Secure enclave not so secure.
"Intel HW is too complex to be absolutely secure! After years of research we finally extracted Intel SGX Fuse Key0, AKA Root Provisioning Key. Together with FK1 or Root Sealing Key (also compromised), it represents Root of Trust for SGX. Here's the key from a genuine Intel CPU😀"
Source:
Well, you can run Nostrsync and the content is distributed across a lot of relays. For this particular problem, it is not about "there are 6 big relays", if you want content deleted, you need it deleted everywhere, which is difficult to do.
If all of them were taken down, the network would not work well. But the other way is not so easy - if you want to take down a note, you need to take it away from all relays and with nostrsync, this is very hard to do.
One of the strange things to understand, which was not seen by many people until arrest of Telegram's CEO is the regulatory capture of big-social(tm). Mark Zuckerberg, Elon Musk, etc. are not arrested by French cops, because they comply, at least with the governments that have hard power.
Imagine you run a platform for chat, or social media network and countries such as France, Uganda, Hungary, Ecuador, USA, Great Britain, constantly spam you with some weird requests. Unless you have a team of hundreds of people following some strange requests from countries you probably never heard of, you are "non-cooperating" and go to jail.
One way to solve this is to encrypt, another is to decentralize and don't run any infrastructure.
Signal is doing the encryption route. Want me to investigate this group? Sorry, I don't know what the group is, I don't even see its name. I don't know who's a member. No, I don't know what they are chatting about. I can't remove the content, because I don't know what content belongs to it.
Nostr is doing it the decentralization route. "Sorry, we are authors of the user interface, we do not store any messages, go talk to the relay operators, here's a list" (pastes a list of top 1000 relays, silently runs nostrsync to copy the content everywhere, so the police have more fun).
SimpleX and Keet are doing it both ways. In SimpleX case, relays can be run by anyone (and it's encrypted). In Keet, there are no relays, it's peer to peer.
It is not only about showing middle finger to the government (and in some cases, it might be just and good do cooperate), but it is also about avoiding regulatory capture by big-tech - you can cooperate easily by saying "sorry, not our infrastructure" or "sorry, we would like to tell you about this user/message, but we don't know anything about it, it's encrypted".
This regulatory capture is everywhere. Try to publish a simple app in the app stores and you will be constantly bombarded by e-mails such as "taxation in Uganda / India has changed, here's what you need to do". Really? I have a calculator app.
If everyone has a local relay, it's essentially P2P, you just call the database where notes are stored a relay. Nostr is still not very good in this scenario, the network relies on a few relays, if they don't work, notes disappear, etc. nostr:npub1melv683fw6n2mvhl5h6dhqd8mqfv3wmxnz4qph83ua4dk4006ezsrt5c24 was doing some interesting research on this.
I think we can get inspiration from protocols such as BitTorrent where adding nodes helps the distribution.
An idea: an experimental relay that listens on localhost, distributes events through Holepunch based network P2P. Not only archives them locally, but distributes interesting events to other such relays. All clients work well, they just think they speak to a relay (well, they do), but the way the relays distribute notes is through a P2P network.
Not really. True P2P is hard, for group or social interactions, super hard.
The interesting protocols are Holepunch (used by Keet) and Waku.
The problem with relays is that it increasingly seems that their operators are held responsible for the content.
I have been checking every three or so months. At least user facing changes are not that big.
I don't want to be a downer, I really like the project, but let's be realistic. We usually overestimate what we can do in two months and underestimate what we can do in two years. So I think in two years, I can start recommending it to people for some particular use cases.
Not surprised. I have to say I'm super bored at Bitcoin conferences (talks), I almost never watch the talks and if I do, I usually regret it.
Bitcoin is supposed to be boring I guess. If it's non technical, it's basically convincing people to HODL. Technical conferences can be fun.
Nostr is fresh, new, there's lot of activity and the protocol is not rigid, so innovation is super fast.
nostr:note1wjt3ry3pjhpq9rf2q8ywduvvgdvqjlahs9hga2muw9h9xnj529fsx6ujp9
you had me at dicordian.
Just listened to this 8 hour Neuralink episode. It might not be fun for all of you, so it's not a general recommendation, but to me it was fascinating. First about how the technology including robotic surgery works, but mainly about the weirdness of controlling something with your brain.
I have spent hundreds, maybe more than a thousand hours on some sort of EEG brain computer interface, so I got plenty of training. The resolution of these is not perfect, but you can do many things even with an EEG device. What is interesting is that I am controlling things that have no analog in the motor cortex, I am changing my state of mind and focus, which is very different to moving (or attempting to move, or imagining to move - three different things as per the podcast) a finger.
The brain does not have direct receptors about its internal state. The brain does not hurt. The EEG feedback adds this information and it's possible to train doing completely new things with the brain. The interesting fact is that even when I learn it to some extent, I can't really tell how it works - or what exactly I do. I call it surfing on the wave all the way down, but it's something that you would not be able to replicate without figuring it out yourself. We can only have shared vocabulary after you experienced it .
This I believe is precisely why it's hard to explain psychedelic experience to someone who has never experienced it. You might describe the visual part (which is not shared - I don't do the visual part at all actually, even when I dream, it's never visual. I know the concepts, the structures, but I don't see it), but that's only because that's the common ground ("I have seen beautiful fractals") and probably the least interesting part of the experience.
Why I'm describing this? It's very hard to explain that there are things you can learn to do with your brain that we don't even have good words for. I believe brain computer interfaces with technologies like neurofeedback will make learning it much easier than for example meditation. Combining the dedication of meditation practice with the boost of neurofeedback is the best I believe. But most of you don't even understand what I'm talking about, because you never experienced it. It's out there.
Telegram is not encrypted speech! The connection to telegram server is encrypted (with home baked cryptography - not a good idea especially in chat protocols), but the data is not end to end encrypted and Telegram servers see plaintext.
There is an option to do a sort of home cooked encrypted one on one chat that no one uses, but any groups/channels are just a goldmine for whichever intelligence agency gets their fingers on it.
If you want encrypted: signal, simplex, ...
Here's a comparison:
https://juraj.bednar.io/en/blog-en/2022/05/03/encrypted-messengers-comparison/
Here's an explanation on why I think it matters:
https://juraj.bednar.io/en/blog-en/2022/04/29/encrypted-messengers-how-to-communicate-privately/
Also: Nostr is also not encrypted.
Also, ironically, making it encrypted would help him avoid jail. (I don't cheer on him being arrested, that's a horrible precedent).
Signal does not see groups, membership, content, ... They encrypt to protect the users, but also themselves. They can't analyze messages if they contain drug trades or child porn, because they are not in business of storing messages, they ship around encrypted blobs of data and they can't tell their meaning even if they wanted to.
SimpleX goes even further - they don't operate infrastructure, anyone can run a relay. They are in a business of writing user interface for end to end encrypted chat protocols. Users use servers operated by third parties, that also don't see the content, in this case not even user identifiers (there are none on SimpleX). Each connection looks different, so you can't even write a proper court order, because it's very hard to identify what user it concerns.
Telegram is not encrypted speech! The connection to telegram server is encrypted (with home baked cryptography - not a good idea especially in chat protocols), but the data is not end to end encrypted and Telegram servers see plaintext.
There is an option to do a sort of home cooked encrypted one on one chat that no one uses, but any groups/channels are just a goldmine for whichever intelligence agency gets their fingers on it.
If you want encrypted: signal, simplex, ...
Here's a comparison:
https://juraj.bednar.io/en/blog-en/2022/05/03/encrypted-messengers-comparison/
Here's an explanation on why I think it matters:
https://juraj.bednar.io/en/blog-en/2022/04/29/encrypted-messengers-how-to-communicate-privately/
Also: Nostr is also not encrypted.
I understood that the post button in most Nostr clients does post it to the network. There are no tools in Nostr to limit posting to some groups. You don't select where you post to in most clients, there are preferred relays, not ultimate relays, there are no per note relay sets anywhere in the user interface. It might be used like that in the future, when it's the responsibility of relay to limit writing and reading of notes to those that should be authorized. And that means not allowing connections from relays that could copy the notes.
I see what you are saying as a potential problem in the future, but I think encrypted messengers are much better for sharing within a closed circle. Nostr is for public sharing, it's not encrypted, notes don't have any permissions attached to them except for the - tag, which is a self limitation like robots.txt.
There's even a tool like http://nostrsync.live/ which will download all notes created by an npub from a list of a lot of relays and try to publish it everywhere. Note that authorization is not required, I can do it for your npub and the relays have no way of telling that you did not post that message to the relay, it's all valid signed notes.
Aggression is initiation of force, not any force. When force is initiated against you (aggression), you can use violence in self defense.
It's not contradictory in any sense, maybe your definition in words is different, in libertarian thought this is pretty well defined (see: non-aggression principle, or NAP).
I think it's similar to publishing a Torrent. You publish it to the network, it does stay at a particular place. Mirroring is common and that's what will achieve decentralization of Nostr.
At some point people will run their own relay and it will mirror notes they are interested in for easy access and archival. And maybe provide read access to others.
I run my relay and mirror many things with a simple shell script from cron.
The rule is - if a client can get it, so can a relay, which can act as a client.
I own my data in a sense that I own my identity and that I have the archive of it that no one else can delete.
But as Peter said, it's digital, can be copied and people have signed it with their keys. Internet does not forget.
how exactly does that affect you?
I use some pretty good apps that work well. Never felt in stress by any agendas. Not as a user, not as a developer either.
don't follow Bitcoin shitfluencers. you can even block them.
it's not my experience though, for me Nostr is now the best it has ever been. But even this is not the final stage. It evolves.
If you don't like it, either make it better or leave elsewhere.
No need for nostalgia, flow with it, Nostr is a river!
nostr:npub1el92x37jgdpxkgcu278ja06a9djxzj24nxutg96qcljsehls0aesc2wpyf See the rest of the thread, or this blog post :) https://blinry.org/50-things-with-sdr/
Holy shit, there is a weather fax over radio! (No 32).
nostr:nevent1qqsvd42rkt0cqmz6g8y8xsgz70y3p2plymzxh6kjr9axvje63kxwelcmd477r
I've been playing with continue.dev (I am using it with Venice's LLaMa-405b or with local Gemma2-27b.
My setup: https://vimeo.com/999915399?share=copy
Continue can also use Claude.
Is Cursor any better? Anyone has experience with both?
Replying to Andrej Karpaty's remark here:
"Programming is changing so fast... I'm trying VS Code Cursor + Sonnet 3.5 instead of GitHub Copilot again and I think it's now a net win. Just empirically, over the last few days most of my "programming" is now writing English (prompting and then reviewing and editing the generated diffs), and doing a bit of "half-coding" where you write the first chunk of the code you'd like, maybe comment it a bit so the LLM knows what the plan is, and then tab tab tab through completions. Sometimes you get a 100-line diff to your code that nails it, which could have taken 10+ minutes before.
I still don't think I got sufficiently used to all the features. It's a bit like learning to code all over again but I basically can't imagine going back to "unassisted" coding at this point, which was the only possibility just ~3 years ago."