BR077 - BIP85 Drama, Bitcoin Core, secp256k1, DATUM, Jam, Krux, Twelve Cash, NomadNet, Salt Typhoon Hack + MORE ft. Rob & Paul
I’m joined by guests Rob Hamilton & Future Paul to go through the list.
Quote of the Day
“Peter Todd is not Satoshi.”
Housekeeping
00:00:59 Nostr Rising dropping soon!
00:02:32 COLDCARD Tutorials
Tutorial: Disable NFC and USB: Learn how to disable the NFC and USB functions on our COLDCARD Q.
Tutorial: Proper Coldcard Disposal Learn how to dispose of your COLDCARD Q securely
00:02:35 European Coldcard reseller Coldhodl adds new colors to its Coldcard Q offering: Black and Orange [Announcement]
Urgent Vulnerability Disclosures
00:02:50 BIP85 Drama
“Folks broke BIP85 without any reach out to vendors, we are no longer following the BIP let the install base size rule the spec…” @nvk
“Sorry for the knee jerk reaction. Got super annoyed at the lack of discussion with vendors. Not that’s their job but also no other way for any vendor to know either. Just one of those comms problems we still have in bitcoin standards.” @nvk
BIP85: Clarify spec, correct test vectors, add Portuguese language code, add dice application
00:13:35 Non-disclosure of a consensus bug in btcd [Delving Bitcoin]
A consensus bug in btcd, reported in March 2024, allows attackers to hard fork nodes using a simple transaction. Although it has minimal impact on the broader Bitcoin network, it poses a critical risk for btcd users.
The bug was fixed in version v0.24.2 64, but about 16 nodes, representing 0.022% of Bitcoin full nodes, remain vulnerable. Users are urged to upgrade immediately to prevent potential attacks.
Despite initial requests to delay public disclosure, the team plans to reveal full details on October 10th, prioritizing transparency and user awareness.
00:14:46 Bitcoin Core: RPC breakage with v28.0 [Open issue #31039]
Stricter RPC implementation breaks current version of LND, electrs and Dojo.
Bitcoin
Software Releases & Project Updates
00:19:57 Bitcoin Core v28.0 - Official release
Testnet4/BIP94 support: Support for Testnet4 as specified in BIP94 has been added
P2P and network changes:
Bitcoin Core will now fail to start up if any of its P2P binds fail
UNIX domain sockets can now be used for proxy connections
Additional flags “in” and “out” have been added to -whitelist to control whether permissions apply to incoming connections and/or manual
Transactions that are too low feerate will be opportunistically paired with their child transactions and submitted as a package
Mempool Policy Changes:
Transactions with version number set to 3 are now treated as standard on all networks
Pay To Anchor(P2A) is a new standard witness output type for spending, a newly recognised output template
Limited package RBF is now enabled
Updated RPCs:
Using
sendrawtransaction
rpc, update help text from “Transaction already in block chain” to “Transaction outputs already in utxo set”The default mode for the
estimatesmartfee
RPC has been updated fromconservative
toeconomical
An item of unspents, of
scantxoutset
, has two new fields:blockhash
andconfirmations
Updated REST APIs: Parameter validation for
/rest/getutxos
has been improved by rejecting truncated or overly large txids and malformed outpoint indices by raising an HTTP_BAD_REQUEST “Parse error”Updated settings:
When running with
-alertnotify
, an alert can now be raised multiple times instead of just oncemempoolfullrbf=1
is now set by default
Wallet: The wallet now detects when wallet transactions conflict with the mempool
00:24:03 secp256k1
The MuSig2 module has been [Merged into libsecp256k1.
“This marks significant progress in the real-world deployment of MuSig2 as it’ll be available to all existing projects using libsecp256k1 with the next release.”
“The module has been designed to be as safe to use as possible. We give two rules that, when followed by the implementer, prevent nonce reuse.” ~ @n1ckler
00:33:04 BDK v1.0.0-beta.5
This release changes bdk_wallet transaction creation to enable RBF by default, it also updates the bdk_esplora client to retry server requests that fail due to rate limiting. The bdk_electrum crate now also offers a use-openssl feature.
00:34:23 Electrs v0.10.6
Update dependencies (
bitcoin
,configure_me_codegen
,crossbeam-channel
,log
)Deprecate unused config option timestamp
Don’t fail if bitcoind fee estimation is disabled
Save on allocations by using fixed size types for database rows
00:35:53 Nunchuk
00:36:26 Mempool v3.0.1
Enable RUST_GBT by default
00:36:42 Blockstream Green
00:37:15 Krux
New Device Support: WonderMV
Add Support for Korean and Simplified Chinese
Faster PSBT Scanning
Improved QR Code Scanning
UI Standardization
Enhanced Scanning Progress Bars
Mnemonics Editor:
Loading Mnemonics: you can now correct typos and mistakes during the review stage by simply tapping or navigating to the incorrect words
New Mnemonic: When generating new mnemonics through dice rolls or camera images, you can now modify the entropy by changing some of the mnemonic words
Support for Scanning Various Binary Grid Formats
Message Signing Using SD cards
Generate Double Mnemonics from Camera
Add Account Descriptor Type Support
Enhanced File Exploring
Krux experiments with a purely cryptographic ‘wax seal’ designed to reveal tampering by displaying contents only when the correct PIN is entered
“To leave no room for tricks with empty spaces on the flash, we can now fill them with random entropy from the camera feed when a PIN is set.”
00:38:58 Coinbase
Coinbase․com users can now send Bitcoin to Taproot addresses, creating access to more onchain destinations. [Announcement
00:39:17 BoltzExchange
web-app v1.4.2
Improve swap list
Implement RIF relay for claim transactions
Multiple wallet selection options
Remember wallet of swap
Scan contract logs for possible refunds
Renegotiate chain swap amounts
Show swap ID after uploading file
Client v2.1.7
Allow macaroon to be encoded in hex
Allow insecure lnd connection
Add custom reverse swap invoice expiry
00:39:22 Jam v0.3.0 - Freezing Fig
Quickly freeze/unfreeze UTXOs on send page
Review eligible or selected UTXOs
Ability to trigger a rescan of the timechain
00:42:57 libwally core v1.3.1
Elements: Add
wally_tx_get_elements_weight_discount
for computing ELIP-0200 weight discounts
00:43:02 Simple Bitcoin Wallet v2.6
Add hardware wallet support
Add built-in Tor support
Add LNURL support
00:43:13 Braiins Toolbox v24.09
Batch Hashrate Target Tuner mode now fully supported, allowing for batch hashrate target setting on Braiins OS devices during Braiins OS installation and Dynamic Performance Scaling (DPS)
Enhanced Device List features such as sticker hashrate, default power target, and more
00:43:20 LiveWallet v0.9.0
Builds for linux redhat distributions
Builds for windows
00:43:30 The RoboSats Federation now sends notes to clearnet relays, users can now find orders on the following relays: [Note]
wss://freelay.sovbit.host
wss://nostrvista.aaroniumii.com
wss://nostr.satstralia.com
Project spotlight
00:43:46 DATUM by Ocean Mining: Decentralized Alternative Templates for Universal Mining [Press release]
DATUM is a decentralized mining protocol designed to shift power back to individual miners, allowing them to construct block templates instead of relying on centralized pools.
00:47:31 BDK Swift Example Wallet
An example iOS app using Bitcoin Dev Kit via language bindings.
00:48:29 Decoding Bitcoin: An interactive, exercise-heavy approach to learning Bitcoin [Github]
Scripts is the first and only module available, with Keys and addresses, Wallets and Transaction coming soon.
00:48:42 Twelve Cash: API for creating BIP-353 usernames [Github]
Twelve Cash is an attempt to encode bitcoin payment instructions, specifically BOLT 12 offers, into DNS records
The v1.0.1-beta release features:
User Accounts and Paid User Names
Add random paycode trpc endpoint
Get user paycodes endpoint
Add lnd rest create invoice lookup invoice
00:51:29 Kyoto Bitcoin Light Client: An Implementation of BIP-157/BIP-158 [Github]
Kyoto is a simple, memory-conservative, and private Bitcoin client for developers to build wallet applications
The v0.2.0 release adds support for a new silent payments feature-flag:
Receive block filters directly
Request blocks directly
Pause the node state before downloading filters
00:51:48 Bitcoin script editor & visualizer: A playground for learning how to construct different spending mechanisms [Website]
Experiment with basic, multi-sig and timelocked transactions
00:51:53 Wesatoshis: new hardware warm wallet for Bitcoin, capable of offline custodial Lightning payments and on-chain Bitcoin transactions. [Announcement]
Built with an Arduino board, screen, camera, and buttons, the wallet runs a full SPV node. It operates by connecting to other nearby Wesatoshis wallets within a 500-meter range.
00:52:19 UtxoPocket: UtxoPocket is a Bitcoin watch only wallet that connects to Electrum
The project is in beta and will be open-source in the near future, says its developer. [Announcement]
Bitcoin PIPEs (Polynomial Inner Product Encryption): introducing covenants without soft forks [Misha Komarov’s post on Delving Bitcoin]
PIPEs rely on cryptographic proofs to enforce transaction rules, maintaining Bitcoin’s trustless principles. After a one-time trusted setup, PIPEs minimize trust assumptions, allowing secure and efficient transaction logic without relying on custodians or off-chain solutions.
00:52:28 Simple Proof: tool designed for institutions to improve transparency and ensure the authenticity of documents by incorporating robust timestamping [Explorer]
Vulnerability Disclosures
00:52:43 Supply chain attack: New details on Mossad’s pager operation [The Washington Post]
Mossad engineered the pagers to appear trustworthy by manufacturing them in Israel under Taiwanese branding, concealing both their origin and the explosive components, making the devices virtually impossible to detect.
Mossad’s 2022 operation involved covertly supplying Hezbollah with 5,000 seemingly secure Apollo-branded pagers, rigged with hidden explosives. The AR924 pagers were designed to be durable and undetectable, appealing to Hezbollah’s need for secure battlefield communications.
00:53:29 Backdoored backdoors: Chinese-linked ‘Salt Typhoon’ hack targets U.S. wiretap networks and broadband providers [WSJ]
Chinese hackers massively wiretapped U.S. broadband networks by targeting systems used for court-authorized wiretaps, accessing sensitive information from lawful surveillance systems.
00:56:37 Decade-old Linux vulnerability enables DDoS and remote code execution via the Common Unix Printing System (CUPS) [Hack Read]
A Linux vulnerability discovered by Simone Margaritelli allows for remote code execution (RCE) and can be exploited to launch DDoS attacks targeting the Common UNIX Printing System (CUPS).
00:58:14 Perfctl: newly discovered Linux malware Persistent infiltrates thousands of servers since 2021 [Ars Technica]
Perfctl is known for its stealth capabilities and its role in cryptomining, notably pausing its mining activities when a user logs into the affected machine.
It can also function as a traffic relay and facilitate the installation of additional malware on compromised systems.
00:59:05 Google’s latest phone raises privacy concerns over frequent transmission of personal data, including location, email addresses, and network information, to Google servers every 15 minutes. [Forbes]
Researchers found that even when GPS was disabled, the Pixel 9 Pro still shared location data via Wi-Fi networks.
Additional concerns include the phone’s ability to remotely install software, as it regularly communicates with Google’s staging environment for potential updates.
00:59:34 Over 100 million Americans have had personal information leaked due to a security lapse at background check company MC2 Data [Cybernews]
The company left a 2.2TB database unprotected (passwordless), exposing sensitive data like names, email addresses, birthdates, phone numbers, and employment histories to anyone on the internet.
Privacy & Other Related Bitcoin Projects
Software Releases & Project Updates
1:00:19 SimpleX v6.1.0-beta.2
New audio/video calls - switch between audio and video in one call
New UI for switching chat profiles
New conversation layout - grouping messages, date separators
1:00:48 Sideband
Add support for connecting to RNodes over BLE
Add RNode battery info to connectivity status dialog
Add option to use high-quality voice for PTT
Improve notification handling
Tapping notifications on Android now goes directly to the relevant conversation
Automatically ask user for background service permission on Android
1:01:05 reticulum-meshchat v1.13.0
Add support for network visualiser when connected to shared instance
Add support for showing custom display names in network visualiser
Add support for sending simple page data in nomadnet page links
Add LXMF stamp cost and ticket expiry to conversation toolbar
Add more support for micron format
1:01:16 NomadNet v0.5.4
Add opportunistic message delivery if destination ratchets are available
Project spotlight
1:11:18 Privacy Index: An index of all things digital privacy to help you stay private online. [Github]
“PrivacyIndex is a non-exhaustive, work in progress archive of threats, tools and topics to help you stay private online”
1:11:25 DarkIRC: An anonymous P2P chat “without identities and message links” by DarkFi project [Release notes]
The project is available on Linux, MacOS, Windows and Android, and is the first step announced in building the DarkWallet platform.
Lightning + L2+
Project spotlight
1:11:46 Diamond Wallet: new self-custodial Lightning wallet from built using Breez SDK and Blockstream’s Greenlight nodes. [Announcement]
Bolt Link is a key feature of the wallet: a bit.ly alternative with Lightning payments, where users can earn sats for watching ads within the in-app browser.
1:11:53 LNUnit: C# Lightning Networking Unit Testing Library [Github]
“LNUnit is a unit-testing framework for Bitcoin Lightning network systems. It provides an easy-to-use interface for developers to write tests that check the functionality and performance of their Lightning network applications.”
1:11:58 PLEBNET-Wiki: A Wikipedia for the Lightning Network [Github]
“PLEBNET is a vibrant community of Bitcoin enthusiasts, developers, and node operators dedicated to growing and strengthening the Lightning Network.”
1:12:03 Matrix-Lightning-Tip-Bot: A btc lightning network tip bot for the matrix framework, inspired by the LightningTipBot Telegram project. [Github]
1:12:14 Predyx: A Lightning Network native prediction market
1:12:18 Fedimint Web SDK: A toolkit for building fedimint & lightning wallets in the browser [Github]
A Robust, privacy-focused, and WebAssembly-powered fedimint client for the browser.
1:12:21 Fedimint Observer: Fedimint Federation Explorer aimed to become the ‘mempool.space for Fedimint’ [Github]
1:12:23 NWC Tester: new tool by @supertestnet to test NWC strings to identify what they are and what they can do
Software Releases & Project Updates
1:12:38 Ark v0.3.0 - VTXO Tree Signing and New Onboarding Process
VTXO Tree Signing: introduces the implementation of MuSig2 for VTXO tree signing
New Onboarding Process: simplified onboarding process so that users can now join Ark by simply sending funds to a boarding address
Extended Functionality
Enhanced Client SDK
Reversible Policy for Pending VTXOs
Chain Offline Payments
Bitcoin Wallet Restoration for Covenantless ASP
Improved Efficiency
Dynamic Fee and Dust Amount Handling: Ark now dynamically fetches dust amounts and minimum relay fees based on chain activity, replacing hardcoded values
Improved Testing: expanded the e2e testing suite to include adversarial scenarios
Developer Experience:
CLI built with Ark SDK
API Renaming
1:13:17 Lightning Terminal v0.13.995-experimental
The Lightning Terminal (LiT) experimental release is the alpha-preview build that brings Taproot Assets to the Lightning Network, with support for Taproot Asset Channels.
Clarify Asset Balance Reporting: ListBalances now supports the include_leased flag, which will include leased asset balances in balance queries.
Tap Channel Liquidity Fixes: Fixed issues with tap channel liquidity calculations, including sending very small or very big asset amounts.
RFQ Price-acceptance Tolerances: Added AcceptPriceDeviationPpm configuration.
RFQ Quote Accept Message Parsing: Improved RFQ quote accept message parsing by looking up the associated quote request message.
Aux Signer Signal Handling: Improved aux signer signal handling to prevent quit signals from being missed.
Coin Select Type: Added a new CoinSelectType enum to FundVirtualPsbt to specify script key type.
Dust Checks for Allocations: Added dust checks for allocations in tap channels.
1:13:33 LNDg v1.9.0
Inbound fees can be set from the /advanced page (negative values only)
Inbound fees will be shown next to successful forwards when LNDg detects the inbound fee was used
Unify logs between docker and manual installers
Add setting LND-DisableMPP to force rebalances to not use MPP (available at: /api/settings/)
Add a consolidate UTXOs button
Show attempted ppm when HTLC failure was fee insufficient
1:13:43 Boltz launches BTCPay plugin to accept Lightning payments without running a node [Blog post]
‘Nodeless’ mode: any merchant using BTCPay Server (even on a shared BTCPay instance) can now accept Lightning - powered by Liquid Swaps 🌊
Autoswap to mainchain: when using Liquid Swaps, the BTCPay Plugin allows for triggering swaps back to the mainchain based on a set of preferences
Integrated wallet system: create or import Liquid/mainchain wallets
Built on Taproot: fully leveraging the power of Taproot Swaps
Non-custodial: as with all Boltz products, all mentioned features are powered by Boltz Atomic Swaps, allowing merchants to stay in control of their money
1:13:45 Shockwallet v0.0.13-beta - NIP68 Debits
NIP68 debits
userinfo includes ndebit
Add copyable ndebit string and show debits for selected source
Rerender linked apps after ndebit string fetch
Add new nostr-tools fork hash
Create rule
Debits placeholders
Debit improvements
Ndebit discoverable checkbox
1:13:51 minibits v0.1.9
Significant performance improvements for cryptographic operations
Redesigned main wallet screen: The main wallet screen has been redesigned to include fiat exchange rates and an overview of NWC limits.
Ecash storage reliability and stability improvements: improve the reliability and performance of local ecash storage, especially for wallets with a large number of ecash notes (thousands).
1:13:55 clboss v0.14.0 - Hand at the Grindstone
Upgrad
EarningsTracker
to a time bucket scheme allowing storage and access to earnings and expenditure data over specific time rangesAdd new scripts in
contrib
for displaying earnings historyAdd
Util::BacktraceException
which captures backtraces where an exception is thrown and then formats them for debugging when they are displayed with `what()
1:14:01 LNMarket v02102024
Account migration: All account types can now transition to a credentials-based authentication method
Important: For users of Joule and Slashtags, this migration is mandatory, as these authentication methods will be disabled at the end of the month
Account Recovery: All account types can now register an email for account recovery
1:14:12 Star9Labs v1.10.1
Alby Hub initial release for StartOS
Nostr
Project spotlight
1:14:23 Khatru: A framework for making custom Nostr relays [Github]
Create custom event or filter acceptance policies, AUTH handlers, storage and pluggable databases, webpages and other HTTP handlers.
1:14:29 Note Mixer Relay: A Nostr relay that mixes and anonymizes events using the Khatru framework [Github]
Key features include: Event mixing and anonymization, Configurable allowed event kinds, Optional pubkey whitelisting and Event rebroadcasting to other relays.
1:14:36 Comet: an encrypted and shareable note-taking app with Nostr integration [Github]
1:14:44 Dart Nostr Development Kit: a Dart library designed to enhance the Nostr development experience (Dart/Flutter NDK package) [Github]
“Beside basic stuff …, it features: several GOSSIP strategies for calculating relays for feed, Rust event verifier …, caching support, network bandwidth optimization, convenience methods for common nostr usecases, high test coverage and good documentation.”
1:14:48 nostr-fetch: A utility library that allows JS/TS apps to effortlessly fetch past events from Nostr relays [Github]
1:14:49 ONOSENDAI: The Cyberspace client for the one true metaverse: nostr [Github]
ONOSENDAI is an experimental client that visualizes the Nostr protocol in 3D, extending reality into digital space. [Announcement]
It features a coordinate system derived from a 256-bit number and divides cyberspace into manageable sectors for better navigation.
Users can create and own constructs, place 3D objects called shards, and control avatars representing humans or AI within this digital environment.
1:14:56 Nowser: A nostr signing app for IOS and Android [Github]
Nowser offers NIP-07, NIP-46 and NIP-55 for Android users and NIP-07 and NIP-46 for iOS users.
1:15:03 Route96: Image hosting service [Code repository]
Its main features include: NIP-96 and Blossom Support, Image compression to WebP, Blurhash calculation and AI image labeling.
1:15:06 Ghost relay: A Nostr relay where events are truly ephemeral [Github]
“It deletes events right after they have been queried by a user. Useful for very specific applications where no traces are desired, like shh.com”
1:15:09 Grain (Go Relay Architecture for Implementing Nostr): an open-source Nostr relay implementation written in Go [Github]
This project aims to provide an efficient and configurable Nostr relay.
1:15:14 Chronicle: A Nostr personal relay that support the Outbox model, with spam protection by WoT [Github]
“Chronicle is a personal relay Nostr, built on the Khatru framework, that stores complete conversations in which the owner has taken part and nothing else: pure signal.”
1:15:16 Notestack: A decentralized blogging platform using Nostr relays with lightning tips [Github]
Notestack is a long-form content nostr client inspired by the Blogstack project
HAVEN (High Availability Vault for Events on Nostr): a sovereign personal relay for the Nostr protocol, for storing and backing up sensitive notes like eCash, private chats and drafts [Github]
The relay has features such as web of trust, inbox relay, cloud backups, blastr and the ability to import old notes.
1:16:14 Atomstr: a RSS/Atom gateway to Nostr [Source code]
Atomstr “fetches all sorts of RSS or Atom feeds, generates Nostr profiles for each and posts new entries to given Nostr relay(s).”
1:16:24 Nostr Metadata Updater: Scans all known online nostr relays for stale kind 0 metadata notes, rebroadcasts latest verified note [Github]
1:16:28 Minestr: A bitcoin mining sim where nostr users compete against each other for sats while learning about bitcoin and nostr.
“50% of all in-game lightning payments go to the epoch winner and the other 50% go to OpenSats” [Announcement]
1:16:36 GM Relay: A Nostr relay that only accepts GM notes once a day, by fiatjaf. [Github]
Comes with a bot to fetch some stats about your GMs.
1:16:44 NostrSMS: A service using XMPP and jmp.chat to post to Nostr from a simple SMS [Code repository]
Software Releases & Project Updates
Damus newest version
Support for viewing Highlights and a way to create highlights in the Safari share sheet
Push notifications powered by our new nostr push notification server (notepush)
More obvious friend filter for reducing spam in notifications and DMs
Improved reconnection speed
Support for AlbyHub zaps
Amethyst v0.92.0 - Tor and Transient Accounts
Add tor node
Add multiple settings for the use of Tor
Add privacy presets to simplify Tor choices
Add support for NFC-hosted transient accounts
Add button to take and add pictures from camera
Add Uncompressed option when uploading media
Add support for Bloom filters
Add zapstore yaml setup
Add mempool api to verify OTS via Tor
Coracle v0.4.11
Add NIP 55 support to Android
Add negentropy support
Simplify sync for messages, groups, and notifications
Iris
The newest version is based on NDK
Zero-configuration zaps for new users: comes with a [npub]@npub.cash lightning address and an integrated Cashu wallet (cashu.me)
ReplyGuy-free experience: automatically hides content by users not in your social graph
‘Unseen’ feed: click ‘home’ or switch tabs to refresh
‘Adventure’ feed: shows content from everyone in your social graph
Social graph based fast user search
Better scroll position retention on back navigation
The developers also added a tool for crawling the follow lists of your friends-of-friends and “the option to download a large pre-crawled social graph with 161K users and 5.25M follow relationships”. [Note]
Lume
Nos v0.1.27
Add the option to preview a note before posting it
Add functionality to share notes link through the 3 dots note menu
Add routing to profile when tapping on follow notification
Add support for NIP-62 Request to Vanish events
Delete all user data when logging out
Publish empty metadata event and empty contact list on delete account
Oxchat v1.3.4-beta
Add message jump feature for replies, search, and paginated message loading
Add encryption for audio and videos in DMs/private groups before uploading
Add support for custom Blossom servers, and removed the default 0xChat file server
Add the ability to preload group messages before joining
Nostur v1.16.0
Nostr Nests integration
Live video streams and chats
VPN detection toggle: only connect to additional relays if VPN is detected
Reduce data usage for new follower notifications
Gossip v0.12.0
Bookmarks support (including private bookmarks)
Global feed and per-Relay feeds (with volatile storage, erased when you quit)
Friends-of-friends scores shown in avatar
Improve spam filtering script with more inputs to make decisions on
Nostrmo v2.9.1
Add previous to NIP-29’s messages
Search memery notes also search from local relay
nostr.build change to using NIP-96 upload
Dirty world filter add support for space
Add WOT filter support
Mostro v0.12.5
Hotfix for changing admin-settled message from dispute to order
Add info publish interval to settings
Additions to have tokens for dispute
Implement gift wrap
Avoid a buyer taking the same order twice in status waiting-buyer-invoice
Yana v0.15.0
List transactions
Send and receive in wallet
NWC subscription notifications
Improve hell threads handling
1:19:25 Audience Questions
Thanks to everyone who sent in questions. Remember to send yours to questions@bitcoin.review.
“Can you explain why the usage of libsecp256k is one of the most important choices in writing Bitcoin code, for this of us who are not cryptographers and do listen to the end? And answer in as non-engineery a way as possible?” -@drianmalcolm
Boosts
1:25:53 Thanks to everyone who streamed sats, and shoutout to our top boosters:
[🏆 TOP BOOSTER] @drianmalcolm (25,000 sats) “Also I’ve been thinking lately about not trusting the randomness of Ledger and other closed source secure elements which are under NDAs, and using dice rolling. Perhaps for solidarity have Pascal from Ledger on the show.”
@Ape Mithrandir (7,777 sats) “Big milestone for Sparrow, hitting 2.0”
@Chris @ seedor_io (5,000 sats) “The timing attack you were looking for in the last episode was with BitMEX and their 3-of-4 multisig, with 3 keys held by the founders and a fourth vanity key thrown in to give the addresses a cool 3BiTMEX prefix. By watching which keys signed off on daily withdrawals, one could make a good guess about who owned what key.”
@podconf (5,000 sats) “THIS PODCAST IS PODCONF Disapproved ❌ NVK is a NOSTR apologist which is an attack on Bitcoin (America). This podcast continues to support this noncompliant technology. Submit Proof of Compliance® and a public apology if you want your status updated.”
@vake (5,000 sats) “Bitcoin is boring.”
@btconboard (1,111 sats) “Thanks, especially love hearing more about Liana, Anchorwatch, and miniscript”
Tech Tip of the Day
1:31:21 Changesets: A tool to manage versioning and changelogs with a focus on multi-package repositories [Github]
Bitcoin Optech Newsletter
Highlights from recent Bitcoin Optech Newsletters
Impending btcd security disclosure: Antoine Poinsot announces on Delving Bitcoin the upcoming disclosure of a consensus bug affecting the btcd full node, scheduled for October 10th.
Disclosure of vulnerability affecting Bitcoin Core versions before 24.0.1: Antoine Poinsot shares a link on the Bitcoin-Dev mailing list regarding a vulnerability in Bitcoin Core versions that have been unsupported since at least December 2023. This announcement comes after earlier reports of vulnerabilities in older versions.
Hybrid jamming mitigation testing and changes: Carla Kirk-Cohen shares information on Delving Bitcoin regarding multiple efforts to overcome a mitigation method for channel jamming attacks initially suggested by Clara Shikhelman and Sergei Tikhomirov.
Shielded client-side validation (CSV): Jonas Nick, Liam Eagen, and Robin Linus submit a paper to the Bitcoin-Dev mailing list discussing a new client-side validation protocol. This protocol enables the secure transfer of tokens using Bitcoin’s proof-of-work while keeping details about the tokens and transfers confidential.
Draft of updated BIP process: Murch announces on the Bitcoin-Dev mailing list that a pull request is available for a draft BIP detailing a revised procedure for the BIP repository.
News & Noteworthy
Bitcoin
Ledger launches Ledger Key Ring Protocol, its solution for secure data sharing [Announcement]
The protocol allows users to generate and manage encryption keys, giving them full control over their data, similar to a decentralized Google Drive.
Ledger’s solution aims to complement existing standards, offering granular control over shared data through its range of products, without requiring users to store all their data on the device.
DLC Markets transitions to Bitcoin Mainnet [Blog post]
Business & Finance
Swan Bitcoin’s lawsuit involving tether and alleged coup in mining business [The Miner Mag]
Swan Bitcoin accuses former executives of resigning en masse, stealing proprietary mining software, and forming a new company to manage Tether’s mining operations.
Proton Managament has since then denied allegations made by Swan Bitcoin in a written response
1:31:56 Bitkey partners with Robinhood App, allowing US customers to buy and transfer Bitcoin on their Bitkey hardware wallet with Robinhood Connect [Announcement]
BitBoxSwiss partners with Pocket Bitcoin, implementing ‘secure bitcoin sales’ [Blog post]
BitBoxApp now allows users in Europe to sell bitcoin directly, the process sends exchanged funds to users’ bank accounts after transaction confirmation.
Centralized exchange Gemini plans to end operations in Canada by the end of 2024, citing regulatory pressures as a driving factor [Cryptoslate]
Tradfi
1:32:33 BlackRock requests changes to their custody agreement with Coinbase and asks the SEC to modify the bitcoin withdrawal procedures for its Bitcoin spot ETF over concerns to Coinbase’s custody practices. [Atlas21]
The request mandates the custodian to complete bitcoin withdrawal within 12 hours of receiving instructions.
Funding
OpenSats announces:
Second Wave of Education Grants, the six projects of this funding wave are:
Bitcoin Jungle
Bitcoin Indonesia
Deciphering Bitcoin
BOBSpaces Residency - Cohort 3
Satsie’s Pocket Guides
Africa Free Routing
Long-term support for Jon Atack, contributor to Bitcoin Core and the Bitcoin Improvement Proposals, and Dusty Daemon, creator behind Splicing on the Lightning Network.
Human Rights Foundation announces new grants for North Korean Human Rights:
The NGO Council for North Korean Human Rights
NK Human Rights Corporation
Korea Young Leaders Forum
International Democracy Hub
The North Korea Baseball Association
Maelstrom awards Jon Atack a one-year Bitcoin developer grant [Announcement]
Brink, a non-profit organization supporting Bitcoin developers, publishes its 2023-2024 annual report. The organization has raised ~$2.4M in 2023 from 500 different donors and its expenses were ~$1.6M.
UK-based Bitcoin payments business, Musqet, secures £750k in funding round led by Axiom [Press release]
Privacy
Saving Privacy Act: A Bill to reform financial privacy
The Act revises financial privacy laws, prohibits central databases from storing personal information and central bank digital currencies, and updates executive regulations and penalties. [The Rage]
Tor Project & Tails join forces: the Tor Project and Tails have merged operations to improve collaboration, expand outreach, and counter digital surveillance. [Blog post]
Over 300 scientists and researchers sign open letter on their position on the updated version of the EU’s proposed Child Sexual Abuse Regulation [Open letter]
Telegram updates privacy policy on user data sharing. The new policy allows sharing users’ phone numbers and IP addresses with law enforcement based on valid legal requests. [Durov’s announcement]
Tornado Cash case challenges code as protected speech, expands MSB responsibilities [The Rage]
In a key ruling, a judge in the Tornado Cash case declares that code is not protected as free speech. This stance has broad implications for developers of blockchain technology and privacy protocols, emphasizing that writing code can be subject to legal scrutiny in cases involving financial regulations and money laundering.
Security
1:34:44 NIST proposes ending ineffective password rules to improve security [Ars Technica]
The proposed guidelines argue that frequent password changes or forcing users to include specific character types encourage predictable passwords. Instead, the focus shifts to longer, more user-friendly passphrases to improve overall cybersecurity hygiene.
Protocol
Bitcoin Core #30043: introduces a built-in implementation of the Port Control Protocol (PCP) to support IPv6 pinholing, allowing nodes to become reachable without manual configuration on the router. [Merged]
BIP #1674: Revert BIP #1600 “BIP85: Clarify spec, correct test vectors, add Portuguese language code, add dice application” [Merged]
Draft BIP #1670: QuBit, proposal for a quantum resistant soft fork for Bitcoin to introduce a new address format called P2QRH [Draft]
BOLTs #798: merges the offers protocol specification which introduces BOLT12, and also brings several updates to BOLT1 and BOLT4. [Merged]
NIP-XX #1522: Multiple Public Key Types and Signature Algorithms for Event Signing [Open]
A proposal introduces support for multiple public key types and signature algorithms in Nostr, allowing compatibility with various blockchain networks using different cryptographic methods.
Government & Political
1:35:08 Bank of Canada pauses plans for digital currency development [CBC]
After years of research, the Bank of Canada shifts its focus away from launching a digital Canadian dollar, emphasizing that innovation must balance safety within the existing monetary system.
Australian Federal Police (AFP) restrain $9.3 million in cryptocurrency, uncovering assets linked to the alleged mastermind behind Ghost, an encrypted criminal communication platform. [Press release]
The seizure is part of Operation Kraken, which has led to 46 arrests and 93 search warrants.
The United Arab Emirates has introduced VAT exemptions for cryptocurrency transfers and conversions [Cointelegraph]
Taiwan’s Financial Supervisory Commission introduces foreign Bitcoin ETFs, facilitating access for professional investors amid growing digital asset interest. [TFTC]
Events
Paralelní Polis announces its closure: founder Pavel Tyc attributes this to their estrangement from the rapidly evolving cryptoscene, now more aligned with mainstream financial systems [Wired]
Reads
1:35:29 Here’s a list of our top recently published reads:
Crooked Cops, Stolen Laptops & the Ghost of UGNazi: an investigation into Adam Iza cryptocurrency robberies by Brian Krebs [Krebs on Security]
How to Share a Secret by Adi Shamir [Satoshi Nakamoto Institute]
Can duress wallets stop physical attacks on your bitcoin? by Jameson Lopp [Casa]
The Bitcoin Revolution in Iran by Marius Farashi Tasooji [AdoptBlock]
Episode submission ideas
We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)