Most app development in modern languages have hundreds to thousands of dependencies. All are usually hosted on a centralized repository, and most don't verify signatures from developers. Here we are... 🙃
I removed the primal relay today as well. Not getting spam from the free Damus relay. I think the rate limiting that nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s put in place helps a lot. At least until spammers go full blast and start using proxies to spam.
Yeah this spam seems to be holding back a bit to what it could be.
Cool, I don't use damus, checking out notedeck though, so this would be a reason for me to join the purple subscription.
cc: nostr:nprofile1qqsdmxucnhl9uzzq4yjn3ulflp8kwnjlz74styewlwktfk8xeyzlxqspp4mhxue69uhkummn9ekx7mqppamhxue69uhkummnw3ezumt0d5q3gamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7sxrm4x and nostr:nprofile1qqsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpp4mhxue69uhkummn9ekx7mqprfmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdaksz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcgek0h3
Is there a paid damus.io or primal.net relay?
Just removed relay.primal.net from my relay list, it was getting spammed, but would like to add a paid replacement.
Looks like relay.primal.bet is as well.
Removed nos.lol from my relays, it was getting spammed. 👋
As Nostr communities grow, it will be increasingly more important to move to all paid, web-of-trust and self-owned private relays. I think we are almost at that point.
I'm looking forward to a solution right here on Nostr with media hosting and relays that are self-owned or paid with clear terms, or both. Some folks are working on solutions, I am not sure how far along they are though.
"If you don't believe me or don't get it, I don't have time to try to convince you, sorry." —Satoshi Nakamoto
GM. HAVE A GREAT WEEKEND 🤘🌞
Yup. Vendoring dependencies helps. The underlying OS will change though, usually for the better.
What if a state wanted the perception of inflation to seem less than it was and subsidized huge percentages of crops so it seemed less expensive?
For folks with larger followings, they can let people know on their podcasts via RSS. For others we can tell friends via Signal, SimpleX, GitHub and etc. perhaps some others?
And yup, an attacker could change the profile to anyone. They could impersonate someone else and with some credible WoT.
How do you let others know?
If you find out your Nostr private key is compromised by an attacker, what is your plan to recover?
Yeah, a self-hosted paid relay could still store archived versions of old notes even if the private key from it has been compromised by having another key "sign" for them, essentially.
WOW... JUST REALIZED... THESE TYPE OF ATTESTATIONS COULD PROVIDE SECURITY TO REPLACE DNS.
If a private key of an account is compromised, this type of verification/attestation helps with the recovery as the Nostr Address (NIP-05), name and other new metadata (like additional keys) can remain uncompromised and still useful to determine who the profile originally was before the compromised private key of the account, as it could change. The orginal author can also inform others of the compromise by revoking the key, changing the NIP-05 and etc. If additional keys were added to the users metadata, the revocation could include signing an additional message (including an honest new profile).
First book he wrote after he left politics is pretty good,
"The School Revolution: A New Answer for Our Broken Education System", talks a bit about why he left.
I am not sure how the linking would work between the previous npub and the next npub for clients or relays for all previous events.
Especially considering that everything from the previous key can't be trusted anymore, as an attacker could post with any timestamp on notes/events.
Perhaps the next npub could make a merkle tree of all the valid events from the past, and sign the root and provide proofs — this might get complex quickly though.
An npub could have a bootstap archive of events to "spawn" a new identity?
It's part of a drafted NIP I've been working on.
Nostr Secure Identities UX wireframe! 🔒
I don't think so. It's to recover from a compromised private key rather than a lost private key.
FULL SEND 🤘
All attested to values of another user's metadata are duplicated and stored in the attestation event. The event is either encrypted or public. For a user's own attestations, a lock icon could appear on the profile image; this would be awesome, I think.
Read the specification at:
https://github.com/braydonf/nips/blob/beaa4f6971c313612ff5c4c1a0d9d30ecd4908d3/xx.md
Implementation of two new events:
https://github.com/braydonf/go-nostr/tree/d7e124ea994ffa4c17f6561c15bf81deb355b353/nipxx
Pull request for the NIP:
https://github.com/nostr-protocol/nips/pull/1452
Seeking feedback and comments!
Could gift-wrapped DM requests have ecash as a means?
Obtainium takes a bit to learn, mostly about what URLs will be understood as a source.
GitHub and GitLab repos with releases will work, for example with Amethyst:
https://github.com/vitorpamplona/amethyst
You can use F-Driod URLs:
https://f-droid.org/packages/com.termux
And then others like Signal with just:
There isn't a directory to search for apps with Obtainium. So it is necessary to use search engines, repositories like F-Driod and etc to find apps.
You can install from pretty much anywhere, except Google Play (it requires a login, not sure how Aurora Store does it).
The GrapheneOS App Store is used only for the apps that come with the OS and other system updates.
I've moved almost all applications to be installed via Obtainium instead of Aurora Store (Google Play) and have removed F-Driod (although many Obtainium apps pull from the repository still). Down from five installer apps to four, it's not much, but it's a step.
Here is how I post to only one #nostr relay at a time.
Tap + in #Amethyst
Type shitpost
Tap the circle relay icon in the top middle
Select the one relay you want to post to
Tap save
Tap post
If you only select the same one relay to reply, it doesn't broadcast any further.
This note is sent first only to nostr:nprofile1qqsr7acdvhf6we9fch94qwhpy0nza36e3tgrtkpku25ppuu80f69kfqpz9mhxue69uhkummnw3ezuamfdejj7qgewaehxw309aex2mrp0yhx6mmddaehgu3wwp5ku6e0qythwumn8ghj7un9d3shjtnwdaehgu3wvfskuep09ujrmw #nostrelite relay
Didn't know there was this feature.
Sounds like it's from Anatomy of the State.
A cool feature of using `git` for dependencies is that you can verify signatures of the commits when pulling them into a project.
If you're setting up a private Nostr relay with strfry, you can use this small plugin to only provide write capabilities for your own pubkeys.
https://github.com/braydonf/strfry-writepolicy
It uses the strfrui library that can do a lot more if that is needed.
Still not working w/ ntfy.
Want to listen to a podcast with no ads, no md-rolls, no intro's, no outtros?
Gotchu, via the Fanfares app.
You can purchase the raw audio for 2100 sats ($1.35)
The episode is with @daylight computing.
Learn how you are being down-engineered by your SmArT PhoNE and what you can do about it.
@AnjanKatta @bitcoinand_beef
https://fanfares.io/player/5d8f19de0a40acd7b18f35e209aee85f743f8901a945a5d6e48bd2d9fc73374c
Why require a login and a wallet connection (currently only alby) to the Fanfares web app? It could be much more simple; send 2100 sats from any wallet and view/listen.
So apparently nostr:nprofile1qqsxvns8pl39uakaema9fy5uphjzajkssyqfx5r7yn0yvgs828xm02spzdmhxue69uhhqatjwpkx2urpvuhx2ue0djmwfv doesn't work with GrapheneOS w/o Google Play Services? The approximate location doesn't work, can it work without?
Signal 👀... It would also probably cost a lot less for the infrastruture.
GN.
Difficulties can make us stronger. ✌
- Principles of Economics by Saifedean Ammous
- Anatomy of the State by Murray N. Rothbard
- Fiat Food by Matthew Lysiak
- Free Software, Free Society by Richard Stallman
One way, if you're on Debian/Ubuntu or similar, is from the terminal:
qrencode --type png --size 256 --output
There are other output types such as "ansiutf8" that can output to the terminal.
Quietly released over the past few days, nostr:npub1a2cww4kn9wqte4ry70vyfwqyqvpswksna27rtxd8vty6c74era8sdcw83a has a new narrated animation video summarizing her book, Broken Money. It’s beautifully done, and a great start to her new YouTube channel, Lyn Alden Media. Thank you for all you do. Your work is having a positive impact on people around the world.
Looking forward to try running this soon:
https://github.com/ACINQ/phoenixd
It could be a great, quick to setup and maintain option for use with an LN Address to accept payments for goods and services on Nostr.
It's essentially custodial gold held by the U.S. Not sure of the popularity.
I made a simple LNURL thing for nostr:npub148qm45zettnf6ekgkatnyfadunxwjpu8sy88mjdsgwc5f202d93qmejra7 ‘s new phoenixd
https://github.com/AngusP/phoenixd-lnurl
Has a tip page and supports a LNULR-pay address
Cool, was working on something similar for Core Lightning and LND (plus others).
I am kinda surprised that watchtowers for running a Lightning node haven't become more popular. Perhaps LSPs are providing some of that functionality as well as providing inbound liquidity? It seems that if you're running you're own node on your own hardware, not in a datacenter, you'll still want to have a watchtower (perhaps your own) that is run in redundant datacenters with backup power and internet.