there are many reasons. It makes the code signing path asynchronous which greatly increases complexity in all of our code paths.
Not being able to mix in data into nsec in different ways prevents us from integrating our one click setup wallet.
The ux flow for signing seems pretty bad, needing to switch apps to approve things, when this could be done within the app instead.
Mine is synchronous. And again people are doing the flow. Things can always improve. But you are not in a space that users are willing to play by these rules.
nostr:nprofile1qqsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpz3mhxw309aex2mrp0yhx5c34x5hxxmmd9uqsuamnwvaz7tmwdaejumr0dshszythwden5te0dehhxarj9ekxzmny9u0ljp2l I like you a lot and I support a lot of what you do. But, it is so very clear by your stance on this how much you've been influenced by apple gatekeeping by developing in that space for so long. I'm zapping you anyways as a thank you for your work. You should consider adding flows that enable the user with more choice. More secure choices...
Apple is a walled garden - that doesn't mean gardens are bad
no you just don’t understand what i am building. It will be more secure on a whole when there are thousands of dynamically loadable non-web nostr apps on a browser with a built in signer.
I think the problem is we already have something really secure and you're asking is to leave it to trust yours. Even if I do trust yours, and I'm keen to, I still have to leave my solution that already works for me and use a separate solution. Adding another thing to keep track of for me.
notedeck apps work on all platforms, so you will need to do this regardless when you open up the app on other OSs. The point is we need a solution regardless.
Our signing solution can be just as secure or more than amber via an associated sub-service with no internet access.
Yes but only for your apps. I don't doubt that you can make something secure.
only for my apps? this will be an open development platform.
What do you write notedeck apps in?
right now its rust but eventually want to do something wasm based
Wasm is really cool
ASM is cool. WASM is retarded.
Yeah the goal is just point it at a website or maybe even reference apps via nostr notes pointing to blossom/web servers. Then you could share apps over nostr and load them dynamically.
This would allow anyone to write notedeck-level-performance native apps without web baggage.
idk how much history of programming you are aware of but i have personally witnessed the stagnation of technology for about 20 years.
in my teens i saw things done in software with a 7mhz processor that still hardly can be found anywhere today, 3 decades later.
like tear-free animation. flicker free sprites. sound without dropouts. applications without obnoxious retarded rockstars posing as their progenitors.
Okay but I think you're missing my point that it'll only be for apps developed on your platform.
I don't want one click anything. I'm an idiot, not a moron.
It's not hard to approve things in amber. I enjoy seeing a popup alerting me to something that's new and needs my attention and approval.
Quite frankly, I see no reason to trust anyone, even you, with my nsec, which, for the record, is more important to me than the seed phrase on my cold storage stack. Which, bee tee dubs, is harder to wrap my head around than "copy and paste one thing, hit approve, and you're good to go."
So, asking people who DO NOT TRUST to "trust me, bro" is silly at the very least.
Look how much we evolve.
We have apple's "one click, dumb people" into in the android ecosystem now.
What a great time to be alive 🙌
In your current setup, how many people do you have to trust (aside from Amber)? Is it not all the makers of the hardware of your phone? We can't zoom in to consider only one part of the stack as needing to be trustless. Looks to me like Will is trying to make more than one layer of the stack, and doing it himself so that it can be trustless (as possible) (for him). Fun to watch.
I was really just trying to solve the “need to install a browser plugin or app” barrier for normies. To do that i had to build an entirely new browser not based on the web. Might be crazy, but we’ll see.
Very few. I run custom ROMs and Linux, which is about all I can do and still be connected. If that becomes too much, I'll just disconnect be annoyed for a while but get over it.
I don't fully trust will. Or hazard. Or Vitor. But I certainly don't want to trust any of them fully with my nsec. I have to trust something to start, and that is amber, but I prefer that since that's offline and not popular enough to be a target of hacking at this point. It may, in the future, and that will be something to figure out.
I can't code any of this, but I certainly have an opinion on how I want to interact with nostr clients in general. I understand more of why will is doing things the way he is, but I'm not going to use his stuff if he doesn't support nip46 signing. His objections have one good point and the rest is just being a bull-headed iOS conformoid.
The first paragraph of this is so true.
Non-dev people or ppl who haven't tried to bring a nostr app to MVP level don't understand how complex it could get to deal with async signing and encryption.
E.g. you have an ecash wallet that synchronizes state (encrypted tokens) to relays as a backup and publishes nutzaps(signing). Now consider ALL possible footguns when new #ecash tokens are minted and #Amber connection gets flaky or lost.
Good luck.
Amber just draws over the current add when it needs you to sign, you don't leave the app, have you tried it yet?
You don't need to switch apps. It's up to the user to choose if they fully trust the app or just some permissions just like Alby extension
Indeed, priv key mixin should be a feature for NIP46. The async logic would work for nsec-present, too, just faster. NIP55 approvals happen - of course - on the trusted app with the keys, not in your app. Consider it a popup controlled by the wallet.
