Leo Wandersleb

So nostr:npub1gwfpm6l8fhn6rs83j8rjjnjgkdqv89chd2fdhy6zc2uvpuwf39vsfuxxee doesn't hide it's a bot, insta-replying to all I share and now I saw it's even marked as bot? Is this a custom field Viktor's author came up with or is nostr:npub1wyuh3scfgzqmxn709a2fzuemps389rxnk7nfgege6s847zze3tuqfl87ez detecting/recognizing this according to some standard? If the latter, please, please show me it's a bot with some bot icon on the avatar or something.

TIL: Bitcoin is the canary for more serious crypto systems like RSA-1024. If there comes a quantum computer capable of stealing your coins, RSA will still be secure for a year or three. And there is no real canary worth attacking with before attacking the real deal which is Bitcoin. secp160 is considered in reach of today's computers. secp192 protecting 100BTC would be a worthy canary and let us all sleep better. secp224 might be too close to our secp256 as a canary?

What's up with Andreas Schildbach's Bitcoin Wallet? On GitHub it has no issue tracker and on GitLab I just created issue #1 regarding dependency pinning which Schildbach cared a lot about many years ago but I can't find version pinning now?

Q-Day rescue for P2TR or otherwise exposed pubkeys from HD-wallets: Attacker has your private key (via QC), but they lack the BIP32 lineage. Child keys are derived by hashing a Parent xPub. Proposal: Soft-fork to require revealing that Parent xPub to spend. This proves you generated the key via the seed. QC attacks the curve, not the hash derivation. Of course, revealing Parent xPub + Broken Child Key mathematically leaks the Parent Private Key. You must sweep the entire account at that point.

Shout-out to MetaMask! At nostr:nprofile1qqsfzm94lura8dguaalkk6ml23umzqqmgqwqaqj43ms6yfgycl2s0jgpremhxue69uhkummnw3ez6ur4vgh8wetvd3hhyer9wghxuet59uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcpr3mhxue69uhkummnw3ez6ur4vgh8xetdd9ek7mpwv3jhvtcv28n4t we don't do shitcoin-only wallets but TIL they developed something any JS developer should know about: LavaMoat! This tool - if it works as advertised - can tame the dependency hell people think of when they hear JS and npm. LavaMoat can ensure that every library has only access to features it is supposed to access. If the math library tries to phone home, the app will crash. And to my knowledge something like that is not available for other programming languages like for example Java or Python. https://lavamoat.github.io