I didn't get it in October 2023, when you wrote it, but it seems you were right:

https://www.ccn.com/news/crypto/bitcoin-testnet-could-need-reset-13-years-jameson-lopp-griefing/

@vjudeu: I wonder, if your next predictions from your topic will also be correct.

If you can replay transactions, then it means, that you can have two different chains, with two different histories, and they can end up with the same UTXO set. Or rather: a subset of their UTXO set can be identical in both. And the consequence is, that those coins will be connected, and if all of your transaction inputs are in that intersection, then they can exist in both networks. And the final consequence is "network migration", where you can set up the same UTXO set, and then just discard the original chain of block headers, and simply switch to the stronger one, because the whole set of data will be identical, so it will make no difference for the end user.

Also note that developers didn't get as huge hashrate in signet, as we have in testnet3. Which means, that if testnet4 will be almost the same as testnet3, then you will have a similar set of miners. And they may have a huge incentive, to just migrate the history, and get their tokens back in the new network. Which means, that a different set of rules is needed to prevent that, because if not, then you will have similar things in your mempool for testnet4, as you have in your mempool for testnet3.

No. But people resposible for a given repository can do so. The same is true in YouTube comments, and in many other places.

How would you know, if someone is running a node, or is that person just pretending to do so? There is no need to even store the whole chain, to remain compatible with the network, and be indistinguishable from a regular full node. For example, if you would drop some data, which is never accessed, then it could remain unnoticed for quite long time (also because even if someone is doing Initial Blockchain Download, everything is not downloaded from your node, but it is done in parallel from several nodes).

In the modern Internet, it is normal to be shadowbanned. For that reason, I am logged out most of the time, and logged in, only to post things. Also because a lot of sites are tracking their users, and by being logged out, you can often see more subtle details here and there, which are hidden if you are logged in, and placed in some kind of informational bubble.

Well, this is just one more reason to have alternative accounts, and to be logged out, most of the time. Some people wonder, why I have so many accounts, but the truth is, that it is not just "good for privacy". It becomes essential for knowing, what is going on, and what are true intentions of many people. Also, after reaching a higher level in some community (for example being Legendary here), it is a good idea to post something as a Newbie, or some low-ranked member, just to see, if people still judge the content, or if they are lazy, and just merit something, because of the author.

What about IP address? Was it the same, or different? Your fingerprint consists of a lot of things. And if you use Tor Browser, it also has some kind of fingerprint: it is possible to mark it as "a traffic from Tor", if you don't use bridges. And note that typing speed, mouse moves, and other factors are also in use, because simple captcha images are just too easy for bots, and too hard for humans. Fortunately, sites like bitcointalk can allow you to skip captcha, if you succeed once.

There is a better way. A separate blockchain for cloud storage could be better. Imagine a signet, where blocks could be signed by anyone, and where you can freely choose the set of public keys you want to follow. In this way, it would be possible to switch from one group to another, without changing the whole system, just by ignoring some public keys, and picking a new ones, based on the content they signed.

In general, git as a system is distributed enough, to be put in a blockchain-based environment. Every commit has some parent, and all changes form a chain of diffs, that could be signed by the authors. Many things are possible, just nobody wrote the software for that (yet). I guess, it could be even compatible with centralized git servers, with some additional effort.

By the way: the discussion about Ordinals is quite hot, but it doesn't have to be. You can find out, what could be the consequences of blocking that kind of transactions, if you read more about UTXO flood, and other consequences. There are much worse things, than what we have today. Also because, as long as people are focused on Ordinals, they could be later removed in one shot, if you use a trick, that could act like OP_CHECKDATASIG on any committed data, with delayed validation. And there are more tricks under the hood, so it is good to keep those spammers in their current positions, to remove their spam later in a single move.

No, I think non-aware attackers, that are regular users from Bitcointalk, who are pro-Ordinals, don't run any full node, so they can happily support Ordinals, without having to deal with the consequences.

I thought about those attackers. They support Ordinals, they tell, that "it is good for fees", but most likely, they are not miners, to benefit from those fees, and they are also not full node owners, to be affected by any of that. They are traders, or exchange-based users, so they have no reason to shout "save us!", because they will happily jump from Bitcoin to any altcoin or stablecoin, just to cash out, if there would be any troubles with Bitcoin.

It would be true, if the attackers would run some full nodes. But I doubt it. I doubt that a significant percentage of pro-Ordinals users from Bitcointalk actually run a full node. It is more likely that they use just some SPV nodes, and they only use external sites to show their Ordinals.

If that would be the case, then signet would be flooded by 51% attacks. But because blocks are signed, it is impossible to abuse that kind of network. Which means, if you have a good blacklist, and whitelist, then most of the traffic is ignored, and only some messages are included.

Also, note that at the beginning, there will be little or no traffic, and any tools for censoring content, will be introduced gradually, when network will grow. Because you may not remember those times, but it was possible in the past, to write posts on Bitcoin Forum (that was not yet called "bitcointalk", this name was formed later), without logging in. And it was disabled later, when Bitcoin became more popular. In the same way, decentralized forum can be formed: during the first days, it is unlikely to be flooded, if something is new and unpopular. It is more likely, that people will ask questions like "how to connect to decentralized forum?" or "how to sign a post?", in the same way, as they asked "how to unlock port 8333 on my router?".

I don't know if it is, because it will not be exposed that easily, as long as Scanners are not widely deployed. But there were also some malware on the chain, some XSS attacks (because some web wallets and block explorers displayed blockchain data directly, so it was possible to attack them in that way).

In general, blockchain contains a lot of surprises. And if people want "decentralized" things, they usually don't think, that to reach it properly, they would need to send and receive a lot of data, which does not belong to them. This is one of the costs of decentralization. Instead of one central point of failure, each peer does the job of that centralized server, which means, each peer has to handle his own traffic, and also the traffic that is only passed to other peers, but never displayed.

Which means, if you want to hide your payments, you need a full node, which will send and receive transactions, made by other people. And the same is true in case of decentralized forum: you would need to send and receive posts, written by people you don't like, or don't care about (or a significant portion of the network would need to do so, because there should be enough full nodes, to handle all SPV clients).

And for many legal reasons, it is highly encouraged to encrypt data-related things. In case of payments, public keys and signature nonces are considered to be random (and they can be batched in the future, if too much data will be posted). But in case of cloud storage, encryption is a tool, to not be legally responsible for the content, that is passing through a given node.

1. It was harder, and more expensive in the past. Now, there is a ready-to-use tool, called Ordinals client, which will make that easier, than it was before.

2. It was done in the past. There were at least links, but in some cases, there were some encrypted images.

3. Rule 34, and Rule 35 applies here as well:


And of course, a fully-decentralized cloud storage, will also have it. But with sufficient moderation, and a good blacklist, and whitelist, it is something we can deal with. Take mailing list for example: it is moderated, so such things are not posted there, even if someone could send it.

Of course, for that reason peer-level-moderation is needed. Which means that yes, some content can be removed, and even should be removed. And who should do that?

1. Your own node. If you notice something ban-worthy, then you remove it from your node.

2. Your trusted peers. And by "peers", I don't think about your direct P2P connections, here and now, but rather the list of public keys of some unknown posters, which historically were good moderators, and which you decided to trust to some extent, to not be exposed into some very bad content. If someone would post naked photos, it is enough for one moderator to see that, it doesn't have to be shared with every node, if you trust that moderator. And you can still download that by default, if you decide to do so, you just don't have to watch that by default.

Which also means, that some unwanted messages will be probably relayed, but not displayed, if you choose to not display it. In this way, nothing will be "banned" (unless you, as a P2P peer, decide to drop a particular message, but then others may choose to broadcast it anyway).

So, when it comes to "banning" and "censorship", it is a different matter in decentralized forums. Because there are different kinds of ban:

1. Display-level ban: just a regular moderation. You decide to not display it. Or one of the "peer-moderators" you picked, decided to do so. But the message is still broadcasted over the network.

2. Relay-level ban: moderation enforced only by your node. It is similar to not relaying transactions below 10 satoshis per virtual byte. Your node can decide to do so, but others can pick some different rules.

There are other possible bans, but those two are the most common, if the network is used as intended. Which means for example, that you don't reuse public keys, and you don't know, who posted which message (unless you know master public key of that person, but even then, you can never be sure).

Yes, a simple GPT-like program is enough. But not to generate the content: that's what Newbies do. It can be used to alter it, and change the style, just a little bit, here and there.

This is possible, but hard to do in practice. And it is more natural to share the same interests with your friend/brother/whatever, than pretend, that "I never heard of UserName". And also, sometimes you want to reply as UserNameOne, and sometimes as UserNameTwo. It is easier to share similar topics, if you want to do that, because then, you can reply to yourself, and bump the topic, while staying "within the rules".

It is easier to find some online account with a low rank, and send a PM, with the content to be posted. There are more than enough people willing to do so. They can keep their merits, because content creators, which are smart enough, are usually Legendary (or would have that rank, if all of their posts would be submitted from the same account). And after being Legendary, what is the point of using the same account? It is more profitable to boost some alt-accounts, and it is better for privacy. And note that having alt-accounts is allowed.

Of course not. He would pick two or three posts, each written by the same person, but posted by different alt-accounts, and will submit that in his merit source application.

No, because if it would be treated like that, then every time when somebody would ask a question, that already was answered by someone else, people would be forced to link into that, and stop elaborating about the details, or adding anything new.

For that reason, having alt-accounts is not punished. First, it is good for privacy. Second, it lowers your rank, and your merit counter, because it is splitted into N different accounts, instead of being joined into one account. And third, it is hard to enforce, if you are talking with a smart would-be-Legendary, that is splitted between five Hero-Members, a bunch of Newbies, and me, who posted it. And it is even harder to notice, if all accounts use Tor (and bridges or public WiFis, to create an account for the first time).

Also, for the same reason, sending merits to yourself is not punished (because yes, if you want to build a trustworthy alt-account, then you also have to do things like that, and "waste" some merits in the process).

It depends on the content. If you would normally post the first part from your first account, and you would edit your post, by appending the content of the second post, to a single one, then the publicly shared content would be the same.

Which means, this:


Is equivalent to that:


But sometimes you want the former, and sometimes the latter. And you need some alt-accounts, to avoid double-posting. Also, those accounts are useful, if you want to disagree with yourself, because some people cannot understand, that it is smart to learn from your past mistakes.

I can give you the name of that manager, and maybe even link to his merit source application, where he picked some of my alt-accounts in his 10 posts, but I wonder, if I should do that publicly. By the way, he is not that bad person, to deserve such fate. It is rather a confirmation, that I separated my accounts properly.

Of course. The smarter you are, the more power you can gain.

You are talking with one of them right now. But obviously, he is using some alt, to post it, and some Newbie agreed to copy-paste this content, without even reading it, and is now waiting for some merits. I think he could be disappointed, but there are many people, willing to post my content.

It is not that hard. Some moderators will be probably unhappy about this offtopic, in a topic about mixers. But I will reply anyway: if you want decentralized forum, then you can just create Merged Mining sidechain, with merits, expressed as coins, with accounts, expressed as public keys, and with the forum history, that would be possible to download by each "forum full node".

You can do that, if you want to. But note, that it will bring you more problems, than you can expect. Some people tried "decentralized cloud storage" or "decentralized code repository". Even "decentralized chess" or "decentralized poker" was here and there. But those solutions has their drawbacks, and by having a simple, centralized forum, you can avoid some of them. As long, as your "experiment" will not be pushed on-chain, as Ordinals are, it is fine, and I can even join your project. Good luck.

It doesn't need administration. But it always needs moderation. It can be done by each participant separately, then you have something like signet, where each node can decide, which post is worth reading or not, by signing blocks (to prevent spam), and by giving merits (coins) to encourage good posters, and to ban bad posters, on a protocol level.

But of course, if you want to make it popular, you will also need browser-like functionality. Which means, some clearnet page, that will act like a SPV node, is highly recommended. And in that specific place, you can have any administration you need. But in a pure, decentralized world, it is optional.

First, you use Tor. Second, there is no mod or admin, that acts globally. Everyone has an ability to pick posts, which are worth sharing, and then, people naturally follow someone, who provides a good content. Which means, each node will act as a peer-moderator, and you simply connect to the one, which you want to read content from.

But of course, the final outcome of such model, is not "better" or "worse", than what we have today. It is just different. And, similar to Bitcoin, if you want to increase your privacy, then you reserve some resources, like bandwidth, to handle the traffic, that you are not interested in, but you process it anyway, and share with other nodes. Or you can use SPV node, but then, some full nodes are needed, to keep that network alive.

True.

The second one is the problem. The first one is easy, for example the model I described, was tested to some extent. But if you join any fully-decentralized network, then you should know, what are some drawbacks. For example, if you use Tor, you should know, what is the dark side of being anonymous, and how some people can misuse it. And you can read, what happened with Omegle, where it was possible to talk with strangers. The human factor is the biggest issue here.

Because originally, the first month was March, when Spring begins. And then, having February as the last month, with less days, was not an issue. But it was moved two months back, for historical reasons.

Even more than that: there were calendars, where each month had 30 days, and there was "5 days tail", where people believed, that it is some kind of "Friday 13th", but longer.

No, you download posts, like every other transaction. But yes, having "blockchain for cloud storage" is not that cheap, as having "blockchain for payments".

Do you know, how to spend "OP_SHA256 OP_CHECKSIG" TapScript? Is it spendable at all?

As far as I understand, it requires "<signature> <message>" as an input. And then, the hash of the message could be converted into x-value of the public key. However, after reading CAT and Schnorr Tricks I, it seems it could be possible, if the "<message>" would contain for example "HASH(G||G||txdata)".

Also, because any "<signature>" is just a combination of "<r,s>" values, it could be a combination of "<r1+r2,s1+s2>". Which means, it may be possible to create separate signatures upfront, and then join them in this way, just by tweaking some values. What do you think? Do you have any ideas, how to spend that TapScript?

Why do you think so? Lightning could work even on P2PK, if there would be no routing. Note that if you multiply a public key by a private key, then you can reach 2-of-2 multisig on a P2PK. Here is how: https://duo.com/labs/tech-notes/2p-ecdsa-explained

Also, there was a thing called "payment channels", that existed long before Lightning Network was even invented. See this page: https://en.bitcoin.it/wiki/Payment_channels

Note that if you have a payment channel, you don't have to add routing to the whole picture. Segwit was needed only because of routing, if you remove routing from LN, you can implement it on any address type you want, even P2PK.

You want to bring back something called "coinage"? This is a good idea. Some page about that: https://en.bitcoin.it/wiki/Miner_fees#Priority_transactions

Which means, instead of the current, flat "satoshi per byte" model, we could have "priority" instead, and allow cheaper transactions, if some coin was not moved for a long time.

Yes, this is a good approach. For example, they could just implement something like CoinJoin. Because mixers are banned, but CoinJoin is allowed.

Because the main issue is not mixing per se. It is the way they are taken down. Which means, even if you have a mixer, you can still advertise it, if you for example don't control the coins, but you only provide a market for mixing (like JoinMarket or any other CoinJoin).

I think indirectly, but it is. What about tipping the waiter?

Note that the code can do a lot of good things. Which means, it is possible to write some code, that will allow transaction joining, and sending it later in a batched version to the network. And note that even though this kind of service meets the definition of the mixer, it is still allowed by the rules, if you don't control the funds of your users, or if you can meet any other condition, listed by theymos. There are many ways to do that.

This is strange. You don't support Ordinals, but you support Satoshi Dice? Why? One kind of spam is acceptable, and another kind of spam is not? Because yes, if your model pushes more data on-chain, instead of pushing less, then it can be considered as a spam.

The real solution is to make transactions smaller, not bigger, and to make less of them, not more, while preserving coin flow. Which means, if you have Alice->Bob->Charlie, then making Alice->Charlie transaction is better, because then Bob can gain more privacy, if he needs that. However, expanding it into Alice->Dice->Bob->Dice->Charlie is not going to help anyone, it will just raise the fees for everyone (unless you introduce difficulty-like adjusted maximum block size, but then what would stop mining pools from abusing that, to store their Ordinals, or even to push altcoins on-chain, wrapped into bitcoin UTXOs?).

I think banning mi*ers is a very good move. Why? Because now, if it will be forbidden, then people will double or triple their efforts, to mi* their coins properly. If it would be allowed, then nobody would care, and centralized mi*ers would raise and fall again, and again.

But now, the situation is different: if people will be punished for advertizing mi*ers, then they will post some pictures of kitchen robots, they will use Lightning Network, they will use Silent Payments, maybe cut-through or Full-RBF, and the whole situation will improve after all.

For that reason, I think even the word "mi*er" should be censored, that would drive more people mad, and maybe accelerate some ideas even further. Also, censoring that letter in the middle, makes it similar to the word "miner", so it will give an excuse, that "we are only talking about miners, not mi*ers".

And also, I need more kitchen robots, so keep posting them, maybe with some recipes for Christmas dishes.

If it would be "core coded", then there is a risk, that some other people would still maintain the old version, and users would land on that, because they were taught about backward-compatibility, and a lot of people believe in that. Which means, if anyone (including "core") would try it, then they could reach the same fate as BCH.

Also note what happened with ETH: they did a hard-fork, and the community splitted into ETH and ETC. Here, it could be the same outcome, but there is no guarantee, that the "core coded" version would have the same fate as ETH, and not ETC. It is unknown, until it happens, but then it is too late to change sides. By the way, ETH, as well as many other altcoins, could create so much hard-forks, only because users were used to it. By doing that on BTC, some people could consider "it is not the true core anymore", and form their own team, maintaining the old version. And guess what: the community, used to soft-forks, could then follow them, instead of following "the core, which behaves differently than in the last N years".

The reason is quite simple. If you don't want bigger blocks, then tell me, what should I use instead, here and now, when fees are high, and will be higher soon? So far, I simply cannot see a better solution. And I guess, when fees will be higher, then you will see more people, complaining about it on forum. And what are you gonna tell them? To use some altcoin, because Bitcoin cannot solve its own issues, and is not ready for world-wide adoption? Good luck with bringing new users with that approach.

Duh, you mean x=1? You want to remove it? Then, just do that. Which means, if you want to replace "x*rr" with "rr", then the conclusion is simply that "x=1".

Seriously: if there would be a way, that would mean ECDSA would be broken. So, your question could be simplified into "is there another way to break ECDSA?".

And the answer is also obvious: if there is no way, then nobody will tell you, how to do it. But if there is a way, then anyone, who will know the answer, will simply hide it. The incentive is just too big.

Which means, in both cases, the answer is "no, you cannot do that".

Hmm, nChain? It sounds like BSV. Also the word "patent" could mean "please don't implement that, or we will sue you".

By the way, this is nothing new. It existed in the past, but it was just not standardized: https://en.bitcoin.it/wiki/Payment_channels
See? The page from my link existed since 2016. And I guess on bitcointalk there could exist some even older topics about that.

Interesting. For example, it could be used as a reward, to reveal the private key to some address, for example to 120-bit and 125-bit puzzle:
Input script: "<sigS>"
Output script: "OP_TOALTSTACK <puzzle120> OP_DUP OP_FROMALTSTACK OP_CAT OP_SWAP OP_CHECKSIG"
Execution:

Yes, of course. The only thing I pointed out, is that he used software with Japanese language version, including his IDE, and his Operating System. And this alone is a huge hint, even if you finally conclude that he was from California, London, or other place. There is no contradiction. Also note that Satoshi used Tor, and even when it was not the case, he still might use private servers, to run his nodes 24/7 (yes, nodes, because you need more than one if you want to test anything, and you need at least two, if you want to start mining).