I lost some sats to LNbits due to security holes so I would appreciate that
Discussion
Demo server?
It must have been a couple years ago now, but SuperTestnet had a programming course on building a simple web wallet using LNbits
So I had played with that, created a wallet, had an API key and then one day months later I read that some of the LNbits servers were attacked
So I check and then I no longer had access to my wallet, my keys no longer worked, the server was dead
I never stored that much on there because I knew the risks, but I was pretty disappointed nonetheless
I like the idea of the project and hope it does better in future, but I lost faith after that
Most recent fiasco was they pushed a completely untested(!) dev branch to their “demo server” with I think MULTIPLE BTC on it, it got drained very fast, then they tried to brush it off with “its beta” and “what did you expect”
There was other issues like SQLi being possible on ALMOST EVERY endpoint
And allowing draining of Eclair nodes with just hold invoices nothing special needed
If you are holding multiple BTC and don’t want to be responsible for it either shut it down, or at least apply some precautions
That’s disappointing
hah, lol, sql is such garbage
it may take some extra work to build proper purpose built data stores but the performance and security benefits are obvious
making everything programmable is a mistake, it's why i disagree with hot-reloadable database scripts, aka "smart contracts"... hard code them or gtfo
have you seen tigerbeetle DB
idk, i'm a badger and golang maxi so why would i look
there is another db that looks sorta interesting for high read workloads, pogreb, it would probably actually be quite good for nostr data, at least, i probably would separate the replaceable event kinds into a badger and use pogreb for the rest
i see, it's one of these funny things with extra double checking
my fiat mine uses the Move language which has all kinds of safety features and in the case of Sui at least, has a strong security against flaws that allow data to change ownership improperly
anyway, i don't like java, though phoenix is one of the better ones with LSPs, breez is based on LND and i had a particularly bad stuck payment experience with it, fortunately it eventually came back to me, and i suppose LND uses leveldb
anyway, you aren't going to convince me to use any software that isn't written in Go and especially not that is heavily funded and promoted by Apple, because i hate apple, more than i hate microsoft, and i certainly would not use their trash for finances either