Dr. Hax's avatar
Dr. Hax
Dr.Hax@hax0rbana.org
npub16v82...eqha
Cypherpunk. Infosec veteran of about 15 years (vulnerability research, exploit development and cryptography). Cypherpunks write code. :-) Signet maintainer. Self-custody your passwords... in hardware! https://hax0rbana.org/signet Want to see wider adoption so Bitcoin can be used as digital cash and not just an investment vehicle. XMR: 44RDkTFmTeSetwAprJXnfpRBNEJWKvA5dBH5ZVXA4DofgoZ9AgjyZdSa2fo7pMD3Qe3pdKga8X22y3Lyn1xYde5kPQPzVUu
Dr. Hax's avatar
Dr. Hax 10 months ago
Killer #nostr client idea: allow following and muting people based on their npub AND keywords (plural) This would enable users to follow someone, but only when they post about a particular topic. Or, see a person's posts except when the talk about topics X, Y or Z. This is different than following someone and then muting a particular word. It only applies to that person. If one were really crafty, this could override muted words. For example, maybe you generally don't want to hear about pizza, so you mute that word. But when Papa Del posts about pizza, you absolutely want to see that. Once this code is written, it makes all kinds of other customizations possible: 1. Follow "pizza" but only if it also mentions "pineapple" 2. Mute "Nixon" unless tge post also mentions "prison", "jail" or "trial". And so much more. This is the killer feature because it puts the user in control. It gives them more power over their feed than any other social media platform. Furthermore, because nostr is more than just social media, the same code could be reused to filter out products from a particular seller, get notifications when someone is available to do ridesharing, and so forth. Who does this appeal to? Users (obviously) but also people who actually produce stuff. They don't have to have one account for permiculture, another one for cryptography, another for mesh radio gear, etc. They can mush it all together and the users can get juat they things they want (which very well could be all of it, as it is now). Creators could still have brand accounts, but they wouldn't be punished if they don't go that route.
Dr. Hax's avatar
Dr. Hax 10 months ago
Lets see if #nostr can search the web better than the big #tech companies... I have ting fragments of a dance song in my head and I'm not even sure they're correct. ...hacienda No habla espanol but your on my agenda That's it. That's all that is spinning around in my head, on repeat. The song was mostly in English if that helps.
Dr. Hax's avatar
Dr. Hax 10 months ago
I have accidentally become the unofficial apt repo for Step CLI. I've been ruining it for years and just expanded it to include the ARM64 package (e.g. for raspberry pi boards) For those not familiar, step allows you to: - run your own certificate authority - get x.509 certs (TLS) - sign SSH host key (no more manual fingerprint verification!) - sign SSH user certs (no more manually copying around keys in authorized_keys) - and lots more cryptography stuff It's pretty great.
Dr. Hax's avatar
Dr. Hax 10 months ago
As for the range problems, I just did an actual range test using the built-in #meshtastic module. I get intermittant coverage on my property (~1/10 acre) and spotty coverage about 30 feet beyond that. Everywhere else is a dead zone. It's as if the antenna isn't even connected. So when it stops raining and the roof dries off, I'm going to swap out the antenna and do some re-testing to see if I can determine where the problem lies.
Dr. Hax's avatar
Dr. Hax 10 months ago
I added mounting tabs and tabs to bolt the lid closed for the #meshtastic #solar box. #3dprinting #cad #mesh #network
Dr. Hax's avatar
Dr. Hax 10 months ago
RIP 🪦 BitRefill's pre-paid MasterCards. #BitRefill no longer has any digital credit cards that can be used to pay in person. The only option is to have a physical card mailed to you, which is better than nothing, but far inferior to what they used to have.
Dr. Hax's avatar
Dr. Hax 10 months ago
"According to the WEEE Directive, the EU member states are obliged to collect data on waste electrical and electronic equipment and to transmit this data to the European Commission." WTF, Europe? Why would you require this extra effort just to invade people's #privacy? Source:
Dr. Hax's avatar
Dr. Hax 10 months ago
Remember back when people used passwords? Yeah that was tedious! image
Dr. Hax's avatar
Dr. Hax 10 months ago
Reminder: The Dead Milkmen I will not be taking any questions at this time.
Dr. Hax's avatar
Dr. Hax 10 months ago
In 2022, the Federal Reserve Bank of St Louis started tracking the cost of eggs in bitcoin and USD. image At the time, it showed 18 months of data and illustrated that bitcoin is much more volatile than the USD. Now we have 4 years worth of data. USD: 1.466 ➡️ 5.897 (+302%) sats: 4217 ➡️ 6223(+48%) In just 4 years, using only data from the federal reserve, we see that: 1.) the value of eggs is volatile, and 2.) #bitcoin has lost far less value than the #USD, at least measured in eggs And even though it has a URL in it, you should never take a screenshot like this at face value! Check to make sure I'm not pulling a hoax on you. I'll even save you from having to type in the URL.
Dr. Hax's avatar
Dr. Hax 10 months ago
#ProofOfWork. Mixing in rice hulls. Probably have about 4 more houts of work left 'til it's done. #gardening #permies #permiculture #homestead #homesteading #garden
Dr. Hax's avatar
Dr. Hax 10 months ago
This project is hardcore! #OpenSource, #hardware, #firmware and #software. You can buy pre-flashed hardware. The catch? It's not clear what components to buy or why, and the setup process is so difficult, it's effectively your new hobby. I expect it'll get better as out gets more popular and more people contribute to the documentation. #electronics #diy #OpenHardware #FOSS
Dr. Hax's avatar
Dr. Hax 10 months ago
GM. Time to set aside the cross #compiler for a while and switch to #house and #garden projects. I should be working on mixing rice hulls into the soil of our raised garden beds, but I worked on the open source energy monitoring project. Made progress, but it's not tracking our usage yet. Tomorrow I hope I can get some rice hulls in between working for the #Artisans #cooperative, meeting with my local elected representative, and helping cook meals for this week. Because it's calling for rain the day after tomorrow.
Dr. Hax's avatar
Dr. Hax 10 months ago
I managed to get botan (the cryptography toolkit) cross compiled for Win x86-64 (from Linux x86-64). It took all day, but I got it, including even running the test suite under wine to verify it's all correct. Patch submitted to libbotan to make it easier for others in the future. Now I'm trying to figure out why the cmake files in keepassxc aren't able to find my newly created botan-2.pc file that defines how to link to the library, what library and header paths should be included
Dr. Hax's avatar
Dr. Hax 10 months ago
Dr. Hax's avatar
Dr. Hax 10 months ago
Today I got botan2 cross compiling for x86-64 Windows (from Linux x86-64). Why? Because I want to cross compile keepassxc and this is getting in my way. Why do I want to cross compile keepassxc? Because I want to use that code in the signet client to import keepass v4 databases And I want my (Linux based) CI to be able to continue to crank out windows builds. That's why. After Botan, I'm going after argon2, and then others. Oh and I had to build my own compiler because mxe repos are way old. So I'll probably be hitting up their mailing list to find out if someone has the ./debian directory that produced that .deb file so I can give them an updated build. If nothing else, I'd like to at least built it and put it in my own apt repo. Yeah, I'm way down the rabbit hole on this one. And if I manage to dig myself out, I'm going to do it all over again for i686!
Dr. Hax's avatar
Dr. Hax 10 months ago
I am having so much fun with disposable VMs (DVM) in #Qubes, it should be illegal! I'm doing #dev work again today and when I think I have the minimal commands to reproduce an issue, I'll spin up a DVM, paste the commands and make sure I hit the problem I expected. If not, I'll poke around to fix it (install a dependency, update the PATH, etc.) and then repeat. Takes about 8 second to spin up a fresh VM. Very rapid #development!
Dr. Hax's avatar
Dr. Hax 10 months ago
OK, normally when I hear about someone who doesn't know crytpography or Rust writing Rust code and rolling their own cryptographic protocol, I'd almost certainly not going to use their code... but... Wang Lu seems to be the real deal, just picking up these skills along the way. Their highly experimental hardware password manager, which is not open source hardware nor software, sounds like it's a pretty decent design. If it actually does what is described, I am impressed. It'll be interesting to follow along and see if it turns out to be an even more hardcore password manager than the #Signet. Of course, there's no proof that any of this code exists and works, so it could all be vaporware. We won't know unless it's released (in either source of binary form).
Dr. Hax's avatar
Dr. Hax 10 months ago
Productive day today! #gardening - I mixed about a cubic yard of soil & rice hulls, put the rain barrel back in service, and took a first pass at fixingthe gutter #signet - documented using the qt creator IDE, fixed all compiler warnings, and improved the Windows CI/CD build pipeline