BR067 - Primal, Spectre, Boardwalk Cash, Silent Payments, ecash regulatory risks, nostr bootstrapping + MORE ft. Fiatjaf, Miljan & Odell
I’m joined by guests Fiatjaf, Miljan & Odell to go through the list.
Vulnerability Disclosures
00:02:34 Ebury: 400k Linux servers compromised for cryptocurrency theft and financial gain [Eset Research]
“One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to credit card and cryptocurrency theft”
00:03:55 Zero-day in D-Link router (DIR-X4860) [Bleeping Computer]
“Security vulnerabilities in DIR-X4860 allow remote unauthenticated attackers that can access the HNAP port to gain elevated privileges and run commands as root.” [SSD’s disclosure]
00:05:07 LLMjacking: Stolen Cloud Credentials Used in New AI Attack [Sysdig Blog post]
LLMjacking is a “new attack that leveraged stolen cloud credentials in order to target ten cloud-hosted … LLM services”
“The credentials were obtained from a popular target, a system running a vulnerable version of Laravel (CVE-2021-3129).”
00:10:43 Bluetooth as a border surveillance technology [EFF article]
Two Texas counties have implemented a new tracking technology, TraffiCatch, capable of detecting Bluetooth and WiFi signals to monitor devices such as smartphones and cars. [NOTUS report]
00:31:38 Google patches third zero-day Chrome vulnerability in one week [Bleeping Computer]
Google addressed a “high-severity” type confusion vulnerability in the Chrome V8 JavaScript engine, identified as CVE-2024-4947, which was actively exploited in the wild. [Release update]
Bitcoin
Software Releases & Project Updates
00:33:28 Sparrow Wallet v1.9.1
Add testnet4 network support
Add testnet4 Electrum public server and remote transaction broadcast from mempool.space
Increase the gap limit where necessary to sign a PSBT where the provided input derivations match an open wallet
Optionally show output descriptor QR export as BBQR when Coldcard, software or watch-only keystores are present
Update Coldcard import and export instructions to match the latest firmware
Update default derivation path for ‘unknown’ Unchained signer
00:35:11 electrs v0.10.5
Update dependencies (
bitcoin,bitcoin_slices,bitcoincore-rpc,rayon)Support latest bitcoind
00:35:24 Specter Desktop v2.0.3
Add support for more languages for mnemonics
Allow bumpfee on transactions with a single output
Enforce hwi init
Kn/macos signing
Bitcoin Keeper V1.2.6
Backup vaults on your personal cloud
Use Canary wallets to detect unauthorized key usage
Concierge Support out in beta
UX/UI enhancements
00:38:54 BlueWallet
00:39:12 Blockstream
Green QT v2.0.5
Add or import singlesig watch-only wallet
New watch-only section in wallet settings dialog
Expose extended public keys and output descriptors of singlesig accounts
Handle external BIP21 payment on Linux
Option to scramble login keypad
00:39:52 Robosats v0.6.1-alpha
Revamped Robosats Android app
Full RoboSats self-hosted client, generate robot identities locally
All networking torified
Android app soon to be publish on F-Droid
Load map JSON in advance
Detect federation testnet
Notify coordinator admin for new disputes
Portuguese translation
New tor engine
Add geoblocked countries
00:39:59 BoltzExchange boltz-web-app v1.3.5
Add geyser integration
Add setting menu
Change license to AGPL3
Capture logs in browser storage
00:40:13 Wasabi Wallet v2.0.7.2
This version is just adding one feature: Mix to another wallet - In the program, you can set another wallet in the coinjoin settings to which you want to coinjoin. In this case, the anonymity score target is not considered; once the coinjoin is completed, your coins will be transferred to the wallet you specified.
00:44:32 Stack Wallet V2.0.0
Add Bitcoin Frost multisig
Add Bitcoin taproot support
00:44:40 GroupHug v1.1.0
Add options to query for information about the groups
Close groups by fee. Groups are closed if they pay enough fee to enter the next block
Close groups by time. Groups are closed after a certain defined time if they are not full
Project spotlight
00:47:13 Penlock: open-source, cryptographically secure, printable paper-computer [BitDev Mailing List]
Beta release: “Guides users through secret-splitting their BIP39 seed phrase without an electronic device.” [Github]
00:47:33 utreexod: full node bitcoin implementation with support for utreexo accumulators [Github]
00:47:51 Meshtastic BitcoinCore Bridge: Broadcast raw transactions over Meshtastic Lora to a computer with Bitcoin Core [Github]
00:48:39 silentpayments.xyz: website to learn about Silent Payments, which wallets support them with integration documentation [Announcement]
00:49:02 blindbitd: Bip352 silent payment wallet which runs as daemon [Github]
00:49:10 Silentium: BIP352 light mobile wallet [Github]
“Self-custodial & privacy focused wallet for sending and receiving Silent payments with Silentiumd.”
SilentPay: A wallet library for silent payments [Github]
This library is a JavaScript/TypeScript implementation of silent payments … and provides a simple wallet implementation that provides support for silent payments out of the box.
00:51:50 BlueWallet Silent Payments repository [Announcement]
00:51:53 BitEscrow Developer Playground
“Experiment with our API, All test chains supported, Edit in JSON, Programmable Contracts, Open Source”
00:51:58 BitVMX: a virtual CPU to optimistically execute arbitrary programs on Bitcoin [BitDev Mailing List]
Privacy & Other Related Bitcoin Projects
Software Releases & Project Updates
00:55:07 Unleashed.Chat v0.1.21
Mixtral 8x22B Instruct–Mistral AI’s flagship FOSS model
Mixtral 8x7B and 8x22B models are now capable of searching the Internet
Add API endpoints for fetching the current balance and creating a Lightning invoice for adding funds
Billing is now based on the length of the response (output tokens) rather than generation time
00:58:28 SimpleX v5.7.0
Quantum resistant end-to-end encryption with all contacts
Forward and save messages without revealing the source
In-call sounds and switching sound sources
Better network connection management
Customizable profile images
Project spotlight
00:58:52 OpenXrypt: Secure and private direct messaging for social media [Github]
Chrome extension that provides secure and encrypted communication on social media platforms using the OpenPGP encryption standard
Compatible with Twitter DMs and Whatsapp Web
Lightning + L2+
Software Releases & Project Updates
1:01:58 Mutiny
1:02:02 LDK v0.0.123
API Updates:
default dust exposure limit has been increased to
MaxDustHTLCExposure::FeeRateMultiplier(10_000)An
OutputSweepeis now provided which will automatically sweepSpendableOutputDescriptorAfter initiating an outbound channel, a peer disconnection no longer results in immediate channel closure. Rather, if the peer is reconnected before the channel times out LDK will automatically retry opening it
PaymentPurposnow has separate variants for BOLT12 payments, which include fields from theinvoice_requesas well as theOfferIChannelDetailnow includes a list of in-flight HTLCs
Node Compatibility:
Blinded paths were inconsistent with other implementations in several ways, which have been addressed
Messaging blinded paths now support the latest features which some nodes may begin relying on soon
BOLT12 structs have been updated
Security: fix denial-of-service vulnerability … when parsing invalid BOLT11 invoices containing non-ASCII characters.
1:02:11 scaling-lightning v0.4.0
Configurable namespace: specify the Kubernetes namespace for the scaling lightning network … to run multiple separate SL networks on the same machine.
1:02:16 Phoenixd v0.1.5
Add official Dockerfile
Add authentication to webhook calls
Add
descriptionHashparameter tocreateinvoiceUpdate lightning-kmp
Add endpoints to list incoming and outgoing payments
1:02:20 Breez SDK v0.4.1
Show correct amount on closed channels
Attach labels to payments
Persist LNURL-pay comment sent to the recipient
1:02:24 minibits-wallet v0.1.7-beta.13
Wallet paged screen is now organized by units, not by mints
Lighnting transactions are initiated in selected mint context
Send and Receive bottom buttons now handle Ecash transactions
Mint information kept by the wallet can be now refreshed
Nostr relays can be re-subscribed to using new button on Relays screen header
Wallet profile and address is accessible from wallet screen and address can be copied
Wallet now fully uses v1 Cashu API specification when talking to the mints
1:02:44 Bull Bitcoin bullbitcoin-mobile v0.2.0-9-beta
“Self-custodial Bitcoin and Liquid Network wallet which offers non-custodial atomic swaps across Bitcoin, Lightning and Liquid”
Major update:
Add Liquid Network wallet
Add atomic swaps with Lightning Network
1:04:01 nutstash-wallet v0.2.7
Add feature/onboarding
Add P2pk
1:04:02 Fedimint v0.3.1
Added Premetheus metrics
Utils for fetching meta fields and vetted gateways
1:04:06 Aqua Wallet v0.1.52
Bitcoin can now be sent with custom fees
Add mempool.space for Bitcoin fee estimates, with fallback to blockstream.info
Add deposit addresses to the Transaction Details for swaps.
1:04:11 LNp2p Bot
Project spotlight
1:04:18 Cashu.Me v0.1
Modern UI: The home screen shows you your total balance across all mints.
Support for Bitcoin and USD: You can send and receive Bitcoin or Fiat via Lightning invoices or directly as Ecash, using the new v1 Cashu protocol.
Seed phrase backups: Cashu.me now supports seed phrase backups that allow you to restore your entire balance if you lose your device. Interoperability wins.
Animated QR codes: Cashu.me now supports animated QR codes …, it also allows you to send any amount you like via QR codes without ever hitting the internet.
Send Ecash offline: New coin selection algorithm built into Cashu.me ensures you always have the right amount of Ecash in your wallet to be able to make up to 4 payments of any amount … without having to go online.
Receive Ecash offline: Simply press the “Later” button in your receive screen and store the Ecash in your History to redeem it later when you come back online.
Lock Ecash with P2PK: Your counterparty … can now lock Ecash to your public key by using the Pay-to-Pubkey (P2PK) feature.
Discover mints via Nostr: The mint tab on the home screen now allows you to discover new mints via Nostr.
Swap Ecash between mints: If you ever want to transfer funds you hold from one mint to another, you can use the multi-mint swap feature in the Mint tab.
Remote control with NWC: You can now use your Cashu.me wallet from other applications using a feature called Nostr Wallet Connect (NWC).
1:04:34 Alby releases open-source forks of browser extension AdBlockPlus and uBlock [Blog post]
Allow users to block ads and pay in bitcoin by integrating Nostr Wallet Connect (NWC) and Lighting Web Standard (WebLN).
NWC: enables bitcoin lightning wallets to connect with various apps, allowing NWC-compatible wallets to fund an ad blocker extension with bitcoin and ensures that the app handling payments does not access user funds.
WebLN: WebLN facilitates communication between browser extensions and websites, using JavaScript to programmatically process payment requests without scanning QR codes.
1:07:36 Prism introduces Boardwalk Cash [Twitter post]
The first dollar-based CashuBTC wallet built on top of Bitcoin and connected to Nostr [Github]
Nodana: Phoenixd as a Service [Announcement]
Beta: Run Phoenixd in the cloud using a CLI. “No registration, personal details or credit cards required”.
Ticketbot: A proof of concept ticketing agent for Lightning and Nostr [Github]
Nostr
Software Releases & Project Updates
1:20:45 Primal android-app v0.99.2
Implement user tagging in new notes and replies
Implement recent users
Implement connect other wallet
rust-nostr v0.31.0
Simplify the way to subscribe and/or reconcile to subset of relays
Add blacklist support to mute public keys or event IDs
Remove zap split from
client.zapmethodRework
TagAdd
TagStandardenum
Damus v1.8
New Emoji Selector
Quote Reposts
New fullscreen video player
Improved longform style
Account recovery
nos.social
Add the author’s name to profile cards on the Discover tab and search results
Add a delay when trying to reopen a websocket that had previously closed with an error
On the Profile screen, open a sheet to display the full bio
Open Profiles when tapping on a NIP-05 username reference in a note
Add special treatment for nostr.band when searching on the Discover tab
Detect identifiers of the form @npub1… in notes and link them to the associated profiles
Detect NIP-05 identifiers inserted in notes and link them to njump
Add “Send To Nos” private reporting to protect user privacy
Add support for uploading videos when composing a note
Add option to connect your existing NIP-05 username
Add PrivacyInfo file to the project to comply with Apple’s new requirements
Updated dark theme colors for card backgrounds, primary text, and secondary text
Add a new UI for replying to messages that allows attaching images and setting an expiration date
Citrine v0.2.4
Add Connection statistics
Add Database statistics
Project spotlight
Zap.store: permissionless app store leveraging the nostr social graph [Github]
Voyage: Lightweight nostr client for Android with a Reddit-like UI [Github]
Fork and successor of Nozzle
Boosts
1:46:45 Thanks to everyone who streamed sats, and shoutout to our top boosters:
[🏆 TOP BOOSTER] @@garykrause_ (40,000 sats) “FPPS is debt on bitcoin. very bad idea.”
@vake (5,000 sats) “Bitcoin is boring and nothing happens.”
@dubravko (1,740 sats) “Re. Signal and Telegram: thank God not only Bitcoin is boring, but I am as well.”
@pippellia (1,000 sats) “There is nothing better than hearing Odell and NVK talking shit against each other 🤣”
@marinaspin (100 sats) “Obrigada”
@righthandson (100 sats) “Matt it wasn’t just you. Someone had discord notifications coming through their audio. Great show! Love the @futurepaul episodes!”
Tech Tip of the Day
1:48:28 How to turn on Advanced Data Protection for iCloud: enable end-to-end encryption for your iCloud backups [Apple guide]
Bitcoin Optech Newsletter
Highlights from recent Bitcoin Optech Newsletters
Anonymous usage tokens: Adam Gibson posted to Delving Bitcoin about a potential solution to private proof of pubkey ownership using keypath-spend.
BIP39 seed phrase splitting: Rama Gan introduces Penlock, “a printable paper-computer that guides users through secret-splitting their BIP39 seed phrase without an electronic device”.
Alternative to BitVM: “Sergio Demian Lerner and several co-authors posted to the Bitcoin-Dev mailing list about a new virtual CPU architecture based in part on the ideas behind BitVM.”
Continued discussion about updating BIP2: continued discussion by Mark “Murch” Erhardt updating the BIP process (BIP2).
Release of utreexod beta: Calvin Kim posted to the Bitcoin-Dev mailing list to announce the beta release of utreexod, a full node with support for utreexo.
BIP119 extensions for smaller hashes and arbitrary data commitments: proposed BIP by Jeremy Rubin to extend the proposed OP_CTV, with two additional features:
Support for HASH160 hashes
Support for additional commitments
Consensus-enforced lamport signatures on top of ECDSA signatures
Ethan Heilman posted to the Bitcoin-Dev mailing list a method for requiring that a transaction be signed by a lamport signature in order to be valid.
News & Noteworthy
Lightning
Lightning Labs CTO announces first mainnet multi-hop asset payment with Taproot Asset channels [@Roasbeef Twitter post]
Nostr
Amethyst NIP 90 content discovery [Merged #856]
Current state:
A Nip89 list of DVMs for content discovery is loaded and shown in the discovery tab
Send kind 5300 request event to DVM on Click
Listen to Kind 6300 Response
Parse kind 6300 and render the events in a feed
View NIP90 Content-Discovery DVMs
Send a new request by clicking on a DVM
Get results back and renders feed
Business & Finance
IBEX Pay to cease all operations in the U.S., effective May 31st, 2024 [Announcement]
P2P exchange AgoraDesk/LocalMonero to shut down on November 7th, 2024 [Blog post]
Mash (@getmash) to shut down all products and services on May 17th, 2024 [Announcement]
Swan launches Managed Mining service for institutional investors [Press release]
Funding
Spiral renews grant to Summer of Bitcoin (@summerofbitcoin) [Announcement]
Bitcoin Beach Grants: a global campaign to advance Bitcoin circular economies [Announcement]
“Educational content, grant funding, and ongoing mentorship to empower emerging #Bitcoin Circular Economies” in partnership with @geyserfund and @FBCEglobal.
HRF attributes CISA research fellowship to Fabian Jahr [Twitter post]
Brooks School Tech Policy Institute to research relationship between Bitcoin and financial freedom [Cornell Blog post]
HRF and the Reynolds Foundation to support BTPI Director Sarah Kreps to lead research in “understanding the use of Bitcoin and stablecoins by individuals around the world”.
Bitcoin Design Foundation announces grant to Jakub, UX generalist at Alby [Press release]
The Bitcoin Policy Institute [announces] the Peer-to-Peer Rights Fund
Guiding principles:
Non-Regulation of Non-Custodial Tools as Financial Services (aka “No MSBs without Keys”)
Protection of Open-Source Software under the First Amendment
Constitutional Rights to Use and Transact Bitcoin
Mining
Block’s Mining Development Kit heads to beta testing [Blog post]
Protocol
LDK #2973: add support for
OnionMessenger, intercept onion messages on behalf of offline peers [Merged]Bitcoin Core #28970 and #30012: add support for a limited form of one-parent-one-child (1p1c) package relay that doesn’t require any changes to the P2P protocol.
Bitcoin Core #28016: begins waiting for all seed nodes to be polled before polling DNS seeds [Merged]
Bitcoin Core #29623: makes various improvements to warning users if their local time seems to be more than 10 minutes out of sync with the time of their connected peers [Merged]
Government & Political
El Salvador now has its own mempool.space instance [Announcement]
Tornado Cash founder sentenced to 64 months in prison [Wired article]
Events
The first international Bitcoin-native conference in Tokyo
September 21-22, 2024 in Tokyo, Japan
Second edition of FBC
October 5, 2024 in Antwerp, Belgium
India Bitcoin Conference has been postponed.
Reads
Here’s a list of our top recently published reads:
A Primer on UTXOs by BullBitcoin [Blog post]
Script State from Lamport Signatures by Andrew Poelstra [Bitcoin Magazine]
Open source is neither a community nor a democracy by David Heinemeier Hansson [Blog post]
Episode submission ideas
We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)