Lightning is getting easier to use every day, leading to a lot of exciting services being built on top of it as they should be. But while better documentation and API bindings make it easy to use for even inexperienced developers there are still a few rough edges to be aware of or else one may become the target of attackers. One of these will be the topic of this article: fee handling for custodial lightning accounts.
Even though I agree on a philosophical basis that this shouldn't be an article I have to write because people are supposed not to trust custodial solutions, this is not the reality we live in. For a variety of reasons including UX, maintenance effort and available know how custodial solutions integrating lightning are often preferable, especially for small amounts of money.
Many Arguments can be made in favor of second layers to bitcoin. The most common ones are efficiency, privacy and speed. For a long time I too thought these were the most important reasons. But during a recent twitter conversation with some BSV shills rehashing fork dynamics something else occurred to me: to successfully defend against a majority of miners trying to strong arm the community into accepting new rules we need to be able to carry on without the ability to transact on chain (or at least for much higher prices) for a period of time.
I recently released Lightning Shell, a service to book access to a docker container with root access using Bitcoin's Lightning Network. It's meant for people who want to try out possibly untrusted software without polluting their system. In a future iteration I could also imagine self hosting Apps that book containers over an API, but that's still far from becoming reality.
Back in September I attended the 3rd Lightning Network Hackday in Berlin organized by fulmo. It was a rather loose gathering of people working on all sorts of Bitcoin and Lightning related projects. One of the most fun applications of Lightning I saw there was a little electronic candy dispenser. The concept was simple but yet fascinating: a Raspberry Pi, embedded in the candy dispenser, ran lnd and served a website with an invoice displayed as QR code. Every time one sent money some M&Ms dropped out of the machine and a new invoice was generated. This turned out to be so much fun that I decided to build one myself.