Oddbean new post about login | logout I've been saying for a long time that coracle was my least favourite client. I knew it was bad, but not this bad. nostr:nevent1qvzqqqqqqypzp978pfzrv6n9xhq5tvenl9e74pklmskh4xw6vxxyp3j8qkke3cezqy2hwumn8ghj7erfw36x7tnsw43z7un9d3shjqpqx953gmpz6nwhtm5ys6hadgtre90xx9t8984hdj5nkzud93rq36nsf7jcmq
I feel similarly but there’s no need to kick them while they’re down 🤙
Dev is completely incompetent. This was an accident waiting to happen.
Melvin, you obviously don't know anything about hodlbod or his codebase or his body of work. It's horrible what happened but saying shit like this is extremely mean, ignorant and reckless and only serves to isolate you from the nostr dev community. If you want to have any friends, don't shit on people when they make a mistake. It doesn't make you look smart. I personally like what you do Melvin and I think you have great ideas to contribute to nostr but the way you treat other people is fucking awful, like how you bully fiatjaf and others. Hodlbod is an awesome guy and he's doing the right thing here. Wish I could say the same about you.
NO. I told them not to send data to 3rd parties. They laughed. They mocked it.
I fully expect that I’ll have to burn this account. I’ve copy+pasted it in to too many clients at this point. The real mistake is in making people think that nostr is currently “secure”. It’s still very beta and best practices are not yet in place. So don’t bet the farm on it!
Mr Staab is an important part of the Nostr community, and Coracle has paved the way for important stuff like groups, custom feeds, and... Remote Signing. I think this is more indicative of the pitfalls with Nostr itself than Jon's coding abilities, especially with the big red text saying "This is insecure" on Coracle's private key option.
You should not send user data to 3rd parties
You're right.
with any kind of automated bug reporting tool it's hard to make sure that no private data ends up in it, it's not the first time that this happens and won't be the last (this is one reason why bitcoin core has nothing of the kind) i do however respect a lot how they're owning up to the mistake and publicly admitting it, instead of being sneaky about it they could have said nothing and no one would likely ever have known
Sending user data to 3rd parties IS actually sneaky. You are required by law to inform the user, among other things, and with good reason. Whenever this is brought up some devs are dimissive, and over-confident. More often they will deflect the problem by attacking the reporter. Staab is the worst I've seen for this. That is why I will call it out. Dont send user data to 3rd parties without consent. This is not controversial in the SLIGHTEST.
it would be good to ask, sure, but reporting a bug from the application could be seen as a form of consent, it's extremely common for application to send their entire state dump to aid in debugging when you do this (as most normal users have a hard time formulating precise bug reports with the relevant information, nor responding when asked, this increases the chance problems can be addressed quickly) not saying it's necessarily *good* but it's unfair to single this out, there are more things at play here