Remco

Going down the Ren rabbithole. I'm in awe.... youtube.com/watch?v=s_nc1I…

@donttreadonme4_ @Multicripto @start9labs StartOS 0.4 only, which is currently in alpha

@Multicripto @start9labs Is this only available through the alpha registry? Or can we get it from another registry?

Am-I.exposed en la 040 marketplace de @start9labs

@start9labs @Multicripto My startos openclaw agent did the same earlier this week, not tested/pushed yet since I need to update my test box first. But awesome to see with good docs and skills that llms can package for startos!

@Multicripto Took exactly 32 minutes to package this for StartOS, test, and release to the 040 marketplace. Source code:: github.com/Start9Labs/am-… Cool servicee @Multicripto, thanks!

Do you know what your Bitcoin transactions reveal about you? am-i.exposed shows you. It's an on-chain privacy scanner that analyzes addresses and transactions. 🧵

@evankaloudis @bitcoinpolicy 'rational manufacturers' yeah right, as rational as FOSS developers merging age verification infrastructure code.

@bitcoinpolicy If this passes the rational manufacturers just won’t ship to Kentucky. Not worth cucking your product for these fools.

🚨BPI has just learned of an amendment buried in Kentucky HB 380 that would require hardware wallet providers to reset users' seed phrases on request. This would effectively outlaw self-custody in Kentucky. BPI is sending a letter to the Kentucky Senate informing them of the harmfulness of this language. Section 33 was added as a last-minute floor amendment to a 77-page virtual currency kiosk regulation bill. The underlying bill has political support and is expected to move through the Senate for final passage, possibly within the next week. The mandate is technologically impossible for non-custodial wallets. Hardware wallets are specifically designed so that no one — including the manufacturer — can access or recover a user's seed phrase. Requiring a backdoor for seed phrase recovery breaks Bitcoin's fundamental security guarantees and pushes users toward centralized custodians that are vulnerable to hacks and failures. Kentucky legislators should be protecting their constituents' right to secure their own property. We urge the Senate to strip this provision before the bill reaches a vote. Relevant text below

@GhostofMapl Slick design 👌

Cleaning up the place, new panel redesign.

🥲

accidently typed in gail.com instead of gmail, and its my new favorite website.

@ConsensusMecha @btcqna fire up a clanker and let it do a security review. Then host and use it locally connected to your own mempool.space instance.

@btcqna I’m afraid to check it :|

How good is this!?

@ZachSawatz3599 @GrassFedBitcoin @start9labs StartOS is free and open-source. you can install it on most modern devices.

@GrassFedBitcoin @start9labs So expensive tho.

New @start9labs is beautiful. The accompanying Start Tunnel is the revolution that was needed for the home-server to be genuinely usable without the horrible workarounds required before (Tailscale/Tor/DDNS etc). It just works. 0.4.0 will be in public beta any day now but the current alpha release is stable and I'm happy to recommend it.

@w_s_bitcoin 👍

@remcoros What you see on that dashboard is pretty much all he’s got exposed on his site. I’m just scrapping his data.

Cooking up a new bitcoin node count dashboard. Should be live on my site later today. 🍻

@w_s_bitcoin Ah you're pulling the data from other sources. Not sure about this, but wouldn't ip addresses be enough to find out the AS? Or you don't have individual ip addresses either?

@remcoros Unfortunately, Luke doesn’t have detailed historical data for different versions.

@btcqna go go go

Who wants to see these guys on #FREEDOMTECHFRIDAY?

BTC was ongeveer 30k EUR...

@isabelfoxenduke Over time, hardware becomes more powerful than the utxo set grows, so there's no problem imo. Optimizations are always good, but should be tackled at the software level, not the protocol level.

What’s your favorite proposal for mitigating the inevitability of an expanding UTXO set other than whining about monkey pictures that no one is currently making or trading anyway? It occurs to me that the UTXO set is likely to expand over time regardless of the potential use of metaprotocols - any fave proposals for how we can make this reality less burdensome to nodes over time? I’m all ears @SuperTestnet

March 1st incident report On March 1, 2026, Bitrefill was the target of a cyberattack. Based on indicators observed during the investigation - including the modus operandi, the malware used, on-chain tracing and reused IP + email addresses (!) - we find many similarities between this attack and past cyberattacks by the DPRK Lazarus / Bluenoroff group against other companies in the crypto industries. The initial access originated through a compromised employee laptop, from which a legacy credential was exfiltrated. That credential provided access to a snapshot containing production secrets. From there, the attackers were able to escalate their access to our broader infrastructure, including parts of our database and certain cryptocurrency wallets. We first detected the incident after noticing suspicious purchasing patterns with certain suppliers. We realized that our gift card stock and supply lines were being exploited. At the same time we found some of our hot wallets being drained and funds transferred to attacker-controlled wallets. The moment we identified the breach, we took all of our systems offline as part of our containment response. Bitrefill operates a global e-commerce business with dozens of suppliers, thousands of products, and multiple payment methods across many countries. Safely switching all these things off and bringing them back online is not trivial. Since the incident, our team has been working closely with top industry security researchers, incident response specialists, on-chain analysts and law enforcement to understand what happened and how we can prevent it from happening again. A sincere thank you to @zeroshadow_io, @SEAL_Org, @RecoverisTeam and @fearsoff for their rapid response and support throughout this ordeal. What about your data Based on our investigation and our logs we don’t have reason to think that customer data was the target of this breach. There is no evidence that they extracted our entire database, only that the attackers ran a limited number of queries consistent with probing to understand what there was to steal, including cryptocurrency and Bitrefill gift card inventory. Bitrefill was designed to store very little personal data. We are a store, not a crypto service provider. We don’t require mandatory KYC. When a customer chooses to verify their account - e.g. to access higher purchasing tiers or certain products - that data is kept exclusively with our external KYC provider, with no backups in our system. Still, based on database logs, we know that a subset of purchase records was accessed and we want to be transparent about that. Around 18,500 purchase records were accessed by the attackers. Those records contained limited customer information, such as email addresses, crypto payment address, and metadata including IP address. For approximately 1,000 purchases, specific products required customers to provide a name. That information is encrypted in our database. However, since the attackers may have gotten access to the encryption keys, we are treating this data as potentially accessed. Customers in this category have already been notified directly by email. At this time, based on the information currently available, we do not believe customers need to take specific action. As a precaution, we recommend remaining cautious of any unexpected communications related to Bitrefill or crypto. If this assessment changes, we will of course immediately inform those affected. What we are doing We have already significantly improved our cybersecurity practices, but vow to continue to draw learnings from this experience to make sure user and company balances and data remain maximally safe. Specifically we’re: -Continuing thorough cybersecurity reviews and pentests with multiple external experts and implementing recommendations; -Further tightening internal access controls; -Further improving logging and monitoring for faster detection and more effective response; and -Continuing to refine and test our incident response procedures and automated shutdown procedures. The bottom line Getting hit by a sophisticated attack sucks (a lot). We’ve been in business for over 10 years and it’s the first time we’ve been hit this hard. But we survived. Bitrefill was designed to limit the impact if something like this ever happened. Bitrefill remains well funded, has been profitable for several years and will absorb these losses from our operational capital. Almost everything is back to normal: payments, stock, accounts. Sales volumes are also back to normal, and we are eternally thankful to our customers for your continued confidence in us. We will continue to do our best to continue deserving your trust. Thank you!

@murchandamus @benthecarman @darosior Yeah, it's only the internal mining code. GBT does not create the coinbase tx. Sjors has an open PR to add fields to GBT rpc so stratum can use these fields in their own coinbase construction logic

@remcoros @benthecarman @darosior Thanks, reading a little more of that PR it sounds like the changes affect Bitcoin Core on test networks, but don’t affect the GBT response and will not propagate via StratumV1. So, the miners did in fact make changes downstream beyond updating to start adding the locktime.

Hint: this is what it looks like if a soft fork is popular. Miners are starting to be forward-compatible to it, even before there is a concrete activation proposal.

@murchandamus @benthecarman @darosior nLockTime/nSequence changes were added to v30 here: github.com/bitcoin/bitcoi… It didn't make it into the release notes it seems.

@benthecarman I just checked the release notes, and maybe I missed something, but as far as I am aware, Bitcoin Core 30.x only added the sigops policy limit from BIP54. I don’t think that any Bitcoin Core release so far sets the locktime in coinbase transactions. Fact-check, please, @darosior?

Libbitcoin is coming.

@timoncc @killua_zoldx @cguida6 The content of the Great Consensus Cleanup has been pretty stable. There is a formal proposal for it now: github.com/bitcoin/bips/b….