Okay, the new #Freerse is very good.
#Nostrudel still unbeatable toolchest and web client of choice, with #Coracle my fall-back.
Discussion
Where is the source code?
Ask #[4]
It's not open source yet. Thinking about open source. Are people reluctant to use closed source clients
Yeah, it's a good-will gesture, basically.
For our own project, we've been thinking about always opening the source of the previous version.
That way people can't just instafork the cutting-edge, but the curious can snoop around, and pull it to run themselves or build an offshoot.
Trying to find some balance.
I think FOSS is also a cultural thing here because of all of the Bitcoiners and Nostr being an open-protocol.
We're a bunch of IT suits, but we're trying to blend in and pretend to be hoodies. π
π€£LOL, I'm also first involved in an open source protocol. I used to do Internet products. Because of the attraction of Bitcoin and Nostr to me. We started the development of Freerse. My mind is full of questions about the product experience and the direction of the product. I want to develop the final shape of the product. Consider open source initiatives.
I've always been in more B2B or embedded, or in-house development, so open source wasn't an issue. We had quality requirements, instead. I've noticed nobody expects open source stuff to be any good.
We published some source code, but it's dry C++ utility stuff and nobody wants to read it. π 5000 characters on relay management and some unit tests.
Nostr users have a habit of looking at the source code. Most of the early users were developers. Help each other check for code and bugs, and make constructive suggestions. I think it's a very good collaborative atmosphere that I haven't seen in many places.
If you publish the source, we'll read it and respond constructively, and if it passes muster, we'll link to it from our website and give you some publicity.
We aren't planning on building an Android app, so we were looking for one to promote, anyway.
Deal?
You presented me with a difficult problem. Because our initial consideration is to wait until the product has reached our desired finished product form before considering the open source project. Maybe not something we should be thinking about right now. But we will consider your suggestion carefully. π« π
Yeah, no rush. π€
We wouldn't be ready for another couple of months, anyway.
Just wanted you to know you'd get something concrete in exchange for transparency. We're not just trolling like "Sauce?"
We actually do read other people's code and we understand what we're looking at.
Thank you for your sincerity and sharing.π
Yes
Agree. Seems to be the main complaint.
π€Thank you for your feedback. Is it because it's not open source and unsafe? Open source does not seem to guarantee that the latest version is safe from security risks.
I don't trust closed source software, because what is the reason for hiding it? What data is in the telemetry, and do I have to trust a promise with no ability to verify? What is the source of entropy used in key generation? As you mention, are there hard to fix security bugs that can be swept under the rug? What happens when it's end of lifed or it takes a bad turn, like selling out to or partnering with Big Tech? Is there any government contamination taking place that the developer is not at liberty to disclose? Things like that.
Would you value a service where experienced analysts and developers examined the code and tested the software dynamically and then published a rating or report?
Like, would you pay for that?
Although I have the skill to read code and compile it and change it, and sometimes do, it would be a lie to say that I do that for all the software I use. Nobody could practically do that. So then of course trust is involved and the question is where do you place that trust. For me, I want to for example browse who the developers are, look at the code base and where it came from, how actively maintained it is, and look at the community supporting and using it. I think any non developer can do that, and knowing that other people with technical knowledge are also doing that, adds to my confidence that it is software I would be willing to use.
Okay. That was interesting, thanks.
We don't read all of everything, either. Even a service would have to focus on one app in one version, at a time.
Closed source prevents forking and allows you to time your release strategically.
Really big, popular products like Linux, Bitcoin, or even Amethyst and Damus have name-branding, so they have a different strategy.
What is wrong with forking?
Nothing, when it's someone wanting to self-host or build something novel on top of it.
I think the majority of users will wait for official releases versus installing a half-baked fork.
I'm not talking about individual users. I'm talking about anti-competitive practices from larger competitors.
People are free to fork our stuff, but it's so infrastructure, service, and PoW heavy that forking and β¬10 will get them a Big Mac.
But I totally understand why someone making a standard Android client would be more cautious.
If I want to excercise "anti-competitive practices", I'll curb my dignity and launch Google Play. install it from there and export and decompile the apk.
I could have done this from security analysis perspective as well, but the point is, open protocol client should not require users to do that. Stick to twitters and blueskies with that corporastic mentality. Open protocol β open clients and servers. Period.
There's a difference between obviously stealing something and using something that was openly published. The former is more of an outrage and will get you bad press and possibly damage your brand.
At any rate, that's like saying we shouldn't lock the door because someone could break the window.
Internet encourages vaults and bunkers instead. If you don't want your tech to be stolen (whatever you mean by this), don't publish it anywhere in the first place.
Besides, reverse engineering is not stealing if it's not done for any profit but just to make sure this is not malware.
The challenge is to make it available to the well-meaning, while making it unprofitable for the larger competition.
That's why I like the idea of open-sourcing the previous version.
I like how OsmAnd developers did. On Google Play, there are two versions: just OsmAnd (free of charge with some map count limitations) and OsmAnd+ (paid, without limitations). On F-Droid, there is OsmAnd~ (free and without limitations). Like, those who don't know about F-Droid and are fine with Google's spyware must pay for their ignorance.
That's a good model.
Harder to do with an SDK, tho.
It is not a problem at all if your business model isn't solidly based on selling thin air and if you are not planning to suddenly rip off your userbase in the future.
This ripoff can be in the shape of Telegram Premium, but it also can be in the shape of Atomic Wallet, if you know what I mean.
Honest and large FOSS projects often offer paid support and other bonuses that don't hamper the trust in the main codebase.
As you note, l-a-r-g-e FOSS projects. People keep comparing an Android Nostr client with 1000 users with Linux and Bitcoin. Those are two completely different markets.
Smaller projects are more vulnerable to having their ideas stolen because they have no brand protection and a tiny userbase.
Which ideas are you talking about? This is just an Android Nostr client. Whoever wants to steal its ideas won't have to wait until it becomes open-source. Most liekly, they won't even have to reverse-engineer anything, they will just look at it. It's not a big effort to clone any client if there is enough motivation. Which motivation is here? Insert your own ads or what?
Meanwhile, freedom-loving users are tied to Google dependency or forced to fetch some outdated version from Aurora. Nah, I'll use Amethyst from F-Droid instead.
Yes, keep using Amethyst. I think you're not very freedom-oriented, if you're using that Big Ball of Mud containing health data next to a Tiktok feed next to a marketplace next to a magazine reader next to....
Literally all of the Nostr functionality ever invented, from one programmer. LOL
There's more than one criteria for freedom.
On Android, I use Amethyst solely because Nozzle plain sucks, and I don't see any FOSS alternatives as of now. I didn't even open that tiktok-like and marketplace tabs a single time until you mentioned them.
He's putting literally everything into one app (even healthcare data, that was my last straw) and everyone is just downloading it, without a care in the world.
He releases too quickly for anyone to read it and don't hold your breath for test results.
Separation of concerns is a form of safety, after all.
I don't see healthcare data anywhere in the app. Marketplace, Live, Community, Chats, Notifications... Did I miss something? Version 0.85.3.
Anyway, please offer something better at the moment. Something that I won't have to decompile.
Check out Spring browser (https://spring.site/).
Let's you use any Nostr web app on mobile, I prefer Nostrudel.
Same. Like Nostrudel a lot.
Android native, rather than PWA?
There isn't anything. I prefer to get involved in Freerse and encourage him to open up. I am willing to wait a bit. I can be patient.
He announced it here. It's the "FHIR Payloads (kind:82)" listed on his GitHub. That stands for Fast Healthcare Interoperability Resources.
He's creating a social media app as a gateway to his healthcare/vaccine-pass app (where the Big Money is, and a massive supply of captive users, and not just some plebs zapping).
Another vote for yes π
π€Thank you for your feedback. Is it because it's not open source and unsafe? Open source does not seem to guarantee that the latest version is safe from security risks.
Personally I've been using Linux and open source software for 20 years. I try to use and support open source software at every opportunity.
As for the rest of Nostr, it is still a tech/dev crowd. It is also rooted in the bitcoin community, where open source is seen as important obviously. In a community where freedom is one of the main selling points, I think software being open source will always be important. Don't trust, verify and all that.
Well said, thank you for sharing π
Yes, because everything is a trojan until proven otherwise.
Thank you for your feedback. Is it because it's not open source and unsafe? Open source does not seem to guarantee that the latest version is safe from security risks.
Hey, if he published it, would you be willing to read it and give him constructive feedback? Like a code review?
Here is a different point of view
note10pc79kvvtt5g48rgqxrpem8emnsv2catwq2dqa6m7r0y70xg2jsquuqwhl
π«π«π