I like the innovation. But I refuse to connect my private seed to anything that touches the internet. Or use a device that has the capability of connecting to the internet

Yes. The person would need physical access to your CC from what I read. Then they could deploy the hack to the secure element. So as long as that fits your risk model and it hasn’t been plugged into a computer (eg you’re using is truly air gaped) you’re probably fine.

I mean the coldcard is still solid though right?

Granted this grifting is off putting, the device isn't flawed?

But but how can we retain devs if they don't have all the power?? Devs need to have an inner circle where they centrally decide the path Nostr development will take unilaterally while disguising it as open source and decentralized. It is the ideal environment for big shot devs.

I have a few ideas to improve blossom, but none that will make it able to support "large files". the fact that a whole file is hashed using sha256 is the main bottleneck, it means the larger the file the longer it takes to hash and the longer it takes to verify (possible attack vector)

Ultimately for "large files" BitTorrent is the best solution and will probably remain that way. which is why we have NIP-35 torrents on nostr 😁

I say "large files" in quotes because every user and every server is going to have a different upper limit on file size. for example a blossom server on my local network could probably take a 10Gb file while one over tor could only take a 50Mb file

There is a suite of relay.events relays coming up 👀

Meant for public use funded by donations. NWC, signers, ephemeral events, relays for devs.

i don't think it's gonna be anything specifically malicious. it's just plain old domain squatting. "oh it's a different name, but maybe they will pay us to transfer it to them"

malicious in the sense that they are making a calculated guess that a unique name that isn't registered that has some registered might be rich and then they will not care to spend $500 to nail down this one which isn't as ideal but ok.

the monopoly on TLD is the suck. you sholud be seedsigner. as in like www.seedsigner.

We all know who did it.

Hmm.

When I use WoS it seems faster than minibits, is it because it’s happening in the background?

In the first case you mean primal wallet inside of primal right? In that case you’re not using NWC, just the wallet inside the app. My understanding was that NWC will always be slightly slower than a built in wallet

We might have different presuppositions on instant, but my experience with primal wallet on primal was pretty instantaneous. I recently moved clients and tried minibits but waited for a good 20-25 seconds. Then tried alby, and while it's not as quick as pw, it's always within 5 seconds

I saw that briefly first time I set it up. Instead of having to be always online it uses the push notifications?

That minibits “processing NWC command” notification is really useful: it lets you know that it’s actually working

And for those that dont know sites like seedsigner.org and .net redirect to airgapcomputer.com. a site that spreads FUD via mostly edge case attacks that are extremely implausible for the average person to pull off.

Most of these attacks require close physical proximity, and controlled environment, plus the cost of complexity of these attacks make it impractical, except for extremely high-value targets.

So again fuck NVK.

Good take.

Also I like your profile pic. Is that a fox?

Build it!

There was much talk about reputation nips. I'd prefer to have those materialize but maybe reactions could be a start.

Right now I can follow or block/mute people and that's being used for WoT even though following doesn't mean trusting and blocking not distrusting. Maybe I follow my boss cause he cares and I block/mute my mother cause she shares too many cat videos.

Every dev has this thing of building their own standards. Then they realize their stuff doesn't work unless they implement what others do.

when are they going to deprecate some NIPs and make "Nostr 2025 Standard" like programming languages do?

What could help, but I'm just a lowly client dev :)

He could add support for a local LLM maybe using ollama

Yet you ask for permission from every relay and server in Nostr, AND you ask permission from ICANN to reach those relays.

That's just a few of the things Pubky does better.

Didn't you notice Primal & Damus trying to charge fees for their services? That is permission. All servers on earth are permissioned. Do you know why?

You see a post with ___ or more hashtags, and you find it spammy.

Whats the magic number for you?

#asknostr

Communism works in fairytales only 😂

Have both. They solve their own use cases.

When you want to search the world’s largest library that’s the tradeoff you are making.

But once you find it, or get a book from a friend for example, you put it in your indexedDB database and congrats.

I personally envision the hierarchy ad follows

- Indexers, that have almost everything. They are the Google of Nostr. People push their events here and others find them.

- Large relays, which serve large communities. Think Nostr.land, Damus, etc. These are hubs for retrieving content in bulk.

- Community relays. These can be self-hosted or hosted in the cloud. People push from here to large relays and from large relays to here, what they care about.

- Local cache. This is the user’s own space and that is it.

The ideal relays would be:

- indexer: custom software

- large relays: strfry on medium end, NFDB and possible other options at large end

- community relays: could be a mix of strfry, NFDB, realy, nostrdb-based

- local relays: nostrdb, indexedDB-based