exmeel

story time. the recently disclosed nutshell cashu mint vulnerability is as ironic as it gets. it’s very similar to an inscription which is hilarious. as per the cashu spec, a HTLC must have a preimage witness size of 32 bytes. unfortunately, the mint never checked the size before validating and storing it in its db. we simply overlooked it. since users never paid a fee that depends on the witness size (because we assumed it would be constant), this allowed the attacker to store jpgs of dickbutts in a mints database. for free! fortunately there’s no messy consensus in cashu. every mint operator dictates their own rules. the fix is simple: now we reject all tokens with a witness that’s too large. those maliciously crafted tokens (of which we haven’t seen any in the wild) can’t be spent anymore. i must admit, given my recent active engagement in the filter debate, this is probably the funniest exploit possible. i own this one and i’m giggling as i type this. it’s pure comedy. however, this doesn’t mean the disclosure has gone well. the attacker has proven to be malicious and refused to coordinate with us. instead, he’s putting active mints at risk. this is not how responsible disclosure works. very unprofessional. if you run a mint or know someone who does, update to the latest version (0.18.1) where this issue is fixed. funds were never in danger. it’s certainly worth a laugh. grill me. this one is simply too good. 😊 thanks to the entire cashu team for their amazing work and their swift reaction. you’ve handled it like pros.

This is a long post that hopefully bridges some gaps between technical people (devs) and non-technical users and how they look at spam prevention in Bitcoin. I hope that it clarifies why I think that there is such a huge misunderstanding between both camps. I'll preface this post with first disqualifying any malicious attempts to misrepresent the motives of either camp. Everybody wants to improve Bitcoin as money. Money is Bitcoin's use case. It's not a data storage system. If you think otherwise, there are countless shitcoins to play with. Alright, let's get into it. I have worked on anonymous systems for over a decade. I have read tons of research on spam detection, rate-limiting, and I've implemented spam prevention techniques in the real world. I am very confident to say that there is not a single known method to prevent spam in decentralized anonymous open networks other than proof of work. This is what Satoshi realized when he designed Bitcoin and it's why only transaction fees can reliably fight spam without sacrificing any of Bitcoin's properties. Let me explain. Spam prevention is a cat and mouse game. As a system's architect, your goal is to make the life of a spammer harder (increase the friction). This is why, on the web, you see captchas, sign-ups, or anything that can artificially slow you down. Slowing down is key. This is why Satoshi turned to proof of work. Let's contrast this to other methods for spam prevention. This is not an exhaustive list but it illustrates the design space of this problem, other methods are often derivatives of these: CAPTCHAS are a centralized form of proof of work for humans: Google's servers give you a hard-to-solve task (select all bicycles) that will slow you down so that you can't bombard a website with millions of requests. It requires centralization: you need to prove Google that you're human so that you can use another website. If you could host your own CAPTCHA service, why would anyone believe you're not cheating? LOGINS with email and passwords are most popular way to slow down users. Before you can sign up, you need to get an email address, and to get an email address, you often need a phone number today. The purpose of this is, again, to slow you down (and to track you to be honest). It only works well when emails are hard to get, i.e. in a centralized web where Google controls how hard it is to get an email account. If you could easily use your own email server, why would anyone believe you're not a bot? The next one is the most relevant to Bitcoin: AD BLOCK FILTERS are another form of spam prevention but this time the roles are reversed: you as a user fight against the spam from websites and advertising companies trying to invade your brain. Ad blocking works only under certain conditions: First you need to be able to "spell out" what the spam looks like, i.e. what the filter should filter out. Second, you need to update your filters every time someone circumvents them. Have you ever installed a youtube ad blocker and then noticed that it stops working after a few weeks? That's because you're playing cat-and-mouse with youtube. You block, they circumvent, you update your filters, repeat. The fact that you need to update your filters is critical and that's where it ties back to Bitcoin: Suppose you have a mempool filter for transactions with a locktime of 21 because some stupid NFT project uses that. You maybe slow them down for a few weeks, but then they notice it and change their locktime to 22. You're back at zero, the spam filter doesn't work anymore. What do you do? You update your filter! But where do you get your new filter from? You need a governing body, or some centralized entity that keeps updating these filters and you need to download their new rules every single day. That's what ad blockers in your web browser do. They trust a centralized authority to know what's best for you, and blindly accept their new filters. Every single day. I hope you see the issue here. Nobody should even consider this idea of constantly updating filter rules in Bitcoin. This would give the filter providers a concerning level of power and trust. It would turn Bitcoin into a centrally planned system, the opposite of what makes Bitcoin special. This is why filters do not work for decentralized anonymous systems. They require a central authority. Until now, these rules were determined by Bitcoin Core, but they have realized that these rules do not work anymore. Transactions bypass the filters easily and at some point, carrying them around became a burden to the node runners themselves. Imagine you're using an outdated ad blocker but instead of filtering out ads, it now also filters out legitimate content you might be interested in. That's what mempool filters do, and that's why Bitcoin Core is slowly relaxing these filters. This has been discussed for over two years, it's not a sudden decision. The goal of this change is not to help transactions to slip through more easily. The goal is to improve your node's prediction of what is going to be in the next block. Most people misrepresent this part. They say "it's to turn Bitcoin into a shitcoin" but that is just a false statement at best, or a manipulation tactic at worst. Let's tie it back to proof of work and why fees are the actual filter that keeps Bitcoin secure and prevents spam reasonably well: Satoshi realized that there is no technique that could slow down block production and prevent denial of service attacks in a decentralized system other than proof of work. Fees prevent you from filling blocks with an infinite number of transactions. All the other options would introduce some form of trust or open the door for censorship – nothing works other than proof of work. He was smart enough to design a system where the proof of work that goes into block production is "minted" into the monetary unit of the system itself: You spend energy, you get sats (mining). This slows down block production. How do you slow down transactions within those blocks? You spend the sats themselves, original earned form block production, as fees for the transactions within the block! This idea is truly genius and it's the only reason why Bitcoin can exist. All other attempts of creating decentralized money have failed to solve this step. Think about it: without knowing who you are, whether you're one person pretending to be a thousand, or a thousand people pretending to be one. Bitcoin defends itself (and anyone who runs nodes in the Bitcoin system) from spam by making you pay for your activity. People sometimes counter this by saying: the economic demand for decentralized data storage is higher than the monetary use case. First of all, I think that's just wrong. There are way cheaper ways to store data (there are shitcoins for this), and the value of having decentralized neutral internet money is beyond comparison. However, there's a much deeper concern here. If you truly believe this, I ask you: what is Bitcoin worth to you? If you think Bitcoin can't succeed as money (i.e. be competitive), why do you even care? If you're not willing to pay fees for the use case that we all believe Bitcoin is designed for (money), and you believe that no one is willing to pay for it, how can it even persist into the future? You can't have it all. If Bitcoin is money (which I believe it is), then we need to pay the price to keep it alive. There is no free lunch. Either we centralize, or we pay the price of decentralization. I know where I stand. Peace.

We're partnering with @bitkey to give away a hardware wallet! 🟠 Just RT this tweet to enter. That's it ✅ Winner announced Tuesday 9/30 at 4PM EST.

"Slaves used to work all day, every day, with no pay. But they got free food, water, and shelter." "Today, we work all day, nearly every day, and we get paid. But the money we make, we spend on food, water, and shelter." "We're still slaves. The only thing that has changed is the illusion of freedom."

you must be kidding me right @GooglePlay? do you have any actual rules for publishing apps? your communication with developers is beyond any professional standards. after weeks of complying with their requests, now they've decided to remove "bitchat" for profanity! PROFANITY! The bitchat @Google play store saga so far: - first they publish an impersonator app which got over 100k downloads - dozens of reports for impersonation didn't help, only after causing a shitstorm on X things actually started moving - I tried to submit the real bitchat app 5 times, don't even get me started on "you need 12 testers for 2 weeks before you can publish anything" - my app gets rejected for "copyright" – DUDE I'M THE COPYRIGHT OWNER - nothing working, no reply on appeals for a week until I cause another shitstorm on X, finally things are moving again - I resubmit the app, following their instructions *exactly*, thinking finally we've covered all their requirements - now I get a rejection because of PROFANITY. seriously? what about the numerous impersonators and all the other "bitchat" knockoffs you publish on the store... to this date? this is the worst experience I've ever had. without a sizable following on X, how would I ever had progressed at this at all? do you need friends at Google to publish an app?

The greatest scam in history... The creation of the Federal Reserve:

Seguro que no lo sabéis... 👇👇👇👇👇👇👇👇👇👇

We need to talk. Not about price. Not about hype. About the future. Most Bitcoin doesn’t move on Bitcoin anymore. It trades on paper. In ETFs. In proxy stocks. On platforms that never touch the chain. The financialization is accelerating. Wall Street loves it. No keys, no coins—just exposure. But there’s a problem: Miners secure Bitcoin. They get paid through the block subsidy. Every 4 years, that subsidy gets cut in half. Eventually, the only thing left will be fees. But fees come from usage. From people actually settling on-chain. From mempools that aren’t empty. If the world keeps using Bitcoin through layers that never pay miners, what happens when the subsidy runs dry? Miners starve. Hashrate drops. Security cracks. Censorship creeps in. This isn’t FUD. This is the bill coming due. So if you believe in Bitcoin—really believe— don’t just hold it. Use it. Settle on-chain. Pay the fee. Run the node. Support the thing you say you love. Bitcoin can’t be secured by paper. And it won’t survive on faith alone. The revolution doesn’t happen on Wall Street. It happens here. Don’t let Bitcoin get financialized to death. P.S. I want to do my part. I’ll send 5,000 sats on-chain to 10 people who like, retweet, and follow. Let’s support the network, together. ⚡

🔴 Las palabras de esta mujer HASTA EN LA SOPA Tenemos un gobierno criminal Y PUNTO

Earn it? Taxed. Spend it? Taxed. Save it? Taxed. Invest it? Taxed. Build it? Taxed. Sell it? Taxed. Live in it? Taxed. Drive it? Taxed. Eat it? Taxed. Drink it? Taxed. Smoke it? Taxed. Give it away? Taxed. Die? Still taxed. And what do they do with it? Waste it. This has to stop - our money & our future are being taxed into oblivion.

💥Los medios internacionales se hacen eco de lo hipócrita y ridícula que es Teresa Ribera… Llega a Valladolid en jet privado, se sube a un coche oficial y saca la bici a 100m para mostrar eco movilidad… Fuera de España cazan a los falsantes y hipócritas en menos de 24h.

The entire financial system is going to be built around Bitcoin. This is fucking genius.

#Bitcoin was at $19k when @carlabitcoin made this song. Every legacy media publication, TardFi troll, & statist simp was calling it “dead.” But now, instead of telling them to “suck DN, you feckless toads” I will simply say “Bitcoin is Defiance.”

VIDEO: @RepThomasMassie crushes “climate change” alarmist John Kerry in a Congressional committee hearing. Kerry just attacked Donald Trump on his plan to pull the U.S. out of the Paris Climate Agreement again as he did in his first term. Do you believe that man caused climate change is real?

🔴#URGENTE El Ministerio de Defensa, está dando órdenes a los militares de lo que tienen que decir. D I F U N D I R👇

Escucha a Cristian... Cuanta injusticia hay en éste país...

👇👀👀👀

Espero que la vida os devuelva el doble de lo que estáis haciendo por los demás. Se lo deseo a la buena gente y a la mala también.

👇👀👀👀👀 (1)