Rusty Russell

https://rusty.ozlabs.org

Lead Core Lightning, Standards Wrangler, Bitcoin Script Restoration ponderer, coder. Full time employed on Free and Open Source Software since 1998. Joyous hacking with others for over 25 years.

Public Key

npub179e9tp4yqtqx4myp35283fz64gxuzmr6n3yxnktux5pnd5t03eps0elz4s

NIP-05 Address

[email protected]

Profile Code

nprofile1qqs0zuj4s6jq9sr2ajqc69rc53d25rwpd3afcjrfm97r2qek69hcuscpz3mhxue69uhkummnw3ezummcw3ezuer9wcq3camnwvaz7tmwdaehgu3wvf5hgcm0d9hx2u3wwdhkx6tpdspt9qp3

Publishing to

nostr.oxtr.dev

nostr.bitcoiner.social

relay.mutinywallet.com

nostr.mom

nos.lol

Author Public Key

npub179e9tp4yqtqx4myp35283fz64gxuzmr6n3yxnktux5pnd5t03eps0elz4s

Show more details

Last Notes

2025-03-17 09:34:23 GMT

- reply

Well, actually the migration failed, so you didn't need to downgrade. But now you've done that you can upgrade to 25.02 if you want.

2025-03-16 21:00:30 GMT

- reply

It seems to me that you could prove a hardened derivation or a BIP-39 derivation. Unfortunately this reveals your secret key, so you need to either use a (quantum resistant!) ZKP, or a two-stage reveal: hash of the proof, what outputs you will spend, and an indication of what address you want to transfer the coins to, then after that is mined, you do the spend at put the derivation in the annex (or, for non-taproot, in an OP_RETURN).

2025-03-15 04:44:49 GMT

- reply

Yes, gossip is a terrible way to propagate real-time information about the state of your channel. This is kind of by design since we stagger gossip, but also there are real propagation issues which we'd like to solve a gossip v2, but it will still be very slow. There's another proposal which is to allow you to publish a fee rate card that would have several different levels and the fee would vary depending on the remaining capacity in your channel. So someone just looking for a cheap payment would try the lowest fee rate that you offer and probably fail, but somebody who was really eager to get their payment through would be able to pay the highest.

2025-03-14 23:58:52 GMT

- reply

Interesting. I see it the opposite way. People are proposing all kinds of one-off hacks for their specific use cases, which in my experience leads to more bugs and less usability, and exponential complexity as they don't work together. I would rather see "what if we had full scripting again?" and review proposals from that angle.
As to safety, that still needs to be assessed. Details really matter, so I cannot give a verdict until the design and implementation are complete. So step 1 is to do that. Step 2 is to evaluate whether it's worth it.

2025-03-14 23:53:08 GMT

- reply

Can't zap btw https://image.nostr.build/5fe13670c1e77716ad8867a1adacb1acecddcd89e11650997de4e5f7c8d4c1f0.jpg https://image.nostr.build/5fe13670c1e77716ad8867a1adacb1acecddcd89e11650997de4e5f7c8d4c1f0.jpg

2025-03-14 23:51:25 GMT

- reply

Non sequitur, but I'm curious. What do you dislike about restoring Bitcoin Script?

2025-03-14 22:48:35 GMT

- reply

I used chatgpt to revise a speech, asking it to increase emotional impact. The result was anodyne: there was only one phrase I liked, the rest was, basically, a series of the most predictable next words.
It creates good filler. But that's rarely what I need.

2025-03-14 22:45:12 GMT

I don't identify as a #Bitcoiner.
I do identify as a Free Software developer.
From my perspective, Bitcoin is just the project that needs the most development from my skills right now (or, less charitably, where I can have the most fun!).
But if you think of me as a #Bitcoiner you're going to be terribly disappointed with my non-traditional RL friends, oddball political views and weird hobbies.

2025-03-14 02:24:51 GMT

- reply

"Tether is owned and operated by bitcoiners"
Really? And if so, is it relevant?
I suspect it is more reliable to predict behavior using current motivations, not self-proclaimed categories.
And the incentives for Tether are to go further out on the risk curve, cover up any losses to avoid a run, cosy up to high-profile Bitcoiners to get endorsements, get "dumb money" holders so you never have to pay out fully.
They've done all of these in the past. They're making so much money right now you might assume these things are behind them. But the incentives remain: many people thought FTX was making so much money they wouldn't flush it all doing stupid things, right?

2025-03-14 02:12:45 GMT

- reply

You misunderstand. One key benefit of tether getting establishment approval is that nobody in the establishment expects them (or anyone else) to be full reserve. That's something you only do if you're trying to appeal to weird cypherpunks and Austrians whackos.

2025-03-13 22:50:11 GMT

- reply

Lol. I'm "punch a hole in the other side of the single-sided floppy disk to use the other side" old.

2025-03-08 22:42:57 GMT

- reply

I think the promise of higher fees in future is stealing fees. Behaviors which would currently be economically reasonable have been beaten out of people by runs of high fees and the foreshadowing of higher feerates they represent.
Nobody is bringing back Satoshidice: they know it will be a brief summer fling at best!

2025-03-08 07:17:43 GMT

#Bitcoin price predictions and stupid people attract.

2025-03-08 07:17:23 GMT

- reply

I have been "Code Monkey" and more recently "Code Contributor". If you ever see me with a "Vice President" title please kill me: it's clearly an evil clone.

2025-02-27 03:32:09 GMT

- reply

You're going to buy a tie?

2025-02-25 22:50:44 GMT

- reply

This spectrum is good, but a bit prescriptive if you want to evaluate future schemes.
1. Can I get my money back? *
2. If not, it's custodial. You now need to judge by their expected value of preventing you from taking your money.
(* There are probabilistic schemes which can theoretically sit between these two)
"How likely are they to rug me" depends on many factors, most hard to quantify. In some schemes it's hard to stop individual payments without stopping them all, and/or hard to identify which funds to freeze. In others there's a bond which is sacrificed. Some rely on reputation damage.
These are only interesting because we will always need some system for sub-chain amounts.
I really like the idea of a "Nero protocol" where anyone who proves malfeasance by the custodian can burn the funds. Such proof may be impossible though (prove they refused to let you spend your funds?).

2025-02-24 00:28:42 GMT

- reply

It's possible, but my current approach is in-place, which makes for easier review. See https://github.com/rustyrussell/bitcoin/commits/guilt/varops/

2025-02-23 21:03:49 GMT

I have too much on my plate. I am excited about restoring Bitcoin Script, but I am more then full-time with my Lightning work.
But if someone has experience with Bitcoin's inner workings and wants to work on this, I would commit to carving out time to mentor them and help them get a grant.
It's not going to be easy, but it could be Great!
Ping me if you want to discuss 🧡

2025-02-22 23:34:58 GMT

- reply

Well, Jade also supports Liquid, so it makes sense.

2025-02-21 22:43:58 GMT

Sometimes, I feel Blockstream marketing team really earn their salaries: https://image.nostr.build/bfaabae48d29cc58823500f18e58fc32aebe64eec17160806a8f03998240592a.jpg

2025-02-21 22:26:34 GMT

- reply

We do have a BIP32 for the onchain funds, so you could have an external watcher. We should add an xpub to getinfo: want to file an issue requesting it for next release?
It won't cover *all* your funds, since unilateral closes go to weird time locked addresses, but it would cover most.
We don't generally give out privkeys: they stay in the hsm daemon for design reasons (hence the external tool to extract them).

2025-02-21 22:22:40 GMT

- reply

You can't take an existing secret and express it as BIP-39. This is a huge problem :( You have to start with a BIP-39 in the first place.
You can use BIP-93, but who supports that?

2025-02-19 23:10:32 GMT

- reply

Hmmm, your zap invoice system does not like 210k sats. 21k sats worked fine. Repeatable...
https://image.nostr.build/e98da65338cb11a84e20f7240af6407de9079cbfa2332ac71b7b18ab9d250880.jpg

2025-02-17 20:37:18 GMT

- reply

If everyone withdraws every time, privacy gain is minimal. But (despite the obvious risk of a rug pull) using your ecash mining funds as a regular wallet to pay *other* things is a win. There's already something of a trust relationship, I guess
BTW, @nprofile…xnfk is there a standard way/protocol for a mint to announce a shutdown schedule? So wallets can (ideally automatically) move funds off?

2025-02-16 22:54:18 GMT

Meanwhile, on TwiXter: https://image.nostr.build/ee34ac2f2b894eb494247ea449c037428129e71bb5b4139a04571f300cf0d870.jpg
If I'm reading this right, having a whole Bitcoin will sterilize you? Or kill your children?
Maybe I should unretire Shit Bitcoiners Say...

2025-02-16 20:59:38 GMT

- reply

Dijkstra hated BASIC, too.
But you know what? The main obstacle for most people is getting off zero: like, did you know you can just tell the computer to DO THINGS FOR YOU?
Sure, you'll do it badly, for stupid reasons. Maybe they want to make a Minecraft mod or scrape a porn site.
I wanted to make arcade games. I never did: making the computer do more useful things while collaborating with brilliant people turned out to be joyous in a way I hadn't foreseen.

2025-02-16 20:53:35 GMT

- reply

Yeah. Not only have I not seen that happening, it's almost always the case that adjacent projects bring in more outsiders. And they gain the experience and knowledge to cross over later, if they choose.
But more importantly, you can't "take away" devs: they choose. I don't see evidence of duress or deception here

2025-02-16 06:03:49 GMT

Anyone set up NWC on Core Lightning? I don't really want to have to read all the NIPs and implement YA nostr client!

2025-02-15 22:05:50 GMT

- reply

Green does.

2025-02-11 09:51:54 GMT

- reply

The term "mining" actually seemed to have actually smoothed funding for Bitcoin mining from traditional mining investors: it's a commodity where you spend on infrastructure up-front with unknown returns which depend on market factors outside your control.

2025-02-10 08:33:20 GMT

- reply

No, the gold mining analogy is a good one: you have to do real work, and the results diminish over time as easier deposits get extracted.
You're over-thinking it because that of course is not quite right, but that's the nature of analogy.
But most importantly, this is an abberation: the final state of Bitcoin matches neither the mined nor the discovered analogy. It's all block space market.

2025-02-06 21:01:13 GMT

- reply

Meanwhile, over here*:
* I did try to change the units from Celsius to match yours, but under Units it only let me choose between km/h and knots 🤣 https://image.nostr.build/f52c219633b41a73f8e72bbbbae4755339872b7bbf87fc62618eab300180127b.jpg

2025-02-06 20:44:52 GMT

- reply

If you do JSON RPC I strongly recommend you guarantee one request per line. This makes clients easier to write: read a line, parse

2025-02-05 21:19:45 GMT

TIL accidentally that in Firefox on mobile you can long hold on an emoji to get a description of it!
🥰
https://image.nostr.build/5f541d6ea842efba98f15529de6a6065f6b4d119478e0ca5b63f5c761dc54c15.jpg

2025-02-03 20:57:18 GMT

- reply

This will age so very badly. But at least this thesis is testable, so kudos on that!

2025-02-02 19:27:15 GMT

- reply

Much better!

2025-02-01 21:40:25 GMT

- reply

Not biodegradable either!

2025-02-01 21:36:43 GMT

- reply

This happened to me previously: clean out the port with a toothpick. Pocket lint is a real issue.

2025-02-01 21:35:33 GMT

- reply

Reminds me of the classic: https://www.gnu.org/fun/jokes/ed-msg.en.html

2025-02-01 21:08:30 GMT

- reply

Perhaps keep such dogma on X, and use Nostr for more reflective posts?

2025-01-28 20:53:04 GMT

- reply

NICE TRY SPOOK! 😁
Blockstream Store, 280,000 sats.

2025-01-27 21:07:42 GMT

Anecdata: I had an invoice which failed on my Phoenix wallet which worked with xpay from my local node.
It's always been the other way around!

2025-01-27 21:05:44 GMT

https://repebble.com/
Finally, someone bringing Pebble back. I ran my Pebble into the ground, and would happily get a new one. Love my Seiko classic, but the vibrating alarm makes my wife's life better for those 5:30am lightning calls.

2025-01-26 21:57:06 GMT

- reply

What this feels like is hard to put into words. Once you have an idea, you have to code it. Whether it's a fix or a new solution, the urge to make it extant is incredibly powerful.
I've heard writers describe a kind of animal spirit that takes over them and forces their words into the page. This is the closest I relate to: it's almost painful for me to discuss a technical problem without itching to write up the solution I've found.
I had a junior colleague at a large company get admonished once for solving a problem "which had been assigned to someone else" (and had been for weeks). I get that from an organizational POV but: these are not your people, time to move on.
Also, time is limited, and deciding when and where to unleash this ability is the secret to being a functional (and happy!) being.

2025-01-23 23:45:02 GMT

So, there's a place offering Bitcoin-denominated life insurance. Here's the problem though: they invest the funds to make return in *Bitcoin*.
But there are few if any Bitcoin-native opportunities. We also know that Bitcoin's gains are in a handful of market days per year.
IOW I cannot see a way of making "conservative" investments and outperforming Bitcoin, since such investments will be dollars.
If it seems too good to be true ...

2025-01-22 09:54:47 GMT

- reply

Let's assume I can build an AMM. Now I need to understand exactly how they work in Eth, that makes this kind of thing impossible in Bitcoin. And I don't: it's not my thing.

2025-01-22 08:10:19 GMT

Honestly, surprise on the up-side is nice. Unusual. But let's take our wins! ❤️

2025-01-21 03:10:59 GMT

- reply

Exactly as expected. Also: disappointment will continue.

2025-01-18 22:55:53 GMT

- reply

But CHECKTXHASH is still the wrong idea. You want to fix script then do full introspection, not this weird hash introspection which simply adds bloat.

2025-01-18 07:10:01 GMT

- reply

Greg Maxwell, Pieter Wuille, to name two.

2025-01-17 23:31:51 GMT

- reply

I've become a big believer in success spirals, but the converse, loser spirals, is also true.
Nobody tells you this, you have to learn. And that path can get really dark.

2025-01-17 23:13:52 GMT

- reply

There are many arguments why it won't happen, but they're at a disadvantage because it *did* happen to Ethereum apparently.

2025-01-17 22:58:24 GMT

Honestly, I'm still struggling with Bitcoin soft fork proposals. I believe we will end up with full introspection: there are too many things people want to build which require it.
But most current proposals are workarounds for current limitations, which will become vestigial when/if we actually fix things. They may be simply unused, or worse, not quite useful. And it's hard to know: if we had restored script and introspection, we could see what people build and then go "ah, this opcode would make this more efficient!", but without that we are guessing.
So I really have to figure out if mevil is real. Serious people have concerns, esp @nprofile…lwwv, so they need serious consideration. If I can convince myself it is either not an issue or independent of script power, then I can reasonably purpose what Bitcoin would look like with maximal expressive power.
After that, I can look *backwards* and see if any subsets of that power make sense as stepping stones. I initially thought CTV (well, a more straightforward variant) made sense, as a common case, but brief discussions with Jonas Nick have me questioning whether it actually is still useful with full introspection (or, more clearly, what the right form would be).
As an aside: I think sponsors (done optimally) are necessary for any Bitcoin high-fee future. Feels like a side-quest though!
Sorry I don't have answers. This stuff is *not* simple, the details are critical, and some of our best minds from previous eras are absent :(

2025-01-17 09:34:06 GMT

- reply

His Master's Voice
The realistic portrayal of a large militarized project, combined with an unsatisfied mystery: it still lives in my head...

2025-01-15 22:10:14 GMT

- reply

It's very wise of you to run them as separate users, but you could have them all in the same group and make sure the directory for lightning RPC is accessible by that group as well as the file itself?

2025-01-15 10:22:21 GMT

- reply

You get that from a random noisemaker? Do you see Jesus in your toast too?

2025-01-15 04:13:09 GMT

- reply

I haven't tried lnbits, but glancing at the docs, I would usually use the CoreLightningWallet backend, but that is only if lnbits is on the same machine.
Biasing a channel you want to balance may give you some passive balancing, as other payments go out, but unless you do lots of payments I don't think it will be very effective. Most people use the rebalance plugin, but it's a bit primitive these days: we could write a better one...

2025-01-15 03:59:13 GMT

FFS. Someone says someone said Trump said he holds a lot of Bitcoin.
There is no signal in that noise. None. https://image.nostr.build/99a61c89cffe0b0b9a3eed3c513752d15fdb58c8393f3a4aa86959b25055e0f4.jpg

2025-01-14 11:36:44 GMT

- reply

I understand this! We are definitely less polished in many areas. Progress can be slower than I want.
This is software, so there's always a chance if bugs, and xpay is new.
The main risk is that *none* of your payments work, because I missed some case which applies for you. But we could also have bugs which pay too much in fees, for example.

2025-01-13 20:34:56 GMT

- reply

Hmmmm, there are screeds of text I could throw here: nullc on Reddit, describing various things. But two examples:
1. He described Bitcoin upgrades as like carving from a block of granite, in that you can reveal new things within the space but you can't add things. This captures the counter-intuitive nature of soft forks, where rules can be added but not removed.
2. He pushed back against the idea that Bitcoin was inherently anti-fragile, with an understanding that we, ourselves, are what makes us so! If we all stop pushing (say, because we believe it's inherently resilient!), it fails.
In general, he rejects over-simplification, preferring to understand details. I appreciate that!

2025-01-13 07:02:17 GMT

I think it was after my first year at Blockstream I asked if I could have regular 1x1s with then-CTO Gregory Maxwell. I was, perhaps, too inexperienced at that point to take full advantage of that, but his form of thinking has been a model for me on how to think about Bitcoin, though I don't always agree with him.
Needless to say, his receipt of the #finneyprize along with Pieter Wuille is fully deserved. It's hard to think of who could even follow that pair, to be honest!
finneyprize.org

2025-01-07 07:46:30 GMT

Wait, you haven't seen The Princess Bride?
(Now I'm trying to figure out the easiest way to stream this while on vacation...)

2025-01-07 00:34:20 GMT

- reply

Great dress!!

2025-01-05 12:50:43 GMT

- reply

Yep. NOBODY.

2024-12-29 21:35:24 GMT

- reply

Don't do this to me, man: I'm on holidays!
Ok, off the top of my head. Let's do a single UTXO, which you can spend. We represent all of the pubkey+balance pairs as a hash (separate output? In the script? I don't know).
Three ways to spend it:
1. New funds. Appends pubkey and the new input amount (maybe allow change output?). You have to provide all the previous pubkey+amount pairs, so this gets more expensive as size increases.
2. Early withdraw. You provide all the pubkeys and amounts, and a signature from your pubkey, and an offset of your pubkey. Your amount gets divided by 10, then divided by number of remaining participants (last one can't exit, too bad!) rounded up. Adding that to each participants amount is *hard*, because there is no iteration in Script. This means open iteration, so an upper limit on how many participants.
3. Final withdrawal. This is easier, simply spend with a single tx with outputs to each pubkey/amount.
So, you need introspection, ideally fully (OP_TX or multiple opcodes) to deal with amounts. You want Script restoration to sanely divide and handle whale amounts.
To do this *well* you want stack iteration, for which I am unaware of any proposal. varops could be amended to allow this in future, but it deliberately doesn't charge for some opcodes because we know there's a weight limit, and that will need to change if we have iteration.
But it's a cute idea!

2024-12-24 01:19:33 GMT

I am a little surprised by those buying into the idea that Trump will lead a deficit-reducing administration. I expect conflict, chaos and massive falling out, with the result being business as usual.

2024-12-21 23:08:19 GMT

- reply

Yes. When MtGox went down, and I decided to start working on Bitcoin, I forced myself to read through those loss threads on Reddit.
Some days, balancing optimism for the future and pessimism for the future *mistakes* seems intractable. But if not us, then who?

2024-12-20 23:19:19 GMT

I don't usually find Nic compelling, but I'm enjoying the thoughtful contrariness of this piece, opposing a Bitcoin Strategic Reserve (and predicting it won't happen):
https://bitcoinmagazine.com/politics/i-dont-support-a-strategic-bitcoin-reserve-and-neither-should-you

2024-12-18 23:43:03 GMT

#CLN release 24.11.1, for those fans of xpay. I've been impressed how many people are testing it, and especially those who go all in on the #reckless "xpay-handle-pay" setting!
BTW: did you know you can use the "config" command to set `xpay-handle-pay` *on the fly*?
https://github.com/ElementsProject/lightning/releases/tag/v24.11.1

2024-12-18 22:56:06 GMT

https://antoinep.com/posts/softforks/
In which Darosior explains quite coherently why there's not a great deal of *technical* motion on a Bitcoin soft-fork.
Seems like a fair, rational summary.

2024-12-16 07:21:58 GMT

- reply

Blocked the bot.

2024-12-16 05:40:58 GMT

- reply

Sure, but we wouldn't have anything to talk about! 🤣

2024-12-16 04:51:09 GMT

The only thing dumber than talking about the Bitcoin price is making Bitcoin price predictions.

2024-12-15 01:01:38 GMT

I mainly end up hiring workaholics. This is a consequence of seeking passionate, smart people who love their work.
So as a manager I mainly find myself telling them to take more leave and asking pointed questions if I receive an email from them far outside hours in their TZ.
But it also means I model the behavior I want, which helps me regulate my own hours. I have youngish kids, and my wife has her own career, so I try to stick to my weekly work hours. And I broadcast that to my team.
I want to work with these people for a decade, so it's a marathon not a sprint.

2024-12-14 23:15:50 GMT

xpay (not *coat*, thanks autocorrect!) bug reports trickle in. I'll try for a .1 release this week with fixes.
I am impressed by the number of people banging on it: some of the things I knew were sub-optimal (esp if you tell it to override the pay command) now seem more important.
Away early January, and Blockstream gave us all the Xmas week off, so this week is critical. Like, y'know, every other week!

2024-12-13 22:12:23 GMT

- reply

Here's what you need to search up:
1. Harmy's Despecialized Edition.
2. Machete order.
Good luck!

2024-12-13 22:08:31 GMT

- reply

It would be possible to have a deliberately deanonymized ecash which allowed the mint to make people whole, but that would be a whole different kind of irresponsible.
Developers must feel responsible for bugs, as you clearly do, but you cannot let them prevent you from creating new things into the world and improving them.
You're doing great! Carry on! 🧡

2024-12-12 20:50:06 GMT

- reply

"Hell hath no fury like a vested interest masquerading as a moral principle" is also related...

2024-12-10 22:37:09 GMT

So, a lovely interaction with Jeremy Rubin where he shattered my XOR simplified CTV scheme. Damn.
So I'm banging my head against the problem some more. I want "txid with this input txid zeroed" but that can involve too much hashing in the worst case. Even if you move the txids to the end: about 250 GB according to my rough calc.
Jeremy suggested a merkle tree, which can work, but we're getting uncomfortably far from "simple" now. Specifically, my bar is "how hard would it to be to produce this *in Script*, assuming that's fully re-enabled?". Not too bad with a known number of inputs, but I don't want to even think about dealing with arbitrary numbers.
Varops budget doesn't really help here, either. Everywhere else, you can't hit the varops limit unless *your input script* is doing wild things: this would mean you can hit the limit with a single opcode in a reasonable script :(
You're better off just saying "your tx which uses this opcode must have no more than 64 inputs" or "no larger than 10k", but that feels totally arbitrary.
For those following along at home: CTV solves this by committing to just the number of inputs, and if that's not 1 you're kind of on your own. It's not *banned*, just shrugged. I dislike this hole, but do I dislike complexity more?
This is what I ponder over morning coffee before Real Work.
https://image.nostr.build/9c1585d6207c5cad4bfc25e2ffce67ac3dc7e27347c1744e57186be1d254b258.jpg

2024-12-10 21:44:12 GMT

- reply

You should take a month off.
Imagine how much you'd get done!! 😂

2024-12-09 21:14:27 GMT

BTW, Rearden (apparently from Jeremy?) pointed out that my simplified CTV-like scheme was flawed because it didn't commit to the order of input txids.
You need to xor SHA(inputnum | intxid) for each input to fix this.
I still like the scheme, because it clearly commits to everything the txid commits to (with modifications required by efficiency concerns). Like a "forward txid" to mirror the normal txids which are backwards references.
I should write it up, for comparison with CTV. Maybe once I've done that I'll no longer think it's a significant simplification?

2024-12-08 09:01:31 GMT

I'm slowly coming around to the following roadmap:
1. Simplified CTV for whole-tx commitments (ie you *will* spend this output using a tx which exactly like X.
2. Optimised sponsors for solving the "but how do I add fees" problem in a way that doesn't drive miner centralisation.
3. Script restoration so we can don't have arbitrary limits on things like amount arithmetic and examination sizes.
4. Introspection opcode(s) so we can examine txs flexibly.
5. Script enhancements for things like merkle proofs (e.g Taproot trees) and tweaks, checksig.
You could argue that #1 is simply an optimisation of #3/#4, and that's true, but it's also an obvious case (once you have #2) that we will still want even when we have all the rest.

2024-12-05 04:11:11 GMT

- reply

Sorry, I was assuming that we also changed signature semantics to commit to the prior txids. New tapscript, or new sig opcode.

2024-12-04 00:35:21 GMT

I'm a bit slow: to really understand something I usually need to design it myself, then figure out the differences between my ugly creation and someone else's masterpiece. This is particularly hard in the Bitcoin space, where any significant change has to intersect with every other future change we expect (fees will rise and a few bytes will really matter, we never get to deprecate anything and L2 protocols of various kinds are going to be wild).
Consider OP_CHECKTEMPLATEVERIFY, from first principles. Where Script enhancements (introspection) allow you to check "is the tx spending this to the right place?" (which is harder than you'd think in the Bitcoin input/output model!) CTV simplifies this to approximately "is this the right tx?". If you try to design such a thing, you will immediately hit the following hurdles:
1. An opcode which says "you must spend this with the following txid" doesn't work, since you the txid of the spender depends on the txid of the current tx, which depends on the txid of the spender.
2. If you say "ok, let's use the txid, but put zeros in the current input's txid" you solve this, but now you have a validation problem. If every input in a giant tx uses this opcode, you have to rehash the entire tx every time.
3. OP_CTV gets around this by (obviously) not hashing the current input txid, but also hashing the *number* of inputs (not their contents). If that's one, problem solved. If it's not, you are kind of on your own.
4. The minimal solution to this (that I can see) is to hash the txid with *all* the input txids set to all zeroes (call this ztxid). Then hash the XOR of all the input txids bar the current one. You could use either H(H(ztxid) | H(xored-txins)) or H(ztid | xored-txins).
The absolute minimum here is to make this a raw output script. No scripting, it's just "you *will* use this tx to spend this output".
I don't think there's much point getting more complex than this: if you want to be more expressive, we should add introspection opcodes.

2024-11-30 22:53:19 GMT

Some nice coat bug repots coming in, from real usage. A nice "please submit a bug report" message came in (obviously, a case I thought would never get hit!).
So my weekend (remember how I said I wouldn't be working all hours now the release is close? Ha!) has been occupied thinking about this.
On the surface, this happens when we exactly fill the maximum capacity of a local channel, then go to add fees and can't fit (if we hit htlc max, we split into two htlcs for guys case). We should go back and ask our min-cost-flow solver for another route for the part we can't afford. This is almost certain to fail, though, because there was a reason we were trying to jam the entire thing down that one channel.
But what's more interesting is what's actually happening: something I managed to accidentally trigger in CI for *another* test. See, we fail a payment at the time we get the peer's sig on the tx with them HTLC removed. But after that, there's another round trip while we clear the HTLC from the peer's tx. The funds in flight aren't *really* available again until that completes.
This matters for xpay, which tends to respond to failure by throwing another payment out. This can fail because the previous one hasn't totally finished (in my test, it wasn't out of capacity, but actually hit the total dust limit, but it's the same effect: gratuitous failure on the local channel). Xpay assumes the previous failure is caused by capacity limits, and reduces the capacity estimate of the local channel (it should know the capacity, but other operations or the peer could change it, so it tries not to assume).
Eventually, this capacity estimate becomes exactly the payment we are trying to make, and we hit the "can't add fees" corner case.
There are four ways to fix this:
1. Allow adding a new htlc while the old one is being removed. This seems spec-legal but in practice would need a lot of interop testing.
2. Don't fail htlcs until they're completely cleared. But the sooner we report failure the sooner we can start calculating more routes.
3. If a local error happens, wait until htlcs are fully clear and try again.
4. Wait inside "injectpaymentonion" until htlcs are clear.
We're at rc2, so I'm going mid-brain on this: wait for a second and retry if this happens! Polling on channel htlcs is possible, but won't win much for this corner case.
Longer term, inject could efficiently retry (it can trigger on the htlc vanishing, as it's inside lightningd). But that's more code and nobody will ever care

2024-11-30 04:21:57 GMT

- reply

We discard what we've "learned" after an hour. We could degrade faster, or we could try to measure channels recovery speed. This requires more analysis though!
Your data would be a useful starting point!

2024-11-30 00:52:06 GMT

It is important to empathize with frustrated users. It's sometimes an unattainable ideal, but who hasn't hit software that Just Doesn't Work? We don't really care if it's just something about our setup, or fundamentally broken, or a completely unhelpful error message: it's an incredibly frustrating feeling of impotence.
Sure, you shouldn't take it out on the devs you aren't paying, but we're all human.
I can't speak for all developers, but I became a FOSS coder in the Linux Kernel. That gave me a pretty thick skin: Linus could be an ass, and even when he was wrong there was no appeal. So I generally find it easier to sift through the users' frustrations and try to get to the problem they are having.
https://github.com/ElementsProject/lightning/issues/7180
And often it turns out, I agree! This shit should just Work Better!
CLN payments are the example here, and it was never my priority. That might seem weird, but the first production CLN node was the Blockstream store. So we're good at *receiving* payments! But the method of routing and actually making payments is neither spec-defined nor a way to lose money. It's also hard to measure success properly, since it depends on the vagaries of the network at the time
But it's important, turns out :). And now we see it first-hand since we host nodes at Greenlight. So this release, unlike most, was "get a new pay system in place" (hence we will miss our release date, for the first time since we switched to date-based releases). Here's a list of what we did:
1. I was Release Captain. I was next in the rotation anyway, but since this was going to be a weird release I wanted to take responsibility.
2. I wrote a compressor for the current topology snapshot. This lets us check a "known" realistic data set into the repo for CI.
3. I wrote a fake channel daemon, which uses the decompressed topology to simulate the entire network.
4. I pulled the min-cost-flow solver out of renepay into its own general plugin, "askrene". This lets anyone access it, lets @lagrange further enhance it, and makes it easier for custom pay plugins to exist: Michael of Boltz showed how important this is with mpay.
5. A new interface for sending HTLCs, which mirrors the path of payments coming from other nodes. In particular, this handles self-pay (including payments where part is self-pay and part remote!) and blinded path entry natively, just like any other payment.
6. Enhancements and cleanups to our "libplugin" library for built-in plugins, to avoid nasty hacks pay has to do.
7. Finally, a new "xpay" command and plug-in. After all the other work, this was fairly simple. In particular, I chose not to be bound to the current pay API, which is a bit painful in the short term.
8. @nprofile…crlc changed our gossip code to be more aggressive: you can't route if you can't see the network well!
Importantly, I haven't closed this issue: we need to see how this works in the Real World! Engineers always love rewriting, but it can actually make things worse as lessons are lost, and workarounds people were using before stop being effective.
But after this fairly Herculean effort, I'm going to need to switch to other things for a while. There are always other things to work on!

2024-11-29 22:45:57 GMT

https://github.com/ElementsProject/lightning/releases/tag/v24.11rc2

2024-11-29 22:07:16 GMT

Writing release notes is fun, but the part I really like in the release process is preparing the first commits for the *next* release:
1. BOLT spec updates. We check all the BOLT quotes in our source, and have a script to update the spec version one commit at a time. This is a grab bag of typo fixes, feature merges (which may mean we no longer need our local patches), and occasionally major changes. It's unpredictable enough that I enjoy it
2. Removing long-deprecated features. We now give a year, then you can enable each deprecated feature individually with a configuration flag, then (if we haven't heard complaints!) we finally remove it. This means removing code (usually ugly shim code) and is a genuine joy.
I've started this for 25.02, and it's a balm after the release grind...

2024-11-29 21:46:39 GMT

- reply

Ah, your own fear of your attraction is showing.
Does the thought of someone the same as you, looking into your eyes, turn you on? Stroking your cheek?
Rage won't help. Try praying?

2024-11-29 10:16:48 GMT

- reply

Note: it doesn't, this post is a joke some confused people took seriously :)

2024-11-28 22:52:36 GMT

- reply

It wouldn't have attracted the hard money maximalists, and the early marketing would have suffered. (Remember the one in a million club?). But bag holders generally use rationality to justify their beliefs, not the other way around, so I don't expect much would have changed.
And economically we wouldn't see any difference yet. We would avoid another economic transition: Bitcoin would be "done".
Long term, the difference is significant, so I would never advocate for it now: that would be a rug pull.

2024-11-27 21:02:20 GMT

- reply

It can though. In a tree, n/2 anchor outputs and n/2 inputs which spend them. But if you're all paying (the same) agent to neighbor-boost, it's one tx for all of them...

2024-11-27 20:59:44 GMT

- reply

Reverse it, it's still one bit for multiple transactions. "The next tx is committing to me".

2024-11-27 09:04:34 GMT

- reply

Thanks! There was a refinement where it used a single bit, rather than txids (but it was limited to sponsoring a single tx: you need to reverse it to set the bit in the sponsee if you want multiple txs for one bit).
I would love to see this soft fork...

2024-11-27 07:09:16 GMT

- reply

But yes, they're now *possible*. But they're really a workaround for not being able to express what you actually want.
But sponsors is a general solution to the problem: at allows a marketplace for fee boosting which may be competitive with miners (though it will always take 1 tx more). This works for any covenant scheme, which all seem to have the same "constant, but for fees" problem.

2024-11-27 07:06:33 GMT

- reply

Costs. Another output and another tx. Ouch.

2024-11-27 06:19:55 GMT

- reply

Usually these schemes are used for unilateral exit, so no :(

2024-11-27 06:11:01 GMT

- reply

There is, potentially, a cool trick which could help though! Jeremy proposed a kind of "neighbor fee" tx which would pay the fees for the immediately-preceding tx in a block (which, annoyingly, I can't find now! Anyone?). You really want this to stack (so it's probably better as a forward, rather than backward bit) and I don't think there's any code, but it makes CTV a more obviously optimal choice for simple covenants, AFAICT.

2024-11-27 05:34:21 GMT

The problem with CTV is fees. When you look at most designs using CTV, they need *another* tx, and an anchor output, so they can pay fees.
What they really want is "this tx, plus an input and optional change output".
People tend to ignore fees in their protocol design. But I'm implementation they're critical, and only getting more so. Lightning has been down this path!