BR086 - Electrum, Wasabi, Bitkey, Bitcoin Safe, Spark, Bitcoin Keeper, OP_CAT Privacy, FROST X nostr, btcd FindAndDelete bug + MORE ft. Rijndael & Ben
I’m joined by guests Rijndael & Ben Carman to go through the list.
Housekeeping
00:00:51 Nostr Rising series has dropped!
00:01:36 New COLDCARD Tutorials:
Understanding Anti-Phishing: Changing your PIN and using the anti-phishing words
Understanding CC caution lights: Understanding the caution lights on your Coldcard Q and Mk4
Tapsigner Spend (Nunchuk): How to spend from a TAPSIGNER on Nunchuk
00:01:40 Coinkite is opening an office in LATAM 🌞 [Announcement]
00:01:50 Bitcoin per Share: new metric added to BitcoinTreasuries.net
00:01:54 Grumpy Surfer SATSCARD is the latest collaboration with Spiral #HereComesBitcoin, all profits will be donated to Bitcoin Education.
Fuckthebears.org is now live
Urgent Vulnerability Disclosures
00:02:08 Disclosure of CVE-2024-38365: btcd
FindAndDeletebug [Public disclosure]“Btcd prior to version 0.24.2 4 does not correctly implement the consensus rules for legacy signature verification. The incompatible behavior can be triggered by a standard transaction, making it possible for anyone to fork off vulnerable btcd nodes at virtually no cost.”
00:05:32 Disclosure of CVE-2024-35202: Remotely reachable assertion crash in Bitcoin Core <v25.0 [Public disclosure]
A high severity vulnerability in Bitcoin Core allowed attackers to remotely crash nodes by triggering an assertion in the blocktxn message handling logic.
Attackers could exploit the vulnerability without needing to trigger collisions, as they could simply include transactions not committed to in the block’s merkle root.
00:06:54 Krux: A bug in Krux beta versions 24.10.beta6 to beta8 affects BIP85 password generation [Announcement]
Users should record and replace passwords created in these versions, as they may be incorrect
Version 24.10.beta9 contains a fix, and users are recommended to wait for the official release
00:07:32 Nostr client Coracle has been unintentionally sending user session data to Bugsnag when reporting errors [Holdbod’s note]
An error reporting misconfiguration in Coracle has sent users’ session data, including private keys, to Bugsnag since December 5, 2023. Affected users include those who triggered an error while signed in with their private key.
A new Coracle version has been released, affected APKs have been deleted, all Bugsnag data has been erased and the Bugsnag project was deleted to ensure no further exposure.
Bitcoin
Software Releases & Project Updates
00:11:00 Electrum
General: new: add new historical exchange rate providers: Bitfinex and Bitstamp servers with weird TLS certs. As workaround, set pre-3.13 behaviour
Lightning: fix: send update_fee right away after channel_reestablish
Qt Desktop GUI: fix: show fee warnings also in the transaction dialog (c4fe2796)
General:
new: add support for testnet4
changed: set stricter UNIX permissions for log files
QML GUI (Android):
new: show seed passphrase in WalletDetails
new: set max screen brightness when displaying QR codes
Hardware wallets:
ColdCard: export multisig wallet to coldcard over USB
Trezor: add support for new device “Safe 5”
Ledger: add support for new device “Flex”
CLI/RPC: changed: require wallet password for lnpay and similar commands
Electrum releases a reproducibly built version into the official F-Droid repository [Github]
How to dump your xpriv on Electrum:
wallet.keystore.get_master_private_key('ur password')
00:14:31 Nunchuk Android v1.9.53
Revamped Home screen and user onboarding experience
Allow users to clone a Decoy wallet from existing wallets
00:14:46 Bitcoin Keeper
TapSigner Experience Overhauled:
Download encrypted backups of your TapSigner
Change the card’s PIN
Unblock the card if rate-limited
Key/ Signer Improvements:
Associate contacts with signing keys
Better options for exporting and securing keys
Wallet Data Management:
Enhanced wallet import and export options
Improved file sharing across the app
Use Canary Wallet even for the Recovery Key
Flexibility to only create vault and hide/ delete them for security reasons
00:16:49 Bisq2 v2.1.2
Optimized reputation system:
Trade limits are now tied directly to the seller’s reputation score
Reputation earned through burning or bonding BSQ will now double over first year
Reputation requirements have been relaxed (eliminated) for trades up to 25 USD
The minimum required reputation score has been removed
Consolidated chat rooms: based on user feedback, chats have been streamlined into fewer areas
00:16:58 Wasabi Wallet v2.3.0.0
Enhance Tor integration
Better BTC amount formatting
More insight on transactions
[Beta] Payment in coinjoin (RPC only)
Add Trezor Safe 5 & ColdCard Q support
00:22:32 Fully Noded releases Fully Noded and Unify on the App Store
Fully Noded - Join Market is a dedicated Join Market client: connect over Tor, no private keys on device, full maker/taker/fidelity bond functionality, and more.
Unify - Payjoin Wallet is a Payjoin capable Bitcoin Core client: p2p over nostr and connect via Tor
00:22:59 Krux-installer v0.0.20-beta - Major update
Now user can, after download and verify an official firmware, select between:
to flash;
or make an airgapped update:
user will be requested to insert a (or more) SDCard(s) on computer;
installer will recognize it (them);
user can select one of them;
both firmware.bin and firmware.bin.sig will be copied to sdcard;
after the copy, user will be requested to eject sdcard and insert it on device;
at same time, the firmware.bin’s computed hash will appear to compare with the computed hash on device
00:23:14 BoltzExchange Client v2.1.10
Support creating swaps with lnurls and lnaddresses
00:23:31 Utreexo v0.2.0
utils: simplify and export proofpositions
Revert “utils: simplify and export proofpositions”
utreexo: use slices from standard lib
utils: simplify and proof positions
00:23:42 Bitcoin Safe v1.0.0b1 - BETA Version, Use with Caution
Easy Multisig-Wallet Setup:
Step-by-Step instructions for a secure MultiSig setup with PDF backup sheets
Test transactions ensure that all hardware signers are ready
Full support for Coldcard, Coldcard Q, Bitbox02, Blockstream Jade, and Specter DIY, supporting QR, USB, SD-card
Secure: Hardware signers only
All wallets require hardware signers/wallets for safe seed storage
Powered by BDK
Multi-Language
Simpler address labels by using categories
Automatic coin selection within categories
Transaction flow diagrams, visualizing inputs and outputs, click on inputs and output to trace the money flow
Sending for non-technical users
1-click fee selection via mempool-blocks
Automatic merging of utxos when fees are low
Collaborative:
Label synchronization between different computers and encrypted cloud backup
Wallet chat and PSBTs sharing between different computers
00:27:06 Joinstr App v0.1.1
Remove BIP 32 derivation paths from signed PSBT
Wallet selection in settings
Riseup VPN implementation
Support Testnet and Mainnet
00:27:13 Bitkey App v2024.71.0
You can now select MoonPay in the Bitkey app to sell bitcoin
AUD or CAD are now available as display currencies
Transaction history and wallet descriptor now available for export
Currency display is now Appearance in the Settings menu
00:28:30 Bitcoin Jungle Mobile v1.3.0
This update adds a new transaction statistics screen from settings allowing you to do some reporting on your own transaction history.
00:28:47 Simple Bitcoin Wallet v2.6
Drop hardware wallet support
Drop built-in Tor support
Drop LNURL support
00:29:26 DATUM Gateway v0.2-beta - Initial public release
OCEAN releases the DATUM Gateway source code, as well as the Linux binaries and a StartOS node runners package
00:30:28 ESP-Miner v2.3.0
Allow connecting to open WiFi networks
Set default cpu freq to 240mhz
Add support for TPS546D24S as a drop in replacement for the TPS546D24A
Protect against negative frequency and voltage values
Add warnings for consecutive timeout responses (no rx) from the chip
Add overheat button and change loading service
00:30:42 Braiins Toolbox v24.09
Add full support for Antminer S21 Pro with AML control board
Add BETA support for Antminer S21 XP with AML control board
Power estimations and power measuring has been made more accurate, and there now are more available underclocking targets
Implement DPS cycling prevention and mitigated unwanted tunings
00:30:46 Blockstream Green iOS v4.0.36
Allow redeposit of expired utxos in liquid multisig accounts
QR mode for singlesig watch-only
Recovery phrase: improve QR view
00:31:07 Defibi App v0.0.52
Coldcard MK4 Integration: Now you can store your escrow keys directly on the Coldcard MK4 hardware wallet
Explore Page: Find useful content right in the app
00:31:45 Nirvati v0.1.0
Open-source: Nirvati adopts a copyleft license to ensure users retain rights over the software
Decentralization and data redundancy: Current solutions often concentrate data in one location, posing risks of loss; nirvati enables data distribution across multiple devices for better redundancy and failover options.
Security: Existing systems lack secure communication and app isolation, allowing potential security risks; nirvati enforces encrypted connections and isolates apps to improve data safety.
Remote access: Many self-hosting platforms restrict access to local networks; nirvati uses Tailscale to provide secure remote access without extra configurations.
Reversible updates: Conventional systems do not support app rollback options, locking users into new versions; nirvati includes app snapshots to enable simple update reversions.
Multi-user support: Standard systems limit safe multi-user functionality; nirvati introduces a permission-based account system for user isolation on shared servers.
00:32:08 BTCmap-android v0.8.0
Show place comments
Hide ATMs by default
Show places offering delivery
00:32:18 Kyoto v0.4.0
New
HeaderCheckpointconstructor from heightshutdown,add_scripts,broadcast_transactionmethods have blocking APIsAdd a
TrustedPeerwhile the node is runningAdd change the peer timeout while the node is running
00:33:03 Bitcoin Dictionary v2.0
Add a ‘double title’ system, for terms that cannot be translated
Add .epub version
Add and remove definitions, bring the total number to 803 technical terms defined in both french and english
The glossary is also available on PlanB Network, in a different user interface
Project spotlight
00:33:17 [2140.dev]: European non-profit organization dedicated to supporting Bitcoin research and development
Started by Bitcoin researcher and contributor @RubenSomsen and @josibake, the fund intends to provide a more stable career path to protocol veterans and aspiring contributors who want to work on Bitcoin full-time.
00:34:24 Localhost Research: A Bitcoin-Focused Research Center in the Bay Area [Announcement]
00:34:49 Rewind Bitcoin: Bitcoin wallet in beta that lets you reverse theft [Trailer]
Rewind’s Vaults lock funds, starting a countdown when unlocking to allow for response to unauthorized access
Users can assign a trusted individual to assist in emergencies, helping to secure funds under certain situations
00:35:30 bitcoinutils.dev: Utility resource website offering various Bitcoin-related cryptographic and encoding tools by Vojtěch Strnad
00:35:46 Standalone Bitcoin Consensus Engine: A standalone binary exposing the historical bitcoin consensus engine [Github]
This repository contains the historical bitcoin consensus Engine exposed in an experimental standalone binary, i.e
bitcoin-chainstate. This is a fork of the libbitcoinkernel project from its 27.0 release tag.
00:35:54 Fabric: a trustless, distributed DNS resolver for Bitcoin Spaces [Github]
Fabric enables spaces to publish Bitcoin-signed zone files on a permissionless DHT without storing anything on-chain. Currently default to Testnet4
00:36:06 l402_middleware: A middleware library for rust that provides handler functions to accept microtransactions before serving ad-free content or any paid APIs [Github]
00:36:19 NodeWatch: a CLI dashboard for monitoring your Bitcoin fullnode, providing essential information such as node status, transaction fee estimate, bitcoin price, and more [Github]
00:36:32 Bitcoind Quick: A dockerized bitcoin core container for quickly spinning up a (pruned) node with zmq support for running public-pool [Github]
00:36:44 Chorly: reward your kids with sats for completing chores, create a custom chore list for your kids and set up automatic payouts
00:36:53 Satoffee: Bitcoin coffee machines
Satoffee sells coffee machines that accept Bitcoin payments, allowing users to purchase coffee with Bitcoin through the Lightning Network. The company offers ready-made machines and DIY kits for customization.
00:37:00 Koinvote: Endorse your candidate with Bitcoin
Koinvote is a weighted voting platform using Bitcoin Signature technology
00:37:14 Bitcoin Prediction Market: Place bets by sending lightning payments and receive winnings to you lightning address.
00:37:24 LiquiSabi: Coinjoin explorer: Monitor and publish WabiSabi’s coordinators advertised on Nostr [Github]
LiquiSabi tracks coinjoin transactions and allows you to filter them by the coordinator that staged it.
00:37:34 Coin Demo: A interactive visual introduction into how mining works
Vulnerability Disclosures
00:37:42 GoldenJackal’s specialized toolsets for targeting air-gapped systems in espionage campaigns [We Live Security]
ESET research uncovers two toolsets from GoldenJackal, an APT group, targeting air-gapped systems in Europe and South Asia since 2019. The toolsets include GoldenHowl and GoldenRobo, enabling system infiltration, data collection, and exfiltration through customized malware.
ESET’s findings highlight GoldenJackal’s expertise in breaching highly secure networks, demonstrating their capability to infiltrate isolated systems that lack internet connections.
00:38:03 Radiant Capital hack exploits multisig approval process and hardware wallet compromise [Analysis]
On October 16, 2024, Radiant Capital suffered a security breach totaling $50 million, targeting three trusted, geographically distributed developers through sophisticated malware that intercepted hardware wallet transactions, enabling unauthorized transfer actions like
transferOwnership.Attackers leveraged the Safe{Wallet} (Gnosis Safe) interface and normal transaction resubmission behavior to gather signatures without arousing suspicion, while front-end and simulation tools displayed standard transaction data. [Post Mortem]
00:38:25 Locate X: U.S. law enforcement tool enables warrantless smartphone tracking [404 Media]
The tool, by Babel Street, is available to both government contractors and private investigators, while its lack of usage restrictions poses concerns about unchecked surveillance and data exploitation.
Privacy advocates show that this type of surveillance can identify people based on unique identifiers like mobile advertising IDs, breaching presumed privacy safeguards.
00:38:38 Hackers target Android users with Qualcomm zero-day vulnerability [TechCrunch]
A zero-day vulnerability was found to affect about 64 different Qualcomm chipsets has been exploited by hackers to target Android users
00:39:03 Research, conducted by Jonas Hofmann and Kien Tuong Truong with the Applied Cryptography Group at ETH Zurich, discovers flaws in five end-to-end encrypted cloud services [Research paper]
“End-to-End Encrypted Cloud Storage in the Wild: A Broken Ecosystem” is an analysis of five E2EE providers—Sync, pCloud, Icedrive, Seafile, and Tresorit—reveals severe cryptographic vulnerabilities.
00:39:20 Security analysis reveals weaknesses in WeChat’s mmtls encryption protocol [CitizenLab]
The report highlights the continued use of “business-layer encryption” from earlier WeChat versions, despite MMTLS adoption. This legacy encryption adds vulnerabilities due to inconsistencies and lacks essential features like forward secrecy, raising security concerns given WeChat’s wide user base.
00:39:34 Imprompter: a tool tricking LLM agents into improper tool use demonstrates the risks of AI chatbot exploitation by hidden malicious prompts [Research paper]
Security researchers reveal that hackers can trick AI chatbots into disclosing user data by embedding hidden commands in gibberish-like prompts. Attackers exploit the chatbots’ response systems to send sensitive information back to servers controlled by hackers.
00:39:46 Tails v6.8.1 releases an emergency release to fix a critical security vulnerability in Tor Browser.
“Update Tor Browser to 13.5.7, which fixes MFSA 2024-51, a major use-after-free vulnerability. Using this vulnerability, an attacker could take control of Tor Browser, but probably not deanonymize you in Tails.”
00:39:56 A critical “use-after-free” vulnerability (CVE-2024-9680) in Firefox 131.0.2’s animation timeline allows attackers to execute arbitrary code and take complete control of a machine. Mozilla reports this issue is being exploited in the wild [Mozilla Security Advisory]
Privacy & Other Related Bitcoin Projects
Software Releases & Project Updates
00:40:38 SimpleX v6.1
Improve calls
Improve iOS notifications
Improve user experience
Add new conversation layout and customizable messages
Add switch between user profiles
Increase speed: deletion, moderation and forwarding of messages
New security audit: SimpleX announces cryptographic design review by Trail of Bits
00:40:41 SideBand v1.1.1
Add support for RNode device types that were added in the latest RNS release
Update RNS to version 0.8.2
Update LXMF to version 0.5.5
00:40:48 Reticulum MeshChat v1.13.1
Add support for high quality audio messages using opus codec
Add message attachment sizes to message info dialog
Update suggested interface to new domain name
Update to RNS v0.8.4
Update to LXMF v0.5.6
00:40:52 Tor Browser v14.0
Add new circuit for Android
Extend support for legacy platforms
Project spotlight
00:40:56 Pubky Core: An open protocol for per-public-key backends for censorship resistant web applications [Github]
It enables public-key-based authentication and third-party authorization without relying on central databases, combining elements of decentralized technology with familiar web standards.
PKDNS: A decentralized, censorship-resistant DNS built on Pubky’s identity layer [Github]
“A DNS server providing self-sovereign and censorship-resistant domain names. It resolves records hosted on the Mainline DHT, the biggest DHT on the planet with ~15M nodes that services torrents since 15 years.”
Pubky Notes: Note taking app using pubky protocol [Github]
“Since the data is stored via the Pubky protocol, your notes are not locked into a single app or service—they’re portable and reusable”
awesome-pubky: A curated list of awesome Pubky resources, libraries, tools and applications [Github]
Awesome Privacy: List of free, open source and privacy respecting services and alternatives to privative services [Github]
Lightning + L2+
Project spotlight
00:42:00 Blockstream launches Simplicity on Liquid testnet and introduces Simfony, a high-level language for writing Bitcoin smart contracts [Blog post]
Simplicity aims to provide a more secure and flexible environment for developers compared to Bitcoin Script.
Simfony is a Rust-like high-level language that compiles down to Simplicity bytecode. Work in progress. [Github]
00:42:09 Spark: A trust-minimized solution designed to scale Bitcoin and extend the Lightning Network
Lightspark announces new Bitcoin L2 and upgrades its Universal Money Address (UMA) standard with the release of UMA Extend, UMA Auth and UMA Request. [Announcement]
00:44:39 Blockbuster: Seamless content monetization with the Lightning Network
“Blockbuster is a media server that allows creators to upload and sell their videos, ebooks, and other content from any application that implements the L402 protocol.”
“The objective is to be able to share a unique link (L402 URI) that can be consumed across platforms like Nostr, Twitter, or Farcaster.”
Software Releases & Project Updates
00:44:45 Core Lightning v24.08.2 - Steel Backed-up Channels
pay: Now remembers and updates channel hints across payments
pay: Discarding an overly long or expensive route does not blacklist channels anymore
grpc: Channel type
anchors/evenwas added to the grpc bindingsImprove pathfinding speed for large nodes
00:44:54 LDK Node v0.4.0
Add support for multiple chain sources
Add support for sourcing chain and fee estimation data from a Bitcoin Core RPC backed
Add initial experimental support for an encrypted VSS remote storage backend
Add support for setting the NodeAlias in public node announcements
Add support for generating and paying unified QR codes
Add support for quantity and payer_note fields when sending or receiving BOLT12 payments
Add support for setting additional parameters when sending BOLT11 payments
00:44:58 Phoenix
Phoenixd
Phoenix Wallet transitions to new open protocol for Phoenix LSP: The new protocol builds on the Lightning BOLT standard and includes features like dual funding and splicing.
00:45:01 Zeus v0.9.1
LND: BOLT 11 blinded paths
LND: spend full UTXOs
LND: Inbound routing fees
[Experimental] Rescans for external wallets
Simplified open channel UX
Linked contacts showing in Channel view
LNDHub: dismiss custodial warning
POS: add option to default to Keypad view
View on-chain address list
00:45:06 Breez SDK Core (Greenlight) v0.6.2
Greenlight signer fix for de-sync
Use invoice destination for trampoline
00:45:12 Alby
lightning-browser-extension v3.9.2 - Messier 24: Sagittarius Star Cloud
feat: setup your keys -> setup master key in default view cards
Onboarding for node_required accounts
Translations update from Hosted Weblate
Go v1.6 - Security (protect wallet with biometrics, face unlock, PIN, etc) - Link handling support (Lightning links, BIP21) - Improve LNURL handling (fixed amount LNURLs, LUD9 lnurl successActions)
00:45:15 CashuMe now supports restoring ecash from a seed phrase [Announcement]
00:46:11 Microbolt v2.0
Add new firewall:
awallAdd new reverse proxy:
caddyAdd new expl btc:
mempoolAdd new section:
nostrRemove
fail2ban, applied firewall level mechanismBitcoin*: no more patches, except for ordinals
Microbolt cloud: automatic deployment of microbolt through ansible
00:46:18 Geyser October 2024
Private messages: Contributors can now drop a private comment to the creator when funding a project or buying a reward
Creator can request buyer Npub: Creators can now request specific information from reward buyers such as their npubs, or reward specifications
Creator reward confirmation message: Creators can now tie each reward with a success message. This allows them to automate giving access to certain digital content or spaces
Multiple rewards and project images: Creators can now properly showcase their rewards by adding multiple images to them. And project banners can also have multiple images.
Add login with email
Rebrand Geyser bot to @GeyserSpirit
Launch announcement banner
Increase creator fees to 5% in the coming 2 weeks for lightning addresses, node-runners will remain on a value-for-value plan
00:47:08 LN Markets
Add option to Cash In from trade margin
00:47:14 Zaprite introduces Sandbox Environments [Blog post]
Users can now simulate both bitcoin and fiat transactions to test their custom API integrations
Nostr
Project spotlight
00:47:20 Pokey: Nostr “Pull Notifications” on Android [Github)
Receive live notifications for your nostr events and allow other apps to receive and interact with them.
00:47:25 White Noise
JeffG shares his progress made on implementing MLS messaging on Nostr [Note]
00:47:41 Nostrastic: Bridge to publish Nostr posts and send/receive DMs over LoRa using Meshtastic [Github]
00:49:14 AlgoRelay: An algorithm relay for nostr [Github]
“AlgoRelay is the first nostr native relay capable of serving personalized, algorithmic feeds without the use of external or proprietary APIs or DVMs.”
00:49:22 ppe-relay: A paid relay that charges on per-event basics. [Github]
00:49:27 Search Relay: A NIP-50 search relay [Github]
Full text search relay using Elasticsearch as backend
00:49:31 Flotilla: A nostr relay-based communities PWA modeled after discord by Coracle [Github]
“A discord-like nostr client based on the idea of “relays as groups”. WIP.”
nostr-editor: A full text editor + note parser for Nostr based on Tiptap / ProseMirror [Github]
nostr-editoris a collection of Tiptap extensions designed to enhance the user experience when creating and editing nostr notes. It also provides tools for parsing existing notes into a structured content schema.
Zapchat: A Nostr App Design [Project description]
Nostr-specific UX/UI for conversations and monetization around any content type, using interoperable communities [Design system]
00:51:40 nosweet.net: Share or clone any tweet on nostr with a url and without any permission or integration needed [Github]
00:51:54 Docstr: A simple document management system on Nostr
Docstr allow users to create and delegate documents, only publicly for now.
00:52:13 Translator: A new nostr service, offering automated translation of notes, videos and memes [Note]
00:52:18 rx-nostr: A library based on RxJS, which allows Nostr applications to easily communicate with relays [Github]
Software Releases & Project Updates
Damus New TestFlight version
Multiple image uploads
Seamless scroll
Improve text and profile search
New side menu
Less sensitive thread view notes when scrolling
Amethyst
Makes Amethyst a share target for texts, images and videos
Changes the new post screen to use the non-disappearing version of the scaffold
Correctly maps the write status of the outbox relays
Moves the API with amber from signature to result
Ad new fields on vision prescriptions
Prioritise search results that start with the search term
Add some test cases for video compressions
Add Unknown media type test
Use “use” blocks to close resources automatically
Faster logout processing without closing the account switcher dialog.
Add animation to notification chart
Add animation to FABs
Add animation to zap and reaction popups
Support for login with hex key when using amber
A user shared having successfully used the ‘journalist’s mode’, temporarly logging into Amethyst using an ncryptsec on a NFC tag
Coracle
v0.4.15 - Security Release
In past versions of Coracle, user session objects were inadvertently sent to my error reporting platform
Hack in accommodation of algorithmic relay feeds
Downgrade typescript to save my sanity
Show links/images as blocks when at the end of a paragraph
Implement new profile page and summary designs
Stop sending user to bugsnag
Add support for nip05 urls
Re-work notification rendering and loading
Use Intl api for list formatting (zmjohnson)
Update nostr signer version to support app icon url
Iris publishes new Iris version source code [Github]
Lume v4.3.0
Add support for multiple follow sets (NIP-51)
Add support for multiple interest sets (NIP-51)
Add support for event deletion (NIP-09)
Automatically restore window state when reopen app
Prioritize query from local database instead of relay
Improve search performance, overal performance and stability
nos.social v1.0.0
Add relay.mostr.pub to the default relay list
Add a tip to Discover to prompt first-time users to go to their Feed
Add a tip to the Feed to welcome first-time users and explain how the Feed works
Add a tag to published contact lists to help us detect the source of lost contact lists
Update the onboarding screens with a new design
Add new authors and categories to the Discover tab
Nos now hides the notes from blocked users when viewing their profile page
Nostrmo v2.9.3
Add NIP-55 content-resolver support
Add cache relay support
Live’s Naddr address link to zap.stream
Change filed name for NIP-55’s meger
Change Group’s sync time
Add user change to use the login page
Add support for pick multi file for editor
Mostro v0.12.7
When taking an order, check the status first and then the quantity
Update README.md to have instructions for Mac
Tonic-lnd
Add Cross.toml for protoc compiler inside docker sandbox
Blossom introduces Onion-routing for event publishing [Announcement]
This technique hides both the sender’s identity and IP address, even from the relay used for publishing.
“The sender can include small ecash tokens inside each onion layer to pay for the routing.” -@Pablof7z
Citrine v0.5.2
Support for tor proxy when restoring contact list
Support for auto backup every 24 hours
Check if port is in use
Voyage
Render nip88 polls
Vote on nip88 polls
Support nip22 comments
Always use nip22 when replying to nip22 comment
Optionally force nip22 usage
Show client, full date time and unix timestamp in post details
Create generic repost when cross-posting nip22 comment
Show hint when nip22 comment parent is not supported
Chronicle v0.2.1
Upgrade dgraph-io/badger
YakiHonne iOS/Android v1.4.1
Outbox model support
A complete new core with enhanced features that ensures a better performance and lightning speed while browsing
Notes media has been enhanced
Notes threads are now efficiently displayed
Accounts switching enhancements
Private messaging optimization
Zapstore v0.1.4
Curated app sets
Load more releases (show all)
Better app cards and version/install state
Performance: Complete rework of internals, preloading, caching, background work
Nostream v2.1.0
Add dark theme support for static html files
strfry v1.0.2
New config param: relay.info.nips which allows you to override the NIPs that are claimed to be supported
New connectionTimeout parameter in router config
Nostr-PHP
Add
valtzu/guzzle-websocket-middlewareto execute async concurrent websocket requests with the Http/Guzzle client
phpdoc + examples
Remove build dir phpdoc.nostr-php.dev from repo
Some improvements in the Filter class to handle multiple authors
BitBanana v0.8.7
More flexible fiat currency setup
Fountain v1.1.5
Simpler Library Architecture: makes offline playback more reliable and reduce system resource requirements, reduces mobile data and memory usage, and fixes long-standing playback issues
Pay BOLT-11 Invoices: withdraw funds by generating a lightning invoice using any app that supports lightning payments
Add artist Pages: From any Track or Album page you can now tap through to the Artist page to see all tracks
Boosts
00:52:39 Thanks to everyone who streamed sats, and shoutout to our top boosters:
[🏆 TOP BOOSTER] @Ape Mithrandir (7,777 sats) “Listening to end if you count 30 minutes of sleep listening at the end 😅”
@tdub (5,000 sats) “Proof of Listrning (PoL): Here’s how to make a classic grilled cheese sandwich (…)”
@btconboard (1,111 sats) “More miniscript please. I am not Rob.”
@AVERAGE_GARY (1,000 sats) “SatsLink revival?!?! But I already used my preorder money for a second Q. 😵💫”
@VonPhoto (500 sats)
@BrightSats (121 sats) “Keep an eye on your wife flash attack vectors!”
00:54:14 Tech Tip of the Day
00:54:16 DeArrow: an open source browser extension for crowdsourcing better titles and thumbnails on YouTube [Github] (Recommended by fiatjaf)
“The goal is to make titles accurate and reduce sensationalism. No more arrows, ridiculous faces, and no more clickbait.”
00:54:26 Eartho: The open-source, privacy-focused alternative to Google sign-in [Github]
Eartho allows developers to integrate authentication without relying on third-party data collection services.
Bitcoin Optech Newsletter
Highlights from recent Bitcoin Optech Newsletters
Updates to the version 1.75 channel announcements proposal: Elle Mouton posted to Delving Bitcoin a description of several proposed changes to the new channel announcements protocol that will support advertising simple taproot channels
Draft BIP for sending silent payments with PSBTs: Andrew Toth posted to the Bitcoin-Dev mailing list a draft BIP for allowing wallets and signing devices to use PSBTs to coordinate the creation of a silent payment.
LN Summit 2024 notes: Olaoluwa Osuntokun posted to Delving Bitcoin a summary of his notes (with additional commentary) from a recent LN developer conference.
Disclosure of vulnerabilities affecting Bitcoin Core versions before 25.0: Niklas Gögge posted to the Bitcoin-Dev mailing list links to the announcements of three vulnerabilities affecting versions of Bitcoin Core that have been past their end of life since at least April 2024.
CVE-2024-38365 btcd consensus failure: as announced in last week’s newsletter, Antoine Poinsot and Niklas Gögge disclosed a consensus failure vulnerability affecting the btcd full node.
Guide for wallets employing Bitcoin Core 28.0: As mentioned in last week’s newsletter, the newly released version 28.0 of Bitcoin Core contains several new features for the P2P network, including one parent one child (1P1C) package relay, topologically restricted until confirmation (TRUC) transaction relay, package RBF and sibling eviction, and a standard pay-to-anchor (P2A) output script type
News & Noteworthy
Bitcoin
Guide for Wallets Employing Bitcoin Core 28.0 Policies: A guide to address Bitcoin Core v28.0 updates for wallet developers, detailing new P2P and mempool policies that aid in handling various transactions, including coinjoins, Lightning Network, and Ark transactions.
Bitcoin live dashboard TimechainStats, has added an Arcade game section on its website
LNhance, a soft fork proposal for Bitcoin, has launched a new website
Lightning + L2+
Lightning Network + introduces Group Channel Opens [Announcement]
Group Channel Opens on LN+ enables up to 5 Lightning Network channels to open through a single bitcoin transaction, reducing costs and block space usage by approximately 52–62% depending on group size.
@Roasbeef publishes his Notes & Summary of the LN Summit 2024 in Tokyo, Japan
CashuBTC launches its new website: cashu.space
Business & Finance
00:58:48 River now offers 3.8% interest on cash with bitcoin payouts [Announcement]
Users can withdraw cash at any time, with funds FDIC-insured up to $250,000. The service has no hidden fees or minimum deposit requirements.
Mt. Gox announced an extension to its repayment deadline for creditors to October 31, 2025 [CoinDesk]
This decision aims to give creditors additional time to navigate complex administrative requirements that have hindered the timely return of funds
Dutch bitcoin-only exchange BL3P will shut down by December 20, 2024, citing new regulations, including MiCA, as a driver for the decision. [Press release]
Following closure, remaining funds and trading history will transition to users’ Bitonic accounts, which will adopt some BL3P features.
Bitkey announces new partner: users of the Bitkey App can now sell, buy or transfer bitcoin using MoonPay [Announcement]
Decentralized exchange platform HoldHold discontinues support for most cryptocurrencies as payment methods, keeps supporting stablecoins and Bitcoin second-layer solutions [Announcement]
Tradfi
U.S. SEC approves NYSE options trading on spot Bitcoin ETFs [Watcher Guru]
Art
00:59:46 Bitcoin illustrator NoGood releases The art of NoGood – a self-published art book showcasing five years of bitcoin themed illustration [Geyser page]
Funding
00:59:58 Bitcoin and Freedom Technologies Research firm 1a1z releases report covering how Bitcoin Core development is funded
Part 1 covers the organizations that raise and distribute funds to core devs
1:00:06 OpenSats announces:
Eighth Wave of Bitcoin Grants, the four projects of this funding wave are:
Citadel-Tech
Lampo
Cashu Nutshell
PickhardtPayments Plugin
Long-term support for Greenart7c3, creator and lead developer of Citrine and Amber, for his ongoing contributions to the nostr ecosystem.
1:00:13 Spiral announces grant renewals to:
Somsen Ruben, Spiral grantee and long-time bitcoin wizard, co-author of Silent Payments
VLSProject (Validating Lightning Super), a library and reference implementation for a signer module to secure Lightning nodes.
@spacebear21, one of the contributors behind the Payjoin Dev Kit project
Bitcoin development fund Brink receives a $250,000 contribution to their funding efforts from The Draper Foundation [Announcement]
Donor-advised fund, UI Charitable (University Impact), makes first Bitcoin grant to support Bitcoin education [Press release]
The scholarship fund, directed to Base58, a nonprofit promoting bitcoin engineering education, targets software engineers learning bitcoin fundamentals
OKX announces a grant to the 2140 Foundation [Press release]
Germany’s Sovereign Tech Fund boosts open-source development with $25 million across 60 open-source projects [Blog release]
Non-profit organization Btrust launches new website
Donations to the Tor Project will be matched, by Power Up Privacy, dollar-for-dollar up to $300,000 through the end of 2024 [Announcement]
Blockstream secures $210 million in convertible note financing, led by Fulgur Ventures, to advance Bitcoin integration into global finance. [Press release]
Mining
Bitmain introduces the Antminer S21+ series, featuring two models: the S21+ Hyd and the S21+ [Press release]
The S21+ Hyd model delivers a hashrate of 319 TH/s at 15 J/TH, while the S21+ provides 216 TH/s at 16.5 J/TH
Privacy
A New York court dismisses YieldNodes’ defamation suit against Chainalysis, citing Anti-SLAPP laws protecting public speech. [The Rage]
Judge Lyle Frank states that statements made in Chainalysis’ Reactor subscription service, are within public interest, akin to private Facebook group discussions.
1:00:51 SimpleX publishes Wired’s Attack on Privacy, a critical response to Wired’s article on neo-Nazis moving to SimpleX Chat following Telegram privacy policy changes
Encrypted chat app Session relocates to Switzerland following Australian police visit [404 Media]
After Australian Federal Police visited a Session employee regarding the app and a specific user, Session’s leadership decided to relocate to Switzerland under the newly formed Session Technology Foundation (STF) [Announcement]
A recent amendment to Norway’s Financial Contracts Act mandates businesses to accept cash if they offer other payment options at physical sales premises, if the amount is below ~$1800 [Announcement]
VPN provider Mullvad introduces Shadowsocks obfuscation for WireGuard [Blog post]
Shadowsocks obfuscates data, making it harder for firewalls to block
Transak, a cryptocurrency onramp API platform used by companies such as Binance US, Coinbase, Ledger and Bitpay, was hit by a data breach in October 2024, leaking the KYC information of ~57,000 users [CoinDesk]
The breached information includes names, dates of birth, ID documents, and selfie photos and videos of affected customers [Transak’s Security incident report]
Fidelity data breach exposes personal data of 77,000 customers, accessing social Security numbers, driver’s licenses, and names over a two-day period between August 17 and August 19, 2024 [CNET]
The Internet Archive, a nonprofit organization that maintains digital archives of the internet, has suffered a data breach affecting 31 million accounts [ZDNet]
DDoS attack: the incident was caused by an unauthorized third-party accessing a database backup from June 2020.
Protocol
1:01:09 Libsecp256k1 #1479: Add module “musig” that implements MuSig2 multi-signatures (BIP 327) [Merged]
Bitcoin Core #30955: implements two new methods to the Mining interface, compatible with Stratum V2 requirements [Merged]
Rust Bitcoin #3450: Add version three variant to transaction version. Topologically restricted transactions are now considered standard as of Bitcoin 28.0. [Merged]
Eclair #2927: Enforce recommended feerate for on-the-fly funding [Merged]
Eclair #2922: Remove support for splicing without quiescence [Merged]
NIP-60 and NIP-61 are the first Cashu NIPs to have been made into the Nostr specifications [Merged]
NIP-60 describes portable Cashu wallets that live inside nostr relays
NIP-61 describes nutzaps, a new, instant way to zap users and events by posting ecash locked to their public key
Government & Political
Two senior researchers at the European Central Bank publish The distributional consequences of Bitcoin, a paper detailing the redistributive impact of a rising Bitcoin market
The paper claims that while early adopters benefit, rising Bitcoin prices generate wealth at the expense of non-holders and late investors
The Minneapolis Fed publishes a research paper and argues that Bitcoin disrupts a government’s ability to maintain a unique, permanent primary deficit by introducing multiple economic equilibria, solvable through Bitcoin prohibition or taxation.
Craig Wright has filed a £911 billion lawsuit against Bitcoin Core developers in the UK High Court [Forbes]
His argument centers on the claim that modifications by Bitcoin Core, such as SegWit and Taproot, deviate from Bitcoin’s original design, which he says was meant to be a decentralized cash system, not a store of value.
FinCEN’s recent alert underscores that Hezbollah primarily relies on bulk cash transfers and smuggling for financing, rather than cryptocurrencies [FinCEN’s notice]
The FBI arrested an individual for allegedly hacking the SEC’s account on X in January 2024. The suspect reportedly gained access to the account using a SIM swap attack, announced the launch of a fake Bitcoin ETF and profited from it. [Forbes]
Nigerian government drops charges against Binance Executive Tigran Gambaryan [Reuters]
The Danish Minister of Taxation proposes a bill to tax unrealized capital gains on cryptocurrencies. [Announcement]
Italy raises bitcoin capital gains tax from 26% to 42% in its 2025 budget [Reuters]
Bitcoin (cont.)
BitKey releases its new white paper Unlocking Mass-Market Self-Custody: Secure and Private Smartphone Bitcoin Wallets
“This paper details an innovative design for a smartphone-based Bitcoin wallet that aims to make self-custody both safe and user-friendly for the mass market.”
Events
Three events have announced the dates of their 2025 editions:
October 13-16, 2025 in Atlanta, Georgia
April 25-27, 2025 in Warsaw, Poland
May 24, 2025 in Dublin, Ireland
Reads
Here’s a list of our top recently published reads:
The Mental Accounting Barrier to Micropayments by Nick Szabo [Satoshi Nakamoto Institute]
Digital Value by Andrew M. Bailey [Philosophy & Digitality]
Slow Block Validation Attacks by Jameson Lopp [Blog post]
How Bitcoin CoinJoins help facilitate pro-democracy protests by Bradley Rettler [Forbes]
The Great Capitulation by Alexandre Stachtchenko [Blog post]
Episode submission ideas
We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)