It would be a total repudiation of all economic principles if a very new asset class instantly became a predictable store of value, or an instant currency (unless you're forced to do it, and even then, an instrument like that runs a huge risk of failing and being rejected by those who were the planned subjects of it). It takes time, and a virtuous circle of some use.

But let's simplify things, just get rid of absolute statements of Bitcoin is/is not a this or a that.

• Bitcoin already is a bad store of value (unpredictably increases in value, but it's not losing value long-term)
• Bitcoin already is a bad currency (not much use compared to others, but increasing in usage and transaction capacity, slowly)

I hope that helps



hmmm, your reasoning appears to be "I reckon"? Not sure if that classifies as useful analysis

What a strange disparity: is it not supposed to be "by, for and of the people"? Or did that cease to be (at least in terms of owning assets) when the government threatened their so-called co-governors to sell their gold to them for a bad price in 1933, and then legalized owning gold again 40 years later?

My prediction:

A decentralized Bitcoin denominated trading platform will make a joke out of Wall Street, City of London, Frankfurt & Paris Bourse and Hong Kong & Singapore long before any of these clowns get with the program. It will trade shares in crypto-based businesses, currencies against each other (using independent proxy/stable coins based in multiple offshore finance centers to handle fiat trading), all the various contracts for difference, and then will begin trading commodities against BTC too.

This sort of news isn't the loss to the crypto-asset realm it's made out to be. All the incumbent system is doing is sowing the seeds of it's own irrelevance, I mean are they even performing any meaningful price discovery any more, y'know, the supposed purpose they were created for?

• Bitcoin is slightly inconvenient used in-person, so to say you "can't use it" in-person is wrong
• Microtransactions are possible too, and have been for years (even though the good microtx tech is not mature yet)

Where are you getting your information from, the BIS/G7 report



fiat currencies are backing the stablecoins so that's completely impossible

there is zero evidence of that



and there is also zero evidence of that



and there is also zero evidence of any of that

in particular, all of the above would be crazy (assuming that satoshi is/was not crazy) if the intention was for Bitcoin to ever succeed. The uncertainty could potentially cause alot of chaos in the Bitcoin economy, it makes little sense to store up such a problem just so Bitcoin might one day catch on fire, for what reason? To enjoy watching it burn? (<--- rhetorical question, although I have this funny feeling some joker in the pack is going to try answering it anyway )

assuming satoshi can still move their/his coins, this is a likely reason why it's not happening. Although we shouldn't discount the most conservative thing that all 2009 era mined BTC key holders could do; start by moving their BTC with the highest block number, and do it very very slowly. Satoshi could potentially do so too (we have zero clue what's going on with satoshi in so many ways), so assuming that chaos was not the intention, I expect that if those coins ever did move, that's what would happen; starting at block ~50,000, then working backwards from there.

In such a sequence of events, it could be interpreted as a signal that those early miners are losing confidence in the safety of ECDLP protected coins. Of course, those people may have other reasons to not publicly announce why they're moving to different keys (which are not necessarily anything to do with the safety of the public key cryptography), so you are indeed correct; the lack of information will cause uncertainty, and the uncertainty will rock the Bitcoin ecosystem.

I hope such people (whether satoshi or not, there are others) are reading some of these discussions (it would surely be prudent to do so). If so, I also hope they will consider a slow and orderly move to new key types, and act sooner rather than later.

that's the killer argument

But it makes the case, IMO, for setting a long (several years perhaps) timescale for invalidating P2PK outputs, giving everyone holding BTC at those pubkeys a chance to move funds to hashed pubkeys.

If you believe that the salient factor is how high the proportion of the supply getting stolen by something (not necessarily a QC either) that can solve the discrete logarithm of an exposed public key, then surely if that vast percentage (is it ~20-25%?) of BTC could be encouraged into hashed public keys, then your argument that hashed public keys being safe does not hold, assuming that say 90-95% of public keys are kept safe till being spent? What is the real cost to not hashing taproot keys onchain, just saving space?

well, the whole point of the state is that they take control, but the idea was always that it was limited. As it's turned out, the only things limiting state control are resources, tools, and how well they can cheat and lie to convince people they need more control

I'd add that fascism is really the same thing as corporatism, or this new buzzword "neo-liberalism" which gets right to the heart of the problem. "Neo-liberalism" is pure Orwellian double-speak, it's like they're trying to say the liberal ideas are the problem, "because that's what the western world has been serving up for 200 years"

that's bullshit. liberalism puts normal people in charge of their lives, not governments, unaccountable corporations or too-big-to-fail institutions. That's all the opposite of capitalism and liberalism. The Western world is built on soft-fascism, and the illusion of liberal capitalism, the real fascists (that won the World Wars) have told all manner of lies to obtain, keep and extend their power and control.

You can't make rules that make it easy for the rich to bully and deceive and also tell me capital runs the show. But the fact that people can be convinced this is liberal capitalism proves they don't deserve it until they really understand it. The people who disguised fascism as capitalism, after millions fought and died thinking they were going against it, those people really do understand it, that's why their lies are so clever and effective, because they're afraid they'd lose an open and honest competition.



Same thing here. People assume Chicago School economics is laissez-faire liberal capitalism, when it's actually just carefully disguised state/corporate power, i.e. fascism. And it's so smart, people with "Randian" or "Libertarian" credentials will try and sell you Chicago School stuff as if it's all basically connected, partly because the ideas are superficially similar.

yes, you commit the channel states onchain, but do not connect to nodes on the "main" Lightning network (and so you don't announce your channels on the main network either). Of course, the opening tx's are can only be created using the public internet, but then your alternative Lightning network can be set up on a completely private network (and that comes with all the liquidity and trust trade-offs as mentioned before)

Connecting to the main Lightning network today is like a trip back to the 1990's; you look up a list of LN node IP addresses on a listing site, connect to one, it tells you the current (entire) channel map, then you start making channels at your discretion using the current map. There's absolutely nothing stopping you getting together with a bunch of other people and starting an alternative LN network from scratch, you just need LN nodes and each others IP addresses.

they're almost all CLI programs, we can safely assume this particular casino operator was not running their wallet using Zap desktop.

and when you're running CLI programs, the warning is implicit: you are using potentially dangerous tools that are powerful enough to let you do something calamitous, and so you must assume full responsibility for every action you choose. If you don't understand everything you're doing, that's fine, many people do not, but you're still responsible for everything good bad or indifferent that happens once you press the enter key.

this person could've accidentally dd wiped their server disk (not an uncommon mistake) containing the whole website. Should dd come with warnings to back everything up and check which device/partition is being written to? Certainly not.

they didn't know the risks, and screwed up trying to close a channel using an outdated transaction (i.e. an old channel state)



yep, that was too risky considering they didn't close their channel competently. Every time you send a large amount of money anywhere, on any system, you should be triple-sure you know what you're doing.



nope.

You're probably thinking of the eltoo form of Lightning, which avoids this problem. You cannot make that mistake using eltoo, but it's a long way off (new opcode required, and the details are still being debated, in an already long debate)

You could use these analogies:

How much cash do you take with you in your wallet? $500 max really, anything can happen, and everyone can see the giant stacks of high value bills every time you open it if you do

How big a credit card limit do you agree to when it's 1968 when credit cards are brand new? Not so big, it's new tech, and you're responsible for the tab if anything goes wrong


So when it's one new form of tech (Bitcoin) with another riding on top (payment channels), AND everyone tells you it's inherently risky too, well, I'm not sympathetic to this person, let's put it that way

That's not a reasonable expectation, when you consider the range of adversaries



That depends massively on how long this transient phase lasts.

The safest thing to do is as suggested in the stackexchange article: soft fork to prevent ECDSA transfers, but invoke zero knowledge proofs of BIP32 seeds to indirectly spend them to QC resistant keys.

maybe if you find this so compelling, you could start working on the zero-knowledge proofs to spend ECDSA outputs to QC resistant keys? Like, today for instance? (you'll be busy a while hopefully ) Won't your super coin (or is it a Bitcoin fork, I forget) need it, or will you stick with hashed public keys? We don't want to hold you back, off you go...

tl;dr

• user wanted to close a channel
• user sent the wrong tx, an old one (always use the newest to close any channel)
• the other side of user's channel automatically assumed this was a cheating attempt
• it's in the smart contract that you lose everything if you close using an old tx

moral of the story: don't sign a smart contract if you're, uh, not smart

seriously though, even one of the Lightning devs did this accidentally one time, although I don't think 4 BTC was lost (really, 4BTC? this person was taking the whole reckless thing too far)

It's likely a psychological/rhetorical device: state that stable coins are threatening, leave it unsaid that unstable coins are not. Which demonstrates exactly how weak their position is, they have to exaggerate something that poses zero threat in order to implicitly attack a genuine competitor Don't forget that it's a joint G7 statement agreed on and produced by all 7 treasury departments working together. Did no-one in all 7 notice that this conclusion makes no sense?



Now that Tether is backed in The Caymans (instead of Hong Kong), you'd think that was possible. But there's now an offshore-yuan Tether coin, maybe that will be permitted to survive Who knows quite how crafty Bitfinex's Cayman Islands move was, they've had enough time to get something very cunning set up. They'll probably fold tomorrow now I've gone and said that

I think you're being played.

Be honest, Trump's been displaying plenty of belligerent personality traits, he's just not been given an opportunity to put them into action. If the US military were attacked, are you saying you would be even in the least bit surprised if the Trump administration reacted with overwhelming push-back? And guess what: the democrats would suddenly go all dovish again.


It's a con, and you've both fallen for it. They take turns to pretend to be anti-war, with the convenient excuse of partisanship to disguise the fact that they are literally performing a confidence trick: you actually believe that because Trump (or Clinton/Bush/Obama/Paul/Gabbard) said something that sounded like an ideal anti-war position, that that somehow absolves them when they do the opposite with a little window dressing at a future point? You're serious? You know what anti-war really looks like? It doesn't look like soldiers or military hardware, or massive assaults in countries in which you haven't even declared war (presumably peace is still officially declared all across the Middle East and Eurasia, sure feels like that to live there? Orwell is doing the fucking Charleston in his grave right now)

Every time, the left builds the public up, then the right knocks them down. Then they switch roles

And despite the whole dove/hawk flip-flopping charade unfolding at a faster cadence than in the past, you haven't cottoned on? Dems and reps alternate their pro/anti war stance like the split personalities of the same capricious psychopath, probably because they are the same capricious psychopath. How fast do they have to completely invert their respective stances before you notice that they've blurred into one single entity? Presumably when they notice you've noticed, you'll believe them when they then tell you (more bs): "but it's not what it looks like! this will be the war that ends all wars! wars are anti-war like that!!"

Here's what would make you really anti-war: a real war, in your actual backyard.

ok, it's a cryptographic key, and it's publicly exposed. But it's not the keypair counterpart to the private spending key, right? Or is "keypair" not meaningful in taproot?



Well when it's explained like that, it seems that I am at least understanding something: there are 2 keys related to the spending (private) key in taproot; the internal key and the "actual" pubkey (by "actual" I mean publicly exposed on the chain). I don't think about this kind of math often enough to really comprehend the relationships between them, despite you having just written it out I know the words, but I can't hear the music



ah, now that's I was hoping for, something definitive

So, it seems my recollection was right, but I got the implications wrong:




...however, the whole point of Taproot is to make P2PKH and P2SH indistinguishable on the blockchain (at least in most typical cases?) And so the actual public key for the private key that can spend an output is either another hashed script, or is provided to taproot's compute pubkey function such that no script path can be used. This still permits using the underlying "real" pubkey (which I think is defined as internal_pubkey in the Taproot BIP docs) to execute a spend of the output.

So, the spending pubkey is actually redefined as a key internal to the taproot script, and the pubkey for the overall taproot script tree is the "real" pubkey, as it is now the key that's actually publicly available! The whole notion of what public key means is therefore not the same in taproot outputs...phew!


Anyone have any idea if this has any implications for QC resistance? My instinct is to say that the internal key is never revealed, because the taproot magic keeps it forever hidden. I expect to be wrong

*yawn*

anyone heard any good jokes lately? oh no, here's one gift-wrapped: a new ETF story, what a fascinating turn of events that is

right, Ethereum can act as a base chain for other chains, Bitcoin was never designed to (and so 5 years later, only 1 very simple centralised Bitcoin sidechain exists, where you have to trust 1 company to use it).

Although in fairness, Ethereum has made alot of adjunct design compromises that have made it a centralised system at that base layer; trying to run an Ethereum node is a massive task, and would be very painful and frustrating to start from zero today (I think you'd need months of work figuring out why the chain won't validate this or that section, it's a nightmare task apparently). In practice, Ethereum is a cartelized coin at this point, and there's no way back from that