2015-01-04.log

--- Log opened Sun Jan 04 00:00:13 2015
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards00:11
-!- lclc_bnc is now known as lclc00:14
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 244 seconds]00:15
-!- lclc is now known as lclc_bnc00:17
-!- lclc_bnc is now known as lclc00:18
-!- adam3us [~Adium@c31-67.i07-8.onvol.net] has joined #bitcoin-wizards00:32
-!- cluckj [~cluckj@cpe-24-92-48-18.nycap.res.rr.com] has quit [Ping timeout: 255 seconds]00:38
-!- kristofferR [~kristoffe@208.37-191-147.fiber.lynet.no] has joined #bitcoin-wizards00:40
-!- vmatekole [~vmatekole@g227232254.adsl.alicedsl.de] has joined #bitcoin-wizards00:52
-!- bosma_ [~bosma@S01067cb21bda6531.vc.shawcable.net] has joined #bitcoin-wizards00:57
-!- op_mul [~op_mul@178.62.78.122] has joined #bitcoin-wizards00:59
-!- adam3us [~Adium@c31-67.i07-8.onvol.net] has quit [Quit: Leaving.]00:59
-!- bosma [~bosma@S01067cb21bda6531.vc.shawcable.net] has quit [Ping timeout: 240 seconds]01:00
-!- adam3us [~Adium@c31-67.i07-8.onvol.net] has joined #bitcoin-wizards01:02
-!- andy-logbot [~bitcoin--@wpsoftware.net] has quit [Remote host closed the connection]01:05
-!- andy-logbot [~bitcoin--@wpsoftware.net] has joined #bitcoin-wizards01:05
* andy-logbot is logging01:05
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards01:11
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 245 seconds]01:15
-!- bosma_ is now known as bosma01:15
-!- bosma is now known as Guest4081001:16
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:118d:3cda:742b:32c7] has quit [Ping timeout: 244 seconds]01:35
wumpuscurious that I hadn't heard of this before re: open source CPU architectures, a 64-bit one http://www.lowrisc.org/, the discussion on the tagged memory page also mentions CHERI01:42
-!- Guest40810 is now known as bosma01:43
-!- wallet42 [~wallet42@unaffiliated/wallet42] has joined #bitcoin-wizards01:48
-!- wallet42 [~wallet42@unaffiliated/wallet42] has quit [Client Quit]01:52
-!- wallet42 [~wallet42@unaffiliated/wallet42] has joined #bitcoin-wizards01:56
-!- fanquake [~anonymous@unaffiliated/fanquake] has joined #bitcoin-wizards01:56
-!- wallet42 [~wallet42@unaffiliated/wallet42] has quit [Quit: Leaving.]02:11
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards02:11
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 245 seconds]02:15
-!- MoALTz_ [~no@user-46-112-49-198.play-internet.pl] has quit [Quit: going back to sleep]02:21
-!- kristofferR [~kristoffe@208.37-191-147.fiber.lynet.no] has quit [Quit: Textual IRC Client: www.textualapp.com]02:24
-!- moa [~kiwigb@opentransactions/dev/moa] has quit [Quit: Leaving.]02:32
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards02:34
-!- vmatekole [~vmatekole@g227232254.adsl.alicedsl.de] has quit [Remote host closed the connection]02:42
-!- MoALTz [~no@user-46-112-49-198.play-internet.pl] has joined #bitcoin-wizards03:00
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:118d:3cda:742b:32c7] has joined #bitcoin-wizards03:08
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has joined #bitcoin-wizards03:10
-!- vmatekole [~vmatekole@g227232254.adsl.alicedsl.de] has joined #bitcoin-wizards03:11
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards03:11
-!- e1782d11df4c9914 [~e1782d11d@cpe-66-68-54-206.austin.res.rr.com] has quit [Ping timeout: 244 seconds]03:14
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 245 seconds]03:16
-!- Profreid [~Profreitt@gateway/vpn/privateinternetaccess/profreid] has joined #bitcoin-wizards03:18
-!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has quit [Ping timeout: 256 seconds]03:19
-!- Guest19027 [~Pan0ram1x@095-096-084-122.static.chello.nl] has quit [Ping timeout: 240 seconds]03:19
-!- e1782d11df4c9914 [e1782d11df@gateway/vpn/mullvad/x-qbelspgnotskqrfz] has joined #bitcoin-wizards03:20
-!- Pan0ram1x [~Pan0ram1x@095-096-084-122.static.chello.nl] has joined #bitcoin-wizards03:25
-!- Pan0ram1x is now known as Guest5233603:25
-!- e1782d11df4c9914 [e1782d11df@gateway/vpn/mullvad/x-qbelspgnotskqrfz] has quit [Ping timeout: 240 seconds]03:28
-!- e1782d11df4c9914 [e1782d11df@gateway/vpn/mullvad/x-eubqdwlmaglraihu] has joined #bitcoin-wizards03:30
-!- lclc [~lclc@bothniafur.com] has quit [Changing host]03:33
-!- lclc [~lclc@unaffiliated/lclc] has joined #bitcoin-wizards03:33
-!- d1ggy [~d1ggy@dslb-088-073-178-227.088.073.pools.vodafone-ip.de] has joined #bitcoin-wizards03:48
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards04:11
-!- cluckj [~cluckj@cpe-24-92-48-18.nycap.res.rr.com] has joined #bitcoin-wizards04:12
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 240 seconds]04:15
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]04:18
-!- Aquent [~Aquent@gateway/tor-sasl/aquent] has quit [Ping timeout: 250 seconds]04:31
-!- spinza [~spin@197.89.19.57] has quit [Ping timeout: 265 seconds]04:37
-!- spinza [~spin@197.89.19.57] has joined #bitcoin-wizards04:37
-!- spinza [~spin@197.89.19.57] has quit [Excess Flood]04:37
-!- spinza [~spin@197.89.19.57] has joined #bitcoin-wizards04:38
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:118d:3cda:742b:32c7] has quit [Ping timeout: 244 seconds]04:49
-!- wallet42 [~wallet42@unaffiliated/wallet42] has joined #bitcoin-wizards04:52
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has quit [Quit: iang]04:58
-!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has joined #bitcoin-wizards05:00
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards05:07
-!- hashtagg [~hashtagg_@69.23.213.3] has quit [Ping timeout: 255 seconds]05:08
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards05:11
-!- spinza [~spin@197.89.19.57] has quit [Ping timeout: 240 seconds]05:13
-!- spinza [~spin@197.89.19.57] has joined #bitcoin-wizards05:14
-!- spinza [~spin@197.89.19.57] has quit [Excess Flood]05:14
-!- spinza [~spin@197.89.19.57] has joined #bitcoin-wizards05:15
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 245 seconds]05:15
-!- hashtag_ [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has joined #bitcoin-wizards05:17
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards05:17
-!- askmike_ [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards05:19
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Read error: Connection reset by peer]05:19
-!- hashtag_ [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has quit [Ping timeout: 240 seconds]05:21
-!- askmike_ [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 240 seconds]05:23
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards05:24
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Read error: Connection reset by peer]05:26
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards05:26
-!- hashtag_ [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has joined #bitcoin-wizards05:29
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 240 seconds]05:30
-!- Arpp [~Arpp@gateway/tor-sasl/arpp] has joined #bitcoin-wizards05:33
-!- Arpp [~Arpp@gateway/tor-sasl/arpp] has quit [Remote host closed the connection]05:33
e1782d11df4c9914any serious implementations of MPC with respect to coinjoin anyone know of as being in development atm?05:38
op_mulMPC?05:46
op_muloh right.05:47
-!- d1ggy [~d1ggy@dslb-088-073-178-227.088.073.pools.vodafone-ip.de] has quit [Quit: Leaving]05:48
e1782d11df4c9914sorry, multiparty computation with respect to coinjoin05:49
e1782d11df4c9914are there any alts or bitcoin forks lying around in development? interested in the state of research05:49
op_mulif you're looking for interesting cryptography altcoins really aren't the place for it. Monero/Bytecoin has some interesting stuff going on with ring signatures, which seems to be the exception.05:50
e1782d11df4c9914right monero is what i was thinking of, but i'm not that interested in ring sigs, i understand its easier to implement than MPC, but i guess most of the research has been academic to date- just wondering if there were any whispers of ambitious implementers anywhere05:51
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards05:53
op_mulI can't speak for what anybody else is doing.05:55
op_mulas far as I can work out the trouble with coinjoin is always going to be peer discovery. no matter what you do, there's always going to be the danger of somebody flooding out your join with sybil joiners and discovering information about it.05:56
op_mulyou can't *lose* privacy that way, you just stand to gain none. you can't evaluate the quality of your privacy, either.05:59
e1782d11df4c9914i havent researched the literature too deeply with respect to coinjoin specifically, but couldnt you construct a scheme that requires joiners to construct a proof towards a challenge to help discourage sybil joiners?06:05
-!- askmike_ [~askmike@94.100.16.225] has joined #bitcoin-wizards06:06
e1782d11df4c9914or at least construct some requirement that makes sybil joiners uneconomical with respect to inclusion within a join06:07
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Read error: Connection reset by peer]06:07
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards06:07
-!- askmike_ [~askmike@94.100.16.225] has quit [Read error: Connection reset by peer]06:07
op_mulI'm not aware of any way of doing that06:08
e1782d11df4c9914ok06:08
op_mulany limiter you can come up with, I can scale to massive proportions06:08
op_mulif it's burning money, sure, I won't be doing that, but people also won't want to use it06:08
e1782d11df4c9914thats ok, just have to find some proof that makes it uneconomical to forge etc.06:09
-!- askmike_ [~askmike@94.100.22.70] has joined #bitcoin-wizards06:09
op_mulhuh?06:09
e1782d11df4c9914i'm sure some of the more dedicated minds have already thought of some alternatives, hopefully i can come back here with more discussion after some research06:10
-!- vmatekole [~vmatekole@g227232254.adsl.alicedsl.de] has quit [Remote host closed the connection]06:10
-!- askmike__ [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards06:11
op_mulfinding a bottleneck to exploit is nearly impossible, or impossible.06:11
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Read error: Connection reset by peer]06:11
-!- askmike_ [~askmike@94.100.22.70] has quit [Ping timeout: 250 seconds]06:14
-!- zooko`` [~user@c-75-70-204-109.hsd1.co.comcast.net] has joined #bitcoin-wizards06:22
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has joined #bitcoin-wizards06:24
-!- wallet421 [~wallet42@g226057074.adsl.alicedsl.de] has joined #bitcoin-wizards06:28
-!- wallet421 [~wallet42@g226057074.adsl.alicedsl.de] has quit [Changing host]06:28
-!- wallet421 [~wallet42@unaffiliated/wallet42] has joined #bitcoin-wizards06:28
-!- wallet42 is now known as Guest2545206:28
-!- Guest25452 [~wallet42@unaffiliated/wallet42] has quit [Killed (tepper.freenode.net (Nickname regained by services))]06:28
-!- wallet421 is now known as wallet4206:28
-!- zooko`` is now known as zooko06:31
-!- coiner [~linker@42.116.152.78] has joined #bitcoin-wizards06:32
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:118d:3cda:742b:32c7] has joined #bitcoin-wizards06:39
-!- NewLiberty_ [~NewLibert@2602:304:cff8:1580:118d:3cda:742b:32c7] has joined #bitcoin-wizards06:39
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]06:45
-!- NewLiberty_ [~NewLibert@2602:304:cff8:1580:118d:3cda:742b:32c7] has left #bitcoin-wizards ["Leaving"]06:47
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has quit [Quit: iang]07:00
-!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]07:31
-!- torsthaldo [torsthaldo@gateway/vpn/mullvad/x-wbdjumzpdljtngib] has joined #bitcoin-wizards08:21
-!- torsthaldo [torsthaldo@gateway/vpn/mullvad/x-wbdjumzpdljtngib] has quit [Client Quit]08:21
-!- vmatekole [~vmatekole@g227232254.adsl.alicedsl.de] has joined #bitcoin-wizards08:24
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has joined #bitcoin-wizards08:24
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has quit [Client Quit]08:24
Taek<justanotheruser> Sorry if this has been covered, but is storj following the original idea? If so, why does it need its own blockchain?08:27
Taek<jgarzik> justanotheruser, it is not following the original idea at all08:27
TaekWhat is the original idea?08:27
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has joined #bitcoin-wizards08:29
-!- fanquake [~anonymous@unaffiliated/fanquake] has left #bitcoin-wizards []08:34
sipaask gmaxwell08:38
Taekrelevant: http://garzikrants.blogspot.com/2013/01/storj-and-bitcoin-autonomous-agents.html08:40
jgarzik^08:42
Taekseems like the original idea was not decentralized?08:43
Taekas in, the storj code that's serving storage had to be run on trusted hardware, is only run in one place, and the customer has to figure out if the storj instance is trustworthy/08:44
Taek*?08:44
-!- a5m0 [~a5m0@unaffiliated/a5m0] has quit [Quit: No Ping reply in 180 seconds.]08:46
-!- a5m0 [~a5m0@unaffiliated/a5m0] has joined #bitcoin-wizards08:47
jgarzikTaek, the original idea has nothing to do with altcoins08:48
adam3usTaek: I dont see why you need an alt.  probably they dont, which means its an appcoin.  ie why do you think the storj ICO holders can expect the p2p users on the network to pay economic rent to the ICO holders.  they cant so what will happen in reality is someone will fork the network and pay for services at market rates in bitcoin.08:49
TaekI don't claim to know very much about stroj the altcoin, I've never properly groked their whitepapers08:50
Taekbut a nice feature of storage is an automatically enforced contract that penalizes a host if they can't prove they have the file08:51
adam3usTaek: havent read them. but sometimes when it makes your head hurt its because it doesnt compute :)08:51
op_mulI don't understand why people would want to use storj in it's current form08:52
op_mulyou pay people to store files you already have on your disk, and you've got to keep uploading them again to the network to repair it. might as well just buy some storage somewhere proper.08:52
adam3usTaek: its an observation that there are more things that it'd be nice to be able to robustly prove in a distributed system than we know how to enforce.  (and when you put fungibility money on top of it people are going to sysmtematically abuse any gaps in enforceability)08:53
Taekwe know how to make someone prove they have a file in a decentralized context08:54
adam3usTaek: i suspect most of these systems have that a) because its hard or in some cases impossible; and b) mostly they are enthusiastic or have their eye on marketing the ICO or coin pump more than coding; and c) they mostly dont know what they're doing.  (hence the white papers are mostly technobabble as gmaxwell calls it)08:54
op_mulTaek: well, that's sort of sticky. you can ask someone to prove *somebody* has a copy of a file, you can't prove a particular person has it.08:55
Taek"these systems have that" --> what is that?08:55
adam3usTaek: well can it be proxied for example?  can i pay someone a tiny payment to answer the question i relay them?08:55
adam3usTaek: technobabble08:55
Taekdo you care if the answer is proxied? As long as someone has your file you should be happy08:56
adam3usTaek: well you do if you're paying for redundancy08:56
Taekif you're worried about redundancy, you should encrypt a bunch of pieces after you encode them08:56
op_mulTaek: that's where all of these systems of "pay full nodes" fall down, which is a similar sort of concept. people want to pay nodes for storing data, but there's no way to prove they actually are.08:56
Taekthat way someone can't cheat by pretending to have multiple copies - they don't know how to decode the redundant files08:57
adam3usTaek: getting better, but now you're designing it for them.08:57
op_multhat doesn't prove many people have it though.08:57
Taekadam3us: designing it for storj?08:57
op_multhey could all be just me, and therefor the "redundancy" is worthless.08:57
adam3usop_mul: Taek means that you'd secret share it with high redundancy and hten store the unique shares once each08:57
op_mulif I had some magic cheap storage, sybiling the storj network would presumably be profitable.08:58
adam3usTaek: i dont know how storj works actually.08:58
op_muladam3us: they do something like that. encrypt the chunks uniquely for each host.08:58
adam3usop_mul: bingo.  the hard part is compactly proving storage.08:58
Taekop_mul: sybil attacks would be a concern. There are ways to mitigate that but no golden bullet08:58
op_mulyes, they do a challenge response system with "heatbeats".08:58
op_mulTaek: no there's not :)08:59
adam3usTaek: mitigate = systematically abused.08:59
Taekie each host locks coins away for a few moths to add weight to themselves08:59
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Ping timeout: 245 seconds]08:59
Taekadam3us: what do you mean by that?08:59
* op_mul giggles08:59
op_mulevery solution is the masternode one now, eh? :)08:59
adam3usTaek: say you want something to work but it doesn quite.  so you patch it up a bit ofr obvious things that occur to you.  you put fungibile money on top of it, some hacker makes swiss cheese of your "patch it up" stuff and brings the system down09:00
TaekI don't think masternode was the first one to have that idea. You wouldn't trust consensus to people with more storage, only files09:00
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards09:01
adam3usTaek: one way to compactly prove storage is to request a fiat-shamir transform over it with your challenge.09:01
adam3usTaek: i presume thats what the jgarzik / gmaxwell post is about.09:01
TaekI think that one requires someone who already has the data to pose the challenge right?09:02
jgarzikadam3us, StorJ as envisioned in the blog post an autonomous agent09:02
adam3usTaek: yes thats the problem09:02
jgarzikadam3us, not much to do with storage proofs or decentralization09:02
jgarzik*is an09:02
TaekThere's a weaker alternative using merkle trees. You can't make them prove they have the whole file but you can make them prove they have a segment, and anyone can pose the challenge09:03
TaekAsk for 1 random segment a day, and after a few weeks you're pretty convinced they have 99%+ of the data09:03
op_mulso? that's only proof for you09:03
op_multhat's a hell of a lot of data if every node is asking for proof of every chunk09:04
adam3usTaek: i presume you're talking about this http://storj.io/ and that yo're saying it has an alt or ICO behind it?09:04
op_muladam3us: yeah, they did some annoying crowd funding thing and made bank.09:05
Taekwhat is ICO?09:05
op_muladam3us: http://storj.io/crowdsale.html09:05
sipaTaek: initial coin offering09:05
adam3usTaek: marketing/branding for premine / presale09:05
Taekah09:05
adam3usTaek: there's a paper by coelho on a proof of work using storage.  vitalik had a go at tweaking it as dagger.  (still has tmto so he abandoned it)09:07
kanzureso since nobody has figured out a way to prove redundancy or anything, isn't this a principle agent problem for people running data centers or hosting services (like s3)?09:07
sipatmto?09:07
@gmaxwellTaek: " you can make them prove they have a" no you can't. You can have someone prove they have a segment, but its fully delegatable.09:07
op_multime memory tradeoff09:07
adam3usTaek: its related to proof of storage: http://hashcash.org/papers/merkle-proof.pdf09:07
op_mulsipa: I like ToMaTO as a term for that though.09:08
sipaTiMeTO, you mean?09:08
kanzuregmaxwell: i wonder if you could make the delegation obvious, or in such a way that relays/delegation can only pass on the original response, and not modify the pay-to info09:08
Taekyou say TiMeTO I say ToMaTO09:08
op_mulsipa: ToMaTO makes sense as a joke about the fruit though. TiMeTO is just odd.09:09
adam3uskanzure: they could ip-forward your request.09:09
@gmaxwellkanzure: sure you can make things where you can't secretly delegate... but mining in bitcoin is a sybil resistance mechnism, which storage queries can't substitute.09:09
@gmaxwellkanzure: I mean you can't make it secret from the party recieving the request.09:10
Taekwhy is it important if the service you are talking to is the service controlling the data?09:11
adam3usgmaxwell: maybe you could prove the miner knows a private key.  i think monero tries to do that maybe09:11
@gmaxwellkanzure: e.g. if the requests are always pseudorandom the request is H(nodeid||nonce) % range.09:11
@gmaxwellTaek: because the optimal solution otherwise is for there only to be one copy of the data.09:11
adam3usyou know one of these years an alt will invent something.  maybe. perhaps.09:12
@gmaxwellTaek: and if you've made this part of the incentives in a consensus system, the optimal solution is that one-archive starts filling the network with 'files' that contain nothing but H(secret||counter) which it, knowing the secret, can answer super cheaply without storing.09:12
kanzurehow did that "proof of deletion" thing work? /me looks09:12
kanzurehttp://diyhpl.us/~bryan/papers2/bitcoin/Deleting%20secret%20data%20with%20public%20verifiability.pdf09:13
Taekgmaxwell: only a problem if you're using storage as your means of consensus. Something I was trying to do a while ago but have since abandoned09:14
@gmaxwelladam3us: monero doesn't... and I don't think that helps, because the big disk could just be an unbounded number of identites.09:14
@gmaxwellTaek: I did say 'if', not because I had any knoweldge of you not doing that; but because it was promoted and I know it to be broken.09:15
-!- lclc is now known as lclc_bnc09:17
@gmaxwellkanzure: that proof of deletion isn't what it says it is. It seems to be a "I promise I'm deleting key x -- bob" such that if you later see anything decrypted with key x, you know it lied.09:18
-!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has quit [Quit: Leaving]09:18
@gmaxwellshould be called "promise of deletion" not "proof of deletion" :P09:19
-!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has joined #bitcoin-wizards09:21
Taekso, assuming you can't solve delegation, you can still have worthwhile proof of storage by encrypting your redundant copies before uploading them09:22
Taekyou have to be around to make your own repairs, but if you pick a high enough redundancy you don't have to be around often09:23
Taekand some redundancy schemes mean you don't even need the whole original file to make repairs: http://arxiv.org/pdf/1005.4178.pdf09:23
@gmaxwellTaek: yes, you can add redudancy but if there is no reason for it to be stored on multiple systems it may not be meaningful redundancy. (worse, it's hidden from you how non-redundant it is)09:25
adam3usTaek: i imagine if you can repair it you can compact it while removing redundancy and then simulate the redundancy in answer to the proof of storage and store more cheaply (but less redundantly)09:26
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards09:28
@gmaxwelladam3us: yes, thats solved by making everyone unable to repair it.09:28
adam3usTaek: and you need pretty high redundancy if you're storing in a p2p network with churn.09:28
adam3usgmaxwell: but then he's back to having to be around to repair his own files.09:29
-!- vmatekol_ [~vmatekole@f055081095.adsl.alicedsl.de] has joined #bitcoin-wizards09:35
TaekI imagine you'd want redundancy for any data you plan on storing, but it's true that you'd be uncertain about how much geographic redundancy you're getting. You'd know the phyiscal data existed N times but it could all be on the same platter09:36
@gmaxwelladam3us: which is what he said. :)09:36
@gmaxwellTaek: would be, because the system is vastly more efficient if there is only one copy.09:36
Taekbut also very unstable. I believe the general rule of thumb for corporations is 3 copies09:37
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has quit [Quit: iang]09:37
-!- vmatekole [~vmatekole@g227232254.adsl.alicedsl.de] has quit [Ping timeout: 255 seconds]09:38
adam3usgmaxwell: yeah that was a little circular.09:38
adam3usgmaxwell: at least i guess its clear it would be desirable to have the network able to repair, and not able to reduce redundancy while still collecting full storage fees, tho we dont know how to do that or if its possible.09:39
adam3usTaek: yeah what gmaxwell was saying up a bit was it'd all end up on one disk.09:40
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]09:42
op_muladam3us: I don't think it's possible, myself.09:42
TaekI think in practice there would be enough ways for a client to get the data in multiple places. You'd likely be falling back on layer 8 processes, but since the client is manually choosing who to rent storage from, it's not consensus critical09:42
michagogoIs it theoretically possible (yes, I know it's unlikely enough to the point that it may as well be considered impossible) to have 256 bits that SHA256 to themselves?09:50
op_mulI don't see why not.09:51
op_mulnot sure we know if any given output is actually possible or not though09:52
adam3usTaek: this is starting to sound less like a p2p system, with built in incentive or m2m fee based renting that you could let run without human intervention.  a hacker is going to get in there and rob the renters blind :)09:52
sipamichagogo: if it's a perfect random function, there is 63% chance for that :)09:52
sipa(1-1/e)09:52
adam3usop_mul: well maybe.. if u admit enough snark, obfuscation & fully homomorphic encryption09:54
adam3usop_mul: tho possibly not simply and not now09:54
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards10:03
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]10:05
-!- jtimon [~quassel@34.pool85-59-141.dynamic.orange.es] has quit [Ping timeout: 250 seconds]10:11
Taekadam3us: m2m?10:15
-!- jtimon [~quassel@16.pool85-53-130.dynamic.orange.es] has joined #bitcoin-wizards10:18
-!- eudoxia [~eudoxia@r167-56-16-102.dialup.adsl.anteldata.net.uy] has joined #bitcoin-wizards10:20
op_muladam3us: even if it worked I question the utility of such a service.10:24
-!- coiner [~linker@42.116.152.78] has quit [Ping timeout: 250 seconds]10:25
adam3usop_mul: people pay amazon for storage, they have some geo-redundant options also.  there are some p2p storage things that are a bit like this, though they dont try to be byzantine secure nor necessarily central control-free.10:26
Taekop_mul you could end up with somelike like Uber or Airbnb for storage, where lots of small parties collaborate to make something a lot more effective than a giant alternative10:26
adam3usop_mul: i used to work for mozy (well emc/vmware who bought mozy) who had a 50PB cloud storage and analysed a number of related systems including p2p ones.10:27
adam3usop_mul: eg spideroak (not p2p), then there's zooko's tahoeLAFS which is p2p, and another one or two who's names i forget10:27
-!- coiner [~linker@42.116.152.78] has joined #bitcoin-wizards10:27
op_mulwho cares if storage is p2p or not. peer to peer and decentralised systems are inefficient and expensive. I'd trust amazon glacier for backups more than I would any of these half baked IPO nonsense altcoins.10:28
-!- coiner [~linker@42.116.152.78] has quit [Max SendQ exceeded]10:28
op_mulif you encrypt your backups, it doesn't matter where they are stored so long as they exist in some form.10:29
Taekand as long as nobody decides to change their terms, jump their prices, or discontinue your service w/o refund for violating obscure TOS10:30
adam3usop_mul: well indeed ICO nonsense coins.  but tahoeLAFS for example is pure p2p and existed before bitcoin and has no alt associated.  i presume its sort of tit-for-tat economics like bittorrent.10:30
adam3usop_mul: the argument however may work in that amazon is arguably not that cheap in bulk if you're storing a lot and p2p could provide it cheaper.  there was also spacemonkey.com by a few ex-mozy guys https://www.spacemonkey.com/ that has an economic model (no altcoin, you pay for a service and you get the hw discounted)10:32
adam3usop_mul: with spacemonkey the p2p cloud is made by unused storage in the drives10:32
op_muladam3us: there's no reason to make things decentralised unless they absolutely need to be. the inefficiencies make it quite undesirable.10:34
Taekop_mul: decentralized perhaps not, but p2p is a different story. If you want to build 10,000 small datacenters in the US it's going to be very expensive, but if you're doing p2p you get that as a side effect10:36
op_mulI don't really follow there.10:37
TaekIn a system of p2p storage, you have hundreds to thousands of nodes distributed all over the world10:38
Taekthe distribution can be leveraged to get massive parallelism, and to keep files in a place that's geographically closest to you10:39
Taek(disregarding byzantine attacks)10:39
op_mullots of small nodes to me just says inefficiency.10:39
Taekeveryone has multiple nodes within 50ms10:39
Taekit's a lot cheaper to move bandwidth from idaho to idaho than it is from Seattle to idaho, or Ireland to idaho or wherever your massive datacenter is10:40
Taekand you get much stronger geographic redundancy10:41
op_mulI have no idea where those cities are. quite often you're not going to get people physically close to each other having a direct path. sometimes your file will go hundreds of KM off to some hub and then back again.10:42
op_mulI don't think, in that sort of situation, bandwidth cost is even a factor.10:42
Taekit's something that you can nonetheless optimize better if you have many small nodes as opposed to few large nodes10:42
@gmaxwellTaek: it's actually not always cheaper to move data short distances, it's cheaper to move data between hubs, because capacity costs scale by the muxing width.  E.g. It's (much) cheaper to have 100GBit/s to one fairly far destination then it is to have 1GBit/s connectivity to 100 moderate distance desitnations.10:42
Taekhmm10:43
@gmaxwellCost per megabit in the last mile is orders of magnitude higher than it is at the centers of networks.10:43
op_muland I'd have my gigabit port over 100 ADSL customers connections any day of the week.10:43
adam3usgmaxwell: and that argues for what op_mul is saying - its inherently bandwidth inefficient to use p2p storage.10:44
-!- jtimon [~quassel@16.pool85-53-130.dynamic.orange.es] has quit [Read error: Connection reset by peer]10:44
adam3usgmaxwell: the datacenter bw is way cheaper & you need higher redundancy because of peer churn.  lose^210:44
-!- jtimon [~quassel@16.pool85-53-130.dynamic.orange.es] has joined #bitcoin-wizards10:45
@gmaxwellyea, it is. It may achieve some 'useful' cost externalities (e.g. foolish providers who've sold all you can eat plans that are waiting to be exploited), but such solutions are not inherently stable since people often consider you a problem when you exploit the deal they gave you. :)10:45
adam3usgmaxwell op_mul and yet still bittorrent is still using the most bandwidth of any protocol clogging those slow /expensive ast mile links10:45
Taekis this wrong: with central nodes you travel the last mile once, but with p2p you travel it twice? Is it bounded at twice?10:46
@gmaxwellbramc probably does not recall, but many moons ago when bittorrent was new and I ran a public network; I wasted some number of cycles with him arguing that bittorrent should be more topology aware, because as designed it was very abusive of expensive last mile links, and it was going to cause providers to block/rate limit it because it'll break their networks. :P   ("I told you so.")10:47
@gmaxwell(though I think providers turned out to be less agressive than I expected, to be fair.)10:47
adam3usTaek: probably. and with bittorrent you travel it hundreds of times10:47
adam3usgmaxwell: if the isps knew what was good for them they'd install a mega torrent cache.10:47
@gmaxwellTaek: no, it's not just twice, its that the fact that you could _choose_ to go down any of many paths means that all paths have to have the capacity.10:47
@gmaxwelladam3us: yes, **ahem** some people went into business selling tools for caching and shaping after it became an issue; though it seems throttling it cheaper to deploy.10:48
adam3usgmaxwell: hearn was talking about micropayment hosted file sharing to kill bitcoin.  i had mentioned to him that he should maybe talk to bram about using it to improve tit for tat in bittorrent.10:49
op_mulTaek: the topography can be wildly different just depending on where it is. I know of one setup where houses in the same town have a 100ms, hundreds of kilometers round trip. in that case a P2P connection is going to have quite an impact.10:49
@gmaxwellTaek: costs in networks are related to the potential capacity, not the actual used capacity.10:49
wumpusadam3us: content-addressable-storages at hubs would be a nice optimization of the internet, I vaguely remember some plans, but I guess the economics doesn't work out10:49
Taekgmaxwell: in p2p is that a fair assessment? When you build a p2p network you assume the infrastructure is already in place and doing other things. You make use of the already existing capacity instead of building out more.10:51
-!- askmike__ [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Remote host closed the connection]10:51
Taekop_null: the other advantage to p2p/decentralization is that (in theory) it forces the price much closer to at-cost10:52
Taekright now, if I want to compete with s3, I need to build a reputation and grab customers10:52
Taekbut on Bitcoin, if I want to compete with a mining rig, I just have to plug in my cheaper hardware, no need to find customers10:53
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards10:54
@gmaxwellTaek: consider two cases: one where things are p2p and one where its client/server-ish. Say the usage increases and links are strained. In client/server there is one hotspot where you can put your upgrade costs, in p2p you have to upgrade many last mile links.  If the p2p was a spherical cow of perfect topology awareness and unbounded adaptivity, then I suppose you could purely upgrade some serve10:55
@gmaxwellr exactly like in the client/server model and it would figure it out, but real systems aren't like that.10:55
wumpusadam3us: I can't remember what it was called, but the realisation was that most of internet traffic is indeed the same files all over again, it involved clients requesting blocks of data by their hash, which are cached by intermediate parties as necessary10:55
@gmaxwellWorse, this traffic competes with other traffic which can't just move elsewhere... so for a low priority p2p thing it might be okay to just let the links saturate to all hell, thats not okay for the other traffic sharing the links.10:55
-!- user7779078 [user777907@gateway/vpn/mullvad/x-cyvyoejhorzmrxib] has joined #bitcoin-wizards10:56
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards10:56
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]10:56
@gmaxwell(it doesn't help that BT doesn't use erasure coding, so you can very easily bottleneck on a single piece. :( )10:57
@gmaxwell(freenet does much better, ignoring the fact that it's freenet and thus hardly works.)10:57
op_mulgmaxwell: ugh man not again. now I've got that song stuck in my head again.10:57
op_mulhttps://www.youtube.com/watch?v=eSMeUPFjQHc < every time you say erasure coding.10:58
@gmaxwellI have a couple erasure albums around here someplace.10:59
Taekgmaxwell: in my sphereical cow world, when two pieces of data are fighting for the same link, they compete on price and the one offering a higher payment gets higher priority. Humans can then tell where to add new lanes to maximize profit and can move p2p data to nodes with cheaper bandwidth11:00
Taekperhaps it wouldn't work so well in practice11:00
zookoHey folks, Tahoe-LAFS is related to your apparent interests.11:00
zookoHowever, I can't stay to read backlog carefully and chat because I have a date (!?!). :-)11:00
sipazooko: reading backlogs and chatting while having a date is totally in11:01
zookoHaha11:01
Taekif it's anything like my last date you can be buried in #wizards while she's buried in her facebook feed11:02
-!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has quit [Quit: you guys are trying to make me late for my date!]11:02
fluffyponyhah hah Taek11:02
wumpusadam3us: oh, found it: that project is called CCNx11:04
-!- epoche [~Glyphnote@2600:1004:b013:9f11:a46c:e148:441f:9ef9] has joined #bitcoin-wizards11:04
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has joined #bitcoin-wizards11:17
-!- askmike_ [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards11:20
phantomcircuitop_mul, how does one even construct a network in which there's 100ms rtt between physically close11:20
phantomcircuitnodes11:21
-!- askmike_ [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Read error: Connection reset by peer]11:21
phantomcircuitare there like 2 isps which dont have a peering point in town?11:21
-!- askmike_ [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards11:21
op_mulphantomcircuit: yep, exactly.11:21
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 250 seconds]11:22
@gmaxwellphantomcircuit: thats the topology you get when you block adjcent port traffic so you can enabled "lawful intercept", hurrah.11:23
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards11:23
phantomcircuitsigh11:23
phantomcircuitbtw maybe someone here knows of an easy way to do this11:24
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Read error: Connection reset by peer]11:24
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards11:24
phantomcircuiti've been trying to get the metadata for a torrent using just the info hash (ie through dht)11:24
phantomcircuitbut i cant find any simple tools to do this11:25
op_mulI had one at some point11:25
op_multhere's some command line tool that will get the metadata from a .torrent, or download it via DHT if you just give the hash. let me see if I can find it.11:26
-!- askmike_ [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 265 seconds]11:26
-!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Ping timeout: 250 seconds]11:29
op_mulphantomcircuit: duno. the tool does exist though.11:29
-!- Glyphnote_ [~Glyphnote@2600:1004:b013:9f11:60d0:515c:8a91:6231] has joined #bitcoin-wizards11:30
-!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #bitcoin-wizards11:31
-!- epoche [~Glyphnote@2600:1004:b013:9f11:a46c:e148:441f:9ef9] has quit [Ping timeout: 244 seconds]11:33
-!- wallet42 [~wallet42@unaffiliated/wallet42] has quit [Ping timeout: 240 seconds]11:38
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has quit [Quit: iang]11:40
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards11:43
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Remote host closed the connection]11:51
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards12:06
-!- Dizzle [~Dizzle@2605:6000:1018:c0f5:c520:6d92:eed6:44a9] has joined #bitcoin-wizards12:07
-!- wallet42 [~wallet42@unaffiliated/wallet42] has joined #bitcoin-wizards12:10
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]12:11
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards12:16
adam3usabout the btcd guys I finally replied to them (this is on a flame-laden bitcointalk thread where one of them replied in defence of why its not a problem for them to be risking breaking consensus) to suggest they listen to https://archive.org/details/The_Science_of_Insecurity_12:21
adam3usabout why language security between different implementations is a critical aspect of host security problems.  (any encoding of messages is a language of some kind).  the talk is academic and specifically talks about the problem.12:22
adam3usand invited them to talk about it (here or wherever) we'll see...12:22
-!- wallet42 [~wallet42@unaffiliated/wallet42] has quit [Ping timeout: 245 seconds]12:22
pigeonskind of reminds me of that android bug where the code to check the apk signature was in c and behaved differently than the java code in the installer12:23
-!- wallet42 [~wallet42@unaffiliated/wallet42] has joined #bitcoin-wizards12:24
gwillenpigeons: that was a wonderful bug, which I have personally exploited (it's pretty easy)12:24
adam3ustheir specific example was hilarious, using this mode of thinking, they wer eable to find 10 different ways to fool a CA into signing a domain name that was displayed & interpreted differently to the CA than the browser12:24
adam3usthat was another research referred to briefly.  but the actual talk is quite interesting and focussed on fundamental limits of security particularly undecidability, halting problem related concept, and what that means specifically for the way secure code should be written, and what things you should avoid.12:25
pigeonsyeah CAs is a good one, anything with ASN.112:27
adam3uspigeons: at some point she says *cough*ASN.1*cough* as an example of something with undecidable parsing12:27
gwillenadam3us: does she actually cough in the presentation? That's hilarious.12:33
adam3usgwillen: yep its at 28c3 so she's playing to the audience a bit about p0wnage.12:35
-!- vmatekol_ [~vmatekole@f055081095.adsl.alicedsl.de] has quit [Remote host closed the connection]12:35
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Remote host closed the connection]12:52
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Remote host closed the connection]12:55
-!- hashtagg_ [~hashtag@CPE-69-23-213-3.wi.res.rr.com] has quit [Ping timeout: 240 seconds]12:56
tacotimeadam3us: i'm here and from conformal too13:04
adam3ustacotime: you are? i thought u were talking about some other project a few days ago13:05
tacotimei mean, the number of btcd nodes running on the network right now is pretty minimal if i recall13:05
tacotimeyeah, i'm doing some non-specifically btcd-related stuff13:05
adam3ustacotime: well so the impression people had through the backchaneel is conformal was actively trying to persuade people to use btcd13:06
adam3ustacotime: davec on bitcointalk didnt seem to view that as a fork risk.13:06
tacotimeand i'm not sure any mining nodes are running it, which i think could be a risk if there was a fork of some kind. my overall opinion is that reimplementation of bitcoin in other languages can only strengthen core, and that if you're running a node that's consensus specific you may want to run bitcoind along side it to make sure they're both stuck on the same fork.13:07
tacotimeconformal would like people to use btcd, because they've tried to program their own user-demanded use cases into it and have spent a lot of money on the project. so it's sort of reasonable.13:08
adam3ustacotime: well whats not reasonable is breaking bitcoin consensus.13:09
wumpusany plans for btcd to use libbitcoinconsensus?13:09
adam3ustacotime: here's what davec said on bitcointalk13:09
tacotimebut i mean; that people are going to make daemons with other use cases is inevitable, e.g. coinbase which is on the ruby impl. that doesn't mean you shouldn't make sure your daemon isn't on the main fork.13:09
-!- hashtagg_ [~hashtag@CPE-69-23-213-3.wi.res.rr.com] has joined #bitcoin-wizards13:10
-!- lclc_bnc is now known as lclc13:10
adam3ustacotime: (about fork risk) this is a complete red herring and exists just as much with Bitcoin Core as it does with anything else.  The exact same thing can easily happen (and already has as you've noted) with Bitcoin Core. This is a real problem with the technology that needs to be solved independent of the number of implementations on the network.13:10
wumpusmaking daemons with other use cases is fine, but ideally they'd use the samme consensus code13:10
adam3ustacotime: (davec contd) In fact, working toward solutions which address this fundamental issue is necessary for Bitcoin Core too since it means mistakes there don't lead to undesirable consequences either.  The current approach is "well let's just hope it doesn't happen!" and frankly, that just isn't good enough.13:11
adam3ustacotime: which is not what i wanted to here, as thats outright confused and incorrect13:11
adam3ustacotime: "exists just as much with Bitcoin Core as it does with anything else." the point is we dont even care if its btcd consensus or bitcoin consensus (so long as btcd isnt horribly broken)… the point is making two consensus implementations compatible is *undecidable*13:13
adam3ustacotime: ie actually mathematically hard, bordering on impossible.  and he needs to understand that.13:13
-!- op_mul [~op_mul@178.62.78.122] has quit [Quit: Lost terminal]13:15
tacotimewell, yes, it's an impossibility. just as it's impossible to prove that bitcoind might not fork between versions or even the same versioned binary.13:18
adam3ustacotime: anyway i wasnt trying to be hostile (to you nor davec) but encouraged him to listen to meredith patterson on language security as it applies to the fundamental limits of host security (lang sec as in parsing messages and equal processing when thats critical) https://archive.org/details/The_Science_of_Insecurity_13:18
-!- Dizzle [~Dizzle@2605:6000:1018:c0f5:c520:6d92:eed6:44a9] has quit [Quit: Leaving...]13:19
tacotimewumpus: not as of yet, we're retooling the consensus code but afaik we're on our own fork of that.13:19
adam3ustacotime: ie listen to her because she knows what she's talking about and maybe there's some mistaken assumption that bitcoincore is trying to compete with btcd.13:19
wumpusadam3us: it's fine to compete on everything else, but competing one the consensus code just doesn't make sense, we should aim to unify that between all node implementations13:20
tacotimewell, i think there'd just previously been a lot of cliquey-ness between conformal and the bitcoin core developers, and before we felt excluded from being considered part of core development. gmaxwell now hangs out on our servers and communicates with us on issues, which is good.13:20
adam3uswumpus: exactly.13:20
adam3ustacotime: a written and public confirmation that they would never encourage anyone to use btcd consensus critical code alone (without being overridden in case of dispute by libbitcoinconsensus) would go some way towards things.  cos thats kind of not what davec who says he's the team lead was saying on bitcointalk a day ago13:22
tacotimehow does libbitcoinconsensus handle reorgs? or is that considered an implementation specific thing?13:22
wumpustacotime: it doesn't go that deep yet13:22
wumpustacotime: as of 0.10 it just verifies transactions13:22
tacotimeI think it's a bad idea to handle that in the consensus lib13:23
tacotimebecause there are a lot of ways to do that13:23
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards13:23
tacotimeI think single-chain verification would be ideal13:23
adam3ustacotime: what i said to davec was if he was being constructive he could help work on libbitcoinconsensus for example13:23
tacotimeadam3us: well, one of the goals of btcd is a complete reimplementation entire in golang13:23
wumpustacotime: the idea is to support the API at multiple levels; so the lowest has been implemented now, verifying transactions13:24
adam3ustacotime: its a very very very bad idea to reimplement the consensus part.13:24
tacotimewumpus: ah, ok13:24
wumpustacotime: the highest level will likely include utxo management of some kind13:24
adam3ustacotime: i suggest he listen to the meredith patterson presentatoin on langsec and then come talk about it.13:24
wumpustacotime:  handling reorganizations may be a step too far, although it needs to be roll-back-able13:24
tacotimeadam3us: well, we wanted partially for people to make their own alts with btcd, as experimental coins, though this hasn't really happened yet. in that use case it's not as big an issue.13:25
-!- askmike_ [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards13:25
-!- laurentmt [~chatzilla@89-93-131-89.hfc.dyn.abo.bbox.fr] has joined #bitcoin-wizards13:25
adam3ustacotime: you can go fork alts all you want as far as i'm concerned. tho there is money on some of them.  but if they're using btcd only, that seems fine.13:25
wumpustacotime: see https://github.com/bitcoin/bitcoin/blob/0.10/doc/release-notes.md#consensus-library13:25
-!- askmike__ [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards13:26
tacotimeadam3us: well i can talk to them about external syncing to bitcoind to ensure consensus. there's nothing in there for that yet i think, but it shouldn't be hard to program btcd to call bitcoind's api and make sure something hasn't gone pete tong.13:27
tacotimewumpus: thx13:27
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 256 seconds]13:27
tacotimeand i'll forward davec this conversation.13:28
adam3ustacotime: i think its not safe to do otherwise.  personally i would think if they are actually going around persuading people to use btcd in isolation it would be justified to protect bitcoin users to issue a warning to bitcoin businesses and to the press.  its not a joking thing13:28
-!- askmike_ [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 256 seconds]13:29
adam3ustacotime: seems kind of a shitty thing to say, and i'm not being hostile to you (nor davec etc) but sometimes people just wont listen until they get bad press.  eg coinvalidation seemed that way.13:29
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has joined #bitcoin-wizards13:30
-!- askmike__ [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 256 seconds]13:31
tacotimeadam3us: well, i mean, soon we're not even using leveldb anymore, so the risk of a fork may yet be real.13:32
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Quit: This computer has gone to sleep]13:32
adam3ustacotime: you might want to look at what davec is saying on bitcointalk https://bitcointalk.org/index.php?topic=68655.msg9998327#msg999832713:32
wumpusthe specific database used as backend is unlikely to create a fork, although as was shown with berkeleydb it's possible for bugs in the database to create behavior differences13:33
-!- MoALTz_ [~no@user-46-112-49-198.play-internet.pl] has joined #bitcoin-wizards13:33
justanotheruser"It has been publicly stated many, many times that it is being coded because the ecosystem severely needs multiple diverse implementations if Bitcoin is ever going to truly flourish to the level we all want it to. " -- do you need to reimplement consensus to have multiple implementations?13:34
wumpusbut most likely a fork would be caused by a subtle difference in transaction validation, script interpretation, etc, which is likely if you reimplement in a different language13:34
-!- MoALTz [~no@user-46-112-49-198.play-internet.pl] has quit [Ping timeout: 255 seconds]13:35
-!- wallet42 [~wallet42@unaffiliated/wallet42] has quit [Quit: Leaving.]13:35
wumpusjustanotheruser: consensus is just not something you can compete on, it's either the same or it's broken13:36
adam3uswumpus: from the langsec presentation i'd imagine thats undecidable and hence extremely complex to avoid small differences. (and those even if tiny or boundary can of course be systematically abused to the detriment of whoever is on the wrong side of the fork)13:37
justanotheruserwumpus: I agree for the most part. If we could somehow prove that one implementation would always evaluate the same as another and it was implementated more efficiently then that may be useful.13:38
wumpusbut re: leveldb, it is not a given that bitcoin core will keep using leveldb for all eternity either, though there are no plans to switch either, it works fine and isn't a bottleneck at the moment13:38
adam3usi think the langsec talk is worth listening to, encourage people interested in this topic to watch, i found it altered my opinion for the worse about the hopes of making a compatible implementation when it really mattered.  https://archive.org/details/The_Science_of_Insecurity_13:38
wumpusadam3us: agreed13:39
tacotimei would agree that whatever is currently your mainchain needs to evaluate and validate the same across the entire network.13:39
wumpusjustanotheruser: you mean to be able to sync the chain faster? that's dominated by secp256k1 verifications anyhow13:39
tacotimeby whatever the dominant implementation is.13:39
justanotheruserwumpus: I qualified it with it being more efficient because a less efficient implementation is bad for consensus in a different way13:40
kanzureperhaps it would be useful to insist on byte-by-byte compatibility in the binary that runs consensus code (because otherwise everyone misinterprets it as a "control freak" thing)13:40
kanzures/everyone/gullible people13:40
tacotimei'm not sure if there's debate at all as to whether that should be c++. there seems to be a lot of issues as to what language is good for writing blockchain consensus things.13:41
kanzures/compatibility/duplication13:41
wumpustacotime: there is no 'should be' debate, for better or worse the consensus code is specific c++13:41
tacotimewell, if you were to do it over, i mean.13:41
wumpustacotime: I'd rather have something else too, but the problem of potential incompatibility will exist in whatever language you decide to rewrite it in, that's the problem13:42
tacotimesatoshi made the choice for us w/r/t bitcoin.13:42
wumpustacotime: at least c++ is pretty low-level and can be bound to many other languages13:42
tacotimewumpus: true13:42
wumpustacotime: would have been worse if it was, say, java13:42
tacotimeit's easy to hook into golang13:42
justanotheruserI would bet that there are optimizations to the consensus code that can be done safely, but doing them safely would require a ton of research and auditing.13:43
tacotimei would have reservations with satoshi if he had written it in java13:43
kanzureright, mutual self-incompatibility is already a big enough problem, and then incompatibilities and differences between non-byte-exact implementations is an additional level of headache13:43
wumpusjustanotheruser: as I said above, the slowest part of validation is secp256k1, which is well defined13:43
justanotheruserwumpus: are you saying that is a possible optimization?13:44
wumpusjustanotheruser: that's where optimization should be concentrated, not the tricky dangerous verification code13:44
justanotheruserwell that is part of the consensus code13:44
wumpusjustanotheruser: no argument there13:45
wumpuskanzure: requiring it to be byte-exact the same may be a requirement too far, but I don't know13:46
kanzurewell, it needs to be something more specific for others to think about other than "they are not us" (i know that's not what you mean, but that's what it will be interpreted as)13:48
-!- wallet42 [~wallet42@unaffiliated/wallet42] has joined #bitcoin-wizards13:48
tacotimeehm, don't we already have that by the deterministic builds?13:48
wumpuskanzure: I've done some experiments in compiling the consensus code to a neutral, well-defined bytecode architecture, e.g. Moxie, maybe that will make a good immutable definition at some point13:48
kanzurewumpus: i think that squawking about that sort of plan and direction would be much more useful than the alternative things to say to the press13:49
kanzure(i may be misinterpreting what has been proposed as the messaging, for which i apologize, but also i'll bbl)13:49
wumpuskanzure: the rest of the devs don't really agree with me, but I'd be happy to see the consensus code in a separate well-guarded repository, so that it can be easier shared between node implementations, and it's easier to keep track of changes13:49
kanzureno that's not the contentious issue there13:49
-!- Dr-G [~Dr-G@gateway/tor-sasl/dr-g] has joined #bitcoin-wizards13:50
wumpuskanzure: alternative things? I'm not talking about anything to the press13:51
kanzureah i'm confusing a separate conversation from yesterday, forgive me13:52
wumpuskanzure: keeping this thing on the rails is enough work without making a media circus13:52
kanzureyep understood13:52
justanotheruserIs there some btcd thing in the news are something?13:56
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards14:03
-!- Profreid [~Profreitt@gateway/vpn/privateinternetaccess/profreid] has quit [Quit: Profreid]14:04
adam3usjustanotheruser: no i said something offhand on another bitcointalk thread about btcd, and someone who it turns out is the btcd lead davc replied so we were discussing davec reply with tacotime who apparently works with btcd14:06
adam3usjustanotheruser: eg https://bitcointalk.org/index.php?topic=68655.msg9998327#msg999832714:06
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has quit [Quit: iang]14:16
-!- siervo [uid49244@gateway/web/irccloud.com/x-vemcsspcgbevmbpt] has joined #bitcoin-wizards14:23
-!- op_mul [~op_mul@178.62.78.122] has joined #bitcoin-wizards14:31
-!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has joined #bitcoin-wizards14:32
-!- catlasshrugged [~satoshi-u@63.142.161.3] has quit [Ping timeout: 244 seconds]14:32
justanotheruseroh, thanks14:36
adam3usjustanotheruser: i guess if they inadvertenly forked bitcoin, that'd be negatively newsworthy :|14:37
justanotheruserThis is why there needs to be some Bitcoin best practices webpage that some of the core developers sign. For media purposes you can say "experts have agreed that doing this is a bad practice..."14:39
Taekwumpus: I like the idea of setting a firm definition for consensus in something like moxie.14:40
adam3usjustanotheruser: i thought gmaxwell already spent a lot of time talkign with them, so they actually know.  maybe davec was just irritated by the offhand nature of my remark (in an unrelated thread) and so said some not so advisable things in response. but what he said doesnt sound on the face of it like he agrees even yet.14:41
adam3usTaek: i agree.  moxie bytecode vm is a cool idea.  for that and some other things also.14:41
adam3usTaek: (other things in bitcoin) eg it can enforce deterministic execution of extensions that are coded in its bytecode.14:42
justanotheruseradam3us: yeah, but news media isn't going to cite obscure forum posts and obviously the btcd crew isn't going to change their mind14:42
-!- catlasshrugged [~satoshi-u@208-58-112-15.c3-0.upd-ubr1.trpr-upd.pa.cable.rcn.com] has joined #bitcoin-wizards14:42
justanotherusereven if davec backs down, reddit will probably have some quasi-activism to get btcd funded14:43
adam3usjustanotheruser: well i dont think it'd be wise to escalate it, but sure they would coindesk , even reddit noise, those rags are printign all kinds of alt-coin technobabble so they're obviously short of content14:44
adam3usjustanotheruser: cointelegraph, etc there's 1/2 a dozen of them.14:44
adam3usjustanotheruser: i think btcd is already funded, though its not public afaik (not that i tried to find out particularly hard short of asking davec - which he declined to answer)14:45
justanotheruserI'm more concerned about forbes. If they could cite bitcoin.org/bestpractices as saying to not use a consensus reimplementation such as btcd, it is less negative14:46
justanotheruserpeople would end up thinking "these people did something unsafe" rather than "bitcoin is unsafe"14:46
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:118d:3cda:742b:32c7] has quit [Ping timeout: 265 seconds]14:46
-!- siervo [uid49244@gateway/web/irccloud.com/x-vemcsspcgbevmbpt] has quit []14:47
-!- laurentmt [~chatzilla@89-93-131-89.hfc.dyn.abo.bbox.fr] has quit [Quit: ChatZilla 0.9.91.1 [Firefox 34.0.5/20141126041045]]14:51
adam3usjustanotheruser: sounds like a good idea to me.14:51
adam3usjustanotheruser: could even cite the patterson presentation.  probably she has some journal publication on it also.14:52
op_muljustanotheruser: btcd is almost certainly funded.14:55
op_multhey wouldn't go to all that trouble for no reason14:56
adam3ustacotime: said further up that they'd spent a lot of money building btcd (including some user requestsed features) so now they wanted to promote it to people which he thought was fair enough.  so that was the start of the discussion of well yes thats fair enough but please not the consensus part14:57
phantomcircuitop_mul, im 90% sure someone working on it told me it was funded, but cant remember who...14:57
adam3usjustanotheruser: i meant.  just sentence started with tacotime.14:57
adam3usphantomcircuit: its still a bit of a mystery about who or why.  seemingly to include user requested features into it and somehow monetize that i guess. but davec seem reluctant to say14:58
op_mulit's an odd choice really.14:58
phantomcircuitit wouldn't be unreasonable to build a server optimized for random access of various bits of the blockchain14:59
phantomcircuitbut i cant understand why you would bother with the consensus code14:59
* op_mul rolls eyes14:59
op_mulphantomcircuit: coinbase did it for you! 300GB of SQL, optimised everywhere. https://bitcoin.toshi.io/14:59
phantomcircuiti got a nice laugh at the 300GB14:59
tacotimegood god15:00
phantomcircuitthey failed to take advantage of the indexing stuff postgresql can do15:00
phantomcircuitlike15:00
phantomcircuitcompletely and entirely failed15:00
tacotimebtcd performs better than that heh. i think we have some of the lowest mem usage amongst implementations iirc15:00
phantomcircuitit's really easy to setup the address stuff as character arrays with indexes that can run efficiently against them15:01
phantomcircuitbut instead they have a weird normalized/denormalized structure15:01
phantomcircuit(i presume because doing this right is basically impossible using the rails orm)15:01
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has quit [Remote host closed the connection]15:01
adam3ushere's what davec said about funding and why on https://bitcointalk.org/index.php?topic=68655.msg9998327#msg999832715:02
@gmaxwellop_mul: it's addressing a different application space; perhaps not a well advised one, but at least it's not using a ton of space because it straight up stupid.15:02
adam3usphantomcircuit: "First, both of these are completely irrelevant.  No one knows who Satoshi was/is, yet that isn't a problem for Bitcoin Core.  So, even if every single contributor were unknown (they're not as you can find the names of every contributor on github), why would it be a problem for btcd when it isn't for Bitcoin Core?"15:02
phantomcircuitlulz15:02
adam3usphantomcircuit: oh the why was separate "It has been publicly stated many, many times that it is being coded because the ecosystem severely needs multiple diverse implementations if Bitcoin is ever going to truly flourish to the level we all want it to.  ...15:03
adam3usphantomcircuit: … Thinking that a single implementation controlled by a handful of people is a good scheme for a system that is supposed to take over the World's monetary supply is just not very forward thinking.  This has been covered ad naseum."15:03
adam3usphantomcircuit: the first comment was "a) no one knows who's funding them" and the second one was "c) no one knows why they are coding it;" so you can see those are pretty much NON answers.15:04
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has joined #bitcoin-wizards15:04
phantomcircuitwhich kind of makes sense... but only from a very very high level and only if restricted to being used only be people willing to accept a huge risk to themselves and who are incapable of projecting that risk onto others (ie miners)15:04
adam3usphantomcircuit: exactly.  my response was "about why consensus is hard, and more so for two different implementations, here are two presentations first on language security as it applies to host security and software compatibility and second on bitcoin consensus.  The first is quite eye opening even for security researchers (ie people who are experts in host security)."15:05
op_mulgmaxwell: I don't really follow what, though. if it's meant to be the backend for services (for whatever reason they're not using a normal wallet), wouldn't just a handful of address based index make more sense?15:05
adam3usphantomcircuit: language security https://archive.org/details/The_Science_of_Insecurity_15:05
adam3usbitcoin consensus programming https://www.youtube.com/watch?v=on5ySFK0aoY#t=39m50s15:05
adam3usphantomcircuit: "Have a listen, particularly to the first one and then we can discuss further (here or PM or bitcoin-dev or #bitcoin-wizards or whereever).  I am genuinely interested to help resolve the discrepancy of opinion around this, as its actually to my mind significantly misunderstood, and dangerous for bitcoin."15:06
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards15:06
-!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has quit [Ping timeout: 240 seconds]15:06
-!- JonTitor [~superobse@unaffiliated/superobserver] has quit [Ping timeout: 240 seconds]15:06
op_mulgmaxwell: if you're trying to do stats or something with it, you can do it with no additional storage at all with a block chain scanner.15:06
adam3usbtw the second link if you rewind it is an hour of BlueMatt presenting on bitcoin in general.  at 39m50s he dives into "please dont reimplement consensus its a really, really bad idea" sub-topic15:07
@gmaxwellop_mul: the problem arises when you won't or can't make a clean boundary about what data is presented, and so you may have to efficiently service ramdom access to anything; and there is no compact way to index that.15:07
-!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has joined #bitcoin-wizards15:07
BlueMattadam3us: that talk is wayyyy below people in this room, I think15:07
-!- JonTitor [~superobse@unaffiliated/superobserver] has joined #bitcoin-wizards15:07
adam3usBlueMatt: arf, i thought it was pretty good. btw did the pebble guy tell you anything afterwards? (guy who jumped in with obscure consensus algorithm comment at one point)15:08
adam3usBlueMatt: (lurkers might find it educational anyway.)15:09
-!- lclc is now known as lclc_bnc15:10
-!- wallet42 [~wallet42@unaffiliated/wallet42] has quit [Quit: Leaving.]15:14
-!- iang [~iang@cpc3-lewi16-2-0-cust561.2-4.cable.virginm.net] has quit [Quit: iang]15:16
-!- zer0veritas [zer0verita@c-67-185-255-98.hsd1.wa.comcast.net] has joined #bitcoin-wizards15:17
-!- wallet42 [~wallet42@unaffiliated/wallet42] has joined #bitcoin-wizards15:17
midnightmagicBlueMatt: your description of future-coding for internal redundancy in cooperative agents will benefit from the following result: 1. Blecher PM. On a logical problem. Discrete Mathematics. 1983;43(1):107-110. doi:10.1016/0012-365X(83)90026-2.15:19
midnightmagichttp://magicrulesunpaa6.onion/Blecher-1983-On_a_logical_problem.pdf for fulltext15:22
midnightmagicAlso note the massive cite tree hanging over that. The other (less pure IMO) results are a fascinating tree of similar results dating back to von Neumann: R. L. Dobrushin and S. I. Ortyukov, Lower bound for the redundancy of self-correcting arrangements of unreliable functional elements, Prob. Inf. Trans. 13 (1977), 59􏰈65.15:25
midnightmagicand von Neumann's, for search a complete cite tree: J. von Neumann, Probabilistic logics and the synthesis of reliable organisms from unreliable components, in ``Automata Studies'' (C. E. Shannon and J. McCarthy, Eds.), pp. 329􏰈378, Princeton Univ. Press, Princeton, NJ, 1956.15:28
-!- zer0veritas [zer0verita@c-67-185-255-98.hsd1.wa.comcast.net] has left #bitcoin-wizards []15:28
-!- wallet42 [~wallet42@unaffiliated/wallet42] has quit [Quit: Leaving.]15:31
midnightmagicAnd I can get all the fulltext of this various stuff if you find something and can't find the fulltext wherever.15:31
phantomcircuitadam3us, in general i think having alternative implementations which nobody relies upon for correctness is a good thing, because if done correctly they find a bunch of bugs15:33
phantomcircuithowever i dont really see this happening15:33
phantomcircuitmostly just because that's a lot of work with little to no reward15:33
adam3usphantomcircuit: agree. they might find bugs in bitcoind for example.15:33
-!- happycamper [~textual@104-96.105-92.cust.bluewin.ch] has joined #bitcoin-wizards15:35
midnightmagicor they get too busy tracking down and eliminating bugs in their own code because they can't survive artificial memory pressures15:35
* midnightmagic grumbles15:35
-!- Glyphnote_ [~Glyphnote@2600:1004:b013:9f11:60d0:515c:8a91:6231] has quit [Quit: Leaving]15:36
-!- wallet42 [~wallet42@unaffiliated/wallet42] has joined #bitcoin-wizards15:36
-!- eudoxia [~eudoxia@r167-56-16-102.dialup.adsl.anteldata.net.uy] has quit [Quit: Leaving]15:45
-!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has quit [Remote host closed the connection]15:51
-!- Shiftos [~shiftos@gateway/tor-sasl/shiftos] has joined #bitcoin-wizards16:00
-!- MoALTz [~no@user-46-112-49-198.play-internet.pl] has joined #bitcoin-wizards16:01
-!- MoALTz_ [~no@user-46-112-49-198.play-internet.pl] has quit [Ping timeout: 244 seconds]16:03
-!- happycamper [~textual@104-96.105-92.cust.bluewin.ch] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]16:19
-!- MoALTz_ [~no@user-46-112-49-198.play-internet.pl] has joined #bitcoin-wizards16:20
-!- zooko [~user@2601:1:8a82:7f00:71a3:e149:8329:9c23] has joined #bitcoin-wizards16:20
-!- MoALTz [~no@user-46-112-49-198.play-internet.pl] has quit [Ping timeout: 244 seconds]16:22
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Remote host closed the connection]16:30
-!- MoALTz__ [~no@user-46-112-49-198.play-internet.pl] has joined #bitcoin-wizards16:36
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:118d:3cda:742b:32c7] has joined #bitcoin-wizards16:37
-!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]16:37
-!- MoALTz_ [~no@user-46-112-49-198.play-internet.pl] has quit [Ping timeout: 245 seconds]16:38
-!- MoALTz_ [~no@user-46-112-49-198.play-internet.pl] has joined #bitcoin-wizards16:40
-!- MoALTz [~no@user-46-112-49-198.play-internet.pl] has joined #bitcoin-wizards16:41
-!- catlasshrugged [~satoshi-u@208-58-112-15.c3-0.upd-ubr1.trpr-upd.pa.cable.rcn.com] has quit [Quit: Leaving]16:41
-!- rusty [~rusty@pdpc/supporter/bronze/rusty] has joined #bitcoin-wizards16:42
-!- MoALTz__ [~no@user-46-112-49-198.play-internet.pl] has quit [Ping timeout: 265 seconds]16:43
-!- MoALTz [~no@user-46-112-49-198.play-internet.pl] has quit [Max SendQ exceeded]16:44
-!- MoALTz_ [~no@user-46-112-49-198.play-internet.pl] has quit [Ping timeout: 240 seconds]16:44
-!- MoALTz [~no@user-46-112-49-198.play-internet.pl] has joined #bitcoin-wizards16:45
-!- pgokeeffe [~pgokeeffe@101.165.93.194] has joined #bitcoin-wizards16:48
-!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards16:49
-!- pgokeeffe [~pgokeeffe@101.165.93.194] has quit [Ping timeout: 245 seconds]16:53
-!- adam3us [~Adium@c31-67.i07-8.onvol.net] has quit [Quit: Leaving.]16:55
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards16:55
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 256 seconds]17:00
-!- zooko [~user@2601:1:8a82:7f00:71a3:e149:8329:9c23] has quit [Ping timeout: 244 seconds]17:00
-!- CodeShark [~textual@cpe-76-167-237-202.san.res.rr.com] has joined #bitcoin-wizards17:08
CodeSharkHow do we design a decentralized consensus protocol that is generally extensible while minimizing the need for hardforks?17:09
-!- jps [~Jud@23-122-17-11.lightspeed.brhmal.sbcglobal.net] has joined #bitcoin-wizards17:09
CodeSharki.e. extensible headers and abstract data types seem like a good start17:10
-!- jgarzik [~jgarzik@unaffiliated/jgarzik] has quit [Remote host closed the connection]17:17
-!- jgarzik [~jgarzik@unaffiliated/jgarzik] has joined #bitcoin-wizards17:18
-!- tacotime [~mashkeys@198.52.200.63] has quit [Ping timeout: 255 seconds]17:22
justanotheruserCodeShark: maybe we could allow people to transfer wealth between different blockchains with different rules where the blockchains aren't in consensus with each other, but there is consensus within each individual blockchain17:29
justanotheruserI think thats actually being implemented17:29
-!- hashtagg_ [~hashtag@CPE-69-23-213-3.wi.res.rr.com] has quit [Ping timeout: 240 seconds]17:30
justanotheruserWe can't allow people to vote on the rules or you have NaS problems. We could allow miners to decide the rules, but everyone would have SPV security. What you are left with is what I just mentioned17:30
-!- hashtagg_ [~hashtag@CPE-69-23-213-3.wi.res.rr.com] has joined #bitcoin-wizards17:30
CodeSharksidechains can help bootstrap the development...but I think my question is less about the decision process in adding improvements - more about how to design the protocol such that deploying such improvements amounts to just flipping a switch17:36
CodeSharkwell, I guess there are two issues here - one is how the implementation itself is distributed...the other is how we switch over to it with as little disruption to the existing network as possible17:40
kanzureyou mean each user/operator flips the switch, or who flips?17:41
CodeSharkthat's still an open issue - assuming we had a solution to this issue17:41
justanotheruserCodeShark: who decides what new consensus rules are valid?17:42
-!- moa [~kiwigb@opentransactions/dev/moa] has joined #bitcoin-wizards17:42
justanotheruserthe miners? the stake holders? A not-sybil-resistant majority of nodes? A central authority?17:42
CodeSharkwell, right now it's the core developers, I suppose17:42
CodeSharkbut setting that issue aside17:42
justanotheruserno, the miners decide softforks17:42
justanotheruserthere have been no hardforks17:43
CodeSharkthe miners decide on softforks that are proposed by the core developers17:43
justanotheruseror they could decide on softforks proposed by a homeless guy17:43
rustyjustanotheruser: yes, there was, and the miners resolved that too.  In the end, you need miner consensus, but you also need user consensus if your bitcoins are to be worth anything.17:44
CodeSharkbut for the sake of discussion, imagine we had a procedure in place for reaching consensus on new protocol rules17:44
CodeSharkmy question is more about the mechanism for its deployment17:44
justanotheruserrusty: what hardfork17:44
CodeSharkeveryone agreed "yes, I love feature X - let's add it"17:44
rustyjustanotheruser: the large block hardfork.  https://bitcoin.org/en/alert/2013-03-11-chain-fork17:44
CodeSharkwe have an implementation for it and it's been tested17:44
CodeSharknow how do we deploy?17:45
justanotheruserrusty: that wasn't a hardfork to my understanding17:45
CodeSharkactually, miners didn't resolve that one - and it was a hardfork due to a bug17:45
justanotheruserCodeShark: see above17:46
rustyjustanotheruser: not a deliberate one, no... and CodeShark, they certainly did, by downgrading.17:46
CodeSharkminers did so by STRONG encouragement from the core devs17:46
justanotheruserafaik, that was more of a softfork if you can call it that17:46
CodeSharkmany miners would have liked to just stay on the nonbuggy chain17:46
CodeSharkthe majority of hashing power was on the nonbuggy chain17:47
rustyCodeShark: in pettycoin, I had a features field in the tx and the block.  Default implementation of miner set the features field corresponding to the majority of txs in the block.  If a feature got a supermajority in a fortnight block, the version number was bumped 4 weeks  later (ie. you got warning that a change was coming).17:47
justanotheruserthe problem was that 0.7 broke consensus with itself. There was a database bug that meant that it wasn't deterministically in consensus with itself.17:48
justanotheruser0.3 still can still achieve consensus with 0.9.317:48
rustyjustanotheruser: new clients accept and old clients don't == hardfork.  I don't know what else to call it.17:49
CodeSharkor at least the rules were not really known, even if deterministic17:49
CodeSharkif everyone implements the same bug which changes consensus rules, the implemented rules become the *real* rules17:49
justanotheruserrusty: some 0.7 clients still worked17:49
justanotheruserrusty: 0.7 broke consensus with itself.17:50
CodeSharkanyhow, there hasn't really been a deliberate hardfork, has there?17:51
justanotheruserno17:51
rustyjustanotheruser: true, you could configure it to break consensus, but that's hardly relevant.  Your question requires analysis of the various players, and we have one real data point.  Insisting any one of users/miners/devs has/hasn't power is an oversimplification.17:52
justanotheruserhere is discussion on what 0.7-0.8 was (it's pretty short) http://hastebin.com/ofuqizomuw.xml17:53
e1782d11df4c9914that langsec video was very enlightening, to whomever had posted it up above17:54
justanotheruser0.8 was a non-deterministic-hardfork-softfork-non-deterministic-hardfork-deterministic-softfork-fork17:54
CodeSharkhah17:55
rustyCodeShark: See the P2SH deployment BIP (16).  That method is probably the one which would be used in future, given it worked.17:55
justanotheruserp2sh deployment was a softfork and no one broke consensus...17:56
justanotheruserit's completely different. You just need a majority of miners to upgrade and no one gets hurt. In a hardfork *everyone* needs to upgrade.17:56
justanotheruserIf a hardfork is completely necessary, you should make it so it is active in the amount of time that hurts the collective users the least. The way you can hurt the users is A) through the entire userbase not upgrading in time and suffering the consequences the hardfork was trying to prevent or B) users not upgrading fast enough and breaking consensus17:58
justanotheruserreally, what do you need a hardfork for though?17:58
rustyjustanotheruser: >1MB blocks will be a hardfork, AFAICT.17:59
rustyjustanotheruser: weakening SHA256 would be another, but that's more speculative.17:59
justanotheruserrusty: I don't think a blocksize increase will happen, but I could be wrong17:59
justanotheruserIncreasing the blocksize only solves the problem until the transaction volume matches up with the blocksize once again18:00
justanotheruserand its a controversial hardfork.18:01
rustyjustanotheruser: I disagree; I think it will happen.  I think the controversy means it will be done in some minimal way (eg. ceiling increased at some set rate) with no other changes despite the temptation to break everything at once.18:02
@gmaxwellCodeShark: I think your mental model for how things work is at best outdated. We (bitcoin core people) no longer even have contact information for anywhere near a majority of the hashrate anymore.18:03
CodeSharkgmaxwell: I remember there having been first consensus amonst the core devs to downgrade during that incident...then a big effort to get all the big mining pools to downgrade18:04
CodeSharknot saying such an approach is still doable, let alone desirable18:04
@gmaxwellrusty: 0.7 was inconsistent with _itself_.  Many (most?) 0.7 nodes happily also accepted the new chain, I haven't checked recently but I wouldn't be surprised if unmodified pre 0.8 would sync up the current chain now, it did for a long time into 0.8, only to sometimes fail on reorg depending on the particulars of the nodes past state.18:04
moaif transactions rates die the ceiling will not need to be lifted arbitrarily18:05
CodeSharkgmaxwell: I also remember there being an offer extended to the mining pools who lost bitcoins to compensate them from Bitcoin Foundation funds18:05
@gmaxwellCodeShark: go look at the log :) , downgrading was proposed by one of the large mining pools (luke), on the basis of it being compatible with more of the running hosts e.g. the path that was not a hard fork.18:05
CodeSharkluke is more of a core dev than a large mining pool :P18:06
@gmaxwellAt the time we didn't know the split was non-determinstic and mistook it for a plain hardfork.18:06
@gmaxwellCodeShark: and there wasn't a "big effort" slush (who'd triggered the event and elu. were already in the room; and with luke they were a supermajority of the hashrate.) The whole thing was partially as much of a shitshow as it was because miners were running software that was inconsistent with the vast majority of the network (as they updated quickly).18:08
CodeSharkgmaxwell: details aside, I think it's a scenario that most of us would like to generally avoid18:09
@gmaxwelljustanotheruser: BIP16's deployment was minorly consensus breaking. A better example would be BIP34.18:09
rustygmaxwell: Ah, thanks for the clarification.  I only read the alert and the summary, which imply it's all 0.7 vs all 0.8.18:09
@gmaxwelljustanotheruser: there were some number of orphan blocks because the transactions BIP16 made invalid were IsStandard.18:10
moait was actually a good example of how the miners will not hardfork onto a minority branch18:10
@gmaxwellrusty: the summary was written before it was really completely misunderstood. Oh well. It's so widely misunderstood now that I'm sure that'll become the "truth" in the history books.18:11
@gmaxwellmoa: I agree.18:11
moaat least the ones that were awake18:11
rustygmaxwell, moa: yeah, if bitcoin fails we don't need to worry about hardforks? :)18:11
rusty(Oh, I was responding to moa's previous comment re: tx rates dying)18:12
@gmaxwellrusty: Basically implicit BDB behavior would make it take upto 2x the number of locks depending on the layout of the records on disk, which was not a pure function of the blockchain-- depended on things like startup/shutdown history and reorgs.18:12
@gmaxwellrusty: 0.7 could happily have had this fault all on its own even if 0.8 was never released. (the triggering event wasn't 0.8 either, it was slush upping his maximum block size after being bugged by someone)18:13
@gmaxwell( https://bitcointalk.org/index.php?topic=149668.0 )18:14
@gmaxwellCodeShark: I think whas justanotheruser was saying was basically that if sidechains are successful they remove that issue. You make your changes to a sidechain and then move things onto it, so there is no flag day; not in terms of decision or approval, and not in terms of a technical software transistion.18:17
-!- Nightwolf [~Nightwolf@unaffiliated/nightwolf] has quit [Read error: Connection reset by peer]18:28
-!- Dr-G2 [~Dr-G@gateway/tor-sasl/dr-g] has joined #bitcoin-wizards18:30
CodeSharkgmaxwell: what about the security model?18:30
CodeSharkgmaxwell: I suppose you'd also need to get miners to switch over to the new chain18:31
-!- Dr-G [~Dr-G@gateway/tor-sasl/dr-g] has quit [Ping timeout: 250 seconds]18:33
BlueMatt;;later tell adam3us yes, the pebble guy and I had a marginally useful discussion afterwards18:33
BlueMattnanotube: wtf, where's gribble?18:34
BlueMattdidnt it used to be here18:34
BlueMatt?18:34
@gmaxwellno.18:35
CodeSharkgmaxwell: how's OP_SIDECHAINPROOFVERIFY coming along?18:35
BlueMattD=18:35
-!- jps [~Jud@23-122-17-11.lightspeed.brhmal.sbcglobal.net] has quit [Quit: jps]18:38
-!- catlasshrugged [~satoshi-u@208-58-112-15.c3-0.upd-ubr1.trpr-upd.pa.cable.rcn.com] has joined #bitcoin-wizards18:49
-!- catlasshrugged [~satoshi-u@208-58-112-15.c3-0.upd-ubr1.trpr-upd.pa.cable.rcn.com] has quit [Client Quit]18:49
-!- catlasshrugged [~satoshi-u@208-58-112-15.c3-0.upd-ubr1.trpr-upd.pa.cable.rcn.com] has joined #bitcoin-wizards18:49
-!- wyager [~wyager@cpe-24-160-153-232.satx.res.rr.com] has joined #bitcoin-wizards18:53
-!- Dizzle [~Dizzle@cpe-72-182-36-12.austin.res.rr.com] has joined #bitcoin-wizards18:54
-!- coiner [~linker@42.116.152.78] has joined #bitcoin-wizards19:06
CodeSharkI take my earlier comment regarding switching miners to the new chain back - obviously the way to do it would be to merge mine the two19:17
CodeShark(assuming the consensus model is essentially unchanged)19:18
-!- wyager [~wyager@cpe-24-160-153-232.satx.res.rr.com] has quit [Quit: wyager]19:27
-!- Starduster_ [~guest@unaffiliated/starduster] has joined #bitcoin-wizards19:28
-!- hashtagg [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has joined #bitcoin-wizards19:28
-!- spinza [~spin@197.89.19.57] has quit [Ping timeout: 240 seconds]19:29
-!- spinza [~spin@197.89.19.57] has joined #bitcoin-wizards19:29
-!- spinza [~spin@197.89.19.57] has quit [Excess Flood]19:29
-!- spinza [~spin@197.89.19.57] has joined #bitcoin-wizards19:30
-!- spinza [~spin@197.89.19.57] has quit [Excess Flood]19:30
-!- hashtag [~hashtag@CPE-69-23-213-3.wi.res.rr.com] has joined #bitcoin-wizards19:30
-!- hashtagg_ [~hashtag@CPE-69-23-213-3.wi.res.rr.com] has quit [Ping timeout: 240 seconds]19:31
-!- hashtag_ [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has quit [Ping timeout: 240 seconds]19:31
-!- Starduster [~guest@unaffiliated/starduster] has quit [Ping timeout: 240 seconds]19:31
-!- spinza [~spin@197.89.19.57] has joined #bitcoin-wizards19:31
-!- jps [~Jud@23-122-17-11.lightspeed.brhmal.sbcglobal.net] has joined #bitcoin-wizards19:31
phantomcircuitgmaxwell, so question, a pow function that does have forward progress should be fairly trivial right? just feed a hash function back into itself x times19:33
phantomcircuithmm yeah that would be entirely trivial19:34
-!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has joined #bitcoin-wizards19:37
-!- user7779078 [user777907@gateway/vpn/mullvad/x-cyvyoejhorzmrxib] has quit [Remote host closed the connection]19:46
-!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has joined #bitcoin-wizards19:47
-!- wyager [~wyager@cpe-24-160-153-232.satx.res.rr.com] has joined #bitcoin-wizards19:49
-!- wyager [~wyager@cpe-24-160-153-232.satx.res.rr.com] has quit [Client Quit]19:50
-!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has quit [Ping timeout: 240 seconds]19:52
trompphantomcircuit: the original Momentum proposal (find a hash collision between any two nonces) is progress-full19:58
tromp(the hash output was limited to 50 bits)19:59
phantomcircuitfor anybody wondering this is not really for a pow19:59
-!- coiner [~linker@42.116.152.78] has quit [Ping timeout: 264 seconds]20:04
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 265 seconds]20:18
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards20:19
-!- Dyaheon- [~dya@83-25-196-88.dyn.estpak.ee] has joined #bitcoin-wizards20:22
-!- guest7399 [~guest@5ED11658.cm-7-2a.dynamic.ziggo.nl] has joined #bitcoin-wizards20:22
-!- Dyaheon [~dya@83-25-196-88.dyn.estpak.ee] has quit [Ping timeout: 240 seconds]20:23
-!- tacotime [~mashkeys@198.52.200.63] has joined #bitcoin-wizards20:23
-!- Starduster_ [~guest@unaffiliated/starduster] has quit [Ping timeout: 240 seconds]20:25
-!- adam3us [~Adium@c31-67.i07-8.onvol.net] has joined #bitcoin-wizards20:35
-!- wserd [5fd38811@gateway/web/cgi-irc/kiwiirc.com/ip.95.211.136.17] has joined #bitcoin-wizards20:38
-!- guest7399 [~guest@5ED11658.cm-7-2a.dynamic.ziggo.nl] has quit [Ping timeout: 240 seconds]20:56
-!- adam3us [~Adium@c31-67.i07-8.onvol.net] has quit [Quit: Leaving.]21:15
-!- coiner [~linker@115.79.55.177] has joined #bitcoin-wizards21:17
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards21:19
-!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has joined #bitcoin-wizards21:35
-!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has quit [Ping timeout: 250 seconds]21:41
rustyIs there a variant of atomic swaps which can tolerate tx malleability?21:43
rusty(Or am I misunderstanding the proposal in Appendix C of the sidechains paper, which seems subject to refund breakage via txmal).21:44
-!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has joined #bitcoin-wizards21:45
-!- jps [~Jud@23-122-17-11.lightspeed.brhmal.sbcglobal.net] has quit [Quit: jps]21:45
@gmaxwellrusty: malleability will be at the senders option in bitcoin in a couple months-ish.21:48
-!- user7779_ [user777907@gateway/vpn/mullvad/x-aldplgulhmkezhlt] has joined #bitcoin-wizards21:49
@gmaxwellThere are two things ongoing which both seperately address this (BIP62 and BIP65).21:49
-!- Dizzle [~Dizzle@cpe-72-182-36-12.austin.res.rr.com] has quit [Quit: Leaving...]21:50
rustygmaxwell: right, so we're assuming that's solved.  Fair enough, but a footnote in the sidechains paper would have been nice.    I found the https://en.bitcoin.it/wiki/Atomic_cross-chain_trading which doesn't  mention this caveat either.21:50
-!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has quit [Ping timeout: 244 seconds]21:50
@gmaxwellrusty: pretty sure we actually mention it in there at some point and cite bip62.21:52
rustygmaxwell: hmm... CHECKLOCKTIMEVERIFY does avoid the refund TX nicely and simplifies the protocol.21:52
@gmaxwellrusty: there are other dodges, at the expense of complexity. There is a BCT post from me where I describe how to partially blind the refund which makes it so an attacker has to go after _all_ transactions rather than just one.  But it's enough extra to worry about that I don't normally mention it. (but you asked for variants) https://bitcointalk.org/index.php?topic=303088.021:55
rustygmaxwell: not in appendix C. The only reference I can find is in 5.1.1 talking about things that could  be done in sidechain experiments.21:55
@gmaxwellrusty: ah, darn, well thats an error of the sort that creeps in from a "did we remember to point out {foo}" spotchecks. :-/21:57
@gmaxwellI think also at the time that text was written we expected the paper to be published later relative to BIP62.21:57
rustygmaxwell: thanks for the confirmation, at least I'll mention in my 1-page description of atomic swaps.21:58
-!- op_mul [~op_mul@178.62.78.122] has quit [Quit: Lost terminal]22:15
-!- zooko` [~user@c-75-70-204-109.hsd1.co.comcast.net] has joined #bitcoin-wizards22:15
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Quit: This computer has gone to sleep]22:16
-!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has quit [Ping timeout: 245 seconds]22:17
-!- gavink [uid60113@gateway/web/irccloud.com/x-zesecevohuyezuol] has joined #bitcoin-wizards22:50
-!- rusty [~rusty@pdpc/supporter/bronze/rusty] has quit [Ping timeout: 265 seconds]22:53
-!- user7779_ [user777907@gateway/vpn/mullvad/x-aldplgulhmkezhlt] has quit [Remote host closed the connection]22:56
-!- Profreid [~Profreitt@gateway/vpn/privateinternetaccess/profreid] has joined #bitcoin-wizards22:59
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:118d:3cda:742b:32c7] has quit [Ping timeout: 244 seconds]23:15
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has joined #bitcoin-wizards23:16
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards23:18
-!- askmike [~askmike@ip241-209-210-87.adsl2.static.versatel.nl] has quit [Ping timeout: 244 seconds]23:20
-!- cbeams [~cbeams@unaffiliated/cbeams] has joined #bitcoin-wizards23:25
-!- fanquake [~anonymous@unaffiliated/fanquake] has joined #bitcoin-wizards23:35
-!- wallet42 [~wallet42@unaffiliated/wallet42] has quit [Quit: Leaving.]23:44
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:118d:3cda:742b:32c7] has joined #bitcoin-wizards23:57
--- Log closed Mon Jan 05 00:00:13 2015

Generated by irclog2html.py 2.15.0.dev0 by Marius Gedminas - find it at mg.pov.lt!