Please note: Any inquiries about jerky or orders should be emailed to me at:
bjw@ketolish.us
Today I had a couple people tell me they sent a DM and I didn't respond.
I'm ultra-responsive and always reply if I get a message, usually within the day, if not a couple hours, so if you sent me a DM and did not hear back, something's wrong.
I've used Amethyst and Nostrudel for DMs but they are not always running on the same relays. Always email for business inquiries.
Thank you 💕
I totally get devs struggle with DMs but maybe they dont realize the impact of ignoring it for so long.. it hurts the nostr economy. If their businesses depended on using nostr for communication, they would fix it right away with nip17. I struggle to communicate and payments too, much of the reason is these DMs dont make it to the intended recipient while simultaneously leaking data. loss loss.
wall of shame nip04: damus, primal, nostrudel, nos social.
today i learned it's because they don't really understand cryptography or signals intelligence at all
it's a teachable moment, recognising this, i hope y'alls who are less abrasive than me will understand what i'm saying, they don't understand the cryptography or the signals intelligence aspects of it
that is,
they don't even realise there is no such thing as a cleartext attack on any brand of AES encryption
they haven't even thought about the idea of app specific configuration data being separately encrypted with a second key or password
the one that threw this in my face and made me realise, literally his app publishes your app configuration in the clear
it's not so much about what nip-04 involves, that is just the encryption
nip-44 adds giftwrapping to it for no reason, and it uses a weird custom HMAC and chacha cipherblock function for no reason when AES was just fine actually, and DMs in nostr events DON'T NEED HMAC that's literally what ha hash (ID) and signature are... you don't even need to have a hash check on the messages, again, it's in a hashed and signed fucking data blob
i don't mind so much the use of the chacha block cipher instead of the AES (rijndael) cipher but it's all a bit much of a muchness... chacha-20 is definitely more secure than even SHA256 for cipher block streams but we are talking about 1000 years versus 5000 years it's not that big a leap
nip-65 is what concerns where DM messages are sent to, and should also take part in other private data like user state information, Application Specific Data
there is too little basic understanding of how symmetric cryptography works, and the role of ECDH in shared secrets, and some actually understand these things, double ratchet and MLS but these extra things are cake
the important things:
strong encryption :check:
sending data only to where the receiver wants it :X:
NOT MAKING IT COMPLICATED TO IMPLEMENT :utterfail:
People DM me asking how to order jerky, and I either don't get their message, or they don't get my reply.
Please do not DM me. The apps are infamous for being spotty on DMs. If you don't hear from me almost immediately (or a couple hours), then the message was not received, period. I'm a very responsive person and not flaky.
Always always always (ALWAYS) email me bjw@ketolish.us
Thank you.
