Nostr Web Client

Replying to

🇵🇸 whoever loves Digit

I WEAKLY RECOMMEND these apps (first recommendations I've made yet) -

* Stagenet version of Garnet by developer retnull / retrnull, of unknown npub

* Nostrudel.ninja by nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr

* Amber by nostr:npub1w4uswmv6lu9yel005l3qgheysmr7tk9uvwluddznju3nuxalevvs2d0jr5

* Nos2x by nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6

* Nos2x-fox by nostr:npub168nqgewzkamnyh53x0epqrftkv2pdh9gzr6558v4vetzr3w7uxfs63926e

Why are these WEAK recommendations?

To you, maybe all my recommendations should be weak because I am not a coder, cryptographer, or mathematician, and cannot review code for security issues at all.

To me, these reasons:

* These are all on GitHub without even backup links to the work of nostr:npub1m4ny6hjqzepn4rxknuq94c2gpqzr29ufkkw7ttcxyak7v43n6vvsajc2jl

* Garnet - using Monero for tips might break its anonymity, the bounty on a monero-based nostr client might be a deep state bounty connected to the IRS bounty for cracking Monero, it's weird that there's a Monero-based client before a dogecoin-based client. The availability of a Stagenet version at least shows self-awareness of this being experimental 🤙

* Nostrudel.ninja - I can't get discovery feeds to work, I see others report other issues, the project could sorta be considered "stretched thin" but that's also exactly what got it in my recommendations

* The others - I'm paranoid in general and none of this stuff is designed the way I would design it so it's hard for me to strongly recommend anything at this experimental prototype stage.

These aren't the only apps I would ever suggest using, or use myself, or onboard someone with, but they are the first ones I've noticed seeming more worthwhile (or less untrustworthy) than others.

🇵🇸 whoever loves Digit 1y ago

I hereby revoke my recommendations of Garnet and Nostrudel in light of Garnet turning out to be malware, as revealed by at least two contributors using the worst possible git and seeking feedback from its users instead of nostr users.

Amber and nos2x still seem cool, but pointless without any recommended clients to sign in with, so these recommendations can basically all be considered invalidated. I'm glad I was very careful not to "strongly recommend" anything.

Nostrudel was already known to be malware since it had zaps without any real cryptocurrency tipping, but its malice seems mixed with good intentions, and it would be worth weakly recommending under the pretense of having one of the widest ranges of functional features out of all the apps in an ecosystem which itself is, as a bigger picture, worth weakly recommending. Without an ecosystem worth weakly recommending, it's just the most functional app in an ecosystem of dysfunctional malware trash, not worth any level of Recommendation™

Reply to this note

Please Login to reply.

Discussion

Nice and Kind Vic 1y ago

Can you elaborate on what you mean by "as revealed by at least two contributors using the worst possible git" ?? I'm only seeing a single code contributor to garnet (retrnull).

Amber can be used to sign into Amethyst.

NOS2X is a browser extension that can be used to sign into many web oriented nostr clients, including Nostrudel, Corny Chat and others.

Are you suggesting that Bitcoin, which zaps are referencing via Lightning, is not real cryptocurrency?

🇵🇸 whoever loves Digit 1y ago

Not two code contributors - one is doing graphic design. They were "approached" to make an icon. That's two nyms seeking feedback on a nostr project but not from nostr - no nostr threads, they don't even have npubs copied and pasted in their threads. I'm more upset at the nostr community (and embarrassed with myself) for tolerating and promoting behavior like this than I am at these 2 people working on an interesting project, but it's all quite frustrating to me.

Amethyst is (probably benign) malware based on its tipping implementation, like most nostr clients. I'm pretty sure the amethyst project is also centered on the worst possible git, another malware red flag. Amber and nos2x are (also probably benign) malware for similar reasons. Same with nostrudel, corny chat, and others. Pretty much all modern software is malware, most of it is pretty benign but I hate it.

Bitcoin is a real cryptocurrency. Lightning is, well, a real cryptographic currency, but when we shorten that phrase to "cryptocurrency" it's supposed to mean something which takes inspiration from Bitcoin to use cryptography for the sake of functionality as a currency. If every currency that uses cryptography is a "real cryptocurrency" then I'm pretty sure every currency is a real cryptocurrency since every central bank probably has used PGP for at least one email in its history.

🇵🇸 whoever loves Digit 1y ago

I apologize if my other reply comes off as disrespectful towards you for being a lightning fan or if you're a GitHub user. You being a lightning fan is part of why I hope you'll draft a good NIP for Monero tipping, and if you're a GitHub user that also helps in that area since the nip repo is on GitHub.

Lightning is centralized and designed to attack the cryptocurrency ecosystem, but that's pretty much all I know about it. Your deeper understanding of lightning is essential for nostr's advancement because I don't know as much about how zaps work and it would be nice to have the Monero tipping NIP be respected and integrated by the lightning fans that run the NIP repo, who you surely get along with better than I do.

Saberhagen The Nameless 1y ago

"Garnet turning out to be malware"

???

What give you this idea? Can you show me who said this and their proof of this?

🇵🇸 whoever loves Digit 1y ago

Me. It's probably "benign" i.e. probably won't steal the user's Monero but the red flags I was looking past when I recommended it got 10x worse and I don't trust it now.

nostr:note1rl4qtd3a9qgngwz3ed8kt2veypllmpzaw2ks8ptsxmpvcvusdsxqyyt0mq

Saberhagen The Nameless 1y ago

What specifically in the code is malware?

There's only one or two users working on it because it was created from a relatively small bounty (very common for most bounties) and was largely under the radar until maybe a week ago...anyone can read the code and make pull requests and contribute any time they want. Hopefully more attention brings more users willing to help work on it.

🇵🇸 whoever loves Digit 1y ago

I don't have specific knowledge of what's in the code that's malware. I'm not a coder and can't review code.

It's what the code is in that's malware, that I have specific knowledge of - as I mentioned: the worst possible git.

It also seems like a malicious copyright claim might be building up, furthering the severity.

There would be less than zero reason to be surprised if this app spies on users and very little reason to be surprised if it steals monero from users based on its level of malware, so I can't recommend it.

I also must repeat, I'm very tired of the nostr community tolerating and promoting shit like this. It's been what, 8 FUCKING YEARS since Microsoft acquired GitHub? We need bird flu to kill people harder than COVID because this species is fucking dumb.

Saberhagen The Nameless 1y ago

Do you mean because it is on github? I agree probably not the best decision, but it's not like that is some outlandish thing among FOSS apps. Even Bitcoin/Monero have githubs.

"malicious copyright claim might be building up" What are you referring to?

Its brand spanking new, so I'm not saying you're wrong to be cautious, or even avoid it until more attention and work is put on it, but I at least haven't come across any reason to suspect Garnet is malicious.

🇵🇸 whoever loves Digit 1y ago

Because I'm angry at the community and it's hard to stop it from seeming directed at whoever I'm talking to, please let me inject this in the beginning of my reply: thank you for taking the time you've taken to discuss this.

Bitcoin was made long before Microsoft acquired GitHub. Not 8 YEARS AFTER. Satoshi Nakamoto wasn't even around by the time Microsoft acquired GitHub. Satoshi Nakamoto didn't have nostr. Bitcoin and Monero's devs should not have those projects on the worst possible git at this point, it lends itself to the argument that they're malware too.

And it's obviously worsened by all of these facts: that despite Garnet being a nostr client, these people working on it are using the worst possible git as a replacement for getting feedback from nostr users, instead of a supplement; that despite it being a nostr client, there is nowhere to report issues on nostr; that despite it being a nostr client, there are no nostr copies of the discussion threads on the git and on bounties.monero.social; that despite it being a nostr client, there aren't even fucking npubs copied and pasted in the threads.

These facts are ridiculous. If we're very lucky, Garnet is a good project and it's just the community encouraging shit like this that's causing devs to engage in such fucked up behavior. If we're not so lucky, a malicious copyright claim is building up where retnull wants to controll the Garnet name and use it to suck up oxygen from other similar projects while stagnating the development of Garnet so that nothing gets developed in this area. If we're very unlucky, retnull wants to build a honeypot that somehow ends up implementing spyware backdoors or worse, coin-stealing backdoors. I hope we are lucky, and if so, I'll be relieved to see proof in the form of retnull being an early adopter of ngit.

🇵🇸 whoever loves Digit 1y ago

Typo: control, not controll

🇵🇸 whoever loves Digit 1y ago

It's really hard to find quite perfect phrasing here. It's extremely relative; virtually all code is malware since virtually all coders are either malicious or make mistakes based on disinformation from other malicious people. But sometimes good faith efforts outweigh mistakes and the malware element seems canceled out. In this case, I have a bad feeling about my recommendation.