"If you’re concerned about privacy and want one of the most well-protected browsers available — and don’t mind that it may prevent you from using certain websites — then you should try the Tor Browser." https://www.theverge.com/2020/2/21/21138403/tor-privacy-tools-private-network-browser-settings-security
psa: the bird site is currently restricting the @bitcoinmerges account
Today’s PR review meeting is on PR 18238 “Retry notfounds with more urgency” (p2p) by ajtowns.
Join host Amiti and everyone to discuss Bitcoin Core p2p today -- starting in 3 hours.
Next week, we're going to look at another PR to improve node-wallet separation. Russ will show us his PR #17954: Remove calls to Chain::Lock methods.
See you all there.
TIL there's a draft RFC for oblivious-PRF based blind signing scheme (so distinct from both old RSA type, and also Chaumian or Brands type using Schnorr ).
Some background on what this is and why it's interesting; first, see: "privacypass":
... an extension you can use to bypass captchas by using blinded tokens. I'm not sure of current real world status, especially w.r.t using Tor browser, which is where it's be *really* useful!
Bitcoin Optech newsletter #84 is here:
- seeks help testing a Bitcoin Core release candidate
- summarizes some discussion about the BIP119 OP_CHECKTEMPLATEVERIFY proposal
- includes regular section about notable code and documentation changes
The thread on dual funding workflow for LN is interesting, h/t @harding
I am seeing similar to discussions as we had before about P2EP/Payjoin - how to create backout facility in case of maliciousness, how to avoid probing. PoDLE is one idea, but there are others as per discussion. h/t @ZmnSCPxj also.
Notably, PR author Suhas Daftuar posted a BIP draft for "WTXID-based transaction relay" here:
Wednesday's Bitcoin Core PR Review Club meeting is on #18044: Use wtxid for transaction relay (mempool, p2p) by Suhas Daftuar. Come discuss wtxids, tx relay/delay, AlreadyHave(), rolling bloom filters, mempool, orphans/rejects/confirmed txns, mapRelay and more:
It may have passed people by but I think gmax found something very dangerous here:
Let me condense it so it's more concrete:
(1) your hardware or software has a simple Schnorr style signing algo: take privkey x, message m, output a signature (R, s)
(2) Your nonce k in s = k + ex is generated deterministically (RFC6979, EdDSA). Think of it as k = f(x, m).
(3) Your e-value is a hash with pubkey prefix: e = H(P|R|m), P is pubkey P=xG.
Merged PR from naumenkogs: p2p: supplying and using asmap to improve IP bucketing in addrman https://github.com/bitcoin/bitcoin/pull/16702
11:13 <gmaxwell> I give up, it's too hard to find examples of _this_ vulnerablity because I keep finding other ones that I need to report.
11:11 <gmaxwell> I've sent emails for four vulnerablities unrelated to stuff we're discussing in here, as a side effect of googling to try to find examples of stuff with the vulnerablities we've been discussing here. I was particuarly horrified by a bunch of the rust crates I bumped into, which looked like bad machine generated C code fed into a food processor before being machine transformed into rust.
10:56 ⚡ gmaxwell makes a mental note to never use security software written in rust, these people are all crazy...
Working on Bitcoin. INSEAD/Harvey Mudd. Wrote pro games in 6502 assembly as a kid (Quasimodo, Meteor Storm). Assembly C C++ Lisp Ruby Linux Emacs
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!