< instagibbs>
wumpus, it's kind of scary material to review imo
< instagibbs>
but i can at least read it
< instagibbs>
err wait, maybe this is different one, nvm
< wumpus>
instagibbs: that's why I request reviews on it, the worst-case scenario to review for would be loss of randomness for wallet key generation
< wumpus>
for the rest, randomness is used for DoS avoidance in P2P code and unordered_map hashing and such; would be bad if it breaks, but not as disastrous ast ehe ffect on the wallet
< sipa>
as a reviewer you probably want to reason through what happens in a call to GetStrongRandBytes
< sipa>
to see that all those randomness sources are actually affecting the output
< instagibbs>
I've done that historically at least, I'll take a look
< wumpus>
instagibbs: thanks!
< promag>
wumpus: nit, don't mind my nits
< wumpus>
promag: I agree; we waited a few days for the author to update for it, but if they don't, let's just merge imo
< wumpus>
(FWIW I think this is good, if you really have to file a single-line change to the documentation, be prepared to get a lot of review on it :-) )
< sipa>
yeah...
< provoostenator>
sipa: sounds like a good opportunity to read up on some C++ concepts, added to my review list. At least it compiles on macOS and two new wallets don't get the same address :-)
< sipa>
provoostenator: unfortunately, the class of likely bugs in a system like this will not result in duplicate randomness, but just predictable one (for example, the Debian OpenSSL bug from a few years ago resulted in randomness with a bit over 16 bits of entropy, meaning you'd still need to observe 1000s to observe anything bad)
< provoostenator>
Indeed, touching this code is scary. But is waiting for the next OpenSSL drama I guess?
< provoostenator>
*so is
< sipa>
i think at this point we're already not relying on openssl for much except belt and suspenders
< gmaxwell>
[ignoring BIP70] Now we're just stuck issuing new binaries the next time there is some zomg panic about openssl because we statically link to it.
< sipa>
yup
< sipa>
i think i would describe our openssl dependency as annoying, so we'd like to get rid of it - but there isn't any specific pressing reason to do so
< gmaxwell>
via bip 70 though it could actually introduce vulnerabilities, though thats really a question about getting rid of bip70, not openssl.
< provoostenator>
BIP70 is depreacted so depending on when disaster happens, we could then just ship a new binary with OpenSSL removed.
< gmaxwell>
yea, if anyone has any funds left after. :)
< cjd>
is it common to connect nodes holding money to the public network ? I assumed that by now everyone was using a guard node which relayed for their LAN
< gmaxwell>
cjd: they should be but my expirence is that almost no one does... the resource usage of doing so is quite considerable.
< cjd>
ahh ok
< gmaxwell>
Also BIP70s implementation inherently had to be run from a wallet.
< gmaxwell>
My statement was mostly hyperbole, but had an underlying point that "wait until it fails" isn't a great move. :P
< cjd>
hm, lightning network is going to create some pressure to run big money on network-connected servers
< gkrizek>
wumpus: Are you able to still see the configuration for the IRC GitHub Service? I'm working on a replacement, but I'm not sure what the events were it would comment about in here .
< gkrizek>
Seems like it was push to any branch, PR open, close, merge.
< echeveria>
gmaxwell: sipa: bip70 could kinda be a different binary at this point, but I don't think it's level of use justifies any sort of investment in development.
< echeveria>
if this was my software I'd be putting a bounty in the bip70 payment window to see if anybody notices it. you found the secret bit! send a letter to this address and we'll mail you a prize!
< gmaxwell>
yea, I think bip70 as an external program would be nice, except no one cares about it...
< gmaxwell>
it always should have been done that way.
< gmaxwell>
I even went and tried to break it out at one point, but it was implemented with QT crap... (which is stupid, the external program could operate just as a commandline tool, ...)