02:01:06hobana.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
02:01:06hobana.freenode.net:Users on #bitcoin-wizards: andy-logbot Dr-G2 xenog nemild rusty PaulCapestany Crowley2k StephenM347 nubbins` bsm1175321 d1ggy_ justanotheruser DougieBot5000 afk11 manan19 NewLiberty DrWatriguez antgreen gielbier RoboTeddy comboy gonedrk arubi sneak user7779078 spinza jgarzik cluckj iugfhvybu adam3us tdryja luigi1111w LeMiner nivah jtimon tcrypt Burrito GAit realcr gmaxwell Tjopper Relos Starduster airbreather rustyn jaromil catlasshrugged_ Apocalyptic harrigan bosma
02:01:06hobana.freenode.net:Users on #bitcoin-wizards: Pan0ram1x kobud unlord [7] PRab melvster ebfull dasource nullbyte Cory forrestv mkarrer cryptowest_ satwo devrandom amiller_ runeks__ kanzure waxwing kefkius throughnothing jaekwon maaku Graet Eliel veox indolering K1773R Keefe petertodd jcorgan larraboj ryan-c jessepollak hashtag_ MoALTz_ gribble tromp mr_burdell gnusha Iriez tromp_ d9b4bef9 wiz bliljerk101 aakselrod starsoccer thrasher` dgenr8 Zouppen cfields Madars JonTitor prodatalab_
02:01:07hobana.freenode.net:Users on #bitcoin-wizards: harrow grandmaster helo jonasschnelli copumpkin sadoshi p15 c0rw1n btcdrak go1111111 yorick weex SwedFTP Hunger- lmacken dc17523be3 sqt face HM Luke-Jr luny yrashk artifexd kumavis adams_ platinuum otoburb a5m0 vonzipper huseby midnightmagic BlueMatt GreenIsMyPepper warren TD-Linux mariorz binaryatrocity hguux___ fenn wizkid057 ajweiss Tiraspol SubCreative Adlai Anduck iddo poggy raizor Chillum nsh kyuupichan Logicwax phantomcircuit EasyAt
02:01:07hobana.freenode.net:Users on #bitcoin-wizards: lechuga_ luigi1111 isis nanotube yoleaux berndj gavinandresen dignork AdrianG s1w livegnik optimator fluffypony Meeh cursive dansmith_btc morcos guruvan BananaLotus bedeho heath roasbeef_ Fistful_of_Coins stonecoldpat afdudley espes__ pigeons eric sipa warptangent phedny so STRML michagogo null sl01 lnovy [d__d] catcow Muis coryfields_ kinlo wumpus gwillen nickler Alanius sdaftuar null_radix epscy Taek Krellan Oizopower mappum jbenet leakypat
02:01:07hobana.freenode.net:Users on #bitcoin-wizards: CryptOprah NeatBasis davout brand0 @ChanServ btc___ azariah MRL-Relay BrainOverfl0w
02:01:07hobana.freenode.net:[freenode-info] channel trolls and no channel staff around to help? please check with freenode support: http://freenode.net/faq.shtml#gettinghelp
02:04:09phantomcircuit:adam3us, but then how would they pretend to know all?
02:56:40tdryja:tdryja has left #bitcoin-wizards
03:08:28tromp:where does the name "kanzure" originate?
03:44:47maaku:tromp: the pronounceable nym of the 47th avatar of a demon of unspeakable evil
04:00:10rusty:Part IV: Summary. http://rusty.ozlabs.org/?p=477 Nothing particularly useful for most #wizards I expect.
04:01:54kanzure:tromp: well my 12 year old self was like "hey i should have a pseudonym so that i can always find my old stuff on the internet"... 12 year old me was not very bright.
04:02:52c0rw1n:c0rw1n is now known as c0rw|sleep
04:19:35justanotheruser:is kanzure just a string of letters that is pronouncable
04:23:30gmaxwell:kanzure: weird. all my usenet posts were anonymous, to such an extent that I couldn't find them (at least not with any reliablity) myself.
04:26:31phantomcircuit:kanzure, 13 year old me was probably just as (if not more) stupid
04:26:38phantomcircuit:but my handle is pretttty cool
04:27:40gmaxwell:most things I did under the nullc name are lost forever to BBSes (thank god).
04:29:14gwillen:rusty: fwiw your posts have been incredibly helpful to me
04:29:18gwillen:(on lightning)
04:31:05rusty:gwillen: thanks! Actually, blame gmaxwell. He started this "explaining bitcoin ideas clearly" stuff. Not sure it'll catch on....
04:31:17gwillen:hahahahah. Well I sure hope it doe.
04:34:23kanzure:instead of usenet all my super-young posts were stuff like "what do you mean there isn't a mew under the truck?"
06:05:49sqt:sqt is now known as SafiaFr0stweaver
06:06:36SafiaFr0stweaver:SafiaFr0stweaver is now known as PsychoticMemes
06:07:36PsychoticMemes:PsychoticMemes is now known as Sqt
08:05:18verne.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:18verne.freenode.net:Users on #bitcoin-wizards: andy-logbot cbeams phiche berndj p15 moa hktud0 ebfull priidu satwo_ jhogan42 nivah b_lumenkraft arubi unlord_ jaekwon_ justanotheruser thrasher` koshii TheSeven Zouppen andytoshi JonTitor Xzibit17 cfields prodatalab__ Dr-G2 PaulCapestany nubbins` d1ggy_ manan19 DrWatriguez antgreen gielbier comboy sneak spinza jgarzik cluckj iugfhvybu adam3us luigi1111w LeMiner GAit realcr gmaxwell Tjopper Starduster airbreather rustyn jaromil catlasshrugged_
08:05:18verne.freenode.net:Users on #bitcoin-wizards: Apocalyptic harrigan bosma Pan0ram1x PRab melvster dasource nullbyte Cory forrestv mkarrer cryptowest_ devrandom amiller_ runeks__ kanzure waxwing kefkius throughnothing maaku Graet Eliel veox indolering K1773R Keefe petertodd jcorgan larraboj ryan-c jessepollak hashtag_ MoALTz_ gribble tromp mr_burdell gnusha Iriez tromp_ d9b4bef9 wiz bliljerk101 aakselrod starsoccer dgenr8 Madars harrow grandmaster helo jonasschnelli copumpkin sadoshi
08:05:18verne.freenode.net:Users on #bitcoin-wizards: c0rw|sleep btcdrak go1111111 yorick weex SwedFTP Hunger- lmacken dc17523be3 Sqt face HM Luke-Jr luny yrashk artifexd kumavis adams_ platinuum otoburb a5m0 vonzipper huseby midnightmagic BlueMatt GreenIsMyPepper warren TD-Linux mariorz binaryatrocity hguux___ fenn wizkid057 ajweiss Tiraspol SubCreative Adlai Anduck iddo poggy raizor Chillum nsh kyuupichan Logicwax phantomcircuit EasyAt lechuga_ luigi1111 isis nanotube yoleaux gavinandresen
08:05:18verne.freenode.net:Users on #bitcoin-wizards: dignork AdrianG s1w livegnik optimator fluffypony Meeh cursive dansmith_btc morcos guruvan BananaLotus bedeho heath roasbeef_ Fistful_of_Coins stonecoldpat afdudley espes__ pigeons eric sipa warptangent phedny so BrainOverfl0w MRL-Relay azariah btc___ @ChanServ brand0 davout NeatBasis CryptOprah leakypat jbenet mappum Oizopower Krellan Taek epscy null_radix sdaftuar Alanius nickler gwillen wumpus kinlo coryfields_ Muis catcow [d__d] lnovy sl01
08:05:18verne.freenode.net:Users on #bitcoin-wizards: null michagogo STRML
08:44:22raizor:raizor is now known as raiz
09:43:42gmaxwell:[system failure porn] https://medium.com/backchannel/how-technology-led-a-hospital-to-give-a-patient-38-times-his-dosage-ded7b3688558
10:01:05moa:"Installing a system like Epic is not like installing an operating system on your laptop" ... can only wonder what coder calls a medical system Epic?
10:01:54moa:sounds like an altchain dev
10:02:28wumpus:I doubt it's a coder making that decision, it's probably some acronym from a marketing guy
10:09:33fluffypony:* fluffypony starts Epicoin and credits moa
10:10:42moa:fluffypony: no premining Epics
10:10:57fluffypony:but how will we fund it without a massive premine!
11:05:53kanzure:moa: epic is a heathcare company that causes billions of deaths per year
11:47:16Eliel:I suppose you can call that epic then
12:13:20sturles:Does anyone know which wallet software sends the change from a transaction back to one of the addresses used for inputs? Example: http://www.walletexplorer.com/txid/80702a84562fb0cbf2bcea46c9a644bc2c721b0f4c01d3de8dfb8b6447788252
12:13:41wumpus:some of the android wallets do
12:15:04sturles:Only Android? I weakly recall an early iPhone wallet doing this, and the developer chose not to fix the problem because Apple had banned Bitcoin wallet apps by then.
12:15:36sturles:Do you know which Android wallets are affected?
12:16:46sturles:I can't remember the name of the iPhone wallet either.
12:17:07wumpus:I certainly don't know if those are the only ones, and I don't know which ones specifically, but I know it was quite common there at some point
12:17:57sturles:Trying to nail a credit card scammer. Any information would be helpful. I know who it is, just want to give the Police some more pointers to where they can secure proof.
12:20:23stonecoldpat:I know Hive uses the same bitcoin address for everything
12:20:35stonecoldpat:so i imagine that also uses the same address for change as well
12:25:17sturles:Hive!? Isn't Hive a new-ish wallet?
12:25:57Luke-Jr:sturles: pretty sure speculation can't be considered proof
12:26:07Luke-Jr:at least that behaviour is easily imitatable
12:28:02stonecoldpat:I have no idea when it was made sorry :(
12:30:53sturles:Luke-Jr: Yep, but if the Police know they should be looking for e.g. an iPhone he used at the end of December 2013, it may help them find the actual wallet used. This would be proof.
12:31:33sturles:I already have more than enough proof for them to make him a visit.
12:40:06hearn:sturles: old multibit does that
12:40:18hearn:sturles: multibit HD does not, however that is still (!) in beta
13:23:41c0rw|sleep:c0rw|sleep is now known as c0rw1n
13:33:46hearn_:hearn_ is now known as hearn
15:04:01DrWatriguez:DrWatriguez is now known as DrWat
15:19:11fluffypony:"Exactly. Decentralize! Check out the decentralized Reddit
15:19:12fluffypony:URL's and tags on-blockchain!"
15:19:18fluffypony:wtf. who thought that was a good idea.
15:21:29zooko`:zooko` is now known as zooko
15:36:42zooko`:zooko` is now known as zooko
15:38:07unlord_:unlord_ is now known as unlord
15:52:14binaryatrocity_:binaryatrocity_ is now known as binaryatrocity
16:26:29[1]LeMiner:[1]LeMiner is now known as LeMiner
16:29:41amiller_:hey everyone
16:29:48amiller_:who wants to read the new Stellar whitepaper
16:30:17amiller_:they've dumped everything all at once.... technical faq: https://www.stellar.org/blog/stellar-consensus-protocol-proof-code/ whitepaper https://www.stellar.org/papers/stellar-consensus-protocol.pdf
16:32:38tromp:hi Andrew. I saw your lecture covering Cuckoo Cycle a few days ago. very nice
16:34:02gmaxwell:amiller_: in one minute looking, so far it claims that POS has decenteralized control / open membership; which means it adopts a narrower definition of these words than I would. (since membership in those systems is at the mercy of their existing members)
16:34:44amiller_:gmaxwell, i think they're just being charitable to their "related work".
16:35:31amiller_:tromp, ahh thanks. I have been meaning to ask you to look at it and tell me what you thought... it was recorded a long time ago, way before FC :)
16:35:42gmaxwell:It is the responsibility of each node v to ensure Q(v) does not violate quorum
16:36:55gmaxwell:This sounds like the original ripple garbage of "you can trust whomever you want; but its not safe unless you trust the 'right' people, and the definition of right depends on the structure of the entire trust graph which is unknowable to you'
16:37:06tromp:amiller_: i hope ppl don't go googling for "Cuckoo hash cycles" though:(
16:38:00tromp:you say that verification takes k hash function evaluations, which should be 2k
16:38:30tromp:but no-one else will notice that:)
16:39:30tromp:btw, i was playing around with a possible logo for Cuckoo Cycle, and came up with https://github.com/tromp/cuckoo/blob/master/logo.png
16:39:56zooko:Sweet. :-)
16:40:13tromp:hi, zooko!
16:40:34gmaxwell:tromp: cool; the branches sould intertwine and form a wreath.
16:41:27tromp:gmaxwell, yes i wondered about connecting those, bu i lack both the drawing skills and suitable software
16:43:26fluffypony:tromp: I'll see if I can whip something up
16:44:34tromp:thx, fluffypony
16:48:37kanzure:i think that pos-new.pdf already covers that membership system
16:48:58gmaxwell:amiller_: it looks like they get around blocking by allowing any disagreement between nodes to delay particular transactions; perhaps forever. but allow unrelated things to go forward; because of this they cannot do any agreement on system parameters. Am I miss understanding this? this seems particularly unuseful to me; the spliting and merging of coins in bitcoin causes rapid exponential growth
16:49:04gmaxwell:in many (most?) transaction past and future interaction-lightcones. So ISTM making a single stuck transactions in such a system could taint all the rest fairly quickly.
17:02:22pampuchy:hi, what is cuckoo cycle?
17:02:55amiller_:pampuchy, it's a memory hard proof-of-work puzzle that tromp invented
17:03:09amiller_:see: https://github.com/tromp/cuckoo
17:06:03pampuchy:where can i start learning about proof of work, stellar, ripple etc?
17:06:31tromp:zooko, did you ask the scientists what they think about Cuckoo Cycle?
17:06:52sipa:'the scientists' ?
17:07:09tromp:the zerocash folks:)
17:08:36fluffypony:tromp: got a colour palette in mind?
17:09:04tromp:no, i planned to keep it a line drawing (black and white)
17:09:26tromp:color distracts:(
17:10:10fluffypony:I'm doing a flat logo, so it'll work fine as black/white
17:11:53kanzure:pampuchy: http://en.wikipedia.org/wiki/Proof-of-work_system
17:12:39kanzure:pampuchy: https://news.ycombinator.com/item?id=9050429
17:21:24zooko:tromp: hm, the zerocash scientists never got back to me with any comment about cuckoo cycle.
17:21:29pampuchy:what is the consensus on POS? is it considered legitimate?
17:21:37zooko:pampuchy: there isn't yet a consensus.
17:21:58zooko:Please wait about 10000 more blocks and then check again.
17:22:02fluffypony:pampuchy: nothing has, as yet, addressed the concerns around PoS
17:22:11fluffypony:at least not in any way that actually solves them
17:22:37fluffypony:there are plenty of proposals that add complexity to try and "fix" PoS
17:22:43pampuchy:what about these comments by lappa in this thread: https://news.ycombinator.com/item?id=9061763
17:22:56fluffypony:comments doth not cryptography make
17:23:11zooko:tromp: personally, I'm heavily leaning toward using a Password Hashing Candidate for my memory-oriented PoW, because of the analyses from multiple cryptographers that some of those candidates are getting.
17:23:20andytoshi:pampuchy: have you read https://download.wpsoftware.net/bitcoin/pos.pdf ? on the "how do you create distributed consensus" front there is not much more here than there is in that paper
17:24:15pampuchy:is lappa here in this channel?
17:24:36andytoshi:pampuchy: also http://www.jbonneau.com/doc/BMCNKF15-IEEESP-bitcoin.pdf by amiller_ and friends if that seems too fluffy, though it doesn't really go into pos.pd
17:24:43tromp:zooko, so you prefer a tweaked scrypt over an asymetric PoW that can be seriously memory bound?!
17:24:48pampuchy:i guess my question really is, who are the known trolls/crakpots etc to steer clear and not waste my time
17:25:18zooko:tromp: what do you mean by "seriously memory bound"?
17:25:41andytoshi:pampuchy: i have not found a filter that doesn't give false negatives; so now i use "everyone advocating pos"
17:26:04andytoshi:i'm assuming if there is a break in my argument somebody here will tell me....but i suspect they are all similarly tired of this
17:26:14tromp:see the 4 properties MB1..MB4 in my paper
17:26:20sipa:pampuchy: proo-fo-work in bitcoin is used both for consensus convergence and initial coin distribution, and these "proof of" systems can be used for many things besides those. it seems however, that PoS does not actually solve consensus convergence, though it may be used for other things
17:27:00tromp:none of which are particularly satisfied by the PHC candidates
17:28:02zooko:* zooko looks
17:28:20andytoshi:pampuchy: well if you have a consensus system you can literally prove stake in some part of it; even in bitcoin you can prove possession of coins, you can prove that they are escrowed with a certain party (and this can be used for bonding) etc
17:28:46zooko:I've opened an issue ticket requesting the zerocash scientists, if they are interested, to analyze Cuckoo, Catena, and Lyra2.
17:29:11zooko:tromp: I believe Catena and Lyra2 are intended to provide MB1–MB4.
17:29:55tromp:well, they may provide MB2 and MB4
17:30:23pampuchy:can anyone explain this post kanzure made: https://news.ycombinator.com/item?id=9049917
17:30:37tromp:but they cannot satisfy MB1 in a PoW context that needs fast verification
17:30:40pampuchy:especially this part: "Once each general receives whatever plan he hears first, he sets his computer to solve a difficult hash-based proof-of-work problem that includes the plan in its hash."
17:30:42zooko:Hm, yeah don't know about MB3.
17:31:12pampuchy:what is a "hash based POW problem"?
17:31:29tromp:it's a PoW based on Hashcash
17:31:35zooko:I think verification of e.g. Catena or Lyra2 can be acceptably fast, although it requires momentary use of a lot of RAM.
17:32:11sipa:pampuchy: read about hashcash, and the bitcoin whitepaper
17:33:34andytoshi:pampuchy: see the beginning of https://download.wpsoftware.net/bitcoin/pos.pdf also http://blockstream.com/sidechains.pdf
17:33:41pampuchy:sipa: which one is the bitcoin whitepaper
17:34:18sipa:pampuchy: http://bitcoin.org/bitcoin/pdf
17:34:26sipa:pampuchy: http://bitcoin.org/bitcoin.pdf
17:35:09tromp:zooko: using a memory-hard PHC as PoW means making compromises, such as poor performance on mobile devices, and limited asic-resistance
17:41:13pampuchy:is andrew poelstra here
17:41:31andytoshi:pampuchy: hi, i'm andrew poelstra
17:42:35pampuchy:oh! cool
17:43:03kanzure:what "Well in bitcoin, of course, trust would map to computing power"
17:43:19pampuchy:hi ansrew i am reading your paper right now: https://download.wpsoftware.net/bitcoin/pos.pdf
17:43:24kanzure:as seen here https://news.ycombinator.com/item?id=9342374
17:43:27zooko:tromp: performance on mobile and asic-resistance are both criteria that the PHC submitters and judges are thinking about.
17:44:21pampuchy:so bitcoin is not POW?
17:45:05sipa:pampuchy: what makes you think that? bitcoin is pow
17:45:11gmaxwell:someone care to respond https://news.ycombinator.com/item?id=9342282 so its not just me back and forth there.
17:45:32andytoshi:pampuchy: if i suggest that in my paper please let me know
17:45:53pampuchy:andy: see this: https://download.wpsoftware.net/bitcoin/asic-faq.pdf
17:46:01pampuchy:"is proof of work interesting"
17:46:14pampuchy:to someone new like me it is a bit confusing
17:46:19pampuchy:maybe not for the rest of ppl here
17:46:20andytoshi:oh :) i meant as an object of study
17:46:21kanzure:gmaxwell: my recommendation is to edit your comment (if possible) to explain that bitcoin and stellar are not using the same architecture or model.
17:46:31kanzure:gmaxwell: because there's really no possible response to that one-liner he gave
17:46:37andytoshi:it's certainly interesting in the sense that it's used in an interesting system
17:46:47pampuchy:andytoshi: no no i mean the line " It is one of the most popular changes to Bitcoin done by copycat “alt” currencies"
17:46:54pampuchy:implying that it isnt in bitcoin itself
17:47:16andytoshi:pampuchy: ah, ok, thx, i will reword that to "changing the PoW algorithm"
17:48:05kanzure:andytoshi: no, how about "Replacing or tweaking the PoW algorithm is one of the most popular changes to Bitcoin by copycat "alt" currencies."
17:48:46andytoshi:sure kanzure, done
17:48:46kanzure:haha my comment is getting downvotes. for the link.
17:48:54pampuchy:also this is a geberal question to everyone, whenever i read about byzantine general problem, it is in terms of malicious actors. is there a "positive" way of describing it. sorry if this doesnt make sense my english is bad.
17:49:31kanzure:yes, there are failure modes that are not intentional but still malicious
17:49:39kanzure:or that still have the same effect as malicious behavior
17:49:42pampuchy:like what
17:49:47kanzure:like speed of light
17:49:49andytoshi:pampuchy: "where parties trying to obtain consensus and correctly behaving are a minority"
17:50:00andytoshi:ehh, even that doesn't cover physical problems
17:50:48pampuchy:kanzure: how could speed of light be malicious
17:51:10tromp:zooko: yes, they're thinking about it, but also accepting that it necessarily involves a compromisen1cEdrEam
17:51:23kanzure:well if you assume you have instantaneous access to all transactions ever, speed of light is extremely malicious
17:51:30zooko:That *nod* was for tromp. ☺
17:52:15kanzure:gmaxwell: i could post a response like, "But he said minority." but this doesn't address his actual misunderstanding
17:52:19zooko:tromp: you don't mind if I cut and paste from IRC to this issue ticket do you?
17:53:08pampuchy:what else can PoW and PoS systems be applied to?
17:53:51kanzure:what do you mean by applied
17:54:31tromp:zooko, please do
17:54:36gmaxwell:kanzure: right, AFAICT, a single entity could jam the stellar system for a transaction, given an unfortunate but permitted by the assumptions of the paper topology.
17:55:06gmaxwell:In bitcoin the minimum required to do that is a computational majority, which is the same as the general security assumption of the system.
17:55:13zooko:tromp: it would be really great if the PHC folks would study Cuckoo, but I'm not sure if it is exactly relevant to their work.
17:55:41zooko:It might be, for example, they might say "Perhaps we should conclude that the PHC doesn't need to provide a PoW, because no PHC alg can do PoW well, so we should eliminate that from our criteria.".
17:55:44pampuchy:kanzure: i mean right now the proof that some resources were consumed are pegged to a value - a currency value. can it be pegged to something else.
17:55:53zooko:disclosure: I'm on the PHC panel.
17:55:58tromp:zooko, PoWs have the luxury of being able to use asymmetry between proof attempt and verification, so it's wasteful not to take advantage of that for memory hardness purposes
17:56:03zooko:Although I'm basically an absentee, useless panel member so far.
17:56:17fluffypony:ok tromp, thoughts - http://i.imgur.com/nXKGkwM.jpg ?
17:56:18kanzure:pampuchy: i encourage you to think much more slowly about this. pegging is a very difficult concept and there are many implications or reasons why it might not work.
17:56:20zooko:I separated from my wife last year and completely dropped several responsibilities, including that one.
17:56:50gmaxwell:zooko: someone on the list just responded saying Cuckoo was broken; after I responded to a post that was making a lot of kind of crazy claims about the acceptable properties of a function for cryptocurrency use. I really do not think the PHC candidates are well suited.
17:57:04pampuchy:kanzure: but isnt that what bitcoin is though?
17:57:10pampuchy:or any PoW altcoin?
17:57:19kanzure:pampuchy: bitcoin is complex and most PoW altcoins dont work except with merged mining
17:57:26kanzure:merge mining, i mean
17:57:30pampuchy:whats that
17:58:02kanzure:complexity is when things are not simple or obvious
17:58:06tromp:fluffypony: i thought you were gonna implement gmaxwell's wreathing of branches in my logo:)
17:58:19fluffypony:I started with that
17:58:20tromp:this is quite a different approach
17:58:23fluffypony:but it was painful
17:58:55andytoshi:pampuchy: it's where you can use bitcoin's DMMS as a signature on a different system's chain
17:59:08kanzure:gmaxwell: also it seems like nobody has mentioned that there are other existing protocols for "federated consensus" that are not crazy....
17:59:25andytoshi:pampuchy: less abstractly, google it :) there is a good SE post http://bitcoin.stackexchange.com/questions/273/how-does-merged-mining-work
17:59:37tromp:well, kudo's for the effort, but i like to stick with the 6 cuckoo's in a circle:)
18:00:47kanzure:"However, the trust decisions are public, as this is what allows participants to discover quorums" what? couldn't they easily be lying
18:01:05zooko:gmaxwell: interesting!
18:01:06tromp:zooko: i agree that suitability for PoW use is an ill-considered criterium for the HPC
18:01:21zooko:Gotta go into a meeting now, sorry that I indeed got called away just as you privately suggested that I might, tromp.
18:05:17pampuchy:andytoshi: i like your papers
18:06:11andytoshi:pampuchy: thanks :) you are welcome to ask if there is anything worded confusingly, though unfortunately (as you have seen) they do not cover all the background knowledge that may be needed
18:07:26gmaxwell:kanzure: I don't quite see how that could work. (I mean it has a circular problem; if you need information X to have a consensus, how do you have a consensus over it?) But I could be missing something obvious.
18:09:10pampuchy:andytoshi: what is your current research, or, what do you think are the interesting things happening right now
18:11:14kanzure:gmaxwell: ah well i am using a weaker meaning of consensus there
18:11:37andytoshi:pampuchy: hmmm, in the bitcoin space my research is mainly around ring signatures and other privacy improvements for cryptocurrency. in the academic sphere i am between projects ... moving from "indistinguishability obfuscation" which is an imaginary thing that'd make a lot of crypto better, toward network information theory which is much more real
18:14:34pampuchy:andytoshi: who else is doing interesting things, what forums etc do you visit
18:15:06pampuchy:also a general question, are there any art projects using altcoins, are there any artists you folks recommend
18:15:08kanzure:"(using https, of course, so no one can impersonate them)." this guy doesn't know how https works
18:15:53andytoshi:pampuchy: the people here are always doing interesting things :), i keep a loose eye on reddit and bitcointalk but only to explain things, there's almost never anything new and exciting there
18:16:17andytoshi:pampuchy: if you haven't looked at http://bitcoin.ninja you ought to, there's some neat ideas there
18:22:17pampuchy:is there a paper here somewhere that i am missing: https://github.com/citp/bitcoin-sok
18:22:30pampuchy:or are we supposed to convert latex to pdf ourselves
18:22:43sipa:pampuchy: probably :)
18:22:53pampuchy:also this paper by andytoshi is super: https://download.wpsoftware.net/bitcoin/alts.pdf
18:24:44amiller_:pampuchy, sorry that github is out of date
18:25:09amiller_:we eventually just siwtched back to private svn out of old habits.
18:25:53amiller_:https://eprint.iacr.org/2015/261 this is our eprint page, you got a link from jbonneau.com that's equally up to date
18:35:56kanzure:use git-svn
18:37:53kanzure:"If anyone's interested in proving distributed algorithms correct, they should check out the Verdi project (https://github.com/uwplse/verdi), which has proved Raft correct in Coq."
18:38:11kanzure:http://research.microsoft.com/en-us/um/people/lamport/tla/formal-methods-amazon.pdf https://news.ycombinator.com/item?id=8096185
19:12:44pampuchy:amiller_: oh
19:12:49pampuchy:is there a paper somewhere
19:13:43amiller_:pampuchy, yes here https://eprint.iacr.org/2015/261
19:15:45gmaxwell:kanzure: Does this sound reasonable? https://news.ycombinator.com/item?id=9342947
19:15:56lechuga_:minor parser error: "I agree that a sybil sticking on a bunch on a bunch of extra 'nodes' and those diverging isn't interesting case."
19:17:01lechuga_:but imo completely reasonable questions
19:17:38gmaxwell:lechuga_: thanks, fixed.
19:37:29pampuchy:are there other algorithms that can be used for hashing that can be calculated by hand like this video? https://www.youtube.com/watch?v=y3dqhixzGVo
19:38:51gmaxwell:anything a computer can calculate you can calculate by hand. :)
19:39:48fluffypony:petertodd: I just received the CoinBase email
19:39:52fluffypony:looks like a valid DKIM signature
19:40:02fluffypony:I think their SendGrid account has been compromised
19:41:47gwillen:fluffypony: I just got the same thing
19:41:53gmaxwell:fluffypony: do you have a standalone dkim validator?
19:42:09fluffypony:yes, I've validated it
19:42:16gmaxwell:Where can I get one? :P
19:42:17fluffypony:let me put the mail up
19:42:40gwillen:gmaxwell: I didn't validate the DKIM, but it came to me from an IP that is "inside coinbase"
19:42:45gwillen:i.e. their own DNS forward-resolves to
19:43:00fluffypony:gmaxwell: pydkim is your friend
19:43:01pampuchy:gmaxwell: i meant, what other hash algorithms are comonly used
19:43:20gwillen:the whois puts the IP inside sendgrid
19:43:38gwillen:so I think the theory that someone broke into their sendgrid account seems likely
19:43:41gmaxwell:"The call is coming from inside the building."
19:43:54fluffypony:gwillen: yeah an em.coinbase.com's DKIM allows SendGrid to send mails on behalf of em.coinbase.com
19:43:58gwillen:right, yeah
19:44:15gwillen:if you were going to bother breaking into someone's sendgrid account, why not run the email by someone who speaks English?
19:44:35gwillen:it's such a weird mixture of competence and lack thereof.
19:44:38gmaxwell:You don't know what you don't know.
19:44:38fluffypony:I would have disregarded this mail completely were it not for the valid DKIM signature
19:44:51gwillen:I already had disregarded it
19:44:56gwillen:I grabbed it out of the trash
19:45:06fluffypony:I mean disregarded like not even noticed it
19:45:41gmaxwell:isn't it awesome that the security is so bad that it's being compromised by gibbering idiots? (I don't mean to suggest everyone who isn't fluent in english is an idiot, but rather people who aren't and don't know it or don't know that it matters for something like this are)
19:46:19gmaxwell:actually the english in this one isn't so bad.
19:46:59gwillen:I mean, maybe their goal is just to get gmail to display the email as "From: Coinbase" and not spam-flag it
19:47:06gwillen:in which case maybe DKIM is more important than English
19:54:29pigeons:yes i got that email too, at first i believed it because an investment scam isnt out of the realm of something coinbase would think is a good idea
19:55:22pigeons:neither is "everybody send to the same bitcoin address"
19:56:14kanzure:just because people work at coinbase should confer no predictions for whether they understand bitcoin
19:56:30gmaxwell:pigeons: How much did you lose to it? :P
19:57:17pigeons:nothing, i double my money in 10 days or something!
19:58:52lechuga_:im out 30 btc. wanted 2nd level upgrade :(
20:01:21pigeons:regarding the poor english, i think this has been discussed here before http://research.microsoft.com/apps/pubs/default.aspx?id=167712
20:02:13lechuga_:not sure why that matters in this case. there is no follow-up interaction required for attacker success.
20:02:14pigeons:even though this is a different target "mark" the poor english could help weed out people who would waste the scammers time because those people are observant
20:02:19pigeons:oh ok
20:04:38gmaxwell:yea, this is actually counter evidence to the MSFT filtering argument.
20:04:50gmaxwell:But both can be true.
20:05:46phantomcircuit:gmaxwell, the counter-evidence being hilarious videos of nigerian scammers doing things like recreating a play... in full
21:01:12lechuga_:reply: https://news.ycombinator.com/item?id=9343816
21:06:13gmaxwell:lechuga_: Maybe I'm being uncharitable. My intial internal response to that was "Sure, bitcoin's security model might actually suck, or at least be inapplicable to your application: but at least it has one. If your security model is 'let the market decide' and especially without the tools for that decision to be a transparent and intentional one rather than chance, why bother building your syste
21:06:19gmaxwell:m at all? A C compiler is already fully general for the space of networks and security models the network might choose to build."
21:06:59pigeons:proof of faith
21:07:48gmaxwell:I'm not quite sure how to clearly make that point that "Effective-security-model-x emerged as a product of peoples local actions" is not at all the same as "The market chose to use security model X" or even "The market has any idea what its security model is at all"
21:17:45lechuga_:i havent fully groked what they're saying but it sounds roughly like some dynamic set of mdfs and if u and some1 else have a intersecting mdf sets u trust then u can trust the relevant portion of the ledger
21:18:40helo:classic phone typing
21:19:01amiller_:i think there's an interesting gap because there's some implicit modeling things that come across when mazieres gives his explanation... for example he gives an example scenario where someone says "if you want to do business with me, please add me to your trust list".
21:19:43amiller_:i think that suggests that it's natural to want to ask someone to be added to your list, as an up-and-coming node or startup services you may want people to add you,
21:20:14amiller_:and who you actually add should be somehow constrained based on the number of people you actually want to do business with and so you add them like you said.
21:20:56amiller_:so my point is that i think there *is* a model, it's just implicit
21:21:20amiller_:if it were explicitly stated then we could pick that apart too.
21:21:30gmaxwell:Here is my draft actual response, http://0bin.net/paste/2t+3GCUu9IXh4AHy#W4qf9M1k3jO8MlUUQBVMG4Rz7adPKcz6UC-xaZrhV5M thoughts?
21:21:32kanzure:isn't that really easy to accidentally break
21:21:58gmaxwell:There may be no evidence of it, but I'm really not trying to be an ass here.
21:23:26lechuga_:typo: "For the market to chose"
21:23:32amiller_:"trust whomever you want, but be sure to include me as well," is a bad rule because it's vulnerable to a sybil attack.
21:23:36andytoshi:gmaxwell: i think this is very good iff it's good to even reply
21:23:59amiller_:it's vulnerable to the same kind of facebook "like and subscribe" spam problem
21:24:07gmaxwell:andytoshi: it's probably not.
21:24:23helo:official gmaxwell disapproval achievment!
21:24:27gmaxwell:sort of kills me thinking that no one will call out that "leave it to the market there" is "leave it to chance"
21:24:44andytoshi:gmaxwell: there is a huge quagmire here as soon as you start thinking in "non-wizardly ways" about trust models e.g. i am on a mailing list now with vitalik, dominic, etc and i really can't understand half the shit that gets said there because it's so far away from the way that i think about bitcoin
21:24:53helo:(i checked that off my bucket list years ago)
21:24:55andytoshi:i -think- it's just obfuscated handwaving but i can't be sure
21:25:21gmaxwell:Leave it to the market is chosing among systems with opinioned security models, it's letting people choose NXT vs bitcoin (ignoring the ineffectiveness of the market in the face of imperfect or asymetric information).
21:25:24andytoshi:gmaxwell: i actually really like it for that reason, i haven't seen such a well-articulated response to this "let the market decide" shit
21:25:39lechuga_:imo it's worthwhile for people to see this reply
21:25:41amiller_:it's easy to build a protocol with a "market failure" mode, where it has a defective incentive system where the locally best choices for individual participants leads to systemic risk.
21:25:45gmaxwell:andytoshi: well I thought he made my response easy by basically saying his system generalizs the bitcoin trust model.
21:25:56gmaxwell:So I know there is no attack I could present which his system wouldn't defeat.
21:25:56andytoshi:agreed with lechuga_, but i would commit to not replying to any response :)
21:26:11andytoshi:(not explicitly, that makes you look like a dick, but in your heart)
21:26:12gmaxwell:yea, I already considered this my debate closer.
21:26:31gmaxwell:we're obviously not going to agree and he's not going to respond to the particular questions I answered any more specifically.
21:26:58helo:"the invariants which much hold"
21:27:14kanzure:andytoshi: trust/identity are very important concepts to some people, and it's very hard to dissociate those concepts from what they do. i suspect this is why you find their talk incomprehensible and meaningless (because it is).
21:29:03kanzure:gmaxwell: perhaps present the idea to him that he should consider using other systems that are equally attackable and less complex, or something. or just that he has options there... i mean, just in the same way that others are apparently amazed that conventional databases can be more efficient than bitcoin, perhaps you mentioning this will be valuable to him.
21:29:05andytoshi:kanzure: one outcome of it was an email from dominic williams in which he claimed that DMMS is a flawed abstraction and that even thinking about mining as a signature is wrong, it's actually something different
21:29:22andytoshi:which i think is totally incorrect, but ultimately that's a matter of opinion on how you want to model mining, it is what it is
21:29:49andytoshi:and i said i'd reply and never did :/ too little time in the world
21:30:02gmaxwell:kanzure: hm? I think his 'system' is immune to all attacks in the same way a C compiler is.
21:31:04gmaxwell:Basically, with some complexity around it, you trust people and do what they say. Their behavior is not fully specified. So you could take any attack and solve it by saying "don't trust people who allow that attack."
21:31:23kanzure:is this guy really this seriously misinformed "(Heck, someone might literally replicate the Bitcoin policy and configure their quorum slices to trust 67% of whoever mined a Bitcoin block in the past week. That wouldn't really make sense, but it's possible.)"
21:32:00kanzure:never does a "% of whoever" matter at all in bitcoin... how would the system know about percents of people?
21:32:30sipa:forgive me for commenting without having read the arguments, but it sounds like they have a mathematicdl model now about the conditions under which they maintain convergence, but not any economic or otherwise reason why those conditions would hold with real world actors?
21:33:29kanzure:"then Stellar will be safe." ... but not anyone using it.
21:36:34sipa:kanzure: sounds like he has the "51% of miners determine the rules" model (i.e. the no-full-node model)
21:36:59gmaxwell:sipa: I wish it were that strong.
21:38:19gmaxwell:sipa: this is basically the original ripple model, refined.
21:38:37kanzure:no sipa means "it sounds like he thinks bitocin is x"
21:39:12kanzure:oh, whoops, no, i'm wrong
21:40:03gmaxwell:"nodes choose who to trust. If everyone chooses wisely for some defintion of wisely, consensus is possible". I asked how users would manage to achieve any of the many possible wise topologies, and the response was that it was up to the market.
21:40:35gmaxwell:and he specifically pointed out that the system basically generalizes bitcoin (e.g. entities could use bitcoin for consensus and you could trust them)
21:57:06Taek:It's not very decentralized but I could see a system where people's trust list starts to include primarily/exclusively big-name corporation nodes
21:57:23Taek:this is slightly better than trusting a single corporation with your consensus
21:57:36Taek:(as long as they all behave)
21:58:28Taek:it's a compromise between the Bitcoin and PayPal model
21:59:50lechuga_:on the surface it makes me think of the mdfs from sidechains.pdf
22:02:12kanzure:Taek: calling it a compromise is misinformed i think, because it paints a spectrum as if there is a spectrum. there isn't. there are just distinctly different implications that people are ignoring.
22:04:51gmaxwell:Taek: that might be something you'd reasonably choose for some things. Nothign wrong with that, it's a model you could take or leave.
22:05:34gmaxwell:My complant on the ripple model is that I don't like the security model, its that there isn't one. The system, depending on how users set their settings is (apparently) fully general for all possible security models. Maybe they'll trust bitcoin miners.
22:06:17gmaxwell:And of course, most security models are _bad_ and you don't want them. So... if you've got a fully general system I think you really need to say how it's going to deliver models that people want, if not a specific model.
22:06:20zooko:gmaxwell: I haven't been reading IRC logs closely. When you say "ripple model" there, does it also apply to the new Stellar model?
22:06:43gmaxwell:zooko: yes, the complaint I'm making is fully general to both. They fixed nothing about it.
22:06:57gmaxwell:(I mean, they improved other things for sure; but not this)
22:07:55gmaxwell:Basically nodes configure "trust", and the security model of the network emerges as a product of everyone's trust configurations. No guidance is provided beyond that there are some topologies where the system will spontaniously fault, and it's up to the users to not configure it in those manners.
22:09:53gmaxwell:In ripple's case, ripple distributes and administers a UNL that everyone (almost everyone?) uses. This results in a topology that is mostly safe; but also centeralized in practice. (which we can observe in ripple's actual behaivor, with mandatory deanonymizaiton of users after the fact and such)
22:10:18gmaxwell:It's a perfectly reasonable security model; just not a decenteralized one.
22:10:25phantomcircuit:gmaxwell, "If everyone chooses wisely" in which everyone literally means everyone just about says it all
22:10:57gmaxwell:phantomcircuit: it's complicated, I mean you can have some clique of morons off to the side, they'll only hurt themselves.
22:11:20gmaxwell:But if you have a clique of morons in the middle it can hurt people outside of the morons. So it's not just "you're safe if you're wise".
22:11:26phantomcircuit:gmaxwell, unless their failure is non obvious but apparently beneficial
22:11:42phantomcircuit:they end up being heavily linked and are a systemic risk
22:12:01phantomcircuit:which basically means they've managed to abstract the existing banking infrastructure
22:12:09gmaxwell:right. "Immunity to MTGOX, bitcoinica, and mybitcoin"
22:12:29gmaxwell:is a property these trust things MAY not lack, among other issues.
22:13:38moa:gmaxwell: the emergent behavior security model explanation/assumption looks like a powerful tool
22:14:27kanzure:powerfully weak perhaps
22:14:30Taek:moa: it's difficult to reason about though. It's not at all clear that sane/safe behavior will emerge
22:15:08gmaxwell:zooko: I complained on HN to mazieres that by failing to specify how the trust edges are established and maintained, it's effectively failing to state a concrete security model. His response was that it should be up to the market; and even pointed out that the system could generalize Bitcoin's model e.g. by people choosing to trust 67% of the recent miners. I countered that just because a securit
22:15:10moa:taek maybe just need better quantification tools?
22:15:14gmaxwell:y model emerges, doesn't mean anyone wants it or chose it, and suggested that it's actually leaving it up to chance-- not the market.
22:15:24phantomcircuit:kanzure, it's very difficult to argue against as it's so incredibly poorly specified
22:15:55moa:phantomcircuit: make it an axoim and move on ...
22:15:56phantomcircuit:(which also means it's very difficult to argue it's correctness... but most people dont seem to have noticed that)
22:15:56gmaxwell:moa: yes, I might accept some answer that argued that there will be (or could exist!) powerful quantification tools; though I'd still have collective action concerns.
22:17:28kanzure:gmaxwell: typo, "and can potentially full accommodate the whim of man"
22:17:46gmaxwell:moa: e.g. say you have powerful quantification and everyone agrees that the security model the current trust graph gives is not good ("oh shit, MTGOX could rob all of us"); that doesn't mean that there would exist a pratical mechenism to resolve the problem; since the security arises out of everyone's behavior. Each user might have to do something that was locally against your interest (e.g. leav
22:17:52gmaxwell:es you more likely to get partitioned in the short term) in order to make the improvement.
22:19:08gmaxwell:actually thats one of the existing problems with this. I might trust Alice a lot. And really distrust Citibank. But the builk of the world trusts citibank and not alice. Configuring myself honestly increases my risk. :(
22:21:30Taek:I was thinking, the Stellar model also makes it much more difficult to have anonymous participation in consensus, b/c nobody is going to trust an anonymous node
22:21:48Taek:compared to Bitcoin, where work is work no matter who produced it
22:21:49moa:some quote about "Sanity in a world of insanity is insane"
22:23:18gmaxwell:Taek: yea, the default will be centeralized most likely, unless specific action is taken to fix that... and whatever that is, its critical to the 'defacto' security model.
22:37:13AlexStraunoff:AlexStraunoff is now known as Sqt
22:37:21Sqt:Sqt is now known as Sqr
22:38:05Sqr:Sqr is now known as Sqt
23:12:27kanzure:"I've been to at least 200 software conferences in my life and never heard speakers like Linus, Ken Thomson, RMS, Gordon Letwin, DHH, Anders Hejlsberg mention "correctness"."
23:13:11gmaxwell:kanzure: and I look around and see software failing everywhere around me, every day, virtually every program I interact with I've found serious bugs in them. No wonder, enh?
23:14:02kanzure:i keep expecting programmers to be immune to arguments from authority but i don't know why; clearly this immunity does not exist.
23:15:32kanzure:and also: why would anyone expect the number of conferences they have gone to indicate their knowledge at all? judging yourself by peers is the dumbest thing ever, your peers will just be judging each other in an endless loop of mediocrity forever.
23:21:29andytoshi:kanzure: fwiw if you're ever feeling down about programmer culture, you can hang out on #rust on irc.mozilla.org and you'll find shockingly little personality/politics, it's a very friendly and helpful place .... and people talk about "correctness" a lot :P it's really a breath of fresh air
23:25:27pampuchy:so - any consensus (lol) on stellar? yay or nay?
23:25:43pampuchy:if anyone cares to summarize the channels thoughts...
23:25:59kanzure:thanks for the offer, i'm gonna go troll them and ask about proof of beef
23:26:22gmaxwell:pampuchy: dunno, maybe ask in #hardware
23:49:31pampuchy:what does #bitcoin-wizards manke of http://blockstream.com/sidechains.pdf ?
23:51:29adam3us:most of the authors are on here so maybe should let someone else give their view.
23:53:06pampuchy:adam3us: are you adam back?
23:53:14lechuga_:pampuchy: seems really interesting and a promising avenue for further more rapid innovation. anxious to look at the prototype.
23:54:19adam3us:not super technical level detailed but this sidechain explanation someone posted seems reasonable at high level https://docs.google.com/presentation/d/1Tc_fhTPqbdlvApnWQWsgzG1U6NwN9lgkQsTdm5O-9iA/edit#slide=id.p
23:55:39adam3us:(yes adam) several people you were talking to here today also
23:58:28gmaxwell:pretty sure that several others of us are not Adam Back.
23:58:40kanzure:deitweiler disagrees
23:59:12adam3us:gmaxwell: indeed, reparsed version several of the authors you were talking to. gmaxwell andytoshi amiller sipa
23:59:46kanzure:( the guy who discovered that hal finney, tim may and nick szabo were all the same person http://borg.uu3.net/ldetweil/ )