This is 100% the point the “trust me bro committee”.

Let’s add a bit more of fact-based context. From my experience I don’t think the majority of Lightning developers and engineers contributing to the protocol development are woke, by what we usually understand under those terms. There is a clear vocal minority embodying wokeness, of which I think Mr. Corallo and its utmost superior Mr. Dorsey are constitutive (not even all the folks at Spiral or Block Inc in my opinion, some are clearly not woke). I’ve met Mr. Dorsey in-person too in the past, so I’m talking with good knowledge of the facts.

Of course, I do not question one’s to hold political opinion including woke ones, especially in the US with the 1st Amendment, as long it does not interfere with the professional domain and conversations about objective technical reasons.

Now among those silent Lightning developers and engineers, given the current majority mode of funding of Bitcoin open-source large, i.e the research grants and other similar type of employments, most of those silent Lightning engineers are fearing to speak up on those issues, or at least express what they’re really thinking in public by some anxiety to be singled out when it’s time of their next open-source grant renewal (— or find their next job, potentially at Block Inc). That’s one fundamental issue with how grants are allocated today, the criteria of allocations are very nebulous or opaque (I can think only non-profit org that start to be more transparent on how they’re allocating each grant individually). So generally it helps if you have “friends” in the open-source grant committee to get your new grants for the ones making a career in bitcoin open-source development (or speaking more frankly to do the “sucker”). Let’s remind the very active role that Mr. Dorsey is playing in the funding of the Bitcoin open-source stage (somehow to his positive credit, it’s not a “black-and-white” situation).

To this phenomena of the youngest Lightning protocol devs being reticent to express on those issues by apprehension of some fireback on their professional careers, there is the other phenomena of the “Old Guard” of historic developers on the Bitcoin Core implementation, which have seen their legal fees covered by the Bitcoin Defense Legal Fund in the series of CSW cases, this initiative also being partially funded by Mr. Dorsey.

So in my view this group of people, which are technically skilled, with some years of veteranship to express themselves with more depth and breadth on open-source culture are also deliberately staying silent on those issues (apart of one or two from them), to not seing themselves excluded from being legally represented in the still finishing series of CSW cases (here more likely a “self-chilling” effect than a threat that has been effectively pronounced).

Back to the topic of wokeness, the problem with this philosophy where its advocates are ready to commit bunch of tactics (phone calls in private, self-appointed morally righteous committees, private admonestations to the “code of conduct” penitents, usage of a double-standard to appreciate “moral” infringment, etc) it doesn’t fly very well under the spotlight and publicity. There are reasons all the woke measures have generally lose in front of US courts, being in 1st instances or circuits of appeal. Blue or red juges they’re fundamentally used to the notion of “due process”. In the meanwhile, a vocal minority of developer(s) and stakeholder(s) is sustaining a deleterious culture in bitcoin open-source stage…

That’s the frank state of things under my view — And why I think it’s indeed very interesting to have a US court of justice have a say on what “decentralization” effectively means in an open-source project by litigating Mr. Corallo.

Let’s give more context.

If you take the series of CSW cases in the UK, what effectively did stop him of claiming he’s Satoshi and that Bitcoin Core developers as a group owed him fiduciary duties and other dubious claims, was indeed another counter-lawsuit (the COPA one), dragging him in front of courts.

Be certain, I’ve said multiple times in public in the past that CSW is clearly a douchebag as you said so, and now I can a say a proven fraud in claiming he’s Satoshi.

More anecdotally, in the feud among Matt Corallo and myself, he was the first to make more or less veiled threats to drag people non-complying to the rust-lightning code of conduct in front of court of justice, here in 2022: https://github.com/lightningdevkit/lightningdevkit.org/pull/184#issuecomment-1368126430

So why there would be a “double standard” among bitcoin devs, some for which it’s okay to announce the intent to open pursuits in front of court of justice, and some for which it’s not ? I’ll let you come with a justification, because I cannot see one.

Now, on the “courts are for real crimes”, let’s obviously keep a sense of proportion. This is _not _ a claim there has been something penally serious that has been committed such as murders, rapts, human trafficking or mass terrorism. We’re only talking about an inter-personal conflict among 2 professionals developers in a quite young industry with very few social norms. Courts of justice also usually intervene in far more minor legal cases in societies, such as when 2 neighbors disagree on where is exactly the physical limit between their 2 private properties, if their respective title deeds are unclear.

Beyond, I can certainly see among the bitcoiners, especially ones with a anarchistic philosophical lean, an in-grained suspicion about the court of justice as a legitimate human institution in itself, or as pure emanation of the Nation-State. Of course, court of justice are not perfect and there are only a very pragmatic way to appease human conflicts. For your wider personal culture, historically courts of justice have not always been a monopoly of the Nation-State, in the past churches and merchant guildes have been determinant in the formation of certain areas of laws (— I do not wish to be pedantic here, on the other hand the history of judicial institutions is a domain rarely studied).

I’ll shrug on your pun on “Be a man, not a kid, only kids go to cry in a court”, my virility is sufficiently fine to not have reticence in the need to not go to court of justice to prove I’m a “real” man. More sincerely, I don’t know you though might I observe that pointing out that courts are reserved for “kids" is more symptomatic of the lack of comprehension of the daily role played by court of justice in solving conflicts in a civilized way in modern democratic societies.

On your qualification that those issues are only “stupid shit”, I think this your right to use such terminology, like it’s my right to go to court if I think this “stupid shit” is sufficiently serious to deserve a judgement. Zooming out, I’ve technically contributing for years in the bitcoin open-source field, I have worked for or with many open-source organizations in this industry, I’ve seen some being setup and built under my eyes, so I’m more in the position of an “insider” to gauge that something is culturally broken and act in consequence.

So to conclude, I’m not convinced by your position, neither by what I understand as the expression of solving conflicts among professional and civilized adults in the bitcoin world.

I’m not the one who started to advocate the establishment of code of conduct or moderation rules among bitcoin open-source projects, even if I’m still estimating civility and courtesy in online conversations.

One problem is if you start to think that other human beings should act morally in some way, this doesn’t work if your personal actions as a self-appointed enforcement officer of said moral norms are not consistent with your words.

That’s socially known as hypocrisy, to not even couch the drama in more precise legal terms.

There always have been disputes and conflicts among Bitcoiners (cf. the block size war).

In my humble opinion, while I have not been active into it, the dismay of the so-called “block size war”, have been the uttermost self-conviction of actors on both side to think they were representing the camp of “Good” and the other camp the “Evil”, or that one camp thought they detained the monopole of truth.

The advantage of going to courts of justice, it’s a century-old well-established process, which has internalized in its unfolds that social life isn’t “black-or-white”.

Sadly, it’s a phenomena that we’re seeing far too often with online internet forums, as the tactic of loudly claiming to represent the camp of “Good” is very cheap rhetoric to try to gain the conviction of the online forums audience.

By its nature, modern online forums are not communication mediums favoring deep reflections and careful consideration, there people usually prefer to resume a complex situation with simple GIFs and other memes.

This is a good question.

I should have precised inter-personal conflicts among devs, not technical consensus ones. On the technical philosophy, I think the people I’m singling out in my post are in agreement most of the time with my ideas, and vice-versa.

The debate or present conflict is on the conduct of the janitorial maintenance of the public communication channels at large, where Bitcoin domain experts are having usual conversations on technical consensus, while those channels being abused by some to damage one’s professional reputation.

Those channels are shared among all and usually administratively transferred among generations of devs on technical merits criteria. This is consistent with the claim that the Bitcoin development is the "private property” of no one. Otherwise that would mean all the discourse about “decentralization” of Bitcoin is baseless.

The problem of Faketoshi was not going to courts. In democratic societies where the rule of law is reigning this is the norm. The problem with Faketoshi a.k.a CWS was him producing a massive amounts of forged evidences, lying repeatedly in front of judge and engaging in fantasist stories about the past.

Beyond, there was a prominent bitcoin dev, far more veteran than I am, that have been to courts in the past years to defend his own professional reputation against allegations of a recognized applied cryptographer. I do not exactly remember the outcome in this case, though courts records are usually public, and one can go to read them.

Thanks to remind me my own words.

I do think the last time I wrote and tested bitcoin code was yesterday and the last time I reviewed bitcoin consensus changes were during the last weeks.

For the reasons motivating any lawsuit against another developer this will be explained in the lawsuit itself, and by default the courts of justice are public.

This is contrary to the emails I have received from the self-appointed lightning code of conduct, of which said emails are received in private.

Publicity is good as any interested bitcoin media will be able to know more.

Sadly, bitcoin developers do not have other ways of solving conflits among themselves rather than old school courts of justice.

One can do a lawsuit with one hand and keep building with the other one.

“Who watch the watchmen ?”

I don’t deny that ossification has its advantage, as somehow for the hobbyist bitcoiner less software changes give more time to read, test and understand them. Somehow, the point of my article is drawing the attention on FOSS domain experts who are under a principal-agent situation who have turn “paid professional” and then who have to justify the financial resources dedicated to pay their salaries, with some incentives misalignment with the end-users. When you start to be paid for doing FOSS software, objectively this becomes a bit less free. And then they can be obviously enticed to make the whole FOSS development pipeline a closed-door to protect their jobs from news FOSS contributors, or even just to surf on the project inertia and make their daily job less demanding.

“The price of liberty is eternal vigilance”. Thomas Jefferson, or some of the same standing.

More seriously, I don’t think BOLT12 was an attack on Lightning for someone who’ve seen the development. More yet another payment protocol in the half of dozen payment protocols we already have. Maybe a bit better, but quite complex...

I bet I’m more mentally stable than you, anon :)

Quis custodiet ipsos custodes ?

See how much work is it to write a new block-relay p2p stack in rust on top.

Always bug to fix - Cypherpunks debug code.

They do. It’s not like they’re asking for public money on their website from plebs like you and me, anon.

@petertodd a comedy show in the US once and the canadian comedian on stage was making a lot of fun in the room by saying a lot of "cliches" on canadians :) Don't take it as it is, I swear it's a joke.

More seriously, if there are intel agencies out in the wild deliberately trying to influence the bitcoin protocol development process, they could set up a more or less fake non-profit organization and that organization having a special tax status to receive donations from whatever industry donors. It could be from then quite easy to have the board helicoptering money more or less randomly on bitcoin open-source contributors, and this being a vector of attack. All very in the hypothetical line of thought...

After all, all major money are fiat today, at least since the 90s and there is no more constitutional limits strictly guaranteeing the independence of the Bundesbank w.r.t to its monetary policy. So bitcoin protocol development could be disrupted tomorrow with massive chunks of fiat money thrown on developers.

I don't really think an organization like OpenSats is sincerely to question on that regard. People at the board have a real track record in the bitcoin industry, and they are quite public about from where the majority of theirs funds is coming from. Have they lived it to their original promise to be as much pass through as they can when opensat was initially announced in 2020 ? I don't know, sounds they have a lot of people getting financial compensation in operations, there is no public report on the remunerations of the operation team. Beyond, it would be great for them to start to motivate their grant refusals on sounds technical arguments.

In matters of open-source funding transparency, I think there is a good example with NLNET Labs in the Netherlands, which is a non-profit maintaining multiple pieces of open-source software related to the Internet stack. Their software support policy announce explicitly the following:

"Dutch tax regulations allow us to have reserves that guarantee two years of continued operations in case all industry funding would disappear. Thus, in the unlikely event that NLnet Labs can no longer commit to maintaining our software projects, we will announce this at least two years in advance."

Personally, I think it's a good policy example to minimize the risks of grants inflation and promises towards serious and legit open-source contributors expectations not being fulfilled, whatever are the underlying reasons. At the start of the COVID pandemie in 2020 and when I was still full-time at Chaincode, I've seen 2 serious open-source contributors suddenly being defunded by their industry backers due to the sudden changes no ones expected in the economical conjecture.

About scaling Nostr, I think there is an old technical comment of yours about some Nostr architectural choices during the mempoolfullrbf that I've never replied here. I think it's only the email or comment of yours on the Internet, I've never replied too (if my memory is correct ?), though I''ll put my thoughts on Nostr scalability on stacker news during the coming future.

@conduition Thanks for the clarification.

Look, one piece of advice if a vulnerability report is to be quite clear in giving a disclosure timeline ahead (and fair to update in flight if they are mitigations developed and deployed). If the report is done outside of a bug bounty program with no rules of engagement, picking up a timeline is really on your shoulders. In the situation of very low funds exposed, as apparently it’s the case here, giving 2 weeks of warn-up would have been very good courtesy. My IMHO only.

Sure, if you’re vendor and there are plausible vulnerabilities affecting your soft, this can be very pragmatic to downside funds exposed. Giving time to people to deploy the fixes.

I don’t wish to sound too harsh on conduition here, I believe it’s great to have more folks doing vulnerabilities hunting in the ecosystem. On the other hand, in infosec rule of thumb is often to give 90 days to vendors. Unless there are clear hints that vendors do not wish to implement mitigations (or mitigations cannot be deployed easily).

I know 90 days can be a lot, so even if you think circumstances are worthy of less, in my opinion nothing displayed in the disclosure report warrants to give only 4 days to the vendors.

As of today, it’s indeed quite easy to go and burak a bitcoin L2. But I don’t think it is the culture we wish to nurture on the long-term in the ecosystem, if we wish seriously to take care of end-users financial wealth (or privacy). Failing to do so, that’s only going slowly towards the path were vulnerabilities are weaponized for other purposes...

From a quick read of Mercury server code, there is support for mainnet: https://github.com/commerceblock/mercurylayer/blob/dev/server/src/server_config.rs#L98

From protocol documentation (https://github.com/commerceblock/mercurylayer/blob/dev/docs/protocol.md#initialisation) the coin pubkey is a key-path spend to P (P1 = O1 + S1). If the statecoin is spent as a happy path, there shall be no mark in the blockchain logs.

So how can you be sure there is no mainnet traffic ?