 How can you change the meaning of an opcode without breaking the consensus? How can you change the meaning of an opcode without breaking the consensus? You can do it but only in one direction. You can only tighten the meaning of an opcode. You can take something that was valid and make it valid in fewer cases, but you can't make it valid in more. If you make it valid in fewer cases, new nodes will evaluate that and be more strict in their evaluations. All nodes will accept it because it is still valid by the old rules. That is called a soft fork. So, check sequence verify was actually replacing op, not 7, I want to say, or 3. I can't remember. One of the knobs. What does not do? Nothing. That is why it is called not. It is a no op. If you take something that was a not, and now you give it special meaning, every other old system is going to read this, and it is going to go a number, a not, a drop. Okay, we are so far so good, and we will keep going. It won't enforce the meaning of lock times, but it will still evaluate the script validly. That is a soft fork, so old nodes don't see the additional meaning. You can tighten consensus rules by redefining something more specifically. You cannot broaden consensus rules and make previously invalid things now valid because then the old nodes will reject it and fork themselves off the block chain. That would be a hard fork. Now, in the case of redefining the non-dummy value, the bug, check multisig, old nodes, any value will do including zero. New nodes, only zero, and therefore there is never going to be a conflict between them. If you put in one, all the new nodes are going to reject it. They are going to enforce that consensus rule against you. All the nodes are going to go whatever and look solid. That is a soft fork. All of these things have been soft forks. It appears now that we can do anything with a soft fork. Someone has even suggested doing a change in the 21 million coins with a soft fork. Soft forks for the win! Questions? This is it. I am not doing any more. We are just going straight into Q&A. The drop is a drop more than one. Sorry, the drop is a drop more than one. You can do two drops. Two drops is another opcode that takes two off. It is a double drop. I don't know if there is a three drop. I haven't looked it up. Probably. Maybe. I don't know. This stuff reminds me of coding in assembly. Yes, it is very similar to coding in assembly. Is there any movement towards making a compiler? No. You can't make a compiler into a higher-level language for the simple reason. This is not true and complete. It is missing one fundamental construct, which is there is no loop construct. There is no recursion construct either. Without a loop or recursion construct, you have a language that is not true and complete. It cannot express all possible programs. If you take a higher-level abstraction language, that means that many of the programs you can write in that simply do not have an equivalent to this. With Turing-complete this, any symbolic language that is valid and consistent can be translated into any other symbolic language that is valid and consistent. That is the meaning of the Turing theory. Universal computing engine. This is not Turing-complete. You can't create a compiler. It is probably a good thing. The compiler would hide details that would end up causing you bigger problems when you compile it down to this. You'd have unanticipated consequences. Can you guys wait for the mic? Oh, yeah, we're not picking. Yes, thank you. Thank you, Denise. Let's do formal Q&A now. You have to speak into a mic. I hope I repeated some of the questions. If I didn't, sorry on the video. It was really good, too. I just wanted to make another esoteric point. Yes, please. Because I wrote an interpretive problem. Yes. They're not op-codes. They're not op-codes. They are syntactic sugar that has no function in the language other than to delineate. They like the curly brackets and see. They don't actually do anything. They just give you the boundaries. They're scope identifiers. They define the scope of a function for syntactic purposes. Very good point. Yes, thank you. With the activation of Segwit, it's clearly shown that Bitcoin is a lot more than money. Could you talk about that? Your opinion? Specifically how entrepreneurs are dealing with the outside factors? Segwit isn't activated. We'll see. As you may have noticed, there's a bit of drama in Bitcoin. Bit of drama. Segwit itself doesn't really change the nature of Bitcoin being able to do a lot more than money. There are other technologies that have redefined it as more than money far long before Segwit. Probably the two most influential were the original implementation of colored coins, which allowed you to give original attributes or coloring to a specific value to mean this Satoshi is a share of IBM. This Satoshi is a share of Microsoft and trainable as such. It's like putting a stamp on a dollar bill and giving it a different meaning. Not in exclusion to its original meaning. It's still a Satoshi that's spendable. You'd just be an idiot spending it as a Satoshi when it's worth so much more through its coloring. Colored coins came out in 2013, I want to say, or 2012. Before that, though, there was the real PBC specification which I think was even earlier than that. The second one is all of the second layers that are enabled either without return or through hacks like Mastercoin, now named Omni, counterparty, and all of the other things that can trade assets and give other meanings. Bitcoin is a transactional state engine that among other things also transmits value. It's a non-turing-complete transactional state engine as compared to, say, Ethereum, which is a fully-turing-complete but it is a transactional state engine. You can do a lot with an abstract state machine. Yes. Microphone back there, please. What is the best way you've found to write scripts and test them, test their redemption conditions? Like, do you just submit them to Testnet? Yes, you run them on Testnet because unanticipated things will happen and then you'll lose money. One of the things you need to be aware of is all of the things we talked about today. All of them go inside a paid-to-script hash script. That means they acquire a three address an address that starts with three, just like multi-sig. They're part of a paid-to-script hash which means that the network doesn't see this whole redemption script until you try to redeem it. All you tell it is, here's the fingerprint of what I'm going to use later to match that fingerprint, but you don't say what it is. The beauty of that is you can give it a fingerprint to a completely shit script, and the network will go, fine, I'll lock up your coins with that, and then you go back to redeem it. You say, here's my fancy redeem script, and it goes, it's invalid. Your coins are lost forever. I had that problem. One of the things you have to be aware of when you're doing P2SH is not validating the redeem script. I don't think there's any better way to test that. I was wondering if there's any better way to test that. Well, there are five or six interpreters. So, Bitcoin script interpreters. Where's yours hosted? Not hosted? There's four or five that are hosted. What is called WebBTC? It demonstrates the entire function of the stack. You can see things that get popped off step by step. What does the stack look like? What does the script line look like? Similar notation to the one I used. And that will do it for you. However, it's a simulation. And so, a lot of the script interpreters are not faithful to the actual core consensus rules. Which means that if there's a bug, like the check multisig bug that needs, you'll read in the fine print at the bottom that it says, I don't actually do the extra pop of an extra value per check multisig. Which is great for troubleshooting your scripts, only they won't work on Bitcoin. Because Bitcoin's consensus rules include all of the bugs. And so, if you don't faithfully replicate the bugs in your script, it won't work. So, the interpreter can allow you to experiment for a bit and develop some familiarity. It's more of a learning tool. You can test your scripts other than test that. Test that is the full consensus rules. That's the only way you can test that. Thank you. Welcome. Do you have examples of the different paths through this in the book that are making use of the stack notation you were using earlier? I don't have the full stack, but for each one of these paths, I show what the unlocking scripts are and walk through the various things about and explaining so why is that dropped there? So, it does a full analysis of this over about three or four pages that says, okay, so how do you do this one? How do you redeem that one? And also, why is it dropped there? What does the two do? How does it work out? It's a similar demonstration to what I did today. Although, you can't ask the Q&A. So, good thing you came today. Thank you. Andress, quick question. So, regarding cryptocurrencies, we seem to call everything cryptocurrencies and clearly it seems, Bitcoin obviously is more than just a currency. What are your views in the space where there's things like Ethereum, there's Eternity, there's a lot of these platforms which are seemingly trying to build these kind of capabilities. Do you view that Bitcoin in the next four or five years with the development that we can see the kind of creativity that can come from these languages? Is Bitcoin still definitely going to be competitive regarding that space? Yeah, so that's the, that's the $20 million question to be specific. I think having worked in programming languages for a long while and having seen what a creative person can do with very, very little. I'll give you an example. And this is completely irrelevant to cryptocurrencies, but it's a funny story. My first computer was a ZX81 Sinclair computer in 1982. If I remember correctly, it was either that one or the next one, the CX Spectrum. I can't remember which one I did this on. It only had 16 colors. I think the first one only had 8. 16 colors, not 16-bit color. 16 total. Right? So it had the color perception of a four-year-old. Right? How many colors are there? Well, there's red and green and no pink. No pink for you. Which is really funny because you think they put pink or at least something skin tonish. I don't want to sound like, you know, a white privilege. Of course it's pink, but something skin tonish. A mocha to be more inclusive. Something. No. So how do you do video graphics for your games if your characters can only be bright red, bright blue, bright green, white, black? Right? Kind of difficult. We ended up with a lot of video characters who had yellow skin, hence Homer Simpson. Anyway, a very long story short, I was dissatisfied with the state of affairs. I was offended. So I made it do pink. And the way I made it do pink was I hacked the video codec and I invented interlacing. I was 11. I didn't know what interlacing was. I didn't know it had already been invented. But I figured if I spent half the time of the video refresh on the TV showing red and then during the time I'm drawing the other half of the lines I show white and we do it really fast with 30 frames per second what's going to happen? Pink happened. I did that in assembly, because that's the only way to do it 30 frames per second at 11. I did pink. Now the designers of that system had not anticipated pink. And I did it for a very, very trivial reason. This was not a multi-million dollar project. This stuff is money. How much creativity can you get with adult experienced programmers who actually know what the hell they're doing motivated by really exciting applications and perhaps funded? Do not underestimate the creativity of the human mind of what it can create. That work is the perfect example. No one saw that coming, right? And it's ingenious in its simplicity, but also in its depth. It's got a lot of layers to it once you start unwrapping, you find more and more. Now, there are an entire category of problems that Bitcoin cannot do because it's churning incomplete. In fact, based on the churning theorem, there are an infinite number of problems that they cannot do. And there are a finite number of problems that it can do. But there's a very big number in the word finite. And sometimes when that number is big enough, you can't tell the difference. So, here's the interesting thing. We're trying to do scripts. What are scripts? Well, fancy people with VC money call them smart contracts. As you can see, they're not that smart, in fact, they're just scripts, but this is a smart contract for a governance program for a three-person partnership with a recovery plan and a grandfathering plan and key rotation, and all kinds of other features pretty sophisticated. It's a smart contract. It'd be easier to write in solidity, but you can't write it in script. And the interesting thing is what is the class of problems with the full-blown Ethereum stack? And I would say the answer is probably 80% of the most interesting financial instruments that correspond to trillions of dollars in value transacted every day. So, that makes Bitcoin relevant for the long term. And the fundamental reason is because this does it at a much higher level of security than Ethereum, in my opinion. Because it's limited. So, fewer things can go wrong with this service. That doesn't mean that Ethereum is useful. I'm a big fan of just different problem classes. Yes. John? Thanks, Andreas. Nice to see you again. Yeah, likewise. For everything else, there's rootstock, right? For everything else, there's rootstock. Let's see. My question was, you mentioned that softworks can only make the rules narrower, and then you also said softworks can do anything. You seem like contradictory statements. Can you explain how that is? Remember that part where I was talking about human ingenuity and surprising outcomes and never bet against the possibility of fitting a very large number in the word finite? Yeah. I'm still shocked at how Segwit was done. I just saw a new proposal for something else today that's a soft fork that was even more shocking than what you can do. I've seen proposals for doing softworks that do quite incredible things that I didn't think were possible. I wouldn't put it past that expanding the consensus rules in a soft fork manner. I don't know. We'll see. Maybe it's a contradiction. Maybe it's not. Is this just because they're able to repurpose the existing op-codes that are in the base blocks and then add some of this data outside that, you know, nodes will be able to interpret it? Possibly. I mean, that's what Segwit does. And the way Segwit works is rather ingenious. It creates a structure that simply pushes two numbers on the stack. And what you're left with is a stack with two numbers on it. And what does that stack evaluate to? For every node that's not looking at a script, it doesn't have enough people, it doesn't have a verify, it doesn't have anything. What's the default thing that happens that you don't need to say at the end of the stack because the stack does it for you? Verify. It doesn't verify for you effectively, right? So at the end of the script execution you get to a state where it just takes what's on the stack and says is this a true value if it is, we're good. If it's not, halt. Well, the definition of true in Bitcoin is any number that's not zero. So you push two numbers onto the stack and then you terminate. That's a script that anyone can spend. The concept anyone can spend that's defined in SegWit isn't really a concept. It's just how about we just push two numbers on the stack. Everybody who is implementing SegWit will know what those two numbers mean. They're a witness script and a version. And we'll interpret them as a witness script as a version. Anybody else will look at them and go, ah, that kind of looks like a true. We're done here. And that's how you do a software. That's pretty ingenious. I was surprised when I first saw it. I never thought of just pushing numbers on the stack and don't put any off scripts in there and leave the interpretation of that to the nodes that come after. Um, microphone over there. Thank you. I think I just came up with a possibly correct way of explaining how creating restrictions can lead to less restrictions, like to John's question. Maybe you can let me know if I'm making sense or not. So we have an existing consensus in this room that 2 plus 2 is equal to 4. But a group of us can look at that statement 2 plus 2 is equal to 4 and say no 2 plus 2 is equal to 5. And by saying that's a little bit confusing because the symbols 2 and 2 are the same thing. So let's say 2 and 3 is equal to 5. We can make another group that says 2 and 3 is equal to 6. And the more of us that decide that 2 and 3 is equal to 6 we're kind of like organically growing our little consensus group. And eventually if we get big enough we've kind of like redefined what 3 means. But the people who used to look at that same sequence of symbols and say 2 plus 3 is equal to 5 they can still they can still compute. They can still say yes. When we add 2 plus 3 is equal to 5 we get 5. We can look at that and we can say well we've redefined what 3 and what 5 mean. So we get 2 plus 3 equals to 5 means 6 or something. You can do all kinds of hacks like that. So there's an interesting place there in terms of what exactly does consensus mean. Does it simply mean the more nodes that accept it. In Galileo's time consensus briefly was that the Earth is at the center of the universe. And most modern history teaches us that that's what people believed at the time. No they didn't. The ancient Greeks a thousand years before was like duh the sun's in the middle and like yes and also the distance between us and the sun is so much and we got it down to 0.3% accuracy by putting two sticks in the ground and measuring their bloody shadows. A thousand years before Galileo. Greeks didn't think the Earth was in the center of the universe. That came later. That was a hard fork from reality's consensus. Short lived. We can verse on the truth word. For short periods of time you can have weird effects where a whole group of people are persuaded of something that is simply not true or that is their truth and they can have their truth. Part of the difficulty we have here you'll notice this when we're talking about some of the bugs that are in bitcoin is that when you redefine things so that previously X meant this but now it actually means you're going to see two more values which define another hundred and fifty op codes so from now on don't just interpret this but interpret the drop after and the number after that as not drop and then take the number and that's a whole new set of op codes that means something else. You basically jammed another language in the space of one op code you could jam an entire language. That's how Unicode works. That's called keying. You take one element of the language and you say all of the other numbers mean what you think except for this one that means look at the next number that comes and it gives you another 256 possibilities bingo we just upgraded everything. You do that, you keep doing it what you're adding is layers of interpretation that overload the meaning of the language and that creates what is affectionately known in programming as crud and if you allow too much crud to accumulate you start having side effects because these things start conflicting with each other and you have old nodes and new nodes and they interpret the crud differently and you create layers you keep doing that for 20 years you're like we still want to be backwards compatible with those guys who are running that little thing back there and you end up with windows windows it's like we are still you can run Lotus 1 2 3 from 1987 fantastic yes but I can't run anything anymore because in order to do that you've layered so much crud in the operating system that doing the simplest thing involves wading through the crud of four decades of crud laying and as a result everything is slow inconsistent buggy full of errors and vulnerabilities and every now and then you just go how about we're not able to run that old stuff anymore the problem with the consensus layer is you could never do that you could never do how about we make sure that Satoshi can't spend our coins anymore I mean they've been sitting there for so long quiet let's disenfranchise them out of 100 million or billion whatever it is now of their coins they have some weird rules back then how about we just wipe the slate clean and say those are no longer consensus the side effect will be that anybody who had coins in the first 4,000 blocks can't spend them anymore unacceptable in bitcoin that is the difference between hardware software and trustware we're not quoting trustware trustware says you have to carry these consensus rules forever and you have to make sure that the coins that were redeemable then are still redeemable now that the blocks that were valid then can still be validated by a node now which means that you keep laying on the crud so you're going to have a natural accumulation of crud just to make simple advancements and take that natural accommodation of crud and to avoid a political debate you add a whole layer of it voluntarily well now you're just making problems for the future this is the problem with developing trustware bugs become consensus code fixes the bugs sometimes introduce more crud than the bug itself so we don't fix them we just carry them forward the cure is worse than the disease and the commentary introductions of crud into the code will be a burden that we carry forever because once you put it in and someone writes one UTXO that's redeemable by that crud code that crud code has to be carried forever so that that UTXO can be redeemed in the future and this is the problem with trustware now there is another approach and that is the approach that Ethereum is exploring don't work hard for well then there was that other hard fork and there's a problem in the client now because we have 19 gigs of hard fork and that's a different strategy very effective I wouldn't bury UTXO in there for two years I'd be worried that it wouldn't be redeemable so there's different strategies to this we're going to see things that move really fast things that move really slow you have to consider the future cost right should we take more questions or we're done I think we're done for now we have about 15 minutes to mingle but thank you Andreas for your awesome talk