Jimmy Song on the Game Theory of Bitcoin Attacks and why Proof of Work Needs to be Expensive - WBD037 - The Peter McCormack Show

Summary8 min read

Podcast Summary: The Peter McCormack Show ft. Jimmy Song on Bitcoin Security and Game Theory

Episode Title: Jimmy Song on the Game Theory of Bitcoin Attacks and why Proof of Work Needs to be Expensive - WBD037
Host: Peter McCormack
Guest: Jimmy Song
Release Date: October 5, 2018

1. Introduction

In this episode of The Peter McCormack Show, Peter McCormack welcomes Bitcoin developer and educator Jimmy Song to discuss the intricate aspects of Bitcoin security, focusing on the game theory behind Bitcoin attacks and the necessity of expensive Proof of Work (PoW) mechanisms. The conversation delves deep into a specific Bitcoin bug (CVE-2018-1744), its implications, and broader themes related to Bitcoin's robustness and decentralization.

2. Understanding the CVE-2018-1744 Bug

Overview of the Bug: The episode begins with Peter and Jimmy dissecting the CVE-2018-1744 bug, a significant vulnerability identified in Bitcoin's codebase. This bug had the potential to allow for double-spending and, consequently, inflation within the Bitcoin network.

Jimmy's Perspective on the Severity: Jimmy Song argues that while the bug was serious, its portrayal as a "catastrophic" flaw was exaggerated by some, particularly criticizing Constantin Fields for overstating its impact without thorough analysis.

"Blowing it out of proportion, I think, is kind of what he's been doing." – Jimmy Song [07:05]

Game Theory Considerations: Jimmy emphasizes the importance of game theory in assessing the viability of exploiting such bugs. He posits that the high cost and low probability of success make such attacks economically unfeasible.

"The game theory around this is extremely difficult. As soon as you do that, price of bitcoin probably drops." – Jimmy Song [22:08]

3. The Economics of Exploiting Bitcoin Bugs

Cost vs. Reward: Exploiting the CVE-2018-1744 bug would require significant resources, including the expenditure of approximately 12.5 Bitcoins' worth of electricity. Given the potential repercussions, such as a drop in Bitcoin's price and network distrust, the rewards do not justify the risks and costs involved.

"You could try doing it, but there are so much risk for you to do because you might not succeed." – Jimmy Song [46:08]

State-Level Actor Scenarios: Jimmy discusses the hypothetical scenario where a state-level actor might attempt such an attack. He argues that the logistical and operational challenges make it highly improbable.

"Despite all of the movies with like James Bond and all that stuff, you know, government people tend to work very, very slow." – Jimmy Song [37:54]

4. Simplifying UTXOs and Double Spending

Explaining UTXOs: To aid non-technical listeners, Jimmy provides a simplified explanation of Unspent Transaction Outputs (UTXOs), likening them to digital "bills" representing specific Bitcoin amounts.

"UTXO stands for unspent transaction output. And that's just sort of like a fancy word for saying like current, you know, coins on the network." – Jimmy Song [13:40]

Preventing Double Spending: He elaborates on how Bitcoin prevents double spending through the verification of incoming transactions against the UTXO set, ensuring that each "bill" can only be spent once.

"If it's in that set, then they go, okay, well, this is a valid transaction. If it's not, then they go, okay, well, this is a double spend attempt." – Jimmy Song [13:40]

5. Rollback Scenarios and Their Implications

How Rollbacks Occur: Jimmy explains that if a block containing malicious transactions is detected, nodes may reject it, leading to a rollback where affected transactions are invalidated.

"If you find a block, there will be some nodes on the network that will reject that block." – Jimmy Song [19:40]

Historical Context: He references past instances of block reorganizations in Bitcoin's history, noting that while they are rare, they can have disruptive effects if not managed promptly.

"There's been in bitcoin's history. I think there was level DB bug versus I. There was a rebuild... that happened." – Jimmy Song [39:45]

6. Mining Centralization and the Importance of Expensive Proof of Work

Debunking Centralization Myths: Jimmy addresses common misconceptions about mining centralization, emphasizing that even if mining power is concentrated, executing an attack remains economically and logistically unviable.

"The network is incentivizing everyone to basically play well with each other." – Jimmy Song [51:11]

Expensive PoW as a Defense Mechanism: He underscores that the high cost of PoW acts as a deterrent against potential attacks, ensuring the security and integrity of the Bitcoin network.

"The whole point is. You want to make it very difficult to change history. The only way to make it difficult to change history is to make the process of writing the current history very, very expensive." – Jimmy Song [43:07]

7. Privacy in Bitcoin: Balancing Openness and Security

Risks of Enhanced Privacy: The discussion shifts to Bitcoin's privacy features, where Jimmy expresses concerns that full privacy could complicate the detection of vulnerabilities and exploits.

"The thing that I don't like about full privacy... is that you wouldn't necessarily know if there was a mathematical exploit." – Jimmy Song [26:13]

Sidechains as a Solution: He proposes that implementing privacy through sidechains could mitigate risks by isolating private transactions from the main Bitcoin ledger, preserving the 21 million coin limit's sanctity.

"If you have privacy on a side chain instead, then you know the risks going in and you know the risks coming out." – Jimmy Song [26:13]

8. Bitcoin Development Practices and Updates

Importance of Backward Compatibility: Jimmy advocates for backward-compatible updates to Bitcoin, allowing for innovation without compromising the network's stability and security.

"They're always backwards compatible changes. That way if the new stuff is exploitable, you still have the old stuff to fall back on." – Jimmy Song [33:13]

Ossification vs. Flexibility: While supporting stability, he acknowledges the necessity for Bitcoin to evolve, especially in response to potential vulnerabilities in cryptographic algorithms.

"You do need to move just in case something happens and be ready for all kinds of attacks." – Jimmy Song [34:31]

9. Lightning Network and Its Security Considerations

Security Model of Lightning: Jimmy touches upon the Lightning Network, noting that its security model is still maturing and requires further development to address potential vulnerabilities.

"It's still kind of an unknown security model. It's fairly new and it's going to take some time to harden and it hasn't hardened yet." – Jimmy Song [54:09]

Decentralization Concerns: He counters prevalent FUD (Fear, Uncertainty, and Doubt) regarding the centralization of the Lightning Network, asserting that network topology remains decentralized.

"You look at the network topology and it's anything but centralized. It's kind of ridiculous actually." – Jimmy Song [54:43]

10. Supporting Bitcoin as a Non-Technical User

Holding Bitcoin: For non-technical listeners, Jimmy recommends holding Bitcoin as a primary way to support the network, emphasizing the importance of scarcity in maintaining Bitcoin's value.

"The best thing you can do is hold Bitcoin because from an economic standpoint, that's very, very important." – Jimmy Song [55:25]

Participating in the Community: He encourages participation in the Bitcoin community through activities like writing, educating others, and advocating for Bitcoin, which collectively strengthen the network's foundation.

"Participate in the social community... write articles, tell people about it, let others know if they're interested." – Jimmy Song [55:25]

Running a Node: While more technical, Jimmy suggests that running a full node is another way to support Bitcoin, albeit acknowledging the technical knowledge and resources required.

"There are tutorials out there. It's just a matter of how much you are willing to invest." – Jimmy Song [56:27]

11. Developer Training and Ecosystem Growth

Addressing Developer Shortages: Jimmy highlights the ongoing issue of a shortage of Bitcoin developers and discusses his efforts in training over 400 individuals through intensive courses to bolster the ecosystem.

"At this point, it's the lack of developers, but that's something that I'm trying to rectify by training them." – Jimmy Song [53:24]

Course Details: He describes his training program as a two-day intensive course focused on Bitcoin protocols and transaction construction, primarily utilizing Python.

"It's a Python class, but basically it's a two-day, very intense class." – Jimmy Song [53:31]

12. Conclusion

Peter McCormack wraps up the episode by reflecting on the technical depth of the conversation, appreciating Jimmy's ability to elucidate complex topics. He underscores the importance of understanding Bitcoin's security mechanisms and the economic incentives that safeguard its integrity.

"It was really good to hear Jimmy explain the game theory of exploiting it. And actually, quite interesting." – Peter McCormack [60:01]

Peter encourages listeners to support the show through Patreon, leave reviews, and engage with the content to continue fostering informed discussions around Bitcoin.

Notable Quotes:

"Blowing it out of proportion, I think, is kind of what he's been doing." – Jimmy Song [07:05]
"The game theory around this is extremely difficult. As soon as you do that, price of bitcoin probably drops." – Jimmy Song [22:08]
"You could try doing it, but there are so much risk for you to do because you might not succeed." – Jimmy Song [46:08]
"Despite all of the movies with like James Bond and all that stuff, you know, government people tend to work very, very slow." – Jimmy Song [37:54]
"If it's in that set, then they go, okay, well, this is a valid transaction. If it's not, then they go, okay, well, this is a double spend attempt." – Jimmy Song [13:40]
"The network is incentivizing everyone to basically play well with each other." – Jimmy Song [51:11]
"You get to decide if you want to utilize that feature or not." – Jimmy Song [26:13]
"It's all stuff you can do voluntarily. It isn't something that you are forced to do." – Jimmy Song [27:38]
"It's a Python class, but basically it's a two-day, very intense class." – Jimmy Song [53:31]
"The best thing you can do is hold Bitcoin because from an economic standpoint, that's very, very important." – Jimmy Song [55:25]
"It was really good to hear Jimmy explain the game theory of exploiting it. And actually, quite interesting." – Peter McCormack [60:01]

This episode provides a comprehensive exploration of Bitcoin's security mechanisms, emphasizing the interplay between technical vulnerabilities and economic incentives. Jimmy Song's insights shed light on why certain risks are mitigated by Bitcoin's design and the importance of maintaining robust Proof of Work to preserve the network's integrity.

Loading summary

Transcript79 lines

[00:01]
Peter McCormack
Welcome to the what Bitcoin Did Podcast. Hi there, how are you all? How is everyone? Are you all having a great week? Welcome to the what Bitcoin did podcast. This week I've got another cracking interview. I've got Jimmy Song on the podcast, someone I've been trying to get on for ages, so I'm really chuffed about that. And also I just want to say a big thank you to everyone who wrote to me about last week's episode, everyone who shared it all the feedback. The interview with Save Dinamous and Caitlin Long seems to have gone down pretty well and it's on track to be my most downloaded episode ever. So that is pretty cool. I've also got some interesting stats to share with you. I've been having a look at the stats of the podcast since I launched it, so I'm going to tell you about those in a moment. But first I got a message from my sponsors and please do listen to these, please don't jump them. These are the people that help make the podcast happen. So first up is my regular advertiser blockfi, who can help you use your cryptocurrencies without having to sell them. If you're looking to buy a house, make, maybe you're looking to fund a business, or even if you're looking to pay off your taxes, you might be faced with the choice of selling some of your crypto. But with BlockFi you can keep them and you can still pay for those outgoings. With a crypto backed loan you can use a bitcoin or ether and get USD funded directly to your bank account. And with loan Sizes Ranging from $2,000 to $10 million, BlockFi is perfect, supporting financial goals of nearly any size. They have also created a special offer to the listeners of my podcast which is pretty cool. If you sign up@blockfi.com whatbitcoindid you'll get 25 doll free crypto added to customer collateral for loans under $10,000 or $50 in free crypto added to customer collateral for loans over $10,000 and applying only takes less than two minutes. Next up, BTC Inc. Is excited to announce its upcoming conference Distributed Health, which is being held on November 5th and the 6th in Nashville, Tennessee. This is the first conference to bridge the gap between blockchain technology and the healthcare industry. Now in its third year, this two day conference is an opportunity for all members of the ecosystem including payers, providers, lawmakers, retailers, investors and innov reshape the future of healthcare. For more information, visit health.distributed.com and use the promo code WBD20 to secure a 20% discount. Okay, so onto this week's guest. Onto Jimmy's song, another pretty cool one. It's been a quite a good run of guests recently, so thank you to everyone who's Come on Jimmy is someone I've been trying to get on the show for a while. We've been talking about it, couldn't make it happen, couldn't get our diaries to match, but finally we did it. And actually it's pretty cool timing if you're a regular listener of the show. You know, I've been trying to soak up everything I can with bitcoin and now it's the turn of tech, an area I'm definitely out on depth on. But after watching the Honey badger conference on YouTube and seeing the discussion around bitcoin tech and the bug which was recently found in bitcoin, I wanted to talk to Jimmy about it. I wanted to find out how much of a thread it was. I wanted to talk about Ormond, his approach to releasing the information on the bug. Some things in there I didn't agree with and I also wanted to talk about the game theory behind exploiting it. This one was definitely a challenge. I spent about two days reading everything I could about the tech, about bugs, about game theory, especially Jimmy's Medium post about it, which I will share out in the show notes. But we also expand beyond the Bug CVE 2018. We talk about the game theory of other types of attacks. We talk about mining centralization and why proof of work needs to be expensive. And following this, I've bought Andreas Book Master in bitcoin. I'm going to read it. I'm going to see where it takes me. I don't think I'll become a core developer, but I'm willing to try anything. Anyway, I hope you enjoy the interview with Jimmy. If you've got any questions, you know you can always reach out to me. My email address is hellohotbitcoindid.com and yeah, I'd love to hear your feedback. Okay, so I always ask you to support the show, but I thought it might be interesting to tell you a few stats. Next month is going to be the first anniversary of the podcast. It was last November when I met up with Luke Martin to record my first show and a lot has happened since. But there's some interesting stats I was looking at this week so I thought I would share them. So my first podcast with Luke had 360 listens over its first weekend and then this week's show with Safedine and Caitlin had over 6,000 listens and it just short of 10,000 for a week. The first month I had the podcast was November 17th and there was a total of around 2,000 listeners of all episodes. And then this month, September, I'm just short of 60,000 and that's a nearly 50% jump from last month as well. I've also had my biggest day ever. I've had over 4,000 listens in one day. I have had my biggest week with over 15,000 listens and I've had my first week where every single day there's been more than 1,000 listens and in total across all shows since I launched the podcast, I am just about to approach 300,000 listens. I think this is all pretty cool and I should probably keep this stuff confidential, but I thought it would be interesting for any of you to listen to it, especially if you've been supporting the show from the start. You've been sharing it out. I think it's kind of cool. So yes, thank you to anyone who listens, who shares it, who sends feedback, who comes on the show, helps get people on the show. Thank you to everyone. This is becoming a full time job for me in some ways and I've got to increase the listeners if I want to get the right advertisers on board to keep it going. So I thought it'd be good to share that if you do want to support the show, there's a few things you can do if you've listened to the show recently. You know, I've got a Patreon account now. I've got 15 patrons which is really cool. I'm really grateful for everyone who does that. And this was the first week where one of my what Bitcoin Did Maximalist helped prepare the structure for an interview. His name's Seb. Thank you Seb. Thanks for dipping in and helping me out with that. But also thanks to Logan, Steve and Tony, the other WBD maximalists who signed up on Patreon. So if you want to become a patron please head over to patreon.com whatbitcoindid there's a bunch of options and shout me if you have any questions. You can also leave me a review on itunes. Thank you to everyone who has done so far. If you think it deserves five star, that would be pretty cool. Helps with the search listings. You can also click on the subscribe button in itunes. Apparently that's good for your listings. You can follow me on social Media. I'm on Twitter, I'm on Steam it. I'm on Medium. On Instagram, I am what Bitcoin did everything. So feel free to follow me and get in touch if you want to talk about anything. I usually reply to anyone. You can also check out my website. A lot of redesign work is going on there. I'm gradually making changes to the content, trying to make it more useful. That's www.whatbitcoindid.com. also on the website, you can sign up to my email database. I send two emails a week. At the moment, I send one for the show, but I also do a new weekly curation of all the other podcasts I've been listening to, so you might find that useful. And also you can share this show out with your friends family. Okay, as ever, I've spoken way too much. I always do that. I do apologize. I'm sure some of you just jumped past it. But for those who are listening, thank you so much. Let's move on to the interview with Jimmy. I do hope you enjoy and as I said, if you've got any questions, do feel free to reach out to me. My email address is hellohotbitcoindid.com and yeah, I look forward to hearing from you. Right. It's evening here in London, Jimmy. So good evening. How are you? And are you in Austin?
[06:21]
Jimmy Song
I am in Austin. It's great.
[06:23]
Peter McCormack
What's the time there?
[06:25]
Jimmy Song
It is three in the afternoon.
[06:27]
Peter McCormack
Okay, wow. So it's. It's about nine o'clock here, so. Okay, well, look, thanks for coming on the podcast. I'm not the most technical person and so I've read a number of your articles and a lot of them go over my head. I found the most interesting one you wrote recently about the CVE 2018, 1744 bug. Quite interesting. And also you recorded a podcast explaining about it. So let's go into that. A lot of people got worried. You wrote about the bug itself and about the game theory. I also read Almany's post who said it's the most catastrophic bug in recent years and certainly one of the most catastrophic bugs in bitcoin ever. Was he exaggerating?
[07:06]
Jimmy Song
I think so. I mean, the guy's a BU developer and he wanted to make the bug seem worse so that his project looks better. Fact of the matter is Bitcoin Unlimited has had many such bugs. Like, well, maybe not consensus breaking, but at least like the denial of service level. There were a ton of us heard zeros all over the place. The code just wasn't that great. But the fact that he found it is. You know, I'm grateful for that. But blowing it out of proportion, I think, is kind of what he's been doing. I mean, that said, you know, people can disagree. A lot of developers are like, this was a really, really bad bug. It could have been exploited this way and that way. I don't think they've really looked into the game theory of it, just because the way that you have to set up the exploit is actually quite costly, and there's a very good chance of failure, in which case, not a very good bet for somebody that's trying to exploit it. Most exploits, most things that people do in the wild tend to have a definite payoff. You know, people that are trying to exploit things, people that are trying to take your money or whatever, generally they're already taking a huge degree of risk. They want to reduce all kinds of other risks that they can so that the payoff is better. If you're just looking for a big score, then you might as well play the lottery if you're willing to take a significant amount of risk. So, you know, I don't think that was really taken into account in Ahmani's analysis. And really, there wasn't any analysis. It was just sort of like, declarative, hey, this is the worst thing ever. You know, without any justification. It's just, okay, like, didn't explain why we know that inflation was possible, but it was in a very particular set of cases and it would have been caught. So it's kind of like saying, okay, well, this would have been the absolute worst disaster if 800 other things went the exact same way at the same time. So it's, to me, kind of a nonsense argument.
[09:08]
Peter McCormack
So I think it'd be good to unpack it and go through the details, just because there's going to be people like me who own some bitcoin, going to be a little bit nervous, who kind of want to understand what's going on. But before that, I did want to pick up on one thing that Almany said, which I did take issue with. So he said CORE recklessly endangered the security of bitcoin cash as well as endangering a myriad of altcoins. I can't understand why core have any responsibility for any fork.
[09:34]
Jimmy Song
Yeah, they don't. And this is. This is one. I didn't even catch that. I thought I read through the entire article, but so much of it was, like, just crowing at the fact that he found the bug that I couldn't read everything that carefully but that sentence right there is very indicative. It blaming CORE for pretty much anything and everything. And that's been sort of their M.O. and you know, if you choose to fork a project then you take all of the responsibility. That's what the license agreement in the open source project says. You don't get to blame anybody else. We don't share any liability. There's no endangerment here. If you fork, then that code is now yours. You don't get to go and say, well you didn't fix this for me, I'm going to blame you and sue you. That's not how it works. It's not that way legally, it's not that way socially, it's certainly not that way economically. So you know, this is again Bitcoin unlimited developer that's just trying to take best political advantage of a situation. I mean that said, he did find the bug, but his politics and his beliefs are totally not in line with reality.
[10:48]
Peter McCormack
Did you see a distinct difference between his approach to publishing the bug he found with Corey Fields approach to publishing the bug he found in Bitcoin Cash?
[10:57]
Jimmy Song
Yeah, absolutely. Corey was extremely careful. He started thinking, okay, well and he thought through all of the game theory, if this exploit was, if he identified himself and gave them the heads up on what was happening, but it got exploited anyway, then he would get then accused of splitting the bitcoin cash network. We know that there is a lot of people with a lot of money on the bitcoin cash network and he was sort of fearing for his life. It's like what would happen. So he submitted it anonymously, which was a smart move in case that low probability scenario happens. He proceeded to lay out exactly what was wrong. He didn't really crow about it, he just said here's what I wrote them. And he only revealed it months later after that possibility of his physical safety was null and void or he was insured of his physical safety because the network didn't split. That was his way of saying, okay, well now that all of this stuff has blown over, let me just tell you that I reported the bug and here's what I found, that I did it responsibly and all that stuff Omni's post was I reported the bug. Here are all the reasons why Core is really bad and they're evil and like just brought in all sorts of nonsensical, non relevant things into his post as if they were, you know, he would get the glow of bug finding into the rest of the article somehow and that, you know, people would try or like he, he's taking advantage of the credibility. Right. It's kind of like, you know, somebody doing something good, but also like shilling for something else at the same time. It's, it's very distasteful in my mind. He obviously has the. I don't know if it's even a he. Nobody really knows who this guy is, but whoever all many is, I, I thought it was very distasteful how, how much like that post wasn't about the bug, it was more about ranting against Cork.
[12:59]
Peter McCormack
Okay, so let's, let's unpack the bug. So it's kind of a whole new area for me looking into the detail of things like this. My background's advertising, Jimmy. So, so this is all new to me, but so as I see it, it was a denial of service vector which would allow the possibility of inflation. And what was quite interesting here is I've never fully understood utxos, right. I'm not a technical person and I never fully understood how the problem of double spending was solved. Now I think I get it, right? Now I think I understand it because each spend has to unspent output. Can you explain that all explain that to me like I'm an 8 year old, how this double spending thing works, how the UTXOS work and therefore what this bug was.
[13:40]
Jimmy Song
Yeah, yeah. So let's start with what a UTXO is. UTXO stands for unspent transaction output. And that's just sort of like a fancy word for saying like current, you know, coins on the network, basically. So when I send to you like point zero three bitcoin or something like that, that's the coin that you get. It's literally an atomic unit. You get.03. It's kind of like if somebody handed you cash and they gave you a $20 bill, it would be the equivalent of that $20 bill. Now you could get change for it and stuff, but that's another transaction, right? Like if you're getting change for a 20, then you hand somebody a 20 and they give you a 10, a 5 and 5 one, something like that. With bitcoin you're not limited to nice round number bills. It can be any number. And that's part of the advantage of it being digital. You don't need nice round numbers. So you can have a 03 bill or a 17.3 Bitcoin bill or 0.0005 Bitcoin bill or something like that. That's essentially what a UTXO is. It's this thing that you are spending, and it's what you have possession of when you have Bitcoin is certain UTXOs in the UTXO set. These are all the bills in existence. If you add them all up, it comes out to something like 17.5 million bitcoins, right? Like, if you add up all of the ones in existence. The thing about UTXOs that's interesting in bitcoin is that every time you have a transaction, some UTXOs are consumed, so they go away. So they're now spent. They're no longer in this set of possible things that can be spent on the ledger. And you create new UTXOs. That's why they're called transaction outputs, because they're part of the transaction. So you consume some UTXOs and you produce new UTXOs. This is kind of like essentially like making change, right? Like you put in a $20 bill and you get a $10 bill, a $5 bill, one or five ones. Or you could go the other way. You put in five $20 bills and you get one $100 bill back. But of course, these numbers can be arbitrary because this is bitcoin. So that's what a UTXO set is. And anytime you spend, you have to use UTXOs, not spent ones. And that's how we solve the double spend problem. Whenever a node looks at the transaction, it looks to see if the inputs are in the UTXO set. These are bills that are available to be spent, right? If it's in that set, then they go, okay, well, this is a valid transaction. If it's not, then they go, okay, well, this is a double spend attempt. It was spent at this point in the past, and they're trying to spend it again, or they're spending something that doesn't exist. Something like that. That's how you identify it. This bug was. Was about a particular form of double spending. Now, most double spending attempts are multiple transactions. So it'd be the equivalent of me paying you a $20 bill for something and using that same $20 bill to somebody else. Now, when it's like a physical $20 bill, it's very obvious because, you know, like, you can't spend something physical. It's, I have to hand it over to you, so I can't do it a second time. In the digital realm, it's a little more subtle. The act of me handing it over to you is the transaction. So whether or not that gets into the blockchain is that act of actual transferring of money. So that's usually how double spends are done. This particular one was interesting. It's a very pathological kind of transaction. It's using the same $20 bill multiple times in the same transaction. So pretend I have one UTXO, that's $20, and I'm kind of like using sleight of hand to hand you the 22 times. And you believe that you've received $40, but I really only gave you 20. That's bad. That's not a valid transaction. I didn't actually hand you $40 and I only gave you $20. That's essentially what this type of transaction has to be. The bug wasn't that you could construct this transaction and then everything would blow up. You not only had to construct this transaction, but you also had to be a miner that was willing to include it in a block. And a block, of course, is secured by something called proof of work. And proof of work is kind of like gold mining. It takes a lot of energy and effort to go and find, and you could find it for almost anything. It's just very, very expensive to go and find. Typically it takes about 12 and a half bitcoins to go find one. So somebody that wants to exploit this actually has to spend 12 and a half bitcoins worth of electricity in order to create this block with this weird transaction in it. And that's the way that you get sort of an inflation that. That's what it was most of the time. Like from pre 0.15, it would just crash the node, or at least 0.14 it would just crash the node. And there are ways to crash IT also in 0.15. But it turned out that this inflation thing was possible and that that was basically what the bug was. Does that make sense?
[19:18]
Peter McCormack
Yeah, it does make sense. So, but I've got a few questions on that. Okay, so only a miner can get it into the, into a block. And you say it will cost 12 and a half bitcoins to do this. But is there any guarantee that they can? Is it when they have to, they have to find a block to include it in. So do they permanently include this transaction as they're trying to find a block? Eventually they will find one.
[19:40]
Jimmy Song
Well, so if they find one, here, here's the thing. They, if they find one, there will be some nodes on the network that will reject that block. And that's the key. Once some nodes reject it, then you have a fork. At that point, you have some nodes that are Saying this is valid. Some other ones that are saying this is invalid. It plays out a little bit like a soft fork in the sense that the people that are enforcing more rules have the advantage if they're ever longer than all of the other guys and end up reorganizing. So it's actually a very dicey type of attack, largely because there's just so much risk and you're most likely not going to get away with it. And, you know, like, it's possible that, you know, you can cheat in this way, but it's also like the payoff just isn't there. Right. Like, you could try to, like, duplicate 1,000 bitcoins. Say you have 1,000 bitcoin bill, right? And you duplicate that and you get 2,000 out. It'll be very obvious to people very, very quickly because it's a public ledger. Everyone can see that this is a weird transaction. They know exactly who you are. Maybe you deposited to an exchange or something like that, traded it for litecoin or whatever, and tried to get away with it. In that case, the exchange would be out of money and it would be their fault for not enforcing the rules very well. But it's an extremely difficult thing to actually be able to pull off. And the liquidity for 1000 bitcoins is extremely hard. For any altcoin. To be able to get it in cash is even harder. The game theory around this is extremely difficult. As soon as you do that, price of bitcoin probably drops. Possibly, maybe you short bitcoin, but then it might recover very fast. We've had this situation a lot before where an adverse event happens in bitcoin and bitcoin goes up in price, which is kind of surprising. And that's happened multiple times. From a technical perspective, inflation is possible. From a game theory perspective, it doesn't make any sense to exploit this bug just because it costs so much, much money.
[22:08]
Peter McCormack
How would it be recognized? Would it be recognized because a number of nodes would be rejecting it?
[22:14]
Jimmy Song
Yeah, yeah. So there would be a number of nodes that would just stall. They would reject this block and if. And there might even be miners that would have rejected this block, in which case you would have had a real fork. And then, you know, people would have been like, what's going on there? One block explorer says one thing, one block explorer says something else. It would have been very obvious and people would have said something. It's kind of like trying to get away with, like, robbing a bank. But, like, you know, the act of doing that is like Recorded on a Jumbotron in Times Square. Like, it's. You can't really do it very easily. It's, you know, there's a lot of exposure and it's. And you know, you're going to need at least like some amount of time for things to confirm on an exchange and so on. So. So as soon as somebody finds something like this out, they normally just stop things. They go, okay, here's an emergency. And that's usually how these things go. A lot of people are assuming, well, if you had this inflation bug and you had an exchange that wasn't checking, and not only that the exchange wasn't checking, but the attacker would have to know that the exchange wasn't checking or the software behind it, and they were able to sustain this attack for at least six blocks or something like that, so they can get the money in there, trade it, and get it out. These are all very dicey assumptions to make for that reason. I mean, unless you brought over three or four attacks at the same time, this by itself just isn't going to really do it.
[23:57]
Peter McCormack
Let me ask you a different question. It's made me think of something. I had an interview last week with Safedin and Caitlin Long, and one of the things we talked about is fractional reserve bitcoins. And what came up was that it's quite unlikely that you would be able to get away with it because it's an open ledger, right? So if Wall street tries to operate fractional reserve bitcoins, the only people at risk are those who are engaged in the activity. You own your private keys, I own my private keys. We're at no risk. But what we discuss is if Bitcoin was private, if Bitcoin introduced full privacy, then the risk is there because the ledger of those operators in fractional bitcoin, Bitcoin isn't exposed. If we had full privacy with Bitcoin, is there a heightened risk with this kind of bug in that if you were moving coins to the exchange and nobody would know which ones they were?
[24:49]
Jimmy Song
Well, so I'm not so sure that fractional reserve is impossible because that's essentially what Mt. Gox did for a couple of years from 2011 to 2013. You know, they, they had coins stolen way back in 2011, and, and they just sort of kept the operation going based on. On a fractional reserve basis. Now, in the sense that they weren't able to sustain it, I guess they didn't get away with it. But enough people were fooled that they lost a lot of money. So I mean, like any bank can say, okay, well we're going to take in some Bitcoin and we're going to do fractional reserve or not tell anybody that they're doing a fractional reserve. They just have to refuse audits and so on. So I mean, you got to do your own research, right, and keep your own private keys. It depends on how much trust that these entities can engender from the public. And if they get enough trust, of course they can do a fractional reserve. I'm not sure there's really any way to stop that because it's one person saying, please trust me, and some people saying, okay, I trust you. And if they can abuse that trust anytime there is something like that.
[26:00]
Peter McCormack
What I was meaning specifically though is my challenge to them was if Bitcoin had full privacy, you wouldn't ever be able to track the ledger of the bank referring back to the bug.
[26:13]
Jimmy Song
You could still have zero knowledge proofs or something like that in that. The thing that I don't like about full privacy, especially with like confidential transactions which hide the amounts, is that you wouldn't necessarily know if there was a mathematical exploit. So you have to trust that the math will be sound in the future. And I believe that the math is sound now, but who knows, right? Like the NSA might have some sort of advantage. They could have figured out some cryptographic solution to the discrete log problem or something like that. And they could. Right now, in Monero, it's possible that they can. If they had some moon math that is impossible to everybody else, but they know how to do it, they could probably inflate Monero in some way and not have anyone know. So having the amounts in the clear, I think is the key thing for making sure that the 21 million limit is sacred. As far as like institutions and their ability to audit, there are tools. If you trust the math behind like zcash, for example, you can come up with a zero knowledge proof that says, okay, well this bank has enough reserves for all of the outstanding loans. Something like that. That's entirely possible.
[27:38]
Peter McCormack
Sorry again. The point I was trying to make is would privacy add an increased risk with bugs such as the one we had this week in that if there was, say, an inflation bug, is there a higher chance that a adversarial miner would get away with it due to the private nature of a transaction because you wouldn't be able to track it?
[27:59]
Jimmy Song
Possibly. It's certainly possible. I mean, yeah, basically the more complicated you make anything, the easier it is to get Away with bugs. The reason why Bitcoin works so well is that they've simplified a lot of stuff. Whereas, you know, something like Ethereum, even zcash or Monero, they tend to be a lot harder or a lot easier to exploit. For that reason there's a layer of complexity and that the attack surface is much, much higher as a result. So yeah, I mean, I think there's some truth to that. I definitely think there's probably more risk as you add features like privacy or whatever. But that said, if you have privacy on a side chain instead, then you know the risks going in and you know the risks coming out. So for me, that's the way to really solve that problem. It isn't necessarily to be like, hey, you know, you can't have privacy ever, it's just you can have privacy, but in this particular domain and all of the risk is born by you.
[29:13]
Peter McCormack
Yeah, see it's funny we're going off on a tangent now. The more I think about privacy and I understand the benefits, I did a really great interview with Fluffy Pony as well covering this. But at the same time I actually started to feel like privacy like private transaction on the main chain are actually probably cause more problems than they solve. I think the open ledger. Also I read an article recently on a whole bunch of things that are coming for Bitcoin and one of them things is private transactions. And I started to think, do you know, I don't think this is a good thing. I think the open nature of the ledger is good and privacy brings a whole heap of problems. It sounds like you feel the same.
[29:51]
Jimmy Song
Yeah, to some degree. Some of those private transactions, like once again, it's all something that you can do voluntarily. It isn't something that you are forced to do. So on a coin like Monero, you're more or less forced to use the private transaction and they hard fork all the time. So you are forced into whatever features that they give you. With Bitcoin it's much more software based, so you get to decide if you want to utilize that feature or not. All of the previous features will still be there. And if you decide to use a private transaction, there has to be some sort of wall. This is why I think sidechains are that nice wall where it's like all the private transactions stay over there and you can come in and out, but the rules behind coming in and out are such that the 21 million limit stays sacred. I think that's the right way to do it. But these are some questions that come Up. Also, there's varying levels of privacy. A lot of it is you still have an address on the chain, it's just hidden better or it's harder to track who's got what and so on. And that can be very effective. It isn't necessarily about hiding the amounts. As long as the amounts stay in the clear, you can have some levels of privacy. As far as what the conditions to unlock these coins are and so on, that could potentially be very useful.
[31:38]
Peter McCormack
I'm just guess you would never want something that has the level of privacy, say of Monero. Because Even if the 21 million coins are sacred, you would never be able to prove it.
[31:48]
Jimmy Song
Yeah, I mean you'd be able to prove it given certain math assumptions. It's just that those math assumptions, you know, there's no guarantee that they're true. Just because we know that computing power is getting better and there's always innovation and there's now like this giant bug bounty on that stuff, right? Like if you can exploit it and you can exploit it or, you know, there might be mistakes and so on. So generally with anything security related, you want to keep things as simple as possible to, you know, reduce the attack surface and like guard. If you have like 19 entrances into your house, that's going to be a lot harder to guard than if you have one. And that's kind of the attitude that you have to have is okay, there's one entrance always into Bitcoin, you can go to this other place which has 18 other entrances to it, but there's a major trade off there. The main use case, I think for Bitcoin is as a store of value. And if that's the case, then you want security, you want just that one door in and out and that that's about it. And that makes it a lot safer rather than having lots and lots of exploitable doors.
[33:06]
Peter McCormack
Do you think therefore, with the main chain it would be ideal to get to a point where there's hardly ever any updates made?
[33:13]
Jimmy Song
I mean there's updates made, but they're always backwards compatible. And I think that's the right way to innovate is backwards compatible changes. That way if the new stuff is exploitable, you still have the old stuff to fall back on and you don't have to go to the new stuff. You can stay on the old stuff as long as you feel like it. And the security properties of one and the other are determined by the market and not by some central authority. I think that's the right way to do it because the old stuff might not be safe. It's possible that ECDSA gets broken, in which case we should probably move to something else. We should probably move to Schnorr or whatever, and that's a large part of figuring out the costs and benefits of something like this. You do need to move just in case something happens and be ready for all kinds of attacks. But completely ossifying everything, probably not a good idea. But ossifying a decent portion that we know to that we know works and hasn't been exploited or whatever, that that's probably a good idea.
[34:32]
Peter McCormack
Next up, Jimmy and I continue discussing the recent bug in Bitcoin, the game theory around mining centralization attacks, and why proof of work needs to be expensive. But first, a message from my show sponsor BlockFi, who can help you use your cryptocurrencies without having to sell them. If you're trying to buy a house, maybe even fund a business or even pay off your taxes, you might have been faced with the choice of selling your crypto. But with BlockFi you can keep your crypto and still pay for those outgoings. With a crypto backed loan you can use your Bitcoin or ether and get USD funded directly to your bank account. And with loan Sizes Ranging from $2,000 to $10 million, BlockFi is perfect for supporting financial goals of any size. With the largest crypto backed lending Footprint in the US BlockFi offers regulatory compliant loans that can be delivered into your bank account in less than 90 minutes. They are the only cryptocurrency to USD lender to receive institutional investment, enabling them to provide the most affordable and trustworthy lending service within the ecosystem. And they have created a special offer for my listeners. So if you sign up@blockfi.com whatbitcoindid you will get $25 in free crypto added to customer collateral loans for under $10,000 or $50 in free crypto added to customer collateral loans for $10,000. Applying takes less than two minutes. So take a look at blockfi.com whatbitcoindid and blockfi is spelled B L O C K F I. Okay, so going back to the bug, so it sounds like you think the whole thing was kind of overblown. Bug sounded scary, but once you examined it you realized it was. The game theory was that it was not really worth it for a miner to exploit because of the cost was too high and they'd most likely get found out. Were there any scenarios that did scare you with it? Like I think you talked about the potential Maybe for a state level actor who wanted to potentially disrupt the network, what is the most extreme scenario that you saw potentially that could have played out?
[36:20]
Jimmy Song
Well, you would have needed a state level actor with tremendous amount of hashing power that wanted to just disrupt bitcoin for bitcoin's sake, without seeming like a state level actor that's trying to disrupt bitcoin for bitcoin's sake. Because as soon as you're found out as a state level actor that's just trying to disrupt bitcoin for bitcoin's sake, then at that point you're found out and then everyone else on the network is against you. That's just what's going to happen. As soon as you know you're being attacked, that you're going to do certain things, most likely every node on the network would have disconnected that block from the state level actor and it would have been like thwarted very easily. So you have to have some sort of like plausible scenario that you're not actually a state level actor, that you're somebody that's just trying to exploit it for their own gain, but make it, make it seem like that. But while being a state level actor, I don't think most governments are that coordinated or clever enough to be able to pull off something like that, just knowing how centralized entities work. So that wasn't a scenario that I necessarily thought was very highly probable or even likely. Even given a very competent state level actor, I don't know if they could have pulled it off. Like high level, super smart people that are very well coordinated and don't have a lot of bureaucratic overhead. I still don't think it would have been very easy to pull off.
[37:55]
Peter McCormack
That doesn't sound like a government well coordinated, highly skilled.
[38:00]
Jimmy Song
Yeah. Despite all of the movies with like James Bond and all that stuff, you know, government people tend to be work very, very slow. They, you know, they need like umpteen approvals for everything. They don't know, you know, how to necessarily pull off operations in ways that are especially fast moving. Things like this where you need to react very quickly. It's one thing if you're creating a stuck stamp virus and trying to crash Iranian nuclear centrifuges or whatever. It's a whole other thing when you have to constantly react to something and that's what the bitcoin network kind of forces you to do. It's a real time thing and you have to be nimble and move and you know, this kind of warfare isn't something that anyone knows much about. So I, you know, I don't, I don't know. I. Let's just say I'm not that scared that these guys have that figured out.
[39:04]
Peter McCormack
So it doesn't sound like there was really any scenario in the end when you kind of went into the detail on it that actually concerned you. There's the game theory, there didn't exist for it to happen. Let me just ask you one question though. Just hypothetically. Say there something had happened, there was a number of transactions or fake transactions that had got through or double spends I think you mentioned in your article. Tell me if I'm wrong, but there's the potential for a rollback. Okay. Has this happened? So like in my history of bitcoin, which is a lot shorter than yours, I don't know of any rollback that has happened. Has there been any recent example of a rollback?
[39:45]
Jimmy Song
I mean there, there have been in bitcoin's history. I think there was level DB bug versus I. There was a, you know, you know, a rebuild basically with the level DB versus Berkeley DB bug that happened. I think it was back in like 0.7 or something like that. It was like a six back, six block rollback. That's called the block reorganization. And those do happen once in a while. Usually they're like a block, not like seven blocks. But that could potentially be pretty disruptive. But again, if you're a state level actor and you really want to disrupt bitcoin, that's the way you would do it. You don't need any exploit like this. You would just go and get a shit ton of mining power and then mine a lot of blocks in private and then release them all at once. That would cause kind of havoc all over the place. And that, that's a lot easier than say exploiting this particular bug.
[40:47]
Peter McCormack
One question I have about rollbacks, just trying to understand something I don't understand is that if there is a rollback, what happens to all the transactions that happened after the time of the rollback? Say there was a bug and then afterwards, Jimmy, I sent you 50 Bitcoin and then there was a rollback.
[41:03]
Jimmy Song
Yeah. So the UTX like the UTXO goes back to, goes from being spent to being a UTXO again. So essentially when you roll it back, those transactions act like they never happen basically. But on the other chain if that transaction gets included again, then it gets included again. So I mean this is where you have the opportunity to spend the 50 bitcoins back to yourself. In which case one person believes they received the 50 bitcoin or they lost 50 bitcoin worth of goods and services versus the other person that actually has it. So those are the scenarios that a lot of devs worry about. But again, that's on a disruption level that's very hard to plan out exactly. Unless you have somebody that's a real sucker and says, okay, well I'll take the 100 bitcoin with like one confirmation. That would be really stupid. You know, like you're gonna, if you're, if you're transferring 100 bitcoin worth of stuff, you're gonna wait for, you know, five, six, seven transactions or blocks confirmation. Not to say that that can't get rolled back. It's just really, really costly. Although if there's like an obvious bug at that point, you know, that's sort of like a community consensus, a social consensus that will roll it back anyway.
[42:38]
Peter McCormack
But it's quite an interesting scenario for what could be at one point trillion dollar Network or a $10 trillion network that their scenarios that can be faced. It's not like a bank database. Right. It's an immutable ledger. So it's, it's kind of an interesting scenario. So I guess that's maybe why people got a little bit upset. Is there, has anything been learned from this and is there any changes to the approach in terms of dev or code reviews that have been discussed, should be discussed that you think need to change now?
[43:08]
Jimmy Song
Yeah, I mean, I think more eyes need to be on it. When this bug entered, it was like two years ago. So it's been a while and processes have changed and upgraded and better developers have gone on and you know, there are more eyes looking at things and stuff like that. But I just want to go back to your previous point about people being upset about these kinds of scenarios. This is why proof of work needs to be expensive. If it's cheap, then you can roll back stuff really easily. That's the whole point. You want it to be very difficult to change history. The only way to make it difficult to change history is to make the process of writing the current history very, very expensive. That's the only way you can, you can force that to be expensive. And that's more or less what bitcoin does. But regarding a lot of this stuff, people have views about what processes we should add and so on. I think it works pretty well. This was a confluence of some weird scenarios that ended up causing this particular bug. And now that we know about it, it's going to make bitcoin core stronger and allow more people, more eyes on anything that touches consensus code and better labeling and so on, more testing and things like that. But this is how bitcoin grows. This is how bitcoin gets better. That's what you kind of have to do.
[44:44]
Peter McCormack
Does bitcoin have any form of bug bounty program?
[44:48]
Jimmy Song
People have talked about compensating developers and bug finders and stuff like that. And certainly other coins have that, but that's a little too centralized, I think, for my taste. And then that also has weird incentives where developers create bugs just so they just create different bugs just so they can collect on the bounty and stuff. So, yeah, I'd be a little bit skeptical of any sort of thing like that.
[45:23]
Peter McCormack
So I often get into discussion. I don't know why I even bother. But with Ripple Coin, XRP fans on Twitter and they always talk about, most recently now that XRP is more decentralized than bitcoin, which obviously it isn't. But a common thing that comes out is that because there are a number of mining pools with bitcoin, it's centralized in China. So can we just kind of talk about this a little bit in the game theory around mining and mining pools and because you've talked about this before, right, you have centralization around bitmain, but really the game theory isn't there because they could destroy their own business. You have centralization around mining pools, but can mining pools really execute any kind of attack? Or should they? And why would they. So can you just talk to me a little bit about this side of things?
[46:08]
Jimmy Song
Well, so first of all, you shouldn't engage in with any of the XRP. I'm almost positive, like 99% of them are sock puppets because they all have like 30, 30 followers and they show up anytime. Tiffany Hayden, like puts like XRP army or something like that. Like, that's our signal to some script out there that basically like harasses anybody that's on. Like, it's. It's insane. But, you know, like the mining centralization argument I thoroughly debunked, I think in the, in an article earlier about, like, what, what are the actual ways that a miner can actually exploit the network, you know, with. With plenty of hashing power. Vast majority of them doesn't make any sense. And like, maybe there's a possibility that you can short bitcoin somewhere and then get a majority of mining power and then be able to cash out of that short. But again, that's extremely difficult. Requires a tremendous amount of money, tremendous amount of mining Power. And you could try doing it, but there are. Again, it's so risky for you to do because you might not succeed if you try to short bitcoin and you fail and bitcoin shoots up in price, now you're out even more money. It's the sort of scenario that doesn't make any sense for any miner to do. And really, I think the best analogy I heard was you can think of. Imagine that you are a business and you decide, okay, we're gonna hire some security guards, right? And you go, okay, well, great. And, you know, they. The first one is good, and you. You're seeing some good benefits, so you hire some more. And you know that there's, you know, your, your business is more secure and there's more transactions happening in your business. And then like, the security guards band together and they go, you know what? This place is too far from where we live. We're gonna go and, and move the office somewhere else. And then they show up to work the next day at this other place and find out that the rest of the office isn't there. Well, that's kind of what miners are like, right? They're the security guards of the network. They're hired by the rest of us to provide security for the bitcoin network. If they move on and do something else, we'll get new security guards. They don't hire us, we hire them. And yeah, we have some that really know how to manufacture ASICs and get a lot of hashing power at an advantage over other people. That means that they're better security guards than others. But that does not. It's kind of immaterial. This is always an argument that's given by people that don't really have the technical knowledge. And it's a talking point from Tiffany Hayden and David Schwartz, I'm sure. And again, just completely ignore them because they are completely irrelevant to this entire conversation. And getting caught in. I have been caught sadly as well, in trying to defend myself against these trolls, but it's a complete waste of time. So, yeah, I would suggest that not happen anymore.
[49:46]
Peter McCormack
But at the same time, do mining pools have any ability to exploit anything? Like by, like, I'm part of a.
[49:54]
Jimmy Song
Mining pool, they can sort of censor transactions because they get to create the blocks. But Matt Corallo's better hash, you know, protocol would decouple that as well. So each individual miner person that's mining gets to decide what the block looks like instead of the mining pool. And there's some ability there. But again, as Long as the actual equipment is distributed. And all indications seem to be that they're all over different places and lots of different owners. It's one of the first things that people do when they get into bitcoin is, oh, maybe I should get a miner and see if I can print my own money. Turns out to be not as efficient as anybody thinks. But that's the reality. There's a lot of mining equipment out there and not all of it is at Bitmain. In fact, very little of it according to their IPO perspective. So, yeah, I wouldn't worry at all about what they're saying.
[50:55]
Peter McCormack
So it seems like there's a consistent theme here. Like any attempt to disrupt the bitcoin network or any adversarial attacks seem to only ever be something that would be short term and very expensive to do and likely very risky to execute.
[51:12]
Jimmy Song
Yeah, that tends to be the case. And the reason for that is because people, I mean, the network is incentivizing everyone to basically play well with each other. If you play well with each other, there's a lot of profit in it for you. If you don't, then there could be quite a lot of pain for you. And ostracization is just one of the many things. But yeah, it's a well designed system from an incentive standpoint. And it might just be the fact that we've been around for a while and that's sort of helped solidify a lot of the incentive structures already.
[51:56]
Peter McCormack
Do you consider the segwit2x as an attack on bitcoin?
[52:01]
Jimmy Song
Yeah, I thought it was a governance takeover attack. It was an attempt to centralize the direction of Bitcoin and thankfully that didn't go through.
[52:11]
Peter McCormack
But are therefore hard forks in that way? Hard forks which have minor support and potentially no support. Are they a risk?
[52:20]
Jimmy Song
No, it's like the security guards going and guarding some other building. Like, who cares? You hire new security guards and the security guards decide to ambush the building or something like that for whatever value. Not gonna work. I mean, they could try, but there are all sorts of mitigations against that. And as long as you are master of your own node, you will have your own bitcoins. Now granted there are price considerations and things like that, and you know, if it starts to tank, who knows what happens. But that's more a social psychology thing than a technical attack. There are always mitigations against particular types of attacks. And as soon as it's known, there are lots of clever things that people can do to mitigate even the worst forms of attacks.
[53:17]
Peter McCormack
Are there any particular areas that you think that give you slightly more concern that you think need a little bit more attention?
[53:24]
Jimmy Song
At this point? It's the lack of developers, but that's something that I'm trying to rectify by training them.
[53:31]
Peter McCormack
Yeah, you've got your program.
[53:33]
Jimmy Song
Yeah, I've been, I've trained over 400 in the last year, so that's hopefully helping at least a little bit in the ecosystem.
[53:43]
Peter McCormack
So are you training them to code Bitcoin? Are you training them in, is it C or C plus? Again, I'm not a technical person, it's.
[53:49]
Jimmy Song
A Python class, but basically it's a two day, very intense class and you know, you just have to come in with a knowledge of Python and by the end you have, you leave with a very good idea of what the protocol is and how to make your own transaction and so on.
[54:09]
Peter McCormack
Okay, so lightning network, have you looked at that at all? Do you see any potential attacks in the area? Have you looked at the game theory of that?
[54:17]
Jimmy Song
Yeah, I mean it's still kind of an unknown security model. It's fairly new and it's going to take some time to harden and it hasn't hardened yet. So until it does, I don't think it's that easy to figure out. There's a lot of speculation about it and most of that speculation is utter bunk. But that's kind of what happens when you have people that are politically opposed to it and not technically.
[54:43]
Peter McCormack
Do you mean like the centralization and nodes?
[54:46]
Jimmy Song
Yeah, I mean this is fud that they've been saying for a very long time. And I mean, you look at the network topology and it's anything but centralized. It's kind of ridiculous actually.
[54:58]
Peter McCormack
Okay, I've purchased one of the CASA nodes. Have you seen the casa?
[55:03]
Jimmy Song
Yeah, yeah, I was thinking I should probably purchase one, but I didn't get in on time. Maybe I can go beg Jamison. I'm not sure.
[55:12]
Peter McCormack
Yeah, maybe. Okay, so just last couple of things I want to touch with you on. How do non technical people, people like myself, how do we help support Bitcoin? Like, should we run a node? How do we run a node?
[55:26]
Jimmy Song
I think the best thing you can do is hold Bitcoin because from an economic standpoint, that's very, very important that people that actually believe in Bitcoin actually hold it. That's what gives a scarcity, that's what gives it value. And not all of these traders or whatever, they're just playing on top of it. The other Thing is to participate in the social community. And as much as you're able understand the technical stuff and your sense of right and wrong as a community actually matters quite a bit. And that's sort of an emergent property from community, and that's write articles, tell people about it, let others know if they're interested, that sort of thing. Those are much more important than going and buying coffee at Starbucks with your bitcoin cash or whatever it is that Roger's doing these days.
[56:23]
Peter McCormack
What if somebody wants to, say, set up a node? What would you recommend?
[56:27]
Jimmy Song
Yeah, I mean, there are ways to do that fairly easily. I've been meaning to put together some sort of video to get people to do that, maybe on several machines. But, yeah, I haven't gotten around to it. There's a way to do it on Raspberry PI that's kind of cool. And maybe at some point I'll create an image for Raspberry PI that you can just plug in and hook up to the network and bam, there it is. It's all working, you know, like as a full node. Something like that, I think would be pretty fun, but I just haven't had time to do any of that. But there are tutorials out there. It's just a matter of how much are you willing to. How much time are you willing to invest. Everyone wants everything, like, right now and really easily. But, you know, like, how much you want something or how much you are supporting something is not defined by how much desire you have towards that thing. It's defined by how much you're willing to suffer. And you might have to suffer a little bit and, like, learning stuff that you don't know anything about and going through tutorials that are very confusing to you and, like, buying, you know, hardware that, you know, like, you don't really understand if you're getting a good deal or not on, like, that's. Everyone has problems, but, you know, like, the. The kinds of problems that you deal with show you where your values are. And if you value Bitcoin, then there are certain things that you can do, and all of these things are possible. I'd like to make it easier for people. So the, you know, the bar is lowered a little bit, the barrier to entry is lowered a little bit. But, you know, I mean, I. The. What can I say, right? Like, if you. You go in as deep as you want and that's. That's all you do.
[58:24]
Peter McCormack
It sucks you in. All right, Jimmy, look, this has been great. Just to finish off. What are you coming Up. Are you going any more cruises?
[58:33]
Jimmy Song
Yeah, I'll be at Hackers Congress in Prague. I think I travel there starting on Wednesday. I think I arrive on Thursday and the conference starts on Friday. And it's Friday, Saturday, Sunday. It's going to be a great conference. It's going to be a lot of fun. I'm also hosting a carnivory dinner there. So it's going to be in Prague, it's going to be on Sunday and we're going to do Brazilian barbecue. It's going to be fantastic. So, you know, I encourage whoever is around to come and hang out and have the best parts of a conference without the stupid talks or booths or sponsors or panels or boring stuff.
[59:12]
Peter McCormack
Are you gonna be in London at all soon?
[59:15]
Jimmy Song
It looks like next February there, there's going to be a conference held by one of my former students. So I'll be speaking at that. I think that's like February 7th and 8th. More details will be coming forth in the next, next few months.
[59:29]
Peter McCormack
And how do people find out about your course programming?
[59:33]
Jimmy Song
Blockchain.com. yeah, that's. That's where it is.
[59:37]
Peter McCormack
Put that in the show notes. And then lastly, what are your three favorite altcoins? No, I'm just kidding, Jimmy. How do you, how do you want people to stay in touch with you?
[59:46]
Jimmy Song
Twitter is fine. You know, obviously there's other ways to contact me. You just have to do a little searching.
[59:52]
Peter McCormack
All right, cool. Look, appreciate your time, Jimmy. You take care, man.
[59:56]
Jimmy Song
All right, thanks.
[59:59]
Peter McCormack
So what did you think of that? How cool is Jimmy?
[60:02]
Jimmy Song
What?
[60:02]
Peter McCormack
Gotta say, the tech side is hugely challenging, especially for me as a non technical person. But I do enjoy reading about it. I know I was out of my depth with this, but it was really good to just to get into the tech and try and understand what was going on with this recent bug in bitcoin, what the game theory was behind it. Because there was a whole bunch of articles out there saying how disastrous it was. But it was pretty cool to hear Jimmy explain the game theory of exploiting it. And actually, you know, quite interesting. It has actually been exploited on another chain. I read this week that pigeon coin, which I'd never heard of, was exploited. And people, I think it was about $15,000 they got from exploiting the bug. But yes, it was good to hear about it. It was good to try and understand the game theory and research it. And I do appreciate Jimmy coming on the show. So listen, if you enjoyed it, please do support the show. Do consider becoming a Patreon which you can do@patreon.com whatbitcoindid do please leave me a review on itunes or subscribe on itunes. Both things help the show. Follow me on social media, I'm otbitcoindid on Twitter, on Instagram, on Steamit, on Medium. Please check out my website, it's www.whatbitcoindid.com and sign up to the newsletter. And please do share this out with your friends and family. Listen, I hope you all have a great week and I look forward to bringing to you a new show next week.