Read Peter Turchin's "Ages of Discord" and follow up "End Times". Natalie references his theory of cliodynamics, which explains cycles of stability and instability within society by examining, among other factors, the overproduction of elites.
Really changed the way I view and understand our current moment.
1500 sats up for grabs!
nostr:nevent1qqstrd5wkluh5x9d6r9vtem9j0jevzmrr639nrknmwyyvkg8pkt5w6qpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygq7aanp6nna4lrlr9w2x29s6a55l6zrdcuurcpnd7qtclns0a6djupsgqqqqqqsg647dy
Have you checked out nostr:nprofile1qqszypfzctpjkwljjqrtya0zyjegt4jtkx0hn0dfq6v3hjecv8scedqpz3mhxue69uhhyetvv9ujuerpd46hxtnfduq3jamnwvaz7tmjv4kxz7fwdehhgetnw3skx6ewvdhk6qgdwaehxw309ahx7uewd3hkcqja0jz's https://relayrunner.org & https://relaywizard.com
When a platform is built by a for-profit entity that has raised funds, it's easy for the state to target it and pressure founders.
Open Source protocols can live past their founders.
Nostr-native crowdfunding marketplaces like fundsolvr.com are necessary.
Build the change you want to see. https://github.com/Open-Source-Justice-Foundation/Fundsolvr
nostr:nevent1qqsv2w94wgrlj6xn6q9xylcclpsa6a8k4zfexwhpujwnj0tcg3mfpcgpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qgsd3fhv7rped64g77dyf9l7ndmae9mkxdz37099cc6wyzr9jytxg7crqsqqqqqp8duz77
Great example of a "last mile" Bitcoin service. Zaprite doesnt maintain it's own lightning infrastructure or nodes. It focuses its resources on amazing invoicing and smooth payment gateways (payment "links").
Now, LSPs, wallet providers, etc dont need to build the merchant interfaces, they just focus resources on robust infrastructure and integrate with Zaprite.
Comparative advantage and collaboration. 👌
nostr:nevent1qqsz6uyg3xudud2qlu3s6x54sc62xva05a0mgnrehsa9wqhwnwvf6ggpz9mhxue69uhkummnw3ezuamfdejj7q3qclk6vc9xhjp8q5cws262wuf2eh4zuvwupft03hy4ttqqnm7e0jrqxpqqqqqqz84wn0k
Same happened to me when I issued my co-founder a payment request from company account. Square customer help line had no idea what happened, "escalated" it...and I never heard back.
Had funds locked in square checking, disputed the deposit with the bank I made deposit from and got the funds back.
It's dangerous out there on a fiat standard!
"The only thing scarcer than Bitcoin is time, so take it when you can get it." ⏳
@ODELL taking stage 15 minutes early to hold forth on importance of FOSS funding and investor incentives on a Bitcoin standard was a highlight.
I and the other 11 people listening thoroughly enjoyed it. 🤣
Matthew Green's (cryptography prof at Johns Hopkins) take on Apple's "Private Cloud Compute": https://threadreaderapp.com/thread/1800291897245835616.html?utm_campaign=topunroll
"So Apple has introduced a new system called “Private Cloud Compute” that allows your phone to offload complex (typically AI) tasks to specialized secure devices in the cloud. I’m still trying to work out what I think about this. So here’s a thread.
1/
Apple, unlike most other mobile providers, has traditionally done a lot of processing on-device. For example, all of the machine learning and OCR text recognition on Photos is done right on your device.
2/
The problem is that while modern phone “neural” hardware is improving, it’s not improving fast enough to take advantage of all the crazy features Silicon Valley wants from modern AI, including generative AI and its ilk. This fundamentally requires servers.
3/
But if you send your tasks out to servers in “the cloud” (god using quotes makes me feel 80), this means sending incredibly private data off your phone and out over the Internet. That exposes you to spying, hacking, and the data hungry business model of Silicon Valley.
4/
The solution Apple has come up with is to try to build secure and trustworthy hardware in their own data centers. Your phone can then “outsource” heavy tasks to this hardware. Seems easy, right? Well: here’s the blog post.
5/
https://security.apple.com/blog/private-cloud-compute/
TL;DR: it is not easy. Building trustworthy computers is literally the hardest problem in computer security. Honestly it’s almost the only problem in computer security. But while it remains a challenging problem, we’ve made a lot of advances. Apple is using almost all of them.
6/
The first thing Apple is doing is using all the advances they’ve made in building secure phones and PCs in their new servers. This involves using Secure Boot and a Secure Enclave Processor (SEP) to hold keys. They’ve presumably turned on all the processor security features.
7/
Then they’re throwing all kinds of processes at the server hardware to make sure the hardware isn’t tampered with. I can’t tell if this prevents hardware attacks, but it seems like a start.
8/
They also use a bunch of protections to ensure that software is legitimate. One is that the software is “stateless” and allegedly doesn’t keep information between user requests. To help ensure this, each server/node reboot re-keys and wipes all storage.
9/
A second protection is that the operating system can “attest” to the software image it’s running. Specifically, it signs a hash of the software and shares this with every phone/client. If you trust this infrastructure, you’ll know it’s running a specific piece of software.
10/
Of course, knowing that the phone is running a specific piece of software doesn’t help you if you don’t trust the software. So Apple plans to put each binary image into a “transparency log” and publish the software.
But here’s a sticky point: not with the full source code.
11/
Security researchers will get *some code* and a VM they can use to run the software. They’ll then have to reverse-engineer the binaries to see if they’re doing unexpected things. It’s a little suboptimal.
12/
When your phone wants to outsource a task, it will contact Apple and obtain a list of servers/nodes and their keys. It will then encrypt its request to all servers, and one will process it. They’re even using fancy anonymous credentials and a third part relay to hide your IP.
13/
Ok there are probably half a dozen more technical details in the blog post. It’s a very thoughtful design. Indeed, if you gave an excellent team a huge pile of money and told them to build the best “private” cloud in the world, it would probably look like this.
14/
But now the tough questions. Is it a good idea? And is it as secure as what Apple does today? And most importantly:
I admit that as I learned about this feature, it made me kind of sad. The thought that was going through my head was: this is going to be too much of a temptation. Once you can “safely” outsource tasks to the cloud, why bother doing them locally. Outsource everything!
As best I can tell, Apple does not have explicit plans to announce when your data is going off-device for to Private Compute. You won’t opt into this, you won’t necessarily even be told it’s happening. It will just happen. Magically.
I don’t love that part.
17/
Finally, there are so many invisible sharp edges that could exist in a system like this. Hardware flaws. Issues with the cryptographic attenuation framework. Clever software exploits. Many of these will be hard for security researchers to detect. That worries me too.
18/
Wrapping up on a more positive note: it’s worth keeping in mind that sometimes the perfect is the enemy of the really good.
In practice the alternative to on-device is: ship private data to OpenAI or someplace sketchier, where who knows what might happen to it.
19/
And of course, keep in mind that super-spies aren’t your biggest adversary. For many people your biggest adversary is the company who sold you your device/software. This PCC system represents a real commitment by Apple not to “peek” at your data. That’s a big deal.
20/
In any case, this is the world we’re moving to. Your phone might seem to be in your pocket, but a part of it lives 2,000 miles away in a data center. As security folks we probably need to get used to that fact, and do the best we can to make sure all parts are secure.
//fin
Addendum: “cryptographic attenuation” should read “cryptographic attestation”, but I’m sure folks will get the point."
#apple #privacy #AI
Has Fedi ever given a reason for their decision not to open source their wallet app?
I am curious what the business rationale is.
nostr:nevent1qqsdh3escytm8c94vxv4vld3f4d5xp0sl20fz0xj7vwxfusus5yc4fqpz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzq7xwd748yfjrsu5yuerm56fcn9tntmyv04w95etn0e23xrczvvraqvzqqqqqqyk9rf08
Oh, I'm not making any judgments. I know it's very difficult to build a software company 100% open source.
Just curious the business strategy there, because Fedi is targeting similar markets and users as Galoy, which is using an open source model to spread the tools where needed without restrictions.
Has Fedi ever given a reason for their decision not to open source their wallet app?
I am curious what the business rationale is.
nostr:nevent1qqsdh3escytm8c94vxv4vld3f4d5xp0sl20fz0xj7vwxfusus5yc4fqpz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzq7xwd748yfjrsu5yuerm56fcn9tntmyv04w95etn0e23xrczvvraqvzqqqqqqyk9rf08
So now users that want to use their nostr keys in two apps on Android mobile (one of the major value adds of nostr) must download a third app to sign in?
Let me know how to help. I've been exploring a developer defense fund through @Open Source Justice Foundation, as well as an Open Source Defense Network of attorneys, firms, and experts.
Also a 12-year appellate attorney capable of leading amicus work.
And privacy is a prerequisite for free speech :
“If a man's privacy can be invaded at will, who can say he is free? If his every word is taken down and evaluated, or if he is afraid every word may be, who can say he enjoys freedom of speech? If his every association is known and recorded, if the conversations with his associates are purloined, who can say he enjoys freedom of association? When such conditions obtain, our citizens will be afraid to utter any but the safest and most orthodox thoughts; afraid to associate with any but the most acceptable people. Freedom as the Constitution envisages it will have vanished.”
- Justice Douglas
“Among deprivations of rights, none is so effective in cowing a population, crushing the spirit of the individual and putting terror in every heart. Uncontrolled search and seizure is one of the first and most effective weapons in the arsenal of every arbitrary government. And one need only briefly to have dwelt and worked among a people possessed of many admirable qualities but deprived of these rights to know that the human personality deteriorates and dignity and self-reliance disappear where homes, persons and possessions are subject at any hour to unheralded search and seizure by the police.”
- Justice Robert Jackson
"In other words: the defendant, [co-defendant 1], and [co-defendant 2] are the designers, creators, and executors of [crypto-system]. As such, they are also responsible for the (consequences of the) functioning of this tool. The autonomous, immutable, and unstoppable nature of the smart contracts does not work in a way that exculpates them. After all, this is not a coincidental circumstance. These characteristics are the result of conscious choices by the designers. [Crypto-system] functions as it was conceived. In the opinion of the court, the defendant can therefore be regarded as the perpetrator of the money laundering operations carried out by [crypto-system]."
https://image.nostr.build/c55edfe5e85954cbeb90047aa0e85d99ece57958594e54441dc129c1759c1689.png
Anyone that want to protect open-source developers from prosecutorial overreach should consider donating to @Open Source Justice Foundation (OSJF.org).
Help grow the Developer Defense Fund.
Mash.com is shutting down.
Mash provided an easy way to engage in #Value4Value content on the web through its custodial lightning wallet and integrations with many major web publishing platforms like Ghost.
I used Mash on bitcoinbrief.io (BEFORE TFTC and @MartyBent, I might add!).
Another casualty of the current regulatory overreach?
https://image.nostr.build/3787049b9d32dd0f56ceceb61dbe0f1349c45046356dcf2b596aa98a22843e86.jpg
Same, they were super open to feedback from users. And they had recently brought in a digital media veteran from barstool, I believe, to take it to the next level.
Hopefully they are retrenching and going self-custodial (nostr wallet connect, Bitcoin connect) or some ecash route (like mutiny's fedimint integration).
Although, maybe nostr just eats that use case? Pretty easy to monetize content here. 💜
Investigator of Bitcoin Fog case and Roman Sterlingov. The Nigerian state is acting reprehensibly, but I'm not interested in an international incident to save this guy, who only has his binance position by hunting Bitcoin users and privacy advocates on behalf of another state.
IIRC, Sterlingov's counsel at some point during the case listed him as someone related to the case that was in the book "Tracers in the Dark", which discussed the Bitcoin fog investigation and which Sterlingov sought to introduce as evidence (or use as a basis for being able to speak publicly about the case).
But perhaps he was never directly involved in Bitcoin fog, as I cannot find anything stating as much.
Investigator of Bitcoin Fog case and Roman Sterlingov. The Nigerian state is acting reprehensibly, but I'm not interested in an international incident to save this guy, who only has his binance position by hunting Bitcoin users and privacy advocates on behalf of another state.
Who is working on @joinstr?
Can this be implemented in wallets with nostr-integration? @ZEUS@OpenSecret
Can we make every on-chain spend a coin join? @stephanlivera
No time to waste.
#asknostr
Civil disobedience is a separate tool from protest. It's also speech, but by definition unlawful. First Amendment precedent has long allowed reasonable time/place restrictions on speech.
Leaders of change movements should use civil disobedience strategically, because it comes with consequences and often creates a negative image of the movement in the public eye (i.e., the majority inclined to status quo).
Whether any particular instance of civil disobedience is morally correct depends on one's own values and beliefs. So commentators voicing preference for protest, not civil disobedience, are usually expressing their view of the change movement's goals.
He didn't sell.
It a "constructive" (legalese for imaginary) sale that happens by law when one renounces citizenship, triggering capital gains taxes on the value of assets held at that time.
It's a wealth tax designed to deter citizens of means from renouncing citizenship (the US taxes citizens earning abroad).
We've just launched @Open Source Justice Foundation this week. 501(c)(3) approved public charity dedicated to supporting and defending FOSS devs developing alternative systems (legal, financial, etc).
We're exploring starting a legal defense fund to counteract the chilling effects of these absurd prosecutions.
We'd welcome your support and advice. Happy to answer any questions and provide references. (aaron@opensourcejustice.org)
Interesting analysis of the news by cryptographer Matthew Green:
nostr:nevent1qqsx9aw9msv9m6g2jm0ea73gklpv6rl3twz5v3supctc3laj8suwt2spzdmhxw309akx7cmpd35x7um58g6rsd3eqgsdprynz204esjj4yqhhaf0jzzsvzcswe3q5kxddy3fkv0rw0hue8crqsqqqqqp34jkf7
Oddbean new post about login | logout
Notes by Aaron Daniel | export