> Ian Levy, GCHQ’s Technical Director, recently posted on the Lawfare blog what GCHQ wants tech companies to do. Buried in a post full of justifications [...], Levy explained that GCHQ wants secure messaging services, like WhatsApp, Signal, Wire, and iMessage, to create deceitful user interfaces that hide who private messages are being sent to.
"A 100% libre RISC-V + 3D GPU chip for mobile devices"
This is bad, really really bad.
Like evilcorp 1.0 joining evilcorp 2.0
We already saw DRM pushed through the W3C so it's now an 'open standard' (WTF) and this will be just the start.
Remember how aweful ActiveX was? Google is already creating 'standards' to recreate that shit to integrate the browser (deeper) into the OS. Exactly what ActiveX did too 😞
The internet of dystopian shit:
Some people seem to be giving the US gov the middle finger with their blacklisted addresses 😆
One of those (unconfirmed) tx is 61fea39f4f22e3190fc48c24047c9e52a7a37e2f2d03c242eed016921830e044
Visible on various block explorers, but not on blockstream.info ... 🤔
This is a WIP from qubenix, mentioned on IRC. Uses Qubes and exploits the ability in joinmarket-clientserver to run the communications daemon in joinmarket as a separate/isolated process from the joinmarket wallet:
(As I say, it was currently presented as a WIP so no claims of it working, as I haven't tested it at all).
The ability to do stuff like this was one of the motivations for the refactoring of the code, so, cool to see.
@rysiek $5000 is not as bad as what's proposed in Australia: $50,000 and/or 5 years in prison for refusing to provide phone and laptop passwords.
It seems like AU+NZ are testing grounds for new 5eyes surveillance legislation. Find the approach which provides the least pushback, then other countries can cite the new law to institute it elsewhere.
Are you going to Amsterdam Privacy Conference this month?
Clear and simple explanation why you should not support this event.
I do think (far) more test should be written and also think more controls (double compilation like on Debian, more tested ACKs, etc) should be employed. And/or a careful audit/examination of the code is probably a good idea too.
But I think that essentially the process is sound and the response quick, so abandoning development of L1 is premature. And we'd also not have cool things like Schnorr.
Ossification should be a deliberate action, not a panic response because a (severe) bug was found.
CVE-2018-17144 seems to have freaked out several people. Yes it was a severe bug.
On the bird site, it looks like Pierre Rochard suggested (https://twitter.com/pierre_rochard/status/1043161897082777600) stopping development on L1 and instead do all development on L2.
If you then (shortly thereafter) see https://twitter.com/alexbosworth/status/1043208692198301696 you could see that as him advocating for the same thing.
This seems a bit over the top to me as I don't think L1 is ready yet and neither is L2.
Am I wrong?
I'm interested in hearing opinions in fixing important bugs, like CVE-2018-17144.
The PR that fixed it is titled "Fix crash bug with duplicate inputs within a transaction" and the "Consensus" label attached to it.
This can alert a potential attacker to do an attack before the fix is deployed.
When Bitcoin ABC had an important bug, the PR/commit was titled ~"refactoring code", which has the upside of obfuscation, so more time for deployment.
The 2nd approach seems reasonable to me. Am I wrong?
“Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.”
- Eric Hughes, A Cypherpunk’s manifesto.
A reminder to STOP RUNNING versions of bitcoin affected by CVE-2018-17144 A.S.A.P.: these are:
- 0.14.0 to 0.16.2
- 0.17.0rc1 to 3
Upgrade to 0.16.3 if possible!
A patched 0.14 version is underway, v0.17.0rc4 and v0.15.2 have been tagged, binaries are coming—for now use the branch or apply one-line patch https://github.com/bitcoin/bitcoin/commit/4b8a3f5d235f40be8102506ab26caad005cc40d6
Any altcoins/forks based on this code should also apply the above patch ASAP and do a release! The importance of this cannot be overstated.
Bitcoin Core 0.16.3 was released:
Contains a vulnerability fix, please upgrade as soon as possible
roses are red
violets are blue
in surveillance capitalism
poem reads you
and shows you ads
for flower shops
and tracks your clicks
and never stops
it cares not about
if privacy's harmed
the money is green
when people are farmed
twitter is cyan
facebook is blue
your friends are the product
and so are you
I reckon it's right about time to start boycotting Google. With the recent AMP and anti-URL crap, it's clear to see they are abusing their monopoly.
Let's stop using and recommending Chrome by default and set your default search engine to DuckDuckGo (or similar). Turn on your adblocker to starve them of income (Better Blocker is good as heck).
The best way to send a message to a corporation is to take their income from them, so do whatever you can to do that.