RT @AndrewYang: Obama says call-out culture is excessive, good people have flaws and the world is full of ambiguities. Also says that real…
Replying to @johnsBeharry, @VitalikButerin and @BlockchainComns
We are still polishing and refactoring the slip39 c-library for a better submodule repo architecture before getting more formal security review. If you’d like to take a look it is at https://GitHub.com/BlockchainCommons/sss - take a look at the issues and PRs. We’d love to see some PGP tooling.
Replying to @crypto_bovine and @johnsBeharry
It isn’t generated by an AI, it is a hardware random number private key expressed as an iambic pentameter poem.
Replying to @fencedforest
Improviser?
RT @EFF: Have you been looking for any easy way to explain the harms of face recognition to friends and family? This video should be your f…
Replying to @ErrataRob
I believe that one of the best ways to learn bitcoin is to learn the cli of bitcoind, and start creating some simple shell scripts to use it. My “Learning Bitcoin from the Command Line” is a start: https://github.com/ChristopherA/Learning-Bitcoin-from-the-Command-Line (seeking sponsors so we can update for lightning & more!)
@gitfoxapp Does GitFox you have a short time-limited demo? I’m trying to decide if I should purchase Gitfox or Pullwalla which has a monthly subscription.
RT @FullyNoded: Excited to announce a new project called “StandUp”, thanks to @ChristopherA and @BlockchainComns! The app installs/configur…
You’d not think that Spain, as an EU member, would have this in common with China. Both are suppressing political dissent by citizens. Spain does this due to optics of citizen power, not because of problems with #SelfSovereignIdentity #SSI architecture. Rest of EU should object. https://twitter.com/ferranrego/status/1191669031918587904
New #RWOT9 paper has gone final “Reputation Interpretation” led by @RebeccaRachmany with @artbrock @IdentityWoman & @JakubLanc “This paper explores how to take a reputation trust graph with multiple characteristics and create actionable output.” https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/final-documents/reputation-interpretation.md
New project #BitcoinStandup from @BlockchainComns: Tools, Best Practices & Standards to Standup a Bitcoin-Core full node on a fresh computer or VPS. Initially for macOS, soon Linux, Linode, and other VPS (useful for wallet-less full nodes). https://github.com/BlockchainCommons/Bitcoin-Standup
Replying to @BlockchainComns
Of particular interest to hardware vendors offering dedicated bitcoin services is a proposal for a QR code/URI that allows a cell phone to securely connect to the full-node. Useful for self-sovereignty on mobile. Currently proof of concept is from @nodl_it to @FullyNoded on iOS.
RT @ChristopherA: @BlockchainComns Of particular interest to hardware vendors offering dedicated bitcoin services is a proposal for a QR co…
Replying to @BlockchainComns, @nodl_it and @FullyNoded
We are still in early stages of this project, installing Tor and Bitcoin-QT and doing some basic security hardening for macOS. We also have in-progress a Linode StackScript that builds a wallet-less full node on a VPS. Issues and PRs are welcome!
Replying to @BlockchainComns, @nodl_it and @FullyNoded
If you are interested in supporting this and @BlockchainComns projects such as #SmartCustody, #SocialKeyRecovery, etc. you can become a patron using Bitcoin at https://btcpay.blockchaincommons.com/ or with fiat via monthly Github sponsorship https://github.com/sponsors/ChristopherA/ (or click 💖 in repository).
The Kademilia DHT (Maymounkov & David Mazières 2002) as implemented in Mainline DHT (Bittorrent 2005) have offered us over almost 15 years of experience. IPFS 5+ years. What are some other newer DHT proposals that don’t use finality blockchain tech, that can offer more privacy?
Replying to @dantrevino
You do need someone to pin your data, but it doesn’t need to be centralized.
Replying to @LadleLoaded, @FullyNoded and @maxtannahill
Blockchain Commons has been seeking funding to have a parallel code base to the Swift iOS approach of @FullyNoded to work with #BitcoinStandup. Also there are some proposals to have a version that leverages @htcexodus TrustZone.
We also need this to be open to truly rely on these much needed chips. @htcexodus, can you lobby for it? “There are some parts of the OpenTitan design that won’t be public…all related to the actual physical fabrication of chips in a factory” https://www.wired.com/story/open-titan-open-source-secure-enclave
RT @boscolochris: I agree with @ChristopherA this needs to be truly open!
An open, hardware-based, secure root of trust will make day-to-d…
For convenience, I’ve merged @n1ckler’s PR to #BitcoinCore’s secp256k1 library which supports #BIPSchnorr x-only pubkeys. For experimental purposes only, but it allow us to leverage git submodules to begin to create some simple Schnorr signing tools. https://github.com/BlockchainCommons/secp256k1-schnorrsig https://twitter.com/Blockstream/status/1192106399528112128
“BSD-2-Clause Plus Patent license has gone largely unnoticed by developers…approved by the Free Software Foundation as “GPLv2-compatible”…approved by the Open Source Initiative as “open source”…Blue Oak Council…sole gold-rated license” —@kemitchell https://writing.kemitchell.com/2019/11/07/BSD-Patents.html
The First W3C Public Working Public Draft of the Decentralized Identifiers (DIDs) v1.0 specification now out, using a persistent URL & triggers the beginning of a patent disclosure regime. An important step on the way to becoming an international standard! https://www.w3.org/TR/did-core/
RT @veorq: This should’ve been a Real-World Crypto talk, because this is real-world crypto: the non-glamorous, non-paper-worthy, painful…
RT @TuurDemeester: 1/ The main thesis of “The Bitcoin Reformation” is that there are four fundamental parallels between the Protestant Refo…
Replying to @kimdhamilton, @JoeAndrieu and @cycryptr
🤔 it also demonstrates why we are such a good team—very diverse thinking styles! Thank you for being such a great co-chair!
Replying to @P01ndexter and @HillebrandMax
As a peer-to-peer email protocol I agree that PGP has not had much uptake. However, as a developer tool for signing git commits and for signing release, distribution files, etc. it is broadly used. I think we can do better than this, thus 9+ #RebootingWebOfTrust workshops & #DIDs
Replying to @P01ndexter and @HillebrandMax
See also “PGP Paradigm”, a post-mortem by the two of the authors of #PGP from the first #RebootingWebOfTrust. It has helped inform many of our architectural choices in the last few years toward #DIDs. https://github.com/WebOfTrustInfo/rwot1-sf/blob/master/topics-and-advance-readings/PGP-Paradigm.pdf
Replying to @HillebrandMax, @P01ndexter and @thefrankbraun
I like @thefrankbraun ideas on #codechain, but it still has a root of trust in a DNS record which the #RWOT community is not a big fan of. Others in the community are looking at did:git https://github.com/dhuseby/did-git-spec/blob/master/did-git-spec.md and did:peer https://openssi.github.io/peer-did-method-spec/index.html for P2P blockchain-less #DIDs.
Replying to @boscolochris
As far as I know group has nothing to do with W3C Decentralized Identifier (DIDs).
Replying to @rusty_twit
Though you are in jest, the odd truth is that at 13 or so people you’ll likely have a Judas in the community. It is an nadir between our ape-brain intuitive trust skills & our more intellectually evolved social trust skills. I call this the Judas Number: http://www.lifewithalacrity.com/2008/09/group-threshold.html
Agreed. I have a lot of respect for Ev and his team, but a medium-sized silo is still a silo. Medium began to loose m me when I could not use my own domain, and lost me more with what should be open content (as the author was not paid) behind pay walls. https://twitter.com/Pinboard/status/1193235201108758528
Our latest @BlockchainComns #BitcoinStandup demo shows install of Bitcoin-Core, Tor, etc. on macOS, followed by secure connection of that full-node to the iOS app @FullyNoded. No SPV or Neutrino light client, instead a fully self-sovereign mobile wallet! https://youtu.be/3UoGAQFu-X8
We are will be working on similar installers for other platforms and virtual machines cloud services. Though I’d not leave serious coin in the cloud myself (maybe a few days in a Lightning node) there is a place for a pruned node there for confirmation while your keys are local.
I’m writing a serious stdio command line tool from scratch for the first time in a over a decade. Best practices have evolved: more secure i/o, named parameters, JSON output, etc. Are there any newer templates or great examples of generic shell tool code in C or C++ out there?
Replying to @CarstenBKK
Any particular good example of a domain-specifical language using JSON in a shell app? Also, is there a JSON or JSON-RPC library you like? I learned when I did my Bitcoin CLI course that the combo of named parameters & the shell app JQ was quite powerful. https://github.com/stedolan/jq/
I’ve become a big fan of the MacBook 13” Mid 2012 as my travel burner & Bitcoin dev machine. It runs latest Catalina macOS 10.15, has faster USB 3.0 & Firewire v1 for display & faster drives. For security projects it works great with Qubes, Tails 4.0 & the wifi card is removable.
This Apple laptop is around $200 on Ebay, but I recommend the 8GB RAM & 512GB SSD version so it can hold a Bitcoin full-node. It is relatively easy to repair, upgradable to 1TB SSD & you can replace battery. It still has the escape key, has an SD slot for PSBT transactions. 👍
Replying to @ChrisBlec
Tails WiFi works only on a few MacBook Air models—this is one of them (tried few other models to find out). Tails 4.0 also lets me use Firewire v1 to a larger screen & external drives. You can install Debian or Qubes if you temporarily remove Wifi card & use an ethernet dongle.
Replying to @hodlwave and @JWWeatherman_
The problem with Glacier is even a number of the Bitcoin-Core devs who reviewed the code still haven’t implemented it themselves (or even something remotely comparable), much less sophisticated non-Core engineers or technologically-savvy HODL’ers. Thus projects like #SmartCustody
Replying to @JWWeatherman_ and @hodlwave
I’m still not sure about NATO words. There are better schemes possible. Even if we just replace BIP39 words with a better word list would help. For instance, my own word list removes homonyms, commonly mispronounced words, and maximizes hamming distance. More can be done.
Replying to @djkinkle
2016 in the MacBook Pro when the Touch Bar, Fingerprint TPM, etc. were launched. But Apple ships some MacBook Air models with the old style ESC & FN-key keyboard AND the Fingerprint TPM without the Touch Bar. https://www.popularmechanics.com/technology/gadgets/a23550/new-macbooks-dump-escape-key/
Replying to @NTechlibre and @JWWeatherman_
I’d like to ultimately see a larger community align/review some of the install defaults, settings, TOR, and minimal hardening between this project, Bitcoin Standup, and anything else that installs bitcoin via script. cc: @FullyNoded https://github.com/BlockchainCommons/Bitcoin-Standup
Replying to @hodlwave and @JWWeatherman_
Spread the word! If you have a significant amount of Bitcoin (~5% of net worth) the 2 hours and a couple of hundred dollars is worth it. And if you have ideas on how to improve, PRs are accepted. Hoping we can be an evolving general repository on protecting your digital assets.
Part of the point of a burner laptop is to not mind loosing it. In general leave it turned off so the drives remain encrypted, and if asked to open it either refuse and leave laptop behind, or have a deniability unencrypted boot partition with minimal OS as the default.
Also, I leave a USB drive at home that I use delete & reinstall my system on return, in case of virus or “evil maid” attack. There is also a “Kondo-like” zen quality to a burner laptop — just the essentials, showing you how little you really need.
I’m not being paranoid nor am I particularly fearful. I personally never been cyber-attacked <knocks wood>. However, there are those I advise that have been attacked, and the better I understand how to advise them about 80/20 best practices, the better.
Replying to @JWWeatherman_ and @hodlwave
We also specifically removed words that were commonly mispronounced by non-native speakers. Maximizing hamming distance means typing fewer letters.
Replying to @larrysalibra and @exiledsurfer
It depends on what work you do while traveling. The MacBook Air can be slow sometimes (but do I really need all those tabs open?) Most of the time my big limit is bandwidth, not CPU. Occasionally recompiling some code is painful. But again, there is a Kondo-esque quality.
One thing I’m still puzzling on is setting my travel/burner Yubikey MFA device (remember SMS is a bad idea!). I want to enable it to also requiring a PIN with OAuth/WebAuthN but it often breaks. A work-in-progress.
Replying to @MarkFriedenbach
Agreed that firmware corruption is hard to undo. For me it is the 80/20 rule — better some than none. Nothing I actually do needs that level of secrecy or concern, but I’m likely one-degree from a number of human-rights activists that are at greater risk than I. Herd immunity!
Replying to @KISBitcoin and @JustinMoon
You do have to temporarily physically remove the WiFi card, but Qubes booted and appeared to be fully functional (sound, video, internet). Supposedly you can install Broadcom WiFi device drivers, but I don’t currently have it on my machine—puzzling through multi-OS boot loaders.
Replying to @MarkFriedenbach
I vaguely recall that @TheBlueMatt at some point modified his MacBook’s firmware. Not sure how easy it is to backup and restore firmware on older Macs. I do know more modern machines have a TPM to prevent firmware attacks. My burner laptop does not have that.
Replying to @jiceman and @ChrisBlec
The MacBook Air is just so small it is great for travel. I’ve only tested the Air for all of these use cases, in particular I went through 3 other Air models that didn’t work in some way with Linux-based systems like Tails & Qubes. Comparable era MacBook Pros should work.
RT @stefanwouldgo: Ideas like this are why I love the Lightning community so much. Like in ETH, people try many crazy things. But unlike ET…
Replying to @Transisto1
The Yubikey by default only required a touch to activate. So if it is also stolen it can be used. Setting a PIN on it requires an additional confirmation of your presence with the key. This is configurable on all but the cheapest Yubikey but complicated & seems to break some apps
RT @Leishman: Here is the reading list for tonight’s meetup if you haven’t seen it already: https://www.sfbitcoindevs.org/socratic/2019/11/11/socratic-16.html
“I think we are seeing more and more problems that aren’t exactly confined by geography…the root as to why our institutions seem to be failing us. Markets are globally connected and people do so much online. Institutions also struggle across trust boundaries.”—@moskovich https://twitter.com/moskovich/status/1194139040418652163
For me one of the most important things about the #Wyoming Legislative Blockchain Task Force has been their efforts to codify what the real requirements of what qualified custodianship of digital assets should be. Few are up to this standard. Worthy! https://drive.google.com/file/d/1U7gIrVwpWElz3C10bC92-33zAKQnS-8E/view https://twitter.com/CaitlinLong_/status/1194022779730968577
Section V is particularly interesting as it defines customer-centric views of what a fiduciary should do in case of various kinds of forks & airdrops. As far as I know this has never been defined before as traditional assets do not have this property (splits are not the same).
RT @ChristopherA: Section V is particularly interesting as it defines customer-centric views of what a fiduciary should do in case of vario…
S8r1…“A bank shall provide the independent public accountant with all public data addresses used and shall sign the addresses. A hash of the most recent block of an agreed- upon blockchain at the time of signature shall be included in the signed message in order to serve as…
…a timestamp for when the signature was made. The signatures of those public addresses shall be verified by the accountant. The accountant shall use the blockchain to extract the total amount available at those addresses at a certain point in time”
S8riii: “A bank shall provide the digital asset balances of each customer to the accountant and generate a Merkle tree, or in the determination of the Commissioner, any substantially similar analogue.“
S9c: “A bank shall utilize at least three officers or employees to perform the process of creating entropy in the creation and production of the seed, with no single person ever possessing the entirety of the seed or backup mnemonic word phrase. When a single seed is…
…produced for a signatory, the signatory shall not be involved in the production of the public and private keys. None of the seed creators shall be permitted to participate in the act of cryptographically signing or have access to the systems that facilitate transaction.”
We (@BlockchainComns) are interesting in writing up technical systems requirements report for implementation of these new #Wyoming standards, done by some who have implemented a qualified custodian system before. Contact us if interested in sponsoring, or https://btcpay.blockchaincommons.com
RT @ChristopherA: S8r1…“A bank shall provide the independent public accountant with all public data addresses used and shall sign the addre…
RT @ChristopherA: S9c: “A bank shall utilize at least three officers or employees to perform the process of creating entropy in the creatio…
RT @ChristopherA: We (@BlockchainComns) are interesting in writing up technical systems requirements report for implementation of these new…
See our existing work on #SmartCustody for personal digital asset custodianship best practices. Free PDF v1.01 2019-09-16: http://bit.ly/SmartCustodyBookV101
At-cost POD (print-on-demand) $13.50 from Lulu #SmartCustody by Christopher Allen (Paperback) - Lulu: http://bit.ly/SmartCustodyBookViaLulu
Replying to @1stCrassCitizen, @BlockchainComns and @pavlenex
I’ll look into adding Lightning support to our BTCPay server tomorrow.
I remember being impressed when @jeriellsworth shared her first homemade transistor back in 2010: https://hackaday.com/2010/03/10/jeri-makes-integrated-circuits/ The homemade IC movement has made some progress since. Still a ways to go before we have a basic CPU — but there is hope! https://twitter.com/szeloof/status/988589833974140929
Replying to @jeriellsworth
Here is the original @jeriellsworth video of her homemade transistor amplifier. @kimdhamilton maybe you and @funcOfJoe can learn to make one at home ;-> https://vimeo.com/2423528
This is interesting – this is the first HSM that I’ve seen that advertising support for Bitcoin’s secp256k1. Most every true HSM only support NIST’s ECDSA secp256r1 which our community does not trust. I’ll have to study datasheet to see if this is truly doing k1 signing on HSM. https://twitter.com/nitrokey/status/1106579388236267521
I’m a bit confused as the @Nitrokey spec only of the stm32f103r8 chip, which doesn’t seem to be a tamper-resistant chip and thus not truly an HSM. Am I missing something? https://www.st.com/resource/en/datasheet/stm32f103r8.pdf
RT @CaitlinLong_: .@ChristopherA your help along the way has been invaluable! 🙏Anyone who reads the technical parts of #Wyoming’s #digitala…
RT @bascule: @ChristopherA @BrendanEich YubiHSM2 supports secp256k1. If you use my Rust driver (yubihsm-rs), it will low-s normalize the si…
Replying to @bascule and @BrendanEich
Link!
Replying to @real_or_random
I stand by my statement. Most cryptographers and cryptographic protocol designers that I have spoken to are suspicious that the NIST random curve may have some “known-to-only-NSA” quality, as they were doing things like at at the time. Thus the move to safer curves.
This decision should not have been needed — the US Constitution’s 4th Amendment (part of the what is known as the US Bill of Rights) is clear about “unreasonable searches and seizures” & “probable cause”. Crossing a border is not probable cause. Still keeping my burner laptop! https://twitter.com/ACLU/status/1194350173180383233
Replying to @real_or_random and @MarkFriedenbach
I do think there is a good chance it is random. I become CTO of Certicom after these decisions were made. However, I’ve never been satisfied when I tried to find out more from former colleagues years later, and Certicom did have a financial relationship with the NSA. Don’t know.
“The Court declares that the CBP and ICE policies for “basic” and “advanced” searches, as presently defined…and that the non-cursory searches and/or seizures of Plaintiffs’ electronic devices, without such reasonable suspicion, violated the Fourth Amendment.”
RT @ChristopherA: “The Court declares that the CBP and ICE policies for “basic” and “advanced” searches, as presently defined…and that the…
Replying to @oleganza
I’ve experimented with a number of conference formats. Yours comes closest to lightning/petcha kucha, but with a white board. The problem is that 10m often is too little. Best I have seen of these was Lightning afternoon, then vote & best got one hour long spot the next day.
Replying to @oleganza
Many non-academics have never seen poster talks — they are also a very interesting conference form. The design shop format we use at #RebootingWebOfTrust is also pretty good. https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/topics-and-advance-readings/rwot-primer.md
Replying to @PeterMcCormack
I’m hoping with our new #BitcoinStandup project and our existing #SmartCustody work we can create some intermediate steps to bridge the between the two. How hast we can do this depends on patronage. https://twitter.com/christophera/status/1193944050027511820?s=21
👍“Caravan is a stateless, open-source, and flexible multisig coordinator that integrates with your hardware or software keys and your bitcoin node or a block explorer. Caravan makes it easy to build and spend from multisig addresses” https://twitter.com/unchainedcom/status/1194631475146084357
I’m at #GitHubUniverse today. Like #WWDC the best thing is not the sessions but going to labs & talking directly to the @GitHub engineers and product managers. https://twitter.com/github/status/1194680858051039233
I’m already set up as a @GitHub sponsor personally https://GitHub.com/sponsors/ChristopherA (support my personal efforts) but I’m working on getting approvals for @RWoTEvents @ @BlockchainComns sponsorship tools.
RT @ChristopherA: I’m already set up as a @GitHub sponsor personally https://GitHub.com/sponsors/ChristopherA (support my personal efforts) but I’m working…
Here is more information on the @github sponsors program. I’ve enjoyed taking to their team and looking forward to discussing their future roadmap tomorrow. Clearly interesting ideas on sustaining financially open source inspired by @nayafia’s time here. https://twitter.com/github/status/1194678082554257411?s=21
I spent some time in the GitHub Actions lab trying to improve code security through various GPG provenance & code testing tools. Coolest thing I learned is that you can get a GPG key by appending .gpg to a user’s home page. No more keyserver! Here is mine: https://GitHub.com/ChristopherA.gpg
RT @ChristopherA: Here is more information on the @github sponsors program. I’ve enjoyed taking to their team and looking forward to discus…
RT @ChristopherA: I spent some time in the GitHub Actions lab trying to improve code security through various GPG provenance & code testing…
I really appreciate candid developer post-mortems 🥳 The real problem to overcome in sybil-resistant identity systems is bootstrapping the network effect. “Apparently system is actually resistant towards spammers but it isn’t able to survive with people just not using it.” https://twitter.com/defiprime/status/1194349682710859779
Replying to @HeyRhett and @github
Thank you!
.@MattLeacock’s original Pandemic, and the newer epic game Pandemic Legacy, I consider among the best board game designs in the 21st Century to date. Both are cooperative game designs which I find particularly appealing. I’m looking forward to watching the documentary. https://twitter.com/mattleacock/status/1194690224799940608
Agreed! “While appearing to march under the banner of self-sovereign or “decentralized identity,” several aspects of the press release and the DID Alliance website are strikingly opposed to the very essence of what decentralized identity is all about.” https://twitter.com/evernym/status/1194073333974757376
Replying to @brucefenton
If Mac, start with http://GitHub.com/mikemcquaid/Strap — will set security basics and minimal development system allowing for secure app install (like bitcoin-core). Our Bitcoin Standup app requires Strap to be run first.
Replying to @robep00 and @brucefenton
I actually run macOS Catalina in a VM on my macOS Catalina laptop (along with lots of other VMs, though I really detest Docker). But unfortunately you still need dev tools on the main macOS device to secure it. You can’t use the stock distribution. Strap is very nice for this.
A challenge to us in the Verifiable Credentials & DID community is that we have been addressing the problem of claims about identity OF people, but what many people want is verifiable claims BY people. I like this paper but there are name space collisions: https://medium.com/@aitheric/web-of-trust-a-taxonomy-for-claims-d136ae6f2ee3
This paper is by @aitherick, and there is nothing wrong with it, but shared language created in the DID/VC community often collide with terms used. And the DID/VC community solution space with its precise data schema & formats is often at odds with claims about arbitrary data.
How do bridge this when we are not yet done with safe decentralized identity? Needed as many of the people who want to make these more arbitrary verifiable claims (journalist, activists) need that protection? And the rathole of solving reputation rears its ugly head in both.
Replying to @pavolrusnak and @BTCSocialist
I have some much better word lists than BIP39 to offer, as well as tools to make better word lists. The SLIP39 wordlist also used some of these techniques: https://github.com/ChristopherA/iambic-mnemonic/tree/master/word-lists & https://github.com/ChristopherA/password_poem
Replying to @davidstrayhorn
Right now I’m troubled by W3C schemas. So far in my #RWOT POCs they’ve been a headache. Until there is a service that given arbitrary JSON and a whitelist of existing common schemas, and then can make recommendations and then build a new local schema, I have my doubts.
RT @FullyNoded: Want your nodes hidden service to be as secure as possible? Want to easily authenticate using the latest much improved…
Replying to @BTCSocialist and @pavolrusnak
What does it matter if they are widely shared? In the end it is your app that converts to geospace. What is important is to have words for people to easy say and easily hear. My set avoids homonyms, common mispronunced words & attempts to maximize hamming distance between words.
Replying to @RachelBBryan, @pavolrusnak and @BTCSocialist
Yes. Those are avoided and more. The lattest EFF dice words also used some of these techniques.
Replying to @BTCSocialist and @pavolrusnak
I still don’t get what the value is of access to words in “near and distant future”? What is the threat you are trying to mitigate? To me the bigger threat is miscommunication of words over cell or radio.
RT @dgwbirch: Actually, requiring Apple to provide open, transparent and non-discriminatory access to the Secure Enclave would be good for…
Replying to @OGHodler, @cryptocoinage and @COLDCARDwallet
Which brand?
Replying to @BTCSocialist, @RachelBBryan and @pavolrusnak
Check out my repos - lots of sources for creating lists there. My focus was memorability so it also has stress & pronunciation (allows for iambic pentameter), concreteness and variance (easier to remember) along with the exclusions lists.
Replying to @fiatjaf, @BTCSocialist, @RachelBBryan and @pavolrusnak
SLIP39 also uses a superior wordlist, and in the long run may replace BIP39. I also don’t get this “infinite wordslists” problem. It is the software than converts the mnemonics that is the limiting factor. SLIP39 like mine avoids words mispronounced by foreigners.
Replying to @RachelBBryan, @fiatjaf, @BTCSocialist and @pavolrusnak
The problem is that you are attributing security & decentralization to the old BIP39 list but the list does not have that property. Only the CODE may have that property if there are multiple interoperable implementations. That may be true for BIP39, but not true for where39.
Replying to @RachelBBryan, @fiatjaf, @BTCSocialist and @pavolrusnak
The list has no cryptographic or security value at all in absence of the BIP39 code, and since the experts in the community felt the capability in a new service (slip39) could be more secure if the list was more easily communicated error free, that was why slip39 changed lists.
Replying to @RachelBBryan, @fiatjaf, @BTCSocialist and @pavolrusnak
It feels like “magical security thinking” has cropped in that there must be some security properties in the original list. But there are not, it was hastily drafted and a number of its creators felt it was released hastily.
Replying to @RachelBBryan, @fiatjaf, @BTCSocialist and @pavolrusnak
Once BIP39 had multiple implementations & broad deployment THEN it was too late. Don’t repeat the mistake. Define your security requirements first & create a new list that meets it. For instance, is your proposal better with more or less words? Anything else is magical thinking.
Replying to @RachelBBryan, @fiatjaf, @BTCSocialist and @pavolrusnak
As an example, here are the details for how a cryptographer commissioned by @EFF created 3 different new word lists with different properties. https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases
Replying to @RachelBBryan, @fiatjaf, @BTCSocialist, @pavolrusnak and @EFF
If you don’t want to do the work to define your security requirements and create a new list, then choose another list that comes close to the rigor and list size you need. But don’t adopt a word list like BIP39 that never had that rigor “just because”.
RT @ChristopherA: @RachelBBryan @fiatjaf @BTCSocialist @pavolrusnak Once BIP39 had multiple implementations & broad deployment THEN it was…
Replying to @IronsparkSyris
Gate Watch: You and your companions are members of the Gate Watch—charged to keep an eye on the border between realms. Every game is different, every world, every Gate unique. Multi-genre, GMless, collaborative, all on 18 poker-sized cards: #indieRPG https://www.dyvershands.com/GateWatch
RT @FullyNoded: Another important update v1.80(8) that should fix a number of small bugs that may have caused a crash. Please give it an up…
When Social Networking Services try to do more than this is when they fail me: “the trick to designing a quality social media platform is to create it in such a way that everyone decides for themselves who to listen to, when, and what for”—@timpastoor https://medium.com/@2W/meditations-on-thinkspot-94114fd62fa2
Replying to @HillebrandMax, @empact and @JustinMoon
I know that I’d like to see more opportunistic coin joins.
RT @TuurDemeester: @unchainedcap @JustinMoon Christopher Allen talking Bitcoin Smart Custody, Self-Sovereign Identity at @unchainedcap in…
Replying to @TuurDemeester, @unchainedcap, @JustinMoon and @BlockchainComns
Transcript: https://twitter.com/kanzure/status/1196947713658626048
Replying to @TuurDemeester, @unchainedcap, @JustinMoon and @BlockchainComns
Free #SmartCustody PDF v1.01 2019-09-16: http://bit.ly/SmartCustodyBookV101
At-cost POD (print-on-demand) $13.50 from Lulu #SmartCustody by Christopher Allen (Paperback) - Lulu: http://bit.ly/SmartCustodyBookViaLulu
Financially support updates to the next edition: #SmartCustody! http://bit.ly/SupportSmartCustody
Replying to @TuurDemeester, @unchainedcap, @JustinMoon and @BlockchainComns
Accidental artwork by @TuurDemeester created during Austin Bitcoin Dev. Hope he wasn’t too bored by my talk :-)
👍This is quite a cool proposal! This approach leverages http’s 402 “payment required” error using a Lightning native macaroon-based bearer API credential, offering a server assisted atomic swap capability, sybil resistance, application level DoS, and fine grained authentication. https://twitter.com/roasbeef/status/1190098624010522624
There has been some progress on getting funding for this work (creating a tech spec of what is required for a digital asset custodian to meet Wyoming regulations), but we need more support. If this is something you are interested being a Patron of @BlockchainComns, let me know. https://twitter.com/ChristopherA/status/1194151888788176897
I’ll have an opening 1/1 for an 3+ month internship at Blockchain Commons. You don’t need a CS degree, but you do need some programming experience. Also open to radical ideas like an internship for a law grad interested in experience with this side of blockchain and identity law.
Replying to @michael_nielsen
I have a brief article introducing a slightly more up-to-date list of Ostrom’s Eight Principles http://www.lifewithalacrity.com/2015/11/a-revised-ostroms-design-principles-for-collective-governance-of-the-commons-.html
Replying to @JWWeatherman_
Onsite ideal. Bay Area at minimum.
What would you consider to be the best iOS wallet currently?
Replying to @exitcalmly, @1stCrassCitizen and @Blockstream
We are working on better (and easier) processes for this in the BitcoinStandup project https://github.com/BlockchainCommons/Bitcoin-Standup — currently only Mac, but working on more platforms. Also allows for secure v3 tor connection to remote client, such as iOS @FullyNoded
#BitcoinStandup will make it easier for @FullyNoded as well as any other remote that wants a v3 tor secure non-correlatable remote connection back to a full node. A work in progress and Mac-only for now, but more platforms soon. https://github.com/BlockchainCommons/Bitcoin-Standup/
RT @tim_bansemer: 1) Freedom to participate.
2) Freedom of choose on which machine your tx is computed.
3) Freedom to select the beneficiar…
RT @tim_bansemer: 6) Freedom to select the witnesses who confirm your transaction.
7) Freedom to be subject of regulation or not to be regu…
#OpenDevelopment isn’t all about Open Source. It’s also about creating & sharing your best practices of software development so that others can learn from them. It’s about allowing others (including competitors) to incrementally improve on those practices. And listening back. https://twitter.com/jasonfried/status/1198041731754790912
Replying to @NeerajKA
Note that we (@BlockchainComns) have strategically placed a @TorProject exit node at @NYCMesh — this is just one of the blockchain infrastructure efforts that we support. If you are interested in supporting more of these efforts as a patron, see https://btcpay.blockchaincommons.com
RT @ChristopherA: I’ll have an opening 1/1 for an 3+ month internship at Blockchain Commons. You don’t need a CS degree, but you do need so…
Replying to @asglidden
I’m increasingly involved in blockchain and identity law advocacy, both in US (for instance at Wyoming Blockchain Task Force around enabling DAO-like orgs) and outside (various governments interested in laws around privacy and regulations to support self-sovereign identity).
My minisign public key, signed by my minisign public key, signed by my GPG public key, signed by my minisign public key, all committed to https://gist.github.com/ChristopherA/c0fc2ff79fd0a3f223ac3cd409e9f46d signed my GPG key, which you can see is my GitHub GPG key for Github account @ChristopherA at https://github.com/ChristopherA.gpg
RT @bitcoin2020conf: We’re super excited to announce three more awesome Bitcoiners as speakers for Bitcoin 2020!
@DoveyWan, @ChristopherA…
“the reason that borders, quite apart from their use for the staging of populist or authoritarian dramas, have become so important: they’re where it’s legal for the government to capture the information that its bureaucracies covet” https://www.newyorker.com/books/under-review/what-are-borders-for
Replying to @kvakes
I would definitely suggest that take a look at moving toward a Decentralized Identifier (DID) & Verifiable Credential (VC) architecture. There are already some efforts to bring organizational identity to self-sovereign architectures. I did a demo of one for Wyoming in September.
We didn’t include this case study of the online game World of Warcraft in our book on cooperative games, but I found it fascinating to examine it through the lens of the design language we developed for the book. I hope you find it interesting as well! https://twitter.com/MeeplesTogether/status/1199793261662990336
RT @FullyNoded: http://StandUp.sh bringing “one click” bitcoind/tor hidden service setup for FullyNoded to pair with to linux users.…
RT @FullyNoded: Just had another mild religious experience running a script i’ve been working on this week on my Ubuntu machine at home. It…
RT @AndyIbanezK: Does anyone of an icon set or icon provider that has icons that can be used as SF Symbols? I love http://iconapp.io,…
RT @trbouma: Critical use cases for offline credentials
https://drive.google.com/file/d/1aLDsKpzFxqA37Vu-qjE_6tWLwtgMuDG5/view?usp=drivesdk