eff.org/deeplinks/2018/12/new-

> Ian Levy, GCHQ’s Technical Director, recently posted on the Lawfare blog what GCHQ wants tech companies to do. Buried in a post full of justifications [...], Levy explained that GCHQ wants secure messaging services, like WhatsApp, Signal, Wire, and iMessage, to create deceitful user interfaces that hide who private messages are being sent to.

This is bad, really really bad.
Like evilcorp 1.0 joining evilcorp 2.0
blog.mozilla.org/blog/2018/12/

We already saw DRM pushed through the W3C so it's now an 'open standard' (WTF) and this will be just the start.
Remember how aweful ActiveX was? Google is already creating 'standards' to recreate that shit to integrate the browser (deeper) into the OS. Exactly what ActiveX did too 😞

Some people seem to be giving the US gov the middle finger with their blacklisted addresses 😆
See ccn.com/people-are-still-sendi

One of those (unconfirmed) tx is 61fea39f4f22e3190fc48c24047c9e52a7a37e2f2d03c242eed016921830e044
Visible on various block explorers, but not on blockstream.info ... 🤔

Pro tip spree on the fascinating and deceptively complex task of asking someone (knowledgeable) for help on an issue/error/problem of yours:

People are natural problem solvers. You can take advantage of this by making the right preparations and asking the right questions.

It's 28th of October and everybody is celebrating the 100th anniversary of Czechoslovakia. Meanwhile, I am finalizing the new firmware for Trezor, which will be released tomorrow. Independent organizational structures built on top of a truly decentralized economy are the future!

This is a WIP from qubenix, mentioned on IRC. Uses Qubes and exploits the ability in joinmarket-clientserver to run the communications daemon in joinmarket as a separate/isolated process from the joinmarket wallet:

gist.github.com/qubenix/70987c

(As I say, it was currently presented as a WIP so no claims of it working, as I haven't tested it at all).

The ability to do stuff like this was one of the motivations for the refactoring of the code, so, cool to see.

TWRP -> LineageOS -> f-droid -> termux -> proot -> debian

Installing a decent OS keeps getting easier & easier or something.

@rysiek $5000 is not as bad as what's proposed in Australia: $50,000 and/or 5 years in prison for refusing to provide phone and laptop passwords.

It seems like AU+NZ are testing grounds for new 5eyes surveillance legislation. Find the approach which provides the least pushback, then other countries can cite the new law to institute it elsewhere.

Are you going to Amsterdam Privacy Conference this month?

#OfCourseNot

Clear and simple explanation why you should not support this event.

data-activism.net/2018/09/why-

#APC 2018

I do think (far) more test should be written and also think more controls (double compilation like on Debian, more tested ACKs, etc) should be employed. And/or a careful audit/examination of the code is probably a good idea too.

But I think that essentially the process is sound and the response quick, so abandoning development of L1 is premature. And we'd also not have cool things like Schnorr.

Ossification should be a deliberate action, not a panic response because a (severe) bug was found.

Another thought:

CVE-2018-17144 seems to have freaked out several people. Yes it was a severe bug.
On the bird site, it looks like Pierre Rochard suggested (twitter.com/pierre_rochard/sta) stopping development on L1 and instead do all development on L2.
If you then (shortly thereafter) see twitter.com/alexbosworth/statu you could see that as him advocating for the same thing.

This seems a bit over the top to me as I don't think L1 is ready yet and neither is L2.
Am I wrong?

I'm interested in hearing opinions in fixing important bugs, like CVE-2018-17144.

The PR that fixed it is titled "Fix crash bug with duplicate inputs within a transaction" and the "Consensus" label attached to it.
This can alert a potential attacker to do an attack before the fix is deployed.

When Bitcoin ABC had an important bug, the PR/commit was titled ~"refactoring code", which has the upside of obfuscation, so more time for deployment.

The 2nd approach seems reasonable to me. Am I wrong?

“Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.”

- Eric Hughes, A Cypherpunk’s manifesto.

A reminder to STOP RUNNING versions of bitcoin affected by CVE-2018-17144 A.S.A.P.: these are:
- 0.14.0 to 0.16.2
- 0.17.0rc1 to 3

Upgrade to 0.16.3 if possible!

A patched 0.14 version is underway, v0.17.0rc4 and v0.15.2 have been tagged, binaries are coming—for now use the branch or apply one-line patch github.com/bitcoin/bitcoin/com

Any altcoins/forks based on this code should also apply the above patch ASAP and do a release! The importance of this cannot be overstated.

liffy 💜
@lifning
roses are red
violets are blue
in surveillance capitalism
poem reads you

and shows you ads
for flower shops
and tracks your clicks
and never stops

it cares not about
if privacy's harmed
the money is green
when people are farmed

twitter is cyan
facebook is blue
your friends are the product
and so are you

I reckon it's right about time to start boycotting Google. With the recent AMP and anti-URL crap, it's clear to see they are abusing their monopoly.

Let's stop using and recommending Chrome by default and set your default search engine to DuckDuckGo (or similar). Turn on your adblocker to starve them of income (Better Blocker is good as heck).

The best way to send a message to a corporation is to take their income from them, so do whatever you can to do that.

hankchizljaw.io/notes/26/

Show more
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!