Lightning Network Observer

[franky1]

ooooh angelo..why oh why to you sound so ignorant and foolish for..
seems i talk more about the features and code and abilities and flaws of LN more then you do. and im not even a fan of the system,, all you seem to do is avoid aspects and features and flaws.

because whats seen in msat balance at GUI is not whats signed into the state!!

What's signed behind is signed in sats, not msats. It is rounded down. It has already been told to you like a gazillion times.

what is being signed (the state/commitment) is not signing a 1:1000 rate of msat to sat amount.. in the scenario i have told you about a gazillion times

go back and read the context of the scenario.. where n0nce atleast realised and agreed there is a difference between rounding and dividing
and that in LN they are 2 functions and both are performed

heck i even colour coded the differences..

seems you are ignoring parts to play dumb.

stop with the games and just have a proper think about things. do not hit reply until you can understand the whole thing. and dont reply if you just want to downplay it as a non flaw

i already understand and seen you try to ignore/downplay things a gazillion times .. so until you are ready to stop downplaying and actually have a proper risk aware discussion about a flaw there is no need for you to repeat your ignorance

i find it funny how after a few years now you have been promoting LN but not realised that what you broadcast is not also what you can revoke. because the revoke you get is against the other partys commitment not your.

i laugh that you dont realise when you get such revokes where you thought you had a revoke for the current stat at play

i laugh that you think that the only thing that msats do is "!round" and you did not know that there was a 1:1000 rate conversion involved.

please dont waste time on your LN promoting utopia games nor waste time on your bitcoin is unfit for normal use so offramp to LN as solution games.. and if you really care about your silly subnetwork. atleast try learning how it works

because trying to tell you lot about flaws wends up being teaching you lot how it even works because it seems you dont know. or just playing dumb to avoid talking about the flaws


meanwhile when someone pays me on the bitcoin network. its done settled complete.. i dont need faith, hope, trust, promises, or watchdogs or other party agreements.
ill stick with the bitcoin network

replying to below, and then just leaving you guys in your ignorance to play with your silly subnetwork of ignorance

i guess you enjoy ripping users off and not caring, by just saying its their own fault for not watching and checking things they cant see 24/7 . never blaming the flaw on lack of network security

He is actually currently making argument after argument about the horror of rounding down

I am back to ignoring him.

changing / 1000
          to / 1,000,00
is not a rounding error

but your ignorance has been observed

there is no network level consensus system in LN that prevents a person from this manipulation. however in bitcoin there is many rules to prevent this type of crap you are trying to say is a user to blame fault..

My point is that with a compromised host, you can do all sorts of shenanigans, be it Lightning, Bitcoin L1 or anything else.

nope. bitcoin has a load of rules to prevent alot of shinanigans. . thats the beauty of bitcoin..

once a payment is confirmed. its done. no middle men no manipulations. no i wonder if i will still have my money tomorrow. no what if he did mess with my payment i received..
in bitcoin you get a payment and its a done deal. if you want to check you can check on different explorers.. with LN all you can do is trust the wallet your stuck with

if i was to say bitcoin security was a 9.5 of 10 due to some weaknesses of wallet stuff(10 being perfect)

here is how i would rank the other networks structures security

distributed/decentralised sidechains: 7
federated/centralised sidechains: 4
LN bridged to a mainnet: 2.5
custodian: 2

[1714301690]

1714301690

[1714301690]

1714301690

[cAPSLOCK]

It´s incredible how much time people can spend with Frankies confused drivel. Face it guys: He doesn´t know shit about the Lightning network!
He is the Master Troll of bitcointalk.org.

He is actually currently making argument after argument about the horror of rounding down to the nearest $0.000169 on channel close.  Bitcoin can do a 1000x and we will still just be rounding down to less than nearest quarter the USD value.  Lol.

I am back to ignoring him.

[n0nce]

there is no network level consensus system in LN that prevents a person from this manipulation. however in bitcoin there is many rules to prevent this type of crap you are trying to say is a user to blame fault..

My point is that with a compromised host, you can do all sorts of shenanigans, be it Lightning, Bitcoin L1 or anything else.

yet no one was spotting thor turbos wallet that had channels of msat balance but no funding lock to back those msats..
... i spotted it the day they announced the features and you lot were telling me to shut up, many of the pals you adore and support were trying to call it a feature not a flaw

I haven't heard about Thor Turbo until now to be honest. Do you have a GitHub link to this wallet or something?

I know about regular 'Turbo channels' (simply 0 conf), but as long as your client is secure and legit & you wait for a confirmation before using it, there's literally nothing to worry about.

you are really really ignoring how things work, playing dumb, or just avoiding things by acting ignorant

He's responding to every bullshit you've been whining about. Ironically, you're going off-topic more often that he does. He's straight to the point, and you're constantly avoiding it.

Yes, I'd reeeeally like to hear him admit: 'This specific Lightning Network attack (modified msat / sat multiplier) I am very worried about, and I keep bringing up, actually only works if you download a malicious client; similar to how malicious Bitcoin L1 clients wipe users' funds who entered a seed phrase into them (or do so later). Besides, these attacks through hacked L1 clients did happen, meanwhile a hacked L2 client with a modified multiplier didn't appear in the wild yet.'

It's kind of logical, because you would need to not only get people to install that client but also get them to open channels with you. Meanwhile distributing a malicious L1 client (e.g. that exfiltrates your seed or whatever), doesn't require additional actions and make it easier to take the money and run than attaching your Lightning node's identity to such crime.

what is being signed (the state/commitment) is not signing a 1:1000 rate of msat to sat amount.. in the scenario i have told you about a gazillion times

'the scenario' being having been fooled into installing a hacked or malicious client and having opened a channel with the attacker?
Because I've been repeatedly trying to explain that malicious L1 wallets can exfiltrate the seed or otherwise steal user funds, too.
If your software setup isn't safe, you're kind of fucked either way.

meanwhile when someone pays me on the bitcoin network. its done settled complete.. i dont need faith, hope, trust, promises, or watchdogs or other party agreements.

If your Lightning installation is secure and running 24/7, Lightning payments are completely faith, hope, trust, promise-less, too.
The only downside is really this 24/7 requirement. The benefit is cheaper fees and faster payments. We acknowledge and never hide this fact, but it's just wrong saying that Lightning in general requires faith / hope etc.

However, if you install hacked or e.g. closed-source clients, you need to 'hope' in Bitcoin L1, as well. Sure, you may verify with a block explorer that a transaction was settled, but if the bad actor exfiltrated your seed, they have access to those funds, too and can steal them from you at any time. Different attack type, but through the same attack vector.

[franky1]

one more time

at the point of someone receiving msats and see it on their GUI.
they are not looking at any state/commitment.
and trying to find a state/commitment is hard to do on a phone app

(main utility wallet for people buying small price items like coffee/beer/sandwich(because no one takes a laptop with them into town))

upon someone seeing they received msat,
they if they were a business( cafe or a store) would hand over the goods. and "believe" they received the correct denomination that represents the amount of sats they think they are promised..

or if just a user like a street busker or someone getting paid to do landscaping on soneones yard. would think they got paid. and leave..


but wont find out if they have been paid in full. of actual real sats.. until the end of the month when they finally settle up. (as settling hourly/daily is not the premiss LN nerds are pushing)
oh and you cant find out by running some LN explorer or bitcoin explorer to check your LN channel msat balance is backed by sats. because its all loaded into a phone app which your channel service provider gave you
..
however in bitcoin receiving a real bitcoin transaction. is settled, confirmed and you can check it anywhere .. and then hand the goods over. meaning no worry, trust, faith..
also with bitcoin after getting payment, you dont have to stay online 24/7 wondering if some middle man will steal your funds
.
bitcoin does not need watch towers, doesnt need someone else to be online just to accept a relayed payment. (doesnt need a hop agreement stage of multiple participants pressing accept or needing to share/borrow someone elses balance just to push a payment around a network)
..
bitcoin has many security protections to not even relay transactions that dont have a confirmed utxo previous to it to back the current tx spend

plus a multitude of other security checks.. which is why in 2009 alot of cypherpunks that were playing with smart contracts before blockchains had issues. and then when bitcoin was announced they seen the wisdom of blockchains solved a smart contract problem

smart contracts dont solve a bitcoin problem. its the other way round

[n0nce]

changing / 1000
          to / 1,000,00
is not a rounding error

I'm starting to wonder why you obsess over this attack scenario. When you started with this factor of 1000 stuff, I thought you were confused about unit conversions. Then it became clear you are talking about a potential attack where someone distributes hacked clients where the msat/sat multiplier was messed with.
But if that's your attack vector, you can do so much more stuff with it. Like send yourself the seed of the underlying L1 wallet, maybe even plant a trojan or gather personal data lying on the machine.

there is no network level consensus system in LN that prevents a person from this manipulation. however in bitcoin there is many rules to prevent this type of crap you are trying to say is a user to blame fault..

My point is that with a compromised host, you can do all sorts of shenanigans, be it Lightning, Bitcoin L1 or anything else.

nope. bitcoin has a load of rules to prevent alot of shinanigans. . thats the beauty of bitcoin..

You are talking about users installing a hacked client that could e.g. exfiltrate their seed phrase. The blockchain doesn't protect against that, right?

It´s incredible how much time people can spend with Frankies confused drivel. Face it guys: He doesn´t know shit about the Lightning network!
He is the Master Troll of bitcointalk.org.

He is actually currently making argument after argument about the horror of rounding down to the nearest $0.000169 on channel close.  Bitcoin can do a 1000x and we will still just be rounding down to less than nearest quarter the USD value.  Lol.

He's actually not; he's arguing that if you installed a client software that does the msat <> sat conversion wrong (e.g. by a factor of 1000), and opened a channel with the same person who gave you this wallet software, the amount of sats shown in GUI would be different (higher) than what will later be settled on-chain when closing the channel.
Which I find really far-fetched as attackers could just steal the seed or do other attacks if they can get you to trust your keys to their software.

[franky1]

ok i am going to call it a night because you are still..(how many pages later) trying to play the sweep under the carpet shenanigans to just say "its a user fault for using a hacked wallet"

no its a network fault for not having rules that can pick up on things.. thus allowing wallets a lot more freedoms to be attack vectors

bitcoin does not have the same problems LN does.
so have a hard think about that. without just rushing to press the reply button to be a ignorant brush under the carpet artist

but i am glad you admit there are alot of attack vectors.. dont back peddle it and brush it under the carpet.
instead think of what things can be implemented to reduce the attack vectors at a network security level of other nodes banning such nodes if spotted..

bitcoin has many security features that limit "node manipulation" of payments

if you reply once again with a brush under the carpet  sounding reply. or a response where you treat it as not a issue overall and just a user problem.. your neglecting the fact that you are then admitting you dont care about users on your favoured network
you will just blame them for the mistakes of using LN.. which is a shameful way to promote LN as utopia everyone should use, with promises and kisses they it all is fine and secure and nothing to worry or be at risk... then boom.. tell users its their own fault and not a LN fault when they use LN

..
much the same as when i call idiots using other networks
where they think they are "using bitcoin"

you would be calling your prefered network(ln) users dumb even when they are using the network you prefer(ln)

atleast i try to make people risk aware of both networks. atleast when people do use the bitcoin network their value is more secure. so a few less dumb people on the bitcoin network

cant say the same for those on the LN network thinking they are stilll "using bitcoin" whilst looking at a GUI of msats

[n0nce]

ok i am going to call it a night because you are still..(how many pages later) trying to play the sweep under the carpet shenanigans to just say "its a user fault for using a hacked wallet"

no its a network fault for not having rules that can pick up on things.. thus allowing wallets a lot more freedoms to be attack vectors

It is not. There is no way for any network or technology to protect users from installing hacked software. That software, again, can do all sorts of things, like spy on the user, steal private keys, steal encryption keys, hold the users' data at ransom etc. -- this is just malware. You don't blame Bitcoin either, just because a user runs an outdated OS and installed a trojan which stole their seed phrase. No amount of blockchain explorers and transaction IDs protects you against that.

As far as the network is concerned, if it sees a transaction from that wallet, it's legitimate. Everything outside this scope is oblivious to it. Whether the signing key was stolen or not, whether someone gained access to the machine through a hacked wallet; the network does not know this.

bitcoin does not have the same problems LN does.

I'm not arguing with that. LN does have some issues that you don't face on L1. But the ones you're describing here are not it.

but i am glad you admit there are alot of attack vectors.. dont back peddle it and brush it under the carpet.
instead think of what things can be implemented to reduce the attack vectors at a network security level of other nodes banning such nodes if spotted..

The issue is that the attack vector you describe here, can affect any other piece of software or data on your machine, too. If you install what's essentially a computer virus, you can't blame all the software that is affected by it. Programs are almost never built to defend themselves against a locally installed virus. Bitcoin Core isn't either. There's nothing stopping a script that I send you, to go to .bitcoin, copy the HD seed (or individual private keys) and send it to my server through a REST API request. And I'm strongly arguing that this wouldn't be Bitcoin Core's fault, but yours or your OS'es.


Look; this is all a lot of back-and-forth. It can be reduced to a single question:
Do you believe that Bitcoin L1 wallets are completely secure, no matter what other software runs on your machine? And no funds can be stolen even if users download random wallets from the internet and potentially even input their seed phrases into them / deposit BTC into those wallets?

[franky1]

ok i am going to call it a night because you are still..(how many pages later) trying to play the sweep under the carpet shenanigans to just say "its a user fault for using a hacked wallet"

no its a network fault for not having rules that can pick up on things.. thus allowing wallets a lot more freedoms to be attack vectors

It is not. There is no way for any network or technology to protect users from installing hacked software.

ok lets again. say whats already been said
there are many rules that can be put in place

lets take the 0-confirm thor turbo unbacked msat thing to the test

again
nodes can have code as part of the NETWORK gossip of making route maps. to ban channels whos ID's (funding lock proof) do not have confirms
thus they dont become part of peers local maps thus not gossiped to their peers and so on. thus not part of the network to be a possible route

by the way it does hurt me to actually be helping you fools find solutions to problems because yea, i dont care about your network

but not as much hurt as seeing you fools promote LN as a sexy solution to something where you want to call broke to then say LN is a solution. when its LN that is the most broke of any networks associated with bitcoin(but not being bitcoin)

as for light app wallets that cant do checks. those wallets should have an ability not to broadcast to the bitcoin network just to find out(via losing). but do a test message (broadcast to a LN peer outside their channel partner) that can verify the state matches the "balance available" amount of a network map of that said channels msat balance
after al you already have features of invoices done peer-2-peer over sphinx you could also do "credit checks"

you know much like the pre-block relay network of bitcoin checks transactions before putting them into mempool or rejecting if input doesnt match a utxo

[BlackHatCoiner]

lets take the 0-confirm thor turbo unbacked msat thing to the test

No, let's not. Nobody in this thread has argued that opening a turbo channel is secure. It's a secure / comfort tradeoff, but nobody forces you to use it. Some lightning developers might as well use it, I don't care.

nodes can have code as part of the NETWORK gossip of making route maps. to ban channels whos ID's (funding lock proof) do not have confirms

Sounds great. Individuals can configure their node as they please, but cannot enforce their rules on other people's software.

by the way it does hurt me to actually be helping you fools find solutions to problems because yea, i dont care about your network

You don't care but you're the one who's talking about it most frequently. 

[n0nce]

ok i am going to call it a night because you are still..(how many pages later) trying to play the sweep under the carpet shenanigans to just say "its a user fault for using a hacked wallet"

no its a network fault for not having rules that can pick up on things.. thus allowing wallets a lot more freedoms to be attack vectors

It is not. There is no way for any network or technology to protect users from installing hacked software.

ok lets again. say whats already been said
there are many rules that can be put in place

Which Bitcoin network rules exactly, protect you from the attack I described (seed exfiltration) which requires the same attack vector like the one you've been warning about in Lightning (hacked wallets)?

Because this below, is a whole different topic (Turbo channels), right. So are you confirming that the attack vector you previously kept pushing, does exist in Lightning just as well as in Bitcoin L1, and therefore shifted to a new argument?

lets take the 0-confirm thor turbo unbacked msat thing to the test

again
nodes can have code as part of the NETWORK gossip of making route maps. to ban channels whos ID's (funding lock proof) do not have confirms
thus they dont become part of peers local maps thus not gossiped to their peers and so on. thus not part of the network to be a possible route

by the way it does hurt me to actually be helping you fools find solutions to problems because yea, i dont care about your network

but not as much hurt as seeing you fools promote LN as a sexy solution to something where you want to call broke to then say LN is a solution. when its LN that is the most broke of any networks associated with bitcoin(but not being bitcoin)

as for light app wallets that cant do checks. those wallets should have an ability not to broadcast to the bitcoin network just to find out(via losing). but do a test message (broadcast to a LN peer outside their channel partner) that can verify the state matches the "balance available" amount of a network map of that said channels msat balance
after al you already have features of invoices done peer-2-peer over sphinx you could also do "credit checks"

you know much like the pre-block relay network of bitcoin checks transactions before putting them into mempool or rejecting if input doesnt match a utxo

[franky1]

ok i am going to call it a night because you are still..(how many pages later) trying to play the sweep under the carpet shenanigans to just say "its a user fault for using a hacked wallet"

no its a network fault for not having rules that can pick up on things.. thus allowing wallets a lot more freedoms to be attack vectors

It is not. There is no way for any network or technology to protect users from installing hacked software.

ok lets again. say whats already been said
there are many rules that can be put in place

Which Bitcoin network rules exactly, protect you from the attack I described (seed exfiltration) which requires the same attack vector like the one you've been warning about in Lightning (hacked wallets)?

your silly crap about what happens o someones computers hard drive.. is completely differnt to protecting someones payment on the network

i dont are if your wife decides to hack your wallet file and then divorce you. thats between you and your wife in your house where you should be using passwords

its about the protection of PAYMENTS between users on a crypto- network
ensuring people on a crypto network  network get paid and not able to abuse each other

do you know why crypto/blockchains were invented. yep electronic payments systems to allow payments over the internet in a way thats more secure then using a custodian, middle man, partner.. to then not need such other people managing or messing with payments before you can settle/be confirmed that you have it. an no one else can cheat it

again you are avoiding the actual scenarios ..

have you learned nothing in the last year about al the crap about the stablecoin, custodian  and sidechain fiascos this year alone

if you want to not thingk there is a problem where by networks should be left with crap security then so be it you carry on using those networks

ill stick with bitcoin which does check payments before putting into blocks to ensure transactions do have a UTXO backing the tx. and when confirmed (received) the recipient knows its done and complete and not a "maybe" or "what if"

you cant say the same about LN

so last time i will say it
knowing you "think" there is no network problem(in your mind) with LN
is where i see the problem with people like you. you lot are too utopian dreamy kiss assy promoters trying to sway people into your insecure network by pretending its better than bitcoin but then leaving those users at risk and blaming them if things go wrong.

your favoured network and favoured buddy group are the problems that give crypto a bad name.. so please do one thing

stop subtly trying to make people think LN is bitcoin 2.0 or a solution..
atleast try to make people aware its a small niche service network for atrisk  small value amounts for short term convenience.. rather then trying to pitch it as the place everyone should use instead of bitcoi longterm

if you dont want to fix your network or realise the problems of your network. atleast fix your sales pitch and stop trying to make bitcoin look bad by your brand steal and silly narratives you lot are pushing too hard

[n0nce]

again you are avoiding the actual scenarios ..

I'm not; your scenario is: malicious software wallet can steal user funds.
That is true on Bitcoin L1, too, through seed exfiltration by API call.

[cAPSLOCK]

one more time

at the point of someone receiving msats and see it on their GUI.
they are not looking at any state/commitment.
and trying to find a state/commitment is hard to do on a phone app

(main utility wallet for people buying small price items like coffee/beer/sandwich(because no one takes a laptop with them into town))

upon someone seeing they received msat,
they if they were a business( cafe or a store) would hand over the goods. and "believe" they received the correct denomination that represents the amount of sats they think they are promised..

or if just a user like a street busker or someone getting paid to do landscaping on soneones yard. would think they got paid. and leave..


but wont find out if they have been paid in full. of actual real sats.. until the end of the month when they finally settle up. (as settling hourly/daily is not the premiss LN nerds are pushing)
oh and you cant find out by running some LN explorer or bitcoin explorer to check your LN channel msat balance is backed by sats. because its all loaded into a phone app which your channel service provider gave you
..
however in bitcoin receiving a real bitcoin transaction. is settled, confirmed and you can check it anywhere .. and then hand the goods over. meaning no worry, trust, faith..
also with bitcoin after getting payment, you dont have to stay online 24/7 wondering if some middle man will steal your funds
.
bitcoin does not need watch towers, doesnt need someone else to be online just to accept a relayed payment. (doesnt need a hop agreement stage of multiple participants pressing accept or needing to share/borrow someone elses balance just to push a payment around a network)
..
bitcoin has many security protections to not even relay transactions that dont have a confirmed utxo previous to it to back the current tx spend

plus a multitude of other security checks.. which is why in 2009 alot of cypherpunks that were playing with smart contracts before blockchains had issues. and then when bitcoin was announced they seen the wisdom of blockchains solved a smart contract problem

smart contracts dont solve a bitcoin problem. its the other way round

Damnit.  Stop your silly going on about this.

It is a LONG time before anyone gives a damn about a millisat!  A long time as in perhaps FOREVER.

SIXTY THOUSAND millisats is still only a PENNY in USD value.

You are barking on about people giving up FAR less than a penny when rounding down on a channel close. 

Every time that channel goes over another 1000 millisats, the receiving side has earned another 1 SAT.  Locked in.  Will settle. 

Would anyone be concerned that a channel that has been active for weeks, months, or years has to give up less than 1/500th of a penny in value when it closes?

No.  The answer is no.  And it will always be no.  And you are so wrong it hurts.  Or maybe just a good troll.  OK, I mean it this time.  Ignored.

[franky1]

heres the thing...

in the digital world, made of code..
EVERY bug, flaw, attack vector could be blamed on "malicious software"
you know.. because its.. code


but in a network of users of software. where there is a broad network protocol each users follows to stay inline with each other. where there is a modecome of trust that the network secures value so that payments cant be faked, frauded, stolen..

if users across the planet are using a network where that network cannot guarantee someone is going to get paid right.. guess what. that is not a guaranteed payment network. its not a system that protects users

especially if there is ways to prevent it but idiots dont want to fix it at network level and just cry "blame the user" "blame software"

if at network level you do not have a rule to seek/avoid such, (which can punish or ban users that try to run malicious software).. its a no longer 'just' a software problem. its a network problem if that problem affects different users across the network

bitcoin. for people paying and receiving in bitcoin on the bitcoin network there are network rules.. that prevent many many payment attacks

EG
 if different people were to pay a user of 0.01btc (recipient uses say electrum)
an electrum server cant fake that to make the electrum user only get confirmed 0.0000001

however in LN of nodes where recipient of funds is d
      x    y
      |     |
      v     v
A->b->c->d

where abczx was to pay d.. C can abuse d's receipt and d ends up with loss

...
if the problem is about one users interaction, where the problem is not about the payment but the users storage. where the risk is his own wife using his client.. . then that is a local software problem

as for capslock

if users across the planet can abuse another user somewhere else, by fake paying them 1xx,xxx,zzz amount that
look as being paid 1,000sat at a network set rate of 1:1000 yet the user settling up only gets 1sat

its not a rounding error(remove the z)
its a conversion error(zx total is divided by more then 1000)
emphasis
1,xxx,xxx,zzz msat
dividing by more then 1000 = more than the z being cut off

oh and there is no network enforced rate. because the network is not enforcing it. instead its advising/suggesting software use that rate. but has no rules to enforce it. .. but could, but chooses not to have a sanity check mechanism

[n0nce]

Every time that channel goes over another 1000 millisats, the receiving side has earned another 1 SAT.  Locked in.  Will settle. 

That's not his issue. He's talking about an attack that modifies the 1000 msat multiplier to e.g. 10 - so if I send you 2000 msat, your wallet thinks you got 2000sat instead of 2 - and the channel close would just give you 2 sat, of course.

It´s incredible how much time people can spend with Frankies confused drivel. Face it guys: He doesn´t know shit about the Lightning network!
He is the Master Troll of bitcointalk.org.

He is actually currently making argument after argument about the horror of rounding down to the nearest $0.000169 on channel close.  Bitcoin can do a 1000x and we will still just be rounding down to less than nearest quarter the USD value.  Lol.

He's actually not; he's arguing that if you installed a client software that does the msat <> sat conversion wrong (e.g. by a factor of 1000), and opened a channel with the same person who gave you this wallet software, the amount of sats shown in GUI would be different (higher) than what will later be settled on-chain when closing the channel.
Which I find really far-fetched as attackers could just steal the seed or do other attacks if they can get you to trust your keys to their software.

bitcoin. for people paying and receiving in bitcoin on the bitcoin network there are network rules.. that prevent many many payment attacks

Don't prevent the attack you're still talking about, though.
I'll say it again: if you can get a user to install your wallet, which has measures in place that help you steal their funds, you can do that on L1 just as well as on L2.

How exactly:
(1) On L1: Seed exfiltration. You send them a wallet to use, that sends their seed to your server. Whenever you feel like it, you can use that to steal all their money.
(2) On L2: Seed exfiltration or modified msat multiplier. You can do the same attack like (1) to steal their LN wallet's onchain funds, as well as modifying the msat multiplier and opening a channel with them, like you describe. One way they could notice though, is that any other (legitimate) channel partner's payments will look 10x higher or 100x higher (whatever multiplier you chose) than they should be.

if different people were to pay a user of 0.01btc (recipient uses say electrum)
an electrum server cant fake that to make the electrum user only get confirmed 0.0000001

The Electrum server can fake it; of course the user can verify with a blockchain explorer (which could also fake it, though).
And especially the client can fake it. Which is what we've been talking about here. If I give you a malicious LN client, I can also give you a malicious L1 client. Under the premise of 'simplicity', I could also code it in a way that it doesn't display transaction IDs; and there you have it - no way to check with a trusted blockchain explorer, either.

[DooMAD]

if different people were to pay a user of 0.01btc (recipient uses say electrum)
an electrum server cant fake that to make the electrum user only get confirmed 0.0000001

The Electrum server can fake it; of course the user can verify with a blockchain explorer (which could also fake it, though).
And especially the client can fake it. Which is what we've been talking about here. If I give you a malicious LN client, I can also give you a malicious L1 client. Under the premise of 'simplicity', I could also code it in a way that it doesn't display transaction IDs; and there you have it - no way to check with a trusted blockchain explorer, either.

Precisely.  His argument that malicious software is somehow a bigger threat because LN doesn't have a global consensus mechanism is deeply flawed.  Consensus can do a great many things, but it can't protect you from malware, viruses and other nefarious programs.  It's fair to say there's a steeper learning curve to use LN, so it might be a case where newer users are more susceptible to falling victim to scams in an environment they are likely less familiar with.  But then, that would have also been a valid argument for the earliest adopters of Bitcoin itself to avoid getting involved in the first place.  So it effectively amounts to fear-mongering.  "Don't try the scary new thing".  And it only looks more disingenuous when combined with his views on developers and freedom in general.  The bias is palpable.

If a narcissist isn't happy, they'll try to make everyone around them as unhappy as they are.  That's franky1 in a nutshell.  He's not happy, so he has to make everyone else's life an utter misery by acting like an obsessive-compulsive weirdo all the time.  Even if he had a valid point (and he doesn't), he wouldn't be able to make it without being completely obnoxious, alienating others and isolating himself. 

In a setting where security is achieved through mutual cooperation, you'd think he'd have a better appreciation for learning how to work with others.   

[BlackHatCoiner]

where abczx was to pay d.. C can abuse d's receipt and d ends up with loss

What the hell is a lightning receipt? Speak according to the glossary. Do you mean that C can alter the script A has signed (which says that it pays D an amount under that one condition) and steal money from D?

Don't prevent the attack you're still talking about, though.

To fully comprehend franky's nonsense, you have to read one of his posts wherein he explains that running a pruned node is less secure, because an attacker can compromise your machine and alter the UTXO set. It doesn't even pass the laugh test:

pruned nodes validity of the UTXOset is only as good as the date it added the UTXO to it. if there is a hack, bug. you cant just copy and paste the UTXO set to a new computer and continue. you have to re download the entire blockchain again to ensure things did not change. the UTXO set has no hash to confirm or deny changes occured due to hacks or bugs of someones node. and thus no hash to compare to other persons versions to verify you al have the same set.
pruning is a network security risk of conformity(consensus of confirmed immutable utxo's)
pruning removes the immutable security part

[cAPSLOCK]

He's actually not; he's arguing that if you installed a client software that does the msat <> sat conversion wrong (e.g. by a factor of 1000), and opened a channel with the same person who gave you this wallet software, the amount of sats shown in GUI would be different (higher) than what will later be settled on-chain when closing the channel.
Which I find really far-fetched as attackers could just steal the seed or do other attacks if they can get you to trust your keys to their software.

Thats so much more stupidly convoluted it was hard for me to tease of of his rantings...  Ah well.  I have returned to the peace of ignoring him. lol.

[franky1]

oh angelo..
pruned node is not a full node. but ill leave you to cry and enjoy your fool node

as for LN's lack of consensus. its funny how there are ways on LN to fix issues but you lot dont even care to admit there is issues to even want to discuss fixes.. all you want is mass adoption of users to then have them lose value and you blame it on softwware

a good payment system has network security to reduce possible threats and if there are threats that can be removed via some network effect protocols. that network should use them to protect users.. by avoiding a security option says more about your lack of care than it does about people making you aware of issus.

anyways
ok the 4 lemmings want to play ignorant.. says alot about their care for their network

ill leave them to brush it under the carpet and leave them to live in their ignorance because all they want to do is shout loud how they think that bitcoin is broke and LN is the solution. yet its LN that has the major flaws and they are not even willing to discuss the problem or think of fixes, they just want to pretend they cannot understand what i am saying by avoiding the context just to troll about how im not using their preferred glossary of terms buzzwords they favour to describe their favoured system which they dont even fully know whats happening under the gui..

and thats why ill continue to call them the idiot fangirls of a broken network

have a good month. just stay on your network and stop trying to polute the bitcoin network with your subtly deceptive games to try getting people to stop supporting the bitcoin network

have fun

[DooMAD]

its funny how there are ways on LN to fix issues but you lot dont even care to admit there is issues to even want to discuss fixes

Every "fix" you've ever proposed to Bitcoin seems to involve some downright draconian nonsense and is immediately disregarded by anyone who isn't a totalitarian wingnut.  I've no doubt the same would apply to anything you propose for LN.  Assuming you even understood LN well enough to propose fixes, that is.  Pretty sure you don't.  

It is widely known and accepted that off-chain has a different security model to on-chain.   However, that does not mean anyone will accept your hypocritical nonsense, resorting to lame fear-mongering about malicious software affecting off-chain transactions when exactly the same argument can be made for on-chain transactions.  No one would ever use anything if everyone had your level of paranoia.

Every time you argue that malicious software can cause Lightning users to lose funds, you are simultaneously making the argument that malicious software can cause regular Bitcoin users to lose funds.  If you're quite finished failing to convince anyone of anything, we'd like the topic restored to rational discussion now.


//EDIT:

LN is not better then bitcoin

No one said it was, you obnoxious, gaslighting piece of fucking shit.  LN is an optional add-on which may benefit you in some circumstances.  It isn't designed to replace Bitcoin, so shut the fuck up, you loathsome, pathetic, deceitful faecal blemish.