Even if the TikTok ban were to pass, which I highly doubt it will, there's a loophole that will make sure it doesn't go into effect until after the presidential election.
Pretty obvious why that "6 month" timeline was chosen. Wouldn't want to disrupt his own campaign efforts.
If you are a #security company and you have pre-auth #SQL injection... in 2024... you are not a security company, you are a scammer.
https://www.thestack.technology/fortinet-sql-injection-new-vulnerabilities/
If I had one of these:
A.) I probably would have found these during due diligence and
B.) I'd be yeeting this into electronics recycling bin
There's an organization called the Sovereign Tech Fund.
https://www.sovereigntechfund.de
Also, they are hiring: https://www.sovereigntechfund.de/jobs#open-positions
#FOSS #jobs #OpenSource #sustainability
If they stop blocking Tor users, I'd be happy to give them a try.
I have news, which may be good or bad, depending on your perspective.
BitRefill is super easy to use! Like, no joke, REALLY easy, no account needed for ≤ $500 USD/day, only need to give them a name, email address, and payment and you get a gift card code in a few minutes. Plus it doesn't block Tor*
Good: I can spend bitcoin at retailers that don't accept bitcoin!
Bad: I am probably going to spend a fair amount of bitcoin at retailers who don't accept bitcoin. 🤣
*It doesn't allow you to buy gift cards for the US if your exit node is not in the US. There's room for improvement to be sure, but a certain competitor to BitRefill outright blocks Tor so you can't even browse what they have to offer, let alone buy anything.
I can't see anything other than DEF CON 10 here. And unless you can travel back in time, I'm pretty sure you can't go to that DC10. 😂
Oh, I have no qualms with also celebrating European Pi Day (aka Pi Approximation Day).
I also celebrate the Pi Day for the rest of the world, which is November 10th (and doesn't depend on a date format, at least in the conventional sense). Although, I guess it'll be November 9th this year.
🙂🙃🙂
PS. I find both the North American and European date formats to be silly. ISO 8601 for life!
I like this analogy a lot! I still want a solution that doesn't require learning these things, but until we have that, this is a great way to explain it.
This got me thinking, I bet a similar approach could be taken with lightning channels. It's like opening a tab at the bar. You can spend your money on food & drinks, and only get charged once.
If you wanted to sell your homemade moonshine to the bar, they could either pay you each time you deliver (akin to on-chain payments), or they could open up a tab with you (lightning channel) and settle whenever you want (close the channel).
If your both buying from and selling to the bar, both your tab and theirs could go up and down and may be open for a long time.
Reminder: tomorrow is pi day (or maybe today, depending on your timezone and how fast you see this note)
May I humbly suggest a crustless quiche for breakfast, maybe a bowl of soup for a lunch, a pizza for dinner and pie for dessert?
Have fun out there
I also see UTXO management as a problem, but the problem I see is that people have to commit time and energy into learning about the issue and taking action.
Bitcoin should be accessible to people with a low time preference.
I'd like to think lightning will save us, but that just trades out UTXO management for channel management (or custodial solutions). Hopefully LSPs + a better UX in self-custodied lightning wallets will fix this. Because I think we probably largely agree that requiring 1 billion people to have to worry about UTXO management is not viable (let alone the second billion and beyond).
So much as been said about the web of trust for the past 30 years, where do I even begin? I expect you're read the wikipedia article and are familiar with PGP key signing parties. If not, start there.
Material from the 90s is outstanding on this topic, though hard to find with modern searcch engines, which prefer new content to old. Also, much of it was never on the internet, and that which was often appeared on sites that are long gone. I did a quick search of 2600 and phrack and didn't come up with anything, but I expect this is a search failure, not a failure of those publications to carry such content. The closest I found was this https://store.2600.com/products/hope-number-six-2006-breaking-down-the-web-of-trust-download
Hal Finney wrote a little piece on the topic https://nakamotoinstitute.org/library/pgp-web-of-trust-misconceptions
The w3c has their decentralized identifiers (DID), which actually looked pretty good when I briefly looked into them. https://www.w3.org/TR/did-core/
You should also be aware of what the skeptics and critics are saying.
HOPE 2020 - A Death Blow to the Web of Trust https://infocon.org/cons/2600/HOPE%202020%20(2020)/
There's an argument that the WoT both tries to break free from reliance on the government but also depends on the government. I don't agree with this, but it's absolutely something you should be aware of. https://link.springer.com/chapter/10.1007/978-3-031-10183-0_4
If you want to go beyomd the basics, there's lots of material on roots of trust, some of which are in hardware, and the problems with said hardware. FWIW, the web of trust never went away. It's been used in many systems since **at least** the mid 90s. A good search term is PKI or public key infrastructure, perhaps combined with the buzzwords "zero trust".
If I come across any of the older materials, I'll point you to them. If you have any questions about trust models, threat models, PKI, or cryptography in general, post 'em and tag me and I'll help you out.
I've seen some people talk about being spoofed on Nostr. Someone copies their name, profile picture, and perhaps bio, but of course they have a different key and thus a different npub.
I don't really have a solution to this, but if you wanted to see how people made sure they were talking to who they thought they were taking to (without trusting any centralized website), here's how it was done in the past.
I use who I follow on nostr as a sort of web of trust. I am trusting them to post things that are interesting, informative, thought provoking of some other quality I might want a post to have for me to consider it "good". If they post some racist nonsense, I revoke that by unfollowing them. If they boost junk like that I can block the poster and eventually unfollow the booster if they're a repeat offender.
So in my mind, we kinda already have the WoT on #nostr, and to be honest, all social media.
They must be really bad at being communists, because chrony capitalism and inequality seem to be rampant.
So much as been said about the web of trust for the past 30 years, where do I even begin? I expect you're read the wikipedia article and are familiar with PGP key signing parties. If not, start there.
Material from the 90s is outstanding on this topic, though hard to find with modern searcch engines, which prefer new content to old. Also, much of it was never on the internet, and that which was often appeared on sites that are long gone. I did a quick search of 2600 and phrack and didn't come up with anything, but I expect this is a search failure, not a failure of those publications to carry such content. The closest I found was this https://store.2600.com/products/hope-number-six-2006-breaking-down-the-web-of-trust-download
Hal Finney wrote a little piece on the topic https://nakamotoinstitute.org/library/pgp-web-of-trust-misconceptions
The w3c has their decentralized identifiers (DID), which actually looked pretty good when I briefly looked into them. https://www.w3.org/TR/did-core/
You should also be aware of what the skeptics and critics are saying.
HOPE 2020 - A Death Blow to the Web of Trust https://infocon.org/cons/2600/HOPE%202020%20(2020)/
There's an argument that the WoT both tries to break free from reliance on the government but also depends on the government. I don't agree with this, but it's absolutely something you should be aware of. https://link.springer.com/chapter/10.1007/978-3-031-10183-0_4
If you want to go beyomd the basics, there's lots of material on roots of trust, some of which are in hardware, and the problems with said hardware. FWIW, the web of trust never went away. It's been used in many systems since **at least** the mid 90s. A good search term is PKI or public key infrastructure, perhaps combined with the buzzwords "zero trust".
If I come across any of the older materials, I'll point you to them. If you have any questions about trust models, threat models, PKI, or cryptography in general, post 'em and tag me and I'll help you out.
I said some things about the Web of Trust security model.
#infosec people, help me out here.
There was an idea where you'd select people you trust for a certain domain, and then check to see if they reviewed #software and attested that it is "good" in some way.
For example, maybe you trust me to verify #security, but someone else to speak to the #performance, and maybe a third person of #usability or something.
This is something I've heard at lobbycons all over the place, but never seen it formally presented, or implemented.
Does anyone know if progress has been made on this concept? Has it been tried and failed? Am I the only one who remembers people talking about this at the hotel bars?
Feel free to follow me too. These are things I find fun and so they come up in my posts from time to time. 🙂
So much as been said about the web of trust for the past 30 years, where do I even begin? I expect you're read the wikipedia article and are familiar with PGP key signing parties. If not, start there.
Material from the 90s is outstanding on this topic, though hard to find with modern searcch engines, which prefer new content to old. Also, much of it was never on the internet, and that which was often appeared on sites that are long gone. I did a quick search of 2600 and phrack and didn't come up with anything, but I expect this is a search failure, not a failure of those publications to carry such content. The closest I found was this https://store.2600.com/products/hope-number-six-2006-breaking-down-the-web-of-trust-download
Hal Finney wrote a little piece on the topic https://nakamotoinstitute.org/library/pgp-web-of-trust-misconceptions
The w3c has their decentralized identifiers (DID), which actually looked pretty good when I briefly looked into them. https://www.w3.org/TR/did-core/
You should also be aware of what the skeptics and critics are saying.
HOPE 2020 - A Death Blow to the Web of Trust https://infocon.org/cons/2600/HOPE%202020%20(2020)/
There's an argument that the WoT both tries to break free from reliance on the government but also depends on the government. I don't agree with this, but it's absolutely something you should be aware of. https://link.springer.com/chapter/10.1007/978-3-031-10183-0_4
If you want to go beyomd the basics, there's lots of material on roots of trust, some of which are in hardware, and the problems with said hardware. FWIW, the web of trust never went away. It's been used in many systems since **at least** the mid 90s. A good search term is PKI or public key infrastructure, perhaps combined with the buzzwords "zero trust".
If I come across any of the older materials, I'll point you to them. If you have any questions about trust models, threat models, PKI, or cryptography in general, post 'em and tag me and I'll help you out.
🤔 That zap amount might be a great way to meet local people. Very clever!
Absolutely devastated. I cannot find my nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl
Who took it!?
https://video.nostr.build/d9126c4ceb3e22938130dcc147c219e21a4dbe633b9e58fdb5a750ff6076e267.mp4
I think I saw if fall into a lake while you were out sailing.
You need an algorithm!
🤣 and with that, I'll see myself out. GN everyone.
Just another update on this to keep me honest: I now have a full nodenthat is syncing blocks.
The VM I deployed is in my test network, but everything is automated, so deloying to a production machine should be easy. I've also filed feature requests to the person who wrote (and hopefully maintains) the automation code to deploy a full node.
The full node is just a first step on the way to the fully automated deployment of a lightning node.
Stay tuned. I may be slow, but I won't let you down (even if this has already been more work than I thought Inwas signing up for).