Exploiting ML-DSA bugs https://cr.yp.to/papers/mldsa-20260601.pdf

The politics of open infrastructures

The Politics of Open Infrastructures: Power, Governance, and Justice in Digital Knowledge Practices

This volume examines how openness is designed, governed, contested and lived in contemporary digital knowledge infrastructures. From open source so...

“Communities don't care about protocols or open source”

Paths & Patches

Connected community spaces

This week the Newsmast team is heading to Amsterdam for Public Spaces, where the theme is Technology for Democracy. Here are three talking points -...

#bikestr

“The deeper I look at [nostr], the more it feels less like a social protocol and more like a carefully disciplined refusal to solve problems that protocols cannot actually solve.” I care more about the protocol itself than I care about the recent social media drama and the cypherpunk virtue signalling.

Simplicity Is Completeness

What Nostr quietly revealed

This is an attempt to communicate the value of the nostr protocol outside of the bubble.

Simplicity Is Completeness

What Nostr quietly revealed

#bikestr

Updated Nostr Silent Payments gist at the link below. The gist now includes two example scripts to validate a silent payment transaction and sweep a silent payment transaction. The example scripts have been implemented using the Python standard libraries only (no additional installs such as secp256k1, bech32, etc.) so you can see how everything works from the ground up - even how the public key points are created, added, etc. Also, the threat model has been updated. Though it can be used by your primary social media npub, that is not recommended. There are many different use cases (not related to social media) where an npub with a corresponding NIP-05 address may be required to privately receive funds.

Gist

Nostr Silent Payments

Nostr Silent Payments. GitHub Gist: instantly share code, notes, and snippets.

Onboarding onto nostr be like:

@martipos hello!

The Nostr Silent Payments gist note is now updated with a Receiver Culpability and Donor Entrapment section. As I document this, it's become clear to me that while #BIP352 is an awesome privacy advancement, the threat model is clearly not yet worked out. Read all about it here:

Gist

Nostr Silent Payments

Nostr Silent Payments. GitHub Gist: instantly share code, notes, and snippets.

1. Generate a Silent Payment Address 2. Solicit Funds from Donors 3. Spend the Funds 4. Dox the Scan Key 5. Dox all your Donors 6. Deny it was your Silent Payment Address 7. Repeat #BIP352

Hey @YakiHonne - can you fix your notifications so that notifications from muted users don't appear? I am getting notifications from #satsandsports whom I no longer follow and have muted. The other clients seem fine. Thanks.

Securely sharing a private key to a public server that you trust? No way! #BIP352

Gist

Nostr Silent Payments

Nostr Silent Payments. GitHub Gist: instantly share code, notes, and snippets.

There’s no such thing as a trustless transaction. You need to at least trust your counterparty that they won’t disclose a private key that could doxx you.