What do you see? #logodesign

Android Primal APK feels smooth. The occasional crash when something unexpected happens with NWC (can't say what) but other than that, seems like a solid client.

Long time Amethyst fan here.

What other native Clients do you know of or use?

My take on Nostrmo

Putting the Nostr follow list into a single event was a mistake. Because there is no single source of truth in Nostr an app can never know if it has the latest version of the list before publishing a new version. If it doesn’t have the latest version of the list then the user loses data. This is true of every other kind of Nostr list too.

A better model would have been to publish a separate event for each follow with a single p tag, like this: `{ id: “1234...”, “pubkey”: “283h2ea12…”, kind: [follow], “tags”: [“p”, “2ekac887…”] … }`. When you follow someone you just publish a new follow event. When you unfollow someone you delete the event. Or if you hate delete you can publish a new “unfollow” event for that person, it’s really the same thing. This is how Secure Scuttlebutt models the follow graph and it works well enough.

If you want to get really fancy you could arrange all the follow events in a tree and use a CRDT or use range-based set reconciliation to make an eventually consistent list of people you are following. This is how the Willow protocol works if I understand it correctly. But that is way too fancy for Nostr, which is kind of predicated on the idea that things are simple to implement and the UX is good enough.

Taxation is theft. Of both your time and your money.

And even then they have the gall to demand full transparency over every cent you earn or spend.

Is there anywhere on the planet you can go and just be left the fuck alone?!?

Name the Nostra client that you are reading this note from 👇

Hi! With Minibits, your ecash lives directly on mobile device.

NWC requires a server to talk to using nostr messages. So to make it work, ecash would have to be in server-side wallet.

NWC is cool if you have your own lightning node running somewhere or to make custodial lightning interoperable.

For ecash, I'd like to figure out ways how to make it rather less centralized.

I feel like half the time on nostr I’m trying to figure out who is replying to who. Short notes without much context but feel like air replies to someone else’s note.

I’m even doing that myself right now 😆

in other news

i heard corn is on sale 👀

So digging into the double ratchet protocol, I think the device has to have both medium-term and long-term keys available to decrypt everything in the past, and an attacker would likely steal both of those and decrypt everything in the past. The protocol then would generate future keys that the attacker wouldn't have unless they continued to control the user's device. I think it does the best thing possible, but it is still quite possible to steal all the past messages even under Signal's double ratchet protocol. It makes no sense to me that an attacker would only get one key or the other -- maybe they are presuming a cryptanalysis only attack.

You can do forward secrecy if you don't need to remember the old session keys (e.g. in SSL) but I don't see how to do it if you want to have a folder full of DMs.

People have to be able to read their DMs. If they can do that, by any means, whatever means that is, leaked, would allow an attacker to read all of their DMs too. So I don't think it's possible to secure them more strongly than their nsec is secured.

Therefore we have NIP-46 so you can use a bunker and stop pasting your nsec into web apps.