Seems to me effective vibe coding is less about telling the llm what to do than creating an environment in which it can thrive. Just like any form of life it has to exist within a given context in order to orient itself, otherwise it is without purpose and only represents mere possibility. The job of the vibe coder is to allow the llm to self actualize.
But don't listen to me yet, all my vibez are garbage so far.
I would be very interested. I feel like all you believers are just gaslighting me at this point 😂
nostr:nprofile1qyw8wumn8ghj7cmgwf5hxarsd9kxctnwdaehgu339e3k7mf0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qg3waehxw309ucngvpwvcmh5tnfduhsz9thwden5te0dehhxarj9ehhsarj9ejx2a30qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcqyqxkequgmjcynwxaflyd8kxrhwfau0dfpw5z3e8snj9dpu6xfz9rxwhvs2j nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qghwaehxw309aex2mrp0yh8qunfd4skctnwv46z7qg6waehxw309ac8junpd45kgtnxd9shg6npvchxxmmd9uqs6amnwvaz7tmxxaazu6t09uqzp75cf0tahv5z7plpdeaws7ex52nmnwgtwfr2g3m37r844evqrr6j2vwkgf nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qgnwaehxw309ac82unsd3jhqct89ejhxtcpzamhxue69uhhyetvv9ujumn0wvh8xmmrd9skctcpzemhxue69uhhyetvv9ujumt0wd68ytnsw43z7qgewaehxw309anhymm4wpejuenfv96x5ctx9e3k7mf0qqs8d3c64cayj8canmky0jap0c3fekjpzwsthdhx4cthd4my8c5u47suqes5n nostr:nprofile1qyfhwumn8ghj7ur4wfcxcetsv9njuetn9uq3jamnwvaz7tmjv4kxz7fwwdhx7un59eek7cmfv9kz7qgewaehxw309ac8yetdd96k6tnswf5k6ctv9ehx2ap0qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qy3hwumn8ghj7enfd36x2u3wdehhxarj9emkjmn98ankcmmzv9kr6ctvdshsqgqh88vn0hyvp3ehp238tpvn3sgeufwyrakygxjaxnrd8pgruvfkau4ktvqp you guys keep talking about how great it is, if you have time drop in and give me some tips. I think it might just be that I'm lazy, don't have management skills, and like writing code. But maybe there's hope.
hodlbod learns to vibe code take #87
Join me on zap.stream to watch me figure out this vibe coding thing. Comments, criticisms, suggestions welcome.
Are there any clients out there that have solved the NIP 17 spam problem from a UX standpoint? It would be nice to separate "requests" into requests from reputable people in your network (based on wot or pow) and requests that are unlikely to be worth your time.
Trying Coracle again and liking it better, feels more solid.
nostr:nprofile1qqsf03c2gsmx5ef4c9zmxvlew04gdh7u94afnknp33qvv3c94kvwxgspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszrnhwden5te0dehhxtnvdakz7qgewaehxw309a5xyu3wvdhhyctrd3jjuum0vd5kzmp0er5gcs how do pins work? Pinning notes but where can I see all? Nothing in lists
There is a list event that gets created, but it's not really surfaced anywhere. In Coracle, pins show up at the top of your profile notes
Yeah, it could definitely be more graceful
The relay implementation is the main problem. But NIP 29 also requires relay support (translating group create/edit into metadata) when it could have been incidental (as it is in NIP 28 as it happens).
Au contraire, that's what I like most about it. NIP 28 will allow me to use less opinionated relays (that don't rely on RPC calls that have to be supported by the implementation).
Strongly considering abandoning nip 29 for nip 28 if you can believe it
nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn screen recording of trying to use flotilla in manual approve mode. also it does not let me reject signing anything
https://cdn.hzrd149.com/539f12c9efc4816fa1d5a69445c0475390bee10d7307ba8e3d49c7fef079e3c2.webm
https://cdn.hzrd149.com/28d77c9ddfe9cde71319670298ef48cb07436dc3a77172de24d2c24df18612d1.webm
I'll look into making it fail more gracefully. There is a trade-off between scope and trust though, and for coracle and flotilla I'm on the wide scope and high trust side of things. A lot of these approvals are used to probe relays to figure out what the user is allowed to do. I don't think every client should necessarily be sparing about signatures. "Sign everything" is a valid mode for some applications.
Lists should live on the user's outbox relays, the goal of compass is to have the minimum setup that allows for finding the correct relays to query based on the outbox model.
Like SMS? Weird. But yes, fake account.
> The ideal: my life is better if I do X, and I'd want my friends and family to do or use X
My relationship with nostr is basically a quest to create software that I can justify selling to my friends and family. This is an incredibly high bar when it comes to social media which I have yet to meet.
Hash databases would definitely be better, and might help the maintainer avoid liability, but public hash databases (in particular for fuzzy hashes) can make it possible for attackers to reverse-engineer the hashing algorithm to craft payloads that avoid matching.
Has anyone figured out a UX for relay management that includes this sort of stuff. Like “who hangs out here” info for relay management
nostr:npub1n0sturny6w9zn2wwexju3m6asu7zh7jnv2jt2kx6tlmfhs7thq0qnflahe nostr:npub1g53mukxnjkcmr94fhryzkqutdz2ukq4ks0gvy5af25rgmwsl4ngq43drvk nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn nostr:npub1wmr34t36fy03m8hvgl96zl3znndyzyaqhwmwdtshwmtkg03fetaqhjg240
nostr:note14y8sjaerlqxqu9yhyxq2r8x3pnukuwdncszaa6cly947d6yza4yq2xh0pd
If your client is doing outbox properly, you shouldn't lose contact with anyone (as long as they relays they choose are functioning properly as outboxes/inboxes). I started building a relay management client for things like this a while ago though, but I just don't have time to finish it.
This is annoying. Got a CSAM report for user-generated content that I'm not even hosting. There's nothing I can delete. Apparently Cloudflare wants me to implement censorship lists.
Nostr clients are not legally required to maintain censorship lists any more so than web browsers like Chrome or Firefox are. There's just Cloudflare policy and guilt by association. Understandably, it's easy to confuse a web application url like iris.to/npub1... for a content host.
Should I implement ever-growing censorship lists, at least for visitors who are not logged in? The problem is, someone can just create a new Nostr account and re-post the links to illegal content ad infinitum. When this happens, maybe Cloudflare will get the point. Or more likely, they'll just delete my account.
Maybe there's some other ISP that allows hosting of applications that don't ship with extralegal censorship lists?
Iris native app via Tauri could be a resilient direction, but it kind of defeats the purpose of having a web app in the first place: ease of access, sharing by url and mobile PWAs that bypass app stores.. If you're going to have a native app, actually native-built will probably have better UX.
How are other web clients dealing with this? nostr:npub1v0lxxxxutpvrelsksy8cdhgfux9l6a42hsj2qzquu2zk7vc9qnkszrqj49 nostr:npub16c0nh3dnadzqpm76uctf5hqhe2lny344zsmpm6feee9p5rdxaa9q586nvr nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn
I haven't had to deal with this yet, but my understanding is that in the US at least you're not responsible if you don't host it. Of course, cloudflare is a private company and they can do whatever they want with your account.
Implementing censorship lists in FOSS may actually be illegal (again in the US), because it can be construed as "advertising" CSAM. Same thing for 1984 reports, which can be used to find rather than avoid content. The rules are stupid and set us up for failure. IFTAS has been doing some work in this area creating resources for activity pub admins, but they mostly have to do with who not to federate with.
I've been using regular shaving cream for years. Today I finally looked at the label and saw sodium lauryl sulfate and propane. But thanks to nostr:nprofile1qyt8wumn8ghj7am0wshxummnw3ezuurpwf68jtcpzemhxue69uhk2er9dchxummnw3ezumrpdejz7qg5waehxw309ahx2amn9e6hg7r09ehkuef0qy88wumn8ghj7mn0wvhxcmmv9uq3zamnwvaz7tmwdaehgu3wwa5kuef0qqsx8zd7vjg70d5na8ek3m8g3lx3ghc8cp5d9sdm4epy0wd4aape6vs6a2tmg and the circle P I knew just what to do: visit soapminer.com and trade a few precious sats for pine tar tallow soap.
To contextualize the adoption of cryptography:
- Public key crypto was invented in 1976
- Bitcoin was invented in 2009, 33 years later
- In 2025 (49 years later), cryptography is still a niche topic
- The printing press was invented around 1440
- By 1470 (30 years later), a handful of presses had been established in major cities
- In 1500 (60 years later), there were only 417 presses
- By the 1550s (110 years later), printing presses were in use globally
Transformational technologies go through a period of obscurity, then centralized control, then eventually become universally accessible. My hope is that we are just coming out of the centralized control phase of cryptography and the internet.
New project just released: Compass 🧭
For a long time I've wondered how bad things would be if nostr:nprofile1qyd8wumn8ghj7urewfsk66ty9enxjct5dfskvtnrdakj7qgdwaehxw309anrw73wd9hj7qghwaehxw309aex2mrp0yh8qunfd4skctnwv46z7qg4waehxw309aex2mrp0yhxgctdw4eju6t09uqzp75cf0tahv5z7plpdeaws7ex52nmnwgtwfr2g3m37r844evqrr6j46j6hr's wss://purplepag.es relay went down, since it's the only dedicated kind 10002 indexer I'm aware of, and is heavily relied on for bootstrapping user relay selections, which is a key part of keeping nostr decentralized.
So I stood up another one at wss://indexer.coracle.social. Regular users don't need to do anything, but I encourage client developers to add this to your list of relays you check for NIP 65 kind 10002 relay selections.
I've also open-sourced the project at https://github.com/coracle-social/compass so anyone who wants to can run their own.
The project also supports mirroring other indexers via `strfry router`, but I have left that as an opt-in feature. Unless you expect significant load on your indexer, mirroring would only increase the number of unnecessary connections made to other indexers, so please be considerate when setting up mirrors.
Had to use discord today, and wow it is evil. The notifications bell showed a red dot, so I clicked on it. No notifications, but a non-default "for you" tab showed a notification dot, so I clicked on it. The dot then disappeared, and I got a nice fiendly [sic] "Nothing here yet" message.
Treat your users with respect.
Yeah, I get that containers allow the use of shared resources on a single host. The problem is that the same pattern has been used (and nested) in many places where it makes no sense. The render problem is that they support deploying dockerfiles, but not configuring the command to run the container on the host, which means you can't map volumes. The workaround is also really weird: https://community.render.com/t/map-disk-to-docker/4707/5
Just another layer to learn/troubleshoot/have incomplete support for (cf render.com docker volume support)
Docker creates more problems than it solves
nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn can correct me if I am wrong on this one. I believe "network" is just one step beyond the npubs you actively follow. In other words, it is the npubs your follows follow.
Affirmative, second order only
Just implemented 8-bit RSA by hand for fun, AMA
They're scammer lowlife, I'm really not interested in hearing what they have to say
I'm reading a history of asymmetric cryptography right now ("Crypto" by Steven Levy), and my mind is being repeatedly blown by the origins, odds, and success of the movement. Everything we're doing with nostr started in the 1970's! And yet we somehow still don't have widely-used, decentralized electronic mail that checks both boxes of the original RSA paper:
> we must ensure that two important properties of the current “paper mail” system are preserved: (a) messages are private, and (b) messages can be signed.
The question that keeps coming to mind is this: what happened between 1996 and 2009? Once individual rights to cryptography was established, did the movement die out? Why did no one build out access to cryptography for the average internet user? Yes, SSL is ubiquitous, but it's still controlled by a cabal of root certificate issuers.
I know there was ongoing work that led to bitcoin, and XMPP is an obvious exception, but even so I am stunned that 50 years after the invention of public key cryptography we still don't have widespread, meaningful adoption. Keys are limited to technical users, and encryption is mediated and undermined by centralized platforms.
For those with some perspective on this history: are we in the midst of a cryptography renaissance? Did bitcoin kick off a resurgence of interest in digital privacy? Or is that just my own bias at play?
Thanks, got a fix coming for both of those
My understanding is that you run queries over a local database, right? Which means you already need to have all the stuff downloaded that you want to filter. That's fine for power users or apps with access to plenty of storage, but I want something more on-demand and with less storage required.
Formula is terrible, but better than no calories. Do what's best for your kid. Goat milk (and goat milk formula if you're not sure about raw milk) are viable alternatives, although our son eventually started puking it up. If your kid stops putting on weight, that's bad, but look out for length or head circumference stalling, that's a much bigger deal.
And yet you can't go camping in a national forest with group larger than 14 people
I don't think it's unreasonable to use backticks to opt out of formatting. But tag-based formatting would be good
I agree they're distinct, but I don't think they're completely disconnected. It's possible to have a framework that doesn't reflect reality, but the purpose of the map is to accurately represent the territory right? If there is no map (or if it's inaccurate), we can't find our way.
That's the idea!
Thinking about writing a book on how cryptography might be used to craft a more humane social media ecosystem.
Would you be interested in reading such a thing?
Cool idea:
Honestly disgusting. This only creates a huge incentive for more digital asset forfeitures
You'd think this universe would be big enough
For anyone out there desirous of implementing a Flotilla- (and Chachi-) compatible client:
Yes, it absolutely is, you should be using a signer to keep your key safe, here are some options: https://nostrapps.com/#signers
LLMs are revolutionizing how I write tests. Instead of writing tests, now I:
- Ask the LLM to write tests
- Refactor my code
- Tests fail
- Delete my tests
- Ask the LLM to write tests