<xcthulhu>
Let’s see if he’s gonna eat his own horseshit, shall we?
<gmaxwell>
offtopic here.
kmels has quit [Ping timeout: 256 seconds]
belcher has quit [Quit: Leaving]
<xcthulhu>
(sorry)
sy5error has joined #bitcoin-wizards
joecool has quit [Ping timeout: 265 seconds]
bosnia is now known as bosma
jae has joined #bitcoin-wizards
jae is now known as Guest70975
Guest70975 has quit [Remote host closed the connection]
Starduster_ has joined #bitcoin-wizards
Starduster_ has quit [Max SendQ exceeded]
mpmcsweeney has quit []
Starduster_ has joined #bitcoin-wizards
Starduster has quit [Ping timeout: 258 seconds]
p15x_ has quit [Max SendQ exceeded]
p15x has joined #bitcoin-wizards
eudoxia has quit [Quit: Leaving]
spinza has quit [Excess Flood]
rustyn has quit [Ping timeout: 246 seconds]
Sub|afk has joined #bitcoin-wizards
spinza has joined #bitcoin-wizards
SubCreative has quit [Ping timeout: 265 seconds]
rustyn has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 246 seconds]
dc17523be3 has joined #bitcoin-wizards
p15x has quit [Max SendQ exceeded]
p15x has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
jae has joined #bitcoin-wizards
jae is now known as Guest68086
NewLiberty has joined #bitcoin-wizards
Guest68086 has quit [Remote host closed the connection]
NewLiberty has quit [Ping timeout: 276 seconds]
Dr-G has joined #bitcoin-wizards
Dr-G has joined #bitcoin-wizards
chmod755 has quit [Quit: Leaving]
c0rw1n is now known as c0rw|zZz
<www>
hi
<www>
is there a good way to publish extended public keys on the blockchain?
Dr-G2 has quit [Ping timeout: 264 seconds]
<sipa>
why would you do such a thing?
prodatalab has quit [Ping timeout: 265 seconds]
<www>
hi sipa :)
<www>
to let people generate stealth addresses or other derived addresses from your main address
<sipa>
that's utterly pointless if you publish the extended address
<www>
why?
<www>
how would you do it?
<sipa>
the point against address reuse is because it reduces your privacy
<sipa>
if you *publish* your extended address you've now given a way to the world to detect all related addresses
<www>
stealth addresses increase your privacy?
<sipa>
stealth addresses != extended addresses
<www>
you definetly can have stealth with extendet keys
<www>
which stealth do you mean?
<www>
furthermore there are good usecases where you want to have a proven record of transactions. don't assume that always everything has to be private. but this is not related to stealth ;)
sipa has left #bitcoin-wizards [#bitcoin-wizards]
<www>
lol
<www>
why is everybody here so arrogant?
<gmaxwell>
www: What you're saying doesn't seem to make a lot of sense. You say it would be more private, but sipa points out that if you publish an extended public key then its not private at all.
<amiller>
www, not arrogant, just with scarce attention
<gmaxwell>
You had to give the payer the address some way, use that channel, give them the extended public key. Tada; and then thats also private if thats something you care about. The blockchain is not a message bus.
<www>
maybe you are talking about a different way to do stealth?
<www>
what if you can't establish a channel?
<www>
because you are async?
<gmaxwell>
www: you still have to give someone the address in the first place; there _must_ be communication otherwise they don't know anything at all.
<gmaxwell>
www: well you asked about a specific thing-- giving someone an extended public key.
<gmaxwell>
maybe you meant something else? regardless. If you need a communication channel you need a communication channel, the blockchain isn't good for that (though it can be abused that way)
licnep has quit [Quit: Connection closed for inactivity]
<www>
yes, I think to have the extended pubkey on chain is very reasonable and useful when you want to have certain types of stealth payments and to avoid address reuse
<gmaxwell>
www: if the extended public key is public then everyone knowns all the addresses, its completely non-private.
<www>
you just need to publish it once somewhere linked to yoru identity
<www>
it's optional. public OR private/stealth
<gmaxwell>
www: great, and you can include the extended public key there, and when they check that they'll have the whole thing! tada done! and no need to put it in a perpetual public database where it will be visible to the whole world.
<www>
of course you do not generate the stealth addresses the 'HD' way
<www>
then of course they would be public (which is still sometimes wanted)
<gmaxwell>
Then why the heck are you asking about an extended public key?!
<gmaxwell>
www: if you put the extended pubkey in the blockchain there would be no privacy because anyone else could go and derrive the same addresses. As you note, if you're already depending on publishing your address someplace linked to your identity, you can put the extended key _there_. Why do you not just put it there, and kill two birds with one stone.
<www>
again and again: because you can have stealth addresses with it. don't get how?
<gmaxwell>
www: so clarifying, what your'e asking about is not an extended public key, but a "stealth address". Okay, now that makes a little more sense.
<gmaxwell>
But I have still not gathered why you are not happy with the point that when you check the publication-linked-to-your-identity that can't just encode the stealth address, saving you the extra publication step?
<www>
because there is also a good censorship-free way to put other information... like a name to your address. even if you tell me not to do so
<www>
you can't call somebody and tell them that you are 1xyca;sdhfalsjdfh&*y9rf
<www>
usability is terrible
<gmaxwell>
the Bitcoin network is very much not censorship free.
<gmaxwell>
(alas)
<phantomcircuit>
or is at least much less so than other channels
<gmaxwell>
okay so what you are really looking for is something like namecoin then?
<www>
if the bitcoin network is not, then nothing is?
<gmaxwell>
e.g. something to attach unique human friendly names to keying material?
<www>
no, it is way more simple than namecoin
<gmaxwell>
namecoin is super simple.
<www>
it is called bitcoin
<www>
no need to use another network if you just want to have names with optional stealth payments for bitcoin
<gmaxwell>
www: in the bitcoin network today your transactions can be freely surpressed by the decision of ~3-4 parties, at no cost to themselves; the main defense against that is being indistinguishable. (and hope that they don't target you)
<www>
so bitcoin is broken?
<gmaxwell>
www: I wasn't suggesting using namecoin, I'm trying to decode what you're actually trying to accomplish because it is unclear.
<www>
maybe we need a well defined bitcoin dictionary
<gmaxwell>
Extended public key is a well defined term, but I don't care what you call things so long as I can figure out what you mean.
<gmaxwell>
I think I've figured out what fork of what you're asking for there. But now, this last part sounds like you're looking for a key value database.
<gmaxwell>
Preumably you'd want it to be efficiently and securely queryable?
<www>
would be best, yes
<gmaxwell>
(otherwise, ... why not just have whatever centeralized services most people would trust to query it keep a list! :) )
sparetire_ has quit [Ping timeout: 250 seconds]
<www>
back to something you said: if 4-5 entities control bitcoin as yous aid, why don't they block e.g. the silkroad coins?
<gmaxwell>
www: okay, well there currently isn't a way to do that in bitcoin even if you look aside at the misuse of the system to store key/value data. The challenge is in making it securely queryable. It's not fundimentally hard to do this, but it requires additional commitments that bitcoin doesn't have.
mkarrer has quit [Remote host closed the connection]
<www>
just run a full node if you want highest security
<www>
no?
<www>
otherwise trust friends who run a full node
<www>
and so on...
<gmaxwell>
www: Perhaps but the overwhelming vast vast majority of users don't do that--- and the trends are in the opposit direction (esp with talk of increased load on the system); so IMO something that doesn't have security at all except for full nodes seems like a waste... just pretextual security. E.g. if most users are just going to trust bc.i why saddle everyone else with more load?
<www>
trends are pointing in a bad direction for bitcoin, indeed
<www>
when you download your full node client you trust again somebody that the right genesis hash is hardcoded, right?
<www>
so fundamentally you always need to trust somebody initially
<www>
if you can diversify trust (multiple friends) then security increases
<gmaxwell>
www: thats not the case. I mean if the wrong one is hardcoded you'll notice that you're rejecting the longest chain.
<gmaxwell>
www: in any case, so there you're imaging some kind of friend network. OKAY, but if you have the friend network, why isn't it just answering your queries?
<www>
would you also check the magic byte and port number and difficulty?
<www>
probably you would
<www>
but most people don't... again
p15x has quit [Max SendQ exceeded]
<gmaxwell>
www: you could, if you liked. Come you must admit thats not really much of a plausable attack. Where lots of people trust websites which can just start giving false information at any time, due to hacks or bugs or because the operators were evil all along. While in the software case, there is one chance for it to be busted, and that much is auditable and detectable, and we use a public signing
<gmaxwell>
process to make sure you're not being given a bad version just for you.
<gmaxwell>
In any case, if you think its fine for people to just trust some popular website (or a few), okay, thats not a totally irrational position. For some applications it is. But then why the blockchain pretext?
p15x has joined #bitcoin-wizards
xcthulhu has quit [Quit: xcthulhu]
<www>
why not just a friend network? because I actually just want to send coins to names with a high-enough security in a convenient way. nothing is perfectly secure. but IMO it would be an improvement
<www>
forget websites
<www>
i never talked about websites
<www>
hmm
<gmaxwell>
But in your example you claimed that you didn't care if it could be efficiently securely queried because you could ask friends, ... in that case you're trusting the friends, so why not just do that?
<www>
the attack could be done. several factors improve the security of bitcoin. it is not just one thing.
<gmaxwell>
www: do any of your friends (e.g. people you already know offline?) run bitcoin full nodes today?
<www>
yes
wallet421 has joined #bitcoin-wizards
wallet42 is now known as Guest88920
wallet421 has joined #bitcoin-wizards
Guest88920 has quit [Killed (holmes.freenode.net (Nickname regained by services))]
<www>
but with friends I mean several generally trusted entities.
adam3us has quit [Quit: Leaving.]
<gmaxwell>
I find that a little unlikely.
<gmaxwell>
okay then.
<www>
e.g. you download a wallet. you generally trust the wallet developer
<gmaxwell>
in any case, ... if you are happy with security reducing to a "generally trusted entity" then why not have the entity keep the database? at that point your security is much better, e.g. it can be guarenteed instant update and reorg free (assuming the honesty of the 'generally trusted entitys' holds), and their behavior could be completely auditable.
<www>
a lot of companies values is based on reputation. even if one of them becomes evil or just gets hacked, then it would be good ot have alternativesj to check against. aways. diversify
<gmaxwell>
and just as a minor bonus you wouldn't be subjecting yourself to the censorship of both the generally trusted entity _and_ some small number of miners, but only the former.
<gmaxwell>
www: true, but a collection of companies can keep a database without using bitcoin.
<www>
because it is not good to trust just one entity?
<gmaxwell>
see above
<www>
but it is not open?
<kanzure>
there are many open-source database implementations
<gmaxwell>
and because of query efficiency you still are trusting one entity in that example.
<www>
it is not about open source but about open access (censorship free)
<kanzure>
yeah they can do that
<kanzure>
but "censorship free" does not mean what you think it means
<www>
kanzure: give me the dictionary please
<gmaxwell>
www: again, if you're accessing via trusted entities x,y,z then any condition under which they could censor a database they ran they could also censor the queries they ran for you. Plus on the bittcoin case you get extra censorship from miners and potentially node operators that don't appricate you using their _currency_ as a rolodex. :)
<kanzure>
well you're in a cryptography channel, so censorship resistance here is completely unrelated to whether something is open or closed access
<www>
it has some similarities kanzure
<kanzure>
nope
<www>
gmaxwell: you say the miners own bitcoin?
<www>
in my eyes the miners do rather stupid calculations
<www>
and follow what the cool people (maybe you) say
<kanzure>
why are you in charge of deciding who is cool
<kanzure>
that doesn't make sense
<www>
i don't do this
<kanzure>
i think that you will find that nobody said that the miners own bitcoin
<www>
if your assessment is right, gmaxwell, then bitcoin seems broken to me, because the miners (handful entities) have too much power
ThomasV has joined #bitcoin-wizards
<kanzure>
well it's also possible that the design is achieving something other than what you had considered
<www>
i remember satoshi writing about 'one-cpu-one-vote'
<kanzure>
that was one of the things he was wrong about
<kanzure>
byzantine sybil resistance is incompatible with counting cpus
<www>
but with counting asics it is?
<www>
I also remember somebody quoting gavin "in the long run bitcoin will not be secured by PoW"... any development in this direction?
<kanzure>
you also can't count asics because they have no identity
<kanzure>
and identity is spoofable. that's what sybil resistance protects against.
<www>
good point
<www>
but you see that the initial design goals also evolve over time
<kanzure>
if you say so
<www>
are you a miner?
<www>
operator?
<kanzure>
i have been known to flip a few bytes
joecool has joined #bitcoin-wizards
<www>
so let me sum it up: there is no good way to add extended* public keys to the blockchain. bitcoin is controlled by a handful of people. and maybe: trusting identities is bad but trusting computational power is a good thing.
<www>
i am not convinced ;)
<kanzure>
"there is a specific design to bitcoin that makes some ideas workable and others not"
SubCreative has joined #bitcoin-wizards
Sub|afk has quit [Ping timeout: 252 seconds]
p15_ has quit [Max SendQ exceeded]
p15 has joined #bitcoin-wizards
<gmaxwell>
The hashpower distribution is currently busted. There are reasons to think things will improve. The bustedness is less concerning when the use is less trusting / less censorable (or could easily become much harder to censor); when you talk about something like a key value store, these current issues may be much more relevant.
adlai has quit [Ping timeout: 252 seconds]
<gmaxwell>
I didn't say that 'trusting identities' is bad, it is what it is. But if you're going to trust parties to run a query server for you; why not trust them to just keep the database too; and then you remove a whole host of failure modes, and are just left with the trust related one.
<gmaxwell>
since you can't do an efficient secure lookup against bitcoin, you assume some trusted servers (or at least some threshold like the majority is honest) OKAY; there are cases where thats totally reasonable. So why not stop there and use that rather than adding additional weaknesses and costs? thats all I was pointing out.
[7] has quit [Disconnected by services]
TheSeven has joined #bitcoin-wizards
xcthulhu has joined #bitcoin-wizards
<www>
thanks for your feedback, gmaxwell. I get what you say. the reason why to have the data on-chain is to have a open API where you don't need to ask for permission to use it. the trusted parties simply proxy you the results but ideally you interact directly with the blockchain. at least there is the option.
<www>
of course this is flawed when transactions get blocked by some miners.
<gmaxwell>
It's important to avoid decenteralization-theater though. E.g. if looking up names securely requires at 300 GByte download, whos going to do that? I say its important to avoid, because if we pretend something has all these fantastic security properties that it doesn't have in practice, then we're setting people up for a massive falure. Sort of the mess we've arrived at with the web CA system.
<gmaxwell>
e.g. under some theory of operation the SSL/CA model could be quite nice, in the end the security it provides is very thin (e.g. anyone who can MITM your webserver towards the internet can get a cert as you) because of how its praticaly deployed and used.
<www>
well... everybody who wants to become a trusted party for his friends/customers can easily download 300 GB. in case you bootstrap your chain via a torrent, this could be way less, right? the important thing is that entities can freely access the complete data for themselves or for others and that they can also disappear and be replaced by others (in case they become unreliable or loose reputation for a reason). yes, it is a layer on top of t
<www>
hmm blockchain size is just 35 GB? also a super cool sidechain could be made for this, no? :D
sparetire_ has joined #bitcoin-wizards
<gmaxwell>
right now, though the rules of the network let it grow 52gb/yr currently; and there is a proposal to increase that to 1TB/yr.
<gmaxwell>
www: there are lots of ways to accomplish it in a parallel network sure, dunno that a sidechain would be super applicable though.
<www>
1TB/yr is worst case, though. in 10 years 1 TB/year will also not really matter maybe. And is not one of the points to have sidechains that you don't need to be a full node for all the network but that you can be just a "full" node for your sidechain?
Giszmo has quit [Ping timeout: 256 seconds]
<www>
can't the nodes of sidechains be teached to validate OP_RETURN data in a arbitrary way?
<gmaxwell>
www: well it wouldn't be OP_RETURN... it would just be transaction data. ... but no thats not my point. If your system is just a database of X there is may be no reason to involve a cryptocurrency in it.
xcthulhu has quit [Quit: xcthulhu]
<gmaxwell>
Surprise: there are other kinds of distributed database than blockchains!
<www>
if a currency comes for free, why not use it for having a fee structure?
<www>
...to avoid spam e.g.
<www>
seems useful
<gmaxwell>
True, though antispam can be done without the complexity of a two-way peg. E.g. by proof of solvency, or by hashcash, etc. lots of options.
b_lumenkraft has joined #bitcoin-wizards
<www>
if hope you are working on abstracting the complexity of a two way peg ;)
<www>
by the way, when will it be ready?
<www>
on mainnet
<gmaxwell>
"When its ready" :)
Giszmo has joined #bitcoin-wizards
<www>
and... how long will the debate be on whether or not sidechains need to be introduced? just looking at the current blocksize debate. such a super simple thing takes so much resources.
<www>
was there a debate when the blocksize limit got introduced? was there a debate when the OP_RETURN size got halved? don't know
<gmaxwell>
The blocksize stuff is a hard fork; it basically takes the rules of bitcoin and rewrites them to be against the current rules, everyone has to change, everyone is impacted.
<gmaxwell>
op_return stuff is just node policy not a consensus rules of the system at all.
<gmaxwell>
The 2wp stuff merely requires script enhancements, in fact I'm reasonably confident that it was actually possible (though a bit ugly) with bitcoin script before opcodes were disabled.
<gmaxwell>
In any case, soft-forks; while also not trivial are much easier.
<www>
sounds good
<gmaxwell>
since, so long as they don't restrict tx patterns people are already using-- you're mostly free to not use them.
<www>
but the nodes/miners need to understand that the new transactions are valid, otherwise they will reject them?
<gmaxwell>
no, a soft fork only restricts the space of valid transactions. it takes a transaction that the old network sees like "anyone can spend" and restricts it to "can spend according to these rules"
<gmaxwell>
it's like subtractivel carving a new feature out of marble.
<www>
could altcoins become sidechains of bitcoin?
<www>
migrate....
<www>
WITH their own PoW?
<gmaxwell>
well the whole thing about bitcoin sidechains is that they're backed by bitcoin, the bitcoin has to come from somewhere. And yes, a sidechain can have its own POW, at least so long as the chain its aside knows how to verify that POW if the spv-2wp is used.
ThomasV has quit [Ping timeout: 252 seconds]
<www>
but altcoins could become 'assets' on a bitcoin sidechain then...?
<www>
so you would pay just the tx fee with bitcoin
<gmaxwell>
I'm not sure why you'd want to do that, but sure.
<www>
back to the soft fork: what if half of the network plays according to the old rules "anyone can spend" and the other half restricts spending to the new rules. who is right?
<gmaxwell>
hashpower majority; which is why soft-forks don't activate until picked up by a supermajority of hashpower. http://bitcoin.sipa.be/ver-ever.png shows the process for two softforks.
<www>
could not the same be done with the blocksize issue (hardforks)?
<www>
a fork is a fork
<www>
i like the idea of having multiple with each other interacting blockchains with different PoW. would add security in my eyes.
wallet42 has quit [Ping timeout: 276 seconds]
p15x has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
xcthulhu has joined #bitcoin-wizards
<www>
soft fork = fork on transcation level. hard fork = fork on block level (?) - both to be avoided in every case
<phantomcircuit>
www, soft fork is when the change is backwards compatible
<phantomcircuit>
ie rejecting transactions which the older versions accept is backwards compatible so long as the majority of mining power follows those new rules
wallet42 has joined #bitcoin-wizards
<phantomcircuit>
a hard fork is a change which older versions reject
<phantomcircuit>
"you're being too logical" -cypherdoc
<phantomcircuit>
that is pure comedy gold
<gmaxwell>
phantomcircuit: perhaps but not really ontopic here!
mjerr has joined #bitcoin-wizards
p15x has joined #bitcoin-wizards
Relos has quit [Ping timeout: 264 seconds]
ThomasV has quit [Ping timeout: 272 seconds]
Giszmo has quit [Quit: Leaving.]
Mably has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 252 seconds]
OneFixt has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
dc17523be3 has joined #bitcoin-wizards
kmels has quit [Ping timeout: 258 seconds]
gill3s has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 252 seconds]
dc17523be3 has joined #bitcoin-wizards
fanquake has quit [Ping timeout: 256 seconds]
sy5error has quit [Remote host closed the connection]
ThomasV has joined #bitcoin-wizards
wizkid057 has quit [Disconnected by services]
wizkid057 has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 272 seconds]
pollux-bts has quit [Quit: Connection closed for inactivity]
droidr has joined #bitcoin-wizards
dc17523be3 has joined #bitcoin-wizards
wallet42 has quit [Ping timeout: 264 seconds]
mjerr has quit [Ping timeout: 252 seconds]
dc17523be3 has quit [Ping timeout: 244 seconds]
dc17523be3 has joined #bitcoin-wizards
wallet421 has joined #bitcoin-wizards
wallet421 has joined #bitcoin-wizards
wallet421 is now known as wallet42
MoALTz has quit [Read error: Connection reset by peer]
MoALTz has joined #bitcoin-wizards
ThomasV has quit [Quit: Quitte]
spinza has quit [Excess Flood]
spinza has joined #bitcoin-wizards
rustyn_ has joined #bitcoin-wizards
rustyn has quit [Ping timeout: 255 seconds]
b_lumenkraft has quit [Quit: b_lumenkraft]
bedeho has joined #bitcoin-wizards
GAit has quit [Remote host closed the connection]
ThomasV has joined #bitcoin-wizards
priidu has quit [Ping timeout: 245 seconds]
priidu has joined #bitcoin-wizards
hktud0 has quit [Read error: Connection reset by peer]
hktud0 has joined #bitcoin-wizards
priidu has quit [Ping timeout: 264 seconds]
b_lumenkraft has joined #bitcoin-wizards
Relos has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
frankenmint has left #bitcoin-wizards [#bitcoin-wizards]
Quanttek has joined #bitcoin-wizards
rht__ has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 244 seconds]
dc17523be3 has joined #bitcoin-wizards
wallet421 has joined #bitcoin-wizards
wallet421 has joined #bitcoin-wizards
wallet42 is now known as Guest80435
Guest80435 has quit [Killed (hobana.freenode.net (Nickname regained by services))]
antanst has joined #bitcoin-wizards
bliljerk101 has quit [Ping timeout: 244 seconds]
AaronvanW has joined #bitcoin-wizards
wallet42 has quit [Quit: Leaving.]
andy-logbot has quit [Remote host closed the connection]
andy-logbot has joined #bitcoin-wizards
* andy-logbot
is logging
dc17523be3 has quit [Ping timeout: 265 seconds]
dc17523be3 has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
rustyn_ is now known as rustyn
dEBRUYNE has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
p15x has quit [Max SendQ exceeded]
p15x has joined #bitcoin-wizards
fanquake has joined #bitcoin-wizards
p15x has quit [Max SendQ exceeded]
p15x has joined #bitcoin-wizards
Luke-Jr has quit [Ping timeout: 265 seconds]
hearn has joined #bitcoin-wizards
gnusha has quit [Ping timeout: 252 seconds]
AaronvanW has quit [Ping timeout: 252 seconds]
zmachine has quit [Ping timeout: 256 seconds]
gmaxwell has quit [Ping timeout: 252 seconds]
gmaxwell has joined #bitcoin-wizards
gmaxwell is now known as Guest2862
zmachine has joined #bitcoin-wizards
gnusha has joined #bitcoin-wizards
airbreather has joined #bitcoin-wizards
hearn has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
bliljerk101 has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
MrTratta has joined #bitcoin-wizards
droidr has quit [Ping timeout: 258 seconds]
shen_noe has quit [Quit: Leaving]
darwin_ has joined #bitcoin-wizards
ThomasV has quit [Quit: Quitte]
b_lumenkraft has quit [Quit: b_lumenkraft]
b_lumenkraft has joined #bitcoin-wizards
damethos has joined #bitcoin-wizards
fanquake has quit [Quit: Leaving.]
dc17523be3 has quit [Ping timeout: 256 seconds]
rht__ has quit [Quit: Connection closed for inactivity]
dc17523be3 has joined #bitcoin-wizards
fanquake has joined #bitcoin-wizards
AaronvanW has quit [Remote host closed the connection]
Populus has joined #bitcoin-wizards
Populus has joined #bitcoin-wizards
sparetire_ has quit [Quit: sparetire_]
jtimon has quit [Ping timeout: 258 seconds]
Populus has quit [Ping timeout: 265 seconds]
dc17523be3 has quit [Ping timeout: 276 seconds]
dc17523be3 has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
zmachine has quit [Ping timeout: 252 seconds]
zmachine has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
gill3s has quit [Read error: Connection reset by peer]
gill3s has joined #bitcoin-wizards
gielbier has quit [Ping timeout: 245 seconds]
fenn has quit [Ping timeout: 245 seconds]
b_lumenkraft has quit [Ping timeout: 264 seconds]
fenn has joined #bitcoin-wizards
kanzure has quit [Ping timeout: 245 seconds]
b_lumenkraft has joined #bitcoin-wizards
kanzure has joined #bitcoin-wizards
paveljanik has joined #bitcoin-wizards
gill3s has quit [Read error: Connection reset by peer]
gill3s has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 246 seconds]
damethos has quit [Remote host closed the connection]
dEBRUYNE has quit [Ping timeout: 244 seconds]
dc17523be3 has joined #bitcoin-wizards
CoinMuncher has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
gielbier has joined #bitcoin-wizards
wallet42 has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 264 seconds]
dc17523be3 has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
darwin_ has quit [Remote host closed the connection]
darwin_ has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 250 seconds]
darwin_ has quit [Remote host closed the connection]
NewLiberty has quit [Ping timeout: 276 seconds]
dc17523be3 has joined #bitcoin-wizards
darwin_ has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 250 seconds]
SDCDev has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 276 seconds]
dc17523be3 has joined #bitcoin-wizards
mjerr has joined #bitcoin-wizards
mkarrer has joined #bitcoin-wizards
face has joined #bitcoin-wizards
mjerr has quit [Remote host closed the connection]
mjerr has joined #bitcoin-wizards
hearn has joined #bitcoin-wizards
jtimon has quit [Read error: Connection reset by peer]
jtimon has joined #bitcoin-wizards
SDCDev has quit [Remote host closed the connection]
prodatalab has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 256 seconds]
SDCDev has joined #bitcoin-wizards
dc17523be3 has joined #bitcoin-wizards
dEBRUYNE has quit [Ping timeout: 255 seconds]
Mably has quit [Read error: Connection reset by peer]
Mably has joined #bitcoin-wizards
c0rw|zZz is now known as c0rw1n
jtimon has quit [Ping timeout: 252 seconds]
SDCDev has quit [Ping timeout: 252 seconds]
dc17523be3 has quit [Ping timeout: 256 seconds]
SDCDev has joined #bitcoin-wizards
dc17523be3 has joined #bitcoin-wizards
p15x has quit [Max SendQ exceeded]
p15x has joined #bitcoin-wizards
justanotheruser is now known as sunna
sunna is now known as justanotheruser
darwin_ has quit [Remote host closed the connection]
darwin_ has joined #bitcoin-wizards
sipa has joined #bitcoin-wizards
www has quit [Ping timeout: 256 seconds]
joecool has quit [Ping timeout: 265 seconds]
darwin_ has quit [Remote host closed the connection]
joecool has joined #bitcoin-wizards
darwin_ has joined #bitcoin-wizards
LeMiner has quit [Ping timeout: 246 seconds]
LeMiner has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 246 seconds]
ThomasV has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
arubi_ has quit [Ping timeout: 252 seconds]
hearn has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
eudoxia has joined #bitcoin-wizards
p15x_ has joined #bitcoin-wizards
p15_ has joined #bitcoin-wizards
p15x has quit [Ping timeout: 256 seconds]
p15 has quit [Ping timeout: 276 seconds]
dc17523be3 has quit [Ping timeout: 244 seconds]
dc17523be3 has joined #bitcoin-wizards
hashtag has quit [Read error: Connection reset by peer]
hashtag has joined #bitcoin-wizards
Burrito has joined #bitcoin-wizards
arubi_ has joined #bitcoin-wizards
Iriez has quit [Ping timeout: 244 seconds]
ThomasV has quit [Ping timeout: 252 seconds]
Iriez has joined #bitcoin-wizards
nemild has joined #bitcoin-wizards
SDCDev has quit [Ping timeout: 250 seconds]
Iriez has quit [Remote host closed the connection]
xcthulhu has joined #bitcoin-wizards
zooko has quit [Remote host closed the connection]
Iriez has joined #bitcoin-wizards
b_lumenkraft has quit [Quit: b_lumenkraft]
Guyver2 has joined #bitcoin-wizards
SDCDev has joined #bitcoin-wizards
dc17523be3 has quit [Ping timeout: 276 seconds]
spinza has quit [Excess Flood]
spinza has joined #bitcoin-wizards
b_lumenkraft has joined #bitcoin-wizards
rubensayshi has joined #bitcoin-wizards
airbreather has quit [Remote host closed the connection]
xcthulhu has quit [Quit: xcthulhu]
maraoz has joined #bitcoin-wizards
StephenM347 has joined #bitcoin-wizards
nubbins` has joined #bitcoin-wizards
nemild has quit [Quit: nemild]
nemild has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
Mably has quit [Ping timeout: 244 seconds]
Zooko-phone has joined #bitcoin-wizards
zookog-phone2 has joined #bitcoin-wizards
nemild has quit [Quit: nemild]
xcthulhu has joined #bitcoin-wizards
nemild has joined #bitcoin-wizards
zooko has quit [Ping timeout: 264 seconds]
Zooko-phone has quit [Ping timeout: 265 seconds]
darwin__ has joined #bitcoin-wizards
zooko-phone4 has joined #bitcoin-wizards
darwin_ has quit [Read error: Connection reset by peer]
zookog-phone2 has quit [Ping timeout: 255 seconds]
hearn has joined #bitcoin-wizards
antgreen has joined #bitcoin-wizards
dc17523be3 has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
zooko-phone4 has quit [Read error: Connection reset by peer]
jae has joined #bitcoin-wizards
jae is now known as Guest5208
AaronvanW_ has joined #bitcoin-wizards
AaronvanW has quit [Ping timeout: 246 seconds]
p15x_ has quit [Ping timeout: 255 seconds]
p15_ has quit [Ping timeout: 265 seconds]
p15 has joined #bitcoin-wizards
nemild has quit [Quit: nemild]
nemild has joined #bitcoin-wizards
Guest5208 has quit [Remote host closed the connection]
_biO_ has joined #bitcoin-wizards
maraoz has quit [Ping timeout: 245 seconds]
dEBRUYNE has joined #bitcoin-wizards
rht__ has joined #bitcoin-wizards
xcthulhu has quit [Quit: xcthulhu]
antanst has quit [Quit: Leaving.]
gill3s has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
shen_noe has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
<bramc>
There seems to be some grumbling about whether full nodes which can't accept incoming connections really count
Giszmo has joined #bitcoin-wizards
<bramc>
It would be possible to make them mostly count using uTP and the DHT
NewLiberty has quit [Read error: Connection reset by peer]
hearn has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
adlai has joined #bitcoin-wizards
<gavinandresen>
bramc : nifty idea. I've been saying for years I'd like to see more diversity in the network protocols that are used to relay bitcoin transactions/blocks
<gavinandresen>
... and doing that doesn't require any sort of fork at all...
<sipa>
bramc: define "make them count" ?
<bramc>
gavinandresen, uTP is basically a swap-in replacement for TCP. It wouldn't change things all that much except to make NAT traversal easier
<bramc>
sipa, Apparently the graph showing a huge drop in full node count *might* be caused by a change in methodology where they stopped counting nodes which can't accept incoming connections, which might be most of them
<sipa>
bramc: there are two ways in which full nodes "count", one is towards the network (which requires them to be reachable, have bandwidth, serve and relay blocks, ...), another is towards the decentralization of validation (which requires people to pay attention to what they're doing, using them to validate their transactions or connect other bitcoin software to it)
<bramc>
speaking of which someone asked me where that data came from and I have no idea. If anybody knows the original source I'll pass that info along.
<sipa>
bramc: of the first afaik, we have plenty
<sipa>
bramc: the second however is not measurable
<sipa>
bramc: more protocols in which nodes can talk to eachother are welcome, of course
hearn has joined #bitcoin-wizards
<bramc>
The other dumb question is, uh, does bitcoin core pull in miniupnp? That makes a big difference in how likely something is to be reachable.
<hearn>
yes it does
<nubbins`>
quick question
<nubbins`>
why do we pretend that there are less than 6,000 nodes when that's actually the number of nodes running 0.8.x or higher?
<bramc>
nubbins`, Do you have info about where these stats come from?
<nubbins`>
bramc bitnodes.com footer states explicitly
<nubbins`>
just wondering why nobody cares how many nodes there /actually/ are.
<nubbins`>
er bitnodes.io, whatever it is
<nubbins`>
"Bitnodes uses Bitcoin protocol version 70001 (i.e. >= /Satoshi:0.8.x/), so nodes running an older protocol version will be skipped"
<sipa>
my seeder counts around 4300 well-reachable one, a historically low number
<nubbins`>
sipa: you wanna see historically low numbers, check how many of the nodes in the hard-coded seed list are still alive :D
<nubbins`>
(for those of you playing at home: about a half-dozen)
<sipa>
nubbins`: that list is updated every year or so
<sipa>
and node IP mobility does not mean a decreasing number
frankenmint has joined #bitcoin-wizards
<nubbins`>
ah. maybe once a year is a bit long.
<nubbins`>
we're talking 1% of hard-coded nodes being reachable here
<hearn>
well, that's why there are dns seeds too
<hearn>
the hard coded list is meant as a kind of nuclear bomb shelter in case of some kind of big DoS attack/disaster
<wumpus>
yes, the hard-coded node list still needs to be updated for 0.11
<hearn>
but sure more frequent refreshes would be good
<nubbins`>
agreed, not much of a bomb shelter atm :)
SDCDev has quit [Ping timeout: 265 seconds]
adlai has quit [Ping timeout: 255 seconds]
AaronvanW_ has quit [Ping timeout: 246 seconds]
adlai has joined #bitcoin-wizards
Luke-Jr has joined #bitcoin-wizards
sy5error has joined #bitcoin-wizards
rubensayshi has quit [Remote host closed the connection]
face has quit [Ping timeout: 264 seconds]
priidu has quit [Ping timeout: 252 seconds]
n0n0 has joined #bitcoin-wizards
jposner has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
xcthulhu has joined #bitcoin-wizards
antgreen has quit [Ping timeout: 258 seconds]
CoinMuncher has quit [Quit: Leaving.]
goregrind has joined #bitcoin-wizards
BitcoinErrorLog has joined #bitcoin-wizards
badmofo has joined #bitcoin-wizards
darwin__ has quit [Remote host closed the connection]
darwin_ has joined #bitcoin-wizards
CoinMuncher has joined #bitcoin-wizards
<bramc>
nubbins`, I don't know the answer to your original question, but the answer is likely some combination of 'there are very few nodes that old and we didn't feel like supporting it' and 'nodes on that old of a protocol are so poor performing they're doing more harm than good'
<nubbins`>
bramc i'm not so sure those are the reasons, and i'd love to see the numbers on how many total nodes there are.
<sipa>
total nodes?
<sipa>
including spv nodes?
<sipa>
including unreachable nodes?
<sipa>
including versions that are not useful to new clients?
frankenmint has left #bitcoin-wizards [#bitcoin-wizards]
<nubbins`>
would you like some pedantry with your fries?
<hearn>
bramc: i think there is a min protocol version, no?
<nubbins`>
hearn, somewhere around 0.5.x
<nubbins`>
any earlier than that and you'll have problems
CoinMuncher has quit [Client Quit]
<nubbins`>
the cynical part of me thinks that ignoring pre-0.8.x nodes is part of a greater push for getting rid of nodes that don't want to play nicely with newer "features" being rolled out
<nubbins`>
but that's probably silly
<nubbins`>
after all, why would anyone want to use something like bitcoin to further their own personal objectives?
<BitcoinErrorLog>
probably not, thats likely to happen even as just apassive influence
<nubbins`>
hopefully i'll have popcorn handy when the block size thing gets pushed out
<nubbins`>
then we'll really see how many nodes there are, and what they're running :D
<bramc>
*if* the block size thing gets pushed out, then there *will* be a fork
<bramc>
And two competing blockchains which different peers are constantly arguing about which is the newer one
<bramc>
As a practical matter, peers will soon have to identify whether they're on the fork or not, to make the networks be physically distinct and stop them from DDOSing each other.
darwin_ has quit [Remote host closed the connection]
Mably has joined #bitcoin-wizards
<hearn>
no, old peers will ignore the >1mb chain completely and follow the pre-fork chain even if it's shorter
<nubbins`>
^
chmod755 has joined #bitcoin-wizards
darwin_ has joined #bitcoin-wizards
<nubbins`>
they'll also spin up a new node and send some coins out in a >1mb block to cover their bases.
<nubbins`>
should be fun
<hearn>
new peers would follow whatever the hardest valid chain is according to their new rules, which as those rules wouldn't kick in until a majority of miners supported them, should be the >1mb chain
badmofo has left #bitcoin-wizards ["Leaving"]
<nubbins`>
when was the last fork, anyone have the date or version # handy
<bramc>
nubbins`, There's never been a hard fork
* nubbins`
claps softly
<nubbins`>
an immeasurable number of people claim differently
antanst has joined #bitcoin-wizards
<bramc>
hearn, Old peers would continue to make progress on the <1mb chain, resulting in a literal fork of the two chains
<hearn>
old miners, yes
<nubbins`>
surely large mining operations are running the latest phoundation release ;p
<bramc>
nubbins`, I said 'hard' fork, there have been many 'soft' forks, which means extensions which older nodes would accept but not themselves create. To date, the current block chain would have been accepted by the very first version of bitcoin ever released.
<bramc>
hearn, Also new miners who think the >1mb block is bullshit
<nubbins`>
bramc you'd (maybe not) be surprised at how many people think, say, 0.8.0 was a hard fork.
<bramc>
nubbins`, There's also a difference between an incompatibility of the blockchain and an incompatibility of the peer protocol. I don't know if that second one has ever happened.
<BitcoinErrorLog>
wasnt 0.8.0 the almost-fork that had to be handled actively after the fact?
<bramc>
nubbins`, It's certainly the case that peer efficiency has been improved enough that an original codebase peer would be doing more harm than good in the current network even if it could talk to anything.
<hearn>
the soft vs hard fork distinction is deeply questionable. you really don't want "backwards compatibility" when auditing things
jae has joined #bitcoin-wizards
<BitcoinErrorLog>
:/
<bramc>
hearn, What?
jae is now known as Guest43254
<bramc>
BitcoinErrorLog, How so? (I'm honestly asking, I don't know what bit of history)
<hearn>
let me try an analogy. think of a full node as like a human auditor checking the books. now imagine some clever trader somewhere else in the company who wants to execute a clever trade, but knows that the auditors will reject it
<fluffypony>
it would be a more monumental challenge, but I would be interested in Bitcoin adopting a similar periodical fork
<hearn>
so the trader goes to his colleague and says, hey bob. how about we come to an arrangement. when i send you money and put in the notes field that this is a trade for a ton of coal, i want you to interpret that as actually being a ton of gold
<BitcoinErrorLog>
I forget the details bramc, wasnt it a Berkdb issue? i remember all the miners having emerggency meeting with devs to revert and stop the fork from happening
<nubbins`>
BitcoinErrorLog yes
<hearn>
bob says, "uh why alice"? and alice says, well, if we put in "ton of gold" the auditors will flag it as a bad transaction. we could go all through the process to get this type of trade accepted, but it's quicker if we just bypass them
<hearn>
call it backwards compatibility
<nubbins`>
it's just a config update ;/
<bramc>
BitcoinErrorLog, Oh right, the result of that one was that the implicit restriction of the older shittier nodes was accepted
<fluffypony>
nubbins`: no
<fluffypony>
well
<fluffypony>
it was a BerkeleyDB issue, but not BerkeleyDB vs. LevelDB
<hearn>
now - would this be accepted in a real company? hopefully not. though maybe given the behaviour in the last few years.....
<fluffypony>
it was BerkeleyDB (bad) vs. BerkeleyDB (good) & LevelDB
<hearn>
as the goal of the auditors is to fully understand the transactions and check the ledger. if people are fooling them with clever tricks, that audit is being undermined.
darwin_ has quit [Remote host closed the connection]
<hearn>
do you see this argument?
<bramc>
So there was a temporary fork and it was fixed by rolling back to the pre-fork protocol
<bramc>
hearn, I have no idea what you're saying. Are you arguing against backwards compatibility as a goal?
<hearn>
when it comes to consensus systems? yes
darwin_ has joined #bitcoin-wizards
<hearn>
obviously in most software systems backwards compatibility is highly desirable
<bramc>
hearn, You're on crack
<hearn>
as it is for things like bitcoin p2p protocol, etc
<nubbins`>
<fluffypony> it was BerkeleyDB (bad) vs. BerkeleyDB (good) & LevelDB << +1
<fluffypony>
I 100% agree with bramc
<fluffypony>
erk
<hearn>
bramc: that argument is "not excellent" :)
<fluffypony>
I mean
<fluffypony>
I 100% agree with hearn
<fluffypony>
you don't know "who" is running a node
<hearn>
hehe :)
<fluffypony>
you can't communicate with them directly
<nubbins`>
hell, even i could be running one
<nubbins`>
or six, or w/e
<fluffypony>
so the only thing you can do is drop them off the network if they don't upgrade
<hearn>
well, there is a middle path
<hearn>
nodes that can't fully audit the ledger any more can still be useful - for serving and filtering the chain for others
<hearn>
if there was a way to have a hard fork trigger a shutdown of the RPC interface, for example, and maybe flagging somehow (~NODE_NETWORK?) that it's now in a kind of 95%-SPV mode, it may still be a reasonable thing to do
<hearn>
as SPV clients could still benefit
<hearn>
however, businesses relying on the quality of the audit ..... well, if they want to opt-in to pseudo-spv mode, that's fine by me.
<hearn>
but it should be something they knowingly accept
<hearn>
anyway this is why the whole argument for soft forks has never convinced me
<bramc>
There's a fundamental difference between forking the block chain and dropping support for old versions of the peer protocol
<fluffypony>
bramc you're not forking the network
<fluffypony>
the network is moving forward and outdated participants are left for dead
kmels has joined #bitcoin-wizards
<fluffypony>
that some of them may have a tip of their own is largely irrelevant to the main herd ;)
AaronvanW_ has joined #bitcoin-wizards
<bramc>
There's a reason why HTTP has moved forward while DNS has not
<kanzure>
isn't dns a consensus system of some kind
<fluffypony>
it's a poor comparison, though - protocols are mostly governed by committees
<fluffypony>
when did they seek public input on whether SPDY should be part of the protocol?
<hearn>
HTTP/2 is the equivalent of a "hard fork", so ...... not sure it's a great suggestion. it's totally incompatible with HTTP/1 except at a high semantic level
<kanzure>
i think the bitgo person submitted a spdy ietf rfc.. if that's what you mean?
<fluffypony>
kanzure: I mean that the userbase "at large" don't care about changes to SNMP, TCP/IP, DNS, or anything else
<fluffypony>
even companies heavily invested in a particular protocol tend to care very little
<kanzure>
(perhaps the user base would be better not using bitcoin if they don't care about its features (even if it may be objectively safer for them to use, i don't know about forcing them))
<bramc>
hearn, No you aren't getting it. DNS is a database, HTTP is not. Hence incompatible changes to HTTP can be made much more frequently than can incompatible changes to DNS, which happen essentially never.
<hearn>
sigh. DNS is not a consensus system. my argument applies to consensus systems. where you want to audit every last change.
darwin_ has quit [Remote host closed the connection]
<fluffypony>
DNS also went through a period of retardation where they added idiotic record types, like GPOS and SPF
darwin_ has joined #bitcoin-wizards
sipa has left #bitcoin-wizards [#bitcoin-wizards]
<bramc>
Looking over things right now, I think the most likely thing with the block size increase is that it gets dropped. The next most likely thing is that it gets forced out and either fails or, worse, mostly fails, and the partisans who have been pushing it so hard wind up not being involved in bitcoin development any more.
zooko has joined #bitcoin-wizards
<fluffypony>
bramc: dropped as in no longer discussed and remains unchanged, or dropped as in it gets unilaterally removed?
<nubbins`>
heh
<bramc>
fluffypony, As in the people pushing it give up and drop the subject
<nubbins`>
fuck the partisans
<nubbins`>
the amount of astroturfing and obvious shilling re: block size increase is pretty lel-worthy
<fluffypony>
yeah the Reddit hivemind stuff is a little annoying, hard for some people to see the wood for the trees
<bramc>
It isn't a mystery who's behind the push for the block size increase, they're in this channel with us now.
<hearn>
there is zero chance of that. even if me and gavin vanished in a puff of smoke, other people would do it instead.
<hearn>
(as was made clear to us by the number of people asking when the new XT will be ready)
<bramc>
By 'other people' you mean people on reddit who don't understand the subject but have gotten whipped up into a fury about it because they like having causes to rant about.
<jposner>
bramc: the issue isn't just being pushed by "people," it's being pushed by circumstances. stuffed blocks, whether that results in transaction delays or fee increases, is not going to be ignored.
* fluffypony
hugs BitcoinErrorLog
darwin_ has quit [Remote host closed the connection]
darwin_ has joined #bitcoin-wizards
<bramc>
The actual players in bitcoin have overwhelmingly made it clear that they don't like the idea. Whipping up a mob isn't convincing any of them.
<BitcoinErrorLog>
honestly the mob is what has heightened my skepticism and brought me here
<bramc>
jposner, There's overwhelming support for building support for real transaction fees
<bramc>
jposner, which doesn't require a fork at all
maraoz has joined #bitcoin-wizards
<nubbins`>
bramc i doubt many actual players read reddit ;p
<bramc>
nubbins`, reddit is on the pro-increase side. It's the whipped up mob.
<nubbins`>
you got that right
<nubbins`>
but then again, reddit is generally broke kids w/ dreams that their 0.5 btc is gonna make them a jillionaire
<Relos>
that sounds pretty elitist
<jposner>
dismissing the proponents of increasing the block size as a "mob" or with ad hominem is not very convincing. those arguments could just as easily be made against those who would rather keep the 1MB limit.
<nubbins`>
Relos ?
<nubbins`>
jposner oh absolutely
<Relos>
I can hear mary antoinette saying: "let them eat cake"
<nubbins`>
what can you hear marie antoinette saying?
rht__ has quit [Quit: Connection closed for inactivity]
<nubbins`>
8)
<bramc>
Relos, The attempt to unilaterally make an incompatible change to the protocol using a magic number which somebody pulled out of their butt is what's elitist
<nubbins`>
anyway. jposner i'm dismissing redditards based on general behaviour patterns, not their response to this one thing
<Relos>
I said enough, I just switched to the tab and saw your comment, I don't know if there was a real discussion ongoing and I wouldn't want to in anyway take up its space
zooko` has joined #bitcoin-wizards
<jposner>
nubbins': I think it's more productive not to focus on the "retards" in the debate, but rather the best arguments on each side
darwin_ has quit [Remote host closed the connection]
<nubbins`>
jposner oh, undoubtedly
darwin_ has joined #bitcoin-wizards
<bramc>
jposner, A survey of bitcoin developers and people who run major bitcoin services indicates that they overwhelmingly don't want to make the change
<nubbins`>
i've yet to see a good argument for >1mb blocks other than "it'll help the people who want to take away the average person's ability to run a full node"
<nubbins`>
which is actually a REALLY good argument
<bramc>
The push for it can be traced directly to Gavin's full frontal PR campaign
<nubbins`>
just, y'know...
<nubbins`>
not a thing that i want
<BitcoinErrorLog>
nubbins i see no problem classism in bitcoin anyway
zooko has quit [Ping timeout: 276 seconds]
<nubbins`>
o.O
<BitcoinErrorLog>
with
<maaku>
guys please this is all way OT
<maaku>
take it to #bitcoin-blocksize
Quanttek has quit [Ping timeout: 264 seconds]
<nubbins`>
bramc remember when the NSA totally wasn't reading everyone's emails until it turned out they definitely were?
<BitcoinErrorLog>
worst spam is moderation spam, with that i'll shut up
<nubbins`>
bramc this gavin-pushing-for-big-blocks thing reminds me of that
<nickler>
and when you say that they 'are only connected to each other through a slow 2 Mbit/s
<nickler>
link', does this mean both groups are only connected via one link or is the network fully connectd?
antanst1 has joined #bitcoin-wizards
darwin_ has quit [Remote host closed the connection]
darwin_ has joined #bitcoin-wizards
<maaku>
both groups are only connected via one link
<maaku>
a link whose parameters happen to match the great firewall
<maaku>
(or, roughly, Tor)
zooko` has quit [Ping timeout: 252 seconds]
<maaku>
(but that would have a different connectivity graph)
antanst has quit [Ping timeout: 256 seconds]
wallet42 has quit [Read error: Connection reset by peer]
wallet421 has joined #bitcoin-wizards
wallet421 has quit [Changing host]
wallet421 has joined #bitcoin-wizards
wallet421 is now known as wallet42
<nickler>
ah thanks, seems to be a fairly strong assumption. I'll see if there's the same effect with Gavin's simulation.
<bramc>
Do bitcoin nodes drop connections if the peer sends them too much garbage?
pollux-bts has joined #bitcoin-wizards
darwin_ has quit [Remote host closed the connection]
darwin_ has joined #bitcoin-wizards
kmels has quit [Ping timeout: 276 seconds]
ThomasV has quit [Ping timeout: 276 seconds]
b_lumenkraft has quit [Read error: Connection reset by peer]
b_lumenkraft has joined #bitcoin-wizards
jmcn_ has quit [Ping timeout: 276 seconds]
jmcn has joined #bitcoin-wizards
darwin_ has quit [Remote host closed the connection]
midnightmagic has quit [Ping timeout: 252 seconds]
darwin_ has joined #bitcoin-wizards
midnightmagic has joined #bitcoin-wizards
xcthulhu has quit [Quit: xcthulhu]
priidu has joined #bitcoin-wizards
priidu has quit [Max SendQ exceeded]
Populus has joined #bitcoin-wizards
Populus has quit [Changing host]
Populus has joined #bitcoin-wizards
binaryFate has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
darwin_ has quit [Remote host closed the connection]
xcthulhu has joined #bitcoin-wizards
darwin_ has joined #bitcoin-wizards
Guest2862 has quit [Changing host]
Guest2862 has joined #bitcoin-wizards
Guest2862 is now known as gmaxwell
BitcoinErrorLog has quit []
darwin_ has quit [Remote host closed the connection]
darwin_ has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
AaronvanW_ has quit [Ping timeout: 246 seconds]
www has joined #bitcoin-wizards
darwin_ has quit [Remote host closed the connection]
darwin_ has joined #bitcoin-wizards
tucenaber has quit [Remote host closed the connection]
bramc has quit [Quit: This computer has gone to sleep]
nejucomo has joined #bitcoin-wizards
nejucomo has quit [Client Quit]
nwilcox has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
<waxwing>
in 3.3.1 of Borromean, step 2c, it seems like the range of j indices is wrong. should start at j_i* + 1 i think.
dEBRUYNE has quit [Ping timeout: 258 seconds]
zooko has quit [Quit: bbiab]
<waxwing>
the notation for step 3 there also seems to be wrong?
antanst1 has left #bitcoin-wizards [#bitcoin-wizards]
darwin_ has quit [Remote host closed the connection]
<andytoshi>
waxwing: i think 3.3.1 is correct
jposner has quit []
darwin_ has joined #bitcoin-wizards
darwin_ has quit [Remote host closed the connection]
<andytoshi>
notation of step 3 is wrong, good catch, says m_j but should be m_i
<andytoshi>
actually those i's should be 1's
<waxwing>
yeah that one, but even then, it's m_i-1 is the last index
darwin_ has joined #bitcoin-wizards
<waxwing>
i couldn't find any way of making step 3 look right. but, it's not as if the basic idea isn't obvious.
<waxwing>
just seems that the notation is off.
<andytoshi>
yup
darwin_ has quit [Client Quit]
<andytoshi>
waxwing: there are two sG - eP phrases; the first should have {1, m_0 - 1} as its subscript, the last should have {n, m_n - 1}
<andytoshi>
i think that fixes it
<waxwing>
right
<waxwing>
that was what i was hoping
<waxwing>
andytoshi: so shouldn't it start at j_i* + 1 in 2c?
<andytoshi>
waxwing: it is always assigning to j+1, so i think that covers it
<andytoshi>
i'm pretty sure i copied the code directly for that line, so i hope it's not wrong :)
<waxwing>
andytoshi: but in (b) you already set e_{i,j_i^* + 1}
<waxwing>
heh
<andytoshi>
oh, hmm, shit
<waxwing>
a few bitcoins here there, no big deal :)
<andytoshi>
lol
<andytoshi>
if there is a corresponding bug in the code it'd completely break the sigs, i'm not too worried .. i'm sure i transcribed it wrong
<waxwing>
yeah i know. much of our security is based on this principle. "If it had any bugs it woulda crashed by now" :)
<andytoshi>
hehehe #notactuallyfunny
<waxwing>
sorry bit cheeky, just jking
<andytoshi>
it's cool, i don't mean #notactuallyfunny like it's a bad joke, i mean that it's totally true..
<andytoshi>
and very dangerous
hearn has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
<andytoshi>
in any case, yeah, i transcribed it wrong, the code has the loop offset in a weird way so that step (b) is absorbed into (c)
<andytoshi>
so you are correct, i will fix the range in the doc
<waxwing>
andytoshi: somehow reminds me of that old fallacy: "well, if you can decrypt it, it must be the right key, so it's authenticated, right?"
<waxwing>
(not this particular case, just the general idea)
<andytoshi>
i'm actually laughing out loud, but still shouldn't be funny..
<gmaxwell>
whats weird is that I thought I checked the agreement with the writeup there.
<gmaxwell>
verification is hard because of confirmation bias. :(
<andytoshi>
gmaxwell: the range in the writeup is the same as the range in the loop; difference is what part of the loop tmp is assigned (where `tmp` is the input to the hash function)
<gmaxwell>
it doesn't help that the software and the paper use pretty different nomenclature I guess, maybe I should have updated the software after the document to agree with the markup.
<andytoshi>
it's a pretty subtle thing, one of us Should Have Caught It but i'm not too suprised it got thruogh
<andytoshi>
well, the paper can just say H(some algebraic formula), the code needs to have temporary variables and stuff, i don't think you can force them to match
<gmaxwell>
and indeed, there are classes of mistake that I probably do not look for because if they're made they are just guarenteed to not work at all.
<andytoshi>
without adding a bunch of temp variables to the writeup that'd leave it unreadable
<gmaxwell>
andytoshi: e.g. the code can line by line reference the writeup even where they don't exactly match.
<andytoshi>
ah, right
<waxwing>
i wouldn't pay much attention to this kind of thing; there is a certain flexibility in interpretation of notation like that, and the preceding section of the doc makes it pretty obvious how it *should* work. no matter what you happen to call the various indices.
<waxwing>
i mean yeah fix it but it's not like someone's going to "accidentally" code it wrong.
<gmaxwell>
sure sure, but, you know.. advancing the art. I wouldn't want to waste a second of anyone's time on stuff like this.
<andytoshi>
waxwing: welll, the hope is that you can reimplement from the writeup, if you need to look at our code that seems like we're wasting future programmers' time
<gmaxwell>
so they might not actually ship something wrong they may waste a while trying to get it right.
gill3s has quit [*.net *.split]
nubbins` has quit [*.net *.split]
kanzure has quit [*.net *.split]
Starduster_ has quit [*.net *.split]
d1ggy_ has quit [*.net *.split]
akstunt600 has quit [*.net *.split]
kyuupichan has quit [*.net *.split]
catlasshrugged has quit [*.net *.split]
gwillen has quit [*.net *.split]
koshii has quit [*.net *.split]
STRML has quit [*.net *.split]
lclc has quit [*.net *.split]
Logicwax has quit [*.net *.split]
sl01 has quit [*.net *.split]
<waxwing>
yeah good point. try to make it ultra clear, but it's difficult with these multidimensional array scenarios.
<waxwing>
it's always ugly even when it's right :)
kanzure_ has joined #bitcoin-wizards
Starduster_ has joined #bitcoin-wizards
sl01 has joined #bitcoin-wizards
<andytoshi>
it's always uglier when it's right ;)
<gmaxwell>
It's also important because some pepole will never in a million years review code. (which is sad and makes the world worse off; but I'd still want to benefit from their understanding)
ThomasV has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
akstunt600 has joined #bitcoin-wizards
<gmaxwell>
andytoshi: funny you say that, when I first wrote the verification code, it was so clean relative to my expectation that I thought it had to be wrong.
catlasshrugged has joined #bitcoin-wizards
<andytoshi>
lol, yeah, verification is funny in this case, i was impressed too
d1ggy has joined #bitcoin-wizards
<andytoshi>
i will try to submit a PR at some point today which adds comments to both sign and verify which reference the writeup..
kyuupichan has joined #bitcoin-wizards
<gmaxwell>
The signing implementation is also much cleaner than I _expected_ it would need to be, but uh. well. still pretty twisty.
<waxwing>
gmaxwell: i have been having the code open while going through it
STRML has joined #bitcoin-wizards
Logicwax has joined #bitcoin-wizards
<waxwing>
but it's slow going for me, i'm not used to the bitcoin codebase
<waxwing>
i found myself sidetracked into reading about jacobian form or whatever :)
<gmaxwell>
haha
<waxwing>
just trying to plod through and write the algo in Python to make sure i understood it
<andytoshi>
waxwing: :) unfortunately you need to do that to understand basically any part of libsecp256k1
<andytoshi>
waxwing: if you want some intuition and it'd help to have a voice you can call me
<waxwing>
andytoshi: very kind; but this kind of support is already amazing...
koshii has joined #bitcoin-wizards
<gmaxwell>
waxwing: cost of an optimized implementation is a bit more complexity. OTOH, .. less for the ringsig, but very much for the range proofs-- building an optimized first implementation prevented me from making some pretty severe design errors that would have greatly hurt performance.
<gmaxwell>
so I can't say I regret doing that instead of e.g. making a super simplistic python implementation.
lclc has joined #bitcoin-wizards
<waxwing>
gmaxwell: yes the thing it made me think about was whether it's possible to somehow split things like (prevent timing attacks) from (program logic). i guess maybe it isn't.
<andytoshi>
waxwing: the kind of support where you do free in-depth review for us and we answer questions that (should be) at the front of our minds anyway? yeah, we are saints ;)
<andytoshi>
this is seriously really helpful, most projects of this algebraic complexity do not get any review
<Mably>
gmaxwell
<gmaxwell>
(wrt performance, in the range proof, I avoid the ringsig commiting to all the derrived points; which means they don't ever need to be converted back to affine corrids, which is a non-trivial performance impact)
<Mably>
may be you already answered, but have you studied Sumcoin compact confidential transactions?
<andytoshi>
Mably: i am in the process of studying it, don't have anything more to say than "cautiously optimistic", sorry
<andytoshi>
(at this point)
<gmaxwell>
waxwing: yea, making a constant time and uniform memory prover-- one which was constant both for secret keys _and_ the ring membership, for this would sadly have really high overhead.
sparetire_ has joined #bitcoin-wizards
<gmaxwell>
I believe my implementation is private for the keys though, or close to it. It hasn't been carefully reviewed for that (as in CT it doesn't matter much).
maraoz has quit [Quit: Leaving]
antanst has joined #bitcoin-wizards
<waxwing>
yeah i saw the comment about privacy leaks vs key leaks
antanst has left #bitcoin-wizards [#bitcoin-wizards]
<gmaxwell>
Mably: I've talked to the author some. I'm very excited about it.
xcthulhu has quit [Quit: xcthulhu]
<Mably>
gmaxwell: so it significantly improves current solution?
hearn has quit [Read error: Connection reset by peer]
Guyver2 has quit [Quit: :)]
metamarc has quit [Read error: Connection reset by peer]
AaronvanW_ has quit [Ping timeout: 246 seconds]
Giszmo has quit [Read error: No route to host]
Guest78558 has quit [Ping timeout: 240 seconds]
Giszmo has joined #bitcoin-wizards
hulkhogan_ has joined #bitcoin-wizards
hearn_ has quit [Ping timeout: 265 seconds]
Starduster has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 255 seconds]
hearn has joined #bitcoin-wizards
hearn has quit [Read error: Connection reset by peer]
hearn has joined #bitcoin-wizards
hearn has quit [Ping timeout: 250 seconds]
xcthulhu has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
hearn has joined #bitcoin-wizards
binaryFate has quit [Quit: Konversation terminated!]
mrkent has joined #bitcoin-wizards
metamarc has joined #bitcoin-wizards
metamarc has joined #bitcoin-wizards
<mrkent>
Regarding all this debate about block size recently, does anyone else think there isn't enough debate about the fact that we're trying to *change the rules*?
<mrkent>
The rules that everyone agreed to to begin with
Populus has quit [Remote host closed the connection]
airbreather has joined #bitcoin-wizards
<mrkent>
When we approach 21m BTC and miners complain about fees, what's to say the 21m can't be changed?
<mrkent>
I feel like it sets dangerous precedence.
<gmaxwell>
mrkent: I know sipa has repeadily over and over raised the concern about making hardforks in the face of controversy.
<gmaxwell>
It concerns me greatly.
<PRab>
To me is an "I wish I had a time machine" topic.
<gmaxwell>
mrkent: I think that the rules change in and of itself is not the gravest concern, if you imagine a change that is necessary for the survival of the system and that everyone (or very very nearly so) agress with, I don't see a /huge/ cause for concern there.
<gmaxwell>
Ideally the system could never change but, mistakes are made... we can't engineer something so perfect.
<mrkent>
gmaxwell: I mean if you feel strongly about this, maybe you should redirect debate this very different question
<gmaxwell>
mrkent: I'm unable. I've tried. At least on reddit people are very much might makes right.
<mrkent>
Well, what were your points?
<gmaxwell>
In any case, if you look at the history of soft forks you'll see there have been many backwards compatible rules changes that were completely uncontroversial. These things don't worry me.
<brand0>
I thought consensus was forming around 8mb
<gmaxwell>
brand0: 0_o
<mrkent>
brand0: yes the last big reddit post was 8mb
<bramc>
We can probably get consensus around 1mb :-P
<gmaxwell>
mrkent: That the value of the system is that it's resistant to change, and that if you're fine with a system ruled by political whim you should stick with the fiat of a major democracy. That with bitcoin we hope to approximate cryptographic security, where your control of your funds is autotonymous and as free from other people's choices as possible. And that changing the system in ways detrimen
<gmaxwell>
tal to their interest out from under a substantial minority of users is a taking, that its unethical, and that it undermines the primary value proposition of the system, even for the majority. ::shrugs::
<mrkent>
I mean the fact that there are is debate over arbitrary #s is insane
<gmaxwell>
mrkent: yea, specific values aren't so much of a concern for me. Thats really not the point of the concern.
<bramc>
mrkent, It's become clear that the hard fork would really and truly result in a fork, with effectively two bitcoins which have to be treated independently.
<mrkent>
bramc: I think personal blogs won't do as well as a self.post or medium post or something
<gmaxwell>
Concerns are the implications of forcful changes to the rules of the system, long term security incentives, short term market incentives between miners, preserving the system's decenteralized properties, and missing out on the pressure to actually improve things. that kinda stuff. 2MB is about as good as 1Mb is about as good as 500k, actual numbers aren't critical.
<bramc>
mrkent, Are self posts considered more confidence inspiring than personal blog posts now?
<mrkent>
gmaxwell: ya agreed, i was just about to write something on this, and decided to come ask here first.
arubi_ has quit [Ping timeout: 252 seconds]
<bramc>
Maybe I should make a medium post entitled 'How to steal from anyone accepting zeroconf'
<gmaxwell>
I'm also concerned with this recent event that it completely bypassed the normal process. No Bip, no PR, no bitcoin-development post.. just a straight call to the largely uninformed public with a one sided argument, and when that wasn't overwhelming, it was followed up with a threat to fork the network in some kind of insane king solomon's trial.
<mrkent>
I think perhaps the way to say this is: 1. why don't we also increase the 21m limit while we're at it? 2. or inflate btc relative to economic growth?
<gmaxwell>
an interesting thing I learned is that lots of redditors think there existing a huge network partition is no big deal! like, they think thats its (likely to be) a recoverable faulure!
<bramc>
gmaxwell, And a flooding 'experiment' which demonstrated nothing whatsoever.
<gmaxwell>
mrkent: I made that point, actually had a very interesting discussion with one person where he argued miners should control the block limit, and I said well why not also the 21m cap. And delightfully, he responded saying they probably should control that too!
<brand0>
gmaxwell, crazy!
<gmaxwell>
I thought that was like the best discussion ever, because at least his position was logically consistent!
shen_noe has quit [Ping timeout: 276 seconds]
<bramc>
Let's also let miners decide whether bitcoin is a PoW or a PoS system
<mrkent>
I feel like a lot of this comes from fear of BTC not scaling thus bitcoiner's investment does not go up
<gmaxwell>
It's not completely crazy to say miners should control the 21m cap... its just that the reason the rules exist even against miners is that we use the rules to keep miners incentive aligned, we don't "trust" miners except at arms length. But if your mental model is that miners are trusted by definition, why not let them control all the things?
www1 has joined #bitcoin-wizards
<gmaxwell>
mrkent: some people on reddit were quite specific that they are very concerned with driving up the value of their bitcoins. But it's hopeless to try to guess everyone's motivations.
<mrkent>
I mean which one of us doesn't want the price to go up
<mrkent>
but we're risking all that makes bitcoin special in the process
<bramc>
mrkent, The price of bitcoin right now mostly is indicative of the amount of electricity which is burned mining. I for one view it going up as a bad thing in and of itself.
<brand0>
I was happy with a $1 BTC
www has quit [Ping timeout: 252 seconds]
<mrkent>
You're on point in that if public opinion determines economic policy, then stick with fiat (already 100% adoption)
<gmaxwell>
mrkent: sure, absolutely. but different time horizons. But I can't draw any seperating lines, it's not like all the people with one perspective fit into one box.
<gmaxwell>
yea, fiat has huge advantages if you don't care about the few things bitcoin does uniquely better.
justanotheruser is now known as justanother
justanother is now known as justanotherusr
<bramc>
The undermining of the integrity of the bitcoin ecosystem implied by a fork is likely to hurt the value of BTC more than whatever value increase could be had from the modifications anyway.
<gmaxwell>
(I get seriously downvoted on reddit for saying things like that)
<bramc>
gmaxwell, But fiat currency is TEH DEVIL!
<bramc>
It's a funny thing in the bitcoin community that the biggest doubters are the core devs. Everybody's surprised when I tell them that.
<gmaxwell>
bramc: maybe not-- at least until it happens, because strangely (*!@#*! many people on reddit think that persistant network forks are no big deal!
<mrkent>
gmaxwell: well, not everyone knows your reddit username so there isn't as much weight behind that guy
<bramc>
gmaxwell, That's a lesson not worth learning the hard way!
<bramc>
Most redditors probably know the name 'Gavin' and that's about it on the dev side.
<brand0>
What *do* you guys think is the right process forward here? (I've heard tons about what's wrong)
<gmaxwell>
Well there are very important reasons that you do not want to be well known.
<adlai>
they know other names from targeted ad-hominem shilling
<bramc>
brand0, The right process is to do nothing to the block chain, work on making everything support real transaction fees
<gmaxwell>
brand0: there are several proposals that fix some of the ugly incentive problems and would likely make larger blocks safer. Those need to mature and be explored.
<bramc>
gmaxwell, Thanks for the warning, I'll take every step necessary to avoid ever being well known.
<gmaxwell>
oops
<gmaxwell>
brand0: And yep, as bramc, says, actual scaling tools need to be developed so that whole subject is not a redicilous false tradeoff.
<mrkent>
So what are the most likely outcomes at the current time?
zmachine has quit [Quit: Bye!]
<mrkent>
I don't actually read into the debates much...
Guest43254 has quit [Remote host closed the connection]
<bramc>
mrkent, Do you mean outcomes for block size increases or outcomes for scaling the block chain as a whole?
<mrkent>
bramc: or not do anything, or something else..
<bramc>
Unfortunately doing actual work can get you labelled TEH DEVIL. For example Peter Todd's work on malleability. I have some issues with Peter Todd. His work on malleability is most definitely NOT one of them.
<gmaxwell>
brand0: We know with almost absoute certanty that we can scale-out bitcoin into complete centeralization at some level (no consensus exactly where and how) it's no longer viable as a decenteralized system (no consensus on how you define decenteralized). But at the same time, no certanty that any particular blocksize will accomimdate any particular new application space.
<mrkent>
Any sort of hardforking change
waxwing has quit [Read error: Connection reset by peer]
<bramc>
mrkent, Most likely outcome is probably that a hard fork never happens. Next most likely is that a hard fork happens but fails. Next after that is that a hardfork happens, only half fails, the shit hits the fan, and wallets have to support the new reality of two incompatible block chains.
<gmaxwell>
brand0: there are varriosu proposals (e.g. lightning being the newest and most advanced) to achieve actual scalablity for Bitcoin which need to mature, and I think these are the only way we can address actual massive scale use cases.
<kanzure>
as much as i don't want a centralized system design, it would be prudent to have backup plans for orderly wind-downs into centralized systems so that there isn't too much murder
<bramc>
kanzure, The solution to the shit hitting the fan from one fork is not another fork
<mrkent>
Accounting for the "politics" of it all. e.g. If Gavin pushed new code that hardforks, is it likely that more than 50% will just go with it?
<kanzure>
bramc: nah, i was speaking more long-term
<gmaxwell>
if the users of the system choose to keep craking the limit up to avoid any fees, rather than developing and adoptiong things that actually scale, then the system will likely fail (though maybe in a way that doesn't cause massive monetary losses for its users, e.g. it could just become a new popular centerally administered fiat)
<kanzure>
mrkent: depends on what 50% you are asking about
waxwing has joined #bitcoin-wizards
<kanzure>
gmaxwell: if that is what happens (an actual centralization many years down the line, conversion into visa-like system, etc...), there will be much in-fighting between different groups trying to grab control...
<bramc>
mrkent, Depends on how it's rolled out. If there's a vote amongst miners as to whether to accept it it will likely fail. If there's a vote amongst miners and it passes the vote it will likely half-fail. If there's no vote amongst miners and it's just unilateral then it will either fail of half-fail, hard to guess which
<mrkent>
kanzure: I think just 50% of the people?
<gmaxwell>
kanzure: who says that you're not seeing that already?
<gmaxwell>
mrkent: well of what people? probably 99% of bitcoin users don't run node softare at all.
<mrkent>
I don'
<kanzure>
mrkent: the bitcoin system has no way of counting people, so no
<bramc>
Whether what's being proposed is an adoption vote like the soft forks of the past I'm unclear on.
<kanzure>
gmaxwell: because i also don't see any proposals for safe wind-down into a centralized system. it should not be bloody, if that's what $whoever really wants.
<gmaxwell>
kanzure: you can't preprepare that without both a fight over who would be the reciever of it, AND without creating an incentive to cause that outcome.
<mrkent>
kanzure: Miners tend to be pretty centralized (via pools). If miners say no, but everyone else who actually transacts say yes, then miners are not going to mine their fork that no one will recognize
<adlai>
bramc: iiuc, mrkent is asking "what happens to the winners and losers after an intentional hardfork occurs"
<kanzure>
gmaxwell: hm not sure i understand your incentive comment there
<kanzure>
gmaxwell: i guess it would flag the people that would be willing to support that proposal?
<kanzure>
but wouldn't that be useful for those who want to keep things decentralized?
<gmaxwell>
kanzure: if I get to be the king of bitcoin if bitcoin becomes centeralized; that might be a pretty good reason for me to make sure it becomes centeralized?
dEBRUYNE has joined #bitcoin-wizards
<gmaxwell>
(if I were an idiot at least, you really do not want to be king of bitcoin)
<kanzure>
yes, but nobody can centralize it without lots of bloodshed i think- at least not without proposals.
<kanzure>
right
<bramc>
gmaxwell, The king of bitcoin gets all the concubines
<gmaxwell>
bramc: who has time for that?
Tebbo has joined #bitcoin-wizards
<kanzure>
well anyway; it might be helpful to identify those who are interested in that direction, which can help assign various weights to how much we know to be thorough when checking their analyses on other topics.
<gmaxwell>
kanzure: well it already has, exact number right now is hard to estimate, alarge supermajority of hashpower is in the hands of a half dozen or so. E.g. someone could rationally argue that in that sense, at the moment, bitcoin is less decenteralized that the ludriciriously centeralized federated consensus in alpha. :(
<kanzure>
i have read your fedpeg python source code and i am not amused :-)
<bramc>
I'm going to be giving a talk at the bitcoin-dev meeting on the 22nd. The title will be 'Removing the waste from cryptocurrencies: Challenges and more challenges'
<gmaxwell>
kanzure: typesafty is for fusses. who doesn't like floats being used to index lists. :) in any case, that stuff is throwaway, and for good reason. :) And yet, works fine.
<kanzure>
gmaxwell: well what i would be most worried about is others using that code for non-testnet things. i was thinking about making a client/library instead..
<bramc>
gmaxwell, My mining ideas on paper look great for maintaining decentralization. They're still very much in the crazy out their ideas category though.
<gmaxwell>
kanzure: well kinda self correcting there! (doh), I do think we really adequately warned people not to do that.
<kanzure>
bramc: i'm not sure even your proof of sequential work could allow the system to withstand users switching out rules and degrading behavior
<bramc>
kanzure, Not sure what you mean by that
<kanzure>
the problems that we are encountering with centralization pressure at the moment are not just the number of mining nodes, but also apparently people wanting to change critical parameters in ways that further degrade those system properties
robogoat has quit [Ping timeout: 272 seconds]
<kanzure>
or er, not just the (decentralizedish) distribution of mining hashrate
<bramc>
Do you mean hard forks or soft forks or something else?
<kanzure>
hard forks.
<kanzure>
oh right; never allowing a hardfork fixes this.
<bramc>
There's only so much which can be done against hard forks. If the whole world forgets about a system and does something unrelated no amount of rulesmaking in the old system can do anything about it.
<kanzure>
it's not just that though
<kanzure>
it's that even if a small chunk of users hardforks, you still get degraded system performance anyway
shen_noe has joined #bitcoin-wizards
_biO_ has quit [Remote host closed the connection]
<kanzure>
(depending on which chunk of the network that was)
<bramc>
podpot mining allows miners to mine on multiple cryptocurrencies and forks simultaneously with very little overhead. This is both good and bad.
<gmaxwell>
bramc: no system can be immune to the users rewriting the rules, but it surely can resist them... and bitcoin does, thus this drama. :)
<kanzure>
perhaps there's a way to use extension blocks here to prevent that sort of behavior, a sort of nuclear "i'll just soft-fork all of you into using the same set of extension blocks" plan or something
<mrkent>
this whole thing feels like a bailout, actually kinda depressing
robogoat has joined #bitcoin-wizards
<bramc>
mrkent, The cap increase is sort of a bailout in the sense that it's meant to avoid transaction fees. It isn't clear that that's a necessary or even desirable thing to do though.
zooko has joined #bitcoin-wizards
<mrkent>
It's also a bailout in the sense that if people really wanted a bigger blocks sizes, they should just switch to an altcoin or BIGcoin that has bigger blocks, rather than altering agreements they've already made with the bitcoin network
<kanzure>
er, i don't think that explains the bail part there?
<mrkent>
ah sorry, msg got too long forgot where i was going
<mrkent>
No one wants the risk of a new altcoin
<mrkent>
they want Gavin to increase value of BTC without having much downside
<mrkent>
or "oh shit, i bought this coin that has a low blocksize thus cannot scale to be valuable, please change rule so it's not the case"
kmels has joined #bitcoin-wizards
<kanzure>
bramc: did you look at the extension block proposals?
chmod755 has quit [Quit: Leaving]
<mrkent>
If this can be turned into a tabular form for easy reddit digestion, i think it would do a lot of good for public opinion
kmels has quit [Read error: Connection reset by peer]
<mrkent>
Can someone remind me why we can't have no-limit blocksize and let miners determine themselves?
<kanzure>
runaway effects
<mrkent>
kanzure: like?
<gmaxwell>
mrkent: please go read jeff's bip100 document, it talks reasonably enough about many of these things.
<gmaxwell>
I'm worn out after the 1001st repetition.
temujin has quit [Quit: Page closed]
<kanzure>
is there a good link for fedpeg vs extension blocks
<gmaxwell>
(jeff's document isn't comprehensive, but I thought it more useful to point you to something I didn't write)
<gmaxwell>
really the extension block stuff has 90% of the disadavantages of a larger block. but the disadvantages may be less clear to people. We specifically called out soft-forking-in-a-sidechain as a risk in the sidechain whitepaper.
<kanzure>
but i don't have to process it
<mrkent>
gmaxwell: I read it this morning and just took a look again
AaronvanW_ has joined #bitcoin-wizards
gwillen has joined #bitcoin-wizards
gwillen is now known as Guest33644
<mrkent>
It basically says it is a constraint that incentivizes efficiency and conservation and avoids spam
<mrkent>
Market (miners) can determine the supply (blocksize), so I don't buy that argument
<gmaxwell>
maybe he dropped that part.
jrayhawk has joined #bitcoin-wizards
Guest33644 has quit [Client Quit]
<gmaxwell>
mrkent: there are several issues, one is that miners and the rest of the network have interests at odds. Miners get paid to make their block bigger (free monies!), and everyone else has to swollow the block-- its an externality.
gwollon has joined #bitcoin-wizards
<gmaxwell>
The next is that larger blocks favor bigger more centeralized miners in several ways, e.g. if your bandwidth and validation costs are macrosopic, then the most centeralized pool is the most profitable, and since mining is an equalibrium that seeks zero average profits, you'll be mining at a loss unless you use that pool.
<gmaxwell>
The next is, assuming multiple miners still exist, if there is no limit on size it will always be locally in your best interest to take all the transactions you can, even very low fee ones. -- let someone else turn up their nose and delay very low fee transactions to create anti-spam and market pressures to increase fees. Absent a limit there the rational equlibrium fee should be very low, and a
<gmaxwell>
ll of that fee should be paying for the verification, which enjoys perfect centeralization gains.
<gmaxwell>
(and none of it going to POW, which provides security, but is a free parameter and can basically adapt to 0)
dEBRUYNE has quit [Ping timeout: 255 seconds]
<gmaxwell>
mrkent: does this stuff convince you that its not quite as simple as "do whatever you want?"
<kanzure>
was there ever a thing in here discussed about compression proof-images to make commitments about large quantities of transactions instead of just lists of transactions or instead of just transaction commitments.
<kanzure>
or was i dreaming that
nwilcox has quit [Ping timeout: 252 seconds]
eudoxia has joined #bitcoin-wizards
<mrkent>
gmaxwell: some of those do and some don'tt
<kanzure>
i don't think that providing ways for people to move coins out of the system will keep them from trying to hardfork the main chain
Mably has quit [Ping timeout: 276 seconds]
laurentmt has joined #bitcoin-wizards
<kanzure>
i suppose one argument is, "well if you hardfork successfully, then you *really* should have considered using an extension block or sidechain or some other bitcoin teleportation technique, because now you will have to do that anyway with the forked utxos"
<mrkent>
I mean centralization is bound to occur to some degree
zooko has quit [Ping timeout: 272 seconds]
<gmaxwell>
sure, but it already has. Right now you could freely rewrite the chain at the tipe by coercing or kidnapping less than a half dozen people. What degree is acceptable?
<mrkent>
Realistically speaking, it's likely as adoption grows, more people will use services like coinbase than send blockchain transactions
<gmaxwell>
mrkent: sure, but when that happens its at the edges and people opt into it, and they takes the risks that come with it and they can choose it.
<gmaxwell>
vs when centeralization happens at the center its forced onto you and you can't 'opt out' except by abandoning bitcoin.
gwollon has quit [Quit: leaving]
<mrkent>
I get that, but larger pools are always going to be favorable, so it is only logical that there is 1 pool on which everyone mines for 0 profit (regardless of the blocksize)
<mrkent>
> Absent a limit there the rational equlibrium fee should be very low
<bramc>
kanzure, I hadn't seen extension blocks. That would be less bad than a hard fork
dgenr8 has quit [Read error: Connection reset by peer]
<mrkent>
not sure if that's obvious (fee being low)
<gmaxwell>
mrkent: uh? "larger pools are always going to be favorable, " what?! no.
<gmaxwell>
please don't tell me you're in this channel without the most basic understanding of how mining works?
<bramc>
Although I'd like to point out that the non-extended part of extension blocks would still be subject to having transaction fees when it's transacted within or when coin is moved into or out of it
dgenr8 has joined #bitcoin-wizards
<kanzure>
bramc: sure, yes
<mrkent>
gmaxwell: I mean in terms of efficieny
<gmaxwell>
mrkent: explain what you're thinking further?
AaronvanW_ has quit [Ping timeout: 246 seconds]
<mrkent>
Well, the guy that invests $10m into a minging farm vs guy at home will always make more money
<mrkent>
So at 0 profit, the only guys that can mine are the big scale ones
<kanzure>
bramc: yes
<mrkent>
So we have a small number of mega miners
<gmaxwell>
mrkent: mining is a _lottery_ not a race. You win proportionally to your hashrate (ignoring issues around propagation). The process is linear, and there isn't a large scaling advantage (and there are a few scaling disadvantages, e.g. heat dissapation is harder at larger scales)
<mrkent>
So, when we get to 21m BTC, these guys are only going to make money off fees
<gmaxwell>
mrkent: long before then, effectively.
<gmaxwell>
(because of the geometric behavior)
<mrkent>
So if they accept very low fees like you claim, why would anyone pay more that that low amount?
<gmaxwell>
right. They wouldn't.
<bramc>
mrkent, It's a regular supply and demand thing. Once the demand has exceeded the supply, which in this case is set by the block size limit, then the price will go up
<gmaxwell>
It's like asking how carbon cap and trade would work... without the cap. :)
<bramc>
gmaxwell, exactly
<mrkent>
effectively, mining becomes, how soon do I get next block (thus how much fee I charge * # of txns)
<bramc>
mrkent, You don't get to decide on the fee, each transaction says what its fee is, so you take the transactions with the highest fee/byte and include them
<mrkent>
so in order to secure the network to the degree that people want, I need to charge at least fee of x satoshi...
<kanzure>
"charge"
<brand0>
Can anyone point me to code/documentation/whitepaper on which transaction scheme they think would scale best?
<gmaxwell>
mrkent: huh? you take all that you get and you put the result in your pocket. nothing makes you spend it on security.
<mrkent>
gmaxwell: I'm not sure I understand what you mean there
<bramc>
kanzure, If the big proposal right now was for 20mb extension blocks there would be a lot of controversy but not half the amount of bitter vitriol going on right now.
<brand0>
bramc, thank you
<gmaxwell>
mrkent: there is no "charge" mechenism. transactions have a fee they pay. You take it or you leave it.
<gmaxwell>
you can choose to produce a smaller block, leaving fees on the floor that you could have otherwise earned, and other miners will earn them if they break rank with you and accept the transactions you turned up.
<mrkent>
Yes but miners don't have to accept them
<bramc>
brand0, The super-quick summary of lightning network is that it uses net settlement where there's no need for anything to hit the chain until the net goes past the deposit amount, and then that's just a single transaction. It requires a relative timelock opcode to work properly, for reasons which are very technical and interesting.
<gmaxwell>
right, now saw you accept at some cutoff. you'll make less. Someone else accepts them, they'll make more than you, and yet they'll still benefit from your design to reject since it delays the transactions somewhat.
<gmaxwell>
but you never increase your income by rejecting, not unless almost everyone else does too.
<gmaxwell>
and everyone can make more right now by not rejecting.
<gmaxwell>
Then once you've made whatever you've made, you can just put that in your pocket. It doesn't go to pay for security, only your competition with other miners can result in that.
<akrmn>
There's many different forms of extension blocks. No one has still provided any fundamental flaw in my "subchains" idea, which is a form of extension blocks.
<jgarzik>
gmaxwell, never say never ;p
<jgarzik>
gmaxwell, if e.g. your orphan rate decreases due to block minimalism. there are other incentives besides fees... IMO that's a big part of PoW is that some real world externalities salt the system versus PoS.
<gmaxwell>
well I'm disregarding orphan rates there, because they are prefectly solvable via another simpler means: pool centeralization. It basically never makes sense to lower your blocksize to lower orphan rates, see pieters simulation results. If orphaning is an issue due to bandwidth you centeralize pooling.
<gmaxwell>
Which is what people were doing some months ago which is much of how we ended up with half the hashrate under a single parties control. Fortunately the block relay protocol reduced the incentive to do that, at least for a bit.
<mrkent>
There may be some other strategies a miner can employ to get higher pay
<mrkent>
Like perhaps some block withholding tactic
<mrkent>
Or like partnership with payment providers or something
<gmaxwell>
sure, miners with more than about a third of the hashpower can get a large advantage by withholding.
<mrkent>
like visa POS wants BTC confirmed immediately, so they pay the 1 asshole miner who charge 2x everyone else
<jgarzik>
still might take 60 wall clock minutes even at highest fees
wallet421 has joined #bitcoin-wizards
wallet421 has joined #bitcoin-wizards
wallet42 has quit [Killed (barjavel.freenode.net (Nickname regained by services))]
wallet421 is now known as wallet42
<gmaxwell>
mrkent: that still doesn't get you anything close to immediately though.
<mrkent>
sure, i mean ASAP i suppose
jrayhawk has quit [Ping timeout: 250 seconds]
<gmaxwell>
mrkent: and again, externality: everyone else still gets paid from people doing that. and the person with the too high bar will operate at a loss while his conservativism subsidizes everyone else.
<mrkent>
Ultimately, it'll boil down to some equilibrium point at which miners collect fee based on how much value they provide to the network
<mrkent>
certainly more transactions = more value they provide right?
wallet421 has joined #bitcoin-wizards
wallet421 has quit [Changing host]
wallet421 has joined #bitcoin-wizards
wallet42 is now known as Guest18833
Guest18833 has quit [Killed (hobana.freenode.net (Nickname regained by services))]
gmaxwell has left #bitcoin-wizards [#bitcoin-wizards]