How to self-custody Bitcoin using a Laptop or PC
HOW TO SELF CUSTODY BITCOIN USING LAPTOP OR DESKTOP PC. READ ENTIRE THREAD BEFORE ATTEMPTING AT HOME.
— k3tan (@_k3tan) November 17, 2022
STEP 1: Download and install Sparrow Desktop. It is available for Windows, Mac and Linux.https://t.co/Mt9FQprS5A pic.twitter.com/OKP6Bm5GFt
STEP 2: Connect to a public server from the list. I've used the Blockstream server for this example. pic.twitter.com/eG7Yenumqi
— k3tan (@_k3tan) November 17, 2022
STEP 3: Create a New Wallet by going to File > New Wallet (CTRL+N). Give it a name. Hit Create Wallet. pic.twitter.com/JmIm6raZRf
— k3tan (@_k3tan) November 17, 2022
Click on "New or Imported Software Wallet". pic.twitter.com/GPcPcqkKWY
— k3tan (@_k3tan) November 17, 2022
Under Mnemonic Words (BIP39) dropdown select "Use 12 Words". Hit Generate.
— k3tan (@_k3tan) November 17, 2022
WRITE THESE WORDS DOWN ON A PIECE OF PAPER. THE ORDER OF THE WORDS MATTERS. DO NOT SHOW THESE WORDS TO ANYONE. DO NOT SCREENSHOT IT. IF ANYONE ASKS FOR IT, THEY ARE SCAMMING YOU. pic.twitter.com/CKgHcZsMYI
Leave the Passphrase blank. Click on "Confirm Backup…". You will be asked to re-enter the words. Hit "Create Keystore". Leave the default derivation path as is (m/84'/0'/0') and click "Import Keystore". pic.twitter.com/Sy4qEmaeeQ
— k3tan (@_k3tan) November 17, 2022
Click on Apply pic.twitter.com/IkOTS1ggAL
— k3tan (@_k3tan) November 17, 2022
It will ask if you'd like to set a password to your wallet. I recommend you do. The wallet file will be encrypted with this password. Give it a strong one and click "Set Password". pic.twitter.com/ryjAhNb3lI
— k3tan (@_k3tan) November 17, 2022
Congratulations, you've just created your first #Bitcoin Wallet! pic.twitter.com/JbQX0jNrIt
— k3tan (@_k3tan) November 17, 2022
STEP 4: Withdraw from exchange
— k3tan (@_k3tan) November 17, 2022
Go to your exchange and withdraw a small amount of money. The exchange will ask you where you want the bitcoin sent to. Go to the "Receive" section of your wallet and copy and paste the address. It'll start with bc1q. pic.twitter.com/cWdEsceDHr
Your exchange will process your withdrawal request. If they can't deliver this within a reasonable timeframe (give it a week or so?), your exchange is full of shit. You should see the amount you requested hit your wallet.
— k3tan (@_k3tan) November 17, 2022
IMPORTANT DISCLAIMER FAQs. READ ON.
Your exchange will process your withdrawal request. If they can't deliver this within a reasonable timeframe (give it a week or so?), your exchange is full of shit. You should see the amount you requested hit your wallet.
— k3tan (@_k3tan) November 17, 2022
IMPORTANT DISCLAIMER FAQs. READ ON.
Great! Where to from here!?
— k3tan (@_k3tan) November 17, 2022
From here, do your first bitcoin transaction with the small amount you have withdrawn. Click on the send section of your wallet and fill out the details. You can send bitcoin to yourself, others, or me. ?https://t.co/MuDhlpDNdK
Is this the most secure way to store funds?
— k3tan (@_k3tan) November 17, 2022
No. But you can learn to grow. Next steps would be using a passphrase (different to password), then getting familiar with a hardware wallet. After that would be using a private server instead of a public one.
Where is the wallet file kept?
— k3tan (@_k3tan) November 17, 2022
The wallet file is a .mv.db file located on your computer in the location as per screenshot below. This file contains your private key (if it's a software wallet), labels, address information and more. It is encrypted with the password you set. pic.twitter.com/jQaoM8kZ3V
How can I backup?
— k3tan (@_k3tan) November 17, 2022
There are a couple of ways.
You can copy the .mv.db file to a couple of USB thumb drives for redundancy. If those USB drives are picked up by another person, they'd need your password to access your wallet. To restore, File > Open Wallet (CTRL+O) and select it.
If this doesn't work, you'll need the all important 12 words. Create a new wallet and input the 12 words back in. Your funds should recover. You may even want to test this with a small amount to see if it works. Note, anyone can do this, so keep the 12 words safe! pic.twitter.com/1ilEyzyFW4
— k3tan (@_k3tan) November 17, 2022
Best way to backup my 12 words?
— k3tan (@_k3tan) November 17, 2022
Paper is not great. (fire, flood, dog ate it, etc) Ideally, back it up on a metal device. There are plenty of options on the market. If you're ordering online, be sure to order it to a PO Box or Parcel Locker or work address, not your home address.
Where can I find more information?
— k3tan (@_k3tan) November 17, 2022
The Sparrow Wallet docs section of the website is fantastic. There's also a telegram group. Just be careful with telegram – lots of scammers and imposters, but it's a great resource.
What about my shitcoins?
Dump them. Buy bitcoin with it.
What are some things to be wary of?
— k3tan (@_k3tan) November 17, 2022
1. Keyloggers installed on your computer. Minimise the input of your seed words using your keyboard.
2. Copy & paste malware. If you're copying a bitcoin address and there's malware installed that changes that address, be careful.
Should I use the same address twice?
— k3tan (@_k3tan) November 17, 2022
When you are receiving bitcoin into your wallet, it's best practice that you do not reuse addresses. Your wallet has plenty of addresses, so just send a new one each time you want someone to send you bitcoin.
Why does everyone think Twitter is doomed
I've seen a lot of people asking "why does everyone think Twitter is doomed?"
— Mosquito Capital (@MosquitoCapital) November 18, 2022
As an SRE and sysadmin with 10+ years of industry experience, I wanted to write up a few scenarios that are real threats to the integrity of the bird site over the coming weeks.
For context, I have seen some variant of every one of these problems pose a serious threat to a billion-user application. I've even caused a couple of the more technical ones. I've been involved with triaging or fixing even more.
— Mosquito Capital (@MosquitoCapital) November 18, 2022
1) Random hard drive fills up. You have no idea how common it is for a single hosed box to cause cascading failures across systems, even well-engineered fault-tolerant ones with active maintenance. Where's the box? What's filling it up? Who will figure that out?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
2) Physical issue with the network takes down a DC. I gather Twitter is primarily on-prem, and I've seen what happens when a tree knocks out a critical fiber line during a big news event.
— Mosquito Capital (@MosquitoCapital) November 18, 2022
3) Bad code push takes the site down. Preventing this was my day job, and I can tell you that it's one of the scariest scenarios for any SRE team, much less a completely understaffed and burnt-out one.
— Mosquito Capital (@MosquitoCapital) November 18, 2022
4) Bad code push takes the site down *in a way that also fucks up the ability to push new code*. This is the absolute nightmare scenario for teams like mine. When something like this happens, it's all hands on deck. Without deep systems understanding, you might never get it back.
— Mosquito Capital (@MosquitoCapital) November 18, 2022
5) Mystery SEV. Suddenly, the site goes dark. The dashboard is red. Everything seems fucked. There's no indication why. You need to call in the big guns. Teams with names that end in Foundation. Who are they? How do you call them?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
6) Database is fucked. It's a big one. Everything is on fire. Who's the expert for this one?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
7) Someone, say, entirely hypothetically, @wongmjane, finds a critical security vulnerability in your prod iOS app. You need to fast-track a fix, *stat*. You have a team of experts who know how to navigate Apple's Kafkaesque bureaucracy for app updates, right? I sure hope you do.
— Mosquito Capital (@MosquitoCapital) November 18, 2022
8) Someone notices that it's possible to read anyone else's DMs by loading up a particular URL. This is a SEV1, massive, all-hands-on-deck, critical issue. You need people who understand deeply how your privacy abstractions work, and how to fix them.
— Mosquito Capital (@MosquitoCapital) November 18, 2022
9) The site goes dark at 4am. The oncalls have no idea what's wrong. You *need* an IMOC (Incident Manager On Call) who knows who to wake up, why, and how. Someone who understands your systems, can synthesize information at lightning speed, and coordinate a recovery effort.
— Mosquito Capital (@MosquitoCapital) November 18, 2022
10) The system you use to *find other systems* internally goes down. None of your systems can talk to each other. The site, and all your tools, immediately fail. The tools you need to revert the breaking change are all FUCKED. Can you figure this one out with a skeleton team?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
11) It's 5pm on a Friday. The dashboards all go red at once. The web fleet is seeing cascading reboots. The disks have been filling up since Wednesday. There were hundreds of code changes across multiple interlocking systems on Wednesday. Revert any of them at your own risk…
— Mosquito Capital (@MosquitoCapital) November 18, 2022
12) Oh shit. You reverted one of them. Now every locked account's tweets are visible to everyone. People might literally get murdered with machetes over their posts. That's not a hypothetical. It's now 9pm. The site is fucked. Who are you going to call?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
13) The system that ensures server changes are safe to push to prod is failing. You have, say, 30000 tests that *must* run to ensure privacy/security/compliance/reliability. One of the tests is causing the failures. Can you find it? Also it's the World Cup. Also the site is down.
— Mosquito Capital (@MosquitoCapital) November 18, 2022
14) A user in the Phillipines is about to post CEI to the platform. You *cannot* leave that content up. Do you have your employees with relationships with PH law enforcement? Do you have your content moderation systems working? Do you have your moderators?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
15) The FBI wants to inspect the contents of the DMs of someone they think is about to commit 9/11 2: Atomic Boogaloo. Do you have a system to grant them access? Do you refuse them access? How do you know it's really them?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
16) You grant them access. Now someone from a country known for horrific human rights violations is knocking. They have an official-looking subpoena. Do you let them see a dissident's DMs? Can you articulate why? You might need to, in a very official court somewhere in Europe.
— Mosquito Capital (@MosquitoCapital) November 18, 2022
17) Another country is telling you that they want all of your data on their users stored on servers in their country. Do you have policy experts for that country? Do you have a lot of *very* motivated lawyers? Do you have an infra eng who knows how to partition your data just so?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
18) GDPR. You're found in violation. It took a team of 100s of engineers, lawyers, policy experts, designers, and managers months of "hardcore engineering" to be in compliance in the first place. Can you get back? I assure you, not doing so will cost more than an org's headcount.
— Mosquito Capital (@MosquitoCapital) November 18, 2022
19) Once a day, every day, at 12:13am, a specific service in your data pipeline slows to an absolute crawl. It doesn't seem to be causing any issues, but you're a bit concerned as it seems to be getting worse. Do you assign an SRE to take a look? Do you have any left?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
20) The service you use to discover other services is working fine, but one of your best engineers does some calculations and realizes it won't scale to more users and more services, and (hypothetically) you want to build a super-app called X. Do you rewrite? What do?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
21) You decide to rewrite. 8 months later (lol) your new system is ready to take on its first users. Who's coordinating the migration? Do they *really* understand complex systems? Are they good with people? Can they execute? Do they have the domain knowledge they need?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
22) You just hired a great-seeming engineering director from Microsoft for a core org. Slowly, their org's productivity slows, and attrition climbs *way* up. The director swears everything is fine. If you fire the director, one of your VPs suddenly has like 18 reports. What do?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
23) An engineer just kicked off a command to reboot the fleet. Oops, they didn't use –slow. Now all of your caches are empty. All of them. Every request goes straight to DB. The DBs all get overloaded instantly, some start to OOM and reboot loop… How do you refill the cache?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
24) World Cup. It is *the* defining event. We used to have watch parties for the traffic charts. The amount of traffic your site gets in one week is mind-blowing. It's in huge bursts. It tests *every* system you have to its limits. If one breaks, hope it doesn't cascade. It will.
— Mosquito Capital (@MosquitoCapital) November 18, 2022
25) New Year's Eve, USA East Coast. Every year. I remember sitting outside the office, fireworks exploding in the distance, frantically calling the video oncall. Everyone posts videos of their fireworks. *Everyone*. It will fill up disks and test your bandwidth to the very limit.
— Mosquito Capital (@MosquitoCapital) November 18, 2022
26) I've said it before, but… CEI. If you mishandle it, if your policy people and lawyers are not top of the fucking line, you *will* get yanked in front of Congress, in front of judges, into the evening news, places you don't want to be if you're running a social media company
— Mosquito Capital (@MosquitoCapital) November 18, 2022
27) Physical security of your offices. Security guards told me they keep *long* lists of crazies, commit them to memory. People want to fucking kill Zuck. Like ritual murder in the bathtub shit. They show up at the office *all the time*. Is your security team staffed and ready?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
28) Genocide. People use your platform to orchestrate mass murder, the machetes in churches kind. And fast. Lightning fucking fast. You need to be prepared *before*. If you don't have a team who knows how to detect and stop this ASAP, your ass is getting dragged to The Hague
— Mosquito Capital (@MosquitoCapital) November 18, 2022
29) Rebellion. Millions of people will use your platform to orchestrate rebellion against their government. Do you use the tools for #28 to stop them? Do you let it ride? How do you decide? What if you let it ride and the same thing happens next week in a country you really like?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
30) Bus Factor. Say you have 3 senior+ level SREs left in your Core Services org. They are absolutely indispensible, for reasons you can infer from above. How do you keep them all alive? Can they be on the same plane? What's the contingency plan if they all kick it anyway?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
31) Invaders. A single box in your datacenter is mistakenly connected to the public Internet and forgotten for years (this really, really, really does happen, I promise). Someone pops the box. They're in. How do you detect it? What do you do once you do?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
32) Invaders: The Quiet Ones. They're in your network. They're just watching, and waiting. Not doing anything. I promise you, a great security org can detect even this. If you don't have a great one left… What damage can be done by observation? Credit card data? Passwords? DMs?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
32) Invaders: The Quiet Ones. They're in your network. They're just watching, and waiting. Not doing anything. I promise you, a great security org can detect even this. If you don't have a great one left… What damage can be done by observation? Credit card data? Passwords? DMs?
— Mosquito Capital (@MosquitoCapital) November 18, 2022
34) Invaders: The Chaotic Ones. They're here to do some fucking damage. They could delete data, reboot the cache fleet and take down the site for weeks, post nuclear threats as the POTUS… You better have a big, talented, experienced security team if you want to be ready.
— Mosquito Capital (@MosquitoCapital) November 18, 2022
56) Spam! Spam is an *existential* threat. You need automated systems, AI-based clustering, entire teams doing manual review, and some *extremely* smart, driven, and creative engineers adept in adversarial thinking because you absolutely must be one step ahead at all times
— Mosquito Capital (@MosquitoCapital) November 18, 2022
