What I'm saying is that the app that created this backup encrypted the seed with NIP-04 instead of NIP-44. It was a bug there. Just fix that, don't go around trying to detect edge cases.
The ciphertext being decrypted in his screenshot is a NIP-04 one, notice it ends with an "?iv=..." parameter.
We should run a prediction market for this.
I was merely pointing out an Android client that supports bunker login.
Looks good but I'm not in a position to do anything about this.
Why isn't #grimoire on the list? That's completely backwards.
Good to hear!
Let me know if you spot any flaws or possible improvements here.
We're pretty close, I'm introducing another interoperability issue with decoupled keys so let's postpone that goal to 2027, but I think after that we will definitely be good.
Would be nice if there was a scheme that worked for encryption/decryption over FROST, but even so I don't know if it would be useful in practice. I think it's better to use decoupled keys that just live on the devices, because performing dozens of decryption calls through a network of key share holders like that would be awful experience.
Better focus on crazy key setups that guarantee user identity keys for the long term instead, if you have crazy ideas.
It's not that straightforward I think, but there is https://viewsource.win/npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6/promenade: nostr:nevent1qqsqqqph7l5mv0fv5hekm0nxx7ty9nszfmyhpjhh84h3srugvxe9e9qpr9mhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5q35amnwvaz7tmrdpex7mnfvdkx2tnyw3hkummw9e3k7mgzyqalp33lewf5vdq847t6te0wvnags0gs0mu72kz8938tn24wlfze6kfp7fz
That's what made me realize we needed to decouple encryption keys from identity keys.
There is also Frostr that is doing a similar thing but with different goals.
I want the internet in my pocket.
I was bored and got annoyed with nsites being unreliable/slow. So I vibed together this nsite-deck.
- Load any nsite you've visited before when OFFLINE
- Manage locally stored sites at 'home.nsite'
https://blossom.primal.net/289bad06e79ae34afadb99cc107dc797a3ff8406fc63fad203b08abb0e305b9a.mp4
in the video i show:
- Any [npub].nsite gets resolved, locally
- First load = pull from public relays 30ms
- Second load = load from cache 7ms
- Managing cached sites
Source: nostr://npub1hw6amg8p24ne08c9gdq8hhpqx0t0pwanpae9z25crn7m9uy7yarse465gr/relay.ngit.dev/nsite-deck
CC nostr:nprofile1qyv8wumn8ghj76twvfhhstnjv4kxz7tn9ekxzmny9uqsuamnwvaz7tmwdaejumr0dshsqgpxdq27pjfppharynrvhg6h8v2taeya5ssf49zkl9yyu5gxe4qg5502tfpf nostr:nprofile1qywhwumn8ghj7mr4de3kscn00qh8xctwv3mkjcmg9enxzund9uqsuamnwvaz7tmwdaejumr0dshsqg88wxhskpwga90umah7kdgq23xjlvwv6wz83r5lfy9m8m3garkkduy3ntru nostr:nprofile1qythwumn8ghj7ct5d3shxtnwdaehgu3wd3skuep0qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcqyphydppzm7m554ecwq4gsgaek2qk32atse2l4t9ks57dpms4mmhfx5ltf6v nostr:nprofile1qy2hwumn8ghj7ur4wfcxcetjv4kxz7fwvdhk6qg5waehxw309aex2mrp0yhxgctdw4eju6t0qqsvswpas8wjgsr8gkmggzd7grt8y8pszq55vsr8lnzs5fwalyfe2jg4yre37
I don't get what is happening, are you running something or is it all in the browser? How do I test this?
Regardless of that we should be doing nevent1-sites, immutable, not npub1-sites.
The latest nak v0.17.4 implements support for managing decoupled encryption keys that fix NIP-17 completely, as per https://github.com/nostr-protocol/nips/pull/1647
See this amazing infographic that explains how it works:
If you call `nak dekey --sec
If you run `nak dekey` on another device/client (or with another --config-path) that other device will announce itself as in need of the decoupled key, then you can run `nak dekey` again on the first device and it will automatically send the key to the second -- and like that the key is shared among all your devices.
Call `nak dekey --rotate` to discard the current decoupled key and generate and announce a new one.
Download here: https://github.com/fiatjaf/nak/releases/tag/v0.17.4
That's good to know. I guess we can have NIP-34 and two remote types: grasp and hashtree living together them. I hadn't thought about it that way.
should i renew the https://emojito.meme domain? not sure if someone is still using it, i guess there are not many alternatives for creating emoji packs. i think noStrudel allows you to do it?
Maybe just host it under emojito.habla.news or somewhere else? Is the source open?
Domain names are such a big scam, we should stop giving these people money.
Good features of this:
- Calls /git-upload-pack on servers in arbitrary ways to get trees and blobs directly and dynamically
- Once we find a git server that works we don't have to keep trying others
- Syntax highlighting grammars loaded on demand
- Binary blobs can be displayed as hex or readable ascii
- Images, videos etc are displayed when possible
- Buttons for downloading files directly
- Prioritizes specific user pages and specific repositories, not trying to do everything
I didn't look into it very deeply, my first impressions are that it looks good but I don't think the idea should be pursued because NIP-34 and Grasp are immediately compatible with other git tooling that already exists and that is a huge plus.
Also hashtree seems to be much harder to implement and I'm a believer in simpler solutions and having dozens of implementations.
Yes, definitely.
Please tell me you're sending DMs to the relays in the kind:10050 event for each target user.
This new Yakihonne version fixes DMs completely apparently.
NIP-17 is working pretty well now on Amethyst, 0xchat, https://yakihonne.com/, https://chachi.chat/dm?
Also Coop, Nostur and Damus Notedeck if I'm not mistaken.
I wasn't saying that web clients aren't real Nostr clients at all! After all web clients can run locally and be totally independent of any server (except for some server that may have to initially, once, serve their assets, but that doesn't even have to be a single server).
No, the metrics and search stuff are unrelated, these definitely require special servers.
But I think the main note was about nsec.app, or maybe I misread.
In any case I wasn't talking only about that, that was just one example, my point is valid for many other cases.
I wasn't. I was just talking about hosting Nostr clients in a way that is independent from domain names.
If your client is just client-side assets these can be hashed and downloaded from many different places, they don't have to come from one canonical URL controlled by one guy.
Are all these things because of secp256k1 or because these guys who made these things decided to not support it?
nsec.app shouldn't require any servers, it runs in your browser. Or at least that's what I was told.
Real Nostr clients don't require any servers, they can work completely on the client side.
The fact that we have apps that still work perfectly well but are now inaccessible because a domain name has expired (or whatever) is some bullshit we inherited from the "web" world that we should try to circumvent, not embrace.
There are multiple ways to circumvent these flaws and build true Nostr clients that can't be controlled by anyone, not even by their original author.
SQRL invented the anti-phishing public key cryptography based approach to website authentication many years ago. It was a beautiful spec of one page with multiple grassroots implementations.
Then they decided that the simple "I sign something with a key" approach wasn't good enough, they also had to cover a bazillion other key management things in the protocol so they brought a team of academics that turned the thing into a 300-page unreadable spec that no one ever implemented fully.
LNURL-auth basically reinvented the original simple SQRL version in 2019 and got many implementations and some traction within the bitcoiner realm.
But at the same time another team of academics probably by paid by some evil people were creating Webauthn, i.e. "passkeys", which solves the exact same problem and works in the exact same way, although this time the spec is much bigger than even the worst version of SQRL and apparently designed to create centralization.
It took them at least 6 years to get browsers and phones and some websites to start adopting this behemoth, but so far there are no answers to what is their real purpose or to the question: "what if I lose my phone?".
Added a "spell" command to https://github.com/fiatjaf/nak
- `nak req -k 777 -a verbiricha@habla.news --outbox | jq` to see all nostr:npub107jk7htfv243u0x5ynn43scq9wrxtaasmrwwa8lfu2ydwag6cx2quqncxg spells
- pick one and run `nak req -i c1214b196b3664bc7fc8c8dfaa082a24ed09b25028773bcae60fef8dfe6646fa -a verbiricha@habla.news --outbox | nak spell --pub fiatjaf.com` to run it in the context of your user (replace 'fiatjaf.com' with your npub or nip05)
- `nak spell` will list your previously used spells with ids that you can use to invoke them again: `nak spell spellcgk4u9c --pub fiatjaf.com`
It's not super useful, but it is something.
I can't find it either, but I think the original was funnier. This version borks the best part ("four thousand words just to say I don't even need you guys") by arbitrarily removing words from the original lyrics.
They are grouped by week at read time. Could be by day too.
The stats are just the number of events stored. I read from the database index and count.
#grimoire notifications on the left, a feed of pictures and video from people I follow (with outbox by default) on the center, a feed of a bunch of kinds from selected relays on the right.
Oh, what, you can have multiple dashboards? Then this thing can do my NIP-29 chat rooms too.
Instead of "protocol" we should call Nostr a "system".
That game has been over for years. Ladybird will be pitifully worse. Stop holding on to a failed past and start working on a better future with better protocols for information and app distribution than "the web". In the meantime stop giving people the illusion that's all is still ok while Mozilla milks your idealist heart for money.
This is one of the very few cases in which the error message is actually helpful, so I understand that almost no one reads it.
Yes, but prettier.
One small caution on your manual update script: wget usually doesn't overwrite files by default.
If pyramid-exe already exists in that folder, wget will often save the new one as pyramid-exe.1 to be safe. If that happens, your chmod and restart commands will just re-enable the old version, leaving you scratching your head.
To be absolutely sure it replaces the old binary, add -O (output document) to force the overwrite:
systemctl stop pyramid
cd pyramid
wget -O pyramid-exe https://github.com/fiatjaf/pyramid/releases/download/v1.0.5/pyramid-exe
chmod +x pyramid-exe
systemctl restart pyramid
But then I forgot to
sudo systemctl stop pyramid
Much to Gemini's amusement.
Thank you, you are right.
Although I'm sure I had the -O flag there at some point, but obviously not in the version of the script I pasted here.
Unfortunately no because djot is really great.
https://fevela.me/ now supports https://github.com/dtonon/fevela/pull/40, which is better than blurhash. https://evanw.github.io/thumbhash/
You can see it in action on nostr:npub1e49nhp86q24g66jp9wahzmerv79dum8y4dpv4dt0snvjwlkynf4qnzsm0m if your eyes are faster than your internet.
(Or throttle the connection speed in your browser devtools network panel, this was a good idea.)
Actually after browsing through a feed of blurhashes (on Jumble) and a feed of thumbhashes I've changed my mind, I think the difference is absurd and thumbhash is not only slightly better, it's astronomically better.
nostr:npub1syjmjy0dp62dhccq3g97fr87tngvpvzey08llyt6ul58m2zqpzps9wf6wl would you add it to Jumble? nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s please jump in the bandwagon too! nostr:npub1n0sturny6w9zn2wwexju3m6asu7zh7jnv2jt2kx6tlmfhs7thq0qnflahe? nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z? nostr:npub1cesrkrcuelkxyhvupzm48e8hwn4005w0ya5jyvf9kh75mfegqx0q4kt37c? nostr:npub1yzvxlwp7wawed5vgefwfmugvumtp8c8t0etk3g8sky4n0ndvyxesnxrf8q?
Nothing is "needed", I'm just stating what is better.
Blossom is better because it's more efficient, it will work every time and not hit any barriers, it is much simpler to implement from the publisher side and from the reader side, it's also nicer to use other people's infrastructures the way they were designed to be used.
If we want this Napp model to become a standard (and we need that if we are to solve the problems I'm pointing) then these are all very valuable properties.
it's fine for regular sized events, but it's going to take a big whack out of performance of the database finding small events when it has giant blobs randomly scattered through the kv log structures.
and it's trivial to add a blossom server to a relay, my relay already has one. in theory, supports all of the BUDs too. ah yes:
here's a reasonable starting point for implementing one in Go:
https://github.com/mleku/next.orly.dev/tree/main/pkg/blossom
Some people are incapable of thinking about secondary or tertiary consequences of their actions.
You should just make each Napp be an event with a list of filenames with hashes, then whoever wants to fetch that does it from the publisher's Blossom server. Once it's downloaded it's served from the local cache. There is no need or anything to gain from using this base93 madness.
What do you have against NIP-34 and GRASP?
Thanks again, another bug was causing data to be corrupted sometimes, I think it should be fixed now.
I lost the list of users, but added a bunch back now, please add the ones that are missing if you remember someone.
People, do not put these relays in your default relay lists ever.
That's not how this is supposed to work.
If you don't know how to browse and interact with a relay feed exclusively and the relay URL is not clickable that means you should be using a different client for this task. Try Jumble, Yakihonne, Nostur, Coracle or Nosotros for now.
New feature request: somehow highlight the relay icon when an event was found at the currently selected relay. Or something like that.
I don't know why you would want this, but wss://personal.relays.land/ is a relay that only you can write to and read or delete from.
I've added you three, but now you can add others.
No, I haven't seen any vlogs whatsoever. But I like that the vlogs exist.
Vlogs are like dogs for me.
I think so, yes, wss://impromptu.relays.land/ is one of such cases.