Luke de Wolf

Bitcoin is critical infrastructure. What do I mean by that? I have a specific definition, stemming from my experience as an industrial cyber security professional. Critical infrastructure refers to assets, systems, or networks whose disruption would have a profound effect on security, economic stability, public health and safety, or some combination. What this means in practice are those things that we can’t live without in our modern society: electricity generation and grids, oil, gas, and fuel infrastructure, factories, hospitals, transport networks. The list goes on, I hope you get the idea. The Internet itself is critical infrastructure, as the communication network enabling most of our interconnected lives. Additionally, payment networks are considered critical infrastructure. You probably see where I’m going with this. I put forward that Bitcoin is critical infrastructure. No government or agency has officially taken that position. Of course, within the Bitcoin community, this definition shouldn’t be surprising. If Bitcoin is the revolutionized monetary system, the replacement to fiat debasement and the antidote to centralized power structures, the freedom money that enables anyone in the world to save and transact freely, then it had better be considered critical. Now, what is the point in my saying this, especially if it shouldn’t be controversial to anyone in the Bitcoin space? It has to do with how critical infrastructure is defended. As mentioned, I’m an industrial cyber security professional, which means that I focus on defending critical infrastructure and other forms of industrial control systems from cyber threats. Critical infrastructure is treated differently from other types of network systems and assets. Whereas for most systems, confidentiality of data and the integrity of the system are considered most important, for critical infrastructure the focus is on keeping the systems running. Additionally, many of the cyber defenses that work for individuals and normal IT systems simply don’t work in critical environments (for many reasons, not overly relevant here). With that in mind, critical infrastructure is defended based on the types of threats they are expected to face. ISA/IEC 62443 (they couldn’t have picked an easier number to remember /s) is one of the most widely used frameworks for industrial cyber security. It defines 4 threat levels and recommends controls based on those: - Protection against casual or accidental threats - Protection against intentional attacks using simple means - Protection against sophisticated attacks using advanced tools - Protection against nation-states or highly-resourced attacks As you can probably gather, the defenses applied are targeted against more and more intense attacks, with greater motivation and resources each time. One piece of necessary context is that “accidental” threats are still bad - we’re talking about untargeted malware floating around on the internet, for example. The accidental part mostly refers to basic security best practices not being followed (no passwords on a computer - it happens!). Now, at this point, I’ll be clear: I considered non-monetary transactions to be a threat against Bitcoin: specifically against its availability. Non-monetary transactions displace block space and force a higher fee rate. In times of frenzy for some new inscription fad, transactions spiked to the point of pricing out whole categories of users from on-chain transactions, made lightning channel openings much more expensive relative to channel size, and hampered the network overall. Additionally, blocks themselves became much more full and the UTXO set increased rapidly, both putting significant pressure on node hardware requirements, risking decentralization. These points have been discussed ad nauseum and aren’t the point of this post, except for me to be clear that I consider these non-monetary transactions to be a type of threat. I’ve analogized elsewhere that in Bitcoin, policy filters are effectively the defense against casual threats. Mapped to the framework above, the first two categories are essentially tackled by policy filters. Casual, untargeted threats are actually mostly handled by node implementation security features, and those are important in themselves for us to be able to have functioning nodes. Simple targeting Bitcoin itself through abusive transactions are effectively blocked through policy. Default tools and wallets don’t even allow submission of abusive transactions in most cases, because they follow default mempool policy. In the cyber security world, this is enough to deter whole categories of casual attackers, who simply move on to the next potential target. There’s no reason to think that this isn’t the case with Bitcoin also. More sophisticated attackers are a different situation. They use bespoke tools and know what they’re doing. They’re able to bypass policy filters and use specific exploits to get their transactions on chain. The level to be able to tackle these attacks is at consensus level. I’ll save further discussion about that for another time, but I’ll emphasize another point here: this is what is done in the cyber security world all the time. Vulnerabilities are identified, tracked, and remediations are developed. Individuals and organizations either fix the vulnerability, put up some other defense to compensate, or leave themselves free to get exploited. An important distinction is also whether a vulnerability is being actively exploited. If that’s the case, it’s only a matter of time before they find and exploit you. In other words: Bitcoin has a choice - fix identified and actively exploited vulnerabilities, or simply accept that this will continue to happen. Forever. I don’t have any intention to imply that Bitcoin should be managed like a business or any other kind of centralized organization. Bitcoin is unique in that it is the only truly decentralized system in the whole world. All other cryptocurrencies have developers who make changes at their discretion, similarly to companies and individuals who can simply decide to do something and do it. It’s different with Bitcoin. The network has to agree. And that’s good! It also means that if significant portions of the network do not agree that something is a threat or that a vulnerability is worth fixing, it may or even will not happen. At this point, those who think something needs fixing could either throw up their hands and decide to live with it, or decide to try to persuade network participants of their view. I’ll finish with another cyber security principle: an attacker with unlimited resources and motivation will always breach your system. This might sound defeatist, but it’s a reminder that no set of defenses is ever perfect. The higher the value of the potential payoff, the more likely an attacker is willing to throw time and resources into exploiting the system to get what they want. In the Bitcoin context, this means that there will always be attackers looking for vulnerabilities, because what is a more valuable payoff than the best form of money the world has ever seen? Does this mean we should give in to the inevitability that SOMEONE is going to attack Bitcoin SOMEHOW, and just give up? In my view, no. That’s not how things work outside Bitcoin. Critical infrastructure is actively defended. Threats and vulnerabilities are identified and remediated as best they can be. The cat and mouse game goes on, but electricity keeps flowing, gasoline gets to the pumps, factories keep pumping out products, ships bring goods to their destination, trains keep running, and water flows from the taps. We don’t notice when everything is working. We sure do notice when something breaks. Let’s not let Bitcoin break. Bitcoin is critical infrastructure, and we should be treating it like it is, keep it running, and save the world.

Mint, relay, or mine

@moonbootspleb @hodlonaut I would completely agree with you.

@lukedewolf @hodlonaut Honestly, I’m tempted to say creating unspendable outputs at all makes you a bad person. Open to being wrong.

If you mint ordinals, you're a bad person.

Yes! If you put any kind of image or unnecessary data on bitcoin you are a bad person! You are potentially ruining humanities one chance at sound money and scamming people out of the little bit they have. You should be ashamed of yourself.

Must listen. Do your part.

@NickDarlington @Hanakookie1 Do they need to sell to be liquid? If yes, sell literally immediately. If not, doesn't matter.

@Hanakookie1 Okay and how do they protect against the volatility from day-to-day?

Why should a business accept Bitcoin as payment?

@GrassFedBitcoin Who's taking shots by the way? Curious to see. Hasn't come across my feed yet.

People are taking shots over the Monetary Maxis' recent enthusiasm about plebs renting hashpower and making their own blocks. Newsflash: That's exactly the same thing Foundry, Antpool, F2Pool etc are doing. Buying compute from people paying zero attention to the blockchain and using it to find blocks. Somehow it's bad when plebs start doing it and decentralize where all this compute is getting pointed? I said it at the start of OCEAN - most people *hate* decentralization when it actually manifests in any capacity. Set datacarriersize to 42 instead of 83? That's censorship! The success/failure of BIP-110? It must be gauged entirely by whether or not two giant mining pool signal for/against it. Spam filters? No. Everyone needs to have identical mempools and any configurability in that regard ripped out because idk it means better fee estimates or some other laughable rationalization. Running some client other than Core? Truly the most heinous act. It's just scammers trying to milk Bitcoin's upstanding purpose for their gain with no regard to the damage they're doing. Do not be deceived.

More decentralization is good. Always.

@philip_dath It's elitist and totally ridiculous. I have no respect for people making this argument.

If you are a Bitcoiner, how would you feel about someone telling you that only rich people should be allowed to run a node, and that poor people have to use a centralised node and accept centralised rules?

@oomahq @GHOSTawyeeBOB @thegaboeth @d0mesticblend Zero sympathy from me.

@lukedewolf @GHOSTawyeeBOB @thegaboeth @d0mesticblend Whoa, dark. We can just kick them out with hashrate. x.com/oomahq/status/…

@oomahq @thegaboeth @GHOSTawyeeBOB @d0mesticblend Of course. That's what I mean by local maximum. They think it's good, but it's bad. And it's getting us stuck.

> Ordinals optimize for a local maximum Even that is dubious. Miners only care about hashprice, and hashprice is a function of difficulty and the fiat valuation of bitcoin. It's easy to make the argument that fiat valuation is low in part because bitcoiners still haven't figured out how to shake out these parasites and thwart their attacks. So ordinals might be hurting miners much more than they benefit them.

@Dimi_h @thegaboeth @GHOSTawyeeBOB @d0mesticblend They believe they're growing adoption. It's the wrong kind of adoption. And they're bad people.

@lukedewolf @thegaboeth @GHOSTawyeeBOB @d0mesticblend You're being too kind still. Ordinals optimize nothing.

@satofishi @bitschmidty What? So, just because they're not big enough, they're not worth doing? Bugs are bugs. Fix them. These aren't controversial.

Bitcoin has far more than just four known vulnerabilities. These four issues addressed by BIP-54 are, in my view, relatively trivial historical edge cases. I don’t believe they are significant enough to warrant the coordination cost, node upgrade effort, and community attention required for a soft fork. Instead, we should focus our limited development resources on far more critical and higher-impact problems.

With an increasing number of discussions around the BIP54 “Consensus Cleanup” soft fork proposal, I helped put together an information site about BIP54. “Bitcoin has four known vulnerabilities that have gone unfixed for 15 years. BIP54, "Consensus Cleanup", proposes four narrowly-scoped changes to address these issues in Bitcoin's consensus rules that date back to the original version of Bitcoin in 2009.” bip54.org

@thegaboeth @GHOSTawyeeBOB @d0mesticblend Absolutely not. Ordinals optimize for a local maximum, prioritizing short-term gains over long-term adoption. And they're a straight-up scam. If you mint ordinals expecting profit, you're a straight up snake-oil salesman and a bad person.

@GHOSTawyeeBOB @d0mesticblend Ordinals test Bitcoin’s blockspace demand. If fees rise, it strengthens security long-term. Shows organic use beyond just money.

@hodlonaut @saylor Very good question.

@saylor What do you think of the state of Bitcoin Core governance and funding, Michael? Bitcoin doesn't win if it is diluted into a new Ethereum. citadel21.com/the-network

Bitcoin has won. Global consensus is that $BTC is digital capital. The four-year cycle is dead. Price is now driven by capital flows. Bank and digital credit will determine Bitcoin’s growth trajectory. The biggest risk is bad ideas driving iatrogenic protocol changes.

@Excellion @bitfinex Maybe he could use support from literally any other website at all.

Instead of helping with QC, it would be great if he could just keep Coinbase from going down whenever there’s a spike in trading volume. Maybe he could use some technical support from @bitfinex engineers.

It’s been almost 10 years since the Blocksize Wars ended and Brian hasn’t changed at all. He still carries the exact same complete lack of humility and understanding. Brian forms the opinion first, along with a prescribed course of action and timeframe, instead of starting by understanding the nuanced problem and tradeoffs. Solving the QC problem later rather than sooner is the best course of action. ➡️ Hastily changing from ECDSA/Schnorr to PQ signatures may make Bitcoin vulnerable to classical computing attacks today. Simply put: make Bitcoin safe against quantum computers just to get pwned by normal computers. ➡️ PQ signatures will likely be 10-125x larger than current ones, and massively reduce throughput. Possibly paving the way for Blocksize Wars 2.0. (h/t @_jonasschnelli_) ➡️ Proposed PQ solutions could be a Trojan horse to implement backdoors for RNGs or PQ encryption schemes. There are examples of the NSA doing this, first discovered by cypherpunk researchers and later confirmed by @Snowden leaks. Given that quantum computers don’t actually exist and likely won’t exist for another 10-20 years, the worst possible course of action is to rush a fix. That’s not to say work shouldn’t be done to prepare, and there is already much work being done. If you’re still worried about quantum computing, you should know that Coinbase wallet infrastructure is vulnerable to QC because of address reuse. In fact, that’s the default for Coinbase Prime, which serves institutional clients. So Brian should probably fix this first. Physician, heal thyself.

Read this post by Samson. Very well thought-out.

Plebs, I implore you to take this shit seriously. Like most of you, in 2023, I was sitting on the sidelines...believing all the influencers and podcast experts about how spam is going to get "priced out" and that it's a "nothing burger." Here we are, 3 years later, the data doesn't lie...spam crowds out monetary/financial transactions. Spam now makes up 40-60% of blocks in the last half year since Core v30 signaled standardization of large arbitrary data. The trend is moving towards Bitcoin as a dumping ground for dickbutt JPEGs, and not as a pristine store and transmission of monetary transactions. At what point do we start giving a fvck? When 70% of blocks are filled with crap? 80%? 90%? 99%? The GOOD NEWS is, there are solutions in place that will turn the tide. YOU have the power to reverse thsi trend. Coretards will gaslight you into believing there's nothing you can do...don't believe their lies...it's super easy to do: 1. Run your own node (@start9labs, @parman_the, @umbrel) - all these options offer you pretty much plug and play setup of your node. 2. Read this guide (rentsomehash.com)...it'll walk you through all the steps below. It's super easy to do, just get started like I did. 3. Install Knots + BIP-110. 4. Start mining/hashing (self-host or rent some hashpower) and point your hash to OCEAN + DATUM. Doing this, you will: ✅Help secure your stack and Bitcoin by being a significant participant in the network ✅Actually contribute to Bitcoin mining decentralization (lolz at anything Coretards have done on this front for years) ✅Contribute to BIP-110 block probability and its successful activation, significantly curtail spam moving forward ✅Contribute to keeping block template construction out of the hands of MARA, Foundry, et al. ✅Support OCEAN + DATUM growth (the peeps that are actually doing anything meaningful about mining decentralization) I've put my money where my mouth is, you can too!