Welcome again Bitdevs Taiwan
We are at a our T7 location this month again, thanks to Evan!
Our special 21st Socratic Seminar event will be held at No. 563, Section 4, Zhongxiao E Rd, 新仁里 · Xinyi District
We will start the socratic seminar discussion with general introductions and follow with discussion on the latest bitcoin developents and news.
Learn about bitcoin development. Share, debate, and discuss trade offs in progress. We discuss a variety of developments, from industry updates and press releases, pull requests in popular git repositories (e.g. Bitcoin Core, lnd, c-lightning, rust-bitcoin, Joinmarket, WasabiWallet), research papers, technical blog posts, IRC logs, network monitors and more. Please add to the discussion topics on GitHub. We’d love to hear from you. After the event the we socialize over food and drinks.
我們每月舉辦的蘇格拉底式的研討會活動旨在促進辯論、信息共享和開放討論。在活動前幾週,聚會成員會從各種來源去整理討論主題:流行git倉儲(例如 Bitcoin Core、lnd、c-lightning、rust-bitcoin, Joinmarket、WasabiWallet)中的pull requests、研究論文、技術博客帖文、IRC 日誌、網絡監測等。經過一段時間的討論,一些活動會有來自開源項目、公司、研究和其他相關內容的介紹。隨後是反饋和問答部分。活動結束後,我們會在活動場地進行社交。
Update your nodes! Niklas Gögge posted to the Bitcoin-Dev mailing list a link to announcements of two vulnerabilities affecting versions of Bitcoin Core that have been past their end of life since at least October 2022. This follows a previous disclosure last month of older vulnerabilities (see Newsletter #310). We summarize the disclosures below:
Remote crash by sending excessive addr messages: before Bitcoin Core 22.0 (released September 2021), a node that was told about more than 232 other possible nodes would crash due to exhaustion of a 32-bit counter. This could be accomplished by an attacker sending a large number of P2P addr messages (at least 4 million messages). Eugene Siegel responsibly disclosed the vulnerability and a fix was included in Bitcoin Core 22.0. See Newsletter #159 for our summary of the fix, which was written without us knowing that it patched a vulnerability.
Remote crash on local network when UPnP enabled: before Bitcoin Core 22.0, nodes that enabled UPnP for automatically configuring NAT traversal (disabled by default due to previous vulnerabilities, see Newsletter #310) were vulnerable to a malicious device on the local network repeatedly sending variants of a UPnP message. Each message could result in the allocation of additional memory until the node crashed or was terminated by the operating system. An infinite loop bug in Bitcoin Core’s dependency miniupnpc was reported to the miniupnpc project by Ronald Huveneers, with Michael Ford discovering and responsibly disclosing how it could be used to crash Bitcoin Core. A fix was included in Bitcoin Core 22.0.
Additional vulnerabilities affecting later versions of Bitcoin Core are expected to be disclosed in a few weeks.
Robert F. Kennedy Jr. delivers a groundbreaking speech Bitcoin 2024, outlining his vision for integrating Bitcoin into America’s economic and national security strategies. As an independent presidential candidate, RFK Jr. proposes bold initiatives including making the US government a major Bitcoin holder, eliminating taxes on Bitcoin transactions, and using Bitcoin mining to incentivize green energy production.
Taiwan Regulators publishes guidelines for platforms offering virtual assets. Surprisingly these guidelines are specific to not include Bitcoin. This could be a start of interesting developments on how Taiwan treats Bitcoin.
Peter Todd announced that his pull request was merged. Default behavior for nodes will be mempoolfullrbf=1
Default settings are important (datacarrier changes are still not in Core)
Another release of Core
“Bitcoin Core version v27.1 is now available from: https://bitcoincore.org/bin/bitcoin-core-27.1/ or through BitTorrent (magnet link),” announced the project. “This release includes various bug fixes and performance improvements, as well as updated translations. Please report bugs using the issue tracker at GitHub.”
note: I think some of Taiwan BitDevs traditional chinese transaltions made it in github
This issue announces an upcoming disclosure of Bitcoin Core vulnerabilities, and describes: a draft BIP for testnet4, functional encryption covenants, proposed updates to 64-bit arithmetic in Bitcoin Script, looks at OP_CAT script to validate proof of work, as well as proposed update to BIP21.
“Several members of the Bitcoin Core project discussed on IRC a proposed policy for disclosing vulnerabilities that affected older versions of Bitcoin Core…” “After this policy has a chance to be further discussed, it is the intention of the project to begin disclosing vulnerabilities affecting Bitcoin Core 24.x and below. It is strongly recommended that all users and administrators upgrade to Bitcoin Core 25.0 or above within the next two weeks.”
U.S. Senator Cynthia Lummis introduced the Boosting Innovation, Technology, and Competitiveness through Optimized Investment Nationwide (BITCOIN) Act’ in the U.S. Senate.
The Act proposes establishing a decentralized network of secure Bitcoin storage facilities managed by the U.S. Department of Treasury, ensuring compliance with statutory requirements for high levels of physical and cybersecurity. The program aims to acquire up to 1 million Bitcoins over five years, purchasing no more than 200,000 Bitcoins annually, similar in size and scope to U.S. gold reserves. The bill specifies a minimum holding period of 20 years, during which no Bitcoins held in the reserve may be sold or auctioned.
In this tutorial I will share the steps to use electrum plugin for joinstr on Ubuntu. First step is to get the latest version of electrum. Run the below commands so that electrum can be used:
congrats to Evan!
Case Documents (Dutch) News Article
Proton, the privacy-focused Swiss technology company, is launching Proton Wallet, an open-source, E2E-encrypted, and self-custodial Bitcoin wallet.
The product is currently available to Proton Visionary and Lifetime plan users. Other users can sign up to an early waitlist or receive an invite from an active Proton Wallet user.
Always great to see contributions to Bitcoin Development
“HRF’s latest batch of grants focus on education for people living under authoritarian regimes, privacy and Lightning development, decentralized communications, and providing nonprofits and human rights groups with easier onramps to financial freedom tools. Areas of focus include key countries and regions in Latin America, the Middle East, Asia, and Africa,” announcement reads. These are the projects receiving financial aid from the HRF:
utreexod is a full node bitcoin implementation with support for utreexo accumulators. It enables immediate node bootstrap by having the UTXO state hardcoded into the codebase, uses a tiny amount of memory, and has a low disk i/o.
Key features:
utreexo proponent Calvin Kim attended Taipei Bitcoin Tech Summit 2023 with Taiwan BitDevs
A solo Bitcoin miner with 3 TH/s has mined block 853742, overcoming odds of 1 in 1.2 million and earning 3.192 BTC (approximately $200,000). 1 in 3,500 year odds!
“Using BOLT12 also allows us to prove to the world that a payment was made, the size of the payment, the node to which it was paid, and that it was paid by us. This means we can continue to offer fully transparent and verifiable pooled mining while no longer being restricted by the base layer.”
“Pools traditionally have held miners’ bitcoins like a bank, while on-chain Bitcoin transactions get increasingly expensive as the demand for Bitcoin rises. For small miners, the problem is exacerbated since in some cases the cost of the transaction fee is higher than the reward that they earn. This is unsustainable because it creates lock-in to custodial pools. OCEAN helps overcome this risk using Lightning,” OCEAN co-founder Luke Dashjr said.
Announcement Press Release Documentation]
“Looking at the merkle branches that mining pools send to miners as part of stratum jobs, it’s clear that the BTCcom pool, Binance pool, Poolin, EMCD, Rawpool, and possibly Braiins* have exactly the same template and custom transaction prioritization as AntPool,” analyst 0xB10C recently shared in a post.
note: pooled mining is surprisingly something that wasn’t unexpected
Apple’s App Store continues to publish fraudulent apps that mimic popular Bitcoin wallets, leading to the theft of money from unsuspecting users.
Attack Scenarios
nobsbitcoin article Electrum Tips
In October, The New York Times published an article detailing some of the security concerns around a Cheyenne-based crypto-mining operation with Chinese origins located within one mile of F.E. Warren Air Force Base.
On Monday, The White House released a statement ordering the sale of land to the company be reversed, citing a national security risk.
The purchasers acquired the land from Cheyenne LEADS in June 2022, and then made improvements to allow for specialized cryptocurrency mining operations. The land is in close proximity to F.E. Warren, a strategic missile base and home to Minuteman III intercontinental ballistic missiles.droid
Mutiny Wallet to shut down EOY
The RoboSats Federation is a set of rules that allows multiple RoboSats instances to work together under a unified client app. This federated client app enables users to seamlessly interact with any coordinator, track the coordinator reputation, verify transparently devFund donations, and more.g the current cost-less-impairment accounting model for many entities.
nobsbitcoin article Announcement
“It’s true, you can write bitcoin smart contracts in Assembly now instead of learning boolean logic circuits,” wrote @Super Testnet. Someone also wrote a multiplication function for this virtual CPU
Strike offers global remittance through the Bitcoin Network, using Lightning. Strike allows Taiwan users to register and supports VISA debit card deposits. Balances are only held in USD Strike currently has no banking relationships in Taiwan
Why this is a CVE - the software which creates these OP_IF/FALSE/PUSH transactions circumvents the existing filters, and there is no such mechanism is in place to to recognize these transactions as non-standard (there are no configuration options to address this).
datacarrier and datacarrier size parameters in bitcoin.conf does not include inscription transactions
Companies and individuals maintain their own versions of Bitcoin software and should be monitoring vulnerabilities across their stack. Ultimately everyone can decide whether or not a CVE applies to them, whether or not vulnerability should be classified as such is not the issue, it is a situation to address.
There is a patch available as commit #28408, the patch does not censor ordinals, it simply subjects an expanded set of transactions which inscribe data onto the blockchain to go through the same filters as before. The miners aligned with the patch are forgoing mining fees to run this filter.
Nodes which apply the patch have the drawbacks of fee-estimations being off and slower block validation times.
Note: demonstration available on how to apply the patch (homework!)
Discover and show support to some of the latest Bitcoin grassroots projects and initiatives launched via the Geyser crowdfunding platform.
The Satoshi Nakamoto Institute was founded in November 2013 to advance and preserve knowledge of Bitcoin’s history, economics, and technology.
SNI is a Texas nonprofit corporation exempt from tax under Section 501(c)(3) and classified as a public charity.
Taiwan BitDevs would like to explore Nostr with the audience by generating an npub with the audience present to follow along. Nostr stands for “notes and other stuff transmitted over relays” it is a protocol designed around censorship resistance which can be used for social media. Nostr is a lot of fun and a great way to use Lightning Network (NIP-57 / zaps / LNURL)
Theres an LNBits extension that allows you to list and shop for goods using nostr relays and get paid through Bitcoin/Lightning