Gloria Zhao got hacked?

[PepeLapiu]

So many of you shitcoiners who are unable to determine what spam is, you were putting down Knots because, so you said, Luke Dashjr got hacked, and this shows he has poor practices and should not be trusted with node software.

Now, I though that was a pretty dumb thing to say. But never the less, since the lead maintainer of core also just got hacked, does that prove core can't be trusted? Or does the stupid yardstick only apply when in service of spam?

[_act_]

Because of the vulnerability in Bitcoin Core 30, you posted this. That has not changed the fact that Bitcoin Knots is primarily maintained by a single developer.

Compare it with Bitcoin Core that is maintained by more people.

It is just like saying because vulnerability was found in one Electrum update in the past, that close source wallet are better. But which is absolutely not true.

[FortuneFollower]

You trust whatever you want.

Just don't enforce your points on others and keep it to yourself if not asked.

[BitMaxz]

Who is Jule Dashjr? That's a different person; I've never heard of this guy.

Gloria Zhao is a new maintainer who focuses on mempool policies, transaction relay, and fee management. I don't think there's a thing that could lead Bitcoin to disaster if Gloria is being hacked since it only focuses on these 3 things above, and she is not the only one who checks the codes; every individual can decide if she is doing something wrong about the Bitcoin core codes.

Plus, I researched, and only her X account was hacked; she might have had poor social account protection, but it doesn't mean we can't trust her because of her X account being hacked. What you need to ignore is don't contact her X account because she said she no longer has control of that account.

[Ambatman]

I would agree in some part that this doesn't really build confidence and show some lackluster security
Even if I understand sometimes it may be outside their control (data breached)
But the good thing is Bitcoin is open sourced and even core undergo review
This isn't what anyone would expect from someone serving as a maintainer to a trillion dollar asset.

Well Elon musk and Vitalink has been hacked
I believe this is drag out because it's Gloria and Coredev.

[DeeppRockk]

I would agree in some part that this doesn't really build confidence and show some lackluster security
Even if I understand sometimes it may be outside their control (data breached)
But the good thing is Bitcoin is open sourced and even core undergo review
This isn't what anyone would expect from someone serving as a maintainer to a trillion dollar asset.

Well Elon musk and Vitalink has been hacked
I believe this is drag out because it's Gloria and Coredev.

The maintainer changes won’t affect BTC price. The market doesn’t care about Gloria Zhao or PR merges.

It’s focused on macros, ETF inflows, and narratives. Taproot barely moved the price when it launched.

Unless there’s a hack or fork, this is just developer chatter.

[PepeLapiu]

Because of the vulnerability in Bitcoin Core 30, you posted this.

No, I posted this because when people started switching to Knots, coretards told us that Luke Dashjr can't be trusted because he got hacked. Does it follow that core can't be trusted because the lead maintainer got hacked too? Or do we admit it was a stupid claim to start with?

And the bug in core 30 is pretty stupid. Who would think deleting wallet files is a good idea?

That has not changed the fact that Bitcoin Knots is primarily maintained by a single developer.

That is not true. Knots is a fork off of core with added features. It is factually maintained by core, with one more dev working on it. All the changes that Luke makes can be verified by anyone willing to look.

Compare it with Bitcoin Core that is maintained by more people.

If you claim that core is maintained by 20 people, that would mean Knots is maintained by 21 people with Luke as one more dev to work on it.

Saying Luke alone maintains Knots would be like saying I built my own house because I hug a picture in the hallway.

It is just like saying because vulnerability was found in one Electrum update in the past, that close source wallet are better. But which is absolutely not true.

I don't know WTF you are talking about here. That makes no sense. If I build a man cave in my garage, will you claim my house is poorly built because I built it alone?

You trust whatever you want.

Just don't enforce your points on others and keep it to yourself if not asked.

Don't worry, there are a lot of people working on making sure you don't hear what I have to say, in service of spam.

For example, pretty much every thread that mention spam on this forum either gets deleted, or locked, or moved to a section with a lot less traffic.

On the Google devs email list, many many people who try to post anti-spam posts get censored, and their post never gets sent.

And it just came out that Twitter/X is also censoring pro BIP 110 posts.

So don't worry, they work hard at making sure you don't read what they want you to read. Expect this thread to be moves, locked, or deleted any time soon.

You trust whatever you want.

Just don't enforce your points on others and keep it to yourself if not asked.

Did you purposely ignore my question and drone on about something I never said? If Luke Dashjr getting hacked proves Knots can't be trusted, does it follow that core also can't be trusted because it's lead maintainer got hacked?

Who is Jule Dashjr?

I meant Luke Daskjr, typo corrected.

}
Gloria Zhao is a new maintainer

Yes indeed, she is very very new, and practically no real world experience. Which begs the question, how did she get the lead maintainer position so fast, and far more experienced devs got ignored?

who focuses on mempool policies, transaction relay, and fee management.

Yes, and it should be of great concern to you that someone with no real world experience who also admitted she is ignorant of monetary policy, could be in charge of deciding what 90,000 nodes should be told what they are to put in their mempool.

I don't think there's a thing that could lead Bitcoin to disaster if Gloria is being hacked since it only focuses on these 3 things above, and she is not the only one who checks the codes

She does more than that. As the lead maintained, she is one of the 5 people who get to decide what to merge, and what not to merge.

every individual can decide if she is doing something wrong about the Bitcoin core codes.

Indeed. And given that she doesn't believe Bitcoin has a spam problem as she refers to spam as "use cases we have today", and she repeatedly insulted bitcoiners who don't believe in altcoins, I think people will make the right decision. 22% of the nodes have been making the right decision, and continue to do so.

Plus, I researched, and only her X account was hacked; she might have had poor social account protection, but it doesn't mean we can't trust her because of her X account being hacked.

That is a funny way to dismiss her hack. Because Luke's hack had nothing to do with Knots. Yet the coretards claimed that because he was hacked, Knots can't be trusted.

So it would stand to reason that because an inexperienced and new head come maintainer got hacked, core can't be trusted.

Or does the rule only apply when in service of spam?

[ABCbits]

But never the less, since the lead maintainer of core also just got hacked, does that prove core can't be trusted?

Are you talking about https://gist.github.com/glozow/e73317f79dcd6a0a4fc997d209a619fe or something else?

That has not changed the fact that Bitcoin Knots is primarily maintained by a single developer.

That is not true. Knots is a fork off of core with added features. It is factually maintained by core, with one more dev working on it. All the changes that Luke makes can be verified by anyone willing to look.

Note that it's more difficult to perform such verification, since Luke do some things differently.

--snip--
Another git repository concern is that Luke just pulls the code in manually from pull requests and then commits it himself, causing anyone who wants to audit it to have to manually re-examine the Luke commit compared to the pull request code that others might have reviewed. This is getting really deep in the weeds of software development lifecycle integrity assurance, but the point is that Luke must be changing the commits in some way for them to have a different hash. While that may only be a changed commit message or fixing merge conflicts, the problem is that nobody knows. It might be obvious to other engineers that Luke could have changed something, but I doubt it's clear to the average person.
--snip--

[DPHOR]

Anyone out there could be hacked this doesn't mean that you are security expert or
something as you wouldn't know when that happens, just have to be that careful when it comes to your assets holding,
provided that you are public figure and knowing that you are holding enough assets in your possession
you could be targeted which you wouldn't know when that suddenly happens.

[aoluain]

Plus, I researched, and only her X account was hacked; she might have had poor social account protection, but it doesn't mean we can't trust her because of her X account being hacked.

That is a funny way to dismiss her hack. Because Luke's hack had nothing to do with Knots. Yet the coretards claimed that because he was hacked, Knots can't be trusted.

So it would stand to reason that because an inexperienced and new head come maintainer got hacked, core can't be trusted.

Or does the rule only apply when in service of spam?

But you never mentioned that it was on X she was hacked.

Stating Core cannot be trusted because someones X account got hacked
is like putting 2 and 2 together and ending up with 22 - instead of 4

[PepeLapiu]

But you never mentioned that it was on X she was hacked.

So where Gloria Zhao got hacked matters, but where Luke Dashjr got hacked is irrelevant?

Stating Core cannot be trusted because someones X account got hacked
is like putting 2 and 2 together and ending up with 22 - instead of 4

Your exact logic here would also have to apply to Luke Dashjr and Ocean. The idea that Ocean and Knots can't be trusted because Luke got hacked, that was pure bullshit.

I'm a dev, albeit not a bitcoin dev. And every dev I know got hacked at some point. That should not mean none of us can be trusted on this basis.

To be clear, I'm not saying that Zhao's hack shows core as untrustworthy. But some of you claimed that Luke got hack, and tried to claim Knots can't be trusted on that basis. Which is a stupid claim. But if you apply that yardstick to Luke and Knots, you have to also apply it to Zhao and core.

[gmaxwell]

The prior discussion wasn't claiming that luke was untrustworthy because he got hacked, but rather: Luke's personal and data center computers were thoroughly compromised for months without his knoweldge and then after he learned of it he did not replace them or even wipe them, he just manually attempted to 'unhack' them, and continued to use the same computers to distribute software to others (with just a little note displayed to check signatures on the software they distributed because the system hadn't been replaced).

This fact got raised as one point among many as to why people should probably not want to use his dnsseed, in particular because there is way no anyone can 'check signatures' on that output.  He then replied that the dns stuff was on a different computer so that point wasn't discussed further-- although since he so routinely distorts the truth to suit his position it's hard to know exactly to weight that, doubly so since him saying it was on a computer that wasn't hacked makes it sound like he didn't even attempt to re-secure that computer even after his desktop that had full ability to log into all his other systems had been thoroughly compromised.  Personally, if a system I had which had login credentials to other systems was compromised (and particularly compromised for any duration by an active intruder) I would consider every system it could access with full privileges compromised and I would *replace* all of them-- especially since the capability to install latent backdoors in device firmware exists in the wild.

In any case, it sounds like Gloria wasn't likely wasn't even hacked-- but rather some twitter/x insider may have just given access to her account to a third party (e.g. by being social engineered or w/ a bribe).  So that seems not at all comparable.  But if you do hear about her performing trusted work from a known compromised machine that wasn't even wiped and reinstalled then it would be useful to convince her otherwise--  but instead it appears the opposite is true: even though she has no reason to believe her own systems have been compromised themselves she'd going through a refreshing her security posture.  Which is what a reasonable person would do just in response to knowing they were being specifically targeted, much less actually hacked.

-- and in fact, after Luke was hacked and this raised a prospect of even obscure former bitcoin developers being specifically targeted, I disposed of and replaced my firewalls as well as the system's used to air gap and secure my bitcoins.  Even though I could find no evidence of any compromise, simply because there was a targeting risk and I didn't initially know how sloppy and weak lukes security had been and so I was concerned that he may have been hit by e.g. state level attackers with access to vulnerabilities which weren't publicly known and I hadn't replaced them in a number of years.  This turned out to be unnecessary: after I learned more details about his compromise as it appears entirely due to serious security errors that I hadn't made and that his attackers were likely not that sophisticated, but it's good to be cautious.