Webview is more vulnerable for side-scripting attacks and such than other techniques for sure and I'm not against optimizing for security. I'm not really against having a native client either, quite the opposite. I just don't think there are that many native linux clients out there and this approach isn't too bad. It does give me well performing local client.
I don't know if it is even that much faster when most of the delay is loading content anyway. I think that webview is well optimized for showing this kind of content and strfry performs really well.
Tere aren't that many native Linux clients either. For me Gossip was pretty unstable and crashed couple of times when I tried it. Don't get me wrong, noStrudel is no perfect either but haven't had it crashed like that.
Isn't it better to run a native desktop client at that point?
nostr:npub1acg6thl5psv62405rljzkj8spesceyfz2c32udakc2ak0dmvfeyse9p35c is Gossip built with a pocket internal relay store?
Why? Just because it's "native"? You are of course free to use what you think is best for you but I don't think this approach is any worse. It's just one kind of tech used to create client. What is the clear benefit that you feel like you gain for not using webview for UI?
Don't worry, it's just a meaningless test key to begin with and that showing there is actually just the hex pubkey.
nos2x browser extension stores private key as unencrypted
Saved private key can be found plain text HEX form from the filesystem.
$ grep -R "c205ffc019a61eda35a42603b17a162ff31132e8e8ce956e94f8a2021c63108e" *
grep: config/google-chrome/Default/Local Extension Settings/khplclboobafmlobeabnmnjmdkhnjpmm/000003.log: binary file matches
Even using the "show key encrypted" and setting the password wont change this.
When I enter my private key and use "show key encrypted" option, it will encrypt my key and show QR code for ncryptsec but if I try to save it, I get error: PRIVATE KEY IS INVALID! did not save private key.
You shouldn't use this extension and if you are, you should switch to something else.
Best Nostr setup so far: noStrudel turned to desktop app with locally running cache relay (strfry) to give better performance and larger capacity than browser's IndexedDB.
Linux x86-64 binary:
https://rootservers.eu/nostrudel/nostrudel.gz (3.4MB)
Probably needs these libraries: libssl, libgtk-3, librsvg2, it's not very well tested yet. If you try it and have problems please let me know.
.deb version:
https://rootservers.eu/nostrudel/nostrudel_0.1.0_amd64.deb
Build from source instructions:
https://rootservers.eu/nostrudel/
Strfry relay:
https://github.com/hoytech/strfry
When you set your local relay to run on "ws://localhost:4869/" its existence will get tested automatically by noStrudel and you can enable "Nostr Relay Tray" on cache relays settings ...still figuring out the codebase.
I'm also still trying to figure out the best way to provide NIP-07 signer extension but this requires little more effort. Seems very doable though.
Instructions on how I managed to turn noStrudel web app to desktop app if someone is interested to try it out. It's not perfect but it feels snappier and I like it. You can't use Nostr signer plugins with this but private key should be password protected on noStrudel. Not good, not terrible. Maybe test it with throwaway keys to be safe though.
So just downloaded Nostrudel source code and added Tauri to it, which creates desktop GUI to an web app. Now I have nice desktop version from noStrudel running on my Linux desktop.
"Tauri is an open-source software framework designed to create cross-platform desktop applications on Linux, macOS and Windows using a web frontend. The framework functions with a Rust back-end and a JavaScript front-end WebView using rendering libraries like Tao and Wry."
https://en.wikipedia.org/wiki/Tauri_(software_framework)
Binary runs fine but AppImage version still gives me trouble. At some point it was recommended that Ubuntu should be used to build that and other systems might not work but haven't tried that yet. Client still chokes on global feed but that happens on online version too so I suspect that it's entirely separate issue.
Did the same with Coracle client too but I like noSrudel more. Maybe at some point I look at that AppImage version again, if I could get it to work.
I was playing with Nostr again and this time I installed strfry to my local computer despite having my own relay on VPS. Then I asked ChatGPT to give me this management script (https://rootservers.eu/manage-relays.py.txt ) that opens streaming to configured list of relays and starts a local relay. When I connect nostrudel just to my local relay that gets all the messages from everywhere, it works super fast. So, this is how you are supposed to use this. I think I understand now.
ASIC โ Mining or Resistance
Monero's approach to mining differs significantly from Bitcoin's.
Here's why ASIC-resistant Monero mining is better or more decentralized than Bitcoin's ASIC mining.
๐งต๐๐ป
Pros of ASIC-resistant Monero Mining
Equal Access
Monero's RandomX algorithm is designed to be ASIC-resistant, favoring general-purpose CPUs, making mining more accessible to everyday users.
Decentralization
With CPUs, the network avoids centralization by large ASIC farms, ensuring a more distributed mining landscape.
Security
Diverse miner participation reduces the risk of 51% attacks since power isn't concentrated in a few hands.
Innovation
Encourages the development of more efficient algorithms for general-purpose hardware, promoting broader tech advancements.
Cons of ASIC-resistant Monero Mining
Lower Efficiency
CPUs are less efficient compared to ASICs in terms of hash power per watt, potentially leading to higher energy consumption for the same hash rate.
Market Volatility
The lack of specialized hardware can make mining profitability more sensitive to market fluctuations.
Bitcoin's ASIC Mining Pros
High Efficiency
ASICs are optimized for SHA-256, making Bitcoin mining highly efficient in terms of power consumption and hash rate.
Stability
A more predictable mining landscape due to specialized, stable hardware and established mining farms.
Bitcoin's ASIC Mining Cons
Centralization
Mining is dominated by a few large players with substantial resources to afford ASICs, leading to potential centralization.
Entry Barriers
High costs of ASICs prevent average users from participating, reducing overall network decentralization.
In sum: Monero's approach with RandomX promotes a more decentralized and inclusive mining ecosystem compared to Bitcoin's ASIC-dominated environment, despite some trade-offs in efficiency.
---
Ressources:
Mining Centralization Poses Risks To Bitcoin, Yet Optimism Remains
https://crypto.ro/en/news/mining-centralization-poses-risks-to-bitcoin-yet-optimism-remains/
Monero(XMR) RandomX PoW Algorithm Explained
https://ruisiang.medium.com/monero-xmr-randomx-pow-algorithm-explained-d3cf95619717
I think that more diversified mining is what bitcoin was supposed to be and people were supposed to be able to mine on their home PCs. Maybe Satoshi failed to predict specialized ASIC hardware but wouldn't blame him too much from that oversight. I think he did pretty well overall. ;) I do like how Monero mining works but I'm not sure which is better overall. There are pros and cons to both.
Centralization is a threat but actual attack would still go against their monetary incentives and would require risking a lot of money. At least I cant see this as a good way to attack against bitcoin. There has to be better indirect ways that would be more efficient.