I heard that even MLS struggles with anything over 100,000K users to keep keys in sync. At some point the overhead of the protocol breaks it's own hability to send messages. 

 MLS for large encrypted group chats is coming! 
nostr:nevent1qqs92vwt83v4u0ggth29x2pwsz7ssg3s0v4r2rl934vza9lp0gfg2zcpzemhxue69uhhyetvv9ujumn0wd68ytnwv46z7q3qzuuajd7u3sx8xu92yav9jwxpr839cs0kc3q6t56vd5u9q033xmhsxpqqqqqqze7m60u 

 Get rid of that NIP-04 support 

 The main issue is that nip-04 leaks way too much data not only to the relay, but to the public in general. On top of that, the encryption procedures of NIP-04 are laughable. The lack of padding alone is a major problem. Imagine saying "Hi" on a DM and that gets converted to 4 encrypted chars. Besides letting everyone know your message is small, how hard is to break the encryption of a 4 char cipher text? Not that hard. 

If you repeat GMs around, now you have 100s or 1000s of 4 char encrypted messages. How hard would it be to recover your shared key knowing all those little messages? Not that hard. 

With enough shared keys, how hard would it be to figure out somebody's nsec? It gets in the realm  of "possible" with today's available computing power. 

 Feel free to offer better padding. Padding was discussed at length before and after nip44 and directly audited by the firm. No one has proposed anything better yet. 

I strongly disagree with your "zero risk of plain text attack". There are folks here, with money, whose sole goal is to break our encryption.  

 Since anyone can see the time a Nostr event was created, they can use the created_at field to find the two users (or all of the users in a group) that are messaging each other at any second. Do this over time and you can see which keys talks to which other keys. 

Without randomizing time, anyone would have been able to rebuild the same metadata leaks as nip04. 

 Blocking time-collision attacks is more important than downloading 2-days worth of events. 

 I can barely keep Android up to speed. But If somebody wants to lead the desktop version, we can work in the same codebase.  

 Its because users don't even see when that happens, but for instance Android allows one app to pull notifications regularly and broadcast them locally to all apps for processing and display. That's how any notification works on Android.  

 Yeah, I will never recommend any laptop for Android development. Just buy a dev PC (memory and CPU). 

 Never tested multiple accounts with Amber, but it should work. 🤔 

 Options are almost always bad for users. The app is supposed to offer the best way to use it out of the box.  

 That's exactly what I meant. Most things in software are easy to do, but create annoyances that when stacked make people give up on the app itself.  

 I don't think so, but nostr:nprofile1qqs827g8dkd07zjvlhh60csytujgd3l9mz7x807xk3fewge7rwlukxgpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszrnhwden5te0dehhxtnvdakz7qgswaehxw309ahx7um5wghx6mmd9usjfpck can make it.  

 Sure, but option to choose a client is not the same of multiple options within the same client. 

Amethyst could have had over 1000 different options by now. We just can't design all those screens.  

 Nice!  

 It also simplifies your life, since you don't need to code rendering and in-notification replies for every single event kind out there.  

 Hopefully, Amber can now deleta that online code and stay completely offline, for the safety of the key.  

 Yep, super common on Android. Broadcasting is protected by Android in these OS killing stuff 

 Ohh interesting 🤔 

 Need to figure out how to add those settings to pokey automatically  

 I need a single click deploy. Too much to do.. :(  

 Can you do a heroku-ready script?

I just keep forking repos and linking them with automated deployment on heroku :)  

 I will take any other similar service. I heard shipping VPSs is better, but I don't know what gives me similar maintenance tools as heroku. 

 nostr:nprofile1qqsxg45ph8gx0vdrvtzta6xal7v86frx6jvstsnvhrlvtehmwwh4epqpzemhxue69uhk2er9dchxummnw3ezumrpdejz7qg7waehxw309ahx7um5wgkhqatz9emk2mrvdaexgetj9ehx2ap0qydhwumn8ghj7mn0wd68ytnnv968xarjv9kxjcfwvdhk6tc79x08a is the shit. 🚀 

 New push notification client. Unreleased yet  

 Yeah, it feels great! Very different architecture than Amethyst.  

 If we want to have one app for each little thing, we will have to install 100s of apps to do the work of a super app. The only way to do that is by having a bundle of apps you can install with a single click.  

 App bundles are the only way to make a micro app ecosystem work. 
nostr:nevent1qqsp9haxyn6afk9vau4jgptxcupv4nphc9n7jku0lqsjgrxdnlfs6xcprfmhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5hsygqh2wxu9f38d8gfgsl33smuhc6cl26mh7vpzu6592nutlchrmthcspsgqqqqqqs4gxl9u 

 OMG!!! Pokey is the name!!! 
nostr:nevent1qqs0ns866jnfdz5p8rfj6f6t6zpwrc5csq7pwv7ws9wu8qmtv5cx8dspzdmhxue69uhhwmm59e6hg7r09ehkuef0qgsxg45ph8gx0vdrvtzta6xal7v86frx6jvstsnvhrlvtehmwwh4epqrqsqqqqqpclrgas 

 Tested 

 Yep, i placed a regular event as a nostr:nembed1... uri and send it inside gmail. Then a small extension decodes, verifies, decrypts and replaces the URI with the contents of the event.  

 yep, but with a social network of trusted keys you already know behind it 

 true, but maybe this starts the process of adding privacy to emails since you can also attach an encrypted Nostr DM to it.  

 all of them 

 We could also tweet on X in this way. Since they don't provide any security, we can solve it ourselves.
nostr:nevent1qqstmvhvyl5stxg2t4zkw3f4cne6pl2wggqau2fhd5c6qns4wct74dspzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tczyprqcf0xst760qet2tglytfay2e3wmvh9asdehpjztkceyh0s5r9cqcyqqqqqqg6jjzyg 

 Yep, but with your trusted Nostr keys.  

 I don't know your PGP key. I know your Nostr key. 

PGP is cool, but there is no social network for users to trust keys.  

 Super easy. 

 They didn't have a social network to check the key.  :)  

 Yeah, this is something I want to do. The apps "Home" should just be a list of feeds + DMs together. 

The only confusing part is to prepare the user to see a feed or a chat depending on the item he/she clicks on.

nostr:nprofile1qqs04xzt6ldm9qhs0ctw0t58kf4z57umjzmjg6jywu0seadwtqqc75sprfmhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5hsz9thwden5te0wfjkccte9ejxzmt4wvhxjme0qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0y8qdrm 

 Shall we put some of them that you follow in the top bar? 

Today they follow the same view as a thread, which requires you to go back to before accessing the bottom buttons.  

 If Brazilians are here, I can guarantee you we are late. At least half an hour late. 

 Lots of Bitcoin contracts https://github.com/block-core/bcips/blob/main/bcip-0005.md 

 as a hidden word? 

 I just tested and it seems to work. So, I am confused.  

 It's not supposed to. What did you add to the mute words? Does it show up in your muted lists? 

 ohhh it's because they are not writing the tag in the message itself.. the hashtag is only added to the tags in the Nostr event 🙄.  

 Yes, but only removed the posts that had the tags written in them,Ike your screenshot.  

 hum... do you run both of them side by side? 

I see people swapping them here and there and that's why they use the same id (so that they can update without having to uninstall) 

 leads to the conclusion that d-tags should have been root fields and not tags at all. 

 "unique_by" would have been a great name. 

 Not necessarily. 

Also, many relays don't implement expirations. So, it doesn't really solve much. 

 TODO is quite literally "I am not doing this shit". 

 Is your Outbox accepting 10002 events and saving them or just rejecting them all the time? 

We have an auto-update tool that if a relay sends an event that is older than what the app has, the app replies with the newer event. If the relay does not accept the newer event but still has the old one, the app will continuing blasting the relay until it updates it because having outdated info is terrible for these types of events. 

 Instead of being one NFTY push for every Nostr app in your phone, which requires downloading the same event multiple times, this new app keeps just one service, one push and once it downloads, the app broadcasts to all Nostr apps installed. 

 FYI, this is true for any replaceable event. If the relay sends an outdated event, the app will immediately send a new version if the app has one. 

For relays, the recommendation is to either always accept replaceable event updates, even if people are not paying anymore, OR delete old versions from your database. 

 Some of them are massive (20+) relays because some clients just import everything from kind3 automatically. We need to find a way to discourage that.  

 Your 10002 is signed by your own key, but we download 10002s of the authors of every like, zap, post, reply, report, edit + every pubkey mention in any post. So, for each post that appears in the screen, there is likely a 1-100 10002s from other folks being downloaded. 

 No, it only reverts back to the relay that sent the outdated event. So, this usually only happens when somebody had permissions to insert, the relay received a bunch of 10002s and then the relay closed that permission.

That being said, I would keep a copy of everybody's 10002s in my outboxes because it helps clients figure out where to send things if your relay has seen them before. 

 ohhh I just logged into your relay and it sent ALL the past versions of your own 10002 events. There are 44 10002 events coming down to Amethyst just for yourself. For each one of the 43 outdated events, Amethyst replies with the new one. 

nostr:nprofile1qqsw9n8heusyq0el9f99tveg7r0rhcu9tznatuekxt764m78ymqu36cpz4mhxue69uhhyetvv9ujuat50phjummwv5hszymhwden5te0wahhgtn4w3ux7tn0dejj7qg4waehxw309an8yetwwvh82arcduhx7mn99uuwx66a something is wrong with haven's replaceable code. A filter by kind 10002 should only return the latest event, not all versions.

You can test it here: https://lightningk0ala.github.io/nostr-wtf/query

with filter: [{"kinds": [10002]}] 

 The issue with UP is that any relay that requires AUTH cannot be used because the online service to push events down via UP doesn't know your nsec. So, things like private inbox for DMs cannot be seen and thus you will never see DM notifications unless you use a public server, which is a privacy nightmare.