BR071 - Krux, Mutiny, BlueWallet, Linksys Vuln, Silent Payments, BOLT12 +MORE ft. Alex, Craig & Ben
I’m joined by guests Alex B, Ben Carman and Craig Raw to go through the list.
Housekeeping
00:02:10 New COLDCARD tutorials:
00:02:58 Unleashed.chat had lots of small updates and running fast better, we are looking for feedback and feature ideas. And if you are interested in the AI topic but wants a primer I recorded a episode of WBD with Peter WBD EP 838 and another one with Marty TFTC EP 492.
00:03:56 OpenSats just released another round of funding, that included Krux a great FOSS DIY renewal and more we will cover later in this episode.
Vulnerability Disclosures
00:04:32 Wasabi Wallet published a report listing vulnerabilities actively leveraged by attackers [Security Incident Disclosure]
User-targeted attacks: Wasabi Wallet warns a coordinator named WasabiCoordinator is reportedly attempting to siphon funds from its users [Twitter post]
According to a user on BitcoinTalk the malicious coordinator would “change the [number] of inputs to 2, drops the coinjoin time from 45 min to 5 min, and raises the fee [percentage] to milk you.”
Supply chain compromise: A compromised GitHub account altered the Wasabi-2.0.8.1 Windows installer, the hash discrepancy has been detected and removed by BinaryWatchBot, a Coinkite OpResearch bot. [BinaryWatchBot Twitter post] - Attacks on free coordinators: free coordinators face an unprecedented number of Layer 7 DDoS attacks. Such attacks are challenging to mitigate as they target the application layer, making malicious requests almost indistinguishable from legitimate traffic.
00:16:20 Five dollar wrench attacks:
Crypto-focused home invasion gang spree across four US states [Wired]
The group, consisting of over a dozen men, conducted a series of violent home invasions targeting cryptocurrency holders, attacking a total of 11 victims.
Five foreigners arrested for robbing British crypto trader in Bangkok. [Khaosod English]
On July 14, Bangkok police arrested five foreigners for robbing a British crypto trader. The victim was assaulted, tied up, and robbed of valuables worth over 3 million baht (~$80,000).
00:24:53 ‘Regresshion’: Critical OpenSSH vulnerability allows remote code execution on Linux systems [The Hackers News]
OpenSSH maintainers releases an update to fix a critical flaw (CVE-2024-6387) enabling unauthenticated remote code execution with root privileges on glibc-based Linux systems.
The flaw, named regreSSHion, is a signal handler race condition in the sshd server component. [Qualys Threat Research Unit report]
00:25:17 Messenger app Signal fixes encryption key flaw affecting desktop client’s security [Bleeping Computer]
The company addresses a flaw known since 2018, where encryption keys were stored in plaintext on the desktop client. This flaw could let attackers access sensitive user data and replicate a live user’s session on a separate machine.
00:30:14 Twilio, parent company of popular two-factor authentication app Authy, reports security breach where hackers accessed 33 milion Authy users phone numbers. [TechCrunch]
00:36:52 AT&T data breach exposes phone records of nearly all customers [TechCrunch]
AT&T confirms a significant data breach, exposing phone records of 110 million customers, including calls and texts metadata but not the content.
Some records include cell site identification numbers, potentially indicating call locations.
00:41:14 AU10TIX, an ID verification provider, left admin credentials exposed for over 18 months, potentially compromising user data from X and Coinbase. [Electronic Frontier Foundation]
The exposed credentials allowed access to identity documents, including names, dates of birth, nationalities, ID numbers, and document images.
00:48:35 Linksys Velop routers transmit Wi-Fi passwords in plaintext to US servers [Stack Diary]
Testaankoop, the Belgian Consumers’ Association, detected clear-text transmission of SSID names, passwords, and other tokens to AWS during routine checks.
Bitcoin
Software Releases & Project Updates
00:52:03 Bitcoin Core
Script
sign: don’t assume we are parsing a sane TapMiniscript
P2P and network changes
Change Luke Dashjr seed to dashjr-list-of-p2p-nodes.us
p2p: detect addnode cjdns peers in GetAddedNodeInfo()
RPC
rpc, bugfix: Enforce maximum value for setmocktime
bugfix: throw an error if an invalid parameter is passed to getnetworkhashps RPC
rpc: move UniValue in blockToJSON
rpc: Reword SighashFromStr error message
Build
depends: fix mingw-w64 Qt DEBUG=1 build
depends: Fix build of Qt for 32-bit platforms with recent glibc
depends: Fetch miniupnpc sources from an alternative website
upnp: fix build with miniupnpc 2.2.8
Misc
ThreadSanitizer: Fix #29767
ci: Bump s390x to ubuntu:24.04
doc: Suggest installing dev packages for debian/ubuntu qt5 build
contrib: Renew Windows code signing certificate
Merged BIPs:
00:55:12 COLDCARD
Edge v6.3.3 - Shared Improvements Both Mk4 and Q
New Feature: Ranged provably unspendable keys and
unspend(
support for Taproot descriptorsNew Feature: Address ownership for miniscript and tapscript wallets
Enhancement: Address explorer simplified UI for tapscript addresses
Q v6.3.3QX - Specific Changes
Enhancement: Miniscript and (BB)Qr codes
00:56:16 Nunchuk Desktop v1.9.35 / Android v1.9.47
Add the ability to replace key(s) in an assisted multisig wallet and roll the funds over
Decrease the Platform Key’s co-signing delay now must wait for an amount of time equal to the current delay
Add Health Check History
Add the ability to show a transaction as an invoice and save as a PDF
00:56:48 Liana v6.0 - Jaded
Liana daemon / library
Accurately estimate the size of a signed spend transaction, preventing overpaying fees in some configurations
lianad
now accepts two new arguments:--version
and--help
Liana GUI - The
hardware_wallets
field in the configuration file is now disregardedSupport the Jade signing device
Use a more recent graphic renderer (wgpu), which offers better compatibility with newer systems
The network is now set first in the installer
It’s now possible to get back from the descriptor creation step to the installer landing page
Advanced text shaping was enabled. Basically: you can now use emojis in labels and aliases
Date and time are now displayed according to the system’s timezone configuration
Show the BIP388 wallet policy when registering a descriptor on a signing device
The descriptor backup step was removed in installer when a descriptor was just imported in the previous step
00:57:38 Rust Payjoin
Payjoin v0.18.0
Handle OHTTP encapsulated response status
Upgrade
receive::v2
Typestate machine to resume multiple payjoins simultaneouslyEnroller
becameSessionInitializer
Enrolled
becameActiveSession
fallback_target()
becamepj_url()
pj_url_builder()
was introduced
ContextV2
becameSessionContext
Include a bitcoin address in
SessionContext
send::ResponseError
variants fields got explicit namesRefactor output substitution with new fallable
try_substitute_outputs
CLI v0.0.7 - Resume multiple payjoins easily with the
resume
subcommand. A repeatsend
subcommand will also resume an existing sessionNormalize dash-separated long args
Use sled database. Old .json storage files will no longer be read and should be deleted.
Don’t needlessly substitute outputs for v2 receivers
Print instructions and info on interrupt
00:58:00 Blue Wallet v6.6.7
Watch only wallets warning
View Payment Code on Watch app
Payment code in receive screen
Market price android widget USD only for now
Fee estimation and price fetch on widget improvement
Insert Contact
Payment code in Receive
Handoff TXID to be able to quickly browse on other devicess
Send to SilentPayment address
BIP47 send to contacts
GHS and XAF
Countries in Currency screen
Scan tooltip
Settings > Clear Cache
Provide explanation for a disabled feature
Rename counterparty paymentcode
BIP47 notification transaction
1:07:04 Bitcoin Keeper v1.2.9
Cashed Transactions - Allows you to pick up a transaction signing process right where you left off
Health Check for All Keys - Receive regular notifications for all keys that have not been used for a period of time, ensuring you have access to all of them
Personal Cloud Backup - Backup wallet configurations in a simple PDF file. Keeper’s self-sovereign options allow you to depend less on the platform
Timeline View - See the timeline for each key, showing its history
One-Time Backup for Assisted Keys + - Now includes an additional security step
User Warning Messages - Receive prompts when trying to archive a non-empty vault or reuse keys (even across Keeper apps)
1:07:28 Krux v24.07.0
Maix Cube Support
Frozen Code - Speed and Security Improvement
More Single-sig Script Types Support
Accounts Support: Users can now use custom account derivation indexes.
Wallet Customization Options
BIP85 Support
Wallet Sans Key: tool to load a trusted wallet descriptor to view addresses without the need for private keys.
Add BBQr Support
Update Embit
Auto Shutdown - Security and Battery Saving Feature - Hide Mnemonics - Security Feature
PSBT Path Mismatch: Detect and warn the user if the PSBT path differs from the loaded wallet’s path.
Show Multisig PSBT Policy When Descriptor is Not Loaded
Status Bar Shows Loaded Fingerprint
Fee Percentage of Transaction: Show the transaction’s fee as a proportion of the transaction cost, warning if it is greater than 10%.
Sats/vB: PSBT now displays an accurate estimation of the transaction’s feerate.
Brightness Control for Maix Cube and M5stickV
Fast Forward for Buttons
Add Display Settings for Maix Amigo
Faster Address Scanning and Exploring
Sign PSBTs Without Fingerprints
Dice Rolls Pattern Detection
Optimized SD Card Signing: Better suited for large transactions, SD card signing is now more RAM efficient.
Stand Alone Verifiable Signed PSBTs
Camera Optimizations for Yahboom (ver:1.1) With GC2145 Camera
Yahboom and Cube Devices Added to Simulator
1:10:27 Bisq v1.9.17
Improve network resilience and stability
Add getdaostatus API, expose failed trades in API, and support XMR auto conf in API
Buyers can pay using SEPA QR codes
Restore QR code scanner for mobile notification app pairing
1:10:39 RoboSats v0.6.3
Manually add new coordinators
Polished for CLN coordinators
New feature rich notificaitons endpoint at /api/notifications
Turn on/off the built in Tor node on Android (allows use with Orbot)
Remove robot avatars from coordinator (better coordinator performance)
1:10:43 WasabiWallet v2.1.0.0
Set minimum coinjoin input count
Stricter absolute limits for maximum coinjoin mining fee rate and minimum coinjoin input count
Prevent solo coinjoining
Coordinator Connection String
Advanced send Workflow
1:10:48 Bitkey
v2024.62.0 - Improved transaction speed-up: Customers can now speed up transactions of any size
Inactive address notifications: Receive a notification when funds are sent to an inactive Bitkey address. Funds can then be transferred to an active Bitkey wallet
Hide balance: Tap your balance in the Bitkey app to hide your current balance and transaction details.
Biometric sign-in: Option to require biometric sign-in or PIN to unlock your Biktey app.
Hardware wipe: Ability to wipe and reset your Bitkey device to factory settings for easier recovery testing and transfer of ownership.
1:11:29 Trezor trezor-suite v24.7.1
The “Remember Wallet” feature has been enhanced and renamed to “View-Only Wallet” for better discoverability and clarity
The wallet switcher has been redesigned for a smoother experience
The passphrase is now integrated into the wallet switcher, eliminating prompts at every device connection
Token management has been revamped with manual hide/unhide options, enhanced search functionality, and more
1:11:59 Blockstream QT v2.0.8
Flow to redeposit 2FA expired coins
Notification for 2FA expired coins
Notification for partial service outage
Expose status of wallet connections
Show banner for login alert
Show banner for system messages
Show banner for two factor expired outputs
1:12:35 FullyNoded v1.1.2 - BBQr and UR updates
Export and import QR codes in UR or BBQr format
More efficient QR scanning
Available balance now on display in the spend view
Adds an animate button to UR Qrs (BBQr will automatically update)
Xprv now included in Bitcoin Core hot wallets in the wallet backup QR/file
DNS port removed from Tor config options
Shows first 5 derived addresses when importing a wallet with a descriptor
Project spotlight
1:14:01 WE HODL BTC: Opinionated self-custody guides for bitcoiners [Github
WE HODL BTC is a free resource created to help bitcoiners take self-custody of their bitcoin. Whether it’s 100 000 satoshis or 100 bitcoins, there’s a guide for you.
1:14:42 Satso: BIP 353 Resolver, convert BOLT12 and reusable BTC addresses into legacy addresses. [Github]
1:15:16 Mempool Accelerator, a service to get your stuck transactions confirmed by paying an out of band fee, is now live.
1:15:37 PSBT Commander: a Rust BDK powered PSBT creator [Github]
The project is in beta and is not recommended to use with real funds at the moment.
1:15:51 Brollup v2: Brollup v2 introduces a new zero-knowledge proof system that operates without a trusted setup. [Announcement]
This version removes the need for a trusted setup by making the global state aware of individual channel states.
THe design executes payable conditions based on state updates, similar to the Lightning Network but with publicly accessible channel states.
1:17:22 Bails (Bitcoin Amnesic Incognito Live System): Bitcoin solution, installs Bitcoin Core on the encrypted Persistent Storage of Tails [Github]
Create and recover Bitcoin Core wallets from Codex32 (BIP93) seed backups, and create backup Bails USB sticks.
1:17:36 B2P Central: aggregator for Bitcoin P2P buy and sell offers from major market platforms like HodlHodl, Paxful, Peach, LNp2pBot, and LocalCoinSwap.
1:17:51 Wabisator displays a list of current Wabisabi coordinators from the Primal nostr relay.
1:18:01 Wasabist: coordinator explorer for Wasabi wallet users, displaying real-time data in a human-readable format.
1:18:12 Lava Wallet launches Lava Smart Key, inspired by Photon SDK. [Blog post]
Lava Smart Key is a solution spliting vault backups into two parts: one stored encrypted on iCloud or Google Drive, and another protected by a Lava recovery PIN on a private key server.
Privacy & Other Related Bitcoin Projects
Software Releases & Project Updates
1:29:36 SimpleX
v6.0.0-beta.0 - information about messaging and file relays used by the app
Faster connection between contacts (once all relays are upgraded)
Message delivery status in groups shows forwarded messages and inactive members
Desktop and Android:
Change font size.
Zoom-in view (desktop only).
iOS app
Chat themes
Faster scrolling
v5.8.2 - Missed call notification
Remove notifications of hidden/removed user profiles
Support for faster connection with the new contacts (disabled in this version)
Project spotlight
1:29:41 Reticulum MeshChat: A simple mesh network communications app powered by the Reticulum Network Stack. [Github]
The network permits secure transmission of messages, files and audio calls with peers, communication with other existing LXMF client (such as Sideband and Nomadnet) and “download files and browse micron pages (decentralised websites) hosted on Nomad Network nodes.”
1:29:44 Nomadnet: Off-grid, resilient mesh communication with strong encryption, forward secrecy and extreme privacy. [Github]
Built on LXMF and Reticulum, it offers cryptographic mesh functionality and peer-to-peer message routing across various communication mediums, from packet radio to fiber optics.
Sideband: extensible LXMF messaging client, situational awareness tracker and remote control and monitoring system. [Github]
Enables communication with other people or LXMF-compatible systems over Reticulum networks via LoRa, Packet Radio, WiFi, I2P, Encrypted QR Paper Messages, or any other Reticulum-supported method.
1:30:26 Entropyseal: reusable tamper-evident jar concept using a visual pattern of particles locked upon closure for verification.
The system allows pattern-match verification via smartphone camera or photocopy, making it difficult to tamper without detection
1:30:40 Proton introduces Proton Docs: end-to-end encrypted collaborative document editing platform. [Announcement]
1:30:48 FUTO Keyboard is an offline private keyboard, forked from the LatinIME project (the Android Open-Source Keyboard). [Gitlab]
Lightning + L2+
Project spotlight
1:31:35 Cashu NUT-00: introduces support for binary-encoded tokens, resulting in approximately 40% reduction in token size compared to the previous format.
1:31:56 Payto: Core Lightning companion app that can pay to lightning address, LNURL, BIP353 and bolt12 offers [Github]
1:32:09 Lampo: an experimental implementation of a tiny lightning node. [Github]
“Fast and modular lightning network implementation for all usages, written in Rust.”
1:32:15 Blitz Wallet: Self-custodial bitcoin lightning and liquid wallet using Breez SDK, Blockstream GDK and BoltzHQ API
1:32:22 Lendasat: a non-custodial, instant Bitcoin loan service via Lightning Network, powered by DLC on ARK. [Github]
BOLT 12 Playground: docker stack that comprises of bitcoind, LND, LNDK, CLN, Eclair and LDK Node. [Github]
Open source testing environment which automatically initializes wallets and open channels between nodes.
1:37:02 Chamberlain: Cashu Mint with integrated Lightning node [Github]
“This project aims to substantially increase the number of Uncle Jims running mints who can manage day-to-day Bitcoin transactions for friends and family.”
1:37:08 Phoenixd-Server-Ui: A mobile first UI for Phoenixd Server [Github]
1:37:13 Bitcoin Mints [Github]
Software Releases & Project Updates
1:51:40 Phoenix
Android/iOS
Phoenixd
1:51:51 Breez
SDK v0.5.0
Greenlight signer upgrade.
Keep closed channels in pending state until sweep
Introduce unregister webhook API
Support LNURL lightning query parameter
Show open channel fees in Invoice_paid event
Mobile lnd 0.17
Improve neutrino sync
Add better UI for collaborative channel closures
Improve payments reliability in case of long routes
Improve readability on shareable items on payment details
Add Value Time splits support to podcasts
1:51:58 Mutiny Node
Add function to return the current LSP
Exponential backoff for some retries
Add more to Testing.md
Add enable diagnostics to testing doc
Prefer gateways that support private payments
Add more logs to federation client
Set min anchor channel fee to 1 sat/vbyte
Return channel open errors to user
Don’t block on gateway fees
Set preimage for fedimint invoices
1:52:40 eNuts v0.4.1-beta
New language support and user interaction improvements have been added:
New translations: Chinese (traditional & simplified), Italian, Russian and Thai
Add the possibility to close modal on backdrop press
Revamp the settings screen
Minor UI changes in the dashboard
1:52:44 Boltz Exchange
boltz-client v2.1.0 - Autoswap - Initial chainswaps
Chain autoswap
Standalone mode
Use boltz endpoint on liquid by default for lower fees
Make sure all gdk accounts are synced on startup
boltz-backend v3.7.1 - Paying off tech debt
Include user lockup transactions in swap updates
Add details to failure reason of swap status
Throw error when setting expired invoice
Return referral id in swap created response
Configurable minimal swap size multipliers
Granular temporary and permanent mpay memory reset
Set labels for addresses and transactions
Sanitize ZMQ address wildcards
Detailed cooperative refund rejection error
Save permanent payment errors in database
1:52:46 validating-lightning-signer 0.12.0-rc.2
core: Added tests for validating trusted oracle public key
core: Implement
sign_holder_htlc_transaction
core: Make
NativeKeyDerive
struct public usablecore: Rename
TxIdDef
andOutpointDef
to clarify the txid encoding usedcore: Validate blocks using trusted oracle pubkeys
core:
channel_balance
now breaks channel counts into stub, unconfirmed, ready, and closing countsprotocol: Added hsmd protocol version 6:
GetPerCommitmentPoint
no longer returns the old secretprotocol: A new procedural macro
SerBoltTlvOptions
was added to streamline defining TLV option structuresstm32: Added unknown onchain destination approver screen
stm32: Now displays prep, active, and closing channel counts
stm32: To avoid accidentally deleting a node instance the blue button must be held down when deleting a node
vls-cli: Added new rpc methods and cli commands
1:52:47 scaling-lightning
Nostr
Project spotlight
1:59:13 NIP proposals:
Unify all peer-to-peer orders into a single pool on Nostr. [Pull request]
Add Nostr Naming System (NNS): presents a possible solution to the frequent use of easily-capturable DNS-based references in Nostr. [Pull request]
1:59:31 Noteguard: A high-performance rust-based plugin system for the strfry nostr relay by Damus. [Github]
1:59:39 Npub.pro is a new open-source project by Nostr.Band, enabling creators to setup nostr-based websites.
Client-side nip-512 engine for rendering HTML pages from Nostr events using Ghost themes [Github]
“Npub.pro does not host [creators’] data, it only hosts the code to convert Nostr events to web pages”.
1:59:49 Keychat, a secure messaging app built on Bitcoin Ecash, Nostr, and Signal Protocol.
Keychat sends messages using Bitcoin ecash as stamps and Nostr relays as ‘post offices’, ensuring decentralized delivery.
The app employs the Signal protocol for end-to-end encryption and requires no registration as users generate Nostr keys as IDs.
2:00:19 Lowent: A nostr chat client creates rooms or topics using “low entropy keys”, identified by the SHA-256 hash of a string. [Github]
2:00:31 Tracking Token Disrespector: Nostr bot to remove tracking tokens from URLs and reply them to Notes [Github]
The bot parses notes from specified relays, detects YouTube and Twitter/X URLs, and replies to the original note with tracking tokens removed.
2:00:42 Quotestr, a tool to turn a Nostr event into a quote
Rooms function as private keys for participants to send messages, supporting both anonymous and authenticated chat.
2:00:48 HiveTalk: open-source Nostr & Lightning enabled browser based real-time video conferences software. [Github]
2:00:56 FanFares.io: nostr-based open-source platform using Bitcoin Lightning micropayments to empower creators and audiences.
Podcast creators set fees to unlock content, offering listeners exclusive, ad-free experiences.
2:01:06 NostrApps: Nostr npub to Bitcoin taproot
How it works: Nostr identity is based on bitcoin taproot. The Npub is an encoding of your taproot key with npub prefix. Bitcoin taproot and testnet use the prefixes bc1p and tb1p.
Zapadd: Bulk zap advertising service on Nostr
Software Releases & Project Updates
2:02:45 Primal
Android v1.0.3
Settings: Reordering feeds.
Media uploads: Progress while uploading media attachments.
Take photo on note editor and threads screens.
Network: Caching service override feature.
Network: Ability to publish events through caching service proxy.
iOS v1.8.6 - DMs: performance improvements
Network settings: enhanced privacy
Network settings: set caching service
Overall stability improvements
Amethyst
v0.88.5 - Swipe-to-Delete Drafts - Create Ammolite, a library to host Relay access for other Nostr Clients
Add author picture when writing posts and replies
Add a Swipe to delete action on the Drafts screen
Move to non-deterministic signatures
Render relay lists (NIP-65, NIP-17, and Search kinds) as notes in the feed
Add auth.nostr1.com as a recommendation for private inbox relays
Add uploading error messages for common HTTP status codes when uploading images/videos
v0.88.0 - Performance Mode
Add performance mode on Settings
Add login with NIP-05 address
Add outbox relays to zap request: sender, receiver and author relays
Add the NIP-65 relay to zap split tag instead of kind3 relays
Add support for AVIF images
Add flare.pub videos to the media tab
Replace the post view count for a Share icon in the main feed
Nostur v1.15.0
Video uploads
Top zaps
Discover Feed
Toggles feeds on/off
Improved WoT spam filtering with Nostr Dunbar Number setting
Relay Autopilot: Connect to additional relays for people you follow, avoid top relays to reduce centralization
Relay connections statistics
Search: also search in previous name and nip05
Show previous profile pics
Add tab for just broadcasting without signing on Signer
nos.social
Mostro v0.12.2
New mostro install guide
Prohibits buyers from stealing orders
Add Docker setup and guide for building and running MostroP2P
Add return on takesell function
zap.store v0.1.3
Fix broken version comparison
Local-first loading in search screen
Scroll to top when searching
Sort apps alphabetically in update screen
Optimized checksum comparison
Add package certificate hash check
Allow hashes to be copied to the clipboard
Login fixes, auto prepend _@
Better toasts
Voyage v0.7.0
Create lists for profiles and topics
List based feeds
Delete lists
Add profile to list from profile view
Support nrelay
Show nprofile in profile view
Open njump when clicked nevent encodes unknown kind number
2:04:19 Boosts
Thanks to everyone who streamed sats, and shoutout to our top boosters:
[🏆 TOP BOOSTER] @spottysea (5,000 sats) “Thank you for all the work you put into surfacing innovations in the bitcoin space! 🙌”
@vake (5,000 sats) “🙌”
@qxotk (4,224 sats) “Is lightning dead due to insurmountable interactive complexity?”
@apemithrandir (3,333 sats)
@zdoxed (1,021 sats) “FROSTSNAP”
2:06:46 Audience Questions
2:06:46 “Learned about interactive vs non-interactive cryptography. What are some more examples of these two different types? Could you point out some common ones used in bitcoin today?” -@Ethan
2:08:04 “Hi, been enjoying the podcast a lot! I understand that bitcoin.review is pretty technical but I would love to hear your thoughts and the guests ideas about what small projects in bitcoin or nostr someone could do to learn more technicalities, maybe some interesting coding projects for beginners or other things to learn and educate yourself in this space.” - @widee
2:10:40 “How to prevent small utxo’s from being useless due to miner fees outweighed the utxo?” - @Richard-ki4nk
Bitcoin Optech Newsletter
Highlights from recent Bitcoin Optech Newsletters
Testnet4 including PoW difficulty adjustment fix is a PR by Fabian Jahr that introduces Testnet4 as a new test network to replace Testnet3 and simultaneously fixes the long-standing difficulty adjustment and time warp bugs
Disclosure of vulnerabilities affecting Bitcoin Core versions before 0.21.0: Antoine Poinsot posts to the Bitcoin-Dev mailing list about 10 vulnerabilities in Bitcoin Core versions prior to 0.21.0, which have been past their end-of-life for almost two years.
Adding a BOLT11 invoice field for blinded paths: Elle Mouton posts on Delving Bitcoin about a proposed BLIP specification for an optional field in BOLT11 invoices to include a blinded path for payments to the receiver’s node.
Estimating the likelihood that an LN payment is feasible: René Pickhardt discusses on Delving Bitcoin how to estimate the feasibility of an LN payment using only the public knowledge of a channel’s maximum capacity, without any information on its current balance distribution.
News & Noteworthy
Bitcoin
Bitcoin Core adds Security Advisories as a new page to the project website [Announcement]
This page outlines the policy for disclosing security issues found and fixed in Bitcoin Core software and lists past disclosures.
It covers versions of Bitcoin Core before v0.21.0, which are now End of Life and no longer receive updates. Additional disclosures will be posted in the upcoming months.
Significant drop in number of reachable nodes, affecting all Core versions, according to certain estimators [Bitnodes dashboard]
BTCPayServer partners with InvoiceNinja, permits self-hosting of both the checkout and invoicing. [Documentation]
Business & Finance
Mt. Gox has begun repayment to creditors in bitcoin and bitcoin cash on July 5 [Press release]
Riot Platforms launches www.ABetterBitfarms.com to inform Bitfarms’ shareholders about the corporate governance issues and Riot’s plans to reconstitute the board. [Press release]
Marathon Digital Holdings announces they are mining Kaspa, a proof-of-work digital asset, to diversify their digital asset portfolio. [Press release]
Funding
OpenSats announces its Fifth Wave of Bitcoin Grants for 10 additional projects:
Core Lightning Bookkeeper Dashboard
Cove
Fedimint On-Chain Wallet
Krux
Krux Installer
Lightning Network Protocol Test Framework
Macadamia
Tor Support for BDK & Fedimint
Utreexo
Validating Lightning Signer
Yuki Kishimoto, maintainer and creator of rust-nostr, receives long-term support from OpenSats [Announcement]
The grant will allow Yuki to continue contributing to the nostr ecosystem, via rust-nostr, and to other projects such as SmartVaults, KeeChain, rust-negentropy, CDK, BDK, and Mostro.
OpenSats launches the OpenSats Education Initiative [Announcement]
The initiative aims to fund diverse educational efforts, ensuring resources remain open-source and freely accessible.
The board has selected three initial projects for funding: Satoshi Nakamoto Institute, Mi Primer Bitcoin, and Summer of Bitcoin.
Anonymous donor contributes over $500,000 in Bitcoin to cover Julian Assange’s flight home to Australia. [Bitcoin Magazine]
River CEO Alexander Leishman joins Brink board [Press release]
Mining
Core Scientific is the first to use Block’s new 3nm ASIC mining chips, upgrading their large-scale bitcoin mining operations with approximately 15 EH/s hashrate capacity. [Block Press release]
Privacy
Relai introduces new mandatory KYC procedure for all users, to comply with Swiss regulations. [Announcement]
All unverified users must pass a verification process by October 31, 2024 in order to keep using the service.
U.S. proposes KYC requirements for Infrastructure as a Service (IaaS) providers to mitigate national security risks by verifying foreign users’ identities. [Visual Compliance]
Europol aims to weaken encryption in mobile roaming and home routing, citing the inefficiency of lawful interception [Reclaim the Net] [Europol paper]
Samourai Wallet CTO ‘TDevD’ makes his first public court appearance following extradition from Lisbon, Portugal, with the next hearing scheduled for September 10, 2024. The prosecution aims to produce discovery by this date. [Bitcoin Magazine]
Judge grants delay in Tornado Cash trial, citing the need for thorough consideration of defense motions. [The Rage]
Judge Failla questions the broader implications of convicting software creators, comparing Tornado Cash to WhatsApp. Defense claims prosecutors overstep regulatory boundaries, challenging the application of money laundering laws to decentralized technologies.
Protocol
Proposed BIP: ChillDKG, distributed key generation protocol (DKG) for use with the FROST Schnorr threshold signature scheme. [Github]
Government & Political
Bolivian Central Bank lifts ban on Bitcoin transactions after ten year long ban [Press release]
U.S. Marshals Service partners with Coinbase for large-cap cryptocurrency management [Coinbase Press release]
The U.S. House sustains President Biden’s veto on a bill to nullify the SEC’s SAB 121, requiring public companies to include customers’ Bitcoin on their balance sheets. The vote fails to achieve the two-thirds majority needed to override the veto. [CoinDesk]
The Republican National Committee (RNC) has endorsed a pro-Bitcoin stance in its 2024 party platform draft. [Bitcoin Magazine]
Global cryptocurrency exchange BitMEX pleads guilty to violating Bank Secrecy Act, admits to willfully failing to establish, implement, and maintain an adequate anti-money laundering program. [US DOJ Press release]
Events
ZapConf: weekend of hacking, learning, and fun with the Lightning Network and Nostr.
September 21-22, 2024 on Gather Town (online).
Suriname Decentralized: The Bitcoin & Nostr conference in the Amazon
November 7-9, 2024 in Paramaribo, Suriname.
BTCAzores 2024 edition has been canceled due to an insufficient number of attendees.
Bitcoin Atlantis and F.R.E.E Madeira align the conference event with the halving cycle, with the next scheduled to happen in 2028.
Reads
Here’s a list of our top recently published reads:
“Definitive explanation of my weird Bitcoin transaction” by @vostrnad [Stacker News]
How to Contribute to Open Source: A guide to making open source contributions, for first-timers and for veterans. [Guide]
Bitcoin Technology is the New Network Effect by Grant Gilliam [Ten31 Blog post]
The Steelman Case Against Bitcoin Ossification by @Cryptoquick & @Reardencode [Article]
Anatomy of a bitcoin wallet explained by Tom Honzik [Unchained Blog post]
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)