https://twitter.com/muneeb/status/1631672600085577729

Obviously this contrasts with the fact that, during the recent episode of Bitcoin Review with NVK and others, they had to go long for the episode and also had to cut out a lot of content due to too much bitcoin ecosystem development happening to cover it all. And with my work at ego death capital, we have no shortage of new bitcoin development to invest in; it's merely a matter of prioritization.

I met Muneeb at Princeton back in November when Princeton launched their new center for decentralized tech and power, which does have some serious bitcoiners in the mix amid the altcoin noise. And I might meet these folks again in upcoming Princeton events, since I'm based near them in NJ and want to keep a bitcoiner perspective there. They have some good people involved.

If you had questions or discussion points for Muneeb, what would you ask or bring up (kindly)?

My impression is that the Stacks ecosystem is too focused on financialization platforms, similar to the altcoin ecosystems. It's all about financial leveraging, NFTs, etc. In other words, rails on which fiat currency operates. Whereas there is massive development in bitcoin being better money at the root layer, which doesn't necessarily vibe with their ecosystem. Throwing shade at that, or ignoring that, seems disingenuous.

For me, the best development is about wallets, infrastructure, and protocols that make bitcoin easier to use as global root layer money from a payments and savings perspective, and more censorship-resistant in general. Often, it's the small details that matter. This includes lightning, nostr, fedimint, certain sidechains, etc. Anything else is secondary.

The year is 2025. You're at the small coffeshop you found on [btcmap](https://btcmap.org/map) and want to pay for your morning double expresso.

A LN invoice flashes before your sleepy eyes, you pull out your phone and try to open your Zeus wallet connected to your sovereign self-custodial LN node running in your basement.

You wait for Zeus to load. And you wait. And you wait. And you wait some more. The barista gets impatient, there is a line of NPCs behind you rushing to get to their fiat mines.

Finally you curse, pay with your slave VISA CBDC card and uninstall Zeus as you walk out.

## The Issue

You used Tor to connect to your node. Tor was being DDOSed by some state-level actors.

You're using Tor because either it was the easiest thing to setup, or it was just the default in your node distribution.

Have you stopped to wonder if it really makes sense to **use an anonymity network designed to be censorship resistant just to connect to your own home server**?

You obviously don't want to expose your node to the public internet (which would expose what you are using as well as make you vulnerable to attacks).

## The Solution

The best solution (as far as I'm aware of) is to connect to your home node using an **encrypted VPN point-to-point tunnel** using something called [WireGuard](https://www.wireguard.com/).

The only information you leak to potential traffic sniffers is encrypted UDP packets (which are already hard to sniff) to your home IP address, which is pretty harmless information.

## The (not ideal) Alternative

Many people find Wireguard hard to setup on its own (don't worry, that is why I wrote this guide) and prefer a more seamless corporate solution based on Wireguard called [Tailscale](https://tailscale.com/).

Tailscale has 2 major drawbacks:

* It's an additional **third party** that knows every encrypted packet you send over it as well as all your public IPs.

* It's **permissioned** and requires setting up an account, **not very sovereign**

# Setup

## Requirements

* Access to your home **router admin page**: if your node is behind a NAT (usually that is the case when it's behind a home router), you're going to need to **forward a port to your node LAN IP**. If you don't know how to do this, you can try to follow the guide for your router model at [portforward.com](https://portforward.com/).

* Either a **fixed home public IP address**, or a **domain name** that points to your dynamic home IP address. Even if you don't have this, you can still follow the guide and manually update your home IP in the configuration file.

* Shell **root** access in your node.

## Node setup

### Gather network information

Find your node's LAN IP address:

```bash

$ ip -human --brief address show

lo UNKNOWN 127.0.0.1/8 ::1/128

eth0 UP 192.168.1.2/24 metric 1024

```

In this case, the your node's LAN IP is `192.168.1.2`.

Find your home public IP address:

```bash

$ curl ipecho.net/plain

```

### Install wireguard tools

The wireguard module is actually built into any modern linux kernel by default, what we actually need to install is the tooling to generate valid wireguard cryptographic keys.

For debian/ubuntu based distros:

```bash

$ sudo apt install wireguard

```

For other distros, check [wireguard.com/install](https://www.wireguard.com/install/).

### Generate keys

You manually need to generate 1 keypair for each device (called peer) that will use your wireguard VPN (including your home node).

To generate a keypair for your node (let's call it `node`):

```bash

$ wg genkey | (umask 0077 && tee node.key) | wg pubkey > node.pub

```

This will create 2 files: `node.key` and `node.pub` containing your private and public keys, respectively. Keep these files safe and **after** being done configuring wireguard **you can even delete them**.

Create extra keypairs for your other devices, e.g.:

* Your phone:

```bash

$ wg genkey | (umask 0077 && tee phone.key) | wg pubkey > phone.pub

```

* Your laptop:

```bash

$ wg genkey | (umask 0077 && tee laptop.key) | wg pubkey > laptop.pub

```

Create as many as you wish.

### Configure the tunnel

Using a text editor create and edit the file `/etc/wireguard/mytunnelname.conf` with the content:

```

[Interface]

Address = 10.0.0.1/24

ListenPort = 50000

PrivateKey =

[Peer]

PublicKey =

AllowedIPs = 10.0.0.2/32

[Peer]

PublicKey =

AllowedIPs = 10.0.0.3/32

```

Subsitute `*_KEY` with the relevant keys found in the files you generated earlier (which you can see the contents using `cat node.key` for instance).

### Generate configurations for the other peers

For your phone/laptop, create a files (can be anywhere, does not matter) with the contents:

* `phone.conf`

```

[Interface]

Address = 10.0.0.2/24

PrivateKey =

[Peer]

PublicKey =

AllowedIPs = 10.0.0.1/32

Endpoint = :50000

```

* `laptop.conf` :

```

[Interface]

Address = 10.0.0.3/24

PrivateKey =

[Peer]

PublicKey =

AllowedIPs = 10.0.0.1/32

Endpoint = :50000

```

Now you need to either **transfer** these files to their respective devices (how you do it is your business) **or generate an easy to use QR code** to use to configure your phone.

#### Optional: generate QR code for the phone configuration

Install `qrencode`

```bash

sudo apt install qrencode

```

Print the QR code on your terminal:

```bash

$ qrencode -r phone.conf -t ansiutf8

```

Or save it (and transfer) as png image:

```bash

$ qrencode -r phone.conf -o phone.png

```

### Run wireguard the wireguard tunnel

```bash

$ sudo systemctl enable --now wg-quick@mytunnelname.service

```

Now when you do `ip -human --brief address show` you should see an extra interface:

```

lo UNKNOWN 127.0.0.1/8 ::1/128

eth0 UP 192.168.1.2/24 metric 1024

mytunnelname UNKNOWN 10.0.0.1/24

```

### Open UDP wireguard port

If your node has a firewall, we need to open our chosen UDP port (50000).

If using `ufw`:

```bash

$ sudo ufw allow 50000/udp

```

if just using iptables:

```bash

$ sudo iptables -A UDP -p udp -m udp --dport 50000 -j ACCEPT

```

## Home router setup

Forward port 50000 UDP to your node's LAN IP. If you don't know how to do this, you can try to follow the guide for your router model at [portforward.com](https://portforward.com/).

## Phone setup

1- Install the wireguard app, you can find links in [wireguard.com/install](https://www.wireguard.com/install/).

2 - Open the app

3 - Click on the `+` button

4 - Choose if you want to import the `phone.conf` configuration file, the your generated QR or input everything manually.

5 - Activate the tunnel by tapping the switch

You should have a working tunnel between your node and your phone. You can try pinging your phone wireguard IP (`10.0.0.2`) from your node's terminal (`ping 10.0.0.2`) to check that it is working.

Now on every app you connect to your node (e.g. Zeus), instead of using the onion address, you can just use your node's wireguard IP (`10.0.0.1`).

## Laptop setup

If it's a linux laptop: place (and rename) `laptop.conf` to `/etc/wireguard/mytunnelname.conf` and do:

```bash

$ sudo systemctl enable --now wg-quick@mytunnelname.service

```

Ping your node wireguard IP `ping 10.0.0.1` to make sure it's working.

Now you can use that IP instead of the onion address to connect to your node (e.g. in Sparrow).

# Help

If you have questions feel free to contact me (NIP-05: sommerfeld@strisemarx.com).

#[27] Introducing Xapo, the first bank on the Lightning Network. Xapo built their integration on Lightspark's stack. ✨🌟 https://davidmarcus.substack.com/p/welcoming-the-first-bank-on-the-lightning?sd=pf

#[28]

#[29] Fountain 0.6.5 is live on iOS and Android! New in this update: ⚡ Nostr Zaps 📹 Share Clips as Videos

#[30]

#[31] Odell shares Coindesk article and expresses concerns about Silvergate Bank’s current situation and reminds everyone that self custody is the only safe way to store your bitcoin. 🏦

#[32]

#[33] Remarks from the US Treasury on a US CBDC 💰🛃

#[34]

—--------------------------

🔥🔥Meme of the Day🔥🔥

—--------------------------

Water, Food, Shelter… Bitcoin

#[35]

#[36]

—--------------------------

🏆☠️Darwin Awards☠️🏆

—--------------------------

📣📣📣Introducing the Nostr Report Darwin Awards, where we seek to give Nostr’s greatest un-achievements the recognition they deserve.

Today we recognize #[37] who accidentally nuked his private key in Damus when he mistakenly deleted his account instead of logging out.

Remember folks, always practice safe NSECs!

#[38]

#[39]

—--------------------------

Stay Classy Nostr.

https://github.com/believethehype/satdress