Last Notes
It's less of an inefficiency for Americans themselves I guess? Separate lines for citizens; there'd only be a tiny number of US citizens transiting through and not stopping.
It is a big wasted cost though, there's that.
Panama is a huge *regional* hub (I use it a lot), but less significant intercontinentally in my experience. Might just depend on my specific routes though.
Sometimes Canada works, from what I heard? Though I've never used it, but I might soon.
Can't see it happening with Caribbean, too small I guess.
I wonder how many Americans are aware (because I don't think I've ever heard one mention it) just how uniquely obnoxious the transit system in their airports is. You might not immediately grok what I mean; you might think "foreigners aren't entitled to anything" but in which case you didn't get my point - my point is that *for a traveller who has no interest in entering the United States* the experience is uniquely obnoxious. Every other major international airport has what's called "transit". I'm going from country A to country B with a connecting flight in country C. if C != USA, I just stay in the pre-immigration area and move over to the other flight; sometimes they have baggage checks (and ticket checks ofc), but not full blown immigration, because you're not entering the country. The problem is that the USA is a *major* hub for flights, for the Western hemisphere; it's not trivial at all, to avoid it, for some routes. And couple this with the fact that US immigration is not exactly relaxed (which is fine, but is not fine when you have no intention of stepping foot in the country ...)
Why?
And as bad as it is for me, I could use the 'visa waiver program' (still shit - still have to go through immigration) but many countries don't have that entitlement, meaning a citizen wanting to travel *via* (again, not into, via) the US would have to do this just to get to their non-US destination. Which goes from obnoxious to .. I don't know, surreally obnoxious.
What really amused me about Borges' Library of Babel is how he goads the reader by giving them all the exact numbers required to count exactly how big the library will be if it contains every possible book, once, but then stops short of counting and starts musing about infinity :)
Even more amusing is the discussion of the fabled catálogo 😄 ... which can't exist. The *contents* of the library is ~perfectly compressible ("print every book length N" does it), but the *ordering* of the library, which is the purpose of a catalog, is perfectly incompressible: the only catalogue is the library itself!
It could maybe be done as a protocol between 2 participants. But, in that model it's (maybe?) less interesting because you don't have the steganographic property. Would need some thinking ...
Hmm I'm not sure but it's possible you misunderstood my point there. By skewed bet I mean that one side has a positive expectation and the other a negative one. Imagine like, the pot is 1M sats, but Alice puts up 400k sats and Bob puts up 600k sats. This is *not* a negative effect on privacy of the babilonia setup at all (I guess it has zero effect on the privacy benefit, maybe even it's slightly better, not sure); when I said "limits the activity" I meant, Bob cannot keep doing that ad infinitum because he'll eventually lose all his money from the negative expectation bets.
Def more people rather than more rounds; having a skewed bet means one side is paying the other, over time, which limits the activity.
Motivating participation, basically.
True, it is kind of against the spirit of the idea. On the other hand I'm not convinced that some kind of hybrid is impossible .. maybe with 2 party coordination nested inside N party. Even if the properly p2p version feels much better...
So iow yeah i agree with you.
The dusty change thing connects in with lightning probabilistic payments ideas, i guess. I.e. similar motivation.
Right. I briefly mention in Section 8 of the paper I just posted, rhat it's likely there are tricks to be played with n party coinjoin here, but indeed N>2 versions are way harder (collusion). Perhaps embed 2 party negot. inside.
Paper as promised:
https://github.com/AdamISZ/babilonia-paper
and delving post: https://delvingbitcoin.org/t/babilonia-probabilistic-coinjoin-and-covert-betting/2704
Pot sweeteners was a late addition and I think it's much more interesting because of that.
#nevent1q…hzxt
Yes. Guess there's positive and negative here. Traffic shaping etc. vs spam traffic. Does Core have ddos defense against general encrypted noise... just dropping decoys is most of it I guess, but ..?
https://mempool.space/signet/tx/2070fba2551a5702bcfbe964486692d8a5d4519bd58ae2ee2a7d6bf5aed847d4
https://mempool.space/signet/tx/c9e68df6f7384bc43a4379007265ff343e8c381e7ab232e7ea9b94037598803d#vin=0
Nothing about the two transactions shown is strange. The first is 2 in 2 out, the second is 1 in, 2 out; normal payments [1]. If you examine their witness you'll see they're like 90% of other taproot transactions, just keypath, no scripts involved.
But in fact, this is a bet. Two parties flipped a fair coin for the winnings (a small chunk of the input funds). Not literally; they used cryptography to get an exactly 50% chance of winning without having to trust the other. They were both running signet nodes (in fact I had one on my laptop at home and another on a VPS), and used decoy packets in BIP324 (bitcoin p2p encrypted transport) to communicate, so no one could even know the negotiation was happening (side note: this idea feels like it should be useful in many other contexts, and it's surprisingly easy to set up, with a very simple patch to your bitcoind).
So we have a fair bet inside a coinjoin; you could think of it as a randomized payjoin if you like, but, the transfer of funds is not for some goods and services but, just a wager, and it's perfectly fair because of a cryptographic trick that was discussed on delving [2] though it's changed from what was written there.
Payments inside coinjoins break subset sum analysis; this is just another kind of payment. Amongst other virtues of such a system is that it creates economic activity between peers without middlemen which is vital to Bitcoin's general pseudonymity.
The implementation is at https://github.com/AdamISZ/babilonia . The repo is currently 95% AI-written so not very readable (still not *unreadable*, but, y'know how it is) but I have a paper that I've nearly finished that is human written and human readable for those interested in the mechanics.
[1] In fact those familiar with details of payjoins *will* see something specific about the 1st transaction that makes it like a payjoin. But it isn't hard to remove that, and anyway, it's only a watermark for 'this is a payjoin', not for what it *actually* is...
[2] https://delvingbitcoin.org/t/emulating-op-rand/1409/7
https://blossom.primal.net/a48090a76e663837a697a4008abfc0aa9c49f505fdf238ebcd1f851ce2a01ea8.png
https://blossom.primal.net/1dd37511b54623453e8cfdca3dd433d5bb4a50e8a26c7e9b623dce8067f0ebcb.png
Read about the 30 maidens of Geneva.
Quite remarkable. However stupid you think the bureaucrats running your life are, they'll struggle to compete with late18th century France.
It's actually a perfect model of why adversarial thinking matters. In the absence of an adversary, choosing the price of the annuity for the average buyer (age 50) is an efficient decision.
It's a very common thing. I'd mainly call it wishful thinking: they want bitcoin to be cool, they wan the interface of using it to be slick, they want to use the companies and tools of the famous people they admire, so they choose people like Jack Mallers, and then when the reality of these nonfree tools inevitably shows itself, they get hit with cognitive dissonance.
The ugly truth is you kind of have to learn how to deal with both the shitty older systems and the new genuinely empowering open systems, the latter are clunky, dangerous, difficult and not cool/slick at all but 100% worth learning. Occasionally you find little corners that are truly magical.
I have a couple test transactions at 1.58 sats/vb stuck for 4 hours now, lol. Not that it matters, just, I'm confused what's happening.
Why are signet blocks only mining 1M weight not 4?
https://mempool.space/signet
Excellent summary. I think the final paragraph is the most important, but also: at least in theory, any particular round with a central coordinator and anonymous counterparty, cannot be guaranteed to not be Sybiled by the coordinator.
With any form of coordination, that's possible; indeed that was a common early critique of Joinmarket, and even imposing anti-Sybil style costs doesn't remove that risk, either.
The reason I always saw that risk as worse with a central coordinator was the standard CPOF arguments.
Let's not forget that a central coordinator offers big advantages, too.
#nevent1q…vxxs
Jesus. The cynicism of this is unreal.
#nevent1q…w5wj
Isn't it worth mentioning that by default, makers randomize fees in reannouncements?
Or am I misremembering something. Not unlikely.
I agree this is not some straightforward privacy upgrade, as some want to paint it. But disagree that it's a privacy downgrade; it's more nuanced than that.
Yeah needs a fork. I haven't read it yet 😄
Hmm how it work; presumably different checksig opcode with the typical noop opcode for soft fork. You couldn't just use a sighash flag because it's not *only* changing the message signed; it's a different verification algo.
That's the answer I wanted to make to @nprofile…qm68 more than @nprofile…4e3p tbh, but, either way 😄
Clearly that's the pure perspective, but I'll keep harping on this point: a model like Phoenix where you don't have privacy from Phoenix is absolutely different from a model like onchain payments. It fits closer to, and is better than, what people are (unconsciously) used to: when they use a bank card they know the bank knows all their transactions, and they accept that tradeoff (mostly because they have no choice to be fair!). I'm not saying a CPOF isn't a problem; such things will always come back to bite you eventually, if they get big enough. But that tradeoff is not even close to being a bad tradeoff with the current status quo, and it is emphatically a better privacy model than the vast majority of others (and I suppose it can still get better). So: self custody, privacy w.r.t. merchant[1] but not service provider, strictly better than bank money: no self custody, privacy w.r.t merchant but not service provider.
[1] just means they don't see your financial history
Fabian Jahr put out a concrete proposal for DahLIAS!
https://github.com/fjahr/bips/blob/4b34e86d0040edad6cba3f7518b33472a11ebeaf/bip-XXXX.mediawiki
This is a CISA proposal with a security proof. I was hoping there'd be more comments on DahLIAS by now, but having read it myself (the paper, not this BIP, yet) I think it's solid; the only part I didn't like, I was convinced by the authors is just aesthetics.
Drag yourself away from PQC panic or bip110 panic, if you dare 😄
It's definitely a more correct position to take *by default* but by saying it's absolutely true that everything is traceable you're failing at the other extreme.
And especially with Lightning. Even with onchain. The problem is not that everything's traceable, the problem is people thinking that some particular simple system fully defends you from that.
Its sender side privacy is not bad at all, speaking generally.
Certainly not always true.
That last point is a good one. By copying content and then have the pipe constantly move around, you could make it near impossible to stop. I guess, that's exactly how bittorrent works 😄
Also according to claude, in Spanish they also have 'mas feo que pegarle a un padre'.
That one's not so much absurd, more disturbing.
Every now and then i learn a new Spanish idiom that genuinely makes me lol. Today it was "Es tan feo que le da un susto al miedo." 😆
(Something like: "he's so ugly he gives fear a fright")
I can't think of an English idiom that has such a streak of abstract absurdism.
Hat tip "Erre que ELE" on youtube.
Valid thoughts; I guess you cannot make absolute statements about the security of the system without making assumptions about the distribution of the covertext, i.e. how you 'normally' use the LLM model.
Not necessarily. Run the software offline and isolated.
But from another angle your warning isn't strong enough: knowing the privkey generation is safe does not prevent key exfiltration via signatures, for example.
I set up haven and am happy with it. But my needs are very basic and I don't know what NIP 50 is 😄
I was about to post this, but see this description; it's not exact, and it's from an LLM, but it's very digestible and gets across the basic idea:
#nevent1q…y2qp
#nevent1q…y2qp
Yes. But read my interaction with @nprofile…xr8v in-thread.
Ah it's a client thing. I can read it on primal fine.
Cool!
I also find I can't read that on phone. Does it need a higher res?
Btw I had this non-mathematical way of thinking about it: take markets, like say you're trading USD against EUR in the currency markets. As we all know, part of the volatility of markets is not just the price changing, but the *volume* changing, that is, there are times when the number of trades coming in per second is very high, and there are other periods where very few trades happen. If you plot price vs time, the normal way, it's very bursty, but if you treated the x-axis as 'one tick forwards per trade' not 'one tick forwards per second', it would make the chart smoother and less erratic. There's a very similar mechanic here: Meteor fits bits of hidden-message into the LLM-message at a rate that *matches* the rate of new information in the LLM's chatter. For example if you have "blah blah Tyrannosaurus.." then the next token output of "Rex" is near-guaranteed; there's almost *no information* from that next word. So Meteor by its algorithm doesn't put any new bits into that token. It basically matches the rate of flow of information, and that's why it's perfectly hiding the secret.
I largely agree, but after reading most of the article, I'm surprised you recommend it ... it seems to be taking a very reductionist position and caricaturing the pro bitcoin or pro cypherpunk position.
I think that's a different problem. But not sure if it's worse or better, probably worse if that's deeply hardwired.
I tried a couple of times, but I'm not inclined to try further; if I'm not in control and am guessing what Anthropic wants me to say, well, no, I'm not going to do that.
I could ramble but you already understand I'm absolutely sure!
DJB is one of his periodic tirades against NSA interference. His current campaign is to argue against the (probably genuinely really bad idea) of forcing everything to PQC instead of PQC+ECC. It's honestly hard to see good arguments why he's wrong other than ... well, the NSA actually backdooring and/or controlling things. I particularly liked this part: "I have a paper that exploits a simpler tightness gap in another lattice-based cryptosystem, FrodoKEM. For example, the paper shows that if you send 240 ciphertexts to a frodokem640 public key then one of the ciphertexts will be decrypted by a large-scale attack that's feasible today. This is beyond an academic demo, but it does disprove an official FrodoKEM security claim. That version of FrodoKEM was then officially renamed "ephemeral FrodoKEM" (which I think means we're supposed to forget this version ever existed) and was officially replaced with a revised "FrodoKEM". " 😄
https://blog.cr.yp.to/20260630-risk.html