The man in this video is a rather controversial political figure, and this video received quite a mixed response.

But, putting that aside, I thought this would be a good video to open the community with because it showcases the transition to a cashless society and the urge of some of us to fight against it.

Ouch.

The swindler “airdropped” the fake address into the DEA’s account by dropping a token into the DEA account so it looked like the test payment made to the Marshals. The idea here was to basically trick the DEA into thinking the scammer’s address was actually the Marshal’s service’s address. Crypto addresses are so long that people usually just copy and paste instead of typing them fresh each time. Airdropping is a legitimate feature in cryptocurrency and sees an individual or entity drop tokens representing a certain value of a currency into someone’s account. It’s normally done as part of a launch of a new kind of token, but it’s also been abused by those seeking to dupe crypto owners into scams like this.

The linked paper was pointed out to me during a discussion about trusting executables built from source. Perhaps this paper is a well-known document in the hacking community, but I thought it was quite interesting and thought I'd share it.

The document describes how the author created a bugged C compiler that would compile UNIX code in which the "login" command would insert a backdoor.

The actual bug I planted in the compiler would match code in the UNIX "login" command. The re- placement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user.

The author also describes strategies to build such bugged compiler in a way that would be very difficult to detect.

The document ends with a moral statement about hacking with a perspective from 1984 which is also an interesting read.

I have forked a project's source code on GitHub. The program takes a private key as an input and that key must never leave the client. If I want to share a pre-built executable as a release it is essential that I can prove beyond reasonable doubt that it is built from the published source.

I have learned about how to publish the releases by using a Workflow in the GitHub actions such that GitHub itself will build the project and then repare a release draft with the built files as well as the file hashes..

However, I noticed that the release is first drafted, and at that point I have the option to manually swap the executable and the hashes. As far as I can tell, a user will not be able to tell if I swapped a file and its corresponding hashes. Or, is there a way to tell?

One potential solution that I have found is that I can pipe the output of the hashing both to a file that is stored and also to the publicly visible logs by using "tee". This will make it such that someone can look through the logs of the build process and confirm that the hashes match the hashes published in the release.

Like this:

I would like to know whether:

• There is already some built-in method to confirm that a file is the product of a GitHub workflow

• The Github Action logs can easily be tampered by the repo owner, and the hashes in the logs can be swapped, such that my approach is still not good enough evidence

• If there is another, perhaps more standard method, to prove that the executable is built from a specific source code.

cross-posted from: https://feddit.de/post/2396303

Bad actors are actively exploiting this flaw to steal funds from affected wallets on multiple blockchains, they say.

Background

I would like to have a unique CSS stylesheet for nano.garden for users that prefer light themes. I started working on one but I did not like where it was heading (https://nano.garden/css/themes/nano-light.css), so I figured it would be better to out-source this task to more experienced members of the community. New themes in Lemmy are added by using a .css file that contains the variable definitions. A list of themes included in the official Lemmy can be found here: https://github.com/LemmyNet/lemmy-ui/tree/main/src/assets/css/themes

You can look through the different themes by going to your profile page and selecting the theme, and then you can pull the CSS file using the browser inspector to use a reference.

Deliverable

A .css file that contains the variable definitions for the stylesheet for the nano-light theme. The theme should feature a light color (white, cream, ivory, or similar) and one or a few of these blues [#209ce9, #3c4e7a, #5368a0]. The theme should work with the pages visible to regular users (main screen, profile, settings page, communities page, log-in screen). Other than this, you can get creative.

Conditions for payment

Payment will be delivered once the theme (or a derivative of it) is added as a theme to nano.garden.

Payment options

• Ӿ50 (XNO) delivered to a nano address.

---

If you start working on this, please make a comment to indicate that you are working on it. This is to avoid having multiple people working on the same task without being aware of the level of competition.

Canvas is available for Lemmy!

This is similar to reddit's /r/place. Each user gets to place a pixel on a canvas. The pixels are refreshed every 30 seconds.

The website with the canvas is: https://canvas.toast.ooo/

To log-in, you simply provide your instance's name and your username, and you get a code to log-in.

I have made a template for making an XNO flag. You can reach it by clicking here.

In the settings there is a button that allows you to toggle the tample on/off. You can use that button to make sure that you are placing the pixel in an unoccupied spot.

These past few days I've been working on integrating nano into a lemmy instance, which you can check out here: https://nano.garden/

As of now, I have done the following:

• I have added a "nano_address" column to the "person" table to store a user's public address. A user can add their address through the user settings.

• If a user has a nano address, a "nano" badge will appear next to their name on their profile, posts, and comments. Clicking on a user's badge will bring you to nano.to/user_address , from where there are many methods to submit a tip to the user (open wallet in pone, copy address, or scan QR code).

• I have also implemented a new type of faucet. A bot is checking for new comments, and if someone with a nano address creates a comment, the faucet will send them 0.01 XNO.

Because of the way that these changes are implemented, if another instance were to run the same backend and UI, the badge would be federated across instances. This implementation can also be modified to create other type of user badges with a customizable URL, such as to add other crypto assets or to link to other sites.

The back-end and UI modifications can be found here:

https://github.com/nanogarden/nanogarden-lemmy/tree/ng-lemmy-0.18.3

https://github.com/nanogarden/nanogarden-lemmy-ui/tree/ng-0.18.3

The python faucet bot code is a bit of a mess, but I will clean it up and put it up on github if anyone is interested.

---

Note: I'm not associated with the Nano Foundation, nor do I hold a lot of nano. I am interested in the direct and anonymous transfer of digital cash without the need of an intermediary. I chose Nano for this because the implementation of this system is simple in comparison to other cryptocurrencies that I've looked at. This is just a small fun project, nothing serious.

I'm running a little experiment... The nano.garden faucet!

To participate:

• Be registered in the nano.garden instance

• Associate a public nano address with your account in your profile settings

• Make comments

For every comment the faucet should deliver 0.01 XNO to your account!

There is a cooldown period of 2 minutes between comments and a maximum amount of nano per account set to 0.5 XNO every 24 hours.

This is a very alpha version... Let's see how it goes!

The faucet address is: nano_1ex1zqsdyqc3heiifc9sqc8pd8zmamkp3awgd5gwfejx9teqownw5fxrhgg5

Background

I would like to have a unique CSS stylesheet for nano.garden for users that prefer light themes. I started working on one but I did not like where it was heading (https://nano.garden/css/themes/nano-light.css), so I figured it would be better to out-source this task to more experienced members of the community. New themes in Lemmy are added by using a .css file that contains the variable definitions. A list of themes included in the official Lemmy can be found here: https://github.com/LemmyNet/lemmy-ui/tree/main/src/assets/css/themes

You can look through the different themes by going to your profile page and selecting the theme, and then you can pull the CSS file using the browser inspector to use a reference.

Deliverable

A .css file that contains the variable definitions for the stylesheet for the nano-light theme. The theme should feature a light color (white, cream, ivory, or similar) and one or a few of these blues [#209ce9, #3c4e7a, #5368a0]. The theme should work with the pages visible to regular users (main screen, profile, settings page, communities page, log-in screen). Other than this, you can get creative.

Conditions for payment

Payment will be delivered once the theme (or a derivative of it) is added as a theme to nano.garden.

Payment options

• Ӿ50 (XNO) delivered to a nano address.

---

If you start working on this, please make a comment to indicate that you are working on it. This is to avoid having multiple people working on the same task without being aware of the level of competition.

If you go to your profile settings, you will see the field "Nano Address". This field will allow you to fill in a public nano address that follows the standard format (nano_[60 alphanumeric characters]).

The current behavior is the following: If a profile has an associated nano address, an XNO button appears in their profile, next to their comments, and next to their name in post listings. Clicking on that button will open a new tab to nano.to/nano_address, which provides you with the address and a QR code to send a tip to that address.

If you visited nano.garden before this change, it may be necessary to delete the site's saved history/cache for the changes to be visible.

---

The code changes can be pulled from github and compared to the 0.18.3 tag: lemmy-ui, lemmy