I’m joined by guests Alex B, Ben Carman and Craig Raw to go through the list.

Listen on your favorite podcast app:

Housekeeping

  • 00:02:10 New COLDCARD tutorials:
    • NFC push txn [Youtube]
    • Applying a Passphrase [Youtube]
    • Coldcard Q - Secure Offline Password Manager: [Youtube]
    • How to create a 2 of 3 multisig with 3 COLDCARD Qs
  • 00:02:58 Unleashed.chat had lots of small updates and running fast better, we are looking for feedback and feature ideas. And if you are interested in the AI topic but wants a primer I recorded a episode of WBD with Peter WBD EP 838 and another one with Marty TFTC EP 492.
  • 00:03:56 OpenSats just released another round of funding, that included Krux a great FOSS DIY renewal and more we will cover later in this episode.

Vulnerability Disclosures

  • 00:04:32 Wasabi Wallet published a report listing vulnerabilities actively leveraged by attackers [Security Incident Disclosure]
    • User-targeted attacks: Wasabi Wallet warns a coordinator named WasabiCoordinator is reportedly attempting to siphon funds from its users [Twitter post]
    • According to a user on BitcoinTalk the malicious coordinator would “change the [number] of inputs to 2, drops the coinjoin time from 45 min to 5 min, and raises the fee [percentage] to milk you.”
    • Supply chain compromise: A compromised GitHub account altered the Wasabi-2.0.8.1 Windows installer, the hash discrepancy has been detected and removed by BinaryWatchBot, a Coinkite OpResearch bot. [BinaryWatchBot Twitter post] - Attacks on free coordinators: free coordinators face an unprecedented number of Layer 7 DDoS attacks. Such attacks are challenging to mitigate as they target the application layer, making malicious requests almost indistinguishable from legitimate traffic.
  • 00:16:20 Five dollar wrench attacks:
    • Crypto-focused home invasion gang spree across four US states [Wired]
      • The group, consisting of over a dozen men, conducted a series of violent home invasions targeting cryptocurrency holders, attacking a total of 11 victims.
    • Five foreigners arrested for robbing British crypto trader in Bangkok. [Khaosod English]
      • On July 14, Bangkok police arrested five foreigners for robbing a British crypto trader. The victim was assaulted, tied up, and robbed of valuables worth over 3 million baht (~$80,000).
  • 00:24:53 ‘Regresshion’: Critical OpenSSH vulnerability allows remote code execution on Linux systems [The Hackers News]
    • OpenSSH maintainers releases an update to fix a critical flaw (CVE-2024-6387) enabling unauthenticated remote code execution with root privileges on glibc-based Linux systems.
    • The flaw, named regreSSHion, is a signal handler race condition in the sshd server component. [Qualys Threat Research Unit report]
  • 00:25:17 Messenger app Signal fixes encryption key flaw affecting desktop client’s security [Bleeping Computer]
    • The company addresses a flaw known since 2018, where encryption keys were stored in plaintext on the desktop client. This flaw could let attackers access sensitive user data and replicate a live user’s session on a separate machine.
  • 00:30:14 Twilio, parent company of popular two-factor authentication app Authy, reports security breach where hackers accessed 33 milion Authy users phone numbers. [TechCrunch]
  • 00:36:52 AT&T data breach exposes phone records of nearly all customers [TechCrunch]
    • AT&T confirms a significant data breach, exposing phone records of 110 million customers, including calls and texts metadata but not the content.
    • Some records include cell site identification numbers, potentially indicating call locations.
  • 00:41:14 AU10TIX, an ID verification provider, left admin credentials exposed for over 18 months, potentially compromising user data from X and Coinbase. [Electronic Frontier Foundation]
    • The exposed credentials allowed access to identity documents, including names, dates of birth, nationalities, ID numbers, and document images.
  • 00:48:35 Linksys Velop routers transmit Wi-Fi passwords in plaintext to US servers [Stack Diary]
    • Testaankoop, the Belgian Consumers’ Association, detected clear-text transmission of SSID names, passwords, and other tokens to AWS during routine checks.

Bitcoin

Software Releases & Project Updates

  • 00:52:03 Bitcoin Core
    • v26.2
      • Script
        • sign: don’t assume we are parsing a sane TapMiniscript
      • P2P and network changes
        • Change Luke Dashjr seed to dashjr-list-of-p2p-nodes.us
        • p2p: detect addnode cjdns peers in GetAddedNodeInfo()
      • RPC
        • rpc, bugfix: Enforce maximum value for setmocktime
        • bugfix: throw an error if an invalid parameter is passed to getnetworkhashps RPC
        • rpc: move UniValue in blockToJSON
        • rpc: Reword SighashFromStr error message
      • Build
        • depends: fix mingw-w64 Qt DEBUG=1 build
        • depends: Fix build of Qt for 32-bit platforms with recent glibc
        • depends: Fetch miniupnpc sources from an alternative website
        • upnp: fix build with miniupnpc 2.2.8
      • Misc
        • ThreadSanitizer: Fix #29767
        • ci: Bump s390x to ubuntu:24.04
        • doc: Suggest installing dev packages for debian/ubuntu qt5 build
        • contrib: Renew Windows code signing certificate
    • Merged BIPs:
  • 00:55:12 COLDCARD
    • Edge v6.3.3 - Shared Improvements Both Mk4 and Q
      • New Feature: Ranged provably unspendable keys and unspend( support for Taproot descriptors
      • New Feature: Address ownership for miniscript and tapscript wallets
      • Enhancement: Address explorer simplified UI for tapscript addresses
    • Q v6.3.3QX - Specific Changes
      • Enhancement: Miniscript and (BB)Qr codes
  • 00:56:16 Nunchuk Desktop v1.9.35 / Android v1.9.47
    • Add the ability to replace key(s) in an assisted multisig wallet and roll the funds over
    • Decrease the Platform Key’s co-signing delay now must wait for an amount of time equal to the current delay
    • Add Health Check History
    • Add the ability to show a transaction as an invoice and save as a PDF
  • 00:56:48 Liana v6.0 - Jaded
    • Liana daemon / library
      • Accurately estimate the size of a signed spend transaction, preventing overpaying fees in some configurations
      • lianad now accepts two new arguments: --version and --help
    • Liana GUI - The hardware_wallets field in the configuration file is now disregarded
      • Support the Jade signing device
      • Use a more recent graphic renderer (wgpu), which offers better compatibility with newer systems
      • The network is now set first in the installer
      • It’s now possible to get back from the descriptor creation step to the installer landing page
      • Advanced text shaping was enabled. Basically: you can now use emojis in labels and aliases
      • Date and time are now displayed according to the system’s timezone configuration
      • Show the BIP388 wallet policy when registering a descriptor on a signing device
      • The descriptor backup step was removed in installer when a descriptor was just imported in the previous step
  • 00:57:38 Rust Payjoin
    • Payjoin v0.18.0
      • Handle OHTTP encapsulated response status
      • Upgrade receive::v2 Typestate machine to resume multiple payjoins simultaneously
        • Enroller became SessionInitializer
        • Enrolled became ActiveSession
          • fallback_target() became pj_url()
          • pj_url_builder() was introduced
      • ContextV2 became SessionContext
        • Include a bitcoin address in SessionContext
      • send::ResponseError variants fields got explicit names
      • Refactor output substitution with new fallable try_substitute_outputs
    • CLI v0.0.7 - Resume multiple payjoins easily with the resume subcommand. A repeat send subcommand will also resume an existing session
      • Normalize dash-separated long args
      • Use sled database. Old .json storage files will no longer be read and should be deleted.
      • Don’t needlessly substitute outputs for v2 receivers
      • Print instructions and info on interrupt
  • 00:58:00 Blue Wallet v6.6.7
    • Watch only wallets warning
    • View Payment Code on Watch app
    • Payment code in receive screen
    • Market price android widget USD only for now
    • Fee estimation and price fetch on widget improvement
    • Insert Contact
    • Payment code in Receive
    • Handoff TXID to be able to quickly browse on other devicess
    • Send to SilentPayment address
    • BIP47 send to contacts
    • GHS and XAF
    • Countries in Currency screen
    • Scan tooltip
    • Settings > Clear Cache
    • Provide explanation for a disabled feature
    • Rename counterparty paymentcode
    • BIP47 notification transaction
  • 1:07:04 Bitcoin Keeper v1.2.9
    • Cashed Transactions - Allows you to pick up a transaction signing process right where you left off
    • Health Check for All Keys - Receive regular notifications for all keys that have not been used for a period of time, ensuring you have access to all of them
    • Personal Cloud Backup - Backup wallet configurations in a simple PDF file. Keeper’s self-sovereign options allow you to depend less on the platform
    • Timeline View - See the timeline for each key, showing its history
    • One-Time Backup for Assisted Keys + - Now includes an additional security step
    • User Warning Messages - Receive prompts when trying to archive a non-empty vault or reuse keys (even across Keeper apps)
  • 1:07:28 Krux v24.07.0
    • Maix Cube Support
    • Frozen Code - Speed and Security Improvement
    • More Single-sig Script Types Support
    • Accounts Support: Users can now use custom account derivation indexes.
    • Wallet Customization Options
    • BIP85 Support
    • Wallet Sans Key: tool to load a trusted wallet descriptor to view addresses without the need for private keys.
    • Add BBQr Support
    • Update Embit
    • Auto Shutdown - Security and Battery Saving Feature - Hide Mnemonics - Security Feature
    • PSBT Path Mismatch: Detect and warn the user if the PSBT path differs from the loaded wallet’s path.
    • Show Multisig PSBT Policy When Descriptor is Not Loaded
    • Status Bar Shows Loaded Fingerprint
    • Fee Percentage of Transaction: Show the transaction’s fee as a proportion of the transaction cost, warning if it is greater than 10%.
    • Sats/vB: PSBT now displays an accurate estimation of the transaction’s feerate.
    • Brightness Control for Maix Cube and M5stickV
    • Fast Forward for Buttons
    • Add Display Settings for Maix Amigo
    • Faster Address Scanning and Exploring
    • Sign PSBTs Without Fingerprints
    • Dice Rolls Pattern Detection
    • Optimized SD Card Signing: Better suited for large transactions, SD card signing is now more RAM efficient.
    • Stand Alone Verifiable Signed PSBTs
    • Camera Optimizations for Yahboom (ver:1.1) With GC2145 Camera
    • Yahboom and Cube Devices Added to Simulator
  • 1:10:27 Bisq v1.9.17
    • Improve network resilience and stability
    • Add getdaostatus API, expose failed trades in API, and support XMR auto conf in API
    • Buyers can pay using SEPA QR codes
    • Restore QR code scanner for mobile notification app pairing
  • 1:10:39 RoboSats v0.6.3
    • Manually add new coordinators
    • Polished for CLN coordinators
    • New feature rich notificaitons endpoint at /api/notifications
    • Turn on/off the built in Tor node on Android (allows use with Orbot)
    • Remove robot avatars from coordinator (better coordinator performance)
  • 1:10:43 WasabiWallet v2.1.0.0
    • Set minimum coinjoin input count
    • Stricter absolute limits for maximum coinjoin mining fee rate and minimum coinjoin input count
    • Prevent solo coinjoining
    • Coordinator Connection String
    • Advanced send Workflow
  • 1:10:48 Bitkey
    • v2024.62.0 - Improved transaction speed-up: Customers can now speed up transactions of any size
      • Inactive address notifications: Receive a notification when funds are sent to an inactive Bitkey address. Funds can then be transferred to an active Bitkey wallet
    • v2024.61.1
      • Hide balance: Tap your balance in the Bitkey app to hide your current balance and transaction details.
      • Biometric sign-in: Option to require biometric sign-in or PIN to unlock your Biktey app.
      • Hardware wipe: Ability to wipe and reset your Bitkey device to factory settings for easier recovery testing and transfer of ownership.
  • 1:11:29 Trezor trezor-suite v24.7.1
    • The “Remember Wallet” feature has been enhanced and renamed to “View-Only Wallet” for better discoverability and clarity
    • The wallet switcher has been redesigned for a smoother experience
    • The passphrase is now integrated into the wallet switcher, eliminating prompts at every device connection
    • Token management has been revamped with manual hide/unhide options, enhanced search functionality, and more
  • 1:11:59 Blockstream QT v2.0.8
    • Flow to redeposit 2FA expired coins
    • Notification for 2FA expired coins
    • Notification for partial service outage
    • Expose status of wallet connections
    • Show banner for login alert
    • Show banner for system messages
    • Show banner for two factor expired outputs
  • 1:12:35 FullyNoded v1.1.2 - BBQr and UR updates
    • Export and import QR codes in UR or BBQr format
    • More efficient QR scanning
    • Available balance now on display in the spend view
    • Adds an animate button to UR Qrs (BBQr will automatically update)
    • Xprv now included in Bitcoin Core hot wallets in the wallet backup QR/file
    • DNS port removed from Tor config options
    • Shows first 5 derived addresses when importing a wallet with a descriptor

Project spotlight

  • 1:14:01 WE HODL BTC: Opinionated self-custody guides for bitcoiners [Github
    • WE HODL BTC is a free resource created to help bitcoiners take self-custody of their bitcoin. Whether it’s 100 000 satoshis or 100 bitcoins, there’s a guide for you.
  • 1:14:42 Satso: BIP 353 Resolver, convert BOLT12 and reusable BTC addresses into legacy addresses. [Github]
  • 1:15:16 Mempool Accelerator, a service to get your stuck transactions confirmed by paying an out of band fee, is now live.
  • 1:15:37 PSBT Commander: a Rust BDK powered PSBT creator [Github]
    • The project is in beta and is not recommended to use with real funds at the moment.
  • 1:15:51 Brollup v2: Brollup v2 introduces a new zero-knowledge proof system that operates without a trusted setup. [Announcement]
    • This version removes the need for a trusted setup by making the global state aware of individual channel states.
    • THe design executes payable conditions based on state updates, similar to the Lightning Network but with publicly accessible channel states.
  • 1:17:22 Bails (Bitcoin Amnesic Incognito Live System): Bitcoin solution, installs Bitcoin Core on the encrypted Persistent Storage of Tails [Github]
    • Create and recover Bitcoin Core wallets from Codex32 (BIP93) seed backups, and create backup Bails USB sticks.
  • 1:17:36 B2P Central: aggregator for Bitcoin P2P buy and sell offers from major market platforms like HodlHodl, Paxful, Peach, LNp2pBot, and LocalCoinSwap.
  • 1:17:51 Wabisator displays a list of current Wabisabi coordinators from the Primal nostr relay.
  • 1:18:01 Wasabist: coordinator explorer for Wasabi wallet users, displaying real-time data in a human-readable format.
  • 1:18:12 Lava Wallet launches Lava Smart Key, inspired by Photon SDK. [Blog post]
    • Lava Smart Key is a solution spliting vault backups into two parts: one stored encrypted on iCloud or Google Drive, and another protected by a Lava recovery PIN on a private key server.

Privacy & Other Related Bitcoin Projects

Software Releases & Project Updates

  • 1:29:36 SimpleX
    • v6.0.0-beta.0 - information about messaging and file relays used by the app
      • Faster connection between contacts (once all relays are upgraded)
      • Message delivery status in groups shows forwarded messages and inactive members
      • Desktop and Android:
        • Change font size.
        • Zoom-in view (desktop only).
      • iOS app
        • Chat themes
        • Faster scrolling
    • v5.8.2 - Missed call notification
      • Remove notifications of hidden/removed user profiles
      • Support for faster connection with the new contacts (disabled in this version)

Project spotlight

  • 1:29:41 Reticulum MeshChat: A simple mesh network communications app powered by the Reticulum Network Stack. [Github]
    • The network permits secure transmission of messages, files and audio calls with peers, communication with other existing LXMF client (such as Sideband and Nomadnet) and “download files and browse micron pages (decentralised websites) hosted on Nomad Network nodes.”
  • 1:29:44 Nomadnet: Off-grid, resilient mesh communication with strong encryption, forward secrecy and extreme privacy. [Github]
    • Built on LXMF and Reticulum, it offers cryptographic mesh functionality and peer-to-peer message routing across various communication mediums, from packet radio to fiber optics.
  • Sideband: extensible LXMF messaging client, situational awareness tracker and remote control and monitoring system. [Github]
    • Enables communication with other people or LXMF-compatible systems over Reticulum networks via LoRa, Packet Radio, WiFi, I2P, Encrypted QR Paper Messages, or any other Reticulum-supported method.
  • 1:30:26 Entropyseal: reusable tamper-evident jar concept using a visual pattern of particles locked upon closure for verification.
    • The system allows pattern-match verification via smartphone camera or photocopy, making it difficult to tamper without detection
  • 1:30:40 Proton introduces Proton Docs: end-to-end encrypted collaborative document editing platform. [Announcement]
  • 1:30:48 FUTO Keyboard is an offline private keyboard, forked from the LatinIME project (the Android Open-Source Keyboard). [Gitlab]

Lightning + L2+

Project spotlight

  • 1:31:35 Cashu NUT-00: introduces support for binary-encoded tokens, resulting in approximately 40% reduction in token size compared to the previous format.
  • 1:31:56 Payto: Core Lightning companion app that can pay to lightning address, LNURL, BIP353 and bolt12 offers [Github]
  • 1:32:09 Lampo: an experimental implementation of a tiny lightning node. [Github]
    • “Fast and modular lightning network implementation for all usages, written in Rust.”
  • 1:32:15 Blitz Wallet: Self-custodial bitcoin lightning and liquid wallet using Breez SDK, Blockstream GDK and BoltzHQ API
  • 1:32:22 Lendasat: a non-custodial, instant Bitcoin loan service via Lightning Network, powered by DLC on ARK. [Github]
  • BOLT 12 Playground: docker stack that comprises of bitcoind, LND, LNDK, CLN, Eclair and LDK Node. [Github]
    • Open source testing environment which automatically initializes wallets and open channels between nodes.
  • 1:37:02 Chamberlain: Cashu Mint with integrated Lightning node [Github]
    • “This project aims to substantially increase the number of Uncle Jims running mints who can manage day-to-day Bitcoin transactions for friends and family.”
  • 1:37:08 Phoenixd-Server-Ui: A mobile first UI for Phoenixd Server [Github]
  • 1:37:13 Bitcoin Mints [Github]

Software Releases & Project Updates

  • 1:51:40 Phoenix
    • Android/iOS
      • v2.3.3
        • Add support for BIP353 DNS addresses
      • v2.3.1
        • Add support for BOLT12 offers
          • Custom messages
          • Background processing limitation
          • Contacts UI (Android only for now)
    • Phoenixd
      • v0.3.0 - Add support for bip353 dns address
        • Add support for LNURL
      • v0.2.0 - Use lightning-kmp 1.7.0-FEECREDIT-8
        • Add BOLT12 support
        • Add support for optional payer note
  • 1:51:51 Breez
    • SDK v0.5.0
      • Greenlight signer upgrade.
      • Keep closed channels in pending state until sweep
      • Introduce unregister webhook API
      • Support LNURL lightning query parameter
      • Show open channel fees in Invoice_paid event
    • Mobile lnd 0.17
      • Improve neutrino sync
        • Add better UI for collaborative channel closures
        • Improve payments reliability in case of long routes
        • Improve readability on shareable items on payment details
        • Add Value Time splits support to podcasts
  • 1:51:58 Mutiny Node
    • v1.7.11
      • Add function to return the current LSP
      • Exponential backoff for some retries
    • v1.7.9
      • Add more to Testing.md
      • Add enable diagnostics to testing doc
      • Prefer gateways that support private payments
      • Add more logs to federation client
      • Set min anchor channel fee to 1 sat/vbyte
      • Return channel open errors to user
      • Don’t block on gateway fees
      • Set preimage for fedimint invoices
  • 1:52:40 eNuts v0.4.1-beta
    • New language support and user interaction improvements have been added:
      • New translations: Chinese (traditional & simplified), Italian, Russian and Thai
      • Add the possibility to close modal on backdrop press
      • Revamp the settings screen
      • Minor UI changes in the dashboard
  • 1:52:44 Boltz Exchange
    • boltz-client v2.1.0 - Autoswap - Initial chainswaps
      • Chain autoswap
      • Standalone mode
      • Use boltz endpoint on liquid by default for lower fees
      • Make sure all gdk accounts are synced on startup
    • boltz-backend v3.7.1 - Paying off tech debt
      • Include user lockup transactions in swap updates
      • Add details to failure reason of swap status
      • Throw error when setting expired invoice
      • Return referral id in swap created response
      • Configurable minimal swap size multipliers
      • Granular temporary and permanent mpay memory reset
      • Set labels for addresses and transactions
      • Sanitize ZMQ address wildcards
      • Detailed cooperative refund rejection error
      • Save permanent payment errors in database
  • 1:52:46 validating-lightning-signer 0.12.0-rc.2
    • core: Added tests for validating trusted oracle public key
    • core: Implement sign_holder_htlc_transaction
    • core: Make NativeKeyDerive struct public usable
    • core: Rename TxIdDef and OutpointDef to clarify the txid encoding used
    • core: Validate blocks using trusted oracle pubkeys
    • core: channel_balance now breaks channel counts into stub, unconfirmed, ready, and closing counts
    • protocol: Added hsmd protocol version 6: GetPerCommitmentPoint no longer returns the old secret
    • protocol: A new procedural macro SerBoltTlvOptions was added to streamline defining TLV option structures
    • stm32: Added unknown onchain destination approver screen
    • stm32: Now displays prep, active, and closing channel counts
    • stm32: To avoid accidentally deleting a node instance the blue button must be held down when deleting a node
    • vls-cli: Added new rpc methods and cli commands
  • 1:52:47 scaling-lightning
    • v0.4.2
      • Add send to address method
    • v0.4.1
      • Allow large channels by default

Nostr

Project spotlight

  • 1:59:13 NIP proposals:
    • Unify all peer-to-peer orders into a single pool on Nostr. [Pull request]
    • Add Nostr Naming System (NNS): presents a possible solution to the frequent use of easily-capturable DNS-based references in Nostr. [Pull request]
  • 1:59:31 Noteguard: A high-performance rust-based plugin system for the strfry nostr relay by Damus. [Github]
  • 1:59:39 Npub.pro is a new open-source project by Nostr.Band, enabling creators to setup nostr-based websites.
    • Client-side nip-512 engine for rendering HTML pages from Nostr events using Ghost themes [Github]
    • “Npub.pro does not host [creators’] data, it only hosts the code to convert Nostr events to web pages”.
  • 1:59:49 Keychat, a secure messaging app built on Bitcoin Ecash, Nostr, and Signal Protocol.
    • Keychat sends messages using Bitcoin ecash as stamps and Nostr relays as ‘post offices’, ensuring decentralized delivery.
    • The app employs the Signal protocol for end-to-end encryption and requires no registration as users generate Nostr keys as IDs.
  • 2:00:19 Lowent: A nostr chat client creates rooms or topics using “low entropy keys”, identified by the SHA-256 hash of a string. [Github]
  • 2:00:31 Tracking Token Disrespector: Nostr bot to remove tracking tokens from URLs and reply them to Notes [Github]
    • The bot parses notes from specified relays, detects YouTube and Twitter/X URLs, and replies to the original note with tracking tokens removed.
  • 2:00:42 Quotestr, a tool to turn a Nostr event into a quote
    • Rooms function as private keys for participants to send messages, supporting both anonymous and authenticated chat.
  • 2:00:48 HiveTalk: open-source Nostr & Lightning enabled browser based real-time video conferences software. [Github]
  • 2:00:56 FanFares.io: nostr-based open-source platform using Bitcoin Lightning micropayments to empower creators and audiences.
    • Podcast creators set fees to unlock content, offering listeners exclusive, ad-free experiences.
  • 2:01:06 NostrApps: Nostr npub to Bitcoin taproot
    • How it works: Nostr identity is based on bitcoin taproot. The Npub is an encoding of your taproot key with npub prefix. Bitcoin taproot and testnet use the prefixes bc1p and tb1p.
  • Zapadd: Bulk zap advertising service on Nostr

Software Releases & Project Updates

  • 2:02:45 Primal
    • Android v1.0.3
      • Settings: Reordering feeds.
      • Media uploads: Progress while uploading media attachments.
      • Take photo on note editor and threads screens.
      • Network: Caching service override feature.
      • Network: Ability to publish events through caching service proxy.
    • iOS v1.8.6 - DMs: performance improvements
      • Network settings: enhanced privacy
      • Network settings: set caching service
      • Overall stability improvements
  • Amethyst
    • v0.88.5 - Swipe-to-Delete Drafts - Create Ammolite, a library to host Relay access for other Nostr Clients
      • Add author picture when writing posts and replies
      • Add a Swipe to delete action on the Drafts screen
      • Move to non-deterministic signatures
      • Render relay lists (NIP-65, NIP-17, and Search kinds) as notes in the feed
      • Add auth.nostr1.com as a recommendation for private inbox relays
      • Add uploading error messages for common HTTP status codes when uploading images/videos
    • v0.88.0 - Performance Mode
      • Add performance mode on Settings
      • Add login with NIP-05 address
      • Add outbox relays to zap request: sender, receiver and author relays
      • Add the NIP-65 relay to zap split tag instead of kind3 relays
      • Add support for AVIF images
      • Add flare.pub videos to the media tab
      • Replace the post view count for a Share icon in the main feed
  • Nostur v1.15.0
    • Video uploads
    • Top zaps
    • Discover Feed
    • Toggles feeds on/off
    • Improved WoT spam filtering with Nostr Dunbar Number setting
    • Relay Autopilot: Connect to additional relays for people you follow, avoid top relays to reduce centralization
    • Relay connections statistics
    • Search: also search in previous name and nip05
    • Show previous profile pics
    • Add tab for just broadcasting without signing on Signer
  • nos.social
    • v0.1.20 - Discover tab now features new accounts in News, Music, Activists, and Art
      • Use NIP-05 for shared links to profile
    • v0.1.19
      • Cache NIP-05 validations to save network usage
      • Set Xcode version to 15.2, where SwiftUI Previews work reliabl.
      • Add “Share database” button to Settings to help with debugging
  • Mostro v0.12.2
    • New mostro install guide
    • Prohibits buyers from stealing orders
    • Add Docker setup and guide for building and running MostroP2P
    • Add return on takesell function
  • zap.store v0.1.3
    • Fix broken version comparison
    • Local-first loading in search screen
    • Scroll to top when searching
    • Sort apps alphabetically in update screen
    • Optimized checksum comparison
    • Add package certificate hash check
    • Allow hashes to be copied to the clipboard
    • Login fixes, auto prepend _@
    • Better toasts
  • Voyage v0.7.0
    • Create lists for profiles and topics
    • List based feeds
    • Delete lists
    • Add profile to list from profile view
    • Support nrelay
    • Show nprofile in profile view
    • Open njump when clicked nevent encodes unknown kind number

2:04:19 Boosts

  • Thanks to everyone who streamed sats, and shoutout to our top boosters:
    • [🏆 TOP BOOSTER] @spottysea (5,000 sats) “Thank you for all the work you put into surfacing innovations in the bitcoin space! 🙌”
    • @vake (5,000 sats) “🙌”
    • @qxotk (4,224 sats) “Is lightning dead due to insurmountable interactive complexity?”
    • @apemithrandir (3,333 sats)
    • @zdoxed (1,021 sats) “FROSTSNAP”

2:06:46 Audience Questions

  • 2:06:46 “Learned about interactive vs non-interactive cryptography. What are some more examples of these two different types? Could you point out some common ones used in bitcoin today?” -@Ethan
  • 2:08:04 “Hi, been enjoying the podcast a lot! I understand that bitcoin.review is pretty technical but I would love to hear your thoughts and the guests ideas about what small projects in bitcoin or nostr someone could do to learn more technicalities, maybe some interesting coding projects for beginners or other things to learn and educate yourself in this space.” - @widee
  • 2:10:40 “How to prevent small utxo’s from being useless due to miner fees outweighed the utxo?” - @Richard-ki4nk

Bitcoin Optech Newsletter

  • Highlights from recent Bitcoin Optech Newsletters
    • 311
    • 310
      • Disclosure of vulnerabilities affecting Bitcoin Core versions before 0.21.0: Antoine Poinsot posts to the Bitcoin-Dev mailing list about 10 vulnerabilities in Bitcoin Core versions prior to 0.21.0, which have been past their end-of-life for almost two years.
      • Adding a BOLT11 invoice field for blinded paths: Elle Mouton posts on Delving Bitcoin about a proposed BLIP specification for an optional field in BOLT11 invoices to include a blinded path for payments to the receiver’s node.
    • 309
      • Estimating the likelihood that an LN payment is feasible: RenĂ© Pickhardt discusses on Delving Bitcoin how to estimate the feasibility of an LN payment using only the public knowledge of a channel’s maximum capacity, without any information on its current balance distribution.

News & Noteworthy

Bitcoin

  • Bitcoin Core adds Security Advisories as a new page to the project website [Announcement]
    • This page outlines the policy for disclosing security issues found and fixed in Bitcoin Core software and lists past disclosures.
    • It covers versions of Bitcoin Core before v0.21.0, which are now End of Life and no longer receive updates. Additional disclosures will be posted in the upcoming months.
  • Significant drop in number of reachable nodes, affecting all Core versions, according to certain estimators [Bitnodes dashboard]
  • BTCPayServer partners with InvoiceNinja, permits self-hosting of both the checkout and invoicing. [Documentation]

Business & Finance

  • Mt. Gox has begun repayment to creditors in bitcoin and bitcoin cash on July 5 [Press release]
  • Riot Platforms launches www.ABetterBitfarms.com to inform Bitfarms’ shareholders about the corporate governance issues and Riot’s plans to reconstitute the board. [Press release]
  • Marathon Digital Holdings announces they are mining Kaspa, a proof-of-work digital asset, to diversify their digital asset portfolio. [Press release]

Funding

  • OpenSats announces its Fifth Wave of Bitcoin Grants for 10 additional projects:
    • Core Lightning Bookkeeper Dashboard
    • Cove
    • Fedimint On-Chain Wallet
    • Krux
    • Krux Installer
    • Lightning Network Protocol Test Framework
    • Macadamia
    • Tor Support for BDK & Fedimint
    • Utreexo
    • Validating Lightning Signer
  • Yuki Kishimoto, maintainer and creator of rust-nostr, receives long-term support from OpenSats [Announcement]
    • The grant will allow Yuki to continue contributing to the nostr ecosystem, via rust-nostr, and to other projects such as SmartVaults, KeeChain, rust-negentropy, CDK, BDK, and Mostro.
  • OpenSats launches the OpenSats Education Initiative [Announcement]
    • The initiative aims to fund diverse educational efforts, ensuring resources remain open-source and freely accessible.
    • The board has selected three initial projects for funding: Satoshi Nakamoto Institute, Mi Primer Bitcoin, and Summer of Bitcoin.
  • Anonymous donor contributes over $500,000 in Bitcoin to cover Julian Assange’s flight home to Australia. [Bitcoin Magazine]
  • River CEO Alexander Leishman joins Brink board [Press release]

Mining

  • Core Scientific is the first to use Block’s new 3nm ASIC mining chips, upgrading their large-scale bitcoin mining operations with approximately 15 EH/s hashrate capacity. [Block Press release]

Privacy

  • Relai introduces new mandatory KYC procedure for all users, to comply with Swiss regulations. [Announcement]
    • All unverified users must pass a verification process by October 31, 2024 in order to keep using the service.
  • U.S. proposes KYC requirements for Infrastructure as a Service (IaaS) providers to mitigate national security risks by verifying foreign users’ identities. [Visual Compliance]
  • Europol aims to weaken encryption in mobile roaming and home routing, citing the inefficiency of lawful interception [Reclaim the Net] [Europol paper]
  • Samourai Wallet CTO ‘TDevD’ makes his first public court appearance following extradition from Lisbon, Portugal, with the next hearing scheduled for September 10, 2024. The prosecution aims to produce discovery by this date. [Bitcoin Magazine]
  • Judge grants delay in Tornado Cash trial, citing the need for thorough consideration of defense motions. [The Rage]
    • Judge Failla questions the broader implications of convicting software creators, comparing Tornado Cash to WhatsApp. Defense claims prosecutors overstep regulatory boundaries, challenging the application of money laundering laws to decentralized technologies.

Protocol

  • Proposed BIP: ChillDKG, distributed key generation protocol (DKG) for use with the FROST Schnorr threshold signature scheme. [Github]

Government & Political

  • Bolivian Central Bank lifts ban on Bitcoin transactions after ten year long ban [Press release]
  • U.S. Marshals Service partners with Coinbase for large-cap cryptocurrency management [Coinbase Press release]
  • The U.S. House sustains President Biden’s veto on a bill to nullify the SEC’s SAB 121, requiring public companies to include customers’ Bitcoin on their balance sheets. The vote fails to achieve the two-thirds majority needed to override the veto. [CoinDesk]
  • The Republican National Committee (RNC) has endorsed a pro-Bitcoin stance in its 2024 party platform draft. [Bitcoin Magazine]
  • Global cryptocurrency exchange BitMEX pleads guilty to violating Bank Secrecy Act, admits to willfully failing to establish, implement, and maintain an adequate anti-money laundering program. [US DOJ Press release]

Events

  • ZapConf: weekend of hacking, learning, and fun with the Lightning Network and Nostr.
    • September 21-22, 2024 on Gather Town (online).
  • Suriname Decentralized: The Bitcoin & Nostr conference in the Amazon
    • November 7-9, 2024 in Paramaribo, Suriname.
  • BTCAzores 2024 edition has been canceled due to an insufficient number of attendees.
  • Bitcoin Atlantis and F.R.E.E Madeira align the conference event with the halving cycle, with the next scheduled to happen in 2028.

Reads

  • Here’s a list of our top recently published reads:
    • “Definitive explanation of my weird Bitcoin transaction” by @vostrnad [Stacker News]
    • How to Contribute to Open Source: A guide to making open source contributions, for first-timers and for veterans. [Guide]
    • Bitcoin Technology is the New Network Effect by Grant Gilliam [Ten31 Blog post]
    • The Steelman Case Against Bitcoin Ossification by @Cryptoquick & @Reardencode [Article]
    • Anatomy of a bitcoin wallet explained by Tom Honzik [Unchained Blog post]

Episode submission ideas

  • We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.

Get in touch with the pod

Did I get anything wrong above? Help me correct it producer@coinkite.com