An important topic this month is our UR specs for animated QRs used by more than a dozen Bitcoin wallet vendors to share PSBTs between devices using an airgap. @coinkite has proposed an incompatible alternative that only works for PSBTs and has some other limitations. /3
Our next meeting is Wednesday, December 6th at 10am PT, and is hosted online on Zoom. If you sign up for our Developers list or the Signal group, you’ll get the Zoom link before the meeting (or ask me directly). Sign up and join us! /2 https://www.blockchaincommons.com/subscribe/
Every month @BlockchainComns hosts a meeting for developers of digital wallets to discuss interoperability between our products and create specs & reference code. If you are a wallet developer, let’s work together for greater security and to avoid vendor lock-in! [1/8] 🧵…
Another topic is Gordian Depo, an open spec and reference code to demo how social recovery shares can be preserved via an online service. Part of a project we call Collaborative Seed Recovery, is an open alternative to @Ledger’s recovery approach. /6 https://developer.blockchaincommons.com/csr/
Our second topic is a proposal for new binary encoding specification for Bitcoin output descriptors, as requested by wallet developers in our meeting last month to improve the interoperability of that data. /5 https://github.com/BlockchainCommons/Gordian-Developer-Community/discussions/120
Have they identified some requirements that we don’t address? We are open to making the UR spec & reference code better. That is what open development is all about! We hope that @coinkite will join us rather than incompatible hard forking. https://www.blockchaincommons.com/articles/Open-Development/ /4
We thank our financial Patrons @unchainedcom, @FOUNDATIONdvcs, @Autonomy_io, @KeystoneWallet, Digital Contract Design, and others for their long-term support of open development, security, resilience and wallet interoperability. Support them too! https://www.blockchaincommons.com/sponsors/ [8/8] ៚
At @BlockchainComns we support wallet interoperability & user choice, and are fighting vendor lock-in. We are a not-for-profit, thus don’t have investors or products to fund our efforts, so we need your financial support. Sponsor us monthly via Github! https://github.com/sponsors/BlockchainCommons /7
I’ve been trying to do this project for 35 years, and it still hasn’t quite come together, but is on my list. I have quite a few documents and resources over the years I’ve collected.
In some sense, my first investor was Will Wright, when we worked together in the early days of Sim City/Sim Earth. I wanted to do a multiplayer Moon colony sim game. He helped me financially & to find my first investor for Consensus Development, which ultimately created TLS.
RT @tim_bansemer: @ChristopherA @JoeAndrieu @dustyweb @glenweyl @CaitlinLong_ @CleanApp @raphkoster I really like the idea to combine gover…
RT @FOUNDATIONdvcs: We proudly sponsor @BlockchainComns and attend these meetings regularly, as open + interoperable standards make Bitcoin…
Open Source: it’s great, but it is not enough. That’s pretty much the thesis of our latest article from @BlockchainComns on OPEN DEVELOPMENT. [1/10] 🧵 https://www.blockchaincommons.com/articles/Open-Development/
Meanwhile, another problem is that open source focuses on the developer’s immediate desires rather than long-term production or user needs. It’s an even harder nut to crack because the developers are the heroes creating open source. /5
That’s the timeline problem. Open source doesn’t consider long-term support; it just tosses source code over the wall. Open development needs to do better. /4
One result of this is that we get major problems like Heartbleed, where an open-source project was used for the majority of commercial activity on the internet and failed due to a lack of resources. /3 https://heartbleed.com/
The meme of open source is powerful and has had a huge impact on our digital world, but it’s a small part of the larger picture of Open Development. It doesn’t consider the pathway from source to production release to usage, and it doesn’t protect that path into the future. /2
Even @BlockchainComns can’t check off all of these boxes in our own projects. However, it does demonstrate our aspiration to offer more than just making our source available to the public under an open-source license. /8
My Open Development article also lays out a checklist with 7 stages that can move a project beyond open source, as it becomes: Inspectable, Observable, Reproducible, Testable, Cooperative, Distributed, and Standardized. /7 https://www.blockchaincommons.com/articles/Open-Development/
But that’s why we need to begin talking about the wider world of Open Development. My article lays out a number of principles: Accessibility, Collaboration, Diversity, Strategy, Transparency, Sustainability, and Openness. /6 https://www.blockchaincommons.com/articles/Open-Development/
Open Development is just one of the things we are committed to at @BlockchainComns. Our vision is to create an open & interoperable, secure & compassionate digital infrastructure. Become a patron to support this work! [10/10] ៚ https://github.com/sponsors/BlockchainCommons
I hope this article can begin a discussion about moving beyond just demanding our vendors support open source. What else do we need as next steps from them? What are other challenges to Open Development that we must face? /9 https://github.com/BlockchainCommons/Gordian-Developer-Community/discussions/121
In particular, if you search for variants of Peter Suber’s “Nomic” (1982) you see some interesting work. At some point I got started in applying some ideas in my “Spectrum of Consent” article to Nomic, but realized that isn’t isn’t just about the voting systems, it is about…
Studying deliberation systems led me down a few different alleys, from several articles in my blog on topic of “Collective Choice”, to some exploration of what a participatory org was: https://github.com/ParticipatoryOrgs/Participatory-Organizations-Overview-and-Taxonomy
In more recent years, I’ve talked with number of DAOs creators who attempted some exciting things. However, we’ve really not learned about how to address adversarial token economics in DAOs. Thus people have been working on DAOs that require proofs of unique personhood, which…
I was going through my bookmarks re: Nomic, and felt this one would be hard to find but had good signal-to-noise: http://www.thatmarcusfamily.org/philosophy/Course_Websites/Readings/Hofstadter%20-%20Nomic.pdf
The key innovation in my proposal for a Sim Moonbase game that I made to Will Wright and Maxis in the late 80s was the connection of the simulation to a Nomic-like mutable rules. Ultimately, if the rules resulted in not being able to address a moonbase crisis, or even collapse,…
Replying to @utxoclub
If your wallet supports Gordian Envelope for Collaborative Seed Recovery, metadata like descriptors, private transaction details, open Lightning channels, etc. can all be preserved. You choose where. Current topic in the Gordian Developer meeting next week.
I’ve posted rules for a simple Nomic-inspired game I’m calling “Polis Play” in a gist: https://gist.github.com/ChristopherA/a37289af02633204b7453830c28faa0b. I would appreciate any suggestions for improvements in the comments there. Let’s give it a try! @raphkoster @CleanApp @tim_bansemer
RT @sakak_musdom: Malaysians interested in identity systems in the wake of MyDigital ID should follow @ChristopherA, co-author of TLS (the…
In the spirit of my book on the Design of Cooperative Games (Meeples Together), I’ve added an alternative initial set of rules for a more “cooperative” version of Nomic: https://gist.github.com/ChristopherA/a37289af02633204b7453830c28faa0b#initial-rules-cooperative-version
RT @ChristopherA: @CleanApp @tim_bansemer @JoeAndrieu @dustyweb @glenweyl @CaitlinLong_ @raphkoster In the spirit of my book on the Design…
BTW, there are only a few physical copies of Meeples Together left — if you want a printed copy, purchase it soon! I plan to work on a significant update to the eBook version next year, but it is unclear if we will do another print version: https://www.meeplestogether.com/about/
DM me your details and I’ll add you to the FROST implementers group. We also have a more general monthly wallet developers meeting this week on Wednesday at 10am PT. Agenda includes animated QR, binary descriptors, open development best practices and more.
RT @jesseposner: @sriramk @chelseakomlo @real_or_random I’m not aware of a write-up about this, but the main issue is that BIP340 uses x-…
RT @RWOTEvents: Our first draft paper from #RWOT12 is out: “The Ecosystem Coordinator’s Role in SSI Ecosystem Management” by Christiane Wir…
RT @RWOTEvents: What does an ecosystem coordinator do? The paper looks at the the National Association of Convenience Stores (NACS), Open C…
RT @RWOTEvents: Though a solo writing effort, the paper was informed by other members of the #RWOT community and their expertise on NACS an…
RT @RWOTEvents: Sign up for our low-volume announcements list so that you can join us at #RWOT13, coming in 2024. [4/4]
We’ve gotten initial good feedback on the proposal, and would like to eventually turn it into a BIP, so let us know what you think! [3/12] https://github.com/BlockchainCommons/Gordian-Developer-Community/discussions/123
The new format encodes textual descriptors as binary dCBOR and uses optional placeholders for keys and addresses to compact the data. [2/12] https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2023-010-output-descriptor.md
A great Gordian Developer Meeting this week, focused on a new output descriptor format for interoperability among wallets. [1/12] https://www.youtube.com/watch?v=Z8zHew8fhT0
Our other big topic at this meeting was our first demo of our Gordian Depository, a new kind server that can be used to store blobs of data, such as shares of sharded secrets. [5/12] https://www.youtube.com/watch?v=7uW6xlT4hTk
The goal is, as always, interoperability. We know that smaller companies benefit from interoperable specs, but more importantly to us, interoperability increases the resilience of data for users. [4/12]
Check out our proof-of-concept code for Gordian Repository at GitHub. It’s built in Rust and freely licensed. [8/12] https://github.com/BlockchainCommons/bc-depo-rust
It’s in contrast to programs like Ledger Recover, which locks you into their chosen backup servers and KYC policies. We hope the Depo will instead serve as the foundation of an ecosystem of independent storage servers so that users can pick ones that match their needs. [7/12]
This is exciting because it’s the next big step in our Collaborative Seed Recovery (CSR) project that highlights user choice in how to backup their seeds and keys. [6/12] https://developer.blockchaincommons.com/csr/
We also talked at the December Gordian meeting about animated QR, URs and our various C, C++, Rust, and Swift repos to support wallet companies. See our full meeting summary. [10/12] https://github.com/BlockchainCommons/Gordian-Developer-Community/discussions/123
We’ve also released a repo that contains the API for communicating with a Depository. [9/12] https://github.com/BlockchainCommons/bc-depo-api-rust
Many thanks to our sustaining patrons in ‘23 such as @FOUNDATIONdvcs, @unchainedcom, but our cryptowinter isn’t over — help ensure this important work continues at Blockchain Commons by becoming a sponsor in 2024! [12/12] https://github.com/sponsors/BlockchainCommons
If you are a wallet developer, sign up for our announcement list or Signal channel to get notifications for our next meeting in January. We’d love to see you there! [11/12] https://www.blockchaincommons.com/subscribe/
This threat to security researchers may be about felony laws on reverse engineering & #RightToRepair, but they’ve been enforced for decades. Next I see #SEC and other governments doing the same form of restraint against all devs working in crypto. We must fight against these! https://twitter.com/doctorow/status/1733132512682189306
Replying to @carmelatroncoso
See also my second Echoes of History on the perils of EIDAS: https://twitter.com/ChristopherA/status/1729917535217447096
Replying to @carmelatroncoso
And the lessons we need to learn today from the different experience in WWII Netherlands (where 75% of the Jews died) vs France (23%) due to over-identification and regime change: https://twitter.com/ChristopherA/status/1722690585247760589
Replying to @nvk
See the work we are doing at @BlockchainComns to support the Gordian Wallet Developers community (over 13 companies involved or supporting open development interoperability speciations). CSR is open, supports user choice of both self-sovereign & social recovery. But we need… https://twitter.com/ChristopherA/status/1733199551589466459
RT @ChristopherA: @nvk See the work we are doing at @BlockchainComns to support the Gordian Wallet Developers community (over 13 companies…
Replying to @AnitaPosch
See the work we are doing at @BlockchainComns to support the Gordian Wallet Developers community (over 13 companies involved or supporting open development interoperability specifications). CSR is open, transparent, and supports user choices for both self-sovereign & social…
RT @rektbuildr: What really caught my attention here is the fact that the tracking code is placed along with critical logic.
Replying to @Adelgary and @FOUNDATIONdvcs
If you use our more complex multisig scenario leveraging @FOUNDATIONdvcs, you can store sharded shares safely on paper in a safe deposit box and be safe from single point of failure or compromise: https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Scenario-Multisig.md
Replying to @Adelgary and @FOUNDATIONdvcs
The only challenge is the complexity and time (about an hour) but the instructions are step-by-step and methodical. We are hoping that we can reduce this complexity by automation between wallets using with Gordian Seal Transport QRs between interoperable wallets.
Replying to @Adelgary and @FOUNDATIONdvcs
We also offer a lot of other guidance at https://www.SmartCustody.com for both advanced singlesig scenarios and emerging multisig opportunities.
“First they came for…”. Again 🤬 https://twitter.com/LizaGoitein/status/1734249938333167889
Replying to @peterktodd, @Blockstream and @Liquid_BTC
We are looking at switching away from GPG signing to SSH signing.
ssh-keygen -Y sign -n file -f ~/.ssh/id_ed25519 -o output_signature_file input_file
Especially as GitHub will provide pubkeys:
http://GitHub.com/ChristopherA.keys results in
RT @ChristopherA: @peterktodd @Blockstream @Liquid_BTC We are looking at switching away from GPG signing to SSH signing.
ssh-keygen -Y si…
RT @lopp: It sounds like today’s security incident was the culmination of 3 separate failures at Ledger:
- Blindly loading code without p…
RT @grahamgreenleaf: My analysis of India’s 2023 data privacy Act is at https://papers.ssrn.com/abstract_id=4666389 Which stakeholders benefit most?: Indian &…
RT @FOUNDATIONdvcs: To air gap,
or not to air gap?
That is the question.
Let’s break down the pros and cons:
Very interesting details on how to be truly anonymous using cell phones in the EU. Not easy. https://twitter.com/wilderko/status/1739589552547729756
Replying to @100AcresRanch and @HODLRecruiter
Between them, brown rice, quinoa and beans, have all the proteins you need, and long shelf life. With few pound of multivitamin you’ll not be malnourished but bored.
No ordinary vulnerability…
👍 “hardware…is much more difficult to reverse-engineer than software, but this is a flawed approach, because sooner or later, all secrets are revealed. Systems that rely on ‘security through obscurity’ can never be truly secure.” https://twitter.com/karpathy/status/1740137276833943974