**Security Update**

I've got some bad news for you guys. This morning, as I was adding error handling to flotilla, I discovered that Coracle has been sending user session objects to bugsnag when reporting errors.

Who is affected: Users who triggered an error in Coracle while signed in with their private key, since December 5th 2023.

What I've done:

- I immediately released a new version of Coracle, both to web and to zap.store

- I have deleted the affected apks from my releases

- I have deleted all my error data from bugsnag

- I have deleted my bugsnag project and rotated my api key, so lingering error reports will be dropped

- I have audited my code for use of the session object to ensure nothing else like this is happening

What you should do:

- If you're logged in with your private key, log out

- Hard refresh the page to ensure you have the latest version of Coracle

The bottom line is that if you signed in to Coracle with your private key, it has been shared with me and with bugsnag. In practical terms, your keys should still be secure, since they were sent over TLS, and have been deleted. But there is no guarantee I can offer that they are in fact gone.

I take my users' privacy seriously. My error reporting implementation doesn't record user IPs, it redacts identifying data, and it allows users to opt-out. I also warn the user when they attempt to enter an nsec into a text field. In this case, I simply screwed up, and I sincerely apologize. Reply to this note if you have any questions.

Just got stopped, searched, bag strewn on the airport floor on arrival to Germany.

I’m a bit shaken up that was horrid.

The Alsatian sniffer dog was adamant I had something on me.

I know I dont have any drugs so I was trying to be helpful to speed it up. But it’s pretty intimidating when they’re so abrupt and aggressive.

The policeman was a massive cunt though. Threw my stuff on the floor and was the “guilty until proven innocent” kind of guy.

“You have drugs. I am going to find them .”

He made me repack my bag in front of the queue leaving the plane.

I held up the queue though and they were all scowling, naturally.

They tested my hands with some swab thing and the lady policemen had to check with the other guy and said “it’s high.”

It can’t possibly be the case as I haven’t touched weed since maybe the summer?

Hate to judge but there weren’t a lot of brain cells between them.

But they still weren’t satisfied so i got paraded through past the gate to do a “underpants search” as they were adamant I had something.

At this point i was like what are my right here, you can’t just strip search someone.

Once we went through the gate though the sniffer dog changed its mind.

It stopped butting my right thigh. Thank fuck for that.

But man. All that coz they thought I had a bit of weed?

Gahhhhh. Jesus wept what a waste of resources. I missed my train and I’m probs gonna go full radicalised.

Fuck the fucking fuckers.

welcome to germany lol

Good morning and pura vida, Nostr! It's time to create notes and send zaps! 💜🤙🏻🫂

NIP 9f

=====

# Client Naming Conventions

Client names MUST NOT include the strings "nos" or "str".

Bom dia folks, tenho uma dúvida. Quando abri minha conta pela primeira vez, fiz pelo cobrafuma.com, após isso descobri o Amethyst e importei minha chave privada pra cá.

Porém acabei de perceber que as contas não estão sincronizadas, inclusive o número de seguidores e minha TL estão diferentes. Deixei de fazer algo?

GM Nostr 🌞

Is that field minimized by default?

Is your client ready to be used? Can it compose?