[2022.08.05: NSA, NIST, and post-quantum cryptography: Announcing my second lawsuit against the U.S. government.]

Hot on the heels of one of the shocking sudden demolition of one of the most promising post-quantum key agreement algorithms...

• Popular news article:  2022-08-02:  “Post-quantum encryption contender is taken out by single-core PC and 1 hour”.  Ars Technica.
• Cryptographic research paper:  Wouter Castryck and Thomas Decru.  “An efficient key recovery attack on SIDH (preliminary version).”  2022-07-30: received; 2022-08-05: last of 2 revisions.  https://eprint.iacr.org/2022/975

...we find this:

2022.08.05: NSA, NIST, and post-quantum cryptography: Announcing my second lawsuit against the U.S. government. #nsa #nist #des #dsa #dualec #sigintenablingproject #nistpqc #foia

BERNSTEIN v. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (1:22-cv-02319)
https://www.courtlistener.com/docket/64872195/bernstein-v-national-institute-of-standards-and-technology/

DJB’s blog summarizes the history of NSA sabotage of cryptographic standards.  He describes the atrocious state of the NIST post-quantum cryptography standardization process.  He concludes:

I've filed seven FOIA requests with NIST since mid-2020. NIST has released a few dribbles of information, but in general NIST's responses have been very slow and obviously not complete.

For example, I filed a FOIA request in June 2021 asking for "copies of all NIST records of communication between NSA and NIST regarding the NIST Post-Quantum Cryptography Standardization Project". This request has, so far, produced zero records. NIST has stonewalled, ignoring the FOIA deadlines.

My seventh FOIA request, in March 2022, said the following:

Analyzing NSA's impact on this project will require not just seeing NSA's communication with NIST, but also tracing how NIST's decisions were made and analyzing the influence of the information that NIST received from NSA. If each step of this analysis requires dealing with another round of stonewalling from NIST then the analysis will obviously not be done in time to help the public make safe decisions regarding post-quantum cryptography.

NSA's documented history of sabotage, along with its evident sway over NIST, makes NSA's influence on NIST a high priority to review, but it also seems likely that other entities have also been trying to sabotage NIST's process. As far as I can tell, NIST has no procedures in place to prevent attackers from influencing the project through pseudonyms, proxies, etc. Anything short of a full review of project records could easily miss evidence of attacks.

Even without sabotage, getting cryptography right is challenging. Public review has identified security flaws in dozens of submissions and has identified many errors in the limited additional information released by NIST. Having NIST keep most of its analysis secret is a recipe for disaster. Given that NIST promised to be "open and transparent", and recently claimed to have "shown all our work", it's hard to understand why the full project records aren't already available to the public.

I asked for the full NISTPQC records, and for "all records of NIST/NSA meetings mentioning the word 'quantum', whether or not NIST views those meetings as part of this project".

NIST has produced zero records in response to this FOIA request. Civil-rights firm Loevy & Loevy has now filed suit on my behalf in federal court, the United States District Court for the District of Columbia, to force NIST to comply with the law.

Good luck to Professor Bernstein here.

[That is wrong in fact. Not a matter of opinion.]

It’s sad when people who don’t understand Bitcoin try to explain it to those who have been in it for much longer.  It is repulsive to see one of Bitcoin’s founding principles smeared as “an idea built by influencers and speculators in the last years”.

Escape the arbitrary inflation risk of centrally managed currencies!  Bitcoin's total circulation is limited to 21 million coins.

I am not citing Satoshi as an authority, but rather, to rebut the ridiculous misinformation that Bitcoin’s anti-inflationary policy was “an idea built by influencers and speculators in the last years.”  That is wrong in fact.  Not a matter of opinion.

Correct information now gets its own thread, to avoid being buried in a spam megathread.  This issue is too important to let correct information be buried by the low-value posts of sigspammers.  If you want to complain about something, complain about paid signature advertising; and lobby the Bitcoin Forum administration to ban paid signatures.  Are those the purpose of Bitcoin, or a later idea by something tantamount to “influencers and speculators”?

[Always verify digital signatures!]

Always verify digital signatures!  I said “signed,” so I signed my words.  To extract the PGP-signed statement:

Code:

exiftool -b -ImageDescription taleb_fraud.jpg > taleb_fraud.asc

Please feel free to copy and share—although unfortunately, many services will strip the signed statement from the image metadata.

The original text of OP is now moved to Post #2, with my apologies to those whose quote-links are now slightly off.

[A.]

A.

For years, I have had many questions raised about my possible usage of alternate pseudonyms.  Some are possibly true; some are definitely false.  As a matter of personal policy, I refuse to answer any of them:  I neither admit nor deny.  I do not acknowledge my alternate pseudonyms, unless I have a positive reason to do so; and I do not deny alt accusations that are actually false.

When I have done nothing wrong, there is no reason for me to invade my own privacy by admitting to the ones that are true.  If I were to deny any of the ones that are false, I reasonably expect that I would then be accused of lying about it—indeed, I would be placed in a classic Kafkatrap whereby denial is taken as evidence that the accusation is true.  And selectively admitting or denying some would reduce my anonymity set for others, by process of exclusion—in essence, by partition-attacking myself in the manner further described below.  The wisdom of my policy is well-considered.

B.

This forum was founded by a pseudonymous cypherpunk Tor user, who called himself “Satoshi Nakamoto”.  However, the forum has accreted a self-appointed clique of vigilantes who delight in hunting for real or imagined alternate pseudonyms.  They demand answers to questions they have no proper cause to ask—and in the manner of an inquisition, they accuse people of dishonesty for any answer other than a confession.

Denial means that you are lying.  Refusal to answer equates to denial, which means that you are lying.  Ignoring all questions on grounds of none of your business equates to lying.  The bare fact of using an alt results in accusations of being a so-called “fake newbie”, even when no attempt is made to pretend that one is an actual newbie.

My own experience has left me wondering:  What would happen, if “Satoshi Nakamoto” were to attempt returning to his own forum under an alternate pseudonym?

To avoid any suspicion that he was a so-called “fake newbie”, he would need to play dumb about Bitcoin—thus rendering any engagement here a waste of his time and energy.  It would probably be obvious that he was a knowledgeable Bitcoiner, with long experience.  Those who relish outing pseudonyms and violating others’ privacy would give him no peace.

He would surely be harassed with alt accusations—many alt accusations, many of them false.  He would be unable to deny any of them:  Denying the false ones would set him up so that if he were ever asked, “Are you Satoshi?”, then refusal to answer would be an admission.  And ultimately, he would be unable to avoid ever giving even the slightest suspicion that he may be Satoshi.  He would be the same actual person, with the same style and the same substance.  It would probably just be a matter of time before he was hit with that dread question, “Are you Satoshi?”, or with public speculation that effectually outed him.

Satoshi could not afford to risk it.

C.

In 2020, a high-profile forum member suddenly vanished:  Lauda said goodbye.

There has been some unreasonable speculation that she may return under an alternate pseudonym.  There have even been some ridiculously stupid assumptions that she must.  This has left me wondering:  What would actually happen, if she were to try it?

First, she would be tagged as a “fake newbie”.  There would probably be demands that she disclose her “main account”.  And she could not reliably conceal the style and substance of her personality.  She attained fame as Lauda, because she has a unique character and rare abilities.  If she were return under another name, she would still have the same character and the same abilities.

Not if, but when someone sooner or later suspected her of being who she actually is, clueless idiots and trolls would demand that she acknowledge being Lauda.  If she refused to answer, then she would be accused of dishonesty—of dishonestly denying what she neither admitted nor denied.

It is likely that she would also be accused of being other people who, in fact, are not her.  She could not deny those accusations, either:  If she were to deny them, then her real identity could be discovered by process of elimination.  It is a bruteforce partitioning attack:  Accuse someone of being everyone they could plausibly, or even not-quite-imaginably be, and then see which accusation she doesn’t deny.

Why ruin one’s own privacy by destroying one’s own anonymity set?  It is very foolish to deny false alt accusations.  Tenfold so, when truthful denials are also stereotypically met with accusations of lying.  Any policy other than “neither admit nor deny” is shooting oneself in the foot.

Yet even if she took a firm “neither admit nor deny” stand to all questions, it is probable that sooner or later, she would nonetheless be outed as Lauda.  And then, she would also be falsely accused of dishonesty for refusing to admit or deny that she was Lauda.  Until then, she would be accused of dishonesty for refusing to admit or deny false accusations connecting her to random accounts.

She could not afford to risk it.

D.

Some discussion venues have an administrative policy forbidding more than one account per individual person.  The policy is of arguable value; its merits depend on the particulars of the venue.  In some cases, it may make sense.  Here, it wouldn’t—here, on a forum founded by a pseudonymous cypherpunk—here, on a forum where the administrator has sometimes banned people for doxing him in violation of forum rules.  This forum has a high expectation of privacy, and an explicit tolerance of NEWNYM.

An administrative restriction of one account per individual is entirely different than a self-appointed clique of vigilantes, who feed their own egos by trying to out people for no reason.

For the most part, the latter are also hypocrites.  Most of them operate under a pseudonym.  Some of them claim that alternate pseudonyms should be explicitly acknowledged.  But they themselves neither disclose nor acknowledge their “real life” identities—and they probably don’t disclose their forum pseudonyms to people who know them by their “real” names.  Moreover, it is reasonable to presume that most of them probably have alternate pseudonyms in other Internet venues, which they do not disclose here.

The word “pseudonym” literally means “false name” (< ψευδώνυμoς, < ψευδής + ὄνoμα).  For anybody who ever uses a pseudonym without full disclosure of identity, it is dishonest to criticize the use of multiple unacknowledged pseudonyms.

Some critics of pseudonymity do not commit this dishonesty.  For example, Vod openly publicized his “real name” and physical location; he doxed himself on his own website, linked from his forum account.  I disagree with Vod on this issue, for other reasons; but at least, he was honest and consistent in his opinion about it.  Those who do not self-dox are self-serving hypocrites when they unreasonably pry into others’ use of multiple pseudonyms.

Regardless, everyone who is categorically opposed to unacknowledged multi-account pseudonymity creates a culture that forbids Satoshi from returning to his own forum.

E.

Do you wish that Satoshi should be able to return to his own forum under an alternate identity?  If you imagine that he has, then you have not considered the realities described above—but do you dream that he should be able to, if he is still alive?

Embrace privacy culture!

Don’t ask questions about others’ pseudonyms, much less demand answers, unless there is is a strong reason such as evidence of fraud based on the usage of multiple identities.

Do not thoughtlessly speculate with a total lack of discretion.  If you must chortle to yourself over what you suspect is some neat little discovery, at least have the decency to be subtle about it.  I do as I say, here:  I have noticed some things I kept quiet about, and only discreetly inquired out of curiosity in PM if e.g. someone outed his multiple pseudonyms on a different forum.

Make reasonable use of alternate identities yourself.  And don’t abuse them:  Do not sockpuppet, scam, troll, or evade bans!  Do not buy and sell accounts, which is the conveyance of false reputation.  Just feel free to compartmentalize your public activities according to the subject matter:  Pick a new name, hit the NEWNYM button, and make yourself a new forum account.  This is life in cypherspace:  It is the cypherpunk way.

Have a health problem you want to discuss?  Confused by an abusive relationship with a manipulative psychopath?  Suffered a very embarrassing financial wipeout with a margin account?  Got a harmless but unusual kink?  Want to talk altcoins, without being insulted and ridiculed by your buddies in the Wall Observer?  (Now, that’s kinky!)

More importantly:  Do you have solid evidence of wrongdoing by a DT member?  Not dumb trolling with bare accusations, much less with empty insults:  Evidence.  On a forum where the “DT gang” is real, and shooting the messenger is customary, bringing a strongly-evidenced accusation against a DT member is more controversial than all but the most marginalized political opinions.

Most importantly in principle:  Do you have any controversial opinions?

This is privacy culture and freedom of speech:

I don't have a problem with alt accounts as long as they're not used for evading bans. If you're hesitant to say something controversial because you don't want it to be associated with your name, please create an alt account and say it.

Italics are theymos’.

Do it for yourself.  Do it on principle.  And do it for Satoshi.

It is useless and meaningless to say that anyone who suspects a Satoshi sighting should keep quiet.  The only theoretical possibility for Satoshi’s secret return is a social norm, a community nomos, that makes it taboo to speculate on alternate identities or “main accounts” without adequately strong reasons for asking.

If we had such a strict taboo here, then maybe—just maybe Satoshi could risk popping up with an alt account for a little chit-chat with us.  Of course, we would never know it; the whole point is that we would never know it.  But at least, such a thing would be possible.

As it stands, it is impossible.  Satoshi would only try creating an alt here, if he were a total fool.  Satoshi was not a fool.  Therefore, I am morally certain that Satoshi has no alt accounts here on the forum that he founded.

And that’s sad.

SAD. 😿

[User:]

User: Dabs #54791 (trust)

These are excerpts of Personal Messages that I received from a user who has made a career of running allegedly charitable collections, and who runs an escrow business:

Done! Okay, that will be 10 bitcoins.

Cheers!

Just kidding, LOL, but .... since you PM'd me already, short of begging, perhaps you can send some financial assistance my way?

But i'm not really, I already have a job and trying to get in on another campaign as the last one just died on me, and there are just so many bills to pay, and I lost 95% (maybe more) of my coins (they were in alts, so yeah, everything crashed huh.)

That gets harder if you got a wife and three children you have to take care of, moved to different country, and have no other social support. Anyway... we'll figure it out.

I don't usually beg either, haven't had to in 30 to 40 years, so ... but if times are dire, ...

Atop the begging, Dabs is outright lying.  This is an excerpt that of a beg-PM that, upon information and belief, Dabs sent an awful lot less than “30 to 40 years” before February of 2020:

My stack is significant... but won't let me buy a ship like that .... yet

Hey there, hello fellow Wall Observer thread poster ...

How significant is it for you?


For me, I've lost everything since last year, but somehow managing to survive ... it's not easy.

I am hoping against hope that maybe perhaps you'd like to help those less fortunate than you.


Dabs

P.S. I don't know if you've read my little story here the past few months.

More recently, Dabs had someone publicly begging on his behalf in the Wall Observer:

archive.ph, Wayback:

[...]

You could donate it to Dabs if you don't want it. As he told me, he is in an uncomfortable financial situation and could use any and all help. Maybe WO should help him out?

Following OP, this thread shall begin with the following posts:

• Post #2:  My full, unedited PM exchange with Dabs in February 2020.
• Post #3:  Full quotes of the most relevant public form posts from 2022, which are briefly excerpted above.
• Post #4:  Reserved to gather any further evidence that may arise.
• Post #5:  Reserved for my conclusions.  Blank for now; I want to see what other evidence may develop, before taking any trust system action.

In February of 2020, I debated whether or not I should immediately publish these PMs.  I was reluctant to do it.  I decided that I didn’t want to ruin Dabs’ reputation over what may be a one-off, grossly uncharacteristic, ridiculously weak moment.  I felt soft-hearted.  That is always a mistake.

After Dabs’ other known begging came to my attention, I awoke my account on 2022-06-29 primarily because I could not in conscience let this matter rest.  (I waited until 2022-06-29, the beginning of a new activity period, because I wanted to go back to sleep without raising my activity by more than 14.)  I have still procrastinated on dealing with it.  I cannot put it off anymore:  Every day, people are trusting Dabs for both charitable and business purposes without being informed about his sneaky begging on his own behalf.

I encourage anyone else who has received any Dabs begging PMs to post them in this thread.  Same as for any other relevant evidence.  The community has a right to know about this.

Don’t think of Dabs:  Think of the poor, starving children on whose behalf he purports to collect charitable donations.  The community, and Dabs’ donors, should have such information available to analyze and to draw the appropriate conclusions.

Rarely would I ever encourage a big dump of PMs.  In this case, I believe that it is not only justified, but imperative—an ethical necessity.  As a separate issue, I should remind everyone upfront that there is no forum rule against publishing PMs; you will not get in trouble with forum rules for coming forward to inform the public here.

Re: Publicly posting PMs

There is no restriction against it. PM = Personal Message, not Private Message.

[Draft/pre-alpha preview:]

Draft/pre-alpha preview:  Not yet set up, for the reasons stated below.  I want to get a link set up.  If interested, please bookmark this, and check back later.
Skip the Nullian verbosity:  “Shut up and take my money!”
This page will have addresses for BTC, ZEC, and other currencies, plus a PGP-signed list of the same addresses.
Do you appreciate my writings?  Do you think that I should be rewarded for what I have contributed in the past?  Do you wish to encourage me to contribute more in the future?

I have always refused paid signature campaigns, despite having been personally solicited with some lucrative offers in 2018 and 2020.  My posts are not made for the purpose of paid advertising.  Moreover, I fiercely guard my independence.  I will never allow money to influence my opinions—and I will never allow fear of not being paid to inhibit me from taking a controversial stand.

I want payment only from those who genuinely appreciate me.  I promise nothing but to be myself:  “Nobody”.  In particular, I will not let desire for tips (or fear of upsetting potential patrons) influence my opinions.

If you dislike my protest against a world full of shills and sellouts, then please feel free not to send me money:  I do not ask nicely, for I do not ask at all.  Otherwise, I will treasure your tips:  I respect those who will respect this message.

Rather than place a tip address in my signature, I create this thread as a linkable webpage with more information than will thereby fit.  It will be self-moderated, and usually locked.  Please do not attempt to reply here.  Local rules:  Any replies may be deleted.  I think that’s appropriate, because no contractual exchange is hereby offered; this thread is only an appendage of my signature, in lieu of a more garden-variety tip address.

Bitcoin

I am attempting to work out some better means of accepting tips without publicly exposing tip transactions, and without address reuse.  If/when Silent Payments become available, I may use that here.  In the future, perhaps I may set up a server for dynamic acceptance of tips.  Meanwhile, I will simply “LOL” at the destruction of privacy, and switch this to a fresh address from time to time:

[Bitcoin address and QR code—oh, dear, do I really need to put out another address that can be watched and tracked by blockchain spies?  Yes, being fed up with a lack of privacy is making me procrastinate on giving people a way to send me money.  Sorry.  It is 2022.  Why does this problem still exist?]

If desired, you may also encrypt ChipMixer vouchers with my PGP key.  Those are essentially bearer certificates.  Send same by PM or e-mail.

Zcash

I was awaiting Zerocoin for Bitcoin since 2013.  Accordingly, I have been a Zcasher since Sprout.  Zcash is a great way to tip me without any worries about privacy, address reuse, and so forth.

For this purpose, I am trying to get a new, long-term Orchard wallet set up just the way I want.  The issue is currently being discussed in appropriate venues.  I delayed making this thread for too long, awaiting a solution for my issue.  To be resolved.

Other Currencies

Some other alts—to be added.  Preferably things that can be used to buy BTC. 😺

PGP-signed list of addresses

Don’t get scammed!  The following statement confirms my ownership of the addresses listed above.  It is signed with my PGP key.

Code:

[Draft with no addresses:  This space is intentionally left blank.]

[Flag #2737]

Flag #2737
User: #2693768 “UpAgain” (trust page)

Current snapshot of post history (snapshot is missing items deleted by moderators, as noted below):  https://archive.is/z4577

Summary:  This user has been making wild and self-contradictory claims about his own wealth, while he solicits money from people in multiple ways that are consistent with common scams.  His recent history is a bountiful bouquet of concrete red flags of a high risk for trading; I will simply gather the evidence in one place here, and let it speak for itself.


This account “woke up” at 2021-04-23 04:16:53.  Thereupon, he claimed to suffer a mental illness caused by the market crash–and then claimed that he was a “whale”, claimed that he caused the market crash, and claimed to have $90 billion worth of BTC.  Note that the primarily pertinent thread appears to have been wholly trashed by the moderators; please use the below archive.is links or the Loyce.club scrape.

Bitcoin Forum > Other > Off-topic > I am diagnosed with severe PTSD
https://archive.is/NVe0O#selection-397.0-480.3

Market crash caused me severe PTSD Doctor  prescribe dme Zoloft and I do EMDR treatments.
Hope things will get better.  

Bitcoin Forum > Bitcoin > Bitcoin Discussion (Moderator: hilariousandco) > I am a bitcoin Whale
https://archive.is/sTLwd#selection-389.0-479.61

Whenever I sell my BTC prices drops 12% and you all panic sell. Then I buy cheap.
This is how it has been working for me and how I make money.

Nice timestamps there.  Does your allegedly diagnosed mental condition have psychotic features, or is this supposed to be therapeutic, or are you trying to make some sort of a satirical statement?

What is with other posters who do not know how to check post history on a Newbie account claiming to be a whale?

https://archive.is/OwqO8#selection-5135.0-5263.91

How do I make all of the other idiots here READ THE THREAD so that they see the obscenely obvious thing that I posted a few minutes ago?

/thread

I had 100Billion and now I have only 90Billion I still have PTSD. 10Billion is not a joke.

He then claimed that he is starting his own altcoin...

Bitcoin Forum > Alternate cryptocurrencies > Announcements (Altcoins) (Moderators: mprep, Welsh) > I open my cryptocurrency
https://archive.is/e0rfb#selection-409.0-503.18

hello i launch new crypto on 30/4 please join my crypto? how much mony you put in my coin?

Name coin: Saevus (SAE)


This is the future

...and started seeking a BTC loan on dubious terms.

Bitcoin Forum > Economy > Marketplace > Lending > Looking for 0.1b BTC loan give 0.2 BTC after 35 days
https://archive.is/m6xcz#selection-395.0-495.34 (Some earlier and later archives are available; OP appears to be unedited, but click the prior/next links if desired.)

Looking for 0.1b BTC loan give 0.2 BTC after 35 days



Collateral : I give domain of my website i have web make 3k every month easy.


Btc adress:
35uipAgEzS2E7CQN5Q4edrPaeCuvZKF8v5

Just in the foregoing, he hit 2 of the 3 most common scams that I have seen on this forum—but he does a terrible job of it, while he makes absurd claims about himself.  Either he is trolling whilst waving around a BTC address (as I recall having seen another account do a few months ago), or he is just plain scamming.  Either way, the risk is obvious; and people would be well-advised to exercise extreme caution in dealing with this account.

[Note to moderators: Yes, this post is really about Bitcoin. It is a satirical meta-commentary on Bitcoin’s value.]

Note to moderators:  Yes, this post is really about Bitcoin.  It is a satirical meta-commentary on Bitcoin’s value.
TL;DR:  Bitcoin is dead.  It has died so many times that it is extremely dead.  It is too good to succeed, or even to survive.  In this world, the bad wins over the good; therefore, you should buy the worst coin of all:  Yacoin.


Bitcoin has a problem:  The Core developers take things too seriously.

They cannot, must not drop a trillion dollars in value on the floor.  They must not break the network.  Bitcoin is now so big that a major technical flaw could cause a mass economic catastrophe.  Core must be maintained as the safest, most secure, most reliable financial software in the world.  All code gets reviews, more reviews, and yet more reviews by scary-smart crypto-geniuses.  Core’s process is a masterpiece of open-source software engineering; and the code is accordingly good.

As a result, Bitcoin is boring.  Sure, its reference implementation is safe to trust with the world’s money.  But who cares?

I had a moment of enlightenment when Dogecoin recently spiked.  For you see, last year, I had considered buying DOGE at 25 sats.  Doing my due diligence, I examined the state of Dogecoin development.  I found that both the Doge full node and the “official” light client were essentially abandonware; and Reddit was full of complaints about bugs.

Only an idiot would trust the DOGE network with nontrivial, non-toy amounts of money.

It’s ok.  DOGE started as a joke, right?

Then, of course, Elon Musk tweeted; and,—BOOM!  Of a sudden, idiots were trusting billions of dollars to a cryptocurrency run on bug-riddled abandonware.

This is PROOF that Dogecoin is superior to Bitcoin.  For you see, so-called “humans” are merely hairless monkeys who have inadvertently learned to talk.  They do not care about facts, logic, or basic competence; they care only about the meme.  Doge has a cute meme.  Therefore, Doge = MOON.

Now, I have discovered an even better meme:  The power of human stupidity.®  It is best exemplified by Yacoin.


Yacoin’s code is worse than Doge’s.  Much worse.  It is so bad that according to a Yacoin supporter, Yacoin lacks exchange listings because exchanges are unable to run Yacoin nodes.  Yes, it sucks just that much!  Therefore, it is the best.

Consider the following PROOFS that Yacoin beats Bitcoin as an investment.

0. Confirmed maths:  A price of “N/A”, “NULL”, or “NaN” can only improve!

Yacoin does not have zero value:  It has no value, because it has no market.  Therefore, if it attains any value at all, that will be market performance of >∞% ROI.  I mean, what can you multiply by NaN to get a number?  

1. Yacoin is Bitcoin^Ethereum!

Yacoin combines aspects of Bitcoin and Ethereum development processes.  Therefore, I expect its performance to be Bitcoin exponentiated by Ethereum:

• Bitcoin:  Move slowly.  Don’t break things.
• Ethereum:  Move fast and break things.  Because, fuck it:  We want to get rich quick!
• Yacoin:  Move slowly and break things.  The code quality sucks, development has been moribund for years, and the whole thing is riddled with design flaws.  It is so bad that to avoid the impracticality of sync, people are told to download the blockchain from a Yacoin developer’s Mega account, and import it without validation (!).  Trust me.  And its codebase is derived from Bitcoin Core v0.8.6, apparently without further merges from upstream; this means that its development process is even more conservative than Bitcoin’s:  The Yacoin devs keep all the obsolescence of an ancient Bitcoin version, plus all the bugs and design flaws that they themselves added.

Bitcoin Core development is like programming the Space Shuttle.  But Yacoin will go TO THE MOON!


For the foregoing reasons, I may dump my Bitcoin to BUY YACOIN!!!11  Or perhaps, I may simply tell people to send me Yacoin so that I get rich when it moons someday never.  I have not yet decided; and I face the small practical problem that I do not yet have a Yacoin address, because the software is too bad to run.

This thread will be updated with more more reasons why Bitcoin is too good to succeed, and of course, with instructions for sending me the best worst coin:  Yacoin.

TO THE MOON!

Claimer:  The foreging constitutes financial advice, because I like it when idiots lose money.  It is a stupidity tax.  You = bagholder, so go BUY YACOIN RIGHT NOW on its nonexistent market.  Lulz.

Disclaimer:  Thsi post was written buge like doge shit because I am drukn, or pretending to be.

[discrete uniform distribution from a bounded integer range]

Please, stop the superstitious nonsense.  To adapt a classic DJB quote, think about this for a moment:  Whoever uses physical dice or coin flips to generate the seed for a Bitcoin wallet seems simultaneously to believe that:

• An OS kernel’s CSPRNG which is designed by actual cryptographers, who have actually studied cryptography, is insufficiently secure because it is somehow not “truly random”.
• It is secure to use a tiny seed to generate an unbounded tree of pseudorandom private keys in your BIP 32 HD wallet.

“For a cryptographer, this doesn’t even pass the laugh test.”

To generate random numbers for cryptographic keys, Bitcoin seeds, etc., you should use your OS kernel’s system calls for accessing the OS kernel’s random device.  If you do not trust your OS kernel to give you random numbers, then your OS is altogether untrustworthy; you should switch to a better OS before it betrays you, beats you up, and steals your lunch money.

And whatever you do, you should NOT cook up your own ad hoc “random” scheme unless:

• You have spent quality time studying the relevant theory.
• You are not confused by such terminology as a discrete uniform distribution from a bounded integer range.
• You know the basic difference between min-entropy and Shannon entropy.
• You understand the extract-and-expand model of generating secret key material from an input with the wrong distribution; and you know how properly to extract the randomness you need from, e.g., a string of 6-sided dice rolls, or a shuffled deck of 52 playing cards.
• You can point out flaws with other people’s ad hoc schemes on this forum, on Reddit, on StackExchange, in the issue trackers of Github projects coded by people who should NOT be writing cryptographic implementation code...  (Whether or not you waste your time doing so is up to you; but you need to be able to see the flaws.)
• Many other things that I am too lazy to list.

If you do not heed my advice, then you will probably wind up coding some Rube Goldberg style randomness contraption riddled with modulo bias and similar bugs.  You will be fooling yourself with security theatre that results in a false sense of security.  Whether or not you ever suffer negative consequences for this, or by how much, will thenceforth be a matter of dumb luck.

Coders who make their own ad hoc randomness schemes are like kids playing with matches.  If that sounds harsh, well—sorry, but I’m not sorry.  I am warning you not to get burned.


Here lie dragons of terrific complexity, subtle in their souls and heavy on maths.

To understand such things, you need to start by being born with a genius-level IQ, and then study for years.  I myself admittedly have but a bare grasp of these concepts:  I know enough to know how little I know!

In that, I have an advantage over those who have no idea of how little they really know.

If I myself want to make my own randomness from physical sources, here is the plan that I would probably follow:

• Research existing randomness extractors designed by real cryptographers.
• Give up on reading papers that I lack the deep mathematical knowledge to understand, and decide to use the extractor specified in HKDF.
• Ram my head into the maths to try to figure out how best to apply the randomness extractor to my sources of randomness.
• Give up, and use urandom.  Not from laziness, but from sufficient wisdom not to shoot myself in the foot.

HTH.

[It’s Official: We]

It’s Official:  We (TINW) need to start pricing dollars in sats.

As a longtime Dollar Bear™, this has long been fundamental to my mental arithmetic based on proven maths and confirmed science.  Flippen your price quotes from USD per BTC to satoshis per dollar!  It is a radically revolutionary revelatory new way of thinkening.

Just over a decade ago, the dollar was priced at about 400,000,000,000 sats (400 billion sats!).  (This price is based on a guesstimate of how many dollars jercos actually paid for laszlo’s pizzas.)  Around the time that I first joined this forum, I recall that the dollar was hovering around 83,000 sats.  In late 2017, the dollar fell to 5000 sats and then bounced back, with dollar bulls riding high.  By last year, I had developed a habit of thinking of a dollar as being worth about 10k sats, more or less.

Now that the dollar has plummeted to under 1800 sats, what is next?

I expect to see the dollar struggle to hold a price floor around 1666 sats, before it breaks through and falls to the next floor at 1500 sats.  I do expect that in the near term, the dollar has a high risk of falling below 1000 sats.  If the dollar loses half of its current value within the next year, that will take it into the high three-digit range!

If that sounds excessively bearish, just remember that per the above numbers, the dollar has already lost about 99.9999995% of its value as priced in sats.  When the dollar hits 1000 sats, it will have lost 99.99999975% since May of 2010.

Of course, I would not be an Officially Certified Dollar Bear™ if I did not expect for the dollar to hit 100 sats (1¢ = 1 sat), or even lower ($1 ≤ 1 in a dollar hyperinflation scenario?).  But perhaps, that may take a bit longer—perhaps.

If you have dollars, DuPM!!!11

Naturally, I am also a Eurobear.  €DuPM before the € strongly breaks below the magical 2k sat mark, which the dollar has already subpassed!

[Weakening Section 230 would be a grievous error.]

The following message is for people who condemn Big Tech censorship.  Negativity against Trump is off-topic.  So is rationalization of Big Tech’s actions.  There are plenty of threads where you can discuss these things.  Not here; this thread will be strictly moderated to prevent derailing.  Other local rules apply.

Although the first part of this message is addressed specifically to the American right, the remainder thereof is for anyone who recognizes the grave threat by Big Tech to freedom of speech, to privacy, and also to any genuine innovation that doesn’t suit their their intrinsically corrupt business model of surveillance capitalism and mass thought-control.

This is the abbreviated version.  I don’t have time to write the mini-book I wanted to produce on this subject; and I need to catch up on other threads.


Weakening Section 230 would be a grievous error.  Its protection is most needed by small sites who can’t afford hotshot legal teams—by the upstart startups that we need to compete with Big Tech.

I predict that if well-meaning but misguided people on the American right push to weaken Section 230, the Big Tech companies will offer token resistance—and then, let it happen.  Thereafter, hate-crazed “liberals” will use vexatious litigation to harass free-speech sites, thus destroying them by economic attrition.

The ultimate result will be anticompetitive.  The entrenched incumbents can absorb the increased legal costs, as their competitors get put out of business.

Please, do not attack Section 230.  To the contrary:  If you want to tinker with it, then you should strengthen it!


Insofar as I can see, the best existing legal means of dealing with Big Tech is via antitrust law.

theymos, I know that the very mention of antitrust law will be anathema to you.  But imagine if a competing forum colluded with Cloudflare and your backend provider to remove this forum from the Internet at a critical moment—suddenly, with negligible warning, without even giving you time to seek alternate arrangements if you didn’t have them in place already.

That is exactly what Twitter, Google, Apple, and Amazon did to Parler.^*  If there was ever a case for antitrust law, this is it!

There is a Silicon Valley cartel of vertically- and horizontally-integrated companies that prevent competition via every possible anticompetitive sharp practice short of mafia hits.  They each do this—and they do this together, according to a mutual agenda.  Antitrust laws were invented for exactly this reason.

(* I presume collusion, on the face of it.  At the exact moment when Twitter’s own actions were making many of their “customers” unhappy, two app stores and an infrastructure provider suddenly shut down Twitter’s primary competitor.  It is indisputable that Google, Apple, and Amazon acted to prevent competition against Twitter.)


That said, as a philosophical matter, I don’t think that antitrust laws are the theoretically ideal way of approaching this problem.  Perhaps some new legal theories should be developed:  The Big Tech oligopolies are quasi-governmental tyrants, who have used new technology as a force multiplier exponentiator to attain a new type of power that never before existed in history.

Has any empire in all of history ever attained direct, fine-grained control over the daily communications of billions of people?  Of course not—until Big Tech arose.  And as recently seen, they can apply that power to meddle in the political process.  They who control communications can effectually control governments!  And they are unaccountable.

But the development of new theories takes time, if it happens at all.

Antitrust laws are on the books.  As a legal matter, this is a textbook application thereof.  I urge the American right to push for rigorous antitrust law enforcement—while leaving Section 230 intact, so that Big Tech’s competitors can fairly benefit from Section 230 protections just as the Big Tech companies themselves have.

[Bitcoin was made for this: It is the antidote to financial censorship.]

In Politics & Society, I publicly offered to tutor Trump in proper Bitcoin use, and send him some coin to get started.  Now, I must ask:  What does this mean for Bitcoin?

Bitcoin was made for this:  It is the antidote to financial censorship.

Will Trump come to Bitcoin, now that the banks have targeted him for financial destruction by closing both his business accounts and his personal bank accounts?  Will millions of his supporters come to Bitcoin?  Will this hard lesson on the value of censorship-resistant money have constructive results?



I think that this is potentially the single most important moment for Bitcoin advocacy in the past eleven years.  The head of state of one of one of the most powerful countries now finds himself facing exactly the type of tyranny as from which Satoshi designed Bitcoin to free us.  If he and his supporters can be brought to Bitcoin, that will be an historic moment for Bitcoin—and for the concept of money itself.

No matter what your political opinions—whether you love Trump, or hate him—you must be horrified that unaccountable bankers can unilaterally punish a high-ranking political official, according to their own whims.  Otherwise, you unavoidably endorse the tyranny of the banks, and you are an enemy of all free people.  There is no middle ground.

Bitcoin is the most political form of money ever invented—and yet, it is politically neutral.  Implicitly in its technical design, Bitcoin has only one ideology:  Financial freedom.  It absolutely does not discriminate about who can have that freedom.  And those who need that freedom would be wise to embrace it immediately!

Trump himself has always been a plutocrat, beholden to the banks, a part of their system—and I have depicted him accordingly.  Now that the bankers have summarily unbanked him, he has only one rational choice.

Go, Bitcoin!  —President Trump, go to Bitcoin!

Local rules.

[Bitcoin was made for this:]

Even though I am poor, I offer to send a modest amount of Bitcoin to Trump if there is an authenticated way to do so.  Furthermore, because I am guessing that Trump himself probably has no idea how to use Bitcoin (in the “not your keys, not your coins” sense), I offer free consulting services if he contacts me:  I will tutor him on how to avoid financial censorship, set him up with his own “Be Your Own Bank” private wallet, and send him some coin to get him started.  Of course, the likelihood is negligible; but I damn well mean it!

Bitcoin was made for this:

And now, I officially support Trump.^*  The banks have closed the business and personal accounts of the President of the United States.  This is undoubtedly the single biggest case of financial censorship in living memory—and one of the worst-ever cases of financial censorship, period.

It is an historic moment.  Either you are a willing slave of the banks, or you oppose their tyranny—there is no middle ground.

Counting down before some idiot says that the banks are “private” institutions, and you can just start your own bank if you don’t like them...  That will be the nadir of self-parodying bad arguments on Satoshi’s forum.

* As long as he doesn’t do any more of the things that I have always despised.  Which was, in large part, tweeting big-talk promises that I correctly predicted he would not keep.  He can’t do that anymore, now can he.  —Oh, and as long as he doesn’t cave in to pressure and cry to the banks for them to like him again.
Local rules.  Note:  I may move this to Bitcoin Discussion; it is fully on-topic there, too.

[Note to the moderators:]

Note to the moderators:  To support Meta discussions (0) with mprep and others about plagiarism, and (1) about the Ratimov case, I make this post to exemplify proper attribution for a post that is wholly copied and pasted.

In my opinion, such a copied-pasted post as this should generally be considered to be spam, and also a violation of Rule #1.  It would be just like many of Ratimov’s threads—except that my post hereby is properly attributed, not plagiarised.  (If forum policy disagrees with my opinion, then of course, I may start doing this every day—ten times per day!—for the merits, possibly with a paid signature.  Why not?)

I do think that this post would violate forum rules against spam and low-value posts, if not for the salutary lessons hereby provided to the community through my leadership by example, and with the following note:

Public Service Announcement:  I more or less agree with the following article, and I think that it is a good article.  Ordinarily, if I wished to raise it for a forum discussion, I would make an OP with a properly attributed excerpt of the article, provide a link to the original, and add my own original commentary (clearly shown as my own words, distinguished from the article’s words).  That would not be spam; and it would not be a low-value post.  Be guided accordingly.

Local rules:  My usual self-moderation rules, with the added provisos that (0) Ratimov is banned from this topic, and (1) this topic is about the following article.  Go to Meta for discussions of plagiarism, proper attribution, spam, low-value posts, the forum’s rules, and the Ratimov case.  Posts discussing those issues here may be deleted as off-topic.  Here, discuss only the article and its subject matter.

We Must Solve Bitcoin’s Custody UX Problem

By Nick Neuman
December 7, 2020
https://bitcoinmagazine.com/articles/we-must-solve-bitcoins-custody-ux-problem

Twelve years is the blink of an eye in historical terms, but it’s an eternity in tech. Just look at the cellphone, which went from niche accessory to absolute necessity in under a decade. Still, new technologies don’t always soar immediately: it took a quarter of a century for the humble washing machine to reach even half of U.S. homes.

This Halloween marked the twelfth anniversary of Satoshi Nakamoto’s Bitcoin white paper. In that short time, Bitcoin has transformed the way we think about money, but it’s still a long way from mass adoption. As a result, we need to ask some uncomfortable questions about what’s holding Bitcoin back.

What’s The Problem? The UX

In my mind, there’s no question that user experience (UX) has always been the biggest single obstacle to Bitcoin adoption. But not in the way you might think.

UX is a slippery term: it means different things to different people in different contexts. With Bitcoin, for example, UX extends far beyond the intuitiveness of individual exchanges or wallets. Since we’re talking about people’s investment, security is a — the — crucial consideration in any discussion about UX.

Bitcoin suffers from a usability problem that can’t simply be fixed with a new interface. This isn’t a technical error but a human one: the assumption that it’s safer to store coins with an exchange instead of keeping custody yourself. This can’t be fixed with a new user interface (UI); it requires a revolution in the way we think about Bitcoin security.

In the early days, poor UX didn’t really matter, since Bitcoin platforms were mostly used by traders and speculators who had the technical chops to navigate complexity. But when ordinary people started dabbling in Bitcoin, a host of exchanges and trading platforms focused their attention on developing “consumer-grade” user experiences. Ironically, this was the moment where Bitcoin’s UX problems really began.

Where Did It All Go Wrong?

It’s not like we didn’t see this coming. The world’s first highly-publicized hack, of Mt. Gox in 2014, saw 24,000 people lose everything. But in the six years since, we’ve continued in the wrong direction on security. There’s not enough space here to detail the number of exchanges that have gone bust, been hacked or, like OKEx in October, lost access to customers’ keys after the single employee in charge of them was detained by law enforcement.

In the first half of 2020 alone, blockchain analytics firm CipherTrace found that investors lost $1.4 billion worth of crypto, much of it from exchanges that suffered hacks or, sickeningly, committed fraud against their customers. What’s going wrong?

Instead of making it easy and intuitive for everyone to hold their own keys, the industry has focused on delivering a consumer-friendly, “full service” experiences where third parties control every aspect — including key custody.

That may be a good starting point for the first-time user, since it stops them from making very basic security errors. But it still leaves you vulnerable to a range of threats, both from within and outside the exchange.

In spite of these well-publicized catastrophes, our industry hasn’t yet turned its attention to developing a standard solution to this gaping, fundamental security flaw. In large part, that’s because it suits platforms to have their customers keep their coins on-exchange.

Making Security Simple

Early Bitcoin UX efforts focused on superficial issues and dismissed the deep problem of helping users own their private keys. They figured that solid UX for users to control their keys was an unwinnable battle and took it off the table.

While that’s understandable, I believe it was a mistake. The whole ethos of Bitcoin is built on the idea of empowerment: to be your own bank, to control your own savings and to take charge of your own financial destiny. But in trying to make UX more seamless for non-technical customers, exchanges and custodial wallets have (perhaps unwittingly) discouraged self-sovereignty and opened the door for third-party risk. And it’s hard to imagine a worse experience than losing every satoshi of your investment.

Approachable end-user control of private keys is the holy grail of solving bitcoin UX, and it’s one that the industry has largely sidestepped.

So, while many new Bitcoin users face a steep learning curve, they are not learning that old security models don’t apply. If you lose your keys, for example, you can’t just hit “password reset” — your coins are gone forever. This, in part, explains why exchanges are so keen to own the whole experience, including custody.

But sacrificing security in favor of ease-of-use is a false choice. We should not underestimate the challenge, both from a technical point of view and in terms of design. But it’s quite possible to make it easy for users to keep custody of their keys, combining high security with great UX. The harder task is educating the coin-buying public about why self-custody is so important. But it’s well within our industry’s capabilities, if we only give it the priority it demands.

In the next ten years, Bitcoin will take one of two trajectories: either a cellphone-style surge in adoption or the slow rise of the washing machine. It all depends on how quickly we solve Bitcoin’s biggest UX challenge: making self-custody simple.

This is a guest post by Nick Neuman. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine (or nullius).

Nick Neuman Nick is the CEO of Casa Inc.

[I have done something that many of the “people” here would call “plagiarism”. I have done it repeatedly—occasionally—for years. I continue to do it—occasionally.]

I hate plagiarism.

Because I hate plagiarism, I am distraught that the forum community seems to be collectively ignorant of what plagiarism actually is, why it is bad, and what harm it does.  People here call non-plagiarism “plagiarism”, as in the case of RegulusHR—whom I would have issued a 7-day temp ban on first offence for a copied and pasted one-liner, zero-substance shitpost, but not permabanned for “plagiarism”.  And some so-called “people” absurdly deny that definitional examplars of plagiarism are plagiarism, as in the case of Ratimov.

Because I also hate conceited ignorance, I will now disclose the following:

I have done something that many of the “people” here would call “plagiarism”.  I have done it repeatedly—occasionally—for years.  I continue to do it—occasionally.

What I have never done, and will never do, is this—

plagiarism is the intellectual theft of credit for original work, which wreathes lazy idiots in a glory that belongs to another.

—to the contrary!

Fear not:  The sesquipedalian pearls which I have a bad habit of casting hereabouts are my own.  I have too big an ego to steal others’ originality, instead of being original myself.  I oft spend considerable time and effort crafting a Nullian “artistic” post, all for the sheer joy of being the genuine, original, one and only me.

I don’t doubt that some of those who hate me must have wasted their time trawling my post history in search of plagiarism.  I do not think that they can ever find whereof I hereby speak.  It is a puzzle, a literary cryptogram, a secret message hidden in plain sight for a purpose that I deem to be an ethical imperative.

It will not be found in any plagiarism detection database; and I would be very surprised if anybody could ever figure it out with a search engine.

A university professor applying the methods of textual criticism could discover it.  Maybe.

Much of my more serious writing contains cryptic literary allusions.  I do hope that someday, professors will apply the proper methods of hermeneutics and textual criticism to find all of the hidden meanings subtly onion-layered into my forum posts.  (To be clear, my only lack of confidence is in the hope that scholars will exist in the future.)

Thereby, I mostly referred to puns, to subtle allusions, and otherwise to “hidden meanings” which do not directly invoke others’ writings.  —Mostly.


Some considerable time ago, I OTS timestamped some PGP-signed evidence.  I will hereby reserve post #2 for that, just in case I ever decide to reveal it; and I will reserve post #3 for additional evidence.

The posts will probably stay as “reserved”.  Probably.  If I walk into a police station, protest that the cops should not let “people” get away with actual kidnapping murder, and then tell them that they will never find the bodies that I did not “murder”, then I will probably leave it at that.

This hereby is, inter alia, my expression of profound contempt for remorseless plagiarists, and for all who defend them.  I will probably not reply here, unless someone says something interesting.

[Note: This has no practical effect whatsoever on the bc1q... Bech32 addresses that you are using today. Those addresses are fine. It is only a potential problem for the forthcoming Taproot upgrade, or for use of Bech32 with other protocols.]

Bech32 is still awesome.

Unfortunately, the great dream of a forward-compatible address format hit a snag with Segwit v1; nonetheless, it has been taken as an opportunity to make Bech32’s error detection even better.

Bech32's checksum algorithm was designed to be strong against substitution errors, but it also provides some protection against more general classes of errors. The final constant M that is XOR'ed into the checksum influences that protection. BIP173 today uses M=1, but it is now known that this has a weakness: if the final character is a "p", any number of "q" characters can be inserted or erased right before it, without invalidating the checksum.

As it was recognized that other constants do not have this issue, the obvious question is whether this is the only possible type of weakness, and if not, if there is an optimal constant to use that minimizes the largest number of weaknesses.

Since my last mail I've realized that it is actually possible to analyse the behavior of these final constants under a wide variety of error classes (substitutions, deletions, insertions, swaps, duplications) programatically. Greg Maxwell and I have used this to perform an exhaustive analysis of certain error patterns for all 2^30 possible M values, selected a number of criteria to optimize for, and conclude that we should use as constant:

  M = 0x2bc830a3

The code used to do this analysis, as well as the code used to verify some expected properties of the final result, and more, can be found on
https://gist.github.com/sipa/14c248c288c3880a3b191f978a34508e

See results_final.txt to see how this constant compares with the previously suggested constants 1, 0x3fffffff, and 0x3fefffff.

See the above-linked gist for more technical information.

A new BIP is forthcoming.

Note:  This has no practical effect whatsoever on the bc1q... Bech32 addresses that you are using today.  Those addresses are fine.  It is only a potential problem for the forthcoming Taproot upgrade, or for use of Bech32 with other protocols.

This has little effect on the security of P2WPKH/P2WSH addresses, as those are only valid (per BIP173) for specific lengths (42 and 62 characters respectively). Inserting 20 consecutive "p"s in a typo seems highly improbable.

Understatement.


The problem is little enough that it seems the balance against forward compatibility was tipped by a cold, cruel fact:  Implementers are idiots! :-/

I disagreed with Rusty previously and he proposed we check to see how disruptive an address format change would be by seeing how many wallets already provide forward compatibility and how many would need to be updated for taproot no matter what address format is used.  I think that instead is a good criteria for making a decision.

I understand the results of that survey to be that only two wallets correctly handled v1+ BIP173 addresses.  One of those wallets is Bitcoin Core, which I personally believe will unhesitatingly update to a new address format that's technically sound and which has widespread support (doubly so if it's just a tweak to an already-implemented checksum algorithm).

Given that, I also now agree with changing the checksum for v1+.

For thoughtful, forward-compatible design to be useful, implementers need to implement the standard correctly.

It is not merely an implementation problem:  It is an implementer problem.  Too many implementers are simpletons who monkey-paste and cargo-cult bad code, just to push out the door some semi-functional bugware that they can spam naïve users into using.  Why should the architects of a system make the effort to provide an elegant design, if almost nobody implements it correctly?

<blink><size=2²⁵⁶pt>
Developers, please get it right with Segwit v1:  Implement address handling correctly, so that the users of your software will have forward-compatible, correct-to-spec handling of future Segwit v2, v3, v14... addresses without upgrading.  This will allow early adopters to start using the new version immediately, without the chicken-and-egg network-effect problem.  Thank you.
</size></blink>

This makes nullius cry:

I think these results really show there is no reason to try to maintain the old-software-can-send-to-future-segwit-versions property, given that more than one not just didn't support it, but actually sent coins into a black hole.

😿 🤬

Let's look at the behavior of different classes of software/services that exist today when trying to send to v1+ addresses:

(A) Supports sending to v1+ today
  * Old proposal: works, but subject to bech32 insertion issue
  * New proposal: fails
(B) Fails to send to v1+ today
  * Old proposal: fails
  * New proposal: fails
(C) Incorrectly sends to v1+ today
  * Old proposal: lost funds
  * New proposal: fails

Please, I want someday to enjoy the pleasure of a major Bitcoin upgrade without needing to keep multiple wallets so that I can receive money from users of old software.

I think that I am not the only one who would enjoy that.

With Segwit v0, we needed a huge push to educate users.  Now, we need another push to educate users—and a push to educate developers, such that we should not need to repeat the same push every time the witness version gets a bump.


References for those who want to know what happened here:

• Jonathan Knowles, 2019-05-28, sipa/bech32#51: bug report
• Pieter Wuille, 2019-11-07, [bitcoin-dev] Bech32 weakness and impact on bip-taproot addresses
• Pieter Wuille, 2019-11-22, Bech32 insertion analysis
• Russell O'Connor, 2020-07-15, [bitcoin-dev] Bech32 weakness and impact on bip-taproot addresses
• Rusty Russell, 2020-10-08, [bitcoin-dev] Progress on bech32 for future Segwit Versions (BIP-173)
• Pieter Wuille (as quoted above), 2020-12-05, [bitcoin-dev] Progress on bech32 for future Segwit Versions (BIP-173) (gist with analysis source code and data)

Local rules (recently updated).

[(Forum feature suggestion: Give self-mod topic starters the ability to move posts intact between threads.)]

This is moved from where it is off-topic in one of my self-moderated threads.  For fairness, 1miau’s post will be fully quoted without alteration in Post #2 hereby.  (Forum feature suggestion:  Give self-mod topic starters the ability to move posts intact between threads.)

And while we are at it, I've just checked my trust list if someone new trusts / distrusts me:

Again, with the n00b questions about “how does this work?”

The ~ means that I distrust your judgment.  No more, no less.  It is supposed to be neither a popularity contest, nor a personal insult.

Notwithstanding that you have exhibited high competence in some subjects that are irrelevant to the trust system, I sincerely distrust your judgment.  Although I am not required to explain my reasons to anybody, I will be kind to you, and illustrate with a real-life example how this is supposed to work:

• I saw significant evidence that you make reports to the moderator based on political disagreement with the author of a post.  This makes me distrust your judgment generally.  It is injudicious, to say the least; and if your judgment is so unsound with moderation reports, then mutatis mutandis, I distrust your tags.
  
  N.b. that although the posts were mine, I would apply the same criteria in any case—and I myself do not abuse the report-to-moderator function to suppress opinions (or authors of opinions) that I dislike.
  
  (Note:  I still intend to reply to you in that topic.  I still have reason to, insofar as you do not know what “spam” is; and I believe that it is your such misunderstanding that caused the whole débacle.  I tend to fall behind on posts that I intend to make, largely due to the time and effort invested in each.  It is an admitted problem of mine.  —Just as you saw me mention, I still intend to reply to mikeywith in that other Reputation thread...)
• Thereupon, I checked your trust page.  I noticed that you issue too much positive feedback for relatively trivial reasons.  I was recently discussing this exact problem with others here and in the Russian forum; and I have been intending to start a new thread about this, under which I plan to denote that you (and others) are excluded for this reason.  suchmoon’s lunacy has been distracting me from more important activities...
  
  Giving too much positive feedback too easily facilitates SCAMS.  Nobody complains about it—improper (or allegedly improper) negative feedback gets the attention, because people complain when they themselves receive negative feedback.  Whereas if you green-trust people incautiously, then it is only a matter of time and luck before the consequences befall people who trust your judgment.
  
  You issue positive feedback for economic activity valued as little as 0.0002 BTC (maybe even lower), apparently for first-time transactions.  When time permits, I intend to suss out JUST WHO THE HELL is bringing all such bad positive feedback into my trust network, and exclude them all.  ~~~~~~~~  It is not about you personally, One Meow.
  
  

  I am extremely conservative in matters of trust.  I do not trust easily; and most of all, I do not vouch lightly.  If you have been trustworthy to me and you do not receive positive feedback, please do not take that as a slight.  It simply means that I do not yet know you well enough to vouch for you to entire world.  Positive trust feedback from me is meaningful, because my standards are high.

  I am ultraconservative in matters of trust;

  ... “trust is hard to earn, easy to lose”. ...
  
  There are certain empirical facts about trust known by experience to anyone over the age of thirty.

  I am liberal with negatives, and conservative with positives; for I distrust easily, but I am careful in choosing whom I trust.

  
  I do not want to see your tags up top; and I do not want your positive ratings figuring into the trust scores that are displayed to me.  The ~ button exists for that purpose.  Understood?
• Your complaint about my exclusion of you, and the insulting manner of that complaint, confirm tenfold my distrust of your judgment.
  
  

  Feels nice to join this group of morons?  
  

  
  You are injudicious and unwise, and you personalize things that are not intended to so be.  Forum usage protip:  When somebody trust-excludes you no personal attack, and no evidence of spitefulness or impropriety, then the proper response is this:
  
  

  That's how I see it anyway.  I can agree to disagree on an issue like this one.

  I excluded nullius from my trust list because [...]

  No hard feelings.

[—image screenshot of https://loyce.club/trust/2020-11-28_Sat_18.56h/2143453.html —]

Usage instructions:  Each of those Loyce.club trust pages contains a convenient link which says, “BBCode for Bitcointalk”.  You should copy and paste the BBcode as text, in pertinent part, instead of posting a screenshot.  For example, see my reply when some trolls and idiots claimed that Lauda (“лayдa”) and I (“нyллиyc”) were in league with suchmoon (“cyшмyн”) (!):

Oчeнь тoпopнaя cиcтeмa. Tepмoc - peбeнoк пo cyти, кoтopым мaнипyлиpyют пpидвopныe (лayдa cyшмyн фapмaцeвт).
[...]
Чтoбы пpипoднятcя в cиcтeмe - нaдo yмeть лизaть эти пятки пpидвopныx (лayдa фapмaцeвт cyшмyн нyллиyc итд).

...и кoмaнды "фac" oт cyкмyнa нe пocтyпaлo.

ЛOЛ.  

[2019-12-07]  ~Lauda's judgement is Distrusted by:
54. NEW suchmoon (Trust: +14 / =1 / -0) (3358 Merit earned) (Trust list) (BPIP)

[2020-02-01]  ~nullius's judgement is Distrusted by:
9. NEW suchmoon (Trust: +14 / =0 / -0) (DT1! (41) 3617 Merit earned) (Trust list) (BPIP)

[2020-04-11]  nullius Distrusts these users' judgement:
19. NEW ~suchmoon (Trust: +14 / =1 / -0) (DT1! (29) 3982 Merit earned) (Trust list) (BPIP)

You don't have any trust in moderator's judgement so you need to start self-moderated threads all the time?  

Oh, do you speak of my switch from inclusion to exclusion of hilarious?  I sincerely do not trust his judgment, either.

I saw warning signs before, in his handling of the PrimeNumber7 case.  I kept him included, because I thought he had valuable tags that I wanted to see; and moreover, his own inclusion list is not so horribly big as to pull all sorts of garbage into my second-level.

(I avoid including many people whose judgment I otherwise trust, for this exact reason!  For example, this is why I have not considered including qwk, although qwk has many good tags (at least in 2017 and later), and is on the Cult of Lauda inclusion list.  I prefer to include people who have short inclusions lists, and long exclusions lists.)

However, as I have already said publicly, hilarious’ recent choices have proved to me that his judgment is not trustworthy.  Now I know from first-hand knowledge that he says untrue things about people; why would I trust his tags against others!?  It is, again, why theymos made the ~ function.

Anyway, hilarious is off-topic here.

Local rules.  Will be enforced.

[Is the content of websites of famous European museums considered “NSFW” by Bitcointalk.org moderation policy?]

A question that I ask because I do strive in good faith to heed the forum rules:

Is the content of websites of famous European museums considered “NSFW” by Bitcointalk.org moderation policy?

Link is NOT “NSFW”,
unless your workplace prohibits you from viewing the websites of museums.

• Delete reply: Re: Reeeeeeeeee: nullius is a cunt in topic #5293050 by member #976210
• [...]
• Delete reply: Re: Do you want more or less freedom? in topic #5293277 by member #976210
• [...]
• Delete reply: Re: Reeeeeeeeee: nullius is a cunt in topic #5293050 by

Another question:  Is my avatar permitted?  Although it is exoterically an infinite zero, it has an esoteric meaning that is sexually graphic and explicit.

It must be safe for work.

—Yes, I am serious.  I am well-known for double entendre and beyond:  Onion-layered multiplicities of meaning.  Inter alia, the green oval with a dot of my avatāra has always evoked and invoked the yóni opening to the liṅga at the moment of intromission, in accord with my private study of the kāmaśāstra.^*

I have spent more time studying and practicing kāmaśāstra than science and technology!  Now, why don’t you quote that, PM theymos, and ask him to ban me because I like sex, and I am not ashamed of it.

* No, I did not even try to decline all these Sanskrit words tossed into an English sentence.  Eh.

🤬

On another note, I request heavier moderation of rude trolls.  Some foul-mouthed lowlife called me a “c—”, and I am deeply offended!  Sincerely offended:  Courtesy is important to me; and I am in principle against the use of anatomical terms as “dirty words”, on grounds that such usage defiles the cleanliness and sanctity of the human body.

Naturally, what with this being the Internet, and what with my being a mature grown-up, I just rolled with the punches instead of demanding that my feelings be protected.  But I admit, my feelings are hurt:  I am shocked, outraged, and indignant!

😭

Where is the Bitcointalk.org Trust and Safety Team!?


What with this being a private forum, I will not repost the deleted content without permission.  Rather, I do hereby as I promised:  I am taking this up in Meta, in an appropriate manner.

However, I will publish in Post #2 a brief excerpt of such deleted content as is—most ironic, and not only relevant, but essential to this discussion.

— See you next Tuesday. —

[Context: “Re: Reeeeeeeeee: nullius is a cunt” (a déclassé whine thread by suchmoon)]

Context: “Re: Reeeeeeeeee: nullius is a cunt” (a déclassé whine thread by suchmoon)

It is fun to watch this. I knew it would happen. Undoubtedly nullius is a cunt, however this is not the root of the conflict between suchmoron and nerdius.

Suchmoron views nerdius as a cunt for a few reasons. None of which have anything to do with being an actual cunt.

1. Nerdius can convincingly ( to imbeciles which make up 99% of meta and rep posters) appear both intelligent and cultured.  
Suchmoon doesnt like that and hates being revealed as stupid. It knows nullius is more technically versed too. Nullius being kind of a very poor mans AM.

2. Nerdius can garner a lot of praise and grovelling respect from the dregs that also slobber over suchmoron. ( not that burger flipper direwolf that is suchmoons chief  assmuncher or alt)

3. Nerdius will stand up to suchmoron.

In short nerdius is casting a shadow over suchmorons light here. Suchmoon doesnt like not being the centre of attention.

^^^ Image quoted at a sane size, and now stored not under suchmoon’s control.

Get a room, the two of you!

suchmoon, I know that you are too shrewd and calculating not to understand that your “DO NOT FEED THE CRYPTOHUNTER” pic is the ultimate feeding for him.  He loves it!  And you know it.  You are not that fucking dense:  You are feeding him deliberately, you sleazy two-faced cretin.  You are a troll; and feeding cryptohunter this way is your way of trolling with “plausible deniability”.

N.b. that since you pretend to have me on ignore (whilst creating new threads about me—LOL! pathetic), I am stating this for the audience.  As I do with all of my posts about you lately (and one planned upcoming).

For you are subtler than the average troll, suchmoon.  You are more cunning than cryptohunter.  You have fooled me in the past.  Others need to see your true face.  Thank you for showing it to them:  You are the bride of cryptohunter, a match made in Hell.

Thanks.  So stop bumping the damn thing.

I love this post.  With one exception.

Telling suchmoon to stop posting her pic here is not permitted.
She may post it in my self moderated threads at my discretion.

[...]

Nullius can post but don't tell hot bbw beast wrestlers like suchmoon what to do on my threads.

[...]

If suchmoon stops now because you told her too that is really unsportsmanly.

❤️ ❤️ ❤️

@ nerdius - no more disrespectful comments to forum legends like OG or I'll have to ban you from this valuable and informative thread.
Also no more ordering my fav BBW around.  If she wants to post her little pictures on my self moderated threads then I will permit it as and when it suits me.

❤️ ❤️ ❤️

Ah that reminds me. Suchmoon will never win our posting/deleting battle.
There can be only 1.

^^^ It takes 2 to tango.

This has been coming for awhile:

In a CH troll thread which suchmoon has been feeding by pretending to tell others not to feed it (ill-behaviour that I have not yet had time to address adequately),

Local rules.  Will be enforced.  For the purposes thereof, both of the two above-named lovebirds are being accused on this thread.  However, posts that substantially consist of the cryptohunter-feeding pic will be deleted regardless.

[Reality itself is determined by the revealed truth of the vote.]

Regardless of the scientific facts about Covid, this adequately demonstrates the epistemological foundation of democracy:  Reality itself is determined by the revealed truth of the vote.  It is the ovine religion of voting votaries.

share your opinion

🤔

The facially absurd notion that everybody is entitled to an opinion is a learned dogma, with the added benefit of appealing to the petty egos of those least capable of independently forming their own opinions.

“In my opinion, 2 + 2 = 5, the Earth is flat, and America is the greatest country in the world!”

Hey!  Everyone is entitled to an opinion.

Local rules.  Will be enforced.