stringintech @stringintech

@luftwagun @NickSzabo4 To summarize Iran’s last decades as A = Dictator, B = Dictator, and therefore people wanting A back are not freedom-seeking - is one of the most sickening and sadly widespread arguments I hear. And it shows you’ve gotten absolutely nothing right about Iran and Iranians.

@Timematters3 من رادیو فردا رو تونستم بگیرم.

@AminSabeti به نظر میاد این پروژه فورک bitchat باشه؛ دقیقا چه کار‌ اضافه‌تری روش انجام شده که به جای نسخه اصلی که اوپن‌سورس هست و به مراتب ریسک امنیتی کمتری داره باید ملت اینو نصب کنن؟ نظر دولوپر bitchat: x.com/callebtc/statu…

calle @callebtc

4 months ago

Iranian "activist" scamming people with a bitchat copycat - steals my code (I literally wrote 99% of this) - renames it, adds nothing else - wants donations (bitchat is free!) - says "it is safe" without understanding risks - no collaboration, bitches around when criticized

65 181 1K 184K 152

I spoke with @brian_trollz about bitcoinkernel progress and other work being done to keep Core in good shape in years to come.

Bitcoin Magazine @BitcoinMagazine

4 months ago

Inside the "Kernel Project" & the Bitcoin Core Development Process w/ Core Dev Stéphan Core developer Stéphan sits down with Bitcoin Magazine's @brian_trollz to explain how the Kernal and multiprocess projects are reshaping Bitcoin Core for long-term reliability.

11 24 76 53K 20

@giacomozucco @KevinKelbie By “nation state structure intact” I thought you meant same system, different faces. Breaking up the country is a red line. Most want the last unified working Iran before leftists helped tear it down in 1979 and enabled this regime.

@giacomozucco @KevinKelbie > And most of these people seem to want to keep the nation state structure intact. The nationwide protests in Iran aim for the exact opposite. Their chants make this clear. They’ve moved beyond reformists long ago. The target isn’t one person.

@prttyandwitty @Shamimdehghani ♥️

Bitcoin Core now has an interface for its consensus code - it only took a decade. github.com/bitcoin/bitcoi…

Running libbitcoinkernel.

@penguinj42 @mer__edith @puyanlotfi Yes.

The Bitcoin Core development process and distribution model actually makes it somewhat harder to fix security issues, compared to other serious software distributors. Take Google Chrome as an example. The CVE fixing happy path is to develop and review a fix in private, push that fix to a private repository, and then push auto-updates to any affected users (running any currently supported release). At some point in the future, you can disclose the bug, once your (built in, on by default) telemetry tells you a significant portion, if not all, of your users have upgraded. Bitcoin Core development happens in public. While a small(er) group of developers can receive a report of a security issue, and create a patch in private; at some point, long before any end user could be running a fixed binary, this patch must become public, as part of a Pull Request, opened on github.com/bitcoin/bitcoi…. At that point, it can be seen and reviewed by any person (attacker, regular contributor, or otherwise). This means CVEs must be fixed carefully, you can't open a Pull Request titled "p2p: fix message parsing bug that causes node to crash" with a patch and functional test attached, demonstrating how to exploit the issue; otherwise someone might decide to take down the network that afternoon, for fun. Instead, CVE fixes are generally hidden as parts of other fixes, or refactors, however that is also non-trivial to do. While a small group of developers might be aware of the (hidden) fix, it's possible for any other contributor, or random internet person looking at GitHub, to do code review, and point out when a patch might not only be doing what it claims to be doing; undermining your ability to fix covertly. It's obviously possible to tell more (regular) contributors about a fix; depending on the severity, that comes with more tradeoffs. The fact that CVE fixes may be hidden in refactors, or other innocuous looking changes, is also why it can be harder to backport (i.e take a fix applied to master, and apply it to the 30.x branch) these fixes to already released versions of Core. Release branches only get bug-fixes; someone will ask questions if you open a Pull Request to backport a 15 commit refactor (no-op), to an old stable branch. The difficulty to backport is exacerbated by the fact that backports are already an obvious place for an attacker to look for covert, or exploitable bug fixes. Depending on the severity, it's quite possible that a (very) bad bug, might get fixed in master, released as part of a new major version (i.e v30.0), but not backported to other stable branches, if it's deemed too risky to try and publicly apply those changes to release branches, without making it obvious that a CVE is being patched, and risking it's exploitation, while a significant portion of the network is still vulnerable. Note that at any point, between when the patch is merged to master, and the next major release happens (1.5-5 months), any person may publicly point out that your patch was actually doing multiple things, and undermine your covert fix. They may also reverse engineer the patch, to the point where they can exploit the issue, and do so. All of this work must happen in public, because Bitcoin Cores distribution process, uses reproducible builds. This makes it impossible to ship private code changes in binaries (i.e uploading binaries that contain code that hasn't been made public), because any person can take the publicly available source code, and transform it into the same binaries that are available to download from bitcoincore.org. If at any point, the public source code does not match what is being distributed, alarm bells will ring. The are multiple (non-contributors) that are consistently performing the steps to check that the release source code, exactly matches the release binaries. Bitcoin Core does not ship software with auto-update functionality, and it never will. This means we cannot "push" updates to anybody. Any user of the software, opts-in to updates, at whenever they consider it convenient. Bitcoin Core does not have any form of telemetry, and it never will. Our usage insights come from the public bitcoin network (i.e the user-agent strings of nodes), and are a rough gauge of which versions of the software are most used. There are many trade-offs involved here, fixing security vulnerabilities in Bitcoin Core, is non-trivial, and unlike the happy-path of most other software distrobutors. However it's important that we continue to distribute software in this way.

Adriano @chataros

8 months ago

@adam3us They can always push security fixes in v29 like any serious software distributor does, not forcing anyone to upgrade to unwanted/unprepared for functional changes… and I should know I work for a software editor for 15+ years

5 2 49 191K 3

@cguida6 @glozow On the background side, trying to mobilize a mob based on a contributor being young, completely ignoring their contributions to the project, is not only disingenuous but also borderline malicious. In Bitcoin Core, your qualifications are worth nothing; your contributions do

@obscuravpn x.com/stringintech/s…

stringintech @stringintech

10 months ago

@obscuravpn Would love to see domain bypassing added to your iOS/macOS apps so certain websites (and ideally apps) can skip the VPN connection.

0 0 2 137 0

@sr_gi @2140dev Congrats!

@obscuravpn Would love to see domain bypassing added to your iOS/macOS apps so certain websites (and ideally apps) can skip the VPN connection.

@starbuxman one leg crossed

The @obscuravpn signup flow, is how paying on the internet should work (by default): Identifier -> Options -> Lightning Invoice -> Product

keyboard_arrow_left Previous keyboard_arrow_right Next

stringintech's first merged PR: github.com/bitcoin/bitcoi… Congratulations! 🎉🍾🎆

@nakhxvan 😁♥️🫂