Sign up to save your podcasts
Or
Share Nostr Compass Podcast #23
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Nostr Compass Podcast #23
### News
- **00:00 Intro**
This episode follows Nostr Compass #23 across top stories, shipping releases, in-development work, protocol proposals, and deep dives on NIP-07 and NIP-39.
- **00:15 Primal 3.5 for Android**
Primal shipped 3.5.9 with a rebuilt application shell, a dedicated Explore screen, inline audio playback for link previews, inline NIP-05 verification badges, notification filtering overhaul, and editor and database stability fixes.
- **01:21 White Noise: markdown, deep links, and audio metadata**
White Noise added markdown rendering in PR #665, leave-group flow fixes in PR #675, and whitenoise:// deep links in PR #661. Backend work in whitenoise-rs PR #835 and PR #833 covers kind 30443 key package rotation and audio metadata, with MDK PR #300 and Marmot spec PR #68 security fixes.
- **03:43 Amethyst v1.10.0: Onchain Bitcoin Zaps**
Amethyst v1.10.0 adds NIP-BC onchain Bitcoin zaps for send, receive, and display, with onchain zapper UI in PR #2977 and transaction history work in PR #2974. Earlier releases fixed Blossom blob detection and desktop ProGuard rules.
- **05:37 AgentNoise: control coding agents over White Noise**
AgentNoise v0.1.24 is a Rust desktop helper that uses White Noise chats as a control surface for local Codex and Claude coding sessions, driving wn and wnd from whitenoise-rs with PIN-gated sender authentication.
- **07:29 Keycast security audit complete**
Keycast completed a May 2026 security audit documented in AUDIT.md, tightening NIP-98 auth validation, ALLOWED_PUBKEYS enforcement, default-deny empty policies, SQLite foreign keys, and nested route protection.
- **09:02 Scramble: Marmot client for desktop and Android**
Scramble (formerly OpenChat) shipped 13 releases with multi-device Marmot support via unique kind 30443 KeyPackage slots, admin-gated auto-add, forward-secrecy disclosure for newly linked devices, and external signer reconnect fixes for NIP-46 and Amber users.
- **10:39 Hostr: P2P rental accommodation on Nostr**
Hostr is a peer-to-peer rental platform on Nostr covering listings, reservation negotiation, and EVM escrow settlement through four in-development NIPs extending NIP-99 listings, kind 32122 reservations, kind 30303 escrow advertisements, and marketplace profile tags, with app store submission prep and MCP client identity support this week.
### Releases
- **13:10 ngit v2.4.4**
ngit v2.4.4 adds `ngit sync --trust-server` for cases where a git server is fast-forward ahead of Nostr state, with optional `nostr.trust-server-domains` allowlist configuration.
- **13:52 Amber v6.1.0-pre3 adds PSBT signing**
Amber v6.1.0-pre3 adds PSBT signing through Intent and NIP-46 paths in PR #438, plus connect-flow layout fixes and permissions select/deselect-all support.
- **14:36 Wisp v1.1.0 ships private replies and drops Amber support**
Wisp v1.1.0 adds private replies via NIP-17 in PR #540, gift-wrapped reactions and DIP-03 zaps in PR #543, and auto-translate in PR #523, while removing NIP-55 signer support in PR #531.
- **15:26 Calendar by Formstr v1.5.4 fixes gift wrap for new participants**
Calendar by Formstr v1.5.4 fixes missing gift wrap delivery when adding participants in PR #160, with decryption error handling in PR #156 and timezone drift fixes in PR #138.
- **16:17 Applesauce v6.1.0 adds NIP-34 git casts and NIP-51 lookup relays**
Applesauce v6.1.0 adds NIP-34 git repository casts, NIP-51 kind 10086 lookup relay lists, replaceable address helpers, and offline relay fixes in PR #73.
- **17:11 Sprout v0.0.16 ships Sprig binary and huddle protocol v2**
Sprout v0.0.16 ships the Sprig all-in-one binary in PR #605, huddle voice protocol v2 for up to 10 peers in PR #609, and a `--no-memory` harness flag in PR #611.
- **17:48 Nostrord v1.0.3 adds OS keychain and multi-account**
Nostrord v1.0.3 hardens local key storage with OS keychain and passphrase fallback, adds multi-account support, and ships a tappable bunker QR code for Android signer apps.
- **18:15 Angor migrates to NIP-44 and ships security hardening**
Angor shipped v0.2.24 through v0.2.26 with NIP-44 migration in PR #860, Blossom uploads without wallet selection in PR #861, and security hardening across PR #854, PR #856, and PR #851.
- **19:07 Alby js-sdk v8.0 ships NWC multi-relay reconnect**
Alby js-sdk v8.0.1 through v8.0.3 adds native NWC multi-relay reconnect in PR #516, injectable logging in PR #542, and drops the WebSocket polyfill for Node.js 22+.
- **19:55 KeyChat v1.41.1 fixes forward secrecy**
KeyChat v1.41.1+6513 deletes Signal one-time prekeys immediately after successful decryption, adds URL preview for single-link messages, centralizes media auto-download under a 20 MB threshold, and refreshes NIP-11 relay info on cold start.
### Project Updates
- **24:39 Citrine implements NIP-70 enforcement and signer-based AUTH**
Citrine merged NIP-70 repost blocking in PR #151, connection address display in PR #149, and NIP-42 AUTH via external signer in PR #141.
- **25:20 Mostro reaches Phase 2 of its anti-abuse bond rollout**
Mostro Phase 2 lands solver-directed bond slash logic in PR #737, building on Phase 1.5 PayBondInvoice and WaitingTakerBond work in PR #736 and mobile UX in PR #592.
- **25:43 Damus restores relay signal indicator and reconnect behavior**
Damus merged relay signal indicator restoration in PR #3773 and reconnect fixes after initial connection failure in PR #3775.
- **25:55 rust-nostr adds event finalization traits and NIP-46 race fix**
rust-nostr added event finalization traits in PR #1358 and fixed a NIP-46 subscribe-before-connect race in PR #1363.
- **26:30 dart-nostr adds Namecoin .bit relay resolver and TLSA pin records**
dart-nostr merged PR #44 adding .bit relay resolution and TLSA pin records for wss://example.bit/ WebSocket URLs.
- **26:44 Dart NDK adds NIP-77, web signer support, and NIP-17 DM relay lookup**
Dart NDK merged NIP-77 in PR #464, web signer support in PR #602 and PR #601, kind 10050 DM relay lookup in PR #608, and NIP-46 field preservation in PR #600.
- **27:19 Pages by Form tightens encrypted attachment and document flows\***
Pages by Form\* merged PR #37 inlining encrypted Blossom attachments in DOCX, HTML, and PDF exports, plus local search in PR #39 and shared backup fixes in PR #40.
- **29:27 Zap Cooking begins a feed overhaul with NIP-92 imeta parsing**
Zap Cooking merged PR #396 introducing NIP-92 imeta parsing and a canonical blurhash decoder as the first phase of a feed overhaul.
- **29:47 Nurunuru v1.5.0 syncs Native and Web**
Nurunuru merged PR #176 syncing Native and Web builds with birthday notifications, mutual-follow zap detection, custom emoji reaction UX, and recommendation engine filtering improvements.
### NIP Updates
- **30:57 PR #2251 tightens the NIP-70 protected events spec — Open**
PR #2251 clarifies that relays must reject reposts embedding full content from NIP-70 protected events, closing ambiguity in the original spec.
- **31:36 PR #1653 proposes a Drafts NIP for private synced drafts — Open**
PR #1653 proposes replaceable draft events with draft status and NIP-44 self-encryption so works in progress sync across devices without public visibility.
- **32:04 Snapshots (PR #2279) proposes immutable snapshots for replaceable events — Open**
PR #2279 proposes immutable snapshot events preserving exact replaceable event versions with an `a` tag link back to the addressable coordinate.
- **33:08 Namecoin NIP-05 wave — Open**
A coordinated .bit NIP-05 push landed open-source PRs against Aegis (#14), nostter (#2128), and dart-nostr (#44), alongside upstream NIP draft PR #2349. The Aegis PR places verification on the producer side, checking the Namecoin chain before signing kind 0 events that claim a .bit identity.
### NIP Deep Dives
- **33:38 NIP Deep Dive: NIP-07 (window.nostr for Web Browsers)**
NIP-07 defines `window.nostr.getPublicKey()` and `window.nostr.signEvent()` so browser extensions sign events without exposing nsecs to pages, with optional NIP-04 and NIP-44 encrypt/decrypt methods. Keycast uses NIP-07 for NIP-98 HTTP auth, and extensions like Alby, nos2x, Flamingo, and horse implement the interface.
- **36:10 NIP Deep Dive: NIP-39 (external identities in profiles)**
NIP-39 defines kind 10011 events with `i` tags asserting external platform identities using verifiable proofs such as GitHub Gists, tweets, or Mastodon posts. Clients fetch public artifacts independently to confirm ownership, providing a relay-agnostic cross-reference layer complementary to this week's Namecoin .bit NIP-05 work.
View all episodes
By Nostr Compass### News
- **00:00 Intro**
This episode follows Nostr Compass #23 across top stories, shipping releases, in-development work, protocol proposals, and deep dives on NIP-07 and NIP-39.
- **00:15 Primal 3.5 for Android**
Primal shipped 3.5.9 with a rebuilt application shell, a dedicated Explore screen, inline audio playback for link previews, inline NIP-05 verification badges, notification filtering overhaul, and editor and database stability fixes.
- **01:21 White Noise: markdown, deep links, and audio metadata**
White Noise added markdown rendering in PR #665, leave-group flow fixes in PR #675, and whitenoise:// deep links in PR #661. Backend work in whitenoise-rs PR #835 and PR #833 covers kind 30443 key package rotation and audio metadata, with MDK PR #300 and Marmot spec PR #68 security fixes.
- **03:43 Amethyst v1.10.0: Onchain Bitcoin Zaps**
Amethyst v1.10.0 adds NIP-BC onchain Bitcoin zaps for send, receive, and display, with onchain zapper UI in PR #2977 and transaction history work in PR #2974. Earlier releases fixed Blossom blob detection and desktop ProGuard rules.
- **05:37 AgentNoise: control coding agents over White Noise**
AgentNoise v0.1.24 is a Rust desktop helper that uses White Noise chats as a control surface for local Codex and Claude coding sessions, driving wn and wnd from whitenoise-rs with PIN-gated sender authentication.
- **07:29 Keycast security audit complete**
Keycast completed a May 2026 security audit documented in AUDIT.md, tightening NIP-98 auth validation, ALLOWED_PUBKEYS enforcement, default-deny empty policies, SQLite foreign keys, and nested route protection.
- **09:02 Scramble: Marmot client for desktop and Android**
Scramble (formerly OpenChat) shipped 13 releases with multi-device Marmot support via unique kind 30443 KeyPackage slots, admin-gated auto-add, forward-secrecy disclosure for newly linked devices, and external signer reconnect fixes for NIP-46 and Amber users.
- **10:39 Hostr: P2P rental accommodation on Nostr**
Hostr is a peer-to-peer rental platform on Nostr covering listings, reservation negotiation, and EVM escrow settlement through four in-development NIPs extending NIP-99 listings, kind 32122 reservations, kind 30303 escrow advertisements, and marketplace profile tags, with app store submission prep and MCP client identity support this week.
### Releases
- **13:10 ngit v2.4.4**
ngit v2.4.4 adds `ngit sync --trust-server` for cases where a git server is fast-forward ahead of Nostr state, with optional `nostr.trust-server-domains` allowlist configuration.
- **13:52 Amber v6.1.0-pre3 adds PSBT signing**
Amber v6.1.0-pre3 adds PSBT signing through Intent and NIP-46 paths in PR #438, plus connect-flow layout fixes and permissions select/deselect-all support.
- **14:36 Wisp v1.1.0 ships private replies and drops Amber support**
Wisp v1.1.0 adds private replies via NIP-17 in PR #540, gift-wrapped reactions and DIP-03 zaps in PR #543, and auto-translate in PR #523, while removing NIP-55 signer support in PR #531.
- **15:26 Calendar by Formstr v1.5.4 fixes gift wrap for new participants**
Calendar by Formstr v1.5.4 fixes missing gift wrap delivery when adding participants in PR #160, with decryption error handling in PR #156 and timezone drift fixes in PR #138.
- **16:17 Applesauce v6.1.0 adds NIP-34 git casts and NIP-51 lookup relays**
Applesauce v6.1.0 adds NIP-34 git repository casts, NIP-51 kind 10086 lookup relay lists, replaceable address helpers, and offline relay fixes in PR #73.
- **17:11 Sprout v0.0.16 ships Sprig binary and huddle protocol v2**
Sprout v0.0.16 ships the Sprig all-in-one binary in PR #605, huddle voice protocol v2 for up to 10 peers in PR #609, and a `--no-memory` harness flag in PR #611.
- **17:48 Nostrord v1.0.3 adds OS keychain and multi-account**
Nostrord v1.0.3 hardens local key storage with OS keychain and passphrase fallback, adds multi-account support, and ships a tappable bunker QR code for Android signer apps.
- **18:15 Angor migrates to NIP-44 and ships security hardening**
Angor shipped v0.2.24 through v0.2.26 with NIP-44 migration in PR #860, Blossom uploads without wallet selection in PR #861, and security hardening across PR #854, PR #856, and PR #851.
- **19:07 Alby js-sdk v8.0 ships NWC multi-relay reconnect**
Alby js-sdk v8.0.1 through v8.0.3 adds native NWC multi-relay reconnect in PR #516, injectable logging in PR #542, and drops the WebSocket polyfill for Node.js 22+.
- **19:55 KeyChat v1.41.1 fixes forward secrecy**
KeyChat v1.41.1+6513 deletes Signal one-time prekeys immediately after successful decryption, adds URL preview for single-link messages, centralizes media auto-download under a 20 MB threshold, and refreshes NIP-11 relay info on cold start.
### Project Updates
- **24:39 Citrine implements NIP-70 enforcement and signer-based AUTH**
Citrine merged NIP-70 repost blocking in PR #151, connection address display in PR #149, and NIP-42 AUTH via external signer in PR #141.
- **25:20 Mostro reaches Phase 2 of its anti-abuse bond rollout**
Mostro Phase 2 lands solver-directed bond slash logic in PR #737, building on Phase 1.5 PayBondInvoice and WaitingTakerBond work in PR #736 and mobile UX in PR #592.
- **25:43 Damus restores relay signal indicator and reconnect behavior**
Damus merged relay signal indicator restoration in PR #3773 and reconnect fixes after initial connection failure in PR #3775.
- **25:55 rust-nostr adds event finalization traits and NIP-46 race fix**
rust-nostr added event finalization traits in PR #1358 and fixed a NIP-46 subscribe-before-connect race in PR #1363.
- **26:30 dart-nostr adds Namecoin .bit relay resolver and TLSA pin records**
dart-nostr merged PR #44 adding .bit relay resolution and TLSA pin records for wss://example.bit/ WebSocket URLs.
- **26:44 Dart NDK adds NIP-77, web signer support, and NIP-17 DM relay lookup**
Dart NDK merged NIP-77 in PR #464, web signer support in PR #602 and PR #601, kind 10050 DM relay lookup in PR #608, and NIP-46 field preservation in PR #600.
- **27:19 Pages by Form tightens encrypted attachment and document flows\***
Pages by Form\* merged PR #37 inlining encrypted Blossom attachments in DOCX, HTML, and PDF exports, plus local search in PR #39 and shared backup fixes in PR #40.
- **29:27 Zap Cooking begins a feed overhaul with NIP-92 imeta parsing**
Zap Cooking merged PR #396 introducing NIP-92 imeta parsing and a canonical blurhash decoder as the first phase of a feed overhaul.
- **29:47 Nurunuru v1.5.0 syncs Native and Web**
Nurunuru merged PR #176 syncing Native and Web builds with birthday notifications, mutual-follow zap detection, custom emoji reaction UX, and recommendation engine filtering improvements.
### NIP Updates
- **30:57 PR #2251 tightens the NIP-70 protected events spec — Open**
PR #2251 clarifies that relays must reject reposts embedding full content from NIP-70 protected events, closing ambiguity in the original spec.
- **31:36 PR #1653 proposes a Drafts NIP for private synced drafts — Open**
PR #1653 proposes replaceable draft events with draft status and NIP-44 self-encryption so works in progress sync across devices without public visibility.
- **32:04 Snapshots (PR #2279) proposes immutable snapshots for replaceable events — Open**
PR #2279 proposes immutable snapshot events preserving exact replaceable event versions with an `a` tag link back to the addressable coordinate.
- **33:08 Namecoin NIP-05 wave — Open**
A coordinated .bit NIP-05 push landed open-source PRs against Aegis (#14), nostter (#2128), and dart-nostr (#44), alongside upstream NIP draft PR #2349. The Aegis PR places verification on the producer side, checking the Namecoin chain before signing kind 0 events that claim a .bit identity.
### NIP Deep Dives
- **33:38 NIP Deep Dive: NIP-07 (window.nostr for Web Browsers)**
NIP-07 defines `window.nostr.getPublicKey()` and `window.nostr.signEvent()` so browser extensions sign events without exposing nsecs to pages, with optional NIP-04 and NIP-44 encrypt/decrypt methods. Keycast uses NIP-07 for NIP-98 HTTP auth, and extensions like Alby, nos2x, Flamingo, and horse implement the interface.
- **36:10 NIP Deep Dive: NIP-39 (external identities in profiles)**
NIP-39 defines kind 10011 events with `i` tags asserting external platform identities using verifiable proofs such as GitHub Gists, tweets, or Mastodon posts. Clients fetch public artifacts independently to confirm ownership, providing a relay-agnostic cross-reference layer complementary to this week's Namecoin .bit NIP-05 work.