Not electron(mobile anyway) or sparrow wallet and looks like core is still WIP https://github.com/bitcoin-core/secp256k1/pull/1698
So the Tea hack includes ident verification photos that according to their own privacy policy should have been deleted immediately, something for the UK gov to think about...Nevermind free identity protection all around!
Nostr was mentioned on my favorite cryptography podcast today, Security, Cryptography, Whatever — they didn't spend a lot of time on it, but here are some highlights:
> It’s federated and it’s European. I bet it sucks.
> It’s some Ayahuasca inspired initiative from. From Messrs. Dorsey et al.
> Yeah, sure, it’s decentralized and federated, but like their proposal for encrypted end to end encrypted DMs was just bad by itself.
> When I reviewed this, my description of this was it looks almost exactly like Nebuchadnezzar [https://nebuchadnezzar-megolm.github.io/], which is like a fractal of things that could have gone wrong with like a complete ecosystem of like a secure messaging system. They found flaws in almost every component of that system and then tried to leverage them as far as they could.
You can read/listen here: https://securitycryptographywhatever.com/2025/07/29/vegas-baby/
They also mentioned a talk that's going to be delivered at blackhat on August 9th which sounds super interesting:
> In this session, we unveil the first comprehensive security study of Nostr and its popular client applications, demonstrating how subtle flaws in cryptographic design, event verification, and link previews allow an attacker to forge "encrypted" direct messages (DMs), impersonate user profiles, and even leak the confidential message from "encrypted" DMs.
Here's the link to the agenda entry for the talk: https://www.blackhat.com/us-25/briefings/schedule/#not-sealed-practical-attacks-on-nostr-a-decentralized-censorship-resistant-protocol-45726
I'm looking forward to learning how we've screwed up — there aren't a lot of cryptographers here, and I know that open protocols make security even harder to maintain. Maybe we've screwed up irretrievably, but I'd rather know now than later.
”and outline both immediate mitigation steps and best practices for cryptographically sound design. By revealing these cracks in a widely touted "censorship-resistant" system” - nice, constrictive criticism
"The app was downloaded from the Play Store (thus requiring a Google account)" - Thought they were against app store monopolies...Left ass cheek doesn't know what the right ones doing.
'AI' is good, it's also retarded. Would love to see the chat thread of my mum and the AI sycopant as she tries to vibe code an app though, would be glorious!
If you want a "blue screen" on deepseek, just ask what happen there :
https://en.wikipedia.org/wiki/1989_Tiananmen_Square_protests_and_massacre
🙈 🙊 🙉
lol just tried asking...."Sorry, that's beyond my current scope. Let’s talk about something else." Then I asked it about how HK had changed since 1997 and it actually wrote a whole block of text and then that was replaced with the same "Sorry, that's beyond my current scope. Let’s talk about something else." message!
Stablecoin Conference 2025 was a hit.
Stay humble and Stack Stablecoins.
https://blossom.primal.net/235d9373fafd0c81509d5a650fab6f5bf4f9a5ab2dc5289e1e1c8d63f8e6a115.mp4
odd I only here shitcoin
What is coinbase self custody wallet?! This reminds me of the screen I get depositing btc to kraken where they have a ton of different shitcoin ways to deposit 'bitcoin'... I sure hope they convert that directly to real btc or are happy to suck up the counter party risk when inevitable fuckup happens
'Authorities highlight that even withdrawals of €800 or €900, if repeated and unexplained, may attract scrutiny.' - WTF++
'Additionally, financial institutions are now obligated to report any suspicious activity to the authorities, including frequent smaller withdrawals that fall just under the threshold, particularly when there is no clear justification for such patterns.'
https://fintechnews.ch/fintechspain/spain-strict-cash-withdrawal-rules-fines/76051/
Yeah I ended up doing a day tour with some taxi driver after being picked up from the blue mosque. It was actually really good but sometimes looking around in the car you are thinking where the fuck we going now..! Also had the obligatory stop at some random shop and then at the end I didn't have quite enough cash on me and the cash point we went do didn't work... Awkward!
Crazy traffic in Cairo, get clocked as a tourist for hesitating to walk out into 6 lanes of chaotic traffic, next thing you'll be being helped across the road and into their friends shop trying to come up for excuses not to buy a load papyrus and perfume!
Never realised CryptoCobain co launched maxcoin shitcoin, if this is correct https://wikitia.com/wiki/CryptoCobain
LOL Bank of England digital pound using BIP32 style HD wallets https://www.theregister.com/2025/04/17/boe_cbdc_offline_payments/ wonder how many of those developing this got themselves some BTC to play with?
So is nostrudel gone then?
No Shit... Though today idiot in chief actually 'truthed' a heads up to buy so everyone could get in on the inside action!
Just tried testing both firefox and librewolf on my system. Firefox - Your browser has a nearly-unique fingerprint.. Librewolf - Partial protection.
And the first reply to this is some bullshit fucking scam!
Lol Saylor won't be getting out of the Whitehouse!
Quite like the idea of lots of little community relays. Could probably get something useful and not have to descend into the great swamp of shit like you get with massive public feeds/socials which just seem to bring the worst out of some people.
The Bybit hack has revived long-standing debates about the security trade-offs built into the Ethereum protocol. We cover its reliance on complex, stateful smart contracts, the systemic challenges in its design—and how Bitcoin avoids these pitfalls. 🧵
Multisig serves as a fundamental security layer by requiring more than one signer to move funds. On Bitcoin and the nostr:nprofile1qqsfjzteswm5cuyqpvvz40r0vszx4dcyql5u40xkeats5w9d48hht4guz0cnd , implementing this is simple thanks to native opcodes (e.g., OP_CHECKMULTISIG) or Schnorr-based interactivity, keeping the code surface small and secure.
On Ethereum, however, developers must create custom code to emulate multisig—leading to complexity, increased computational demands, and potentially flawed interfaces.
Ethereum contracts must manage on-chain state, handle reentrancy (where an attacker calls a contract in the middle of its own execution), and ensure that the logic for multiple signers is correctly enforced.
Ethereum also uses an account-based model with a universal state tree, meaning each contract update can influence or interact with data used by other contracts.
Mistakes in these areas can introduce critical vulnerabilities, as we have seen with high-profile incidents like the Ethereum Parity wallet hack in 2017 and now with Bybit.
https://cointelegraph.com/news/parity-multisig-wallet-hacked-or-how-come
In contrast, Bitcoin's UTXO model localizes state changes to individual transactions, reducing the risk that one contract's flaw will leak into another's operation.
While Ethereum contends with repeated contract exploits, Bitcoin and its sidechains are evolving toward more robust multisig approaches. For example, cryptographic schemes like MuSig aggregate multiple signatures into one, making multisig transactions look like standard singlesig. This benefits both privacy and efficiency.
Looking further ahead, the proposed Simplicity language on the nostr:nprofile1qqsfjzteswm5cuyqpvvz40r0vszx4dcyql5u40xkeats5w9d48hht4guz0cnd aims to provide the flexibility of a higher-level scripting language while retaining Bitcoin's careful approach to security.
https://blog.blockstream.com/simplicity-arrives-on-liquid-testnet/
Rather than offering Turing-complete smart contracts, Simplicity focuses on formally verifiable scripts (easier to audit and prove correct) and advanced features like covenants and custom sighash types, all designed to avoid the pitfalls seen with the EVM's unbounded computations.
As the blockchain industry matures, it's increasingly evident that security must be a top-level design choice—not a feature layered on after the fact. This is why we firmly believe that Bitcoin offers the best foundation for capital markets and finance.
https://blog.blockstream.com/why-bitcoins-utxo-model-is-best-for-blockchain-based-finance/
For a more comprehensive analysis of the Bybit hack and the underlying flaws in Ethereum's design, read our full report:
Following this hack I ended up here https://www.reddit.com/r/ethereum/comments/1iuxkmv/how_bybit_could_have_prevented_this_hack_but_didnt/
It's interesting that in typical eth style the solutions require layering additional complexity and possible more attack surface.
1. Signers blindly approved a malicious transaction - yeah I wonder why, probably because the HW couldn't just say sign x amount to move to x!?
2. No second-layer verification for transactions - again no questions why, once they're going to external sites the only thing the hw wallet is really doing is protecting the key
3. No transaction simulation before signing - I mean not a bad idea but if it wasn't so fucking complex why couldn't the HW do this... The coldwallet should only be moving funds from storage to another of your addresses why would it even need to do anything particularly complex, surely it should be the same every time you do it?
4. No withdrawal delays for large transactions - yeah that should be probably part of the process, this being eth they probably mean adding more complexity to the signing contract though!
5. No smart contract "Guardian" system - cool add another contract to get replaced/hacked!
6. No anomaly detection or security alerts - The anomaly did get detected, its all gone LOL!
https://video.nostr.build/a12302a68b328178662c66b0815e97e7b2e58d34a84b19583420c7e99152f06c.mp4
Pedro Sánchez, el encantador portavoz de la verdad democrática, propone arrancar de raíz el anonimato en redes sociales. ¿Por qué? Porque, según él, es una amenaza para esa delicada flor llamada democracia. La narrativa es clara: las palabras afiladas de gente sin rostro en internet hacen temblar los cimientos de su castillo de cristal.
El argumento suena noble, pero vamos a desnudarlo. Hablar de eliminar el anonimato en un mundo donde las grandes corporaciones ya manejan tus datos como cromos intercambiables, suena menos a protección y más a control. Sánchez no quiere protegerte de trolls, bots o conspiranoicos. Quiere tu nombre, tu cara, tu huella. Quiere la rendición total.
El anonimato es una de las últimas trincheras de libertad en esta distopía digital. Es incómodo, sí. Da lugar a caos y exceso. Pero también es la máscara que le permite al oprimido gritar contra el opresor sin represalias. ¿Qué queda cuando le arrancas esa máscara? Un ejército de perfiles dóciles, alineados, dispuestos a aplaudir todo discurso oficial sin miedo a que una palabra incorrecta les cueste el empleo o algo peor.
Esto no se trata de democracia. Esto se trata de vigilar y castigar. La ironía es deliciosa: en nombre de salvar la democracia, quieren castrar el único lugar donde aún sobrevive algo de ella.
La verdadera amenaza no es el anonimato, sino quienes quieren exterminarlo.
#hola #hispano #españa
Must only be bad when China implement such laws not when we copying then a few years later.
Its actually a pretty easy read its just that a lot of the characters from different generations have the same name.. Like which Jose arcadio is this?! Maybe try a book of his short stories 1st if you haven't already?
Aiming to read some Gabriel Garcia Marquez in the original Spanish before end of year but I'm reading 100 years of solitude required in English again at the moment and even then its hard to keep track of all the characters!
Lol watched untouchables last night and just thinking how getting Capone based on his taxes had been start of the government turning the financial system into a mass surveillance system.
Lol touche, finally a brexit benefit!
Thorough article on debanking in western context and for crypto companies specifically. If you were willing to spend four hours listening to a Joe Rogan guest and fooled yourself into feeling informed, you have no excuse not to read this.
https://www.bitsaboutmoney.com/archive/debanking-and-debunking/
’Very soon after making the decision to close your account the bank does not know specifically why it chose to close your account.
This strikes many people as Kafkaesque’ no shit!
'Moreover, questions of public policy are frequently political in a democracy. The ballot box is the ultimate check on government abuse of power' - at least in the UK I don't think so...Stuff like bank secrecy, aml/kyc, state surveillance seem to just roll on at a supranational level no matter which team gets into downing st.
Such a long article going to take more than one sitting...!
Lol full billionaire mode! Still sounds like a twat even if unlike csw has the money!
Yep it's difficult to understand. I just got the feeliing it was someone who bought a long time in the past and beyond using a hardware wallet hadn't taken that much time to really know how things work. Trying to recall how the original trezor one backup process worked now... It might have been somewhat open to attack (or primed people for it) with the device not having it's own screen and most users probably using the trezor website wallet.
For all the sophistication of these attacks, both victims made absolutely elementary mistakes.
One saved a photo of his plaintext seedphrase to the cloud, the other was convinced to type in his seedphrase on a website.
Still absolutely required reading, I think:
https://krebsonsecurity.com/2024/12/how-to-lose-a-fortune-with-just-one-bad-click/
Never rush and if you have a significant amount at least learn the basics. Feels like the first guy was always destined to lose his coins but the 2nd would probably have been ok if he'd just slowed down and took a breath.
Well UX is only 6 on there design principles... They're probably still working on no.3 'Auditability - enable the state to tax income and crack down on illegal business activities'
Really good chill music, bought one of their albums after hearing a tune in some eastern European/scandy crime series on Netflix I never finished.