sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
roxtrongo has quit [Remote host closed the connection]
DougieBot5000 has quit [Quit: Leaving]
NLNico has quit [Quit: Leaving]
Piper-Off is now known as Monthrect
gribble has quit [Remote host closed the connection]
JackH has joined #bitcoin-wizards
skra has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
gribble has joined #bitcoin-wizards
skra has quit [Quit: leaving]
Jeremy_Rand has quit [Ping timeout: 264 seconds]
kgk has quit [Ping timeout: 255 seconds]
matsjj has joined #bitcoin-wizards
mjerr has joined #bitcoin-wizards
skra has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
matsjj_ has joined #bitcoin-wizards
GAit has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
<el33th4x0r>
gmaxwell: Agreed, these kinds of studies are unethical and should not be performed or published, at least, not in this kind of cavalier manner.
matsjj has quit [Ping timeout: 240 seconds]
<el33th4x0r>
the sad truth is many of my colleagues see nothing wrong with publishing papers with 'interesting results', even when the results were obtained unethically.
<gmaxwell>
el33th4x0r: I think probably things could be done much better with just a bit more effort into harm mitigation; just choosing to not be cavalier and taking a few extra steps. I think sometimes we suffer from this dissonance where good security demands we design things to be safe from a very unrestricted adversarial model; but then that doesn't mean it's okay to go behave that way towards actual u
<gmaxwell>
sers. :)
<fluffypony>
it also makes it hard to differentiate between an actual attack, and "research"
<el33th4x0r>
Right, there are ways to perform these kinds of studies ethically (e.g. at a minimum, collect only aggregate statistics, do not collect PII/harvest IP addresses, do not keep any data in a place where it's vulnerable, etc).
<wumpus>
fluffypony: actual attacks are just "blackhat research" :)
<fluffypony>
:-P
<el33th4x0r>
but your typical IRB (institutional review board) is full of humanities profs who probably have no idea how to do these studies right.
<gmaxwell>
some stuff is also better done in simulation; simply because then you can understand why something happened, deploy countermeasures, etc.
<el33th4x0r>
hear hear. no societal good was served by deanonymizing actual Tor users.
<gmaxwell>
As I understand it there are also, at least in some places, weird dynamics like the IRB being prone to classify things as not human research due to technical details (if it's not in their domain, they can't get it wrong, I guess? :) )
<wumpus>
el33th4x0r: exactly
<el33th4x0r>
i haven't heard of that trick. the trick I have heard about is to get your buddies at a company to do your data collection for you, because they are not subject to an IRB.
<wumpus>
(and even if there was, say it allows some actuallybadpersons to get caught arguably it's not something researchers should be doing)
<gmaxwell>
el33th4x0r: yes that would be the facebook emotional manipulation study as an example of that. :)
<gmaxwell>
"We're just analyizing data"
<el33th4x0r>
gmaxwell: guess which school was involved in that one.
<el33th4x0r>
;-)
<wumpus>
emotional manipulation is, in some ways, even scarier. But at least the humanity profs in the ethical review board should understand that.
<gmaxwell>
I have friends that work on genetics; and they always have interesting IRB stories. All a tricky subject.
melvster has joined #bitcoin-wizards
<el33th4x0r>
gmaxwell: i'll tell you the full inside story of the FB study at the next conference. we were all horribly shamed by what the administration did there.
<el33th4x0r>
of course, if Tor actually worked better, all of this would be moot.
<gmaxwell>
Tor HS is underloved in particular.
<wumpus>
well it's an eternal cat and mouse game between people trying to anonimize and peopel trying to deanonimize, and developers that don't know that they're adding something that makes deanonimization easier
<fluffypony>
or they add convenience features without giving the user effective warnings so they understand the compromise
<wumpus>
exactly
<wumpus>
all those well meaning features in browsers :)
<el33th4x0r>
true, but the timing attacks against Tor have been known for quite a while. The extra relay flags made the attack a little easier, but the core attack exists even now.
<wumpus>
most known actual attacks against tor users use browser vulnerabilities / helpful javascript features
<el33th4x0r>
yes, that's another can of worms
<wumpus>
or flash plugins 'hey why would I want to use the proxy'
<wumpus>
on the other side, most documented attacks against HSes exploit web server and application vulnerablities
<el33th4x0r>
i thought (or maybe assumed) the browser bundle came with flash disabled?
<wumpus>
el33th4x0r: oh yes it does. I'm talking about the past, the future will likely find new things :)
<gmaxwell>
Ultimately the kind of system tor is will be vulnerable to a whole host of timing attacks. There doesn't exist any deployed high latency anonymity networks that are very robust to timing attacks, that I know of. Roger w/ the tor project coauthored a paper exploring anonymity relays that combine high and low latency operation (alphamix) and show they have better privacy for all traffic classes, b
<gmaxwell>
ut I think no one has worked on implementing any of that.
<wumpus>
tor bundle does an extremely thorough job at disabling 'features' in firefox that may help deanonimizing users, but fundamentally a blacklist approach like that w/ complex software is possibly futile in the long term
<fluffypony>
yeah like they only (relatively) recently started blocking HTML5 canvas objects on the higher security levels
<fluffypony>
if they keep going that way you're going to end up with a WAP browser:-P
<wumpus>
at the HS side, approaches like 'isolate the entire VM to be able to only communicate through tor' should be common pratice
<gmaxwell>
Mozilla has upstreamed some of the TBB features; but the browser is orders of magnitude too complex for anyone to manage loading a complete enough model of it in their heads to really reason through privacy implications.
<wumpus>
gmaxwell: right, that's what i mean :)
<gmaxwell>
Trying to get strong privacy (or even computer security :( ) through something as big as a modern browser (FF is >20 million lines of code, I think) seems like a question currently beyond mankind's engineering ability.
<wumpus>
at least against remote code execution and such, some form of defense in depth is possible, but against privacy leaks, any bit of information, even timing information gives away
AaronvanW has joined #bitcoin-wizards
<wumpus>
(and javascript is terrible, it allows running attacks against you without the adversary even being actively involved anymore, fire and forget :-)
<wumpus>
I don't think TBB disables javascript by default. I think the rowhammer attack from javascript was interesting, but there may be plenty other sidechannels.
<fluffypony>
yeah it does
roxtrongo has joined #bitcoin-wizards
<el33th4x0r>
wumpus: in addition to JS attacks + tor protocol attacks, the structure of the channel (number of bytes sent in bursts, in the requests and responses) can give away which web pages you are visiting. every page has a unique signature as a function of size and number of embedded objects.
kgk has joined #bitcoin-wizards
<bramc>
gmaxwell, riposte could get the timing attacks under control by quantizing the send times into discrete buckets and making it impossible to get more information other than bucket
kgk has quit [Ping timeout: 240 seconds]
irc88 has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
<gmaxwell>
yes, no shortage of things can be done.
<gmaxwell>
Some of them would even help. :) but not too much has been implemented/deployed.
roconnor has quit [Ping timeout: 264 seconds]
rusty1 has left #bitcoin-wizards [#bitcoin-wizards]
melvster has quit [Ping timeout: 272 seconds]
CoinMuncher1 has joined #bitcoin-wizards
CoinMuncher has quit [Ping timeout: 264 seconds]
CoinMuncher has joined #bitcoin-wizards
CoinMuncher1 has quit [Ping timeout: 240 seconds]
rubensayshi has joined #bitcoin-wizards
zarathustra has joined #bitcoin-wizards
melvster has joined #bitcoin-wizards
roxtrongo has quit [Remote host closed the connection]
bedeho has quit [Ping timeout: 260 seconds]
bramc has quit [Quit: This computer has gone to sleep]
Monthrect is now known as Piper-Off
Piper-Off is now known as Monthrect
damethos has joined #bitcoin-wizards
nonaTure has joined #bitcoin-wizards
roxtrongo has joined #bitcoin-wizards
cfromknecht has quit [Read error: Connection reset by peer]
cfromknecht has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
kgk has quit [Ping timeout: 240 seconds]
paveljanik has joined #bitcoin-wizards
cfromknecht has quit [Remote host closed the connection]
moa has quit [Quit: Leaving.]
AaronvanW has quit [Remote host closed the connection]
AaronvanW has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
nonaTure has quit [Quit: Leaving.]
kgk has joined #bitcoin-wizards
kgk has quit [Ping timeout: 252 seconds]
jtimon has joined #bitcoin-wizards
GAit has quit [Quit: Leaving.]
GAit has joined #bitcoin-wizards
mjerr has quit [Ping timeout: 276 seconds]
mrkent has quit []
melvster has quit [Ping timeout: 252 seconds]
nivah has quit [Ping timeout: 240 seconds]
melvster has joined #bitcoin-wizards
markus-k has joined #bitcoin-wizards
Quanttek has joined #bitcoin-wizards
pozitron has joined #bitcoin-wizards
go1111111 has quit [Ping timeout: 244 seconds]
GAit has quit [Quit: Leaving.]
go1111111 has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
nonaTure has joined #bitcoin-wizards
fkhan has quit [Ping timeout: 255 seconds]
p15x has joined #bitcoin-wizards
GAit has joined #bitcoin-wizards
mjerr has joined #bitcoin-wizards
tromp_ has quit [Read error: Connection reset by peer]
jgarzik has quit [Quit: This computer has gone to sleep]
dEBRUYNE has quit [Ping timeout: 240 seconds]
eudoxia has joined #bitcoin-wizards
fkhan has quit [Ping timeout: 265 seconds]
gielbier has joined #bitcoin-wizards
gielbier has quit [Changing host]
gielbier has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
roxtrongo has quit [Remote host closed the connection]
jtimon has quit [Ping timeout: 255 seconds]
kgk has quit [Ping timeout: 255 seconds]
jgarzik has joined #bitcoin-wizards
jgarzik has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 264 seconds]
fkhan has joined #bitcoin-wizards
Guyver2 has quit [Quit: :)]
Guyver2 has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
skra has joined #bitcoin-wizards
dEBRUYNE has quit [Ping timeout: 240 seconds]
nonaTure has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
Cyndre_ has joined #bitcoin-wizards
skra has quit [Ping timeout: 246 seconds]
kgk has quit [Ping timeout: 240 seconds]
Cyndre has quit [Ping timeout: 276 seconds]
soiled has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
Lightsword has quit [Quit: Lightsword]
Monthrect is now known as Piper-Off
ThomasV has joined #bitcoin-wizards
kmels has joined #bitcoin-wizards
markus-k has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
adam3us has joined #bitcoin-wizards
roxtrongo has joined #bitcoin-wizards
dEBRUYNE has quit [Ping timeout: 240 seconds]
damethos has quit [Quit: Bye]
damethos has joined #bitcoin-wizards
sparetire_ has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
nwilcox has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 240 seconds]
damethos has quit [Quit: Bye]
zooko has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
kmels has quit [Read error: Connection reset by peer]
kmels has joined #bitcoin-wizards
DougieBot5000 has joined #bitcoin-wizards
roxtrong_ has joined #bitcoin-wizards
roxtrongo has quit [Ping timeout: 265 seconds]
adam3us has quit [Quit: Leaving.]
zooko has quit [Ping timeout: 240 seconds]
nwilcox has quit [Ping timeout: 240 seconds]
damethos has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
Jeremy_Rand has joined #bitcoin-wizards
nwilcox has joined #bitcoin-wizards
damethos has quit [Remote host closed the connection]
damethos has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
Lightsword has joined #bitcoin-wizards
roxtrong_ has quit [Remote host closed the connection]
rubensayshi has quit [Remote host closed the connection]
adam3us has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
kgk has quit [Ping timeout: 255 seconds]
ThomasV has quit [Ping timeout: 244 seconds]
ishahnaz has joined #bitcoin-wizards
<bsm1175321>
I just realized how to merge-mine N sidechains with only log(N) sized block headers as proof of work.
bedeho has joined #bitcoin-wizards
<bsm1175321>
What's the status of merged mining with sidechains? From what I can see the blockstream folks have not mined their chains at all and are centrally signing blocks. Is that for lack of a merge-mining algorithm or some other reason?
<sipa>
bsm1175321: there is no use for merged mining if the coin supply is still centralized
<sipa>
and yes, merged mined chains have a merkle path in their headers to connect it to a commitment in the parent chain
<sipa>
so log(n)
<bsm1175321>
That's log(n) in the number of transactions in the parent chain.
<bsm1175321>
I don't understand your comment about coin supply.
adam3us has quit [Quit: Leaving.]
<sipa>
as long as we don't have a means in bitcoin to transfer coins back from a sidechain, a federated central party needs to hold the coins
ThomasV has joined #bitcoin-wizards
<bsm1175321>
Well that's about to change. ;-)
<sipa>
it makes little sense to go make the chain itself decentralized if there is a federation that can go run away with the coins
<sipa>
how so?
<sipa>
i mean... that's obviously the plan, but it's far from a done deal
<bsm1175321>
CSV+CLTV coming. What else is needed for pegged sidechains?
<sipa>
OP_CHECKSIDECHAINWITHDRAWAL or something
<sipa>
bitcoin must be able to verify compact spv proofs of burn from the sidechain
<bsm1175321>
Ah yes
<sipa>
(i'm exaggerating, all we need is a means to check a header, a merkle path, and some structured message to indicate the address the withdraw goes to)
adam3us has joined #bitcoin-wizards
GAit has quit [Read error: Connection reset by peer]
GAit has joined #bitcoin-wizards
<bsm1175321>
My issue is that in the discussion about creating smaller faster blocks that get checkpointed to bitcoin blocks (e.g. Bitcoin-NG), if one were to merge-mine that faster layer, you're putting all the merge mined Merkle paths into these smaller faster blocks and keeping the infrequent bitcoin block headers smaller (no Merkle path). It should be the other way around, or at worst symmetric between the two.
dEBRUYNE has joined #bitcoin-wizards
nwilcox_ has joined #bitcoin-wizards
nwilcox has quit [Ping timeout: 246 seconds]
ishahnaz has quit []
ThomasV has quit [Quit: Quitte]
skyraider has joined #bitcoin-wizards
soiled has left #bitcoin-wizards ["Leaving"]
psztorc has joined #bitcoin-wizards
adam3us has quit [Quit: Leaving.]
sharperguy has joined #bitcoin-wizards
cfromknecht has joined #bitcoin-wizards
irc88 has quit [Ping timeout: 240 seconds]
adam3us has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
<dgenr8>
why do all these weak block proposals have the strong blocks chaining off a weak block? isn't the main advantage of weak blocks just to publish "authenticated" work-in-progress?
psztorc has quit [Quit: Page closed]
psztorc_ has joined #bitcoin-wizards
kgk has quit [Ping timeout: 260 seconds]
nwilcox_ has quit [Ping timeout: 252 seconds]
damethos has quit [Quit: Bye]
<Taek>
dgenr8: which proposals are you talking about? The only one I know of that's like that is mine (David Vorick), and the weak blocks are used as a means of limiting how large a strong block is allowed to be, strong blocks are not required to be the largest or have the most weak blocks
<bsm1175321>
Taek: The existence of orphans is a consequence of using an inappropriate data structure (linked list) for the blockchain. I think solution is a tree or DAG rather than weak blocks.
<bsm1175321>
(e.g. actually allow simultaneous production of blocks, as long as there are no conflicting transactions)
<Taek>
bsm1175321: what do you do when there are conflicting transactions? And, as a miner, how do you avoid mining conflicting transactions?
<kanzure>
and also, how do oyu decide on ordering of DAG leafs
jcluck has joined #bitcoin-wizards
<bsm1175321>
Taek: You evaluate which block has more work and go with that. You don't mine transactions that conflict with your chain tip.
<bsm1175321>
The algorithm for deciding "highest work" is more complex than bitcoin's. (and is something I will present at Scaling Bitcoin)
darmou has joined #bitcoin-wizards
<bsm1175321>
kanzure: Not sure what you mean by order. As long as two DAG blocks don't have conflicting transactions, order doesn't matter. If they do have conflicting transactions, it's a fork and you have to evaluate which sub-DAG has more work.
cluckj has quit [Ping timeout: 255 seconds]
darmou has quit [Client Quit]
<kanzure>
so any conflicting transactions between any two siblings in the sub-DAG invalidate the entire set of siblings, or just the conflicting siblings?
<kanzure>
wait, what?
<kanzure>
oh, fork, not invalid.
mjerr has quit [Ping timeout: 265 seconds]
nwilcox has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
<bsm1175321>
Yeah, fork. Only conflicting transactions define forks, not simultaneous production of blocks.
<Taek>
ok, I think it will be easier for me to digest the idea of a dag-chain with a more concrete proposal
<bsm1175321>
Sometimes I think I should read bitcointalk. Then I remember my eyeballs bleeding...
morcos has joined #bitcoin-wizards
<tromp>
they use a DAG of individual tx, not of blocks, though. each tx will have some PoW
<bsm1175321>
tromp: i keep bouncing about that idea too. I don't like the p2p relay layer relaying spam for free. One might consider mined DAG blocks as a replacement for the p2p layer...
<tromp>
besides its inputs, each IOTA tx links to two valid DAG tips
skra has joined #bitcoin-wizards
metamarc has joined #bitcoin-wizards
metamarc has joined #bitcoin-wizards
p15x has quit [Ping timeout: 250 seconds]
<bsm1175321>
Whitepaper in latex: +10 points.
p15 has quit [Ping timeout: 240 seconds]
GAit has quit [Quit: Leaving.]
GAit has joined #bitcoin-wizards
metamarc has quit [Ping timeout: 250 seconds]
damethos has joined #bitcoin-wizards
ratbanebo has joined #bitcoin-wizards
<nsh>
petertodd or jgarzik (? or both?) did some pretty extensive thinking on DAG ledgers last year iirc, bsm1175321, there should be logs from here
<bsm1175321>
nsh, petertodd: "no incentive to build on anything but your own records" is only if you're calculating the highest work dag tip incorrectly (as one would get by a simple application of bitcoin's rules). Every miner has an incentive to make his own mined blocks get buried under more work than his own.
<jgarzik>
gmaxwell, sipa, other blockstreamers: Is anyone [publicly?] working on (a) an instant (ephemeral) message side chain, or (b) a data storage focused side chain?
<jgarzik>
those have been on my list for years, and I might move on those in a few months
<nsh>
confidential transactions give incidental secure message side-channel
<jgarzik>
IM-chain is bitmessage esque, storing the last 2 weeks worth of traffic, rate limited by BTC
<jgarzik>
Data storage = data decays and is pruned, unless more funds added
<sipa>
jgarzik: not AFAIK
<sipa>
jgarzik: who 'miners' (or equivalent) IM-chain?
<gmaxwell>
jgarzik: not right now that I'm aware of, sounds useful.
<jgarzik>
probably do (with due respect) cheesy M-of-N for now
<jgarzik>
rethink once pegging is in
kgk has quit [Ping timeout: 264 seconds]
<maaku>
jgarzik: I would like more clarity on use cases & requirements
<maaku>
we've all seen a lot of buzz about data chains, but not very many 'i need a data chain to do X'
<Taek>
jgarzik: are you talking about storing data on-chain, or doing something like a storage contract?
<jgarzik>
maaku, you need it for ethereum-alike, most notably - on chain entities
<sipa>
i'm still very unconvinced about that; i don't want to make a blockchain compute things
<jgarzik>
Taek, on-chain but you can do both certainly
<sipa>
my laptop can compute the results of my own transactions just fine; all i need to get into the chain is a proof that the effect was authorized
<jgarzik>
independent on-chain entities operating in public need it
<gmaxwell>
hold up on this justification argument.
<Taek>
jgarzik: I've been spending most of my time working on contract-based off-chain storage. Not sure if it's something you're interested in but we're farther along than StorjLabs
pozitron has quit [Ping timeout: 264 seconds]
<jgarzik>
Taek, yes, definitely interested
<gmaxwell>
Here is my thought: say something like this is stupid and pointless. But people want it. Better they have it, and then it later fails of its own accord, then they try to slam it into bitcoin ("END OP_RETURN SUPPLY LIMITS!") and take out bitcoin in the process when interest in it fades.
<gmaxwell>
The fact that something is seperate means there is less need to be critical about how wise it is, let people that want it worry about that.
<jgarzik>
side note - approval is rather irrelevant - not asking blockstream to code it - just trying to avoid duplicating others work
<jgarzik>
the whole freakin point of side chains is to experiment
<sipa>
jgarzik: i absolutely agree approval is irrelevant!
mrkent has quit [Read error: Connection reset by peer]
<gmaxwell>
And be glad that we have a place to direct people who want to turn bitcoin into something it isn't, regardless of how wise that thing is. :)
<maaku>
gmaxwell: I'm not going to spend my time implementing something that is worthless, to setup people to fail. i'd rather talk with users and understand their needs and whether the suggested technology is the right fit
<kanzure>
scope of bitcoin-core is never going to be "please implement my crazy sidechain for me" (note i said crazy; reasonable ideas will probably always attract developers)
<maaku>
jgarzik: to follow up on what sipa said, what is a use case for something that lives 100% in the block chain, rather than off-chain entities which use the block chain for ordering semantics?
<Taek>
jgarzik: https://github.com/NebulousLabs/Sia - network is live, the host selection algorithm is NOT yet resistant to sybil attack, but we have plans to get it there in the next 1-3 months
<gmaxwell>
Spending a little time to help something that people think they want when they're (perhaps correctly) not going to believe you when you say it won't work can save a lot of pain later when they continue to try to do something anyways and do it in a way that not only won't work but also harms the public.
<jgarzik>
maaku, for the obvious reasons - off-chain parts obviously have availability / discontinuity / reliability issues
<gmaxwell>
in any case, I'm not saying you need to spend time on it; only just abstractly that the time can be well spent.
<kanzure>
jgarzik: "because one component of the system has higher reliability," ?
<maaku>
jgarzik: i think you misunderstand -- what can you actually DO with an onchain entity? it's data is 100% available, it has not hidden keys ...
<jgarzik>
maaku, cause it to execute code a la Ethereum...
<kanzure>
gmaxwell: plus, you can also reduce amount and quantity of angry/upset users when they figure out that their use-cases were not actually in scope
Guyver2 has quit [Quit: :)]
<gmaxwell>
jgarzik: its highly dubious to me that adding "blockchain" actually improves those metrics; rather it just shifts around the failure modes. But whatever, thats the problem of whomever is doing such a thing, not mine.
<kanzure>
if you squint hard enough any software can be transformed, with enough money, into any other form of software. but my interest here is bitcoin stuff, not the other stuff...
<jgarzik>
Data storage gives you on-chain apps
<jgarzik>
(when combined with moxie etc.)
<maaku>
jgarzik: code that does what? specifics / examples please. i'm really having trouble identifying a use case that works without hidden state
<kanzure>
thoughtspace for thinking about bitcoin transaction-encoded software is unlikely to match what anyone knows as "apps"
<jgarzik>
kanzure, it's called DApp in the modern parlance of our times ;p
<jgarzik>
maaku, c.f. Ethereum
<kanzure>
just because people say stuff doesn't mean it's a good idea
<kanzure>
ethereum people have discovered difficulty of designing transactions that do interesting things- often they have found that they require "oracles" and escrow for many interesting operations.
<maaku>
jgarzik: I'd ask the same questions about ethereum. as far as I know no one is actually doing anything useful with pure on-chain apps
<jgarzik>
devcon produced some interesting stuff
<jgarzik>
anyhoo, I had my question answered
<psztorc_>
I just want someone to back up my data, without anyone knowing about it.
<kanzure>
that does not sound like an explicitly bitcoin problem
<psztorc_>
re: data storage
<kanzure>
gmaxwell: perhaps scope creep here is often associated with fact that money is used to pay for all kinds of services, so some amount of scope creep in expectations is perhaps to be expected...
<Taek>
maaku: provably fair gambling for competitive games such as chess is an example. You might not agree that it's interesting or worthwhile, but you can do it on Ethereum, can't do it on Bitcoin, and don't need oracles or counterparties
nwilcox has joined #bitcoin-wizards
<kanzure>
do you need escrow?
skra has quit [Ping timeout: 255 seconds]
<maaku>
Taek: you need hidden state though (the participant's keys)
<kanzure>
for example, "So here's a second type of mistake. The input function where players send their choices. Here the program is very simple. It looks at whether this is player1 or player2 and then it records the player's choice. What's wrong with this? Okay, if you think about it a little more carefully, it will become immediate that the problem here is that the players are sending their choices in cleartext to the contract. So the messages ...
<kanzure>
... are sent in the clear and the player's choice is stored in plaintext in the contract. So if I am a player, what makes sense for me is to wait for the other player to send their input, and then for me to decide what I should send. So that's broken."
<Taek>
kanzure: you can have the blockchain do the escrow. And you probably would need to wait 6 confirmations between each action if you want to be careful about it
<moa>
jgarzik: I'm assuming you have heard of "rootstock" project?
<maaku>
Taek: those sorts of applications do in fact interest me. it's the 'app which lives on the blockchain, with compute replicated on every node' that I don't understand
<kanzure>
"Okay, so here is another problem. Essentially let's say you and I are playing the game, you open the commitment and I see that I am losing. At this moment I have no incentive to open my commitment. It becomes stuck in the contract. If you are the winner then you wont get the winnings. So that's pretty bad."
<maaku>
nodes need to verify that a computation occured, but need not actually perform the computation
<kanzure>
(elaine shi was the person i was thinking of, not amiller, oops)
<maaku>
Taek jgarzik : being 'on-chain' gives the app immortality because it can't fail from not paying its VPS bill. but without hidden state it appears there are no useful protocols to run (aka no interesting apps)
<maaku>
hence my question, what can you do with that?
<Taek>
kanzure: the general theme of that talk was that it's still very difficult to correctly design contracts, and very easy to overlook a mistake that breaks the whole system
<jgarzik>
maaku, disagree
<maaku>
jgarzik: well find a useful example and I'm open to being convinced :\
<kanzure>
jgarzik: so which applications running in a blockchain would be scope creep and which wouldn't?
<jgarzik>
maaku, Example: as long as receiver identities (public keys) are stored, and they don't mind that being public, that suffices
GAit has joined #bitcoin-wizards
<kanzure>
blockchain history may eventually be summarized and redacted tho
<kanzure>
we're not going to add a data storage specific transaction type
Jeremy_Rand_ has quit [Ping timeout: 264 seconds]
c-cex-yuriy has joined #bitcoin-wizards
skra has joined #bitcoin-wizards
<Taek>
maaku: I'm confused why you are stuck on 'hidden state'? I don't see why it's worth restricting examples to having no hidden state.
<maaku>
kanzure: this is -wizards, some discussion of non-currency applications are ok here
mrkent has joined #bitcoin-wizards
<kanzure>
because accomodating all possible use cases for software is not in scope of bitcoin
<kanzure>
maaku: certainly
Jeremy_Rand_ has joined #bitcoin-wizards
<kanzure>
maaku: yeah i wasn't trying to squash discussion or anything
<psztorc_>
In January I predicted that Ethereum would only be useful for a casino and other perfect info games (no hidden state). Is there a single counterexample of a serious project?
Quanttek has quit [Ping timeout: 260 seconds]
<maaku>
Taek: that's the definition of only-on-the-blockchain -- all the code for the app is on the chain, and it runs on every node every time a transaction touches it
<maaku>
psztorc_: i hesitate to point out augur...
<psztorc_>
Yes, you do.
<Taek>
the ethereum alarm clock.
<Taek>
:P
<maaku>
Taek: hidden state is things like private keys needed to sign transactions
<maaku>
but if something it autonomous, only on the block chain, then it has no hidden state, can't use e.g. assymetric crypto for signing. so the question is: what can you do that's useful?
<psztorc_>
Vitalik partnered with Augur to bring it to Eth because he couldn't think up use cases. Of course TC can't run on Eth because of the parasite problem (perfectly copyable, nonfinite reputation).
<maaku>
so far, Taek's alarm clock is really the only thing I've heard of
frankenmint has quit [Remote host closed the connection]
<fluffypony>
psztorc_: TC?
<psztorc_>
Truthcoin
<fluffypony>
ah
frankenmint has joined #bitcoin-wizards
<psztorc_>
One would want many use cases, to justify a general platform.
<Taek>
and that's honestly a stretch as far as useful things go. Also, I'm pretty sure you could build an equivalent alarm clock on Bitcoin
GAit has quit [Read error: Connection reset by peer]
GAit has joined #bitcoin-wizards
<gmaxwell>
is this some fee burning alarm clock?
<phantomcircuit>
gmaxwell, yes
<gmaxwell>
if so, sure, sign nlock transactions and now you have to wake up and doublespend them. ... if you don't die from the pointlessness first.
<waxwing>
lol
<psztorc_>
Yes, we've spent all this time talking, and sidechains could have obliterated all this junk, and I maintain that if you punt the blocksize question to me I can solve it with TC.
<gmaxwell>
while you're up you can also stop the crontab that randomly RMs files on your computer; (which had the benefit of not requiring the help of a global network)
<psztorc_>
N lock needs some UI help, no one really knows its there.
<kanzure>
if an alarm buzzes and nobody's on a blockchain to hear it, does it really ring?
<psztorc_>
No?
<jgarzik>
Yes or no
<waxwing>
on the blockchain, nobody knows you're asleep
<kanzure>
above is going on my wall as "-wizards writes a software spec"
frankenmint has quit [Ping timeout: 260 seconds]
<Taek>
psztorc_: you could do stuff like data storage contracts on ethereum. I give you a file and you have to prove that you still have it via a proof-of-storage some amount of time later (6 months or something). That would be difficult to do on Bitcoin, and has use (add blockchain SLAs to your data storage)
<psztorc_>
Well if I can buy my lafs space with Bitcoin and vpn it with Bitcoin I'll probably be happy.
<moa>
jgarzik: the quantum politcian ... you can get any answer you like
<jgarzik>
just open the box...
<psztorc_>
Then, windows executable version, and more data leaks for celebrities.
<psztorc_>
= profit.
Burrito has joined #bitcoin-wizards
Jeremy_Rand_ has quit [Ping timeout: 265 seconds]
_whitelogger has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
skra has quit [Ping timeout: 240 seconds]
skra has joined #bitcoin-wizards
mjerr has quit [Ping timeout: 250 seconds]
[7] has quit [Ping timeout: 255 seconds]
TheSeven has joined #bitcoin-wizards
Newyorkadam has joined #bitcoin-wizards
cfromknecht has quit []
cfromknecht has joined #bitcoin-wizards
adam3us has quit [Quit: Leaving.]
jgarzik has quit [Quit: leavin on a jet plane]
Newyorkadam has quit [Quit: Newyorkadam]
Ozhar has joined #bitcoin-wizards
Ozhar has left #bitcoin-wizards ["Leaving"]
mrkent has quit []
ThomasV has joined #bitcoin-wizards
ratbanebo has quit [Read error: Connection reset by peer]
ratbanebo has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 240 seconds]
nonaTure has quit [Quit: Leaving.]
<instagibbs>
kanzure, it rings during IBD
<kanzure>
during IBD validation, at least.. if any..
nwilcox has quit [Ping timeout: 272 seconds]
aburan28 has joined #bitcoin-wizards
nonaTure has joined #bitcoin-wizards
bedeho has quit [Ping timeout: 240 seconds]
Lightsword has quit [Quit: Lightsword]
kmels has quit [Ping timeout: 240 seconds]
nonaTure has quit [Client Quit]
Jeremy_Rand_ has joined #bitcoin-wizards
CoinMuncher has quit [Quit: Leaving.]
bedeho has joined #bitcoin-wizards
darmou has quit [Quit: My Mac has gone to sleep. ZZZzzz…]
bramc has quit [Quit: This computer has gone to sleep]
rdponticelli has joined #bitcoin-wizards
Mattie^ has joined #bitcoin-wizards
Dizzle has quit [Quit: Leaving...]
darmou has joined #bitcoin-wizards
skra has quit [Ping timeout: 250 seconds]
skra has joined #bitcoin-wizards
<bsm1175321>
Egad, the "Inclusive Blockchain" DAG blocks reference parents containing conflicting transactions. I didn't realize that the first time I read this paper. That's a terrible idea. Every miner is extending *both* sides of a double-spend!
skra has quit [Ping timeout: 240 seconds]
<tromp>
agreed; any block whose ancestral dag contains conflicting txs should be considered invalid
skra has joined #bitcoin-wizards
<instagibbs>
the trick is to not care about double-spending. Scalable!
skra has quit [Ping timeout: 264 seconds]
hashtagg has quit [Read error: Connection reset by peer]
DougieBot5000 has quit [Quit: Leaving]
rdponticelli has quit [Ping timeout: 260 seconds]
kgk has joined #bitcoin-wizards
GAit has quit [Quit: Leaving.]
Taek has quit [Quit: No Ping reply in 180 seconds.]
kgk has quit [Ping timeout: 265 seconds]
LeMiner has joined #bitcoin-wizards
Taek has joined #bitcoin-wizards
nsh has quit [Ping timeout: 246 seconds]
nwilcox has joined #bitcoin-wizards
nsh has joined #bitcoin-wizards
GAit has joined #bitcoin-wizards
dave4925 has quit [Remote host closed the connection]