This is incredibly sinister. I had no idea! Thanks for drawing my attention to the issue.

Looking forward to hearing hour the next 22 hours went!

One of my favorite bands is Moonsorrow. 15, 20, 25 minute songs. Epic, pagan black metal. Lyrics almost exclusively in Finnish.

I put on one of their songs and feel instantly relaxed.

This is what I'm listening to now:

https://open.spotify.com/track/35tbcLF8iniGHOiIy9vPZ6?si=9d1325e9382543f7

My day started at 4AM helping my friend nostr:nprofile1qyghwumn8ghj7mn0wd68ytnhd9hx2tcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsqg8c6ssjffewmzvfvfr6myf0glwhdtrtdnw3plsh3a0qft8745x55gpvx32y buy Beef Bits before departing Finland.

My life is blessed. I love you all.

nostr:nevent1qvzqqqqqqypzpz36uu7xh7u5vvq8j62wm2sm9f3slun2734aue6vue7zx4sgf5qkqqspa6ye32dkrh04q6e69t4njwal5cy04jydwacqw3qgx54vwl29n4qfthe29

I really enjoyed this one, and I hope it provides value in this wider conversation.

nostr:nevent1qvzqqqqqqypzpw3089yrxevywh53dq9cnrumurcas5qkd34g88d7ppxsye4ddcs2qy88wumn8ghj7mn0wvhxcmmv9uq3samnwvaz7tmwdaehgu3wvd5xz6tdvyhxjmnxduhszxmhwden5te0wfjkccte9ekkjmnywvhxxmmd9ahx7um5wgqzpcw2vlw34ahv3429fe6yu7jswlhanqsh5kf2c8rlz0rqrzzg2ncaknqf6c

You can subscribe to our episodes now if you'd like to support us, with ad-free episodes one day early!

We also forward 21% of our value for value to our guest, because we couldn't do it without them.

The latest nostr:nprofile1qys8wue69uhkummnw3ezu6r0d4jkuet5wahhy6mc9ehx2ap6xsurgwqpzamhxw309aex2mrp0yh8xmn0wf6zuum0vd5kzmqqyzletcdyt027ch9q6ss0fa2u6qtyt3uynatlm5fm33d0a38tmnyyswdk3zk Show is out now, with nostr:nprofile1qyx8wumn8ghj7cnjvghxjmcpz4mhxue69uhk2er9dchxummnw3ezumrpdejqqgxchnavlnv8t5vky5dsa87ddye0jc8z9eza8ekvfryf3yt649mytvhadgpe .

Check it out on nostr:nprofile1qy2hwumn8ghj7etyv4hzumn0wd68ytnvv9hxgqtxwaehxw309anxjmr5v4ezumn0wd68ytnhd9hx2tmwwp6kyvtkx46kv7tgx3kxketnd3nhs7rrvdkxwwrxxp585ct6dpshwdmjwdexsanxw96hs7ndxfnxkd35vvmny6rswv6r2m3swc6n7cnjdaskgcmpwd6r6arjw4jsqgr98zf9a0akv86p3kx86p6tachg4lthsuqamzg8psk6jdk4w8j4cv6qcgkr

https://fountain.fm/episode/HiBPL8bQhcC4iZ3uEStL

With host nostr:nprofile1qy28wumn8ghj7et0wd6xzemjv9kjucm0d5hsz8thwden5te0dehhxarj95crztnev94kj6r0dehx2tnrdakj7qpqjt97tpsul3fp8hvf7zn0vzzysmu9umcrel4hpgflg4vnsytyxwuqxt3hw8

My local butcher accepts Bitcoin!

I just got back from Kotitila near Kalasatama in Helsinki. I picked up a couple of bags of nostr:nprofile1qqstlj7mpf4c8h473vpr9vglazye3j3vaww66u2y7pxtzhtnj2pp37qppemhxue69uhkummn9ekx7mp0qywhwumn8ghj7mn0wd68ytnzd96xxmmfdejhytnnda3kjctv9urhxmql, some ground beef, and a keto pizza from nostr:nprofile1qqsg5wh8834lh9rrqpukjnk65xe2vv8ly6h5d00xwn8x0s34vzzdq9spz3mhxue69uhkymm5wvh82arcduhx7mn99uq3samnwvaz7tmwdaehgu3wdfjhyunedeukztnxw4hq22jhnu. Paid in sats.

Check them out if you're in Helsinki, such as for nostr:nprofile1qqs89v5v46jcd8uzv3f7dudsvpt8ntdm3927eqypyjy37yx5l6a30fcprpmhxue69uhkc6t8dp6xu6twvaex2mrp0yhxxmmdqyxhwumn8ghj7mn0wvhxcmmvkq58xa!

Cloudflare is down, right?

Good take Matey.

We had a good run :(

Look the evil in the eye. If you can.

This is a great series Jimmy. Thanks for covering this important issue.

That's not what it means. And I'm not kidding.

I would advocate for consensus changes to fix known exploits. Plus as many known theoretical attack vectors as possible.

Bitcoin is critical infrastructure.

What do I mean by that? I have a specific definition, stemming from my experience as an industrial cyber security professional.

Critical infrastructure refers to assets, systems, or networks whose disruption would have a profound effect on security, economic stability, public health and safety, or some combination. What this means in practice are those things that we can’t live without in our modern society: electricity generation and grids, oil, gas, and fuel infrastructure, factories, hospitals, transport networks. The list goes on, I hope you get the idea.

The Internet itself is critical infrastructure, as the communication network enabling most of our interconnected lives. Additionally, payment networks are considered critical infrastructure. You probably see where I’m going with this.

I put forward that Bitcoin is critical infrastructure. No government or agency has officially taken that position. Of course, within the Bitcoin community, this definition shouldn’t be surprising. If Bitcoin is the revolutionized monetary system, the replacement to fiat debasement and the antidote to centralized power structures, the freedom money that enables anyone in the world to save and transact freely, then it had better be considered critical.

Now, what is the point in my saying this, especially if it shouldn’t be controversial to anyone in the Bitcoin space?

It has to do with how critical infrastructure is defended.

As mentioned, I’m an industrial cyber security professional, which means that I focus on defending critical infrastructure and other forms of industrial control systems from cyber threats.

Critical infrastructure is treated differently from other types of network systems and assets. Whereas for most systems, confidentiality of data and the integrity of the system are considered most important, for critical infrastructure the focus is on keeping the systems running. Additionally, many of the cyber defenses that work for individuals and normal IT systems simply don’t work in critical environments (for many reasons, not overly relevant here).

With that in mind, critical infrastructure is defended based on the types of threats they are expected to face. ISA/IEC 62443 (they couldn’t have picked an easier number to remember /s) is one of the most widely used frameworks for industrial cyber security. It defines 4 threat levels and recommends controls based on those:

- Protection against casual or accidental threats

- Protection against intentional attacks using simple means

- Protection against sophisticated attacks using advanced tools

- Protection against nation-states or highly-resourced attacks

As you can probably gather, the defenses applied are targeted against more and more intense attacks, with greater motivation and resources each time.

One piece of necessary context is that “accidental” threats are still bad - we’re talking about untargeted malware floating around on the internet, for example. The accidental part mostly refers to basic security best practices not being followed (no passwords on a computer - it happens!).

Now, at this point, I’ll be clear: I considered non-monetary transactions to be a threat against Bitcoin: specifically against its availability. Non-monetary transactions displace block space and force a higher fee rate. In times of frenzy for some new inscription fad, transactions spiked to the point of pricing out whole categories of users from on-chain transactions, made lightning channel openings much more expensive relative to channel size, and hampered the network overall. Additionally, blocks themselves became much more full and the UTXO set increased rapidly, both putting significant pressure on node hardware requirements, risking decentralization. These points have been discussed ad nauseum and aren’t the point of this post, except for me to be clear that I consider these non-monetary transactions to be a type of threat.

I’ve analogized elsewhere that in Bitcoin, policy filters are effectively the defense against casual threats. Mapped to the framework above, the first two categories are essentially tackled by policy filters. Casual, untargeted threats are actually mostly handled by node implementation security features, and those are important in themselves for us to be able to have functioning nodes. Simple targeting Bitcoin itself through abusive transactions are effectively blocked through policy. Default tools and wallets don’t even allow submission of abusive transactions in most cases, because they follow default mempool policy. In the cyber security world, this is enough to deter whole categories of casual attackers, who simply move on to the next potential target. There’s no reason to think that this isn’t the case with Bitcoin also.

More sophisticated attackers are a different situation. They use bespoke tools and know what they’re doing. They’re able to bypass policy filters and use specific exploits to get their transactions on chain. The level to be able to tackle these attacks is at consensus level. I’ll save further discussion about that for another time, but I’ll emphasize another point here: this is what is done in the cyber security world all the time. Vulnerabilities are identified, tracked, and remediations are developed. Individuals and organizations either fix the vulnerability, put up some other defense to compensate, or leave themselves free to get exploited. An important distinction is also whether a vulnerability is being actively exploited. If that’s the case, it’s only a matter of time before they find and exploit you.

In other words: Bitcoin has a choice - fix identified and actively exploited vulnerabilities, or simply accept that this will continue to happen. Forever.

I don’t have any intention to imply that Bitcoin should be managed like a business or any other kind of centralized organization. Bitcoin is unique in that it is the only truly decentralized system in the whole world. All other cryptocurrencies have developers who make changes at their discretion, similarly to companies and individuals who can simply decide to do something and do it. It’s different with Bitcoin. The network has to agree. And that’s good!

It also means that if significant portions of the network do not agree that something is a threat or that a vulnerability is worth fixing, it may or even will not happen. At this point, those who think something needs fixing could either throw up their hands and decide to live with it, or decide to try to persuade network participants of their view.

I’ll finish with another cyber security principle: an attacker with unlimited resources and motivation will always breach your system. This might sound defeatist, but it’s a reminder that no set of defenses is ever perfect. The higher the value of the potential payoff, the more likely an attacker is willing to throw time and resources into exploiting the system to get what they want. In the Bitcoin context, this means that there will always be attackers looking for vulnerabilities, because what is a more valuable payoff than the best form of money the world has ever seen?

Does this mean we should give in to the inevitability that SOMEONE is going to attack Bitcoin SOMEHOW, and just give up? In my view, no. That’s not how things work outside Bitcoin. Critical infrastructure is actively defended. Threats and vulnerabilities are identified and remediated as best they can be. The cat and mouse game goes on, but electricity keeps flowing, gasoline gets to the pumps, factories keep pumping out products, ships bring goods to their destination, trains keep running, and water flows from the taps. We don’t notice when everything is working. We sure do notice when something breaks.

Let’s not let Bitcoin break. Bitcoin is critical infrastructure, and we should be treating it like it is, keep it running, and save the world.

Congratulations Matt!

I understand that perspective. Unintended consequences is always a thing.

Still, I don't see why we can't fix obvious exploits that are being abused. Otherwise, we just live with things as they are. Maybe it's fine, but maybe it isn't.

Tiresome. Oh well!

Cybersecurity is all about defense. Defending against attackers (threats).

There are a few basic types of attackers:

- The opportunists who will take advantage of an easy win but will stop when they meet trivial resistance

- Sophisticated actors looking for financial gain (think ransomware or extortion for data)

- Determined actors with extensive resources who want to do bad things (nation-states, industrial sabotage)

(As with all things, I'm simplifying a little)

In industrial cybersecurity (my day job, if you didn't know), defenses are all built around the type of threat actor they aim to stop.

The opportunists give up after very little resistance. Things like strong passwords or two-factor authentication or a locked door are usually enough to stop them.

More sophisticated actors need tailored defenses. You can't cover every attack vector, and it's pretty much a constant cat-and-mouse game. But it's necessary for pretty much all companies to implement some basic protections that stop most cyber threats. Again, you can't stop everything, but you can mitigate most damage.

The determined actors like nation-states are difficult. It's taken as a given that an actor with unlimited time and resources will breach your system. The whole idea there is to make it as difficult as possible to get what they want, and perhaps they give up.

This maps onto Bitcoin:

The opportunists are stopped by filters. If their transaction won't be accepted by most nodes, they just don't do it.

More sophisticated spammers try to find new vectors to attack the system. They've found various exploits to abuse.

And ultimately, someone who REALLY wants to put their data on Bitcoin will do so. But, we could make it difficult for them.

The whole reason I bring all of this up is: outside of Bitcoin, we play the cat-and-mouse game with cyber attackers. We have no other choice! The world enabled by the internet would be worthless if attackers could just do whatever they want.

We have the ability to fix some specific bugs which are being actively exploited. Outside of Bitcoin, this is a no-brainer.

We can also make it as difficult as possible to put arbitrary data on Bitcoin. This is how we attempt to stop the most determined threats attacking critical infrastructure.

Of course, Bitcoin is a distributed system and requires consensus. I don't want to change that.

Therefore, I advocate for building consensus towards putting up some basic defenses and fixing exploits that are being abused. That's how we can defend against threats to Bitcoin.

This was a blast!

🧡

Thanks Jake, hope all is good with you!

GM Nostr!

I'm back after a bit of a self-enforced social media hiatus. It was Nostr, Twitter, everything.

I was more than a little burnt out after BTC HEL. I didn't really get a proper break after the conference, since I went straight back to my fiat job the next day. All I had energy for was keeping the lights on at nostr:nprofile1qys8wue69uhkummnw3ezu6r0d4jkuet5wahhy6mc9ehx2ap6xsurgwqpzamhxw309aex2mrp0yh8xmn0wf6zuum0vd5kzmqqyzletcdyt027ch9q6ss0fa2u6qtyt3uynatlm5fm33d0a38tmnyyswdk3zk .

I was also more than a little shaken up by Charlie Kirk's death. I won't say much more about that here, but the TLDR is I did a lot of thinking about the risks of being public and saying controversial things. I was strongly considering taking a big step back from the space.

Nope!

I'm back, and ready to get started on new things!

I got out to a couple of fantastic conferences, first BTC Balkans in Sofia, Bulgaria, then the Plan B Forum in Lugano. My Bitcoin batteries are fully recharged, even if I was pretty exhausted after a week of conferencing. Reconnecting with old friends and making new connections is what this is all about.

I especially enjoyed the Rockamoto in Lugano - I can't believe I get to do all this cool stuff! Thanks nostr:nprofile1qy28wumn8ghj7et0wd6xzemjv9kjucm0d5hsz8thwden5te0dehhxarj95crztnev94kj6r0dehx2tnrdakj7qpqjt97tpsul3fp8hvf7zn0vzzysmu9umcrel4hpgflg4vnsytyxwuqxt3hw8 , nostr:nprofile1qyxhwumn8ghj7mn0wvhxcmmvqy28wumn8ghj7un9d3shjtnyv9kh2uewd9hsqgz9ywl935u4kxced2dceq4s8zmgjh9s9d5r6rp98224q6xm58av6qehgud9 , and nostr:nprofile1qyx8wumn8ghj7cnjvghxjmcpz4mhxue69uhk2er9dchxummnw3ezumrpdejqqgxfkx0le4p7df0j8v7jwyrvux0y45kl3xapqvwagctlrdv3uyyfv5lgpykq for just being awesome! Looking forward to next time!

As for me, it's full speed ahead with the Bitcoin Infinity Show and the Bitcoin Infinity Academy! You may have noticed that I took a step back from the Bitcoin Infinity Show - it's just Knut now, at least in front of the camera. I'm still behind the scenes doing all the editing, but I couldn't keep my schedule flexible enough to join the recordings. I miss it, and I plan to change that.

And of course, I'm involved in the planning for next year's nostr:nprofile1qyv8wumn8ghj7mrfva58gmnfdenhyetvv9ujucm0d5qs6amnwvaz7tmwdaejumr0dsqzqu4j3jh2tp5lsfj98eh3kps9v7ddhwy4tmyqsyjgj8cs6nltk9a88cnzfe - stay tuned for all the details about next year's conference, and don't hesitate to reach out if you want to speak!

Thanks everyone for making this community amazing. I'm full of gratitude, and I can't wait for what's in store ahead.

Bookmarked for later!

I didn't hear anything about the feet pics. Link?

It's actually so cringe. He's made some amazing contributions, especially to Nostr! It's a shame to see behavior like this.

The biggest flaw of the pro-Core position, in my view, is that it's purely an appeal to authority, specifically the authority of the Core developers. In Bitcoin, you're supposed to not trust, but verify. But we're being told to trust this group of developers who ram through a controversial change without listening to the community.

And you can verify what they're doing, too. This change doesn't need to happen. It's perfectly valid to oppose the changes made in Bitcoin V30.

It's sickeningly elitist to suggest that you're not supposed to have an opinion about Bitcoin unless you contribute to the code. That's not how this works.

What doesn't make sense about it?

Great info Susie!

That's one of the options. Maybe possible soon. Thanks for your thoughts!

Hey Nostr, please give my friend Simon a big #Nostr welcome! I'm super proud of him for taking his first steps in the Bitcoin and Nostr world!

nostr:nevent1qvzqqqqqqypzp6qsk8892ud3jexdszzykr0mh4d80pt6c3ugf7wrjycy2kyh520cqqsfa4jc52909f2tsw25azwu52awsysagdu64r6nd8seuyf0khhw7egz0az3u

Great to meet you Duchess!

This was indeed a special evening. Thanks nostr:nprofile1qqsvnvvlln2ru6jlyweayugxecv7ftfdlzd6zqca63sh7x6ercggjegpp3mhxue69uhkyunz9e5k7qg4waehxw309ajkgetw9ehx7um5wghxcctwvszvprka for putting it together, and for the invitation!