Bitcoin Review Podcast BR074 - Fountain Podcasting 2.0 on Nostr, SGX Key Extraction, Nunchuk, Mempool, Floresta, + MORE ft. Oscar Merry & Rijndael
Iâm joined by guests Oscar Merry & Rijndael to go through the list.
Quote of the Day
âProtocols shouldnât have CEOsâ.
Housekeeping
- 00:01:15 Calling for ham radio guests to contact us for a ham panel
- 00:01:47 Who would you like to see on another bitcoin security panel?
- 00:02:11 What other panel topics would you like us to host?
- 00:01:31 Bitcoinerâs Guide to Getting a US Ham Radio License by HR4BTC YouTube
Vulnerability Disclosures
- 00:03:45 Security Researcher Extracts Critical Intel SGX Root Keys, Exposing Potential Vulnerabilities [Mark Ermolov]
- Security expert Mark Ermolov announced the successful extraction of Intel SGX Fuse Key0 (Root Provisioning Key) and FK1 (Root Sealing Key), both essential for the Root of Trust in Intelâs Software Guard Extensions (SGX).
- Ermolov highlighted a flaw where Intelâs microcode failed to clear an internal buffer holding sensitive fuse information, allowing the keys to be compromised.
- While the root keys have been extracted, Ermolov notes that a final step remains to fully compromise Intel SGX, similar to previous work on Intelâs Converged Security and Management Engine (CSME).
- 00:12:52 Researchers found security flaws in 5G basebands, enabling hackers to trick phones into using a fake base station. [TechCrunch]
- The researchers were able to exploit these flaws to trick phones into connecting to a fake base station, allowing them to launch attacks and potentially spy on victims, including through phishing messages and credential theft.
- The researchers have released their custom-made analysis tool, 5GBaseChecker, on GitHub to help other researchers identify similar vulnerabilities in 5G basebands. Most vendors have now patched the reported flaws.
- 00:14:59 Rust-miniscript vulnerability disclosure (CVE-2024-44073) [Bruno Garciaâs Blog post]
- A stack overflow vulnerability in rust-miniscript was identified due to inadequate recursion depth checks in the parsing process. This flaw affects versions 9 to 12 of the library and could cause crashes when processing specific âlargeâ Miniscripts.
- The bug was responsibly disclosed on July 2, 2024, and quickly addressed by the development team. Fixes are confirmed by August 6, 2024, and a CVE has been obtained for the vulnerability.
- 00:20:55 New macOS malware Banshee Stealer wants your crypto wallet [Moonlock]
- Banshee Stealer malware emerges as a significant threat to macOS, capable of breaching both x86_64 and arm64 systems, stealing passwords, system information, and cryptocurrency wallet data.
- Despite its relatively weak detection evasion techniques, Banshee is priced at $3,000 per month, similar to AMOS Stealer.
- 00:21:36 Hacker Samy Kamkar develops open-source infrared laser tool to spy on keystrokes and conversations [Wired]
- The tool exploits laptop vibrations and window reflections to reconstruct text and capture sound.
- The device advances traditional laser microphones by using a strobing infrared laser and sophisticated signal processing to significantly reduce noise, improving the accuracy of keystroke detection and audio recording.
- 00:23:51 âSinkcloseâ: decade-old flaw in AMD chips enables nearly undetectable malware infections [Wired]
- The vulnerability in AMD processors dates back to 2006, allowing attackers deep access to System Management Mode (SMM). The flaw enables malware to evade detection and survive even after OS reinstalls.
- Exploiting Sinkclose requires initial kernel-level access, but once compromised, the malware is ânearly undetectable and nearly unpatchable,â potentially requiring physical disassembly of the computer for removal. AMD acknowledges the flaw and is releasing patches for affected products.
- 00:25:42 Five dollar wrench attacks:
- Four Chinese nationals sought for $2M digital money robbery in Thailand [Bangkok post]
- Four armed Chinese nationals broke into a luxury house in Pathum Thani, Thailand, forcing a Chinese businessman to transfer $2 million in cryptocurrency.
- The suspects escaped with the houseâs security camera servers and the victimâs car, which was later found abandoned.
- Dutch man gets assaulted by multiple individuals after responding to an ad for buying bitcoin in Lelystad, Netherlands. [NL Times]
- âThe victim responded to a Marktplaats ad to buy Bitcoin. He went to the agreed address in Lelystad and was attacked by several men. They beat him up, hit him in the head with a firearm, and forced him to transfer around 30,000 euros worth of his cryptocurrency to them.â
- Police tracking down four suspects involved in kidnapping Chinese national [Bernama TV]
- The kidnapping was financially motivated, with the suspects sharing $1.2 million in cryptocurrency as ransom.
- The victims were released on July 15 after the ransom was paid. Ten suspects were arrested, four were killed in a shootout with the police, while efforts continue to apprehend the remaining four at large.
- Israeli tourist assailants stole some $700k in bitcoin [Teletica]
- Eleven Israelis in Costa Rica were attacked by eight men who overpower their security guard and stole $700k in bitcoin. Investigators, after reviewing surveillance footage, suspect the robbers are current or former police officers.
- Four Chinese nationals sought for $2M digital money robbery in Thailand [Bangkok post]
- 00:26:26 McRug: McDonaldâs Instagram acccount takeover, leading to $700k rugpull [Reddit]
- The McDonaldâs Instagram account has been hacked on August 31, 2024. The new account operator released a Solana contract for a token named $GRIMACE.
- 00:26:48 1Password security vulnerability discovered and resolved (CVE-2024-42219) [Disclosure]
- A security vulnerability was identified in 1Password 8 for Mac, potentially allowing a local attacker to bypass inter-process communication protections, and to exfiltrate sensitive data, including vault items and authentication keys.
- 00:26:55 Verizon demo app poses security risk on all Google Pixel phones [Dark Reading]
- A pre-installed, unremovable app called âShowcase.apkâ is found on all Google Pixel phones, potentially serving as a malicious backdoor. Originally intended for Verizon demo devices, it inexplicably appears on millions of non-Verizon Pixels globally.
- The app, created by Smith Micro, inherits excessive system privileges, allowing remote command execution and installation of arbitrary packages. It communicates over unsecured channels, increasing vulnerability to attacks like man-in-the-middle.
- 00:27:14 Massive data breach exposes 2.7 billion records from National Public Data [Bleeping Computer]
- Nearly 2.7 billion records containing personal information, including names, social security numbers, and addresses, are leaked on a hacking forum. The data, allegedly from National Public Data, exposes sensitive details of people in the US.
- National Public Data is believed to collect and sell personal information by scraping public sources to compile detailed user profiles for background checks and investigations.
- 00:27:25 Bitcoin stolen in $238 million breach fails to get privacy shield, returned to original address [Cryptoslate]
Bitcoin
Software Releases & Project Updates
- 00:27:49 Nunchuk
- Desktop v1.9.37
- Add a new Byzantine role (âFacilitator Adminâ) that can help clients set up wallets but is blinded to the wallet balance and transaction history
- Syncing performance optimization for wallets with over 1000 transactions
- Android v1.9.49
- Improve Portal integration
- Add a new Byzantine role (âFacilitator Adminâ) that can help clients set up wallets but is blinded to the wallet balance and transaction history
- Syncing performance optimization for wallets with over 1000 transactions
- Desktop v1.9.37
- 00:28:29 Mempool v3.0.0
- Add Mempool Accelerator⢠to accelerate TX from your own instance
- Add Mempool Googles⢠new mempool and blockchain analytics tool
- Add RBF Timeline visualizations including support for FullRBF
- Add CPFP and Effective Fee calculations in block visualizations
- Add Liquid Network audit tool to verify holdings vs liabilities
- Add new Wallet Balance widget for embedding into external sites
- Add customizable CSS themes including a new high-contrast mode
- Add optional support for FreecurrencyAPI fiat currencies
- Add optional Redis support for faster in-memory database
- Add support for legacy P2PK addresses and outputs
- Add new block fees graph at /graphs/mining/block-fees
- Add new fiat calculator at /tools/calculator
- Re-design transaction page with new mobile âpizza trackerâ UI
- Re-design address page with new balance history over time
- Improve Block Audit for accelerated transaction out-of-band fees
- Improve Websocket API to support tracking multiple addresses
- Improve search box now supports searching multiple networks
- Improve TV View to add new circular clock face view
- 00:30:49 Nix Bitcoin v0.0.111
- Joinmarket settings can now be freely specified
- 00:31:24 Blue Wallet
- 00:31:45 Krux
- krux-installer v0.0.2-alpha
- Code refactoration from nodejs to python
- Re-build project from electron to kivy
- Support for MacOS (arm64 and intel processors)
- Support to download older versions
- Support to devices according to the appropriate version: M5stickV, Amigo, Dock, Bit, Yahboom, Cube and WonderMV (only for beta firmware)
- Flash made with the ktool from its source
- Wipe made with the ktool from its source
- Add settings page
- Enable change path of downloaded assets
- Enable change of flash baudrate
- Enable change of locale
- Add about page
- Krux latest device: WonderMV, aka IronKrux [Announcement]
- The device has the following features: display, display backlight control, touchscreen, buttons, camera, flashlight, camera anti-glare and SD card.
- krux-installer v0.0.2-alpha
- 00:32:46 Floresta v0.6.0
- Expose some unexposed values for jsonrpc: Lets the user select between getting a serialized block or a json
- Bring our functional tests to life: attempts to build some basis for the Python-based tests
- Async add new address to electrum: Now, if you subscribe to an address that we donât follow yet, weâll start following it
- Implement tagged hashes for the leafhashes: This futures-proof the leaf commitment scheme from future modifications of the committed data, and itâs now part of the utreexo protocol
- Connect cli option: This option lets you connect exclusively to one specific node, given its IP address
- Rework internal node structure: Use our actors model to build optmized nodes for each phase of the startup process
- Add AssumeValidArg enum and correct verify_script: This adds a new AssumeValidArg to make communicating the desired assume-valid more ergonomic
- Add batch request for electrum: Now electrum lets users perform multiple requests at once, rather than sending one at the time
- Add PoW fraud proof: Implement pow fraud proofs for our node and enable it on signet for testing
- Log to file: Now you can write the logs to a file
- Add lib.rs: florestad is also a lib now, it can be used on other applications and
- Download and store filters from the network: Now we can download BIP-158 Compact Block Filters and use them to recover historical transactions without downloading the whole blockchain.
- Cache headers on ibd: Hold headers in memory and save all-at-once, because the database can optimize some writing operations
- electrum: new experimental electrum endpoints: This adds some experimental (and not used by any wallet) endpoints to the electrum server blockchain.scriptpubkey
- Nixify: Add a nix-based build system and some developer tools to floresta
- 00:36:19 Bisq 2 v2.1.0
- New features
- Add support of Lightning network as an additional Bitcoin settlement method.
- QR code scanner is included to ease input of addresses and LN invoices.
- Improvements
- Chats have been upgraded with new additions, such as reactions
- Use real user activity as âlivenessâstate indicator to see if your peer is online
- Use userâs selected language for trade log messages
- New features
- 00:36:30 Bitkey
- Firmware v1.0.84
- Fingerprint error diagnostics: Add diagnostics to count fingerprint scan errors. No fingerprint data is collected, only success rates
- App
- v2024.67.0
- You can now pull down on the home screen to refresh bitcoin balance in the app
- v2024.66.0
- Feature callouts: Badges now appear to note new features
- Improve price comparisons: See more detailed price comparisons across exchanges when buying bitcoin in the app
- v2024.67.0
- Firmware v1.0.84
- 00:37:11 boltz-client
- 00:37:29 Boltz Exchange
- boltz-backend v3.7.3 - Rewrite in Rust
- Improve observability by adding OpenTelemetry tracing
- Add more Prometheus metrics
- Introduce âsidecarâ which is run as child process of the Node.js application
- Webhooks for swap status updates
- Custom description hashes for invoices of Reverse Swaps (used for LNURL LUD-06 compatibility)
- Custom Bitcoin Core and Elements wallet names
- Labels for transactions on EVM chains
- boltz-backend v3.7.3 - Rewrite in Rust
- 00:37:39 Nodeyez v24.08
- Network price info now comes from mempool.space instead of Bisq
- Update fiatprice panel to use new price info from mempool.space
- Update satsperfiatunit panel to use new price info from mempool.space
- Sample Config files now use new attribution color and price url
- 00:37:50 ESP-miner v2.1.10
- Reduce ASIC serial RX buf to 16 bytes and free() afer every nvs_config_get_string()
- Move nvs_close in nvs_config_get_u16()
- Move the whole overheat checking process into a new function and call it only of needed
- Modify work queue to reduce startup mining.notify behaviour of not starting to hash
- Introduce a mutec protection on http_server.c
- 00:37:54 Robosats: One of the official coordinator (TempleOfSats) introduces a SimpleX bot that notifies Robosats users when an order meeting a specific criteria (currency, premium, payment method, and amount) is posted. [Github]
Project spotlight
- 00:38:06 Pushtx: Privacy-focused bitcoin transaction broadcast tool
- 00:39:06 BitVaulty, Bitcoin wallet designed to neutralize the growing threats of device hacks and physical attack. [Github]
- BitVaulty uses time-delayed multisignature technology, which introduces an automatic delay for any transaction.
- The wallet offers protection against physical coercion by sending discreet alerts to trusted contacts via Telegram when a transaction starts.
- 00:39:30 SwissKnife: Bitcoin wallet with account management, Lightning integration through different providers and smart contracts for asset issuance [Github]
- 00:39:41 MineOps: an iOS tool designed to simplify the management and monitoring of #Bitcoin mining operations [Announcement]
- The tool addresses challenges faced by miners in managing multiple hardware brands by offering features like CSV import/export for simple organization and integration. Users can also easily back up their mining operations.
- Future updates for MineOps will include custom hardware integration, notifications, automation, and a full enterprise suite, with the current version being free to use.
- 00:39:53 bitcoinfees: Bitcoin Fees mobile app [Github]
- Cross-platform, open-source app designed to monitor on-chain fees, alert users to fee changes and include a calculator to help understand fee structures.
- 00:40:06 Payjoin Flutter: A Flutter library for the Payjoin Dev Kit. [Github]
- Allowing for Payjoin to be easily implemented to Flutter Bitcoin Apps.
- 00:40:10 Jippi, an interactive education app for beginners to earn and learn about Bitcoin with others.
- 00:40:16 PlebLab launches PlebTV, âa dedicated platform for a new era of TVâ [Blog post]
- PlebTV aims to protect content from AI and tech giants, offering an ad-free, unlimited viewing experience focused on Bitcoin.
- 00:40:35 Sovran: a cross-platform wallet that supports BTC, USD, EUR, and GBP
- Sovran is a Cashu wallet powered by Nostr and is for now only available on the App Store
- 00:40:50 Buttcoin-price: Opportunity Cost Tracker [Github]
- The opportunity cost of being a Bitcoin critic
00:41:41 Audience Questions
- Thanks to everyone who sent in questions. Remember to send yours to questions@bitcoin.review.
- 00:41:59 âWhat is to stop bitcoin on the main chain from being squeezed out of being used in any transaction as credit derivatives take its place due to the costs associated with moving on the main chain? And then if almost nobody is settling on the main chain why would miners continue to stand ready to solve a hash?â -@Richard-ki4nk
- 00:43:35 âIf youâve got 3 mk4s(or 3 separate vendors) all running same compromised darkskippy software but in a 2 of 3 Multisig? Still same risk / elevated risk or multisig set up negates? How about a single sig with weak passphraseâ - wim
- 00:46:30 âThoughts on using mnemonic phrases for address verification when sending Bitcoin? Client and Signer will both generate a memonic phrase of the receive address. This will make the checking of addresses more user friendly and less likely to be a victim of address poisoning or similiar as the mnemonic phrase is easier to check than the full address.â - @CosmicTacoTruck
Privacy & Other Related Bitcoin Projects
Software Releases & Project Updates
- 00:50:06 SimpleX v6.0.2
- Reduce memory usage and app start time
- Faster sending files to groups
- 00:50:35 reticulum-meshchat
- v1.10.0
- Add new network visualiser
- Add Reticulum status to about page
- Add dialog on startup if Microsoft Visual C++ redistributable needs to be installed
- Add ability to select codec2 modes (1200 or 3200) when recording an audio message
- Add RSSI, SNR and Signal Quality to UI when clicking a message received via RNode
- TCPServerInterface now shows how many clients are connected
- v1.9.0
- Add support for automated Linux .AppImage releases
- Add warning popup when attempting to send large files
- Increase the allowed size of incoming LXMF messages from 1MB to 10MB
- Refactore code base to use Vite and Vue Components
- Implement Vue Router to allow for direct linking to pages
- Implement endless scrolling/pagination to prevent loading all messages at once when opening a conversation
- v1.10.0
- Fully Noded releases a dedicated Join Market native iOS client, available on TestFlight [Twitter post]
Project spotlight
- 00:51:03 Module_17, M17 modem board for 9600-baud capable radios [Github]
- âA standalone smart microphone that transforms any 9600 baud capable transceiver into an M17 compatible radio.â
Lightning + L2+
Project spotlight
- 00:51:35 Voltage Tipper: A simple, free and easy to deploy Lightning tipping page with built in Lightning Address that works on Voltage Cloud and any LND node. [Github]
- 00:51:45 Bankify: turn any cashu mint into a lightning wallet with NWC support [Github]
- Cashu mints provide a standardized API for melting and minting ecash tokens, akin to custodial wallet functions. The melt option allows users to pay a mint with ecash, receiving a lightning invoice in return.
- Bankify is a new storage service that automates these processes, featuring Send and Receive buttons and supporting Nostr Wallet Connect commands.
- 00:51:52 Voltz Wallet: All-in-one Lightning Network custodial wallet
- Voltz allows for both On-chain and Lightning payments, an eCash mint and numerous extensions leveraging the lnbits server.
- 00:52:04 2nodeschillin: LDK Node Experiment [Github]
- âThis creates 2 nodes connected to Mutinynet, but keeps them behind local IPs for testing between each other.â
- Resurrection Wallet: desktop frontend for Phoenixd [Github]
Software Releases & Project Updates
- LND v0.18.3-beta
- New Features
- RPC Additions
- The SendPaymentRequest message receives a new flag
cancelable
which indicates if the payment loop is cancelable. - The SendCoinsRequest now takes an optional param
Outpoints
, which is a list of*lnrpc.OutPoint
that specifies the coins from the wallet to be spent in this RPC call. - The
EstimateFee
call on thewalletrpc
sub-server now also returns the currentmin_relay_fee
- The SendPaymentRequest message receives a new flag
- lncli Additions
- Add the
cltv_expiry
argument toaddinvoice
andaddholdinvoice
, allowing users to set themin_final_cltv_expiry_delta
. - The
lncli wallet estimatefeerate
command returns the fee rate estimate for on-chain transactions in sat/kw and sat/vb to achieve a given confirmation target. sendcoins
now takes an optional utxo flag
- Add the
- RPC Additions
- Improvements
- Functional Updates
- RPC Updates
- lncli Updates
- Breaking Changes
- New Features
- Phoenixd v0.3.3
- Catch webhook exceptions
- Add an alternative authentication method for websocket
- Add
payerNote
+payerKey
to incoming payment event
- Zeus
- v0.9.0-rc1
- Our brand new Purchase channels in advance service,
- A new interface for Core Lighting users: CLNRest, which is officially supported by the Core Lightning team
- Hardware wallet / signing device support, allowing users to craft on-chain transactions, and open and close channels to and from popular hardware wallets such as: Coldcard Q, Foundation Passport, Seedsigner, Krux, Keystone Pro 3 and many others
- Watch-only account import (xpub)
- Batch channel opens + transactions
- Close channels to external addresses
- Pending HTLCs view
- A new swipe to pay component for invoices >= 10,000 sats
- A new layout that makes for quicker one-handed invoice scanning
- A new, more performant camera
- Zeus announced the integration of its lightning service provider (LSP), Olympus by ZEUS, into Lightning.Pub. [Blog post]
- v0.9.0-rc1
- Blockstream Green
- Stratum Benchmarking Tool 0.1.0
- It serves as a comprehensive solution for testing and comparing the performance of Stratum V1 and Stratum V2 protocols across various mining scenarios. Key features include:
- Comprehensive Testing Suite: Evaluate different SRI configurations with customizable role settings.
- Automated Benchmarking: Automatically generate and collect performance data for both Stratum V1 and Stratum V2.
- Detailed Reporting: Produce detailed reports that compare protocol performance with clear metrics and visualizations.
- It serves as a comprehensive solution for testing and comparing the performance of Stratum V1 and Stratum V2 protocols across various mining scenarios. Key features include:
- LNP2P Bot
- BitBanana
- v0.8.5
- Add bolt12 support for core lighting nodes
- Add bolt12 contact type
- Add lightning terminal accounts support for lnd nodes
- Add lnd macaroon parsing and adapt UI according to permissions
- v0.8.4
- Add watchtower support for lnd nodes
- Add inbound fee support for lnd nodes
- Move feature settings from advanced settings to normal settings
- App can now stay 30 seconds in the background before a reconnection is necessary
- v0.8.5
- CLBOSS v0.13.3 - Blinded by the Light
- This point release fixes an important bug by restoring the earned fee information
- The version string is now logged on startup and in the clboss-status output
- Add an earnings_tracker diagram
- This point release fixes an important bug by restoring the earned fee information
- Clams Remote v2.3.0
- Branding overhaul to replace all things âClamsâ with âRemoteâ
- Add Plugins dashboard
- Add UI for CLBOSS plugin
Nostr
Project spotlight
- Labour, a relay for the united workers of the world by Fiatjaf [Source code]
- Labour is a âproof-of-work relay with a recency tweakâ; events can be stored if they have done âsome workâ and if the relay has enough storage.
- PKCP - Public-Key Chaining Protocol: Public-key chaining protocol for decentralized self-sovereign digital identity management. [Github]
- âAnyone using any system that relies on public-private key pairs to uniquely identify users can publish the public keys as inscriptions on a satoshi and thus link them into one identity.â
- Brostr: A native browser for the content on Nostr. [Github]
- Features direct access to the content on Nostr without the web server and a standardized behavior for various contents.
- DVMDash: Monitoring and Debugging tool for AI Activity on Nostr [Github]
- âData Vending Machines (nip-90) offload computationally expensive tasks from relays and clients in a decentralized, free-market manner.â
- NostrDice, provably fair betting game combining the power of Lightning and Nostr. [Github]
- âAll you have to do is zapping a note below. Your winnings will automatically be sent back to the lightning address set in your profile.â
- import-ghost: Import content from Ghost to Nostr using Npub.proâs newest tool
- âEventually the tool will let you copy all website settings from Ghost to an npub.pro site. For now - content only.â [Note]
- Angor, a decentralized crowdfunding platform built on Bitcoin and Nostr. [Testnet version]
- Time-lock contracts release funds to founders in stages, allowing investors to recover unspent funds and encouraging founders to demonstrate progress. [Github]
- âAngor is fully decentralized, meaning there is no middleman involved in the investment process. Angor has no backend â the platform leverages the Bitcoin network for transaction processing, while Nostr is being used for decentralized storage of projectsâ metadata and direct communication with founders.â
- OpenVibe: Town square for open social media
- OpenVibe groups decentralised social networks such as Nostr, Mastodon, Bluesky, Threads (and more) into a single timeline
- Nostr-utils, JS helpers to use with Nostr by JoĂŁo Bordalo (@bordalix)
- Coop, a direct message nostr client for desktop [Github]
- nostr-slack: A Go application that listens to Nostr events from a set of authors and posts them to a Slack channel via a webhook [Github]
- Team Relay: A relay written in GO to easily spin up a relay for your team. [Github]
- motherfucking-nostr-client: an original nostr client [Github]
Software Releases & Project Updates
- 00:53:04 Fountain v1.1 - Open Social Podcasting Powered by Nostr
- Fountain is now a Nostr client and implemented the following features:
- Connect or create a Nostr profile
- Share your boosts and comments on Nostr
- A new and improved home feed, turning the home feed into a Nostrâs audio layer
- Audio posts from Nostr clients now appear in Fountain.
- Add Zaps: listeners on Fountain and other Nostr clients can zap your post and send you a payment to show their appreciation
- Add Mentions
- Fountain is now a Nostr client and implemented the following features:
- Rust Nostr v0.34.0
- nostr: add NIP-31 support
- nostr: add NIP-70 support
- nostr: add
EventId::LEN
const - nostr: add
UnsignedEvent::ensure_id
method - nostr: add missing payload arg to
EventBuilder::job_result
- nostr: add
ConversationKey::new
- nostr: add
Request::multi_pay_invoice
constructor - nostr: add
Jsonutil::as_pretty_json
andJsonUtil::try_as_pretty_json
methods - nostr: add
Coordinate::has_identifier
- pool: add
RelayPoolNotification::Authenticated
variant - pool: add
RelayPool::save_subscription
- sqlite/rocksdb/indexeddb: allow to open database with limited capacity
- sdk: add
Client::gift_wrap_to
andClient::send_private_msg_to
- sdk: add option to autoconnect relay on
Client::add_relay
method call - sdk: add support to embedded tor client
- sdk: add
Options::max_avg_latency
- sdk: add
Client::stream_events_of
andClient::stream_events_from
methods - ffi(nostr): add EventBuilder::seal` constructor
- cli: add generate command
- cli: add json flag to query command
- Amethyst
- v0.89.10
- Improved filter for notifications
- Moves service manager to the Application class
- Adds protections against filters with empty arrays because some relays consider that null as opposed to empty.
- Delete All Drafts now requires maximum chunks of 200 elements to avoid the 65KB stringified JSON limit of many relays.
- Updates translate dependencies
- Reducing the amount of CPU memory used for images to the default.
- Improves wording on the name of relay types
- Marks username as deprecated
- Adds zap amount cache for the memory space calculations
- Allows users to select and copy the notice from the relay on the relay list dialog
- v0.89.9
- Fixes the order of bookmarks (keeps the order of the event, instead of the created at)
- Improves the async rendering of Base64 content
- Moves discovery and video lists to Outbox when Follows or relay lists are selected
- Adds support for selecting authors based on their Outbox relays when searching for notes authored by them
- Aligns default note comparator to NIP-01âs created at descending and then by id ascending
- Keep them public to allow testing in these particular functions
- Refactors to use native contains instead of custom lambdas on Ammoliteâs Filter
- Refactors Ammolite Filters to be regular ones and creates a PerRelayFilter for the use on Amethyst
- Renames the MinimumRelayList to RecommendationProcessor
- Adds haptic feedback to draft deletion swipe
- Moves the ContactList cache lists to AccountViewModel, where it can be disposed more efficiently
- Improves the accuracy of the Event memory counter
- Adds event factory performance test
- Adds extension possibility to Quartzâs event factory
- Moves DataSource dispatcher from IO to Default
- Makes stringRes Stable for compose
- Removes Mutiny NWC button :(
- Moves Relay viewModels to Default thread
- v0.89.10
- Coracle v0.4.9
- Add person zaps
- Bring back delete
- Add group feeds
- Improve NIP 17 UX
- Include signature in event json
- Use new read status NIP
- Simplify wot calculation
- Add ncryptsec support (notbiebs)
- Add alt tag to feeds and lists
- Voyage
- 0xchat v1.3.1-beta
- Microphone access is now only requested during voice calls
- Add an âalways use relayâ option in voice/video calls to protect IP addresses
- Voice calls can now continue in background mode
- Multi-account switching is now supported
- Add tips for auto-delete conversations
- Improve the experience of sending images and videos in chats
- @ mentions are now supported in relay groups
- Add a join request entry for groups
- Merge groups and channels in the contacts list
- Add push notifications for group, like, and reply messages
- The discovery page now supports searching for groups (by group ID, relay host, or naddr)
- Group admins can now delete messages for everyone
- Clicking on a reply note now navigates to the corresponding replied note
- Gossip
- v0.11.3
- Inbox now correctly includes all direct replies, and excludes hellthreads unless you switch to âeverythingâ
- Key generation now always gives only 02 even parity keys
- v0.11.2
- Feeds should now load the right amount of events initially and per âload-moreâ chunk
- An annotate that is cancelled should not get stuck making the next reply an annotate
- v0.11.3
- nos.social v0.1.24
- Disable automatically generated analytics events that were sent each time the user navigated to a new screen
- Show âNew notes availableâ notification on Feed when there are new notes to display
- Disable the Post button while images are still uploading
- Improve app performance on first login by requesting fewer events from relays
- Re-enable autocomplete when composing a note
- Add push notifications for zaps
- Add zaps to the Notifications view
- Mostro
- v0.12.4
- New actions and remove text strings, refactoring
- Pow check of events incoming
- Include dispute id on dispute start
- v0.12.3
- Now cooperative cancelled order are no more managed by admin
- Add scheduler event with relay list
- Update nostr event
- Add new order event spec page
- Introduce a in-memory price cache
- v0.12.4
Boosts
- 01:35:09 Thanks to everyone who streamed sats, and shoutout to our top boosters:
- BR073
- [đ TOP BOOSTER] @Zero-Knowledge Goof (10,000 sats) âI enjoyed participating in this episode. @NVK is great at bringing together the quiet builders and deep thinkers in Bitcoin.â
- @wotsit (10,000 sats) âI donât understand 90% of what you guys were saying but I am glad that it seems you do, and I find that comforting. I got to the end, and do most weeks. Thank you NVK and all your guests.â
- @apemithrandir (7,777 sats) âMr Raw bringing balance to the panel of nerds.â
- @vake (10,000 sats) âBitcoin is boringâ
- @wartime (1,000 sats) âGood show, would love to hear a dedicated show on attacks.â
- BR072
- [đ TOP BOOSTER] @vake (10,000 sats) âBitcoin is boring, nothing happensâ
- @apemithrandir (7,777 sats) âOne of the hosts said you could update Ledger firmware without using Ledger Live. Anyone have a link for that?â
- @qxotk (4,224 sats) âwalking on grass paying attention, I am most grateful.â
- @loishodls (1,000 sats) âbefore I fell asleep , I heard âblah blah⌠people are not verifying signaturesâŚâ FYI , non-programmers need explicit instructions how to do this, ideally for windows OS not Linux commands. most software I download says âverify signatures hereâ⌠doesnât show what to verify it to. most people will follow the steps, if they are included đ thank you for your patience with us retards đŤâ
- BR073
Tech Tip of the Day
- Buster, a captcha solver extension for humans, available for Chrome, Edge and Firefox [Github]
Bitcoin Optech Newsletter
- Highlights from recent Bitcoin Optech Newsletters
- 317
- Simple (but imperfect) anti-exfiltration protocol: âdeveloper Moonsettler posted to Delving Bitcoin to describe an anti-exfiltration protocol. The same protocol has been described before, with Pieter Wuille citing the earliest known description of the technique for anti-exfil being a 2014 post by Gregory Maxwell.â
- 316
- New time warp vulnerability in testnet4: Mark âMurchâ Erhardt reports on Delving Bitcoin about an attack identified by developer Zawy that targets testnet4âs new difficulty adjustment algorithm.
- Onion message DoS risk discussion: Gijs van Dam shares on Delving Bitcoin a discussion about a recent paper by researchers Amin Bashiri and Majid Khabbazian regarding onion messages.
- Optional identification and authentication of LN payers: Bastien Teinturier suggests in a post on Delving Bitcoin that spenders could include additional data with their payments, enabling receivers to recognize the payments as coming from a known contact.
- Bitcoin Core switch to CMake build system: Cory Fields announces on the Bitcoin-Dev mailing list that Bitcoin Core is transitioning from the GNU autotools build system to the CMake build system. This change is led by Hennadii Stepanov, with contributions from Michael Ford and other developers.
- 315
- Faster seed exfiltration attack
- Block withholding attacks and potential solutions
- Statistics on compact block reconstruction
- Replacement cycle attack against pay-to-anchor
- Proposed BIP for scriptless threshold signatures
- Optimistic verification of zero-knowledge proofs using CAT, MATT, and Elftrace
- 317
News & Noteworthy
Business & Finance
- Unchained introduces Self-Service Onboarding, a new and faster unchained vault service [Website]
- Zaprite announces:
- Bitcoin miner Rhodium Enterprises, Inc. files for Chapter 11 in the Texas Southern Bankruptcy Court. [The Miner Mag]
- Bitfarms to acquire Stronghold Digital Mining, âa vertically integrated crypto asset mining company focused on mining Bitcoin and environmental remediation and reclamation services.â [Press release]
Cryptography
- The National Institute of Standards and Technology (NIST) has published first three finalized standards for post-quantum cryptography. [NIST]
- In 2015, NIST initiated the selection and standardization of quantum-resistant algorithms to counter potential threats from quantum computers. After assessing 82 algorithms from 25 countries, the top 15 were identified with global cryptographersâ assistance.
Ham Radio
- Bitcoinerâs Guide to Getting a US Ham Radio License by HR4BTC [YouTube]
Funding
- OpenSats announces:
- Long-term support for nostr developers Vitor Pamplona and Kieran Harkin
- New round of grants focused on Bitcoin Core development, focusing on three up-and-coming developers working on Bitcoinâs reference implementation: [Blog post]
- Donation commitment from Build Asset Management [Blog post]
- Build Asset Management commits 10% of management fees from its bitcoin-backed fund to OpenSats and the Human Rights Foundation, supporting open-source Bitcoin development.
- Sixth Wave of Nostr Grants: [Blog post]
- Osty
- Seer
- Alphaama
- Corny Chat
- Nostroots
- Yana
- Dart NDK
- Jester
- Nostr Spring Boot Starter
- Spiral announces:
- Grant renewal #5 for Bitcoin Core and Stratum V2 reviewer Vasil Dimov [Announcement]
- Grant renewal #1 for LNDK contributor and BOLT12 bigwig Alyssa Hertig [Announcement]
- New grantee Nick Johnson for his work on improving privacy with BIP324, a Rust library that enables light client encrypted messages [Announcement]
- Btrusts announces the recipients of its Q3, 2024 âżtrust Starter Grants and the Open-Source Cohort Members:
- Enigbe Ochekliye @engb_os, Tobechi Chukwuleta @TChileta, Kelvin Isievwore @kelvinator05, Abubakar Sadiq Ismail @sadeeq_ismaela, Duncan Dean @dunxen and Oghenovo Usiwoma @Eunovo9.
- Foundry Donate now supports The 256 Foundation mission to make Bitcoin mining free & open. [Announcement]
- SimpleX receives a $1.3m pre-seed investment from Jack Dorsey and Asymmetric Capital Partners [Blog post]
- Ark Labs secures a $2.5M pre-seed investment led by Tim Draper and Draper Ventures. [Blog post]
Mining
- The bitaxeGamma is the latest member in the Bitaxe lineup [Skot9000âs Twitter post]
- It features the BM1370 ASIC from the Antminer S21 Pro, and can reach an efficiency of 1-1.2 TH/s at around 15 J/TH from a single chip.
Privacy
- Signal messenger blocked in Russia amid crackdown on communication platforms [Restore Privacy]
- Russia blocks Signal citing non-compliance with national regulations aimed at preventing extremist activities. The block is confirmed by the Russian telecommunications regulator, Roskomnadzor, and affects all ISPs.
- US government recommends a 30 year prison sentence for Roman Sterlingov, alleged Bitcoin Fog operator. [Court Listener]
- A federal court in New York rules that border agents must obtain a warrant before searching electronic devices of both Americans and international travelers, reinforcing constitutional rights and setting a precedent for digital privacy at U.S. borders. [TechCrunch]
Protocol
- Bitcoin Core #28553: adds assumeUTXO snapshot parameters for mainnet block 840,000: its block hash, the number of transactions up to that block, and the SHA256 hash of the serialized UTXO set up to that block. [Merged]
- Bitcoin Core GUI #824: changes the
Migrate Wallet
menu item from a single action to a menu list, allowing users to migrate any legacy wallet in the wallet directory, including unloadable wallets. This change prepares for a possible future where legacy wallets may no longer be loadable in Bitcoin Core, with descriptor wallets becoming the default. [Merged] - Bitcoin Core #28280: optimizes Initial Block Download (IBD) performance for pruned nodes by not emptying the UTXO cache during pruning flushes. [Merged]
- Bitcoin Core #28052: adds XOR encoding to
blocksdir *.dat
files on creation as a preventative mechanism against unintentional and accidental data corruption by anti-virus or similar software. [Merged] - Bitcoin Core #30493: enables full RBF as the default setting, while leaving the option for node operators to revert to opt-in RBF. [Merged]
- Bitcoin Core #30352: introduces a new output type, Pay-To-Anchor (P2A), and makes its spending standard. [Merged]
Government & Political
- Binance faces âaccess restrictionsâ in Venezuela, rendering access to the platform impossible for residents until further notice [Binanceâs announcement]
- Iran offers bounties to stop crypto mining amid severe power shortage [Iran International]
- Iranian authorities crack down on unauthorized mining, offering a bounty of one million toman (about US$20) for reporting illegal mining equipment, leading to the discovery of over 230,000 illegal devices.
- Germany seizes âŹ250k in cash from thirteen unauthorized cryptocurrency ATMs [Reuters]
- Located across 35 sites, the machines were seized for potential money-laundering risks and were found to lack the necessary regulatory approvals.
- Nigerian politician and Bitcoiner James Otudor, has âfiled a landmark lawsuit against key Nigerian government entities, challenging restrictions on the ownership, use, and trade of Bitcoin, USDT, and other cryptocurrencies.â [Twitter post]
Events
- OP_NEXT: A scaling conference for Bitcoin builders, developers and founders.
- November 9, 2024 in Boston, US
Reads
- Hereâs a list of our top recently published reads:
- Engineering a backdoored bitcoin wallet by Adam Scott and Sean Andersen, Block, Inc [Usenix]
- A bitcoin scam uncovered: how a wallet generator likely generated addresses that its operators had the private keys for. [Stacker.news]
- Can Nostr Make Twitterâs Dreams Come True? by Alex Gladstein [Note]
- UK NCA Claims Crypto âIncreasingly Usedâ For Money Laundering, E2EE Risk To Children [The Rage]
Episode submission ideas
- Weâre looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.
Get in touch with the pod
- Podcast Twitter
- NVK Twitter
- Telegram
- Nostr & LN âĄnvk@nvk.org (not an email!)
Did I get anything wrong above Help me correct it producer@coinkite.com