2015-01-09.log

--- Log opened Fri Jan 09 00:00:17 2015
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]		00:04
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]		00:04
-!- MoALTz_ [~no@user-109-243-165-112.play-internet.pl] has quit [Quit: Leaving]		00:12
-!- lclc is now known as lclc_bnc		00:22
-!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has quit [Quit: Leaving]		00:23
-!- Dizzle [~Dizzle@2605:6000:1018:c04a:a87c:587:9965:90b] has quit [Quit: Leaving...]		00:24
-!- adam3us [~Adium@c31-67.i07-8.onvol.net] has joined #bitcoin-wizards		00:36
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards		00:41
-!- SubCreative is now known as Sub\|zzz		00:43
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards		00:47
-!- lclc_bnc is now known as lclc		00:47
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards		00:47
-!- bendavenport [~bpd@c-50-131-42-132.hsd1.ca.comcast.net] has quit [Quit: bendavenport]		00:59
-!- andy-logbot [~bitcoin--@wpsoftware.net] has quit [Remote host closed the connection]		01:05
-!- andy-logbot [~bitcoin--@wpsoftware.net] has joined #bitcoin-wizards		01:05
* andy-logbot is logging		01:05
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]		01:08
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards		01:09
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:709c:9bb5:57c1:18d6] has quit [Ping timeout: 265 seconds]		01:19
-!- moa [~kiwigb@opentransactions/dev/moa] has quit [Quit: Leaving.]		01:20
-!- hashtagg [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has quit [Ping timeout: 252 seconds]		01:22
-!- hashtagg [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has joined #bitcoin-wizards		01:22
-!- lclc is now known as lclc_bnc		01:35
-!- CoinMuncher [~jannes@178.132.211.90] has joined #bitcoin-wizards		01:38
-!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has joined #bitcoin-wizards		01:49
-!- nullbyte [WW@gateway/vpn/mullvad/x-yljruxuocayzjhei] has quit [Ping timeout: 245 seconds]		01:56
-!- nullbyte [~WW@193.138.219.233] has joined #bitcoin-wizards		01:58
-!- nullbyte [~WW@193.138.219.233] has quit [Changing host]		01:58
-!- nullbyte [~WW@unaffiliated/loteriety] has joined #bitcoin-wizards		01:58
-!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards		02:03
-!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 264 seconds]		02:07
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]		02:08
-!- nullbyte [~WW@unaffiliated/loteriety] has quit [Ping timeout: 265 seconds]		02:17
-!- nullbyte [WW@unaffiliated/loteriety] has joined #bitcoin-wizards		02:19
-!- nullbyte [WW@unaffiliated/loteriety] has quit [Changing host]		02:19
-!- nullbyte [WW@gateway/vpn/mullvad/x-lscqvxvefqmdmafy] has joined #bitcoin-wizards		02:19
-!- yamamushi [~yamamushi@opentransactions/dev/yamamushi] has joined #bitcoin-wizards		02:21
-!- lclc_bnc is now known as lclc		02:24
-!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		02:27
-!- vmatekole [~vmatekole@f055011083.adsl.alicedsl.de] has joined #bitcoin-wizards		02:36
-!- austeritysucks [~AS@unaffiliated/austeritysucks] has quit [Ping timeout: 256 seconds]		02:40
-!- Quanttek [~quassel@ip1f112539.dynamic.kabel-deutschland.de] has joined #bitcoin-wizards		02:44
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards		02:48
-!- vmatekole [~vmatekole@f055011083.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]		02:56
-!- vmatekole [~vmatekole@f055011083.adsl.alicedsl.de] has joined #bitcoin-wizards		02:56
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]		03:05
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards		03:05
-!- Graftec [~Graftec@gateway/tor-sasl/graftec] has quit [Remote host closed the connection]		03:14
-!- lclc is now known as lclc_bnc		03:14
-!- Graftec [~Graftec@gateway/tor-sasl/graftec] has joined #bitcoin-wizards		03:14
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]		03:19
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards		03:22
-!- GAit [~lnahum@enki.greenaddressit.p3.tiktalik.io] has joined #bitcoin-wizards		03:27
-!- nessence [~alexl@178.19.221.38] has joined #bitcoin-wizards		03:49
-!- eudoxia [~eudoxia@r179-25-152-180.dialup.adsl.anteldata.net.uy] has joined #bitcoin-wizards		03:52
-!- Hunger-- [hunger@proactivesec.com] has quit [Ping timeout: 244 seconds]		03:59
-!- Hunger- [hunger@proactivesec.com] has joined #bitcoin-wizards		04:02
-!- thesnark [~michael@unaffiliated/thesnark] has joined #bitcoin-wizards		04:05
-!- thesnark is now known as narwh4l		04:05
-!- lclc_bnc is now known as lclc		04:22
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:b18f:30df:de11:ee9f] has joined #bitcoin-wizards		04:27
-!- jcluck [~cluckj@cpe-24-92-48-18.nycap.res.rr.com] has joined #bitcoin-wizards		04:31
-!- cluckj [~cluckj@cpe-24-92-48-18.nycap.res.rr.com] has quit [Read error: Connection reset by peer]		04:32
-!- jcluck is now known as cluckj		04:32
-!- nessence [~alexl@178.19.221.38] has quit [Remote host closed the connection]		04:37
-!- c0rw1n [~c0rw1n@63.120-67-87.adsl-dyn.isp.belgacom.be] has joined #bitcoin-wizards		05:00
-!- Graftec [~Graftec@gateway/tor-sasl/graftec] has quit [Ping timeout: 250 seconds]		05:01
-!- Profreid [~Profreitt@gateway/vpn/privateinternetaccess/profreid] has joined #bitcoin-wizards		05:02
-!- Graftec [~Graftec@gateway/tor-sasl/graftec] has joined #bitcoin-wizards		05:03
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards		05:08
-!- narwh4l [~michael@unaffiliated/thesnark] has quit [Quit: Leaving]		05:09
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]		05:13
-!- ryanxcharles [~ryanxchar@2601:9:4680:dd0:8ddf:c65e:b6d3:3462] has quit [Ping timeout: 244 seconds]		05:13
-!- hearn [~mike@50-105.77-83.cust.bluewin.ch] has joined #bitcoin-wizards		05:15
-!- butters [~butters@dslb-178-008-078-133.178.008.pools.vodafone-ip.de] has quit [Ping timeout: 252 seconds]		05:20
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards		05:23
-!- ryanxcharles [~ryanxchar@2601:9:4680:dd0:8ddf:c65e:b6d3:3462] has joined #bitcoin-wizards		05:23
-!- waxwing [waxwing@gateway/vpn/mullvad/x-jpybaalwanejsijd] has quit [Ping timeout: 244 seconds]		05:26
-!- wallet42 [~wallet42@unaffiliated/wallet42] has joined #bitcoin-wizards		05:31
-!- austeritysucks [~AS@unaffiliated/austeritysucks] has joined #bitcoin-wizards		05:33
-!- nessence [~alexl@178.19.221.38] has joined #bitcoin-wizards		05:39
-!- waxwing [~waxwing@62.205.214.125] has joined #bitcoin-wizards		05:43
-!- Profreid_ [~Profreitt@gateway/vpn/privateinternetaccess/profreid] has joined #bitcoin-wizards		05:44
nsh	gmaxwell: "<Barnerd> Anyone know if the 8 new OpenSSL CVE's affect LibreSSL as well?"	05:44
nsh	what's the simplest advice i can give people to regression test against libsepc256k efficiently?	05:44
nsh	or however elsewise you'd advise testing	05:44
@gmaxwell	nsh: I'm not sure of the context.	05:45
-!- Profreid [~Profreitt@gateway/vpn/privateinternetaccess/profreid] has quit [Ping timeout: 252 seconds]		05:45
-!- Profreid_ is now known as Profreid		05:45
nsh	presumably they want to know if the BN_sqr issue affects libre	05:45
nsh	and other issues in the disclosure	05:45
nsh	*advisory	05:45
nsh	https://www.openssl.org/news/secadv_20150108.txt	05:46
-!- lclc is now known as lclc_bnc		05:46
@gmaxwell	nsh: almost certantly.	05:47
@gmaxwell	(and if not, thats even more concerning, perhaps)	05:47
* nsh nods		05:47
nsh	as a matter of curiosity, i found it (the relevant openssl code) an alarmingly complex a set of assembly and C hodgepodge just for squaring big numbers	05:48
nsh	is that just a consequence of x86 legacy complexity and compiler complexity?	05:49
nsh	i doesn't seem, intuitively, that there's very much,mm, scope - mathematically - to make a squaring operation on large numbers that complex to execute	05:50
sl01	maybe ioccc was setup by the nsa to get ideas for openssl :x	05:50
@gmaxwell	nsh: well the C code is broken. And yes, all of openssl is ... uh... right.	05:51
* nsh nods		05:51
kanzure	"You are in a twisty maze. You see a broom."	05:51
nsh	but let's say a coder who had attained the zen, making a BN_sqr implementation, would it be elegant and still performant relative to openssl's?	05:52
nsh	or is there an < elegance \| efficiency > relation due to how computers actually work electronically?	05:52
@gmaxwell	But really it's often the case that other people's code is opaque. I am somewhat unconvined by peoples seemingly unsubstantiated expected relation with "code smell" and code correctness. Not that I think smelly code is good, but beautiful code can, and often is wrong.	05:52
@gmaxwell	nsh: I dunno. Elegant is subjective. There is code I consider elegant that would probably strike you as smelly.	05:53
kanzure	if i had the choice, i would take highly legible code that i can then apply a random-garbling-magic patch against	05:53
op_mul	I'd have a switch between them, I think.	05:54
@gmaxwell	kanzure: sometimes magic hides dragons.	05:54
kanzure	hey you're the one advocating for smelly magic	05:54
op_mul	if(insanitymode)	05:54
nsh	some of the elegance is objective in terms of algorithmic complexity theory	05:54
kanzure	i would find it difficult to believe that the vast majority of code in openssl /should/ be smelly garbled magic	05:54
kanzure	surely the vast majority is just boilerplate like everything else	05:55
@gmaxwell	The purpose of software is to communicate between programmers. But not just any programmers, ... the programmers working on the code in question.	05:55
nsh	you can rate implementations of algorithms by kolmogorov, but optimizing that almost certainly deoptomizes maintainability	05:55
-!- waxwing [~waxwing@62.205.214.125] has quit [Ping timeout: 255 seconds]		05:55
@gmaxwell	kanzure: Sure, it shouldn't be. I think people vastly overrate the correlation between smell and incorrectness though. Mostly because we often don't look at code unless its incorrect.	05:56
@gmaxwell	As a rule programmers don't spend enough time reading.	05:56
kanzure	eh, in general i would have to agree, but i do try to read other people's code	05:56
nsh	if we had to re-tell the story to the computer every time	05:56
kanzure	and i think it's insane that programmers working on the same project don't read all of the other source code	05:56
nsh	it would do us a lot of good, and we'd probably evolve languages that are more expressively laconic	05:56
nsh	telling stories is one of the things we're evolutionarily adept at	05:56
nsh	it's a toss-up between telling stories and endurance hunting	05:57
kanzure	better language will not make your programmers do their jobs	05:57
kanzure	i don't know what you're on about	05:57
@gmaxwell	nsh: hidden behavior is very important though. Clear communications abstracts away details, but that causes doom when the details matter.	05:57
nsh	right	05:57
@gmaxwell	kanzure: programmers who do their job may demand better languages, however. :)	05:57
nsh	the problem is that we're dealing with conceptual models of how the code works that are pretty strongly silo'd in developers' heads	05:58
nsh	we hope they overlap extensively	05:58
-!- copumpkin [~copumpkin@unaffiliated/copumpkin] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		05:58
nsh	and things like git, increasing the degree of dialectic, can kind of help	05:58
nsh	none of this helps me understand why squaring multi-limbed numbers should be a byzantine affair	06:00
nsh	even if processors are weird and freaky	06:00
kanzure	you're asking "why is a math failure a bad thing"?	06:00
nsh	am i?	06:02
kanzure	i was asing you if you were asking that.	06:02
nsh	maths only fails if you find the godel number that encodes a self-referential proposition concerning its provability	06:02
nsh	and no-one's ever shown me one so i'm still on the side of maths	06:03
-!- hearn [~mike@50-105.77-83.cust.bluewin.ch] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		06:04
kanzure	implementations of math in physical matter (like our primitive forms of computronium) are not platonic ideals or whatever, they have real failures.... bits flip, sidechannels leak, "optimizations" of algorithms turn out to be wrong in some implementations.	06:05
kanzure	see "In this case the reason our testing revealed the issue was because we used non-uniform numbers specifically constructed with low transition probability to better trigger improbable branches like carry bugs (https://github.com/bitcoin/secp256k1/blob/master/src/testrand_impl.h#L45). I used the same technique in the development of the Opus audio codec to good effect." ...	06:06
kanzure	... http://np.reddit.com/r/programming/comments/2rrc64/openssl_security_advisory_new_openssl_releases/cnilq2w?context=3	06:06
nsh	the irony is that the mathematic with which we model the indeterminism -- that we attempt (sometimes failingly) to supervene with deterministic logic -- with deterministic platonic equations of noble eternal truth	06:08
nsh	s/-- with/-- are/	06:08
-!- waxwing [waxwing@gateway/vpn/mullvad/x-qbwjrjikomadlnog] has joined #bitcoin-wizards		06:08
nsh	although greg egan had this lovely idea in a novella about the laws of physics being determined in the struggle of proposition vs. counterproposition in the great axiomatic big bang or something to that effect	06:09
nsh	which was nice. i mean, it's a long way up from fundamental color-dynamics until we get arithmetic maybe	06:10
kanzure	gmaxwell: fwiw i highly recommend linking to git(hub) commits by commit id instead of master branches, so that line anchors always work even after people push commits that would impact those anchors	06:10
-!- aburan28 [~ubuntu@static-108-45-93-73.washdc.fios.verizon.net] has joined #bitcoin-wizards		06:10
kanzure	yes i was about to recommend that you read more greg egan to get over whatever illness you're currently experiencing	06:10
kanzure	i'm glad that the generic telepathic link is working correctly today	06:10
-!- hearn [~mike@50-105.77-83.cust.bluewin.ch] has joined #bitcoin-wizards		06:10
nsh	well, i'm completely materially impoverished now, so i can afford the opulence of undirected intuition	06:12
nsh	it's quiet liberating	06:12
nsh	oh another thing that came up recently	06:16
nsh	.t https://twitter.com/craigstuntz/status/546147453414944768	06:17
yoleaux	nsh: Sorry, I don't know a timezone by that name.	06:17
nsh	.tw https://twitter.com/craigstuntz/status/546147453414944768	06:17
yoleaux	Homomorphic encryption doesn't allow branching on secret data. But that's a feature! Allowing it makes you susceptible to timing attacks. (@craigstuntz)	06:17
-!- aburan28 [~ubuntu@static-108-45-93-73.washdc.fios.verizon.net] has quit [Ping timeout: 264 seconds]		06:17
nsh	i don't think this is a valid intuition	06:17
nsh	because you convert any branching computation into a one-pass circuit	06:17
nsh	and i'd be very surprised if this magically eliminated all timing sidechannels	06:18
nsh	though it may make their exploitation much less convenient than in branching flow	06:18
-!- aburan28 [~ubuntu@static-108-45-93-73.washdc.fios.verizon.net] has joined #bitcoin-wizards		06:27
* jgarzik wonders out loud,		06:30
jgarzik	What should bitstamp implement, that is better than a hot-wallet-on-a-server?	06:31
-!- aburan28 [~ubuntu@static-108-45-93-73.washdc.fios.verizon.net] has quit [Ping timeout: 255 seconds]		06:31
jgarzik	e.g. I always imagined a web server would indicate "withdraw X from user Y" to N different remote servers, each of which would examine the withdrawal flow in context, to class it as "abnormal" or "normal"	06:31
jgarzik	If normal, the N servers all sign a multi-sig enabling the withdrawal.	06:32
jgarzik	A bit simple-minded, but at least requires attacker to compromise multiple servers which are -not- the web server processing the withdrawal request from the user	06:32
kanzure	how about not using a hot wallet at all	06:32
hearn	in theory, the hot wallet concept already does this. the size of the hot wallet defines what "normal" is	06:32
kanzure	having a hot wallet multiple times the size of your daily turnover is not a great idea	06:33
jgarzik	single-key hot wallet doesn't do that	06:33
kanzure	instead of using a hot wallet you could just have very slow withdrawals	06:34
jgarzik	kanzure, indeed	06:34
hearn	if we assume that bitstamp sized their hot wallet reasonably for their business (it was sized so when i visited them), it could be that they actually see withdrawals and deposits of such huge amounts of money	06:34
jgarzik	kanzure, which I think translates into a business cost of "users go elsewhere" given competitive space	06:34
kanzure	right... arguably you do not want users that are that bad at security.	06:34
hearn	seems ridiculous i agree, but i've met financial types who didn't think anything of dropping millions on a risky FX bet	06:34
jgarzik	Large amounts or small amounts, it sounds like the hot wallet was not multi-sig.	06:35
hearn	they use vanilla Bitcoin Core for everything, so no multisig or even HD	06:35
hearn	or rather, they did last year	06:35
kanzure	multisig hot wallets is just an extra layer of indirection	06:35
kanzure	especially if the threshold number of private keys are available on the same server	06:36
hearn	but yeah, not clear what multi-sig would do. in most implementations you're gonna get both signers being very similar, running the same code, etc	06:36
jgarzik	kanzure, it also raises attack difficulty and attacker costs, which is the point	06:36
jgarzik	kanzure, my scheme as described would not keep N private servers on the same server ;p	06:36
jgarzik	*private keys	06:36
kanzure	hard to tell with VMs these days.....	06:36
hearn	the thing you need is diversity, rather than just having multiple servers.	06:36
hearn	N identical servers has the same security as one, really	06:36
op_mul	hearn: they reuse addresses, so it's not bitcoin core wallet.	06:36
hearn	i don't follow your logic there	06:38
kanzure	yeah, you can hack bitcoind into doing anything you want, it's software	06:38
op_mul	bitcoin core doesn't reuse change addresses. it seems unlikely anybody would add that in.	06:38
kanzure	their transaction creation could be anything and they could still be using bitcoind for all you know	06:39
hearn	my statement was based on what they were doing about little under a year ago. it might be totally different now	06:39
op_mul	kanzure: I said not using the core wallet, not bitcoind.	06:39
op_mul	given how poorly the wallet does under loads it's unlikely anybody would use it at scale.	06:41
kanzure	jgarzik: at any rate, withdrawals should definitely be on totally separate servers	06:41
kanzure	jgarzik: and also, they should not run anything connecting t othe p2p bitcoin network on any server or ip address that is associated with their user frontend or company etc	06:41
jgarzik	yes, which independently examine the withdrawal requests, and put each request in context of an overall fraud framework	06:42
jgarzik	ie. did 1,000,000 users each request withdrawal of 1 BTC to $same_address?	06:42
kanzure	yep.. that's something i've been working towards, in part. (there are others. i shouldn't take that much credit!)	06:42
jgarzik	kanzure, what are you working on, if I may ask?	06:43
kanzure	pm is okay?	06:43
jgarzik	kanzure, sure	06:43
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]		06:43
hearn	op_mul: you would be surprised ...	06:44
hearn	op_mul: there are very few wallet implementations lying around. most of them don't scale well, afaik	06:45
hearn	fraud risk analysis is ..... tough	06:45
-!- zooko`` [~user@c-75-70-204-109.hsd1.co.comcast.net] has quit [Remote host closed the connection]		06:45
hearn	it's very hard to come up with rules that work, unless you have a constant stream of examples	06:45
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards		06:45
hearn	if you're getting hacked frequently enough to iterate on that, well, that's bad news. and if someone hacks your corp infrastructure, they can probably read your code, in which case forget about it	06:46
-!- wallet42 [~wallet42@unaffiliated/wallet42] has quit [Quit: Leaving.]		06:48
hearn	long term, i fear there is no alternative but just to slowly deflate these huge pools of money by charging deposit fees and the like	06:48
kanzure	jgarzik: having the private keys anywhere near the infrastructure is quite worrying, even if it is a hot wallet	06:49
kanzure	jgarzik: that's probably the biggest gain to be had, here	06:49
jgarzik	agree	06:50
op_mul	hearn: not storing 21,000 BTC in your hot wallet would be a good start.	06:50
jgarzik	op_mul, agree.... unless that was their normal flow	06:50
kanzure	yesterday op_mul showed that it was definitely not their turnover rate	06:50
hearn	if you have compromised a front end web server or the database, you don't have to compromise the hot wallet.	06:51
op_mul	s/definitely/probably/ it doesn't justify 21,000 BTC there at any rate.	06:51
hearn	you can make the system think you're about to do a huge withdrawal and wait for humans to top up the hot wallet to be big enough	06:51
jgarzik	In general, I think it is clear that exchanges need some published, step-by-step best practices guides to avoid things like this. Everybody keeps reinventing the wheel, poorly.	06:51
hearn	just having people in the loop is no panacea.	06:51
kanzure	hearn: nah, that only works if your withdrawal queue is on those servers or in those databases	06:52
hearn	one reason banks are slow is they manually review wire transfers	06:52
op_mul	hearn: having "multisig" application databases might be nice, and have the wallet server verify with both.	06:52
op_mul	have a third doing sanity checks and physically pulling the plug on failure.	06:52
hearn	i think it's too early to speculate on what would help, given there is no public info about the exact nature of the hack	06:53
kanzure	jgarzik: you shouldn't do their work for them, though	06:53
hearn	i suspect it wasn't as simple as "we grabbed the keys" though	06:53
-!- GAit [~lnahum@enki.greenaddressit.p3.tiktalik.io] has quit [Ping timeout: 255 seconds]		06:53
hearn	otherwise all the money would have exited the wallet in one go, or within a few minutes	06:53
jgarzik	multiple withdrawal servers need to act as third parties, independently verifying the withdrawal requests	06:53
hearn	the public analysis by denno suggests that it took hours and bitstamp was able to actually stop some draining away	06:53
op_mul	hearn: it wasn't, bitstamp managed to claw back 3000 BTC during the hack.	06:53
hearn	exactly	06:53
kanzure	jgarzik: i think the earlier argument a few minutes ago was that withdrawal requests are often stored in the same database, so why would your verifications ever return differently?	06:54
hearn	so that isn't really consistent with key compromise.	06:54
op_mul	interestingly both the attacker and bitstamps transactions were 300 BTC each.	06:54
jgarzik	kanzure, Disagree slightly; at some point, community standards & practices avoid public bitcoin embarrassments like this. Ultimately we are all in it together. Sites are competitors, but also we are all learning on-the-fly about how to best secure bitcoins.	06:54
op_mul	or some of them, at least	06:54
kanzure	jgarzik: so far i have not seen strong evidence that the existing exchanges have actually taken any of the advice about storing bitcoin. i mean, coinbase mentions something about bank vaults, but they aren't using multisig either...	06:55
jgarzik	kanzure, even if completely fraudulent withdrawal database traffic, an attacker would be unable to empty the hot wallet rapidly	06:55
jgarzik	*even with	06:55
kanzure	the attacker would be unable to do that rapidly with n=1 verifiers though	06:55
hearn	yeah i think this is looking more like a frontend/db compromise	06:56
kanzure	i mean, your statement holds for n=1	06:56
hearn	the 16 hour+ exploit window can be explained by the hot wallet having velocity controls on it	06:56
jgarzik	Related: multisig address analysis is naive. Some sites with big wealth use shamir	06:56
hearn	i.e. the attacker can't get the keys directly, he can't get the wallet directly, but he can keep submitting huge withdrawals that will get processed and empty things out	06:56
kanzure	jgarzik: good point	06:56
jgarzik	hearn, yep	06:57
-!- nubbins` [~leel@unaffiliated/nubbins] has quit [Quit: Quit]		06:57
kanzure	also another thing that is important is if you happen to implement multi-factor authentication then you should definitely not implement multi-factor authentication using the same database or frontend application, since compromising that means you can sidestep that sort of withdrawal verification process	06:58
jgarzik	kanzure, there are multiple points of compromise. multiple servers simply prevents a low level key-stealing single server compromise. defense in depth. if the withdrawal stream is good but a signing server is bad, or the withdrawal stream is bad but signing servers are good, you still have defenses.	06:58
kanzure	er, i mean user-based multi-factor, of course	06:58
jgarzik	spreads out what must be compromised, and how.	06:58
jgarzik	the goal in security is never "impenetrable" but "better than before"	06:59
-!- CoinMuncher [~jannes@178.132.211.90] has quit [Quit: Leaving.]		07:00
jgarzik	attacker must compromise M servers to perform low-level key stealing, or manipulate withdrawal request stream to trick signing servers.	07:00
jgarzik	compromise the db, and signing servers notice odd withdrawal patterns	07:01
hearn	what i'm worrying about is that the bitstamp hack boils down to something like, "found a code execution exploit in web server/framework, couldn't get further, but it didn't matter" because we don't have any great ideas for what to do about that	07:01
hearn	it's easy to say "just have better anti fraud logic!" without really knowing what that'd look like	07:01
hearn	what could help, potentially, is if clients of the exchange were digitally signing their withdrawal requests.	07:01
hearn	so the exchanges main loop/hot wallet code can check signatures that don't come from frontends.	07:01
kanzure	that signing verification could still be bypassed if the database is poorly designed	07:02
hearn	however this would require exchange users to install an app	07:02
hearn	IOW, users submit signed BIP70 PaymentRequest's that are verified by the exchange core, rather than just via the web. now you have to compromise user keys to withdraw from the exchange.	07:02
jgarzik	I think that's reasonable for big withdrawals	07:02
jgarzik	(installing an app)	07:02
hearn	yeah. i wonder how feasible that is. it wouldn't be very hard to make a nice lighthouse-style tool that used e.g. free Comodo certs as proof of email address.	07:03
jgarzik	hearn, +1, I like the idea	07:03
hearn	if you lose your private key, perhaps you have to file a support ticket or go through KYC again.	07:03
jgarzik	yep	07:03
jgarzik	_this_ is the sort of best practice we should have in a doc somewhere	07:03
kanzure	these are all sort of obvious things, though	07:04
hearn	well, maybe. everything is obvious in hindsight.	07:04
kanzure	"hindsight" doesn't apply here.. what do i have hindsight over?	07:04
hearn	also it's easy to assume that exchanges have infinite skilled developer manpower. when i did the bitstamp client/fund reconciliation thing, obviously i asked why they aren't using multisig for their cold wallets	07:04
kanzure	what did they say?	07:04
hearn	and the answer was basically, the tools just aren't good enough and they already had a billion things on their plate	07:05
hearn	so developing their own didn't seem attractive	07:05
hearn	(at the time copay wasn't really fully launched, i think)	07:05
kanzure	do they have any developers on their staff that i might know?	07:05
hearn	doubt it. anyway, i don't want to get into the details of their setup too much, as it's all confidential	07:05
kanzure	i mean, how did they pick their bitcoin people? just anyone that can setup a bitcoind node?	07:06
hearn	no, it's not like that.	07:06
jgarzik	Related: For the record, copay still has a "beta" label and a warning not to use it for large amounts.	07:06
hearn	anyway, i'd rather not discuss it. when i was there i wrote a report for their investors exploring many aspects of the business and setup, but it was not public. so i should not discuss further. they can decide what they wish to discuss publicly.	07:07
jgarzik	Agree w/ hearn. _In theory_ exchanges should know this stuff.	07:07
kanzure	hearn: glad to hear that someone was doing due diligence	07:07
jgarzik	In practice, they are small shops with strained resources and don't necessarily know bitcoin as well as we do.	07:07
jgarzik	This is not just a bitstamp problem, which is why I kicked off the discussion.	07:08
hearn	jgarzik, +1	07:08
jgarzik	White label exchanges will make the problem worse, too	07:08
hearn	i may contact them and ask if they want to discuss the app idea.	07:08
hearn	really it should be a feature of wallets, of course, but in the short term a special purpose "withdrawal wallet app" would bridge the gap	07:08
kanzure	haha will you also do free work for my exchange	07:08
jgarzik	hearn, RE app, it should be a feature of the wallet indeed	07:09
hearn	discuss in this context means, discuss a contract ;)	07:09
@gmaxwell	It would be helpful to know what the failure mode here was. The industry cannot learn when people keep their faults secret.	07:09
jgarzik	(typing same thing at same time, it seems)	07:09
jgarzik	I bet we could get copay to do withdrawal signing	07:09
jgarzik	if there's interest	07:09
jgarzik	It needs to be in every wallet	07:09
@gmaxwell	I believe all of the largest loss events actual fault modalities are all secret, there have also been loss events which are completely secret.	07:10
jgarzik	gmaxwell, agree	07:10
@gmaxwell	This is going to cause regulatory ire against this industry if we don't fix it.	07:10
@gmaxwell	Because we cannot learn best practices if we can't even see what failed.	07:10
jgarzik	gmaxwell, I would be hopeful that we can engineer some stupidity out of exchanges if things like withdrawal signing were general industry practice	07:10
hearn	yeah. that's an industry wide issue though. i think US regulators are already getting annoyed just at general data breaches being secret.	07:10
@gmaxwell	All we can do is speculate; and our speculations will be rightfulyl ignored because they are uninformed.	07:10
hearn	of CC track data, etc	07:11
jgarzik	e.g. Create a situation where players cannot enter the market unless they support withdrawal signing, "because everyone else does"	07:11
@gmaxwell	hearn: CC industry has pretty substantial self regulation though; perhaps not enough (as you note) we don't even have that.	07:11
jgarzik	hmmmmm.	07:11
jgarzik	I wonder if there's an exchange that is willing to demo withdrawal signing.	07:11
@gmaxwell	jgarzik: why should e.g.bitstamp listen to our advice when we're totally ignorant as to what ill actually befell them?	07:12
-!- SDCDev [~quassel@unaffiliated/sdcdev] has joined #bitcoin-wizards		07:12
kanzure	gmaxwell: because i'd be stupid not to listen to you give me free advice?	07:12
hearn	free advice, worth what you paid for it ;)	07:12
kanzure	jgarzik: i know at least one that has been cooking such a thing	07:12
jgarzik	gmaxwell, Make that rhetorical question irrelevant: If we implement good security practices in the wallets, they follow or get left behind.	07:12
stonecoldpat	following kanzures earlier comment, you know how to do more than just run bitcoind ;)	07:12
hearn	the problem with us giving advice is not so much that it'd be worthless or even wrong, but we have no insight into the priority queue and other factors that can be surprising	07:12
jgarzik	A central problem throughout bitcoin's history is that it is _too easy to use [wrongly / insecurely]_	07:13
@gmaxwell	hearn: well and we value different things. I don't really give a crap about their market share if the tradeoff is against bitcoin's reputation or user security.	07:13
hearn	e.g. when i checked the size of their cold wallet, of course i was happy just with them signing some nonces i chose with their keys, why actually move the money?	07:13
jgarzik	it is too easy for a programmer to write naive bitcoin code	07:13
jgarzik	and tough for programmers to automatically "know" how to write secure code	07:13
hearn	and the answer was one i did not expect - the SEC loved being able to see the "audit" (i use the word loosely) on the block chain. it felt like star trek to them.	07:13
hearn	so, ok, move the money then.	07:13
op_mul	hearn: moving their 140k BTC in one transaction was just moronic.	07:14
kanzure	they thought moving money was an audit??	07:14
hearn	no, they know it's not	07:14
jgarzik	hearn, that's a tweetable quote if ever there was one	07:14
hearn	this is a language issue. substitute "proof of reserves" or your term of choice	07:14
kanzure	haha what... wouldn't signing some other plaintext be a better idea, rather than signing a transaction?	07:15
hearn	no	07:15
hearn	put it on the block chain, send government regulators a link to the page on blockchain.info, done	07:15
hearn	don't put it on the block chain, send a complicated 10 step procedure that they don't understand -> not done	07:15
petertodd	I'll take "they have to work a bit" over $100 million single point of failure any day	07:16
op_mul	hearn: did you know that anybody could fake a spendable balance on blockchain.info for years?	07:16
petertodd	op_mul: ha, that would be an awesome fraud	07:18
tacotime	the great thing about bitcoin is that we can see when someone stole the money at the very least.	07:18
hearn	op_mul: never heard that, no	07:19
kanzure	anyone can still fake blockchain.info data (it's a company and it's run by humans, it's not a truthsource)	07:19
hearn	bear in mind all the existing financial system boils down to is trusted men/women in fancy suits writing letters to each other	07:19
kanzure	that's not my fault	07:19
petertodd	hearn: which works because transactions are revocable...	07:20
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards		07:20
hearn	my point is this - it's easy for armchair developers to say "XYZ thing is obvious and anyone who doesn't do it is insane or dumb", but often there are factors that aren't obvious	07:20
tacotime	i don't fully understand the 'hotwallet' thing though... can't you just do everything on an offline machine, like sign the tx with an output to the recipient, print it out, walk it over to an online machine with a daemon, scan, and relay? why use hot wallets at all?	07:21
tacotime	if the theft is internal though (as these seem to be) i guess that solves nothing	07:21
kanzure	hearn: do you think there's anything obvious (like "use a cryptosystem" or "use a password") that you have to draw the line at?	07:21
petertodd	tacotime: I've gone through this stuff with an exchange before that I did some consulting for... hotwallet vs. coldwallet isn't as important an issue as you'd think	07:21
petertodd	tacotime: the real problem is authentication of user intent	07:21
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Max SendQ exceeded]		07:22
kanzure	er, stealing the private key can bypass any authentication of user intent	07:22
hearn	kanzure: you know the US nuclear launch codes were 00000000, right?	07:22
-!- Profreid [~Profreitt@gateway/vpn/privateinternetaccess/profreid] has quit [Quit: Profreid]		07:22
kanzure	that's also not my fault. nobody ever asked me for advice about nuclear launches.	07:22
hearn	nobody is saying it is	07:23
petertodd	kanzure: it can, but bad authentication of user intent can (nearly) just as easily steal money too	07:23
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards		07:23
kanzure	petertodd: yep, okay	07:23
tacotime	well. if you have a person actually auditing every outgoing tx that shouldn't happen though.	07:23
petertodd	kanzure: for instance, they wanted to use multisig, and by the time we were done they needed to essentially write two separate versions of the exchange software, each authenticating the user in a different way	07:23
petertodd	tacotime: if you put a person in charge of that they get lazy, guaranteed	07:24
kanzure	petertodd: were they running these two versions simultaneously...?	07:24
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Max SendQ exceeded]		07:24
tacotime	(at least not on a wide scale that would allow theft)	07:24
tacotime	heh	07:24
petertodd	kanzure: I haven't spoken to them in a bit, but that was the plan	07:24
Luke-Jr	kanzure: what would you make the launch code be?	07:24
ajweiss	gun clicks... "TURN YOUR KEY, SIR!"	07:24
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards		07:24
kanzure	Luke-Jr: i'm not sure a launch code is a good idea	07:24
stonecoldpat	taxotime: just because a person is handling it - still doesnt authenticate that the person who requested it - really is the person they say, plus it requires a lot more staff than probably affordable	07:25
Luke-Jr	kanzure: that's dodging the question :D	07:25
tacotime	stonecoldpat: um, probably no more so than at a bank... and i assume they're making more than a bank, at least before this. and i meant, adding human audit on top of classical auth schemes	07:25
-!- nubbins` [~leel@unaffiliated/nubbins] has joined #bitcoin-wizards		07:26
kanzure	Luke-Jr: yep..... but really, i don't think any particular 8-digit launch code is a good idea...	07:26
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Max SendQ exceeded]		07:26
tacotime	small scale theft/fraud can be offset easily by revenue... but the most recent theft was anything but that.	07:27
kanzure	there should definitely be proportional or exponential verification to linearly increasing withdrawal requests	07:27
kanzure	*withdrawal request amounts	07:27
hearn	kanzure: so what you're saying is, "do you think there's anything obvious (like "use a cryptosystem" or "use a password") that you have to draw the line at?" -> no	07:28
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards		07:28
hearn	kanzure: it's rare that things are obvious.	07:28
hearn	sadly	07:28
kanzure	hearn: for example, "don't tell every user your single private key" seems ridiculously obvious to me	07:28
tacotime	yeah. if the theft was anything but internal (of 15k or whatever bitcoins) i'll be really saddened that they decided to have that much online at any given time	07:28
kanzure	hearn: you have to draw the line somewhere	07:28
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Max SendQ exceeded]		07:29
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards		07:29
tacotime	i mean, we rely on debug output to vet our own code and make sure it's not doing something weird.. i don't see why this is any different.	07:29
stonecoldpat	hot wallets should be okay to use, (its just a till @ a shop at the end of the day), their hot wallet was just a bit too big, but thats always going to be a risk	07:29
tacotime	btc-e has never had a bitcoin theft as far as i know (though they did have a liberty reserve theft), so this type of security can be done right i think.	07:31
tacotime	(anyway, kind of OT, sorry)	07:31
kanzure	what's the physics term for as-fast-as-possible signing of withdrawal requests? there's some limit. might be something about speed of light and number of bits per second. anyway, the hottest possible wallet is probably going to sign more things that you wouldn't want it to have signed, even more than the proportionally more number of requests it can process.	07:31
kanzure	well, er, i don't have the formalism for that, i'm sure one of you physics junkies knows how to conceptualize a hottest possible wallet	07:32
@gmaxwell	hahah!	07:32
@gmaxwell	On the fundimental limits of Bitcoin wallets.	07:32
kanzure	"or how i learned to expose my private keys to the soft flame of a neutron star"	07:33
-!- nullbyte [WW@gateway/vpn/mullvad/x-lscqvxvefqmdmafy] has quit [Ping timeout: 265 seconds]		07:33
@gmaxwell	"We construct a Bitcoin wallet from a quark gluon plasma on the basis of a linear model which indicated that Bitcoin users prefer the hottest possible wallets. If our analysis holds, our profits will be in excess of 500 million bitcoins per day."	07:33
@sipa	"My cold wallet is stored at negative kelvin temperature!" - "You realize that's means it's infinitely hot, right?"	07:34
kanzure	i even have a snappy name ready to go: big bang wallet	07:34
-!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has joined #bitcoin-wizards		07:35
-!- nullbyte [~WW@cpe-66-68-54-206.austin.res.rr.com] has joined #bitcoin-wizards		07:35
-!- nullbyte [~WW@cpe-66-68-54-206.austin.res.rr.com] has quit [Changing host]		07:35
-!- nullbyte [~WW@unaffiliated/loteriety] has joined #bitcoin-wizards		07:35
hearn	kanzure: that's a confidence inspiring name if there ever was one	07:37
helo	QOTD "it's rare that things are obvious" - hearn	07:37
hearn	"we're using the Big Bang Wallet, what could possibly go wrong?"	07:37
@gmaxwell	I've thought before that it might be fun to build some orgy of fail product to launch on april first. "Big bang wallet" by "John TotallyNotStealingYourMoney Doe" ... except people would use it. :(	07:37
hearn	helo: i'm practicing for my next career as a fortune cookie writer	07:37
hearn	gmaxwell: implemented in Visual Basic for extra safety :)	07:37
@gmaxwell	hearn: and call it mastercoin? ... Too much work. Might as well just take bitcoin-qt, change the name, and add a picture of a dog. oh wait.	07:38
@sipa	probably in a prl script that generates visual basic code	07:38
hearn	lol	07:38
fluffypony	plz, PHP	07:38
@sipa	*perl	07:38
fluffypony	DarkTimeKoin	07:38
@gmaxwell	fluffypony: hehe. I thought that was a joke at first and was really disappointed when there was no references to Cubic Currency or racist rants.	07:39
-!- nullbyte [~WW@unaffiliated/loteriety] has quit [Ping timeout: 244 seconds]		07:40
fluffypony	lol	07:40
@sipa	wow, webbtc.com has a script evaluator	07:41
-!- nullbyte [WW@gateway/vpn/mullvad/x-usynqsxfgurymyrl] has joined #bitcoin-wizards		07:41
@gmaxwell	(context: fluffypony is referring to TikeKoin a very weird PHP altcoin written by one of bitcoin's earliest users who was seemingly losing his mind. And when I saw the post I thought it was a timecube joke.)	07:41
-!- catlasshrugged [~satoshi-u@208-58-112-15.c3-0.upd-ubr1.trpr-upd.pa.cable.rcn.com] has joined #bitcoin-wizards		07:41
op_mul	hearn: that's because bc.i doesn't publish when they get owned.	07:41
fluffypony	*TimeKoin	07:41
-!- skyraider [uid41097@gateway/web/irccloud.com/x-wdrxlnxovczuzorr] has joined #bitcoin-wizards		07:45
-!- nubbins` [~leel@unaffiliated/nubbins] has quit [Quit: Quit]		07:45
petertodd	gmaxwell: 3716f21538060be06afda4197d00191e2e3b07500187a1e12a0abadfca9158f3 <- not quite a neutron star, but it's to the right audience at least	07:46
-!- roconnor [~roconnor@e120-pool-d89a63c0.brdbnd.voicenetwork.ca] has quit [Quit: Konversation terminated!]		07:47
-!- SDCDev [~quassel@unaffiliated/sdcdev] has quit [Remote host closed the connection]		07:49
kanzure	hrm it is not little-endian hex	07:53
@gmaxwell	kanzure: it's a transaction id, follow it	07:53
petertodd	kanzure: you can tell by the pixels	07:53
-!- hearn [~mike@50-105.77-83.cust.bluewin.ch] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		07:54
kanzure	whoops, yes	08:01
-!- op_mul [~op_mul@178.62.78.122] has quit [Read error: Connection reset by peer]		08:01
-!- lclc_bnc is now known as lclc		08:01
-!- maraoz [~maraoz@43-161-16-190.fibertel.com.ar] has joined #bitcoin-wizards		08:04
-!- nullbyte [WW@gateway/vpn/mullvad/x-usynqsxfgurymyrl] has quit [Ping timeout: 264 seconds]		08:10
-!- nullbyte [~WW@cpe-66-68-54-206.austin.res.rr.com] has joined #bitcoin-wizards		08:12
-!- nullbyte [~WW@cpe-66-68-54-206.austin.res.rr.com] has quit [Changing host]		08:12
-!- nullbyte [~WW@unaffiliated/loteriety] has joined #bitcoin-wizards		08:12
-!- nessence [~alexl@178.19.221.38] has quit [Remote host closed the connection]		08:17
-!- eslbaer [~eslbaer@p579E9D7B.dip0.t-ipconnect.de] has joined #bitcoin-wizards		08:29
-!- bendavenport [~bpd@64.124.157.148] has joined #bitcoin-wizards		08:30
-!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has joined #bitcoin-wizards		08:31
-!- treehug88 [~treehug88@static-96-239-100-47.nycmny.fios.verizon.net] has joined #bitcoin-wizards		08:36
-!- eudoxia_ [~eudoxia@r186-50-231-177.dialup.adsl.anteldata.net.uy] has joined #bitcoin-wizards		08:43
-!- eudoxia_ [~eudoxia@r186-50-231-177.dialup.adsl.anteldata.net.uy] has quit [Remote host closed the connection]		08:44
-!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has quit [Ping timeout: 264 seconds]		08:44
-!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has joined #bitcoin-wizards		08:45
-!- eudoxia [~eudoxia@r179-25-152-180.dialup.adsl.anteldata.net.uy] has quit [Ping timeout: 252 seconds]		08:47
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]		08:52
-!- ryanxcharles [~ryanxchar@2601:9:4680:dd0:8ddf:c65e:b6d3:3462] has quit [Ping timeout: 265 seconds]		08:57
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards		08:58
-!- CoinMuncher [~jannes@178.132.211.90] has joined #bitcoin-wizards		09:05
-!- vmatekole [~vmatekole@f055011083.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]		09:13
-!- vmatekole [~vmatekole@f055011083.adsl.alicedsl.de] has joined #bitcoin-wizards		09:13
-!- OneNomos [~onenomos@pool-71-178-107-61.washdc.east.verizon.net] has joined #bitcoin-wizards		09:15
-!- OneNomos is now known as Guest10177		09:15
-!- Guest10177 [~onenomos@pool-71-178-107-61.washdc.east.verizon.net] has quit [Client Quit]		09:16
-!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has joined #bitcoin-wizards		09:16
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]		09:16
-!- NomosOne [~NomosOne@pool-71-178-107-61.washdc.east.verizon.net] has joined #bitcoin-wizards		09:17
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards		09:21
-!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has quit [Ping timeout: 264 seconds]		09:21
-!- ryanxcharles [~ryanxchar@162-245-22-162.v250d.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards		09:28
-!- user7779078 [user777907@gateway/vpn/mullvad/x-gwqfioylvyarpatn] has joined #bitcoin-wizards		09:30
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Ping timeout: 265 seconds]		09:31
-!- adlai [~Adlai@gateway/tor-sasl/adlai] has quit [Remote host closed the connection]		09:32
-!- adlai [~Adlai@gateway/tor-sasl/adlai] has joined #bitcoin-wizards		09:33
-!- vmatekole [~vmatekole@f055011083.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]		09:35
-!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has joined #bitcoin-wizards		09:36
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards		09:40
-!- catlasshrugged [~satoshi-u@208-58-112-15.c3-0.upd-ubr1.trpr-upd.pa.cable.rcn.com] has quit [Remote host closed the connection]		09:45
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Read error: Connection reset by peer]		09:51
-!- bit2017 [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards		09:52
-!- bit2017 [~linker@bb219-75-53-81.singnet.com.sg] has quit [Max SendQ exceeded]		09:53
-!- eslbaer [~eslbaer@p579E9D7B.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]		09:54
-!- execut3 [~shesek@77.125.154.211] has joined #bitcoin-wizards		09:55
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards		09:55
-!- shesek [~shesek@77.126.229.16] has quit [Ping timeout: 264 seconds]		09:58
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Ping timeout: 240 seconds]		09:59
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards		10:02
-!- aburan28 [~ubuntu@static-108-45-93-73.washdc.fios.verizon.net] has joined #bitcoin-wizards		10:03
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]		10:07
-!- catlasshrugged [~satoshi-u@208-58-112-15.c3-0.upd-ubr1.trpr-upd.pa.cable.rcn.com] has joined #bitcoin-wizards		10:08
-!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Ping timeout: 265 seconds]		10:08
-!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards		10:10
-!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]		10:20
-!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has joined #bitcoin-wizards		10:25
-!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]		10:36
-!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has joined #bitcoin-wizards		10:36
-!- jtimon [~quassel@238.pool85-59-137.dynamic.orange.es] has joined #bitcoin-wizards		10:37
-!- CoinMuncher [~jannes@178.132.211.90] has quit [Quit: Leaving.]		10:39
-!- yamamushi [~yamamushi@opentransactions/dev/yamamushi] has quit [Quit: Leaving.]		10:43
-!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has quit [Ping timeout: 240 seconds]		10:53
-!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Remote host closed the connection]		11:03
-!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards		11:04
-!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has quit [Ping timeout: 244 seconds]		11:08
-!- execut3 is now known as shesek		11:10
-!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has joined #bitcoin-wizards		11:10
-!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards		11:11
-!- maaku is now known as Guest82541		11:11
-!- Dizzle [~diesel@2605:6000:1018:c04a:350a:f16c:a6d1:9629] has joined #bitcoin-wizards		11:15
-!- nubbins` [~leel@unaffiliated/nubbins] has joined #bitcoin-wizards		11:17
jgarzik	http://blog.rust-lang.org/2015/01/09/Rust-1.0-alpha.html	11:17
MRL-Relay	[fluffypony] oh andytoshi will be happy	11:17
@gmaxwell	I believe that as it matures Rust will turn out to be a uniquely well suited language for general Bitcoin application development.	11:18
@gmaxwell	It's also, I think, the only language you can say that was created while a bitcoin developer was pestering the crap out of its main contributors.	11:19
heath	gmaxwell: thoughts on haskell and haskoin?	11:19
fluffypony	argh altcoins have ruined me - I immediately thought haskoin was an altcoin	11:22
fluffypony	I also spent 2 minutes today thinking that Picocoin was a stupid name for an altcoin (sorry jgarzik) before realising it wasn't that at all	11:22
gwillen	gmaxwell: bahaha. Was that bitcoin developer you?	11:23
jgarzik	heh	11:24
@sipa	gwillen: andytoshi	11:25
@gmaxwell	yea. Well rust is not everything I could possibly want in a language; but there are serious usability tradeoffs; so it's unclear what optimal really is.	11:25
-!- eslbaer [~eslbaer@p579E9D7B.dip0.t-ipconnect.de] has joined #bitcoin-wizards		11:25
* gwillen nod		11:25
@gmaxwell	and yea, andytoshi actually contributed some not-totally trivial amount to the compiler.	11:25
* heath proudly holds his best troll today trophy with pride and continues idling		11:27
-!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards		11:27
-!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Remote host closed the connection]		11:28
-!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 264 seconds]		11:31
-!- nubbins` [~leel@unaffiliated/nubbins] has quit [Quit: Quit]		11:32
-!- jb55 [~jb55@208.98.200.98] has joined #bitcoin-wizards		11:34
jb55	I work for a record label, could you make a transaction to an address such that you could somehow guarantee commission splits to other addresses. That way when someone buys a track all rights holders get paid appropriately?	11:36
jb55	I have a feeling this might not be possible...	11:36
@gmaxwell	on can straightforwardly pay to a multisignature address which lets you achieve "all signers agree on the distribution of the funds, or they don't move at all."	11:37
@gmaxwell	The payment protocol (BIP70) also allows the invoice to ask parties to pay to a split of multiple outputs.	11:37
jb55	that sounds exactly what we do already informally. artists all sign a pdf contract before we start distributing funds. If I could encode that into a multisig address it would greatly simplify our payouts in the future...	11:39
-!- RoboTeddy [~roboteddy@2601:9:3483:2400:c81c:a250:4391:d1b0] has joined #bitcoin-wizards		11:40
-!- nubbins` [~leel@unaffiliated/nubbins] has joined #bitcoin-wizards		11:41
jb55	thanks!	11:42
phantomcircuit	gmaxwell, does the invoice specify how much goes to each output?	11:46
kanzure	jb55: i've implemented that and have a working pile of code. do you want it?	11:47
jb55	kanzure: that would be awesome	11:47
-!- nubbins` [~leel@unaffiliated/nubbins] has quit [Quit: Quit]		11:48
-!- luny [~luny@unaffiliated/luny] has quit [Ping timeout: 255 seconds]		12:00
-!- HaltingState [~HaltingSt@unaffiliated/haltingstate] has joined #bitcoin-wizards		12:03
-!- luny [~luny@unaffiliated/luny] has joined #bitcoin-wizards		12:07
@andytoshi	fluffypony: hooray! i'm gonna spend the rest of today working on updating my code (i couldn't keep up with the changes over the last couple months so there is extreme bitrot)	12:11
fluffypony	:)	12:11
-!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has quit [Ping timeout: 244 seconds]		12:12
-!- lclc is now known as lclc_bnc		12:13
-!- Dizzle [~diesel@2605:6000:1018:c04a:350a:f16c:a6d1:9629] has quit [Quit: Leaving...]		12:19
-!- RoboTeddy [~roboteddy@2601:9:3483:2400:c81c:a250:4391:d1b0] has quit [Ping timeout: 244 seconds]		12:25
-!- TechGhost420 [~kvirc@69.80.108.70] has joined #bitcoin-wizards		12:25
-!- belcher [~belcher-s@unaffiliated/belcher] has joined #bitcoin-wizards		12:26
-!- MoALTz [~no@user-109-243-165-112.play-internet.pl] has joined #bitcoin-wizards		12:27
-!- Dizzle [~diesel@70.114.207.41] has joined #bitcoin-wizards		12:35
-!- orik [~orik@75.149.169.53] has joined #bitcoin-wizards		12:39
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]		12:42
-!- nsh [~lol@wikipedia/nsh] has quit [Excess Flood]		12:45
-!- nsh [~lol@2001:41d0:8:c2da::1337] has joined #bitcoin-wizards		12:45
-!- nsh [~lol@2001:41d0:8:c2da::1337] has quit [Changing host]		12:45
-!- nsh [~lol@wikipedia/nsh] has joined #bitcoin-wizards		12:45
-!- wyager [~wyager@cpe-24-160-153-232.satx.res.rr.com] has joined #bitcoin-wizards		12:58
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards		13:00
-!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has joined #bitcoin-wizards		13:04
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Client Quit]		13:05
-!- TechGhost420 [~kvirc@69.80.108.70] has quit [Ping timeout: 245 seconds]		13:05
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards		13:06
-!- torsthaldo [~torsthald@unaffiliated/torsthaldo] has joined #bitcoin-wizards		13:10
-!- justanot1eruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards		13:13
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Quit: Reconnecting]		13:14
-!- skyraider [uid41097@gateway/web/irccloud.com/x-wdrxlnxovczuzorr] has quit [Quit: Connection closed for inactivity]		13:15
-!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards		13:15
-!- justanot1eruser [~Justan@unaffiliated/justanotheruser] has quit [Client Quit]		13:17
-!- aburan28 [~ubuntu@static-108-45-93-73.washdc.fios.verizon.net] has quit [Ping timeout: 244 seconds]		13:18
-!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has joined #bitcoin-wizards		13:24
-!- Burrito [~Burrito@unaffiliated/burrito] has joined #bitcoin-wizards		13:31
-!- d1ggy_ is now known as d1ggy		13:39
-!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has quit [Ping timeout: 244 seconds]		13:40
-!- wyager [~wyager@cpe-24-160-153-232.satx.res.rr.com] has quit [Quit: wyager]		13:53
-!- TechGhost420 [~kvirc@207.207.22.127] has joined #bitcoin-wizards		13:54
-!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has joined #bitcoin-wizards		13:55
-!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]		14:07
-!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has joined #bitcoin-wizards		14:07
-!- catlasshrugged [~satoshi-u@208-58-112-15.c3-0.upd-ubr1.trpr-upd.pa.cable.rcn.com] has quit [Read error: Connection reset by peer]		14:28
-!- siervo [uid49244@gateway/web/irccloud.com/x-gvzyiswpiuzokovm] has joined #bitcoin-wizards		14:30
kanzure	attacks on ecdsa signatures with single-bit nonce bias http://www.irisa.fr/celtique/zapalowicz/papers/asiacrypt2014.pdf	14:31
-!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]		14:32
-!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has joined #bitcoin-wizards		14:33
-!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]		14:36
@gmaxwell	kanzure: yep, fortunately the mechenism they use to get a single bit bias is not applicable to our curve.	14:36
@gmaxwell	(not that there aren't other ways to screw up... :( )	14:36
-!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has joined #bitcoin-wizards		14:36
@andytoshi	gmaxwell: you mean this GLV mechanism is not applicable to the curve, or do you mean something more specific?	14:36
@gmaxwell	They focus on a bias created by not correctly handling that the curve order is much smaller than a power of two.	14:36
@gmaxwell	oh maybe I'm confusing the paper.	14:37
@andytoshi	i'm aware that libsecp256k1 does not do anything like this k1 + λk2 thing, but it's not obvious to me that we couldn't if we wanted to	14:37
@andytoshi	i don't have a clue what openssl does :)	14:37
@gmaxwell	oh it's the right paper but I'm only remembering part of it.	14:37
@gmaxwell	andytoshi: no one else does. AFAICT no public implementation except secp256k1 has use of the endomorphism. (you can google for the constant)	14:38
-!- vmatekol_ [~vmatekole@e180176249.adsl.alicedsl.de] has joined #bitcoin-wizards		14:39
@andytoshi	ah, i see that this is not applicable ... because our entire group has prime order there are no interesting prime subgroups worth decomposing into	14:40
@andytoshi	s/interesting/proper/	14:40
@gmaxwell	I can't load the URL.	14:40
@andytoshi	kk i will rehost it, one sec	14:41
kanzure	http://diyhpl.us/~bryan/papers2/security/cryptography/Attacks%20on%20ECDSA%20signatures%20with%20single-bit%20nonce%20bias.pdf	14:41
@gmaxwell	if it's the paper talks I'm thinking about about two things, one is getting a bias from doing an endomorphism split k1 + lambda*k2, which is one reason we wouldn't bother doing generation that way ... so I misspoke, secp256k1 would happily befall that, it's just its a kind of stupid optimization; the other thing it talks about is handling the order mod incorrectly	14:42
-!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has quit [Ping timeout: 264 seconds]		14:42
@andytoshi	it definitely talks about the first; i've only read the first 2 pages so not sure about the second	14:42
@andytoshi	would it be an optimization even? we'd be using endomorphisms of the whole group (as opposed to a subgroup whose elements are smaller)	14:43
-!- NomosOne [~NomosOne@pool-71-178-107-61.washdc.east.verizon.net] has quit [Remote host closed the connection]		14:43
@andytoshi	(i totally don't know what i'm talking about btw)	14:44
@gmaxwell	yes. but not really. Because for signing you always compute kG with constant point G then you do not need the endomorphism to split your number.	14:44
@gmaxwell	andytoshi: basically on GLV curves there is a magic beta number such that P.xbeta,P.y = lambdaP and lambda is helpfully large enough that one can split some secret k, like k = k1 + lambda*k2 such that k1, k2 are both 128 bit numbers (instead of 256 bit numbers).	14:46
@andytoshi	ah, yes, i think sipa explained this to me out of band a few months ago (or was it you?)	14:47
@gmaxwell	And then you can go about computing kG as k1G + k2lambdaG with reduced operations via multi-exponentiation because the scalars are half the size.	14:47
@sipa	andytoshi: i believe i did	14:48
@andytoshi	gotcha. i misread the paper to think that you only got the size-halving by restricting the endomorphism to a small subgroup	14:48
@gmaxwell	now some 'genius' signing implementation might think it could skip the splitting step by just randomly picking k1,k2 ... but the result is non-uniform. And I really doubt anyone has ever done this without knowing it was non-uniform, but maybe they thought it was acceptable.	14:49
@gmaxwell	But if G is a constant there is no need to use the endormorphism for this. You can just precompute 2^128*G, and then do your split on a power of two boundary and your splitting is free.	14:49
-!- siervo [uid49244@gateway/web/irccloud.com/x-gvzyiswpiuzokovm] has quit []		14:50
@gmaxwell	In fact, you can carry that to its logical conclusion of precomputing every power of two. Or even ever window of 4 bits.. and have no doubling at all in your multiply by G; and this is what libsecp256k1 does for signing.	14:50
@gmaxwell	so I don't see any reason you'd ever use the endomorphism in signing... You basically can't save memory using it even, since the beta constant takes almost as much memory as another precomputed point. (well okay you might save 32 bytes)	14:51
-!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has quit [Ping timeout: 264 seconds]		14:51
@andytoshi	ah, yes, this part is what sipa explained to me	14:51
@gmaxwell	hm, okay actually, for large amounts of memory you could halve your memory usage.	14:55
@gmaxwell	so maybe someone would actually want to do that.	14:55
@gmaxwell	e.g. you build a great big table for the first 128 bits, and then use the beta to get you a table for the next 128 bits. So the saving is only large if your table is large relative to one entry.	14:56
-!- op_mul [~op_mul@178.62.78.122] has joined #bitcoin-wizards		15:02
-!- NomosOne [~NomosOne@pool-71-178-107-61.washdc.east.verizon.net] has joined #bitcoin-wizards		15:05
-!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has joined #bitcoin-wizards		15:06
-!- Burrito [~Burrito@unaffiliated/burrito] has quit [Quit: Leaving]		15:14
-!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Remote host closed the connection]		15:19
-!- treehug88 [~treehug88@static-96-239-100-47.nycmny.fios.verizon.net] has quit []		15:19
-!- vmatekol_ [~vmatekole@e180176249.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]		15:21
-!- vmatekole [~vmatekole@e180176249.adsl.alicedsl.de] has joined #bitcoin-wizards		15:21
-!- PaulCapestany [~PaulCapes@204.28.124.82] has quit []		15:24
-!- PaulCapestany [~PaulCapes@204.28.124.82] has joined #bitcoin-wizards		15:25
-!- PaulCapestany [~PaulCapes@204.28.124.82] has quit []		15:31
-!- vmatekol_ [~vmatekole@e180176249.adsl.alicedsl.de] has joined #bitcoin-wizards		15:32
-!- PaulCapestany [~PaulCapes@204.28.124.82] has joined #bitcoin-wizards		15:33
-!- vmatekole [~vmatekole@e180176249.adsl.alicedsl.de] has quit [Ping timeout: 255 seconds]		15:34
-!- copumpkin [~copumpkin@unaffiliated/copumpkin] has joined #bitcoin-wizards		15:34
-!- siervo [uid49244@gateway/web/irccloud.com/x-jmcdfapfnwqryuyi] has joined #bitcoin-wizards		15:35
-!- catlasshrugged [~catlasshr@ec2-54-149-141-214.us-west-2.compute.amazonaws.com] has joined #bitcoin-wizards		15:35
-!- vmatekol_ [~vmatekole@e180176249.adsl.alicedsl.de] has quit [Ping timeout: 245 seconds]		15:37
-!- siervo [uid49244@gateway/web/irccloud.com/x-jmcdfapfnwqryuyi] has quit [Client Quit]		15:37
-!- vmatekole [~vmatekole@e180174225.adsl.alicedsl.de] has joined #bitcoin-wizards		15:37
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Ping timeout: 264 seconds]		15:37
-!- eslbaer [~eslbaer@p579E9D7B.dip0.t-ipconnect.de] has quit [Ping timeout: 256 seconds]		15:41
-!- maraoz [~maraoz@43-161-16-190.fibertel.com.ar] has quit [Ping timeout: 264 seconds]		15:47
-!- orik [~orik@75.149.169.53] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		15:47
-!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has quit [Quit: Leaving]		15:49
-!- gsdgdfs [Transisto@213.179.213.75] has joined #bitcoin-wizards		15:59
-!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has quit [Ping timeout: 255 seconds]		15:59
-!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		16:18
-!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has quit [Quit: Leaving]		16:21
-!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has joined #bitcoin-wizards		16:21
-!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has quit [Client Quit]		16:23
-!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has quit [Ping timeout: 245 seconds]		16:23
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards		16:28
-!- mortale [~mortale@gateway/tor-sasl/mortale] has quit [Ping timeout: 250 seconds]		16:29
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Client Quit]		16:29
-!- mortale [~mortale@gateway/tor-sasl/mortale] has joined #bitcoin-wizards		16:33
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards		16:33
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Client Quit]		16:37
-!- TechGhost420 [~kvirc@207.207.22.127] has quit [Ping timeout: 264 seconds]		16:40
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:b18f:30df:de11:ee9f] has quit [Ping timeout: 265 seconds]		16:41
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards		16:43
-!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has joined #bitcoin-wizards		16:43
-!- jb55_ [~jb55@208.98.200.98] has joined #bitcoin-wizards		16:43
-!- Guest8623 is now known as amiller		16:47
-!- amiller [~socrates1@li175-104.members.linode.com] has quit [Changing host]		16:47
-!- amiller [~socrates1@unaffiliated/socrates1024] has joined #bitcoin-wizards		16:47
-!- jb55 [~jb55@208.98.200.98] has quit [Ping timeout: 252 seconds]		16:47
-!- jb55_ [~jb55@208.98.200.98] has quit [Ping timeout: 245 seconds]		16:48
-!- eslbaer [~eslbaer@p579E9D7B.dip0.t-ipconnect.de] has joined #bitcoin-wizards		16:52
-!- Dizzle [~diesel@70.114.207.41] has quit [Quit: Leaving...]		16:53
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		16:55
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards		16:58
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Client Quit]		16:58
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards		17:00
-!- copumpkin [~copumpkin@unaffiliated/copumpkin] has quit [Ping timeout: 244 seconds]		17:01
-!- copumpkin [~copumpkin@unaffiliated/copumpkin] has joined #bitcoin-wizards		17:04
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		17:07
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards		17:09
-!- copumpkin [~copumpkin@unaffiliated/copumpkin] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		17:10
-!- ryanxcharles [~ryanxchar@162-245-22-162.v250d.PUBLIC.monkeybrains.net] has quit [Ping timeout: 245 seconds]		17:11
-!- NomosOne [~NomosOne@pool-71-178-107-61.washdc.east.verizon.net] has quit [Remote host closed the connection]		17:19
-!- torsthaldo [~torsthald@unaffiliated/torsthaldo] has quit [Read error: Connection reset by peer]		17:21
-!- copumpkin [~copumpkin@unaffiliated/copumpkin] has joined #bitcoin-wizards		17:23
-!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has joined #bitcoin-wizards		17:26
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		17:29
-!- user7779_ [~user77790@ool-4354b720.dyn.optonline.net] has joined #bitcoin-wizards		17:34
-!- narwh4l [~michael@unaffiliated/thesnark] has joined #bitcoin-wizards		17:37
-!- user7779078 [user777907@gateway/vpn/mullvad/x-gwqfioylvyarpatn] has quit [Ping timeout: 264 seconds]		17:38
-!- NewLiberty [~NewLibert@2602:304:cff8:1580:b18f:30df:de11:ee9f] has joined #bitcoin-wizards		17:43
-!- Guest79176 [~Pan0ram1x@095-096-084-122.static.chello.nl] has quit [Ping timeout: 264 seconds]		17:47
-!- Pan0ram1x [~Pan0ram1x@095-096-084-122.static.chello.nl] has joined #bitcoin-wizards		17:53
-!- Pan0ram1x is now known as Guest7999		17:53
-!- nuke_ [~nuke@46-217-253.adsl.cyta.gr] has joined #bitcoin-wizards		17:55
-!- nuke1989 [~nuke@46-161-92.adsl.cyta.gr] has quit [Ping timeout: 244 seconds]		17:59
-!- d1ggy_ [~d1ggy@dslb-092-076-003-073.092.076.pools.vodafone-ip.de] has joined #bitcoin-wizards		18:02
-!- jtimon [~quassel@238.pool85-59-137.dynamic.orange.es] has quit [Ping timeout: 256 seconds]		18:03
-!- bendavenport [~bpd@64.124.157.148] has quit [Ping timeout: 252 seconds]		18:04
-!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has joined #bitcoin-wizards		18:05
-!- gsdgdfs [Transisto@213.179.213.75] has quit [Ping timeout: 240 seconds]		18:05
-!- d1ggy [~d1ggy@dslc-082-082-157-078.pools.arcor-ip.net] has quit [Ping timeout: 244 seconds]		18:06
-!- Sub\|zzz is now known as SubCreative		18:07
-!- user7779_ [~user77790@ool-4354b720.dyn.optonline.net] has quit [Remote host closed the connection]		18:12
-!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has joined #bitcoin-wizards		18:13
-!- NomosOne [~NomosOne@pool-71-178-107-61.washdc.east.verizon.net] has joined #bitcoin-wizards		18:16
-!- bbrittain [~bbrittain@172.245.212.12] has quit [Ping timeout: 245 seconds]		18:19
-!- narwh4l [~michael@unaffiliated/thesnark] has quit [Remote host closed the connection]		18:22
-!- nuke_ [~nuke@46-217-253.adsl.cyta.gr] has quit [Read error: Connection reset by peer]		18:32
-!- belcher [~belcher-s@unaffiliated/belcher] has quit [Quit: Leaving]		18:32
-!- Dr-G3 [~Dr-G@gateway/tor-sasl/dr-g] has joined #bitcoin-wizards		18:34
-!- Dr-G2 [~Dr-G@gateway/tor-sasl/dr-g] has quit [Ping timeout: 250 seconds]		18:35
-!- DoctorBTC [~DoctorBTC@unaffiliated/doctorbtc] has quit [Ping timeout: 244 seconds]		18:37
-!- yamamushi [~yamamushi@opentransactions/dev/yamamushi] has joined #bitcoin-wizards		18:38
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards		18:39
-!- DoctorBTC [~DoctorBTC@unaffiliated/doctorbtc] has joined #bitcoin-wizards		18:39
-!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has quit [Remote host closed the connection]		18:42
-!- RoboTeddy [~roboteddy@2601:9:3483:2400:c81c:a250:4391:d1b0] has joined #bitcoin-wizards		18:42
-!- nuke_ [~nuke@178-11-134.dynamic.cyta.gr] has joined #bitcoin-wizards		18:44
-!- RoboTeddy [~roboteddy@2601:9:3483:2400:c81c:a250:4391:d1b0] has quit [Ping timeout: 265 seconds]		18:47
-!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has quit [Ping timeout: 264 seconds]		18:57
-!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards		19:06
-!- TechGhost420 [~kvirc@209.99.2.222] has joined #bitcoin-wizards		19:10
-!- NomosOne [~NomosOne@pool-71-178-107-61.washdc.east.verizon.net] has quit [Remote host closed the connection]		19:10
kanzure	if there was a way to hash the set of consensus rules, it would be interesting to vanity grind on those rules until the hash function spits out a string that starts with bitcoin	19:15
kanzure	er, just as an amusing way to communicate your intent when you talk about a consensus rule set, instead of just saying "bitcoin" you would be communicating the exact rule set you are specifically referring to, at least in as much as collisions haven't been found or might be difficult to create through that scheme	19:16
@gmaxwell	kanzure: hah, I've joked before that the consensus rules should be hashed and we should have named the system the hash.	19:16
@gmaxwell	:P	19:17
kanzure	i stumbled into this idea over dinner with andytoshi so he might have primed me and you might have primed him	19:17
kanzure	so this might be your idea....	19:17
@gmaxwell	A better version, I don't think that I considered grinding it.	19:19
kanzure	well also, what exactly would be hashed? :\	19:19
kanzure	if this was cellular automata perhaps the answer would be more obvious	19:19
@gmaxwell	One might observe that the hash of the genesis block is considerably lower than one would expect for the threshold difficiulty.	19:19
@gmaxwell	kanzure: the bytecode of the consensus rules. I've previously proposed we should be moving all the consensus rules into a bytecode with a very simple interpeter.	19:20
@gmaxwell	This is part of where the interest in moxie comes from.	19:20
kanzure	but what about things like highest block picking rules	19:21
kanzure	surely that is important enough to go into the hash thing?	19:21
@gmaxwell	that could be inside it as well.	19:21
@andytoshi	i was thinking to vanity-grind some moxie no-ops, but actually changing the rules is a neat idea	19:21
kanzure	i'm also not sure what to do about updates and bugfixes. you could grind some more until you hit on some bogus rules or no-ops that allow you to get "BITCOIN" but then what... just because it says "BITCOIN" does not mean this variant is bitcoin compatible or a good idea at all :)	19:22
kanzure	i guess the ultimate dream is some proof of bitcoin compatibility, and then any statement that can be proven is (by definition of the proof system) definitely bitcoin-compatible?	19:24
kanzure	and then you grind on those statements	19:24
@gmaxwell	obviously one must define the hash function such that the first version says bitcoin trivially, and future versions can only be hashed by asking the prior version to hash them, and the prior version only lets them hash to bitcoin if you burned a lot of bitcoin to create then new version.	19:24
kanzure	hah proof of burn. okay.	19:24
@gmaxwell	e.g. it's a certitifcate chain where each version authenticates its successor.	19:27
kanzure	so you can only reduce bitcoin-compatibility going forward?	19:29
kanzure	huh i don't know why i asked that. i had a good reason to think there was some sort of "convergence", but i've lost it.	19:30
-!- roconnor [~roconnor@e120-pool-d89a63c0.brdbnd.voicenetwork.ca] has joined #bitcoin-wizards		19:30
kanzure	also what about competing forks where both same-depth versions had same BTC amounts burned and are both valid ?	19:30
-!- atgreen [~user@CPE687f74122463-CM84948c2e0610.cpe.net.cable.rogers.com] has quit [Read error: Connection reset by peer]		19:31
@gmaxwell	well I wasn't saying that such a mechenism was sufficient.	19:31
-!- atgreen [~user@CPE687f74122463-CM84948c2e0610.cpe.net.cable.rogers.com] has joined #bitcoin-wizards		19:31
kanzure	anyway yes i agree that instead of going for "BITCOIN" it should just be whatever the original hash turns out to be	19:33
-!- waxwing [waxwing@gateway/vpn/mullvad/x-qbwjrjikomadlnog] has quit [Quit: Leaving]		19:49
-!- MoALTz_ [~no@user-109-243-165-112.play-internet.pl] has joined #bitcoin-wizards		19:51
-!- copumpkin [~copumpkin@unaffiliated/copumpkin] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		19:52
-!- MoALTz [~no@user-109-243-165-112.play-internet.pl] has quit [Ping timeout: 265 seconds]		19:54
-!- eslbaer_ [~eslbaer@p548A4B5D.dip0.t-ipconnect.de] has joined #bitcoin-wizards		19:58
-!- eslbaer [~eslbaer@p579E9D7B.dip0.t-ipconnect.de] has quit [Ping timeout: 256 seconds]		20:01
-!- tacotime [~mashkeys@198.52.200.63] has quit [Ping timeout: 264 seconds]		20:08
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 265 seconds]		20:12
-!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards		20:13
-!- yamamushi [~yamamushi@opentransactions/dev/yamamushi] has quit [Quit: Leaving.]		20:25
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		20:30
-!- yamamushi [~yamamushi@opentransactions/dev/yamamushi] has joined #bitcoin-wizards		20:32
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards		20:34
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Client Quit]		20:38
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards		20:40
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Client Quit]		20:44
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards		20:45
nullbyte		20:46
-!- thrasher` [~thrasher@27-33-27-140.static.tpgi.com.au] has joined #bitcoin-wizards		20:46
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]		20:51
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards		20:53
-!- adlai [~Adlai@gateway/tor-sasl/adlai] has quit [Ping timeout: 250 seconds]		20:54
-!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Client Quit]		20:56
-!- adlai [~Adlai@gateway/tor-sasl/adlai] has joined #bitcoin-wizards		20:56
-!- devrandom [~devrandom@gateway/tor-sasl/niftyzero1] has quit [Quit: leaving]		20:57
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]		20:58
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards		21:00
-!- faraka [49cc4c7f@gateway/web/freenode/ip.73.204.76.127] has joined #bitcoin-wizards		21:15
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]		21:17
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards		21:20
-!- gsdgdfs [Transisto@213.179.213.145] has joined #bitcoin-wizards		21:21
-!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has quit [Ping timeout: 255 seconds]		21:23
-!- koshii [~0@node-9x6.pool-101-108.dynamic.totbb.net] has joined #bitcoin-wizards		21:23
-!- koshii [~0@node-9x6.pool-101-108.dynamic.totbb.net] has quit [Client Quit]		21:24
-!- vmatekole [~vmatekole@e180174225.adsl.alicedsl.de] has quit [Remote host closed the connection]		21:27
-!- nullbits [32737ea5@gateway/web/freenode/ip.50.115.126.165] has joined #bitcoin-wizards		21:27
-!- tacotime [~mashkeys@198.52.200.63] has joined #bitcoin-wizards		21:30
-!- TechGhost420 [~kvirc@209.99.2.222] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]		21:34
-!- copumpkin [~copumpkin@unaffiliated/copumpkin] has joined #bitcoin-wizards		21:35
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]		21:38
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards		21:40
-!- faraka [49cc4c7f@gateway/web/freenode/ip.73.204.76.127] has quit [Ping timeout: 246 seconds]		21:40
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]		21:50
-!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has joined #bitcoin-wizards		21:52
-!- gsdgdfs [Transisto@213.179.213.145] has quit [Ping timeout: 244 seconds]		21:53
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards		22:24
-!- vmatekole [~vmatekole@e180174225.adsl.alicedsl.de] has joined #bitcoin-wizards		22:28
-!- bendavenport [~bpd@c-50-131-42-132.hsd1.ca.comcast.net] has joined #bitcoin-wizards		22:29
-!- drawingthesun [~drawingth@106-68-79-97.dyn.iinet.net.au] has joined #bitcoin-wizards		22:29
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]		22:29
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards		22:30
-!- drawingthesun [~drawingth@106-68-79-97.dyn.iinet.net.au] has quit [Client Quit]		22:33
-!- vmatekole [~vmatekole@e180174225.adsl.alicedsl.de] has quit [Ping timeout: 252 seconds]		22:36
-!- eslbaer_ [~eslbaer@p548A4B5D.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]		22:40
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]		22:47
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards		22:47
-!- nullbits [32737ea5@gateway/web/freenode/ip.50.115.126.165] has quit [Ping timeout: 246 seconds]		23:19
-!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has quit [Remote host closed the connection]		23:20
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]		23:21
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards		23:24
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Client Quit]		23:28
-!- vmatekole [~vmatekole@e180174225.adsl.alicedsl.de] has joined #bitcoin-wizards		23:33
-!- vmatekole [~vmatekole@e180174225.adsl.alicedsl.de] has quit [Ping timeout: 264 seconds]		23:38
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards		23:39
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Client Quit]		23:41
-!- ryanxcharles [~ryanxchar@2601:9:4680:dd0:f902:fc51:6034:a88c] has joined #bitcoin-wizards		23:42
-!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards		23:43
-!- ryanxcharles [~ryanxchar@2601:9:4680:dd0:f902:fc51:6034:a88c] has quit [Ping timeout: 265 seconds]		23:49
-!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards		23:53
-!- eslbaer_ [~eslbaer@p548A4B5D.dip0.t-ipconnect.de] has joined #bitcoin-wizards		23:58
--- Log closed Sat Jan 10 00:00:18 2015

Generated by irclog2html.py 2.15.0.dev0 by Marius Gedminas - find it at mg.pov.lt!