0:01

Hello and welcome to the Bitcoin.review podcast, where we explore developments

0:06

and projects with the people who actually make them happen.

0:09

The show is supported by Pod 2.0, SaaT Streaming and CoinKite.

0:13

If you're a new listener, I'm NVK. I run CoinKite, where we've been helping people secure their Bitcoins for over

0:19

a decade. We make the cold card and fun products like the Block Clock.

0:23

You can find more information about it on CoinKite.com.

0:29

Hello and welcome to the jungle.

0:32

Just kidding. Welcome to Bitcoin.review. Today I have with me Mr. Ben the Car Man.

0:39

Yo, yo, good to be back. I have his co-worker, Rundell.

0:44

Hello, good to be here. And man, it's been a minute since we since we've had a list because the Nostril

0:52

Rising series took over, like, I think probably like three weeks of releases

0:57

and there might still more coming out. People really like that one.

1:00

Different kind of thing. Not so nerdy, but it's nice to have a list again.

1:06

It's been a while. Yeah, I think there's what, like seven episodes of Nostril Rising out?

1:12

Like there's a bunch of them. Oh, so then there is definitely more coming.

1:15

I think we recorded nine or ten.

1:17

Oh, wow. Yeah, we're probably going to record a few more.

1:21

It's the best evergreen content to to give to a Nostril Derangement Syndrome

1:26

suffering human being. And Nostril is rising.

1:32

All right, what else on the housekeeping here?

1:36

We have some new tutorials for CodeCard and we are opening an office in Latin

1:42

America. Location unknown and undisclosed.

1:48

That's a bad way of putting it. We added Bitcoin per share to the Bitcoin treasuries.

1:53

There is the Grumpy Surfer stats card.

1:56

And people really like my energy reading company stuff.

2:02

OK, yeah. OK, can we get to the commits now?

2:04

There you go. Vulnerability disclosures. CVE 2024 38365 BTCD find and delete bug disclosure.

2:17

And then there was. Do you guys follow that one?

2:21

Was that the one that you just you could just crash for or no?

2:26

If I remember right, I think this was the one where I think this was like

2:31

related to CodeSeparator.

2:34

Yeah, it's a bug in Bitcoin or BTCD, like the implementation of Bitcoin.

2:41

And yeah, like CodeSeparator pre-segwit is like super complicated.

2:46

And there's like a niche case where they implemented it wrong.

2:50

So it would cause like a full on chain split.

2:53

I mean, you know, no one really runs BTCD. So it's not a huge risk, but it is like, you know, one of the reasons

3:01

why we don't do multiple invitations of Bitcoin cores, because like this is

3:05

very hard to replicate.

3:09

CodeSeparator and legacy script is just an unending source of pain and

3:13

suffering, right? Like there's a bunch of like relay rules to not let you send legacy

3:19

transactions with like multiple code separators in them, because it basically

3:25

causes like a cache miss for the SIG hash cache, like you have to recompute the

3:32

whole signature hash and then re-sign it.

3:34

And so there's a lot of just like gross behavior that can be enabled by abusing

3:39

opcode separator. Yeah, I think like maybe people don't appreciate because normally like a lot of

3:47

protocols just have a spec, right? And then people just follow the spec and you can build your implementation from

3:54

the spec. I mean, like for example, Nostra is like that, you follow the NIPs, right, and

4:00

you implement each NIP and boom, you're like, you know, it works.

4:05

And if you have bugs, that's your problem, you know, like with Bitcoin it's a

4:10

little bit more complicated than that because there is no spec, you know,

4:14

there's the code is the protocol, the protocol is the code and that's the

4:17

consensus code. So it makes it very tricky.

4:22

In a way, it was kind of like an maybe an accidental good thing because it

4:27

forced everybody to remain in a hard consensus without too much like bike

4:31

shedding. But it's tricky, you know, it's either you squirt like a fox, there really is

4:41

no way around that. I like Luke Jr.'s approach, you know, as controversial as it could be.

4:48

It's like, you know, you just have like a more conservative version of Core

4:52

with tiny little preferences that may cause some drama.

4:56

Or, you know, Peter's got LibreRelay, which goes the other direction, right?

5:00

He takes Core and then he relaxes a bunch of restrictions.

5:03

And so it's like a more liberal version of Core.

5:06

Yes. Yeah, I don't know if I want a liberal version of Core for my consensus, for

5:11

my validation of my coins, that could be tricky.

5:14

Yeah, I mean, the good news is that it's only relay policy that gets touched.

5:18

It's none of the consensus bits. So the worst thing that happens is you have a more accurate mempool and you can

5:25

like more accurately estimate fees. Right.

5:28

I guess for that purpose, it's not bad.

5:31

Good thing. All right. Another disclosure, CV 2024-35-202, remotely rechargeable assertion crash in

5:39

Bitcoin Core. A high severity vulnerability in Bitcoin Core allows daggers to remotely crash

5:44

nodes. We talked, I think, about this maybe briefly in a recent episode, like I think

5:50

like people attribute a little bit too much intensity to this ones of like

5:55

crashing cores. Like, OK, great. I mean, it's a problem for the Lightning people, but like it's not a real

6:00

problem for like self-validating Bitcoin economic nodes.

6:05

What's the worst that can happen? Somebody crashes their node.

6:09

Yeah, it's like more concern if like someone knows they can crash like a

6:13

certain like person or entities node of like, oh, I'm going to attack Coinbase

6:17

and just take down all their nodes repeatedly. Yeah, or like being able to do it on demand and say, like, as part of

6:23

this attack, I'm going to crash this node. Yeah, I had like a prod 24.1 node that I haven't upgraded in years because

6:32

it's just doing its job. And this is the one that got me to finally like upgrade it.

6:36

So I'm finally running like a more modern version of Core for that node.

6:41

OK, I support people running multiple versions.

6:45

I think it's the, especially if you're a big economical actor, like, you know,

6:48

just run many versions. It keeps everybody honest.

6:53

And all right, Crux, a bug in Crux beta version at 24.10, point beta 6

7:00

to beta 8 affects BIP85 password generation.

7:03

Users should record and replace passwords created in this version as they may

7:07

be in cry. That's the problem. And we just had the BIP85 drama with Core 2 with the BIP that somebody changed

7:17

the BIP should have been marked as final, but it wasn't.

7:21

So anyways, upgrade your Crux and replace those passwords.

7:26

Good for them coming out to this immediately as they found out.

7:31

Love that project. Nostar client Coracle has been unintentionally sending user session data to

7:38

BugsNag when recording errors.

7:42

Yes, I saw that one. Yeah, so HodaBod said that, you know, like he immediately deleted, you know,

7:49

the logs and all that stuff. But brutal.

7:53

Dear JavaScript developer, get closer to the speaker.

7:58

Stop using cloud tools on your shit.

8:03

You know, like I know all these things make promises about, you know, security

8:07

and all these things. But the problem is you never know when you have a bug.

8:12

Same reason why we do, you know, air gap.

8:14

Do we know our code is good and very strong and, you know, our USB isolation

8:19

is great? Yes. But we don't know when we have a bug.

8:22

Right. You know, looking at this, it looks like private keys got logged out to BugsNag

8:28

also. So yes, you know, a good outcome out of this would be if it pushes on.

8:35

I know there's a spec out for like delegating a child key, right?

8:39

So if there's more, if this yeah, if this pushes on that, that would be great

8:43

because everybody who had kind of their root key and BugsNag, you've just got

8:47

to assume that it's compromised at this point. Sorry, you know, it's yeah, I have to narrate for everybody because this is

8:55

radio, not video. NVK is sitting here with no shirt on, literally lobbing coconuts into the

9:00

jungle while we're talking about BugsNag.

9:05

It's it's I am contributing to the biome of the forest.

9:09

Listen, if you handle private keys, stop using cloud shit.

9:13

That's one thing. I know, you know, all these tools help you develop your code.

9:18

Better and get, you know, like improve UX and those things.

9:22

But like if you handle private keys, please don't use cloud shit.

9:27

Only use your client's local environment.

9:31

The other thing is there is a Frost spec and implementation coming to Noster.

9:37

So there was going to be a bounty or there is a bounty for the Frost

9:42

implementation. And somebody implemented, I think, before the bounty came out.

9:48

So if you are a Frost cryptographer that could review or audit Frost, which

9:55

probably is just Jonah Schneller listening to this podcast, maybe one more

9:59

person. Anyways, anyone that could help audit that implementation, please get in touch.

10:06

I'll get in touch with the show and I'll put you in touch with the right

10:09

person because it's not public yet.

10:12

So I don't want to say who or what or how, but do get in touch.

10:16

And, you know, I will send you the right direction.

10:19

You know, Nick Farrow did a project like a year and a half ago called Froster.

10:24

And it was a Frost signer for Noster.

10:27

He and I made a two of three and then it was like a little mini

10:30

shitpost out. So whoever's working on this, I would definitely ping Nick Farrow.

10:35

He probably has thoughts and opinions and he has some experience implementing

10:38

it. He's definitely a good person to talk to.

10:41

Oh, that's great. There you go. And I'm sure that the only people who care about this problem and care about

10:47

the implementation as well, listen to the show. So Venn diagram completed.

10:54

All right. Next is Bitcoin software releases and project updates.

11:00

Electrum version 4.5.7. You add historical exchange rate providers, lightning,

11:10

fix, update, update fee right away, Qt desktop, GUI, version 4.5.6, new ad

11:19

support, testnet 4, set stricter Unix permissions for log files, QML, GUI

11:26

updated on Android and hardware wallets, a cold card, export multi-sig wallet

11:32

to cold card over USB, Trezor ad support for new device safe 5, Ledger ad

11:40

support for new device flax, CLI RPC changed, require a password for LNP and

11:48

similar comments. Electrum releases a reproducibly built version into the official F3 depository.

11:57

It's like the macaroni client that predates all the other clients.

12:03

That's still like, you know, still around.

12:07

Yeah, I just love that Electrum is still adding support for new stuff and

12:11

putting out new features. It's been it's just this like, you know, thing that's always been there.

12:17

It's incredibly useful. You know, for a while when I was doing wallet dev stuff and we wanted to

12:22

be able to test against other wallets on Signet, it was one of like the easiest

12:27

things to use. It just works out of the box.

12:29

It's a fantastic piece of software. You know, make all the wallets have Excel like UX.

12:36

Yeah, you know, it really is. Yeah, totally. I find Electrum works very well if you have sub, I'd say sub a thousand UTXOs

12:45

addresses there. If you go over there, it starts to really, really become a problem.

12:50

For some reason, it doesn't index. So if any Electrum developers listening, for some reason, when you have like

12:56

past ten, fifty thousand addresses there, even though they're all old and

13:01

unused, it doesn't index.

13:04

It doesn't keep the index. When you quit, it seems to toss it out.

13:08

So instead of like maybe rechecking on what's when the index is already there

13:15

slowly on the background or something, it kind of like makes everything

13:18

disappear and it goes through.

13:21

It goes faster, but it goes through everything again.

13:24

It makes it like nearly unusable. Also, for anybody who's stuck out there, figure out how to dump your XPRIV

13:34

because Electrum still hates BIP39 seeds.

13:38

Yep. Let's see if I can find it here.

13:41

Oh, yeah. Electrum. I saved the command here somewhere.

13:47

There you go. So for anybody who's stuck with a seed on Electrum, I can't help with the seed

13:54

itself, but I can help with the XPRIV. It was not easy finding this.

13:59

So it's just wallet.keystore.get underscore root underscore.

14:05

I know that's for the fingerprint. Come on.

14:08

Did I lose it? I had to read it somewhere.

14:12

Unbelievable. No.

14:17

Never mind. And it's gone.

14:20

I'll put on the show notes. I'll find it and put it in the show notes.

14:24

That's so funny. Brutal. Anyways, going back to the list here.

14:31

All right, Nunchuck Android version 1.9.53 revamped home screen and user

14:36

onboarding experience allow users to clone a decoy wallet from existing

14:40

wallets. I think that's true for the current iOS version as well.

14:46

Bitcoin Keeper tap signer experience overhauled.

14:49

Download encrypted backups of your tap signer.

14:53

Change the cards pin and unblock the cards if rate limited.

14:59

Key signer improvement, associate contacts with signing keys, better options

15:04

for exporting and securing keys, wallet data management, wallet import and

15:10

export options, improve file sharing the app.

15:13

Version 1.2.15 is canary wallet, even with recovery key flexibility to only

15:19

create vaults and hide, delete them for security reasons.

15:23

I'm just thrilled that there's more wallets that are supporting kind of the

15:28

control plane parts of the tap signer, like pin management and like because,

15:32

yes, I love my tap signer. I use it in kind of some funky ways, but for a while it's like, all

15:37

right, I've got to have my USB NFC reader to be able to do things like

15:41

pin reset if if like this one app goes away.

15:44

So it's nice to have multiple apps supporting it makes it more usable.

15:48

It does. You know, NFC is not easy.

15:52

I think that's a huge part of the problem. A lot of like app devs have a hard time, but I think it slowly will

15:58

sort of become the norm, especially when BigKey maybe opens up to other

16:04

wallets. Maybe that also helps push a little bit.

16:08

Yeah, and also Ben, Ben is a clown world, Ben is now full time on Bitcoin

16:15

Keeper. So it's a good thing.

16:18

We're everywhere. I know, right?

16:21

Does that explain the clone quality? What's it written in?

16:28

I'm just kidding. TypeScript. It's JavaScript.

16:33

Is it a bin allowed to claim their business if they called in JavaScript?

16:38

Yeah, that's OK. I've had to do my own fair share of JavaScript.

16:42

It's a big tent, Ben. Yeah. All bins are fungible.

16:46

OK. BISC 2 version 2.1.2 optimized reputation system, consolidated chat rooms based

16:56

on user feedback, Wasabi wallet version 2.3.0.0, ASTAR integration, better BTC

17:04

amount formatting, more insight into the transaction, beta payment in CoinJoin

17:10

RPC only, add TransferSafe 5 and CodeCard Q support.

17:14

The payments inside the CoinJoin is cool.

17:16

I know Max had been talking about that for years, like since like 2020 or

17:22

something. And it's cool to see it like actually finally happening where you can like

17:28

basically register an input and then you just give a token to someone and they

17:32

register an output. So you don't even know what's address the user received it on that you're

17:37

sending to. Oh, that's cool.

17:39

That is cool. Yeah. What's the state of the coordinator on Wasabi?

17:46

Because there is one, right? And they don't charge fees so that they don't go to jail or something like

17:50

that. I don't think they're running one anymore.

17:53

It's just like an open market. But yeah, but there kind of is no market because none of them can charge fees.

18:00

Right. I mean, we're going to have to go back to a make or taker model for

18:06

these things. There really is no way around it.

18:10

Tornado Cash is still running too, right? Yeah, Tornado Cash is still running.

18:15

Like all the front ends are all enforcing sanctions.

18:20

So in theory, you know, you can write like a contract or write a transaction

18:23

that it just hits the contract directly.

18:26

But I think in practice, nobody does. Like it's still running, but the volume is very low.

18:30

Right. I mean, listen, the liquidity of privacy is going to go somewhere, right?

18:36

Because the demand is there. Maybe there are already other tools out there that we just won't find out until

18:42

it becomes a little bit more open to people who are not that invested into the

18:46

privacy needs due to their needs.

18:49

That's normally how it happens to a lot of these tools is they're like, oh,

18:53

look, I just found out about this project. It's been running for the last five years quietly and it has a lot of money

18:59

in it. Right. Like that's often how these things go.

19:03

Can we do a Tornado Cash like thing if Opcat comes about?

19:08

I don't know. I've been trying to think through what that would look like.

19:14

I think you could build a bridge to some other execution environment where you

19:19

could do a Tornado Cash like thing. I was trying to think of how you would do Tornado Cash on like L1 and

19:25

what you kind of want to be able to do is put money into some construct

19:30

and get out like some proof that you put the money in and then be able

19:35

to come along later and claim that. You know, you might be able to do that.

19:40

It's a little bit different with like UTXOs than like the account model because

19:43

you can kind of point to individual outputs and say, this is where the money

19:47

came from. So I think what you'd want to be able to do is almost have it be

19:52

like a coin swap where I put some money into one UTXO and then I can

19:56

withdraw it from a different UTXO. But the trick there is you need to have some state mechanism to either make

20:04

sure that then I can't go and withdraw money from other UTXOs or when I put

20:09

money in, I need to have that linked somehow with the one that I can withdraw

20:13

from. But you need to do that in like a non-public way.

20:16

So I think there's some like ways to do it, but it's not going to look

20:19

like Tornado Cash. It's going to be something different.

20:22

You know, like for the upcat enjoyers and the upcat peddlers and the upcat...

20:30

What other groups are there? There's a few. Many breeds of cats.

20:33

Haters. Haters.

20:36

There's definitely some haters. Yeah. No, I know the haters.

20:39

It's OK. Like hate, it's a waste of time.

20:42

It can be a disenjoyer. That's OK.

20:45

Or disrespector. I support disrespectors too.

20:48

That's another very reasonable and helpful kind of people.

20:53

Anyways, if upcat was shown to create an interesting new privacy model for

20:58

coin, it wouldn't be CoinJoin per se, but, you know, for some kind of a privacy

21:04

enhancing coin swap, I think would be a lot more...

21:10

Would bring more people to the upcat tent.

21:13

That could be the thing that actually pushes over, right?

21:16

Because the privacy folks are quite passionate about the privacy tools.

21:23

So maybe that brings about enough support to even get a fork sooner than later.

21:29

Anyways, I want to see privacy done on-chain properly without coordinators.

21:36

That needs to happen. For now, use JoyMarkets.

21:40

Yeah, I made a prototype coin swap implementation like a year ago using adapter

21:46

signatures and taproot keys.

21:49

And that's pretty cool. Like you can do a two-party coin swap that just looks like, you know, I

21:55

make two transactions and NBK makes two transactions, but behind the scenes,

21:59

we've actually swapped GTXOs. And you can do that with like adapter signatures in a really privacy-preserving

22:04

way. I think what you want to do is you need it to be multi-party or

22:09

like multi-participant so that you don't have like liquidity problems.

22:15

So figuring out how to make that be a, you know, end-party swap, I think

22:20

is like the real unlock. And yeah, maybe there's a way we can do that with Covenants.

22:24

That'd be cool. Well, just wave your hands for now and make it that, you know, UpCat fixes

22:29

everything. All right.

22:32

Fully noted. Release is fully noted and unified on the App Store.

22:37

Oh, fully noted. JoyMarket is now a dedicated JoyMarket client.

22:41

Connect over Tor. No private keys on device.

22:44

Full market taker. Fidelity bond functionality and more.

22:47

That's cool. All right.

22:50

Oh, Unified Payjoin Wallet is a Payjoin-capable Bitcoin Core client.

22:56

B2B over Nostra and connect via Tor.

22:59

Crux Installer version 0.0.20-beta major update.

23:04

Now users can, after download and verify an official firmware, select between

23:10

to flush or to make AirGap update.

23:13

Cool. Bolts Exchange Client version 2.1.10. U3XO version 0.2.0. Utils simplify,

23:24

export proof of positions. Revert utils simplify and export proof of positions.

23:31

U3XO use slices from Standard Lib.

23:37

Utils simplify and proof positions.

23:41

Neat. Bitcoin Safe version 1.0.0-b1-beta version used with caution.

23:51

Easy multi-sig wallet safe setup.

23:54

I don't know much about this project, so please proceed with caution.

24:00

Easy multi-sig wallet setup. Setup step-by-step instructions for a multi-sig setup with PDF backup sheets.

24:07

Full support for CodeCard, CodeCard Q, Bitbox 2, Jade, Spectre, DIY support,

24:14

QR, USB, SD card, secure hardware ciders only, just a bunch of stuff here.

24:23

I don't know much about this project, do you guys? I never heard of it, but it looks like very full-featured, like has support for

24:30

like basically every hardware wallet, like BDK, PowerTrade BDK.

24:35

Lots of languages. There's a lot going on here.

24:38

Oh, it's Microsoft. It's Windows.

24:42

It's got like wallet chat between, for sharing PSPTs between computers.

24:47

I mean, that's kind of cool. Yeah.

24:50

But don't do this on Windows, people. I opened the GitHub just while we were chatting.

24:56

I'm going to play with this. I haven't used it, like, you know, caveat emptor, etc.

25:02

It looks like if you took Electrum, but then you redid Electrum today, having

25:07

seen mempool space, this is what you would build, right?

25:10

It looks like that, I don't know, Windows form builder type like UI.

25:14

It is Windows. But the dudes also built like mempool space visualizations into it.

25:20

It looks wild. It does.

25:23

It does have that vibe. I'm taking a look here.

25:25

Yeah. So I'm just excited about that.

25:28

The icons are the same as Electrum. Yeah.

25:30

Yeah. No, it looks like Electrum and mempool space had a baby.

25:34

It's kind of great. It is.

25:37

It's Python. Is it Python? Yeah.

25:40

Yeah, it is Python. So maybe somebody can.

25:43

Oh, it's. Oh, OK. So it's not just Windows.

25:46

You can target a build to Mac or Ubuntu or whatever.

25:51

OK. Cool. Nice. It looks like it's just in Python.

25:55

So it runs anywhere. Yeah. Yeah. It's probably using what, like TK enter or something for the for the UI,

26:01

whatever that thing is called. I don't know. It looks like it doesn't look like QT.

26:05

Yeah. Yeah. It's QT.

26:08

They're using PyQT. I just dug into the UI part of the code.

26:13

Cool. Love it. Nice. I love this.

26:16

Like this is probably a dude who has his coins and he's like, hey, I'm

26:21

unsatisfied with every wallet out there. I'm just going to build my own and make it available to all.

26:25

Hell yeah. Yeah. There is no other way.

26:29

Tell you what, like nothing teaches you how Bitcoin works more than building a

26:33

wallet. Like, like everybody who like really wants to understand how Bitcoin works, go

26:39

write a wallet, you know, feel free to never put real money in it.

26:43

Right. But like write a wallet, put it on Signet or Testnet 4, send coins around like

26:47

you will learn way better than all the books and podcasts in the world how

26:51

Bitcoin works. Yes. There is nothing like serializing a Bitcoin transaction to make sure for you to

26:57

understand if you want to continue further or not.

27:01

This is not for me. Right. Like back away.

27:06

Joinster app version 0.1.1 Kotlin implementation for Joinster.

27:13

BitKey app version 2024.71.0. You can now select MoonPay and BitKey app to sell

27:21

Bitcoin. Australian or CAD are now available as display currencies.

27:28

Transaction history wallet descriptor now available for export.

27:31

Currency display is now appearing in the settings menu.

27:36

Do you guys know if you can export an XBRIV from the BitKey?

27:40

You cannot. How do you recover outside of the stack, outside of the BitKey stack?

27:48

All the recovery methods are like inside the BitKey stack.

27:52

Like there's ways of recovering individual keys or if you can't recover

27:59

individual keys, you can do a wallet sweep.

28:01

So like a new two or three basically, but they don't give you any raw

28:08

cryptographic keys like anywhere in the stack.

28:11

I keep on saying that's like the it's like the Klaus Schwab replacement wallet.

28:18

Yeah, I mean, it's really meant for people where it's like the biggest threat

28:22

to their coins is that they're going to like mishandle a seed phrase or

28:25

mishandle a backup, right? Like that's that's like who it's built for.

28:30

Bitcoin Jungle mobile app version 1.3.0. This update adds a new transaction

28:37

statistics screen from the settings, allowing you to do some reporting on your

28:43

own transaction history. Bitcoin Jungle really works.

28:47

Simple Bitcoin wallet version 2.6. Drop harder wallet support, drop built-in

28:52

Tor support, drop LNURL support.

28:56

I guess the wallet's getting simpler. I know, right?

29:02

Yeah, version three is going to be simplest Bitcoin wallet.

29:06

Yes. It's funny because I wanted to use a simple Bitcoin wallet for a FOSS Bitcoin

29:12

project that's being worked on right now. Sure.

29:15

But, you know, it was taken.

29:18

So the project is called Cove.

29:22

It's going to be a very cool, simple wallet.

29:25

All right, Datum Gateway version 0.2-beta initial public release.

29:31

This is pretty cool. I love this.

29:34

I think this is finally the fire that Stratum V2 needed in the ass to get

29:39

things moving. It is backwards compatible with Stratum V2.

29:45

I think it's compatible with Stratum V1 because it's a gateway and you speak

29:50

Stratum V1 to the gateway and then it speaks Datum.

29:53

I think it was supposed to work with V2 as well.

29:56

Oh, OK. I didn't realize that. I thought all the controversy was that it wasn't because everyone was mad when

30:02

I just used V2. Yeah, because I thought the whole point was that they didn't want to make

30:07

everybody mad by also adding V2 support.

30:10

But maybe I'm wrong. Anyways, that's cool.

30:13

It's great. We need more of this. We need all the templating in the individuals as we can get as soon as

30:19

possible. Very important.

30:22

Yeah, there's been a few blocks already mined with it, too, which is cool.

30:26

Yeah. ESPminer version 2.3.0 allow connecting to open Wi-Fi networks set the file CPU

30:35

frequency to 240 megahertz and a few other things here.

30:42

Brains Toolbox version 24.09. Blockstream Green iOS version 4.0.36 allow re

30:51

-deposit of expired UTXOs, liquid multi-sig accounts, QR mode for a single-sig

30:56

watch only, recovery phrase, import QR view, still no PSPT support.

31:03

I've been saying that for what, like three, four years now?

31:07

Debify app version 0.0.52, cold card mark for integration.

31:14

Now you can start your escrow. This is super cool.

31:17

We worked with them on this. The guys from Debify are really pushing and they have actually like they're

31:24

improving their access to cheaper capital, like cheaper dollars, so they can

31:30

offer better interest rates and things. I think it's still KYC free.

31:35

It's an interesting little project.

31:38

Cold card queue support is coming soon, too. Well, I mean, it should work for both, work for one works for the other.

31:45

Nirvati version 0.1.0. Nirvati is an open source project trying to make self

31:52

-hosting easy for everyone. Self-hosting of what?

31:59

Adopts a copyleft license to ensure decentralized frequency.

32:03

I don't know, we'll probably go read about that later.

32:08

BTCmap-Android version 0.8.0, show, place comments, hide ATMs by default.

32:18

Kyoto version 0.4.0, an implementation of Bitcoin improvement proposal 157.158.

32:28

Yeah, it's like a compact block filter wallet, basically.

32:34

So if you want to use like Neutrino filters for your wallet, then this is an

32:39

implementation of it. Cool.

32:43

That should make the wallet sync very fast.

32:46

For phones is great. I think these guys are working on like, this is their proof of concept.

32:52

They eventually want to get like a lot of it upstream into BDK.

32:56

That would be awesome. Because right now BDK is only like Electrum only.

33:00

So that'd be great. Very neat.

33:04

Bitcoin Dictionary version 2.0, add double title system for terms that cannot

33:08

be translated. Add EPUB version, a bunch of other things.

33:14

Project Spotlight 2140.dev, European nonprofit organization dedicated to

33:20

support Bitcoin research and development.

33:22

Oh yeah, that was by Ruben and Josie.

33:26

Yeah, I ran into Josie last week at TabConf and he's super excited about this.

33:34

Everybody should check it out if you want to work on, you know, Bitcoin kind of

33:38

protocol development full time. Like they're trying to provide like a stable funding path and lots of support.

33:45

Like they've got office space and they're trying to be able to like hire smart

33:49

people who want to work on Bitcoin stuff full time. Nice.

33:52

It's more like like an incubator of people kind of thing.

33:57

Like there's like, you know, it's not just a grant.

34:00

Yeah, yeah. Instead of it being like project based grants, it's more of like people based.

34:07

I know it's probably closer to like a chain code kind of thing where it's like

34:11

stable, long term funding to be a person working on Bitcoin full time instead

34:15

of like, here's some money to go do this thing. Right.

34:18

Very cool. There's another one announced last night, too.

34:23

I don't think you have it on the list, but local host by BitDevJ.

34:29

I put in the chat, but similar model, a chain competitor.

34:36

But I think they highlight in the post, they're poaching merch and Ava started

34:44

out. So that's really cool.

34:47

Nice. Rewind Bitcoin, Bitcoin wallet in beta that lets you reverse taft.

34:54

Just nothing like rollbacks. Rewinds vault lock funds starting a countdown when unlocked to allow, what is

35:01

this, a time, like a mini script?

35:04

Sounds like a vault. Yeah, they say it's, they're describing it as a vault, but how does it work?

35:12

It's got to be pre-signed transactions like a deleted key covenant.

35:17

It's got to be deleted key covenant. And it's risk-free.

35:20

Okay. All right. I'm sure somebody will reach out to us at some point to try to explain.

35:30

Bitcoinutils.dev, utility resources website offering various Bitcoin-related

35:35

cryptographic and encoding tools. By Vojtak Strand, I can't say that.

35:43

It looks like a check name. Standalone Bitcoin consensus engine and standalone binary exposing the

35:50

historical Bitcoin consensus engine.

35:54

Fabric, a trustless distributed DNS resolver for Bitcoin spaces.

36:01

Wow, so it's more like DHT.

36:06

L402 middleware, a middleware library for Rust that provides handler functions

36:11

to accept micro transactions before serving ad-free content or any paid APIs.

36:19

NodeWatch, a CLI dashboard for monitoring your Bitcoin full node, providing

36:25

essential information such as node status, transaction fees, Bitcoin price, and

36:30

more. Bitcoindquick, a dockerized Bitcoin core container for quickly spinning up and

36:38

prune node with ZMQ support for running public pools.

36:44

Chorley, reward your kids with sats for completing chores.

36:49

Create a custom chore list for your kids.

36:51

Set up automatic payouts. Satofi, Bitcoin coffee machines.

36:58

I think they're DIY. CoinVote, endorse your candidates with Bitcoin.

37:03

No, don't waste your Bitcoin on candidates.

37:06

Hard pass. We don't want governments having Bitcoin.

37:12

We want people having Bitcoin. Bitcoin prediction markets place bets by sending lightning payments and receive

37:21

winnings to your lightning address. LiquiSabi, CoinJoin Explorer, monitor and publish WabiSabi's coordinators

37:31

advertised on Noster. CoinDemo, an interactive visual introduction into how mining works.

37:40

More vulnerability disclosures. Golden Jackal's specialized tool set for targeting air gap systems in the

37:47

espionage campaigns. Neat.

37:50

For the people that don't understand why you need side channel defenses and

37:55

things of such and why you don't use Raspberry Pis for Bitcoin, go read some of

38:00

this. There is a link. Radiant Capital, hack exploits, multi-sig approval process and hardware wallet

38:07

compromise. Radiant Capital.

38:10

Oh, was this the one that they exploited?

38:14

Ethereum smart contract, but they also gave the wrong transactions for the

38:19

clients to sign. I think this might have been it.

38:23

Yeah. Locate X, US law enforcement tool enables wireless smartphone tracking.

38:31

How surprised. Not again.

38:35

Not again. Hackers target Android users with Qualcomm zero day vulnerability.

38:41

Nice. Your phones are not safe.

38:47

Don't use phones for Bitcoin. I mean, for real amounts of Bitcoin.

38:52

Because like, I guess like the point that I'm making here is that like all

38:55

these things are being used to target like people of interest, but like these

38:59

tools can also be used to take your Bitcoin. Research conducted by Jonas Hoffman and Kim Dong with the applied cryptography

39:09

group at ETH Zurich discovers flaws in five end-to-end encrypted cloud

39:15

services. You can go read the details here.

39:19

Security analysis reveals weakness in WeChat's MMTLS encryption protocol.

39:24

Yeah, I'm so surprised. And I'm sure it was just a weakness.

39:29

Definitely not a backdoor. Yeah, definitely not a backdoor.

39:34

Impromptu tool tracking LLM agents into improper tool use demonstrates the risk

39:41

of AI chatbot exploited by hidden malicious prompts.

39:44

We've seen this before. Tails version 6.8.1 release an emergency release to fix critical security

39:52

vulnerability in the Tor browser. And critical use after free vulnerability.

40:00

This one was really funny. Yeah, this was a like arbitrary code execution vulnerability in Firefox from a

40:08

bug in the animation timeline, which is like browsers are so freaking

40:13

complicated. It's like, cool, an animation bug is going to let somebody pwn your machine.

40:17

Yes, and it's like people may not understand that there is like millions of

40:22

lines of code in a browser. Like it's a lot.

40:27

The browser is unsafe. It's remote execution of code in your machine.

40:33

It's pretty crazy. Privacy and other related projects.

40:38

Simple Wax version 6.1. Sideband version 1.1.1. It's all the RNSXLXMF stuff.

40:49

Reticulum Mesh Chat also updated.

40:52

Tor browser also updated. Project Spotlight.

40:56

PubKY Core, an open protocol for per-public-key backend for censorship

41:04

-resistant web applications. More DTH.

41:10

It always ends in DTH.

41:14

I think this is from Carvalho's company.

41:20

Like Synonym, they do, what is it, Bitkit or whatever.

41:27

I think this is like maybe what they're doing now.

41:32

They were using some of the same stuff that's underneath HolePunch.

41:37

I don't know if they've rebranded it to this or if this is new, but it

41:41

looks like all these PubKey projects are coming out of that group.

41:46

Maybe this helps him with the zero-confirmation transaction.

41:51

Yeah, right. Just send your zero-conf transaction over this protocol.

41:56

That's right. All right.

41:59

Lightning. Project Spotlight. Blockstream launches Simplicity on Liquid TaskNet and introduces Symfony, a

42:04

high-level language for writing Bitcoin smart contracts.

42:09

Spark, a trust-minimized solution designed to scale Bitcoin and extend the

42:14

Lightning network. Yeah, this is pretty cool.

42:18

It's kind of making their own L2, kind of not.

42:21

It's basically like ARK and StateChain had a baby.

42:26

Then you have a Lightning gateway that LightSpark runs for all the users to be

42:30

able to interact with the broader network.

42:34

It has a few trust assumptions, but I think it's good enough for them to call

42:38

it non-custodial legally and that should work for them.

42:43

But it's kind of interesting. Yeah, we need more ideas that are departure from Lightning.

42:51

LightSpark, I mean, these guys are pros and they're going to push the shit hard

42:55

and they understand payments. They're more on the TradFi kind of crowd, but I think there's some interesting

43:04

stuff probably coming from them. Yeah, it's pretty cool.

43:08

My understanding is like most of their devs are like, they got into Bitcoin

43:12

through LightSpark and they'll come up with their own L2 within a year, which

43:18

is pretty impressive. They've also got some pretty good-sized enterprise customers at this point.

43:26

So it'll be cool to see if this actually starts rolling out in unusual places,

43:32

right? I'm pretty sure LightSpark did the Lightning implementation for Coinbase.

43:36

I have no idea if that'll get rolled out, but if that's the kind of customers

43:41

that they have, it would be interesting to start seeing this stuff actually get

43:44

deployed pretty quickly. I think there was a shake in the force kind of thing.

43:50

I think something changed, like I said, about six months, a year ago.

43:55

The Overton window completely shifted to corporate being okay with Bitcoin

44:01

stuff, as long as it's CIO-compatible service providers.

44:07

Something changed, and I think we're going to start seeing some random stuff,

44:12

like some complete random bank is going to come and show up a Lightning on

44:16

their app or something, or from a completely unexpected place, like Coca-Cola

44:23

or something just quietly starts using it, don't even tell anybody, and then

44:27

just sort of comes out that they were using it for six months or something.

44:31

You know what I mean? That kind of weird place.

44:35

Yeah, I'm here for it. That's right.

44:38

All right. Blockbuster, seamless content monetization with Lightning Network.

44:44

Software releases Core Lightning version 24.08.2. I mean, you guys jump in on

44:50

this Lightning stuff if there's anything here you want to talk about.

44:54

LDK Node 0.4.0. Phoenix updated.

45:01

Zeus version 0.9.1. Breeze SDK Core Greenlight version 0.6.2. Albi

45:12

updated. Cashew me now supports restoring e-cash from a seed phrase.

45:19

That's nice. That's huge.

45:22

Where do they store the state? Probably Noster.

45:27

Well, Noster, right? Okay. I know like for Fetiment, they just store it with the guardians because you're

45:33

already trusting them. But you already trust them.

45:36

It's not RUGU, so you might as well trust them with your state.

45:38

Right. I don't know if you can do that in Cashew, but yeah.

45:43

Well, yeah, I mean, Cashew, I know a lot of the Cashew apps just keep it

45:48

in local browser storage, right?

45:52

Because a lot of the Cashew apps are PWAs.

45:55

And so you get some site namespaced local storage, like a little local

46:00

database. That's what a bunch of them do.

46:03

I don't know if, but yeah, if you can restore from a seed phrase, then it's

46:06

got to be doing it off box somewhere. Yeah.

46:11

Micro Bolt version 2.0. Micro Bolt self-hosted Bitcoin enlightening full node

46:16

guide on personal computer. Geyser October 2024.

46:21

Private messages. Creator can request buyer and pub.

46:26

Creator can reward confirmation message.

46:29

A bunch of other updates. Okay. If anybody from Geyser is listening, please fix your liquidity.

46:35

I tried donating to the, Peter Todd was mentioning that there was no funds for

46:42

open timestamps. And I thought like, you know, enough people use it that there was, I tried

46:47

sending a bit of money there and computer said no.

46:52

So I had to send half. You know, if you're going to take donations, make sure you can accept the

47:02

donations. It was not like, you know, it's like 500 bucks kind of thing.

47:08

LN markets add options to cash in from trade margin.

47:14

Zaprite introduces sandbox environments.

47:16

All right. Nostra project spotlights.

47:20

Okay. Nostra pool notifications and Android.

47:25

White noise live demo. White noise is Jeff G's MLS messaging implementation.

47:33

This is super cool. Good name too.

47:37

Yeah. White noise is a great name. It really is.

47:41

Nostrastic bridge to publish Nostra posts and send and receive DMs over LoRa

47:47

using MeshTastic. Oh, by the way, we have a prototype.

47:52

We've rebuilt SatsLink from the previous intent to a new one.

47:58

So the prototype should be in the office in a few weeks where it's, well, then

48:05

we have to write a lot of code. But the hardware, hopefully this version or a similar version of this is like,

48:13

would be ready. It supports MeshTastic to start.

48:16

And then we are adding APRS and maybe even FSK and a few other little things.

48:25

Is it still ESP32? Yes.

48:28

Yes. It's still ESP base. Oh, wait. Shit.

48:32

I can't remember now. Wrong timing.

48:34

I have different projects in my head. I could swear we had added an STM chip because I think there was an STM

48:40

chip we wanted to use that had the die for the MeshTastic stuff, the LoRa stuff

48:47

from ESP. I think they licensed that part of the die.

48:51

And it was part of the same chip where you get the STM stuff on it

48:54

too, like the ARM stuff. Anyways, I can't remember now.

48:59

You know, when you move things from a bench to another and you're like have

49:03

different projects going on, these things all get mangled.

49:08

Once it sends out, it's like, forget about this one.

49:11

Now go on to the next thing. All right.

49:15

AlgorRelay, an algorithm relay for Noster.

49:18

This is all more on the DVM stuff.

49:22

PPERelay, a pair of relays that changes part event basics.

49:28

SearchRelay, NIP50 SearchRelay.

49:30

Flotilla, NosterRelay based on communities.

49:34

Flotilla looks kind of cool. I think they're trying to go after the Gen Z Discord crowd.

49:43

It's still backed by Noster, but it's a different UI, which I'm all about.

49:48

Noster is such a low-level primitive.

49:51

Anytime people want to build new UIs around it, I think it's great.

49:55

I mean, Discord needs to die. Yeah.

49:57

Like, I seriously like the amount of communities I want to participate, but I

50:02

won't just because it's on Discord. Yeah.

50:05

Because I don't want to have yet another app talking shit in another world

50:08

garden. I feel the same way about Telegram.

50:11

I hate Telegram and the amount of like Bitcoin discussion and like groups that

50:16

are trying to do things that all form around Telegram.

50:20

I hate it. Like it's the worst. I think it's just that Telegram has the right tools for you to build open

50:25

groups. It's very easy to just start an open group, although they limit you on how many

50:30

custom URLs you can have.

50:33

It's kind of annoying and you can't pay to change that.

50:37

I feel like Telegram only exists to enable crime kind of thing.

50:41

You know, like it's like they make all their money from it and they sort of

50:44

have all the wrong tools for you.

50:47

Like, for example, like they literally like allow scam, spam, like that's how

50:54

they make their money from that. That's like you can almost feel right, like the whole UX and all the tools on

51:00

Telegram are designed so that scams can happen and you can't do anything to

51:05

protect your users from spam and scam.

51:08

I hate Telegram. Do you guys have an opcat Telegram?

51:14

No, I mean, like there's a bunch of Telegram groups that are like Covenant's

51:20

sort of interest group and it talks about like all Covenant related stuff.

51:24

There's, you know, groups talking about specific projects that use cat, but

51:28

there's not like a cat enjoyers group per se.

51:32

Right. We do have a Discord though. We do have a Discord though.

51:36

And our Discord is the best. Right.

51:41

Nosweet.net share or clone any tweet on Noster with URL and without any

51:48

permission or anything. Well, this is kind of interesting.

51:50

I need that often. OK.

51:53

Docster, a simple document management system on Noster allows users to create

51:58

and delegate documents. That's cool.

52:01

Yeah, that could be cool. In 20 years, SharePoint will be replaced by Docster.

52:07

That's right. Talk about another thing that needs to die.

52:13

Translator, a new Noster service offering automated translations of Noster

52:17

videos and Rx Noster, a library based on RxJS.

52:23

Moving on. Software releases and project updates.

52:27

OK, I'm going to skip these.

52:30

Yeah, I think every single Noster client had an update.

52:33

For real. Yes, literally every single one of them.

52:36

Yes, they update like there's no tomorrow. All right, man.

52:39

Thanks to everyone who streamed the sats and shout out to a few top boosters

52:43

here. Ape me friend here. It's our die hard, right?

52:47

Ride or die, as the kids call it.

52:50

Listening to the end if you count 30 minutes of sleep listening at the end.

52:56

All right. Nobody listens to the spot.

52:59

It's all lies. T-dub, proof of listening.

53:04

Here's how to make a classic grilled cheese sandwich.

53:08

Very good. Yeah. BTC on board.

53:13

More mini script, please. I'm not Rob.

53:16

Yeah, we do have our mini script influencers here on the pod often.

53:21

Average Gary, sats link revival, but I already used my preorder money for a

53:25

second queue. Rugged. I mean, like we don't know yet when it's going to launch.

53:32

Just, you know, it's good. We'll keep your price in line.

53:36

It's good that you use your preorder money.

53:38

So that it's not stuck in the system. So it might take a little while still.

53:43

So don't worry. Von photo.

53:47

Send some sats. Bright stats.

53:49

Keep an eye on your wife flash attack vectors.

53:53

It's true. Were you here, Wendell, when my wife flashed me behind the camera?

53:58

No, I heard about it though. It was, yeah, it was very distracting.

54:06

Tip of the day. Especially because she's not the type that does that often.

54:10

So it was very unexpected.

54:14

Tech tip of the day. Recommended by Fiat Jaff, D arrow.

54:19

An open source browser extended for crowdsourcing, better titles and thumbnails

54:23

on YouTube. Earth Do, the open source privacy focus alternative to Google sign-in.

54:30

Jesus Christ, please stop using Google sign-in. That story got no air.

54:34

He got killed by Google. I'm still so annoyed by it.

54:38

Wait, what story? Google affected?

54:40

Google single sign-on got hacked.

54:43

People figure out how to do DNS hijack on custom domains, on Google, on anybody

54:50

that didn't have Google workspace.

54:54

So they figure out how to hijack DNSs using the Google form shit or whatever.

55:01

And they managed to essentially create Google single sign-on for like every

55:07

company on earth that didn't have Google single sign-on set up for their

55:10

domains. And then went in and got into all kinds of company stuff.

55:16

Like what's the name of that stupid app everybody hates?

55:19

Slack, things like that. It was a disaster.

55:23

Absolute disaster. That's pretty bad.

55:26

Yeah, no, it was probably the biggest hack of the last 10 years.

55:31

And literally nobody talked about it because they killed the story.

55:36

Amazed. Earthdew, the open source privacy-focused alternative to Google.

55:41

Oh yeah, I already talked about that one. Bitcoin Optac.

55:45

Any topics here you guys want to bring up?

55:48

Let me know. I think the first one they have like 1.75 channel announcements.

55:54

I think that was discussed at the big lightning summit in Tokyo.

55:58

So we'll see like a bit devs at Tabcov.

56:03

Some give an overview of everything that happened.

56:08

Everything's like instruments incrementally moving forward, which is good.

56:13

And like 12 is kind of like done now, which is exciting and all that stuff.

56:19

So it seems like we're actually making progress in lightning, even though it

56:23

doesn't feel like it day to day. Yeah, Lalu wrote up notes from the Ellen developer summit.

56:33

They're on Delving Bitcoin. They're very detailed and they're like a really good read.

56:37

If you're interested in what's going on in lightning, it's like a really

56:40

pleasant read. Neat.

56:43

Did you guys go to Japan for the Bitcoin Tokyo or the other lightning stuff?

56:51

I wasn't invited. Not a lightning dev.

56:55

Once you put on the wizard hat, they kicked you out of all the all the

56:58

cool clubs. Oh, I see. You guys are putting on Groton stuff now?

57:04

No, I'm just kidding. No, it's just like a lightning like protocol dev.

57:10

Yeah, protocol dev. Like even me, I wouldn't be invited to this.

57:13

It's like it's like 30 or 40 people that go.

57:16

It's like core contributors of like Eclair, Sea Lightning, L&D.

57:22

LDK. LDK. Yeah. So it's not PODCONF approved.

57:26

No, that's right. By the way, we keep on being denied our PODCONF approval.

57:33

Like they denied us again recently.

57:36

That's insane. It really is pretty offensive.

57:38

I mean, like we try hard here to talk about all the things that we were

57:42

supposed to talk about. I don't know what we're missing to be approved.

57:48

Is there like management you can complain to?

57:52

There's probably multiple levels of management you can complain to.

57:56

I mean, you know, all I want is the hat and T-shirt so I can

57:59

wear it at the conferences. Well, Rob has those.

58:03

I've seen him with them. Yeah, I feel like he's going to keep flexing on us until we get them.

58:10

Yeah, I mean, I don't know what else to say.

58:12

I mean, maybe I just need to... We can have...

58:16

What if we have like an ETF episode?

58:20

Yeah, there we go. You know, we can also have a trading course where we tell people how to buy

58:29

on green, sell on red, right? Is that how it works?

58:32

Perfect. Yeah, I don't know.

58:36

I just feel left out. Very disappointing, you know?

58:39

You run a POD for this long and you don't get to be part of those

58:43

circles. All right, business and finance.

58:46

I'm going to skip. Although this River offer is kind of interesting.

58:52

I know it's a little Tradefy-ish, but I was talking to Alex and asking him

58:56

about it. They're going to implement so that Bitcoin companies can use it as their

59:02

checking account. Because Bitcoiners are all short fiat, right?

59:07

And nobody has a lot of fiat savings to put in a interest bearing account on

59:15

the fiat side. But they all have operation accounts, right?

59:18

It would be really cool to be receiving interest on the operations account.

59:23

But to have an operations account, you need to be able to pay other things.

59:26

But anyways, I just found that interesting.

59:30

Yeah, I think it's exciting. Really nice to have these as a bank account.

59:36

Get rid of my normal bank. That's right.

59:39

And you keep on sending me my Bitcoin interest into my Bitcoin wallet, not into

59:44

fiat stuff. Bitcoin Illustrator NoGood releases the art of NoGood, a self-published art

59:51

book showcasing five years of Bitcoin-themed illustrations.

59:54

It's beautiful. Funding.

59:58

Bitcoin Freedom Technologies Research Firm 1A1Z releases a report covering how

1:00:03

Bitcoin Core development is funded. OpenSats, we've released a million other funding grants recently.

1:00:13

Spyro announces grant renewals.

1:00:16

There's a lot of money these days for people to go work on non-profit Bitcoin

1:00:21

work. You love to see it. Pretty crazy, actually.

1:00:25

Yeah. Tens of millions of dollars.

1:00:29

Hundreds. It probably crossed hundreds of millions of dollars now.

1:00:33

Yeah. It's quite crazy how quickly it happened, too.

1:00:36

I feel like four or five years ago, we were all like, there's no money in

1:00:40

Bitcoin. It's dying. Now, here we are.

1:00:45

Yeah. All right.

1:00:48

Privacy. Oh, Simple X, they wired the original Bitcoin hater outfit of, between quotes,

1:00:59

journalists, attacked Simple X because they have privacy.

1:01:03

Very, very uncouth. And that's it.

1:01:07

I mean, oh, Libsac 256k1.

1:01:11

Finally has MuSig. Yeah.

1:01:14

MuSig was merged. I think we covered this in the last episode of the list.

1:01:19

It's nice to see it here again. That's really cool.

1:01:23

Anything else here, guys? I think we've covered all the politics stuff I'm not going to cover.

1:01:29

There was one news and noteworthy thing that we skipped over just to give a

1:01:36

pointer to people. The BitKey team put out a paper.

1:01:40

It's called, I don't like the title because I don't think it describes what's

1:01:44

in it. But it's actually a really good paper. It's called Unlocking Mass-Market Self-Custody Secure and Private Smartphone

1:01:52

Bitcoin Wallets. So that's a very marketing-y title.

1:01:56

But what's in the paper is they get into how BitKey is doing Frost integration.

1:02:03

They get into where all the different keys are held.

1:02:06

They get into the backend signer architecture and how that thing is locked

1:02:11

down. There's some work that they're doing around using zero-knowledge proofs to

1:02:16

involve the backend signer in a privacy-preserving way.

1:02:21

So there's a bunch of really cutting-edge stuff being done around proof of

1:02:26

solvency, around blinded pins, around Frost.

1:02:30

And they wrote a paper describing all the gory details.

1:02:35

So if you're interested in those kinds of tools being incorporated into Bitcoin

1:02:41

wallets, they released the paper last week at TabConf, and there's some really

1:02:45

good stuff in it. Nice. They do like to release papers.

1:02:53

Remember when they did the architecture stuff?

1:02:56

There was a whole… Yeah. Neat.

1:02:59

I will check it out. Yeah. Very good, guys.

1:03:03

We've, I think people will listen to this one whole because we've covered all

1:03:08

of it in an hour. Hopefully it's PodConf approved now.

1:03:15

Yeah. I mean, we were low on tangents on this one.

1:03:18

Yeah. Sorry to anyone that didn't fall asleep.

1:03:21

We tried our best. Yeah. Sorry, guys.

1:03:24

We're a little rusty. It's been like a few weeks since we had a list.

1:03:28

It's been a minute. Yeah, we need to get back into our groove and find the correct tangents.

1:03:34

As the orange president would say, we need to learn how to weave again.

1:03:41

That's great. Anyways, do you guys have any updates on your DeGen stuff?

1:03:51

Updates coming soon. I will say I'm giving a talk at OpNext in two weeks, I think, in Boston.

1:03:59

I'm going to leak a little bit of alpha, but it's okay, because everybody's

1:04:02

asleep already. Something that I think has been missing from a lot of the Covenant and SoftFork

1:04:09

discussion has been, how are people actually going to use these things post

1:04:15

-activation to build applications and tools and services?

1:04:20

Something that I think we saw happen with Taproot was Taproot activated, and

1:04:24

then it took a long time for things to start getting rolled out.

1:04:27

We just talked about Music finally just got merged into LibSec.

1:04:31

With any of these Covenant proposals, having developer tooling that you can use

1:04:36

to actually build stuff with it is something that's not a core part of the

1:04:42

conversation, but it's an important piece of actually realizing the benefits.

1:04:47

Something that we've been working on internally is, if we think Cat or

1:04:52

something like Cat is going to happen, how do you safely, reliably, and

1:04:58

effectively build complex applications that use these crazy Cat scripts?

1:05:03

So, a Cat speaking? Yeah, right. Man, that would have been a great name.

1:05:07

Where were you a while ago? Anyway, we're building some tooling internally to make it easier to compose Cat

1:05:15

scripts together. So, going to be talking about that, opening that up, but also just talking

1:05:20

about design principles and what are the parts of application development that

1:05:26

are really hard when you have complex Covenants and interactions between them?

1:05:32

There's a lot of stuff around witness building and stack management that just

1:05:36

gets really hard. I still don't understand why the JPEG people want Covenants or Cat.

1:05:46

Maybe I knew at some point, I kind of forgot, but why is it?

1:05:53

Yeah, I think there's kind of two or three different directions that the JPEG

1:06:00

people want to be able to do things in.

1:06:03

One direction is vaults.

1:06:06

If you have all your money in a small number of UTXOs in a Bitcoin wallet,

1:06:11

being able to have velocity control or some ability to claw back.

1:06:17

Something that the JPEG enjoyers are exposed to more frequently than other

1:06:24

users of Bitcoin is their Bitcoin wallets interacting with internet services.

1:06:32

You've got some JPEGs in your wallet, you want to prove that you have control

1:06:37

over them to some Discord bot, but you want to make sure that your JPEGs can't

1:06:42

be stolen. So having more sophisticated spending policy and having flow control or

1:06:48

velocity control over your wallet is something that I think is important for

1:06:53

all Bitcoiners, but it's felt acutely by the JPEG enjoyers.

1:06:57

And then also, I think people want to be able to do more complex kinds of

1:07:04

Bitcoin transactions with Bitcoin native assets.

1:07:07

So there's a service out there that'll let you borrow Bitcoin against your

1:07:12

JPEGs, using DLCs and using PSBTs.

1:07:17

It'd be really great to be able to make those multi-party or be able to

1:07:21

buy or sell those positions and just make them more liquid.

1:07:24

So I'd say security and more complicated kinds of contracts.

1:07:29

Okay, so it's not really JPEG specific because all this stuff is like things

1:07:34

that normal Bitcoiners want. Yeah, it's not JPEG specific.

1:07:38

It's just that the JPEG enjoyers have a market where you can buy and sell

1:07:44

things with Bitcoin that are, you know, incomparable with Bitcoin script.

1:07:50

So like you can do atomic trades in the same way that like you can't do

1:07:54

an atomic swap for like a car or a sandwich.

1:07:57

I know, but you can do that with like for like lightning contracts purposes,

1:08:02

right? Yeah, because like you guys are so cat oriented on the branding of the

1:08:08

wizarding that like I thought that was like something that was like very

1:08:12

specific to the JPEGs.

1:08:14

And it seems to me that everything you guys talking about is all sort of things

1:08:19

that every Bitcoiner wants. Yeah, I mean, I think, you know, the reason why we're pushing cat is it's like

1:08:26

a really general purpose construct.

1:08:29

So like we think that it might be a way to kind of get through some

1:08:33

of the bike shedding about like, oh, I want this proposal because it enables

1:08:37

thing X but not Y or somebody says I want this other thing that enables thing

1:08:41

Y but not Z. Cat kind of enables everything like everything's kind of annoying to do in cat,

1:08:47

but you can do it. And then if you can do it in cat, but it's a little bit clunky, then

1:08:52

we can actually go and look at what people are using it for on chain and

1:08:56

say, hey, look, this amount of block space is being used for vaults.

1:09:01

So maybe we should fork in op vault and make it more efficient or, oh, this,

1:09:05

you know, so much usage is going towards crazy lightning construction.

1:09:10

So maybe we should like optimize that. But instead of like, arguing about it from first principles, we can actually

1:09:15

use like the market to decide. And then the other thing that we like about cat is it's useful for things like,

1:09:22

you know, validating Merkle trees. And it's useful for like stitching parts of scripts together, which we think

1:09:28

are important for bridging to like other L2s where you can have different

1:09:32

transaction semantics than what lightning gives you or better or, you know,

1:09:37

more interesting than what lightning gives you. And then also cats are just very memeable, right?

1:09:42

I don't know, but again, like every single like, because I kind of like tuned

1:09:46

out a little bit of like controversies and things like that.

1:09:50

And like, yeah, there is literally nothing on that that sounds to me like

1:09:54

something either controversial that like JPEG disrespectors don't want, like

1:10:00

everything there like sounds great to me.

1:10:04

So I was just curious, you know, like it's like there is no gotcha.

1:10:08

OK, interesting. I mean, you know, like the first non-trivial cat covenant that we released was

1:10:15

a vault, right? Like the first cat covenant that I put on Twitter was this like circular thing

1:10:21

where you can only send the money back to yourself forever. But like the first one that we put on GitHub was like a vault.

1:10:26

And, you know, it's like I think the JPEG enjoyers want the same thing that

1:10:31

every Bitcoin or once they want to be able to like do more stuff with their

1:10:34

Bitcoin. Not lose UTXOs. Yeah, yeah.

1:10:37

And be able to say like, hey, there's a trade that we can do right now,

1:10:42

but it's very like capital inefficient because everything is a two is like a

1:10:45

two party trade. Yeah.

1:10:48

But what we really want to be able to do is say, put everybody in a

1:10:51

pile and make it like more capital efficient.

1:10:53

And it turns out that's also what you need for like payment infrastructure.

1:10:56

Right. So we're trying to build the same kind of primitives that I think all

1:11:00

Bitcoiners want. It's just we're doing it in a market where people are trading for meme coins

1:11:06

and JPEGs. Yeah, no, I mean, it's yeah, it's I'm always like weirded out when like the

1:11:13

controversy like exists where there isn't one.

1:11:17

I mean, I can understand that people who are against covenant, covenants is

1:11:20

right. Like that's very reasonable like position, right?

1:11:23

Like you don't want to change Bitcoin to have covenants like fair.

1:11:26

You know, lots of people don't want that. Cool.

1:11:30

So cat has nothing to do with the JPEGs.

1:11:33

It's just more Bitcoin or shit that happens to be useful to the JPEG enjoyers.

1:11:40

That's that clear is that.

1:11:42

All right, guys, listen, this this was great.

1:11:46

It was probably the fastest list we have ever done.

1:11:48

I really appreciate your time. I'm looking forward to seeing the covenant stuff and the cat stuff we're going

1:11:55

to be working on. I want to see covenants for for many reasons, as you guys all know.

1:11:59

And I've harped here enough about that before. And I hope to have you guys soon again on another list to to take a

1:12:08

lot of weaving tangents and and know you like a real person, as they call it.

1:12:15

That's right. That's right. Appreciate it, guys.

1:12:18

Thank you. Great. Thanks. Thank you.

1:12:21

Thank you, Ben. Thanks for listening.

1:12:26

For more resources, check the show notes.

1:12:28

We put a lot of effort into them. And remember, we don't have a crystal ball.

1:12:32

So let us know about your project. Visit Bitcoin.review to find out how to get in touch.