@LukeDashjr@KarmaCpu Which is why I specifically mentioned onion domains and IP addresses.
A LNURL just encodes a URL, so it can point to an IP address or onion domain. IP address assignment is centralized as well, but Tor isn't (AFAIK, I have no idea how it works exactly tbh).
If you find a security flaw, please follow the following steps in order:
1) Give details to upstream developers to develop or merge a fix
2) Notify downstream developers/distributors of the risk and how to patch it (not the details) so they can ship it ASAP
3) Give people at least a week to upgrade on their own
4) Notify the public that a vulnerability in the old version exists (no details)
5) After you can reasonably hope everyone has updated (months or years later), publish details and/or proof-of-concept
There may be circumstances (eg, active exploitation in the wild) that justify deviation from this, but generally, this is a good approach.
However, starting with #5 is black-hat behaviour.
@_pi0_ > Imagine how much longer it takes to discover smuggled backdoors in binary blobs
Go, Rust and Zig ship libraries as source code. You can put binary blobs or obfuscated code on NPM too.
> JavaScript runtimes like V8
JS runtimes are hard to audit binary blobs.
More useless AI slop code that makes misleading claims about security:
- Not all dependencies are SHA256-pinned
- Dockerfile "removes network-capable Python code" for no reason
This just hurts actual security projects. If you don't understand security, stop making slop.
Most Tor Docker images are running outdated Tor, no guard protection, and leave telemetry on by default.
HiddenForge v2.0.0 (my creation):
Tor 0.4.9.6 + Vanguards,
every dependency SHA256-pinned,
zero telemetry,
read-only filesystem,
rootless Podman support.
Built for a
This is a dangerous idea.
Someone else's TEE = Not your keys = Not your coins
A TEE makes it harder to access the keys, but a TEE can be compromised.
Here are two papers with examples of previous issues:
i.blackhat.com/briefings/asia…misc0110.net/files/sgxrop.p…
This wallet is super interesting.
I don't know why they don't mention it but last time I looked it was running a Lightning node for you IN THE CLOUD in a TEE (a server they don't have access to).
This is a major technical feat IMO.
The Apple App Store rules are borderline illegal.
This isn’t about security. It's not about malware. It's not about user experience.
It’s about control.
- Use Google login? You must add Apple login
- Sell digital products? You must use Apple payments
- Apple takes 30% of your revenue (this is frankly insane)
- You can’t tell users about cheaper prices outside the app
- You can’t use a different payment system like Bitcoin
- Apple can reject your app with vague reasons (or bend over due to political pressure)
- You can’t install apps outside their store (most regions)
They own the platform. They compete with you on it. And you still have to pay them.
Is this a monopoly or a mafia gang?
- Allow configuring Tailscale settings
- Prevent installing conflicting apps (e.g. Bitcoin Core and Bitcoin Knots) at the same time
- Various other bug fixes and improvements
🧵3/3
- Redesign the Contribute page to allow you to make financial contributions to Nirvati from the dashboard
- Add an emergency repair feature that allows you to repair Nirvati if something goes wrong with an installation or update (Accessible on port 9080)
🧵2/3
Today, we're releasing Nirvati 0.9.0. We couldn't fit everything we initially planned in this release, but more is coming soon. Thank you for your patience!
Here's what's new:
- Add a new server overview that shows resource usage and connected servers
🧵 1/3
@coinjoined@BTCsessions But most attacks like these work by the user getting the malicious script from somewhere and executing it immediately...
So having a second stage payload stored somewhere isn't really a benefit, because you can easily update the page that is tricking the users into executing it.
@coinjoined@BTCsessions because
a) It's already very easy to set up an anonymous server (and pay for it with Bitcoin) quickly
b) Antivirus software can still recognise this as an attack
The biggest benefit of it would be to have an "unremovable" malware payload stored permanently.
354 Followers 7K FollowingTwitter/X is eating the world, it even ate Elon😂
fucking leggo my eggo
Caucasoids don't exist
Follow/RT/Like is not always endorsement
222 Followers 3K FollowingSpace stocks are the next MAG7.
25 years in the market. Ex-hedge fund, catacombs. Previous family office. Now nature-o-path. Call me Dr.
97 Followers 964 FollowingLending an ear to folks having trouble hearing the call of #Bitcoin | Mane Humilis, Sats Strues | npub1g5ppy5p3vyfdxmd7tuqds9p59fh6nwm0c86mxtf4y5ldd2pajsjsrywgy
127K Followers 0 FollowingOpen source privacy and security focused mobile OS with Android app compatibility.
Forum, Discord and Matrix: https://t.co/C0RaJbZosj
104K Followers 271 FollowingRoman #Catholic, husband, father of 11 children, #Bitcoin Core developer, and CTO @OCEAN_mining; INTP;
I condemn fake "Catholics", cryptobros & pedos; see link
7K Followers 297 Following⚡ Dev Advocate @lightning
🟠 Co-Organizer @SanJuanBitdevs
💼 Founder @VelasCommerce
Thoughts on building things with Bitcoin + econ & philosophy
169 Followers 415 Following“Anonymous transactions are the digital equivalent of freedom of speech.”
Timothy C. May “The Crypto Anarchist Manifesto” 1992
39K Followers 3K FollowingPrivately build a secure bitcoin signing device for less than most HWWs (all software/designs are FOSS). GPG: 4673 9B74 B56A D88F 14B0 882E C7EF 7090 0726 0119
6K Followers 5K FollowingEarthly makes builds super simple.
Fast, repeatable builds with an instantly familiar syntax – like Dockerfile and Makefile had a baby.
4K Followers 594 FollowingI demystify the social graph so you can learn and use this powerful tool more effectively
npub176p7sup477k5738qhxx0hk2n0cty2k5je5uvalzvkvwmw4tltmeqw7vgup
5K Followers 294 FollowingThe Bitcoin app store for @getnirvati.
Previously also a self-hosting OS, but being merged with @getnirvati.
⚡ [email protected]