sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
frankenmint has joined #bitcoin-wizards
melvster has quit [Ping timeout: 240 seconds]
alpalp has joined #bitcoin-wizards
melvster has joined #bitcoin-wizards
c0rw1n has quit []
c0rw1n has joined #bitcoin-wizards
Jeremy_Rand has joined #bitcoin-wizards
<zooko>
gmaxwell: I really like what you wrote on -wizards after I parted last time about why people don't treat solo mining as gambling.
<zooko>
I really think you are right that it is a user-experience issue, not an economic issue.
<zooko>
amiller_: also relevant to your interests.
<zooko>
<zooko>
If some state lottery offered a scheme where you subscribed and then it would run in the background and eventually someday maybe it would pop up and give you money,
<zooko>
<zooko>
If some state lottery offered a scheme where you subscribed and then it would run in the background and eventually someday maybe it would pop up and give you money,
<zooko>
<zooko>
I think that would be a stinker.
<zooko>
I mean, nobody would play.
<zooko>
Instead, you get the build-up-and-anticipation-and-reveal cycle, like scratching off the silver coating to reveal the numbers beneath and find out if you won.
<zooko>
If that's right, you could add lottery UX on top of mining, by giving people a button that they can push and then it let it build up anticipation and then tell them that they won/lost...
<jgarzik>
heh
<zooko>
There was recently a phone app for a state lottery. "Jackpocket".
<zooko>
I wonder what the UX is.
<jgarzik>
buy lottery chips (mining chips) at the corner store.
<gmaxwell>
Yes, even things like telling you about your near misses and minting digital "almost block" certificates which you could post and brag about.
Jeremy_Rand has quit [Read error: Connection reset by peer]
<zooko>
gmaxwell: yeah!
<gmaxwell>
We've talked about this before; but it's never raised to a high enough priority for anyone that anyone has executed on it.
<gmaxwell>
Partially, I think, because it's just a guess that the user expirence plays into this.
roxtrong_ has quit [Remote host closed the connection]
<gmaxwell>
But it's really the only one I have that explained what I've seen.
<zooko>
Yeah, how could we test this idea of ours?
<zooko>
Maybe see how Jackpocket works.
<kanzure>
reviewing scalingbitcoin proposals at the moment. DAGchain seems to be popular topic.
<zooko>
Or other notably successful or notably unsuccessful computerized lotteries.
<zooko>
gmaxwell: amiller has told me about ideas to have *higher* variance in mining. Like one out of every thousand blocks is a 100X payoff, for example.
<kanzure>
bsm117532: would you prefer to hear your own DAGchain work, or someone else's DAGchain work? haha
Jeremy_Rand has joined #bitcoin-wizards
<zooko>
Notably with successful lotteries, there are very rare -- like yearly ? -- and exciting events.
<gmaxwell>
zooko: Adam has a whole bag of pet ideas about making sure that mining is slightly negative EV because people won't scale a negative ev task, but they'll gamble or 'buy coins without friction'. But alone that can't be enough since we see lots of people choosing to not mine even when it's +ev and they can pick their variance (at least anywhere from solo mining to PPS)
<zooko>
Do you mean they won't scale a -EV task, but they will gamble?
<zooko>
And what is "buy coins without friction"?
mountain1 is now known as mountaingoat
Yoghur114_2 has joined #bitcoin-wizards
<gmaxwell>
Historically, to buy bitcoin you had to either be near a city and willing to meet someone in person; or you had to have a bank account and sign up with some service that wanted a lot of personal info and took days.
mountaingoat is now known as mountain1
<gmaxwell>
VS you run a program on your computer, and pay a bit more on your power bill. Or even if you need special hardware, that can be a lot easier than dealing with banking.
<zooko>
Oh, I see.
<gmaxwell>
It's less of an issue today but one of the reasons to mine is just that its a way to get coins. (also potentially the most private way to get coins)
<zooko>
*nod*
<zooko>
Okay, thanks for the thoughtful notes. I'm going for a walk now.
<CodeShark_>
gmaxwell: mining should approach 0 ev assuming friction-free economics...it can only remain +ev for those with early access to more efficient technology
<gmaxwell>
This _used_ to be one of the things that made me worry less about mining centeralization-- that even if pro-scale benefits, power prices, POW non-fairness in the network made small scale mining negative EV, people would still do it because it's still pretty reasonable way to obtain bitcoins; but that hasn't panned out.
Jeremy_Rand has quit [Read error: Connection reset by peer]
<gmaxwell>
that it wouldn't be negative ev anymore once you consider the other costs.
<CodeShark_>
for the average entry-level user, the amount of bitcoin they can get from pooled mining isn't enough to really drive much excitement and adrenaline
<CodeShark_>
and their chances of hitting the jackpot are astronomical
* jgarzik
hopes mining chips have eaten most of the low hanging fruit in the march down the nanometer scale. If there is a plateau, mining chips could become more commoditized.
<gmaxwell>
CodeShark_: with p2pool you can pick your difficulty to be anywhere from the p2pool share rate difficulty, to 1/10th the block.
<CodeShark_>
the lower the difficulty, the lower the excitement, though ;)
<CodeShark_>
and p2pool seems to be at a propagation disadvantage
<gmaxwell>
lol no.
<CodeShark_>
?
<gmaxwell>
It has a signficant advantage historically, and when the rate was higher, enough to make a good comparison, it's orphan rate was less than half of the next runner up.
<gmaxwell>
Every p2pool node implements something like matt's relay network protocol for relaying between them.
<gmaxwell>
We'd chipped away at p2pools' advantages somewhat with improvements in bitcoin core but it's still pretty good.
pozitron has quit [Ping timeout: 255 seconds]
<gmaxwell>
Also unlike other pools, the latency sensitive in p2pool makes users either fix their delays, ... or subsudize other users who have. (downside is that it's not really usable with a fair amount of hardware out there)
<gmaxwell>
basically p2pool shares propagate in the p2pool network like blocks do, if your block was going to get orhpaned your share sure as hell will. (30s vs 600s)
<CodeShark_>
what about proposals to incorporate some of p2pool's ideas natively into a blockchain protocol?
<CodeShark_>
would it be practical in any way whatsoever to have a way of choosing your own difficulty/variance/EV parameter...and perhaps even incorporate some of amiller's nontransferrable puzzle ideas?
<gmaxwell>
I think amiller's nontransferable puzzle ideas are not good in reality.
Monthrect is now known as Piper-Off
<CodeShark_>
why's that?
<gmaxwell>
Because they make pooled mining, even the p2pool style, impossible. So the result would very clearly be everyone cloud mining.
<CodeShark_>
but if you can pick your variance/difficulty why would you care?
<gmaxwell>
The preimise of the idea is that people wouldn't because the cloud hosts could rip people off; but this ignores the fact that there does not exist a _single_ provable non-ripoff cloudmining operation, even though there trivally could be.
<gmaxwell>
CodeShark_: because you can only pick so far as there is a communication cost tradeoff.
<gmaxwell>
Which is the main limitation of p2pool.
<CodeShark_>
so with cloud hosts you mean people who rent hashing power? presumably the only way such operations would be profitable is if most renters are losing money
<CodeShark_>
where "rent" is an ambiguous verb in terms of subject/object :p
<gmaxwell>
CodeShark_: paying for hosting is just another cost, you argue that mining seeks 0ev, but thats after the average costs.
<CodeShark_>
point is if someone already has the hardware available for mining, it's only profitable for them to rent it out if mining has -ev
<gmaxwell>
no, because they can have variance preferences.
<gmaxwell>
cloudmining is more general than just renting; I am also trying to be inclusive of mining clubs.
<CodeShark_>
aren't those essentially just pools?
<gmaxwell>
Point being that if you can only get really low variance within trusted boundaries, then lots of funds will flow into them that would otherwise be distributed. (E.g. asicminer shares)
<gmaxwell>
CodeShark_: no, e.g. mining is +ev and more +ev and stabler the bigger you are, so instead of mining you buy shares in MinerCorp.
<CodeShark_>
oh, gotcha
<CodeShark_>
physical pools :)
<gmaxwell>
ya.
<gmaxwell>
Worse than classical mining pools, since at least in theory (if not practice) its easy to vote with your feet with the electronic kind.
<CodeShark_>
but more efficient in terms of communication cost, no?
<CodeShark_>
also, economies of scale, etc...
<CodeShark_>
easier to get better power rates
<gmaxwell>
yes, and they exist already; and I think are a much bigger concern than the traditional mining pools.
<gmaxwell>
(in terms of risk for the system).
<CodeShark_>
right, so nontransferrable puzzles don't solve this issue
<gmaxwell>
so from a purely technical perspective I think amiller's work is fasciating, but pratically I think it reduces the lesser of our problems with considerable risk of amplifying the worse of them.
<gmaxwell>
At least today you can p2pool and mine profitably with enough income that it's not an insult. :P (assuming you can get the hardware...)
<bsm117532>
kanzure: I want to hear everyone's dagchain work! ;-)
<bsm117532>
I do really think it's the only way to go. Hashing out the details at Scaling Bitcoin will be fun.
<bsm117532>
After reviewing the relevant literature over the last few days (Bitcoin-NG, weak blocks, Inclusive Blockchain), these alternatives are really quite bad in comparison.
<bsm117532>
CodeShark_: Yes!!! In fact the subtitle of my paper is the syllogism DAGChain:Blockchain :: git:subversion
<gmaxwell>
funny, I think every dagchain like proposal I've seen in the past has been horrible in comparison to bitcoin -- most actually missing the point entirely, about the advantages strong binding has for common defense, and so on.
<bsm117532>
The analogy of committing from a git repository back to a linear SVN repo is quite a close one.
<bsm117532>
gmaxwell: I've not seen any actual DAGchain proposals except the "Inclusive Blockchain" paper, and I'll talk your ear off about terrible holes in their proposal.
<gmaxwell>
(or even the importance of basic things like fungibility)
<gmaxwell>
bsm117532: kanzure should be able to summon some number of 2011/2012 links.
<bsm117532>
Did the topic come up back then?
<bsm117532>
I've looked, haven't found anything that old.
<kanzure>
still on hangout doing scalingbitcoin reviews
<kanzure>
gmaxwell: i haven't tagged any bookmarks as dagchain.. what terms might have i put these under, if i have seen the 2011-2012 things?
roxtrongo has joined #bitcoin-wizards
<gmaxwell>
kanzure: 'fork merging'
<CodeShark_>
the ability to merge forks would be very nice...and the ability to apply intersections of consensus rules, etc...but it seems like a very difficult problem
<bsm117532>
gmaxwell: I've thought a bit about a "merge" for a dag, in analogy to git. It's an interesting direction but I think not necessary for the first version of a dag. It could be added later.
<gmaxwell>
bsm117532: in any case the inclusive blockchain paper was mostly trying to address a specific problem in prior work from the second set of ghost papers where the network goodput tends to zero because of redundant data.
<CodeShark_>
forks are easy, merges ar hard ;)
<gmaxwell>
But this problem is more efficiently and completely addressed, I think, by differential encoding in relay; which wasn't something the authors had considered.
<bsm117532>
gmaxwell: That was their flaw, trying to merge dag and ghost. I see no advantage to the ghost idea when you have a dag.
<gmaxwell>
bsm117532: probably because you're confused. :)
<gmaxwell>
the benefits of ghost are really clear and strong; (it's the costs that are not so nice.. :) )
<CodeShark_>
costs in terms of communication?
<CodeShark_>
or in terms of what resource?
<bsm117532>
You don't need ghost when you have no orphans. You have no orphans without conflicting transactions. And you don't want to mine the other half of a double-spend at all.
<gmaxwell>
communication and vulnerability to strategic mining.
<bsm117532>
(In my dag proposal, conflicting transactions define forks)
<gmaxwell>
bsm117532: perhaps you are forgetting the the purpose of a cryptocurrency is to be a currency, with fungible coins, which can be freely split an merged, and not double spent.
<bsm117532>
gmaxwell: So I don't think I'm confused, I think they are.
Jeremy_Rand has joined #bitcoin-wizards
<bsm117532>
gmaxwell: Yes, of course. I'm not sure what you're getting at?
<CodeShark_>
where it really gets interesting is when we can fork and remerge consensus rules ;)
<MRL-Relay>
[surae] bsm117532 you claim orphans only occur due to conflicting transactions? what about transmission delays on the network and the nonzero probability of two nodes finding blocks at very-nearly-the-same-time?
<bsm117532>
A sidechain could be considered a fork...
<gmaxwell>
if so, then you need a consensus, a global one that settles all conflicts over all coins.
<gmaxwell>
and anyone at any time can produce any number of conflicting transactions, and the users in the network will have totally different ideas of what conflicts exist.
<bsm117532>
surae: If miners find a block at the same time (as defined by normal ordering of the DAG) they split the block reward for it.
<CodeShark_>
if two people disagree over consensus rules, we can either force them to come to a mutual agreement or have both their coins destroyed ;)
<gmaxwell>
and what weight does the succesor two those to blocks have in deciding to accept that graph vs one that forked before that pair of blocks?
<bsm117532>
gmaxwell: that's true in the short term, yes. As with blocks, you have to wait for confirmation and a long-enough dag tip to emerge.
<gmaxwell>
CodeShark_: not byzantine robust. "LOL, destroy my coins, I don't care! X is the true spend."
<kanzure>
oh fork merging.. hmm.
<MRL-Relay>
[surae] bsm117532 but you still have two blocks with the same parent... so now miners have to keep track of double the number of blocks to validate against double spending for every time the chain splits like a tree...
<MRL-Relay>
[surae] or do people merge blocks by height in their local copy of the blockchain or something?
<gmaxwell>
bsm117532: so please, answer my question about the preference of the graphs?
<bsm117532>
surae: blocks have multiple parents in a dag.
<bsm117532>
surae: miners tie together any and all tips with non-conflicting transactions when they mine.
<bsm117532>
(as parents of their block)
<bsm117532>
gmaxwell: One must carefully define a way to evaulate the amount of work in a sub-graph. This can be done with a bit of statistics and a likelihood function (for example).
<bsm117532>
You can't just count the "length" as bitcoin does.
<bsm117532>
That only works when blocks have an identical amount of work.
<gmaxwell>
bitcoin does not count the length!
<gmaxwell>
(as bitcoin blocks do not have identical work, the difficulty changes)
<bsm117532>
I know. But its evaluation of the work is unsophisticated.
<bsm117532>
The work in a dag subgraph is more complicated.
<gmaxwell>
in any case so you're saying that a chain with the extra split block would have some monotone function more work?
<bsm117532>
gmaxwell: yes it has more work than an equivalent chain with only one block in the same place.
<gmaxwell>
bsm117532: then congrats, thats ghost. Among its other costs, it is drastically more vulnerable to selfish mining, since you can withold your block at the tip, and if someone manages to announce before you, you still get to share the reward with them.
<bsm117532>
gmaxwell: Ok. Thanks for the pointer. I'll put more thought into selfish mining then.
<bsm117532>
I see what you're saying.
<gmaxwell>
I'd like to see that solved, because generally that kind of parallel graph weied work is much better for convergence, at least with honest players.
<MRL-Relay>
[surae] so, i've been reading through bitcoin NG stuff, and i have some questions i would rush to describe as "stupid"
<bsm117532>
gmaxwell: I thought a bit about convergence a while ago, hoping it would be better than asymptotic. At the time (it was a while ago) I convinced myself it was asymptotic, no enhancement in convergence.
<MRL-Relay>
[surae] if anyone is willing to answer dumb questions about NG, i'm very curious
<el33th4x0r>
MRL-relay: i'm here for another 5 min or so. i can help with NG
<gmaxwell>
if you forbid them from having conflicts (something none of the ghost papers do) then I think there is a trivial attack where a constantly broadcast conflicting txn and concurrently announce to every miner, and now their blocks cannot be merged, and the network's hashpower is dilluted; which can then give me an advantage when I intentionally mine none of these conflicts and thus can be merged wit
<bsm117532>
surae: I've read thorugh it, will try to answer.
<gmaxwell>
h everyone.
<MRL-Relay>
[surae] ok, so... in NG, my understanding is that whoever signed the last key block is now, essentially, a single miner in charge of determining which transactions announced over the next 10 minutes are double spends
<kanzure>
gmaxwell: there is a dagchain proposal incoming from the ghost person
<MRL-Relay>
[surae] is that a really terrible characterization of NG?
<bsm117532>
surae: that's my undestanding.
<MRL-Relay>
[surae] hmm ok
<gmaxwell>
[surae]: I think it would be more correct to say which valid transactions are accepted. Something being a double spend or not is not something the miner can control.
<el33th4x0r>
not quite. whoever signed the last block verifies and serializes the transactions until the next key block, but other nodes also check to make sure that the transactions are well-formed (e.g. not double-spends).
<bsm117532>
gmaxwell: one possibility for the DAG is to replace the p2p layer with it, which would remove your attack. Why should I mine your freely broadcast spam/attack transactions?
<gmaxwell>
In a normal blockchain system a double spend is an impossiblity by the rules. What miners are doing is resolving which spend to include in order to uphold those rules.
<MRL-Relay>
[surae] gmaxwell: sure, sure, invalid transactions always include double spends, but not contrary, i get it. el33th4x0r: also sure, sure... everything has to be verifiable by other parties, of course
<el33th4x0r>
great, we're all on the same page
<gmaxwell>
bsm117532: how do you distinguish them from any other transaction?
<MRL-Relay>
[surae] ok so i find that interesting because it sort of reverts the usual blockchain system
<gmaxwell>
bsm117532: are you just suggesting that you must mine to transact at all?
<bsm117532>
gmaxwell: You can't distinguish spam/attack transactions from any other. But if I only accept mined transactions in the p2p layer, I increase the cost to attackers.
<bsm117532>
gmaxwell: Yes. Everyone must mine, at least a little bit.
Jeremy_Rand has quit [Ping timeout: 250 seconds]
<bsm117532>
(it's one possiblity -- I'm not entirely convinced of it)
<gmaxwell>
There are also several mined transaction proposals. My recollection is that they usually suffer the error of making mining potentially very progressfull.
<gmaxwell>
E.g. if you have a bunch of hashpower you can mine best by privately mining a whole bunch of high work transactions privately..
<gmaxwell>
Bah, stupid that we didn't figure out selfish mining from that; it's the same issue I think.
<kanzure>
Madars: so we're getting a trustless snark in bitcoin by the time you land in hong kong, right?
<el33th4x0r>
MRL-Relay: I'm going to step out for dinner. If you have questions, no matter how silly they may seem, don't hesitate to contact me and Ittay. We're co-authors on the NG paper.
roxtrongo has quit [Remote host closed the connection]
<kanzure>
bsm117532: wouldn't your dagchain suffer from double spend bloat?
<MRL-Relay>
[surae] el33th4x0r: i was going to ask more questions, and I just ended up reading through the white paper
mrkent has joined #bitcoin-wizards
<bsm117532>
kanzure: Yes. One should stop tracking double spend tips once they've fallen behind a reasonable "# confirmations"-like threshold WRT another tip.
nwilcox has joined #bitcoin-wizards
<MRL-Relay>
[surae] what I find so interesting about NG is that you revert the usual order of events: in bitcoin, you have the miner announcing "i saw these transactions, and they were good." in NG, you have miners announcing "it's my turn to keep and announce a running ledger of good transactions for the next few minutes." It's like the difference between the
<MRL-Relay>
intervals [a,b) and (a,b].
<kanzure>
sounds like double spending would cause taint of dagchain children... e.g. even if you didn't see all the transactions that were in the other dagchain sibling.
<bsm117532>
gmaxwell: re: selfish mining. Selfish mining is a consequence of game theory regarding the fact that only one miner can get the block reward. I'm going to propose that all dag blocks in a non-conflicting subgraph receive a reward proportional to the work expended. Since miners can't exclude each other, I don't think selfish mining works. (But I will investigate more on that, thanks again)
<bsm117532>
kanzure: why would you not see all the tx in a sibling?
<kanzure>
because you were busy mining your own sibling
<kanzure>
dagness is only w.r.t parents?
<bsm117532>
surae: That reversal is actually very common in the distributed computing literature (e.g. PAXOS, Raft). But it makes the leader an easy target for an attacker. The paper talks about the "leader" actually being a key, which could be distributed, but I think this is a weak argument. ex-post-facto block publication is better.
<bsm117532>
kanzure: I'm confused.
<bsm117532>
Nodes would only attach parents that they had all the tx for, and could verify there were no conflicting transactions.
<MRL-Relay>
[surae] well, the possibility that an attacker starts approving invalid copies of his buddy's transactions on the fly is arguably less dangerous than the possibility that an attacker approves of an invalid historical copy of the blockchain; if an attacker is approving invalid transactions on the fly, unless he controls several key blocks in a row, his
<MRL-Relay>
attempt to be a jerk will eventually run aground of the rest of the network doubting the invalid s
<kanzure>
cutoff at "network doubting the invalid s"
<MRL-Relay>
[surae] network doubting the invalid sequence of transactions, right?
<MRL-Relay>
[surae] sorry about that! :P
<MRL-Relay>
[surae] i mean, when the next person finds the the next key block, are they implicitly agreeing to the latest key block's latest microblock? a miner should be able to point to older blocks and be like "that was the last valid one I saw, someone has been doing something funky for the past few blocks"
<MRL-Relay>
[surae] the hash of the last valid microblock they observed and the last key block associated with that valid microblock is presumably included in the hash target nonce game
kyuupichan has joined #bitcoin-wizards
Ylbam has quit [Quit: Connection closed for inactivity]
<gwillen>
gmaxwell: I see you, too, have been reading about the computerization of the New York subway system
Dizzle has joined #bitcoin-wizards
licnep has joined #bitcoin-wizards
DougieBot5000_ has joined #bitcoin-wizards
mkarrer_ has joined #bitcoin-wizards
Jeremy_Rand has joined #bitcoin-wizards
kgk_ has joined #bitcoin-wizards
jeremyrubin has quit [Quit: leaving]
stonecoldpat1 has joined #bitcoin-wizards
jeremyrubin has joined #bitcoin-wizards
eric has quit [Ping timeout: 264 seconds]
bobke_ has joined #bitcoin-wizards
adlai has quit [Ping timeout: 264 seconds]
lecusemble has quit [Ping timeout: 264 seconds]
mkarrer has quit [Ping timeout: 264 seconds]
guruvan has quit [Ping timeout: 264 seconds]
Dizzle has quit [Ping timeout: 240 seconds]
jeremyrubin has quit [Client Quit]
jeremyrubin has joined #bitcoin-wizards
indolering has quit [Ping timeout: 264 seconds]
bobke has quit [Ping timeout: 264 seconds]
ebfull has quit [Ping timeout: 264 seconds]
DougieBot5000 has quit [Ping timeout: 264 seconds]
kgk has quit [Ping timeout: 264 seconds]
jouke has quit [Ping timeout: 264 seconds]
stonecoldpat has quit [Ping timeout: 264 seconds]
gavinandresen has quit [Ping timeout: 264 seconds]
gavinandresen has joined #bitcoin-wizards
lecusemble has joined #bitcoin-wizards
PaulCape_ has joined #bitcoin-wizards
indolering has joined #bitcoin-wizards
PaulCapestany has quit [Ping timeout: 246 seconds]
eric has joined #bitcoin-wizards
guruvan has joined #bitcoin-wizards
jouke has joined #bitcoin-wizards
adlai has joined #bitcoin-wizards
[7] has quit [Disconnected by services]
TheSeven has joined #bitcoin-wizards
Burrito has quit [Ping timeout: 276 seconds]
Dizzle has joined #bitcoin-wizards
skyraider has joined #bitcoin-wizards
skyraider has quit [Client Quit]
<bramc>
In my ongoing merkle set data structure drama, I've decided in my ridiculous Python reference implementation when reorganizing a block I won't put it into an intermediary Pythonic set of data structures, I'll just make a copy of the original block and use it in line. I'll probably make the implementation recursive out of convenience though. Dunno if C compilers can unroll those things.
Guest25458 has quit [Ping timeout: 240 seconds]
pigeons has joined #bitcoin-wizards
koshii has quit [Ping timeout: 240 seconds]
pigeons is now known as Guest95455
zooko has quit [Ping timeout: 240 seconds]
pozitron has joined #bitcoin-wizards
<gmaxwell>
GCC can turn some very limited kinds of recursion into iteration... to python implementations ever do that?
Lightsword has quit [Remote host closed the connection]
Lightsword has joined #bitcoin-wizards
<bramc>
No Python has a policy of not optimizing tail recursion. I'm not concerned about the Python performance here, just wondering if on the port to C someone will have to do some hackety hack loop unrolling. It's probably too ugly for me to do it in the proof of concept.
<bramc>
Given my past experience my brain thinks in either extremely old school C or modern Python. When I implement things meant to be ported it winds up being a bizarre mix of the styles.
<kanzure>
if you want to cheat then you can just steal c implementation details from python
pozitron has quit [Ping timeout: 260 seconds]
DougieBot5000_ is now known as DougieBot5000
esneider has quit [Remote host closed the connection]
esneider has joined #bitcoin-wizards
Jeremy_Rand has quit [Ping timeout: 240 seconds]
Jeremy_Rand has joined #bitcoin-wizards
cr1907 has quit [Quit: Leaving]
Jeremy_Rand has quit [Ping timeout: 246 seconds]
esneider has quit [Remote host closed the connection]
psztorc_ has quit [Ping timeout: 240 seconds]
adam3us has joined #bitcoin-wizards
kgk has joined #bitcoin-wizards
adam3us has quit [Ping timeout: 240 seconds]
kgk has quit [Client Quit]
Jeremy_Rand has joined #bitcoin-wizards
pozitrono has joined #bitcoin-wizards
Vinegar has joined #bitcoin-wizards
eamonnw has joined #bitcoin-wizards
Jeremy_Rand has quit [Read error: Connection reset by peer]
licnep has quit [Quit: Connection closed for inactivity]
cfromkne_ has quit [Remote host closed the connection]
cfromknecht has joined #bitcoin-wizards
cfromknecht has quit [Ping timeout: 250 seconds]
Ylbam has joined #bitcoin-wizards
koshii has joined #bitcoin-wizards
adam3us has joined #bitcoin-wizards
Guyver2 has joined #bitcoin-wizards
seg has joined #bitcoin-wizards
seg has quit [Remote host closed the connection]
seg has joined #bitcoin-wizards
seg has quit [Client Quit]
seg has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
copumpkin has joined #bitcoin-wizards
copumpkin has quit [Client Quit]
Guyver2 has quit [Quit: :)]
Quanttek has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 240 seconds]
kyuupichan has quit [Quit: Leaving]
kyuupichan has joined #bitcoin-wizards
Piper-Off is now known as Monthrect
Vinegar has quit [Ping timeout: 240 seconds]
matsjj_ has joined #bitcoin-wizards
Quanttek has quit [Remote host closed the connection]
Quanttek has joined #bitcoin-wizards
roxtrongo has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
jtimon has quit [Remote host closed the connection]
bramc has quit [Quit: This computer has gone to sleep]
spinza has quit [Excess Flood]
matsjj_ has quit [Remote host closed the connection]
spinza has joined #bitcoin-wizards
Jeremy_Rand has joined #bitcoin-wizards
frankenmint has quit [Remote host closed the connection]
dEBRUYNE_ has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
akstunt600 has quit [Ping timeout: 240 seconds]
CodeShark_ has quit [Ping timeout: 240 seconds]
Jeremy_Rand has quit [Ping timeout: 260 seconds]
c0rw|zZz is now known as c0rw1n
dEBRUYNE_ has quit [Ping timeout: 240 seconds]
roxtrong_ has joined #bitcoin-wizards
roxtrongo has quit [Ping timeout: 276 seconds]
rdponticelli has joined #bitcoin-wizards
roxtrong_ has quit [Remote host closed the connection]
ThomasV has quit [Ping timeout: 264 seconds]
frankenmint has joined #bitcoin-wizards
roxtrongo has joined #bitcoin-wizards
roxtrong_ has joined #bitcoin-wizards
roxtrongo has quit [Ping timeout: 240 seconds]
jtimon has joined #bitcoin-wizards
roxtrong_ has quit [Remote host closed the connection]
atgreen has joined #bitcoin-wizards
roxtrongo has joined #bitcoin-wizards
roxtrong_ has joined #bitcoin-wizards
roxtrongo has quit [Ping timeout: 260 seconds]
Emcy has quit [Read error: Connection reset by peer]
c-cex-yuriy has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
akstunt600 has joined #bitcoin-wizards
<bsm117532>
gmaxwell: that disclaimer is probably related to this bizarre software patent case: https://lwn.net/Articles/181261/
rdponticelli has quit [Ping timeout: 250 seconds]
pozitrono has quit [Read error: Connection reset by peer]
dEBRUYNE_ has joined #bitcoin-wizards
spinza has quit [Excess Flood]
spinza has joined #bitcoin-wizards
zooko has joined #bitcoin-wizards
pozitron has joined #bitcoin-wizards
sparetire_ has joined #bitcoin-wizards
Burrito has joined #bitcoin-wizards
atgreen has quit [Ping timeout: 240 seconds]
atgreen has joined #bitcoin-wizards
dEBRUYNE_ has quit [Read error: Connection reset by peer]
atgreen has quit [Ping timeout: 246 seconds]
atgreen has joined #bitcoin-wizards
Emcy has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
TBI_ has joined #bitcoin-wizards
<amiller_>
re: nonoutsourceable puzzles.... <gmaxwell> The preimise of the idea is that people wouldn't because the cloud hosts could rip people off; but this ignores the fact that there does not exist a _single_ provable non-ripoff cloudmining operation, even though there trivally could be.
<amiller_>
i think in reality the nonoutsourceable idea *necessarily depends on -EV mining*
<amiller_>
cloudmining is trivialy "provably non-ripoff" because they pay out in trickles, and they earn money in trickles
<amiller_>
gmaxwell> zooko: Adam has a whole bag of pet ideas about making sure that mining is slightly negative EV because people won't scale a negative ev task, but they'll gamble or 'buy coins without friction'. But alone that can't be enough since we see lots of people choosing to not mine even when it's +ev and they can pick their variance (at least anywhere from solo mining to PPS)
TBI has quit [Ping timeout: 240 seconds]
<amiller_>
i didn't now about that, i'd be really interested to hear about that bag of pet ideas
<amiller_>
people *can't* pick their variance, at least not to the extent i'm talking about
<zooko>
Lots of people played Satoshidice, right? One could define an altcoin whose mining process fit under the same economics and UX as Satoshidice's economics and UX, couldn't one?
<amiller_>
what i'm interested in is outside the range of [solo mining, pps]
<amiller_>
zooko, yeah, and the variance of satoshidice was/is significantly higher than 25btc per shot
<amiller_>
what i'm proposing is to model the reward structure after whatever bigass state lotteries do... sometimes there's a $500M jackpot! way bigger than a bitcoin block
<amiller_>
the premise is that state lotteries are a $50B/year industry, and whatever they are doing is pretty effective at recruiting participants
adam3us has quit [Quit: Leaving.]
<zooko>
amiller_: Did you catch the part about the hypothesis that UX separately from economics is an important factor?
<zooko>
amiller_: ever seen those studies of fMRI of gamblers?
<zooko>
Anticipation-and-reward mechanic?
<amiller_>
zooko, yeah.... i don't see why it's "separate" though... to me by UX you're evoking something like the visual interface of the client software, and that doesn't really inform the design of the protocol
<amiller_>
but actually the anticipation-reward *is* part of the economics of it, if it predictably affects participation decisions, so i dont see why you'd call it separate
<zooko>
amiller_: well...
<zooko>
*thinks*
<zooko>
I imagine a cryptocurrency mining distribution which has identical economic distribution to something popular, like a lottery or Satoshidice.
<zooko>
And I'm imagining that nobody plays the mining game. They all pool instead to get a different distribution.
<zooko>
And I'm imagining that the first and most important difference in the two is that you have to take an action in order to roll the Satoshidice, whereas you can passively leave your client running to play the mining game.
<zooko>
So if that were true, then a variant of Satoshidice which automatically plays for you and just reports to you when you win would be just as unpopular as solo mining.
<zooko>
And all of that airy dream in my imagination is predicated on idential payoff distributions.
<zooko>
And that is partly informed by some studies I glanced at years about the brain activation in gamblers,
<zooko>
and how if they get a reward unprompted, it didn't light up their pleasure/addictions centers
<zooko>
nearly as much, as if they got an anticipation: YOU MIGHT GET A REWARD ON THE OTHER SIDE OF THIS DOOR!, followed by that reward.
<zooko>
*That* really got them off.
<amiller_>
zooko, it would be easy to build a mining rig where you had to push a button every so often to keep playing... i don't see how to turn that into a protocol constraint though
<zooko>
*nod*
<amiller_>
zooko, so, lotteries have consolation prizes, and i believe that's a critical part of their design
<zooko>
Hm.
<zooko>
Unfortunately I have to go, now.
frankenmint has quit [Remote host closed the connection]
psztorc has joined #bitcoin-wizards
<kanzure>
er, why do they have consolation prizes anyway? winning $1 surely doesn't have a big/any effect.
<zooko>
Why do you think that?
<zooko>
Nevermind, I've *really* got to go now. :-)
<sipa>
people need to regularly feel they win 'something', i guess
<sipa>
otherwise they stop playing
<zooko>
I just want to emphasize that "$1 sure doesn't have a big/any effect" is almost certainly wrong, and that sort of reasoning is a common way to reason incorrectly about this stuff.
<zooko>
See "behavioral economics".
roxtrong_ has quit [Remote host closed the connection]
atgreen has quit [Ping timeout: 260 seconds]
<kanzure>
pow difficulty acceleration makes it unlikely to be able to award small satoshi amounts without spiraling out of control; but if there's some good argument for a 10e-12 satoshi amount as valuable to someone... perhaps it should be considered. but dunno.
zooko has quit [Ping timeout: 250 seconds]
SgtStroopwafel has joined #bitcoin-wizards
<jgarzik>
kanzure, if you are minting colored coins right out of the gate, you attach significant external value to a satoshi
<kanzure>
the only part of that i understand is "minting colored coins". can you explain the rest? heh
JackH has joined #bitcoin-wizards
<jgarzik>
kanzure, colored coins are a good argument for a 10e-12 satoshi amount being valuable to someone
<jgarzik>
kanzure, and that includes miner payouts, for a situation where a miner is creating and distributing colored coins from a coinbase transaction.
<kanzure>
so proposal is someone would be pegging a colored coin to pow hashrate acceleration and satoshi BTC? but everyone's value would evaporate quite rapidly due to mining depreciation.
* jgarzik
wasn't thinking pegging
esneider has joined #bitcoin-wizards
<kanzure>
but yes would solve the "how to get small amounts of value to new participants" issue... .so i guess i'm moving the goal posts.
<jgarzik>
Just systems that deal with small satoshi amounts in general
<jgarzik>
kanzure, that's what wizards is for :) moving goalposts
esneider has quit [Remote host closed the connection]
esneider has joined #bitcoin-wizards
psztorc has quit [Ping timeout: 246 seconds]
SgtStroopwafel has quit [Remote host closed the connection]
SgtStroopwafel has joined #bitcoin-wizards
cfromknecht has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 244 seconds]
roxtrongo has joined #bitcoin-wizards
roxtrongo has quit [Ping timeout: 264 seconds]
TheSeven has quit [Disconnected by services]
[7] has joined #bitcoin-wizards
bramc has joined #bitcoin-wizards
Dizzle has quit [Quit: Leaving...]
roconnor has joined #bitcoin-wizards
Vinegar has joined #bitcoin-wizards
nwilcox has joined #bitcoin-wizards
roxtrongo has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
Starduster has quit [Ping timeout: 276 seconds]
damethos has joined #bitcoin-wizards
snthsnth has joined #bitcoin-wizards
psztorc has joined #bitcoin-wizards
Jeremy_Rand_ has joined #bitcoin-wizards
Starduster has joined #bitcoin-wizards
Emcy has quit [Read error: Connection reset by peer]
ThomasV has quit [Ping timeout: 244 seconds]
SgtStroopwafel has quit [Quit: Fuck, SgtStroopwafel is down!]
SgtStroopwafel has joined #bitcoin-wizards
LeMiner2 has joined #bitcoin-wizards
badmofo has quit [Ping timeout: 240 seconds]
LeMiner has quit [Ping timeout: 246 seconds]
priidu has joined #bitcoin-wizards
smk has joined #bitcoin-wizards
badmofo has joined #bitcoin-wizards
blackwraith has joined #bitcoin-wizards
priidu has quit [Ping timeout: 255 seconds]
badmofo has quit [Ping timeout: 240 seconds]
badmofo has joined #bitcoin-wizards
metamarc has joined #bitcoin-wizards
Jeremy_Rand_ has quit [Remote host closed the connection]
Jeremy_Rand has joined #bitcoin-wizards
nwilcox has quit [Ping timeout: 272 seconds]
matsjj has joined #bitcoin-wizards
matsjj_ has joined #bitcoin-wizards
matsjj has quit [Ping timeout: 272 seconds]
Guyver2 has joined #bitcoin-wizards
AnoAnon has joined #bitcoin-wizards
AnoAnon has quit [Read error: Connection reset by peer]
rustyn has joined #bitcoin-wizards
esneider has quit [Remote host closed the connection]
esneider has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
frankenmint has quit [Remote host closed the connection]
nwilcox has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
jgarzik has quit [Quit: Leaving]
jgarzik has joined #bitcoin-wizards
jgarzik has quit [Changing host]
jgarzik has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
damethos has joined #bitcoin-wizards
matsjj has joined #bitcoin-wizards
matsjj_ has quit [Ping timeout: 260 seconds]
esneider has quit [Remote host closed the connection]
Vinegar has quit [Ping timeout: 264 seconds]
pozitron has quit [Ping timeout: 265 seconds]
frankenmint has quit [Remote host closed the connection]
Quanttek has quit [Remote host closed the connection]
roxtrongo has quit [Remote host closed the connection]
Quanttek has joined #bitcoin-wizards
ThomasV has joined #bitcoin-wizards
spinza has quit [Excess Flood]
spinza has joined #bitcoin-wizards
frankenmint has joined #bitcoin-wizards
jojva has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 250 seconds]
esneider has joined #bitcoin-wizards
dave4925 has quit [Read error: Connection reset by peer]
esneider has quit [Remote host closed the connection]
esneider has joined #bitcoin-wizards
[7] has quit [Disconnected by services]
TheSeven has joined #bitcoin-wizards
metamarc has quit [Read error: Connection reset by peer]
matsjj has quit [Remote host closed the connection]
lmatteis has joined #bitcoin-wizards
damethos has quit [Quit: Bye]
esneider has quit [Remote host closed the connection]
roxtrongo has joined #bitcoin-wizards
esneider has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
roxtrongo has quit [Ping timeout: 240 seconds]
Vinegar has joined #bitcoin-wizards
esneider has quit [Remote host closed the connection]
<jrayhawk_>
It'd be nice to integrate PGP and Bitcoin so you can do something like revocable deposit tied to identity verifications and, instead of tracking caring about shortest trust path, start caring about highest-minimum-value trust paths.
metamarc has joined #bitcoin-wizards
esneider has joined #bitcoin-wizards
<jrayhawk_>
Which solves the 'generate a dangerous copy of the strong set using cloned 32-bit hashes' problem, the 'identity sigs are so cheap that anonymous signing happens because nobody cares' problem, and the 'nobody wants to deal with the social inconvenience of revocation' problem.
<jrayhawk_>
Something a sidechain would be suited for.
jrayhawk_ is now known as jrayhawk
akstunt600 has quit [Remote host closed the connection]
esneider has quit [Remote host closed the connection]
<nwilcox>
jrayhawk: Are you proposing something like trust assertions have a cost imposed so that the trust graph is more costly to manipulate?
<jrayhawk>
A cost that's revocable with the trust certification, yes.
<nwilcox>
I see.
<nwilcox>
Well, I could see how people who like WoT might be into that. Personally, I consider WoT to be not very relevant, because I believe it makes some fundamental UX / psychology mistake.
<nwilcox>
I could be wrong though.
<nwilcox>
eg: I personally have never relied on WoT for anything PGP related. Instead I just do OOB verification with point-wise contacts, or rely on people to mail me their friends pubkeys, etc...
<jrayhawk>
I'm guesing a pretty big percentage of the code running on your computer is both signed and not indepdendently OOB-verified.
<jrayhawk>
If Linux, PGP, if others, x509.
snthsnth has quit [Ping timeout: 240 seconds]
<jrayhawk>
It's what enables e.g. fully independent software mirrors to exist.
<gmaxwell>
no one verfies almost anything.
esneider has joined #bitcoin-wizards
jtimon has quit [Ping timeout: 250 seconds]
<gmaxwell>
I know this because I do verify all code that I download. And I'm often unable to go beyond a circular level of verification where it verfies with the key posted at the same place as the files.
<gmaxwell>
including, at times, high profile things like openssl (I've had to ask them to fix this...), Fedora linux, etc.
<jrayhawk>
Yeah, it'd be nice if some verification feature got integrated into HTTP/2 or SPDY.
<jrayhawk>
So that fuckups would be real obvious.
<gmaxwell>
Libreboot (which is specifically marketed to people who might be targets of state level survailence)...
<gmaxwell>
well the https model results in having to have keys online at all times on a well known publicly reachable server, considering the state of system security this isn't a receipy for success. :)
<jrayhawk>
Yeah.
<jrayhawk>
Spending ten minutes browsing through https://www.reddit.com/r/xss/ is ample demonstration that https is no substitute for codesigning.
<gmaxwell>
well it's also not for another reason: no transferable proof.
<jrayhawk>
That'd be nice, too.
<gmaxwell>
Part of where code signing security comes from is not because you trust the source, its because you trust other people will review and if they find the source gave you bad code they can prove it to the world.
Vinegar has quit [Ping timeout: 240 seconds]
<jrayhawk>
I suppose my model would probably result in a lot of centralization on CA-like authorities; "pay us 12mbtc to exchange 5mbtc trust certifications both ways because we're a top-5 cross-signer".
<jrayhawk>
Which would then have disproportionately low incentives to revoke.
<jrayhawk>
Hmm.
paveljanik has quit [Quit: Leaving]
<jrayhawk>
Being able to burn btc on revocation ("I hate them *this* much!") would be a strong distrustability signal, but it's not clear how that should figure into path scoring.
<kanzure>
have you looked at fidelity-bonded stuff and fraud proof stuff?