lightning network – How can I see the on-chain evidence of a lighting channel?

I am learning about lighting now and I’m trying to check my understanding on-chain w/ a block explorer. I have opened several channels already and closed some also.

I would like to confirm my understanding of the script logic (e.g. the 2-of-2 multisig, the HTLCs, and the conditional refunds) as described in the lightning white paper and other sources.

Unfortunately the block explorers I have tried only show “OP_0 ” under the Pkscript fields for these transactions, for example.

Is there any on-chain evidence of a lighting channel (before or after channel closure) or is that something that is discarded before settling on-chain?

Thanks in advance

multi signature – Is there any statistical evidence that 2 of 3 wallets are indeed the most common one?

I read the following statement:

2 of 3 wallets are the most common multi-signature wallets created. In
this case, the wallet requires three signatures, but only two are
needed to authorize a transaction.

Is there any statistical evidence that 2 of 3 wallets are indeed the most common one? Like some graph etc. Any kind of statistical evidence would be good. I want to use this fact in a research paper I am writing. I need some reference to cite.


forensics – Preserving crime evidence from a website I do not own

Is there a standard procedure when it comes to preserving evidence of a crime committed on a website of a third party?

Let’s assume that a crime was committed on a website I visit, like defamation. Other than using the Wayback Machine or browser plugins to save the page in case either the website owner or the perpetrator removes the evidence, is there a better way?

My goal is to be able to prove to the authorities that a crime was committed so that they start an investigation. For not-so-serious crimes unless it’s very easy to prosecute – e.g. the evidence is still accessible without the need for a warrant – the police might not even bother.

software engineering – Is providing an evidence of a resolved bug or a finished user story responsibility of a developer?

If you, as a developer, claim that the bug is resolved, then it is QA’s job to see if this is true, make sure that the bug is completely resolved and not only in some cases, and possibly to re-open a Jira, WHILE PROVIDING MORE INFORMATION.

For example, it happens that a bug happens in situation X, but also in situation Y. The original Jira reports the bug in situation X, and the developer fixes it. What your QA person does (asking for evidence that it is fixed) is pure nonsense. Your answer should be “do your job and test it”.

A reasonable QA person will test the fix and maybe find that it happens in situation Y as well. If they are good at their job, they will reopen the Jira and add that situation X is fixed, but they found another situation Y where the bug happens. They may decide that Y is different enough to make it a new Jira. A bad QA person will just say “not fixed” and reopen it and waste everyone’s time.

vulnerability – Do these logs indicate someone spying on me? Can I use this as evidence to report to IC3/police?

Logs are provided below. Questions: “Do these router logs indicate I was hacked or being spied on? If so can I report it to IC3/police as legitimate evidence?”

Hello, I hope I am in the right place. I have been paranoid the past year that a specific person is spying/hacking me.

Unfortunately I have no idea how computers/internet work, so it took a while to find out that I could actually access logs via my router. I had no idea the login-username combo for routers are easily accessible.

My logs are provided in this picture. I checked the IP geolocation for all of them. Some I recognized (like companies that were helping with my internet), but some of them were from China/Romania/UK/Netherlands/Germany/India. But I don’t know if any of this is ‘normal’

I assume the logs indicate someone using a VPN/TOR to spy on me, but I wanted to ask you all first. After all I don’t know how to read these and it might be normal. I also would like to know if this is legitimate evidence I could report to IC3/police.

Thank you.

enter image description here

UK DATV – Evidence onward journey is booked

The text you quote explicitly states that you must provide evidence that your onward journey is booked or confirmed.

So just evidence that the flight exists (or is currently scheduled, more accurately) is not sufficient. You need to show that you have a booking or a ticket. A booking without actually buying the tickets is uncommon these days unless you go through a travel agent (and often, only applicable to specific fares), though some airlines allow it online (sometimes for a fee). In both cases, you should have a PNR (booking reference). If you buy the tickets you will have a ticket number in addition.

As there is no guarantee that you will get your visa, if you actually buy a ticket, you should of course get one that is refundable.

You best bet if you don’t want to buy the ticket at this stage is to go through a traditional travel agent who should be able to create a booking for you before buying the ticket. Note however that such bookings may expire quickly, and if the UK authorities check the booking reference and don’t find the booking that could play against you. Also, as usual, an actual ticket is a stronger indication that you actually do not intend to enter the UK.

Make sure you double-check the criteria for a DATV. Many types of transits (if you are self-connecting instead of having a single booking for both flights or if you need to change airports, for instance) will require a Visitor in Transit visa instead.

I found evidence Hal Finney was working on Bitcoin (05 Jan 09) before v.0.1 was released (09 Jan 09). Is there any evidence he was involved earlier?

I found evidence Hal Finney was working on Bitcoin (05 Jan 2009) before v.0.1 was released (09 Jan 2009). Is there any evidence he was involved earlier?

whatsapp – Is there any public evidence that (mainly US) intelligence services have especial difficulty reading either Telegram’s or Signal’s encrypted messages?

Preface: the question being asked here is summed up in a single, lone boldfaced sentence at the end. Everything else is caveats and background. How isn’t this question clear and focused?

I imagine like either leaked or otherwise published official memos on efforts and signals intelligence programs to intercept and crack different types of communications either lamenting or chronicling the technical difficulties in doing so and resultant “blind spots”. Or, for example, the spectacular national FBI/Apple controversy in which Apple’s compliance or non-cooperation proved ultimately moot as the FBI payed some Israeli consultancy some insane sum to license their encryption cracking package which was able to break it (so we know that these exploits are not only possible, but actually exist).

WhatsApp obviously employs Signal’s publicly released encryption code, but its own base is not only proprietary and unaudited, but also is the subject of an embarrassingly endless and regular stream of exploits – suffice to say that security is not its main concern.

Further, it contains such an appalling design oversight as to make it suspicious as to whether it is designed intentionally with this objective in that if cloud backup options are not manually disabled, then all of one’s correspondence with all of one’s correspondents, regardless of one’s correspondents’ own settings, is uploaded in plain text to one’s storage provider.

Signal is FOSS, and I suppose fully audited, but distributed (and compiled? Signed?) by Apple or Google, depending on the delivery platform. So they could be tampered with by slipstreaming maliciously modified binaries into the distribution channels if one was targeted by court orders and they were ordered to do so.

But even if the binaries as installed are theoretically (ie, by design) meant to be trusted, like signed by the developers’ own keys, iOS is so opaque that if there were backdoors then I don’t think that anyone would likely even know, especially if they were ordered to target you for malicious/covert surveillance. Presumably the NSA’s army of security researchers also have genuine/innocent/candidly overlooked zero day vulnerabilities (in addition to those submitted by independent individuals for cash bounties) in their catalogs at their disposals, too, in the case of both iOS and Android, so that regardless of how secure either Telegram or Signal themselves are in message transmission security, the decryption keys can still be compromised through vulnerabilities in the underlying operating systems.

Between Signal and Telegram, I suppose that last I looked into the matter, both are open source, but only Signal’s codebase was audited. There are concerns about Signal’s substantial funding by the American foreign policy establishment, and Telegram’s Russian origin is perceived in contrast as a more independent provenance, yet nobody ever points out that the Russian backers of the app happen to be virtually as pro-American aligned as Russians these days get.

Telegram had a controversial gung-ho attitude about “rolling its own” crypto functions which many had felt was suspicious. They claimed that it was due to performance concerns with Moxie Marlinspike’s librarified Axolotl, which, if honest, precludes any malicious intent to covertly compromise the app’s security. It is more robust with a more varied feature set, and it does seem more innovative as well as configurable than Signal. However, people complained that its crypto components were not audited like Signal’s were, yet the Telegram developers seemed very confident and proud in their code’s integrity, and, as I recall, they said that audits to validate their confidence would come in time. This was years back now. But there was still a further issue that while Telegram was associated with end to end security, by default the chats were actually not encrypted, very arguably coaxing users into a false sense of security. Perhaps the audit has now been done, and perhaps chats are now end-to end secured by default.

Regardless of speculations as to the implications of all of these factors on actual security, what evidence do we have of the state’s abilities in actual practice to intercept and read messages in all of these apps, comparatively and respectively? For example, while we know that it is of course technically possible for even non-smartphones to be remotely activated as listening devices, through the account in Murder in Samarkand, we know some contexts and the conditions and levels of ease or frustration with which it is actually done.