BR074 - Fountain Podcasting 2.0 on Nostr, SGX Key Extraction, Nunchuk, Mempool, Floresta, + MORE ft. Oscar Merry & Rijndael
I’m joined by guests Oscar Merry & Rijndael to go through the list.
Quote of the Day
“Protocols shouldn’t have CEOs”.
Housekeeping
00:01:15 Calling for ham radio guests to contact us for a ham panel
00:01:47 Who would you like to see on another bitcoin security panel?
00:02:11 What other panel topics would you like us to host?
00:01:31 Bitcoiner’s Guide to Getting a US Ham Radio License by HR4BTC YouTube
Vulnerability Disclosures
00:03:45 Security Researcher Extracts Critical Intel SGX Root Keys, Exposing Potential Vulnerabilities [Mark Ermolov]
Security expert Mark Ermolov announced the successful extraction of Intel SGX Fuse Key0 (Root Provisioning Key) and FK1 (Root Sealing Key), both essential for the Root of Trust in Intel’s Software Guard Extensions (SGX).
Ermolov highlighted a flaw where Intel’s microcode failed to clear an internal buffer holding sensitive fuse information, allowing the keys to be compromised.
While the root keys have been extracted, Ermolov notes that a final step remains to fully compromise Intel SGX, similar to previous work on Intel’s Converged Security and Management Engine (CSME).
00:12:52 Researchers found security flaws in 5G basebands, enabling hackers to trick phones into using a fake base station. [TechCrunch]
The researchers were able to exploit these flaws to trick phones into connecting to a fake base station, allowing them to launch attacks and potentially spy on victims, including through phishing messages and credential theft.
The researchers have released their custom-made analysis tool, 5GBaseChecker, on GitHub to help other researchers identify similar vulnerabilities in 5G basebands. Most vendors have now patched the reported flaws.
00:14:59 Rust-miniscript vulnerability disclosure (CVE-2024-44073) [Bruno Garcia’s Blog post]
A stack overflow vulnerability in rust-miniscript was identified due to inadequate recursion depth checks in the parsing process. This flaw affects versions 9 to 12 of the library and could cause crashes when processing specific “large” Miniscripts.
The bug was responsibly disclosed on July 2, 2024, and quickly addressed by the development team. Fixes are confirmed by August 6, 2024, and a CVE has been obtained for the vulnerability.
00:20:55 New macOS malware Banshee Stealer wants your crypto wallet [Moonlock]
Banshee Stealer malware emerges as a significant threat to macOS, capable of breaching both x86_64 and arm64 systems, stealing passwords, system information, and cryptocurrency wallet data.
Despite its relatively weak detection evasion techniques, Banshee is priced at $3,000 per month, similar to AMOS Stealer.
00:21:36 Hacker Samy Kamkar develops open-source infrared laser tool to spy on keystrokes and conversations [Wired]
The tool exploits laptop vibrations and window reflections to reconstruct text and capture sound.
The device advances traditional laser microphones by using a strobing infrared laser and sophisticated signal processing to significantly reduce noise, improving the accuracy of keystroke detection and audio recording.
00:23:51 ‘Sinkclose’: decade-old flaw in AMD chips enables nearly undetectable malware infections [Wired]
The vulnerability in AMD processors dates back to 2006, allowing attackers deep access to System Management Mode (SMM). The flaw enables malware to evade detection and survive even after OS reinstalls.
Exploiting Sinkclose requires initial kernel-level access, but once compromised, the malware is “nearly undetectable and nearly unpatchable,” potentially requiring physical disassembly of the computer for removal. AMD acknowledges the flaw and is releasing patches for affected products.
00:25:42 Five dollar wrench attacks:
Four Chinese nationals sought for $2M digital money robbery in Thailand [Bangkok post]
Four armed Chinese nationals broke into a luxury house in Pathum Thani, Thailand, forcing a Chinese businessman to transfer $2 million in cryptocurrency.
The suspects escaped with the house’s security camera servers and the victim’s car, which was later found abandoned.
Dutch man gets assaulted by multiple individuals after responding to an ad for buying bitcoin in Lelystad, Netherlands. [NL Times]
‘The victim responded to a Marktplaats ad to buy Bitcoin. He went to the agreed address in Lelystad and was attacked by several men. They beat him up, hit him in the head with a firearm, and forced him to transfer around 30,000 euros worth of his cryptocurrency to them.”
Police tracking down four suspects involved in kidnapping Chinese national [Bernama TV]
The kidnapping was financially motivated, with the suspects sharing $1.2 million in cryptocurrency as ransom.
The victims were released on July 15 after the ransom was paid. Ten suspects were arrested, four were killed in a shootout with the police, while efforts continue to apprehend the remaining four at large.
Israeli tourist assailants stole some $700k in bitcoin [Teletica]
Eleven Israelis in Costa Rica were attacked by eight men who overpower their security guard and stole $700k in bitcoin. Investigators, after reviewing surveillance footage, suspect the robbers are current or former police officers.
00:26:26 McRug: McDonald’s Instagram acccount takeover, leading to $700k rugpull [Reddit]
The McDonald’s Instagram account has been hacked on August 31, 2024. The new account operator released a Solana contract for a token named $GRIMACE.
00:26:48 1Password security vulnerability discovered and resolved (CVE-2024-42219) [Disclosure]
A security vulnerability was identified in 1Password 8 for Mac, potentially allowing a local attacker to bypass inter-process communication protections, and to exfiltrate sensitive data, including vault items and authentication keys.
00:26:55 Verizon demo app poses security risk on all Google Pixel phones [Dark Reading]
A pre-installed, unremovable app called “Showcase.apk” is found on all Google Pixel phones, potentially serving as a malicious backdoor. Originally intended for Verizon demo devices, it inexplicably appears on millions of non-Verizon Pixels globally.
The app, created by Smith Micro, inherits excessive system privileges, allowing remote command execution and installation of arbitrary packages. It communicates over unsecured channels, increasing vulnerability to attacks like man-in-the-middle.
00:27:14 Massive data breach exposes 2.7 billion records from National Public Data [Bleeping Computer]
Nearly 2.7 billion records containing personal information, including names, social security numbers, and addresses, are leaked on a hacking forum. The data, allegedly from National Public Data, exposes sensitive details of people in the US.
National Public Data is believed to collect and sell personal information by scraping public sources to compile detailed user profiles for background checks and investigations.
00:27:25 Bitcoin stolen in $238 million breach fails to get privacy shield, returned to original address [Cryptoslate]
Bitcoin
Software Releases & Project Updates
00:27:49 Nunchuk
Desktop v1.9.37
Add a new Byzantine role (“Facilitator Admin”) that can help clients set up wallets but is blinded to the wallet balance and transaction history
Syncing performance optimization for wallets with over 1000 transactions
Android v1.9.49
Improve Portal integration
Add a new Byzantine role (“Facilitator Admin”) that can help clients set up wallets but is blinded to the wallet balance and transaction history
Syncing performance optimization for wallets with over 1000 transactions
00:28:29 Mempool v3.0.0
Add Mempool Accelerator™ to accelerate TX from your own instance
Add Mempool Googles™ new mempool and blockchain analytics tool
Add RBF Timeline visualizations including support for FullRBF
Add CPFP and Effective Fee calculations in block visualizations
Add Liquid Network audit tool to verify holdings vs liabilities
Add new Wallet Balance widget for embedding into external sites
Add customizable CSS themes including a new high-contrast mode
Add optional support for FreecurrencyAPI fiat currencies
Add optional Redis support for faster in-memory database
Add support for legacy P2PK addresses and outputs
Add new block fees graph at /graphs/mining/block-fees
Add new fiat calculator at /tools/calculator
Re-design transaction page with new mobile “pizza tracker” UI
Re-design address page with new balance history over time
Improve Block Audit for accelerated transaction out-of-band fees
Improve Websocket API to support tracking multiple addresses
Improve search box now supports searching multiple networks
Improve TV View to add new circular clock face view
00:30:49 Nix Bitcoin v0.0.111
Joinmarket settings can now be freely specified
00:31:24 Blue Wallet
00:31:45 Krux
krux-installer v0.0.2-alpha
Code refactoration from nodejs to python
Re-build project from electron to kivy
Support for MacOS (arm64 and intel processors)
Support to download older versions
Support to devices according to the appropriate version: M5stickV, Amigo, Dock, Bit, Yahboom, Cube and WonderMV (only for beta firmware)
Flash made with the ktool from its source
Wipe made with the ktool from its source
Add settings page
Enable change path of downloaded assets
Enable change of flash baudrate
Enable change of locale
Add about page
Krux latest device: WonderMV, aka IronKrux [Announcement]
The device has the following features: display, display backlight control, touchscreen, buttons, camera, flashlight, camera anti-glare and SD card.
00:32:46 Floresta v0.6.0
Expose some unexposed values for jsonrpc: Lets the user select between getting a serialized block or a json
Bring our functional tests to life: attempts to build some basis for the Python-based tests
Async add new address to electrum: Now, if you subscribe to an address that we don’t follow yet, we’ll start following it
Implement tagged hashes for the leafhashes: This futures-proof the leaf commitment scheme from future modifications of the committed data, and it’s now part of the utreexo protocol
Connect cli option: This option lets you connect exclusively to one specific node, given its IP address
Rework internal node structure: Use our actors model to build optmized nodes for each phase of the startup process
Add AssumeValidArg enum and correct verify_script: This adds a new AssumeValidArg to make communicating the desired assume-valid more ergonomic
Add batch request for electrum: Now electrum lets users perform multiple requests at once, rather than sending one at the time
Add PoW fraud proof: Implement pow fraud proofs for our node and enable it on signet for testing
Log to file: Now you can write the logs to a file
Add lib.rs: florestad is also a lib now, it can be used on other applications and
Download and store filters from the network: Now we can download BIP-158 Compact Block Filters and use them to recover historical transactions without downloading the whole blockchain.
Cache headers on ibd: Hold headers in memory and save all-at-once, because the database can optimize some writing operations
electrum: new experimental electrum endpoints: This adds some experimental (and not used by any wallet) endpoints to the electrum server blockchain.scriptpubkey
Nixify: Add a nix-based build system and some developer tools to floresta
00:36:19 Bisq 2 v2.1.0
New features
Add support of Lightning network as an additional Bitcoin settlement method.
QR code scanner is included to ease input of addresses and LN invoices.
Improvements
Chats have been upgraded with new additions, such as reactions
Use real user activity as “liveness”state indicator to see if your peer is online
Use user’s selected language for trade log messages
00:36:30 Bitkey
Firmware v1.0.84
Fingerprint error diagnostics: Add diagnostics to count fingerprint scan errors. No fingerprint data is collected, only success rates
App
You can now pull down on the home screen to refresh bitcoin balance in the app
Feature callouts: Badges now appear to note new features
Improve price comparisons: See more detailed price comparisons across exchanges when buying bitcoin in the app
00:37:11 boltz-client
00:37:29 Boltz Exchange
boltz-backend v3.7.3 - Rewrite in Rust
Improve observability by adding OpenTelemetry tracing
Add more Prometheus metrics
Introduce ‘sidecar’ which is run as child process of the Node.js application
Webhooks for swap status updates
Custom description hashes for invoices of Reverse Swaps (used for LNURL LUD-06 compatibility)
Custom Bitcoin Core and Elements wallet names
Labels for transactions on EVM chains
00:37:39 Nodeyez v24.08
Network price info now comes from mempool.space instead of Bisq
Update fiatprice panel to use new price info from mempool.space
Update satsperfiatunit panel to use new price info from mempool.space
Sample Config files now use new attribution color and price url
00:37:50 ESP-miner v2.1.10
Reduce ASIC serial RX buf to 16 bytes and free() afer every nvs_config_get_string()
Move nvs_close in nvs_config_get_u16()
Move the whole overheat checking process into a new function and call it only of needed
Modify work queue to reduce startup mining.notify behaviour of not starting to hash
Introduce a mutec protection on http_server.c
00:37:54 Robosats: One of the official coordinator (TempleOfSats) introduces a SimpleX bot that notifies Robosats users when an order meeting a specific criteria (currency, premium, payment method, and amount) is posted. [Github]
Project spotlight
00:38:06 Pushtx: Privacy-focused bitcoin transaction broadcast tool
00:39:06 BitVaulty, Bitcoin wallet designed to neutralize the growing threats of device hacks and physical attack. [Github]
BitVaulty uses time-delayed multisignature technology, which introduces an automatic delay for any transaction.
The wallet offers protection against physical coercion by sending discreet alerts to trusted contacts via Telegram when a transaction starts.
00:39:30 SwissKnife: Bitcoin wallet with account management, Lightning integration through different providers and smart contracts for asset issuance [Github]
00:39:41 MineOps: an iOS tool designed to simplify the management and monitoring of #Bitcoin mining operations [Announcement]
The tool addresses challenges faced by miners in managing multiple hardware brands by offering features like CSV import/export for simple organization and integration. Users can also easily back up their mining operations.
Future updates for MineOps will include custom hardware integration, notifications, automation, and a full enterprise suite, with the current version being free to use.
00:39:53 bitcoinfees: Bitcoin Fees mobile app [Github]
Cross-platform, open-source app designed to monitor on-chain fees, alert users to fee changes and include a calculator to help understand fee structures.
00:40:06 Payjoin Flutter: A Flutter library for the Payjoin Dev Kit. [Github]
Allowing for Payjoin to be easily implemented to Flutter Bitcoin Apps.
00:40:10 Jippi, an interactive education app for beginners to earn and learn about Bitcoin with others.
00:40:16 PlebLab launches PlebTV, ‘a dedicated platform for a new era of TV’ [Blog post]
PlebTV aims to protect content from AI and tech giants, offering an ad-free, unlimited viewing experience focused on Bitcoin.
00:40:35 Sovran: a cross-platform wallet that supports BTC, USD, EUR, and GBP
Sovran is a Cashu wallet powered by Nostr and is for now only available on the App Store
00:40:50 Buttcoin-price: Opportunity Cost Tracker [Github]
The opportunity cost of being a Bitcoin critic
00:41:41 Audience Questions
Thanks to everyone who sent in questions. Remember to send yours to questions@bitcoin.review.
00:41:59 “What is to stop bitcoin on the main chain from being squeezed out of being used in any transaction as credit derivatives take its place due to the costs associated with moving on the main chain? And then if almost nobody is settling on the main chain why would miners continue to stand ready to solve a hash?” -@Richard-ki4nk
00:43:35 “If you’ve got 3 mk4s(or 3 separate vendors) all running same compromised darkskippy software but in a 2 of 3 Multisig? Still same risk / elevated risk or multisig set up negates? How about a single sig with weak passphrase” - wim
00:46:30 “Thoughts on using mnemonic phrases for address verification when sending Bitcoin? Client and Signer will both generate a memonic phrase of the receive address. This will make the checking of addresses more user friendly and less likely to be a victim of address poisoning or similiar as the mnemonic phrase is easier to check than the full address.” - @CosmicTacoTruck
Privacy & Other Related Bitcoin Projects
Software Releases & Project Updates
00:50:06 SimpleX v6.0.2
Reduce memory usage and app start time
Faster sending files to groups
00:50:35 reticulum-meshchat
Add new network visualiser
Add Reticulum status to about page
Add dialog on startup if Microsoft Visual C++ redistributable needs to be installed
Add ability to select codec2 modes (1200 or 3200) when recording an audio message
Add RSSI, SNR and Signal Quality to UI when clicking a message received via RNode
TCPServerInterface now shows how many clients are connected
Add support for automated Linux .AppImage releases
Add warning popup when attempting to send large files
Increase the allowed size of incoming LXMF messages from 1MB to 10MB
Refactore code base to use Vite and Vue Components
Implement Vue Router to allow for direct linking to pages
Implement endless scrolling/pagination to prevent loading all messages at once when opening a conversation
Fully Noded releases a dedicated Join Market native iOS client, available on TestFlight [Twitter post]
Project spotlight
00:51:03 Module_17, M17 modem board for 9600-baud capable radios [Github]
“A standalone smart microphone that transforms any 9600 baud capable transceiver into an M17 compatible radio.”
Lightning + L2+
Project spotlight
00:51:35 Voltage Tipper: A simple, free and easy to deploy Lightning tipping page with built in Lightning Address that works on Voltage Cloud and any LND node. [Github]
00:51:45 Bankify: turn any cashu mint into a lightning wallet with NWC support [Github]
Cashu mints provide a standardized API for melting and minting ecash tokens, akin to custodial wallet functions. The melt option allows users to pay a mint with ecash, receiving a lightning invoice in return.
Bankify is a new storage service that automates these processes, featuring Send and Receive buttons and supporting Nostr Wallet Connect commands.
00:51:52 Voltz Wallet: All-in-one Lightning Network custodial wallet
Voltz allows for both On-chain and Lightning payments, an eCash mint and numerous extensions leveraging the lnbits server.
00:52:04 2nodeschillin: LDK Node Experiment [Github]
“This creates 2 nodes connected to Mutinynet, but keeps them behind local IPs for testing between each other.”
Resurrection Wallet: desktop frontend for Phoenixd [Github]
Software Releases & Project Updates
LND v0.18.3-beta
New Features
RPC Additions
The SendPaymentRequest message receives a new flag
cancelablewhich indicates if the payment loop is cancelable.The SendCoinsRequest now takes an optional param
Outpoints, which is a list of*lnrpc.OutPointthat specifies the coins from the wallet to be spent in this RPC call.The
EstimateFeecall on thewalletrpcsub-server now also returns the currentmin_relay_fee
lncli Additions
Add the
cltv_expiryargument toaddinvoiceandaddholdinvoice, allowing users to set themin_final_cltv_expiry_delta.The
lncli wallet estimatefeeratecommand returns the fee rate estimate for on-chain transactions in sat/kw and sat/vb to achieve a given confirmation target.sendcoinsnow takes an optional utxo flag
Improvements
Functional Updates
RPC Updates
lncli Updates
Breaking Changes
Phoenixd v0.3.3
Catch webhook exceptions
Add an alternative authentication method for websocket
Add
payerNote+payerKeyto incoming payment event
Zeus
Our brand new Purchase channels in advance service,
A new interface for Core Lighting users: CLNRest, which is officially supported by the Core Lightning team
Hardware wallet / signing device support, allowing users to craft on-chain transactions, and open and close channels to and from popular hardware wallets such as: Coldcard Q, Foundation Passport, Seedsigner, Krux, Keystone Pro 3 and many others
Watch-only account import (xpub)
Batch channel opens + transactions
Close channels to external addresses
Pending HTLCs view
A new swipe to pay component for invoices >= 10,000 sats
A new layout that makes for quicker one-handed invoice scanning
A new, more performant camera
Zeus announced the integration of its lightning service provider (LSP), Olympus by ZEUS, into Lightning.Pub. [Blog post]
Blockstream Green
Stratum Benchmarking Tool 0.1.0
It serves as a comprehensive solution for testing and comparing the performance of Stratum V1 and Stratum V2 protocols across various mining scenarios. Key features include:
Comprehensive Testing Suite: Evaluate different SRI configurations with customizable role settings.
Automated Benchmarking: Automatically generate and collect performance data for both Stratum V1 and Stratum V2.
Detailed Reporting: Produce detailed reports that compare protocol performance with clear metrics and visualizations.
LNP2P Bot
BitBanana
Add bolt12 support for core lighting nodes
Add bolt12 contact type
Add lightning terminal accounts support for lnd nodes
Add lnd macaroon parsing and adapt UI according to permissions
Add watchtower support for lnd nodes
Add inbound fee support for lnd nodes
Move feature settings from advanced settings to normal settings
App can now stay 30 seconds in the background before a reconnection is necessary
CLBOSS v0.13.3 - Blinded by the Light
This point release fixes an important bug by restoring the earned fee information
The version string is now logged on startup and in the clboss-status output
Add an earnings_tracker diagram
Clams Remote v2.3.0
Branding overhaul to replace all things “Clams” with “Remote”
Add Plugins dashboard
Add UI for CLBOSS plugin
Nostr
Project spotlight
Labour, a relay for the united workers of the world by Fiatjaf [Source code]
Labour is a “proof-of-work relay with a recency tweak”; events can be stored if they have done ‘some work’ and if the relay has enough storage.
PKCP - Public-Key Chaining Protocol: Public-key chaining protocol for decentralized self-sovereign digital identity management. [Github]
“Anyone using any system that relies on public-private key pairs to uniquely identify users can publish the public keys as inscriptions on a satoshi and thus link them into one identity.”
Brostr: A native browser for the content on Nostr. [Github]
Features direct access to the content on Nostr without the web server and a standardized behavior for various contents.
DVMDash: Monitoring and Debugging tool for AI Activity on Nostr [Github]
“Data Vending Machines (nip-90) offload computationally expensive tasks from relays and clients in a decentralized, free-market manner.”
NostrDice, provably fair betting game combining the power of Lightning and Nostr. [Github]
“All you have to do is zapping a note below. Your winnings will automatically be sent back to the lightning address set in your profile.”
import-ghost: Import content from Ghost to Nostr using Npub.pro’s newest tool
“Eventually the tool will let you copy all website settings from Ghost to an npub.pro site. For now - content only.” [Note]
Angor, a decentralized crowdfunding platform built on Bitcoin and Nostr. [Testnet version]
Time-lock contracts release funds to founders in stages, allowing investors to recover unspent funds and encouraging founders to demonstrate progress. [Github]
“Angor is fully decentralized, meaning there is no middleman involved in the investment process. Angor has no backend – the platform leverages the Bitcoin network for transaction processing, while Nostr is being used for decentralized storage of projects’ metadata and direct communication with founders.”
OpenVibe: Town square for open social media
OpenVibe groups decentralised social networks such as Nostr, Mastodon, Bluesky, Threads (and more) into a single timeline
Nostr-utils, JS helpers to use with Nostr by João Bordalo (@bordalix)
Coop, a direct message nostr client for desktop [Github]
nostr-slack: A Go application that listens to Nostr events from a set of authors and posts them to a Slack channel via a webhook [Github]
Team Relay: A relay written in GO to easily spin up a relay for your team. [Github]
motherfucking-nostr-client: an original nostr client [Github]
Software Releases & Project Updates
Fountain v1.1 - Open Social Podcasting Powered by Nostr
Fountain is now a Nostr client and implemented the following features:
Connect or create a Nostr profile
Share your boosts and comments on Nostr
A new and improved home feed, turning the home feed into a Nostr’s audio layer
Audio posts from Nostr clients now appear in Fountain.
Add Zaps: listeners on Fountain and other Nostr clients can zap your post and send you a payment to show their appreciation
Add Mentions
Rust Nostr v0.34.0
nostr: add NIP-31 support
nostr: add NIP-70 support
nostr: add
EventId::LENconstnostr: add
UnsignedEvent::ensure_idmethodnostr: add missing payload arg to
EventBuilder::job_resultnostr: add
ConversationKey::newnostr: add
Request::multi_pay_invoiceconstructornostr: add
Jsonutil::as_pretty_jsonandJsonUtil::try_as_pretty_jsonmethodsnostr: add
Coordinate::has_identifierpool: add
RelayPoolNotification::Authenticatedvariantpool: add
RelayPool::save_subscriptionsqlite/rocksdb/indexeddb: allow to open database with limited capacity
sdk: add
Client::gift_wrap_toandClient::send_private_msg_tosdk: add option to autoconnect relay on
Client::add_relaymethod callsdk: add support to embedded tor client
sdk: add
Options::max_avg_latencysdk: add
Client::stream_events_ofandClient::stream_events_frommethodsffi(nostr): add EventBuilder::seal` constructor
cli: add generate command
cli: add json flag to query command
Amethyst
Improved filter for notifications
Moves service manager to the Application class
Adds protections against filters with empty arrays because some relays consider that null as opposed to empty.
Delete All Drafts now requires maximum chunks of 200 elements to avoid the 65KB stringified JSON limit of many relays.
Updates translate dependencies
Reducing the amount of CPU memory used for images to the default.
Improves wording on the name of relay types
Marks username as deprecated
Adds zap amount cache for the memory space calculations
Allows users to select and copy the notice from the relay on the relay list dialog
Fixes the order of bookmarks (keeps the order of the event, instead of the created at)
Improves the async rendering of Base64 content
Moves discovery and video lists to Outbox when Follows or relay lists are selected
Adds support for selecting authors based on their Outbox relays when searching for notes authored by them
Aligns default note comparator to NIP-01’s created at descending and then by id ascending
Keep them public to allow testing in these particular functions
Refactors to use native contains instead of custom lambdas on Ammolite’s Filter
Refactors Ammolite Filters to be regular ones and creates a PerRelayFilter for the use on Amethyst
Renames the MinimumRelayList to RecommendationProcessor
Adds haptic feedback to draft deletion swipe
Moves the ContactList cache lists to AccountViewModel, where it can be disposed more efficiently
Improves the accuracy of the Event memory counter
Adds event factory performance test
Adds extension possibility to Quartz’s event factory
Moves DataSource dispatcher from IO to Default
Makes stringRes Stable for compose
Removes Mutiny NWC button :(
Moves Relay viewModels to Default thread
Coracle v0.4.9
Add person zaps
Bring back delete
Add group feeds
Improve NIP 17 UX
Include signature in event json
Use new read status NIP
Simplify wot calculation
Add ncryptsec support (notbiebs)
Add alt tag to feeds and lists
Voyage
0xchat v1.3.1-beta
Microphone access is now only requested during voice calls
Add an “always use relay” option in voice/video calls to protect IP addresses
Voice calls can now continue in background mode
Multi-account switching is now supported
Add tips for auto-delete conversations
Improve the experience of sending images and videos in chats
@ mentions are now supported in relay groups
Add a join request entry for groups
Merge groups and channels in the contacts list
Add push notifications for group, like, and reply messages
The discovery page now supports searching for groups (by group ID, relay host, or naddr)
Group admins can now delete messages for everyone
Clicking on a reply note now navigates to the corresponding replied note
Gossip
Inbox now correctly includes all direct replies, and excludes hellthreads unless you switch to “everything”
Key generation now always gives only 02 even parity keys
Feeds should now load the right amount of events initially and per ‘load-more’ chunk
An annotate that is cancelled should not get stuck making the next reply an annotate
nos.social v0.1.24
Disable automatically generated analytics events that were sent each time the user navigated to a new screen
Show “New notes available” notification on Feed when there are new notes to display
Disable the Post button while images are still uploading
Improve app performance on first login by requesting fewer events from relays
Re-enable autocomplete when composing a note
Add push notifications for zaps
Add zaps to the Notifications view
Mostro
New actions and remove text strings, refactoring
Pow check of events incoming
Include dispute id on dispute start
Now cooperative cancelled order are no more managed by admin
Add scheduler event with relay list
Update nostr event
Add new order event spec page
Introduce a in-memory price cache
Boosts
Thanks to everyone who streamed sats, and shoutout to our top boosters:
BR073
[🏆 TOP BOOSTER] @Zero-Knowledge Goof (10,000 sats) “I enjoyed participating in this episode. @NVK is great at bringing together the quiet builders and deep thinkers in Bitcoin.”
@wotsit (10,000 sats) “I don’t understand 90% of what you guys were saying but I am glad that it seems you do, and I find that comforting. I got to the end, and do most weeks. Thank you NVK and all your guests.”
@apemithrandir (7,777 sats) “Mr Raw bringing balance to the panel of nerds.”
@vake (10,000 sats) “Bitcoin is boring”
@wartime (1,000 sats) “Good show, would love to hear a dedicated show on attacks.”
BR072
[🏆 TOP BOOSTER] @vake (10,000 sats) “Bitcoin is boring, nothing happens”
@apemithrandir (7,777 sats) “One of the hosts said you could update Ledger firmware without using Ledger Live. Anyone have a link for that?”
@qxotk (4,224 sats) “walking on grass paying attention, I am most grateful.”
@loishodls (1,000 sats) “before I fell asleep , I heard “blah blah… people are not verifying signatures…” FYI , non-programmers need explicit instructions how to do this, ideally for windows OS not Linux commands. most software I download says “verify signatures here”… doesn’t show what to verify it to. most people will follow the steps, if they are included 🙏 thank you for your patience with us retards 🫂”
Tech Tip of the Day
Buster, a captcha solver extension for humans, available for Chrome, Edge and Firefox [Github]
Bitcoin Optech Newsletter
Highlights from recent Bitcoin Optech Newsletters
Simple (but imperfect) anti-exfiltration protocol: “developer Moonsettler posted to Delving Bitcoin to describe an anti-exfiltration protocol. The same protocol has been described before, with Pieter Wuille citing the earliest known description of the technique for anti-exfil being a 2014 post by Gregory Maxwell.”
New time warp vulnerability in testnet4: Mark “Murch” Erhardt reports on Delving Bitcoin about an attack identified by developer Zawy that targets testnet4’s new difficulty adjustment algorithm.
Onion message DoS risk discussion: Gijs van Dam shares on Delving Bitcoin a discussion about a recent paper by researchers Amin Bashiri and Majid Khabbazian regarding onion messages.
Optional identification and authentication of LN payers: Bastien Teinturier suggests in a post on Delving Bitcoin that spenders could include additional data with their payments, enabling receivers to recognize the payments as coming from a known contact.
Bitcoin Core switch to CMake build system: Cory Fields announces on the Bitcoin-Dev mailing list that Bitcoin Core is transitioning from the GNU autotools build system to the CMake build system. This change is led by Hennadii Stepanov, with contributions from Michael Ford and other developers.
Faster seed exfiltration attack
Block withholding attacks and potential solutions
Statistics on compact block reconstruction
Replacement cycle attack against pay-to-anchor
Proposed BIP for scriptless threshold signatures
Optimistic verification of zero-knowledge proofs using CAT, MATT, and Elftrace
News & Noteworthy
Business & Finance
Unchained introduces Self-Service Onboarding, a new and faster unchained vault service [Website]
Zaprite announces:
Bitcoin miner Rhodium Enterprises, Inc. files for Chapter 11 in the Texas Southern Bankruptcy Court. [The Miner Mag]
Bitfarms to acquire Stronghold Digital Mining, “a vertically integrated crypto asset mining company focused on mining Bitcoin and environmental remediation and reclamation services.” [Press release]
Cryptography
The National Institute of Standards and Technology (NIST) has published first three finalized standards for post-quantum cryptography. [NIST]
In 2015, NIST initiated the selection and standardization of quantum-resistant algorithms to counter potential threats from quantum computers. After assessing 82 algorithms from 25 countries, the top 15 were identified with global cryptographers’ assistance.
Ham Radio
Bitcoiner’s Guide to Getting a US Ham Radio License by HR4BTC [YouTube]
Funding
OpenSats announces:
Long-term support for nostr developers Vitor Pamplona and Kieran Harkin
New round of grants focused on Bitcoin Core development, focusing on three up-and-coming developers working on Bitcoin’s reference implementation: [Blog post]
Donation commitment from Build Asset Management [Blog post]
Build Asset Management commits 10% of management fees from its bitcoin-backed fund to OpenSats and the Human Rights Foundation, supporting open-source Bitcoin development.
Sixth Wave of Nostr Grants: [Blog post]
Osty
Seer
Alphaama
Corny Chat
Nostroots
Yana
Dart NDK
Jester
Nostr Spring Boot Starter
Spiral announces:
Grant renewal #5 for Bitcoin Core and Stratum V2 reviewer Vasil Dimov [Announcement]
Grant renewal #1 for LNDK contributor and BOLT12 bigwig Alyssa Hertig [Announcement]
New grantee Nick Johnson for his work on improving privacy with BIP324, a Rust library that enables light client encrypted messages [Announcement]
Btrusts announces the recipients of its Q3, 2024 ₿trust Starter Grants and the Open-Source Cohort Members:
Enigbe Ochekliye @engb_os, Tobechi Chukwuleta @TChileta, Kelvin Isievwore @kelvinator05, Abubakar Sadiq Ismail @sadeeq_ismaela, Duncan Dean @dunxen and Oghenovo Usiwoma @Eunovo9.
Foundry Donate now supports The 256 Foundation mission to make Bitcoin mining free & open. [Announcement]
SimpleX receives a $1.3m pre-seed investment from Jack Dorsey and Asymmetric Capital Partners [Blog post]
Ark Labs secures a $2.5M pre-seed investment led by Tim Draper and Draper Ventures. [Blog post]
Mining
The bitaxeGamma is the latest member in the Bitaxe lineup [Skot9000’s Twitter post]
It features the BM1370 ASIC from the Antminer S21 Pro, and can reach an efficiency of 1-1.2 TH/s at around 15 J/TH from a single chip.
Privacy
Signal messenger blocked in Russia amid crackdown on communication platforms [Restore Privacy]
Russia blocks Signal citing non-compliance with national regulations aimed at preventing extremist activities. The block is confirmed by the Russian telecommunications regulator, Roskomnadzor, and affects all ISPs.
US government recommends a 30 year prison sentence for Roman Sterlingov, alleged Bitcoin Fog operator. [Court Listener]
A federal court in New York rules that border agents must obtain a warrant before searching electronic devices of both Americans and international travelers, reinforcing constitutional rights and setting a precedent for digital privacy at U.S. borders. [TechCrunch]
Protocol
Bitcoin Core #28553: adds assumeUTXO snapshot parameters for mainnet block 840,000: its block hash, the number of transactions up to that block, and the SHA256 hash of the serialized UTXO set up to that block. [Merged]
Bitcoin Core GUI #824: changes the
Migrate Walletmenu item from a single action to a menu list, allowing users to migrate any legacy wallet in the wallet directory, including unloadable wallets. This change prepares for a possible future where legacy wallets may no longer be loadable in Bitcoin Core, with descriptor wallets becoming the default. [Merged]Bitcoin Core #28280: optimizes Initial Block Download (IBD) performance for pruned nodes by not emptying the UTXO cache during pruning flushes. [Merged]
Bitcoin Core #28052: adds XOR encoding to
blocksdir *.datfiles on creation as a preventative mechanism against unintentional and accidental data corruption by anti-virus or similar software. [Merged]Bitcoin Core #30493: enables full RBF as the default setting, while leaving the option for node operators to revert to opt-in RBF. [Merged]
Bitcoin Core #30352: introduces a new output type, Pay-To-Anchor (P2A), and makes its spending standard. [Merged]
Government & Political
Binance faces ‘access restrictions’ in Venezuela, rendering access to the platform impossible for residents until further notice [Binance’s announcement]
Iran offers bounties to stop crypto mining amid severe power shortage [Iran International]
Iranian authorities crack down on unauthorized mining, offering a bounty of one million toman (about US$20) for reporting illegal mining equipment, leading to the discovery of over 230,000 illegal devices.
Germany seizes €250k in cash from thirteen unauthorized cryptocurrency ATMs [Reuters]
Located across 35 sites, the machines were seized for potential money-laundering risks and were found to lack the necessary regulatory approvals.
Nigerian politician and Bitcoiner James Otudor, has “filed a landmark lawsuit against key Nigerian government entities, challenging restrictions on the ownership, use, and trade of Bitcoin, USDT, and other cryptocurrencies.” [Twitter post]
Events
OP_NEXT: A scaling conference for Bitcoin builders, developers and founders.
November 9, 2024 in Boston, US
Reads
Here’s a list of our top recently published reads:
Engineering a backdoored bitcoin wallet by Adam Scott and Sean Andersen, Block, Inc [Usenix]
A bitcoin scam uncovered: how a wallet generator likely generated addresses that its operators had the private keys for. [Stacker.news]
Can Nostr Make Twitter’s Dreams Come True? by Alex Gladstein [Note]
UK NCA Claims Crypto “Increasingly Used” For Money Laundering, E2EE Risk To Children [The Rage]
Episode submission ideas
We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)