00:02:39andytoshi:adam3us: the paper you posted uses an accumulator based on RSA; i guess there is a trusted party who knows the factorization of the modulus? so for cryptocurrency we'd need to use a UFO?
00:03:03andytoshi:adam3us: (or just take the zerocoin accumulator and put that into the paper's result i guess)
00:20:20amiller:andytoshi, all accumulators using RSA have that, yeah, including the zerocoin one
00:21:52andytoshi:amiller: but is it true that you can get around it by using UFOs?
00:23:19amiller:im pretty sure, yeah. i'm not 100% that everything that's defined for an RSA modulus sitll works with an RSA ufo but i'd be surprised if anything doesnt.
00:23:29amiller:or you can do a multiparty setup ceremony
00:24:51amiller:also i think you can reuse RSA moduli across projects since they dont have any other 'special' properties other than being sufficiently big, i dont think, as opposed to generating the setup for a snark which has to be done again for every new 'circuit'
00:27:50andytoshi:hmmm maybe i could find one in a famous dead person's gpg key :P
00:40:21tdryja:tdryja has left #bitcoin-wizards
01:11:46c0rw1n:c0rw1n is now known as c0rw|sleep
03:12:52gmaxwell:andytoshi: product of US gov and china gov 2048 bit ssl cert keys.
03:33:41bramc:There's going to be a talk on stellar http://forum.stanford.edu//events/2015davidmarzieresinfo.php
03:34:35kanzure:"... the first provably safe federated Byzantine agreement protocol. Unlike prior Byzantine agreement protocols, which presuppose unanimous agreement on system membership, a federated protocol allows the set of participating organizations to grow organically over time. "
03:34:47kanzure:is there a strong reason for me to be interested in federated consensus
03:34:59bramc:Looks like the goal is to allow the set of consensus servers to vote in new consensus servers
03:35:45bramc:What is 'federated consensus'?
03:37:51gmaxwell:kanzure: is it just the trivial thing where you assume that the earlier keys are never compromised and never turn dishonest? so you're just following a sequence there? if so.. thats not terribly interesting. (well it's what the fedpeg stuff does too, but I wouldn't describe that as a fundimental property of the consensus system unless it didn't need assumptions like those)
03:37:54bramc:kanzure, I mean, I understand 'we appointed this set of consensus servers and they can vote in new consensus servers and as long as never more than X% of the peers participated in a conspiracy everything is still on the up and up'
03:39:44kanzure:i don't know the details of their scheme; i'm not sure i can think of any formulation of federated that makes me interested in this.
03:40:21gmaxwell:so what happens if the initial set is eventually completely replaced and then turns evil, will they be able to decieve (and thus split the network) new users / users who were offline for a bit?
03:40:55gmaxwell:because if so, well okay, but thats not super interesting (you just normally put the membership under the consensus just like any other property.)
03:41:12gmaxwell:If not, then it's very interesting (and probably wrong. :) )
03:41:12bramc:These things are inherently very fragile: If too many peers leave at once, it just breaks
03:41:23kanzure:i think this is the wrong direction to talk about. instead of talking about whatever their scheme is, it would be better to think of properties that a "federated" system should have, and then go from there. then evaluate their design against that.
03:41:46kanzure:but again, a federated design is somewhat uninteresting to me....
03:41:54bramc:gmaxwell, You can use timestamping/proofs of time to ensure that peers need to start their conspiracy early and can't retroactively make it later
03:42:10gmaxwell:bramc: then you need another consensus; yo dawg.
03:42:41gmaxwell:bramc: well they don't 'leave at once' if its not ~really~ a p2p system in the sense we use on the internet. E.g. if it's bank2bank, they aren't going to leave unless the system has already become uninteresting to them for other reasons... so there are cases where its more useful than others.
03:43:47gmaxwell:bramc: I agree that you can do things like use any scheme that would have by itself formed a workable consensus system to prevent reversal; though if you were willing to depend on that, why not cut out the federation? (answer: well there can still be value; but its certantly more complex to reason about)
03:44:53bramc:gmaxwell, If it's really a centralized system which just rolls its keys slowly over time that can certainly work. Also not all that interesting.
03:46:44gmaxwell:Thats what I was asking; I think thats not interesting, also things like "use a POW blockchain to prevent rollback" is not terribly interesting (yes you can do that, duh, but what does it get you) unless the approach is especially novel.
03:48:08gmaxwell:I'm a big fan of FS/NIFS ((non-interactive) forward security). I think the _obvious_ thing to do for any kind of timestamper (like a consensus signer) is to actually rotate the keys with every timestep and destroy the old ones, so even a physical compromise cannot make you split the consensus before the compromise point.
03:48:39bramc:Trivially, you can make the output of each consensus can include the list of authorities for the next consensus
03:48:57gmaxwell:Exactly.
03:50:52bramc:So yeah, all the authorities can rotate their key each turn on principle, and there's no reason for the consensus agreement itself to give their 'identities', just a list of keys
03:52:05gmaxwell:or any other threshold signature pubkey. e.g. it can just be one of many compact threshold signature schemes. The fact that there is a threshold can just be a property of the particular pubkey in use.
03:52:58orik:orik is now known as orik|[away]
03:53:12bramc:Schnorr signatures for the win, only one pubkey necessary :-)
03:53:22bramc:I wish that were a joke
03:53:32kanzure:the actual agreement between a set of servers in a federated scheme is just not an actual problem as far as i can tell
03:53:43kanzure:and it confuses me why this would be considered byzantine by them
03:56:06bramc:Because if there's nothing byzantine it isn't a cryptocurrency
03:57:07bramc:But, umm, in all seriousness no matter how complex the agreement protocol it should be able to provide a schnorr pubkey for the next block in each block. Boom, any amount of iteration on the agreement protocol you want is possible.
03:58:55gmaxwell:well it's 'byzantine' in that a sub-threshold of the specified, identified participants at any time can be byzantine.
03:59:46gmaxwell:But if it is really that the defintion has to be contorted around the membership changes.
04:02:27gmaxwell:in any case, if anyone finds out otherwise, lemme know!
04:05:41bramc:Well, I have my big question to ask now, I'm planning on going to the talk, although it isn't happening for a month
04:06:16bramc:Is anybody going to the cryptocurrency workshop going on at stanford right now?
04:06:50kanzure:there was an email sent out to the xgbtc list, i asked for a livestream, but nope no linkz
04:08:21gmaxwell:not sure about my schedule a month out; kinda hard to justify going without a better basis on it being interesting. :) maybe.
04:08:30gmaxwell:(I'm at the IETF in dallas right now)
04:09:54kanzure:ietf has a physical place?
04:11:50bramc:ietf definitely has a space in san francisco
04:12:46bramc:gmaxwell, It's part of a general security workshop http://forum.stanford.edu//events/2015security.php
04:15:50gmaxwell:kanzure: IETF meetings are held three times a year at wandering locations in rotating geographies. It's in dallas this time.
05:00:08phantomcircuit:kanzure, a federated system in which you can vote in new signers seems like a pretty hilariously bad idea
05:02:08bramc:phantomcircuit, It's better than a single signing key. Although as we were just discussing, a single signing key can be collaboratively generated, so there's no clear need for the blockchain format itself to contain anything other than a single signing key per block
05:03:11phantomcircuit:bramc, a federated system is reasonable
05:03:23phantomcircuit:a federated system in which you try to implement dynamic membership?
05:03:25phantomcircuit:not so much
05:04:42bramc:Not sure what's wrong with it, you can hand off your identity to somebody else unilaterally anyway
05:05:18phantomcircuit:bramc, if the original keys are compromised the set of signers can be changed after the fact
05:05:31phantomcircuit:although i see now gmaxwell suggested constant rotation and key destruction
05:18:03phantomcircuit:bramc, hmm actually
05:18:11bramc:Yeah, rotate keys and destroy every block. Also use a schnorr signature so you can do multiparty key generation without having to gunk up the blockchain with the details
05:18:27phantomcircuit:i guess you could build a DMMS on top of a federated system
05:21:40phantomcircuit:bramc, still seems like asking for trouble though
05:22:23bramc:phantomcircuit, Only if you make the claim that it's highly distributed like bitcoin is. If you're more realistic in your claims it's fine
05:24:38phantomcircuit:actually know what i completely retract my previous statement
05:37:12heath:anyone else at the stanford blockchain conference?
06:16:40bramc:heath, Not I. Anything interesting going on?
07:37:20face_:face_ is now known as face
08:05:18cameron.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:18cameron.freenode.net:Users on #bitcoin-wizards: andy-logbot hearn RoboTedd_ phiche spinza hktud0 face p15 bit2017 b_lumenkraft prodatalab_ devrandom p15x [7] gribble PRab napedia ryanxcharles dc17523be3 ryan-c mkarrer_ Dr-G2 d1ggy jessepollak go1111111 Emcy_ melvster tromp_ bsm117532 arubi_ helo nubbins` phedny LeMiner so SubCreative HM gmaxwell justanotheruser nuke1989 rustyn bosma waxwing dgenr8 GAit sipa ebfull jgarzik adams_ c0rw|sleep crowleyman jaekwon Transisto PaulCapestany
08:05:18cameron.freenode.net:Users on #bitcoin-wizards: bliljerk101 copumpkin adam3us heath dignork AnotherVogon mengine_ Luke-Jr Adlai STRML pigeons Starduster nsh samson_ xerox Logicwax harrow` huseby Pan0ram1x cluckj GreenIsMyPepper forrestv lmacken JustAnotherVogon luny grandmaster Xzibit17 hguux__ michagogo yrashk mariorz yoleaux deepcore ajweiss pollux-bts espes__ JonTitor null bedeho kyletorpey andytoshi amiller sl01 binaryatrocity antgreen Cory airbreather gavinandresen cornus_ammonis
08:05:18cameron.freenode.net:Users on #bitcoin-wizards: kefkius maaku sneak SwedFTP aakselrod EasyAt larraboj midnightmagic lnovy Iriez jonasschnelli berndj gabridome s1w Apocalyptic DoctorBTC AdrianG roasbeef jcorgan Tiraspol [d__d] kyuupichan NikolaiToryzin ahmed__ zz_betarigs_admi Visheate yorick petertodd kanzure catcow Muis cfields Zouppen coryfields_ cryptowest_ kinlo crescendo wizkid057 otoburb wumpus phantomcircuit BlueMatt jaromil gwillen dasource fenn tromp eordano nickler Alanius
08:05:18cameron.freenode.net:Users on #bitcoin-wizards: BananaLotus guruvan sdaftuar Hunger- runeks null_radix epscy nanotube starsoccer comboy Taek livegnik optimator fluffypony Meeh cursive dansmith_btc morcos Fistful_of_Coins dardasaba isis smooth artifexd kumavis Krellan platinuum Oizopower Keefe catlasshrugged eric mappum jbenet wiz gnusha warren lechuga_ Graet Eliel veox warptangent indolering K1773R TD-Linux leakypat CryptOprah Anduck a5m0 BrainOverfl0w MRL-Relay azariah btc___
08:05:18cameron.freenode.net:Users on #bitcoin-wizards: throughnothing @ChanServ brand0 davout NeatBasis mr_burdell d9b4bef9
09:05:50c0rw|sleep:c0rw|sleep is now known as c0rw1n
09:08:44waxwing__:waxwing__ is now known as waxwing
10:58:57poppingtonic:Hi, are there any references to proof-of-strength algorithms on bitcoin.ninja? I've seen the term used in descriptions of some alts, but can't find any documentation on the Internets.
11:03:11justanotheruser:poppingtonic: what is proof-of-strength
11:04:00fluffypony:* fluffypony suspects we're getting rickrolled
11:04:13sipa:i suppose it's also called "law of the jungle"
11:04:29sipa:to win a block, you just kill the operator of other miner pools
11:05:24poppingtonic:When I searched DDG for the term, I found this link: http://digitalmoneytimes.com/crypto-news/a-closer-look-at-guerillacoins-proof-of-strength-feature/
11:05:58fluffypony:"It’s a more graphical representation of your staking weight"
11:06:07fluffypony:so lipstick on a pig
11:06:07poppingtonic:Which says that it's a measure of total staking weight your node possesses. I don't understand that.
11:06:49fluffypony:poppingtonic: http://en.wikipedia.org/wiki/Proof-of-stake and https://en.bitcoin.it/wiki/Proof_of_Stake
11:07:12poppingtonic:so this is related to proof-of-stake?
11:07:19fluffypony:yes
11:07:35fluffypony:it's literally just a GUI progress bar representing your stake weight
11:07:39justanotheruser:lol
11:07:40fluffypony:that's why I said, lipstick on a pig
11:09:21justanotheruser:fluffypony: but if it's in the GUI it must be real.
11:10:01fluffypony:"How Can GUI Be Real If Our Eyes Aren't Real" - Jaden Smith, 2015
11:10:19poppingtonic:lol, thanks fluffypony
11:10:20justanotheruser:Same case with darkcoin, they have video evidence of their client saying 6 confirmations just seconds after the transaction is broadcast, thus proving instant conf is real
11:11:12fluffypony:but THREE MasterNodes voted for it, so therefore!
11:11:46fluffypony:* fluffypony sighs
11:14:53justanotheruser:fluffypony: seriously, I was arguing that it wasn't secure and they cited this video as proof https://www.youtube.com/watch?v=zBjUPj-TmFE&t=198
11:15:46fluffypony:justanotheruser: they don't respond well to criticism
11:16:52justanotheruser:meh, I don't want to say that people overestimating their understanding of computer security deserve to be scammed by darkcoin...
11:17:30Dr-G2:Dr-G2 is now known as Dr-G
11:19:08fluffypony:the whole Darkcoin situation over the last couple of days (I posted a breakdown of their threat model on Reddit and got insulted six ways from Sunday) is deeply reminiscent of the gmaxwell vs. Ripple/Stellar thing
11:19:28fluffypony:I even quoted him on it: https://bitcointalk.org/index.php?topic=583449.msg10864553#msg10864553
11:20:54justanotheruser:It's much easier to understand for the layman that you are working on a directly competing altcoin than that there are fundamental flaws in darkconi
11:21:41fluffypony:yep, and thus that much easier to deflect the criticism
11:23:47justanotheruser:Break it or shut it about our technology.... That is it that is all. Like I said I'm putting money where my mouth is... You should do the same. Break it... Or beat it... And this is coming from a major holder of your coin too...me.
11:24:04justanotheruser:shame on you for telling people about a flaw in their money rather than stealing their money
11:24:23fluffypony:hah hah
11:25:16fluffypony:one day I'll give a talk on "the burden of proof in cryptographic systems" and "how NOT to design an antifragile system", I'll have plenty of material to refer to
12:29:16Adlai:* Adlai upvoted fluffypony re: darkcoin but felt like the kid patching up the flood dams with his finger
12:29:24fluffypony:lol
12:29:53fluffypony:never mind, I'll create my own cult...with blackjack and hookers!
12:31:49Adlai:* Adlai prefers the cult with skipjack and wizards
12:32:16fluffypony:lol
12:48:00instagibbs:good post fluffypony. If someone's not going to understand that burden of proof argument, they're a lost cause and won't be swayed by obviously DDoS vulnerabilities because "prove it ivory tower crypto-faggot"
12:51:20fluffypony:lol exactly
12:52:22kanzure:you forgot to use "bitcoin maximalist" in that quote
12:52:42fluffypony:"Bitcoin purist"
12:54:28instagibbs:Proof of No One Gives a Shit
12:54:59instagibbs:seriously though I think a blog post like that would be nice.
12:55:15sipa:ponogas!
12:55:19sipa:it even sounds nice
12:55:20fluffypony:for April 1st someone should announce that Bitcoin is going to be adding MasterNodes
13:17:40bramc:Of course actual breaks are met with death threats
13:21:20bramc:fluffypony, How did darkcoin manage to mine 8 million in its first day when it's supposed to mine 2800 per week? If bitcoin were released with a horribly adjusted proof of work factor, it would hit the factor of 4 limit a bunch of times quickly, so if were off by a billion it would give out 15 extra rewards before stabilizing.
13:22:06fluffypony:bramc: broken emissions curve formulae that doesn't match any of the 3 they've published in their various whitepapers
13:22:11fluffypony:coupled with a broken difficulty retarget
13:22:13justanotheruser:yeah, darkcoin should have done what bytecoin did and forged timestamps
13:22:21fluffypony:hah hah justanotheruser
13:25:16stonecoldpat:do people take darkcoin seriously? i dont know much about it, i just assumed by the name most people wouldnt bother with it
13:28:07bramc:Rewards formulas seem like a strange thing to mess with. The one in bitcoin is brainless and works fine.
13:28:56tromp:except for a newly launched coin that is stupid enough to give max rewards from block 0
13:30:37fluffypony:and have a difficulty so low that you mine a block every 26 seconds for the first 32 hours (instead of their targetted 2.5 minute block time)
13:31:52tromp:it worked for bitcoin because there were so few miners that the difficulty didnt need much adjustment
13:32:02fluffypony:yep
13:32:47fluffypony:http://www.reddit.com/r/Bitcoin/comments/2zufu1/a_great_podcast_by_lets_talk_bitcoin_discussing/cpn7fgn
13:32:48adam3us:bramc: comment from an economist who advises govts was that it basically doesnt matter so long as its simple and predictable.
13:33:00gavinandresen:Back before the altcoin explosion I’d get emails asking how I generated the testnet genesis block. My answer was “if you can’t figure that out yourself, you shouldn’t be messing with creating a coin”
13:33:02fluffypony:"Blocks 1 to 1152 had a 500 DRK reward. Blocks 1153 to 1728 had a 277 DRK reward. Then blocks 1729 to 3456 again had a 500 DRK reward. 3457 to 4032 drop to a 277 DRK reward, only to have blocks 4033 to 4501 have a 500 DRK reward. As you correctly point out it then goes to 56 DRK from block 4502 (although bizarrely decreases to 21 DRK up till block 5466, when it increases to 122 DRK)."
13:33:05adam3us:which i think is probably true… people are actually capable of adjusting for NPV
13:33:15fluffypony:"The actual frightening thing is to look at the time stamp on block 1 (the first block after the genesis block), which was mined on 2014-01-19 at 03:54:41. By the time we get to block 4501 a total of 1 993 604 DRK had been mined, but that block was mined on 2014-01-20 at 12:46:51, a mere 32 hours (118 330 seconds) later. That's an average of a block every 26.29 seconds."
13:33:18gavinandresen:Then somebody published a “how to generate a genesis block” article and that seemed to start the altcoin explosion....
13:33:29sipa:we need coingen again
13:33:44sipa:to remove the elitarism and allow any clueless person to innovate
13:34:32fluffypony:sipa: if we make it work with the top few forks that'd be extra special
13:36:38fluffypony:stonecoldpat: unfortunately they do - there are some people who appear to have a reasonable level of intelligence that gush praise on how "innovative" it is
13:39:00bramc:fluffypony, If their goal is 2.5 minutes (150 seconds) and they were doing 26 seconds, that's only a factor of 6
13:39:19bramc:That reward schedule makes no goddamn sense of course. It looks like somebody trying to mess with you.
13:39:54fluffypony:well their block reward is at least an excellent source of entropy
13:39:55fluffypony::-P
13:41:03bramc:http://dilbert.com/strip/2001-10-25
13:41:40fluffypony:hah hah
13:49:04stonecoldpat:from what im reading, its just nodes that can be set up by anyone (masternodes) to do coinjoin
13:49:26fluffypony:well you have to put 1000 DRK up to run a MasterNode
13:49:30fluffypony:and then you get paid
13:52:08stonecoldpat:yeah, which is good for the rich who can invest their money to do something that makes them profit, but you must stil need to be careful how you spend your outputs? (to make sure the outputs are not linked with which mixnet you used)?
13:52:39fluffypony:well the idea is that it "premixes" your coins
13:53:17fluffypony:and then you can safely spend them on illegal stuffs, as long as you mix regularly
13:53:45fluffypony:(I use the term "safely" only in the loosest possible sense)
13:57:44stonecoldpat:its spending them that i find difficult to believe they can maintain the privacy, if you spend them in certain ways then that may leak your links of the coins. (or at least increase some probability that they belong to you)
13:58:30stonecoldpat:so i put 1.5 drk in the mixnet, its mixed a few times, then i spend the 1.5 drk all at once (using each fixed denomination output from the mixnet), then it is pretty clear who owned the coins
13:58:37instagibbs:it's really important to note that it's essentially running a GreenAddress-style notary for instant transactions, and for trusted mixing. It's just jammed into the consensus protocol, and "randomized" for obfuscation.
13:59:59instagibbs:Pros: You get a larger anonymity set initially. Cons: It's almost surely broken and is an existential risk.
14:01:09instagibbs:(Of course even a modest CoinShuffle network on Bitcoin would be larger than all Darkcoin transactions combined)
14:01:33bramc:I wonder how many 'decentralized' proof of stake systems are in practice run by a single counterparty. That should in principle be a reasonably stable setup.
14:01:54fluffypony:most of them, if they use PoS "checkpointing"
14:02:00instagibbs:if you believe in stake grinding... all I suppose :)
14:03:12bramc:If somebody completely controls the system there's no need for hamburger making
14:03:35bramc:And they have reason to try to keep the price reasonably stable
14:03:42instagibbs:but it is just enough Decentralization Theater that it avoids, for now, the SEC
14:04:23bramc:So you'd expect that most cow-based systems would quickly get taken over by a single player who then pretends like they don't own it and it's functioning well on its own
14:05:16sipa:cow? copy on write?
14:05:33sipa:like a blockchain that forks on every spend :p
14:05:38fluffypony:instagibbs: although I'm fairly certain FinCEN will treat MasterNodes as money transmitters ;)
14:06:15bramc:cow = proof of steak
14:06:36instagibbs:fluffypony: Not sure about that personally. I kind of hope not due to the closeness to GA.it and regular old Mixing. I guess they're slightly closer due to them getting a cut of block subsidy?
14:06:39sipa:bramc: ha
14:07:00bramc:That's an interesting point. If you put up DRK to participate you can't claim to be part of a decentralized system
14:07:00instagibbs:Super Secure Corned Beef Hashing
14:07:18bramc:In fact cow might completely run chicken of the sec in general
14:07:23instagibbs:you're a notary basically. And a trusted mixer. That's really it.
14:07:24fluffypony:instagibbs: yes - they're providing this peripheral service and getting paid for it, so I don't think they'd qualify for the exception that applies to miners
14:07:27bramc:chicken = a fowl
14:07:41sipa:bramc: seems like you're running afowl
14:08:57bramc:What is the legal theory behind miners not being service providers, at least for transactions?
14:10:38instagibbs:regulators tend to work based on function, so the argument would be that functionally all they do is order transactions, giving them, at least individually, not a ton of power.
14:11:06instagibbs:(hand waving here)
14:11:35bramc:Ah, I see, on the argument that the person who made the order created it and it will be fulfilled sooner or later anyway
14:12:00instagibbs:And Bitcoin today largely works like that, yes. So they seem happy enough with that.
14:13:07bramc:Yeah cow seems to have potential problems with that. Masternodes are pretty unambiguously in the wrong.
14:13:42fluffypony:* fluffypony is definitely not telling his vegan wife about this conversation
14:15:20instagibbs:It's easy to argue that cow, as a consensus mechanism for blockchains, doesn't pass that test either. "Phone a friend" will functionally devolve into "query this bank for true chain". Don't think regulators will like that if/when that becomes necessary. Centralized checkpoints are even clearer.
14:18:02instagibbs:and if no checkpoints/phoning, original stakeholders are central party, obviously.
14:18:58justanotheruser:instagibbs: and you can phone a friend for the correct rules of the bitcoin blockchain
14:19:22kanzure:this is why the rules of bitcoin should be derived from the name of the protocol, so that everyone can be sure they are using the right rules.
14:19:23justanotheruser:the difference being that you can calculate that a ton of money was spent calculating the PoW
14:19:40instagibbs:justanotheruser: Yes, of course. It's an argument of degrees. My point is the reasoning of why miners aren't considered as money transmitters will fail.
14:20:03instagibbs:may* fail
14:20:34bramc:I had an interesting thought about what the distribution of amount of time to mint a block should ideally be. There are two conflicting requirements: First, that whoever has fever resources should have a minimal chance of overtaking, and second, that it should be as spread out as possible to come to consensus faster
14:20:48gmaxwell:kanzure: yea, well, or the name should be the hash of the rules. :P
14:20:55instagibbs:Consensus rule changes are much hairier of course, since people will trust a small subset of people. I'm not sure regulators have totally figured that out yet.
14:21:01kanzure:er, right, i would also be okay with that
14:21:20kanzure:gmaxwell: i would also be interested in coming up with proxies for that, or replacements for things like "well we can't have the name be the hash of the rules, but we could do instead that offers many of the same properties"
14:21:31kanzure:gmaxwell: like perhaps a qr code (yes i know qr codes are terrible)
14:22:01bramc:But there's a limit on how well the first requirement can be met anyway, because a counterparty with more than half the resources can win anyway, so it turns out you ideally want the time to make a block to be evenly spread out from n to 2n
14:22:33justanotheruser:Or we could just say that the best blockchain is probably the one that has had the most money spent on it
14:23:05kanzure:using the hash of the rules as a name is advantageous because you can more easily communicate to others the set of rules that you are talking about when you say "bitcoin". but surely there are other ways to do this without hash-based names?
14:23:31bramc:justanotheruser, Yes, go with the block chain with greater transaction volume. That could never go wrong.
14:23:44kanzure:bramc: that could easily go wrong
14:23:52justanotheruser:bramc: that sonuds like a terrible idea
14:23:54bramc:kanzure, that was sarcasm
14:23:55instagibbs:thatsthejoke.jpg
14:23:56fluffypony:that was sarcasm, no?
14:24:00fluffypony:lol
14:24:17fluffypony:needs more /s at the end
14:24:41instagibbs:justanotheruser: I mean that's the whole idea of embedded consensus. If people want to waste time on sticking in transactions you don't recognise as valid, take the spent energy and use it to further secure your version. No SPV of course.
14:24:48bramc:Granted it can be hard to tell sarcasm when you look at darkcoin's rewards schedule, which looks like a joke
14:24:56justanotheruser:I guess what I said was ambiguous, by money spent I mean PoW done
14:25:00justanotheruser:not transaction volume
14:25:42bramc:Yes, PoW is the right measure, very subtly different from blocks mined and transaction volume
14:27:36justanotheruser:And at that point you're somewhere between SPV and "true" full node security
14:28:40bramc:Nobody ever seems interested in my comments on collaborative mining formulas. At least now I have a coherent goal in my next round of messing with it, which will happen after my board meeting today.
14:28:52stonecoldpat:fluffypony: https://bitcointalk.org/index.php?topic=978447.0 this is what i ment about spending outputs with drk
14:29:35instagibbs:bramc: I think it's general fatigue on "anti-pool" algorithms. I'll read any writeup you make fwiw.
14:30:09fluffypony:stonecoldpat: unfortunately he never followed up with a PoC or anything like that, so the Darkcoiners decided that thread was rubbish
14:31:13bramc:fluffypony, What's a PoC?
14:31:25stonecoldpat:bramc: im guessing proof of construction
14:31:28fluffypony:Proof of Concept
14:31:59bramc:instagibbs, I'll certainly do a writeup when it's ready, it's been a bit of a moving target, and I of course babble on here about the most speculative parts, which probably doesn't help understanding.
14:32:53instagibbs:yeah not too helpful tbh. You guys that have already met are chatting a few squares ahead.
14:33:06stonecoldpat:thats quite annoying, if they sit back and think about it, then its just an obvious problem with any mixing
14:33:25instagibbs:stonecoldpat: you need same-sized outputs
14:33:56instagibbs:read the coinshuffle paper, it's the assumed way of doing it
14:34:03stonecoldpat:instagibbs: they are same-sized, the problem is that I spend 5/20 of the outputs, so its easy to link them
14:34:34stonecoldpat:instagibbs: yeah ive read it, its a good paper, but it doesnt solve spending the coins, just removes the need for a trusted third party to shuffle the outputs of a transaction
14:34:56instagibbs:yeah UTXO management is a headache
14:35:49stonecoldpat:instagibbs: exactly, i think its an inherint problem with bitcoin or anything directly derived of it (like darkcoin)
14:35:51instagibbs:Even that said, simply getting to that point would give plausible deniability for many things.
14:36:57bramc:The monero/zerocoin approach with serial numbers seems to be a much more solid way of providing anonymity
14:36:58instagibbs:It's a modular improvement that will only help even more as we solve the other issues.
14:37:17bramc:Short of that I don't see much utility in providing mixing directly in the protocol
14:40:43gmaxwell:bramc: It is. That other stuff was initially "hey this coinjoin stuff is great, we put it in an altcoin!" to which my result was "hey, idiots, the whole point of coinjoin was that it already worked in bitcoin. If you're talking about something incompatible there are much better approaches" ... and they've since gone off to do other things, but uh.. seemingly without a lot of thought in advance.
14:40:50gmaxwell::)
14:49:26fluffypony:gmaxwell: but they're solving all of Bitcoin's problems! anonymity! instant transactions! visa-scale network! sporks!
14:50:32fluffypony:and it's all powered by Human Greed™
14:51:14instagibbs:stonecoldpat: I think active+passive mixing will be crucial. Just offer up outputs to people who want transactions now. Sort of like JoinMarket I guess. Only mix outputs together to get larger outputs, etc.
16:44:09GAit:squid restart. expected result, squid restarts. Actual result, squid deletes all files from disk [UNRELEASED package] https://bugzilla.redhat.com/show_bug.cgi?id=1202858
16:46:42phiche:that's the most totally awesome bug I've seen in a while!
17:19:30kanzure:http://velvetpulse.com/2012/11/27/scribe-the-deterministic-transparent-record-replay-engine/
17:19:37kanzure:"replay of a recorded execution can transition to live execution at any point." where is your wizard magic god now?
17:28:53justanotheruser:justanotheruser is now known as Il|[|l]|
17:35:31Il|[|l]|:Il|[|l]| is now known as [|]]
17:38:38[|]]:[|]] is now known as justanotheruser
17:43:48ajweiss:hah! an early version of scribe showed up as a project in a class i took a few years ago
17:44:26ajweiss:never knew they got a paper out of it
17:45:53ajweiss:i think for a demo they replayed some unix utility under a different locale
18:49:03gmaxwell:kanzure: really weird that that page makes no mention of http://rr-project.org/
18:50:03gmaxwell:oh because its old, ah hi.
18:50:06gmaxwell:er ah ha
18:50:43gmaxwell:In any case, if that interests you, you probably want rr.
19:12:47kanzure:"If you accidentally set a breakpoint in the wrong place and miss gathering critical information, your precious intermittent failure isn't lost. Just fix your breakpoint and then tell gdb to run the recording back from the beginning again."
19:32:48Luke-Jr:it doesn't really work in my experience
19:32:57Luke-Jr:in theory, sure - but in practice, it's so slow …
19:33:31Adlai:so slow that the heisenbugs get bored?
19:33:46gmaxwell:hm? I've used rr while working on firefox and found it fine.
19:37:15Luke-Jr:it's just the gdb "record" command, right?
19:38:01gmaxwell:Luke-Jr: oh no, record is too slow to be useful.
19:39:00gmaxwell:record is slow because it basically records process state so you can go back... rr gives up that crazyness and instead records _all_ non-determinstic IO of the process. So to go back you can just replay the process from the start and end up in exactly the same state.
19:39:01Luke-Jr:oh, I get it. this is just dealing with IO basically
19:39:21gmaxwell:yea, including "inputs" like scheduling decisions for multithreaded programs.
20:41:50DougieBot5000_:DougieBot5000_ is now known as DougieBot5000
21:15:08waxwing__:waxwing__ is now known as waxwing
22:25:35dEBRUYNE_:dEBRUYNE_ is now known as dEBRUYNE