I’m joined by guests Fiatjaf, Miljan & Odell to go through the list.

Listen on your favorite podcast app:

Vulnerability Disclosures

  • 00:02:34 Ebury: 400k Linux servers compromised for cryptocurrency theft and financial gain [Eset Research]
    • “One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to credit card and cryptocurrency theft”
  • 00:03:55 Zero-day in D-Link router (DIR-X4860) [Bleeping Computer]
    • “Security vulnerabilities in DIR-X4860 allow remote unauthenticated attackers that can access the HNAP port to gain elevated privileges and run commands as root.” [SSD’s disclosure]
  • 00:05:07 LLMjacking: Stolen Cloud Credentials Used in New AI Attack [Sysdig Blog post]
    • LLMjacking is a “new attack that leveraged stolen cloud credentials in order to target ten cloud-hosted … LLM services”
    • “The credentials were obtained from a popular target, a system running a vulnerable version of Laravel (CVE-2021-3129).”
  • 00:10:43 Bluetooth as a border surveillance technology [EFF article]
    • Two Texas counties have implemented a new tracking technology, TraffiCatch, capable of detecting Bluetooth and WiFi signals to monitor devices such as smartphones and cars. [NOTUS report]
  • 00:31:38 Google patches third zero-day Chrome vulnerability in one week [Bleeping Computer]
    • Google addressed a “high-severity” type confusion vulnerability in the Chrome V8 JavaScript engine, identified as CVE-2024-4947, which was actively exploited in the wild. [Release update]

Bitcoin

Software Releases & Project Updates

  • 00:33:28 Sparrow Wallet v1.9.1
    • Add testnet4 network support
    • Add testnet4 Electrum public server and remote transaction broadcast from mempool.space
    • Increase the gap limit where necessary to sign a PSBT where the provided input derivations match an open wallet
    • Optionally show output descriptor QR export as BBQR when Coldcard, software or watch-only keystores are present
    • Update Coldcard import and export instructions to match the latest firmware
    • Update default derivation path for ‘unknown’ Unchained signer
  • 00:35:11 electrs v0.10.5
    • Update dependencies (bitcoin,bitcoin_slices,bitcoincore-rpc, rayon)
    • Support latest bitcoind
  • 00:35:24 Specter Desktop v2.0.3
    • Add support for more languages for mnemonics
    • Allow bumpfee on transactions with a single output
    • Enforce hwi init
    • Kn/macos signing
  • Bitcoin Keeper V1.2.6
    • Backup vaults on your personal cloud
    • Use Canary wallets to detect unauthorized key usage
    • Concierge Support out in beta
    • UX/UI enhancements
  • 00:38:54 BlueWallet
    • v6.6.6
      • Rename counterparty payment code
    • v6.6.4
      • Display bip47 payment code contact on tx details screen
  • 00:39:12 Blockstream
    • Green QT v2.0.5
      • Add or import singlesig watch-only wallet
      • New watch-only section in wallet settings dialog
      • Expose extended public keys and output descriptors of singlesig accounts
      • Handle external BIP21 payment on Linux
      • Option to scramble login keypad
  • 00:39:52 Robosats v0.6.1-alpha
    • Revamped Robosats Android app
      • Full RoboSats self-hosted client, generate robot identities locally
      • All networking torified
      • Android app soon to be publish on F-Droid
    • Load map JSON in advance
    • Detect federation testnet
    • Notify coordinator admin for new disputes
    • Portuguese translation
    • New tor engine
    • Add geoblocked countries
  • 00:39:59 BoltzExchange boltz-web-app v1.3.5
    • Add geyser integration
    • Add setting menu
    • Change license to AGPL3
    • Capture logs in browser storage
  • 00:40:13 Wasabi Wallet v2.0.7.2
    • This version is just adding one feature: Mix to another wallet - In the program, you can set another wallet in the coinjoin settings to which you want to coinjoin. In this case, the anonymity score target is not considered; once the coinjoin is completed, your coins will be transferred to the wallet you specified.
  • 00:44:32 Stack Wallet V2.0.0
    • Add Bitcoin Frost multisig
    • Add Bitcoin taproot support
  • 00:44:40 GroupHug v1.1.0
    • Add options to query for information about the groups
    • Close groups by fee. Groups are closed if they pay enough fee to enter the next block
    • Close groups by time. Groups are closed after a certain defined time if they are not full

Project spotlight

  • 00:47:13 Penlock: open-source, cryptographically secure, printable paper-computer [BitDev Mailing List]
    • Beta release: “Guides users through secret-splitting their BIP39 seed phrase without an electronic device.” [Github]
  • 00:47:33 utreexod: full node bitcoin implementation with support for utreexo accumulators [Github]
  • 00:47:51 Meshtastic BitcoinCore Bridge: Broadcast raw transactions over Meshtastic Lora to a computer with Bitcoin Core [Github]
  • 00:48:39 silentpayments.xyz: website to learn about Silent Payments, which wallets support them with integration documentation [Announcement]
  • 00:49:02 blindbitd: Bip352 silent payment wallet which runs as daemon [Github]
  • 00:49:10 Silentium: BIP352 light mobile wallet [Github]
    • “Self-custodial & privacy focused wallet for sending and receiving Silent payments with Silentiumd.”
  • SilentPay: A wallet library for silent payments [Github]
    • This library is a JavaScript/TypeScript implementation of silent payments … and provides a simple wallet implementation that provides support for silent payments out of the box.
  • 00:51:50 BlueWallet Silent Payments repository [Announcement]
  • 00:51:53 BitEscrow Developer Playground
    • “Experiment with our API, All test chains supported, Edit in JSON, Programmable Contracts, Open Source”
  • 00:51:58 BitVMX: a virtual CPU to optimistically execute arbitrary programs on Bitcoin [BitDev Mailing List]

Privacy & Other Related Bitcoin Projects

Software Releases & Project Updates

  • 00:55:07 Unleashed.Chat v0.1.21
    • Mixtral 8x22B Instruct–Mistral AI’s flagship FOSS model
    • Mixtral 8x7B and 8x22B models are now capable of searching the Internet
    • Add API endpoints for fetching the current balance and creating a Lightning invoice for adding funds
    • Billing is now based on the length of the response (output tokens) rather than generation time
  • 00:58:28 SimpleX v5.7.0
    • Quantum resistant end-to-end encryption with all contacts
    • Forward and save messages without revealing the source
    • In-call sounds and switching sound sources
    • Better network connection management
    • Customizable profile images

Project spotlight

  • 00:58:52 OpenXrypt: Secure and private direct messaging for social media [Github]
    • Chrome extension that provides secure and encrypted communication on social media platforms using the OpenPGP encryption standard
    • Compatible with Twitter DMs and Whatsapp Web

Lightning + L2+

Software Releases & Project Updates

  • 1:01:58 Mutiny
    • mutiny-startos v1.7.1
      • On chain fedimint support
      • Swapping between federations
      • Improve performance
    • Node / Web v1.7.0
      • On chain fedimint support
      • Warn when federations have a pop up message
      • Ability to transfer funds to another federation
      • Anchor channel support
  • 1:02:02 LDK v0.0.123
    • API Updates:
      • default dust exposure limit has been increased to MaxDustHTLCExposure::FeeRateMultiplier(10_000)
      • An OutputSweepe is now provided which will automatically sweep SpendableOutputDescriptor
      • After initiating an outbound channel, a peer disconnection no longer results in immediate channel closure. Rather, if the peer is reconnected before the channel times out LDK will automatically retry opening it
      • PaymentPurpos now has separate variants for BOLT12 payments, which include fields from the invoice_reques as well as the OfferI
      • ChannelDetail now includes a list of in-flight HTLCs
    • Node Compatibility:
      • Blinded paths were inconsistent with other implementations in several ways, which have been addressed
      • Messaging blinded paths now support the latest features which some nodes may begin relying on soon
      • BOLT12 structs have been updated
    • Security: fix denial-of-service vulnerability … when parsing invalid BOLT11 invoices containing non-ASCII characters.
  • 1:02:11 scaling-lightning v0.4.0
    • Configurable namespace: specify the Kubernetes namespace for the scaling lightning network … to run multiple separate SL networks on the same machine.
  • 1:02:16 Phoenixd v0.1.5
    • Add official Dockerfile
    • Add authentication to webhook calls
    • Add descriptionHash parameter to createinvoice
    • Update lightning-kmp
    • Add endpoints to list incoming and outgoing payments
  • 1:02:20 Breez SDK v0.4.1
    • Show correct amount on closed channels
    • Attach labels to payments
    • Persist LNURL-pay comment sent to the recipient
  • 1:02:24 minibits-wallet v0.1.7-beta.13
    • Wallet paged screen is now organized by units, not by mints
    • Lighnting transactions are initiated in selected mint context
    • Send and Receive bottom buttons now handle Ecash transactions
    • Mint information kept by the wallet can be now refreshed
    • Nostr relays can be re-subscribed to using new button on Relays screen header
    • Wallet profile and address is accessible from wallet screen and address can be copied
    • Wallet now fully uses v1 Cashu API specification when talking to the mints
  • 1:02:44 Bull Bitcoin bullbitcoin-mobile v0.2.0-9-beta
    • “Self-custodial Bitcoin and Liquid Network wallet which offers non-custodial atomic swaps across Bitcoin, Lightning and Liquid”
    • Major update:
      • Add Liquid Network wallet
      • Add atomic swaps with Lightning Network
  • 1:04:01 nutstash-wallet v0.2.7
    • Add feature/onboarding
    • Add P2pk
  • 1:04:02 Fedimint v0.3.1
    • Added Premetheus metrics
    • Utils for fetching meta fields and vetted gateways
  • 1:04:06 Aqua Wallet v0.1.52
    • Bitcoin can now be sent with custom fees
    • Add mempool.space for Bitcoin fee estimates, with fallback to blockstream.info
    • Add deposit addresses to the Transaction Details for swaps.
  • 1:04:11 LNp2p Bot
    • v0.10.4
      • Add source tag with order message link
    • v0.10.3
      • Publish order on nostr
      • Prevent the user from using the bot until they have assigned a username

Project spotlight

  • 1:04:18 Cashu.Me v0.1
    • Modern UI: The home screen shows you your total balance across all mints.
    • Support for Bitcoin and USD: You can send and receive Bitcoin or Fiat via Lightning invoices or directly as Ecash, using the new v1 Cashu protocol.
    • Seed phrase backups: Cashu.me now supports seed phrase backups that allow you to restore your entire balance if you lose your device. Interoperability wins.
    • Animated QR codes: Cashu.me now supports animated QR codes …, it also allows you to send any amount you like via QR codes without ever hitting the internet.
    • Send Ecash offline: New coin selection algorithm built into Cashu.me ensures you always have the right amount of Ecash in your wallet to be able to make up to 4 payments of any amount … without having to go online.
    • Receive Ecash offline: Simply press the “Later” button in your receive screen and store the Ecash in your History to redeem it later when you come back online.
    • Lock Ecash with P2PK: Your counterparty … can now lock Ecash to your public key by using the Pay-to-Pubkey (P2PK) feature.
    • Discover mints via Nostr: The mint tab on the home screen now allows you to discover new mints via Nostr.
    • Swap Ecash between mints: If you ever want to transfer funds you hold from one mint to another, you can use the multi-mint swap feature in the Mint tab.
    • Remote control with NWC: You can now use your Cashu.me wallet from other applications using a feature called Nostr Wallet Connect (NWC).
  • 1:04:34 Alby releases open-source forks of browser extension AdBlockPlus and uBlock [Blog post]
    • Allow users to block ads and pay in bitcoin by integrating Nostr Wallet Connect (NWC) and Lighting Web Standard (WebLN).
    • NWC: enables bitcoin lightning wallets to connect with various apps, allowing NWC-compatible wallets to fund an ad blocker extension with bitcoin and ensures that the app handling payments does not access user funds.
    • WebLN: WebLN facilitates communication between browser extensions and websites, using JavaScript to programmatically process payment requests without scanning QR codes.
  • 1:07:36 Prism introduces Boardwalk Cash [Twitter post]
    • The first dollar-based CashuBTC wallet built on top of Bitcoin and connected to Nostr [Github]
  • Nodana: Phoenixd as a Service [Announcement]
    • Beta: Run Phoenixd in the cloud using a CLI. “No registration, personal details or credit cards required”.
  • Ticketbot: A proof of concept ticketing agent for Lightning and Nostr [Github]

Nostr

Software Releases & Project Updates

  • 1:20:45 Primal android-app v0.99.2
    • Implement user tagging in new notes and replies
    • Implement recent users
    • Implement connect other wallet
  • rust-nostr v0.31.0
    • Simplify the way to subscribe and/or reconcile to subset of relays
    • Add blacklist support to mute public keys or event IDs
    • Remove zap split from client.zap method
    • Rework Tag
    • Add TagStandard enum
  • Damus v1.8
    • New Emoji Selector
    • Quote Reposts
    • New fullscreen video player
    • Improved longform style
    • Account recovery
  • nos.social
    • v0.1.14
      • Add the author’s name to profile cards on the Discover tab and search results
      • Add a delay when trying to reopen a websocket that had previously closed with an error
    • v0.1.13
      • On the Profile screen, open a sheet to display the full bio
    • v0.1.12
      • Open Profiles when tapping on a NIP-05 username reference in a note
      • Add special treatment for nostr.band when searching on the Discover tab
      • Detect identifiers of the form @npub1… in notes and link them to the associated profiles
      • Detect NIP-05 identifiers inserted in notes and link them to njump
      • Add “Send To Nos” private reporting to protect user privacy
    • v0.1.11
      • Add support for uploading videos when composing a note
    • v0.1.10
      • Add option to connect your existing NIP-05 username
    • v0.1.8
      • Add PrivacyInfo file to the project to comply with Apple’s new requirements
      • Updated dark theme colors for card backgrounds, primary text, and secondary text
      • Add a new UI for replying to messages that allows attaching images and setting an expiration date
  • Citrine v0.2.4
    • Add Connection statistics
    • Add Database statistics

Project spotlight

  • Zap.store: permissionless app store leveraging the nostr social graph [Github]
  • Voyage: Lightweight nostr client for Android with a Reddit-like UI [Github]
    • Fork and successor of Nozzle
  • resumstr: Nostr-based Resume Builder [Github]

Boosts

  • 1:46:45 Thanks to everyone who streamed sats, and shoutout to our top boosters:
    • [🏆 TOP BOOSTER] @@garykrause_ (40,000 sats) “FPPS is debt on bitcoin. very bad idea.”
    • @vake (5,000 sats) “Bitcoin is boring and nothing happens.”
    • @dubravko (1,740 sats) “Re. Signal and Telegram: thank God not only Bitcoin is boring, but I am as well.”
    • @pippellia (1,000 sats) “There is nothing better than hearing Odell and NVK talking shit against each other 🤣”
    • @marinaspin (100 sats) “Obrigada”
    • @righthandson (100 sats) “Matt it wasn’t just you. Someone had discord notifications coming through their audio. Great show! Love the @futurepaul episodes!”

Tech Tip of the Day

  • 1:48:28 How to turn on Advanced Data Protection for iCloud: enable end-to-end encryption for your iCloud backups [Apple guide]

Bitcoin Optech Newsletter

  • Highlights from recent Bitcoin Optech Newsletters
    • 303
      • Anonymous usage tokens: Adam Gibson posted to Delving Bitcoin about a potential solution to private proof of pubkey ownership using keypath-spend.
      • BIP39 seed phrase splitting: Rama Gan introduces Penlock, “a printable paper-computer that guides users through secret-splitting their BIP39 seed phrase without an electronic device”.
      • Alternative to BitVM: “Sergio Demian Lerner and several co-authors posted to the Bitcoin-Dev mailing list about a new virtual CPU architecture based in part on the ideas behind BitVM.”
      • Continued discussion about updating BIP2: continued discussion by Mark “Murch” Erhardt updating the BIP process (BIP2).
    • 302
      • Release of utreexod beta: Calvin Kim posted to the Bitcoin-Dev mailing list to announce the beta release of utreexod, a full node with support for utreexo.
      • BIP119 extensions for smaller hashes and arbitrary data commitments: proposed BIP by Jeremy Rubin to extend the proposed OP_CTV, with two additional features:
        • Support for HASH160 hashes
        • Support for additional commitments
    • 301
      • Consensus-enforced lamport signatures on top of ECDSA signatures
        • Ethan Heilman posted to the Bitcoin-Dev mailing list a method for requiring that a transaction be signed by a lamport signature in order to be valid.

News & Noteworthy

Lightning

  • Lightning Labs CTO announces first mainnet multi-hop asset payment with Taproot Asset channels [@Roasbeef Twitter post]

Nostr

  • Amethyst NIP 90 content discovery [Merged #856]
    • Current state:
      • A Nip89 list of DVMs for content discovery is loaded and shown in the discovery tab
      • Send kind 5300 request event to DVM on Click
      • Listen to Kind 6300 Response
      • Parse kind 6300 and render the events in a feed
      • View NIP90 Content-Discovery DVMs
      • Send a new request by clicking on a DVM
      • Get results back and renders feed

Business & Finance

  • IBEX Pay to cease all operations in the U.S., effective May 31st, 2024 [Announcement]
  • P2P exchange AgoraDesk/LocalMonero to shut down on November 7th, 2024 [Blog post]
  • Mash (@getmash) to shut down all products and services on May 17th, 2024 [Announcement]
  • Swan launches Managed Mining service for institutional investors [Press release]

Funding

  • Spiral renews grant to Summer of Bitcoin (@summerofbitcoin) [Announcement]
  • Bitcoin Beach Grants: a global campaign to advance Bitcoin circular economies [Announcement]
    • “Educational content, grant funding, and ongoing mentorship to empower emerging #Bitcoin Circular Economies” in partnership with @geyserfund and @FBCEglobal.
  • HRF attributes CISA research fellowship to Fabian Jahr [Twitter post]
  • Brooks School Tech Policy Institute to research relationship between Bitcoin and financial freedom [Cornell Blog post]
    • HRF and the Reynolds Foundation to support BTPI Director Sarah Kreps to lead research in “understanding the use of Bitcoin and stablecoins by individuals around the world”.
  • Bitcoin Design Foundation announces grant to Jakub, UX generalist at Alby [Press release]
  • The Bitcoin Policy Institute [announces] the Peer-to-Peer Rights Fund
    • Guiding principles:
      • Non-Regulation of Non-Custodial Tools as Financial Services (aka “No MSBs without Keys”)
      • Protection of Open-Source Software under the First Amendment
      • Constitutional Rights to Use and Transact Bitcoin

Mining

  • Block’s Mining Development Kit heads to beta testing [Blog post]

Protocol

  • BIPs #1458: adds BIP352 (Silent Payments) [Merged]
  • LDK #2973: add support for OnionMessenger, intercept onion messages on behalf of offline peers [Merged]
  • Bitcoin Core #28970 and #30012: add support for a limited form of one-parent-one-child (1p1c) package relay that doesn’t require any changes to the P2P protocol.
  • Bitcoin Core #28016: begins waiting for all seed nodes to be polled before polling DNS seeds [Merged]
  • Bitcoin Core #29623: makes various improvements to warning users if their local time seems to be more than 10 minutes out of sync with the time of their connected peers [Merged]

Government & Political

Events

Reads

  • Here’s a list of our top recently published reads:
    • A Primer on UTXOs by BullBitcoin [Blog post]
    • Script State from Lamport Signatures by Andrew Poelstra [Bitcoin Magazine]
    • Open source is neither a community nor a democracy by David Heinemeier Hansson [Blog post]

Episode submission ideas

  • We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.

Get in touch with the pod

Did I get anything wrong above? Help me correct it producer@coinkite.com