waxwing @waxwing@x0f.org

Enjoying the "robust" debates between Zucco, Todd and Voskuil in this honeybadger panel from recently (skip past the Rootstock bit at the start):

https://bitcointv.com/w/8gKugd878URQyu3ykKgLDW

Pretty entertaining discussion of bitcoin supply, fees, censorship etc.

#bitcoin

Digging a little further today, I can find J Orlin Grabbe's write-up of the DMT system underlying mathematics on the internet archive:

https://archive.ph/JYqK0

(All of the old J Orlin Grabbe stuff is no longer directly online, he died some years back).

#cryptography #ecash

Future users of the signet faucet, you're welcome :)

Well this was certainly interesting.
Downloaded fluttermint on android. received signet sats from Obi via it (fedimint-sats) .. then donated some back to the faucet:

https://sigpay.sirion.io/apps/33Au5UDsPWnUL5GVT8q1Yjovw83K/crowdfund

This is all done with BOLT11 invoices. It's rather complex under the hood (to say the least!) but at the user level it feels pretty indistinguishable from Lightning, i.e. in particular you can pay and receive actual Lightning with LN wallets, or the fedimint tokens, ~indistinguishably.

#bitcoin #lightning

I love this quote from:

https://www.zerohedge.com/technology/paypal-sparks-outrage-after-shutting-down-account-britains-free-speech-union

"“Meanwhile, don’t leave a balance in your PayPal account, as we now know it can just be confiscated,” Frost added."

"Now" 😂 People are so shockingly ignorant. I first found this out in 2003, i.e. 2 decades ago, not that long after Paypal started. You could literally find news stories of this happening every single week for the last 10 years, if you tried.

Don't use platforms that treat you like a slave.

#censorship #bitcoin

(I suppose it's pretty easy to argue that this mistake is not really forgivable: having had experience writing code to generate private keys, the *first* thing i would make double/triple sure is that whatever my source of entropy is, has (at least) the number of bits i intend it to. The rd() call here returns unsigned int, and it's 4 bytes or 32 bits. Not enough for any real world use. Maybe I'm missing something though).
(The 2nd thing: cryptographically secure random, not just any random!)

.. by cracking, so it's super-easy for the attacker to make an economic assessment of if it's worth their while.

As usual rekt.news has a good write up of some facts.

And finally, I particularly liked this recent github comment: https://github.com/johguse/profanity/issues/61#issuecomment-1247706911 😂

Here is the vanity address the Wintermute guys were using:

https://etherscan.io/address/0x0000000fe6a514a32abdcdfcc076c85243de899b

.. apparently they wanted the leading zeros to save on gas fees; I'm not sure how that works in Eth but it could make sense.

The attack is a really interesting practical example of why cryptographers sometimes obsess over 'how many bits of security'. Here, an attack could cost a lot in hardware rental, but it has one super-favourable feature: you can see on the blockchain *exactly* how much you will get ...

This new hack of Wintermute for ~ $160MM according to reports, is fascinating. It's apparently a result of using a *vanity address*!
As you can see in this github comment, they were seeding the random number generator with a 32 bit integer.
https://github.com/johguse/profanity/issues/61

.. as I was saying at Bitcoinology the other week, 32 bits is something your laptop can crack easily in seconds (depending on what each operation is, of course). So, with a *lot* of hardware, you can search the space of those randoms.

"not to be confused with man-in-the-mobile " ...

"man-in-the-middle, monster-in-the-middle,[1][2] machine-in-the-middle, monkey-in-the-middle,[3] meddler-in-the-middle,[4] manipulator-in-the-middle[5][6] (MITM), person-in-the-middle[7] (PITM) or adversary-in-the-middle[8] (AiTM) attack" from Wikipedia on MiTM 😂

I liked 'monster in the middle' that was used in the privacypass paper.

Was doing pretty well yesterday on beat saber, I even got a passing grade at the "Stonks Academy" 😂

13.5 notes per second insane slider spam. Cool song. Replay:

https://replay.beatleader.xyz/?scoreId=1254669

(above is a new-ish website that has a ton of cool features for play/rank, better than scoresaber ... that link *should* show a replay in a very cool graphic/video format, but it might depend on your device whether it works).