@ eac63075:b4988b48

Based on a recent paper that included collaboration from renowned experts such as Lynn Alden, Steve Lee, and Ren Crypto Fish, we discuss in depth how Bitcoin's consensus is built, the main risks, and the complex dynamics of protocol upgrades.

PT-BR version

Podcast https://www.fountain.fm/episode/wbjD6ntQuvX5u2G5BccC

Presentation https://gamma.app/docs/Analyzing-Bitcoin-Consensus-Risks-in-Protocol-Upgrades-p66axxjwaa37ksn

1. Introduction to Consensus in Bitcoin

Consensus in Bitcoin is the foundation that keeps the network secure and functional, allowing users worldwide to perform transactions in a decentralized manner without the need for intermediaries. Since its launch in 2009, Bitcoin is often described as an "immutable" system designed to resist changes, and it is precisely this resistance that ensures its security and stability.

The central idea behind consensus in Bitcoin is to create a set of acceptance rules for blocks and transactions, ensuring that all network participants agree on the transaction history. This prevents "double-spending," where the same bitcoin could be used in two simultaneous transactions, something that would compromise trust in the network.

Evolution of Consensus in Bitcoin

Over the years, consensus in Bitcoin has undergone several adaptations, and the way participants agree on changes remains a delicate process. Unlike traditional systems, where changes can be imposed from the top down, Bitcoin operates in a decentralized model where any significant change needs the support of various groups of stakeholders, including miners, developers, users, and large node operators.

Moreover, the update process is extremely cautious, as hasty changes can compromise the network's security. As a result, the philosophy of "don't fix what isn't broken" prevails, with improvements happening incrementally and only after broad consensus among those involved. This model can make progress seem slow but ensures that Bitcoin remains faithful to the principles of security and decentralization.

---

2. Technical Components of Consensus

Bitcoin's consensus is supported by a set of technical rules that determine what is considered a valid transaction and a valid block on the network. These technical aspects ensure that all nodes—the computers that participate in the Bitcoin network—agree on the current state of the blockchain. Below are the main technical components that form the basis of the consensus.

Validation of Blocks and Transactions

The validation of blocks and transactions is the central point of consensus in Bitcoin. A block is only considered valid if it meets certain criteria, such as maximum size, transaction structure, and the solving of the "Proof of Work" problem. The proof of work, required for a block to be included in the blockchain, is a computational process that ensures the block contains significant computational effort—protecting the network against manipulation attempts.

Transactions, in turn, need to follow specific input and output rules. Each transaction includes cryptographic signatures that prove the ownership of the bitcoins sent, as well as validation scripts that verify if the transaction conditions are met. This validation system is essential for network nodes to autonomously confirm that each transaction follows the rules.

Chain Selection

Another fundamental technical issue for Bitcoin's consensus is chain selection, which becomes especially important in cases where multiple versions of the blockchain coexist, such as after a network split (fork). To decide which chain is the "true" one and should be followed, the network adopts the criterion of the highest accumulated proof of work. In other words, the chain with the highest number of valid blocks, built with the greatest computational effort, is chosen by the network as the official one.

This criterion avoids permanent splits because it encourages all nodes to follow the same main chain, reinforcing consensus.

Soft Forks vs. Hard Forks

In the consensus process, protocol changes can happen in two ways: through soft forks or hard forks. These variations affect not only the protocol update but also the implications for network users:

• Soft Forks: These are changes that are backward compatible. Only nodes that adopt the new update will follow the new rules, but old nodes will still recognize the blocks produced with these rules as valid. This compatibility makes soft forks a safer option for updates, as it minimizes the risk of network division.

• Hard Forks: These are updates that are not backward compatible, requiring all nodes to update to the new version or risk being separated from the main chain. Hard forks can result in the creation of a new coin, as occurred with the split between Bitcoin and Bitcoin Cash in 2017. While hard forks allow for deeper changes, they also bring significant risks of network fragmentation.

These technical components form the base of Bitcoin's security and resilience, allowing the system to remain functional and immutable without losing the necessary flexibility to evolve over time.

---

3. Stakeholders in Bitcoin's Consensus

Consensus in Bitcoin is not decided centrally. On the contrary, it depends on the interaction between different groups of stakeholders, each with their motivations, interests, and levels of influence. These groups play fundamental roles in how changes are implemented or rejected on the network. Below, we explore the six main stakeholders in Bitcoin's consensus.

1. Economic Nodes

Economic nodes, usually operated by exchanges, custody providers, and large companies that accept Bitcoin, exert significant influence over consensus. Because they handle large volumes of transactions and act as a connection point between the Bitcoin ecosystem and the traditional financial system, these nodes have the power to validate or reject blocks and to define which version of the software to follow in case of a fork.

Their influence is proportional to the volume of transactions they handle, and they can directly affect which chain will be seen as the main one. Their incentive is to maintain the network's stability and security to preserve its functionality and meet regulatory requirements.

2. Investors

Investors, including large institutional funds and individual Bitcoin holders, influence consensus indirectly through their impact on the asset's price. Their buying and selling actions can affect Bitcoin's value, which in turn influences the motivation of miners and other stakeholders to continue investing in the network's security and development.

Some institutional investors have agreements with custodians that may limit their ability to act in network split situations. Thus, the impact of each investor on consensus can vary based on their ownership structure and how quickly they can react to a network change.

3. Media Influencers

Media influencers, including journalists, analysts, and popular personalities on social media, have a powerful role in shaping public opinion about Bitcoin and possible updates. These influencers can help educate the public, promote debates, and bring transparency to the consensus process.

On the other hand, the impact of influencers can be double-edged: while they can clarify complex topics, they can also distort perceptions by amplifying or minimizing change proposals. This makes them a force both of support and resistance to consensus.

4. Miners

Miners are responsible for validating transactions and including blocks in the blockchain. Through computational power (hashrate), they also exert significant influence over consensus decisions. In update processes, miners often signal their support for a proposal, indicating that the new version is safe to use. However, this signaling is not always definitive, and miners can change their position if they deem it necessary.

Their incentive is to maximize returns from block rewards and transaction fees, as well as to maintain the value of investments in their specialized equipment, which are only profitable if the network remains stable.

5. Protocol Developers

Protocol developers, often called "Core Developers," are responsible for writing and maintaining Bitcoin's code. Although they do not have direct power over consensus, they possess an informal veto power since they decide which changes are included in the main client (Bitcoin Core). This group also serves as an important source of technical knowledge, helping guide decisions and inform other stakeholders.

Their incentive lies in the continuous improvement of the network, ensuring security and decentralization. Many developers are funded by grants and sponsorships, but their motivations generally include a strong ideological commitment to Bitcoin's principles.

6. Users and Application Developers

This group includes people who use Bitcoin in their daily transactions and developers who build solutions based on the network, such as wallets, exchanges, and payment platforms. Although their power in consensus is less than that of miners or economic nodes, they play an important role because they are responsible for popularizing Bitcoin's use and expanding the ecosystem.

If application developers decide not to adopt an update, this can affect compatibility and widespread acceptance. Thus, they indirectly influence consensus by deciding which version of the protocol to follow in their applications.

These stakeholders are vital to the consensus process, and each group exerts influence according to their involvement, incentives, and ability to act in situations of change. Understanding the role of each makes it clearer how consensus is formed and why it is so difficult to make significant changes to Bitcoin.

---

4. Mechanisms for Activating Updates in Bitcoin

For Bitcoin to evolve without compromising security and consensus, different mechanisms for activating updates have been developed over the years. These mechanisms help coordinate changes among network nodes to minimize the risk of fragmentation and ensure that updates are implemented in an orderly manner. Here, we explore some of the main methods used in Bitcoin, their advantages and disadvantages, as well as historical examples of significant updates.

Flag Day

The Flag Day mechanism is one of the simplest forms of activating changes. In it, a specific date or block is determined as the activation moment, and all nodes must be updated by that point. This method does not involve prior signaling; participants simply need to update to the new software version by the established day or block.

• Advantages: Simplicity and predictability are the main benefits of Flag Day, as everyone knows the exact activation date.

• Disadvantages: Inflexibility can be a problem because there is no way to adjust the schedule if a significant part of the network has not updated. This can result in network splits if a significant number of nodes are not ready for the update.

An example of Flag Day was the Pay to Script Hash (P2SH) update in 2012, which required all nodes to adopt the change to avoid compatibility issues.

BIP34 and BIP9

BIP34 introduced a more dynamic process, in which miners increase the version number in block headers to signal the update. When a predetermined percentage of the last blocks is mined with this new version, the update is automatically activated. This model later evolved with BIP9, which allowed multiple updates to be signaled simultaneously through "version bits," each corresponding to a specific change.

• Advantages: Allows the network to activate updates gradually, giving more time for participants to adapt.

• Disadvantages: These methods rely heavily on miner support, which means that if a sufficient number of miners do not signal the update, it can be delayed or not implemented.

BIP9 was used in the activation of SegWit (BIP141) but faced challenges because some miners did not signal their intent to activate, leading to the development of new mechanisms.

User Activated Soft Forks (UASF) and User Resisted Soft Forks (URSF)

To increase the decision-making power of ordinary users, the concept of User Activated Soft Fork (UASF) was introduced, allowing node operators, not just miners, to determine consensus for a change. In this model, nodes set a date to start rejecting blocks that are not in compliance with the new update, forcing miners to adapt or risk having their blocks rejected by the network.

URSF, in turn, is a model where nodes reject blocks that attempt to adopt a specific update, functioning as resistance against proposed changes.

• Advantages: UASF returns decision-making power to node operators, ensuring that changes do not depend solely on miners.

• Disadvantages: Both UASF and URSF can generate network splits, especially in cases of strong opposition among different stakeholders.

An example of UASF was the activation of SegWit in 2017, where users supported activation independently of miner signaling, which ended up forcing its adoption.

BIP8 (LOT=True)

BIP8 is an evolution of BIP9, designed to prevent miners from indefinitely blocking a change desired by the majority of users and developers. BIP8 allows setting a parameter called "lockinontimeout" (LOT) as true, which means that if the update has not been fully signaled by a certain point, it is automatically activated.

• Advantages: Ensures that changes with broad support among users are not blocked by miners who wish to maintain the status quo.

• Disadvantages: Can lead to network splits if miners or other important stakeholders do not support the update.

Although BIP8 with LOT=True has not yet been used in Bitcoin, it is a proposal that can be applied in future updates if necessary.

These activation mechanisms have been essential for Bitcoin's development, allowing updates that keep the network secure and functional. Each method brings its own advantages and challenges, but all share the goal of preserving consensus and network cohesion.

---

5. Risks and Considerations in Consensus Updates

Consensus updates in Bitcoin are complex processes that involve not only technical aspects but also political, economic, and social considerations. Due to the network's decentralized nature, each change brings with it a set of risks that need to be carefully assessed. Below, we explore some of the main challenges and future scenarios, as well as the possible impacts on stakeholders.

Network Fragility with Alternative Implementations

One of the main risks associated with consensus updates is the possibility of network fragmentation when there are alternative software implementations. If an update is implemented by a significant group of nodes but rejected by others, a network split (fork) can occur. This creates two competing chains, each with a different version of the transaction history, leading to unpredictable consequences for users and investors.

Such fragmentation weakens Bitcoin because, by dividing hashing power (computing) and coin value, it reduces network security and investor confidence. A notable example of this risk was the fork that gave rise to Bitcoin Cash in 2017 when disagreements over block size resulted in a new chain and a new asset.

Chain Splits and Impact on Stakeholders

Chain splits are a significant risk in update processes, especially in hard forks. During a hard fork, the network is split into two separate chains, each with its own set of rules. This results in the creation of a new coin and leaves users with duplicated assets on both chains. While this may seem advantageous, in the long run, these splits weaken the network and create uncertainties for investors.

Each group of stakeholders reacts differently to a chain split:

• Institutional Investors and ETFs: Face regulatory and compliance challenges because many of these assets are managed under strict regulations. The creation of a new coin requires decisions to be made quickly to avoid potential losses, which may be hampered by regulatory constraints.

• Miners: May be incentivized to shift their computing power to the chain that offers higher profitability, which can weaken one of the networks.

• Economic Nodes: Such as major exchanges and custody providers, have to quickly choose which chain to support, influencing the perceived value of each network.

Such divisions can generate uncertainties and loss of value, especially for institutional investors and those who use Bitcoin as a store of value.

Regulatory Impacts and Institutional Investors

With the growing presence of institutional investors in Bitcoin, consensus changes face new compliance challenges. Bitcoin ETFs, for example, are required to follow strict rules about which assets they can include and how chain split events should be handled. The creation of a new asset or migration to a new chain can complicate these processes, creating pressure for large financial players to quickly choose a chain, affecting the stability of consensus.

Moreover, decisions regarding forks can influence the Bitcoin futures and derivatives market, affecting perception and adoption by new investors. Therefore, the need to avoid splits and maintain cohesion is crucial to attract and preserve the confidence of these investors.

Security Considerations in Soft Forks and Hard Forks

While soft forks are generally preferred in Bitcoin for their backward compatibility, they are not without risks. Soft forks can create different classes of nodes on the network (updated and non-updated), which increases operational complexity and can ultimately weaken consensus cohesion. In a network scenario with fragmentation of node classes, Bitcoin's security can be affected, as some nodes may lose part of the visibility over updated transactions or rules.

In hard forks, the security risk is even more evident because all nodes need to adopt the new update to avoid network division. Experience shows that abrupt changes can create temporary vulnerabilities, in which malicious agents try to exploit the transition to attack the network.

Bounty Claim Risks and Attack Scenarios

Another risk in consensus updates are so-called "bounty claims"—accumulated rewards that can be obtained if an attacker manages to split or deceive a part of the network. In a conflict scenario, a group of miners or nodes could be incentivized to support a new update or create an alternative version of the software to benefit from these rewards.

These risks require stakeholders to carefully assess each update and the potential vulnerabilities it may introduce. The possibility of "bounty claims" adds a layer of complexity to consensus because each interest group may see a financial opportunity in a change that, in the long term, may harm network stability.

The risks discussed above show the complexity of consensus in Bitcoin and the importance of approaching it gradually and deliberately. Updates need to consider not only technical aspects but also economic and social implications, in order to preserve Bitcoin's integrity and maintain trust among stakeholders.

---

6. Recommendations for the Consensus Process in Bitcoin

To ensure that protocol changes in Bitcoin are implemented safely and with broad support, it is essential that all stakeholders adopt a careful and coordinated approach. Here are strategic recommendations for evaluating, supporting, or rejecting consensus updates, considering the risks and challenges discussed earlier, along with best practices for successful implementation.

1. Careful Evaluation of Proposal Maturity

Stakeholders should rigorously assess the maturity level of a proposal before supporting its implementation. Updates that are still experimental or lack a robust technical foundation can expose the network to unnecessary risks. Ideally, change proposals should go through an extensive testing phase, have security audits, and receive review and feedback from various developers and experts.

2. Extensive Testing in Secure and Compatible Networks

Before an update is activated on the mainnet, it is essential to test it on networks like testnet and signet, and whenever possible, on other compatible networks that offer a safe and controlled environment to identify potential issues. Testing on networks like Litecoin was fundamental for the safe launch of innovations like SegWit and the Lightning Network, allowing functionalities to be validated on a lower-impact network before being implemented on Bitcoin.

The Liquid Network, developed by Blockstream, also plays an important role as an experimental network for new proposals, such as OP_CAT. By adopting these testing environments, stakeholders can mitigate risks and ensure that the update is reliable and secure before being adopted by the main network.

3. Importance of Stakeholder Engagement

The success of a consensus update strongly depends on the active participation of all stakeholders. This includes economic nodes, miners, protocol developers, investors, and end users. Lack of participation can lead to inadequate decisions or even future network splits, which would compromise Bitcoin's security and stability.

4. Key Questions for Evaluating Consensus Proposals

To assist in decision-making, each group of stakeholders should consider some key questions before supporting a consensus change:

• Does the proposal offer tangible benefits for Bitcoin's security, scalability, or usability?
• Does it maintain backward compatibility or introduce the risk of network split?
• Are the implementation requirements clear and feasible for each group involved?
• Are there clear and aligned incentives for all stakeholder groups to accept the change?

5. Coordination and Timing in Implementations

Timing is crucial. Updates with short activation windows can force a split because not all nodes and miners can update simultaneously. Changes should be planned with ample deadlines to allow all stakeholders to adjust their systems, avoiding surprises that could lead to fragmentation.

Mechanisms like soft forks are generally preferable to hard forks because they allow a smoother transition. Opting for backward-compatible updates when possible facilitates the process and ensures that nodes and miners can adapt without pressure.

6. Continuous Monitoring and Re-evaluation

After an update, it's essential to monitor the network to identify problems or side effects. This continuous process helps ensure cohesion and trust among all participants, keeping Bitcoin as a secure and robust network.

These recommendations, including the use of secure networks for extensive testing, promote a collaborative and secure environment for Bitcoin's consensus process. By adopting a deliberate and strategic approach, stakeholders can preserve Bitcoin's value as a decentralized and censorship-resistant network.

---

7. Conclusion

Consensus in Bitcoin is more than a set of rules; it's the foundation that sustains the network as a decentralized, secure, and reliable system. Unlike centralized systems, where decisions can be made quickly, Bitcoin requires a much more deliberate and cooperative approach, where the interests of miners, economic nodes, developers, investors, and users must be considered and harmonized. This governance model may seem slow, but it is fundamental to preserving the resilience and trust that make Bitcoin a global store of value and censorship-resistant.

Consensus updates in Bitcoin must balance the need for innovation with the preservation of the network's core principles. The development process of a proposal needs to be detailed and rigorous, going through several testing stages, such as in testnet, signet, and compatible networks like Litecoin and Liquid Network. These networks offer safe environments for proposals to be analyzed and improved before being launched on the main network.

Each proposed change must be carefully evaluated regarding its maturity, impact, backward compatibility, and support among stakeholders. The recommended key questions and appropriate timing are critical to ensure that an update is adopted without compromising network cohesion. It's also essential that the implementation process is continuously monitored and re-evaluated, allowing adjustments as necessary and minimizing the risk of instability.

By following these guidelines, Bitcoin's stakeholders can ensure that the network continues to evolve safely and robustly, maintaining user trust and further solidifying its role as one of the most resilient and innovative digital assets in the world. Ultimately, consensus in Bitcoin is not just a technical issue but a reflection of its community and the values it represents: security, decentralization, and resilience.

---

8. Links

Whitepaper: https://github.com/bitcoin-cap/bcap

Youtube (pt-br): https://www.youtube.com/watch?v=rARycAibl9o&list=PL-qnhF0qlSPkfhorqsREuIu4UTbF0h4zb

@ eac63075:b4988b48

The future of physical money is at stake, and the discussion about DREX, the new digital currency planned by the Central Bank of Brazil, is gaining momentum. In a candid and intense conversation, Federal Deputy Julia Zanatta (PL/SC) discussed the challenges and risks of this digital transition, also addressing her Bill No. 3,341/2024, which aims to prevent the extinction of physical currency. This bill emerges as a direct response to legislative initiatives seeking to replace physical money with digital alternatives, limiting citizens' options and potentially compromising individual freedom. Let's delve into the main points of this conversation.

https://www.fountain.fm/episode/i5YGJ9Ors3PkqAIMvNQ0

(PT-BR version here)

What is a CBDC?

Before discussing the specifics of DREX, it’s important to understand what a CBDC (Central Bank Digital Currency) is. CBDCs are digital currencies issued by central banks, similar to a digital version of physical money. Unlike cryptocurrencies such as Bitcoin, which operate in a decentralized manner, CBDCs are centralized and regulated by the government. In other words, they are digital currencies created and controlled by the Central Bank, intended to replace physical currency.

A prominent feature of CBDCs is their programmability. This means that the government can theoretically set rules about how, where, and for what this currency can be used. This aspect enables a level of control over citizens' finances that is impossible with physical money. By programming the currency, the government could limit transactions by setting geographical or usage restrictions. In practice, money within a CBDC could be restricted to specific spending or authorized for use in a defined geographical area.

In countries like China, where citizen actions and attitudes are also monitored, a person considered to have a "low score" due to a moral or ideological violation may have their transactions limited to essential purchases, restricting their digital currency use to non-essential activities. This financial control is strengthened because, unlike physical money, digital currency cannot be exchanged anonymously.

Practical Example: The Case of DREX During the Pandemic

To illustrate how DREX could be used, an example was given by Eric Altafim, director of Banco Itaú. He suggested that, if DREX had existed during the COVID-19 pandemic, the government could have restricted the currency’s use to a 5-kilometer radius around a person’s residence, limiting their economic mobility. Another proposed use by the executive related to the Bolsa Família welfare program: the government could set up programming that only allows this benefit to be used exclusively for food purchases. Although these examples are presented as control measures for safety or organization, they demonstrate how much a CBDC could restrict citizens' freedom of choice.

To illustrate the potential for state control through a Central Bank Digital Currency (CBDC), such as DREX, it is helpful to look at the example of China. In China, the implementation of a CBDC coincides with the country’s Social Credit System, a governmental surveillance tool that assesses citizens' and companies' behavior. Together, these technologies allow the Chinese government to monitor, reward, and, above all, punish behavior deemed inappropriate or threatening to the government.

How Does China's Social Credit System Work?

Implemented in 2014, China's Social Credit System assigns every citizen and company a "score" based on various factors, including financial behavior, criminal record, social interactions, and even online activities. This score determines the benefits or penalties each individual receives and can affect everything from public transport access to obtaining loans and enrolling in elite schools for their children. Citizens with low scores may face various sanctions, including travel restrictions, fines, and difficulty in securing loans.

With the adoption of the CBDC — or “digital yuan” — the Chinese government now has a new tool to closely monitor citizens' financial transactions, facilitating the application of Social Credit System penalties. China’s CBDC is a programmable digital currency, which means that the government can restrict how, when, and where the money can be spent. Through this level of control, digital currency becomes a powerful mechanism for influencing citizens' behavior.

Imagine, for instance, a citizen who repeatedly posts critical remarks about the government on social media or participates in protests. If the Social Credit System assigns this citizen a low score, the Chinese government could, through the CBDC, restrict their money usage in certain areas or sectors. For example, they could be prevented from buying tickets to travel to other regions, prohibited from purchasing certain consumer goods, or even restricted to making transactions only at stores near their home.

Another example of how the government can use the CBDC to enforce the Social Credit System is by monitoring purchases of products such as alcohol or luxury items. If a citizen uses the CBDC to spend more than the government deems reasonable on such products, this could negatively impact their social score, resulting in additional penalties such as future purchase restrictions or a lowered rating that impacts their personal and professional lives.

In China, this kind of control has already been demonstrated in several cases. Citizens added to Social Credit System “blacklists” have seen their spending and investment capacity severely limited. The combination of digital currency and social scores thus creates a sophisticated and invasive surveillance system, through which the Chinese government controls important aspects of citizens’ financial lives and individual freedoms.

Deputy Julia Zanatta views these examples with great concern. She argues that if the state has full control over digital money, citizens will be exposed to a level of economic control and surveillance never seen before. In a democracy, this control poses a risk, but in an authoritarian regime, it could be used as a powerful tool of repression.

DREX and Bill No. 3,341/2024

Julia Zanatta became aware of a bill by a Workers' Party (PT) deputy (Bill 4068/2020 by Deputy Reginaldo Lopes - PT/MG) that proposes the extinction of physical money within five years, aiming for a complete transition to DREX, the digital currency developed by the Central Bank of Brazil. Concerned about the impact of this measure, Julia drafted her bill, PL No. 3,341/2024, which prohibits the elimination of physical money, ensuring citizens the right to choose physical currency.

“The more I read about DREX, the less I want its implementation,” says the deputy. DREX is a Central Bank Digital Currency (CBDC), similar to other state digital currencies worldwide, but which, according to Julia, carries extreme control risks. She points out that with DREX, the State could closely monitor each citizen’s transactions, eliminating anonymity and potentially restricting freedom of choice. This control would lie in the hands of the Central Bank, which could, in a crisis or government change, “freeze balances or even delete funds directly from user accounts.”

Risks and Individual Freedom

Julia raises concerns about potential abuses of power that complete digitalization could allow. In a democracy, state control over personal finances raises serious questions, and EddieOz warns of an even more problematic future. “Today we are in a democracy, but tomorrow, with a government transition, we don't know if this kind of power will be used properly or abused,” he states. In other words, DREX gives the State the ability to restrict or condition the use of money, opening the door to unprecedented financial surveillance.

EddieOz cites Nigeria as an example, where a CBDC was implemented, and the government imposed severe restrictions on the use of physical money to encourage the use of digital currency, leading to protests and clashes in the country. In practice, the poorest and unbanked — those without regular access to banking services — were harshly affected, as without physical money, many cannot conduct basic transactions. Julia highlights that in Brazil, this situation would be even more severe, given the large number of unbanked individuals and the extent of rural areas where access to technology is limited.

The Relationship Between DREX and Pix

The digital transition has already begun with Pix, which revolutionized instant transfers and payments in Brazil. However, Julia points out that Pix, though popular, is a citizen’s choice, while DREX tends to eliminate that choice. The deputy expresses concern about new rules suggested for Pix, such as daily transaction limits of a thousand reais, justified as anti-fraud measures but which, in her view, represent additional control and a profit opportunity for banks. “How many more rules will banks create to profit from us?” asks Julia, noting that DREX could further enhance control over personal finances.

International Precedents and Resistance to CBDC

The deputy also cites examples from other countries resisting the idea of a centralized digital currency. In the United States, states like New Hampshire have passed laws to prevent the advance of CBDCs, and leaders such as Donald Trump have opposed creating a national digital currency. Trump, addressing the topic, uses a justification similar to Julia’s: in a digitalized system, “with one click, your money could disappear.” She agrees with the warning, emphasizing the control risk that a CBDC represents, especially for countries with disadvantaged populations.

Besides the United States, Canada, Colombia, and Australia have also suspended studies on digital currencies, citing the need for further discussions on population impacts. However, in Brazil, the debate on DREX is still limited, with few parliamentarians and political leaders openly discussing the topic. According to Julia, only she and one or two deputies are truly trying to bring this discussion to the Chamber, making DREX’s advance even more concerning.

Bill No. 3,341/2024 and Popular Pressure

For Julia, her bill is a first step. Although she acknowledges that ideally, it would prevent DREX's implementation entirely, PL 3341/2024 is a measure to ensure citizens' choice to use physical money, preserving a form of individual freedom. “If the future means control, I prefer to live in the past,” Julia asserts, reinforcing that the fight for freedom is at the heart of her bill.

However, the deputy emphasizes that none of this will be possible without popular mobilization. According to her, popular pressure is crucial for other deputies to take notice and support PL 3341. “I am only one deputy, and we need the public’s support to raise the project’s visibility,” she explains, encouraging the public to press other parliamentarians and ask them to “pay attention to PL 3341 and the project that prohibits the end of physical money.” The deputy believes that with a strong awareness and pressure movement, it is possible to advance the debate and ensure Brazilians’ financial freedom.

What’s at Stake?

Julia Zanatta leaves no doubt: DREX represents a profound shift in how money will be used and controlled in Brazil. More than a simple modernization of the financial system, the Central Bank’s CBDC sets precedents for an unprecedented level of citizen surveillance and control in the country. For the deputy, this transition needs to be debated broadly and transparently, and it’s up to the Brazilian people to defend their rights and demand that the National Congress discuss these changes responsibly.

The deputy also emphasizes that, regardless of political or partisan views, this issue affects all Brazilians. “This agenda is something that will affect everyone. We need to be united to ensure people understand the gravity of what could happen.” Julia believes that by sharing information and generating open debate, it is possible to prevent Brazil from following the path of countries that have already implemented a digital currency in an authoritarian way.

A Call to Action

The future of physical money in Brazil is at risk. For those who share Deputy Julia Zanatta’s concerns, the time to act is now. Mobilize, get informed, and press your representatives. PL 3341/2024 is an opportunity to ensure that Brazilian citizens have a choice in how to use their money, without excessive state interference or surveillance.

In the end, as the deputy puts it, the central issue is freedom. “My fear is that this project will pass, and people won’t even understand what is happening.” Therefore, may every citizen at least have the chance to understand what’s at stake and make their voice heard in defense of a Brazil where individual freedom and privacy are respected values.

@ eac63075:b4988b48

Imagine sending a private message to a friend, only to learn that authorities could be scanning its contents without your knowledge. This isn't a scene from a dystopian novel but a potential reality under the European Union's proposed "Chat Control" measures. Aimed at combating serious crimes like child exploitation and terrorism, these proposals could significantly impact the privacy of everyday internet users. As encrypted messaging services become the norm for personal and professional communication, understanding Chat Control is essential. This article delves into what Chat Control entails, why it's being considered, and how it could affect your right to private communication.

https://www.fountain.fm/episode/coOFsst7r7mO1EP1kSzV

https://open.spotify.com/episode/0IZ6kMExfxFm4FHg5DAWT8?si=e139033865e045de

Sections:

• Introduction
• What Is Chat Control?
• Why Is the EU Pushing for Chat Control?
• The Privacy Concerns and Risks
• The Technical Debate: Encryption and Backdoors
• Global Reactions and the Debate in Europe
• Possible Consequences for Messaging Services
• What Happens Next? The Future of Chat Control
• Conclusion

---

What Is Chat Control?

"Chat Control" refers to a set of proposed measures by the European Union aimed at monitoring and scanning private communications on messaging platforms. The primary goal is to detect and prevent the spread of illegal content, such as child sexual abuse material (CSAM) and to combat terrorism. While the intention is to enhance security and protect vulnerable populations, these proposals have raised significant privacy concerns.

At its core, Chat Control would require messaging services to implement automated scanning technologies that can analyze the content of messages—even those that are end-to-end encrypted. This means that the private messages you send to friends, family, or colleagues could be subject to inspection by algorithms designed to detect prohibited content.

Origins of the Proposal

The initiative for Chat Control emerged from the EU's desire to strengthen its digital security infrastructure. High-profile cases of online abuse and the use of encrypted platforms by criminal organizations have prompted lawmakers to consider more invasive surveillance tactics. The European Commission has been exploring legislation that would make it mandatory for service providers to monitor communications on their platforms.

How Messaging Services Work

Most modern messaging apps, like Signal, Session, SimpleX, Veilid, Protonmail and Tutanota (among others), use end-to-end encryption (E2EE). This encryption ensures that only the sender and the recipient can read the messages being exchanged. Not even the service providers can access the content. This level of security is crucial for maintaining privacy in digital communications, protecting users from hackers, identity thieves, and other malicious actors.

Key Elements of Chat Control

• Automated Content Scanning: Service providers would use algorithms to scan messages for illegal content.
• Circumvention of Encryption: To scan encrypted messages, providers might need to alter their encryption methods, potentially weakening security.
• Mandatory Reporting: If illegal content is detected, providers would be required to report it to authorities.
• Broad Applicability: The measures could apply to all messaging services operating within the EU, affecting both European companies and international platforms.

Why It Matters

Understanding Chat Control is essential because it represents a significant shift in how digital privacy is handled. While combating illegal activities online is crucial, the methods proposed could set a precedent for mass surveillance and the erosion of privacy rights. Everyday users who rely on encrypted messaging for personal and professional communication might find their conversations are no longer as private as they once thought.

---

Why Is the EU Pushing for Chat Control?

The European Union's push for Chat Control stems from a pressing concern to protect its citizens, particularly children, from online exploitation and criminal activities. With the digital landscape becoming increasingly integral to daily life, the EU aims to strengthen its ability to combat serious crimes facilitated through online platforms.

Protecting Children and Preventing Crime

One of the primary motivations behind Chat Control is the prevention of child sexual abuse material (CSAM) circulating on the internet. Law enforcement agencies have reported a significant increase in the sharing of illegal content through private messaging services. By implementing Chat Control, the EU believes it can more effectively identify and stop perpetrators, rescue victims, and deter future crimes.

Terrorism is another critical concern. Encrypted messaging apps can be used by terrorist groups to plan and coordinate attacks without detection. The EU argues that accessing these communications could be vital in preventing such threats and ensuring public safety.

Legal Context and Legislative Drivers

The push for Chat Control is rooted in several legislative initiatives:

• ePrivacy Directive: This directive regulates the processing of personal data and the protection of privacy in electronic communications. The EU is considering amendments that would allow for the scanning of private messages under specific circumstances.

• Temporary Derogation: In 2021, the EU adopted a temporary regulation permitting voluntary detection of CSAM by communication services. The current proposals aim to make such measures mandatory and more comprehensive.

• Regulation Proposals: The European Commission has proposed regulations that would require service providers to detect, report, and remove illegal content proactively. This would include the use of technologies to scan private communications.

Balancing Security and Privacy

EU officials argue that the proposed measures are a necessary response to evolving digital threats. They emphasize the importance of staying ahead of criminals who exploit technology to harm others. By implementing Chat Control, they believe law enforcement can be more effective without entirely dismantling privacy protections.

However, the EU also acknowledges the need to balance security with fundamental rights. The proposals include provisions intended to limit the scope of surveillance, such as:

• Targeted Scanning: Focusing on specific threats rather than broad, indiscriminate monitoring.

• Judicial Oversight: Requiring court orders or oversight for accessing private communications.

• Data Protection Safeguards: Implementing measures to ensure that data collected is handled securely and deleted when no longer needed.

The Urgency Behind the Push

High-profile cases of online abuse and terrorism have heightened the sense of urgency among EU policymakers. Reports of increasing online grooming and the widespread distribution of illegal content have prompted calls for immediate action. The EU posits that without measures like Chat Control, these problems will continue to escalate unchecked.

Criticism and Controversy

Despite the stated intentions, the push for Chat Control has been met with significant criticism. Opponents argue that the measures could be ineffective against savvy criminals who can find alternative ways to communicate. There is also concern that such surveillance could be misused or extended beyond its original purpose.

---

The Privacy Concerns and Risks

While the intentions behind Chat Control focus on enhancing security and protecting vulnerable groups, the proposed measures raise significant privacy concerns. Critics argue that implementing such surveillance could infringe on fundamental rights and set a dangerous precedent for mass monitoring of private communications.

Infringement on Privacy Rights

At the heart of the debate is the right to privacy. By scanning private messages, even with automated tools, the confidentiality of personal communications is compromised. Users may no longer feel secure sharing sensitive information, fearing that their messages could be intercepted or misinterpreted by algorithms.

Erosion of End-to-End Encryption

End-to-end encryption (E2EE) is a cornerstone of digital security, ensuring that only the sender and recipient can read the messages exchanged. Chat Control could necessitate the introduction of "backdoors" or weaken encryption protocols, making it easier for unauthorized parties to access private data. This not only affects individual privacy but also exposes communications to potential cyber threats.

Concerns from Privacy Advocates

Organizations like Signal and Tutanota, which offer encrypted messaging services, have voiced strong opposition to Chat Control. They warn that undermining encryption could have far-reaching consequences:

• Security Risks: Weakening encryption makes systems more vulnerable to hacking, espionage, and cybercrime.
• Global Implications: Changes in EU regulations could influence policies worldwide, leading to a broader erosion of digital privacy.
• Ineffectiveness Against Crime: Determined criminals might resort to other, less detectable means of communication, rendering the measures ineffective while still compromising the privacy of law-abiding citizens.

Potential for Government Overreach

There is a fear that Chat Control could lead to increased surveillance beyond its original scope. Once the infrastructure for scanning private messages is in place, it could be repurposed or expanded to monitor other types of content, stifling free expression and dissent.

Real-World Implications for Users

• False Positives: Automated scanning technologies are not infallible and could mistakenly flag innocent content, leading to unwarranted scrutiny or legal consequences for users.
• Chilling Effect: Knowing that messages could be monitored might discourage people from expressing themselves freely, impacting personal relationships and societal discourse.
• Data Misuse: Collected data could be vulnerable to leaks or misuse, compromising personal and sensitive information.

Legal and Ethical Concerns

Privacy advocates also highlight potential conflicts with existing laws and ethical standards:

• Violation of Fundamental Rights: The European Convention on Human Rights and other international agreements protect the right to privacy and freedom of expression.
• Questionable Effectiveness: The ethical justification for such invasive measures is challenged if they do not significantly improve safety or if they disproportionately impact innocent users.

Opposition from Member States and Organizations

Countries like Germany and organizations such as the European Digital Rights (EDRi) have expressed opposition to Chat Control. They emphasize the need to protect digital privacy and caution against hasty legislation that could have unintended consequences.

---

The Technical Debate: Encryption and Backdoors

The discussion around Chat Control inevitably leads to a complex technical debate centered on encryption and the potential introduction of backdoors into secure communication systems. Understanding these concepts is crucial to grasping the full implications of the proposed measures.

What Is End-to-End Encryption (E2EE)?

End-to-end encryption is a method of secure communication that prevents third parties from accessing data while it's transferred from one end system to another. In simpler terms, only the sender and the recipient can read the messages. Even the service providers operating the messaging platforms cannot decrypt the content.

• Security Assurance: E2EE ensures that sensitive information—be it personal messages, financial details, or confidential business communications—remains private.
• Widespread Use: Popular messaging apps like Signal, Session, SimpleX, Veilid, Protonmail and Tutanota (among others) rely on E2EE to protect user data.

How Chat Control Affects Encryption

Implementing Chat Control as proposed would require messaging services to scan the content of messages for illegal material. To do this on encrypted platforms, providers might have to:

• Introduce Backdoors: Create a means for third parties (including the service provider or authorities) to access encrypted messages.
• Client-Side Scanning: Install software on users' devices that scans messages before they are encrypted and sent, effectively bypassing E2EE.

The Risks of Weakening Encryption

1. Compromised Security for All Users

Introducing backdoors or client-side scanning tools can create vulnerabilities:

• Exploitable Gaps: If a backdoor exists, malicious actors might find and exploit it, leading to data breaches.
• Universal Impact: Weakening encryption doesn't just affect targeted individuals; it potentially exposes all users to increased risk.

2. Undermining Trust in Digital Services

• User Confidence: Knowing that private communications could be accessed might deter people from using digital services or push them toward unregulated platforms.
• Business Implications: Companies relying on secure communications might face increased risks, affecting economic activities.

3. Ineffectiveness Against Skilled Adversaries

• Alternative Methods: Criminals might shift to other encrypted channels or develop new ways to avoid detection.
• False Sense of Security: Weakening encryption could give the impression of increased safety while adversaries adapt and continue their activities undetected.

Signal’s Response and Stance

Signal, a leading encrypted messaging service, has been vocal in its opposition to the EU's proposals:

• Refusal to Weaken Encryption: Signal's CEO Meredith Whittaker has stated that the company would rather cease operations in the EU than compromise its encryption standards.
• Advocacy for Privacy: Signal emphasizes that strong encryption is essential for protecting human rights and freedoms in the digital age.

Understanding Backdoors

A "backdoor" in encryption is an intentional weakness inserted into a system to allow authorized access to encrypted data. While intended for legitimate use by authorities, backdoors pose several problems:

• Security Vulnerabilities: They can be discovered and exploited by unauthorized parties, including hackers and foreign governments.
• Ethical Concerns: The existence of backdoors raises questions about consent and the extent to which governments should be able to access private communications.

The Slippery Slope Argument

Privacy advocates warn that introducing backdoors or mandatory scanning sets a precedent:

• Expanded Surveillance: Once in place, these measures could be extended to monitor other types of content beyond the original scope.
• Erosion of Rights: Gradual acceptance of surveillance can lead to a significant reduction in personal freedoms over time.

Potential Technological Alternatives

Some suggest that it's possible to fight illegal content without undermining encryption:

• Metadata Analysis: Focusing on patterns of communication rather than content.
• Enhanced Reporting Mechanisms: Encouraging users to report illegal content voluntarily.
• Investing in Law Enforcement Capabilities: Strengthening traditional investigative methods without compromising digital security.

The technical community largely agrees that weakening encryption is not the solution:

• Consensus on Security: Strong encryption is essential for the safety and privacy of all internet users.
• Call for Dialogue: Technologists and privacy experts advocate for collaborative approaches that address security concerns without sacrificing fundamental rights.

---

Global Reactions and the Debate in Europe

The proposal for Chat Control has ignited a heated debate across Europe and beyond, with various stakeholders weighing in on the potential implications for privacy, security, and fundamental rights. The reactions are mixed, reflecting differing national perspectives, political priorities, and societal values.

Support for Chat Control

Some EU member states and officials support the initiative, emphasizing the need for robust measures to combat online crime and protect citizens, especially children. They argue that:

• Enhanced Security: Mandatory scanning can help law enforcement agencies detect and prevent serious crimes.
• Responsibility of Service Providers: Companies offering communication services should play an active role in preventing their platforms from being used for illegal activities.
• Public Safety Priorities: The protection of vulnerable populations justifies the implementation of such measures, even if it means compromising some aspects of privacy.

Opposition within the EU

Several countries and organizations have voiced strong opposition to Chat Control, citing concerns over privacy rights and the potential for government overreach.

Germany

• Stance: Germany has been one of the most vocal opponents of the proposed measures.
• Reasons:
• Constitutional Concerns: The German government argues that Chat Control could violate constitutional protections of privacy and confidentiality of communications.
• Security Risks: Weakening encryption is seen as a threat to cybersecurity.
• Legal Challenges: Potential conflicts with national laws protecting personal data and communication secrecy.

Netherlands

• Recent Developments: The Dutch government decided against supporting Chat Control, emphasizing the importance of encryption for security and privacy.
• Arguments:
• Effectiveness Doubts: Skepticism about the actual effectiveness of the measures in combating crime.
• Negative Impact on Privacy: Concerns about mass surveillance and the infringement of citizens' rights.

Table reference: Patrick Breyer - Chat Control in 23 September 2024

Privacy Advocacy Groups

European Digital Rights (EDRi)

• Role: A network of civil and human rights organizations working to defend rights and freedoms in the digital environment.
• Position:
• Strong Opposition: EDRi argues that Chat Control is incompatible with fundamental rights.
• Awareness Campaigns: Engaging in public campaigns to inform citizens about the potential risks.
• Policy Engagement: Lobbying policymakers to consider alternative approaches that respect privacy.

Politicians and Activists

Patrick Breyer

• Background: A Member of the European Parliament (MEP) from Germany, representing the Pirate Party.
• Actions:
• Advocacy: Actively campaigning against Chat Control through speeches, articles, and legislative efforts.
• Public Outreach: Using social media and public events to raise awareness.
• Legal Expertise: Highlighting the legal inconsistencies and potential violations of EU law.

Global Reactions

International Organizations

• Human Rights Watch and Amnesty International: These organizations have expressed concerns about the implications for human rights, urging the EU to reconsider.

Technology Companies

• Global Tech Firms: Companies like Apple and Microsoft are monitoring the situation, as EU regulations could affect their operations and user trust.
• Industry Associations: Groups representing tech companies have issued statements highlighting the risks to innovation and competitiveness.

The Broader Debate

The controversy over Chat Control reflects a broader struggle between security interests and privacy rights in the digital age. Key points in the debate include:

• Legal Precedents: How the EU's decision might influence laws and regulations in other countries.
• Digital Sovereignty: The desire of nations to control digital spaces within their borders.
• Civil Liberties: The importance of protecting freedoms in the face of technological advancements.

Public Opinion

• Diverse Views: Surveys and public forums show a range of opinions, with some citizens prioritizing security and others valuing privacy above all.
• Awareness Levels: Many people are still unaware of the potential changes, highlighting the need for public education on the issue.

The EU is at a crossroads, facing the challenge of addressing legitimate security concerns without undermining the fundamental rights that are central to its values. The outcome of this debate will have significant implications for the future of digital privacy and the balance between security and freedom in society.

---

Possible Consequences for Messaging Services

The implementation of Chat Control could have significant implications for messaging services operating within the European Union. Both large platforms and smaller providers might need to adapt their technologies and policies to comply with the new regulations, potentially altering the landscape of digital communication.

Impact on Encrypted Messaging Services

Signal and Similar Platforms

• Compliance Challenges: Encrypted messaging services like Signal rely on end-to-end encryption to secure user communications. Complying with Chat Control could force them to weaken their encryption protocols or implement client-side scanning, conflicting with their core privacy principles.

• Operational Decisions: Some platforms may choose to limit their services in the EU or cease operations altogether rather than compromise on encryption. Signal, for instance, has indicated that it would prefer to withdraw from European markets than undermine its security features.

Potential Blocking or Limiting of Services

• Regulatory Enforcement: Messaging services that do not comply with Chat Control regulations could face fines, legal action, or even be blocked within the EU.

• Access Restrictions: Users in Europe might find certain services unavailable or limited in functionality if providers decide not to meet the regulatory requirements.

Effects on Smaller Providers

• Resource Constraints: Smaller messaging services and startups may lack the resources to implement the required scanning technologies, leading to increased operational costs or forcing them out of the market.

• Innovation Stifling: The added regulatory burden could deter new entrants, reducing competition and innovation in the messaging service sector.

User Experience and Trust

• Privacy Concerns: Users may lose trust in messaging platforms if they know their communications are subject to scanning, leading to a decline in user engagement.

• Migration to Unregulated Platforms: There is a risk that users might shift to less secure or unregulated services, including those operated outside the EU or on the dark web, potentially exposing them to greater risks.

Technical and Security Implications

• Increased Vulnerabilities: Modifying encryption protocols to comply with Chat Control could introduce security flaws, making platforms more susceptible to hacking and data breaches.

• Global Security Risks: Changes made to accommodate EU regulations might affect the global user base of these services, extending security risks beyond European borders.

Impact on Businesses and Professional Communications

• Confidentiality Issues: Businesses that rely on secure messaging for sensitive communications may face challenges in ensuring confidentiality, affecting sectors like finance, healthcare, and legal services.

• Compliance Complexity: Companies operating internationally will need to navigate a complex landscape of differing regulations, increasing administrative burdens.

Economic Consequences

• Market Fragmentation: Divergent regulations could lead to a fragmented market, with different versions of services for different regions.

• Loss of Revenue: Messaging services might experience reduced revenue due to decreased user trust and engagement or the costs associated with compliance.

Responses from Service Providers

• Legal Challenges: Companies might pursue legal action against the regulations, citing conflicts with privacy laws and user rights.

• Policy Advocacy: Service providers may increase lobbying efforts to influence policy decisions and promote alternatives to Chat Control.

Possible Adaptations

• Technological Innovation: Some providers might invest in developing new technologies that can detect illegal content without compromising encryption, though the feasibility remains uncertain.

• Transparency Measures: To maintain user trust, companies might enhance transparency about how data is handled and what measures are in place to protect privacy.

The potential consequences of Chat Control for messaging services are profound, affecting not only the companies that provide these services but also the users who rely on them daily. The balance between complying with legal requirements and maintaining user privacy and security presents a significant challenge that could reshape the digital communication landscape.

---

What Happens Next? The Future of Chat Control

The future of Chat Control remains uncertain as the debate continues among EU member states, policymakers, technology companies, and civil society organizations. Several factors will influence the outcome of this contentious proposal, each carrying significant implications for digital privacy, security, and the regulatory environment within the European Union.

Current Status of Legislation

• Ongoing Negotiations: The proposed Chat Control measures are still under discussion within the European Parliament and the Council of the European Union. Amendments and revisions are being considered in response to the feedback from various stakeholders.

• Timeline: While there is no fixed date for the final decision, the EU aims to reach a consensus to implement effective measures against online crime without undue delay.

Key Influencing Factors

1. Legal Challenges and Compliance with EU Law

• Fundamental Rights Assessment: The proposals must be evaluated against the Charter of Fundamental Rights of the European Union, ensuring that any measures comply with rights to privacy, data protection, and freedom of expression.

• Court Scrutiny: Potential legal challenges could arise, leading to scrutiny by the European Court of Justice (ECJ), which may impact the feasibility and legality of Chat Control.

2. Technological Feasibility

• Development of Privacy-Preserving Technologies: Research into methods that can detect illegal content without compromising encryption is ongoing. Advances in this area could provide alternative solutions acceptable to both privacy advocates and security agencies.

• Implementation Challenges: The practical aspects of deploying scanning technologies across various platforms and services remain complex, and technical hurdles could delay or alter the proposed measures.

3. Political Dynamics

• Member State Positions: The differing stances of EU countries, such as Germany's opposition, play a significant role in shaping the final outcome. Consensus among member states is crucial for adopting EU-wide regulations.

• Public Opinion and Advocacy: Growing awareness and activism around digital privacy can influence policymakers. Public campaigns and lobbying efforts may sway decisions in favor of stronger privacy protections.

4. Industry Responses

• Negotiations with Service Providers: Ongoing dialogues between EU authorities and technology companies may lead to compromises or collaborative efforts to address concerns without fully implementing Chat Control as initially proposed.

• Potential for Self-Regulation: Messaging services might propose self-regulatory measures to combat illegal content, aiming to demonstrate effectiveness without the need for mandatory scanning.

Possible Scenarios

Optimistic Outcome:

• Balanced Regulation: A revised proposal emerges that effectively addresses security concerns while upholding strong encryption and privacy rights, possibly through innovative technologies or targeted measures with robust oversight.

Pessimistic Outcome:

• Adoption of Strict Measures: Chat Control is implemented as initially proposed, leading to weakened encryption, reduced privacy, and potential withdrawal of services like Signal from the EU market.

Middle Ground:

• Incremental Implementation: Partial measures are adopted, focusing on voluntary cooperation with service providers and emphasizing transparency and user consent, with ongoing evaluations to assess effectiveness and impact.

How to Stay Informed and Protect Your Privacy

• Follow Reputable Sources: Keep up with news from reliable outlets, official EU communications, and statements from privacy organizations to stay informed about developments.

• Engage in the Dialogue: Participate in public consultations, sign petitions, or contact representatives to express your views on Chat Control and digital privacy.

• Utilize Secure Practices: Regardless of legislative outcomes, adopting good digital hygiene—such as using strong passwords and being cautious with personal information—can enhance your online security.

The Global Perspective

• International Implications: The EU's decision may influence global policies on encryption and surveillance, setting precedents that other countries might follow or react against.

• Collaboration Opportunities: International cooperation on developing solutions that protect both security and privacy could emerge, fostering a more unified approach to addressing online threats.

Looking Ahead

The future of Chat Control is a critical issue that underscores the challenges of governing in the digital age. Balancing the need for security with the protection of fundamental rights is a complex task that requires careful consideration, open dialogue, and collaboration among all stakeholders.

As the situation evolves, staying informed and engaged is essential. The decisions made in the coming months will shape the digital landscape for years to come, affecting how we communicate, conduct business, and exercise our rights in an increasingly connected world.

---

Conclusion

The debate over Chat Control highlights a fundamental challenge in our increasingly digital world: how to protect society from genuine threats without eroding the very rights and freedoms that define it. While the intention to safeguard children and prevent crime is undeniably important, the means of achieving this through intrusive surveillance measures raise critical concerns.

Privacy is not just a personal preference but a cornerstone of democratic societies. End-to-end encryption has become an essential tool for ensuring that our personal conversations, professional communications, and sensitive data remain secure from unwanted intrusion. Weakening these protections could expose individuals and organizations to risks that far outweigh the proposed benefits.

The potential consequences of implementing Chat Control are far-reaching:

• Erosion of Trust: Users may lose confidence in digital platforms, impacting how we communicate and conduct business online.
• Security Vulnerabilities: Introducing backdoors or weakening encryption can make systems more susceptible to cyberattacks.
• Stifling Innovation: Regulatory burdens may hinder technological advancement and competitiveness in the tech industry.
• Global Implications: The EU's decisions could set precedents that influence digital policies worldwide, for better or worse.

As citizens, it's crucial to stay informed about these developments. Engage in conversations, reach out to your representatives, and advocate for solutions that respect both security needs and fundamental rights. Technology and policy can evolve together to address challenges without compromising core values.

The future of Chat Control is not yet decided, and public input can make a significant difference. By promoting open dialogue, supporting privacy-preserving innovations, and emphasizing the importance of human rights in legislation, we can work towards a digital landscape that is both safe and free.

In a world where digital communication is integral to daily life, striking the right balance between security and privacy is more important than ever. The choices made today will shape the digital environment for generations to come, determining not just how we communicate, but how we live and interact in an interconnected world.

---

Thank you for reading this article. We hope it has provided you with a clear understanding of Chat Control and its potential impact on your privacy and digital rights. Stay informed, stay engaged, and let's work together towards a secure and open digital future.

Read more:

• https://www.patrick-breyer.de/en/posts/chat-control/
• https://www.patrick-breyer.de/en/new-eu-push-for-chat-control-will-messenger-services-be-blocked-in-europe/
• https://edri.org/our-work/dutch-decision-puts-brakes-on-chat-control/
• https://signal.org/blog/pdfs/ndss-keynote.pdf
• https://tuta.com/blog/germany-stop-chat-control
• https://cointelegraph.com/news/signal-president-slams-revised-eu-encryption-proposal
• https://mullvad.net/en/why-privacy-matters

@ 4ba8e86d:89d32de4

O que é Cwtch? Cwtch (/kʊtʃ/ - uma palavra galesa que pode ser traduzida aproximadamente como “um abraço que cria um lugar seguro”) é um protocolo de mensagens multipartidário descentralizado, que preserva a privacidade, que pode ser usado para construir aplicativos resistentes a metadados.

Como posso pronunciar Cwtch? Como "kutch", para rimar com "butch".

Descentralizado e Aberto : Não existe “serviço Cwtch” ou “rede Cwtch”. Os participantes do Cwtch podem hospedar seus próprios espaços seguros ou emprestar sua infraestrutura para outras pessoas que buscam um espaço seguro. O protocolo Cwtch é aberto e qualquer pessoa é livre para criar bots, serviços e interfaces de usuário e integrar e interagir com o Cwtch.

Preservação de privacidade : toda a comunicação no Cwtch é criptografada de ponta a ponta e ocorre nos serviços cebola Tor v3.

Resistente a metadados : O Cwtch foi projetado de forma que nenhuma informação seja trocada ou disponibilizada a ninguém sem seu consentimento explícito, incluindo mensagens durante a transmissão e metadados de protocolo

Uma breve história do bate-papo resistente a metadados Nos últimos anos, a conscientização pública sobre a necessidade e os benefícios das soluções criptografadas de ponta a ponta aumentou com aplicativos como Signal , Whatsapp e Wire. que agora fornecem aos usuários comunicações seguras.

No entanto, essas ferramentas exigem vários níveis de exposição de metadados para funcionar, e muitos desses metadados podem ser usados ​​para obter detalhes sobre como e por que uma pessoa está usando uma ferramenta para se comunicar.

Uma ferramenta que buscou reduzir metadados é o Ricochet lançado pela primeira vez em 2014. Ricochet usou os serviços cebola Tor v2 para fornecer comunicação criptografada segura de ponta a ponta e para proteger os metadados das comunicações.

Não havia servidores centralizados que auxiliassem no roteamento das conversas do Ricochet. Ninguém além das partes envolvidas em uma conversa poderia saber que tal conversa está ocorrendo.

Ricochet tinha limitações; não havia suporte para vários dispositivos, nem existe um mecanismo para suportar a comunicação em grupo ou para um usuário enviar mensagens enquanto um contato está offline.

Isto tornou a adoção do Ricochet uma proposta difícil; mesmo aqueles em ambientes que seriam melhor atendidos pela resistência aos metadados, sem saber que ela existe.

Além disso, qualquer solução para comunicação descentralizada e resistente a metadados enfrenta problemas fundamentais quando se trata de eficiência, privacidade e segurança de grupo conforme definido pelo consenso e consistência da transcrição.

Alternativas modernas ao Ricochet incluem Briar , Zbay e Ricochet Refresh - cada ferramenta procura otimizar para um conjunto diferente de compensações, por exemplo, Briar procura permitir que as pessoas se comuniquem mesmo quando a infraestrutura de rede subjacente está inoperante, ao mesmo tempo que fornece resistência à vigilância de metadados.

O projeto Cwtch começou em 2017 como um protocolo de extensão para Ricochet, fornecendo conversas em grupo por meio de servidores não confiáveis, com o objetivo de permitir aplicativos descentralizados e resistentes a metadados como listas compartilhadas e quadros de avisos.

Uma versão alfa do Cwtch foi lançada em fevereiro de 2019 e, desde então, a equipe do Cwtch dirigida pela OPEN PRIVACY RESEARCH SOCIETY conduziu pesquisa e desenvolvimento em cwtch e nos protocolos, bibliotecas e espaços de problemas subjacentes.

Modelo de Risco.

Sabe-se que os metadados de comunicações são explorados por vários adversários para minar a segurança dos sistemas, para rastrear vítimas e para realizar análises de redes sociais em grande escala para alimentar a vigilância em massa. As ferramentas resistentes a metadados estão em sua infância e faltam pesquisas sobre a construção e a experiência do usuário de tais ferramentas.

https://nostrcheck.me/media/public/nostrcheck.me_9475702740746681051707662826.webp

O Cwtch foi originalmente concebido como uma extensão do protocolo Ricochet resistente a metadados para suportar comunicações assíncronas de grupos multiponto por meio do uso de infraestrutura anônima, descartável e não confiável.

Desde então, o Cwtch evoluiu para um protocolo próprio. Esta seção descreverá os vários riscos conhecidos que o Cwtch tenta mitigar e será fortemente referenciado no restante do documento ao discutir os vários subcomponentes da Arquitetura Cwtch.

Modelo de ameaça.

É importante identificar e compreender que os metadados são omnipresentes nos protocolos de comunicação; é de facto necessário que tais protocolos funcionem de forma eficiente e em escala. No entanto, as informações que são úteis para facilitar peers e servidores também são altamente relevantes para adversários que desejam explorar tais informações.

Para a definição do nosso problema, assumiremos que o conteúdo de uma comunicação é criptografado de tal forma que um adversário é praticamente incapaz de quebrá-lo veja tapir e cwtch para detalhes sobre a criptografia que usamos, e como tal nos concentraremos em o contexto para os metadados de comunicação.

Procuramos proteger os seguintes contextos de comunicação:

• Quem está envolvido em uma comunicação? Pode ser possível identificar pessoas ou simplesmente identificadores de dispositivos ou redes. Por exemplo, “esta comunicação envolve Alice, uma jornalista, e Bob, um funcionário público”.

• Onde estão os participantes da conversa? Por exemplo, “durante esta comunicação, Alice estava na França e Bob estava no Canadá”.

• Quando ocorreu uma conversa? O momento e a duração da comunicação podem revelar muito sobre a natureza de uma chamada, por exemplo, “Bob, um funcionário público, conversou com Alice ao telefone por uma hora ontem à noite. Esta é a primeira vez que eles se comunicam.” *Como a conversa foi mediada? O fato de uma conversa ter ocorrido por meio de um e-mail criptografado ou não criptografado pode fornecer informações úteis. Por exemplo, “Alice enviou um e-mail criptografado para Bob ontem, enquanto eles normalmente enviam apenas e-mails de texto simples um para o outro”.

• Sobre o que é a conversa? Mesmo que o conteúdo da comunicação seja criptografado, às vezes é possível derivar um contexto provável de uma conversa sem saber exatamente o que é dito, por exemplo, “uma pessoa ligou para uma pizzaria na hora do jantar” ou “alguém ligou para um número conhecido de linha direta de suicídio na hora do jantar”. 3 horas da manhã."

Além das conversas individuais, também procuramos defender-nos contra ataques de correlação de contexto, através dos quais múltiplas conversas são analisadas para obter informações de nível superior:

• Relacionamentos: Descobrir relações sociais entre um par de entidades analisando a frequência e a duração de suas comunicações durante um período de tempo. Por exemplo, Carol e Eve ligam uma para a outra todos os dias durante várias horas seguidas.

• Cliques: Descobrir relações sociais entre um grupo de entidades que interagem entre si. Por exemplo, Alice, Bob e Eva se comunicam entre si.

• Grupos vagamente conectados e indivíduos-ponte: descobrir grupos que se comunicam entre si através de intermediários, analisando cadeias de comunicação (por exemplo, toda vez que Alice fala com Bob, ela fala com Carol quase imediatamente depois; Bob e Carol nunca se comunicam).

• Padrão de Vida: Descobrir quais comunicações são cíclicas e previsíveis. Por exemplo, Alice liga para Eve toda segunda-feira à noite por cerca de uma hora. Ataques Ativos

Ataques de deturpação.

O Cwtch não fornece registro global de nomes de exibição e, como tal, as pessoas que usam o Cwtch são mais vulneráveis ​​a ataques baseados em declarações falsas, ou seja, pessoas que fingem ser outras pessoas:

O fluxo básico de um desses ataques é o seguinte, embora também existam outros fluxos:

•Alice tem um amigo chamado Bob e outro chamado Eve

• Eve descobre que Alice tem um amigo chamado Bob

• Eve cria milhares de novas contas para encontrar uma que tenha uma imagem/chave pública semelhante à de Bob (não será idêntica, mas pode enganar alguém por alguns minutos)

• Eve chama essa nova conta de "Eve New Account" e adiciona Alice como amiga.

• Eve então muda seu nome em "Eve New Account" para "Bob"

• Alice envia mensagens destinadas a "Bob" para a conta falsa de Bob de Eve Como os ataques de declarações falsas são inerentemente uma questão de confiança e verificação, a única maneira absoluta de evitá-los é os usuários validarem absolutamente a chave pública. Obviamente, isso não é o ideal e, em muitos casos, simplesmente não acontecerá .

Como tal, pretendemos fornecer algumas dicas de experiência do usuário na interface do usuário para orientar as pessoas na tomada de decisões sobre confiar em contas e/ou distinguir contas que possam estar tentando se representar como outros usuários.

Uma nota sobre ataques físicos A Cwtch não considera ataques que exijam acesso físico (ou equivalente) à máquina do usuário como praticamente defensáveis. No entanto, no interesse de uma boa engenharia de segurança, ao longo deste documento ainda nos referiremos a ataques ou condições que exigem tal privilégio e indicaremos onde quaisquer mitigações que implementámos falharão.

Um perfil Cwtch.

Os usuários podem criar um ou mais perfis Cwtch. Cada perfil gera um par de chaves ed25519 aleatório compatível com Tor.

Além do material criptográfico, um perfil também contém uma lista de Contatos (outras chaves públicas do perfil Cwtch + dados associados sobre esse perfil, como apelido e (opcionalmente) mensagens históricas), uma lista de Grupos (contendo o material criptográfico do grupo, além de outros dados associados, como apelido do grupo e mensagens históricas).

Conversões entre duas partes: ponto a ponto

https://nostrcheck.me/media/public/nostrcheck.me_2186338207587396891707662879.webp

Para que duas partes participem de uma conversa ponto a ponto, ambas devem estar on-line, mas apenas uma precisa estar acessível por meio do serviço Onion. Por uma questão de clareza, muitas vezes rotulamos uma parte como “ponto de entrada” (aquele que hospeda o serviço cebola) e a outra parte como “ponto de saída” (aquele que se conecta ao serviço cebola).

Após a conexão, ambas as partes adotam um protocolo de autenticação que:

• Afirma que cada parte tem acesso à chave privada associada à sua identidade pública.

• Gera uma chave de sessão efêmera usada para criptografar todas as comunicações futuras durante a sessão.

Esta troca (documentada com mais detalhes no protocolo de autenticação ) é negável offline , ou seja, é possível para qualquer parte falsificar transcrições desta troca de protocolo após o fato e, como tal - após o fato - é impossível provar definitivamente que a troca aconteceu de forma alguma.

Após o protocolo de autenticação, as duas partes podem trocar mensagens livremente.

Conversas em Grupo e Comunicação Ponto a Servidor

Ao iniciar uma conversa em grupo, é gerada uma chave aleatória para o grupo, conhecida como Group Key. Todas as comunicações do grupo são criptografadas usando esta chave. Além disso, o criador do grupo escolhe um servidor Cwtch para hospedar o grupo. Um convite é gerado, incluindo o Group Key, o servidor do grupo e a chave do grupo, para ser enviado aos potenciais membros.

Para enviar uma mensagem ao grupo, um perfil se conecta ao servidor do grupo e criptografa a mensagem usando a Group Key, gerando também uma assinatura sobre o Group ID, o servidor do grupo e a mensagem. Para receber mensagens do grupo, um perfil se conecta ao servidor e baixa as mensagens, tentando descriptografá-las usando a Group Key e verificando a assinatura.

Detalhamento do Ecossistema de Componentes

O Cwtch é composto por várias bibliotecas de componentes menores, cada uma desempenhando um papel específico. Algumas dessas bibliotecas incluem:

• abertoprivacidade/conectividade: Abstração de rede ACN, atualmente suportando apenas Tor.
• cwtch.im/tapir: Biblioteca para construção de aplicativos p2p em sistemas de comunicação anônimos.
• cwtch.im/cwtch: Biblioteca principal para implementação do protocolo/sistema Cwtch.
• cwtch.im/libcwtch-go: Fornece ligações C para Cwtch para uso em implementações de UI.

TAPIR: Uma Visão Detalhada

Projetado para substituir os antigos canais de ricochete baseados em protobuf, o Tapir fornece uma estrutura para a construção de aplicativos anônimos.

Está dividido em várias camadas:

• Identidade - Um par de chaves ed25519, necessário para estabelecer um serviço cebola Tor v3 e usado para manter uma identidade criptográfica consistente para um par.

• Conexões – O protocolo de rede bruto que conecta dois pares. Até agora, as conexões são definidas apenas através do Tor v3 Onion Services.

• Aplicativos - As diversas lógicas que permitem um determinado fluxo de informações em uma conexão. Os exemplos incluem transcrições criptográficas compartilhadas, autenticação, proteção contra spam e serviços baseados em tokens. Os aplicativos fornecem recursos que podem ser referenciados por outros aplicativos para determinar se um determinado peer tem a capacidade de usar um determinado aplicativo hospedado.

• Pilhas de aplicativos - Um mecanismo para conectar mais de um aplicativo, por exemplo, a autenticação depende de uma transcrição criptográfica compartilhada e o aplicativo peer cwtch principal é baseado no aplicativo de autenticação.

Identidade.

Um par de chaves ed25519, necessário para estabelecer um serviço cebola Tor v3 e usado para manter uma identidade criptográfica consistente para um peer.

InitializeIdentity - de um par de chaves conhecido e persistente:i,I

InitializeEphemeralIdentity - de um par de chaves aleatório: ie,Ie

Aplicativos de transcrição.

Inicializa uma transcrição criptográfica baseada em Merlin que pode ser usada como base de protocolos baseados em compromisso de nível superior

O aplicativo de transcrição entrará em pânico se um aplicativo tentar substituir uma transcrição existente por uma nova (aplicando a regra de que uma sessão é baseada em uma e apenas uma transcrição).

Merlin é uma construção de transcrição baseada em STROBE para provas de conhecimento zero. Ele automatiza a transformação Fiat-Shamir, para que, usando Merlin, protocolos não interativos possam ser implementados como se fossem interativos.

Isto é significativamente mais fácil e menos sujeito a erros do que realizar a transformação manualmente e, além disso, também fornece suporte natural para:

• protocolos multi-round com fases alternadas de commit e desafio;

• separação natural de domínios, garantindo que os desafios estejam vinculados às afirmações a serem provadas;

• enquadramento automático de mensagens, evitando codificação ambígua de dados de compromisso;

• e composição do protocolo, usando uma transcrição comum para vários protocolos.

Finalmente, o Merlin também fornece um gerador de números aleatórios baseado em transcrição como defesa profunda contra ataques de entropia ruim (como reutilização de nonce ou preconceito em muitas provas). Este RNG fornece aleatoriedade sintética derivada de toda a transcrição pública, bem como dos dados da testemunha do provador e uma entrada auxiliar de um RNG externo.

Conectividade Cwtch faz uso do Tor Onion Services (v3) para todas as comunicações entre nós.

Fornecemos o pacote openprivacy/connectivity para gerenciar o daemon Tor e configurar e desmontar serviços cebola através do Tor.

Criptografia e armazenamento de perfil.

Os perfis são armazenados localmente no disco e criptografados usando uma chave derivada de uma senha conhecida pelo usuário (via pbkdf2).

Observe que, uma vez criptografado e armazenado em disco, a única maneira de recuperar um perfil é recuperando a senha - como tal, não é possível fornecer uma lista completa de perfis aos quais um usuário pode ter acesso até inserir uma senha.

Perfis não criptografados e a senha padrão Para lidar com perfis "não criptografados" (ou seja, que não exigem senha para serem abertos), atualmente criamos um perfil com uma senha codificada de fato .

Isso não é o ideal, preferiríamos confiar no material de chave fornecido pelo sistema operacional, de modo que o perfil fosse vinculado a um dispositivo específico, mas esses recursos são atualmente uma colcha de retalhos - também notamos, ao criar um perfil não criptografado, pessoas que usam Cwtch estão explicitamente optando pelo risco de que alguém com acesso ao sistema de arquivos possa descriptografar seu perfil.

Vulnerabilidades Relacionadas a Imagens e Entrada de Dados

Imagens Maliciosas

O Cwtch enfrenta desafios na renderização de imagens, com o Flutter utilizando Skia, embora o código subjacente não seja totalmente seguro para a memória.

Realizamos testes de fuzzing nos componentes Cwtch e encontramos um bug de travamento causado por um arquivo GIF malformado, levando a falhas no kernel. Para mitigar isso, adotamos a política de sempre habilitar cacheWidth e/ou cacheHeight máximo para widgets de imagem.

Identificamos o risco de imagens maliciosas serem renderizadas de forma diferente em diferentes plataformas, como evidenciado por um bug no analisador PNG da Apple.

Riscos de Entrada de Dados

Um risco significativo é a interceptação de conteúdo ou metadados por meio de um Input Method Editor (IME) em dispositivos móveis. Mesmo aplicativos IME padrão podem expor dados por meio de sincronização na nuvem, tradução online ou dicionários pessoais.

Implementamos medidas de mitigação, como enableIMEPersonalizedLearning: false no Cwtch 1.2, mas a solução completa requer ações em nível de sistema operacional e é um desafio contínuo para a segurança móvel.

Servidor Cwtch.

O objetivo do protocolo Cwtch é permitir a comunicação em grupo através de infraestrutura não confiável .

Ao contrário dos esquemas baseados em retransmissão, onde os grupos atribuem um líder, um conjunto de líderes ou um servidor confiável de terceiros para garantir que cada membro do grupo possa enviar e receber mensagens em tempo hábil (mesmo que os membros estejam offline) - infraestrutura não confiável tem o objetivo de realizar essas propriedades sem a suposição de confiança.

O artigo original do Cwtch definia um conjunto de propriedades que se esperava que os servidores Cwtch fornecessem:

• O Cwtch Server pode ser usado por vários grupos ou apenas um.

• Um servidor Cwtch, sem a colaboração de um membro do grupo, nunca deve aprender a identidade dos participantes de um grupo.

• Um servidor Cwtch nunca deve aprender o conteúdo de qualquer comunicação.

• Um servidor Cwtch nunca deve ser capaz de distinguir mensagens como pertencentes a um grupo específico. Observamos aqui que essas propriedades são um superconjunto dos objetivos de design das estruturas de Recuperação de Informações Privadas.

Melhorias na Eficiência e Segurança

Eficiência do Protocolo

Atualmente, apenas um protocolo conhecido, o PIR ingênuo, atende às propriedades desejadas para garantir a privacidade na comunicação do grupo Cwtch. Este método tem um impacto direto na eficiência da largura de banda, especialmente para usuários em dispositivos móveis. Em resposta a isso, estamos ativamente desenvolvendo novos protocolos que permitem negociar garantias de privacidade e eficiência de maneiras diversas.

Os servidores, no momento desta escrita, permitem o download completo de todas as mensagens armazenadas, bem como uma solicitação para baixar mensagens específicas a partir de uma determinada mensagem. Quando os pares ingressam em um grupo em um novo servidor, eles baixam todas as mensagens do servidor inicialmente e, posteriormente, apenas as mensagens novas.

Mitigação de Análise de Metadados

Essa abordagem permite uma análise moderada de metadados, pois o servidor pode enviar novas mensagens para cada perfil suspeito exclusivo e usar essas assinaturas de mensagens exclusivas para rastrear sessões ao longo do tempo. Essa preocupação é mitigada por dois fatores:

1. Os perfis podem atualizar suas conexões a qualquer momento, resultando em uma nova sessão do servidor.
2. Os perfis podem ser "ressincronizados" de um servidor a qualquer momento, resultando em uma nova chamada para baixar todas as mensagens. Isso é comumente usado para buscar mensagens antigas de um grupo.

Embora essas medidas imponham limites ao que o servidor pode inferir, ainda não podemos garantir resistência total aos metadados. Para soluções futuras para esse problema, consulte Niwl.

Proteção contra Pares Maliciosos

Os servidores enfrentam o risco de spam gerado por pares, representando uma ameaça significativa à eficácia do sistema Cwtch. Embora tenhamos implementado um mecanismo de proteção contra spam no protótipo do Cwtch, exigindo que os pares realizem alguma prova de trabalho especificada pelo servidor, reconhecemos que essa não é uma solução robusta na presença de um adversário determinado com recursos significativos.

Pacotes de Chaves

Os servidores Cwtch se identificam por meio de pacotes de chaves assinados, contendo uma lista de chaves necessárias para garantir a segurança e resistência aos metadados na comunicação do grupo Cwtch. Esses pacotes de chaves geralmente incluem três chaves: uma chave pública do serviço Tor v3 Onion para o Token Board, uma chave pública do Tor v3 Onion Service para o Token Service e uma chave pública do Privacy Pass.

Para verificar os pacotes de chaves, os perfis que os importam do servidor utilizam o algoritmo trust-on-first-use (TOFU), verificando a assinatura anexada e a existência de todos os tipos de chave. Se o perfil já tiver importado o pacote de chaves do servidor anteriormente, todas as chaves são consideradas iguais.

Configuração prévia do aplicativo para ativar o Relé do Cwtch.

No Android, a hospedagem de servidor não está habilitada, pois essa opção não está disponível devido às limitações dos dispositivos Android. Essa funcionalidade está reservada apenas para servidores hospedados em desktops.

No Android, a única forma direta de importar uma chave de servidor é através do grupo de teste Cwtch, garantindo assim acesso ao servidor Cwtch.

Primeiro passo é Habilitar a opção de grupo no Cwtch que está em fase de testes. Clique na opção no canto superior direito da tela de configuração e pressione o botão para acessar as configurações do Cwtch.

Você pode alterar o idioma para Português do Brasil.Depois, role para baixo e selecione a opção para ativar os experimentos. Em seguida, ative a opção para habilitar o chat em grupo e a pré-visualização de imagens e fotos de perfil, permitindo que você troque sua foto de perfil.

https://link.storjshare.io/raw/jvss6zxle26jdguwaegtjdixhfka/production/f0ca039733d48895001261ab25c5d2efbaf3bf26e55aad3cce406646f9af9d15.MP4

Próximo passo é Criar um perfil.

Pressione o + botão de ação no canto inferior direito e selecione "Novo perfil" ou aberta no botão + adicionar novo perfil.

• Selecione um nome de exibição

• Selecione se deseja proteger

este perfil e salvo localmente com criptografia forte: Senha: sua conta está protegida de outras pessoas que possam usar este dispositivo

Sem senha: qualquer pessoa que tenha acesso a este dispositivo poderá acessar este perfil.

Preencha sua senha e digite-a novamente

Os perfis são armazenados localmente no disco e criptografados usando uma chave derivada de uma senha conhecida pelo usuário (via pbkdf2).

Observe que, uma vez criptografado e armazenado em disco, a única maneira de recuperar um perfil é recuperando a chave da senha - como tal, não é possível fornecer uma lista completa de perfis aos quais um usuário pode ter acesso até inserir um senha.

https://link.storjshare.io/raw/jxqbqmur2lcqe2eym5thgz4so2ya/production/8f9df1372ec7e659180609afa48be22b12109ae5e1eda9ef1dc05c1325652507.MP4

O próximo passo é adicionar o FuzzBot, que é um bot de testes e de desenvolvimento.

Contato do FuzzBot: 4y2hxlxqzautabituedksnh2ulcgm2coqbure6wvfpg4gi2ci25ta5ad.

Ao enviar o comando "testgroup-invite" para o FuzzBot, você receberá um convite para entrar no Grupo Cwtch Test. Ao ingressar no grupo, você será automaticamente conectado ao servidor Cwtch. Você pode optar por sair do grupo a qualquer momento ou ficar para conversar e tirar dúvidas sobre o aplicativo e outros assuntos. Depois, você pode configurar seu próprio servidor Cwtch, o que é altamente recomendável.

https://link.storjshare.io/raw/jvji25zclkoqcouni5decle7if7a/production/ee3de3540a3e3dca6e6e26d303e12c2ef892a5d7769029275b8b95ffc7468780.MP4

Agora você pode utilizar o aplicativo normalmente. Algumas observações que notei: se houver demora na conexão com outra pessoa, ambas devem estar online. Se ainda assim a conexão não for estabelecida, basta clicar no ícone de reset do Tor para restabelecer a conexão com a outra pessoa.

Uma introdução aos perfis Cwtch.

Com Cwtch você pode criar um ou mais perfis . Cada perfil gera um par de chaves ed25519 aleatório compatível com a Rede Tor.

Este é o identificador que você pode fornecer às pessoas e que elas podem usar para entrar em contato com você via Cwtch.

Cwtch permite criar e gerenciar vários perfis separados. Cada perfil está associado a um par de chaves diferente que inicia um serviço cebola diferente.

Gerenciar Na inicialização, o Cwtch abrirá a tela Gerenciar Perfis. Nessa tela você pode:

• Crie um novo perfil.
• Desbloquear perfis.
• Criptografados existentes.
• Gerenciar perfis carregados.
• Alterando o nome de exibição de um perfil.
• Alterando a senha de um perfil Excluindo um perfil.
• Alterando uma imagem de perfil.

Backup ou exportação de um perfil.

Na tela de gerenciamento de perfil:

1. Selecione o lápis ao lado do perfil que você deseja editar

2. Role para baixo até a parte inferior da tela.

3. Selecione "Exportar perfil"

4. Escolha um local e um nome de arquivo.

5.confirme.

Uma vez confirmado, o Cwtch colocará uma cópia do perfil no local indicado. Este arquivo é criptografado no mesmo nível do perfil.

Este arquivo pode ser importado para outra instância do Cwtch em qualquer dispositivo.

Importando um perfil.

1. Pressione o +botão de ação no canto inferior direito e selecione "Importar perfil"

2. Selecione um arquivo de perfil Cwtch exportado para importar

3. Digite a senha associada ao perfil e confirme.

Uma vez confirmado, o Cwtch tentará descriptografar o arquivo fornecido usando uma chave derivada da senha fornecida. Se for bem-sucedido, o perfil aparecerá na tela Gerenciamento de perfil e estará pronto para uso.

OBSERVAÇÃO Embora um perfil possa ser importado para vários dispositivos, atualmente apenas uma versão de um perfil pode ser usada em todos os dispositivos ao mesmo tempo. As tentativas de usar o mesmo perfil em vários dispositivos podem resultar em problemas de disponibilidade e falhas de mensagens.

Qual é a diferença entre uma conexão ponto a ponto e um grupo cwtch?

As conexões ponto a ponto Cwtch permitem que 2 pessoas troquem mensagens diretamente. As conexões ponto a ponto nos bastidores usam serviços cebola Tor v3 para fornecer uma conexão criptografada e resistente a metadados. Devido a esta conexão direta, ambas as partes precisam estar online ao mesmo tempo para trocar mensagens.

Os Grupos Cwtch permitem que várias partes participem de uma única conversa usando um servidor não confiável (que pode ser fornecido por terceiros ou auto-hospedado). Os operadores de servidores não conseguem saber quantas pessoas estão em um grupo ou o que está sendo discutido. Se vários grupos estiverem hospedados em um único servidor, o servidor não conseguirá saber quais mensagens pertencem a qual grupo sem a conivência de um membro do grupo. Ao contrário das conversas entre pares, as conversas em grupo podem ser conduzidas de forma assíncrona, para que todos num grupo não precisem estar online ao mesmo tempo.

Por que os grupos cwtch são experimentais? Mensagens em grupo resistentes a metadados ainda são um problema em aberto . Embora a versão que fornecemos no Cwtch Beta seja projetada para ser segura e com metadados privados, ela é bastante ineficiente e pode ser mal utilizada. Como tal, aconselhamos cautela ao usá-lo e apenas o fornecemos como um recurso opcional.

Como posso executar meu próprio servidor Cwtch? A implementação de referência para um servidor Cwtch é de código aberto . Qualquer pessoa pode executar um servidor Cwtch, e qualquer pessoa com uma cópia do pacote de chaves públicas do servidor pode hospedar grupos nesse servidor sem que o operador tenha acesso aos metadados relacionados ao grupo .

https://git.openprivacy.ca/cwtch.im/server

https://docs.openprivacy.ca/cwtch-security-handbook/server.html

Como posso desligar o Cwtch? O painel frontal do aplicativo possui um ícone do botão "Shutdown Cwtch" (com um 'X'). Pressionar este botão irá acionar uma caixa de diálogo e, na confirmação, o Cwtch será desligado e todos os perfis serão descarregados.

Suas doações podem fazer a diferença no projeto Cwtch? O Cwtch é um projeto dedicado a construir aplicativos que preservam a privacidade, oferecendo comunicação de grupo resistente a metadados. Além disso, o projeto também desenvolve o Cofre, formulários da web criptografados para ajudar mútua segura. Suas contribuições apoiam iniciativas importantes, como a divulgação de violações de dados médicos em Vancouver e pesquisas sobre a segurança do voto eletrônico na Suíça. Ao doar, você está ajudando a fechar o ciclo, trabalhando com comunidades marginalizadas para identificar e corrigir lacunas de privacidade. Além disso, o projeto trabalha em soluções inovadoras, como a quebra de segredos através da criptografia de limite para proteger sua privacidade durante passagens de fronteira. E também tem a infraestrutura: toda nossa infraestrutura é open source e sem fins lucrativos. Conheça também o Fuzzytags, uma estrutura criptográfica probabilística para marcação resistente a metadados. Sua doação é crucial para continuar o trabalho em prol da privacidade e segurança online. Contribua agora com sua doação

https://openprivacy.ca/donate/

onde você pode fazer sua doação em bitcoin e outras moedas, e saiba mais sobre os projetos. https://openprivacy.ca/work/

Link sobre Cwtch

https://cwtch.im/

https://git.openprivacy.ca/cwtch.im/cwtch

https://docs.cwtch.im/docs/intro

https://docs.openprivacy.ca/cwtch-security-handbook/

Baixar #CwtchDev

cwtch.im/download/

https://play.google.com/store/apps/details?id=im.cwtch.flwtch

@ 7e538978:a5987ab6

Chain Duel, a fast paced PvP game that takes inspiration from the classic snake game and supercharges it with Bitcoin’s Lightning Network. Imagine battling another player for dominance in a race to collect blocks, where the length of your chain isn’t just a visual cue. It represents real, staked satoshis. The player with the most Proof of Work wins, but it’s not just about gameplay; it’s about the seamless integration of the Lightning Network and real-time payments.

But how does Chain Duel manage these instant transactions with such efficiency? That’s where LNbits comes in. LNbits, an open-source wallet and payment infrastructure, handles all in-game payments making it easy for developers to focus on gameplay while LNbits takes care of everything from microtransactions to automated splits for developers and designers. In this article, we’ll dive deep into how Chain Duel leverages LNbits to streamline in-game payments and how other developers can take advantage of this powerful toolset to build the future of Lightning-powered gaming.

Let’s explore how LNbits transforms payment processing and why it’s quickly becoming a must-have for game developers working in the Bitcoin space.

Overview of Chain Duel

Chain Duel is a unique Lightning Network-inspired game that reimagines the classic snake game with a competitive twist, integrating real-time payments. Two players face off in real-time, racing to "catch" blocks and extend their chains. Each block added to the chain represents Proof of Work, and the player with the most Proof of Work wins the duel. The stakes are high, as the game represents satoshis (small units of Bitcoin) as points, with the winner taking home the prize.

The game is designed to be Lightning-native, meaning all payments within Chain Duel are processed through the Lightning Network. This ensures fast payments, reducing latency and making gameplay smooth. With additional features like practice mode, tournaments and highscores, Chain Duel creates an engaging and competitive environment for Bitcoin enthusiasts and gamers alike.

One of the standout aspects of Chain Duel is its deeper integration with the Lightning Network even at a design level. For example, actual Bitcoin blocks can appear on screen during matches, offering bonus points when mined in sync with the game. The game’s current version, still in beta, has already drawn attention within the Bitcoin community, gaining momentum at conferences and with a growing user base through its social networks. With its innovative combination of gaming, the Lightning Network, and competitive play, Chain Duel offers a glimpse into the future of Lightning-based gaming.

How LNbits is Used in Chain Duel

Seamless Integration with LNbits

At the core of Chain Duel’s efficient payment processing is LNbits, which handles in-game transactions smoothly and reliably. Chain Duel uses the LNbits LNURL-pay and LNURL-withdraw extensions to manage payments and rewards between players. Before each match, players send satoshis using LNURL-pay, which generates a static QR code or link for making the payment. LNURL-pay allows users to attach a note to the payment, which Chain Duel creatively uses as a way to insert the player name in-game. The simplicity of LNURL-pay ensures that users can quickly and easily initiate games, with fresh invoices being issued for every game. When players win, LNURL-withdraw enables them to seamlessly pull their earnings from the game, providing a quick payout system.

These extensions make it easy for players to send and receive Bitcoin with minimal latency, fully leveraging the power of the Lightning Network for fast and low-cost payments. The flexibility of LNbits’ tools means that game developers don’t need to worry about building custom payment systems from scratch—they can rely on LNbits to handle all financial transactions with precision.

Lightning Tournaments

Chain Duel tournaments leverage LNbits and its LNURL extensions to create a seamless and efficient experience for players. In Chain Duel tournaments, LNbits plays a crucial role in managing the overall economics. LNbits facilitates the generation of LNURL QR codes that participants can scan to register quickly or withdraw their winnings. LNbits allows Chain Duel to automatically handle multiple registrations through LNURL-pay, enabling players to participate in the tournament without additional steps. The Lightning Network's speed ensures that these payments occur in real-time, reducing wait times and allowing for a smoother flow in-game.

Splitting Payments

LNbits further simplifies revenue-sharing within Chain Duel. This feature allows the game to automatically split the satoshis sent by players into different shares for the game’s developer, designer, and host. Each time a payment is made to join a match, LNbits is used to automattically pay each of the contributors, according to pre-defined rules. This automated process ensures that everyone involved in the development and running of the game gets their fair share without manual intervention or complex bookkeeping.

Nostr Integration

Chain Duel also integrates with Nostr, a decentralized protocol for social interactions. Players can join games using "Zaps", small tips or micropayments sent over the Lightning Network within the Nostr ecosystem. Through NIP-57, which enables Nostr clients to request Zap invoices, players can use LNURL-pay enabled Zaps to register in P2P matches, further enhancing the Chain Duel experience. By using Zaps as a way to register in-game, Chain Duel automates the process of fetching players' identity, creating a more competitive and social experience. Zaps are public on the Nostr network, further expanding Chain Duel's games social reach and community engagement.

Game and Payment Synchronization

One of the key reasons Chain Duel developers chose LNbits is its powerful API that connects directly with the game’s logic. LNbits allows the game to synchronize payments with gameplay in real-time, providing a seamless experience where payments are an integrated part of the gaming mechanics.

With LNbits managing both the payment process and the Lightning Network’s complex infrastructure, Chain Duel developers are free to concentrate on enhancing the competitive and Lightning Network-related aspects of the game. This division of tasks is essential for streamlining development while still providing an innovative in-game payment experience that is deeply integrated with the Bitcoin network.

LNbits proves to be an indispensable tool for Chain Duel, enabling smooth in-game transactions, real-time revenue sharing, and seamless integration with Nostr. For developers looking to build Lightning-powered games, LNbits offers a powerful suite of tools that handle everything from micropayments to payment distribution—ensuring that the game's focus remains on fun and competition rather than complex payment systems.

LNBits facilitating Education and Adoption

This system contributes to educating users on the power of the Lightning Network. Since Chain Duel directly involve real satoshis and LNURL for registration and rewards, players actively experience how Lightning can facilitate fast, cheap, and permissionless payments. By incorporating LNbits into Chain Duel, the game serves as an educational tool that introduces users to the benefits of the Lightning Network. Players gain direct experience using Lightning wallets and LNURL, helping them understand how these tools work in real-world scenarios. The near-instant nature of these payments showcases the power of Lightning in a practical context, highlighting its potential beyond just gaming. Players are encouraged to set up wallets, explore the Lightning ecosystem, and eventually become familiar with Bitcoin and Lightning technology. By integrating LNbits, Chain Duel transforms in-game payments into a learning opportunity, making Bitcoin and Lightning more approachable for users worldwide.

Tools for Developers

LNbits is a versatile, open-source platform designed to simplify and enhance Bitcoin Lightning Network wallet management. For developers, particularly those working on Lightning-native games like Chain Duel, LNbits offers an invaluable set of tools that allow for seamless integration of Lightning payments without the need to build complex custom solutions from scratch. LNbits is built on a modular and extensible architecture, enabling developers to easily add or create functionality suited to their project’s needs.

Extensible Architecture for Customization

At the core of LNbits is a simple yet powerful wallet system that developers can access across multiple devices. What makes LNbits stand out is its extensible nature—everything beyond the core functionality is implemented as an extension. This modular approach allows users to customize their LNbits installation by enabling or building extensions to suit specific use cases. This flexibility is perfect for developers who want to add Lightning-based services to their games or apps without modifying the core codebase.

• Extensions for Every Use Case
  LNbits comes with a wide array of built-in extensions created by contributors, offering various services that can be plugged into your application. Some popular extensions include:
• Faucets: Distribute small amounts of Bitcoin to users for testing or promotional purposes.
• Paylinks: Create shareable links for instant payments.
• Points-of-sale (PoS): Allow users to set up shareable payment terminals.
• Paywalls: Charge users to access content or services.
• Event tickets: Sell tickets for events directly via Lightning payments.
• Games and services: From dice games to jukeboxes, LNbits offers entertaining and functional tools.

These ready-made solutions can be adapted and used in different gaming scenarios, for example in Chain Duel, where LNURL extensions are used for in game payments. The extensibility ensures developers can focus on building engaging gameplay while LNbits handles payment flows.

Developer-Friendly Customization

LNbits isn't just a plug-and-play platform. Developers can extend its functionality even further by creating their own extensions, giving full control over how the wallet system is integrated into their games or apps. The architecture is designed to make it easy for developers to build on top of the platform, adding custom features for specific requirements.

Flexible Funding Source Management

LNbits also offers flexibility in terms of managing funding sources. Developers can easily connect LNbits to various Lightning Network node implementations, enabling seamless transitions between nodes or even different payment systems. This allows developers to switch underlying funding sources with minimal effort, making LNbits adaptable for games that may need to scale quickly or rely on different payment infrastructures over time.

A Lean Core System for Maximum Efficiency

Thanks to its modular architecture, LNbits maintains a lean core system. This reduces complexity and overhead, allowing developers to implement only the features they need. By avoiding bloated software, LNbits ensures faster transactions and less resource consumption, which is crucial in fast-paced environments like Chain Duel where speed and efficiency are paramount.

LNbits is designed with developers in mind, offering a suite of tools and a flexible infrastructure that makes integrating Bitcoin payments easy. Whether you’re developing games, apps, or any service that requires Lightning Network transactions, LNbits is a powerful, open-source solution that can be adapted to fit your project.

Conclusion

Chain Duel stands at the forefront of Lightning-powered gaming, combining the excitement of competitive PvP with the speed and efficiency of the Lightning Network. With LNbits handling all in-game payments, from microtransactions to automated revenue splits, developers can focus entirely on crafting an engaging gaming experience. LNbits’ powerful API and extensions make it easy to manage real-time payments, removing the complexity of building payment infrastructure from scratch.

LNbits isn’t just a payment tool — it’s a flexible, developer-friendly platform that can be adapted to any gaming model. Whether you're developing a fast-paced PvP game like Chain Duel or any project requiring seamless Lightning Network integration, LNbits provides the ideal solution for handling instant payments with minimal overhead.

For developers interested in pushing the boundaries of Lightning-powered gaming, Chain Duel is a great example of how LNbits can enhance your game, letting you focus on the fun while LNbits manages real-time transactions.

Find out more

Curious about how Lightning Network payments can power your next game? Explore the following:

• Learn more about Chain Duel: Chain Duel
• Learn how LNbits can simplify payment handling in your project: LNbits
• Dive into decentralized communication with Nostr: Nostr

@ c4f5e7a7:8856cac7

Best viewed on Habla, YakiHonne or Highlighter.

TL;DR

This article explores the links between public, community-driven data sources (such as OpenStreetMap) and private, cryptographically-owned data found on networks such as Nostr.

The following concepts are explored:

1. Attestations: Users signalling to their social graph that they believe something to be true by publishing Attestations. These social proofs act as a decentralised verification system that leverages your web-of-trust.
2. Proof of Place: An oracle-based system where physical letters are sent to real-world locations, confirming the corresponding digital ownership via cryptographic proofs. This binds physical locations in meatspace with their digital representations in the Nostrverse.
3. Check-ins: Foursquare-style check-ins that can be verified using attestations from place owners, ensuring authenticity. This approach uses web-of-trust to validate check-ins and location ownership over time.

The goal is to leverage cryptographic ownership where necessary while preserving the open, collaborative nature of public data systems.

Open Data in a public commons has a place and should not be thrown out with the Web 2.0 bathwater.

Cognitive Dissonance

Ever since discovering Nostr in August of 2022 I've been grappling with how BTC Map - a project that helps bitcoiners find places to spend sats - should most appropriately use this new protocol.

I am assuming, dear reader, that you are somewhat familiar with Nostr - a relatively new protocol for decentralised identity and communication. If you don’t know your nsec from your npub, please take some time to read these excellent posts: Nostr is Identity for the Internet and The Power of Nostr by @max and @lyn, respectively. Nostr is so much more than a short-form social media replacement.

The social features (check-ins, reviews, etc.) that Nostr unlocks for BTC Map are clear and exciting - all your silos are indeed broken - however, something fundamental has been bothering me for a while and I think it comes down to data ownership.

For those unfamiliar, BTC Map uses OpenStreetMap (OSM) as its main geographic database. OSM is centred on the concept of a commons of objectively verifiable data that is maintained by a global community of volunteer editors; a Wikipedia for maps. There is no data ownership; the data is free (as in freedom) and anyone can edit anything. It is the data equivalent of FOSS (Free and Open Source Software) - FOSD if you will, but more commonly referred to as Open Data.

In contrast, Notes and Other Stuff on Nostr (Places in this cartographic context) are explicitly owned by the controller of the private key. These notes are free to propagate, but they are owned.

How do we reconcile the decentralised nature of Nostr, where data is cryptographically owned by individuals, with the community-managed data commons of OpenStreetMap, where no one owns the data?

Self-sovereign Identity

Before I address this coexistence question, I want to talk a little about identity as it pertains to ownership. If something is to be owned, it has to be owned by someone or something - an identity.

All identities that are not self-sovereign are, by definition, leased to you by a 3rd party. You rent your Facebook identity from Meta in exchange for your data. You rent your web domain from your DNS provider in exchange for your money.

Taken to the extreme, you rent your passport from your Government in exchange for your compliance. You are you at the pleasure of others. Where Bitcoin separates money from the state; Nostr separates identity from the state.

Or, as @nvk said recently: "Don't build your house on someone else's land.".

https://i.nostr.build/xpcCSkDg3uVw0yku.png

While we’ve had the tools for self-sovereign digital identity for decades (think PGP keys or WebAuthN), we haven't had the necessary social use cases nor the corresponding social graph to elevate these identities to the mainstream. Nostr fixes this.

Nostr is PGP for the masses and will take cryptographic identities mainstream.

Full NOSTARD?

Returning to the coexistence question: the data on OpenStreetMap isn’t directly owned by anyone, even though the physical entities the data represents might be privately owned. OSM is a data commons.

We can objectively agree on the location of a tree or a fire hydrant without needing permission to observe and record it. Sure, you could place a tree ‘on Nostr’, but why should you? Just because something can be ‘on Nostr’ doesn’t mean it should be.

https://i.nostr.build/s3So2JVAqoY4E1dI.png

There might be a dystopian future where we can't agree on what a tree is nor where it's located, but I hope we never get there. It's at this point we'll need a Wikifreedia variant of OpenStreetMap.

While integrating Nostr identities into OpenStreetMap would be valuable, the current OSM infrastructure, tools, and community already provide substantial benefits in managing this data commons without needing to go NOSTR-native - there's no need to go Full NOSTARD. H/T to @princeySOV for the original meme.

https://i.nostr.build/ot9jtM5cZtDHNKWc.png

So, how do we appropriately blend cryptographically owned data with the commons?

If a location is owned in meatspace and it's useful to signal that ownership, it should also be owned in cyberspace. Our efforts should therefore focus on entities like businesses, while allowing the commons to manage public data for as long as it can successfully mitigate the tragedy of the commons.

The remainder of this article explores how we can:

1. Verify ownership of a physical place in the real world;
2. Link that ownership to the corresponding digital place in cyberspace.

As a side note, I don't see private key custodianship - or, even worse, permissioned use of Places signed by another identity's key - as any more viable than the rented identities of Web 2.0.

And as we all know, the Second Law of Infodynamics (no citation!) states that:

"The total amount of sensitive information leaked will always increase over time."

This especially holds true if that data is centralised.

Not your keys, not your notes. Not your keys, not your identity.

Places and Web-of-Trust

@Arkinox has been leading the charge on the Places NIP, introducing Nostr notes (kind 37515) that represent physical locations. The draft is well-crafted, with bonus points for linking back to OSM (and other location repositories) via NIP-73 - External Content IDs (championed by @oscar of @fountain).

However, as Nostr is permissionless, authenticity poses a challenge. Just because someone claims to own a physical location on the Internet doesn’t necessarily mean they have ownership or control of that location in the real world.

Ultimately, this problem can only be solved in a decentralised way by using Web-of-Trust - using your social graph and the perspectives of trusted peers to inform your own perspective. In the context of Places, this requires your network to form a view on which digital identity (public key / npub) is truly the owner of a physical place like your local coffee shop.

This requires users to:

1. Verify the owner of a Place in cyberspace is the owner of a place in meatspace.
2. Signal this verification to their social graph.

Let's look at the latter idea first with the concept of Attestations ...

Attestations

A way to signal to your social graph that you believe something to be true (or false for that matter) would be by publishing an Attestation note. An Attestation note would signify to your social graph that you think something is either true or false.

Imagine you're a regular at a local coffee shop. You publish an Attestation that says the shop is real and the owner behind the Nostr public key is who they claim to be. Your friends trust you, so they start trusting the shop's digital identity too.

However, attestations applied to Places are just a single use case. The attestation concept could be more widely applied across Nostr in a variety of ways (key rotation, identity linking, etc).

Here is a recent example from @lyn that would carry more signal if it were an Attestation:

https://i.nostr.build/lZAXOEwvRIghgFY4.png

Parallels can be drawn between Attestations and transaction confirmations on the Bitcoin timechain; however, their importance to you would be weighted by clients and/or Data Vending Machines in accordance with:

1. Your social graph;
2. The type or subject of the content being attested and by whom;
3. Your personal preferences.

They could also have a validity duration to be temporally bound, which would be particularly useful in the case of Places.

NIP-25 (Reactions) do allow for users to up/downvote notes with optional content (e.g., emojis) and could work for Attestations, but I think we need something less ambiguous and more definitive.

‘This is true’ resonates more strongly than ‘I like this.’.

https://i.nostr.build/s8NIG2kXzUCLcoax.jpg

There are similar concepts in the Web 3 / Web 5 world such as Verified Credentials by tdb. However, Nostr is the Web 3 now and so wen Attestation NIP?

https://i.nostr.build/Cb047NWyHdJ7h5Ka.jpg

That said, I have seen @utxo has been exploring ‘smart contracts’ on nostr and Attestations may just be a relatively ‘dumb’ subset of the wider concept Nostr-native scripting combined with web-of-trust.

Proof of Place

Attestations handle the signalling of your truth, but what about the initial verification itself?

We already covered how this ultimately has to be derived from your social graph, but what if there was a way to help bootstrap this web-of-trust through the use of oracles? For those unfamiliar with oracles in the digital realm, they are simply trusted purveyors of truth.

Introducing Proof of Place, an out–of-band process where an oracle (such as BTC Map) would mail - yes physically mail- a shared secret to the address of the location being claimed in cyberspace. This shared secret would be locked to the public key (npub) making the claim, which, if unlocked, would prove that the associated private key (nsec) has physical access to the location in meatspace.

One way of doing this would be to mint a 1 sat cashu ecash token locked to the npub of the claimant and mail it to them. If they are able to redeem the token then they have cryptographically proven that they have physical access to the location.

Proof of Place is really nothing more than a weighted Attestation. In a web-of-trust Nostrverse, an oracle is simply a npub (say BTC Map) that you weigh heavily for its opinion on a given topic (say Places).

In the Bitcoin world, Proof of Work anchors digital scarcity in cyberspace to physical scarcity (energy and time) in meatspace and as @Gigi says in PoW is Essential:

"A failure to understand Proof of Work, is a failure to understand Bitcoin."

In the Nostrverse, Proof of Place helps bridge the digital and physical worlds.

@Gigi also observes in Memes vs The World that:

"In Bitcoin, the map is the territory. We can infer everything we care about by looking at the map alone."

https://i.nostr.build/dOnpxfI4u7EL2v4e.png

This isn’t true for Nostr.

In the Nostrverse, the map IS NOT the territory. However, Proof of Place enables us to send cryptographic drones down into the physical territory to help us interpret our digital maps. 🤯

Check-ins

Although not a draft NIP yet, @Arkinox has also been exploring the familiar concept of Foursquare-style Check-ins on Nostr (with kind 13811 notes).

For the uninitiated, Check-ins are simply notes that signal the publisher is at a given location. These locations could be Places (in the Nostr sense) or any other given digital representation of a location for that matter (such as OSM elements) if NIP-73 - External Content IDs are used.

Of course, not everyone will be a Check-in enjoyooor as the concept will not sit well with some people’s threat models and OpSec practices.

Bringing Check-ins to Nostr is possible (as @sebastix capably shows here), but they suffer the same authenticity issues as Places. Just because I say I'm at a given location doesn't mean that I am.

Back in the Web 2.0 days, Foursquare mitigated this by relying on the GPS position of the phone running their app, but this is of course spoofable.

How should we approach Check-in verifiability in the Nostrverse? Well, just like with Places, we can use Attestations and WoT. In the context of Check-ins, an Attestation from the identity (npub) of the Place being checked-in to would be a particularly strong signal. An NFC device could be placed in a coffee shop and attest to check-ins without requiring the owner to manually intervene - I’m sure @blackcoffee and @Ben Arc could hack something together over a weekend!

Check-ins could also be used as a signal for bonafide Place ownership over time.

Summary: Trust Your Bros

So, to recap, we have:

Places: Digital representations of physical locations on Nostr.

Check-ins: Users signalling their presence at a location.

Attestations: Verifiable social proofs used to confirm ownership or the truth of a claim.

You can visualise how these three concepts combine in the diagram below:

https://i.nostr.build/Uv2Jhx5BBfA51y0K.jpg

And, as always, top right trumps bottom left! We have:

Level 0 - Trust Me Bro: Anyone can check-in anywhere. The Place might not exist or might be impersonating the real place in meatspace. The person behind the npub may not have even been there at all.

Level 1 - Definitely Maybe Somewhere: This category covers the middle-ground of ‘Maybe at a Place’ and ‘Definitely Somewhere’. In these examples, you are either self-certifying that you have checked-in at an Attested Place or you are having others attest that you have checked-in at a Place that might not even exist IRL.

Level 2 - Trust Your Bros: An Attested Check-in at an Attested Place. Your individual level of trust would be a function of the number of Attestations and how you weigh them within your own social graph.

https://i.nostr.build/HtLAiJH1uQSTmdxf.jpg

Perhaps the gold standard (or should that be the Bitcoin standard?) would be a Check-in attested by the owner of the Place, which in itself was attested by BTC Map?

Or perhaps not. Ultimately, it’s the users responsibility to determine what they trust by forming their own perspective within the Nostrverse powered by web-of-trust algorithms they control. ‘Trust Me Bro’ or ‘Trust Your Bros’ - you decide.

As we navigate the frontier of cryptographic ownership and decentralised data, it’s up to us to find the balance between preserving the Open Data commons and embracing self-sovereign digital identities.

Thanks

With thanks to Arkinox, Avi, Ben Gunn, Kieran, Blackcoffee, Sebastix, Tomek, Calle, Short Fiat, Ben Weeks and Bitcoms for helping shape my thoughts and refine content, whether you know it or not!

@ 7460b7fd:4fc4e74b

请看2014年王兴的一场思维碰撞，视频27分钟开始

最后，一个当时无法解决的点：丢失

@ b60c3e76:c9d0f46e

KRIS menjamin semua golongan masyarakat mendapatkan perlakuan sama dari rumah sakit, baik pelayanan medis maupun nonmedis.

Demi memberikan peningkatan kualitas layanan kesehatan kepada masyarakat, pemerintah baru saja mengeluarkan Peraturan Presiden (Perpres) nomor 59 tahun 2024 tentang Jaminan Kesehatan. Melalui perpres itu, Presiden Joko Widodo (Jokowi) telah menghapus perbedaan kelas layanan 1, 2, dan 3 dalam Badan Penyelenggara Jaminan Sosial atau BPJS Kesehatan.

Layanan berbasis kelas itu diganti dengan KRIS (Kelas Rawat Inap Standar). Berkaitan dengan lahirnya Perpres 59/2024 tentang Perubahan Ketiga atas Perpres 82/2018 tentang Jaminan Kesehatan, Presiden Joko Widodo telah memerintahkan seluruh rumah sakit yang bekerja sama dengan BPJS Kesehatan melaksanakannya.

Kebijakan baru itu mulai berlaku per 8 Mei 2024 dan paling lambat 30 Juni 2025. Dalam jangka waktu tersebut, rumah sakit dapat menyelenggarakan sebagian atau seluruh pelayanan rawat inap berdasarkan KRIS sesuai dengan kemampuan rumah sakit.

Lantas apa yang menjadi pembeda dari sisi layanan dengan layanan rawat inap sesuai Perpres 59/2024? Dahulu sistem layanan rawat BPJS Kesehatan dibagi berdasarkan kelas yang dibagi masing-masing kelas 1, 2, dan 3. Namun, melalui perpres, layanan kepada masyarakat tidak dibedakan lagi.

Pelayanan rawat inap yang diatur dalam perpres itu--dikenal dengan nama KRIS—menjadi sistem baru yang digunakan dalam pelayanan rawat inap BPJS Kesehatan di rumah sakit-rumah sakit. Dengan KRIS, semua golongan masyarakat akan mendapatkan perlakuan yang sama dari rumah sakit, baik dalam hal pelayanan medis maupun nonmedis.

Dengan lahirnya Perpres 59/2024, tarif iuran BPJS Kesehatan pun juga akan berubah. Hanya saja, dalam Perpres itu belum dicantumkan secara rinci ihwal besar iuran yang baru. Besaran iuran baru BPJS Kesehatan itu sesuai rencana baru ditetapkan pada 1 Juli 2025.

“Penetapan manfaat, tarif, dan iuran sebagaimana dimaksud ditetapkan paling lambat tanggal 1 Juli 2025,” tulis aturan tersebut, dikutip Senin (13/5/2024).

Itu artinya, iuran BPJS Kesehatan saat ini masih sama seperti sebelumnya, yakni sesuai dengan kelas yang dipilih. Namun perpres itu tetap berlaku sembari menanti lahirnya peraturan lanjutan dari perpres tersebut.

Kesiapan Rumah Sakit

Berkaitan dengan lahirnya kebijakan layanan kesehatan tanpa dibedakan kelas lagi, Kementerian Kesehatan (Kemenkes) menegaskan mayoritas rumah sakit di Indonesia siap untuk menjalankan layanan KRIS untuk pasien BPJS Kesehatan.

Kesiapan itu diungkapkan oleh Dirjen Pelayanan Kesehatan Kemenkes Azhar Jaya. “Survei kesiapan RS terkait KRIS sudah dilakukan pada 2.988 rumah sakit dan yang sudah siap menjawab isian 12 kriteria ada sebanyak 2.233 rumah sakit,” ujar Azhar.

Sebagai informasi, KRIS adalah pengganti layanan Kelas 1, 2, dan 3 BPJS Kesehatan yang bertujuan untuk memberikan layanan kesehatan secara merata tanpa melihat besaran iurannya.

Melalui KRIS, rumah sakit perlu menyiapkan sarana dan prasarana sesuai dengan 12 kriteria kelas rawat inap standar secara bertahap. Apa saja ke-12 kriteria KRIS itu?

Sesuai bunyi Pasal 46A Perpres 59/2024, disyaratkan kriteria fasilitas perawatan dan pelayanan rawat inap KRIS meliputi komponen bangunan yang digunakan tidak boleh memiliki tingkat porositas yang tinggi serta terdapat ventilasi udara dan kelengkapan tidur.

Demikian pula soal pencahayaan ruangan. Perpres itu juga mengatur pencahayaan ruangan buatan mengikuti kriteria standar 250 lux untuk penerangan dan 50 lux untuk pencahayaan tidur, temperature ruangan 20--26 derajat celcius.

Tidak hanya itu, layanan rawat inap berdasarkan perpres itu mensyaratkan fasilitas layanan yang membagi ruang rawat berdasarkan jenis kelamin pasien, anak atau dewasa, serta penyakit infeksi atau noninfeksi.

Selain itu, kriteria lainnya adalah keharusan bagi penyedia layanan untuk mempertimbangkan kepadatan ruang rawat dan kualitas tempat tidur, penyediaan tirai atau partisi antartempat tidur, kamar mandi dalam ruangan rawat inap yang memenuhi standar aksesibilitas, dan menyediakan outlet oksigen.

Selain itu, kelengkapan tempat tidur berupa adanya dua kotak kontak dan nurse call pada setiap tempat tidur dan adanya nakas per tempat tidur. Kepadatan ruang rawat inap maksimal empat tempat tidur dengan jarak antara tepi tempat tidur minimal 1,5 meter.

Tirai/partisi dengan rel dibenamkan menempel di plafon atau menggantung. Kamar mandi dalam ruang rawat inap serta kamar mandi sesuai dengan standar aksesibilitas dan outlet oksigen.

Azhar menjamin, Kemenkes akan menjalankan hal tersebut sesuai dengan tupoksi yang ada. “Tentu saja kami akan bekerja sama dengan BPJS Kesehatan dalam implementasi dan pengawasannya di lapangan,” ujar Azhar.

Berkaitan dengan perpres jaminan kesehatan itu, Direktur Utama BPJS Kesehatan Ghufron Mukti menilai, perpres tersebut berorientasi pada penyeragaman kelas rawat inap yang mengacu pada 12 kriteria. "Bahwa perawatan ada kelas rawat inap standar dengan 12 kriteria, untuk peserta BPJS, maka sebagaimana sumpah dokter tidak boleh dibedakan pemberian pelayan medis atas dasar suku, agama, status sosial atau beda iurannya," ujarnya.

Jika ada peserta ingin dirawat pada kelas yang lebih tinggi, kata Ghufron, maka diperbolehkan selama hal itu dipengaruhi situasi nonmedis. Hal itu disebutkan dalam Pasal 51 Perpres Jaminan Kesehatan diatur ketentuan naik kelas perawatan.

Menurut pasal tersebut, naik kelas perawatan dilakukan dengan cara mengikuti asuransi kesehatan tambahan atau membayar selisih antara biaya yang dijamin oleh BPJS Kesehatan dengan biaya yang harus dibayar akibat peningkatan pelayanan.

Selisih antara biaya yang dijamin oleh BPJS Kesehatan dengan biaya pelayanan dapat dibayar oleh peserta bersangkutan, pemberi kerja, atau asuransi kesehatan tambahan.

Ghufron Mukti juga mengimbau pengelola rumah sakit tidak mengurangi jumlah tempat tidur perawatan pasien dalam upaya memenuhi kriteria KRIS. "Pesan saya jangan dikurangi akses dengan mengurangi jumlah tempat tidur. Pertahankan jumlah tempat tidur dan penuhi persyaratannya dengan 12 kriteria tersebut," tegas Ghufron.

Penulis: Firman Hidranto Redaktur: Ratna Nuraini/Elvira Inda Sari Sumber: Indonesia.go.id

@ 266815e0:6cd408a5

Lot of people are starting to talk about building a web-of-trust and how nostr can or is already being used as such

We all know about using the kind:3 following lists as a simple WoT that can be used to filter out spam. but as we all know it does not really signal "trust", its mostly just "I find your content interesting"

But what about real "trust"... well its kind of multi-denominational, I could trust that your a good developer or a good journalist but still not trust you enough to invite you over to my house. There are some interesting and clever solutions proposed for quantifying "trust" in a digital sense but I'm not going to get into that here. I want to talk about something that I have not see anyone discuss yet.

How is the web-of-trust maintained? or more precisely how do you expect users to update the digital representation of the "trust" of other users?

Its all well and good to think of how a user would create that "trust" of another user when discovering them for the first time. They would click the "follow" button, or maybe even rate them on a few topics with a 1/5 star system But how will a user remove that trust? how will they update it if things change and they trust them less?

If our goal is to model "trust" in a digital sense then we NEED a way for the data to stay up-to-date and as accurate as possible. otherwise whats the use? If we don't have a friction-less way to update or remove the digital representation of "trust" then we will end up with a WoT that continuously grows and everyone is rated 10/10

In the case of nostr kind:3 following lists. its pretty easy to see how these would get updated. If someone posts something I dislike or I notice I'm getting board of their content. then I just unfollow them. An important part here is that I'm not thinking "I should update my trust score of this user" but instead "I'm no longer interested, I don't want to see this anymore"

But that is probably the easiest "trust" to update. because most of us on social media spend some time curating our feed and we are used to doing it. But what about the more obscure "trust" scores? whats the regular mechanism by which a user would update the "honestly" score of another user?

In the real world its easy, when I stop trusting someone I simply stop associating with them. there isn't any button or switch I need to update. I simply don't talk to them anymore, its friction-less But in the digital realm I would have to remove or update that trust. in other words its an action I need to take instead of an action I'm not doing. and actions take energy.

So how do we reflect something in the digital world that takes no-energy and is almost subconscious in the real world?

TLDR; webs-of-trust are not just about scoring other users once. you must keep the score up-to-date

@ 266815e0:6cd408a5

While I was in Mediera with all the other awesome people at the first SEC cohort there where a lot of discussions around data storage on nostr and if it could be made censorship-resistent

I remember lots of discussions about torrents, hypercore, nostr relays, and of course IPFS

There were a few things I learned from all these conversations:

1. All the existing solutions have one thing in common. A universal ID of some kind for files
2. HTTP is still good. we don't have to throw the baby out with the bath water
3. nostr could fix this... somehow

Some of the existing solutions work well for large files, and all of them are decentralization in some way. However none of them seem capable of serving up cat pictures for social media clients. they all have something missing...

An Identity system

An identity system would allow files to be "owned" by users. and once files have owners servers could start grouping files into a single thing instead of a 1000+ loose files

This can also greatly simplify the question of "what is spam" for a server hosting (or seeding) these files. since it could simply have a whitelist of owners (and maybe their friends)

What is blossom?

Blossom is a set of HTTP endpoints that allow nostr users to store and retrieve binary data on public servers using the sha256 hash as a universal id

What are Blobs?

blobs are chunks of binary data. they are similar to files but with one key difference, they don't have names

Instead blobs have a sha256 hash (like b1674191a88ec5cdd733e4240a81803105dc412d6c6708d53ab94fc248f4f553) as an ID

These IDs are universal since they can be computed from the file itself using the sha256 hashing algorithm ( you can get a files sha256 hash on linux using: sha256sum bitcoin.pdf )

How do the servers work?

Blossom servers expose four endpoints to let clients and users upload and manage blobs

• GET /<sha256> (optional file .ext)
• PUT /upload
• Authentication: Signed nostr event
• Returns a blob descriptor
• GET /list/<pubkey>
• Returns an array of blob descriptors
• Authentication (optional): Signed nostr event
• DELETE /<sha256>
• Authentication: Signed nostr event

What is Blossom Drive?

Blossom Drive is a nostr app built on top of blossom servers and allows users to create and manage folders of blobs

What are Drives

Drives are just nostr events (kind 30563) that store a map of blobs and what filename they should have along with some extra metadata

An example drive event would be json { "pubkey": "266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5", "created_at": 1710773987, "content": "", "kind": 30563, "tags": [ [ "name", "Emojis" ], [ "description", "nostr emojis" ], [ "d", "emojis" ], [ "r", "https://cdn.hzrd149.com/" ], [ "x", "303f018e613f29e3e43264529903b7c8c84debbd475f89368cb293ec23938981", "/noStrudel.png", "15161", "image/png" ], [ "x", "a0e2b39975c8da1702374b3eed6f4c6c7333e6ae0008dadafe93bd34bfb2ca78", "/satellite.png", "6853", "image/png" ], [ "x", "e8f3fae0f4a43a88eae235a8b79794d72e8f14b0e103a0fed1e073d8fb53d51f", "/amethyst.png", "20487", "image/png" ], [ "x", "70bd5836807b916d79e9c4e67e8b07e3e3b53f4acbb95c7521b11039a3c975c6", "/nos.png", "36521", "image/png" ], [ "x", "0fc304630279e0c5ab2da9c2769e3a3178c47b8609b447a30916244e89abbc52", "/primal.png", "29343", "image/png" ], [ "x", "9a03824a73d4af192d893329bbc04cd3798542ee87af15051aaf9376b74b25d4", "/coracle.png", "18300", "image/png" ], [ "x", "accdc0cdc048f4719bb5e1da4ff4c6ffc1a4dbb7cf3afbd19b86940c01111568", "/iris.png", "24070", "image/png" ], [ "x", "2e740f2514d6188e350d95cf4756bbf455d2f95e6a09bc64e94f5031bc4bba8f", "/damus.png", "32758", "image/png" ], [ "x", "2e019f08da0c75fb9c40d81947e511c8f0554763bffb6d23a7b9b8c9e8c84abb", "/old emojis/astral.png", "29365", "image/png" ], [ "x", "d97f842f2511ce0491fe0de208c6135b762f494a48da59926ce15acfdb6ac17e", "/other/rabbit.png", "19803", "image/png" ], [ "x", "72cb99b689b4cfe1a9fb6937f779f3f9c65094bf0e6ac72a8f8261efa96653f5", "/blossom.png", "4393", "image/png" ] ] }

There is a lot going on but the main thing is the list of "x" tags and the path that describes the folder and filename the blob should live at

If your interested, the full event definition is at github.com/hzrd149/blossom-drive

Getting started

Like every good nostr client it takes a small instruction manual in order to use it properly. so here are the steps for getting started

1. Open the app

Open https://blossom.hzrd149.com

2. Login using extension

You can also login using any of the following methods using the input - NIP-46 with your https://nsec.app or https://flare.pub account - a NIP-46 connection string - an ncryptsec password protected private key - a nsec unprotected private key (please don't) - bunker:// URI from nsecbunker

3. Add a blossom server

Right now https://cdn.satellite.earth is the only public server that is compatible with blossom drive. If you want to host your own I've written a basic implementation in TypeScript github.com/hzrd149/blossom-server

4. Start uploading your files

NOTE: All files upload to blossom drive are public by default. DO NOT upload private files

5. Manage files

Encrypted drives

There is also the option to encrypt drives using NIP-49 password encryption. although its not tested at all so don't trust it, verify

Whats next?

I don't know, but Im excited to see what everyone else on nostr builds with this. I'm only one developer at the end of the day and I can't think of everything

also all the images in this article are stored in one of my blossom drives here

nostr:naddr1qvzqqqrhvvpzqfngzhsvjggdlgeycm96x4emzjlwf8dyyzdfg4hefp89zpkdgz99qq8xzun5d93kcefdd9kkzem9wvr46jka

@ f977c464:32fcbe00

Güneşin kaybolmasının üçüncü günü, saat öğlen on ikiyi yirmi geçiyordu. Trenin kalkmasına yaklaşık iki saat vardı. Hepimiz perondaydık. Valizlerimiz, kolilerimiz, renk renk ve biçimsiz çantalarımızla yan yana dizilmiş, kısa aralıklarla tepemizdeki devasa saati kontrol ediyorduk.

Ama ne kadar dik bakarsak bakalım zaman bir türlü istediğimiz hızla ilerlemiyordu. Herkes birkaç dakika sürmesi gereken alelade bir doğa olayına sıkışıp kalmış, karanlıktan sürünerek çıkmayı deniyordu.

Bekleme salonuna doğru döndüm. Nefesimden çıkan buharın arkasında, kalın taş duvarları ve camlarıyla morg kadar güvenli ve soğuk duruyordu. Cesetleri o yüzden bunun gibi yerlere taşımaya başlamışlardı. Demek insanların bütün iyiliği başkaları onları gördüğü içindi ki gündüzleri gecelerden daha karanlık olduğunda hemen birbirlerinin gırtlağına çökmüş, böğürlerinde delikler açmış, gözlerini oyup kafataslarını parçalamışlardı.

İstasyonun ışığı titrediğinde karanlığın enseme saplandığını hissettim. Eğer şimdi, böyle kalabalık bir yerde elektrik kesilse başımıza ne gelirdi?

İçerideki askerlerden biri bakışlarımı yakalayınca yeniden saate odaklanmış gibi yaptım. Sadece birkaç dakika geçmişti.

“Tarlalarım gitti. Böyle boyum kadar ayçiçeği doluydu. Ah, hepsi ölüp gidiyor. Afitap’ın çiçekleri de gi-”

“Dayı, Allah’ını seversen sus. Hepimizi yakacaksın şimdi.”

Karanlıkta durduğunda, görünmez olmayı istemeye başlıyordun. Kimse seni görmemeli, nefesini bile duymamalıydı. Kimsenin de ayağının altında dolaşmamalıydın; gelip kazayla sana çarpmamalılar, takılıp sendelememeliydiler. Yoksa aslında hedefi sen olmadığın bir öfke gürlemeye başlar, yaşadığın ilk şoku ve acıyı silerek üstünden geçerdi.

İlk konuşan, yaşlıca bir adam, kafasında kasketi, nasırlı ellerine hohluyordu. Gözleri ve burnu kızarmıştı. Güneşin kaybolması onun için kendi başına bir felaket değildi. Hayatına olan pratik yansımalarından korkuyordu olsa olsa. Bir anının kaybolması, bu yüzden çoktan kaybettiği birinin biraz daha eksilmesi. Hayatta kalmasını gerektiren sebepler azalırken, hayatta kalmasını sağlayacak kaynaklarını da kaybediyordu.

Onu susturan delikanlıysa atkısını bütün kafasına sarmış, sakalı ve yüzünün derinliklerine kaçmış gözleri dışında bedeninin bütün parçalarını gizlemeye çalışıyordu. İşte o, güneşin kaybolmasının tam olarak ne anlama geldiğini anlamamış olsa bile, dehşetini olduğu gibi hissedebilenlerdendi.

Güneşin onlardan alındıktan sonra kime verileceğini sormuyorlardı. En başta onlara verildiğinde de hiçbir soru sormamışlardı zaten.

İki saat ne zaman geçer?

Midemin üstünde, sağ tarafıma doğru keskin bir acı hissettim. Karaciğerim. Gözlerimi yumdum. Yanımda biri metal bir nesneyi yere bıraktı. Bir kafesti. İçerisindeki kartalın ıslak kokusu burnuma ulaşmadan önce bile biliyordum bunu.

“Yeniden mi?” diye sordu bana kartal. Kanatları kanlı. Zamanın her bir parçası tüylerinin üstüne çöreklenmişti. Gagası bir şey, tahminen et parçası geveliyor gibi hareket ediyordu. Eski anılar kolay unutulmazmış. Şu anda kafesinin kalın parmaklıklarının ardında olsa da bunun bir aldatmaca olduğunu bir tek ben biliyordum. Her an kanatlarını iki yana uzatıverebilir, hava bu hareketiyle dalgalanarak kafesi esneterek hepimizi içine alacak kadar genişleyebilir, parmaklıklar önce ayaklarımızın altına serilir gibi gözükebilir ama aslında hepimizin üstünde yükselerek tepemize çökebilirdi.

Aşağıya baktım. Tahtalarla zapt edilmiş, hiçbir yere gidemeyen ama her yere uzanan tren rayları. Atlayıp koşsam… Çantam çok ağırdı. Daha birkaç adım atamadan, kartal, suratını bedenime gömerdi.

“Bu sefer farklı,” diye yanıtladım onu. “Yeniden diyemezsin. Tekrarladığım bir şey değil bu. Hatta bir hata yapıyormuşum gibi tonlayamazsın da. Bu sefer, insanların hak etmediğini biliyorum.”

“O zaman daha vahim. Süzme salaksın demektir.”

“İnsanların hak etmemesi, insanlığın hak etmediği anlamına gelmez ki.”

Az önce göz göze geldiğim genççe ama çökük asker hâlâ bana bakıyordu. Bir kartalla konuştuğumu anlamamıştı şüphesiz. Yanımdakilerden biriyle konuştuğumu sanmış olmalıydı. Ama konuştuğum kişiye bakmıyordum ona göre. Çekingence kafamı eğmiştim. Bir kez daha göz göze geldiğimizde içerideki diğer iki askere bir şeyler söyledi, onlar dönüp beni süzerken dışarı çıktı.

Yanımızdaki, az önce konuşan iki adam da şaşkınlıkla bir bana bir kartala bakıyordu.

“Yalnız bu sefer kalbin de kırılacak, Prometheus,” dedi kartal, bana. “Belki son olur. Biliyorsun, bir sürü soruna neden oluyor bu yaptıkların.”

Beni koruyordu sözde. En çok kanıma dokunan buydu. Kasıklarımın üstüne oturmuş, kanlı suratının ardında gözleri parlarken attığı çığlık kulaklarımda titremeye devam ediyordu. Bu tabloda kimsenin kimseyi düşündüğü yoktu. Kartalın, yanımızdaki adamların, artık arkama kadar gelmiş olması gereken askerin, tren raylarının, geçmeyen saatlerin…

Arkamı döndüğümde, asker sahiden oradaydı. Zaten öyle olması gerekiyordu; görmüştüm bunu, biliyordum. Kehanetler… Bir şeyler söylüyordu ama ağzı oynarken sesi çıkmıyordu. Yavaşlamış, kendisini saatin akışına uydurmuştu. Havada donan tükürüğünden anlaşılıyordu, sinirliydi. Korktuğu için olduğunu biliyordum. Her seferinde korkmuşlardı. Beni unutmuş olmaları işlerini kolaylaştırmıyordu. Sadece yeni bir isim vermelerine neden oluyordu. Bu seferkiyle beni lanetleyecekleri kesinleşmişti.

Olması gerekenle olanların farklı olması ne kadar acınasıydı. Olması gerekenlerin doğasının kötücül olmasıysa bir yerde buna dayanıyordu.

“Salaksın,” dedi kartal bana. Zamanı aşan bir çığlık. Hepimizin önüne geçmişti ama kimseyi durduramıyordu.

Sonsuzluğa kaç tane iki saat sıkıştırabilirsiniz?

Ben bir tane bile sıkıştıramadım.

Çantama uzanıyordum. Asker de sırtındaki tüfeğini indiriyordu. Benim acelem yoktu, onunsa eli ayağı birbirine dolaşıyordu. Oysaki her şey tam olması gerektiği anda olacaktı. Kehanet başkasının parmaklarının ucundaydı.

Güneş, bir tüfeğin patlamasıyla yeryüzüne doğdu.

Rayların üzerine serilmiş göğsümün ortasından, bir çantanın içinden.

Not: Bu öykü ilk olarak 2021 yılında Esrarengiz Hikâyeler'de yayımlanmıştır.

@ a10260a2:caa23e3e

nostr:npub1nkmta4dmsa7pj25762qxa6yqxvrhzn7ug0gz5frp9g7p3jdscnhsu049fn added support for classified listings (NIP-99) about a month ago and recently announced this update that allows for creating/editing listings and blog posts via the dashboard.

In other words, listings created on the website are also able to be viewed and edited on other Nostr apps like Amethyst and Shopstr. Interoperability FTW.

I took some screenshots to give you an idea of how things work.

The home page is clean with the ability to search for profiles by name, npub, or Nostr address (NIP-05).

Clicking login allows signing in with a browser extension.

The dashboard gives an overview of the amount of notes posted (both short and long form) and products listed.

Existing blog posts (i.e. long form notes) are synced.

Same for product listings. There’s a nice interface to create new ones and preview them before publishing.

That’s all for now. As you can see, super slick stuff!

Bullish on Cypher.

So much so I had to support the project and buy a subdomain. 😎

https://bullish.cypher.space

originally posted at https://stacker.news/items/760592

@ a95c6243:d345522c

Und plötzlich weißt du:
Es ist Zeit, etwas Neues zu beginnen
und dem Zauber des Anfangs zu vertrauen.
Meister Eckhart

Schwarz, rot, gold leuchtet es im Kopf des Newsletters der deutschen Bundesregierung, der mir freitags ins Postfach flattert. Rot, gelb und grün werden daneben sicher noch lange vielzitierte Farben sein, auch wenn diese nie geleuchtet haben. Die Ampel hat sich gerade selber den Stecker gezogen – und hinterlässt einen wirtschaftlichen und gesellschaftlichen Trümmerhaufen.

Mit einem bemerkenswerten Timing hat die deutsche Regierungskoalition am Tag des «Comebacks» von Donald Trump in den USA endlich ihr Scheitern besiegelt. Während der eine seinen Sieg bei den Präsidentschaftswahlen feierte, erwachten die anderen jäh aus ihrer Selbsthypnose rund um Harris-Hype und Trump-Panik – mit teils erschreckenden Auswüchsen. Seit Mittwoch werden die Geschicke Deutschlands nun von einer rot-grünen Minderheitsregierung «geleitet» und man steuert auf Neuwahlen zu.

Das Kindergarten-Gehabe um zwei konkurrierende Wirtschaftsgipfel letzte Woche war bereits bezeichnend. In einem Strategiepapier gestand Finanzminister Lindner außerdem den «Absturz Deutschlands» ein und offenbarte, dass die wirtschaftlichen Probleme teilweise von der Ampel-Politik «vorsätzlich herbeigeführt» worden seien.

Lindner und weitere FDP-Minister wurden also vom Bundeskanzler entlassen. Verkehrs- und Digitalminister Wissing trat flugs aus der FDP aus; deshalb darf er nicht nur im Amt bleiben, sondern hat zusätzlich noch das Justizministerium übernommen. Und mit Jörg Kukies habe Scholz «seinen Lieblingsbock zum Obergärtner», sprich: Finanzminister befördert, meint Norbert Häring.

Es gebe keine Vertrauensbasis für die weitere Zusammenarbeit mit der FDP, hatte der Kanzler erklärt, Lindner habe zu oft sein Vertrauen gebrochen. Am 15. Januar 2025 werde er daher im Bundestag die Vertrauensfrage stellen, was ggf. den Weg für vorgezogene Neuwahlen freimachen würde.

Apropos Vertrauen: Über die Hälfte der Bundesbürger glauben, dass sie ihre Meinung nicht frei sagen können. Das ging erst kürzlich aus dem diesjährigen «Freiheitsindex» hervor, einer Studie, die die Wechselwirkung zwischen Berichterstattung der Medien und subjektivem Freiheitsempfinden der Bürger misst. «Beim Vertrauen in Staat und Medien zerreißt es uns gerade», kommentierte dies der Leiter des Schweizer Unternehmens Media Tenor, das die Untersuchung zusammen mit dem Institut für Demoskopie Allensbach durchführt.

«Die absolute Mehrheit hat absolut die Nase voll», titelte die Bild angesichts des «Ampel-Showdowns». Die Mehrheit wolle Neuwahlen und die Grünen sollten zuerst gehen, lasen wir dort.

Dass «Insolvenzminister» Robert Habeck heute seine Kandidatur für das Kanzleramt verkündet hat, kann nur als Teil der politmedialen Realitätsverweigerung verstanden werden. Wer allerdings denke, schlimmer als in Zeiten der Ampel könne es nicht mehr werden, sei reichlich optimistisch, schrieb Uwe Froschauer bei Manova. Und er kenne Friedrich Merz schlecht, der sich schon jetzt rhetorisch auf seine Rolle als oberster Feldherr Deutschlands vorbereite.

Was also tun? Der Schweizer Verein «Losdemokratie» will eine Volksinitiative lancieren, um die Bestimmung von Parlamentsmitgliedern per Los einzuführen. Das Losverfahren sorge für mehr Demokratie, denn als Alternative zum Wahlverfahren garantiere es eine breitere Beteiligung und repräsentativere Parlamente. Ob das ein Weg ist, sei dahingestellt.

In jedem Fall wird es notwendig sein, unsere Bemühungen um Freiheit und Selbstbestimmung zu verstärken. Mehr Unabhängigkeit von staatlichen und zentralen Institutionen – also die Suche nach dezentralen Lösungsansätzen – gehört dabei sicher zu den Möglichkeiten. Das gilt sowohl für jede/n Einzelne/n als auch für Entitäten wie die alternativen Medien.

---

Dieser Beitrag ist zuerst auf Transition News erschienen.

@ 2063cd79:57bd1320

Einer der großen Vorteile von Bitcoin ist, dass es relativ einfach ist Bitcoin selbst zu verwahren. Ich predige self-custody, also die Eigenverwahrung, von Bitcoin in fast jeder Ausgabe als einer der Hauptkomponenten der Formel für Freedom Money rauf und runter. Doch was genau bedeutet es seine bitcoins selbst zu verwahren? Denn schließlich verwaltet jeder mündige Bürger seine Finanzen, ob in Bitcoin oder nicht, in der Regel ja immer selbst. Es gibt einen großen Unterschied zwischen verwalten und verwahren. Denn das Verwahren übernehmen bei anderen Assets Dritte für uns, sei es die Bank, die unser Geld auf Konten, Hypotheken und Sparanlagen, manchmal sogar Wertsachen in Schließfächern, verwahrt, Finanzbroker oder Depotbanken, die Wertpapiere wie Aktien, Bonds oder ähnliches, verwahren, oder Versicherer, die Policen, Sparvermögen, usw. für uns verwahren. Immer sind Drittparteien mit der Verwahrung unseres Besitzes vertraut, oder haben sich uns aufgedrängt, weil es schlichtweg nicht anders möglich ist, diese Besitztümer völlig autark zu verwahren. Bei Bitcoin ist das anders. Bitcoin lässt sich ähnlich wie Bargeld, Gold oder Schmuck völlig autark und selbstbestimmt verwahren. Dabei gibt es, wie bei allem im Leben, sowohl einfache und bequeme, aber dadurch unsichere, als auch komplizierte und etwas aufwändigere, aber deshalb sehr sichere Verwahrungsmethoden. Eine sehr sichere Methode stellt die Verwahrung mit Hilfe von MultiSig (also Multi-Signature) dar. Dieses wollen wir uns diese Woche genauer anschauen.

---

Eine der großen Errungenschaften von Bitcoin ist die Möglichkeit der Eigenverwahrung, sogenanntes self-custody. Es bietet jedem//jeder Hodler//in, Anleger//in und Investor//in eine völlig autarke und selbstbestimmte, Methode zur Verwahrung und Kontrolle seines Besitzes und damit einen Schutz vor Zensur, Kontrolle und Übergriffen. Ohne zu sehr ins Detail zu gehen, möchte ich kurz grundlegend die Sicherheitsstruktur von Bitcoin darlegen. Jede//r Nutzer//in sollte zunächst über eine Wallet verfügen. Eine Wallet ist kein Muss, um mit Bitcoin in Kontakt zu treten, jedoch versucht ja auch niemand das Internet ohne Browser zu verwenden. Eine Wallet ist, ähnlich wie der Internetbrowser, eine Software, die es dem Nutzenden ermöglicht Bitcoin zu erhalten, zu versenden oder zu verwahren (ohne Bitcoin direkt zu erhalten, zu versenden oder zu verwahren - kompliziert, ich weiß). Dabei gibt es ein weites Spektrum an verschiedenen Diensten. Es gibt Wallets, Börsen oder andere Verwahrungs-Services. Um das Thema MultiSig zu besprechen, fokussieren wir uns auf Wallets.

Im Grunde besitzt jede//r Halter//in von Bitcoin ein Schlüsselpaar - einen privaten Schlüssel (Private Key) und einen öffentlichen Schlüssel (PubKey). Vergleicht man das Konzept mit dem alten Finanzsystem würde man sagen, der öffentliche Schlüssel stellt die Kontonummer dar, also die Information, die öffentlich geteilt werden kann und der private Schlüssel stellt die PIN Nummer dar, also die Information, die nur die//der Besitzer//in haben sollte. Der private Schlüssel ist also die Information, die es zu schützen gilt, denn in Kombination erlauben mir die beiden Schlüssel Zugriff auf die sich dahinter befindenden bitcoins. Ein bitcoin lässt sich nicht aus der Blockchain extrahieren. Die einzelnen Coins existieren nur innerhalb der Chain (und nicht als ganze "Coins", sondern als Outputs/UTXOs). Lediglich der Besitzanspruch wird außerhalb gehandhabt. Das bedeutet, dass ich mit meinen beiden Schlüsseln den Zugriff oder Anspruch auf eine gewisse Anzahl bitcoins ausweisen kann. Habe ich Zugriff auf den privaten Schlüssel, kann ich also ohne weiteres komplett über alle damit verbundenen bitcoins verfügen, sie ausgeben, sie weiterversenden (oder akkurater formuliert: eine Nachricht signieren, die dem Empfänger die Kontrolle über diese bitcoins gewährt), oder sie sogar zerstören. Wallets übernehmen die Speicherung der Schlüssel, sowohl der öffentlichen, als auch der privaten, in einem für den Anwender benutzerfreundlichen Interface.

Sogenannte Hot Wallets, sind Apps, die mit dem Internet verbunden sind, und dadurch "hot" oder "live" sind, das heißt sie können im schlimmsten Fall gehackt werden. Cold Wallets sind offline Lösungen, die sich nicht online hacken lassen, aber z.B. im Falle eines Paper Wallets leicht verlieren, stehlen, oder zerstören lassen. Das Problem, wie oben erwähnt, ist je bequemer und nutzerfreundlich die Handhabung der Wallet, desto unsicherer ist sie in der Regel auch. Also jegliche Software Wallets, egal ob mobil oder auf dem Rechner daheim, stellen Sicherheitsrisiken dar, da sie wieder einen Drittanbieter in die Gleichung schleusen. Um volle Autarkie zu erlangen muss man sich von Drittanbietern, wie Wallet Anbietern, Börsen oder sonstigen Services, komplett lösen und die Schlüssel und damit seine bitcoins selbst verwahren. Denn die eiserne Regel gilt immer: Not your keys not your coins!

Wenn man einen Betrag von seiner Wallet senden möchte, wird eine Transaktion erstellt und signiert. Indem die Transaktion signiert wird, beglaubigt man in digitaler Form, dass man der Eigentümer des Betrages ist, dass man die Schlüssel besitzt, um es zu verwalten, und man die Transaktion genehmigt. Es wird also der Besitzanspruch signalisiert und weitergegeben, und kein bitcoin physisch bewegt. In einer Single-Signature Wallet benötigt man nur eine Signatur, um eine Transaktion zu signieren. Bei MultiSig (Multi-Signature) erfordert die Wallet mehrere Signaturen, um eine Transaktion zu signieren. Eine MultiSig-Wallet wird dabei von zwei oder mehreren Benutzern geteilt. Wird also eine Transaktion erstellt, muss die Anfrage zunächst von allen Teilnehmern bestätigt werden. MultiSig ist ein Aufbewahrungsmodell, bei dem eine Wallet mit mehreren Schlüsseln in einem m-von-n-Schema erstellt werden. Also beispielsweise eine 2-von-3-Wallet basierend auf drei Schlüsseln, von denen zwei zum Bestätigen einer Transaktion erforderlich sind. Es gibt auch andere Modelle wie 3-von-3, oder 3-von-5, etc. allerdings stellt 2-von-3 die gängigste Methode dar. Das Schöne an diesem Modell ist, dass es Single Points of Failure (SPOF) eliminiert. Das bedeutet, dass selbst sonst kritische Informationen, wie Seed-Phrase-Backups oder Hardware-Wallets, sogar von Angreifern gestohlen, oder durch einen Unfall verloren oder zerstört, werden können, ohne dass die Wallet kompromittiert wird. Es ist hilfreich, sich die MultiSig-Wallet als einen digitalen Safe vorzustellen. Man besitzt dabei verschiedene Schlüssel zu diesem Safe. Im Beispiel von der 2-von-3-Wallet hat der Tresor zwei Schlüssellöcher und drei Schlüssel. Zwei beliebige der drei Schlüssel können verwendet werden, um den Safe zu entriegeln, damit die darin gespeicherten bitcoins bewegt werden können.

https://x.com/cryptograffiti/status/1544763238721601537

Das bedeutet jedoch nicht, dass man mit einer MultiSig-Wallet unvorsichtiger umgehen sollte, denn trotz der Flexibilität, die MultiSig bietet, sollte man ein Seed-Phrase-Backup erstellen und vermeiden, Hardware-Wallets oder Seed-Phrasen gemeinsam aufzubewahren. Fast alle Anbieter von guten, sicheren und seriösen Wallet Software, sowie Hersteller von Hardware-Wallets bieten an MultiSig-Wallets innerhalb ihrer Apps anzulegen. Der Prozess ist ein wenig aufwändiger, als das Anlegen einfacher Single-Signature-Wallets, die Vorteile überwiegen den Aufwand aber deutlich. Ein MultiSig-Wallet schützt in der Regel, und wenn ordentlich gehandhabt, vor Phishing, Malware, Verlust der Schlüssel, Verlust von Hardware, wie Telefon, Laptop oder Hardware-Wallet, aber auch vor Diebstahl und Unfällen.

MultiSig-Wallets dienen nicht nur der Sicherheit, sondern können darüber hinaus auch weitere Nutzen haben. MultiSig kann auch als Zwei-Faktor-Authentifizierung für Bitcoin Transaktionen verstanden werden. Die vielfachen privaten Schlüssel können auf verschiedenen Geräten gespeichert und auf die im MultiSig-Wallet gespeicherten Coins nur zugegriffen werden, wenn alle Schlüssel vorhanden sind. bereitgestellt werden. Auch gibt es Szenarien, in denen ein MultiSig-Wallet als treuhänderischer Dienst funktionieren könnte. Zwei Parteien vereinbaren eine Zahlung für eine Dienstleistung oder einen Warenaustausch und setzen einen Treuhänder ein, der einen der Schlüssel erhält. Erst im Falle der erbrachten Leistung, übergibt dieser Treuhänder den Schlüssel und die Geldmittel können übertragen werden. Aber auch zukünftige Gesellschaftsformen könnten von einem solchen Modell profitieren. Gerade die aktuell diskutierte Gesellschaft mbH mit gebundenem Vermögen würde das gebundene Vermögen sichern können, indem jedes Vorstandsmitglied Zugriff auf einen privaten Schlüssel von vielen erhält. Kein einzelnes Vorstandsmitglied darf die Geldmittel missbräuchlich oder entgegen der Satzung verwenden. Somit könnten nur die von den Vorstandsmitgliedern mehrheitlich vereinbarten Entscheidungen ausgeführt und finanziert werden.

---

MultiSig erhöht die Sicherheit von selbst verwahrtem Vermögen um ein vielfaches. Doch auch über den eigenen Sicherheitsaspekt hinaus, hat MultiSig die Möglichkeit das Thema digitaler Zahlungen in weiteren Bereichen interessant zu machen - Beispiele wie Escrow oder das Finanzplanning bei Gesellschaftsformen mit Vermögensbindung ergeben sich vielfach. Doch darüber hinaus, ist self-custody einer der wichtigsten Bausteine auf dem Weg zu einem Bitcoin Standard. Es soll nicht bedeuten, dass man sich mit seinem Eigentum verstecken und vergraben und der Gesellschaft nichts zurück geben soll, denn auch eigenständig verwahrte Bitcoins müssen zumindest steuerlich berücksichtigt werden. Jedoch bedeutet es, dass mir niemand meine bitcoins entreißen kann. Es gibt keine Bank, die mein Konto einfrieren oder pfänden könnte. Man kann auf seine bitcoins problemlos überall zugreifen, solange die Blockchain läuft, egal wo man sich auf der Welt befindet und egal zu welcher Tages- und Uhrzeit. Die Idee, dass Regierungen den Bankensektor, den sie regulieren, zwingen können Finanzdienstleistungen als Waffen einzusetzen sollte spätestens seit dem Freedom Convoy in Kanada keine Dystopie mehr sein. Es besteht kein Zweifel, dass die zunehmende Übergriffigkeit der Staaten, wie zuletzt in Kanada, eines der einzigartigen Wertversprechen von Bitcoin hervorgehoben hat: Jeder kann über seinen Besitz frei verfügen und Menschen können sich vor finanziellem "Cancelling" schützen. Es gibt Bitcoin eine weitere Bedeutung in seinem Narrativ als monetäre Revolution.

🫳🎤

---

In diesem Sinne, 2... 1... Risiko!‌

@ a95c6243:d345522c

Es ist besser, ein Licht zu entzünden, als auf die Dunkelheit zu schimpfen. Konfuzius

Die Bemühungen um Aufarbeitung der sogenannten Corona-Pandemie, um Aufklärung der Hintergründe, Benennung von Verantwortlichkeiten und das Ziehen von Konsequenzen sind durchaus nicht eingeschlafen. Das Interesse daran ist unter den gegebenen Umständen vielleicht nicht sonderlich groß, aber es ist vorhanden.

Der sächsische Landtag hat gestern die Einsetzung eines Untersuchungsausschusses zur Corona-Politik beschlossen. In einer Sondersitzung erhielt ein entsprechender Antrag der AfD-Fraktion die ausreichende Zustimmung, auch von einigen Abgeordneten des BSW.

In den Niederlanden wird Bill Gates vor Gericht erscheinen müssen. Sieben durch die Covid-«Impfstoffe» geschädigte Personen hatten Klage eingereicht. Sie werfen unter anderem Gates, Pfizer-Chef Bourla und dem niederländischen Staat vor, sie hätten gewusst, dass diese Präparate weder sicher noch wirksam sind.

Mit den mRNA-«Impfstoffen» von Pfizer/BioNTech befasst sich auch ein neues Buch. Darin werden die Erkenntnisse von Ärzten und Wissenschaftlern aus der Analyse interner Dokumente über die klinischen Studien der Covid-Injektion präsentiert. Es handelt sich um jene in den USA freigeklagten Papiere, die die Arzneimittelbehörde (Food and Drug Administration, FDA) 75 Jahre unter Verschluss halten wollte.

Ebenfalls Wissenschaftler und Ärzte, aber auch andere Experten organisieren als Verbundnetzwerk Corona-Solution kostenfreie Online-Konferenzen. Ihr Ziel ist es, «wissenschaftlich, demokratisch und friedlich» über Impfstoffe und Behandlungsprotokolle gegen SARS-CoV-2 aufzuklären und die Diskriminierung von Ungeimpften zu stoppen. Gestern fand eine weitere Konferenz statt. Ihr Thema: «Corona und modRNA: Von Toten, Lebenden und Physik lernen».

Aufgrund des Digital Services Acts (DSA) der Europäischen Union sei das Risiko groß, dass ihre Arbeit als «Fake-News» bezeichnet würde, so das Netzwerk. Staatlich unerwünschte wissenschaftliche Aufklärung müsse sich passende Kanäle zur Veröffentlichung suchen. Ihre Live-Streams seien deshalb zum Beispiel nicht auf YouTube zu finden.

Der vielfältige Einsatz für Aufklärung und Aufarbeitung wird sich nicht stummschalten lassen. Nicht einmal der Zensurmeister der EU, Deutschland, wird so etwas erreichen. Die frisch aktivierten «Trusted Flagger» dürften allerdings künftige Siege beim «Denunzianten-Wettbewerb» im Kontext des DSA zusätzlich absichern.

Wo sind die Grenzen der Meinungsfreiheit? Sicher gibt es sie. Aber die ideologische Gleichstellung von illegalen mit unerwünschten Äußerungen verfolgt offensichtlich eher das Ziel, ein derart elementares demokratisches Grundrecht möglichst weitgehend auszuhebeln. Vorwürfe wie «Hassrede», «Delegitimierung des Staates» oder «Volksverhetzung» werden heute inflationär verwendet, um Systemkritik zu unterbinden. Gegen solche Bestrebungen gilt es, sich zu wehren.

---

Dieser Beitrag ist zuerst auf Transition News erschienen.

@ eac63075:b4988b48

Every night, you draw your curtains without thinking twice. It's instinctive—a simple act that protects your personal space. Yet in our digital lives, we've somehow accepted living in houses made entirely of glass, with countless unseen observers watching our every move.

https://www.fountain.fm/episode/wPZLCJ3fD6vzsWQ3XSE1

Why Privacy Matters to Everyone

Privacy isn't just for those with something to hide; it's a fundamental human need. Think about the conversations you have with friends, the late-night web searches you make, the personal moments you capture in photos. Would you want all of that broadcasted to the world?

I remember my friend Lisa planning a surprise party for her husband. She searched for gift ideas and coordinated with friends through social media. To her dismay, targeted ads for the exact gift she intended to buy started popping up on their shared devices at home. The surprise was ruined. It wasn't malicious, but it was a stark reminder of how our online activities are constantly monitored.

When a major retailer's customer database was breached, my neighbor Sarah discovered her shopping history, credit card details, and even her children's names were exposed to criminals. She hadn't realized how much personal information she'd unknowingly shared through routine purchases. It was a wake-up call that privacy breaches can affect anyone, not just the tech-savvy or those in high-profile positions.

Edward Snowden once said, "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." Privacy isn't about secrecy; it's about autonomy over our personal information.

The Rise of the Cypherpunks

Back in the '90s, a group known as the cypherpunks saw the writing on the wall. They recognized that as we moved into a digital era, our personal freedoms could be at risk. So they took action.

One of them, Eric Hughes, famously wrote, "Privacy is necessary for an open society in the electronic age." They developed encryption tools to protect individual privacy, laying the groundwork for technologies like Bitcoin and cryptocurrencies. These innovations were about more than digital money; they were about empowering individuals to take control of their own data.

When Technology Knows Too Much

Fast forward to today, and artificial intelligence (AI) is everywhere—in our phones, homes, and even cars. While AI brings convenience, it also raises serious privacy concerns.

Remember when you mentioned needing new running shoes, and suddenly every ad on your browser was for footwear? It's not your imagination. AI algorithms analyze our conversations, searches, and purchases to predict what we'll want next. But where does it stop?

A few years ago, a major retailer guessed a teenager was pregnant based on her shopping habits before she had told her family. They sent her targeted coupons for baby products, leading to a very uncomfortable situation at home. This isn't just marketing—it's intrusion.

Naomi Brockwell, a privacy advocate, warns, "Our relationship with financial privacy has fundamentally changed. What was once seen as a constitutional right and personal freedom is now simply part of the trade-off for using digital payments. Our baseline for what’s acceptable has shifted." It's a wake-up call that our digital footprints are larger and more revealing than we might think.

Privacy-Preserving AI

While AI often threatens privacy, emerging technologies like federated learning offer hope. This approach allows AI models to learn from data without directly accessing personal information. Imagine your phone improving its predictive text without sending your messages to a central server. It's AI that respects your privacy.

The Watchful Eye: Mass Surveillance and AI

Governments and corporations often justify mass surveillance as a means to keep us safe. But at what cost? When every email, message, or phone call can be monitored, we're sacrificing more than just data—we're giving up our freedom to think and communicate without fear.

Think about how you'd behave if someone followed you around with a camera all day. You might avoid certain places or people, censor your conversations, or feel constantly on edge. That's the chilling effect of mass surveillance.

I spoke with Alex, a journalist who covers political activism. "After attending a peaceful protest, I noticed unusual activity on my devices," he told me. "It made me second-guess my work, wondering who's watching." This isn't paranoia; it's a reality for many who challenge the status quo.

Building Digital Fortresses: Cryptographic Innovations

So how do we reclaim our privacy? Cryptography offers some solutions.

Zero-Knowledge Proofs: Proving Without Revealing

Zero-knowledge proofs allow you to prove you know something without revealing the actual information. Imagine showing a bouncer a card that confirms you're over 21 without exposing your birth date or any other details. In the digital world, this means verifying your identity or eligibility without handing over all your personal data.

Homomorphic Encryption: Secure Processing

Then there's homomorphic encryption, which lets companies process your data without actually seeing it. Think of it like sending a locked suitcase with your belongings; they can weigh it or move it, but they can't open it to see what's inside.

Quantum-Resistant Algorithms: Future-Proofing Privacy

As quantum computers become more powerful, they could potentially break current encryption methods. Quantum-resistant algorithms are being developed to safeguard our data against these future threats. It's like reinforcing your digital locks today to withstand the super lock-picking tools of tomorrow.

Decentralization: Taking Back Control

Decentralization aims to put power back into the hands of individuals. Bitcoin let you be your own bank, controlling your finances without a middleman. Decentralized social media platforms like Nostr, Bluesky or Fascaster allow you to own your content without algorithms dictating what you see or who sees you.

Decentralized Identity Systems

Decentralized identity systems let you prove who you are without revealing more than necessary. It's like showing only your age at a bar instead of handing over your entire driver's license. You maintain control over your personal information.

But with great power comes great responsibility. Without a bank to reset your password or customer service to recover your account, the onus is on you to protect your assets and information.

Practical Tips to Protect Your Privacy

You don't have to be a tech guru to safeguard your privacy. Here are some steps you can take today:

• Use Encrypted Messaging Apps: Switch to apps like Signal, SimpleX or Session for secure communication. Your messages will be end-to-end encrypted, meaning only you and the recipient can read them.

• Limit Social Media Sharing: Be mindful of what you post. Do you really need to share your location or personal details publicly?

• Choose Privacy-Focused Browsers and Search Engines: Use browsers like Brave or Firefox and search engines like DuckDuckGo that don't track your every move.

• Secure Your Passwords: Use strong, unique passwords for each account, and consider a password manager like Bitwarden. Enable two-factor authentication whenever possible.

• Use Encrypted Email Services: Consider email providers like ProtonMail that offer end-to-end encryption for your communications.

• Regularly Audit App Permissions: Check which apps have access to your location, microphone, and contacts. Revoke permissions that aren't necessary.

• Be Wary of Public Wi-Fi: Public networks can be a hotbed for hackers. If you must use them, a VPN like ProtonVPN can add a layer of security.

• Consider Privacy-Focused Alternatives: Explore services like Nextcloud for cloud storage or Jitsi Meet for video conferencing, which prioritize user privacy.

• Keep Software Updated: Regular updates often include security patches. Don't ignore them.

• Stay Informed and Skeptical: Phishing scams are getting more sophisticated. Think before you click on suspicious links or download attachments.

Final Thoughts

Privacy isn't a lost cause; it's a right worth fighting for. As Edward Snowden reminds us, "Privacy is the fountainhead of all other rights."

By taking control of our data and digital habits, we can navigate the online world with greater confidence and peace of mind. After all, wouldn't it be nice to live in a digital home where we decide when to close the curtains?

Read more

OPSEC and Digital Hygiene Plan: https://www.eddieoz.com/opsec-and-digital-hygiene-plan/

@ c631e267:c2b78d3e

Herzlichen Glückwunsch zum dritten Geburtstag, liebe Denk Bar! Wieso zum dritten? Das war doch 2022 und jetzt sind wir im Jahr 2024, oder? Ja, das ist schon richtig, aber bei Geburtstagen erinnere ich mich immer auch an meinen Vater, und der behauptete oft, der erste sei ja schließlich der Tag der Geburt selber und den müsse man natürlich mitzählen. Wo er recht hat, hat er nunmal recht. Konsequenterweise wird also heute dieser Blog an seinem dritten Geburtstag zwei Jahre alt.

Das ist ein Grund zum Feiern, wie ich finde. Einerseits ganz einfach, weil es dafür gar nicht genug Gründe geben kann. «Das Leben sind zwei Tage», lautet ein gängiger Ausdruck hier in Andalusien. In der Tat könnte es so sein, auch wenn wir uns im Alltag oft genug von der Routine vereinnahmen lassen.

Seit dem Start der Denk Bar vor zwei Jahren ist unglaublich viel passiert. Ebenso wie die zweieinhalb Jahre davor, und all jenes war letztlich auch der Auslöser dafür, dass ich begann, öffentlich zu schreiben. Damals notierte ich:

«Seit einigen Jahren erscheint unser öffentliches Umfeld immer fragwürdiger, widersprüchlicher und manchmal schier unglaublich - jede Menge Anlass für eigene Recherchen und Gedanken, ganz einfach mit einer Portion gesundem Menschenverstand.»

Wir erleben den sogenannten «großen Umbruch», einen globalen Coup, den skrupellose Egoisten clever eingefädelt haben und seit ein paar Jahren knallhart – aber nett verpackt – durchziehen, um buchstäblich alles nach ihrem Gusto umzukrempeln. Die Gelegenheit ist ja angeblich günstig und muss genutzt werden.

Nie hätte ich mir träumen lassen, dass ich so etwas jemals miterleben müsste. Die Bosheit, mit der ganz offensichtlich gegen die eigene Bevölkerung gearbeitet wird, war früher für mich unvorstellbar. Mein (Rest-) Vertrauen in alle möglichen Bereiche wie Politik, Wissenschaft, Justiz, Medien oder Kirche ist praktisch komplett zerstört. Einen «inneren Totalschaden» hatte ich mal für unsere Gesellschaften diagnostiziert.

Was mich vielleicht am meisten erschreckt, ist zum einen das Niveau der Gleichschaltung, das weltweit erreicht werden konnte, und zum anderen die praktisch totale Spaltung der Gesellschaft. Haben wir das tatsächlich mit uns machen lassen?? Unfassbar! Aber das Werkzeug «Angst» ist sehr mächtig und funktioniert bis heute.

Zum Glück passieren auch positive Dinge und neue Perspektiven öffnen sich. Für viele Menschen waren und sind die Entwicklungen der letzten Jahre ein Augenöffner. Sie sehen «Querdenken» als das, was es ist: eine Tugend.

Auch die immer ernsteren Zensurbemühungen sind letztlich nur ein Zeichen der Schwäche, wo Argumente fehlen. Sie werden nicht verhindern, dass wir unsere Meinung äußern, unbequeme Fragen stellen und dass die Wahrheit peu à peu ans Licht kommt. Es gibt immer Mittel und Wege, auch für uns.

---

Danke, dass du diesen Weg mit mir weitergehst!

@ 3bf0c63f:aefa459d

The case against edits

Direct edits are a centralizing force on Nostr, a slippery slope that should not be accepted.

Edits are fine in other, more specialized event kinds, but the kind:1 space shouldn't be compromised with such a push towards centralization, because kind:1 is the public square of Nostr, where all focus should be on decentralization and censorship-resistance.

• Why?

Edits introduce too much complexity. If edits are widespread, all clients now have to download dozens of extra events at the same time while users are browsing a big feed of notes which are already coming from dozens of different relays using complicated outbox-model-based querying, then for each event they have to open yet another subscription to these relays -- or perform some other complicated batching of subscriptions which then requires more complexity on the event handling side and then when associating these edits with the original events. I can only imagine this will hurt apps performance, but it definitely raises the barrier to entry and thus necessarily decreases Nostr decentralization.

Some clients may be implemneted in way such that they download tons of events and then store them in a local databases, from which they then construct the feed that users see. Such clients may make edits potentially easier to deal with -- but this is hardly an answer to the point above, since such clients are already more complex to implement in the first place.

• What do you have against complex clients?

The point is not to say that all clients should be simple, but that it should be simple to write a client -- or at least as simple as physically possible.

You may not be thinking about it, but if you believe in the promise of Nostr then we should expect to see Nostr feeds in many other contexts other than on a big super app in a phone -- we should see Nostr notes being referenced from and injected in unrelated webpages, unrelated apps, hardware devices, comment sections and so on. All these micro-clients will have to implement some complicated edit-fetching logic now?

• But aren't we already fetching likes and zaps and other things, why not fetch edits too?

Likes, zaps and other similar things are optional. It's perfectly fine to use Nostr without seeing likes and/or zaps -- and, believe me, it does happen quite a lot. The point is basically that likes or zaps don't affect the content of the main post at all, while edits do.

• But edits are optional!

No, they are not optional. If edits become widespread they necessarily become mandatory. Any client that doesn't implement edits will be displaying false information to its users and their experience will be completely broken.

• That's fine, as people will just move to clients that support edits!

Exactly, that is what I expect to happen too, and this is why I am saying edits are a centralizing force that we should be fighting against, not embracing.

If you understand that edits are a centralizing force, then you must automatically agree that they aren't a desirable feature, given that if you are reading this now, with Nostr being so small, there is a 100% chance you care about decentralization and you're not just some kind of lazy influencer that is only doing this for money.

• All other social networks support editing!

This is not true at all. Bluesky has 10x more users than Nostr and doesn't support edits. Instagram doesn't support editing pictures after they're posted, and doesn't support editing comments. Tiktok doesn't support editing videos or comments after they're posted. YouTube doesn't support editing videos after they're posted. Most famously, email, the most widely used and widespread "social app" out there, does not support edits of any kind. Twitter didn't support edits for the first 15 years of its life, and, although some people complained, it didn't hurt the platform at all -- arguably it benefitted it.

If edits are such a straightforward feature to add that won't hurt performance, that won't introduce complexity, and also that is such an essential feature users could never live without them, then why don't these centralized platforms have edits on everything already? There must be something there.

• Eventually someone will implement edits anyway, so why bother to oppose edits now?

Once Nostr becomes big enough, maybe it will be already shielded from such centralizing forces by its sheer volume of users and quantity of clients, maybe not, we will see. All I'm saying is that we shouldn't just push for bad things now just because of a potential future in which they might come.

• The market will decide what is better.

The market has decided for Facebook, Instagram, Twitter and TikTok. If we were to follow what the market had decided we wouldn't be here, and you wouldn't be reading this post.

• OK, you have convinced me, edits are not good for the protocol. But what do we do about the users who just want to fix their typos?

There are many ways. The annotations spec, for example, provides a simple way to append things to a note without being a full-blown edit, and they fall back gracefully to normal replies in clients that don't implement the full annotations spec.

Eventually we could have annotations that are expressed in form of simple (human-readable?) diffs that can be applied directly to the post, but fall back, again, to comments.

Besides these, a very simple idea that wasn't tried yet on Nostr yet is the idea that has been tried for emails and seems to work very well: delaying a post after the "submit" button is clicked and giving the user the opportunity to cancel and edit it again before it is actually posted.

Ultimately, if edits are so necessary, then maybe we could come up with a way to implement edits that is truly optional and falls back cleanly for clients that don't support them directly and don't hurt the protocol very much. Let's think about it and not rush towards defeat.

@ 3bf0c63f:aefa459d

O Planetinha

Fumaça verde me entrando pelas narinas e um coro desafinado fazia uma base melódica.

nos confins da galáxia havia um planetinha isolado. Era um planeta feliz.

O homem vestido de mago começava a aparecer por detrás da fumaça verde.

O planetinha recebeu três presentes, mas o seu habitante, o homem, estava num estado de confusão tão grande que ameaçava estragá-los. Os homens já havia escravizado o primeiro presente, a vida; lutavam contra o segundo presente, a morte; e havia alguns que achavam que deviam destruir totalmente o terceiro, o amor, e com isto levar a desordem total ao pobre planetinha perdido, que se chamava Terra.

O coro desafinado entrou antes do "Terra" cantando várias vezes, como se imitasse um eco, "terra-terra-terraaa". Depois de uma pausa dramática, o homem vestido de mago voltou a falar.

Terra, nossa nave mãe.

Neste momento eu me afastei. À frente do palco onde o mago e seu coral faziam apelos à multidão havia vários estandes cobertos com a tradicional armação de quatro pernas e lona branca. Em todos os cantos da praça havia gente, gente dos mais variados tipos. Visitantes curiosos que se aproximavam atraídos pela fumaça verde e as barraquinhas, gente que aproveitava o movimento para vender doces sem pagar imposto, casais que se abraçavam de pé para espantar o frio, os tradicionais corredores que faziam seu cooper, gente cheia de barba e vestida para imitar os hippies dos anos 60 e vender colares estendidos no chão, transeuntes novos e velhos, vestidos como baladeiros ou como ativistas do ônibus grátis, grupos de ciclistas entusiastas.

O mago fazia agora apelos para que nós, os homens, habitantes do isolado planetinha, passássemos a ver o planetinha, nossa nave mãe, como um todo, e adquiríssemos a consciência de que ele estava entrando em maus lençóis. A idéia, reforçada pela logomarca do evento, era que parássemos de olhar só para a nossa vida e pensássemos no planeta.

A logomarca do evento, um desenho estilizado do planeta Terra, nada tinha a ver com seu nome: "Festival Andando de Bem com a Vida", mas havia sido ali colocada estrategicamente pelos organizadores, de quem parecia justamente sair a mensagem dita pelo mago.

Aquela multidão de pessoas que, assim como eu, tinham suas próprias preocupações, não podiam ver o quadro caótico que formavam, cada uma com seus atos isolados, ali naquela praça isolada, naquele planeta isolado. Quando o hippie barbudo, quase um Osho, assustava um casal para tentar vender-lhes um colar, a quantidade de caos que isto acrescentava à cena era gigantesca. Por um segundo, pude ver, como se estivesse de longe e acima, com toda a pretensão que este estado imaginativo carrega, a cena completa do caos.

---

Uma nave-mãe, dessas de ficção científica, habitada por milhões de pessoas, seguia no espaço sem rumo, e sem saber que logo à frente um longo precipício espacial a esperava, para a desgraça completa sua e de seus habitantes.

Acostumados àquela nave tanto quanto outrora estiveram acostumados à sua terra natal, os homens viviam as próprias vidas sem nem se lembrar que estavam vagando pelo espaço. Ninguém sabia quem estava conduzindo a nave, e ninguém se importava.

No final do filme descobre-se que era a soma completa do caos que cada habitante produzia, com seus gestos egoístas e incapazes de levar em conta a totalidade, é que determinava a direção da nave-mãe. O efeito, no entanto, não era imediato, como nunca é. Havia gente de verdade encarregada de conduzir a nave, mas era uma gente bêbada, mau-caráter, que vivia brigando pelo controle da nave e o poder que isto lhes dava. Poder, status, dinheiro!

Essa gente bêbada era atraída até ali pela corrupção das instituições e da moral comum que, no fundo no fundo, era causada pelo egoísmo da população, através de um complexo -- mas que no filme aparece simplificado pela ação individual de um magnata do divertimento público -- processo social.

O homem vestido de mago era mais um agente causador de caos, com sua cena cheia de fumaça e sua roupa estroboscópica, ele achava que estava fazendo o bem ao alertar sua platéia, todos as sextas-feiras, de que havia algo que precisava ser feito, que cada um que estava ali ouvindo era responsável pelo planeta. A sua incapacidade, porém, de explicar o que precisava ser feito só aumentava a angústia geral; a culpa que ele jogava sobre seu público, e que era prontamente aceita e passada em frente, aos familiares e amigos de cada um, atormentava-os diariamente e os impedia de ter uma vida decente no trabalho e em casa. As famílias, estressadas, estavam constantemente brigando e os motivos mais insignificantes eram responsáveis pelas mais horrendas conseqüências.

O mago, que após o show tirava o chapéu entortado e ia tomar cerveja num boteco, era responsável por uma parcela considerável do caos que levava a nave na direção do seu desgraçado fim. No filme, porém, um dos transeuntes que de passagem ouviu um pedaço do discurso do mago despertou em si mesmo uma consiência transformadora e, com poderes sobre-humanos que lhe foram então concedidos por uma ordem iniciática do bem ou não, usando só os seus poderes humanos mesmo, o transeunte -- na primeira versão do filme um homem, na segunda uma mulher -- consegue consertar as instituições e retirar os bêbados da condução da máquina. A questão da moral pública é ignorada para abreviar a trama, já com duas horas e quarenta de duração, mas subentende-se que ela também fora resolvida.

---

No planeta Terra real, que não está indo em direção alguma, preso pela gravidade ao Sol, e onde as pessoas vivem a própria vida porque lhes é impossível viver a dos outros, não têm uma consciência global de nada porque só é possível mesmo ter a consciência delas mesmas, e onde a maioria, de uma maneira ou de outra, está tentando como pode, fazer as coisas direito, o filme é exibido.

Para a maioria dos espectadores, é um filme que evoca reflexões, um filme forte. Por um segundo elas têm o mesmo vislumbre do caos generalizado que eu tive ali naquela praça. Para uma pequena parcela dos espectadores -- entre eles alguns dos que estavam na platéia do mago, o próprio mago, o seguidor do Osho, o casal de duas mulheres e o vendedor de brigadeiros, mas aos quais se somam também críticos de televisão e jornal e gente que fala pelos cotovelos na internet -- o filme é um horror, o filme é uma vulgarização de um problema real e sério, o filme apela para a figura do herói salvador e passa uma mensagem totalmente errada, de que a maioria da população pode continuar vivendo as suas própria vidinhas miseráveis enquanto espera por um herói que vem do Olimpo e os salva da mixórdia que eles mesmos causaram, é um filme que presta um enorme desserviço à causa.

No dia seguinte ao lançamento, num bar meio caro ali perto da praça, numa mesa com oito pessoas, entre elas seis do primeiro grupo e oito do segundo, discute-se se o filme levará ou não o Oscar. Eu estou em casa dormindo e não escuto nada.

@ f977c464:32fcbe00

Kendisini aynada ilk defa gördüğü o gün, diğerleri gibi olduğunu anlamıştı. Oysaki her insan biricik olmalıydı. Sözgelimi sinirlendiğinde bir kaşı diğerinden birkaç milimetre daha az çatılabilirdi veya sevindiğinde dudağı ona has bir açıyla dalgalanabilirdi. Hatta bunların hiçbiri mümkün değilse, en azından, gözlerinin içinde sadece onun sahip olabileceği bir ışık parlayabilirdi. Çok sıradan, öyle sıradan ki kimsenin fark etmediği o milyonlarca minik şeyden herhangi biri. Ne olursa.

Ama yansımasına bakarken bunların hiçbirini bulamadı ve diğer günlerden hiç de farklı başlamamış o gün, işe gitmek için vagonunun gelmesini beklediği alelade bir metro istasyonunda, içinde kaybolduğu illüzyon dağılmaya başladı.

İlk önce derisi döküldü. Tam olarak dökülmedi aslında, daha çok kıvılcımlara dönüşüp bedeninden fırlamış ve bir an sonra sönerek külleşmiş, havada dağılmıştı. Ardında da, kaybolmadan hemen önce, kısa süre için hayal meyal görülebilen, bir ruhun yok oluşuna ağıt yakan rengârenk peri cesetleri bırakmıştı. Beklenenin aksine, havaya toz kokusu yayıldı.

Dehşete düştü elbette. Dehşete düştüler. Panikle üstlerini yırtan 50 işçi. Her şeyin sebebiyse o vagon.

Saçları da döküldü. Her tel, yere varmadan önce, her santimde ikiye ayrıla ayrıla yok oldu.

Bütün yüzeylerin mat olduğu, hiçbir şeyin yansımadığı, suyun siyah aktığı ve kendine ancak kameralarla bakabildiğin bir dünyada, vagonun içine yerleştirilmiş bir aynadan ilk defa kendini görmek.

Gözlerinin akları buharlaşıp havada dağıldı, mercekleri boşalan yeri doldurmak için eriyip yayıldı. Gerçeği görmemek için yaratılmış, bu yüzden görmeye hazır olmayan ve hiç olmayacak gözler.

Her şeyin o anda sona erdiğini sanabilirdi insan. Derin bir karanlık ve ölüm. Görmenin görmek olduğu o anın bitişi.

---

Ben geldiğimde ölmüşlerdi.

Yani bozulmuşlardı demek istiyorum.

Belleklerini yeni taşıyıcılara takmam mümkün olmadı. Fiziksel olarak kusursuz durumdaydılar, olmayanları da tamir edebilirdim ama tüm o hengamede kendilerini baştan programlamış ve girdilerini modifiye etmişlerdi.

Belleklerden birini masanın üzerinden ileriye savurdu. Hınca hınç dolu bir barda oturuyorlardı. O ve arkadaşı.

Sırf şu kendisini insan sanan androidler travma geçirip delirmesin diye neler yapıyoruz, insanın aklı almıyor.

Eliyle arkasını işaret etti.

Polislerin söylediğine göre biri vagonun içerisine ayna yerleştirmiş. Bu zavallılar da kapı açılıp bir anda yansımalarını görünce kafayı kırmışlar.

Arkadaşı bunların ona ne hissettirdiğini sordu. Yani o kadar bozuk, insan olduğunu sanan androidi kendilerini parçalamış olarak yerde görmek onu sarsmamış mıydı?

Hayır, sonuçta belirli bir amaç için yaratılmış şeyler onlar. Kaliteli bir bilgisayarım bozulduğunda üzülürüm çünkü parasını ben vermişimdir. Bunlarsa devletin. Bana ne ki?

Arkadaşı anlayışla kafasını sallayıp suyundan bir yudum aldı. Kravatını biraz gevşetti.

Bira istemediğinden emin misin?

İstemediğini söyledi. Sahi, neden deliriyordu bu androidler?

Basit. Onların yapay zekâlarını kodlarken bir şeyler yazıyorlar. Yazılımcılar. Biliyorsun, ben donanımdayım. Bunlar da kendilerini insan sanıyorlar. Tiplerine bak.

Sesini alçalttı.

Arabalarda kaza testi yapılan mankenlere benziyor hepsi. Ağızları burunları bile yok ama şu geldiğimizden beri sakalını düzeltip duruyor mesela. Hayır, hepsi de diğerleri onun sakalı varmış sanıyor, o manyak bir şey.

Arkadaşı bunun delirmeleriyle bağlantısını çözemediğini söyledi. O da normal sesiyle konuşmaya devam etti.

Anlasana, aynayı falan ayırt edemiyor mercekleri. Lönk diye kendilerini görüyorlar. Böyle, olduğu gibi...

Nedenmiş peki? Ne gerek varmış?

Ne bileyim be abicim! Ahiret soruları gibi.

Birasına bakarak dalıp gitti. Sonra masaya abanarak arkadaşına iyice yaklaştı. Bulanık, bir tünelin ucundaki biri gibi, şekli şemalı belirsiz bir adam.

Ben seni nereden tanıyorum ki ulan? Kimsin sen?

Belleği makineden çıkardılar. İki kişiydiler. Soruşturmadan sorumlu memurlar.

─ Baştan mı başlıyoruz, diye sordu belleği elinde tutan ilk memur.

─ Bir kere daha deneyelim ama bu sefer direkt aynayı sorarak başla, diye cevapladı ikinci memur.

─ Bence de. Yeterince düzgün çalışıyor.

Simülasyon yüklenirken, ayakta, biraz arkada duran ve alnını kaşıyan ikinci memur sormaktan kendisini alamadı:

─ Bu androidleri niye böyle bir olay yerine göndermişler ki? Belli tost olacakları. İsraf. Gidip biz baksak aynayı kırıp delilleri mahvetmek zorunda da kalmazlar.

Diğer memur sandalyesinde hafifçe dönecek oldu, o sırada soruyu bilgisayarın hoparlöründen teknisyen cevapladı.

Hangi işimizde bir yamukluk yok ki be abi.

---

Ama bir son değildi. Üstlerindeki tüm illüzyon dağıldığında ve çıplak, cinsiyetsiz, birbirinin aynı bedenleriyle kaldıklarında sıra dünyaya gelmişti.

Yere düştüler. Elleri -bütün bedeni gibi siyah turmalinden, boğumları çelikten- yere değdiği anda, metronun zemini dağıldı.

Yerdeki karolar öncesinde beyazdı ve çok parlaktı. Tepelerindeki floresan, ışığını olduğu gibi yansıtıyor, tek bir lekenin olmadığı ve tek bir tozun uçmadığı istasyonu aydınlatıyorlardı.

Duvarlara duyurular asılmıştı. Örneğin, yarın akşam kültür merkezinde 20.00’da başlayacak bir tekno blues festivalinin cıvıl cıvıl afişi vardı. Onun yanında daha geniş, sarı puntolu harflerle yazılmış, yatay siyah kesiklerle çerçevesi çizilmiş, bir platformdan düşen çöp adamın bulunduğu “Dikkat! Sarı bandı geçmeyin!” uyarısı. Biraz ilerisinde günlük resmi gazete, onun ilerisinde bir aksiyon filminin ve başka bir romantik komedi filminin afişleri, yapılacakların ve yapılmayacakların söylendiği küçük puntolu çeşitli duyurular... Duvar uzayıp giden bir panoydu. On, on beş metrede bir tekrarlanıyordu.

Tüm istasyonun eni yüz metre kadar. Genişliği on metre civarı.

Önlerinde, açık kapısından o mendebur aynanın gözüktüğü vagon duruyordu. Metro, istasyona sığmayacak kadar uzundu. Bir kılıcın keskinliğiyle uzanıyor ama yer yer vagonların ek yerleriyle bölünüyordu.

Hiçbir vagonda pencere olmadığı için metronun içi, içlerindekiler meçhuldü.

Sonrasında karolar zerrelerine ayrılarak yükseldi. Floresanın ışığında her yeri toza boğdular ve ortalığı gri bir sisin altına gömdüler. Çok kısa bir an. Afişleri dalgalandırmadılar. Dalgalandırmaya vakitleri olmadı. Yerlerinden söküp aldılar en fazla. Işık birkaç kere sönüp yanarak direndi. Son kez söndüğünde bir daha geri gelmedi.

Yine de etraf aydınlıktı. Kırmızı, her yere eşit dağılan soluk bir ışıkla.

Yer tamamen tele dönüşmüştü. Altında çapraz hatlarla desteklenmiş demir bir iskelet. Işık birkaç metreden daha fazla aşağıya uzanamıyordu. Sonsuzluğa giden bir uçurum.

Duvarın yerini aynı teller ve demir iskelet almıştı. Arkasında, birbirine vidalarla tutturulmuş demir plakalardan oluşan, üstünden geçen boruların ek yerlerinden bazen ince buharların çıktığı ve bir süre asılı kaldıktan sonra ağır, yağlı bir havayla sürüklendiği bir koridor.

Diğer tarafta paslanmış, pencerelerindeki camlar kırıldığı için demir plakalarla kapatılmış külüstür bir metro. Kapının karşısındaki aynadan her şey olduğu gibi yansıyordu.

---

Bir konteynırın içini andıran bir evde, gerçi gayet de birbirine eklenmiş konteynırlardan oluşan bir şehirde “andıran” demek doğru olmayacağı için düpedüz bir konteynırın içinde, masaya mum görüntüsü vermek için koyulmuş, yarı katı yağ atıklarından şekillendirilmiş kütleleri yakmayı deniyordu. Kafasında hayvan kıllarından yapılmış grili siyahlı bir peruk. Aynı kıllardan kendisine gür bir bıyık da yapmıştı.

Üstünde mavi çöp poşetlerinden yapılmış, kravatlı, şık bir takım.

Masanın ayakları yerine oradan buradan çıkmış parçalar konulmuştu: bir arabanın şaft mili, üst üste konulmuş ve üstünde yazı okunamayan tenekeler, boş kitaplar, boş gazete balyaları... Hiçbir şeye yazı yazılmıyordu, gerek yoktu da zaten çünkü merkez veri bankası onları fark ettirmeden, merceklerden giren veriyi sentezleyerek insanlar için dolduruyordu. Yani, androidler için. Farklı şekilde isimlendirmek bir fark yaratacaksa.

Onların mercekleri için değil. Bağlantıları çok önceden kopmuştu.

─ Hayatım, sofra hazır, diye bağırdı yatak odasındaki karısına.

Sofrada tabak yerine düz, bardak yerine bükülmüş, çatal ve bıçak yerine sivriltilmiş plakalar.

Karısı salonun kapısında durakladı ve ancak kulaklarına kadar uzanan, kocasınınkine benzeyen, cansız, ölü hayvanların kıllarından ibaret peruğunu eliyle düzeltti. Dudağını, daha doğrusu dudağının olması gereken yeri koyu kırmızı bir yağ tabakasıyla renklendirmeyi denemişti. Biraz da yanaklarına sürmüştü.

─ Nasıl olmuş, diye sordu.

Sesi tek düzeydi ama hafif bir neşe olduğunu hissettiğinize yemin edebilirdiniz.

Üzerinde, çöp poşetlerinin içini yazısız gazete kağıtlarıyla doldurarak yaptığı iki parça giysi.

─ Çok güzelsin, diyerek kravatını düzeltti kocası.

─ Sen de öylesin, sevgilim.

Yaklaşıp kocasını öptü. Kocası da onu. Sonra nazikçe elinden tutarak, sandalyesini geriye çekerek oturmasına yardım etti.

Sofrada yemek niyetine hiçbir şey yoktu. Gerek de yoktu zaten.

Konteynırın kapısı gürültüyle tekmelenip içeri iki memur girene kadar birbirlerine öyküler anlattılar. O gün neler yaptıklarını. İşten erken çıkıp yemyeşil çimenlerde gezdiklerini, uçurtma uçurduklarını, kadının nasıl o elbiseyi bulmak için saatlerce gezip yorulduğunu, kocasının kısa süreliğine işe dönüp nasıl başarılı bir hamleyle yaşanan krizi çözdüğünü ve kadının yanına döndükten sonra, alışveriş merkezinde oturdukları yeni dondurmacının dondurmalarının ne kadar lezzetli olduğunu, boğazlarının ağrımasından korktuklarını...

Akşam film izleyebilirlerdi, televizyonda -boş ve mat bir plaka- güzel bir film oynayacaktı.

İki memur. Çıplak bedenleriyle birbirinin aynı. Ellerindeki silahları onlara doğrultmuşlardı. Mum ışığında, tertemiz bir örtünün serili olduğu masada, bardaklarında şaraplarla oturan ve henüz sofranın ortasındaki hindiye dokunmamış çifti gördüklerinde bocaladılar.

Hiç de androidlere bilinçli olarak zarar verebilecek gibi gözükmüyorlardı.

─ Sessiz kalma hakkına sahipsiniz, diye bağırdı içeri giren ikinci memur. Söylediğiniz her şey...

Cümlesini bitiremedi. Yatak odasındaki, masanın üzerinden gördüğü o şey, onunla aynı hareketleri yapan android, yoksa, bir aynadaki yansıması mıydı?

Bütün illüzyon o anda dağılmaya başladı.

Not: Bu öykü ilk olarak 2020 yılında Esrarengiz Hikâyeler'de yayımlanmıştır.

@ 35f3a26c:92ddf231

"Files" by Google new feature

"Files" by Google added a "feature"... "Smart Search", you can toggle it to OFF and it is highly recommended to do so.

• 

Toggle the Smart Search to OFF, otherwise, google will search and index every picture, video and document in your device, no exceptions, anything you have ever photographed and you forgot, any document you have downloaded or article, etc...

How this could affect you?

Google is actively combating child abuse and therefore it has built in its "AI" a very aggressive algorithm searching of material that "IT THINKS" is related, therefore the following content could be flagged:

• [ ] Pictures of you and your children in the beach
• [ ] Pictures or videos which are innocent in nature but the "AI" "thinks" are not
• [ ] Articles you may have save for research to write your next essay that have links to flagged information or sites

The results:

• [ ] Your google account will be canceled
• [ ] You will be flagged as a criminal across the digital world

You think this is non sense? Think again: https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html

How to switch it off:

1. Open files by Google
2. Tap on Menu -> Settings
3. Turn OFF Smart Search

But you can do more for your privacy and the security of your family

1. Stop using google apps, if possible get rid off of Google OS and use Graphene OS
2. Go to Settings -> Apps
3. Search for Files by Google
4. Unistall the app, if you can't disable it
5. Keep doing that with most Google apps that are not a must if you have not switched already to GrapheneOS

Remember, Google keeps advocating for privacy, but as many others have pointed out repeatedly, they are the first ones lobbying for the removal of your privacy by regulation and draconian laws, their hypocrisy knows no limits

Recommendation:

I would assume you have installed F-Droid in your android, or Obtainium if you are more advanced, if so, consider "Simple File Manager Pro" by Tibor Kaputa, this dev has a suite of apps that are basic needs and the best feature in my opinion is that not one of his apps connect to the internet, contacts, gallery, files, phone, etc.

• 

Note As most people, we all love the convenience of technology, it makes our lives easier, however, our safety and our family safety should go first, between technology being miss-used and abused by corporations and cyber-criminals data mining and checking for easy targets to attack for profit, we need to keep our guard up. Learning is key, resist the use of new tech if you do not understand the privacy trade offs, no matter how appealing and convenient it looks like. .

Please leave your comments with your favorite FOSS Files app!

@ fd208ee8:0fd927c1

Unsucking the feed is real

As a Nostrich with an interesting, thought-provoking, and informative feed... a feed so good, that we're creating clients just to look at that feed... a feed that puts a lie to the idea that Nostr is nothing, but people reposting from Twitter or rehashing worn-out Bitcoin memes... a feed that I personally and increasingly enjoy perusing... I am here to tell you that the feed is real.

It's taken me over a year, to produce this feed. I literally spent hours and hours, day in and day out, scouring the Nostrverse for people worth introducing other people to. It was brutally difficult, as I was fighting the inherent nature of the Nostr clients and relays, in their current, most-popular form.

It goes like so...

Here are the steps I took, that sometimes weren't possible to take, until I tried to take them, and that still will sometimes break your client because the clients are often intentionally designed to steer you into having one particular feed:

1) Make a screenshot of your current relay list and copy your follows list. 2) Unsubscribe from all the relays, that you are currently subscribed to. Your feed should disappear. If it doesn't, or it doesn't allow for this, switch to a different client app because yours is corrupted. 3) Unfollow everyone. Delete the whole list. You are taking your follows private, which will invariably result in only following npubs whose stuff you actually want to see, since there's no longer any virtue-signaling going on. Also, it's easier to explain having no list, than a very short one. If your client doesn't allow for this, or starts throwing error messages and freezing up, then switch to a different client app because yours is corrupted. 4) Curate your copied follows list. Go line by line and look at the feed produced by the npub on that list. * Do you want to see that in your feed, going forward? * Do they produce original content and/or are they interesting conversationalists, in the replies? * Have they been active, within the past three months? * Are they simply good friends or real-life acquaintances, that you want to keep tabs on? * If not, cross out their name. * If you have been following someone because they repost or quote interesting things, look at who they've been reposting and follow them, instead. 5) Of the npubs remaining on your list, go through and select the 10 most interesting ones, and look at the reposts and quotes in their feed, and their topical lists like \"Favorites\", \"Devs\", \"Recipes\", etc. (Not their follows list, unless it's quite short, as follows tend to be full of people they follow for social-signaling or client-functional reasons, that they don't actively look at.) Find some new follows, there. 6) Now, set up a personal relay and add all the follows, that made the cut, to your allowed-npubs list. Do not add people to the list, just to make them feel better, or because you feel guilty, as they follow you, or to keep them from yelling at you. Remember, they can't see the list! 7) Think about the topics you find interesting, and add an allowed-keywords list (this is better than hashtags, as it searches the entire content of the notes), with the OR operator (these allowed npubs OR these allowed topics). 8) Make sure that you choose words likely to find the content you are most-interested in, and not people just ranting about it or spamming (those are great additions to your relay's block-list). If you are Muslim, for instance, instead of "Islam" or "shariah", choose "hadith" or "riba", as those are words more-likely to be used by people who know what they are talking about. If you are into bread baking, add "sourdough", "rye", "yeast", or "whisk", but don't add "bread" or "carbs". Once a note from those people shows up in your feed, and their feed looks like someone interesting, you can add their npub to your allow list. Remember: The topics are there to find people to add to the allow list, not merely for their own sake, as this is not a topical relay, but a personal one. 9) Open up a faucet (or relay syncing) with some of the big relays you previously unsubscribed from, some WoT relays, and some of the paid relays (nostr.land, nostr.wine, nostr21.com, and sovbit.host, for example). Your relay will filter that feed and only accept the events from the people and topics on your list. As your relay becomes more popular, npubs will begin writing directly to it, and the connections to other relays will sink in significance. 10) Go to your client of choice and subscribe to your new relay. Also subscribe to some topical relays, or curated neighborhood relays, you find interesting or your frens are running. This is an easy way to find new, interesting npubs, to add to your own relay.

That's a lot of work, you say? Yes, but the result is great, and you are now fully in-charge of your own feed. You also -- here's the cool part -- have a feed good enough, that other people can add your feed to theirs and enjoy your manual curation. As you refine and expand your feed, theirs will also be refined, in parallel. You are now an official Nostr Community Curator. My sincere congratulations.

Why is this so hard?

This is only a lot of work because the clients aren't designed to interact with relays, to this extent, as they were created to service mega-relays, download all their crap to your local cache, and adjust the feed over the follows/mutes lists. This was an idea borne of the axiom that Relays Are Hard, so there will only ever be a handful of them, where we'd all clump together and the relay operators would never judge the quality of someone's content. Then, some unusually clever people made relays increasingly easy, and the mailbox communication model was invented, and here we are.

What we have now, and that is slowly growing in popularity, among the #NostrIntelligentsia, are Nostr clients aimed at curating and viewing individual relays or personalized sets of smaller or more-specialized relays. The reigning client devs refused to give us those clients, and most of us aren't up to developing our own clients, so the relay devs took matters into their own hands and made the clients themselves. The free market remains undefeated.

This is a total game-changer. Last one to board this train is a rotten egg.

Originally, relays were supposed to be completely stupid and clients were supposed to be completely smart, but it's now actually the other way around, because most relay devs have a market-born incentive to make their content highly customizable and appealing to individuals (so that more people run relays).

But what about algos?

Can't you just slap an algo on top of Damus, Lol, or Primal relays, and get the same result? I would argue... no. No, you can't. Or, rather, only in the short to medium term.

Running your own relay, is running your own server. You are now intellectually independent, at a machine-level, and therefore a fully sovereign consumer. If you then use algos to control your own server, or in a client that subscribes to your own server, then you can further-refine a feed that is already in a high-to-you-signal state, rather than risking an algo inching you toward the Consensus Feed.

I have noticed that my own feed is slowly drifting away from the ReplyGuy-Cryptobot-Porny-Bitcoin-Meme Dumpster Fire, that almost everyone else is looking at, and it's due to running my own relay. If I use DVMs, those algos sometimes refer to relays I intentionally avoid, so they return results according to those relays. The results are as underwhelming, as you would expect, and often are simply 31 flavors of the Trending List.

But, that isn't your problem, anymore. From here, you can actively expand and refine your feed, over your whitelist, the topics, and your personally-managed algos.

Happy Nostr-ing!

@ 3f770d65:7a745b24

Amber

Amber is a Nostr event signer for Android that allows users to securely segregate their private key (nsec) within a single, dedicated application. Designed to function as a NIP-46 signing device, Amber ensures your smartphone can sign events without needing external servers or additional hardware, keeping your private key exposure to an absolute minimum. This approach aligns with the security rationale of NIP-46, which states that each additional system handling private keys increases potential vulnerability. With Amber, no longer do users need to enter their private key into various Nostr applications.

Amber is supported by a growing list of apps, including Amethyst, 0xChat, Voyage, Fountain, and Pokey, as well as any web application that supports NIP-46 NSEC bunkers, such as Nostr Nests, Coracle, Nostrudel, and more. With expanding support, Amber provides an easy solution for secure Nostr key management across numerous platforms.

Amber supports both native and web-based Nostr applications, aiming to eliminate the need for browser extensions or web servers. Key features include offline signing, multiple account support, and NIP-46 compatibility, and includes a simple UI for granular permissions management. Amber is designed to support signing events in the background, enhancing flexibility when you select the "remember my choice" option, eliminating the need to constantly be signing events for applications that you trust. You can download the app from it's GitHub page, via Obtainium or Zap.store.

To log in with Amber, simply tap the "Login with Amber" button or icon in a supported application, or you can paste the NSEC bunker connection string directly into the login box. For example, use a connection string like this: bunker://npub1tj2dmc4udvgafxxxxxxxrtgne8j8l6rgrnaykzc8sys9mzfcz@relay.nsecbunker.com.

---

Citrine

Citrine is a Nostr relay built specifically for Android, allowing Nostr clients on Android devices to seamlessly send and receive events through a relay running directly on their smartphone. This mobile relay setup offers Nostr users enhanced flexibility, enabling them to manage, share, and back up all their Nostr data locally on their device. Citrine’s design supports independence and data security by keeping data accessible and under user control.

With features tailored to give users greater command over their data, Citrine allows easy export and import of the database, restoration of contact lists in case of client malfunctions, and detailed relay management options like port configuration, custom icons, user management, and on-demand relay start/stop. Users can even activate TOR access, letting others connect securely to their Nostr relay directly on their phone. Future updates will include automatic broadcasting when the device reconnects to the internet, along with content resolver support to expand its functionality.

Once you have your Citrine relay fully configured, simply add it to the Private and Local relay sections in Amethyst's relay configuration.

---

Pokey

Pokey for Android is a brand new, real-time notification tool for Nostr. Pokey allows users to receive live updates for their Nostr events and enabling other apps to access and interact with them. Designed for seamless integration within a user's Nostr relays, Pokey lets users stay informed of activity as it happens, with speed and the flexibility to manage which events trigger notifications on their mobile device.

Pokey currently supports connections with Amber, offering granular notification settings so users can tailor alerts to their preferences. Planned features include broadcasting events to other apps, authenticating to relays, built-in Tor support, multi-account handling, and InBox relay management. These upcoming additions aim to make Pokey a fantastic tool for Nostr notifications across the ecosystem.

---

Zap.store

Zap.store is a permissionless app store powered by Nostr and your trusted social graph. Built to offer a decentralized approach to app recommendations, zap.store enables you to check if friends like Alice follow, endorse, or verify an app’s SHA256 hash. This trust-based, social proof model brings app discovery closer to real-world recommendations from friends and family, bypassing centralized app curation. Unlike conventional app stores and other third party app store solutions like Obtainium, zap.store empowers users to see which apps their contacts actively interact with, providing a higher level of confidence and transparency.

Currently available on Android, zap.store aims to expand to desktop, PWAs, and other platforms soon. You can get started by installing Zap.store on your favorite Android device, and install all of the applications mentioned above.

---

Android's openness goes hand in hand with Nostr's openness. Enjoy exploring both expanding ecosystems.

@ a95c6243:d345522c

Ein Lämmchen löschte an einem Bache seinen Durst. Fern von ihm, aber näher der Quelle, tat ein Wolf das gleiche. Kaum erblickte er das Lämmchen, so schrie er:

"Warum trübst du mir das Wasser, das ich trinken will?"

"Wie wäre das möglich", erwiderte schüchtern das Lämmchen, "ich stehe hier unten und du so weit oben; das Wasser fließt ja von dir zu mir; glaube mir, es kam mir nie in den Sinn, dir etwas Böses zu tun!"

"Ei, sieh doch! Du machst es gerade, wie dein Vater vor sechs Monaten; ich erinnere mich noch sehr wohl, daß auch du dabei warst, aber glücklich entkamst, als ich ihm für sein Schmähen das Fell abzog!"

"Ach, Herr!" flehte das zitternde Lämmchen, "ich bin ja erst vier Wochen alt und kannte meinen Vater gar nicht, so lange ist er schon tot; wie soll ich denn für ihn büßen."

"Du Unverschämter!" so endigt der Wolf mit erheuchelter Wut, indem er die Zähne fletschte. "Tot oder nicht tot, weiß ich doch, daß euer ganzes Geschlecht mich hasset, und dafür muß ich mich rächen."

Ohne weitere Umstände zu machen, zerriß er das Lämmchen und verschlang es.

Das Gewissen regt sich selbst bei dem größten Bösewichte; er sucht doch nach Vorwand, um dasselbe damit bei Begehung seiner Schlechtigkeiten zu beschwichtigen.

Quelle: https://eden.one/fabeln-aesop-das-lamm-und-der-wolf

@ 8fb140b4:f948000c

Embarking on the journey of operating your own Lightning node on the Bitcoin Layer 2 network is more than just a tech-savvy endeavor; it's a step into a realm of financial autonomy and cutting-edge innovation. By running a node, you become a vital part of a revolutionary movement that's reshaping how we think about money and digital transactions. This role not only offers a unique perspective on blockchain technology but also places you at the heart of a community dedicated to decentralization and network resilience. Beyond the technicalities, it's about embracing a new era of digital finance, where you contribute directly to the network's security, efficiency, and growth, all while gaining personal satisfaction and potentially lucrative rewards.

In essence, running your own Lightning node is a powerful way to engage with the forefront of blockchain technology, assert financial independence, and contribute to a more decentralized and efficient Bitcoin network. It's an adventure that offers both personal and communal benefits, from gaining in-depth tech knowledge to earning a place in the evolving landscape of cryptocurrency.

Running your own Lightning node for the Bitcoin Layer 2 network can be an empowering and beneficial endeavor. Here are 10 reasons why you might consider taking on this task:

1. Direct Contribution to Decentralization: Operating a node is a direct action towards decentralizing the Bitcoin network, crucial for its security and resistance to control or censorship by any single entity.

2. Financial Autonomy: Owning a node gives you complete control over your financial transactions on the network, free from reliance on third-party services, which can be subject to fees, restrictions, or outages.

3. Advanced Network Participation: As a node operator, you're not just a passive participant but an active player in shaping the network, influencing its efficiency and scalability through direct involvement.

4. Potential for Higher Revenue: With strategic management and optimal channel funding, your node can become a preferred route for transactions, potentially increasing the routing fees you can earn.

5. Cutting-Edge Technological Engagement: Running a node puts you at the forefront of blockchain and bitcoin technology, offering insights into future developments and innovations.

6. Strengthened Network Security: Each new node adds to the robustness of the Bitcoin network, making it more resilient against attacks and failures, thus contributing to the overall security of the ecosystem.

7. Personalized Fee Structures: You have the flexibility to set your own fee policies, which can balance earning potential with the service you provide to the network.

8. Empowerment Through Knowledge: The process of setting up and managing a node provides deep learning opportunities, empowering you with knowledge that can be applied in various areas of blockchain and fintech.

9. Boosting Transaction Capacity: By running a node, you help to increase the overall capacity of the Lightning Network, enabling more transactions to be processed quickly and at lower costs.

10. Community Leadership and Reputation: As an active node operator, you gain recognition within the Bitcoin community, which can lead to collaborative opportunities and a position of thought leadership in the space.

These reasons demonstrate the impactful and transformative nature of running a Lightning node, appealing to those who are deeply invested in the principles of bitcoin and wish to actively shape its future. Jump aboard, and embrace the journey toward full independence. 🐶🐾🫡🚀🚀🚀

@ 8fb140b4:f948000c

Chef's notes

Serving these two dishes together will create a delightful centerpiece for your Thanksgiving meal, offering a perfect blend of traditional flavors with a homemade touch.

Details

• ⏲️ Prep time: 30 min
• 🍳 Cook time: 1 - 2 hours
• 🍽️ Servings: 4-6

Ingredients

• 1 whole turkey (about 12-14 lbs), thawed and ready to cook
• 1 cup unsalted butter, softened
• 2 tablespoons fresh thyme, chopped
• 2 tablespoons fresh rosemary, chopped
• 2 tablespoons fresh sage, chopped
• Salt and freshly ground black pepper
• 1 onion, quartered
• 1 lemon, halved
• 2-3 cloves of garlic
• Apple and Sage Stuffing
• 1 loaf of crusty bread, cut into cubes
• 2 apples, cored and chopped
• 1 onion, diced
• 2 stalks celery, diced
• 3 cloves garlic, minced
• 1/4 cup fresh sage, chopped
• 1/2 cup unsalted butter
• 2 cups chicken broth
• Salt and pepper, to taste

Directions

1. Preheat the Oven: Set your oven to 325°F (165°C).
2. Prepare the Herb Butter: Mix the softened butter with the chopped thyme, rosemary, and sage. Season with salt and pepper.
3. Prepare the Turkey: Remove any giblets from the turkey and pat it dry. Loosen the skin and spread a generous amount of herb butter under and over the skin.
4. Add Aromatics: Inside the turkey cavity, place the quartered onion, lemon halves, and garlic cloves.
5. Roast: Place the turkey in a roasting pan. Tent with aluminum foil and roast. A general guideline is about 15 minutes per pound, or until the internal temperature reaches 165°F (74°C) at the thickest part of the thigh.
6. Rest and Serve: Let the turkey rest for at least 20 minutes before carving.
7. Next: Apple and Sage Stuffing
8. Dry the Bread: Spread the bread cubes on a baking sheet and let them dry overnight, or toast them in the oven.
9. Cook the Vegetables: In a large skillet, melt the butter and cook the onion, celery, and garlic until soft.
10. Combine Ingredients: Add the apples, sage, and bread cubes to the skillet. Stir in the chicken broth until the mixture is moist. Season with salt and pepper.
11. Bake: Transfer the stuffing to a baking dish and bake at 350°F (175°C) for about 30-40 minutes, until golden brown on top.

@ 35f3a26c:92ddf231

What is Peer Thinking?

The cognitive and emotional processes that occur when individuals are influenced by their peers.

The psychology behind it:

The psychology behind peer influence encompasses various factors, including: 1. Social belonging and acceptance, 2. Identity formation, 3. The dynamics of group behavior

Is it being used to control us?

https://image.nostr.build/cf90335bbf59e3395dc4324d123cd3a058ca716cf6172f079eb1d78547008147.jpg

IMO, yes, at the core of it is the basic human need for belonging. Social belonging is a critical component since it is craved by most, specially but not only by the youngest, those with power across the world know this very well, therefore, thinking that they will not use it to control the population in order to profit from it or change public opinion would be irrational.

The media is used to brain wash the population creating something that most will consider "the norm", thus, the majority will try to conform to that norm in order to belong. That include manipulating the population to take an experimental drug (even if it could be very dangerous due to its unknown effects) or to accept as a norm a behavior that few years back would have been considered inappropriate.

Cognitive Dissonance

https://image.nostr.build/60f24a810be1dd6badb36d70c5a691d4361207590dea1a8e64e09a75a252cfbf.jpg

This is a term that we should get familiar with. It is a psychological state where conflicting beliefs or behaviors create discomfort.

Example: A kid in high school that has a good loving family but all his close friends are on drugs (legal ones) and they keep telling him he is an idiot for not using as well. Now his is that state of conflict believes, on one side his best friends, all tell him is okay, on the other hand his family that loves him has explained him at length the dangers and issues that the drugs will have in his life. To resolve the dissonance he has three options, one, join the group and start taking drugs with the rest, two try to rationalize it, considering to take drugs just occasionally to belong but not to make it a habit, three lose his friends (and here it comes again the peer thinking to bite). Extrapolate to many other cases.

As an anecdote Recently, on a friend's reunion, one of the guest was complaining about one of his daughters, she was quite confused asking him why so many of her classmates were bisexual, she was wondering if something was wrong with her since she was not; a 13 year old girl; the father was having a hard time explaining her that the majority are saying so just to feel as part of what the school was teaching to be the norm, it was not cool to be straight, the tally was 37% of the class. Consider that, statistically, the number of people, “worldwide” identifying as bisexual are between 3% and 5% (less than 1% in less accepting countries), that number used to be less than 2% less than a decade ago. But 37% is far from the statistical norm, indicating a peer thinking behavior but not the reality of their sexual preferences. Once again, extrapolate to any ideology, religion, gender identity, political agenda that a country desires to push forward for whatever reason, adding that to the official school program and to federal mandatory training programs would do the trick.

A powerful tool, that can be used for good or bad.

What are the strategies to counter negative peer thinking?

https://image.nostr.build/4b70949b8af76ed53a5be5507f41f1d1c960dc3592f199eab78e2d25688975c5.jpg

Reading the literature about the subject, few strategies are recommended:

1. Self-Awareness: teaching ourselves and our children to recognize when we are being influenced by peers

2. Being selective with your friends: peers with similar values will reinforce positive behaviors

3. Learning to be assertive: teaching ourselves and our children to communicate assertively our boundaries will empower us and them to resist unwanted pressure to adopt negative behaviors.

4. Less judging more talking: this applies to our children and partners, judging less and listening more will make our beloved ones more open to discuss social pressures.

What do you think? What strategies you use as counter measures?

@ bec0c9d3:c4e9cd29

The Bitcoin Culture Festival is just around the corner, and we're excited to present our artists with physical artworks at the Cyphermunk House. In addition, we will be showcasing these pieces on our 2140 Auction Portal.

The "Culture of Code" gallery will be held at:

CypherMunk House 9 John Street Bloomsbury, London, UK WC1N 2ES

Before the festival, you can read our latest article about this one-of-a-kind house here on Yakihonne.

Online auctions will be available on 2140.wtf starting from October 29th to November 2nd 2024.

During the Bitcoin Culture Festival ART Gallery, you will have the opportunity to see the works of many talented Bitcoin artists. The sale will take place through our auction.

ART Gallery opening hours:

October 29 - Private viewing: 6:30 pm - 8:30 pm October 30 - November 2 - 10:00 am - 5:00 pm November 1 and 2 - 5:00 pm - 10:00 pm during NostrLDN and ART Panels

Entry to the gallery is FREE

This event is only possible due to the passion and dedication of our crew, partners , and sponsors . All made by People for the People. Cypherpunk vibe, pure from the bottom. We look forward to seeing you there!

Follow us also on all socials NOSTREE.me - NOSTR LinkTree INSTAGRAM TWETTER - X YOUTUBE

LINKS

BitcoinCulturefestival.com

CypherMunkHouse

www.2140.wtf

OUR PARNERS / SPONSORS

ANGOR

BITCOIN EVENTS HQ

YAKIHONNE

STAY TUNED !!

2140 Crew

Hashtags:

ArtGallery

ArtPanel

2140wtf

2140army

CyhermunkHouse

art

artstr

nostrart

craft

culture

music

bitcoin

nostr

TootingMarket

NostrLDN

NostrLondon

yakihonne

@ 8fb140b4:f948000c

Testing a brand new YakiHonne native client for iOS. Smooth as butter (not penis butter 🤣🍆🧈) with great visual experience and intuitive navigation. Amazing work by the team behind it! * lists * work

Bold text work!

Images could have used nostr.build instead of raw S3 from us-east-1 region.

Very impressive! You can even save the draft and continue later, before posting the long-form note!

🐶🐾🤯🤯🤯🫂💜

@ 4ba8e86d:89d32de4

Tutorial feito por Grom mestre⚡poste original abaixo:

http://xh6liiypqffzwnu5734ucwps37tn2g6npthvugz3gdoqpikujju525yd.onion/240277/tutorial-criando-e-acessando-sua-conta-de-email-pela-i2p?show=240277#q240277

Bom dia/tarde/noite a todos os camaradas. Seguindo a nossa série de tutoriais referentes a tecnologias essenciais para a segurança e o anonimato dos usuários, sendo as primeiras a openPGP e a I2P, lhes apresento mais uma opção para expandir os seus conhecimentos da DW. Muitos devem conhecer os serviços de mail na onion como DNMX e mail2tor, mas e que tal um serviço de email pela I2P. Nesse tutorial eu vou mostrar a vocês como criar a sua primeira conta no hq.postman.i2p e a acessar essa conta.

É importante que vocês tenham lido a minha primeira série de tutoriais a respeito de como instalar, configurar e navegar pela I2P nostr:nevent1qqsyjcz2w0e6d6dcdeprhuuarw4aqkw730y542dzlwxwssneq3mwpaspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygzt4r5x6tvh39kujvmu8egqdyvf84e3w4e0mq0ckswamfwcn5eduspsgqqqqqqsyp5vcq Esse tutorial é um pré-requisito para o seguinte e portanto recomendo que leia-os antes de prosseguir com o seguinte tutorial. O tutorial de Kleopatra nostr:nevent1qqs8h7vsn5j6qh35949sa60dms4fneussmv9jd76n24lsmtz24k0xlqzyp9636rd9ktcjmwfxd7ru5qxjxyn6uch2uhas8utg8wa5hvf6vk7gqcyqqqqqqgecq8f7 é complementar dado que é extremamente recomendado assinar e criptografar as mensagens que seguem por emails pela DW. Sem mais delongas, vamos ao tutorial de fato.

1. Criando uma conta de email no hq.postman

Relembrando: Esse tutorial considera que você já tenha acesso à I2P. Entre no seu navegador e acesse o endereço hq.postman.i2p. O roteador provavelmente já contém esse endereço no seu addressbook e não haverá a necessidade de inserir o endereço b32 completo. Após entrar no site vá para a página '1 - Creating a mailbox' https://image.nostr.build/d850379fe315d2abab71430949b06d3fa49366d91df4c9b00a4a8367d53fcca3.jpg

Nessa página, insira as credenciais de sua preferências nos campos do formulário abaixo. Lembre-se que o seu endereço de email aceita apenas letras e números. Clique em 'Proceed' depois que preencher todos os campos. https://image.nostr.build/670dfda7264db393e48391f217e60a2eb87d85c2729360c8ef6fe0cf52508ab4.jpg

Uma página vai aparecer pedindo para confirmar as credenciais da sua nova conta. Se tudo estiver certo apenas clique em 'Confirm and Create Mailbox'. Se tudo ocorrer como conforme haverá uma confirmação de que a sua nova conta foi criada com sucesso. Após isso aguarde por volta de 5 minutos antes de tentar acessá-la, para que haja tempo suficiente para o servidor atualizar o banco de dados. https://image.nostr.build/ec58fb826bffa60791fedfd9c89a25d592ac3d11645b270c936c60a7c59c067f.jpg https://image.nostr.build/a2b7710d1e3cbb36431acb9055fd62937986b4da4b1a1bbb06d3f3cb1f544fd3.jpg

Pronto! Sua nova conta de email na I2P foi criada. Agora vamos para a próxima etapa: como acessar a sua conta via um cliente de email.

2. Configurando os túneis cliente de SMTP e POP3

O hq.postman não possui um cliente web que nos permite acessar a nossa conta pelo navegador. Para isso precisamos usar um cliente como Thunderbird e configurar os túneis cliente no I2Pd que serão necessários para o Thunderbird se comunicar com o servidor pela I2P.

Caso não tenha instalado o Thunderbird ainda, faça-o agora antes de prosseguir.

Vamos configurar os túneis cliente do servidor de email no nosso roteador. Para isso abra um terminal ou o seu gestor de arquivos e vá para a pasta de configuração de túneis do I2P. Em Linux esse diretório se localiza em /etc/i2pd/tunnels.d. Em Windows, essa pasta se localiza em C:\users\user\APPDATA\i2pd. Na pasta tunnels.d crie dois arquivos: smtp.postman.conf e pop-postman.conf. Lembre-se que em Linux você precisa de permissões de root para escrever na pasta de configuração. Use o comando sudoedit para isso.

Edite-os conforme as imagens a seguir:

Arquivo pop-postman.conf https://image.nostr.build/7e03505c8bc3b632ca5db1f8eaefc6cecb4743cd2096d211dd90bbdc16fe2593.jpg

Arquivo smtp-postman.conf https://image.nostr.build/2d06c021841dedd6000c9fc2a641ed519b3be3c6125000b188842cd0a5af3d16.jpg

Salve os arquivos e reinicie o serviço do I2Pd. Em Linux isso é feito pelo comando: sudo systemctl restart i2pd Entre no Webconsole do I2Pd pelo navegador (localhost:7070) e na seção I2P Tunnels, verifique se os túneis pop-postman e smtp-postman foram criados, caso contrário verifique se há algum erro nos arquivos e reinicie o serviço.

Com os túneis cliente criados, vamos agora configurar o Thunderbird

3. Configurando o Thunderbird para acessar a nossa conta

Abra o Thunderbird e clique em criar uma nova conta de email. Se você não tiver nenhum conta previamente presente nele você vai ser diretamente recebido pela janela de criação de conta a seguir. https://image.nostr.build/e9509d7bd30623716ef9adcad76c1d465f5bc3d5840e0c35fe4faa85740f41b4.jpg https://image.nostr.build/688b59b8352a17389902ec1e99d7484e310d7d287491b34f562b8cdd9dbe8a99.jpg

Coloque as suas credenciais, mas não clique ainda em Continuar. Clique antes em Configure Manually, já que precisamos configurar manualmente os servidores de SMTP e POP3 para, respectivamente, enviar e receber mensagens.

Preencha os campos como na imagem a seguir. Detalhe: Não coloque o seu endereço completo com o @mail.i2p, apenas o nome da sua conta. https://image.nostr.build/4610b0315c0a3b741965d3d7c1e4aff6425a167297e323ba8490f4325f40cdcc.jpg

Clique em Re-test para verificar a integridade da conexão. Se tudo estiver certo uma mensagem irá aparecer avisando que as configurações do servidores estão corretas. Clique em Done assim que estiver pronto para prosseguir. https://image.nostr.build/8a47bb292f94b0d9d474d4d4a134f8d73afb84ecf1d4c0a7eb6366d46bf3973a.jpg

A seguinte mensagem vai aparecer alertando que não estamos usando criptografia no envio das credenciais. Não há problema nenhum aqui, pois a I2P está garantindo toda a proteção e anonimato dos nossos dados, o que dispensa a necessidade de uso de TLS ou qualquer tecnologia similar nas camadas acima. Marque a opção 'I Understand the risks' e clique em 'Continue' https://image.nostr.build/9c1bf585248773297d2cb1d9705c1be3bd815e2be85d4342227f1db2f13a9cc6.jpg

E por fim, se tudo ocorreu como devido sua conta será criada com sucesso e você agora será capaz de enviar e receber emails pela I2P usando essa conta. https://image.nostr.build/8ba7f2c160453c9bfa172fa9a30b642a7ee9ae3eeb9b78b4dc24ce25aa2c7ecc.jpg

4. Observações e considerações finais

Como informado pelo próprio site do hq.postman, o domínio @mail.i2p serve apenas para emails enviados dentro da I2P. Emails enviados pela surface devem usar o domínio @i2pmai.org. É imprescindível que você saiba usar o PGP para assinar e criptografar as suas mensagens, dado que provavelmente as mensagens não são armazenadas de forma criptografada enquanto elas estão armazenadas no servidor. Como o protocolo POP3 delete as mensagens no imediato momento em que você as recebe, não há necessidade de fazer qualquer limpeza na sua conta de forma manual.

Por fim, espero que esse tutorial tenha sido útil para vocês. Que seu conhecimento tenha expandido ainda mais com as informações trazidas aqui. Até a próxima.

@ fa0165a0:03397073

I just tested building a browser plugin, it was easier than I thought. Here I'll walk you through the steps of creating a minimal working example of a browser plugin, a.k.a. the "Hello World" of browser plugins.

First of all there are two main browser platforms out there, Chromium and Mozilla. They do some things a little differently, but similar enough that we can build a plugin that works on both. This plugin will work in both, I'll describe the firefox version, but the chromium version is very similar.

What is a browser plugin?

Simply put, a browser plugin is a program that runs in the browser. It can do things like modify the content of a webpage, or add new functionality to the browser. It's a way to extend the browser with custom functionality. Common examples are ad blockers, password managers, and video downloaders.

In technical terms, they are plugins that can insert html-css-js into your browser experience.

How to build a browser plugin

Step 0: Basics

You'll need a computer, a text editor and a browser. For testing and development I personally think that the firefox developer edition is the easiest to work with. But any Chrome based browser will also do.

Create a working directory on your computer, name it anything you like. I'll call mine hello-world-browser-plugin. Open the directory and create a file called manifest.json. This is the most important file of your plugin, and it must be named exactly right.

Step 1: manifest.json

After creation open your file manifest.json in your text editor and paste the following code:

json { "manifest_version": 3, "name": "Hello World", "version": "1.0", "description": "A simple 'Hello World' browser extension", "content_scripts": [ { "matches": ["<all_urls>"], "js": ["hello.js"] //The name of your script file. // "css": ["hello.css"] //The name of your css file. } ] }

If you wonder what the json file format is, it's a normal text file with a special syntax such that a computer can easily read it. It's the json syntax you see in the code above. Let's go through what's being said here. (If you are not interested, just skip to the next step after pasting this we are done here.)

• manifest_version: This is the version of the manifest file format. It's currently at version 3, and it's the latest version. It's important that you set this to 3, otherwise your plugin won't work.
• name: This is the name of your plugin. It can be anything you like.
• version: This is the version of your plugin. It can be anything you like.
• description: This is the description of your plugin. It can be anything you like.
• content_scripts: This is where you define what your plugin does. It's a list of scripts that will be executed when the browser loads a webpage. In this case we have one script, called hello.js. It's the script that we'll create in the next step.
• matches: This is a list of urls that the script will be executed on. In this case we have <all_urls>, which means that the script will be executed on all urls. You can also specify a specific url, like https://brave.com/*, which means that the script will only be executed on urls that start with https://brave.com/.
• js: This is a list of javascript files that will be executed. In this case we have one file, called hello.js. It's the script that we'll create in the next step.
• css: This is where you can add a list of css files that will be executed. In this case we have none, but you can add css files here if you want to.
• //: Text following these two characters are comments. They are ignored by the computer, You can add comments anywhere you like, and they are a good way to document your code.

Step 2: hello.js

Now it's time to create another file in your project folder. This time we'll call it hello.js. When created, open it in your text editor and paste the following code:

js console.log("Hello World!"); That's javascript code, and it's what will be executed when you run your plugin. It's a simple console.log statement, which will print the text "Hello World!" to the console. The console is a place where the browser prints out messages, and it's a good place to start when debugging your plugin.

Step 3: Load and launch your plugin

Firefox

Now it's time to load your plugin into your browser. Open your browser and go to the url about:debugging#/runtime/this-firefox. You should see a page that looks something like this:

Click the button that says "Load Temporary Add-on...". A file dialog will open, navigate to your project folder and select the file manifest.json. Your plugin should now be loaded and running.

Go to a website, any website, and open the inspector then navigate to the console. You'll find the inspector by right-clicking anywhere within the webpage, and click "Inspector" in the drop-down menu. When opening the console you might see some log messages from the site you visited and... you should see the text "Hello World!" printed there, from our little plugin! Congratulations!

Chrome

Open your browser and go to the url chrome://extensions/. Click the button that says "Load unpacked". A file dialog will open, navigate to your project folder and select the folder hello-world-browser-plugin. Your plugin should now be loaded and running.

Note the difference, of selecting the file manifest.json in firefox, and selecting the folder hello-world-browser-plugin in chrome. Otherwise, the process is the same. So I'll repeat the same text as above: (for those who skipped ahead..)

Go to a website, any website, and open the inspector then navigate to the console. You'll find the inspector by right-clicking anywhere within the webpage, and click "Inspector" in the drop-down menu. When opening the console you might see some log messages from the site you visited and... you should see the text "Hello World!" printed there, from our little plugin! Congratulations!

---

As you can see this isn't as complicated as one might think. Having preformed a "Hello-World!"-project is a very useful and valuable first step. These setup steps are the basics for any browser plugin, and you can build on this to create more advanced plugins.

@ 8fb140b4:f948000c

As the title states, scratch behind my ear and you get it. 🐶🐾🫡

@ 4ba8e86d:89d32de4

O aplicativo permite que os usuários se comuniquem com outras pessoas sem ter que fornecer identificadores de usuário, como números de telefone ou endereços de e-mail. é 100% privado e seguro, Por design, garantindo que suas mensagens nunca sejam rastreadas ou armazenadas. O SimpleXChat possui recursos como bate-papo em grupo, envio de arquivos e uma interface amigável para dispositivos móveis, desktop, CLI. O SimpleXChat é um dos aplicativos construídos sobre a plataforma SimpleX, que também serve como um exemplo e aplicativo de referência. O SimpleX Messaging Protocol (SMP) é um protocolo que permite enviar mensagens em uma direção para um destinatário, usando um servidor intermediário. As mensagens são entregues por meio de filas unidirecionais criadas pelos destinatários.

O SMP é executado em um protocolo de transporte (TLS), que fornece integridade, autenticação do servidor, confidencialidade e vinculação do canal de transporte. A Rede SimpleX é o coletivo de servidores SimpleX que facilitam o SMP. As bibliotecas SimpleX Client falam SMP para SimpleX Servers e fornecem uma API de baixo nível, geralmente não destinada a ser usada por aplicativos.

O aplicativo permite que os usuários se comuniquem com outras pessoas sem ter que fornecer identificadores de usuário, como números de telefone ou endereços de e-mail. O SimpleXChat possui recursos como bate-papo em grupo, envio de arquivos e uma interface amigável para dispositivos móveis.

O SimpleX tem como objetivo fornecer uma infraestrutura de mensagens distribuídas que seja segura, privada, confiável, com entrega assíncrona e baixa latência. Ele visa oferecer melhor privacidade de metadados e segurança contra invasores de rede ativos e servidores mal-intencionados em comparação com soluções alternativas de mensagens instantâneas, ao mesmo tempo em que prioriza a experiência do usuário, especialmente em dispositivos móveis.

Por que o SimpleX é único

1. Privacidade total de sua identidade, perfil, contatos e metadados

Ao contrário de outras plataformas de mensagens, o SimpleX não possui identificadores atribuídos aos usuários . Ele não depende de números de telefone, endereços baseados em domínio (como e-mail ou XMPP), nomes de usuário, chaves públicas ou mesmo números aleatórios para identificar seus usuários - não sabemos quantas pessoas usam nossos servidores SimpleX

Para entregar mensagens, o SimpleX usa endereços anônimos emparelhados de filas de mensagens unidirecionais, separadas para mensagens recebidas e enviadas, geralmente por meio de servidores diferentes. Usar o SimpleX é como ter um e-mail ou telefone “gravador” diferente para cada contato e sem problemas para gerenciá-los.

Esse design protege a privacidade de quem você está se comunicando, ocultando-a dos servidores da plataforma SimpleX e de quaisquer observadores. Para ocultar seu endereço IP dos servidores, você pode se conectar aos servidores SimpleX via Tor .

1. A melhor proteção contra spam e abuso Como você não possui um identificador na plataforma SimpleX, ninguém pode entrar em contato com você, a menos que você compartilhe um endereço de usuário único ou temporário, como um código QR ou um link. Mesmo com o endereço de usuário opcional, embora possa ser usado para enviar solicitações de contato de spam, você pode alterá-lo ou excluí-lo completamente sem perder nenhuma de suas conexões.

2. Propriedade, controle e segurança de seus dados

O SimpleX Chat armazena todos os dados do usuário apenas em dispositivos clientes usando um formato de banco de dados criptografado portátil que pode ser exportado e transferido para qualquer dispositivo compatível.

As mensagens criptografadas de ponta a ponta são mantidas temporariamente em servidores de retransmissão SimpleX até serem recebidas e, em seguida, são excluídas permanentemente.

Ao contrário dos servidores de redes federadas (e-mail, XMPP ou Matrix), os servidores SimpleX não armazenam contas de usuários, apenas retransmitem mensagens, protegendo a privacidade de ambas as partes.

Ao contrário dos servidores de redes federadas (e-mail, XMPP ou Matrix), os servidores SimpleX não armazenam contas de usuários, apenas retransmitem mensagens, protegendo a privacidade de ambas as partes.

Não há identificadores ou texto cifrado em comum entre o tráfego do servidor enviado e recebido - se alguém estiver observando, não poderá determinar facilmente quem se comunica com quem, mesmo que o TLS esteja comprometido.

1. Totalmente descentralizado — os usuários são proprietários da rede SimpleX

Você pode usar o SimpleX com seus próprios servidores e ainda se comunicar com pessoas que usam os servidores pré-configurados fornecidos por nós.

A plataforma SimpleX usa um protocolo aberto e fornece SDK para criar bots de bate-papo , permitindo a implementação de serviços com os quais os usuários podem interagir por meio de aplicativos de bate-papo SimpleX. A rede SimpleX é totalmente descentralizada e independente de qualquer criptomoeda ou qualquer outra plataforma, exceto a Internet.

Você pode usar o SimpleX com seus próprios servidores ou com os servidores fornecidos por nós.

Características SimpleXchat • Mensagens criptografadas por E2E com remarcação e edição

• Imagens e arquivos criptografados por E2E

• Grupos secretos descentralizados apenas os usuários sabem que eles existem

• Mensagens de voz criptografadas por E2E

• Mensagens desaparecidas

• Chamadas de áudio e vídeo criptografadas com E2E

• Banco de dados criptografado portátil — mova seu perfil para outro dispositivo

• Modo de navegação anônima exclusivo do SimpleX Chat

O que torna o SimpleX privado

https://nostr.build/i/nostr.build_4e6fa7bc41d22d7a9672fa23b04b7aa6d69938d7013ac1ea31212a854e6d1e97.jpg Identificadores par a par anônimos temporários O SimpleX usa endereços emparelhados anônimos temporários e credenciais para cada contato do usuário ou membro do grupo. Ele permite entregar mensagens sem identificadores de perfil de usuário, fornecendo melhor privacidade de metadados do que alternativas.

Troca de chaves fora de banda Muitas plataformas de comunicação são vulneráveis ​​a ataques MITM por servidores ou provedores de rede. Para evitar que os aplicativos SimpleX passem chaves únicas fora de banda, quando você compartilha um endereço como um link ou um código QR. https://nostr.build/i/nostr.build_9065e2600cf42d0bcf7bb89deb674eb0630c590bd043b1f8c92272011ec7a2ec.jpg

2 camadas de criptografia de ponta a ponta Protocolo de catraca dupla — mensagens OTR com sigilo de encaminhamento perfeito e recuperação de invasão. Criptobox NaCL em cada fila para evitar a correlação de tráfego entre as filas de mensagens se o TLS estiver comprometido. https://nostr.build/i/nostr.build_defe978ea10526b657bf35e6809f4385c82c7eca58b91ae3a0e81447dbf0bda3.jpg

Verificação da integridade da mensagem Para garantir a integridade as mensagens são numeradas sequencialmente e incluem o hash da mensagem anterior. Se alguma mensagem for adicionada, removida ou alterada, o destinatário será alertado. https://nostr.build/i/nostr.build_debf9317b88a015af37f8c610d4e1671bc495d1a80c2b6ea090d202fb332ba84.jpg Camada adicional de criptografia do servidor

Camada adicional de criptografia do servidor para entrega ao destinatário, para evitar a correlação entre o tráfego do servidor recebido e enviado se o TLS estiver comprometido. https://nostr.build/i/nostr.build_13793f89276380e221bd15f6173fe1221f550993a0902a249b5ba86e5fe1d237.jpg

Mistura de mensagens para reduzir a correlação Os servidores SimpleX atuam como nós de mistura de baixa latência — as mensagens recebidas e enviadas têm ordem diferente. https://nostr.build/i/nostr.build_1c7146ca7b3871ff1de184be78785e9e0c45cf2567f6147b260009d9c74925ed.jpg

Transporte TLS autenticado seguro Somente o TLS 1.2/1.3 com algoritmos fortes é usado para conexões cliente-servidor. A impressão digital do servidor e a ligação do canal evitam ataques MITM e de repetição. A retomada da conexão é desativada para evitar ataques de sessão. https://nostr.build/i/nostr.build_515af3c35a729f3dd47619965f76e3a8499ad1fe7694f2bbab14404cf5a77f6a.jpg

Acesso opcional via Tor Para proteger seu endereço IP, você pode acessar os servidores via Tor ou alguma outra rede de sobreposição de transporte. Para usar o SimpleX via Tor, instale o aplicativo Orbot e habilite o proxy SOCKS5 (ou VPN no iOS ). https://nostr.build/i/nostr.build_0c8f651db74c9ae2ab4d4424972b21d64af8dab2aa5364d4b140898bebfc42b0.jpg

Filas de mensagens unidirecionais Cada fila de mensagens passa mensagens em uma direção, com diferentes endereços de envio e recebimento. Ele reduz os vetores de ataque, em comparação com os corretores de mensagens tradicionais e os metadados disponíveis. https://nostr.build/i/nostr.build_a7b6103be59dbffb242e6b5d371767f6df3219a1cad2a0f05a278cfb7596ad3d.jpg

Várias camadas de preenchimento de conteúdo SimpleX usa preenchimento de conteúdo para cada camada de criptografia para frustrar ataques de tamanho de mensagem. Faz mensagens de tamanhos diferentes parecerem iguais para os servidores e observadores de rede. https://nostr.build/i/nostr.build_6ac8491d3e0236460bb914ea5dc1a23fea03e6c598cef6643949eea38e5fad44.jpg

A rede SimpleX diferente de outras redes P2P ao ser composta por clientes e servidores sem depender de um componente centralizado. Ele usa filas de mensagens unidirecionais redundantes (simplex) para comunicação, eliminando a necessidade de endereços exclusivos globalmente. As solicitações de conexão são protegidas contra ataques man-in-the-middle e as filas de mensagens simples são usadas pelos clientes para criar cenários de comunicação mais complexos. Os servidores não armazenam nenhuma informação do usuário e os usuários podem mudar de servidor com interrupção mínima.

Rede SimpleX

Simplex Chat fornece a melhor privacidade combinando as vantagens de redes P2P e federadas. https://nostr.build/i/nostr.build_062b212b3c43e9cab9e7290e6a052012c54acabadfeb962190ffe9783647f356.jpg

Ao contrário das redes P2P

Todas as mensagens são enviadas pelos servidores, proporcionando melhor privacidade de metadados e entrega de mensagens assíncronas confiáveis, evitando muitos problemas de redes P2P .

1. As redes P2P dependem de alguma variante do DHT para rotear mensagens. Os projetos DHT precisam equilibrar a garantia de entrega e a latência. O SimpleX tem melhor garantia de entrega e menor latência do que o P2P, pois a mensagem pode ser passada de forma redundante por vários servidores em paralelo, utilizando os servidores escolhidos pelo destinatário. Em redes P2P a mensagem é passada por nós O(log N) sequencialmente, usando nós escolhidos pelo algoritmo.

2. O design SimpleX, ao contrário da maioria das redes P2P, não possui identificadores globais de usuário de qualquer tipo, mesmo temporários, e usa apenas identificadores temporários emparelhados, fornecendo melhor anonimato e proteção de metadados.

3. O P2P não resolve o problema do ataque MITM e a maioria das implementações existentes não usa mensagens fora de banda para a troca inicial de chaves. O SimpleX usa mensagens fora de banda ou, em alguns casos, conexões seguras e confiáveis ​​pré-existentes para a troca inicial de chaves.

4. As implementações P2P podem ser bloqueadas por alguns provedores de Internet (como BitTorrent ). O SimpleX é agnóstico de transporte - ele pode funcionar sobre protocolos da Web padrão, por exemplo, WebSockets.

5. Todas as redes P2P conhecidas podem ser vulneráveis ​​ao ataque Sybil , porque cada nó é detectável e a rede opera como um todo. As medidas conhecidas para mitigá-lo exigem um componente centralizado ou uma prova de trabalho cara . A rede SimpleX não tem capacidade de descoberta de servidor, é fragmentada e opera como várias sub-redes isoladas, impossibilitando ataques em toda a rede.

6. As redes P2P podem ser vulneráveis ​​a ataques DRDoS , quando os clientes podem retransmitir e amplificar o tráfego, resultando em negação de serviço em toda a rede. Os clientes SimpleX apenas retransmitem o tráfego de conexão conhecida e não podem ser usados ​​por um invasor para amplificar o tráfego em toda a rede.

Ao contrário das redes federadas

Os servidores de retransmissão SimpleX NÃO armazenam perfis de usuário, contatos e mensagens entregues, NÃO se conectam entre si e NÃO há diretório de servidores. https://nostr.build/i/nostr.build_abadeb8361026101dc2e5888217cd7620d7cf01233a7961071bb07c49f7f9f0e.jpg

os servidores fornecem filas unidirecionais para conectar os usuários, mas não têm visibilidade do grafo de conexão de rede — somente os usuários têm. https://nostr.build/i/nostr.build_0f281d6b89e96efcc9334384ae9f251c529feb136748dd0846e249a715e2a5e3.jpg

Simplex explicado

1. O que os usuários experimentam https://nostr.build/i/nostr.build_157aa796dd3953b830e5643a5e98bb07b09d1ab8737a4f8b39d26e3637902ae8.jpg Você pode criar contatos e grupos e ter conversas bidirecionais, como em qualquer outro messenger.

Como trabalhar com filas unidirecionais e sem identificadores de perfil de usuário?

1. Como funciona https://nostr.build/i/nostr.build_fda66ead74bed1a72139cf9ce9cbe96eea7a09b9007151a576124f8cab39952d.jpg

Para cada conexão, você usa duas filas de mensagens separadas para enviar e receber mensagens por meio de servidores diferentes.

Os servidores passam mensagens apenas de uma maneira, sem ter uma imagem completa da conversa ou das conexões do usuário.

1. O que os servidores veem https://nostr.build/i/nostr.build_e95db233e71ef8ff53590e740095429338c8aba8fba846431d81112ffba01932.jpg

Os servidores possuem credenciais anônimas distintas para cada fila e não têm conhecimento da identidade dos usuários.

A implementação Roteamento de Mensagens Privadas na Rede SimpleX é um marco significativo na evolução do Protocolo de Mensagens SimpleX, elevando a privacidade dos usuários a outro patamar! https://image.nostr.build/f77c4336cb335cb87dab6645bbac7a8f6a99d8b8e7a787511918c740558b5be7.jpg

Qual é o problema? https://image.nostr.build/4ad92ca6d702155c97849fce854f6c3101ac979b21781620500edd357ab6d7a3.jpg

Design da rede Simplex sempre se concentrou na proteção da identidade do usuário no nível do protocolo de mensagens - não há identificadores de perfil de usuário de qualquer tipo no design do protocolo, nem mesmo números aleatórios ou chaves criptográficas. Porém, até este lançamento, a rede SimpleX não tinha proteção integrada de identidades de transporte de usuários - endereços IP. Como anteriormente os usuários só podiam escolher quais retransmissores de mensagens usar para receber mensagens, esses retransmissores poderiam observar os endereços IP dos remetentes e, se esses retransmissores fossem controlados pelos destinatários, os próprios destinatários também poderiam observá-los - seja modificando o código do servidor ou simplesmente rastreando todos os endereços IP conectados.

Para contornar essa limitação, muitos usuários se conectaram a retransmissores de rede SimpleX via Tor ou VPN – para que os retransmissores dos destinatários não pudessem observar os endereços IP dos usuários quando eles enviassem mensagens. Ainda assim, foi a limitação mais importante e mais criticada da rede SimpleX pelos usuários.

O que é roteamento de mensagens privadas e como funciona?

O roteamento de mensagens privadas é um marco importante para a evolução da rede SimpleX. É um novo protocolo de roteamento de mensagens que protege os endereços IP dos usuários e as sessões de transporte dos retransmissores de mensagens escolhidos por

Seus contatos. O roteamento de mensagens privadas é, efetivamente, um protocolo de roteamento cebola de 2 saltos inspirado no design do Tor, mas com uma diferença importante - o primeiro retransmissor (encaminhamento) é sempre escolhido pelo remetente da mensagem e o segundo (destino) - pelo destinatário da mensagem. Desta forma, nenhum lado da conversa pode observar o endereço IP ou a sessão de transporte do outro.

Ao mesmo tempo, os retransmissores escolhidos pelos clientes remetentes para encaminhar as mensagens não conseguem observar para quais conexões (filas de mensagens) as mensagens são enviadas, devido à camada adicional de criptografia ponta a ponta entre o remetente e o retransmissor de destino, semelhante ao funcionamento do roteamento cebola na rede Tor, e também graças ao design do protocolo que evita quaisquer identificadores repetidos ou não aleatórios associados às mensagens, que de outra forma permitiriam correlacionar as mensagens enviadas para diferentes conexões como enviadas pelo mesmo usuário. Cada mensagem encaminhada para o retransmissor de destino é adicionalmente criptografada com uma chave efêmera única, para ser independente das mensagens enviadas para diferentes conexões.

O protocolo de roteamento também evita a possibilidade de ataque MITM pelo retransmissor de encaminhamento, que fornece ao certificado as chaves de sessão do servidor de destino para o cliente remetente que são assinadas criptograficamente pelo mesmo certificado que está incluído no endereço do servidor de destino, para que o cliente possa verifique se as mensagens são enviadas para o destino pretendido e não interceptadas.

O diagrama abaixo mostra todas as camadas de criptografia usadas no roteamento de mensagens privadas: https://image.nostr.build/c238546e47b00dfea742ab1fc008ff51811240025a603dfbcc94b5bc14b5aa88.jpg

e2e - duas camadas de criptografia ponta a ponta entre clientes remetentes e receptores, uma das quais usa algoritmo de catraca dupla E2EE Post-quantum. Essas camadas de criptografia também estão presentes na versão anterior do protocolo de roteamento de mensagens.

s2d - criptografia entre o cliente remetente e o retransmissor de destino do destinatário . Essa nova camada de criptografia oculta os metadados da mensagem (endereço de conexão de destino e sinalizador de notificação de mensagem) da retransmissão de encaminhamento.

f2d - nova camada de criptografia adicional entre retransmissores de encaminhamento e destino , protegendo contra correlação de tráfego caso o TLS seja comprometido - não há identificadores ou texto cifrado em comum entre o tráfego de entrada e saída de ambos os retransmissores dentro da conexão TLS.

d2r - camada de criptografia adicional entre o retransmissor de destino e o destinatário, protegendo também da correlação de tráfego caso o TLS seja comprometido.

TLS - criptografia de transporte TLS 1.3. Para que o roteamento privado funcione, tanto a retransmissão de encaminhamento quanto a de destino devem suportar o protocolo de mensagens atualizado - ele é compatível com a versão 5.8 das retransmissões de mensagens.

https://image.nostr.build/2edbb7721c3ccf8a21274e96e25ee076c3522323870d92b73dbd1f6bda66fce8.jpg

Passo a passo do aplicativo nostr:nprofile1qqsvnx99ww0sfall7gpv2jtz4ftc9v6wevgdd7g4hh7awkpfvwlezugpzdmhxue69uhhqatjwpkx2urpvuhx2ue0chkv5c

Backup e Recuperação de Dados:

• instalação do aplicativo.

• Exportação do banco de dados Backup.

• Importação do Backup do banco de dados.

• Baixe e Instale o Aplicativo:

• baixar o SimpleXchat no F-droid ou Obtainium.

F-droid

https://simplex.chat/fdroid/

https://f-droid.org/packages/chat.simplex.app/

Obtainium.

https://github.com/simplex-chat/simplex-chat

• Faça o download e instale o aplicativo em seu dispositivo móvel.

Criando seu perfil:

1. Criar perfil:

2. Clique em “CRIE SEU PERFIL”, contatos e mensagens são armazenados localmente em seu dispositivo.

https://image.nostr.build/e109c9fd5ea327640f0af2d6396aaa7e7d85594c6b20fd6ed426a558195a0021.jpg

1. Nome de Exibição exemplo: Alex teste :-)

2. Toque em "Criar" para configurar seu perfil e começar a usar o SimpleXchat.

https://image.nostr.build/96a1c59d370d554ada31e91301857825af7975b29eb82fe8fcb5cbba9d40bf23.jpg

1. Endereço SimpleX:

2. Clique no nome “Criar endereço SimpleX “

3. clicar em " continuar "

Ou Clicar em " Não criar endereço " pode criá-lo mais tarde.

https://image.nostr.build/cb91c0c1d43ce6c1a310cf2547cc88510529db3c2a5ce17ca79ec5d9269cb58e.jpg

https://image.nostr.build/47595ab6c17183c267fab2892a8d188b2e9fe29f067c8d96afec2ddbb9feda95.jpg

1. Notificação privadas

2. Escolha o tipo de notificação que prefere 3 opções.

Escolha a opção aberta em “ USAR BATE- PAPO “

https://image.nostr.build/96027dc0c47bdcb8a9c5017592bd6828f8e2d752883c826c08105aec340f1d81.jpg

• Backup e Recuperação de Dados:

• Cópia de segurança. “Clicar no canto superior lado esquerdo na foto de perfil“

Selecione a opção “Senha e Exportação de Banco de Dados“

https://image.nostr.build/7918c90aec373af57ccdcb1194e9277ab85aabadf83ac1d35065ec2a9f2b0aef.jpg

Desabilite a opção “O bate-papo está em execução ”

Clique em “parar”

https://image.nostr.build/8473fac2cef41d35451abcf8b40101630caf92b30f01e51767df1cc428dd8a70.jpg

https://image.nostr.build/bdd691b738712f98107c7da404d693d9cccce58c2afb89a2d6f649190e13a3e2.jpg

Seu banco de dados de bate-papo tem 4 opções.

• Senha do banco de dados

• Exportar banco de dados

• Importar banco de dados

• Excluir banco de dados

Clique na primeira opção " Senha do banco de dados "

• O Banco de Dados tem seus contatos e grupos e é protegido por sua senha que criptografa o banco de dados. Recomenda-se trocar essa senha padrão.

https://image.nostr.build/91859f269fbca9d02009652f2f9b3f76abcaa9de8647b48b5d20bee291e32ba3.jpg

Clicar na primeira opção " Senha de banco de dados "

Lembre-se de usar uma senha forte.

Após adicionar senha clique em “Atualizar senha do banco de dados”

https://image.nostr.build/3d84eb9954080589ea79050420300baa7e095f1dfc37c925ec4abf7abb047675.jpg

Vai aparecer um aviso.

Alterar senha do banco de dados? A senha de criptografia do banco de dados será atualizada e armazenada no keystore. Guarde a senha em um local seguro, você NÃO poderá alterá-la se a perder.

https://image.nostr.build/61dcdfdb82764df8855ef9e15c453b42d9c87fd23ea9e797ea066ad31f94fd61.jpg

Só clique em “Atualizar” demora 1 minuto aparece a mensagem “banco de dados criptografado!” Só clique em “ok”

https://image.nostr.build/8c303857ae63b803792f71273b4891f7adcfdbc3d0a428ecde2abbfef168781d.jpg

• Clique na opção 2.

Exportar banco de dados.

https://image.nostr.build/91859f269fbca9d02009652f2f9b3f76abcaa9de8647b48b5d20bee291e32ba3.jpg

Tem duas poções para salvar na memória do Celular, Pendrive, componentes externos de sua preferência.

• Por padrão Vai abrir a memória do celular para salvar o arquivo backup criptografado na pasta de sua escolha.

• Pra guardei no pendrive é necessário um cabo OTG para salvar o backup criptografado. Conecte um cabo OTG no celular, alguns celulares já confirmam automaticamente e entram diretamente na pasta do seu pendrive outros aparece um aviso pra aceitar pendrive. Depois basta selecionar o pendrive e salvar o backup.

https://image.nostr.build/c3bd4ca72270d651f4ea7125ac697cd11cb47316e4f0d18e8dfef732579ae77b.jpg

• Clique na opção

1. Importar banco de dados.

https://image.nostr.build/91859f269fbca9d02009652f2f9b3f76abcaa9de8647b48b5d20bee291e32ba3.jpg

• Caso você perca seu celular, você não tem acesso ao backup. Mas se você tiver salvo no pendrive ou componentes externos, basta seguir as etapas a seguir.

• Faça a instalação do aplicativo e crie uma nova conta, selecione a opção "Senha e Exportação de Banco de Dados" e desabilite a opção "Chat em Execução". Isso permitirá que você faça a importação do backup.

Clique na opção Importar banco de dados.

Selecione o artigo do backup no pendrive ou na pasta dentro do novo celular só basta clicar no arquivo.

https://image.nostr.build/47cac70f4ba0520c060da98b4b3559f621757d98b4f963b1b1fd2cc522eafa45.jpg

Vai aparecer um aviso.

Importa banco de dados de Chat?

Seu banco de dados do Chat atual será EXCLUÍDO ou SUBSTITUÍDO pelo importado.

Essa ação não pode ser desfeita - Seu perfil, contatos, mensagens e arquivos serão perdidos de forma irreversível.

Só clique em "importar"

https://image.nostr.build/fdfa5e4ba2b6cd1a2b9116633da3f8a7cf91f41dd6d5739582f4e112ae384f7a.jpg

Vai aparecer um aviso.

Banco de dados de chat Importado.

Reinicie o aplicativo para usar o banco de dados do chat Importado.

Só clique em "ok"

Depois Habilite a opção "o bate-papo está parado"

https://image.nostr.build/1f261f36262d5a6cf593b5cb09abdb63ace7bf63f0e66bee7b949850972b3f92.jpg

A senha do banco de dados é necessária para abrir o Chat.

Digite a senha do seu banco de dados.

Depois é só clicar em "salvar senha e abrir Chat"

Pronto foi feita a recuperação de todos os meus dados, incluindo contatos, mensagens e grupos✅️

https://image.nostr.build/28f13ac654c68c890495cbf9689d09946b7af1ecc00a796b9ffd6d64059f4516.jpg

https://image.nostr.build/aae866f7577995bda6735e0a5e4683770bac2af845ae8b552da6526c4f589f08.jpg

Protegendo sua Privacidade no SimpleX Chat.

https://image.nostr.build/88fe0bf337105a3be94754c64bedfbe17d35c586714aa225d0179a379f9a1f71.jpg

Recentemente, tive uma experiência interessante ao explorar as opções de privacidade e segurança no SimpleX Chat. Uma funcionalidade que me chamou a atenção foi a opção de senha de auto destruição, que oferece uma camada adicional de proteção aos dados sensíveis.

Ao configurar o SimpleX Chat para usar senha de auto destruição, percebi o quão poderosa essa ferramenta pode ser para proteger minha privacidade. Após ativar essa opção, qualquer tentativa de acessar meu perfil precisa da senha escolhida por mim. E, se alguém tentasse forçar a abertura do aplicativo, eu posso simplesmente digitar a senha de auto destruição seria apresentado um perfil vazio, sem histórico de conversas. Essa função e bem útil em situações extremas.

A configuração da senha de auto destruição é simples mas poderosa.

Basta acessar as configurações de privacidade e segurança.

https://image.nostr.build/4fb6166656b544c645f316dfc4dad3b9e787b280745992dab30786b0bd0c2ee5.jpg

Aberta na opção de bloqueio SimpleX.

https://image.nostr.build/b866d08644b64884101aae6d011248a3557ac80bcc6e442ae8f62bdb3ee69776.jpg

mudar para a opção de senha. Em seguida, é possível escolher se deseja ativar a senha de auto destruição e inserir a senha desejada.

https://image.nostr.build/867d375825640721ee888e524455fb539df50be87df901dcf0ccfa19f2267576.jpg

Só basta adicionar a senha.

https://image.nostr.build/5bfb500816f814eab189283a64086ad47f32671d8e42558f3f911676ff4df741.jpg

https://image.nostr.build/59323fa6900d4f3b27b39b032f7c2cffdbf379a77c53ed9180c0ace0ca903950.jpg

Pronto. Está Ativado a senha de auto destruição.

https://image.nostr.build/511f82832d1e72d0363cfc5b7b201aaba56f65cfa00360d1c1f4d8d188bb3cdf.jpg

Uma vez configurada, a senha de auto destruição garante que todos os dados, incluindo backups, sejam eliminados permanentemente se a senha de auto destruição for inserida ao desbloquear o aplicativo.

Tenha um backup no pendrive ou em outro local guardado.

https://image.nostr.build/dfbbc5ef805194cc00a09fb690fc76896ada9a9d3f98e8b141f52c72342e2625.jpg

https://image.nostr.build/32a771a0ba2bae47f45f900fc765ffbeae0374724a1a0140c0f2cef83a2e5c2f.jpg

Essa funcionalidade oferece uma tranquilidade adicional ao utilizar o SimpleX Chat, pois sei que meus dados estão protegidos contra acesso não autorizado. Além disso, a capacidade de criar um perfil vazio para ocultar a identidade real é uma ferramenta valiosa em situações críticas , proteger meus dados sensíveis e manter minha privacidade intacta.

https://medium.com/@alexemidio/o-simplexchat-%C3%A9-uma-plataforma-de-mensagens-revolucion%C3%A1rias-que-redefinem-a-privacidade-sendo-o-4690f2a1b2d4

Podcast muito bom no @optoutpod com o criador @epoberezkin https://youtu.be/LrLsS7-woN0

Site : https://simplex.chat/

Protocolo de bate-papo: https://github.com/simplex-chat/simplex-chat/blob/stable/docs/protocol/simplex-chat.md

Whitepaper, incluindo modelagem de ameaças: https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md

Execute seu próprio servidor SimpleX SMP: https://github.com/simplex-chat/simplexmq

https://play.google.com/store/apps/details?id=chat.simplex.app

Como auto-hospedar servidor Simplexchat

https://youtu.be/p1NF68KIt7M?si=Nhwa8ZajmAvke6lW

https://youtu.be/p1NF68KIt7M?si=uZqOtVu0sLWLXBJX

https://simplex.chat/docs/server.html

https://github.com/simplex-chat/simplexmq

@ bb0174ae:75f7239a

What is Cyphermunk House? It is everything that is unprovided. It is the education that is never taught. It is the culture that is never commissioned. It is the space for the community that was never allowed to flourish because an equitable economy was never allowed to grow. It is a space to BE YOUR OWN BANK and a space to STAY HUMBLE.

Cyphermunk House is London’s Bitcoin beacon. Providing sanctuary from the mainstream; from the politics of division, the brainwashing of legacy media, the predictive programming of film, the ‘three-quarter reptiles’ of music, the ‘shock value, indignation and existential angst’ of modern art and the centuries long corruption and exploitation of central banking. It is counter culture in extremis. A hotspot of no fear. A 21st space where fiat pastimes are secondary and pleb living is primary.

What is bitcoin? Cross the threshold. How do you obtain it? Take a seat. Want to stack? Let’s begin. Dive into the mathematics of hope, the code of change and the magic of self-sovereignty. In here we educate, providing knowledge to match the student whether you are a stone-cold newb or a humble stacktivist. In return we learn that there are still so many who are yet to realise that money is broken, issuance matters and a bitcoin can be divided into things called sats. In other words, there is work to be done.

Work that is evolving like that which inspires us. Can we educate? Can we provide space for people from all walks of life? Can we provide the seeds for discussion, the platform for ideas and the spectacle that confronts the issues in our society? Can we get a former Minister of State to laser eye his image?

So far, we are meeting these challenges, with more newbs through our doors than we could ever imagine, lured in by the rabbit of an upended banknote and their own curiosity. What the hell is that? And what's going on inside this rabbit warren of a building a mile’s crow flight from the life supported heart of British financial might.

The ‘what’ is huge. Education. Culture. Freedom. And community. That same orange cocktail that bitcoin is pouring all over the world. Standing in direct opposition to the trends of indoctrination, centralisation and isolation that have pushed the group to the fringe and questioned the very idea that humans are social beings. In our world, meetups, conferences and real-world spaces are thriving. Education is pleb-led and free. And our culture is king.

I have witnessed the artistic offerings of this capital a lifetime over; dance on rooftops, songs beneath the river and Shakespeare performed by a man and a cast of sheep. In three short decades I have worked across music, theatre, film and art, and now find myself at the helm of Cyphermunk House. What is being created within these walls is more inspiring and exciting than anything the Tate has ever shown me, or the West End, or the Dome. This is the edge of the cultural moment. Lightning sharp and electric.

Because our culture does more than entertain. It informs. And transforms. And it is happening everywhere, simultaneously. And in this tiny postcode of West Central London, it is happening hard. We are 'Privacy Defenders'. We will expose 'The Ugly Reality of War Crimes' and we will declare that 'Coin Mixing is My Right' and yours too as we work towards a 'Humanity in Consensus'. Inspired? Come along and chuck it on the walls in the paradise paint of a world being built from the ground up. For this is the culture of code and it will not be put back in the box.

And yes the space is temporary, six more months perhaps, but its temporality is tangible forever, nostr makes it so. Our records permanent, our doors always open. Always sharing knowledge, wisdom and advice. While in these moments of tangibility, these blocks of time in meters of space, we will fire up the beacons and summon the zaps, for bitcoiners, artists, outcasts and dreamers to the temporal dance of rebellion that burns behind these doors.

“In the same way El Salvador felt way ahead of its time – a nation state adopting bitcoin as legal tender. This feels like it’s a cycle too early too. Surely, we shouldn’t have something this good till the 6th epoch." - Si, Bitcoin Events UK

And when we close our doors and move to pastures new, we will not forget the power we are finding - the power to redefine the rules. For this is how to use bitcoin and release the burden on the current system. It stands as a testament to the power of code that you can run an entity, without barriers, without red tape, without announcing your names or identity, where you create the rules.

And so we invite you to the Bitcoin Culture Festival at Tooting Market, The Dockside Vaults and Cyphermunk House, and an explosion of culture from the We Are 2140 collective. Together we will host a brand-new exhibition; the Culture of Code and stamp a sequence of blocks with so much creativity that no Londoner will miss it.

These are the signals of hope found in a civilisation mathematically backed by a money that extracts nothing from you. Embrace them. Support them - your fellow plebs and meetups. Network, connect and build. There is so much more to do and so much more to learn, but for now I've learnt this much - align your passions with bitcoin and every moment is a pill.

Onward plebs.

FIND OUT MORE

bitcoinculturefestival.london

2140.wtf

cyphermunkhouse.com

OUR PARTNERS / SPONSORS

ANGOR

BITCOIN EVENTS HQ

YAKIHONNE

GEYSER

@ 8fb140b4:f948000c

Test Bounty Note

@ 8fb140b4:f948000c

Intro

This short tutorial will help you set up your own Nostr Wallet Connect (NWC) on your own LND Node that is not using Umbrel. If you are a user of Umbrel, you should use their version of NWC.

Requirements

You need to have a working installation of LND with established channels and connectivity to the internet. NWC in itself is fairly light and will not consume a lot of resources. You will also want to ensure that you have a working installation of Docker, since we will use a docker image to run NWC.

• Working installation of LND (and all of its required components)
• Docker (with Docker compose)

Installation

For the purpose of this tutorial, we will assume that you have your lnd/bitcoind running under user bitcoin with home directory /home/bitcoin. We will also assume that you already have a running installation of Docker (or docker.io).

Prepare and verify

git version - we will need git to get the latest version of NWC. docker version - should execute successfully and show the currently installed version of Docker. docker compose version - same as before, but the version will be different. ss -tupln | grep 10009- should produce the following output: tcp LISTEN 0 4096 0.0.0.0:10009 0.0.0.0: tcp LISTEN 0 4096 [::]:10009 [::]:**

For things to work correctly, your Docker should be version 20.10.0 or later. If you have an older version, consider installing a new one using instructions here: https://docs.docker.com/engine/install/

Create folders & download NWC

In the home directory of your LND/bitcoind user, create a new folder, e.g., "nwc" mkdir /home/bitcoin/nwc. Change to that directory cd /home/bitcoin/nwc and clone the NWC repository: git clone https://github.com/getAlby/nostr-wallet-connect.git

Creating the Docker image

In this step, we will create a Docker image that you will use to run NWC.

• Change directory to nostr-wallet-connect: cd nostr-wallet-connect
• Run command to build Docker image: docker build -t nwc:$(date +'%Y%m%d%H%M') -t nwc:latest . (there is a dot at the end)
• The last line of the output (after a few minutes) should look like => => naming to docker.io/library/nwc:latest
• nwc:latest is the name of the Docker image with a tag which you should note for use later.

Creating docker-compose.yml and necessary data directories

• Let's create a directory that will hold your non-volatile data (DB): mkdir data
• Indocker-compose.ymlfile, there are fields that you want to replace (<> comments) and port “4321” that you want to make sure is open (check with ss -tupln | grep 4321which should return nothing).
• Create docker-compose.ymlfile with the following content, and make sure to update fields that have <> comment:

version: "3.8" services: nwc: image: nwc:latest volumes: - ./data:/data - ~/.lnd:/lnd:ro ports: - "4321:8080" extra_hosts: - "localhost:host-gateway" environment: NOSTR_PRIVKEY: <use "openssl rand -hex 32" to generate a fresh key and place it inside ""> LN_BACKEND_TYPE: "LND" LND_ADDRESS: localhost:10009 LND_CERT_FILE: "/lnd/tls.cert" LND_MACAROON_FILE: "/lnd/data/chain/bitcoin/mainnet/admin.macaroon" DATABASE_URI: "/data/nostr-wallet-connect.db" COOKIE_SECRET: <use "openssl rand -hex 32" to generate fresh secret and place it inside ""> PORT: 8080 restart: always stop_grace_period: 1m

Starting and testing

Now that you have everything ready, it is time to start the container and test.

• While you are in the nwcdirectory (important), execute the following command and check the log output, docker compose up
• You should see container logs while it is starting, and it should not exit if everything went well.
• At this point, you should be able to go to http://<ip of the host where nwc is running>:4321 and get to the interface of NWC
• To stop the test run of NWC, simply press Ctrl-C , and it will shut the container down.
• To start NWC permanently, you should execute docker compose up -d , “-d” tells Docker to detach from the session.
• To check currently running NWC logs, execute docker compose logs to run it in tail mode add -f to the end.
• To stop the container, execute docker compose down

That's all, just follow the instructions in the web interface to get started.

Updating

As with any software, you should expect fixes and updates that you would need to perform periodically. You could automate this, but it falls outside of the scope of this tutorial. Since we already have all of the necessary configuration in place, the update execution is fairly simple.

• Change directory to the clone of the git repository, cd /home/bitcoin/nwc/nostr-wallet-connect
• Run command to build Docker image: docker build -t nwc:$(date +'%Y%m%d%H%M') -t nwc:latest . (there is a dot at the end)
• Change directory back one level cd ..
• Restart (stop and start) the docker compose config docker compose down && docker compose up -d
• Done! Optionally you may want to check the logs: docker compose logs

@ 1bda7e1f:bb97c4d9

Tldr

• Nostr relays help users post and read notes on the network
• Relay operators have launched a variety of relays for you to use
• You too can launch your own relay for any reason you like
• Launching your own relay gives you a lot of power in how you use Nostr
• Many relay softwares exist for you to use
• I launched a personal relay using HAVEN relay software on my VPS
• I am now more in control of saving notes, cutting spam, and protecting my privacy
• My personal relay is now hosted at relay.rodbishop.nz

What are Nostr Relays Anyway?

When you're a user of a social network, you post and read notes from other users on the network. In a centralised network like Twitter or Instagram the company's servers receive all user's notes and relay them to other users. On Nostr, there is no single company's servers to relay messages, so instead the task is taken up by relay operators.

Anyone can be a relay operator and they can run a relay for any purpose. When you start using Nostr you will usually be connected to any one of a number of "public" relays, and be able to post and receive notes from users on the network via these.

Configuring these relays can tailor your experience somewhat–for example the client Nostrudel allows you to select from Western or Japanese relay set.

It is also possible to set up your own relay to use for your own purposes. All kinds of people have launched relays for all kinds of purposes. For example, to:

• Power your own client
• Support your community
• Run a for-profit relay business
• Relay a certain a type of content you need
• Back up your own notes, decrease spam, or increase privacy
• Curate your own social feed with your own algorithm

Relay instances available to connect with

Today is an interesting time in relay-ops. The evolution of the technology has inspired users to experiment with diverse types of relays tailored to various needs. As a result there are very many relay instances in operation and available to connect with.

A few sites try to collate which relays are in operation, like nostr.info and xport.top and sesseor's relay list . These lists are long (Sessor's list counted 2,500+ relays) and it's not clear to me whether it's even possible to be comprehensive as relays may join or leave the network all the time.

Broadly speaking, relays might be available for different users to use in different ways:

• A relay where anyone can post, like relay.damus.io
• A paid relay where anyone can post after payment, to cut spam, like nostr.wine
• A "web of trust" relay where anyone can post if they are related to the owner's social graph, to cut spam, like nostrelites.org
• A speciality relay where a particular community can post, like nostr.com.au for #austriches (Australians)
• A relay where anyone can post just specific content, like purplepag.es for user profiles only
• A team relay for your company or organisation only
• A personal relay for your own personal use

Nostr.Band shows which of these available relays are most popular, such as relay.damus.io and nos.lol and eden.nostr.land

Relay softwares for you to launch your own

You may decide to launch you own relays, and if you do there are many different relay softwares to choose from:

• Simple, like Bucket (<100 lines of code)
• Widely used, like Nostream (top ranked on Github)
• Customisable, like Khatru (a framework for customised relays)
• Specialised, like HAVEN or Team Relay (for personal or teams relays, based on Khartu)

You can run these on your own server, or local machine, or phone or with a third-party host.

Aljaz provides a great resource with 45+ relay softwares to choose from.

In summary, at a high level,

• Anyone can connect to any of the relay instances that are available for them to use
• Anyone who wants to launch their own can select the relay software that best suit their needs, launch an instance, and have it used by whichever users they like

Reasons to Run Your Own Relay

As a normal user of a Nostr client there's no obligation to run a relay. But having your own relay does give you more power.

For my own journey down the #nostr rabbit hole, I was looking for a relay to:

• back up my notes
• decrease spam
• increase my privacy
• learn skills I could later use for running a community or team or paid relay

Backing up notes – When you post notes to a public relay there's no guarantee that the relay is going to keep them long-term. It's job is relaying your notes to other clients, not storing them. Running your own relay allows you to keep your notes online.

Decrease spam – To first spam we can use a "Web of Trust" model–in which users endorse other users as trustworthy. A "Web of Trust" relay will reject notes from parties too far removed from your network. Running your own relay makes you more difficult to spam.

Increasing privacy – When you connect to a public relay, they can determine personal information about you, such as your IP address. Running your own relay keeps things more private.

For communities and teams and paid relays – Many opportunities exist to tailor relays to certain users needs, be they businesses or communities or as a for-profit business. For me, I am hoping that running my own relay helps me learn skills I can use in these kinds of further ventures.

To start I decided to focus on a personal relay. However, when I really got under the hood, it turned out I would need multiple relays not just one.

The outbox model

Mike Dilger proposed the outbox model (originally called the gossip model) as a way for users to engage with the wider Nostr network. It's a great model that is helpful to understand, as it suggests to establish different relays for different purposes.

Many clients and relay softwares have now adopted and continued to elaborate on this model. An example is to run specialised relays for Outbox, Inbox, Chat and Private needs.

Outbox Relay (also called Home Relay)

• This relay is for notes you have written, so that everyone knows where to find your notes
• In a set up where you are running your own, this relay is restricted so that only you can post to it, and you should set up your clients to post your notes to it
• An advanced version may take any notes received to this relay and "blast" them to other public relays so that your notes get wider reach

Inbox Relay (also called Public Relay)

• This relay is for public notes that other users want you to see, so that you always find notes that are relevant to you, including all replies, comments, likes, and zap payments
• In a set up where you are running your own, this relay is where you should look for notes relevant to you, and you should set up your clients to read from it
• An advanced version may search other public relays for notes that tag you, and import them into this relay so that you never miss a relevant note

Chat Relay (also called Direct Message Relay)

• This relay is for private direct message notes from other users, so that you always find your direct messages and so that they stay private
• In a set up where you are running your own, this relay is restricted so that only you can read from it, and you should set up your clients to read from it
• An advanced version may cut spam by only accepting direct messages from other users within your Web of Trust

Private Relay

• This relay is for your private use only, so that you can store private drafts or thoughts
• Only you can write to it and only you can read from it (and so, it is a bit mis-named as it does not actually relay anything to anywhere at all)
• In a set up where you are running your own, it gives you true privacy for these notes

In summary as a user

• I post my notes to my outbox relay. Network users can read them there, and if the relay is advanced it will also blast the notes out to other relays on the network
• I read from my inbox relay. Network users know to reach me there, and if the relay is advanced it will also bring me notes from the wider network
• I can have private direct message conversations with others in my chat relay.
• I can save private notes in my private relay

For me, this model has a lot of appeal and I went looking for a personal relay which adopted this model and contained all of these features.

HAVEN as a personal relay

I decided to go with HAVEN relay software.

HAVEN is all four of the above relays in one–outbox, inbox, chat and private. It contains advanced features like blasting your notes from outbox to other relays, importing notes from other relays to your inbox, and preventing spam with Web of Trust.

HAVEN is written by Utxo the Webmaster . It is based upon the Khatru relay framework by Fiatjaf

Setting up HAVEN as a Personal Relay

I am mostly non-technical, but on my #Nostr journey I have been having success with technology set ups that use Docker.

• I have a cheap VPS which currently runs Albyhub and Phoneixd with Docker,
• My objective was to set up HAVEN to run alongside it, in a separate Docker on the same server. HAVEN does not include Docker by default, but Sebastix published a fork with Docker support.

To get HAVEN up and running in Docker on your VPS:

1. Clone and configure HAVEN with the right variables
2. Launch it in Docker on your VPS
3. Check the URLs and logs to see your HAVEN running
4. Configure a subdomain to point to the VPS
5. Configure the VPS to reverse proxy to the Docker port
6. Configure the relays in your favourite Nostr client
7. Post a note to your outbox and see if it blasts!

Running HAVEN

I cloned Sebastix fork to start.

git clone -b docker_compose_support https://github.com/nostrver-se/haven.git cd haven

The software sets up all environment variables in the .env file, and comes with an .env.example file. Duplicate and rename the file to .env. Within the .env file you need to set up the environment variables. The file is long but it contains lots of repetition and for the most part defaults can be retained–only a few changes are required:

• Replace all instances of the default user npub with your own (for me, npub1r0d8...)
• Change the default relay URL to your own (for me, relay.rodbishop.nz)
• Replace all instances of the default name in the relay names (for me, "Rod's ...")
• Replace all instances of the default profile image with your own

To enable automatic blasting from your outbox, and importing to your inbox, the software comes with an example list of relays to blast and import from. See relays_blastr.example.json and relays_import.example.json. To use these features simply duplicate and rename these files to relays_blastr.json and relays_import.json respectively. Within these files you can specify the public relays of your choice. I simply used the default list.

There are other features available, such as backups and initial imports, but I decided to handle these later. To start with I wanted to launch the relay and test it.

To launch the relay run Docker Compose.

docker-compose up -d docker logs haven-relay

Then you should explore the logs in the command line and the ports in your browser to see if it launched successfully. The logs should show your web of trust has been built successfully and the browser should show simple landing pages.

The logs should show that the relay has queried the network and built a web of trust from your followers. Mine looked as follows.

2024/10/14 12:02:08 🌐 building web of trust graph 2024/10/14 12:02:16 🫂 total network size: 13296 2024/10/14 12:02:16 🔗 relays discovered: 335 2024/10/14 12:02:17 🌐 pubkeys with minimum followers: 9394 keys

Your browser should show you have four relays in operation, for example as follows.

• your_IP_address:3355 (your outbox or home relay)
• your_IP_address:3355/private (your private relay)
• your_IP_address:3355/chat (your direct message relay)
• your_IP_address:3355/inbox (your inbox relay)

That's it. Your relay is online.

Connecting HAVEN

Now all that remains is the plumbing to connect your domain, relay, and Nostr clients together.

Configure DNS

First, configure your domain. At a high level –

1. Get your domain (buy one if you need to)
2. Get the IP address of your VPS
3. In your domain's DNS settings add those records as an A record to the subdomain of your choice, e.g. relay as in relay.your_domain_name.com, or in my case relay.rodbishop.nz

Your subdomain now points to your server.

Configure reverse proxy

Next, you need to redirect traffic from your subdomain to your relay at port 3355.

On my VPS I use Caddy as a reverse proxy for a few projects, I have it sitting in a separate Docker network. To use it for my HAVEN Relay required two steps. I am sure that the way I do this is not very elegant, but it worked. If you prefer a different method, the HAVEN readme also comes with instructions on how to perform a similar setup using nginx.

For my method, my steps were as follows:

1. Add configuration to Caddy's Caddyfile to tell it what to do with requests for the relay.rodbishop.nz subdomain
2. Add the Caddy Docker network to the HAVEN docker-compose.yml to make it be part of the Caddy network

For the addition to the Caddyfile, I used as follows:

relay.rodbishop.nz { reverse_proxy haven-relay:3355 { header_up X-Forwarded-For {remote} header_up X-Forwarded-Proto {scheme} header_up X-Forwarded-Port {server_port} } }

For the addition to the docker-compose.yml, I used as follows:

``` networks: - caddy # Added this line to services to connect to the Caddy network

networks: caddy: external: true # Added this to section specify the Caddy network ```

Once your DNS configuration and reverse proxy setup are completed, you should now be able to access your Nostr client at relay.your_domain_name.com. For my set up, this was relay.rodbishop.nz.

Connecting your Nostr client

Most Nostr clients allow you to specify any relay you choose. My go-to client at the moment is Amethyst on Android. Amethyst allows you to specify discrete relays for each role in the outbox model which ties up very neatly with HAVEN.

• In the sidebar, select Relays
• For "Public Outbox/Home Relays" enter relay.your_domain_name.com
• For "Public Inbox Relays" enter relay.your_domain_name.com/inbox
• For "DM Inbox Relays" enter relay.your_domain_name.com/chat
• For "Private Home Relays" enter relay.your_domain_name.com/private
• Click Save to broadcast your new relays to the Nostr network.

Your new relay configuration is now live.

Testing your relay

Lastly, it's time to test. Amethyst provides a simple method to test this as it allows you to configure the relays used on each post.

• Create a test note, and then before you post it, edit your relays using the icon at the top
• Turn off all relays except your own outbox relay, and post the note
• Access your HAVEN docker logs with docker logs haven-relay and see if there is a log to indicate if the note was received and blasted to other public relays
• Copy the nevent of the note, and attempt to find it in another client

If you're in luck, you may see something like this (the blasted note, and then users on the network responding to the note in turn).

2024/10/22 00:12:23 🔫 blasted 95c477af7e6b612bf5d1d94309d2d57377a0a67d2181cfbb42a2e3fbc0feeaaf to 26 relays 2024/10/22 00:13:50 🤙 new reaction in your inbox 2024/10/22 00:14:42 🫂 new reaction in your inbox 2024/10/22 00:14:45 ✅ new reaction in your inbox 2024/10/22 00:15:12 💜 new reaction in your inbox 2024/10/22 00:17:03 ✅ new reaction in your inbox 2024/10/22 00:17:03 🫂 new reaction in your inbox 2024/10/22 00:17:55 🫂 new reaction in your inbox 2024/10/22 00:19:02 📰 new note in your inbox

That's it. If you followed this successfully your personal relay is up and running.

What I did wrong so you don't have to

My first relay was too public

This blog comes after much trial and error. The first error I made was I set up a relay to use as a personal relay, but without any restrictions on use. I very quickly found other people discovered and started using my relay to save their own notes! This was unintended and I had to take it down.

Unfamiliar with Go language

I am mostly non-technical, and completely unfamiliar with Go. I got the project up and running with Go on my localhost–with a lot of help from my AI–but I then completely failed in migrating this to my VPS. Moving to Docker made the difference for me here.

I failed a few times due to a messy folder

After messing with Go, I moved to the Docker setup, but I started my work from a messy folder which contained remnants of the Go build, which caused various failures. Deleting the folder and cloning again from scratch solved the issue.

Trouble with Nostr.wine

I subscribe to the Nostr.wine paid relay, and I initially added it to the list of relays in my blaster. However, it didn't work, and the logs showed an error as follows

CLOSED from wss://nostr.wine: 'auth-required: this relay only serves private notes to authenticated users'

It seems my npub's subscription to Nostr.wine is not enough for it to permit my relay to blast notes to it. In the end, I removed Nostr.wine from my relay config, and kept Nostr.wine as a separate entry in my Client's outbox settings.

Failed to create web of trust graph

When I first launched the relay on my VPS, HAVEN failed to complete the Web of Trust graph, with a log that looked as follows (note the zeroes). As a result, no one would have been able to send me DM's to my Chat relay (it would flag every message as spam).

2024/10/14 12:02:08 🌐 building web of trust graph 2024/10/14 12:02:16 🫂 total network size: 0 2024/10/14 12:02:16 🔗 relays discovered: 0 2024/10/14 12:02:17 🌐 pubkeys with minimum followers: 0 keys

I never got to the bottom of why this was. In the process of trying to fix it I rebuild the container, and on the rebuild it spontaneously worked. Accordingly my lesson learned is "if in doubt, turn if off and on again".

Failed to run --import function

HAVEN comes with a function to import all your old notes from other public relays to your own outbox relay. When I run it I get an error as follows:

panic: Cannot acquire directory lock on "db/private". Another process is using this Badger database. error: resource temporarily unavailable

I have yet to work out the solution for this, and will update this note when I do so!

What's Next?

Over the past four blogs I have

• Mined a Nostr pubkey and backed up the mnemonic
• Set up Nostr payments with a Lightning wallet plus all the bells and whistles
• Set up NIP-05 and Lighting Address at my own domain
• Set up a Personal Relay at my own domain

This feels like a very comprehensive personal set up now. Also, I have uncovered some new rabbit holes and feel like I have some projects to tackle. Perhaps one of these?

• Set up a personal homepage with my Nostr feed to round-out my rodbishop.nz domain
• Experiment with different signers like Amber and Nsec.app and NFC cards
• Set up a paid relay for #austriches (Australians and Kiwis on Nostr)
• Set up a team relay to experiment with Nostr for business or community projects
• Or something else ... ?

Please be sure to let me know if you think there's another Nostr topic you'd like to see me tackle.

Pura vida Nostr.

@ c73818cc:ccd5c890

🙃 Pierce potrebbe portare chiarezza e regole favorevoli per il settore delle criptovalute negli USA.

😍 Con la fine del mandato di Gary Gensler, il CEO di Galaxy Digital, Mike Novogratz, ha appoggiato Hester Pierce come suo possibile sostituto alla guida della SEC. Nota come la "madre delle criptovalute," Pierce è un’avvocata delle regole chiare e strutturate per favorire la crescita del settore.

😍 Pierce, critica di lungo corso dell'approccio aggressivo della SEC verso le criptovalute, potrebbe orientare l’agenzia verso un equilibrio tra innovazione e supervisione. Il suo potenziale incarico come presidente della SEC ha acceso l’ottimismo tra investitori e aziende del settore.

😍 Novogratz prevede che una SEC guidata da Pierce attrarrebbe maggiori investimenti istituzionali, stimolando una crescita duratura delle criptovalute. Un cambio di leadership con una visione pro-cripto potrebbe inoltre sbloccare significativi valori di mercato, creando nuove opportunità di innovazione.

Unisciti al nostro gruppo Telegram Bitget -20% - Mexc no KYC https://lnk.bio/Bitcoin.Report.Italia

BitcoinReportItalia #USA #GaryGensler #SEC #StatiUniti #America #Trump #Presidente #Musk #CasaBianca #Cripto #Bitcoin

@ 23acd1fa:0484c9e0

Chef's notes

Cocoa powder: You can use 100% natural unsweetened cocoa powder or Dutch-processed cocoa powder – both work well.

Gluten free flour: There are many different gluten free flours on the market. I tested this recipe using White Wings All Purpose Gluten Free flour. I recommend choosing a gluten free flour that says it can be subbed 1:1 for regular plain or all purpose flour.

*Chocolate chips: Double check your chocolate chips are gluten free if you are making this brownie for someone who is celiac.

Cook times: Cook times will vary depending on your oven, but you’ll know these brownies are done when they firm up around the edges and no longer wobble in the middle. Keep in mind they will continue to cook slightly as they cool. You can also check they’re done by inserting a skewer into the middle of the brownie. If the skewer emerges with only a few crumbs on it, they’re ready. If it is covered in wet, gooey batter, keep baking the brownies and check them in another 5 minutes.

Storage: Brownies will keep well in an airtight container at room temperature or in the fridge for up to 5 days. To serve warm, microwave each brownie for 20 seconds. You can also freeze these brownies to enjoy at a later date. Simply thaw at room temperature and then microwave if you prefer them warm.

Serving Size: 1 brownie Calories: 278 Sugar: 26.4 g Sodium: 22.9 mg Fat: 15.5 g Carbohydrates: 34.1 g Protein: 3 g Cholesterol: 77.3 mg Nutrition information is a guide only.

Details

• ⏲️ Prep time: 20 min
• 🍳 Cook time: 35 min
• 🍽️ Servings: 12

Ingredients

• 170 grams (3/4 cup) unsalted butter, melted
• 200 grams (1 cup) caster sugar or granulated sugar
• 90 grams (1/2 cup) brown sugar
• 1 teaspoon vanilla extract
• 3 large eggs
• 40 grams (1/2 cup) cocoa powder
• 70 grams (1/2 cup) gluten free plain or all purpose flour
• 75 grams milk or dark chocolate chips*

Directions

1. Preheat the oven to 180 C (350 F) standard / 160 C (320 F) fan-forced. Grease and line an 8-inch square pan with baking or parchment paper, ensuring two sides overhang.
2. In a large mixing bowl, add melted butter and sugars and gently whisk together. Add vanilla extract and stir.
3. Add the eggs, one at a time, stirring in-between, then sift in the cocoa powder and flour. Stir until just combined. Add chocolate chips.
4. Pour the brownie batter in the prepared pan and place in the oven. Bake brownies for approximately 30-35 minutes or until they no longer wobble in the middle.
5. Leave brownie in pan and transfer to a wire rack to cool completely. These brownies are quite fragile so if you can, transfer to the fridge for an hour before cutting into squares to serve.

@ a012dc82:6458a70d

Table Of Content

• Understanding Bitcoin Halving and its Significance

• JPMorgan Analysis Reveals Positive Indicators

• Increased Retail Investment: Driving Factors

• Anticipated Impact on Bitcoin Market

• Tips for Retail Investors to Leverage the Opportunity

• Conclusion

• FAQ

In recent years, Bitcoin has become a buzzword in the financial world, captivating both institutional and retail investors. As the cryptocurrency market continues to evolve, experts at JPMorgan have conducted a comprehensive analysis, revealing strong indications of increased retail interest in Bitcoin leading up to the next halving event. This blog post will explore the insights from JPMorgan's analysis and shed light on the potential impact of this anticipated surge in retail interest.

Understanding Bitcoin Halving and its Significance

The concept of Bitcoin halving is pivotal to understanding the potential surge in retail interest. Bitcoin operates on a controlled supply system, with a predetermined issuance rate. Approximately every four years, the number of new Bitcoins generated per block gets halved, reducing the rate at which new Bitcoins enter circulation. This scarcity mechanism has significant implications for the cryptocurrency's value and investor sentiment.

JPMorgan Analysis Reveals Positive Indicators

According to JPMorgan's analysis, there are several positive indicators suggesting a strong influx of retail investors in the period leading up to the next Bitcoin halving. The analysis takes into account various factors such as historical data, market trends, and investor behavior. JPMorgan's experts have identified patterns that align with previous halving events, indicating a potential surge in retail interest in Bitcoin.

Increased Retail Investment: Driving Factors

JPMorgan's analysis highlights key driving factors behind the expected increase in retail investment. One significant factor is the growing awareness and acceptance of Bitcoin among the general public. As more individuals recognize the potential of cryptocurrencies as an investment asset, they are likely to be drawn towards Bitcoin, especially during periods of heightened market activity like halving events.

Moreover, the influence of social media and digital platforms cannot be overlooked. The rise of social media communities, investment forums, and influencers has played a crucial role in amplifying discussions around Bitcoin. These platforms facilitate the spread of information, enabling retail investors to gain insights and make informed investment decisions.

Anticipated Impact on Bitcoin Market

The surge in retail interest preceding the halving event is expected to have a significant impact on the Bitcoin market. As more retail investors enter the market, the demand for Bitcoin is likely to increase, potentially driving up its price. This increased demand could lead to a period of heightened market volatility, offering both opportunities and risks for investors.

JPMorgan's analysis suggests that the impact of retail interest will extend beyond the halving event itself. Historically, Bitcoin has experienced price rallies following halvings, indicating the potential for substantial gains. However, it is important to note that the cryptocurrency market is highly unpredictable, and investors should exercise caution and conduct thorough research before making investment decisions.

Tips for Retail Investors to Leverage the Opportunity

For retail investors considering Bitcoin as an investment, it is essential to approach the market with a strategic mindset. Here are a few tips to help leverage the anticipated surge in retail interest:

1. Educate Yourself: Gain a deep understanding of Bitcoin, its underlying technology, and the factors that influence its price.

2. Diversify Your Portfolio: Consider allocating a portion of your investment portfolio to Bitcoin while maintaining a diverse range of assets.

3. Set Realistic Goals: Define your investment objectives and set realistic expectations, considering the volatility and risks associated with cryptocurrencies.

4. Stay Informed: Stay updated with the latest news, market trends, and regulatory developments that could impact the cryptocurrency market.

5. Seek Professional Advice: Consult with financial advisors or experts who specialize in cryptocurrencies to gain valuable insights and guidance.

Conclusion

JPMorgan's analysis reveals strong indications of increased retail interest in Bitcoin prior to the halving event. Retail investors, driven by factors such as growing awareness and the influence of digital platforms, are likely to play a significant role in shaping the cryptocurrency market. As retail interest surges, it is crucial for investors to approach the market with caution, conduct thorough research, and leverage the opportunities while managing the risks associated with cryptocurrencies.

FAQ

What is Bitcoin halving? Bitcoin halving is an event that occurs approximately every four years, where the number of new Bitcoins generated per block gets halved. It is a mechanism designed to control the supply of Bitcoin and has significant implications for its value and investor sentiment.

Why is there expected strong retail interest in Bitcoin prior to halving? JPMorgan's analysis indicates increased retail interest in Bitcoin before halving due to growing awareness, acceptance, and the influence of social media platforms. Retail investors are drawn towards Bitcoin during periods of heightened market activity like halving events.

What impact does retail interest have on the Bitcoin market? Retail interest can drive up the demand for Bitcoin, potentially impacting its price. The surge in retail interest preceding the halving event could lead to increased market volatility, offering opportunities and risks for investors.

How can retail investors leverage the anticipated surge in retail interest? Retail investors can leverage the opportunity by educating themselves about Bitcoin, diversifying their investment portfolio, setting realistic goals, staying informed about market trends, and seeking professional advice.

That's all for today

If you want more, be sure to follow us on:

NOSTR: croxroad@getalby.com

X: @croxroadnews

Instagram: @croxroadnews.co

Youtube: @croxroadnews

Store: https://croxroad.store

Subscribe to CROX ROAD Bitcoin Only Daily Newsletter

https://www.croxroad.co/subscribe

DISCLAIMER: None of this is financial advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. Please be careful and do your own research.

@ d2e97f73:ea9a4d1b

There’s a lot of conversation around the #TwitterFiles. Here’s my take, and thoughts on how to fix the issues identified.

I’ll start with the principles I’ve come to believe…based on everything I’ve learned and experienced through my past actions as a Twitter co-founder and lead:

1. Social media must be resilient to corporate and government control.
2. Only the original author may remove content they produce.
3. Moderation is best implemented by algorithmic choice.

The Twitter when I led it and the Twitter of today do not meet any of these principles. This is my fault alone, as I completely gave up pushing for them when an activist entered our stock in 2020. I no longer had hope of achieving any of it as a public company with no defense mechanisms (lack of dual-class shares being a key one). I planned my exit at that moment knowing I was no longer right for the company.

The biggest mistake I made was continuing to invest in building tools for us to manage the public conversation, versus building tools for the people using Twitter to easily manage it for themselves. This burdened the company with too much power, and opened us to significant outside pressure (such as advertising budgets). I generally think companies have become far too powerful, and that became completely clear to me with our suspension of Trump’s account. As I’ve said before, we did the right thing for the public company business at the time, but the wrong thing for the internet and society. Much more about this here: https://twitter.com/jack/status/1349510769268850690

I continue to believe there was no ill intent or hidden agendas, and everyone acted according to the best information we had at the time. Of course mistakes were made. But if we had focused more on tools for the people using the service rather than tools for us, and moved much faster towards absolute transparency, we probably wouldn’t be in this situation of needing a fresh reset (which I am supportive of). Again, I own all of this and our actions, and all I can do is work to make it right.

Back to the principles. Of course governments want to shape and control the public conversation, and will use every method at their disposal to do so, including the media. And the power a corporation wields to do the same is only growing. It’s critical that the people have tools to resist this, and that those tools are ultimately owned by the people. Allowing a government or a few corporations to own the public conversation is a path towards centralized control.

I’m a strong believer that any content produced by someone for the internet should be permanent until the original author chooses to delete it. It should be always available and addressable. Content takedowns and suspensions should not be possible. Doing so complicates important context, learning, and enforcement of illegal activity. There are significant issues with this stance of course, but starting with this principle will allow for far better solutions than we have today. The internet is trending towards a world were storage is “free” and infinite, which places all the actual value on how to discover and see content.

Which brings me to the last principle: moderation. I don’t believe a centralized system can do content moderation globally. It can only be done through ranking and relevance algorithms, the more localized the better. But instead of a company or government building and controlling these solely, people should be able to build and choose from algorithms that best match their criteria, or not have to use any at all. A “follow” action should always deliver every bit of content from the corresponding account, and the algorithms should be able to comb through everything else through a relevance lens that an individual determines. There’s a default “G-rated” algorithm, and then there’s everything else one can imagine.

The only way I know of to truly live up to these 3 principles is a free and open protocol for social media, that is not owned by a single company or group of companies, and is resilient to corporate and government influence. The problem today is that we have companies who own both the protocol and discovery of content. Which ultimately puts one person in charge of what’s available and seen, or not. This is by definition a single point of failure, no matter how great the person, and over time will fracture the public conversation, and may lead to more control by governments and corporations around the world.

I believe many companies can build a phenomenal business off an open protocol. For proof, look at both the web and email. The biggest problem with these models however is that the discovery mechanisms are far too proprietary and fixed instead of open or extendable. Companies can build many profitable services that complement rather than lock down how we access this massive collection of conversation. There is no need to own or host it themselves.

Many of you won’t trust this solution just because it’s me stating it. I get it, but that’s exactly the point. Trusting any one individual with this comes with compromises, not to mention being way too heavy a burden for the individual. It has to be something akin to what bitcoin has shown to be possible. If you want proof of this, get out of the US and European bubble of the bitcoin price fluctuations and learn how real people are using it for censorship resistance in Africa and Central/South America.

I do still wish for Twitter, and every company, to become uncomfortably transparent in all their actions, and I wish I forced more of that years ago. I do believe absolute transparency builds trust. As for the files, I wish they were released Wikileaks-style, with many more eyes and interpretations to consider. And along with that, commitments of transparency for present and future actions. I’m hopeful all of this will happen. There’s nothing to hide…only a lot to learn from. The current attacks on my former colleagues could be dangerous and doesn’t solve anything. If you want to blame, direct it at me and my actions, or lack thereof.

As far as the free and open social media protocol goes, there are many competing projects: @bluesky is one with the AT Protocol, nostr another, Mastodon yet another, Matrix yet another…and there will be many more. One will have a chance at becoming a standard like HTTP or SMTP. This isn’t about a “decentralized Twitter.” This is a focused and urgent push for a foundational core technology standard to make social media a native part of the internet. I believe this is critical both to Twitter’s future, and the public conversation’s ability to truly serve the people, which helps hold governments and corporations accountable. And hopefully makes it all a lot more fun and informative again.

💸🛠️🌐 To accelerate open internet and protocol work, I’m going to open a new category of #startsmall grants: “open internet development.” It will start with a focus of giving cash and equity grants to engineering teams working on social media and private communication protocols, bitcoin, and a web-only mobile OS. I’ll make some grants next week, starting with $1mm/yr to Signal. Please let me know other great candidates for this money.

@ 8f2fe968:0fbf4901

@ 00000000:0da46cec

The Content Authenticity Initiative (CAI) is a collaborative effort launched by Adobe in 2019 in partnership with technology companies and media organizations like Twitter and The New York Times. Its goal is to combat misinformation and ensure that digital content can be trusted. By creating a system for global adoption, CAI aims to provide a standard for traceability and verification of digital content in a secure and accessible manner. This article dives into the technical underpinnings of this initiative, detailing the use of metadata, cryptography, and blockchain. We also reference official repositories and open-source resources available for implementing these technologies.

Content Authenticity Initiative Architecture

The architecture of CAI relies on a set of techniques and tools based on standardized metadata, cryptographic integrity mechanisms, and decentralized solutions to ensure content verifiability throughout its lifecycle. Below is an in-depth look at each core element of this architecture.

1. Generation of Authenticity Metadata

Content creation within CAI begins at the capture stage, whether through a camera or smartphone, where authenticity metadata is generated. This metadata records important details such as the author's information, timestamp, geolocation, and device used for content capture. The data is stored using standardized schemes like XMP (Extensible Metadata Platform), ensuring consistency for later verification. Developers can access the reference source code for XMP via Adobe's GitHub: XMP Toolkit SDK.

The metadata not only describes the creation context but also maintains an immutable history of modifications. Whenever content is edited, the changes are documented, ensuring a complete and traceable history of the content lifecycle.

2. Digital Content Signing

A key component of CAI is the use of digital signatures to certify the authenticity and integrity of the content. Each file (image, video, document) is signed with asymmetric cryptographic algorithms like ECDSA (Elliptic Curve Digital Signature Algorithm) or RSA, depending on the desired level of security and computational resources.

These digital signatures generate a unique hash for each piece of content, linking it to the creator's private key. If even a single bit of the content is altered, the hash will change, which invalidates the original signature. This mechanism guarantees that unauthorized alterations are easily detected. Reference implementations for these cryptographic methods are available in the OpenSSL repository and the Bouncy Castle library for Java and C#: Bouncy Castle GitHub.

3. Timestamping and Blockchain

To further validate content authenticity, CAI also employs timestamping and, in some implementations, blockchain technology. Timestamping is handled by a Timestamp Authority (TSA), which certifies that the content existed in a particular state at a specific moment in time. TSAs utilize digital signatures to provide a secure record of when the content was created.

Blockchain technology provides an additional layer of transparency and security. By storing the hashes of metadata and digital signatures on a public blockchain (like Ethereum), an immutable, decentralized record is created, allowing any user to verify the content's authenticity. Structures like Merkle trees are commonly used for recording efficiently, ensuring that changes are tracked without bloating the blockchain. Examples of blockchain-based implementations can be explored in the Merkle Tree JavaScript Library and the official Ethereum repository: Ethereum GitHub.

4. Secure Metadata Storage

The metadata generated during content creation is embedded directly within the content file, using steganographic techniques or as readable attachments. This ensures that the metadata remains tied to the content and is resistant to malicious alteration.

To maintain metadata integrity during transfer, Transport Layer Security (TLS) is used, ensuring that content is securely exchanged without interference. Moreover, distributed storage systems such as IPFS (InterPlanetary File System) can be leveraged to provide redundant and long-term availability of metadata. The IPFS implementation is available on GitHub: IPFS GitHub.

Authentic Content Verification

One of CAI's primary goals is to enable anyone to easily verify the origin and edit history of content. To achieve this, open-source verification tools such as "Verify with CAI" have been developed, allowing users to inspect the content and access all associated metadata. These tools are available in the official CAI repository: Content Authenticity Initiative GitHub.

These verification tools leverage hashes and digital signatures embedded in the content, providing an easy way to determine if unauthorized changes have occurred. They also provide links to blockchain records, allowing third-party verification for an added level of security.

Guide for Photographers and Content Creators

The CAI's technology is particularly beneficial for photographers and content creators seeking to protect their work from misuse. Below is a practical guide to utilizing this technology effectively:

1. Compatible Equipment: Use a camera or device that supports the generation of authenticity metadata using XMP standards. Many modern devices and editing tools allow users to embed this metadata during capture.

2. Editing Software: Choose editing software that maintains authenticity metadata. Adobe Photoshop and similar tools now include features that preserve metadata throughout the editing process, ensuring the content remains verifiable.

3. Digital Signing: Use a digital signing tool like OpenSSL or libraries such as Bouncy Castle to digitally sign your files. This is critical for asserting the integrity and authenticity of your content. Tutorials and examples are available in the repositories mentioned.

4. Timestamping: Utilize a Timestamp Authority (TSA) to certify that the content existed at a specific point in time. This adds a temporal validation layer that proves when your content was created and that it hasn’t been altered since.

5. Blockchain Registration: To further reinforce content authenticity, consider recording metadata on a public blockchain. Services and smart contracts are available to help you register data without requiring deep blockchain expertise. Refer to repositories like Ethereum GitHub for guidance.

6. Content Verification: Use Verify with CAI to verify that your content is correctly registered and ensure that all metadata and digital signatures are intact. This tool is open source, allowing anyone to verify the content's authenticity.

7. Publishing Platforms: Share your content on platforms that support CAI standards. Platforms like Behance are starting to integrate these standards, helping distribute content while retaining its verified authenticity.

Technical Challenges and Barriers

CAI implementation faces several technical challenges. The most significant are:

1. Adoption: For CAI to succeed, stakeholders across the digital content ecosystem—camera manufacturers, software platforms, social networks, etc.—must adopt its standards.

2. Privacy Concerns: Providing detailed metadata about authorship may raise privacy issues. To address this, CAI offers options to encrypt sensitive metadata, ensuring it is only accessible when required.

3. Costs: The tools needed for digital signatures, blockchain registration, and timestamping can require significant resources, which may be a barrier for smaller creators or platforms.

4. Sophisticated Threats: While CAI improves digital security, sophisticated actors may still attempt to bypass authenticity checks or falsify metadata. Continuous improvement of cryptographic techniques and verification methods is required to counter these evolving threats.

Conclusion

The Content Authenticity Initiative provides a solid framework for protecting the integrity of digital content. By utilizing metadata standards, digital signatures, blockchain records, and open-source verification tools, CAI aims to establish a global standard for content transparency and authenticity. Despite some technical and logistical challenges, CAI represents a crucial step towards a trustworthy digital ecosystem. Developers and creators can access official repositories to implement these tools and contribute to a safer, more reliable environment for digital media.

References

• Adobe. (n.d.). XMP Toolkit SDK. Retrieved from https://github.com/adobe/XMP-Toolkit-SDK
• OpenSSL. (n.d.). OpenSSL Cryptography and SSL/TLS Toolkit. Retrieved from https://github.com/openssl/openssl
• Bouncy Castle. (n.d.). Bouncy Castle Libraries. Retrieved from https://github.com/bcgit
• Miguel Mota. (n.d.). Merkle Tree JavaScript Library. Retrieved from https://github.com/miguelmota/merkletreejs
• Ethereum Foundation. (n.d.). Ethereum. Retrieved from https://github.com/ethereum
• IPFS. (n.d.). InterPlanetary File System. Retrieved from https://github.com/ipfs
• Content Authenticity Initiative. (n.d.). Verify with CAI. Retrieved from https://github.com/contentauth/

@ 35f3a26c:92ddf231

Who is the Cult of the Dead Cow (cDc)?

A known USA based hacktivist group. According to the record in Wikipedia, it was started in 1984 at the Farm Pac slaughterhouse by Grandmaster Ratte' (aka Swamp Ratte'), Franken Gibe, Sid Vicious, and three BBS SysOps

You can check their member list in their web site

Thinks of the cDc group that I have found quite interesting

• Group member Drunkfux (Jesse Dryden) is the grand nephew of Charlie Chaplin
• In 1991, the group began distributing music in the form of cassette tape albums
• In November 1994, the group claimed responsibility for giving President Ronald Reagan Alzheimer's disease, claiming to have done so in 1986 with a blowgun
• In 1995, the group declared war on the Church of Scientology stating "We believe that El Ron Hubbard [sic] is actually none other than Heinrich Himmler of the SS, who fled to Argentina and is now responsible for the stealing of babies from hospitals and raising them as 'super-soldiers' for the purpose of overthrowing the U.S. Fed. Govt. in a bloody revolution. We fear plans for a 'Fourth Reich' to be established on our home soil under the vise-like grip of oppression known as Scientology!"
• On January 7, 1999, the group joined with an international coalition of hackers to denounce a call to cyber-war against the governments of China and Iraq
• In February 2000, the group was the subject of an 11 minute documentary short titled "Disinformation".
• In February 2000, a member of the group by the code-name Mudge briefed President Bill Clinton on "Internet security".
• In 2003 the tool created by the group by the name of Six/Four System became the first product of a hacker group to receive approval from the United States Department of Commerce for export of strong encryption
• Member by the name of "Psychedelic Warlord" is congressman Beto O'Rourke, an American politician who served as the U.S. representative for Texas's 16th congressional district from 2013 to 2019. A member of the Democratic Party, party's nominee for the U.S. Senate in 2018, candidate for the presidential nomination in 2020, and the party's nominee for the 2022 Texas gubernatorial election.

Do they have a political affiliation?

From the previous section we could at least assume that they sympathize with the USA Democratic party, they supported President Bill Clinton and claimed responsibility for doing serious harm to President Ronald Reagan, I could not find any information if the government opened an investigation about this allegation or not.

Their latest contribution?

Recently, they have developed an application framework by the name of Veilid, described as "like TOR" but for apps.

This application framework, if adopted by many developers will improve privacy by default for applications developed under that framework. The web site claim that it is open source

You can review the information and project at the web site: VEILID

In the Web site the group describe it as follows:

"Veilid allows anyone to build a distributed, private app. Veilid gives users the privacy to opt out of data collection and online tracking. Veilid is being built with user experience, privacy, and safety as our top priorities. It is open source and available to everyone to use and build upon."

"Veilid goes above and beyond existing privacy technologies and has the potential to completely change the way people use the Internet. Veilid has no profit motive, which puts us in a unique position to promote ideals without the compromise of capitalism."

Summary

Veilid seems to be exactly what is needed at the moment to bring privacy to the masses, even though TOR is doing a very good job and with the improved throughput its usage experience has improved, having a native privacy oriented FOSS application framework is paramount.

Most people is not technically savvy and therefore, not skilled in cyber security, they are constantly victims of cyber crime in many forms and shapes. eliminating one vector of attack by making the applications to opt out of data collection and online tracking from the get go is a step in the right direction, the question is, Would developers in general use the framework? Considering the ads will not be a possible source of income if the framework is used, well... Time will say...

@ 9349d012:d3e98946

Chef's notes

Ingredients

4 tablespoons (1/2 stick) butter 2 ounces thinly sliced prosciutto, cut into thin strips 1 1/4 cups orzo (about 8 ounces) 3 cups low-salt chicken broth 1/2 teaspoon (loosely packed) saffron threads, crushed 1 pound slender asparagus, trimmed, cut into 1/2-inch pieces 1/4 cup grated Parmesan cheese Parmesan cheese shavings

Preparation

Melt 2 tablespoons butter in large nonstick skillet over medium-high heat. Add prosciutto and sauté until almost crisp, about 3 minutes. Using slotted spoon, transfer to paper towels to drain. Melt 2 tablespoons butter in same skillet over high heat. Add orzo; stir 1 minute. Add broth and saffron; bring to boil. Reduce heat to medium-low, cover, and simmer until orzo begins to soften, stirring occasionally, about 8 minutes. Add asparagus; cover and simmer until tender, about 5 minutes. Uncover; simmer until almost all liquid is absorbed, about 1 minute. Remove from heat. Mix in prosciutto and 1/2 cup grated cheese. Season to taste with salt and pepper. Transfer to large bowl. Garnish with Parmesan shavings. Makes 6 servings.

Details

• ⏲️ Prep time: 30
• 🍳 Cook time: 30

Ingredients

• See Chef’s Notes

Directions

1. See Chef’s Notes

@ 84999652:2a24d806

近期，FUD以太坊的声音不绝于耳，大部分声音围绕ETH币价。的确，BTC现在每天破新高，而ETH离2021年的最高点（4800美金）还差近40%。当然，最近ETH币价开始拉升，大有被骂急眼了的感觉。我也相信，这一轮，以太坊大概率是可以破前高的。

但是，以太坊到底是怎么了？为什么这轮周期完全跟不上比特币的节奏？

以太坊真的颓势已显？难以再复现当年的辉煌吗？ Crypto行业的新一轮范式创新还会发生在以太坊生态吗？ 本文将带您重回Crypto行业的原点——比特币，去反观以太坊和整个行业，以及探讨Crypto行业再次焕发活力的路径可能在哪里？

以太坊真的颓势已显？难以再复现当年的辉煌吗？

Crypto行业的新一轮范式创新还会发生在以太坊生态吗？

本文将带您重回Crypto行业的原点——比特币，去反观以太坊和整个行业，以及探讨Crypto行业再次焕发活力的路径可能在哪里？

一、逃离以太坊惯性

首先，谁都无法全盘否定以太坊！

以太坊有它的价值和开创性意义，智能合约也确实给整个加密行业打开了新局面。至少在以太坊诞生之前，加密行业大多数项目都只是对比特币拙劣的模仿。把比特币代码简单修改几个参数，变成区块更大的比特币、速度更快的比特币、隐私性更好的比特币等等。基本都只是对比特币简单的山寨，山寨币这个概念基本就是概括了以太坊诞生之前的所有Crypto项目。

而以太坊诞生以后，整个Crypto行业又进入了山寨以太坊的浪潮，2015年至今，诞生了不计其数的所谓公链，区块更大的以太坊、速度更快的以太坊、性能更好的以太坊（包括Layer2)等等。

而且每个公链的所谓生态也基本照抄照搬以太坊模式，无非DeFi、GameFi、各类L2、模块化等等。现在散户已经被各类巧立名目、五花八门的叙事概念反复收割的脱敏无感了，于是干脆啥也不信，只玩最简单粗暴的Meme，虽然大家都知道它长久不了，但是至少还可以痛快一博！

没有创新，没有活力，共识涣散、僵尸横行，整个行业弥漫着看不到希望的末日气息！

Crypto行业还有未来吗？

但是，当你回头去看看比特币，唯独只有它，依然一骑绝尘、屡破新高，似乎完全不受这一切的影响！

我们不禁要想，是不是整个行业陷入“以太坊惯性”太久了，以至于我们都完全忽略了比特币！

毕竟，以太坊就是灵感于比特币，来源于比特币社区。以太坊就是对比特币的一种解读方式，但是，整个行业把以太坊模式当成了全部。

如果要找到以太坊的问题所在，以及如果要重新找到新的范式创新机会，那就务必得回到比特币，重新理解比特币，重新在比特币找到创新源泉，就像以太坊诞生之初那样！

让我们一起暂时逃离以太坊惯性，重回比特币去思考！

二、机械共识和社会共识

解读比特币的角度有很多种，但是，我们今天讨论的以太坊和比特币都属于公链范畴。谈到公链，共识机制就是绕不开的话题！

所谓公链，就是公有区块链，是谁公有的？是一群参与共识的人公有的，公链必须依靠共识来驱动，没有共识就没有公链。所以，谈公链如果不谈共识那就是空谈！

公链的共识分为机械共识和社会共识。

公链的本质就是依靠一套机械共识来不断凝聚社会共识的去中心化系统。（说一个题外话，Layer2不是公链，Layer2只需要一个定序器节点就可以运行，Layer2本身没有共识机制。Layer2没有机械共识，只有社会共识，因此，Layer2的价值没有机械共识来支持。目前大部分项目，既没有机械共识，也没有社会共识，这是项目失败的根本原因）

所谓机械共识就是一个人人都可以公平参与的共识机制，比如PoW机制，机械共识的参与方式是算力，算力越强，机械共识就越强；所谓社会共识就是围绕公链的生态、影响力，包括链上应用、用户等等数据，最终体现在币价。

机械共识的参与者是公链的第一投入者、受益者和建设者。

公链的启动和运行完全依赖机械共识的参与者，机械共识参与者投入大量成本（算力和能源等）参与公链，因此，只有机械共识的参与者，才有最原始的动力去推动公链生态的发展，因为，他们是第一投入者也是第一受益者。因此，为了帮助公链获取更大的社会共识，机械共识参与者会继续推动公链生态的发展，而公链生态吸引来的应用开发者大都是流动的，他们并不如机械共识参与者更深的绑定在公链利益之上（除非他们自己也变成了机械共识参与者）。

这也解释了，为什么比特币生态的早期推动者基本都来自于矿工群体。而以太坊链上的许多头部应用选择另立门户，比如Uniswap等。

所以，当一个公链的币价开始疲软，那是社会共识变弱了，而更底层原因是机械共识变弱了，或者说参与机械共识的人离散了。

那么，我们来从”共识‘角度来对比下比特币和以太坊。

三、回归比特币共识，反观以太坊和行业

比特币的机械共识是一个动态竞赛模式。以太坊的机械共识是一个静态固收模式！

比特币的矿工要想获得出块权，每一个节点必须在同一时间段投入同样的算力和能源去竞争，但是最终网络只会选出一个节点出块，而其他所有“陪跑节点”的投入作为一种巨大的冗余成本附着在了比特币的价值之中。

通俗点来讲，比特币网络铸造每一枚比特币的实际投入的成本是远远大于单一出块节点支出的成本，它是以消耗所有“陪跑节点”的成本为代价的一种铸造方式。所以，比特币矿工为了已经投入的巨大冗余成本会不断的参与算力竞赛，直到抢到出块权，这是比特币网络共识不断壮大的原因。

所以，比特币网络的实际共识成本是远远大于目前比特币总市值的大概是大出多少倍呢？如果我们以比特币历史平均10000个挖矿节点来算的话，这个理论差距应该是1万倍。但是，目前全网比特币活跃矿池约20个，加上单独Solo的矿工，我们预估总共50个，我们把矿池当作一个总节点，这个成本差距大致有50倍。

这就是比特币的PoW动态算力竞赛模式给比特币带来的共识安全性，所以，比特币的共识安全几乎是无法评估的强度！

而以太坊的PoS机制是一个静态固收模式，实际投入多少ETH可以获得多少ETH收益，基本是一个静态的固定收益，目前基本稳定在5%左右。所以，ETH共识的参与者不需要竞赛，不需要额外支出冗余成本，只需要算账，就可以不需要投入额外成本的情况参与利益分配。这也是以太坊早期宣传的所谓PoS机制不会产生能源消耗的“优点”。但是，这个“优点”也变成了以太坊网络共识的弱点。因为没有冗余成本的投入，以太坊的共识成本实际变低了，因此，以太坊网络的共识价值实际上也降低了！

所以，当把比特币的PoW机制和以太坊的PoS机制进行对比时，你就会发现，比特币的网络共识成本几乎是不可估量的，随之不断的算力和能源投入，其共识是无上限的。而以太坊的共识是有上限的，是可计算的，ETH的质押率就是以太坊的共识上限。

因此，在机械共识层面，比特币的机械共识相较于以太坊也更强大，从而进一步影响了社会共识的差异，最终，直接表现在了币价层面。

不仅如此，如果从物理学（热力学）角度去看比特币的POW机制，我们会发现，POW机制驱动着比特币成为一个更接近生命体的熵减系统，这是比特币网络一直充满生命和活力的物理学原理。

在热力学角度，宇宙中所有的事物都是走向熵增，也就是从有序走向无序，从秩序走向混乱，最终走向寂灭！

但是，只有一个例外，那就是生命！

生命以负熵为食——薛定谔。

所谓负熵是一种可以帮助内部系统从无序转向有序的外部能量。生命就是通过消化负熵，把无序转换为有序，在局部时空中创造了熵减。

但是，熵减现象只是存在于局部时空，而且，生命每形成一分熵减，就会向外部宇宙排放两分熵增，两者相加，对于宇宙来讲仍然是熵增。

比特币的PoW机制，就是让网络内一群混乱无序的拜占庭节点，通过不断消化算力和能源进行运算求解，最终，运算最快的节点获得出块权，节点间迅速验证并达成共识，最终，一个无序混乱的网络达成了一致性，形成了一种秩序，也就是创造了一个熵减系统，一个生命体！

因此，在比特币这个生命体，矿工从外部输入的算力和能源是“负熵”，可以帮助比特币网络内混乱无序的节点达成共识和一致，从而创造了熵减系统。那么，PoW机制就是比特币这个生命体的消化系统，矿工提供“负熵”，最终，成就了比特币这个生命体！

这是比特币可以一直壮大生长的物理学原理。

那么，我们来反观以太坊：

以太坊创立之初也是照用PoW机制并持续运行了超过七年，这七年也是以太坊突飞猛进的七年。直到2022年9月，以太坊正式从PoW机制转向PoS机制，一切悄然发生了变化。

切除PoW机制，让以太坊失去了外部算力和能源的输入，也就丧失了持续吸食“负熵”的能力，就像一个切除了肠胃又未能找到替代方案的生命体，虽然，短时间内实现了瘦身，但是，由于缺乏持续的进食能力，逐渐走向衰亡几乎是必然的。

有人说，以太坊之所以价格疲软，那是因为生态缺乏创新，链上应用和用户没有持续新增所导致的。那么，造成这些情况的更深层原因是什么？

就像我们前面说的，机械共识直接影响社会共识。生态、应用、用户、币价这些都是社会共识的表现，社会共识变弱的本质是因为机械共识变弱了。

以太坊的机械共识为何变弱了？

PoS机制是静态固收模式，缺乏算力和能源竞争，无法形成冗余成本，进而机械共识削弱了；PoS机制缺乏吸食“负熵”的能力，无法通过输入“算力和能源”来抵消系统内部的熵增趋势；PoS的质押机制也直接导致了富者恒富、阶级固化，当阶级固化，形成的就是社区缺乏创新和活力，最终这些能力外溢，便成就了其他竞品。

这一系列表现出来的就是以太坊生态、应用、用户、币价等社会共识指标的疲软！即使可以通过强行拉升币价去拔高社会共识，但是，物理学原理是不可违背的。

以太坊确实颓势已现，这轮周期步步落后于比特币，就是最真实的结果！而下一轮周期也必将拉开更大的距离！

以太坊尚且如此，其他模仿以太坊的公链，必然也难逃颓势！Crypto行业走到如今的地步，真可谓是，成也以太坊，败也以太坊！这或许是任何一个行业在发展过程中都会经历的。

但是，机遇往往也在此刻出现！

Crypto行业更大的机遇肯定不在现有的以太坊模式里，一定需要逃离”以太坊惯性“，重新回归这个行业最早的上下文，回到这个行业最早的原点，从那里寻找答案！

四、重回比特币共识，挖掘比特币无尽宝藏

回归比特币再创新，这是一个行业问题，也是一个长久的事业，或许，在短时间内，我们很难突破。但是，当我们开始破除以太坊迷信，开始回归比特币重新再思考时，除了发现‘共识“这些背后细节之外，还有可能发现更多从未注意到的隐藏细节。

这些细节让我们对基于比特币进行再次范式创新充满了希望！

比如，直观上大家会认为，在处理交易方面，以太坊会比比特币更高效。但，实际上并不是。

比特币的UTXO模型在处理交易时，可以实现并发处理交易和独立状态变更，而且不需要一个统一的世界状态树来更新状态。甚至说，比特币压根就没有所谓的账户概念，用户地址上显示的比特币余额，实际上是代表某个用户掌握的私钥所能控制UTXO总面额。

UTXO模型在处理交易时，就像真实的交易环境中，任何一对交易双方都可以拿着不同面额的“UXTO”现金进行频繁交易，交易双方的交易状态完全不会影响第二对交易双方的交易进度，因为，UTXO都是可以独立进行状态变更，不需要一个统一的中央状态树来做变更。

而以太坊采用传统的账户模型，也就是传统的银行账户模型。账户模型在处理交易时，需要依靠一个全局的状态树来给每一笔交易所涉及的地址进行余额的加减计算，因此，每一次交易状态都需要先变更完之后，才能进行下一个交易，否则就会出现双花或者无法交易等问题。因此，账户模型只能做串行处理。

通俗来讲，以太坊的账户模型，需要一个中心的世界状态树来统一处理交易，来统一变更所有账户的状态，虽然，这个世界状态树是去中心机制来驱动的，但是，由于其需要一个中心来统一处理和进行全局状态变更，导致，其很难执行并发交易以及更灵活的交易模式。

我们没发现的比特币细节还有很多。

单就 “并行处理状态变更的能力“ 方面，比特币的UTXO模型是完胜以太坊账户模型的。而且，UTXO的这种并发处理和独立状态变更的能力，还可以拓展到任意需要独立变更状态以及并发处理的事物中去，也就是UTXO可以表达除了比特币交易之外的其他事物状态，比如，预测市场的状态变更、AI安全模型的状态变更等等。

而且由于比特币的并发处理状态变更的能力受到全球最大机械共识——比特币共识的保护，这让比特币网络更加独一无二和不可替代。共享比特币共识安全+UTXO并发状态变更，这两项能力加在一起就可以迸发无限能量。这是很多人之前没有发现的细节。当然，我们很高兴已经看到比特币生态的创业者已经往这个方向挺进，比如，基于客户端验证和UTXO模型的BitVM方案；以及前段时间宣布放弃比特币Layer2赛道，全面转向“共享比特币共识安全+UTXO并发状态变更“的BEVM团队等。

当我们转换思路就会发现，比特币这个无尽宝藏，其开发和应用进度几乎不足1%。

总结：

当我们开始脱离以太坊惯性来看整个行业，我们可以直面一些之前不敢直面的问题，当我们重新回到比特币去思考，又可以从比特币汲取无限的灵感和创新方向。以太坊的诞生不过是对比特币的一种抽象思考和解读，而后来的创业者放弃了思考，全面复制以太坊模式，这是整个行业逐步缺乏持续创新和活力的背后原因。

当然，我们看到了一些团队开始回归比特币，开始重新思考，比如，共享比特币共识安全+UTXO并发状态变更就是一个极具潜力的创业方向。

真正的范式创新并不是简单的模仿，而是要抽象背后的原理。瓦特创造的蒸汽机并没有直接引发工业革命，而是有人抽象总结了蒸汽机背后的科学原理（热力学定律），从而引发了科学的范式革命。

如果，中本聪是瓦特，比特币是蒸汽机，那么，Crypto行业的这16年，大部分人都是在模仿比特币制作大量的不同功能、不同形式的“蒸汽机”，却鲜有人去思考和抽象比特币本身所蕴含的科学原理，以至于这个行业迟迟没有引发真正的比特币范式革命。

当然，我们已经看到有团队在往这方面思考，这是行业的曙光，我们需要更多的人加入，一起推动比特币范式革命的到来！

本文灵感主要来源于比特币学习交流暑社区“中本聪大学”

TG链接：https://t.me/satoshiedu

本人长期在中本聪大学和诸多比特币OG及爱好者深度交流学习比特币，一起探讨Crypto行业发展机遇。

@ 82341f88:fbfbe6a2

There’s a lot of conversation around the #TwitterFiles. Here’s my take, and thoughts on how to fix the issues identified.

I’ll start with the principles I’ve come to believe…based on everything I’ve learned and experienced through my past actions as a Twitter co-founder and lead:

1. Social media must be resilient to corporate and government control.
2. Only the original author may remove content they produce.
3. Moderation is best implemented by algorithmic choice.

The Twitter when I led it and the Twitter of today do not meet any of these principles. This is my fault alone, as I completely gave up pushing for them when an activist entered our stock in 2020. I no longer had hope of achieving any of it as a public company with no defense mechanisms (lack of dual-class shares being a key one). I planned my exit at that moment knowing I was no longer right for the company.

The biggest mistake I made was continuing to invest in building tools for us to manage the public conversation, versus building tools for the people using Twitter to easily manage it for themselves. This burdened the company with too much power, and opened us to significant outside pressure (such as advertising budgets). I generally think companies have become far too powerful, and that became completely clear to me with our suspension of Trump’s account. As I’ve said before, we did the right thing for the public company business at the time, but the wrong thing for the internet and society. Much more about this here: https://twitter.com/jack/status/1349510769268850690

I continue to believe there was no ill intent or hidden agendas, and everyone acted according to the best information we had at the time. Of course mistakes were made. But if we had focused more on tools for the people using the service rather than tools for us, and moved much faster towards absolute transparency, we probably wouldn’t be in this situation of needing a fresh reset (which I am supportive of). Again, I own all of this and our actions, and all I can do is work to make it right.

Back to the principles. Of course governments want to shape and control the public conversation, and will use every method at their disposal to do so, including the media. And the power a corporation wields to do the same is only growing. It’s critical that the people have tools to resist this, and that those tools are ultimately owned by the people. Allowing a government or a few corporations to own the public conversation is a path towards centralized control.

I’m a strong believer that any content produced by someone for the internet should be permanent until the original author chooses to delete it. It should be always available and addressable. Content takedowns and suspensions should not be possible. Doing so complicates important context, learning, and enforcement of illegal activity. There are significant issues with this stance of course, but starting with this principle will allow for far better solutions than we have today. The internet is trending towards a world were storage is “free” and infinite, which places all the actual value on how to discover and see content.

Which brings me to the last principle: moderation. I don’t believe a centralized system can do content moderation globally. It can only be done through ranking and relevance algorithms, the more localized the better. But instead of a company or government building and controlling these solely, people should be able to build and choose from algorithms that best match their criteria, or not have to use any at all. A “follow” action should always deliver every bit of content from the corresponding account, and the algorithms should be able to comb through everything else through a relevance lens that an individual determines. There’s a default “G-rated” algorithm, and then there’s everything else one can imagine.

The only way I know of to truly live up to these 3 principles is a free and open protocol for social media, that is not owned by a single company or group of companies, and is resilient to corporate and government influence. The problem today is that we have companies who own both the protocol and discovery of content. Which ultimately puts one person in charge of what’s available and seen, or not. This is by definition a single point of failure, no matter how great the person, and over time will fracture the public conversation, and may lead to more control by governments and corporations around the world.

I believe many companies can build a phenomenal business off an open protocol. For proof, look at both the web and email. The biggest problem with these models however is that the discovery mechanisms are far too proprietary and fixed instead of open or extendable. Companies can build many profitable services that complement rather than lock down how we access this massive collection of conversation. There is no need to own or host it themselves.

Many of you won’t trust this solution just because it’s me stating it. I get it, but that’s exactly the point. Trusting any one individual with this comes with compromises, not to mention being way too heavy a burden for the individual. It has to be something akin to what bitcoin has shown to be possible. If you want proof of this, get out of the US and European bubble of the bitcoin price fluctuations and learn how real people are using it for censorship resistance in Africa and Central/South America.

I do still wish for Twitter, and every company, to become uncomfortably transparent in all their actions, and I wish I forced more of that years ago. I do believe absolute transparency builds trust. As for the files, I wish they were released Wikileaks-style, with many more eyes and interpretations to consider. And along with that, commitments of transparency for present and future actions. I’m hopeful all of this will happen. There’s nothing to hide…only a lot to learn from. The current attacks on my former colleagues could be dangerous and doesn’t solve anything. If you want to blame, direct it at me and my actions, or lack thereof.

As far as the free and open social media protocol goes, there are many competing projects: @bluesky is one with the AT Protocol, nostr another, Mastodon yet another, Matrix yet another…and there will be many more. One will have a chance at becoming a standard like HTTP or SMTP. This isn’t about a “decentralized Twitter.” This is a focused and urgent push for a foundational core technology standard to make social media a native part of the internet. I believe this is critical both to Twitter’s future, and the public conversation’s ability to truly serve the people, which helps hold governments and corporations accountable. And hopefully makes it all a lot more fun and informative again.

💸🛠️🌐 To accelerate open internet and protocol work, I’m going to open a new category of #startsmall grants: “open internet development.” It will start with a focus of giving cash and equity grants to engineering teams working on social media and private communication protocols, bitcoin, and a web-only mobile OS. I’ll make some grants next week, starting with $1mm/yr to Signal. Please let me know other great candidates for this money.

@ 75d12141:3458d1e2

Chef's notes

A childhood favorite of mine! Just don't go too crazy with the scallions as you don't want to overpower the pork flavor.

Details

• ⏲️ Prep time: 15
• 🍳 Cook time: 15-20 mins
• 🍽️ Servings: 3-5

Ingredients

• 1 pound of lean ground pork
• 1 tablespoon of diced scallions
• Ground black pepper (optional)

Directions

1. Lightly coat your palms with olive oil to prevent the meat from sticking to you and to assist in keeping its ball form
2. Mix the ground pork and diced scallions in a large bowl
3. Roll the pork into the preferred portion size until it feels like it won't fall apart
4. Cook in a skillet for 15-20 mins

@ 81dfd044:f1737ef9

Looking to invest in solar energy for your business? Aurora Energy offers high-quality commercial solar panels for sale, built to meet the energy needs of businesses both large and small. Our solar panels provide reliable, renewable energy that reduces operating costs and minimizes environmental impact. Let us help you choose the perfect system to power your business with clean energy and long-term financial benefits.

@ 35f3a26c:92ddf231

What is Bitaxe?

Bitaxe is an open source ASIC (Application-Specific Integrated Circuit) Bitcoin miner that has been making waves in the cryptocurrency community. This innovative project aims to empower miners at every level with powerful, efficient, and low-cost mining solutions.

It is a fully open source ASIC Bitcoin miner developed by Skot9000, an advocate for open-source innovation in the Bitcoin space.

With all software and hardware specs available on GitHub, this project aims to provide miners with a transparent and accessible platform for Bitcoin mining.

https://image.nostr.build/db35c2a028e9f740181daabe2deef4e707653fa2d82f1602086e0ac4b5ee84fd.png

Pros

1. Open Source: The Bitaxe is fully open source, allowing users to access and modify its source code, hardware designs, and build gerbers for PCB ordering.

2. Low Cost: Bitaxe offers low-cost solutions for miners, making it an attractive option for those looking to enter the world of Bitcoin mining without breaking the bank.

3. Efficient: The Bitaxe series is designed to be power-efficient, utilizing either the Bitmain BM1387 or BM1397 ASICs for SHA256 hashing.

Cons

1. Technical Complexity: Being an open-source project, users are required to be technically savvy to set up and maintain the miner, which could pose challenges for those without experience.

2. Bricking Potential: Like any complex technology, there is a risk of bricking (rendering the device unusable) the Bitaxe if not handled properly.

Summary

The Bitaxe represents an exciting development in the world of Bitcoin mining, offering a low cost, efficient, and open-source solution for miners. While it may present some challenges for users who are new to the technology or lack technical expertise, the potential benefits far outweigh these drawbacks. As the project continues to evolve and gain traction, we can expect to see further improvements in performance, accessibility, and innovation within the Bitcoin mining landscape.

Where can I get more information

Go to their Github page: https://github.com/skot/bitaxe

originally posted at https://stacker.news/items/659572

@ 07907690:d4e015f6

Bitcoin diciptakan oleh Satoshi Nakamoto, (hampir pasti) sebuah nama samaran, yang hingga hari ini belum ada seorang pun yang dapat secara meyakinkan menghubungkannya dengan orang atau sekelompok orang yang sebenarnya. Nakamoto menghilang dari internet pada tahun 2011, meninggalkan sedikit petunjuk tentang siapa "mereka". Selama bertahun-tahun, banyak orang secara terbuka mengaku sebagai Satoshi, semuanya gagal mendukung pernyataan tersebut dengan fakta yang tidak dapat disangkal.

Dalam forum awal bitcointalk, Satoshi mengatakan bahwa mereka mulai mengerjakan Bitcoin pada tahun 2007, dua tahun sebelum blok pertama ditambang. Blok Genesis, atau blok pertama dalam blockchain Bitcoin, ditambang pada tanggal 3 Januari 2009. Nakamoto adalah penambang blok Genesis, menerima 50 bitcoin pertama yang pernah diedarkan. Namun, hadiah dari blok pertama ini tidak dapat digunakan karena keunikan dalam cara blok Genesis diekspresikan dalam kode. BitMEX Research telah menerbitkan analisis pada hari-hari awal penambangan Bitcoin dan menyimpulkan bahwa “seseorang” menambang 700,000 koin. Meskipun banyak yang berasumsi ini adalah Satoshi, secara resmi hal ini masih belum terbukti.

Kita hanya bisa membayangkan ketenaran yang akan diterima Satoshi Nakamoto jika identitas mereka terungkap, belum lagi kekayaan besar yang ingin mereka kumpulkan (meskipun Satoshi tampaknya tidak menghabiskan satu pun koin yang seharusnya mereka tambang). Seiring berjalannya waktu, ada banyak contoh orang yang mengaku sebagai Satoshi, dan ada pula yang diyakini sebagai Satoshi.

Klaim Palsu

Salah satu kasus paling terkenal tentang seseorang yang mengaku sebagai Satoshi adalah yang dilakukan oleh Craig S. Wright, seorang akademisi Australia. Wright, pada awal tahun 2015, telah mencoba berkali-kali untuk memberikan demonstrasi publik dengan bukti yang tidak dapat disangkal bahwa dia adalah penemu Bitcoin, namun dia belum berhasil hingga saat ini. Faktanya, “bukti”-nya terbukti palsu.

Dorian Nakamoto, seorang pria di California, pernah secara terbuka diberi gelar sebagai pencipta Bitcoin oleh seorang jurnalis surat kabar yang melihat beberapa kesamaan antara kedua Nakamoto, yang paling jelas adalah nama belakang mereka. Namun, dengan sangat cepat, klaim ini ditolak oleh Dorian dan juga dibantah.

Kelompok orang lain yang menarik perhatian seputar identitas Satoshi yang tidak diketahui adalah kriptografer dan ilmuwan komputer. Hal Finney, seorang kriptografer terkenal yang merupakan orang pertama yang menerima bitcoin dari Satoshi Nakamoto, adalah salah satu tersangka paling terkenal karena keterlibatan awalnya dalam bidang tersebut. Kurang dari setahun setelah Bitcoin diciptakan, Satoshi dan Hal Finney bertukar beberapa postingan di forum diskusi Bitcoin, membahas hal-hal seperti teknologi dan implikasinya di masa depan. Finney meninggal karena ALS pada tahun 2014, menyebabkan beberapa orang berspekulasi mengenai sejauh mana keterlibatannya dengan mata uang terdesentralisasi pertama di dunia. Nick Szabo adalah kriptografer terkenal lainnya yang menciptakan Bit Gold, mata uang digital yang ditemukan beberapa tahun sebelum Bitcoin. Fakta bahwa dia tampaknya tidak terlibat langsung dengan penciptaan Bitcoin, meskipun proyeknya sangat mirip dengan itu, telah membuat beberapa orang berspekulasi bahwa dia mungkin juga pencipta Bitcoin.

Mengapa Satoshi Harus Anonim?

Satoshi Nakamoto, pencipta mata uang terdesentralisasi pertama di dunia, harus tetap anonim karena sifat penciptaannya. Setelah membuat protokol tanpa titik utama kegagalan, Nakamoto mungkin menyadari bahwa mempertahankan anonimitasnya dapat menghilangkan titik utama kegagalan terakhir yang mungkin dimiliki Bitcoin: orang yang menciptakannya. Menghapus identitas tunggal yang dapat dikaitkan dengan kemunculan Bitcoin berarti menghilangkan segala wajah yang dapat mempengaruhi politik, aturan, atau pengambilan keputusan komunitas Bitcoin.

Siapa pun Satoshi, tidak dapat disangkal bahwa mereka adalah seorang jenius di zaman kita. Protokol Bitcoin memberikan insentif ekonomi di semua tempat yang tepat sehingga menghasilkan solusi luar biasa terhadap Masalah Jenderal Bizantium. Satoshi Nakamoto menerapkan konsep-konsep dari kriptografi, matematika, teori permainan, dan ekonomi untuk menciptakan aset digital langka yang dirancang dengan indah — dan pertama di dunia — yang disebut Bitcoin.

Sumber artikel: bitcoinmagazine.com Diterjemahkan oleh: Abengkris

@ 00000000:0da46cec

Resumen

La Content Authenticity Initiative (CAI) es una colaboración global iniciada por Adobe en 2019, junto con empresas tecnológicas y medios de comunicación, cuyo objetivo es combatir la desinformación digital mediante la creación de un sistema de autenticidad para contenidos digitales. Este artículo analiza en detalle los aspectos tecnológicos avanzados de la CAI, como el uso de metadatos, criptografía, blockchain y la verificación distribuida, además de incluir una guía para fotógrafos y creadores de contenido. Se ofrecen referencias a repositorios de código abierto para implementar estas tecnologías, proporcionando una base técnica robusta para proteger la autenticidad del contenido digital.

Palabras clave: Content Authenticity Initiative, CAI, autenticidad del contenido, metadatos, criptografía, blockchain, integridad digital, firma digital, sellado de tiempo.

---

La Content Authenticity Initiative (CAI), traducida al español como Iniciativa de Autenticidad del Contenido, es un esfuerzo colaborativo iniciado por Adobe en 2019 en conjunto con empresas tecnológicas y medios de comunicación como Twitter y The New York Times. Su principal objetivo es combatir la desinformación digital mediante la creación de un sistema de autenticidad de contenidos que pueda ser adoptado globalmente, proporcionando trazabilidad y verificación de los contenidos digitales de una manera confiable y accesible. Este artículo detalla los aspectos tecnológicos más avanzados de esta iniciativa, que incluye el uso de metadatos, criptografía y blockchain. Además, se hace referencia a algunos de los repositorios oficiales y recursos de código fuente disponibles para implementar estas tecnologías.

Arquitectura de la Content Authenticity Initiative

La arquitectura de la CAI está compuesta por un conjunto de técnicas y herramientas basadas en metadatos estandarizados, mecanismos de integridad criptográfica, y soluciones descentralizadas para asegurar la verificabilidad del contenido en cada etapa de su ciclo de vida. A continuación se describe en detalle cada uno de los elementos clave de esta arquitectura.

1. Generación de Metadatos de Autenticidad

El proceso de generación de contenido dentro de la CAI comienza en el dispositivo de captura, como una cámara o un smartphone, donde se crean los metadatos de autenticidad. Estos metadatos incluyen información relevante sobre el autor del contenido, la fecha y hora de captura, la geolocalización y el dispositivo utilizado. Estos elementos se guardan utilizando esquemas estandarizados como XMP (Extensible Metadata Platform), que asegura una estructura coherente y legible para las aplicaciones de verificación posteriores. El código fuente de referencia para la implementación de XMP está disponible en el repositorio oficial de Adobe en GitHub: XMP Toolkit SDK.

Los metadatos de autenticidad no solo proporcionan datos sobre la creación, sino que también mantienen un registro inmutable de modificaciones del archivo. Cada vez que se realiza una edición, se documenta el cambio mediante un proceso de versionado, asegurando la trazabilidad completa de cualquier alteración.

2. Firma Criptográfica del Contenido

El siguiente nivel de protección que ofrece la CAI es el uso de firmas digitales para garantizar la autenticidad e integridad del contenido. Cada archivo multimedia (imagen, video, documento) se firma utilizando algoritmos de criptografía asimétrica como ECDSA (Elliptic Curve Digital Signature Algorithm) o RSA, dependiendo del nivel de seguridad requerido y la capacidad de cálculo del dispositivo.

Estas firmas digitales generan un hash único para el contenido y lo vinculan con la clave privada del creador. Si el contenido es modificado de alguna manera, incluso un cambio de un solo bit, el hash cambiará, invalidando la firma digital original. De esta forma, cualquier alteración que no esté registrada y autorizada se puede detectar fácilmente, proporcionando garantía de que el archivo no ha sido comprometido desde su creación. Implementaciones de referencia para la generación y verificación de firmas digitales están disponibles en el repositorio OpenSSL y en la biblioteca Bouncy Castle para Java y C#: Bouncy Castle GitHub.

3. Sellado de Tiempo y Blockchain

Para reforzar la veracidad del contenido, la CAI también puede emplear sellado de tiempo (timestamping) y, en algunas implementaciones, blockchain para descentralizar y proteger el registro de autenticidad. El sellado de tiempo se realiza mediante una autoridad de sellado (“Timestamp Authority” o TSA), que certifica que el contenido existía en un estado particular a una fecha y hora específica. Las TSA utilizan firmas digitales para proporcionar un valor criptográficamente seguro que confirma la temporalidad del contenido.

La incorporación de blockchain aporta un nivel adicional de transparencia. Al registrar hashes de los metadatos y las firmas de autenticidad en una blockchain pública (como Ethereum o cualquier blockchain dedicada), se crea un registro inmutable y descentralizado que permite a cualquier usuario verificar la autenticidad del contenido. La estructura basada en árboles Merkle se usa comúnmente para optimizar el proceso de registro, asegurando que cada cambio en el contenido se documente con eficiencia y sin necesidad de almacenar grandes volúmenes de datos en la blockchain. Los desarrolladores pueden explorar ejemplos de implementación en el repositorio Merkle Tree JavaScript Library y consultar el repositorio oficial de Ethereum para interacciones con contratos inteligentes: Ethereum GitHub.

4. Almacenamiento Seguro de Metadatos

Los metadatos generados durante el proceso de creación se incrustan en el contenido utilizando técnicas de esteganografía o como datos adjuntos legibles por las herramientas de edición y verificación. Para evitar la eliminación o alteración maliciosa de estos metadatos, se emplean mecanismos de incrustación segura que vinculan los metadatos al contenido de manera criptográfica.

Para garantizar la integridad de los metadatos durante la transferencia, se emplean protocolos TLS (Transport Layer Security), que aseguran que cualquier intercambio de archivos mantenga la confidencialidad y la integridad. Además, se pueden usar sistemas de almacenamiento distribuido como IPFS (InterPlanetary File System) para replicar y almacenar estos metadatos de forma redundante, asegurando su disponibilidad a largo plazo. El código fuente para IPFS está disponible en el repositorio oficial: IPFS GitHub.

Verificación del Contenido Auténtico

Uno de los objetivos fundamentales de la CAI es que cualquier usuario pueda verificar la procedencia y el historial de ediciones de un contenido de manera sencilla y eficiente. Para ello, se han desarrollado herramientas de verificación basadas en código abierto, como “Verify with CAI”, que permiten al espectador analizar el contenido y ver todos los metadatos asociados. Estas herramientas se pueden encontrar en el repositorio oficial de la CAI: Content Authenticity Initiative GitHub.

Estas herramientas usan los hashes incrustados y las firmas digitales para comparar la información disponible y determinar si el contenido ha sido alterado sin autorización. Asimismo, permiten al usuario acceder a los registros de blockchain, si es aplicable, para confirmar la autenticidad desde una fuente independiente y descentralizada.

Guía para Fotógrafos y Creadores de Contenido

La adopción de la tecnología de la Content Authenticity Initiative puede ser extremadamente beneficiosa para los fotógrafos y creadores de contenido que deseen garantizar la autenticidad y proteger su trabajo contra el uso indebido. A continuación se presenta una guía paso a paso sobre cómo utilizar esta tecnología:

1. Equipamiento Compatible: Asegúrate de que utilizas una cámara o dispositivo que soporte la generación de metadatos de autenticidad según los estándares XMP. Muchas cámaras y aplicaciones de edición modernas permiten incluir estos metadatos durante la captura y la edición del contenido.

2. Software de Edición Compatible: Utiliza software de edición que mantenga los metadatos de autenticidad intactos. Adobe Photoshop y otras herramientas de edición avanzadas han comenzado a integrar estas funcionalidades para garantizar que cada cambio quede registrado. Al editar, asegúrate de mantener los registros de metadatos, de modo que se pueda trazar la autenticidad del contenido.

3. Firmado Digital del Contenido: Usa una herramienta de firma digital, como OpenSSL o bibliotecas como Bouncy Castle para generar firmas digitales de tus archivos. Esto proporciona una garantía de autenticidad. Estas herramientas se pueden usar para firmar imágenes y documentos multimedia y protegerlos contra cualquier alteración. Puedes encontrar tutoriales y ejemplos de uso en los repositorios mencionados previamente.

4. Sellado de Tiempo del Contenido: Implementa el sellado de tiempo utilizando una Timestamp Authority (TSA) reconocida. Esto permite certificar que el contenido existía en un estado específico en una fecha y hora determinadas, lo cual es esencial para demostrar la integridad temporal del contenido. Algunas plataformas ofrecen servicios de sellado de tiempo gratuitos o a bajo costo.

5. Uso de Blockchain para Registrar Metadatos: Si deseas una protección adicional y más transparencia, considera registrar los hashes de los metadatos en una blockchain pública. Existen servicios y contratos inteligentes que pueden ayudarte a registrar estos datos sin necesidad de un conocimiento profundo en programación blockchain. Puedes consultar repositorios como Ethereum GitHub para aprender cómo interactuar con contratos inteligentes.

6. Verificación del Contenido: Utiliza herramientas como Verify with CAI para asegurarte de que tus contenidos están adecuadamente registrados y que los metadatos y firmas digitales se mantienen intactos. Estas herramientas son de código abierto y están disponibles en GitHub, lo que permite a cualquier usuario comprobar la integridad y procedencia del contenido.

7. Publicación en Plataformas Compatibles: Publica tu contenido en plataformas que soporten la CAI y mantengan los metadatos intactos. Redes sociales y sitios web como Behance están comenzando a adoptar estos estándares, lo que te permitirá que tu contenido se distribuya con la verificación de autenticidad.

Desafíos Técnicos y Barreras

La implementación de la CAI no está exenta de desafíos. Algunos de los principales son:

1. Adopción Masiva: Para que la CAI sea efectiva, es necesario que todos los actores involucrados en la creación y distribución de contenido adopten sus estándares. Esto incluye a los fabricantes de cámaras, plataformas de edición, redes sociales y sitios web.

2. Privacidad de los Creadores: Al proporcionar información detallada sobre el autor y el origen del contenido, surgen preocupaciones relacionadas con la privacidad. Para mitigar esto, la CAI permite que algunos metadatos se almacenen de forma encriptada, y solo se revelen si es necesario.

3. Costos de Implementación: Las herramientas para firmar digitalmente, registrar en blockchain, y mantener el sellado de tiempo requieren recursos que podrían ser prohibitivos para algunos creadores o plataformas pequeñas.

4. Atacantes Sofisticados: Aunque la CAI mejora significativamente la seguridad, atacantes avanzados podrían intentar falsificar metadatos o burlar los procesos de firma digital. La combinación de técnicas criptográficas y blockchain mitiga este riesgo, pero siempre existirá la necesidad de evolucionar con las amenazas emergentes.

Conclusión

La Content Authenticity Initiative ofrece una arquitectura tecnológica sólida para proteger la autenticidad del contenido digital. A través del uso combinado de metadatos estandarizados, firmas digitales, blockchain y herramientas de verificación, la CAI busca establecer un estándar global para la transparencia y verificabilidad del contenido. Si bien existen desafíos técnicos y logísticos, la CAI representa un paso significativo hacia un ecosistema digital donde la confianza y la autenticidad sean la norma y no la excepción. Los interesados en profundizar más pueden acceder al código fuente disponible en los repositorios oficiales, como se ha indicado a lo largo del artículo, para implementar estas soluciones y contribuir al desarrollo de un entorno digital más seguro y confiable.

Bibliografía

• Adobe. (n.d.). XMP Toolkit SDK. Recuperado de https://github.com/adobe/XMP-Toolkit-SDK
• OpenSSL. (n.d.). OpenSSL Cryptography and SSL/TLS Toolkit. Recuperado de https://github.com/openssl/openssl
• Bouncy Castle. (n.d.). Bouncy Castle Libraries. Recuperado de https://github.com/bcgit
• Miguel Mota. (n.d.). Merkle Tree JavaScript Library. Recuperado de https://github.com/miguelmota/merkletreejs
• Ethereum Foundation. (n.d.). Ethereum. Recuperado de https://github.com/ethereum
• IPFS. (n.d.). InterPlanetary File System. Recuperado de https://github.com/ipfs
• Content Authenticity Initiative. (n.d.). Verify with CAI. Recuperado de https://github.com/contentauth/

@ a367f9eb:0633efea

Last week, an investigation by Reuters revealed that Chinese researchers have been using open-source AI tools to build nefarious-sounding models that may have some military application.

The reporting purports that adversaries in the Chinese Communist Party and its military wing are taking advantage of the liberal software licensing of American innovations in the AI space, which could someday have capabilities to presumably harm the United States.

In a June paper reviewed by Reuters, six Chinese researchers from three institutions, including two under the People’s Liberation Army’s (PLA) leading research body, the Academy of Military Science (AMS), detailed how they had used an early version of Meta’s Llama as a base for what it calls “ChatBIT”.

The researchers used an earlier Llama 13B large language model (LLM) from Meta, incorporating their own parameters to construct a military-focused AI tool to gather and process intelligence, and offer accurate and reliable information for operational decision-making.

While I’m doubtful that today’s existing chatbot-like tools will be the ultimate battlefield for a new geopolitical war (queue up the computer-simulated war from the Star Trek episode “A Taste of Armageddon“), this recent exposé requires us to revisit why large language models are released as open-source code in the first place.

Added to that, should it matter that an adversary is having a poke around and may ultimately use them for some purpose we may not like, whether that be China, Russia, North Korea, or Iran?

The number of open-source AI LLMs continues to grow each day, with projects like Vicuna, LLaMA, BLOOMB, Falcon, and Mistral available for download. In fact, there are over one million open-source LLMs available as of writing this post. With some decent hardware, every global citizen can download these codebases and run them on their computer.

With regard to this specific story, we could assume it to be a selective leak by a competitor of Meta which created the LLaMA model, intended to harm its reputation among those with cybersecurity and national security credentials. There are potentially trillions of dollars on the line.

Or it could be the revelation of something more sinister happening in the military-sponsored labs of Chinese hackers who have already been caught attacking American infrastructure, data, and yes, your credit history?

As consumer advocates who believe in the necessity of liberal democracies to safeguard our liberties against authoritarianism, we should absolutely remain skeptical when it comes to the communist regime in Beijing. We’ve written as much many times.

At the same time, however, we should not subrogate our own critical thinking and principles because it suits a convenient narrative.

Consumers of all stripes deserve technological freedom, and innovators should be free to provide that to us. And open-source software has provided the very foundations for all of this.

Open-source matters When we discuss open-source software and code, what we’re really talking about is the ability for people other than the creators to use it.

The various licensing schemes – ranging from GNU General Public License (GPL) to the MIT License and various public domain classifications – determine whether other people can use the code, edit it to their liking, and run it on their machine. Some licenses even allow you to monetize the modifications you’ve made.

While many different types of software will be fully licensed and made proprietary, restricting or even penalizing those who attempt to use it on their own, many developers have created software intended to be released to the public. This allows multiple contributors to add to the codebase and to make changes to improve it for public benefit.

Open-source software matters because anyone, anywhere can download and run the code on their own. They can also modify it, edit it, and tailor it to their specific need. The code is intended to be shared and built upon not because of some altruistic belief, but rather to make it accessible for everyone and create a broad base. This is how we create standards for technologies that provide the ground floor for further tinkering to deliver value to consumers.

Open-source libraries create the building blocks that decrease the hassle and cost of building a new web platform, smartphone, or even a computer language. They distribute common code that can be built upon, assuring interoperability and setting standards for all of our devices and technologies to talk to each other.

I am myself a proponent of open-source software. The server I run in my home has dozens of dockerized applications sourced directly from open-source contributors on GitHub and DockerHub. When there are versions or adaptations that I don’t like, I can pick and choose which I prefer. I can even make comments or add edits if I’ve found a better way for them to run.

Whether you know it or not, many of you run the Linux operating system as the base for your Macbook or any other computer and use all kinds of web tools that have active repositories forked or modified by open-source contributors online. This code is auditable by everyone and can be scrutinized or reviewed by whoever wants to (even AI bots).

This is the same software that runs your airlines, powers the farms that deliver your food, and supports the entire global monetary system. The code of the first decentralized cryptocurrency Bitcoin is also open-source, which has allowed thousands of copycat protocols that have revolutionized how we view money.

You know what else is open-source and available for everyone to use, modify, and build upon?

PHP, Mozilla Firefox, LibreOffice, MySQL, Python, Git, Docker, and WordPress. All protocols and languages that power the web. Friend or foe alike, anyone can download these pieces of software and run them how they see fit.

Open-source code is speech, and it is knowledge.

We build upon it to make information and technology accessible. Attempts to curb open-source, therefore, amount to restricting speech and knowledge.

Open-source is for your friends, and enemies In the context of Artificial Intelligence, many different developers and companies have chosen to take their large language models and make them available via an open-source license.

At this very moment, you can click on over to Hugging Face, download an AI model, and build a chatbot or scripting machine suited to your needs. All for free (as long as you have the power and bandwidth).

Thousands of companies in the AI sector are doing this at this very moment, discovering ways of building on top of open-source models to develop new apps, tools, and services to offer to companies and individuals. It’s how many different applications are coming to life and thousands more jobs are being created.

We know this can be useful to friends, but what about enemies?

As the AI wars heat up between liberal democracies like the US, the UK, and (sluggishly) the European Union, we know that authoritarian adversaries like the CCP and Russia are building their own applications.

The fear that China will use open-source US models to create some kind of military application is a clear and present danger for many political and national security researchers, as well as politicians.

A bipartisan group of US House lawmakers want to put export controls on AI models, as well as block foreign access to US cloud servers that may be hosting AI software.

If this seems familiar, we should also remember that the US government once classified cryptography and encryption as “munitions” that could not be exported to other countries (see The Crypto Wars). Many of the arguments we hear today were invoked by some of the same people as back then.

Now, encryption protocols are the gold standard for many different banking and web services, messaging, and all kinds of electronic communication. We expect our friends to use it, and our foes as well. Because code is knowledge and speech, we know how to evaluate it and respond if we need to.

Regardless of who uses open-source AI, this is how we should view it today. These are merely tools that people will use for good or ill. It’s up to governments to determine how best to stop illiberal or nefarious uses that harm us, rather than try to outlaw or restrict building of free and open software in the first place.

Limiting open-source threatens our own advancement If we set out to restrict and limit our ability to create and share open-source code, no matter who uses it, that would be tantamount to imposing censorship. There must be another way.

If there is a “Hundred Year Marathon” between the United States and liberal democracies on one side and autocracies like the Chinese Communist Party on the other, this is not something that will be won or lost based on software licenses. We need as much competition as possible.

The Chinese military has been building up its capabilities with trillions of dollars’ worth of investments that span far beyond AI chatbots and skip logic protocols.

The theft of intellectual property at factories in Shenzhen, or in US courts by third-party litigation funding coming from China, is very real and will have serious economic consequences. It may even change the balance of power if our economies and countries turn to war footing.

But these are separate issues from the ability of free people to create and share open-source code which we can all benefit from. In fact, if we want to continue our way our life and continue to add to global productivity and growth, it’s demanded that we defend open-source.

If liberal democracies want to compete with our global adversaries, it will not be done by reducing the freedoms of citizens in our own countries.

Last week, an investigation by Reuters revealed that Chinese researchers have been using open-source AI tools to build nefarious-sounding models that may have some military application.

The reporting purports that adversaries in the Chinese Communist Party and its military wing are taking advantage of the liberal software licensing of American innovations in the AI space, which could someday have capabilities to presumably harm the United States.

In a June paper reviewed by Reuters, six Chinese researchers from three institutions, including two under the People’s Liberation Army’s (PLA) leading research body, the Academy of Military Science (AMS), detailed how they had used an early version of Meta’s Llama as a base for what it calls “ChatBIT”.

The researchers used an earlier Llama 13B large language model (LLM) from Meta, incorporating their own parameters to construct a military-focused AI tool to gather and process intelligence, and offer accurate and reliable information for operational decision-making.

While I’m doubtful that today’s existing chatbot-like tools will be the ultimate battlefield for a new geopolitical war (queue up the computer-simulated war from the Star Trek episode “A Taste of Armageddon“), this recent exposé requires us to revisit why large language models are released as open-source code in the first place.

Added to that, should it matter that an adversary is having a poke around and may ultimately use them for some purpose we may not like, whether that be China, Russia, North Korea, or Iran?

The number of open-source AI LLMs continues to grow each day, with projects like Vicuna, LLaMA, BLOOMB, Falcon, and Mistral available for download. In fact, there are over one million open-source LLMs available as of writing this post. With some decent hardware, every global citizen can download these codebases and run them on their computer.

With regard to this specific story, we could assume it to be a selective leak by a competitor of Meta which created the LLaMA model, intended to harm its reputation among those with cybersecurity and national security credentials. There are potentially trillions of dollars on the line.

Or it could be the revelation of something more sinister happening in the military-sponsored labs of Chinese hackers who have already been caught attacking American infrastructure, data, and yes, your credit history?

As consumer advocates who believe in the necessity of liberal democracies to safeguard our liberties against authoritarianism, we should absolutely remain skeptical when it comes to the communist regime in Beijing. We’ve written as much many times.

At the same time, however, we should not subrogate our own critical thinking and principles because it suits a convenient narrative.

Consumers of all stripes deserve technological freedom, and innovators should be free to provide that to us. And open-source software has provided the very foundations for all of this.

Open-source matters

When we discuss open-source software and code, what we’re really talking about is the ability for people other than the creators to use it.

The various licensing schemes – ranging from GNU General Public License (GPL) to the MIT License and various public domain classifications – determine whether other people can use the code, edit it to their liking, and run it on their machine. Some licenses even allow you to monetize the modifications you’ve made.

While many different types of software will be fully licensed and made proprietary, restricting or even penalizing those who attempt to use it on their own, many developers have created software intended to be released to the public. This allows multiple contributors to add to the codebase and to make changes to improve it for public benefit.

Open-source software matters because anyone, anywhere can download and run the code on their own. They can also modify it, edit it, and tailor it to their specific need. The code is intended to be shared and built upon not because of some altruistic belief, but rather to make it accessible for everyone and create a broad base. This is how we create standards for technologies that provide the ground floor for further tinkering to deliver value to consumers.

Open-source libraries create the building blocks that decrease the hassle and cost of building a new web platform, smartphone, or even a computer language. They distribute common code that can be built upon, assuring interoperability and setting standards for all of our devices and technologies to talk to each other.

I am myself a proponent of open-source software. The server I run in my home has dozens of dockerized applications sourced directly from open-source contributors on GitHub and DockerHub. When there are versions or adaptations that I don’t like, I can pick and choose which I prefer. I can even make comments or add edits if I’ve found a better way for them to run.

Whether you know it or not, many of you run the Linux operating system as the base for your Macbook or any other computer and use all kinds of web tools that have active repositories forked or modified by open-source contributors online. This code is auditable by everyone and can be scrutinized or reviewed by whoever wants to (even AI bots).

This is the same software that runs your airlines, powers the farms that deliver your food, and supports the entire global monetary system. The code of the first decentralized cryptocurrency Bitcoin is also open-source, which has allowed thousands of copycat protocols that have revolutionized how we view money.

You know what else is open-source and available for everyone to use, modify, and build upon?

PHP, Mozilla Firefox, LibreOffice, MySQL, Python, Git, Docker, and WordPress. All protocols and languages that power the web. Friend or foe alike, anyone can download these pieces of software and run them how they see fit.

Open-source code is speech, and it is knowledge.

We build upon it to make information and technology accessible. Attempts to curb open-source, therefore, amount to restricting speech and knowledge.

Open-source is for your friends, and enemies

In the context of Artificial Intelligence, many different developers and companies have chosen to take their large language models and make them available via an open-source license.

At this very moment, you can click on over to Hugging Face, download an AI model, and build a chatbot or scripting machine suited to your needs. All for free (as long as you have the power and bandwidth).

Thousands of companies in the AI sector are doing this at this very moment, discovering ways of building on top of open-source models to develop new apps, tools, and services to offer to companies and individuals. It’s how many different applications are coming to life and thousands more jobs are being created.

We know this can be useful to friends, but what about enemies?

As the AI wars heat up between liberal democracies like the US, the UK, and (sluggishly) the European Union, we know that authoritarian adversaries like the CCP and Russia are building their own applications.

The fear that China will use open-source US models to create some kind of military application is a clear and present danger for many political and national security researchers, as well as politicians.

A bipartisan group of US House lawmakers want to put export controls on AI models, as well as block foreign access to US cloud servers that may be hosting AI software.

If this seems familiar, we should also remember that the US government once classified cryptography and encryption as “munitions” that could not be exported to other countries (see The Crypto Wars). Many of the arguments we hear today were invoked by some of the same people as back then.

Now, encryption protocols are the gold standard for many different banking and web services, messaging, and all kinds of electronic communication. We expect our friends to use it, and our foes as well. Because code is knowledge and speech, we know how to evaluate it and respond if we need to.

Regardless of who uses open-source AI, this is how we should view it today. These are merely tools that people will use for good or ill. It’s up to governments to determine how best to stop illiberal or nefarious uses that harm us, rather than try to outlaw or restrict building of free and open software in the first place.

Limiting open-source threatens our own advancement

If we set out to restrict and limit our ability to create and share open-source code, no matter who uses it, that would be tantamount to imposing censorship. There must be another way.

If there is a “Hundred Year Marathon” between the United States and liberal democracies on one side and autocracies like the Chinese Communist Party on the other, this is not something that will be won or lost based on software licenses. We need as much competition as possible.

The Chinese military has been building up its capabilities with trillions of dollars’ worth of investments that span far beyond AI chatbots and skip logic protocols.

The theft of intellectual property at factories in Shenzhen, or in US courts by third-party litigation funding coming from China, is very real and will have serious economic consequences. It may even change the balance of power if our economies and countries turn to war footing.

But these are separate issues from the ability of free people to create and share open-source code which we can all benefit from. In fact, if we want to continue our way our life and continue to add to global productivity and growth, it’s demanded that we defend open-source.

If liberal democracies want to compete with our global adversaries, it will not be done by reducing the freedoms of citizens in our own countries.

Originally published on the website of the Consumer Choice Center.

@ c11cf5f8:4928464d

Let's hear some of your latest Bitcoin purchases, feel free to include links to the shops or merchants you bought from too.

If you missed our last thread, here are some of the items stackers recently spent their sats on.

originally posted at https://stacker.news/items/761231

@ 9349d012:d3e98946

Chef's notes

2 cups pureed pumpkin 2 cups white sugar 3 eggs, beaten 1/2 cup olive oil 1 tablespoon cinnamon 1 1/2 teaspoon baking powder 1 teaspoon baking soda 1/2 teaspoon salt 2 1/4 cups flour 1/4 cup chopped pecans

Preheat oven to 350 degrees Fahrenheit. Coat a bread pan with olive oil. Mix all ingredients minus nuts, leaving the flour for last, and adding it in 2 parts. Stir until combined. Pour the batter into the bread pan and sprinkle chopped nuts down the middle of the batter, lenghtwise. Bake for an hour and ten minutes or until a knife insert in the middle of the pan comes out clean. Allow bread to cool in the pan for five mintes, then use knife to loosen the edges of the loaf and pop out of the pan. Rest on a rack or plate until cool enough to slice. Spread bread slices with Plugra butter and serve.

https://cookeatloveshare.com/pumpkin-bread/

Details

• ⏲️ Prep time: 30 minutes
• 🍳 Cook time: 1 hour and ten minutes
• 🍽️ Servings: 6

Ingredients

• See Chef's Notes

Directions

1. See Chef's Notes

@ ff18165a:dd7ca7f0

Chef's notes

1. DO NOT add too much Peppermint Extract! It’s extremely strong and it will make your milkshake way too strong if you add more than a few drops.
2. Feel free to be creative with your toppings. We used Caramel Flavored Whipped Topping and it turned out great!

Details

• ⏲️ Prep time: 5 min
• 🍳 Cook time: 2 min
• 🍽️ Servings: 1

Ingredients

• 1 1/2 cup Milk
• 2 drops Peppermint Extract
• 2 packets Stevia
• 1 cup Ice
• 2 drops Green Food Coloring
• Green Sprinkles
• 1 Crushed Peppermint Candy
• 2 Mint Leaves

Directions

1. 1. Blend together until smooth and frothy
2. 1. Pour into a tall glass
3. 1. Top with listed toppings
4. 1. Add straw and enjoy

@ e1d968f7:5d90f764

If there's one thing I know for sure, it's this: life is too short not to make the most of every moment. That’s why I don’t just walk through life—I own it. My name’s Rebecca Knight, and I’m the kind of woman who leaves a lasting impression, whether it’s with a wink across a crowded room or a conversation that lingers long after it’s over.

I’m not your average woman, and I’m certainly not afraid to show it. I’ve got that magnetic charm that draws people in, a little playful sparkle in my eye that says, “Come closer, if you dare.” I love making people feel seen, heard, and most of all—alive. There’s something about making someone smile or laugh that gives me the rush of a lifetime. Maybe it’s the thrill of connection or the way people react when they realize I’m exactly the kind of woman they didn’t know they needed in their lives.

When I meet someone, I don’t just show up—I make it memorable. Whether it’s in the way I laugh at a joke, the intensity of a conversation, or the way I give you my undivided attention, there’s no denying it: I know how to keep you on your toes. And when it comes to my work, it’s no different. I know exactly how to create a space where we both feel at ease, where the chemistry can spark and the tension can build. It’s all about the connection. The energy. The way we feed off each other.

But let’s be real: I don’t just give for the sake of giving. I believe in mutual enjoyment. I’m all about making sure both of us are having the time of our lives. Whether we’re sharing an intimate laugh, a heated conversation, or simply enjoying each other’s company in a way that feels… exciting, it’s always about balancing that electric pull with respect and mutual understanding.

Being bold is fun, but being respectful is key. I don’t believe in anything forced or out of alignment with what feels good. If I want something, you’ll know it, and if you want something, I’m always happy to listen. But here’s the thing: I’m not interested in anything halfway. I play for keeps, and I expect to have my energy matched in the best possible way.

So, if we ever find ourselves in the same space, be prepared for a little bit of magic. I’m the kind of woman who brings excitement, fun, and a healthy dose of mischief into every room I enter. I know how to turn the ordinary into extraordinary, and how to leave a lasting impression without breaking a sweat.

After all, life’s a game, and I’m very good at playing it. If you ever find yourself wondering if you’re the next lucky person I’ll take on that little adventure… let’s just say I’m sure you’ll know when it happens.

@ 18bdb66e:82eb5e5d

Chef's notes

This recipe needs to sit in the refrigerator at least one hour, or overnight prior to baking. Link sausage may be used but casing must be removed prior to frying.

Details

• ⏲️ Prep time: 20 minutes
• 🍳 Cook time: 1 hour
• 🍽️ Servings: 4-6

Ingredients

• 1 lb breakfast sausage
• 1 large onion, chopped
• 1 green bell pepper
• Cooking spray
• 4 cups dehydrated/dried bread cubes
• 6 large eggs
• 1 1/2 cups milk
• 1/4 tsp salt (optional)
• 1/4 tsp black pepper
• 1 cup shredded Cheddar cheese

Directions

1. Spray 13x9 baking dish with cooking spray, like PAM.
2. Crumble sausage into a skillet, fry breaking up pieces
3. Add onion to the sausage
4. Chop bell pepper, add to sausage and onion, fry until tender
5. Remove from heat, drain if needed, set aside.
6. Spread bread cubes on bottom of baking dish
7. Spoon sausage mixture over bread
8. Blend eggs, milk, salt, and pepper in a bowl or large measuring cup.
9. Pour egg mixture over sausage and bread.
10. Cover and place in refrigerator.
11. Refrigerate at least one hour or overnight.
12. Preheat oven to 375F.
13. Place casserole in oven, bake 55 minutes
14. Top with cheese and bake 5 minutes longer.
15. Let rest 10 minutes before cutting.

@ 526e9d4c:2ecfb055

Chef's notes

最好的是用慢炖锅炖一个晚上. Best if cooked in a slow cooker overnight.

Details

• ⏲️ Prep time: 10 minutes
• 🍳 Cook time: 8 hours

Ingredients

• 金耳一块 // 1 piece of golden tremella
• 银耳2片 // 2 pieces of silver ear fungus
• 红枣10颗 // 10 red dates
• 枸杞7-8粒 // 7-8 goji berries
• 桃胶20颗 // 20 peach gum pieces
• 黄冰糖3块 // 3 blocks of yellow rock sugar

Directions

1. 把银耳和桃胶用水清洗并用水泡发20分钟。 Wash the silver ear fungus and peach gum with water and soak them for 20 minutes.
2. 水煮沸放入3块冰糖，溶解后把银耳和红枣倒入沸水中。 Bring the water to a boil and add 3 blocks of rock sugar. After it dissolves, add the silver ear fungus and red dates to the boiling water.
3. 5分钟后加入金耳和桃胶煮30-40分钟（中途可加水稀释。 After 5 minutes, add the golden tremella and peach gum, and cook for 30-40 minutes (you can add water to dilute if needed)
4. 煮开后，放5分钟即可使用，如果觉得不是很甜，可以再放一点冰糖（根绝个人口味） After boiling, let it sit for 5 minutes before serving. If you find it's not sweet enough, you can add a bit more rock sugar (according to personal taste)

@ 05fcdfd8:fd31299f

Die Auswirkungen von Störsendern auf Reisen und wie Sie Ihre Privatsphäre und Sicherheit schützen können

In der modernen Gesellschaft ist Reisen zu einem integralen Bestandteil des Lebens der Menschen geworden. Mit zunehmender Reisehäufigkeit sind Informationssicherheit und Privatsphäre jedoch nach und nach zu wichtigen Themen geworden, die den Menschen Sorgen bereiten. An verschiedenen öffentlichen Orten, insbesondere in Flughäfen, Hotels und Touristenattraktionen, kann das Vorhandensein von Signal störsender eine potenzielle Bedrohung für die Sicherheit unserer persönlichen Geräte und Informationen darstellen. Aus diesem Grund ist es wichtig, die Auswirkungen von Störsendern zu verstehen und geeignete Sicherheitsmaßnahmen zu ergreifen.

1. Funktionsprinzip des Störsenders

Ein Störsender, oft auch „Signalstörsender“ genannt, ist ein Gerät, das Signale auf bestimmten Frequenzen aussendet, die die Kommunikation mit anderen drahtlosen Geräten stören oder verhindern können. Diese Geräte werden manchmal verwendet, um illegale drahtlose Kommunikation zu blockieren, beispielsweise in Gefängnissen, aber auch auf Reisen kommt es zu illegalem Einsatz. Hacker könnten beispielsweise Handyblocker verwenden, um die Mobiltelefonsignale von Menschen zu stören, um vertrauliche Informationen abzuhören oder zu stehlen.

2. Die Auswirkungen von Störsendern

1. Auswirkungen auf die Kommunikation: In Bereichen, in denen Störsender verwendet werden, kann es bei Mobiltelefonen und anderen drahtlosen Geräten zu Signalverlusten kommen, wodurch es unmöglich wird, Anrufe entgegenzunehmen oder Nachrichten zu senden. Dies kann im Ernstfall schwerwiegende Folgen haben.

2. Risiken für die Datensicherheit: Hacker können WLAN Jammer nutzen, um Funksignale abzufangen und die persönlichen Daten und Bankkontoinformationen der Benutzer zu stehlen. Wenn ein Gerät keine stabile Verbindung zum Netzwerk herstellen kann, neigen Benutzer dazu, die Sicherheit der Verbindung zu ignorieren, wodurch sich das Risiko eines Angriffs erhöht.

3. Datenschutzverlust: Wenn Benutzer gestört werden, nutzen sie möglicherweise unsichere Netzwerke oder Anwendungen, was das Risiko eines Datenschutzverlusts erhöht. Insbesondere in öffentlichen WLAN-Umgebungen können Hacker Interferenztechnologie nutzen, um Man-in-the-Middle-Angriffe durchzuführen und Benutzeraktivitäten zu überwachen.

3. So schützen Sie Privatsphäre und Sicherheit

1. Verwenden Sie ein virtuelles privates Netzwerk (VPN): Die Verwendung eines VPN verschlüsselt Ihren Internetverkehr und schützt Ihre Privatsphäre, insbesondere bei der Nutzung öffentlicher WLANs. Ein VPN erstellt einen sicheren Tunnel, sodass Ihre Daten während der Übertragung nicht gestohlen werden können.

https://www.jammermfg.com/de/alle-jammer.html

2. Vermeiden Sie Verbindungen zu ungesicherten Netzwerken: Versuchen Sie auf Reisen, Verbindungen zu WLAN-Netzwerken zu vermeiden, die nicht passwortgeschützt oder ungesichert sind. Wenn Sie es unbedingt nutzen müssen, stellen Sie sicher, dass Sie zusätzliche Sicherheitsmaßnahmen wie ein VPN oder mobile Daten ergreifen.

3. Aktualisieren Sie Ihre Geräte und Apps regelmäßig: Stellen Sie sicher, dass Ihr Telefon und Ihre Apps immer auf dem neuesten Stand sind, um Sicherheitslücken zu schließen. Hersteller veröffentlichen regelmäßig Updates, um potenzielle Sicherheitsprobleme zu beheben.

4. Verwenden Sie die Zwei-Faktor-Authentifizierung: Die Aktivierung der Zwei-Faktor-Authentifizierung erhöht die Sicherheit Ihrer Online-Konten. Auch wenn ein Hacker Ihr Passwort erhält, benötigt er noch einen zweiten Verifizierungsschritt, um auf Ihr Konto zuzugreifen.

5. Geben Sie Informationen sorgfältig weiter: Vermeiden Sie es, persönliche Informationen öffentlich preiszugeben, z. B. Kreditkarteninformationen oder private Inhalte in sozialen Medien. Achten Sie auf Ihre Umgebung und vermeiden Sie es, sensible Themen zu besprechen.

6. Verwenden Sie sichere Messaging-Tools: Verwenden Sie bei wichtigen Kommunikationen sichere Messaging-Apps wie Signal oder WhatsApp. Diese Apps bieten eine Ende-zu-Ende-Verschlüsselung, um Ihre Gespräche vor Abhörern zu schützen.

7. Sichern Sie Ihr Gerät: Stellen Sie sicher, dass Sie ein sicheres Passwort für Ihr Gerät festlegen und biometrische Daten (z. B. Fingerabdruck oder Gesichtserkennung) verwenden, um die Sicherheit zu erhöhen und zu verhindern, dass andere auf Ihr Gerät zugreifen, wenn Sie es nicht verwenden.

4. Zusammenfassung

Auf Reisen ist der Schutz Ihrer Privatsphäre und Sicherheit eine wichtige und notwendige Aufgabe. Auch wenn die Existenz von Störsendern und HF Detektor gewisse Auswirkungen auf die Kommunikation hat, können Sie durch die oben genannten Maßnahmen potenzielle Risiken wirksam reduzieren und sicherstellen, dass Ihre Daten nicht durchsickern oder verletzt werden. Während wir die Reise genießen, müssen wir wachsam bleiben und unsere persönlichen Daten und Privatsphäre schützen.

1. https://www.jammermfg.com/de/DE-W04-wlan-kamera-stoersender-fuer-drahtlose-audio-video-rekorder.html
2. https://www.jammermfg.com/de/56W-hochwertige-konferenzraum-handy-und-wlan-stoersender-kaufen.html

@ 472f440f:5669301e

Over the last four years bitcoin has, among other things, established itself as an incredible corporate treasury asset that benefits those who adopt it as such. Microstrategy is the shining example of this theme going from a company that was hovering barely above a ~$1B market cap in mid-2020 to a ~$40B market cap company holding more than 1% of the 21,000,000 bitcoin that will ever exist. Microstrategy's success has emboldened a number of other publicly trader companies to follow suit. Bitcoin as a corporate treasury asset is well on its way to becoming a standard. If you run a business that doesn't hold bitcoin on its balance sheet you are doing yourself, your customers and your shareholders a disservice.

This is a trend that has its legs under it and will accelerate moving forward. A trend that I believe will emerge this cycle is incorporating bitcoin into real estate markets. Leon Wankum has been beating the drum about this for the last few years and I had the pleasure of sitting down with him this morning to record an episode of TFTC that will be published tomorrow morning. Leon is a real estate developer in Germany and he has made it his mission to educate and warn others in real estate about the demonetization of real estate that is under way due to the fact that bitcoin exists and it provides a far superior alternative.

These are pretty stark numbers. Nothing highlights the superior monetary properties of bitcoin better than looking at a chart of the average price of a home priced in USD v. bitcoin.

Since 2016: +46% in USD -99% in BTC

Since 2020: +34% in USD -70% in BTC

The funny thing is that an overwhelming majority of the individuals who make their living in real estate markets do not understand that this is happening to them. Many think they are doing exceptionally well all things considered. Sure, there may be a bit of a slow down and price retraction due to a couple of years of relatively elevated interest rates, but don't worry! The Fed is lowering rates again and the good times are about to start back up. Nothing could be further from the truth. This trend is going to continue unabated until bitcoin is fully monetized and those is the real estate industry, particularly real estate developers and those who lend capital to developers, should seriously take the time to understand what is happening to them.

Real estate is the largest store of value asset in the world at the moment. The most common number that is thrown around for the total size of the market is $300 TRILLION. $300 TRILLION of wealth being stored in an asset that is illiquid, comes with maintenance costs, taxes, insurance premiums, and susceptible to extreme weather event, among other things. Compared to bitcoin - which is extremely liquid, saleable, divisible and hard to confiscate, real estate is a far superior asset to store your wealth in. This is something that I'm sure is well understood by many of you reading this letter.

What's less understood is the dynamics of the real estate development market over the last few years, which have been severely hindered by elevated interest rates. The higher interest rate environment coupled with the inflationary pressures that forced rates higher in the first place have put developers in a predicament; they have a higher cost of capital to start new projects with raw material prices that are still much higher than they were before the economic lock downs of 2020-2022. This has led to a scenario where it isn't advantageous to start new projects and the projects that broke ground in 2021-2023 are finding that they need to incur more debt to get their developments across the finish line.

Despite the fact that interest rates are on their way back down, it doesn't seem like the economics of these projects are going to materially improve in the short to medium-term as headline inflation begins to creep back up. Couple this with the fact that the jobs market is cratering while real wages struggle to keep up with inflation and many builders are going to find themselves in a situation where they do actually complete a development problem but their cash flow suffers because their customers can't afford the inflated rents that builders will have to charge to get a return on their outlaid capital. Many will be put in a situation where they are forced to be happy with lower rents (cash flow) or sit on the sidelines making no cash flow.

The post-1971 era that brought with it a booming real estate industry is suffering the same fate as the bond market; the generation bull market is over. Real estate prices may go up, but that will be nothing more than a mirage of wealth creation. The unit of account those prices are built on is in dollars, which are being debased at an accelerating rate. Developers, banks and borrowers need to de-risk their real estate exposure and, as Leon points out, bitcoin is the only way to do this in an effective way.

Moving forward developers will have to finance by dual collateralizing their debt with the real estate and bitcoin. In the graphic below Leon illustrates what this type of financing structure will look like. Instead of taking $10m of debt to finance a project and putting it all into materials, construction and marketing, a developer will take out a $10m loan, put $1m in bitcoin and the rest toward the development project. Over the course of the construction of the real estate project, bitcoin will sit in the credit structure and, if held for 4+ years, should increase significantly in value. Saving the builder from risk of default and providing him some optionality in terms of what he can do with the project once it's finished.

In this scenario downside risk is contained - a developer isn't pouring all of the cash into bitcoin at the beginning so the worst case scenario is that bitcoin goes to zero (highly unlikely) and they can eat the small loss and hope to make up with it via cash flows once a project is finished, while upside potential is enormous. Bitcoin is still monetizing and having exposure to the hardest monetary asset the world has ever while it's monetizing has proven to be massively beneficial.

We are still in the early days of bitcoin and this idea will likely seem absolutely insane to most Tradfi investors, but I strongly believe that developers, banks and end consumers who don't leverage this type of bitcoin structured credit will be cooked in the long-run. And those that take advantage of this type of structure first will be considered geniuses in 20 years.

There are many more nuanced benefits to this strategy; holding bitcoin allows landlords and management companies to weather ongoing maintenance costs throughout the years, those who take out mortgages dual collateralized with a house and bitcoin not only protect the equity value of their property but could see their equity values increase significantly more than others using vanilla mortgages, and builders who accumulate bitcoin in their treasuries will be able to use better raw materials when building, which leads to more valuable properties that cash flow for longer.

Again, it's going to take time for these types of structures to become commonplace in the market, but I firmly believe this cycle will be the cycle that these strategies get off the ground. In four to five years they will have a track record and after that it will be considered irresponsible not to finance real estate in this way. The banks will begin to demand it.

---

Final thought... Sinus congestion sucks.

@ a10260a2:caa23e3e

TIL Google Authenticator can potentially collect a lot of data, more than some of the other popular 2FA apps^1.

Whether it does or it doesn’t, if you’re like me, you don’t turn down an opportunity to remove some Google from your life and add in some open-source.

Here’s a quick overview of the migration process.

Step 1: Download 2FAS

Step 2: Export accounts from Authenticator

This can be done via “Transfer accounts” in the sidebar. If you’re transferring on the same phone, take a screenshot of the QR code.

Step 3: Import accounts into 2FAS

During the setup process for 2FAS, you’ll be given the option to import existing tokens from Google. This is where you’ll tap “Choose QR Code” and select the screenshot you took in step 2.

Note that when you tap continue after importing the tokens, you’ll be taken back to the same screen as above. I think it should take you to your list of accounts after. Either way, don’t think the import failed. Just tap cancel, and you’ll be taken there.

If you’re on Android, check out Aegis. 🫡

originally posted at https://stacker.news/items/753472

@ 6aa0e5a8:f1677da5

In diesem hochentwickelten technologischen Zeitalter waren Einsamkeit und Isolation des Menschen noch nie so präsent wie heute. Das Aufkommen der love doll hat ein tieferes Nachdenken über Intimität und menschliche Bedürfnisse ausgelöst.

Blickt man auf die lange Geschichte der menschlichen Zivilisation zurück, so war der Wunsch nach Intimität und Liebe schon immer ein Teil der menschlichen Natur. In der heutigen schnelllebigen Gesellschaft entfernen sich die zwischenmenschlichen Beziehungen jedoch immer mehr voneinander, und die Veränderungen in den Familienstrukturen haben dazu geführt, dass zu viele Menschen in geistige und körperliche Einsamkeit verfallen. Einigen Daten zufolge befindet sich etwa ein Viertel der Bevölkerung in einem Zustand der dauerhaften Einsamkeit.

Die Einsamkeit lässt die Nachfrage nach sexpuppe als „virtuelle Begleiter“ wachsen. Auch wenn Liebespuppe den Reichtum echter Intimität nicht vollständig wiedergeben können, so können sie doch für diejenigen, denen es lange Zeit an Intimität gefehlt hat, die körperliche und emotionale Leere zumindest bis zu einem gewissen Grad stillen. Auf der einen Seite zeigt dies, dass der Fortschritt von Wissenschaft und Technik uns mehr Wahlmöglichkeiten bietet, auf der anderen Seite spiegelt es aber auch einen Teil des Mangels an menschlicher Natur in der modernen Gesellschaft wider.

Davor können wir nicht die Augen verschließen. Wir sollten darüber nachdenken, was zu der Kälte in den intimen Beziehungen zwischen den Menschen geführt hat. Die Zunahme der Zahl der Singles, der Anstieg der Scheidungsrate, die niedrige Geburtenrate usw. sind allesamt Anzeichen dafür, dass der menschlichen Liebe und Intimität in unserer Gesellschaft nicht genügend Aufmerksamkeit geschenkt wird. Wir müssen darüber nachdenken, wie wir die menschliche Wärme wiederherstellen und die zwischenmenschliche Kommunikation stärken können, damit jeder ein Gefühl der Sicherheit und der Zugehörigkeit bekommt.

Gleichzeitig sollten wir auch darüber nachdenken, welche Art von intimer Beziehung wir anstreben. Ist die rein körperliche oder virtuelle Erfüllung nur eine unangebrachte Nachahmung wahrer Intimität? Der Kern einer intimen Beziehung besteht aus zwei Menschen aus Fleisch und Blut, die sich gegenseitig schätzen, verstehen, tolerieren und Verantwortung füreinander übernehmen. Vergessen wir langsam die guten Eigenschaften der Intimität?

Der Zweck der technologischen Entwicklung besteht darin, der Menschheit besser zu dienen, und nicht darin, sie zu entfremden und zu mechanisieren. real sex doll geben uns die Möglichkeit zum Nachdenken, es geht nicht um eine schwarz-weiße Entscheidung für richtig oder falsch, sondern wir sollten darüber nachdenken, wie wir Wohlwollen, Wärme und Verantwortungsbewusstsein nutzen können, um das humanistische Fundament intimer Beziehungen aufzubauen und die verlorene Temperatur der menschlichen Natur in dieser Ära des Hochgeschwindigkeitsbetriebs zurückzugewinnen.

1. https://mastodon.cloud/@wifesexdoll/113450628523233823
2. https://mytek.clicforum.com/t291856-Das-Zeitalter-der-Sexpuppen-Sublimierung-oder-Untergang-der.htm

@ 9ff58691:0bf6c134

Курган - один из крупнейших городов Уральского региона, административный центр Курганской области. За последние двадцать лет этот город претерпел значительные изменения, превратившись из серого провинциального центра в современный, динамично развивающийся город. Об изменениях рассказал Олег Фролов – коренной житель города.

• Олег, расскажите, как за последние двадцать лет изменился ваш родной город Курган? Что именно изменилось в городе за это время?

• За эти годы Курган преобразился до неузнаваемости. Когда я был ребенком, город казался мне серым и унылым. Сейчас он стал более современным и привлекательным. Пожалуй, самые заметные изменения произошли в сфере образования и медицины. Многие школы и детские сады были капитально отремонтированы или построены заново. Появились современные учебные классы, оснащенные новейшим оборудованием, включая интерактивные доски, 3D-принтеры и системы искусственного интеллекта для помощи в обучении. Городские больницы и поликлиники были модернизированы, оснащены новейшей диагностической техникой: роботизированные хирургические системы и системы искусственного интеллекта для анализа медицинских данных. Качество и доступность медицинской помощи значительно возросли.

• А как изменилась культурная жизнь города?

• Был отреставрирован и значительно расширен городской драматический театр. Открылись новые концертные залы, музеи и выставочные пространства. Стало проводиться гораздо больше культурных мероприятий. Жителям других регионов выдалась возможность посетить каждое культурное место нашего города с помощью экскурсий дополненной вирутальной реальностью. Курган превратился в настоящий культурный центр региона.

• Как вы оцениваете эти изменения? Довольны ли вы тем, как развивается ваш родной город?

• Я очень рад тем преобразованиям, которые произошли в Кургане за последние годы. Город стал более комфортным и привлекательным для жизни. Конечно, есть еще над чем работать, но в целом я вижу, что Курган уверенно движется вперед, становясь современным и развитым.

• Олег, а есть ли у вас в Кургане любимое место, куда вы любите ходить?

• Безусловно. Мое любимое место - это Центральный парк культуры и отдыха. Это настоящее сердце нашего города. Парк преобразился до неузнаваемости - он стал мобильным, с большим экраном для проведения мероприятий, а голограммы проводят интересные экскурсии. Здесь созданы все удобства для людей с ограниченными возможностями.

• Что вам особенно нравится в этом парке?

• Парк очень красивый и ухоженный. Здесь высажено множество зеленых насаждений - деревьев, кустарников, цветов. Есть уютные аллеи для прогулок, детские площадки, спортивные зоны. Летом работают аттракционы, открыты кафе и летние веранды. Зимой заливают большой каток, который очень популярен среди жителей. Мне очень нравится культурная жизнь парка. Здесь регулярно проводятся различные фестивали, концерты, выставки. Летом часто организуют кинопоказы под открытым небом. Зимой работает резиденция Деда Мороза, куда приходят целыми семьями.

• Похоже, это действительно замечательное место. Спасибо, что поделились своими впечатлениями!

• Да, и правда замечательное. Я очень рад, что за последние годы он преобразился и стал настоящим центром притяжения для жителей города. Приглашаю всех приехать и лично убедиться в этом!

@ 07e1bb93:f9523a3c

In the ever-shifting landscape of American politics, few partnerships have proven as effective in advancing the conservative agenda as the relationship between President Donald Trump and Senator JD Vance. The alignment of their values, priorities, and vision for America has been a game-changer, not just for the Republican Party, but for the nation as a whole. Here’s why Trump needed JD Vance — and why this partnership is one for the history books.

1. A Shared Vision for America’s Working Class

Both President Trump and JD Vance have made it clear that their top priority is restoring the strength and prosperity of America's working class. Trump’s 2016 campaign reshaped the Republican Party into one that stands unapologetically with blue-collar Americans. Vance, in his bestselling book Hillbilly Elegy, captured the struggles of America’s heartland, painting a picture of a forgotten class that Trump understood and aimed to champion.

Vance’s personal experience of growing up in a working-class family in Appalachia allows him to connect with the very people Trump promised to fight for. When Trump needed someone who could speak authentically to the struggles of rural America — a place often left behind by both parties — JD Vance was the perfect ally. His commitment to restoring dignity to working families and fighting against globalist policies that shipped jobs overseas aligns perfectly with Trump’s America First agenda.

2. Fighting the Swamp Together

One of Trump’s most significant promises was to drain the swamp — to rid Washington of the establishment elites who have sold out America’s interests in favor of their own. JD Vance’s political career has been a direct response to this very problem. As someone who understands the dangers of big-money politics and the media’s influence, Vance has shown that he’s not afraid to take on the establishment — whether it’s Big Tech, Big Pharma, or the bureaucratic deep state.

Together, Trump and Vance make an unstoppable force in the fight against Washington corruption. Vance’s no-nonsense approach to tackling the elites, combined with Trump’s bold, take-no-prisoners attitude, sends a clear message to D.C. — the days of business as usual are over.

3. A Bold, Unapologetic Conservative Voice

Trump revolutionized the Republican Party by unapologetically embracing a bold, conservative agenda — one that emphasizes securing the border, standing strong against China, and advocating for American sovereignty. JD Vance has proven to be a fierce defender of these principles. His strong stance against illegal immigration, as well as his commitment to bringing American jobs back home from China, make him an invaluable ally in Trump’s fight to put America first.

In the face of global challenges and domestic strife, Trump needed someone like JD Vance who would stand firm in the face of leftist pressure, the mainstream media, and cancel culture. Vance’s resilience and courage in sticking to conservative principles make him an indispensable ally in Trump’s quest to reclaim American greatness.

4. Rural America’s Voice in Washington

Trump’s deep connection with rural America was one of the key factors in his 2016 victory. In JD Vance, Trump found a kindred spirit who understands the heartbeat of Middle America. Vance, who has firsthand knowledge of the hardships faced by families in small-town America, brings a fresh perspective to the Senate that Trump can rely on.

From advocating for policies that support American agriculture to pushing back against the cultural elites who are trying to rewrite America’s values, Vance is a powerful voice for the people who have long been overlooked by Washington politicians. With Vance in the Senate, Trump gained a strong advocate for rural communities, ensuring that their concerns are heard at the highest levels of government.

5. Fighting the Culture Wars

In addition to economic policies, Trump and Vance share a common commitment to fighting the culture wars. Vance, with his deep understanding of the impact of media, education, and corporate culture on America’s identity, has been an outspoken critic of the left’s radical agenda. He has voiced concerns about the erosion of traditional American values and the dangers of left-wing identity politics.

Trump needed someone who could not only challenge the left’s policies but also defend the cultural heritage of America. Vance’s intellectual and cultural insights make him an essential ally in this battle. Together, they form a powerful counterweight to the woke left’s attempt to undermine the very fabric of American society.

6. A Partnership for Victory

At its core, the Trump-Vance alliance is about winning — for the American people. It’s about rebuilding a nation that works for its citizens, standing up against forces that seek to weaken it, and ensuring that America remains a beacon of freedom, opportunity, and strength on the global stage.

Trump needed JD Vance because Vance’s voice is a reflection of the heart of America. Together, they represent the future of the Republican Party — a future that is grounded in traditional values, fierce independence, and a relentless pursuit of the American Dream.

Conclusion

In JD Vance, President Trump found an ally who shares his vision, his commitment to the working class, and his passion for restoring American greatness. As this partnership continues to grow, there’s no doubt that Trump and Vance will be a dynamic duo, leading the charge against the forces of globalization, corruption, and cultural decay.

For all the talk of division in American politics, the Trump-Vance partnership reminds us that unity is possible when leaders stand firm in their beliefs, fight for what’s right, and work together for the future of our nation. It’s a partnership built on trust, shared values, and an unyielding love for America — and that’s exactly why Trump needed JD Vance.

@ fd208ee8:0fd927c1

All memed out

It finally happened. I think it was October 25th, at circa 18:45 in the evening. I was doomscrolling my Nostr feed, and kept seeing the same Bitcoin memes repeated over and over, by different people. They weren't even reposts, they were copy-pasted versions of the same image. A very funny image. Well, it was very funny last year... and the year before that... and probably the year before that, when it appeared on a different network.

Because it's all just reposts, copy-pastes and rehashes of the Best of Bitcoin Twitter, just like the tiresome influencers, with their groupies and their Episode 498 of Let's all eat a large chunk of lightly-burnt dead animal and count our stacks before jetting off to talk about how to save the poors by getting them to buy individual satoshis with money they don't have.

I'm the poors your looking for

It's all so tiresome. It has little bearing on the real world I see around me, where most people are thinking all day about 99 problems and Bitcoin ain't one.

Which is, of course, what the Bitcoin influencers would have you believe, is the reason that they're poor. What in the world could be more important, than thinking about Bitcoin? Why do these people not get with the program? Don't they know, that we are trying to save them?

Why are they worrying about OtherProblems? Don't they know that all OtherProblems can be fixed with Bitcoin? Really, if you just go back far enough, in any current, situational problem, you will discover that there was some slight, negative shift to the history record that involved soft money. It's the financial version of the Butterfly Effect.

That's why #BitcoinFixesThis. Bitcoin fixes everything, if you just think about it, for long enough.

The same way that we all actually come out of Africa, supposedly, if you go back enough generations. So, coming out of Africa, now, as a Real Life Person in The Present is supposed to have no significance. What does someone from Cameroon know about Africa, that someone from Alaska doesn't? Both people come out of Africa, if you just think about it, for long enough.

And maybe that really is true. Maybe Bitcoin will eventually end all vice and crimes, save the planet, and we will all just hold hands and sing kumbaya all day, while waiting for the Singularity to upload us to Satoshi.

Bitcoin envelope budgeting

Or maybe it's not. Maybe it's just a really hard, digital money that incentivizes savings, functions as a reliable measure, and makes micropayments possible on a global scale. Those really are things that will help the poors, including myself. I can see it, already, when trying to organize pre-paid meetups or figure out what to do with our household's meager savings, when the stock market is looking particularly bubblicious.

But this is what I would consider Boring Bitcoin. Bitcoin home economics. Penny-pinching Bitcoin. Bitcoin for homemakers. How to use the Bitcoin envelope budgeting system to beat inflation by a margin of 13%.

The actual use of Bitcoin as money, rather than as a mere investment gamble or hype machine. That's the part of Bitcoin that nobody seems to really talk about because it's incredibly practical, dull, and useful, and it can only be tested by -- Oh, the horror! -- actually spending Bitcoin.

But... perhaps I will begin talking about it. Perhaps those of us, Bitcoiners, who are having fun staying poor, while stacking sats, should speak up a bit more. Perhaps the boring stuff is actually the interesting stuff. Perhaps there is more to say about Bitcoin, than can fit into a meme.

@ 460c25e6:ef85065c

NIPs (Nostr Implementation Possibilities) are technical specifications that Nostr developers create to define how specific event types and tags are used. These can be written before or after the feature is implemented and often go through multiple revisions before becoming stable enough to matter. Once two or more clients fully implement the proposal, it is merged into the main repository. This process ensures that while new ideas are encouraged, they are also rigorously reviewed and tested.

There are generally two paths for NIPs: 1. New Ideas, when developers just have a hunch on a new solution and want to quickly write something up to gather feedback from the community. These are my favorite NIPs because they generally introduce a new way of thinking about a problem we are all having. And because they are not just a general solution, but a specific proposal, it allows us to see the entire picture in just a few paragraphs. Even though they are my favorite, they are quite "green" and usually spur 2-3 separate solutions in following PRs by different authors. 2. Existing implementations that need to explain what they are doing. These happen when a client is already running the code in production and simply wants to explain to the rest of the community how to generate and interpret the events the client is creating. These NIPs start much more stable than the former and allow for fewer changes, but because there is already an implementation available, it's a market-tested solution that might just need a few adjustments before others start implementing it.

Well-written specs ensure clarity, reduce ambiguity, and help developers implement the proposal consistently. The text should be VERY short, precise, prescriptive, and actionable by other devs. Start by introducing the new kind or tag in the first sentence and jump straight into a mockup of how the event looks like. The mockup should be self-explanatory and provide clues to what the remaining of the document will talk about. Some folks like to add long/verbose introductions, conclusions, and discussions of the reasons why the NIP is needed or why certain features are there. But those are largely unnecessary and are more appropriate to be placed in the body of the Pull Request descriptor.

Start your NIP with the following template:

``` NIP- ======