00:00:14 <Luke-Jr> maaku: why might it fail to happen?
00:03:18 <maaku> well it's not something we are actively working on at this exact moment, or funded to do, so I wouldn't want to say with 100% certainty that it would happen
00:03:47 <maaku> but it is a priority in the near term, just not this exact moment (unless someone stepped in to fund us)
00:03:54 <maaku> i assume you're talking about freimarkets
00:04:15 <maaku> "if Freimarkets fails to happen"
00:07:13 <Luke-Jr> I mean merged mining
00:07:22 <Luke-Jr> which tbh is more interesting to me than Freimarkets..
00:11:46 <maaku> ok so the story there is I've already gotten permission from the two major pools (>90% of the hash power) to add merged mining with the Freimarkets hard-fork
00:30:33 <Luke-Jr> maaku: hopefully an improved/fixed algo? :D
00:46:24 <maaku> Luke-Jr: yeah, basically a generic mechanism for committing arbitrary key/value data to the coinbase using Merklized indices
00:47:00 <maaku> also works for document timestamping, or other applications
01:21:27 <andytoshi> i'm going to delay the coinjoin another day because i'm close to having a tool which will merge the signed transactions for me
01:21:43 <andytoshi> so again i'm open to people joining in :)
02:36:54 <adams.freenode.net> topic is: Bitcoin research, hardfork wishlist, ideas for the future - see also: https://en.bitcoin.it/wiki/Hardfork_Wishlist https://en.bitcoin.it/wiki/User:Gmaxwell/alt_ideas
02:36:54 <adams.freenode.net> Users on #bitcoin-wizards: andytoshi-logbot _ingsoc Mikalv Krellan_ Muis phrackage MoALTz_ Emcy epscy nsh Baz gavinandresen ghtdak edulix eristisk helo Lifeofcray jtimon JochenKlump hnz phantomcircuit maaku andytoshi amiller fagmuffinz jarpiain nell K1773R spinza Fistful_of_LTC kinlo typex midnightmagic warren trn iddo_ gmaxwell jrmithdobbs realazthat sipa Krellan lianj cfields Luke-Jr azariah4 UukGoblin deepc0re_ tucenaber nanotube BlueMatt Graet michagogo|cloud
02:36:54 <adams.freenode.net> Users on #bitcoin-wizards: Ryan52 HM2 wumpus petertodd harrow hno pigeons EasyAt forrestv
03:25:42 <gmaxwell> andytoshi: if you've got a merging tool then you can probably go nag more people to join.
03:26:13 <gmaxwell> e.g. go post in the cj thread.
03:36:23 <andytoshi> gmaxwell: not yet
03:36:38 <andytoshi> i'm almost done the merger, but rust has no json-rpc support, so there'll be some more work
03:36:54 <andytoshi> it's no problem to just wrap a C lib, but those are hard to come by too :P
03:51:58 <gmaxwell> json rpc so that it yells if you try to add already spent coins? are you going to make it constrain outputs<inputs per user too?
03:52:34 <andytoshi> the latter
03:52:53 <gmaxwell> cool. make sure you shuffle the order.
03:52:58 <andytoshi> good call
03:53:28 <andytoshi> in about an hour i'll have something that can merge transactions and checks that they at least are all the same transaction
03:53:42 <andytoshi> i'd like to figure out RPC so i can check spending and value constraints
03:53:48 <andytoshi> and i'd also like to figure out CHECKSIG
03:54:04 <andytoshi> but those can wait for another day
03:54:38 <gmaxwell> I guess if you're fetching the inputs you can validate the sigs... but thats not super critical...
03:55:31 <gmaxwell> validating is a pita if you're not constraining the kinds of coins you spend.
03:57:20 <andytoshi> yeah, i read through the wiki pages and etotheipi's graphic..
04:18:21 <andytoshi> i think it's working (rust is incredible, first time it compiles it does the right thing)
04:18:31 <andytoshi> how can i verify that the signed transaction is valid?
04:35:29 <gmaxwell> andytoshi: there is no 'validatetransaction' rpc call, the best you can do is try it on testnet ... or an isolated node. (e.g. if the txn isn't relevant to your wallet, and you are -noconnect -nolisten ... it'll only ever be in memory on your node)
04:50:41 <andytoshi> done, will be on github in 5 minutes..
04:51:54 <gmaxwell> you may have the odd honor of having first publically posted rust bitcoin code.
04:56:26 <andytoshi> https://github.com/apoelstra/coinjoin
04:56:32 <andytoshi> * andytoshi blushes
04:56:38 <jgarzik> gmaxwell, I'm pretty sure signtransaction will validate for you
04:56:44 <jgarzik> gmaxwell, it's not explicit, but there is a way
04:56:54 <jgarzik> one of the RPC calls will perform that function
04:59:35 <gmaxwell> maybe the complete flag there ... but I'm not sure, as I've run into it saying complete:false on a totally valid completed transaction in some case or another.
04:59:57 <gmaxwell> it won't tell you where it fails if it does, which I think is what andytoshi would want.
05:00:11 <andytoshi> hmm, running signtransaction on my supposedly-signed transaction changes the signature
05:00:18 <andytoshi> which is a bad sign i think
05:01:38 <andytoshi> but otoh running decoderawtransaction, i can see that my code is doing exactly what i would have done, had i merged them by hand
05:02:04 <andytoshi> it seems like signrawtransaction's signatures depend in a noticeable way on what the other inputs are
05:04:22 <gmaxwell> andytoshi: first, the signatures have a nonce and every time you sign will be different.
05:04:48 <andytoshi> oh, that's right
05:04:51 <gmaxwell> secondly, a normal sighash all signature covers all the input ids and outputs (but not the signatures themselves)
05:05:01 <andytoshi> yes, i'm aware of that
05:05:05 <andytoshi> but it zeros out the scriptSigs
05:05:08 <gmaxwell> right.
05:05:52 <andytoshi> my feeling is, i should just post this on the cj thread, and if it's creating invalid transactions, that's a safe failure mode
05:06:47 <BlueMatt> anyone want a google glass invite to work on bitcoin on glass? (or in general, but itd be cool to pay with bitcoin on glass)
05:07:08 <BlueMatt> (because thats not insecure or anything)
05:07:46 <andytoshi> yeah, there'd be bullies putting QR codes on peoples' feet then saying "your shoes are untied!"
05:07:52 <andytoshi> you look down and bam, lunch money stolen
05:08:17 <BlueMatt> well, someone who has time should think about how to make it secure, but first they need glass :)
05:08:33 <gmaxwell> the glass interface seems really twitchy
05:08:39 <BlueMatt> how so?
05:08:47 <gmaxwell> but there are buttons so you can use those.
05:09:00 <gmaxwell> BlueMatt: just easy to trigger the wrong thing.
05:09:10 <BlueMatt> yea, it can be
05:14:19 <gmaxwell> andytoshi: I don't see any huge risk from it, it's not an automated signer, user-beware that they check the decode before signing what it gives them.
05:14:20 <BlueMatt> it also doesnt even support passcode locks, so you'd have to do that yourself if you wanted anything like bitcoin
05:14:41 <BlueMatt> still, someone should do it...I'll throw in an invite if someone wants to
05:16:24 <andytoshi> grr, i typed up a nice message and bitcointalk deleted it..
05:17:57 <BlueMatt> why would you type a nice message for bitcointalk anyway?
05:20:13 <andytoshi> if you guys trust me, i can make linux 64 binaries as well, if you wanna play with this..
05:22:02 <andytoshi> http://download.wpsoftware.net/bitcoin/coinjoin/
05:56:43 <BlueMatt> andytoshi: I havent been paying attention, how is the matching process on there?
05:57:24 <andytoshi> hmm?
05:57:49 <BlueMatt> some magic p2p network that matches people who want to join, or what?
05:59:31 <andytoshi> BlueMatt: oh, i didn't solve that problem
05:59:35 <andytoshi> kjj was talking about it
05:59:52 <andytoshi> my thing requires you get together and exchange rawtransactions, it just simplifies the merge steps..
06:00:05 <BlueMatt> ahh, I was hoping for something that could get merged into wallets
06:00:07 <BlueMatt> :(
06:00:12 <andytoshi> not yet
07:30:34 <Fistful_of_LTC> Fistful_of_LTC is now known as Fistful_of_AFK
11:14:21 <michagogo|cloud> 06:35:30 <gmaxwell> andytoshi: there is no 'validatetransaction' rpc call, the best you can do is try it on testnet ... or an isolated node. (e.g. if the txn isn't relevant to your wallet, and you are -noconnect -nolisten ... it'll only ever be in memory on your node)
11:14:28 <michagogo|cloud> Wait, is -noconnect a thing?
11:14:36 <michagogo|cloud> I knew of -connect=0.0.0.0
11:16:16 <sipa> -noX is interpreted as -X=0
11:16:31 <michagogo|cloud> Oh, cool
11:16:39 <michagogo|cloud> (and can you -connect=0?)
12:03:41 <wumpus> I don't think -noconnect is a supported option
12:04:06 <michagogo|cloud> BlueMatt: around?
12:05:02 <michagogo|cloud> er, wrong channel
12:51:23 <damethos> damethos has left #bitcoin-wizards
17:25:38 <nsh> http://www.sparecoins.io/ <--- good / bad / ugly / dunno?
17:26:01 <gmaxwell> nsh: save us from clicking with a one line summary.
17:26:21 <nsh> browser-extension wallet, storing keys inside browser
17:26:38 <nsh> --
17:26:39 <nsh> Every week, another online Bitcoin Wallet gets hacked. SpareCoins, however, does not have a central point for attackers to target. Your private keys are encrypted and stored inside your browser, rather than an unsafe remote server. Your private keys can be backed up at anytime, and clearing your cache won’t delete your keys.
17:26:40 <nsh> --
17:27:14 <nsh> depends on the code quality i guess..
17:27:30 <nsh> --
17:27:32 <wumpus> don't bitaddress etc work the same?
17:27:32 <nsh> Sam Stewart5 hours ago
17:27:32 <nsh> It sends bitcoins. It's easy. It works. What more do you need?
17:27:41 <nsh> -- review. (this is the attitude that worries me...)
17:27:46 <nsh> unsure
17:29:09 <sipa> I consider every argument of the form "It is secure because ... only inside your browser" to be invalid
17:29:41 <sipa> which e-wallet did that, hack their JS to steal some coins back?
17:30:36 <nsh> aye. though this model is without a server, but just as succeptible to untrusted updates
17:33:34 <wumpus> well the advantage to this is that you can just host the .html files locally
17:34:29 <wumpus> and maintain them in (for example) a git repository so that changes are trackable
17:35:13 <nsh> * nsh nods
17:35:52 <wumpus> but I'm also a bit wary to trusting my browser with a wallet, I prefer native applications for that
17:37:03 <wumpus> browsers have a reputation of having all kinds of suble security bugs which suddenly become fatal if you store high-valued private keys in them
17:38:40 <nsh> wumpus, this echoes my sentiments
17:39:00 <nsh> also browsers are an established target for malware/spyware/adware already
17:39:23 <jgarzik> jgarzik is now known as home_jg
17:39:40 <wumpus> then again, they do accomplish the goal of being more secure than online hosted wallets
17:39:41 <phantomcircuit> sipa, i actually prefer my implementation, his is using the stdio functions for apparently no reason
17:54:01 <sipa> phantomcircuit: there was discussion about it on the mailing list
17:54:02 <sipa> i can't remember why, though
17:54:55 <phantomcircuit> their google groups is impossible to read online
17:55:14 <phantomcircuit> every reply ends up with at least 100 citations at the bottom
18:09:04 <nsh> it works for science...
18:10:14 <nsh> (fsvo 'works')
18:11:19 <maaku> nsh: meh, sometimes I wish paper writers would boil it down to the 4-5 actually useful citations
18:11:56 <nsh> indeed, or at least be able to click through to the relevant findings in the referenced papers highlighted
18:13:13 <nsh> at lot of it is formality though. you have to prove you're not replicating anyone else's work by laboriously referencing trifflingly similar paper
18:13:35 <andytoshi> it is also considered polite, to improve others' citation rankings
18:13:38 <andytoshi> <.<
18:13:43 <nsh> * nsh nods
18:24:08 <phantomcircuit> the ticket i opened asking apple to clarify msync MS_SYNC behavior has been tagged Rank:No Value
18:24:26 <phantomcircuit> so im just going to assume that msync w/ MS_SYNC does the stupidest thing possible
18:24:37 <phantomcircuit> which is to flush to the dirty page cache of the filesystem and not to disk
18:25:08 <phantomcircuit> meaning likely the mmap issues in leveldb could be corrected simply by swapping fdatasync->msync to msync -> fdatasync
18:44:35 <maaku> andytoshi: which is the problem, as a user of academic research: i'd rather useless citations weren't piled on to boost people's rankings
18:45:08 <gmaxwell> maaku: piled on to grease reviewers palms. :)
18:45:18 <maaku> heh, yeah
18:45:41 <gmaxwell> "You want me to cite what? ... ugh. fine."
18:47:11 <andytoshi> maaku: i concur, i think it's going to improve a bit as people tend to read preprints more, rather than published papers
18:47:22 <andytoshi> and gratuitous citations on preprints don't help anyone
18:47:36 <andytoshi> so as long as you just ignore all the actual journals... ;)
21:31:58 <andytoshi> everyone involved in my coinjoin, i'm going to publish it in about 90 minutes (3PM pacific), so if you want to bug me about it, just /msg
21:33:15 <jgarzik> andytoshi: this seems like #bitcoin-otc material?   bitcoin coin swap meets...
21:33:28 <andytoshi> hmm, good call
21:33:44 <andytoshi> it just happened this time that everyone involved (who would identify themselves to me) is a wizard
21:51:58 <Luke-Jr> andytoshi?
21:52:08 <Luke-Jr> publish what? :P
21:53:45 <andytoshi> Luke-Jr: a couple days ago a bunch of us got together on a coinjoin, and i'm just now getting to publishing the combined transaction
21:53:58 <andytoshi> there were some delays as i had to write tools to do the merger, and people were not always online
21:54:26 <amiller> oh my, coping with n parties some of which may or may not be online at any given time :3
21:54:35 <gmaxwell> jgarzik: yea, I'd suggested doing coinjoin tuesdays or whatever. But it sounds like andy might have something better.
21:56:27 <andytoshi> (i am working on a site which uses my coinjoin merger tool, and flips every N seconds between collecting unsigned transactions and collecting signed ones)
21:56:54 <Luke-Jr> andytoshi: ah, I thought you meant a paper or program :P
21:57:08 <andytoshi> nope, nothing so exciting
21:57:26 <andytoshi> though i do have a program at https://github.com/apoelstra/coinjoin which does the merging
23:24:14 <nsh> has anyone done an analysis to predict (in some model) when we might be likely to hit the 1mb blocksize limit due to transaction volume?
23:29:22 <andytoshi> so, the coinjoin transaction has been publish, and has drifted past my node at least
23:29:26 <andytoshi> which believes it is 100% fees
23:32:34 <andytoshi> ..well, it has all the relevant addresses and the correct 'send' and 'receive' amounts on each, it's just the total that's wring
23:33:05 <gmaxwell> andytoshi: actually it believes it has negative fees.
23:33:22 <gmaxwell> because it has money that came in from nowhere. :)
23:33:33 <andytoshi> oh :P it's the amount that's displayed as negative.
23:34:13 <gmaxwell> and yea, what it does for the fees displayed there is braindamaged.
23:34:30 <andytoshi> ok, and the output of listunspent 0 has all my money listed.. phew
23:34:39 <andytoshi> i understand how signatures work and it was still scary :)
23:34:51 <andytoshi> "somehow i lost everyone's money"
23:34:56 <gmaxwell> andytoshi: it's prudent to be a chicken, but you're still a chicken. :P
23:35:45 <andytoshi> this is so cool, that basically a bunch of strangers put $35000 into an envelope i held out, saying i'd mail it..
23:37:21 <gmaxwell> yea, because the envelope was magic and made it impossible (well, if their putting-in was well formed) for you to cheat. Someday all those fairy tales will sounds sensible.
23:39:23 <nsh> * nsh smiles
23:39:57 <nsh> fools! it was a moebius envelope...
23:40:11 <nsh> andytoshi, is your coinjoin thing explained somewhere?
23:40:50 <andytoshi> well, the bitcointalk thread is at https://bitcointalk.org/index.php?topic=279249.0
23:41:32 <andytoshi> idk if anyone 'invented' the idea, i figured it out just from the name..
23:42:00 <andytoshi> to use my tool, the README on https://github.com/apoelstra/coinjoin should be sufficient
23:42:10 <nsh> ty
23:43:14 <gmaxwell> Petertodd invented the name at my request. The idea of making private transactions this way has basically been known forever. E.g. I recall some old post of hal's describing a higher level protocol for anonymous loans based basically on coinjoins.
23:43:45 <nsh> * nsh nods
23:44:06 <gmaxwell> I was getting a bit frustrated with people fixating on "zerocoin" as a magical unicorn that was just around the corner(tm) to solve all privacy problems. ... and I decided that part of the problem with people fixating was that the alternatives didn't have _names_.
23:44:21 <gmaxwell> which sounds kinda weird but I think its true.
23:44:45 <gmaxwell> so then armed with a name I wrote up a description and a call to action.
23:44:53 <nsh> excellent
23:44:56 <andytoshi> i think it's true, back in 2011 when you had that coinjoining thread with no name, it looked very scary and technical
23:45:01 <andytoshi> and at the time i didn't look into it at all
23:45:31 <andytoshi> otoh, this time around i knew how transactions were structured, so maybe i didn't need the name..
23:47:01 <nsh> names act as conceptual anchors and nucleation points
23:47:48 <nsh> they can be very effecticious :)
23:48:05 <andytoshi> yeah, before it was "type some weird commands to get hex codes you are supposed to give to gmaxwell via PM, who totally can't get money out of them, and he'll give you some more hex codes to incant over"
23:48:22 <nsh> (or efficacious, which is apparently less made-up of a word)
23:48:34 <andytoshi> and then somehow people smarter than you would no longer be able to watch you so closely :)
23:49:09 <nsh> i think things where you could illustrate them with a silly simpsons aside cartoon sketch
23:49:56 <nsh> i picture a load of robed and hooded stone-cutter mason-types all gathering together solemnly in a circle and exchanging things from closed fists while blindfolded
23:50:13 <nsh> :)
23:50:20 <gmaxwell> What I observed is that zerocoin is even _more_ technically inaccessable but it had an accessible name and so many people were interested and a few people even learned about some of the details.  I also added the points that they could be done automatically, and that you could potentially use blind signing to even blind the merging party to the mapping, and that you could use sorting networks to boost the anonymity to any size, none ...
23:50:26 <gmaxwell> ... of which are all that important to the idea.
23:50:55 <nsh> mmm
23:51:49 <gmaxwell> https://bitcointalk.org/index.php?topic=5027.msg73733#msg73733
23:53:31 <nsh> "There needs to be a system of anonymous payments, and a simple trusted machine called the Pot. (In practice, the Pot would be simulated by the participants, using a cryptographic multi-party computation.)"   boy, those parentheses sure make that sound simple...
23:53:32 <gmaxwell> what gets described there can be accomplished with a coinjoin and an inverse coinjoin coupled with blind signing to prevent DOS of the inverse coinjoin.
23:53:52 <nsh> hmm
23:54:25 <nsh> how are legs broken if someone welches?
23:54:39 <gmaxwell> the output of the coinjoin is not anonymous.
23:54:54 <gmaxwell> (and thus inputs of the inverse coinjoin are not anonymous)
23:55:54 <gmaxwell> e.g.  it takes random private amounts and makes N uniform public amounts. And then later N uniform public amounts come back (or else!) and random private amounts are dispensed.
23:57:57 <nsh> * nsh nods