"Making sure that you're solving the right problem is 95% of the game." ~ Rijndael
What does the recent closure of 10101 tell us about markets and product/service demand in the #bitcoin world?
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 and nostr:npub1mxrssnzg8y9zjr6a9g6xqwhxfa23xlvmftluakxqatsrp6ez9gjssu0htc offer their thoughts in BR075.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 and nostr:npub1hea99yd4xt5tjx8jmjvpfz2g5v7nurdqw7ydwst0ww6vw520prnq6fg9v2 discuss why multi-vendor multisig is the best approach to defend against malicious vendors and supply chain attacks in BR076.
A Vulnerability was recently found in musig implementation of nBitcoin.Secp256k1.
The vulnerability was in the nBitcoin library which BTCPay Server uses (but is unlikely to affect users).
nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw , nostr:npub1hea99yd4xt5tjx8jmjvpfz2g5v7nurdqw7ydwst0ww6vw520prnq6fg9v2 , nostr:npub1u8lnhlw5usp3t9vmpz60ejpyt649z33hu82wc2hpv6m5xdqmuxhs46turz and nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 share their thoughts in BR076.
Hezbollah is hit by a wave of exploding pagers in sophisticated remote attack.
What does this tell us about the security and trust necessary in supply chains? nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw and nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 share their thoughts in BR076.
Recent #Bitcoin Core vulnerability disclosure demonstrates that pre v24.0.1, a DoS attack could remotely crash nodes by spamming them with low-difficulty header chains, affecting nodes storing blockchain headers in memory.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 , nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw and nostr:npub1hea99yd4xt5tjx8jmjvpfz2g5v7nurdqw7ydwst0ww6vw520prnq6fg9v2 give their take in BR076.
Many are beginning to experience the potential of nostr for social media, but have you heard about Nostr Wallet Connect?
NWC allows you to control your LN wallet through nostr.
Are nostr authenticated e-commerce checkouts the next big feature? nostr:npub1u8lnhlw5usp3t9vmpz60ejpyt649z33hu82wc2hpv6m5xdqmuxhs46turz thinks so. [BR076].
Timelocks allow #bitcoin hodlers to introduce time as an element into their bitcoin security.
In BR076, nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw gives a broad level overview of the two types of timelocks, and how they work.
Is it time for Github to go nostr?
ngit is a command-line tool to send and review patches via nostr: https://gitworkshop.dev/ngit
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 , nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw and nostr:npub1u8lnhlw5usp3t9vmpz60ejpyt649z33hu82wc2hpv6m5xdqmuxhs46turz discuss the potential benefits of a decentralised GitHub .
🚀 BR076 - Sparrow, AnchorWatch, Exploding Pagers, Bitcoin Core Spam Attack, Ark goes mainnet, NBitcoin Secp256k1 Vulnerability + MORE ft. nostr:npub1hea99yd4xt5tjx8jmjvpfz2g5v7nurdqw7ydwst0ww6vw520prnq6fg9v2 , nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw , nostr:npub1u8lnhlw5usp3t9vmpz60ejpyt649z33hu82wc2hpv6m5xdqmuxhs46turz & nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8
Listen to the episode:
➡️ Fountain: https://fountain.fm/episode/mtliXmqO4RstptPR9ecM
➡️ Spotify: https://tinyurl.com/mw4e5ud5
➡️ Amazon: https://tinyurl.com/bdfujyv7
➡️ Apple: https://tinyurl.com/mva6r4e9
➡️ YouTube: https://youtu.be/24OiD7-BiU8
Shownotes:
➡️ Website: https://bitcoin.review/podcast/episode-76/
➡️ Substack: https://open.substack.com/pub/bitcoinreview/p/br076-sparrow-anchorwatch-exploding
Rob explains the paradigm shift in what AnchorWatch is doing by leveraging miniscript. 👇
Signing transactions is generally very fast from a consumer experience standpoint. Does this mean that we have wiggle room to do additional cryptography in order to mitigate against nonce attacks?
nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw thinks so, as he explains in BR073.
How do we move forward and create superior user experience whilst maintaining and prioritizing security when it comes to using signing devices?
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 discusses this question with nostr:npub1hea99yd4xt5tjx8jmjvpfz2g5v7nurdqw7ydwst0ww6vw520prnq6fg9v2 in BR073.
Most real world high value attacks use a combination of techniques. Several tools are normally combined to pull off the attack.
nostr:npub1mxrssnzg8y9zjr6a9g6xqwhxfa23xlvmftluakxqatsrp6ez9gjssu0htc and nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 discuss how some of these attacks play out, and the level of sophistication that can be involved.
What could signers do to address some of the shortcomings of signing a transaction?
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 goes *reverse* feature request on nostr:npub1hea99yd4xt5tjx8jmjvpfz2g5v7nurdqw7ydwst0ww6vw520prnq6fg9v2 , discussing how the improvements on the hardware side could complement the UX of the client (whilst maintaining security!)
⚠️ RAMBO Attack Steals Sensitive Data from Air-gapped Systems 🔒
A new exploit manipulates RAM to transmit sensitive data through electromagnetic waves.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 and nostr:npub1p4kg8zxukpym3h20erfa3samj00rm2gt4q5wfuyu3tg0x3jg3gesvncxf8 discuss the attack, and how we should consider it when it comes to #bitcoin security, in BR075.
Different hardware has different tradeoffs when it comes to #bitcoin security.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 and Lloyd Fournier discuss some of those tradeoffs when it comes to ESP32 in BR073.
#COLDCARD just got a firmware upgrade!
✅XOR from Seed Vault
✅Seed scanning from SeedQR
✅Unsorted multisig
✅Airgapped multisig coordinator with BBQr
✅Share any file from SD card via QR/BBQr
✅Optimizations and speed
✅libsecp256k1 bumped to latest 0.5.0
✅Improvements in signature grinding algo
✅Improved side-channel protection
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 of nostr:npub1wu4aye7ll0lnrrg638e90sehzsgpzx5t39t3mwl05aa0d0ap08esdz3vw0 talks through the latest release in BR075.
🚀 BR075 - Bitcoin Core, COLDCARD, BitKit, RAMBO Attack, Chinese Hardware Backdoors, Nostr Censorship?! + MORE ft. nostr:npub1p4kg8zxukpym3h20erfa3samj00rm2gt4q5wfuyu3tg0x3jg3gesvncxf8, nostr:npub1mxrssnzg8y9zjr6a9g6xqwhxfa23xlvmftluakxqatsrp6ez9gjssu0htc & nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8
Listen to the episode:
➡️ Fountain: https://fountain.fm/episode/iUJfWvpxPGjm6Z7AUsy0
➡️ Spotify: https://tinyurl.com/2fmcw2ak
➡️ Amazon: https://tinyurl.com/5yzjc8yt
➡️ Apple: https://tinyurl.com/yz6fc9tf
➡️ YouTube: https://youtu.be/xl-hyGGaLmM
Shownotes:
➡️ Website: https://bitcoin.review/podcast/episode-75
➡️ Substack: https://open.substack.com/pub/bitcoinreview/p/bitcoin-review-podcast-br075-bitcoin
Is the dawn of nostr censorship here?! NVK and guess discuss the recent development of nostr:npub1rtlqca8r6auyaw5n5h3l5422dm4sry5dzfee4696fqe8s6qgudks7djtfs being tagged for hate speech on nos social. And ask the important question... when Commie Meter™? 👇
Confused about Florestra, ZeroSync, Utreexo?
nostr:npub1mxrssnzg8y9zjr6a9g6xqwhxfa23xlvmftluakxqatsrp6ez9gjssu0htc gives a fantastic TLDR on what these technologies are, and how they are reducing hardware requirements of validating nodes, in BR074.
In light of the recent successful extraction of Intel SGX Fuse Keys, is it time to steer clear?
nostr:npub1mxrssnzg8y9zjr6a9g6xqwhxfa23xlvmftluakxqatsrp6ez9gjssu0htc and nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 give their take, and stress the importance of combining various security measures in BR074.
The podcastindex FUD from NVK is crazy. 🤪
https://fountain.fm/episode/meY9nyt70HnirLta6MZC
nostr:nevent1qvzqqqpxquqzqqhv3eypgsw77g04vmeaz6rzlvr45rasmy6s4d9gfhpv5qgqqusw4lkc2g
Sorry it came out that way. We don't know too much about it. From the outside it's just a centralized service. We are excited about decentralization.