Bitcoin Q&A: Governance and social attack immunity

Harry asks, “Who are the maintainers of Bitcoin Core?” “Is it possible to know what privileges
they each have at any given time?” First of all, let’s disambiguate the term ‘maintainer’ a bit. There is a difference between contributors, committers,
and maintainers in an open-source project, [partly] hosted on GitHub in the style
that the Bitcoin Core project is. Let’s de-obfuscate those [roles]. Contributors are people
who make pull-requests and actively contribute code. All changes to Bitcoin Core
happen through pull-requests. Nobody commits [new changes] directly to a [release]
branch without a full review of their pull request. All changes go through a pull-request process. Maintainers are people responsible for gathering
all of the change request that have been approved… by the broad social consensus
of the development community. Changes must have broad consensus and
acceptability to be included into the next release. [after discussion about] how to sequence them, when to
package them, and what each release should include. Even [those] decisions are heavily influenced by the
collaborative communication between contributors, who are commenting on the pull-requests and [fostering]
open discussions about [development timelines]. A maintainer’s job is to schedule the releases
and project manage them in a timetable, ensuring that the right changes are included,
putting them through quality assurance testing, and then finally producing a release as a bundle
of changes with a specific version number. That [comes with] release notes about what changed,
who changed it, who contributed, what effects it has, why the changes were [made], and any upgrade
or migration steps that are necessary. Maintainers collect all of that documentation. Today, the [lead] maintainer for
Bitcoin Core is Wladimir van der Laan. They have another maintainer who is now working
to assist Wladimir, mostly as the wallet maintainer. [His name is Samuel Dobson, @meshcollider].
He was recently given that responsibility. But the [lead] maintainer is [still]
Wladimir van der Laan, @orionwl. The number of contributors is anywhere from
thirty to forty people who contribute regularly… to almost every release, to more than five hundred
[people] who have contributed to different extents. People come and go; this is a vast, sprawling project. There is another question, which is:
who has commit access to the repository? That [question] comes up all the time,
but it is not really a relevant question. The people who have commit access to
the repository don’t use that commit access. If they do have it, they don’t use it. All commits [are done] by the project
maintainers, [who manage releases]. It is a very different perspective [from most projects]. Who can sign with a trusted PGP key?
Who can commit to the repository? Who can register those commits in the repository?
Who decides what changes happen for each release? [Essentially], who decides versus who contributes
the changes are all different roles. At the moment, there are specifically five keys.
I am looking at the documentation here. [The keys] belong to van der Laan, Pieter Wuille,
Jonas Schnelli, Marco Falke, and Dobson. These are the five people who have PGP keys
that can sign commits into the repository, but they are not necessarily the people
who are making the commits. The release scheduling and committing of
changes [is done] by Wladimir van der Laan, who doesn’t make decisions about what changes go in. Wladimir simply reflects, and does administrative
work for, decisions which have already been made… by the community. In fact, he exercises very little authority over
what goes into a [Bitcoin Core] release. He reflects decisions that have already been
made in a very collaborative and open manner, through discussions on the pull-requests
and project notes [around] the code. So, it is very different than what you see at the surface. By the way, there is a really nice article by Jameson Lopp
about the maintenance of Bitcoin Core: how it works, who has commit access, who has privileges, etc. It is a Medium article called “Who Controls Bitcoin
Core?” by Jameson Lopp, if you want to read more. That is just one of the sources you might use. [AUDIENCE] You told us that Bitcoin is [becoming]
stronger when it is attacked. [ANDREAS] Yes. [AUDIENCE] Bitcoin has antibodies that make it stronger.
Even the hardest threats seem to make it grow better. Do you think there are threats that are maybe not sophisticated, not so scary, but for which Bitcoin is less prepared to react? Something that can be technical or social, something
subtle or unexpected, toxic and unhealthy for Bitcoin? [ANDREAS] Yeah, I do think those [threats] exist. For the most part, we have seen a number of social
attacks against Bitcoin, against the community. Attempts to create unnecessary drama
that distracts people from the real focus. What has become clear is, one of the ways to
slow down [the development of] a cryptocurrency… is to create drama inside the communities. That has been attempted. I would say, in some ways, it was successful.
It did not stop us, but it has slowed us down. I try not to feed the drama. I think it is important to remain focused on the
technology and stop paying attention to the people. The more time you spend talking about people…
That is gossip. It is not [technical work]. So don’t. Ignore the personalities. Focus on the technology
and what is actually happening in the space. [The gossip] is not real, it is fake drama. One of the ways in which Bitcoin has changed is…
It is not just Bitcoin anymore. Even if an attack was successful against
one cryptocurrency, that will [lead to… the creation of] other cryptocurrencies. All of these cryptocurrencies
are trying different approaches. Communities focus on different applications, monetary
policies, and security principles for [their] codebase. That diversity, like biological diversity, means we are
much more resistant to any single type of attack. Even if [some malicious actors] manage
to stop one, they [can’t] stop everything. The ones that [can’t be] stopped expand to fill
the [hole] in the ecosystem and [become] stronger. Now we have this adaptation to threats.
It is not just Bitcoin that is anti-fragile. It is the entire crypto ecosystem, with all of its
competing interests, developers, and models. It is advancing as a whole and even
more unstoppable than Bitcoin itself. I find it harder and harder to come up with realistic
scenarios of how [Bitcoin could be] stopped. I really do. [AUDIENCE] Hello, Andreas. Thank you for being
such a great teacher. [ANDREAS] Thank you. [AUDIENCE] I have a question about governments,
governance, and decisions in this system. How do we make decisions
in a decentralized protocol? [ANDREAS] That is a great question. Government, governance, and how do we make
decisions in these decentralized systems? We don’t know yet. This is the beauty of it. We do know that we have created a system of rules
without rulers, a system that is extremely resistant… to external change and very difficult to hijack. That is the starting point.
Where can that system take us? How do we change it when we want to change it? How do we achieve consensus?
How do we arrive at common decisions? We don’t know yet, but we are trying a dozen different
ways; some of them are working, some of them not. That is the beauty of this. We have a new field of
computer science [around] consensus algorithms… that did not exist ten years ago. That field is inventing incredible things every single day. The best part of it, what most people haven’t quite
grasped, is that we are working on a deployed system, a $150 billion live payment system, that is [one of the] largest civilian deployments of applied cryptography… on this planet. When I was a young cypherpunk in 1991,
I was enamored with Pretty Good Privacy (PGP)… and wanted to teach everybody how to
use PGP to encrypt their emails (I failed). [Laughter] Nobody was paying any attention. If you told me that in two or three decades (god, I’m old),
we would have a practical, usable, deployed network… of digital signatures and using some of
the most amazing applied cryptography, with new technology that was never seen before… A real production network that is growing
and has involved [tens of millions] of people? We don’t even know. I wouldn’t have believed you then.
That is the platform on which we’re trying this stuff. There is no [established] theory about this. You can develop your lovely pristine idea in the lab
and gently put it out [into the wild internet], and it [could be] ravaged by hackers in milliseconds,
because it [can’t] survive under adversarial conditions. The honeypot is $150 billion dollars,
the prize that awaits anyone [who can break it]. Bitcoin isn’t here today because no one tried to hack it.
Bitcoin is here today because everyone tried. Again and again, each time they somewhat succeed,
it adapts, learns, evolves, and becomes stronger. Like an immune system. Governance played out on an
evolutionary-like playing field with real money at stake. We have a chance, for the first time, to do it differently. People ask me, “Will Bitcoin be regulated?” Bitcoin is regulated; it is regulated by
mathematics, instead of human committees. We already have systems regulated by committee.
We are trying to do [something different] now. That is, regulating by algorithm.
We think it will be better, but we don’t know yet.

13 thoughts on “Bitcoin Q&A: Governance and social attack immunity”

  1. If bitcoin suffers any type of serious security attack it will set back the whole space for many years. Whereas any alt can suffer a deadly attack and the space will carry on as normal. An ether hack would be rough but not fatal for the space.

  2. I hope all is well. There's a very little known project called 0xBitcoin. 0xBTC is the first implementation of the EIP918 mineable token standard which opened up the possibility of a whole new class of mineable assets on Ethereum. Using an SHA3 mining algorithm and on-chain Proof of Work, 0xBitcoin esentially mimics the fundamental properties of Bitcoin (BTC). 0xBitcoin is the first mineable erc20 token. 0xBTC has a 21 million hard cap and regular, automatic difficulty adjustments. Without any ICO, airdrop, pre-mine, or founder’s reward, 0xBitcoin is arguably the most decentralized asset in the Ethereum ecosystem, including even Ether (ETH), which had a large ICO.? 0xBitcoin is entirely community run and managed. The token's smart contract is immutable, so no alterations to the distribution code can be made. What are your thoughts?

  3. one attac vector is bitmain and its "monopol" in ASIC. Liquidity brings decentralization in the social layers …hopefully. We are dependent on the regulators.

  4. Hmmmmm……. 🤔🤔🤔 we rely on those 5 devs to make all the right commits and not too many fatal commits…. So there is a vulnerability there. If one of those devs is compromised then bitcoin could be broken… FUD around that fact.

  5. You lost me at "github" which is the greatest risk to all that is stored there because of the recent buy out by Bill Gates – King of all chaos and virus frustrations the world has ever seen.

  6. Love it, as always. Here's a question that the Maximalists won't (or can't) answer.

    How is BTC not a plutocracy? High cost of entry that less than 1% of the world's population can participate in (mining or running node). How is Bitcoin any different than the Federal Reserve asking poor people of color to "trust" rich white people that they'll be honest with the money? They may be honest now, but we all know what happens when power accumulates in the hands of the few over long periods of time. And as mining becomes more difficult, that power will be in the hands of fewer and fewer people.

    My solution would be a variation on Grin that rewarded miners on an average of computational power. Let people with smart phones to super computers mine and the average output receives most reward and it shrinks towards either end. The goal being, everyone in the world on any device is able to participate in the process without having to trust any other person or cartel (which Bitcoin mining most absolutely is right now). We've already seen the Bitcoin Cash fiasco because rich miners and node runners refused to change the block sizes and push through Segwit to lower prices, essentially gouging average users. So we already have proof that the poor and those living in developing nations have to be at the whim of the miners and node runners to use it. It's definitely not a "currency for the people".

    As long as Bitcoin is a Plutocracy, it can never be democratic because wealth disparity is undemocratic. Bitcoin is in direct conflict with democracy.

  7. Is it possible to use 51% attack on bitcoin in order to compromise the trust in underlying technology? It is said that it would cost 300K usd for one hour attack. So for 10 days it would cost 72 mln. This is nothing for government or other institution that would gladly demolish bitcoin as future form of independent money. And another scenario: sice fiat can be printed with no limit what is the problem for those who put constant sell orders on bitcoin and to pay with fiat for keeping the prices low and discourage people of investing in bitcoin?

    Could it be that the people who have the financial power on earth are imitating Bitcoin's cappacities, in order to make bitcoin insecure and

Leave a Reply

Your email address will not be published. Required fields are marked *