--- Log opened Thu Oct 25 00:00:47 2018 00:03 -!- setpill [~setpill@unaffiliated/setpill] has joined #bitcoin-core-dev 00:03 -!- ap4lmtree- [~ap4lmtree@unaffiliated/ap4lmtree] has quit [Remote host closed the connection] 00:03 -!- promag [~promag@bl22-247-244.dsl.telepac.pt] has joined #bitcoin-core-dev 00:04 -!- Murch [~murch@c-73-223-113-121.hsd1.ca.comcast.net] has quit [Client Quit] 00:04 -!- ap4lmtree- [~ap4lmtree@unaffiliated/ap4lmtree] has joined #bitcoin-core-dev 00:19 < sipa> meshcollider: cool 00:20 -!- promag [~promag@bl22-247-244.dsl.telepac.pt] has quit [Remote host closed the connection] 00:24 -!- timothy [~tredaelli@redhat/timothy] has joined #bitcoin-core-dev 00:32 < meshcollider> sipa: is there a way to ToString() on a specific index of a ranged descriptor to get a concrete derivation path? Or does ToString() always only return the ranged one 00:32 < meshcollider> looks like the latter 00:38 < meshcollider> and if not, would it be sensible for me to add it? Or is there a better approach im missing 00:44 -!- bitconner [~conner@c-73-170-56-77.hsd1.ca.comcast.net] has joined #bitcoin-core-dev 00:46 -!- Hayro [25fc5101@gateway/web/freenode/ip.37.252.81.1] has joined #bitcoin-core-dev 00:48 -!- bitconner [~conner@c-73-170-56-77.hsd1.ca.comcast.net] has quit [Ping timeout: 268 seconds] 00:48 -!- lnostdal [~lnostdal@77.70.119.51] has joined #bitcoin-core-dev 00:50 < Hayro> hello 00:52 -!- Hayro [25fc5101@gateway/web/freenode/ip.37.252.81.1] has left #bitcoin-core-dev [] 00:56 < sipa> meshcollider: i thought about adding a way to 'specialize' a ranged descriptor to just a specific indix 00:57 < sipa> but then i realized that that would actually be duplicating #14477 00:57 < gribble> https://github.com/bitcoin/bitcoin/issues/14477 | Add ability to convert solvability info to descriptor by sipa · Pull Request #14477 · bitcoin/bitcoin · GitHub 00:57 < meshcollider> ah so you could call something like desc.Specialize(1).ToString() 00:58 < sipa> meshcollider: instead, you can expand a descriptor at a certain position, and then run InferDescriptor on the result 00:58 < sipa> and you'll get exactly the same as you'd get from such a Specialize 00:58 < sipa> i have a branch that uses that trick to add descriptors to scantxoutset's output 00:59 < meshcollider> oh, so like 00:59 < meshcollider> desc.Expand(1, sp, scripts, out); 00:59 < meshcollider> whatever = InferDescriptor(scripts[0], sp); 00:59 < meshcollider> ok ill take a look 00:59 < meshcollider> no PR for that yet? 01:00 < meshcollider> or are you waiting for 14477 to go in 01:02 < sipa> yeah, i was waiting for 14477, but it's a really small patch 01:02 < sipa> i can just add it i guess 01:04 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Excess Flood] 01:05 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-core-dev 01:14 -!- BGL [sixty@75-149-171-58-Washington.hfc.comcastbusiness.net] has quit [Ping timeout: 246 seconds] 01:16 -!- jungly_ [~quassel@79.8.200.97] has joined #bitcoin-core-dev 01:19 -!- Krellan [~Krellan@2600:1700:be50:323f:55b0:5cb9:8203:6ae5] has quit [Read error: Connection reset by peer] 01:20 -!- Krellan [~Krellan@2600:1700:be50:323f:959c:e2c8:2b8e:6b82] has joined #bitcoin-core-dev 01:43 -!- proletesseract [~proletess@110-174-58-233.static.tpgi.com.au] has joined #bitcoin-core-dev 01:44 -!- chubao_ [cbba0da2@gateway/web/freenode/ip.203.186.13.162] has joined #bitcoin-core-dev 01:44 -!- drexl [~drexl@cpc130676-camd16-2-0-cust445.know.cable.virginm.net] has quit [Ping timeout: 268 seconds] 02:01 -!- anon777 [c1b4a43a@gateway/web/freenode/ip.193.180.164.58] has joined #bitcoin-core-dev 02:07 -!- shesek [~shesek@unaffiliated/shesek] has quit [Ping timeout: 246 seconds] 02:12 -!- anon777 [c1b4a43a@gateway/web/freenode/ip.193.180.164.58] has quit [Quit: Page closed] 02:14 -!- owowo [~ovovo@unaffiliated/ovovo] has quit [Ping timeout: 240 seconds] 02:39 -!- owowo [~ovovo@unaffiliated/ovovo] has joined #bitcoin-core-dev 02:39 -!- BGL [fourty@75-149-171-58-Washington.hfc.comcastbusiness.net] has joined #bitcoin-core-dev 02:46 -!- ExtraCrispy [~ExtraCris@gateway/tor-sasl/extracrispy] has joined #bitcoin-core-dev 02:51 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...] 03:04 -!- promag [~promag@bl22-247-244.dsl.telepac.pt] has joined #bitcoin-core-dev 03:12 -!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has quit [Ping timeout: 268 seconds] 03:13 -!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has joined #bitcoin-core-dev 03:16 -!- shesek [~shesek@141.226.218.8] has joined #bitcoin-core-dev 03:16 -!- shesek [~shesek@141.226.218.8] has quit [Changing host] 03:16 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 03:19 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-core-dev 03:21 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has joined #bitcoin-core-dev 03:39 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 03:40 -!- shesek [~shesek@141.226.218.8] has joined #bitcoin-core-dev 03:40 -!- shesek [~shesek@141.226.218.8] has quit [Changing host] 03:40 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 03:45 -!- michaelfolkson [~textual@host86-170-183-225.range86-170.btcentralplus.com] has joined #bitcoin-core-dev 03:51 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...] 03:58 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: No route to host] 03:58 -!- shesek [~shesek@141.226.218.8] has joined #bitcoin-core-dev 03:58 -!- shesek [~shesek@141.226.218.8] has quit [Changing host] 03:58 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 04:04 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-core-dev 04:10 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 04:10 -!- shesek [~shesek@141.226.218.8] has joined #bitcoin-core-dev 04:10 -!- shesek [~shesek@141.226.218.8] has quit [Changing host] 04:10 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 04:13 -!- ap4lmtree- [~ap4lmtree@unaffiliated/ap4lmtree] has quit [Remote host closed the connection] 04:14 -!- ap4lmtree- [~ap4lmtree@unaffiliated/ap4lmtree] has joined #bitcoin-core-dev 04:31 -!- ap4lmtree- [~ap4lmtree@unaffiliated/ap4lmtree] has quit [Read error: Connection reset by peer] 04:33 < ken2812221> Gitian build for Windows is fail on master branch, I can confirm this with WSL. https://bitcoin.jonasschnelli.ch/build/858 04:44 < ken2812221> The problem seems to be 14451, revert this commit and the build works fine 05:01 -!- klot [~klot@188.113.58.239] has quit [Remote host closed the connection] 05:15 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-qtbyodpxjhncpsll] has joined #bitcoin-core-dev 05:15 < bitcoin-git> [bitcoin] ken2812221 opened pull request #14568: build: Fix Qt link order for Windows build (master...win-qt-fix) https://github.com/bitcoin/bitcoin/pull/14568 05:15 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-qtbyodpxjhncpsll] has left #bitcoin-core-dev [] 05:16 -!- Victor_sueca [~Victorsue@unaffiliated/victorsueca] has quit [Read error: Connection reset by peer] 05:17 -!- Victor_sueca [~Victorsue@unaffiliated/victorsueca] has joined #bitcoin-core-dev 05:25 -!- proletesseract [~proletess@110-174-58-233.static.tpgi.com.au] has quit [Remote host closed the connection] 05:26 -!- proletesseract [~proletess@110-174-58-233.static.tpgi.com.au] has joined #bitcoin-core-dev 05:28 -!- proletesseract [~proletess@110-174-58-233.static.tpgi.com.au] has quit [Remote host closed the connection] 05:32 -!- Krellan [~Krellan@2600:1700:be50:323f:959c:e2c8:2b8e:6b82] has quit [Read error: Connection reset by peer] 05:33 -!- Krellan [~Krellan@2600:1700:be50:323f:959c:e2c8:2b8e:6b82] has joined #bitcoin-core-dev 05:34 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-agnapulovhalvccg] has joined #bitcoin-core-dev 05:34 < bitcoin-git> [bitcoin] ken2812221 opened pull request #14569: travis: Print characters per 9 min to avoid timeout (master...travis-avoid-timeout) https://github.com/bitcoin/bitcoin/pull/14569 05:34 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-agnapulovhalvccg] has left #bitcoin-core-dev [] 05:35 -!- IGHOR [~quassel@93.178.216.72] has quit [Read error: No route to host] 05:36 -!- IGHOR [~quassel@93.178.216.72] has joined #bitcoin-core-dev 05:47 -!- emilengler [~Emil@ip4d145229.dynamic.kabel-deutschland.de] has joined #bitcoin-core-dev 05:48 -!- emilengler [~Emil@ip4d145229.dynamic.kabel-deutschland.de] has left #bitcoin-core-dev [] 05:53 < promag> wumpus or MarcoFalke, please see #14561 05:53 < gribble> https://github.com/bitcoin/bitcoin/issues/14561 | Remove fs::relative call and fix listwalletdir tests by promag · Pull Request #14561 · bitcoin/bitcoin · GitHub 06:01 -!- hebasto_ [~hebasto@95.164.65.194] has quit [Remote host closed the connection] 06:07 < wumpus> I'm getting really lost in all the wallet directory stuff to be honest 06:15 < wumpus> didn't I look at another PR for exactly this shortly ago 06:15 < promag> it was closed and replaced with this 06:16 < promag> the other used path accessors and fs::equivalent which touches the filesystem 06:16 < promag> this one only drops the base string from the path string 06:17 < promag> and since we are recursively iterating walletdir there won't be errors, hence the assert() instead 06:19 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-kklilxgagjvsfjkj] has joined #bitcoin-core-dev 06:19 < bitcoin-git> [bitcoin] MarcoFalke opened pull request #14571: [tests] Test that nodes respond to getdata with notfound (master...Mf1810-qaNotfound) https://github.com/bitcoin/bitcoin/pull/14571 06:19 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-kklilxgagjvsfjkj] has left #bitcoin-core-dev [] 06:20 -!- michaelfolkson [~textual@host86-170-183-225.range86-170.btcentralplus.com] has quit [Quit: Sleep mode] 06:20 < wumpus> well, sure, in the context you could say that it never happens, but if you define an utility function I think you need to handle errors properly and not assert 06:21 < wumpus> or at the least add a comment and explain that the function will crash your program if the input isn't exactly as expected 06:21 < wumpus> otherwise, before you know it, someone will use it in network code or whatever and you have a DoS 06:22 -!- merland [2ee343bb@gateway/web/freenode/ip.46.227.67.187] has joined #bitcoin-core-dev 06:22 < wumpus> documenting assumptions is very important 06:25 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 06:26 -!- shesek [~shesek@141.226.218.8] has joined #bitcoin-core-dev 06:26 -!- shesek [~shesek@141.226.218.8] has quit [Changing host] 06:26 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 06:28 < wumpus> and I think in general handling errors at the callsite (the decision can always be to crash) is better than crashing inside a helper function 06:29 * wumpus really appraciates rust's Option<> and Result<> types it's so refreshing after seeing years of broken error handling hacks in C-ish languages 06:32 -!- proletesseract [~proletess@110-174-58-233.static.tpgi.com.au] has joined #bitcoin-core-dev 06:32 -!- setpill [~setpill@unaffiliated/setpill] has quit [Quit: o/] 06:32 -!- proletesseract [~proletess@110-174-58-233.static.tpgi.com.au] has quit [Client Quit] 06:32 -!- michaelfolkson [~textual@host86-170-183-225.range86-170.btcentralplus.com] has joined #bitcoin-core-dev 06:37 < promag> wumpus: I can just inline the expression 06:37 < wumpus> yes 06:37 < wumpus> still, add a comment please 06:38 < wumpus> why the assert isn't randomly going to crash the program for some user at some point 06:43 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-core-dev 06:46 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-ojdwhwerooixgegh] has joined #bitcoin-core-dev 06:46 < bitcoin-git> [bitcoin] laanwj pushed 2 new commits to master: https://github.com/bitcoin/bitcoin/compare/613fc95ee4ea...754a00d55f30 06:46 < bitcoin-git> bitcoin/master 43719e0 Jonas Schnelli: [macOS] Remove DS_Store WindowBounds bytes object 06:46 < bitcoin-git> bitcoin/master 754a00d Wladimir J. van der Laan: Merge #14416: Fix OSX dmg issue (10.12 to 10.14)... 06:46 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-ojdwhwerooixgegh] has left #bitcoin-core-dev [] 06:47 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-mzsvadpkzcjoqnxj] has joined #bitcoin-core-dev 06:47 < bitcoin-git> [bitcoin] laanwj closed pull request #14416: Fix OSX dmg issue (10.12 to 10.14) (master...2018/10/osx_dmg) https://github.com/bitcoin/bitcoin/pull/14416 06:47 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-mzsvadpkzcjoqnxj] has left #bitcoin-core-dev [] 06:49 < promag> wumpus: let me know if https://github.com/bitcoin/bitcoin/pull/14561/files lgty 06:50 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-ehmositjmqzfwrih] has joined #bitcoin-core-dev 06:50 < bitcoin-git> [bitcoin] laanwj pushed 1 new commit to 0.17: https://github.com/bitcoin/bitcoin/commit/eb2cc84a31fb923b2b25b979682904cb81edec7e 06:50 < bitcoin-git> bitcoin/0.17 eb2cc84 Jonas Schnelli: [macOS] Remove DS_Store WindowBounds bytes object... 06:50 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-ehmositjmqzfwrih] has left #bitcoin-core-dev [] 06:51 < wumpus> promag: yes lgtm now! 06:51 < promag> can I squash? 06:51 < promag> btw, what is preventing from bumping boost? old lts? 06:54 < wumpus> very simply: there is no good reason to 06:54 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 246 seconds] 06:54 < wumpus> nothing is *preventing* it but that's not the point, a change needs to be driven by a good reason 06:55 < wumpus> if we can support old boost versions why not? why give users/developers unnecessary woes? 06:55 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 06:55 < wumpus> ideally we can go with this version until boost dependency can be removed completely 06:56 < wumpus> we don't really *want* to use anything new from boost 06:56 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 06:57 < luke-jr> +1 06:57 < luke-jr> frankly, I think we bumped univalue too prematurely (and ended up with an unnecessary/unreasonable fork in bitcoin/univalue as a result) 06:58 < promag> got it +1 06:59 < wumpus> at least univalue was already part of our own repository, we've more or less took up maintenance 06:59 < luke-jr> except it wasn't 06:59 < luke-jr> unless you mean the embedded copy, which should really be removed 07:00 < luke-jr> there's no justification for forking or embedding univalue, unlike leveldb 07:10 < wumpus> I really, really don't feel like having this discussion, sorry 07:10 < luke-jr> probably not worth the time, hence the status quo 07:11 < wumpus> travis failing on both 0.17 and master, ahhh 07:12 < luke-jr> :/ 07:13 < promag> "Remote end closed connection without response" 07:14 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-core-dev 07:15 -!- michaelfolkson [~textual@host86-170-183-225.range86-170.btcentralplus.com] has quit [Ping timeout: 245 seconds] 07:17 < wumpus> promag: is that one of the travis failures? 07:17 -!- Tralfaz [~none@185.156.175.59] has quit [Read error: Connection reset by peer] 07:17 < promag> yes, the last 07:17 < promag> https://travis-ci.org/bitcoin/bitcoin/jobs/446182728#L2801 07:19 -!- drexl [~drexl@cpc130676-camd16-2-0-cust445.know.cable.virginm.net] has joined #bitcoin-core-dev 07:19 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 07:19 -!- shesek [~shesek@141.226.218.8] has joined #bitcoin-core-dev 07:19 -!- shesek [~shesek@141.226.218.8] has quit [Changing host] 07:19 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 07:19 < wumpus> the 0.17 issue is a linter issue?!? https://travis-ci.org/bitcoin/bitcoin/jobs/446184576 07:20 < wumpus> how can there suddenly be so many linter problems 07:21 < promag> wumpus: new version? 07:21 -!- andytosh1 [~apoelstra@wpsoftware.net] has quit [Changing host] 07:21 -!- andytosh1 [~apoelstra@unaffiliated/andytoshi] has joined #bitcoin-core-dev 07:21 -!- andytosh1 is now known as andytoshi 07:22 < promag> does 0.17 locks flake8? 07:24 < promag> no it doesn't 07:25 < promag> https://github.com/bitcoin/bitcoin/blob/0.17/.travis.yml#L151 should be `travis_retry pip install flake8==3.5.0` 07:26 < karelb> not sure if it belongs here - when I read this https://bitcoinops.org/en/newsletters/2018/10/23/ and the issues around remote RPCs, I realized this might be a problem if you run a browser on the same PC 07:26 < karelb> since browsers now have localhost as a trusted origin, so you can connect to HTTP (without SSL) from any website 07:26 < karelb> Evil website can try to guess bitcoind credentials and you have the same problems, that the article describes 07:27 < sdaftuar> is there any reason to run a linter on an old branch? 07:28 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 07:28 -!- shesek [~shesek@141.226.218.8] has joined #bitcoin-core-dev 07:28 -!- shesek [~shesek@141.226.218.8] has quit [Changing host] 07:28 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 07:31 < promag> sdaftuar: keep consistency on backports? 07:31 < wumpus> karelb: it's a drawback of using a tcp port for RPC I suppose, let alone http 07:33 < karelb> wumpus: maybe httpserver.cpp should check an origin header and not allow cross-origin browser requests? (or whatever header browsers add) 07:33 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 07:33 < wumpus> that might be a good precaution 07:33 < karelb> I haven't actually tried that, maybe it won't work 07:34 < wumpus> but only if you're sure this is actually a threat 07:34 < karelb> (I mean I havenmaking a request from w 07:34 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 07:34 < karelb> *I haven't tried making a request from a website 07:35 < karelb> it's a similar threat as connecting from a different IP, no? 07:36 < karelb> *IF* it actually work :) 07:36 < wumpus> so are you sure browsers allow making json-rpc requests to localhost? this didn't use to be the case at least 07:38 < karelb> wumpus: no, I am not sure, I just don't see why it would't work. Since it is just a http GET request. 07:38 < wumpus> it requires a *post* request 07:39 < promag> I think it's possible 07:39 < wumpus> submitting a JSON-RPC command through get is impossibl 07:39 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 07:40 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 07:41 < karelb> wumpus: what recently changed is that browsers allow connection to http from https websites, if the url is "localhost" (or "localost:port"). It is special-cased. Normally, you cannot make a request to http from https website. It's quite new (1 year, 2 years-ish) 07:41 -!- Krellan [~Krellan@2600:1700:be50:323f:959c:e2c8:2b8e:6b82] has quit [Read error: Connection reset by peer] 07:41 < queip> karelb: browsers just trust 127.0.0.1? so any JS on any site could talk to say https://127.0.0.1:7657 or such? that would be a critical vulnerability to many services that have localhost admin panels (with no password) no? 07:41 < promag> this should be possible: fetch(url, { method: 'post', body: ... }) 07:42 -!- Krellan [~Krellan@2600:1700:be50:323f:959c:e2c8:2b8e:6b82] has joined #bitcoin-core-dev 07:42 < queip> karelb: is this really how it works? this means i2p, and many web-panel based servers are compromised now 07:42 < karelb> well the service might restrict origin, or cross requests in general 07:43 < promag> afak with the right cors headers it is possible 07:43 < karelb> browsers behave well, they send the origin in some header 07:43 < queip> I bet most do not... seems like idiotic move by browsers? 07:43 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 07:43 -!- michaelsdunn1 [~michaelsd@38.126.31.226] has joined #bitcoin-core-dev 07:43 -!- michaelsdunn1 [~michaelsd@38.126.31.226] has quit [Changing host] 07:43 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has joined #bitcoin-core-dev 07:44 -!- shesek [~shesek@141.226.218.8] has joined #bitcoin-core-dev 07:44 -!- shesek [~shesek@141.226.218.8] has quit [Changing host] 07:44 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 07:45 < karelb> see https://www.chromestatus.com/feature/6269417340010496 07:47 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 246 seconds] 07:48 < karelb> but it's solving the "inverse" problem - if a website can trust what it is fetching 07:48 < karelb> anyway I will just try to hack something to test it, better than talk :D 07:53 < queip> I have an issue with the github merge script, used in another (sort of private temp, but opensource overall) project... In one case (out of hundreds times using it with bo problem) now git diff HEAD~ in the merge shell shows nothing 07:53 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 07:53 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 07:53 < queip> any idea what it might be? or, someone wants to look at the git with me? it might be some bug in the tool (or this time out of 1000+ somehow we're using it wrong) 07:54 -!- tintin [~tintin@62.12.175.133] has joined #bitcoin-core-dev 07:54 < instagibbs> wumpus, pyflake major version update in a minor flake8 update :shrug: 07:55 < wumpus> instagibbs: :shrug: typical 07:56 < instagibbs> we filed a complaint on their gitlab to at least have release notes 07:57 -!- jarthur [~jarthur@2605:6000:1019:41ab:1c75:dfef:d9f2:f3e2] has joined #bitcoin-core-dev 08:00 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-core-dev 08:01 < queip> wumpus: wouldn't you be interested by any chance to look at this git problem, which miiight be a problem in github merge script? I can't figure out why diff HEAD~ is empty... if no one is interested will just merge it, so might be not able to reproduce that later 08:02 < karelb> OK I panicked too soon; browser does a CORS request and it fails, so it won't continue to connect further. 08:02 < karelb> `Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:18444/. (Reason: CORS request did not succeed).` 08:02 < wumpus> queip: if git diff HEAD~ shows nothing, you have an empty commit 08:03 < karelb> and the website cannot even distinguish whether it's because the server is not running or whether it is not existent. So all it OK. 08:03 < wumpus> karelb: good to know; thank you for trying 08:04 < queip> wumpus: git log -p (int githubmerge.py shell) does indeed show various commits, that are not present on the PR-target branch normally, this is not a "doing nothing" MR. or did you ment that ONE of commits there might be empty and this triggers such reaction 08:04 < karelb> (maybe it would be a good feature to allow that, to allow websites that interact with full node :D but that is beyond the scope) 08:04 < queip> karelb: :] 08:05 < wumpus> karelb: that's going to be very firmly rejected, I expect 08:05 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-csgdgulnguxrgeys] has joined #bitcoin-core-dev 08:05 < bitcoin-git> [bitcoin] promag opened pull request #14573: qt: Add Wallet and Window menus (master...2018-10-overhaul-menus) https://github.com/bitcoin/bitcoin/pull/14573 08:05 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-csgdgulnguxrgeys] has left #bitcoin-core-dev [] 08:07 < wumpus> queip: which repository/PR is this? 08:07 < karelb> you *could* whitelist, as a user, the websites that can connect to the full node. and the user would still need to give the website his name/password/cookie explicitly. so it would not compromise security. :P *but* I see what you mean :D 08:08 < wumpus> yes, but no way 08:10 < karelb> I see. :)) 08:11 -!- jarthur [~jarthur@2605:6000:1019:41ab:1c75:dfef:d9f2:f3e2] has quit [Remote host closed the connection] 08:12 < karelb> well, you can always write the web app in Electron, that ignore the CORS requests and can grab the cookie directly from the filesystem. Yum, Electron. OK, really out of scope now. :) 08:14 -!- tintin [~tintin@62.12.175.133] has quit [Remote host closed the connection] 08:16 < wumpus> this is getting too scary 08:17 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 246 seconds] 08:17 < karelb> javascript world is scary 08:18 < wumpus> don't let it bleed into here 08:22 -!- merland [2ee343bb@gateway/web/freenode/ip.46.227.67.187] has quit [Ping timeout: 256 seconds] 08:26 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 08:26 -!- shesek [~shesek@141.226.218.8] has joined #bitcoin-core-dev 08:26 -!- shesek [~shesek@141.226.218.8] has quit [Changing host] 08:26 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 08:27 -!- crazyprodigy [uid194503@gateway/web/irccloud.com/x-gpoohfypgthzvweh] has joined #bitcoin-core-dev 08:27 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 08:27 < Sentineo> hn 08:27 < Sentineo> but someoone might try to give you a browser which does not check CORS and connect to your bitcoin through rpc? 08:28 < Sentineo> hopefully will not happen :) 08:28 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 08:32 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-core-dev 08:33 < karelb> once he already gave you his own binary on your pc, he can do worse... 08:33 -!- crazyprodigy is now known as nerdy_panda 08:33 -!- ExtraCrispy [~ExtraCris@gateway/tor-sasl/extracrispy] has quit [Remote host closed the connection] 08:35 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 08:36 -!- shesek [~shesek@141.226.218.8] has joined #bitcoin-core-dev 08:36 -!- shesek [~shesek@141.226.218.8] has quit [Changing host] 08:36 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 08:39 -!- nerdy_panda [uid194503@gateway/web/irccloud.com/x-gpoohfypgthzvweh] has left #bitcoin-core-dev [] 08:40 -!- rex4539 [~rex4539@ppp-2-84-165-183.home.otenet.gr] has joined #bitcoin-core-dev 08:48 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 08:49 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 08:50 < wumpus> if someone 'gives you a browser' that is already the trojan horse scenario 08:51 -!- rh0nj [~rh0nj@136.243.139.96] has quit [Remote host closed the connection] 08:52 -!- rh0nj [~rh0nj@136.243.139.96] has joined #bitcoin-core-dev 08:52 < wumpus> I think what discourages people from even trying browser-based attacks is that bitcoin-qt by default has the RPC server disabled, so most unknowning users won't be affected, the people that enable RPC will generally be more technical and hopefully be careful what they allow 08:54 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 08:55 -!- shesek [~shesek@141.226.218.8] has joined #bitcoin-core-dev 08:55 -!- shesek [~shesek@141.226.218.8] has quit [Changing host] 08:55 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 08:58 -!- jarthur [~jarthur@207.114.244.5] has joined #bitcoin-core-dev 09:04 -!- ExtraCrispy [~ExtraCris@gateway/tor-sasl/extracrispy] has joined #bitcoin-core-dev 09:05 < harding> wumpus: someone in #bitcoin the other day said that RPC was enabled by default on Windows in bitcoin-qt. That surprised me, as I didn't even know bitcoin-qt could expose RPC (I thought you needed to use bitcoind for that). I didn't think to mention it here because I didn't realize that not running RPC with bitcoin-qt was supposed to be a security feature. 09:05 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 09:06 < luke-jr> harding: RPC is intentionally enabled by default *on localhost*, and disabling it wouldn't provide any real security improvement I can think of 09:06 < achow101> harding: it's supposed to only be enabled in qt if you have -server=1 09:06 < wumpus> harding: setting server=1 in bitcoin.conf should be the only way to enable it with bitcoin-qt 09:06 < luke-jr> I thought that changed with RPC cookies? 09:06 < wumpus> no? not that I know, let's check 09:07 < gmaxwell> I think we discussed that but didn't do it. 09:07 < achow101> i don't think so 09:07 < gmaxwell> wumpus: re 'gives you a brower' more like "this site only works in IE 6" (which has broken cross site requrest handing...) 09:07 -!- ppisati [~ppisati@net-2-42-72-229.cust.vodafonedsl.it] has joined #bitcoin-core-dev 09:09 < gmaxwell> ethereum stuff has been raided over and over again with browser based attacks. 09:10 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 09:11 < harding> Looked up the conversation on #bitcoin, the user didn't explicitly say that he was using the default config, so he could've had -server=1. 09:11 < harding> I did test on Linux, and bitcoin-qt doesn't do RPC there by default. 09:11 < gmaxwell> I don't think we really should be counting on the default config to protect people... lots of people copy and paste configs. 09:12 < gmaxwell> echeveria crawled the internet and found something like 3000 bitcoin rpc ports listening, which would be a substantial percentage of all p2p listening nodes. 09:12 < wumpus> I'm not *counting* on anything, I was just mentioning that it's not a problem with the default confi 09:12 < harding> gmaxwell: I crawled too and only found 1,100. 09:13 < wumpus> it shouldn't be a problem with RPC listening on localhost either, it's just defense in depth I suppose.. 09:13 < wumpus> if you don't need a RPC server it's better to disable it 09:13 < wumpus> even if there is no way you can imagine it can be exploited 09:13 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: No route to host] 09:14 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 09:15 < wumpus> in any case I checked: bitcoin-qt still doesn't enable RPC server by default 09:15 < harding> wumpus: thanks. Sorry for the false alarm. 09:15 < gmaxwell> harding: so 10% instead of 30%. :P 09:15 < harding> gmaxwell: yeah, it was 13% of my sample. 09:15 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 09:17 -!- jungly_ [~quassel@79.8.200.97] has quit [Remote host closed the connection] 09:18 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 09:19 < phantomcircuit> harding, that is significant 09:19 < harding> phantomcircuit: I agree. 09:21 < harding> phantomcircuit: I wish I knew the cause. The only instructions I've seen for enabling it were from a particular mobile wallet, but I have a hard time believing there are over 1,000 mobile wallet users who also run a full node and also opened RPC to use them together. 09:22 < queip> wumpus: the problem is in PR https://github.com/userghmrt/testrepo/pull/3 . Although on unpatched githubmerge.py it's needed to replace/steart def tree_sha512sum() function with return "0" (because repo uses symlinks) . I confirmed, there in github on that issue 3 git dif HEAD~ is empty evne though on GH page "Files changed: 1" 09:22 < queip> btw you have invite to edit that test repo if you need to test 09:23 < gmaxwell> harding: I think there are a lot of example config files floating around. 09:23 < phantomcircuit> harding, the cause is pretty clearly people being told they need a specific config 09:23 < gmaxwell> I know from past expirence that joe-user when faced with discovering they need a config file, go and paste some example. When I've asked users for their configs, they have in the past frequently given me ones copy and pasted from the wiki. 09:24 < harding> gmaxwell, phantomcircuit: that seems likely. 09:24 < queip> btw, we've patched github merge to support symlinks, submodules (incluees them in tree hash) and gitlab, if anyone wants at some point 09:25 < harding> I don't know what the solution for that is, though. Better documentation and sample configs provided from an official source? 09:28 < gmaxwell> harding: probably making bitcoin make its own template config file when one doesn't exist would help. 09:28 < harding> I guess when .bitcoin is created, a default bitcoin.conf could be created with some normal-to-change options and basic comment documentation. I think you'd want to keep it short, rather than providing every possible option, so that people aren't tempted to delete the whole thing and replace it with a random config from the Wiki. 09:29 < gmaxwell> I had assumed that problem had gotten less bad because of cookies -- you don't need to make a config file to make bitcoind usable at all... it may be that your 1k rpc listeners have a lot of nodes that came up before cookies existed. 09:31 < harding> gmaxwell: interesting thought, and something that seems not to hard to check---for an open port 8332, get the node version for port 8333. 09:32 < gmaxwell> I mean they could have installed 0.11 or whatever and since upgraded but already have a config. 09:33 < harding> gmaxwell: oh. 09:33 < gmaxwell> So this would be another advantage in adding an additonal config option that needs to be set to listen to the internet. 09:34 < harding> Yeah. 09:35 < luke-jr> my PR kindof does that 09:35 < luke-jr> (they have to specify rpcbind explicitly) 09:37 < wumpus> solution: delete all RPC binding functionality, switch to UNIX sockets 09:38 < luke-jr> that doesn't work on Windows 09:38 < wumpus> like c-lightning 09:38 < wumpus> windows has local sockets as well (called differently) IIRC 09:38 < gmaxwell> wumpus: would be nice, but perhaps too hard to get random software stacks to speak domain sockets. 09:38 < wumpus> heck, windows 10 even has actual UNIX sockets 09:39 < gmaxwell> luke-jr: Did you consider doing something more explicit? e.g. making an option called enable-insecurely-exposing-rpc-to-network=1? 09:39 < wumpus> gmaxwell: I know right! should have done that from the start like c-lightning :-( 09:39 < wumpus> so many things are imposslbe to change now 09:39 < wumpus> queip: ok I'll have a look 09:39 < luke-jr> gmaxwell: no. it's not necessarily insecure, if it's a private LAN 09:40 < luke-jr> wumpus: can normal Windows software bind to UNIX sockets? 09:40 < gmaxwell> luke-jr: enable-potentially-inscure-rpc-network-exposure? the point being so you can't just copy and paste without getting a warning. 09:40 < wumpus> luke-jr: yes I think so 09:41 < gmaxwell> wumpus: even there, my concern isn't so much intertia-- if it was inertia I think we could just do it and include some shim utility... but like, can nodejs applications ever speak to domain sockets? 09:41 < luke-jr> gmaxwell: might be worth considering. I expect we'll find other problematic copy-and-paste configs though.. 09:41 < wumpus> we don't even have UNIX support for RPC yet, let alone could set it as only option :( 09:41 -!- OzPac [~OzPac@cpc110789-lewi20-2-0-cust636.2-4.cable.virginm.net] has joined #bitcoin-core-dev 09:41 < gmaxwell> I think it's okay if for good reason we introduce some incompatiblity in a major version, esp if we give people a long time to switch first... but it wouldn't be good if there is no easy way to become compatible with it. :) 09:42 < gmaxwell> wumpus: indeed. well we certantly could do that. 09:42 < wumpus> I'm sure nodejs can use any system API, it's a full environment for server software 09:42 < gmaxwell> luke-jr: the worst is rpcpassword, but hopefully cookies reduced that. 09:42 < wumpus> it might be in javascript but it's not *that* much of a joke 09:42 < queip> would it be possible to tell users what is the problem, other than generic 403 message? like, tell them the option to add but warn them of consequences. or users will complain that "it stopped working after update" 09:42 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 240 seconds] 09:43 < wumpus> you can send any message with the 403 status, even have a full error html document 09:43 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 09:43 < queip> actually it will not even listen on it to reply 403, just no connection by luke's default? 09:43 < gmaxwell> Brendan Eich would say never underestimate javascript... which I always took to mean never underestimate the ability of something javascript to be a joke. 09:43 < wumpus> though I don't think *the latter* is a good idea because software will try to parse text/html replies as json 09:43 < wumpus> gmaxwell: +1 09:44 < wumpus> a lot of software uses local pipes for RPC mechanism 09:44 < wumpus> including databases, which nodejs people love 09:45 < gmaxwell> queip: sure, our normal practice for depricating RPCs is to make them return errors and have an option to reenable them for one version. So the normal sequence we use where possible is (1) support the new thing (2) announce the old thing is going away [time passes] (3) disable by default the old thing but with a switch to override [time passes] (4) take out the old thing. 09:46 < gmaxwell> So I think we could change this assuming things actually could talk to it. I don't know that we need to (like adding increasingly agressive warnings against enabling rpc, shifting more stuff onto domain sockets, etc may be enough... 09:47 < wumpus> FWIW ssh, and I think stunnel, allow forwarding a UNIX domain socket, so it doesn't even make it impossible to expose the RPC over the network, just requires actual setup (and thinking about security) 09:48 < gmaxwell> if stunnel can do it then that even gives us a backwards compt method if we ever drop TCP support. 09:49 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-core-dev 09:49 < wumpus> queip: yes, can you temporarily give me acces to the repo? I can work around it, as I don't actually need to push anything to test, but it's easier 09:51 < wumpus> just checked: yes, stunnel supports a UNIX socket as destination, but only on UNIX; nginx also supports forwarding requests to UNIX socket based http servers 09:51 -!- Krellan [~Krellan@2600:1700:be50:323f:959c:e2c8:2b8e:6b82] has quit [Read error: Connection reset by peer] 09:52 < wumpus> queip: oh nm I have an invite 09:52 < jarthur> wumpus: heard any word from libevent crew on your pre-existing-fd PR? 09:53 -!- Krellan [~Krellan@2600:1700:be50:323f:959c:e2c8:2b8e:6b82] has joined #bitcoin-core-dev 09:55 < wumpus> jarthur: they wanted a different solution at the time; which was above my head, certainly, don't know if that ever made any progress 09:56 < wumpus> the only functionality I needed was to inject an existing fd into the http client, same as they allow for the server binding 09:56 < esotericnonsense> hm 09:57 < esotericnonsense> i've just jumped in here and stuck some chat in #bitcoin 09:57 < esotericnonsense> yes, CORS should (on behaving browsers) prevent requests to localhost and also prevent requests on different ports 09:58 < esotericnonsense> so _even if_ you have some service running on localhost:10080 say, and you're at http://localhost:10080, you shouldn't hit it (that is if CORS is still enabled for http, i don't really use bare http sites, but I'd assume why not) 09:58 < esotericnonsense> a bad browser can just ignore CORS but then that's just equivalent to having an insecure system, you're running vulnerable code 10:01 < esotericnonsense> personally i'd probably ask why bitcoin-qt even has the ability to enable RPC 10:01 < esotericnonsense> it feels like a 'nice to have' footgun 10:01 < esotericnonsense> is anyone actually seriously running the GUI client as their backend 10:01 < wumpus> what, if you want to enable RPC in bitcoin-qt you should be able to 10:02 < esotericnonsense> what's the use case? 10:02 < wumpus> I don't believe in making things hard to do because there are a few people that do stupid stuff with it 10:02 < gmaxwell> esotericnonsense: it enables you to do things like use joinmarket. 10:02 < luke-jr> esotericnonsense: doing stuff from the commandline.. or third party apps 10:03 < luke-jr> eg, I think many people probably use it for their taxes 10:03 < wumpus> punishing power users for the mistakes of others 10:03 < gmaxwell> If there were litterally no usecase we could come up with then I would probably agree with esotericnonsense's point, but there are many. :P 10:03 < wumpus> I have various scripts that interface to bitcoin and I use them with the GUI too. 10:03 < esotericnonsense> i suppose this is just part of my general 'why is the gui still linked in' grumble but then I stopped working on it so can't complain :P 10:03 < wumpus> sigh... 10:04 < wumpus> I'll just shut up, I end up disagreeing with everyone on everything anyway 10:04 < luke-jr> if GUI had to access over RPC, then RPC would become mandatory for GUI users ;) 10:04 < esotericnonsense> (not that it would help especially I guess since someone copying a random config could just as easily copy a random config in to their bitcoind instance) 10:05 < wumpus> if it's any guide, even professional stock trading software has a way to enable a RPC interface in their GUI; there's simply users that want to control a program programmatically even if it's a GUI program 10:05 < sipa> wumpus: please don't shut up :) 10:05 < wumpus> in some operating systems there is hardly anything *but* GUI programs 10:06 < esotericnonsense> luke-jr: sure but it wouldn't have to be tcp. i don't know enough about cross platform sockets to comment properly though. the default could be that the bitcoind and qt processes are started with a user that sets permissions on the socket 10:06 < esotericnonsense> but that's just unix, i've no idea how this works on win 10:06 < jarthur> I run the GUI client as my backend all the time, though am probably a "power user". Same with Trader Workstation, as wumpus alludes. 10:06 < wumpus> you might have completely the wrong idea of what people use a GUI, it's not only clueless people 10:06 < esotericnonsense> wumpus: I don't think it's the case that only clueless people use a GUI 10:06 < esotericnonsense> at all, sorry if it seemed that way 10:06 * harding loves the GUI, but also loves CLIs for almost everything else 10:07 < esotericnonsense> more that it seemed using the GUI as the GUI, and the backend as the backend makes sense, but of course you currently can't do that, so I'm just ranting, basically :P 10:08 < esotericnonsense> if this is actually a problem, could there be a warning sign or something in the corner of the gui that says 'rpc is enabled, did you know?'? (maybe it already exists) 10:09 -!- Squidicc [~squid@pool-72-74-34-120.bstnma.fios.verizon.net] has joined #bitcoin-core-dev 10:09 -!- dqx [~dqx@unaffiliated/dqx] has joined #bitcoin-core-dev 10:10 < wumpus> esotericnonsense: I think that's a good suggestion, no that doesn't exist, feel free to make an issue! 10:10 -!- Squidicuz [~squid@pool-72-74-34-120.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds] 10:10 < wumpus> could certainly have an icon for that 10:10 -!- Squidicc is now known as squidicuz 10:10 < luke-jr> IMO sensible defaults + education is the solution for things like this 10:11 < esotericnonsense> i've just sort of popped in and out on this but i've seen the masses of open RPC ports mentioned a bit, do we have any idea why this is the case? 10:11 * esotericnonsense should make a PR for an alert RPC 10:11 < harding> esotericnonsense: the guess above was that people are copy/pasting configs that do things they don't necessarily need. 10:11 < esotericnonsense> connect to all of them and say 'oi, you should probably not do this, especially with password:password' :P 10:14 < wumpus> 'alert' RPC hehe 10:16 < wumpus> but I think a good point is that having RPC listening is currently effectively hidden to the user, it's also not configurable from the GUI afaik, only by editing the conf 10:17 < luke-jr> maybe RPC should accept an 'alert' RPC without password :P 10:17 < esotericnonsense> luke-jr: that was my thought 10:17 < wumpus> uhm no 10:17 < esotericnonsense> i mean if you wanted to get really clever with this 10:17 < esotericnonsense> you could build in to the p2p network that clients attempt to connect to each others' RPC and issue the 'kill RPC' command if it's publicly routable 10:17 < esotericnonsense> lol 10:18 < esotericnonsense> now i'm just having too much fun ;P 10:20 < Sentineo> :) 10:21 < Sentineo> they would have to signal the killme bit :) 10:22 -!- dqx [~dqx@unaffiliated/dqx] has quit [Remote host closed the connection] 10:34 < wumpus> an alert RPC, simple as that: https://github.com/laanwj/bitcoin/commit/ace137ff25ab4c7c2a521abe9ba2af0d8af32ec2 (could theoretically make the style flags configurable to send errors etc as well but anyhow xD) 10:52 -!- Victor_sueca [~Victorsue@unaffiliated/victorsueca] has quit [Read error: Connection reset by peer] 10:53 -!- Victorsueca [~Victorsue@unaffiliated/victorsueca] has joined #bitcoin-core-dev 10:56 < esotericnonsense> ! :D 10:56 < gribble> Error: ":D" is not a valid command. 10:57 < esotericnonsense> i don't have a build env set up at the moment but I am certainly enjoying the lack of any control on this 10:57 < esotericnonsense> running RPC alert in a tight loop is basically RPC kill ;P 10:57 < esotericnonsense> (unless this message box is going to replace itself, I assume it just spawns new ones forever) 11:00 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 244 seconds] 11:00 < wumpus> so just idly wondering: did anyone that tried scanning for open RPC ports, check if the REST interface was enabled? 11:01 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...] 11:02 < wumpus> esotericnonsense: every open dialog holds up a RPC thread, so you won't be able to open more than four in the default config 11:02 < esotericnonsense> neat 11:03 < esotericnonsense> wait, so it is still RPC kill\ 11:03 < esotericnonsense> it's just not node kill 11:03 < esotericnonsense> if you're AFK and someone gets in to RPC and hits you with four alerts, all the threads are taken. :P 11:03 < esotericnonsense> that's a neat side effect actually. 11:04 < wumpus> of course, you can still open a new one immediately after the user closed the old one 11:04 < wumpus> right 11:04 < midnightmagic> seems like maybe a bad idea 11:05 < luke-jr> arbitrary messages could be dangerous 11:05 < midnightmagic> Any weird QT display interpretation logic there might be an issue with..? 11:05 < gmaxwell> EMERGENCY: INSTALL UPGRADE FROM http://haxorsserver.com/badsoftware.exe RIGHT AWAY. 11:06 < luke-jr> yeah, exactly 11:06 < esotericnonsense> well if the alert command is behind rpc auth 11:06 < luke-jr> if it's sufficiently secure, it's useless for notifying people with the port exposed 11:07 < esotericnonsense> yeah 11:07 < esotericnonsense> well, not quite. 11:07 < esotericnonsense> if bad passwords are brute forced then it might be useful. 11:07 < wumpus> of course it's dangerous, then again, so are many other RPC commmands, this would be useful to communicate from say, a backend script to the UI… but I don't htink it's actually a good idea just wanted to show how easy it is to do 11:08 < gmaxwell> hm. so one thing that could be done in the GUI is the first time the rpc is connected after you start, don't allow the connection until the user confirms a dialog. 11:08 < esotericnonsense> (i'd consider RPC access as probably RCE anyway though I suppose it would require a determined attacker) 11:08 < gmaxwell> esotericnonsense: part of the reason we don't want the RPC internet exposed is because we don't want YET ANOTHER vector for unauthenticated RCEs. 11:08 < wumpus> you could do the same for REST, with a pre-programmed message, if you want it to be available with less security 11:08 < esotericnonsense> gmaxwell: yes, exactly, I think i'm being misinterpreted, sorry 11:09 * midnightmagic secretly merges alert rpc 11:09 < wumpus> midnightmagic: it reminds me of the fun when windows had this built in 11:09 < esotericnonsense> what I mean is that authenticated alert being used to send "install this badness.exe" seems irrelevant if authenticated rpc means you own the box anyway 11:09 < esotericnonsense> unauthenticated alert is bad sure 11:09 < wumpus> midnightmagic: you could make *any* computer pop up an alert xD 11:10 < esotericnonsense> that said, unauth alert could just give a predefined message 11:10 < midnightmagic> wumpus: death on flaxen wings :-) 11:10 < gmaxwell> E.g. "A remote control connection is being attempted to your wallet. If you did not initiate this action rejected it. [Allow remote control during this session.] [Reject this attempt.] [Disable remote access]. 11:10 < gmaxwell> " 11:10 < aj> gmaxwell: needs a "[ ] Always accept these requests" checkbox... 11:11 < wumpus> yes, so, this is even more dangerous for the wallet 11:11 < wumpus> which is another reason why having the wall... ok never mind 11:12 < gmaxwell> aj: why? 11:12 < wumpus> I kind of like how monero doesn't have a remote API, or daemon for the wallet at all, it's just a command line tool that connects to the node 11:12 < aj> gmaxwell: sorry, being sarcastic because i hate permission dialogs 11:13 < gmaxwell> all the examples I gave above about rpc being needed were wallet examples. 11:13 < esotericnonsense> aj: it would be Always accept these requests by default 11:13 < esotericnonsense> > gmaxwell | hm. so one thing that could be done in the GUI is the first time the rpc is connected after you start 11:13 < wumpus> I don't think popping up a dialog for for the first RPC request is a bad idea btw 11:14 < esotericnonsense> i suppose once per application start is distinct from once per... ever 11:14 < wumpus> that's, kind of, how those things usually work 11:14 < gmaxwell> It's one of the things you can do with the GUI... you can get user interaction. 11:14 < wumpus> yes 11:14 < esotericnonsense> once per IP address (ever) seems reasonable 11:14 < gmaxwell> esotericnonsense: meh, ever requires remebering it, and also ends up being less secure. 11:14 < wumpus> nah first make the RPC localhost-only 11:15 < gmaxwell> if it's a nussance, there could be a config override. 11:15 < wumpus> that's like low-hanging fruit 11:15 < wumpus> after that, you could add interaction 11:15 < gmaxwell> the non-interaction improvements are needed to protect bitcoind in any cas.e 11:15 < wumpus> but *remote* RPC is just a stupid idea 11:16 < gmaxwell> I wouldn't be surprised if most of those rpc listners are bitcoind... after all, bitcoind needs some use of the rpc regardless. 11:16 < wumpus> yess I know how stupid that sounds as RPC stands for Remote Procedure Call 11:16 < wumpus> right 11:16 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-core-dev 11:16 < esotericnonsense> yeah i mean personally i don't see why it should be able to listen outside of localhost (or just, socket preferably) 11:17 < esotericnonsense> even though it would probably break All The Things 11:17 < wumpus> it's kind of a no-brainer, I'm just afraid of hordes of users complaining about Breaking Things 11:17 < jarthur> Any time I've done remote RPC (whether with SSH tunnel, or plain old terrible direct connection), it was because one server had enough hard drive space and the other did not. 11:18 < jarthur> or I was testing something 11:18 < wumpus> I've actually used remote connections for valid reasons (but yes, always over SSH tunnels) 11:18 -!- Krellan [~Krellan@2600:1700:be50:323f:959c:e2c8:2b8e:6b82] has quit [Ping timeout: 252 seconds] 11:18 < esotericnonsense> about the only valid config I can think of right now apart from _really_ obtuse cases like a raspberry pi connected directly to another box without a switch 11:18 < esotericnonsense> would be rpcallowips with wireguard 11:18 < esotericnonsense> so that it's actually authenticated remote rpc 11:19 < wumpus> there's also the multi-VM scenario where network connections are inherently secure because the network is virtual 11:19 < gmaxwell> the problem with disabling non-local is things like private networks between hosts, which are perfectly fine assuming its setup correctly. 11:19 < wumpus> but yeah... 11:19 < gmaxwell> and indeed VMs. 11:19 < gmaxwell> We could set the TTL on those connections to 1. :P 11:19 < esotericnonsense> i mean localhost in general bugs me. 11:19 < echeveria> just disallow binding to 0/0. 11:20 < esotericnonsense> that it's a tcp socket is already 'everyone on this box'. the remote within "trusted" LAN situation is essentially the same 11:20 < wumpus> with docker it's incredibly common to have one application per container and have them communicate over point-to-point virtual networking, I'm sort of afraid of making those use-cases impossibl 11:20 < echeveria> require binds to be explicit. 11:20 < gmaxwell> esotericnonsense: yes, localhost is also a problem, but short of domain sockets we can't really do better than localhost + auth. 11:20 < esotericnonsense> wumpus: the docker case is reasonable yeah, as with VMs. a proper ethernet bridge. 11:21 < echeveria> this prevents copy-paste configs from working, massively reduces the ability for bad configurations, but still allows for usability over VPN tunnels, etc. 11:21 < gmaxwell> echeveria: interesting point, normally you don't want to beceause addresses change, but all the "okay" examples I gave above, they don't. 11:21 < esotericnonsense> the case in which you have boxA and boxB on the bridge and _noone else_, nice,. 11:21 < wumpus> yes luke-jr's PR makes sense, to at at least make binding explicit 11:21 < esotericnonsense> binding to an IP explicitly breaks docker. I think. unless you script it. 11:21 < gmaxwell> luke's patch also changes it to how I already thought it worked. 11:21 < esotericnonsense> no idea what IP a container will get. 11:22 < jarthur> link to luke's PR? 11:23 -!- Murch [~murch@c-73-223-113-121.hsd1.ca.comcast.net] has joined #bitcoin-core-dev 11:23 < harding> #14532 11:23 < gribble> https://github.com/bitcoin/bitcoin/issues/14532 | Never bind INADDR_ANY by default, and warn when doing so explicitly by luke-jr · Pull Request #14532 · bitcoin/bitcoin · GitHub 11:23 < jarthur> ty 11:23 < esotericnonsense> i suppose localhost + cookie, if the cookie has the correct permissions set, is similar to a permissioned domain socket 11:23 < esotericnonsense> the issue is really the strength of the auth mechanism and basically whether the RPC is safe pre-auth 11:24 < esotericnonsense> 'open port' doesn't really matter if that _actually works_ 11:24 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-core-dev 11:24 < esotericnonsense> (as in, the situation post 14532 seems reasonable) 11:25 < echeveria> esotericnonsense: the RPC server is unlikely unsafe pre-auth, it's at least a denial of service risk. 11:25 < jarthur> gmaxwell: huh, it's funny, that's how I thought it worked already too 11:25 -!- OzPac [~OzPac@cpc110789-lewi20-2-0-cust636.2-4.cable.virginm.net] has quit [Quit: OzPac] 11:26 < jarthur> esotericnonsense: one thing to consider with permissioned domain sockets is Linux abstract unix domain sockets have similar "openness" as TCP loopback. 11:27 < esotericnonsense> jarthur: eh? it's not possible to listen on a specific user, right? 11:27 < jarthur> With loopback, you at least have some decent control via netfilter/iptables/ufw on Linux 11:27 < esotericnonsense> (for TCP loopback) 11:27 < esotericnonsense> the domain socket can be rw only for the user 11:27 -!- dqx [~dqx@unaffiliated/dqx] has joined #bitcoin-core-dev 11:27 < esotericnonsense> e.g. if you had bitcoind, bitcoin-qt and bitcoin-qt had perms on the socket but other than bitcoin-qt only root did 11:29 < wumpus> !action merge #14532 I guess 11:29 * gribble merge #14532 I guess 11:29 < jarthur> esotericnonsense: it can't if it's a Linux abstract unix domain socket 11:30 -!- Murch [~murch@c-73-223-113-121.hsd1.ca.comcast.net] has quit [Quit: Snoozing.] 11:30 < esotericnonsense> oh sorry. missed 'abstract'. 11:30 < booyah> are people actually losing money / being hacked, as result of many listening on internet? 11:31 < luke-jr> Typically exploits are fixed even if nobody has been compromised with them yet 11:32 < booyah> sure, not suggesting it's not something to be fixed, just wondering what is the situation 11:34 < gmaxwell> not that we're aware of, but I suspect most of us are uncomfortable with all this rpc exposure. 11:34 < gmaxwell> the additional attack surface is a liability we don't want to deal with. 11:35 < wumpus> how would you even know if people are losing money through this 11:35 < jarthur> It was real embarrassing for us on the Electrum project when the localhost auto-bind we were going to get around to at some point wasn't gotten around to until it hit the media. :) 11:35 < booyah> if someone would reported that happening, wumpus. ofc most would not 11:35 < esotericnonsense> well the fact that it's now known increases the probability of exploit too, right. 11:35 < wumpus> also agree with luke-jr, it's better to prevent in this case 11:36 < gmaxwell> booyah: yea, problem is that people don't know or don't report. I'm somewhat doubtful it's causing much loss right now but it means that any rpc/rest bug is potentially much more serious. 11:36 < luke-jr> jarthur: what port does Electrum bind? 11:36 < gmaxwell> at least given what we currently believe: that it's being enabled due to accident/confusion. 11:36 < luke-jr> I wonder if these 8332s aren't even bitcoin itself? 11:36 < esotericnonsense> luke-jr: is it possible to get a bitcoin-like response back with invalid auth 11:36 < esotericnonsense> could just hit a few (or a lot) of them and check 11:37 * esotericnonsense checks his node 11:37 < luke-jr> has anyone done so? 11:37 < booyah> do we have the IP list? anyone proceessed it, are theses opened e.g. mostly in some specific network, or OS? (maybe there's a product or something that does that) 11:37 < wumpus> maybe it's a honeypot 11:37 < harding> luke-jr: the list of IPs I scan cam from bitnodes, which I think currently filters out Bitcoin Cash nodes. Obviously so were probably spy nodes and the like. 11:37 < harding> s/so/some/ 11:38 < luke-jr> harding: well, I mean perhaps some other software is listening in 8332 while Bitcoin isn't 11:38 < wumpus> or maybe they found an exploit in bitcoin-cli and are waiting for you to use it on them :-) 11:38 < esotericnonsense> lol. I forgot, it's obvious 11:38 < esotericnonsense> curl localhost:8332 11:38 < esotericnonsense> JSONRPC server handles only POST requests 11:39 < gmaxwell> wumpus: lol 11:39 -!- ap4lmtree [~ap4lmtree@unaffiliated/ap4lmtree] has joined #bitcoin-core-dev 11:39 < esotericnonsense> so yeah if you have the list it would probably take a few seconds to hit them all and see if they're not bitcoin. :P 11:39 < jarthur> luke-jr: electrum's RPC port is randomly selected at startup if you don't configure one. Still didn't take long for scans to pick them up though. 11:40 < wumpus> yeh randomizing ports helps against attackers looking for targets, not against anyone that already selected you 11:40 < esotericnonsense> luke-jr: what might be interesting 11:41 < esotericnonsense> is scanning all IPv4 for 8332 (i.e. hosts that don't listen on 8333) 11:41 < wumpus> e.g. you can't currently scan the whole IPv4 range for all ports 11:41 < wumpus> right 11:41 < esotericnonsense> you can disable listening whilst leaving rpc up right? :P 11:41 < wumpus> oh sure 11:41 < esotericnonsense> the odd person might have even fat fingered 8332 instead of 8333 in their dnat :P 11:42 < luke-jr> that sounds more likely 11:42 < gmaxwell> you can scan all ports on all hosts that visit your website/irc channel/etc. however. 11:43 < wumpus> yes, I guess the threat model for bitcoin is somewhat different than say, ssh 11:43 < booyah> but there are people where actually something respons to TCP 8332 right? so not just opened firewalls / forwarded ports 11:44 < esotericnonsense> wumpus: heh you've reminded me that I have a weird memory-like error in ssh at the moment... my linux-fu is insufficient to debug it 11:44 < esotericnonsense> ssh host cat /dev/zero > /dev/null gives me an EFAULT in strace, read into a bad memory address 11:44 < esotericnonsense> anyway, this is not bitcoin core dev, sorry :P 11:47 < wumpus> I'd think it's more likely for the crash to be the result of some over-protective security feature in ssh than a security bug, but yeah 11:48 < luke-jr> I don't see how 11:48 < luke-jr> cat /dev/zero shouldn't have any security implications 11:48 -!- hebasto [~hebasto@95.164.65.194] has joined #bitcoin-core-dev 11:49 < esotericnonsense> the system call that fails is a read from the TCP socket (checked fd) 11:49 < esotericnonsense> the second parameter, the memory address (https://linux.die.net/man/2/read) is not valid 11:50 < gmaxwell> Is there a socket option to set the TTL on tcp connections? If there is we should perhaps make the rpc use TTL=1 unless overridden by a config option. 11:50 < esotericnonsense> gmaxwell: ooh!! 11:50 < esotericnonsense> that is really, really nice. 11:51 < esotericnonsense> if it's possible. 11:51 < luke-jr> good idea 11:51 < echeveria> esotericnonsense: it's fairly trivial to scan 0/0 for a specific port now. there's port scanners that run directly on the NIC which can saturate multi gigabit links. 11:52 < gmaxwell> that nicely covers the 'lan/vpn good / internet bad'. 11:52 < echeveria> that said, I'd expect all ports listening on 8332 are listening on 8333. 11:52 < esotericnonsense> echeveria: yeah I'm aware of that, hence me thinking it might be interesting to see what's on 8332 "globally". 11:52 < wumpus> if there is one I've never heard of it, you can usually set it on a OS level but not per socket IIR 11:52 < esotericnonsense> echeveria: probably yeah. 11:52 < wumpus> it's a fascinating idea though 11:54 < aj> ip(7) IP_TTL sounds plausible? 11:54 < esotericnonsense> man 7 ip; IP_TTL (since Linux 1.0) 11:54 < esotericnonsense> yes 11:54 < esotericnonsense> you want it to be multiplatform though, :P 11:56 < aj> https://docs.microsoft.com/en-us/windows/desktop/winsock/ipproto-ip-socket-options and https://www.freebsd.org/cgi/man.cgi?query=ip&sektion=4&manpath=FreeBSD+9.0-RELEASE make it sound pretty multiplatform 11:56 < gmaxwell> well, linux only would be better than not having it, since so many of our users are on linux. 11:57 -!- dqx [~dqx@unaffiliated/dqx] has quit [Read error: Connection reset by peer] 11:58 -!- dqx [~dqx@unaffiliated/dqx] has joined #bitcoin-core-dev 11:59 -!- clarkmoody [~clarkmood@47-218-248-206.bcstcmta04.res.dyn.suddenlink.net] has joined #bitcoin-core-dev 12:01 < achow101> meeting? 12:02 < wumpus> #startmeeting 12:02 < lightningbot> Meeting started Thu Oct 25 19:02:03 2018 UTC. The chair is wumpus. Information about MeetBot at http://wiki.debian.org/MeetBot. 12:02 < lightningbot> Useful Commands: #action #agreed #help #info #idea #link #topic. 12:02 < promag> howdy 12:02 < achow101> hi 12:02 < gleb> hi 12:02 < wumpus> hey 12:02 -!- dqx_ [~dqx@unaffiliated/dqx] has joined #bitcoin-core-dev 12:03 < jonasschnelli> Hi 12:03 < wumpus> #bitcoin-core-dev Meeting: wumpus sipa gmaxwell jonasschnelli morcos luke-jr btcdrak sdaftuar jtimon cfields petertodd kanzure bluematt instagibbs phantomcircuit codeshark michagogo marcofalke paveljanik NicolasDorier jl2012 achow101 meshcollider jnewbery maaku fanquake promag provoostenator 12:03 < sipa> hi 12:03 < luke-jr> .. 12:03 < midnightmagic> \o 12:04 -!- dqx [~dqx@unaffiliated/dqx] has quit [Ping timeout: 240 seconds] 12:05 < wumpus> topics?\ 12:05 < jonasschnelli> topic proposal: 0.17.0.1 or 0.17.1 12:05 < sipa> what is the status with the linter issues on travis? 12:06 < phantomcircuit> hello 12:06 < wumpus> #topic 0.17.0.1 or 0.17.1 12:07 -!- dqx_ [~dqx@unaffiliated/dqx] has quit [Ping timeout: 245 seconds] 12:07 < jonasschnelli> I think we should release 0.17.0.1 (osx only) to mitigate the non opening DMG issue with 0.17 (https://github.com/bitcoin/bitcoin/pull/14416) 12:08 < jonasschnelli> We could release just 0.17.0 + 14416 as 0.17.0.1 macOS only (not release the current 0.17 branch) 12:09 < luke-jr> #14416 12:09 < gribble> https://github.com/bitcoin/bitcoin/issues/14416 | Fix OSX dmg issue (10.12 to 10.14) by jonasschnelli · Pull Request #14416 · bitcoin/bitcoin · GitHub 12:09 -!- harrymm [~harrymm@69.161.195.103] has quit [] 12:09 < jonasschnelli> The current DMG provided in bitcoincore.org/bin does not open on macOS 12:09 < wumpus> agree, would make sense to make a 0.17.0.1 for macosx only 12:09 < luke-jr> jonasschnelli: the only other fix currently in the branch is so minor, it wouldn't make sense to make a new branch for 0.17.0.1 12:10 -!- bitconner [~conner@c-73-170-56-77.hsd1.ca.comcast.net] has joined #bitcoin-core-dev 12:10 < jonasschnelli> We can also directly move to 0.17.1,... 12:10 < sipa> that seems in line with versioning we've used before, using the 4th number for platform specific fixes 12:10 < luke-jr> doesn't MarcoFalke have a bunch of fixes backported to 0.17 though? might make more sense to just move on 0.17.1 12:10 < luke-jr> sipa: sure, I'm just saying we can tag it on 0.17 branch 12:11 < sipa> some of those may be nontrivial; i saw some issue with his backports PR having a merge conflict? 12:11 < cfields> luke-jr: that would mean that Mac users couldn't drop back to 0.17 if 0.17.1 was buggy. 12:11 < cfields> +1 for 0.17.0.1 12:11 < luke-jr> cfields: 0.17.1 should only be fixes on top of 0.17.0 anyway 12:11 < wumpus> sipa: yep 12:12 < promag> we could pick the simple backport fixes (including macos fix) and let the remaining for 0.17.2? 12:12 < wumpus> I dont' think we have enough for 0.17.1 yet 12:13 < wumpus> if a lot of people are experiencing issues with 0.17.0 on MacOSX we should do 0.17.0.1 soon 12:13 < wumpus> like, tomorrow 12:13 < sipa> agree 12:13 < jonasschnelli> ack 12:13 < cfields> sgtm 12:13 < jonasschnelli> I think it's not an urgent thing,.. but it may fraighten off users since it can cause a finder crash 12:13 * luke-jr shrugs 12:14 < cfields> jonasschnelli: now this is interesting! 12:14 < jonasschnelli> Someone told me Apple is aware... 12:14 < cfields> heh, ok 12:15 < jonasschnelli> A finder crash smells just really bad and AFAIK there has been some exploitable bugs in that area in the past. 12:16 -!- reallll [~belcher@unaffiliated/belcher] has joined #bitcoin-core-dev 12:16 < wumpus> it was funny hwo this is caused by a python unicode versus bytes issue 12:16 < jonasschnelli> Indeed! 12:17 < jonasschnelli> I just don't get why it was a non-issue when compiling with trusty.. I though we had the same python version. 12:17 < jonasschnelli> *thought 12:17 < jonasschnelli> however,.. lets just do a 0.17.0.1 macOS asap 12:18 < wumpus> it's great that you managed to isolate it 12:18 < jonasschnelli> Took me around 30 gitian builds. :) 12:18 -!- belcher_ [~belcher@unaffiliated/belcher] has quit [Ping timeout: 252 seconds] 12:19 < cfields> yes, thanks for that. I always check that dmgs open before tagging the detached sigs, but I've stayed on 10.11 to catch back-compat issues, so I guess I avoided it :\ 12:20 < jonasschnelli> Yes. I also take it on me,... I haven't done that. But non of us somehow did test the DMG during all the RCs... 12:20 < jonasschnelli> which is a bit strange 12:20 < sipa> that's a bad sign 12:21 < wumpus> not many people testing on macosx? 12:21 < cfields> indeed. Maybe we could start adding "Tested ACKs" for the gitian sigs PRs 12:22 < cfields> to at least verify that someone has started up the release 12:22 < wumpus> I can only test the linux release myself 12:22 < wumpus> (and I test compiles on FreeBSD and OpenBSD! but that's irrelevant to gitian) 12:22 < jonasschnelli> At least fanquake, sjors and other gitian builders use macOS regularly... including myself. But meh,.. I don't know why I haven't detected it 12:23 < luke-jr> testing RCs is IMO the job of users, not builders or coders 12:23 < booyah> I can get you mac os X (old macbook) or bsd test (install+run) if you want 12:23 < jonasschnelli> Both I'd say 12:23 < cfields> I'll at least start ACKing the platforms that I've verified startup for the sake of posterity. 12:24 < sipa> luke-jr: agree, but no reason why someone can't be both - and regardless of what you call them, not enough people testing rcs is concerning 12:24 < luke-jr> sipa: right, my point is that PRs isn't a good place for it 12:24 < luke-jr> users don't make PRs 12:25 < sipa> that's reasonable... though how else do you get feedback? 12:26 < luke-jr> short of writing a website that collects it, and asking with the RC announcement to post there.. coming up blank 12:26 < wumpus> usually we ask people to open issues on github for problems 12:26 < luke-jr> maybe bitcointalk can offer a forum specifically for testing reports or something 12:26 < wumpus> I'm nto sure a different website is needed 12:27 < luke-jr> true 12:27 < luke-jr> what's missing is *positive* feedback 12:27 < wumpus> reddit etc have too much noise 12:27 < wumpus> yes, true 12:27 < luke-jr> and apparently the users testing to give it 12:28 -!- Krellan [~Krellan@50-242-94-241-static.hfc.comcastbusiness.net] has joined #bitcoin-core-dev 12:29 < luke-jr> maybe the -core-dev ML needs to get more attention from users so they learn about and try RCs? 12:30 < wumpus> I.. dont' think you can really get users into a ML these days 12:30 < sipa> haha 12:30 < luke-jr> how do users learn about stuff now? 12:30 < sipa> maybe we need a facebook group *ducks* 12:30 < luke-jr> >_< 12:31 < wumpus> :-) 12:31 < cfields> luke-jr: real answer: software force-updates itself. 12:31 < cfields> :( 12:31 < wumpus> twitter is really popular yes 12:31 < luke-jr> how about I make a Twitter account for posting experimental releases of Core, Knots, and other reputable Bitcoin projects? (Electrum, etc?) 12:32 < luke-jr> or is there some kind of shared Twitter account thing so more than just I can post? 12:33 < luke-jr> cfields: not to testing versions.. 12:33 < sipa> we can tweet from the bitcoincoreorg account 12:33 < luke-jr> sipa: not everyone wants to see experimental releases 12:33 -!- Emcy [~Emcy@unaffiliated/emcy] has quit [Remote host closed the connection] 12:34 < aj> luke-jr: could have a flag to say "auto update to current release version" and another to say "follow experimental release candidate stream" 12:35 -!- h00t_ [5f5ad4c1@gateway/web/freenode/ip.95.90.212.193] has joined #bitcoin-core-dev 12:35 < achow101> no auto update pls 12:35 < warren> luke-jr: have a different twitter account for those interested in following RC's 12:36 < luke-jr> warren: that's what I said :P 12:36 < wumpus> right, at least at the moemnt we don't tweet experimental releases from bitcoincore twitter 12:36 < sipa> yeah 12:36 < wumpus> I don't even post them to my personal account ,maybe I should 12:36 < luke-jr> wumpus: that might be enough 12:36 < warren> Thought you migrated permanently from Twitter. =) 12:37 < luke-jr> XD 12:37 < sipa> remind me, i can tweet from my personal account too 12:38 < wumpus> warren: well I'm more comfortable posting development-related stuff on mastodon, but for noticifcations to reach as many people as possible I'd certainly use twitter 12:38 < warren> (What is the protocol for topic proposals? wait until this topic is done?) 12:38 < wumpus> warren: no, just propose 12:38 < wumpus> ideally you propose topic subjects at the beginning of the meeting 12:39 < wumpus> then we can cycle through them 12:39 < wumpus> but it's fine we're done with this now 12:39 < sipa> i wanted to bring up the linter issues 12:40 < warren> topic proposal: Interested in opinions regarding the risk of bringing back Fortuna. Along with deprecation of BIP70, we are on the path toward eventual removal of the openssl dependency. 12:41 < sipa> we really don't need fortuna or a high-performance built-in randomness pool - we don't need randomness frequently 12:41 < sipa> what we do need is a good way to seed entropy from the environment 12:41 < rex4539> I think it is quite unlikely that "normal" people will ever run an RC because they are afraid of losing funds because of bugs. Others like me, on the other hand, only run beta software. If something is "stable" I don't want it. I want experimental, unstable software full of bugs. More fun. I believe the reason for missing the DMG bug is that everyone here is building from master and doesn't actually run the public builds. 12:41 < rex4539> Perhaps there should be a pre-release QA checklist for basic functionality on all supported platforms. 12:41 < wumpus> #topic Fortuna 12:42 < wumpus> —or other randomness 12:42 < warren> well, Fortuna or the lesser goal of seeding entropy from the environment 12:42 < sipa> and seeding entropy from the environment is annoying as it's a platform specific business 12:42 < sipa> but we have a built-in randomness pool now - it's not fast, but it's more than good enough for what we need 12:42 -!- reallll is now known as belcher_ 12:42 < sipa> it's just seeding through OpenSSL mostly 12:43 < warren> I am encouraged that #14451 happened, deprecating BIP70 (huge attack surface, nobody uses it etc.) This means we will eventually be able to remove the openssl dependency. Except for that part. 12:43 < gribble> https://github.com/bitcoin/bitcoin/issues/14451 | Add BIP70 deprecation warning and allow building GUI without BIP70 support by jameshilliard · Pull Request #14451 · bitcoin/bitcoin · GitHub 12:43 < sipa> and whenever we need "strong randomness" we mix data from openssl and our own pool 12:44 < sipa> i think it's sufficient to have a c++ file with a bunch of entropy gathering things in it, without turning it into a C API or whatever 12:45 < jonasschnelli> #10299 12:45 < gribble> https://github.com/bitcoin/bitcoin/issues/10299 | Remove OpenSSL by sipa · Pull Request #10299 · bitcoin/bitcoin · GitHub 12:45 < cfields> sipa: you mean something that is essentially a standalone lib, but with no effort made to actually give it an external api? 12:46 < warren> #5885 had a previous attempt to replace the openssl PRNG. Reading those old comments remains interesting today. 12:46 < gribble> https://github.com/bitcoin/bitcoin/issues/5885 | [WIP] Replace OpenSSL PRNG with built-in Fortuna implementation by sipa · Pull Request #5885 · bitcoin/bitcoin · GitHub 12:46 < sipa> warren: nah, i think that's total overkill now 12:47 < jonasschnelli> Just read /dev/urandom? *duck* 12:47 < warren> external API is risky as you need to worry about about fork safety and conditions you can't predict 12:47 < gmaxwell> jonasschnelli: and then not get randomness when FD exhaustion means you can't open it. 12:47 < sipa> jonasschnelli: we already do that 12:48 < sipa> warren: not if it just gathers some entropy from the environment (and not a full RNG library) 12:48 < warren> Do we already use the newer syscall that blocks if the kernel prng is not seeded? 12:48 < sipa> yes 12:48 < kanzure> how do the proofs of randomness/entropy incorporation work 12:48 < jonasschnelli> gmaxwell: don't we just need a single seed during startup then ChaCha20 PRNG from. there? But i'm not familiar with the details.. 12:48 < wumpus> yes we use the syscall where available 12:48 < warren> I know a lot less about the other Unixes. 12:48 < wumpus> on Linux and various BSDs 12:48 < sipa> jonasschnelli: no, that's FastRandomContext 12:49 < sipa> and it's only used to generate randomness that doesn't need independently seeding 12:49 < jonasschnelli> I see 12:49 < gmaxwell> jonasschnelli: only if everything works right, users never use virtual machines with snapshooting, and we don't care about being totally broken in the face of OS bugs like netbsd and freebsd had in the last couple years. 12:49 < sipa> for generating private keys etc, we gather new entropy every time 12:50 < warren> ----> i think it's sufficient to have a c++ file with a bunch of entropy gathering things in it, without turning it into a C API or whatever <--- This would be good enough and people would feel it is worth the risk of change to be able to eventually remove the openssl dependency? 12:50 < gmaxwell> (and don't mind a later process memory leak potentially revealing the keys we previously generated, etc) 12:51 < gmaxwell> Until BIP70 is gone we're stuck with openssl regardless. we lost urgency on discontinuing using openssl as a randomness input after bitpay started requiring BIP70 to make payments. 12:51 < gmaxwell> So long as we have openssl for other things it's a harmless addition to random inputs. 12:52 < cfields> gmaxwell: IIRC that's only supported in -qt 12:52 < sipa> ah, for "non-strong" randomness (GetRandBytes, as opposed to GetStrongRandBytes) we use just OpenSSL, would people be ok with switching that to our own randomness pool? 12:53 < gmaxwell> we do? well that should be switched. 12:53 < jonasschnelli> Agree 12:53 < sipa> GetStrongRand uses all sources available, and mixes them into our own pool 12:53 < sipa> including OpenSSL 12:55 < wumpus> yes 12:56 < wumpus> switching over non-strong randomness is a no-brainer 12:57 < jarthur> topic proposal: Unix socket support for RPC API 12:57 < wumpus> eh <3 minutes left 12:57 < jarthur> No prob. Next time. 12:58 < wumpus> I agree though 12:58 < wumpus> FWIW 12:58 < wumpus> need that yesterday! 12:58 < aj> missed out on the linter stuff? 12:59 < sipa> guess we'll do that another time 12:59 < sipa> or hope it resolves itself 12:59 < wumpus> linters are great fun for the whole family, you can watch them fail in real time in so many different ways 12:59 -!- opdenkamp [~opdenkamp@kodi/staff/dushmaniac] has quit [Ping timeout: 245 seconds] 13:00 < wumpus> #endmeeting 13:00 < lightningbot> Meeting ended Thu Oct 25 20:00:27 2018 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) 13:00 < lightningbot> Minutes: http://www.erisian.com.au/meetbot/bitcoin-core-dev/2018/bitcoin-core-dev.2018-10-25-19.02.html 13:00 < lightningbot> Minutes (text): http://www.erisian.com.au/meetbot/bitcoin-core-dev/2018/bitcoin-core-dev.2018-10-25-19.02.txt 13:00 < lightningbot> Log: http://www.erisian.com.au/meetbot/bitcoin-core-dev/2018/bitcoin-core-dev.2018-10-25-19.02.log.html 13:00 < cfields> Quick takeback: I wasn't entirely ready yet, and jumped the gun on coming back to dev after some time off a few weeks ago. Sorry if I've slowed anything down since then as a result, and for the annoying false start. Please don't let anything block on waiting for me in the near future. 13:00 < cfields> That's probably implied by now, just wanted to be explicit about it. 13:01 < wumpus> cfields: thanks for anything you've done, and no pressure for anything else 13:02 < cfields> wumpus: I'll for sure take care of whatever's needed from me for 0.17.0.1 13:02 < cfields> though I suppose that's nothing, if it's mac only :) 13:03 < wumpus> usually we build the release for all platforms I think, even though there's no effective chagne for others 13:03 < wumpus> but e.g. the website doesn't support hosting one version for one platform and another for another 13:04 < cfields> Makes sense, avoids having to customize all of the build scripts and stuff 13:04 < cfields> ok, will handle that as usual then. 13:05 < wumpus> do we really need release notes for 0.17.0.1? 13:09 < cfields> no opinion 13:11 -!- clarkmoody [~clarkmood@47-218-248-206.bcstcmta04.res.dyn.suddenlink.net] has quit [] 13:14 -!- harrymm [~harrymm@69.161.195.103] has joined #bitcoin-core-dev 13:15 -!- opdenkamp [~opdenkamp@kodi/staff/dushmaniac] has joined #bitcoin-core-dev 13:16 < wumpus> nah just have to mention the macosx issue I guess 13:18 < sipa> yeah 13:23 < jnewbery> cfields: take care of yourself first. Everyone here is very grateful for the enormous contributions you've made. 13:26 < jnewbery> sorry I missed the meeting. On the topic of testing RCs, the optech newsletter has action items each week, which included 'allocate time to test Bitcoin Core RC' for the weeks that we had RCs (eg https://bitcoinops.org/en/newsletters/2018/09/11/). If there are more specific instructions, let us know and we can help spread them. 13:26 < wumpus> jnewbery: +1 13:31 < gmaxwell> kallewoof: Are you or anyone else working on getting the "spend all inputs to an address at once if it isn't more expensive" thing going again? 13:31 < sipa> I dont't Optech members to be the ones who would find issues with the OSX installer, though 13:31 < gmaxwell> kallewoof: there was recently another round of massive dusting attacks. 13:36 < jarthur> While some folks are still here, I'm curious if any of you would be against an incremental introduction of unix domain sockets for the RPC API. e.g. release with just server support first, no bitcoin-cli support and no official work around abstract sockets. Server support may be exhumable from wumpus PR #9919. 13:36 < gribble> https://github.com/bitcoin/bitcoin/issues/9919 | UNIX sockets support for RPC by laanwj · Pull Request #9919 · bitcoin/bitcoin · GitHub 13:37 < jarthur> bitcoin-cli support is what was held up by proposed upstream libevent work 13:38 < gmaxwell> jonasschnelli: it's hard to test extensively without bitcoin-cli support, I'd worry about it bitrotting. 13:38 < gmaxwell> er jarthur 13:38 < gmaxwell> otherwise getting it in sounds fine to me. 13:39 < jarthur> Yea, there's only so much we'd be testing from the python functional tests. 13:40 -!- bitconner [~conner@c-73-170-56-77.hsd1.ca.comcast.net] has quit [Ping timeout: 252 seconds] 13:40 < sipa> gmaxwell: if the python test framework uses it, i'd be less concerned 13:41 < gmaxwell> I think thats clearly a requirement. 13:42 < gmaxwell> Still, its not like our tests are comprehensive enough that it's automatically okay. 13:42 -!- bitconner [~conner@c-73-170-56-77.hsd1.ca.comcast.net] has joined #bitcoin-core-dev 13:43 < jnewbery> sipa: perhaps not, but lots of people have subscribed to our newsletter who aren't members. We have about 1500 subs, who I expect are mostly quite technical. 13:44 < sipa> jnewbery: true, and i'm a big fan of that work, to be clear 13:44 < sipa> gmaxwell: any type of issue you're worried about in particular w.r.t. unix socket support but excluding bitcoin-cli initially? 13:45 < jnewbery> I didn't interpret your comment to mean that you weren't :) 13:45 < gmaxwell> sipa: e.g. will it crash under concurrent request load, etc. thats something we'd probably find out really fast with bitcoin-cli switched to it. 13:45 < jarthur> On the bright side, having the existing py func tests use a unix socket pretty doable. wumpus had it as an option in his PR. 13:46 < jnewbery> anyway, I don't think it can harm. If there's any advice on how people can better test RCs and provide feedback, I think we'd be happy to push it out to our subscribers. 13:47 -!- bitconner [~conner@c-73-170-56-77.hsd1.ca.comcast.net] has quit [Ping timeout: 240 seconds] 13:47 < jarthur> My reason for proposing server-only is to make the change small enough to not get sidelined again. I know I don't have enough time to work with libevent team on getting preexisting client connection support rolled in. 13:57 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has quit [Ping timeout: 244 seconds] 13:57 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-onavuswgsctcdiqj] has joined #bitcoin-core-dev 13:57 < bitcoin-git> [bitcoin] laanwj opened pull request #14576: Release 0.17.0.1 (0.17...2018_10_release_0.17.0.1) https://github.com/bitcoin/bitcoin/pull/14576 13:57 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-onavuswgsctcdiqj] has left #bitcoin-core-dev [] 13:58 < wumpus> jarthur: yes, I had the functional tests use a UNIX socket, next step would have been to have them interface with P2P over UNIX socket as well but never got that far 13:58 < wumpus> *for RPC 13:59 < wumpus> everyone was too much focused on the cli client support and I'm not confident that I can get the libevent people to adapt anything in that regard so I kind of gave up 14:00 < wumpus> feel free to pick it up though ! 14:01 < jarthur> wumpus: thanks. I don't know the client code very well. Is there an easy alternative where we can just have libevent create the socket? 14:01 -!- h00t_ [5f5ad4c1@gateway/web/freenode/ip.95.90.212.193] has quit [Ping timeout: 256 seconds] 14:02 < wumpus> heh you wish 14:03 < wumpus> I wouldn't have gone though all that trouble if that existed, right :/ 14:03 < jarthur> figured 14:03 < gmaxwell> I think it's fine to go without the -cli... just means a somewhat greater amount of testing should be done. 14:06 -!- bitconner [~conner@136.24.75.121] has joined #bitcoin-core-dev 14:10 < wumpus> jarthur: I think the only way to do that would be to implement the entire http protocol (e.g. port over libevhttp), but that's a pretty bad place to be in 14:11 < jarthur> Is it because we do some custom stuff libevhttp doesn't do? 14:11 -!- dtr [4e0190ae@gateway/web/freenode/ip.78.1.144.174] has joined #bitcoin-core-dev 14:12 -!- dtr [4e0190ae@gateway/web/freenode/ip.78.1.144.174] has quit [Client Quit] 14:12 < wumpus> there's more reasons why libevent's http server isn't really that great for what we're doing (such as the work pool) but there's nothing else that we *can't* do with it 14:13 < wumpus> httpserver.cpp is basically one complex of working-around thread limitations of their http server 14:13 < wumpus> (but that's not relevant to UNIX socket support at least :) 14:16 < wumpus> and there's a more advanced web server that runs on libevent which is commonly recommended: https://github.com/criticalstack/libevhtp ... I don't think that'd work with the client part though, and it's yet another dependency 14:17 < wumpus> I mean, help with the client part, and no idea if they do support UNIX sockets 14:17 < wumpus> I'm...so disasppointed 14:18 < wumpus> (but it's 10000% better than boost asio so...) 14:18 < sipa> haha 14:20 < sipa> gmaxwell: the current way GetStrongRandBytes works is by computing SHA512(state || hw_entropy || os_entropy || openssl_entropy), and then using one half of the output as new state, and one half as random output 14:21 < sipa> for non-strong we can probably replace that with SHA512(state || high-accuracy-timer || some_other_cheap_entropy) or so? 14:22 < wumpus> their server isn't the problem, it allows injecting custom FDs for UNIX sockets fine! it's the client, we'd need another http *client* that supports http over UNIX sockets 14:23 < sipa> wumpus: you may hate this... but given that bitcoin-cli is specific to bitcoind, it probably doesn't need to actually implement full HTTP; just whatever subset is needed for bitcoind 14:23 < wumpus> sipa: yes, that's a good point! 14:24 < wumpus> hadn't really thought of it that way 14:24 < sipa> and if there's an adequate HTTP implementation that does what we need, that certainly feels better than something NIHed 14:24 -!- bralyclow2 [~bralyclow@195.242.213.121] has joined #bitcoin-core-dev 14:25 < sipa> but if there's concerns... i don't expect that the subset of HTTP we need is all that hard to write 14:25 -!- bralyclow2 [~bralyclow@195.242.213.121] has quit [Client Quit] 14:25 < wumpus> right 14:26 < wumpus> I missed the part where it only needs to work with our own server :) 14:26 < jarthur> wumpus: ahh, was the reason we needed the fd-passing ability because their client didn't even have support for starting a unix socket fd to begin with? 14:26 < wumpus> I guess that makes it quite simple 14:27 < wumpus> jarthur: yes 14:28 < wumpus> jarthur: at the time, at least, if they added it since then that'd be incredible 14:30 -!- CubicEarth_ [~CubicEart@c-73-181-185-197.hsd1.wa.comcast.net] has quit [Ping timeout: 264 seconds] 14:31 < wumpus> (but I doubt it, they've always limited support to the intersection of various OSes, so having a specific unix API is probably even more out of the question) 14:32 < jarthur> Yeah, just checked, they haven't 14:32 -!- CubicEarth [~CubicEart@c-73-181-185-197.hsd1.wa.comcast.net] has joined #bitcoin-core-dev 14:33 -!- timothy [~tredaelli@redhat/timothy] has quit [Quit: Konversation terminated!] 14:33 < wumpus> too bad 14:35 < wumpus> it's kind of interesting, I mean Tor uses libevent and they certainly support UNIX sockets for many things, for which they use fd injection at the base layer, they just don't happen to use the http server so that's not important 14:35 < wumpus> (nor http client) 14:36 < wumpus> this is just a case of whyyy do you have to make it so difficult for me 14:36 -!- shesek [~shesek@141.226.218.111] has joined #bitcoin-core-dev 14:36 -!- shesek [~shesek@141.226.218.111] has quit [Changing host] 14:36 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 14:36 -!- promag [~promag@bl22-247-244.dsl.telepac.pt] has quit [Remote host closed the connection] 14:38 -!- promag [~promag@bl22-247-244.dsl.telepac.pt] has joined #bitcoin-core-dev 14:39 < wumpus> (why does bitcoin use http? I do not know, I guess JSON-RPC is marginally better than rolling yet another custom protocol, though the line-based JSON RPC of c-lightning is *pretty neat*) 14:40 < wumpus> why bother wrapping your JSON RPC requests in all this http stuff when you can just do request\nreply\n 14:43 < jarthur> Perhaps to enable local browser-based experiences? 14:43 < jarthur> Though there are WebSocket transport options for JSON-RPC now 14:43 < wumpus> yea exploitability++ 14:43 < jarthur> :) 14:44 < promag> lol 14:47 -!- promag [~promag@bl22-247-244.dsl.telepac.pt] has quit [Remote host closed the connection] 14:59 < phantomcircuit> wumpus, line based json rpc? so stratum? 15:01 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-elnwxluwpemzvlyw] has joined #bitcoin-core-dev 15:01 < bitcoin-git> [bitcoin] hebasto opened pull request #14577: qt: Cleanup `textInteractionFlags` for `QLabel` (master...20181025-textInteractionFlags) https://github.com/bitcoin/bitcoin/pull/14577 15:01 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-elnwxluwpemzvlyw] has left #bitcoin-core-dev [] 15:01 -!- Krellan [~Krellan@50-242-94-241-static.hfc.comcastbusiness.net] has quit [Read error: Connection reset by peer] 15:02 -!- Krellan [~Krellan@50-242-94-241-static.hfc.comcastbusiness.net] has joined #bitcoin-core-dev 15:04 -!- Emcy [~Emcy@unaffiliated/emcy] has joined #bitcoin-core-dev 15:05 < wumpus> phantomcircuit: maybe? I've never used stratum, might be similar/the same as c-lightning's protocol 15:08 -!- promag [~promag@bl22-247-244.dsl.telepac.pt] has joined #bitcoin-core-dev 15:09 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: Connection reset by peer] 15:09 < queip> how do users learn about stuff now? <--- make a twitch stream by skimply-dressed lady on configuring RPC ;) 15:10 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 15:10 < esotericnonsense> obviously it's so that you can stick your bitcoin rpc behind nginx and put it on https://myexchange.com/api 15:10 < esotericnonsense> with no auth 15:10 < esotericnonsense> the RPC port won't be exposed as 8332 so it's fine 15:10 < wumpus> which, in some sort of way, makes sense if wallets aren't involved 15:11 * esotericnonsense cries 15:11 < esotericnonsense> if it's sufficiently sandboxed... maybe... 15:11 < wumpus> in some ways this is really between a rock and a hard place, most of the information in the API is as public as it gets 15:11 < esotericnonsense> i don't think that's true 15:12 < wumpus> you can put it behind a caching API and it's still fine, this was the idea behind the REST API 15:12 < esotericnonsense> well, I mean, define "most", I guess 15:12 -!- bitconner [~conner@136.24.75.121] has quit [Ping timeout: 268 seconds] 15:12 < esotericnonsense> I think someone who looks at my node monitor for long enough would be able to figure out, for example, geographically where it's located 15:12 < wumpus> I mean things like 'what peers am I connected to' can be more or less sensitive? 15:13 < wumpus> I certainly don't mean exposing any information by default, but if someone decides to do it for a public node... 15:13 < esotericnonsense> yes 15:13 < esotericnonsense> sure 15:13 < wumpus> which is what you implied with the nginx thing 15:14 < jarthur> wumpus: re stratum, it's actually implemented on top of JSON-RPC. A lot of the stratum implementations in crypto projects transport JSON-RPC over TCP with line breaks. 15:14 < esotericnonsense> if the actual interface itself is hardened and/or it's running in a jail/VM/whatever with resource constraints (ideally both) I don't see an issue 15:14 < esotericnonsense> i would just assume there are obvious buffer overflows in the rpc interface though 15:15 < esotericnonsense> without really thinking about it too much just because I'm not sure anyone cares (because it shouldn't be public so why care) 15:15 < esotericnonsense> just little things, like what happens if someone sends an rpc request with a string parameter that is 400MB 15:15 < esotericnonsense> lol 15:16 < wumpus> well then it will use 400MB, it's not really interesting 15:16 < esotericnonsense> if not RCE-type overflows then probably a DoS if the server dies 15:16 -!- shesek [~shesek@unaffiliated/shesek] has quit [Read error: No route to host] 15:16 < esotericnonsense> actually, lol 15:16 < wumpus> you can do that to most websites if you really want 15:16 < esotericnonsense> doesn't rpc just have a shutdown command 15:16 < esotericnonsense> :D 15:17 -!- shesek [~shesek@141.226.218.111] has joined #bitcoin-core-dev 15:17 -!- shesek [~shesek@141.226.218.111] has quit [Changing host] 15:17 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-core-dev 15:19 < esotericnonsense> WRT bitcoin-cli and http/domain sockets/etc 15:21 -!- bitconner [~conner@136.24.75.121] has joined #bitcoin-core-dev 15:21 < esotericnonsense> i'm not suggesting a rewrite, but if it were easier that way, is it necessary to restrict to use of C++? I mean it barely does anything anyway 15:21 -!- hebasto [~hebasto@95.164.65.194] has quit [Remote host closed the connection] 15:22 < sipa> ? 15:22 < wumpus> replace c++ by, waht? 15:22 < esotericnonsense> there's a few config args, the simulated getinfo, help message, and the rest of it is pretty much standard 15:22 < esotericnonsense> anything you needed to to find a non NIH http solution 15:22 < wumpus> I think if you'd rewrite the entire thing in rust overnight a lot of people would be happy xD 15:22 < esotericnonsense> python, say (no idea if python does http over domain sockets) 15:23 < esotericnonsense> what bitcoin-cli? 15:23 < wumpus> noo 15:23 -!- ajtowns[m] [ajtownsmat@gateway/shell/matrix.org/x-zkvrdzujuyscqwzt] has joined #bitcoin-core-dev 15:23 < esotericnonsense> all of bitcoin? :D:D 15:23 < gmaxwell> I think esotericnonsense is suggesting bitcoin-cli get replaced with a python tool? 15:23 < queip> that seems easy... but exactly what for> 15:24 < wumpus> that's trivial 15:24 < esotericnonsense> gmaxwell: i'm not suggesting it but rather responding to wumpus'/sipa message above about bitcoin-cli not needing to be a full http client and inventing some thing 15:24 < sipa> afaik the origin bitcoin-cli code was just some printf statements into a socket 15:25 < gmaxwell> I don't think thats absurd on its face, but: it would probably be a massive slowdown for those users who do processing using bitcoin-cli in scripts, and would suffer the standard "throwaway and rewrite software issues" -- the complexity of existing code is effectively all the accrewed knoweldge built from years and years of use... and that it probably gets right lots of behaviors none of us 15:25 < gmaxwell> ever explicitly realized were ever requirements. 15:25 < wumpus> rewriting bitcoin-cli in python, certainly using the code already in the test framework, would be trivial, but why? 15:25 < esotericnonsense> hm 15:25 < esotericnonsense> i guess I don't hit the right endpoints for the rpc client to be the bottleneck, heh 15:25 < wumpus> I mean it means that all users need to have python installed 15:26 -!- bitconner [~conner@136.24.75.121] has quit [Ping timeout: 240 seconds] 15:26 < wumpus> which is the case on linux, and maybe on macosx? but certainly not on windows 15:26 < gmaxwell> esotericnonsense: I mean just forking _python_ for each request is probably going to be a lot slower. 15:26 < sipa> gmaxwell: generally i agree with that... but i also think bitcoin-cli is very simple :) 15:26 < gmaxwell> yea, if we wanted to rewrite anything bitcoin-cli would be it! :) 15:26 < jarthur> esotericnonsense: on Python, aiohttp supports unix sockets out of the box. The popular synchronous libs (httplib, requests) need supplemental libs to enable unix socket usage currently. 15:26 < wumpus> it woult make zero difference for bitcoin-cli wrt performance 15:26 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...] 15:26 < esotericnonsense> i feel like 15:27 < esotericnonsense> someone using bitcoin-cli in scripts ... argh\ 15:27 < esotericnonsense> supporting that feels awful 15:27 < sipa> my preference is just replacing the libevent http code in bitcoin-cli with hand-written HTTP though :) 15:27 < gmaxwell> esotericnonsense: you anti-unix heretic. 15:27 < wumpus> starting python is very fast, certainly if it's already cached in memory, and all work it does is *trivial* 15:27 < esotericnonsense> I mean, with interpretation of output, and so on, the whole point is that json rpc is standard 15:27 < wumpus> python is slow for heavily multi-threaded work but some comand like this? 15:27 < gmaxwell> wumpus: k. I was just guessing, I have no idea if it actually would be meaningfully slower. 15:28 * esotericnonsense uses python in production as a http client and gets pretty high concurrent workload 15:28 < esotericnonsense> er, server 15:28 < wumpus> gmaxwell: I mean it compiled everything to byte-code and the interpreter is very small 15:28 < esotericnonsense> it is single threaded though yes 15:28 < esotericnonsense> the overhead of starting an instance does exist, i just wonder about the cases in which that actually matters 15:28 < wumpus> I just don't think it's a relevant concern in this case 15:28 < wumpus> please work on something that actually affects users 15:29 < esotericnonsense> yes 15:29 < esotericnonsense> this is silly, sorry for raising it :P 15:29 < esotericnonsense> jarthur: missed your message, I'm using aiohttp actually, hadn't ever tried it with sockets though. 15:29 < gmaxwell> I don't think it was bad to raise, we might end up back on it if later bitcoin-cli is blocking disabling tcp rpc by default, and libevent still can't handle using domain sockets for the -cli case. 15:29 < esotericnonsense> might have to have a play. 15:31 < wumpus> let's write bitcoin-cli in rust 15:31 < gmaxwell> K. 15:31 * esotericnonsense is on page 3 of the rust book after finally getting around to it this morning. 15:31 < jarthur> CC andytoshi 15:32 < gmaxwell> Maybe the rust-bitcoin people have already done it. 15:32 < jarthur> esotericnonsense: works pretty well https://aiohttp.readthedocs.io/en/latest/client_advanced.html#unix-domain-sockets. I wrote the unix socket support for aiohttp server. Performance-wise it's pretty great on both sides. 15:32 < esotericnonsense> it took me a while to figure out how to add 1 to an integer because x++ doesn't work and that threw me for ages. :D 15:32 < wumpus> there is a rust bitcoinrpc library, but no command-line thing 15:32 < esotericnonsense> jarthur: oh! that's awesome! I don't know if you've had your fingers in any other parts of it but I've been really impressed with aiohttp 15:33 < esotericnonsense> I replaced my old flask backend for my node monitor with aiohttp a week or so ago and it's orders of magnitude faster, (though that is primarily due to using asyncio and not blocking on calls to bitcoind) 15:33 < jarthur> esotericnonsense: thanks! I'm a small-time contributor to it. I'm a big fan, though I tire of all the nested context managers involved in using the client :) 15:33 < esotericnonsense> so cheating, really :P 15:34 < wumpus> which makes sense, why go all the way to compile a rust crate for something then use it from friggin bash xD 15:34 -!- Bullit [~Bullit01@037-230-158-163.dynamic.caiway.nl] has joined #bitcoin-core-dev 15:34 < esotericnonsense> just write bitcoin-cli in bash. 15:34 < esotericnonsense> and powershell. 15:34 < esotericnonsense> done. 15:35 < esotericnonsense> or make windows users use WSL or something. :> 15:35 < wumpus> ahhh shut up or I'm going to rewrite it in risc-v assembly 15:35 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-core-dev 15:36 < sipa> what's wrong with Visual Basic? 15:36 < wumpus> xD 15:36 < midnightmagic> +1 risc-v assembly 15:36 < wumpus> visual basic 6 was the height of programming language development, after that it's only been a race downward 15:37 < sipa> wumpus: that was the last one i used :p 15:37 < wumpus> me too 15:37 < sipa> after VB6 i learned Perl. 15:37 < kallewoof> gmaxwell: I will work on getting that in place. Though will it actually help in this case? Dusting attacks I mean. 15:37 < jarthur> esotericnonsense: biggest problem I have with working in Python and Core RPC so far is how slow the std lib's JSON parsing/creating is, just because it's written in Python itself. I need to see if electrumx will be cool with switching to the raw REST APIs for block retrieval. 15:38 < kallewoof> gmaxwell: It seems like a more helpful thing to push for is #13756 15:38 < gribble> https://github.com/bitcoin/bitcoin/issues/13756 | wallet: -avoidreuse feature for improved privacy by kallewoof · Pull Request #13756 · bitcoin/bitcoin · GitHub 15:38 < esotericnonsense> jarthur: aaargh. you just reminded me. 15:38 < esotericnonsense> i spent a while hacking together some string stuff to optimize a json call the other day. 15:38 < esotericnonsense> i forgot to uncomment 'import ujson as json'. 15:38 < esotericnonsense> -_- 15:39 < jarthur> ahh, yea, that'll help :D 15:39 < esotericnonsense> can't be bothered to switch it back now until I need to change it. lol. 15:40 -!- TheCharlatan [~TheCharla@109.236.87.57] has quit [Quit: WeeChat 2.1] 15:40 < wumpus> midnightmagic: so for all other platforms we'll have to ship qemu to emulate it 15:40 < esotericnonsense> wumpus: no just write the bits of qemu you need to emulate bitcoin-cli on riscv. 15:40 < esotericnonsense> obviously. 15:40 < wumpus> I have a risc-v emulator in rust ? 15:40 * esotericnonsense goes to get a beer. 15:41 < wumpus> :') 15:43 < wumpus> sipa: I've also used perl for a little while, don't remember anything though 15:43 * esotericnonsense can't really remember his route 15:44 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has quit [Remote host closed the connection] 15:44 < esotericnonsense> i think qbasic, c, ???, python, then just small amounts of arbitrary languages? 15:46 -!- jarthur [~jarthur@207.114.244.5] has quit [] 15:47 -!- bitconner [~conner@136.24.75.121] has joined #bitcoin-core-dev 15:53 < wumpus> something like MSX basic -> Z80 asm -> gwbasic/qbasic -> PASCAL -> C -> perl -> C++ -> python -> rust ... though I don't exactly remember anymore, and there's some languages like haskell that I tried but never got very far with 15:56 < sipa> gwbasic, qbasic, vb, perl, c, java, haskell, c++, python 15:56 < wumpus> I regret everything after PASCAL xD 15:57 < aj> GWBasic, C64 Basic, AMOS Basic, qbasic, C, [Pascal], Smalltalk, Ada, Perl, C++, Prolog, Java, Python... 15:57 < aj> oh, actually would've been quickbasic not qbasic 15:58 < sipa> oh, there's a small amount PHP somewhere 16:00 < jcorgan> after Forth it all went downhill 16:02 < wumpus> oh I forgot about PHP as well, that was between perl and C++ I guess 16:04 < sipa> between java and haskell for me 16:04 < wumpus> aj: Ada is neat, I think it's a nice evolution of pascal, too bad it's mostly only used for us military stuff 16:06 -!- so [~so@unaffiliated/so] has quit [Ping timeout: 246 seconds] 16:08 < aj> wumpus: the precondition/postcondition stuff was pretty nifty. i remember it being a gratuitious pain to program with though, for what felt like syntactic reasons. might've been weird manual array management that would be completely laughable these days, don't remember 16:08 < aj> wumpus: i was never a fan of pascal though *shrug* 16:09 < esotericnonsense> i think I used PHP enough to think 'f this' 16:09 < wumpus> aj: I *loved* pascal, it was only because C seemed to be the wave of the future that I learned it and moved to it 16:10 < wumpus> that's a loong time ago though, I don't think I could do much with it these days 16:10 -!- so [~so@unaffiliated/so] has joined #bitcoin-core-dev 16:11 < wumpus> but things like the module system, bounded arrays, actually enforcede enumerations, it seemed to be ahead of C in many things 16:12 < wumpus> C was pretty nice as a low level, platform independent assembler replacement, but then they started to actually enforce things like undefined behavior, and platform-dependent behavior became important, and heck all of today's pain 16:12 < aj> wumpus: i guess bounded arrays, enforced enumerations are all strong-typing things where you'd go to haskell (or maybe rust?) these days 16:13 < wumpus> aj: it's why I like rust I think, I also *like* Haskell but cannot do anything practical with it 16:13 < sipa> i absolutely loved haskell as a language, and in many ways wished mainstream languages were more similar to it 16:14 < sipa> except in practice the type of programs i like to write are ones where performance and predictable resource usage matter... exactly what it abstracts away 16:14 < jcorgan> the older i get, the more languages i learn, and the fewer i use 16:14 < jcorgan> i'm pretty much down to python and c++ these days 16:15 < aj> sipa: haskell, but with performance specified as part of the type ;) 16:15 < sipa> not to say that you can't write performant code in haskell, but it feels like you need to break the otherwise awesome abstraction it provides in order to do so 16:15 -!- Krellan [~Krellan@50-242-94-241-static.hfc.comcastbusiness.net] has quit [Ping timeout: 246 seconds] 16:15 < sipa> i need to learn rust 16:15 < jcorgan> the last language to really interest me was Go, but that was self-limiting 16:15 < esotericnonsense> I like go 16:15 < esotericnonsense> i usually just run into a wall of sort of... OK, this is an interesting language, but does anything I do actually matter enough to optimise for language 16:16 < esotericnonsense> the answer is no, so I just end up reaching for python 16:16 < jcorgan> i liked Go's built-in concurrency and message passing 16:16 * sipa discovers the -j option to test_runner.py 16:16 < wumpus> sipa: +1 on Haskell, it's nice and pure but also I really like to understand how things map to the mechanical reality how things run on CPUs, and that's hard to grasp for me 16:16 * esotericnonsense has opened the rust tutorial again. 16:16 < gmaxwell> kallewoof: the dusting party was paying people that had existing outputs. 16:17 < esotericnonsense> I killed my vfio VM and can't be arsed to reboot the whole box to get it to work. heh 16:17 < gmaxwell> kallewoof: so if we automatically would spend that dust it would help and make the attacks less interesting. 16:17 < sipa> (maybe the language discussion is getting a bit off topic here; sorry for continuing it myself) 16:18 < gmaxwell> kallewoof: the forced avoidreuse is interesting too by my opinion is that off by default behavior is almost irrelevant from a privacy perspective. We should still do it, as part of a prinicipled commitment to privacy, but in practice if it's not on by default it's mostly not helping people. 16:18 < wumpus> yes, sorry, I don't really want to say much about language, except taht I increasingly dislike c++ and like rust 16:18 < gmaxwell> I think that probably it'll only be aggregatable signatures that really get us to where we need to be on that. 16:18 < kallewoof> gmaxwell: If I dust your bc1qgmax you will never use that "group" unless you turn on -avoidpartialspends, because using it will always give a higher fee. 16:19 < kallewoof> gmaxwell: with the "do if it gives same fee" feature, I mean. 16:19 < gmaxwell> kallewoof: not necessarily, because the alternative spend could have just as many but different inputs. 16:19 < kallewoof> But if it's dust, will that ever happen? 16:20 < gmaxwell> kallewoof: sure, you can miss by any amount, if your payment plus fees ends up being 5 satoshi short, then you're going to need another input and a dust one might be perfectly reasonsable. 16:21 < kallewoof> Sounds unusual but sure! :) I'll work on getting that back in. I am not sure the approach I had was reasonable though (doing the entire coin selection twice and comparing), esp for bigger wallets 16:23 < gmaxwell> kallewoof: why do you think it's unusual? I expect the amount missed in any coin selection to be a small value with a peak near zero. 16:24 < gmaxwell> And importantly, this really can be always on for everyone with effectively no compromise (beyond the development effort) 16:24 -!- OzPac [~OzPac@cpc110789-lewi20-2-0-cust636.2-4.cable.virginm.net] has joined #bitcoin-core-dev 16:24 < gmaxwell> It also can be generalized to a form where you'll pay extra for it by some configurable small amount, but not an unbounded amount extra... which is I suspect what joe-user probably wants. 16:24 -!- OzPac [~OzPac@cpc110789-lewi20-2-0-cust636.2-4.cable.virginm.net] has quit [Client Quit] 16:25 < kallewoof> Oh, that sounds pretty useful, yeah. 16:25 < kallewoof> The only compromise is that coin selection takes 2x the time. For big wallets I hear rumors that this may be a big deal actually 16:25 < kallewoof> I should probably make a big wallet and see for myself. 16:26 < gmaxwell> I don't think it would on those wallets. 16:26 < gmaxwell> Also if you hear rumors like that you should invite people to report them, there is a lot of rumor that turns out to be spurrious. 16:26 < kallewoof> I think it was rumors that came from some exchange. I don't know if they're comfortable revealing too much about their set up. 16:26 < gmaxwell> Considering that we used to sign in the coinselection loop and are now well over 100x faster for many input spends, I suspect we have headroom. :) 16:27 < kallewoof> Should be easy to test though. Just make a wallet with a ton of UTXOs 16:27 < kallewoof> Oh.. wow. 16:27 < gmaxwell> Right but the rumors aren't useful reports-- because they can't distinguish 'slow' being from things like signing in-loop for many input spends vs basic behavior. If businesses want to get behaior out of us, they need to behave like professionals. 16:28 < gmaxwell> kallewoof: also we could just have an option to turn it off if we're concerned... and the few parties that care could flip it. 16:30 < wumpus> yes, the problem has always been that the big users neither contribute actually useful reports, nor developers that optimize what is important for them 16:30 < kallewoof> gmaxwell: sdaftuar spoke against the feature in the original PR here: https://github.com/bitcoin/bitcoin/pull/12257#discussion_r204168100 ("I'm not sure that -avoidpartialspends works very well on wallets that have substantial address reuse, in particular I think you can devolve into cases where you'd produce giant transactions that take forever to sign and would never pass policy (or consensus) limits, in extreme cases.") 16:32 < kallewoof> The concern was partially mitigated by putting a cap on the UTXOs in a single group so maybe sdaftuar is cool with the idea now. 16:32 < wumpus> oh it's slow if you have tens of thousands of utxos, yea... that's awesome, no one that actually partakes in development uses it with that 16:33 -!- Krellan [~Krellan@50-242-94-241-static.hfc.comcastbusiness.net] has joined #bitcoin-core-dev 16:33 < gmaxwell> wumpus: it shouldn't be. 16:33 < wumpus> of course it shouldn't 16:33 < gmaxwell> kallewoof: re coinselection speed, another thing that used to make it slow is having a lot of unconfirmed outputs... we got 1000x fold speedups due to fixing it so that IsMine didn't have quasi-factorial complexity. 16:34 * kallewoof looks up quasi-factorial 16:34 < echeveria> from my experience people making a lot of these sort of claims don’t actually use the software at all, so keep that in mind too. I’ve had people sit and insist to me that the bitcoin wallet has all sorts of stupid behaviour I full well know it doesn’t. 16:35 < gmaxwell> I think we need to draw a line in the sand. If these large commercial players can't behave professionally enough to actually report their concerns (much less contribute effort to fix them and/or add test cases) we should ignore them... not fall into some rumor based development. 16:35 < wumpus> but I couldn't much be concerned about companies that make millions from using the software but contribute nothing back 16:35 < gmaxwell> Right. 16:35 < kallewoof> Makes sense to me 16:36 < echeveria> some of this comes from parties like blockchain.info who have frequently gone around conferences repeating stories of how they tried so hard to contribute to bitcoin core and were rejected for their efforts. 16:36 < gmaxwell> (I very much want their input for sure, but if they don't provide it.. they don't provide it. Unfortunately, my expirence with many bitcoin companies is that they have executives that have never actually used software in a commercial context before, much less open source... and they treat it like the android play store... an app doesn't do what you want, you swap out for another one). 16:37 < kallewoof> heh 16:37 < echeveria> now if that’s true or not I don’t know, but I’ve not seen that sort of behaviour. there’s some contributes in the source tree from people I wouldn’t want to be in the same room with- because they’re evaluated on their merit rather than where they are from. 16:37 < gmaxwell> hopefully optech will do a useful job in getting more input, but otherwise we should just do the best we can. :) 16:38 < gmaxwell> echeveria: I personally liked the one company going around telling everyone that bitcoin core constantly crashed, and then got shut up by a developer offering them a sizable bet that they couldn't report any crash... 16:39 < sipa> in particular about coin selection, one question that came out of optech was making coin selection code more accessible... which sounds to me like they're not using the built-in wallet, and thus won't ever observe the coin selection logic 16:39 < sipa> (that may be an overgeneralization) 16:49 -!- lnostdal [~lnostdal@77.70.119.51] has quit [Read error: Connection reset by peer] 16:56 -!- drexl [~drexl@cpc130676-camd16-2-0-cust445.know.cable.virginm.net] has quit [Quit: drexl] 17:13 < moneyball> gmaxwell on it 17:13 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Excess Flood] 17:13 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-core-dev 17:25 -!- commavir_ [~vir@23.226.237.192] has quit [Remote host closed the connection] 17:26 -!- esotericnonsense [~esotericn@unaffiliated/esotericnonsense] has quit [Read error: Connection reset by peer] 17:27 -!- esotericnonsense [~esotericn@unaffiliated/esotericnonsense] has joined #bitcoin-core-dev 17:34 -!- commavir [~vir@23.226.237.192] has joined #bitcoin-core-dev 17:53 -!- spinza [~spin@155.93.246.187] has quit [Quit: Coyote finally caught up with me...] 17:58 -!- laurentmt [~Thunderbi@185.242.6.5] has joined #bitcoin-core-dev 18:00 -!- satwo [~textual@c-73-58-177-197.hsd1.tn.comcast.net] has joined #bitcoin-core-dev 18:01 -!- laurentmt [~Thunderbi@185.242.6.5] has quit [Client Quit] 18:01 -!- spinza [~spin@155.93.246.187] has joined #bitcoin-core-dev 18:07 -!- Chris_Stewart_5 [~chris@unaffiliated/chris-stewart-5/x-3612383] has joined #bitcoin-core-dev 18:22 -!- jarthur [~jarthur@2605:6000:1019:41ab:b0cc:7566:f321:320] has joined #bitcoin-core-dev 18:25 -!- Krellan [~Krellan@50-242-94-241-static.hfc.comcastbusiness.net] has quit [Remote host closed the connection] 18:28 -!- grubles [~grubles@unaffiliated/grubles] has quit [Ping timeout: 246 seconds] 18:29 < sipa> MarcoFalke: i find it mildly annoying that the "this pull request conflicts with" messages cause those referenced PRs to be marked as recently updated 18:29 -!- satwo [~textual@c-73-58-177-197.hsd1.tn.comcast.net] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…] 18:33 -!- satwo [~textual@c-73-58-177-197.hsd1.tn.comcast.net] has joined #bitcoin-core-dev 18:41 < wumpus> it would be great if github had a way for bots to bypass those things 18:41 -!- fanquake [~fanquake@unaffiliated/fanquake] has joined #bitcoin-core-dev 18:41 < wumpus> add information to a PR but not spawn a notification or update metadata like taht 18:42 < gmaxwell> I've also been annoyed by that, fwiw. 18:47 -!- Krellan [~Krellan@50-242-94-241-static.hfc.comcastbusiness.net] has joined #bitcoin-core-dev 18:47 -!- Krellan [~Krellan@50-242-94-241-static.hfc.comcastbusiness.net] has quit [Remote host closed the connection] 18:47 -!- Krellan [~Krellan@50-242-94-241-static.hfc.comcastbusiness.net] has joined #bitcoin-core-dev 18:49 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-heaicvpvxgixjiro] has joined #bitcoin-core-dev 18:49 < bitcoin-git> [bitcoin] fanquake opened pull request #14579: [0.17] travis: Pin flake8 version to 3.5.0 (0.17...fix-the-linters) https://github.com/bitcoin/bitcoin/pull/14579 18:49 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-heaicvpvxgixjiro] has left #bitcoin-core-dev [] 18:49 < fanquake> wumpus If #14579 fixes the linters, could you merge it this morning? 18:49 < gribble> https://github.com/bitcoin/bitcoin/issues/14579 | [0.17] travis: Pin flake8 version to 3.5.0 by fanquake · Pull Request #14579 · bitcoin/bitcoin · GitHub 18:50 < fanquake> Would be good to get the tests back for 0.17 18:50 -!- satwo [~textual@c-73-58-177-197.hsd1.tn.comcast.net] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…] 18:50 < wumpus> fanquake: sure 18:51 < wumpus> if that doesn't fix the linters we should probably just disable them on the 0.17 branch 18:52 < fanquake> Looks like they are green now https://travis-ci.org/bitcoin/bitcoin/jobs/446468018 18:52 < fanquake> Shouldn 18:52 < wumpus> or at least that specific one 18:52 < fanquake> *Shouldn't have to wait for the other tests. 18:59 -!- bitconner [~conner@136.24.75.121] has quit [Ping timeout: 245 seconds] 19:03 -!- Krellan [~Krellan@50-242-94-241-static.hfc.comcastbusiness.net] has quit [Remote host closed the connection] 19:04 -!- grubles [~grubles@unaffiliated/grubles] has joined #bitcoin-core-dev 19:07 < MarcoFalke> sipa, the only thing I could do to solve this is "proxy" or "domainsquat" all github urls through the drahtbot domain 19:08 < MarcoFalke> but that seems eeeeh 19:10 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-uqbqqxxrdbmswqhv] has joined #bitcoin-core-dev 19:10 < bitcoin-git> [bitcoin] MarcoFalke pushed 2 new commits to 0.17: https://github.com/bitcoin/bitcoin/compare/eb2cc84a31fb...f13041f17b08 19:10 < bitcoin-git> bitcoin/0.17 f9fc08c fanquake: travis: Pin flake8 version to 3.5.0 19:10 < bitcoin-git> bitcoin/0.17 f13041f MarcoFalke: Merge #14579: [0.17] travis: Pin flake8 version to 3.5.0... 19:10 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-uqbqqxxrdbmswqhv] has left #bitcoin-core-dev [] 19:14 < fanquake> MarcoFalke Cheers 19:17 -!- AaronvanW [~AaronvanW@unaffiliated/aaronvanw] has quit [] 19:34 -!- dqx [~dqx@unaffiliated/dqx] has joined #bitcoin-core-dev 19:44 < jarthur> Was the new version of flake8 throwing new linting warnings? 19:47 < fanquake> jarthur In flake8 3.6.0 the pyflakes dependency was increased to > 2.0.0, which seemed to break a lot of the linting 19:48 -!- satwo [~textual@c-73-58-177-197.hsd1.tn.comcast.net] has joined #bitcoin-core-dev 20:00 -!- satwo [~textual@c-73-58-177-197.hsd1.tn.comcast.net] has quit [Quit: Textual IRC Client: www.textualapp.com] 20:38 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-fhpdwfsruijfxpoc] has joined #bitcoin-core-dev 20:38 < bitcoin-git> [bitcoin] sunshineYPH opened pull request #14581: 2018/08/spv rpc (master...2018/08/spv-rpc) https://github.com/bitcoin/bitcoin/pull/14581 20:38 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-fhpdwfsruijfxpoc] has left #bitcoin-core-dev [] 20:43 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-vewwfyjobfynrfbf] has joined #bitcoin-core-dev 20:43 < bitcoin-git> [bitcoin] fanquake closed pull request #14581: 2018/08/spv rpc (master...2018/08/spv-rpc) https://github.com/bitcoin/bitcoin/pull/14581 20:43 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-vewwfyjobfynrfbf] has left #bitcoin-core-dev [] 20:49 -!- schnerch_ [~schnerchi@p3EE1CA64.dip0.t-ipconnect.de] has joined #bitcoin-core-dev 20:52 -!- schnerchi [~schnerchi@p3EE1C6F7.dip0.t-ipconnect.de] has quit [Ping timeout: 252 seconds] 21:08 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-lpzrnuukgaxavpfw] has joined #bitcoin-core-dev 21:08 < bitcoin-git> [bitcoin] fanquake closed pull request #12656: Add scripts for doing gitian builds on any platform using VirtualBox + Vagrant + Packer (master...vagrant) https://github.com/bitcoin/bitcoin/pull/12656 21:08 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-lpzrnuukgaxavpfw] has left #bitcoin-core-dev [] 21:10 < provoostenator> jonasschnelli: ensuring that at least one person actually tests Gitian (QT) build, and then leaving "tACK bitcoind/QT on macOS/Windows/[favorite Linux distro]" seems like a good idea. 21:17 < provoostenator> In addition each release could have one Github issue where we post standard testing instructions ("go to bitcoincore.org, get rc..., etc) and let us know if it worked. It would be a noisy thread, but just one. 22:01 -!- fanquake [~fanquake@unaffiliated/fanquake] has quit [] 22:37 -!- Sinclai__ [~sinclair6@108-75-18-87.lightspeed.clmboh.sbcglobal.net] has joined #bitcoin-core-dev 22:38 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Excess Flood] 22:39 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-core-dev 22:39 -!- Sparklefairy22 [~Sparklefa@211.51.225.7] has joined #bitcoin-core-dev 22:39 < Sparklefairy22> With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/ 22:39 < Sparklefairy22> I thought you guys might be interested in this blog by freenode staff member Bryan kloeri Ostergaard https://bryanostergaard.com/ 22:39 < Sparklefairy22> Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate 22:39 -!- Sparklefairy22 [~Sparklefa@211.51.225.7] has quit [Remote host closed the connection] 22:40 -!- Sinclair6 [~sinclair6@2600:1702:4020:6be0:4147:d67c:bfba:da2b] has quit [Ping timeout: 252 seconds] 22:48 -!- jimpo_ [~jimpo@ec2-13-57-39-52.us-west-1.compute.amazonaws.com] has joined #bitcoin-core-dev 22:48 -!- Lightsword_ [~Lightswor@107.170.253.193] has joined #bitcoin-core-dev 22:49 -!- [b__b] [~b__b]@ec2-54-85-45-223.compute-1.amazonaws.com] has quit [Remote host closed the connection] 22:49 -!- [b__b] [~b__b]@ec2-54-85-45-223.compute-1.amazonaws.com] has joined #bitcoin-core-dev 22:50 -!- [b__b] [~b__b]@ec2-54-85-45-223.compute-1.amazonaws.com] has quit [Read error: Connection reset by peer] 22:50 -!- BashCo_ [~BashCo@unaffiliated/bashco] has joined #bitcoin-core-dev 22:50 -!- [b__b] [~b__b]@ec2-54-85-45-223.compute-1.amazonaws.com] has joined #bitcoin-core-dev 22:51 -!- commavir_ [~vir@23.226.237.192] has joined #bitcoin-core-dev 22:51 -!- roasbeef_ [~root@104.131.26.124] has joined #bitcoin-core-dev 22:51 -!- a5m0 [~a5m0@unaffiliated/a5m0] has quit [Disconnected by services] 22:51 -!- a5m0_ [~a5m0@unaffiliated/a5m0] has joined #bitcoin-core-dev 22:51 -!- [b__b] [~b__b]@ec2-54-85-45-223.compute-1.amazonaws.com] has quit [Read error: Connection reset by peer] 22:51 -!- [b__b] [~b__b]@ec2-54-85-45-223.compute-1.amazonaws.com] has joined #bitcoin-core-dev 22:53 -!- nehan_ [~nehan@14.80.229.35.bc.googleusercontent.com] has joined #bitcoin-core-dev 22:53 -!- [b__b] [~b__b]@ec2-54-85-45-223.compute-1.amazonaws.com] has quit [Remote host closed the connection] 22:53 -!- [b__b] [~b__b]@ec2-54-85-45-223.compute-1.amazonaws.com] has joined #bitcoin-core-dev 22:54 -!- Apocalyptic_ [~Apocalypt@unaffiliated/apocalyptic] has joined #bitcoin-core-dev 22:54 -!- [b__b] [~b__b]@ec2-54-85-45-223.compute-1.amazonaws.com] has quit [Read error: Connection reset by peer] 22:54 -!- Pat_Boy [xyz@192.99.249.194] has joined #bitcoin-core-dev 22:54 -!- [b__b] [~b__b]@ec2-54-85-45-223.compute-1.amazonaws.com] has joined #bitcoin-core-dev 22:55 -!- wraithm_ [~wraithm@unaffiliated/wraithm] has joined #bitcoin-core-dev 22:55 -!- Lightsword_ is now known as Lightsword 22:55 -!- Apocalyptic_ is now known as Apocalyptic 22:56 -!- Netsplit *.net <-> *.split quits: PatBoy, keymone, nehan, wraithm, commavir, JackH, dcousens, roasbeef, jimpo, adiabat, (+3 more, use /NETSPLIT to show all of them) 22:56 -!- Netsplit over, joins: dcousens 22:58 -!- CubicEarth [~CubicEart@c-73-181-185-197.hsd1.wa.comcast.net] has quit [Ping timeout: 246 seconds] 23:01 -!- keymone [~keymone@ip1f109c7a.dynamic.kabel-deutschland.de] has joined #bitcoin-core-dev 23:01 -!- CubicEarth [~CubicEart@c-73-181-185-197.hsd1.wa.comcast.net] has joined #bitcoin-core-dev 23:02 -!- adiabat [~adiabat@63.209.32.102] has joined #bitcoin-core-dev 23:02 -!- JackH [~laptop@host86-182-8-23.range86-182.btcentralplus.com] has joined #bitcoin-core-dev 23:03 -!- Soligor [~Soligor@unaffiliated/soligor] has joined #bitcoin-core-dev 23:14 -!- quijote [~dqx@unaffiliated/dqx] has joined #bitcoin-core-dev 23:15 -!- Cory [~Cory@unaffiliated/cory] has quit [Ping timeout: 250 seconds] 23:39 -!- Cory [~Cory@unaffiliated/cory] has joined #bitcoin-core-dev 23:45 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-esyypqbggmzrwsab] has joined #bitcoin-core-dev 23:45 < bitcoin-git> [bitcoin] kallewoof opened pull request #14582: wallet: try -avoidpartialspends mode and use its result if fees do not change (master...181026-try-avoidpartialspends) https://github.com/bitcoin/bitcoin/pull/14582 23:45 -!- bitcoin-git [bitcoin-gi@gateway/service/github.com/x-esyypqbggmzrwsab] has left #bitcoin-core-dev [] 23:52 -!- jarthur [~jarthur@2605:6000:1019:41ab:b0cc:7566:f321:320] has quit [Remote host closed the connection] 23:53 -!- jarthur [~jarthur@2605:6000:1019:41ab:b0cc:7566:f321:320] has joined #bitcoin-core-dev --- Log closed Fri Oct 26 00:00:47 2018