. Perhaps if running multiple parallel daemons were easier, and you could just set some switch to always run testnet too.. Or perhaps if testnet coins has some specific kind of value, like you could redeem them for postcards from developers.
05:40:10wumpus:gmaxwell: that's true, there is little in the way to experiment with new ideas without creating an altcoin, and if testnet was valuable it'd be an altcoin
05:41:03gmaxwell:unused cryptocurrencies are really just kinda boring, even a lot of the altcoins are failures in this respect (E.g. litterally just three or four nodes on the network— a mining pool or two and an exchange or two)
05:41:42wumpus:it's a binary proposition, either your chains coins are worthless in any amount, or they are valuable in some amount, in which case it's a speculation target
05:42:54gmaxwell:right ... being worthless isn't so much a problem, except that when they're worthless no one will do anything with them, so they're boring.
05:43:32jcorgan:we could make testnet coins redeemable for core developer trading cards
05:44:17gmaxwell:yea, thats along the lines of what I was thinking... useful in a way that makes them worthy to play with but not in a way that makes them good for speculation.
05:46:36dgenr8:today's bitcoin valuation will look less than miniscule someday
05:48:54gmaxwell:hm? no. bitcoin is already too valuable for experimentation. (thus my speculation on there being opcodes only I've used) Which is probably fine since expirementation on the main network might trigger some third parties bugs... but sadly testnet is too worthless. We seem to have nothing in-between. But this might be just due to a genuine shortage of people actually interested in expirementing.
05:49:54Emcy:a moderately valued alt?
05:49:56[nsh]:interest can be courted
05:50:31gmaxwell:Emcy: no, then it just gets speculated on. once the value is non-zero its large if only you acquire enough of it. :)
05:50:31[nsh]:at the very least, someone should be handing out lab-coats, goggles and bunson-burners in a controlled environment with knowledgeable supervisors present
05:51:07gmaxwell:well I've thought of in the past requiring making a testnet transaction to get +v in here, and setting the channel to require it to speak.
05:51:19Emcy:i thought for a minute we could have thrown the dogecoin people a bone
05:51:38[nsh]:gmaxwell, that's not so bad an idea
05:52:16[nsh]:it pays to think about the ladder of engagement
05:52:31gmaxwell:Emcy: demonstratibly those things have not become hotbeds of expirementation, even though the varrious ltc forks are now (thanks to warren's efforts) based off a new enough code base to do interetsing things.
05:52:39jcorgan:does getting a testnet faucet to send coins to you count? :)
05:53:15Emcy:hm
05:53:27gwillen:jcorgan: nah, require an outgoing non-IsStandard testnet transaction ;-)
05:53:35gwillen:(and require that it be successfully redeemed)
05:53:35Emcy:is there any scrypt fork that has sensible scrypt parameters
05:54:14gmaxwell:But there are some people who like puzzles and would dig in and some people who wouldn't bother.
05:54:31gmaxwell:And they're not necessarily less good or useful folks because they're in the latter group.
05:54:38gwillen:I suppose that's fair
05:54:52gwillen:writing a testnet transaction is not that large of a puzzle though
05:55:01gwillen:for someone who wants to be a bitcoin wizard
05:55:58lecook:i do my tests on the main net is this good?
05:56:53gmaxwell:gwillen: yea, well my thought would be some bot that you have to send it some coins with a funny script that also encodes a return key for you, and it returns them with a novel puzzle script which you must satisify. Then after doing that you can just use that key to authenticate with an irc bot.
05:57:07gwillen:ahhh, nice
05:57:49dgenr8:if bitcoin totally stagnates feature-wise, eventually it will get eclipsed by something
05:57:55gmaxwell:but at the moment its actually rather difficult to create a custom signature that has an actual ecdsa sig too.
05:58:44gmaxwell:dgenr8: I'm not sure if you're referring to the discussion here, but I think a bigger concern is getting people to actually huge a huge amount of latent functionality which is already part of the bitcoin system
05:59:25dgenr8:quite agreed. just saying, not experimenting at all is also dangerous
06:00:18gmaxwell:I think I wasted an embarassingly long hour or two authoring 54fabd73f1d20c980a0686bf0035078e07f69c58437e4d586fb29aa0bee9814f (mainnet) due to making some stupid mistakes.
06:00:44gmaxwell:(knowing what I needed to do was trivial, actually computing the correct hash for the signature was not)
06:02:04lecook:nice address gmax
06:05:13gmaxwell:lecook: meh, vanity address are pretty bad for the ecosystem. I created it mostly to brag about the gratitious waste of computing power, though amusingly it was a long time before anyone noticed how long a prefix it was.
06:05:56gmaxwell:I don't even want to think about the current value of the bitcoin I didn't mine while I was computing that. :P
06:08:20dgenr8:* dgenr8 goes to look up OP_1NEGATE
06:08:53gmaxwell:you should look at the scriptpubkey that its spending.
06:10:05lecook:are there any faster alternatives to bitmessage?
06:10:31lecook:to my understanding tor is completely pwned.
06:10:55gmaxwell:bitmessage and tor are pretty orthorgonal (actually you should only ever use bitmessage over tor)
06:11:20lecook:i really don't like the 2 minute lag. :/
06:12:21gmaxwell:lecook: it's more like email than IM.
06:12:26dgenr8:ah its just a trivial OP_DUP 0 OP_LESSTHAN OP_VERIFY OP_ABS 1 16 OP_WITHIN OP_TOALTSTACK 0378d43027
06:13:34gmaxwell:yea knowing how to satisify it was trivial. a little less trivial to actually do so because you have to compute a signature too. (the private key is some well know 'brainwallet' string, but using a compressed key)
06:14:24dgenr8:lol I was kidding......
06:14:36wumpus:lecook: what do you mean pwned? any low-latency anonymizing network can be subjected to timing attacks, so your requirement of 'faster' is likely in conflict with what you want
06:14:46gmaxwell:dgenr8: well work through it, its no so hard. :)
06:15:29lecook:do you guys think the talk withdrawn on blackhat on tor was fud?
06:16:26gmaxwell:lecook: no, go see the post on tor dev about it. Basically it sounds like they had a technique that makes timing attacks more effective, it's since fixed in the latest tor... but ultimately the upper bound on tor's privacy is fairly weak due to tor being realtime.
06:16:56gmaxwell:(The tor project is very upfront about this limitation— but if you're not real time it's hard to get users, and any anonymity system's privacy is also bounded by the size of its userbase)
06:16:56wumpus:like in every software project, bugs in tor gets found and fixed in it all the time
06:18:24gmaxwell:the ideal thing to do is build non-realtime systems and run them over tor and you get both bigger userbases to hide in and better privacy. This is what pond does, and bitmessage can optionally run over tor.
06:19:10jcorgan:i thought i read somewhere the idea that Tor could also offer a second option to have a random-delay service, and use that traffic to help obscure the near-realtime traffic
06:19:26jcorgan:heh, it must have here
06:19:34jcorgan:been here
06:19:55wumpus:that could have been here, it would be a nice thing to have in tor, though a service over tor could also work
06:20:43lecook:well my userbase will only contain 1000-10 000 nodes at most not that big.
06:21:23gmaxwell:jcorgan: I've mentioned it, Roger (@tor) co-authored a paper on it: http://freehaven.net/anonbib/cache/alpha-mixing:pet2006.pdf
06:21:49jcorgan:OP_GMAXWELL
06:23:19gmaxwell:there are a lot of challenges though— e.g. resisting dos attacks. Once you start doing non-trivial storage for people you need a way to prevent attackers from flooding out the storage.
06:23:32Emcy:im still shocked tor is NOT using some sort of random delay thing already, i asumed it was
06:24:29wumpus:well the major use of tor today is web browsing, so there's an inherent and obvious conflict there
06:24:58gmaxwell:Emcy: if you're adding delays you start to make things unusable... and small random delays aren't really enough to prevent timing analysis. (Esp confirmation attacks)
06:25:00Emcy:browing on tor is already probably 10x slower than normal
06:25:13Emcy:and if people go tot he traouble of downloading TBB in the first place
06:26:14wumpus:exactly, there is already a lot of latency added, adding more latency per hop will make it worse and possibly unusable
06:26:37gmaxwell:Emcy: hm? I think it might depend on the stuff you use, it's not that hugely slow most of the time.
06:26:47wumpus:at least for web browsing. many other applications wouldn't care, so it could be something that is configurable...
06:27:02gmaxwell:(but indeed, it is already at least somewhat slow)
06:27:25Emcy:gmaxwell wouldnt a delay of a few tens or >100 ms at each hop be enough to obsfusicate you in with the rest of the packet flow, since tor has decent thruput now
06:27:39gmaxwell:absolutely not
06:27:55wumpus:the download speeds are pretty ok these days, but it can add quite some latency
06:28:17gmaxwell:Emcy: e.g. in a confirmation attack I'd just block your whole connection for 1 second at a time and count the arrival at the other end.
06:28:29[nsh]:it's more "emailing webpages to yourself" RMS-style before the low-latency risk goes away
06:28:42Emcy:oh yes you mentioned that before
06:29:04Emcy:but still that takes away the passive attacking capability
06:29:15Emcy:dropping your flow for seconds is noticable
06:29:15gmaxwell:reading offline is actually pretty nice, I wish the web had more facilities for that.
06:29:26wumpus:[nsh]: yes - you'd have to set up a queue of information to fetch, wait, and then come back later to read it... a very different paradigm than web browsers
06:29:36[nsh]:tighy
06:29:59[nsh]:*right, but not an unworkable one, if better supported, as gmaxwell says
06:30:00gmaxwell:Emcy: in any case, every user you lose from tor means a smaller anonymity set. Consider the bomb threat assclown at .. harvard? last year... identified him because he was the only person on campus using tor around the time in question.
06:30:19[nsh]:(one of a handful)
06:30:25Emcy:thats a good point
06:31:20gmaxwell:anyways the alpha mix paper describes how you can reasonably have both in one network.
06:32:30Emcy:perhaps tor could be best used as a substrate for the real countermeasures, for those that require it
06:32:57Emcy:there has to be a way of comprehensively defeating even the GPA
06:33:21Emcy:it must be a CS research issue
06:34:21gmaxwell:research really isn't the problem.. there are a lot of ideas... but making good implementations is hard, as you can see with all the attacks on tor they need to do a lot of work just to keep the basic functionality secure.
06:34:41Emcy:yea
06:34:49Emcy:but thats flattering in a way
07:41:32maaku:maaku is now known as Guest16810
09:54:52gmaxwell:[Semi-OT, since it's less of an issue for crypto than some other fields] https://www.openaccessbutton.org/ basically a bookmarklet that helps you find alternative sources when you hit a paywall, and also logs the event to generate figures for people to use in talking about the impact of paywalls.
10:07:57Emcy:is that news or things like journals
10:08:23Emcy:welp if i clicked it first id see its journals
11:16:52sl01:would be interested to hear your thoughts on section 3 of the tezos paper (http://tezos.com/position_paper.pdf), it discusses why they chose proof of stake, basically they use checkpoints and/or statistics (what fraction of coins moved on a given fork) to prevent very long chain forks, and slasher style punishment to prevent short forks
11:18:34Luke-Jr:sl01: this is not ##altcoin-dev where crazy ideas flourish, it is #bitcoin-wizards, where Bitcoin people discuss serious practical ideas.
11:18:41sl01:they make the argument that nothing is perfect (bitcoin PoW) and that PoS can be made to work in practice
11:18:50sl01:Luke-Jr: yea but that paper was posted here, and given props by some wizards
11:18:59sl01:otherwise I wouldn't have mentioned it
11:19:37Luke-Jr:sl01: your mention was the first link to it here.
11:19:54Luke-Jr:or mention of tezos for that matter
11:21:05sl01:pretty sure zooko posted it here, as well as on his twitter
11:22:25sl01:maybe it was only on his twitter :[
11:26:15sipa:Luke-Jr: i'd say it is on topic here
11:27:02sipa:doesn't mean it's a good idea
11:30:10Quanttek_:Quanttek_ is now known as Quanttek
11:56:30jgarzik:jgarzik is now known as home_jg
12:13:58dsnrk:ugh. I decided to write a tool to find address reuse.
12:14:03dsnrk:wishing I hadn't.
12:18:39hearn:find address reuse? it's not hard to find
12:19:15dsnrk:naturally, but I wasn't aware it happened so much.
12:20:49dsnrk:last block has 420 transactions, 91 transactions spent change back on themselves.
12:22:33dsnrk:sorry, 119 transactions re-used, of those 91 keys were unique.
12:30:47hearn:sounds like bitcoinj is popular :-)
12:30:57hearn:though i think blockchain.info might do that too, i didn't use it for a long time
12:31:29hearn:it'd be nice if there was a graph of that somewhere. i've got a couple more patches to go and then I think we can start releasing the new HD bitcoinj that doesn't reuse addresses anymore
12:31:37hearn:it'd be cool to see some graph line go down over the following months
12:31:46dsnrk:it's mainly blockchain.info transactions.
12:32:13dsnrk:you can tell them apart by scraping against blockchain.info.
12:32:56hearn:yes, well, world domination isn't quite possible yet :)
12:33:01hearn:(for me)
12:33:25hearn:i'm hoping once multibit HD releases then we can start to make some more inroads against blockchain.info transactions
12:33:36hearn:though i think we'll need a wallet with a whole other level of polish to get people away from web wallets
12:34:17dsnrk:blockchain.info's wallet is pretty shit, it just has momentum.
12:34:44dsnrk:people don't realise how much address reuse is biting them in the ass, which is unfortunate.
12:34:52hearn:i've put quite a bit of work into spiffing up lighthouse. ok it's not a "regular" wallet but most of the graphics code can be reused to make one
12:35:09hearn:well, i think people often do realise, but the alternatives are worse
12:35:24dsnrk:no, they don't.
12:35:51dsnrk:"you know blockchian.info wallets have no privacy right?" "that's fine I used Shared Coin to get it back"
12:36:09hearn:alright. let me put it this way. i realise, but i still use wallets that reuse addresses, because i trust my ability to reliably make backups less than i value extra privacy.
12:36:11hearn:(for now)
12:36:27hearn:ah yes well coinjoin is an idea that holds far more fascination than it really should imo
12:36:29hearn:perhaps it's the new web of trust
12:36:45dsnrk:shared coin is NOT coinjoin.
12:37:08dsnrk:in any way, shape of form.
12:38:14dsnrk:Shared Coin is an expensive, totally worthless service that in no way resembles a coinjoin.
12:38:18hearn:heh
12:38:39hearn:but regular end users don't see it that way ..... they see big messy transactions and think "privacy solved!"
12:39:05dsnrk:I taught a reddit user how to deanonymise shared coin transactions.
12:39:27dsnrk:just gave them the general idea, and they exposed my example transaction in a couple of minutes.
12:40:04dsnrk:if anything it gives you even worse privacy because it paints a big "I WANT TO KEEP THIS SECRET" on your transaction.
12:44:29dsnrk:hearn: I think above all, people don't know that multibit and bc.i reuse addresses, and they don't know this is an issue for their privacy.
12:44:58hearn:that could be true. the new "choose your wallet" page on bitcoin.org should help with this
12:45:30hearn:although i just noticed there's a "source code" button, wtf
12:46:13dsnrk:I can't even compile multibit. I tried, but yeah, java.
12:49:00wumpus:is it supposed to flip when you move the mouse over the page? it gives me a headache
12:49:20hearn:compiling java apps is about a billion times easier than most native apps i've tried, although iirc multibit is a pain because it relies on a fork of bitcoinj that you have to fetch and install first.
12:49:26hearn:most wallets don't
12:49:37hearn:and multibit HD is a rewrite which also doesn't, i think
12:49:52wumpus:I also failed to compile multibit (then again, I probably gave up too soon)
12:50:08dsnrk:native apps can be a lot easier.
12:50:23wumpus:well it's not that it's difficult but I don't know all the tools for java building
12:50:24dsnrk:git clone https://github.com/bit-c/bitc.git; cd bitc; make
12:50:57dsnrk:yes I wager that's probably the problem for me too.
12:51:17hearn:dsnrk: it lists four dependencies there
12:51:30wumpus:I'm fairly sure building native apps is harder, especially for platforms that are not first class
12:51:47hearn:wumpus: there are only two ones in wise usage really, maven and gradle. both of them use the same network repository protocol so the differences boil down to the config syntax and command line tools.
12:52:26hearn:maven uses a fairly verbose form of XML, but i found it to be quite fast. gradle uses a scripting language and the build files are much, much simpler and cleaner in most cases, but gradle itself seems to be quite slow for mysterious reasons.
12:52:41dsnrk:hearn: I suppose. all the sort of thing most people would have anyway though.
12:52:43hearn:for both of them you just run the main command they download and install all needed libraries recursively
12:53:24wumpus:hearn: that's good at least
12:53:29hearn:also the source tree layouts are standardised and they figure out build rules and such automatically, so once set up you mostly can leave the build system alone, which is nice
12:53:48dsnrk:bit-c would be a really sweet client to use if it just had a little more polish.
12:53:50hearn:they also know how to auto-discover unit tests and run them, generate coverage reports, etc. they're quite impressive really.
12:54:14hearn:you get a lot of functionality for free. and they're cross platform. anyway.
12:55:25wumpus:dsnrk: yes, would be great if someone took over maintenance
12:56:14dsnrk:I've patched the worst of the weird stuff, but I don't know enough crypto to be sure what I write is safe
12:58:28hearn:weird stuff?
12:59:21dsnrk:logs are a bit verbose sometimes, testnet mode is broken
12:59:44dsnrk:in the public master you can enable testnet mode but the address version bytes are wrong
13:04:22hearn:that's pretty basic
13:07:16wumpus:I'm sure you can't have made many crypto mistakes with that
13:27:35dsnrk:I know, but I would like a HD version of it.
13:27:47dsnrk:that's where I would end up nuking Other People's Money
13:33:55Alanius_:Alanius_ is now known as Alanius
13:44:20hearn:dsnrk: what do you like about bit-c the most?
13:44:28hearn:the fact that it's written in c? the ncurses ui?
13:45:36dsnrk:hearn: it's lightweight, it's in c, and the ncurses UI is pretty. checks all of the boxes in that regard.
13:48:08hearn:why is being written in C a benefit? surely that just opens the possibility of security holes
13:50:33sipa:before i actually started writing things in c++ (but even after beware aware of the language features), i would have chosen c for anything, anyday
13:51:00sipa:(over c++, not for every conceivable software obviously)
13:51:16sipa:s/beware/being/
13:51:23sipa:c++ is just scary if you're familiar with it
13:51:32sipa:*not
13:52:02hearn:i'm quite familiar with c++ and it scares me rigid. though frankly even working in java scares me, so maybe i'm just a scaredycat :)
13:52:13hearn:c++ is a lot safer than c for sure, but still quite dangerous
13:52:20dsnrk:for me at least, I understand what's going on in C
13:52:57sipa:yup; in c++, even though perfectly controllable, things happen without you being aware of it
13:53:02hearn:do you? think about all the ways the compiler is allowed to exploit undefined behaviour
13:53:04sipa:copying, destructors, ...
13:53:13hearn:i'm not sure i'd ever say for sure i know what a C program is doing once compiled
13:53:42hearn:too many ways to accidentally do something that violates some obscure part of the spec and have gcc decide to cleverly remove e.g. security checks
13:53:49sipa:i like c++ for being able to abstract things like memory management away, so i don't need to care about it
13:54:02sipa:i dislike c++ for it abstracting things away that i should be aware of :)
13:54:07wumpus:C is nice for low-level work, such as codecs and drivers, but as soon as you start working with strings, having std::string is very nice
13:54:13sipa:and RAII
13:54:24wumpus:or indeed, anything that is dynamically allocated
13:54:39sipa:I'd love C with structs that have destructors...
13:54:51hearn:well, you can use C++ that way
13:55:30hearn:but C++ only partly abstracts memory management. i have too many memories of my team at google losing a week because someone introduced an mm-related race condition into some component of gmail
13:55:44hearn:and then we'd have to try and figure out what the hell was going wrong when one server out of a thousand crashes a few days a day
13:56:11hearn:it's mostly safe until you need to start doing things that are unsafe, which eventually you always do
13:56:45wumpus:c++ is absolutely a dangerous language, and very easy to shoot yourself in the foot
13:57:33hearn:the other day i was asking the kotlin team to make all integer math checked. it looks like overflow free integer programming might be feasible on the latest jvms, though i need to find good benchmarks and try it
13:58:01wumpus:now that would be great
13:58:05hearn:we just need to systematically crush entire bug classes out of existence to keep scaling software to more important and more complex tasks
13:58:35hearn:apparently hotspot compiles Math.addExact() and friends down to just "add" + "jo" opcodes on modern jvms and CPUs. so with branch prediction it might actually be free
13:58:47hearn:or close enough to free that it makes no odds
13:58:56hearn:of course to invert the default you'd need some way to bring back unsafe math
13:59:25hearn:apples new Swift language has &+ &- &* etc opcodes to do unchecked maths. the rest of the time it's always overflow checked
13:59:34wumpus:sure, for crypto and bitwise operations you need to be explicitly specify that rolling over is allowed
13:59:50wumpus:be able to*
13:59:55wumpus:but it is an exception rather than the rule
14:00:20sipa:just have int32_t and int_mod2pow32_t
14:00:31sipa:the former has overflow checking, the latter hasn't :)
14:00:39wumpus:right
16:02:24fanquake:fanquake has left #bitcoin-wizards