Bitcoin Review Podcast BR061 - eNuts, COLDCARD Q, SimpleX, Nutshell, Minibits, npub.cash, NDK, Primal, Nsec.app +MORE ft. Calle, Pablo & Ben
I’m joined by guests Calle, Pablo & Ben Carman to go through the list.
Housekeeping
- 00:01:56 New BitcoinTreasuries distribution chart
- 00:02:07 Unleashed.chat
- Hits 2000 users!
- v0.1.14
- New model: uncensored version of Mistral AI’s Mixtral 8x7B (you may still need to occasionally convince it to ignore its morals). This model is also very good at coding!
- Uploaded files are now processed much faster
- Fixed a bug that caused some on-chain deposits to be delayed
- Version number is now visible near the logo
- 00:05:15 BBQr.org/PSBT adding PSBT maker
- 00:08:28 eNuts
Vulnerabilities Disclosures
- 00:17:51 “Linux being secure is a common misconception in the security and privacy realm. Linux is thought to be secure primarily because of its source model, popular usage in servers, small userbase and confusion about its security features.” [madaidans-insecurities]
- 00:19:50 Public disclosure of a block stalling bug in Bitcoin Core affecting LN:
- Eugene Siegel disclosed responsibly a vulnerability he had responsibly disclosed almost three years ago, which could potentially facilitate fund theft from Lightning routing nodes. The vulnerability entails an attacker causing substantial delays in block propagation towards a Bitcoin Core node utilized by a Lightning node. This delay is sufficient to intercept an in-flight payment routed through the victim’s node, enabling the attacker to pilfer its value.
- During the initial phase, the attacker gains control of all high-bandwidth compact block relay slots belonging to the victim, achieving this by consistently delivering blocks faster than any other peers. The attacker then proceeds to deceive the victim regarding new block arrivals. This deception involves announcing the header of a new block on one of the controlled connections but withholding the actual block. In versions of Bitcoin Core preceding 22.0, the software will wait up to 10 minutes before seeking the block from an alternative connection. Exploiting this delay, the attacker, with around 50 malicious connections, can effectively conceal new blocks from the victim for a period surpassing the 40-block interval between two in-flight HTLCs within the routed payment.
- Bitcoin Core 22 and higher contain fixes for the bug, but many people are still running affected versions and some of those users might also be running LN implementations or other contract protocol software that could be vulnerable to exploitation of the bug.
- It is believed no one has lost funds due to the attack.
Bitcoin
Software Releases & Project Updates
- 00:20:35 COLDCARD Q
- Now shipping!
- Highlights:
- QWERTY Keyboard: ideal for long BIP-39 passphrases.
- 320x240 pixel LCD screen, 3.2” diagonal size. Four times Mk4 size.
- Battery powered by 3x AAA cells (or USB). Airgapped and/or wireless!
- Dual MicroSD slots (push-pull type, not spring loaded).
- QR Code scanner done right™, with LED illumination and advanced scanning algorithms and serial interface.
- NFC communication, like Mk4
- Includes internal storage for spare MicroSD cards.
- USB data & NFC data can be irreversibly blocked, by cutting a PCB trace: it permanently disable USB data and/or NFC data.
- Demo video
- v0.0.5Q
- fixes & changes f/ version 5.2.2 of Mk4 encorporated
- fix: save bip-39 password to absent SD
- import multisig wallet via descriptor inside a QR
- whitespace in locktime details
- fix: cant detect SD card in Ready to Sign…
- WIF pk detected when scaning QR
- 00:22:40 Libwally-core v1.2.0
- Added:
- Python: Add Python 3.12 wheels to the binary releases/PyPI.
- tx: expose wally_tx_input_clone/wally_tx_input_clone_alloc for input cloning.
- Build: Add new static analysis CI runs.
- Changed:
- Javascript: The npm build now uses nodejs 20, as nodejs 16 is end-of-life.
- Android: Update android NDK to version 26b.
- libsecp256k1-zkp: The library has been updated to include the latest
- changes to its cmake infrastructure.
- cmake: Now takes advantage of the new libsecp256k1-zkp cmake files to build
- experimental modules and export the project in cmake style. cmake now also
- builds test and collects coverage data.
- 00:22:54 Nunchuk Android v1.9.40 Twitter Announcement
- Added the ability to cancel an already broadcast transaction via RBF
- Option to get the derivation path for each receive address (singlesig only)
- Byzantine: added primary owner label
- Byzantine: added support for wallet alias
- 00:23:19 BlueWallet
- 00:25:18 Agoradesk
- 00:25:28 Zaprite Dashboard Analytics
- Income Summary section
- BTC Received: Total bitcoin received
- Accounted Value: Bitcoin converted to fiat currency for accounting
- BTC Payments: Breakdown of bitcoin received on/off chain or through other means like Liquid
- Fiat Received: Total fiat currency accrued
- Users can customize date ranges for dashboard reports
- 00:25:42 Blockstream Green
- Android 4.0.24
- Added:
- Export Greenlight logs
- “Receive any Liquid/AMP asset” to the assets list on Receive and Create New Account screens
- Changed:
- 2FA SMS activation comply with US requirements
- Allow setting custom fees when recovering funds from Lightning
- Update Jade Oracle whitelisted urls
- iOS v4.0.24
- Improve account and asset selector
- Improve lightning sweep and refund
- Adjust 2FA SMS activation
- Disable 2FA limits in fiat
- 00:26:17 BTC Map Android v0.7.0
- Show community meetup locations
- Show community description, if available
- Add area issues screen
- Change default location to Curacao
- Zoom to current location
- Enable search by localized place categories
- Show percentage of verified places
- Show days since verified
- Add Portuguese translation
- Show place images, when available
- Hide deleted reports
- Show issues count on area screen
- Let debug builds coexist with the release builds
- 00:26:22 Umbrel OS v1.0 Announced
- The new, upgraded Umbrel Home
- Engineered from scratch
- Releasing March 18, 2024, for Umbrel Home & Raspberry Pi users. And in April 2024 for Ubuntu & Debian users.
- 5x faster vs Raspberry Pi 4, 2x faster vs Raspberry Pi 5
- Uses the new Intel N100 chip, a faster 16GB RAM and a 2TB SSD.
Project spotlight
- 00:27:55 BitScript: Your Bridge To Building On Bitcoin
- Browser-based â‚żitcoin script integrated development environment
- “Our NorthStar is to scale the programming layer of Bitcoin by introducing & supporting developers to the ecosystem through educational on-boarding & technical support. We do this by shipping intuitive, powerful, & flexible Bitcoin development tools that together make up a Bitcoin Development Environment. The first of these is a transaction deserializer that’s in MVP now.”
- 00:28:48 Avalon Nano 3: A portable small heater that can generate Bitcoin
- Minimalist Design
- Can start mining upon power-on and connection to a mining pool via internet
- Each Avalon Nano 3 includes a QR Code for Braiins Pool registration
- Stratum URL for Brains pool is pre-configured to match user’s account automatically
- 00:28:58 Flash
- Accept payments in Bitcoin â‚ż on your store, platform or for any of your content
- Receive payments instantly, without the need to request any payout.
- Features:
- Payment links: Create and embed a payment links or buttons in Satoshis (Bitcoin fractions) directly in your website.
- Subscription plans: Build your community of users and accept recurring and automated payments directly to your wallet.
- Paywalls: Implement paywalls for your blog, articles, videos or any content directly on your platform or app.
- Store integrations: Integrate Flash to your store with our custom integration for WooCommerce or Shopify store owners.
- Embed HTML buttons
- Ready to use SDK
- Stores integrations
- Enable pay-per-use in Bitcoin
Privacy Software
Software Releases & Project Updates
- Unleashed.chat v0.1.14
- New model: uncensored version of Mistral AI’s Mixtral 8x7B (you may still need to occasionally convince it to ignore its morals). This model is also very good at coding!
- Uploaded files are now processed much faster
- Fixed a bug that caused some on-chain deposits to be delayed
- Version number is now visible near the logo
- 00:31:13 SimpleX Chat v5.5.3
- v5.5.3 adds forward compatibility with the future releases of SMP/XFTP relays and notifications servers.
Project spotlight
- 00:34:51 Pear Runtime by Holepunch
- Open-source peer-to-peer app development platform
- Enables creation of unlimited apps with zero server infrastructure costs
- Challenges conventional notion of server necessity in online interaction
Lightning + L2+
Software Releases & Project Updates
- 00:36:57 Lightning Protocol Dual Funding Merged [Nifty Announcement]
- “After almost 4+ years, 487 comments from 19 reviewers…the spec proposal for adding v2 opens (aka dual-funding) to lightning is officially merged as spec in LN!!” @niftynei
- Demo
- 00:37:03 lnbits
- 0.12.1
- feat: use github release draft
- Adds optional confetti to incoming payments in wallet
- feat: add monitor admin endpoint for listeners
- feat: add setting lnbits_allow_new_accounts to admin ui
- Wallet limits: max balance, daily max withdraw, transactions per sec
- Improves payment reactions
- v0.12.0
- feat: Auth, Login, OAuth, create account with username and password
- use _blank for external links on main
- update nix ci action to use cachix to cache results
- cln: allow amountless invoices in node tx list
- LndRestWallet: catch http errors
- feat: remember last active wallet
- feat: add created_at and updated_at to wallets and accounts
- Simplified mobile wallet
- Move UI configs to profile
- Deactivate all extensions flag
- sort CSV export of payments
- feat: add currency amount to lnurl/lnaddress payments
- feat: improve PWA configuration
- feat: install wizard on first launch
- feat: cleanup-wallets cli command
- feat: release / docker ci pipeline
- feat: use github release draft
- 00:37:25 Nutshell v0.15.0
- Nutshell upgrades to Cashu v1
- The Cashu v1 protocol paves the way for Ecash with multiple denominations (sat, msat, usd, …) and payment methods (Lightning, On-chain, …)
- Mint
- New v1 API implementation with backwards compatibility. Old v0 wallets will keep working with the mint.
- Mint can now rotate keysets by using BIP32 key derivation.
- Each keyset can now have a separate seed from which it is generated.
- Mint stores the seed for each keyset in the database. The seed can optionally be encrypted using a separate CLI tool cashu/mint/decrypt.py.
- Supports database backups before future migrations via env var DB_BACKUP_PATH
- New safety settings for limiting the maximum balance of the mint (MINT_MAX_BALANCE) and the maximum amount for mint (MINT_MAX_PEG_IN) and melt (MINT_MAX_PEG_OUT) requests.
- Wallet
- New v1 API implementation with backwards compatibility. The wallet will still work with old v0 mints.
- Support for multiple denomination in the same wallet.
- 00:52:46 Mutiny Node v0.5.9
- Startup speed optimizations
- Cache subscription timestamp
- Set swap label before paying invoice
- Start up optimizations grab bag
- Save Voltage pubkey and connection string to storage
- 00:53:17 Mutiny StartOS v0.5.9
- Updated LDK & BDK (will resync on chain funds, give it a minute or two)
- Faster startup time
- Language switcher in settings
- 00:53:58 Torq v1.5.0
- CLN v23.11+ is required (pagination)
- Integration with Kraken
- New workflow triggers: Invoice, Forward, Payment, Transaction (on-chain)
- New workflow filters: Mempool, Exchange (Kraken) balance
- New workflow action: Payment Attempt (experimental: tries to find a route to pay an exchange invoice)
- New variables in workflow actions: API client, notification
- Replaced intercom with chatwoot
- Small changes to rebalancer + new metrics and logs
- Timelock Delta in seconds on list screens
- Updated packages
- 00:54:03 Bitcoin Tribe v2.4.0
- Now try out RGB assets from within Tribe Wallet
- Issue, receive and send RGB coins or collectibles.
- The Test Account is pre-funded with test-sats so you can start playing with RGB protocol right away.
- Testnet only for now
- 00:54:10 GetAlby SDK v3.3.0
- This release adds multi_pay_invoice and multi_pay_keysend NWC extension methods. It also exposes a new NWCClient that can be used instead of the WebLN provider (WebLN has more restrictions than NWC)
- Add sendMultiPayment function
- Split NWC client from NostrWeblnProvider
- 00:54:15 10101
- v1.8.8
- Feat(mobile): Let user add a name to their profile for the leaderboard
- Feat(coordinator): Allow to specify time range for leadership board
- v1.8.7
- Feat(mobile): Allow to manually increase for how many derived addresses to sync for. This might be needed if you recovered a wallet and do not see any on-chain funds.
- Feat(mobile): Allow users to register with Email, Nostr and Telegram handle and let them change these details later on.
- v1.8.6
- Feat(mobile): Add in-app survey feature. The coordinator can trigger surveys which will be shown in the app.
- Feat(webapp): show tradingview chart
- Feat(coordinator): Add endpoint to get a leadership board
- Feat(settings): Show all dlc channels in settings
- Feat(settings): Add emergency kit to delete dlc channel
- Feat(webapp): Show version on login screen
- 00:54:24 Loop v0.27.1-beta
- This release adds automatic sweeping of incorrectly deposited amounts to external loop in addresses.
- Previously, a mismatch in the contract amount and the actually deposited amount required external tools to recover the client funds.
- With this release the client automatically sweeps the funds back to the wallet upon contract expiry.
- 00:54:31 lightning-terminal v0.12.3-alpha
- This release of Lightning Terminal (LiT) includes updates to the versions of the integrated LND, Loop and Taproot Assets daemons.
- This release also includes updates to the Lightning Node Connect implementation, to make connections more robust and more optimised
- 00:54:37 Clams Remote v2.1.0
- Added: Spanish language support
- 00:54:43 Stacker News
- NWC and LNBits for sending
- LND for autowithdraw
- NSFW labels
- Improved domain searching
Project spotlight
- 00:55:08 npub.cash: A Lightning-Address powered by eCash and nostr
- Receive Lightning payments on your npub.cash address.
- Either sign up and claim your username, or use any nostr public key (npub) without registration.
- Cashu-Address allows a web server to provide Lightning addresses and mint ecash form the user’s preferred Cashu mint. The user then redeems the ecash when they come back online.
- Features:
- No Sign-Up: Built on top of nostr identities and signatures
- Trust Minimized: Balance can be locked to your public key
- Offline Payments: Cashu acts as a layer for offline payments
- Open Source: Based on on FOSS Cashu-Adress
- 00:58:46 Banco
- A Bitcoin trading protocol that facilitates non-interactive swaps among two or more parties utilizing Elements introspection opcodes.
- Start trading on the Liquid Testnet at banco.vulpem.com
- Host your Banco server to contribute liquidity.
- Github
- 00:58:54 PlebDashboard: A dashboard for the Lightning network.
- Aims to create intuitive views and visualizations and make lightning data more accessible.
- Visualisations:
- Node Visualization
- Lorenz Curve for Lightning Network
- Distribution of Nodes by Capacity
- Distribution of Nodes by Channel
- List of nodes with Taproot Channels
- Features Enabled by Nodes
- Geographical Location of Clearnet Nodes
- Channels visualized in one page
- Distribution of Channels by fee rate
- Distribution of Channels by capacity buckets
- 00:58:59 Compliance LNbits Extension
- Locally updated docs for on compliance for accepting bitcoin payments or running a bitcoin custodial service in your country.
- Records are maintained by a local professionals, such as legal, accountants, and compliance officers. Their details are available once you select a region.
- Do you work in compliance and interested in contributing? Add a pull request.
Nostr
Software Releases & Project Updates
- 00:59:34 NDK v2.5
- Adds Nostr Wallet Connect
- 1:00:51 Primal
- Android v0.93.2
- Implemented wallet bitcoin on-chain support (sending and receiving btc payments).
- Implemented support for unified QR codes for Bitcoin;
- Implemented note to self and note to recipient for LN payments;
- Implemented network settings screen with connectivity status;
- Implemented adding and removing relays;
- Implemented resetting relays to default settings;
- Implemented writing temporarily to bootstrap relays if user relays not found;
- Web App
- Note drafts
- Emoji picker
- Faster media uploads with a progress indicator
- Smart contact list (remembers previous user selections)
- Revamped custom zaps and zap preset settings
- Profile page has a QR code now
- Improved feed rendering
- 1:02:01 Coracle v0.4.1
- Hide deleted calendar events
- Show date on calendar event notes
- Add edit for calendar events
- Add delete for calendar events
- Expand notes inline when clicking “Show More”
- Refresh pages when navigating to the current page
- Remove duplicate media from listings
- Add listing edit and delete
- Navigate to notes by address when possible
- Remove query string from imgproxy payload
- Remove duplicates by address from feeds
- Add mention action to person detail page
- Scroll to top on navigate
- Support read receipts for notifications
- Add status to listings
- Support frequency value in
price
tag for nip 99 - Show all replies exands notes inline rather than opening the note
- Improve person search
- Improve relay selection for groups
- Keep relays intact when publishing kind 3
- 1:06:58 Amethyst
- v0.84.1
- ncryptsec support (NIP-49)
- Export and log in with a password-protected version of your private key.
- Adds support for NIP49 to login and back up key screens
- Adds cryptographic support for NIP-49 to Quartz
- Enables citation on chats via @
- Adds “₿itcoin” to the set of custom hashtags
- v0.83.13
- Adds background support for community and public chat list events from NIP-51
- 1:07:37 rust-nostr v0.28.0
- Nostr sdk book pages
- Verify unsigned event ids
- sdk: add ClientZapper
- Reduce WASM size
- nostr: use url in std and url-fork in no_std
- nostr: add support to uppercase single-letter tags
- Make nostr-sdk signing events public
- Improve negentropy reconciliation
- Updates to remaining NWC extensions
- Add Relay Service Flags
- Add support to NIP59
- Add Sealed Direct messages support
- sdk: allow to send/get msgs and events to/from specific relays
- sdk: move relay module to nostr-sdk-pool crate
- Add encrypted tag kind
- Improve ClientSigner
- pool: add Relay::send_req method
- Add POW difficulty check for received events
- database: use LruCache instead of HashMap in MemoryDatabase
- database: extend kind-author indexes support
- nostr: add PublicKey and SecretKey structs
- Add support to NIP49
- Zapper
- 1:08:41 Nostur
- v1.12.0
- Profile tab for articles
- Separate profile tabs for posts and replies
- Shortcut to own last post or reply
- Open Gallery in detail pane on macOS
- Database status & optimize
- v1.11.0
- Fullscreen swiping prev/next on images
- “Open with…” to open unknown content types with other apps (NIP-89)
- Support for older iOS 15 and macOS Monterey
- Drag and drop images on new post
- Hashtag icons
- Website Comments: a parallel comment section on any website using nostr
- 1:09:35 Nostrudel v0.38.3
- What’s new
- Support for nsecbunker and the new OAuth flow;
- Added simple “Launchpad” view (most stuff will be added in the future);
- Restore scroll position when returning to the timeline;
- Show unavailable events in threads;
- Organized all the “other stuff” in a tools page;
- Added support to cache events in local relays instead of the browsers cache.
- 1:12:40 0xchat v1.2.6
- Introduction of the Cashu wallet feature.
- Added the ability to send random Ecash in group/channel chats
- 1:14:03 Mostro v0.9.7
- Improve comments on global vars
- Removed thread sleep calls for sqlite update and create
- Remove UNIQUE from order_id field in disputes table
- 1:14:10 plebeian-market
- 1:14:16 nostr-zap
- v0.22.0
- Add ability to invoke via js (#22) dfe7d61
Project spotlight
- 1:14:22 Nsec.app
- non-custodial store for your keys
- can store many keys
- provides nip46 access to apps
- permission management for connected apps
- works in any browser or platform
- background operation even if app tab is closed
- cloud e2ee sync for your keys
- support for OAuth-like signin flow
- 1:20:12 Tunestr
- Value for Value live music
- Support artists directly with bitcoin lightning payments.
- Chat with other fans and support the artist with instant lightning payments.
- Artists collect 100% of your contributions.
- Cross platform
- 1:20:17 resolvr
- Decentralized adjudication and escrow for #FOSS development bounties
- built on bitcoin and nostr
- Github
- 1:20:27 Whynostr: Proof-of-concept for Collaborative Document Editing on Nostr Announcement
- How it works:
- A user can invite other users to edit a document (i.e. a long-form, or any other kind of document)
- The invitees can be added/removed at will by the owner of the document.
- The users send ephemeral events while live editing and can hit “save” to propose a new version of the document.
- Everybody sees what the others are doing in real time
- The document’s owner chooses which version to make “official”.
- Documents can be forked so any of the invitees (or anybody else if the document is allowed to be public) can fork the document and continue working on their own version.
- Demo
- 1:23:47 Satcom: Collaborative layer for the Internet Announcement
- Satcom is a Chrome extension that integrates web content and online discussions using Nostr.
- Share thoughts, ask queries, and interact with others, all integrated directly into the web content you’re exploring.
Boosts
- 1:24:51 Thanks to everyone who streamed sats, and shoutout to our top boosters:
- [🏆 TOP BOOSTER] @apemithrandir (7,777 sats) “Craig Raw is the true Craig from now on”
- @juansgalt (5,000 sats) “That was excellent as always”
- @qxotk (2,121 sats) “@nvk, just say “Q X” - thank you all for the zzzz.”
- @vake (2,000 sats) “I’m confused why there is no ETF discussion on this show.
- @user30394172 (1,000 sats) “If weget op cat before vaults I’m flipping every table, last time I was kidding but now it might really happen - wtf is going on?”
- @mix (1,000) “The apps don’t work very well outside the cities either, even in “first world” countries. Just had to wait 15 minutes to oget serviece after a dead zone to send this. haha.”
Bitcoin Optech Newsletter
- 289
- Ideas for relay enhancements after cluster mempool is deployed:
- Gregory Sanders posted to Delving Bitcoin presenting several ideas for enabling individual transactions to opt-in to specific mempool policies after cluster mempool support has been fully implemented, tested, and deployed.
- These enhancements leverage the capabilities of v3 transaction relay by relaxing some of its rules that may become unnecessary and introducing a requirement for a transaction (or a package of transactions) to pay a feerate ensuring their likelihood of being mined within the next block or two.
- What would have happened if v3 semantics had been applied to anchor outputs a year ago:
- Suhas Daftuar posted to Delving Bitcoin regarding his research on automatically applying v3 transaction relay policy to anchors-style LN commitment and fee-bumping transactions.
- Out of 14,124 transactions recorded in 2023 resembling anchor spends:
- About 94% would have been successful under the v3 rules.
- Approximately 2.1% had more than one parent, necessitating adjustments in LN wallet behavior.
- Around 1.8% were not the first child of the parent, affecting package relay proposals.
- About 1.2% were apparently grandchildren of the commitment transaction, posing challenges for LN wallet behavior.
- Approximately 1.2% were never mined and weren’t analyzed further.
- Less than 0.1% spent an unrelated unconfirmed output, requiring automatic resolution.
- Less than 0.1% were larger than 1,000 vbytes, suggesting a potential adjustment in v3 size limits.
- Additional discussion and research are anticipated, indicating that LN wallets might require minor adjustments to align with v3 semantics before Bitcoin Core could safely treat anchor spends as v3 transactions.
- 288
- Securely opening zero-conf channels with v3 transactions:
- Matt Corallo posted to Delving Bitcoin to discuss securely allowing zero-conf channel opening with the proposed v3 transaction relay policy.
- Zero-conf channel opens involve new single-funded channels where the funder gives some or all of their initial funds to the acceptor. These funds are not secure until the channel open transaction receives a sufficient number of confirmations, eliminating the risk of the acceptor spending those funds back through the funder using the standard LN protocol.
- The initial proposal for v3 transaction relay policy would only allow an unconfirmed v3 transaction to have, at most, a single child in the mempool, with the expectation that the single child will CPFP fee bump its parent if necessary.
- These v3 rules pose challenges for fee bumping zero-conf channel opens, as the funding transaction creating the channel is the parent of a v3 transaction closing the channel and the grandparent of a v3 transaction for fee bumping. With v3 rules only permitting one parent and one child, fee-bumping the funding transaction without modification is not feasible.
- Proposed solutions include modifying funding and splicing transactions to include an extra output for CPFP fee bumping, awaiting advancements in cluster mempool to potentially permit more permissive topologies, and then transitioning to using a more permissive topology by dropping the extra output.
- Requirement to verify inputs use Segwit in protocols vulnerable to txid malleability:
- Bastien Teinturier posted to Delving Bitcoin to highlight a crucial requirement for protocols where a third party contributes an input to a transaction that must maintain its txid after another user contributes a signature.
- In scenarios like LN dual-funded channels, both parties contribute inputs to ensure each receives a refund if the other fails to cooperate later.
- Segwit prevents txid malleability, but for segwit v0, Alice must verify that Bob is spending a segwit v0 output by obtaining a copy of the entire previous transaction containing Bob’s output to prevent potential malleability.
- For segwit v1 (Taproot), each
SIGHASH_ALL
signature directly commits to every previous output being spent in the transaction, allowing Alice to verify Bob’s scriptPubKey and ensure it uses segwit, thus preventing malleability. - Protocols relying on presigned refunds must adhere to two security rules:
- If contributing an input, prefer to contribute an input that spends a segwit v1 output, verify previous outputs of all other spends, ensure they use segwit scriptPubKeys, and commit to them using your signature.
- If not contributing an input or not spending a segwit v1 output, obtain complete previous transactions for all inputs, verify their outputs being spent are all segwit outputs, and commit to those transactions using your signature.
- Proposal for replace by feerate to escape pinning:
- Peter Todd posted to the Bitcoin-Dev mailing list a proposal for a set of transaction replacement policies usable when existing replace-by-fee (RBF) policies won’t allow a transaction to be replaced, coming in two variations:
- Pure replace by feerate (pure RBFr): Allows a transaction in a mempool to be replaced by a conflicting transaction paying a significantly higher feerate (e.g., 2x the replacee’s feerate).
- One-shot replace by feerate (one-shot RBFr): Permits a transaction in a mempool to be replaced by a conflicting transaction paying a slightly higher feerate (e.g., 1.25x), provided the replacement’s feerate is high enough to rank it in the top ~1,000,000 vbytes of the mempool.
- Mark Erhardt highlighted potential abuse of the proposed policies, prompting adjustments from Peter Todd to address such concerns.
- Additional concerns were raised by Gregory Sanders and Gloria Zhao regarding the complexity and feasibility of implementing these policies accurately and their impact on free relay protection.
- As of this writing, the separate discussions remain unresolved. Peter Todd has released an experimental implementation of the replace by feerate rules.
News & Noteworthy
Privacy
- 1:28:28 Apple PWA ban Announcement
- Last week, iPhone users in the European Union noticed that they were no longer able to install and run web apps on their iPhone’s Home Screen in iOS 17.4.
- Apple explains that it would have to build an “entirely new integration architecture that does not currently exist in iOS” to address the “complex security and privacy concerns associated with web apps using alternative browser engines.”
- The Digital Markets Act requires that all browsers have equality, meaning that Apple can’t favor Safari and WebKit over third-party browser engines. Therefore, because it can’t offer Home Screen web apps support for third-party browsers, it also can’t offer support via Safari.
Development
- 1:30:39 Matt Corallo proposes a BIP which resolves human readable names into payment info
- “User behavior has clearly indicated a strong demand for the resolution of human-readable names into payment instructions. This BIP defines a protocol to do so using only the DNS, providing for the ability to query such resolutions privately, while utilizing DNSSEC to provide compact and simple to verify proofs of mappings.
- I’d like to hereby request a BIP number assignment. What is the current approach to do so - since the mailing list has died, is a post on delving bitcoin the appropriate place to publish BIP drafts?” - @TheBlueMatt
- 1:32:38 Bitcoin Dev Mailing List moves to Google Groups Announcement
- The new location of the bitcoindev mailing list is: https://groups.google.com/group/bitcoindev
- “After working through a few roadblocks we are now finally ready to migrate the mailing list to Google Groups. Emails to the old list are no longer accepted as of February 2024. Subscribe promptly to ensure you’re not missing any emails. We’ll wait 24 hours prior to letting new emails through to give people time to subscribe.” -Bryan Bishop
Lightning
- 1:33:08 Custodial #Bitcoin Lightning wallet, Exodus, is shutting down operations in the 🇺🇸 US due to regulatory reasons [Bitcoin News]
Events
- 1:34:17 Summer of Bitcoin 2024 Announcement
- Summer of Bitcoin is a global, online summer internship program focused on introducing university students to bitcoin open-source development and design.
- Applications are open until February 20th
- 1:34:20 Bitcoin Film Fest and Halvening celebration Announcment
- Hosted in Warsaw Poland April 19-21
Reads
- 1:34:34 Here’s a list of our top recently published reads:
- Scaling Bitcoin Apps with NWC Blog Post
- Linux being secure is a common misconception Paper
- NOSTR WALLET CONNECT: A BITCOIN APPLICATION COLLABORATION LAYER by Shinobi on [Bitcoin Magazine]
Episode submission ideas
- We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.
Get in touch with the pod
- Podcast Twitter
- NVK Twitter
- Telegram
- Nostr & LN ⚡nvk@nvk.org (not an email!)
Did I get anything wrong above? Help me correct it producer@coinkite.com