I’m joined by guests Future Paul & Rijndael to go through the list.

Listen on your favorite podcast app:

Housekeeping

  • 00:03:17 Coinkite launches a dedicated partners page with a focus on education and custody options. [Announcement]
  • New Coldcard Mobile Multisig Tutorial: how to setup a multisig wallet on two Coldcard Q’s and a Tapsigner using Nunchuk [Demonstration]

Vulnerability Disclosures

  • 00:18:54 The RAMBO Attack: Exploiting air-gapped systems [Cyber Security News]
    • Researchers demonstrate the RAMBO attack, which exploits electromagnetic emissions from RAM to exfiltrate data from air-gapped systems. It uses malware to manipulate RAM, generating radio signals that encode sensitive information.
    • The attack employs Manchester encoding for data transmission, ensuring synchronization and error detection. It uses the MOVNTI instruction to maintain RAM bus activity, with a preamble sequence for synchronization.
  • 00:27:50 YubiKeys vulnerable to sophisticated cloning attacks via side-channel exploits [ArsTechnica]
    • NinjaLab researchers reveal a vulnerability in YubiKey 5 Series security keys, caused by timing differences in the Infineon cryptographic library. Attackers with physical access and specialized equipment can exploit electromagnetic leakages to clone FIDO authentication keys.
    • Two-factor authentication and one-time passwords remain unaffected as they do not rely on the vulnerable ECDSA function. [Yubico Security Advisory YSA-2024-03]
  • 00:29:05 SpyAgent: New Android malware targets crypto wallets through image recognition [McAfee Labs]
    • McAfee’s Mobile Research Team uncovers new Android malware targeting mnemonic keys by scanning device images. The malware disguises itself as trustworthy apps and steals text messages, contacts, and stored images.
    • SpyAgent is distributed mainly through phishing campaigns, tricking users into downloading malicious apps. It uses advanced techniques like OCR to extract text from images, aiming to steal cryptocurrency wallet recovery phrases.
  • 00:30:16 Hardware backdoors detected in Chinese key cards allowing potential attackers to bypass authentication [Risky Biz]
    • The discovery highlights the vulnerability of these commonly used access control systems in sensitive industries and has prompted increased scrutiny over Chinese hardware and renewed debates on supply chain security in critical infrastructure sectors.
  • 00:34:41 sedexp: stealthy Linux malware exploiting udev rules [Aon]
    • Active since 2022, it provides attackers with reverse shell capabilities while remaining undetected in online sandboxes. It manipulates memory to conceal its presence, leveraging udev rules to execute actions upon device events.
    • USP: Go program establishes persistence on a Linux system by creating a udev rule that triggers the execution of a specified payload (binary or script)
  • Five dollar wrench attacks: Founder of cryptocurrency research platform forced by attackers, at gunpoint, to log into several crypto accounts and transfer funds [Victim’s Twitter post]
    • During the attack, the victim, his wife and son were threatened. The stolen funds included personal assets, company’s working capital, and funds.

Bitcoin

Software Releases & Project Updates

  • 00:36:53 Bitcoin Core v28.0rc1 [Testing Guide]
    • Testnet4/BIP94 support: Support for Testnet4 as specified in BIP94 has been added
    • P2P and network changes:
      • Bitcoin Core will now fail to start up if any of its P2P binds fail
      • UNIX domain sockets can now be used for proxy connections
      • Additional flags “in” and “out” have been added to -whitelist to control whether permissions apply to incoming connections and/or manual
      • Transactions that are too low feerate will be opportunistically paired with their child transactions and submitted as a package
    • Mempool Policy Changes:
      • Transactions with version number set to 3 are now treated as standard on all networks
      • Pay To Anchor(P2A) is a new standard witness output type for spending, a newly recognised output template
      • Limited package RBF is now enabled
    • Updated RPCs:
      • Using sendrawtransaction rpc, update help text from “Transaction already in block chain” to “Transaction outputs already in utxo set”
      • The default mode for the estimatesmartfee RPC has been updated from conservative to economical
      • An item of unspents, of scantxoutset, has two new fields: blockhash and confirmations
    • Updated REST APIs: Parameter validation for /rest/getutxos has been improved by rejecting truncated or overly large txids and malformed outpoint indices by raising an HTTP_BAD_REQUEST “Parse error”
    • Updated settings:
      • When running with -alertnotify, an alert can now be raised multiple times instead of just once
      • mempoolfullrbf=1 is now set by default
    • Wallet: The wallet now detects when wallet transactions conflict with the mempool
  • 00:41:58 COLDCARD release (coming Thursday)
    • Seed XOR:
      • XOR from Seed Vault (select other parts of the XOR from seeds in the vault). Restore geographically distributed SeedXOR without physically bringing the parts together.
      • [Q ONLY] Seeds can be scanned from SeedQR instead of typing them by hand.
    • Multisig:
      • OPT-IN multi(
) support. Needs to be enabled. Not recommended, BIP-67 is the standard
      • JSON wrapped imports to provide custom name instead of the filename. Most useful for USB and NFC imports which have no filename.
      • Descriptor checksum is no longer required upon import
      • [Q only] Create Airgapped (aka using CC as multisig coordinator) now works with BBQRs.
    • QR file Share:
      • Same as NFC file share, allows user to share any file from SD card via QR/BBQr.
    • Optimizations and speed:
      • libsecp256k1 bumped to latest 0.5.0 (point multiplication algorithm speed up, etc)
      • improvements in our signature grinding algo
      • updated libsecp plus our optimizations yield 30% improvement in signing speed over previous version (15% in overall signing speed as signing is not the only part of it (validation, change checks, etc.))
    • Security:
      • Improve side-channel protection: libsecp256k1 context randomization now happens before each signing session and more
  • 00:48:06 Utreexod v0.4.0
    • wire, main, indexers: remove unconfirmed marker
    • indexers: only include positions that were found
    • Remove heap allocations when flushing the nodes or cached leaves
    • Make bridge nodes recoverable
  • 00:48:44 BlueWallet v7.0.3
    • Add: Camera flip image
    • Add: Hide balance and Delete wallet from Manage screen
  • 00:49:02 Nunchuk Android v1.9.50
    • New and improved Coin Collection settings
    • Refactored sign-in flow
  • 00:49:16 Bitkey App v2024.68.0
    • Bitcoin Price: You can view the current bitcoin price and historical performance in the app.
    • Firmware Updates: Updates now include a link to view the firmware release notes.
  • 00:49:32 Bullbitcoin-mobile v0.3.0 - Chain Swaps!
    • Move funds between Instant & Secure wallet
    • Send / Receive across Bitcoin/Liquid Network
  • 00:51:49 SwissBitcoinPay v2.1.2
    • Add better support for underpaid onchain payments
  • 00:51:56 BoltzExchange client
    • v2.1.5 - Fixes, fixes, fixes
      • Add keepalive policy to grpc server
    • v2.1.3 - Leaky Client
      • Add description hash option for reverse swaps

Project spotlight

  • 1:07:26 Bitcoin Good First Issues: explore vetted FOSS projects and find your way in bitcoin open source
    • The new product collects beginner-friendly issues labeled Bug, Help Wanted, and Good First Issues from vetted Free Open Source Software Bitcoin projects. It aims to simplify contributing to Bitcoin FOSS.
  • 1:09:22 StashPay: a Bitcoin wallet for freelancers and digital nomads [Announcement]
    • A TestFlight release for iOS is available for early testers
  • 1:09:30 LiveWallet: An application to help estimate the effect of bitcoin transaction fees on invididual utxos and transactions containing multiple utxos. [Github]
    • Estimate UTXO fee burden at any fee rate
    • Estimate fee burden of a multi UTXO transaction
    • Estimate USD cost of a transaction at any USD/BTC price and fee rate
  • 1:09:42 dlc dev kit: Application tooling for dlc contracts [Github]
    • “Application development kit incorporating both rust-dlc and bdk. It provides robust libraries for transport, data storage, and oracle clients, enabling seamless integration for application development.”
  • powcoins: Tool to obtain coins sent to PoW-faucet addresses on the Bitcoin signet network [Github]
  • 1:09:50 Orqestra: lets businesses automatically convert portions of their sales to bitcoin
    • “Orqestra allows businesses to automatically convert a portion of their cash flow into bitcoin. You can transfer the bitcoin to an external wallet or convert back your funds to USD at any time.”

Software Releases & Project Updates

  • 1:11:19 SimpleX v6.0.4
    • Reduce traffic and battery usage on unstable networks
    • Desktop: only offer the next versions for update, based on SerVer ordering
    • UI fixes
  • 1:12:04 NomadNet v0.5.1
    • Add support for Reticulum key ratchets
    • Add support for LXMF stamps and tickets
  • 1:12:51 Sideband
    • v0.9.4
      • Add outbound stamp cost handling and generation
      • Add inbound stamp cost settings to preferences
      • Add message details dialog
      • Add message encryption information to message details
      • Add ratchet information to object details
      • Add stamp cost information to object details
      • Add delivery ticket information to object details
      • Sideband will now automatically include delivery tickets to trusted peers
    • v0.9.3
      • Add inbound PTT audio queue
      • Add PTT playback block when recording a message
      • Add PTT activation by space key
      • Add battery temperature to telemetry
      • Improve database transaction concurrency handling on Android
    • v0.9.2
      • Add PTT mode for audio messages (on Android and Linux)
      • Add command-line options to import and export Sideband settings for changing configuration on daemon-mode Sideband instances
      • Improve telemetry processing and sending
      • Improve notification handling
  • 1:13:19 Mullvad VPN adds support for DAITA, on macOS and Linux, a defense against AI-guided traffic analysis [Blog post]
    • Despite VPN encryption, advanced traffic analysis poses privacy threats, recommanding the expansion of DAITA support.

Project spotlight

  • 1:16:47 Cypherpunk Tools: comprehensive list of privacy tools with a selection hosted by privacy-focused VPS provider Mynymbox.io
  • 1:16:59 The Resilient Anonymous Communications for Everyone (RACE) project by DARPA: distributed messaging system ensuring confidentiality, integrity, and privacy within a network.
    • RACE focuses on secure communication protocols and efficient, distributed tasking to resist attacks, even with limited compromises and deep packet inspection.
    • In August 2024, DARPA released a proof-of-concept code on [Github]
  • 1:17:47 Katzenpost mix network: Post quantum anonymous communication network [Github]
    • Katzenpost develops software focused on mix network protocols, enabling anonymous communication systems resistant to traffic analysis.
    • Mix networks protect user anonymity by obscuring communication patterns, preventing adversaries from performing statistical analysis.
  • 1:18:03 NymVPN: a decentralized VPN service masking users’ internet traffic through a mixnet [Github]
    • NymVPN is now freely available for users to beta test and experience the first commercially available application to run on a decentralized mixnet.

Lightning + L2+

Project spotlight

  • 1:19:41 Full Phoenixd Stack: Self-custodial stack: phoenixd + letsencrypt + nginx + lnbits from your own domain name [Github]
    • How to run your full self custodial stack: phoenixd + letsencrypt + nginx + lnbits from your own domain name [Guide]
  • 1:19:49 Zapin.me: an open-source platform where users can pin messages on a global map, with visibility determined by the amount of Satoshis paid via the Lightning Network. [Github]
    • Each message is paid for with Satoshis, and the visibility of the message on the map is determined by the amount of Satoshis spent.
  • 1:20:03 lnwCash: A open-source Cashu wallet for anyone, anytime and anywhere. [Github]
    • lnwcash is a new Flutter project.
  • Alby Go: A simple lightning mobile wallet interface that works great with Alby Hub [Github]
  • Cowbolt: Mobile app to collaborate, cost split and settle in bitcoin
    • “A cost-splitting, team chat, and self-custody wallet combined into one easy-to-use product”
  • CashuSwift: a native library for building Cashu Ecash wallets on all of Apple’s platforms [Github]
    • This library provides basic functionality and model representation for using the Cashu protocol via its V1 API.
  • Lightning Bounties LLC: Platform to reward software developers for their contributions with Crypto currencies instantly.

Software Releases & Project Updates

  • 1:25:53 CLN v24.08 - Steel Backed-up Channels
    • Highlights for Users
      • pay now checks for sufficient spendable capacity before computing a route and returns a clear error message if there isn’t enough capacity
      • offers can now self-fetch and self-pay BOLT12 offers and invoices
      • offers automatically adds a blinded path from a peer if we have no public channels, and supports setting a blinded path for invoicerequest if we’re an unannounced node
      • renepay now prunes the network by disabling undesired channels, un-reserves routes after use, and introduces a new exclude option for channels & nodes to be excluded from routing
      • Whitespace at the end of (most) options will not complain anymore
      • I/O optimizations to significantly speed up larger nodes
    • Highlights for the Network
      • pay can now pay to bolt12 invoices if entry to blinded hop is specified as a short_channel_id
      • We can now open unannounced channels with LND nodes again
      • Onion messages are now supported by default and can be forwarded using short_channel_id
      • We now request all gossip from the first peer and immediately send updated gossip to current peers instead of waiting for reconnections
      • Recurring offers had incompatible changes, it will not work against older versions
    • Highlights for Developers
      • New experimental plugin askrene accesses min-cost-flow route calculations
      • pay plugin now includes enhanced logging and improved error codes, and emits channel_hint_updated notifications to share inferred balances across payments
      • New reckless-rpc plugin allows to issue commands to reckless over rpc
      • Plugin manager reckless now supports installing Rust plugins, accepts JSON array input and, provides JSON output with the -j/--json option flag
      • bookkeeper now listens for two new custom events: utxo_deposit and utxo_spend
  • 1:25:58 rust-lightning v0.0.124 - Papercutting Feature Requests
    • API Updates
      • A new lightning_types crate was added which contains various top-level types
      • lightning now depends on lightning-invoice, rather than the other way around
      • ConfirmationTarget has two new variants - a MaximumFeeEstimate which can help to avoid spurious force-closes by ensuring we always accept feerates up to this value from peers as sane and a UrgentOnChainSweep, replacing OnChainSweep and only being used when the on-chain sweep is urgent
      • All ChannelMonitors are no longer persisted after each block connection, instead spreading them out over a handful of blocks to reduce load spikes
      • HTLCs will now be forwarded over any channel with a peer, rather than only the specific channel requested by the payment sender
    • Backwards Compatibility
      • BOLT 12 Offers created in prior versions are still valid but are at risk of deanonymization attacks allowing identification of the recipient node
      • BOLT 12 outbound payments in state RecentPaymentDetails::AwaitingInvoice will eventually time out after upgrade to 0.0.124 as any received invoice will be considered invalid
      • BOLT 12 Refunds created in prior version with non-empty Refund::paths are considered invalid by ChannelManager
      • The format written by impl_writeable_tlv_based_enum[_upgradable] for tuple variants has changed, only impacting LDK-external use of the macros
      • An Event::PaymentFailed without a payment hash will deserialize to a payment hash of all-0s when downgrading
      • Event::PaymentFailed reasons may be mapped to similar reasons that were available in previous versions on downgrade
    • Performance Improvements
      • Route-finding is 11-23% faster
      • lightning-block-sync now much better avoids lock contention during parallel requests for block data, speeding up gossip sync from multiple peers
    • Node Compatibility
      • 0.0.123 contained a workaround for CLN v24.02 requiring the gossip_queries feature for all peers. Since an updated CLN has now shipped which does not require this, the workaround has been reverted (#3172)
      • LDK now supports BOLT 12 Offers without an explicit signing public key, allowing it to pay more compact offers generated by other nodes
      • LDK now supports BOLT 12 Offers without descriptions when no amount is present
  • 1:26:03 BlixtWallet v0.7.0
    • New syncing nodes have been added in different regions around the world: Seattle, Germany, and Singapore. New wallets will automatically use these
    • Lightning Box can now be paid via @blixtwallet.com, with strict enforcement that the payment goes to the right payee
    • Add dropdown menu to channels on Lightning channels screen
    • Blixt Wallet now only accepts incoming anchor or taproot channels
    • Add support for fee bumping channel openings
    • Add the ability to hide amounts on Overview screen
    • Speedloader is now enabled by default for all new wallets
    • LNURL-pay desc hash check has been removed
    • Raise the maximum channel close commitment fee to 300 sats/vbyte
    • Remote channel reserve for new channels is now set to 360 sats
    • Long invoice descriptions are now trimmed in the transaction log
  • 1:26:07 Phoenix Android/iOS v2.3.7
    • Support for custom PIN: The application can now be protected with a custom 6-digits PIN code specific to Phoenix.
    • Improve compatibility with BOLT12 payments
  • Phoenixd v0.3.4
    • Add an optional expiry for bolt11 invoices
    • Use lightning-kmp 1.7.3-FEECREDIT-11
    • Add a best-effort method for estimating liquidity fees
  • 1:26:10 lnbits v0.12.11-rc1
    • x3 EXTRA funding sources Boltz, Breez and Nostr Wallet Connect:
      • Add boltz client fundingsource
      • NWC Funding source
      • Add Breez SDK wallet
    • Add bitpay and yadio fiat rate providers + increase precision of blockchain.info fiat rate provider
    • Set a maximium sleep time when retrying to connect to the funding source
    • Invoice creation UI: Replace input mask with pattern and inputmode
    • Show wallet names in dropdown
    • Add detailed CSV export option
  • BitBanana v0.8.6
    • Support for BIP353 e-mail like addresses (user@twelve.cash)
    • Update translations
  • Alby js-sdk v3.7.0
    • Parse nwc url lud16
    • Add metadata field to make_invoice
  • Cashu-ts v1.1.0
    • Added Token v4 Read/Write
    • Refactored types into a more organized hierarchy
    • Stronger type safety for cbor decode functions
    • Add token v4 to readme
  • CDK v0.3.0
    • In this release LNbits, Strike API, and LND were added as supported lightning backends for the mint. The strike api supports both bitcoin denomination as well as fiat currency.
    • Changed
      • cdk(wallet): fn send returns Token so the user can use the struct of convert it to a v3 or v4 string
      • cdk(wallet): Publicly export MultiMintWallet
      • cdk(cdk-database/mint): Get pending and spent proofs by ys or secrets instead of a single proofs
      • cdk(cdk-database/mint): Change add_blind_signature to add_blind_signatures
      • cdk(cdk-database/mint): Rename add_active_keyset to set_active_keyset
      • cdk(cdk-database/wallet): Change get_proofs to return Vec instead of Option<Vec>
    • Added
      • cdk(NUT-11): Add Copy on SigFlag
      • cdk(wallet): Add fn send_proofs that marks proofs as reserved and creates token
      • cdk(wallet): Add fn melt_proofs that uses specific proofs for melt instead of selecting
      • cdk-cli(receive): Add support for signing keys to be nostr nsec encoded
      • cdk-fake-wallet: Add Fake wallet for testing

Boosts

  • 1:30:52 Thanks to everyone who streamed sats, and shoutout to our top boosters:
    • [🏆 TOP BOOSTER] @Ape Mithrandir (7,777 sats) “Double boost. I got the latest Fountain. Does that mean this goes to Nostr now?”
    • @Ape Mithrandir (7,777 sats) “How do I get the latest APK for fountain? My Aurora store stopped working. It is open source? Can I use Obtainium, Accrescent or FDroid?”
    • @bradmillscan (13,337 sats) “About half way through this podcast there’s a wicked conversation about @fountain_app integrating with Nostr. Great convo @NVK& @merryoscar 👏”
    • @Marcellus (5,000 sats) “@merryoscar incredible job integrating Nostr. Am I right assuming that if we choose “global feed” we see in real time all the comments in @fountain_app in real time?”
    • @qxotk (4,224 sats) “Having a great day
and
 Hot wallets are more vulnerable to social engineering - especially during the ignosecond between the time you hit broadcast on your transaction and the moment later when you realize you have fallen for the oldest trick in the book
no one is ever going to “doubke your bitcoin” - not even Michael Saylor. Keep your bags more than a few clicks from spending, way more.”
    • @vake (3,000 sats) â€œđŸ€˜â€

Nostr

Project spotlight

  • 1:38:33 Notepush by Damus: A Nostr relay for sending out push notifications [Github]
    • WIP: A high performance Nostr relay for sending out push notifications using the Apple Push Notification Service (APNS).
  • 1:39:01 Nostrize: Browser extension that empowers any website with the Nostr experience [Github]
    • “Nostrize seamlessly integrates tipping and crowdsourcing capabilities through Bitcoin, making every interaction permissionless”
  • 1:39:07 Wikistr: A “wikipedia” client for nostr [Github]
  • 1:39:10 WoT Relay: archiving every note in your web of trust [Github)
    • WOT Relay is a Nostr relay that saves all the notes that people you follow, and people they follow are posting.
  • 1:39:17 Fren Relay: A Relay that only your frens (people you follow) can post to using NIP42 Authentication [Github]
  • 1:39:27 Anonostr: Send anonymous notes on Nostr [Github]
    • Anonostr allows users to send anonymous notes to the Nostr network without revealing their identity.
    • For each note submission, the app generates a new key pair, sends the note through select relays, and then securely burns the key pair.
  • 1:39:53 The Wired: an anon agora, built upon the NOSTR protocol [Source code]
    • Employs Proof-of-Work (PoW) as a spam prevention mechanism, as opposed to Captcha, moderation or other verification methods
  • 1:40:05 Yeghro Unfollow Tool: Nostr inactive users checker
    • The tool allow for the removal of inactive nostr users.
  • 1:40:11 Gif Buddy: A gif companion app for nostr clients [Github]
    • Users can easily search for a GIF, copy its address, and paste it into their client for sharing.
    • Each copied GIF is uploaded to nostr.build, triggering a NIP-94 request, ensuring future accessibility across clients.
  • 1:40:18 Why Nostr: comprehensive introduction to Nostr, listing learning ressources, clients and an exploration page of the ecosystem.
  • 1:40:30 Bitcoin.Review nostr mini series (coming soon!)

Software Releases & Project Updates

  • Nostr Web Services (NWS) v0.1.0
    • Add HTTPS reverse proxy support
    • Implement reverse connection handling in SOCKS5 server
    • Add domain parsing for .nostr addresses
    • Reintroduce domain validation for .nostr domains
    • Add domain to certificate DNS name
    • Add public exit nodes with clearnet support
    • Use custom event kinds
    • Add default relay config
    • Add logging for error handling and connection status
  • Damus New Testflight
    • Create Highlights in Safari
    • Push notifications
  • Amethyst
    • v0.91.0 - Edge to edge feeds
      • Finish Edge to Edge transition for Android 15
      • Add compression settings to the media uploading screen
      • Add sliding animations in all inner screens
      • Add copy stack to clipboard for error messages that have an exception
      • Enable the use of hidden words for all visible properties of the user
    • v0.90.4
      • Show relay ping with the relay icon
      • Enable decryption by nip04 and nip44 on NostrWalletConnect objects, NIP-51 lists and NIP-04 messages
      • Add basic support for NIP-46 events
      • Protect against empty nip04 content
      • Speed up the filter for NWC zap payments
    • v0.90.0 - Torrents and Outbox refactorings
      • Add support for NIP-35 torrents and their comments
      • Add a simplified sync Signer to the Quartz library
      • Add Default lists for NIP-65 inbox and outbox relays
      • Add Default lists for Search relays
      • Add local backup for UserMetadata objects
      • Add local backup for Mute lists
      • Add local backup for NIP-65 relays
      • Add local backup for DM Relays
      • Add local backup for private home relays
      • Improve caching of encrypted DMs
      • Update Twitter verification to X
      • Improve the rendering of QR Codes
      • Add support to Delete All Drafts
  • Lume v4.1.0
    • Lume now only focus on MacOS and Windows while a dedicated Linux native client is in the works.
    • New app icon for Windows and macOS
    • Improve support for Nostr Connect
    • Improve security, only save private key as ncryptsec format
    • Add “Stories” column to provide a quick way to keep up to date with the user’s contacts
    • Add “Search” column
    • Add “Notification” column
    • Add “Hashtag” column
    • Redesign “Thread” column
  • Voyage
    • v0.13.1
      • Guarantee autopilot maps two relays to each pubkey
    • v0.13.0
      • Lock user and hide other locked users
      • Create git issues for the voyage repository
      • Show where a post has first been seen on (relay)
      • Show event json
      • Show muted and locked profiles at the top of your follow list
  • Nos v0.1.26
    • Add nos.lol to the default relay list for new accounts and removed relay.snort.social
    • Show quoted notes in note cards
    • Add quote-reposting
    • Add a new image viewer that appears when you tap an image
    • Add a new gallery view that’s currently behind a feature flag
    • Remove the like and repost counts from the Main and Profile feeds
    • Remove wss:// from relay addresses in lists and removed the need to prepend relay addresses with wss://
    • Localize the quotation marks on the Notifications view
    • Add in-app profile photo editing
    • Internal changes:
      • Include the npub in the properties list sent to analytics
      • Replace hard-coded color values
      • Add a feature flag toggle for “Enable new media display” to Staging builds
      • Add a new gallery view to display multiple links in a post. Currently behind the “Enable new media display” feature flag
      • Add an overlay to GIFs that plays the animation when tapped. Currently behind the “Enable new media display” feature flag
      • Show single images and gallery view in the proper orientation. Currently behind the “Enable new media display” feature flag
  • Citrine
    • v0.4.4
      • Add nip 40 to nip 11 document
    • v0.4.3
      • Change NIP-11 information in settings
  • Nostrudel
    • v0.40.1
      • Add “mark read” button to notifications view
    • v0.40.0
      • Add support for NIP-49 (ncryptsec)
      • Display NIP-89 client tags on events
      • Add wiki pages
      • Add support for wiki links in text notes
      • Add simple article view
      • Show read status on notifications
      • Add blindspots discovery feed
      • Show individual zaps on notes
      • Show notifications on launchpad
      • Add Streams and Tools to launchpad
      • Add details tabs under thread post
      • Add Multi-threaded PoW Hashing
      • Add blossom media upload option
      • Add support for native android and ios sharing
      • Add support for NIP-51 search relay list
      • Add option to prune older events in wasm relay
      • Add menu to zap events
      • Add option to use nostr-wasm to verify events
      • Add NIP-46 connection initiated by client
      • Add No cache relay option
      • Add In-Memory cache relay option
      • Add support for @snort/worker-relay as a cache relay
      • Show timelines, subscriptions, and services in task manager
  • 0xchat v1.3.3-beta
    • Add SOCKS proxy settings and .onion host options
    • Push notifications can now be received by connecting to at least one default general relay
  • nostr-filter-relay v0.4.0 - Compatibility bring various apps grow together
    • This release bring important change with NIP-32 compatibility (kind: 1985). Starting from this release, legacy custom event (kind: 9978) that were used for classification data in nostr-filter-relay has been deprecated.
      • NIP-32 compatibility and dependencies update
      • NIP-32 compatibility event structure
      • NIP-32 usage explanation in nostr-filter-relay
      • Max websocket message size setting in nostr-filter
      • Rate-limit support in nostr-filter
      • Relay concurrency limit setting in nostr-filter
  • Nostr-PHP v1.4.0
    • The library now provides separate relay response classes according to NIP-01
    • @kriptonix relay responses handling

Tech Tip of the Day

  • 1:50:38 Don’t use Telegram.

Bitcoin Optech Newsletter

  • Highlights from recent Bitcoin Optech Newsletters
    • 319
      • Stratum v2 extension for fee revenue sharing: “Filippo Merli posted to Delving Bitcoin about an extension to Stratum v2 that will allow tracking the amount of fees included in shares when the shares contain transactions selected by an individual miner.”
      • OP_CAT research fund: “Victor Kolobov posted to the Bitcoin-Dev mailing list to announce a $1 million fund for research into a proposed soft fork to add an OP_CAT opcode.”
      • Mitigating merkle tree vulnerabilities: “Eric Voskuil posted to the Delving Bitcoin discussion thread about the consensus cleanup soft fork proposal 
 a request for an update given recent discussion on the Bitcoin-Dev mailing list.”
    • 318
      • New Bitcoin Mining Development mailing list: Jay Beddict (VP of Research at Foundry) announced a new mailing list to “discuss emerging Bitcoin mining technology updates as well as the impacts of Bitcoin-related software or protocol changes on mining.”

News & Noteworthy

Bitcoin

  • 1:51:03 Launch of the Bitcoin Dev Project, a step-by-step online program to onboard the next generation of Bitcoin developers with community support [Announcement]
  • 1:51:07 The BDK Foundation invites proposals for a full-time Rust maintainer to aid in developing and maintaining the BDK open-source software suite [Announcement]
  • International Bitcoin dev conference organizer Bitcoin++ introduces bitcoin++ News Edition, a bi-weekly newsletter from the bitcoin++ universe [Announcement]
  • 1:51:16 WasabiWallet backend servers are down [Lontivero’s Announcement]
    • “We’ve run out of funds sooner than anticipated. We’re working on fixing the issue ASAP, but it may take some time.”

Lightning

  • 1:51:24 Strike now supports BOLT 12 offers [Blog post]

Business & Finance

  • 1:51:27 Canadian bitcoin broker Bull Bitcoin expands to France [Press release]
    • The expansion follows Bull Bitcoin’s acquisition of Bitcoin Lyon, a longstanding French broker.
  • 1:51:37 Zaprite introduces a Point-of-Sale app allowing businesses to accept bitcoin and card payments in person [Announcement]
  • 1:51:43 Blockstream Mining launches third round of hashrate-backed BMN2 note [CoinDesk]
    • The BMN2 note locks in the hashprice for up to 48 months, providing protection from market volatility and mining-related risks. Blockstream targets $10 million in investment for this round, building on $7 million raised in previous rounds.

Hyperbitcoinization

  • 1:51:52 Mastercard launches euro-denominated non-custodial Bitcoin debit card [Bitcoin Magazine]
    • Mastercard partners with Mercuryo to offer a euro-denominated debit card, enabling bitcoin spending from non-custodial wallets at over 100 million merchants globally. This allows users to retain full ownership of their digital assets without intermediaries.
  • 1:52:39 Nasdaq seeks regulatory approval to launch and trade options on a bitcoin index. The U.S. Securities and Exchange Commission has not yet approved options on exchange-traded funds tied to spot bitcoin prices. [Reuters]

Cryptography

  • 1:53:06 Discovery: “New record for the rank of elliptic curves over Q, due to Noam Elkies and Zev Klagsbrun, is 29!” [Andrej Dujella’s Website]
    • “The new curve was found by Zev Klagsbrun last week by a sieve search on a rank-17 fibration of the same K3 surface that I used to find the rank-28 curve, using the techniques we described in our ANTS-XIV (2020) paper” Noam Elkies

Funding

  • 1:53:36 OpenSats announces:
    • Long-term support for Nostr contributors Alex Gleason and Daniele
    • Support grant for The Tor Project, a nonprofit organization dedicated to privacy and internet freedom since 2006.

Mining

  • 1:54:55 Launch of the Bitcoin Mining Development Mailing List [Google Group]
    • The mailing list is a “focused public forum to discuss emerging Bitcoin mining technology updates as well as the impacts of Bitcoin-related software or protocol changes on mining.”
  • 1:56:30 Bee Evolved launches M.O.E.M. (Mining Operation Environmental Monitor), a MineOps integrated device, providing comprehensive monitoring for mining operations environment [Announcement]

Privacy

  • 1:56:40 Pavel Durov, founder of Telegram, faces 12 criminal charges in France, including enabling organized crime, facilitating illegal transactions, and providing unauthorized cryptology services [Press release]
  • 1:57:09 A U.S. appeals panel questions the Treasury’s sanctions on Tornado Cash, highlighting that only three instances of North Korean money laundering were cited from millions of transactions. Judges express skepticism over the Treasury’s classification of Tornado Cash as a corporate entity. [Protos]
  • Hungary pushes for EU messenger mass surveillance despite privacy concerns [Patrick Beyer’s Blog post]
    • The Hungarian Council Presidency aims to pass the controversial “chat control” law, allowing automated bulk searches in private chats for illegal content. Despite removing mandatory AI-based scanning, users may be blocked from sharing media if they opt out of the monitoring.

Protocol

  • Bitcoin Core #30454 and #30664 respectively add a CMake-based build system and remove the previous autotools-based build system.
  • Bitcoin Core #22838: Be able to specify change and receiving in a single descriptor string [Merged]
  • LND #9009: implements banning for invalid channel announcements [Merged]
  • BIPS #1657: Add a PSBT per-output field for BIP 353 DNSSEC Proofs [Merged]
  • NIP-69 #1460: Static payment codes to replace LNURL-P [Open]

Government & Political

  • Qatar Qatar Financial Centre Issues QFC digital assets framework [Report]
  • Binance acknowledges freezing a number of Palestinian accounts linked to illegal activities, in compliance with Israel’s anti-terrorism laws [No BS Bitcoin]

Events

  • Bitcoin Oasis 2.1, organized by Bitcoin Association Arabia, is postponed to 2025 due to unforeseen circumstances [Announcement]

Reads

  • 2:00:52 Here’s a list of our top recently published reads:
    • Threat models and Dark Skippy by @reardencode [Review]
    • The Beauty of ECash by Hal Finney [Nakamoto Institute]
    • Privacy and Pain: Craig Raw, Creator Of Sparrow Wallet, On Self-Custody [Bitcoin Magazine]
    • Nostr Revolution: Possible Solutions to the Mathematical Impossibilities of Voting Systems by SUPERMAX [Note]

Episode submission ideas

  • We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.

Get in touch with the pod


Did I get anything wrong above? Help me correct it producer@coinkite.com