libs kind of depend on relays so higher on the stack
for this reason you’d approve each spend, or set a quota per recipient
this would be the next step up, from ACINQ’s current EC2 Nitro based solution
nostr:npub1s5rq2ztdh76shy578znvympa2mzz2vjushs9mc5mwkdupewke67qeuf7u3 weren't you doing something in this area?
thinking of trying something out on my personal node, with a key on a secure element (and never leaving it)
would be a small USB dongle, could also use for auto-unlock with TPM
🤔 Lightning node HSMs
for reference the other pillar is relays
One other thing I did was use OpenBao for managing FDB cluster configuration.
That originally started with TLS certificate issuance only, but I needed to manage JWT signer keys as well, and then I put some other configuration in as well that was not completely security related since I didn’t want to deploy a 2nd tool.
Planning to set up an SSH CA soon.
The NFDB/nostr.land code for example is managed on OneDev. Issue management is pretty great (I use it for non-code related tasks as well)
CI was extremely simple to set up, it starts a single-node FDB cluster and runs all the tests.
Github has been requiring authentication now for "untrusted" ip addresses. They also have aggressive rate limits such that a business running build server(s) will likely hit rate limits.
The reason that's a big deal is, many, even more commercial funded OSS projects, publish their artifacts exclusively on GitHub releases, or the GH container registry. Powershell is an example of this. They're not only locking down development, but also the public's access to the applications entirely. It's total control over software development and distribution.
nostr:npub1s3ht77dq4zqnya8vjun5jp3p44pr794ru36d0ltxu65chljw8xjqd975wz plans to help with this, but we aren't going to be an end-all solution. No single SaaS platform will be.
Devs should consider running their own git servers and artifact repositories for their projects. Other self-hosters and plebs can contribute by setting up git mirrors on just about any webserver. Mirror projects you care about!
Devs should also probably be signing their commits so that mirrors can be verified.
Final note. CodeBerg offers a GitHub 1 click repo migration tool.
OneDev ftw :)
nostr:nprofile1qqs99d9qw67th0wr5xh05de4s9k0wjvnkxudkgptq8yg83vtulad30gprpmhxue69uhhyetvv9ujumn0wdmksetjv5hxxmmdqyg8wumn8ghj7mn0wd68ytnvv9hxgqg4waehxw309askwemj9ehx7um5wghxcctwvss2rp25 Had a note from damus relay from a guy I'm following not displayed. How can this happen?
You need to use aggr.nostr.land alongside it.
There is still some functionality that is WIP like full support for profiles.
you could use long-term BLE/WiFi MACs for geomocationt
It was before it became turdfluencers
MongoDB should not exist
You can’t build it elsewhere either. You need to somehow find all users’ servers that might be following you.
new? nostr.land fully runs on FoundationDB, has been since NFDB deployment
unplugged one of the servers yesterday ;)
that is not the garbage collector
the inevitable rewrite is the garbage collector
You can even store it in a password manager or your computer.
I have no interest in being a free consultant for Coinkite, which is:
- actively selling users what in my opinion is subpar hardware
- had multiple chances to fix similar issues previously
- and is actively perpetrating attacks against OSS projects and competitors
If/when I do end up making a full write-up on possible supply chain attacks on a Coldcard along with a demo, they can figure out how to fix it themselves.
61 seconds at 1.5x speed
It is unlikely that any Bitcoin-related organization would want to sponsor any of it anyway.
With the attitude I am seeing from many of the people that run these organizations, they would try to shift the blame to “why aren’t you doing anything about it.”
I have strong evidence that links Coinkite and/or NVK as the definitive owners of the domain names.
There are also domains they own relating to other projects, and name-squatting attempts at Nostr and Bitcoin related domains.
There’s also the option to use an SS.
If you have any questions about SEs let me know.
Currently, a Ledger Nano S with Sparrow. Not my preferred though.
I am working on mu own cold storage product that is built on a security-certified secure element with custom firmware on the SE.