That’s the plan, September 20
14 years ago I ran my longest distance, 15 miles. Today, I just finished my first 18 mile run.
Coracle and flotilla do
Sitting at the airport with my kindle loaded up with your book nostr:nprofile1qqsf03c2gsmx5ef4c9zmxvlew04gdh7u94afnknp33qvv3c94kvwxgspr9mhxue69uhkscnj9e3k7unpvdkx2tnnda3kjctv9uqsuamnwvaz7tmwdaejumr0dshs8t20f0
Crazy
I do that elsewhere, but I use the repository to keep the UI responsive. I might have to do something more though to ensure updates take properly.
There was some goofiness with the relay read/write flags related to second-granularity timestamps (if you clicked too fast coracle kept the old version of the event). I've fixed this in the next release.
This is Coracle? I just tested it and it is sending the kind 10063 to my write relays correctly. It doesn't create one if you don't change the field, but it doesn't sound like that's the case here
It hides that fact that you use tor from your isp
Yeah, I never got around to an implementation because I was pretty busy at the time with other things
Both of those rejected protected events (events with a `-` tag). I have a fix for this in the next release
Hmm, image got corrupted, try this
yeah, each thing is a different use case, it should be 8 separate kinds that clients can pick and choose from. Do you allow users to edit everything independently? This is what I just added to coracle and I hate it:
It's just the default decentralized architecture. In a sense, relays are federated. The distinctions get lost on people not thinking deeply about it though.
Coracle botched an image upload of mine, took down Amethyst and made Damus unusable. I requested deletion of the events so it should be OK now.
Glad we are all friends nostr:nprofile1qqsf03c2gsmx5ef4c9zmxvlew04gdh7u94afnknp33qvv3c94kvwxgspr9mhxue69uhkscnj9e3k7unpvdkx2tnnda3kjctv9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcppemhxue69uhkummn9ekx7mp0g4rts7 nostr:nprofile1qqsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpzdmhxw309aex2mrp0yhx5c34x5hxxmmdqyxhwumn8ghj7mn0wvhxcmmvqyg8wumn8ghj7mn0wd68ytnvv9hxgpywa92 nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpz9mhxue69uhkummnw3ezuamfdejj7qgswaehxw309ahx7um5wghx6mmd9uq3wamnwvaz7tmkd96x7u3wdehhxarjxyhxxmmd9ukfdvuv !
The editor library I'm using is 90% great, 10% buggy and impossible to fix
A little bit, I'm not super proficient with CRDTs, but it's not too complex to make a Set data type. Right now follow lists are completely replaced every time, making them quite brittle. A set with add/remove operations would be very simple, with the cost of taking up way more space. I proposed this over two years ago: https://github.com/nostr-protocol/nips/pull/349
The nice thing about this is you could build follower lists more cheaply, but it would be much more expensive to build follow lists, since you'd have to download everything and reconcile it in-memory. Snapshot events could help with this, but nostr's event model is just too simple, and relays too dumb to solve this very well.
Yeah, communities can be an on-ramp for people. But the apps have to be good first. NIP 72 has the most implementations, but the spec is kind of garbage from a moderation stand point. It's fixable, but also only applicable to reddit-type communities (and has all the same problems with tyrannical moderators).
Let's say I run my own ecash mint. I issue myself a bunch of tokens, then I go and spend them. My mint allows the recipient to redeem them, but later on when someone (other than me) wants to melt the tokens, the mint just pretends to be offline or something. I'm then able to rug spent tokens because I own the infrastructure. It seems like the only way to defend against this attack would be for recipients to immediately melt all tokens issued by untrusted mints. Is this the standard pattern for receivers? Is mint trust model front and center in cashu implementations?
Community apps feel like the new nostr gold rush, everyone keeps building new ones that all work completely differently. I agree with their importance (obviously), but it seems like this has the potential to fragment things more than ever, just because communities are a rorschach test. Everyone also has their own libraries and preferred development stack. What if we just all agreed to start from scratch and work together to create something new? It probably wouldn't work because we're all so disagreeable, but one really good community app would be better than 10 incompatible ones.
nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn joining in on the test-message fun in #communikeys :community:
It was purely an accident, I don't intend to support communikeys except as unmanaged nip 29 groups. A fun accident though
nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn thoughts on removing the DVM and WOT type feeds in your NIP-FE? https://github.com/nostr-protocol/nips/pull/1554
I've been thinking about what it would take to make my own implementation of it in applesauce and those two types are the only thing that wouldn't translate well. DVM type because most DVMs don't speak the same language anymore and WOT type because applesauce has no concept of a WOT score between 0 and 1
Since there's no way to keep anyone from adding new verbs or creating malformed feeds, I think this is just another defensive coding thing. Clients that don't support a given verb should report the error to the user and maybe offer to "repair" the feed by removing the unrecognized stuff.
That said, DVMs are a pretty important out for requesting arbitrary data. They could be replaced by feed-type relays, but it's a neat architecture. Maybe we could split DVM feeds into different kinds? That's probably a good idea.
WOT feeds seem simple enough to implement, even if your wot calculation is naive it should be fine right? Whatever score range you use you can always scale to to 0-1.
Location is in there because flotilla has an optional location field on the calendar event form, which takes any string. That's it. nostr:nprofile1qqsytuv4el7t3jtjfm7zfrc9q730ked40806he7dx5uctxqk8j4hvfcec8rh0
40 mins from tsunami impact here in Hawaii.
https://blossom.primal.net/61a84617be62a67058054b4c46769810ae6704a6bef0314e3b266fb9d1af5fb5.mov
Praying for you all
Our names will go down as history as the idiots who did nothing right
Nostr was mentioned on my favorite cryptography podcast today, Security, Cryptography, Whatever — they didn't spend a lot of time on it, but here are some highlights:
> It’s federated and it’s European. I bet it sucks.
> It’s some Ayahuasca inspired initiative from. From Messrs. Dorsey et al.
> Yeah, sure, it’s decentralized and federated, but like their proposal for encrypted end to end encrypted DMs was just bad by itself.
> When I reviewed this, my description of this was it looks almost exactly like Nebuchadnezzar [https://nebuchadnezzar-megolm.github.io/], which is like a fractal of things that could have gone wrong with like a complete ecosystem of like a secure messaging system. They found flaws in almost every component of that system and then tried to leverage them as far as they could.
You can read/listen here: https://securitycryptographywhatever.com/2025/07/29/vegas-baby/
They also mentioned a talk that's going to be delivered at blackhat on August 9th which sounds super interesting:
> In this session, we unveil the first comprehensive security study of Nostr and its popular client applications, demonstrating how subtle flaws in cryptographic design, event verification, and link previews allow an attacker to forge "encrypted" direct messages (DMs), impersonate user profiles, and even leak the confidential message from "encrypted" DMs.
Here's the link to the agenda entry for the talk: https://www.blackhat.com/us-25/briefings/schedule/#not-sealed-practical-attacks-on-nostr-a-decentralized-censorship-resistant-protocol-45726
I'm looking forward to learning how we've screwed up — there aren't a lot of cryptographers here, and I know that open protocols make security even harder to maintain. Maybe we've screwed up irretrievably, but I'd rather know now than later.
flotilla.social comes close (sans all the gamer-focused features)
Hey nostr:nprofile1qyvhwumn8ghj76rzwghxxmmjv93kcefwwdhkx6tpdshszrnhwden5te0dehhxtnvdakz7qpqjlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qy09qsr would you mind if I reach out via DM? Do you have a preferred method?
Yeah, NIP 17 is ideal (when it works)
Yeah, Gab had so much potential, but incentives were too strong
The invite link thing is specifically for onboarding, you can also send a link directly to your profile and coracle won't make you log in
nostr:nprofile1qyfhwumn8ghj7am0wsh82arcduhx7mn99uq3zamnwvaz7tmwdaehgu3wwa5kuef0qyd8wumn8ghj7urewfsk66ty9enxjct5dfskvtnrdakj7qgcwaehxw309a3hyetpw3ezumn0wd68ytnhd9hx2tcpzemhxue69uhks6tnwshxummnw3ezumrpdejz7qpqjk9h2jsa8hjmtm9qlcca942473gnyhuynz5rmgve0dlu6hpeazxqg872yj you asked what I thought of WoT relays, I didn't have a chance to answer. I think they're cool, but they have to be used correctly. Archiving is great, uncle jim-ing outbox is also a good use case (although I imagine they wouldn't work for dms or inbox). Also good as custom feeds, curated by people whose taste you like (although you could just load that up directly by requesting based on someone's follow list). I think all of these use cases are pretty weak, since there are other heuristics for finding the same content in most cases.
By the way, I meant to ask you if you would review the book, but forgot to 😅
If you have any feedback on corrections or omissions I'd love to hear it
Hey nostr:nprofile1qqsvrlrhw86l5sv06wkyjgs6rrcekskvk7nx8k50qn9m7mqgeqxjpvg8u2e5q, want to come on nostr:nprofile1qyw8wumn8ghj76r0v3kxymmy9e3k7unpvdkx2tn5dahkcue0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qgmwaehxw309aex2mrp0yh8wetnw3jhymnzw33jucm0d5hszrnhwden5te0dehhxtnvdakz7qpqmlcas7pe55hrnlaxd7trz0u3kzrnf49vekwwe3ca0r7za2n3jcaqn2vus3 sometime and talk about socialism?