Last Notes
I still use a 5 year old Apple Watch because there have been no new features worth spending a dollar for.
I’ve seen lots of people argue it’s terrible while suggesting alternatives that don’t provide the important features it offers…. And no one suggesting alternatives that do.
Of course also most of the arguments against it I’ve seen have been lazy af (eg “tor is slow so onion messages will be”…. Ignoring that they’re a totally different design lol).
But…Maybe just install Phoenix and try it? :)
I mean as a simple v1 we could just replace it with BOLT 12 as-is? It’s pretty simple to swap in, and BOLT 12’s reusability + proof of payment means you could still announce the zap on nostr.
(And, to be clear, if we want to avoid onion messages you could still do BOLT 12 over nostr, though I’d generally recommend against for privacy reasons)
LNURL-P indeed should be replaced…. But to replace it with a version of BOLT 12 reimplemented on nostr that misses out on ~all BOLT 12’s features (like, you know, recipient privacy, among many orders) just because NIH would be a massive disservice to Nostr users. #note1740…y88h
The website is open-source, though currently entirely static…IIUC to do those changes it would have to no longer be static :/
Yea, I don’t think I buy that we’ll be able to get our act together enough to start cryptographically signing things for reasonable authenticity. My hot take is this actually drives people back to mainstream media as arbiters of truth.
I can’t, cause others never shipped a fix so I shouldn’t disclose issues that aren’t mine.
Today you can see the lightning nodes that ship fixes for novel attacks quickly (eclair and LDK, which did some force closures as a result of the fix) and those that don’t respond to security issues after months.
I mean the power available to do that from inside a hardware wallet is probably not gonna make it far enough for much anyone to do much with it, doubly so if you only have a relatively limited time to get it through before you run out of power.
Sadly no implementation exists for Taproot AFAIK, but the BitBox folks have a PR to secp256k1-zkp at least.
Yea, I mean it’s not like anti-exfil is perfect it doesn’t have UX challenges in some specific use cases, would be great to have someone who doesn’t use it on, eg the Jade folks only use it when plugged in, not in air gapped mode.
Not as a full-timer, but I’ve helped several hardware wallets in the design stage and have built Bitcoin wallets (and basically every other kind of Bitcoin protocol) over the past ~14 years.
Yea, someone probably should. Probably one of the hardware wallet vendors who are complaining that there’s no standard and that’s why they never bothered to implement it (nevermind that it’s implemented in secp256k1-zkp and can be done at the HWI driver layer, but indeed it’s be better as a PSBT field).
Look like @npub1az9…m8y8 is avoiding opinions he disagrees with on his podcast, so which one should I go on instead to talk about hardware wallet issues? https://image.nostr.build/e73fac49e7e40f67b1d0f2842f63ed3dd96e23649cf60a85575481177c88a847.jpg
The issue with exfil is that the computer can’t detect whether the nonce is malicious or not, so it can’t block the attack. What you really want is for the nonce used to sign to be provably random, by simply having the computer add some of its own randomness to nonce, plus some deterministic message+pk hash from the hardware wallet (ala 6979). That way the HWW cannot exfil.
While you’re at it you should also include randomness from the computer in the seed generation process so that the private keys themselves don’t rely on only the HWW.
Neither of these are complicated, FROST is built around the same kind of nonce agreement protocol and including the randomness from the computer in key gen is just a matter of adding a second private key.
I understand the data to be signed and tied to an Apple ID. It may well also be tied to some per-device factory-sealed key. I mean you can always buy 256 real AirTags but hardware modifications are much more likely to be detected than software ones.
My point was I’m not sure you can pretend you’re *any* devices without being an Apple device. In any case #nevent1q…8fpa
If you sign on two devices and check that they match, yes, that addresses the issue, but now you have two devices with your seed and a very annoying UX (that might also fail due to fine signature grinding differences).
Really HWWs need to implement anti-exfil and generate keys with computer randomness - there’s no excuse for the fact that hardware wallets are trusted, they don’t need to be!
You can definitely include a GSM chip for cheap, but now the device board actually looks visually different, which people can identify, even if admittedly relatively few would. Still, if you did this en-masse it’d likely be discovered before too long, whereas a malicious firmware likely would not.
It’s also implemented in secp256k1-zkp.
Any method of cooperatively building a nonce (eg stuff things do for FROST, it’s the same problem).
In theory, but I’m not sure if you can transmit arbitrary messages over that without being Apple.
How about you have me on your bitcoin review show and we chat about it in detail so we can get into all the technical details and how realistic various attacks are :). #note1ftm…k6qd
AFAIU you can implement it entirely in the driver rather than in the wallet itself (BitBox apparently did this for their HWI driver).
Except you aren’t…it’s very (cryptographically) easy to build a hardware wallet which cannot steal your coins*! But no one does, that’s absurd!
* without cooperating with your computer/phone.
No? Sparrow supports anti-exfil with BitBox Afaiu.
You can just download those software packages once and rarely upgrade and you’re safe. Unlike a compromised HWW which can lie to you about the status of its firmware.
Multisig is, passphrase is not.
That’s not a scalable attack. In that model the attacker has to be kinda nearby when you use the HWW.
Oops, sorry, I forgot we can fix both sides of malicious hardware wallets - a malicious hardware wallet should not be able to steal your coin, it’s not complicated to force attackers to compromise both your computer *and* hardware wallet, but current devices just…. Don’t. That’s embarrassing!
(Except for multisig setups). #note1m80…ga9y
A Laptop is not a device purpose-built to store millions of dollars in bearer-assets. It’s a much less juicy target.
Yes, hence why I’d call them “incompetent bordering on malicious” :)
With verified software, much better than most hardware wallets.
To be fair to BitKey and one or two others, this attack doesn’t apply to Multisig wallets, anti-exfil doesn’t actually matter if you’re not doing single-sig.
So the acceptable-security hardware wallet list is BitKey, Jade, and BitBox. #note1m80…ga9y
Hardware Wallets are devices designed to hold bearer assets which can be trivially stolen if you leak the private key(s). There’s many, many people involved in the manufacture of each hardware wallet, each of which might wish to make free money by backdooring the hardware wallet. For every other hardware wallet, you’re blindly trusting Amazon/UPS/five factories in China/the webserver you got the firmware from/etc/etc. Sure, most hardware wallets have tried to be robust against these attacks, but there’s frankly just not that much that can be done.
Wouldn’t it be nice if you didn’t have to trust the device at all, but rather an attacker would have to compromise *both* your hardware wallet and your computer? Well, we’ve had the tech to do this for many, many years! The fact that only two hardware wallets bothered to implement this boggles my mind. It’s impressive incompetence, bordering on maliciousness, honestly. #note1674…l5y4
Any hardware wallet could have implemented anti-exfil signing at any point in the last 5 or more years, with minimal/no UX change. The fact that none bothered is sheer incompetence bordering on maliciousness.
They bothered to implement anti-exfil (provably random nonces). This means that a malicious firmware or even malicious hardware wallet can’t steal your coin! For every other hardware wallet, you’re blindly trusting Amazon/UPS/five factories in China/the webserver you got the firmware from/etc/etc. The idea that none of these parties have anyone working there who might want to go steal people’s coin is absurd, frankly.
Stop using hardware wallets that don’t take security seriously (sadly, all of them except Jade and BitBox). This is a novel construction, but the class of attacks is very old.
A laptop purchased in person, immediately installing Linux without ever connecting it to the Internet is a much better way to store coin than hardware wallets. Which, frankly, is just embarrassing incompetence for the hardware wallet industry.
https://darkskippy.com/
It’s the “custodial” requirement here that gets you no answer. Ignore that and there’s a few Breez SDK wallets, some LDK-node ones coming soon, plus Mutiny, Phoenix, etc. custodial wallets aren’t legal without KYC most places in the world…
Nothing beats left-side LaGuardia approach on a clear day/night.
(This is a wide-angle lens, you’re really right over Manhattan) https://image.nostr.build/75c7c981ea09f36adf001e0d5f8db8d47e914710036fa255d84ad3599dc269b1.jpg
Final reaction: wow, Trump’s team really doesn’t understand bitcoin at all. So much for them being assisted by bitcoiners. #note1e0e…34m2
I can never tell if this is just the pain of being a bitcoiner or if we’re just wrong…
Remember that there are likely to be many Bitcoin Whales in Nashville, making its prime target. Leave your keys at home. Assume your laptop will be backdoored if you leave it alone. Be aware.
He dropped out a long time after the assassination attempt (in political time) - after the RNC and getting covid (which may well have him quite sick right now). He also dropped out at basically the last possible minute before the (now-delayed) online delegate voting for the formal Democratic nomination starts. The pressure for Biden to drop out got its loudest late last week, right before he dropped out.
Sadly it’s on-chain or, in the future, BOLT 12. Some wallets support lnurl for this but it’s a bit spotty and don’t think it’s growing.
For those impacted by the Swan news, I’m sorry. Layoffs suck when you did nothing don’t.
But, Spiral is still hiring for LDK engineer(s) as well as the “wizard” role!
apply@spiral.xyz
You can vote write-in and vote literally “none of the above” (or anyone, my grandfather has recently taken to voting for his friend down the street).
Its the “selecting a custodian you trust” part that makes the UX impossible to build :(
Not if we get Dimon at Treasury. That would be worse than Mnuchin, probably, and definitely worse than Yellen.
I mean I’d call Oblivious-(DNS-over-)HTTP a VPN/proxy? People can do that if they want.
I’m already worn out from Nashville and I haven’t even gone there yet.
Meanwhile tons of bitcoiners are still frothing at the mouth for him after the news that he’s considering someone who hates Bitcoin for the role which impacts Bitcoin the most 🤦♂️
Then bitcoiners need to fundamentally change what they work on. Mining centralization is a joke, mints creating more custodial operations 🤦♂️…. People keep saying this but bitcoiners are not building like it’s true.
Absolutely, without question, worse.
Ha, if this is true another Trump administration will be worse for Bitcoin than the current Biden one 🤦♂️ https://image.nostr.build/17daa5d6e6e976744ddd064c437e2c3c135db0d5abed093108151c1399e5d46c.jpg
Ah, I missed the header/author, sorry! I don’t disagree with his conclusions, but my point was rather different :)
You might be surprised :)
A lot of people talk about “attacks on bitcoin”, but they’re usually just people doing something you don’t like. In rare cases, though, these things can have severe consequences for the entire Bitcoin system.
This is what an attack on Bitcoin looks like https://github.com/rollkit/rollkit/issues/761#issuecomment-2195853303
Have you ever taken a serious look at TLS/X.509/Certificate Authorities/DNS Poisoning/BGP Hijacking……..? :)
Bitcoin is comparatively simple! Lightning maybe less so 😅
They is a political standards organization that is the successor to the people who invented http :)
They’re moaning about people having to make sure their site works with TLS? Seems like a weird complaint. My issue is that TLS is an overcomplicated beast of a protocol (okay somewhat better with 1.3, but even still), which is the enemy of security, we have like 100 “roots of trust” in the form of CAs, most of which have a long history of being terrible, it relies on too many pieces of an increasingly huge stack, etc….
DNS is so much less complexity/attack surface than HTTPS. HTTPS/TLS are terrible protocols that should be constrained to web browsers. #note1rqz…kqc7
The one good thing GDPR did was make almost all domain whois private by law.
Get any domain, enable DNSSEC, add a Bitcoin: URI to username.user._bitcoin-payment.yourdomain in a TXT record. Done.
You can also now use https://satsto.me which should give reasonable error messages (currently says “The server indicated the records we needed were not DNSSEC-authenticated” for the example name you gave).
Don’t have a specific one to recommend, but googling “bind authorative server” should turn things up.
Curious about this new BIP 353/Human Readable Names thing but don’t have a wallet that supports it yet? Want to see if you set it up right?
Head over to https://satsto.me/ to resolve them to legacy addresses!
It’s not just BOLT12, either, any reusable bitcoin addresses can go in there (but preferably ones that don’t cause on-chain address reuse)!
I have seen no performance issues hosting a few million records on RPis for https://bitcoinheaders.net/
But, BIP 353 does contemplate doing multiple users in a single wildcard record.
There’s absolutely no limit. Some hosting providers add arbitrary limits but even the entire Bitcoin header tree in DNS records running in BIND is like 1G of memory…
https://bitcoinheaders.net/
That’s a technical/encoding detail that’s not really relevant. In practice a TXT record is a blob of data. Whether it’s encoded as multiple blobs or not doesn’t matter, things work just fine :)
Why not just go the LNDK route and use the LDK BOLT12/onion message code (which is usable directly without the rest)?
If you think the American Red Team are pro-freedom and the American Blue Team are anti-freedom you may want to get checked for brain worms. Neither is even remotely close to that consistent and both are pro- or anti-freedom on various specific issues. Bitcoin can absolutely speak to both of the American partisan teams depending on which features and groups of people you focus on.
Suggesting that Liberals (not liberals) have nothing to like about Bitcoin is short-sighted and lacks creativity. There have been literal books written on this topic.
Absolutely without question. The worst thing for bitcoin is that it continues to be more and more a partisan issue. #note1umd…6rz2
Ah, yea, okay, .xyz gets used by spammers a *ton* so I think they did this to fix their spam problem (lots of people just block *.xyz these days), but what a terrible idea…
When in doubt, use .org for infra domains, always.
Oh wild, seems that registry is super obnoxious. 🤦♂️
Is there any more info available here? I’m somewhat surprised to hear (and Google doesn’t seem to have any results for) a TLD seizing a domain outright. I could see a shitty registrar (GoDaddy or whatever) doing so, however.
Shouldn’t really be a huge deal? The node will just connect outbound from a new IP instead.
Y’all don’t deserve a bull market
Sooo…no one who isn’t super pro-OP_CAT?
It’s always how slow CI is, but somehow when I run it on an RPi it still never fails. I struggle to understand where GitHub gets machines as slow as Actions runners, but I guess we get what we pay for.
Like Dann Francisco during burning man, where you can find street parking everywhere. Aka Parking Man.
Sure, creative lawyers are great, but my note was this doesn’t scale, not that it can’t be done. After a certain scale creative reinterpretations of the law results in jail time :(
Right, this isn’t buy-and-withdraw, this is operating a server that enables people to exchange funds while remaining wholly custodial…. Let’s not get excited, this cannot scale without jail :(
Is there a jurisdiction where a bank could run a mint? I’d think operating a mint clearly violates AML regulations in every reasonable jurisdiction in the world.
Human-Readable names as a part of it, hopefully :). Then there’s one recipient name and it can pay both SP and BOLT12 instructions.
What if (though no specific proposal I’m aware of does) something were to enable that while also offering some great bitcoin scaling solution that allows for fast noncustodial transactions without regulatory questions or onboarding fees?
I don’t think it’s quite that simple. Things may have value to both camps.
I legitimately can’t tell if the Taproot Wizards people are trying to tank any chance of OP_CAT activation by running around claiming their for-profit company is going to forcibly activate a bitcoin soft-fork or not. https://image.nostr.build/ea501b727543d8d43b9deef73c44976f622e2a43393d83f8589a4a762c00dd7f.jpg
Indeed, may legitimately be the case.
Rollup sequencers are MSBs.
Of course, I agree with you, we need something more than just lightning, but we haven’t found it yet, covanents or no.
I’m not convinced any of the options “opened” by CTV are going to hugely move the needle, honestly. There’s some marginal gains to lightning and mayybbeee timeout trees are compelling, but there’s big regulatory questions there and the trust model isn’t as great :/
Yay we’re back to segwit2x with fork proponents pushing their narrative in the press. https://archive.is/20240601112759/https://www.bloomberg.com/news/articles/2024-06-01/bitcoin-debate-heats-up-over-software-revamp-to-add-new-features
To be clear, the ring sig I suggest here isn’t about the custody of funds, but as a way to announce who is operating the mint without actually revealing specifically who is operating the mint. This could allow mints a new position in the privacy-transparency tradeoff. I don’t believe this has been implemented anywhere, all mints are either privately operated (and may steal your funds) or transparently operated (and the government may steal your funds in a seizure).
The US will throw you in prison for operating a mixer, probably.
I thought mutiny didn’t want to run a mint?
I mean certainly any sufficiently-large mint is never gonna last, the question is how to make small-ish mints that lots of people can put $20 in last. Fully public small mints probably still get smacked down, but maybe this gives you a sweet spot between private-enough ownership but still trusted-enough ownership?
Note that this is not my idea, it’s actually a very old idea I believe due to Maxwell.
If we want ecash to have any hope of working out, we need anonymous mints, but anonymous mints are likely to get stolen. Instead, we need anonymous mints that are operated by one of N well-known and trusted parties. Mint operator(s) should take N public keys known to be from N well-known and trusted persons in the bitcoin space, then create ring sig(s) across those N to reveal that they are one of those N parties, but not which one.
Given many long-timers at one point or another had public donation addresses or some other key that is known to be theirs, this should actually be relatively doable, just don’t put too much money in the mint :)
Fair enough. I guess I just hope we can get to a place where folks like Mutiny don’t have to ever consider leaving the US. And that means playing the game, both political lobbying (usually not money, to be clear, mostly just outreach, but also direct ad buys, etc) and using the courts to push back on overreach. I’m sadly not sure what other approach exists given the state will use force to get their way.
Didn’t you get mad at me for telling people to care about regulators and voting and now you’re talking about how people should vote for trump? Seems like we’ve been making the same point :)
Want people to adopt silent payments? Tie their support to human readable names and watch users demand the UX improvements :)
Also CPU/memory - people would regularly fail IVD on various early RPis cause they’d corrupt memory when they got hot.
What assumption that I made is unrealistic, or even not-highly-likely? I mean centralized parties are already declining to offer services for non custodial use (see Phoenix).
I don’t buy for a second you’ll be able to do that in the long term if we don’t fix these issues. Sure the massive problems we have now aren’t materially trickling down to breaking the system yet, but are we building a Bitcoin for today or a Bitcoin for a decade or two from now?
Then I’m definitely done caring about bitcoin. I mean sure some people just want the 21M cap and they’ll be happy, but those of us who wanted to be able to send value to others without being censorable….
And yet it hasn’t fixed mining centralization in a decade?
Bitcoiners need to wake up. Things are not going great for Orange Coin, at least if you care about more than price.
I’m quite skeptical that solution scales, but I’m really happy people are still trying to make it a reality, and if it does get big, I’ll be ecstatic!
If lightning doesn’t have noncustodial mobile, people will just use custodial mobile. I’m all for pleb routing nodes, in fact the only way to get noncustodial mobile at all may be if they exist, but we’ve seen time and time and time again that the vast majority of people will always only install an app.
These next few years are as existential for bitcoin as the Blocksize Wars.
Back then it was about who got to decide what bitcoin was, now it’s about what bitcoin is.
https://bluematt.bitcoin.ninja/2024/05/11/bitcoins-precarious-position/
The shitty thing is lightning labs could have easily built this as a separate dollar-specific network that is KYC’d, but they didn’t. Still wouldn’t have been great for lightning but wouldn’t have been as bad. In fact it would have been less work for them to do this! #note10lk…nf3t
I’d definitely love to see it built and adopted!
Most of these require some form of software engineering, but at least the Sv2 adoption train is purely a social thing. Maybe also JoinMaket adoption?
I dunno, which is the hard thing. We need (a) decentralized coinjoin in many wallets, but the protocol for that has to exist, (b) PayJoin/silent addresses/etc in many wallets, (c) LSPs for mobile lightning nodes (or many a compelling path to pleb LSPs?), (d) Sv2 adoption from miners and pools, (e) probably more?
All those things feel like uphill battles.
That, plus crackdown on privacy services and lightning operators worrying about regulatory coverage. The big things we had coming to improve Bitcoin‘s cash properties are all kinda stalling out.
Bitcoin hasn’t felt like it’s been in this much of an existential crisis since the block size wars. And this time there’s no mobilization in the community in its defense.
So un-widely-used that the JoinMarket release singing PGP keys haven’t signed each other :)
I mean you can pay nodes for forwarding your onion messages if you want 🤷♂️. The whole point of onion messages is that they don’t cost a node ~anything to handle so there’s no reason why a node should want to charge for it. Also, with BOLT12, nodes will eventually prefer to route HTLCs through nodes that forwarded onion messages for the same payment, so you do get some non-zero expected value.
That’s just an HTLC with extra steps.
The issues raised by lipa in their post (that LDK is a complicated API and a lot to work with, that RGS had some stability issues, and that LDK’s pathfinding was sub-optimal) are things that were true a year ago, but are also things that have been largely addressed by LDK itself since -
The introduction of ldk-node has made it incredibly easy to get from zero to a full lightning node on a phone in minutes, RGS has seen a lot of debugging and improvements, and LDK’s pathfinding is now by far the most advanced in lightning (but, like with all lightning nodes, you need to be well connected or have sent a lot of payments to have data to use for pathfinding). #note1zsm…a33w
Just wait until this normalizes LSPs KYCing users because they’re executing USD<>BTC trades on their behalf. #note1vhw…jq82
Hmm, the event you’re replying to isn’t loading.
Unless there’s one pool with most of the hashpower, in which case they can just steal the money…oops
Bonus points for getting testing on SRI and reporting bugs :)
Just set up SRI and its Sv2 proxy and call it a day?
I guess you read the CoinCenter bit but I was at least slightly confused on the state of things here, but Iiuc guidance is not binding. Anyway leaving this here in case anyone comes along this thread later https://www.coincenter.org/dojs-new-stance-on-crypto-wallets-is-a-threat-to-liberty-and-the-rule-of-law/
Yes, with mining incredibly centralized anything secured by hashpower is a joke and miners can always require unblinding of anything “blinded” before they mine it.
I don’t think I claimed it was “easy” so much as very doable technically and the issues people face are more regulatory concern than technical.
I know y’all have had to invest a lot of technical work to get the LSP up and stable but I think the open source LSP market is about to improve very substantially very quickly.
Simply running software is a bit different from being an LSP that a mobile wallet will integrate by default and trust to be online and reliable for their users.
It’s not that I’m a fan of the nuclear option, but rather that I have no *other* ideas if things like Sv2/p2pool don’t get adoption. We’ve been at this for a decade and it’s been a massive problem for a decade.
Great timing too given Bitcoin is at a low point in terms of resistance to government control with mining nearly entirely centralized.
Routing nodes, no, presumably not many, but those aren’t LSPs and don’t help with noncustodial “edge” nodes.
Noncustodial wallets want a reliable UX which generally relies on the LSP being stable and reputable, which sadly means not Tor and generally requires them to be large for profit companies.
You don’t need much! You can easily hire enough engineering know how to get some basic software up and running, the cost is raising money to fund liquidity for the LSP.
So Americans just can’t use noncustodial/no-KYC bitcoin…. Ugh
Nope, I don’t personally want to take the risk, even if I think it’s not a huge risk.
Your node isn’t an LSP :)
The channels between an LSP and their users are private.
Let’s be clear, if no one steps up and decides to run LSPs because everyone is worried about regulatory concerns, every bitcoin L2 system is toast - every one that has a reasonable security model relies on some kind of centralized or federated party that has similar concerns, even if they can’t seize funds.
Without any L2 systems everyone using bitcoin will simply use custodial platforms because that’s the only way to get reasonable fees and payment latency.
And don’t go yelling at ACINQ for deciding not to operate Phoenix in the US, the software required to run an LSP is open source, with only relatively minimal liquidity allocation logic required to get started. We need new entrants, and that means new companies who think the risk is manageable (I’m confident it is, but I can’t fault anyone for not wanting to take that risk).
If you see someone suggesting ACINQ should just keep running, the correct response is “well why aren’t you running an LSP”.
40% on one pool and 70% across two where miners don’t have any real third option if they want reasonable stable payouts I’d definitely call “completely” :).
Still my broader point stands I think, I don’t buy the “oscillation” argument unless something actually pushes back, which I just don’t see happening? I’m sitting here screaming and everyone’s just shrugging…
Sadly, despite what it should mean, guidance isn’t legally binding as far as I understand, though of course a judge will weigh it heavily.
Sure, I don’t think we’ll get everything we want, but at a minimum we should push for improvements in what the regulations cover.
I mean did you read it? Their arguments are….pretty compelling? We should get the law changed but if they’re saying it’s not mentioned in the text if the law then…
yet bitcoin mining has been basically completely centralized for a decade and bitcoiners don’t lift a finger in defense? The only way the “oscillation” happens is if there’s some pressure for mining to decentralize in response and that has to come from somewhere.
Hell, it’s not even 100% clear *miners* are not an MSB, but even regulators don’t want them to be. The letter of the law is just not even remotely set up to handle this kind of stuff.
If you think an LSP is “obviously not an MSB” you’ve never spoken to a lawyer with any sense at all. It may not be an MSB, and I hope it’s not an MSB, and I think it’s probably not an MSB, but speaking with any certainty about this is absolutely impossible. The law and regulations about this are not even remotely clear and do not consider any kind of system like bitcoin, let alone lightning.
Don’t talk shit about others avoiding substantial personal legal risk.
Sadly running a lightning routing node is not the same as an LSP, and more routing nodes doesn’t solve the LSP problem.
In the mean time, the Phoenix decision was perfectly rational, whether we agree with their legal analysis or not.
It’s that or custodial, so it seems much better 🤷♂️
For the non-custodial lightning case you kinda need a fixed counterparty, so your options are move or vote. For other use cases of bitcoin this does not apply (but also vote anyway, it doesn’t hurt).
It’s weeks like this that you have to wonder whether Bitcoin has a real shot at all.
* We thought mining was centralized but it was worse than we thought, and the ideas we have to improve it don’t seem to be making progress. Will Bitcoin be censorship resistant in a decade or will censorship be the norm with one or two pools deciding what enters the chain.
* With ACINQ pulling out of the US they’re signaling they don’t think it’s worth the risk. With few LSP alternatives in the US today will noncustodial lightning make it in the world’s biggest market?
It’s important to keep building but it’s also important to keep an eye on the biggest problems - best to work on the biggest problems in Bitcoin to maximize the chance it’s still a useful system with properties we’d be proud of in another decade.
lol this is just the Wikipedia fallacy in reverse - “Wikipedia is wrong”, complained the person who doesn’t bother to edit it…”Bitcoin is anti fragile”, exclaimed the person who didn’t lift a finger to pressure miners to change behavior while others did that work.
Bitcoin only survives if you fight for it, miners have no incentive to care, we have to create the incentive, not just me, you too!
How do you propose making them feel the pain?
Now we just gotta get miners to change behavior…
Why are you bullish anon?
https://www.youtube.com/watch?v=bqaBPALIM6c
No, this would be a terrible idea. People are going to put data on the chain anyway, the witness discount encourages them to put the data in a place that is much cheaper for the bitcoin network.
Temp channel failures (usually liquidity issues) are rather fundamental to the protocol, force closers aren’t.
Honestly even with lightning as it exists today there’s no excuse for force closes being often, that’s just an implementation issue.
Honestly embarrassing this is even a thing worth worrying about :(
The miners will automatically switch to a fallback pool or solo mine. They will in no case stop mining the template they want.
Sadly not, it’s too unlikely to be *exactly* the same.
It turns out some pools are, without telling anyone, just acting as proxies for other pools.
This should scare you.
This should scare you very very much.
https://x.com/0xb10c/status/1780611768081121700
MEVil (or centralizing MEV) is one of the biggest threats to bitcoin’s value, but it’s poorly understood. I wrote about what it is (and isn’t) and how developers and bitcoiners must consider it carefully if we want bitcoin to survive.
Notably, we need to be incredibly careful when we’re looking at the new wave of bitcoin L2s - rollups can be incredibly nasty for the destruction of bitcoin - or not. Devs building these things have a responsibility to bitcoin, and the bitcoin community a responsibility to inform and avoid systems that risk bitcoin.
https://bluematt.bitcoin.ninja/2024/04/16/stop-calling-it-mev/
No, there’s enough value in these things it doesn’t matter if it’s discounted at the fee level or not, people would eventually have done it. The question is only if they do it carefully or not.
To be clear, out of band fees is not the same thing as out of band transactions.
Depends, a user’s wallet might not have a way to do RBF easily or they may not have enough funds available on chain.
https://bluematt.bitcoin.ninja/2024/04/16/stop-calling-it-mev/
No, I’m never a fan of such claims. In this case I’m not joking.
https://bluematt.bitcoin.ninja/2024/04/16/stop-calling-it-mev/
https://bluematt.bitcoin.ninja/2024/04/16/stop-calling-it-mev/
https://bluematt.bitcoin.ninja/2024/04/16/stop-calling-it-mev/
Just saw a “flashbots on bitcoin” pitch deck. I’ve never seen such a blatant and dangerous attack on bitcoin.
Make no mistake if this succeeds, and MEVil becomes a big thing on bitcoin, Bitcoin is doomed.
The bill finally came due for the lawyers and he’s bolting.
Craig Wright has discontinued his claims against Bitcoin developers (incl me) in the TTL case (where he was asking for a fork of bitcoin that seized random coins and gave him free money)!
https://www.reddit.com/r/bsv/comments/1c5mdv2/notice_of_discontinuance/
They’ve contributed a lot to the design of it, but sadly they don’t yet allow you to select your own transactions when hashing. Only DEMAND allows that as of yet.
Lollll Signal has a ton of dependencies on rust crates from a guy working for huawei. I hate modern software development 🤦♂️
Sadly not allowing miners to select their own transactions as of yet.
P2Pool did this a long time ago! More recently Bob Mcelrath has been working on reviving a variant of it using DAGs to increase the share chain block rate calling it BraidPool. I believe it’s still fairly early on.
Yes, that’s also why if “MEV comes to Bitcoin for real” we should probably give up on Bitcoin as a censorship resistant system (and, really, thus Bitcoin as a whole).
Take a look at ldk-node for the lightning part. Does what you want with very little effort (just pick an LSP) and we’d be here to support it.
Go talk to miners and pools! Explain why this is critical for bitcoin, and, thus, their business. Harass them on Twitter, make sure they hear it.
So maybe that’s why we need to explain it to them loudly and repeatedly….. which was my whole point :)
DEMAND is currently the only Sv2 pool. Ocean has said they want to add it eventually, but afaik don’t have a timeline.
But, more generally, go talk to miners! Explain why this is critical for bitcoin, and, thus, their business. Harass them on Twitter, make sure they hear it.
Mining is fairly decentralized already, transaction selection (ie the thing that matters for censorship resistance) is not (because it’s controlled by the pools). Moving that task from pools to the miners would make bitcoin a lot more censorship resistant.
It’s not perfect, something like P2Pool/BraidPool may be better, but it’s 95% there and pretty achieveable, getting miners to move to something totally different is a big ask.
When bitcoiners start harassing every large pool and miner at meetups and on Twitter, maybe. Until then we’re just LARPing.
Nah that’s just naive. Sure, economic incentive is some of the best pressure, but social pressure works too, especially when there’s no economic disincentive as with Sv2. Why are public large bitcoin miners not being harassed on Twitter to adopt tech that is good for Bitcoin?
https://stratumprotocol.org/getting-started/ should get you going mining against DEMAND (the only pool that supports Sv2 today). If you have any issues please join the Sv2 discord!
Yes I’m proposing simple outreach. There’s no reason miners want to avoid Sv2, so it’s really just a question of socially convincing them to do a bit of work to switch.
You can attend your local meetup and/or me active on Twitter/nostr and try to find miners/pool operators and talk to them about the issues they’re creating though!
I mean, in sum…. Not really. Industrial mining is just huge and you’d need a *lot* of Bitaxe to make a difference. You can attend your local meetup and try to find miners/pool operators and talk to them about the issues they’re creating though!
https://stratumprotocol.org/
It’s time for miners to wake up and start migrating to Sv2.
Mining centralization is as bad as it’s ever been and the bullishness on bitcoin is totally unjustified given miners don’t seem to care about bitcoin in the slightest.
If it doesn’t get better nearly every PoS chain is literally going to be more decentralized and censorship resistant than bitcoin.
If you care about Bitcoin you are responsible for fixing this. Pressure miners.
No, https://github.com/bitcoin/bips/pull/1551
Which hardware wallet will be the first to integrate human readable names and finally put something useful on the screen?
(Though Cruise’s tech is noticeably worse, they’ve had a *lot* more cases of definitely-their-fault accidents than Waymo, which has had vanishingly few). Sadly they get dumped into the same bucket.
Compared to Waymo? Yea, very terrible.
Nah, almost all the cases people make a big deal of are actually cases where a human would have done the same, or worse. There’s a lot of people who like to scream in SF, very few for legitimate reasons. There’s obviously some teething issues with the tech, but overall it’s almost certainly better than your average Uber driver.
There’s a huge gap in the perception of self-driving cars between San Franciscans and everyone else. And it’s not because of the hype cycles that dominate SF tech - it’s because SF people replaced Uber with Waymo a year ago and haven’t looked back at the comparatively-terrible product of Uber.
Honestly that’s mostly cause the exploit was kinda shitty, though…
Source in git has the malicious binary, though. A malicious committer did it, not just anyone.
Probably Ubuntu as well, given it’s based on Debian Testing, but I haven’t checked. #note1mqv…2l5q
Looks like someone managed to get a backdoor into ssh in Fedora and Debian testing. Patch systems ASAP.
https://www.openwall.com/lists/oss-security/2024/03/29/4
Nostr is the only actually censorship resistant social network that exists today. Bluesky is working towards that but they’re quite a ways from it. That doesn’t mean they don’t have some great ideas that we should learn from, like how to do moderation.
Bluesky has done some deep work on moderation in a censorship-resistant social media network that we should probably analyze carefully and learn from.
https://www.techdirt.com/2024/03/27/why-bluesky-remains-the-most-interesting-experiment-in-social-media-by-far/
Why do y’all keep scheduling things that conflict with Bitdevs? Bitdevs has had the same date for years.
Cloaked is similar, but built by bitcoiners. https://cloakedwireless.com/btc
Honestly no idea if any of this is accurate, but I trust Daniel did some research here. #note1lxf…zjej
Bro I’ve been saying this for years.
While I agree, to be fair, most new installs are far enough off the coast you can’t (materially) see them with the naked eye.
Ah, except BOLT12 as well, sorry about that. Though that solves fewer of the issues users complain about, except for static payment instructions, admittedly.
Huh? The things I mention (except splicing) are broadly available and have been for several years!
In terms of “major improvements”, I’m not really sure what you’re looking for - lighting isn’t going to be rewritten to be a totally different system, liquidity constraints isn’t a solvable problem with lighting, and someone has to pay fees in channel transactions. If you want a fully trusted/custodial system you’re welcome to use one, but I’m not really sure how much different lightning can get. Do you have specific ideas or issues you have in mind here?
In terms of the personal attacks, I’m happy to respond to any specific points or cases you want to discuss but blanket ad hominem isn’t really a thing to respond to (and if you think I’ve told people they’re “wrong” about Lightning’s limitations, I dunno if you’ve been paying attention).
I strongly disagree. Lightning hasn’t seen a fundamental overhaul, sure, but tons is iterative improvements have been made to address the largest user-facing issues.
Whether it’s better interop and bug fixing to (substantially) reduce spurious force closures, slicing to ensure liquidity fragmentation isn’t an issue, BOLT12 to provide stateless payment instructions and recipient privacy, anchors to address some pinning vulnerabilities and fee spikes preventing payments, etc, there’s been a ton of changes!
In net, spurious force-closures have probably dropped by 5-10x, surprise payment failures by 50% and a ton of other features.
Bcash was its original name, before Bitcoin cash!
Worse, they both have (increasingly severe) dementia.
I mean idiot is one thing, but I’m legitimately confused as to whether he can read.
I’m not convinced this man can read. https://image.nostr.build/3033a780a6f3da066496108d8630f83b170c2adae1912301e27b2e0f860545d1.jpg
As a defendant in the case, my lawyers informed me I’m not allowed to comment on the case.
If I see someone talk about who might be satoshi, I lose all respect for them instantly. Ignore whether we should or shouldn’t, accusing someone of being satoshi puts them at very real physical risk.
There’s plenty of people who want to kidnap satoshi seeking some bitcoin. Don’t set someone up, you might actually get them killed.
I dunno, FCs on anchor channels with nodes that aren’t stupidly buggy are really rare, doubly so if you’re counting FCs-per-payment.
I mean in cases where you have to FC, sure, but that should be rare (even if it isn’t so much today).
Cool! Are you partnering with anyone for this (is it WIP or just a plan?)? What can we do to help?
👀👀👀
What are your plans around this? Would love to chat lightning non custodial mobile!
Default yes but servers MUST support both, for fallback :). When talking to an authoritative server, UDP is important, but when talking to a recursive resolver, who cares?
I mean it could work over that too but then you have to handle truncation and tcp fallback and that’s annoying
Google Voice/Google Fi, sadly, is actually kinda decent at spam blocking.
For wallets wanting to get a head start on implementing human-readable bitcoin names, here’s a library that handles all the DNS parts!
* resolves against a local (/remote) TCP/53 resolver
* resolves against a DoH/DoT resolver
* creates/validates proofs
https://docs.rs/dnssec-prover/
It can even be run in WASM on a web page (and resolve via DoH directly)!
https://http-dns-prover.as397444.net
Interesting, that just seems like a gitweb bug? If you click tree on the master branch it works, wonder if my default branch is misconfigured.
Because there’s like 50 totally trusted and totally sketchy CAs that you have to rely on? Also DNS is quite simple, HTTPS+CAs+TLS on top is a *lot* more complexity that you can just…. Not have.
I mean, to put anything on the internet you generally do…or someone has to on your behalf.
There are proposals to add proprietary APIs for, eg exchanges to expose the ability to pay their users but not users of other wallets, at least in specific contexts.
I mean realistically people just won’t support non-ASCII hosts.
Yep! Just gotta define a bitcoin: URI query parameter. Best thing is you can even do both - one URI/name that resolves to lightning + on chain + BIP47….. sender will just pick what they support and pay it!
It applies equally to on-chain as it does lightning/fedimint/cashu/whatever!
It could, but luckily we don’t actually need any transport encryption to send money to people over bitcoin :)
That prover does support TLSS though, if it want to use DANE for something.
You could totally use the same spec for ecash/nuts/whatever. That’s not lightning, of course, but the point of the design here is it’s totally extensible any way that you can build a bitcoin: URI.
No, it’s generic (for on chain), but for lightning you need a static invoice, so BOLT11 won’t cut it and you need BOLT12.
The DNSSEC proof validation can also be played with at http://http-dns-prover.as397444.net/
This (finally) adds some amount of censorship resistance to LN Address, not to mention better security and (thanks to BOLT12) even allows users of custodial services to use their own domain for their address!
The full protocol (lightning-specific) protocol is implemented at https://git.bitcoin.ninja/index.cgi?p=lightning-resolver;a=summary #note1gt9…pv06
It’s time bitcoin had a way to specify human-readable names for payment instructions.
LN Address has demonstrated the utility of such names, but it’s time to take it beyond just lightning and remove the dependence on HTTPS/CAs.
https://github.com/bitcoin/bips/pull/1551
Piles and piles of practical constraints that need to be worked through to see if any realistic systems using it are practical, but really cool tech.
TLS you cannot provide a proof for (it’s asymmetric in the cert but used to derive symmetric keys, so you can forge a transcript). DNS is not, so like you say you can avoid all the complexity, and a totally untrusted device can provide a proof to a totally offline device (eg a hardware wallet).
I meannnnnn it’s actually probably mostly fine. There’s some analysis basically concluding the known attacks against SHA-1 don’t really apply to DNSSEC, but, yea, not great.
lol namecheap is “securing” it using SHA-1. I guess I could implement it, but…. Come on.
Some security restrictions or something 🤷♂️
Sure, but you get to pick the state you trust. More generally, explicit public key trust is definitely better, but if you want a human readable name that doesn’t help.
Uh, yea, old client version that didn’t parse the text, reload and try again :)
Doesn’t work how? Does it block WASM (or are you querying a non-DNSSEC-signed record)?
Querying DNS in a fully self-validating manner is pretty trivial, so much so you can shove it in a small webpage :)
Shove Bitcoin payment instructions in TXT records and now you can get easy internet-less self-validated proofs of payment instructions! A hardware wallet can even check it and display a nice human-readable name for payments, talk about awesome UX.
https://http-dns-prover.as397444.net
Test looking up matt.user._bitcoin-payment.mattcorallo.com. TXT :)
Those tracking links, tho.
On-chain: Noncustodial
Lightning: Noncustodial (*)
Statechains: Regulatorily Noncustodial
Fedimint: Federated Custody
Exchanges: Custody
Easy enough?
Maybe? But arithmetic opcodes and introspection would be simpler.
It’d be a big miss to add transaction introspection (covanents) and not enable lightning to remove anchors entirely. Allowing the transaction broadcaster to simply reduce their balance to pay fees at broadcast-time would solve one of the biggest pain points for LN.
Sadly I’m not sure that any covanent opcodes currently proposed would enable that - you need the ability to sign all outputs except the value of one, but still ensure the value is over some threshold.
They have a pretty reasonable beer selection.
My age bracket is definitely in that category too :)
Everyone *above a certain age* thinks crypto is max cringe. That age isn’t super high, but give it a decade :)
Forgot about that one. Fuck them.
This is your yearly reminder to never, ever use GoDaddy. In an a race to the bottom industry with tons of sketchy players, they differentiate as “we ran some commercials with hot women in the early 2000s when that was still kinda acceptable and people still remember our name”.
They have high prices, and gouge in any possible way they can, with incredibly sketchy practices and support agents who lie to your face.
How is GitHub’s PDF viewer so bad when they could have just embedded pdf.js and moved on?
To be fair, the best way to make yourself unplayable is to let anyone open a channel to you and be a big node. You end up with a few thousand channels, all of which are saturated, and only senders with a ton of volume who can try each channel open open a direct channel can pay you.
What should I be doing with bitcoin.ninja?
“Stop checking your email while jogging” -Gmail, presumably.
Never know when you might be able to sell an ad to “unfit people who don’t move all day”. Okay, actually they probably do know, it’s probably in fact a big target demographic. Ozempic ads inbound…
Dunno, I’m absolutely sure there are some developers who were very rude to Jeremy, there’s a million developers who work on bitcoin in one way or another (though in context at Scaling Bitcoin it may not have been a relevant topic?). The discussion seems to heavily imply that all, most, or core developers are all rude or somehow stonewalling, which I find to be absurd.
“Listen to this Pod and you'll learn a hundred times more about Bitcoin than by listening to the 500th podcast episode about [nonsense]” sounds like a ringing endorsement to me :)
I definitely empathize with Jeremy, he definitely did get a lot of conflicting signals and that’s hard. I also value his contribution in normalizing covanents and the idea of adding them to Bitcoin. But he assumes certain malintent on the part of others that just contributes to a culture of “fuck the devs” which just isn’t healthy.
And suggesting “this is how bitcoin works” is kinda strange given that :/
Right, my point is that the claims made here around “the politics” are actually a strong misreading of others’ behaviors.
Where do such shops exist?!
There’s relatively little tech in this episode? It’s mostly a retelling of Jeremy’s experience with CTV from his PoV (which I think is borderline conspiratorial in its interpretations of the actions of others).
Authorization to exchange a message.
In a two party mutual-authentication protocol, should I have
O(N^2) CPU + O(N^2) communication and if one side doesn’t trust the other neither learns anything or,
O(N^2) CPU + O(1) communication and if one side doesn’t trust the other they may still learn that the other side trusts them?
That was cool. Can we focus on noncustodial tech and freedom money again now?
Yea, dunno, gensler may use staking as an excuse to reject an ETF so maybe they won’t. If the custodian gets to decide I’m sure they’ll stake. Free profit (and own the network lol).
Curious to see if the ETFs will be allowed to stake, I assume they will.
https://letmegooglethat.com/?q=eth+futures+etf
Not to burst anyone’s bubble, but the court ruling that forced the SEC to accept bitcoin ETFs is going to apply equally to ETH. Expect an ETH ETF soon.
What is the modern policy from exchanges instead?
Depends on where fees go in the next few months…
When the post was made, on-chain fees were zero and lightning was starting to take off. Today, people have an understanding of lightning and the liquid trust model much better. The popular discourse on its use makes more sense than it used to, though the federation set is…not commonly discussed so it’d be nice if that were more front-and-center in the discussion.
Not entirely, AFAIU. Canada tried to force Google/facebook/etc to pay media companies every time someone viewed news content via social media or search sites. In response, various social media sites simply stopped displaying any news to avoid having to pay. It was ultimately settled with a substantially watered down bill very recently, but I’m not sure if everything has been updated.
An old android phone (preferably one still getting security updates, but either way keep it offline), maybe the cheapest laptop you can buy in person at Walmart.
Ross operated a custodial-funds business and (allegedly) ordered a hit on the life of someone. These are not similar situations.
As a reminder, writing software is a protected act of free speech in the 9th circuit. While not a bulletproof defense, this is an attack on free speech. #note1e26…xwwa
You should read the linked post on why standard transactions exist, it’s not around normal transactions at all, really. Also, any script (in segwit) is standard! You can use any opcode freely.
No I’m saying your comment implied bitcoin core (developers) made some decision about prioritizing transactions which transfer value. No such decision was made.
There’s ongoing work to do that! Look into the libbitcoinkernel project.
Yea, basically this. It makes it incredibly difficult, and possibly impossible in practice. Let alone with the available resources for this kind of thing (which is not much).
Another great resource that talks about why bitcoin core has various policy (hint: it’s not because of some concept of what people “should” use bitcoin for) is https://bitcoinops.org/en/blog/waiting-for-confirmation/
This is not true. Bitcoin Core does not try to “maximize the user experience of…transfers”. It has filtered transactions for various reasons, and maybe that previously, but that hasn’t been true in a long time.
Indeed, the system only works if miners are including transactions on the basis of fee alone; anything else is a slippery slope towards broad censorship. The fact that the protocol doesn’t enforce this is one of the biggest failings of bitcoin.
Ethereum is even working on fixing this, while we’re talking about whether it’s okay to live with it 😭.
There’s a great deep dive on all things policy at https://brink.dev/podcast/1-mempool-policy/ #note108k…8h8k
Kinda, but for very different reasons. https://brink.dev/podcast/1-mempool-policy/
Nah, they’re just doing a staged rollout of their new pool. It’ll be a “real pool” soon.
https://damus.io/note1tdvxt9jgu2q0554sq3hew3srh602xf4xxmr4h7xghyq5k2j5zygsmews5v
I mean miners will need to use a proxy anyway to incorporate their own work whether their miner supports Sv2 or not.
Okay, admittedly they aren’t doing pooled rewards yet, so not really a “pool”, but far ahead of everyone else.
All the talk about Ocean Pool, meanwhile https://dmnd.work/ actually out here offering StratumV2 live and not getting talked about.
Get off the strip, go on a nice hike outside the city, much less sad there :)
But probably do that during the day. Scorpion bites kinda suck, I hear.
Go on a hike. There’s great nature in Vegas but people never take advantage…
With work selection, that is. Braiins (formerly slush) pool has done Sv2 for a long time but never supported custom work afaik.
I believe there is only one pool currently doing Sv2 - https://dmnd.work/ which was also only announced this week.
More generally, I don’t think “custodian of user money” isn’t really the way pools will be regulated, if they are - they’d be regulated under very different laws.
1) not sure how, I mean they can just change the website and remove miners they don’t want to pay and pretend they were never there. Or add some fictitious miners with huge hashrate to siphon money off to themselves.
2) yea, dunno, obviously they’re custodial for smaller miners. I’m dubious “custodial” is the right way to think about a pool. More like “liability” - the pool has some liabilities to their users which build up over time, and the user can withdraw at some points. They aren’t depositing and don’t really hold custody, they just build up liabilities.
The pool in this setup is perfectly capable of simply pocketing the money for as long as there are still miners mining on it. Sadly there’s no technical enforcement of the pool behaving correctly, and building that is not really practical (without just rebuilding p2pool from scratch and starting over).
It’s different, yes (though generally it’s not done that way for legitimate technical reasons), but I’m incredibly dubious that it’s different in any legal sense. The pool is ultimately still tracking clients and deciding when and how much to pay them.
Also, most pools provide detailed analytics of miner hashrate, and often even hardware monitoring.
I’m really happy more people are building pools, but I really struggle with the marketing here - it seems like there’s really nothing special (they’re far from the only pool that has said they want to support StratumV2), but the marketing is all about how they’re the only pool that’s providing some kind of fantastical properties.
I missed the last part, thanks!
I’d still suggest the pool is not at all “non-custodial” - they both mention needing to be a custodian for small miners, but also, from a miner’s perspective, there’s just as much trust in them as any other pool. The pool can always decline to pay out and there’s no recourse available in-protocol.
I haven’t seen anything publicly which states that, though I’m told they’ve privately indicated they want to build that.
That is not true as of today. They’ve stated privately they want to move to StratumV2 where that would be the case, but I don’t see anything on the website publicly committing that that.
Ocean absolutely does construct the template.
Right, and it’s strictly less trusting of the pool if the pool pays you out via lightning every second rather than once a day via block.
Also worth noting that because of hardware limitations they can only include a handful of outputs in a coinbase transaction, so most miners either get nothing or see custody.
I mean sure, only in the sense that every pool is a “more centralized P2Pool”.
No one is failing then for trying new things, only for highly misleading marketing.
Also, it’s important to note that many miners can only handle coinbase transactions of a certain size, so there’s a very low limit on the amount they can pay out in coinbase transactions, much higher than dust.
The rewards are not noncustodial, the pool still tracks them and decides when and how much to pay. The only difference is the pool pays out faster/more often than many other pools. However, pools doing lightning payouts are even faster!
Ocean does not use Stratumv2 (yet).
I don’t see how it’s more decentralized than any other pool. The only difference from any other pool is payouts are marginally faster, but some pools offer fast payouts already, even over lightning which is even faster.
Indeed. Somehow they got tons of people to repeat that it’s somehow “decentralized” despite not being in any way decentralized. Quite impressive.
I don’t see anything about this pool that is decentralized in any way. More pools is good, though.
Doing it as a fedimint module adds no value.
Someone needs to rebuild p2pool but with faster blocks and tradable shares…that’s the real solution but it’s a ton of work.
When there’s not a single centralized party that controls everything about block building and payouts.
Maybe there’s some plans to make it decentralized, but I don’t see them listed anywhere on the page?
I really wish it were “decentralized”, but it’s really not at all? It’s just faster payouts, sadly.
Plus a seven hour wait for the US ER lol
But, if you want to throw shade and assume bad intent, feel free. That’s a great way to make sure nothing ever happens and you can keep complaining on social media for clout.
Ha, meant small minority.
> Furthermore there are deep problems in the technical community too, where a small minority is pretty loud in refusing any covenant solution whatsoever, even if 10000 use-cases are presented to them.
I do not believe that you’ve had an honest conversation with that “smart minority” if you think that’s an accurate description of the situation. Maybe actually have an honest and open conversation at a conference sometime before you start throwing shade.
UASF doesn’t make forks happen. Talk to people, engage in conversation about whether this is the right direction. Convince them it is.
PRs don’t make forks happen. Talk to people, engage in conversation about whether this is the right direction. Convince them it is.
It was the obvious next-step for LNURL.
If you do it via max-in-flight it improves network-wide privacy as a side effect! Better yet, LDK nodes will (slightly) prefer to route though you because you’re offering better privacy. #note1qgy…x4j0
Sure, but, like, it’s similar to what we already knew.
Why? There’s no fundamental reason for that, just “the current tech sucks on mobile”.
If you have an lnd peer you can also see it. Sadly the feerate issues are only half lnd’s fault, half bitcoin core, so other nodes can also exhibit it.
I largely only see stuck payments when probing. Force closes sadly are still a thing mostly when (a) routing a lot with HTLCs that get stuck cause of lnd 16.0-16.2 nodes or the new lnd hang with hodl invoices or (b) nodes that give nonsense feerates and leave you either insecure by accepting it (lnd does this) or force-close (others do this).
Lol wtf my Waymo made a wrong turn and made me late?
It wanted to turn left but no one would let it into the left lane so it went around the block 🤦♂️
https://support.apple.com/en-us/HT213927
Multi-Party ECDSA protocols (ie multisig but it just looks like a single signature on chain) have a long history of being broken. Much, much prefer direct on-chain multisig or FROST.
Hmm, does it require installing bitcoin core/JM remotely? That’s a huge lift that most people won’t do.
How much bounty would it take to get a mobile wallet based on JoinMarket (buy-side only)?
https://damus.io/note17sng39wcp29fafljnp5g3rz9avw3dmtme4qr3lumqry4mqnxv2vqvkv4n6
Nope! The magic of XOR (or pre-committed EC points) is that neither gets a “part” but rather the full thing is random if either input is fully random.
Nope! There’s no tradeoff, what I’m proposing allows you trust that *both* need to be compromised, instead of just the hardware wallet.
Nope, just compromised firmware/hardware.
Okay? Add an extension to the PSBT with requested nonce. This is really trivial stuff.
Signature can leak the private key to an attacker via the nonce :)
The “air gap barrier” isn’t broken lol. The computer is sending instructions (in the form of amount/address) and the hardware wallet is responding. I’m just saying add a nonce to those instructions.
Hmm? No, the average user uses a hardware wallet and corresponding software control wallet which implements such a protocol completely transparently to them.
Point is the signature nonce, not the private key itself
So why haven’t you implemented provable randomness in the nonce yet? https://damus.io/note1xl5tvtlr9tc9yhyfcy28a4f9uglth9r320y80gp5sadlwsqrkxlszh5gkl
https://damus.io/note1xl5tvtlr9tc9yhyfcy28a4f9uglth9r320y80gp5sadlwsqrkxlszh5gkl
https://damus.io/note1xl5tvtlr9tc9yhyfcy28a4f9uglth9r320y80gp5sadlwsqrkxlszh5gkl
Problem is you have a device that you cannot realistically audit the supply chain of, and which is at incredibly high risk of supply chain attacks. Deterministic nonces are great but they’re not auditable - there’s high risk of the machine telling you its doing a deterministic nonce when it is instead leaking your private key with an attacker-derivable nonce!
The point of deterministic nonces is “include a hash of the private key and message in the nonce so that you know you didn’t screw up”, that’s great, but you can also build on top. The computer driving the hardware wallet can input randomness which the hardware wallet can prove was incorporated into the selected nonce. This allows the device to prove to the computer its not leaking your private key, requiring an attacker to compromise *both* your computer and the device, not just the device!
Hardware wallets that don’t use such a protocol should absolutely be considered, at best, incompetent, maybe malicious.
In general don’t use a device dedicated to storing bitcoin to store bitcoin. Any hardware wallet that isn’t (a) exclusively multisig or (b) is designed to not be able to leak your keys via nonce (I believe only bitboxv2 and Jade) should be considered incompetent at best.
If you file a complaint with the FCC, most US ISPs will suddenly be aggressively trying to fix your problem (rather than aggressively trying to ignore it). Easy cheat code to skip first level support.
Almost certainly centralized, for-profit censorship lists.
It’s nice they’re finally talking about building some modicum of privacy in ethereum (via some tornado-style system), but doing it with chainanalysis baked in from the start is completely bonkers.
It’s nice they’re finally talking about building some modicum of privacy in ethereum (via some tornado-style system), but doing it with chainanalysis baked in from the start is completely bonkers.
Twitter busy celebrating a chainanalysis + Vitalik paper which is designed to make it easier for everyone to participate in applying chainanalysis rules globally.
🤮🤮🤮
https://twitter.com/fschaer/status/1699422205564883097
Notably, such a design would still allow market forces to increase block rate/size during fee/block space demand increases, but even without miners turning off, which is cool.
Yea I mean I don’t think they’ll be *that* spikey, but having the ability to eat a single huge-fee transaction without miners trying to reorg each other would be nice. I think there’s some designs with a “pot” of fee money that miners can contribute to or take from in exchange for bigger/smaller/easier/harder blocks that can eat such a spike and smooth it out a bit. Would also reduce weekly cycle impact on miner revenue.
Yea I don’t think that would solve it :(
To be fair, we do absolutely need to do fee smoothing to reduce spikes.
Presumably because Bitcoin’s privacy sucks and if they were selling lots of bitcoin and depositing it their banks would have questions?
Weird…most clients see that so incredibly rarely…..
Do you have logs for any of them? Also are you doing anchors?
Yea, regtest etc are better, but there’s just a bigger set of things that support testnet
As always, let me know if you need testnet coins. I have a million, but of course only give them out for legitimate testing needs.
If you want to make BIP300/drivechains/decentralized sidechains happen in a way that isn’t embarrassingly insecure, work on StratumV2, work on Braidpool, bring P2Pool back.
Without substantial increases in mining decentralization these things make zero sense.
If you want to make BIP309/drivechains/decentralized sidechains happen in a way that isn’t embarrassingly insecure, work on StratumV2, work on Braidpool, bring P2Pool back.
Without substantial increases in mining decentralization these things make zero sense.
At least in the us it immediately invokes 1A concerns. Will be interesting to see if we can apply the old cryptography wars results to the financial space. EU law I know less about but that kind of broad defense doesn’t apply.
Also, to be clear, this tornado case, as outlined thus far, seems to be the most important case in bitcoin or any cryptocurrency history. #note1v2v…88j0
No algorithm isn’t a fix for a biased algorithm. When nostr clients start shipping algorithms we’re gonna have a similar problem. We need a copy of the bluesky algorithmic choice focus here.
Gonna be in Austin week of sept 11. Who should I meet up with?
I don’t work on c= so dunno where they are but the two changes they were gonna make weren’t complicated, I assume that work is already done.
There was a storage backend failure which ultimately caused data loss. No funds loss but most channels did force-close. AFAIU at least two changes were being made to handle such cases better, plus one long-term large change to LDK to make such situations impossible.
Let’s just ship Lightning integration in every major non custodial wallet and not have to debate this :)
Where is that claim? The above tweet from Elon also said “I’m told that this account was suspended for posting child exploitation pictures associated with the criminal conviction of an Australian man in the Philippines.” That doesn’t mention blurring or any other filtering. Absent some other evidence I’m not sure why the Twitter CSAM team would ban an account for sufficiently-blurred media.
Meanwhile on Twitter, the one thing I think everyone agrees should get you banned…. No longer does. Feel free to post CSAM, everyone 🤦♂️. https://twitter.com/elonmusk/status/1684248597603155976
The eu “seems more free than America”? In what sense, you just mean bitcoin use? No I strongly disagree, it’s been largely impossible to do basic things with bitcoin in many countries, and now the new AML rules coming down the pipe seem much worse than what the us has contemplated, and more importantly are often predicated on misunderstanding the technology rather than understanding it and regulating just the parts that aren’t liked.
I’ve had many public and not-so-public spats with coin center over the years, but without then we’d be in a much worse place. Coincenter hasn’t had a lot of public success, but they’ve been in the room talking to folks in DC and getting them to see some value in bitcoin for many many years. We don’t have to imagine what it would look like had they not paid that groundwork - just look at Europe. I doubt there’s a single MP who knows the difference between bitcoin and solana, all while writing tons of regulation for them both, but we have many staffers and even several senators who actually do!
You can get free ads on WBD? Can I get ads for, like, me? I dunno why I just figure I should advertise.
I had the tx rate turned wayyyyy down for maximum receivability. It also did fancy things like broadcast the current headers more often but spew old headers slowly to get you in sync. I don’t remember sync time but I think it was longer.
At very high density and with repeaters, but iiuc mesh is more about individual message routing, not broadcasting something that’s a constant stream. Sadly bandwidth just isn’t all that available for something like the header chain.
At one point I was broadcasting the bitcoin header chain over Lora…you could get it anywhere in Manhattan, basically…. Sadly that range is just short enough to not be super useful.
I think you mean GPS - most NTP servers people use are privately-operated but get their time from GPS.
They’ve basically cornered the market on sending SMS.
To be clear this also impacts *student loans* and all kinds of shit, it’s not Bitcoin specific, but still nuts!
At least on the Aws competitor they’re explicit that it does, yes.
I don’t think we disagree there’s lots of garbage, even by %, I don’t even think a “crypto” person would disagree with you. But my point above stands - the actual scammers will just lie, slip through the cracks, and get by. The business even attempting to be legitimate are the ones who get punished.
The service ~every company uses to send text messages to their customers. Their competition have all instituted similar policies.
Sorry you can’t buy bitcoin 🤦♂️
So phone carriers should block an entire industry because it has some bad actors in it? I guarantee you the bad actors will just register as another industry and get by, but friends of mine running a Bitcoin company have already had their account shut off.
So bitcoin companies can’t do anti-fraud or security checks because of a dumb carrier policy is good for bitcoin? Come on, grow up.
Cryptocurrency businesses are no longer allowed to send text messages in the US and Canada. And y’all were saying operation chockepoint 2.0 isn’t real https://support.twilio.com/hc/en-us/articles/360045004974-Forbidden-Message-Categories-for-SMS-and-MMS-in-the-US-and-Canada
I mean sure, but they started with a perfectly good Unix timestamp and then blew it up by localizing it instead of doing the obvious thing…why
Why the fuck do they use Unix time and then convert it to a time zone rather than just appending the time zone? Someone was way too high when they came up with that nonsense.
Not just over clock, let me undervolt.
Which BIP? And, also, BIPs are how people use them, not what the text says :)
Ask not whether they’re capable, ask if they have the time (hint: if they’re running a small business, the answer is always no)
Slowly becoming a BIP21 maxi - if we deploy new address formats and extensions as URI params it’d be the only address format you can still read years and years later.
Does it count as zero-copy if you’re pushing references onto a heap-allocated struct? Use inline or bust :)
Sending from which software and what kind of nodes? Would be curious to debug this somewhat.
But also definitely upgrade to 0.16.3, cause otherwise mempool scanning can cause your channels to FC :(
I admit I’m dubious, but I’m happy to see people try! Are you building a new lightning mobile app to execute on this? :)
Every major lightning implementation agreed to hide msats in the UI long ago :)
Prepaid debits are user-unfriendly af, they’re not commonly used, doubly so for regular usage, they’re just gifts.
My point was I don’t think it’s possible to educate users about channels - if that’s the car everyone is gonna be in custodial.
So 99.9% of users will use custodial lightning? 😀
More generally, I feel like that tends to come from a goal of rarely opening channels/splicing, rather than seeking to reduce fees compared to on-chain. If the outcome for noncustodial lightning is just that you save 75% on fees, is that accomplishing a goal?
Isn’t that a good definition of a bubble?
There are many other approaches to improve payment success rate, let’s not jump on the least private option as step one.
Average channel sizes have also gone up a bunch
I love politics https://www.washingtonpost.com/politics/2023/05/30/biden-mccarthy-debt-ceiling-deal/
Minor point, no ad hominem here, I don’t know nor bother to look up the author and didn’t make any claims relating to the author at all :).
But, indeed, I didn’t back it to because I don’t understand it at all - my point is that the writing here doesn’t make a cohesive argument, I can’t understand what this “algorithm” is nor what it does, and the author doesn’t actually seem to have any conclusion in that respect either (and algorithm isn’t really the right word here anyway). More importantly even if there’s an “algorithm” (aka pattern), there’s plenty of reasons why ID numbers would follow a pattern which are process based rather than nefarious. They talk about skipped numbers in the statewide database but don’t argue what that implies (and it could mean any number of things - partitioning by area, updates causing fresh ids to be issued, etc).
If theres something here, the author is pretty bad at communicating it, and absent an argument I can understand I’m not really motivated to go try to replicate their results…I don’t have time.
Please don’t zap this post lol, zap the legal defense fund.
If you think bitcoin needs more devs, needs more companies providing users access to buy and sell bitcoin, or needs honest educational resources, Craig Wright remains one of the most important issues to deal with. Until he doesn’t have the resources to harass all of the above, we’re hamstrung.
https://bitcoindefense.org/
Never heard of the journal so can’t comment on it specifically, but there are many journals that will publish literally anything (several good studies publishing AI-generated gibberish and getting past peer review even before LLMs were good).
Hmm curious what their parameters are. Good chance no implementation is conservative enough.
Which implementation? Everyone implemented stuff to prevent that years ago, but maybe the settings not aggressive enough?
That’s apparently by the person who wrote the paper…. It’s…. Nonsense?
https://www.americanthinker.com/articles/2023/05/information_warfare_in_new_york.html
lol did you actually read the piece the report author wrote? It’s numerological gibberish. If there’s anything there the author certainly doesn’t know about it.
No, there’s no public way to know who opened the channel, modulo chainanalysis kinda digging. At the protocol level peer 1 is just the “lower” public key.
Honestly they need to open it up, but I get why it’s locked down. Don’t want rando key leakage to let someone flood you with notifications.
IIUC on both iOS and Android only the app vendor can send push notifications for an app. Having an LSP signal to the wallet vendor via onion messages is part of the async payments design (it’s basically free to support this), but you can’t avoid the vendor server even if they’re not an LSP.
You still probably want a notification to clear the payment tho. Like, the payment will hang around and be available for a day or a week but eventually the sender will give up
You need it for LN receives anyway.
What if the invoice is expired when you next open your wallet two days later?
The harder part is the push notification. Given you need a server monitoring for you the ephemeral part is the easy part.
Lightning node developers need to do better. And we will.
A large bitdevs meetup and lots of meetings, and some conference or something 🤷♂️
Ah okay no worries, just checking it’s a known issue! Thanks.
Oh maybe it’s just on the profile page zap not the post zap? I see it try to open lnurl whereas post zap resolves to BOLT11.
#[0] what happened to damus resolving lnurls to BOLT11? Looks like it’s trying to open the lnurl now?
Deep linking works with the web too :)
Indeed, there’s definitely a need, but doing it via a remote RPC isnt really a good approach if you want to support noncustodial wallets and we don’t need something so general for a payments platform. We’re not designing a “world computer”, we can build something for payments :).
More generally, use intents! We’re talking about an app talking to another app, there’s a whole suite of APIs built exactly for this purpose.
But “just propose another spec” adds up a ton over time, each time we do that we’re asking every lightning wallet to implement yet more code, and the compatibility matrix of lightning wallets becomes yet more complicated.
This is already a huge pain point for users today - Lightning payment instruction formats are complicated and not reliably implemented across the ecosystem. Please please let’s not make it worse.
Nostr is yet another protocol for ln nodes to implement :). Nostr is also yet another protocol for every application that wants to send money without interaction (poker app, etc) to implement. HTTP REST over a proxy is at least trivial to implement.
So…. Just use HTTP? Like nostr is a lot of additional code just to get HTTP/pub/sub with a vendor-operated server.
But it’s not because you don’t talk directly to the recipient and don’t know if it received your message without an ACK, and only if you also handwave away the “needs to be on the same relay” issue, which isn’t really a trivial problem without a lot of coordination around relay selection, or, more likely, a dedicated proxy run by the wallet vendor….. which you might as well just use directly with HTTP :)
As in deleted/dropped before the sending node sees them, presumably due to a temporary connection failure cause they’re trying to use tor for privacy.
Luckily this kinda thing is pretty trivial with android intents (literally the bitcoinj payment channels from 7-8 years ago worked this way!) and iOS deep linking can do something similar. Order of magnitude less complexity than nostr if you don’t already have a nostr client.
And what if the relay deletes the event after a second due to spam analysis, or it doesn’t forward to the relay the node is on. It’s not a reliable protocol, not designed as one.
For zaps it’s okay, but I’ve seen plenty of speculation about using it for General payment handling, which is definitely not a good direction. If we need something for this (we do) we should build something that’s robust and general, not “only works if you don’t care about reliability”.
If you’re using a private relay you might as well just use lnurl/http/onion messages/etc.
BOLT11 works totally fine in its place, no need for anything that doesn’t exist :)
It’s built in using nostr as a reliable delivery protocol, which it isn’t. That leads to random failures as relays handle spam.
NIP 47 is a house of cards :)
Flying to Miami today! Let me know if we should catch up!
I love nostr, but nostr is not a reliable message delivery protocol, and we need to not treat it as one or we’ll build systems that work for a while then fail spectacularly at any real scale.
(don’t use nostr for payment instructions…)
Yea no idea, I just know this outcome was obvious, so either they were okay with it or just didn’t know how to fix it and hoped.
Right, the obvious outcome was obvious here.
The “rely on defederation as a solution to everything” implied here is the real issue, not the spam.
If it kills lightning then lightning never made sense.
Turns out “issue shitcoins” are also economic uses, just not the ones that theory meant. 😂
(Still, that theory always applied for high value transactions, which are still confirming fine, just not at a low fee…everything else is either Lightning or has moved to litecoin or whatever)
Who said anything about replacing the JDK?
LDK is written in rust and has supported a Java API for years.
Speaking of which, need to borrow someone’s PayPal account to pay a company for RMA shipping… 🤦♂️
And when your bank gets mad at you for trying to pay a merchant in a foreign country or your PayPal account gets shut down again, contact the merchant and ask to pay in bitcoin! That’s why its there!
“Don’t ever spend your bitcoin, just HODL” culture is really annoying. We’re trying to build a money, y’all, not a shiny rock you buy and stare at on a shelf!
Sure, most of us don’t have a ton of reason to spend bitcoin, but don’t shit on people who spend it! I guess I don’t have to tell nostriches this much cause y’all love the zaps.
Compromised/hacked/pwned/0wned/etc :)
Indeed, definitely a base requirement these days, but what about bitcoin or something where you don’t want that container to get pop’d? Modern software is trash.
It’s incredibly frightening how much all modern software expects you to download an entire toolchain to run it.
If it want anything resembling a secure toolchain you end up stuck with ancient software or C projects only.
Java? Here’s a grade *binary* included in the git “source” repo. Rust? Please go download rust via rustup, if you don’t have the version from this week gfy. Go? Basically the same, with tons of dependencies fetched from random git repos. JavaScript? lol, you’re screwed.
So we’ve failed. Good to know, will keep this in mind when other devs try to trade off privacy for other things…
Ugh, I was a fan of their design, but that’s…. Probably not gonna end well.
I’d probably enjoy automating it :)
Does it count if I mostly do it to eat my own LDK dogfood and find bugs (cause I do!)?
“I wanted to open a PR but lnd is currently restarting so I can’t” oh man what a mess.
Yea, fair enough. I suppose I could self host too but (a) would also have to manage macOS and Windows, which is pretty tough, and (b) the LDK build pipelines are huge, so I’d have to have a dedicated machine or two, plus (c) security running code third parties PR’d is really not something I want to think about.
Sadly GitHub just gives us a ton for free that even good OSS can’t replicate, needs lots of manual work to self host.
lol I’d always forget to pay it on push, no thank you that’d be awful.
Travis and the GitHub integration hooks for it were basically the same? There’s some release process stuff people use actions for which I don’t bother with, but the core CI stuff doesn’t require a whole lot, just someone willing to donate millions of dollars a year in CPU cost to make it free for OSS devs.
Which specific projects do you want to see move? The issue is usually somewhere between “people don’t have an account at the alternative” plus “self hosting means finding someone to host”.
The first can be solved with software, the second can’t (modulo some decentralized thing but that makes the first problem 100x worse - “install software X to report an issue or open a pr, and if you have issues with X good luck”).
It’s really more of a motivation question - can you convince the devs of a project it’s worth the pain to move.
It’s also long since time that bitcoin core starts leading on these kinds of things, rather than being somewhat haphazard.
lol, yes that worked the first time…
But seriously it’s an anti-feature and needs to be removed. Doubly so it it’s current form where it’s really broken.
I’d much rather we fight those regs than give in. Travel rule is a thing but the compliance needs to focus on the exchange -> exchange transactions, where the rule applies, rather than forcing the exchange -> user transactions to add more complexity.
Yea, anything that cares about bitcoin uses something else, but eg Gandi, Vultr, etc don’t care, they just are willing to accept it, and it’s the default :(
This has no risk of “chain split”?! This is wholly unrelated. And any EU countries with such a requirement are gonna have no such requirement with (the current draft text of) MiCA.
It seems like quite a jump to say that the current regs that they’ve spent a ton of time building don’t have such a requirement but but they’re definitely gonna add it? Do you know something the rest of us don’t?
More generally, the push should be that there’s no way to practically verify, and exchanges instead should get users to agree and then do risk based analysis, not push users into a nuts protocol.
Sure you can, especially when no one uses them so they won’t be missed today!
Nah lol, almost no one uses it today.
It’s far from that simple. Most sensible jurisdictions have no such requirement, and having software broadly available encourages them to add such a thing. AFAIK the only jurisdiction with any such requirement is Switzerland, and it’s also not clear at all what would or would not meet the requirements. The requirements aren’t defined technically they’re defined broadly, simply signing that it’s your address and the exchange checking Chainanalysis might well suffice.
It’s time for bitcoin wallets to remove “message signing” entirely, before it’s too late. https://github.com/bitcoin/bitcoin/issues/27515
Sadly BTCPayServer only really works on chain. It has lightning, but without native LSP integration it’s not useful for serious operations or without a ton of work.
There’s already plenty of good ones! Competition isn’t the problem.
Sadly they appear to still be the default option for large businesses that don’t care about bitcoin but are happy to integrate it. A number of large providers use them :(
It’s downright impressive just how much friction BitPay managed to add to paying with lightning. The whole “bitpay verified” thing (which requires KYC at any amount and appears to be a totally made up requirement that no one else is even aware of) makes it totally impractical to use any EU BitPay merchant, which means I use bitcoin a hell of a lot less than I’d like.
Yea, sounds like that was true for some miner mempools.
Basically? Define, precisely, “clear”.
Downright frightening for anything security focused…. You have to audit all that crap, ya know.
(I’ve never used it, it may be jank, but the dragon is absolutely great)
By an order of magnitude the best VPN in existence, most importantly because your cohort is normies. And I absolutely despise Cloudflare and think they’re evil.
The inevitable anti-spam outcome was inevitable.
No, apparently didn’t propagate.
They got a lot of pushback on this nonsense, so I’m betting it’ll get dropped.
Classic issue in larger open source projects - if you let the people who *want* to be on committees like trademark and CoC run them, they’ll stomp all over people trying to do actual work and be left alone. If you fill those committees with people who have actual work to do they’ll leave everyone alone unless there’s a real problem to solve.
We’re gonna pretend that it’s that different from most of what’s already on Netflix today?
Yea but they still have to pay actors to act them out…. What happens when they don’t.
Was gonna try walletofsatoshi but I guess it’s down? Just sits there with things flashing like they’re loading and my phone gets warm.
Will be really fascinating when Netflix is all auto-generated live on demand based on what kind of show you want to watch right now.
#note149w…5tfg
Ah! At the time bitcoin: URIs were built I don’t think web apps could handle URIs :)
I’ve never heard of such a thing. It definitely wasn’t true when bitcoin URIs were first built.
I don’t believe they have any code specific to handling bitcoin:. Its ultimately just passed to the OS and any application can register to handle it.
He got made to look a total fool on MSNBC (I know, but the facts there don’t lie) over the Twitter files in an interview yesterday…. It was mostly just inaccurate :/
lol I tried to send the media link to someone on dm and Twitter refuses void.cat links apparently.
All while claiming DNS “isn’t in their security model” (yes, that’s what tls people keep saying…)
I will henceforth refer to the TLS threat model as "its not the cloud^H^H^H^H^H Certificate Authority, its someone else's DNS resolver!"
Probably, but that doesn’t necessarily make a lawsuit go away.
Maybe, but it depends on which the decision makers are and what they know. Any large company could be risk averse…. Or they could be a COPA member :)
Please implement in OTS + put the whitepaper there? Kthx.
So how do we convince Craig to sue Apple? They’re obviously the largest violator in the world of his supposed copyright!
Do Certificate Transparency Logs support ordinals?
But YT Music also doesn’t require local DRM to play….ofc that also makes ripping TIDAL annoying, still very doable but annoying.
YT music has always been buggy garbage, but it’s just another frontend to YT, all the YT Music content is just Videos on YT under the hood. If I’m honest I just rip them and put them on my server…at least when I can’t find it anywhere else.
Yea, I mean part of it is folks uploading their rips of vinyl-only stuff to YT, but even the official library size is (IIRC) about 2x any other service. For old house tracks or remixes that makes a difference.
Then again I also dumped YT for self hosted due to the library size 🤷♂️
Ugh makes me want to switch to Tidal, sadly the library is like 2x smaller than YT, and I have problems with YT library size :(
Yep, this is terrible! You should reach out to the devs of the tools you use and ask for (a) exposing the setting and (b) making the default <50% (for public channels on nodes with a number of channels)!
Makes (live-)probing harder.
It’s a really terrible outcome that folks have come to expect to be able to send their full channel balance as a single HTLC for channels between routing nodes. Not only should you never commit your full balance in a single HTLC for DoS reasons but you really, really, really need to set your max-in-flight well under 50% for network-wide privacy!
lol you think that’s bad? LDK CI is like an hour and a half, times like 6 jobs. Thanks free GitHub cpus!
Then you have double the liquidity issues, though, which is already tough :(.
It’s really not an easy problem, though I think it’s fixable. Needs serious resources and contribution to get it there though.
We’re still so early when it’s still so rare for folks to understand the fundamental difference in these things :(
We gotta figure out noncustodial btcpayserver-lightning man, also inbound liquidity. Btcpayserver-lightning is such a mess :(
Hey, I’ve been pushing hard for (more) private Lightning gossip forever!
All in the middle of a lawsuit over his promotion of Doge 🤦♂️
Heh, the LDK rapid gossip sync server is quite useful to have around. Gives you a local Postgres DB with all the lightning gossip history in it to query as a side effect.
It is an echo chamber! But it’s a hell of a lot better than somewhere where you’re constantly “doing battle”. And let’s be honest, if you’re always “doing battle” rather than learning, Twitter is also an echo chamber.
I will always miss peak Twitter, but I’m not sure how much demand there is for such a platform today - as long as there are fragmented communities that feel much “friendlier” (because more folks think the same) people will prefer that. Maybe you can emulate that feeling with platform design, but that seems to have tradeoffs that make the virality of peak Twitter impossible/very rare.
I could just be over-indexing on today, but I also think a more decentralized Internet is good, and not just decentralized protocols, but many different platforms and protocols available to people.
(You might argue that there will be many platforms built on nostr, which is far, and insofar as they’re sufficiently siloed I think that would still be my point, even if they share a common backend)
I mean that was literally why I used the vor wallet, and I’m literally not going up upgrade the software I use for my wallet ever(?) again.
Backwards compatibility and confidence it’ll still be there in ten years (oops lol, not anymore, yay SQLite wallets, guess I’m never upgrading again wheeeeeee)
Yea, not just better for conversation but better for everyone’s mental health.
I’m not convinced any single platform will eclipse Twitter at its peak (for intellectual/issues discussions), but I think that’s a good thing.
Forums were always topic focused - you could get together with other folks interested in the same thing as you and chat.
Communities should be communities, not one huge pot where everyone’s shoved together - that’s just a recipe for people to dunk on each other instead of actually sharing ideas. Short posts in social-media-byte-sized takes don’t convince anyone of anything, you need a primed audience and long form posts.
Not having An Algorithm helps - you follow who you want to see and create your own community, but that leaves something lacking - missing a broader narrative.
Reddit tried it with subreddits, but the format wasn’t conducive to great discussion either.
With Telegram (and discord) we’ve seen a return to small communities (via Group Chats, which I’m told are especially popular with The Youths).
nostr/mastodon have strongly self-selected for certain communities, and to some extent those still active on Twitter have as well.
I dunno the future or what to do with it, but there seems to be a real trend towards smaller communities, it means more groupthink but also much more relaxed environment where ideas can be shared with less friction.
And still missing the point :)
Heh, alright, 1 in a million with lots of context. Still kinda beside the point - folks being super negative to other bitcoiners drove many away, and welcomed in very, very few, if really any.
I mean if they opened up the currency to be more freely convertible you could argue it may be more interesting to save in. That’s part of the thesis here - the currency people want is the most freely convertible one. But, yea, giving up control of the capital account is required for that…
And yet you seem so cavalier about the impact of driving away half the potential devs working on turning winning into won :p
That’s great in theory, and honestly I’m only here because of that, but, again, lots of people don’t, and when there’s things like soft forks being proposed you can’t - the bitcoin user base has to agree. That drove good people away, just telling them “ignore Twitter” isn’t helpful when they’re getting harassed everywhere.
Nah, I’m not naive enough to think I can force anything. I’m just suggesting (a) it would have been nice had there been more responses of “nah lol” to garbage takes that drove good people away and (b) happy that many of the garbage takes and “bitcoin puritans” seem to be slowly going away, at least in part because the platform doesn’t as much encourage such nonsense.
You can always push the date back on your doomsday cult :)
Fair, I think lopp does a good job of describing it, he calls them “bitcoin puritans” https://blog.lopp.net/history-of-bitcoin-maximalism/
Bitcoin is neutral, the people around it who interact with each other is a community (even if only a small part of the bitcoin user base). That community has norms, and like it or not that community led to lots of destruction of Bitcoin’s potential over the years.
Communities have norms and accepting that “this is just the bitcoin community” drove lots of normal people away from bitcoin, devs away from building on bitcoin, and devs away from contributing to core or moving bitcoin forward.
Fine, “bitcoin puritans”. Not sure what you want to call that group to distinguish them from people who just think bitcoin is cool and everything else is boring or a scam.
I think maybe our disagreement here is whether the “Bitcoin puritans” were just “fuck your scams” or more. As loop argued in his recent piece, they seem to be way way more - spending time attacking people who contribute to core for perceived slights, seeking out targets to attack who didn’t do anything related to bitcoin, etc etc. sure, there are reasonable folks who didn’t, but they also accepted plenty of trash under the same banner without batting an eye.
Even if you don’t buy broader community arguments I can absolutely guarantee you that both the bitcoin consensus system and the state of general bitcoin software and usability is 2+x less developed than it would be without obnoxious Twitter morons.
I’m not even talking about people who think bitcoin is dumb, but people who saw it, thought it was awesome, then just moved on cause it was a waste of their mental health and time.
This doesn’t even consider the bitcoin core contributors who did the same over the years, folks who worked on non-core projects, and the folks who stuck with it but feel unmotivated to even bother proposing important bug-fix soft forks because of drama.
I don’t get the “not ready” thing - people have one life and can choose to spend it how they see fit. If they work on bitcoin for years then move on because the benefit of bitcoin to then personally isn’t worth their mental health that seems…perfectly reasonable? And also absolutely means bitcoin is smaller, a less powerful political and general force that it would have been.
I genuinely don’t understand how anyone could argue that bitcoin being smaller is good for bitcoin, unless you think bitcoin is just a novelty collectible and not actually something that can expand human freedom.
lol you’re the one who claimed education isn’t a big part of people getting into bitcoin.
I don’t know a single bitcoiner who got into bitcoin without any educational resources to understand what it is. You have to start somewhere and it isn’t “oh, these people are mean, let me see what they’re on about”.
There’s a huge difference between people who understand what they’re doing and are attacking bitcoin and people who haven’t had a chance to even be exposed to any bitcoin is cool yet.
I’d think 100x more people got into bitcoin thanks to folks doing hard work to provide quality education resources than people who got exposed via Twitter nonsense :). *that’s* what made bitcoin win :)
I want bitcoin to grow to provide the maximum value for all potential users, not just bumble along with people who are bored enough to dig into bitcoin.
User base in countries where bitcoin adds lots of value is tiny. Hell, even in El Salvador bitcoin adoption is tiny. We have a *long* way to go.
That’s just not how people work. People are busy, they don’t have time to understand or care about the things you do. If you expect everyone to not have a life outside of bitcoin without ever even having a chance to look into it we’re never gonna grow the Bitcoin community.
Totally and completely different - “didn’t even get a chance to materially understand bitcoin” vs “ragequit after understanding bitcoin”
Winning in what sense? “Against eth” I couldn’t care less about, in general mindshare with average people globally we’re doing okay, but certainly have a lot more to do.
The outcome here sucks not only for those individuals, but also means we have way less people advocating for bitcoin than we otherwise would. That has held us back a lot. Worse, those people were sometimes advocating for things that made us look bad by association.
You’re confusing a handful of people moving onto other garbage for everyone in a group. I know talented devs who likely would have built solid conviction on bitcoin but never got the chance, who instead have solid conviction on eth (even though they hate most of the things being built in that world!)
Tons of great folks who would have happily worked on bitcoin got screwed into working on random shit that went nowhere. Problem is when you’re getting into a space and don’t know anything it’s not unreasonable to decide based on “wow, that community has no intellectual value, just mean people and bad memes”.
Not to mention for years any time I met anyone working on eth stuff they all had some story about how they started with bitcoin but the community was unlivable so they moved on. Sure, some just wanted to issue a token and get rich, but many (especially devs) genuinely just wanted to build cool things.
There was way more targeting by bitcoin puritans than the other way around :p
Eh, i mean the toxic morons mostly dominated that term, with little to no pushback elsewhere. Lots of people have since claimed that “we’re all bitcoin maximalists, they don’t define it”, when meanwhile they were the only ones to use that term for years and anyone i spoke to outside of the bitcoin Twitter bubble thought that term referred to the toxic morons.
Either way it means that movement is dead. And good riddance, man it held bitcoin back so much.
#[0] what’s your take on https://archive.is/2P2IC ? I’m no macro economist but it seems compelling - basically there’s no chance for yuan to materially dominate international trade because it’s not freely convertible, and if china were to let it be their export-driven economy would implode with a rising yuan.
It’s funny that the bitcoin puritans/formerly “toxic maxis” or previously just dominated the term “bitcoin maximalists” just don’t really feel like a thing here? Maybe it’s cause I don’t follow any of those idiots but i genuinely think their engagement hacking just doesn’t work with The Algorithm.
It’s nice that they’re finally basically almost dead (even on Twitter?), they drove so many good people away from bitcoin and bitcoin development.
(Ht https://infosec.exchange/@SwiftOnSecurity/110127514689664893 )
(Allegedly) From the movie Garden State, by Zach Braff:
"You know that point in your life when you realize that the house that you grew up in, isn't really your home anymore? All of the sudden even though you have some place where you can put your stuff, that idea of home is gone.
You'll see when you move out - it just sort of happens one day - and it's gone. And you can never get it back. It's like you get homesick for a place that doesn't exist. I mean, it's like this rite of passage, you know.
You won't have this feeling again until you create a new idea of home for yourself, you know - for your kids, for the family you start, it's like a cycle or something. I miss the idea of it. Maybe that's all family really is.
A group of people who miss the same imaginary place."
IIRC he got banned from superchargers.
This is why we need mobile miners on trucks.
https://nostr.build/i/nostr.build_0377724b5f76cb2df3f86cac5354ca563082996cba9b91bc5e5a129d6aa7d20e.jpg quick, go plug in your miners at the Tracy Safeway substation, even with transmission fees that’s still -900,000$ per kWh of energy used.
It gets tested to make sure future changes don’t adversely impact one of those labels more than others. That’s it (according to the comments in the code).
How is it 2023 and we’re still trusting a huge bag of Certificate Authorities to authenticate everything we do online? We knew this model was broken 30 years ago, but I guess we just don’t care about real security.
Is it confusing to anyone else that the nytimes has a column called “hard fork” that isn’t at all about cryptocurrency (but covers big tech).
I’m well aware of how they work - they use every iPhone in the country to find lost tags, all privately so that the phone involved doesn’t learn about the tag’s owner.
I really struggle to see a company selling a privacy-first product to consumers as “the problem”. Yes, technologies have uses you may not agree with, this goes double for bitcoin, too, that doesn’t make the technology wrong.
Any more so than bitcoin is at fault because North Korea uses it to raise money for its missile systems.
Okay? Technology advances, including surveillance technology. Hell, the airtags have anti-surveillance features built in to warn you of unknown ones traveling with you. I really don’t see why a company selling a product for consumers that also gets used (with a warrant) for LE activities makes Apple the bad guy here.
I mean they’re just replacing their existing gps trackers with AirTags? Okay?
No lol, trying to improve things, not break them :)
Oh yea I’ll ping him. I know him from the blockstream days.
Anyone have good contacts with someone who is well-respected in IETF/TLS circles who would take a half hour call? It’s worth it to the security of the internet, I promise.
Yes, what about it? It’s definitely much more secure than CAs, though there’s a number of practical adoption barriers with browsers (some good, many a cargo cult).
Anyone want to massively improve the security of TLS with a super ambitious project?
https://twitter.com/thebluematt/status/1640913550305812480
(Assuming you’re trying to authenticate against a host name with no previous communication or idea of the host you’re talking to)
Yes, DNSSEC is literally the only option to avoid that….
If someone tells you that DNSSEC is bad and you shouldn’t use it for security-critical applications you can probably write their opinions off on all security topics wholesale. There’s a huge cargo cult around it and it makes pretty clear someone doesn’t do their own thinking.
This isn’t a relevant problem for a chat room, though - spam and moderation in a developer chat room will mandate someone having the ability to ban accounts.
By default sure, but at least it’s an option and anything automated should of course choose not to save. Important that its optional.
Okay fixed my lnurl to not save lol. Feel free to request as many as you want!
Oh wait not on the sample. Please don’t kill my node lol
LDK invoice generation is stateless 🤷♂️
Definitely agree, I don’t think we’re screwed, but I think we’ve finally, officially, reached the “then they fight you” phase of bitcoin.
At least if they also support ETH the environmental argument is muddled, which I think has actually helped a lot over the past six months.
They couldn’t, they’re turning off ACH. I’m sure they’ve been trying for a while….
I dunno, the environmental argument was *the* trump card played until the ETH merge. Then the waters were muddied a lot.
Hell, if they were bitcoin +ETH or whatever they’d get more flak for environmental issues, even if the securities issues are reduced.
I don’t buy for a second that would have changed the outcome here, even if I agree running a casino isn’t a business you should generally be excited about.
Confirmed independently, though I didn’t get that email directly.
Kraken is getting cut off from ACH. One of the oldest, well-regulated cryptocurrency exchanges getting cut off from many consumers…. The establishment is fighting.
We’ve failed to build influence and get policy people in place who will stand up for freedom. Sadly it seems very very few in the US care about freedom anymore, certainly neither major party does.
I’m *very* disappointed in the entire “bitcoin policy advocacy” world for not giving two shits about one of the biggest regulatory overreaches in bitcoin’s history.
Meanwhile the WSJ Editorial Board writes about it!
We’ve failed.
#[0]
They don’t differentiate, the accounts include bitcoin companies as much as anything else, don’t be naive.
FDIC refused to sell the crypto accounts at signature, instead opting to debark them.
I’ve honestly always been super dubious when people try to claim that we’re at the “then they fight you” stage with Bitcoin, but I really honestly struggle to find an explanation here that is anything *but* that.
#[0]
And that’s that. FDIC confirms it kills crypto in the acquisition https://www.fdic.gov/news/press-releases/2023/pr23021.html
To summarize, NYDFS seized a not-bankrupt (based on their own and management’s comments) bank (at least in part) because it banked crypto/bitcoin companies, taxpayers spent money to inject more cash, and then NYDFS turns around and sells it with the condition that crypto/bitcoin gets debunked.
Your tax dollars at work!
#[0]
I don’t care if it says “crypto” these folks don’t differentiate, this kills bitcoin startups too.
https://www.reuters.com/business/finance/us-regulator-taps-piper-sandler-new-bid-sell-silicon-valley-bank-sources-2023-03-15/
“Any buyer of Signature must agree to give up all the crypto business at the bank, the two sources added.” - Reuters.
So that basically confirms NYDFS lied when they claimed Signature’s customers wasn’t a factor in the shutdown.
Sorry for the delay, sent!
Is anyone defending banks? I just see people wanting a bailout.
Short lol, I’m gonna leave that up
USDC Shirt due to a traditional bank run I did not have on my bingo card.
(I mean okay not short that much, they’ll make it back).
People on nostr don’t care about the potential for bitcoin-damaging MEV (not from ordinals, but other protocols mostly). Pick your poison, outrage or ignorance.
I don’t think so, you can have those things in a way that doesn’t create MEV. Eg after-the-fact ordering with block hashes.
To be fair, I only learned this after I opened an issue in their GitHub and they responded :)
Well the rollout folks apparently have such an option - just letting people transact on the bitcoin chain and using that to determine higher-level tx ordering.
As long as it’s via a sequencer, it doesn’t introduce MEV on bitcoin, which is totally fine! That’s one of many ways to design systems that use bitcoin without actually introducing MEV, which is great. There are other projects folks have been talking about which introduce material MEV.
Data storage on bitcoin is.. whatever? Pay miners.
Introduction of MEV is a *huge* issue.
As we’ve seen with ETH both pre- and post-PoS MEV creates intense centralization pressure that would all but defeat the purpose of bitcoin. Luckily there’s no excuse for introducing MEV - any system you design which does introduce it can ~always be designed to avoid the introduction of MEV. While people play around with systems built on top of Bitcoin it’s important to suggest MEV-avoiding alternatives and discourage use of MEV-introducing systems.
No, but see the async payments design work for a protocol based on OMs.
Does that……. Make it a security? 😂
On Friday were shipped probably the biggest LDK release yet! Tons of bug fixes and quality-of-life improvements for our downstream developers, not to mention 30% faster route-finding!
Full release notes at https://github.com/lightningdevkit/rust-lightning/releases
Oh right I may have been thinking of wrapped segwit. Anyway all points to yet more reason why talking about MB makes no sense :)
Maybe, but given transaction growth at the time I think it was pretty clearly not the wrong decision. Given today maybe, but today isn’t important either, it’s five years from now, and it’s still unclear.
More importantly, the “effective size” is not 4mb, it’s closer to 1.3mb
No, I really don’t think it was.
Yea they’re confused. I definitely don’t have a million real bitcoin lol.
Lmk if you ever get low, I have a million or so.
It’s kinda sad to see bitcoiners start to make up “drawbacks” of segwit that we “compromised on” that aren’t even true.
First of all, there is no “discount”, only a weight limit, and it’s really fuckin important for bitcoin transactions, and should have been there from day one.
I was starting to think about it…
Funny how much the bitcoiners on Twitter completely fail to understand nuance that folks on here seem to get no problem.
On chain bitcoin, lightning with a normal invoice, really everything but lnurl.
Just don’t use lnurl, bro.
Sorry, you also need to have the geolitecountry.dat from maxmind (eg the geoip-database package in Debian) and set “geoip_country /path/to/file” in your config.
If you’re running an lnurl server you know the ip. Thus you at a minimum have to make a best effort here
I’m literally just pointing out us law.
Maybe but honestly I’m not sure what problem that’s solving
Yes you can, that’s the law
I think you missed the point
I think you missed the point
You entirely missed the point
Grrrr I thought I had added that, guess I forgot
if ($geoip_country_code = "CU") { return 451; }
if ($geoip_country_code = "IR") { return 451; }
if ($geoip_country_code = "KP") { return 451; }
if ($geoip_country_code = "RU") { return 451; }
if ($geoip_country_code = "SY") { return 451; }
Okay, I know, not perfect, but making a best effort goes a long way.
Lots of things fix this. In fact basically anything but lnurl fixes this.
That’s a lot of work to make every client do! Big lift leads to low adoption
Nope! (Well, basically no, IANAL, though, talk to one)
Shipping in CLN+eclair now, Phoenix soon, LDK Very Soon
It could. It doesn’t provide nearly as much privacy as BOLT12 and I’m actually *more* worried about reliability of delivery over nostr (as relays start doing spam blocking) than OMs.
If you know they’re Iranian, yep! That’s the law.
Sadly you need everyone who wants to pay you to support that, which…. Isn’t gonna happen :/
There’s no company/individual distinction in sanctions compliance. All Americans have to comply. The operative Google terms is “sanctions” and “OFAC”.
No the better move is if we all used private payment protocols so we don’t even have to think about this garbage.
To be on the safe side, use a private payment protocol so you don’t have this issue to begin with!
Note that this was for users of its non custodial 2-of-3 multisig wallet.
This is probably the most relevant case: https://www.reuters.com/article/us-crypto-currency-bitpay-idUSKBN2AJ2CI
I don’t see why that would be mandated by sanctions law - you aren’t sending or receiving a transaction by it passing through your mempool, nor are you processing it in any material way towards the transaction’s completion.
It could be added to BOLT11, yes, but BOLT11 describes single-use invoices, lnurl solves the multi-use problem (by breaking privacy). The only solution to that is BOLT12.
Maybe we should have thought about that before we adopted protocols that leak sender IPs to recipients. Gotta comply with the law, the government has more guns than you do.
If you’re an American, and someone in Iran connects to your lnurl server, fetches an invoice, and pays you, you can go to jail. Probably low likelihood and they may likely settle for a fine over jail time, but sanctions compliance is no joke.
Nah, non-private protocols suck.
Maybe next time folks will use private protocols, but hey, I don’t get to decide what people use.
Americans, now that lnurl is getting some adoption, if you host your own lnurl server make sure you're blocking Iranian, Cuban, North Korean, Russian, and Syrian IP addresses so that you don't wittingly accept a payment from users in those countries! Not worth jail time or fines.
Just got around to setting it up on mine, luckily nginx makes it easy.
There’s lots of self-hostable GitHub alternatives! The biggest missing gap is “login with X”, for many of them, plus enough pressure to do the move.
In the use-case of nostr you could, for example include the public key required to sign the invoice to prevent interception.
You could imagine very trivial adaptations to lnurl to make it compatible with noncustodial providers, but no one bothers…
Sure, but even before that it’s not hard to imagine simpler protocols that still work in a non custodial manner, or even trivial adaptations to lnaddress to do so.
Why are you asking me lol
lol, u-blox as in the GPS receivers.
So anyway if anyone needs the source for the u-bloc firmware updater with a Linux makefile let me know.
Don’t you love when companies send you a file titled “*_Confidential _NDA.zip” but forget to ask you to sign an NDA?
There is no discount, it’s all in your head. Wake up neo.
Why do you hate full blocks so much, anon?
Chatted with Stephan Livera the other day about, well, everything bitcoin.
https://stephanlivera.com/episode/461/
Bitcoincore.org bandwidth usage
Research problem for bored lightning-interested parties: build a network simulator using real probing data (i.e. how fast are nodes to respond, HTLC success rates, etc), and then figure out how to do upfront-overcommitted payments for high success rates.
https://lists.linuxfoundation.org/pipermail/lightning-dev/2023-February/003853.html
The current software, yea
That should be, though Tor HS addresses propagate relatively poorly, so it may take some time before you get many inbound connections.
Publicly-listening, probably few, downloading the chain dunno, but bandwidth usage on bitcoincore.org is way up.
Lots of new Bitcoin full nodes these days. Almost certainly ordinals folks.
Somehow I think if they haven’t after years of abuse this won’t change it :(
Even better, go solder something.
Luckily currently others are paying for it.
It’s also wasting money from people who do, who are stuck with the defense bill.
Probably? It seems likely most of them are also victims of the con. But who knows
Right, that’s my point - the case is absurd - but also expensive. SLAPP is a thing, and this is it, and it can have chilling effects.
Luckily, currently, money isn’t an issue in this defense.
Bunch of random current and former bitcoin devs, inviting myself.
Calvin Ayer (and a few others, now)
It’s difficult to correctly state the importance of the Craig Wright case - on one hand the case is absurd, there’s so many good defenses[1] that it doesn’t make sense to contemplate the what-if-we-lose scenario. On the other hand the fact that there’s a lawsuit burning millions of (luckily other people’s - we have generous donors in the form of the Bitcoin Legal Defense Fund) pounds has the potential to drive away contributors (it already has to some extent) from bitcoin core, which is a terrible outcome.
[1] obviously the coins were never his, obviously even Bitcoin developers releasing a fork wouldn’t do anything to change bitcoin to steal coins, but more importantly that remedy isn’t even available in the US (where it’s compelled speech because software is speech) and, more generally the software is converted by the MIT license - the very bedrock of the modern open source software ecosystem is that developers have no liability. Without that, open source (and in fact most) software simply would not exist.
Apparently APU2s make a great NTP server. Receivers are +/-30ns so it’s not really too far off that. Not bothering with PTP but with NIC timestamping you could.
https://noc.as397444.net/ntpgraphs/
#[0] why doesn’t damus first fully resolve an lnurl/lnaddress to a BOLT11 invoice before passing it through as a link to open a wallet app?
One of the nicest things about lnaddress is it can ultimately be resolved into BOLT11 for backwards compatibility.
Appears to be a poor nginx default…Will fix itself when my caches pull updates:
> TIL nginx, by default, caches gzip’d responses and ignores the accept-encoding in the request when serving from cache. What a strange default 🤦♂️
TIL nginx, by default, caches gzip’d responses and ignores the accept-encoding in the request when serving from cache. What a strange default 🤦♂️
Probably worth posting this - if you want to know way too much about the issues lightning faces over the next few years, and some of the solutions being worked on, watch this.
https://youtube.com/watch?v=s9KMRWkcwtE
Great for paying custodial, tho :) https://damus.io/note1xunnyy55n9h3ltxkkrxfy0zvfsrzrdxenay448hd3pwazyssfdsqf56wuc
Hours required :). It’s coming (very) soon, everywhere but lnd.
Heh, nah, I mean deploying BOLT12 so average non-custodial mobile wallets get the same UX :)
It’s not just about risk, though - Personally, my job is to reduce the gap between the UX of custodial and non-custodial services, but custodial services will always win.
For those who can afford the cost, custodial is great, but we have to make sure those who can’t aren’t iced out of using popular technologies entirely.
note1q6kaw2z30w97ehju5vteu7vgwzydlqfmt08hmu7kulzs8hmu9ycseq5cgg
That’s totally fair. Personally, my job is to reduce the gap between the UX of custodial and non-custodial services, but custodial services will always win.
For those who can afford the cost, custodial is great, but we have to make sure those who can’t aren’t iced out of using popular technologies entirely.
Well, it solves the specific issues I highlighted here :)
https://m.youtube.com/watch?v=s9KMRWkcwtE
If you ignore lnurl/lnaddress, lightning works pretty well with a mobile non-custodial wallet, eg Phoenix.
It’s great for senders sending to a custodial wallet, though, as long as they remember to proxy the invoice request through tor (which most don’t, sadly 😬)
The UX of lnurl/ln address is such a trainwreck. If you’re just someone trying to use lightning you install a mobile, hopefully non-custodial lightning wallet. But a non-custodial lightning wallet can’t give you an lnaddress - that’d put them in between you and your money and give them the ability to steal funds from you. So instead people are pushed to install a huge stack of software on a home RPi and run their own node/manage liquidity or, worse, just switch to a custodial wallet.
Not nostr, but related: https://thume.ca/2023/01/02/one-machine-twitter/
Yea, sender announces their IP (and client info, and probably even a user agent so client app) to the receiver :(
Yea, more of a minor gripe, anyway. Bigger issue is it throws away the hard-won sender privacy in lightning 😬
Really need to get support for BOLT12 on nostr clients - send to an introduction point with a blinded path after that (~ala tor hidden services).
Biggest shortcoming of running a full lightning node - relying on having the full blockchain for DoS resistance….need workable ZKPs we can embed in software to fix it, though, which is surprisingly hard to come by :(
Free backdoor to steal your coins!
“Oops now you can’t send bitcoin to Africa cause no exchanges there meet our arbitrary jurisdictional requirements”….
Educate lawmakers by hiring lobbyists and regulatory affairs professionals. There’s an entire industry of people dedicated to getting your talking points in front of regulators…. Use them!
And, depending on the amount threshold, I consider the second just as destructive to Bitcoin’s value proposition as an outright ban, if not more.
Define “ban” - outright “you cannot accept, hold, or transact in bitcoin” ban? No, sure, not in my lifetime. Not impossible in the EU, but also not likely.
“You may not withdraw from a centralized exchange in amounts over $10k without the recipient also being a centralized, kyc, regulated exchange”, very possible. Not so likely in the us, sure, but very likely in EU.
We’re failing miserably to educate EU policymakers in the way we have US ones.
Yea almost every other language is mais, which is the only reason I know what it means. But this is the English Wikipedia.
TIL there is a years-running debate whether the Wikipedia article should be called “maize” or “corn” (and somehow its currently called “maize”, a word I’ve literally never seen used in an English sentence).
Honestly I try to stick with the “upstream” browsers. The folks who spend all their time developing the browser itself know it best, vs folks modifying it downstream. I suppose “just modifies a bunch of existing config options” is a different story, but it’s easy to just stick with upstream and do it yourself.
This is a really fascinating future to think about. If LLMs replace most of our online interactions, will it also replace Twitter/mastodon/nostr/“public” social media in general?
There’s already a trend towards “the group chat” being the place you post things you might have posted on Facebook/Twitter years ago. If Twitter is all LLM bots that look real, will it further remove the sheen of public social media?
https://infosec.exchange/@lcamtuf/109656542064254399
Currently Firefox with privacy.resistFingerprinting (the Tor uplift config) on.
Currently Firefox with privacy.resistFingerprinting (the Tor uplift config) on.
I’ll just stick with a browser that respects me over one that tries to scam people, even if I’m smart enough to avoid it. To each their own.
Sure but no point in bothering with a few rebate unless senders support it. Better to just have channels with peers that don’t run ancient software vs waiting on every sender to upgrade. Worse, you can’t do negative fees, which is part of the point.
Yea, your individual counterparty on a channel you want an inbound fee on need to upgrade. However in the alternative method all nodes in the network need to upgrade.
(Specifically, they’d dm the “recipient” letting them know they had BAT to claim, and if not they’d take it back)
https://github.com/lightningnetwork/lnd/pull/6703#issuecomment-1374694283
There's a number of ways to do inbound fees in lightning. The naive method would be to just slap extra data on the routing information announcements and tell people to pay you more in fees. Of course that doesn't work because users are free to ignore your demands (otherwise how would you roll it out over time - you don't want to reject all payments from old nodes), so the naive fix would be to just make inbound fees negative-only.
Some time ago Rusty Russel proposed a much better way to do this - instead tell your counterparty "hey, I need an inbound fee of X" and your counterparty can add that extra fee to *their* announcement - the same way they announce today. This means no one else in the network needs to upgrade and you can do positive (and marginally negative) fees without any headache. It requires a tiny bit more code on the client side, but avoids the upgrade headaches and usage restrictions.
Guess which version lnd is gonna ship? Hint: its not the better one. I guess luckily we have a spec process so that lnd gets feedback, they just choose to ignore it.
Why not just use another browser that also has similar features and doesn’t require bending over backwards to use?
Maybe, but there’s plenty of browsers with privacy features that *don’t* edit the webpages you’re viewing to try to pump their scamcoin, why use one that does?
If you also want to prevent mainstream users, sure, but even then probably not. Money doesn’t prevent spam, it generally makes it worse.
I think their play here is farcaster, not that conflicts ever really stopped them from investing.
I don’t think the clients is the risky part there, much more risky is where the discovery algorithms run, how spam blocking propagates, how “asshole blocking” propagates, etc.
The important thing here is that the relays are redundant, not a pick-your-server.
Both are still early, depends a lot on how they evolve, but at least from where we sit today, they’re similar.
Once it’s released, no. AFAIU, architecturally it’s pretty similar to nostr, but with a lot more features.
I guess the relays lost an old post, but I found an old unpublished blog post from a few years ago and figured I’d post it as-is. A 10 year retrospective on bitcoin: https://bluematt.bitcoin.ninja/2018/09/12/ten-years/
I think reactions is the tip of the iceberg, blocking+filtering plus algorithmic surfacing of “top posts” is a *ton* more effort to add, and probably much more required.
Yea, there’s definitely a lot of activity and building, who knows how it’ll go, building activity is usually a good sign it’ll get “figured out”. Sadly there’s quite a monoculture on nostr, so we’ll see if the features that are needed for a broad audience get built (this is a big issue with Mastodon - there’s an allergy to building things people want because there’s quite a monoculture in “what people should want”).
People want a lot of things from a Twitter-like social network - popular/viral post surfacing, moderation tools (of what form depends a ton on who you ask, not everyone wants *something* to at least block assholes and CP), etc. nostr grew organically and quickly and lacks designs for these things. Bluesky considered how to do them in a decentralized and user-owned way from day one.
Yes, I didn’t understand the point of bringing that up :)
Bluesky is also far more complete in its approach to building a social platform, in the public-conversation style of Twitter. Nostr is moving fast but there’s a long ways to go to get to a similar level of design thought.