I was thinking in the context of nips 41 and 109, and around how to improve key safety. Imo master key should never touch a mobile device - if you don’t let the master key touch a mobile device or other low trust environment, but you do let a child key, then if you expose your xpub, it undermines the whole security model of having a well protected master key.
What’s the status of subkeys / revocations on nostr? Was the idea killed? Doesn’t feel right to not have a way to revoke a compromised key or the ability to use subkeys signed by a master key. I imagine the conversation happened somewhere, just not sure where… anyone have a link?
I was just doing some testing on mobile nostr clients and it seems some don’t delete the npriv when the app is deleted. Please fix this if your client has this issue. @primal is one example.
Seems like a good moment to share this since GitHub is down. There are open source alternatives to GitHub like Codeberg and self hosted options like Forgejo and Gitea. In the spirit of decentralization and OSS let’s try to ditch M$ products.
Is anyone in Canada looking to grab Ergodox blank key caps? I bought them by accident instead of the ones for a Moonlander. Can sell them for CAD $80 + shipping.
Definitely! One thing that’s been bugging me is the tribalism I sometimes see on nostr. We need a welcoming environment, not a condescending one. Let’s get more peeps in here 🫂
It’s a good idea. AI will keep getting better. It will become very difficult to distinguish reality from AI generated soon and in some cases it’s already tricky to tell them apart.
If you want to help build an off-grid and decentralized mesh network, check out https://meshtastic.org/
For $30-$100 you can get a node that has excellent range (sometimes up to 100km), and it doesn’t require a HAM license.
We have done a great job decentralizing quite a few things, and this is a great way to do the same for our infra.
Check out nodes globally using this map: https://meshmap.net/
I recommend this hardware: https://shop.uniteng.com/product/meshtastic-mesh-device-station-edition/
I officially kicked Twitter today in the interest of supporting OSS and decentralization. I unfollowed everyone on there and pointed to Nostr and Mastodon.
Has anyone had success bridging Mastodon and Nostr? I came across Mostr but so far it isn’t working well. Seems like it would be a big win if we can integrate these networks more.
Maybe but at least it’s federated, and we can annex users from there. They are a perfect target for upgrading to nostr, and atm they have a stronger/larger community so finding a way to bridge them over is a win.
There are a lot of ideologically aligned people on Mastodon that left Twitter for a good reason. Showing them a better alternative would be great. I want people to have choice. If a subset of those users want to create their own relays and socialist them up - let them.
Outside of that, most of the infosec community moved there and I like to have access to that info as it’s relevant to my work so that’s a very practical issue for me. I’d rather have the problem of having to curate than not having the data available where I want it.
Basically the entire infosec community moved from twitter to mastodon, so I’m not sure where you were looking.
But anyways, you don’t think making it easier for users from another platform to come here by making integrations across them is a good idea?
Btw I’m not trying to have a discussion with you about which protocol/platform is superior, we agree on that.
Just cut a new release of StageX. It’s a fully bootstrapped build toolchain focused on determinism/reproducibility.
https://codeberg.org/stagex/stagex
Best use cases are high risk environments where you want all of the software used multi reproduced with minimal deps, but you can use it anywhere you like, for example as a drop in replacement for alpine rust - which there is a nice example for in the readme.
Why do so many companies feel it’s okay to leak their user emails through the signup flow? AWS Cognito actually has this issue baked into their product.
https://m.primal.net/Jjil.jpg
Heyo, thanks for the nice welcome! Unfortunately I only made it to 60k steps because my right foot got injured last week and that flamed up again but I’ll try again in a few months!
We just released StageX, a containerized software build root, 100% auditable and deterministic, bootstrapped from 256-bytes of assembly. Every package is built, attested, and signed by multiple independent builders, and of course everything is open source.
https://codeberg.org/stagex/stagex
Oddbean new post about login | logout
Notes by anton | export