--- Day changed Sat Sep 21 2019
01:21 -!- only1canobie [8613b3ab@134.19.179.171] has joined #joinmarket     
01:22 < only1canobie> (im a n00b learning about JM) I read that you really should connect through TOR.
01:22 < only1canobie> and that you have the private keys on your hot computer, connected via TOR
01:23 < only1canobie> is it possible that someone, when they see me announce i got a quadrillion bitcoins to coinjoin, to somehow use the TOR connection to hack my computer?
01:24 < belcher> thats not very likely
01:25 < only1canobie> i guess TOR was designed explicitly to stop people from finding out my real IP address :-)
01:26 < belcher> yes     
01:26 < only1canobie> ok, let's presume TOR isn't broken. is it possible for the attacker to craft some message that will hack my joinmarket client?
01:26 < only1canobie> as in some kind of buffer overflow something (i only read about this on the internet)
01:26 < belcher> thats possible but not very likely
01:27 < belcher> python doesnt have dangerous buffer overflows
01:27 < only1canobie> great
01:27 < belcher> and tor couldnt make that problem worse (or better)
01:28 < only1canobie> i listened to a podcast about the "bitcoin bull" exchange in canada. they use coinjoin. are they using Joinmarket?
01:28 < belcher> i dont know
01:29 < only1canobie> interesting :) 
01:29 < only1canobie> i got one more question
01:30 < only1canobie> python depends on libraries, hence joinmarket depends on these libraries. how do we know a backdoor isn't present in one of these deep down in the dependecy tree libs?
01:31 < only1canobie> i know my questions are impossible to answer, but im curious to know how joinmarket devs thinks about these issues :)
01:31 < only1canobie> (i mean provide a "there is zero danger" answer)
01:32 < belcher> there isnt zero danger, running a yield generator always involves risk from hot wallets
01:32 < only1canobie> belcher, thanks a lot for taking the time answering my questions! ill read some more of the docs know. great docs by the way!!!
01:32 < belcher> there are mitigations like pinning dependencies to their hash so they cant easily be changed by an upstream maintainer
01:34 < only1canobie> i guess running old code that hasnt yet been exploited also can give slightly more (false sense of) security
01:35 < belcher> perhaps, but also on the other hand you miss out on new security updates doing that
01:37 < waxwing> 'bitcoin bull' is the francis pouliot thing, they're using wasabi
01:50 < only1canobie> waxwing yes the pouliot thing. ok wasabi, i c
01:54 < only1canobie> ive noticed that there is a script for manually signing transactions. that sounds very nice. ive created an air-gapped computer that pass messages over QR codes (so indeed, it isn't truly air-gapped). but i read in the docs that manually signing in joinmarket is discouraged. is this mainly because it's so easy to wreck yourself, or is there some
01:54 < only1canobie> other issues (such as market order timeouts) that one should know about? 
01:55 < belcher> where does it say manual signing is discouraged?
01:55 < only1canobie> let me see if i can find it, w8
02:00 < only1canobie> it doesn't say it's discouraged. it turns out that this was my own interpretation of this text: "Warning: Directly manipulating ECDSA private keys and bitcoin raw transaction is dangerous and can result in losing money. See discussion here and here. This script is for advanced users only. Always carefully check transactions before signing and
02:00 < only1canobie> broadcasting them"
02:00 < only1canobie> from : joinmarket/wiki/Spending-from-cold-storage,-P2SH-or-other-exotic-inputs-with-CoinJoin
02:56 -!- only1canobie [8613b3ab@134.19.179.171] has quit [Remote host closed the connection]     
09:46 -!- takamatsu [~takamatsu@unaffiliated/takamatsu] has quit [Ping timeout: 240 seconds]     
09:59 -!- takamatsu [~takamatsu@unaffiliated/takamatsu] has joined #joinmarket     
--- Log closed Sat Sep 21 10:15:26 2019
--- Log opened Sat Sep 21 10:15:38 2019
10:15 -!- kanzure_ [~kanzure@unaffiliated/kanzure] has joined #joinmarket     
10:15 -!- Irssi: #joinmarket: Total of 59 nicks [1 ops, 0 halfops, 0 voices, 58 normal]     
10:20 -!- Netsplit *.net <-> *.split quits: Zenton, MaxSan, kanzure
10:24 -!- Netsplit over, joins: MaxSan
10:25 -!- Irssi: Join to #joinmarket was synced in 593 secs
10:40 -!- reallll [~belcher@unaffiliated/belcher] has joined #joinmarket     
10:43 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 240 seconds]     
11:38 -!- reallll is now known as belcher     
12:16 -!- Zenton [~user@unaffiliated/vicenteh] has joined #joinmarket     
12:46 -!- You're now known as kanzure     
13:25 -!- takamatsu [~takamatsu@unaffiliated/takamatsu] has quit [Ping timeout: 276 seconds]     
17:42 -!- CgRelayBot [~CgRelayBo@p5DE4AC40.dip0.t-ipconnect.de] has quit [Ping timeout: 245 seconds]     
17:42 -!- AgoraRelay [~jmrelayfn@p5DE4AC40.dip0.t-ipconnect.de] has quit [Ping timeout: 265 seconds]     
17:55 -!- AgoraRelay [~jmrelayfn@93.228.163.45] has joined #joinmarket     
17:55 -!- CgRelayBot [~CgRelayBo@p5DE4A32D.dip0.t-ipconnect.de] has joined #joinmarket     
18:06 < fiatjaf> can we get the txid before accepting the offers when using sendpayment.py?
22:41 -!- Giszmo [~leo@2407:7000:9d28:5100:450a:7645:a1a1:45b7] has joined #joinmarket     
22:48 -!- Giszmo [~leo@2407:7000:9d28:5100:450a:7645:a1a1:45b7] has quit [Quit: Leaving.]     
22:48 -!- Giszmo [~leo@2407:7000:9d28:5100:450a:7645:a1a1:45b7] has joined #joinmarket     
23:07 -!- Abstraktikus [5507a8bd@189.168.7.85.dynamic.wline.res.cust.swisscom.ch] has joined #joinmarket     
23:25 < waxwing> fiatjaf, not before accepting the offers, because the offers don't include utxo and output address info from counterparties