RT @AndrewYang: Obama says call-out culture is excessive, good people have flaws and the world is full of ambiguities. Also says that real…

Fri Nov 01 07:28:06 +0000 2019

Replying to @johnsBeharry, @VitalikButerin and @BlockchainComns

We are still polishing and refactoring the slip39 c-library for a better submodule repo architecture before getting more formal security review. If you’d like to take a look it is at https://GitHub.com/BlockchainCommons/sss - take a look at the issues and PRs. We’d love to see some PGP tooling.

Fri Nov 01 18:38:28 +0000 2019

Replying to @crypto_bovine and @johnsBeharry

It isn’t generated by an AI, it is a hardware random number private key expressed as an iambic pentameter poem.

Fri Nov 01 18:40:40 +0000 2019

Replying to @fencedforest


Sun Nov 03 17:55:12 +0000 2019

RT @EFF: Have you been looking for any easy way to explain the harms of face recognition to friends and family? This video should be your f…

Mon Nov 04 17:30:31 +0000 2019

Replying to @ErrataRob

I believe that one of the best ways to learn bitcoin is to learn the cli of bitcoind, and start creating some simple shell scripts to use it. My “Learning Bitcoin from the Command Line” is a start: https://github.com/ChristopherA/Learning-Bitcoin-from-the-Command-Line (seeking sponsors so we can update for lightning & more!)

Mon Nov 04 18:22:47 +0000 2019

@gitfoxapp Does GitFox you have a short time-limited demo? I’m trying to decide if I should purchase Gitfox or Pullwalla which has a monthly subscription.

Wed Nov 06 07:01:49 +0000 2019

RT @FullyNoded: Excited to announce a new project called “StandUp”, thanks to @ChristopherA and @BlockchainComns! The app installs/configur…

Wed Nov 06 17:09:26 +0000 2019

You’d not think that Spain, as an EU member, would have this in common with China. Both are suppressing political dissent by citizens. Spain does this due to optics of citizen power, not because of problems with #SelfSovereignIdentity #SSI architecture. Rest of EU should object. https://twitter.com/ferranrego/status/1191669031918587904

Wed Nov 06 17:36:29 +0000 2019

New #RWOT9 paper has gone final “Reputation Interpretation” led by @RebeccaRachmany with @artbrock @IdentityWoman & @JakubLanc “This paper explores how to take a reputation trust graph with multiple characteristics and create actionable output.” https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/final-documents/reputation-interpretation.md

Wed Nov 06 19:44:20 +0000 2019

New project #BitcoinStandup from @BlockchainComns: Tools, Best Practices & Standards to Standup a Bitcoin-Core full node on a fresh computer or VPS. Initially for macOS, soon Linux, Linode, and other VPS (useful for wallet-less full nodes). https://github.com/BlockchainCommons/Bitcoin-Standup

Wed Nov 06 20:41:41 +0000 2019

Replying to @BlockchainComns

Of particular interest to hardware vendors offering dedicated bitcoin services is a proposal for a QR code/URI that allows a cell phone to securely connect to the full-node. Useful for self-sovereignty on mobile. Currently proof of concept is from @nodl_it to @FullyNoded on iOS.

Wed Nov 06 20:52:23 +0000 2019

RT @ChristopherA: @BlockchainComns Of particular interest to hardware vendors offering dedicated bitcoin services is a proposal for a QR co…

Wed Nov 06 20:52:29 +0000 2019

Replying to @BlockchainComns, @nodl_it and @FullyNoded

We are still in early stages of this project, installing Tor and Bitcoin-QT and doing some basic security hardening for macOS. We also have in-progress a Linode StackScript that builds a wallet-less full node on a VPS. Issues and PRs are welcome!

Wed Nov 06 20:55:47 +0000 2019

Replying to @BlockchainComns, @nodl_it and @FullyNoded

If you are interested in supporting this and @BlockchainComns projects such as #SmartCustody, #SocialKeyRecovery, etc. you can become a patron using Bitcoin at https://btcpay.blockchaincommons.com/ or with fiat via monthly Github sponsorship https://github.com/sponsors/ChristopherA/ (or click 💖 in repository).

Wed Nov 06 21:00:55 +0000 2019

The Kademilia DHT (Maymounkov & David Mazières 2002) as implemented in Mainline DHT (Bittorrent 2005) have offered us over almost 15 years of experience. IPFS 5+ years. What are some other newer DHT proposals that don’t use finality blockchain tech, that can offer more privacy?

Wed Nov 06 22:46:55 +0000 2019

Replying to @dantrevino

You do need someone to pin your data, but it doesn’t need to be centralized.

Thu Nov 07 06:54:09 +0000 2019

Replying to @LadleLoaded, @FullyNoded and @maxtannahill

Blockchain Commons has been seeking funding to have a parallel code base to the Swift iOS approach of @FullyNoded to work with #BitcoinStandup. Also there are some proposals to have a version that leverages @htcexodus TrustZone.

Thu Nov 07 06:58:40 +0000 2019

We also need this to be open to truly rely on these much needed chips. ⁦@htcexodus⁩, can you lobby for it? “There are some parts of the OpenTitan design that won’t be public…all related to the actual physical fabrication of chips in a factory” https://www.wired.com/story/open-titan-open-source-secure-enclave

Thu Nov 07 08:06:29 +0000 2019

RT @boscolochris: I agree with @ChristopherA this needs to be truly open!

An open, hardware-based, secure root of trust will make day-to-d…

Thu Nov 07 17:21:41 +0000 2019

For convenience, I’ve merged @n1ckler’s PR to #BitcoinCore’s secp256k1 library which supports #BIPSchnorr x-only pubkeys. For experimental purposes only, but it allow us to leverage git submodules to begin to create some simple Schnorr signing tools. https://github.com/BlockchainCommons/secp256k1-schnorrsig https://twitter.com/Blockstream/status/1192106399528112128

Fri Nov 08 01:11:05 +0000 2019

“BSD-2-Clause Plus Patent license has gone largely unnoticed by developers…approved by the Free Software Foundation as “GPLv2-compatible”…approved by the Open Source Initiative as “open source”…Blue Oak Council…sole gold-rated license” —@kemitchell⁩ https://writing.kemitchell.com/2019/11/07/BSD-Patents.html

Fri Nov 08 07:28:33 +0000 2019

The First W3C Public Working Public Draft of the Decentralized Identifiers (DIDs) v1.0 specification now out, using a persistent URL & triggers the beginning of a patent disclosure regime. An important step on the way to becoming an international standard! https://www.w3.org/TR/did-core/

Fri Nov 08 07:49:58 +0000 2019

RT @veorq: This should’ve been a Real-World Crypto talk, because this is real-world crypto: the non-glamorous, non-paper-worthy, painful…

Fri Nov 08 07:51:06 +0000 2019

RT @TuurDemeester: 1/ The main thesis of “The Bitcoin Reformation” is that there are four fundamental parallels between the Protestant Refo…

Fri Nov 08 07:56:11 +0000 2019

Replying to @kimdhamilton, @JoeAndrieu and @cycryptr

🤔 it also demonstrates why we are such a good team—very diverse thinking styles! Thank you for being such a great co-chair!

Fri Nov 08 22:56:37 +0000 2019

Replying to @P01ndexter and @HillebrandMax

As a peer-to-peer email protocol I agree that PGP has not had much uptake. However, as a developer tool for signing git commits and for signing release, distribution files, etc. it is broadly used. I think we can do better than this, thus 9+ #RebootingWebOfTrust workshops & #DIDs

Fri Nov 08 23:33:10 +0000 2019

Replying to @P01ndexter and @HillebrandMax

See also “PGP Paradigm”, a post-mortem by the two of the authors of #PGP from the first #RebootingWebOfTrust. It has helped inform many of our architectural choices in the last few years toward #DIDs. https://github.com/WebOfTrustInfo/rwot1-sf/blob/master/topics-and-advance-readings/PGP-Paradigm.pdf

Fri Nov 08 23:42:07 +0000 2019

Replying to @HillebrandMax, @P01ndexter and @thefrankbraun

I like @thefrankbraun ideas on #codechain, but it still has a root of trust in a DNS record which the #RWOT community is not a big fan of. Others in the community are looking at did:git https://github.com/dhuseby/did-git-spec/blob/master/did-git-spec.md and did:peer https://openssi.github.io/peer-did-method-spec/index.html for P2P blockchain-less #DIDs.

Sat Nov 09 00:22:17 +0000 2019

Replying to @boscolochris

As far as I know group has nothing to do with W3C Decentralized Identifier (DIDs).

Sat Nov 09 06:02:55 +0000 2019

Replying to @rusty_twit

Though you are in jest, the odd truth is that at 13 or so people you’ll likely have a Judas in the community. It is an nadir between our ape-brain intuitive trust skills & our more intellectually evolved social trust skills. I call this the Judas Number: http://www.lifewithalacrity.com/2008/09/group-threshold.html

Mon Nov 11 00:35:59 +0000 2019

Agreed. I have a lot of respect for Ev and his team, but a medium-sized silo is still a silo. Medium began to loose m me when I could not use my own domain, and lost me more with what should be open content (as the author was not paid) behind pay walls. https://twitter.com/Pinboard/status/1193235201108758528

Mon Nov 11 00:42:40 +0000 2019

Our latest @BlockchainComns #BitcoinStandup demo shows install of Bitcoin-Core, Tor, etc. on macOS, followed by secure connection of that full-node to the iOS app @FullyNoded. No SPV or Neutrino light client, instead a fully self-sovereign mobile wallet! https://youtu.be/3UoGAQFu-X8

Mon Nov 11 17:30:18 +0000 2019

We are will be working on similar installers for other platforms and virtual machines cloud services. Though I’d not leave serious coin in the cloud myself (maybe a few days in a Lightning node) there is a place for a pruned node there for confirmation while your keys are local.

Mon Nov 11 17:38:06 +0000 2019

I’m writing a serious stdio command line tool from scratch for the first time in a over a decade. Best practices have evolved: more secure i/o, named parameters, JSON output, etc. Are there any newer templates or great examples of generic shell tool code in C or C++ out there?

Mon Nov 11 17:43:13 +0000 2019

Replying to @CarstenBKK

Any particular good example of a domain-specifical language using JSON in a shell app? Also, is there a JSON or JSON-RPC library you like? I learned when I did my Bitcoin CLI course that the combo of named parameters & the shell app JQ was quite powerful. https://github.com/stedolan/jq/

Mon Nov 11 18:04:28 +0000 2019

I’ve become a big fan of the MacBook 13” Mid 2012 as my travel burner & Bitcoin dev machine. It runs latest Catalina macOS 10.15, has faster USB 3.0 & Firewire v1 for display & faster drives. For security projects it works great with Qubes, Tails 4.0 & the wifi card is removable.

Tue Nov 12 00:13:30 +0000 2019

This Apple laptop is around $200 on Ebay, but I recommend the 8GB RAM & 512GB SSD version so it can hold a Bitcoin full-node. It is relatively easy to repair, upgradable to 1TB SSD & you can replace battery. It still has the escape key, has an SD slot for PSBT transactions. 👍

Tue Nov 12 00:22:14 +0000 2019

Replying to @ChrisBlec

Tails WiFi works only on a few MacBook Air models—this is one of them (tried few other models to find out). Tails 4.0 also lets me use Firewire v1 to a larger screen & external drives. You can install Debian or Qubes if you temporarily remove Wifi card & use an ethernet dongle.

Tue Nov 12 00:25:43 +0000 2019

Replying to @hodlwave and @JWWeatherman_

The problem with Glacier is even a number of the Bitcoin-Core devs who reviewed the code still haven’t implemented it themselves (or even something remotely comparable), much less sophisticated non-Core engineers or technologically-savvy HODL’ers. Thus projects like #SmartCustody

Tue Nov 12 00:35:13 +0000 2019

Replying to @JWWeatherman_ and @hodlwave

I’m still not sure about NATO words. There are better schemes possible. Even if we just replace BIP39 words with a better word list would help. For instance, my own word list removes homonyms, commonly mispronounced words, and maximizes hamming distance. More can be done.

Tue Nov 12 00:37:09 +0000 2019

Replying to @djkinkle

2016 in the MacBook Pro when the Touch Bar, Fingerprint TPM, etc. were launched. But Apple ships some MacBook Air models with the old style ESC & FN-key keyboard AND the Fingerprint TPM without the Touch Bar. https://www.popularmechanics.com/technology/gadgets/a23550/new-macbooks-dump-escape-key/

Tue Nov 12 00:41:21 +0000 2019

Replying to @NTechlibre and @JWWeatherman_

I’d like to ultimately see a larger community align/review some of the install defaults, settings, TOR, and minimal hardening between this project, Bitcoin Standup, and anything else that installs bitcoin via script. cc: @FullyNoded https://github.com/BlockchainCommons/Bitcoin-Standup

Tue Nov 12 00:44:38 +0000 2019

Replying to @hodlwave and @JWWeatherman_

Spread the word! If you have a significant amount of Bitcoin (~5% of net worth) the 2 hours and a couple of hundred dollars is worth it. And if you have ideas on how to improve, PRs are accepted. Hoping we can be an evolving general repository on protecting your digital assets.

Tue Nov 12 00:46:39 +0000 2019

Part of the point of a burner laptop is to not mind loosing it. In general leave it turned off so the drives remain encrypted, and if asked to open it either refuse and leave laptop behind, or have a deniability unencrypted boot partition with minimal OS as the default.

Tue Nov 12 01:12:56 +0000 2019

Also, I leave a USB drive at home that I use delete & reinstall my system on return, in case of virus or “evil maid” attack. There is also a “Kondo-like” zen quality to a burner laptop — just the essentials, showing you how little you really need.

Tue Nov 12 01:18:12 +0000 2019

I’m not being paranoid nor am I particularly fearful. I personally never been cyber-attacked <knocks wood>. However, there are those I advise that have been attacked, and the better I understand how to advise them about 80/20 best practices, the better.

Tue Nov 12 01:22:26 +0000 2019

Replying to @JWWeatherman_ and @hodlwave

We also specifically removed words that were commonly mispronounced by non-native speakers. Maximizing hamming distance means typing fewer letters.

Tue Nov 12 01:30:51 +0000 2019

Replying to @larrysalibra and @exiledsurfer

It depends on what work you do while traveling. The MacBook Air can be slow sometimes (but do I really need all those tabs open?) Most of the time my big limit is bandwidth, not CPU. Occasionally recompiling some code is painful. But again, there is a Kondo-esque quality.

Tue Nov 12 01:40:02 +0000 2019

One thing I’m still puzzling on is setting my travel/burner Yubikey MFA device (remember SMS is a bad idea!). I want to enable it to also requiring a PIN with OAuth/WebAuthN but it often breaks. A work-in-progress.

Tue Nov 12 01:46:08 +0000 2019

Replying to @MarkFriedenbach

Agreed that firmware corruption is hard to undo. For me it is the 80/20 rule — better some than none. Nothing I actually do needs that level of secrecy or concern, but I’m likely one-degree from a number of human-rights activists that are at greater risk than I. Herd immunity!

Tue Nov 12 03:46:10 +0000 2019

Replying to @KISBitcoin and @JustinMoon

You do have to temporarily physically remove the WiFi card, but Qubes booted and appeared to be fully functional (sound, video, internet). Supposedly you can install Broadcom WiFi device drivers, but I don’t currently have it on my machine—puzzling through multi-OS boot loaders.

Tue Nov 12 03:50:30 +0000 2019

Replying to @MarkFriedenbach

I vaguely recall that @TheBlueMatt at some point modified his MacBook’s firmware. Not sure how easy it is to backup and restore firmware on older Macs. I do know more modern machines have a TPM to prevent firmware attacks. My burner laptop does not have that.

Tue Nov 12 04:49:51 +0000 2019

Replying to @jiceman and @ChrisBlec

The MacBook Air is just so small it is great for travel. I’ve only tested the Air for all of these use cases, in particular I went through 3 other Air models that didn’t work in some way with Linux-based systems like Tails & Qubes. Comparable era MacBook Pros should work.

Tue Nov 12 05:38:18 +0000 2019

RT @stefanwouldgo: Ideas like this are why I love the Lightning community so much. Like in ETH, people try many crazy things. But unlike ET…

Tue Nov 12 06:14:27 +0000 2019

Replying to @Transisto1

The Yubikey by default only required a touch to activate. So if it is also stolen it can be used. Setting a PIN on it requires an additional confirmation of your presence with the key. This is configurable on all but the cheapest Yubikey but complicated & seems to break some apps

Tue Nov 12 06:19:12 +0000 2019

RT @Leishman: Here is the reading list for tonight’s meetup if you haven’t seen it already: https://www.sfbitcoindevs.org/socratic/2019/11/11/socratic-16.html

Tue Nov 12 06:32:14 +0000 2019

“I think we are seeing more and more problems that aren’t exactly confined by geography…the root as to why our institutions seem to be failing us. Markets are globally connected and people do so much online. Institutions also struggle across trust boundaries.”—@moskovich https://twitter.com/moskovich/status/1194139040418652163

Tue Nov 12 06:36:08 +0000 2019

For me one of the most important things about the #Wyoming Legislative Blockchain Task Force has been their efforts to codify what the real requirements of what qualified custodianship of digital assets should be. Few are up to this standard. Worthy! https://drive.google.com/file/d/1U7gIrVwpWElz3C10bC92-33zAKQnS-8E/view https://twitter.com/CaitlinLong_/status/1194022779730968577

Tue Nov 12 06:46:53 +0000 2019

Section V is particularly interesting as it defines customer-centric views of what a fiduciary should do in case of various kinds of forks & airdrops. As far as I know this has never been defined before as traditional assets do not have this property (splits are not the same).

Tue Nov 12 06:53:28 +0000 2019

RT @ChristopherA: Section V is particularly interesting as it defines customer-centric views of what a fiduciary should do in case of vario…

Tue Nov 12 06:53:34 +0000 2019

S8r1…“A bank shall provide the independent public accountant with all public data addresses used and shall sign the addresses. A hash of the most recent block of an agreed- upon blockchain at the time of signature shall be included in the signed message in order to serve as…

Tue Nov 12 07:06:12 +0000 2019

…a timestamp for when the signature was made. The signatures of those public addresses shall be verified by the accountant. The accountant shall use the blockchain to extract the total amount available at those addresses at a certain point in time”

Tue Nov 12 07:06:36 +0000 2019

S8riii: “A bank shall provide the digital asset balances of each customer to the accountant and generate a Merkle tree, or in the determination of the Commissioner, any substantially similar analogue.“

Tue Nov 12 07:09:48 +0000 2019

S9c: “A bank shall utilize at least three officers or employees to perform the process of creating entropy in the creation and production of the seed, with no single person ever possessing the entirety of the seed or backup mnemonic word phrase. When a single seed is…

Tue Nov 12 07:11:33 +0000 2019

…produced for a signatory, the signatory shall not be involved in the production of the public and private keys. None of the seed creators shall be permitted to participate in the act of cryptographically signing or have access to the systems that facilitate transaction.”

Tue Nov 12 07:12:01 +0000 2019

We (@BlockchainComns) are interesting in writing up technical systems requirements report for implementation of these new #Wyoming standards, done by some who have implemented a qualified custodian system before. Contact us if interested in sponsoring, or https://btcpay.blockchaincommons.com

Tue Nov 12 07:16:11 +0000 2019

RT @ChristopherA: S8r1…“A bank shall provide the independent public accountant with all public data addresses used and shall sign the addre…

Tue Nov 12 07:16:31 +0000 2019

RT @ChristopherA: S9c: “A bank shall utilize at least three officers or employees to perform the process of creating entropy in the creatio…

Tue Nov 12 07:16:36 +0000 2019

RT @ChristopherA: We (@BlockchainComns) are interesting in writing up technical systems requirements report for implementation of these new…

Tue Nov 12 07:16:40 +0000 2019

See our existing work on #SmartCustody for personal digital asset custodianship best practices. Free PDF v1.01 2019-09-16: http://bit.ly/SmartCustodyBookV101

At-cost POD (print-on-demand) $13.50 from Lulu #SmartCustody by Christopher Allen (Paperback) - Lulu: http://bit.ly/SmartCustodyBookViaLulu

Tue Nov 12 07:24:55 +0000 2019

Replying to @1stCrassCitizen, @BlockchainComns and @pavlenex

I’ll look into adding Lightning support to our BTCPay server tomorrow.

Tue Nov 12 07:27:07 +0000 2019

I remember being impressed when @jeriellsworth shared her first homemade transistor back in 2010: https://hackaday.com/2010/03/10/jeri-makes-integrated-circuits/ The homemade IC movement has made some progress since. Still a ways to go before we have a basic CPU — but there is hope! https://twitter.com/szeloof/status/988589833974140929

Tue Nov 12 08:24:02 +0000 2019

Replying to @jeriellsworth

Here is the original @jeriellsworth video of her homemade transistor amplifier. @kimdhamilton maybe you and @funcOfJoe can learn to make one at home ;-> https://vimeo.com/2423528

Tue Nov 12 08:30:48 +0000 2019

This is interesting – this is the first HSM that I’ve seen that advertising support for Bitcoin’s secp256k1. Most every true HSM only support NIST’s ECDSA secp256r1 which our community does not trust. I’ll have to study datasheet to see if this is truly doing k1 signing on HSM. https://twitter.com/nitrokey/status/1106579388236267521

Tue Nov 12 08:42:05 +0000 2019

I’m a bit confused as the @Nitrokey spec only of the stm32f103r8 chip, which doesn’t seem to be a tamper-resistant chip and thus not truly an HSM. Am I missing something? https://www.st.com/resource/en/datasheet/stm32f103r8.pdf

Tue Nov 12 08:48:57 +0000 2019

RT @CaitlinLong_: .@ChristopherA your help along the way has been invaluable! 🙏Anyone who reads the technical parts of #Wyoming’s #digitala…

Tue Nov 12 09:42:25 +0000 2019

RT @bascule: @ChristopherA @BrendanEich YubiHSM2 supports secp256k1. If you use my Rust driver (yubihsm-rs), it will low-s normalize the si…

Tue Nov 12 16:25:12 +0000 2019

Replying to @bascule and @BrendanEich


Tue Nov 12 16:25:18 +0000 2019

Replying to @real_or_random

I stand by my statement. Most cryptographers and cryptographic protocol designers that I have spoken to are suspicious that the NIST random curve may have some “known-to-only-NSA” quality, as they were doing things like at at the time. Thus the move to safer curves.

Tue Nov 12 20:40:56 +0000 2019

This decision should not have been needed — the US Constitution’s 4th Amendment (part of the what is known as the US Bill of Rights) is clear about “unreasonable searches and seizures” & “probable cause”. Crossing a border is not probable cause. Still keeping my burner laptop! https://twitter.com/ACLU/status/1194350173180383233

Wed Nov 13 04:52:33 +0000 2019

Replying to @real_or_random and @MarkFriedenbach

I do think there is a good chance it is random. I become CTO of Certicom after these decisions were made. However, I’ve never been satisfied when I tried to find out more from former colleagues years later, and Certicom did have a financial relationship with the NSA. Don’t know.

Wed Nov 13 05:24:36 +0000 2019

“The Court declares that the CBP and ICE policies for “basic” and “advanced” searches, as presently defined…and that the non-cursory searches and/or seizures of Plaintiffs’ electronic devices, without such reasonable suspicion, violated the Fourth Amendment.”

Wed Nov 13 06:09:38 +0000 2019

RT @ChristopherA: “The Court declares that the CBP and ICE policies for “basic” and “advanced” searches, as presently defined…and that the…

Wed Nov 13 06:09:44 +0000 2019

Replying to @oleganza

I’ve experimented with a number of conference formats. Yours comes closest to lightning/petcha kucha, but with a white board. The problem is that 10m often is too little. Best I have seen of these was Lightning afternoon, then vote & best got one hour long spot the next day.

Wed Nov 13 16:11:18 +0000 2019

Replying to @oleganza

Many non-academics have never seen poster talks — they are also a very interesting conference form. The design shop format we use at #RebootingWebOfTrust is also pretty good. https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/topics-and-advance-readings/rwot-primer.md

Wed Nov 13 16:15:12 +0000 2019

Replying to @PeterMcCormack

I’m hoping with our new #BitcoinStandup project and our existing #SmartCustody work we can create some intermediate steps to bridge the between the two. How hast we can do this depends on patronage. https://twitter.com/christophera/status/1193944050027511820?s=21

Wed Nov 13 17:16:44 +0000 2019

👍“Caravan is a stateless, open-source, and flexible multisig coordinator that integrates with your hardware or software keys and your bitcoin node or a block explorer. Caravan makes it easy to build and spend from multisig addresses” https://twitter.com/unchainedcom/status/1194631475146084357

Wed Nov 13 17:20:29 +0000 2019

I’m at #GitHubUniverse today. Like #WWDC the best thing is not the sessions but going to labs & talking directly to the @GitHub engineers and product managers. https://twitter.com/github/status/1194680858051039233

Thu Nov 14 02:03:30 +0000 2019

I’m already set up as a @GitHub sponsor personally https://GitHub.com/sponsors/ChristopherA (support my personal efforts) but I’m working on getting approvals for @RWoTEvents @ @BlockchainComns sponsorship tools.

Thu Nov 14 02:08:58 +0000 2019

RT @ChristopherA: I’m already set up as a @GitHub sponsor personally https://GitHub.com/sponsors/ChristopherA (support my personal efforts) but I’m working…

Thu Nov 14 02:09:06 +0000 2019

Here is more information on the @github sponsors program. I’ve enjoyed taking to their team and looking forward to discussing their future roadmap tomorrow. Clearly interesting ideas on sustaining financially open source inspired by @nayafia’s time here. https://twitter.com/github/status/1194678082554257411?s=21

Thu Nov 14 02:39:56 +0000 2019

I spent some time in the GitHub Actions lab trying to improve code security through various GPG provenance & code testing tools. Coolest thing I learned is that you can get a GPG key by appending .gpg to a user’s home page. No more keyserver! Here is mine: https://GitHub.com/ChristopherA.gpg

Thu Nov 14 02:45:44 +0000 2019

RT @ChristopherA: Here is more information on the @github sponsors program. I’ve enjoyed taking to their team and looking forward to discus…

Thu Nov 14 02:45:53 +0000 2019

RT @ChristopherA: I spent some time in the GitHub Actions lab trying to improve code security through various GPG provenance & code testing…

Thu Nov 14 02:46:02 +0000 2019

I really appreciate candid developer post-mortems 🥳 The real problem to overcome in sybil-resistant identity systems is bootstrapping the network effect. “Apparently system is actually resistant towards spammers but it isn’t able to survive with people just not using it.” https://twitter.com/defiprime/status/1194349682710859779

Thu Nov 14 02:55:34 +0000 2019

Replying to @HeyRhett and @github

Thank you!

Thu Nov 14 02:57:01 +0000 2019

.@MattLeacock’s original Pandemic, and the newer epic game Pandemic Legacy, I consider among the best board game designs in the 21st Century to date. Both are cooperative game designs which I find particularly appealing. I’m looking forward to watching the documentary. https://twitter.com/mattleacock/status/1194690224799940608

Thu Nov 14 06:38:37 +0000 2019

Agreed! “While appearing to march under the banner of self-sovereign or “decentralized identity,” several aspects of the press release and the DID Alliance website are strikingly opposed to the very essence of what decentralized identity is all about.” https://twitter.com/evernym/status/1194073333974757376

Thu Nov 14 06:41:12 +0000 2019

Replying to @brucefenton

If Mac, start with http://GitHub.com/mikemcquaid/Strap — will set security basics and minimal development system allowing for secure app install (like bitcoin-core). Our Bitcoin Standup app requires Strap to be run first.

Thu Nov 14 19:05:17 +0000 2019

Replying to @robep00 and @brucefenton

I actually run macOS Catalina in a VM on my macOS Catalina laptop (along with lots of other VMs, though I really detest Docker). But unfortunately you still need dev tools on the main macOS device to secure it. You can’t use the stock distribution. Strap is very nice for this.

Thu Nov 14 22:13:49 +0000 2019

A challenge to us in the Verifiable Credentials & DID community is that we have been addressing the problem of claims about identity OF people, but what many people want is verifiable claims BY people. I like this paper but there are name space collisions: https://medium.com/@aitheric/web-of-trust-a-taxonomy-for-claims-d136ae6f2ee3

Fri Nov 15 00:16:19 +0000 2019

This paper is by @aitherick, and there is nothing wrong with it, but shared language created in the DID/VC community often collide with terms used. And the DID/VC community solution space with its precise data schema & formats is often at odds with claims about arbitrary data.

Fri Nov 15 00:22:02 +0000 2019

How do bridge this when we are not yet done with safe decentralized identity? Needed as many of the people who want to make these more arbitrary verifiable claims (journalist, activists) need that protection? And the rathole of solving reputation rears its ugly head in both.

Fri Nov 15 00:25:54 +0000 2019

Replying to @pavolrusnak and @BTCSocialist

I have some much better word lists than BIP39 to offer, as well as tools to make better word lists. The SLIP39 wordlist also used some of these techniques: https://github.com/ChristopherA/iambic-mnemonic/tree/master/word-lists & https://github.com/ChristopherA/password_poem

Fri Nov 15 01:16:02 +0000 2019

Replying to @davidstrayhorn

Right now I’m troubled by W3C schemas. So far in my #RWOT POCs they’ve been a headache. Until there is a service that given arbitrary JSON and a whitelist of existing common schemas, and then can make recommendations and then build a new local schema, I have my doubts.

Fri Nov 15 01:35:49 +0000 2019

RT @FullyNoded: Want your nodes hidden service to be as secure as possible? Want to easily authenticate using the latest much improved…

Fri Nov 15 06:04:39 +0000 2019

Replying to @BTCSocialist and @pavolrusnak

What does it matter if they are widely shared? In the end it is your app that converts to geospace. What is important is to have words for people to easy say and easily hear. My set avoids homonyms, common mispronunced words & attempts to maximize hamming distance between words.

Fri Nov 15 06:07:43 +0000 2019

Replying to @RachelBBryan, @pavolrusnak and @BTCSocialist

Yes. Those are avoided and more. The lattest EFF dice words also used some of these techniques.

Fri Nov 15 17:00:16 +0000 2019

Replying to @BTCSocialist and @pavolrusnak

I still don’t get what the value is of access to words in “near and distant future”? What is the threat you are trying to mitigate? To me the bigger threat is miscommunication of words over cell or radio.

Fri Nov 15 17:03:53 +0000 2019

RT @dgwbirch: Actually, requiring Apple to provide open, transparent and non-discriminatory access to the Secure Enclave would be good for…

Fri Nov 15 17:08:59 +0000 2019

Replying to @OGHodler, @cryptocoinage and @COLDCARDwallet

Which brand?

Fri Nov 15 17:12:39 +0000 2019

Replying to @BTCSocialist, @RachelBBryan and @pavolrusnak

Check out my repos - lots of sources for creating lists there. My focus was memorability so it also has stress & pronunciation (allows for iambic pentameter), concreteness and variance (easier to remember) along with the exclusions lists.

Fri Nov 15 18:59:06 +0000 2019

Replying to @fiatjaf, @BTCSocialist, @RachelBBryan and @pavolrusnak

SLIP39 also uses a superior wordlist, and in the long run may replace BIP39. I also don’t get this “infinite wordslists” problem. It is the software than converts the mnemonics that is the limiting factor. SLIP39 like mine avoids words mispronounced by foreigners.

Fri Nov 15 22:00:04 +0000 2019

Replying to @RachelBBryan, @fiatjaf, @BTCSocialist and @pavolrusnak

The problem is that you are attributing security & decentralization to the old BIP39 list but the list does not have that property. Only the CODE may have that property if there are multiple interoperable implementations. That may be true for BIP39, but not true for where39.

Sat Nov 16 01:17:07 +0000 2019

Replying to @RachelBBryan, @fiatjaf, @BTCSocialist and @pavolrusnak

The list has no cryptographic or security value at all in absence of the BIP39 code, and since the experts in the community felt the capability in a new service (slip39) could be more secure if the list was more easily communicated error free, that was why slip39 changed lists.

Sat Nov 16 01:20:25 +0000 2019

Replying to @RachelBBryan, @fiatjaf, @BTCSocialist and @pavolrusnak

It feels like “magical security thinking” has cropped in that there must be some security properties in the original list. But there are not, it was hastily drafted and a number of its creators felt it was released hastily.

Sat Nov 16 01:24:04 +0000 2019

Replying to @RachelBBryan, @fiatjaf, @BTCSocialist and @pavolrusnak

Once BIP39 had multiple implementations & broad deployment THEN it was too late. Don’t repeat the mistake. Define your security requirements first & create a new list that meets it. For instance, is your proposal better with more or less words? Anything else is magical thinking.

Sat Nov 16 01:27:57 +0000 2019

Replying to @RachelBBryan, @fiatjaf, @BTCSocialist and @pavolrusnak

As an example, here are the details for how a cryptographer commissioned by @EFF created 3 different new word lists with different properties. https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases

Sat Nov 16 01:31:16 +0000 2019

Replying to @RachelBBryan, @fiatjaf, @BTCSocialist, @pavolrusnak and @EFF

If you don’t want to do the work to define your security requirements and create a new list, then choose another list that comes close to the rigor and list size you need. But don’t adopt a word list like BIP39 that never had that rigor “just because”.

Sat Nov 16 01:35:32 +0000 2019

RT @ChristopherA: @RachelBBryan @fiatjaf @BTCSocialist @pavolrusnak Once BIP39 had multiple implementations & broad deployment THEN it was…

Sat Nov 16 02:00:20 +0000 2019

Replying to @IronsparkSyris

Gate Watch: You and your companions are members of the Gate Watch—charged to keep an eye on the border between realms. Every game is different, every world, every Gate unique. Multi-genre, GMless, collaborative, all on 18 poker-sized cards: #indieRPG https://www.dyvershands.com/GateWatch

Sat Nov 16 08:15:19 +0000 2019

RT @FullyNoded: Another important update v1.80(8) that should fix a number of small bugs that may have caused a crash. Please give it an up…

Sun Nov 17 02:56:36 +0000 2019

When Social Networking Services try to do more than this is when they fail me: “the trick to designing a quality social media platform is to create it in such a way that everyone decides for themselves who to listen to, when, and what for”—@timpastoor https://medium.com/@2W/meditations-on-thinkspot-94114fd62fa2

Sun Nov 17 23:09:42 +0000 2019

Replying to @HillebrandMax, @empact and @JustinMoon

I know that I’d like to see more opportunistic coin joins.

Mon Nov 18 13:49:37 +0000 2019

RT @TuurDemeester: @unchainedcap @JustinMoon Christopher Allen talking Bitcoin Smart Custody, Self-Sovereign Identity at @unchainedcap in…

Wed Nov 20 01:38:53 +0000 2019

Replying to @TuurDemeester, @unchainedcap, @JustinMoon and @BlockchainComns

Transcript: https://twitter.com/kanzure/status/1196947713658626048

Wed Nov 20 01:41:11 +0000 2019

Replying to @TuurDemeester, @unchainedcap, @JustinMoon and @BlockchainComns

Free #SmartCustody PDF v1.01 2019-09-16: http://bit.ly/SmartCustodyBookV101

At-cost POD (print-on-demand) $13.50 from Lulu #SmartCustody by Christopher Allen (Paperback) - Lulu: http://bit.ly/SmartCustodyBookViaLulu

Financially support updates to the next edition: #SmartCustody! http://bit.ly/SupportSmartCustody

Wed Nov 20 01:41:41 +0000 2019

Replying to @TuurDemeester, @unchainedcap, @JustinMoon and @BlockchainComns

Accidental artwork by @TuurDemeester created during Austin Bitcoin Dev. Hope he wasn’t too bored by my talk :-)

Wed Nov 20 04:49:44 +0000 2019

👍This is quite a cool proposal! This approach leverages http’s 402 “payment required” error using a Lightning native macaroon-based bearer API credential, offering a server assisted atomic swap capability, sybil resistance, application level DoS, and fine grained authentication. https://twitter.com/roasbeef/status/1190098624010522624

Wed Nov 20 07:07:02 +0000 2019

There has been some progress on getting funding for this work (creating a tech spec of what is required for a digital asset custodian to meet Wyoming regulations), but we need more support. If this is something you are interested being a Patron of @BlockchainComns, let me know. https://twitter.com/ChristopherA/status/1194151888788176897

Wed Nov 20 18:27:11 +0000 2019

I’ll have an opening 1/1 for an 3+ month internship at Blockchain Commons. You don’t need a CS degree, but you do need some programming experience. Also open to radical ideas like an internship for a law grad interested in experience with this side of blockchain and identity law.

Wed Nov 20 22:09:39 +0000 2019

Replying to @michael_nielsen

I have a brief article introducing a slightly more up-to-date list of Ostrom’s Eight Principles http://www.lifewithalacrity.com/2015/11/a-revised-ostroms-design-principles-for-collective-governance-of-the-commons-.html

Wed Nov 20 22:28:43 +0000 2019

Replying to @JWWeatherman_

Onsite ideal. Bay Area at minimum.

Wed Nov 20 23:45:50 +0000 2019

Replying to @KISBitcoin, @bitcoincoreorg, @ElectrumWallet, @GreenAddress, @bitcoin_wallet, @SamouraiWallet, @wasabiwallet and @veriphibtc

What would you consider to be the best iOS wallet currently?

Thu Nov 21 00:20:52 +0000 2019

Replying to @exitcalmly, @1stCrassCitizen and @Blockstream

We are working on better (and easier) processes for this in the BitcoinStandup project https://github.com/BlockchainCommons/Bitcoin-Standup — currently only Mac, but working on more platforms. Also allows for secure v3 tor connection to remote client, such as iOS @FullyNoded

Thu Nov 21 00:24:27 +0000 2019

Replying to @KISBitcoin, @bitcoincoreorg, @ElectrumWallet, @GreenAddress, @bitcoin_wallet, @SamouraiWallet, @wasabiwallet, @veriphibtc and @FullyNoded

#BitcoinStandup will make it easier for @FullyNoded as well as any other remote that wants a v3 tor secure non-correlatable remote connection back to a full node. A work in progress and Mac-only for now, but more platforms soon. https://github.com/BlockchainCommons/Bitcoin-Standup/

Thu Nov 21 00:49:08 +0000 2019

RT @tim_bansemer: 1) Freedom to participate.
2) Freedom of choose on which machine your tx is computed.
3) Freedom to select the beneficiar…

Thu Nov 21 18:53:01 +0000 2019

RT @tim_bansemer: 6) Freedom to select the witnesses who confirm your transaction.
7) Freedom to be subject of regulation or not to be regu…

Thu Nov 21 18:53:03 +0000 2019

#OpenDevelopment isn’t all about Open Source. It’s also about creating & sharing your best practices of software development so that others can learn from them. It’s about allowing others (including competitors) to incrementally improve on those practices. And listening back. https://twitter.com/jasonfried/status/1198041731754790912

Sat Nov 23 16:01:09 +0000 2019

Replying to @NeerajKA

Note that we (@BlockchainComns) have strategically placed a @TorProject exit node at @NYCMesh — this is just one of the blockchain infrastructure efforts that we support. If you are interested in supporting more of these efforts as a patron, see https://btcpay.blockchaincommons.com

Tue Nov 26 04:32:05 +0000 2019

RT @ChristopherA: I’ll have an opening 1/1 for an 3+ month internship at Blockchain Commons. You don’t need a CS degree, but you do need so…

Tue Nov 26 20:10:33 +0000 2019

Replying to @asglidden

I’m increasingly involved in blockchain and identity law advocacy, both in US (for instance at Wyoming Blockchain Task Force around enabling DAO-like orgs) and outside (various governments interested in laws around privacy and regulations to support self-sovereign identity).

Tue Nov 26 20:31:59 +0000 2019

My minisign public key, signed by my minisign public key, signed by my GPG public key, signed by my minisign public key, all committed to https://gist.github.com/ChristopherA/c0fc2ff79fd0a3f223ac3cd409e9f46d signed my GPG key, which you can see is my GitHub GPG key for Github account @ChristopherA at https://github.com/ChristopherA.gpg

Wed Nov 27 09:04:21 +0000 2019

RT @bitcoin2020conf: We’re super excited to announce three more awesome Bitcoiners as speakers for Bitcoin 2020!

@DoveyWan, @ChristopherA…

Wed Nov 27 09:06:59 +0000 2019

“the reason that borders, quite apart from their use for the staging of populist or authoritarian dramas, have become so important: they’re where it’s legal for the government to capture the information that its bureaucracies covet” https://www.newyorker.com/books/under-review/what-are-borders-for

Wed Nov 27 18:19:35 +0000 2019

Replying to @kvakes

I would definitely suggest that take a look at moving toward a Decentralized Identifier (DID) & Verifiable Credential (VC) architecture. There are already some efforts to bring organizational identity to self-sovereign architectures. I did a demo of one for Wyoming in September.

Wed Nov 27 20:04:56 +0000 2019

We didn’t include this case study of the online game World of Warcraft in our book on cooperative games, but I found it fascinating to examine it through the lens of the design language we developed for the book. I hope you find it interesting as well! https://twitter.com/MeeplesTogether/status/1199793261662990336

Thu Nov 28 04:23:55 +0000 2019

RT @FullyNoded: http://StandUp.sh bringing “one click” bitcoind/tor hidden service setup for FullyNoded to pair with to linux users.…

Thu Nov 28 05:31:42 +0000 2019

RT @FullyNoded: Just had another mild religious experience running a script i’ve been working on this week on my Ubuntu machine at home. It…

Fri Nov 29 23:49:19 +0000 2019

RT @AndyIbanezK: Does anyone of an icon set or icon provider that has icons that can be used as SF Symbols? I love http://iconapp.io,…

Fri Nov 29 23:52:38 +0000 2019

RT @trbouma: Critical use cases for offline credentials


Sat Nov 30 21:01:24 +0000 2019