waxwing boosted

Bitcoin Optech newsletter #219 is here:

- describes a proposal to allow LN nodes to advertise capacity-dependent feerates
- announces a software fork of Bitcoin Core focused on testing major protocol changes on signet
- summarizes popular questions and answers from Bitcoin Stack Exchange
- Optech Newsletter #219 Recap on Twitter Spaces


Enjoying the "robust" debates between Zucco, Todd and Voskuil in this honeybadger panel from recently (skip past the Rootstock bit at the start):


Pretty entertaining discussion of bitcoin supply, fees, censorship etc.

waxwing boosted

🔊Don't miss this week's event!

📅Wednesday - 28September@18:00

@waxwing will talk with us about Cashu FediMint and Chaumian-style ecash.


waxwing boosted

TIL: go version -m $binary

Gives you detailed information about how a Go binary was built, including the Go version, its dependencies, and the specific git commit hash. Cherry on top: it tells you if the git checkout was clean at build time.

Digging a little further today, I can find J Orlin Grabbe's write-up of the DMT system underlying mathematics on the internet archive:


(All of the old J Orlin Grabbe stuff is no longer directly online, he died some years back).

Show thread
waxwing boosted

RT @TheVladCostea
Currently editing the Bitcoin Takeover podcast season 12 premiere, featuring Thomas Voegtlin.

He created Electrum wallet in 2011, still works on the project, and it doesn't get any more OG than this 🔥

🚨Subscribe to the pod on Spotify, Apple Podcasts & YouTube 🚨

waxwing boosted

Well this was certainly interesting.
Downloaded fluttermint on android. received signet sats from Obi via it (fedimint-sats) .. then donated some back to the faucet:


This is all done with BOLT11 invoices. It's rather complex under the hood (to say the least!) but at the user level it feels pretty indistinguishable from Lightning, i.e. in particular you can pay and receive actual Lightning with LN wallets, or the fedimint tokens, ~indistinguishably.

waxwing boosted

Pre-disclosure: we are planning a coordinated security release of multiple Matrix clients starting 16:00 UTC Wed Sep 28th to address some critical issues. We have no evidence of these being exploited in the wild, but please get ready to upgrade on Wed! matrix.org/blog/2022/09/23/pre

I love this quote from:


"“Meanwhile, don’t leave a balance in your PayPal account, as we now know it can just be confiscated,” Frost added."

"Now" 😂 People are so shockingly ignorant. I first found this out in 2003, i.e. 2 decades ago, not that long after Paypal started. You could literally find news stories of this happening every single week for the last 10 years, if you tried.

Don't use platforms that treat you like a slave.

(I suppose it's pretty easy to argue that this mistake is not really forgivable: having had experience writing code to generate private keys, the *first* thing i would make double/triple sure is that whatever my source of entropy is, has (at least) the number of bits i intend it to. The rd() call here returns unsigned int, and it's 4 bytes or 32 bits. Not enough for any real world use. Maybe I'm missing something though).
(The 2nd thing: cryptographically secure random, not just any random!)

Show thread

.. by cracking, so it's super-easy for the attacker to make an economic assessment of if it's worth their while.

As usual rekt.news has a good write up of some facts.

And finally, I particularly liked this recent github comment: github.com/johguse/profanity/i 😂

Show thread

Here is the vanity address the Wintermute guys were using:


.. apparently they wanted the leading zeros to save on gas fees; I'm not sure how that works in Eth but it could make sense.

The attack is a really interesting practical example of why cryptographers sometimes obsess over 'how many bits of security'. Here, an attack could cost a lot in hardware rental, but it has one super-favourable feature: you can see on the blockchain *exactly* how much you will get ...

Show thread

This new hack of Wintermute for ~ $160MM according to reports, is fascinating. It's apparently a result of using a *vanity address*!
As you can see in this github comment, they were seeding the random number generator with a 32 bit integer.

.. as I was saying at Bitcoinology the other week, 32 bits is something your laptop can crack easily in seconds (depending on what each operation is, of course). So, with a *lot* of hardware, you can search the space of those randoms.

"not to be confused with man-in-the-mobile " ...

"man-in-the-middle, monster-in-the-middle,[1][2] machine-in-the-middle, monkey-in-the-middle,[3] meddler-in-the-middle,[4] manipulator-in-the-middle[5][6] (MITM), person-in-the-middle[7] (PITM) or adversary-in-the-middle[8] (AiTM) attack" from Wikipedia on MiTM 😂

I liked 'monster in the middle' that was used in the privacypass paper.

Was doing pretty well yesterday on beat saber, I even got a passing grade at the "Stonks Academy" 😂

13.5 notes per second insane slider spam. Cool song. Replay:


(above is a new-ish website that has a ton of cool features for play/rank, better than scoresaber ... that link *should* show a replay in a very cool graphic/video format, but it might depend on your device whether it works).

waxwing boosted

RT @SatoshisPlaceUK
We are very excited to open - Thanks to everyone who came yesterday! We had great feedback & ideas.

We’re open from 5PM tonight to late today.

waxwing boosted
waxwing boosted

RT @ShiftCryptoHQ
Great talk by @emzy about the trade-offs of different wallet types at the @thebconf!

Next time we'll bring some hardware to sell. 👍

Check out the livestream here: youtube.com/watch?v=4gX_yO0bQy

Show older
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!