m0wer's avatar
m0wer
m0wer@stacker.news
npub1w3va...4c5c
JoinMarket NG
m0wer's avatar
m0wer 1 month ago
JoinMarket NG Announcing today a full rewrite of all JoinMarket components in modern Python. Focusing on performance, maintainability, and extensibility. While maintaining compatibility with the existing JoinMarket network.
GitHub
GitHub - m0wer/joinmarket-ng: JoinMarket (Bitcoin CoinJoin) modern alternative implementation
JoinMarket (Bitcoin CoinJoin) modern alternative implementation - m0wer/joinmarket-ng
 Why JoinMarket? Has no central coordinator: most censorship resistant and peer to peer. Why a rewrite? The reference implementation has served the community well for years, and we're deeply grateful for all that the contributors have done. However, the project is no longer actively developed (181 open issues and 41 open pull requests) and had architectural limitations such as relying on Bitcoin Core's BerkeleyDB wallets (deprecated since v26.0.). New features: - Support for light clients using Neutrino - Rate limiting to prevent logs flooding - Extensive protocol and implementation documentation - Realistic E2E tests including reference implementation makers and takers Future plans: - Nostr relay integration - Lightning Network integration (CoinJoinXT) to hide roles and eliminate fee traces - A lot more ideas Help wanted: - Funding: Applied to HRF Bitcoin Dev Fund and soon to OpenSats. Other grant ideas or direct donations welcome. - Security: Need sponsorship or a volunteer for external security audit. - Contributors: Peer review, testing, documentation. Entrypoint for migrating makers:
GitHub
joinmarket-ng/maker at master · m0wer/joinmarket-ng
JoinMarket (Bitcoin CoinJoin) modern alternative implementation - m0wer/joinmarket-ng
 The reference JoinMarket served us well for a decade. Let's make sure the protocol thrives for the next one.
m0wer's avatar
m0wer 1 month ago
There is an ongoing attack against JoinMarket makers where a random nick not serving onion constantly sends !orderbook requests through directory servers. The makers and directories mostly cope with the load, but the log files, which have a hardcoded debug log level, grow several gigabytes per hour and crash many makers. A solution is to setup hourly log rotation. In Debian systems, you can move logrotate from daily to hourly cron using: ``` dpkg-divert --add --rename --divert /etc/cron.hourly/logrotate /etc/cron.daily/logrotate ``` The default user data directory is `$HOME_DIR/.joinmarket`. Create a logrotate config: ``` /home/user/.joinmarket/logs/*.log { hourly size 100M copytruncate rotate 24 notifempty missingok } ``` To install and test, save the config to `/etc/logrotate.d/joinmarket-logs`, test it with `sudo logrotate -d /etc/logrotate.d/joinmarket-logs`, and force run manually with `sudo logrotate -f /etc/logrotate.d/joinmarket-logs` or wait for automatic hourly execution via cron.
m0wer's avatar
m0wer 1 month ago
AdNauseam: The Browser Extension That Fights Back by Clicking Every Ad
AdNauseam - Clicking Ads So You Don
A browser extension that clicks on every blocked ad to fight advertising surveillance.
 AdNauseam is a privacy tool built on uBlock Origin that automatically clicks on every blocked ad, poisoning ad networks' tracking data with noise. By creating an omnivorous click-stream, it renders user profiling and targeted advertising futile. It's obfuscation as protest—fighting surveillance capitalism by making tracking data worthless. Banned by Google, recommended by Firefox, and free to use.
Stacker News
AdNauseam: The Browser Extension That Fights Back by Clicking Every Ad \ stacker news
AdNauseam is a privacy tool built on uBlock Origin that automatically clicks on every blocked ad, poisoning ad networks' tracking data with noise. ...
m0wer's avatar
m0wer 1 month ago
Blockstream Jade Security Disclosure
Blockstream
Jade Security Disclosure
This disclosure gives more context on the Jade firmware vulnerability and information for our users on how to upgrade and stay safe.
 **TL;DR:** **Vulnerability:** A buffer overflow bug in Jade hardware wallet firmware (versions 1.0.24-1.0.36) that could allow malware on a connected computer/phone to crash the device or potentially extract the user's private keys. **Practical implications:** - **Only exploitable if:** Device connected via USB/Bluetooth to malware-infected computer AND device was unlocked on that interface - **Not vulnerable:** QR-only mode, uninitialized devices, or if using official Blockstream app on clean devices - **No known exploits** in the wild - **Fix:** Update to firmware 1.0.38+ immediately (includes anti-rollback protection) - **Worst case:** Attacker could theoretically steal private keys if sophisticated malware was present
Stacker News
Blockstream Jade Security Disclosure \ stacker news
TL;DR: Vulnerability: A buffer overflow bug in Jade hardware wallet firmware (versions 1.0.24-1.0.36) that could allow malware on a connected compu...
m0wer's avatar
m0wer 1 month ago
A to B - Decentralized Bitcoin Logistics | Anywhere to Bitcoin
A to B - Decentralized Bitcoin Logistics
Start from Anywhere and get to Bitcoin. Do jobs, stack sats, build reputation. Peer-to-peer logistics powered by Nostr and Bitcoin.
 Real implementation of
Stacker News
Decentralized Shipping Protocol: The Missing Link for a Truly Free Global Market \ stacker news
Description: Just as Bitcoin enabled sovereignty over money, a decentralized shipping protocol would enable sovereignty over trade. An LN/Bisq insp...
Stacker News
A to B - Decentralized Bitcoin Logistics | Anywhere to Bitcoin \ stacker news
Real implementation of https://stacker.news/items/976326 [5 comments]