Avatar
QnA 2y ago

nostr:npub1t0nyg64g5vwprva52wlcmt7fkdr07v5dr7s35raq9g0xgc0k4xcsedjgqv nostr:npub1u8lnhlw5usp3t9vmpz60ejpyt649z33hu82wc2hpv6m5xdqmuxhs46turz (couldn't find Paul) nostr:npub1mutnyacc9uc4t5mmxvpprwsauj5p2qxq95v4a9j0jxl8wnkfvuyque23vg

VERY impressed with Mutiny so far guys, awesome work 👏. I hate to be 'that guy', especially as you guys are still so early, but knowing how you guys think, I'm certain you'll have considered this already.

The main tradeoff with Mutiny seems to a malicious update that could in theory rug users, at least in the PWA.

Are there plans to mitigate this (is that even possible!?). Guessing the obvious one is to run a native app version, but curious to hear your thoughts.

Reply to this note

Please Login to reply.

Discussion

Avatar
Cyph3rp9nk 2y ago

#[5]

Avatar
QnA 2y ago

🙏

Avatar
sommerfeld 2y ago

I'm pretty sure they said it will be fully FOSS, meaning any uncle Jim will be able to self host it him and his friends. In that case, you control the update schedule.

ae
Fallow Snowden 2y ago

Can anyone indicate an online BTC miner that pays and actually mines at the correct speed?

Avatar
Carman 2y ago

Someone could push a malicious update with a naive app too.

We do have plans to mitigate this. You can always self host it (we're partnering with some providers for a one click deploy). Also we want to do some stuff where it'll only update the wasm binary if it is signed by us.

Avatar
QnA 2y ago

At least with the app the user has to tap a button to update (if they have auto updates off ofc).

Thanks for the info, knew you'd have something up your sleeves.

Avatar
Paul 2y ago

PWAs have a way of caching their dependencies and logic for how that cache gets updated. We want to hook into that and give the user a chance to opt out of automatic updates, but haven’t built it yet. Ideally the user can check some “update bundle” against a signature from us but a ways to go before we have that.

Avatar
QnA 2y ago

Thanks Paul!