BR004 - JoininBox, Tornado Cash, Swan & Casa data leaks, Square HWW & MORE ft. Justin Moon & Odell
Hello and welcome to the Bitcoin Review podcast. The podcast where we fail at boringly reading the latest release notes and discuss project updates. This week for Episode 4, I’m joined by guests Justin Moon and Matt Odell to help me read the list. To send Bitcoin related questions, just go to bitcoin.review and click submit story at the top right.
Software Releases & Project Updates
00:02:35 Sparrow 1.6.6, Aug 4 2022 (https://bit.ly/3dTsiMm)
Authentication via Auth47 & LNURL-auth links
Improved performance for very deep wallets
Change from notification txes is spent last
Copy labels from deposit UTXOs into badbank
00:03:20 JoininBox v0.7.0, Aug 7 2022 (https://bit.ly/3CyCfct)
New, automatically generated SDcard image for the RPi4&3 (https://bit.ly/3CAmy4d)
Connect @FullyNoded with a QRcode to the @joinmarket API
Add custom labels to addresses
Add joinmarket-api.service to TOOLS
00:08:27 Electrum 4.3.0, August 5, 2022 (https://bit.ly/3CAHEzG)
Introduces a set of UI modifications that simplify the use of Lightning. The idea is to abstract payments from the payment layer, and to suggest solutions when a lightning payment is hindered by liquidity issues.
Invoice unification: on-chain and lightning invoices have been merged into a unique type of invoice, and the GUI has a single ‘create request’ button. Unified invoices contain both a lightning invoice and an onchain fallback address.
The receive tab of the GUI can display, for each payment request, a lightning invoice, a BIP21 URI, or an onchain address. If the request is paid off-chain, the associated on-chain address will be recycled in subsequent requests.
The receive tab displays whether a payment can be received using Lightning, given the current channel liquidity. If a payment cannot be received, but may be received after a channel rebalance or a submarine swap, the GUI will propose such an operation.
Similarly, if channels do not have enough liquidity to pay a lightning invoice, the GUI will suggest available alternatives: rebalance existing channels, open a new channel, perform a submarine swap, or pay to the provided onchain fallback address.
A single balance is shown in the GUI. A pie chart reflects how that balance is distributed (on-chain, lightning, unconfirmed, frozen, etc).
The semantics of the wallet balance has been modified: only incoming transactions are considered in the ‘unconfirmed’ part of the balance. Indeed, if an outgoing transaction does not get mined, that is not going to decrease the wallet balance. Thus, change outputs of outgoing transactions are not subtracted from the confirmed balance. (Before this change, the arithmetic values of both incoming and outgoing transactions were added to the unconfirmed balance, and could potentially cancel each other.)
00:20:30 Nunchuck iOS 1.9.12 / Android 1.9.18
Bug fixes and improvements
Adds SATSCARD integration (https://bit.ly/3cmHQYu)
00:21:50 Blockstream Green 3.8.6
iOS Aug 4 2022
Display firmware hash during Jade firmware update
Login with BIP39 Passphrase
Display the receive address in transaction details
Display the net amount without fees in transaction details
Handle connection failure during wallet discovery
Android July 29 2022
Login with BIP39 Passphrase
Trezor & Ledger singlesig address display
Faster Jade firmware update with binary delta
Improve Ledger support
00:36:14 Embassy OS 0.3.1.1, July 27 2022
00:39:21 Raspiblitz 1.8.0, July 29 2022
00:40:38 BDK #645 adds a way to specify which taproot spend paths to sign for. Previously, BDK would sign for the keypath spend if it was able, plus sign for any scriptpath leaves it had the keys for. (https://bit.ly/3PQ5rOS)
00:44:42 Kotlin Multiplatform Tor (a.k.a. kmp-tor) 0.4.7.8+1.3.0
Adds TorController support for MapAddress & Resolve
Noteworthy
00:45:04 New self custody redundancy service “s33dbank.com”. Upstart service for passphrase and multisig users. Acts as an internet-accessible “location” in the context of redundant seed backups. Seeds are sent obscured over multiple channels and stored offline.
00:51:15 Foundry, the Largest Mining Pool, Provides Grant to Open Source Stratum V2 Developer. Stratum V2 aims to reduce mining censorship risk by giving individual miners the ability to choose which transactions are in a block rather than pool operators
00:55:33 Nix-Bitcoin 0.0.74 released. nix-bitcoin is a collection of Nix packages and NixOS modules for easily installing full-featured Bitcoin nodes with an emphasis on security. Submitted message: “Nix-Bitcoin is designed for security by default but I found Nix-Bitcoin is also v”ery customizable if you know Nix. The Matrix support is fantastic if you get stuck. l’Il be converting my node and other services to Nix-Bitcoin ASAP. Fedimint/minimint and Samourai Doo maybe in the future for Nix-Bitcoin! Nix is also used for managing build dependencies for minimint.”
00:59:59 SigningDevices.com - “Hardware Wallets” are not Bitcoin wallets, they are signing devices.
01:01:39 Tornado Cash Github Repo Taken Down, Lead Dev’s Account Frozen.
In response to Tornado Cash Github Repo being Taken Down, Start9 added the Gitea service to the Embassy Marketplace, and released a short video on how to mirror a repo, such as Bitcoin. On the OS side (EOS v0.3.1.1)
01:10:59 Swan & Casa Data Leaks
Swan email provider data leak - An employee and identified that the employee’s login had been compromised as a result of a phishing attack.
Casa Discloses Data Breach of the Casa Store. Leaked data includes names, emails, phone numbers, shipping and billing addresses, and product(s) ordered
01:21:19 ETH vs BTC differences in capturable attack surface
01:25:08 Open Sats launches legal defence fund, which aims to support free speech and defend open-source Bitcoin contributors from lawsuits regarding their activities in the Bitcoin & FOSS ecosystems by directing donations to fund legal fees related to these contributions. The fund will support hodlonaut and other open source contributors facing lawsuits.
01:32:30 Replicant: Reproducing a Fault Injection Attack on the Trezor One (https://bit.ly/3wBpRVg)
01:39:11 Square Hardware Wallet
01:42:38 A new way to do DLCs - Cryptographic Oracle-Based Conditional Payments
01:47:08 BIP Proposal: Receiving and Change Derivation Paths in a Single Descriptor
01:48:08 Taproot Adoption
Tech tip of the day
01:49:04 Have Tor always running on the mac using brew services and having most of your applications Proxy through it.
brew install tor
brew services start tor
brew services list
Now go into your application ie Electrum and set the proxy to
127.0.0.1
port9050
01:51:45 MacOS key repeat
01:52:43 Hosted VPN Using Lightning with Mullvad (https://bit.ly/3PHOmXj)
01:53:33 Matt’s suggestions for throwaway phone providers. (textverified.com, silent.link, mysudo.com, hushed.com)
Episode submission ideas
We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)