Roya, are you an Urge fan?
I'm not sure either. Since essentially no one is talking about the article or even aware of it around here, we're just letting it disappear quietly. No need to bring any attention to it.
If it gains any sort of traction, we'll certainly respond then.
nostr:npub14y9984l32yr3jna9gsh5lz9l6l2yp3uxx8nxrav6u3jcr8duhhhqzg8xet
https://earthjustice.org/feature/cryptocurrency-mining-indiana
Lol
Thanks for posting, JD! I've passed the link around to local people.
I was wondering if AboutBit would ever catch any FUD. Lots of false information in that article. I'm digging through the sources now to understand the reasoning behind some of their false claims.
I guess Indiana mining is starting to get noticed. 🤷
I wrote a guest blog post for nostr:npub1wu4aye7ll0lnrrg638e90sehzsgpzx5t39t3mwl05aa0d0ap08esdz3vw0
demonstrating Megawatt's use of TAPSIGNER for 2-Factor Authentication. Check it out! 👇
Check out megawatthq.com 👀 for all of your miner hosting needs! The company was founded at the Indy Bitcoin meetup, so get out there and support your local #Bitcoin groups. You never know who you'll meet.
Will we implement this in production? We'll see, but it's been a fun project and the TAPSIGNER is a great product!
One alternative is we could only use the TAPSIGNER for authentication. Just scan it, type in your PIN, & you're authenticated, no username/password needed. If you lost your Tapsigner, an attacker would still need to know your PIN to authenticate, which is now not on our server.
If an attacker had your TAPSIGNER, they'd still need your username/password to authenticate and vice versa. We don't secure funds with these Tapsigners. They are only for 2-factor authentication, so the Best Practice violation seems like a reasonable trade-off for this use case.
What is the Best Practice violation? Never store a PIN code! We're storing it on our server to provide a better user experience (UX) when scanning the TAPSIGNER. After entering a username & password, you wouldn't want to then have to enter the PIN on your phone.
Our server uses a secp256k1 implementation to verify the ECDSA signature against the digest and the master xpub (public key) of the TAPSIGNER. If that signature is valid, the user is authenticated.
The app then prompts for your TAPSIGNER to be scanned. After a certificate check to verify the authenticity of the card, the Tapsigner signs the digest and the signature is returned to our server.
After our server authenticates your traditional username and the hash of your password, it returns a digest/nonce (a number that should only be used once) and the TAPSIGNER CVC/PIN code to the mobile app.
We've added TAPSIGNERs as our 2-factor authentication method for the megawatt.com app! 🧵👇 with a more technical explanation. In this demo, we're violating one of the Best Practices recommended by nostr:npub1wu4aye7ll0lnrrg638e90sehzsgpzx5t39t3mwl05aa0d0ap08esdz3vw0. Can you spot it? nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 nostr:npub1a7aycw7rg4vdyrls5seamqdql08qcde5676hn4ksyrvx9xaaeduscxt00e nostr:npub1guh5grefa7vkay4ps6udxg8lrqxg2kgr3qh9n4gduxut64nfxq0q9y6hjy nostr:npub1a2cww4kn9wqte4ry70vyfwqyqvpswksna27rtxd8vty6c74era8sdcw83a
You can also use TAPSIGNERs as 2-factor authentication for any app. They're really useful signing devices. Twitter thread with a demo video:
https://twitter.com/boilerhodl/status/1708981755280007631?s=19
Songs from the Big Chair is a great album. Saw them tour last year with Garbage. Here they are now:
Same. We've hiked in the San Juans a few times, but nothing that serious or more than a day. Definitely want to level up and try something like that, though.
My wife and I love the San Juans. Are you hiking from Ouray to Telluride?