BR003 - Twitter data breach, Nunchuk, Robinhood bech32, Sphinx signer & MORE ft. Justin Moon & Odell
This week for Episode 3, our guests Justin Moon and Matt Odell return to help me read the list. I should mention the overwhelming feedback is that we have failed at being boring, so we should try to do better. This week for Episode 3, our guests Justin Moon and Matt Odell return to help me read the list. To send Bitcoin related questions, just go to bitcoin.review and click submit story at the top right.
Vulnerability Disclosures
01:36 Twitter data breach exposes contact details for 5.4M accounts; on sale for $30k
twitter user names, emails, and phone numbers
vulnerability was disclosed in January and patched
05:55 ActiveCampaign database leak (shiftcrypto and others affected)
Name or alias, Email addressm IP address
09:49 BlueWallet transaction data vulnerability
Software Releases & Project Updates:
10:42 Nunchuk 1.9.9
Add support for NFC keys (Tapsigner)
Collaborative wallet recovery
Bug fixes and improvements
12:19 Nunchuk CKTAP C++ lib
17:59 BDK 0.20.0
Highlights for this release include bug fixes for the ElectrumBlockchain and descriptor templates, new transactions building feature to discourage fee sniping, and new transaction signing options. Also with this release MSRV is now 1.56.1 and AddressValidator is deprecated. A big thanks to our past and latest new contributors. See below for all the details.
21:45 COLDCARD Mk4 5.0.5 - July 20, 2022
Enhancement: BIP-85 derived passwords. Pick an index number, and COLDCARD will derive a deterministic, strong (136 bit) password for you. It will even type the password by emulating a USB keyboard. See new areas: Settings > Keyboard EMU and Settings > Derive Seed B85 > Passwords.
Documentation: added docs/bip85-passwords.md documenting new BIP-85 passwords and keyboard emulation.
Enhancement: BIP-85 derived values can now be exported via NFC, in addition to QR code.
Enhancement: Allow signing transaction where foreign UTXO(s) are missing. Only applies to cases where partial signatures are being created. Thanks to @straylight-orbit
Enhancement: QR Codes are now easier to scan in bright light. Thanks to @russeree for this useful fix!
Bugfix: order of multisig wallet registration does NOT matter.
Enhancement: Support import of multisig wallet from descriptor (only sortedmulti, BIP-67). Also support export of multsig wallet as descriptor.
Enhancement: Address explorer can show “change” addresses for standard derivation paths for both single and multisig wallet.
New tutorial: 2of2 multisig with 2x Coldcard signing device, and bitcoin-qt as coordinator, see docs/bitcoin-core2of2desc.md
Enhancement: OP_RETURN is now a known script and is displayed in ascii when possible
Bugfix: allow unknown scripts in HSM mode, with warning.
26:08 Robinhood
supports bech32
28:26 Seed Tool v2 by SuperPhatArrow
Introducing Predictive Seed Word Input, Single Address Tool and Multisig Address Derivation 🎉
32:33 Tor Browser v11.5 Released
automatic censorship detection and circumvention
redesigned network settings including streamlined bridge options
https only by default
37:28 Joinstr: Coinjoin implementation using nostr
uses the nostr protocol for coordination
39:36 bitcoinbinary.org bot updated
Noteworthy
40:30 Fedi update about funding (https://bit.ly/3KqDoV2)
50:04 Tapsigner now shipping 39 bucks and SATSCARD shipping soon.
01:02:06 Sphinx announces VLS signing device: The Sphinx team announced a hardware signing device interfacing with Validating Lightning Signer (VLS).
01:04:55 Border Wallet
01:07:59 Keet p2p comms by Bitfinex and Theather (https://bit.ly/3PSmDDq)
01:14:16 James O’Beirne summarizing mempool research (https://bit.ly/3Km1Irj)
01:23:00 Bitcoin Core updates (unreleased)
h/t Optech; Bitcoin Core #24148 adds watch-only support for output script descriptors written in miniscript. For example, a user can import wsh(and_v(v:pk(key_A),pk(key_B))) to begin watching for any bitcoins received to the P2WSH output corresponding to that script. A future PR is expected to add support for signing for miniscript-based descriptors.
h/t Optech; Bitcoin Core GUI #471 updates the GUI with the ability to restore from a wallet backup. Restoring was previously only possible either using the CLI or by copying files into particular directories.
01:27:47 BitcoinTreasuries Updated with Elons booboo
01:32:18 Bitcoin Meshnets article by L0LA L33TZ (https://bit.ly/3ApuOSa)
01:40:08 Gloria Zhao Added as a Bitcoin Core Maintainer, she now has commit access to the Bitcoin Core repo on github
01:44:04 Bitcoin OpTech News Letter
Hiring
Bitcoin Events
01:47:24 Bitcoin Park Nashville Events
01:49:12 TAB Conf
01:50:14 BitBlockBoom (https://bit.ly/2wQwF4N)
01:50:32 Baltic Honeybadger (https://bit.ly/3CtBRvH)
Episode submission ideas
We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)