openoms

here is the repo of the online flasher to make that $46 device a full fledged Blockstream Jade Plus:

• https://github.com/Blockstream/jadediyflasher
• https://blockstream.github.io/jadediyflasher/

Lilygo S3 Pro with GC0308 Camera

• Generic (Hungary): https://lilygo.cc/products/t-display-s3-pro
• Germany: https://lilygo.cc/products/t-display-s3-pro-de https://openelab.io/products/lilygo-t-display-s3-pro
• US: https://lilygo.cc/products/t-display-s3-pro-us

openoms

LNURLpay over Tor

Setup used

• Raspiblitz on the dev branch (~v1.9.0rc3 - earlier versions should work)
• CLN / LND with incoming capacity on public channel(s)
• BTCPayServer v1.8.2 (an earlier version with LNaddress support should work)

Steps to create the service

• Create user and log in
• Create Store

openoms

venv
*.swo
*.swp
__pycache__

openoms

Software Version

bitcoin core: 0.21.0
core lightning: 0.11.1
joinmarket: 0.9.6

Step 1:

openoms

make !backups to your desktop! of:

• hsm_secret (this is the root key for your onchain funds - can be regenerated from the CLN backup words)
  • stored on the SSD: /home/bitcoin/.lightning/bitcoin/hsm_secret
• lightningd.sqlite3.backup (this is the realtime channel database backup saved to your SDcard by the backup plugin)
  • find it on the SDcard in /home/bitcoin/. If there are multiple backup files always use the latest one (the backups of the backup are dated and stored when the backup plugin is reinitialized - they can be discarded).

To start the process flash a new SDcard (keep your old SDcard as a backup) and make sure everything is working by starting a new (empty) CLN node and have bitcoind synced.

Upload the backups from your desktop (can use WinSCP on Windows):

openoms

#!/bin/bash
# https://lightning.readthedocs.io/

# https://github.com/ElementsProject/lightning/releases
# CLVERSION=v0.10.2

# install the latest master by using the last commit id
# https://github.com/ElementsProject/lightning/commit/master
# CLVERSION="063366ed7e3b7cc12a8d1681acc2b639cf07fa23"

openoms

#!/bin/bash

sudo apt update
sudo apt install openvpn -y

## define config filename and credentials
echo "# Type or paste the config filename and press ENTER:"
read config; echo $config; echo
#config="VPNconfig"
echo "# Type or paste the VPN username and press ENTER:"

openoms

#! /usr/bin/env sh

pkg install wget -y

echo "# Check the latest version at: https://www.freshports.org/net/zerotier/"
echo "# Which version to install?"
echo "# Example:"
echo "1.6.5"
read VERSION

openoms

the grand idea

I like public key auth. I feel safer using them instead of a username and password login. But, I might not have my private key with me at a time where I need access.

I started using yubikey with LastPass and since I have it always on my keychain, I decided to find more ways to make use of it.

I wasn't originally aware, but if you pass a private key to ssh and sshd is configured to accept a key, it appears pam isn't used. Your authorized keys are checked and you are logged in. If you don't pass a private key, ssh falls back to the more standard un*x style login found in /etc/pam.d/sshd. This is where we'll add the yubikey pam. I am currently unaware of a way to use both public key auth and yubikey for login.

These steps worked for me on debian squeeze/wheezy.

more info at the yubico-pam github repo

openoms

# cards tested (same used for the SpecterDIY):
# https://www.alibaba.com/product-detail/JCOP-Dual-Interface-Support-RSA4096-ECC_1600070838098.html (no NFC)
# find more links to compatible products at: 
# https://github.com/Toporin/SatochipApplet#supported-hardware and
# https://github.com/cryptoadvance/specter-javacard#cards-that-make-sense

# Install the drivers and apps as for the SpecterDIY.
# The Satochip applet can be used parallel on the same card and will have a separate PIN.
# Download the applet from: 
# https://github.com/Toporin/SatochipApplet/releases