Mmh apparently wlroots based WMs/DEs are bad security wise.
I dont know exacly, there is chromiumos that is like what AOSP is for android or chromium for chrome. But a complete security and privacy focused distribution like grapheneos doesnt exists today.
Recently google announced that it will migrate a lot of chromeos system to android, making it more similar to a sort of android x86-64.
I think will ship the google forked gki kernel like android and will run on the integral android JVM.
In future maybe grapheneos could be released easily for desktop, as chromeos is becoming de facto android.
https://blog.chromium.org/2024/06/building-faster-smarter-chromebook.html?m=1
Even if grapheneos is objectively so good, I dont like the "security-by-restrict-user-access" approach. I think the control of the system and the root access are the most important thing for "owning your computing", even if from great powers come great responsabilities and great dangers.
Also with a google owned giant monolith like AOSP or chromium, even if open source, you will be subject to the decision of a single company (who will fork this mess? Who has so much money? Another google?).
Linux distros can be simple, modular in his components so you own your system and choose what component to use. I personally forked and maintain a wayland based window manager with my patches, and it is manageble by one man in spare time. How many people would need to fork and hack with the android graphic stack? Thousands plus one. Because one guy need to change the lightbulb.
Yeah pretty much agree on everything, especially the "one giant controlling the system's future" part.
By the way, I wanted to try out Alpine and labwc to see whether they could replace Fedora/Debian and Gnome/KDE as a desktop daily drive (at least for me), do you have some insights on those?
Here there are a lot of good stuff
https://madaidans-insecurities.github.io/guides/linux-hardening.html
also https://www.kicksecure.com is a project that try to apply a lot of security practices on debian (it is used as base for https://www.whonix.org/), his docs and forum are full of good infos.
For learning there are many routes, I know only the "way of the monkey": nerd on computers, try stuffs, break things and, after some time, you will gain the knowledge to hack low level stuff on your Os.
There are absolutely other ways to learn this stuffs, but I dont know exactly, every person need to find his personal methods and paths.
I reccommend start hacking with arch linux because it is minimal and customizable and it has a lot of documentation and a big community to learn from.
A linux system is as secure as you make it, so a first arch installation will probably be even less secure than an ubuntu on average (lacks of mandatory acces control forexample...), but it is a good base to learn.
it is like bitcoin, the real utlimate resources to keep your bitcoin secure is to know how it works; when you have knowledge then you know what tools use and how use them.
It was actually interesting to see chromebooks mentioned on those guides, do you know whether there is a degoogled ChromeOS alternative/fork much like GrapheneOS is for android?
Would you say Alpine linux could fit as a more secure linux distro? Otherwise are there some "ready to go" linux distro that checks those characteristics?
Mmh ok, and how is BSD as a daily "distro" option? Are you limited in certain scenarios/use cases? Or are you using it for things other than a personal computer?
Ehi nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 I really like when you go into low level and security stuff on your Bitcoin.Review podcast, so I was wondering (maybe a little bit off topic) in the linux desktop world, are you a Wayland or X11 guy? Do you have some knowledge about those two options? And if so, is Wayland really necessary and useful to confine and separate windows, or the surface attacks could be so that when you have a "faulty/malicious" app it doesn't really make a difference?
nostr:npub1kvaln6tm0re4d99q9e4ma788wpvnw0jzkz595cljtfgwhldd75xsj9tkzv A few days ago I had a problem with the latest OTA update with Minibits, it now shows zero balance on all the three mints I had, plus the icon/avatar of the profile went back on using the first image it had when I installed the app the first time (the LN address seems to be correct), the app also forgot the mints. The transactions list is also displaying duplicated transactions with an error status (the actual correct transactions I had before are present). Then I tried to increase the index and also delete transactions with errors, but the balances are still zero. Today I tried to receive a LN payment using the minibits LN address and it completed successfully (sats is showing, yet no previous tokens are there), but I am getting a duplicated transaction in the list, with an error status saying "Error: Token already spent.". Sending also works and with no duplicated tx in the list.
Some other notes:
- For a brief time the wallet loaded everything and I could see the balances (with no changes on my side), but now is back into forget land
- I may have activated and deactivated local storage and encryption multiple time while I was playing around with the app in the recent days
Is anyone else experiencing this problem, is there a standard recovery process from here?
It was just a bunch of sats, so not a big deal, but I would like to solve this issue, Thanks.
nostr:npub12rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sf485vg nostr:npub1kvaln6tm0re4d99q9e4ma788wpvnw0jzkz595cljtfgwhldd75xsj9tkzv I really like the idea behind the minibits ln address to cashu mint flow, and it made me think about this: is there a way to achieve the same thing, but without being dependent from a specific wallet app (nothing against minibits in particular, I am just reasoning about this from a general point of view). So a ln address service that will lock all the received sats on a user specified cashu mint based on some logic (nostr pubkey, wallet seed, etc...). I might be saying stupid things here as I am not an expert on these topics, but I like the general idea.
How are we on Private Chat apps replacements on nostr? Are there some good ones implementing the double ratchet thing?
Thank you guys for the clarification.
I didn't tried that scenario. As far I know the tokens are on your device, not on their server.
So maybe you can "import" your mint seed into another app but not sure about the tokens you already had.
In nostr:npub1kvaln6tm0re4d99q9e4ma788wpvnw0jzkz595cljtfgwhldd75xsj9tkzv you can use multiple mints.
Ok it makes sense, so let's say that I find the way to import all the tokens on the new app, then I just need to make sure to always have at least their minibits mint as all the sats coming from the ln address will go there right?
nostr:npub1lxktpvp5cnq3wl5ctu2x88e30mc0ahh8v47qvzc5dmneqqjrzlkqpm5xlc Hi, I saw the last minibits update with support for a "@minibits.cash" LN address, and given your experience with these kind of stuff I wanted to ask you: do you know if I am forced to use their minibits app, or could I just use another cashu wallet imported from the same seed generated with minibits?
It was this post: nevent1qvzqqqqqqypzpte8562wrm20dljp9yqnnfypnvvzmsumalvas40hrq5923km5ly0qy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmwdaehgu3wdau8gu3wv3jhvtcqypuyg9wz485xtsxc9fw88zpmtl9cg4gnrn7allryac7whpn4vft8sjkvgwr
I don't think it is because of the relay choice, I think the problem here is in the "private" nature of the payment, maybe the wallet used and therefore the corresponding LN payment needs to be done in a way that is recorded as coming from the right nostr profile, so that the event can be associated with it and then be displayed/retrieved. Otherwise it is considered a "rogue" payment, but this is just my two cents.
nostr:npub12rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sf485vg Is there a way to setup a "private" cashu mint?
Let me explain in a more detailed way:
let's say I want to create a cashu mint for friends and family, is it possible to make it so that, even though it would be publicly accessible on clearnet, only them can "register" to the mint and when they pay or are payed by others, these other people (the NOT friends/family users) will not "retain" cashu tokens on this particular mint, but the payment would somehow go to one of their public mints?
I don't know if this is even possible directly on the mint or if it would require something wallet side (for example having a public plus this "private" mint where ecash are "autoswapped" to the private one).
Yeah, exactly.
Btw, I also sent you a zap (manually this time, not through Amber or NWC this time, still need to figure that stuff out), but I was just wandering, do you see something in your balance? Because I can see sats are sent, but noStrudel is not showing me anything.
Thanks, wow, It works with "direct connection" for me too.
So basically the relay at nsec.app is just the medium to make Amber and the web client talk to each other, but then it's Amber that actually signs the events and sends them back to the web client, no private keys leave Amber right?
Wait, this is cool, but I don't understand the bunker part, let's say I only have amber and nostrudel desktop, how do you login the first time on nostrudel? With your npub?
