| 00:00:38 | op_null: | only in this audience could that comment be appreciated |
| 00:01:09 | bramm: | You know, an alternate goal of PoW engineering might be to make it so that the bottleneck is memory regardless of whether ASICs beat CPUs |
| 00:01:21 | bramm: | Maybe by that metric my 4sum idea isn't so bad |
| 00:01:52 | adam3us: | bramm: motivation? hw vs electrical cost balance? |
| 00:02:04 | bramm: | adam3us, Less environmental destruction |
| 00:03:01 | gmaxwell: | bramm: equal amount of dollars poured into etching and wafer making is not necessarily more enviromentally improved than power generation. |
| 00:03:02 | adam3us: | bramm: (aka less electrical cost). i am not sure that computes necessarily. if the coins have value, up to that value will be spent chasing them. there are worse things than power use. |
| 00:03:36 | bramm: | power use has massive environmental externalities |
| 00:03:51 | bramm: | But yeah, it could be that the power consumption of producing the wafers in the first place is comparable |
| 00:04:22 | adam3us: | bramm: or worse. say the difficulty goes up after 1 year such that only people who had amortized equipment could break even. then they get a monopoly on coin creation. or partial versions of that effect. need to understand this economic picture. |
| 00:05:29 | Eliel: | bramm: ... you aren't imagining that a memory hard PoW algo would really save any direct power use over a CPU hard algo? are you? |
| 00:06:06 | bramm: | Eliel, cuckoo seems to pull that off by making there be so many random accesses that the CPU isn't doing much |
| 00:06:27 | op_null: | I think the upper bound of cuckoo mining is still power use though. |
| 00:06:56 | Eliel: | bramm: what makes you think there'll be less total miner power use if the algo uses less power? |
| 00:07:08 | op_null: | sitting in my farm of weird ass FPGA + memory boards, my limit is either going to be hardware cost or power. |
| 00:07:32 | adam3us: | op_null: agreed. or stealing or renting bots. |
| 00:07:37 | op_null: | making them is an NRE cost, once they are designed the limit is getting fabs to squirt them out. |
| 00:07:39 | bramm: | Eliel, ideally the PoW is so dependent on memory that consumer computers are the best option because they already have the memory and it's just sitting around depreciating anyway |
| 00:07:45 | Eliel: | even if you ignore any power use from manufacturing. |
| 00:08:42 | adam3us: | bramm: i am not sure thats realistic other than as a background goodwill decentralisation effort because commodity pricing means it'll get to break even for custom rigs, and if thats 10x, custom rigs will lose money. |
| 00:08:45 | bramm: | Or at least, hopefully, the best way to mine turns out to be to buy commodity memory, so it winds up making memory cheaper for other people, which is at least a social good |
| 00:09:02 | adam3us: | bramm: err general computers will lose money (custom rigs will take it all) |
| 00:09:24 | bramm: | adam3us, I'm not feeling very hopeful about this whole endeavor, but it's worth trying :-) |
| 00:10:09 | gmaxwell: | I'm really doubtful that commodity memory can actually be made the optimal substance; it's very presumtive of the lack of skill in hardware engineers to optimize for a specific thing. :) |
| 00:10:37 | adam3us: | bramm: i suspect you and tromp maybe underestimating the ingenuity of hw people. there are some crazy smart people in that field who optimise all kinds of things in custom hand laid out circuitry with 20 years experience who are near genius guys the odd one. |
| 00:10:47 | bramm: | gmaxwell, The nice thing about memory is that it's inherently very commodity, there's very little possible variation in what it does, so less custom optimization possible |
| 00:11:57 | adam3us: | bramm: i think the best you could hope for is maybe a factor of 10x or 100x "small" advantage for custom hw. which is way too high. 10% advantage would kill the deal of having general purpose cpu be economically viable. |
| 00:12:24 | bramm: | adam3us, notice that I'm not making strong practical claims about what can be done, just discussing approaches. I find this whole subject somewhat depressing because what can be done is so limited |
| 00:13:23 | adam3us: | bramm: yes there are seeming physics and engineering tradeoff limits hitting it and making seemingly not much you can do to improve it. |
| 00:13:40 | gmaxwell: | bramm: thats a very simplistic understanding, See e.g. http://www.eecg.toronto.edu/~dunc/cram/ http://iram.cs.berkeley.edu/ and on chip edram ram with through-silicon vias as the kind of crazy optimized hardware people are already working on for memory bandwidth bottlenecked applications; without even being asked to specifically attack this problem. |
| 00:14:10 | adam3us: | bramm: maybe we can add hope in other directions. some of the centralisation is artificial. you can separate voting & hashing, to somewhat safely put hashing equipment you own in a datacenter. secondly gmaxwell proposed making the miner a smart-property |
| 00:14:36 | bramm: | not sure what 'making the miner a smart-property' means |
| 00:14:57 | midnightmagic: | It means the miner itself will refuse to do work on anything but authorized work units, signed by its owner. |
| 00:15:01 | adam3us: | bramm: yeah so gmaxwell idea is that the miner is locked to your ownership and will only mine blocks signed by you. |
| 00:15:24 | midnightmagic: | At best then, the hosting facility can disable it, but not subvert the hashrate. |
| 00:15:33 | bramm: | And what does that buy you, aside from hack resistance? |
| 00:15:41 | gmaxwell: | I can buy tromp's argument as plausable that perhaps you can't get orders of magnitude out of this stuff, ... but because the economic gap in POW applications such as ours is one where a small difference can be critical, and when you go from nearly-commodity sha256 to perhaps some very complex, trade secret and or patent encumbered, CRAM system; the result may be the opposite of what you've hoped for. I am not sure of this, I just ... |
| 00:15:47 | gmaxwell: | ... think it's not clear. |
| 00:15:48 | midnightmagic: | Benefits of centralized datacentre economies of scale. |
| 00:15:52 | adam3us: | bramm: what is dangerous is voting centralisation not hash equipemnt centralisation. |
| 00:16:19 | midnightmagic: | (presuming that hobbiest in his garage doesn't outweigh the costs of staffing such a place) |
| 00:16:41 | adam3us: | bramm: if I buy 100TH of equipment and put it in an iceland or washington data center, i can control it from a server in my house on my bandwidth. |
| 00:17:05 | adam3us: | bramm i can even hide my node via tor and sample multiple links to reduce risk that someone is censoring my view of transactions. |
| 00:17:18 | bramm: | Fair enough, there are likely to always be economies of scale |
| 00:18:01 | bramm: | I think a reasonable case could be made that an optimal 4sum miner would buy ordinary DRAM though |
| 00:18:27 | adam3us: | bramm: there are more ideas. maybe some people will be willing ot mine at a loss. users will happily buy lottery tickets with negative EV. so restructure the mining reward to look like a lottery. can probably do that with bitcoin smart contracts already. |
| 00:19:09 | bramm: | Aren't there already mass numbers of transactions which are mining pool redistribution? |
| 00:19:13 | adam3us: | bramm: another loss willing type of entity is companies collectively that rely on the security of the transaction processing network. maybe they maintain 0.5 − 5% of the network each depending on their size |
| 00:20:04 | adam3us: | bramm: eligius does direct payout (so the pool isnt holding the float) so then you see a large number of recipients in relation to their contribution. |
| 00:21:03 | adam3us: | bramm: you ideally want the pool to not have to be trusted to not get hacked (they do get hacked because they're online and holding potentially largish numbers of bitcoins), and to have it proven to the miner that the pool is not cheating by skimming |
| 00:21:41 | bramm: | Isn't the main reason for pools the lottery-ticketness of payouts and trying to smooth them over? |
| 00:22:02 | gmaxwell: | bramm: there are also diseconomies of scale, heat dissapation is much more costly at scale, getting power increments installed in large increments (e.g. several megawatts) requires months of lead time and decade long contracts. |
| 00:22:59 | adam3us: | bramm: yes. but you can use pools to smooth payouts without having the pool choose the blocks. (though thats mostly not how it works now, that is more artificial centralisation) |
| 00:23:44 | bramm: | True, consumer machines do have good heat dissipation |
| 00:23:50 | adam3us: | bramm: there are some people who intentionally solo mine so they get a small chance to win $10000 rather than a uniform payout of $1/day or whatever |
| 00:24:06 | gmaxwell: | (the heat surface area argument is one of the things in asic-faq, fwiw) |
| 00:24:16 | gmaxwell: | Yea, p2pool involves no centeralized pool, but shares payments. |
| 00:24:44 | bramm: | gmaxwell, how does p2pool ensure people don't cheat? |
| 00:25:04 | adam3us: | bramm: about negative EV lottery I mean you could make a pool that created rollovers to each week and day to make a more lottery like payout schedule. those users could push mining to a negative cost basis, which would disincentivize centralisation |
| 00:25:46 | gmaxwell: | bramm: same way centeralized pools do... participants submit near misses that mine to the right output locations, and the near misses prove the effort the participant is putting in. |
| 00:26:14 | gmaxwell: | bramm: in the case of p2pool, the participants share the near misses among each other in a merged mined consensus system to decide on who should be getting paid. |
| 00:26:16 | adam3us: | bramm: p2pool also other users can track that and refuse to participate if they dont see fair candidate pay out in the block being mined |
| 00:26:23 | bramm: | gmaxwell, I mean how does it ensure that people actually hand over their coins when they hit them? |
| 00:26:41 | adam3us: | bramm: it uses direct payout like eligius. |
| 00:27:01 | gmaxwell: | bramm: There isn't any handing over. The miners are attempting to directly pay to the releant users in their blocks. So the coins are created where they belong. |
| 00:27:02 | adam3us: | bramm: the payout is like 1% bram, 2% greg etc in a big transaction that is paying out the win directly to them |
| 00:27:11 | bramm: | Oh I see |
| 00:27:23 | bramm: | And you only get credit for partials if they're properly formed |
| 00:27:27 | gmaxwell: | right. |
| 00:27:44 | bramm: | That's a much saner way of doing things |
| 00:27:50 | gmaxwell: | And it uses closed loop control of the near miss difficulty to keep the number of outputs reasonable. |
| 00:28:10 | bramm: | what do you mean by 'closed loop control'? |
| 00:28:46 | adam3us: | bramm: dynamic difficulty based on observed historic number of outputs |
| 00:28:51 | gmaxwell: | When the number of users go up the system self adjusts what threshold a near miss must be to count. So that very small users aren't paid in every block (though their expected return remans the same). |
| 00:31:00 | adam3us: | bramm: there is also meta-incentive. someone sitting on $100m+ of relatively centralised mining gear doesnt want to rock the boat and have bitcoin price fall because people lose confidence in its decentralised security |
| 00:31:08 | bramm: | oh right |
| 00:31:18 | gmaxwell: | In practice this approach is not as popular for a number of reasons... it was invented later, many of the centeralized pools take fees that give them substantial marketing budgets, and with an additional daemon to run its somewhat more work to setup. It also doesn't get as much variance reduction owing to scalablity tradeoffs, and many miners really don't understand the technology well. |
| 00:31:58 | gmaxwell: | adam3us: well you'd think that... though the introduction of VC funds has resulted in there being some pretty remarkably unsophicated large miners. |
| 00:32:00 | adam3us: | gmaxwell: #1 probably its not obvious to configure :( |
| 00:32:42 | bramm: | VCs are stupid. A number of times I've told VCs I'm with BitTorrent and they've said 'Oh yeah I'm way invested in Bitcoin' |
| 00:32:59 | adam3us: | gmaxwell: yes its hard to have a game-theory incentivised p2p network in the face of repeated large scale economic irrationality. |
| 00:34:09 | gmaxwell: | An argument is that its self correcting; perhaps it is, but "Markets can remain irrational longer than you can remain solvent" works as well for s/solvent/secure/ :) |
| 00:35:09 | adam3us: | gmaxwell: must fix committed transactions |
| 00:36:09 | gmaxwell: | bramm: a year ago when a bunch of VC influx into mining was happening I had _several_ conversations with business people telling me they planned to have 60-75% of the hashpower. For the first one I was very concerned and stressed, trying fruitlessly to convince some hypomanic agressive business person that doing this, if possible, would be a huge loss that would undermine the value of the bitcoins recieved. .... but for the second ... |
| 00:36:15 | gmaxwell: | ... and subsiquent ones I worred less because I can _add_, and indeed things have not worked out so well for these folks. |
| 00:37:11 | bramm: | gmaxwell, morons |
| 00:38:04 | bramm: | VCs are supposed to be investing in high risk tech investments, not commodity hardware |
| 00:38:16 | op_null: | bramm: mining sounds fun though (and it is) |
| 00:38:30 | op_null: | magic machines that print money. who would want to make them? |
| 00:39:04 | bramm: | Honest VCs tell their LPs they're investing in marxist value creation |
| 00:39:09 | gmaxwell: | bramm: well, people who don't understand what they're doing have had an easy time misrepresenting the returns... mining has never been hugely profitable; though it's often been easy to misrepresent as a huge money fountain. |
| 00:39:13 | adam3us: | gmaxwell: maybe an open hw project that stands ready to decentralise hashrate if the vertical integrated people get too silly. maybe with a hidden hash tweak. the big red button. |
| 00:39:39 | bramm: | http://www.theonion.com/articles/nasa-announces-plan-to-launch-700-million-into-spa,1950/ |
| 00:39:42 | op_null: | adam3us: best option there is to just buy masks from somebody like spondoolies. |
| 00:40:22 | bramm: | gmaxwell, Also good luck unloading all those bit coins if you're sitting on what nominally appears to be $100 million of them |
| 00:40:56 | adam3us: | op_null: i think the problem is its hard work being a mining manufacturer because given the depreciation rate and break even up to electrical loss even at sunk cost assumptions, they have to have a new generation out every 3-6months and thats really compressed |
| 00:41:32 | bramm: | adam3us, Lots of opportunity for accounting fraud with all that inventory though |
| 00:41:38 | gmaxwell: | bramm: well, the markets have been more liquid than you might give them credit for... e.g. volumes multiples of the total newly created coins trade every day on public markets. But indeed, lots of cotchas. |
| 00:41:39 | op_null: | bramm: the problems with wanting large portions of the hashrate is that drawing a lot of power is difficult. KNCminer struggled keeping an aircraft hanger near the arctic cool, cowboyminer had millions of dollars worth of gear go up in flames, and Mega Big Power managed to blow up a substation. |
| 00:42:31 | adam3us: | and probable criminals like butterfly made it really difficult to do pre-orders. (taking people smoney for hardware they hadnt designed and no idea how to design… subcontracted it to someone who didnt have much better idea to obvious failure. |
| 00:42:50 | gmaxwell: | bramm: Yes, I suspect the real business model behind some of this VC funded mining is this: get $10 million in miners, set up the hardware but skim 1-5%, which is in the noise with variance and yield, etc. Then you don't care if ultimately the mining was a loss or only a small profit for the comany because you embezzled a large sum. |
| 00:43:04 | phantomcircuit: | op_null, they blew up a substation? |
| 00:43:05 | phantomcircuit: | lol |
| 00:43:11 | adam3us: | y'know to get a decent inventory the asic people have to write $10 - $50m checks up front to TSMC. they dont have that kind of money. |
| 00:43:22 | op_null: | adam3us: BFLs hardware is LETHAL. no joke, the power supplies they shipped with their miners will kill you. |
| 00:43:22 | bramm: | op_null, that gives me great schadenfreude |
| 00:43:56 | gmaxwell: | unfused chinese switching powersupplies with a 5% catch fire on arrivial rate. :P |
| 00:45:21 | op_null: | it was higher than that, people got their BFL stuff out of the box on video and had the supplies explode |
| 00:46:27 | op_null: | phantomcircuit: I forget who told me that, I think it was in 2013. they took out one of the biggest substations upstream from them. no idea how. |
| 00:46:44 | op_null: | s/biggest/bigger |
| 00:47:31 | op_null: | adam3us: http://www.youtube.com/watch?v=3iabWK8EIgc lethal |
| 00:51:12 | adam3us: | one issue we may have about mining manufacturers and vertical integrated players is that to some extent and in some cases there are less scrupulous people who amassed a btc or usd hoard by ripping off users until they wised up by selling them guaranteed lose mining bonds at > 10x cost, or dodgy pre-sales of equipment and then user hostile practices to dodge intent while being close enough to letter of contract to avoid courts. |
| 00:51:50 | op_null: | sounds like KNCminer to me. |
| 00:52:20 | phantomcircuit: | op_null, that's hilarious |
| 00:52:34 | bramm: | adam3us, or pre-selling some new alt coin on kickstarter |
| 00:52:37 | bramm: | ahem |
| 00:52:39 | op_null: | phantomcircuit: the BFL thing or MBP? |
| 00:54:12 | adam3us: | or a different variant that gmaxwell describes as something like when there are risky or novel things to speculate with (more on the service than manufacturer end) sometimes the people who step up to take the risk are crazy cowboys or worse and not such great specimens of humanity that youd want to trust, and they may do something evil or stupid or criminal to the ecosystem if they get ahead by chance or (eg run away with exchange flo |
| 00:54:45 | adam3us: | adam3us has left #bitcoin-wizards |
| 00:57:23 | phantomcircuit: | op_null, both |
| 01:01:47 | op_null: | wonder if people would buy a bitcoin wallet with a geiger tube in it. was trying to find the BFL power supplies and ended up in a store selling russian vacuum tubes instead. artesanal entropy or something. |
| 01:02:36 | adam3us: | paul sztorc ripping apart proof of stake with economic ridicule :) too funny. http://www.truthcoin.info/blog/pow-and-mining/ |
| 01:03:32 | op_null: | adam3us: but vitalik added something at stake! it's fixed! |
| 01:03:46 | c0rw1n: | c0rw1n is now known as c0rw|sleep |
| 01:04:57 | adam3us: | op_null: i think its still broken. i believe the winner can just censor his own coin forfeitures. he says something like "this proof of having voted in multiple branches can be published to the chain".. and how does publishing to the chain happen.. voting, which PoS is unable to do securely. |
| 01:05:29 | op_null: | adam3us: it was a joke. it also doesn't solve the problem of replays of the network using old stake. |
| 01:05:39 | adam3us: | op_null: also his idea to disallow rewrites below some depth just leads to centralisation. (yeah i know) |
| 01:05:43 | gmaxwell: | It kinda frustrates me to see the bonded coins things attributed to other people; though the idea doesn't actually solve the problems in any case, I think we first heard it proposed by zooko. |
| 01:06:16 | adam3us: | gmaxwell: vitalik is not big on attribution i notice in general. |
| 01:06:18 | phantomcircuit: | afaict vitalik is just reading old trolltalk posts |
| 01:07:08 | MRL-Relay: | [tacotime] when i saw his solution to fix long term pos attacks was to just mandate automatic checkpoints locally at a fixed depth i did a double take.. |
| 01:07:14 | gmaxwell: | some of the investment in this altcoin hype space is people thinking "well, this system may not work, but if I invest in people with lots of interesting ideas, eventually one will work"; though annoyingly this mostly just directs people who reprint and hype other people's ideas they considered immperfect without adequate attribution. |
| 01:07:32 | adam3us: | i was musing crypto currency needs a james randi to make a career of ridiculing and challenging all the jokers silly ideas. |
| 01:07:49 | op_null: | tacotime: it's the same stuff that NXT has been saying fixes everything for ages, too :( |
| 01:08:39 | gmaxwell: | adam3us: yea, he misattributed coinjoin at one point; which actually torqued me off enough to complain and get a retraction. Mostly I don't care but maybe I should care more when it's being used as a tool to seperate the public from their funds. |
| 01:08:58 | MRL-Relay: | [tacotime] op_null: well, i figured it might be bad when i read "As it turns out, however, the problems are solvable" in the abstract. but yeah, the only thing that can marginally fix pos (imho) is to make it completely pow dependent. which i guess isn't really a fix, i really think it's impossible for pure pos to work. |
| 01:09:22 | gmaxwell: | adam3us: unlike psychic powers much of this stuff doesn't tend to admit a nice definitive test. alas. |
| 01:09:28 | adam3us: | hmm maybe ethereum could be persuaded to put up a james randi-sized $1m bounty for anyone to break their design. |
| 01:09:32 | op_null: | gmaxwell: you're thinking about that wrong. they already have had their funds taken away from them. writing more and more blog posts it's to keep the people from suing them. |
| 01:09:38 | adam3us: | maybe we could give it back to the investors :) |
| 01:09:53 | bramm: | What is proof of stake? |
| 01:10:03 | op_null: | bramm: oh boy. |
| 01:10:07 | MRL-Relay: | [tacotime] hahahaha. |
| 01:10:10 | op_null: | you're going to love this |
| 01:10:16 | gmaxwell: | [tacotime]: yea, sure I think anyone around here is happy to say that you can 'fix' POS by making it ultimately reduce to POW, but thats uninteresting (and depending on how its done perahps still less secure than POW). |
| 01:10:24 | adam3us: | so the idea that you get to vote based on how many coins you own. |
| 01:10:42 | bramm: | Democracy is three wolves and a sheep voting over what's for dinner |
| 01:10:45 | op_null: | adam3us: yeah, I'm not a fan of that. I recently partook in one of those bounties and got kicked back for my bug being out of scope. I should have got paid out, but nope. |
| 01:11:22 | adam3us: | the classiest "your alt is broken" i saw was when someone took all the coins using the defect and refused to give them back until they fixed the coin. |
| 01:11:33 | gmaxwell: | bramm: thats not the worst of it, those ideas suffer from a cyclic dependency. E.g. democracy where you constantly vote on who the voters are. :P |
| 01:11:45 | op_null: | adam3us: "break this system" "here, owned" "you didn't break it in the right way" |
| 01:11:53 | bramm: | gmaxwell, Yeah, dinner |
| 01:12:01 | MRL-Relay: | [tacotime] my guess is if you made a bounty for ethereum, they would "fix" the problem with complexity and get yet more investor money somehow from it. |
| 01:12:02 | bramm: | Does anybody know what stellar is doing? |
| 01:12:32 | MRL-Relay: | [tacotime] stellar is just a ripple/opencoin fork using a bitcoin blockchain snapshot i thought |
| 01:12:47 | gmaxwell: | bramm: stellar is a fork of ripple by many of the authors of ripple. It's a federated system with an ambigous trust model that I don't think they're being very frank about. |
| 01:12:49 | adam3us: | bramm: its usually structured as a lottery like ok we'll hash the block fo transactions or something and it will tell us at random which people can vote. but they can only vote once per 10mins. so the obvious problem is people permute blocks like crazy until they win. ergo it becomes PoW just an odd one. |
| 01:13:06 | op_null: | tacotime: it works well for them though. there's posts on bitcointalk and reddit praising how they finally fixed proof of stake, and how the technical people aren't saying anything about it because they finally realised they are wrong and vitalik is awesome and king. |
| 01:13:31 | adam3us: | op_null: ethereum? |
| 01:13:48 | adam3us: | i dunno this is security by reviewer exhaustion. |
| 01:13:49 | bramm: | gmaxwell, Jed said he'd send me the paper he wrote on it but hasn't |
| 01:14:04 | bramm: | I think it uses k-agreement or something. Seems totally centralized |
| 01:14:09 | gmaxwell: | bramm: basically they use a more classical consensus system, and don't really define how participants are admitted. In practice their admitted by some central org (opencoin in the case of ripple, e.g.) adding them to some list that must be more or less globally consistent to prevent spontanious consensus failures. |
| 01:14:18 | gmaxwell: | bramm: you would be correct. |
| 01:14:22 | adam3us: | bramm: i think its generically broken. its either vulnerable to sybil which is why bitcoin uses PoW; or its centralised. |
| 01:15:02 | gmaxwell: | I mean, I believe there are good places for centeralized systems... esp transparent and auditable ones; but it's important to be very clear about security assumptions and risks. |
| 01:15:52 | bramm: | gmaxwell, There's this thing called paypal... |
| 01:16:15 | gmaxwell: | bramm: supposidly one of the instigating things that caused the creation of stellar is that opencoin ripple added an account freezing feature; though less charitably it looks like people just wanted to repeat the asset speculation boom. |
| 01:16:45 | bramm: | gmaxwell, I know there was a falling out at ripple where jed left, I don't know details |
| 01:16:48 | adam3us: | always puzzles me why some people work there (at ripple or stellar). not sure whats so hard to see about it not working, and not being solvable. its like a perpetual motion machine, the machine just gts more complicated. |
| 01:17:20 | MRL-Relay: | [tacotime] well, that's kind of ethereum at this point oo. |
| 01:17:24 | gmaxwell: | bramm: perhaps, I think using techniques from this space we can give a system that has better security properties than paypal. (if not paypals other useful properties). As someone who personally suffered from a bunch of my money being frozen in paypal for a year, for no obvious reason (a decade ago), I can certantly see room for improvement there. |
| 01:17:26 | MRL-Relay: | [tacotime] people like shiny things. |
| 01:18:10 | op_null: | bramm: that's what ethereum does. they propose something, somebody pokes a hole in it, and they add more complexity until people can't be bothered reading it anymore. |
| 01:18:29 | phantomcircuit: | bramm, i believe jed was removed because it looks bad to have a criminal on the board |
| 01:18:51 | adam3us: | bramm: apparently it was related to who owns the XRP currency units. mostly ripple the company and the two founders. which was against initial promises and very opaque and misleading for the longest time. tho apparently that was jed's doing anyway. |
| 01:19:15 | adam3us: | phantomcircuit: oh what'd jed do? something relevant or just random? |
| 01:19:19 | gmaxwell: | op_null: ah, the old "Computational soundness against review" ... "we show if an adversary is able to review this cryptosystem in poly time, we can use that adversary as a black box to solve arbritary NP complete problems in poly time." :P |
| 01:19:40 | phantomcircuit: | adam3us jed wrote edonkey2k and was forced to settle with iirc universal music for some ungodly sum of money |
| 01:19:52 | op_null: | bramm: as some prior history, there's sort of two ripples. the original ripple and the opencoin ripple. you'll see posts from people talking about the former in a lot more positive light, don't confuse the two. |
| 01:20:01 | phantomcircuit: | actually i think his involvement in p2p money is in violation of that settlement... |
| 01:20:04 | bramm: | phantomcircuit, You do realize who I am, don't you? |
| 01:20:38 | phantomcircuit: | bramm, yes which makes it extra ++ ironic |
| 01:20:39 | bramm: | op_null, What are the differences? |
| 01:20:42 | op_null: | gmaxwell: wonder if we can automate that. |
| 01:20:44 | adam3us: | bramm: i dont think you shoudl read op_null as being anti p2p |
| 01:21:09 | bramm: | adam3us, I didn't mean 'you shouldn't say that' I meant 'awkward!' |
| 01:21:21 | phantomcircuit: | bramm, i pass no judgement on jed writing edonkey2k |
| 01:21:42 | gmaxwell: | yea, the whole ripple vs ripple thing was awful. Opencoin bought the name from an ill developer and created something entirely different, so you had stacks of academic papers, and lots of posts by people that were suddenly misrepresented as talking about their very different system. |
| 01:21:49 | phantomcircuit: | but that he probably isn't going to pass muster on regulatory issues |
| 01:21:52 | gmaxwell: | I went back and changed dozens of my posts on bitcointalk to fix this. |
| 01:21:57 | adam3us: | bramm: i do maybe pass some judgement on both ripple and repeating the pyramid attempt with new parameters at stellar :) however. |
| 01:23:40 | phantomcircuit: | gmaxwell, the entire concept is basically flawed in that you need central clearing points |
| 01:24:07 | phantomcircuit: | otherwise you end up with crazy things like someone in malaysia owing someone in the us $10 |
| 01:24:07 | adam3us: | bramm: politics of copying personally i'm with stallman & falkvinge 100% and scrapping copyright, patents. |
| 01:25:09 | bramm: | adam3us, stall man isn't in favor of abolishing copyright, common misconception, he's actually in favor of extraordinarily draconian copyright which he personally can exploit |
| 01:25:44 | adam3us: | bramm: well he's trying to use copyright to enforce the viral effects of GPL to get there in the interim. |
| 01:26:30 | bramm: | adam3us, He really is in favor of extraordinary overreach, including things like copyright on APIs |
| 01:26:40 | gmaxwell: | bramm: thats an unfair and inaccurate expression of his views. |
| 01:27:00 | bramm: | which is why in 2000 for several months up arrow didn't work in the python interactive interpreter. Every time I tried to hit it and it didn't work I wanted to go crack his skull open |
| 01:27:02 | phantomcircuit: | * phantomcircuit grabs popcorn |
| 01:27:23 | bramm: | gmaxwell, This is something he's directly acted on. It isn't controversial |
| 01:27:38 | adam3us: | bramm: i think if i understand GPL correctly the point is to exploit the current system to impose free software as a license condition. |
| 01:27:56 | bramm: | It's why Python didn't just re-implement get text |
| 01:28:11 | gmaxwell: | bramm: ... so you think readline being gpl explains stallman's views on copyright? come on. |
| 01:28:23 | adam3us: | bramm: so you may say thats abusive or inconsistent if you dont believe in copyright or IP to try to use a license, but its logically consistent i think. |
| 01:29:05 | bramm: | gmaxwell, It was why people didn't just reimplement readline, because he was throwing a fit about even speaking the same API being a violation of the GPL |
| 01:29:35 | adam3us: | bramm: kind of same vein as whoever got the patent on the idea of a business model based on getting silly patents. now if he'd managed to robustly enforce that it might actually make the point! |
| 01:29:46 | bramm: | Also there are a lot of things in the GPL and even LGPL (which people don't realize, so they're in violation) about making code available and ability to relink and basically a whole lot of crap which goes way beyond simple vitality |
| 01:30:34 | rusty: | bramm: I agree, the FSF has tended to overreach on copyright law to enforce their vision. But I understand the motivation./ |
| 01:31:25 | bramm: | I also don't believe that his motivations are all that pure (I believe they aren't monetary, but are self-serving) here's my whole rant on the subject https://www.facebook.com/bram.cohen/posts/10152668541675183 |
| 01:31:25 | gmaxwell: | bramm: and there are tons of closed commercial products which are basically sussed up GPL code that go the other way. There is no tidy boundary; ... elsewhere I've directly heard RMS say that for useful works no copyright should exist at all. And RMS has multiple times advised me directly to use 3-clause-BSD/MIT style licenses on my own code. |
| 01:32:06 | bramm: | gmaxwell, Well that's good but he's been a consistently bad actor every time anything of his has touched anything of mine |
| 01:33:03 | gmaxwell: | so yea, sure, I can agree FSF has often gone the green peace route of taking an radically strong position, and I've disagreed plenty of times. But what you were saying above, though it might reflect your expirence, is not universal by far. |
| 01:34:18 | bramm: | gmaxwell, I wouldn't get so pissed about it if people didn't paint him as some kind of messiah. Thankfully journalists seem to have gotten a clue on that one |
| 01:36:10 | adam3us: | bramm: i like stallman's views on IP long term negative side-effects, he speaks his mind, points out negative implications of DRM, trustworthy computing etc. |
| 01:45:02 | rusty: | bramm: he's not gotten this far by being reasonable, why start now? :) |
| 01:55:41 | rusty: | gmaxwell: BTW, I went around and around on the issue of data unavailability. But I'll write a list of my rejected approaches in the hope that it will inspire someone to fix one of them. |
| 01:57:14 | gmaxwell: | rusty: find anything stronger than my forward error correction one, or 'shareded shared fate'? well I'm interested in seeing the list. |
| 01:59:11 | rusty: | gmaxwell: the problem with any kind of error correction idea is that the size of data sent has to be >= block size, which is an approach we're generally trying to get away from. |
| 02:01:52 | gmaxwell: | rusty: oh no, it doesn't. ... well sent to whom? a 'server' needs all the data, but a 'client' does not... not with a locally decodable code. It only has to be as large as the data you want (well, plus some overhead, since no subexponential time locally decodable codes exists that achieve the bound, as far as I know) |
| 02:03:09 | rusty: | gmaxwell: ah, but I'm trying to avoid any full nodes. Otherwise you might as well say "miners must be full nodes" and have them demonstrate their knowledge, as pettycoin already does. |
| 02:03:12 | gmaxwell: | it's effectively the same problem as multi-server (information theoretic) PIR. (e.g. percy++ for a nice implementation) |
| 02:04:56 | rusty: | gmaxwell: Google has lead me to the reading list now. Previously I couldn't find any non-interactive proof of knowledge which was significantly smaller than the knowledge itself. |
| 02:05:00 | gmaxwell: | rusty: the reason that a server must have 'all' the data is so they can't conviently have only a subset that cannot decode the part that has the naughtyness in it. I suppose it would be sufficient if multiple servers had subsets such that the whole thing were available. Harder to reason about. |
| 02:06:18 | rusty: | gmaxwell: (sorry, you are competing with an 8 month old for attention right now) |
| 02:06:49 | gmaxwell: | I'm comfortable with that. I am also likely to eat random poisonous objects if left unsupervised. |
| 02:07:14 | rusty: | gmaxwell: OK, I actually LOLed at that... |
| 02:09:18 | rusty: | gmaxwell: well, I could imagine each successive miner proving that it knew some subset of the previous blocks. But that's only some fixed fraction better than having them know everything. |
| 02:10:40 | rusty: | gmaxwell: I thought about miners being able to lodge complaints about unavailable information too, but it's hard to see how that (1) wouldn't become horribly gamed, and (2) amount to enough to cause a block to be discarded, particularly if the evil miner is slowly bleeding out information. |
| 02:11:26 | rusty: | And complaints not associated with a PoW are even worse, of course. |
| 02:12:46 | gmaxwell: | Well it's not really about miners. I mean the concern I'm trying to address is this: You're going to randomly validate things, but for the security argument to hold there your random selection cannot be biased by the attacker. If servers all have all the data for the current block (even if they don't have historical data anymore), then you can just ban servers that refuse to answer a query, maybe take hints from neighbors that a ... |
| 02:12:53 | gmaxwell: | ... part is unavailable (e.g. supporting rate limited transitive requests), and dogmatically continue going until you get your query answered. E.g. you can say if you can't find a piece, start asking your peers for it too, and have them honor a small percentage of transitive requests. Under some 'handwave handwave' assumptions you can make the process have positive gain, so rapidly everyone is asking for the missing data, and ... |
| 02:12:59 | gmaxwell: | ... banning those who don't provide it. |
| 02:13:06 | gmaxwell: | But this doesn't seem to work if instead the problem is that no one exists that offers the data, and just no one is offering, since you don't know who to blame for it. |
| 02:14:04 | gmaxwell: | The idea with the error correcting code is that if you're willing to answer requests for all possible data, then we can make it so that you can't answer any requests at all without risking that you leak the data you're trying to hide. |
| 02:14:43 | gmaxwell: | (because there are an effectively infinite ways to request any particular piece of data, and two users combining the parts they recieved can reconstruct a third that you didn't want to send) |
| 02:15:10 | rusty: | gmaxwell: I disagree, it really is about miners. They insert N bogus transactions, either to gain fees, or to sabotage future blocks, or to DS later. Since the protocol must allow you to xmit only block headers, you do that and refuse to answer about the bogus ones. |
| 02:16:20 | rusty: | gmaxwell: if you assert that you must have a full block to mine, yes, it's easy. It's avoiding that which is the puzzle... |
| 02:16:37 | rusty: | gmaxwell: I thought about requiring revealing N "random" full transactions (w/ proof) in order to spend the coinbase TX. That reduces the probability of getting away with it somewhat. |
| 02:16:49 | gmaxwell: | rusty: They have the motivation and capability to lie. They also have an income stream though. so if it were only miners, you could do something like every block includes a host which promises to serve you the data... if you're unable to get it elsewhere, you go get it from there. If that host gets dos attacked, well too bad for them. |
| 02:17:00 | gmaxwell: | just a cost of doing business. |
| 02:18:29 | gmaxwell: | (the host they give doesn't have to be their own, of course, but perhaps a third party that they give a small cut of their income to.) |
| 02:19:30 | rusty: | gmaxwell: interesting, so extending the miners responsibility to include data availability. |
| 02:20:17 | rusty: | gmaxwell: But even using your ECC method, if I understand correctly, the server will know when it's leaking the malformed tx, right? So it can refuse to answer such queries, but still answer *some*. |
| 02:20:56 | rusty: | gmaxwell: and if "some" is > 50%, of course, the evil miner wins. |
| 02:21:50 | rusty: | (actually, you just need 50% of the hashing power, so answer correctly to the big mining pools) |
| 02:24:18 | gmaxwell: | rusty: no, because users can conspire. The idea is that users request some random chunks out of some large code space, which are sufficient to decode what the user wants directly. The server can tell what the user is decoding there. (in PIR these chunks are split across multiple servers and then no single server can tell). |
| 02:25:19 | gmaxwell: | Now if two users who collected permitted chunks exchange the data they fetched independantly, they can also resolve one or more additional chunks other than what they originally asked for. Or, e.g. if I give you my chunks, you can now go request some more seeming to get block X but also getting you block Y since you have my data. |
| 02:26:18 | gmaxwell: | And with the right expansion factors you can make it so that the server cannot answer more queries than the size of the original block without an arbritarily high exponential probablity of revealing the whole block should the users compare notes. |
| 02:26:53 | gmaxwell: | They could, however, stop answering queries just short of that, but they'd only be able to tell a small number of nodes about the block. (e.g. only sending an aggregate of one blocks worth of data). |
| 02:28:17 | gmaxwell: | (but perhaps you can see why I want the server to have all the data... if instead the server reveals just enough that the badness cannot be reconstructed and goes off line, if other servers relay that same data, then the distance the damage can spread is unbounded. |
| 02:28:31 | gmaxwell: | instead of being bounded by only one blocks worth of data being sent out) |
| 02:30:21 | rusty: | gmaxwell: yes, I assumed relaying.... Now I think I understand: each query uses a unique nonce, so you're now centralized on that one server for the block, but your scheme works. |
| 02:31:54 | rusty: | gmaxwell: that's a pretty different model to currently, but it *does* solve the problem. Kudos... |
| 02:33:54 | rusty: | gmaxwell: OK, my brain is full, time for lunch. Thanks! |
| 02:42:29 | wallet42: | wallet42 is now known as Guest23555 |
| 02:42:29 | wallet421: | wallet421 is now known as wallet42 |
| 03:12:06 | zooko`: | zooko` is now known as zooko |
| 03:26:26 | zooko: | tromp: the 2014-10-26 version of https://github.com/tromp/cuckoo/blob/master/cuckoo.pdf?raw=true mentions the macro nonce only in a footnote. |
| 03:26:33 | zooko: | Suggest remove mention of it or add explanation of it. |
| 03:28:34 | tromp: | the footnote explains that micro nonces generate edges and another nonce generates the key |
| 03:28:44 | zooko: | tromp: yes, I know. |
| 03:28:47 | tromp: | calling the latter the macro nonce |
| 03:29:12 | tromp: | it's a suggested language for ppl discussing the paper |
| 03:29:21 | zooko: | I'm saying, it is unnecessarily confusing to introduce the word "macro nonce" when it is used only one time, and that time is mostly just to point out that you shouldn't confuse it with the micro nonce. |
| 03:29:25 | zooko: | Okay. |
| 03:29:42 | zooko: | Also, what I really wanted was an explanation of how the macro nonce would be chosen. |
| 03:30:09 | tromp: | i want to save ppl the trouble from talking in terms of "that other nonce that generates the hash key" |
| 03:30:10 | zooko: | I suppose that's outside the scope of cuckoo per se, but I imagine it is something like sha256(previous-block-hash | macro-nonce). |
| 03:31:11 | tromp: | it;s sha256(header) where header has many fields including those but also merkle root and timestamp for instance |
| 03:41:51 | tromp: | the macro nonce is chosen just as it is with bitcoin's pow |
| 03:42:02 | tromp: | in whatever way suits the miner |
| 03:42:47 | tromp: | that's simply outside of the pow's scope |
| 03:42:48 | op_null: | primes give me a warm feeling. |
| 03:42:55 | op_null: | go with primes. |
| 03:43:23 | tromp: | i mention primes in my paper, just to give you thatr warm feeling |
| 03:43:42 | tromp: | but found no use for them in my pow:( |
| 03:43:51 | op_null: | oh you |
| 03:44:13 | tromp: | op_null maybe you can do some gapcoin mining |
| 03:44:25 | tromp: | to gain more warmth |
| 03:46:11 | op_null: | I don't think I've mentioned it before, but I *really* like the way you handle cuckoo cycle. it's not presented as magic to save the world, you're not hounding other people to use it or like it. I'm not sure if it's right or desirable, but I certainly don't mind discussing it with you. |
| 03:46:57 | tromp: | btw, they came up with this brilliant logo: https://bitcointalk.org/index.php?topic=822498.msg9493423#msg9493423 |
| 03:47:21 | op_null: | what on earth is gapcoin |
| 03:47:31 | tromp: | thx, op_null. appreciate that |
| 03:47:48 | tromp: | it's the latest prime flavored PoW |
| 03:47:58 | tromp: | pretty neat actually |
| 03:48:24 | op_null: | does it have the problem primecoin does where it blows up the block header and is insane to verify? |
| 03:49:32 | tromp: | i'm not familiar with it |
| 03:49:33 | op_null: | I got sha256 PoW verification working on a $4 CPU from china, duno how I'd go with prime sieves |
| 03:50:52 | tromp: | gapcoin uses diffrent verification from primecoin |
| 03:51:05 | tromp: | they use miller rabin tests |
| 03:51:20 | tromp: | which give arbitrarily high confidence of primality |
| 03:51:42 | op_null: | I assume you have to walk the distance between the primes and check all of them for primeness though? |
| 03:51:44 | tromp: | primecoin uses a pseudoprimality test which cld be wrong |
| 03:52:55 | tromp: | i don't know; the proof cld enumerate some numbers in between whose compositeness is not easily established |
| 03:53:04 | tromp: | wld have to read up more on it |
| 03:53:53 | tromp: | gapcoin.org says "Verifying a prime gap is easy, you only have to check every number between the start and the end to be composite" |
| 03:54:03 | tromp: | so i guess they stick with the obvious |
| 03:54:49 | tromp: | maybe avoid miller rabin for numbers with a small divisor |
| 03:55:54 | tromp: | as expected, the section "But how are prime gaps useful?" is less than convincing:) |
| 03:56:56 | op_null: | at least what they are saying can be parsed as english. lots of altcoins dont manage that. |
| 03:57:30 | op_null: | my favourite one's feature was that the difficulty was locked to 1, and you had to "wait" between mining blocks for 24 hours. easiest coin to mine! |
| 03:58:48 | tromp: | reminds me of those bitcointalk posts that ask: cld we design a coin that limits the hashpower? |
| 03:59:05 | op_null: | or this one that explains how their BIP62 stuff works https://i.imgur.com/aXgRFQ8.png |
| 04:00:02 | op_null: | well, someone did make an altcoin with a fixed difficulty at one point and no "waiting", I think it just exploded into a world of chain forks |
| 04:00:34 | tromp: | was it called DDOScoin :-> |
| 04:00:36 | tromp: | ? |
| 04:01:16 | op_null: | no, but that has existed too. the idea was that if you solved a block the rest of the network launched a denial of service attack against you. |
| 04:01:53 | gmaxwell: | op_null: liquidcoin |
| 04:02:09 | gmaxwell: | yea, I think that one was mostly intended to shed hashrate from litecoin. |
| 04:02:31 | op_null: | a close contender is one that attempts to have "proof of activity", where nodes "stake" by being online. how do you prove that a node is online? you connect to them of course. so the whole network has every single node connecting to every other one, in order to watch their uptime and use it for consensus ;_; |
| 04:04:53 | op_null: | gmaxwell: oh that's old. fixed difficulty 0.05, forked from tenebrix, CPU only mining with scrypt |
| 04:04:53 | tromp: | almost makes you want to draw up a top-100 list of most ill-conceived ideas in crypto-currencies |
| 04:06:15 | op_null: | tromp: if you want to be DDoS fodder, go right ahead. |
| 04:07:34 | op_null: | gmaxwell: oh, did you hear darkcoin's coinjoin clone was vulnerable? |
| 04:07:54 | gmaxwell: | tromp: it was a fantstic idea, took like half of the ltc hashrate away for a month, and exploded into a zillion forks that could never converge onto a single blockchain. :P |
| 04:08:16 | gmaxwell: | op_null: well that was a given, but by which particular mode did it fail this time? |
| 04:09:02 | op_null: | gmaxwell: something to do with the way they were doing fees meant the path through the coinjoin was obvious. I don't know how that works since the outputs are meant to be the same size, but I assume it's due to something with the masternodes taking out fees each time. |
| 04:09:48 | gmaxwell: | oh, well in that case I'm just more surprised that someone noticed. |
| 04:10:05 | op_null: | "We ask that everyone stop using Darksend for the time being, until we’re able to push out a fix to an issue Aswan found. This issue comes from the way fees are paid in Darksend with the combination of the way the client tries to denominate the same amount each round. The result is the possibility to trace a transaction through Darksend. |
| 04:10:42 | SomeoneWeird_: | SomeoneWeird_ is now known as SomeoneWeird |
| 04:11:12 | SomeoneWeird: | SomeoneWeird is now known as Guest34913 |
| 04:11:15 | op_null: | gmaxwell: you could also completely break their network by announcing a masternode in two places at once. |
| 04:11:29 | lclc_bnc: | lclc_bnc is now known as lclc |
| 04:13:06 | Guest34913: | Guest34913 is now known as SomeoneWeird |
| 04:20:32 | zooko: | Ugh, I tire of reading the complaining and whining about other people's projects. |
| 04:20:44 | op_null: | sorry. |
| 04:21:10 | zooko: | Could someone set a flag when the topic in here veers onto constructive work? |
| 04:21:13 | zooko: | It's just social grooming. |
| 04:21:14 | op_null: | I take issue with people being sold disfunctional cryptosystems is all. |
| 04:21:56 | zooko: | We can score a few points by bonding with our buddies about how dumb and/or malicious is someone who's not present. |
| 04:22:04 | zooko: | Approximately the same functionality as the Facebook "like" button. |
| 04:22:20 | zooko: | * zooko tries hard to reign in rant mode |
| 04:22:35 | gmaxwell: | zooko: I suppose you'd prefer to continue to divert actual productive conversation into closed membership private channels as you have in the past? |
| 04:22:58 | zooko: | op_null: I'm sure you personally don't deserve my ire. It's more of the "social tone" in general. |
| 04:23:33 | op_null: | there's a difference between a social media site and cryptography that people's safety can depend on. I can't do anything to stop people doing shitty things with cryptography and selling it, ridiculing it to an audience that can understand it is about all I can do. |
| 04:23:51 | kanzure: | gmaxwell: there's a difference between advocating for less smearing of other terrible projects, versus advocating for a closed membership channel |
| 04:23:55 | gmaxwell: | zooko: there is a productive side of the conversation, understanding the failure modes is important and interesting (which was my question) though in this case it appears to have not added much to the collective understanding. (e.g. bc.i already made a very similar mistake with fee tracability) |
| 04:24:27 | kanzure: | in general it would probably be a good idea to not foster an environment of warantless smearing. although i can totally support thoughtful and clever smearing based on bringing up actual implementation details or concepts etc. :) |
| 04:24:45 | gmaxwell: | kanzure: I was "pot kettle blacking" there. I'm not pleased with the continual diversion of people into closed channels because some people are uncomfortable with the additional costs of working in public. |
| 04:25:03 | kanzure: | yep you and i share the same opinions there about private channels |
| 04:25:17 | gmaxwell: | (in particular, because it then leaves the less interesting stuff in public) |
| 04:26:02 | op_null: | kanzure: in this case, it's fairly obvious that darkcoin built a flawed system where every "masternode" must have an open socket for people to connect to. the realities of a distributed system means there's a financial incentive for people to attack other nodes. which is obviously undesirable. |
| 04:26:14 | kanzure: | gmaxwell: right, it's quite similar to the "being ignorant in private" problem |
| 04:26:36 | kanzure: | op_null: you should not interpret any of my prior messages today as singling out darkcoin at all |
| 04:26:53 | MRL-Relay: | [tacotime] well, it's easier not to criticize other projects if they didn't have crazy instamines they've used to cash in on the public. but i guess maybe a better question is: can tx onion routing to obfuscate the sender reliably work? |
| 04:26:56 | op_null: | kanzure: I didn't. |
| 04:28:05 | op_null: | tacotime: who does that? darkcoin doesn't do that. |
| 04:28:22 | kanzure: | zooko was specifically saying that he thinks it is unproductive to high-five each other about smearing people who aren't around |
| 04:28:29 | kanzure: | that's all. this is not a complicated concept. |
| 04:28:45 | kanzure: | bad ideas are bad enough on their own, anyway :) |
| 04:29:00 | MRL-Relay: | [tacotime] op_null: isn't that the intention of darksend? to have a bunch of funds sent to a master node, mix up their dests, then send them to another node, and so on? |
| 04:29:22 | zooko: | op_null: I too strongly disapprove of incompetence and/or fraud harming people. ☺ |
| 04:29:23 | zooko: | |
| 04:29:24 | zooko: | Um... here's something maybe sort of relevantish, while also being constructive? |
| 04:29:24 | zooko: | Hold on ... |
| 04:29:27 | zooko: | Trying to get a web server that I can host it on. |
| 04:29:31 | op_null: | kanzure: I know. I was explaining why it's technically interesting and not just making fun of people for the hell of it. |
| 04:29:37 | zooko: | Oh well, maybe later. |
| 04:30:07 | gmaxwell: | As far as not around, they've been invited here. But they were only interested in paying me so they could attach my name to their project, not in actual technical discussions. In any case, I also prefer "omg guess what these idiots did" at least be directed to figuring out how to avoid the same mistakes elsewhere. :) |
| 04:30:45 | gmaxwell: | (they'd also used my name all over their stuff intially and I had to threaten to go around bad mouthing them to get it removed.) |
| 04:30:45 | op_null: | tacotime: I don't know, that might be something new. it was pretty much just coinjoin with a bunch of semi untrusted peers as far as I've seen. their next hype seems to be that they "solved" instant transactions using the same masternodes. |
| 04:31:58 | op_null: | tacotime: they have some interesting flaws going on with masternodes. you're meant to hold a large amount of money as "stake" to prevent sybil attacks. people got tired of that because it meant you had to keep your 1000 DRK output secure. so now it's a delegation system. so people rent out their "stake" key to third parties who run nodes and collect a portion of the profit. |
| 04:33:39 | MRL-Relay: | [tacotime] op_null: um, hm. that's a sort of a proof of stake, i guess, but it sounds dangerous to based privacy on rented accounts. |
| 04:33:45 | op_null: | it's not really clear how all of this works with miners in the mix, as the masternodes now take quite a big portion of the block reward too. if you wanted your node to make the most money, your best bet is to DOS attack all of the other masternodes so you're the only viable choice. |
| 04:33:51 | gmaxwell: | op_null: thats pretty interesting, is it purely sybil protection now? originally they were talking about it being a bond to prevent misbehavior. I hadn't followed it because being closed source made it pointless to try. |
| 04:34:48 | op_null: | gmaxwell: I can't say for certain, but I don't think you can lose your output for misbehaviour. |
| 04:35:44 | gmaxwell: | is the profit sharing in the delegation enforced by the protocol or is it trust me? |
| 04:36:33 | op_null: | for a while it was up to the pool to set their percentage, but now I think it's enforced as a consensus rule. they had some trouble with the network fragmenting when they enabled that feature the first time and had to hard fork around it. |
| 04:38:40 | op_null: | seems to be 30% of the block reward at the moment, but is set to increase over time. |
| 04:38:56 | gmaxwell: | thats interesting. what drove the removal of the trust there? did pools rip people off? |
| 04:40:27 | op_null: | I think it was that pools weren't paying MN enough, I'd have to find that part of their forum thread. |
| 04:41:53 | gmaxwell: | I would be very interested in know if they were hard forking to override a market decision like that. |
| 04:43:54 | op_null: | "Basically if someone runs an old version of the wallet and finds a block he won't pay anything to a masternode. Enforcement means that such blocks will be rejected by the network." |
| 04:44:58 | gmaxwell: | oh this is enforcing the tribute to the masternodes. not the profit sharing in the delegation |
| 04:46:16 | op_null: | oh yes, sorry I totally misread you. |
| 04:46:28 | op_null: | um, I'll find out where the remote masternode stuff came from. |
| 04:49:07 | op_null: | still looking, but here's the masternode payment percentage table https://i.imgur.com/gglJY0q.png |
| 04:49:22 | gmaxwell: | yea, I knew about enforcing their diversion of the subsidy... I believe you and I may have wtf chuckled about the non-enforced version previously "no, thanks really, I'd prefer to keep all the coins." |
| 04:50:12 | op_null: | that is of course the rational response. |
| 04:52:12 | op_null: | "supports the hot/cold setupfor masternode operators (allowing your money to not be risked atall)" |
| 04:53:17 | op_null: | can't find much more information about it sadly. just loads and loads of guides. |
| 04:53:34 | MRL-Relay: | [tacotime] that's a lot of the miner subsidy going to their proof of stake system. |
| 04:55:54 | MRL-Relay: | [tacotime] i imagine that as you increase their share, you disincentivize mining while incentivizing hoarding, and eventually at some point things will become insecure. |
| 04:57:30 | op_null: | hard to say where that point is though |
| 05:03:22 | MRL-Relay: | [othe] but thats all they want, increase holding so the price does not drop ;) the rest doesn´t matter. |
| 05:25:52 | smooth: | that seems like kind of a fallacy although i haven't completely thought it through, but if everyone is holding and receiving stake then you are just decreasing the price |
| 05:26:23 | smooth: | but perhaps you are decreasing it more slowly giving the instaminers more time to get out |
| 05:30:06 | MRL-Relay: | [othe] but they don´t "stake"; they steal from the miner rewards |
| 05:36:53 | smooth: | whatever you call it. if you give more coins to people who has coins all you do is make the price lower though slowly |
| 07:47:54 | gmaxwell: | This bitcoin core pull req would love some more mild cryptographic review: https://github.com/bitcoin/bitcoin/pull/5227 |
| 08:14:24 | Luke-Jr: | gmaxwell: I thought we merged libsecp256k1-based signing? |
| 08:14:49 | gmaxwell: | Luke-Jr: we did, but libsecp256k1 doesn't define how the nonce is provided. |
| 08:15:11 | gmaxwell: | (This is a policy I disagree with, ... but I expect it'll later be resolved by offering a higher level interface too) |
| 08:16:02 | Luke-Jr: | oh, is the summary outdated? |
| 08:37:10 | gmaxwell: | Luke-Jr: indeed, the PR summar is outdated. |
| 08:37:45 | gmaxwell: | the pull was originally for openssl then both now just secp256k1. |
| 08:53:22 | sipa: | i'll update the comment |
| 08:57:31 | lclc: | lclc is now known as lclc_bnc |
| 09:01:51 | lclc_bnc: | lclc_bnc is now known as lclc |
| 09:05:17 | wolfe.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 09:05:17 | wolfe.freenode.net: | Users on #bitcoin-wizards: andy-logbot adam3us RoboTeddy askmike fanquake damethos AaronvanW jb55 prodatalab go1111111 arowser gues jaekwon TheSeven coiner samson_ lclc K1773R SomeoneWeird Nightw0lf koshii_ Eliel_ kanzure wallet42 Dr-G3 bobke LaptopZZ zooko postpre rfreeman_w rusty coke0 eristisk waxwing DougieBot5000 warptangent maaku_ Shiftos isis btcdrak dgenr8 iambernie Aquent adlai sneak harrigan michagogo hguux_ Starduster atgreen c0rw|sleep gavinandresen |
| 09:05:17 | wolfe.freenode.net: | Users on #bitcoin-wizards: SubCreative shesek JonTitor devrandom ebfull phantomcircuit Graftec nuke1989 sl01 mkarrer grandmaster Qfwfq Cory Grishnakh sipa spinza mortale DoctorBTC Flyer33 OneFixt Alanius epscy jbenet HM dansmith_btc artifexd btc__ Nekokamisama mappum Muis copumpkin bosma azariah4 nanotube Hunger- orw MRL-Relay fluffypony tromp berndj jgarzik PaulCapestany BlueMatt a5m0 kgk Luke-Jr Emcy LarsLarsen Baz___ gazab Guest39111 AdrianG iddo jaekwon_ yoleaux |
| 09:05:17 | wolfe.freenode.net: | Users on #bitcoin-wizards: xabbix gwillen livegnik BananaLotus d4de Myagui @ChanServ burcin coutts wizkid057 Dyaheon bbrittain NikolaiToryzin forrestv null_radix nickler mr_burdell Logicwax zibbo Meeh tromp_ Krellan poggy pi07r_ comboy mmozeiko lnovy Taek optimator_ [\\\] Apocalyptic throughnothing petertodd crescendo CryptOprah cfields-away Fistful_of_Coins gmaxwell kinlo ahmed_ so Anduck [d__d] espes___ BigBitz otoburb wumpus EasyAt starsoccer hollandais jaromil helo |
| 09:05:17 | wolfe.freenode.net: | Users on #bitcoin-wizards: Keefe Iriez huseby phedny midnightmagic nsh coryfields andytoshi BrainOverfl0w fds4345 warren lechuga_ abc56889 harrow roasbeef ryan-c [Tristan] TD-Linux catcow danneu amiller smooth Graet gribble asoltys pigeons |
| 09:44:41 | SomeoneWeird: | SomeoneWeird is now known as s1w |
| 10:38:45 | gmaxwell: | Luke-Jr: happy with https://github.com/bitcoin/bitcoin/pull/5227 's description now? |
| 11:03:06 | rusty: | rusty has left #bitcoin-wizards |
| 11:30:24 | SubCreative: | SubCreative is now known as Sub|zzz |
| 13:31:46 | Myagui: | Myagui is now known as MatyIda |
| 13:32:00 | MatyIda: | MatyIda is now known as Myagui |
| 13:39:00 | cbeams_: | cbeams_ is now known as cbeams |
| 16:05:43 | zooko: | Slightly off-topic, but I finished a document about Tahoe-LAFS's share-placement algorithm: https://tahoe-lafs.org/~zooko/docs/specifications/servers-of-happiness.html |
| 17:00:38 | lclc: | lclc is now known as lclc_bnc |
| 17:08:49 | nuke_: | nuke_ is now known as nuke1989 |
| 18:23:29 | c0rw|sleep: | c0rw|sleep is now known as c0rw1n |
| 18:31:41 | Luke-Jr: | gmaxwell: lol, it wasn't a big deal :p |
| 19:15:44 | c0rw1n: | c0rw1n is now known as c0rw|timetravel |
| 19:21:00 | c0rw|timetravel: | c0rw|timetravel is now known as c0rw1n |
| 20:34:42 | Sub|zzz: | Sub|zzz is now known as SubCreative |
| 21:13:00 | lclc_bnc: | lclc_bnc is now known as lclc |
| 22:06:43 | lclc: | lclc is now known as lclc_bnc |
| 22:33:01 | NikolaiToryzin: | NikolaiToryzin is now known as NikolaiTorysin |
| 22:35:46 | luny``: | luny`` is now known as luny |
| 22:39:12 | NikolaiTorysin: | NikolaiTorysin is now known as NikolaiToryzin |
| 23:00:13 | SubCreative: | SubCreative is now known as Sub|out |