00:19:27 <andytoshi> gmaxwell: i think i've got the coinjoiner working, with the ding and the autorefresh and the frequent checking of transaction validity
00:19:46 <andytoshi> i still have not updated the tiebreaker code for most popular output to take into account roundness of numbers..
00:21:47 <andytoshi> i'm really happy with how this is turning out, i do wish there was a nicer UI than "run these rawtx commands"
00:23:58 <michagogo|cloud> andytoshi: You could make a script or set of scripts for assorted languages to use the rpc interface to make a nicer UI
00:31:30 <gmaxwell> andytoshi: well, next step can be to write a client for it. :P
00:31:52 <nsh> use predicates
00:52:42 <adam3us> adam3us has left #bitcoin-wizards
01:14:32 <maaku> gmaxwell: "The general idea is that the merging party can just make a list (blindly) mapping their inputs to outputs, give the list to all players, and commit to the list so that all players know they got the same list." <-- that's how I always understood the protocol, and what the one I'm working on does
01:14:46 <maaku> I guess I don't understand phillipsjk's attack?
01:16:29 <gmaxwell> e.g. you and I want to coinjoin and both of us want to pay 1 BTC to 1wikileaks (perhaps among several other outputs we want).
01:16:47 <maaku> ok
01:17:15 <gmaxwell> in the most straight forward construction the merging host could have just 1  1BTC output to 1wikileaks,  and if you and I don't know about each other we'd inspect the transaction and each say "yep, 1btc payment to wikileaks, good to go"
01:18:02 <gmaxwell> meanwhile the merging host had just added in an extra 1btc payment to themselves.
01:19:06 <maaku> so in the version I'm working on, the merger (I call him the joiner) makes a proposal by referencing offers signed by each participant
01:19:28 <maaku> so we could, in principle, check that each others requirements were met and not double-count the donation
01:19:45 <maaku> but yes, I understand the problem now and I hadn't considered it
01:20:10 <maaku> my naive implementation would have just checked the user's own requirements and could fall victim to that
01:20:19 <gmaxwell> yea, it's perfectly solvable.
01:21:50 <maaku> hrm.. but this is maybe semantically ambiguous - what if I really only care that 1 btc was sent to 1wikileaks?
01:21:55 <gmaxwell> I give two ways to solve it— one constrains an output pubkey, the other requires an extra communications roundtrip.  I dunno if there are better ways. The communications round trip might just be necessary for anti-dos reasons regardless.
01:22:14 <gmaxwell> maaku: then you could signal that, I suppose... one is a superset of the other.
01:22:52 <maaku> in freimarkets for example, we have private servers that condition transactions based on whether an output matching a certain template makes it on the block chain
01:23:13 <gmaxwell> for transaction fees (which you can think of as being a 'reused address') it might actually be the case that you only care that X amount goes to them and you don't give a darn regardless.
01:23:52 <maaku> in which case you're using it as a semaphore ... but it's not really a problem if more money ends up there, and I assume that requiring both outputs is the better default
01:23:58 <gmaxwell> maaku: right, and what I'm saying is that the ability to accept such a case is a subset of the ability to detect that you're in such a case.
01:24:04 <maaku> yeah
01:24:33 <maaku> sorry, just thinking outloud
01:24:41 <gmaxwell> I'd actually like it if CJ things could merge outputs, e.g. 1 WL, 1 WL -> 2 WL.. but because of the triggers you'd want to actually communicate your willingness to accept.
01:25:31 <gmaxwell> (merging matching outputs is always equal or better for privacy, and its more efficient)
01:27:03 <maaku> yeah
01:28:54 <gmaxwell> andytoshi: I assume when you put this up for real you put it behind ssl?
01:33:59 <andytoshi> gmaxwell: yeah, definitely
01:34:38 <andytoshi> actually, i have been meaning to put my entire site behind ssl for a long time.. is there such a thing as a  good cheap cert provider?
01:34:51 <gmaxwell> startssl
01:34:54 <maaku> startssl
01:35:15 <gmaxwell> at least in one of your dimensions its infinitely good.
01:35:23 <andytoshi> thx guys :)
01:35:26 <adam3us> andytoshi: all certs are equal, buy the cheapest :) (its an openssl design side effect - weakest link in chain defines system security)
01:36:07 <gmaxwell> not quite equal, since there is some inequality in support in older browsers, but I think for your stuff you don't care.
01:36:37 <maaku> adam3us: well, you need to make sure it's a widely deployed root cert (e.g. built into mobile browsers)
01:36:47 <maaku> but startssl is, and it's free ... kinda hard to beat that :)
01:36:53 <andytoshi> well, i meant 'good' in a moral sense.. for example godaddy supported SIPA, they act like scammers, they look sleazy, etc
01:37:13 <gmaxwell> If you don't pay them it's less morally ambigious. :)
01:37:31 <adam3us> maaku: some of them have a chain file you have to use, because they are subcas, which works but makes the cert response over the wire larger
01:37:34 <andytoshi> yeah, i buy that :)
01:37:59 <adam3us> maaku: free eh? thats pretty good
01:38:31 <maaku> well for the lowest level of verification ... as if verification actually meant anything
01:39:25 <maaku> unfortunately they require verification if your domain gets flagged as high-risk (e.g. monetize.io :( )
01:39:34 <andytoshi> lowest level is fine, at least people can't read your traffic with tcpdump..
01:39:38 <maaku> but even then, it's still the cheapest
01:39:40 <adam3us> maaku: yeah thats a new one to me, used to be like $7 - $10 cheapest
01:41:58 <gmaxwell> andytoshi: so wrt output values.  Maybe instead of just the most popular output, when there is more than one output with exactly equal values, you list all of them.  E.g. If you have 10.1 1 5.3133  you list 1 (roundest most popular output),   and if later you have 10.1 10.1 1 5.3133 you list 10.1.  and if later you have 10.1 10.1 1 1 2 2 5.3133  you list 10.1, 1, 2.  It makes the txn more identifyable but you'd almost certantly learn ...
01:42:04 <gmaxwell> ... the same stuff by just continually polling the most popular output as it changes.
01:53:26 <gmaxwell> andytoshi: I got
01:53:31 <gmaxwell> Your signed submission.
01:53:31 <gmaxwell> Success! If all signatures arrive, the transaction will be broadcast at the start of the next session. Thanks!
01:53:34 <gmaxwell> Your unsigned submission.
01:53:37 <gmaxwell> Thanks for submitting an unsigned transaction.
01:53:39 <gmaxwell> Sorry, this session was not found.
01:53:42 <gmaxwell> Thanks for helping bitcoin's privacy.
01:53:43 <gmaxwell> andytoshi: also, you should do something visually drastic when its ready to sign
01:53:50 <gmaxwell> andytoshi: like change the page background to blue.
01:54:36 <gmaxwell> I'm also now getting at the front index:
01:54:38 <gmaxwell> The current session is open for -1387158864 more seconds. There are currently 0 transactions in the pot. Note that if there are less than two transactions in the pot at the end of the session, this session will be invalidated.
01:54:46 <gmaxwell> and a constant rescroll to the top of the page. :P
01:54:59 <gmaxwell> heh
01:55:00 <gmaxwell> The way it works is as follows: every -1387158602 seconds, a new session opens. During each session, users submit transactions to be joined, and recieve a URL specific to that session.
01:55:26 <michagogo|cloud> gmaxwell: You're nullc, right?
01:57:43 <andytoshi> gmaxwell: sorry, this is a bad time for you to test :)
01:58:21 <andytoshi> it should be right in half an hour or so...
01:58:55 <andytoshi> when i changed the cronjob to run every minute, i broke the session management pretty badly
01:59:01 <typex> what are you working on andytoshi?
02:03:00 <andytoshi> typex: i am writing a web interface to handle coinjoining via rawtransactions
02:03:15 <typex> coo
02:03:16 <typex> cool
02:04:28 <andytoshi> :q
02:06:22 <gmaxwell> michagogo|cloud: yes
02:06:46 <typex> andytoshi, I'll gladly help to test if you want
02:07:29 <gmaxwell> typex: right now his service is running on testnet, so if you're not running testnet— get it running. :)
02:07:41 <gmaxwell> andytoshi: oh I don't mind, I'm just testing it periodically.
02:08:20 <gmaxwell> andytoshi: In my mind the deal is I keep testing it and don't mind that it doesn't work, and you— in return— don't mind that I keep reporting things for you to fix. :)
02:08:22 <typex> sure
02:08:36 <typex> hehe
02:10:07 <andytoshi> thx a ton for your time and suggestions, gmaxwell
02:10:13 <andytoshi> typex: yeah, that'd be great
02:10:15 <andytoshi> http://testing.wpsoftware.net/coinjoin/
02:10:51 <gmaxwell> andytoshi: no problem, this sort of thing fits the time I actually have available, stolen moments as I get blocked (or wait for a compute job) on other projects I'm working on.
02:11:16 <typex> bitcoin-qt shouldn't get messed up in any way if I switch it to testnet right?
02:15:11 <michagogo|cloud> nope
02:15:12 <gmaxwell> typex: nah, perfectly fine to switch (or run both at once, in fact)
02:15:24 <michagogo|cloud> You can even run test and mainne-
02:15:37 <typex> great
02:15:43 <michagogo|cloud> what gmaxwell said
02:16:55 <gmaxwell> I run both at once— every once in a while I run the wrong one and I'm very confused.
02:17:06 <gmaxwell> "whooo! solo block!" ... "aww"
02:17:12 <typex> :-)
02:19:06 <michagogo|cloud> heh
02:30:17 <michagogo|cloud> andytoshi: getting a Failure: output value not equal to input value. Check the section on Donations and Fees below.
02:30:26 <michagogo|cloud> But as far as I can tell, inputs and outputs are equal
02:30:53 <andytoshi> can you msg me the raw transaction?
02:31:01 <michagogo|cloud> http://pastebin.com/4QNDyyqR
02:34:02 <andytoshi> sigh, effing php..
02:34:16 <michagogo|cloud> Heh, overflowing the input field?
02:34:26 <andytoshi> nope, just saying 24.45 != 24.25
02:34:41 <michagogo|cloud> Well, that's true
02:34:46 <andytoshi> to be fair, this is probably not php's fault..
02:34:50 <michagogo|cloud> But in this case, 24.45 == 24.45
02:34:53 <andytoshi> lol, i meant 25.45 == 25.45
02:35:25 <michagogo|cloud> Ruby calculates the total of the outputs as 25.450000000000095...
02:35:31 <michagogo|cloud> stupid floating points
02:35:52 <andytoshi> i guess, i'll put a 'within 1 satoshi' check and that should do it
02:36:03 <michagogo|cloud> heh
02:36:04 <andytoshi> can i get bitcoind to send me satoshis instead of floating-point numbers?
02:36:15 <michagogo|cloud> It actually sends you decimals
02:36:29 <michagogo|cloud> :-P
02:36:32 <andytoshi> :)
02:36:55 <michagogo|cloud> You just need to get php to not treat it as a float
02:37:00 <michagogo|cloud> (if that's possible...)
02:37:03 <andytoshi> cool, it accepted your transaction
02:37:05 <andytoshi> http://testing.wpsoftware.net/coinjoin/sign.php?session=cba2c4be86cdda9f6828baa4294dbff5e04d09413e6b15252d986679be6d1399
02:37:10 <andytoshi> i highly doubt it's possible
02:37:41 <michagogo|cloud> In Ruby, I might try multiplying by 100000000 and calling to_i
02:38:22 <andytoshi> yeah, i could do that actually
02:38:51 <michagogo|cloud> (if the inaccuracy is sub-satoshi)
02:40:12 <andytoshi> ok, so if you are idling on the link i sent you, in about 6 mins we should both hear a ding, which means that we can sign
02:41:03 <michagogo|cloud> BTW, probably you should include the fee/donation address on the sign page
02:41:40 <michagogo|cloud> Aww, you require a confirmation on inputs?
02:41:42 <michagogo|cloud> :-/
02:42:12 <andytoshi> yeah, sorry
02:42:18 <michagogo|cloud> At least it didn't kick me back to the front page on a failed transaction
02:42:29 <andytoshi> yeah, i fixed that..very very annoying
02:42:47 <michagogo|cloud> Oops
02:42:58 <michagogo|cloud> Accidentally just sent 0.05 BTC to the fee/donation address
02:43:02 <andytoshi> the one-conf thing is to prevent double-spends, and it's kinda an antidos
02:43:17 <andytoshi> with sendtoaddress?
02:43:20 <michagogo|cloud> Nah
02:43:43 <michagogo|cloud> By signing and sending 0100000001a1188d6860b79fcd97d87d488cd8c86dbdd99c1139490f98cef42ffd939bd4a80100000000ffffffff0280fe210a000000001976a91443dc321b6600511fe0a96a97c2593a90542974d688ac404b4c00000000001976a9140332073851cbdfd5b4e6a18891963ea0c546d74688ac00000000
02:43:52 <andytoshi> ah
02:43:55 <andytoshi> damn
02:44:08 <michagogo|cloud> (that was the unconfirmed transaction I was trying to spend into the pool, sending most of the tBTC back to the faucet)
02:44:16 <andytoshi> maybe i can use vanitygen to get the privkey :P
02:44:35 <michagogo|cloud> Sure, as soon as you harness all the energy in the entire universe
02:44:39 <michagogo|cloud> times about a million?
02:44:52 <michagogo|cloud> (disclaimer: that last number is made up)
02:45:13 <michagogo|cloud> By the way, why do you start the timer on a session while it has 0 inputs?
02:45:34 <michagogo|cloud> You could just have it idle, and leave the session open for 20 mins or whatever from the first input
02:47:51 <andytoshi> i could, i might do that
02:48:58 <andytoshi> so, if you refresh your page we can sign now
02:49:19 <andytoshi> the ding didn't come, the timer went into negative territory and then it autorefreshed while perl had the database locked
13:43:29 <leguin.freenode.net> topic is: Bitcoin research, hardfork wishlist, ideas for the future - see also: https://en.bitcoin.it/wiki/Hardfork_Wishlist https://en.bitcoin.it/wiki/User:Gmaxwell/alt_ideas
13:43:29 <leguin.freenode.net> Users on #bitcoin-wizards: andytoshi-logbot COGSMITH adam3us b3rza _ingsoc warren Graet jtimon nOgAnOo iddo Baz_ Emcy ghtdak eclark425 K1773R firepacket nsh Muis hnz spinza andytoshi edulix tucenaber gribble CodeShark jrmithdobbs Krellan Luke-Jr trn midnightmagic Fistful_of_AFK epscy Mikalv helo phantomcircuit maaku amiller jarpiain kinlo typex gmaxwell realazthat lianj cfields azariah4 UukGoblin deepc0re_ nanotube BlueMatt michagogo|cloud Ryan52 HM2 wumpus
13:43:29 <leguin.freenode.net> Users on #bitcoin-wizards: petertodd harrow hno EasyAt pigeons
13:45:21 <nOgAnOo> * nOgAnOo hugs andy <3
13:57:40 <andytoshi> nOgAnOo: http://download.wpsoftware.net/bitcoin/wizards/
13:57:47 <andytoshi> i should probably have the logbot announce that url..
13:57:53 <nOgAnOo> Thank you, kind sir
13:58:01 <nOgAnOo> I love logs.
14:11:38 <michagogo|cloud> andytoshi: Note that freenode policy is that public logs of a channel need to be authorized by channel operators, and all users need to be made aware (the suggested method is a note in the topic)
14:12:32 <michagogo|cloud> (chanserv says that the only op in here is mindspillage... no idea who that is)
14:16:00 <michagogo|cloud> Google (and NickServ's listing of the cloak on the account) suggests it's someone named Kat Walsh, a former chair of the Wikimedia Foundation and attorney for Creative Commons
14:17:20 <michagogo|cloud> Still no idea who this person is and why she registered this channel...
14:18:48 <pigeons> michagogo|cloud: someone in this channel is very close to her
14:19:32 <pigeons> i've seen him use her irc account, as can sometimes happen when you share machines with someone
14:19:42 <michagogo|cloud> Ahhhhhh
14:19:55 <michagogo|cloud> A google search for (mindspillage OR "kat walsh") bitcoin
14:20:04 <michagogo|cloud> turns up http://bitcoinstats.com/irc/bitcoin-dev/logs/2012/03/03
14:20:15 <michagogo|cloud> Hi Greg :-)
14:20:48 <michagogo|cloud> Gregory Maxwell (greg@wikimedia/KatWalsh/x-0001) is authed as mindspillage
14:21:02 <michagogo|cloud> They share a NickServ account? o_O
14:23:35 <michagogo|cloud> ;;later tell gmaxwell I noticed http://en.wikipedia.org/wiki/User:Gmaxwell has an outdated version of your pgp key... missing 2 UIDs, 2 subkeys, and 158 signatures
14:23:35 <gribble> The operation succeeded.