karliatto

437 posts

karliatto

karliatto

@karliatto

Building tools to integrate #bitcoin in the real world. Co-founder of the @Bleskomat

Prague Katılım Kasım 2010
1K Takip Edilen1.3K Takipçiler
Sabitlenmiş Tweet
karliatto
karliatto@karliatto·
Verifying my account on nostr My Public Key: "npub1fcthj78n5re7dcyrva89gmvgz0z6g2v5rakr65shxemyvjwwdjzqcpeavj" Find others at nostr.directory @nostrdirectory #nostr
English
1
0
6
2.1K
karliatto retweetledi
Bitcoin Ekasi
Bitcoin Ekasi@BitcoinEkasi·
She turned her fiat cash into Bitcoin sats using the Bleskomat ATM at Bitcoin Ekasi — then used those sats to buy goods at the thrift shop. A full Bitcoin circular economy in action: earn, exchange, and spend sats in the real world. One transaction at a time, the future of money is being lived today in the community.
English
7
32
132
6.2K
karliatto
karliatto@karliatto·
Voy a estar hablando en @bcc8333 de la forma que yo entiendo la educación libre/soberana y mis experiencias. Experiencias e ideas de educación basadas en la soberania y la libertad. ¿Té intersa el tema? Anímate y así juntos nos enriquecemos en este tema.
Español
0
0
4
188
karliatto retweetledi
Paul Moore - Security Consultant 
Paul Moore - Security Consultant @Paul_Reviews·
Hacking the #EU #AgeVerification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn't be encrypted at all - that's a really poor design. 2. It's not cryptographically tied to the vault which contains the identity data. So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app. After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid. Other issues: 1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying. 2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step. Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
Paul Moore - Security Consultant @Paul_Reviews

.@vonderleyen "The European #AgeVerification app is technically ready. It respects the highest privacy standards in the world. It's open-source, so anyone can check the code..." I did. It didn't take long to find what looks like a serious #privacy issue. The app goes to great lengths to protect the AV data AFTER collection (is_over_18: true is AES-GCM'd); it does so pretty well. But, the source image used to collect that data is written to disk without encryption and not deleted correctly. For NFC biometric data: It pulls DG2 and writes a lossless PNG to the filesystem. It's only deleted on success. If it fails for any reason (user clicks back, scan fails & retries, app crashes etc), the full biometric image remains on the device in cache. This is protected with CE keys at the Android level, but the app makes no attempt to encrypt/protect them. For selfie pictures: Different scenario. These images are written to external storage in lossless PNG format, but they're never deleted. Not a cache... long-term storage. These are protected with DE keys at the Android level, but again, the app makes no attempt to encrypt/protect them. This is akin to taking a picture of your passport/government ID using the camera app and keeping it just in case. You can encrypt data taken from it until you're blue in the face... leaving the original image on disk is crazy & unnecessary. From a #GDPR standpoint: Biometric data collected is special category data. If there's no lawful basis to retain it after processing, that's potentially a material breach. youtube.com/watch?v=4VRRri…

English
668
6.2K
24.7K
3.4M
karliatto retweetledi
BTCPay Server
BTCPay Server@BtcpayServer·
Announcing BTCPay Day 2026 Prague🇨🇿in partnership with @BTCPrague! 🗓️June 14th (day after BTCPrague ends), ⏲️12:00-16:00 🎫Register now day.btcpayserver.org
English
12
27
103
19.7K
karliatto retweetledi
BCC 8333
BCC 8333@bcc8333·
Ya está publicada la agenda de la @bcc8333 🔥 bcc8333.xyz/es >> Programa Charlas, paneles y workshops prácticos sobre #Bitcoin, privacidad, soberanía, estructuras paralelas, permacultura & soberanía alimentaria y comunidades. Os compartimos todo lo que va a pasar en estos 2 días de reunión cypherpunk en #Barcelona Hilo va con el primer día, viernes 29 de mayo!🧵
BCC 8333 tweet media
Español
5
8
27
1.6K
karliatto retweetledi
Portal Technologies Inc
Portal Technologies Inc@PortalOnX·
Build Freedom Tech with Super Secret Shadowy Coders! 🗓️2-20 March Join the people who brought you Toll Gate, Zapstore & Blossom for a 3 week Hackathon in beautiful Madeira! Tackle hard engineering problems and create the future you want to see!🙏 #upcoming-cohorts" target="_blank" rel="nofollow noopener">sovereignengineering.io/#upcoming-coho…
Portal Technologies Inc tweet media
English
1
1
8
389
karliatto retweetledi
Juraj Bednar
Juraj Bednar@jurbed·
🌐 Bridging Bitchat + MeshCore: Resilient communication when infrastructure fails Bitchat = Bluetooth mesh on phones you already have (~100m range) MeshCore = LoRa long-range mesh (km+ with cheap hardware) The bridge connects them. Your phone talks to the city-wide mesh network. Perfect for disasters, protests, internet shutdowns. Code: github.com/jooray/MeshCor… Releases: github.com/jooray/MeshCor… Read more: juraj.bednar.io/en/blog-en/202…
Juraj Bednar tweet media
English
36
200
1K
55.8K
karliatto retweetledi
Jonas Nick
Jonas Nick@n1ckler·
We just published "Hash-based signatures for Bitcoin," a new analysis of post-quantum schemes by @kudinov_mikhail and myself at @blksresearch. This paper serves as a gentle intro to hash-based schemes and explores how to optimize them specifically for application in Bitcoin. 🧵
Jonas Nick tweet media
English
48
250
1K
274.6K
karliatto retweetledi
AMBOSS ⚡
AMBOSS ⚡@ambosstech·
Lightning Network 2025 Stats: Year in Review ⚡️📊 Across metrics, Lightning showed robust growth with all the hallmarks of health and strength with its expansion. 2025 set a solid foundation for Bitcoin's MoE proliferation in the years ahead. Let the data show you👇
AMBOSS ⚡ tweet media
English
6
34
73
26.5K
karliatto retweetledi
Hackmanac
Hackmanac@H4ckmanac·
🚨Cyber Alert‼️ Zapier’s NPM Account Hacked, Multiple Packages Infected with Malware A compromised Zapier NPM account triggered a large supply chain attack that planted the Shai Hulud malware into 425 packages with about 132 million monthly downloads. The worm-like malware steals credentials, spreads through infected systems, and uploads stolen data to thousands of GitHub repos. It targets Windows, Linux, and macOS and poses a serious risk to development and production pipelines. Source: gbhackers.com/zapiers-npm-ac…
Hackmanac tweet media
English
0
23
56
11K
karliatto
karliatto@karliatto·
I'm really looking forward to this!
English
2
0
3
427
karliatto
karliatto@karliatto·
@jabravo The Socratic method. There is no second best!
English
0
0
3
170
José Antonio Bravo Mateu
José Antonio Bravo Mateu@jabravo·
I'm allergic to almost all Bitcoin podcasts. Well, I'm allergic to podcasts, no matter what they say. It's a unidirectional communication. Just receive, there is no debate, you can't argue. I prefer debates to monologues. Even when I'm participating. The fight of ideas bring more intellectual wealth to me.
English
5
1
17
2.4K
karliatto retweetledi
Tomas Susanka
Tomas Susanka@tsusanka·
There are some great questions about what exactly we’re doing on Safe 7 with respect to quantum security. Bitcoin and other crypto projects are not yet ready for quantum computers. That’s fine - we still have time - but I’m glad this is a discussion we’re slowly starting to have. If Bitcoin and other cryptocurrencies aren’t quantum-safe, it doesn’t really make sense to build a quantum-safe hardware wallet, right? Attackers would target the blockchains directly rather than your wallet. We’ve been thinking about what we can do already, and for Safe 7 we’ve introduced two modifications: 1. The bootloader is now signed with SLH-DSA (a post-quantum algorithm standardized in 2024) alongside a traditional ECDSA signature. 2. The device includes a certificate proving its authenticity, signed with ML-DSA, again alongside traditional signature schemes (ECDSA and Ed25519). The first signature (1) is verified every time you power up your Safe 7 - you can think of this as a quantum-safe boot process. No other hardware wallet has this as of now. The latter (2) is not yet implemented in Suite, but will be in the following months. You can find more technical details here: trezor.io/guides/trezor-…
English
7
13
106
17.2K
Lunaticoin ⚡
Lunaticoin ⚡@lunaticoin·
Primer close up de cómo luce la nueva @Trezor Safe 7 - conexión bluetooth cifrado - carga inalámbrica - unibody de aluminio - Con SE open TROPIC01 - Vibración responsive ¿Precio? Todavía por anunciar
Lunaticoin ⚡ tweet media
Español
15
5
157
10.2K

Keşfet

@BitcoinEkasi @BitFitness21M @bcc8333 @vonderleyen @BTCPrague @kudinov_mikhail @blksresearch @jabravo