@NickSzabo4 @adamamcbride @LukeDashjr @tmornini @gofreesamourai Even if it was p2p file sharing, or free-net, eternity usenet (I implemented 1997), usenet (also flood fill for 45 years now), that ship has been around for decades. Usenet topically is flood fill, and was used (abused?) for distributing porn, DVD movie rips in uuencoded parts @NickSzabo4 @adamamcbride @LukeDashjr @tmornini @gofreesamourai You have to imagine someone posted things illegal in various countries over the 45 years. What would usenet node operators do? Probably nothing as common carriers, they're not moderating or even reading all the flame wars and thousands of groups, alt.binaries etc.

Bitcoin is owned by humanity, the protocol developers are stewards, and need consensus from users to change it materially. bitcoin is about money, spam has no place in the timechain. what defaults the bitcoin core project puts in the reference client matter in this. in may there were 88mil JPEGs in the chain, now 4 months later, there are 105mil JPEGS, a 20% increase. in may 7000btc fees had been paid, at $100k btc that's $700m or an average of $8 per JPEG. they are primarily in taproot inscriptions. (@BitMEXResearch data)

FIPS 205: SLH-DSA. best PQ secure signature candidate for the moment IMO. signature size a bit big, but if we want to stop premature quantum FUD, make a new address format with a Schnorr taproot, and a SLH-DSA tapleaf. QED. future work: signature aggregate SLH_DSA using STARKs. you can migrate to a new address format, at your leisure during the following years or decades, that can be spent using Schnorr, and without today paying the space and fee cost of SLH-DSA signatures. but you are ready if/when cryptographically relevant quantum computers exist.

@mattkratter debunks recent false claims about @BlockstreamJade. The fake RNG security report with AI hallucinated RNG code not in jade nor esp32, and old debunked claims recycling nothing burger API on some ESP models already debunked by @EspressifSystem

https://x.com/mattkratter/status/1913224524969156765?t=mX1ZDxHHrfPOEGvZpVAJEQ&s=19

Some other things to observe: first evidently fabricated security claim articles? Not good, need to cut that off.

Also I am sadly disappointed at dubious behavior of a few people who clearly understand these reports are fake, hamming them up, presumably for competitive reasons.

"paper bitcoin" story playing again, to avoid repetition here's a thread to debunk that theory. think about it: fundamentally there are very few people who are long-term short bitcoin because it's volatile and tends to go up 10x in short periods so no one wants to short it. one data point: there are generally no call or put options longer than 12 month duration. that's because no one wants to sell the calls. lots of people would buy them. with futures (perpetuals and dated futures) they are side-contracts, so there is a short seller for every buyer.

"a security is first and foremost an ethical concept, which is why the legal concept even exists" -@allenf32
you're relying on company management or service opetators who have privileged information, and management discretion affecting your investment. they defacto could rob you Cypherpunks like Wei Dai, Tim May, myself were interested in smart contracts, anonymous or pseudonymous commerce using reputations, good behavior bonds etc without the possibility for physical enforcement and smart contracts rather than court/arbitration process. A decade of alt

early this year i was curious of the claim "bitcoin 2x's per year on average". it checks: the decade jan 2013 - dec 2022 #bitcoin went up 2.036x/year (1200x in a decade). if that continues we'll cross $10mil/BTC and $200 tril market cap by end of next 2 halvenings, about 9 years. $200 trillion is a @halfin 2009 #bitcoin market cap prediction number. it's a LOT, displaces a significant part of the store of value premiums in bonds, real estate monetary premium, gold, 60:40 stock portfolios, etc. some think adoption will slow, derivatives reduce volatility.

what if gold miners agreed to "improve" it, selling gold plated lead as gold, wouldn't users have to follow? obviously no. yet for #bitcoin newcomers keep getting hung up on this. #bitcoin miners cannot change it, and it's more automatic: ever node assays and rejects digital lead the crux of it is buyers know what they want: pure real gold, and real bitcoin. money is a technology and #bitcoin is better gold, digital gold with a huge network effect and investor history and conviction: buyers know they want real bitcoin, and they can tell the difference.

for first-seen-safe transactions, a current topic of discussion, I had proposed in 2013 #bitcoin-wizards IRC a different way to do it, based on an older concept called "limited show" credentials, an idea comes from electronic cash where you want to deter double-spending in an offline electronic cash system (where people can spend device to device without being able to reach a server or the network), i think the same idea works for bitcoin, but with some new trade-offs. the idea is simple to understand - users could double-spend but if they do then

@nic__carter @VitalikButerin It depends what purpose it works for. Don't forget the context, some PoS coin promoters spend time FUDding PoW to sell their coins, and go as far as to claim PoS is "better" than PoW, and we all know why PoW is needed. PoS fails at those reasons, and so doesn't work (for purpose) @nic__carter @VitalikButerin Eg a central server "works" but it does not work as a basis for decentralised bearer money, without public audit, unilateral withdraw, fraud proofs and ability for users to fire, recover state and replace the server.

@JasonPLowery @TheGuySwann That's sort of standard academic cryptography protocol / computational security game theory language though. Alice isn't going to point kinetic weapons at Mallory, she's going to erect the physical analog of an electrical force field which is nuke proof around her data and comms. @JasonPLowery @TheGuySwann With cryptography in the digital domain there is an impenetrable asymmetric defense advantage. It's like everyone is walking around with a nuke proof personal force field. Stark opposite of physical domain which is composed of 99.999% soft targets vulnerable to asymmetric attack.

TIL "Mass Formation" aka group psychosis, considered a historic enabling factor of totalitarian regimes. explainer from Prof. Mattias Desmet is 👀 opening 🔥 lit. 30% of population susceptible to group psychosis. 40% see through it but avoid confrontation. something to be aware of. real phenomena, though bizarre sounding. apparently people who instinctively reject authority, don't like being told what to do or think, question everything, demand proof, sensible explanations, reach own conclusions, are less likely to be susceptible.

information asymmetry in #bitcoin is extreme.

i doubt china really "banned" mining because they "banned" it many times before, and yet de facto is operating year on year through "ban" after "ban"

also what do people think impact is for bitcoin if they somehow did? nothing much! they relocate miners to other countries, load on trucks into russia, or airfreight

short-term hash drops a bit. transactions slow for a week or so, profitable for other miners, then hashrate adjusts down, even more profitable for other miners, transactions back to normal. fin!

thoughts on leverage. *don't*! better just hodl, dca, cold store. if you're gonna use leverage for fun/profit, you're increasing risk a lot. do it with max 10% of coins (or less). never place a leverage trade without a limit stop, or implicit stop from small position liquidation. low leverage is another option, like 1.1-1.5x. but watch out for the funding rates, they run hot into the 30% APY. you can re-up and add more collateral but then your position exposure gets larger, and so the risk could go over your target, if the whole thing is liquidated anyway

@elonmusk @itsALLrisky the 10,000 alts tried all manner laughable physics and comp sci failed things btw. where to even start on how and why. @peterktodd explained that distributed minnig won't converge when block verification time plus speed of light in fiber optics exceeds the block interval. /1 @elonmusk @itsALLrisky @peterktodd further the broadcast+verification latency needs to be a fairly low fraction of block-interval or you get race-conditions, due to the lack of coordinated time in async networks. you can't "trust" other miners or you'd just as well use a centralized database. /2

Backstory for #bitcoin fork wars, less known tech dispute and ugly compromise, backdrop with consensus incompatible cavalier attitude, blew into a civil war on the re-run. Finally resolved via resounding market rejection and quiet departure of ring leader.

https://twitter.com/pete_rizzo_/status/1334907853241520131?s=19

Apparently while compromise was for P2SH many developers felt CHV was better designed. Peer pressure is bad, must think independently like aircraft systems training. Recall EVAL was resoundingly broken by O'Connor with 70mins review, reckless disaster averted.

#bitcoin bits > sats.

Time for a bits reboot, IMO. Sats are confusing, afaict sats were designed by Satoshi to be bitcents under bits.

1million is much easier than 100mil base.

Even bitcoin-qt (core) had bits for years.

You still have sats, just bits and bitcents (aka sats), like dollars and cents.

IMO one should think about @100trillionUSD's S2F model like Moore's Law: it's just an observation and speculative projection an observed trend may continue. "Moore's Law" projected the number of transistors in microprocessors would double every 2 years en.wikipedia.org/wiki/Moore%27s… many were wrongly projecting the imminent demise of Moore's Law for decades and despite expectation, it held for a remarkably long time: since 1975, only recently showing signs of physical limit asymptotic effects, new R&D and higher investment kept breaking expectation.

@ciphergoth re TCR mindsarentmagic.org/2020/01/04/100… I also thought on and off that it would be useful to have a 128-bit hash (secure within it's parameters). keyed universal hashes like UMAC can with 3rd party adversary swap collision (birthday 64bit) for 2nd pre-image (128-bit) security. a related thing applies to the original Schnorr paper, which mentions truncated the hash in the c=H(R,m), s=k+cx variant verification: c?=H(sG-cQ,m). however the paper threat model is dubious as the "signing server"can be attacker for some use cases and use birthday collisions

This is fun:

Sushi: loan, airdrop, pump, dump

Litecoin: silver to bitcoins gold, early mine/buy, coast, sell the top. Hat tip @binance

https://twitter.com/adam3us/status/1301406891076190209?s=19

TL;DR @gregoryneven et al proved 2-round musig insecure, we made 2-round work with deterministic nonces + bulletproof ZKP (2 round is good for usability). as SHA256 is CPU expensive @pwuille @n1ckler @real_or_random @yannickseurin designed Purify for low bulletproof complexity.

https://twitter.com/Blockstream/status/1301587578928402432

I thought it was a pretty neat and simple trick to disprove the impossibility by counter-example: make a bulletproof that the nonce is deterministic, cuts off wagner adaptive attack as there are no free variables left. hearing "impossible" led to "is that true, really?" question.