Olivia
Online
Nirvati
@getnirvati
The open source 🄯 server management software for the future.
Self-hosted
Joined January 2023
21 Following
516 Followers
178 Posts
@Anton__BTC @arbadacarbaYK @oomahq @start9labs @bcc8333 (More specifically, I broke something while trying to improve server security - it will be fixed soon)
@Anton__BTC @arbadacarbaYK @oomahq @start9labs @bcc8333 Our website is temporarily offline because of technical issues, we don't reject VPNs.
If you find a security flaw, please follow the following steps in order:
1) Give details to upstream developers to develop or merge a fix
2) Notify downstream developers/distributors of the risk and how to patch it (not the details) so they can ship it ASAP
3) Give people at least a week to upgrade on their own
4) Notify the public that a vulnerability in the old version exists (no details)
5) After you can reasonably hope everyone has updated (months or years later), publish details and/or proof-of-concept
There may be circumstances (eg, active exploitation in the wild) that justify deviation from this, but generally, this is a good approach.
However, starting with #5 is black-hat behaviour.
@_pi0_ > Imagine how much longer it takes to discover smuggled backdoors in binary blobs
Go, Rust and Zig ship libraries as source code. You can put binary blobs or obfuscated code on NPM too.
> JavaScript runtimes like V8
JS runtimes are hard to audit binary blobs.
Who to follow
The Orange Pill Jam Project 🍊💊🧡
@OrangePillJam
Sound money. Sound music. ⚡️
Press play. Subscribe. Opt out.
Dragonfly 
@dragonflydbio
Dragonfly is a drop-in Redis replacement, delivering 25X better performance at 80% lower cost. Host it yourself for free or pay per GB for Dragonfly Cloud.
Tunnel⚡️Sats
@TunnelSats
Providing VPN Solutions for ⚡️ Lightning Node runners
We care about privacy, connectivity, stability, simplicity and speed.
Your VPN solution to go Hybrid
@stephenz010 @jimmysong @ProductionReady > What Bitcoin needs is a new protocol implementation from the ground up.
You mean like this?
https://t.co/O6hMXajg7f
More useless AI slop code that makes misleading claims about security:
- Not all dependencies are SHA256-pinned
- Dockerfile "removes network-capable Python code" for no reason
This just hurts actual security projects. If you don't understand security, stop making slop.
Most Tor Docker images are running outdated Tor, no guard protection, and leave telemetry on by default.
HiddenForge v2.0.0 (my creation):
Tor 0.4.9.6 + Vanguards,
every dependency SHA256-pinned,
zero telemetry,
read-only filesystem,
rootless Podman support.
Built for a state-level adversary threat model.
https://t.co/tTTbjYTQas
https://t.co/RImG6gqizg
You should always self-host your node 😉
This is a dangerous idea.
Someone else's TEE = Not your keys = Not your coins
A TEE makes it harder to access the keys, but a TEE can be compromised.
Here are two papers with examples of previous issues:
https://t.co/XLXfdyHHcX
https://t.co/leh4b138Xl
This wallet is super interesting.
I don't know why they don't mention it but last time I looked it was running a Lightning node for you IN THE CLOUD in a TEE (a server they don't have access to).
This is a major technical feat IMO.
The Apple App Store rules are borderline illegal.
This isn’t about security. It's not about malware. It's not about user experience.
It’s about control.
- Use Google login? You must add Apple login
- Sell digital products? You must use Apple payments
- Apple takes 30% of your revenue (this is frankly insane)
- You can’t tell users about cheaper prices outside the app
- You can’t use a different payment system like Bitcoin
- Apple can reject your app with vague reasons (or bend over due to political pressure)
- You can’t install apps outside their store (most regions)
They own the platform. They compete with you on it. And you still have to pay them.
Is this a monopoly or a mafia gang?
- Allow configuring Tailscale settings
- Prevent installing conflicting apps (e.g. Bitcoin Core and Bitcoin Knots) at the same time
- Various other bug fixes and improvements
🧵3/3
Today, we're releasing Nirvati 0.9.0. We couldn't fit everything we initially planned in this release, but more is coming soon. Thank you for your patience!
Here's what's new:
- Add a new server overview that shows resource usage and connected servers
🧵 1/3
- Redesign the Contribute page to allow you to make financial contributions to Nirvati from the dashboard
- Add an emergency repair feature that allows you to repair Nirvati if something goes wrong with an installation or update (Accessible on port 9080)
🧵2/3
@defenwycke Not sure which AI you used to hallucinate this post, but tell it that this is intentional behaviour and only affects the mempool.
@coinjoined @BTCsessions But in the end, using the Bitcoin blockchain for this makes no sense for multiple reasons.
@coinjoined @BTCsessions But most attacks like these work by the user getting the malicious script from somewhere and executing it immediately...
So having a second stage payload stored somewhere isn't really a benefit, because you can easily update the page that is tricking the users into executing it.
@coinjoined @BTCsessions because
a) It's already very easy to set up an anonymous server (and pay for it with Bitcoin) quickly
b) Antivirus software can still recognise this as an attack
The biggest benefit of it would be to have an "unremovable" malware payload stored permanently.
@meandmybitcoin So far, opfs4 is not supported. Censorship bypass solutions are on our roadmap, including Tor bridges and AmneziaWG support.
However, I can not offer a solution for you that works immediately.
As part of Nirvati 0.9.0, we're also launching a new LND wallet connection flow. This allows to revoke permissions for wallets connected using LNDconnect. Each wallet gets its own connection URL. If your phone ever gets stolen, you can revoke its access to LND with one click.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
61.9M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers