I'm just wondering if I can use this on a pen test π€
Thinking of upgrading my laptop. π€
Can't beat a DBZ meme
Democracy works because the majority is good and knows how to pick moral and selfless leaders. So why do we need a government? Because everyone is amoral and selfish. π€
Something not really talked about in regards to the op return debate, is what we call in the security "the tyranny of the default". Default settings should ideally be in the most restrictive state and if you want remove restrictions by changing settings and potentially reducing security that is a trade off and decision you can make within your own risk appetite. The reason you don't make the default open is because 99% of users will just use the default settings and won't even consider changing them. that said, does it not make sense for core to have the most restrictive reference implementation and allow people to configure more permissive op return and other settings as their use case requires? And additionally have to persuade others of their case. #opreturn #btc #core #knotts
π¬ Spark Lightning Address Doxxer: a simple tool to decode Spark addresses from any Lightning address or invoice.
https://reneaaron.github.io/spark-lnaddress-doxxer/
Does somebody understand why WoS addresses seem to encode the spark pubkey as a routehint, but other providers such as blitz wallet do not?
h/t nostr:nprofile1qy08wumn8ghj7en9v4j8xtnwdaehgu3wvfskuep0wphhqatvv9eqzrthwden5te0dehhxtnvdakqqg8plualm48yqv2etxcgkn7vsfz74fg5vdlp6nkz4ctxkapngxlp4uypp6uv
What's the impact of exposing the spark address? Is it like a reused on chain address so you can see all transactions or something?
nostr:nprofile1qqstnr0dfn4w5grepk7t8sc5qp5jqzwnf3lejf7zs6p44xdhfqd9cgsppemhxue69uhkummn9ekx7mp0qywhwumn8ghj7mn0wd68ytnzd96xxmmfdejhytnnda3kjctv9ulj6hdh does grapheneos have any protections against https://www.pixnapping.com/? I know it's early days but exploits only ever get better.
Ocean with lightning payout. Gives you a small trickle of sats.
Introducing my new open source #nostr freedom project - DNSPub
The key idea is that any DNS domain owner, with minimal changes, can enable any to npub be part of the domain name system, using signed DNS records published to relays.
For example, [npub].example.com would resolve to an IP address, and pass all the CA root program tests so that https://[npub].example.com could be a valid website in the browser.
Thanks to nostr:npub1s0veng2gvfwr62acrxhnqexq76sj6ldg3a5t935jy8e6w3shr5vsnwrmq5 and nostr:npub1hw6amg8p24ne08c9gdq8hhpqx0t0pwanpae9z25crn7m9uy7yarse465gr for the idea!
#dnspub
I have always thought nip 05 would be better if you just put npubs in txt records.
New Blog Post https://snotra.cloud/securing-service-principals.html #azure #pentesting #cloud
Amethyst new design to deal with spammers
https://video.nostr.build/befaf94519c1371a8d8f965214b7b7d8b531281958c4d140711151dfb36bc036.mp4
Its a red alert Tesla coil!!
Its a bit better these days now it doesn't run everything as root. But yeah still not a great choice. You can just run Kali in docker / podman for the relos and tool access. Are you aware of the universal blue project? Any thoughts?
Notifications seem to be really flaky for me atm.
So are you just accepting on chain and lightning via boltz, not liquid directly?
Announcing SamRock Protocol & reference implementation plugin nostr:nprofile1qqs22d4tralncqfnh2kmmarjkxk8449hwnk5xtqe3y5yry6hy7ytegqpzemhxue69uhk2er9dchxummnw3ezumrpdejz7qgcwaehxw309ahx7um5wghxvmt59emkj73wvf5h5tcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsymkvl9 π
With it, you can easily connect online stores directly to your mobile wallet - self-custodial payments, one scan away.
Thanks to the JAN3 & nostr:nprofile1qqsqcdcltmv4qanpx3p7svcufdsg9rkk00x7l2sknra4e6whkv59l7cpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtccpdmsw for dev help; nostr:nprofile1qqs0rxy6jmt44guxkny8z4pkym9mxckqxfytygxuntjn6l80hj409sgpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcdch0km & nostr:nprofile1qqs9mus73mq3ug08kug2cltvj3p8gpawd85n5l70p59rach6cn7usjcpp4mhxue69uhkyunz9e5k7tcpzemhxue69uhk2er9dchxummnw3ezumrpdejz7qgwwaehxw309ahx7uewd3hkctclflw26 for π‘
https://v.nostr.build/iQdhQ5sChieOxMti.mp4
To use protocol on your BTCPay Server, all you need to do is:
1. Install the SamRock plugin
2. Pick BTC, Lightning, Liquid
3. Generate QR β Scan with Aqua Wallet
That's it. Payments will stream directly into your wallet 24/7.
Protocol is fully FOSS π https://github.com/rockstardev/SamRockProtocol
We're starting with BTCPay Server & Aqua, but looking forward to more implementations.
Let's make it easy for users to custody funds across the ecosystem, connect wallets and online stores βπ½
Have you come across this issue with Samrock and nbxplorer? https://github.com/dgarage/NBXplorer/issues/531
I have just integrated a donation option into my SipTrack Go app ( https://www.siptrackgo.com ). With nostr:nprofile1qyxhwumn8ghj7cnjvghxjme0qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcqyzjnd2cl0u7qzva64k7lgu4343adfdm5a4pjcxvf9pqex4e83z72qngxhfg, which runs on my nostr:nprofile1qyt8wue69uhh2mtzwfjkctnvda3kzmp6xsurgwqpzpmhxw309a6k6cnjv4kr5dpcxsuqqg829c7gzngg5du03fdcltkt9zzdqkz4jaw9ef94cf0z6munv2r0zsg8cnv5 , and the SamRock protocol. Many thanks to nostr:nprofile1qyx8wumn8ghj7cnjvghxjmcpz4mhxue69uhk2er9dchxummnw3ezumrpdejqqgxfkx0le4p7df0j8v7jwyrvux0y45kl3xapqvwagctlrdv3uyyfv5lgpykq , nostr:nprofile1qyxhwumn8ghj7mn0wvhxcmmvqyw8wumn8ghj7mn0wd68ytnzd96xxmmfdejhytnnda3kjctvqqsfrjd9ux5hgsg5cmlz6cdwfh5zv2024g8m2t6g9zqf83l8uqm0svsjgnxal , nostr:nprofile1qy88wumn8ghj7mn0wvhxcmmv9uq3uamnwvaz7tmwdaehgu3dwp6kytnhv4kxcmmjv3jhytnwv46z7qpqpsm37hke2pmxzdzraqe3cjmqs28dv77da74pdx8mtn5a0vegtlasaraze8 team, the nostr:nprofile1qyxhwumn8ghj7cnjvghxjme0qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcqyzjnd2cl0u7qzva64k7lgu4343adfdm5a4pjcxvf9pqex4e83z72qngxhfg team and the nostr:nprofile1qyt8wue69uhh2mtzwfjkctnvda3kzmp6xsurgwqpzpmhxw309a6k6cnjv4kr5dpcxsuqqg829c7gzngg5du03fdcltkt9zzdqkz4jaw9ef94cf0z6munv2r0zsg8cnv5 team. You are doing incredible work here. It's slow, maybe because of my local nostr:nprofile1qyt8wue69uhh2mtzwfjkctnvda3kzmp6xsurgwqpzpmhxw309a6k6cnjv4kr5dpcxsuqqg829c7gzngg5du03fdcltkt9zzdqkz4jaw9ef94cf0z6munv2r0zsg8cnv5 server on a Raspberry Pi , but it works. π
Is nbxplorer working with liquid for you? I set up the wallets via samrock but no pliers is throwing this error for me. https://github.com/dgarage/NBXplorer/issues/531
Is anyone heating their house with miners in the uk? #asknostr
Been running laptops the last decade, it's nice to build a big beasty desktop again.
nostr:nprofile1qqs9pk20ctv9srrg9vr354p03v0rrgsqkpggh2u45va77zz4mu5p6ccpzemhxue69uhk2er9dchxummnw3ezumrpdejz7qgkwaehxw309a5xjum59ehx7um5wghxcctwvshszrnhwden5te0dehhxtnvdakz7qrxnfk has anyone set up a cashu mint that uses liquid and atomic swaps? Would save the ball ache of running a lightning node.
A lot of security talk around these parts but not a recommendation of online security lab and training platforms like HackTheBox. Please try them out if you haven't.
https://academy.hackthebox.com/catalogue
After learning you can try out skills on their lab or CTF platforms. Training on these platforms let you understand how to make more secure applications.
A very long time ago I had my kickstart in my work from doing CTFs. You used to need to hack the login form to get on this web site... I sucked at it and I still do, but you learn a lot extremely quickly and understand how things work far better than just reading on social media.
Many people's questions or suspicions about things could be answered if they just did the security research on whatever they were suspicious about themselves... so do your proof of work.
I love hack the box. Pentesterlab is another good one for web relayed vulns. And tryhackme is pretty good too.
I would put liquid lower down the risk curve, how many federation members are needed to collude?
It seems you can't crack kerberos krb5 hashes for usernames that start with a dollar π
You also need to have the name get parameter for the username. So /.well-known/nostr.json?name=username. Pub key needs to be hex format.
Why does everything say nip05 is DNS based, it needs a fucking web server! If it was DNS based it would just use a simple txt record or something. Surely there is nothing stopping someone using name@ipaddress as there nip05 address then it wouldn't be using DNS at all. #asknostr
yeah it pool mines (you share the pay out with everyone else) but if you find a block it uses your own node to build the block template/block.
Am I the only person that didn't have a shitcoin phase?