00:00:07 | gmaxwell: | [OT] oops. dd if=/dev/zero of=/dev/sd_a_1 isn't what I wanted to type to zeroize a usb stick. ... man, been a _long_ time since I made a mistake like that. |
00:00:18 | gmaxwell: | Fortunately /dev/sda1 is just some efi boot partition. |
00:01:57 | jcorgan: | heh. not long ago i fell victim to the 'sudo rm -rf $FOO/*' mistake when not confirming $FOO is actually defined. |
00:03:05 | jcorgan: | now i have 'set -o nounset' in all my scripts :) |
00:05:38 | phantomcircuit: | jcorgan, no --preserve-root ? |
00:08:47 | jcorgan: | would not have made a difference |
00:09:08 | jcorgan: | the command only deleted everything inside the root, not the root itself |
00:09:38 | gmaxwell: | [OT] Hurrah! fixed, safely rebooted; ... while on caltrain. And bonus: I get a bootloader menu now instead of crazy ascii garbage. |
00:10:49 | andytoshi: | wow gmaxwell close call!! |
00:12:26 | gmaxwell: | I have backups of course, and already had my presentation tonight stored elsewhere; ... but yea, would have been a pita if I'd zeroized the whole laptop. |
00:13:51 | phantomcircuit: | gmaxwell, presentation? |
00:14:08 | phantomcircuit: | oh dev meetup |
00:14:15 | jcorgan: | watching a desktop system self-destruct as the entire filesystem gets nuked from underneath is rather amusing...a few weeks later. |
00:16:51 | gmaxwell: | phantomcircuit: I would have suggested you come; but it appears seriously oversubbed already. |
02:01:31 | andytoshi: | gmaxwell's slides: https://people.xiph.org/~greg/gmaxwell_sfbitcoin_2015_04_20.pdf (he asked me to post after 7) |
06:57:37 | fluffypony: | oh gmaxwell, I like the bitmessage broadcast idea |
06:57:41 | fluffypony: | v. nice |
07:40:06 | gmaxwell: | fluffypony: yea, Bitmessage is somewhat suboptimal; as is kinda weak against a global observer conspiring with the recipent. |
07:40:46 | fluffypony: | but still, if the functionality exists to pass all initial tx broadcasts to an external handler that's advantageous |
07:42:03 | gmaxwell: | yea, it's certantly a step forward, plus if run over tor it's not going to be any worse than tor is. |
07:43:00 | gmaxwell: | fluffypony: and right the whole idea of the manual broadcast (as far as I'm concerned at least) is making it possible to have an external handler. |
07:43:08 | fluffypony: | yup |
07:43:30 | fluffypony: | also with Schnorr multisig vs. current multisig isn't it six of one, half-a-dozen of the other, in that both require significant interaction between the signatories? or does Schnorr require substantially more back-and-forth? |
07:44:49 | gmaxwell: | fluffypony: plain schnorr threshold requires huge setup, like roundtrips related to the number of and gates in the circuit, to create a pubkey. Vs in the current system I can just post a pubkey and say people can include me in it. |
07:45:06 | fluffypony: | got it |
07:46:18 | gmaxwell: | and signing in the current system is a 'half roundtrip' someone proposes a signature and then it just flows through $threshold people. For schnoor schemes you have to agree on R first, which you can either do in advance (as setup), or by making one full round trip. Though some alternatives are worse (e.g. I think the latest threshold ECDSA stuff is threshold+2 roundtrips) |
07:47:22 | fluffypony: | in line with that, I've been thinking about 0-conf discovery of and connection to participants for multisig in Monero, it's a problem we're going to have to address eventually anyway; broadcasting it as an "incomplete tx" won't work if there has to be lots of roundtrips |
07:50:52 | gmaxwell: | I even worry that the full round trip is a big usability loss; though establishing R in advance is potentially unsafe. (not stateless) Figuring out if its possible to improve this is one of the parts I consider unsolved. |
07:52:01 | gmaxwell: | e.g. is there a way to do one time R setup in advance that doesn't risk compromising your keys with state replay (somehow getting tricked into using the same R twice) |
07:53:06 | fluffypony: | tough one |
07:53:28 | fluffypony: | btw wizards, I'm hitting up Europe over the course of May, will be at Bitcoin and Monero meetups in Belgium (Tue 19th May), Paris (Thur 21st May), Germany (Sun 24th May and Tue 26th May) and then Bitcoinference in Amsterdam on the 30th/31st of May; if anyone wants to meet up for lunch / beer / supper / non-alcoholic-beverages let me know, else I'll post meetup details here as they're confirmed |
07:53:47 | fluffypony: | oh well Germany is confirmed: https://forum.getmonero.org/14/events/237/monero-meetup-berlin-germany-may-24th-2015 and Bitcoinference: http://bitcoinference.com |
08:04:14 | petertodd: | fluffypony: oh! I may be in germany nearish that date |
08:04:23 | fluffypony: | oh good |
08:04:28 | gmaxwell: | fluffypony: all this stuff also works with BLS signatures and pairing crypto; and has no nonce... alas slow and stronger assumptions. |
08:05:20 | rajaniemi.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
08:05:20 | rajaniemi.freenode.net: | Users on #bitcoin-wizards: andy-logbot Mably wallet42 b_lumenkraft hktud0 damethos NewLiberty xcthulhu bedeho priidu p15x Pan0ram1x moa helo unlord ryanxcharles TheSeven hulkhoga142o RoboTeddy jeremyrubin Dr-G isis Adlai bliljerk101 LeMiner hashtag_ SDCDev pollux-bts justanotheruser ClipperClap sparetire Hunger- PaulCapestany arubi Relos spinza heath kanzure crescendo maraoz gielbier c0rw1n Luke-Jr hashtag Guest50139 p15 Tiraspol nickler Guest55444 Emcy CodeShark |
08:05:20 | rajaniemi.freenode.net: | Users on #bitcoin-wizards: prodatalab trstovall dansmith_btc antgreen` dgenr8 sadoshi GAit melvster mkarrer Kwelstr [d__d] dignork nuke1989 dc17523be3 binaryatrocity gnusha luny BananaLotus guruvan lmacken rustyn harrigan waxwing Eliel Cory K1773R kgk warren grandmaster xapp Alanius brand0 poggy ajweiss Zouppen Krellan stonecoldpat phedny aakselrod HM s1w lechuga__ EasyAt_ yorick afdudley mm_0 Taek lnovy cdecker wiz leakypat platinuum koshii MoALTz smooth sneak |
08:05:20 | rajaniemi.freenode.net: | Users on #bitcoin-wizards: SubCreative Madars tromp_ throughnothing_ amiller sparetire_ gmaxwell Xzibit17 adams_ forrestv richardus Fistful_of_coins sdaftuar andytoshi Iriez copumpkin face nsh cfields_ wumpus mappum jbenet NeatBasisW dasource dardasaba ebfull luigi1111w jonasschnelli merlincorey [ace] eric a5m0 nephyrin null_radix Sqt mikolalysenko sturles GreenIsMyPepper harrow vonzipper berndj manan19 comboy jaromil catlasshrugged_ Apocalyptic cryptowest_ runeks__ |
08:05:20 | rajaniemi.freenode.net: | Users on #bitcoin-wizards: Graet veox indolering Keefe petertodd jcorgan larraboj ryan-c jessepollak gribble tromp mr_burdell d9b4bef9 starsoccer BrainOverfl0w MRL-Relay azariah @ChanServ davout CryptOprah Oizopower epscy gwillen kinlo coryfields_ Muis catcow sl01 michagogo STRML warptangent pigeons espes__ roasbeef_ cursive Meeh fluffypony optimator livegnik AdrianG gavinandresen yoleaux nanotube luigi1111 phantomcircuit Logicwax kyuupichan Anduck wizkid057 hguux___ |
08:05:20 | rajaniemi.freenode.net: | Users on #bitcoin-wizards: mariorz TD-Linux BlueMatt midnightmagic huseby otoburb kumavis artifexd yrashk SwedFTP weex |
08:06:13 | gmaxwell: | well I'm not sure a BLS tracable ring signature; but presumably like everything else its trivial with a bilinear map. |
08:06:21 | fluffypony: | how slow is slow? I mean, slow is workable as long as it isn't so slow that it opens up a DoS attack where a node is spinning and verifying |
08:08:59 | gmaxwell: | well a normal BLS signature takes on the other of a millisecond to verify (two pairing operations); it's substantially slower than ECDSA verification. Though they can be batched, and the batching gains are relatively greater because of the huge ratio the blinding to pairing costs. |
08:11:02 | gmaxwell: | (for schnorr batch verification the upper bound on the speedup from batching is pretty low, because it basically only saves you doublings; and makes you do additional scalar operations to blind which are not ~so~ far in cost) |
08:15:15 | gmaxwell: | ... and while I would be super surprised if you couldn't do a tracable ring signature in a BLS like framework; I would also be surprised if it didn't break batch verification (just as the tracable ring signatures break batch schnorr) |
08:31:58 | fluffypony: | gmaxwell: re: the review process, it's a bit of a hard to solve problem. a paid-for-but-disinterested reviewer may just give the client the answer they want to hear; an unpaid-but-interested reviewer may not have the time or capacity to review; a paid-but-grossly-unqualified reviewer (the most common in the altcoin space) will spot a handful of obvious mistakes but miss the gaping design flaws. |
08:33:14 | fluffypony: | and I'm not sure formal qualifications help; does someone with a masters in comp. sci. have more competence in cryptography than someone with a bachelors in mathematics? |
08:33:55 | fluffypony: | * fluffypony ponders a "licensed to practice cryptography" system |
08:34:35 | midnightmagic: | gmaxwell: It may be useful to collate these sorts of things into a secure programming assist for folks: I personally for example find it extremely helpful to review classes of common attack when writing code. Lists of these attacks and in particular descriptions of how they work and examples, would be extremely valuable to people trying, or learning to, do better. |
08:36:10 | midnightmagic: | In this sense, we can hear about the programmers whose egos exclude them from doing better, and these are the ones we most-often hear about. But IMO there are entire legions of careful, cautious programmers who would make small steps forward if they knew more about the main ways what they're doing could be attacked. |
08:40:26 | gmaxwell: | Someone asked me about licensing (and bonding) for software engineering as a question; I said I was unsure, -- that there were a lot of downsides, in particular because the tools of software work are so accessable to everyone there is much greater harm to society to artificially restrict them. If you try to narrow to "cryptography" there is a trivial workaround, claim that nothing is cryptograph |
08:40:32 | gmaxwell: | y; which is the wrong direction I think. |
08:42:17 | gmaxwell: | midnightmagic: there are a number of secure programming advice guides that are pretty good reads (e.g. the cert one); though one thing I've looked for and not found is a catalog of actual bugs and their fixes in real software. |
08:42:41 | gmaxwell: | (I'd looked previously because I wanted to try to see if I could train machine learning to spot statistically unsafe code) |
08:43:47 | gmaxwell: | e.g. take code that just had a bug fixed, convert to an abstract representation, extract features; and teach a discriminating learner to tell the buggy and fixed versions apart. |
09:57:31 | nsh: | * nsh blinks, frowns |
09:57:58 | nsh: | less talk of permission to crypto please. it's in bad taste in the current governmental insanity climate |
09:58:45 | nsh: | more effective failure-evidence is probably to be preferred over blessings and ordination |
10:01:40 | fluffypony: | nsh: was a joke |
10:02:00 | nsh: | pardon me :) |
10:03:22 | fluffypony: | what we really need is a system like this: https://xkcd.com/806/ |
10:05:14 | fluffypony: | lol: http://www.revk.uk/2010/10/xkcd806-compliance.html |
10:06:57 | nsh: | * nsh smiles |
10:48:04 | wumpus: | "claim that nothing is cryptography" similar reason as to get around e.g. crypto export restrictions |
10:49:26 | wumpus: | it's not cryptography, it's just a discrete math helping tool with very strict requirements |
10:50:36 | midnightmagic: | gmaxwell: the openbsd guys have specific classes of bugs they're looking for when they audit code, and their more experienced types (that aren't jaded and weird) often describe them *as* classes of bugs, each with its own name and references. They are consistent enough that one could probably mine at least vaguely-related chunks of commits that correct them and thus, what came before. |
10:59:22 | wumpus: | I suppose you'd need an abstract representation of what the code is supposed to do, then one could verify the buggy and fixed version against that, and the fixed version should score better. Alternatively, one could try to detect patterns of what code is *not* supposed to do, but usually a black listing approach will get a lot of false positives. |
11:02:53 | hearn_: | "I suppose you'd need an abstract representation of what the code is supposed to do" |
11:02:56 | hearn_: | that's called code, isn't it :) |
11:02:58 | hearn_: | hearn_ is now known as hearn |
11:03:06 | hearn: | just written in a higher level language |
11:03:17 | wumpus: | I imagine something more like math |
11:03:41 | wumpus: | code says how to do something, not what should be done |
11:03:47 | hearn: | right, you want formal methods |
11:03:52 | wumpus: | yes |
11:04:05 | hearn: | "how to do something" vs "what should be done" is often a very fuzzy distinction |
11:04:28 | wumpus: | it's the distinction of declarative versus imparative |
11:04:32 | hearn: | e.g. when someone says "I want a program that does X" there are often a ton of hidden, implicit requirements behind that statement |
11:04:51 | hearn: | such as "and obviously I want it to run on a regular computer, and I want it to use reasonable amounts of cpu time and memory" |
11:06:08 | hearn: | if you specify your requirement as "a program that calculates X" formally and then miss out on the other obvious requirements, you can end up with a program that technically meets your requirement but is still useless. so then you have to start getting more and more specific about what exactly you want. and then eventually you end up with code. software developers are in some senses special compilers that have the -Ocommon-sense |
11:06:08 | hearn: | flag on them :) |
11:06:38 | wumpus: | but my point was that a neural network could just detect patterns, it will not find e.g. subtle deviations from the protocol or algorithm, as it doesn't have the knowledge |
11:06:43 | hearn: | but for checking things like security invariants, pairing code with the formal methods approach is probably good enough |
11:07:31 | wumpus: | you're too ambitious; I'm not trying to come up with something to replace a software developer, just a post-sanity-check :-) |
11:07:48 | hearn: | hehe |
11:09:36 | hearn: | i'd be happy if our industry settled on the basic sanity checks that have been commonplace for years, things like having length prefixed strings instead of textual formats that need escaping, array bounds checking, avoidance of pointer arithmetic etc |
11:09:38 | hearn: | ah well |
11:12:00 | wumpus: | safer languages are a significant step forward, yes, some classes of issues can be avoided that way |
11:14:51 | hearn: | wumpus: we missed you in london! |
11:14:55 | hearn: | would have been cool to hang out |
11:17:11 | fluffypony: | I wonder if Cucumber would be a poor fit for that |
11:17:11 | wumpus: | yes, would have been cool |
11:17:42 | fluffypony: | although afair cucumber-cpp isn't being well maintained atm |
11:19:05 | wumpus: | and indeed, to avoid the upfront-requirements issue you'd probably want to develop that kind of specification along with the code, not separately from it |
11:19:51 | lmatteis: | hello. could bitcoin use webrtc to relay messages across the network? |
11:21:31 | fluffypony: | lmatteis: doesn't CoPay use webrtc for multisig? |
11:22:37 | hearn: | lmatteis: possibly in some parallel universe, but why? |
11:22:46 | hearn: | lmatteis: bitcoin is not a web app |
11:22:57 | wumpus: | you could level the P2P messages over any kind of transport |
11:23:42 | lmatteis: | hearn: would make sense since WebRTC is mainstream and would make it harder for ISP blocks |
11:23:45 | hearn: | er |
11:23:55 | wumpus: | one example of an alternative transport for a specific purpose is bluematt's relay network |
11:23:55 | hearn: | webrtc isn't really mainstream compared to TCP, which is what bitcoin uses |
11:24:09 | hearn: | wumpus: that still uses p2p though, afaik? it's just a different topology |
11:24:32 | hearn: | lmatteis: ISPs can just block the entire P2P network by IP, changing the transport doesn't fix that. |
11:24:50 | lmatteis: | hearn: ugh, isn't WebRTC at a higher level than tcp/udp? |
11:25:01 | wumpus: | lmatteis: wouldn't you need a different *physical* transport if ISPs start sabotaging? |
11:25:02 | hearn: | yes, webrtc layers more stuff on top |
11:25:39 | hearn: | but why would bitcoin need that? it's just more complexity, more potential for security bugs, etc. there's no benefit. |
11:25:44 | fluffypony: | yeah |
11:25:56 | fluffypony: | if ISPs started blocking then people in other countries could run HTTPS bridges |
11:26:03 | wumpus: | hearn: yeah, well if 'just a different topology' is enough to accomplish the goal, why not |
11:26:09 | fluffypony: | and people using those bad ISPs could connect to those |
11:26:52 | hearn: | fluffypony: indeed |
11:28:13 | wumpus: | fluffypony: let Tor handle that cat and mouse game for us |
11:28:54 | fluffypony: | wumpus: I was imagining an aggressive ISP where they only allow, say, POP/IMAP, DNS, and HTTP/S |
11:29:07 | fluffypony: | I don't know if Tor can hole-punch through that |
11:29:54 | wumpus: | I don't think trying to bridge hostile networks belongs at the application level, anyhow |
11:30:15 | fluffypony: | s'true |
11:30:16 | wumpus: | fluffypony: their connection looks like https IIRC |
11:30:41 | fluffypony: | ah ok |
11:32:54 | wumpus: | though thinking of it, I don't think the relay network is simply another topology, it also encodes blocks differently to be able to propagate them faster |
11:34:39 | lmatteis: | but perhaps webrtc is useful for relaying traffic. imagine websites implementing it and as users browse their site they're actively relaying data around |
11:35:16 | fluffypony: | and then add a miner in and boom, you've got yourself a botnet |
11:39:03 | hearn: | wumpus: oh, it does? ok i didn't know that |
11:39:24 | hearn: | lmatteis: you don't want to use web tech for this stuff |
11:39:33 | hearn: | lmatteis: you'd just use an HTTPS CONNECT proxy |
11:39:44 | hearn: | then it works for everything and looks superficially like a web connection |
11:40:03 | hearn: | https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling |
11:44:58 | wumpus: | I don't want to relay data around while I browse websites :-( |
11:51:33 | fluffypony: | * fluffypony likes DNS tunneling |
11:51:35 | wumpus: | javascript, along with all this web* nonsense should die in a fire |
12:21:16 | fluffypony: | wumpus: you mean you're not rewriting the QT client in HTML5? |
12:24:10 | hearn: | some day i will write a website that explains why the web stack sucks :) |
12:25:23 | fluffypony: | hearn: just make sure it's responsive and CSS3 and HTML5 and uses a canvas object for no apparent reason |
12:25:57 | fluffypony: | or just use this: http://html9responsiveboilerstrapjs.com |
12:28:57 | wumpus: | hearn: hehe. don't get me wrong, I think the document-based web is a good thing, I also like html5 video and such, but trying to turn websites into interactive applications, running arbitrarily fetched, arbitrary code on the user's computer is, IMO, a step too far. It's like an attack surface maximization function. |
12:29:17 | kanzure: | "cross-universe compatible" |
12:30:57 | wumpus: | hehe exactly |
12:33:32 | hearn: | yeah |
12:33:37 | hearn: | pretty much |
12:33:55 | hearn: | the line between document and app is pretty blurry these days though. i don't know if there's a clear dividing line. but some stuff is pretty clearly not a good fit for the web |
12:34:08 | fluffypony: | kanzure: "attackclone the grit repo pushmerge" is my favourite |
12:34:53 | fluffypony: | hearn: you mean like every news site asking for my location and then trying to shovel push notifications to my Mac? |
12:34:59 | hearn: | right :) |
12:35:03 | fluffypony: | "Deny, remember for a day." "Deny" "Deny" "PISS OFF!" |
12:35:21 | hearn: | well it could be worse. it could be the evil EU "we don't understand cookies" banner that every website has no |
12:35:23 | hearn: | *now |
12:35:32 | hearn: | at least the browser is still under the control over that particular UX wart |
12:35:37 | fluffypony: | hah hah |
12:35:39 | hearn: | the cookie banners break even that |
12:35:47 | stonecoldpat: | that stupid banner takes up 50% of your screen on a mobile, it is a pain :( |
12:35:51 | fluffypony: | yeah the cookie banners are irritating |
12:37:34 | wumpus: | hearn: right. I don't think the line is as blurry as some hype-ers want us to believe, though. The basic idea of a document, with some embedded objects like videos, hasn't changed that much. Most of the stuff that requires special code and back-channels is creepy advertising-related. |
12:37:55 | hearn: | well, consider a world map that shows bitcoin nodes. is that a document or an app? |
12:38:01 | hearn: | you could argue it either way. |
12:38:02 | kanzure: | too ambiguous |
12:38:24 | wumpus: | a map is a document |
12:38:33 | kanzure: | not since google maps |
12:39:13 | kanzure: | i think that as a general rule, "when in doubt, resort to the most static-like content medium possible" is a good heuristic |
12:39:36 | wumpus: | but sure, the rendering code is an application |
12:39:51 | fluffypony: | then that goes into the Tim Berners-Lee "Semantic Web" stuff; just describe the content and let the user decide how they want to view it |
12:40:12 | hearn: | right. now what about a 3D globe view ..... |
12:40:15 | wumpus: | there's still a fairly clear seperation betwen the two |
12:40:17 | hearn: | i guess so |
12:40:21 | kanzure: | fluffypony: you don't want to anger ted nelson, do you? |
12:40:28 | hearn: | a dedicated map/globe viewer app is the Google Earth model |
12:40:38 | fluffypony: | kanzure:-P |
12:40:39 | hearn: | with KML being the document format. in the end not many people used it though |
12:41:06 | kanzure: | openstreetmap people did |
12:41:19 | hearn: | very strong separations between document formats/protocols and viewer implementations seem to have a hard time being competitive these days |
12:41:23 | hearn: | i guess they innovate slower |
12:41:24 | wumpus: | well there was (and is?) no good distribution medium for applications |
12:41:29 | hearn: | right |
12:41:33 | hearn: | outside of mobile |
13:41:57 | luke-jr_: | luke-jr_ is now known as Luke-Jr |
13:57:30 | dEBRUYNE_: | dEBRUYNE_ is now known as dEBRUYNE |
14:34:35 | lmatteis: | can anyone suggest good reads regarding p2p communication; specifically what enables bitcoin clients to send messages to eachother and ensure that all connected clients get the information? |
14:34:50 | lmatteis: | i think it's called gossip protocol - but it'd be great if there was a nice survey of the current state-of-the-art |
14:54:00 | justanotheruser: | lmatteis: what exactly are you asking? this may be helpful https://en.bitcoin.it/wiki/Bitcoind#Theory_of_Operation |
15:16:18 | kanzure: | lmatteis: http://www.serfdom.io/docs/internals/gossip.html |
17:52:31 | xenog: | xenog is now known as Guest65779 |
17:52:31 | xenog_: | xenog_ is now known as xenog |
17:53:10 | xenog: | xenog is now known as Guest76206 |
17:53:10 | xenog_: | xenog_ is now known as xenog |
18:16:34 | Taek: | Is there a strong resource for learning about why privacy is important? I'm struggling to find resources for my friends in the 'nothing to hide' camp. |
18:19:53 | gmaxwell: | I give a number of exaples (e.g. in my presentation last night); for the importance of basic privacy for money; I've never encountered any serious counterarguments to them. ... and its telling that there exists no system of money without at least basic privacy (except, perhaps, bitcoin when used poorly) |
18:22:13 | Taek: | In particular, I'm finding it difficult to explain why you might hide from a state adversary. Perhaps that's less relevant to this channel. |
18:22:42 | aakselrod: | perhaps if you lived in russia, you wouldn't be asking this question :P |
18:24:39 | aakselrod: | people have gone to jail in russia just for browsing sites detailing evidence of russia's invasion of eastern ukraine |
18:25:46 | aakselrod: | i've seen russians ask for help running a bitcoin client in a way that's invisible to their ISP so they can buy VPN services abroad to avoid such a fate |
18:27:43 | andytoshi: | Taek: there are some good examples in hearn's old article http://www.coindesk.com/merge-avoidance-privacy-bitcoin/ |
18:30:23 | tromp: | possibly relevant: http://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/ |
18:31:21 | zooko: | Taek: EFF writes many good articles that touch on that topic. |
18:31:56 | dEBRUYNE: | Also possibly relevant -> http://www.ted.com/talks/glenn_greenwald_why_privacy_matters |
18:32:05 | zooko: | Here's another, newer, resource: https://openitp.org/sup/ |
18:32:31 | gmaxwell: | Taek: Hiding from a state attacker has a subset of the justification. I also had a second slide specifically to talk in terms of state attackers; but essentially without the freedom to speak against the current state direction (including the spending required to facilitate that speech) you cannot have a democracy, because the public can never demand change; |
18:33:04 | Taek: | * Taek takes thorough notes |
18:35:52 | gmaxwell: | Another point to make is that all this is basically orthorgonal from criminal stuff; criminal-businesses can afford to buy privacy at a high cost; they'll do whatever they need to do, regardless of the technology and policy (in money laundering, I understand losing half your money in the process is pretty good). The public will only have privacy if its automatic or at least very cheap. |
18:36:05 | zooko: | gmaxwell: excellent argument. |
18:36:13 | arubi: | exactly |
18:36:17 | zooko: | gmaxwell: a data point I like to make about that is the HSBC scandal. |
18:36:53 | zooko: | Mexican drug lords laundering $10 bn can afford to work the system. |
18:37:46 | kanzure: | "nothing to hide"... hardly. even temporary public surveillance means data can be reused indefinitely, by anyone that may either now or in the future wish to target you. |
18:38:45 | gmaxwell: | It's also not especially politically contoversial; at least in the US across the full set of the political spectrum we do generally reconize the freedom to be let alone by the state as integral to free speech, and free speech to be integral to free society. We just sometimes fall down on the details because politics is sometimes reactionary. |
18:38:53 | gmaxwell: | kanzure: or misconstrued in the light of future data. |
18:39:20 | kanzure: | oh right, potential future inferences. have fun, guys. |
18:39:23 | nsh: | you can make a pretty simple economic argument: your privacy is a whole bunch of other people's big business |
18:39:34 | nsh: | and if they value it, maybe you should |
18:39:48 | nsh: | otherwise you might be getting blankets for the great plains |
18:40:31 | kanzure: | i was reading an eff thread the other day and their explanations and arguments against "nothing to hide" were surprisingly poor. |
18:40:46 | kanzure: | astonishingly poor. that should be a faq on their site or something. |
18:41:44 | arubi: | a good argument might be, "do you want your neighbors' using kid your wifi hotspot?" |
18:42:04 | arubi: | er, switch using and kid there. can't think of a one liner |
18:42:25 | arubi: | s/using kid/kid using/ |
18:45:02 | kanzure: | that is not a good argument |
18:45:40 | arubi: | okay then. |
18:46:19 | kanzure: | people will think you are talking about economics and money ("why should i care if someone is helped by my network?") |
18:47:44 | arubi: | well that's not what I meant obviously. I was talking about the simple case of why encryption and privacy are important |
19:12:49 | jcorgan: | the best i've seen is to get rid of the stigma of the idea of "having something to hide." Everyone has something to hide, it's why they have curtains on their house windows, why they don't publish their banking details, why there is attorney-client privilege, etc. |
19:15:18 | andytoshi: | AC privilege is only for criminals ;). confidentiality between a therapist and client is maybe a better example |
19:15:59 | gmaxwell: | Also; sure you might not USUALLY have something to hide, sure, but you have to be prepared for the few things that ought to be hidden-- or it won't be, and once a secret it out it can never be taken back. |
19:53:20 | kanzure: | jcorgan: i think that is a poor argument too, for the following reasons- there are many people that do not have curtains and are perfectly happy with that, but they are also still interested in preserving certain perfectly-normal data against asymmetrically-powerful adversaries.. even without curtains. |
19:53:25 | kanzure: | *curtains |
20:03:01 | fluffypony: | Taek: there was an editorial David Latapie wrote on it a little while ago, here - https://forum.getmonero.org/1/news-announcements-and-editorials/191/editorial-the-value-of-privacy |
20:14:33 | jcorgan: | lol that gmaxwell is quoted for the part about porn, and the rest of the editorial is basically parroting what else he said |
20:15:25 | hearn: | jcorgan: gotta be careful with such arguments. people don't tend to publish their bank balance to the people around them, but they understand and accept that the government knows it. |
20:15:31 | wumpus: | well as is said, you may have nothing to hide, but you certainly have something to protect, and leaking (some kinds of) information into the open makes you vulnerable to unscrupulous people. It's a kind of hygiene. |
20:15:48 | hearn: | jcorgan: usually "nothing to hide nothing to fear" is an argument about government access to information |
20:16:21 | hearn: | jcorgan: moxie has the best discussion of this i've seen so far. http://www.thoughtcrime.org/blog/we-should-all-have-something-to-hide/ |
20:17:38 | gmaxwell: | hearn: In the US there are a multitude or protections that limit the governments access to your financial records and restrict what they can do with the areas they can access; Some of these have been eroded by the rise of electronic banking, and by more recent anti-terrorism activity; but at least from a US historical and cultural perspective it is incorrect to say that everyone expects their fi |
20:17:45 | gmaxwell: | nances are transparent to the government. |
20:18:42 | gmaxwell: | hearn: in the case of things related to bitcoin though there is an extra bit of confusion in that people think that having privacy from no one might be acceptable just because it is often acceptable to have the bank or the government see your records (without constraint or otherwise) |
20:19:06 | hearn: | i think that would be true in switzerland where the government actually doesn't have any access to banking records, to the extent that tax evasion (by swiss people from their own govt) is quite common. i've not heard of such things elsewhere, people assume that you can't receive large payments into a bank account, not declare them and be undetected for long. |
20:19:25 | instagibbs: | "andytoshi: AC privilege is only for criminals" <--- the mere fact that the public doesn't understand why we have AC privilege says a lot |
20:20:18 | hearn: | certainly the fact that banks report suspicious activity means that seeing banks as private against governments doesn't hold much water |
20:20:48 | instagibbs: | it certainly doesn't have 4th amendment protections that we enjoy in other spheres of life. |
20:22:18 | fluffypony: | speaking of quoting gmaxwell |
20:22:44 | fluffypony: | Darkcoin/Dash has taken the "Cryptography is all that technology by which we hope to confine and constrain the nature of information" definition to mean that they are cryptographically sound |
20:22:51 | gmaxwell: | lol |
20:23:04 | fluffypony: | https://bitcointalk.org/index.php?topic=999886.msg11153729#msg11153729 |
20:23:05 | gmaxwell: | dear lord. |
20:23:25 | fluffypony: | well it leads to chuckles, so there's that |
20:23:55 | gmaxwell: | (kat is asking why I'm laughing now) |
20:24:35 | instagibbs: | "For example, you have claimed InstantX is just Bitcoin's Green Addresses, which it isn't. From reading the description it is clear they are very different, as a Green Address recipient has to trust the previously published sending address not to double spend whereas InstantX is trustless." |
20:24:38 | instagibbs: | ok im rolling |
20:24:53 | zooko: | +1 for moxie's blog post |
20:24:55 | fluffypony: | instagibbs: I know, right? |
20:25:19 | instagibbs: | which post is that zooko ? |
20:25:55 | zooko: | http://www.thoughtcrime.org/blog/we-should-all-have-something-to-hide/ |
20:26:03 | zooko: | That guy is such a good writer. |
20:28:07 | instagibbs: | Privacy as shield against capricious prosecution. <--- yeah that's a good one |
20:28:30 | gmaxwell: | hearn: In the US do not use proactive monitoring of accounts for anti-tax evasions purposes. I've randomly bounced large amounts of money between various forms all the time between accounts and otherwise, moving between instutions and etc.. none of it is itself tax reportable, none of it goes on my taxes; most is not reported to the IRS under any regulations (though some do get reported elsewher |
20:28:36 | gmaxwell: | e for non-tax reasons). If I'm audited they might want to see account records and I may have to explain some of it, but it would be after the fact in an existing audit. I think its a very sensible strategy: people's privacy is protected; there is some tax evasion, but its kept small by serious penalitys; we don't need active monitoring to spot evasion, most of what it would return would be false |
20:28:36 | hearn: | it's struck me during the whole post-snowden years that politicians are totally incapable of understanding what big data analytics can do |
20:28:42 | gmaxwell: | positives (E.g. in my case). |
20:28:49 | gmaxwell: | "It's just metadata!" |
20:29:32 | kanzure: | "no it's just a *copy* of the data" |
20:29:39 | hearn: | gmaxwell: yes, *if* you ignore that the US Treasury has a record of every single financial transaction made around the world (ignoring cash/bitcoin obviously), and so does the NSA, and that the moment the goverment is interested in your banking records they can get them with a subpoena |
20:30:04 | hearn: | gmaxwell: my point is, people don't think of banking as being private from the government because they know that the government can view the records of "bad people" on demand, more or less. |
20:30:12 | wumpus: | yes, it's just a summary of the interesting parts of your communication, not the whole of it! :) |
20:30:48 | hearn: | so saying "you wouldn't publish your banking details to the world" isn't a very compelling argument to most people when talking about crypto or bitcoin, because they tend to say "i don't want random strangers to see it, but i'm fine with the police having access" |
20:30:53 | gmaxwell: | hearn: yea, but on demand, under conditions, in hopefully controlled and regulated ways is not the same has having no privacy. :) |
20:30:55 | hearn: | which isn't easily implementable in crypto systems |
20:31:10 | hearn: | i mean it can be done but in practice nobody does |
20:31:32 | fluffypony: | hearn: Monero does, you can give the cops / gov'mint your viewkey |
20:31:54 | hearn: | gmaxwell: yeah sure, but i think that the existence of the Treasury program (TFTP) means the old world has effectively gone |
20:32:12 | gmaxwell: | hearn: for tax reasons we do have a tidy solution; basically in tax audits in the US the burden of proof is largely on the tax payer to show their funds were accounted for and correctly tax paid-up. So successfully hiding your records is not so helpful unless they are completely invisible (no shiny boat in your slip). |
20:32:14 | hearn: | fluffypony: "can" != "must", i assume? |
20:32:25 | gmaxwell: | For things other than tax, not quite so much. |
20:32:34 | fluffypony: | hearn: yes, it's opt-in not opt-out |
20:32:50 | zooko: | hearn: I think you're using a different standard for cryptocurrencies than for other systems here. |
20:33:15 | hearn: | * hearn is currently in an argument with a UK guy who is designing some kind of every-tx-requires-mandatory-id-verification alt coin, and he doesn't seem to grok the difference between tax avoidance and evasion |
20:33:16 | zooko: | If a cryptocurrency made it so that you *must* disclose certain things to the government, that would be much *more* transparency than any comparable thing, wouldn't it? |
20:33:20 | zooko: | Not equivalent transparency. |
20:33:25 | phantomcircuit: | zooko, lol @ killing a lobster in self defense |
20:33:34 | zooko: | phantomcircuit: WHAT ARE YOU TALKING ABOUT |
20:33:44 | phantomcircuit: | http://www.thoughtcrime.org/blog/we-should-all-have-something-to-hide/ |
20:33:49 | phantomcircuit: | didn't read it i see |
20:33:53 | hearn: | zooko: i guess it'd be the same as banking? |
20:34:04 | zooko: | phantomcircuit: I did! But a while back. |
20:34:13 | zooko: | Don't have a perfect memory, I see. ☹ |
20:34:15 | zooko: | Getting old. |
20:34:23 | zooko: | hearn: seems to me it would be close to that. |
20:34:36 | wumpus: | it's also funny how those schemes always assume that there is only one government |
20:34:51 | zooko: | wumpus: Yeah. |
20:34:59 | zooko: | bbiab |
20:35:05 | fluffypony: | zooko's memory triangle: memories can be clear, beautiful, true. pick 2. |
20:42:52 | wumpus: | in any case revealing your banking details to the world is infinitely worse than just having them available to a government, "you wouldn't publish your banking details to the world" doesn't become any less of a compelling argument due to that |
20:47:13 | zooko: | haha |
20:47:15 | wumpus: | ie if the only reason to put up curtains would be to prevent the government from peeking, I'm sure many people may neglect doing that, they may not deem it worth the cost. But it's about the other people. |
20:48:40 | instagibbs: | if the govt rolled up vans to each and every home you may see a difference in behavior :) |
20:50:38 | zooko: | I think most people, at least in the better-governed countries, are okay with "the government" being able to see their transactions, but not with their next door neighbor being able to see them. |
20:51:50 | kanzure: | asymmetrically powerful adversaries always warrant asymmetrical caution |
20:52:22 | zooko: | One rhetorical technique I'm interested in is directing people's attention to other governments. |
20:53:47 | fluffypony: | it's easy when you live in South Africa, our government is so openly messy that we focus on other governments as a default :-P |
20:54:17 | zooko: | :-) |
20:54:21 | wumpus: | hehe |
20:54:48 | zooko: | What I meant was: sure, you're okay with the people, and the policies, of your government having access to your financial transaction records. Now what about the government of France? How about Russia? |
20:57:09 | hearn: | i think arguments based on more personal stuff work better |
20:58:39 | hearn: | "the UK has tens of thousands of men alive today with criminal records, for being gay. imagine if society had today's technology in the 1960s. do you realise that GCHQ could algorithmically identify almost all sexually active gay people and the government could round them up/jail them all, in one massive overnight operation?" |
20:58:50 | kanzure: | hearn: perhaps racial persecution would be appropriate? |
20:58:57 | hearn: | "can you imagine what that would have done to the progressive movements, when suddenly there is no longer anyone to fight for or anyone to speak up?" |
20:58:59 | kanzure: | er, i mean, as a personal example |
20:59:55 | hearn: | it's very clear that British politicians at least, probably american ones too, cannot actually imagine how effective data analytics are. they're stuck on this notion that because the intelligence agencies don't have infinite people, they can only engage in surveillance against a tiny minority, so it's all safe and there's nothing to worry about |
21:00:22 | hearn: | the idea that a team of 3-4 software engineers could do en-masse surveillance to enforce social policies hasn't penetrated their minds yet. probably ...... that's a good thing |
21:00:24 | phantomcircuit: | hearn, that argument is extremely effective with second amendment supporters who otherwise do not care about government surveilance |
21:00:34 | hearn: | which one is the second again? |
21:00:35 | hearn: | guns? |
21:00:38 | phantomcircuit: | yes |
21:00:44 | hearn: | right |
21:00:55 | hearn: | well that's rather US specific. i like examples that work in any western country :) |
21:01:22 | zooko: | hearn: I find that extremely compelling, myself. Not sure if a large set of other people do. |
21:01:23 | wumpus: | yes, better to not remind them if it. If they're anything like the dutch government the reply would be more 'oh cool we want that too' |
21:01:42 | zooko: | gotta run… |
21:02:51 | wumpus: | like the whole Snowden affair, it only gave them ideas and made them propose more funding and authorization for the intelligence agency, after all the others are doing it too and we can't stay behind can we |
21:08:26 | petertodd: | zooko: speaking of, I've seen more than one "national blockchain" proposal lately, and they tend to include things like requiring full receipts to be included in transactions so not only will the governments know exactly who is sending money to whome, but also, for what |
21:09:20 | petertodd: | zooko: fortunately I've been able to turn down such contracts on grounds other than ethics so far - could be an ugly conversation... |
21:10:20 | fluffypony: | Federated Federal Chains? |
21:10:29 | petertodd: | fluffypony: basically yes |
21:10:59 | petertodd: | fluffypony: of course, keep in mind that many regulators/banking types believe having crypto at all in these systems is fundementally unacceptable, because it prevents you from lying |
21:12:06 | petertodd: | fluffypony: e.g. a recent conversation I had in NY was along the lines of how hugely disruptive it would be ifyou could prove your bank account balance to others - really messes with how the regs are written re: seizing funds, as often seizures happen secretely, even to the account holder |
21:13:56 | fluffypony: | yeah a lot of cryptography doesn't gel with the way regulations are built |
21:14:34 | fluffypony: | nothing is "proven" in the truest sense of the word, everything is overly-laden with trust |
21:15:13 | fluffypony: | eg. evidence has a chain of custody that requires that you trust each person behaved |
21:15:35 | petertodd: | fluffypony: yup! a great example I ran into recently was for a company doing a bitcoin bank card: their interface to the bank card processing company was over an encrypted VPN, but beyond that there was absolutely no way to prove which side got hacked if anything went wrong |
21:16:40 | petertodd: | similarly, I've had a few people at banks tell me they actually have blanket prohibitions against systems that make cryptographically signed statements because of legal reasons - that VPN setup may have been delibrately engineered to be unauditable |
21:20:59 | Taek: | I like this: "Software testing is making sure your program does what it's supposed to, security testing is making sure that's all it does." |
21:21:58 | wumpus: | yes, that's very apt |
21:23:27 | petertodd: | Taek: ...and the attacker can create conditions to exploit bugs that are as unlikely as getting hit by lightning twice during a shark attack... in Idaho. |
21:24:09 | gmaxwell: | There was some additional stuff I only said that isn't on the slides which you might enjoy. |
21:24:20 | gmaxwell: | when the video is up I'll transcribe it. |
21:27:33 | gmaxwell: | e.g. I made a point that people often underestimate how fast computers have become; as their speed is mired in layered software; an attacker armed with a conventional computer is like having a army of a billion imbeciles; they may be imbeciles but you have a billion of them, and thats before you get a 100k node botenet. This favors attackers because you only need to cut the haystack to an unimag |
21:27:39 | gmaxwell: | inably large size before you can just search it exhaustively with your billion imbeciles. |
21:30:18 | petertodd: | I made an artwork about that actually, showing visualy how even a single, slow, computer can do in literally a blink of an eye is what a human can do in a lifetime |
21:32:01 | gmaxwell: | There is a really interesting tedtalk on peak oil which was influential on my thinking here; the speaker holds up a pint of crude oil and explains how its the enegeretic equal of some number of weeks of hard manual labor; explaining that how the more oil a society uses the more prosperous it can be, because its burning up ultra cheap stored labor. ... if you redo the comparison with computing tho |
21:32:07 | gmaxwell: | ugh the result is far more mindblowing. |
21:33:11 | gmaxwell: | e.g. cpu chip that costs a few bucks to make marginally, and can run forever on a solar sell is the number crunching equal of the worlds population several times over; and it never gets tired and will probably work for hundreds of years if cared for well. |
21:33:23 | gmaxwell: | s/sell/cell/ |
21:37:28 | petertodd: | nuts really |
21:38:10 | petertodd: | yet at the same time, there's still speculation that the "raw" processing power of the human brain is on par with things like "all of google's computing power" - it's just that it has highly specialized parallel architecture and software, so to speak |
21:39:04 | gmaxwell: | sure, but not actually useful for specialized tasks like breaking cryptosystems. The fact that computing power is so qualitatively different from mental power is part of the reason we underestmate computers at tasks for which they're well suited (and we're not). |
21:40:12 | petertodd: | not *yet* useful - it's well within the realm of possibility that highly advanced genetic engineering will lead to biological computers that make our current computers look pathetic. |
21:40:59 | petertodd: | of course, cryptosystems often have pretty strong bounds like "to brute force AES will require computers made of something other than matter that occupy something other than space" - it's only your shitty passwords that are at risk :) |
21:41:17 | aakselrod: | * aakselrod starts developing chocolate-powered miners |
21:42:46 | gmaxwell: | petertodd: yea, the thing people miss sometimes is that a compromise doesn't have to break it completely, it just needs to reduce the search space enough; but the search space can still be huge. |
21:44:30 | petertodd: | gmaxwell: yup, e.g. the sha1 break, with an estimated ~$1million to create a SHA1 hash collission that no-one has (as we know) spent the money to actualy do |
21:45:00 | gmaxwell: | DJB told me someone is working on that now. |
21:45:14 | gmaxwell: | I guess I should ping him for contact info to make sure they can claim the bitcoin bounty. |
21:45:16 | petertodd: | oh good! I really, really, hope they publish first by collecting that bounty |
21:49:44 | petertodd: | unrelated: has anything else done any low-level analysis of the Ripple codebase? I noticed that if you add extra, non-existent, validators to your UNL your node still accepts the consensus, which looks like it only includes "live" validators in the consensus determination, which then means you can be sybil attacked |
21:52:20 | gmaxwell: | ... |
21:52:40 | gmaxwell: | petertodd: I believe you've answered your own question. |
21:53:09 | petertodd: | gmaxwell: not quite - I didn't and can't answer the question "has anyone else..." :) |
21:54:02 | gmaxwell: | It just seems like a realy severe and obvious issue that you'd expect to unconver without actual auditing, just via operation. As in "why am I still up while partitioned". |
21:54:44 | gmaxwell: | petertodd: what you described could be a one way latch though; e.g. only count it after its gone up at least once. |
21:54:53 | gmaxwell: | Which would be less of an issue. |
21:55:13 | petertodd: | yeah, I think it's one of those things where the tooling required to actually do those tests doesn't exist - there doesn't seem to be an equivilent of python-bitcoinlib for ripple |
21:55:25 | petertodd: | so people don't notice this stuff |
21:55:38 | kanzure: | you could do those tests without python-bitcoinlib. you'd still have to write code, though. |
21:56:05 | petertodd: | gmaxwell: yeah, I was wondering if it was a one-way-latch too, although even that's kinda scary if you get sybilled from the beginning |
21:56:35 | petertodd: | kanzure: yup, and when your client is getting billed $$$$/hr there's a strong temptation to base your report on theories :) |
21:57:17 | petertodd: | kanzure: I've already had to ask them twice for direction for what they want to focus on to keep costs reasonable :( |
21:57:36 | gmaxwell: | petertodd: there is a trivial difinitive test; bring up a host, and then iptable off all but one of its trusted parties. |
21:58:14 | petertodd: | gmaxwell: ripple does have a flood-fill network, so doing that isn't possible with just iptables |
21:59:01 | kanzure: | petertodd: did you happen to read https://news.ycombinator.com/item?id=9341687 |
21:59:15 | kanzure: | whoops |
21:59:23 | kanzure: | i meant this subthread https://news.ycombinator.com/item?id=9342348 |
21:59:49 | gmaxwell: | ah yea so thats a pain to configure. |
22:00:20 | petertodd: | kanzure: I did! on both counts - I thnk an important thing I'll be talking about is "lets assume the UNL idea works - what incentive does anyone have to *not* use thedefault UNL?" |
22:01:02 | petertodd: | kanzure: remember that your node still *validates*, the only difference is you might accept a different consensus, which is really bad - best to just do what everyone else does and use the 5 validators... |
22:01:03 | kanzure: | what sort of testing infrastructure is ther ealready? |
22:01:45 | petertodd: | kanzure: looks to be just unittests, plenty of them, but not tooled in a way that's easy to experiment with. Even basic documentation like "what exactly is the blockchain data structure?" is really hard to get w/o reading a lot of code |
22:02:00 | kanzure: | sounds like you'd have to start with lots of shitty bash scripts, have fun |
22:02:24 | kanzure: | you may be interested in http://amoffat.github.io/sh/ |
22:02:40 | gmaxwell: | petertodd: so for that test, perhaps modify the signature verification code to reject all signatures with particular keys? |
22:02:53 | gmaxwell: | (though maybe that will cause peer disconnection) |
22:03:07 | petertodd: | kanzure: well, mostly I've been reading the code and taking notes - it's a fair bit less readable than bitcoin core, and there isn't a clear bondry between consensus and non-consensus code :( |
22:03:31 | petertodd: | gmaxwell: oh! that's a good idea, but yes, I'm 90% sure that'll cause peer disconnection |
22:04:25 | kanzure: | petertodd: one of my tricks for reading code is to read the code at some point in the past, instead of recent. because in the past there is slightly higher chances of there being less code. |
22:05:13 | petertodd: | kanzure: haha, good idea, though here it looks like they may have made fairly significant consensus-critical changes |
22:05:31 | kanzure: | consensus-breaking? |
22:05:34 | petertodd: | kanzure: I've done that a lot for the Bitcoin Core codebase though - v0.3 is especially readable, and "modern" |
22:06:07 | petertodd: | kanzure: yes - they have done "flag days", but time-based. Also nodes don't download full history, so you can get away with a lot. |
22:06:58 | gmaxwell: | yea, it's not history validating. thus the 'altcoin attacks'; if they'd really opened up the UNL membership you can bet that the unspent initially created ripples would have been largely reassigned by now. |
22:10:30 | petertodd: | brb |
22:12:43 | fluffypony: | the sort of thinking that validates Ripple as a *crypto*-currency is the same thinking as a "Bitcoin Floundation" member saying this rubbish: "I'm telling you, when we look back 20 years from now, Vitalik is going to be seen as one of the most important human beings in the world. He's more than a genius—he's a genius among geniuses." |
22:12:55 | fluffypony: | oh sorry, Bitcoin Floundation *director* |
22:13:01 | fluffypony: | (src: http://www.details.com/culture-trends/critical-eye/201502/bitcoin-digital-currency-investors?currentPage=1) |
22:17:11 | jcorgan: | i'm convinced now that the vast majority of non-technical people must think everything around them works by magic, so anytime they see something they don't understand, they can't tell the difference between genius and bullshit |
22:17:36 | fluffypony: | jcorgan: magnets...how do they work? |
22:18:11 | jcorgan: | wat |
22:18:50 | hearn: | jcorgan: https://www.youtube.com/watch?v=OvmvxAcT_Yc |
22:18:50 | fluffypony: | jcorgan: http://knowyourmeme.com/memes/fucking-magnets-how-do-they-work |
22:19:06 | fluffypony: | seriously though, that Details article made me irrationally angry |
22:19:26 | fluffypony: | wtf has Brock Pierce done that makes him deserving of the title "the godfather of bitcoin" ? |
22:19:49 | fluffypony: | even though academically I know it's a PR exercise, it still irks me |
22:19:52 | jcorgan: | almost everything i read these days makes me irrationally angry. it's a good sign i'm firmly entrenched in middle age |
22:20:33 | jcorgan: | see what all you youngins have to look forward to? |
22:20:52 | jcorgan: | if i had a TV in my house i'd be yelling at it |
22:20:55 | fluffypony: | lol |
22:21:11 | kanzure: | no you see i'm getting all the rational hatred out of my system *now*, so that later there wont be anything hateworthy, it's simple |
22:27:31 | jcorgan: | i'm just bitter. the singularity should have happened by now, and i'm running out of time :) |
22:28:13 | jcorgan: | instead of post-AI paradise we have dogecoin |
22:29:06 | tromp: | post-Ai does not paradise make |
22:29:23 | gmaxwell: | "Much technological progress, very excite" (Kat) |
22:30:07 | fluffypony: | Such cryptography. Much decentralisation. Wow. |
22:30:15 | gmaxwell: | Oh well could be worse; -- see also Friendship is Optimal (A novel based on the premise of a My Little Pony MMORPG being powered by a superhuman AI) |
22:30:40 | jcorgan: | actually, all the deep learning stuff coming out in the last five years really *is* exciting |
22:31:13 | gmaxwell: | (And the worst part of it are all the reviews left by my little pony fans who read it but don't realize that its a horror story / cautionary tale) |
22:34:02 | kanzure: | jcorgan: waiting for a singularity is a bad strategy |
22:34:18 | ajweiss: | what if the singularity has already happened... |
22:34:30 | ajweiss: | call it the emergent behavior of humans glued to the internet |
22:34:30 | kanzure: | here, have some elon musk propaganda http://images.bwbx.io/cms/2012-09-13/features_elonmusk38__01__405inline.jpg |
22:34:42 | instagibbs: | can't be true, the Nerd Rapture wouldn't leave any wizards with beards behind |
22:36:23 | jcorgan: | i've never had a gmax-class beard, but there's still time :) |
22:36:26 | fluffypony: | * fluffypony likes Elon Musk |
22:36:31 | fluffypony: | but only cause he's ex-South African |
22:36:39 | fluffypony: | otherwise I'd probably think he's a prat |
22:36:59 | instagibbs: | deep learning stuff is pretty cool, just because we're finally getting "good enough" narrow AI for lots of things |
22:37:57 | kanzure: | my alternative opinions about "waiting for a singularity" are documented loosely here http://diyhpl.us/wiki/declaration |
22:38:26 | ajweiss: | i don't know a whole lot about it.. i always just assumed it was neural nets for classification scaled up on today's fast computers |
22:38:40 | gmaxwell: | need faster computers... I sometimes worry that there is something of a gap where making computers faster isn't very commercially interesting because existing applications aren't improved much by it, but future applications are still not yet feasable... and I think we're seeing some of that playing out with more computing moving to mobile devices and leaving costly 'enterprise' hardware as the al |
22:38:46 | gmaxwell: | ternative. |
22:39:35 | instagibbs: | ajweiss: sort of. Lots of power increase on GPU, some theory, and lots of little tricks |
22:39:42 | jcorgan: | ajweiss: there were a couple "structural" changes in how to train multi-level neural networks in 2006 that re-ignited the field. also GPUs. |
22:39:50 | instagibbs: | Without the tricks they all still fall apart |
22:40:21 | kanzure: | gmaxwell: red herring; "faster" |
22:40:34 | ajweiss: | does it beat svm/kernely stuff significantly? |
22:40:52 | gmaxwell: | SVM stuff just has the benefit that the training always converges. |
22:41:20 | gmaxwell: | But there is a lot it cannot model, and its models are often ill-conditioned and easily overfit. |
22:41:24 | fluffypony: | * fluffypony checks the time |
22:41:28 | fluffypony: | gmaxwell: do you even sleep? |
22:41:35 | kanzure: | at the moment brains are the only things we know to do vaguely relevant things, so here is some stuff about biologically-accurate emulation of brain matter http://www.fhi.ox.ac.uk/reports/2008-3.pdf |
22:41:38 | gmaxwell: | fluffypony: hm, I'm in pacific time. |
22:41:47 | instagibbs: | SVM are convex, which is always nice |
22:42:33 | gmaxwell: | If you minimize the support vectors you get an RVM, and thats back to non-convex optimization (and quickly intractable) |
22:42:33 | kanzure: | also one of my favorite presentations from the blue brain project is transcribed here http://diyhpl.us/wiki/transcripts/markram-2006/ (although the actual video is also good) |
22:43:03 | fluffypony: | must just be a coincidental timezone overlap; I'm UTC +2 and you seem to be up all the time when I am |
22:43:06 | instagibbs: | hmm I should read on relevance vector machine, I forget what it does |
22:43:16 | gmaxwell: | I still think that ANN-ish techniques get far too much attention just because they're named "neural network"; I usually prefer to call them MLP instead. |
22:43:36 | ajweiss: | i always understood it as a kind of regularized svm |
22:44:02 | instagibbs: | gmaxwell: no doubt but they get fantastic results and just get better with more data :) |
22:44:11 | jcorgan: | gmaxwell: i just refer to them as algorithms, for the same reason |
22:44:12 | fluffypony: | * fluffypony read ANNouncement thread on Bitcoinalk, and My Little Pony, into that sentence |
22:44:36 | kanzure: | yes there is a strong bias towards not looking at the brain for some reason |
22:44:57 | kanzure: | i admit life would be easier if brains weren't s ridiculous but that's what we have to work with..... |
22:45:00 | kanzure: | *so |
22:45:16 | ajweiss: | yeah but do they actually do well on whole new classes of problems, or is it just a few pct better on problems that already go pretty well? |
22:45:37 | kanzure: | also http://fennetic.net/irc/human_chimpanzee_brain_differences.png |
22:46:25 | gmaxwell: | ajweiss: rvm? it works on things that SVM just produces trash on; but the training is intractable on big data sets. |
22:47:00 | ajweiss: | naw, fancy new "deep" neural nets |
22:47:17 | gmaxwell: | kanzure: because nature works its way into local minima, and the things its optimizing for may have little advice to give for our very differently constructed computer code. |
22:47:54 | gmaxwell: | ajweiss: they work on problems that old approaches just get stuck on. |
22:48:01 | jcorgan: | kanzure: intelligence via evolved protein-based replicators in competition has arrived at what we have; i suspect this is but one local minimum and it can be achieved different using different media |
22:48:22 | kanzure: | gmaxwell: yes but it's an existence proof; otherwise we run into some really really hard selection problems see http://diyhpl.us/~bryan/papers2/ai/How%20hard%20is%20artificial%20intelligence%3f%20Evolutionary%20arguments%20and%20selection%20effects%20-%20Shulman%20-%20Bostrom.pdf |
22:48:54 | kanzure: | jcorgan: so what? i would be extremely happy with a very retarded but thoughtful computer. that's a very good start. |
22:49:04 | gmaxwell: | Keep in mind that back-propagation is pretty much just Newton's method; it's a purely local optimization. The new approaches merge weaker classifiers. |
22:52:58 | jcorgan: | kanzure: i think of it like this--birds evolved flight over many eons, but once understood we recreated something similar and then surpassed nature in a few decades. |
22:53:04 | gmaxwell: | there is a bunch of machine learning activity now where someone comes up with a useful technique in one domain (e.g. adaboost over random decission trees) and then people go do the 'morally equal' thing to other kinds of machine learning ('deep belief networks' for MLP/RBM) |
22:53:19 | gmaxwell: | (I don't mean that to sound negative, its a good way to make progress) |
22:55:34 | kanzure: | jcorgan: what about it? |
22:55:56 | jcorgan: | just a counterpoint to the Bostrom article |
22:56:17 | kanzure: | you are cheating though, you said "once understood" |
22:56:18 | jcorgan: | (haven't read the whole thing) |
22:57:17 | kanzure: | yes, if we understood things i'm sure we could improve on things we understood. |
22:59:07 | jcorgan: | sorry, i don't follow your argument |
23:06:51 | kanzure: | "i suspect this is but one local minimum and it can be achieved differently" and then you said "once understood we recreated something similar and then surpassed nature"... like yes, once we understand something things work out great. sure. but we don't understand. so biologically-accurate emulation is one of the only available options. |
23:12:40 | jcorgan: | we don't understand how general intelligence works, so we investigate in different ways until we do (or give up as not understandable.) but i can't tell if you're saying that biologically accurate emulation is (one of) the only option(s) for performing that investigation, or it is the only option for implementation? |
23:14:21 | kanzure: | it is one of the few options. i would be very cautious to assign other methods to this category, especially ones that do not involve probing brains and squishing neurons. |
23:17:33 | ajweiss: | most of the imaging modalities we have in neuroscience are still pretty crude |
23:18:52 | ajweiss: | it pretty much amounts to pointing an infrared camera at a computer from 20 feet away, blindfolded tapping of a few traces at a time and blindfolded excitation of a few traces at a time |
23:19:18 | ajweiss: | at least in vivo |
23:21:05 | moa: | does the Turing test imply self-awareness or some level of consciousness? |
23:21:16 | ajweiss: | i don't think any real progress is going to be made until there's an imaging breakthrough where we can image the dynamics of billions of neurons, or perhaps the whole thing |
23:21:42 | aakselrod: | http://neurosciencenews.com/staining-method-brain-mapping-1953/ <-- recent imaging development (only used on dead brains, though) |
23:22:14 | ajweiss: | yeah there's a lot of ex vivo stuff coming out |
23:22:22 | ajweiss: | but the dynamics are where the magic happens |
23:22:31 | moa: | humans don't know how to count until they are taught |
23:24:07 | ajweiss: | but they do develop their percepts from sensory input pretty much just by being stimulated |
23:25:13 | moa: | you have to consider the possibility that intelligence is seated on consciousness ... and then it gets pretty hand-wavvy after that |
23:26:29 | ajweiss: | i'm pretty sure that it's impossible to use the c word without a bunch of hand waving |
23:27:51 | gmaxwell: | * gmaxwell dooms you all to get stuck at a dinner party with John Searle |
23:31:32 | kanzure: | moa: nobody has ever been able to demonsntrate the existence of consciousness |
23:31:34 | moa: | ajweiss: i thnk using the intelligence word implies the hand-waving because it is so difficult to define |
23:31:52 | moa: | babies are conscious before they can count |
23:32:04 | moa: | computers know how to count when they are built |
23:33:17 | moa: | so we are back to the question of wether the Turing test implies self-awareness or consciousness of some form ... as that is the "best" definition out there for "AI" |
23:34:06 | kanzure: | jcorgan: fwiw we had kites for many centuries |
23:39:51 | moa: | so I guess adult chat bots are leading the way in AI? (porn built the internet, etc) |
23:40:40 | moa: | probably a bitcoin business in there somewhere |
23:41:46 | smooth: | moa: ai scammer bots |
23:42:20 | moa: | the oldest profession, scamming |
23:43:04 | wumpus: | moa: do computers 'know' how to count? in a way that's like saying that because neurons 'count' electrical impulses, at a low level the baby does count, they're just not aware of the low-level processes :) |
23:43:06 | sneak: | how does the locktime'd refund safety tx for a 2of2 multisig payment channel exist for the refund to the first party if the inputs to the funding of the multisig address aren't on the chain yet? |
23:44:35 | moa: | wumpus: good point, maybe we already know how but need to re-learn? like a trained bot might have to |
23:45:06 | moa: | they said euler could add subtract multiply huge numbers in his head as effortlessly as breathing |
23:54:02 | moa: | maybe consciousness is like a VM, would explain multiple personality disorders |
23:57:12 | wumpus: | consciousness is just not well-defined, you 'feel' that you are conscious, but you cannot distinguish whether others are conscious or just meat robots evolved to act like they are |