I’m joined by guests Craig Raw, Odell & Rijndael to go through the list.

Listen on your favorite podcast app:

Housekeeping

Vulnerability Disclosures

  • 00:10:42 A phishing email is being sent out impersonating Blockstream [Blockstream]
    • “DO NOT click on any suspicious emails claiming to be from Blockstream. Blockstream will NEVER ask for personal information via email.”
    • “NEVER enter your seed phrase online or share it with anyone, even if they claim to be from the Blockstream support team.”
    • “You should only update your Jade firmware through the Blockstream Green wallet application or our dedicated firmware website.”
  • 00:12:19 Fake Ledger Live app in Microsoft Store stole $768,000 in crypto [Bleeping Computer]
    • Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets.
  • 00:12:52 The Apple AppStore for iOS has published a range of fraudulent bitcoin wallet apps including Electrum Wallet Management [Oscar P]
    • Similar apps all using the same scam:
    • “LUMI WALLET MANAGEMENT”
    • “SAMOURAIWALLET MANAGEMENT”
    • “JAXX LIBERTY TRADE”
    • “JAXX LIBERTY WALLET MANAGEMENT”
    • “FANTOM WALLET MANAGEMENT”
    • “AAVE PROTOCOL ASSETS TRADE”
  • 00:17:01 No Fault injection but secure-boot bypass on ESP32 just by swapping CS line. [Arun Magesh]
  • 00:19:33 Every single Raspberry Pi 5 is given a unique identification number, laser-etched on to the board
  • 00:25:35 Rick Messitt 25 BTC hacked from self hosted password manager

Bitcoin

Software Releases & Project Updates

  • 00:55:29 COLDCARD Edge 6.2.1X (2023-10-26)
    • New Feature: Enroll Miniscript wallet via USB (requires ckcc v1.4.0)
    • New Feature: Temporary Seed from COLDCARD encrypted backup
    • Enhancement: Add current temporary seed to Seed Vault from within Seed Vault menu. If current active temporary seed is not saved yet, Add current tmp menu item is present in Seed Vault menu.
    • Reorg: 12 Words menu option preferred on the top of the menu in all the seed menus
    • Enhancement: Mainnet/Testnet separation. Only show wallets for current active chain. contains all the changes from the newest stable 5.2.0-mk4 firmware
  • 00:34:35 Sparrow 1.8.0 (2023-11-09)
    • Add a figure caption to the overview diagram on a transaction tab to describe the transaction
    • Enlarge the QR display dialog and increase the default QR code density
    • Add Search All Wallets functionality to the View menu to search across all open wallets
    • Add airgapped message signing via QR
    • Increase the gap limit where necessary to sign a PSBT where its global xpubs match an open wallet
    • Add fee rate selection slider to the Private Key Sweep dialog
    • Add a Scan button to QR display dialog to progress immediately to scanning
    • Support opening multiple wallet or transaction files at once
    • When searching, show transactions with a matching output address if a full address is provided
    • Add Satochip card support as an airgapped or connected hardware wallet (@Toporin)
    • Add Krux as an airgapped hardware wallet
    • Temporarily disconnect from Whirlpool if the wallet gap limit is increasing rapidly during mixing due to network issues
    • Add Whirlpool Postmix to the list of possible accounts that can be added to any Legacy or Segwit wallet
    • Add additional testnet public server qtornado.com
    • Freeze and unfreeze UTXOs in Sparrow Terminal by pressing f on the UTXOs table
    • Check and indicate in the title bar if a proxy is configured and working in Sparrow Terminal
    • Add keyboard shortcut cmd+alt+arrow on MacOS to switch tabs (ctrl+pageup/pagedown already works on all platforms)
    • Select all text in the message sign signature field on mouse click
    • Reload Cormorant wallet if unloaded when polling Bitcoin Core
    • Support hexadecimal Border Wallets grid PDFs
    • Improve fullscreen behaviour by setting dialog ownership to parent window
    • Add duplicate payment address warning to transaction diagram
    • Display an error message when attempting to mix from account 0 and it is not the master wallet
    • Remove block hash from transaction tab fields, add to context menu for block height and timestamp
    • Add Bisq segwit custom derivation to mnemonic wallet discovery
  • 00:58:01 Liana v3.0: Terceira (2023-11-02)
    • Two new optional parameters were introduced to the listcoins command to be able to filter coins by status (confirmed, spent, etc..) and outpoints (to query specific coins).
    • Updated the “quick try” guide to make use of the managed bitcoind. Trying out Liana on Signet is now easier than ever!
    • GUI-specific:
    • You can now use the BitBox02 signing device. The minimum supported version of the firmware is v9.15.0.
    • It’s now possible to label coins and payments (that is, a transactions output). It’s also possible to label batches of payments (that is, a transaction itself) and addresses.
    • The number of steps in the installer was reduced by dropping the final confirmation screen.
    • All text inputs are now sanitized to remove whitespaces.
    • Various loading screens at startup were updated to include more information.
    • The transaction fee rate is now displayed in addition to the absolute fee in the details.
    • The managed bitcoind version was bumped to 25.1 for new installations.
  • 00:58:49 Electrs 0.10.1 (Nov 01 2023)
    • Fix build failure on Raspberry Pi 4 (32bit) (#940)
    • Return first txid-matching transaction (#933)
    • Add txid collision scanner (#928)
    • Optimize indexing via bitcoin_slices (#927)
    • Optimize index querying via bitcoin_slices (#913)
    • Avoid precompiled ‘serde_derive’ >=1.0.172 (#924)
    • Allow exiting mempool sync on SIGINT (#917)
    • Allow skipping merkle proof downloads in history.py (#915)
    • Remove IndexResult and index into db::WriteBatch (#914)
    • Dockerfile: re-add curl for the second time, so it can be used for docker health checks (#912)
    • Reuse buffer in p2p handling (#910)
    • Preallocate serialized vector of HashPrefixRow (#909)
    • Less verbose logging when bitcoind is warming up (#908)
    • Drop Cirrus CI due to flakiness (#948)
  • 1:01:07 Blockstream Green IOS [v1.4.18]
  • 1:01:16 Nodeyez v23.10
    • New Panel: Geyser Fund panel spotlights a randomly selected project. The name, description, image, and tags are displayed along with a QR code that can be scanned to go to the projects page. Configuration allows for selecting the specific tags (categories) from which to select projects.
  • 1:01:32 Padawan Wallet v0.12.0
    • This version comes with support for the app entirely in Spanish

Project spotlight

  • 1:08:24 Bitescrow [Website/Github]: Core library for implenting the escrow protocol.
    • Features:
    • Method libraries for the proposal, contract, and settlement rounds of the protocol.
    • Multi-platform client with minimal dependencies.
    • Run-time schema validation (using zod).
    • Showcases the power of taproot and musig2.
    • E2E test suite with native Bitcoin Core integration.
    • Beta program is officially launched
      • bitescrow.app: Non-Custodial, No-KYC, Lightning-enabled Bitcoin Escrow
  • 1:09:33 Bitcoindev.org: Bitcoin & Lightning Development Resources by Vortex
    • Grab the latest Libraries, SDKs, and APIs in your favorite programming languages.
  • 1:09:40 bitcoin-scriptexec by @stevenroose3- A Rust library for executing Bitcoin Script.
  • 1:11:14 Seedle39 by @Fichte42: A word puzzle game where you have 5 attempts to guess the chosen BIP 39 seed word.
  • 1:11:40 Opcode Explained by thunderbiscuit: A small encyclopedia of opcodes
    • The goal of the website is to become a reference point that can be used to learn about opcodes of course, but also to be a resource you can always point to when writing formal documentation and referencing opcodes
    • Contribute on Github
  • 1:12:06 Cubit from @nabi_technology: A Powerful and Reliable x86 Microserver That Makes Running Your Own Node Hassle-Free
    • Powered by the Intel Celeron N5105 (4+ times faster than the Raspberry Pi 4)
    • 16GB of DDR4 RAM, expandable up to 64GB
    • Dual port 2.5 Gb Ethernet for fast data transfers
    • 4 USB ports
    • 1 SSD NVMe drive for extreme speed
    • and 2 SATA ports to give you the peace of mind that comes with RAID (Learn More)
    • Compact and Minimalist Design
    • Features:
    • Secure your data at home by running your own Nextcloud server.
    • Become uncensorable by running your Nostr Relay, Matrix server and your Decentralized Web Node.
    • Protect your online privacy by configuring a secure VPN, block any ads, and self host everything
    • Promo video
  • 1:15:14 BitChimney Space Heater
    • 20/240V, Plug & Play, Low Noise, WiFi Space Heater Based on a single Antminer S19 hashboard, APW3++ PSU & Loki Kit, BitChimney is designed to plug into household power outlets & provides heat while earning Bitcoin rewards
    • Runs on 110V-240V Input Voltage
    • Plug and Play
    • Wifi-Enabled
    • PSU included
    • Utilizes Loki Kit by Pivotal Pleb Tech
    • Bitchimney ships fully assembled & only needs WiFi & mining pool credentials for setup.

Lightning + L2+

Software Releases & Project Updates

  • 1:15:37 Blixt v0.6.9
    • Highlights:
    • Simple Taproot Channels support
    • New robust Tor implementation for Android
    • Support for a bunch of new languages.
    • New Persistent Mode on Android - keep Blixt Wallet running all the time in the background
    • Common:
    • Updated to lnd 0.17.1 rc3
    • Speedloader has been improved with support for bsdiff patches (This means you won’t have to download the full channel database for each sync, resulting in speedier syncs)
    • Zero confirmation channels is now supported on Dunder LSP
    • Added support Simple Taproot Channels for manual channel openings (Simple Taproot Channels will be enabled for Dunder LSP too in the near future)
    • Chain filter syncing should be substantially faster, as a part of Neutrino performance improvements in lnd 0.17.0
    • New languages: Czech, Danish, Finnish, Hindi, Korean, Norwegian, Persian, Romanian, Traditional Chinese, Simplified Chinese, Swahili and Kenyan Swahili.
    • Changed the camera lib to react-native-vision-camera - should be more performant and offers faster QR code scanning
    • Receiving onchain via Taproot is enabled by default
    • Long-press on the “Generate address” button to generate a SegWit address
    • Upgraded react-native to version 0.72.6. This has resulted in faster startup times
    • Added the ability to set a custom preimage for invoices. Enable this feature in settings
    • Added the ability to set outgoing channel when paying an invoice
    • Added the ability to change speedloader server
    • Added “Force close delay” information to Lightning channel info boxes
    • Increase recovery window to 500 addresses when recovering wallets.
    • Android:
    • New Tor implementation - More robust and reliable.
    • Persistent Mode:
    • In this mode, Blixt Wallet and lnd will run persistently in the background. (Can be useful for when you’re awaiting payments.)
    • Also lets you always keep in sync with the Bitcoin chain, making spontaneous payments really quick.
    • In the near future, we will allow Lightning Address support for any user running Persistent Mode, via the service Lightning Box. (Note: This may affect your battery life depending on the device.)
    • Explicit build only for arm64-v8a. This has resulted in slightly smaller APK sizes
  • 1:15:52 Zeus
    • v0.8.0-beta3
    • New branding
    • Korean language support
    • v0.8.0-beta2
    • Embedded LND node
    • OLYMPUS by ZEUS 0-conf channel service
    • ZEUS PAY self-custodial lightning addresses, using Zaplocker
    • Simple Taproot Channels
    • Contact book
  • 1:16:04 Phoenix
    • 2.0.7
    • Add button in receive screen to open scanner and read LNURL withdrawals requests
    • v2.0.6
    • Remove metadata validation when paying through LNURL
  • 1:16:14 Mutiny Node
    • v0.4.28
    • Adds onion message routing. This will eventually be used for Bolt12 support.
    • v0.4.29
    • Try to prevent closes that result in loss funds
    • Remove fee limit on spends
    • Improve startup speed
  • 1:16:29 LN Wallet APIs/LSPs
    • Blink API
    • Integrate Bitcoin and Lightning payments into projects.
    • Allows for onchain and Layer two Lightning payments in Bitcoin or USD.
    • Key Features:
    • Instant transactions – no waiting for funds to arrive
    • Final settlement – no more chargebacks
    • Low cost – save 2-5% compared to credit cards
    • Micropayments – no minimum payment amount
    • Interoperability – permissionless payment network
    • Zero fee for Blink-to-Blink transactions
    • Breez SDK Core
    • v0.2.9
    • Publish python package
    • Introduce max_reverse_swap_amount to allow draining all channels when sending on-chain.
    • Extend payment type filter to include ClosedChannels.
    • Introduce prepare_sweep to estimate the sweep transaction fee.
    • Introduce prepare_refund to estimate the refund transaction fee.
    • Improve error handling and specifying error code in exceptions and errors.
    • Include SwapInfo in Payment.
    • Add payment hash to lnurl_pay.
    • Auto-discovery for default LSP.
    • v0.2.7
    • Add Getinfo command
    • Support paging in list payments - Thank you @dleutenegger
    • Add optional claim_txid and lock_txid to ReverseSwapInfo
    • Add closing_txid to closed channels received in payments list
    • Use millisatoshi instead of satoshi for lightning amounts.
    • Improve sync and sending payments performance
  • Taproot Assets v0.3.1
    • Daemon Config Enhancements:
    • Users can now configure PostgreSQL database settings from the command line.
    • RPC Enhancements:
    • The txid of the batch is now returned with the MintingBatch for tapcli assets mint finalize.
    • Users can specify a custom proof courier on the CLI.
    • gRPC max message size increased.
    • Universe Sync Improvements
    • Default Universe sync algorithm now follows an “on demand” approach.
    • Added new caches to Universe-related RPC calls for improved performance.
    • Optimized the call to fetch all Universe roots.
    • Less Debug Logging
    • Reduced debug logging for the Universe sync process.
  • 1:23:01 Torq v1.4.1
    • Possibility to copy a view
    • Add payment request to payments page
    • Closed channels sometimes reappeared as active when delayed gossip was processed
    • Pagination indicated to many pages when filtering
    • You can now choose refresh interval for each list view
    • Fix turnover layout and calculation
    • Channel filter “Active” is now true when both sides of the channel are active (used to be local side only)
    • Improvements on channel inspect page:
    • Show channel open and close dates on charts
    • Added basic channel info
    • Indicators if data is loading
  • 1:23:05 BitBanana v0.6.8
    • Stealth mode (hide app on device)
    • Option to hide all balances
    • Support for custom (self-hosted) Block Explorers
    • Additionally we improved some other things:
    • Updated Block Explorer list
  • 1:23:09 10101 v1.5.0
    • Allow to drain on-chain wallet by sending amount 0.
    • Load persisted rust-dlc ChainMonitor on restart.
    • Upgrade rust-lightning to version 0.0.116.
    • Charge channel opening fee through the lsp flow
    • Allow to configure tx fee rate when opening channels from the coordinator
  • 1:23:13 Minibits 0.1.3-tor-beta.6
    • Minibits becomes full member of Lightning ecosystem:
    • Reacts to lightning, cashu, lnurlw and lnurlp deeplinks
    • Allows paying to static QR codes, links and lightning addresses, including NOSTR zaps (LNURL Pay)
    • Allows withdrawals into the wallet from services supporting LNURL Withdraw
    • Univarsal .APK of Minibits now has its own Tor daemon, that allows to connect to the mints with .onion addresses. Mints thus does not know the IP address of the interacting wallet. Another neat usecase is to run your own mint without the need to have public IP address and domain. You can expose it via Tor service that the wallet can connect to without additional networking setup.
  • 1:23:20 rust-lightning 0.0.118 - “Just the Twelve Sinks”
    • API Updates:
    • BOLT12 sending and receiving is now supported as an alpha feature. You may run into unexpected issues and will need to have a direct connection with the offer’s blinded path introduction points as messages are not yet routed.
    • ConfirmationTarget has been rewritten to provide information about the specific use LDK needs the feerate estimate for, rather than the generic low-, medium-, and high-priority estimates. This allows LDK users to more accurately target their feerate estimates.
    • lightning-invoice payment utilities now take a Deref to AChannelManager.
    • peel_onion is provided to statelessly decode an OnionMessage.
    • ToSocketAddrs + Display are now impl’d for SocketAddress.
    • Display is now implemented for OutPoint.
    • Features::from_be_bytes is now provided.
    • Node Compatibility:
    • LDK now sends a bogus channel_reestablish message to peers when they ask to resume an unknown channel. This should cause LND nodes to force-close and broadcast the latest channel state to the chain. In order to trigger this when we wish to force-close a channel, LDK now disconnects immediately after sending a channel-closing error message. This should result in cooperative peers also working to confirm the latest commitment transaction when we wish to force-close.
    • Security:
    • Expands mitigations against transaction cycling attacks to non-anchor channels, though note that no mitigations which exist today are considered robust to prevent the class of attacks.
    • In order to mitigate against transaction cycling attacks, non-anchor HTLC transactions are now properly re-signed before broadcasting.
  • 1:23:49 Wallby v0.10.4
    • Now available on iOS
    • Features:
    • Bitcoin wallet;
    • Liquid Network wallet with token and NFT support;
    • Rootstock wallet with Sovryn integration for tokens and liquidity pools.
  • 1:23:58 Alby + Zaprite
    • You can now link your Alby wallet to Zaprite to start accepting bitcoin payments over the lightning network
  • Nayuta Wallet is now open source
  • Stacker News introduces image uploading
  • Blockstream Green iOS v4.0.18
    • Lightning support LNURL withdraw
    • Lightning Shortcuts

Project spotlight

  • 1:24:19 LNESIM
    • Instantly buy travel eSIM with Bitcoin Lightning Network
    • No KYC or email required
  • 1:24:25 cipherchat.app by secondl1ght: Encrypted messaging over the bitcoin lightning network
    • Free and open source
    • Can be self-hosted
    • Only requires browser to run web app
    • Connect lightning node via LNC & pairing phrase from Lightning Terminal
    • Tech stack: Svelt kit, Typescript, Tailwind, dexie.js, node.js
    • Writeup on [lightningnetwork.plus]
    • How it functions:
    • Users connect their Lightning node to the app through Lightning Node Connect (LNC), utilizing a pairing phrase from the Lightning Terminal. This process establishes an end-to-end encrypted connection between the user’s node and the web app, facilitated by an LNC Mailbox relay proxy server. Communication occurs through keysend payments, each carrying a message, ensuring a secure and private exchange of information.
    • Innovative Features for Enhanced Experience:
    • Spam protection: Leverages the inherent ‘proof-of-work’ of setting up a Lightning node and the costs associated with messages to deter spam. Users can start conversations easily with just another node’s pubkey and explore public nodes through platforms like LN+’s Explorer.
    • Compatability:
    • Currently, the app is tailored for LND and is not compatible with Core Lightning, but it stands interoperable with other Lightning messaging apps that adhere to established standards.
  • 1:24:48 Lifpay Bitcoin Lightning wallet [iOS / Android]
    • Customize your LN address with your name, i.e. your_name@lifpay.me
    • Single Balance: Make all Bitcoin and Lightning send from a single balance.
    • Account sync: Single account matches App and Web with auto-sync transaction data.
    • Notifications: Get notified of all you are sending or receiving.
    • Simple layout
  • 1:24:53 getbit.money: Send money from the USA 🇺🇸 to India 🇮🇳 instantly with the magic of the lightning network
  • 1:25:02 Plasma from Fonta1n3: Core Lightning Wallet powered by LNSocket
    • Features:
    • LNSocket/LNLink for connecting to your node.
    • Export LNLink for sharing your node (can be used with fine grained runes).
    • Bolt12 send/receive
    • Bolt11 send/receive
    • Taproot addresses for onchain deposits
    • Onchain send and receive
    • Payment history
    • Onchain UTXOs
    • Add channels
    • Rebalance channels

Nostr

Software Releases & Project Updates

  • NIP-88: Recurring Subscriptions drafted by Pablo
    • This NIP defines a way for a pubkey to create recurring subscription payments to another pubkey.
  • 1:25:45 rust-nostr v0.25.0
    • add extra nip11 fields
    • Negentropy Syncing
    • Custom time of reconnect options added
    • sdk: allow to change Keys
    • sdk: fix stop and start
    • sdk: fix pong not match if connect method called multiple times
    • sdk: add Limits
    • Filters
    • Impl Display and FromStr for Method
  • 1:25:59 Damus
    • 1.6-25
    • Add setting that allows users to optionally disable the new profile action sheet feature
    • Add follow button to profile action sheet
    • Added reaction counters to nostrdb
    • Record when profile is last fetched in nostrdb
    • 1.6-24
    • Improve discoverability of profile zaps with zappability badges and profile action sheets
    • Add suggested hashtags to universe view
    • Suggest first post during onboarding
    • Add expiry date for images in cache to be auto-deleted after a preset time to save space on storage
    • Add QR scan nsec logins
  • 1:26:04 Primal
    • Android v0.20.4
    • Implemented Direct Messages
    • Implemented Feed settings screen
    • Implemented Mute User feature
    • Local database encryption
    • Visual revamp
    • iOS 0.90.3
    • Visual overhaul
    • Settings: network
    • Improved startup time
    • Notifications tabs
    • Profile tabs
  • 1:26:20 Amethyst v0.80.7
    • Migrates external sharing service to njump.me
    • Adds support for Greek, Indonesian, Spanish & Arabic translations
    • Updates Kotlin compiler version
    • Removes a recomposition between the started state and the isOnline state that is already cached.
    • Migrates the check if stream is online to a single compose object.
    • Forces relay reconnection when a new WIFI service is available
    • Fixing translations of the that create the same message but with different character cases
    • Refines the layout of Author Pictures for performance
    • Refines layout of URL Previews for performance
    • Refines the padding of chat messages and reaction row
  • 1:26:28 Nos.social
    • v0.1 (93)
    • Added a confirmation before reposting a note.
    • Added the ability to delete your reposts by tapping the repost button again.
    • v0.1 (92)
    • Show reposts in stories.
    • v0.1 (88)
    • Added a content warning when a user you follow has reported the content
    • 0.1 (86)
    • Changed copied links to notes and authors to open in njump.me.
    • Added the ability to initiate USBC transactions and check your balance if you have linked a Universal Name to your profile with an attached USBC wallet.
    • 0.1 (84)
    • Add Stories view to the Home Feed
    • Redesigned the Universal Names registration flow
  • 1:26:31 Highlighter 2.0
    • Data-vending-machine support: you can now very easily highlight podcasts and video content in a text-native way.
    • Patreon support: You can now create RECURRING subscriptions to support your favorite creators and shitposters. I will say a lot more about this and a follow up with a NIP to standardize and help other builders disrupt Patreon and bring creators of all kinds to Nostr easier and more compelling.
    • Zap-splits: Zapping a highlight creates a split on everybody involved in you seeing that content.
    • Curation: You can now create curations of articles and earn zap splits for your curation efforts.
    • NIP-32 Labels: categorize highlights and “margin notes” with any category
    • Full text support: Find what interests you across any topic in any type of event in nostr.
  • 1:26:42 Mostro
    • v0.8.9
    • Added configurable interval for user rate send events
    • v0.8.8
    • New scheduler
    • Publish dispute event
    • Add new function to handle bytes to string
  • 1:26:48 Current iOS v0.1.4-Palo Verde
    • Chat with PlebAI - Plebs version of chatGPT. PlebAI exclusively connects to open-source, large language models.
  • 1:27:02 0xchat v1.2.2-beta.2
    • Add support for NIP42
    • Add multilingual support for group chats
  • 1:27:06 Lume
    • v2.0.0
    • Redesign UI
    • Use Harmony color palette (source)
    • Use media-chrome for video player
    • Support Light and Dark Mode based on system
    • Support nsecBunker
    • Support outbox model
    • Migrate from custom secure storage (tauri-stronghold) to native secure storage (keyring-rs)
    • Improve native notification
    • New composer support write text, article (long-form content) note and file sharing (NIP-94)
    • Upgrade to Tauri v2
    • Add Nix dev environment
    • v2.0.1
    • Added keyboard navigation to widget list, using Arrow Left and Right to navigate
    • Added new event cache system, powered by NDK and Tauri SQLite
    • Added infinite loading to all widgets
    • Improved performance and loading time

Project spotlight

  • 1:27:15 Nostr Assets: LightningFi on Nostr
    • Send, Receive & Trade #Taproot Assets & #Bitcoin
  • 1:33:03 Flockstr
    • Uses the NIP-52 kinds to create a meetup.com/eventbrite-style experience on Nostr.
    • Users can create calendar events, share announcements, RSVP to events, and much more.
    • Soon to integrate lightning to handle paid events and ticketing.
    • Built as a progressive web app
    • Demo
    • Seeking feedback.
    • Bounty: 100K sats to integrate Flockstr’s events (Meetup Calendars) on Amethyst by Vitor
  • 1:33:43 Nostter: Twitter clone built on Nostr
  • 1:33:50 Nostr feature matrix
    • Compendium of nostr clients and known features.
    • Github
  • 1:34:34 [nostrudel(https://nostrudel.ninja/): Nostr web client

Privacy Software

Software Releases & Project Updates

  • 1:34:39 StartOS v0.3.5.1
    • Moved from source available to fully open-source MIT license
    • Ditch Docker, replace with Podman
    • Remove locking behavior from PatchDB and optimize
    • Boost efficiency of service manager
    • Require HTTPS on LAN, and improve setup flow for trusting Root CA
    • Better default privacy settings for Firefox kiosk mode
    • Eliminate memory leak from Javascript runtime
  • 1:35:54 Unleashed Chat
    • One button to deploy your own chat. Own your data. Private. Uncensored. Fast.

Boosts

  • 1:42:13 Thanks to everyone who streamed sats, and shoutout to our top boosters:
    • [🏆 TOP BOOSTER] @hgw39 (20,000 sats) “yo nvk. just so you know there’s some resistance to all the totalitarian shit going on in New Zealand I wrote this especially for you. The Bitcoin scene in New Zealand in 2023.
    • @apemithrandir (7,777 sats) “v4v”
    • @vake (4,000 sats) “bitcoin is boring and nothing happens”
    • @mrmr (1,209 sats) “” … Proof of fist.” sounds like a must listen.”
    • @dubravko (2,110 sats) ““Face to face. Proof of fist.” 😂🤣😂🤣😂🤣”
    • @heidisov (2,100 sats) “F$@& sleep meds…my husband told me I should just listen to a soothing podcast to deal with a recent bout of insomnia …I told him I have just the one…”
    • @sovereignindividual (2,100 sats) “Good”

Bitcoin Optech Newsletter

  • 1:43:27 Highlights from recent Bitcoin Optech Newsletters
    • 274
    • Replacement cycling vulnerability against HTLCs:
    • Since the replacement cycling vulnerability disclosure, implementations have been updated to include mitigations for the attack and we strongly recommend upgrading to the latest version of your preferred LN software. Only nodes being used to forward payments are affected; users who only use their channels to initiate and receive payments are not affected.
    • Deployed mitigations in LN nodes for replacement cycling
    • Frequent rebroadcasting
      • After a relay node’s mempool has Bob’s spend replaced by Mallory’s spend, and then has Mallory’s input removed by Mallory’s second replacement, that relay node will immediately be willing to accept Bob’s spend again. All Bob needs to do is re-broadcast his spend, which costs him nothing beyond the transaction fee he was already willing to pay.
    • Longer CLTV expiry deltas
      • When Bob accepts an HTLC from MalloryA, he agrees to allow her to claim an onchain refund after a certain number of blocks (let’s say 200 blocks). When Bob offers an equivalent HTLC to MalloryB, she allows him to claim a refund after a smaller number of blocks (let’s say, 100 blocks). Those expiry conditions are written using the OP_CHECKLOCKTIMEVERIFY (CLTV) opcode, so the delta between them is called the CLTV expiry delta.
    • Mempool scanning
      • To initiate a replacement cycle, Mallory still needs to briefly disclose her preimage to miner mempools in order to replace Bob’s spend. If Bob runs a relaying full node, Mallory’s preimage transaction may propagate across the network to Bob’s node. If Bob then detects the preimage before he’s due to give MalloryA a refund, the attack is defeated and Mallory loses any money she spent on attempting it.
    • Discussion of mitigation effectiveness
      • Riard’s initial announcement said, “I believe replacement cycling attacks are still practical for advanced attackers.” Matt Corallo wrote, “the deployed mitigations are not expected to fix this issue; its arguable if they provide anything more than a PR statement.” Olaoluwa Osuntokun argued, “[in my opinion], this is a rather fragile attack, which requires: per-node setup, extremely precise timing and execution, non-confirming superposition of all transactions, and instant propagation across the entire network”.
    • Proposed additional mitigations for replacement cycling:
    • Incrementing fees towards scorched earth
      • Antoine Riard’s paper about the attack and mailing list posts by Ziggie and Matt Morehouse suggest that, instead of having the defender (e.g. Bob) just rebroadcast his refund spend, he starts broadcasting conflicting alternative spends that pay ever-increasing feerates as the deadline approaches with the upstream attacker (e.g. MalloryA).
    • Automatic retrying of past transactions
      • Corallo suggested that, “the only fix for this issue will be when miners keep a history of transactions they’ve seen and try them again after an attack like this.”
    • Presigned fee bumps
      • Peter Todd argued that, “the correct way to do pre-signed transactions is to pre-sign enough different transactions to cover all reasonable needs for bumping fees. There is zero reason why the B->C transactions should be getting stuck.”
    • OP_EXPIRE
      • Peter Todd proposed several consensus changes to enable an OP_EXPIRE opcode that would make a transaction invalid for inclusion after a specified block height if the transaction’s script executes OP_EXPIRE
    • Bitcoin UTXO set summary hash replacement
    • Fabian Jahr posted to the Bitcoin-Dev mailing list to announce that a bug had been discovered in Bitcoin Core’s calculation of the hash of the current UTXO set.
    • Research into generic covenants with minimal Script language changes
    • Rusty Russell posted to the Bitcoin-Dev mailing list a link to some research he has performed about using a few simple new opcodes to allow a script being executed in a transaction to inspect the output scripts being paid in that same transaction, a powerful form of introspection
    • Proposed BIP for OP_CAT
    • Ethan Heilman posted to the Bitcoin-Dev mailing list a proposed BIP to add an OP_CAT opcode to tapscript. The opcode would take two elements at the top of the stack and concatenate them into a single element.
    • 276
    • Mailing list hosting
    • Administrators for the Bitcoin-Dev mailing list announced that the organization hosting the list plans to cease hosting any mailing lists after the end of the year. The archives of previous emails are expected to continue being hosted at their current URLs for the foreseeable future.
    • HTLC aggregation with covenants
    • Johan Torås Halseth posted to the Lightning-Dev mailing list a suggestion for using a covenant to aggregate multiple HTLCs into a single output that could be spent all at once if a party knew all the preimages. If a party only knew some of the preimages, they could claim just those and then the remaining balance could be refunded to the other party. Halseth notes that this would be more efficient onchain and could make it more difficult to perform certain types of channel jamming attacks.

News & Noteworthy

Bitcoin

  • Durabit whitepaper dropped via inscription [Tweeted by Rijdael]
    • “A novel solution that leverages the power of Bitcoin to establish enduring incentive systems for continuous data distribution. This tooling combines time-locked Bitcoin bonds and timestamped torrent magnet links to motivate users to actively participate in the seeding of large files. Durabit not only addresses the initial data propagation challenge but also helps offset the long-term operational costs of seeding files. By marrying the immutability of Bitcoin’s blockchain with the efficiency of BitTorrent magnet links, Durabit ensures data availability and integrity while building a self-sustaining incentive system for content distribution.” [Durabit Github]
  • Bull Bitcoin Launches Self Custody Wallet [Bitcoin News]
    • With this development, Bull Bitcoin has integrated a non-custodial exchange and a non-custodial wallet within a single application.
  • Federal Reserve threatens to sue #Bitcoin Magazine in attempt to silence criticism of its FedNow service [Bitcoin Magazine]
  • BitStream: Decentralized File Hosting Incentivised via Bitcoin Payments paper released by Robin Linus

Lightning

  • Lightspark unveiled enterprise-grade end-to-end solution for Universal Money Addresses (UMA) [Announcement]
    • UMA combines human-readable Lightning Addresses with enhanced messaging and integration with the Lightning Network’s real-time, global payment rails to make sending money as easy as sending an email.
    • It is open-source and available for anyone to use.
    • It has generated controversy for extending lightning and LNURL to [support compliance] (“Through UMA, Lightspark’s solution supports a full range of compliance messaging for anti-money laundering, sanctions reviews, and travel rule purposes.”)
  • Relai partners with Breez to launch Lightning Beta [Announcement]
    • In collaboration with the Lightning startup Breez, as of now, you can sign up for the beta test for Relai’s on-Custodial Lightning Wallet
    • With this integration, Relai now supports Lightning transactions while ensuring users maintain full control over their Bitcoins
  • Strike
    • Launched 0-value Lightning invoices
    • Enables our users to send any amount from their cash or Bitcoin balance to other wallets
    • Live for all users globally on iOS and Android (latest version)
    • Partnered with BitRefill to enable users globally to make real-world purchases via the Lightning Network within Strike
    • Other Upgrades:
    • Now supports incoming wire transfers, allowing Strike customers to transfer unlimited funds and buy as much bitcoin as they’d like, all withdrawable immediately.
    • Brought back direct deposits. You can now get any portion of your paycheck paid in bitcoin with Strike.
    • Expanded supported payment methods, including debit cards and enhanced bank connectivity support.
    • Begun allowing some customers to use Strike with their linked payment method, no longer requiring a deposit first. Make Lightning payment with your debit card, send bitcoin to cold storage with your bank account, and more.
  • Removing channel reserve for mobile wallet users proposed by t-bast
  • Batch exchange withdrawal to lightning requires covenants according to t-bast
  • Kollider is shutting down [Announcement]
    • “We weren’t able to find a large enough audience that wanted to trade but also use Lightning. Operating an exchange is expensive so its hard to sustain with not much trading activity.”
  • Athena becomes the first Bitcoin ATM company to support Lightning Network withdrawals. [Asociación Bitcoin de El Salvador]

Nostr

  • Geyser migrates to Nostr [Announcement]
    • Every Geyser project now gets a unique Nostr identity (NPUB) - a big leap for the Open Creator Economy
    • Your Geyser project lives on Nostr, regardless of whether you’re logging in via Nostr or Twitter.
    • This means broader visibility and more engagement for your content on Nostr platforms
  • Scionic Merkle DAG Trees: Backwards-Compatible Integration with Nostr for Multimedia Hosting paper released by H.O.R.N.E.T. Storage

Funding

  • Opensats
    • Long-Term Support For Matt Morehouse
    • Matt is a security researcher & developer focused on the detection and prevention of various bugs and attack vectors that could threaten the stability of the Lightning Network.
    • He is dedicated to enhancing the security and robustness of Lightning implementations through extensive fuzz testing, meticulous auditing of BOLT specs and Lightning implementations, and responsible disclosure of discovered bugs and vulnerabilities. His efforts aim to motivate greater investment in the security of Lightning, ensuring its reliability and trustworthiness.
    • Long-Term Support For Furszy
    • Furszy joined as a Core developer in June 2022 and has been actively involved in a wide spectrum of contributions ever since. Prior to his current role, he served as a software maintainer for a privacy-centric project. Consequently, privacy and performance are two of the areas Furszy focuses on.
    • Long-term support will allow Furszy to dedicate significant attention to the project’s shared goals and the stability of the main reference client. In addition to his own code contributions, he is actively reviewing and providing feedback on others’ pull requests, as well as engaging in daily discussions with other core developers to address potential issues and collaboratively explore avenues for enhancing the project.

Mining

  • Bitcoin Miner Marathon Tests BTC Mining With Methane Gas From Waste Landfill [Coindesk]
    • Bitcoin miner Marathon Digital (MARA) has started a pilot mining project in Utah that is using methane gas generated from landfill waste to make electricity to power mining operations.
    • The 280 Kilowatt (kW) pilot project in Utah is already operational.
  • Block completes the first prototype of the MDK’s hashboard
    • Key features:
    • Distributed controller architecture
    • Precision load control
    • Extended operating range

Business & Finance

  • NYAG files complaint against Gemini, Genesis, DCG, Michael Moro and Barry Silbert over Earn product and covering up $1 billion hole [The Block]
    • The NYAG has filed a complaint against multiple entities involved in the Gemini Earn saga, which involved lending money to Genesis — which was ultimately lost by Three Arrows Capital.
    • The NYAG claims that Genesis, Michael Moro and Barry Silbert conspired to fraudulently represent Genesis’ financial condition to hide the hole in its finances.
  • Gemini Sues Bankrupt Lender Genesis, Its Former Partner, Over $1.6B Worth of GBTC [Coindesk]
    • Gemini is seeking to gain control of the GBTC shares, which, Gemini said, “would completely secure and satisfy the claims of every single” Earn customer – whose money was locked up when Genesis froze withdrawals last year.
  • TBD and Circle Announce New Initiative Enabling Decentralized Identity, Credentials, and Open Payment Standards [TBD]
    • Foundation members will work together to contribute and promote open source standards, including technical specifications, open source software, and reference implementations focused on areas including:
    • Identity and Credential Standards to establish trust, including specifications, standards, and reference implementations for decentralized identity issuers, high assurance verifiable credentials for payment use cases, naming conventions to find and address counterparties via human-friendly names and URIs, and operational capabilities to grow and certify identity and credential issuers based on these standards.
    • Open source liquidity protocol, to be contributed by TBD, along with specifications, reference implementations, and tools that work together with stablecoins and identity to support mainstream payments and commerce use cases, promoting wallet and financial service interoperability for highly scalable, low-cost, and trusted exchanges of value.
  • Bitcoin custody platform @custodiabank founded by Bitcoin advocate @CaitlinLong_ launches custom-built custody platform [Bitcoin Launches]
    • Service targeting businesses like fiduciaries, investment advisers, fund managers & corporate treasurers
    • Products vary depending on state
    • Won approval from the Wyoming Division of Banking in October
    • Offers segregated (rather than omnibus) custody accounts
  • Global Bitcoin Asset Management Platform from Onramp Launches a Global Bitcoin Asset Management Platform Built on Multi-Institution Custody [Bitcoin Launches]

Privacy

  • Swan will no longer service clients who directly interact with mixing services (such as Wasabi, Samurai and similar services) due to the recent proposed ruling from FinCEN regarding Bitcoin mixing. [wim]
  • There have been recent incidents in Sweden involving armed robberies targeting Bitcoin and crypto holders in their homes. [Erica Wall]
    • Multiple cases, including prominent figures in the cryptocurrency sector, have been reported.
    • Victims had either discussed Bitcoin publicly or livestreamed Bitcoin-related content.
    • The issue arises from the ease of accessing residential addresses and tax records in Sweden.
    • This accessibility is due to the legal principle of “Public Access to Information.”
    • Some individuals have left Sweden due to these safety concerns and may not return until privacy laws change.

Government & Political

  • “FinCEN is proposing to apply section 311 of the Patriot Act against basically all types of crypto privacy, including on noncustodial methods.” [Lyn Alden]
    • “Notably, if successful (it is still in the proposal phase), it would be a big extension of their mandate to apply that section to a “class of transactions” rather than to any particular custodial entity.”
    • “Certain types of math/software would become illegal/sanctioned.”
  • EU urged to drop new law that could allow member states to intercept and decrypt global web traffic [The Record]
    • More than 300 of the world’s most respected cybersecurity experts as well as Linux Foundation, Cloudflare and Mozilla have written to European Union lawmakers to warn that the proposed regulations are a “dangerous intervention” and could undermine online security.
    • The letters were prompted by a proposed update to the bloc’s eIDAS (Electronic Identification, Authentication and Trust Services) regulations which would give EU member states the ability to issue so-called Qualified Website Authentication Certificates (QWACs) - cryptographic certificates that web browsers would have a legal obligation to accept as valid — paving the way for governments to intercept encrypted web traffic globally.
  • Kraken has notified its users when they will comply with a requirement to provide IRS with user records [Bitcoin Magazine]
    • “After losing a lengthy court case, they will need to turn over sensitive data to the Internal Revenue Service (IRS) after a legal battle that began in May 2021”.
  • SEC subpoenas PayPal over its USD-pegged stablecoin [TechCrunch]
    • “The payments giant said Thursday that it had received a subpoena from the Securities and Exchange Commission related to its U.S. dollar-pegged stablecoin, according to Reuters.”

Reads & Resources

  • 1:52:22 Here’s a list of our top recently published reads and useful resources:
    • Lightning Report - October 2023 by River
    • Lightning Development with Swift: Make Your First Lightning App with LDK Node Swift [by Bitcoin Developers on Youtube] (20 minute tutorial!)
    • How does a lightning replacement cycling attack work? Thread by mononaut
    • Technical Case Study: How to enable Bitcoin payments for merchants at events using BTCPay Server by [BTCPay Server]
    • Scionic Merkle DAG Trees: Backwards-Compatible Integration with Nostr for Multimedia Hosting by H.O.R.N.E.T. Storage
    • BitStream: Decentralized File Hosting Incentivised via Bitcoin Payments by Robin Linus

Episode submission ideas

  • We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.

Get in touch with the pod


Did I get anything wrong above? Help me correct it producer@coinkite.com