Why are Sphinx forward messages not used in Lightning’s onion packets?

It is useful to send some additional information with a payment in LN. For example, spontaneous payments in LND send a payment_preimage to the destination of a payment. LND uses a non-trivial EOB format to try and encode this information into the hops_data. The hops_data must be a fixed size to prevent intermediary nodes knowing where they are in a route, which limits the size of information which can be forwarded.

The Sphinx protocol on which LN’s onion routing is based already supports forwarding encrypted messages as a separate field. The notation (M,δ) is used for an onion message, where the M corresponds to the onion_packet format in BOLT4. δ is the encrypted payload, which can be of arbitrary size, and is not used.

Would it not make more sense to utilize this message forwarding rather than trying to overcomplicate the protocol with the EOB format, which gains us a trivial number of bytes?

I can see that arbitrary size may be an issue for an attacker monitoring traffic flows. Perhaps δ can be made a fixed size and padded such that each update_add_htlc_with_payload remains a fixed size. We could potentially transfer larger and more useful information to the destination (in particular, I would like to be able to embed a refund invoice in the payment).

Are there any other issues with forwarding a separate encrypted payload which I’m unaware of?

Security Onion not displaying status of host running OSSEC agent in Kibana

I am deploying an instance of Security Onion to a test environment. In order to test OSSEC, I stood up an Ubuntu Linux host with assigned IP of and installed the OSSEC agent. Following configuration, I confirmed that the OSSEC agent instance was successfully added to the OSSEC server on the Security Onion instance by running

$  sudo /var/ossec/bin/agent_control -l  Wazuh agent_control. List of available agents:     ID:000, Name: user-virtual-machine (server), IP:, Active/Local     ID:002, Name: 001, IP:, Active 

Using Wireshark, I confirmed that communication was occurring as expected and that the Ubuntu host was regularly sending logs to the server.

I altered a file in /etc on the Ubuntu host which should produce an alert, and it would appear that this change was successfully flagged and an alert was successfully displayed in Squert on the Security Onion Instance.

Squert dashboard filtered on showing integrity alert

However, when I try to visualize alerts using Kibana on the Security Onion instance, my host running OSSEC does not appear as a monitored OSSEC instance at all. Only one device is listed as a monitored host, and that is my Security Onion instance.

Kibana dashboard, please note the sensor count and device count of 1

I’ve attempted to restart the Security Onion service and the host but have not been able to resolve this problem. I am new to Security Onion, so if I am fundamentally misunderstanding how this data should be displayed I apologize. Any help would be greatly appreciated.

DDD / Onion architecture in JavaScript

One reason I like .NET is because the ‘solutions’ and ‘projects’ lends themselves to good architecture.

Good architecture makes it easy to follow the happy path of Domain-Driven Design.

I’ve fallen into a habit of this kind of architecture for my projects. It’s just a common sense approach for the onion architecture, ports and adapters, etc. (Some would even argue those are all saying the same thing — it’s “a bona fide pattern“.)

enter image description here

That all works pretty well for me when I’m in the .NET world, using JavaScript for web apps with .NET as a back-end. (I know I could probably be doing some things better!)

But I get a little lost when I try to work on an all-JavaScript project.

I don’t want to get too specific about frameworks, but for example, I’m looking at an Ionic project — where the entire thing is just an Angular app hosted on a phone.

How does the onion or DDD fit into this?

enter image description here

Onion Architecture – Multiple Apps

Onion Architecture talks about separating the UI, Service, and Data Layers. All the samples usually given for this involve a single deployment model of the application. For example in .net most of the samples are

Web – MVC app
Core/Domain – Simple class library
Data – Entity Framework

What happens if my application has multiple deployment flavors? For example Azure resources versus On premise SQL Server. Does the solution break down into shareable projects? What happens when pieces of the infrastructure are shared?

Host – On-Premise – has the Program.cs and Startup class only, wires up all the dependencies. Also has logic to do migration/setup for infrastructure
Host – Azure – same as above

Web – Controllers, View, Models – but it class library not an app
Core/Domain – Doesn’t change
Infrastructure – SQL
Infrastructure – Azure
Infrastructure – X

Is this correct thinking? should the “App Hosts” be as minimal as possible and wire everything up? Should infrastructures be separated by the infrastructure they are utilizing or the deployment style (On premise vs Azure)? Is it strange to have an infrastructure layer not implement all the repositories defined in domain layer?

Generate new .onion address for bitcoind over tor

Been following this guide just to tinker around with bitcoind over tor. According to the guide, when bitcoind controls the tor daemon using controlport=9051 whenever you restart bitcoind tor should generate a new .onion address. This is not happening. If I restart bitcoind, tor or both, it always uses the same old .onion address. A fully system restart doesn’t work either.

how do I generate a new .onion address?

Note: I am NOT using /blah/var/hidden_service and cannot just delete the private key in that folder. When using controlport there doesn’t seem to be a private key anywhere. Or is there?