1 2016-03-01T00:00:27  * Luke-Jr wonders if it is better to correct people in cases like this, or let them build up a negative reputation.
   2 2016-03-01T00:03:39  <gmaxwell> Kristov's answers were a bit off but not terrible there.
   3 2016-03-01T00:04:27  <belcher> gmaxwell they had been in contact with me about joinmarket a few months ago, nothing much came from it
   4 2016-03-01T00:05:35  <gmaxwell> Considering those questionare answers which were mostly privacy positive (BIP 69 where kristov gave a misleading answer-- I don't think we should implement BIP69, it doesn't improve privacy and could hurt it); it's remarkable to me that they rated Bitcoin-QT poorly if thats where their information was coming from.
   5 2016-03-01T00:05:56  *** Guyver2 has quit IRC
   6 2016-03-01T00:06:19  <gmaxwell> Though I wonder about thins like this:
   7 2016-03-01T00:06:21  <gmaxwell> "     b.      Does the user’s device provide a filter which matches some fraction of the blockchain while providing a false positive rate (bloom or prefix filters)?
   8 2016-03-01T00:06:24  <gmaxwell> No, it just downloads the whole blockchain and performs local queries."
   9 2016-03-01T00:06:42  <gmaxwell> ... like are we being negatively marked here for doing the _only_ thing known to provide strong privacy?
  10 2016-03-01T00:07:06  <gmaxwell> "100%, unless a user bootstraps downloading the blockchain. Bootstrapping will potentially limit the user's anonymity set to other people who have downloaded that bootstrap.dat file.
  11 2016-03-01T00:07:10  <gmaxwell>  " wut?
  12 2016-03-01T00:08:24  *** aknix has joined #bitcoin-core-dev
  13 2016-03-01T00:11:04  <Luke-Jr> lol
  14 2016-03-01T00:15:00  <gmaxwell> In any case, it's important people try to improve this. I'll go follow up with that old questionare-- it's unfortunate that it was sent when I wasn't following the list and no one picked it up. I'll advise them to create an issue in the future.
  15 2016-03-01T00:16:36  *** BitcoinErrorLog has joined #bitcoin-core-dev
  16 2016-03-01T00:17:33  <Luke-Jr> gmaxwell: improving it seems likely to result in their organisation gaining credibility without having anyone actually competent producing the future reports. so they may then be subtley problematic in the future and yet have a reputation of being accurate due to corrections made now.
  17 2016-03-01T00:18:16  <Luke-Jr> (it'd be one thing if they held back on making reports until they had properly figured out the facts to a reasonable degree, but that doesn't appear to be the case)
  18 2016-03-01T00:28:51  <molz> gmaxwell: hm.. so that was the reason kristov wanted to discuss with you about the wallet a few weeks ago, but he didn't say he was writing a report on it?
  19 2016-03-01T00:29:17  <molz> we're going to have HD core wallet in v13, right?
  20 2016-03-01T00:29:26  <sipa> if someone implements it, maybe
  21 2016-03-01T00:29:57  <gmaxwell> molz: I really doubt it. Also, thats irrelevant to privacy.
  22 2016-03-01T00:36:35  <randy-waterhouse> gmaxwell: are you asking about these guys http://www.openbitcoinprivacyproject.org/ ?
  23 2016-03-01T00:37:33  <aknix> oh no whats pistov-kristov doing now?
  24 2016-03-01T00:38:34  <aknix> oic
  25 2016-03-01T00:41:43  <petertodd> Luke-Jr: "improving it seems likely to result in their organisation gaining credibility" <- +1
  26 2016-03-01T00:42:01  *** pigeons_ is now known as pigeons
  27 2016-03-01T00:44:25  <aknix> I have some kristov chat logs...
  28 2016-03-01T00:44:33  <aknix> pms
  29 2016-03-01T00:44:43  <petertodd> aknix: oh yeah?
  30 2016-03-01T00:44:46  <aknix> yes
  31 2016-03-01T00:44:53  <aknix> i was IRL friends with him
  32 2016-03-01T00:45:10  <petertodd> aknix: interesting
  33 2016-03-01T00:45:24  <petertodd> aknix: now granted, PM's are meant to be private, so keep that in mind
  34 2016-03-01T00:45:27  <Luke-Jr> past tense?
  35 2016-03-01T00:46:03  <aknix> yes, I have been open minded. Also tried to reinstate conversation to no avail.
  36 2016-03-01T00:46:18  <aknix> he has me blocked on twitter which i find childish as well
  37 2016-03-01T00:46:25  <Luke-Jr> i c
  38 2016-03-01T00:46:40  <petertodd> aknix: well, I blocked him on twitter because he kept on being uncivil, unlike others who disagreed with me
  39 2016-03-01T00:46:41  <aknix> so my logs are gone from slack :(
  40 2016-03-01T00:46:51  <aknix> they were slack PMs
  41 2016-03-01T00:46:52  <Luke-Jr> aknix: yeah, problem with using slack..
  42 2016-03-01T00:47:08  <aknix> He made statement that CT will never happen
  43 2016-03-01T00:47:15  <Luke-Jr> it may not
  44 2016-03-01T00:47:21  <Luke-Jr> I think sipa is working on improving it though
  45 2016-03-01T00:47:24  <aknix> Im aware
  46 2016-03-01T00:47:38  <sipa> i'm working on CT?
  47 2016-03-01T00:47:43  <Luke-Jr> it's quite possible CT may not be necessary too
  48 2016-03-01T00:47:43  <aknix> But he said it cant and argued that type of thing cant ever happen
  49 2016-03-01T00:47:52  <petertodd> aknix: what was his rational?
  50 2016-03-01T00:47:52  <aknix> I really really did no expect that from him
  51 2016-03-01T00:48:02  <Luke-Jr> sipa: no?
  52 2016-03-01T00:48:05  <aknix> He didnt elaborate, it got hot quick after that.
  53 2016-03-01T00:48:11  <sipa> i don't believe that CT in its current form is acceptable for Bitcoin, due to its huge transactions and processing requirement
  54 2016-03-01T00:48:13  <molz> well i have very little opinion of kristov because he was hired to give darkcoin a review on their code and he didn't find a hole in darksend until later someone who doesn't claim to be an expert discovered the flaw in darksend
  55 2016-03-01T00:48:36  <Luke-Jr> sipa: I thought I heard you had a way to make it smaller, or something (but I agree with that assessment of the Elements state of CT
  56 2016-03-01T00:48:58  <sipa> adam thought he had a way to make it smaller, but i'm not convinced
  57 2016-03-01T00:49:05  <Luke-Jr> ah
  58 2016-03-01T00:49:08  <sipa> in any case; just small constant factorsa
  59 2016-03-01T00:49:14  <aknix> Hahhaha, molz I had met him right around that time.
  60 2016-03-01T00:49:46  <Luke-Jr> anyway, hopefully Lightning will make CT unnecessary
  61 2016-03-01T00:49:55  <petertodd> sipa: I was talking to adam about that actually, and he (or was it me?) made the point that the overhead of CT vs. less efficient mixing may make CT overall the better tradeoff
  62 2016-03-01T00:50:06  * aknix prays to blockchain jesus
  63 2016-03-01T00:50:28  <sipa> petertodd: agree, but privacy of a blockchain/currency is a common good, and i don't believe you can actually get the benefit without forcing CT
  64 2016-03-01T00:50:48  <sipa> petertodd: tragedy of the commons
  65 2016-03-01T00:50:52  <aknix> petertodd, I said the same thing in slack today
  66 2016-03-01T00:50:55  <petertodd> sipa: that's true too
  67 2016-03-01T00:51:12  <petertodd> sipa: though with bc.i claiming to have 50% of all txs, we have a tragedy of the commons in other ways
  68 2016-03-01T00:52:26  <belcher> users do get a personal benefit from privacy, otherwise they wouldnt pay for mixers and coinjoins
  69 2016-03-01T00:52:50  <petertodd> belcher: yup, though their k-anonymity sets aren't as big as they could be
  70 2016-03-01T00:53:03  <sipa> belcher: for mixers to be useful, people who do not have anything to hide need to use them too
  71 2016-03-01T00:53:26  <petertodd> sipa: well, keep in mind that if you and I have different adversaries, a mixer can still be useful
  72 2016-03-01T00:53:38  <Luke-Jr> sipa: belcher's Joinmarket seems to incentivise them to, by giving them the fees
  73 2016-03-01T00:53:59  <belcher> to clarify, it incentives people who have nothing to hide to take part
  74 2016-03-01T00:53:59  <sipa> petertodd: fair enough
  75 2016-03-01T00:54:12  <petertodd> Luke-Jr: I assume Joinmarket is run by the FBI and act accordingly :) fortunately my adversaries are probably not the FBI!
  76 2016-03-01T00:54:37  <molz> lol
  77 2016-03-01T00:54:45  <petertodd> I use joinmarket all the time
  78 2016-03-01T00:54:55  * aknix hehheheehe bitcoin so hawt righ naow
  79 2016-03-01T00:55:03  <belcher> hopefully the FBI and CCP are not sharing information, my antics are safe in that case
  80 2016-03-01T00:55:38  <petertodd> belcher: hopefully your adversaries don't include Santa Claus, as he knows who is naughty or nice
  81 2016-03-01T00:55:43  *** frankenmint has quit IRC
  82 2016-03-01T00:57:09  <aknix> oh yay i found the kristove logs
  83 2016-03-01T00:57:13  <aknix> I did SS it
  84 2016-03-01T00:57:26  <petertodd> aknix: SS?
  85 2016-03-01T00:57:30  <aknix> screenshot
  86 2016-03-01T00:57:34  <petertodd> aknix: ah
  87 2016-03-01T00:57:40  *** rgrant has joined #bitcoin-core-dev
  88 2016-03-01T00:57:44  <sipa> this is probably not the right place for discussion that
  89 2016-03-01T00:57:49  <petertodd> sipa: +1
  90 2016-03-01T01:00:22  <aknix> Sorry just dont want to see OBPP used for populist agenda
  91 2016-03-01T01:00:53  <gmaxwell> I responded to that old survey on the list. Corrected a few things. Kristov's answers were generally okay; though.. I dunno the idea that you could compare the privacy of a webwallet that sends a server all it's addresses and a full node, is kind of bonkers to me.
  92 2016-03-01T01:01:01  *** catlasshrugged has joined #bitcoin-core-dev
  93 2016-03-01T01:01:06  <catlasshrugged> hello!
  94 2016-03-01T01:01:18  <aknix> Oh hey
  95 2016-03-01T01:01:23  <aknix> at long last
  96 2016-03-01T01:04:38  <catlasshrugged> kristov from obpp here
  97 2016-03-01T01:04:57  <catlasshrugged> someone mentioned people were discussing some concerns about our report here
  98 2016-03-01T01:06:09  <aknix> catlasshrugged, Thanks for pming me and clearing that up!
  99 2016-03-01T01:06:14  <gmaxwell> Hi, I also emailed you directly before the discussion here.
 100 2016-03-01T01:06:44  <catlasshrugged> I saw that
 101 2016-03-01T01:08:26  <catlasshrugged> just going to try to clear up a few points of confusion, either on my end or others'
 102 2016-03-01T01:09:17  <catlasshrugged> "4.Does your application fully implement BIP 62? <-- lol?" sorry this question was worded poorly, we were trying to determine whether wallets were doing their crypto in a fingerprintable way, and implementing all of the anti-malleability checks in BIP 62 was one short-hand way to do it.
 103 2016-03-01T01:09:53  <gmaxwell> Sweet.  -- FWIW, I think the whole idea of reviewing wallet privacy is a great one, even if I'm lost at your results.
 104 2016-03-01T01:10:15  <gmaxwell> catlasshrugged: I kinda figured that. In any case, non-issue now-- thanks to changes in 0.11.2 wallets that don't are no longer transacting.
 105 2016-03-01T01:10:51  <catlasshrugged> "Likewise, they rated Bitcoin-Qt at 0 for physical security;" nope, Bitcoin-Qt got a zero for physical privacy. I know there is overlap, but this wasn't a security-focused assessment. It's all 100% driven by our threat model.
 106 2016-03-01T01:10:59  <gmaxwell> I didn't realize you were asking that earlier-- funny that both armory and electrum (among others) were still not producing lowS signatures when 0.11.2 came out.
 107 2016-03-01T01:12:07  <gmaxwell> catlasshrugged: the only other wallet which recieved that rating was darkwallet. I'm not finding anything in the questionare that helps me understand that.
 108 2016-03-01T01:12:30  <catlasshrugged> see the section of the threat model that mentions physical surveillance to see how scores are derived for that section. I wouldn't mind adding the RF timing attacks, although I don't think it would affect any wallet's score much as the attack is extremely unlikely and not scalable.
 109 2016-03-01T01:13:03  <catlasshrugged> whereas "grabbing qr codes from mobile screens" is at least vaguely scalable attack, though still representing a very small % of the overall score we awarded.
 110 2016-03-01T01:13:30  <catlasshrugged> the questionnaire is only half (or maybe less) of our criteria.
 111 2016-03-01T01:13:52  <catlasshrugged> most of the data  was gathered by volunteers directly interacting with the wallets.
 112 2016-03-01T01:14:19  <catlasshrugged> and answering TRUE/FALSE questions or counting # of clicks to perform certain actions according to the script that we prepared.
 113 2016-03-01T01:14:28  <gmaxwell> catlasshrugged: Other than wallets which remotely send their address information to third parties instead of storing it locally, what mecneisms for 'physical' security are you counting here?
 114 2016-03-01T01:14:58  *** _alp_ has joined #bitcoin-core-dev
 115 2016-03-01T01:15:04  <gmaxwell> many wallets you rated more highly for physical security are browser based and would have left identifying information in browser caches.
 116 2016-03-01T01:15:08  <catlasshrugged> https://github.com/OpenBitcoinPrivacyProject/wallet-ratings/blob/master/report-02/threat%20model.wiki
 117 2016-03-01T01:15:35  <catlasshrugged> scroll down to "physical adversary"
 118 2016-03-01T01:16:33  <gmaxwell> ah this is useful at least.
 119 2016-03-01T01:16:55  <catlasshrugged> We'll be revising our threat model soon for the next edition. Input extremely welcome!
 120 2016-03-01T01:17:03  <catlasshrugged> I've been trying to solicit help for a long while now.
 121 2016-03-01T01:17:26  <gmaxwell> I wasn't aware of this list-- I had seen your prior report.
 122 2016-03-01T01:18:01  <catlasshrugged> "onsidering those questionare answers which were mostly privacy positive (BIP 69 where kristov gave a misleading answer-- I don't think we should implement BIP69, it doesn't improve privacy and could hurt it); it's remarkable to me that they rated Bitcoin-QT poorly if thats where their information was coming from." the only criteria relevant Bitcoin-Qt received full marks for for random sorting of outputs.
 123 2016-03-01T01:18:03  <gmaxwell> catlasshrugged: I'm not sure how to handle things like "The user can easily erase the application and all its metadata if the decide to stop using the wallet or device" --- on modern OS's and disks, its not actually possible to do this in an application, nothing short of a secure erase does this.
 124 2016-03-01T01:18:25  <aknix> "Unless the user explicitly requests for them to be displayed, do not display Bitcoin addresses in text or QR code form, or transaction hashes" - This seems a bit cumbersome, I dont think people would treat this much differently than a check anyway..
 125 2016-03-01T01:19:29  <aknix> Also is providing a pseudo UI for a bitcoin wallet a good idea either?
 126 2016-03-01T01:19:47  <aknix> idk some of this seems silly to me..
 127 2016-03-01T01:19:52  <catlasshrugged> "... like are we being negatively marked here for doing the _only_ thing known to provide strong privacy?" nope, only Bitcoin-Qt and armory got points for this criteria, all other wallets got 0
 128 2016-03-01T01:20:03  <kanzure> "attack is unlikely and not scalable" unlikely attacks should still be defended against; especially if you are explicitly saying it is your job to communicate this to your readers.
 129 2016-03-01T01:20:08  <catlasshrugged> some of them use bloom filters but those filters include effectively 0% of the blockchain, so they got a 0
 130 2016-03-01T01:20:50  <catlasshrugged> kanzure: ...I don't know how to parse that statement.
 131 2016-03-01T01:20:58  <gmaxwell> kanzure: I agree that from a purely privacy specific perspective sidechannels is not a dominating concern; (though I think I'd put it at least as important as having a boss key)
 132 2016-03-01T01:21:00  *** Guest94923 has joined #bitcoin-core-dev
 133 2016-03-01T01:21:33  <kanzure> catlasshrugged: i think the only relevant reply i can muster is "who is john galt?"
 134 2016-03-01T01:21:54  *** Guest94923 is now known as [_smitty]
 135 2016-03-01T01:21:58  <catlasshrugged> ""100%, unless a user bootstraps downloading the blockchain. Bootstrapping will potentially limit the user's anonymity set to other people who have downloaded that bootstrap.dat file." This wasn't figured into my ratings, but I was observing that some adversaries could correlate the download of a bootstrap.dat file with a node that starts downloading blocks exactly where the bootstrap.dat file leaves off.
 136 2016-03-01T01:22:14  <catlasshrugged> alllllrighty
 137 2016-03-01T01:22:28  <aknix> no need to do that anymore
 138 2016-03-01T01:22:28  <gmaxwell> catlasshrugged: Ah, I follow your thinking now at least.
 139 2016-03-01T01:22:39  <aknix> The .12 client syncs from scratch in only a few hours
 140 2016-03-01T01:22:45  <gmaxwell> Yes, I should have responded that since 0.10 bootstraps are depricated.
 141 2016-03-01T01:22:55  <catlasshrugged> "gmaxwell: improving it seems likely to result in their organisation gaining credibility without having anyone actually competent producing the future reports." hey luke, just letting you know I read this :-)
 142 2016-03-01T01:23:14  <catlasshrugged> Sorry, not sure why I said "my" ratings -- our ratings
 143 2016-03-01T01:23:18  *** AaronvanW_ has joined #bitcoin-core-dev
 144 2016-03-01T01:24:02  <catlasshrugged> "aknix: now granted, PM's are meant to be private, so keep that in mind" thanks petertodd :)
 145 2016-03-01T01:24:04  <gmaxwell> catlasshrugged: well, to be fair; I think your result is shocking. And it's a open question if I'd be doing the ecosystem a greater favor to contribute to improving the process, or instead to draw attention to how broken it is...
 146 2016-03-01T01:24:23  <aknix> catlasshrugged, I am watching you ;)
 147 2016-03-01T01:24:29  <aknix> loljk
 148 2016-03-01T01:24:51  <gmaxwell> I mean, you should be embarssed that your process resulted in rating this https://www.reddit.com/r/Bitcoin/comments/447s7c/samourai_is_the_most_private_and_anonymous/ over bitcoin core.
 149 2016-03-01T01:24:59  <catlasshrugged> go on?
 150 2016-03-01T01:25:11  <_alp_> lol samouri
 151 2016-03-01T01:25:21  <aknix> ooooof
 152 2016-03-01T01:25:28  <_alp_> but it supports BIP-PAYMENT-CODES!
 153 2016-03-01T01:25:28  <catlasshrugged> I am not sure how to include "I didn't like the way these guys acted on Reddit" into my privacy threat model, but I'm all ears
 154 2016-03-01T01:26:11  <gmaxwell> catlasshrugged: not even a question of acting, closed source wallet that secretly phoned a third party and gave it's users addresses up. Ouch.
 155 2016-03-01T01:26:37  <catlasshrugged> for the record, I do not appreciate being told that "I should be embarrassed." I don't deserve that.
 156 2016-03-01T01:27:04  <gmaxwell> Sorry, let me retry that: I would be embarassed if it were me. I dunno about you.
 157 2016-03-01T01:27:24  <catlasshrugged> that's not really less dickish...
 158 2016-03-01T01:27:24  *** AaronvanW has quit IRC
 159 2016-03-01T01:27:30  <catlasshrugged> the closed source state is in the threat model; they lost points for it.
 160 2016-03-01T01:27:38  <gmaxwell> No, but it's honest.
 161 2016-03-01T01:27:53  <catlasshrugged> Are you a practicer of "radical honesty" or something?
 162 2016-03-01T01:28:05  <catlasshrugged> as I understand it, SW intend to open source in the future, but that's not relevant to their score this time around
 163 2016-03-01T01:28:13  <gmaxwell> even ignoring their behavior, wallets that are telling third parties users addresses should be massively lower in privacy baseline.   Being unclear/deceptive about the privacy model should be it's own thing too; but the whole idea that a wallet is meaningfully providing privacy at all when it's phoning home addresses, ...
 164 2016-03-01T01:28:27  * aknix would prefer being told the truth than anything else. I have always come to some bitcoin channel for that over the years ;)
 165 2016-03-01T01:28:36  <pigeons> _alp_: i see a smiliar name on both the payment codes bip and the obpp
 166 2016-03-01T01:29:00  <aknix> You should know this catlasshrugged, brutal honesty is always lurking in IRC
 167 2016-03-01T01:29:10  <gmaxwell> catlasshrugged: I don't know why you included a closed source wallet at all? -- e.g. how can its properties be evaluated? the discovery that it's sending the users address info upstream required reverse engineering the binary.
 168 2016-03-01T01:29:22  <catlasshrugged> source isn't closed to me :-)
 169 2016-03-01T01:29:37  <pigeons> before the report you had the source?
 170 2016-03-01T01:29:42  <aknix> not sure if better or worse
 171 2016-03-01T01:29:56  <pigeons> before you rated them?
 172 2016-03-01T01:30:00  <catlasshrugged> a related question is "why include an alpha wallet". those are valid concerns, but overall I don't think it's a very interesting feature of the report
 173 2016-03-01T01:30:39  <catlasshrugged> if someone busts their ass to look in depth at 20 different wallets and your only response is "I don't like that you included this wallet," that's not feedback I care hugely about.
 174 2016-03-01T01:30:46  <gmaxwell> catlasshrugged: in any case, my concern wasn't that it was closed source (I think that should outright preclude it even ignoring privacy);  but I think the scoring must be busted if you're raking wallets who send all the users addresses to a member of the blockchain allance over a full node.
 175 2016-03-01T01:31:03  <gmaxwell> catlasshrugged: thats not the only feedback you're getting here for sure.
 176 2016-03-01T01:31:17  <catlasshrugged> we talked a couple weeks ago about full nodes
 177 2016-03-01T01:31:24  <catlasshrugged> I think they are less important than you do
 178 2016-03-01T01:31:28  <gmaxwell> catlasshrugged: all the more disappointing.
 179 2016-03-01T01:31:52  <catlasshrugged> I would love to get some input from Bitcoin-Qt devs on this, but at the moment I'm not really clear on how to form a working relationship here
 180 2016-03-01T01:32:48  <aknix> I think everyone is willing here, but you are really picking holes in areas that arent really realistic for most users.
 181 2016-03-01T01:33:17  <aknix> granted it is a tough thing to do...
 182 2016-03-01T01:33:32  <aknix> I would be willing to help revise guidelines for example.
 183 2016-03-01T01:33:55  <catlasshrugged> we hold 100% open meetings and our mailing list is 100% open for participation
 184 2016-03-01T01:34:08  <catlasshrugged> if you'd like to see any positive changes, this is really easy to do
 185 2016-03-01T01:34:30  <catlasshrugged> ask anyone who has participated before, I haven't turned down a single person or contribution since we started the ratings project.
 186 2016-03-01T01:35:37  <kanzure> then perhaps you should show them the logs from today in here
 187 2016-03-01T01:35:46  <kanzure> it would save us time and be a generous olive branch
 188 2016-03-01T01:37:14  <catlasshrugged> I will gladly post this log to our mailing list, though I am not sure what actionable feedback has been provided so far
 189 2016-03-01T01:37:24  <gmaxwell> catlasshrugged: well I invested nearly an hour responding to your older questionare; I never saw it previously.  Time is obviously fairly limited.
 190 2016-03-01T01:37:43  <gmaxwell> catlasshrugged: do you have a parallel wiki page with the actual scorings for those criteria?
 191 2016-03-01T01:37:50  <kanzure> actional feedback like category and score and rating improvements, hmm not very actionable i guess
 192 2016-03-01T01:38:02  <catlasshrugged> for example, if people believe that having a full copy of the blockchain is of the ultimate importance, there has to be a discussion about that. I can't just say "citation: gmaxwell"
 193 2016-03-01T01:38:19  *** rgrant has left #bitcoin-core-dev
 194 2016-03-01T01:39:00  <randy-waterhouse> actionable feedback into a nebulous, subjective process seems a bit pointless?
 195 2016-03-01T01:39:08  <kanzure> there are many discussions about that
 196 2016-03-01T01:39:42  <gmaxwell> kanzure: actualble would be that I can't really repect this project while-- absent any severe privacy goofs-- it continues to rate full node (or things with equivilent privacy properties) below other kinds of wallets.-- that your effort would rate things that  litterally stream users private data to third parties who will exploit that data commercially, is just astonishing, and it really makes m
 197 2016-03-01T01:39:48  <gmaxwell> e question the good faith involvement of everyone responsbile.
 198 2016-03-01T01:39:51  <kanzure> randy-waterhouse: https://bitcoin.org/en/bitcoin-core/features/validation
 199 2016-03-01T01:40:05  <kanzure> http://blog.sia.tech/2016/01/20/what-makes-bitcoin-special/
 200 2016-03-01T01:40:09  <catlasshrugged> randy-waterhouse: oh, do you have a proposal for a clearer, less subjective process? I am very interested in such proposals, though generally find that people who have said things like that so far haven't actually bothered to go to github.com and read ours
 201 2016-03-01T01:40:11  <kanzure> http://bluematt.bitcoin.ninja/2015/01/14/decentralization/
 202 2016-03-01T01:40:34  <gmaxwell> catlasshrugged: having a full copy isn't what I'd consider important: not leaking the users private data to third parties is... and right now the only ways we can do that are sending the whole chain or PIR and no one has implemented PIR for this yet.
 203 2016-03-01T01:40:58  <kanzure> https://www.reddit.com/r/bitcoinxt/comments/3vhn88/businesses_need_certainty_of_excess_capacity/cxo19r9
 204 2016-03-01T01:41:00  <catlasshrugged> so... "private data" is pretty nebulous, speaking of nebulousness. there are different kinds of information
 205 2016-03-01T01:41:29  <catlasshrugged> I would love to see some better PIR implementations!
 206 2016-03-01T01:41:37  <gmaxwell> catlasshrugged: sure, but sending a list of the users addresses (or equivilently a HD master seed) home is not nebulus.
 207 2016-03-01T01:41:38  <kanzure> catlasshrugged: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-November/011671.html
 208 2016-03-01T01:41:46  <catlasshrugged> ("better" compared to the not very successful bloom filter implementations to date)
 209 2016-03-01T01:42:03  <kanzure> anyway, it should be obvious by now that "full nodes" aren't just a figment of gmaxwell's imagination
 210 2016-03-01T01:42:11  <kanzure> if you need another pile of links just ask me i'll be happy to DoS you with links
 211 2016-03-01T01:42:11  <gmaxwell> catlasshrugged: well bitcoin core has "PIR" in the naieve form: send everyone the whole database is PIR. :)
 212 2016-03-01T01:42:56  <catlasshrugged> kanzure: thanks. I've read that, though, and doesn't change my opinion about the importance of having a full node vs resistance to blockchain analysis.
 213 2016-03-01T01:43:25  <kanzure> catlasshrugged: i think you should include disclaimers like "review by bitcoin core developers has said x about this rating scheme"
 214 2016-03-01T01:43:25  <catlasshrugged> gmaxwell: yes :)
 215 2016-03-01T01:43:36  <gmaxwell> kanzure: bleh
 216 2016-03-01T01:43:39  *** proslogion has quit IRC
 217 2016-03-01T01:43:41  <kanzure> and also you should send the logs to your group, i think it would be a useful disclosure for you to make
 218 2016-03-01T01:44:03  <catlasshrugged> sure, I'll send the logs as soon as I wrap this up.
 219 2016-03-01T01:44:08  <gmaxwell> catlasshrugged: what does ledger (for example) do for resistance to blockchain analysis that Bitcoin Core does not.
 220 2016-03-01T01:44:09  <kanzure> gmaxwell: i don't have a better idea
 221 2016-03-01T01:44:11  <gmaxwell> ?
 222 2016-03-01T01:44:52  <gmaxwell> kanzure: catlasshrugged is saying that he'd like to improve the process, improving it is better than leaving it unimproved and crapping on it from afar.
 223 2016-03-01T01:44:57  <catlasshrugged> automatic selection of receiving addresses, HD wallet structure...
 224 2016-03-01T01:45:32  <petertodd> catlasshrugged: maybe I missed something, but how are HD wallet's helping here?
 225 2016-03-01T01:45:36  <gmaxwell> catlasshrugged: uh.. you know that it's externally undetectable to users if bitcoin core uses HD wallets; right?
 226 2016-03-01T01:46:04  <catlasshrugged> HD wallets are hugely useful for incentivizing users to not reuse addresses. Keep in mind, this review is focused on the average Bitcoin user largely, and not expert users.
 227 2016-03-01T01:46:14  <gmaxwell> Bitcoin Core almost forces users to not reuse addresses, to get an old address you need several clicks (I think one is a right click).
 228 2016-03-01T01:46:25  <catlasshrugged> An expert Bitcoin user can probably do everything and more with Bitcoin-Qt that he can do with Ledger.
 229 2016-03-01T01:46:44  <gmaxwell> catlasshrugged: How is this useful for incentivizing users to not reuse addresses?
 230 2016-03-01T01:47:24  <gmaxwell> E.g. Bitcoin core displays no static "wallet adresse", to get an address you hit a button which always gives you a fresh one.
 231 2016-03-01T01:47:55  <catlasshrugged> gmaxwell: oops, you're right about the clicks -- Bitcoin-Qt got 0 clicks for that = full score
 232 2016-03-01T01:48:02  <gmaxwell> I wouldn't be surprised if a typical non-advanced user was actually unable to reuse addresses, short of writing them down outside of the application.
 233 2016-03-01T01:48:43  <catlasshrugged> it complicates the backup process
 234 2016-03-01T01:49:08  <gmaxwell> catlasshrugged: users cannot escape that by reusing addresses in bitcoin core, due to change.
 235 2016-03-01T01:49:12  <aknix> catlasshrugged, Wow this for regular users? Really? This way too  much for your average banker off the street to handle, and they handle a bunch...
 236 2016-03-01T01:49:12  <catlasshrugged> I'm going to be writing some blog posts about the data set and hopefully highlighting strengths and weaknesses
 237 2016-03-01T01:49:19  <gmaxwell> From a privacy perspective, I'm still not seeing your argument.
 238 2016-03-01T01:49:21  <petertodd> catlasshrugged: yes, but that's not a privacy problem (and in some cases non-HD, 'bag of keys', wallets have better privacy)
 239 2016-03-01T01:49:30  *** AaronvanW_ has quit IRC
 240 2016-03-01T01:49:43  <_alp_> So I can't reuse addresses in electrum since its HD?  Strange, I do that all the time.
 241 2016-03-01T01:49:48  <catlasshrugged> I would consider doing a point-by-point comparison between Ledger and Bitcoin-Qt, although I am seriously wondering whether this will be an invitation to be nitpicked to death
 242 2016-03-01T01:49:56  <gmaxwell> E.g. if reusing addresses made backup easier I'd agree with you that points should be deducted there.
 243 2016-03-01T01:50:12  <catlasshrugged> N.B. ***no one in this room is an average Bitcoin user.***
 244 2016-03-01T01:50:14  <petertodd> catlasshrugged: e.g. I personally use bitcoin core as a day-to-day spending wallet, and then delete my wallet.dat files regularly to prevent making mistakes that accidentally combine inputs I don't want combined
 245 2016-03-01T01:50:31  *** gevs has quit IRC
 246 2016-03-01T01:51:02  <catlasshrugged> I'd be interested in discussing the privacy effects of HD wallets some more some time, but I actually don't want to get into it right now.
 247 2016-03-01T01:51:05  <gmaxwell> catlasshrugged: well it would be, I'm not saying that I would be surprised that bitcoin core wasn't rated top or whatever, rather that things that were rated about it were ones that phone home the users addresses... thats horrifying to me. And I'd like to know what in particular you think these half dozen other wallets did better to justify the higher rating than core while they had that fundime
 248 2016-03-01T01:51:11  <gmaxwell> ntal privacy flaw.
 249 2016-03-01T01:51:13  <petertodd> catlasshrugged: yes, my way of using Bitcoin Core is definitely not an average user's way - but all the same, it's not a *negative* for privacy
 250 2016-03-01T01:51:35  <gmaxwell> I only brought up ledger to try to get a specific list of (mis)features; I'm sure ledger is great.  (the ledger folks strike me as supremely confident)
 251 2016-03-01T01:51:36  <aknix> Wow so there is a bunch of silly or unrealistic stuff in this list: https://github.com/OpenBitcoinPrivacyProject/wallet-ratings/blob/master/report-02/threat%20model.wiki
 252 2016-03-01T01:51:38  <gmaxwell> er competent!
 253 2016-03-01T01:51:43  <aknix> Deffinitely not for a regular wallet user
 254 2016-03-01T01:51:50  <aknix> but you said otherwise?
 255 2016-03-01T01:52:18  <pigeons> make like this https://www.eff.org/secure-messaging-scorecard
 256 2016-03-01T01:52:20  <catlasshrugged> aknix: not all of them are weighted equally, see the weights.wiki doc for that
 257 2016-03-01T01:52:21  <aknix> These rating criteria need refining
 258 2016-03-01T01:52:35  <aknix> ahh ok that helps but a pseudo UI cmon
 259 2016-03-01T01:53:00  <catlasshrugged> pigeons: what do you like about that one?
 260 2016-03-01T01:53:19  <pigeons> it tells each thing being considered
 261 2016-03-01T01:53:25  <gmaxwell> catlasshrugged: where are the actual ratings for the wallet? I'd like to make for myself a list of things that your process rated other wallets higher than bitcoin core... both for a mixture of nitpicking and improvement.
 262 2016-03-01T01:54:06  <catlasshrugged> I'd be happy to send you a copy of the ratings for Bitcoin-Qt
 263 2016-03-01T01:54:22  <catlasshrugged> last edition we posted them on GitHub, but no one noticed so I didn't bother this time aroun
 264 2016-03-01T01:54:25  <catlasshrugged> d
 265 2016-03-01T01:54:36  <pigeons> "pysical privacy" is much more nebulous than "sends addresses to third parties"
 266 2016-03-01T01:54:42  <petertodd> catlasshrugged: I think you need to preserve raw data like that even if no-one seems to notice
 267 2016-03-01T01:55:06  <petertodd> pigeons: yeah, once the attacker is standing next to you all bets are off anyway...
 268 2016-03-01T01:55:08  <catlasshrugged> consider it "available upon request"
 269 2016-03-01T01:55:27  <petertodd> pigeons: heck, I don't even put a pin on my trezor for that reason
 270 2016-03-01T01:55:28  <aknix> hmm thats not very bitcoin like.
 271 2016-03-01T01:55:28  *** Chris_Stewart_5 has joined #bitcoin-core-dev
 272 2016-03-01T01:55:33  <gmaxwell> catlasshrugged: well what would be most useful for non-nitpicking is a list of criteria that other things rated higher in.  I mean, I don't care about your boss key criteria at all if almost everything else failed it too. :)  (I don't think it's an important privacy feature, though I do at least agree it is a privacy feature)
 273 2016-03-01T01:56:07  <catlasshrugged> primarily what I think the bitcoin core team would want to nitpick on would be our weights.wiki page (which unfortunately does not give good detail about why we chose the weights, I'd like to improve that next edition)
 274 2016-03-01T01:56:36  *** frankenmint has joined #bitcoin-core-dev
 275 2016-03-01T01:56:37  <catlasshrugged> gotcha
 276 2016-03-01T01:56:53  <catlasshrugged> yeah, all wallets failed most of the criteria given that the top score was 50
 277 2016-03-01T01:56:54  <petertodd> catlasshrugged: re: weights, I'd suggest you try to decide on them first, make a commitment to those weights, and only then evaluate wallets against the weights - good way to respond to accusations of bias
 278 2016-03-01T01:57:09  <gmaxwell> catlasshrugged: I do think that my complainin here probably does reduce to weighing.. but in terms of places where we could improve or where we're actually doing better than your process realizes, just knowing criteria where other things were higher would be helpful.
 279 2016-03-01T01:57:12  <catlasshrugged> petertodd: that is absolutely what we did.
 280 2016-03-01T01:57:23  <petertodd> catlasshrugged: did you do it in a way that's publicly reproducable?
 281 2016-03-01T01:57:28  <catlasshrugged> I don't pretend that anyone would care about my opinion about a particular wallet
 282 2016-03-01T01:57:54  <gmaxwell> petertodd: I don't know that this has much value though; after all, I was arguing with catlasshrugged in #bitcoin a few weeks ao about the importance of not sending your address information to third parties.
 283 2016-03-01T01:58:05  <catlasshrugged> petertodd: partially. we wrote down how much weight we assigned to various categories, but did not write down full English descriptions of why
 284 2016-03-01T01:58:31  <petertodd> catlasshrugged: ok, so, publicly reproducable would be at minimum something like a tweet "the sha256 hash of our chosen weights is: xxx"
 285 2016-03-01T01:58:36  <catlasshrugged> so for example we might have said that blockchain analytics are 10 times more dangerous than physical surveillance, but didn't specify why we thought so.
 286 2016-03-01T01:58:55  <gmaxwell> petertodd: it's not like anyone involved failed to know that if you rank "doesn't send your address info to third parties" very highly the result will be to put armory and bitcoin core very highly.
 287 2016-03-01T01:58:56  <aknix> catlasshrugged, How can you not disclose the weights?
 288 2016-03-01T01:58:56  <petertodd> gmaxwell: yeah, I'm very concerned about third-parties getting addresses myself
 289 2016-03-01T01:59:03  <catlasshrugged> oh, I see. does anyone really think we modified our weights after the fact and are lying about it?
 290 2016-03-01T01:59:15  <catlasshrugged> that is pretty uncharitable
 291 2016-03-01T01:59:24  <gmaxwell> catlasshrugged: no no. but PT was suggesting a scheme that would prevent that, and I'm saying it's not a concern.
 292 2016-03-01T01:59:28  <catlasshrugged> aknix: weights are in the weights.wiki file
 293 2016-03-01T01:59:29  <gmaxwell> at least not right now.
 294 2016-03-01T01:59:43  <aknix> catlasshrugged, Ahh thanks, i missed that
 295 2016-03-01T01:59:49  <gmaxwell> catlasshrugged: it's sometimes an issue though, when you have 1001 criteria you can sometimes change the weights slightly to really rig the outcome.
 296 2016-03-01T01:59:57  <petertodd> catlasshrugged: it is, but it's an easy thing to prevent people from thinking - the same kind of process is done all the time in big physics experiements to prevent bias
 297 2016-03-01T01:59:58  <randy-waterhouse> the privacy criteria should end up identical to a design spec. for a high privacy product or else it's just game playing 'weightings' with features
 298 2016-03-01T02:00:15  <catlasshrugged> fair enough. I'll consider that for next time
 299 2016-03-01T02:00:21  <catlasshrugged> creating a github issue now...
 300 2016-03-01T02:00:42  <aknix> catlasshrugged, Whoa cant we simplify this?
 301 2016-03-01T02:00:47  <aknix> this is obtuse
 302 2016-03-01T02:00:54  *** frankenmint has quit IRC
 303 2016-03-01T02:01:11  <petertodd> catlasshrugged: thanks! you can point out you're using the same process that cern uses :) you can probably dig up a press release or something describing it to explain to the general public
 304 2016-03-01T02:01:58  <gmaxwell> petertodd: it doesn't help that many of the names on the project have been very adversarial towards Bitcoin Core in the past, work for wallets included in the report etc.
 305 2016-03-01T02:02:18  <petertodd> gmaxwell: agreed - they have a lot to overcome
 306 2016-03-01T02:02:30  <catlasshrugged> I really would welcome a discussion about the comparative importance of blockchain analysis countermeasures vs network privacy leaks, perhaps that could take place over a mailing list or a Google Hangout some time.
 307 2016-03-01T02:02:34  <gmaxwell> the report is beautiful though, and the area is important for work.
 308 2016-03-01T02:03:21  <catlasshrugged> I mention the blockchain analysis vs network stuff as probably the primary determinant of Bitcoin-Qt's rank relative to other wallets. Getting the weights is the hardest part, but I want it to be the absolute best we can make it.
 309 2016-03-01T02:03:52  <petertodd> catlasshrugged: I doubt we're going to know what the comparative importance really is until we get the snowden of chainalysis... but I strongly suspect network privacy is a big issue, given how easily it can corrolate all your addresses
 310 2016-03-01T02:04:01  <gmaxwell> I do think the comparison is a false dichotomy though; your highest rated wallet _I think_ does nothing better than bitcoin core for blockchain analysis resistance, but it's far weaker to 'network' and 'server' analysis resistance.
 311 2016-03-01T02:04:44  <gmaxwell> So even if we don't know how to weigh one vs another; we can agree both are very important for privacy. (I think we do)
 312 2016-03-01T02:04:47  <catlasshrugged> Primary take-aways I would like from the report are: Privacy protections still weak, everyone needs to do better | Some clear trends for winners and losers (e.g. custodial vs non) | some of the best funded providers are not doing the best at privacy
 313 2016-03-01T02:05:09  <catlasshrugged> take-aways I am not looking to express: Ledger is better than Bitcoin-Qt; Bitcoin-Qt sucks!
 314 2016-03-01T02:06:19  <gmaxwell> catlasshrugged: too bad, that isn't how the report presentation comes out.
 315 2016-03-01T02:06:30  <gmaxwell> Esp with the ranked score on the first page. :)
 316 2016-03-01T02:06:50  <gmaxwell> If you want that you should be counting the privacy fails instead, and enumerating the things they don't do.
 317 2016-03-01T02:07:15  <catlasshrugged> If you have any thoughts on how to improve, I welcome them. I don't know how to make the process not utterly subjective without subjective the wallets to some standardized rating system based on systemic analysis
 318 2016-03-01T02:07:57  <petertodd> catlasshrugged: it'd be less subjective if it wasn't ranked, but rather, you talked about what kinds of attackers wallets were vulnerable too
 319 2016-03-01T02:08:12  <catlasshrugged> what would that look like?
 320 2016-03-01T02:08:28  *** Ylbam has quit IRC
 321 2016-03-01T02:09:04  <catlasshrugged> we do want to provide comparative analysis that is easily consumed to provide competitive pressure. I'm sure that you've noticed that, in the absence of competitive pressure, things haven't improved much lately.
 322 2016-03-01T02:09:04  <gmaxwell> I think my intuition is "Here is the list of the worst things wallets to wrong againt attacker X"
 323 2016-03-01T02:09:12  <petertodd> catlasshrugged: start with some descriptions of those attackers, then have a big check box matrix for which wallets are and are not vulnerable to each attacker
 324 2016-03-01T02:09:24  <gmaxwell> And then you list the criteria that are done wrong by the most wallets, with then a list of which wallets did them wrong.
 325 2016-03-01T02:09:28  <catlasshrugged> how do I make that meaningful to the average Bitcoin user?
 326 2016-03-01T02:09:48  <catlasshrugged> again, I'll remind you that #bitcoin-core-dev is not the primary target audience for these reports.
 327 2016-03-01T02:09:54  <gmaxwell> catlasshrugged: if your message is that they all suck than your audience isn't an actual bitcoin user, it's the industry.
 328 2016-03-01T02:09:55  <petertodd> catlasshrugged: seriously: get some graphics/storyboards done illustrating what those attackers can do and who they might be
 329 2016-03-01T02:10:13  <petertodd> gmaxwell: +1
 330 2016-03-01T02:10:23  <catlasshrugged> the industry generally does not give a flying fuck about my concerns ;-)
 331 2016-03-01T02:10:26  <gmaxwell> If you're saying the user is the target audience then you're currently telling them to run samouri wallet over bitcoin core; a closed source wallet that phones home the users addresses.
 332 2016-03-01T02:10:44  <gmaxwell> I'm not saying you _intend_ to say that, but thats what the report says to joe reader.
 333 2016-03-01T02:10:45  <petertodd> catlasshrugged: journalists can help fix that
 334 2016-03-01T02:10:49  <catlasshrugged> this is why Consumer Reports doesn't write letters of concern to the makers of products
 335 2016-03-01T02:11:06  <petertodd> catlasshrugged: consumer reports deals in an industry where most people are doing things basically right
 336 2016-03-01T02:11:37  <aknix> catlasshrugged, I think you are close to having a very good report here. just need simplify a bit you are on the right track. Just need to simplify and refine oh and not be biased ;)
 337 2016-03-01T02:11:42  <catlasshrugged> petertodd: I'm not clear on how that is relevant
 338 2016-03-01T02:12:17  <catlasshrugged> I worked pretty hard to eliminate bias. I think we could do better in the future, but could not have reasonably done better in the past.
 339 2016-03-01T02:13:18  <petertodd> catlasshrugged: in the field consumer reports is dealing with, there are standards already in place, so companies that don't adhere to those standards are just cutting corners knowingly, or simply screwed up and accidentally released a lemon
 340 2016-03-01T02:13:20  <gmaxwell> catlasshrugged: How do you have access to that wallet's source code?
 341 2016-03-01T02:13:38  <petertodd> catlasshrugged: we're in a field where there isn't yet general acceptance of how to do things right, and what the downsides of doing things wrong is
 342 2016-03-01T02:14:01  <catlasshrugged> gmaxwell: the developers have shared it with me individually in the past.
 343 2016-03-01T02:14:22  <catlasshrugged> that doesn't mean anything as far as vouching goes, I don't think
 344 2016-03-01T02:14:27  <petertodd> catlasshrugged: while I'm not saying you're biased, be warned that using that kind of evidence as a basis invites suspicion
 345 2016-03-01T02:14:51  <gmaxwell> catlasshrugged: Ah. I was wondering if you were involved with its development.
 346 2016-03-01T02:14:57  <catlasshrugged> petertodd: I find that wallet providers are extremely aware of what they're doing wrong and why they're not addressing it.
 347 2016-03-01T02:15:07  <catlasshrugged> I am not.
 348 2016-03-01T02:16:04  <catlasshrugged> The only project I work on did not score highly in the report
 349 2016-03-01T02:16:33  <gmaxwell> ::nods::
 350 2016-03-01T02:16:35  <catlasshrugged> That said, dozens of people got to review the scores and all of the wallets were rated by multiple people, so there's not a lot of room for hijinks.
 351 2016-03-01T02:16:53  * gmaxwell ::shakes:: head
 352 2016-03-01T02:16:57  <gmaxwell> I don't know how you can say that.
 353 2016-03-01T02:17:02  <aknix> we all know how voting works ;)
 354 2016-03-01T02:17:10  <catlasshrugged> doing things this way tremendously increased the amount of work I had to put in, btw
 355 2016-03-01T02:17:14  <petertodd> catlasshrugged: what can I say, I have a bit more faith in them that you, at least at an upper management level - this is quite different than something like automobiles where there are detailed government standards for everything :)
 356 2016-03-01T02:18:06  <catlasshrugged> consumer reports has years of credibility built up that I don't
 357 2016-03-01T02:18:21  <catlasshrugged> it's quite reasonable to trust their reports more than you trust ones that I work one with a small number of people.
 358 2016-03-01T02:18:30  <gmaxwell> You just recommended to end users that to preserve their privacy they should run https://www.reddit.com/r/Bitcoin/comments/447s7c/samourai_is_the_most_private_and_anonymous/   If you can't acknoweldge that something is _seriously_ wrong that your process caused you to do that, or even make an _attempt_ to convince someone here that this was justfied than I don't see how futher progress is possib
 359 2016-03-01T02:18:36  <gmaxwell> le.
 360 2016-03-01T02:18:40  <petertodd> gmaxwell: +1
 361 2016-03-01T02:19:37  <catlasshrugged> the argument about the "blockchain alliance" thing is quite boring to me. I work for the company whose API samourai chose to bootstrap with. they don't do anything with the data.
 362 2016-03-01T02:19:38  <aknix> gmaxwell, +1
 363 2016-03-01T02:20:02  <catlasshrugged> you don't work there, so I can see why it wouldn't be boring to you.
 364 2016-03-01T02:20:31  <gmaxwell> catlasshrugged: The company you work for has been caught lying in the past with what it does with private data provided to it.  Even if it does not misuse it now, it might begin at ay time in the future--- and could probably be doing so without your knoweldge.
 365 2016-03-01T02:20:39  <catlasshrugged> example?
 366 2016-03-01T02:20:56  <aknix> Sheesh
 367 2016-03-01T02:21:09  <catlasshrugged> that's true, I can't tell what the data could be used for in the future, though I am fairly confident it simply isn't being stored at the moment.
 368 2016-03-01T02:21:34  <aknix> Thats very likely the case but its stilla secuirty hole
 369 2016-03-01T02:21:47  <catlasshrugged> it's definitely sub-optimal.
 370 2016-03-01T02:21:47  <gmaxwell> catlasshrugged: e.g. https://bitcointalk.org/index.php?topic=131608.0
 371 2016-03-01T02:21:59  <catlasshrugged> sometimes when you are a company that has $0 in funding, you have to bootstrap some shit.
 372 2016-03-01T02:22:10  <gmaxwell> catlasshrugged: it also can be stored by cloudflare, even if it isn't being stored by bc.i.
 373 2016-03-01T02:22:21  <aknix> "bootstrap" in that context sounds like magical numbers argument to me
 374 2016-03-01T02:22:29  <gmaxwell> catlasshrugged: I wouldn't find it much better if it were their own server instead of bc.i.
 375 2016-03-01T02:22:51  <gmaxwell> (if thats any consolation)
 376 2016-03-01T02:22:52  <aknix> yeah i dont think anyone would really
 377 2016-03-01T02:22:55  <catlasshrugged> ok, well at least if it were their own server, it would be operating the way that most of the wallets that we reviewed operate.
 378 2016-03-01T02:23:08  <aknix> at least people in this room i guess
 379 2016-03-01T02:23:24  <pigeons> catlasshrugged: are you concerned currently that new users seeking privacy with privacy needs might choose a wallet that leaks all of the addresses based on reading the current report?
 380 2016-03-01T02:23:38  <catlasshrugged> so the majority of your problem with samourai wallet vs qt is client-server vs fullnode, which we talked about earlier.
 381 2016-03-01T02:23:40  <gmaxwell> But at least their own server could have a stronger systematic protection; e.g. published documentation for how it's operated, keys not in any third party hands, etc;  no past bad track record... but I'd consider that small.
 382 2016-03-01T02:24:02  <catlasshrugged> (full node is definitely far better than client-server, I just don't think it's the most important out of all categories of attacks)
 383 2016-03-01T02:24:08  <gmaxwell> catlasshrugged: yes, virtually all of the wallets you've reviewed send deanonmizing data to third parties. Bitcoin Core does not. Too bad it's ranked way down on your list.
 384 2016-03-01T02:24:18  <gmaxwell> catlasshrugged: what is the most important?
 385 2016-03-01T02:24:40  <gmaxwell> Not reusing addresses?  Bitcoin core does as much as is possible there short of actually forbidding the users from doing it.
 386 2016-03-01T02:24:57  <catlasshrugged> I think resistance to blockchain analysis is roughly 2x more important than network-level analysis based on speaking with many people in analytics.
 387 2016-03-01T02:25:11  <gmaxwell> Integrated coinjoin? doesn't have that, but nor do virtually any of the others-- in our case it's partially because decenteralized coinjoin is pratically an unsolved problem (if not theoretically)
 388 2016-03-01T02:25:37  <catlasshrugged> yeah, coinjoin capability is heavily weighted in our scoring IIRC
 389 2016-03-01T02:25:42  <catlasshrugged> and yes, almost no one is currently doing it
 390 2016-03-01T02:25:53  <catlasshrugged> I hope by the next report, JoinMarket's GUI will be ready to go
 391 2016-03-01T02:25:58  <gmaxwell> catlasshrugged: great, now, for all the things in the list that aren't doing coinjoin; what network analytics protection do they do better than Bitcoin Core?
 392 2016-03-01T02:26:06  <catlasshrugged> and maybe we will just rate Qt+JoinMarket GUI rather than Qt by itself.
 393 2016-03-01T02:26:11  <gmaxwell> er blockchain analytics rather.
 394 2016-03-01T02:26:44  <catlasshrugged> I'll send you a list of things that one or a couple wallets got higher marks for
 395 2016-03-01T02:26:52  <catlasshrugged> it will just take some time to put together.
 396 2016-03-01T02:27:08  <gmaxwell> I would be really thankful for that.
 397 2016-03-01T02:27:17  <catlasshrugged> oh, you asked about network analytics
 398 2016-03-01T02:27:32  <gmaxwell> I ment blockchain.
 399 2016-03-01T02:27:46  <catlasshrugged> I would not be surprised if Qt received the highest marks out of all wallets with regards to network stuff
 400 2016-03-01T02:27:50  <catlasshrugged> ah, ok
 401 2016-03-01T02:29:28  <catlasshrugged> pigeons: practically speaking, I am not concerned at all about the average bitcoin user deciding not to use Qt based on the report. The average Bitcoin user simply isn't using Qt, full stop. That's not a knock on Qt, just a statement of fact about market share.
 402 2016-03-01T02:29:30  <gmaxwell> I think you're underemphasicing network; esp since the primary purpose of the current analysis companies are tying addresses to identities and geographies which cannot be done without a network component; but .. I don't think we need to resolve that weighing disagreement, because I think that Bitcoin Core does at least as well as almost everyone else in both. (ignoring e.g. coinjoin functionalit
 403 2016-03-01T02:29:36  <gmaxwell> y; or arguably 'stealth' addresses, but I can also argue that stealth addresses are of little value in the current climate today)
 404 2016-03-01T02:30:36  <gmaxwell> catlasshrugged: I would arugue, and I think I would bury you in a public debate that in terms of practical privacy Bitcoin QT (or other FN wallets like armory) are strictly superior in actually delivered privacy; and-- their vastyly superior privacy is a primary reason why a user should want to use them.
 405 2016-03-01T02:30:52  <petertodd> catlasshrugged: market share isn't relevant here - if a little-used solution provides far better privacy, then people who know what they are missing
 406 2016-03-01T02:31:08  <gmaxwell> I think you do _devistating_ harm to the bitcoin ecosystem when you present privacy disaster personal data phone-homing lite wallets as _superior_.
 407 2016-03-01T02:31:39  <gmaxwell> indeed, running a FN wallet has costs, but the superior privacy is one of the reasons a privacy conscious user should pay those costs.
 408 2016-03-01T02:31:45  <pigeons> catlasshrugged: i didnt ask about the "average bitcoin user" I asked about "new users seeking privacy with privacy needs"
 409 2016-03-01T02:32:11  <catlasshrugged> pigeons: you're right, sorry. I didn't fully read your question when I went back to look at it.
 410 2016-03-01T02:32:14  <gmaxwell> devastating*
 411 2016-03-01T02:33:32  <catlasshrugged> gmaxwell: ok.
 412 2016-03-01T02:34:22  *** p15 has quit IRC
 413 2016-03-01T02:35:52  <catlasshrugged> if anyone is interested in presenting carefully reasoned arguments about the relative merits of blockchain vs network attacks, I am extremely eager to hear them and incorporate that insight into our model for the next report.
 414 2016-03-01T02:36:23  <catlasshrugged> I think you will find that you have underestimated the level of thought I've put into the topic, but of course I may be wrong. :)
 415 2016-03-01T02:36:33  <aknix> How about we fix the weighting/section on physical adversarys to start ;)
 416 2016-03-01T02:36:44  <catlasshrugged> sorry, what's wrong with it?
 417 2016-03-01T02:36:57  <aknix> Its just unrealistic as all wallets will fail
 418 2016-03-01T02:36:58  <pigeons> you rnk shoulder surfing a greater threat than address leakage
 419 2016-03-01T02:37:08  <aknix> I mean cmon you recoomend a fake UI for a bitcoin wallet
 420 2016-03-01T02:37:18  <aknix> what are you gonna do open tinder to use bitcoin?
 421 2016-03-01T02:37:40  <aknix> this is not avergae user material
 422 2016-03-01T02:37:52  <catlasshrugged> pigeons: nope, false. you're reading it wrong.
 423 2016-03-01T02:38:16  <aknix> Other than that like i said before i thin k you are on the right track just weighting is goofy
 424 2016-03-01T02:38:28  <catlasshrugged> I'm not all that motivated to remove attacks and countermeasures from the threat model. I prefer to add to them, and weight appropriately.
 425 2016-03-01T02:38:55  <catlasshrugged> If you actually said something about HOW you think the weighting is goofy, I missed it.
 426 2016-03-01T02:39:14  <pigeons> catlasshrugged: are you concerned currently that new users seeking privacy with privacy needs might choose a wallet that leaks all of the addresses based on reading the current report?
 427 2016-03-01T02:39:19  <dirtynewshoes> catlasshrugged: Darkwallet in here at 4 is a bit confusing... I did not think it was at all really ready to be used.
 428 2016-03-01T02:39:21  <aknix> Well if samourai was rated higher than qt should i bother?
 429 2016-03-01T02:39:31  <gmaxwell> I'm still hoping to hear of _any_ blockchain analysis resistance features implemented by, say, ledger that are lacking in Bitcoin Core.  I may not agree with the relative ranking of these two critical areas, but ... I don't think bitcoin-core should fair poorly vs the other available wallets even when blockchain analysis is ranked much more highly than network facing privacy.
 430 2016-03-01T02:40:04  <catlasshrugged> dirtynewshoes: it works, although it lost some points due to the fact that the coinjoin has little volume at the moment
 431 2016-03-01T02:40:56  <dirtynewshoes> catlasshrugged: Would it be used by the average bitcoin user? (Stable enough?)
 432 2016-03-01T02:41:37  <catlasshrugged> pigeons: no. the best information that I have available (unresolved objections notwithstanding) is that users would be well served to make decisions based on the report. If they are expert users who know their way around Bitcoin-Qt, they don't need the report.
 433 2016-03-01T02:41:57  *** belcher has quit IRC
 434 2016-03-01T02:42:00  <catlasshrugged> dirtynewshoes: when you download it, it comes with several warnings. I didn't actually have any significant issues with it.
 435 2016-03-01T02:42:16  <catlasshrugged> aside from the fact that DW stealth addresses are not fully compatible with ArcBit stealth addresses
 436 2016-03-01T02:42:21  <catlasshrugged> which is noted in the report.
 437 2016-03-01T02:42:25  <petertodd> catlasshrugged: could you answer gmaxwell re: ledger vs core?
 438 2016-03-01T02:42:33  <pigeons> coinjoin has more volume than samouri
 439 2016-03-01T02:42:46  <aknix> petertodd, +1
 440 2016-03-01T02:42:58  <pigeons> *joinmarket
 441 2016-03-01T02:44:18  <catlasshrugged> not right now because I need to manually create the comparison
 442 2016-03-01T02:44:35  <catlasshrugged> but I currently plan to send him the comparison. I would be happy to CC you, if you're interested.
 443 2016-03-01T02:44:43  <petertodd> catlasshrugged: yes, please do
 444 2016-03-01T02:44:53  <catlasshrugged> whats a good email address?
 445 2016-03-01T02:44:56  <pigeons> catlasshrugged: what are ledger's blockchain analysis resistance features?
 446 2016-03-01T02:44:58  <petertodd> catlasshrugged: pete@petertodd.org
 447 2016-03-01T02:45:12  <catlasshrugged> ok
 448 2016-03-01T02:45:22  <randy-waterhouse> "If they are expert users who know their way around Bitcoin-Qt, they don't need the report." ... perhaps this caveat needs to be displayed prominently somewhere in the front of the report?
 449 2016-03-01T02:45:35  <catlasshrugged> nope, it doesn't
 450 2016-03-01T02:45:38  <randy-waterhouse> an acknowledgements section might be appropriate?
 451 2016-03-01T02:45:39  <catlasshrugged> expert users already know this
 452 2016-03-01T02:45:55  <catlasshrugged> if you're not sure about this, please scroll up ;-)
 453 2016-03-01T02:46:02  <gmaxwell> catlasshrugged: that doesn't make it okay to have a misleading report!
 454 2016-03-01T02:46:24  <catlasshrugged> I don't think there's anything in the report that suggests that its primary audience is expert bitcoin users.
 455 2016-03-01T02:46:44  <petertodd> catlasshrugged: you don't need to be an expert to run bitcoin core I'll note
 456 2016-03-01T02:46:53  <catlasshrugged> there's no way to put out this report without pissing several people off about their favorite wallet(s).
 457 2016-03-01T02:47:08  <aknix> I think its misleading in general because running QT is part of the secuirty model
 458 2016-03-01T02:47:16  <petertodd> aknix: +1
 459 2016-03-01T02:47:28  <gmaxwell> Lets imagine bob is a technical user with a serious need for privacy, he looks at your report, and doesn't even bother looking at a full node wallet whats there is burried in it; even though it would provide him seriously better privacy than many of the higher rated things in your report; at least as far as I can tell from your responses here.
 460 2016-03-01T02:47:29  <sipa> If expert bitcoin users is not the audience, perhaps you should exclude Bitcoin Core and say you consider it out of scope, instead of ranking it lower than others without any argument for doing so
 461 2016-03-01T02:47:36  <aknix> it should be at least noted that by choosing not to run a "full node" that the SAME level of secuirty can not be obtained
 462 2016-03-01T02:47:55  <aknix> I understand that is a stretch but its relevant to newb
 463 2016-03-01T02:47:57  <petertodd> sipa: Bitcoin Core is something non-experts can and do run mind you
 464 2016-03-01T02:48:01  <catlasshrugged> petertodd: that's relatively true, though when I wrote about the use of Bitcoin-Qt in a book, I found that people desperately needed the directions. Especially setting connecting it to Tor, etc.
 465 2016-03-01T02:48:12  <warren> catlasshrugged: It's one thing to weigh things differently, it's another to mislead about facts.  For example, the Samurai exposé is pretty damning yet there is no mention of it in the report?
 466 2016-03-01T02:48:32  <gmaxwell> It's just inconcievable to me that you're ranking wallets that PHONE HOME ALL THE USERS ADDRESSES over a wallet that doesn't; without smoking gun reasons like "due to this bug, QT's privacy is totally busted".
 467 2016-03-01T02:48:55  <gmaxwell> (er totally busted due to X)
 468 2016-03-01T02:48:56  <catlasshrugged> sipa: this is my best estimation, along with various other people who helped, of which wallets are best for the privacy of the median user.
 469 2016-03-01T02:49:08  <catlasshrugged> bitcoin-qt is a wallet. I'm not going to exclude it.
 470 2016-03-01T02:49:27  <sipa> catlasshrugged: then you should at least be able to give one aspect at which bitcoin-qt ranks lower than your #1
 471 2016-03-01T02:49:38  <catlasshrugged> warren: as I mentioned before, I am completely underwhelmed by the "expose"
 472 2016-03-01T02:50:02  <aknix> Wow, i am at a loss for words..
 473 2016-03-01T02:50:14  <warren> Your report would be better to exclude Bitcoin-Qt entirely, then you're at least comparing apples to apples, or "of the lite wallets which is least bad for privacy".
 474 2016-03-01T02:50:17  <catlasshrugged> I thought the poster who brought up the "expose" was a complete dick about it, and I'm sad that people were not sympathetic to the completely unpaid and hard working samourai devs
 475 2016-03-01T02:50:24  <aknix> warren +1
 476 2016-03-01T02:50:58  <dirtynewshoes> I do not believe the goal of bitcoin-qt is not to be easy privacy for the average user.. but to be a solid foundation that works well
 477 2016-03-01T02:50:59  <petertodd> catlasshrugged: on that basis, samourai should be removed for being alpha software - the excuse given was samourai is alpha software and that part hadn't been developed yet
 478 2016-03-01T02:51:11  <catlasshrugged> ok
 479 2016-03-01T02:51:37  <petertodd> catlasshrugged: it's a reasonable excuse, but it's one that's only reasonable if the walelt isn't used for anything but alpha-level testing
 480 2016-03-01T02:52:23  <warren> catlasshrugged: There's an army of people being a complete dick and not sympathetic to the completely unpaid and hard working core devs, yet that is not a valid argument in any question of security or privacy which analyzed using objective criteria.
 481 2016-03-01T02:52:31  <_alp_> I don't always alpha test, but when I do, I do on mainnet.
 482 2016-03-01T02:52:42  <petertodd> catlasshrugged: equally, until samourai implements that _missing_ part of their wallet, we can't evaluate them
 483 2016-03-01T02:52:52  <aknix> _alp_, :)
 484 2016-03-01T02:53:20  <catlasshrugged> warren: please either explain how the reddit "expose" fits into our threat model, or how our threat model could add such a thing. otherwise, this is not relevant to my interests.
 485 2016-03-01T02:53:55  <gmaxwell> catlasshrugged: if your threat model doesn't include bc.i logging all the users transactions and selling the results; then you need to stop calling your report a report on privacy.
 486 2016-03-01T02:53:56  <petertodd> catlasshrugged: if your threat model isn't covered by that expose, it's not a very good htreat model
 487 2016-03-01T02:53:57  <warren> If you think that issue isn't important in your threat model, then your threat model is flawed.
 488 2016-03-01T02:54:02  <catlasshrugged> sipa: what do you mean by "aspect"?
 489 2016-03-01T02:54:08  <petertodd> hehe, three identical replies :)
 490 2016-03-01T02:54:28  <catlasshrugged> bc.i does not log all user transactions and sell the results.
 491 2016-03-01T02:54:31  <aknix> catlasshrugged, Man cmon I know you are smarter than this.
 492 2016-03-01T02:54:42  <catlasshrugged> aknix: that is incredibly rude.
 493 2016-03-01T02:54:47  <petertodd> catlasshrugged: what proof do you have of that?
 494 2016-03-01T02:54:47  <pigeons> i am very suprised that anyone thinks that a user seeking any level of privacy would choose to reveal their addresses
 495 2016-03-01T02:54:55  <gmaxwell> catlasshrugged: prove to me that it doesn't; moreover prove to me that it cannot?
 496 2016-03-01T02:54:55  <aknix> Yeah well i am being honest
 497 2016-03-01T02:55:18  <aknix> I also have vouched for you in the past
 498 2016-03-01T02:55:26  <petertodd> catlasshrugged: indeed, why specifically do you think you have any way of knowing?
 499 2016-03-01T02:55:36  <sipa> catlasshrugged: in what way is Bitcoin-Qt's privacy worse than Samurai's?
 500 2016-03-01T02:55:38  <aknix> Im hurting myself by even commenting on this
 501 2016-03-01T02:55:42  <catlasshrugged> just wondering guys, what do you hope to be the outcome of a bunch of you ganging up on me?
 502 2016-03-01T02:55:46  <aknix> but its important
 503 2016-03-01T02:56:05  <catlasshrugged> I thought we were making some traction on productive iterations before, but now :/
 504 2016-03-01T02:56:07  <petertodd> catlasshrugged: would you mind answering the question?
 505 2016-03-01T02:56:24  <petertodd> catlasshrugged: we're here to help you fix your report; that means we'll ask questions, not all of them easy to answer
 506 2016-03-01T02:56:30  <petertodd> catlasshrugged: that's just how engineering reviews work
 507 2016-03-01T02:56:44  <gmaxwell> catlasshrugged: sorry that it's turned a bit harsh.
 508 2016-03-01T02:56:49  <aknix> catlasshrugged, Not trying to gang up, just trying to show you an other POV
 509 2016-03-01T02:56:50  <sipa> catlasshrugged: I'm sorry if you feel ganged up; that is by no means my intention
 510 2016-03-01T02:56:58  <aknix> I know that can be difficult to get.
 511 2016-03-01T02:57:11  <gmaxwell> catlasshrugged: Your position is somewhat inexplicable to me, and you're not really answering the questions people are trying to ask to make it explicable.
 512 2016-03-01T02:57:25  <gmaxwell> I'll back off for now and give you some air. Sorry.
 513 2016-03-01T02:57:36  <catlasshrugged> petertodd: I mean, I've done engineering reviews before, they are generally less unpleasant.
 514 2016-03-01T02:58:00  *** sipa has left #bitcoin-core-dev
 515 2016-03-01T02:58:23  <aknix> And catlasshrugged I have 2 times said I like the structure so far and think it has promise, i just think there is uneeded bias.
 516 2016-03-01T02:58:29  <catlasshrugged> ok, to answer gmax's question: the possibility of blockchain or any other provider doing something bad with data as a result of transaction broadcasts and balance lookups is included.
 517 2016-03-01T02:58:32  <petertodd> catlasshrugged: I used to work in a field where some stuff was safety critical - our reviews were often like this, and you simply learned that it wasn't personal
 518 2016-03-01T02:58:39  <petertodd> catlasshrugged: easier in person for sure
 519 2016-03-01T02:59:06  <catlasshrugged> you may take exception with the way that we weighted this consideration -- please *CAREFULLY* review how we actually weighted it, and if you have constructive feedback you'd like to provide about it, please do that.
 520 2016-03-01T02:59:45  <gmaxwell> catlasshrugged: I was responding to your question 'warren: please either explain how the reddit "expose" fits into our threat model'
 521 2016-03-01T03:00:06  <catlasshrugged> concerning sipa's question, he can get some more insight into this once I send a comparison to gmax and petertodd
 522 2016-03-01T03:00:45  <catlasshrugged> if you have suggestions about what it would look like, I welcome them. Currently I have absolutely no clue.
 523 2016-03-01T03:01:05  <catlasshrugged> To re-iterate, the fact that balance lookups and transaction broadcasts are done through a server is considered in the threat model.
 524 2016-03-01T03:01:12  <petertodd> catlasshrugged: so again, how do you know bc.i doesn't log queries?
 525 2016-03-01T03:01:20  <catlasshrugged> I can't prove it.
 526 2016-03-01T03:01:29  <petertodd> catlasshrugged: ok, so don't say it
 527 2016-03-01T03:02:23  <catlasshrugged> I would not have mentioned if instead gmax said: "if your threat model doesn't include ++the possibility of ++ bc.i logging all the users..."
 528 2016-03-01T03:02:26  <petertodd> catlasshrugged: does bc.i even formally say they don't keep logs?
 529 2016-03-01T03:02:37  <catlasshrugged> To the best of my knowledge, the threat model does include this possibility.
 530 2016-03-01T03:02:51  <catlasshrugged> of course, it does not discriminate bc.i from any other provider
 531 2016-03-01T03:03:07  <gmaxwell> catlasshrugged: Sorry, I was just at a loss as to why you were saying the reverse engineering analysis had nothing to do with your threat model.
 532 2016-03-01T03:03:53  <gmaxwell> Since what it turned up was that the wallet was, without disclosure, sending the user's addresses to bc.i (to a not documented API, in fact). Which would be part of your threat model unless you were totally ignoring sending private data to bc.i in it. :)
 533 2016-03-01T03:03:54  <catlasshrugged> I don't think samourai ever claimed that they do not send traffic through bc.i
 534 2016-03-01T03:04:09  <pigeons> also how and whether the user is informed of information sharing and what is shared and with whom would be something to measure in the report
 535 2016-03-01T03:04:11  <gmaxwell> they also don't claim to not send your private keys to Pirate40.
 536 2016-03-01T03:04:19  <catlasshrugged> I'm not sure why you would expect them to "disclose" this in advance any more than any wallet would "disclose" the boring details of how their server-client interaction works.
 537 2016-03-01T03:04:20  <petertodd> catlasshrugged: it certainly came as a surprise to many of their users
 538 2016-03-01T03:04:39  <gmaxwell> At least for something claiming to be the most private it was rather shocking.
 539 2016-03-01T03:04:55  <catlasshrugged> I'm not sure how to include "don't surprise people" in a threat model
 540 2016-03-01T03:05:08  <gmaxwell> (and the thread on reddit seems to indicate an overwhelming majority of the commentin people agreed, for whatever thats worth)
 541 2016-03-01T03:05:26  <petertodd> catlasshrugged: samourai was advertising itself as an SPV wallet, which implies to most people that there isn't a central server involved
 542 2016-03-01T03:05:30  <catlasshrugged> I don't tend to look to reddit for my social cues
 543 2016-03-01T03:05:48  <gmaxwell> I'm not talking about the surprise, I'm talking about the serious privacy leak which was only publically known due to the reverse engineering.
 544 2016-03-01T03:06:01  <catlasshrugged> I didn't know that, but I've never seen Samourai use the term "SPV" in their promotions
 545 2016-03-01T03:06:23  <catlasshrugged> as you've pointed out a billion times in public, it's easy to sybil the bitcoin network anyway, so it's not like SPV wallets are a lot better off
 546 2016-03-01T03:06:41  <catlasshrugged> it's not a serious privacy leak
 547 2016-03-01T03:06:42  <gmaxwell> "[–]SamouraiWallet 12 points 9 months ago*
 548 2016-03-01T03:06:42  <gmaxwell> Samourai is an SPV mobile wallet that collects no information about you. "
 549 2016-03-01T03:06:46  <catlasshrugged> it's sending transaction data to a server
 550 2016-03-01T03:06:57  <warren> Do you at least agree that you should stop comparing apples to oranges?  (remove the full node wallets like Qt)
 551 2016-03-01T03:06:58  <catlasshrugged> I don't particularly care whether you prefer the server they used
 552 2016-03-01T03:07:06  <pigeons> without informing the user after leading the user to believe otherwise
 553 2016-03-01T03:07:06  <petertodd> catlasshrugged: a server not controlled by Samourai, so how do they know no information is kept?
 554 2016-03-01T03:07:29  <petertodd> catlasshrugged: Samourai can't make that promise
 555 2016-03-01T03:08:00  <catlasshrugged> warren: I refuse to stop including FN wallets, but I welcome suggestions on how to clarify the differences between them. They're not so different that they're like comparing apples and oranges, unless in this analogy I helped to create a Fruit Report.
 556 2016-03-01T03:08:10  <petertodd> here's an example of Samourai claiming they are an SPV wallet: https://www.reddit.com/r/Bitcoin/comments/35bynz/samurai_wallet_some_interesting_privacy_features/cr32w75
 557 2016-03-01T03:08:34  <gmaxwell> petertodd: not even bc.i could make that promise, though I'm looking and they don't... since their api goes through cloudflare.
 558 2016-03-01T03:08:41  <petertodd> now, they correctly said they were using an API here, but that got repeated as SPV for sure
 559 2016-03-01T03:08:51  <catlasshrugged> thanks. that's too bad that they weren't clear about their network topology.
 560 2016-03-01T03:09:23  <petertodd> catlasshrugged: to be clear, I have some symapthy for Samorai here, but again, that sympathy is based on them not being used for antyhing but alpah testing
 561 2016-03-01T03:09:29  <catlasshrugged> do you know for a fact that Samourai doesn't have a relationship with bc.i?
 562 2016-03-01T03:09:32  <aknix> catlasshrugged, This what i mean your defensive instead of taking the criticism or even being critical in return, instead your defensive as if... IDK i had the impression you were very honest to others and also true to yourself. I dont mean to speak outside of techincals again, i just honestly think you need to approach this chat with a bit more of an open mind. I hope I don't sound like a dick or like im insulting you. Just trying to inform you.
 563 2016-03-01T03:10:01  <petertodd> catlasshrugged: until told otherwise, I'm not going to assume they do
 564 2016-03-01T03:10:12  <catlasshrugged> aknix: can you remind me about your expertise in bitcoin privacy engineering?
 565 2016-03-01T03:10:24  <catlasshrugged> petertodd: it appears that you're going to assume they don't.
 566 2016-03-01T03:10:26  <aknix> catlasshrugged, Sure 6 years experience
 567 2016-03-01T03:10:29  <aknix> ;)
 568 2016-03-01T03:10:34  <catlasshrugged> aknix: go on...
 569 2016-03-01T03:10:42  <gmaxwell> catlasshrugged: so far, not a single suggestion of things to improve in core has come out of this discussion (except perhaps coinjoin suppport; which I brought up, and noted that we don't have it largely today because it's provided externally and there isn't a really decenteralized version of it yet)
 570 2016-03-01T03:10:45  <catlasshrugged> what bitcoin privacy engineering did you do during those 6 years?
 571 2016-03-01T03:10:50  <warren> catlasshrugged: additionally, it might be wise for the authors of the report to disclose potential conflicts of interest
 572 2016-03-01T03:10:54  *** wumpus has quit IRC
 573 2016-03-01T03:11:02  <catlasshrugged> warren: go on?
 574 2016-03-01T03:11:06  <aknix> catlasshrugged, email me i will send you my resume, Its pretty verbose
 575 2016-03-01T03:11:11  <petertodd> catlasshrugged: so again, we're still back to the point where it appears that Samourai should not have been included in this review
 576 2016-03-01T03:11:14  <aknix> or dm on twitter
 577 2016-03-01T03:11:31  <petertodd> catlasshrugged: equally, not leaking this data at all to third parties is obviously highly valuable
 578 2016-03-01T03:11:32  <catlasshrugged> it objectively should not have been included, or you would prefer that it wasn't included?
 579 2016-03-01T03:11:32  <randy-waterhouse> catlasshrugged: I notice that arguably the best actual SPV wallet out there mSIGNA was not included
 580 2016-03-01T03:11:48  <catlasshrugged> randy-waterhouse: I've never actually met someone who used mSIGNA
 581 2016-03-01T03:11:57  *** wumpus has joined #bitcoin-core-dev
 582 2016-03-01T03:12:11  <pigeons> is that criteria included on the guidelines page?
 583 2016-03-01T03:12:12  <catlasshrugged> between the first and second report, we went with the wallets that had the highest demand
 584 2016-03-01T03:12:16  <randy-waterhouse> catlasshrugged: that's hor private they are :)
 585 2016-03-01T03:12:19  <aknix> catlasshrugged, I have documented proof of being involved in btc since mid 2010
 586 2016-03-01T03:12:21  <aknix> ;)
 587 2016-03-01T03:12:23  <catlasshrugged> the only request for mSIGNA that I received was from its CEO
 588 2016-03-01T03:12:30  <catlasshrugged> randy-waterhouse: lol
 589 2016-03-01T03:12:31  <aknix> at a techincal level
 590 2016-03-01T03:12:43  <warren> catlasshrugged: The technical experts here are surprised by your disregard for address ownership that is absolute (like in the Samurai wallet case) as being unimportant to your threat model, meanwhile you say you work for the service which is queried in that example.
 591 2016-03-01T03:12:55  <petertodd> warren: +1
 592 2016-03-01T03:13:00  <aknix> warren, +1
 593 2016-03-01T03:13:02  <catlasshrugged> address ownership?
 594 2016-03-01T03:13:34  <petertodd> catlasshrugged: queries to API services like bc.i, which leak info on who owns what addresses
 595 2016-03-01T03:13:37  <catlasshrugged> hey warren
 596 2016-03-01T03:13:51  <catlasshrugged> are you suggesting that bc.i stood to gain from this report?
 597 2016-03-01T03:14:12  <petertodd> catlasshrugged: e.g., if I startup Samourai wallet, it'll query multiple addresses, which even through Tor links those addresses together
 598 2016-03-01T03:14:29  <catlasshrugged> yup, just like most wallets do.
 599 2016-03-01T03:14:32  <petertodd> catlasshrugged: you should make it clear to readers that you work for bc.i, given they may ask that question
 600 2016-03-01T03:14:33  *** achow101 has quit IRC
 601 2016-03-01T03:14:48  *** justanotheruser has quit IRC
 602 2016-03-01T03:14:56  <petertodd> catlasshrugged: right, which is a huge privacy problem - the exact one coinjoin is meant to avoid. BTC Core completely avoids it
 603 2016-03-01T03:15:02  <warren> I don't have reasons for or against.  That doesn't remove the wisdom of disclosures though.
 604 2016-03-01T03:15:02  <catlasshrugged> man, I gotta say, that's just really annoying feedback to get.
 605 2016-03-01T03:15:21  <gmaxwell> I don't think it's fair feedback in any case.
 606 2016-03-01T03:15:38  <petertodd> catlasshrugged: right now bc.i as an example has access to a massive amount of information that could be used to deanonymise a large % of all bitcoin addresses - lets be clear on that
 607 2016-03-01T03:16:03  <gmaxwell> Kind of crappy that the guy that works for the centeralized API provider doesn't see centeralized APIs as a smoking hot privacy issue and all the rest of us do though. :(
 608 2016-03-01T03:16:19  <catlasshrugged> NEWS FLASH: Everyone has access to a massive information that could be used to denanonymize a large % of all bitcoin addresses -- it's called the blockchain and Google
 609 2016-03-01T03:16:26  <gmaxwell> but that doesn't mean that there is any actual conflict of interest.
 610 2016-03-01T03:16:53  <petertodd> catlasshrugged: it's also important if you do take that risk that you know who you are trusting with that data - e.g. in electrum, it's pretty clear which servers you are using. Samourai didn't give users that information.
 611 2016-03-01T03:17:22  <petertodd> catlasshrugged: that's covered by your blockchain analysis, analysis. network analysis can be combined with that information in anti-privacy ways
 612 2016-03-01T03:17:35  <catlasshrugged> I am not going to repeat this point again tonight: There was an opportunity for everyone to participate in the process deciding how things were weighted. You decided not to. If you would like to see changes, I am welcoming you to argue for them.
 613 2016-03-01T03:17:50  <catlasshrugged> I don't find repeated claims about the importance of full nodes vs not full nodes helpful without evidence.
 614 2016-03-01T03:18:05  <petertodd> catlasshrugged: well, that's fine, but I'd rather see the report fixed rather than us have to argue in public that the report is misleading
 615 2016-03-01T03:18:08  *** justanotheruser has joined #bitcoin-core-dev
 616 2016-03-01T03:18:21  <catlasshrugged> er, whose servers are you trusting if you use Electrum?
 617 2016-03-01T03:18:37  <catlasshrugged> maybe bc.i runs all of the electrum servers
 618 2016-03-01T03:18:46  <petertodd> catlasshrugged: yes, which is made very clear in the Electrum UI, and it's easy to get information on who runs those servers
 619 2016-03-01T03:18:59  <aknix> petertodd, +1 +1
 620 2016-03-01T03:19:04  <gmaxwell> catlasshrugged: many people have been basically begging you to substantiate placing many of these wallets that phone home the users addresses over bitcoin core. You haven't. Perhaps it will take you some research to do that-- I understand you didn't make this report all yourself--... probably you should go do that and we can continue discussions later.
 621 2016-03-01T03:19:24  <catlasshrugged> it's also really easy to find out which API samourai uses, too
 622 2016-03-01T03:19:32  <petertodd> catlasshrugged: similar to how Tor makes it easy for users to get information on who runs the Tor servers they are trusting, and in turn, who signs the Tor consensus they are trusting
 623 2016-03-01T03:19:32  <catlasshrugged> lol at "reverse engineering" and "expose"
 624 2016-03-01T03:19:43  <petertodd> catlasshrugged: could you explain how you'd find that out?
 625 2016-03-01T03:19:43  <gmaxwell> Yes, I think most people would agree that electrum has significantly worse privacy than bitcoin core due to the server model.
 626 2016-03-01T03:19:59  <catlasshrugged> yes, point your android device at a web proxy and look at what domains pop up.
 627 2016-03-01T03:20:05  <petertodd> catlasshrugged: especially as an average user? remember that the Samourai website doesn't say it uses an API
 628 2016-03-01T03:20:23  <catlasshrugged> the average user is also not looking up who owns their Electrum server
 629 2016-03-01T03:20:43  <petertodd> catlasshrugged: maybe they won't, but they definitely know they are trusting one, it's made absolutely clear in the UI. Same as darkwallet
 630 2016-03-01T03:21:09  * Luke-Jr notes that trusting anonymous/random third parties is actually worse than trusting easily identified third parties
 631 2016-03-01T03:21:25  <warren> catlasshrugged: I personally don't feel great about helping a project like yours when your arguments in response to technical feedback appeal to emotion.  When it comes to security or privacy it should be evaluated only on objective criteria.  Your feelings should play no part in this.  I'm sorry if this seems difficult, it's just the truth when it comes to technical issues.
 632 2016-03-01T03:21:29  <petertodd> Luke-Jr: agreed, but not knowing you're trusting third parties is even worse
 633 2016-03-01T03:21:37  <Luke-Jr> yes, no doubt
 634 2016-03-01T03:21:46  <petertodd> Luke-Jr: informed consent!
 635 2016-03-01T03:21:57  <gmaxwell> Luke-Jr: and electrum is accordingly ranked lower than bitcoin core for privacy. I'd agree. (I think the armory developers would agree too)
 636 2016-03-01T03:22:11  <catlasshrugged> ^
 637 2016-03-01T03:22:14  <aknix> Yeah i think I have to withdraw my pledge to help out with OBPP
 638 2016-03-01T03:22:16  <gmaxwell> er electrum not armory! :P
 639 2016-03-01T03:22:25  <molz> aknix: haha
 640 2016-03-01T03:23:05  <petertodd> gmaxwell: yeah, I've had discussions with the Electrum authors on this point, and they're totally clear about their privacy model, and want to improve it with techniques like prefix filters (maybe implemented now? haven't checked recently)
 641 2016-03-01T03:23:19  <gmaxwell> in any case, catlasshrugged offered to go break out some of the analysis on Bitcoin Core. I think that would be super useful to us--- and much better a use of time then the circular argument now.
 642 2016-03-01T03:23:32  *** BCB has joined #bitcoin-core-dev
 643 2016-03-01T03:23:44  <aknix> catlasshrugged, Your arguing this samurai wallet like its an estranged lover
 644 2016-03-01T03:23:52  <petertodd> catlasshrugged: btw, I'll note that the 'expose' made it clear that it was visible via network queries in the first line: https://www.reddit.com/r/Bitcoin/comments/447s7c/samourai_is_the_most_private_and_anonymous/
 645 2016-03-01T03:23:55  <aknix> Like electrum makes there model clear
 646 2016-03-01T03:23:59  <aknix> samurai does not
 647 2016-03-01T03:24:04  <aknix> pretty clear cut
 648 2016-03-01T03:24:13  <petertodd> catlasshrugged: they did reverse engineer it, but they're not bragging about that
 649 2016-03-01T03:24:14  <aknix> their*
 650 2016-03-01T03:24:26  <petertodd> gmaxwell: seems reasonable
 651 2016-03-01T03:24:33  <aknix> catlasshrugged, Have you used a disassembler?
 652 2016-03-01T03:27:23  *** [_smitty] has quit IRC
 653 2016-03-01T03:27:30  <aknix> You were laughing at reverse engineering it so just curious...
 654 2016-03-01T03:27:56  <petertodd> alright, going to do some work, bbl
 655 2016-03-01T03:28:33  *** BCB has quit IRC
 656 2016-03-01T03:30:37  <gmaxwell> aknix: I think the comment there was just "reverse engineering" was more than was required-- though not clear, without looking at the rest of the software it might have been hard to tell if it was sending private info vs just using it as a third party reference for the best blockchain tip, or something minimially privacy harming.
 657 2016-03-01T03:31:31  <pigeons> luckily, he has the source
 658 2016-03-01T03:32:33  <warren> catlasshrugged: Another dimension to analyze is how well each wallet discloses their own risks
 659 2016-03-01T03:32:35  <gmaxwell> Luke-Jr: how the heck do I get lrelease on gentoo?
 660 2016-03-01T03:33:03  <catlasshrugged> warren: I like that idea
 661 2016-03-01T03:33:08  <warren> ok great
 662 2016-03-01T03:33:30  <catlasshrugged> do you have any suggestions about how one could measure level of disclosure without it being terribly subjective?
 663 2016-03-01T03:33:30  <gmaxwell> warren: why not go work on improving Bitcoin Core's privacy documentation? :) it's scattered in many places.
 664 2016-03-01T03:33:53  <Luke-Jr> gmaxwell: for Qt4, it's part of dev-qt/qtcore; for Qt5, dev-qt/linguist-tools
 665 2016-03-01T03:34:13  <aknix> gmaxwell, Yeah simple interface monitoring would have caught this
 666 2016-03-01T03:34:28  <aknix> And thanks that does make more sense in context
 667 2016-03-01T03:34:29  <pigeons> catlasshrugged: actually say "are addreseses sent to 3rd parties? Y/N? is this disclosed? Y/N
 668 2016-03-01T03:34:52  <catlasshrugged> disclosed where and how?
 669 2016-03-01T03:35:03  <pigeons> anywhere, like their website or the TOS
 670 2016-03-01T03:35:31  <catlasshrugged> I think we can all agree that disclosing somewhere is better than nowhere, but surely there are better and worse ways
 671 2016-03-01T03:35:36  <warren> catlasshrugged: wallets describe themselves for marketing reasons, they should be truthful about how they operate and the potential risks so users can make informed decisions
 672 2016-03-01T03:35:40  <gmaxwell> pigeons: well if its burried in some TOS is that meaningful?
 673 2016-03-01T03:35:49  <pigeons> yes but any discloseure is better than reddit discloses it for you
 674 2016-03-01T03:36:00  <catlasshrugged> warren: yes, I support that for sure
 675 2016-03-01T03:36:33  <catlasshrugged> however, I think presentation matters a lot
 676 2016-03-01T03:36:41  <molz> how about trash that report and rewrite it?
 677 2016-03-01T03:36:46  <gmaxwell> bitcoin.org has disclosure requirements, IIRC.
 678 2016-03-01T03:36:49  <gmaxwell> molz: be nice.
 679 2016-03-01T03:37:35  <catlasshrugged> for example, if Samourai a few months ago put up a TOS on some corner of their website and wrote: "We use the world's most popular API, Blockchain.info, to look up balance information." I'm not sure that would helpfully communicate risk to the average user.
 680 2016-03-01T03:37:45  <pigeons> yes you are correct, ok
 681 2016-03-01T03:37:59  <gmaxwell> It would be better than not, but I agree that it doesn't pass the test.
 682 2016-03-01T03:38:13  <catlasshrugged> molz: will try to make the next one better.
 683 2016-03-01T03:38:19  <gmaxwell> The reason that it's better than not is because other people would be more likely to find that that no comment at all, and share the knoweldge.
 684 2016-03-01T03:38:56  <catlasshrugged> I get that people are quite upset about Qt's treatment in the second report, but aside from its non-inclusion in the first report, I think you would find that there were many improvements between the first and second reports.
 685 2016-03-01T03:39:01  <gmaxwell> One of the goals of disclosure is to reduce the risk that known-to-author privacy fails are not missed in review.
 686 2016-03-01T03:39:03  <pigeons> its easier for most people to search a website than to reverse engineer a binary
 687 2016-03-01T03:39:37  <catlasshrugged> probably true.
 688 2016-03-01T03:39:57  <catlasshrugged> I would actually have an easier time looking at the behavior of the app, but that's unusual.
 689 2016-03-01T03:40:23  <gmaxwell> engineering reality means that there will always be limitations, but one of the ways we can distinguish thing like intentional backdoors is by requiring that limitations be disclosed.
 690 2016-03-01T03:40:37  <catlasshrugged> right
 691 2016-03-01T03:40:38  <gmaxwell> even if people are going to look at the behavior they could still miss something critical.
 692 2016-03-01T03:40:47  <catlasshrugged> any suggested standards for how these things ought to be disclosed?
 693 2016-03-01T03:41:01  <catlasshrugged> Yes/No is a good start, just wondering if anyone has any ideas for improvements at present.
 694 2016-03-01T03:41:45  <catlasshrugged> I guess I would also wonder what kinds of information they should disclose. Explaining that the user will use another service to lookup balance info is important to disclose, but what else?
 695 2016-03-01T03:42:17  <gmaxwell> the gold standard would be to document their threat models and list their limitations under them.
 696 2016-03-01T03:42:29  <catlasshrugged> (N.B. we would rely on wallet providers to answer this in our questionnaire, because we can't prove a negative ourselves without the wallet provider.)
 697 2016-03-01T03:42:36  <gmaxwell> I think bitcoin.org wallet criteria did some disclosure requirement stuff, I'm looking for it now.
 698 2016-03-01T03:42:46  <catlasshrugged> thanks
 699 2016-03-01T03:42:59  *** instagibbs has quit IRC
 700 2016-03-01T03:44:53  *** wallet42 has quit IRC
 701 2016-03-01T03:45:11  <gmaxwell> bleh, not finding it now. will look more later.
 702 2016-03-01T03:47:19  <Luke-Jr> (btw, for the record, I take back what I said earlier about not wanting to help improve the report, in light of the effort made on the ML that unfortunately apparently nobody noticed)
 703 2016-03-01T03:47:53  <catlasshrugged> thanks
 704 2016-03-01T03:49:22  *** instagibbs has joined #bitcoin-core-dev
 705 2016-03-01T03:50:14  <catlasshrugged> I really appreciate any help people can put forth, especially with improvements to the threat model, the way that different attacks are weighted, and the correct modeling of full node clients like Bitcoin-Qt
 706 2016-03-01T03:52:03  <aknix> Hmm maybe there is an ISO like 17944:2002 that can be adopted. its pretty similar
 707 2016-03-01T03:52:13  <Luke-Jr> O.o
 708 2016-03-01T03:52:30  <catlasshrugged> just wondering, anyone present who is familiar with comments I or other OBPP folks have made concerning the scaling debates that colors their perception of OBPP?
 709 2016-03-01T03:52:40  <aknix> i can still troll right?
 710 2016-03-01T03:53:25  * aknix lulz
 711 2016-03-01T03:54:24  <Luke-Jr> catlasshrugged: I am personally unaware of such comment.
 712 2016-03-01T03:54:32  <catlasshrugged> ok
 713 2016-03-01T03:55:12  <randy-waterhouse> that would not be core related and should go elsewhere anyway
 714 2016-03-01T03:55:52  <gmaxwell> catlasshrugged: some people are. I am, and I had one person in here contact me privately and suggest that the report attacked bitcoin core specifically for political reasons related to blocksize drama (citing comments by you and other OBPP) folks. For what its worth, I told them that I didn't think that was the case here.
 715 2016-03-01T03:56:43  <catlasshrugged> I don't know how much people will discount my word, but I want to state categorically that the report was not modified or shaped in any way to attack Core.
 716 2016-03-01T03:57:29  <catlasshrugged> I want it to be an inclusive project that all experts can feel free to contribute to.
 717 2016-03-01T03:58:12  <gmaxwell> It is the case that many of the names on your thanks are ones that stand out to me as people who have been antagonistic towards core in the past, and a few who I'd rather not work with.
 718 2016-03-01T03:59:44  <btcdrak> shouldnt this conversation be in #bitcoin ?
 719 2016-03-01T03:59:46  <randy-waterhouse> except the report is NOT for experts ... I might be the most paranoid bitcoin user out there (of the ones i know of), I use only core and that report seems to come to highly erroneous conclusions
 720 2016-03-01T03:59:56  <aknix> btcdrak, +1
 721 2016-03-01T03:59:57  <gmaxwell> But I think it's fair to say that the response you've seen here is just on the result, esp rating Samourai higher than QT offends many of our senses... beyond the normal expected levels of "priorities differ".
 722 2016-03-01T04:00:13  <btcdrak> This channel is for Bitcoin Core development discussion. please move to #bitcoin.
 723 2016-03-01T04:00:27  <catlasshrugged> @btcdrak: no problem
 724 2016-03-01T04:01:36  <molz> gmaxwell: sorry.. but that report got on my nerves
 725 2016-03-01T04:02:30  <molz> catlasshrugged: core wallet is adopted by another altcoin which i used a lot, it can use some improvements but it's totally my favorite
 726 2016-03-01T04:19:39  *** Chris_Stewart_5 has quit IRC
 727 2016-03-01T04:36:08  *** p15 has joined #bitcoin-core-dev
 728 2016-03-01T05:22:03  *** baldur has quit IRC
 729 2016-03-01T05:38:57  *** jtimon has quit IRC
 730 2016-03-01T05:53:00  *** baldur has joined #bitcoin-core-dev
 731 2016-03-01T06:21:51  *** baldur has quit IRC
 732 2016-03-01T06:29:21  *** libertalis has quit IRC
 733 2016-03-01T06:35:05  *** libertalis has joined #bitcoin-core-dev
 734 2016-03-01T06:36:52  *** Cheeseo has quit IRC
 735 2016-03-01T06:39:58  *** wallet42 has joined #bitcoin-core-dev
 736 2016-03-01T06:54:22  *** catlasshrugged has quit IRC
 737 2016-03-01T06:54:23  *** baldur has joined #bitcoin-core-dev
 738 2016-03-01T06:55:16  *** Don_John has quit IRC
 739 2016-03-01T06:57:29  <gmaxwell> I wonder if anyone connected to OBPP ever ran bitcoin core, their screenshot is four years old. It's especially disappointing that it claims "the Qt client has remained
 740 2016-03-01T06:57:54  <gmaxwell> mostly unchanged over the last several years" --- kristov claimed this to me in #bitcoin several weeks ago, and I refuted it at list listing pages of features.
 741 2016-03-01T07:00:03  *** dermoth has quit IRC
 742 2016-03-01T07:00:39  *** dermoth has joined #bitcoin-core-dev
 743 2016-03-01T07:11:21  *** BashCo has quit IRC
 744 2016-03-01T07:34:18  *** mesmer_ has joined #bitcoin-core-dev
 745 2016-03-01T07:37:35  *** mesmer has quit IRC
 746 2016-03-01T07:42:54  *** wallet421 has joined #bitcoin-core-dev
 747 2016-03-01T07:47:00  *** wallet42 has quit IRC
 748 2016-03-01T07:50:11  *** BashCo has joined #bitcoin-core-dev
 749 2016-03-01T07:53:05  *** Thireus has quit IRC
 750 2016-03-01T07:59:07  *** frankenmint has joined #bitcoin-core-dev
 751 2016-03-01T08:00:56  <GitHub34> [bitcoin] jonasschnelli closed pull request #7560: [OSX] fix brew openssl detection (master...2016/02/osx_openssl) https://github.com/bitcoin/bitcoin/pull/7560
 752 2016-03-01T08:04:32  *** frankenmint has quit IRC
 753 2016-03-01T08:16:37  *** Ylbam has joined #bitcoin-core-dev
 754 2016-03-01T08:31:23  *** cjcj has joined #bitcoin-core-dev
 755 2016-03-01T08:32:55  *** slackircbridge has quit IRC
 756 2016-03-01T08:33:09  *** slackircbridge has joined #bitcoin-core-dev
 757 2016-03-01T08:36:41  *** Thireus has joined #bitcoin-core-dev
 758 2016-03-01T08:44:29  *** AaronvanW_ has joined #bitcoin-core-dev
 759 2016-03-01T09:04:27  *** rubensayshi has joined #bitcoin-core-dev
 760 2016-03-01T09:15:17  *** paveljanik has quit IRC
 761 2016-03-01T09:18:43  *** TZander has quit IRC
 762 2016-03-01T09:40:17  *** ChillazZ has joined #bitcoin-core-dev
 763 2016-03-01T09:40:41  *** ChillazZ is now known as Guest41724
 764 2016-03-01T09:48:27  *** wallet421 has quit IRC
 765 2016-03-01T09:49:39  *** jannes has joined #bitcoin-core-dev
 766 2016-03-01T09:51:04  *** gevs has joined #bitcoin-core-dev
 767 2016-03-01T09:52:24  *** wallet42 has joined #bitcoin-core-dev
 768 2016-03-01T09:56:47  *** Guyver2 has joined #bitcoin-core-dev
 769 2016-03-01T10:00:54  *** jouke_ has quit IRC
 770 2016-03-01T10:00:56  *** frankenmint has joined #bitcoin-core-dev
 771 2016-03-01T10:05:52  *** frankenmint has quit IRC
 772 2016-03-01T10:19:38  *** Guyver2 has quit IRC
 773 2016-03-01T10:21:33  *** proslogion has joined #bitcoin-core-dev
 774 2016-03-01T10:39:31  *** randy-waterhouse has quit IRC
 775 2016-03-01T10:47:31  *** cjcj has quit IRC
 776 2016-03-01T10:53:04  *** proslogion has quit IRC
 777 2016-03-01T11:03:17  *** frankenmint has joined #bitcoin-core-dev
 778 2016-03-01T11:07:37  *** frankenmint has quit IRC
 779 2016-03-01T11:15:53  *** cdecker has joined #bitcoin-core-dev
 780 2016-03-01T11:18:01  *** BCBot has joined #bitcoin-core-dev
 781 2016-03-01T11:18:10  *** wallet42 has quit IRC
 782 2016-03-01T11:19:48  *** BCBot has quit IRC
 783 2016-03-01T11:19:58  *** BCBot has joined #bitcoin-core-dev
 784 2016-03-01T11:21:45  *** BCBot has quit IRC
 785 2016-03-01T11:29:49  *** BCBot has joined #bitcoin-core-dev
 786 2016-03-01T11:39:59  *** laurentmt has joined #bitcoin-core-dev
 787 2016-03-01T11:42:33  *** laurentmt has quit IRC
 788 2016-03-01T11:59:02  *** da2ce7 has quit IRC
 789 2016-03-01T11:59:17  *** da2ce7 has joined #bitcoin-core-dev
 790 2016-03-01T12:02:58  <GitHub148> [bitcoin] crowning- opened pull request #7624: [doc] Missing credit added (0.12...patch-2) https://github.com/bitcoin/bitcoin/pull/7624
 791 2016-03-01T12:14:19  *** paveljanik has joined #bitcoin-core-dev
 792 2016-03-01T12:14:19  *** paveljanik has joined #bitcoin-core-dev
 793 2016-03-01T12:16:59  *** [Author] has joined #bitcoin-core-dev
 794 2016-03-01T12:17:06  *** Guyver2 has joined #bitcoin-core-dev
 795 2016-03-01T12:17:39  *** p15x has joined #bitcoin-core-dev
 796 2016-03-01T12:29:23  *** jouke has joined #bitcoin-core-dev
 797 2016-03-01T12:33:07  *** tr0nk has quit IRC
 798 2016-03-01T12:36:54  *** gevs has quit IRC
 799 2016-03-01T12:44:41  *** gevs has joined #bitcoin-core-dev
 800 2016-03-01T12:47:12  *** [Author] has quit IRC
 801 2016-03-01T12:47:13  <GitHub140> [bitcoin] laanwj pushed 1 new commit to master: https://github.com/bitcoin/bitcoin/commit/f5ecd0737130eed8daf9d76c5232dce7e40b7150
 802 2016-03-01T12:47:13  <GitHub140> bitcoin/master f5ecd07 Wladimir J. van der Laan: doc: Add missing credit to 0.12.0 release notes...
 803 2016-03-01T12:47:23  <GitHub104> [bitcoin] laanwj closed pull request #7624: [doc] Missing credit added (0.12...patch-2) https://github.com/bitcoin/bitcoin/pull/7624
 804 2016-03-01T12:47:45  *** jtimon has joined #bitcoin-core-dev
 805 2016-03-01T12:48:33  *** [Author] has joined #bitcoin-core-dev
 806 2016-03-01T12:49:51  *** MarcoFalke has joined #bitcoin-core-dev
 807 2016-03-01T12:51:51  *** p15 has quit IRC
 808 2016-03-01T12:51:51  *** p15x has quit IRC
 809 2016-03-01T12:52:33  <GitHub142> [bitcoin] laanwj pushed 1 new commit to 0.12: https://github.com/bitcoin/bitcoin/commit/35af157641ddbf6090e86edff7533d45ee4fb990
 810 2016-03-01T12:52:33  <GitHub142> bitcoin/0.12 35af157 Wladimir J. van der Laan: doc: Clean out release notes...
 811 2016-03-01T12:55:12  *** [Author] has quit IRC
 812 2016-03-01T12:58:39  *** [Author] has joined #bitcoin-core-dev
 813 2016-03-01T13:04:02  *** frankenmint has joined #bitcoin-core-dev
 814 2016-03-01T13:07:18  *** paveljanik has quit IRC
 815 2016-03-01T13:08:19  *** frankenmint has quit IRC
 816 2016-03-01T13:08:50  *** p15x has joined #bitcoin-core-dev
 817 2016-03-01T13:12:02  *** zooko has joined #bitcoin-core-dev
 818 2016-03-01T13:17:18  *** Giszmo has joined #bitcoin-core-dev
 819 2016-03-01T13:17:51  *** p15x has quit IRC
 820 2016-03-01T13:18:56  *** p15x has joined #bitcoin-core-dev
 821 2016-03-01T13:29:45  *** fredrin has joined #bitcoin-core-dev
 822 2016-03-01T13:30:39  *** laurentmt has joined #bitcoin-core-dev
 823 2016-03-01T13:30:41  *** laurentmt has quit IRC
 824 2016-03-01T13:33:50  *** dermoth_ has joined #bitcoin-core-dev
 825 2016-03-01T13:36:03  *** dermoth has quit IRC
 826 2016-03-01T13:36:04  *** zooko has quit IRC
 827 2016-03-01T13:37:38  <MarcoFalke> wumpus, I think 7607 needs backport to .11 and .12 as well
 828 2016-03-01T13:37:40  *** Chris_Stewart_5 has joined #bitcoin-core-dev
 829 2016-03-01T13:37:52  <MarcoFalke> Do you prefer a pull or just do it directly?
 830 2016-03-01T13:39:41  <btcdrak> if we have to change these we should also take the opportunity to change the fallback URL as well since it's until the curl change,it's already broken
 831 2016-03-01T13:39:53  <btcdrak> and link directly to http://dev.bitcoincore.org/
 832 2016-03-01T13:41:08  <wumpus> btcdrak: the redirect works fine IMO, dev.bitcoincore.org is a temporary solution
 833 2016-03-01T13:42:11  <wumpus> MarcoFalke: backporting a 0.10 pull is confusing me, is this in master already?
 834 2016-03-01T13:42:21  <MarcoFalke> jup
 835 2016-03-01T13:42:35  <MarcoFalke> I linked to the backport, so it's easier which commits I mean
 836 2016-03-01T13:42:43  <MarcoFalke> (it was 3 separate pulls)
 837 2016-03-01T13:43:07  <wumpus> I'll just cherry-pick to the other branches then
 838 2016-03-01T13:43:25  <btcdrak> wumpus: the redirects are very awkward creating tight coupling that is more liable to break someday. This would make a nice transition without breaking anything. At the end of the day, there will always be a URL, better if it's a separate subdomain that's also being used for something else (website)
 839 2016-03-01T13:43:39  <wumpus> btcdrak: dev.bitcoin.org may go away any time
 840 2016-03-01T13:43:55  <btcdrak> you mean the hosting server?
 841 2016-03-01T13:43:57  <wumpus> yes
 842 2016-03-01T13:44:09  <btcdrak> then what would be used as the fallback?
 843 2016-03-01T13:44:11  <wumpus> I don't have commitment that it will stay up, or anyone will pay for the hosting, etc
 844 2016-03-01T13:44:28  <btcdrak> dev.bitcoincore.org can always be pointed at any server, it's just a matter of changing DNS records.
 845 2016-03-01T13:44:48  <wumpus> so I prefer ahving the redirects so we can move the fallbacks anywhere we want later on without any source change
 846 2016-03-01T13:45:27  <wumpus> otherwise you're just moving the problem, you'd have to have a faux dev.bitcoincore.org with redirects to the actual location
 847 2016-03-01T13:45:30  <btcdrak> right now, it's broken anyway until the wget is changed to curl, so it;s the perfect time to change the name. It isnt fixed to the server, it's just a dns record.
 848 2016-03-01T13:46:09  <btcdrak> I'm already using another server to do the redirects..
 849 2016-03-01T13:46:12  <wumpus> it's not broken due to the bitcoincore.org though
 850 2016-03-01T13:46:21  <wumpus> the reason to move to curl is some other certificate failure
 851 2016-03-01T13:46:41  <btcdrak> remember the fallback URL does not need to be https://
 852 2016-03-01T13:46:56  <btcdrak> either way, you have to change it, but http:// is the right thing not https://
 853 2016-03-01T13:46:58  <wumpus> which I didn't realy agree on either, but this was cheaper than fixing the certificate issue I guess... :p
 854 2016-03-01T13:47:11  <btcdrak> http://dev fix is free
 855 2016-03-01T13:47:40  <btcdrak> since we dont need SSL, since verification is done by hashes
 856 2016-03-01T13:47:49  <wumpus> but the fallback URL is not beign changes in anything here
 857 2016-03-01T13:47:54  <wumpus> being changed*
 858 2016-03-01T13:48:45  <btcdrak> either way, it's broken until a change is made. it's a hard fork :-P
 859 2016-03-01T13:49:06  <wumpus> <btcdrak> then what would be used as the fallback? <- that's a good question, what is the cheapest way to host http-downloadable files?
 860 2016-03-01T13:49:14  <wumpus> (with reasonable bandwidth, and limits)
 861 2016-03-01T13:49:30  <btcdrak> I would guess a $60/yr VPS
 862 2016-03-01T13:49:38  <wumpus> I don't want to babysit a VPS
 863 2016-03-01T13:49:54  <wumpus> just host files
 864 2016-03-01T13:49:55  <btcdrak> well there is also github large file hosting.
 865 2016-03-01T13:51:15  <wumpus> anyhow these are three separate pulls, we can do a fallback location change later if that's necessary, there's notneed to correlate it to this
 866 2016-03-01T13:51:20  <btcdrak> we could probably create a repository and just upload the sources using github's releases feature
 867 2016-03-01T13:51:29  *** heath has joined #bitcoin-core-dev
 868 2016-03-01T13:51:56  <wumpus> nice
 869 2016-03-01T13:51:57  <btcdrak> for example: https://github.com/btcdrak/bitcoin/releases
 870 2016-03-01T13:52:17  <btcdrak> that would be my preferred option. the URLs are predictable too iirc
 871 2016-03-01T13:52:26  *** p15x has quit IRC
 872 2016-03-01T13:52:45  *** p15x has joined #bitcoin-core-dev
 873 2016-03-01T13:53:19  <btcdrak> let me experiment in a repository and get back to you
 874 2016-03-01T13:53:21  <wumpus> in any case, if we have a redirect then we can change them to point at any location
 875 2016-03-01T13:53:29  <Luke-Jr> fwiw, I have a terribly ugly hack for https://github.com/luke-jr/cross-binpkgs that could potentially work
 876 2016-03-01T13:54:30  <wumpus> fallback location broken? just change the redirects and all old versions depends download will just keep working without code changes
 877 2016-03-01T13:54:48  <Luke-Jr> +1
 878 2016-03-01T13:55:15  <MarcoFalke> of which: Fetching boost...
 879 2016-03-01T13:55:15  <MarcoFalke>   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
 880 2016-03-01T13:55:15  <MarcoFalke>                                  Dload  Upload   Total   Spent    Left  Speed
 881 2016-03-01T13:55:15  <MarcoFalke>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
 882 2016-03-01T13:55:15  <MarcoFalke> 100   639  100   639    0     0   2017      0 --:--:-- --:--:-- --:--:--  2017
 883 2016-03-01T13:55:15  <MarcoFalke> sha256sum: WARNING: 1 computed checksum did NOT match
 884 2016-03-01T13:55:33  *** zooko has joined #bitcoin-core-dev
 885 2016-03-01T13:55:45  <MarcoFalke> https://travis-ci.org/bitcoin/bitcoin/jobs/112855470#L831
 886 2016-03-01T13:58:25  <btcdrak> wumpus: look  https://github.com/btcdrak/sources/releases/tag/src
 887 2016-03-01T13:58:29  <wumpus> it doesn't actually say what URL it had downloaded
 888 2016-03-01T13:58:37  <btcdrak> so for example https://github.com/btcdrak/sources/releases/download/src/boost_1_59_0.tar.bz2
 889 2016-03-01T13:58:50  <btcdrak> the fallback URL would be https://github.com/btcdrak/sources/releases/download/src/
 890 2016-03-01T13:59:27  *** moli has joined #bitcoin-core-dev
 891 2016-03-01T13:59:28  <btcdrak> so this could just be https://github.com/bitcoin-core/depends-fallback/releases/download/src/boost_1_59_0.tar.bz2
 892 2016-03-01T13:59:41  <wumpus> boost hash wrong sounds like a pretty serious issue
 893 2016-03-01T14:00:28  <MarcoFalke> maybe it's just travis-will-randomly-fail-tuesday
 894 2016-03-01T14:02:42  *** molz has quit IRC
 895 2016-03-01T14:03:47  <Luke-Jr> :/
 896 2016-03-01T14:03:51  <btcdrak> so we could change the fallback URL to https://github.com/bitcoin-core/depends-fallback/releases/download/src/ but the best would be to setup a permanent redirect from dev.bitcoincore.org -> https://github.com/bitcoin-core/depends-fallbacks/releases/download/src/ then if for any reason the github repo changed you can just update the redirect and now we dont
 897 2016-03-01T14:03:52  <btcdrak> need a hosting server for gitian fallback
 898 2016-03-01T14:04:41  <wumpus> #7136 is already on 0.12
 899 2016-03-01T14:05:09  <wumpus> btcdrak: but then why set up a dev.bitcoincore.org at all and just change the current redirect from bitcoincore.org?
 900 2016-03-01T14:05:16  <wumpus> +not
 901 2016-03-01T14:05:44  <GitHub127> [bitcoin] laanwj pushed 2 new commits to 0.12: https://github.com/bitcoin/bitcoin/compare/35af157641dd...a10da9aa4933
 902 2016-03-01T14:05:44  <GitHub127> bitcoin/0.12 00d57b4 Luke Dashjr: Workaround Travis-side CI issues...
 903 2016-03-01T14:05:45  <GitHub127> bitcoin/0.12 a10da9a MarcoFalke: [depends] builders: No need to set -L and --location for curl...
 904 2016-03-01T14:08:11  <GitHub172> [bitcoin] laanwj pushed 3 new commits to master: https://github.com/bitcoin/bitcoin/compare/f5ecd0737130...732c01089601
 905 2016-03-01T14:08:12  <GitHub172> bitcoin/master 5c70a6d Luke Dashjr: Bugfix: gitian: Add curl to packages (now needed for depends)
 906 2016-03-01T14:08:12  <GitHub172> bitcoin/master e5daa2e Luke Dashjr: Merge branch 'master' into depends_curl
 907 2016-03-01T14:08:13  <GitHub172> bitcoin/master 732c010 Wladimir J. van der Laan: Merge #7614: Bugfix: gitian: Add curl to packages (now needed for depends)...
 908 2016-03-01T14:08:16  <GitHub49> [bitcoin] laanwj closed pull request #7614: Bugfix: gitian: Add curl to packages (now needed for depends) (master...depends_curl) https://github.com/bitcoin/bitcoin/pull/7614
 909 2016-03-01T14:10:44  <GitHub64> [bitcoin] laanwj pushed 1 new commit to 0.10: https://github.com/bitcoin/bitcoin/commit/4e1134bdf1acff669c0f489934ac5f919c634d69
 910 2016-03-01T14:10:44  <GitHub64> bitcoin/0.10 4e1134b Luke Dashjr: Bugfix: gitian: Add curl to packages (now needed for depends)...
 911 2016-03-01T14:11:14  *** GAit has joined #bitcoin-core-dev
 912 2016-03-01T14:13:44  <GitHub168> [bitcoin] laanwj pushed 1 new commit to 0.12: https://github.com/bitcoin/bitcoin/commit/ca8f160af5a54d08f8dc73acd959b0a73a7b427c
 913 2016-03-01T14:13:44  <GitHub168> bitcoin/0.12 ca8f160 Luke Dashjr: Bugfix: gitian: Add curl to packages (now needed for depends)...
 914 2016-03-01T14:16:19  <GitHub130> [bitcoin] luke-jr opened pull request #7625: Bugfix: Check for bench_bitcoin being enabled where needed, and skip UniValue dependency when unused (master...bugfix_bench_checks) https://github.com/bitcoin/bitcoin/pull/7625
 915 2016-03-01T14:17:34  <GitHub73> [bitcoin] laanwj pushed 4 new commits to 0.11: https://github.com/bitcoin/bitcoin/compare/c40ec1421048...a0cfe3a9e6c5
 916 2016-03-01T14:17:35  <GitHub73> bitcoin/0.11 7815cb6 Luke Dashjr: Bugfix: gitian: Add curl to packages (now needed for depends)...
 917 2016-03-01T14:17:35  <GitHub73> bitcoin/0.11 a0e13f0 MarcoFalke: Fix url in .travis.yml...
 918 2016-03-01T14:17:36  <GitHub73> bitcoin/0.11 77841d4 Luke Dashjr: Workaround Travis-side CI issues...
 919 2016-03-01T14:20:21  *** GAit has quit IRC
 920 2016-03-01T14:23:58  *** Chris_Stewart_5 has quit IRC
 921 2016-03-01T14:28:06  *** GAit has joined #bitcoin-core-dev
 922 2016-03-01T14:30:04  *** treehug88 has joined #bitcoin-core-dev
 923 2016-03-01T14:34:09  *** frankenmint has joined #bitcoin-core-dev
 924 2016-03-01T14:37:18  *** p15x has quit IRC
 925 2016-03-01T14:38:05  *** Chris_Stewart_5 has joined #bitcoin-core-dev
 926 2016-03-01T14:41:27  *** Cheeseo has joined #bitcoin-core-dev
 927 2016-03-01T14:41:56  *** Cheeseo has quit IRC
 928 2016-03-01T14:42:47  *** Cheeseo has joined #bitcoin-core-dev
 929 2016-03-01T14:42:48  *** Cheeseo has joined #bitcoin-core-dev
 930 2016-03-01T14:58:59  *** bsm1175321 has quit IRC
 931 2016-03-01T15:12:17  *** gavinandresen has joined #bitcoin-core-dev
 932 2016-03-01T15:14:19  *** TZander has joined #bitcoin-core-dev
 933 2016-03-01T15:20:52  *** laurentmt has joined #bitcoin-core-dev
 934 2016-03-01T15:29:39  *** laurentmt has quit IRC
 935 2016-03-01T15:34:08  *** GAit has quit IRC
 936 2016-03-01T15:39:17  *** GAit has joined #bitcoin-core-dev
 937 2016-03-01T15:47:59  *** BashCo has quit IRC
 938 2016-03-01T15:51:06  <wumpus> I don't think the fallback logic is working properly, if boost really changed their tarball (or something else goes wrong), shouldn't it be trying to get it from the alternate URL?
 939 2016-03-01T15:52:07  <wumpus> this was the same for libqrcode in the original problem, it was failing the download on ssl cert, but it didn't try the fallback
 940 2016-03-01T15:52:38  *** arlisk has joined #bitcoin-core-dev
 941 2016-03-01T15:52:50  <arlisk> opaa
 942 2016-03-01T15:53:57  *** arlisk has left #bitcoin-core-dev
 943 2016-03-01T15:54:04  <wumpus> and if the fallback logic isn't working, the last thing we should be worrying about is where its files are hosted :p
 944 2016-03-01T15:57:34  *** Thireus has quit IRC
 945 2016-03-01T15:58:46  <wumpus> ok just downloaded http://sourceforge.net/projects/boost/files/boost/1.59.0/boost_1_59_0.tar.bz2 and it still has the same sha256sum, 727a932322d94287b62abb1bd2d41723eec4356a7728909e38adb65ca25241ca. It maybe that the file is corrupted on one of SF's mirrors, ofc.
 946 2016-03-01T15:59:12  <btcdrak> or tampered with...
 947 2016-03-01T15:59:32  <btcdrak> it wouldnt be the first time sf filedownloads have been compromised
 948 2016-03-01T16:00:37  *** GAit has joined #bitcoin-core-dev
 949 2016-03-01T16:01:44  <wumpus> could be, though I think it's unlikely someone would mess with an old boost download
 950 2016-03-01T16:01:57  <wumpus> not impossible ofcourse
 951 2016-03-01T16:11:58  *** tronDat has joined #bitcoin-core-dev
 952 2016-03-01T16:14:36  *** BashCo has joined #bitcoin-core-dev
 953 2016-03-01T16:30:16  <GitHub162> [bitcoin] laanwj pushed 2 new commits to master: https://github.com/bitcoin/bitcoin/compare/732c01089601...639ec582d0f3
 954 2016-03-01T16:30:16  <GitHub162> bitcoin/master fafe446 MarcoFalke: [depends] Delete unused patches...
 955 2016-03-01T16:30:17  <GitHub162> bitcoin/master 639ec58 Wladimir J. van der Laan: Merge #7616:  [depends] Delete unused patches...
 956 2016-03-01T16:30:26  <GitHub177> [bitcoin] laanwj closed pull request #7616:  [depends] Delete unused patches  (master...Mf1602-boost155) https://github.com/bitcoin/bitcoin/pull/7616
 957 2016-03-01T16:33:51  *** paveljanik has joined #bitcoin-core-dev
 958 2016-03-01T16:37:25  *** Chris_Stewart_5 has quit IRC
 959 2016-03-01T16:38:16  *** GAit has quit IRC
 960 2016-03-01T16:53:35  *** GAit has joined #bitcoin-core-dev
 961 2016-03-01T16:55:07  *** GAit has quit IRC
 962 2016-03-01T16:56:24  *** Squidicuz has joined #bitcoin-core-dev
 963 2016-03-01T16:58:11  *** Don_John has joined #bitcoin-core-dev
 964 2016-03-01T16:58:28  <gmaxwell> wumpus: well an old boost download we use?
 965 2016-03-01T16:58:51  <wumpus> yes but as the download process detects it, doing it just for us is pointless
 966 2016-03-01T17:00:10  <wumpus> tho would be kind of funny if someone invested a lot in an attack that they didn't even test locally :p
 967 2016-03-01T17:03:15  *** CyrusV has joined #bitcoin-core-dev
 968 2016-03-01T17:08:58  *** zooko has quit IRC
 969 2016-03-01T17:16:35  *** Guest41724 has quit IRC
 970 2016-03-01T17:17:14  *** ChillazZ has joined #bitcoin-core-dev
 971 2016-03-01T17:17:38  *** ChillazZ is now known as Guest30748
 972 2016-03-01T17:18:37  *** murch has joined #bitcoin-core-dev
 973 2016-03-01T17:33:27  <Giszmo> Looking into bip142 I wonder if there is a schema to optionally allow segWit that would be compatible with bip21? some bitcoin:1....?amount=12&segWitAllowed=true kind of downwards compatible style we could use in mycelium to leave it to the sender if he wants to use segwit?
 974 2016-03-01T17:34:01  <Luke-Jr> Giszmo: uh, you can't use segwit like that
 975 2016-03-01T17:34:12  <Luke-Jr> segwit is tied to the address
 976 2016-03-01T17:34:22  <Luke-Jr> a 1… address can never be segwit
 977 2016-03-01T17:34:37  <Luke-Jr> only 3…
 978 2016-03-01T17:35:06  *** Thireus has joined #bitcoin-core-dev
 979 2016-03-01T17:39:40  <GitHub111> [bitcoin] laanwj pushed 4 new commits to master: https://github.com/bitcoin/bitcoin/compare/639ec582d0f3...e5121eb951c4
 980 2016-03-01T17:39:41  <GitHub111> bitcoin/master fa06ce0 MarcoFalke: Fix doxygen comment for payTxFee
 981 2016-03-01T17:39:42  <GitHub111> bitcoin/master fa97f95 MarcoFalke: [doc] Fix markdown
 982 2016-03-01T17:39:42  <GitHub111> bitcoin/master fa26652 MarcoFalke: Make sure LogPrintf strings are line-terminated
 983 2016-03-01T17:39:53  <GitHub37> [bitcoin] laanwj closed pull request #7617: [doc/log] Fix markdown syntax and line terminate LogPrint (master...Mf1602-trivial9) https://github.com/bitcoin/bitcoin/pull/7617
 984 2016-03-01T17:40:03  <Giszmo> Thanks Luke. Back to study the bips ...
 985 2016-03-01T17:41:56  *** murch has quit IRC
 986 2016-03-01T17:47:26  *** ebfull has joined #bitcoin-core-dev
 987 2016-03-01T18:31:24  *** NicolasDorier_ has joined #bitcoin-core-dev
 988 2016-03-01T18:32:26  *** _alp_ has quit IRC
 989 2016-03-01T18:32:35  *** tronDat has quit IRC
 990 2016-03-01T18:34:08  *** tronDat has joined #bitcoin-core-dev
 991 2016-03-01T18:36:35  *** GAit has joined #bitcoin-core-dev
 992 2016-03-01T18:37:29  *** NicolasDorier has quit IRC
 993 2016-03-01T18:37:32  *** NicolasDorier_ is now known as NicolasDorier
 994 2016-03-01T18:44:30  *** GAit has quit IRC
 995 2016-03-01T18:47:54  *** jcorgan has quit IRC
 996 2016-03-01T18:48:01  *** Arnavion has quit IRC
 997 2016-03-01T18:48:05  *** Arnavion3 has joined #bitcoin-core-dev
 998 2016-03-01T18:48:09  *** Arnavion3 is now known as Arnavion
 999 2016-03-01T18:48:31  *** nkuttler has quit IRC
1000 2016-03-01T18:48:49  *** dirtynewshoes has quit IRC
1001 2016-03-01T18:49:54  *** nkuttler has joined #bitcoin-core-dev
1002 2016-03-01T18:50:22  *** dgenr8 has quit IRC
1003 2016-03-01T18:50:22  *** lecusemble has quit IRC
1004 2016-03-01T18:50:33  *** go1111111 has quit IRC
1005 2016-03-01T18:50:40  *** dgenr8 has joined #bitcoin-core-dev
1006 2016-03-01T18:50:48  *** lecusemble has joined #bitcoin-core-dev
1007 2016-03-01T18:51:25  *** jouke has quit IRC
1008 2016-03-01T18:51:30  *** go1111111 has joined #bitcoin-core-dev
1009 2016-03-01T18:51:36  *** gribble has quit IRC
1010 2016-03-01T18:53:21  *** jouke has joined #bitcoin-core-dev
1011 2016-03-01T18:56:08  *** GAit has joined #bitcoin-core-dev
1012 2016-03-01T18:58:07  *** GAit has quit IRC
1013 2016-03-01T19:01:53  *** gribble has joined #bitcoin-core-dev
1014 2016-03-01T19:06:17  *** dirtynewshoes has joined #bitcoin-core-dev
1015 2016-03-01T19:12:14  *** mkarrer_ has joined #bitcoin-core-dev
1016 2016-03-01T19:12:16  *** pavel_ has joined #bitcoin-core-dev
1017 2016-03-01T19:13:16  *** pavel_ has quit IRC
1018 2016-03-01T19:13:26  *** pavel_ has joined #bitcoin-core-dev
1019 2016-03-01T19:14:35  *** pavel_ has joined #bitcoin-core-dev
1020 2016-03-01T19:14:41  *** paveljanik has quit IRC
1021 2016-03-01T19:14:42  *** mkarrer has quit IRC
1022 2016-03-01T19:14:48  *** pavel_ is now known as paveljanik
1023 2016-03-01T19:15:21  *** Squidicuz has quit IRC
1024 2016-03-01T19:16:01  *** tronDat has quit IRC
1025 2016-03-01T19:16:04  *** tronDat_ has joined #bitcoin-core-dev
1026 2016-03-01T19:16:54  *** AtashiCon has quit IRC
1027 2016-03-01T19:17:13  <michagogo> AIUI increasing the prune limit just pauses it until the new threshold is hit. Why not go back and fetch the old data?
1028 2016-03-01T19:17:31  <michagogo> I mean, we still have the header chain, right?
1029 2016-03-01T19:17:40  <sdaftuar> michagogo: download old blocks, just to store them?
1030 2016-03-01T19:17:48  <michagogo> Oh. Wait.
1031 2016-03-01T19:18:02  <michagogo> Forgot about the undo data.
1032 2016-03-01T19:18:08  <michagogo> Never mind…
1033 2016-03-01T19:18:38  <GitHub82> [bitcoin] ericshawlinux opened pull request #7628: QT: Add 'copy full transaction details' option (master...master) https://github.com/bitcoin/bitcoin/pull/7628
1034 2016-03-01T19:22:39  *** wallet42 has joined #bitcoin-core-dev
1035 2016-03-01T19:23:29  *** AtashiCon has joined #bitcoin-core-dev
1036 2016-03-01T19:23:59  *** bsm1175321 has joined #bitcoin-core-dev
1037 2016-03-01T19:24:36  *** bsm1175321 is now known as bsm117532
1038 2016-03-01T19:25:42  *** jonasschnelli has quit IRC
1039 2016-03-01T19:25:43  *** ibrightly has quit IRC
1040 2016-03-01T19:31:29  *** ibrightly has joined #bitcoin-core-dev
1041 2016-03-01T19:31:30  *** jonasschnelli has joined #bitcoin-core-dev
1042 2016-03-01T19:56:15  *** zooko` has joined #bitcoin-core-dev
1043 2016-03-01T19:59:36  *** GAit has joined #bitcoin-core-dev
1044 2016-03-01T20:14:21  *** Tasoshi has joined #bitcoin-core-dev
1045 2016-03-01T20:16:59  *** Tasoshi_ has quit IRC
1046 2016-03-01T20:35:53  *** GAit has quit IRC
1047 2016-03-01T20:36:22  *** GAit has joined #bitcoin-core-dev
1048 2016-03-01T20:37:12  *** jannes has quit IRC
1049 2016-03-01T20:38:13  *** GAit has quit IRC
1050 2016-03-01T20:39:42  *** GAit has joined #bitcoin-core-dev
1051 2016-03-01T20:46:15  *** zooko` has quit IRC
1052 2016-03-01T20:46:26  *** zooko has joined #bitcoin-core-dev
1053 2016-03-01T20:48:11  *** treehug88 has quit IRC
1054 2016-03-01T21:07:16  *** MarcoFalke has quit IRC
1055 2016-03-01T21:09:37  *** achow101 has joined #bitcoin-core-dev
1056 2016-03-01T21:14:43  *** zooko has quit IRC
1057 2016-03-01T21:42:58  *** laurentmt has joined #bitcoin-core-dev
1058 2016-03-01T21:43:25  *** laurentmt has quit IRC
1059 2016-03-01T21:53:34  *** otium has joined #bitcoin-core-dev
1060 2016-03-01T21:58:57  *** belcher has joined #bitcoin-core-dev
1061 2016-03-01T22:03:12  *** GAit has quit IRC
1062 2016-03-01T22:09:51  <gmaxwell> Is it just me or has openssl missed their announced window?
1063 2016-03-01T22:10:11  <gmaxwell> oh they haven't just nothing to their announce list. :(
1064 2016-03-01T22:10:23  <GitHub106> [bitcoin] pstratem opened pull request #7629: Order CTxMemPool::queryHashes result by feerate including descendents. (master...2016-03-01-queryhashes) https://github.com/bitcoin/bitcoin/pull/7629
1065 2016-03-01T22:10:59  <sdaftuar> https://www.openssl.org/news/secadv/20160301.txt
1066 2016-03-01T22:13:43  *** GAit has joined #bitcoin-core-dev
1067 2016-03-01T22:16:11  *** Guyver2 has quit IRC
1068 2016-03-01T22:20:41  <phantomcircuit> sdaftuar, do i have that correct that using the descendent modified fee index in reverse order will produce a stream of transactions with no orphans
1069 2016-03-01T22:20:42  <phantomcircuit> ?
1070 2016-03-01T22:20:52  <sdaftuar> phantomcircuit: was just going to comment on the PR
1071 2016-03-01T22:20:58  <sdaftuar> phantomcircuit: no, you need to walk the ancestors
1072 2016-03-01T22:21:20  <phantomcircuit> descendants are the things which depend on the transaction right?
1073 2016-03-01T22:21:20  <sdaftuar> this is slightly tricky to write efficiently actually
1074 2016-03-01T22:21:28  <phantomcircuit> ie children not the parent
1075 2016-03-01T22:21:35  <sdaftuar> yes that's right
1076 2016-03-01T22:21:43  <sdaftuar> however the highest scoring thing might have ancestors with low fee
1077 2016-03-01T22:22:35  <sdaftuar> there's no direct relationship between any of the feerate scores and a "no orphan" order
1078 2016-03-01T22:22:51  <phantomcircuit> but for any given tree of transactions the parent transaction(s) are going to have a higher descendent fee total ... oh right feerate
1079 2016-03-01T22:23:10  <sdaftuar> see my PR for a "CPFP" mining algorithm,
1080 2016-03-01T22:23:17  <sdaftuar> i think i solve the exact problem you're trying to solve
1081 2016-03-01T22:23:28  <sdaftuar> #7600
1082 2016-03-01T22:24:50  <sdaftuar> is there a reason to prefer descendant fee rate over ancestor fee rate here?
1083 2016-03-01T22:25:21  <sdaftuar> the latter is much closer to being in sync with what is valuable to miners
1084 2016-03-01T22:26:09  <sdaftuar> (though at the low end, descendant fee rate score is more accurate for what gets evicted from the mempool)
1085 2016-03-01T22:27:45  *** tronDat_ has quit IRC
1086 2016-03-01T22:27:52  <phantomcircuit> sdaftuar, the descendant tracking essentially answer the question, if i removed this transaction what would the net effect be while ancestor tracking answers the question if i added this transaction and all of it's parents what would the net effect be
1087 2016-03-01T22:28:42  <phantomcircuit> the descendant tracking can get you the same result as ancestor tracking if you start out with the full mempool and simulate reducing the mempool limit to the size of block you're trying to build
1088 2016-03-01T22:29:05  <phantomcircuit> (i think)
1089 2016-03-01T22:29:31  <sdaftuar> i don't disagree with what you wrote (well not sure i fully follow but what you wrote sounds right).  if you're trying to communicate the most valuable transactions, ancestor feerate should capture that
1090 2016-03-01T22:29:45  <sdaftuar> if you're trying to communicate the least valuable transactions, i think the worst descendant fee rate captures that
1091 2016-03-01T22:30:08  <phantomcircuit> yeah that's what i was saying basically
1092 2016-03-01T22:30:43  <sdaftuar> ok, so i'm still not sure exactly how you plan to use this but you might want to check out the SortForBlock code in #7600
1093 2016-03-01T22:31:01  <sdaftuar> basically if you want to take a tx and communicate it in a no-orphan way
1094 2016-03-01T22:31:11  <sdaftuar> you call CalculateMemPoolAncestors on it
1095 2016-03-01T22:31:27  <sdaftuar> and then sort by nCountWithAncestors
1096 2016-03-01T22:31:58  <sdaftuar> (this will be trickier if you are looking at descendant fee rate, in which case you presumably want to communicate the descendants of a tx)
1097 2016-03-01T22:32:18  <phantomcircuit> sdaftuar, i think you're right that using ancestor feerate is better
1098 2016-03-01T22:32:30  <sdaftuar> i have to run now, family time.  back in a couple hours...
1099 2016-03-01T22:37:30  *** tronDat has joined #bitcoin-core-dev
1100 2016-03-01T22:42:21  *** randy-waterhouse has joined #bitcoin-core-dev
1101 2016-03-01T22:42:38  *** dirtynewshoes has quit IRC
1102 2016-03-01T22:43:13  *** dirtynewshoes has joined #bitcoin-core-dev
1103 2016-03-01T22:44:14  *** zooko has joined #bitcoin-core-dev
1104 2016-03-01T22:53:06  *** neha has quit IRC
1105 2016-03-01T23:00:15  *** otium has left #bitcoin-core-dev
1106 2016-03-01T23:06:06  *** zooko has quit IRC
1107 2016-03-01T23:07:12  *** amiller has quit IRC
1108 2016-03-01T23:15:36  *** gevs has quit IRC
1109 2016-03-01T23:24:10  *** wallet42 has quit IRC
1110 2016-03-01T23:37:14  *** amiller has joined #bitcoin-core-dev
1111 2016-03-01T23:37:30  *** amiller is now known as Guest72772