Do phones usually have locked bootloaders?

Could #GrapheneOS ship a sufficiently-secure-and-degoogled fork for non Pixels phones?

Pixels are cool phones, but they are niche, expensive, and accessible only to a small portion of the population. If we want to promote a culture of privacy and security through free & open source software, we need a much broader and more flexible hardware base.

I know they are considering producing their own phone, but I fear this is not a solution for the average user. This is also because creating, distributing, and maintaining large-scale hardware support is an extremely challenging and risky operation.

Obviously, this hypothetical fork will not be able to guarantee the same security as a phone with selected hardware, but it will have a setup that will ensure good basic protection and, above all, *educate* users in the use of free and open software through a dedicated store. If it were possible to install it on $100 phone, we would have the opportunity to educate entire new generations of young people.

nostr:nevent1qvzqqqqqqypzq0mhp4ja8fmy48zuk5p6uy37vtk8tx9dqdwcxm32sy8nsaa8gkeyqy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qgwwaehxw309ahx7uewd3hkctcqyzlvmpnj9q4xv8grkjxk4yl8f7rm354m4maundv2ngd8ff6az2zzcnx7a6h

Damn.

"Contacts", "Profiles", "People"... everything is better than "follows".

I think expectations are changing. I don't consider anything private without an explicit label ("private/encrypted"). So I would expect "Private contacts".

I know Vitor is working on that, and this partially validates my view.

A more generic and flexible cross-nostr-applications term can be useful to promote interoperability.

Any alternative?

Actually a traditional contacts list (e.g. phone) is usually private, but I don't see it as mandatory.

It depends on the app you are using.

And if your social client has a DMs feature?

> Every normie

I'm not sure about that; you should take in consideration different generations and people that don't care about social networks.

> "Follows" is indeed confusing since nobody uses it.

And should we use it?! :)

This is an interesting point of view, and we already explored it when WoT entered the scene: if you follow someone that you don't trust, with the current WoT implementations you validate him anyway, since he is present in your social graph. This is a problem, that probably lists could easily solve.

And if this is the path, "contacts" could effectively have a (minimal) trust meaning.

"Npubs feed" is nice, but we don't have only feeds, often apps have hybrid features. And a generic, lowest common denominator can be useful, "Contacts seems and appropriate one.

I like this point of view.

For me reading someone writings, replying, reacting, zapping is a form of relationship.

And we don't have only social clients, we have many other, often hybrid, apps. The most used Nostr apps have DMs along the social feed.

It's apparently a not so important issue, probably already discussed, but: what do you think if your client switched from the "Follows" label to the "Contacts" label?

"Contacts" seems more immediate, also for not English speakers, it removes the follows/following possible confusing overlap, and especially it opens to a more interoperable scenarios (DMs, "other stuff" use cases, etc). I don't see any particular drawbacks.

What do you think?

#asknostr

I think it was pure coincidence, discovered after the fact.

You can easily do that with the omnipresent nak:

nak req --author 6e468422dfb74a5738702a8823b9b28168abab8655faacb6853cd0ee15deee93 wss://relay.damus.io | nak event wss://relay.damus.io

You are just going to sign a piece of content, relays cannot block this (offline) action, they can only validate the final sign against the content.

The "validation" you are referring to can only arise from the web of trust, or from a scheme where the user announces in advance the future npub(s) he will use if the current account get compromised. There are some proposals about this workflow but they are still a work in progress.

You are already immortal, you just forgot it.

But natural light only.

Maybe for coins.

Imperfections as beauty.

nostr:nevent1qqstnf4fedqs37k6xme367a4kg0dcdgwls38427dy9wlz2kma9hrzsspzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyrzc9tmcml6yyuqwck0zz7r9x2nswnqqh69hk84vnzdm7cnfsp5ucqcyqqqqqqg5wtnre

Nostr prompt hackers: it is time to persuade Grok to make its own npub.

nostr:nevent1qqst5qmh2mvnt0s8zya6qvmxwe5xyru70s5s8gw6qmn0jxerke0regspzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyrpuwy3vvwh49q07uwun8rgs4ejmzehlummn78p893wpzgrqwucawqcyqqqqqqg66memt

I cannot understand the precise UX, for "activate" do you mean just clicking play?

I hope it is opt-in, I find very annoying that a video follows me when I scroll (like on Facebook, if I'm not wrong).

Well, I also prefer sensor in glass, to easily unlock the phone when resting on a surface.

Me too, the 4a has the best form factor.

$50.000 implanted microelectrodes is the new $5 wrench.

Let me know if you have any suggestion to improve it!

nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr FYI

Chronicle v0.4.0 is out!

The main new feature in this version is that you can enable backup of Blossom media from other authors' notes; this reinforces Chronicle's goal of being the relay where you can save what really matters, the full conversions you've participated in, pure signal.

Source code:

https://github.com/dtonon/chronicle

Version:

https://github.com/dtonon/chronicle/releases/tag/v0.4.0

PS: A new BUD is in the works, which will instruct your client to take advantage of your Blossom backup servers.

Do you agree?

> Universal event persistence is a protocol bug, not a feature.

Reference:

nostr:nevent1qqstppwftzg2ecctl3p2r8qw0w5all3qdmgx8xhpqzfp0dv2wu6yxcgpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsyg8ayz8w3j8jsduq492j39hysg7vnhrtl4zzqcugj4m3q62qlkf8cypsgqqqqqqsv9hzxd

Both actually have been created by me and nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6

> What users want, is more privacy and control of where their notes and media goes, not less.

This is true.

I was explaining Nostr to a friend and this was the first thing he asked me.

For now we are still tuning the public space, private groups will follow.

We are really going crazy

https://xiaomitime.com/eu-kills-android-bootloader-unlock-starting-august-1-59449/

> It's unlikely that someone will make their paraphrase long enough to prevent someone from brute forcing it

Reality check: for the casual user that doesn't have a life changing amount in Bitcoin, it is more likely that the seed is found by a roommate or some random guy that works in their property, instead of being the target of a determined, informed and well-equipped attacker.

So even a medium simple and high memorable passphrase can be effective in many situations as additional security layer.

This makes no sense.

A proper passphrase is not hackable, it has legitimate uses, like decoy wallets; it's an useful advanced feature that should be handled carefully..

I need to remind myself of that from time to time.

Why the kind? Isn't a kind: 1?

Not on actual video file, on vtt files, they are essentially text files with timestamps and content).

What'sthe best AI model to analyze some video transcriptions (VTT files)?

I tried Llama3.1-8B with AnythingLLM but the results are really bad.

In comparison Claude has a perfect understanding of the content.

#asknostr

It depends on the restaurant you have available.

And probably if you are not in one of these countries you will only be able to choose from a really small subset of dishes, especially Italian and Chinese cuisine.

Now I'm going to make myself penne with pesto, and an almond topping :)

Nice!

What do you mean with "add the script"? Do you refer to the NIP-05 endpoint?

The Bot Zoo

https://www.ty-penguin.org.uk/~auj/spigot/

It's also very simple, lightweight and easy to implement. Pro and cons.

It seems best suited for synchronizing entire folders, possibly with a recurring strategy.

Magic Wormhole is great for one-time transfers, even from different parties, such as from a friend. Lately I've been using it to copy configuration files to a new (actually old) phone, since transferring via bluetooth didn't work and I didn't want to mess with usb cables or use a PC as a gateway.

Ahhh, ok.

If these reports are sporadic, as they seem, I would use Cloudflare's Rules to filter out the single events.

So you don't expose the CASM source, see:

nostr:nevent1qqsdwc5df0yd97z78zsm0qx7mwcwxlek8xc3vsxkhxr7q6w59vrjv5cprdmhxue69uhkx6rjdahxjcmvv5hxgar0dehkutnrdakj7q3q0000003zmk89narqpczy4ff6rnuht2wu05na7kpnh3mak7z2tqzsxpqqqqqqzz0cuaw

> Implementing censorship lists in FOSS may actually be illegal (again in the US), because it can be construed as "advertising" CSAM

Interesting, and concerning, perspective.

Deployed.

There are a some of problems:

https://github.com/fiatjaf/njump/pull/100