You're listening to Bottom Shelf Bitcoin, Episode 27.
Hey everybody, welcome back to another episode of Bottom Shelf Bitcoin, the podcast that
puts Bitcoin knowledge within everyone's reach.
As always, I'm your host Josh Humphrey and today with me is Infrastructure Engineer at
CASA, among other things, Jameson Lopp.
Jameson, welcome to the show.
Great to be here.
So I kind of want to talk to you.
I saw your recent article about your swatting and I know you've got the project on physical
Bitcoin attacks.
And so I'd like to kind of talk about that stuff today.
But before we get into that, can you kind of share your background of how you got into
Bitcoin and maybe what you do or what you did prior to Bitcoin and then kind of what
you've done since then?
Sure.
I mean, my background before Bitcoin was pretty boring.
I was a backend engineer doing large scale data analytics for an email marketing company.
So basically using a lot of distributed technologies back in the day when cloud was something that
most people had never heard of just to process terabytes and petabytes of information so
that people could better target their marketing efforts online to get you the spam emails
that you were most likely to click on and buy stuff from.
So I was never particularly passionate about that as a career.
It just happened to provide a lot of interesting computer science problems from a scalability
standpoint and somewhere along the way I saw a Slashdot article or a Hacker News article
or something where it was talking about Bitcoin and this was not the first time that I had
heard about it.
It was just for some reason I realized that this Bitcoin thing was coming back and coming
back over and over again and it was not dying off like I had expected.
So that's when I really started looking into it and going down the rabbit hole and just
trying to understand how it was working and that resulted in me forking Bitcoin Core so
that I could add a bunch of metrics and I called that project Satoshi and created operational
dashboards which were basically reminiscent of some of the stuff that I had been doing
during my day job and it just kind of kept going from there.
I kept spending more and more time digging into the technicals and doing a couple of
open source projects and then eventually the ecosystem grew large enough that I realized
I could probably be getting paid to do this full-time and so I've been a full-time wallet
engineer for about three and a half years now.
You were previously at BitGo but you're currently at Casas.
You want to just kind of give us a brief overview of what Casas does?
Sure, so there's a lot of overlap in a similar wallet technologies I guess in that BitGo
and Casa are both non-custodial multi-sig wallets meaning that these sets of public-private
key pairs are distributed across multiple entities so that you never have a single set
of keys or enough sets of keys on a single machine that a hacker could get into and then
just you know steal all of your crypto assets.
So BitGo is very enterprise focused.
They're powering a lot of exchanges and other large payment processors basically working
as an automated solution to try to allow these entities to have hot wallets that can do deposits
and withdrawals in an automated fashion while still having a better level of security than
just having all of your keys on that server because after all I think pretty much everybody
is aware of the exchanges that keep getting hacked over and over and over again.
They're huge targets because they have so much money and we did a lot of great work
there at BitGo.
You know it wasn't perfect.
Sometimes customers still manage to shoot themselves in the foot despite our best efforts
but I think you know we did help secure the ecosystem pretty well from a high level and
eventually though I felt like the enterprise side of things was coming along very nicely
and maturing but I felt like the personal individual side was still fairly lacking and
so started working at CASA earlier this year and CASA is more like a vault product where
it's a 305 multi-sig setup but this wallet is backed by multiple hardware key management
devices like Ledger and Trezor and the idea being that you as an individual will have
multiple hardware devices that you distribute geographically and this gives you a level
of redundancy and security that the vast majority of people in the crypto world don't have especially
if they're trying to quote unquote be their own bank and really what we're just trying
to do is make really high security key management attainable for the average individual that
isn't a super nerd and so the whole thing about the you know be your own bank in Bitcoin
is that it's always been possible to do but in the early days it usually required you
to use like a lot of command line tools and figure out how to generate private keys manually
and print them out on a piece of paper and it just takes a lot of work.
Even these days you know the best thing that the average person can do is probably buy
a Ledger or Trezor and that gets you pretty good usability and great security but we want
to take a step further and also basically help the user with all of the best practices
both like IT practices and general security practices that we're trying to bake into the
software so that they can just follow the instructions on the screen and have really
good security without having to do a lot of education and like regular maintenance to
be sure that their wallet is in a good state.
I think the more that everyone can make things user-friendly and I don't mean like water
things down or dumb them down but being able to make things simple while still being secure
is always a good thing.
So okay so let's kind of talk about I don't know what if you would rather talk about your
article and the experience first or your physical Bitcoin attacks project I mean I can only
assume that this project on GitHub this list comes out of somewhat your personal experience
as well.
Yeah I mean it's all related I think that it's really more related to what I've been
doing you know from the career standpoint while you know the incidents with the law
enforcement showing up at my house was it seemed like it was probably related to someone
trying to extort me due to the messages I received that was not really I think the primary
motivation I think it was really more to someone try to screw around with me because I made
them mad but it really did show that there is this physical side of the operational security
that you need to be worried about and it's not just related to like how much money you
have but it can be related to if you're a controversial figure on the internet and you
know once I started looking into like swaddings in general and a lot of the people who have
had to go through this most of the time when it happens it's just because you made somebody
angry and they want to hurt you but they don't want to put in the time and resources and
risk their own life to come and physically attack you they want to you know basically
leverage resources of the government to point them at you and target you.
Yeah and for anybody who's listening who doesn't know what swadding is basically somebody calls
and makes fake threats or whatever as you or some other way gets law enforcement called
out to your residence is that a good way of summing that up?
Yeah pretty much is that they come up with a reason to make it seem like there's an emergency
at your residence so of course the tricky thing is first they have to find out where
you live but for a lot of people that's probably very easy to do and so that that has led me
to look more into the privacy side of things as well and you know I'll be releasing more
information about you know what I've learned from that and how difficult it really is to
maintain your privacy in the real world these days.
Yeah that's something I've been thinking about especially since reading your article it's
like you know every time you buy something online maybe with the exception of buying
with Bitcoin right but if you buy something with physical I mean with with fiat especially
if you're using some kind of credit card online then you've got to put or anything that you
have to have shipped to your house it's you know you're putting your physical address
in there and then any of those places that get hacked can list your you know someone
can get access to your address.
I'm sure there's other ways that I haven't even thought of that we're putting our physical
address out there as well.
Yeah I mean it's not even clear how many different ways your data can leak but you know you can
go to various websites that that's all they do is they compile data from as many sources
as they can get their hands on and then you pay them like fifty bucks and you can get
a full data dump on basically anybody that you want and that's just at the you know really
easy level of like people who know how to use Google and then if you start extending
past that to like darknet stuff you know you can find all kinds of data dumps from all
kinds of different merchants and other service providers and so it pretty much comes down
to you know any data that you put out on the internet even if it's through like an encrypted
secure connection that's going into some database somewhere which in all likelihood over a long
enough time frame is eventually going to get leaked out onto the internet.
It's interesting to me I wouldn't think you're a controversial figure.
Well at least within the crypto circles you know things can get very controversial especially
when you're talking about like the future direction of the protocol and of course this
is a system where we're talking about the future of money and there is a lot of money
on the line and you know a lot of the people who got into it in the early days and hopefully
even today were very ideologically motivated and so as a result they can get very heated
when you start talking about even if you're talking about technical changes it often comes
down to ideals and perspectives that are very deeply rooted in the individual themself and
so the technical arguments can very easily devolve into ideological arguments and I think
that that's what ends up creating like some of the splits and forks that we've seen happening
is because eventually one group of people gets so frustrated and feels like you know
the other side isn't compromising with them then they end up having to use their only
other option which is to basically leave and create their own new system.
I'll have your article in the show notes for everybody listening and I think you guys should
go listen.
I mean go read the article but walk me through like what goes through your head when you
pull up in your neighborhood and you know they've got the whole thing blocked off.
Well I certainly was not thinking oh this is related to me I figured oh somebody is
in trouble you know they've pissed off the police and now the whole neighborhood is locked
down you know it probably took like another 10 minutes or so before we finally figured
out that you know it was me and that was the point at which I ended up going and talking
to them and you know the very first thing that they asked me was if I had any enemies
and I was like well I could probably you know think of a few or at least a few anonymous
online people who might want to screw with me like this.
Yeah you know and see this is what's I guess scary to me is that there have been incidents
where let's say the law enforcement in that area is a little more trigger happy and you
know people end up hurt or are dead.
Definitely and that's why it's something where well when you look into the laws there are
various states I think that have enacted more strict punishment for this type of thing and
it's all on the Wikipedia for swatting by the way and I think that like California was
one of them that did that and the actual representative or the legislator who like proposed the bill
that made the punishments more severe she ended up getting swatted like within a few
days it was kind of weird but you know just looking through all of the different publicly
cataloged as incidences it's very interesting how much similarity there is and how it seems
like there's still nothing that law enforcement has really done to try to counter any of this.
I guess that it simply hasn't happened at a volume and scale that law enforcement has
been forced by you know the public to have to deal with it better.
And I'm sure some of that is that it's distributed across the country right I mean like for there
to be any kind of real like I'm sure that some place like California or whatever if
they're seeing it enough then they're going to do something about it but if it's not taking
place enough in your municipality or your state then they're not going to do it and
so as these things are more spread up you know spread out across the country we see
it by nature of social media or whatever and so we might get a conglomerate of it across
the nation but you know our local law enforcement or whatever doesn't see it enough to really
do something about it.
And the other side is it's difficult to trace back you know the person who initiates this
isn't it?
If they did it correctly yes I mean sometimes it is just like a stupid kid who doesn't have
any sophistication whatever and they actually use their real phone and of course they get
caught very quickly but I suspect you know there are some people out there who know how
to hide their tracks and they probably do this on a regular basis whenever somebody
anchors them and I just I think that people haven't quite extrapolated how this might
evolve in the future and I think I had a tweet where I was basically saying that it's not
hard to imagine in the near future just with a few more tools and we're already getting
there where you can you know simulate a very believable human voice and you know artificial
intelligence that's at least smart enough to pass the Turing test for you know maybe
a minute or two especially if it's a highly specialized thing and I could very easily
imagine people just spooling up thousands of instances of specially engineered very
narrow artificial intelligence bots that are designed for you know swatting type attacks
and they're just calling up all of the emergency centers all over the country or all over the
world and basically creating a denial of service attack that costs very very little from an
engineering standpoint and yet they'd be able to pull it off with very low risk of actually
getting caught themselves.
Yeah it's very asymmetric because then the what it costs to deal with it is much much
more for all these different cities and states and whatever.
So maybe once that happens law enforcement will actually make some changes because they'll
be forced to deal with it they simply won't be able to ignore it at that point.
Yeah does that say something more about just the nature of how fast a big response like
a SWAT team or something comes out?
I guess you mean in terms of how quickly those resources get deployed by local law enforcement?
Yeah and how fast they escalate I mean I know I mean thank God yours didn't end in anybody
getting hurt or killed but I mean I've read of other things that did and it's like you
know they were very quick to to fire and it seems like there's not much repercussions
on either individual officers or the agencies that employ them when when things go south
and it was all you know nobody was actually committing a crime.
Right because you know law enforcement officers have this degree of protection from the state
like the state wants to protect its agents that are doing the will of the state and so
even when there is you know injury or even death caused by an agent of the state if there's
even a slight degree of like you know plausibility that that agent had a right to believe that
they were in danger and you know in a case like this it can be simply that you know they
received a call that made them believe there was a very high risk threat in the area that
you know the the agent was basically doing what they had been trained to do and so you
know it really requires a very I guess outlandish degree of gross negligence in order for agents
of the state usually to end up with penalties because they have such a shield of protection
around them you know in a lot of cases even if they did obviously make a very wrong decision
at the time what you see with with a lot of these officers is that they will get basically
you know discharged from their local agency but just get picked up by some other agency
in the nearby vicinity with within a pretty short time frame and that you know there are
some folks like this who basically repeat offenders and just hop around throughout their
entire career possibly until they do something so bad that they actually end up in prison
I'm just trying to think like what what can you do specifically to this like what can
you do to kind of protect yourself from such a scenario and I don't know I mean unfortunately
it really requires starting your life over the the vast majority of people at least in
the United States because that's what I'm familiar with are already in so many databases
that if someone wants to find you especially if it's someone who knows how to search through
information online then they will probably be able to find your physical address and
once that's done it's not hard to find the like non-emergency phone number to your local
law enforcement and then make a call that gets escalated to the emergency department
and so really the the only defense is is a level of protection on your privacy that takes
a lot of effort a lot of time and money and and I've spent quite a bit of time and money
this year figuring out how to do that and I'll be giving a presentation at the let's
see what's the the conference in Latvia the the Baltic honey badger conference okay cool
will that be will that be streamed or recorded or something for those of us who can't make
it yeah I'm sure it will be recorded and then I'm also I'll have a very very long detailed
blog post that's currently at like 5,000 words of every single possible like data leak that
you would have to worry about if you want to be extremely paranoid about your operational
security and your privacy awesome very cool okay well well then let's let's kind of transition
then into just general like what are some basic whether digital or physical like opsec
things that that most people just don't do or would be a good basis to start on yeah
so while I was doing all of this research and setting up all these new like privacy
protections for various aspects of my life I noticed a few different patterns that were
coming up one pattern is the the proxy pattern where basically instead of doing something
yourself you have a proxy you know a third party who's actually undertaking those actions
and so if you're technical you're probably thinking of a network proxy right now and
most technical people are familiar with things like VPNs virtual private networks or TOR
which is the onion routing network and and those are things that give you additional
privacy while you're browsing on the internet because basically you're routing all of your
traffic through some other server so that the the end server that you're talking to
whatever website or other service does not see your real IP address they only see the
IP address of whatever you're being routing your traffic through and that type of of strategy
is actually applicable to a number of things in life and so I have ended up using proxies
for a lot of other things that I've been doing like anything that is creating a public record
basically so for example it in America at least you're you have something called real
property which is things like houses and automobiles these are things that you have to pay property
tax on and they're registered with different government entities and so I use proxies now
for my ownership of real property none of my property is owned by me in my name but
rather by other entities that I've set up that can't be tracked to me that don't have
my name on them and then also I've I've been using proxies like lawyers to interact with
other third parties that are you know providing services for me so that you know if I have
a service provider I'm not directly interacting with them they don't know that they're providing
a service for me they only know that they're interacting with my attorney or some other
proxy for example and you know there's countless other examples that I'll go into more detail
but then another strategy is the like hide in the crowd strategy the you know don't do
anything out of the ordinary make yourself blend in and and so you know one example of
that is you know if you're walking around or driving around you're not going to find
me unless I'm at a conference or some special event I'm not going to be wearing like crypto
branded clothing I don't want to have like a bitcoin bumper sticker or license plate
on my car anymore which by the way I did for about five years I had the bitcoin license
plate and so I was doing that from a like a marketing perspective it was obviously bad
operational security but it was a trade-off that I was making and it you know it started
a lot of interesting conversations and and so it's just like something to think about
like as the environment continues to change and this is one of the reasons I started you
know cataloging those physical bitcoin attacks is because I felt like we were getting to
the point where you're more ordinary criminals we're starting to understand that crypto owners
might be very juicy targets because they're in some cases they can basically be like banks
that are walking around but they don't have bank level security yeah so this is an interesting
thing and I and I did kind of want to get your perspective on this but like because
I've heard some people talk about like oh it's not something we should be ashamed of
putting you know wearing bitcoin shirts or hats or whatever because you know if we if
enough people do it then we normalize it and it doesn't mean anything in the in the same
way that you know if somebody walks around with a shirt with the dollar sign on it it
doesn't necessarily mean that they have a lot of money what are your thoughts on that
well I mean and hopefully we do get to that point someday but right now we're in a much
riskier early adopter phase and and it's kind of like you said like once it becomes normal
then like people aren't going to be walking around with it emblazoned logos unless you
know unless they're part of a subculture that glorifies money I guess yeah it's you know
if crypto does get to the point that it's mainstream you know that is probably when
it's going to be boring and just like now like up before crypto like the only people
who really talked about money or usually like economists or potentially like financial instrument
traders you know just general like finance types but like pretty much everybody else
in the world would never talk about hey let's talk about the dollar or the yen or the pace
or whatever it's like it's not that interesting it's just a tool and you use it and you go
about your lives and you know hopefully hopefully bitcoin will get to that point eventually
yeah so you don't wear your uasf hat when you when you go out to the store I guess well
that one you can get away with because most people just think you're like dyslexic and
that it's an air force hat do you ever get thanked for your service I definitely had
a number of people ask me if I wanted the military discount oh man that's funny okay
so you mentioned your your physical bitcoin attacks project now how many okay so briefly
for those who haven't seen it you've you've got a kind of a chronological list with links
to articles about known physical attacks on people for the purpose of stealing bitcoin
or other cryptocurrencies and when did you start this um I think it was just a few months
ago yeah it was like late spring of 2018 gotcha so and how many let me see I had it pulled
up a minute ago how many cases do we do you have on there right now last I checked I thought
it was approaching 40 it was like 30 to 40 now like one of the reasons that I sat down
and actually started cataloging it was because I had been saying for a while that I felt
like the number of physical incidents in this space was accelerating but of course the you
know having a feeling isn't really good enough so I wanted to actually get some hard metrics
on it I will say it seems like they've died off over the past month or two at least I
haven't heard of anything of course that doesn't mean that they are stopping or slowing down
some of these things we don't hear about until a lot later and also I think that the ones
that I've cataloged are you know probably just a small minority of the ones that have
actually happened like these are the ones that received news coverage or got some sort
of publicity but you know I am aware of you know through the grapevine a number of other
incidents where people just haven't publicized it usually because they're too embarrassed
to talk about it or because they don't want to make themselves even bigger targets and
so I think especially if you start looking at the local bitcoins forums for example there
are a lot of physical robberies that happen using these various face-to-face peer-to-peer
trading platforms and that's because it's a way for you to anonymously meet with someone
who is going to be bringing a lot of money with them and so you know it's a very easy
way to find new targets and I think there's a lot of robbery stories that are posted on
there that I simply could not verify and so you know did not add to my list but I suspect
that there's probably quite a few more that have happened out there that no one has even
spoken about.
Yeah so and I haven't used local bitcoins myself mostly because I don't live in a big
city where there's really much of an option there so I don't know maybe you've used local
bitcoins like and if you have like what do you think what's what are what are good things
to do if you're going to I guess on either side of the sale whether you're the one bringing
cash to buy bitcoin or you're the one selling bitcoin for large sums of cash like what are
things you can do to help protect yourself?
Yeah I've actually never done like face-to-face transaction I never really had the need to
but you should just follow like some general safety guidelines and in fact like a lot of
law enforcement departments they post information though generally they're going to say you
know if you're doing a Craigslist transaction or whatever but the same the same concepts
generally apply and so one thing for example is you could actually check to see if your
local police department has a quote-unquote like safe purchase zone where I've seen especially
in the bigger cities the the headquarters of the police department will have like a
place where you can go meet up with someone and do your your transaction right there you
know at to the headquarters of the police department or you know you could potentially
do it in a bank or some other place that's public that has you know surveillance cameras
you know so that you you may not be able to stop someone from robbing you but you would
at least have enough information to help investigators try to track them down after the fact you
know and then finally of course you know if it's applicable to you you you should probably
know how to defend yourself be able to defend yourself if something goes sideways but that
that gets into you know more philosophical quandaries where some people don't want to
go down that path.
Oh you mean like carrying or knowing martial arts or something like that?
Absolutely and of course it gets really interesting when you if you start looking at how over
the counter trades happen sometimes where I've heard some stories of you know trying
to do a 100 million dollar bitcoin trade like how do you how do you do a trade for that
much money with someone that you don't know and don't trust and I've seen some very complicated
protocols get set up from where you know you have you know like 10 different people involved
and you're like renting out hotel rooms and you're doing these swaps of like briefcases
of money like you know a little bit at a time but I think the average person won't have
to deal with that but you know it kind of does come up with deciding upon a certain
protocol of how to interact with each other.
Yeah I saw I think you had tweeted out at one point and had your training mannequin
posted for your what do you you Krav Maga or something like that?
That's right.
So you're you're prepared clearly.
I try to be.
Yeah so and I guess this kind of depends on your where you live too and what the local
laws are as far as as you know concealed carry or something along those lines.
I live in Texas so you know they're pretty.
You're set.
Yeah so and and kind of that's nice in the sense that like everybody just if you're intelligent
you should assume that anybody could be carrying but kind of going back to the signaling and
and just you know trying to be the gray man and not stand out in a crowd I had talked
to Ansel Linder about this one time but we were talking about you know being and you've
run into this like being I guess having your name out there at some point kind of also
puts a certain risk on your family as well and how do you deal with that?
Yeah I mean it's just kind of a paradox where as as soon as you start talking publicly about
crypto then you kind of become a target and of course if you've been talking about crypto
for quite a few years then the immediate assumption that potential attackers are going to have
are that oh you know you bought a ton of it right when you started talking about it and
you never sold any of it and so you've probably got millions and millions of dollars and you're
a juicy target.
So I think the smartest people are the ones that have remained anonymous you know.
I interact with pseudonyms on a daily basis and I would say there's a number of pseudonyms
who I trust more than a lot of people who I know they're like real registered government
identity.
It's kind of interesting how that works out and I've even gotten to meet a number of them
face to face and you know I actually know what some of them look like but I still don't
know who they are but it doesn't matter.
Yeah if you're going to be more public and especially if you're going to be more like
outspoken and controversial then you do have to think about potential ripple effects of
how your own actions might result in you know more stress on your family.
This kind of brings it full circle but you know I guess the other thing is making it
difficult you know God forbid you should be in a situation where somebody you know has
a physical advantage over you and wants your you know wants to get your Bitcoin or your
crypto or whatever you know you kind of talked to at the beginning about what you guys are
working on at CASA and so what are some things you can do should you find yourself in that
situation.
What are things you can do ahead of time to prepare to make it more difficult in that
situation for someone to be able to get your crypto.
Right I mean ultimately you have to set up your vault per se so that you don't have
direct access to it very easily.
Like that's the only way to prevent an attacker from you know using the $5 wrench attack or
rubber hose attack or whatever you want to call it on you is that if you can't physically
comply with that.
And of course there's no perfect answer to this.
You start going down a lot of different like logical forks of how situations like that
might play out with well you know the attacker is not going to be happy if you say I have
nothing for you so maybe you should have a small kind of token wallet to you know give
them a little bit of a bribe to make them go away.
And you know there's no guarantees I mean obviously what you want to do is prevent yourself
from ever getting into that situation in the first place.
So then you know starting to talk about decoy wallets or whatever I don't have a lot of
faith in those because I've never been in that type of like life or death situation
but I suspect that it would be very difficult for you to like remember other pins or other
passwords or whatever to like open up decoy wallets and appease your attacker.
So I think it's just a lot simpler to say okay you know we're going to set up the wallet
in a way that you just you don't have enough key material to access it without jumping
through a lot of hoops and you know traveling around geographically and going into multiple
access controlled locations.
Yeah so the thing with decoy wallets also kind of going back to what we talked about
about being a public figure you know with that same assumption that you talked about
earlier that they might have made that like oh you're a public figure and you've been
in this for a while so I'm assuming you have you know hundreds of thousands or millions
of dollars in crypto.
I just don't see somebody buying that like oh well you've only got a hundred or two hundred
dollars in this you know other wallet that you're giving me.
So I just I think maybe for like a random mugger maybe they you know and I guess that
goes back to like you know if you're wearing a shirt that says Bitcoin on it and a random
mugger comes up then they might be fooled but an informed attacker I just I don't see
being fooled by that.
Yeah and that's the thing though is that you know in most cases we have no idea how much
money other people in the space have but I'm aware of a few very well-known folks in the
space who have been in it a lot longer than I have who have very little crypto because
they basically were living on it and so you know they had to liquidate a lot of what they
got over the years.
I guess the most famous example of that was Andreas Antonopoulos where someone I guess
well I guess yeah it was like Roger Ver.
It was Roger yeah.
I was accusing him of like not investing enough in Bitcoin early on and fortunately slash
unfortunately for Andreas he ended up getting gifted like a million dollars worth of Bitcoin
so now I guess he really is more of a target so that's kind of a weird gift now he has
to deal with the you know repercussions of everybody knowing that.
Or although I guess depending when was that that was like November or something like that
so it may have gone down some since then so yeah yeah.
So should all of us podcasters like go back and start our life over you know secret life
and just delete everything that we've done up till now.
It's another one of those paradoxes I guess of like it's not worth doing until you have
so much attention that people are going to try to attack you but how do you know that
you have generated enough attention that people are going to attack you until it actually
happens and so like I've had people ask me things like well have you considered hiring
you know bodyguards to protect you and I'm like well yeah I mean I've considered it but
I really don't think I'm at that level.
I know a number of people who are but I think that you know just putting in the time and
effort to improve my privacy should be sufficient whereas you know there are some people in
the space who are very very outspoken almost like braggart style billionaires who you know
go out of their way to get a lot of publicity about you know making very expensive purchases
and you know living flamboyant lifestyles and so I would I would expect that those people
would be more likely to get you know physically attacked than I would be but you just never
know.
Yeah I think if you're I think you could probably afford security if you're going full billionaire
mode if that's what you're referring to.
Yeah well you know the folks who like to buy yachts and basically entire tops of buildings
that they then get press releases basically saying that oh I just bought this huge amount
of real estate.
This is a very different way of going about things and actually if you're familiar with
I think it was Forbes where they had a like top 10 or top something crypto wealthy list
that came out last year.
Oh really.
The people who are on that they had to agree to have their name listed on there because
I know several people who said no like do not put my name on that list but the people
who are on there were contacted and gave permission and in some cases like gave headshots and
bios and all kinds of other stuff and I think I had a kind of pithy tweet about that where
I was like you know some people see this as like a list of very successful people and
I was like well I just see a list of targets you know they just made themselves targets
it's kind of weird and antithetical to what I've been doing.
Okay well let's kind of transition from that into your other projects real quick before
we wrap up but you've got a ton of resources at lop.net and I know like when I first got
into Bitcoin Ansel Lenders from Bitcoin and Market his resources was what I kind of went
through and I know that he said that his were based on yours and then I went back to yours
and read through it so if anybody hasn't been there they should check your resources out
and personally thank you for that list because it's good stuff to go through.
Yeah that's probably what most people who come up to me are thanking me for and it was
really a very self-serving thing it was you know I was getting tired of having to go back
and find resources to answer these really common questions that I got from people and
so over time I eventually just started compiling the links that I was handing out the most
often to the most common questions and that turned into a different web page and then
I redesigned my whole website to make it look nicer and as of today it's pretty active and
actually gets contributions on a regular basis.
I'm probably updating it at least like once or twice a week either with stuff that I have
found or with other material that has been contributed by people.
Cool and then you also have Statoshi which you kind of mentioned earlier and that's like
statistics on the network itself correct?
Yeah so it's basically a Bitcoin Core node that I have added about 500 lines of instrumentation
code to so it's just emitting a lot of metrics whenever any sort of interesting event happens
and then those metrics are all getting aggregated by other software and then I've got this nice
eye candy dashboard called Grafana that is taking those databases of metrics and spinning
out very pretty graphs that basically show you like what has been going on.
Some of it you know is like network wide metrics and then some of it is very specific to my
node itself but should be generally applicable to most other full nodes on the network and
that's really like I said that was my first project where I felt like one of the great
aspects of Bitcoin was just how open and transparent it was however I felt like what the internal
operations of what the nodes themselves were doing was very opaque and so my whole goal
was to add a new level of transparency to running a Bitcoin node and I was approaching
it from this DevOps perspective of like what I had been doing at my day job and I just
wanted to make it easier for the Bitcoin developers themselves to make educated decisions about
things that might need to be changed to make the nodes even better and I think that I succeeded
there.
There were a number of developers who have included graphs from Satoshi over the years
to make arguments about different changes to Bitcoin.
Oh nice.
It's always nice to see your work be used by other people.
Yeah so it seems like both of those kind of came out of this scratch your own itch kind
of mentality.
Yeah and then also I have this Bitcoin Core config generator which was also fairly self
serving because I run a lot of nodes and also I get a lot of questions about you know how
should I configure my node if I want to do X Y or Z and last I checked there's something
like 150 or maybe even 170 configuration options in Bitcoin Core which is of course an insanely
high amount to have to dig through all the documentation for and so I actually I ripped
that off of a parity project so the parity node implementation for Ethereum they had
created this very nice WYSIWYG graphical config generator and I basically forked that and
changed it and tweaked all of the options and you know added in all of the Bitcoin config
stuff and seems to be working pretty well.
Awesome.
I'm gonna have to check that out.
I didn't realize that.
I assume you took out the part where you can send contracts into the void.
Oh yeah it's I mean it took me a few days to basically rip out all of the Ethereum specific
stuff but you know the general gist of it was the same of you know you're gonna have
a form and it's gonna spit out a bunch of text that is your config file so all I had
to do is like change the actual options and values and descriptions and then the final
like format of the file itself.
Very cool like I said I'm gonna have to check that out and I didn't realize you had that
so yeah it is kind of a pain to when you want to change something on your configuration
if you're not a you know a day-to-day coder which I'm not to go in okay what is this option
okay what are the argument or you know what's the what's the string that I've got to put
in here and then reboot everything so yeah that's that's nice I'm gonna I'm gonna go
do that for myself here okay well where can people keep up with you I pretty much live
on Twitter though you know these days a lot of us are also testing out Mastodon but I'm
on Twitter my handle is just lop l-o-p-p and I'm also on the mastodon dot social instance
with the same handle however the whoever got my handle on the Bitcoin hackers instance
is not me so I don't know if they're planning on doing some scamming there or if they're
just squatting on it and hoping that I'll have to buy it from them oh good to know good
to also put out there for everyone to know that that's not him so okay so and I'll put
links to both of those as well as your all your stuff on github and lop.net and Satoshi
and all that on the show notes bottom shelf bitcoin.com slash 27 is where the show notes
will be everybody and Jameson anything anything else you wanted to go over or put out there
for anybody before we say goodbye um well I usually just close by saying you know I'm
not an expert and I don't think that anybody is an expert at this we're all just kind of
stumbling along head first into this crazy new world that we're trying to build and you
know I'm just trying to help other people understand as much as I have been able to
ingest but a lot of other people out there understand things in this ecosystem that I
don't and you know we're all just building off of each other's work and trying to collaborate
and that's what it's really all about is trying to come to a consensus about like the best
way to reshape the financial world awesome well said all right it was a pleasure having
you on I really appreciate it no problem anytime all right that's going to do it for this show
remember all the show notes will be at bottom shelf bitcoin.com slash 27 you guys go check
out all that stuff from Jameson Lopp and I totally forgot my brain was fried during this
interview not because of anything I intentionally did to my body I just was sleep deprived at
that point so big thanks to Jameson Lopp for putting up with me during that process so
anyways but I totally forgot to ask him about the casa does certified sales of both ledger
and trezor hardware wallets so you guys check out their store there as well as well as their
multi sig security setup thing anyways you listen to the episode he explained it better
than I did so go check out their stuff go check out his physical bitcoin attacks project
as well as his quick bitcoin configuration generator and all the other stuff like I said
listed in the show notes and you guys know you can support the show here at patreon.com
slash bottom shelf bitcoin or you can buy Tuttle Twins books bottom shelf bitcoin.com
slash kids book or I've got bitcoin donation at bottom shelf bitcoin.com slash donate you
can check out all those links and share the show give us a good review check me out on
social media twitter instagram and the bitcoin hackers instance of mastodon bottom at bottom
shelf btc alright for bottom shelf bitcoin I'm Josh Humphrey thanks for listening.
I'm still recovering friday night we had a youth event at our church and literally
stayed up all night so it well get some rest yeah I need to.