I never put money on stuff I’m actively investigating for bugs. I think it can cloud your judgement as you might start hoping not to find anything.
Never thought of getting any BTC before I had spent months studying the code, and gave up ever finding vulnerabilities there.
Many researchers take the opposite approach and focus on stuff the are invested in, as protecting their own stash can be a motivation.
I think that’s a bad idea.
Muneeb from Stacks says that Bitcoin ecosystem development is lacking.
https://twitter.com/muneeb/status/1631672600085577729
Obviously this contrasts with the fact that, during the recent episode of Bitcoin Review with NVK and others, they had to go long for the episode and also had to cut out a lot of content due to too much bitcoin ecosystem development happening to cover it all. And with my work at ego death capital, we have no shortage of new bitcoin development to invest in; it's merely a matter of prioritization.
I met Muneeb at Princeton back in November when Princeton launched their new center for decentralized tech and power, which does have some serious bitcoiners in the mix amid the altcoin noise. And I might meet these folks again in upcoming Princeton events, since I'm based near them in NJ and want to keep a bitcoiner perspective there. They have some good people involved.
If you had questions or discussion points for Muneeb, what would you ask or bring up (kindly)?
My impression is that the Stacks ecosystem is too focused on financialization platforms, similar to the altcoin ecosystems. It's all about financial leveraging, NFTs, etc. In other words, rails on which fiat currency operates. Whereas there is massive development in bitcoin being better money at the root layer, which doesn't necessarily vibe with their ecosystem. Throwing shade at that, or ignoring that, seems disingenuous.
For me, the best development is about wallets, infrastructure, and protocols that make bitcoin easier to use as global root layer money from a payments and savings perspective, and more censorship-resistant in general. Often, it's the small details that matter. This includes lightning, nostr, fedimint, certain sidechains, etc. Anything else is secondary.
Spent weeks studying the Stacks code base.
I wouldn’t put any money in there.
Tbf that’s not different from most projects I study — I hunt and report bugs for a living so I tend to focus on things that I think have issues or are broken.
On the other hand there’s basically no money in hunting bugs in most Bitcoin projects — yet there are few hacks or serious vulnerabilities. I spent a long time on the Bitcoin Core code base and a some early LN code few years ago and I’m still betting on these.
While companies fine tune their algos to maximize addictiveness, even a “no algo” approach can’t eliminate it.
The basic mechanism is the dopamine surge from “social validation”
Nostr isn’t fundamentally different. In fact it everyone in the space seems to be deliberately trying to replicate it.
I think the only way to make it better is to restrict *a lot* all the “social” features.
Zaps might help.
Random thoughts:
- no likes
- except for some sort of “global feed” you only see events by people you follow or validated by their “zapper”.
- that means replies, reactions etc. all must come as zaps and the recipient decides the minimum amount.
- you can filter events by minimum amount of zaps
- no totals of likes or zaps or other interactions.
- you only get notifications by people who you follow or who zap you a minimum amount
A think something like that would help — but not completely fix it. In general I think kids shouldn’t have access to anything that can’t be easily censored by their parents.
That’s a good thing. Zaps are a signal, a sort of vote, if most zaps are kept in the network it’s more efficient
The one time fee isn’t a bargain bc you can’t tell the relay will be around next month.
Many early stage businesses offer their service for free — without ads.
And if you think relays will never sell your IP address and other metadata you’re very naïve
Nostr = nosotros
Yes. I just made up an “s” at the end.
It’s decentralised so I call it whatever I want.
Either that or call it “Zostr” maybe “Zastr” (zaps and other stuff…)
And say it like the ending of “disaster”
As someone whose first language isn’t English I fail to see the difference.
All of your proposed pronunciations are the same.
I suggest to pronounce it “nosotros” instead
That way it’s not going to be confusing for nosotros
You cant legislate secure software into existence.
And a lot of the security problems we have now are direct consequence of 40 years of people trying to use government coercion (which can’t secure anyone against cyber attacks) instead of sound engines and good practices.
More shifting liability around isn’t going to fix anything.
That’s it! Thx!
It doesn’t have a way for “making it official” by validating the pubkey but that’s very good and most of the first half of what I talked about.
Unless of course Trudeau notices jb55 then who knows — but I guess he has more troubling matters to attend to
Wish I could go. :(
I might skip the conference but a trip to Costa Rica sounds amazing lol
Nostr *is* basically a replacement for RSS, with a few different choices, so translating between the two should be easy.
Since a relay is sort of like a blog hosting platform, you could just have a relay that exposes an RSS endpoint (and possibly web interface) for every event it has — with comment threads and what not.
Conversely, you should be able to add a “trusted relay” to your rss feed and then the relay just fetches the feed and signs it with a key they generate for you.
You validate the pubkey in a way similar to NiP5 using domain verified keys.
Just spitballing here, haven’t really thought it through.
Don’t have time for implementing but would like to see it.
Maybe people would get pissed at a gazillion cross posts between the web and Nostr but I dont care
As a replacement for “Bitcoin Twitter” Nostr is already good enough and will likely keep being so.
If it grows too much too fast into something more general (not looking like that at the moment) people like jb55 will likely be able to keep a few relays working.
That said, I lived without Bitcoin Twitter for 2 years and it made my life much better.
Adding two more Nostr bounties.
## 1st is a long form (kind23) bounty.
A Ghost-blog like self-hosted replacement on Nostr.
This would help companies move their corporate blogs to Nostr and still serve on the web.
details: https://bountsr.org/code/2023/03/02/nostr-self-hosted-blog.html
## 2nd is a podcast RSS feed mirror/replacement
The main goal is to replace RSS for podcasts, and eventually have podcasts players that understand it. So that users would just follow some pubkey and the authors podcast feed magically appears on the podcast client feed.
details: https://bountsr.org/code/2023/03/02/podcast-RSS.html
RSS <~> Nostr bridge would be great for a bunch of things.
Assuming person is using 3rd party.
If it’s their own node then there’s no point.
That should work.
If you see they’ll spamming you, you can switch lnurl for your invoices.
Would be interesting to do the same to replies. I think you proposed something like that recently.
Not really. Theoretically you should pay income tax if your BTC appreciates between your buying it and zaping it.
Spending is selling
My proposal of changing the name to Zostr — Zaps and Other Stuff Transmitted by Relays — makes more and more sense.
The more things get integrated with LN the better they’ll get.