Hello and good morning,a critical vulnerability in the Matrix IRC bridge has been patched, deployed, and disclosed (see https://matrix.org/blog/2022/05/04/0-34-0-security-release-for-matrix-appservice-irc-high-severity for details) and we will shortly be disconnecting all affected third party Matrix bridges we can find in the interest of protecting their users.
Original toot by Matrix folk:
thanks for the cooperation and stay safe out there, folk
If you enjoy the Bitcoin, Explained podcast, you may want to check out my new book! It covers softfork activation mechanisms, what's cool about SegWit and Taproot, how nodes bootstrap to the network and find their peers, what an address really is, how AssumeUTXO can make initial block download suck less, how UtreeXO could compress the entire UTXO set into a kilobyte of merkle forest, how Guix makes reproduceable builds great again, and more.
More details and preview at: https://btcwip.com
Oops, I managed to maroon myself by incorrectly building OpenSSL here. I could still see everyones toots, post things and reply. But afaik nobody go to see any of it.
Until I actually paid attention to the Sidekiq errors: "OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) "
@kalle Github desktop, with whitespace ignored, does a descent job too.
This single commit:
* limits script size to 20.000, stack to 1000
* returns false if an exception is thrown (rather than crash?)
* adds the OP_NOP future softfork codes
* disables OP_VER((NOT)IF)
* adds a failure case to OP_VERIFY, OP_CHECKSIGVERIFY, OP_RSHIFT
* makes OP_RETURN stop processing
Those last 3 sound like vulnerability fixes, especially OP_RETURN.
* enforces nMaxNumSize
* prevents OP_(L/R)SHIFT overflow
Looking for the code fix for this bug (CVE-2010-5141), but can't find version 0.3.5 which is stated to be the version with the fix.
What commit represents 0.3.5?
There's no tag for it, nor are there any traces of that version in the history of setup.nsi or serialize.h.
Pro tip: don't upgrade to Ubuntu 22.04 if you're running a Mastodon instance.
But if you do, you may need this incantation to get OpenSSL 1.1.1 and Ruby 3.0.4 to work: https://github.com/mastodon/mastodon/pull/17798#issuecomment-1107648097
Official #Mastodon apps now available for iOS and Android ✨
🇬🇧A draft EU Parliament report published today would ban anonymous payments and donations in #cryptocurrencies such as #Bitcoin & #Ethereum. The stated aim to tackle money laundering and terrorism is only a pretext to gain more control over personal data.
Here's my post (it's also linked in the article): https://sprovoost.nl/2017/07/22/historical-bitcoin-core-client-performance-c5f16e1f8ccb/
Great writeup by @lopp who picked up where I left off in 2017: https://blog.lopp.net/running-bitcoin-core-v0-7-and-earlier/
As much as I hate RT, it's important to take notice here: removing apps from app stores is now standard procedure in war.
I haven't seen removal from phones yet.
Censorship is a normal part of war, even in democracies, but it's useful to be aware of how that translates to modern times.
TIL Putin ended the Russian - Netherlands tax treaty per 1-1-2022. In retrospect that was a more obvious red flag for a sanctions-worthy move coming soon. It removed much of the incentive of oligarchs to park their stolen money in our little tax paradise.
Or maybe it was unrelated, who knows...
Russian Orthodox Church in Harbin and it's ice sculpture cousin. And Psy, to give a sense of when this was 🙂
In light of:
1. Putin's recently stated desire to restore the former Russian Empire; and
2. China's endorsement of his actions: "The position of the Chinese government is that we believe that sanctions have never been a fundamental and effective way to solve problems" (rather hilarious in context of Chinese sanctions against e.g. Lithuania and Australia for not sufficiently sucking up to Xi)
This video should be relevant again, when Putin tries to take back Manchuria:
Bund.de is the official German government portal for doing government-related paperwork online.
They have now created their own Mastodon instance at social.bund.de which contains some official accounts. You can find them on the instance's directory page:
➡️ https://social.bund.de/explore (in German)
This is a really promising sign! The Fediverse can allow citizens to interact with public officials without having to give away personal data.
And then he retweets this asinine thread, in which an AWS engineer claims that "Computationally cheap cryptographic currencies with privacy are actually a solved problem."
He then points to Chaumian E-cash (which did not solve the double-spend problem for fucks sake) and digs even deeper by referring to zero knowledge systems, without pointing out that every current efficient design is either a trusted setup or too experimental cryptography for money.