BR057 - Core, COLDCARD, CTV UASF, TXHASH, Frostsnap, Vulnerability HELL +MORE ft. Schmidty, Rijndael
I’m joined by guests Mike Schmidt & Rijndael to go through the list.
Housekeeping
00:06:34 OpenSats announce 10 new grants:
Vulnerability Disclosures
00:13:40 Ledger vulnerabilities
“Basically every single file on Ledger Live has user trackers in them” [@rektbuildr]
“Ledger REALLY wants to know what you’re doing on Ledger Live. Every click, every keystroke, every thing you look at gets tracked, logged and phoned home to Ledger”
“The amount of user tracking code in it is overwhelming. They track everything. There’s tracking even when you look at parts of the screen. User tracking code is embedded in every single component, everywhere. There’s endless tracking code IN THE CORE of the system. No idea what Ledger was thinking when they did this, all I know is that code has got to go.” [@rektbuildr]
A commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps [@MatthewLilley]
“In short, Ledger made a chain of terrible blunders:
They are loading JS from a CDN.
They are not version locking loaded JS.
They had their CDN compromised.”
Several valuable lessons here:
Nunchuk weighed in with some valuable lessons:
Projects that support shitcoins have a massive attack surface
Javascript dependencies are security hell, *even for Bitcoin projects.
The fact that Ledger is open source does not help here. Sane architectures matter most w.r.t. security. It doesn’t matter if a project is open source if it contains lots of dependencies for which it is humanly impossible to verify whether any of them could be exploited or contain vulnerabilities. Hence for security, the #1 thing to do is reducing dependencies.
Letter from Ledger Chairman & CEO Pascal Gauthier regarding the incident
Trezor Suite has opt-out analytics
“Why must hardware wallet software phone home anything at all? The way this has been structured, the hardware wallet manufacturers gets a beep every time you used the damn thing. We urgently need hardware wallets that work offline. Users should have the right to use their wallet without it telling the entire neighborhood that it’s being used. Just end the telemetry completely.” [@rekdbuilder]
00:27:26 Keystone License changed
“THIS SOFTWARE, BEING AN OPEN-SOURCE PROJECT, IS FREELY ACCESSIBLE TO EVERYONE, WITH THE EXPLICIT EXCLUSION OF FOUNDATION DEVICES AND ZACH HERBERT, WHO ARE STRICTLY PROHIBITED FROM UTILIZING THIS PROJECT.”
00:29:22 A critical vulnerability has been found in LNBank, an external plugin you can optionally use in BTCPay Server. [BTC Pay Server]
“If you’re using it, update immediately to newest version v1.8.9 to mitigate.”
One victim of the attack, Hugo Ramos, wrote an artcile about his experience on Stacker News - How To Get Robbed 4 BTC And Be Ignored by Anycoin.cz and BTCPay team
00:31:01 “In March 2021, the FBI raided USPV, broke open every single box in the vault, and looked through all the contents. The FBI ran all cash in the vault by drug dogs, opened envelopes and photographed the contents, and ultimately sent everything worth over $5,000 to asset forfeiture—initiating proceedings to keep that property forever.” [Rob Johnson]
“SeedXOR fixes this” ~ NVK
00:35:04 Shakepay Customer Information Leaked [Announcement]
“On December 13, 2023, we detected suspicious activity on an employee’s work device. Our security team launched an investigation as part of our incident response protocol and immediately locked, deauthenticated, and offboarded this device.”
“Our investigation revealed that, between March and December 13, 2023, a malicious actor was able to extract the personal information of a very small number of our customers.”
“We suspect that the following personal information may have been part of the breach: name, email, address, date of birth, phone number, occupation, trusted contact, account balances, and transaction activity.”
00:36:23 Controversial Ocean upgrade “fixes long-standing vulnerability exploited by modern spammers. As a result, our blocks will now include many more real transactions and help to bring an end to the DoS attack being performed on the #Bitcoin network” [Ocean Tweet]
“I don’t know why people are so triggered by this while most large miners follow the OFACT censorship. We want divergence, the more market options available for different non-consensus breaking choices the faster we get to a truth…” [NVK]
Important
CTV+Vault UASF comments
TXHASH vs CTV
Bitcoin
Software Releases & Project Updates
1:11:37 Bitcoin Core v26.0
P2P and Network Changes:
Experimental support for BIP324 v2 transport protocol added.
Nodes actively establish outbound connections to multiple networks for improved resistance to attacks.
Pruning:
Pruning budget adjustments for assumeutxo with -prune.
Updated RPCs:
Deprecated -rpcserialversion=0; hash_serialized_2 removed from gettxoutsetinfo.
New fields added to getpeerinfo RPC.
Miniscript expressions supported in Taproot descriptors.
New RPCs:
loadtxoutset for UTXO snapshot loading.
getprioritisedtransactions, submitpackage, getaddrmaninfo, importmempool added.
Updated Settings:
Error on startup for ignored bitcoin.conf files.
Improved handling of logging configuration options.
New Settings:
New functions in libconsensus for script verification.
Wallet Changes:
Change in wallet loading; corrupted records may not load.
createwallet RPC behavior updated.
Additional fields in gettransaction, listtransactions, listsinceblock RPCs.
Changes in descriptor handling.
Coin Selection and Transaction Building:
Unconfirmed low-feerate ancestor transactions considered in coin selection.
Improved RPC options parameter handling.
GUI Changes:
Transaction list no longer categorizes “payment to yourself.”
Option to migrate legacy BDB wallets to modern SQLite descriptors.
PSBT operations highlight own wallet outputs.
1:19:07 COLDCARD Mk4 v5.2.1 [Docs / Blog]
New Feature: Temporary Seed import from a COLDCARD encrypted backup.
New Feature: Export seed words in SeedQR format (on screen QR).
New Feature: Provide user with info about transaction level timelocks (nLockTime, nSequence) when signing.
Enhancement: New submenu for saved BIP-39 Passphrases allowing delete of saved entries.
Enhancement: Add current temporary seed to Seed Vault from within Seed Vault menu. If current seed is temporary and not saved yet, Add current tmp menu item is shown in Seed Vault menu.
Enhancement: Speed up opening Passphrase menu when MicroSD card is available, by deferring card read (and decryption) until after Restore Saved menu item is selected.
Enhancement: 12 Words menu option preferred on the top of the menu in all the seed menus (rather than 24 words).
Enhancement: Allow passphrase via USB if passphrase already set - operates on master seed.
Enhancement: Improve BIP39 Passphrase UX when temporary seed is active and applicable.
Enhancement: Continuation of removal of obsolete Mk2/Mk3 code-paths from master branch.
Bugfix: Confusing first-time UX replaced with simple welcome screen.
Bugfix: One instant retry on SE1 communication failures
Bugfix: Handle any failures in slot reading when loading settings
Bugfix: Add missing “First Time UX” for extended key import as master seed
Bugfix: Hide Upgrade Firmware menu item if temporary seed is active (it cannot work)
Bugfix: Disallow using master seed as temporary seed
Bugfix: Do not allow APPLY of empty BIP-39 passphrase. Use “Restore Master” instead.
Bugfix: Fix yikes in Clone Coldcard (thanks to AnchorWatch)
1:22:38 Frostsnap prototypes first look
“Begin your self-custody journey by plugging Frostsnap devices into your phone and naming them via the Frostsnap app.
Choose a security threshold and begin key generation to easily set up a multisig wallet in a matter of seconds.
In this demo we create a 2-of-3 multisig between the devices. A threshold of two means we need any two of the three devices to sign in order to spend funds from the wallet.
Daisy-chained Frostsnap devices participate in distributed key generation, each contributing entropy to a joint secret shared across multiple devices.
No single device knows the overall secret, only a fragment.
You, the user, can easily verify the key was created securely
After creating a new key, you can hide your Frostsnap devices in different locations or share them among people you trust.
When it comes time to make a bitcoin transaction or sign a Nostr post under your Frostsnap key, you must sign on multiple devices.” [@utxoclub]
1:29:32 BTC Pay Server v1.12.0
New features:
Webhooks: Support for Payment Requests, Payouts and extendibility by plugins
Support BIP129 Multisig wallet import
POS Keypad: Add plus and change clear functionality
Forms: Support adjusting invoice amount by multiplier, enables percentage-based discount codes
Can pair or reset a Boltcard to a pull payment
Plugins: Allow scheduling installs/updates of future plugins
Noteworthy:
With this release we upgrade to .NET 8, which also requires a current version of the Docker engine for docker deployments (>= 20.10.10).
We will try to migrate outdated versions when upgrading BTCPay Server, but if you see these symptoms after updating, please upgrade Docker engine manually.
We changed a lot of things under the hood, making the Lightning integrations extendible by plugins and also preparing the migration of Altcoins to plugins. If you are using plugins, you will most likely find them disabled after this update, because new versions compatible with BTCPay Server v1.12 are required. Please see the “Manage Plugins” section once updated.
We are ending support for Postgresql 11 as it reached 5 years after its initial release. Read more about end-of-life (EOL) of postgresql. While Postgresql 11 should still work with BTCPay Server, we will not keep compatibility moving forward.
1:29:47 Liana v4.0: Merry Feesmas!
This release introduces support for bumping the fees of a transaction, verifying a deposit address on your signing device, and more. A companion blog post is available here.
Features:
The outpoints parameter of the createspend command is now optional. If not provided, coins are selected automatically.
A new listaddresses command was introduced.
A new rbfpsbt command was introduced.
The createspend command has a new, optional, change_address parameter. This makes it possible to create a transaction which sweeps all funds from the wallet.
GUI-specific:
When creating a Spend transaction, coins to be spent are now pre-selected. The selection is updated as you update the recipients and/or the feerate. The selection will stop being modified if you change it manually.
It is now possible to verify deposit addresses on your signing device.
You can now bump the fees of an unconfirmed transaction. A “bump fee” button was introduced in the transaction details (available from the list of transactions).
You can now “cancel” an unconfirmed transaction. A “cancel” button was introduced in the transaction details (available from the list of transactions). NOTE: the cancel feature is not guaranteed to work. It’s simply leveraging RBF to double spend the outgoing transaction with a transaction paying back to ourselves.
You can now delete a wallet for a specific network from the launcher.
When selecting a signing device, those which are not related to the wallet or which don’t support a specific method (such as displaying an address) are now greyed-out.
The managed Bitcoin Core version was bumped to 26.0.
1:30:23 Keeper v1.1.8
Custom multisig: Now create any m of n Vault
Coin selection: Ability to select UTXOs to be used when sending funds
Tier independence: No need to subscribe to a tier to add common Hardware Wallets
More: Improvements in transaction signing flow; better privacy when using browser based connection with Hardware Wallets, bug fixes, etc.
1:30:29 rust-payjoin v0.12.0
Introduce v2 feature with oblivious, asynchronous, serverless payjoin
Return RequestContext from which either v1 or v2 (Request, Context) tuples may be extracted
Derive Debug, Clone from send::Request, receive::UncheckedProposal, optional_parameters::Params
Don’t derive Debug, Clone from uri::{Payjoin, PayjoinParams}
Derive Serialize, Deserialize for RequestContext and Enrolled in v2 to enable persistent state for asynchronous requests
UncheckedProposal::check_can_broadcast became ::check_broadcast_suitability allowing receiver to specify minnimum acceptable feerate
1:31:18 Mempool.space Mempool Goggles
Click on the Mempool Goggles icon at the top left of the mempool block visualization to reveal the new filter menu.
There are 25 different categories to explore, or mix-and-match to narrow down your focus even further.
Want to see how much of the mempool is occupied by monkey jpegs? Try the “Inscription” filter.
Curious how many transactions use both RBF and CPFP to bump fees? Hit the “Replacement” and “Pays for parent” filters.
Check it out now on the mempool block page
1:31:30 NerdMiner v1.6.3
New sha lib 78Khs
New Screen
Touch functions on big displays
New boards added, espcam, M5-stampS3
Special easter egg 😇 (1 dec - tic tac)
1:31:42 AgoraDesk v1.1.15
Added an additional price check before initiating a trade. If the ad price has changed, prompt the user for confirmation.
Now displaying the usernames of those who leave feedback in a user’s profile. This allows users to see who has provided feedback and to improve their service accordingly.
Changed instructions for importing reputation from the Paxful platform.
1:32:05 Blockstream Green
1:32:18 Samurai Dojo v1.22.0
New API Endpoint:
Added a new /seen endpoint for API consumers to easily check if an address (or list of addresses) has been used in the past.
The check is performed against an indexer (addrindexrs/fulcrum/OXT) rather than the Dojo tracker database.
Addresses do not need to be tracked by Dojo, providing more flexibility.
BTC-RPC Explorer Enhancement:
Introduced a new configuration option for BTC-RPC Explorer.
Users can now turn off the slow-device-mode, improving performance for users with more capable devices.
The new option, EXPLORER_SLOW_DEVICE_MODE, can be configured in docker-explorer.conf.
Exclusion of Incompatible Clients:
Dojo now actively refuses RPC connections to Knots fork of Bitcoin Core when connecting to an external bitcoin node.
For users with bitcoind installed by Dojo, bitcoind will periodically scan connected peers and ban Knots nodes to ensure proper relay of privacy-enhancing transactions.
Users can disable this feature by setting BITCOIND_CRON_JOBS=off in docker-bitcoind.conf.
1:32:26 Ronin Dojo
Removed Bisq support
Feature: Updated RoninDojo’s Dojo fork to v2.1.2
Based off upstream Dojo v1.22.0
Fixes the Explorer container not building since alpine 3.19 released
BitcoinD now bans Knots clients as peers
Kernel Upgrade to a more stable Armbian base image
Bug Fix: NOPASSWD property is now cleared from the ronindojo user after first time boot installation procedure is complete (previously only affected 2.1.0 new installs)
Enhanced Release Candidate process
1:32:59 RoninUI v2.4.0
Display better information about Electrum server pairing
Enable addrindexrs installation
Better UX for Dojo pairing
Updated dependencies
Added Whirlpool UI (and pairing)
Project spotlight
1:33:40 The #Hashtub: A mobile Bitcoin Mining Heated HotTub
Transportable
2x S19J Pro with up to 8kW of heating power
Heats the HotTub from 60F/15C to 104F/40C in 4h
Fully OpenSource (build videos coming)
1:34:45 Coinselect: A TypeScript library for Bitcoin Tx management by BitcoinerLAB
It leverages Descriptors for optimal UTXO selection & Tx size calculations, including precise witness sizes, even when multiple spending paths exist. José Luis Landabaso
Lightning + L2+
Software Releases & Project Updates
1:35:00 lnd v0.17.3
New Features:
Functional Enhancements
RPC Additions
lncli Additions
Improvements:
Functional Updates
RPC Updates
lncli Updates
Code Health
Breaking Changes
Performance Improvements:
Optimized the memoray usage of btcwallet’s mempool. Users would need to use bitcoind v25.0.0 and above to take the advantage of this optimization.
Technical and Architectural Updates
BOLT Spec Updates
Testing
Database
Code Health
Tooling and Documentation
1:35:04 lnbits v0.11.3
Added workflow for checking bundle files.
Added Alby logo to the front index page.
Optimized PNG images in lnbits/static/images for size.
Set User-Agent when accessing external resources.
Added password to .
Updated lnurl library.
Added fiat balance to the wallet.
Added nixos module option to pass additional environment variables.
Added i18n checker and autogenerated AI translations.
Added checkbundle to make check.
1:35:08 Zeus v0.8.0
No longer in Beta! Highlights:
Embedded LND node
OLYMPUS by ZEUS 0-conf channel service
ZEUS PAY self-custodial lightning addresses, using Zaplocker
Simple Taproot Channels
Contact book
1:35:13 Phoenix Android
Introduced a new feature to request inbound liquidity from your peer.:
Addresses the issue of quickly consuming inbound liquidity, potentially leading to expensive on-chain transactions for every incoming LN payment.
Users can manually request liquidity, planning ahead to avoid future on-chain fees.
Added a button to access the liquidity screen on the Home screen.
Inbound liquidity status is now displayed in the channels view.
Added a screen to delete the wallet
Add timeout to Peer connection
Localisation in es-419 (Spanish for Latin America and The Caribbean)
Skip TLS check for onion Electrum servers
Add help message for swaps in Home screen
1:35:26 ldk-node v0.2.0
The capability to send pre-flight probes has been added (#147).
Pre-flight probes will skip outbound channels based on the liquidity available (#156).
Additional fields are now exposed via ChannelDetails (#165).
The location of the logs directory is now customizable (#129).
Listening on multiple socket addresses is now supported (#187).
If available, peer information is now persisted for inbound channels (#170).
Transaction broadcasting and fee estimation have been reworked and made more robust (#205).
A module persisting, sweeping, and rebroadcasting output spends has been added (#152).
1:35:35 lightning-terminal v0.12.2-alpha
Added keysend messenger to custom permissions.
Added session linking test.
Code Quality and Maintenance:
Made error messages more accurate.
Bumped litd to version v0.12.2-alpha.
1:35:39 Mutiny Wallet
Announced Mutiny Wallet for StartOS (Github)
One-Step Wallet Connect with Nostr Wallet Auth (NWA)
Mutiny Wallet introduces Nostr Wallet Auth (NWA) for a simplified and efficient wallet connection experience. NWA, built on NIP-49 protocol, streamlines the process of connecting wallets to nostr clients and services like Zapple Pay. With a single click or QR code scan, users can establish a connection in Mutiny or any NWA-supported wallet. Here’s a breakdown:
Key Features:
NWA is a protocol (NIP-49) enhancing Nostr Wallet Connect.
Simplifies wallet connection setup by having the client or service generate an NWA request.
Background negotiation over nostr results in quicker setup and less secret material management.
Services use NWA to send payment requests directly to the wallet, with user control over authorizations and payments.
The fee for channel opens is now dynamic based upon the current fee rate estimates.
Previously it was hardcoded and needed to be updated manually when we had huge price fluctuations, but now it’ll always be based on current chain fees.
Mutiny Node v0.4.39
Added conversion from wasm to core MutinyChannel.
Implemented sending payjoin.
Introduced Nostr Wallet Auth.
Enabled dynamic fee.
Enabled clippy failures on MacOS and Windows.
Specified version for wasm-pack.
1:37:36 Breez SDK Core v0.2.12
Allow native access to SDK from flutter (kotlin & swift)
Improve receive payment performance
1:37:41 taproot-assets v0.3.2
Added GitHub CD release build workflow.
Exposed anchor point in AssetStats.
Changed getinfo REST endpoint from POST to GET.
Implemented fetching block headers over blocks for chain_bridge.
Custodian emits a new asset-receive-complete event to notification subscribers.
1:37:48 10101
Presented USDp: the first USD on Lightning [Bolt.fun]
Swap sats <> USDp
Hold, send and receive USD over Lightning seamlessly
Features:
Bitcoin Only
Open-source
100% self-custodial
User-centric
No token (and no issuer)
No counterparty risk
Add delete network graph in settings
Receive USD-P via Lightning
Pay lightning invoice with USD-P balance.
Open scanner on send button.
Add bidirectional swap drawer.
Do not arbitrarily cap routing fee, to increase likelihood of payment success.
Replace speed dial button with send, receive and swap buttons.
Add support for Android 9
Add settings option to enable trace logs
Add contract details to dlc channels api
Add support for parsing invoices from Zeus
Add social media links to app info
Add support for rapid gossip sync
1:41:20 Ride The Lightning v0.15.0
This is a major integration upgrade and a breaking change for RTL’s integration with Core Lightning.
With this release c-lightning-rest integration has been removed and RTL now uses core lightning’s native CLNRest plugin to communicate with the core lightning backend
1:41:25 Stacker News
You can now create your own territories
50% of all revenue made by the territory is paid to the founder at the end of the day texas time. The other 50% goes to rewards.
This split will eventually be configurable, eg the founder gets 100% of revenue or rewards get 100% of revenue
The territories revenue is the revenue SN would ordinarily collect: 100% posting costs, 10% of zaps, 100% of boost
Territory founders can configure and edit indefinitely:
base post cost
post types
you can’t currently edit the name or billing type but that’ll be implemented eventually
eventually everything
Login by pasting magic link
Post Discussion
1:41:32 Alby
Alby + Liquid
Alby introduces Liquid Network to its browser extension, promoting lightning interoperability.
Users can now utilize a Master Key for a unified identity across Nostr, Liquid Network, Bitcoin, and lightning.
The Master Key is secure, locally stored, and enables signing functionality through simple APIs.
Alby provides a Liquid address for use on websites, currently available on Boltz Exchange.
Liquid web wallet bounty
A 2.1 mln sats bounty is announced, in collaboration with Blockstream, for a Liquid web wallet compatible with Alby.
The bounty encourages developers to explore Liquid on the web, with the goal of creating a fully functional and user-friendly wallet.
Alby js-sdk
1:41:42 BitBanana v0.7.1
LNURL Auth support
1:41:45 Thunderhub v0.13.25
Add nix flake
1:42:08 River Link Launched
Text Bitcoin to anyone, anywhere.
With River Link, your contact list becomes a Bitcoin address book
Send through text, email, social media DMs
Friends can claim Bitcoin to any wallet or River account
River Link supports on-chain and Lightning payments
1:44:02 Cashu Protocol v1 specs
Quotes
A general way to register a mint and melt transaction with the mint that will work across different payment methods (bolt11, bolt12, on-chain, …) and different currency units (sat, msat, usd, …). Quotes add the ability for Lightning backends to decide the amount and currency of the ecash they need in order to receive or pay a Lightning payment.
Mint Quotes
To mint ecash (output) via Lightning (input), the wallet first requests a MintQuote for a given amount of sats the wallet wants to mint. The MintQuote has an quote id and includes a Lightning invoice. The user pays the Lightning invoice and then calls /v1/mint referencing the previous quote it corresponds to.
Melt Quotes
To melt ecash (input) and make a Lightning payment (output), the wallet requests a MeltQuote for a given Lightning invoice it likes to pay. In the MeltQuote, the mint tells the wallet how many sats it needs to supply and what the fee reserve is in order for the mint to fulfill this request.
Hexadecimal keyset IDs
Our keyset IDs are ugly and need special treatment for HTTP (base64 urlsafe). We switch to hexadecimal keyset IDs that are generated much like the previous ones. We also add a version byte as a prefix.
BlindedMessage now has keyset id field
Standardized secrets
Wallets should use standardized secrets (32 bytes of randomness) in lowercase hex.
You can find the pull request in the Cashu NUTs repository.
1:44:13 eNuts v0.2.0-beta
Filtered out invalid relay URLs before publishing events.
Fixed pasting an invoice in the text input.
Simplified send Ecash flow by removing one step.
Updated Backup screen and added explanation.
Added auto-mint-swap when receiving token from an untrusted mint.
Added “send to npub by scanning QR” feature.
Added new dashboard transition to QR screen.
Added a new release screen and release section in Options for checking and indicating new release versions.
Implemented minor UI improvements.
1:44:27 Minibits v0.1.5-beta.18
Minibits comes with seed-based backup, that allows you (in cooperation with the mint) to recover your ecash balance in case of device loss.
Project spotlight
1:45:07 PlebDevs Course II: Building a Lightning Wallet Backend [Stacker News Post]
In this comprehensive and beginner-friendly 13-lesson course, we’ll transform you from a JavaScript n00b into a proficient backend developer, with a special focus on Lightning App Development.
We’ll pick up from the simple frontend custodial lightning wallet that we built in the first PlebDevs course and make it fullstack and self custodial by creating/hosting our own server, API, Database, and Lightning node connection!
WHAT YOU WILL LEARN
NodeJS
Building a Server / API with Express
Building user Authentication & Authorization with JWT’s
Setting up a local Lightning Development Environment
Building with Lightning using LND
Integrating your Lightning node with your server
SQL & Database fundamentals
Database Development with Knex
Integrating your server with a Frontend App
Deploying your Server, Database, Lightning Node, and Frontend App
Take the course on Emeralize
1:45:14 ShockWallet: A new cross-platform, non-custodial wallet
Public test releases of ShockWallet and Lightning Pub have been announced, marking a continuation of the work initiated during Legends of Lightning and NostrHack Hackathons. Lightning Pub, a daemon for Lightning Node, offers full RPC and account system functionality over nostr. [Bolt.fun]
Key Features:
Lightning Pub provides a full RPC and account system over nostr for Lightning Nodes.
Enables granular access to nodes without the need for complex networking and setup.
ShockWallet, rebooted as an everyday wallet, integrates seamlessly with Lightning Pub.
Features UI polish, Bootstrap or Self-Custodial Mode, Node Multi-Sourcing, Pay To LNURL, LPUB, Chain, Encrypted File Backup/Restore, and more.
Pub is a lightweight nodejs/qlite package that attaches to existing Lightning nodes.
Incentivizes decentralized network growth with a built-in fee regime.
Aiming to counter the unfavorable reputation of slow and clunky mobile nodes, enhancing Lightning wallet usability.
Planned Features:
Nostr native “Offers” / static QR spec.
Automation for service subscriptions or auto moving sats to non-custodial nodes.
Contacts, notifications, and “Jimvitations” for self-custodial onboarding of family.
Admin Dashboard for Lightning.Pub Nodes.
The release, accelerated due to the recent takedown of WoS, reflects a commitment to a decentralized and sustainable future for Lightning users, emphasizing a positive user experience without compromising decentralization.
1:45:16 Ark Developer Hub
“The goal is to establish this as the go-to resource for learning about Ark.
Soon, you’ll find comprehensive developer documentation on how to integrate Ark or how to run an ASP to provide liquidity.
It’s still in the early stages, but the plan is to continuously improve and expand the hub.
The code will be made open-source very soon, along with the initial proof of concept for both client and server.
In the coming weeks, we’ll be inviting contributions from everyone!
PS: There is a Stack Overflow dedicated to Ark questions! tierotiero
1:45:21 Elements Academy: A New Instructional Video Series for Learning Liquid
The goal of Elements Academy is to introduce and explain the key concepts of Elements, the open-source platform used to build Liquid and other Bitcoin sidechains. Elements also has the power to create standalone blockchains or, if so inclined, to test your own proof-of-concept project.
Nostr
Software Releases & Project Updates
1:46:30 NDK v2.3.0
Improvements in UX through cache performance and more aggressive caching.
NIP-42 support via custom Auth Policies
Allows setting a relay or subscription as trusted to skip signature verification
Fix bug that caused flapping relays to not get subscriptions re-added when the relay comes back
Redis-cache: cache generic filters to find cache hits
Cache NIP-05 queries
1:46:46 Unleashed.chat v05cf638
Partial Vectorized Kind0
String look ups for notes and live data try outs
Now starting to understand Nostr notes
New model Mixtral 8x7B uncensored
File uploads now unlimited, maximum file size is 100MB
1:51:07 Primal
Android
Primal for Android is now available on Google Play Store in open testing mode [Announcement]
New features:
Feed: link previews
Feed: image media gallery
Feed: video thumbnail previews
LUD-06 support
iOS
Primal for iOS is now live on the App Store. [Announcement]
Features:
Integrated lightning wallet
Ability to zap and get zapped
Send & receive lightning payments
Buy small amounts of sats via an in-app purchase
1:51:58 Amethyst
Adds NIP-44 metatags to markdown rendering.
Adds background video rendering on markdown
Adds support for selling and listing in Amethyst as well as NIP-96 Image Servers and NIP-54 inline metadata.
Provides large improvemetns to Cashu’s token redemption.
Adds selling: ShopStr’s classified creation
Migrates old image server uploads to NIP-96
Adds support for NIP-54 inline metadata
Adds a Marketplace tab to Discovery
New Cashu Redeeming card UI.
Shows the blurhash with a Download icon instead of the URL when the user chooses to not automatically load images/videos
Improves the video switching flicker from blurhash to video
Updates EOSE status in the same thread of the new event to reduce the amount of coroutine launches.
Uses just one HTTPClient for the entire app
Adds a User Agent to all HTTP requests.
Improves Cashu Redeeming UI feedback
Adds support for the FileServers kind
Adds relay information for Replaceable events
Unifies upload options into NIP-94 images
Improves the rendering of inline metadata
Uses nostr.wine instead of filter.nostr.wine as a search relay
Adds a button to Cashu preview to redeem on external wallet
Updates translations
Updates dependencies
Pre-loads profile/mute list information for all the logged in accounts in the app.
Makes relay pool coordinator thread-safe. Forcing the disconnect of an old relay list before connecting to a new one.
Avoids sending filters with empty follow lists on Videos
Forces websocket closure onFailure
Caches zap calculations in notification cards.
1:52:08 Snort
3 Column layout
Fuzzy cache search
Media grid feed
Invite codes (WIP Community Program)
imeta tag insertion for images
Nostr Wallet Connect upgrade (balance + history)
Schnorr sig check in WASM binary
Followed by friends feed (a feed of your 2nd degree follows posts)
imgproxy image integrity check (sha256 from imeta passed to imgproxy)
DeepL translate api (Automatic for PRO subscribers)
Proxy LN address type enabled on Nostr Address settings pages
Default 0.5% ZapPool rate for Snort donation address
Collect relay metrics in @snort/system for better relay selection algo in Outbox Model (NIP-65)
Sync preferences to network (NIP-78 support)
Trending hashtags page
Social Graph
New users relay list based off “close” relays
NIP-96 support for nostr native image/file uploaders
Write replies/reactions to p tagged users read relays (Outbox model)
Sync joined public chats (NIP-28) using PublicChatList kind 10_005
1:52:11 Coracle
0.4.0
Add NIP 72 community support
Add NIP 87 closed community support
Add group notes
Add group calendars
Add group marketplace
Support cross-posting
0.3.14
Remove sliders icon, add plus button next to pills instead
NIP 52 time-based calendar events publish/render
NIP 99 classifieds publish/render
Add support for bunker:// (@brugeman)
Improve theme switching reactivity
Re-work replies, note rendering, and feed controls
Speed up login
Better a-tag reply support
0.3.13
Update lists to use new 30003 user bookmarks kind
Add NIP 96 file storage
Add NIP 98 auth support
Add DIP 01 imeta tag creation
Re-work keys page, include group keys
Add anonymous posting
Add note options dialog to replies
Add support for reposts and cross-posts
Conservatively load from cache when on a slow network
Add refresh button to feeds
Add image previews to note reply
1:52:13 Nos.social
0.1 (101)
Localized relative times on note cards.
Added a context menu for the stories in the Home Feed to open the Profile.
Add repost button to stories
0.1 (100)
Update the color palette.
0.1 (97)
Added the option to copy the NIP-05 identifier when browsing a profile.
1:52:15 Yana v0.13.0
Add settings for including notifications of reactions/reposts/zaps
Re-broadcast with popup for choosing to which relays
1:52:18 Nostree v.0.1.5.5
Follows and Contact List:
Added a button to follow users.
Visual reference for tracking followed users.
Enhanced search functionality by identifying contacts.
‘Explore’ section allows filtering by ‘friends’ or ‘global’ contact lists.
Contact list is now saved locally, providing accessibility.
Future functionalities planned for exporting and backing up contact lists.
Button to Add Link to a List:
New feature allows users to add links to lists without entering edit mode.
1:52:21 Civkit V2 Launched
Mainstay Integration: We’ve integrated mainstay, providing a more robust and seamless experience. This integration is set to enhance the platform’s reliability and efficiency.
Credentials Framework with Bitcoin Core: Civikit V2 now works in tandem with Bitcoin Core for its credentials framework.
Database Support: Understanding the need for robust data management, we have incorporated comprehensive database support. This addition is aimed at improving data handling and storage capabilities.
Integration with Lightning Bolt 11:We’re excited to bring you integration with Lightning Bolt 11, enhancing transaction capabilities and ensuring faster, more efficient operations.
1:52:44 Plebeian Market
100% on Nostr & NIP-15 compliant
Started by LN Bits/ Nostr Markets by Ben Arc, NIP-15 enables the creation of market stalls and facilitates marketplaces on Nostr further building out a peer-2-peer marketplace.
Plebeian Market contributed auctions to the NIP-15 standard, now other clients can also implement auctions and it will be interoperable with our software.
For any stalls created on Nostr with NIP-15, buyers will be able to purchase products from those stalls in the new multi-stall shopping cart.
Lightning Payments
New Multi-stall Shopping Cart
Nostr Private Messages w/ Notifications
New Stall Browser
Improved Layout and Browsing
Interface to Bind External Identities to your Nostr Account
Plebeian Market Skin in the Game Badge
Nostr Login
1:52:52 Mostro
NIP33 events: Remove json serialized from content by @grunch in #160
Add more/new docs
Add pay hold invoice page
Send correct status after show hold invoice
Avoid panic on getting price of not found code
Fix action book link
Introduced nostr-sdk 0.25 and options for a variable reconnect time
Add solver logic
First draft on message version 1
1:52:57 nostr-webhost v0.1.5
Implemented FindFilesWithBasePathBySuffixes.
Implemented GetResponseContent.
Added KindTextFile and KindReplaceableTextFile.
Merged pull request #53 from akiomik/patch-1.
Merged pull request #54 from studiokaiji/fix-secure-mode-url.
Merged pull request #55 from studiokaiji/fix-secure-mode-url.
Merged pull request #56 from studiokaiji/feature-#46-nip95-file-upload.
Merged pull request #57 from studiokaiji/feature-#46-nip95-file-upload.
Supported NIP-95 requests.
Moved print statements within addNostrEventQueue.
Implemented logic to remove basePath from filePath.
Resolved the issue where mediaFile was not being replaced.
Removed convertLinksFromJS.
Added kind for replaceable text files.
Changed the secure mode domain from h.hostr.cc to hostr.cc.
Added deploy method for textFile.
Renamed uploadedMediaFiles to uploadedMediaFilePathToURL.
Used exp.
Added test files.
Simplified path handling for the caller.
Resolved issues with newline misalignment and incomplete display of all file paths.
Improved console display during image uploads.
1:53:01 nostr-universe
1:53:04 0xchat v1.2.3-beta
Supports logging in with Amber
Project spotlight
1:53:09 Nostr Tech Weekly
The Nostr Report’s “Nostr Tech Weekly” is a weekly newsletter covering interesting projects, protocol updates, and other technical advances in the Nostr-verse. Written by Greg White.
Privacy Software
Software Releases & Project Updates
1:54:48 SimpleX Chat v5.4.0
Link mobile and desktop apps via secure quantum-resistant protocol.
Better groups:
Faster to join and more reliable.
Create groups with incognito profile.
Block group members to hide their messages.
Prohibit files and media in a group.
Better calls:
Connect faster and more stable (still far from great).
Screen sharing in video calls in desktop app.
Other improvements:
profile names now allow spaces.
when you delete contacts, they are optionally notified.
previously used and your own SimpleX links are recognised by the app.
many fixes and improvements.
Boosts
1:55:01 Thanks to everyone who streamed sats, and shoutout to our top boosters:
[🏆 TOP BOOSTER] @vake (3,800 sats) “The “bitcoin is boring and nothing happens” show, guest starring benthecarman”
@qxotk
(2,121 sats) “Give me the wirs and when I wake up I want to put some sats in there.”
(2,121 sats) “Oh, thank you for the show notes Johnny.” (Jonny say’s 🫶)
(2,121 sats) “BTW great show, useful, great guests, generous. Thank you.”
@dubravko (1,380 sats) “I had JUST gotten my chosen handle on Wallet of Satoshi, a couple of months ago, too. Dang! It still works, so console me at oakgrove@walletofsatoshi.com, with Sats.”
@agichoote (1,111 sats) “@nvk when did you release the Satscard?”
@cantillionaire (999 sats) “Only fell asleep twice 🫡”
Jonny wants to give a shoutout to Alex who has done a great job editing the pod recently
Bitcoin Optech Newsletter
1:56:38 Highlights from recent Bitcoin Optech Newsletters
Cluster mempool discussion:
Bitcoin Core developers are discussing a cluster mempool proposal on the Delving Bitcoin forum. The cluster mempool aims to simplify mempool operations while maintaining transaction order. Transactions are grouped into clusters and sorted by feerate, allowing for easy selection of transactions to include in a block based on feerate. The proposal suggests evicting transactions from the mempool by removing the lowest-feerate chunks when necessary. The working group archives are accessible for reading, but only invited members can post.
Testing with warnet:
Matthew Zipkin posted to Delving Bitcoin with the results of some simulations he’s run using warnet, a program that launches a large number of Bitcoin nodes with a defined set of connections between them (usually on a test network). Zipkin’s results show the extra memory that would be used if several proposed changes to peer management code are merged (either independently or together). He also notes that he’s excited to use simulations for testing other proposed changes and to quantify the effect of proposed attacks.
Discussion about griefing liquidity ads
Bastien Teinturier raised a concern on the Lightning-Dev mailing list regarding potential issues with timelocks on dual-funded channels created from liquidity advertisements. Using an example, if Alice commits funds with a 28-day timelock and Bob contributes additional funds, there’s a risk that Bob may lock Alice’s funds until the timelock expires, especially if he behaves maliciously. Teinturier and others discussed mitigations, including applying the timelock only to the liquidity contribution, but this introduces complexities. An alternative suggestion is to drop or make the timelock optional, letting liquidity buyers assume the risk of providers closing channels shortly after receiving their fees, with the hope that significant forwarding fee income serves as an incentive to keep channels open.
News & Noteworthy
Bitcoin
ANTPOOL will refund the 83 BTC fee [Statement]
“On November 23rd, some user submitted 83 BTC as a gas fee. The risk control system of ANTPOOL temporarily froze the fee when packaging the transaction. Please contact us before 00:00 (UTC+8) on December 10, 2023 and verify personal identity in the following way. After verification, ANTPOOL will refund the fee.”
BitcoinTalk.org to Ban Link Sharing and Promotion of Custodial No-KYC Mixers [No Bullshit Bitcoin]
“Bitcointalk.org aims to allow about as much freedom as is reasonably possible. But this is not a darknet forum, and with mixers looking “grayer and grayer”, it’s no longer reasonably possible to allow linking to mixers.”
“Even though “a cryptocurrency mixing service is not necessarily illegal,” a clear pattern has emerged where mixers pop up, last for a little while, and then get taken down by law enforcement once they get too big.”
“Allowing mixers to be posted on bitcointalk.org before they seemingly-inevitably get declared illegal and seized is not sustainable. Therefore, linking to mixers will no longer be allowed, just the same as linking to darknet sites is already not allowed.”
“It will continue to be OK to discuss mixers in a general sort of way. Just don’t direct people to mixers: don’t link to a mixer, don’t link to a directory with links to mixers, don’t tell people to “Google ASDFmixer”, don’t link to a mixer’s telegram, etc.”
TBD Unveils Tech Preview of tbDEX Open Source Liquidity Protocol to Reimagine Global Payments and Commerce [TBD]
“Yellow Card launches the first Participating Financial Institution (PFI) on tbDEX to offer liquidity across 20 African countries”
“tbDEX is a protocol for discovering liquidity and exchanging assets (such as fiat money, real world goods, stablecoins or bitcoin” [Whitepaper]
Bitkey transaction fee speculation - Will Bitkey users pay $100 per tx in 2024? [@1440000bytes]
Steven Roose submitted a PR for TXHASH, a covenants proposal similar to CTV, but more expressive.
“Steven and @brqgoo designed it for Ark to solve some edge cases regarding fees, which wasn’t possible with CTV.” [Robin Linus]
Bitcoin FOSS Program by Chaincode Labs Is Accepting Applications Until December 31 [No Bullshit Bitcoin]
“Contributing to FOSS can feel lonely and intimidating. This three-month program is designed to provide the professional feedback necessary to get you off of FOSS 0.”
As with all of our educational initiatives, there is NO COST associated with this program.
Complete the application by DECEMBER 31, 2023.
“If you are a good fit, we’ll ask you to complete an exercise. (Note: If you have previously completed a Chaincode Seminar, you are in!)”
The program begins the week of January 15th and runs until April 15th, 2024.
Business & Finance
Unchained ends BTC collateral-backed loans to individuals (starting Jan 2024)
“Due to external requirements, new loan originations to individual borrowers will be paused beginning January 1, 2024. We will continue originating new loans for legal entities such as LLCs or corporations after January 1 for business or investment purposes.”
Self-Custody Bitcoin Wallet Bitkey, Built by Block, Inc., Launches Globally
Tether
Freezes all OFAC-sanctioned wallets in ‘proactive’ security measure [The Block]
Tether, the company behind the world’s largest stablecoin, has frozen the wallets of individuals sanctioned by the U.S. Office of Foreign Asset Controls (OFAC)
In its announcement, Tether framed the move as a voluntary step to “proactively prevent any potential misuse of Tether tokens and enhance security measures,” and clarified that existing wallets on the OFAC list would be frozen along with any new wallets added in the future.
Admit to onboarding FBI, Secret Service to the platform [The Block]
Tether CEO Paolo Ardoino, who recently took the helm of the company, emphasized Tether’s recent decision to disable Tether’s tokens in all wallets on the Office of Foreign Assets and Controls (OFAC) sanction list.
Tether claims to have helped the Department of Justice, U.S. Secret Service, and Federal Bureau of Investigation (FBI) freeze 326 wallets controlling 435 million USDT so far.
Ardoino also announced that Tether “recently onboarded the United States Secret Service into our platform and is in the process of doing the same” for the FBI.
CrowdHealth, a startup focusing on crowdfunded healthcare products in lieu of insurance plans, integrates Lightning payments with the help of Breez SDK. [Bitcoin Magazine]
Lolli raises $8M Series B to expand its bitcoin and cashback rewards to enterprises [TechCrunch]
The company’s co-founder and CEO, Alex Adelman, said the fresh capital will be used to roll out Lolli’s rewards program to enterprise partners like exchanges, neobanks, banks, payment companies and browsers.
Funding
Johannes Hoffman’s grant renewed by Spiral
“Grant renewal. Johannes Hoffman (@vir7u) monitors the bitcoin network’s health at 21.ninja, making P2P network metrics more available to devs working to increase Core’s robustness.”
Human Rights Foundation (HRF) allocates $500,000 in Bitcoin Development Fund grants to 18 global projects [Bitcoin Magazine]
Mostro: Decentralized peer-to-peer Bitcoin exchange focusing on authoritarian regimes.
Mi Primer Bitcoin: Nonprofit providing open-source Bitcoin education in Central America.
Arabic Hodl: Making Bitcoin accessible to Arabic-speaking people worldwide.
Netblocks: Monitoring and reporting Internet restrictions and shutdowns globally.
Lorban: Working on Stratum V2, an upgrade for Bitcoin miners to enhance censorship resistance.
John Carlson: Contributions to updating and improving the Bitcoin Core App for mobile use.
Area Bitcoin: Expanding free Bitcoin educational content across multiple languages.
Berta Valle: Bitcoin educational work in Nicaragua for the human rights defender community.
Bitshala: Education initiative in India providing resources to developers entering the Bitcoin space.
Hack.BS: Nonprofit in Italy opening a cypherpunk hackerspace and promoting financial freedom.
Bitcoin Deepa: Expanding the Sri Lankan Bitcoin community through meetups, education, and podcasts.
Exonumia: Translating Bitcoin educational content into native African languages.
Louisa: Creating a Bitcoin privacy guide for beginners, with a focus on activists and NGOs.
Groundswell: Supporting free Bitcoin education to diaspora and exile communities in the UK.
Kulpreet Singh: Developing Braidpool, a peer-to-peer mining pool enhancing Bitcoin’s censorship resistance.
SeedSigner: DIY bitcoin signing device to make Bitcoin self-custody more affordable.
bitcoin++: Developer-focused conference series worldwide, covering Bitcoin technology.
Bitcoin Atlantis: Conference in Portugal, HRF funding supports attendance for human rights defenders and civil society leaders.
Competitions
LegendsOfLightning 2023 Winners Announced
Bitcoin Connect: Connecting lightning wallets to your web-app has never been easier
USDp (10101): Hold, pay and receive USD on lightning
Resolvr: A P2P bounty marketplace with integrated dispute resolution
Special Mentions & Shout Outs
Privacy
Governments spying on Apple, Google users through push notifications [Reuters]
WASHINGTON, Dec 6 (Reuters) - Unidentified governments are surveilling smartphone users via their apps’ push notifications, a U.S. senator warned on Wednesday.
In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Alphabet’s (GOOGL.O) Google and Apple (AAPL.O). Although details were sparse, the letter lays out yet another path by which governments can track smartphones.
Apps of all kinds rely on push notifications to alert smartphone users to incoming messages, breaking news, and other updates. These are the audible “dings” or visual indicators users get when they receive an email or their sports team wins a game. What users often do not realize is that almost all such notifications travel over Google and Apple’s servers.
Stacker News Introduces Foreign Asset Control Compliance [No Bullshit Bitcoin]
“Operating in the US requires us to not provide financial-like services certain regions, even if those financial-like services amount to pennies of value on average like they do on SN. We are waiting on an exact list of countries from lawyers, but presumably any stackers located in the counties on this website could be affected.”
“Soon, if the IP address of your browser session indicates you are located in a sanctioned region, we will prevent you from transacting with our wallet.” [Stacker News Announcement]
Government & Political
The U.S. Department of the Treasury has been pushing for lawmakers to grant it extended powers to battle illicit finance using crypto. [Coindesk]
One of the government’s requests is for special jurisdiction over non-U.S. stablecoin issuers, such as Tether.
The recommendations also include making “blockchain nodes or other elements of cryptocurrency transactions” subject to the International Emergency Economic Powers Act (IEEPA) [Coin Center]
US Senator Elizabeth Warren introduces bill to “crack down” on the #Bitcoin and crypto industry and bring it “into greater compliance.” [Bitcoin Magazine]
“Senator Warren stressed that digital currencies are used as an avenue for criminal activities, and that must be addressed through stringent regulatory frameworks.”
“Buried in the House intelligence committee’s Section 702 “reform” bill is the biggest expansion of surveillance inside the United States since the Patriot Act.” [Liza Goitein]
“Through a seemingly innocuous change to the definition of “electronic service communications provider,” the bill vastly expands the universe of U.S. businesses that can be conscripted to aid the government in conducting surveillance.
Under current law, the government can compel companies that have direct access to communications, such as phone, email, and text messaging service providers, to assist in Section 702 surveillance by turning over the communications of Section 702 targets.
Under Section 504 of the House intelligence committee’s bill, any entity that has access to equipment on which communications may be transmitted or stored, such as an ordinary router, is fair game.
Hotels, libraries, coffee shops, and other places that offer wifi to their customers could be forced to serve as surrogate spies. They could be required to configure their systems to ensure that they can provide the government access to entire streams of communications.”
Reads
Here’s a list of our top recently published reads:
The Challenges of Developing Non-Custodial Lightning on Mobile By Matt Corallo [LDK]
Dunder LSP and Lightning Box Provider by Darthcoin
Mini guide dedicated to all those node runners that want to give more purpose to their LN node and provide more services for mobile users.
Bitcoin Mining Around the World: Africa on [Hashrate Index]
Bitcoin Jungle enables 200+ stores in Costa Rica to embrace Bitcoin on BTC Pay Server Blog
The Breez SDK Is Helping CrowdHealth Help Bitcoiners Help Each Other by Roy Sheinfeld
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)