Jon Atack boosted

"If you’re concerned about privacy and want one of the most well-protected browsers available — and don’t mind that it may prevent you from using certain websites — then you should try the Tor Browser."

starting the day with sport 🧘‍♂️🏋️‍♂️and slow-cooked veggies 🌶🥒🍅

psa: the bird site is currently restricting the @bitcoinmerges account

Today’s PR review meeting is on PR 18238 “Retry notfounds with more urgency” (p2p) by ajtowns.

Join host Amiti and everyone to discuss Bitcoin Core p2p today -- starting in 3 hours.

@kekcoin @stevenroose @waxwing @TallTim @sjors

i ordered a full face model (Mira CM6M) with 2 filters and hydration bottle so you can hydrate without removing it

Jon Atack boosted

Next week, we're going to look at another PR to improve node-wallet separation. Russ will show us his PR #17954: Remove calls to Chain::Lock methods.

See you all there.

Jon Atack boosted

TIL there's a draft RFC for oblivious-PRF based blind signing scheme (so distinct from both old RSA type, and also Chaumian or Brands type using Schnorr ).

Some background on what this is and why it's interesting; first, see: "privacypass":

... an extension you can use to bypass captchas by using blinded tokens. I'm not sure of current real world status, especially w.r.t using Tor browser, which is where it's be *really* useful!


Jon Atack boosted


Bitcoin Optech newsletter #84 is here:

- seeks help testing a Bitcoin Core release candidate
- summarizes some discussion about the BIP119 OP_CHECKTEMPLATEVERIFY proposal
- includes regular section about notable code and documentation changes

wondering if travel to the US next month for the mit bitcoin expo, bitcoin2020, and so on is worth the risk... anyone else going or wondering about this?

the bitcoin core review club went from 375 to 475 twitters followers from one tweet announcing upcoming taproot review sessions -- that word is magic :)

wonder if more people will participate

Jon Atack boosted

The thread on dual funding workflow for LN is interesting, h/t @harding

I am seeing similar to discussions as we had before about P2EP/Payjoin - how to create backout facility in case of maliciousness, how to avoid probing. PoDLE is one idea, but there are others as per discussion. h/t @ZmnSCPxj also.

Additional notes and questions for tomorrow's review club session are now up at

Show thread

Wednesday's Bitcoin Core PR Review Club meeting is on #18044: Use wtxid for transaction relay (mempool, p2p) by Suhas Daftuar. Come discuss wtxids, tx relay/delay, AlreadyHave(), rolling bloom filters, mempool, orphans/rejects/confirmed txns, mapRelay and more:

Jon Atack boosted

It may have passed people by but I think gmax found something very dangerous here:

Let me condense it so it's more concrete:

(1) your hardware or software has a simple Schnorr style signing algo: take privkey x, message m, output a signature (R, s)

(2) Your nonce k in s = k + ex is generated deterministically (RFC6979, EdDSA). Think of it as k = f(x, m).

(3) Your e-value is a hash with pubkey prefix: e = H(P|R|m), P is pubkey P=xG.


Jon Atack boosted

Merged PR from naumenkogs: p2p: supplying and using asmap to improve IP bucketing in addrman

11:13 <gmaxwell> I give up, it's too hard to find examples of _this_ vulnerablity because I keep finding other ones that I need to report.

Show thread

11:11 <gmaxwell> I've sent emails for four vulnerablities unrelated to stuff we're discussing in here, as a side effect of googling to try to find examples of stuff with the vulnerablities we've been discussing here. I was particuarly horrified by a bunch of the rust crates I bumped into, which looked like bad machine generated C code fed into a food processor before being machine transformed into rust.

Show thread


10:56 ⚡ gmaxwell makes a mental note to never use security software written in rust, these people are all crazy...

Show more
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!