Show newer

Hello and good morning,a critical vulnerability in the Matrix IRC bridge has been patched, deployed, and disclosed (see matrix.org/blog/2022/05/04/0-3 for details) and we will shortly be disconnecting all affected third party Matrix bridges we can find in the interest of protecting their users.

Original toot by Matrix folk:
mastodon.matrix.org/@matrix/10

thanks for the cooperation and stay safe out there, folk

If you enjoy the Bitcoin, Explained podcast, you may want to check out my new book! It covers softfork activation mechanisms, what's cool about SegWit and Taproot, how nodes bootstrap to the network and find their peers, what an address really is, how AssumeUTXO can make initial block download suck less, how UtreeXO could compress the entire UTXO set into a kilobyte of merkle forest, how Guix makes reproduceable builds great again, and more.

More details and preview at: btcwip.com

Oops, I managed to maroon myself by incorrectly building OpenSSL here. I could still see everyones toots, post things and reply. But afaik nobody go to see any of it.

Until I actually paid attention to the Sidekiq errors: "OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) "

Show thread

Fun fact: when the mobile Mastodon client fails to post something, it loses the entire message.

@kalle Github desktop, with whitespace ignored, does a descent job too.

This single commit:
* limits script size to 20.000, stack to 1000
* returns false if an exception is thrown (rather than crash?)
* adds the OP_NOP future softfork codes
* disables OP_VER((NOT)IF)
* adds a failure case to OP_VERIFY, OP_CHECKSIGVERIFY, OP_RSHIFT
* makes OP_RETURN stop processing

Those last 3 sound like vulnerability fixes, especially OP_RETURN.

* enforces nMaxNumSize
* prevents OP_(L/R)SHIFT overflow

Looking for the code fix for this bug (CVE-2010-5141), but can't find version 0.3.5 which is stated to be the version with the fix.

What commit represents 0.3.5?

There's no tag for it, nor are there any traces of that version in the history of setup.nsi or serialize.h.

en.bitcoin.it/wiki/Common_Vuln

🇬🇧 Partial success for hundreds of thousands who took to the streets with us #pirates in 2019 against error-prone #uploadfilter censorship machines: ECJ severely restricts #uploadfilters. They are not allowed to "block legal content from being uploaded." 🧵

Pro tip: don't upgrade to Ubuntu 22.04 if you're running a Mastodon instance.

But if you do, you may need this incantation to get OpenSSL 1.1.1 and Ruby 3.0.4 to work: github.com/mastodon/mastodon/p

🇬🇧A draft EU Parliament report published today would ban anonymous payments and donations in #cryptocurrencies such as #Bitcoin & #Ethereum. The stated aim to tackle money laundering and terrorism is only a pretext to gain more control over personal data.

patrick-breyer.de/en/digital-c

As much as I hate RT, it's important to take notice here: removing apps from app stores is now standard procedure in war.

I haven't seen removal from phones yet.

Censorship is a normal part of war, even in democracies, but it's useful to be aware of how that translates to modern times.
m.investing.com/news/stock-mar

TIL Putin ended the Russian - Netherlands tax treaty per 1-1-2022. In retrospect that was a more obvious red flag for a sanctions-worthy move coming soon. It removed much of the incentive of oligarchs to park their stolen money in our little tax paradise.

Or maybe it was unrelated, who knows...
pwc.nl/en/insights-and-publica

It's always a good idea to stay on top of security updates for all your devices and servers. These days it's probably an extra good idea.

On the bright side: if Russia uses up their entire stockpile of zero days, we'll all be safer in the long run.

Russian Orthodox Church in Harbin and it's ice sculpture cousin. And Psy, to give a sense of when this was 🙂

Show thread

In light of:
1. Putin's recently stated desire to restore the former Russian Empire; and
2. China's endorsement of his actions: "The position of the Chinese government is that we believe that sanctions have never been a fundamental and effective way to solve problems" (rather hilarious in context of Chinese sanctions against e.g. Lithuania and Australia for not sufficiently sucking up to Xi)

This video should be relevant again, when Putin tries to take back Manchuria:
youtube.com/watch?v=TBGsRmRjuH

Bund.de is the official German government portal for doing government-related paperwork online.

They have now created their own Mastodon instance at social.bund.de which contains some official accounts. You can find them on the instance's directory page:

➡️ social.bund.de/explore (in German)

This is a really promising sign! The Fediverse can allow citizens to interact with public officials without having to give away personal data.

#BundDe #Germany #Deutschland #Deutsch #Government

And then he retweets this asinine thread, in which an AWS engineer claims that "Computationally cheap cryptographic currencies with privacy are actually a solved problem."

He then points to Chaumian E-cash (which did not solve the double-spend problem for fucks sake) and digs even deeper by referring to zero knowledge systems, without pointing out that every current efficient design is either a trusted setup or too experimental cryptography for money.
twitter.com/colmmacc/status/14

Show thread
Show older
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!