Subnostr

Do you like Seedsigner?

It arguably is one of the few devices in the Bitcoin signing device space that properly explains its threat model, risks and benefits.

If you are wondering, your bank card is more secure than 95% of HWWs.

Replying to

u32Luke

Do you have a link to the Mk4 exploit?

semisol 1y ago

STM32s are already known to be not very difficult to dump.

Along with existing attacks on the DeepCover SE and the ATECC one, this allows extraction of the seed.

The ATECC one especially has poor track record having been defeated by the same attack on 3 revisions of the chip.

semisol 1y ago

It is who knows how many years of IPP Everywhere and I still cannot set the color mode for prints and only get a single quality mode choice

semisol 1y ago

it’s not as fast either for going through a 200-page datasheet for one specific detail nostr:note1hmq4hjz9p5tz8g0zv7g9gg6jx58fvh6tgrazyqecsan6lp2jv99s7gmfdg

Replying to

Hanshan

dunno what kind of asshole does this shit

but afaict that account hasnt tweeted in over a year

semisol 1y ago

twitter logged out view orders by popularity

Replying to

HoloKat

I asked my mom, a long time Democrat who she voted for and she said Trump. She also added that there’s something wrong with Harris - “she doesn’t make any sense and speaks in gibberish” 🤣

Many Dems became Republicans this election.

People are recognizing how insane the Dems have become lately.

semisol 1y ago

Option 3: move to somewhere less shit

Replying to

unknown

I spent a couple bucks on stainless steel washers. I’m good to go.

semisol 1y ago

Congratulations your seeds are more secure against physical damage than a $200 gimmick

semisol 1y ago

Someone make a $1000 rugged HWW pls so we can get scammed even more and pretend we are enterprise users

- influencers

The seed backup in the corner: ._.

Oh wait buy our $50 piece of milled steel that should be $20 nostr:note1wfew3pqlvh4ksfl3epkmmfskyh5ztjly06fkppzdg33pxnk84v7sxfwwhm

Replying to

Tim Bouma

It's called experimentation.

semisol 1y ago

For it to be experimentation you first need to evaluate if it could work in theory before in practice.

Instead this is just trying random useless shit for the sake of it.

Replying to

Dan

Maybe a little bit of "we like this hammer, hit everything like like it's a nail" going on. Not to say I don't think it's a good hammer, cause I believe it is. But still... not everything is a nail.

semisol 1y ago

it really isn’t a good hammer either for 50% of things

to be honest, the cashu protocol has been having the same issues with incompetent design as with some nostr NIPs

Replying to

Dan

wouldn't a 1:1 mint-to-user ratio defeat the purpose?

semisol 1y ago

To be honest this feels exactly like everyone trying to integrate NFTs. Or AI.

Replying to

Tim Bouma

Huh?

semisol 1y ago

At this point why not self custody? What’s the point of having a mint?

Remember how they tried to add NFTs to everything? This is exactly like that

semisol 1y ago

Oh so self custody with a shiny label? nostr:note1kxwsuxhaq48m8ahn0q6vh3aey2qym5fgkztsj8889n9h82wnazjq97g4vn

Replying to

Silberengel

Same people who make good shit everywhere else.

Another day, another tech stack.

semisol 1y ago

And that’s rare

Replying to

BITKARROT

#Pubky is Slashtags rebranded. Rebranding is never a good sign. Its the same group as the Keet guys. Fundamentally they are struggling with traction, their protocol is obtuse and difficult to build on.

I get that having a bittorrent style DHT might be useful but the latency and discoverability issue is not gonna compete with nostr websockets. And there is a solid reason why SimpleX is using websockets and unidirectional pipelines for their chat servers. It just *Works* better. Not perfect p2p networks but for the purpose of social connectivity you gotta cut some edges off.

Love the idea, but also felt like I wasted enough time looking at Keet/Kademila/Hypercore rebranded twice to Pear. Great marketing but underlying adoption will not happen at Nostr Speed.

Nostr has its problems but its strength is that weekend warriors can contribute and for a scrappy distributed protocol this is what you want. Not $10 million dollar per VC app companies that refuse to hire american citizens and don't really welcome opensource part time contributors.

You are gonna need all the hands you can get to build something anti-big tech and by removing as many complexity barriers as possible you can achieve it with max leverage, less labor and less time to generate the network effect for survival.

#Nostr Will Survive. There are enough builders who don't need a PHD to make it work. That's the #1 key factor here.

semisol 1y ago

Anyone can make shit on Nostr.

Who can make shit that’s good?

Replying to

Derek Ross

Because Nostr is still very early and now's the time to enhance, build, or change it. ActivityPub is from 2016 and much more set in the ways on how to accomplish tasks and features - it's more mature. Nostr is more malleable.

semisol 1y ago

Nostr is not that malleable.

Replying to

Derek Ross

Fedi is inherently broken.

semisol 1y ago

What is to say Nostr isn’t?

Replying to

Derek Ross

Exactly. Why not just build on and enhance Nostr?

semisol 1y ago

“why not enhance the fediverse?”

- fediverse people on nostr

Replying to

Mark Camper

Oh, I didn't know there's the failed pin counter. That would be the main benefit imo.

In some scenario setups, it helps you relegate this semi-hot (easy to access) signer to the physically inaccessible seed sources (at different locations).

semisol 1y ago

I’m working on a lot more than that… :)

Replying to

Settebello

You should try Vultisig. Better than HWW

semisol 1y ago

red flags:

- using “open source” as audited

- no proper explanation of cryptographic scheme

- devices used in signing are not isolated or protected