Nirvati

@stephenz010 @jimmysong @ProductionReady > What Bitcoin needs is a new protocol implementation from the ground up. You mean like this? github.com/btcsuite/btcd

@jimmysong @ProductionReady What Bitcoin needs is a new protocol implementation from the ground up. It doesn’t need another fork of Core. We already have Knots, the de facto reference implementation at this point, doing a fine job of being what Core should have been.

More useless AI slop code that makes misleading claims about security: - Not all dependencies are SHA256-pinned - Dockerfile "removes network-capable Python code" for no reason This just hurts actual security projects. If you don't understand security, stop making slop.

You should always self-host your node 😉

This is a dangerous idea. Someone else's TEE = Not your keys = Not your coins A TEE makes it harder to access the keys, but a TEE can be compromised. Here are two papers with examples of previous issues: i.blackhat.com/briefings/asia… misc0110.net/files/sgxrop.p…

The Apple App Store rules are borderline illegal. This isn’t about security. It's not about malware. It's not about user experience. It’s about control. - Use Google login? You must add Apple login - Sell digital products? You must use Apple payments - Apple takes 30% of your revenue (this is frankly insane) - You can’t tell users about cheaper prices outside the app - You can’t use a different payment system like Bitcoin - Apple can reject your app with vague reasons (or bend over due to political pressure) - You can’t install apps outside their store (most regions) They own the platform. They compete with you on it. And you still have to pay them. Is this a monopoly or a mafia gang?

- Allow configuring Tailscale settings - Prevent installing conflicting apps (e.g. Bitcoin Core and Bitcoin Knots) at the same time - Various other bug fixes and improvements 🧵3/3

- Redesign the Contribute page to allow you to make financial contributions to Nirvati from the dashboard - Add an emergency repair feature that allows you to repair Nirvati if something goes wrong with an installation or update (Accessible on port 9080) 🧵2/3

Today, we're releasing Nirvati 0.9.0. We couldn't fit everything we initially planned in this release, but more is coming soon. Thank you for your patience! Here's what's new: - Add a new server overview that shows resource usage and connected servers 🧵 1/3

@defenwycke Not sure which AI you used to hallucinate this post, but tell it that this is intentional behaviour and only affects the mempool.

Bug 1: BIP-110 enforces its rules BEFORE it activates. The 256-byte push limit, OP_IF ban, annex ban, and control block restrictions are hardcoded into STANDARD_SCRIPT_VERIFY_FLAGS (a compile-time constant). The moment you run this binary, your mempool rejects transactions the rest of the network considers valid. There's no waiting for activation.

I audited the BIP-110 activation client (v0.3, latest release) and found critical bugs that would affect Mainnet if deployed. These aren't theoretical. They are in the code right now. Thread.

@coinjoined @BTCsessions But in the end, using the Bitcoin blockchain for this makes no sense for multiple reasons.

@coinjoined @BTCsessions This is a very common scam and old ladies probably fall for it too.

What are some of the worst Bitcoin FUD takes you've seen so far in this downturn? Drop screenshots and links!

@coinjoined @BTCsessions But most attacks like these work by the user getting the malicious script from somewhere and executing it immediately... So having a second stage payload stored somewhere isn't really a benefit, because you can easily update the page that is tricking the users into executing it.

@coinjoined @BTCsessions because a) It's already very easy to set up an anonymous server (and pay for it with Bitcoin) quickly b) Antivirus software can still recognise this as an attack The biggest benefit of it would be to have an "unremovable" malware payload stored permanently.

@meandmybitcoin So far, opfs4 is not supported. Censorship bypass solutions are on our roadmap, including Tor bridges and AmneziaWG support. However, I can not offer a solution for you that works immediately.

@getnirvati Hi. Tor and i2p are blocked in my country. Is it possible to set up a obfs4 tor bridge in nirvati? How?

As part of Nirvati 0.9.0, we're also launching a new LND wallet connection flow. This allows to revoke permissions for wallets connected using LNDconnect. Each wallet gets its own connection URL. If your phone ever gets stolen, you can revoke its access to LND with one click.

@BitsagaRob At Nirvati, we're trying to build something that's better than both Umbrel and Start9, including better security and multi-user support. We consider it important to be fair in comparisons and not use LLMs that can hallucinate things. nirvati.eu/compare/umbrel

@BitsagaRob > Tor by default, per service, per interface. Every service on StartOS gets its own .onion address and optional LAN address. In general, Umbrel supports multiple onion domains as well, but I can't comment on the details.

UMBREL VS START9: The Umbrel Pro just launched at a seemingly lower price than Start9, but here's what that new aluminum chassis is hiding underneath: The distinction is rather technical, but it matters because it's about the underlying architecture, how these systems are actually built: - Service isolation via Linux namespaces. On StartOS, every service runs in its own isolated container with cryptographically signed packages. Umbrel is fundamentally a stack of Docker Compose files talking to a shared Docker daemon. DockerHub is a single point of failure. - HTTPS on the LAN out of the box. StartOS acts as its own Certificate Authority with self-signed TLS certs. Umbrel uses unencrypted HTTP over the LAN — anyone on your WiFi can trivially intercept your passwords and funds. That $700 CNC aluminum enclosure? Same plaintext HTTP underneath. - Signed service packages. StartOS services are cryptographically signed and verified. Umbrel pulls images from DockerHub, where the supply chain is less transparent. - Graphical service configuration. Config files are presented in StartOS as rich forms with dropdowns, toggles, validated inputs and descriptions. Umbrel requires SSH and the command line. - A real OS vs an app layer. StartOS is a full Linux distro (hardened Debian). Umbrel is an app that installs on top of Debian or Ubuntu, meaning you're always dependent on host OS security, which Umbrel doesn't manage. - Health checks & live logs in the GUI. StartOS has custom health checks per service and live log viewing. Umbrel has neither, you need SSH to inspect anything. - Automatic dependency management. StartOS handles inter-service dependencies automatically. Umbrel leaves that to service authors, it only shows you what's missing. - Tor by default, per service, per interface. Every service on StartOS gets its own .onion address and optional LAN address. Interfaces are split: RPC, P2P, and UI each get a separate Tor hidden service. Share your P2P address for peering without exposing your RPC or dashboard. On Umbrel, these functions often share the same network context. Give someone your P2P address and you're implicitly pointing them to your RPC and UI. On StartOS, knowledge of one reveals nothing about the others. Defense in depth at the network layer. - Umbrel Pro with 4TB SSD is €1099, Start9 with double the RAM (32GB) and 4TB SSD is €890 (at Bitsaga). Bottom line: Umbrel optimizes for aesthetics and as much functionality as possible. Start9 optimizes for architecture and security. One gives you a beautiful front door. The other gives you walls, locks, and a vault. If you're running a Bitcoin node to verify your own transactions and protect your sovereignty, the stuff underneath the UI is the thing that actually matters. Now, Umbrel is great. It's empowering a lot of people with running their own services, greatly improving sovereignty. But if you want the best, IN MY OPINION, that is definitely, still, Start9.