FOLLOW
Recently I was called by someone pretending to be Coinbase support, trying to steal bitcoin.
I decided to turn the tables on him and ask him about being a scammer (Junseth style) - and he opened up in a big way.
Presenting: To Catch a Scammer 🕵️♂️
Can anyone show me a unchained disclosure of data breech? Ive never seen one, i could be mistaken tho. Just hearing it in this video is a new thing for me.
Recently I was called by someone pretending to be Coinbase support, trying to steal bitcoin.
I decided to turn the tables on him and ask him about being a scammer (Junseth style) - and he opened up in a big way.
Presenting: To Catch a Scammer 🕵️♂️
I got a robocall from a “Coinbase” spammer just now!
Foundation Passport v2.3.4: Restored Compatibility with Casa App
"We’ve worked closely with the Casa team on a number of small fixes to restore full compatibility with their excellent multisig service."
def the best language system i’ve found: https://www.lingq.com/
Have you tried Pimsleur? That was the most effective for me but the lessons were very much a chore every day
also optimized for keyboard shortcuts ❤️
def the best language system i’ve found: https://www.lingq.com/
September edition of Studio Twentyone newsletter:
Your portal into bitcoin design, for all builders in bitcoin ✨
featuring:
@npub1yas...adnu
@Nick Neuman
@npub1zqs...cqrs
@npub1xpa...9ssm
@npub1j4u...d6x9
and more!
You don't have to take self-custody of all your bitcoin — just what you want to keep.
In this house, we HODL 🔑
impossible to overstate how much i hate 35 lb plates.
I dunno every once in a while I find they come in handy for lazy me not wanting to grab a 25 and a 10
NO SHORTCUTS AT THE GYM!!!!
The best way to ensure that all bitcoin doesn't get captured in legacy financial system vehicles is to ensure that people want to use bitcoin as more than a store of value.
Number go up thanks to tradfi adoption is fun, but we can't lose sight of the bigger picture.
Thinking about this in context of the ETF options and the Saif/Saylor discussion from last week.
I just tagged strfry 1.0.0. Here are some of the highlights:
* negentropy protocol 1: This is the result of a lot of R&D on different syncing protocols, trying to find the best fit for nostr. I'm pretty excited about the result. Negentropy sync has now been allocated NIP 77.
* Better error messages for users and operators.
* Docs have been updated and refreshed.
* Lots of optimisations: Better CPU/memory usage, smaller DBs.
Export/import has been sped up a lot: 10x faster or more. This should help reduce the pain of DB upgrades (which is required for this release). Instructions on upgrading are available here:
Thanks to everyone who has helped develop/debug/test strfry over the past 2 years, and for all the kind words and encouragement. The nostr community rocks!
We've got a few things in the pipeline for strfry:
* strfry proxy: This will be a new feature for the router that enables intelligent reverse proxying for the nostr protocol. This will help scale up mega-sized relays by allowing the storage and processing workload to be split across multiple independent machines. Various partitioning schemes will be supported depending on performance and redundancy requirements. The front-end router instances will perform multiple concurrent nostr queries to the backend relays, and merge their results into a single stream for the original client.
* As well as scaling up, reverse proxying can also help scale down. By dynamically incorporating relay list settings (NIP-65), nostr queries can be satisfied by proxying requests to external relays on behalf of a client and merging the results together along with any matching cached local events. Negentropy will be used where possible to avoid wasting bandwidth on duplicate events.
* Archival mode: Currently strfry stores all events fully indexed in its main DB, along with their full JSON representations (optionally zstd dictionary compressed). For old events that are queried infrequently, space usage can be reduced considerably. As well as deindexing, we are planning on taking advantage of columnar storage, aggregation of reaction events, and other tricks. This will play nicely with strfry proxy, and events can gradually migrate to the archival relays.
* Last but not least, our website https://oddbean.com is going to get some love. Custom algorithms, search, bugfixes, better relay coverage, and more!
Out of curiousity, how does strfry balance the splitting of ranges versus the number of round trips? Personally I think waiting for "yet another round trip" is pretty bad compared to sending let's say 2x the amount of data.
Good question! Right now the implementation is pretty simple, but I think will work well in most cases: It always splits a range into 16 equal-sized ranges unless the range has 32 or fewer IDs, in which case it just sends the whole list of IDs. I think there is probably some low-hanging fruit on tuning that threshold.
The nice thing is that nothing in the protocol needs to change to tune this. In fact, the protocol theoretically supports dynamic adjustment of those parameters to target a particular point in the latency/bandwidth tradeoff space.
There are also some other reasons you might want to customise the range selection, which I described here: https://logperiodic.com/rbsr.html#range-choice
proxy is huge, I can see myself using that soon. negentropy v1! the hype is real.
fucking legend, ty
Ty for oddbean! I use it often
I appreciate you letting me know -- I'm glad you like it!
Yesterday my soul left my body during an hour long breathwork session. Highly recommend.
What routine were you following, or were you working with someone in person?
In person
HOW TO SPOT PHISHING IN THE WILD
Our team has noticed a significant uptick recently in phishing attempts on Casa members, friends, and even us.
Phishing is when a scammer contacts you in an attempt to get you to give up precious information, such as login credentials or even a seed phrase. These messages can come via email, DM, or even phone call.
These attacks can sometimes be sneaky good at spoofing legitimate brands you trust. Here’s a breakdown of some emails I received and how you can detect phishing under the hood.
A practiced eye will catch this phishing email, but someone less aware might not. And of course you want to click immediately to see the "Huge Risk of Stablecoins!"
The biggest sign is that the attachment looks weird in the Superhuman email client. When I hovered over the attachment, it turned out to be an external link!
This one is harder to catch in Gmail. The attachment looks pretty normal. So you look for other signs:
- Do I know the sender? (I don't)
- Why forward me an email with no text? Weird.
- The message in the body of the original email is a bit weird, bad grammar/punctuation.
Once you get a whiff of phishy: PAUSE, don't click things.
Here's the trick most people don't know about, and how you can verify whether an email is risky.
Go to the Gmail side menu on the email itself, click on "Show Original."
Then check the SPF, DKIM, and DMARC fields. If any of them say "FAIL," run away.
Some companies haven't set this up yet but it's still a good test for most emails, especially if you don't know the sender.
And in all scenarios, even if those things all PASS — if something seems a bit off or you don't know the sender, don't download attachments or click links.
Here's another example I got this week. All 3 fields were PASS, but I don't know who this is and it looks phishy so: BOOM, REPORTED.
Stay safe out there — there are a lot of people getting targeted for their bitcoin right now. Here are a few other handy tips to avoid taking the bait:
- Don't trust unsolicited communications
- Screen calls from unknown numbers
- Verify claims about account issues yourself
- Never share a seed phrase online or over the phone
If you have more questions or want help protecting against this stuff, our team at Casa can help.
@npub1cas...tzdc is not just about Bitcoin Security.
We're about Security for Bitcoiners.
#security #nostr
Still learning how to format posts correctly…this looked great as a long form post on primal web…broken as a post on primal mobile
Curses!
Testing something...do threads work on nostr?
Like if I respond to this, does it prioritize my response?
And then does this one thread properly too?
Yes, these look the way you would expect on 3 major clients (Damus, Primal, Amethyst).
You might also want to look into using clients that let you write long-form (kind 30023) events, which are more like blog posts.
Interesting, thanks for sending the screenshots. When I look at it in primal web it's broken - doesn't show every response in line
Primal web is kind of like the tale of the shoemaker’s children. 😔
GM 🌅
What are the hardest parts of Nostr to use (for you specifically)?
#asknostr #nostr
I think it would be sync issues between clients
What are specific sync issues you see?
The most common types are :
some relays don’t appear/aren’t connected (I need to add relays in both clients)
not the same following list (I could be following someone in one client but it will not appear in the other),
notifications aren’t synchronized (I could receive a notification about a reply from one client but it will never appear in the other)
We are seeing a huge uptick in phishing attempts on teammates, customers, friends...shift to max skepticism mode to protect yourself
- Don't answer calls from unknown numbers
- Don't click things in emails from unknown people
- Always verify claims about account issues yourself
Agreed, think it could be across the board.
Satoshi inspired us all to create something revolutionary without needing to control it.
that energy is now back and focused on the internet again. Nostr feels like early #Bitcoin
open networks win
"everyone was looking for the next Michael Jordan on the basketball court, but he was walking up the fairway” - Phil Knight of Nike talking about the emergence of Tiger Woods
it feels like there has been a lot of time and energy spent on finding the next Bitcoin, but maybe the similar philosophy, goals, technology, and energy isnt on another blockchain but a different distributed network in nostr
lots of similarities with early bitcoin here.
my main takeaway after attending my first nostr conference
yep. LFG
Keepin’ the Casa referral train rolling
Technical #nostr question - I frequently see weird loading bugs in the Primal UI where it won't fully load something like followers, responses, likes, etc. Or it will show me "new" notifications or messages that I've already seen.
Is this a front end problem (Primal), or a backend problem (dealing with relays)? Like how architecturally deep does this problem go? cc @JeffG @npub1wmr...g240 or any other technical people I've followed recently
I don’t fall into the technical people description, but I think I heard @JeffG explaining how followers are checked on nostr - basically something scrolls every npub on the relays you are connected to see who has followed you to generate that list. Seems not super efficient 🤷🏼♀️
Yea seems like a difficult technical challenge…
Late night question, which app/interface are you all using for Nostr? I’m on Primal and Damus.
Primal seems to be the best UX...still has some bugs and weirdness frequently though
Primal on laptop, amethyst on android
Damus most of the time (phone) primal when I want to change it up and on desktop.
Better than BHB tbh.
If we could somehow build a truly decentralized private messaging system here, we would be solving a very fundamental problem.
Being able to share secrets over long distances trustlessly is a problem of historic proportions. Nostr gives us the opportunity to solve it for everyone once and for all.
https://youtu.be/PWKd9aoZ-Cg?si=V1e7eXUjAYplzXfl
LOAD OLDER THREADS