Author

Topic: What would happen to bitcoin if all bitcoin-related stuff on GitHub got banned? (Read 1201 times)

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
I wonder if it's got nothing to do with anything else other then they don't like crypto. Ignore the excuses they give, they are just that, excuses.

They don't like it, and have been looking around for a way to drop those projects without looking bad by saying, 'we don't like crypto, so we are not allowing you to host those projects'

And all of a sudden we have the people talking (incorrectly) about the power wast of crypto, and the people talking about the scams, and now they have a perfect excuse to those outside the crypto sphere to ban them from their platform. We know it's crap, but to the people that don't know it looks like they are doing a good thing. And they get what they want.

I still think any real project should always have a self hosted git with the 'name brand' git hosts as a redundancy.

-Dave
newbie
Activity: 4
Merit: 0
If all bitcoin-related stuff on GitHub got banned, it's possible that development of the Bitcoin protocol and software would move to other platforms or anonymous forums. However, it's also possible that development would continue underground and that the Bitcoin network would remain robust. After all, censorship-resistant technologies have a way of staying alive and thriving in the face of opposition.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Keep in mind that their default action for new accounts without phone numbers was banning them (and good luck getting an appeal from an account with no history unless you successfully managed to follow a bunch of woke accounts within a 2-minute window).

Is this your own or someone else experience?

My own. The first time I signed up for twitter, I was instantly permabanned for not having a number (surprise surprise). That was sometime in 2018 or so. Had almost the same experience a second time in 2020 and that is how I saved my account.

I'm pretty sure this can no longer happen now that the people responsible for autobanning accounts are most likely fired.

Anyway, it sheds some light on why people think Musk is doing a good job purging entitled people from its platform (or rather, causing them to purge their own accounts).



Back to topic:

It seems to me, from my short experience of Codeberg, that it is ran by a bunch of people with a very narrow viewpoint. So when they say they're having "discussions" about something, they actually intend for it to be one-dimensional where everyone agrees with them. In this case, they all hate crypto, so when one of them opens a discussion thread about banning it, they are really expecting everyone to say yes, or else they will call you names, degrade you, and threaten to ban you because something you said translates into a death threat in their very narrow worldview.

Talk about groupthink right there. Makes you glad that Bitcointalk moderators don't interfere with free speech, eh?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
And now codeberg.org has closed the issue about cryptocurrencies again permanently. The people on that thread clearly do not understand the first thing about decency and respect. They seem to be incredibly hostile and angry. Well, this just gives a lot of credence to the cryptocurrency community. Now the decision whether to ban cryptocurrencies or not will be made in private by people who hate me because I have a Ph.D. in Mathematics (and can therefore produce new functions using quantum information theory to evaluate the security of block ciphers, but people on codeberg.org hate education). Codeberg seems to be a bastion of intolerance and hostility, and no respectable human should affiliate himself with Codeberg in any way whatsoever other than telling the people there that they are intolerant.

-Joseph Van Name Ph.D.

Creator of Circcash

I wouldn't use a service ran by people with thin skin anyway.

If owners are easily offended by things that people can say or do, them they will just use it as an excuse to make the platform worse for everyone else. Just look how Twitter was before Elon Musk bought it for example.

Keep in mind that their default action for new accounts without phone numbers was banning them (and good luck getting an appeal from an account with no history unless you successfully managed to follow a bunch of woke accounts within a 2-minute window).
member
Activity: 691
Merit: 51
And now codeberg.org has closed the issue about cryptocurrencies again permanently. The people on that thread clearly do not understand the first thing about decency and respect. They seem to be incredibly hostile and angry. Well, this just gives a lot of credence to the cryptocurrency community. Now the decision whether to ban cryptocurrencies or not will be made in private by people who hate me because I have a Ph.D. in Mathematics (and can therefore produce new functions using quantum information theory to evaluate the security of block ciphers, but people on codeberg.org hate education). Codeberg seems to be a bastion of intolerance and hostility, and no respectable human should affiliate himself with Codeberg in any way whatsoever other than telling the people there that they are intolerant.

-Joseph Van Name Ph.D.

Creator of Circcash
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
For those who didn't know, Codeberg closed down their thread last week only to reopen it a few days ago (the reason they closed it, they said, was "media frenzy". I took the time to share my comments about this issue, which I will quote here:

Looks like my watch notifications paid off then.

I intended to comment here, but you locked the thread two days earlier.

Let me make one thing clear here, I do not use Codeberg - this account was made a week ago just to comment here. I am an open-source developer of various projects on Github including software which interaxts with cryptocurrencies: https://github.com/ZenulAbidin

As it stands, I lose nothing by a Codeberg ban on crypto projects. However, other devs who have crypto code on Codeberg have everything to lose, so what I write is is for them, not for me.

Everyone - You know, this thread is called: "Taking a stand against cryptocurrency/blockchain", and it would be more accurate to call it "Taking a stand sgainst cryptocurrency/blockchain scams". Because that's what most of the idea behind this thread seems to be about.

It is quite trivial to get rid of blockchain/cryptocurrency scam projects online - using the Report Abuse button. This particular button has been fantastic on Github for taking down various scam copies of crypto projects. I assume you have such a button already - in that case, half of your problem is already solved.

Now that we have got the scams out of the way, let us deal with your second issue surrounding this topic: Excessive energy use of cryptocurrencies. Incidentially, I am also the creator of https://bitcoincleanup.com (NOT cleanupbitcoin). This is a website I made to challenge Greenpeace's and Chris Larsen's (the Ripple Labs co-founder who donated all that campaign money to Greenpease in the first place) false claims about crypto energy usage. They were claiming that if you "Change the Code", everything would be fine and Bitcoin's energy usage would go down.

Isn't it ironic, a crypto guy making a campaign against crypto. But all that is a different topic.

First of all, some cryptos like Ethereum are using Proof of Stake, which uses no energy, so this is a non-issue for them. You can't say: "Let's ban the projects of all Ethereum dApps on CodeBerg", because as of September - long before SourceHut contemplated any crypto ban - Ethereum does not even use enormous energy anymore.

Second, for Proof of Work cryptocurrencies like Bitcoin - the myth of excessive energy use has been totally debunked on my website, I suggest you study it carefully. I will quote a few key points from the site:

Myth: Bitcoin uses as much energy as

The IT, plane, car, transportation, and other industries must utilize large amounts of electricity for data centers, chemical or fuel generation, or heating, in order to provide their services. The same is true for Bitcoin.

Bitcoin needs to use a lot of energy so that its Proof of Work can prevent hackers from stealing people's bitcoins. So far it's been going great, compared to several Proof of Stake coins, which have been breached with 51% attacks.

Some people claim "We know crypto doesn’t need much energy to work." This is very ignorant because freedom from censorship is only possible in Proof of Work - transactions can still be embargoed in other algorithms.
That is to say, that the massive energy use serves to fend off attacks against the Bitcoin network in the same way that CloudFlare generates terabytes of traffic in the process of fending off bot attacks against websites. And incidentially, a lot of energy use from their networking infrastructure. But hey, I don't hear anyone complaining about Cloudflare's carbon footprint, do I? So why are cryptocurrencies so important? Because it's "useless" to you?

I could also make the argument that Cloudflare is useless to me because I do not use it on my website I just linked. But that would be a very ignorant statement, because thousands of businesses, including most of the Fortune 500 companies, rely on Cloudflare to protect their websites from DDoS attacks. It's very effective, and does the job. So its carbon footprint cannot be complained about.

As for Bitcoin and other Proof of Work cryptocurrencies, they server as a form of digital money for people who have no access to banks. This happens to include most of Africa and South America, just so you don't forget. Already in 2022, thousands of people rely on Bitcoin and other cryptocurrencies to store their life savings and conduct day-to-day transactions, because their banking infrastructure is either unreliable and prone to failure, or it is corrupt and liable to funds theft by the respective governments. That is why a large percentage of the world population remains unbanked. So cryptocurrency is the prefect solution to them.

As you know, cryptocurrency relies on software to provide its networking and financial services. The protocols are hosted online, the wallet software are also hosted online, and in some cases the websites of the projects themselves are hosted in some open-source community repo online. Without this software, cryptocurrency cannot work, and the revolution that is providing financial access to so many ubanked people snce 2009 will grind to a halt.

To instantiate a ban of crypto projects just because you heard a few things you don't like about the industry is, at best, madness. It does two very bad things: First, the developers working on crypto projects on your site will have their work disrupted and they will have to migrate to a new webste. For what?

Second, it sends a negative signal across the industry that code hosting projects do not care about the mission statement that underlines most crypto projects - to provide financial access of money to everyone.

And you are doing this for what exactly?

To prevent crypto scams? Sorry, but even if all open source hosting sites like Github banned cryptocurrency projects this instant, there would still be crypto scams being perpretrated because the developers would just move to self-hosted Gitea.

Or is it as a protest against crypto's excessive energy use? Well we have already established that excessive energy usage is not useless when it is to protect services.

So, then, what benefit will banning crypto projects from Codeberg bring?

The only thing that will come out of this is crypto developers on you platform will be frustrated and will have to move their entire repo to another website. Is this really all that you want this proposal to bring about? Because I know that there is some sense of altruism in the goal of this proposal.

Unfortunately, that sense of altruism is misguided, for reasons I have explained above.

A version control platform is not supposed to make developers' lives difficult. It is supposed to make them easier.

If we were talking about banning malware projects, gambling projects, or adult projects, then you would be on to something here. But this is cryptocurrency, whose use is legal in all jurdistinctions - with the exception of a handful of nations who don't seem to like it at all, but I will leave them out of this discussion.

I completely agree with @jvanname that, and I quote: "We need people to develop cryptocurrencies without being harassed, banned, and shamed because cryptocurrencies can save countless lives."

Do you guys agree with this or no?

We are already protecting the rights of minority groups, sexual orientations, and activists. Is crypto really that malicious to you guys to go as far as believing that crypto developers need to be bothered?

Some of you believe SourceHut did "an incredibly brave thing" by banning crypto projects from its platform. But far from being brave, it is a misguided thing, and a very dangerous decision to make because it could sway other source control sites to harass crypto developers on their platforms. Do not enable repressive behavior.

Don't forget that the following is on your own homepage (emphasis mine):

Respect
Your data is not for sale. No third party cookies, no tracking. Hosted in the EU, we welcome the world.
So this means you welcome everyone except for crypto developers? As a privacy-focused source control site, I expected more inclusion to be granted to users.

My last remark, before closing this post, is one of history.

In the 1990s the NSA attempted to make distribution of strong cryptography software illegal. They failed. Why? Because everyone distributed the source code via different mediums such as CDs, books, coffee mugs and T-shirts.

You know, "crypto" got its name from cryptography. And also, many regulators and web services who similarly do not understand crypto properly also want to ban us. But our motto is: If you ban us in one place, we will appear in ten more places.

If you don't believe me, just look how many websites are hosting a copy of the Bitcoin whitepaper ever since Craig Wright tried to sue bitcoin.org to take it down.

-Ali Sherief (Zenul_Abidin)

They don't seem to be taking our appeals kindly (they just call them "walls of text" - I mean, this is a wall of text, but it is good text!) so i will be doing two more things:

- I am going to post this on Stacker News (and possibly Hacker News)
- I am going to ask you all reading this thread to make a codeberg account just to comment in favor of our appeal.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
With that being said, there are plenty of things that the cryptocurrency community could be doing much better. A lot of the bad reputation that cryptocurrencies have has been earned, but banning innovators who want to innovate is just asinine.

I trust that Github will remain innovative and that the anti-innovative hostile entities will simply stay away from Github (well, at least for now).

Again, people who hate cryptocurrencies just stick the blame of all cryptocurrency failures on developers, when in reality the actual management of failing services is done by businessmen, using code that is not even hosted on open-source repo hosting sites.

This is why all open-source projects have a big capital notice in their license, disclaiming all warranty and liability, because scumbags who run a service down will look for any way to escape from accountability.

The vast majority of OSS devs have no interest in scamming you or running away with your funds, they just want to make good software.

Most open-source crypto projects do not even manage money - they are just supporting infrastructure around the blockchain.

Remember PGP - code is free speech, and nobody can ban it or take it away from people.

PS: Feel free to send me a PM when they re-open that thread. I have a few sucker punches I'd like to make myself.




Edit: I just saw a post there reading this:

Quote
I beg to differ with cryptocurrencies in regard to the environmental aspect: Proof-of-work based cryptocurrencies definetly have a bad impact on the environment because of wasted CPU power and hardware, while cryptocurrencies that use Proof-of-stake or some other proof mechanism that doesn't need complex calculations don't have that bad impact. They may have other problems..

I really wish I heard about this 2-3 days ago so I could fire BitcoinCleanup (a site I made) at them. Sourcehut's announcement, and reasons why Codeberg are doing this is wrong, at every level.

But then again, I have no regrets, because I was busy doing real development during that time and not useless bikeshedding or more accurately, flame warring as these guys seem to fancy.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Looking at the address given for codeberg it's someones apartment, and with so few projects hosted by it I can see someone running it out of their bedroom so to speak.
Sorcehut does not even give an address that I can find and as @ETFbitcoin also looks to have very few projects.

Being smaller like that can be good for some things, but with the amount of malware projects that pop up on github and sourceforge that they have to keep shutting down Microsoft and Slashdot respectively have to be putting some serious man hours into keeping up with it. It is probably easier for these tiny sites to just say no.....


What I still don't get is why real projects don't just host it themselves. Between GitLab / Gitea  / GitBucket / Gogs and many others you can keep your project in your world and not worry about anyone else.

-Dave


legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
In related news, SourceHut recently announced that it is banning all cryptocurrencies starting on January 1, 2023. But then again SourceHut does not look very professional since the first page says "Welcome to sourcehut!" which is not capitalized. I have never used SourceHut, and I have no intention of using SourceHut since they are anti-innovative.

I have never heard this service, but at least they give 2 months before it's executed. I also checked hosted public projected[1] and it looks like there aren't too many project hosted there (only 388 pages where each page show 15 project).

Codeberg is also considering banning all cryptocurrency projects (I have commented on Issue #794 about this https://codeberg.org/Codeberg/Community/issues/794). It seems like the anti-innovative people at these sites do not want anyone developing new technologies. They are not willing to reason with people who give solid reasons for developing cryptocurrency technologies. I doubt that they will be willing to understand what the people are doing. They do not want people to improve the situation.

I don't know which user is employee at Codeberg. But it's a hypocrisy since Codeberg homepage emphasize freedom.

I trust that Github will remain innovative and that the anti-innovative hostile entities will simply stay away from Github (well, at least for now).

I have few doubt since they have history of banning several project including Tornado Cash[2]. Although on positive site, activity related with DMCA is transparent[3].



[1] https://sr.ht/projects
[2] https://www.theregister.com/2022/08/10/github_tornado_cookies/
[3] https://github.com/github/dmca
member
Activity: 691
Merit: 51
In related news, SourceHut recently announced that it is banning all cryptocurrencies starting on January 1, 2023. But then again SourceHut does not look very professional since the first page says "Welcome to sourcehut!" which is not capitalized. I have never used SourceHut, and I have no intention of using SourceHut since they are anti-innovative.

Codeberg is also considering banning all cryptocurrency projects (I have commented on Issue #794 about this https://codeberg.org/Codeberg/Community/issues/794). It seems like the anti-innovative people at these sites do not want anyone developing new technologies. They are not willing to reason with people who give solid reasons for developing cryptocurrency technologies. I doubt that they will be willing to understand what the people are doing. They do not want people to improve the situation.

With that being said, there are plenty of things that the cryptocurrency community could be doing much better. A lot of the bad reputation that cryptocurrencies have has been earned, but banning innovators who want to innovate is just asinine.

I trust that Github will remain innovative and that the anti-innovative hostile entities will simply stay away from Github (well, at least for now).
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
I think the main problem will be the spreading of the information (URLs or links) to the new sources, without people pushing exploited repositories or trying to do it. (Now I know most binaries can be verified to make sure that it is a "legit" copy of the actual code, but it creates confusion and possible loopholes for exploitation )

Imagine all the forum posts pointing to the current GitHub and then when changes takes place.... to have legitimate links being distributed to the new repositories.  Roll Eyes

The US are not the only country that are offering file hosting services, but they have a lot of influence to pressurize other countries to follow their actions, if these services are hosted in other countries.  I think we (Bitcoin) ...should have redundancy in place for every possible attack on Bitcoin.... even if it is forced to go underground. (DarkNet)  Roll Eyes
sr. member
Activity: 317
Merit: 448
Honestly, betting on El Salvador to fight against the U.S. and EU wanting to ban Bitcoin-related projects from GitHub is one of the worse bets I've seen.
They don't have a lot to work with / to leverage. It's a tiny nation and their adoption of Bitcoin as legal tender is mostly symbolic; it shows what's possible, but it doesn't give Bitcoin more value, more legitimacy or protection from large states' attacks.
Yeah it's silly, and we already have examples of some countries like China banning Bitcoin (several times) without much resistance.
I think that other countries won't ban Bitcoin directly yet, at least not until they release their own CBDC projects, but they can slowly start to increase pressure on exchanges, wallets, developers, miners, etc.
It's obvious they want to have full surveillance and tracking in near future, so anything related with privacy is now under attack.
Hear me out: arrival of CBDCs, shutdown of centralized exchanges and simultaneously implementation of L1 privacy changes to the Bitcoin protocol. Bitcoin will be the obvious choice for... literally anyone.
And people will be incentivized to actually use it as a medium of exchange to escape the totalitarian nature of CBDC and avoid going through buying/selling 'hassle' on DEX's.

People will be incentivized to further get involved if (to get back on topic) centralized services were to start banning Bitcoin- and crypto-related stuff, by spinning up own nodes, own Git mirrors and whatever other tech we might have moved to until then.
More decentralized infrastructure is going to make Bitcoin stronger than ever, totally destroying the dreams of anyone attempting to shut it down by such measures.

I have considered the scenario in which CEXes are banned, it's possible, but think about it, there would be enormous backlash.

I believe the most realistic scenario, is the one where they keep the CEXes, keep adding KYC/AML restrictions, and keep getting all the taxed money from trading. There is no other way for them if they want to keep the facade of not being fully totalitarian, which is the key here. Western governments don't want to be perceived as totalitarian, as they do in totalitarian clusterfucks like China or Russia. I don't see a full ban on crypto unless BTC poses a massive systemic risk to the reign of the USD, which right now I don't see it, since it basically follows the SP500. If USD ever decouples from the SP500, and people start putting their savings on BTC more than they do on the stock market, that is where they may just fully ban the stuff.
At that point BTC will be used as cash, but forget about buying property or anything like that, they will not allow it. So your best bet would be moving somewhere where they get away with not banning it.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
They already know they can't prevent people from using bitcoin but they still want to surveil. The solution was to force centralized services to implement KYC and report back.
The solution is much more cunning than you think. It's to convince the overwhelming majority that being unable for the state to control the money supply is bad; that privacy is bad; that using energy is bad; that freedom of choice, speech, thought is bad. Over all, they argue that censorship and surveillance are necessary.

Straight from the source: https://web.archive.org/web/20200919105141/https://www.weforum.org/agenda/2016/11/shopping-i-can-t-really-remember-what-that-is?utm_content=bufferadc5f&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
legendary
Activity: 3472
Merit: 10611
I think that other countries won't ban Bitcoin directly yet, at least not until they release their own CBDC projects, but they can slowly start to increase pressure on exchanges, wallets, developers, miners, etc.
It's obvious they want to have full surveillance and tracking in near future, so anything related with privacy is now under attack.
The only problem is that CBDC can not replace what bitcoin offers people and we and governments both know this so I really don't think they are going to start banning bitcoin after they released their govcoin. At least not all of them (maybe only the modern dictatorships aka democracies).

They already know they can't prevent people from using bitcoin but they still want to surveil. The solution was to force centralized services to implement KYC and report back. CBDCs fall under the same thing, they fill gap in the market that would help the government surveil. Right now what we have are stable shitcoins that are too shady and risky.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Honestly, betting on El Salvador to fight against the U.S. and EU wanting to ban Bitcoin-related projects from GitHub is one of the worse bets I've seen.
They don't have a lot to work with / to leverage. It's a tiny nation and their adoption of Bitcoin as legal tender is mostly symbolic; it shows what's possible, but it doesn't give Bitcoin more value, more legitimacy or protection from large states' attacks.
Yeah it's silly, and we already have examples of some countries like China banning Bitcoin (several times) without much resistance.
I think that other countries won't ban Bitcoin directly yet, at least not until they release their own CBDC projects, but they can slowly start to increase pressure on exchanges, wallets, developers, miners, etc.
It's obvious they want to have full surveillance and tracking in near future, so anything related with privacy is now under attack.
Hear me out: arrival of CBDCs, shutdown of centralized exchanges and simultaneously implementation of L1 privacy changes to the Bitcoin protocol. Bitcoin will be the obvious choice for... literally anyone.
And people will be incentivized to actually use it as a medium of exchange to escape the totalitarian nature of CBDC and avoid going through buying/selling 'hassle' on DEX's.

People will be incentivized to further get involved if (to get back on topic) centralized services were to start banning Bitcoin- and crypto-related stuff, by spinning up own nodes, own Git mirrors and whatever other tech we might have moved to until then.
More decentralized infrastructure is going to make Bitcoin stronger than ever, totally destroying the dreams of anyone attempting to shut it down by such measures.
legendary
Activity: 2212
Merit: 7064
Honestly, betting on El Salvador to fight against the U.S. and EU wanting to ban Bitcoin-related projects from GitHub is one of the worse bets I've seen.
They don't have a lot to work with / to leverage. It's a tiny nation and their adoption of Bitcoin as legal tender is mostly symbolic; it shows what's possible, but it doesn't give Bitcoin more value, more legitimacy or protection from large states' attacks.
Yeah it's silly, and we already have examples of some countries like China banning Bitcoin (several times) without much resistance.
I think that other countries won't ban Bitcoin directly yet, at least not until they release their own CBDC projects, but they can slowly start to increase pressure on exchanges, wallets, developers, miners, etc.
It's obvious they want to have full surveillance and tracking in near future, so anything related with privacy is now under attack.

hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
I personally believe that this kind of ban can not happen without this entities fighting back.
Honestly, betting on El Salvador to fight against the U.S. and EU wanting to ban Bitcoin-related projects from GitHub is one of the worse bets I've seen.
They don't have a lot to work with / to leverage. It's a tiny nation and their adoption of Bitcoin as legal tender is mostly symbolic; it shows what's possible, but it doesn't give Bitcoin more value, more legitimacy or protection from large states' attacks.
legendary
Activity: 2422
Merit: 1083
Leading Crypto Sports Betting & Casino Platform

So, the question that bothers me is could the same happen to Bitcoin?
Like several other users have said,  I still want to add that I don't think this can ever happen to Bitcoin,  atleast,  bitcoin has grown past the stage where we could ever imagine such kind of ban happening.
Atleast,  not while we have countries that have already adopted bitcoin as a legal tender,  and many other countries in the process to,  alot of quite powerful people, companies,  governments, institutions have invested heavily in bitcoin,  any government rising up to do something that hurts Bitcoin simply means hurting all this entities, and I personally believe that this kind of ban can not happen without this entities fighting back.
copper member
Activity: 821
Merit: 1992
Quote
[2] You need a consensus mechanism, and as so often discussed on the forum, nothing works as well as PoW (if at all). So either it's built on top of a PoW cryptocurrency like Bitcoin, or you need to incentivize people to 'mine commits' using real-world energy resources.
It can be solved by using commitments. Each ECDSA-based signature or Schnorr signature is a pair of values. That means, R-value is a "signature public key". It is possible to get a random key, and form a Taproot-based commitment, by creating a TapScript spending path, where the real R-value is revealed, and when there is a TapScript tree with new commits, stored as "OP_RETURN ". It could even be "OP_RETURN OP_SHA1 " to indicate that the commit was hashed with SHA-1. And then, by having R-value of the signature as a random key, and a non-random TapScript with all commits, it is enough to form commitments, with no additional on-chain bytes.

And then, there are two options:
1) Anyone, any developer, user, just anyone, can make a transaction every sometimes, and store as many commitments as needed.
2) Miners can do this, if commitments are standardized, all that is needed is attaching a TapScript in the form of "OP_RETURN " to the miner's Taproot address in the coinbase transaction, then the miner only needs a hash, and every user can attach an SPV proof to such commitment on its own.

Edit: Also note that even if you want to mine commits, then you can do that by using properly done Merged Mining: just mine regular Bitcoin 80-byte headers, and attach them to your commits. Then, your work will normally only protect commits from being overwritten, but sometimes you may be lucky and mine a real block. Also, in the same way you can run any test network you want, there is no need to mine a separate chain just for testing: you can have a full node, producing 80-byte headers, and you can include them in any test chain by using Merged Mining. And if you need to use any coin amounts, then they should be proportional to the heaviest chain of Proof of Work, then it should be also tracked, no matter if this chain is valid or not, then if only 1% of nodes are honest, and the block reward is 1 BTC, they will get 0.01 BTC, and the rest will be locked for the future. But here, for commits, no amounts are needed, just Merged Mining 80-byte headers with proper Taproot-based commitments is sufficient.
legendary
Activity: 1456
Merit: 1175
Always remember the cause!
Once a repository is initialized, it comes with a built-in authentication metadata that includes a root public key which is committed by the fingerprint of the whole repository, hence immune to forgery.
This root public key. How can you make sure it isn't altered effectively, since repository is distributed among nodes. For example, what forbids a node change it, and send the entire repository to other nodes?
In the scheme, authenticity of a repository is hard-coded to its genesis and is not forgeable ever, though the genesis itself is a different story:
[...]
What I like about your idea is that a Git commit history is one of the few data structures that slightly resemble - and because of that might actually make sense to implement as - a blockchain.
Kudos, you nailed it.  Cool

Quote
I see 2 issues:
[1] Embedding developer keys in the 'genesis commit' means they can't revoke them, add new ones or add new developers to the project down the road.
I've already addressed it above thread:
The authorization scheme is hierarchical resembling a pki infrastructure. As long as the root is not compromised, it is possible to grant/revoke authority to new/old keys, it would be possible for root to delegate its authority, share it, and so fort, all happening on-chain and without being considered as a fork. It is done by conventional commits (metadata is part of the repository after all), though downloading and processing of commits to metadata is mandatory for nodes, to check for potential tempering attempts by devs with lower/incompatible authority.


Quote
[2] You need a consensus mechanism, and as so often discussed on the forum, nothing works as well as PoW (if at all). So either it's built on top of a PoW cryptocurrency like Bitcoin, or you need to incentivize people to 'mine commits' using real-world energy resources.
Yes, it is the biggest issue, the only serious issue to be clear, other aspects of the scheme have been explored and addressed as much as it is possible for a lone ranger Tongue but the incentive mechanism? It is complicated.

Firs and foremost, it is important to understand how deeply different is the case with a blockchain that supports the scheme I'm proposing for a truly decentralized Git, with bitcoin that is designed basically for solving double-spending of digital cash. Noticeably what bitcoin solves is a threat posed by the potential owners of the asset, whereas for repository owners it is the contrary, they have full incentive to keep their asset intact.

It would be a good analogy that repositories in my scheme are better understood as evolving NFTs, their ownership can be delegated though it is neither common practice nor subject to ordinary double-spending by re-org attempts.

Finally, and most critically, blocks in this scheme are rather batches of commits, they are signed and don't compete with forks or other repositories.

That all said, there is still the incentive problem remained in gray zone. I've been mulling this for a long time, not a conclusive result, just a few ideas:

1- I think, in this context, participating in an ultimately decentralized repository network, the altruistic factor should not be underestimated.

2- As I've said before, the actual download takes place on demand and is not part of the protocol which is only concerned about versioning and forks, it implies that the costs of participation are considerably low if not negligible.

3- Theoretically once a node supports one repository, as long as it tracks forks, it is open to multiple repositories, still in practice it is possible, though not encouraged, for nodes to “choose” a subset of the whole universal  repository space to track, or even sticking with just the main branch. The drawback would be the potential obsoleting of less famous repositories/forks.

4-We have bitcoin p2p and full nodes as potential participant.

Spamming is another issue that I found as being important, interestingly it looks to be resolved by a game theoretic equilibrium, where spammers are suspected to lose support from nodes because of point (3) where nodes are free to restrict each repository they wish from their list.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Once a repository is initialized, it comes with a built-in authentication metadata that includes a root public key which is committed by the fingerprint of the whole repository, hence immune to forgery.
This root public key. How can you make sure it isn't altered effectively, since repository is distributed among nodes. For example, what forbids a node change it, and send the entire repository to other nodes?
In the scheme, authenticity of a repository is hard-coded to its genesis and is not forgeable ever, though the genesis itself is a different story:
[...]
What I like about your idea is that a Git commit history is one of the few data structures that slightly resemble - and because of that might actually make sense to implement as - a blockchain.

I see 2 issues:
[1] Embedding developer keys in the 'genesis commit' means they can't revoke them, add new ones or add new developers to the project down the road.
[2] You need a consensus mechanism, and as so often discussed on the forum, nothing works as well as PoW (if at all). So either it's built on top of a PoW cryptocurrency like Bitcoin, or you need to incentivize people to 'mine commits' using real-world energy resources.
legendary
Activity: 3472
Merit: 10611
That said, I'm working on a project for implementing an overlay network above bitcoin P2P for a more general purpose networking, the main challenge here is incentivizing bitcoin full nodes to participate, whether maintaining their own software repository is enough incentive or not is subject to further assessments.
That would be interesting if the full nodes (or even SPV clients) could also keep a copy of the repository and be able to share it with other clients. The repository sizes aren't that high to need a very high incentive. For example repository sizes:
bitcoin core = 218 MB
Electrum = 50 MB
Gocoin = 17 MB
legendary
Activity: 1456
Merit: 1175
Always remember the cause!
Once a repository is initialized, it comes with a built-in authentication metadata that includes a root public key which is committed by the fingerprint of the whole repository, hence immune to forgery.
This root public key. How can you make sure it isn't altered effectively, since repository is distributed among nodes. For example, what forbids a node change it, and send the entire repository to other nodes?
In the scheme, authenticity of a repository is hard-coded to its genesis and is not forgeable ever, though the genesis itself is a different story:

Once a repository is introduced to the blockchain for the first time (the genesis) its metadata provides a rich set of information including a title and a public key that are used to generate a unique ID, unlike other parts of the repository, downloading and maintaining the metadata is mandatory for all nodes. The authorization scheme built into the metadata is used subsequently for integrity assessment of incoming commit requests (CRs).

Repositories change version as a result of authorized commits, and they fork by unauthorized commits. The head of a versioned repository is identified by its original ID and its latest (legitimate) commit, this rule is also applicable to a forked repository, noting that its ID is changed and generated using the commit that caused the fork.

Maintaining forks, (and repositories generally), comes with very little costs because actual downloads are not part of the scheme, it is the node operator/owner's job to decide and execute downloads accordingly, it is done using Tor as of what is available now.

That said, I'm working on a project for implementing an overlay network above bitcoin P2P for a more general purpose networking, the main challenge here is incentivizing bitcoin full nodes to participate, whether maintaining their own software repository is enough incentive or not is subject to further assessments.
Note that it is inappropriate if not impossible to maintain a single repository with my scheme, once you decide to support forks, you have opened doors to other repositories to join, almost infinitely. Thanks to no-downloads policy, it is not a DoS backdoor.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
You are forgetting about an essential part of PGP which is called Web of Trust, you don't just trust any key that signs a binary. You have to first spend time finding the correct key that you can trust then import that and verify the signature that it created.

The problem is that most people don't actually know how to use Web of Trust since most of the people they know do not reveal their emails, and those who do, probably do not have PGP key.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Once a repository is initialized, it comes with a built-in authentication metadata that includes a root public key which is committed by the fingerprint of the whole repository, hence immune to forgery.
This root public key. How can you make sure it isn't altered effectively, since repository is distributed among nodes. For example, what forbids a node change it, and send the entire repository to other nodes?

You are forgetting about an essential part of PGP which is called Web of Trust, you don't just trust any key that signs a binary. You have to first spend time finding the correct key that you can trust then import that and verify the signature that it created.
What I'm saying is: You can't have a Web of Trust without a central point. I can trust you only after I've downloaded your key from a reliable source. This "distributed GitHub" can work, but public keys must not be transmitted that way. 

As a first step, I'd avoid surveillance by running a GitHub-like repository hosting service under Tor.
legendary
Activity: 3472
Merit: 10611
When it comes to violating human rights, defending the rich, suppressing the poor, preserving the corrupt fiat based monetary system, etc.,  there is only one jurisdiction across the globe, it is the US jurisdiction nowadays. Mirroring doesn't work, decentralization does.
I agree that the only true option is decentralization but not with the other part specially nowadays that the world is slowly becoming a multipolar one as opposed to being unipolar for decades.

But, the attacker carries both the developers' public keys, the binaries / source code, and finally the signatures. Therefore, they have everything needed to alter the software effectively, without notice. For example, I can change Electrum's source code, replace Thomas' key with mine, replace the Thomas' signature with mine, and give it to you. How can you know I've compromised it?
You are forgetting about an essential part of PGP which is called Web of Trust, you don't just trust any key that signs a binary. You have to first spend time finding the correct key that you can trust then import that and verify the signature that it created.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Everyone in the world who has imported ThomasV's PGP key (assuming his email is verified), can retrieve the key from a keyserver, attempt to verify your binary, and notice that it fails because of wrong signature.

So the keyserver plays a very important role (I just wish GPG shipped with a default keyserver that actually works! Angry)
Depending on a keyserver again means depending on a centralized entity, which is what aliashraf is trying to avoid.

Except if you define 'people have a local copy of it' as decentralized, which is how I called Git's current state ('somewhat decentralized' as in: anyone that has a copy of the bitcoin/bitcoin repo can push it to a new remote if GitHub remote server goes down).
legendary
Activity: 1456
Merit: 1175
Always remember the cause!
But the forged attacker's keys don't match the real dev's key signature. If you don't compare that the obtained key is actually the proper key, you miss an important step.
But, the attacker carries both the developers' public keys, the binaries / source code, and finally the signatures. Therefore, they have everything needed to alter the software effectively, without notice. For example, I can change Electrum's source code, replace Thomas' key with mine, replace the Thomas' signature with mine, and give it to you. How can you know I've compromised it?

Everyone in the world who has imported ThomasV's PGP key (assuming his email is verified), can retrieve the key from a keyserver, attempt to verify your binary, and notice that it fails because of wrong signature.

So the keyserver plays a very important role (I just wish GPG shipped with a default keyserver that actually works! Angry)

Although you are right, I need to reiterate:
This is the trivial approach, relying on external data and human decision-making, in the scheme I proposed we use a more sophisticated approach though:
Once a repository is initialized, it comes with a built-in authentication metadata that includes a root public key which is committed by the fingerprint of the whole repository, hence immune to forgery. It allows Distributed Git nodes to distinguish forked versions from the authentic ones, as the legitimate commits are checked for their authenticity, failing this check is considered a fork.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
But the forged attacker's keys don't match the real dev's key signature. If you don't compare that the obtained key is actually the proper key, you miss an important step.
But, the attacker carries both the developers' public keys, the binaries / source code, and finally the signatures. Therefore, they have everything needed to alter the software effectively, without notice. For example, I can change Electrum's source code, replace Thomas' key with mine, replace the Thomas' signature with mine, and give it to you. How can you know I've compromised it?

Everyone in the world who has imported ThomasV's PGP key (assuming his email is verified), can retrieve the key from a keyserver, attempt to verify your binary, and notice that it fails because of wrong signature.

So the keyserver plays a very important role (I just wish GPG shipped with a default keyserver that actually works! Angry)
legendary
Activity: 1456
Merit: 1175
Always remember the cause!
In my design, we abandon "reference repository", "fetch","pull", etc., altogether. To be more specific, we push them behind the scene using an abstraction layer, keeping the legacy Git intact.
So we don't abandon them. We just stop being dependent on Github.com for their maintenance.
As I said, we push them behind the scene. Consider how a file system hides the actual low level block I/O, applications read/write files as a continuous stream of bytes but behind the scene it is done with discrete blocks that are not guaranteed to be physically adjacent.


Decentralizing git (which isn't already accomplished with Gitea servers?) doesn't break the core idea of distributing and tracking software versions, which includes fetching and pulling requests.
Gitea has nothing to do with decentralization per se. It provides excellent, yet centralized Git self-hosting features as you have the reference repository concept and other related stuff as ordinary Git.

One thing I don't understand is how you do ensure for the integrity of the software.
It is both easy and hard. Trivially, one can always use its social knowledge (external data) to prune the invalid/unwanted  forks (@cricktor has already mentioned it above), unfortunately it is not applicable to automated synchronization process I'm suggesting.

For the latter purpose, my scheme imposes a well-defined authorization metadata that PRs which try to change it are considered forks as well as unauthorized PRs. For legitimate authorization update, the metadata is organized hierarchically, it is possible for a repository owner (with unique signature) to grant/revoke  commit access to other contributors, etc.


On a p2p network, an attacker can replace the devs' keys with theirs.
The original dev key is, analogically speaking, the Genesis, it can't be changed without kinda hard-forking the repository, it changes the identity of the repository and can't be done covertly.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
But the forged attacker's keys don't match the real dev's key signature. If you don't compare that the obtained key is actually the proper key, you miss an important step.
But, the attacker carries both the developers' public keys, the binaries / source code, and finally the signatures. Therefore, they have everything needed to alter the software effectively, without notice. For example, I can change Electrum's source code, replace Thomas' key with mine, replace the Thomas' signature with mine, and give it to you. How can you know I've compromised it?
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
On a p2p network, an attacker can replace the devs' keys with theirs.
But the forged attacker's keys don't match the real dev's key signature. If you don't compare that the obtained key is actually the proper key, you miss an important step.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
In my design, we abandon "reference repository", "fetch","pull", etc., altogether. To be more specific, we push them behind the scene using an abstraction layer, keeping the legacy Git intact.
So we don't abandon them. We just stop being dependent on Github.com for their maintenance. Decentralizing git (which isn't already accomplished with Gitea servers?) doesn't break the core idea of distributing and tracking software versions, which includes fetching and pulling requests.

One thing I don't understand is how you do ensure for the integrity of the software. For example, say you want to install Electrum. Normally, you should download the binaries (or the source code) with their respective signatures. These signatures correspond to public keys that are uploaded to some server, preferably to some trustworthy server (e.g., Github.com). On a p2p network, an attacker can replace the devs' keys with theirs.
legendary
Activity: 1456
Merit: 1175
Always remember the cause!
Quote
as long as the different mirrors are hosted in jurisdictions that are separate. For example if both are located in US or any country that follows US (UK, Japan, South Korea,...) then it will only create false sense of security.
When it comes to violating human rights, defending the rich, suppressing the poor, preserving the corrupt fiat based monetary system, etc.,  there is only one jurisdiction across the globe, it is the US jurisdiction nowadays. Mirroring doesn't work, decentralization does.

Unfortunately, Git abundantly resists decentralization, unlike what it looks like inthe first glance. The same basic approach that distinguishes Git from traditional "delta" based VCS, makes it hard to be truly distributed as you are dependent on a reference repository, a single point of failure. For an analogy, consider how we keep the ledger synced in bitcoin blockchain: there is no reference ledger, blocks change the ledger incrementally if they pass the consensus test, there is no "reference ledger" or "fetch" operation.

In my design, we abandon "reference repository", "fetch","pull", etc., altogether. To be more specific, we push them behind the scene using an abstraction layer, keeping the legacy Git intact. In this new world, pool requests are relayed by devs to their immediate peers in a p2p network, checking consensus rules (specific to the repository) peers decide to reject or forward the PR, in the latter case they keep it in "reqpool" waiting for commit requests, CR, that refer to (a set of) PRs. Devs who can produce PR, are eligible to issue CS, it is up to nodes to choose between forks or even support multiple forks which have unique identities generated by PRs that have been committed.

It would be just the infrastructure necessary for a truly decentralized Git ecosystem, resistant to any bullying practice and more importantly a fun adventure. I stopped developing it just because it is beyond my personal budget and time to do it in lone ranger fashion, in case anybody got enough support and motivation to follow, I'd be more than happy to share more, a lot more. Wink

legendary
Activity: 3472
Merit: 10611
What about just having mirrors on other Git 'hosting services' / Git remotes - self-hosted ones and popular, known ones?
Although this is not a full solution but it could significantly reduce the risks of disrupting development and access to code BUT only as long as the different mirrors are hosted in jurisdictions that are separate. For example if both are located in US or any country that follows US (UK, Japan, South Korea,...) then it will only create false sense of security.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
GitHub is not Git! The latter is just an engine, but GitHub goes far beyond that.

It is very disappointing to see so many posts in this thread, touting Git as an alternative.
GitHub is just a Git hosting service. What are you doing when working with GitHub? You're actually working with Git, and pushing to GitHub.
It is the technical sub of the bloody original bitcoin forum, we are all supposed to avoid spreading misinformation.

Github is a web application that uses Git, the latter is a Version Control System, CVS. When you work with Github you are offered dozens of features and utilities that are not part of a CVS.
I know that GitHub comes with a lot of extra bells and whistles; but fundamentally, it's a Git remote.
If it comes down to protecting against deletion of the https://github.com/bitcoin/bitcoin repo, any simple Git remote will suffice in keeping the whole commit history.

As much as it is needed, it is hard to replace Github, but not impossible. The alternative is neither bare Git, nor another Github-like centralized service. What we need ( and it is inevitable, imo), is a decentralized network of Git repositories behind a decentralized web application.
What about just having mirrors on other Git 'hosting services' / Git remotes - self-hosted ones and popular, known ones? In case one remote is shut down, devs can just open a ticket on one of the mirrors, agree on which one becomes the new 'master' remote and the other remotes continue mirroring that?
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
The beauty of Git is that it's decentralized. Not in the traditional way, maybe, but anyone who clones a GitHub repo, holds the entire repository on their hard drive, including full commit history back to the very first commit.
Git is not decentralized. It just makes it more difficult to "delete" something if it is part of a git-based repo. This is why if there is ever any kind of private key or "secret" committed to a GitHub (or other git-based) repo, the "secret" needs to be invalidated, and no longer be used.

If a repo is removed from GitHub (by the owner of the repo, or by GitHub), if you do not already have a local copy of the repo, it is not possible to obtain a copy, and authoritatively know you have the same code as was on the repo.
legendary
Activity: 1456
Merit: 1175
Always remember the cause!
GitHub is not Git! The latter is just an engine, but GitHub goes far beyond that.

It is very disappointing to see so many posts in this thread, touting Git as an alternative.
GitHub is just a Git hosting service. What are you doing when working with GitHub? You're actually working with Git, and pushing to GitHub.
It is the technical sub of the bloody original bitcoin forum, we are all supposed to avoid spreading misinformation.

Github is a web application that uses Git, the latter is a Version Control System, CVS. When you work with Github you are offered dozens of features and utilities that are not part of a CVS.

Git is open source and free, while Github is a multibillion $  property of Microsoft that provides a sophisticated user interface for versioning, it is not hosting in the exact sense of the word. Hosts are infrastructure providers, they host your own or third party software for you.

Github doesn't abstract users from Git, because typically the user is a software engineer/programmer, the one who abstracts but doesn't like to be abstracted8), it is a matter of design and requirements.


As much as it is needed, it is hard to replace Github, but not impossible. The alternative is neither bare Git, nor another Github-like centralized service. What we need ( and it is inevitable, imo), is a decentralized network of Git repositories behind a decentralized web application.

There are decent technologies that are available, and as I mentioned above thread I've done some research about it years ago, only missing factors, as usual, money and commitment.





legendary
Activity: 1512
Merit: 7340
Farewell, Leo
It would be really hard for them to ban BTC code unless there was some "National Security" label attached to it.
It makes more sense to ban free speech, than code. What is code to be banned? How can you ban, forbid, criminalize something that's free, and can be ran by anyone, at any country, anytime, with little effort? Remove the repository, and be sure that a wave of decentralized Git network will appear. You can't ban restriction-resistant software. You can only prove it's more vital for a free society.
legendary
Activity: 3472
Merit: 10611
Self hosting is not that easy, the biggest challenge is providing security. You don't want someone modifying the code by gaining access to accounts and merging pull requests, etc. I think this is what @aliashraf means by "github goes beyond that".

It would be really hard for them to ban BTC code unless there was some "National Security" label attached to it.
Good thing that bitcoin is international not national...
newbie
Activity: 2
Merit: 0
It would be really hard for them to ban BTC code unless there was some "National Security" label attached to it.

Given that, I'm sure dozens of private Gitlabs would start springing up with the source code (mine included).

Ultimately, even in the most extreme of worst cases, a Gitlab (or any other code versioning tool, such as Google's in-house created Gerrit) would spring up over VPN and TOR and BTC would go on just fine.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
GitHub is not Git! The latter is just an engine, but GitHub goes far beyond that.

It is very disappointing to see so many posts in this thread, touting Git as an alternative.
GitHub is just a Git hosting service. What are you doing when working with GitHub? You're actually working with Git, and pushing to GitHub.

That's what makes the last quoted sentence sound a little hilarious.. Cheesy You can use any other hosting service, such as one you run yourself.

Here's a guide for anyone interested, directly from the actual Linux Foundation's blog: https://linuxfoundation.org/blog/classic-sysadmin-how-to-run-your-own-git-server/
Christ, why do they make it so complicated? In the case of Gitea (which is still using actual Git), you just have to make a Git working dir, copy the binaries to /bin and copy the supplied systemd service to the respective systemd folder. There's even a Docker container to avoid all this hassle.
It's actually not really complicated at all; most of the steps are general Git usage information.
As far as I know, if you want the GitHub web frontend: that's closed-source, last I checked. But GitLab and indeed Gitea, are open source and can be hosted anywhere.

If anyone's interested in running an 'archival' / redundant GitHub mirror of various important Bitcoin projects, it would be a piece of cake auto-pulling those repos and pushing to a self-hosted Git server by the minute.
legendary
Activity: 1456
Merit: 1175
Always remember the cause!
GitHub is not Git! The latter is just an engine, but GitHub goes far beyond that.

It is very disappointing to see so many posts in this thread, touting Git as an alternative.

Anyway, I just read something about a dev being arrested by Dutch police, accused of writing the smart contract behind Tornado Cash, they are now going after devs. They weirdly sanctioned a smart contract, for the first time in the history, now some stupid judge approves arresting a 30 years old programmer who coded the contract.  Angry
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Here's a guide for anyone interested, directly from the actual Linux Foundation's blog: https://linuxfoundation.org/blog/classic-sysadmin-how-to-run-your-own-git-server/

Christ, why do they make it so complicated? In the case of Gitea (which is still using actual Git), you just have to make a Git working dir, copy the binaries to /bin and copy the supplied systemd service to the respective systemd folder. There's even a Docker container to avoid all this hassle.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
What would happen to bitcoin if all bitcoin-related stuff on GitHub got banned?

Someone would create "HitGub" what would be a copy of GitHub, set it up in eg Malta and we would go on as usual.
That exists already.

https://gitlab.com/
https://bitbucket.org/
https://sourceforge.net/
https://aws.amazon.com/codecommit/

Just to name a few. It's also easy to set up your very own Git server.
Here's a guide for anyone interested, directly from the actual Linux Foundation's blog: https://linuxfoundation.org/blog/classic-sysadmin-how-to-run-your-own-git-server/
member
Activity: 196
Merit: 67
What would happen to bitcoin if all bitcoin-related stuff on GitHub got banned?

Someone would create "HitGub" what would be a copy of GitHub, set it up in eg Malta and we would go on as usual.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
The beauty of Git is that it's decentralized. Not in the traditional way, maybe, but anyone who clones a GitHub repo, holds the entire repository on their hard drive, including full commit history back to the very first commit.

Anyone who followed one of my guides, like the ones below, already has such full copies of various pieces of Bitcoin software on their machine.
[Guide] FULL NODE OpenSUSE 15.3: bitcoind + electrs + c-lightning + RTL
[Guide] Futurebit Apollo BTC Custom Linux Install - Node

If anything were to happen with GitHub / Microsoft where they categorically remove such projects, even if it was without prior notice to the developers, thousands of people are going to have more or less recent versions of the repositories on their own computers and can push those to new Git remotes; either self-hosted or from other centralized service providers.

Of course, whichever developer created the last commit pushed to the GitHub remote, will be able to do this in the least destructive fashion (no loss of commits), but e.g. in case they tried to abuse this position to include malicious commits or anything like that, everyone with a recent pull would notice.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
I'm not familiar with tornado cash whatsoever, and I'm pretty ignorant about smart contracts too, but I did take a look at the article and I think what needs to happen is for this action to be challenged via the legal system, lest it set a precedent that might put into motion all of those github removals and negative actions against bitcoin that you suggested could happen.

I am not a lawyer myself but haven't we already had such a precedent[1] where the US Government tried to prohibit the distribution of open-source code and where the court ruled out that code is speech and therefore protected by the First Amendment? In this case, the US Government also attempts to censor free speech expressed via computer language, thereby violating the said amendment.

https://www.eff.org/ru/deeplinks/2015/04/remembering-case-established-code-speech

Based on the article you cited, the case in question was never appealed, and only cases at the appellate level or higher are actually case law. However, I do believe that the US Supreme Court would likely agree with the district court ruling.

The problem is that a third party has a long hill to climb if GitHub removes content and is unwilling to fight back. GitHub has its own free speech rights, which would include its right to not publish something. In this case, Tornado Cash developers would likely need to prove that GitHub was acting as an arm of the government when they took down their repo.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I don't think so. Bitcoin is not illegal and its current direction is getting adopted by large institutions. They can easily lobby against this kind of measures if it's the case.
Honestly, I don't think institutional investors are that interested in bitcoin being censorship-resistant or private, they rather value the "store-of-wealth" aspect of bitcoin that allows them sort of hedge against money printing. If some platforms or persons get banned for doing bitcoin, it is not a big deal as long as bitcoin works and produces new blocks.

That's correct. But they will care to know Bitcoin maintains (or grows) its price, and that cannot happen if it's unmaintained, or if people are panicking that the devs cannot access the source code.

Self-hosting of repositories or spinning up a server is a solution to the problem of censorship, but most people won't bother running their own servers.

Although I understand very well why the vast majority don't want to run a server, I tend to believe that our devs are not like the average Joe, nor like the average software developer. Also I think that some reputed entity will step up and say "hey, we've deployed this repository for you to use", in a somewhat similar way the whitepaper got "adopted" on many websites (I know that it's not that much similarity between the two, still...)
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
I'm not familiar with tornado cash whatsoever, and I'm pretty ignorant about smart contracts too, but I did take a look at the article and I think what needs to happen is for this action to be challenged via the legal system, lest it set a precedent that might put into motion all of those github removals and negative actions against bitcoin that you suggested could happen.

I am not a lawyer myself but haven't we already had such a precedent[1] where the US Government tried to prohibit the distribution of open-source code and where the court ruled out that code is speech and therefore protected by the First Amendment? In this case, the US Government also attempts to censor free speech expressed via computer language, thereby violating the said amendment.

https://www.eff.org/ru/deeplinks/2015/04/remembering-case-established-code-speech


And yet CoinJoin projects on GitHub like Wasabi are never shut down. Hmmm. LOL.
I doubt that they will start sanctioning those "privacy-oriented" projects that voluntarily agreed to infringe on the privacy rights of users. It won't be long before such projects providing "compliant" CoinJoins voluntarily agree to inject  "harmless" backdoors in their software to keep the flow of revenue intact.

There was a topic about this a while ago when GitHub restricted a lot of accounts:
https://bitcointalksearch.org/topic/github-is-shitty-why-not-a-decentralized-solution-5169284
achow101 response in the thread you mentioned basically answers my question regarding decentralization of development, but I find it too pessimistic and can't agree it is not possible. If bitcoin cannot be developed or updated in a decentralized manner, it risks being overtaken by centralized decision-makers who will dictate the course bitcoin should follow.

I don't think so. Bitcoin is not illegal and its current direction is getting adopted by large institutions. They can easily lobby against this kind of measures if it's the case.
Honestly, I don't think institutional investors are that interested in bitcoin being censorship-resistant or private, they rather value the "store-of-wealth" aspect of bitcoin that allows them sort of hedge against money printing. If some platforms or persons get banned for doing bitcoin, it is not a big deal as long as bitcoin works and produces new blocks.

In theory anyone can host a system similar to Github on his computer, just if it's not publicly visible there may come trust issues.
And obviously all the bigger systems like this are centralized. The most known is GitLab, but a list would be here: https://stackoverflow.com/a/24256558
Self-hosting of repositories or spinning up a server is a solution to the problem of censorship, but most people won't bother running their own servers.


No, you host your own Git server (Gitea). That is what I and many others did when Hollywood came knocking on youtube-dl's door.

As far as Bitcoin the currency is concerned, it's not a mixer or a "laundromat", so it has nothing to fear. Even in a hypothetical situation, we can fight back, print shirts and all kinds of stuff with Bitcoin Core source code on it, just like the 90's cypherpunks fought back for PGP.

For ordinary individuals like myself who are not developers, self-hosting of a Git server is more of an overkill. I have been thinking about writing a simple bash script that would make automatic backups of the bitcoin repository and put them on an external hard drive. This way, I would ensure that I can access the code regardless of what the US Government thinks about bitcoin.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
it would be simple to just port it to another website that is not github, like gitlab,
For what it's worth in this context there is no difference between github and gitlab since both of their companies are located inside United States so any laws applied to github should also be applied to gitlab.

...Which is why I told everyone to host their own Gitea server. It's not some read-only mirror that lets people download the source code, it lets people sign up and commit code to it, and not only that, but it has access control for multiple repos and IIRC they can even open their own style of issues and PRs.
legendary
Activity: 3472
Merit: 10611
it would be simple to just port it to another website that is not github, like gitlab,
For what it's worth in this context there is no difference between github and gitlab since both of their companies are located inside United States so any laws applied to github should also be applied to gitlab.
hero member
Activity: 1008
Merit: 960
Recently, US Treasury Department has put sanctions[1] on Ethereum mixer Tornado Cash, taken down their website[2], added all associated with the mixer addresses to the OFAC SDN list, and also, which is more important for this topic, compelled Microsoft to suspend Tornado Cash's Github account[3], all repositories and accounts of code maintainers[4]. It is important to emphasize that Tornado cash is not a company but a smart contract that no particular person controls; it is essentially as censorship-resistant and decentralized as the underlying blockchain upon which it is built. In other words, it cannot be "banned" easily.

So, the question that bothers me is could the same happen to Bitcoin? What will happen to Bitcoin if the US Government suddenly decides to take down its Github repos? What if they ban all contributors, maintainers, and lead developers? Is there a place where the bitcoin codebase can migrate to? Are there other code hosting platforms besides Github that are not based in the US or upon which US Government sanctions have little to no influence? Is it possible to build a decentralized and distributed code hosting platform that no one can censor or shut off?


[1] https://www.coincenter.org/u-s-treasury-sanction-of-privacy-tools-places-sweeping-restrictions-on-all-americans/
[2] https://web.archive.org/web/20220808144431/https://tornado.cash/
[3] https://github.com/tornadocash
[4] https://nitter.net/semenov_roman_/status/1556717890308653059

Well, git works in a decentralized manner. This is independent of github, which is just a website.

It's not like, say, subversion (SVN) where you have a server with all the story of the code and you just get a part of it locally. With git, every person that has cloned the source code has a full copy of the entire history of the source code. By the way, Bitcoin was first released via SVN in SourceForge. Times have changed, and now the main Bitcoin client is developed with git on github.

The important thing is that every developer has a full copy of the source code, so it would be simple to just port it to another website that is not github, like gitlab, or literally you could host it in any custom server you want. There's nothing magical about github, it's just very popular.
hero member
Activity: 2660
Merit: 651
Want top-notch marketing for your project, Hire me
The one thing I learned is that you can never compare Bitcoin with other cryptocurrencies in the market. Yes, Tornado cash was a decentralized, non-custodial privacy solution operated through a smart contract but they know the team who created the platform, and want they want is for them to shut it down just like they did with Blender.
About you bothering if all contributors, dev, etc of Bitcoin are taken down someday?

"Que Sera, Sera and remember the future is not ours to see."
legendary
Activity: 1456
Merit: 1175
Always remember the cause!
The got you use/call from the command line is still fully open sourced afaik from when Linus made it.

The server was open sourced too afaik so that can be freely installed or run anyway by the developers (there may be ways it can be easily decentralised and run on core if the community wants to).
You are right, the core engine is opensource but Github is a proprietary web application with so many features besides being truly a hub where millions of devs are collaborating, years, "GatesHub", made me angry by applying stupid restrictions because of my nationality, an obvious act of discrimination, so I decided to do some research even started designing an alternative application based on GIT engine, documenting some ideas, planing a roadmap, stuff, but I couldn't convince a single investor to support, I'm used to reaching this point, dozens and dozens of projects with no sponsor, so, I moved on.

I'm curious tho, amid escalated regulatory threats and the way scam coin lobbyists are doing their nasty job, is it the right time for me to resume my decentralized Git application project?

"GatesHub" sounds funny, BTW
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Not much.

For many (most?) BTC users I don't think it would matter. They are using some wallet or exchange that has nothing or very little direct interaction on github.

Think about it, how many people are REALLY building core from source? Same with electrum and most others, they click a download link and move on. The downloads can be re-directed somewhat quickly and easily and the development moved elsewhere in a few days / weeks. So development would pause / slow for a while as people transitioned to another service and then everything would continue as it was.

BTC price would probably take a hit as everyone ran around panicking but beyond that, not much else would happen in my view.

-Dave
legendary
Activity: 2212
Merit: 7064
So, the question that bothers me is could the same happen to Bitcoin? What will happen to Bitcoin if the US Government suddenly decides to take down its Github repos?
Microsoft is going to create their own version called Billcoin, because they own Github anf they are the ''good'' guys Tongue
Seriously now, people should think about making transition from Github to Gitlab and other self-hosted alternatives.
It's unlikely this would happen for Bitcoin, but it could happen for many Bitcoin related services and exchanges, so it's better to be vigilant in time.

What if they ban all contributors, maintainers, and lead developers? Is there a place where the bitcoin codebase can migrate to? Are there other code hosting platforms besides Github that are not based in the US or upon which US Government sanctions have little to no influence? Is it possible to build a decentralized and distributed code hosting platform that no one can censor or shut off?
They have no reason to ban Bitcoin developers because they are not doing anything illegal, but in theory they can make anything illegal, even breathing.
Git is already decentralized by design, and there are some hosting option based on ipfs or onion that can be used, and anyone can host their own version.
It's a game of cat and mouse, they can't stop torrents for so many years and they won't be able to stop Bitcoin for sure.

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Are there other code hosting platforms besides Github that are not based in the US or upon which US Government sanctions have little to no influence?

Aside from self-hosted/decentralized solution, Codeberg[1] which operated on Germany could work. I've no idea how they handle sanctions law though.

Are there other code hosting platforms besides Github that are not based in the US or upon which US Government sanctions have little to no influence?
Back to India! SourceForge!

Link you mentioned also say SourceForge comply with U.S sanction list.

It is an open question though, how much bitcoin ecosystem is addicted to github, and what is the cure?

I'd say it's very dependent on GitHub. Aside from Bitcoin Core which have lots of mirror, i found almost all Bitcoin-related source code on GitHub.

[1] https://codeberg.org/
[2] https://docs.codeberg.org/getting-started/what-is-codeberg/#what-is-codeberg-e.v.%3F
legendary
Activity: 1456
Merit: 1175
Always remember the cause!
OP,
I started the topic @pooya87 referenced above,  eventually mods for an unknown reason decided it as being off-topic: https://bitcointalksearch.org/topic/github-is-shitty-why-not-a-decentralized-solution-5169284 I wish yours not to end that way.

That said, it is more than obvious that github is the worst option to rely on for development if you get too addicted and dependent. It is an open question though, how much bitcoin ecosystem is addicted to github, and what is the cure?
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
It is important to emphasize that Tornado cash is not a company but a smart contract that no particular person controls; it is essentially as censorship-resistant and decentralized as the underlying blockchain upon which it is built. In other words, it cannot be "banned" easily.
I don't think it is legal for Tornado Cash to be on the OFAC SDN list. I don't think it meets the criteria.

The fact that Tornado Cash is not an actual entity (nor a person) makes it difficult to get it off the SDN list. I am not an expert in the relevant law, but most likely, someone who sends/receives coin to/from the Tornado Cash smart contract and subsequently encounters problems would need to pursue litigation.

Tornado Cash has essentially been "banned" via intimidation. That means the US government is threatening severe consequences for using this particular smart contract. From a technical perspective, nothing is preventing an arbitrary person from sending an arbitrary amount of coin to the smart contract address, however, I think few (if any) people will because of these threats.


So, the question that bothers me is could the same happen to Bitcoin? What will happen to Bitcoin if the US Government suddenly decides to take down its Github repos?
See my above comments. The Biden administration is not exactly known for its competence, or its ability to follow the law. From a technical perspective, many people have copies of the code for bitcoin core, and people would need to obtain the code from what they believe to be a reliable source if they need the code for whatever reason. However, I would again refer you to my comments about the intimidation by the US government.


And yet CoinJoin projects on GitHub like Wasabi are never shut down. Hmmm. LOL.
Using automated tools, it is possible to match the inputs and outputs of CJ and Wasabi transactions.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
The got you use/call from the command line is still fully open sourced afaik from when Linus made it.

The server was open sourced too afaik so that can be freely installed or run anyway by the developers (there may be ways it can be easily decentralised and run on core if the community wants to).
hero member
Activity: 1008
Merit: 629
 I feel the actions taken by OFAC are necessary as it could help solve the issue of cybercrimes. Tornado cash seems to be getting notorious for the wrong reasons, as it is.
 The Ronin network heist that saw users and the company lose over $615m was made possible by this tornado cash amongst other crimes and unfortunately, well meaning Americans who use this mixer have seen their accounts banned.
 I strongly doubt if such a thing happens to Bitcoin will hold much ground because it has gained much popularity and countries are embracing it
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Are there other code hosting platforms besides Github that are not based in the US or upon which US Government sanctions have little to no influence?
Back to India! SourceForge!

No, you host your own Git server (Gitea). That is what I and many others did when Hollywood came knocking on youtube-dl's door.

As far as Bitcoin the currency is concerned, it's not a mixer or a "laundromat", so it has nothing to fear. Even in a hypothetical situation, we can fight back, print shirts and all kinds of stuff with Bitcoin Core source code on it, just like the 90's cypherpunks fought back for PGP.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
It is important to emphasize that Tornado cash is not a company but a smart contract that no particular person controls
It can't be a smart contract no particular person controls, because someone just controlled it. Banning repository, the main site, the developers etc., would only make it harder to access their software, but if it had been used by thousands of users already, it could also be reused.

This is the same as banning JoinMarket from every clear net site. You've made it more difficult to do CoinJoins, but you haven't prevented its users (makers and takers) from re-sharing the source code, or even stopped their activity.

Are there other code hosting platforms besides Github that are not based in the US or upon which US Government sanctions have little to no influence?
Back to India! SourceForge!
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
So, the question that bothers me is could the same happen to Bitcoin?

I don't think so. Bitcoin is not illegal and its current direction is getting adopted by large institutions. They can easily lobby against this kind of measures if it's the case.

What will happen to Bitcoin if the US Government suddenly decides to take down its Github repos?

Take down is not likely, maybe restricted access, but that means that reading is still possible.
If it's indeed taken down then internet archive still exists, many people also have local backups... it may be a small setback, but far from "the end of the world".

What if they ban all contributors, maintainers, and lead developers? Is there a place where the bitcoin codebase can migrate to? Are there other code hosting platforms besides Github that are not based in the US or upon which US Government sanctions have little to no influence?

In theory anyone can host a system similar to Github on his computer, just if it's not publicly visible there may come trust issues.
And obviously all the bigger systems like this are centralized. The most known is GitLab, but a list would be here: https://stackoverflow.com/a/24256558

Is it possible to build a decentralized and distributed code hosting platform that no one can censor or shut off?

Probably. But first the decentralized file system platforms need to become more robust/reliable, not just new wannabe projects. Also I expect that using such services cannot be for free.
legendary
Activity: 3472
Merit: 10611
Recently, US Treasury Department has put sanctions[1] on Ethereum mixer Tornado Cash, taken down their website[2], added all associated with the mixer addresses to the OFAC SDN list, and also, which is more important for this topic, compelled Microsoft to suspend Tornado Cash's Github account[3], all repositories and accounts of code maintainers[4].
And yet CoinJoin projects on GitHub like Wasabi are never shut down. Hmmm. LOL.

Quote
So, the question that bothers me is could the same happen to Bitcoin?
Yes.

Quote
What will happen to Bitcoin if the US Government suddenly decides to take down its Github repos?
The source code would start being shared on another website. Some issues or PRs may be lost in some projects that don't have a backup (can you even backup PRs or issues from GitHub?).

Quote
What if they ban all contributors, maintainers, and lead developers?
They can't ban "all" of them since a lot of Bitcoin developers don't even live in US or in US jurisdiction.

Quote
Is there a place where the bitcoin codebase can migrate to?
I don't think developers are going to migrate just because of this!

Quote
Are there other code hosting platforms besides Github that are not based in the US or upon which US Government sanctions have little to no influence? Is it possible to build a decentralized and distributed code hosting platform that no one can censor or shut off?
There was a topic about this a while ago when GitHub restricted a lot of accounts:
https://bitcointalksearch.org/topic/github-is-shitty-why-not-a-decentralized-solution-5169284
legendary
Activity: 3528
Merit: 7005
Top Crypto Casino
My first impression of your post, OP, is that you're jumping way ahead with that last part of it.

I'm not familiar with tornado cash whatsoever, and I'm pretty ignorant about smart contracts too, but I did take a look at the article and I think what needs to happen is for this action to be challenged via the legal system, lest it set a precedent that might put into motion all of those github removals and negative actions against bitcoin that you suggested could happen.

Does the large and wonderful land of bitcoin happen to have a group of legal scholars who would take on a case like this?  I've always thought bitcoin needed powerful lobbyists to fight for fair regulation and such.  I know there are people like the Winklevoss twins and some OG whales that have some pull, but this seems like there's a need for pro-crypto lawyers.

Anyway, thanks for posting this info.  I'm kind of curious as to what, if anything, is going to come of this action.
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
Recently, US Treasury Department has put sanctions[1] on Ethereum mixer Tornado Cash, taken down their website[2], added all associated with the mixer addresses to the OFAC SDN list, and also, which is more important for this topic, compelled Microsoft to suspend Tornado Cash's Github account[3], all repositories and accounts of code maintainers[4]. It is important to emphasize that Tornado cash is not a company but a smart contract that no particular person controls; it is essentially as censorship-resistant and decentralized as the underlying blockchain upon which it is built. In other words, it cannot be "banned" easily.

So, the question that bothers me is could the same happen to Bitcoin? What will happen to Bitcoin if the US Government suddenly decides to take down its Github repos? What if they ban all contributors, maintainers, and lead developers? Is there a place where the bitcoin codebase can migrate to? Are there other code hosting platforms besides Github that are not based in the US or upon which US Government sanctions have little to no influence? Is it possible to build a decentralized and distributed code hosting platform that no one can censor or shut off?


[1] https://www.coincenter.org/u-s-treasury-sanction-of-privacy-tools-places-sweeping-restrictions-on-all-americans/
[2] https://web.archive.org/web/20220808144431/https://tornado.cash/
[3] https://github.com/tornadocash
[4] https://nitter.net/semenov_roman_/status/1556717890308653059
Jump to: