Jekyll2023-10-06T19:44:51+00:00http://laanwj.github.io/feed.xmlLaanwj’s blog—Of regrets2023-02-06T00:00:00+00:002023-02-06T00:00:00+00:00http://laanwj.github.io/2023/02/06/regrets<p>Here is a copy of the MIT license. One of the well-known open source licenses. It is, effectively, the only license that I’ve used for software I wrote or contributed in the last 10 years:</p>
<blockquote>
<p>Copyright <YEAR> <COPYRIGHT HOLDER=""></COPYRIGHT></YEAR></p>
<p>Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:</p>
<p>The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.</p>
<p>THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</p>
</blockquote>
<p>I strongly regret it. It is a fool’s game in retrospect. The no-warranty clause apparently doesn’t hold up in court (at least in the UK). So, you’re, effectively, giving away an unlimited license to use your software for anyone to do with what they want, and they get to sue you for millions when it doesn’t work out.</p>
<p>All for trying to do a good thing.</p>Wladimir J. van der LaanHere is a copy of the MIT license. One of the well-known open source licenses. It is, effectively, the only license that I’ve used for software I wrote or contributed in the last 10 years:The widening gyre2021-01-21T00:00:00+00:002021-01-21T00:00:00+00:00http://laanwj.github.io/2021/01/21/decentralize<p>Recent events have made me reflect on a few things in my life I was already thinking about for a while. Also, responses on social media have made me realize that people have <em>strange</em> expectations from me, and what my role in the Bitcoin Core project is.</p>
<h2 id="growth">growth</h2>
<p>Bitcoin has grown a lot since I started contributing to it in 2011. Some arrangements that were acceptable for a small scale FOSS project are no longer so for one runing a 600 billion dollar system. Market cap is famously deceptive, but my point is not about specific numbers here.</p>
<p>One thing is clear: this is a serious project now, and we need to start taking decentralization seriously.</p>
<h2 id="moving-on">moving on</h2>
<p>I realize I am myself somewhat of a centralized bottleneck. And although I find Bitcoin an extremely interesting project and believe it’s one of the most important things happening at the moment, I also have many other interests. It’s also particularly stressful and I don’t want it, nor the bizarre spats in the social media around it, to start defining me as a person.</p>
<h2 id="spreading-out">spreading out</h2>
<p>I will start by delegating my own tasks, and decreasing my involvement. I do not intend to stop contributing to Bitcoin, or even to the Bitcoin Core project, but I would like to remove myself from the critical path and take (even more) of a background role.</p>
<p>Note that we had a nice growth in development activity, and that maintenance of the code itself has already been spread over multiple people for a while. I’m not the most active maintainer. Looking at the number of git merges</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>bitcoin<span class="nv">$ </span>git log <span class="nt">--pretty</span><span class="o">=</span><span class="s2">"format:%cn"</span> <span class="nt">--merges</span> <span class="nt">--since</span><span class="o">=</span>2020-01-01 | <span class="nb">sort</span>| <span class="nb">uniq</span> <span class="nt">-c</span>
313 fanquake
51 Jonas Schnelli
727 MarcoFalke
7 Pieter Wuille
65 Samuel Dobson
363 Wladimir J. van der Laan
</code></pre></div></div>
<p>Only about 24% of the merges were done by me, last year.</p>
<h2 id="plans">plans</h2>
<p>But there’s plenty of things left to figure out, from the top of my head:</p>
<ul>
<li>
<p>Decentralize distribution.</p>
<ul>
<li>
<p>In the short run, transfer bitcoincore.org to an organization instead of private ownership. Reduce the “bus factor”.</p>
</li>
<li>
<p>I think it would be good if some other organizations set up mirrors, so there is less incentive to try to take bitcoincore.org down.</p>
</li>
<li>
<p>In the long run, move away from a website for code distribution completely. No matter who owns it, a website on the clearnet can be shut down with the press of a button, and it seems that the global internet is gearing up to make censorship increasingly easy. We need a decentralized web. For us, one option would be IPFS, which is starting to catch on. For the binaries themselves there’s already the option of downloading through torrents.</p>
</li>
</ul>
</li>
<li>
<p>Decentralize the release process, and release signing.</p>
<ul>
<li>
<p>Delegate more parts of the release process. Other maintainers should be able to do a release without my involvement.</p>
</li>
<li>
<p>Rename the GPG key used to sign <code class="language-plaintext highlighter-rouge">SHA256SUMS.asc</code> to “Bitcoin Core release signing key”, instead of having it in my personal title. Make some construct so that N of M (minimally) trusted gitian signers doing a succesful build automatically results in a signed distribution.</p>
</li>
<li>
<p>Same for the native code signing for Windows and MacOS.</p>
</li>
<li>
<p>Even better in the long run would be to split up the keys, e.g. though RSA threshold signing, so that the whole process is geographically distributed.</p>
</li>
</ul>
</li>
<li>
<p>Decentralize the development hub.</p>
<ul>
<li>It’s not clear whether github can be trusted to act in our interest in the long run. Although issues and PRs are backed up through the API, having to move somewhere else could give significant interruption in development. And hopping from provider to provider would be awful—ideally the whole thing would not rely on a central server <em>at all</em>. For this I’ve been watching the <a href="https://radicle.xyz/">radicle</a> project, a P2P distributed code collaboration platform. It’s not quite there yet, but seems promising.</li>
</ul>
</li>
</ul>
<p>Bitcoin is quite different in some of the requirements here from other FOSS projects, so we’ll have to develop some tools as we go. We could also, definitely, use some help here.</p>
<p>Some smaller things to consider:</p>
<ul>
<li>
<p>Find someone else who wants to do the IRC meeting chair instead of me. Or maybe rotate it between multiple people.</p>
</li>
<li>
<p>Release (and release candidate) mails to the <code class="language-plaintext highlighter-rouge">bitcoin-dev</code> and <code class="language-plaintext highlighter-rouge">bitcoin-core-dev</code> lists will no longer be necessarily signed and sent by me.</p>
</li>
<li>
<p>There’s some development specific tooling hosted by me (e.g. the PR notification bots on IRC and mastodon). As they are non-critical and only little time goes into maintaining them, I’m fine with this for now.</p>
</li>
</ul>
<p>As for decentralizing Bitcoin’s node software itself:</p>
<ul>
<li>Carl Dong’s <code class="language-plaintext highlighter-rouge">libbitcoin_kernel</code> work. Bitcoin Core is a large monolithic project which includes the consensus code, which is much more critical than the other parts. The kernel would be an isolated part with well-defined interface, and at some point, its own review flow for changes. The difference with previous <code class="language-plaintext highlighter-rouge">libbitcoin_consensus</code> plans is that the kernel is stateful: it includes UTXO management and validation. It however does not include P2P, mempool policy, wallet, GUI, and RPC code. It could be re-used in different clients, to have more diversity in clients, but without the risks of a deviating consensus implementation.</li>
</ul>
<p>Over the course of 2021 this will be my focus with regard to Bitcoin Core.</p>Wladimir J. van der LaanRecent events have made me reflect on a few things in my life I was already thinking about for a while. Also, responses on social media have made me realize that people have strange expectations from me, and what my role in the Bitcoin Core project is.Dazed and confused, but trying to continue2016-05-06T00:00:00+00:002016-05-06T00:00:00+00:00http://laanwj.github.io/2016/05/06/hostility-scams-and-moving-forward<p>I’m happy with the job I’m doing, happy to work with a few very smart people on
an extremely interesting project, involving various entirely new challenges,
that could have enormous impact. But on the other hand Bitcoin infrastucture
development must be one of the most hostile and crazy working environments in
existence, at least in software development.</p>
<p>This is my personal reflection on recent events, and should not be seen as any
official statement for Bitcoin nor Bitcoin Core.</p>
<h3 id="atmospheric-toxicity">Atmospheric toxicity</h3>
<p>Day in, day out, there is trolling, targeted attacks, shilling on social media
targeted toward us. I don’t know of any other project like this. I’ve seen
developer teams in MMOs under similar pressure from users; but possibly this is
even worse. There, there are avid disagreements about how the game rules
should be changed, here people get worked up about changes affecting a whole
economic system. And the people attacking are, in many cases, not even users of
the software.</p>
<p>But it is even worse when many of those attacks are agitated by someone that
purports to be part of your own project. Not just involved with,
even leading projects whose developers and users are openly hostile to us.</p>
<p>Some development tasks are extremely complex and require focus over a long
time. It is essential to be able to reduce distractions, by being at least sure
that your own team has your back.</p>
<p>For those reasons over the last years we’ve tried to create a more sane and
focused environment for developers to work in. Part of this is a restructuring
of the project. A decoupling of the name “Bitcoin Core” from “Bitcoin”. Bitcoin
is (understandably) seen as public property. No one owns the bitcoin system, it
is supposed to be decentralized and intangible.</p>
<p>However Bitcoin Core is a software project run by a team of people working
together, on an open source basis. People who choose for themselves who they
want to work with, and who they don’t want to work with.</p>
<p>There comes a point when it is time to break ties with certain individuals
which were formative in the beginning but have, over time, ossified and even
come to be seen as a toxic influence. Especially if they haven’t partaken in
active development for a long time.</p>
<h3 id="scams-all-the-way-down">Scams all the way down</h3>
<p>On a different note, Bitcoin has unfortunately always attracted scammers
(remember mybitcoin?), con artists (remember pirateat40?), as well as assorted
opportunists of all kinds.</p>
<p>Bitcoin also has its own creation myth, with borderline-religious support by
some.</p>
<p>But now something truly fishy is going on. Someone is claiming to be
that creator, but is surrounded by technological and social trickery, based on
backdated GPG keys, faked digital signatures, maybe classic bait-and-switch
parlor tricks. Despite various red flags, many people are convinced that a
certain person is the creator of Bitcoin. There is a larger confusion than ever
where truth starts and where misdirection and scams end. I am extrememly
concerned about this.</p>
<p>I wasn’t sure, and am still not sure how Gavin is involved in this. It is no
longer likely that he was hacked, but at the very least he is confused.
When we saw the blog post convinced he found Satoshi, the prudent thing to do
was to revoke his ownership of the ‘bitcoin’ organization on github, under
which the Bitcoin Core repository currently lies, immediately.</p>
<p>In the past he has stated that <a href="http://bitcoinstats.com/irc/bitcoin-dev/logs/2012/03/15#l1331820212.0">“Satoshi can have write access to the github repo any time he asks.”</a>,
so if he is absolutely convinced that this is Satoshi, there is a risk that
he’d give away the repository to a scammer.</p>
<h3 id="least-privilege">Least privilege</h3>
<p>But in a way this was only the final straw. His privileges were seen as a
liability by members of the project for a while (and not just because of <a href="https://twitter.com/petertoddbtc/status/611368079117942786">proxy
threats from Mike Hearn</a> to shut
down the project).</p>
<p>The <a href="https://en.wikipedia.org/wiki/Principle_of_least_privilege">principle of least privilege</a> in computer security says that users, should only have access
to the resources they need for the purposes that are essential to the user’s
job.</p>
<p>This is not an idle concern, for us. Remember how
<a href="https://news.ycombinator.com/item?id=8287905">the bitcoin sourceforge was hacked using Satoshi’s inactive account</a>?</p>
<p>Gavin hadn’t done anything as a maintainer for <a href="https://github.com/bitcoin/bitcoin/commit/3c60937ce6a251e565e169715ebb2f3dd76825c4">a year or so</a>, and before that
he already was <a href="https://github.com/bitcoin/bitcoin/commits?author=gavinandresen">hardly active for a long time</a>.</p>
<p>That’s perfectly fine, people move on to other things, other interests, no one
is bound to this project for life. However, the world also moves on, and if
you go on to other things you can’t expect to be able to come back at any
point and that everything is in the same place where you left it. It was time
to revoke those privileges anyway.</p>
<p>I have personally asked, in a phone conversation as well as in mail, Gavin
various times to give up his privileges with the github project himself - and
so have other people. The response was always that he’d “sleep on it”. Despite
allegations of the opposite, this did not come out of the blue.</p>
<h3 id="crossing-the-rubicon">Crossing the Rubicon</h3>
<p>So when the question comes up whether we should make Gavin maintainer again, my
answer, and that of many others is a resounding “no”. For one, there is just no
point, as he wasn’t acting as a maintainer for Bitcoin Core anymore in the
first place, and in addition to that, many feel that we can be more productive
if we separate our ways.</p>Wladimir J. van der LaanI’m happy with the job I’m doing, happy to work with a few very smart people on an extremely interesting project, involving various entirely new challenges, that could have enormous impact. But on the other hand Bitcoin infrastucture development must be one of the most hostile and crazy working environments in existence, at least in software development.