I mean it won’t work in a browser anyway? Noise definitely the way to go if you’re building something without compat, and this won’t get compat anyway 

 Modern btrfs is fine (more likely to catch a hardware error than lose your data). It was bad like a decade ago but… 

 Please don’t buy testnet coins. If they get a price, we get testnet5. 

 Asking in IRC, generally 🤷‍♂️ 

 Then we fucked up testnet4, should have premined it so that it’s not scarce, and need to have a testnet5 :) 

 Not “intentionally”, just some miners got excited when it was still a PR. 

 Is it? I’m not really aware of much use of testnet to “interact with others”. Testnet lightning has been totally useless for years, and I’m not really sure what else there is? 

 That doesn’t mean you’re doing it with a broader community, though? There’s basically zero liquidity in testnet3 lightning (or where there is it’s entirely one-sided). Every time I’ve tried to use it I’ve had to open a direct channel and kinda the only destination is yalls anyway? 

 Cool! I’m admittedly pretty surprised by that, but…cool! Most of the joint-testing I’ve seen done is on various signets (mutinynet is pretty common, signet og too, etc), and having multiple testnets that different groups use seems fine? The whole point of testnets is that they don’t have value, though… 

 If you’re running a bunch of testing infra and mostly working with partners, I’d absolutely recommend your own signet! 

 Wait I understood from your above comment that you were looking for a testnet on which you can test your software with your partners. Where are you currently testing software with “competitors”?

In general it seems testnet fragmented a while ago. All the testing I’ve seen done for a year or so has all been on mutinynet (or more often mainnet lol) 🤷‍♂️. 

 I agree that would be great! But sadly the last decade or so of Bitcoin testnet has demonstrated that people mostly aren’t willing to put on the effort required to do so (which is very substantial!). 

 Honestly I always take that as my watch insulting my fitness…. And usually it’s right 😭 

 Man how have I still not been on the pod. 

 You make an assumption that the only strategic goals sought are to eliminate actual Hezzbolah positions. It’s probably true, but I definitely wouldn’t say anything more than “probably” given Netenyahu’s domestic political risks and need for continued escalation if he wants to avoid jail for old corruption charges. 

 And maybe much more importantly here is the desire to reduce press coverage. After all one of Hamas’ key aims (less so for Hezbollah, but also there too) is to make Israel look bad on the global stage (to reduce long-term support for them from western militaries). In a war zone there’s always things that look bad, so Israel has strongly preferred to not have press or reporting of their actions on the battlefield. 

 I wasn’t claiming at all there’s a winning strategy here, quite the opposite in fact, there we strongly agree. (Maybe “the only winning strategy is not to play”, but of course that’s a losing strategy for Netenyahu, irrespective of how one might play that strategy to the benefit of the Israeli and other people).

I wasn’t referring to the overall volume of coverage, though, but rather coverage of realities on the ground, which is something we get fairly little of (even war journalists have limits). Embedded journalists generally only see really limited stuff (because no one wants an embedded journalist to die, so you limit where you bring them!), so I generally write them off entirely.

Rather the coverage I was referring to would be non-embedded journalists or UN reporting within its own formal channels. Non-embedded journalists have been hit a lot by Israeli troops, though of course it’s hard to tell whether they’re being hit more or less than the average person in active warzones in Gaza.

I wasn’t claiming any specific motivation here, just noting that you made a very large leap with the “well presumably intelligence said Hezbollah was using that site”, when there are many other reasons to strike a site.

Sadly, “just wait” isn’t a realistic approach in this conflict because basically no past event ever gets “resolved” - there’s what the IDF says and what Al Jazeera says and what Hamas says and I have yet to see any followup on anything. Even the “we’re launching an investigation” line we’ve heard from the IDF a handful of times appears to always result in internal investigations and no public comments (I believe with only one exception that I’ve seen). Sadly, public opinion is very much a battlefield in this conflict, much more so than in most others, so I don’t think that’s gonna change. 

 Given the only other observers to the incident are confident it was no accident (and it follows several related incidents), I would not carry a default judgement here. There are absolutely strategic reasons Israel would have to fire on a UN position, even if they’re a bit more tenuous than the reason of “bad intelligence”.

And, yea, I’m sure we’ll never know much more. https://image.nostr.build/c78e3554a1f5bd46ca946ed13dd0a5bad70242fb602154dc01d48daf647c4172.jpg  

 Not to mention it follows a week or more of Israel explicitly telling Unfil that they should leave, the idea that commanders may wish to ramp up pressure isn’t unreasonable. 

 Also apparently the IDF isn’t even claiming it was an intelligence error? https://image.nostr.build/110e17a8792ef0c9b437a4ffa26e8bb03c2d14baba57eab4884eaa0c98b55154.jpg  

 I’m a bit puzzled by your claim here. The IDF has had ample opportunity to respond to these events, and has not claimed that they thought Hezbollah was present at the UN positions in this case. If it were the case that they thought that, by now they absolutely would have, yet you keep bringing it up as a likely reason?

More generally, Unfil has never had a mandate of removing Hezbollah positions in southern Lebanon (that’s the Lebanese army/government’s job, of which there basically isn’t one of either). Their mandate is only to monitor. Their specific mandate is to “allow” everything and tell the UN about it.

I’m frankly puzzled about your arguments here. 

 Hmm? The IDF comments on lots of specific cases. Not everything, certainly, but when things make big news headlines, I’ve generally seen comments.

Anyway, not sure arguing relative percentages is worth it - I’m still really confused why you are talking a *default* stance of “the IDF is right not the UN” rather than a default stance of “I dunno, could go either way, both stances have reasonable motivation”. I fear you are falling into the “all conflicts must have a good guy and because the other side are obviously not it, Israel must be it, and can do no wrong” fallacy that is all too common in conflicts. 

 That is not the only instance they’re talking about. That’s just the new one from today. Here’s three specific instances the UN is objecting to, all from the Guardian article from yesterday. https://image.nostr.build/59b14a3f73dd32ecb9be35a9f3890c5431ac781fe929f277b40dec4c99bb1bf3.jpg https://image.nostr.build/e1352d1c5a75f8cd05feb8922ae13cb8b61461b67b565cbcad36ea1563ba4843.jpg https://image.nostr.build/83cb8200c759a80ec4a7872674de1e14074d3596f69e309c4034256ef4b63074.jpg  

 Yea, that’s an entirely plausible argument for why they’re targeting the UN (but you’d think they’d ask them to stop, assuming they are, first). But you spent ten posts here arguing that “probably they’re sheltering Hezbollah” without any evidence and now jump to another argument because the first didn’t fit the facts.

I’d really strongly recommend you check your biases here. 

 I mean that’s literally Unfil’s mandate - to watch what happens so they can encourage both sides to reduce tensions and tell the UN who’s job is to do the same? 

 The allegation last time wasn’t that they were specifically “sharing with Hezbollah”, but rather that they were putting it on their website, doing so indirectly. Same net outcome, of course, but I don’t see it on their website today.

You’re, again, assuming that Unfil is interacting directly with Hezbollah to assist them, which is a pretty major assumption. Given there are two perfectly reasonable assumptions here - that or that the IDF does not wish the UN to monitor their actions to prevent them from generating further war reports (given the “anti-Israel bias” the IDF has explicitly alleged the UN has), and given we have no other information or claims from the IDF, I’m still at a total loss for why you’re taking one assumption as almost certain and the other as almost impossible. 

 Ugh, threading sucks. But, sure priors or bias whatever. My point is even given the history of that border and the current statements from the IDF, I don’t see why you take one possible reason as so much more likely that the other here.

nostr:nevent1qqs9rf3l98qskzz4f7c44t2tc4tc8k0qeqw679aty0gzuj4ct9hf8ccpzamhxue69uhkummnw3ezuendwsh8w6t69e3xj7spr3mhxue69uhkummnw3ezumt4w35ku7thv9kxcet59e3k7mgpp4mhxue69uhkummn9ekx7mqpz3mhxue69uhkummnw3ezummcw3ezuer9wcj0349r 

 Ah, I think the disagreement is more on fundamental analysis of the conflict. I’m not suggesting any kind of ethics analysis, but rather that PR is a *major* component in this war, in a way that it isn’t in most other conflicts. Again, a key goal of organizations which seek to destroy Israel is to reduce their standing in the western world, making it less likely they receive lethal aid in the coming decades (and giving these organizations a bigger fighting chance in a decade). This makes negative PR more than just something that looks bad and much more a key part of this fight, strengthening a proportionality argument for shooting towards UN positions (especially when trying to avoid UN personnel). The IDF absolutely understands this, or at least its leadership does, and academic military analysis has given this some treatment.

This is also why I maintain that Israel has been resoundingly losing its war with Hamas since day one, but that’s a very different discussion. 

 A short-term PR hit trying to force the UN to leave may or may not be worse for PR than the reports of actions in the field over the following months. One is very short-term and the other is very much not.

But really I guess that’s where we just agree to disagree on priors. Sadly, given the evidence of the last six months, I’m not very confident that the IDF is as conservative on decisions of proportionality or care as they were a decade (or two) ago. All evidence points to even close allies having very serious (non-public) questions on proportionality on a regular basis, and given the civilian leadership (who decide military leadership) for the last decade(ish) I don’t find that particularly surprising :(. 

 Satoshi’s doing well, thanks. 

 Tradeoff, but with Alby the routing is done on the client side so if you self-host they can’t trivially see where the payment is going. They can do timing correlation with other information but that’s a much more involved attack. Sadly, today, Phoenix does routing on the server side so they see the payment destination in the clear.

As for esplora, yea, it’s not ideal, but if you’re using a fixed LSP it doesn’t matter - the LSP knows all your on-chain info anyway, and ideally your payments are lightning so the on-chain information isn’t “the interesting part” (aside from any on-chain setup deposits). 

 Fair, Wasabi built something good too, and certainly succeeded in user adoption in a way JoinMarket never did (sadly, though for many reasons), but if we jump to a theoretical world where they both have an equal user base, I know which one I’m picking. 

 Everyone with any tech chops always wrote off Samorai as a joke. The only reason people weren’t vocal about it is cause of how toxic all the asshats who loved it were. None of this means they should go to prison, but getting charged doesn’t mean you were the best, just the loudest and stupidest. 

 Yes I, a fed, am working hard to undermine an app that no longer functions. 

 Clearly you just need to commit to give more bitcoin talks at Linux conferences :) 

 Err, sorry FERC. 

 Ah, I guess I was misinformed. FERC allows DC ties without triggering FERC oversight (though it seems like an obvious thing for a future overzealous federal government to change). 

 It’s literally front page news. It’s a big deal, but it’s definitely getting reported lol. 

 I still use a 5 year old Apple Watch because there have been no new features worth spending a dollar for. 

 (And, to be clear, if we want to avoid onion messages you could still do BOLT 12 over nostr, though I’d generally recommend against for privacy reasons) 

 I mean as a simple v1 we could just replace it with BOLT 12 as-is? It’s pretty simple to swap in, and BOLT 12’s reusability + proof of payment means you could still announce the zap on nostr. 

 I’ve seen lots of people argue it’s terrible while suggesting alternatives that don’t provide the important features it offers…. And no one suggesting alternatives that do.

Of course also most of the arguments against it I’ve seen have been lazy af (eg “tor is slow so onion messages will be”…. Ignoring that they’re a totally different design lol).

But…Maybe just install Phoenix and try it? :) 

 The website is open-source, though currently entirely static…IIUC to do those changes it would have to no longer be static :/ 

 Easy-peasy 

 Yea, I don’t think I buy that we’ll be able to get our act together enough to start cryptographically signing things for reasonable authenticity. My hot take is this actually drives people back to mainstream media as arbiters of truth. 

 I can’t, cause others never shipped a fix so I shouldn’t disclose issues that aren’t mine. 

 Not as a full-timer, but I’ve helped several hardware wallets in the design stage and have built Bitcoin wallets (and basically every other kind of Bitcoin protocol) over the past ~14 years. 

 Yea, I mean it’s not like anti-exfil is perfect it doesn’t have UX challenges in some specific use cases, would be great to have someone who doesn’t use it on, eg the Jade folks only use it when plugged in, not in air gapped mode. 

 Any method of cooperatively building a nonce (eg stuff things do for FROST, it’s the same problem). 

 It’s also implemented in secp256k1-zkp. 

 If you sign on two devices and check that they match, yes, that addresses the issue, but now you have two devices with your seed and a very annoying UX (that might also fail due to fine signature grinding differences).

Really HWWs need to implement anti-exfil and generate keys with computer randomness - there’s no excuse for the fact that hardware wallets are trusted, they don’t need to be! 

 The issue with exfil is that the computer can’t detect whether the nonce is malicious or not, so it can’t block the attack. What you really want is for the nonce used to sign to be provably random, by simply having the computer add some of its own randomness to nonce, plus some deterministic message+pk hash from the hardware wallet (ala 6979). That way the HWW cannot exfil.

While you’re at it you should also include randomness from the computer in the seed generation process so that the private keys themselves don’t rely on only the HWW.

Neither of these are complicated, FROST is built around the same kind of nonce agreement protocol and including the randomness from the computer in key gen is just a matter of adding a second private key. 

 Yea, someone probably should. Probably one of the hardware wallet vendors who are complaining that there’s no standard and that’s why they never bothered to implement it (nevermind that it’s implemented in secp256k1-zkp and can be done at the HWI driver layer, but indeed it’s be better as a PSBT field). 

 Sadly no implementation exists for Taproot AFAIK, but the BitBox folks have a PR to secp256k1-zkp at least. 

 Nope. 

 Multisig is, passphrase is not. 

 With verified software, much better than most hardware wallets. 

 nostr:nevent1qqswpqgdzswxs7c46u9sg4lzg9v2s63gx9ney9ghwqh5pslut6qz4kgpramhxue69uhkummnw3ez6un9d3shjtnzd96xxmmfdchxu6twdfssz9mhwden5te0dehhxarj9enx6apwwa5h5tnzd9aqzynhwden5te0danxvcmgv95kutnsw43qz8rhwden5te0dehhxarj9ekh2arfdeuhwctvd3jhgtnrdaksqu5896 

 Yes, hence why I’d call them “incompetent bordering on malicious” :) 

 A Laptop is not a device purpose-built to store millions of dollars in bearer-assets. It’s a much less juicy target. 

 That’s not a scalable attack. In that model the attacker has to be kinda nearby when you use the HWW. 

 You can just download those software packages once and rarely upgrade and you’re safe. Unlike a compromised HWW which can lie to you about the status of its firmware. 

 No? Sparrow supports anti-exfil with BitBox Afaiu. 

 Except you aren’t…it’s very (cryptographically) easy to build a hardware wallet which cannot steal your coins*! But no one does, that’s absurd!

* without cooperating with your computer/phone. 

 AFAIU you can implement it entirely in the driver rather than in the wallet itself (BitBox apparently did this for their HWI driver). 

 In theory, but I’m not sure if you can transmit arbitrary messages over that without being Apple. 

 You can definitely include a GSM chip for cheap, but now the device board actually looks visually different, which people can identify, even if admittedly relatively few would. Still, if you did this en-masse it’d likely be discovered before too long, whereas a malicious firmware likely would not. 

 My point was I’m not sure you can pretend you’re *any* devices without being an Apple device. In any case nostr:nevent1qqsqac7czr2hk05gkf0l5s59tg3tz8xyspn9ea7aqxrvg9pswev8y8spzfmhxue69uhk7enxvd5xz6tw9ec82cspz3mhxue69uhkummnw3ezummcw3ezuer9wcq3gamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7qglwaehxw309ahx7um5wgkhyetvv9ujucnfw33k76tw9ehxjmn2vy728fpa 

 I understand the data to be signed and tied to an Apple ID. It may well also be tied to some per-device factory-sealed key. I mean you can always buy 256 real AirTags but hardware modifications are much more likely to be detected than software ones. 

 I mean the power available to do that from inside a hardware wallet is probably not gonna make it far enough for much anyone to do much with it, doubly so if you only have a relatively limited time to get it through before you run out of power.