19:00:20 <wumpus> #startmeeting 19:00:20 <lightningbot> Meeting started Thu Mar 23 19:00:20 2017 UTC. The chair is wumpus. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:00:20 <lightningbot> Useful Commands: #action #agreed #help #info #idea #link #topic. 19:00:20 <sipa> hi 19:00:20 <achow101> hi 19:00:27 <gmaxwell> Welcome to meeting. 19:00:34 <cfields> hi 19:00:50 <btcdrak> greetings! 19:00:57 <wumpus> proposed topics? 19:01:14 <btcdrak> holiday at the beach? 19:01:27 <petertodd> btcdrak: that's what the financial crypto conference is for 19:01:29 <gmaxwell> wumpus: The segwit address proposal on the list. 19:01:35 <petertodd> gmaxwell: +1 19:01:37 <wumpus> sounds good to me 19:01:39 <btcdrak> +1 19:01:44 <wumpus> #topic segwit address proposal 19:01:53 <jonasschnelli> proposed topic: DER encoded priv keys in wallet 19:02:05 <jonasschnelli> ack #sw addr format 19:02:12 <sipa> general opinions/questions about the segwit addr format? 19:02:25 <gmaxwell> We might have made a strategic error in getting 1:1 comments from too many people, causing a darth of comments on the list. Comments on the list would be good even if they're just "I reviewed this before, LGTM" 19:02:26 <jonasschnelli> Andreas S. concern about QRCode? 19:02:44 <kanzure> who has reviewed bech32 by now? 19:02:45 <btcdrak> ML post is here https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-March/013749.html 19:03:03 <sipa> jonasschnelli: petertodd responded, by i can give some extra commemtd 19:03:04 <petertodd> gmaxwell: along thsoe lines, I think making some of those 1:1 comments public might be helpful for new devs interested in learning how these processes work 19:03:06 <sipa> *commemts 19:03:10 <jonasschnelli> IMO QRCode have redundant parts while - as far as I understand bech32 – has also error correction.. seems a bit unefficient. Though QRCode are another layer I guess. 19:03:47 <jonasschnelli> (need to read petertodd's response; wasn't aware( 19:03:55 <gmaxwell> jonasschnelli: He suggested it use more characters but using anything non-alphanum makes it so double click copy doesn't work in browsers, also being a non power-of-prime base makes strong error detection infesable, and at best could reduce the size by a couple percent. 19:04:09 <gmaxwell> These points are all addressed in the document, I believe. 19:04:29 <kanzure> tromp's MiXcAsE proposal was a joke right? 19:04:43 <sipa> gmaxwell: base 43 is actually totally doable as it is a prime 19:04:46 <petertodd> gmaxwell: there's a few things that the document doesn't mention as clearly as it could, like how non-alphanum poses barriers for non-english-speaking users 19:04:50 <wumpus> jonasschnelli: I don't think the qr error detection/correction is strong enough for somthing as critical to get right as an address 19:04:51 <gmaxwell> (in fact in an earlier revision we used - as a seperator but dropped it for click copy compatibility) 19:04:51 <sipa> gmaxwell: but it requires bignum code to convert 19:05:04 <jonasschnelli> wumpus: Yes. Agree. 19:05:24 <sipa> petertodd: feel free to suggest better language :) 19:05:29 <gmaxwell> wumpus: it would probably be fine if we only ever used QR codes.. but obviously that isn't possible. 19:06:03 <petertodd> sipa: will do - also thanks for having such a great list of rationals already! really helpful to understand why something was chosen and what the tradeoffs are 19:06:09 <gmaxwell> petertodd: yes, though really being num only be best for international support but the result is significantly bigger and slower to deal with. :( I tried that out at one point. 19:06:13 <wumpus> gmaxwell: a more compact format could be used with qr codes, in any case, if that's desirable. That doesn't affect this standard. 19:06:21 <luke-jr> QR codes could hypothetically encode it in binary, but meh 19:06:43 <kanzure> rationale section was good, although i think it would be worthwhile to describe the 'exhaustive search' 19:06:47 <kanzure> in public 19:06:49 <wumpus> luke-jr: right. 19:06:59 <gmaxwell> luke-jr: if we had a binary QR only format I assume it would intentionally begin with something like a null byte to make sure it doesn't get mangled by text channels. 19:07:14 <petertodd> gmaxwell: yeah, we're fortunate that lots of non-english-speakers still known the alphabet; even english speakers often don't know the names of punctuation symbols, and those names are also not entirely canonical 19:07:57 <jonasschnelli> It's probably not worth to design an additional binary addr standard for QrCodes. Maybe they are only temporary? Gone in 3-4 yrs? 19:08:04 <gmaxwell> There were a lot of other rational things we trimmed from the document. One of pieter's concerns was that the length of the document would make it seem complicated (though the proposal is pretty simple.); feedback on reddit seemed to somewhat validate that. 19:08:12 <petertodd> luke-jr: so by matchin QR code's special-case character set support, we end up with an encoding that at the low level is basically binary anyway 19:08:35 <gmaxwell> jonasschnelli: I think that it's probably not worth it for that, but industry feedback would be nice. 19:08:50 <gmaxwell> petertodd: thats a point, though the unfortuate thing is that it's exposed to mangling. 19:09:04 <sipa> the alphanuneric mode is pretty efficient; only 10% extra compared to binary 19:09:12 <sipa> it uses 5.5 bits per character 19:09:16 <gmaxwell> e.g. QR decoder -> something that munges up the strings -> software -> coins in sppppaccccceeee. 19:09:24 <sipa> so 5.5 bits per 5 bits of data is pretty goof 19:09:26 <sipa> good 19:09:34 <petertodd> jonasschnelli: I think the day Qr codes aren't heavily used will be the day bech32 is irrelevant anyway because people are all paying each other by very different means :) 19:09:49 <jonasschnelli> probably... :) 19:10:04 <sipa> while base58 uses 8 bits per 5.86 bits of data 19:10:15 <gmaxwell> sipas point is more important, only a 10%-ish overhead in this format vs some binary QR code. 19:10:50 <sipa> if you also drop the checksum, we get much larger savings of course 19:11:13 <sipa> in practice you'd get a 25% reduction for p2wpkh 19:11:23 <jonasschnelli> side note: could the Bech32 encoding also be used for private keys (== 32bit seeds)? 19:11:29 <gmaxwell> true. but ugh. the some text handling path replaces a character. 19:11:31 <sipa> jonasschnelli: good question! 19:11:37 <wumpus> indeed, for base58 addresses there also never has been a binary standard for qr codes 19:11:44 <sipa> jonasschnelli: we've been thinking about a stronger checksum for private keys 19:11:45 <Anduck> QR codes iirc can work even if 30% of the code misread 19:11:46 <wumpus> which would have saved a lot more 19:12:03 <petertodd> jonasschnelli: yes - in fact I'm planning on using it for non-bitcoin applications too 19:12:06 <sipa> possibly 12 checksum characters (which is the maximum doable with 64 bit arithmetic) 19:12:24 <jonasschnelli> Yes. An alternative for bip39? 19:12:42 <gmaxwell> For private keys additional error _correction_ is interesting, and additional overhead is not very consequential. 19:12:59 <sipa> bech32 can only correct 2 errors, but detect 4 19:13:22 <sipa> for addresses you really only care about detection 19:13:29 <sipa> but for private keys you want correction 19:13:37 <wumpus> yes, quite a different use case 19:13:45 <gmaxwell> So we've been working on that some in the background. So it would be a different spec but just very similar. (e.g. similar kind of 5 lines of code) for the 12 digit checksum or what not. 19:13:58 <sipa> with a 12 character checksum, correcting 3 errors is trivial 19:14:07 <jonasschnelli> current WIF can correct 0. 19:14:15 <sipa> but perhaps we can find one that can correct 4 19:14:20 <gmaxwell> kanzure: we left out a lot of technical manutia about the construction which is interesting but not really relevant to the spec. 19:15:05 <wumpus> makes sense to keep the spec focused and minimal, that way people will more likely read it :) you could link to an additional description, or include it as appendix or such 19:15:42 <sipa> earlier version explained finite field arithmetic and generator polynomials :) 19:15:45 <petertodd> wumpus: maybe good to make it a spec + design document? put rational/etc. in the latter. IIRC SHA3 had a document like that, among others. 19:15:58 <wumpus> petertodd: yes indeed 19:16:05 <jonasschnelli> The question about the level of complexity: We should't care. Pieter's stuff tend to be complicated. But only because its great and though through well. Awesome work IMO! 19:16:06 <jtimon> I haven't fully reviewed it, but I've had a fast read on several versions of the doc and asked questions to sipa 19:16:42 <gmaxwell> Finding a 12-digit code that corrects 4 may take more computing power than we have with just the a hundred cores here... though sipa has done a lot to take that search from completely intractable to plausable. :) I think this work is a lot lower priority though other things we could be working on (like utxo database refactors and tx compaction) .... 19:17:27 <sipa> jonasschnelli: i think the result is actually surprisingly simple 19:17:50 <sipa> (but i'm probably biased) 19:17:52 <gmaxwell> In any case, review and comment please! 19:17:59 <luke-jr> I think it's more important to *detect* errors, than to correct them 19:18:07 <sipa> luke-jr: for addresses, absolutely 19:18:19 <luke-jr> 4 seems a bit low in that regard 19:18:51 <jonasschnelli> sipa: I think deeply understanding the specs takes a coupe of hours... and it's different to the current base58check. This may frighten off people... but that shouldn't be something that should affect the process of selecting the *next* addr encoding format IMO 19:18:53 <gmaxwell> luke-jr: for private keys you can generate the resulting wallet and check against the blockchain.. so correcting can be very useful. 19:18:53 <petertodd> luke-jr: what do you mean by "4" in the above? 19:19:12 <luke-jr> [19:12:59] <sipa> bech32 can only correct 2 errors, but detect 4 19:19:36 <gmaxwell> Well it is _guarenteed_ to detect 4 errors, more than 4 you have a 1:2^30 chance of detecting. 19:19:56 <sipa> luke-jr: well it has a 99.9999999068% chance to detect more errors 19:19:58 <luke-jr> if I carefully construct gibberish, I'd expect it to be rejected 19:20:14 <luke-jr> sipa: ah, okay 19:20:38 <petertodd> luke-jr: for this application, the threat is random mistakes, not malice - in the malice case someone could just replace the address anyway 19:20:50 <gmaxwell> This graph shows the probablity of an error going undetected (y) as a function of how likely the user is to make mistakes (x): 19:20:53 <gmaxwell> https://people.xiph.org/~greg/temp/bch-eff3.png 19:21:08 <sipa> jonasschnelli: https://github.com/sipa/bech32/blob/master/ref/python/segwit_addr.py <- full encoder/decoder implementation 19:21:13 <cfields> great work indeed. From what I remember from our discussions before, the work to derive the function was complex, but afterwards, implementing it is simple. Seems best-case to me :). Will review now that it's final. 19:21:42 <jonasschnelli> sipa: 121 lines... yes. thats indeed very simple. 19:21:50 <gmaxwell> As you can see, if the user's error rate is below 3.53 errors per address entered, this code has better protection than a 32bit hash (like base58 check uses). And because of case modulation, users are MUCH less likely to make mistakes with this format. 19:22:38 <gmaxwell> If the user is unlikely to make errors, then the effective protection of this scheme tends to infinity. 19:23:22 <gmaxwell> e.g. 0.1% chance of error per character and the probablity that an errored string goes undetected is 1:2^60. 19:23:40 <sipa> enough on this topic, i guess 19:24:10 <wumpus> other topics? 19:24:18 <gmaxwell> jonasschnelli suggested the der wallet thing. 19:24:30 <jonasschnelli> Yes. We still keep all priv keys DER encoded in BDB 19:24:47 <jonasschnelli> I think we should bundle the next wallet db update with remvoing DER 19:24:50 <gmaxwell> The compressed flag has no effect on our operation. We should always set it IMO... make the wallet sightly smaller. Its dumb that the data is stored at all.. it's not used. But since it's there, better to make it small. 19:25:04 <gmaxwell> if we make the format incompatible, sure. 19:25:29 <jonasschnelli> Reading DER (old versions) must be supported. But new wallets should store in plain. 19:25:33 <wumpus> #topic DER privkeys in wallet 19:25:33 <gmaxwell> Why are we even storing seralized private keys when BIP32 is in use? 19:25:41 <jonasschnelli> Yes. 19:25:44 <jonasschnelli> Importprivkey 19:25:48 <jonasschnelli> and old wallets 19:26:00 <jonasschnelli> But I think HD wallets should only have a single privkey (the HD seed) 19:26:02 <gmaxwell> okay, for that, sure. But I agree, fine to not use DER private keys for that. 19:26:22 <jonasschnelli> Also the seed key is also DER right now. :/ 19:26:27 <gmaxwell> but otherwise there shouldn't be seralized private keys. Pubkeys yes. :) 19:26:37 <gmaxwell> wut 19:26:52 <jonasschnelli> Yes. Ideally it should be... and I think we are working in this direction... 19:26:55 <wumpus> didn't we have an issue related to this? 19:26:56 <gmaxwell> okay well, whatever, there is only one there. We could encode it as cat pictures for all I care. 19:26:56 <phantomcircuit> yeah it's saved using the same format as other private keys 19:27:26 <gmaxwell> wumpus: there is an issue open over the compressed flag, though its inconsequential. 19:27:31 <jonasschnelli> wumpus: Yes. https://github.com/bitcoin/bitcoin/issues/10041 19:27:38 <wumpus> gmaxwell: ok 19:27:44 <jonasschnelli> and a fix: https://github.com/bitcoin/bitcoin/pull/10043 19:27:56 <wumpus> I wasn't aware it was inconsequential 19:27:58 <gmaxwell> I think that to the extent that we continue to write those keys (e.g. for old wallets) that we should always use the compressed flag. 19:28:00 * luke-jr ponders if importprivkey should be rejected for HD wallets 19:28:02 <wumpus> did anyone reply that to the issue? 19:28:03 <jonasschnelli> Though,... as long as nobody reads BDB from the outside it shoudn't matter 19:28:07 <gmaxwell> wumpus: we decided compressed/uncompressed from the pubkey. 19:28:24 <gmaxwell> wumpus: the public key inside the der private key does nothing. 19:28:25 <wumpus> luke-jr: would be nice to keep HD wallets 'pure' 19:28:34 <wumpus> luke-jr: at the least it should throw a warning 19:28:51 <wumpus> gmaxwell: weird :) 19:28:52 <jonasschnelli> luke-jr: Yes. We should reject... in that case 19:28:55 <luke-jr> if we could do warnings, importprivkey should always throw a warning anyway :p 19:29:02 <gmaxwell> Background: The DER private key format includes the public key, along with all the ECC group parameters, and other overheads all packed in hundreds of bytes of ASN1 parsing hell. 19:29:14 <jonasschnelli> wumpus: Yes. It wired... better DER is gone sooner then later 19:29:29 <jonasschnelli> It would be another thing that will make future devs stumbel 19:29:34 <wumpus> agreed 19:29:49 <wumpus> so if there is a backwards-incompatible wallet change, that could be included, I guess 19:29:54 <gmaxwell> Turns out we were trying to tell the der private key to use compressed or not on the basis of the key using compressed or not... but the code was wrong. But it doesn't matter because we never did anything with the private key embedded public key. 19:30:12 <jonasschnelli> wumpus: Yes. The hd chain split... 19:30:23 <jonasschnelli> (which we hopefully can merge soon) 19:30:28 <wumpus> jonasschnelli: right 19:30:55 <jonasschnelli> I think we would have enought time post hd split merge to remove DER for 0.14 19:31:00 <gmaxwell> we should stage up several incompatible changes to make at once, the multitude of versions is a support burden. Changing the private key formats would be one of them. 19:31:09 <luke-jr> jonasschnelli: 0.14 is gone; you mean 0.15? 19:31:13 <BlueMatt> 15 19:31:22 <jonasschnelli> Ergh.. yes. 19:32:13 <jonasschnelli> Do we expect that the wallet db handles error correction or should we directly switch to something like Bech32 for our internal privkey serialisation? 19:32:19 <BlueMatt> gmaxwell: the code looks the same either way? wallet version 14990 14991 14992 can all be in the same release, whatever...code is still wallet.AmUpgradedTo(THING) 19:32:54 <gmaxwell> in our code but not necessarily in other tools. 19:33:00 <gmaxwell> also we have to worry about interactions. 19:33:27 <BlueMatt> fair 19:33:37 <wumpus> the wallet db has no error correction 19:33:38 <BlueMatt> gmaxwell: to be clear, are you suggesting they all happen in one wallet version, or in one release? 19:33:55 <BlueMatt> (I mean we dont support wallet versions from mid-release, but it'd be really annoying...) 19:34:02 <jonasschnelli> wumpus: I think this would/should be very desirable 19:34:04 <wumpus> (berkeleydb doesn't and neither does leveldb, the latter only has detection) 19:34:15 <wumpus> jonasschnelli: yes, encoding privkeys in a resilient format makes sense 19:34:20 <wumpus> jonasschnelli: though doesn't encryption break that? 19:34:30 <wumpus> jonasschnelli: the error correction should be around the encryption, not inside it 19:34:41 <wumpus> otherwise one bit change will completely mangle it anyway 19:34:44 <gmaxwell> BlueMatt: preferable to be one version, but certantly one release. I don't know that we really don't support midrelease wallets. "sorry dude, your funds are gone, you made the mistake of helping us test." :P there are degrees of non-support. 19:34:48 <luke-jr> we have never broken wallet versions from mid-release AFAIK 19:34:50 <jonasschnelli> wumpus: good point 19:35:18 <gmaxwell> bech32 is not helpful for the kinds of errors we would find on disk.. you'll usually lose a whole sector at a time. 19:35:24 <wumpus> eh, wallets from mid-release should not suddenly break in later updates 19:35:45 <jonasschnelli> There is also a PR i'd like to bundle with chain-split/rm DER that would detatch the client version from the wallet version/migration handling (PR is called "wallet flags" or similar) 19:35:48 <gmaxwell> To make a wallet database master key error robust you should just repeat it across multiple disk sectors. :P 19:36:01 <wumpus> gmaxwell: I've seen single bit errors happen on disk too, though usually due to bus errors 19:36:28 <gmaxwell> wumpus: yea, but not as common. And it would be fine to have a wallet format with a 4kb master key. .. but I think thats stuff to think about for the post BDB world. 19:36:30 <petertodd> wumpus: repeating across multiple disk errors fixes that too :) 19:36:33 <wumpus> but some of the corrupted block files I"ve analyzed certainly had single bit errors 19:36:47 <gmaxwell> sorry I stated it too strongly. 19:37:18 <wumpus> in any case - for HD wallets we need to store way less private keys 19:37:22 <wumpus> so blowing up the master key to 4kb is fine 19:37:32 <gmaxwell> ya, t'was my intended point. :) 19:37:35 <wumpus> if that helps protect against various kinds of corruption 19:37:40 <BlueMatt> gmaxwell: ok, so multiple version numbers, but external tools only need support them as a group and -walletupgrade only supports them as a group? 19:38:16 <sipa> the wallet flags idea removes that release/walletversion inconsistency completely 19:38:16 <gmaxwell> BlueMatt: I think that would be okay but why multiple versions? add the code with the features, then a patch that turns all of them on with a single version. 19:38:52 <sipa> gmaxwell: that's very hard for testing 19:39:16 <sipa> as you'd need to be able to override the min version in tests to be able to even observe the feature 19:39:19 <BlueMatt> yea, was just thinking easier for review burden, but I suppose thats fine too 19:39:35 <BlueMatt> sipa: not so hard to have an extra commit in a pr that doesnt get merged 19:39:44 <sipa> BlueMatt: ugh 19:39:48 <gmaxwell> we just create support hurdles for ourselves supporting mixed features. "oh this change brakes bob's wallet because he had a mid-release version that had X and not Y" 19:39:54 <sipa> code in master should be testable 19:40:19 <sipa> wallet flags does not necessarily imply supporting mixed features 19:40:41 <gmaxwell> As long as it doesn't then I don't mind. 19:40:56 <gmaxwell> Just please lets not dribble in three different incompatible versions during a release cycle. 19:41:03 <BlueMatt> jonasschnelli: detaching client version, fine, but would strongly prefer a serially increasing version number and not flags 19:41:06 <gmaxwell> and end up with people with weird wallets that will break later. 19:41:24 <sipa> we could also detach walletversion from client version 19:41:32 <sipa> that would accomplish the same thing 19:41:38 <BlueMatt> yea, that ^ 19:41:41 <gmaxwell> unless we're going to add tests for all the possible variations we shouldn't let people running master encounter them unawares. 19:41:46 <sipa> and just increment the wallet version when a new feature is added 19:41:52 <BlueMatt> wasnt sipa magic number picker for a while? can we just go back to that 19:42:12 <BlueMatt> or jonasschnelli, since he owns wallet these days, mostly 19:42:21 <gmaxwell> for testing you should just be able to set a commandline paramter that turns on future versions/features. 19:42:51 <gmaxwell> e.g. default wallet created is version X but there is code for version Y (or flag Y) and you can ask for it for testing, but until its the default its unstable and all bets are off. 19:43:13 <jonasschnelli> Need to think about it. Flags seems to be good anyways (supports HD, watch only,...) but most not be linked to the wallet database version.. hmm.. 19:43:25 <gmaxwell> I don't care if we retain compatiblity for a wallet someone created by running bitcoind with --force-wallet-screw-me-over-now-now-now 19:43:28 <jonasschnelli> s/most/must 19:44:06 <BlueMatt> jonasschnelli: flags just makes things more complicated to support (interactions, yuck), and I'm not sure we have a compelling use-case for turning on some stuff but not others, aside from "I want my wallet to work all the way back to version 0.X" 19:44:11 <gmaxwell> And I'm fine with flags too, of course, but not with supporting arbritary combinations. (unless someone really wants to build extensive automated testing for all the combinations) 19:44:37 <luke-jr> BlueMatt: Core isn't the only compatible wallet. 19:44:47 <gmaxwell> e.g. basically a version implies flags... and you use flags in the code, and that doesn't mean that all combinations of flags get tested. 19:45:13 <BlueMatt> luke-jr: all other wallets that read our wallet format are unsupported, I believe (and, hell, probably easier for them if we dont have flags with interactions...) 19:45:15 <jtimon> right, you can have flags and maybe even have debug option for experimental wallet features that we can remove in releases (or just not leave any wallet feature that doesn't have a version yet) 19:45:22 <jonasschnelli> Flags would allow flexible backporting? But I think we don't want to do this. 19:45:35 <jtimon> or just an extra commit that doesn't get merged like BlueMatt says 19:45:40 <luke-jr> BlueMatt: you're rather aggressive with "unsupported" IMO 19:45:42 <wumpus> we never backport wallet features 19:45:54 <gmaxwell> luke-jr: Our _binary_ wallet format isn't intended to be interoperable. If it is, great! but without a spec and a moving target, it isn't something we can guaretee. To begin with there would need to be an extensive all features all flags test suite... and I think it would be a waste of time to construct that for this format (esp since we're never going to specify BDB itself). 19:45:57 <BlueMatt> luke-jr: we have limited resources, but, fair point 19:46:11 <wumpus> yes, the database formats are not an external interface 19:46:58 <wumpus> we reserve the right to change them completely from one release to another without advance notice, though that will usually not happen 19:47:05 <gmaxwell> I don't know if wallet format compatiblity is a reasonable goal in general, at least not this year-- just because it's so integrally tied to the functionality. 19:47:27 <wumpus> older wallets should *always* work 19:47:34 <wumpus> that's the only guarantee 19:47:36 <gmaxwell> but obviously we don't want to create unnecessary incompatiblity. 19:47:43 <gmaxwell> right. 19:47:51 <gmaxwell> okay, is this horse dead yet? 19:47:55 <wumpus> yes 19:47:57 <jonasschnelli> yes 19:47:59 <wumpus> other topics? 19:48:07 <sipa> lunch? 19:48:11 <gmaxwell> I'd like to know if people might be willing to sign onto a statement like this: 19:48:12 <luke-jr> wallet format changes move slowly. I try to avoid backporting pending PRs to Knots now, but IMO once they get merged they should be fair. 19:48:15 <gmaxwell> https://0bin.net/paste/vSuqwACPe8WzpCnI#4katsiFvmtzK85e8eNgNVuElwD8kTbjPVuQnkontSyF 19:48:17 <gribble> https://github.com/bitcoin/bitcoin/issues/4 | Export/Import wallet in a human readable, future-proof format · Issue #4 · bitcoin/bitcoin · GitHub 19:48:29 <jtimon> sorry, "--force-wallet-screw-me-over-now-now-now" is exactly what I meant 19:48:32 <petertodd> gmaxwell: ACK 19:48:32 * BlueMatt proposes we have a weekly call for "what pr are you blocked on and want review on", though we've had mixed results when I've done that before 19:48:36 <gmaxwell> (gee thanks for the link gribble) 19:49:06 <wumpus> #topic statement against running closed source node code 19:49:16 <kanzure> "If it ever does, you may safely assume that the actual contributors to the project are locked in a basement somewhere. In that case, please send help." and food 19:49:21 <luke-jr> gmaxwell: I haven't thought about it sufficiently to be certain about "never" 19:49:23 <wumpus> gmaxwell: ACK 19:49:30 <petertodd> gmaxwell: though I think the statement should be a little more clear on what the risks are - this is money so such a binary may very well be an attempt to steal your coins 19:49:51 <wumpus> or may have hidden vulnerabilities, bugdoors and backdoors 19:50:01 <BlueMatt> gmaxwell: seems reasonable 19:50:04 <jtimon> BlueMatt: the original flags can be replaced with the version flag once you have a version for a set of them 19:50:07 <kanzure> yep seems good to me 19:50:20 <gmaxwell> luke-jr: I think I have, plus 1001 other open source packages have. As I point out in the document even if all other options fail, "shut off" remains an option too. 19:50:27 <jonasschnelli> Yes. A statement would be good. Also.. github.binaries with a SHA256 on reddit is _not_ want you want for a such ecosystem 19:50:31 <luke-jr> true 19:50:41 <petertodd> wumpus: see, I think it's good to say in such a statement "hidden vulnerabilities, bugdoors and backdoors" and *also* give a 100% concrete example for the non-devs reading it 19:50:41 <jtimon> I mean, you can have a single fWalletForNextVersionExperimental flag 19:50:42 <gmaxwell> okay well I would welcome revisions. I didn't want to make it long and explaining all the options and risks. 19:50:58 <gmaxwell> Just saying "don't run these things if 'we' do" is protective to both the users and us. 19:51:04 <wumpus> we have this stringent gitian process which costs quite a lot of time, maybe we should put more focus on it... 19:51:34 <gmaxwell> In any earlier draft I had listed out some of the options we have (and have used before) and it was 3x longer than this just explining a couple of them. :) 19:51:45 <kanzure> also, submitting source code "later" is not acceptable either 19:51:47 <achow101> the statement should say "Bitcoin Core project", not "Bitcoin project" IMO 19:51:52 <wumpus> I sometimes have the feeling we're doing all this auditability for nothing if people are ready to just download random crap binaries of the internet and run them, though I guess some do validate it... 19:52:07 <gmaxwell> wumpus: well we know not everyone does that. 19:52:19 <sipa> wumpus: i think it's a slow process... the best we can do is talk about it, and highlight what we're doing 19:52:37 <sipa> and just the increase in number of gitian builders on itself is a good sign 19:52:40 <kanzure> mentioning bugdoors, backdoors and other malware is important 19:52:46 <sipa> (reminds me, i need to build 0.14...) 19:53:05 <petertodd> wumpus: I know for a fact that many high-value users do verify PGP signatures and the like, e.g. exchanges and custodians. That effort isn't wasted. 19:53:07 <gmaxwell> okay, well I can work with some people on some language twiddling. Sounds like a couple people are interested. 19:53:20 <wumpus> I guess the important thing is that some people do validate it, and can raise a stink if things don't match, which is not possible with random crap executables 19:53:28 <wumpus> petertodd: right. 19:53:29 <gmaxwell> and luke-jr if you want to talk later and have me convince you that we'd would never in the future do a binary release, I'd be happy to. 19:53:39 <BlueMatt> one of these days I'm gonna finally convince cfields to finish his "trusting trust" compiler-builder for use in gitian, then I'll be much louder...the trusting-ubuntu part of gitian is...irritating at best (but still infinitely better than the alternative) 19:53:48 <gmaxwell> (_NEVER_ I mean, in the strongest sense, I'm sure you already are convinced that almost never would hold) 19:54:09 <luke-jr> yeah, I certainly can't think of any circumstances that would ever justify it. 19:54:42 <cfields> BlueMatt: yea, that's a goal of mine for 0.15. 19:54:43 <petertodd> gmaxwell: I like that you explicitly mentioned in that doc that interruption of service is perferable 19:54:54 <BlueMatt> cfields: yippee 19:55:02 <BlueMatt> topic? 19:55:11 * BlueMatt proposes we have a weekly call for "what pr are you blocked on and want review on", though we've had mixed results when I've done that before 19:55:26 <gmaxwell> petertodd: well I tested some of this explination on reddit while talking to people 1:1 about some things. so I have an idea of what needs to be explained. 19:55:34 <jtimon> gmaxwell: I would prefer if we mentioned free software explicitly or even replace open source with free software, but I agree with everything said in that statement 19:55:36 <sipa> BlueMatt: sounds good to me 19:55:43 <sipa> BlueMatt: everyone gets to list 1 PR? 19:55:49 <BlueMatt> sipa: sure 19:55:51 <jonasschnelli> Maybe two? :) 19:55:58 <BlueMatt> mine is 9725 19:56:02 <gmaxwell> jtimon: ack. Thanks for the feedback I'll revise some and consult with others that had comments. 19:56:06 <jonasschnelli> #9725 19:56:09 <gribble> https://github.com/bitcoin/bitcoin/issues/9725 | CValidationInterface Cleanups by TheBlueMatt · Pull Request #9725 · bitcoin/bitcoin · GitHub 19:56:11 <wumpus> so jonasschnelli's wallet chain split seems important 19:56:21 <jonasschnelli> yes. please. #9294 19:56:25 <gribble> https://github.com/bitcoin/bitcoin/issues/9294 | Use internal HD chain for change outputs (hd split) by jonasschnelli · Pull Request #9294 · bitcoin/bitcoin · GitHub 19:56:26 <kanzure> on that last topic, uh, maybe wee should point out that backdoors have been found in node software already (ahem some exchanges come to mind..). 19:56:33 <BlueMatt> list from last week was #8694, 9294, 9725 and #7729 19:56:35 <gribble> https://github.com/bitcoin/bitcoin/issues/8694 | Basic multiwallet support by luke-jr · Pull Request #8694 · bitcoin/bitcoin · GitHub 19:56:39 <gribble> https://github.com/bitcoin/bitcoin/issues/7729 | An error has occurred and has been logged. Please contact this bot's administrator for more information. 19:57:06 <BlueMatt> any additions/replacements or should we let the list stand? 19:57:47 <gmaxwell> #9959 could probably take some more reviews. 19:57:48 <wumpus> I'd also really like to have feedback on my patches to add UNIX sockets support at some point (#9979, #9919) though it's not really urgent 19:57:49 <gribble> https://github.com/bitcoin/bitcoin/issues/9959 | Mining: Prevent slowdown in CreateNewBlock on large mempools by sdaftuar · Pull Request #9959 · bitcoin/bitcoin · GitHub 19:57:50 <gribble> https://github.com/bitcoin/bitcoin/issues/9979 | p2p: Bare minimum to support UNIX sockets by laanwj · Pull Request #9979 · bitcoin/bitcoin · GitHub 19:57:52 <gribble> https://github.com/bitcoin/bitcoin/issues/9919 | UNIX sockets support for RPC by laanwj · Pull Request #9919 · bitcoin/bitcoin · GitHub 19:58:05 <gmaxwell> (suhas doesn't appear to be here now, so I thought I'd mention it) 19:58:07 * jtimon reminds to build 0.14 19:58:30 <luke-jr> I still have to look over BlueMatt's review on multiwallet, so I'll refrain from listing one this time ;) 19:58:34 <gmaxwell> wumpus: Those are a great idea. I will be trying them out. Did we find out if your patch to libevent is going to make it upstream? 19:58:35 <cfields> wumpus: ah, i hadn't seen the p2p one 19:58:40 <jonasschnelli> Can we keep the most important 1PR list on github somehow? A project? 19:58:57 <sipa> jonasschnelli: sounds good to me 19:59:02 <jonasschnelli> I think this would be great because priorizing reviews is hard right now 19:59:10 <wumpus> gmaxwell: still haven't heard about that one, but I don't think it should matter for getting these patches in 19:59:11 <sipa> a PR can belong to multiple projects, right? 19:59:21 <gmaxwell> keep in mind to prioritize things that we would want in a 0.14.1. 19:59:23 <wumpus> sipa: AFAIK yes 19:59:26 <jonasschnelli> hopefully 19:59:29 <luke-jr> PR labels seems workable for that too 19:59:37 <wumpus> we already have so many labels 19:59:39 <luke-jr> "Top Priority" or somethign perhaps 19:59:48 <luke-jr> wumpus: but labels are easy to filter :D 19:59:59 <wumpus> also I use those to classify pulls for the release notes, so I'd prefer not to use them for non-categoritical things 20:00:04 <jonasschnelli> Project seems to be the better choice... 20:00:07 <wumpus> yes 20:00:12 <gmaxwell> "author:wumpus" (since he does most of the merging any of his PRs are effectively 1-reviewer disadvantaged for getting in) 20:00:17 <sipa> DONG 20:00:29 <wumpus> #endmeeting