It's Knot a Serious Project

The spam / filters / Knots debate has been simmering for a decade, heated up a few years ago when ordinals became a thing, and has been blazing over OP_RETURN policy changes for the past 6 months. I grow weary of repeating myself as to why this is not a particularly new concern, and the most interesting aspect (to me) is that Luke Dashjr has managed to convince a non-trivial number of people to join the cause that he's been championing for over a decade.

This post is NOT about the spam / filters debate, as those issues have been covered exhaustively by numerous people this year. Rather, this is about Luke Dashjr. Luke is quite a character, to say the least.

It is, indeed, a long backstory. And I think that anyone who is considering running Knots should be aware of the lead maintainer's history and reputation. Because, unlike Bitcoin Core, Knots only has a single maintainer.

The following essay is my attempt to comprehensively catalog the long list of concerning actions and statements by Luke Dashjr over the years that have resulted in him becoming far less welcome in the Bitcoin Core organization. I will also pose to you that the characteristics of a person who makes such actions and statements are not what we should desire to be embodied by the leader of an open source project.

Luke's Security Practices

Luke has had several security failures over the years and to this day fails to implement basic security practices, which leaves many of his peers bewildered.

In late 2022 Luke's server was compromised. No big deal, that could happen to anyone, right?

Well, I start to raise my eyebrows when I see that binaries for Bitcoin Knots are still hosted on a server that is KNOWN to have been compromised, yet 3 YEARS later and Luke still has not rebuilt the server to ensure it's clean. This is not ignorance, it's neglectfully lazy.

Luke's own web site admits that he keeps personal files on what appears to be that same, known compromised, public web server. That's a double whammy. It should be obvious why you should not put private files onto a publicly accessible machine, much less on a machine that has been compromised. Who in their right mind slaps these notices onto their web site instead of actually fixing the underlying issue?

In January 2023 Luke lost 200+ BTC due to poor security practices. From what we can tell (we have yet to hear a detailed postmortem), he wasn't even using a hardware key manager device to keep the keys permanently offline. My rough understanding is he was keeping his bitcoin wallet file in a PGP encrypted container that was on an internet connected machine, and somehow his PGP private key along with his machine were compromised, resulting in catastrophic loss.

This is quite unfortunate, because there also exist ways to keep your PGP key offline, such as by storing it inside of a Yubikey. To this day, Luke maintains that his keys were in "cold storage" which I doubt is accurate by anyone's definition other than Luke's.

If that was not enough, Luke sent the FBI after his fellow Bitcoin Core contributors, claiming that one of them must have accessed his laptop while at an event. From what I've been told by other people who attended Core Dev meetups, Luke would often leave his laptop unattended while at events like this, which would have provided an opportunity for a malicious person to put malware on it. At time of writing, 18 months have passed and yet no one from that group has been charged with committing the crime.

Atlanta 2022 CoreDev Event Probed by the FBI

FBI was looking for more information about Bitcoin developers who attended CoreDev Atlanta event back in October 2022 as a part of investigation into the theft of more than 200 BTC from Bitcoin developer Luke Dashjr.

No Bullshit BitcoinEZ

It's my personal opinion that Luke's catastrophic loss was a turning point, after which he became much more vitriolic toward Bitcoin Core and now makes outrageous claims that it's compromised and trying to destroy Bitcoin. I can only imagine what being financially wiped out from such a significant sum could do to someone.

Beyond Luke's personal security practices, there are several concerns with the integrity of Knots' software development lifecycle.

Bitcoin Knots' merge process is opaque. Compare and contrast Bitcoin Core's merged pull requests vs Knots merged pull requests. Why is this problematic? If you are actually reviewing the code changes, it's incredibly simple in the Bitcoin Core repository to find the related pull request where the changes were discussed. In Knots, it's a mystery.

Bitcoin Core commits that merge pull requests are all cryptographically signed. Knots commits are not. This is another integrity check and assurance that Knots lacks. Not only is this clear from the github web site, but you can verify yourself in the Knots repository via git log --show-signature.

Another git repository concern is that Luke just pulls the code in manually from pull requests and then commits it himself, causing anyone who wants to audit it to have to manually re-examine the Luke commit compared to the pull request code that others might have reviewed. This is getting really deep in the weeds of software development lifecycle integrity assurance, but the point is that Luke must be changing the commits in some way for them to have a different hash. While that may only be a changed commit message or fixing merge conflicts, the problem is that nobody knows. It might be obvious to other engineers that Luke could have changed something, but I doubt it's clear to the average person.

Let's go deeper with a specific example. Here is Luke's commit to apply the code change from Bitcoin Core pull request #30635 which tweaks the parameters for a specific RPC function. We can see by putting the code diffs side by side that they are not the exact same. This is to be expected, because Knots code is not the exact same as Core.

But what are the security implications of this? Mainly, the integrity of what the original code author wrote (Sjors Provoost in this case) is completely lost, as is the work that the upstream Bitcoin Core reviewers put into ensuring that the code change was safe. In order for this fundamentally new code change that Luke is implementing to have similar security properties, it needs to go back through a robust peer review process. This is what we're talking about why we say that Knots is a dangerous "solo dev" project that does not have the necessary level of peer review. I cannnot overstate the ramifications of this weakness in the Knots software development lifecycle.

When you follow standard github practices, you have a strong chain of custody of the code, which helps ensure code integrity. Knots fails in this regard.

Luke's Controversial Bitcoin History

In January 2012, Gavin Andresen, the lead maintainer of Bitcoin Core at the time, called out Luke as being a "poisonous person."

Gavin linked to an excellent talk on this topic that I suggest anyone involved in open source development watch:

Another long-time contributor considers Luke to be a "net negative" for development.

In 2013 Luke stated that Erik Voorhees was a criminal who should be arrested for running SatoshiDice. I think the following exchange is important to absorb because it should help your understand Luke's authoritarian tendencies, such as his belief that disobeying the State is a sin. And the cherry on top is his conclusion that Rosa Parks was sinning by not sitting in the back of the bus.

In 2014 Luke abused his position of maintainer of the Gentoo Bitcoin Core package to enable his custom blacklist rules by default for Gentoo users and tried to dismiss concerns as trolling.

He later apologized but folks felt it was halfhearted.

In 2015 Luke generated controversy by trying to redefine the term "paper wallet."

A month later there was more wiki controversy over Luke's pet project, "Tonal Bitcoin." Note the common theme about the difficulty people find when trying to work with Luke.

By the way, if you're not familiar with Tonal Bitcoin, it's a completely different numbering system that is base sixteen and each unit has a unique sound. Knots supports the Tonal system, presumably because Luke considers it superior to the standard base ten number system used by 99.9999% of humanity.

In 2021 many developers became frustrated with Luke because they felt that he was stonewalling the merge of Taproot's BIP by bikeshedding the activation parameters.

By 2024, Bitcoin developers had become sufficiently frustrated by Luke's poor leadership as BIP editor that they proposed adding more editors.

1 year later, this was determined to have been an appropriate change as we can see rapid improvement in progress ever since Luke has stepped aside.

There is also controversy around Ocean's Datum protocol which is a competitor to Stratum V2.

There is also a dispute between Luke and Bitcoin Core regarding ownership of the Transifex translation repository because apparently he was using the same source for Knots which has slightly different needs.

You can dive into the details of this dispute here.

Knots is actually detrimental to both Lightning Network and to the Whirlpool mixing protocol.

The Whirlpool controversy seems to go back several years. When you get into Luke's personal opinions on bitcoin mixing (further down) this particular decision will make more sense.

Finally, a side note on Luke's claims about current Bitcoin Core maintainers.

Luke was actually "in the room" (IRC meeting) when Gloria becoming a maintainer was discussed and had no objections.

Luke's Bitcoin Beliefs

Luke claims Bitcoin Knots has MORE maintainers and contributors than Bitcoin Core, which is not something any sane software engineer would claim.

You don't automatically inherit those attributes in a fork. And as I explained earlier, Luke's engineering practices actually break the integrity of the code changes from their original author and original reviewers. Project contributor stats are trivial to check on github; here is Knots' contributors page on github:

Which you can compare to Bitcoin Core's contributors page...

By Luke's logic, Bitcoin doesn't work since very few Bitcoiners run nodes.

Luke thinks that using the bitcoin protocol in ways people don't like is a jailable offense.

Luke has accused me personally of threatening to rape Bitcoiners (nodes.) By his logic I am committing literal violence. I have to hand it to Luke - it is incredibly difficult to offend me. But as an ardent supporter of the Non Aggression Principle, I do find being accused of violence to be quite offensive.

More evidence of Luke's anti-cypherpunk authoritarian beliefs: "I would do whatever I can to help shutdown Silk Road because people shouldn't be enabled to do illegal trade."

Luke is anti-privacy when it comes to using bitcoin, because the State might not like it. This is relevant to my earlier point about Knots breaking the Whirlpool mixing protocol. He doesn't care because he thinks mixing is wrong and people shouldn't do it.

Luke Logic

Luke has a tendency to not be in consensus with people on a variety of topics even outside of Bitcoin.

For example, he often talks about being a Roman Catholic... but he's not in consensus with what basically everybody considers to be Catholicism. Luke is a part of a tiny fork of Catholicism called Sedevacantism. To put it in perspective, there are 1.4 billion Roman Catholics globally and about 30,000 Sedevacantists. The Sedevacantist fork of Catholicism amounts to less that 0.01% of Catholics.

What's my point here? It's that Luke clearly has no issue operating well outside of any given group's consensus. I'd say this is highly relevant to how Luke should be expected to act when it comes to Bitcoin consensus issues.

While many OG Bitcoiners are libertarians and anarchists, Luke is actually a monarchist. Yes, you read that right.

From his (old) Wikipedia profile we can see that he has some interesting political views.

All laws are just, nobody has the right to free speech or to use bitcoin.

Luke appears to be a geocentrist. "By the way, the Sun really orbits the Earth, not vice-versa."

Apparently slavery is moral if your religious doctrine and State condone it.

Men have the right to drag their wife around without interference from the State.

If the intent is to simply prevent conception, even abstinence can be sinful within marriage.

Masturbation, or any sexual pleasure not ordered toward procreation, is always a grave sin.

Freedom of religion is bad.

As a general principle, it is moral for the State to execute criminals with due process, including heretics.

Similarly, it is sometimes acceptable to murder people based upon their speech.

The Church is the sole authority for teaching morality.

"Protestantism is heresy."

JUST TO BE CLEAR: by Luke's logic, there are over 600 million people who could morally be executed by the State because they are espousing heretical beliefs.

In Conclusion

You can see for yourself that Luke tends to hold fringe opinions about many things, which is obvious if you just browse his Reddit comments, X replies, or Bitcointalk posts. Feel free to do your own research and make your own determination without my bias.

Is bringing up Luke's security failures and eccentricities an ad hominem? I wish to be clear that while I disagree with Luke on a great many things, I support his right to say and do them. Unless he tries to put me in jail for raping his node, of course. I'd suggest we not cross that particular Rubicon.

But if we're looking at Luke through the lens of evaluating him for a leadership role in an open source project of immense global importance, as the sole maintainer of Knots I think it's quite relevant to consider his history and personal characteristics.

"Decentralised security software requires a strict attention to detail when it comes to security. The maintainer of this piece of software works alone, and is bad at security. Here is an example of that. Therefore, we can reasonably conclude he will be unable to ensure the requisite level of security for this software in the future.”

-- Riccardo Spagni, former Monero maintainer

By no means am I claiming that Luke hasn't made significant contributions to Bitcoin over the years. Luke clearly does have technical skills that can be used to make positive contributions to projects. Rather, I ask you consider what you really want from a Bitcoin client lead maintainer.

Also, think back to what has happened for the past 6 months. Where has a large portion of the social and technical community's time and attention been spent? I tend to agree that Luke & Co have been rather poisonous as of late. One of the very first slides from the "protecting open source projects from poisonous people" presentation:

It seems other level-headed folks are coming to a similar conclusion that a lot of this year's drama is unjustified.

There are some people who claim to be raising funds to pay for more developers to contribute to Knots. Best of luck in your endeavors, but I suspect that Luke's personality is not well fitted to play a leadership role that requires getting along with people with whom you may disagree. Consider this epic statement that is pretty well known in the open source developer community:

"We reject: kings, presidents, and voting. We believe in: rough consensus and running code."

-- David Clark, 1992

This phrase is seminal to the best practices for how to manage an open global technical project to which anyone can contribute. I recommend reading this essay if you'd like a deeper dive into that topic. Does Luke truly embody those characteristics?

• Luke does not support freedom of speech
• He does not support strong privacy
• He does not seem to follow security best practices.
• He admires authority.
• He does not appear to be well suited to reaching rough consensus with groups of people.
• He is, in many ways, anti-freedom.

Is that who you want leading development of freedom money?