| 00:33:16 | nuke_: | nuke_ is now known as nuke1989 |
| 01:03:44 | moa: | moa has left #bitcoin-wizards |
| 01:16:10 | Adohgg: | Adohgg is now known as Mooltensea |
| 01:22:26 | Mooltensea: | Mooltensea is now known as Adohgg |
| 04:41:03 | quackgyver: | quackgyver has left #bitcoin-wizards |
| 04:56:23 | coinmeister: | has any OT related technology gone mainstream yet? |
| 05:51:52 | brisque: | I've been reading up on the "improved" PoS system ethereum is decided they are using (this week), yet the more I research the worse of an idea it sounds. in a nutshell it's PoS with a 12 second block time, and a system of punishing people that vote on multiple chains as a mechanism of preventing multiple chains at the same height from continuing. |
| 05:52:34 | brisque: | the idea is that peers publish proofs (ie, two votes at the same height) as evidence that somebody is being "bad", meaning you're probably not going to be signing multiple chains if you have any sense. beyond that it's pretty standard PoS. |
| 05:53:49 | brisque: | to me the 12 second expectation doesn't seem to be at all reasonable, inter-node latencies will surely be a great deal higher than the block time, and actually just processing the blocks would likely be a decent portion of it as well. you're not left with much headroom at all before you start getting outrun. just from my Bitcoin peers, some of them are upwards of 2 seconds round trip away. |
| 05:56:59 | brisque: | and the more you think about 12 seconds, the worse of an idea it becomes. 12 second blocks with a number of signatures has got to add up in terms of header size. even if we call it 500 bytes per block, thats a solid 150 KB an hour, or 1.314 GB a year in just header metadata. I bet it's more than that, too. |
| 06:00:05 | justanotheruser: | brisque: ignoring the time, they seem to think they can punish a pseudonymous person who may not have any spendable outputs on the address they created a fork with |
| 06:00:24 | phantomcircuit: | brisque, i've stopped trying to understand what they're doing |
| 06:00:30 | phantomcircuit: | because they just keep changing it |
| 06:00:38 | justanotheruser: | ;;calc 80*5*60*60*24*365 |
| 06:00:39 | gribble: | 12614400000 |
| 06:01:46 | justanotheruser: | we need #bitcoin-consensus-school |
| 06:02:20 | brisque: | justanotheruser: I made the assumption that they would have some sort of minimum output size for you to put aside. however, if I could destroy your funds by making you sign a "bad" block.. could be interesting. |
| 06:03:20 | Luke-Jr: | brisque: how does it fix grindng? |
| 06:03:26 | brisque: | phantomcircuit: yes, it's remarkable how much they haven't been able to decide what to spend their millions of dollars on developing. if anything their ideas are getting progressively worse and worse. |
| 06:05:13 | midnightmagic: | yikes |
| 06:05:14 | brisque: | Luke-Jr: I haven't seen it mentioned anywhere, so I doubt it's been considered. it's not mentioned anywhere on their blog, website or forums. |
| 06:07:08 | phantomcircuit: | brisque, not really, once they got millions they didn't have to develop anything |
| 06:14:15 | brisque: | Luke-Jr: actually they do mention stake grinding, it's just not called that. they essentially just aim to use data from 2000 blocks ago rather than data at the head of the chain. |
| 06:15:38 | brisque: | I somehow missed this blog post from a while ago, I'm not even sure if it's still what they're doing or not. https://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/ |
| 08:05:17 | tepper.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 08:05:17 | tepper.freenode.net: | Users on #bitcoin-wizards: andy-logbot CoinMuncher rfreeman Graftec Starduster Guyver2 go1111111 cbeams gloriusAgain vfor damethos p15_ ericp4 Logicwax Emcy NikolaiToryzin brisque jchp_ x48_ pen tromp__ TheSeven LarsLarsen coinheavy fanquake todaystomorrow mortale eslbaer__ kmels Dr-G2 justanotheruser nuke1989 dgenr8 nanotube tromp emsid bsm117532 ebfull napedia Adlai wizkid057 koshii jgarzik a5m0 epscy tucenaber artifexd tacotime samson_ shesek arowser digitalmagus8 |
| 08:05:17 | tepper.freenode.net: | Users on #bitcoin-wizards: HaltingState irc88 prepost atgreen spinza mappum SDCDev Grishnakh grandmaster2 br4n altoz skinnkavaj wiretapped iddo OneFixt drawingthesun starsoccer midnightmagic Adohgg jaekwon Muis berndj-blackout gribble nsh Graet melvster kinlo Transisto zenojis hollandais [Derek] BlueMatt Dyaheon CryptOprah_ jbenet promoJo michagogo zlinn_ btc_ copumpkin pigeons BrainOverfl0w lianj_ UukGoblin optimator wumpus Apocalyptic poggy rs0 jcorgan_ Iriez |
| 08:05:17 | tepper.freenode.net: | Users on #bitcoin-wizards: mr_burdell fluffypony K1773R bbrittain SomeoneWeird mikalv forrestv livegnik mkarrer Anduck amiller Nightwolf Keefe Krellan BigBitz [\\\] dansmith_btc Taek42 jaromil EasyAt sl01 comboy_ Luke-Jr espes__ sipa coryfields [d__d] bobke nsh- pajarillo crescendo HM maaku phantomcircuit zibbo gmaxwell Fistful_of_coins DoctorBTC harrow roasbeef andytoshi mmozeiko Eliel CodeShark throughnothing Guest47516 Alanius nickler_ pi07r ryan-c kanzure gwillen |
| 08:05:17 | tepper.freenode.net: | Users on #bitcoin-wizards: otoburb smooth helo Guest50253 abc56889 lechuga_ TD-Linux catcow danneu LaptopZZ burcin petertodd so phedny @ChanServ waxwing Hunger- asoltys warren |
| 12:37:11 | samson2: | samson2 is now known as samson_ |
| 13:06:05 | instagibbs: | brisque: is this what you were reading: https://docs.google.com/document/d/1irOyVlKll6XDKp_oOx1UZGNaqI8ao7ETRgEIepUBh4c/edit# |
| 13:55:08 | tromp: | they lack a strong sense of KISS |
| 14:41:37 | px_: | px_ has left #bitcoin-wizards |
| 16:15:20 | jedunnigan: | jedunnigan is now known as Guest43313 |
| 18:24:12 | wallet42: | wallet42 is now known as Guest14854 |
| 18:24:12 | wallet421: | wallet421 is now known as wallet42 |
| 18:57:08 | Taek42: | brisque what's to stop someone from going back in time and spending votes on multiple chains, invalidating their own votes on the previous winning chain, and thus having some alternate chain become the winner? |
| 18:57:14 | Taek42: | *ethereum |
| 19:04:12 | Taek42: | looks like they want to use checkpoints |
| 19:04:23 | sipa: | ... |
| 19:05:00 | tacotime: | proof of checkpoint |
| 19:05:33 | tacotime: | the secure answer to any insecure consensus system |
| 19:05:39 | Taek42: | "To solve the “new nodes” problem, a new node upon startup need only download a recent block hash, and accept it as a “checkpoint”. The node will accept forks starting N blocks behind the checkpoint, but with a factor penalty of 0.99 ^ N" |
| 19:06:11 | tacotime: | wait what |
| 19:06:42 | tacotime: | these are really bizarre security assumptions |
| 19:09:52 | zooko: | zooko has left #bitcoin-wizards |
| 19:13:16 | tromp: | this is almost like "security theatre" |
| 19:17:51 | andytoshi: | o.O ethereum has a "refuse to reorg" rule? |
| 19:18:02 | andytoshi: | and since when do they have pos, wtf |
| 19:18:15 | sipa: | they've had pos for a while, i think |
| 19:18:17 | Apocalyptic: | and since when do they have pos, wtf // PoS ? since the beginning... |
| 19:18:31 | sipa: | i haven't followed the details |
| 19:18:43 | andytoshi: | "the beginning" for me was "we'll be bitcoin but with turing complete script", and i honestly have not checked up on them since.. |
| 19:18:46 | tacotime: | they've switched to some slasher-dpos-tpos hybrid thing |
| 19:19:02 | tacotime: | andytoshi: that's probably a good place to stop |
| 19:19:15 | tacotime: | i stopped reviewing pos systems that aren't depending on pow |
| 19:20:20 | Taek42: | ethereum was originally going to use POW, I remember reading that they were going to tap their POW hashes as a source of random numbers |
| 19:20:20 | gmaxwell: | Every concern or criticism has been met by additional complexity; resulting in a design which may have computational security against review. |
| 19:20:27 | andytoshi: | lol |
| 19:20:53 | andytoshi: | "we show that if an adversary is able to review this cryptosystem, a simulator can be constructed which solves the halting problem" |
| 19:21:19 | gmaxwell: | lol |
| 19:21:32 | BlueMatt: | gmaxwell: literally interrupted conversation loling too hard..... |
| 19:21:37 | tacotime: | Taek42: yeah i use that too in my hybrid pow-pos system, but not so much the block header hashes as the header hashes+header itself --> hash of concatenation of both |
| 19:21:52 | tacotime: | using header hashes is bad because randomness decreases with higher difficulties |
| 19:22:52 | tacotime: | if you assume that the nonce is either in the header or the tx tree somewhere (extra nonce), i think sha256(header hash + header) is a sort of okay source for randomness, but it really depends what you're doing. |
| 19:24:44 | instagibbs: | I ran into that link after reading discussion here, I really thought they were doing sha3 or something |
| 19:25:14 | tacotime: | you can't justify $20m of ipo superbucks with sha3 i assume |
| 19:25:52 | tacotime: | i think their tx tree etc hashes are keccak though, keccak is what we use too (monero) |
| 19:26:24 | instagibbs: | did you read up on their "use the VM as PoW" writeup, re-running contracts as PoW or somesuch. That was the last I'd read of their attempts at consensus. Wasn't that long ago |
| 19:28:10 | gmaxwell: | Hopefully y'all are spending equal time thinking about things which aren't so amusingly complex... e.g. things which actually benefit (rather than get worse) with more review. :) |
| 19:29:21 | tacotime: | i'm just implementing my pos on top of pow system, i'll abuse it with testing once that's done and pass it to some academics i know to give it a run through because i'm not smart enough to math. |
| 19:29:38 | tromp: | they shld save their non-pow experiments for Eth2 and focus on getting Eth1 working reliably |
| 19:30:47 | tacotime: | tromp also five different implementations could probably be saved until later |
| 19:31:15 | Taek42: | complexity is a very attractive temptress. |
| 19:31:50 | tacotime: | complexity is the root of security evil, eg bitcoin scripting. |
| 19:32:12 | tacotime: | totally innocuous stuff like OP_RETURN initially enabled you to do really fun things like spend other people's money. |
| 19:46:31 | jtimon: | "The purpose of this post is not to say that Ethereum will be using Slasher in place of Dagger as its main mining function. Rather, Slasher is a useful construct to have in our war chest in case proof of stake mining becomes substantially more popular or a compelling reason is provided to switch. " https://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/ |
| 19:47:21 | tacotime: | yeah that's quite old though |
| 19:47:39 | tacotime: | he was writing a paper about his new dpos-tpos-slasher algorithm that someone posted in here the other day |
| 19:47:39 | instagibbs: | Jan in Eth time is like, a long time, man. |
| 19:55:28 | instagibbs: | instagibbs has left #bitcoin-wizards |
| 20:03:59 | jtimon: | I see |
| 20:06:52 | jtimon: | tacotime but bitcoin scripting makes things very interesting |
| 20:07:30 | tacotime: | imagine how interesting ethereum scripting will be, then :) |
| 20:08:01 | tacotime: | to be fair scripting is very useful, eg p2sh and whatnot |
| 20:08:10 | tacotime: | but scary too. |
| 20:11:15 | jtimon: | I don't see any reason why an "agent based" scripting could be more interesting than a "input/output based" one |
| 20:12:28 | tacotime: | from a security standpoint? :) |
| 20:12:58 | jtimon: | from a functionality standpoint |
| 20:13:20 | jtimon: | from a security standpoint input/output is much easier to analize IMO |
| 20:13:53 | tacotime: | yeah, i think there's tons left to do with p2sh and it'll generally always be safer to use that than a crazy turing complete pythonic language. |
| 20:14:05 | jtimon: | and you don't need to hardcode execution fees |
| 20:14:21 | tacotime: | yeah |
| 20:14:29 | tacotime: | i think execution fee escape will be interesting |
| 20:15:13 | jtimon: | I'm not sure turing completeness is necessarily a problem, but maybe it's not necessary either |
| 20:16:24 | jtimon: | I'm a great fan of python but I think for this you want strict tipying and make static analysis easy |
| 20:17:08 | tacotime: | right.. i mean it builds to some kind of language that is a bunch of op_codes, and i guess you can statically analyze that. |
| 20:17:15 | jtimon: | so that wallets can withelist or blacklist certain "script types" |
| 20:17:24 | tacotime: | i think the problem is that most users are never going to do that, though. |
| 20:18:12 | jtimon: | ideally the opcode level would be readable by itself, you can always extend it with macros |
| 20:19:06 | licnep_: | licnep_ is now known as licnep |
| 20:19:26 | tacotime: | https://github.com/ethereum/serpent/blob/master/opcodes.h |
| 20:19:30 | tacotime: | those are the op codes |
| 20:21:12 | tacotime: | it's a mix of high level and low level things |
| 20:22:02 | pigeons: | OP_SUICIDE |
| 20:22:32 | tacotime: | I think that's for killing a script after a certain execution state |
| 20:24:08 | tacotime: | https://github.com/ethereum/cpp-ethereum/wiki/LLL-PoC-5 |
| 20:24:17 | tacotime: | that's the LLL (low level language) reference |
| 20:24:24 | tacotime: | although i haven't looked at it closely |
| 21:06:03 | jtimon: | GASPRICE ...isn't this a hardfork-required-to-change constant? |
| 21:07:05 | jtimon: | or consensus critical function? any of them are ugly |
| 21:12:39 | rdponticelli: | rdponticelli has left #bitcoin-wizards |
| 23:17:05 | justanotheruser: | Thoughts on giving miners a constant incentive through demmurage? |
| 23:17:40 | justanotheruser: | Specifically, softforking demmurage in by forcing users to pay a fee relative to how much their outputs value has decayed and allowing miners to redeem coins that don't yet exist on a sidechain |
| 23:29:24 | justanotheruser: | This is a "forbidden" change |
| 23:30:05 | justanotheruser: | but if there is too much variance in block reward when there isn't a subsidy, perhaps it is necessary to have a small demmurage |