Damus
Open in Damus
Nostr Compass profile picture
Nostr Compass

Nostr Compass Podcast #5

Article header image

Bitchat completes Cure53 security audit with 17+ PRs fixing critical findings. NIP-71 addressable video merged. Post-quantum cryptography NIP opens. Amethyst v1.05.0 ships bookmarks.

#Nostr Compass#Podcast

This week we cover Bitchat's security audit by Cure53, which found 12+ security issues including uncleared Diffie-Hellman secrets and signature verification gaps. The team responded with 17+ pull requests fixing forward secrecy, thread safety, and memory exhaustion vulnerabilities. NIP-71 merges bringing addressable video events with update-in-place metadata. A post-quantum cryptography NIP proposes ML-DSA-44 and Falcon-512 signatures with ML-KEM key agreement to protect against future quantum attacks. We also discuss the BOLT12 offers debate and the Audio Track NIP for standardizing music and podcast events. Our NIP deep dive covers NIP-51 bookmark lists and NIP-65 relay metadata, explaining how both use replaceable events for organizing content and connections. Amethyst v1.05.0 ships bookmark support, voice notes, Web of Trust scores, Quartz database migration, and an early desktop release. Nostur v1.25.3 improves NIP-17 DMs with reactions, replies, and NIP-46 remote signer support.

00:00 - Introduction to Nostr Compass Episode 5 01:01 - BitChat Security Audit Insights: Cure53 findings and 17+ PRs fixing DH secret clearing, signature verification, and thread safety 04:42 - NIP-71 Addressable Video Event: kinds 34235/34236 with updateable metadata via d tags 06:12 - Open PRs: Post-Quantum Cryptography proposal with ML-DSA-44, Falcon-512, and ML-KEM for quantum-resistant signing 18:25 - NIP-51 and NIP-65: Enhancing Usability through bookmark lists and relay metadata for organizing content and connections 22:30 - How to Handle Bolt 12 Offers for NIP-47 Nostr Wallet Connect: Community decision to create dedicated NIP for BOLT12 offers 26:03 - Audio Track NIP: Standardizing music (32100) and podcast (32101) events for interoperability across Wavlake, Zapstr, and Stemstr 42:16 - Amethyst Version 1.05 Release Highlights: Bookmarks, voice notes, Web of Trust scores, Quartz migration, desktop release 44:13 - Nostur v1.25.3: NIP-17 DM improvements with reactions and replies 45:11 - NIP-46 Remote Signer Support: Nostur and Primal iOS add bunker support for off-device key management 46:52 - Code and Documentation Changes: Citrine SQL injection fix, rust-nostr NIP-62 expansion, NDK subscription tracking, Damus iOS 17 crash fix 53:04 - Conclusion and Future Developments