earthrocker has quit [Quit: come chat with us @ http://robothive.irc.so/ | robothive.irc.so 6667 #robothive]
<stellar-slack>
<sacarlson> I'm bringing up my stellar-core to see if it still exists
[7] has quit [Disconnected by services]
TheSeven has joined #stellar-dev
<stellar-slack>
<sacarlson> brainfart on my side again ha ha
stellar-slack has quit [Remote host closed the connection]
stellar-slack has joined #stellar-dev
<stellar-slack>
<sacarlson> and the fix for deleting signers is now working in this release as I just tested it on horizon
dobson has quit [Quit: Leaving]
dobson has joined #stellar-dev
<stellar-slack>
<regisg> Is there a way to add a keypair to an account which can't successfully submit transaction > xx € ?
<stellar-slack>
<sacarlson> I'm not sure of the question but yes you can add and remove signers from an account that may be set to require some number of signers
<stellar-slack>
<sacarlson> however you can lock an account permanently by setting the number of signers needed above the number of signers that are presently added to the account
<stellar-slack>
<regisg> But you can't restrict a signer to submit transaction > xx € , kind of security : allowing only small amounts in shops. I'm posing this question because I'm thinking about the way to create a payment card (qRcode or rfid ) to allow payments... you have to store the seed secret... and allowing the seed to only submit small transaction would be more secure.
<stellar-slack>
<sacarlson> sounds more like just have more than one account. just like your wallet you only need put what you need to spend in it
<stellar-slack>
<sacarlson> but like a big bank to open the safe requires that the manager and maybe some audit be present or in this case both sign to allow the transaction to take place
<stellar-slack>
<sacarlson> with both there sigs to move money into the tray of the teller that uses the small money to transact with customers
<stellar-slack>
<regisg> ok. Yes It's easy to create temporary account with small amount and eventually merge it with the "master" account after the transaction.
<stellar-slack>
<sacarlson> yes
<stellar-slack>
<regisg> thanks
<stellar-slack>
<sacarlson> np
<stellar-slack>
<sacarlson> seems this is the error code seen if we don't have enuf signatures: #{"hash"=>"9bb20309c0a6613bf0af89a42b580794d7a6f4028a48c1833dde3d50c1c7cbdf", "result"=>"failed", "error"=>"AAAAAAAAAAr/////AAAAAf////8AAAAA"} #Stellar::TransactionResultCode.tx_failed(-1). I thought we had a more discriptive failure code for this?
<stellar-slack>
<dzham> @regisg: 2-of-2 multi-sig, where the second signer automatically signs for amounts less than xx €
<stellar-slack>
<buhrmi> @regisg: somebody suggested having a chip on the card that signs the tx directly on the card so the seed never leaves it
<stellar-slack>
<dzham> @regisg: I’ve got a setup like that in my wallet, w/ 2FA for amounts above a limit
<stellar-slack>
<regisg> @dzham: the code is open source ? I can read it ?
<stellar-slack>
<sacarlson> @regisg: @buhrmi yes it's called a smart card
<stellar-slack>
<buhrmi> probably been done before
<stellar-slack>
<sacarlson> yes it's very common on most cards here in thailand all credit card that used require it
<stellar-slack>
<sacarlson> as there are in theory inposible to duplicate\
<stellar-slack>
<dzham> @regisg: No open source at the moment, don’t know about later. It’s not very complicated though, 200 lines of code maybe, including error handling
<stellar-slack>
<regisg> @dzham: ok, thanks for the infos.
<stellar-slack>
<sacarlson> or you could use the code that already exists and use it as authentication to a third party server signer
<stellar-slack>
<regisg> yes, a web service which signs and submit transaction only if the amount is < xx €, good idea.
<stellar-slack>
<sacarlson> well you could make it so they only have authority weight of 1 so they couldn't do any transactions with there seed without your seed also provided. they just add there seed if they verify you are you with your card authentication. but you can also have a master weighted signer key you keep in the event you want to move the account yourself
<stellar-slack>
<dzham> that’s exactly what I’ve done
<stellar-slack>
<sacarlson> cool
<stellar-slack>
<dzham> your fault really, after we talked about it two weeks ago :)
<stellar-slack>
<regisg> ok. I'll experiment multi-sig and try to code this.
<stellar-slack>
<sacarlson> regisg: sounds like you don't have to as dzham has writen it already
<stellar-slack>
<dzham> but a service like that can’t live on its own, you need to integrate it into a wallet for it to be useful
<stellar-slack>
<sacarlson> ya some app on a android phone you mean?
<stellar-slack>
<sacarlson> we need to find an android app writer
<stellar-slack>
<dzham> yeah.. well right now it’s a desktop app, and you get the 2FA code from your phone
<stellar-slack>
<sacarlson> 2FA? is that like sms?
<stellar-slack>
<dzham> Google Authenticator
<stellar-slack>
<dzham> SMS’s can be intercepted, numbers can be redirected, you can be out of coverage, etc...
<stellar-slack>
<dzham> I suck at trading to, even if I’ve spend quite a lot of time on it the last nine years
<stellar-slack>
<dzham> I had a good 18 month run, did +1600%, after that it’s just been meh
<stellar-slack>
<dzham> New stuff is mainly javascript.. I want to focus more on what can be done on top of the protocol than writing wrappers for it
<stellar-slack>
<sacarlson> wow well I did good in bitcoin but only started with $10 that was only $0.75 when I got it
<stellar-slack>
<sacarlson> so you plan to do trading in the stellar market to continue to make 1600%?
<stellar-slack>
<dzham> nah, just a waste of time, could have built a company instead and been a few years into it
<stellar-slack>
<sacarlson> not sure what diff a company makes unless you had backers that invested to leverage more money into it
<stellar-slack>
<sacarlson> and your still young what's stoping you
<stellar-slack>
<dzham> a business with a cash flow is worth something, there’s value to it, there’s a multiple to it, right?
<stellar-slack>
<dzham> stop trading and your cashflow stops, you cant’ sell your business, cause you are it.
<stellar-slack>
<sacarlson> ya I guess but you only need so much then you can goof off like me
<stellar-slack>
<buhrmi> u can always sell yourself
<stellar-slack>
<buhrmi> that's what people do in job interviews
IIIIIHIIIII has joined #stellar-dev
<stellar-slack>
<dzham> @buhrmi, @sacarlson: thinking about it more, I would stay away from smart card signing.. tx envelopes can be quite complicated, and without inspection there might just be an operation that bleeds you dry
<stellar-slack>
<dzham> e.g. you think you’re paying for a coffee, but I’m adding myself as a signer to your account, only to empty you account a week later
<stellar-slack>
<sacarlson> @dzham: maybe your speaking of offline transactions? I would like to chat about that
<stellar-slack>
<dzham> I was thinking about the cards thing that regisg started talking about, but sure, offline transactions :)
<stellar-slack>
<sacarlson> the only way I can imagine it could work is if you had a trusted 3rd party signer like the gateway of assets. you have them issue you wallets for every entity that you ever plan to deal with localy including friends 7-11 stores gass stations .... when the time comes to pay one of them you take out the wallet for that entity and sign over some of those assets to them. your wallet is some how locked for s
<stellar-slack>
the the entity to collect his money online
<stellar-slack>
<sacarlson> the only way it can be unlocked is by the trusted 3rd party so the payee feels safe you can double spend on him
<stellar-slack>
<sacarlson> the flaw is that you have to tie up assets on your wallet even if you don't end up spending it
<stellar-slack>
<buhrmi> the flaw is the trusted third party
<stellar-slack>
<sacarlson> well we trust banks with our money now so no difference
<stellar-slack>
<buhrmi> maybe that's a flaw too
<stellar-slack>
<sacarlson> you can have it so there be more than one bank or signer lock the account for the window of time
<stellar-slack>
<sacarlson> if you don't trust your money to one bank then better to trust to to 10 banks
<stellar-slack>
<buhrmi> my bank is charging me fees just for holding my money
<stellar-slack>
<sacarlson> well that's what we are trying to fix, our lack of depending on banks
<stellar-slack>
<dzham> what’s the scenario for an offline tx, why would you need that?
<stellar-slack>
<sacarlson> in places like africa that have no local internet services
<stellar-slack>
<sacarlson> no wireless I should say
<stellar-slack>
<dzham> sms
<stellar-slack>
<sacarlson> that may be one solution
<stellar-slack>
<sacarlson> but this method I'm looking at requires on comunication at all
<stellar-slack>
<dzham> if they have cell phone coverage, that works
<stellar-slack>
<buhrmi> yeah or on the moon
<stellar-slack>
<buhrmi> what if youre on the moon
<stellar-slack>
<sacarlson> yup it could work on the mood if you set the lock time long enuf for them to return home to collect the locked funds
<stellar-slack>
<buhrmi> what if you're on the moon and you wanna trade bitcoin for goatcoin
<stellar-slack>
<sacarlson> can do
<stellar-slack>
<sacarlson> as long as the both had the assets locked they could trade each sending each the locked asset
<stellar-slack>
<dzham> I’m not sure if the time bounds would help, in stellar that just defines the time bounds for which the tx will be valid
<stellar-slack>
<dzham> if out of bounds, the tx will get rejected
<stellar-slack>
<buhrmi> what if somebody is traveling at 50% speed of light while doing the offline transaction and distorts time relative to the 3rd party?
<stellar-slack>
<sacarlson> the 3rd party controls the time window but the transaction could also be set to expire on the stellar network
<stellar-slack>
<sacarlson> well buhrmi then we might have a problem. best to only use it for small money transaction to go to the store and buy beer with as you never know when time travel will be posible
<stellar-slack>
<sacarlson> it's only for small offline spending much like what you carry in your pocket
<stellar-slack>
<sacarlson> no time delays from comunications so it should be fast
<stellar-slack>
<sacarlson> all done bettween two android devices over bluetooth or wifi or QR code
<stellar-slack>
<sacarlson> ok team get to work on it and have it ready for demo in a week
<stellar-slack>
<sacarlson> oh maybe we don't need the 3rd party to put a time lock on an asset?
<stellar-slack>
<sacarlson> if we don't already have that feature in stellar-core we should add it. the ability to set a time lock on a signer
<stellar-slack>
<dzham> I guess you could use a time bound, and not submit it until it becomes valid
<stellar-slack>
<sacarlson> I would have read up on that
<stellar-slack>
<buhrmi> lol it's actually accurate
<stellar-slack>
<sacarlson> ya that looks like they have it buhrmi
<stellar-slack>
<buhrmi> offline tx could be something as simple as requesting somebody to sign something and submitting it to the network later
<stellar-slack>
<buhrmi> hmmm ah that doesnt work cause the sequence number is included in the signature right?
<stellar-slack>
<dzham> @buhrmi: yeah, but that’s why you use multi-sig… so the tx source account isn’t the main account, and the main account sequence number doesn’t increment
<stellar-slack>
<dzham> if that makes sense
<stellar-slack>
<sacarlson> this time bond seems to only effect transactions not disabling the ability of a signer from draining the account before the payee gets a chance to collect the funds. Time bounds: optional The UNIX timestamp, determined by ledger time, of a lower and upper bound of when this transaction will be valid. If a transaction is submitted too early or too late, it will fail to make it into the transaction set.
<stellar-slack>
<dzham> you make a “session” account, and createAccount on it so it’s in the ledger, and add it a signer. now you use the session account as the tx source account, but for the payment operation you use the main account as the source account.
<stellar-slack>
<sacarlson> so until they add the time lock on signers and you still need the 3rd party anyway so I guess it's pointless to have it
<stellar-slack>
<dzham> the tx source account is the one that’s going to pay the fee, and get it’s sequence number incremented, so your main account doesn’t get “blocked”, i.e. it can still get it’s seq num incrementer independently on this tx
<stellar-slack>
<sacarlson> I search your link above buhrmi and it has no info on off line transaction that I could see
<stellar-slack>
<buhrmi> yeah sorry lol
<stellar-slack>
<buhrmi> was random
<stellar-slack>
<sacarlson> so your method dzham what stops the payer from draining all the assets from the main account before the vendor has a chance to get online to collect it?
<stellar-slack>
<sacarlson> or basicly double spend it
<stellar-slack>
<sacarlson> you can't expect the 7-ll store to trust anyone that walks into the store and expect them all to just be honest and keep the funds needed to pay them available
<stellar-slack>
<sacarlson> and just like we trust verisign with our https certs we would have trusted witnesses that verified with signature that they saw the account locked with this amount of funds in it for this time frame
<stellar-slack>
<dzham> but how do they do that if its offline?
<stellar-slack>
<buhrmi> witneeesssss
<stellar-slack>
<dzham> best case scenario for offline would probably be to set up a funded joint account beforehand, and then pass around tx’s that distribute the funds according to your mutual understanding. when you get online you can broadcast the latest one to the network.
<stellar-slack>
<sacarlson> well if the one that double spent the money gets online before the one that recieved it does then he would be able to double spend it
<stellar-slack>
<sacarlson> yes you can have a group of witnesses that said they all saw the funds in the locked account
<stellar-slack>
<sacarlson> I don't understand this joint account and who would be allowed to pull what amount out of it
<stellar-slack>
<dzham> how do you double spend?
<stellar-slack>
<dzham> the joint account would be a 2-of-2 multi-sig
<stellar-slack>
<dzham> I send 100 BEER to it
<stellar-slack>
<sacarlson> I go buy gass at the gass station to fill my truck I then go to the 7-11 to buy beer with the same funds. double spent
<stellar-slack>
<dzham> I send you a tx to send the BEER back to me, you sign it. 2-of-2
<stellar-slack>
<dzham> I owe you a beer, I send you a tx to send 1 to you, 99 back to me
<stellar-slack>
<sacarlson> that's only if I trust you correct?
<stellar-slack>
<sacarlson> no mater what trasactions you do offline the funds are still able to be spent again unless they are locked as far as I know
<stellar-slack>
<dzham> nope.. well, we’d have to trust each other to both sign the tx’s. (not trust in the "manage trust” way)
<stellar-slack>
<dzham> as I mentioned before, the joint account would have to be set up before going offline
<stellar-slack>
<sacarlson> oh ok ya that sounds like it would work then as you personaly witnessed it was locked
<stellar-slack>
<sacarlson> by yourself
<stellar-slack>
<dzham> yup
<stellar-slack>
<sacarlson> but this has to be setup so that people that don't know each other can transact
<stellar-slack>
<dzham> your creating your own little sidechain
<stellar-slack>
<sacarlson> what if 100 people are in this joint account will that work?
<stellar-slack>
<sacarlson> does it scale?
<stellar-slack>
<dzham> I don’t know.. it seems a little academic, I wouldn’t want to transact if the tx didn’t clear right away anyway
<stellar-slack>
<sacarlson> my method isn't good at scaling to any big numbers eather so
<stellar-slack>
<sacarlson> I'm not happy with my idea because it locks up too many funds as you would require a different wallet or account for every vendor you ever deal with not that I deal with that many but.
<stellar-slack>
<sacarlson> as these wallets could only be allowed to be spent to that vendor so he knows you can't double spend any of it as he's already the other signer on that precreated account\
<stellar-slack>
<sacarlson> he can see the witnessed signed it's original value before it was locked so he knows it has funds
<stellar-slack>
<buhrmi> In the end without trust nothing is possible
<stellar-slack>
<buhrmi> Trust is the foundation for anything
pixelb has quit [Ping timeout: 246 seconds]
pixelb has joined #stellar-dev
<stellar-slack>
<sacarlson> yes true buhrmi but it's easy to trust a single trusted entity like we do verisign more than we can trust anyone on the streets is the point of the system
<stellar-slack>
<sacarlson> verisign as we know already over time has been known as a third unconnected entity to sign things that most of us respect as true. but we can pick any signer or group of signers over time to be trusted as witnesses of known assest at some set point in time on a locked account