00:29:04NewLiberty-afk:NewLiberty-afk is now known as NewLiberty
01:08:53Pan0ram1x:Pan0ram1x is now known as Guest23486
02:00:40gmaxwell_:gmaxwell_ is now known as Guest25475
02:06:22banana_lotus:banana_lotus is now known as BananaLotus
02:08:14Pasha:Pasha is now known as Cory
02:46:02Guest25475:Guest25475 is now known as gmax
02:46:05gmax:gmax is now known as gmaxwell
03:36:59gmaxwell:lechuga_: http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg06744.html
03:39:25fanquake_:fanquake_ is now known as fanquake
04:22:33andytoshi:amiller: first paragraph of section 6 (page 8) and very first paragraph of page 9 are rewritten https://download.wpsoftware.net/bitcoin/alts.pdf
04:25:13fanquake_:fanquake_ is now known as fanquake
04:33:12amiller:andytoshi, looks good to me
04:34:43rusty:andytoshi: This gave me a chuckle: " [cite yet-unwritten article about cryptographicthermodynamics]"
04:37:11amiller:i vote for "thermocryptomics" as the name of this nascent field
04:39:50kanzure:"[invoke spirit of boltzmann here]"
04:40:45rusty:andytoshi: Your formula for calculating difficulty updates is wrong. Which kind of makes a meta point about complexity. That "timestamp 2016 blocks ago" <- should be 2015.
04:41:04andytoshi:amiller: +1 to thermocryptomics :D
04:42:07andytoshi:rusty: are you sure? diffchanges at blocks 1, 2017, 4033, ... no?
04:42:37rusty:andytoshi: there's an out by one error...
04:43:50sipa:no
04:44:28sipa:the error is that the data used for the retargetting does not overlap, which causes the timewarp bug
04:44:36sipa:but it's every 2016 blocks
04:46:23rusty:sipa: yes, so timestamp 2015 vs timestamp 0, not ts 2016 vs ts 0.
04:46:50andytoshi:2015 vs 0 is still 2016 blocks
04:47:08gmaxwell:it's a 'gaps vs blocks' counting.
04:47:32gmaxwell:There is n-1 gaps in a span of n blocks.
04:48:05rusty:sipa: but still gets divided by 2016, not 2015. making for 10.005 minute blocks
04:48:51sipa:no; it subtracts the time of block N-2016 from that of block N, and divides by 2016
04:49:02sipa:i think
04:49:05andytoshi:i recall getting myself confused by this when i was writing rust-bitcoin, but i don't think i can word it any better .. this is just a bug in english imo
04:49:07sipa:you make me wonder :)
04:49:16andytoshi:and i also think what's written is correct, but i'm not certain
04:49:37gmaxwell:rusty: foo minute blocks is uninteresting, whats interesting is the lack of overlap means that hashrate can increase forever while difficult decreases forever.
04:51:46rusty:gmaxwell: sure, dividing by the correct number wouldn't fix anything. I was trying to be illistrative.
04:52:53andytoshi:from reading my rust code, i think the number is correct. the non-overlapping thing is cool, i never noticed that before
04:53:58rusty:sipa: I've written this code and tested it against bitcoin (it failed, which lead me to this realisation). To calculate the difficulty of block 2016, we take timestamps of block 2015 and block 0.
04:55:23sipa:rusty: you're right; wow
04:55:40sipa:apparently i never entirely understood this
04:55:41andytoshi:rusty: what's written is "timestamp of last block - timestamp of block 2016 blocks ago". at block 2016 this refersto blocks 2015 and 0, respectively. so i think my prose is correct
04:55:47andytoshi:but erp, subtle
04:55:51rusty:andytoshi: I think the fact that we're arguing over this illustrates your paper's point. That even the "non-crypto" part of our cryptosystems are really damn hard.
04:55:57andytoshi:yeah jeez
04:56:05sipa:rusty: the crypto part is actually easy
04:56:18rusty:sipa: heh, just use openssl? :)
04:56:41sipa:rusty: as it already exists, and is (usually...) well tested and with known conditions under which it works
04:57:39rusty:andytoshi: yeah,if you read "last block" as "timestamp 1 block ago".
04:58:19rusty:andytoshi: may I suggest The formula for adjusting the difficulty is simple:[1] .... [1] And subtly wrong. [cite timejacking attack]
04:58:34sipa:rusty: even with openssl, the problems we've had were in serialization code, not actual cryptographic implementations
04:58:45gmaxwell:rusty: I don't think it's really correct to call these parts "non-crypto"; thats really just a too narrow definition of crypto. E.g. Does a lamport signature have no crypto at all because all there are is hashes? How about McEliece encryption? it's just a error correcting code. Academic happily accepts ZKP systems as cryptography, though they may have no secrets at all.
04:59:40sipa:right, it's probably better to talk about "cryptographic primitives"
04:59:46gmaxwell:I think its more fair to understand the whole (or at least whole of the consensus critical parts) as a fantastically complex and under anyalyized cryptosystem; doing so more adequately predicts the kinds of terrible problems there are with it.
04:59:46andytoshi:rusty: i think that's the most likely reading, so the formula in the doc is correct. (presumably anyone who reads this will not try to translate english into consensus code anyway!!) do you know a cite for the timejacking attack?
05:00:01gmaxwell:andytoshi: the artforz post, uh..
05:01:51gmaxwell:andytoshi: I can't link because bct is down
05:01:53andytoshi:found it, https://bitcointalk.org/index.php?topic=43692.msg521772#msg521772 ...oh, lol bct is down :). this was before my time, i was totally unaware of this somehow
05:02:10rusty:gmaxwell: Yeah, I put it in quotes for a reason. The point of andytoshi's altpaper is that you can't go "oh, I'm not touching the crypto so my altcoin is safe"
05:02:12gmaxwell:oh wow, I'm sure it's been mentioned in here many times before; must have wooshed you.
05:02:43andytoshi:ima read http://culubas.blogspot.de/2011/05/timejacking-bitcoin_802.html
05:03:07gmaxwell:the fact that the URL is so old makes it more likely to be correct. :-/
05:03:40gmaxwell:oh that doesn't cover it
05:04:13andytoshi:ok, yeah, this looks like stuff i knew about..
05:05:07andytoshi:kanzure: is there a way to access your copy of bct?
05:06:04kanzure:one moment
05:06:17gmaxwell:andytoshi: I put a nice demonstration in testnet.
05:06:24kanzure:http://archive.fart.website/archivebot/viewer/job/7i531
05:06:30andytoshi:gmaxwell: is the gist of it that the difference between blocks 2015 and 2016 is never used in any calculation (same with between 4031 and 4032, etc) so you can make these wild without affecting difficulty?
05:06:51kanzure:https://archive.org/download/archiveteam_archivebot_go_068/archiveteam_archivebot_go_068_archive.torrent
05:06:55kanzure:https://archive.org/download/archiveteam_archivebot_go_068/bitcointalk.org-inf-20140403-045710-7i531.warc.gz
05:06:58kanzure:warning 83 GB
05:07:10gmaxwell:there is span where the difficulty goes from 16 to 1 while at the same time the block rate is running at pretty much the maximum expressable rate (1 second per 5-6 blocks).
05:07:26gmaxwell:andytoshi: no not quite.
05:07:40gmaxwell:andytoshi: it's a two part interaction with the non-overlapping window and the median rule.
05:07:40op_mul:hold on. I have the threads unpacked.
05:08:04gmaxwell:Just the non-overlap isn't enough because otherwise the median rule would prevent you from doing anything crazy with it.
05:09:45gmaxwell:Basically you mine just enough blocks with really far back timestamps so that the median doesn't move forward. and you thus carry the old time all the way to the boundary, and then use it. This wouldn't allow you to repeadily crank the difficulty down, except the overlap means that your rigged time isn't the comparison point for your _next_ rigged time.
05:09:46op_mul:o.0
05:10:13op_mul:oh gzip. right. that's why it's coming out nonsense.
05:11:02andytoshi::/ rust
05:11:06gmaxwell:if not for the off by one you'd not be able to keep cranking the difficulty down, if not for the way the median works you'd not be able to propage at two week old timestamp as a permissable minimum value all the way to the end of the 2016 window.
05:11:27andytoshi::/ rust-bitcoin is not even enforcing the median rule
05:11:33gmaxwell:lol
05:12:06gmaxwell:obviously you have the clamps or you couldn't validate testnet; but you can't put a median rule violation in a valid chain... so....
05:12:13gmaxwell:Does blocktester not test that rule?
05:13:24andytoshi:idk, i never used the blocktester with rust-bitcoin because at the time i couldn't get it to work on my system (ditto with the regression tests in bitcoin core .... now those work for me so maybe whatever changed with also let me use the blocktester)
05:13:42gmaxwell:I'd love to see a proposal to fix timewarp, though it hasn't been important because it takes a majority hashpower to pull it off. (and you can be sure that if some majority tried it it would be fixed right quick and a huge costly swath of their blocks would be invalidated)
05:14:50andytoshi:man, this is not my day for knowing how bitcoin works :)
05:16:11rusty:andytoshi: I notice your recommended reading "The Decision Diffie–Hellman Problem, Boneh, 1998". Dan Boneh lectures the Coursera/Stanford Cryptography I and II courses, which are free.
05:16:25andytoshi:rusty: will add those
05:16:36rusty:(I'm doing Crypto I, it's really nicely done)
05:16:50sipa:Boneh's Crypto I?
05:16:53amiller:try jon katz's too
05:17:04rusty:sipa: yep...
05:18:27sipa:rusty: did that too, i really liked it
05:18:28andytoshi:i think i'm gonna drop Applied Cryptography too, because matt greene pointed out a ton of really dangerous stuff in there
05:18:58andytoshi:things like "how to choose a cipher mode" when nobody should ever be doing that
05:19:05rusty:gmaxwell: in pettycoin I used block N-2017 and block N-1, but then you need to special case the genesis...
05:20:52rusty:sipa: did you do crypto II? That covers EC, which was what interested me originally (my first-edition Applied Crypto has 1 paragraph on it :)
05:21:44sipa:rusty: has it started yet?
05:23:18andytoshi:i will add the timejacking stuff to alts.pdf when bct comes back up and i can link to it, thx for your patience everyone :}
05:23:38rusty:sipa: oh, looks like next one is Apr.. I thought when I first looked they were scheduled simultaneously.
05:23:47rusty:sipa: https://www.coursera.org/course/crypto2
05:24:58sipa:rusty: i've been waiting for that for a few years now; it's beed postponed like 5 times
05:26:38rusty:sipa: Oh, that's kinda crap. Maybe not enough people finished Crypto I?
05:27:29sipa:rusty: i just think Boneh is busy, and has better things to do than prepare a free course :)
05:28:05rusty:sipa: damn, coz it's a long way to Stanford from here...
05:28:33sipa:* sipa reminds himself that he is in california next month
05:29:25gwillen:yeah I have also been waiting years for crypto 2
05:29:42gwillen:someone should tell me if evidence appears that it's actually going to happen although I'd hope they'd email me since I'm signed up
05:30:04sipa:gwillen: Boneh told me in september that he was nearly finished (in real life)
05:30:12gwillen:awesome
05:30:15gwillen:that's good to hear
05:30:17gwillen:I really enjoyed crypto I
05:33:49maaku:maaku is now known as Guest7369
05:38:51Guest7369:Guest7369 is now known as maaku
05:43:07fanquake_:fanquake_ is now known as fanquake
06:11:07gmaxwell:icmp_seq=3750 ttl=238 time=183429 ms
06:12:02sipa:that's peanuts compared to the ping times i saw when using RFC 5514
06:40:37fluffypony:sipa: if you were seeing bad ping times then obvious you were doing it wrong OR you just have crappy Facebook friends
06:40:37fluffypony::-P
07:09:33[\\\\]:[\\\\] is now known as [\\\]
07:10:44ryan-c:sipa: I guessed IP over Avian carrier with QoS, but was sad.
07:12:56fluffypony:ryan-c: its so much worse than that
07:13:52ryan-c:fluffypony: I'm pretty sure someone *actually* implemented ip over bongo drums
07:13:59fluffypony:hah
07:14:08fluffypony:error correction with that must suck
07:15:26ryan-c:https://web.archive.org/web/20130917021241/http://www.eagle.auc.ca/~dreid
07:15:40ryan-c:original site seems to be gone, sadly. IIRC there were pictures.
08:15:30lclc_bnc:lclc_bnc is now known as lclc
09:00:48jbenet_:jbenet_ is now known as jbenet
09:05:16orwell.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
09:05:16orwell.freenode.net:Users on #bitcoin-wizards: andy-logbot platinuum jbenet mappum jtimon damethos booly-yam-5194_ d1ggy Dr-G Graftec orik devrandom [\\\] cbeams coiner delll pgokeeffe fanquake maaku Luke-Jr TheSeven p15_ hktud0 Dyaheon hashtagg PaulCapestany op_mul BananaLotus PRab jgarzik K1773R morcos_ Cory Eliel gmaxwell tacotime_ tromp__ qwopqwop_ roasbeef_ MoALTz__ Guest23486 le_killer koshii xabbix freewil Emcy moa shesek nubbins` ryanxcharles c0rw1n jps cluckj mkarrer s1w paveljanik
09:05:16orwell.freenode.net:Users on #bitcoin-wizards: DoctorBTC jaekwon amiller catcow nick1234abcd__ btc___ PFate thrasher` copumpkin spinza justanotheruser sipa bepo Meeh HaltingState samson_ EasyAt nuke1989 Aesthetic smooth starsoccer huseby cfields nsh iddo grubles @ChanServ Xzibit17 Alanius artifexd kumavis luny epscy null_radix dgenr8 ebfull Oizopower waxwing ryan-c ajweiss gavinandresen wizkid057 stonecoldpat davout hollandais warren bosma forrestv otoburb ahmed_ phantomcircuit gribble
09:05:16orwell.freenode.net:Users on #bitcoin-wizards: [d__d] lechuga_ nanotube so Apocalyptic michagogo Muis CryptOprah kinlo andytoshi gwillen gnusha burcin a5m0 Fistful_of_Coins jcorgan Anduck btcdrak sneak wumpus BrainOverfl0w hguux_ yoleaux BigBitz midnightmagic lnovy sdaftuar tromp_ SubCreative deego warptangent TD-Linux NikolaiToryzin d9b4bef9 jaromil Starduster_ berndj crescend1 Taek azariah eric BlueMatt go1111111 livegnik isis asoltys_ LarsLarsen brand0 _v3Rve dasource Krellan pigeons
09:05:16orwell.freenode.net:Users on #bitcoin-wizards: catlasshrugged fluffypony kanzure heath poggy lclc dansmith_btc petertodd espes__ Keefe JonTitor mr_burdell sl01 yrashk fenn Adrian_G nickler_ throughnothing helo Graet brad___ harrow` coryfields_ wiz cryptowest earlz optimator_ MRL-Relay comboy_ Iriez phedny Hunger- bbrittain HM2
10:26:14lclc:lclc is now known as lclc_bnc
11:23:49lclc_bnc:lclc_bnc is now known as lclc
17:25:04Adlai`:Adlai` is now known as adlai
18:06:40PRab_:PRab_ is now known as PRab
19:33:57BurritoBazooka:BurritoBazooka is now known as Burrito_
19:44:14BurritoBazooka:BurritoBazooka is now known as Burrito
20:10:40stonecoldpat:so... is anyone bringing a suit to FC for the dinners...?
20:14:14gavinandresen:stonecoldpat: you mean a bathing suit? Yes, a couple.
20:16:34stonecoldpat:gavinandresen: oh yes, ill have a few of those too :). although i mean a formal suit? (i'm guessing not due to the heat, but i dont want to be the only person without one, its happened once before and that was embarassing!)
20:16:54op_mul:worse than being the only person wearing a suit.
20:17:09op_mul:less worse.
20:17:12op_mul:better.
20:19:32gavinandresen:stonecoldpat: I don’t think I saw any suits or ties at IFCA
20:19:34stonecoldpat:mmm i don't know which one is worse lol both are embarassing :( ive never known people to want to wear them at conferences, but then i've only ever attended soups
20:19:55andytoshi:stonecoldpat: i have no formal clothing, i will not bring any
20:20:25stonecoldpat:andytoshi: awesome, at least that's two people without a suit, less embarassing ;)
20:29:26tromp__:andytoshi: the day i got formal clothing is the day i got married
20:30:05kanzure:formal suits.... you guys are awful hackers.
20:30:57op_mul:kanzure: it's fine, gmax has enough wizard beard to cover the deficit.
20:32:17Luke-Jr:I'll wear a suit to church, but that's it. who cares if I'm the only one not in suit :p
20:33:45fluffypony:oh wow, so technical ability is measured by facial hair and lack of formal attire?
20:34:02fluffypony:who knew.
20:34:20andytoshi:fluffypony: yes, github converts those directly for c++ for us
20:34:31fluffypony:hah
20:34:50fluffypony:personal hygiene points are directly proportional to github stars!a
20:35:14Luke-Jr:fluffypony: pfft, formal attire is not a matter of hygiene at all
20:35:30op_mul:you can put a suit on a pig but it won't smell any better.
20:36:11fluffypony:I prefer putting lipstick on a pig
20:36:22fluffypony:mmmmm, bacon
20:36:50stonecoldpat:it does have some truth, when i had a job, the joke was the clients who visited the company wouldnt trust us if the developers wore suits (as they assumed it was a second sales force)
20:37:17op_mul:yeah. I've seen that with woman too :(
21:06:59NewLiberty:NewLiberty is now known as NL_afk
21:12:40midnightmagic:+1 andytoshi and his lack of formal clothing!
21:19:20NL_afk:NL_afk is now known as NewLiberty
21:26:05lclc:lclc is now known as lclc_bnc
21:28:58Pan0ram1x:Pan0ram1x is now known as Guest32269
22:14:08lclc_bnc:lclc_bnc is now known as lclc
22:42:47zooko`:gmaxwell: done
22:42:49zooko`:zooko` is now known as zooko
23:04:09nsh:zooko, did you change your twitter name to your walletname? or do i follow another person with that name somehow
23:04:49nsh:wait, nm, i'm being an idiot
23:45:18lclc:lclc is now known as lclc_bnc
23:59:31fanquake_:fanquake_ is now known as fanquake