Why did I vibe code Zappix?
Because I've been saying since the TikTok ban threats that Nostr needs a viable TikTok alternative. I also think we need a viable Instagram alternative. Every single day more people get banned from these two platforms and start looking elsewhere. š©
Where are they looking? BlueSky alternatives! That honestly upsets me. I feel like Nostr is missing out on mass user migrations again and again. We might be the better protocol, but it doesn't matter if we don't have the tools to showcase it.
The masses don't want web apps though. They don't care about PWAs. They want native applications. I can't vibe code that... Yet. š
We have some current solutions, but they're all alpha at best. I have incredible high hopes for Olas from nostr:nprofile1qqs04xzt6ldm9qhs0ctw0t58kf4z57umjzmjg6jywu0seadwtqqc75spz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9mhwden5te0wfjkccte9ec8y6tdv9kzumn9wshszxnhwden5te0wpuhyctdd9jzuenfv96x5ctx9e3k7mf0dv4ph5. I have incredible high hopes for Freeflow from nostr:nprofile1qqsx8lnrrrw9skpulctgzruxm5y7rzlaw64tcf9qpqww9pt0xvzsfmgpr9mhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5q3gamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7qgcwaehxw309aex2mrp0yh8xmn0wf6zuum0vd5kzmq82esgy. These guys are talented developers that have deep understandings of Nostr and application development. Maybe they need more time, resources, or fires. š„
Therefore, it's my hope that nostr:nprofile1qqsxjvepw89pg6y44hlxse3mez0rvh80t7uh54rcp2axl65t40aj6sgpzpmhxue69uhkummnw3ezumt0d5hszrnhwden5te0dehhxtnvdakz7qgawaehxw309ahx7um5wghxy6t5vdhkjmn9wgh8xmmrd9skctc9xsxm6 is able to stir up interest in these media formats and get more people using them and talking about them. Its my hope that new interests spark and help drive the narratives for native apps. That's what the masses want.
Apparently nostr:nprofile1qqs8d3c64cayj8canmky0jap0c3fekjpzwsthdhx4cthd4my8c5u47spzfmhxue69uhhqatjwpkx2urpvuhx2ucpz3mhxue69uhhyetvv9ujuerpd46hxtnfduq36amnwvaz7tmwdaehgu3dwp6kytnhv4kxcmmjv3jhytnwv46q6ekpnp is on the path already with Nostr Vine. I love that we're on the same wavelength here. I can't wait to see it when it's ready.
Keep building. Keep vibing.
Fix Nostr login on mobile, and PWA will be unstoppable.
The āmassesā donāt give a shit about native apps or web apps. People care about usability, and they will LOVE the interoperability that Nostr provides across apps.
Apps with links to other apps, instant login without download and install from a KYC App Store, and āI donāt know what app Iām using, it just worksā ā¦ this is how web apps will win.
We ājustā need to fix Nostr login for the mobile web.
Nostr login on the web works just fine if you're using nsec. Using extensions and keys work fine too, but they add an unknown level of complexity for newbies. They don't do that.
Extensions add complexity ā¦ and also ā¦ bugs and inconsistency. Extensions donāt always work as expected on mobile. UX is broken ā¦ on top of being ācomplicatedā.
Pasting nsec around (while always a reliable login) is not great for a number of reasons.
Mobile web login will be fixed once the UX is : ālogin once on web and stay logged in across appsā. No extensions. No compromised nsec. No hassle.
nostr:nprofile1qqsrs7xetkmms4xr5rfm944hh7dl9zekzc47vsex74fphfcu7w6956gpr9mhxue69uhks6tkv46xzmrt9ehx7um5wgcjucm0d5q3jamnwvaz7tmswfjk66t4d5h8qunfd4skctnwv46z7qg5waehxw309aex2mrp0yhxgctdw4eju6t00n89td and I have discussed this and thought the NIP-98 could be used for that.
HTTP auth (NIP 98) ā¦ is an interesting approach. So a user (somehow) authenticates their nsec with a web client (still havenāt fixed this part) and this client then lays an auth cookie in the userās browser which can be validated by other clients? And what about when these other clients request āadditionalā permissions not covered by the cookie? Seems tricky to handle Nostr auth without actual live access (somehow) to the nsec for signingā¦?
See reply to derek above
Yup i wrote this demo in js last year since there was only a C# sharp demo. There are actually 2 repos and it makes sense from the backend. Can also use nip42 auth afaik.
What does it mean to have āauthā?
Well ā¦ it means the browser user who claims to be pubkey actually is in possession of the private key. Nothing more.
So, how does this work?
> ā- redirect to another site with authā
Well ā¦ it means that the āother siteā can use āauthā to allow CRUD operations within the āblack boxā of their āother serverā. Nothing more.
This is usefull for black box apps to interoperate alongside Nostr, but NOT for āsign Nostr events across sites with a single loginā solving for the mobile login problem.
Am I missing something?
